HANA-Firewall
- Missing SCR Agent for reading and writing /etc/sysconfig/hana-firewall from yast2
  (bsc#1210981)
Mesa
- U_ReturnME.patch
  * fixes blackscreen in Return To Monkey Island on Intel graphics
    (boo#1208145)
SAPHanaSR
- Version bump to 0.162.1
  * fix for SAPHanaTopology failing with error code 1
    (OCF_ERR_GENERIC) during a normal stop action
    (bsc#1207466)
  * set srhook attribute to PRIM during a probe so that we do not
    need to wait for the first srConnectionChanged() to set the
    attribute
    (bsc#1205535)
- Version bump to 0.162.0
  * add improvements from SAP to the RA scripts regarding the
    handling of the SAP tools 'HDB version', 'HDBSettings.sh' and
    'pycd' and the SAPHana log filter handling
    (jsc#PED-1739, jsc#PED-2608)
  * fix for SAPHanaSR-monitor reporting "/LPA status of one node is
    missing"/
    (bsc#1192963, bsc#1203973)
  * SAPHanaSRTools.pm: shows terminate node attribute too
- remove patch:
    0001-bsc-1192963.patch
autofs
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
  Fix off-by-one error in recursive map handling. (bsc#1209653)
autoyast2
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.4.45
- Properly install the selected products, do not lose them after
  resetting the package manager internally (bsc#1202234)
- 4.4.44
- Add needed packages for kdump even when kdump section is not
  defined if product enable kdump by default (bsc#1204180)
- 4.4.43
- Add support for security policies validation (jsc#SLE-24764).
- 4.4.42
avahi
- Add avahi-CVE-2023-1981.patch: emit error if requested service
  is not found (boo#1210328 CVE-2023-1981).
- switch to use _multibuild
- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete
- use https urls
aws-cli
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Update to version 1.27.89
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.89/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.78
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.78/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.71
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.71/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.66
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.66/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.60
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.60/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.58
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.58/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.52
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.52/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.41
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.41/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.26
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.26/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.21
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.21/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.8
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.8/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.27.2
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.27.2/CHANGELOG.rst
- Relax upper version constraint for python-colorama in
  BuildRequires and Requires to 0.5.0 (bsc#1204917)
- Update Requires in spec file from setup.py
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to version 1.26.0
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.26.0/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.91
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.91/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.85
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.85/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.76
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.76/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.72
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.72/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.64
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.64/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.60
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.60/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.55
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.55/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.45
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.45/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.37
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.37/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.20
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.20/CHANGELOG.rst
- Update Requires in spec file from setup.py
- Update to version 1.25.2
  + For detailed changes see
    https://github.com/aws/aws-cli/blob/1.25.2/CHANGELOG.rst
- Update Requires in spec file from setup.py
bash-completion
- Add patch fix-curl-help-completion-bsc1200791.patch (bsc#1200791)
  * List all options for `curl --<TAB>`
bind
- Update to release 9.16.42
  Security Fixes:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit. (CVE-2023-2828)
  * A query that prioritizes stale data over lookup triggers a
    fetch to refresh the stale data in cache. If the fetch is
    aborted for exceeding the recursion quota, it was possible for
    named to enter an infinite callback loop and crash due to stack
    overflow. This has been fixed. (CVE-2023-2911)
  Bug Fixes:
  * Previously, it was possible for a delegation from cache to be
    returned to the client after the stale-answer-client-timeout
    duration. This has been fixed.
  [bsc#1212544, bsc#1212567, jsc#SLE-24600]
- Update to release 9.16.41
  Bug Fixes:
  * When removing delegations from an opt-out range,
    empty-non-terminal NSEC3 records generated by those delegations
    were not cleaned up. This has been fixed.
  [jsc#SLE-24600]
- Update to release 9.16.40
  Bug Fixes:
  * Logfiles using timestamp-style suffixes were not always
    correctly removed when the number of files exceeded the limit
    set by versions. This has been fixed for configurations which
    do not explicitly specify a directory path as part of the file
    argument in the channel specification.
  * Performance of DNSSEC validation in zones with many DNSKEY
    records has been improved.
- Update to release 9.16.39
  Feature Changes:
  * libuv support for receiving multiple UDP messages in a single
    recvmmsg() system call has been tweaked several times between
    libuv versions 1.35.0 and 1.40.0; the current recommended libuv
    version is 1.40.0 or higher. New rules are now in effect for
    running with a different version of libuv than the one used at
    compilation time. These rules may trigger a fatal error at
    startup:
  - Building against or running with libuv versions 1.35.0 and
    1.36.0 is now a fatal error.
  - Running with libuv version higher than 1.34.2 is now a
    fatal error when named is built against libuv version
    1.34.2 or lower.
  - Running with libuv version higher than 1.39.0 is now a
    fatal error when named is built against libuv version
    1.37.0, 1.38.0, 1.38.1, or 1.39.0.
  * This prevents the use of libuv versions that may trigger an
    assertion failure when receiving multiple UDP messages in a
    single system call.
  Bug Fixes:
  * named could crash with an assertion failure when adding a new
    zone into the configuration file for a name which was already
    configured as a member zone for a catalog zone. This has been
    fixed.
  * When named starts up, it sends a query for the DNSSEC key for
    each configured trust anchor to determine whether the key has
    changed. In some unusual cases, the query might depend on a
    zone for which the server is itself authoritative, and would
    have failed if it were sent before the zone was fully loaded.
    This has now been fixed by delaying the key queries until all
    zones have finished loading.
  [jsc#SLE-24600]
- Update to release 9.16.38
  Bug Fixes:
  * A constant stream of zone additions and deletions via rndc
    reconfig could cause increased memory consumption due to
    delayed cleaning of view memory. This has been fixed.
  * The speed of the message digest algorithms (MD5, SHA-1, SHA-2),
    and of NSEC3 hashing, has been improved.
  * Building BIND 9 failed when the --enable-dnsrps switch for
    ./configure was used. This has been fixed.
  [jsc#SLE-24600]
- Updated keyring and signature
- Update to release 9.16.37
  Security Fixes:
  * An UPDATE message flood could cause named to exhaust all
    available memory. This flaw was addressed by adding a new
    update-quota option that controls the maximum number of
    outstanding DNS UPDATE messages that named can hold in a queue
    at any given time (default: 100). (CVE-2022-3094)
  * named could crash with an assertion failure when an RRSIG query
    was received and stale-answer-client-timeout was set to a
    non-zero value. This has been fixed. (CVE-2022-3736)
  * named running as a resolver with the
    stale-answer-client-timeout option set to any value greater
    than 0 could crash with an assertion failure, when the
    recursive-clients soft quota was reached. This has been fixed.
    (CVE-2022-3924)
  New Features:
  * The new update-quota option can be used to control the number
    of simultaneous DNS UPDATE messages that can be processed to
    update an authoritative zone on a primary server, or forwarded
    to the primary server by a secondary server. The default is
    100. A new statistics counter has also been added to record
    events when this quota is exceeded, and the version numbers for
    the XML and JSON statistics schemas have been updated.
  Feature Changes:
  * The Differentiated Services Code Point (DSCP) feature in BIND
    has been deprecated. Configuring DSCP values in named.conf now
    causes a warning to be logged. Note that this feature has only
    been partly operational since the new Network Manager was
    introduced in BIND 9.16.0.
  * The catalog zone implementation has been optimized to work with
    hundreds of thousands of member zones.
  Bug Fixes:
  * In certain query resolution scenarios (e.g. when following
    CNAME records), named configured to answer from stale cache
    could return a SERVFAIL response despite a usable, non-stale
    answer being present in the cache. This has been fixed.
  [bsc#1207471, bsc#1207473, bsc#1207475, jsc#SLE-24600]
- Update to release 9.16.36
  Feature Changes:
  * The auto-dnssec option has been deprecated and will be removed
    in a future BIND 9.19.x release. Please migrate to
    dnssec-policy.
  Bug Fixes:
  * When a catalog zone was removed from the configuration, in some
    cases a dangling pointer could cause the named process to
    crash.
  * When a zone was deleted from a server, a key management object
    related to that zone was inadvertently kept in memory and only
    released upon shutdown. This could lead to constantly
    increasing memory use on servers with a high rate of changes
    affecting the set of zones being served.
  * In certain cases, named waited for the resolution of
    outstanding recursive queries to finish before shutting down.
  * The zone <name>/<class>: final reference detached log message
    was moved from the INFO log level to the DEBUG(1) log level to
    prevent the named-checkzone tool from superfluously logging
    this message in non-debug mode.
  [jsc#SLE-24600]
- Update to release 9.16.35
  Bug Fixes:
  * A crash was fixed that happened when a dnssec-policy zone that
    used NSEC3 was reconfigured to enable inline-signing.
  * In certain resolution scenarios, quotas could be erroneously
    reached for servers, including any configured forwarders,
    resulting in SERVFAIL answers being sent to clients.
  * rpz-ip rules in response-policy zones could be ineffective in
    some cases if a query had the CD (Checking Disabled) bit set to
    1.
  * Previously, if Internet connectivity issues were experienced
    during the initial startup of named, a BIND resolver with
    dnssec-validation set to auto could enter into a state where it
    would not recover without stopping named, manually deleting the
    managed-keys.bind and managed-keys.bind.jnl files, and starting
    named again.
  * The statistics counter representing the current number of
    clients awaiting recursive resolution results (RecursClients)
    could overflow in certain resolution scenarios.
  * Previously, BIND failed to start on Solaris-based systems with
    hundreds of CPUs.
  * When a DNS resource record’s TTL value was equal to the
    resolver’s configured prefetch “eligibility” value, the record
    was erroneously not treated as eligible for prefetching.
  [jsc#SLE-24600]
- Update to release 9.16.34
  New Features:
  * Support for parsing and validating the dohpath service
    parameter in SVCB records was added.
  * named now logs the supported cryptographic algorithms during
    startup and in the output of named -V.
  Bug Fixes:
  * Changing just the TSIG key names for primaries in catalog
    zones’ member zones was not effective. This has been fixed.
  Known Issues:
  * Upgrading from BIND 9.16.32 or any older version may require a
    manual configuration change. The following configurations are
    affected:
  - type primary zones configured with dnssec-policy but without
    either allow-update or update-policy,
  - type secondary zones configured with dnssec-policy.
    In these cases please add inline-signing yes; to the individual
    zone configuration(s). Without applying this change, named will
    fail to start. For more details, see
    https://kb.isc.org/docs/dnssec-policy-requires-dynamic-dns-or-inline-signing
  [jsc#SLE-24600]
c-ares
- Update to version 1.19.1
  Security:
  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
    (bsc#1211604)
  * CVE-2023-31147 Moderate. Insufficient randomness in generation
    of DNS query IDs (bsc#1211605)
  * CVE-2023-31130. Moderate. Buffer Underwrite in
    ares_inet_net_pton() (bsc#1211606)
  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
    during cross compilation (bsc#1211607)
  Bug fixes:
  * Fix uninitialized memory warning in test
  * ares_getaddrinfo() should allow a port of 0
  * Fix memory leak in ares_send() on error
  * Fix comment style in ares_data.h
  * Fix typo in ares_init_options.3
  * Sync ax_pthread.m4 with upstream
  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
    (bsc#1208067, CVE-2022-4904)
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
  * Allow '/' as a valid character for a returned name for
    CNAME in-addr.arpa delegation
  * no longer forwards requests for localhost resolution per RFC6761
  * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
    that the search process will continue to the next domain
    in the search.
  * Provide ares_nameser.h as a public interface as needed by NodeJS
  * Add support for URI(Uniform Resource Identifier) records via
    ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
  unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
  Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
    it would cause a crash
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
  for details see,
  https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
    Travis: add iOS target built with CMake (#378)
    Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
  - fix build
    External projects were using non-public header ares_dns.h, make public again (#376)
    It appears some outside projects were relying on macros in ares_dns.h, even
    though it doesn't appear that header was ever meant to be public.  That said,
    we don't want to break external integrators so we should distribute this header
    again.
  - note that so versioning has moved to configure.ac
  - note about 1.17.1
  - fix sed gone wrong
    autotools cleanup (#372)
  * buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
ca-certificates-mozilla
- Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622)
  Removed CAs:
  - Global Chambersign Root
  - EC-ACC
  - Network Solutions Certificate Authority
  - Staat der Nederlanden EV Root CA
  - SwissSign Platinum CA - G2
  Added CAs:
  - DIGITALSIGN GLOBAL ROOT ECDSA CA
  - DIGITALSIGN GLOBAL ROOT RSA CA
  - Security Communication ECC RootCA1
  - Security Communication RootCA3
  Changed trust:
  - TrustCor certificates only trusted up to Nov 30 (bsc#1206212)
- Removed CAs (bsc#1206212) as most code does not handle "/valid before nov 30 2022"/
  and it is not clear how many certs were issued for SSL middleware by TrustCor:
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
  Patch: remove-trustcor.patch
catatonit
- Update to catatont v0.1.7
- This release adds the ability for catatonit to be used as the only
  process in a pause container, by passing the -P flag (in this mode no
  subprocess is spawned and thus no signal forwarding is done).
- Add 99bb9048f.patch: configure.ac: call AM_INIT_AUTOMAKE only
  once. Fix build with autocnf 2.71 / automake 1.16.5.
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
  socket activation or features somewhat adjacent to socket activation (such as
  passing file descriptors).
- Update catatonit-rpmlintrc in order to cover that static binaries are now an
  error not a warning.
cloud-init
- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
  + Add hidesensitivedata
  + Add cloud-init-cve-2023-1786-redact-inst-data.patch
  + Do not expose sensitive data gathered from the CSP
- Update to version 23.1
  + Remove patches included upstream:
  - cloud-init-btrfs-queue-resize.patch
  - cloud-init-micro-is-suse.patch
  - cloud-init-suse-afternm.patch
  - cloud-init-prefer-nm.patch
  - cloud-init-transact-up.patch
  + Forward port
  - cloud-init-write-routes.patch
  + Added
  - cloud-init-fix-ca-test.patch
  + Support transactional-updates for SUSE based distros (#1997)
    [Robert Schweikert]
  + Set ownership for new folders in Write Files Module (#1980)
    [Jack] (LP: #1990513)
  + add OpenCloudOS and TencentOS support (#1964) [wynnfeng]
  + lxd: Retry if the server isn't ready (#2025)
  + test: switch pycloudlib source to pypi (#2024)
  + test: Fix integration test deprecation message (#2023)
  + Recognize opensuse-microos, dev tooling fixes [Robert Schweikert]
  + sources/azure: refactor imds handler into own module (#1977)
    [Chris Patterson]
  + docs: deprecation generation support [1/2] (#2013)
  + add function is_virtual to distro/FreeBSD (#1957) [Mina Galić]
  + cc_ssh: support multiple hostcertificates (#2018) (LP: #1999164)
  + Fix minor schema validation regression and fixup typing (#2017)
  + doc: Reword user data debug section (#2019)
  + Overhaul/rewrite of certificate handling as follows: (#1962)
    [dermotbradley] (LP: #1931174)
  + disk_setup: use byte string when purging the partition table (#2012)
    [Stefan Prietl]
  + cli: schema also validate vendordata*.
  + ci: sort and add checks for cla signers file [Stefan Prietl]
  + Add "/ederst"/ as contributor (#2010) [Stefan Prietl]
  + readme: add reference to packages dir (#2001)
  + docs: update downstream package list (#2002)
  + docs: add google search verification (#2000) [s-makin]
  + docs: fix 404 render use default notfound_urls_prefix in RTD conf (#2004)
  + Fix OpenStack datasource detection on bare metal (#1923)
    [Alexander Birkner] (LP: #1815990)
  + docs: add themed RTD 404 page and pointer to readthedocs-hosted (#1993)
  + schema: fix gpt labels, use type string for GUID (#1995)
  + cc_disk_setup: code cleanup (#1996)
  + netplan: keep custom strict perms when 50-cloud-init.yaml exists
  + cloud-id: better handling of change in datasource files
    [d1r3ct0r] (LP: #1998998)
  + tests: Remove restart check from test
  + Ignore duplicate macs from mscc_felix and fsl_enetc (LP: #1997922)
  + Warn on empty network key (#1990)
  + Fix Vultr cloud_interfaces usage (#1986) [eb3095]
  + cc_puppet: Update puppet service name (#1970) [d1r3ct0r] (LP: #2002969)
  + docs: Clarify networking docs (#1987)
  + lint: remove httpretty (#1985) [sxt1001]
  + cc_set_passwords: Prevent traceback when restarting ssh (#1981)
  + tests: fix lp1912844 (#1978)
  + tests: Skip ansible test on bionic (#1984)
  + Wait for NetworkManager (#1983) [Robert Schweikert]
  + docs: minor polishing (#1979) [s-makin]
  + CI: migrate integration-test to GH actions (#1969)
  + Fix permission of SSH host keys (#1971) [Ron Gebauer]
  + Fix default route rendering on v2 ipv6 (#1973) (LP: #2003562)
  + doc: fix path in net_convert command (#1975)
  + docs: update net_convert docs (#1974)
  + doc: fix dead link
  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
    (#1967) [Emanuele Giuseppe Esposito]
  + distros/rhel.py: _read_hostname() missing strip on "/hostname"/ (#1941)
    [Mark Mielke]
  + integration tests: add  IBM VPC support (SC-1352) (#1915)
  + machine-id: set to uninitialized to trigger regeneration on clones
    (LP: #1999680)
  + sources/azure: retry on connection error when fetching metdata (#1968)
    [Chris Patterson]
  + Ensure ssh state accurately obtained (#1966)
  + bddeb: drop dh-systemd dependency on newer deb-based releases [d1r3ct0r]
  + doc: fix `config formats` link in cloudsigma.rst (#1960)
  + Fix wrong subp syntax in cc_set_passwords.py (#1961)
  + docs: update the PR template link to readthedocs (#1958) [d1r3ct0r]
  + ci: switch unittests to gh actions (#1956)
  + Add mount_default_fields for PhotonOS. (#1952) [Shreenidhi Shedi]
  + sources/azure: minor refactor for metadata source detection logic
    (#1936) [Chris Patterson]
  + add "/CalvoM"/ as contributor (#1955) [d1r3ct0r]
  + ci: doc to gh actions (#1951)
  + lxd: handle 404 from missing devices route for LXD 4.0 (LP: #2001737)
  + docs: Diataxis overhaul (#1933) [s-makin]
  + vultr: Fix issue regarding cache and region codes (#1938) [eb3095]
  + cc_set_passwords: Move ssh status checking later (SC-1368) (#1909)
    (LP: #1998526)
  + Improve Wireguard module idempotency (#1940) [Fabian Lichtenegger-Lukas]
  + network/netplan: add gateways as on-link when necessary (#1931)
    [Louis Sautier] (LP: #2000596)
  + tests: test_lxd assert features.networks.zones when present (#1939)
  + Use btrfs enquque when available (#1926) [Robert Schweikert]
  + sources/azure: drop description for report_failure_to_fabric() (#1934)
    [Chris Patterson]
  + cc_disk_setup.py: fix MBR single partition creation (#1932)
    [dermotbradley] (LP: #1851438)
  + Fix typo with package_update/package_upgrade (#1927) [eb3095]
  + sources/azure: fix device driver matching for net config (#1914)
    [Chris Patterson]
  + BSD: fix duplicate macs in Ifconfig parser (#1917) [Mina Galić]
  + test: mock dns calls (#1922)
  + pycloudlib: add lunar support for integration tests (#1928)
  + nocloud: add support for dmi variable expansion for seedfrom URL
    (LP: #1994980)
  + tools: read-version drop extra call to git describe --long
  + doc: improve cc_write_files doc (#1916)
  + read-version: When insufficient tags, use cloudinit.version.get_version
  + mounts: document weird prefix in schema (#1913)
  + add utility function test cases (#1910) [sxt1001]
  + test: mock file deletion in dhcp tests (#1911)
  + Ensure network ready before cloud-init service runs on RHEL (#1893)
    (LP: #1998655)
  + docs: add copy button to code blocks (#1890) [s-makin]
  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
  + azure: fix support for systems without az command installed (#1908)
  + Networking Clarification (#1892)
  + Fix the distro.osfamily output problem in the openEuler system. (#1895)
    [sxt1001] (LP: #1999042)
  + pycloudlib: bump commit dropping azure api smoke test
  + net: netplan config root read-only as wifi config can contain creds
  + autoinstall: clarify docs for users
  + sources/azure: encode health report as utf-8 (#1897) [Chris Patterson]
  + Add back gateway4/6 deprecation to docs (#1898)
  + networkd: Add support for multiple [Route] sections (#1868)
    [Nigel Kukard]
  + doc: add qemu tutorial (#1863)
  + lint: fix tip-flake8 and tip-mypy (#1896)
  + Add support for setting uid when creating users on FreeBSD (#1888)
    [einsibjarni]
  + Fix exception in BSD networking code-path (#1894) [Mina Galić]
  + Append derivatives to is_rhel list in cloud.cfg.tmpl (#1887) [Louis Abel]
  + FreeBSD init: use cloudinit_enable as only rcvar (#1875) [Mina Galić]
  + feat: add support aliyun metadata security harden mode (#1865)
    [Manasseh Zhou]
  + docs: uprate analyze to performance page [s-makin]
  + test: fix lxd preseed managed network config (#1881)
  + Add support for static IPv6 addresses for FreeBSD (#1839) [einsibjarni]
  + Make 3.12 failures not fail the build (#1873)
  + Docs: adding relative links [s-makin]
  + Update read-version
  + Fix setup.py to align with PEP 440 versioning replacing trailing
  + travis: promote 3.11-dev to 3.11 (#1866)
  + test_cloud_sigma: delete useless test (#1828) [sxt1001]
  + Add "/nkukard"/ as contributor (#1864) [Nigel Kukard]
  + tests: ds-id mocks for vmware-rpctool as utility may not exist in env
  + doc: add how to render new module doc (#1855)
  + doc: improve module creation explanation (#1851)
  + Add Support for IPv6 metadata to OpenStack (#1805)
    [Marvin Vogt] (LP: #1906849)
  + add xiaoge1001 to .github-cla-signers (#1854) [sxt1001]
  + network: Deprecate gateway{4,6} keys in network config v2 (#1794)
    (LP: #1992512)
  + VMware: Move Guest Customization transport from OVF to VMware (#1573)
    [PengpengSun]
  + doc: home page links added (#1852) [s-makin]
  From 22.4.2
  + status: handle ds not defined in status.json (#1876) (LP: #1997559)
  From 22.4.1
  + net: skip duplicate mac check for netvsc nic and its VF (#1853)
    [Anh Vo] (LP: #1844191)
  + ChangeLog: whitespace cleanup (#1850)
  + changelog: capture 22.3.1-4 releases
- Add cloud-init-transact-up.patch to support transactional-updates
- Add cloud-init-prefer-nm.patch
  + Prefer NetworkManager of sysconfig when available
- Update to version 22.4
  + Remove patches included upstream:
  - cloud-init-vmware-test.patch
  - cloud-init-sysctl-not-in-bin.patch
  + Forward port:
  - cloud-init-write-routes.patch
  - cloud-init-break-resolv-symlink.patch
  - cloud-init-sysconf-path.patch
  - cloud-init-no-tempnet-oci.patch
  + Add cloud-init-btrfs-queue-resize.patch (bsc#1171511)
  + Add cloud-init-micro-is-suse.patch (bsc#1203393) [Martin Petersen]
  + Add cloud-init-suse-afternm.patch
  + test: fix pro integration test [Alberto Contreras]
  + cc_disk_setup: pass options in correct order to utils (#1829)
    [dermotbradley]
  + tests: text_lxd basic_preseed verify_clean_log (#1826)
  + docs: switch sphinx theme to furo (SC-1327) (#1821) [Alberto Contreras]
  + tests: activate Ubuntu Pro tests (only on Jenkins) (#1777)
    [Alberto Contreras]
  + tests: test_lxd assert features.storage.buckets when present (#1827)
  + tests: replace missed ansible install-method with underscore (#1825)
  + tests: replace ansible install-method with underscore
  + ansible: standardize schema keys
  + ci: run json tool on 22.04 rather than 20.04 (#1823)
  + Stop using devices endpoint for LXD network config (#1819)
  + apport: address new curtin log and config locations (#1812)
  + cc_grub: reword docs for clarity (#1818)
  + tests: Fix preseed test (#1820)
  + Auto-format schema (#1810)
  + Ansible Control Module (#1778)
  + Fix last reported event possibly not being sent (#1796) (LP: #1993836)
  + tests: Ignore unsupported lxd project keys (#1817) [Alberto Contreras]
  + udevadm settle should handle non-udev system gracefully (#1806)
    [dermotbradley]
  + add mariner support (#1780) [Minghe Ren]
  + Net: add BSD ifconfig(8) parser and state class (#1779) [Mina Galić]
  + adding itjamie to .github-cla-signers [Jamie (Bear) Murphy]
  + Fix inconsistency between comment and statement (#1809) [Guillaume Gay]
  + Update .github-cla-signers (#1811) [Guillaume Gay]
  + alpine.py: Add Alpine-specific manage_service function and update tests
    (#1804) [dermotbradley]
  + test: add 3.12-dev to Travis CI (#1798) [Alberto Contreras]
  + add NWCS datasource (#1793) [shell-skrimp]
  + Adding myself as CLA signer (#1799) [s-makin]
  + apport: fix some data collection failures due to symlinks (#1797)
    [Dan Bungert]
  + read-version: Make it compatible with bionic (#1795) [Alberto Contreras]
  + lxd: add support for lxd preseed config(#1789)
  + Enable hotplug for LXD datasource (#1787)
  + cli: collect logs and apport subiquity support
  + add support for Container-Optimized OS (#1748) [vteratipally]
  + test: temporarily disable failing integration test (#1792)
  + Fix LXD/nocloud detection on lxd vm tests (#1791)
  + util: Implement __str__ and __iter__ for Version (#1790)
  + cc_ua: consume ua json api for enable commands [Alberto Contreras]
  + Add clarity to cc_final_message docs (#1788)
  + cc_ntp: add support for BSDs (#1759) [Mina Galić] (LP: #1990041)
  + make Makefile make agnostic (#1786) [Mina Galić]
  + Remove hardcoding and unnecessary overrides in Makefile (#1783)
    [Joseph Mingrone]
  + Add my username (Jehops) to .github-cla-signers (#1784) [Joseph Mingrone]
  + Temporarily remove broken test (#1781)
  + Create reference documentation for base config
  + cc_ansible: add support for galaxy install (#1736)
  + distros/manage_services: add support to disable service (#1772)
    [Mina Galić] (LP: #1991024)
  + OpenBSD: remove pkg_cmd_environ function (#1773)
    [Mina Galić] (LP: 1991567)
  + docs: Correct typo in the FAQ (#1774) [Maximilian Wörner]
  + tests: Use LXD metadata to determine NoCloud status (#1776)
  + analyze: use init-local as start of boot record (#1767) [Chris Patterson]
  + docs: use opensuse for distro name in package doc (#1771)
  + doc: clarify packages as dev only (#1769) [Alberto Contreras]
  + Distro manage service: Improve BSD support (#1758)
    [Mina Galić] (LP: #1990070)
  + testing: check logs for critical errors (#1765) [Chris Patterson]
  + cc_ubuntu_advantage: Handle already attached on Pro [Alberto Contreras]
  + doc: Add configuration explanation (SC-1169)
  + Fix Oracle DS primary interface when using IMDS (#1757) (LP: #1989686)
  + style: prefer absolute imports over relative imports [Mina Galić]
  + tests: Fix ip log during instance destruction (#1755) [Alberto Contreras]
  + cc_ubuntu_advantage: add ua_config in auto-attach [Alberto Contreras]
  + apt configure: sources write/append mode (#1738)
    [Fabian Lichtenegger-Lukas]
  + networkd: Add test and improve typing. (#1747) [Alberto Contreras]
  + pycloudlib: bump commit for gce cpu architecture support (#1750)
  + commit ffcb29bc8315d1e1d6244eeb1cbd8095958f7bad (LP: #1307667)
  + testing: workaround LXD vendor data (#1740)
  + support dhcp{4,6}-overrides in networkd renderer (#1710) [Aidan Obley]
  + tests: Drop httpretty in favor of responses (#1720) [Alberto Contreras]
  + cc_ubuntu_advantage: Implement custom auto-attach behaviors (#1583)
    [Alberto Contreras]
  + Fix Oracle DS not setting subnet when using IMDS (#1735) (LP: #1989686)
  + testing: focal lxd datasource discovery (#1734)
  + cc_ubuntu_advantage: Redact token from logs (#1726) [Alberto Contreras]
  + docs: make sure echo properly evaluates the string (#1733) [Mina Galić]
  + net: set dhclient lease and pid files (#1715)
  + cli: status machine-readable output --format yaml/json (#1663)
    (LP: #1883122)
  + tests: Simplify does_not_raise (#1731) [Alberto Contreras]
  + Refactor: Drop inheritance from object (#1728) [Alberto Contreras]
  + testing: LXD datasource now supported on Focal (#1732)
  + Allow jinja templating in /etc/cloud (SC-1170) (#1722) (LP: #1913461)
  + sources/azure: ensure instance id is always correct (#1727)
    [Chris Patterson]
  + azure: define new attribute for pre-22.3 pickles (#1725)
  + doc: main page Diátaxis rewording (SC-967) (#1701)
  + ubuntu advantage: improved idempotency, enable list is now strict
  + [Fabian Lichtenegger-Lukas]
  + test: bump pycloudlib (#1724) [Alberto Contreras]
  + cloud.cfg.tmpl: make sure "/centos"/ settings are identical to "/rhel"/
    (#1639) [Emanuele Giuseppe Esposito]
  + lxd: fetch 1.0/devices content (#1712) [Alberto Contreras]
  + Update docs according to ad8f406a (#1719)
  + testing: Port unittests/analyze to pytest (#1708) [Alberto Contreras]
  + doc: Fix rtd builds. (#1718) [Alberto Contreras]
  + testing: fully mock noexec calls (#1717) [Alberto Contreras]
  + typing: Add types to cc_<module>.handle (#1700) [Alberto Contreras]
  + Identify 3DS Outscale Datasource as Ec2 (#1686) [Maxime Dufour]
  + config: enable bootstrapping pip in ansible (#1707)
  + Fix cc_chef typing issue (#1716)
  + Refactor instance json files to use Paths (SC-1238) (#1709)
  + tools: read-version check GITHUB_REF and git branch --show-current
    (#1677)
  + net: Ensure a tmp with exec permissions for dhcp (#1690)
    [Alberto Contreras] (LP: #1962343)
  + testing: Fix test regression in test_combined (#1713) [Alberto Contreras]
  + Identify Huawei Cloud as OpenStack (#1689) [huang xinjie]
  + doc: add reporting suggestion to FAQ (SC-1236) (#1698)
  From 22.3
  + sources: obj.pkl cache should be written anyime get_data is run (#1669)
  + schema: drop release number from version file (#1664)
  + pycloudlib: bump to quiet azure HTTP info logs (#1668)
  + test: fix wireguard integration tests (#1666)
  + Github is deprecating the 18.04 runner starting 12.1 (#1665)
  + integration tests: Ensure one setup for all tests (#1661)
  + tests: ansible test fixes (#1660)
  + Prevent concurrency issue in test_webhook_hander.py (#1658)
  + Workaround net_setup_link race with udev (#1655) (LP: #1983516)
  + test: drop erroneous lxd assertion, verify command succeeded (#1657)
  + Fix Chrony usage on Centos Stream (#1648) [Sven Haardiek] (LP: #1885952)
  + sources/azure: handle network unreachable errors for savable PPS (#1642)
    [Chris Patterson]
  + Return cc_set_hostname to PER_INSTANCE frequency (#1651) (LP: #1983811)
  + test: Collect integration test time by default (#1638)
  + test: Drop forced package install hack in lxd integration test (#1649)
  + schema: Resolve user-data if --system given (#1644)
    [Alberto Contreras] (LP: #1983306)
  + test: use fake filesystem to avoid file removal (#1647)
    [Alberto Contreras]
  + tox: Fix tip-flake8 and tip-mypy (#1635) [Alberto Contreras]
  + config: Add wireguard config module (#1570) [Fabian Lichtenegger-Lukas]
  + tests: can run without azure-cli, tests expect inactive ansible (#1643)
  + typing: Type UrlResponse.contents (#1633) [Alberto Contreras]
  + testing: fix references to `DEPRECATED.` (#1641) [Alberto Contreras]
  + ssh_util: Handle sshd_config.d folder [Alberto Contreras] (LP: #1968873)
  + schema: Enable deprecations in cc_update_etc_hosts (#1631)
    [Alberto Contreras]
  + Add Ansible Config Module (#1579)
  + util: Support Idle process state in get_proc_ppid() (#1637)
  + schema: Enable deprecations in cc_growpart (#1628) [Alberto Contreras]
  + schema: Enable deprecations in cc_users_groups (#1627)
    [Alberto Contreras]
  + util: Fix error path and parsing in get_proc_ppid()
  + main: avoid downloading full contents cmdline urls (#1606)
    [Alberto Contreras] (LP: #1937319)
  + schema: Enable deprecations in cc_scripts_vendor (#1629)
    [Alberto Contreras]
  + schema: Enable deprecations in cc_set_passwords (#1630)
    [Alberto Contreras]
  + sources/azure: add experimental support for preprovisioned os disks
    (#1622) [Chris Patterson]
  + Remove configobj a_to_u calls (#1632) [Stefano Rivera]
  + cc_debug: Drop this module (#1614) [Alberto Contreras]
  + schema: add aggregate descriptions in anyOf/oneOf (#1636)
  + testing: migrate test_sshutil to pytest (#1617) [Alberto Contreras]
  + testing: Fix test_ca_certs integration test (#1626) [Alberto Contreras]
  + testing: add support for pycloudlib's pro images (#1604)
    [Alberto Contreras]
  + testing: migrate test_cc_set_passwords to pytest (#1615)
    [Alberto Contreras]
  + network: add system_info network activator cloud.cfg overrides (#1619)
    (LP: #1958377)
  + docs: Align git remotes with uss-tableflip setup (#1624)
    [Alberto Contreras]
  + testing: cover active config module checks (#1609) [Alberto Contreras]
  + lxd: lvm avoid thinpool when kernel module absent
  + lxd: enable MTU configuration in cloud-init
  + doc: pin doc8 to last passing version
  + cc_set_passwords fixes (#1590)
  + Modernise importer.py and type ModuleDetails (#1605) [Alberto Contreras]
  + config: Def activate_by_schema_keys for t-z (#1613) [Alberto Contreras]
  + config: define activate_by_schema_keys for p-r mods (#1611)
    [Alberto Contreras]
  + clean: add param to remove /etc/machine-id for golden image creation
  + config: define `activate_by_schema_keys` for a-f mods (#1608)
    [Alberto Contreras]
  + config: define activate_by_schema_keys for s mods (#1612)
    [Alberto Contreras]
  + sources/azure: reorganize tests for network config (#1586)
  + [Chris Patterson]
  + config: Define activate_by_schema_keys for g-n mods (#1610)
    [Alberto Contreras]
  + meta-schema: add infra to skip inapplicable modules [Alberto Contreras]
  + sources/azure: don't set cfg["/password"/] for default user pw (#1592)
    [Chris Patterson]
  + schema: activate grub-dpkg deprecations (#1600) [Alberto Contreras]
  + docs: clarify user password purposes (#1593)
  + cc_lxd: Add btrfs and lvm lxd storage options (SC-1026) (#1585)
  + archlinux: Fix distro naming[1] (#1601) [Kristian Klausen]
  + cc_ubuntu_autoinstall: support live-installer autoinstall config
  + clean: allow third party cleanup scripts in /etc/cloud/clean.d (#1581)
  + sources/azure: refactor chassis asset tag handling (#1574)
    [Chris Patterson]
  + Add "/netcho"/ as contributor (#1591) [Kaloyan Kotlarski]
  + testing: drop impish support (#1596) [Alberto Contreras]
  + black: fix missed formatting issue which landed in main (#1594)
  + bsd: Don't assume that root user is in root group (#1587)
  + docs: Fix comment typo regarding use of packages (#1582)
    [Peter Mescalchin]
  + Update govc command in VMWare walkthrough (#1576) [manioo8]
  + Update .github-cla-signers (#1588) [Daniel Mullins]
  + Rename the openmandriva user to omv (#1575) [Bernhard Rosenkraenzer]
  + sources/azure: increase read-timeout to 60 seconds for wireserver
    (#1571) [Chris Patterson]
  + Resource leak cleanup (#1556)
  + testing: remove appereances of FakeCloud (#1584) [Alberto Contreras]
  + Fix expire passwords for hashed passwords (#1577)
    [Sadegh Hayeri] (LP: #1979065)
  + mounts: fix suggested_swapsize for > 64GB hosts (#1569) [Steven Stallion]
  + Update chpasswd schema to deprecate password parsing (#1517)
  + tox: Remove entries from default envlist (#1578) (LP: #1980854)
  + tests: add test for parsing static dns for existing devices (#1557)
    [Jonas Konrad]
  + testing: port cc_ubuntu_advantage test to pytest (#1559)
    [Alberto Contreras]
  + Schema deprecation handling (#1549) [Alberto Contreras]
  + Enable pytest to run in parallel (#1568)
  + sources/azure: refactor ovf-env.xml parsing (#1550) [Chris Patterson]
  + schema: Force stricter validation (#1547)
  + ubuntu advantage config: http_proxy, https_proxy (#1512)
    [Fabian Lichtenegger-Lukas]
  + net: fix interface matching support (#1552) (LP: #1979877)
  + Fuzz testing jsonchema (#1499) [Alberto Contreras]
  + testing: Wait for changed boot-id in test_status.py (#1548)
  + CI: Fix GH pinned-format jobs (#1558) [Alberto Contreras]
  + Typo fix (#1560) [Jaime Hablutzel]
  + tests: mock dns lookup that causes long timeouts (#1555)
  + tox: add unpinned env for do_format and check_format (#1554)
  + cc_ssh_import_id: Substitute deprecated warn (#1553) [Alberto Contreras]
  + Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
  + Update WebHookHandler to run as background thread (SC-456) (#1491)
    (LP: #1910552)
  + testing: Don't run custom cloud dir test on Bionic (#1542)
  + bash completion: update schema command (#1543) (LP: #1979547)
  + CI: add non-blocking run against the linters tip versions (#1531)
    [Paride Legovini]
  + Change groups within the users schema to support lists and strings
    (#1545) [RedKrieg]
  + make it clear which username should go in the contributing doc (#1546)
  + Pin setuptools for Travis (SC-1136) (#1540)
  + Fix LXD datasource crawl when BOOT enabled (#1537)
  + testing: Fix wrong path in dual stack test (#1538)
  + cloud-config: honor cloud_dir setting (#1523)
    [Alberto Contreras] (LP: #1976564)
  + Add python3-debconf to pkg-deps.json Build-Depends (#1535)
    [Alberto Contreras]
  + redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
    (#1536)
  + tests/azure: add test coverage for DisableSshPasswordAuthentication
    (#1534) [Chris Patterson]
  + summary: Add david-caro to the cla signers (#1527) [David Caro]
  + Add support for OpenMandriva (https://openmandriva.org/) (#1520)
    [Bernhard Rosenkraenzer]
  + tests/azure: refactor ovf creation (#1533) [Chris Patterson]
  + Improve DataSourceOVF error reporting when script disabled (#1525) [rong]
  + tox: integration-tests-jenkins: softfail if only some test failed
    (#1528) [Paride Legovini]
  + CI: drop linters from Travis CI (moved to GH Actions) (#1530)
    [Paride Legovini]
  + sources/azure: remove unused encoding support for customdata (#1526)
    [Chris Patterson]
  + sources/azure: remove unused metadata captured when parsing ovf (#1524)
    [Chris Patterson]
  + sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
    [Chris Patterson]
  + Remove extra space from ec2 dual stack crawl message (#1521)
  + tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
    [Chris Patterson]
  + setup.py: adjust udev/rules default path (#1513)
    [Emanuele Giuseppe Esposito]
  + Add python3-deconf dependency (#1506) [Alberto Contreras]
  + Change match macadress param for network v2 config (#1518)
    [Henrique Caricatti Capozzi]
  + sources/azure: remove unused userdata property from ovf (#1516)
    [Chris Patterson]
  + sources/azure: minor refactoring to network config generation (#1497)
    [Chris Patterson]
  + net: Implement link-local ephemeral ipv6
  + Rename function to avoid confusion (#1501)
  + Fix cc_phone_home requiring 'tries' (#1500) (LP: #1977952)
  + datasources: replace networking functions with stdlib and cloudinit.net
  + code
  + Remove xenial references (#1472) [Alberto Contreras]
  + Oracle ds changes (#1474) [Alberto Contreras] (LP: #1967942)
  + improve runcmd docs (#1498)
  + add 3.11-dev to Travis CI (#1493)
  + Only run github actions on pull request (#1496)
  + Fix integration test client creation (#1494) [Alberto Contreras]
  + tox: add link checker environment, fix links (#1480)
  + cc_ubuntu_advantage: Fix doc (#1487) [Alberto Contreras]
  + cc_yum_add_repo: Fix repo id canonicalization (#1489)
    [Alberto Contreras] (LP: #1975818)
  + Add linitio as contributor in the project (#1488) [Kevin Allioli]
  + net-convert: use yaml.dump for debugging python NetworkState obj (#1484)
    (LP: #1975907)
  + test_schema: no relative $ref URLs, replace $ref with local path (#1486)
  + cc_set_hostname: do not write "/localhost"/ when no hostname is given
  + (#1453) [Emanuele Giuseppe Esposito]
  + Update .github-cla-signers (#1478) [rong]
  + schema: write_files defaults, versions $ref full URL and add vscode
    (#1479)
  + docs: fix external links, add one more to the list (#1477)
  + doc: Document how to change module frequency (#1481)
  + tests: bump pycloudlib (#1482)
  + tests: bump pycloudlib pinned commit for kinetic Azure (#1476)
  + testing: fix test_status.py (#1475)
  + integration tests: If KEEP_INSTANCE = True, log IP (#1473)
  + Drop mypy excluded files (#1454) [Alberto Contreras]
  + Docs additions (#1470)
  + Add "/formatting tests"/ to Github Actions
  + Remove unused arguments in function signature (#1471)
  + Changelog: correct errant classification of LP issues as GH (#1464)
  + Use Network-Manager and Netplan as default renderers for RHEL and Fedora
    (#1465) [Emanuele Giuseppe Esposito]
  From 22.2
  + Fix test due to caplog incompatibility (#1461) [Alberto Contreras]
  + Align rhel custom files with upstream (#1431)
    [Emanuele Giuseppe Esposito]
  + cc_write_files: Improve schema. (#1460) [Alberto Contreras]
  + cli: Redact files with permission errors in commands (#1440)
  + [Alberto Contreras] (LP: #1953430)
  + Improve cc_set_passwords. (#1456) [Alberto Contreras]
  + testing: make fake cloud-init wait actually wait (#1459)
  + Scaleway: Fix network configuration for netplan 0.102 and later (#1455)
    [Maxime Corbin]
  + Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka]
  + schema: version schema-cloud-config-v1.json (#1424)
  + cc_modules: set default meta frequency value when no config available
    (#1457)
  + Log generic warning on non-systemd systems. (#1450) [Alberto Contreras]
  + cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448)
    [Alberto Contreras]
  + Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras]
  + testing: Fix console_log tests (#1437)
  + tests: cc_set_passoword update for systemd, non-systemd distros  (#1449)
  + Fix bug in url_helper/dual_stack() logging (#1426)
  + schema: render schema paths from _CustomSafeLoaderWithMarks (#1391)
  + testing: Make integration tests kinetic friendly (#1441)
  + Handle error if SSH service no present. (#1422)
    [Alberto Contreras] (LP: #1969526)
  + Fix network-manager activator availability and order (#1438)
  + sources/azure: remove reprovisioning marker (#1414) [Chris Patterson]
  + upstart: drop vestigial support for upstart (#1421)
  + testing: Ensure NoCloud detected in test (#1439)
  + Update .github-cla-signers kallioli [Kevin Allioli]
  + Consistently strip top-level network key (#1417) (LP: #1906187)
  + testing: Fix LXD VM metadata test (#1430)
  + testing: Add NoCloud setup for NoCloud test (#1425)
  + Update linters and adapt code for compatibility (#1434) [Paride Legovini]
  + run-container: add support for LXD VMs (#1428) [Paride Legovini]
  + integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini]
  + Fix NoCloud docs (#1423)
  + Docs fixes (#1406)
  + docs: Add docs for module creation (#1415)
  + Remove cheetah from templater (#1416)
  + tests: verify_ordered_items fallback to re.escape if needed (#1420)
  + Misc module cleanup (#1418)
  + docs: Fix doc warnings and enable errors (#1419)
    [Alberto Contreras] (LP: #1876341)
  + Refactor cloudinit.sources.NetworkConfigSource to enum (#1413)
    [Alberto Contreras] (LP: #1874875)
  + Don't fail if IB and Ethernet devices 'collide' (#1411)
  + Use cc_* module meta defintion over hardcoded vars (SC-888) (#1385)
  + Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras]
  + Promote cloud-init schema from devel to top level subcommand (#1402)
  + mypy: disable missing imports warning for httpretty (#1412)
    [Chris Patterson]
  + users: error when home should not be created AND ssh keys provided
    [Jeffrey 'jf' Lim]
  + Allow growpart to resize encrypted partitions (#1316)
  + Fix typo in integration_test.rst (#1405) [Alberto Contreras]
  + cloudinit.net refactor: apply_network_config_names (#1388)
    [Alberto Contreras] (LP: #1884602)
  + tests/azure: add fixtures for hardcoded paths (markers and data_dir)
    (#1399) [Chris Patterson]
  + testing: Add responses workaround for focal/impish (#1403)
  + cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False
  + Fix ds-identify not detecting NoCloud seed in config (#1381)
    (LP: #1876375)
  + sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson]
  + Move notes about refactorization out of CONTRIBUTING.rst (#1389)
  + Shave ~8ms off generator runtime (#1387)
  + Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson]
  + schema: module example strict testing fix seed_random
  + cc_set_hostname: examples small typo (perserve vs preserve)
    [Wouter Schoot]
  + sources/azure: refactor http_with_retries to remove **kwargs (#1392)
    [Chris Patterson]
  + declare dependency on ssh-import-id (#1334)
  + drop references to old dependencies and old centos script
  + sources/azure: only wait for primary nic to be attached during restore
    (#1378) [Anh Vo]
  + cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384)
  + Network functions refactor and bugfixes (#1383)
  + schema: add JSON defs for modules cc_users_groups (#1379)
    (LP: #1858930)
  + Fix doc typo (#1382) [Alberto Contreras]
  + Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160)
  + Fix KeyError when rendering sysconfig IPv6 routes (#1380) (LP: #1958506)
  + Return a namedtuple from subp() (#1376)
  + Mypy stubs and other tox maintenance (SC-920) (#1374)
  + Distro Compatibility Fixes (#1375)
  + Pull in Gentoo patches (#1372)
  + schema: add json defs for modules U-Z (#1360)
    (LP: #1858928, #1858929, #1858931, #1858932)
  + util: atomically update sym links to avoid Suppress FileNotFoundError
  + when reading status (#1298) [Adam Collard] (LP: #1962150)
  + schema: add json defs for modules scripts-timezone (SC-801) (#1365)
  + docs: Add first tutorial (SC-900) (#1368)
  + BUG 1473527: module ssh-authkey-fingerprints fails Input/output error…
    (#1340) [Andrew Lee] (LP: #1473527)
  + add arch hosts template (#1371)
  + ds-identify: detect LXD for VMs launched from host with > 5.10 kernel
    (#1370) (LP: #1968085)
  + Support EC2 tags in instance metadata (#1309) [Eduardo Dobay]
  + schema: add json defs for modules e-install (SC-651) (#1366)
  + Improve "/(no_create_home|system): true"/ test (#1367) [Jeffrey 'jf' Lim]
  + Expose https_proxy env variable to ssh-import-id cmd (#1333)
    [Michael Rommel]
  + sources/azure: remove bind/unbind logic for hot attached nic (#1332)
    [Chris Patterson]
  + tox: add types-* packages to check_format env (#1362)
  + tests: python 3.10 is showing up in cloudimages (#1364)
  + testing: add additional mocks to test_net tests (#1356) [yangzz-97]
  + schema: add JSON schema for mcollective, migrator and mounts modules
    (#1358)
  + Honor system locale for RHEL (#1355) [Wei Shi]
  + doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani]
  + ds-identify: also discover LXD by presence from DMI board_name = LXD
    (#1311)
  + black: bump pinned version to 22.3.0 to avoid click dependency issues
    (#1357)
  + Various doc fixes (#1330)
  + testing: Add missing is_FreeBSD mock to networking test (#1353)
  + Add --no-update to add-apt-repostory call (SC-880) (#1337)
  + schema: add json defs for modules K-L (#1321)
    (LP: #1858899, #1858900, #1858901, #1858902)
  + docs: Re-order readthedocs install (#1354)
  + Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343)
    [Jeffrey 'jf' Lim]
  + docs: add jinja2 pin (#1352)
  + Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095]
  + sources/azure: move get_ip_from_lease_value out of shim (#1324)
    [Chris Patterson]
  + Fix cloud-init status --wait when no datasource found (#1349)
    (LP: #1966085)
  + schema: add JSON defs for modules resize-salt (SC-654) (#1341)
  + Add myself as a future contributor (#1345) [Neal Gompa (ニール・ゴンパ)]
  + Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim]
  + add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service
  + file (#1335) [yangzz-97]
  + Fix sysconfig render when set-name is missing (#1327)
    [Andrew Kutz] (LP: #1855945)
  + Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz]
  + url_helper: add tuple support for readurl timeout (#1328)
    [Chris Patterson]
  + Make fs labels match for ds-identify and docs (#1329)
  + Work around bug in LXD VM detection (#1325)
  + Remove redundant generator logs (#1318)
  + tox: set verbose flags for integration tests (#1323) [Chris Patterson]
  + net: introduce find_candidate_nics() (#1313) [Chris Patterson]
  + Revert "/Ensure system_cfg read before ds net config on Oracle (#1174)"/
    (#1326)
  + Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth]
  + Make VMWare data source test host independent and expand testing (#1308)
    [Robert Schweikert]
  + Add json schemas for modules starting with P
  + sources/azure: remove lease file parsing (#1302) [Chris Patterson]
  + remove flaky test from ci (#1322)
  + ci: Switch to python 3.10 in Travis CI (#1320)
  + Better interface handling for Vultr, expect unexpected DHCP servers
    (#1297) [eb3095]
  + Remove unused init local artifact (#1315)
  + Doc cleanups (#1317)
  + docs improvements (#1312)
  + add support for jinja do statements, add unit test (#1314)
    [Paul Bruno] (LP: #1962759)
  + sources/azure: prevent tight loops for DHCP retries (#1285)
    [Chris Patterson]
  + net/dhcp: surface type of DHCP lease failure to caller (#1276)
    [Chris Patterson]
  + Stop hardcoding systemctl location (#1278) [Robert Schweikert]
  + Remove python2 syntax from docs (#1310)
  + [tools/migrate-lp-user-to-github] Rename master branch to main (#1301)
    [Adam Collard]
  + redhat: Depend on "/hostname"/ package (#1288) [Lubomir Rintel]
  + Add native NetworkManager support (#1224) [Lubomir Rintel]
  + Fix link in CLA check to point to contribution guide. (#1299)
    [Adam Collard]
  + check for existing symlink while force creating symlink (#1281)
    [Shreenidhi Shedi]
  + Do not silently ignore integer uid (#1280) (LP: #1875772)
  + tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291)
  + Integration test fix ppa  (#1296)
  + tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289)
  + test_ppa_source: accept both http and https URLs (#1292)
    [Paride Legovini]
  + Fix apt test on azure
  + add "/lkundrak"/ as contributor [Lubomir Rintel]
  + Holmanb/integration test fix ppa (#1287)
  + Include missing subcommand in manpage (#1279)
  + Clean up artifacts from pytest, packaging, release with make clean
    (#1277)
  + sources/azure: ensure retries on IMDS request failure (#1271)
    [Chris Patterson]
  + sources/azure: removed unused savable PPS paths (#1268) [Chris Patterson]
  + integration tests: fix Azure failures (#1269)
  From 22.1
  + sources/azure: report ready in local phase (#1265) [Chris Patterson]
  + sources/azure: validate IMDS network configuration metadata (#1257)
    [Chris Patterson]
  + docs: Add more details to runcmd docs (#1266)
  + use PEP 589 syntax for TypeDict (#1253)
  + mypy: introduce type checking (#1254) [Chris Patterson]
  + Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095]
  + tests: when generating crypted password, generate in target env (#1252)
  + sources/azure: address mypy/pyright typing complaints (#1245)
    [Chris Patterson]
  + Docs for x-shellscript* userdata (#1260)
  + test_apt_security: azure platform has specific security URL overrides
    (#1263)
  + tests: lsblk --json output changes mountpoint key to mountpoinst []
    (#1261)
  + mounts: fix mount opts string for ephemeral disk (#1250)
    [Chris Patterson]
  + Shell script handlers by freq (#1166) [Chris Lalos]
  + minor improvements to documentation (#1259) [Mark Esler]
  + cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)
  + add "/eslerm"/ as contributor (#1258) [Mark Esler]
  + sources/azure: refactor ssh key handling (#1248) [Chris Patterson]
  + bump pycloudlib (#1256)
  + sources/hetzner: Use EphemeralDHCPv4 instead of static configuration
    (#1251) [Markus Schade]
  + bump pycloudlib version (#1255)
  + Fix IPv6 netmask format for sysconfig (#1215) [Harald] (LP: #1959148)
  + sources/azure: drop debug print (#1249) [Chris Patterson]
  + tests: do not check instance.pull_file().ok() (#1246)
  + sources/azure: consolidate ephemeral DHCP configuration (#1229)
    [Chris Patterson]
  + cc_salt_minion freebsd fix for rc.conf (#1236)
  + sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)
    [Chris Patterson]
  + Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo]
  + testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237)
  + Integration test changes (#1240)
  + Fix Gentoo Locales (#1205)
  + Add "/slingamn"/ as contributor (#1235) [Shivaram Lingamneni]
  + integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234)
  + Integration testing docs and refactor (#1231)
  + vultr: Return metadata immediately when found (#1233) [eb3095]
  + spell check docs with spellintian (#1223)
  + docs: include upstream python version info (#1230)
  + Schema a d (#1211)
  + Move LXD to end ds-identify DSLIST (#1228) (LP: #1959118)
  + fix parallel tox execution (#1214)
  + sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)
    [Chris Patterson]
  + Do not support setting up archive.canonical.com as a source (#1219)
    [Steve Langasek] (LP: #1959343)
  + Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095]
  + sources/azure: refactor _should_reprovision[_after_nic_attach]() logic
    (#1206) [Chris Patterson]
  + update ssh logs to show ssh private key gens pub and simplify code
    (#1221) [Steve Weber]
  + Remove mitechie from stale PR github action (#1217)
  + Include POST format in cc_phone_home docs (#1218) (LP: #1959149)
  + Add json parsing of ip addr show (SC-723) (#1210)
  + cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier]
  + Update .github-cla-signers (#1204) [Chris Lalos]
  + sources/azure: drop unused case in _report_failure() (#1200)
    [Chris Patterson]
  + sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)
    [Chris Patterson]
  + Add support for gentoo templates and cloud.cfg (#1179) [vteratipally]
  + sources/azure: unpack ret tuple in crawl_metadata() (#1194)
    [Chris Patterson]
  + tests: focal caplog has whitespace indentation for multi-line logs
    (#1201)
  + Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095]
  + integration: test against the Ubuntu daily images (#1198)
    [Paride Legovini]
  + cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)
  + tox: pass PYCLOUDLIB_* env vars into integration tests when present
    (#1196)
  + sources/azure: set ovf_is_accessible when OVF is read successfully
    (#1193) [Chris Patterson]
  + Enable OVF environment transport via ISO in example (#1195) [Megian]
  + sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting
    (#1190) [Chris Patterson]
  + Single JSON schema validation in early boot (#1175)
  + Add DatasourceOVF network-config propery to Ubuntu OVF example (#1184)
    [Megian]
  + testing: support pycloudlib config file (#1189)
  + Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174)
    (LP: #1956788)
  + Test Optimization Proposal (SC-736) (#1188)
  + cli: cloud-id report not-run or disabled state as cloud-id (#1162)
  + Remove distutils usage (#1177) [Shreenidhi Shedi]
  + add .python-version to gitignore (#1186)
  + print error if datasource import fails (#1170)
    [Emanuele Giuseppe Esposito]
  + Add new config module to set keyboard layout (#1176)
    [maxnet] (LP: #1951593)
  + sources/azure: rename metadata_type -> MetadataType (#1181)
    [Chris Patterson]
  + Remove 3.5 and xenial support (SC-711) (#1167)
  + tests: mock LXD datasource detection in ds-identify on LXD containers
    (#1178)
  + pylint: silence errors on compat code for old jsonschema (#1172)
    [Paride Legovini]
  + testing: Add 3.10 Test Coverage (#1173)
  + Remove unittests from integration test job in travis (#1141)
  + Don't throw exceptions for empty cloud config (#1130)
  + bsd/resolv.d/ avoid duplicated entries (#1163) [Gonéri Le Bouder]
  + sources/azure: do not persist failed_desired_api_version flag (#1159)
    [Chris Patterson]
  + Update cc_ubuntu_advantage calls to assume-yes (#1158)
    [John Chittum] (LP: #1954842)
  + openbsd: properly restart the network on 7.0 (#1150) [Gonéri Le Bouder]
  + Add .git-blame-ignore-revs (#1161)
  + Adopt Black and isort (SC-700) (#1157)
  + Include dpkg frontend lock in APT_LOCK_FILES (#1153)
  + tests/cmd/query: fix test run as root and add coverage for defaults
    (#1156) [Chris Patterson] (LP: #1825027)
  + Schema processing changes (SC-676) (#1144)
  + Add dependency workaround for impish in bddeb (#1148)
  + netbsd: install new dep packages (#1151) [Gonéri Le Bouder]
  + find_devs_with_openbsd: ensure we return the last entry (#1149)
    [Gonéri Le Bouder]
  + sources/azure: remove unnecessary hostname bounce (#1143)
    [Chris Patterson]
  + find_devs/openbsd: accept ISO on disk (#1132)
    [Gonéri Le Bouder]
  + Improve error log message when mount failed (#1140) [Ksenija Stanojevic]
  + add KsenijaS as a contributor (#1145) [Ksenija Stanojevic]
  + travis - don't run integration tests if no deb (#1139)
  + factor out function for getting top level directory of cloudinit (#1136)
  + testing: Add deterministic test id (#1138)
  + mock sleep() in azure test (#1137)
  + Add miraclelinux support (#1128) [Haruki TSURUMOTO]
  + docs: Make MACs lowercase in network config (#1135) (LP: #1876941)
  + Add Strict Metaschema Validation (#1101)
  + update dead link (#1133)
  + cloudinit/net: handle two different routes for the same ip (#1124)
    [Emanuele Giuseppe Esposito]
  + docs: pin mistune dependency (#1134)
  + Reorganize unit test locations under tests/unittests (#1126)
  + Fix exception when no activator found (#1129) (LP: #1948681)
  + jinja: provide and document jinja-safe key aliases in instance-data
    (SC-622) (#1123)
  + testing: Remove date from final_message test (SC-638) (#1127)
  + Move GCE metadata fetch to init-local (SC-502) (#1122)
  + Fix missing metadata routes for vultr (#1125) [eb3095]
  + cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console
    (#1081) [dermotbradley]
  + sources/azure: remove unused remnants related to agent command (#1119)
    [Chris Patterson]
  + github: update PR template's contributing URL (#1120) [Chris Patterson]
  + docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118)
  + testing: monkeypatch system_info call in unit tests (SC-533) (#1117)
  + Fix Vultr timeout and wait values (#1113) [eb3095]
  + lxd: add preference for LXD cloud-init.* config keys over user keys
    (#1108)
  + VMware: source /etc/network/interfaces.d/* on Debian
    [chengcheng-chcheng] (LP: #1950136)
  + Add cjp256 as contributor (#1109) [Chris Patterson]
  + integration_tests: Ensure log directory exists before symlinking to it
    (#1110)
  + testing: add growpart integration test (#1104)
  + integration_test: Speed up CI run time (#1111)
  + Some miscellaneous integration test fixes (SC-606) (#1103)
  + tests: specialize lxd_discovery test for lxd_vm vendordata (#1106)
  + Add convenience symlink to integration test output (#1105)
  + Fix for set-name bug in networkd renderer (#1100)
    [Andrew Kutz] (LP: #1949407)
  + Wait for apt lock (#1034) (LP: #1944611)
  + testing: stop chef test from running on openstack (#1102)
  + alpine.py: add options to the apk upgrade command (#1089) [dermotbradley]
cloud-netconfig
- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
cloud-regionsrv-client
- Update to version 10.1.2 (bsc#1211282)
  + Properly handle Ipv6 when checking update server responsiveness. If not
    available fall back and use IPv4 information
  + Use systemd_ordered to allow use in a container without pulling systemd
    into the container as a requirement
- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
  + Clean up the system if baseproduct registraion fails to leave the
    system in prestine state
  + Log when the registercloudguest command is invoked with --clean
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.
- Update to version 10.0.8 (bsc#1206428)
  - Fix regression introduced by 10.0.7. When the hosts file was modified
    such that there is no empty line at the end of the file the content
    after removing the registration data does not match the content prior
    to registration. The update fixes the issue triggered by an index
    logic error.
- Guard dmidecode dependency (bsc#1206082)
- Update to version 10.0.7 (bsc#1191880, bsc#1195925, bsc#1195924)
  - Implement functionality to detect if an update server has a new cert.
    Import the new cert when it is detected.
  - Forward port fix-for-sles12-disable-ipv6.patch
- From 10.0.6 (bsc#1205089)
  - Credentials are equal when username and password are the same ignore
    other entries in the credentials file
  - Handle multiple zypper names in process table, zypper and Zypp-main
    to properly detect the running process
- Add patch to block IPv6 on SLE12 (bsc#1203382)
cluster-glue
- ibmhmc stonith needs to be aware of HMC version - ref:_00D1igLOd._5005qAMc5b:ref
  (bsc#1203635)
  * Add upstream patch:
    38.patch
containerd
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
  Fixes the change for bsc#1210298.
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
  (bsc#1210298)
- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.20>
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.19>
  Includes fixes for:
  - CVE-2023-25153 bsc#1208423
  - CVE-2023-25173 bsc#1208426
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
  release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.12>
- Update to containerd v1.6.11. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.11>
- Update to containerd v1.6.9 for Docker v20.10.21-ce. Also includes a fix for
  CVE-2022-27191. boo#1206065 bsc#1197284 Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.9>
- add devel subpackage, which is needed by open-vm-tools
corosync
Deleted:
  bsc#1189680-cancel_hold_on_retransmit-option.patch
  bsc#1192467_dont-block-local-socket-pair.patch
  bug-1163460-totemip-Add-support-for-sin6_scope_id.patch
  bug-1166899-quorumtool-Fix-exit-status-codes.patch
- Update to version 2.4.6:
  * totemsrp: More informative messages
  * icmap: fix the icmap_get_*_r functions
  * stats: Add basic schedule-miss stats to needle
  * icmap: icmap_init_r() leaks if trie_create() fails
  * test: Fix cpgtest
  * pkgconfig: Add libqb dependency
  * man: votequorum.5: use proper single quotes
  * cpg: Change downlist log level
  * totem: Increase ring_id seq after load
  * totempg: Check sanity (length) of received message
  * totemsrp: Reduce MTU to left room second mcast
  * qnetd: Rename qnetd-log.c to log.c
  * qnetd: Fix double -d description
  * qnetd: Check log initialization error
  * qnetd: Add function to set log target
  * qdevice: Use log instead of libqb log
  * qdevice: Import log instead of qdevice-log
  * qdevice: Merge msg_decode_error functions
  * qnetd: Use log-common for nodelist debug dump
  * qdevice: Configurable log priority bump
  * tests: Add utils_parse_bool_str test
  * qdevice: Free memory used by log
  * qdevice: Add log test
  * qdevice: Add header files to list of test sources
  * qdevice: Add chk variant of vsyslog to test-log
  * qdevice: Add prototype of __vsyslog_chk
  * votequorum: Ignore the icmap_get_* return value
  * logconfig: Remove double free of value
  * cmap: Assert copied string length
  * sync: Assert sync_callbacks.name length
  * votequorum: Assert copied strings length
  * cpghum: Remove unused time variables and functions
  * cfgtool: Remove unused callbacks
  * cmapctl: Free bin_value on error
  * quorumtool: Assert copied string length
  * votequorum: Reflect runtime change of 2Node to WFA
  * main: Add schedmiss timestamp into message
  * votequorum: Change check of expected_votes
  * quorumtool: Fix exit status codes
  * quorumtool: exit on invalid expected votes
  * votequorum: set wfa status only on startup
  * Revert "/totemip: Add support for sin6_scope_id"/
  * Revert "/totemip: compare sin6_scope_id and interface_num"/
  * main: Make schedmiss in cmap and log equal
  * totemip: Add support for sin6_scope_id
  * qnetd: Do not call ffsplit_do on shutdown
  * qdevice: Fix connect heuristics result callback
  * qdevice: Fix connect heuristics result callback
  * qdevice: Log adds newline automatically
  * qnetd: Fix dpd timer
  * qnetd: Add support for keep active partition vote
  * common_lib: Remove trailing spaces in cs_strerror
  * totemsrp: Move token received callback
  * tests: Use CS_DISPATCH_BLOCKING instead of cycle
  * qnetd: Fix NULL dereference of client
  * qnetd: Simplify KAP Tie-breaker logic
  * totem: Add cancel_hold_on_retransmit config option
  * logsys: Unlock config mutex on error
  * totemsrp: Switch totempg buffers at the right time
  * totemudpu: Don't block local socketpair
  * configure.ac: fix pkgconfig issue of rdma
  * totemip: Add support for sin6_scope_id
  * totemip: compare sin6_scope_id and interface_num
  * qdevice: Change log level to NOTICE on PASS
  * cfgtool: output error messages to stderr
  * tools: use util_strtonum for options checking
  * cmapctl: return EXIT_FAILURE on failure
  * quorumtool: Help shouldn't require running service
  * quorumtool: strict check for -o option
  * cmapctl: check NULL for key type and value for -p
  * man: adjust description about interface section
  * qnetd: sort by node_id when add new client
  * man: replace votequorum_poll for actually used fn
cpupower
- Originally by aabdallah@suse.com:
  Don't exist if perf is unavailable.
  * Fix for SG#64023, bsc#1202890:
  A turbostat-Dont-exist-if-perf-is-unavailable.patch:
crash
- crash-devel requires zlib-devel (bsc#1205681)
crmsh
- Update to version 4.4.1+20230424.7f657402:
  * Fix: help: Long time to load and parse crm.8.adoc (bsc#1210198)
  * Fix: cibconfig: use any existing rsc_defaults set rather than create another one (bsc#1210614)
  * Fix: crm report: sustain if there are offline nodes (bsc#1209480)
- Update to version 4.4.1+20230329.13f2537f:
  * Dev: utils: Check passwordless between cluster nodes (bsc#1209986)
- Update to version 4.4.1+20230306.302812a1:
  * Dev: upgradeutil: do upgrade silently (bsc#1208327, bsc#1208934)
  * Fix: healthcheck: do not run automatic upgrade when crmsh is called by a non-root user (bsc#1208936)
  * Fix: bootstrap: Unset SBD_DELAY_START when running 'crm cluster start' (bsc#1202177)
  * Fix: report: Catch read exception (bsc#1206606)
- Update to version 4.4.0+20221209.64abfaca:
  * Dev: bootstrap: fix passwordless ssh authentication for hacluster automatically when a new node is joining the cluster (bsc#1201785)
  * Dev: upgradeutil: automated init ssh passwordless auth for hacluster after upgrading (bsc#1201785)
  * Dev: ui_context: redirect `foo -h`/`foo --help` to `help foo` (bsc#1205735)
  * Fix: cibconfig: Complete promotable=true and interlave=true for Promoted/Unpromoted resource (bsc#1205522)
  * Fix: qdevice: Adjust SBD_WATCHDOG_TIMEOUT when configuring qdevice not using stage (bsc#1205727)
  * Dev: parse: cli_to_xml: populate advised monitor/start/stop operations values
  * Fix: corosync: show corosync ring status if has fault (bsc#1205615)
cronie
- Allow to define the logger info and warning priority, fixes
  jsc#PED-2551
  * run-crons
  * sysconfig.cron
cups
- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
  "/use-after-free in cupsdAcceptClient()"/
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230
- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
  "/Heap buffer overflow in cupsd"/
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
  bsc#1211643
- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
  improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
  that fixes bsc#1191467, bsc#1198932:
  "/lpr reports 'No such file or directory' for missing catalogue files"/
  "//usr/bin/lpr: No such file or directory"/
- after-network_target-sssd_service.patch
  is derived from https://github.com/apple/cups/issues/5550 with its
  https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
  and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
  to add "/After=network.target sssd.service"/ to the systemd unit
  source files cupsd.service.in and cups.cups-lpdAT.service.in
  to fix bsc#1201234, bsc#1200321:
  "/Missing network dependency in systemd unit for cups-2.2.7"/
  "/CUPS may not always start if sssd is in use"/
- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
  is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
  which belongs to https://github.com/OpenPrinting/cups/issues/308
  that fixes bsc#1191525, bsc#1203446:
  "/Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"/
  "//usr/bin/lpr: Error - The printer or class does not exist."/
curl
- Security fixes:
  * [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
    fingerprint check.
  - Add curl-CVE-2023-28319.patch
  * [bsc#1211231, CVE-2023-28320] siglongjmp race condition
  - Add curl-CVE-2023-28320.patch
  * [bsc#1211232, CVE-2023-28321] IDN wildcard matching
  - Add curl-CVE-2023-28321.patch
  * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
  - Add curl-CVE-2023-28322.patch
- Update to 8.0.1: [jsc#PED-2580]
  * Rebase curl-secure-getenv.patch
  * Remove patches fixed in the update:
  - curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
  - curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
  - curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
  - curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
  - curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
  - curl-CVE-2022-27774.patch curl-CVE-2022-27774-2.patch
  - curl-CVE-2022-27774-disabletest-1568.patch
  - curl-CVE-2022-27775.patch curl-CVE-2022-32205.patch
  - curl-CVE-2022-32207.patch curl-CVE-2022-42916.patch
  - curl-CVE-2022-43551.patch curl-CVE-2023-23914-23915.patch
  - curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
  - curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
  - curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch
- Update to 8.0.1:
  * Bugfixes:
  - fix crash in curl_easy_cleanup
- Update to 8.0.0:
  * Security fixes:
  - TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
  - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
  - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
  - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
  - HSTS double-free [bsc#1209213, CVE-2023-27537]
  - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
  * Changes:
  - build: remove support for curl_off_t < 8 bytes
  * Bugfixes:
  - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
  - BINDINGS: add Fortran binding
  - cf-socket: use port 80 when resolving name for local bind
  - cookie: don't load cookies again when flushing
  - curl_path: create the new path with dynbuf
  - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
  - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
  - ftp: active mode with SSL, add the filter
  - hostip: avoid sscanf and extra buffer copies
  - http2: fix for http2-prior-knowledge when reusing connections
  - http2: fix handling of RST and GOAWAY to recognize partial transfers
  - http: don't send 100-continue for short PUT requests
  - http: fix unix domain socket use in https connects
  - libssh: use dynbuf instead of realloc
  - ngtcp2-gnutls.yml: bump to gnutls 3.8.0
  - sectransp: make read_cert() use a dynbuf when loading
  - telnet: only accept option arguments in ascii
  - telnet: parse telnet options without sscanf
  - url: fix the SSH connection reuse check
  - url: only reuse connections with same GSS delegation
  - urlapi: '%' is illegal in host names
  - ws: keep the socket non-blocking
  * Rebase libcurl-ocloexec.patch
- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch
- Update to 7.88.1:
  * Bugfix release
- Drop upstreamed patch:
  * curl-fix-uninitialized-value-in-tests.patch
- Update to 7.88.0: [bsc#1207990, CVE-2023-23914]
  [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916]
  * Security fixes:
  - CVE-2023-23914: HSTS ignored on multiple requests
  - CVE-2023-23915: HSTS amnesia with --parallel
  - CVE-2023-23916: HTTP multi-header compression denial of service
  * Changes:
  - curl.h: add CURL_HTTP_VERSION_3ONLY
  - share: add sharing of HSTS cache among handles
  - src: add --http3-only
  - tool_operate: share HSTS between handles
  - urlapi: add CURLU_PUNYCODE
  - writeout: add %{certs} and %{num_certs}
  * Bugfixes:
  - cf-socket: keep sockaddr local in the socket filters
  - cfilters:Curl_conn_get_select_socks: use the first non-connected filter
  - curl.h: allow up to 10M buffer size
  - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
  - curl/websockets.h: extend the websocket frame struct
  - curl: output warning at --verbose output for debug-enabled version
  - curl_free.3: fix return type of `curl_free`
  - curl_log: for failf/infof and debug logging implementations
  - dict: URL decode the entire path always
  - docs/DEPRECATE.md: deprecate gskit
  - easyoptions: fix header printing in generation script
  - haxproxy: send before TLS handhshake
  - hsts.d: explain hsts more
  - hsts: handle adding the same host name again
  - HTTP/[23]: continue upload when state.drain is set
  - http: decode transfer encoding first
  - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
  - http_proxy: do not assign data->req.p.http use local copy
  - lib: connect/h2/h3 refactor
  - libssh2: try sha2 algos for hostkey methods
  - md4: fix build with GnuTLS + OpenSSL v1
  - ngtcp2: replace removed define and stop using removed function
  - noproxy: support for space-separated names is deprecated
  - nss: implement data_pending method
  - openldap: fix missing sasl symbols at build in specific configs
  - openssl: adapt to boringssl's error code type
  - openssl: don't ignore CA paths when using Windows CA store (redux)
  - openssl: don't log raw record headers
  - openssl: make the BIO_METHOD a local variable in the connection filter
  - openssl: only use CA_BLOB if verifying peer
  - openssl: remove attached easy handles from SSL instances
  - openssl: store the CA after first send (ClientHello)
  - setopt: use >, not >=, when checking if uarg is larger than uint-max
  - smb: return error on upload without size
  - socketpair: allow localhost MITM sniffers
  - strdup: name it Curl_strdup
  - tool_getparam: fix hiding of command line secrets
  - tool_operate: fix error codes on bad URL & OOM
  - tool_operate: repair --rate
  - transfer: break the read loop when RECV is cleared
  - typecheck: accept expressions for option/info parameters
  - urlapi: avoid Curl_dyn_addf() for hex outputs
  - urlapi: skip path checks if path is just "//"/
  - urlapi: skip the extra dedotdot alloc if no dot in path
  - urldata: cease storing TLS auth type
  - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
  - urldata: make set.http200aliases conditional on HTTP being present
  - urldata: move the cookefilelist to the 'set' struct
  - urldata: remove unused struct fields, made more conditional
  - vquic: stabilization and improvements
  - vtls: fix hostname handling in filters
  - vtls: manage current easy handle in nested cfilter calls
  - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
  * Rebase libcurl-ocloexec.patch
  * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091
  - runtests: fix "/uninitialized value $port"/
  - Add curl-fix-uninitialized-value-in-tests.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
  * HTTP multi-header compression denial of service
  * Add curl-CVE-2023-23916.patch
- Security Fixes:
  * HSTS ignored on multiple requests [bsc#1207990, CVE-2023-23914]
  * HSTS amnesia with --parallel [bsc#1207991, CVE-2023-23915]
  * Add curl-CVE-2023-23914-23915.patch
- Update to 7.87.0:
  * Security fixes:
  - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
  - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
  * Changes
  - curl: add --url-query
  - CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
  - lib: add CURL_WRITEFUNC_ERROR to signal write callback error
  - openssl: reduce CA certificate bundle reparsing by caching
  - version: add a feature names array to curl_version_info_data
  * Bugfixes
  - altsvc: fix rejection of negative port numbers
  - aws_sigv4: consult x-%s-content-sha256 for payload hash
  - aws_sigv4: fix typos in aws_sigv4.c
  - base64: better alloc size
  - base64: encode without using snprintf
  - base64: faster base64 decoding
  - build: assume assert.h is always available
  - build: assume errno.h is always available
  - c-hyper: CONNECT respones are not server responses
  - c-hyper: fix multi-request mechanism
  - CI: Change FreeBSD image from 12.3 to 12.4
  - CI: LGTM.com will be shut down in December 2022
  - ci: Remove zuul fuzzing job as it's superseded by CIFuzz
  - cmake: check for cross-compile, not for toolchain
  - CMake: fix build with `CURL_USE_GSSAPI`
  - cmake: really enable warnings with clang
  - cmake: set the soname on the shared library
  - cmdline-opts/gen.pl: fix the linkifier
  - cmdline-opts/page-footer: remove long option nroff formatting
  - config-mac: define HAVE_SYS_IOCTL_H
  - config-mac: fix typo: size_T -> size_t
  - config-mac: remove HAVE_SYS_SELECT_H
  - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
  - configure: require fork for NTLM-WB
  - contributors.sh: actually use $CURLWWW instead of just setting it
  - cookie: compare cookie prefixes case insensitively
  - cookie: expire cookies at once when max-age is negative
  - cookie: open cookie jar as a binary file
  - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
  - curl-rustls.m4: on macOS, rustls also needs the Security framework
  - curl.h: include <sys/select.h> on SerenityOS
  - curl.h: name all public function parameters
  - curl.h: reword comment to not use deprecated option
  - curl: override the numeric locale and set "/C"/ by force
  - curl: timeout in the read callback
  - curl_endian: remove Curl_write64_le from header
  - curl_get_line: allow last line without newline char
  - curl_path: do not add '/' if homedir ends with one
  - curl_url_get.3: remove spurious backtick
  - curl_url_set.3: document CURLU_DISALLOW_USER
  - curl_url_set.3: fix typo
  - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
  - CURLOPT_COOKIEFILE.3: advice => advise
  - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
  - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "/raw"/
  - CURLOPT_POST.3: Explain setting to 0 changes request type
  - docs/curl_ws_send: Fixed typo in websocket docs
  - docs/EARLY-RELEASE.md: how to determine an early release
  - docs/examples: spell correction ('Retrieve')
  - docs/INSTALL.md: expand on static builds
  - docs/WEBSOCKET.md: explain the URL use
  - docs: add missing parameters for --retry flag
  - docs: add more "/SEE ALSO"/ links to CA related pages
  - docs: explain the noproxy CIDR notation support
  - docs: extend the dump-header documentation
  - docs: remove performance note in CURLOPT_SSL_VERIFYPEER
  - examples/10-at-a-time: fix possible skipped final transfers
  - examples: update descriptions
  - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
  - gen.pl: do not generate CURLHELP bitmask lines > 79 characters
  - GHA: clarify workflows permissions, set least possible privilege
  - GHA: NSS use clang instead of clang-9
  - gnutls: use common gnutls init and verify code for ngtcp2
  - headers: add endif comments
  - HTTP-COOKIES.md: mention that http://localhost is a secure context
  - HTTP-COOKIES.md: update the 6265bis link to draft-11
  - http: do not send PROXY more than once
  - http: fix the ::1 comparison for IPv6 localhost for cookies
  - http: set 'this_is_a_follow' in the Location: logic
  - http: use the IDN decoded name in HSTS checks
  - hyper: classify headers as CONNECT and 1XX
  - hyper: fix handling of hyper_task's when reusing the same address
  - idn: remove Curl_win32_ascii_to_idn
  - INSTALL: update operating systems and CPU archs
  - KNOWN_BUGS: remove eight entries
  - lib1560: add some basic IDN host name tests
  - lib: connection filters (cfilter) addition to curl:
  - lib: feature deprecation warnings in gcc >= 4.3
  - lib: fix some type mismatches and remove unneeded typecasts
  - lib: parse numbers with fixed known base 10
  - lib: remove bad set.opt_no_body assignments
  - lib: rewind BEFORE request instead of AFTER previous
  - lib: sync guard for Curl_getaddrinfo_ex() definition and use
  - lib: use size_t or int etc instead of longs
  - libcurl-errors.3: remove duplicate word
  - libssh2: return error when ssh_hostkeyfunc returns error
  - limit-rate.d: see also --rate
  - log2changes.pl: wrap long lines at 80 columns
  - Makefile.mk: address minor issues
  - Makefile.mk: improve a GNU Make hack
  - Makefile.mk: portable Makefile.m32
  - maketgz: set the right version in lib/libcurl.plist
  - mime: relax easy/mime structures binding
  - misc: Fix incorrect spelling
  - misc: remove duplicated include files
  - misc: typo and grammar fixes
  - negtelnetserver.py: have it call its close() method
  - netrc.d: provide mutext info
  - netware: remove leftover traces
  - noproxy: also match with adjacent comma
  - noproxy: guard against empty hostnames in noproxy check
  - noproxy: tailmatch like in 7.85.0 and earlier
  - nroff-scan.pl: detect double highlights
  - ntlm: improve comment for encrypt_des
  - ntlm: silence ubsan warning about copying from null target_info pointer
  - openssl/mbedtls: use %d for outputing port with failf (int)
  - openssl: prefix errors with '[lib]/[version]: '
  - os400: use platform socklen_t in Curl_getnameinfo_a
  - page-header: grammar improvement (display transfer rate)
  - proxy: refactor haproxy protocol handling as connection filter
  - README.md: remove badges and xmas-tree garnish
  - rtsp: fix RTSP auth
  - runtests: --no-debuginfod now disables DEBUGINFOD_URLS
  - runtests: do CRLF replacements per section only
  - scripts/checksrc.pl: detect duplicated include files
  - sendf: change Curl_read_plain to wrap Curl_recv_plain
  - sendf: remove unnecessary if condition
  - setup: do not require __MRC__ defined for Mac OS 9 builds
  - smb/telnet: do not free the protocol struct in *_done()
  - socks: fix username max size is 255 (0xFF)
  - spellcheck.words: remove 'github' as an accepted word
  - ssl-reqd.d: clarify that this is for upgrading connections only
  - strcase: use curl_str(n)equal for case insensitive matches
  - styled-output.d: this option does not work on Windows
  - system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
  - system.h: support 64-bit curl_off_t for NonStop 32-bit
  - test1421: fix typo
  - test3026: reduce runtime in legacy mingw builds
  - tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
  - tests: add authorityInfoAccess to generated certs
  - tests: add HTTP/3 test case, custom location for proper nghttpx
  - tls: backends use connection filters for IO, enabling HTTPS-proxy
  - tool: determine the correct fopen option for -D
  - tool_cfgable: free the ssl_ec_curves on exit
  - tool_cfgable: make socks5_gssapi_nec a boolean
  - tool_formparse: avoid clobbering on function params
  - tool_getparam: make --no-get work as the opposite of --get
  - tool_operate: provide better errmsg for -G with bad URL
  - tool_operate: when aborting, make sure there is a non-NULL error buffer
  - tool_paramhlp: free the proto strings on exit
  - url: move back the IDN conversion of proxy names
  - urlapi: reject more bad letters from the host name: &+()
  - urldata: change port num storage to int and unsigned short
  - vms: remove SIZEOF_SHORT
  - vtls: fix build without proxy support
  - vtls: localization of state data in filters
  - WEBSOCKET.md: fix broken link
  - Websocket: fixes for partial frames and buffer updates
  - websockets: fix handling of partial frames
  - windows: fail early with a missing windres in autotools
  - windows: fix linking .rc to shared curl with autotools
  - winidn: drop WANT_IDN_PROTOTYPES
  - ws: if no connection is around, return error
  - ws: return CURLE_NOT_BUILT_IN when websockets not built in
  - x509asn1: avoid freeing unallocated pointers
- Security Fix: [bsc#1206309, CVE-2022-43552]
  * HTTP Proxy deny use-after-free
  * Add curl-CVE-2022-43552.patch
- Security Fix: [bsc#1206308, CVE-2022-43551]
  * Fix Another HSTS bypass via IDN
  * Add curl-CVE-2022-43551.patch
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
  a bandaid. Curl's 7.86.0 release introduces the use of
  nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
  introduced by nghttp2 1.50.0 release, without introducing a check
  for the function/right version in their build scripts. This will
  make Zypper/cURL unusable in some corner cases where users
  installing something that requires libcurl4 before doing full
  system upgrade, thus updating the cURL stack, but not
  libnghttp2's. Background: boo#1204983, Factory mailing list
  threadd:
  "/? broken dependency in curl and/or *zyp* ?"/, and forums thread:
  Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
- Update to 7.86.0:
  * Security fixes:
  - POST following PUT confusion [bsc#1204383, CVE-2022-32221]
  - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
  - HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
  - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
  * Changes:
  - NPN: remove support for and use of
  - Websockets: initial support
  * Bugfixes:
  - altsvc: reject bad port numbers
  - autotools: reduce brute-force when detecting recv/send arg list
  - aws_sigv4: fix header computation
  - cli tool: do not use disabled protocols
  - connect: change verbose IPv6 address:port to [address]:port
  - connect: fix builds without AF_INET6
  - connect: fix Curl_updateconninfo for TRNSPRT_UNIX
  - connect: fix the wrong error message on connect failures
  - content_encoding: use writer struct subclasses for different encodings
  - cookie: reject cookie names or content with TAB characters
  - curl/add_file_name_to_url: use the libcurl URL parser
  - curl/get_url_file_name: use libcurl URL parser
  - curl: warn for --ssl use, considered insecure
  - docs/libcurl/symbols-in-versions: add several missing symbols
  - ftp: ignore a 550 response to MDTM
  - functypes: provide the recv and send arg and return types
  - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
  - header: define public API functions as extern c
  - headers: reset the requests counter at transfer start
  - hostip: guard PF_INET6 use
  - hostip: lazily wait to figure out if IPv6 works until needed
  - http, vauth: always provide Curl_allow_auth_to_host() functionality
  - http2: make nghttp2 less picky about field whitespace
  - http: try parsing Retry-After: as a number first
  - http_proxy: restore the protocol pointer on error
  - lib: add missing limits.h includes
  - lib: prepare the incoming of additional protocols
  - lib: sanitize conditional exclusion around MIME
  - libssh: if sftp_init fails, don't get the sftp error code
  - mprintf: reject two kinds of precision for the same argument
  - mqtt: return error for too long topic
  - netrc: compare user name case sensitively
  - netrc: replace fgets with Curl_get_line
  - netrc: use the URL-decoded user
  - ngtcp2: fix build errors due to changes in ngtcp2 library
  - noproxy: support proxies specified using cidr notation
  - openssl: make certinfo available for QUIC
  - resolve: make forced IPv4 resolve only use A queries
  - schannel: ban server ALPN change during recv renegotiation
  - schannel: don't reset recv/send function pointers on renegotiation
  - schannel: when importing PFX, disable key persistence
  - setopt: use the handler table for protocol name to number conversions
  - setopt: when POST is set, reset the 'upload' field
  - single_transfer: use the libcurl URL parser when appending query parts
  - smb: replace CURL_WIN32 with WIN32
  - tool: avoid generating ambiguous escaped characters in --libcurl
  - tool_main: exit at once if out of file descriptors
  - tool_operate: more transfer cleanup after parallel transfer fail
  - tool_operate: prevent over-queuing in parallel mode
  - tool_paramhelp: asserts verify maximum sizes for string loading
  - tool_xattr: save the original URL, not the final redirected one
  - url: a zero-length userinfo part in the URL is still a (blank) user
  - url: allow non-HTTPS HSTS-matching for debug builds
  - url: rename function due to name-clash in Watt-32
  - url: use IDN decoded names for HSTS checks
  - urlapi: detect scheme better when not guessing
  - urlapi: fix parsing URL without slash with CURLU_URLENCODE
  - urlapi: reject more bad characters from the host name field
  * Remove patch upstream:
  - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Update connection info when using UNIX socket as endpoint
  connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Change the deprecated configure option --enable-hidden-symbols
  to the new --enable-symbol-hiding.
- Update to 7.85.0:
  * Security fixes: [bsc#1202593, CVE-2022-35252]
  - control code in cookie denial of service
  * Changes:
  - quic: add support via wolfSSL
  - schannel: Add TLS 1.3 support
  - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
  * Bugfixes:
  - asyn-thread: fix socket leak on OOM
  - asyn-thread: make getaddrinfo_complete return CURLcode
  - base64: base64url encoding has no padding
  - configure: fix broken m4 syntax in TLS options
  - configure: if asked to use TLS, fail if no TLS lib was detected
  - connect: add quic connection information
  - connect: set socktype/protocol correctly
  - cookie: reject cookies with "/control bytes"/
  - cookie: treat a blank domain in Set-Cookie: as non-existing
  - curl: output warning when a cookie is dropped due to size
  - Curl_close: call Curl_resolver_cancel to avoid memory-leak
  - digest: fix memory leak, fix not quoted 'opaque'
  - digest: fix missing increment of 'nc' value for auth-int
  - digest: pass over leading spaces in qop values
  - digest: reject broken header with session protocol but without qop
  - doh: use https protocol by default
  - easy_lock.h: include sched.h if available to fix build
  - easy_lock.h: use __asm__ instead of asm to fix build
  - easy_lock: switch to using atomic_int instead of bool
  - ftp: use a correct expire ID for timer expiry
  - h2h3: fix overriding the 'TE: Trailers' header
  - hostip: resolve *.localhost to 127.0.0.1/::1
  - HTTP3.md: update to msh3 v0.4.0
  - hyper: use wakers for curl pause/resume
  - lib3026: reduce the number of threads to 100
  - libssh2: make atime/mtime date overflow return error
  - libssh2: provide symlink name in SFTP dir listing
  - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
  - multi: use larger dns hash table for multi interface
  - multi_wait: fix skipping to populate revents for extra_fds
  - netrc: Use the password from lines without login
  - ngtcp2: Fix build error due to change in nghttp3 prototypes
  - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
  - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
  - openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
  - openssl: add cert path in error message
  - openssl: add details to "/unable to set client certificate"/ error
  - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
  - select: do not return fatal error on EINTR from poll()
  - sendf: fix paused header writes since after the header API
  - sendf: skip storing HTTP headers if HTTP disabled
  - url: really use the user provided in the url when netrc entry exists
  - url: reject URLs with hostnames longer than 65535 bytes
  - url: treat missing usernames in netrc as empty
  - urldata: reduce size of several struct fields
  - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
  * Remove tests-for-32bit.patch fixed in the update
  * Rebase libcurl-ocloexec.patch
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Update to 7.84.0:
  * Security fixes:
  - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
  - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
  - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
  - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
  * Changes:
  - curl: add --rate to set max request rate per time unit
  - curl: deprecate --random-file and --egd-file
  - curl_version_info: add CURL_VERSION_THREADSAFE
  - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
  - lib: make curl_global_init() threadsafe when possible
  - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
  - opts: deprecate RANDOM_FILE and EGDSOCKET
  - socks: support unix sockets for socks proxy
  * Bugfixes:
  - aws-sigv4: fix potentional NULL pointer arithmetic
  - bindlocal: don't use a random port if port number would wrap
  - c-hyper: mark status line as status for Curl_client_write()
  - ci: avoid `cmake -Hpath`
  - CI: bump FreeBSD 13.0 to 13.1
  - ci: update github actions
  - cmake: add libpsl support
  - cmake: do not add libcurl.rc to the static libcurl library
  - cmake: enable curl.rc for all Windows targets
  - cmake: fix detecting libidn2
  - cmake: support adding a suffix to the OS value
  - configure: skip libidn2 detection when winidn is used
  - configure: use the SED value to invoke sed
  - configure: warn about rustls being experimental
  - content_encoding: return error on too many compression steps
  - cookie: address secure domain overlay
  - cookie: apply limits
  - copyright.pl: parse and use .reuse/dep5 for skips
  - copyright: make repository REUSE compliant
  - curl.1: add a few see also --tls-max
  - curl.1: mention exit code zero too
  - curl: re-enable --no-remote-name
  - curl_easy_pause.3: remove explanation of progress function
  - curl_getdate.3: document that some illegal dates pass through
  - Curl_parsenetrc: don't access local pwbuf outside of scope
  - curl_url_set.3: clarify by default using known schemes only
  - CURLOPT_ALTSVC.3: document the file format
  - CURLOPT_FILETIME.3: fix the protocols this works with
  - CURLOPT_HTTPHEADER.3: improve comment in example
  - CURLOPT_NETRC.3: document the .netrc file format
  - CURLOPT_PORT.3: We discourage using this option
  - CURLOPT_RANGE.3: remove ranged upload advice
  - digest: added detection of more syntax error in server headers
  - digest: tolerate missing "/realm"/
  - digest: unquote realm and nonce before processing
  - DISABLED: disable 1021 for hyper again
  - docs/cmdline-opts: add copyright and license identifier to each file
  - docs/CONTRIBUTE.md: document the 'needs-votes' concept
  - docs: clarify data replacement policy for MIME API
  - doh: remove UNITTEST macro definition
  - examples/crawler.c: use the curl license
  - examples: remove fopen.c and rtsp.c
  - FAQ: Clarify Windows double quote usage
  - fopen: add Curl_fopen() for better overwriting of files
  - ftp: restore protocol state after http proxy CONNECT
  - ftp: when failing to do a secure GSSAPI login, fail hard
  - GHA/hyper: enable debug in the build
  - gssapi: improve handling of errors from gss_display_status
  - gssapi: initialize gss_buffer_desc strings
  - headers api: remove EXPERIMENTAL tag
  - http2: always debug print stream id in decimal with %u
  - http2: reject overly many push-promise headers
  - http: restore header folding behavior
  - hyper: use 'alt-used'
  - krb5: return error properly on decode errors
  - lib: make more protocol specific struct fields #ifdefed
  - libcurl-security.3: add "/Secrets in memory"/
  - libcurl-security.3: document CRLF header injection
  - libssh: skip the fake-close when libssh does the right thing
  - links: update dead links to the curl-wiki
  - log2changes: do not indent empty lines [ci skip]
  - macos9: remove partial support
  - Makefile.am: fix portability issues
  - Makefile.m32: delete obsolete options, improve -On [ci skip]
  - Makefile.m32: delete two obsolete OpenSSL options [ci skip]
  - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
  - max-time.d: clarify max-time sets max transfer time
  - mprintf: ignore clang non-literal format string
  - netrc: check %USERPROFILE% as well on Windows
  - netrc: support quoted strings
  - ngtcp2: allow curl to send larger UDP datagrams
  - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
  - ngtcp2: enable Linux GSO
  - ngtcp2: extend QUIC transport parameters buffer
  - ngtcp2: fix alert_read_func return value
  - ngtcp2: fix typo in preprocessor condition
  - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
  - ngtcp2: send appropriate connection close error code
  - ngtcp2: support boringssl crypto backend
  - ngtcp2: use helper funcs to simplify TLS handshake integration
  - ntlm: provide a fixed fake host name
  - projects: fix third-party SSL library build paths for Visual Studio
  - quic: add Curl_quic_idle
  - quiche: support ca-fallback
  - rand: stop detecting /dev/urandom in cross-builds
  - remote-name.d: mention --output-dir
  - runtests.pl: add the --repeat parameter to the --help output
  - runtests: fix skipping tests not done event-based
  - runtests: skip starting the ssh server if user name is lacking
  - scripts/copyright.pl: fix the exclusion to not ignore man pages
  - sectransp: check for a function defined when __BLOCKS__ is undefined
  - select: return error from "/lethal"/ poll/select errors
  - server/sws: support spaces in the HTTP request path
  - speed-limit/time.d: mention these affect transfers in either direction
  - strcase: some optimisations
  - test 2081: add a valid reply for the second request
  - test 675: add missing CR so the test passes when run through Privoxy
  - test414: add the '--resolve' keyword
  - test681: verify --no-remote-name
  - tests 266, 116 and 1540: add a small write delay
  - tests/data/test1501: kill ftp server after slow LIST response
  - tests/getpart: fix getpartattr to work with "/data"/ and "/data2"/
  - tests/server/sws.c: change the HTTP writedelay unit to milliseconds
  - test{440,441,493,977}: add "/HTTP proxy"/ keywords
  - tool_getparam: fix --parallel-max maximum value constraint
  - tool_operate: make sure --fail-with-body works with --retry
  - transfer: fix potential NULL pointer dereference
  - transfer: maintain --path-as-is after redirects
  - transfer: upload performance; avoid tiny send
  - url: free old conn better on reuse
  - url: remove redundant #ifdefs in allocate_conn()
  - url: URL encode the path when extracted, if spaces were set
  - urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
  - urlapi: support CURLU_URLENCODE for curl_url_get()
  - urldata: reduce size of a few struct fields
  - urldata: remove three unused booleans from struct UserDefined
  - urldata: store tcp_keepidle and tcp_keepintvl as ints
  - version: allow stricmp() for sorting the feature list
  - vtls: make curl_global_sslset thread-safe
  - wolfssh.h: removed
  - wolfssl: correct the failf() message when a handle can't be made
  - wolfSSL: explicitly use compatibility layer
  - x509asn1: mark msnprintf return as unchecked
- Update to 7.83.1:
  * Security fixes:
  - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
  - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
  - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
  - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
  - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
  - (bsc#1199220, CVE-2022-27778) removes wrong file on error
  * Bugfixes:
  - altsvc: fix host name matching for trailing dots
  - cirrus: Update to FreeBSD 12.3
  - cirrus: Use pip for Python packages on FreeBSD
  - conn: fix typo 'connnection' -> 'connection' in two function names
  - cookies: make bad_domain() not consider a trailing dot fine
  - curl: free resource in error path
  - curl: guard against size_t wraparound in no-clobber code
  - CURLOPT_DOH_URL.3: mention the known bug
  - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
  - CURLOPT_SSH_AUTH_TYPES.3: fix the default
  - data/test376: set a proper name
  - GHA/mbedtls: enabled nghttp2 in the build
  - gha: build msh3
  - gskit: fixed bogus setsockopt calls
  - gskit: remove unused function set_callback
  - hsts: ignore trailing dots when comparing hosts names
  - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
  - http: move Curl_allow_auth_to_host()
  - http_proxy/hyper: handle closed connections
  - hyper: fix test 357
  - Makefile: fix "/make ca-firefox"/
  - mbedtls: bail out if rng init fails
  - mbedtls: fix compile when h2-enabled
  - mbedtls: fix some error messages
  - misc: use "/autoreconf -fi"/ instead buildconf
  - msh3: get msh3 version from MsH3Version
  - msh3: print boolean value as text representation
  - msh3: psss remote_port to MsH3ConnectionOpen
  - ngtcp2: add ca-fallback support for OpenSSL backend
  - nss: return error if seemingly stuck in a cert loop
  - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
  - post_per_transfer: remove the updated file name
  - sectransp: bail out if SSLSetPeerDomainName fails
  - tests/server: declare variable 'reqlogfile' static
  - tests: fix markdown formatting in README
  - test{898,974,976}: add 'HTTP proxy' keywords
  - tls: check more TLS details for connection reuse
  - url: check SSH config match on connection reuse
  - urlapi: address (harmless) UndefinedBehavior sanitizer warning
  - urlapi: reject percent-decoding host name into separator bytes
  - x509asn1: make do_pubkey handle EC public keys
- Patches rework:
  * Refreshed all patches as -p1.
  * Use autopatch macro.
  * Renamed:
  - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
  * Removed (already upstream):
  - curl-fix-verifyhost.patch
- Update to 7.83.0:
  * Security fixes:
  - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
  - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
  - (bsc#1198608, CVE-2022-27774) Credential leak on redirect
  - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
  * Changes:
  - curl: add %header{name} experimental support in -w handling
  - curl: add %{header_json} experimental support in -w handling
  - curl: add --no-clobber
  - curl: add --remove-on-error
  - header api: add curl_easy_header and curl_easy_nextheader
  - msh3: add support for QUIC and HTTP/3 using msh3
  * Bugfixes:
  - appveyor: add Cygwin build
  - appveyor: only add MSYS2 to PATH where required
  - BearSSL: add CURLOPT_SSL_CIPHER_LIST support
  - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
  - BINDINGS.md: add Hollywood binding
  - CI: Do not use buildconf. Instead, just use: autoreconf -fi
  - CI: install Python package impacket to run SMB test 1451
  - configure.ac: move -pthread CFLAGS setting back where it used to be
  - configure: bump the copyright year range int the generated output
  - conncache: include the zone id in the "/bundle"/ hashkey
  - connecache: remove duplicate connc->closure_handle check
  - connect: make Curl_getconnectinfo work with conn cache from share handle
  - connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
  - cookie.d: clarify when cookies are sent
  - cookies: improve errorhandling for reading cookiefile
  - curl/system.h: update ifdef condition for MCST-LCC compiler
  - curl: error out if -T and -d are used for the same URL
  - curl: error out when options need features not present in libcurl
  - curl: escape '?' in generated --libcurl code
  - curl: fix segmentation fault for empty output file names.
  - curl_easy_header: fix typos in documentation
  - CURLINFO_PRIMARY_PORT.3: clarify which port this is
  - CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
  - CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
  - CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
  - CURLOPT_PROGRESSFUNCTION.3: fix typo in example
  - CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
  - CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
  - docs/HYPER.md: updated to reflect current hyper build needs
  - docs/opts: Mention Schannel client cert type is P12
  - docs: Fix missing semicolon in example code
  - docs: lots of minor language polish
  - English: use American spelling consistently
  - fail.d: tweak the description
  - firefox-db2pem.sh: make the shell script safer
  - ftp: fix error message for partial file upload
  - gen.pl: change wording for mutexed options
  - GHA: add openssl3 jobs moved over from zuul
  - GHA: build hyper with nightly rustc
  - GHA: move bearssl jobs over from zuul
  - gha: move the event-based test over from Zuul
  - gtls: fix build for disabled TLS-SRP
  - http2: handle DONE called for the paused stream
  - http2: RST the stream if we stop it on our own will
  - http: avoid auth/cookie on redirects same host diff port
  - http: close the stream (not connection) on time condition abort
  - http: reject header contents with nul bytes
  - http: return error on colon-less HTTP headers
  - http: streamclose "/already downloaded"/
  - hyper: fix status_line() return code
  - hyper: fix tests 580 and 581 for hyper
  - hyper: no h2c support
  - infof: consistent capitalization of warning messages
  - ipv4/6.d: clarify that they are about using IP addresses
  - json.d: fix typo (overriden -> overridden)
  - keepalive-time.d: It takes many probes to detect brokenness
  - lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
  - lib670: avoid double check result
  - lib: #ifdef on USE_HTTP2 better
  - lib: fix some misuse of curlx_convert_wchar_to_UTF8
  - lib: remove exclamation marks
  - libssh2: compare sha256 strings case sensitively
  - libssh2: make the md5 comparison fail if wrong length
  - libssh: fix build with old libssh versions
  - libssh: fix double close
  - libssh: Improve fix for missing SSH_S_ stat macros
  - libssh: unstick SFTP transfers when done event-based
  - macos: set .plist version in autoconf
  - mbedtls: remove 'protocols' array from backend when ALPN is not used
  - mbedtls: remove server_fd from backend
  - mk-ca-bundle.pl: Use stricter logic to process the certificates
  - mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
  - mlc_config.json: add file to ignore known troublesome URLs
  - mqtt: better handling of TCP disconnect mid-message
  - ngtcp2: add client certificate authentication for OpenSSL
  - ngtcp2: avoid busy loop in low CWND situation
  - ngtcp2: deal with sub-millisecond timeout
  - ngtcp2: disconnect the QUIC connection proper
  - ngtcp2: enlarge H3_SEND_SIZE
  - ngtcp2: fix HTTP/3 upload stall and avoid busy loop
  - ngtcp2: fix memory leak
  - ngtcp2: fix QUIC_IDLE_TIMEOUT
  - ngtcp2: make curl 1ms faster
  - ngtcp2: remove remote_addr which is not used in a meaningful way
  - ngtcp2: update to work after recent ngtcp2 updates
  - ngtcp2: use token when detecting :status header field
  - nonblock: restore setsockopt method to curlx_nonblock
  - openssl: check SSL_get_peer_cert_chain return value
  - openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
  - openssl: fix CN check error code
  - options: remove mistaken space before paren in prototype
  - perl: removed a double semicolon at end of line
  - pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
  - projects/README: converted to markdown
  - projects: Update VC version names for VS2017, VS2022
  - rtsp: don't let CSeq error override earlier errors
  - runtests: add 'bearssl' as testable feature
  - runtests: make 'oldlibssh' be before 0.9.4
  - schannel: remove dead code that will never run
  - scripts/copyright.pl: ignore the new mlc_config.json file
  - scripts: move three scripts from lib/ to scripts/
  - test1135: sync with recent API updates
  - test1459: disable for oldlibssh
  - test375: fix line endings on Windows
  - test386: Fix an incorrect test markup tag
  - test718: edited slightly to return better HTTP
  - tests/server/util.h: align WIN32 condition with util.c
  - tests: refactor server/socksd.c to support --unix-socket
  - timediff.[ch]: add curlx helper functions for timeval conversions
  - tls: make mbedtls and NSS check for h2, not nghttp2
  - tool and tests: force flush of all buffers at end of program
  - tool_cb_hdr: Turn the Location: into a terminal hyperlink
  - tool_getparam: error out on missing -K file
  - tool_listhelp.c: uppercase URL
  - tool_operate: fix a scan-build warning
  - tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
  - transfer: redirects to other protocols or ports clear auth
  - unit1620: call global_init before calling Curl_open
  - url: check sasl additional parameters for connection reuse.
  - vtls: provide a unified APLN-disagree string for all backends
  - vtls: use a backend standard message for "/ALPN: offers %s"/
  - vtls: use a generic "/ALPN, server accepted"/ message
  - winbuild/README.md: fixup dead link
  - winbuild: Add a Visual Studio example to the README
  - wolfssl: fix compiler error without IPv6
- Fix: openssl: fix CN check error code
  * Add curl-fix-verifyhost.patch
- Update to 7.82.0:
  * curl: add --json command line option
  * curl: make it so that sensitive command line arguments do not
    show as easily in the output of ps(1)
  * curl_multi_socket.3: remove callback and typical usage descriptions
  * ftp: provide error message for control bytes in path
  * ldap: return CURLE_URL_MALFORMAT for bad URL
  * lib: remove support for CURL_DOES_CONVERSIONS
  * mqtt: plug some memory leaks
  * multi: allow user callbacks to call curl_multi_assign
  * multi: remember connection_id before returning connection to pool
  * multi: set in_callback for multi interface callbacks
  * netware: remove support
  * ngtcp2: adapt to changed end of headers callback proto
  * openldap: implement SASL authentication
  * openssl: return error if TLS 1.3 is requested when not supported
  * sectransp: mark a 3DES cipher as weak
  * smb: pass socket for writing and reading data instead of FIRSTSOCKET
  * tool_getparam: DNS options that need c-ares now fail without it
  * TPF: drop support
  * url: given a user in the URL, find pwd for that user in netrc
  * url: keep trailing dot in host name
  * urlapi: handle "/redirects"/ smarter
  * urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
  * urldata: remove conn->bits.user_passwd
- update to 7.81.0:
  * mime: use percent-escaping for multipart form field and file names
  * asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
  * azure: make the "/w/o HTTP/SMTP/IMAP"/ build disable SSL proper
  * BINDINGS: add cURL client for PostgreSQL
  * BINDINGS: add one from Everything curl and update a link
  * checksrc: detect more kinds of NULL comparisons we avoid
  * CI: build examples for additional code verification
  * CI: bump job to use mbedtls 3.1.0
  * cmake: don't set _USRDLL on a static Windows build
  * cmake: prevent dev warning due to mismatched arg
  * cmake: private identifiers use CURL_ instead of CMAKE_ prefix
  * config.d: update documentation to match the path search
  * configure: add -lm to configure for rustls build.
  * configure: better diagnostics if hyper is built wrong
  * configure: don't enable TLS when --without-* flags are used
  * configure: fix runtime-lib detection on macOS
  * curl.1: require "/see also"/ for every documented option
  * curl: improve error message for --head with -J
  * curl_easy_cleanup.3: remove from multi handle first
  * curl_easy_escape.3: call curl_easy_cleanup in example
  * curl_easy_unescape.3: call curl_easy_cleanup in example
  * curl_multi_init.3: fix EXAMPLE formatting
  * curl_multi_perform/socket_action.3: clarify what errors mean
  * curl_share_setopt.3: split out options into their own manpages
  * CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
  * digest: compute user:realm:pass digest w/o userhash
  * docs/checksrc: Add documentation for STRERROR
  * docs/cmdline-opts: do not say "/protocols: all"/
  * docs/examples: workaround broken -Wno-pedantic-ms-format
  * docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
  * docs/INSTALL.md: typo fix : added missing "/get"/ verb
  * docs/URL-SYNTAX.md: space is not fine in a given URL
  * docs: add known bugs list to HTTP3.md
  * docs: address proselint nits
  * docs: consistent manpage SYNOPSIS
  * docs: fix dead links, remove ECH.md
  * docs: fix typo in OpenSSL 3 build instructions
  * docs: Update the Reducing Size section
  * example/progressfunc: remove code for old libcurls
  * examples/multi-single.c: remove WAITMS()
  * FAQ: typo fix : "/yout"/ ➤ "/your"/
  * ftp: disable warning 4706 in MSVC
  * gen.pl: improve example output format
  * github workflow: add wolfssl (removed from zuul)
  * github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
  * gtls: check return code for gnutls_alpn_set_protocols
  * hash: lazy-alloc the table in Curl_hash_add()
  * http2:set_transfer_url() return early on OOM
  * HTTP3: update quiche build instructions
  * http: enable haproxy support for hyper backend
  * http: Fix CURLOPT_HTTP200ALIASES
  * http_proxy: don't close the socket (too early)
  * insecure.d: detail its use for SFTP and SCP as well
  * insecure.d: expand and clarify
  * libcurl-multi.3: "/SOCKS proxy handshakes"/ are not blocking
  * libcurl-security.3: mention address and URL mitigations
  * libssh2: fix error message for sha256 mismatch
  * libtest: avoid "/assignment within conditional expression"/
  * lift: ignore is a deprecated config option, use ignoreRules
  * linkcheck.yml: add CI job that checks markdown links
  * m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
  * Makefile.m32: rename -winssl option to -schannel and tidy up
  * mbedTLS: add support for CURLOPT_CAINFO_BLOB
  * mbedtls: fix CURLOPT_SSLCERT_BLOB
  * mbedtls: fix private member designations for v3.1.0
  * misc: remove unused doh flags when CURL_DISABLE_DOH is defined
  * misc: s/e-mail/email
  * multi: cleanup the socket hash when destroying it
  * multi: handle errors returned from socket/timer callbacks
  * multi: shut down CONNECT in Curl_detach_connnection
  * netrc.d: edit the .netrc example to look nicer
  * ngtcp2: verify the server cert on connect (quictls)
  * ngtcp2: verify the server certificate for the gnutls case
  * nss:set_cipher don't clobber the cipher list
  * openldap: implement STARTTLS
  * openldap: process search query response messages one by one
  * openldap: several minor improvements
  * openldap: simplify ldif generation code
  * openssl: check the return value of BIO_new()
  * openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
  * openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
  * openssl: remove usage of deprecated `SSL_get_peer_certificate`
  * openssl: use non-deprecated API to read key parameters
  * page-footer: add a mention of how to report bugs to the man page
  * page-footer: document more environment variables
  * request.d: refer to 'method' rather than 'command'
  * retry-all-errors.d: make the example complete
  * runtests: make the SSH library a testable feature
  * rustls: read of zero bytes might be okay
  * rustls: remove comment about checking handshaking
  * rustls: remove incorrect EOF check
  * sha256/md5: return errors when init fails
  * socks5: use appropriate ATYP for numerical IP address host names
  * test1156: enable for hyper
  * test1156: fixup the stdout check for Windows
  * test1525: tweaked for hyper
  * test1526: enable for hyper
  * test1527: enable for hyper
  * test1528: enable for hyper
  * test1554: adjust for hyper
  * test1556: adjust for hyper
  * test302[12]: run only with the libssh2 backend
  * test661: enable for hyper
  * tests/CI.md: add more information on CI environments
  * tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
  * tftp: mark protocol as not possible to do over CONNECT
  * tool_findfile: updated search for a file in the homedir
  * tool_operate: only set SSH related libcurl options for SSH URLs
  * tool_operate: warn if too many output arguments were found
  * url.c: fix the SIGPIPE comment for Curl_close
  * url: check ssl_config when re-use proxy connection
  * url: reduce ssl backend count for CURL_DISABLE_PROXY builds
  * urlapi: accept port number zero
  * urlapi: if possible, shorten given numerical IPv6 addresses
  * urlapi: provide more detailed return codes
  * urlapi: reject short file URLs
  * version_win32: Check build number and platform id
  * vtls/rustls: adapt to the updated rustls_version proto
  * writeout: fix %{http_version} for HTTP/3
  * x509asn1: return early on errors
  * zuul.d: update rustls-ffi to version 0.8.2
  * zuul: fix quiche build pointing to wrong Cargo
- Update to 7.80.0:
  * Changes:
  - CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
  - CURLOPT_PREREQFUNCTION: add new callback
  - libssh2: add SHA256 fingerprint support
  - urlapi: add curl_url_strerror()
  * Bugfixes:
  - aws-sigv4: make signature work when post data is binary
  - c-hyper: don't abort CONNECT responses early when auth-in-progress
  - c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
  - cmake: add CURL_ENABLE_SSL option
  - cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
  - configure.ac: replace krb5-config with pkg-config
  - configure: when hyper is selected, deselect nghttp2
  - curl-confopts.m4: remove --enable/disable-hidden-symbols
  - curl-openssl.m4: modify library order for openssl linking
  - curl_ntlm_core: use OpenSSL only if DES is available
  - Curl_updateconninfo: store addresses for QUIC connections too
  - ftp: make the MKD retry to retry once per directory
  - http: fix Basic auth with empty name field in URL
  - http: reject HTTP response codes < 100
  - http: remove assert that breaks hyper
  - http: set content length earlier
  - imap: display quota information
  - libssh2: Get the version at runtime if possible
  - md5: fix compilation with OpenSSL 3.0 API
  - ngtcp2: advertise h3 as well as h3-29
  - ngtcp2: compile with the latest nghttp3
  - ngtcp2: use latest QUIC TLS RFC9001
  - NTLM: use DES_set_key_unchecked with OpenSSL
  - openssl: if verifypeer is not requested, skip the CA loading
  - openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
  - schannel: fix memory leak due to failed SSL connection
  - sendf: accept zero-length data in Curl_client_write()
  - sha256: use high-level EVP interface for OpenSSL
  - sws: fix memory leak on exit
  - tool_operate: a failed etag save now only fails that transfer
  - url: check the return value of curl_url()
  - url: set "/k->size"/ -1 at start of request
  - urlapi: skip a strlen(), pass in zero
  - urlapi: URL decode percent-encoded host names
  - vtls: Fix a memory leak if an SSL session cannot be added to the cache
  - wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
  * Use --with-openssl configure option, --with-ssl is now deprecated
dmidecode
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
  which would prevent root from using the --from-dump option since
  the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
  Clean up function dmi_table so that it does only one thing
  (bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
  - -dump-bin is used, write the whole dump file at once, instead of
  opening and closing the file separately for the table and then
  for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
  Make sure that the file passed to option --dump-bin does not
  already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
  check on the type of the mem device file we are asked to read
  from, if we are root (bsc#1210418).
  3 recommended fixes from upstream:
- dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a
  user-visible string.
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
  the SMBIOS entry point is long enough to include all the fields
  we need.
- dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode
  the last field of HPE OEM record type 237.
docker
- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
- Update to Docker 23.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 23.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
  - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
  - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
  built without internet access in OBS.
  + cli-0001-docs-include-required-tools-in-source-tree.patch
- update to 20.10.23-ce.
  * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
  kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
  bsc#1205375 CVE-2022-36109
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
  preparation for removing the feature). This feature was never meant to be
  used by users directly (and is only available in the -kubic/CaaSP version of
  the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
  with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
dracut
- Update to version 055+suse.342.g2e6dce8e:
  fips=1 and separate /boot break s390x (bsc#1204478):
  * fix(fips): move fips-boot script to pre-pivot
  * fix(fips): only unmount /boot if it was mounted by the fips module
  * feat(fips): add progress messages
  * fix(fips): do not blindly remove /boot
  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
- Update to version 055+suse.335.gccf7fbc6:
  * feat(lvm): always include all drivers that LVM can use (bsc#1206195)
  * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439)
- Update to version 055+suse.331.g05b9ccb7:
  * feat(kernel-modules): exclude USB drivers in strict hostonly mode (bsc#1186056)
  * fix(multipath): warn if included with no multipath devices and no user conf (bsc#1069169)
  * fix(dracut.sh): improve detection of installed kernel versions (bsc#1205175)
  * fix(nfs): chown using rpc default group (bsc#1204929)
drbd-utils
- crm-fence-peer incompatible with Pacemaker 2.1 and needs backports (bsc#1209783)
  * 0001-crm-fence-peer-fix-timeout-with-Pacemaker-2.1-milli-.patch
  * 0002-crm-fence-peer-fix-timeout-with-Pacemaker-2.0.5-mill.patch
- bsc#1208922: fails to replace directory /lib/drbd with symlink
  * modify drbd-utils.spec to manipulate the symlink in %postun and %posttrans script
- bsc#1208922: fails to replace directory /lib/drbd with symlink
  * modify drbd-utils.spec to rename it in pretrans script
- drbd.service fails to load - incorrect path to executable (bsc#1206754)
  * use %suse_version to replace %UsrMerge
  * modify drbd-utils.spec for create symbolic folder "//lib/drbd"/
- bsc#1204276 remove crm-fence-peer.sh for drbd8 to avoid confusion with v9
firewalld
- Fix firewall-offline-cmd fails with ERROR: Calling pre func
  Added following patch (bsc#1206928)
  [+ 0003-firewall-offline-cmd-fail-fix.patch]
gcc12
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
  * includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
  from the branch after the release.
- Speed up builds with --enable-link-serialization.
- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749
- Don't rely on %usrmerged, set it based on standard %suse_version
- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
  * remove gcc12-fifo-jobserver-support.patch which is now
    included upstream
- avoid trailing backslashes at the end of post install scripts
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
- Update embedded newlib to version 4.2.0
  * includes newlib-4.1.0-aligned_alloc.patch
- add gcc12-riscv-inline-atomics.patch,
  gcc12-riscv-pthread.patch: handle subword size inline atomics
  (needed by several openSUSE packages)
glib2
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
  Backported from upstream to fix regression on s390x.
  (bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
  from upstream to fix normal form handling in GVariant.
  (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
  glgo#GNOME/glib!3125)
- Update to version 2.70.5:
  Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537,
  glgo#GNOME/GLib!2555
- Split gtk-docs from -devel package, these are not needed
  during building projects using glib2
- Use _multibuild as the meson buildprocess is very awkward
  regarding the documentation - builds single-jobs only and
  twice (again during %install). This way the rest of distribution
  waiting for glib2-devel to be available is not blocked by this
glibc
- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
  (bsc#1207957)
- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
  (CVE-2023-0687, bsc#1207975, BZ #29444)
- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
  check (bsc#1208358, BZ #25933)
- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
  (bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
  with recent GCC
gnutls
- FIPS: PBKDF2 additional requirements [bsc#1209001]
  * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
  * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
  * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
  * Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
  * Add regression tests for the new PBKDF2 requirements.
  * Add gnutls-FIPS-pbkdf2-additional-requirements.patch
- libgnutls: Increase the limit of TLS PSK usernames from 128 to
  65535 characters. [bsc#1208237, jsc#PED-1562]
  * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a
  * Add gnutls-increase-TLS-PSK-username-limit.patch
- FIPS: Fix pct_test() return code in case of error [bsc#1207183]
  * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch
- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
  * Add gnutls-FIPS-jitterentropy-threadsafe.patch
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Rebase patches with the version submitted upstream.
  * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
  * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch
- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch
- FIPS: Change all the 140-2 references to FIPS 140-3 in order to
  account for the new FIPS certification [bsc#1207346]
  * Add gnutls-FIPS-140-3-references.patch
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Add gnutls-FIPS-PCT-DH.patch gnutls-FIPS-PCT-ECDH.patch
graphite2
- fixed license string [bsc#1207676]:
  LGPL-2.1-or-later OR MPL-2.0 OR GPL-2.0-or-later
grub2
- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)
- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
  * 0001-ieee1275-implement-vec5-for-cas-negotiation.patch
  * 0002-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
  * 0003-kern-ieee1275-init-Extended-support-in-Vec5.patch
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
  (bsc#1209234)
  * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
  (bsc#1187810) (bsc#1209667) (bsc#1209372)
  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
  btrfs filesystem. (bsc#1209165)
  * grub2-btrfs-05-grub2-mkconfig.patch
- Make grub more robust against storage race condition causing system boot
  failures (bsc#1189036)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch
- Move unsupported zfs modules into 'extras' packages
  (bsc#1205554) (PED-2947)
harfbuzz
- Add CVE-2023-25193.patch: limit how far we skip when looking
  back (bsc#1207922 CVE-2023-25193).
haveged
- Synchronize haveged instances during switching root (bsc#1203079)
  * Add haveged-switch-root.patch
hawk2
- Update sass-ansible dependency in the hawk2.spec:
  * Unable to activate sass-rails-5.1.0 (bsc#1208533)
hwinfo
- merge gh#openSUSE/hwinfo#127
- create xen usb controller device if necessary (bsc#1204294)
- 21.84
ipset
- Tumbleweed is not affected by the following SLE issues:
  bsc#1122853
- Update to release 7.15
  * netfilter: ipset: Fix maximal range check in
    hash_ipportnet4_uadt()
- Update to release 7.14
  * Allow specifying protocols by number
  * Limit the maximum range of consecutive elements to add/delete
- Update to release 7.11
  * Argument parsing buffer overflow in ipset_parse_argv fixed
- Update to release 7.10
  * Fix shift-out-of-bounds in htable_bits()
- Update to release 7.9
  * Enable memory accounting for ipset allocations
  * Expose the initval hash parameter to userspace
  * Add bucketsize parameter to all hash types
  * Support the -exist flag with the destroy command
- Update to release 7.6
  * Add checking system_power_efficient_wq in the source tree.
- Update to release 7.5
  * netfilter: ipset: avoid null deref when IPSET_ATTR_LINENO
    is present.
  * netfilter: xt_set: Do not restrict --map-set to the
    mangle table.
- Update to release 7.4
  * Wildcard support for the "/hash:net,iface"/ type.
- Update to new upstream release 7.3
  * Fix rename concurrency with listing, which can result broken
    list/save results.
  * ipset: Copy the right MAC address in bitmap:ip,mac and
    hash:ip,mac sets.
  * ipset: Actually allow destination MAC address for hash:ip,mac
    sets too.
- Update to new upstream release 7.2
  * ipset: Fix memory accounting for hash types on resize
- Update to new upstream release 7.1
  * Correct the manpage about the sort option
  * Implement sorting for hash types in the ipset tool
  * Fix to list/save into file specified by option
- Remove ipset-file.diff (merged)
- Add ipset-file.diff [boo#1116432].
- Update to new upstream release 7.0
  * A new internal protocol version between the kernel and
    userspace is used. This is required in order to support two
    new functions and the extendend LIST operation, which makes
    possible to run ipset in every case entirely over netlink,
    without the need to use getsockopt().
  * The userspace library was reworked so it can be embedded
    without calling the binary.
- Update to new upstream release 6.38
  * Fix parsing service names for ports.
iputils
- Backport 2 fixes for bsc#1203957:
  0001-ping-Add-SA_RESTART-to-sa_flags.patch
  0002-ping-Make-ping_rts-struct-static.patch
irqbalance
- Add mainline fixes (bnc#1204962, bsc#1206661):
  A    irqbalance-properly-check-if-irq-is-banned.patch
  A    get-irq-module-relationship-from-sys-bus-pci-driver.patch
  A    irqbalance-ui-skip-in-parse_setup-to-avoid-coredump.patch
  A    Fix-uninitialized-variable.patch
issue-generator
- Update to version 1.13
  - SELinux: Do not call agetty --reload [bsc#1186178]
- Update to version 1.12
  - Update manual page
  - Use python3 instead of python 2.x
- Update to version 1.11
  - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
  - Ignore /run/issue.d in issue-generator.path, else issue-generator will
    be called too fast too often [bsc#1177865]
  - Ignore *.bak, *~ and *.rpm* files [bsc#1118862]
- Handle the .path unit in scriptlets as well
- Update to version 1.10
  - Display wlan interfaces [bsc#1169070]
- Update to version 1.9
  - Fix path for systemd files
- Update to version 1.8
  - Handle network interface renames
jitterentropy
- jitterentropy-with-debug.patch: build with debuginfo (bsc#1207789)
kbd
- Add 'ara' vc keymap (bsc#1210702)
  'ara' is slightly better than 'arabic' as it matches the name of its x11
  layout counterpart. Keep 'arabic' for backward compatibility sake.
kdump
- run kdump.service only after kdump-early.service (bsc#1196335)
- don't skip infiniband interfaces (bsc#1186745)
  (not a complete fix, requires a patch in dracut as well)
- Make the kdump-save.service reboot after kdump-save is finished
  (bsc#1204000)
- fix renaming of qeth interfaces (bsc#1204743, bsc#1144337)
- ppc64: rebuild initrd image after migration (bsc#1191410)
kernel-default
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- commit 98adc02
- Update "/drm/i915/gem: add missing boundary check in vm_access"/ (bsc#1211263 CVE-2023-28410)
  Add bug and CVE number to the References tag.
- commit f799efb
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- commit 70a1ce4
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- commit 4309e22
- kabi/severities: ignore kABI in bq27xxx_battery module
  Those are local symbols that are used only by child drivers
- commit 8d7e23d
- kABI workaround for btbcm.c (git-fixes).
- commit ab2692b
- nvme: fix passthrough csi check (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks
  (git-fixes).
- commit d03fbdf
- power: supply: bq27xxx: expose battery data when CI=1
  (git-fixes).
- Refresh
  patches.suse/power-supply-bq27xxx-Fix-bq27xxx_battery_update-race.patch.
- commit 3c4cf6c
- KEYS: asymmetric: Copy sig and digest in
  public_key_verify_signature() (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called
  on current sign changes (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
  (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races
  on remove (git-fixes).
- bluetooth: Add cmd validity checks at the start of
  hci_sock_ioctl() (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if
  not set (git-fixes).
- commit 31ed077
- ASoC: rt5682: Disable jack detection interrupt during suspend
  (git-fixes).
- Refresh patches.kabi/snd-soc-rt5682-kABI-workaround.patch.
- commit ce0cf1d
- misc: fastrpc: reject new invocations during device removal
  (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal
  (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting
  IRQ_DISABLE_UNLAZY flag (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476
  compatible value (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
  (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio: adc: ad7192: Change "/shorted"/ channels to differential
  (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices
  without ACPI _ONT method (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations
  (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break
  instead of UARTCTRL_SBK (git-fixes).
- serial: 8250_tegra: Fix an error handling path in
  tegra_uart_probe() (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix "/snps,hsphy_interface"/ type
  (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
  (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- selinux: don't use make's grouped targets feature yet
  (git-fixes).
- mtd: rawnand: marvell: don't set the NAND frequency select
  (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written
  (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions
  (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported
  (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
  (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
  (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev()
  (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the
  memory descriptors (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before
  executing (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
  (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe()
  (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
  (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s
  for things to stabilize (git-fixes).
- power: supply: bq27xxx: Add cache parameter to
  bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race
  condition (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
  (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
  (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend
  period (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
  (git-fixes).
- net: mdio: mvusb: Fix an error handling path in
  mvusb_mdio_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting
  (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- commit 2ec09cc
- net: rpl: fix rpl header size calculation (CVE-2023-2156
  bsc#1211131).
- commit c308d83
- thunderbolt: Mask ring interrupt on Intel hardware as well
  (bsc#1210165).
- commit 4a76dd6
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory
  pressure (bsc#1211564).
- commit 8e0fc37
- blacklist: add nvme bogus nsid check
  We don't not need these quirks as we don't ship the check.
- commit bbebeaf
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- commit f0be05e
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 89bdacb
- Update patch-mainline metadata for a lockdown patch
- commit ff4a857
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- commit b67ebd4
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- commit 3cd00dd
- nvme-tcp: fix a possible UAF when failing to allocate an io
  queue (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-fc: fix a missing queue put in
  nvmet_fc_ls_create_association (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects
  (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
  (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace
  is enabled (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
  (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
  (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
  (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
  queue teardown (git-fixes).
- nvme: handle the persistent internal error AER (git-fixes).
  Refresh:
  - patches.suse/nvme-fix-async-event-trace-event.patc
- nvme: fix regression when disconnect a recovering ctrl
  (git-fixes).
  Refresh:
  - patches.suse/nvme-rdma-fix-possible-hang-caused-during-ctrl-delet.patch
  - patches.suse/nvme-tcp-fix-possible-hang-caused-during-ctrl-deleti.patch
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
  (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme-pci: fix a NULL pointer dereference in
  nvme_alloc_admin_tags (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect
  (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of
  nvmet_ns_revalidate (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvmet: use i_size_read() to set size for file-ns (git-fixes).
  Refresh:
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- nvme-tcp: fix bogus request completion when failing to send AER
  (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
  SSDs (git-fixes).
- commit c657707
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit e3a141d
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- commit 43cdfba
- blacklist.conf: Exclude an irrelevant patch for us.
  We don't have the fp_init.size et al variables so this patch doesn't
  apply to our kernel.
- commit 30f92bf
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit a68b414
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- commit 244216a
- purgatory: fix disabling debug info (git-fixes).
- commit 1ebc547
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- commit d380760
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- commit 44d8ccb
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- Refresh patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
- commit c6646fc
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- commit d2f3f53
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- commit 3a9f080
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters
  (git-fixes).
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
  (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential
  VM (git-fixes).
- commit 85569e3
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not  available (git-fixes).
- commit bf87aed
- scsi: qla2xxx: Replace all non-returning strlcpy() with
  strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
  (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
  resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
  (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1211960).
- commit 4c4bf74
- lpfc: update metadata
- Refresh
  patches.suse/scsi-lpfc-Add-new-RCQE-status-for-handling-DMA-failu.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-double-free-in-lpfc_cmpl_els_logo_acc-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-verbose-logging-for-SCSI-commands-issu.patch.
- Refresh
  patches.suse/scsi-lpfc-Match-lock-ordering-of-lpfc_cmd-buf_lock-a.patch.
- Refresh
  patches.suse/scsi-lpfc-Replace-blk_irq_poll-intr-handler-with-thr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-congestion-warning-notification-per.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.12.patch.
- commit 497ebb3
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- commit aaaea1e
- RDMA/irdma: Prevent QP use after free (git-fixes)
- commit 34e3a35
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- commit 6c40b4b
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- commit 1c28ea3
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- commit c5d0c28
- RDMA/hns: Fix base address table allocation (git-fixes)
- commit c15c063
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- commit c581318
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- commit f7d5b0b
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- commit 8102023
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: ses: Handle enclosure with just a primary component
  gracefully (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: libsas: Grab the ATA port lock in
  sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- commit 9f00bdd
- Update CVE reference to
  patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch
  (git-fixes bsc#1205153 bsc#1211855 CVE-2023-3006).
- commit 7d0a08a
- media: radio-shark: Add endpoint checks (git-fixes).
- commit fb4ddc1
- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit d88241f
- blacklist.conf: prerequisites way too intrusive
- commit b6394eb
- blacklist.conf: prerequisites too intrusive
- commit 7aaa267
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ
  (bsc#1211847).
- scsi: lpfc: Add new RCQE status for handling DMA failures
  (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period
  (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and
  hbalock for abort paths (bsc#1211847).
- commit b6545fd
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused
  by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to
  SES devices (bsc#1211847).
- commit 31cb016
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- commit 5587605
- usb: dwc3: gadget: Execute gadget stop after halting the
  controller (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 35f936b
- usb: typec: tcpm: fix multiple times discover svids error
  (git-fixes).
- commit a381d7f
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
  (git-fixes).
- commit 6b5ad0e
- blacklist.conf: Add c0f2df49cf24 cgroup: Fix build failure when CONFIG_SHRINKER_DEBUG
- commit 7772962
- cifs: mapchars mount option ignored (bsc#1193629).
- commit 516a6c4
- smb3: display debug information better for encryption
  (bsc#1193629).
- commit 7f16b38
- cifs: fix smb1 mount regression (bsc#1193629).
- commit 565aa62
- SMB3: drop reference to cfile before sending oplock break
  (bsc#1193629).
- commit 714d17f
- SMB3: Close all deferred handles of inode in case of handle
  lease break (bsc#1193629).
- commit 31916b9
- cifs: release leases for deferred close handles when freezing
  (bsc#1193629).
- commit fba9221
- smb3: fix problem remounting a share after shutdown
  (bsc#1193629).
- commit 8678043
- SMB3: force unmount was failing to close deferred close files
  (bsc#1193629).
- commit b75c848
- smb3: improve parallel reads of large files (bsc#1193629).
- commit 739a949
- do not reuse connection if share marked as isolated
  (bsc#1193629).
- commit 50ed2cc
- SMB3: Close deferred file handles in case of handle lease break
  (bsc#1193629).
- commit 79b4858
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- commit 64fbbd7
- cifs: fix pcchunk length type in smb2_copychunk_range
  (bsc#1193629).
- commit 278a0ed
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- commit eeed402
- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit 2c9169a
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- commit 61dd23b
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 90eaeae
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 0f1ffd2
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit b2da20f
- dm ioctl: fix nested locking in table_clear() to remove deadlock
  concern (bsc#1210806, CVE-2023-2269).
- commit 2bbfc45
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size()
  (bsc#1211807).
- commit cfbffb5
- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 93ea3c4
- cgroup: Reorganize css_set_lock and kernfs path processing
  (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Homogenize cgroup_get_from_id() return value
  (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup
  id (bsc#1205650).
- blacklist.conf: Remove 4534dee94 to ease dependant backports
- cgroup: Honor caller's cgroup NS when resolving path
  (bsc#1205650).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup
  duplicated codes (bsc#1203906).
- commit 45f8307
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- Refresh
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch.
- blacklist.conf: Remove patch from blacklist (became prereq)
- commit 249c983
- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
  Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
  Requires corresponding patch to kmod.
- commit b8e00c5
- ceph: force updating the msg pointer in non-split case
  (bsc#1211804).
- commit a688822
- blacklist.conf: 03cab65a07e0 ("/selftests/futex: fix build for clang"/)
- commit 19afb99
- locking/rwsem: Add __always_inline annotation to
  __down_read_common() and inlined callers (git-fixes).
- commit e0ba102
- rtmutex: Ensure that the top waiter is always woken up
  (git-fixes).
- commit 0184302
- futex: Resend potentially swallowed owner death notification
  (git-fixes).
- commit c8b2fc6
- blacklist.conf: s390/maccess: rework absolute lowcore accessors
- commit 6e763ee
- blacklist.conf: s390/smp: cleanup control register update routines
- commit 869cbe8
- blacklist.conf: s390/smp: cleanup target CPU callback starting
- commit ac0ad39
- blacklist.conf: s390/dump: fix old lowcore virtual vs physical address confusion
- commit f2ccc2e
- blacklist.conf: s390/traps: improve panic message for translation-specification exception
- commit 1cb3dd4
- blacklist.conf: s390/dump: fix os_info virtual vs physical address confusion
- commit 82b75e7
- blacklist.conf: LLVM test case fix
- commit 8a6e662
- s390/vdso: remove -nostdlib compiler flag (git-fixes
  bsc#1211714).
- commit 3aedab5
- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- commit 3a70444
- Update
  patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit 1bf4240
- Update
  patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit a4b9147
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems
  (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more
  than once (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
  (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages
  (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in
  nilfs_evict_inode() (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short
  cables (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
  (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT
  (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits
  (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
  (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind
  (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring
  (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
  backtrace (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in
  iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
  (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning
  (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
  (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue
  (git-fixes).
- regmap: cache: Return error in cache sync operations for
  REGCACHE_NONE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- commit 17eb14e
- Input: xpad - add constants for GIP interface numbers
  (git-fixes).
- commit ae95fb0
- mmc: sdhci-esdhc-imx: make "/no-mmc-hs400"/ works (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio
  header (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery
  data (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials
  (git-fixes).
- HID: logitech-hidpp: Don't use the USB serial for USB devices
  (git-fixes).
- Bluetooth: L2CAP: fix "/bad unlock balance"/ in
  l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers
  (git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
  acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null
  pointer (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition
  (bsc#1211449).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and
  finish (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare()
  and buffer_finish() (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
  (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds
  better (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type
  (git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
  (git-fixes).
- HID: wacom: Force pen out of prox if no events have been
  received in a while (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- commit d814c1f
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
  bsc#1211693).
- s390/dasd: fix hanging blockdevice after request requeue
  (git-fixes bsc#1211687).
- s390/kprobes: fix current_kprobe never cleared after kprobes
  reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
  post_handler (git-fixes bsc#1211689).
- s390/mem_detect: fix detect_memory() error handling (git-fixes
  bsc#1211691).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
  bsc#1211690).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
  bsc#1211692).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
  bsc#1211686).
- commit dcbf1cc
- dmaengine: idxd: Only call idxd_enable_system_pasid() if
  succeeded in enabling SVA feature (git-fixes).
- commit bdaf824
- kABI workaround for mt76_poll_msec() (git-fixes).
- commit 8310024
- wifi: mt76: mt7921e: improve reliability of dma reset
  (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: add flexible polling wait-interval support
  (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without
  Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling
  (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid
  is read (git-fixes).
- commit 5f45933
- Update
  patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
  (git-fixes CVE-2023-2162 bsc#1210647).
- commit ef8f1cf
- configfs: fix possible memory leak in configfs_create_dir()
  (git-fixes).
- debugfs: fix error when writing negative value to atomic_t
  debugfs file (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (git-fixes).
- commit 1a0085a
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
  (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf:
  Rename {leaf,usbcan}_cmd_error_event to
  {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
  (git-fixes).
- commit 686ab31
- can: kvaser_usb_leaf: Fix overread with an invalid command
  (git-fixes).
- commit 9e9ebea
- drivers: base: dd: fix memory leak with using debugfs_lookup()
  (git-fixes).
- drivers: base: component: fix memory leak with using
  debugfs_lookup() (git-fixes).
- commit 537af53
- virtio_net: suppress cpu stall when free_unused_bufs
  (git-fixes).
- commit da7bbcd
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- commit ab5927c
- virtio_net: bugfix overflow inside xdp_linearize_page()
  (git-fixes).
- commit 7b42c19
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
  (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
  (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after
  removal (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- commit bc3d0e5
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and
  dwc3_gadget_resume() (git-fixes).
- commit b5c53da
- virtio-net: Keep stop() to follow mirror sequence of open()
  (git-fixes).
- commit 0d2ec00
- virtio-net: execute xdp_do_flush() before napi_complete_done()
  (git-fixes).
- commit 1fe332b
- tools/virtio: fix the vringh test for virtio ring changes
  (git-fixes).
- commit 7846dae
- vhost/net: Clear the pending messages when the backend is
  removed (git-fixes).
- commit ed68aca
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- commit 5a7e7d8
- virtio_net: split free_unused_bufs() (git-fixes).
- commit 00244a7
- tools/virtio: compile with -pthread (git-fixes).
- commit efe7e12
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
  (git-fixes).
- commit 97aa26c
- tools/virtio: fix virtio_test execution (git-fixes).
- commit ab7f233
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- commit a4fbbfa
- blacklist.conf: add 838d6d3461db ("/virtio: unexport virtio_finalize_features"/)
- commit daac2ad
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- commit a805982
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- commit 7af3d10
- blacklist.conf: black list non applicable fix
- commit 0b43409
- power: supply: bq24190_charger: using pm_runtime_resume_and_get
  instead of pm_runtime_get_sync (git-fixes).
- Refresh
  patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch.
- commit 32112a8
- net: skip virtio_net_hdr_set_proto if protocol already set
  (git-fixes).
- commit 04b2165
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- commit b034548
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- commit bc9efec
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- commit 5d5e37e
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- commit 5ca599d
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- commit 711a6c8
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- commit dc85357
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- commit f6fa4f5
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- commit 9b285aa
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- commit 4de26a7
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit c8c1599
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/alternative: Support relocations in alternatives
  (bsc#1206578).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- commit 3be7202
- net: virtio_net_hdr_to_skb: count transport header in UFO
  (git-fixes).
- commit 435a431
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- commit 4efb06a
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- commit 39f5ae5
- usb: dwc3: Fix ep0 handling when getting reset while doing
  control transfer (git-fixes).
- commit acaaa13
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- commit 838022e
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- commit 19b0a32
- usb: dwc3: gadget: Only End Transfer for ep0 data phase
  (git-fixes).
- commit 7e9b934
- usb: dwc3: remove a possible unnecessary 'out of memory'
  message (git-fixes).
- commit 59239b9
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Wait-for-ep0-xfers-to-complete-durin.patch.
- commit 4a16748
- usb: dwc3: drd: use helper to get role-switch-default-mode
  (git-fixes).
- commit ee299c9
- tracing: Fix permissions for the buffer_percent file
  (git-fixes).
- commit 0318a81
- ring-buffer: Sync IRQ works before buffer destruction
  (git-fixes).
- commit a78e19a
- ring-buffer: Ensure proper resetting of atomic variables in
  ring_buffer_reset_online_cpus (git-fixes).
- commit 2b75346
- ring-buffer: Fix kernel-doc (git-fixes).
- commit 6ecbbdc
- net: qrtr: correct types of trace event parameters (git-fixes).
- commit dbac4e1
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit 6ed4e1b
- usb: dwc3: ep0: Don't prepare beyond Setup stage (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch.
- commit eccafbc
- ipv6: sr: fix out-of-bounds read when setting HMAC data
  (bsc#1211592).
- commit 5a240f0
- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- commit 9ac2993
- power: supply: bq24190: Fix use after free bug in bq24190_remove
  due to race condition (CVE-2023-33288 bsc#1211590).
- commit 373505c
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC
  Self-IPI (git-fixes).
- commit 742c6c3
- KVM: x86/vmx: Do not skip segment attributes if unusable bit
  is set (git-fixes).
- commit 9eaecda
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
  (git-fixes).
- commit 30d94a9
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
  support global_ctrl (git-fixes).
- commit aa84341
- KVM: x86: Protect the unused bits in MSR exiting flags
  (git-fixes).
- commit 28b2cff
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
  (git-fixes).
- commit 4df9796
- KVM: x86: do not set st->preempted when going back to user space
  (git-fixes).
- commit 757f49a
- KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization
  failure (git-fixes).
- commit f034027
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
  (git-fixes).
- commit 71266ce
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
  (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
  (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "/droping"/ -> "/dropping"/ (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit e7ab3d9
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
  bugs (git-fixes).
- commit 0592eea
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
  is advertised (git-fixes).
- commit b3bd831
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
  catchup mode (git-fixes).
- commit 61c19ae
- KVM: x86: Report deprecated x87 features in supported CPUID
  (git-fixes).
- commit f103d79
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
  (git-fixes).
- commit 28c6c36
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
  eVMCS (git-fixes).
- commit aa258cd
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
  shadow (git-fixes).
- commit 10c2c56
- kernel-source: Remove unused macro variant_symbols
- commit 915ac72
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
  (git-fixes).
- commit 7736978
- KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (git-fixes).
- commit a6f9309
- blacklist.conf: add 9dba4d24cbb55 ("/86/kvm: remove unused ack_notifier
  callbacks"/
- commit 7c642cd
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
  (git-fixes).
- commit 28c590c
- s390/extmem: return correct segment type in __segment_load()
  (bsc#1210450 git-fixes).
- commit 0040ffc
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
  (bsc#1209856 git-fixes).
- commit 66fb793
- xen/netback: use same error messages for same errors
  (git-fixes).
- commit a7eb923
- powerpc/iommu: DMA address offset is incorrectly calculated
  with 2MB TCEs (jsc#SLE-19556 git-fixes).
- commit 893c217
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- commit 0720e89
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers
  (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in
  ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
  (git-fixes).
- commit b351847
- vc_screen: reload load of struct vc_data pointer in vcs_write()
  to avoid UAF (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt
  (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
  (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't
  in use (bsc#1210165).
- xhci: Fix incorrect tracking of free space on transfer rings
  (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle
  (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show
  (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
  (git-fixes).
- commit 8584d07
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
  (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another
  HP laptop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
  (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- commit 6ddb5bd
- drm/msm/dpu: Remove duplicate register defines from INTF
  (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions
  (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
  (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings
  (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static
  (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion
  15 (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free
  (git-fixes).
- commit 473b547
- Move upstreamed media patches into sorted section
- commit 201322a
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
  bsc#1205758).
- commit 93a2fd7
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
  (CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
  dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
  dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
  dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
  wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
  dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit 3c0eba9
- can: kvaser_pciefd: Disable interrupts in probe error path
  (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
  (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling
  interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly
  requested (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in
  kvaser_pciefd_stop() (git-fixes).
- wifi: iwlwifi: mvm: don't trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
  (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list
  (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
  (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- cassini: Fix a memory leak in the error handling path of
  cas_init_one() (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- selftets: seg6: disable rp_filter by default in
  srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for
  srv6_end_dt4_l3vpn_test (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer()
  (git-fixes).
- selftests/sgx: Add "/test_encl.elf"/ to TEST_FILES (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
  (git-fixes).
- commit 41844ce
- Update References
  patches.suse/bluetooth-Perform-careful-capability-checks-in-hci_s.patch
  (git-fixes bsc#1210533 CVE-2023-2002).
- commit 0d52fb3
- net: sched: sch_qfq: prevent slab-out-of-bounds in
  qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit 8a9beae
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling
  legacy gfx ras (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled
  in suspend (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus
  KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for
  GDIX1002 ts on the Juno Tablet (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- HID: wacom: Set a default resolution for older tablets
  (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and
  319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
  (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- commit 2af09b7
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- commit 5df9068
- cifs: fix sharing of DFS connections (bsc#1208758).
- commit eca9f8a
- cifs: avoid potential races when handling multiple dfs tcons
  (bsc#1208758).
- commit 63e23c3
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
  (bsc#1208758).
- commit afe04d7
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- commit e5ca6c5
- cifs: fix potential use-after-free bugs in
  TCP_Server_Info::hostname (bsc#1208758).
- commit c684f06
- cifs: protect session status check in smb2_reconnect()
  (bsc#1208758).
- commit a5777d5
- smb3: move some common open context structs to smbfs_common
  (bsc#1193629).
- commit 584d68d
- smb3: make query_on_disk_id open context consistent and move
  to common code (bsc#1193629).
- commit c9e01f8
- cifs: missing lock when updating session status (bsc#1193629).
- commit 54a1882
- SMB3: Add missing locks to protect deferred close file list
  (git-fixes).
- commit de29309
- cifs: avoid dup prefix path in dfs_get_automount_devname()
  (git-fixes).
- commit ed1670a
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- commit afc9290
- Refresh
  patches.suse/net-ice-Add-support-for-enable_iwarp-and-enable_roce.patch.
- Delete
  patches.suse/devlink-Add-enable_iwarp-generic-device-param.patch.
  Fixed broken kABI (bsc#1208050 bsc#1211414).
- commit 118de8c
- Refresh
  patches.suse/net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch.
  Fix backport.
- commit 6887ae9
- HID: microsoft: Add rumble support to latest xbox controllers
  (bsc#1211280).
- commit a92cf6c
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- commit 9c4a05e
- net: mana: Check if netdev/napi_alloc_frag returns single page
  (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines
  (bsc#1210551).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Enable RX path to handle various MTU sizes
  (bsc#1210551).
- net: mana: Refactor RX buffer allocation code to prepare for
  various MTU (bsc#1210551).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mana: Add new MANA VF performance counters for easier
  troubleshooting (bsc#1209982).
- commit ac98332
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest
  (git-fixes)
- commit ef4b42f
- ACPI: tables: Add support for NBFT (bsc#1195921).
- commit 90b0d13
- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset
  (v2) (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order
  (git-fixes).
- gve: Remove the code of clearing PBA bit (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only
  (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
  (git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND
  if unset (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
  (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- selftests/resctrl: Check for return value after write_schemata()
  (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific
  branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory()
  did not alloc mem (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
  (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
  register (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod
  (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One
  7 B1-750 (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County'
  NUC M15 (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init()
  for dpcm (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq()
  and writeq() (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation
  (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
  (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of
  pm_runtime_get_sync (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments
  (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
  (git-fixes).
- serial: stm32: re-introduce an irq flag condition in
  usart_receive_chars (git-fixes).
- media: rcar_fdp1: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- commit c094bdc
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
  (git-fixes).
- commit d64e14c
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX
  handler (git-fixes).
- commit 56061d9
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
  (git-fixes).
- commit a6ab5bb
- KVM: SVM: Fix benign "/bool vs. int"/ comparison in svm_set_cr0()
  (git-fixes).
- commit f475ade
- KVM: SVM: hyper-v: placate modpost section mismatch error
  (git-fixes).
- commit 816e1bf
- KVM: SVM: Fix potential overflow in SEV's
  send|receive_update_data() (git-fixes).
- commit 16c4f84
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry
  (git-fixes).
- commit aed233d
- platform/x86: thinkpad_acpi: Fix platform profiles on T490
  (git-fixes).
- commit 1c69e0b
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
  (git-fixes).
- commit 81f590f
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
  (git-fixes).
- commit 77c8954
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR
  is deliberate (git-fixes).
- commit b84688a
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC
  reconfigure race (git-fixes).
- commit 5d05f90
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- commit b1c4544
- x86/amd: Use IBPB for firmware calls (git-fixes).
- Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- commit 98a0873
- KVM: nVMX: Inject #GP, not #UD, if "/generic"/ VMXON CR0/CR4
  check fails (git-fixes).
- commit 8d3f5e6
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- commit 55ad85a
- x86/bugs: Add "/unknown"/ reporting for MMIO Stale Data (git-fixes).
- commit c9d308d
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
  (git-fixes).
- commit 341c774
- ECO for QAT driver update was approved (PED-3955).
  Allow kABI changes below drivers/crypto/qat and remove
  the corresponding kABI padding patch.
- commit d46b3f1
- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit b61badb
- x86/bugs: Warn when "/ibrs"/ mitigation is selected on Enhanced IBRS  parts (git-fixes).
- commit 309477d
- x86/alternative: Report missing return thunk details (git-fixes).
- commit a6de731
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
  (git-fixes).
- commit b95c292
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
  (git-fixes).
- commit 028e88b
- blacklist.conf: Blacklist already integrated patch
- commit f08adc0
- blacklist.conf: Remove alread-integrated patch
- commit 6038830
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- commit f34367a
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag
  (git-fixes).
- commit 4d26615
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like
  (git-fixes).
- commit 1c41646
- KVM: x86: Mask off unsupported and unknown bits of
  IA32_ARCH_CAPABILITIES (git-fixes).
- commit e7d58ae
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
  (git-fixes).
- commit 31729ed
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- commit e94cf3b
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- commit 7aef2ca
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- commit 1e49eb1
- Fix bug reference.
- Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch
  (bsc#1195655 ltc#195733 git-fixes).
- Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch
  (bsc#1195655 ltc#195733).
- commit 75b352e
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
  (git-fixes).
- commit 8e78e7b
- KVM: arm64: Don't arm a hrtimer for an already pending timer (git-fixes)
- commit 7242bab
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- commit 24e09a6
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- commit 94fc8c2
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- commit a2031d5
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- commit 57c82ed
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- commit 4084e39
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- commit 80e5dc8
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- commit b34a907
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- commit 18fdaaf
- powerpc/rtas: use memmove for potentially overlapping buffer
  copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
  (bsc#1065729).
- commit a0f9fd4
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- commit 1e56a5b
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- commit 32b2eb1
- KVM: arm64: Don't return from void function (git-fixes)
- commit 929b4b8
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- commit d5c7f0a
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- commit c528fa6
- KVM: Don't create VM debugfs files outside of the VM directory (git-fixes)
- commit f35aa14
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- commit 5c67650
- Revert "/KVM: set owner of cpu and vm file operations"/ (git-fixes)
- commit 641eec4
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- commit d75ff37
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- commit e7649a0
- KVM: Disallow user memslot with size that exceeds "/unsigned long"/ (git-fixes)
- commit 3d5e854
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes)
  Enable workaround and fix kABI breakage.
- commit 65ad1d7
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 66d6673
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- commit f8b8352
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter
  (bsc#1210741 jsc#PED-4022).
- Update config files.
- supported.conf: mark mana_ib supported
- commit 1a4c2c7
- net: mana: Move header files to a common location (bsc#1210741
  jsc#PED-4022).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 5b586a1
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for
  registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
  (bsc#1210741 jsc#PED-4022).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741
  jsc#PED-4022).
- commit 34e74c1
- net: mana: Define data structures for protection domain and
  memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page
  from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define and process GDMA response code
  GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741
  jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741
  jsc#PED-4022).
- net: mana: Export Work Queue functions for use by RDMA driver
  (bsc#1210741 jsc#PED-4022).
- net: mana: Set the DMA device max segment size (bsc#1210741
  jsc#PED-4022).
- net: mana: Handle vport sharing between devices (bsc#1210741
  jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region
  (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for auxiliary device (bsc#1210741
  jsc#PED-4022).
- commit f92c525
- KVM: nVMX: add missing consistency checks for CR0 and CR4
  (bsc#1210294 CVE-2023-30456).
- commit ef9d3af
- blacklist.conf: cleanup of a comment
- commit 84e5a2f
- blacklist.conf: dependencies cannot be met
- commit e3d82fb
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm
  (bsc#1207553).
- commit f66a3d1
- apparmor: add a kernel label to use on kernel objects
  (bsc#1211113).
- commit 51d9c3d
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- commit 0291fd1
- crypto: acomp - define max size for destination (jsc#PED-3692)
- commit 85592d8
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- commit e4a787e
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- commit 0a12d82
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- commit 84eb593
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- commit b8f6153
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- commit 4cc71cc
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- commit add926d
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- commit 53057db
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- commit e94a222
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- commit 6fb4fa4
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- commit babeef7
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- commit 8fbb831
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- commit 57cf8db
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- commit 191d933
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- commit 8033e5b
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- commit 2893932
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- commit 638d767
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- commit da7d730
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- commit 9d2ec7c
- crypto: qat - change behaviour of (jsc#PED-3692)
- commit 88b302a
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- commit c9aee29
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- commit b693728
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- commit e064970
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- commit f05d9dc
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- commit 68596ea
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- commit e4d21be
- crypto: qat - add param check for DH (jsc#PED-3692)
- commit da607b7
- crypto: qat - add param check for RSA (jsc#PED-3692)
- commit 7eefa16
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- commit 624d1d0
- crypto: qat - refactor submission logic (jsc#PED-3692)
- commit b8e53cb
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- commit bd15683
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- commit c617c8f
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- commit b866596
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- commit e40b5cb
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- commit 02bc64e
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- commit 4d65255
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- commit b225eca
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- commit 2b6fd0a
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- commit 1e0a7c3
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- commit c5057e2
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- commit 9de3f9b
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- commit a8dbb60
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- commit 1848290
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- commit 1cf3054
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- commit a02a4ee
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- commit 56dd6e7
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- commit dd0685f
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- commit e463f30
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- commit c63cf22
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- commit 29cae5c
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- commit 988ee72
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- commit d524451
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- commit 5536852
- crypto: qat - add misc workqueue (jsc#PED-3692)
- commit cb5c3b7
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- commit 89bd3f8
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- commit a7f67e3
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- commit 151593d
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- commit dfc51e6
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- commit 8557674
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- commit 5d143f2
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- commit 916a77e
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- commit 6601ff4
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- commit e8ce44d
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- commit 986f0e6
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- commit 7d28fba
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- commit 6155681
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- commit 77f298d
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- commit da2daed
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- commit a184282
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- commit e08ef29
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- commit 77c5d55
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- commit 22808a8
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- commit 529c178
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- commit 2cfdf60
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- commit 192475a
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- commit 029b3f8
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- commit b21ae8f
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- commit 86b6de1
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- commit c36c1b5
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- commit 5a6ccb5
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- commit 6bc8ecc
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- commit 69ac24d
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- commit a09ab7d
- crypto: qat - do not rely on min version (jsc#PED-3692)
- commit 1fbc50a
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- commit bd91022
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- commit ce27ee1
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- commit 07d0530
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- commit dfcb218
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- commit ebf7e16
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- commit 4ac3bf8
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- commit 3228a9b
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- commit 7a44395
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- commit 5960736
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- commit 1aa65a8
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- commit 53e0309
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- commit b869385
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- commit 27aa4db
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- commit 375be54
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- commit 253518f
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- commit b8f6615
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- commit 2d2c8ab
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- commit 08b5439
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- commit 32a2e31
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- commit b27b05c
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- commit c5402df
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- commit ef47805
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- commit 3c38713
- crypto: qat - extract send and wait from (jsc#PED-3692)
- commit d88c673
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- commit 688556e
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- commit 4f0c483
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- commit 7d933b4
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- commit f443d35
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- commit 4276cd3
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- commit 89e9e5e
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- commit abcbfac
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- commit 227e146
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- commit a4d86dd
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- commit e9e0672
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- commit 4f29ad0
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- commit 49708c6
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- commit dd303d7
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- commit 167b6ae
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- commit 0767718
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- commit 8a91dc4
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- commit df8b85d
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- commit dbe426c
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- commit ac1c697
- sfc: fix TX channel offset when using legacy interrupts
  (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- commit 03bb08f
- workqueue: Print backtraces from CPUs with hung CPU bound
  workqueues (bsc#1211044).
- commit edb7f74
- workqueue: Warn when a rescuer could not be created
  (bsc#1211044).
- commit bbf3c79
- workqueue: Interrupted create_worker() is not a repeated event
  (bsc#1211044).
- commit 86794c5
- workqueue: Warn when a new worker could not be created
  (bsc#1211044).
- commit eb3a726
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 3a59651
- x86/boot: Skip realmode init code when running as Xen PV guest   (git-fixes).
- Refresh    patches.kabi/kABI-Fix-kABI-after-x86-mm-cpa-Generalize-__set_memo.patch.
- commit e90b7a1
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 4d4fa6d
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- commit d3c6791
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-correct-WC-error-for-bind-operatio.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-error-on-MR-deregister-CQP-failure.patch.
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 11ed66b
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- RDMA/irdma: Do not generate SW completions for NOPs
  (jsc#SLE-18383).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
  (git-fixes).
- sfc: ef10: don't overwrite offload features at NIC reset
  (git-fixes).
- gve: Cache link_speed value from device (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- iavf: Do not restart Tx queues after reset task failure
  (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- net: tun: fix bugs for oversize packet when napi frags enabled
  (git-fixes).
- sfc: include vport_id in filter spec hash and equal()
  (git-fixes).
- sfc: Change VF mac via PF as first preference if available
  (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit
  (git-fixes).
- RDMA/irdma: Fix drain SQ hang with no completion
  (jsc#SLE-18383).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
  (git-fixes).
- sfc: fix considering that all channels have TX queues
  (git-fixes).
- RDMA/irdma: Add SW mechanism to generate completions on error
  (jsc#SLE-18383).
- commit b8a7c09
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit ca9f52b
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- commit d9bb4d3
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- commit 4d91aa8
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- commit 9499df5
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd
- act_mirred: use the backlog for nested calls to mirred ingress
  (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
  excessive stack growth (CVE-2022-4269 bsc#1206024).
- commit 0660aaf
- netfilter: nf_tables: deactivate anonymous set from preparation
  phase (CVE-2023-32233 bsc#1211043).
- commit a0bdb58
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
  (jsc#SLE-19255).
- ixgbe: Enable setting RSS table to default values
  (jsc#SLE-18384).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- i40e: fix i40e_setup_misc_vector() error handling
  (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock
  (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test
  (jsc#SLE-18378).
- i40e: fix flow director packet filter programming
  (jsc#SLE-18378).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- igc: fix the validation logic for taprio's gate list
  (jsc#SLE-18377).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
  (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing
  (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash
  (jsc#SLE-18385).
- i40e: Fix kernel crash during reboot when adapter is in recovery
  mode (jsc#SLE-18378).
- igb: conditionalize I2C bit banging on external thermal sensor
  support (jsc#SLE-18379).
- ixgbe: add double of VLAN header when computing the max MTU
  (jsc#SLE-18384).
- i40e: add double of VLAN header when computing the max MTU
  (jsc#SLE-18378).
- ixgbe: allow to increase MTU to 3K with XDP enabled
  (jsc#SLE-18384).
- i40e: Add checking for null for nlmsg_find_attr()
  (jsc#SLE-18378).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in
  igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iavf/iavf_main: actually log ->src mask when talking about it
  (jsc#SLE-18385).
- igc: Fix PPS delta between two synchronized end-points
  (jsc#SLE-18377).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- igc: Set Qbv start_time and end_time to end_time if not being
  configured in GCL (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time
  (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit
  (jsc#SLE-18377).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- i40e: Fix the inability to attach XDP program on downed
  interface (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove
  (jsc#SLE-18385).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
  (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF
  (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
  (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
  (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
  (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules
  (jsc#SLE-18378).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
  (jsc#SLE-18384).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- iavf: Fix 'tc qdisc show' listing too many queues
  (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- i40e: Fix interface init with MSI interrupts (no MSI-X)
  (jsc#SLE-18378).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
  (jsc#SLE-18385).
- i40e: Fix erroneous adapter reinitialization during recovery
  process (jsc#SLE-18378).
- igc: Reinstate IGC_REMOVED logic and implement it properly
  (jsc#SLE-18377).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- ice: Fix interrupt moderation settings getting cleared
  (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
  (jsc#SLE-18375).
- commit 80d0092
- ACPI: processor: Fix evaluating _PDC method when running as
  Xen dom0 (git-fixes).
- commit 9762d65
- xen/netback: don't do grant copy across page boundary
  (git-fixes).
- commit f4517dd
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
  (git-fixes).
- commit 46b1fec
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt
  (bsc#1210775).
- commit 2b91689
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
  (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input
  methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- commit 9ac9894
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- commit bec3ff8
- Update references to patch
  patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
  (git-fixes bsc#1209287 CVE-2023-1380).
- commit 1374551
- Remove obsolete rpm spec constructs
  defattr does not need to be specified anymore
  buildroot does not need to be specified anymore
- commit c963185
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
  obsoletes correctly (boo#1172073 bsc#1191731).
  rpm only supports full length release, no provides
- commit c9b5bc4
- bnxt_en: Do not initialize PTP on older P3/P4 chips
  (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping
  (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest
  (jsc#SLE-18978).
- qed/qed_sriov: guard against NULL derefs from
  qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
  (jsc#SLE-19001).
- qed/qed_dev: guard against a possible division by zero
  (jsc#SLE-19001).
- bnxt_en: Avoid order-5 memory allocation for TPA data
  (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- qede: execute xdp_do_flush() before napi_complete_done()
  (jsc#SLE-19001).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
  (jsc#SLE-18992).
- bnxt: prevent skb UAF after handing over to PTP worker
  (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on
  57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features
  (jsc#SLE-18978).
- commit aee4a77
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- commit bb4fcce
- watchdog: dw_wdt: Fix the error handling path of
  dw_wdt_drv_probe() (git-fixes).
- commit 01087d8
- Update tags in
  patches.suse/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
  (bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit ce8b695
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- commit 91bdec8
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- commit 4cd1b96
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit 01bca28
- x86/crash: Disable virt in core NMI crash handler to avoid double  shootdown (git-fixes).
- commit aa4ba49
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- commit fa7132b
- x86/microcode: Check CPU capabilities after late microcode update  correctly (git-fixes).
- commit a7e591b
- x86/microcode: Add a parameter to microcode_check() to store CPU  capabilities (git-fixes).
- commit 24950dd
- Update
  patches.suse/net-qcom-emac-Fix-use-after-free-bug-in-emac_remove-.patch
  (bsc#1211037 CVE-2023-2483).
- commit b748693
- Refresh
  patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch.
- commit 0cbc080
- PM: hibernate: Turn snapshot_test into global variable
  (git-fixes).
- Refresh
  patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch.
- commit df2c292
- PM: hibernate: Do not get block device exclusively in
  test_resume mode (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path
  (git-fixes).
- commit 5109b71
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1
  (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for
  usb2_port and ulpi_port (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels
  (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA
  processing (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer
  (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- commit d0a5bb0
- blacklist.conf: cleanup designed to break kABI
- commit d13ef2b
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
  wmm_idx (git-fixes).
- commit 06c84d1
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
  (git-fixes).
- commit 2260701
- blacklist.conf: add nvme git-fixes
- commit e6d21df
- nvme: fix discard support without oncs (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
  (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns
  (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns
  (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvmet: use a private workqueue instead of the system workqueue
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-don-t-defer-passthrough-commands-with-trivial-.patch
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- commit d34faf0
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- commit 4e894db
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 5998565
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
  This is a preparation for the next patch
- commit bde7887
- blacklist.conf: Disable already integrated patch
  Despite not having it as a separate commit we already have
  x86_spec_ctrl_current declared via DECLARE_PER_CPU
- commit 3a23dac
- x86: drop bogus "/cc"/ clobber from __try_cmpxchg_user_asm() (git-fixes).
- commit 821679e
- blacklist.conf: Blacklist i386 speculation fix
  We don't care about 32 bit so might as well blacklist this commit
- commit 85cd434
- x86: Fix return value of __setup handlers (git-fixes).
- commit 4af5381
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 4ec04e5
- blacklist.conf: the commit might cause regression (bsc#1210947)
- commit 373f459
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- commit b654685
- x86, sched: Fix undefined reference to init_freq_invariance_cppc()  build error (git-fixes).
- commit 2520bfd
- blacklist.conf: add one char git-fixes
- commit 442298b
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux
  configuration (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling
  output (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base
  (git-fixes).
- leds: tca6507: Fix error handling of using
  fwnode_property_read_string (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it
  (git-fixes).
- commit d6008ec
- xfs: verify buffer contents when we skip log replay (bsc#1210498
  CVE-2023-2124).
- commit c6f30c5
- mm: take a page reference when removing device exclusive entries
  (bsc#1211025).
- commit fd0cc4f
- usb: mtu3: fix kernel panic at qmu transfer done irq handler
  (git-fixes).
- commit 7fcf832
- blacklist.conf: prerequisites break kABI
- commit 0cfe9b1
- struct ci_hdrc: hide new member at end (git-fixes).
- commit d06f402
- usb: chipidea: core: fix possible concurrent when switch role
  (git-fixes).
- commit d07905a
- Update
  patches.suse/perf-Fix-check-before-add_event_to_groups-in-perf_group_detach.patch
  (git fixes, bsc#1210986, CVE-2023-2235).
- commit c5399e7
- blacklist.conf: Exclude unrelated kconfig patch
- commit 2595126
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit f115e36
- locking/rwbase: Mitigate indefinite writer starvation.
  Move out of sorted as the patch has moved within the tip tree.
- commit 0ba915d
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
  (git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused
  (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current
  time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program
  prototype (git-fixes).
- commit 4f6ef5f
- power: supply: generic-adc-battery: fix unit scaling
  (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if'
  match (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src
  to reparent (git-fixes).
- clk: add missing of_node_put() in "/assigned-clocks"/ property
  parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in
  davinci_timer_register when init fails (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
  (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
  (git-fixes).
- selftests/kselftest/runner/run_one(): allow running
  non-executable files (git-fixes).
- commit fc18250
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: callback request does not use correct credential for
  AUTH_SYS (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- nfsd: call op_release, even when op_func returns an error
  (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
  (git-fixes).
- commit aa8b700
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992
  CVE-2022-2196).
- commit 2cab1a4
- nvme: send Identify with CNS 06h only to I/O controllers
  (bsc#1209693).
- commit fe51de7
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
  (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches
  (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation
  logic (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in
  unrecoverable state (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with
  no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before
  completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if
  aborted (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when
  unloading driver (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their
  list removal (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer
  overflow (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks
  (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to
  fc_host_fpin_rcv() (bsc#1210943).
- commit 7354766
- ACPI: CPPC: Disable FIE if registers in PCC regions
  (bsc#1210953).
- cpufreq: CPPC: Fix build error without
  CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- commit 5d50d5f
- keys: Fix linking a duplicate key to a keyring's assoc_array
  (bsc#1207088).
- commit 52b6749
- virtio_ring: don't update event idx on get_buf (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property
  (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF
  (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- driver core: Don't require dynamic_debug for initcall_debug
  probe timing (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
  (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  rtw_scan_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  _rtw_join_timeout_handler() (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended
  size (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
  (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in
  renesas_usb3_remove due to race condition (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event
  (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling
  (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on
  error path (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations
  (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Don't skip cleanup in remove's error path (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location
  (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config
  (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match
  (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and
  device_lock (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery
  (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device
  (git-fixes).
- commit 30ae662
- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
  The target code is only for testing and there are no external users.
- commit a8c10fa
- blacklist.conf: add nvme git-fixes
- commit be17720
- Update
  patches.suse/net-mlx5-DR-Fix-NULL-vs-IS_ERR-checking-in-dr_domain.patch
  (jsc#SLE-19253 bsc#1208845 CVE-2023-23006).
  Added CVE reference.
- commit 53f1f7b
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- commit da2e21e
- ext4: use ext4_journal_start/stop for fast commit transactions
  (bsc#1210793).
  Refresh patches.suse/ext4-fast-commit-may-not-fallback-for-ineligible-com.patch
  patches.suse/ext4-fix-fallocate-to-use-file_modified-to-update-pe.patch
  patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
- commit b470a11
- nvme-fcloop: fix "/inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W}
  usage"/ (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller
  (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling
  (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- commit da5f4d4
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
  (bsc#1210816).
- signal: Don't always set SA_IMMUTABLE for forced signals
  (bsc#1210816).
- commit 1d55fab
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
  (git-fixes).
- Revert "/Bluetooth: btsdio: fix use after free bug in
  btsdio_remove due to unfinished work"/ (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent
  rx/status calls (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
  (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective
  (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error
  (git-fixes).
- wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported
  protocols (git-fixes).
- wifi: iwlwifi: trans: don't trigger d3 interrupt twice
  (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
  (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init
  and napi_enable (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath5k: fix an off by one check in
  ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs
  (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_pwr_seq_parser() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older
  firmware (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode
  (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure
  (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks
  (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
  (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
  (git-fixes).
- commit ce41906
- nvmet: force reconnect when number of queue changes (git-fixes).
- commit 4fecb2d
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
  (bsc#1194869).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- amdgpu: disable powerpc support for the newer display engine
  (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- commit a05fdb3
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on
  a HP platform (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle
  and lock (git-fixes).
- commit 94a71e8
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support
  for HP Laptops (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-2ae147d643d3.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-9fdc1605c504.patch.
- commit d95e43b
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- commit fa425c8
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvmet: don't defer passthrough commands with trivial effects
  to the workqueue (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem
  (git-fixes).
- nvme: fix SRCU protection of nvme_ns_head list (git-fixes).
  Refresh:
  - patches.suse/nvme-multipath-skip-not-ready-namespaces-when-revalidating.patch
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a
  controller under memory pressure (git-fixes).
- nvmet: fix invalid memory reference in
  nvmet_subsys_attr_qid_max_show (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
  (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA
  access (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvmet: add helpers to set the result field for connect commands
  (git-fixes).
- nvmet-auth: don't try to cancel a non-initialized work_struct
  (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme
  devices (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time
  out (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again
  (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key()
  (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
  (git-fixes).
- nvme: use command_id instead of req->tag in
  trace_nvme_complete_rq() (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation
  (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: set dma alignment to dword (git-fixes).
- nvme: fix the read-only state for zoned namespaces with
  unsupposed features (git-fixes).
- nvmet: revert "/nvmet: make discovery NQN configurable"/
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-expose-max-queues-to-configfs.patch
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
  (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvmet: looks at the passthrough controller when initializing
  CAP (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- commit 11db83e
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- commit 8544568
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y
  YM-2151E (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring
  polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is
  read-write (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error
  (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for
  data (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two
  (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies
  (git-fixes).
- regulator: core: Consistently set mutex_owner when using
  ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on
  by time since booted (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due
  to race condition (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to
  race condition (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove
  (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder()
  (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
  (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
  (git-fixes).
- commit 28cddd0
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy
  (git-fixes).
- commit 0730fed
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active
  to release shared resources (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment
  (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
  (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot
  (git-fixes).
- commit f201efd
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
  (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to
  silence known override-init warnings (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and
  adv7535 (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one
  (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- commit df8d449
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address
  from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from
  PMI8994 regulator (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
  (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
  (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
  (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
  (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP
  table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP
  table (git-fixes).
- commit 94ce2fb
- nvme: copy firmware_rev on each init (git-fixes).
- commit e5addae
- Update References
  patches.suse/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch
  (git-fixes, bsc#1209871, CVE-2023-1670).
- commit fad389c
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
  cpuset_cancel_attach() (bsc#1210827).
- commit cd76825
- blacklist.conf:
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- commit 5eafca7
- blacklist.conf: Add adb8213014b2 mm: memcg: fix stale protection of reclaim target memcg
- commit 3fa74a9
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- commit c871759
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
  changed (bsc#1210816).
- commit f20434b
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature
  (git-fixes).
- selinux: ensure av_permissions.h is built when needed
  (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- commit 0854c0e
- powerpc/papr_scm: Update the NUMA distance table for the
  target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
  code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
- commit 7bab4e8
- Update tags
  patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch.
- commit 90e3245
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit d6c6801
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 4e476eb
- udf: Support splicing to file (bsc#1210770).
- commit d2cfd5b
- writeback, cgroup: fix null-ptr-deref write in
  bdi_split_work_to_wbs (bsc#1210769).
- commit 036cbcd
- mm/filemap: fix page end in filemap_get_read_batch
  (bsc#1210768).
- commit 48f3bbb
- ext4: fix another off-by-one fsmap error on 1k block filesystems
  (bsc#1210767).
- commit 9bc20af
- ext4: fix RENAME_WHITEOUT handling for inline directories
  (bsc#1210766).
- commit 1ad1269
- ext4: fix cgroup writeback accounting with fs-layer encryption
  (bsc#1210765).
- commit 480dd33
- ext4: fix incorrect options show of original mount_opt and
  extend mount_opt2 (bsc#1210764).
- commit ec7e31c
- ext4: fix possible double unlock when moving a directory
  (bsc#1210763).
- commit 88434ef
- ext4: Fix deadlock during directory rename (bsc#1210763).
- commit 71130aa
- ext4: Fix possible corruption when moving a directory
  (bsc#1210763).
- commit 5d35ccf
- blacklist.conf: Blacklist 118901ad1f25
- commit 4dd3cc9
- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit aebc870
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- commit 57823aa
- Drivers: vmbus: Check for channel allocation before looking
  up relids (git-fixes).
- commit ab07682
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- commit 34b9f7a
- iio: light: tsl2772: fix reading proximity-diodes from device
  tree (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in
  at91_adc_allocate_trigger() (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
  (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- commit fa0048a
- Update
  patches.suse/NFSD-fix-problems-with-cleanup-on-errors-in-nfsd4_co.patch
  (git-fixes bsc#1210725).
- commit aab0dd8
- e1000e: Disable TSO on i219-LM card to increase speed
  (git-fixes).
- clk: sprd: set max_register according to mapping range
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in
  l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread
  (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X
  state in D3hot (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
  (git-fixes).
- power: supply: cros_usbpd: reclassify "/default case!"/ as debug
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book
  X90F (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk
  (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
  (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message
  (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
  (git-fixes).
- commit ba21d6e
- regulator: fan53555: Explicitly include bits header (git-fixes).
- commit 9852306
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler
  functional and performance backports)).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
  initialized (bsc#1155798 (CPU scheduler functional and
  performance backports)).
- sched/fair: Move calculate of avg_load to a better location
  (bsc#1155798 (CPU scheduler functional and performance
  backports)).
- commit 1c631df
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
  (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk
  (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- commit c742154
- x86/entry: Avoid very early RET (git-fixes).
- commit 7f33ce2
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit a844601
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- commit f5a41ba
- x86/entry: Don't call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro
  (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
  (git-fixes).
- x86/entry: Switch the stack after error_entry() returns
  (git-fixes).
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
  fails (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests
  (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
  (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
  (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- Refresh
  patches.suse/0010-KVM-x86-speculation-Disable-Fill-buffer-clear-within.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- stat: fix inconsistency between struct stat and struct
  compat_stat (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- commit fc2d705
- blacklist.conf: add some x86 git-fixes
- commit 67b8a58
- memstick: fix memory leak if card device is never registered
  (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
  (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the
  PHY node (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
  (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range
  (git-fixes).
- commit e50472a
- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
  bsc#1209615).
- commit c351e67
- supported.conf: support u_ether and libcomposite
  (jsc-PED#3750)
  This is necessary for g_ncm
  (for maintainance see jsc-PED#3759)
- commit 93dcc25
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- commit 96566e9
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- commit 048d3b4
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- commit e08b805
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- commit b64d8ba
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- commit c3ec287
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- commit 6a66ca6
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit b706955
- supported.conf: declaring usb_f_ncm supported as
  requested in (jsc#PED-3750)
  Support for the legacy functionality g_ncm is still
  under discussion
  (see jsc-PED#3200)
  For maintainance see (jsc#PED-3759)
- commit 2970881
- blacklist.conf: vsprintf: just a small code size optimization
- commit 11066c4
- blacklist.conf: fix for a feature which was not backported
- commit 40356f9
- blacklist.conf: needed just for a cleanup
- commit 2ad4085
- x86/speculation: Allow enabling STIBP with legacy IBRS
  (bsc#1210506 CVE-2023-1998).
- commit 43f265f
- Update patch reference for hwmon fix (CVE-2023-1855 bsc#1210202)
- commit 0565559
- cifs: fix negotiate context parsing (bsc#1210301).
- commit 6999463
- blacklist.conf: add perf git-fixes we are not taking
- commit affe5db
- perf/core: Fix the same task check in perf_event_set_output
  (git fixes).
- perf: Fix check before add_event_to_groups() in
  perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly
  invoked in perf_event_bpf_output (git fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling
  (git fixes).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc: declare unmodified attribute_group usages const
  (git-fixes).
- commit c25cc8c
- Update patch reference for power driver fix (CVE-2023-30772 bsc#1210329)
- commit d3db856
- sched/fair: Sanitize vruntime of entity being migrated
  (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed
  (bsc#1203325).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler
  functional and performance backports)).
- sched/numa: Stop an exhastive search if an idle core is found
  (bsc#1189999 (Scheduler functional and performance backports)).
- commit 24ed78f
- mm: page_alloc: skip regions with hugetlbfs pages when
  allocating 1G pages (bsc#1210034).
- commit 421448a
- i2c: ocores: generate stop condition after timeout in polling
  mode (git-fixes).
- commit 95ee80d
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
  (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
  (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in
  snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: emu10k1: don't create old pass-through playback device
  on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking
  (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
  (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG
  motherboard (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation
  (git-fixes).
- commit 4a758e5
- scsi: iscsi_tcp: Check that sock is valid before
  iscsi_set_param() (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
  (git-fixes).
- scsi: mpt3sas: Don't print sense pool info twice (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
  (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
  (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
  (git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
  (git-fixes).
- scsi: core: Fix a procfs host directory removal regression
  (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during
  revalidate (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240
  (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop
  (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
  (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value
  (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
  (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
  (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
  ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
  (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup()
  (git-fixes).
- scsi: libsas: Remove useless dev_list delete in
  sas_ex_discover_end_dev() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
  ipaddress (git-fixes).
- commit fce4b5b
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- scsi: iscsi_tcp: Fix UAF during logout when accessing the
  shost ipaddress (git-fixes).
- Refresh
  patches.kabi/kABI-fix-change-of-iscsi_host_remove-arguments.patch.
- commit dfafac0
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- Update
  patches.kabi/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch
  (kabi bsc#1210206).
  Fix kabi breakage.
- commit cf0ac3f
- Update CVE reference to
  patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
  (git-fixes bsc#1210454 CVE-2023-2019).
- commit 4e95d11
- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
  (git-fixes bsc#1210453 CVE-2023-2008).
- commit 62da89a
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication
  overflow (git-fixes).
- Revert "/pinctrl: amd: Disable and mask interrupts on resume"/
  (git-fixes).
- drm/armada: Fix a potential double free in an error handling
  path (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S
  (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
  (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in
  nilfs_segctor_thread() (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc
  (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards
  (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O
  cards (git-fixes).
- commit f9cf523
- scsi: hisi_sas: Set a port invalid only if there are no devices
  attached when refreshing port id (git-fixes).
- commit 5cdcc2b
- signal handling: don't use BUG_ON() for debugging (bsc#1210439).
- commit 3f10ae8
- Update
  patches.suse/scsi-core-Add-BLIST_NO_VPD_SIZE-for-some-VDASD.patch
  (git-fixes bsc#1203039), adding back the bug number reference.
- commit 2587a1f
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes
  bsc#1203039) (renamed now that it's upstgream)
- Refresh
  patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch.
- Refresh
  patches.kabi/kABI-fix-adding-another-field-to-scsi_device.patch.
- Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch.
- commit 14ff6ce
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
  (bsc#1210158).
- commit 5691022
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to
  a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into
  a helper (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in
  handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling
  (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time
  (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large
  enough (bsc#1209927).
- commit b35c5f2
- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- commit 2383449
- Update CVE reference to
  patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
  (git-fixes bsc#1210337 CVE-2023-1990).
- commit ddf99ea
- mtd: rawnand: meson: fix bitmask for length in command word
  (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking
  tRC_min (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
  (git-fixes).
- commit 6504d96
- tracing: Add trace_array_puts() to write into instance
  (git-fixes).
- commit 059865f
- blacklist.conf: add a not-relevant ftrace commit
- commit 2220417
- ftrace: Fix issue that 'direct->addr' not restored in
  modify_ftrace_direct() (git-fixes).
- commit 03fd814
- tracing: Free error logs of tracing instances (git-fixes).
- commit b4f001c
- tracing: Have tracing_snapshot_instance_cond() write errors
  to the appropriate instance (git-fixes).
- commit b3421ec
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- commit 46954c5
- ring-buffer: Fix race while reader and writer are on the same
  page (git-fixes).
- commit c740036
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- commit cb9e9b0
- mm: mmap: remove newline at the end of the trace (git-fixes).
- commit 01340e1
- tracing: Fix wrong return in kprobe_event_gen_test.c
  (git-fixes).
- commit f76dcf0
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- commit cdf6666
- kABI workaround for xhci (git-fixes).
- commit cbab93c
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
  (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit
  (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present
  (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete
  when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
  (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler
  (git-fixes).
- usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin
  assignment (git-fixes).
- xhci: Free the command allocated for setting LPM if we return
  early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough
  iommu (git-fixes).
- usb: xhci: tegra: fix sleep in atomic call (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- commit 3aae146
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it
  (git-fixes).
- commit b56644c
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- commit f336cd9
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT
  events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory
  access (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
  non-uploaded sta (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: cros-ec: Explicitly set .polarity in .get_state()
  (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
  (git-fixes).
- platform/x86: think-lmi: Clean up display of current_value on
  Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing
  ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current
  settings (git-fixes).
- commit a8eaaa9
- btrfs: fix race between quota disable and quota assign ioctls
  (CVE-2023-1611 bsc#1209687).
- commit dcf095c
- Update
  patches.suse/Fix-double-fget-in-vhost_net_set_backend.patch
  (git-fixes bsc#1210203 CVE-2023-1838).
  Added CVE reference.
- commit 39f99de
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report
  DMI table (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer
  (git-fixes).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
  (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
  (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
  (git-fixes).
- commit 83ef835
- blacklist.conf: b8ac29b40183 timekeeping: contribute wall clock to rng on time change
  Breaks kABI and not critical
- commit 3ea8922
- timers: Prevent union confusion from unexpected (git-fixes)
- commit 80b3ef6
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- commit 67d84fc
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- commit b77ea41
- ipv6: raw: Deduct extension header length in
  rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394).
- commit cab54ec
- Refresh
  patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch.
- commit c7b89ec
- blacklist.conf: cosmetic, not a fix
- commit 524a401
- Refresh
  patches.suse/HID-u2fzero-ignore-incomplete-packets-without-data.patch.
  added alternate commit ID
- commit d8e619b
- clocksource/drivers/mediatek: Optimize systimer irq clear flow
  on shutdown (git-fixes).
- commit 5ced514
- usb: ucsi: Fix ucsi->connector race (git-fixes).
- commit 513d457
- Define kernel-vanilla as source variant
  The vanilla_only macro is overloaded. It is used for determining if
  there should be two kernel sources built as well as for the purpose of
  determmioning if vanilla kernel should be used for kernel-obs-build.
  While the former can be determined at build time the latter needs to be
  baked into the spec file template. Separate the two while also making
  the latter more generic.
  $build_dtbs is enabled on every single rt and azure branch since 15.3
  when the setting was introduced, gate on the new $obs_build_variant
  setting as well.
- commit 36ba909
- USB: fotg210: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 632f169
- Refresh
  patches.suse/drm-amd-display-Fail-atomic_check-early-on-normalize.patch
  (git-fixes)
  Alt-commit
- commit ceb3eab
- Refresh
  patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
  (git-fixes)
  Alt-commit
- commit c85372d
- Refresh
  patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch
  (git-fixes)
  Alt-commit
- commit e974612
- Refresh
  patches.suse/drm-amd-display-Fix-COLOR_SPACE_YCBCR2020_TYPE-matri.patch
  (git-fixes)
  Alt-commit
- commit 7941903
- Refresh
  patches.suse/drm-amd-display-Calculate-output_color_space-after-p.patch
  (git-fixes)
  Alt-commit
- commit 107d5d6
- scsi: qla2xxx: Synchronize the IOCB count to be in order
  (bsc#1209292 bsc#1209684 bsc#1209556).
- nvme-tcp: always fail a request when sending it failed
  (bsc#1208902).
- commit 8d76faa
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- commit edea1ec
- cifs: prevent infinite recursion in CIFSGetDFSRefer()
  (bsc#1193629).
- commit dd2e168
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- commit e5fbb85
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
  (bsc#1193629).
- commit 435fcff
- platform/x86: think-lmi: Use min_t() for comparison and
  assignment (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups
  (bsc#1210050).
- platform/x86: think-lmi: Certificate authentication support
  (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store()
  (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling
  a bit (bsc#1210050).
- platform/x86: think-lmi: Move kobject_init() call into
  tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- commit 49b6cc8
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
  It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness
  returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel
  platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT
  mode (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1
  machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second
  fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode
  on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported
  systems (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode
  transitions (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel
  platforms (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
  resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a
  number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks
  (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status
  return (bsc#1210050).
- platform/x86: thinkpad_acpi: Don't use test_bit on an integer
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about
  uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g
  (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform
  profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without
  a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to
  led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused
  sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing
  up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver
  attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after
  subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove "/goto err_exit"/ from
  hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in
  tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return
  - ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init()
  returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use
  dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow
  ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey()
  helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of
  safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode
  and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes
  (bsc#1210050).
- commit 9704026
- NFSv4: Fix hangs when recovering open state after a server
  reboot (git-fixes).
- commit bb218a4
- Input: alps - fix compatibility with -funsigned-char
  (bsc#1209805).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- commit 4704fd1
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
  This new form was added in commit e89c2e815e76 ("/riscv: Handle
  zicsr/zifencei issues between clang and binutils"/).
- commit 234baea
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
  (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- commit b056d1f
- ca8210: Fix unsigned mac_len comparison with zero in
  ca8210_skb_tx() (git-fixes).
- commit 1abdd92
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
  (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260
  (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops
  (git-fixes).
- commit 5254cf5
- remove "/PCI: hv: Use async probing to reduce boot time"/ (bsc#1207185).
- commit 9e80db8
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
  (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay
  (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
  (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100
  (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing
  (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo
  (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit
  and auto_clear_bit (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index`
  (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth
  (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters
  (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
  (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
  (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
  (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing
  (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm
  (git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending
  on it (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
  (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work
  function (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as
  threaded (git-fixes).
- ACPI: x86: utils: Add Cezanne to the list for forcing
  StorageD3Enable (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on
  ARCH_ASPEED (git-fixes).
- commit 182d88d
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- commit 2ca3471
- Fix error path in pci-hyperv to unlock the mutex state_lock
- commit 3898057
- lockd: set file_lock start and end when decoding nlm4 testargs
  (git-fixes).
- commit b3df611
- Delete
  patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch.
- Delete
  patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch.
  Again, delete patches causing bsc#1209798, which were restored by accident.
- commit bbfb5d1
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive
  instrumentation (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup()
  (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security
  mitigation switch (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/vmlinux.lds: Don't discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
  (bsc#1194869).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds
  (bsc#1194869).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries
  (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
  (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init()
  (bsc#1194869).
- commit 3d61390
- blacklist.conf: Add fix not needed in 5.14
  d80f6de9d601 powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
- commit 8fa612c
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 986d3dc
- net: asix: fix modprobe "/sysfs: cannot create duplicate
  filename"/ (git-fixes).
- commit f535630
- net: usb: asix: remove redundant assignment to variable reg
  (git-fixes).
- commit c20b71b
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit f6de603
- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 0b16baa
- powerpc/powernv/ioda: Skip unallocated resources when mapping
  to PE (bsc#1065729).
- commit 8723ead
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
  (bsc#1065729).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
  (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling
  (bsc#1109158 ltc#169177 git-fixes).
- commit 6122a0b
- Update
  patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch
  (bsc#1209256 CVE-2017-5753).
- commit e09128d
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 448e27d
- blacklist.conf: cleanup, not a fix
- commit 29c7dbf
- blacklist.conf: cleanup, not fix
- commit e3722ae
- blacklist.conf: documentation update of a little used driver only
- commit 9deed66
- blacklist.conf: documentation only
- commit de3860f
- s390/vfio-ap: fix memory leak in vfio_ap device driver
  (git-fixes).
- commit 8168fab
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally"/ (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
  (bsc#1207185).
- commit b4eeab5
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
  CVE-2023-28464).
- commit 8b25016
- smb3: fix unusable share after force unmount failure
  (bsc#1193629).
- commit 1091b58
- cifs: fix dentry lookups in directory handle cache
  (bsc#1193629).
- commit 663c78d
- smb3: lower default deferred close timeout to address perf
  regression (bsc#1193629).
- commit bb31b2c
- cifs: fix missing unload_nls() in smb2_reconnect()
  (bsc#1193629).
- commit 7a7c9a9
- cifs: avoid race conditions with parallel reconnects
  (bsc#1193629).
- commit e64476f
- cifs: append path to open_enter trace event (bsc#1193629).
- commit 2eff580
- cifs: print session id while listing open files (bsc#1193629).
- commit 851a108
- cifs: dump pending mids for all channels in DebugData
  (bsc#1193629).
- commit 6d11c27
- cifs: empty interface list when server doesn't support query
  interfaces (bsc#1193629).
- commit 9a0c2a5
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- commit 7762f86
- cifs: lock chan_lock outside match_session (bsc#1193629).
- commit 4cfd2c2
- cifs: check only tcon status on tcon related functions
  (bsc#1193629).
- commit 6e30684
- net: tls: fix possible race condition between
  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  (bsc#1209366 CVE-2023-28466).
- commit 3dab1fe
- s390/boot: simplify and fix kernel memory layout setup
  (bsc#1209600).
- blacklist.conf: remove 9a39abb7c9aa
- commit bbd2ed5
- s390/dasd: fix no record found for raw_track_access
  (bsc#1207574).
- commit f363675
- Update references in
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400 bsc#1209779 CVE-2023-1637).
- commit 87fc4f6
- Update references in
  patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
  (git-fixes bsc#1209788 CVE-2023-1652).
- commit f81ee89
- platform/x86: think-lmi: Add possible_values for ThinkStation
  (git-fixes).
- platform/x86: think-lmi: only display possible_values if
  available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters
  (git-fixes).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit
  (git-fixes).
- commit 0563887
- Revert "/Revert "/x86: link vdso and boot with -z noexecstack"/ (bsc#1209798)"/
  This reverts commit 26c6d5069004c3a470d53c3a53228ad5d44aa2a5.
- commit 4af196c
- Revert "/Revert "/Makefile: link with -z noexecstack --no-warn-rwx-segments"/ (bsc#1209798)"/
  This reverts commit 7db37fcbd312a083337d722b2c5543e6bf3a5c70.
- commit e9292ed
- Revert "/Makefile: link with -z noexecstack --no-warn-rwx-segments"/ (bsc#1209798)
  This reverts commit 34f9acb95470d2d2543e314cadd40a0e1c0ee6e1.
  It causes problems on aarch64:
  ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- commit 7db37fc
- Revert "/x86: link vdso and boot with -z noexecstack"/ (bsc#1209798)
  This reverts commit dc30142edffcbb9537e3cc47b176cb97109792c7.
  It causes problems on aarch64:
  ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- commit 26c6d50
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- commit 8f8bc2f
- xfs: pass the correct cursor to xfs_iomap_prealloc_size
  (git-fixes).
- commit 6692117
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- commit aa31e13
- blacklist.conf: Add da34a8484d16 mm: memcontrol: deprecate charge moving
- commit 6635ae8
- blacklist.conf: Add c91bdc935899 mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
- commit 61fff14
- blacklist.conf: Add dbb16df6443c Revert "/memcg: cleanup racy sum avoidance code"/
- commit 6069ccd
- blacklist.conf: Add 9b3016154c91 memcg: sync flush only if periodic flush is delayed
- commit b4b0020
- sched/psi: Fix use-after-free in ep_remove_wait_queue()
  (bsc#1209799).
- commit 40303b2
- Drop build fix patch causing a regression on aarch64 (bsc#1209798)
  Delete patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch
- commit cc75cf8
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 53c4e74
- lan78xx: Fix memory allocation bug (git-fixes).
- commit 8d1f2f9
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- commit 5612173
- lan78xx: Fix race conditions in suspend/resume handling
  (git-fixes).
- commit 27662e3
- lan78xx: Fix partial packet errors on suspend/resume
  (git-fixes).
- commit 6979f29
- lan78xx: Fix exception on link speed change (git-fixes).
- commit f7c495b
- lan78xx: Add missing return code checks (git-fixes).
- Refresh
  patches.suse/lan78xx-Enable-LEDs-and-auto-negotiation.patch.
- commit adb9750
- lan78xx: Remove unused pause frame queue (git-fixes).
- commit f843fdb
- lan78xx: Set flow control threshold to prevent packet loss
  (git-fixes).
- commit 6bbd43a
- lan78xx: Remove unused timer (git-fixes).
- commit 685aa9a
- lan78xx: Fix white space and style issues (git-fixes).
- commit 7f22f3d
- usb: dwc2: fix a devres leak in hw_enable upon suspend resume
  (git-fixes).
- usb: chipdea: core: fix return -EINVAL if request role is the
  same with current role (git-fixes).
- usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3
  driver (git-fixes).
- usb: cdns3: Fix issue with using incorrect PCI device function
  (git-fixes).
- usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- usb: typec: tcpm: fix warning when handle discover_identity
  message (git-fixes).
- usb: gadget: u_audio: don't let userspace block driver unbind
  (git-fixes).
- usb: dwc3: gadget: Add 1ms delay after end transfer command
  without IOC (git-fixes).
- usb: dwc3: Fix a typo in field name (git-fixes).
- usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
  (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 7d86b44
- hwmon: fix potential sensor registration fail if of_node is
  missing (git-fixes).
- commit 07bdfd9
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent
  (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox
  transport (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
  (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
  (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
  (git-fixes).
- power: supply: da9150: Fix use after free bug in
  da9150_charger_remove due to race condition (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection
  (git-fixes).
- drm/i915/active: Fix missing debug object activation
  (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
  (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from
  ioctl (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in
  xgene_slimpro_i2c_xfer() (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the
  transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags
  (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type
  (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD
  address (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to
  race condition (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop()
  (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
  (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit d23fee6
- Refresh
  patches.suse/arm64-Avoid-repeated-AA64MMFR1_EL1-register-read-on-.patch.
  Patch is merged upstream. Update headers.
- commit 1a36cd0
- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681)
  linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly,
  they dropped *-71.ucode, hence the workaround leads to the firmware load
  failure.  Drop the old workaround now.
- commit 7a74f9a
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- commit 7b4b228
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- commit 33ca96b
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- commit 6f82a6d
- blacklist.conf: ("/lockdep: Fix -Wunused-parameter for _THIS_IP_"/)
- commit a81781d
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- commit 3fb6c9b
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- commit 6bf0b7f
- Update
  patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
  (bsc#1209635 CVE-2022-4744 git-fixes).
  Added CVE reference.
- commit 730f781
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d75fe48
- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- commit aced962
- Delete patches.suse/trace-hwlat-make-use-of-the-helper-function-kthread_run_on_cpu.patch
  Cleanup commit ff78f6679d2e ("/trace/hwlat: make use of the helper
  function kthread_run_on_cpu()"/) was added to SLE15-SP4 to avoid
  a conflict when backporting 08697bca9bbb ("/trace/hwlat: Do not start
  per-cpu thread if it is already running"/). However, the needed helper
  function kthread_run_on_cpu() is missing in this codestream. The
  rt_debug config enables hwlat and then failed to build.
  Revert adding the cleanup patch and instead adjust context of
  patches.suse/trace-hwlat-Do-not-start-per-cpu-thread-if-it-is-already-running.patch.
- commit 86cbb00
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- commit 67abae4
- cifs: return DFS root session id in DebugData (bsc#1193629).
- commit cadd823
- cifs: fix use-after-free bug in refresh_cache_worker()
  (bsc#1193629).
- commit 596d51f
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- commit 8d91ba8
- cifs: generate signkey for the channel that's reconnecting
  (bsc#1193629).
- commit a188b7e
- cifs: Fix smb2_set_path_size() (git-fixes).
- commit 969e280
- cifs: Move the in_send statistic to __smb_send_rqst()
  (git-fixes).
- commit 9c6865d
- Refresh
  patches.suse/locking-rwbase-Mitigate-indefinite-writer-starvation.patch.
  Update patch metadata and move to sorted section.
- commit b2600c8
- fs/proc: task_mmu.c: don't read mapcount for migration entry
  (CVE-2023-1582, bsc#1209636).
- commit 7b0d6b1
- drm/i915/active: Fix misuse of non-idle barriers as fence
  trackers (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- commit d37a1a8
- Add the already cherry-picked id to a driver base patch
- commit c16d60a
- Add i915 revert on stable 5.15.y to blacklist
  It's fixed by the proper patch instead
- commit 23d11f5
- tty: serial: fsl_lpuart: skip waiting for transmission complete
  when UARTCTRL_SBK is asserted (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var()
  checks (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if
  genphy_read_status fails (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
  (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book2 Pro (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in
  vdpasim_queue_ready (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in
  CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of
  next command (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset
  (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at
  every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate
  plane damaged area (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2
  selective fetch enabled (git-fixes).
- commit f8f59a8
- drm/i915: Don't use BAR mappings for ring buffers with LLC
  (git-fixes).
- drm/i915: Don't use stolen memory for ring buffers with LLC
  (git-fixes).
- commit 60b6f88
- locking/rwbase: Mitigate indefinite writer starvation
  (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- commit ec97cf5
- blacklist.conf: kABI
- commit d693a6f
- blacklist.conf: changes exports to user space in a way that is not a bug
  fix
- commit f047586
- kconfig: Update config changed flag before calling callback
  (git-fixes).
- commit 4822afa
- drivers/base: Fix unsigned comparison to -1 in
  CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- commit 263387d
- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
  (bsc#1209290 CVE-2023-28327).
- commit dee84d8
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
  CVE-2017-5753).
- commit 35271d8
- drivers/base: fix userspace break from using bin_attributes
  for cpumap and cpulist (bsc#1208815).
- commit d8ec347
- keys: Do not cache key in task struct if key is requested from
  kernel thread (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel
  panic in skb_pull (git-fixes).
- commit 2977668
- KABI FIX FOR: NFSv4: keep state manager thread active if swap
  is enabled (Never, kabi).
- commit b299bd6
- SUNRPC: Fix a server shutdown leak (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- nfs4trace: fix state manager flag printing (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy
  (git-fixes).
- nfsd: fix race to check ls_layouts (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item
  (git-fixes).
- nfsd: zero out pointers after putting nfsd_files on COPY setup
  error (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
  (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
  (git-fixes).
- nfsd: shut down the NFSv4 state objects before the filecache
  (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
  failure (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking()
  (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery
  (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled
  (git-fixes).
- commit 4ee2a42
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 757cf27
- struct dwc3: mask new member (git-fixes).
- commit 29d28eb
- USB: dwc3: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 5d4bb23
- blacklist.conf: kABI
- commit 1170e89
- blacklist.conf: kABI
- commit fb6be59
- tracing/hwlat: Replace sched_setaffinity with
  set_cpus_allowed_ptr (git-fixes).
- commit 5dae012
- ring-buffer: remove obsolete comment for free_buffer_page()
  (git-fixes).
- commit e7730cf
- tracing: Make splice_read available again (git-fixes).
- commit 83c2809
- trace/hwlat: Do not start per-cpu thread if it is already
  running (git-fixes).
- commit b67192b
- trace/hwlat: make use of the helper function
  kthread_run_on_cpu() (git-fixes).
- commit 091a305
- trace/hwlat: Do not wipe the contents of per-cpu thread data
  (git-fixes).
- commit 907b256
- tracing: Make tracepoint lockdep check actually test something
  (git-fixes).
- commit b2e4082
- blacklist.conf: kABI
- commit 6922af5
- ftrace: Fix invalid address access in lookup_rec() when index
  is 0 (git-fixes).
- commit 59f3693
- tracing: Check field value in hist_field_name() (git-fixes).
- commit a92eb30
- tracing: Do not let histogram values have some modifiers
  (git-fixes).
- commit 2761bfa
- tracing: Add NULL checks for buffer in
  ring_buffer_free_read_page() (git-fixes).
- commit 1bf9381
- ring-buffer: Handle race between rb_move_tail and rb_check_pages
  (git-fixes).
- commit 94bd9c6
- blacklist.conf: add a not-relevant ftrace cleanup
- commit 57cd4dc
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- commit 6f9f252
- Update
  patches.suse/scsi-ufs-ufs-mediatek-Fix-error-checking-in-ufs_mtk_init_va09_pwr_ctrl
  Adding CVE and bsc reference (git-fixes CVE-2023-23001 bsc#1208829).
- commit 2128b6e
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr
  (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int
  (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  sad_cfg_iio_topology() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol
  (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output
  (git fixes).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes
  (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain
  (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of
  clear_cpu_cap() (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
  PMU (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git
  fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default
  (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git
  fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL
  (git fixes).
- perf/core: Fix data race between perf_event_set_output()
  and perf_mmap_close() (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support
  (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding
  (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
  (git fixes).
- perf/x86/intel: Don't extend the pseudo-encoding to GP counters
  (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- perf: Always wake the parent event (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
  (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- commit 74e398e
- Refresh patches.suse/NFSv3-handle-out-of-order-write-replies.patch.
  Careless typo - might cause bsc#1209457
- commit 1d76618
- fotg210-udc: Add missing completion handler (git-fixes).
- commit 6b598ac
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- commit 4c4d5c0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 146b5ac
- ceph: update the time stamps and try to drop the suid/sgid
  (bsc#1209504).
- commit e7df378
- supported.conf: Remove duplicate entry.
- commit 2c93f73
- IB/hfi1: Update RMT size calculation (git-fixes)
- commit 46a7a1c
- IB/hfi1: Assign npages earlier (git-fixes)
- commit b6b4a13
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path
  (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation
  (git-fixes).
- firmware: xilinx: don't make a sleepable memory allocation
  from an atomic context (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses
  (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
  due to race condition (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers
  (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order
  (git-fixes).
- media: m5mols: fix off-by-one loop termination error
  (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
  condition (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly
  (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity
  (git-fixes).
- ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
  (git-fixes).
- drm/bridge: Fix returned array size name for
  atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors
  (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay
  (git-fixes).
- drm/panfrost: Don't sync rpm suspension after mmu flushing
  (git-fixes).
- drm/shmem-helper: Remove another errant put in error path
  (git-fixes).
- clk: HI655X: select REGMAP instead of depending on it
  (git-fixes).
- docs: Correct missing "/d_"/ prefix for dentry_operations member
  d_weak_revalidate (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers
  for soc15 (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs
  (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how
  long a regulator was off (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- PCI: Add SolidRun vendor ID (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on
  regulators (git-fixes).
- regulator: Flag uncontrollable regulators as always_on
  (git-fixes).
- commit fc61e5c
- Delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch
  Resulted in an Oops / hang at boot (bsc#1209436)
- commit 0da96b0
- hwmon: (k10temp): Add support for new family 17h and 19h models
  (bsc#1208848).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- commit c3dd9ac
- Update references in
  patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
  (git-fixes bsc#1209291 CVE-2023-28328).
- commit dc99e31
- Refresh
  patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch.
  Fix build warning:
  .../amdgpu_dm/amdgpu_dm.c: In function 'amdgpu_dm_fini':
  .../amdgpu_dm/amdgpu_dm.c:1417:6: warning: unused variable 'i' [-Wunused-variable]
  int i;
    ^
- commit 25c8b43
- x86/msr: Remove .fixup usage (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- Refresh patches.suse/x86-futex-Remove-.fixup-usage.patch.
- commit c013cdd
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- commit b735f37
- x86/fpu/xsave: Handle compacted offsets correctly with
  supervisor states (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
  (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page
  (git-fixes).
- Refresh
  patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch.
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
  (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
  (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large
  enclaves (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
  (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Allow instrumentation during task work queueing
  (git-fixes).
- x86/uaccess: Move variable into switch case statement
  (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table
  (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with
  supervisor states (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
  (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page
  (git-fixes).
- Refresh
  patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch.
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
  (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
  (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large
  enclaves (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
  (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Allow instrumentation during task work queueing
  (git-fixes).
- x86/uaccess: Move variable into switch case statement
  (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table
  (git-fixes).
- commit cd115f3
- rpm/group-source-files.pl: Fix output difference when / is in location
  While previous attempt to fix group-source-files.pl in 6d651362c38
  "/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"/
  breaks the infinite loop, it does not properly address the issue. Having
  prefixed and/or postfixed forward slash still result in different
  output.
  This commit changes the script to use the Perl core module File::Spec
  for proper path manipulation to give consistent output.
- commit 4161bf9
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery
  table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in
  uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on
  ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize IIO topology support
  (bsc#1206824, bsc#1206493, bsc#1206492).
- commit 23fd14b
- Require suse-kernel-rpm-scriptlets at all times.
  The kernel packages call scriptlets for each stage, add the dependency
  to make it clear to libzypp that the scriptlets are required.
  There is no special dependency for posttrans, these scriptlets run when
  transactions are resolved. The plain dependency has to be used to
  support posttrans.
- commit 56c4dbe
- Replace mkinitrd dependency with dracut (bsc#1202353).
  Also update mkinitrd refrences in documentation and comments.
- commit e356c9b
- mm: memcg: fix NULL pointer in
  mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- commit ca9be2b
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
  (bsc#1197617).
- commit 34bfa16
- blacklist.conf: Add cgroup locking optimizations
  be288169712f cgroup: reduce dependency on cgroup_mutex
  671c11f0619e cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
- commit a274f6f
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- commit 49f82de
- blacklist.conf: Add 9360d035a579 panic: Separate sysctl logic from CONFIG_SMP
- commit 70188a8
- blacklist.conf: Add 9df918698408 kernel/panic: move panic sysctls to its own file
- commit 7099ede
- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256).
- commit 90a3f2f
- blacklist.conf: this is very hard to explain. This patch stops a staging
  driver from doing something extremely stupid, but it is visible and not
  technically a fix
- commit 55006f0
- blacklist.conf: Add c16bdeb5a39f rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in set_user
  And also reasoning dependency/guard 2863643fb8b9 ("/set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds"/)
- commit 2a2c4f0
- blacklist.conf: this is very hard to explain. This patch stops a staging
  driver from doing something extremely stupid, but it is visible and not
  technically a fix
- commit a35c342
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- commit b51985a
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- commit d31c746
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty
  list (bsc#1208602, git-fixes).
- commit 4b74bf5
- rds: rds_rm_zerocopy_callback() correct order for
  list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
  (CVE-2023-1078 bsc#1208601).
- commit b467b16
- blacklist.conf: add some X86 ARCHITECTURE git-fixes
- commit 6e9c445
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
  bsc#1208598).
- commit 04f7ce9
- blacklist.conf: feature, not fix
- commit 3b9cbfd
- blacklist.conf: duplicate
- commit 082c8b7
- Update patches.suse/hid-bigben_probe-validate-report-count.patch
  (bsc#1208605).
  Added bugzilla reference to fix already applied
- commit 784a3b2
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
  (git-fixes).
- commit 1bde01c
- signal: Implement force_fatal_sig (git-fixes).
- blacklist.conf: remove it
- commit fc01034
- bpf, x64: Factor out emission of REX byte in more cases
  (git-fixes).
- blacklist.conf: remove it
- commit 3ad465f
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd
  (git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of
  calling do_exit (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation
  (git-fixes).
- commit 128d44a
- wifi: cfg80211: Partial revert "/wifi: cfg80211: Fix use after
  free for wext"/ (git-fixes).
- tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
  (git-fixes).
- commit c121561
- NFS: nfsiod should not block forever in mempool_alloc()
  (git-fixes).
- commit 3938521
- KABI FIX FOR NFSv4: Fix free of uninitialized nfs4_label on
  referral lookup (git-fixes).
- commit 3fe030b
- ASoC: zl38060 add gpiolib dependency (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update
  (git-fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero
  (git-fixes).
- PCI: Add ACS quirk for Wangxun NICs (git-fixes).
- PCI: Take other bus devices into account when distributing
  resources (git-fixes).
- PCI: Align extra resources for hotplug bridges properly
  (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
  mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
  mma9551_read_status_word() (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- mei: bus-fixup:upon error print return values of send and
  receive (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent()
  (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe
  (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal
  (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
  (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- USB: ene_usb6250: Allocate enough memory for full object
  (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of
  using pointer math (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive
  warnings (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
  (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string
  (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors
  (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt
  leak (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
  (git-fixes).
- ASoC: zl38060: Remove spurious gpiolib select (git-fixes).
- Bluetooth: hci_sock: purge socket queues in the destruct()
  callback (git-fixes).
- commit 1135294
- kABI workaround for hid quirks (git-fixes).
- commit 2ce6cac
- HID: retain initial quirks set up when creating HID devices
  (git-fixes).
- commit 0d98469
- PCI: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- commit ccb0b3a
- thermal/drivers/tsens: Add compat string for the qcom,msm8960
  (git-fixes).
- Refresh
  patches.suse/thermal-drivers-tsens-Sort-out-msm8976-vs-msm8956-da.patch.
- commit 0c14aac
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code
  (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL
  register (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec()
  (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq
  (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already
  binded (git-fixes).
- usb: typec: intel_pmc_mux: Don't leak the ACPI device reference
  count (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream()
  fails (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
  (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
  (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to
  prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in
  brcmf_c_preinit_dcmds() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
  (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH
  (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero
  (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high
  (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper
  acpi_dev_get_memory_resources() (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop
  body as a ptr (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg
  (un)link func (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link()
  (git-fixes).
- commit 31f8312
- nfc: fdp: add null check of devm_kmalloc_array in
  fdp_nci_i2c_read_device_properties (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
  (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables
  (git-fixes).
- PCI: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color
  bits (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad
  Duet 3 10IGL5 (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown
  (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume
  (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
  (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- HID: multitouch: Add quirks for flipped axes (git-fixes).
- HID: logitech-hidpp: Don't restart communication if not
  necessary (git-fixes).
- HID: Add Mapping for System Microphone Mute (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks
  (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays
  (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode
  (git-fixes).
- KEYS: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output
  enable (git-fixes).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit
  path (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- media: uvcvideo: Check controls flags before accessing them
  (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS
  (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL
  (git-fixes).
- commit af57661
- Documentation/hw-vuln: Document the interaction between IBRS
  and STIBP (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
  (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- docs/scripts/gdb: add necessary make scripts_gdb step
  (git-fixes).
- ASoC: codecs: lpass: fix incorrect mclk rate (git-fixes).
- ASoC: kirkwood: Iterate over array indexes instead of using
  pointer math (git-fixes).
- ASoC: soc-compress: Reposition and add pcm_mutex (git-fixes).
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
  (git-fixes).
- ACPI: Don't build ACPICA with '-Os' (git-fixes).
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read
  latency detected (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible
  (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
  (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node
  name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node
  names (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button
  name (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to
  eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to
  rng node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid
  clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors
  compatible (git-fixes).
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
  (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
  (git-fixes).
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video
  phy (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock
  names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON
  (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- ACPI: resource: Add helper function
  acpi_dev_get_memory_resources() (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ASoC: codecs: tx-macro: move to individual clks from bulk
  (git-fixes).
- ASoC: codecs: rx-macro: move to individual clks from bulk
  (git-fixes).
- ASoC: codecs: tx-macro: move clk provider to managed variants
  (git-fixes).
- ASoC: codecs: rx-macro: move clk provider to managed variants
  (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- ASoC: codecs: Change bulk clock voting to optional voting in
  digital codecs (git-fixes).
- ASoC: fsl_sai: Update to modern clocking terminology
  (git-fixes).
- commit 8491e1c
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
  bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit 1969911
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit 17b413e
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit bedb569
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- commit 04f9814
- arm64: mm: kfence: only handle translation faults (git-fixes)
- commit 53720ca
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- commit abb3814
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- commit 8ba9b76
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- commit 830c0c2
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- commit bf5800f
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- commit 2dadb72
- blacklist.conf: add some X86 git-fixes
- commit 05ac891
- blacklist.conf: ("/arm64: dts: ten64: remove redundant interrupt declaration for"/)
- commit b0f32f5
- Update patch reference for HID fixes (CVE-2023-25012 bsc#1207560)
- commit ac09f05
- qede: avoid uninitialized entries in coal_entry array
  (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- commit bcd42d6
- PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- commit da09379
- PCI: qcom: Fix host-init error handling (git-fixes).
- PCI: Unify delay handling for reset and resume (git-fixes).
- PCI/PM: Always disable PTM for all devices during suspend
  (git-fixes).
- PCI: mediatek-gen3: Fix refcount leak in
  mtk_pcie_init_irq_domains() (git-fixes).
- PCI/PM: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte
  X299 (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- PCI: mediatek-gen3: Assert resets to ensure expected init state
  (git-fixes).
- PCI: Avoid pci_dev_lock() AB/BA deadlock with
  sriov_numvfs_store() (git-fixes).
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- PCI: xgene: Revert "/PCI: xgene: Use inbound resources for setup"/
  (git-fixes).
- PCI: aardvark: Check return value of generic_handle_domain_irq()
  when processing INTx IRQ (git-fixes).
- PCI: Reduce warnings on possible RW1C corruption (git-fixes).
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch.
- PCI: aardvark: Fix link training (git-fixes).
- Refresh
  patches.suse/PCI-aardvark-Fix-checking-for-link-up-via-LTSSM-stat.patch.
- commit 3cab0bb
- blacklist.conf: add some PCI git-fixes
- commit 259b001
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending
  on it (git-fixes).
- commit b403668
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- NFSD: pass range end to vfs_fsync_range() instead of count
  (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
  display (git-fixes).
- NFSD: Finish converting the NFSv3 GETACL result encoder
  (git-fixes).
- NFSD: Finish converting the NFSv2 GETACL result encoder
  (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
  (git-fixes).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4: Fix a potential state reclaim deadlock (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: fix use-after-free on source server when doing
  inter-server copy (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
  (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
  (git-fixes).
- NFSv4: Fix free of uninitialized nfs4_label on referral lookup
  (git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
  (git-fixes).
- SUNRPC: Return true/false (not 1/0) from bool functions
  (git-fixes).
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
  (git-fixes).
- NFS: nfsiod should not block forever in mempool_alloc()
  (git-fixes).
- commit 4c29b9b
- blacklist.conf: fixes for bugs we don't have
- commit afbbfc5
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
  CVE-2023-23004).
- commit 87efba8
- Delete
  patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
  This definition was used by kgraft codestreams (SLE12-SP3), but the
  livepatch support for such codestreams has ended.
- commit f5aeaad
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- blacklist.conf: false positive
- commit 086f5da
- nvme-auth: fix an error code in
  nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: don't use NVMe status codes (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication
  (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to
  complete (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication
  (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication
  completes (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure
  (bsc#1202633).
- nvme-auth: don't keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: don't override ctrl keys before validation
  (bsc#1202633).
- nvme-auth: don't ignore key generation failures when
  initializing ctrl keys (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: don't re-authenticate if the controller is not LIVE
  (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset
  (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to
  nvme_auth[reset|free]_dhchap (bsc#1202633).
- commit 67a47c5
- blacklist.conf: kABI, cosmetic
- commit f03aa8f
- Add cherry-picked id for nouveau patch
- commit d18ab1d
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit a961e32
- KABI FIX FOR: NFSv4.1 query for fs_location attr on a new file
  system (Never, kabi).
- commit f615f65
- update internal module version number for cifs.ko (bsc#1193629).
- commit c325c43
- drm/virtio: Fix NULL vs IS_ERR checking in
  virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit cd9c832
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  ...
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
  Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare()
  in imx7_csi_init() (git-fixes).
- commit e70e8d4
- media: platform: ti: Add missing check for devm_regulator_get
  (git-fixes).
- commit 08661ee
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
  function (CVE-2023-23000 bsc#1208816).
- commit 4632142
- Update patch reference for media fix (CVE-2023-1118 bsc#1208837)
- commit 778b9f2
- media: ti: cal: fix possible memory leak in cal_ctx_create()
  (git-fixes).
- commit 2ff7792
- struct uvc_device move flush_status  new member to end
  (git-fixes).
- commit 8ba3f50
- media: uvcvideo: Fix race condition with usb_kill_urb
  (git-fixes).
- commit 9dd8ca0
- media: coda: Add check for kmalloc (git-fixes).
- commit 8c98f78
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit 705609f
- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
  patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 9b1b9b9
- blacklist.conf: cosmetic, not a bug fix
- commit a1eb9b6
- net/ulp: use consistent error code when blocking ULP
  (CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
  status (CVE-2023-0461 bsc#1208787).
- commit bad820e
- KABI FIX FOR: NFSD: Have legacy NFSD WRITE decoders use
  xdr_stream_subsegment() (git-fixes).
- commit bd901a6
- KABI FIX FOR: NFS: Further optimisations for 'ls -l'
  (git-fixes).
- commit 894aa13
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
  (git-fixes).
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
  (git-fixes).
- NFSD: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- NFSD: COMMIT operations must not return NFS?ERR_INVAL
  (git-fixes).
- sunrpc: Fix potential race conditions in
  rpc_sysfs_xprt_state_change() (git-fixes).
- net/sunrpc: fix reference count leaks in
  rpc_sysfs_xprt_state_change (git-fixes).
- SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt
  (git-fixes).
- NFSv4 handle port presence in fs_location server string
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4.1 query for fs_location attr on a new file system
  (git-fixes).
- NFSv4 store server support for fs_location attribute
  (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
  (git-fixes).
- NFSD: Have legacy NFSD WRITE decoders use
  xdr_stream_subsegment() (git-fixes).
- NFS: Create a new nfs_alloc_fattr_with_label() function
  (git-fixes).
- NFS: Always initialise fattr->label in nfs_fattr_alloc()
  (git-fixes).
- NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
  (git-fixes).
- NFS: Further optimisations for 'ls -l' (git-fixes).
- commit fc8bee1
- blacklist.conf: NFS updates
- commit 424a052
- selftests/powerpc: Account for offline cpus in perf-hwbreak test
  (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test
  (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- commit cc3db6d
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- commit 6b88ff8
- cifs: improve checking of DFS links over
  STATUS_OBJECT_NAME_INVALID (git-fixes).
- commit 2d97db4
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too
  (bsc#1193629).
- commit aef7d88
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- commit a3d06fc
- cifs: update ip_addr for ses only for primary chan setup
  (bsc#1193629).
- commit 9b0633d
- cifs: use tcon allocation functions even for dummy tcon
  (git-fixes).
- commit 4cb2b33
- cifs: use the least loaded channel for sending requests
  (bsc#1193629).
- commit cfdb032
- smb3: Replace smb2pdu 1-element arrays with flex-arrays
  (bsc#1193629).
- commit 8183847
- selftests/ftrace: Convert tracer tests to use 'requires'
  to specify program dependency (bsc#1204993 ltc#200103).
- selftests/ftrace: Add check for ping command for trigger tests
  (bsc#1204993 ltc#200103).
- commit 11e08ba
- cifs: get rid of dns resolve worker (bsc#1193629).
- commit 2cb37b3
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- commit 5fa5f21
- cifs: Fix lost destroy smbd connection when MR allocate failed
  (git-fixes).
- commit f517a17
- cifs: return a single-use cfid if we did not get a lease
  (bsc#1193629).
- commit 90e06b0
- cifs: Check the lease context if we actually got a lease
  (bsc#1193629).
- commit 8e90bef
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- commit a459269
- cifs: Convert struct fealist away from 1-element array
  (bsc#1193629).
- commit da04015
- cifs: fix mount on old smb servers (boo#1206935).
- commit 1f96ba2
- cifs: Fix uninitialized memory reads for oparms.mode
  (bsc#1193629).
- commit 54e33cf
- cifs: remove unneeded 2bytes of padding from smb2 tree connect
  (bsc#1193629).
- commit be0bd63
- cifs: Fix uninitialized memory read in smb3_qfs_tcon()
  (bsc#1193629).
- commit 0882d15
- cifs: don't try to use rdma offload on encrypted connections
  (bsc#1193629).
- commit e4e0061
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- commit 04a4e24
- cifs: introduce cifs_io_parms in smb2_async_writev()
  (bsc#1193629).
- commit 3e469a4
- cifs: get rid of unneeded conditional in cifs_get_num_sgs()
  (bsc#1193629).
- commit 406d57e
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- commit 57b5cfd
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req()
  (bsc#1193629).
- commit 1affc8c
- cifs: print last update time for interface list (bsc#1193629).
- commit 77e9288
- cifs: Replace zero-length arrays with flexible-array members
  (bsc#1193629).
- commit ccb5ba6
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- commit 782ea60
- cifs: Fix use-after-free in rdata->read_into_pages()
  (git-fixes).
- commit 107b2e5
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect
  (git-fixes).
- commit fe84ac1
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
  instead.
- commit 152a069
- Refresh
  patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
- Refresh
  patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
  Fix bug introduced by broken backport (bsc#1208628).
- commit d902e3e
- Move upstreamed i915 and media fixes into sorted section
- commit f79acc7
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit 92f0180
- nvme-fabrics: show well known discovery name (bsc#1200054).
- commit 0dc6ff3
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message
  (git-fixes).
- commit cf78232
- ASoC: mchp-spdifrx: Fix uninitialized use of mr in
  mchp_spdifrx_hw_params() (git-fixes).
- commit ef46bcf
- ALSA: ice1712: Delete unreachable code in aureon_add_controls()
  (git-fixes).
- ALSA: ice1712: Do not left ice->gpio_mutex locked in
  aureon_add_controls() (git-fixes).
- ASoC: adau7118: don't disable regulators on device unbind
  (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is
  within the limits (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized
  memory (git-fixes).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing
  free_irq() in error path (git-fixes).
- vc_screen: don't clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k
  (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- VMCI: check context->notify_page after call to
  get_user_pages_fast() to avoid GPF (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx
  dma case (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at
  shutdown (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in
  lpuart32_shutdown() (git-fixes).
- USB: serial: option: add support for VW/Skoda "/Carstick LTE"/
  (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M
  (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: mediatek: don't unregister something that wasn't
  registered (git-fixes).
- USB: core: Don't hold device lock while reading the
  "/descriptors"/ sysfs file (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access
  (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in
  fusb300_probe() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
  (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
  (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
  is no callback function (git-fixes).
- wifi: mwifiex: fix loop iterator in
  mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787
  (git-fixes).
- wifi: iwl4965: Add missing check for
  create_singlethread_workqueue() (git-fixes).
- wifi: iwl3945: Add missing check for
  create_singlethread_workqueue (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in
  nl80211_set_rekey_data() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec()
  (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
  (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wl3501_cs: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: if_usb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
  (git-fixes).
- wifi: brcmfmac: fix potential memory leak in
  brcmf_netdev_start_xmit() (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
  (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in
  _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtl8xxxu: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter()
  (git-fixes).
- wifi: iwlegacy: common: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- commit 795b424
- thermal: intel: BXT_PMIC: select REGMAP instead of depending
  on it (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference
  (git-fixes).
- rtc: allow rtc_read_alarm without read_alarm callback
  (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io
  (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate
  modem headers (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW
  (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region
  (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init
  (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
  (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
  (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning
  (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- soundwire: cadence: Don't overflow the command FIFOs
  (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- PCI: switchtec: Return -EFAULT for copy_to_user() errors
  (git-fixes).
- PCI: Fix dropping valid root bus resources with .end = zero
  (git-fixes).
- PCI/PM: Observe reset delay irrespective of bridge_d3
  (git-fixes).
- PCI/IOV: Enlarge virtfn sysfs name buffer (git-fixes).
- PCI: hotplug: Allow marking devices as disconnected during
  bind/unbind (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
  (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in
  tegra_uart_hw_init() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in
  lpuart32_shutdown() (git-fixes).
- printf: fix errname.c list (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: rockchip: Fix refcount leak in
  rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
  (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for
  wcss pins (git-fixes).
- spi: synquacer: Fix timeout handling in
  synquacer_spi_transfer_one() (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC
  (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns
  removal (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package
  system (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939
  (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
  (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines
  (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
  (git-fixes).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not
  available (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is
  disabled (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU
  (git-fixes).
- commit 14a6c6a
- media: saa7134: Use video_unregister_device for radio_dev
  (git-fixes).
- media: usb: siano: Fix use after free bugs caused by
  do_submit_urb (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned
  (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: v4l2-jpeg: correct the skip count in
  jpeg_parse_app14_data (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
  (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls()
  (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls()
  (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register()
  (git-fixes).
- Input: iqs626a - drop unused device node references (git-fixes).
- Input: ads7846 - don't check penirq immediately for 7845
  (git-fixes).
- Input: ads7846 - always set last command to PWRDOWN (git-fixes).
- Input: ads7846 - don't report pressure for ads7845 (git-fixes).
- Input: iqs269a - configure device with a single block write
  (git-fixes).
- Input: iqs269a - increase interrupt handler return delay
  (git-fixes).
- Input: iqs269a - drop unused device node references (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32
  (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type
  (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le
  (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in
  dfltcc_gdht() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in
  pcf50633_adc_async_read() (git-fixes).
- mfd: cs5535: Don't build on UML (git-fixes).
- gpu: host1x: Don't skip assigning syncpoints to channels
  (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned
  by of_graph_get_port_by_id() (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan
  (git-fixes).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store
  (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- Revert "/HID: logitech-hidpp: add a module parameter to keep
  firmware gestures"/ (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- HID: bigben: use spinlock to safely schedule workers
  (git-fixes).
- HID: bigben_worker() remove unneeded check on report_field
  (git-fixes).
- HID: bigben: use spinlock to protect concurrent accesses
  (git-fixes).
- HID: asus: use spinlock to safely schedule workers (git-fixes).
- HID: asus: use spinlock to protect concurrent accesses
  (git-fixes).
- gpio: tegra186: remove unneeded loop in
  tegra186_gpio_init_route_mapping() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- leds: led-class: Add missing put_device() to led_put()
  (git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths
  (git-fixes).
- HID: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- HID: elecom: add support for TrackBall 056E:011C (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case
  (git-fixes).
- commit ed4a4d9
- drm/i915: Don't use BAR mappings for ring buffers with LLC
  (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells
  (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types
  (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Don't require
  charging properties (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF
  Kconfig entries (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in
  dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in
  stratix10_svc_drv_probe() (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init()
  (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A
  usb3-phy0 optional (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amd/display: reduce else-if to else in
  dcn10_blank_pixel_data() (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in
  dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc
  (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions
  back in (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned
  (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm: clean event_thread->worker in case of an error
  (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
  (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path
  (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
  (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer
  (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending
  cmd (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
  (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/bridge: megachips: Fix error handling in
  i2c_register_driver() (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in
  vc4_vec_encoder_enable() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us
  dependency (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board
  (git-fixes).
- commit 3467b1b
- auxdisplay: hd44780: Fix potential memory leak in
  hd44780_remove() (git-fixes).
- Documentation: simplify and clarify DCO contribution example
  language (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as
  parents (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
  (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
  (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code
  (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if
  cpg_mssr_common_init() failed (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function
  (git-fixes).
- dmaengine: ptdma: check for null desc before calling
  pt_cmd_callback (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure
  (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
  (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation
  (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics
  (git-fixes).
- dmaengine: dw-edma: Don't permit non-inc interleaved xfers
  (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved
  xfers (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device
  links (git-fixes).
- drivers: base: transport_class: fix resource leak when
  transport_add_device() fails (git-fixes).
- drivers: base: transport_class: fix possible memory leak
  (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fix potential null-ptr-deref in device_add()
  (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- Revert "/char: pcmcia: cm4000_cs: Replace mdelay with
  usleep_range in set_protocol"/ (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name
  (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
  (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
  (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
  (git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number
  (git-fixes).
- ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not
  declared (git-fixes).
- ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
  (git-fixes).
- ASoC: dt-bindings: meson: fix gx-card codec node regex
  (git-fixes).
- ASoC: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- ASoC: rsnd: fixup #endif position (git-fixes).
- Bluetooth: hci_qca: get wakeup status from serdev device handle
  (git-fixes).
- Bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete
  (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- Revert "/crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with
  GFP_KERNEL in pkcs1pad_encrypt_sign_complete"/ (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate
  sysfs filename (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for
  SEV_GET_ID2 (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey()
  (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
  (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN
  is not supported (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS ==
  COMPLETED (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers
  (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap
  based IO (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
  (git-fixes).
- commit d5e5686
- ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
  (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible
  (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init()
  (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- ASoC: mchp-spdifrx: disable all interrupts in
  mchp_spdifrx_dai_remove() (git-fixes).
- ASoC: mchp-spdifrx: fix controls which rely on rsr register
  (git-fixes).
- ASoC: soc-compress.c: fixup private_data on
  snd_soc_new_compress() (git-fixes).
- ALSA: hda/ca0132: minor fix for allocation size (git-fixes).
- ACPI: battery: Fix missing NUL-termination with large strings
  (git-fixes).
- ACPICA: nsrepair: handle cases without a return value correctly
  (git-fixes).
- ACPICA: Drop port I/O validation for some regions (git-fixes).
- ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for
  IOMMU node (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
  (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC
  (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock
  description (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
  (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan
  thermal trip (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
  (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit
  address (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
  (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name
  (git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address
  (git-fixes).
- ARM: dts: imx7s: correct iomuxc gpr mux controller cells
  (git-fixes).
- ARM: dts: exynos: correct HDMI phy compatible in Exynos4
  (git-fixes).
- ARM: dts: exynos: correct wr-active property in Exynos3250
  Rinato (git-fixes).
- ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
  (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
  (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output
  names (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells
  (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells
  (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt
  pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k
  instead of 4k (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets
  (git-fixes).
- ARM: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init
  (git-fixes).
- ARM: imx: Call ida_simple_remove() for ida_simple_get
  (git-fixes).
- ARM: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- ARM: OMAP1: call platform_device_put() in error case in
  omap1_dm_timer_init() (git-fixes).
- ARM: OMAP2+: Fix memory leak in realtime_counter_init()
  (git-fixes).
- ALSA: hda/realtek - fixed wrong gpio assigned (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6180 (git-fixes).
- ACPI: NFIT: fix a potential deadlock during NFIT teardown
  (git-fixes).
- ARM: dts: rockchip: add power-domains property to dp node on
  rk3288 (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from
  rk3328-roc-cc (git-fixes).
- ASoC: rt715-sdca: fix clock stop prepare timeout issue
  (git-fixes).
- ASoC: cs42l56: fix DT probe (git-fixes).
- ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
  (git-fixes).
- ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
  (git-fixes).
- ALSA: hda: Do not unset preset when cleaning up codec
  (git-fixes).
- ACPI / x86: Add support for LPS0 callback handler (git-fixes).
- commit b514cae
- Refresh
  patches.suse/ipmi-ssif-Add-a-timer-between-request-retries.patch.
- Refresh patches.suse/ipmi-ssif-Remove-rtc_us_timer.patch.
- Refresh patches.suse/ipmi-ssif-resend_msg-cannot-fail.patch.
- Refresh
  patches.suse/ipmi_ssif-Rename-idle-state-and-check.patch.
- commit 39421c5
- KABI fix for:  NFSv3: handle out-of-order write replies
  (bsc#1205544).
- commit 931f6bd
- NFSv3: handle out-of-order write replies (bsc#1205544).
- commit 96398e7
- locking/rwsem: Disable preemption in all down_write*() and
  up_write() code paths (bsc#1207270).
- commit 87b3e0b
- locking/rwsem: Disable preemption in all down_read*() and
  up_read() code paths (bsc#1207270).
- commit c4762ff
- locking/rwsem: Prevent non-first waiter from spinning in
  down_write() slowpath (bsc#1207270).
- commit 61aa9bc
- locking/rwsem: Disable preemption while trying for rwsem lock
  (bsc#1207270).
- commit 164c146
- locking/rwsem: Allow slowpath writer to ignore handoff bit if
  not set by first waiter (bsc#1207270).
- commit 05a6130
- locking/rwsem: Always try to wake waiters in out_nolock path
  (bsc#1207270).
- commit 2d3049a
- locking/rwsem: Conditionally wake waiters in reader/writer
  slowpaths (bsc#1207270).
- commit 6c03884
- locking/rwsem: No need to check for handoff bit if wait queue
  empty (bsc#1207270).
- commit 7ef94ea
- locking: Add missing __sched attributes (bsc#1207270).
- commit 241a50d
- locking/rwsem: Make handoff bit handling more consistent
  (bsc#1207270).
- commit 68640da
- wifi: ath9k: Fix potential stack-out-of-bounds write in
  ath9k_wmi_rsp_callback() (git-fixes).
- commit 4c1ac5d
- blacklist.conf: Add oops_limit accretion disk
- commit b22c6d0
- powerpc/eeh: Set channel state after notifying the drivers
  (bsc#1208784 ltc#201612).
- commit c4cafd6
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA
  clustering (bsc#1208420).
- commit 30beac0
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- commit adff7f2
- IB/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- commit 3bdf9ca
- RDMA/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- commit 878e0eb
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- commit d90e67e
- RDMA/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- commit 05d982b
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- commit 7eb2c03
- RDMA/siw: Fix user page pinning accounting (git-fixes)
- commit d72f1f4
- fuse: add inode/permission checks to fileattr_get/fileattr_set
  (bsc#1208759).
- commit 91990ec
- usb: gadget: u_serial: Add null pointer check in gserial_resume
  (git-fixes).
- commit 4549b2e
- Update
  patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch
  (bsc#1208741 CVE-2023-22995).
  Added CVE reference for fix already present
- commit 3d3f080
- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit 7ee1e3a
- RDMA/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- commit 364a0c0
- RDMA/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- commit 4c3dcae
- iommu/hyper-v: Allow hyperv irq remapping without x2apic
  (git-fixes).
- commit 944a8e8
- Avoid deadlock for recursive I/O on dm-thin when used as swap
  (bsc#1177529).
- commit 9236175
- x86/mm: Randomize per-cpu entry area (bsc#1207845
  CVE-2023-0597).
- commit 3959431
- [xen] fix "/direction"/ argument of iov_iter_kvec() (git-fixes).
- commit defee4c
- xen/privcmd: Fix a possible warning in
  privcmd_ioctl_mmap_resource() (git-fixes).
- commit fca2519
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit d392a17
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
  (git-fixes).
- commit cd8f1e2
- blacklist.conf: add "/xen/netback: don't call kfree_skb() under
  spin_lock_irqsave()"/
- commit 49e8a38
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 81410eb
- xen/netback: fix build warning (git-fixes).
- Refresh
  patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch.
- commit 18cf292
- xen/platform-pci: add missing free_irq() in error path
  (git-fixes).
- commit 1274346
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
  (git-fixes).
- commit e6b17f1
- xen/netback: do some code cleanup (git-fixes).
- Refresh
  patches.suse/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch.
- commit ea1b704
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
  (git-fixes).
- commit 264c043
- xfs: convert ptag flags to unsigned (git-fixes).
- commit a339957
- xfs: don't leak btree cursor when insrec fails after a split
  (git-fixes).
- commit fb35824
- xfs: don't assert fail on perag references on teardown
  (git-fixes).
- commit d42b263
- xfs: zero inode fork buffer at allocation (git-fixes).
- commit e8b3335
- block: bio-integrity: Copy flags when bio_integrity_payload
  is cloned (bsc#1208541).
- commit 9308710
- scsi: lpfc: Copyright updates for 14.2.0.10 patches
  (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Introduce new attention types for
  lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after
  FLOGI completion (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs
  firmware write (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not
  in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in
  lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport()
  (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length
  (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used
  compiler warnings (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy()
  (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show()
  (bsc#1208607).
- commit eecdcbc
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
  (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
  static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
  gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
  (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
  (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
  commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
  (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
  (bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
  (bsc#1208570).
- commit e9e64c0
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
  (git-fixes).
- x86/hyperv: Introduce
  HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants
  (git-fixes).
- PCI: hv: update comment in x86 specific hv_arch_irq_unmask
  (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- commit e18f1a9
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- commit 43b143c
- drm/hyperv : Removing the restruction of VRAM allocation with
  PCI bar size (git-fixes).
- commit 6cc703f
- powercap: fix possible name leak in powercap_register_zone()
  (git-fixes).
- commit d3806fa
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- commit f901e29
- blacklist.conf: false positive
- commit b59e5d1
- usb: musb: Add and use inline function musb_otg_state_string
  (git-fixes).
- commit cd1604d
- usb: musb: Add and use inline functions musb_{get,set}_state
  (git-fixes).
- commit 4523590
- usb: musb: remove schedule work called after flush (git-fixes).
- commit f3d8faf
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
  (git-fixes).
- commit b3d3528
- usb: dwc3: qcom: clean up icc init (git-fixes).
- commit 88d9416
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- commit b64ea4c
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- commit 2e3d004
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- Refresh
  patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit 9b6a3e2
- Revert "/usb: dwc3: qcom: Keep power domain on to retain
  controller status"/ (git-fixes).
- commit 2174f55
- usb: dwc3: core: Host wake up support from system suspend
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit f82f88f
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- commit dc0c872
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- commit d9b764b
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit 4cd8f2e
- usb: dwc3: qcom: Keep power domain on to retain controller
  status (git-fixes).
- commit f6409bd
- usb: dwc3: qcom: Configure wakeup interrupts during suspend
  (git-fixes).
- Refresh patches.suse/usb-dwc3-qcom-fix-runtime-PM-wakeup.patch.
- Refresh
  patches.suse/usb-dwc3-qcom-fix-use-after-free-on-runtime-PM-wakeu.patch.
- commit a8bd7ad
- blacklist.conf: kABI
- commit b99a3c8
- s390/dasd: Fix potential memleak in dasd_eckd_init()
  (git-fixes).
- commit 4a4e22d
- blacklist.conf: ("/ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer"/)
- commit 5089b86
- ARM: renumber bits related to _TIF_WORK_MASK (git-fixes)
- commit c91243e
- blacklist.conf: ("/ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation"/)
- commit 400cab3
- blacklist.conf: ("/ARM: at91: pm: avoid soft resetting AC DLL"/)
- commit 6bcebc9
- blacklist.conf: ("/ARM: dts: at91: sama7g5: fix signal name of pin PB2"/)
- commit 919e157
- ARM: dts: am5748: keep usb4_tm disabled (git-fixes)
- commit b8d72b7
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: specify proper regulator output ranges"/)
- commit 3ab614b
- blacklist.conf: ("/ARM: at91: pm: fix DDR recalibration when resuming from backup and"/)
- commit 0f7a39d
- blacklist.conf: ("/ARM: at91: pm: fix self-refresh for sama7g5"/)
- commit be8848f
- Update
  patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
  (CVE-2023-23559 bsc#1207051).
  Added CVE reference to patch already merged through git-fixes
- commit a3e1190
- ARM: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- commit 91b832e
- ARM: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- commit 1de40c0
- blacklist.conf: ("/ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1"/)
- commit fa5a88a
- blacklist.conf: ("/ARM: dts: ux500: Fix Gavini accelerometer mounting matrix"/)
- commit 2b7186a
- blacklist.conf: ("/ARM: dts: ux500: Fix Codina accelerometer mounting matrix"/)
- commit aaa59d4
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- commit 6cae44e
- ARM: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- commit 34357fd
- blacklist.conf: ("/ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt"/)
- commit c94ffa5
- virt: sevguest: Rename the sevguest dir and files to sev-guest
  (bsc#1208449).
- Refresh
  patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit efc1984
- virt: sevguest: Change driver name to reflect generic SEV
  support (bsc#1208449).
- Refresh
  patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit 9995360
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto()
  (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver
  (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap()
  (bsc#1208449).
- commit 61ff2a0
- blacklist.conf: ("/ARM: versatile: Add missing of_node_put in dcscb_init"/)
- commit 346b599
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 8b7f9eb
- blacklist.conf: ("/ARM: dts: at91: sama7g5: remove interrupt-parent from gic node"/)
- commit 7886324
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- commit 7eff197
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines"/)
- commit 5fe218b
- blacklist.conf: ("/arm/xen: Fix some refcount leaks"/)
- commit e7dd5e5
- blacklist.conf: ("/ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes"/)
- commit 8a32969
- blacklist.conf: ("/ARM: dts: at91: fix low limit for CPU regulator"/)
- commit 51d5738
- ARM: remove some dead code (git-fixes)
- commit f7ced4a
- blacklist.conf: ("/ARM: 9179/1: uaccess: avoid alignment faults in"/)
- commit ac48f9d
- blacklist.conf: ("/ARM: dts: gpio-ranges property is now required"/)
- commit 8e50da0
- blacklist.conf: ("/Revert "/ARM: 9070/1: Make UNWINDER_ARM depend on ld.bfd or ld.lld"/)
- commit 6e45b56
- blacklist.conf: ("/Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH"/)
- commit db21aa5
- blacklist.conf: ("/ARM: dts: at91: update alternate function of signal PD20"/)
- commit 638e70e
- ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- commit b3c9eb5
- ARM: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- commit 255b829
- kmap_local: don't assume kmap PTEs are linear arrays in memory (git-fixes)
  Update config/armv7hl/default too.
- commit 4f3ffba
- ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- commit 9fe9f3d
- blacklist.conf: ("/ARM: 9131/1: mm: Fix PXN process with LPAE feature"/)
- commit 401f82c
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1c4885c
- blacklist: add commit 752f59637128 ("/docs: filesystems: update netfs-api.rst reference"/)
- commit b636a21
- fscache_cookie_enabled: check cookie is valid before accessing
  it (bsc#1208429).
- commit eb9d928
- ceph: flush cap releases when the session is flushed
  (bsc#1208428).
- commit 6cc818b
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy
  (git-fixes).
- block: don't allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed
  (git-fixes).
- block: mq-deadline: Do not break sequential write streams to
  zoned HDDs (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir
  reference (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
  (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- drivers/md/md-bitmap: check the return value of
  md_bitmap_get_counter() (git-fixes).
- block/bfq-iosched.c: use "/false"/ rather than "/BLK_RW_ASYNC"/
  (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- commit 1404ba9
- blacklist.conf: add git-fixes commit which won't be backported
- commit 9c78c8a
- net: mana: Assign interrupts to CPUs based on NUMA nodes
  (bsc#1208153).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit e0863ac
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit b973d25
- drm/amd/display: Fail atomic_check early on normalize_zpos error
  (git-fixes).
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
  (git-fixes).
- net: openvswitch: fix possible memory leak in
  ovs_meter_cmd_set() (git-fixes).
- commit 305b479
- Set references for "/drm/vmwgfx: Validate the box size for the snooped cursor"/ (bsc#1203332 CVE-2022-36280)
- commit 9d6fa3b
- exit: Use READ_ONCE() for all oops/warn limit reads
  (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- commit 75afc24
- panic: Introduce warn_limit (bsc#1207328).
- panic: Consolidate open-coded panic_on_warn checks
  (bsc#1207328).
- kasan: no need to unset panic_on_warn in end_report()
  (bsc#1207328).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue()
  (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- commit 2d71785
- Update
  patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops.patch
  (bsc#1207328, bsc#1208290).
- commit d66a2b6
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
  (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- commit d08ee1f
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- blacklist.conf: blacklist fixups for unsupported arches
- exit: Guarantee make_task_dead leaks the tsk when calling
  do_task_exit (bsc#1207328).
- objtool: Add a missing comma to avoid string concatenation
  (bsc#1207328).
- commit a5e521f
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- sysctl: add a new register_sysctl_init() interface
  (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead
  (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead
  (bsc#1207328).
- exit: Add and use make_task_dead (bsc#1207328).
- commit b158add
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit 6452dee
- net: mana: Fix IRQ name - add PCI and queue number
  (bsc#1207875).
- commit da88ecc
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
  (git-fixes).
- x86/asm: Fix an assembler warning with current binutils
  (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
  (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with
  CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in
  kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the
  APs (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state
  cannot be saved (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- commit e419e31
- blacklist.conf: add some x86 entries
- commit a9b7553
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
  CVE-2023-0045).
- commit e08d6f4
- Fix page corruption caused by racy check in __free_pages
  (bsc#1208149).
- commit 28d64fc
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- commit a36b0e7
- Delete
  patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch.
- commit 2fa3c94
- RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- commit af04c13
- RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- commit c54f45a
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- commit 16b662e
- IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
- commit ccc63fc
- [infiniband] READ is "/data destination"/, not source... (git-fixes)
- commit e72e699
- bpf: Fix a possible task gone issue with
  bpf_send_signal[_thread]() helpers (git-fixes).
- commit 6dd7272
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- commit e9da05e
- tracing: Fix poll() and select() do not work on per_cpu
  trace_pipe and trace_pipe_raw (git-fixes).
- commit 6d2cfdd
- trace_events_hist: add check for return value of
  'create_hist_field' (git-fixes).
- commit 6dd7173
- tracing: Make sure trace_printk() can output as soon as it
  can be used (git-fixes).
- commit cac7b63
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- commit 5ea2f7f
- xfs: hoist refcount record merge predicates (bsc#1208183).
- commit 295092d
- usb: typec: altmodes/displayport: Fix probe pin assign check
  (git-fixes).
- commit 26849f9
- nvdimm: disable namespace on error (bsc#1166486).
- commit 195740e
- spi: dw: Fix wrong FIFO level setting for long xfers
  (git-fixes).
- commit 81770af
- ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook,
  645 G9 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book2 Pro 360 (git-fixes).
- commit 58ec4c2
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm
  (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct
  IRQ mode (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value
  (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some
  Pins (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts
  level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller
  interrupts level-sensitive (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts
  level-sensitive (git-fixes).
- ASoC: topology: Return -ENOMEM on memory allocation failure
  (git-fixes).
- ALSA: emux: Avoid potential array out-of-bound in
  snd_emux_xg_control() (git-fixes).
- ALSA: pci: lx6464es: fix a debug loop (git-fixes).
- commit 1f306c4
- drm/i915: Initialize the obj flags for shmem objects
  (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait
  (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched
  init/fini (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already
  claimed (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL,
  internal PHY (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams
  zerocopy benchmarking (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx
  programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args
  are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized'
  compiler warning (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device
  after use (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
  (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video
  is enabled (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
  (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type
  0x0010 table (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe
  (git-fixes).
- ASoC: Intel: bytcht_es8316: move comment to the right place
  (git-fixes).
- ASoC: Intel: boards: fix spelling in comments (git-fixes).
- commit 3e5740a
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210)
  Also enable module in aarch64 default configuration.
- commit 75d6ed8
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- commit fa7eb4a
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- commit 6fe03db
- blacklist.conf: Add inapplicable ppc fixes
- commit 27b4e1f
- blacklist.conf: Add more unsupported ppc architecture paths
- commit 7ff8dae
- ACPI: x86: s2idle: Stop using AMD specific codepath for
  Rembrandt+ (bsc#1206224).
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865
  (bsc#1206224).
- ACPI: x86: s2idle: Add another ID to s2idle_dmi_table
  (bsc#1206224).
- ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG
  Flow X13 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7
  (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14
  (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE
  (bsc#1206224).
- ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID
  (bsc#1206224).
- ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt
  (bsc#1206224).
- ACPI: x86: s2idle: Move _HID handling for AMD systems into
  structures (bsc#1206224).
- ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is
  unset (bsc#1206224).
- ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008
  (bsc#1206224).
- commit 35655fa
- of/address: Return an error when no valid dma-ranges are found
  (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- commit 787429a
- cifs: do not include page data when checking signature
  (git-fixes).
- commit 371ed21
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
  bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
  bsc#1207795).
- commit 37e8915
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- commit b8e6a95
- Remove duplicate Git-commit tag in patch file
- commit e53c839
- nvmet-auth: add missing goto in nvmet_setup_auth() (bsc#1207050
  CVE-2023-0122).
- commit bf95e5e
- net: sched: atm: dont intepret cls results when asked to drop
  (bsc#1207125 CVE-2023-23455).
- commit 7c3cc04
- blacklist.conf: kABI
- commit 2978c58
- net: sched: cbq: dont intepret cls results when asked to drop
  (bsc#1207036 CVE-2023-23454).
- commit 6b9dae7
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits
  (git-fixes).
- commit 7c7cc75
- drm/hyperv: Add error message for fb size greater than allocated
  (git-fixes).
- commit cafd34d
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- commit 6de96d2
- Delete for regression addressed (bsc#1207933) patches.suse/0029-zram-do-not-lookup-algorithm-in-backends-table.patch.
- commit bebd4c7
- net/mlx5: Dynamically resize flow counters query buffer
  (bsc#1195175).
- commit 6a283ad
- IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
- commit 02f72aa
- IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- commit 9a77ebc
- IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
- commit b274778
- IB/hfi1: Reserve user expected TIDs (git-fixes)
- commit fe650ef
- IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
- commit 09b161d
- RDMA/core: Fix ib block iterator counter overflow (git-fixes)
- commit dd46f2f
- RDMA/rxe: Prevent faulty rkey generation (git-fixes)
- commit d9dabe6
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- commit 3feb1bc
- Update kabi files from 5.14.21-150400.24.41.1 (January 2023 update).
- commit 2e08d61
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
  (bsc#1207842).
- commit a65c09c
- blacklist.conf: kABI
- commit f264e1b
- blacklist.conf: kABI
- commit a5843b9
- blacklist.conf: kABI
- commit 61ccddd
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- commit 06d39b7
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- commit 1322a9f
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI
  (git-fixes).
- ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in
  sdma_transfer_init (git-fixes).
- HID: playstation: sanity check DualSense calibration data
  (git-fixes).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- selftests/vm: remove ARRAY_SIZE define from individual tests
  (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs
  (git-fixes).
- commit fe9cb53
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
  (git-fixes).
- commit 905c5a6
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap()
  (git-fixes).
- commit aae275a
- x86/hyperv: Restore VP assist page after cpu offlining/onlining
  (git-fixes).
- commit bd7d55d
- Update patch tags
  - patches.suse/watchdog-diag288_wdt-do-not-use-stack-buffers-for-ha.patch
- patches.suse/watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
- commit 9dc3955
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate
  (bsc#1194869).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel
  (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel
  (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size
  estimation (bsc#1194869).
- powerpc: move __end_rodata to cover arch read-only sections
  (bsc#1194869).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX
  boundary (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page
  aligned (bsc#1194869).
- commit 9e11a71
- powerpc/64s: Fix local irq disable when PMIs are disabled
  (bsc#1195655 ltc#1195655 git-fixes).
- commit 42a147d
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints
  (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in
  __ffs_ep0_queue_wait (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode
  (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read()
  to avoid UAF (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN
  (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode
  assignment (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection
  (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space
  (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels
  readback (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback
  (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor
  (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others
  (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path
  (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- fpga: stratix10-soc: Fix return value check in
  s10_ops_write_init() (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- commit 0505fbb
- Move upstreamed net patch into sorted section
- commit 6bb42b5
- efi: fix potential NULL deref in efi_mem_reserve_persistent
  (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- commit 0b0e115
- watchdog: diag288_wdt: do not use stack buffers for hardware
  data (bsc#1207497).
- commit 70827db
- watchdog: diag288_wdt: fix __diag288() inline assembly
  (bsc#1207497).
- commit a36f04c
- btrfs: fix race between quota rescan and disable leading to
  NULL pointer deref (bsc#1207158).
- btrfs: fix race between quota enable and quota rescan ioctl
  (bsc#1207158).
- commit df99a9d
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- commit 0780574
- btrfs: qgroup: remove duplicated check in adding qgroup
  relations (bsc#1207158).
- commit 672de9e
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from
  btrfs_qgroup_rescan_worker (bsc#1207158).
- commit 8a7e537
- ata: libata: Fix sata_down_spd_limit() when no link speed is
  reported (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate
  (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register
  access (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected
  socket (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826
  devices (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX
  (git-fixes).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init()
  (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- commit 27bf187
- ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs, speaker don't work
  for a HP platform (git-fixes).
- commit 1379d54
- ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device
  after use (git-fixes).
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device
  after use (git-fixes).
- ALSA: hda/via: Avoid potential array out-of-bound in
  add_secret_dac_path() (git-fixes).
- firewire: fix memory leak for payload of request subaction to
  IEC 61883-1 FCP region (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument
  types (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- drm/amd/display: fix issues with driver unload (git-fixes).
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets
  (git-fixes).
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with
  AC'97 CODEC (git-fixes).
- ASoC: fsl_micfil: Correct the number of steps on SX controls
  (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist
  (git-fixes).
- platform/x86: asus-nb-wmi: Add alternate mapping for
  KEY_SCREENLOCK (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther
  Tab HD (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL
  (git-fixes).
- r8152: add vendor/device ID pair for Microsoft Devkit
  (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W
  modem (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi
  without locking (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without
  delay (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- thermal/core: Remove duplicate information when an error occurs
  (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- commit f0fb46a
- drm/amd/display: Take emulated dc_sink into account for HDCP
  (bsc#1207734).
- commit bbfc833
- scsi: Revert "/scsi: core: map PQ=1, PDT=other values to
  SCSI_SCAN_TARGET_PRESENT"/ (git-fixes).
- commit 03470cd
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
  (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error
  handler (git-fixes).
- commit 280e1ff
- blacklist.conf: add drivers/video/fbdev/hyperv_fb.c
  This branch defaults to DRM.
- commit 35643e4
- ipmi:ssif: Add 60ms time internal between write retries
  (bsc#1206459).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- commit 05eee5d
- Update tags
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit 7dd4cb0
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- commit 117a059
- ocfs2: ocfs2_mount_volume does cleanup job before return error
  (bsc#1207770).
- commit dfd7632
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref
  (bsc#1207769).
- commit 20e2b2f
- ocfs2: quota_local: fix possible uninitialized-variable access
  in ocfs2_local_read_info() (bsc#1207768).
- commit 4b2997d
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS
  (git-fixes).
- commit db40f07
- tracing/hist: Fix issue of losting command info in error_log
  (git-fixes).
- commit 3ae8811
- tracing: Fix race where histograms can be called before the
  event (git-fixes).
- commit 3fe5f69
- tracing: Use alignof__(struct {type b;}) instead of offsetof()
  (git-fixes).
- commit 2e96b05
- blacklist.conf: add not-relevant ftrace fixes
- commit 2ba4363
- blacklist.conf: add commits for tracking skb drop reasons
- commit f7cc13a
- blacklist.conf: add a move of trace_pid_list logic
- commit 8c14765
- tracing: Fix mismatched comment in __string_len (git-fixes).
- commit ed647e2
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
  bsc#1204356, bsc#1204662).
- commit 35ea4d8
- Revert "/Input: synaptics - switch touchpad on HP Laptop
  15-da3001TU to RMI mode"/ (git-fixes).
- commit c8ef0bf
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- commit ff23887
- Delete
  patches.suse/0004-block-check-minor-range-in-device_add_disk.patch.
- commit 89a42b5
- blacklist.conf: add git-fix commit which won't be backported
- commit 1012afa
- loop: Fix the max_loop commandline argument treatment when it
  is set to 0 (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed
  (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
  (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices
  (git-fixes).
- elevator: update the document of elevator_switch (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg()
  (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init()
  (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached
  devices (git-fixes).
- blk-throttle: prevent overflow while calculating wait time
  (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
  (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- zram: do not lookup algorithm in backends table (git-fixes).
- block: ensure iov_iter advances for added pages (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread()
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume
  (git-fixes).
- dm raid: fix address sanitizer warning in raid_status
  (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
  (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
  (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before
  (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- Revert "/Revert "/block, bfq: honor already-setup queue merges"/"/
  (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- block, bfq: don't move oom_bfqq (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
  (git-fixes).
- dm btree: add a defensive bounds check to insert_at()
  (git-fixes).
- block: check minor range in device_add_disk() (git-fixes).
- virtio-blk: modify the value type of num in virtio_queue_rq()
  (git-fixes).
- swim3: add missing major.h include (git-fixes).
- commit 4a07308
- block: use bdev_get_queue() in bio.c (git-fixes).
- Refresh for the above change,
  patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch.
- commit c3aca76
- blacklist.conf: add git-fixes commits which won't be backported
- commit 6443e7d
- Update patches.suse/xfs-get-root-inode-correctly-at-bulkstat.patch
  (git-fixes bsc#1207501 ltc#201370).
- commit e6e8484
- Update patches.suse/btrfs-fix-processing-of-delayed-tree-block-refs-duri.patch
  (bsc#1206057 bsc#1207506 ltc#201368).
- commit 15be8ec
- Update patches.suse/btrfs-fix-processing-of-delayed-data-refs-during-bac.patch
  (bsc#1206056 bsc#1207507 ltc#201367).
- commit 1354bb5
- ext4: fix deadlock due to mbcache entry corruption
  (bsc#1207653).
- commit ea7e0f8
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- commit 5549473
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- commit c18a79b
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- commit a2d0061
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- commit 29f0a1d
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- commit ed4271e
- mbcache: Avoid nesting of cache->c_list_lock under bit locks
  (bsc#1207647).
- commit 947b83a
- jbd2: add miss release buffer head in fc_do_one_pass()
  (bsc#1207646).
- commit c61f342
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
  (bsc#1207645).
- commit d4e2227
- jbd2: fix potential buffer head reference count leak
  (bsc#1207644).
- commit 45a2852
- jbd2: wake up journal waiters in FIFO order, not LIFO
  (bsc#1207643).
- commit 8fd722e
- vfs: Check the truncate maximum size in inode_newsize_ok()
  (bsc#1207642).
- commit 4685fa4
- jbd2: fix a potential race while discarding reserved buffers
  after an abort (bsc#1207641).
- commit b0b81dd
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- commit 5afbf05
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit 1e65abd
- quota: Prevent memory allocation recursion while holding dq_lock
  (bsc#1207639).
- commit a7495d2
- blacklist.conf: Blacklist dd5532a4994b
- commit 4bd9a40
- writeback: avoid use-after-free after removing device
  (bsc#1207638).
- commit 1776642
- ext4: fix reserved cluster accounting in __es_remove_extent()
  (bsc#1207637).
- commit 17f75d7
- ext4: fix inode leak in ext4_xattr_inode_create() on an error
  path (bsc#1207636).
- commit 86dbaea
- ext4: allocate extended attribute value in vmalloc area
  (bsc#1207635).
- commit 3278f6d
- ext4: avoid unaccounted block allocation when expanding inode
  (bsc#1207634).
- commit 587e0b3
- ext4: initialize quota before expanding inode in setproject
  ioctl (bsc#1207633).
- commit 09b6e51
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
  (bsc#1206894).
- commit e824a9a
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- commit 59e5f40
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc
  + inline (bsc#1207631).
- commit fcf7010
- ext4: fix uninititialized value in 'ext4_evict_inode'
  (bsc#1206893).
- commit a4ce862
- ext4: fix error code return to user-space in ext4_get_branch()
  (bsc#1207630).
- commit 3052920
- blacklist.conf: Blacklist 89481b5fa8c0
- commit aafc810
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- commit 9d7a800
- ext4: fix off-by-one errors in fast-commit block filling
  (bsc#1207628).
- commit b215d68
- ext4: fix unaligned memory access in ext4_fc_reserve_space()
  (bsc#1207627).
- commit 5e2318b
- ext4: add missing validation of fast-commit record lengths
  (bsc#1207626).
- commit 9374e7a
- ext4: fix leaking uninitialized memory in fast-commit journal
  (bsc#1207625).
- commit bea0a27
- ext4: don't set up encryption key during jbd2 transaction
  (bsc#1207624).
- commit 94c26c2
- ext4: disable fast-commit of encrypted dir operations
  (bsc#1207623).
- commit 8b84b5f
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- commit 868c482
- ext4: don't allow journal inode to have encrypt flag
  (bsc#1207621).
- commit fa42934
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit fe391f3
- ext4: fix bug_on in __es_tree_search caused by bad boot loader
  inode (bsc#1207620).
- commit b0bf8bc
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
  (bsc#1207619).
- commit 0e8c6a3
- ext4: add helper to check quota inums (bsc#1207618).
- commit 710d5f0
- blacklist.conf: Blacklist 78742d4d056d
- commit 510a3a2
- ext4: add inode table check in __ext4_get_inode_loc to aovid
  possible infinite loop (bsc#1207617).
- commit 4fac5ac
- blacklist.conf: Blacklist 318cdc822c63
- commit efccaca
- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit a2ec490
- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 786ae72
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 0e67070
- ext4: fix BUG_ON() when directory entry has invalid rec_len
  (bsc#1206886).
- commit b11568d
- ext4: fix potential out of bound read in ext4_fc_replay_scan()
  (bsc#1207616).
- commit 191b92e
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- commit 4278623
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- commit 54601c7
- ext4: update 'state->fc_regions_size' after successful memory
  allocation (bsc#1207613).
- commit dca6962
- ext4: fix potential memory leak in ext4_fc_record_regions()
  (bsc#1207612).
- commit 65b0d99
- ext4: fix potential memory leak in
  ext4_fc_record_modified_inode() (bsc#1207611).
- commit 313959b
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- commit 73881e2
- ext4: fix miss release buffer head in ext4_fc_write_inode
  (bsc#1207609).
- commit 60277f8
- ext4: fix dir corruption when ext4_dx_add_entry() fails
  (bsc#1207608).
- commit d8d3c16
- ext4: place buffer head allocation before handle start
  (bsc#1207607).
- commit 767ca31
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't
  uptodate (bsc#1207606).
- commit 7864371
- ext4: don't increase iversion counter for ea_inodes
  (bsc#1207605).
- commit 15b3923
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit 0a2f6bf
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit a8218a0
- ext4: don't run ext4lazyinit for read-only filesystems
  (bsc#1207603).
- commit d920748
- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit efade7c
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit caafbe8
- ext4: limit the number of retries after discarding
  preallocations blocks (bsc#1207602).
- commit 550c1e6
- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth > 0 (bsc#1206881).
- commit 846b339
- blacklist.conf: Blacklist mballoc opimization fixes
- commit 2ee70c1
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit cee3b5d
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 5f27096
- blacklist.conf: Blacklist 51ae846cff56
- commit 8cb8660
- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit 7565182
- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit 5344160
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 51cff2a
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit 0336ab6
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit b84af9c
- blacklist.conf: Blacklist 4978c659e7b5
- commit a7e7239
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit e6b6979
- blacklist.conf: Blacklist fs/ext2
- commit 1e7297b
- blacklist.conf: Blacklist 4efd9f0d120c
- commit 3b5e25a
- ext4: fix bug_on in start_this_handle during umount filesystem
  (bsc#1207594).
- commit 90713b0
- blacklist.conf: Blacklist c864ccd182d6
- commit bc0a035
- blacklist.conf: Blacklist cc5095747edf
- commit 60d47ef
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
  (bsc#1207593).
- commit 2407741
- ext4: correct cluster len and clusters changed accounting in
  ext4_mb_mark_bb (bsc#1207592).
- commit b2577a3
- ext4: fast commit may miss file actions (bsc#1207591).
- commit ea4e204
- ext4: fast commit may not fallback for ineligible commit
  (bsc#1207590).
- commit 5e4d8de
- ext4: simplify updating of fast commit stats (bsc#1207589).
- commit 85414f9
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- commit 62a4d65
- vfs: make sync_filesystem return errors from ->sync_fs
  (git-fixes).
- commit eff9790
- fs: remove __sync_filesystem (git-fixes).
- commit 88736d7
- sctp: fail if no bound addresses can be used for a given scope
  (bsc#1206677).
- commit e201f3b
- Update patches.suse/btrfs-send-fix-sending-link-commands-for-existing-fi.patch
  (bsc#1206036 bsc#1207500 ltc#201363).
- commit 5345944
- efi: rt-wrapper: Add missing include (git-fixes).
- commit 3d91aef
- mei: me: add meteor lake point M DID (git-fixes).
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- USB: serial: cp210x: add SCALANCE LPE-9000 device id
  (git-fixes).
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in
  ncm_bitrate() (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi
  _DSM (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start
  (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert()
  (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down()
  (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack
  (git-fixes).
- drm/amdgpu: disable runtime pm on several sienna cichlid
  cards(v2) (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower
  case (git-fixes).
- commit bd99d4d
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
  print_trace_line (git-fixes).
- commit 2c44713
- tracing: Fix issue of missing one synthetic field (git-fixes).
- commit 3def245
- tracing: Fix possible memory leak in __create_synth_event()
  error path (git-fixes).
- commit 6ed0eab
- tracing/hist: Fix out-of-bound write on
  'action_data.var_ref_idx' (git-fixes).
- commit 750c560
- tracing/hist: Fix wrong return value in parse_action_params()
  (git-fixes).
- commit ebbb4bd
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE
  (git-fixes).
- commit e866c70
- tracing/probes: Handle system names with hyphens (git-fixes).
- commit 2323e61
- ftrace/x86: Add back ftrace_expected for ftrace bug reports
  (git-fixes).
- commit a14379e
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU
  (git-fixes).
- commit 8869d2a
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- commit f696f09
- IB/mad: Don't call to function that might sleep while in atomic
  context (git-fixes).
- commit 1b3cb60
- cifs: remove unused function (bsc#1193629).
- commit dddb552
- cifs: fix return of uninitialized rc in
  dfs_cache_update_tgthint() (bsc#1193629).
- commit 107299a
- cifs: handle cache lookup errors different than -ENOENT
  (bsc#1193629).
- commit 263d1e1
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- commit ede0049
- cifs: don't take exclusive lock for updating target hints
  (bsc#1193629).
- commit 441f914
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- commit 6dbdc1d
- cifs: fix potential deadlock in cache_refresh_path()
  (git-fixes).
- commit 4646a4f
- jbd2: use the correct print format (git-fixes).
- commit 34db311
- tracing: Fix warning on variable 'struct trace_array'
  (git-fixes).
- commit 771db36
- scsi: tracing: Fix compile error in trace_array calls when
  TRACING is disabled (git-fixes).
- commit ac58cae
- tracing: Avoid adding tracer option before update_tracer_options
  (git-fixes).
- commit ce3e735
- tracing: Fix sleeping function called from invalid context on
  RT kernel (git-fixes).
- commit 52007fe
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- commit b728605
- tracing: Have syscall trace events use
  trace_event_buffer_lock_reserve() (git-fixes).
- blacklist.conf: Remove the commit from the list
- commit 54d48a6
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
  (git-fixes).
- commit 954cfad
- blacklist.conf: prerequisites break kABI
- commit ea0d023
- tracing: Have type enum modifications copy the strings
  (git-fixes).
- commit fdf4a79
- mt76: fix use-after-free by removing a non-RCU wcid pointer
  (git-fixes).
- commit 5bb0d81
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well
  (git-fixes).
- commit 9aa6f06
- tracing/osnoise: Make osnoise_main to sleep for microseconds
  (git-fixes).
- commit 31030cc
- tracing: Ensure trace buffer is at least 4096 bytes large
  (git-fixes).
- commit d84d209
- tracing: Fix tp_printk option related with
  tp_printk_stop_on_boot (git-fixes).
- commit 2d97144
- ath11k: Fix unexpected return buffer manager error for QCA6390
  (git-fixes).
- commit fb54c7f
- ath11k_hw_params unremane cal_size (bsc#1199701 CVE-2020-24588).
- commit 042d893
- ath11k_hw_params reinsert deleted members (bsc#1199701
  CVE-2020-24588).
- commit 36b3581
- netfilter: nft_payload: incorrect arithmetics when fetching
  VLAN header bits (CVE-2023-0179 bsc#1207034).
- commit 3ea68f0
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro
  (git-fixes).
- commit 1b48195
- tracing: Avoid -Warray-bounds warning for __rel_loc macro
  (git-fixes).
- commit 42e71d6
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
  (git-fixes).
- commit b6b2aeb
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- commit 6bca62f
- tracing: Add trace_event helper macros __string_len() and
  __assign_str_len() (git-fixes).
- commit c14bed0
- tracing: Fix a kmemleak false positive in tracing_map
  (git-fixes).
- commit de3f801
- tracing: Don't use out-of-sync va_list in event printing
  (git-fixes).
- commit cf27dc0
- SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- commit 1620581
- SUNRPC: Update trace flags (git-fixes).
- commit 491eea9
- blacklist.conf: add a not-relevant ftrace fix
- commit a05a606
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
  (bsc#1206006).
- commit f397f8a
- blacklist.conf: Add upstream config paths.
- commit 4a7f4f2
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- commit cd7192b
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- commit 3e6177d
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- commit 97e4a68
- sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- commit 18a9947
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- commit ad3a9e3
- sched/core: Avoid obvious double update_rq_clock warning (git-fixes)
- commit 97af059
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- commit b78774a
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- commit 8c13d3e
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- commit acf4640
- ath11k_hwparams: hide new member spectral (bsc#1199701
  CVE-2020-24588).
- commit 665734d
- Refresh
  patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch.
  Now in mainline. Add to sorted section.
- commit 6995158
- kABI workaround for struct acpi_ec (bsc#1207149).
- commit 67b47b6
- ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
- ACPI: EC: Fix EC address space handler unregistration
  (bsc#1207149).
- ACPICA: Allow address_space_handler Install and _REG execution
  as 2 separate steps (bsc#1207149).
- ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- commit 6a8ca13
- Update patches.suse/crypto-dh-implement-FIPS-PCT.patch
  (jsc#SLE-21132,bsc#1191256,bsc#1207184).
- commit 0f2985d
- Update patches.suse/crypto-ecdh-implement-FIPS-PCT.patch
  (jsc#SLE-21132,bsc#1191256,bsc#1207184).
- commit 65a34a6
- VMCI: Use threaded irqs instead of tasklets (git-fixes).
- gsmi: fix null-deref in gsmi_get_variable (git-fixes).
- misc: fastrpc: Fix use-after-free race condition for maps
  (git-fixes).
- misc: fastrpc: Don't remove map on creater_process and
  device_release (git-fixes).
- w1: fix WARNING after calling w1_process() (git-fixes).
- w1: fix deadloop in __w1_remove_master_device() (git-fixes).
- driver core: Fix test_async_probe_init saves device in wrong
  array (git-fixes).
- staging: vchiq_arm: fix enum vchiq_status return types
  (git-fixes).
- serial: atmel: fix incorrect baudrate setup (git-fixes).
- tty: fix possible null-ptr-defer in spk_ttyio_release
  (git-fixes).
- serial: pch_uart: Pass correct sg to dma_unmap_sg() (git-fixes).
- tty: serial: qcom-geni-serial: fix slab-out-of-bounds on RX
  FIFO buffer (git-fixes).
- USB: misc: iowarrior: fix up header size for
  USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- usb: host: ehci-fsl: Fix module alias (git-fixes).
- usb: typec: tcpm: Fix altmode re-registration causes sysfs
  create fail (git-fixes).
- usb: gadget: g_webcam: Send color matching descriptor per frame
  (git-fixes).
- usb: typec: altmodes/displayport: Fix pin assignment calculation
  (git-fixes).
- usb: typec: altmodes/displayport: Add pin assignment helper
  (git-fixes).
- usb: gadget: f_fs: Ensure ep0req is dequeued before free_request
  (git-fixes).
- usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
  (git-fixes).
- usb: xhci: Check endpoint is valid before dereferencing it
  (git-fixes).
- usb-storage: apply IGNORE_UAS only for HIKSEMI MD202 on RTL9210
  (git-fixes).
- usb: cdns3: remove fetched trb from cache before dequeuing
  (git-fixes).
- thunderbolt: Use correct function to calculate maximum USB3
  link rate (git-fixes).
- thunderbolt: Do not call PM runtime functions in
  tb_retimer_scan() (git-fixes).
- thunderbolt: Do not report errors if on-board retimers are found
  (git-fixes).
- pinctrl: rockchip: fix mux route data for rk3568 (git-fixes).
- mmc: sunxi-mmc: Fix clock refcount imbalance during unbind
  (git-fixes).
- mmc: sdhci-esdhc-imx: correct the tuning start tap and step
  setting (git-fixes).
- PM: AVS: qcom-cpr: Fix an error handling path in cpr_probe()
  (git-fixes).
- soc: imx8m: Fix incorrect check for of_clk_get_by_name()
  (git-fixes).
- firmware: arm_scmi: Harden shared memory access in
  fetch_notification (git-fixes).
- firmware: arm_scmi: Harden shared memory access in
  fetch_response (git-fixes).
- memory: mvebu-devbus: Fix missing clk_disable_unprepare in
  mvebu_devbus_probe() (git-fixes).
- memory: atmel-sdramc: Fix missing clk_disable_unprepare in
  atmel_ramc_probe() (git-fixes).
- memory: tegra: Remove clients SID override programming
  (git-fixes).
- drm/amd/display: Fix COLOR_SPACE_YCBCR2020_TYPE matrix
  (git-fixes).
- drm/amd/display: Calculate output_color_space after pixel
  encoding adjustment (git-fixes).
- drm/panfrost: fix GENERIC_ATOMIC64 dependency (git-fixes).
- drm/i915: re-disable RC6p on Sandy Bridge (git-fixes).
- dmaengine: xilinx_dma: call of_node_put() when breaking out
  of for_each_child_of_node() (git-fixes).
- dmaengine: Fix double increment of client_count in
  dma_chan_get() (git-fixes).
- dmaengine: tegra210-adma: fix global intr clear (git-fixes).
- phy: phy-can-transceiver: Skip warning if no "/max-bitrate"/
  (git-fixes).
- phy: Revert "/phy: qualcomm: usb28nm: Add MDM9607 init sequence"/
  (git-fixes).
- phy: rockchip-inno-usb2: Fix missing clk_disable_unprepare()
  in rockchip_usb2phy_power_on() (git-fixes).
- phy: ti: fix Kconfig warning and operator precedence
  (git-fixes).
- Revert "/wifi: mac80211: fix memory leak in ieee80211_if_add()"/
  (git-fixes).
- wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
  (git-fixes).
- wifi: brcmfmac: fix regression for Broadcom PCIe wifi devices
  (git-fixes).
- virtio-net: correctly enable callback during start_xmit
  (git-fixes).
- net: mdio: validate parameter addr in mdiobus_get_phy()
  (git-fixes).
- net: usb: sr9700: Handle negative len (git-fixes).
- net: wan: Add checks for NULL for utdm in undo_uhdlc_init and
  unmap_si_regs (git-fixes).
- net: nfc: Fix use-after-free in local_cleanup() (git-fixes).
- l2tp: Don't sleep and disable BH under writer-side
  sk_callback_lock (git-fixes).
- commit b75f08a
- comedi: adv_pci1760: Fix PWM instruction handling (git-fixes).
- ACPI: PRM: Check whether EFI runtime is available (git-fixes).
- ARM: dts: at91: sam9x60: fix the ddr clock for sam9x60
  (git-fixes).
- Revert "/ARM: dts: armada-39x: Fix compatible string for gpios"/
  (git-fixes).
- Revert "/ARM: dts: armada-38x: Fix compatible string for gpios"/
  (git-fixes).
- arm64: dts: qcom: msm8992: Don't use sfpb mutex (git-fixes).
- arm64: dts: imx8mm-venice-gw7901: fix USB2 controller OC
  polarity (git-fixes).
- ARM: imx: add missing of_node_put() (git-fixes).
- arm64: dts: imx8mm-beacon: Fix ecspi2 pinmux (git-fixes).
- ARM: dts: imx6qdl-gw560x: Remove incorrect 'uart-has-rtscts'
  (git-fixes).
- ARM: dts: imx7d-pico: Use 'clock-frequency' (git-fixes).
- ARM: dts: imx6ul-pico-dwarf: Use 'clock-frequency' (git-fixes).
- Revert "/arm64: dts: meson-sm1-odroid-hc4: disable unused USB
  PHY0"/ (git-fixes).
- dmaengine: lgm: Move DT parsing after initialization
  (git-fixes).
- dmaengine: ti: k3-udma: Do conditional decrement of
  UDMA_CHAN_RT_PEER_BCNT_REG (git-fixes).
- dmaengine: idxd: Do not call DMX TX callbacks during workqueue
  disable (git-fixes).
- dmaengine: idxd: Let probe fail when workqueue cannot be enabled
  (git-fixes).
- Bluetooth: Fix possible deadlock in rfcomm_sk_state_change
  (git-fixes).
- Bluetooth: hci_qca: Fix driver shutdown on closed serdev
  (git-fixes).
- commit 5b33587
- Update
  patches.suse/HID-check-empty-report_list-in-hid_validate_values.patch
  (git-fixes, bsc#1206784).
- commit b88f181
- Update
  patches.suse/HID-check-empty-report_list-in-bigben_probe.patch
  (git-fixes, bsc#1206784).
- commit dc5fa1c
- Update
  patches.suse/HID-betop-check-shape-of-output-reports.patch
  (git-fixes, bsc#1207186).
- commit fb93871
- USB: gadgetfs: Fix race between mounting and unmounting
  (CVE-2022-4382 bsc#1206258).
- commit 458382c
- git_sort: add usb-linus branch for gregkh/usb
- commit 67c0004
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_report_zones()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_verify() (git-fixes).
- scsi: efct: Fix possible memleak in efct_device_init()
  (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
  (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
  (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
  (git-fixes).
- scsi: elx: libefc: Fix second parameter type in state callbacks
  (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout()
  (git-fixes).
- commit fd6cfde
- Update patch reference for sound fix (CVE-2023-0266 bsc#1207134)
- commit a076073
- btrfs: join running log transaction when logging new name
  (bsc#1207263).
- commit 862de17
- btrfs: fix assertion failure when logging directory key range
  item (bsc#1207263).
- commit fdf19d2
- btrfs: prepare extents to be logged before locking a log tree
  path (bsc#1207263).
- commit 2e8db4d
- btrfs: remove useless path release in the fast fsync path
  (bsc#1207263).
- commit 6542fdf
- btrfs: use single variable to track return value at
  btrfs_log_inode() (bsc#1207263).
- commit 801e9e3
- btrfs: avoid inode logging during rename and link when possible
  (bsc#1207263).
- commit 8842469
- bnxt_en: add dynamic debug support for HWRM messages
  (git-fixes).
- Refresh
  patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch.
- commit 8e93e3e
- i40e: Disallow ip4 and ip6 l4_4_bytes (git-fixes).
- i40e: Fix not setting default xps_cpus after reset (git-fixes).
- octeontx2-pf: Fix potential memory leak in otx2_init_tc()
  (jsc#SLE-24682).
- igb: Allocate MSI-X vector when testing (git-fixes).
- net: tun: Fix use-after-free in tun_detach() (git-fixes).
- i40e: Fix error handling in i40e_init_module() (git-fixes).
- ixgbevf: Fix resource leak in ixgbevf_init_module() (git-fixes).
- qlcnic: fix sleep-in-atomic-context bugs caused by msleep
  (git-fixes).
- octeontx2-af: Fix reference count issue in rvu_sdp_init()
  (jsc#SLE-24682).
- octeontx2-pf: Add check for devm_kcalloc (git-fixes).
- bnx2x: fix pci device refcount leak in
  bnx2x_vf_is_pcie_pending() (git-fixes).
- sfc: fix potential memleak in __ef100_hard_start_xmit()
  (git-fixes).
- octeontx2-af: debugsfs: fix pci device refcount leak
  (git-fixes).
- net/mlx4: Check retval of mlx4_bitmap_init (git-fixes).
- net: liquidio: simplify if expression (git-fixes).
- net: ena: Fix error handling in ena_init() (git-fixes).
- bnxt_en: Remove debugfs when pci_register_driver failed
  (git-fixes).
- net: macvlan: Use built-in RCU list checking (git-fixes).
- net: liquidio: release resources when liquidio driver open
  failed (git-fixes).
- net: macvlan: fix memory leaks of macvlan_common_newlink
  (git-fixes).
- cxgb4vf: shut down the adapter when t4vf_update_port_info()
  failed in cxgb4vf_open() (git-fixes).
- net: cxgb3_main: disable napi when bind qsets failed in
  cxgb_up() (git-fixes).
- net: tun: call napi_schedule_prep() to ensure we own a napi
  (git-fixes).
- drivers: net: xgene: disable napi when register irq failed in
  xgene_enet_open() (git-fixes).
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg
  to network (git-fixes).
- tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent
  (git-fixes).
- bnxt_en: fix potentially incorrect return value for
  ndo_rx_flow_steer (git-fixes).
- bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() (git-fixes).
- bnxt_en: fix the handling of PCIE-AER (git-fixes).
- bnxt_en: refactor bnxt_cancel_reservations() (git-fixes).
- net: tun: Fix memory leaks of napi_get_frags (git-fixes).
- commit 098df56
- btrfs: stop doing unnecessary log updates during a rename
  (bsc#1207263).
- commit af7d282
- btrfs: remove unnecessary NULL check for the new inode during
  rename exchange (bsc#1207263).
- commit bf101e4
- btrfs: avoid logging all directory changes during renames
  (bsc#1207263).
- commit 4234518
- HID: betop: check shape of output reports (git-fixes).
- HID: revert CHERRY_MOUSE_000C quirk (git-fixes).
- HID: check empty report_list in bigben_probe() (git-fixes).
- HID: check empty report_list in hid_validate_values()
  (git-fixes).
- HID: intel_ish-hid: Add check for ishtp_dma_tx_map (git-fixes).
- tomoyo: fix broken dependency on *.conf.default (git-fixes).
- efi: tpm: Avoid READ_ONCE() for accessing the event log
  (git-fixes).
- docs: Fix the docs build with Sphinx 6.0 (git-fixes).
- drm/i915/gt: Reset twice (git-fixes).
- regulator: da9211: Use irq handler when ready (git-fixes).
- pinctrl: amd: Add dynamic debugging for active GPIOs
  (git-fixes).
- arm64: atomics: format whitespace consistently (git-fixes).
- commit a241497
- PCI/PM: Define pci_restore_standard_config() only for CONFIG_PM_SLEEP
  (bsc#1207269).
- commit d337d79
- btrfs: pass the dentry to btrfs_log_new_name() instead of the
  inode (bsc#1207263).
- commit db8e195
- btrfs: add helper to delete a dir entry from a log tree
  (bsc#1207263).
- commit f7a9c31
- btrfs: stop trying to log subdirectories created in past
  transactions (bsc#1207263).
- commit 7c6f2ce
- btrfs: stop copying old dir items when logging a directory
  (bsc#1207263).
- commit f0f8008
- btrfs: put initial index value of a directory in a constant
  (bsc#1207263).
- commit 72e8d53
- KVM: x86: Check for existing Hyper-V vCPU in kvm_hv_vcpu_init()
  (bsc#1206616).
- Refresh
  patches.suse/KVM-x86-Report-error-when-setting-CPUID-if-Hyper-V-a.patch.
- commit 957a2a9
- btrfs: don't log unnecessary boundary keys when logging
  directory (bsc#1207263).
- commit 4b59646
- btrfs: remove write and wait of struct walk_control
  (bsc#1207263).
- commit f7b4e9a
- ath11k: change return buffer manager for QCA6390 (bsc#1199701
  CVE-2020-24588).
- Refresh
  patches.kabi/hide-appended-member-supports_dynamic_smps_6ghz.patch.
- Refresh
  patches.suse/ath11k-set-correct-NL80211_FEATURE_DYNAMIC_SMPS-for-.patch.
- commit 9f7ada4
- ath11k: Change number of TCL rings to one for QCA6390
  (bsc#1199701 CVE-2020-24588).
- Refresh
  patches.kabi/hide-appended-member-supports_dynamic_smps_6ghz.patch.
- Refresh
  patches.suse/ath11k-set-correct-NL80211_FEATURE_DYNAMIC_SMPS-for-.patch.
- commit d6ca39b
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
  CVE-2022-47929).
- commit f7f84ac
- Refresh
  patches.suse/scsi-mpt3sas-Remove-usage-of-dma_get_required_mask-A.patch.
- commit cdcfa1d
- ath11k: use hw_params to access board_size and cal_offset
  (bsc#1199701 CVE-2020-24588).
- commit e135fc0
- ath11k: Add spectral scan support for QCN9074 (bsc#1199701
  CVE-2020-24588).
- commit 026f93a
- ath11k: Introduce spectral hw configurable param (bsc#1199701
  CVE-2020-24588).
- commit 576bcf6
- ath11k: Refactor spectral FFT bin size (bsc#1199701
  CVE-2020-24588).
- commit ab5a009
- blacklist.conf: kABI
- commit 2049d90
- blacklist.conf: fix affects only unsupported hardware and is complex
- commit f76a544
- mt76: mt7921: avoid unnecessary spin_lock/spin_unlock in
  mt7921_mcu_tx_done_event (git-fixes).
- commit 089efbe
- blacklist.conf: false positive
- commit 62d28a7
- Documentation: Remove bogus claim about del_timer_sync()
  (git-fixes).
- commit 1100a76
- cifs: Fix uninitialized memory read for smb311 posix symlink
  create (git-fixes).
- commit 6c87295
- cifs: fix potential memory leaks in session setup (bsc#1193629).
- commit a50abb3
- cifs: do not query ifaces on smb1 mounts (git-fixes).
- commit 525e434
- cifs: fix double free on failed kerberos auth (git-fixes).
- commit c048c3a
- cifs: remove redundant assignment to the variable match
  (bsc#1193629).
- commit 5b8956d
- cifs: fix file info setting in cifs_open_file() (git-fixes).
- commit e6259cb
- cifs: fix file info setting in cifs_query_path_info()
  (git-fixes).
- commit 1b4d4fe
- cifs: fix interface count calculation during refresh
  (git-fixes).
- commit 46ee30a
- cifs: refcount only the selected iface during interface update
  (git-fixes).
- commit bd6c57b
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname}
  (bsc#1193629).
- commit bc728e2
- cifs: fix race in assemble_neg_contexts() (bsc#1193629).
- commit b120307
- cifs: ignore ipc reconnect failures during dfs failover
  (bsc#1193629).
- commit 2b37719
- wifi: mt76: mt7921: add mt7921_mutex_acquire at
  mt7921_sta_set_decap_offload (git-fixes).
- commit 1185bd8
- wifi: mt76: sdio: poll sta stat when device transmits data
  (git-fixes).
- commit a94c4e2
- wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
  (git-fixes).
- commit 5e2a5dd
- wifi: mt76: mt7921e: fix race issue between reset and
  suspend/resume (git-fixes).
- commit 14a8748
- tick/sched: Fix non-kernel-doc comment (git-fixes).
- commit f87a2cc
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation.
- commit 6458db5
- blacklist.conf: 461ab10ef7e6 ("/ceph: switch to vfs_inode_has_locks() to fix file lock bug"/)
- commit fd3cf81
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- USB: gadget: Fix use-after-free during usb config switch
  (git-fixes).
- commit 0889148
- usb: gadget: udc: core: remove usage of list iterator past
  the loop body (git-fixes).
- commit 0bb0a32
- usb: gadget: udc: core: Revise comments for USB ep
  enable/disable (git-fixes).
- commit f9853da
- usb: gadget: udc: core: Print error code in
  usb_gadget_probe_driver() (git-fixes).
- commit 31875c7
- usb: gadget: udc: core: Use pr_fmt() to prefix messages
  (git-fixes).
- commit 89beb81
- usb: fotg210-udc: Fix ages old endianness issues (git-fixes).
- commit 324082f
- blacklist.conf: false positive
- commit eb58aba
- blacklist.conf: false positive
- commit 23de7da
- blacklist.conf: false positive
- commit 19ef3e5
- blacklist.conf: cleanup that changes kABI
- commit eea8908
- blacklist.conf: false positive
- commit 52ff06b
- s390/qeth: fix various format strings (git-fixes).
- commit 2ee54d9
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360
  13-aw0xxx (git-fixes).
- ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list
  (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- ALSA: hda - Enable headset mic on another Dell laptop with
  ALC3254 (git-fixes).
- ALSA: hda/realtek - Turn on power early (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- commit ffbf830
- efi: fix userspace infinite retry read efivars after EFI
  runtime services page fault (git-fixes).
- ASoC: qcom: lpass-cpu: Fix fallback SD line index handling
  (git-fixes).
- ASoC: wm8904: fix wrong outputs volume after power reactivation
  (git-fixes).
- ALSA: control-led: use strscpy in set_led_id() (git-fixes).
- ALSA: hda: cs35l41: Check runtime suspend capability at
  runtime_idle (git-fixes).
- ALSA: hda: cs35l41: Don't return -EINVAL from system
  suspend/resume (git-fixes).
- ALSA: usb-audio: Relax hw constraints for implicit fb sync
  (git-fixes).
- ALSA: usb-audio: Make sure to stop endpoints before closing EPs
  (git-fixes).
- platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER
  if present (git-fixes).
- platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting
  (git-fixes).
- platform/surface: aggregator: Add missing call to
  ssam_request_sync_free() (git-fixes).
- platform/surface: aggregator: Ignore command messages not
  intended for us (git-fixes).
- platform/x86: sony-laptop: Don't turn off 0x153 keyboard
  backlight during probe (git-fixes).
- drm/msm/adreno: Make adreno quirks not overwrite each other
  (git-fixes).
- drm/msm: another fix for the headless Adreno GPU (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix description of core
  clock (git-fixes).
- dt-bindings: msm: dsi-controller-main: Fix operating-points-v2
  constraint (git-fixes).
- dt-bindings: msm: dsi-phy-28nm: Add missing qcom,
  dsi-phy-regulator-ldo-mode (git-fixes).
- drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is
  not for aux transfer (git-fixes).
- dt-bindings: msm/dsi: Don't require vdds-supply on 10nm PHY
  (git-fixes).
- dt-bindings: msm/dsi: Don't require vcca-supply on 14nm PHY
  (git-fixes).
- drm/virtio: Fix GEM handle creation UAF (git-fixes).
- commit 127798d
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
  (bsc#1065729).
- commit 49b518d
- nfc: pn533: Wait for out_urb's completion in
  pn533_usb_send_frame() (git-fixes).
- ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude
  laptops (git-fixes).
- ALSA: line6: fix stack overflow in line6_midi_transmit
  (git-fixes).
- ALSA: line6: correct midi status byte when receiving data from
  podxt (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071
  tablet (git-fixes).
- drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes).
- drm/amdgpu: make display pinning more flexible (v2) (git-fixes).
- HID: plantronics: Additional PIDs for double volume key presses
  quirk (git-fixes).
- HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint
  (git-fixes).
- remoteproc: core: Do pm_relax when in RPROC_OFFLINE state
  (git-fixes).
- soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15
  (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
  (git-fixes).
- wifi: wilc1000: sdio: fix module autoloading (git-fixes).
- ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod
  (git-fixes).
- ima: Fix a potential NULL pointer access in
  ima_restore_measurement_list (git-fixes).
- ipmi: fix long wait in unload when IPMI disconnect (git-fixes).
- drm/connector: send hotplug uevent on connector cleanup
  (git-fixes).
- ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes).
- selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Vivobook
  K3402ZA/K3502ZA (git-fixes).
- selftests: set the BUILD variable to absolute path (git-fixes).
- drm/i915/migrate: fix length calculation (git-fixes).
- drm/i915/migrate: fix offset calculation (git-fixes).
- drm/i915/migrate: don't check the scratch page (git-fixes).
- commit 1d4442d
- media: stv0288: use explicitly signed char (git-fixes).
- commit 72af28b
- mm: compaction: kABI: avoid pglist_data kABI breakage
  (bsc#1207010).
- commit 488d3ad
- arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault
  path (performance bsc#1203219).
- commit 82bc0ed
- mm: compaction: support triggering of proactive compaction by
  user (bsc#1207010).
- commit a9c5d6a
- octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682).
- octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B
  header extraction support (jsc#SLE-24682).
- octeontx2-pf: Fix pfc_alloc_status array overflow
  (jsc#SLE-24682).
- octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682).
- octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT]
  (jsc#SLE-24682).
- octeontx2-pf: Fix unused variable build error (jsc#SLE-24682).
- octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly
  (jsc#SLE-24682).
- octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon
  (jsc#SLE-24682).
- octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon
  (jsc#SLE-24682).
- octeontx2-af: return correct ptp timestamp for CN10K silicon
  (jsc#SLE-24682).
- octeontx2-pf: Add egress PFC support (jsc#SLE-24682).
- octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682).
- octeontx2-af: Set NIX link credits based on max LMAC
  (jsc#SLE-24682).
- octeontx2-af: Limit link bringup time at firmware
  (jsc#SLE-24682).
- octeontx2-af: Skip CGX/RPM probe incase of zero lmac count
  (jsc#SLE-24682).
- octeontx2: Modify mbox request and response structures
  (jsc#SLE-24682).
- octeontx2-af: Don't reset previous pfc config (jsc#SLE-24682).
- octeontx2-af: fix operand size in bitwise operation
  (jsc#SLE-24682).
- commit a2de709
- cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP
  mode (bsc#1201068).
- commit 15e54a9
- cpufreq: ACPI: Only set boost MSRs on supported CPUs
  (bsc#1205485).
- commit 2fc91f1
- cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online'
  and 'ret' (bsc#1205485).
- commit bac712b
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: remove call to memset before free
  device/resource/connection (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes).
- drbd: remove usage of list iterator variable after loop
  (git-fixes).
- commit 26591d7
- Update
  patches.suse/dmaengine-idxd-Fix-crc_val-field-for-completion-reco.patch
  (bsc#1206554).
  Added bugzilla number
- commit 1fe5012
- blacklist.conf: add two drbd git-fixes to ignore
- commit d03d927
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit 11e0f4a
- cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485).
- commit 32f938b
- Refresh
  patches.suse/octeontx2-Move-devlink-registration-to-be-last-devli.patch.
  Added missing hunk in backport.
- commit 9b34e71
- xfs: get root inode correctly at bulkstat (git-fixes).
- commit ecbb587
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- commit f759e44
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- commit c814812
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- commit 0241b15
- xfs: initialize the check_owner object fully (git-fixes).
- commit 42eb8fb
- xfs: Fix unreferenced object reported by kmemleak in
  xfs_sysfs_init() (git-fixes).
- commit 48cbefa
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- commit 881b44a
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP*
  (git-fixes).
- commit 0bf8d62
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- commit 0f9b0ad
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- commit 9430296
- powerpc: Take in account addition CPU node when building kexec
  FDT (bsc#1207016 ltc#201108).
- powerpc: export the CPU node count (bsc#1207016 ltc#201108).
- commit 4ca3eba
- xfs: fix maxlevels comparisons in the btree staging code
  (git-fixes).
- commit d0f5fd6
- blacklist.conf: misattributed
- commit ee5f25a
- blacklist.conf: too risky
- commit 51ffe7a
- blacklist.conf: misattributed, we do not have this bug
- commit bc3473d
- cifs: Fix kmap_local_page() unmapping (git-fixes).
- commit ff2c079
- Revert "/usb: ulpi: defer ulpi_register on ulpi_read_id timeout"/
  (git-fixes).
- drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes).
- drm/i915/gvt: fix gvt debugfs destroy (git-fixes).
- drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
  (git-fixes).
- drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes).
- drm/meson: Reduce the FIFO lines held when AFBC is not used
  (git-fixes).
- drm/panfrost: Fix GEM handle creation ref-counting (git-fixes).
- thermal: int340x: Add missing attribute for data rate base
  (git-fixes).
- caif: fix memory leak in cfctrl_linkup_request() (git-fixes).
- usb: rndis_host: Secure rndis_query check against int overflow
  (git-fixes).
- dt-bindings: net: sun8i-emac: Add phy-supply property
  (git-fixes).
- net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe
  (git-fixes).
- nfc: Fix potential resource leaks (git-fixes).
- vmxnet3: correctly report csum_level for encapsulated packet
  (git-fixes).
- gpio: sifive: Fix refcount leak in sifive_gpio_probe
  (git-fixes).
- fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB
  (git-fixes).
- commit ac1915a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- commit 678d5a8
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f
- mm: fix race between MADV_FREE reclaim and blkdev direct IO read
  (bsc#1204989,bsc#1205601).
- commit 83e47e1
- KVM: x86: fix uninitialized variable use on
  KVM_REQ_TRIPLE_FAULT (bsc#1204652 CVE-2022-3344).
- blacklist.conf: blacklist commit id
  df0bb47baa95aad133820b149851d5b94cbc6790 which duplicates
  commit id e542baf30b48605d4336bf54b98e76b8fb98af30.
- commit c2fe422
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
  git-fixes).
- commit e6f2b08
- Refresh
  patches.suse/NFS-Handle-missing-attributes-in-OPEN-reply.patch.
  Update commit log to prevent patch and quilt from thinking it should apply the
  example hunks and fail.
- commit a6bcec2
- patches.suse/btrfs-fix-resolving-backrefs-for-inline-extent-follo.patch:
  (bsc#1206456).
- commit 31db88a
- NFS: Handle missing attributes in OPEN reply (bsc#1203740).
- commit 4f80fa3
- scsi: mpt3sas: Remove usage of dma_get_required_mask() API
  (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: re-do lost mpt3sas DMA mask fix
  (bsc#1206912,bsc#1206098).
- scsi: mpt3sas: Don't change DMA mask while reallocating pools
  (bsc#1206912,bsc#1206098).
- commit 496371c
- KVM: x86: remove exit_int_info warning in svm_handle_exit
  (bsc#1204652 CVE-2022-3344).
- KVM: x86: allow L1 to not intercept triple fault (bsc#1204652
  CVE-2022-3344).
- KVM: x86: forcibly leave nested mode on vCPU reset (bsc#1204652
  CVE-2022-3344).
- KVM: x86: add kvm_leave_nested (bsc#1204652 CVE-2022-3344).
- KVM: x86: nSVM: harden svm_free_nested against freeing  vmcb02
  while still in use (bsc#1204652 CVE-2022-3344).
- KVM: x86: nSVM: leave nested mode on vCPU free (bsc#1204652
  CVE-2022-3344).
- commit a745b62
- net: allow retransmitting a TCP packet if original is still
  in queue (bsc#1188605 bsc#1187428 bsc#1206619).
- commit 894711e
- memcg, kmem: further deprecate kmem.limit_in_bytes
  (bsc#1206896).
- Refresh
  patches.suse/memcg-deprecate-memory.force_empty-knob.patch.
- commit 855cb6d
- mm/mempolicy: fix memory leak in set_mempolicy_home_node system
  call (bsc#1206468).
- commit 2ac9622
- vdpa_sim: fix vringh initialization in vdpasim_queue_ready()
  (git-fixes).
- vhost: fix range used in translate_desc() (git-fixes).
- vringh: fix range used in iotlb_translate() (git-fixes).
- vhost/vsock: Fix error handling in vhost_vsock_init()
  (git-fixes).
- vdpa_sim: fix possible memory leak in vdpasim_net_init()
  and vdpasim_blk_init() (git-fixes).
- commit 4896995
- Move upstreamed kexec patch into sorted section
- commit 8762bd7
- blacklist.conf: Add ppc ddw fix only applicable to 5.15
- commit b91171d
- blacklist.conf: Add 710ffe671e01 sched/psi: Stop relying on timer_pending() for poll_work rescheduling
- commit 8adb37f
- sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes)
- commit a265076
- sched/uclamp: Fix relationship between uclamp and migration (git-fixes)
- commit d4e9f78
- sched/core: Fix comparison in sched_group_cookie_match() (git-fixes)
- commit f64ffc5
- sched/core: Fix the bug that task won't enqueue into core (git-fixes)
- commit f50eaf7
- sched/topology: Remove redundant variable and fix incorrect (git-fixes)
- commit 653c1b4
- blacklist.conf: removes a feature
- commit 4da5756
- blacklist.conf: misattributed
- commit 3e3a9a5
- blacklist.conf: pSeries and powernv get dt from firmware
- commit c257ae8
- powerpc/pseries/eeh: use correct API for error log size
  (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
  (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- powerpc/64: Init jump labels before parse_early_param()
  (bsc#1065729).
- commit 773dc74
- scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445).
- scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445).
- scsi: lpfc: Fix crash involving race between FLOGI timeout
  and devloss handler (jsc#PED-1445).
- scsi: lpfc: Fix MI capability display in cmf_info sysfs
  attribute (jsc#PED-1445).
- scsi: lpfc: Correct bandwidth logging during receipt of
  congestion sync WCQE (jsc#PED-1445).
- scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445).
- scsi: lpfc: Use memset_startat() helper (jsc#PED-1445).
- scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445).
- string.h: Introduce memset_startat() for wiping trailing
  members and padding (jsc#PED-1445).
- commit 7d406bf
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
  (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
  (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
  (jsc#PED-568).
- commit ae77c26
- xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794).
- commit b8910c1
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- commit 7c1cca0
- Refresh
  patches.suse/drm-amdgpu-sdma_v4_0-turn-off-SDMA-ring-buffer-in-th.patch
  Alt-commit
- commit 41b83ab
- Refresh
  patches.suse/drm-i915-reg-Fix-spelling-mistake-Unsupport-Unsuppor.patch
  Alt-commit
- commit d746af5
- Refresh
  patches.suse/drm-amdgpu-fix-sdma-doorbell-init-ordering-on-APUs.patch
  Alt-commit
- commit 0f2757b
- Refresh
  patches.suse/drm-amdkfd-Fix-memory-leak-in-kfd_mem_dmamap_userptr.patch
  Alt-commit
- commit a635317
- Refresh
  patches.suse/drm-i915-ttm-never-purge-busy-objects.patch
  Alt-commit
- commit be2dd4d
- Refresh
  patches.suse/drm-msm-Make-.remove-and-.shutdown-HW-shutdown-consi.patch
  Alt-commit
- commit a0ff67b
- Refresh
  patches.suse/drm-msm-dsi-fix-the-inconsistent-indenting.patch
  Alt-commit
- commit c6fc5ca
- Refresh
  patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
  Alt-commit
- commit d4ca67b
- Refresh
  patches.suse/drm-amdgpu-move-iommu_resume-before-ip-init-resume.patch
  Alt-commit
- commit d5590c6
- EDAC/mc_sysfs: Increase legacy channel support to 12
  (bsc#1205263).
- commit 4cb5420
- blacklist.conf: add scsi-mpt3sas-Fix-return-value-check-of-dma_get_required_mask.patch (bsc#1206098)
- Delete
  patches.suse/scsi-mpt3sas-Fix-return-value-check-of-dma_get_required_mask.patch.
  This patch breaks Xen.
- commit cc3a20c
- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit bcbd230
- RDMA/siw: Fix pointer cast warning (git-fixes)
- commit 366e50d
- IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes)
- commit 0dbba4f
- RDMA/hns: Fix XRC caps on HIP08 (git-fixes)
- commit 59e36ed
- RDMA/hns: Fix error code of CMD (git-fixes)
- commit 5f70364
- RDMA/hns: Fix page size cap from firmware (git-fixes)
- commit 6cde7a4
- RDMA/hns: Fix PBL page MTR find (git-fixes)
- commit 8abc588
- RDMA/hns: Fix AH attr queried by query_qp (git-fixes)
- commit adf2f5b
- RDMA/srp: Fix error return code in srp_parse_options() (git-fixes)
- commit 6f932f1
- RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- commit e3f1da5
- RDMA: Disable IB HW for UML (git-fixes)
- commit 79de999
- RDMA/nldev: Fix failure to send large messages (git-fixes)
- commit 8afb6ef
- RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes)
- commit 7f11c74
- RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes)
- commit 9304b2c
- RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes)
- commit 8bd6757
- RDMA/irdma: Initialize net_type before checking it (git-fixes)
- commit c1ce45c
- RDMA/hfi: Decrease PCI device reference count in error path (git-fixes)
- commit 4b06dc0
- RDMA/hns: Fix ext_sge num error when post send (git-fixes)
- commit 6e743d4
- RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes)
- commit 0f16ea1
- RDMA/siw: Set defined status for work completion with undefined status (git-fixes)
- commit a9ebe54
- RDMA/nldev: Return "/-EAGAIN"/ if the cm_id isn't from expected port (git-fixes)
- commit 26efba0
- RDMA/core: Make sure "/ib_port"/ is valid when access sysfs node (git-fixes)
- commit 00cffbb
- RDMA/restrack: Release MR restrack when delete (git-fixes)
- commit 20085bc
- RDMA/siw: Fix immediate work request flush to completion queue (git-fixes)
- commit 4193611
- RDMA/irdma: Report the correct link speed (git-fixes)
- commit 83b7019
- RDMA/core: Fix order of nldev_exit call (git-fixes)
- commit 76dc905
- RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes)
- commit 7e28dca
- RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes)
- commit 9035bce
- ALSA: seq: fix undefined behavior in bit shift for
  SNDRV_SEQ_FILTER_USE_EVENT (git-fixes).
- ALSA: pcm: fix undefined behavior in bit shift for
  SNDRV_PCM_RATE_KNOT (git-fixes).
- commit 1504232
- rtc: cmos: Fix wake alarm breakage (git-fixes).
- commit de5fcc7
- rtc: cmos: Fix event handler registration ordering issue
  (git-fixes).
- Revert "/platform/chrome: cros_ec_typec: Cleanup switch handle
  return paths"/ (git-fixes).
- commit ec01d22
- HID: wacom: Ensure bootloader PID is usable in hidraw mode
  (git-fixes).
- HID: mcp2221: don't connect hidraw (git-fixes).
- remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare()
  in q6v5_wcss_qcs404_power_on() (git-fixes).
- remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in
  adsp_alloc_memory_region() (git-fixes).
- remoteproc: qcom_q6v5_pas: detach power domains on remove
  (git-fixes).
- remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or
  remove (git-fixes).
- remoteproc: qcom: q6v5: Fix potential null-ptr-deref in
  q6v5_wcss_init_mmio() (git-fixes).
- remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev()
  (git-fixes).
- mfd: pm8008: Fix return value check in pm8008_probe()
  (git-fixes).
- rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes).
- rtc: pic32: Move devm_rtc_allocate_device earlier in
  pic32_rtc_probe() (git-fixes).
- rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe()
  (git-fixes).
- rtc: snvs: Allow a time difference on clock register read
  (git-fixes).
- misc: tifm: fix possible memory leak in tifm_7xx1_switch_media()
  (git-fixes).
- misc: ocxl: fix possible name leak in ocxl_file_register_afu()
  (git-fixes).
- vfio: platform: Do not pass return buffer to ACPI _RST method
  (git-fixes).
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes).
- drm/sti: Fix return type of
  sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes).
- drm/fsl-dcu: Fix return type of
  fsl_dcu_drm_connector_mode_valid() (git-fixes).
- wifi: mt76: do not run mt76u_status_worker if the device is
  not running (git-fixes).
- wifi: brcmfmac: Fix potential shift-out-of-bounds in
  brcmf_fw_alloc_request() (git-fixes).
- wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out
  (git-fixes).
- wifi: ath9k: verify the expected usb_endpoints are present
  (git-fixes).
- hamradio: baycom_epp: Fix return type of baycom_send_packet()
  (git-fixes).
- mmc: renesas_sdhi: better reset from HS400 mode (git-fixes).
- mmc: f-sdh30: Add quirks for broken timeout clock capability
  (git-fixes).
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- HID: hid-sensor-custom: set fixed size for custom attributes
  (git-fixes).
- hwmon: (jc42) Fix missing unlock on error in jc42_write()
  (git-fixes).
- hwmon: (jc42) Restore the min/max/critical temperatures on
  resume (git-fixes).
- hwmon: (jc42) Convert register access and caching to
  regmap/regcache (git-fixes).
- regulator: core: fix use_count leakage when handling boot-on
  (git-fixes).
- media: si470x: Fix use-after-free in si470x_int_in_callback()
  (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
  (git-fixes).
- media: dvb-frontends: fix leak of memory fw (git-fixes).
- nilfs2: fix shift-out-of-bounds due to too large exponent of
  block size (git-fixes).
- nilfs2: fix shift-out-of-bounds/overflow in
  nilfs_sb2_bad_offset() (git-fixes).
- soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in
  knav_queue_probe (git-fixes).
- rtc: cmos: fix build on non-ACPI platforms (git-fixes).
- extcon: usbc-tusb320: Factor out extcon into dedicated functions
  (git-fixes).
- tty: serial: altera_uart_{r,t}x_chars() need only uart_port
  (git-fixes).
- tty: serial: clean up stop-tx part in altera_uart_tx_chars()
  (git-fixes).
- rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes).
- mfd: pm8008: Remove driver data structure pm8008_data
  (git-fixes).
- platform/chrome: cros_ec_typec: Cleanup switch handle return
  paths (git-fixes).
- gpiolib: Get rid of redundant 'else' (git-fixes).
- soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead
  of pm_runtime_get_sync (git-fixes).
- usb: typec: Factor out non-PD fwnode properties (git-fixes).
- gpiolib: make struct comments into real kernel docs (git-fixes).
- mt76: stop the radar detector after leaving dfs channel
  (git-fixes).
- extcon: usbc-tusb320: Add support for TUSB320L (git-fixes).
- extcon: usbc-tusb320: Add support for mode setting and reset
  (git-fixes).
- commit cfb92f2
- clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes).
- drm/amd/display: Use the largest vready_offset in pipe group
  (git-fixes).
- drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid()
  (git-fixes).
- drm/amd/display: fix array index out of bound error in bios
  parser (git-fixes).
- drm/etnaviv: add missing quirks for GC300 (git-fixes).
- drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes).
- drm/sti: Use drm_mode_copy() (git-fixes).
- drm/rockchip: Use drm_mode_copy() (git-fixes).
- drm/msm: Use drm_mode_copy() (git-fixes).
- drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table()
  callback (git-fixes).
- drm/amdgpu: Fix type of second parameter in trans_msg() callback
  (git-fixes).
- drm/amd/display: prevent memory leak (git-fixes).
- clocksource/drivers/timer-ti-dm: Fix missing
  clk_disable_unprepare in dmtimer_systimer_init_clock()
  (git-fixes).
- clocksource/drivers/sh_cmt: Access registers according to spec
  (git-fixes).
- crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes).
- drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes).
- drm/amd/display: Manually adjust strobe for DCN303 (git-fixes).
- commit f4d3289
- ata: ahci: Fix PCS quirk application for suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB
  (git-fixes).
- ALSA: usb-audio: add the quirk for KT0206 device (git-fixes).
- ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list
  (git-fixes).
- apparmor: Fix memleak in alloc_ns() (git-fixes).
- apparmor: Use pointer to struct aa_label for lbs_cred
  (git-fixes).
- apparmor: Fix abi check to include v8 abi (git-fixes).
- apparmor: fix lockdep warning when removing a namespace
  (git-fixes).
- apparmor: fix a memleak in multi_transaction_new() (git-fixes).
- brcmfmac: return error when getting invalid max_flowrings from
  dongle (git-fixes).
- ASoC: codecs: rt298: Add quirk for KBL-R RVP platform
  (git-fixes).
- acct: fix potential integer overflow in encode_comp_t()
  (git-fixes).
- ACPICA: Fix error code path in acpi_ds_call_control_method()
  (git-fixes).
- binfmt_misc: fix shift-out-of-bounds in check_special_flags
  (git-fixes).
- can: kvaser_usb: do not increase tx statistics when sending
  error message frames (git-fixes).
- commit 86527dd
- mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code
  (git-fixes).
- commit 0741514
- Revert an ASoC patch that cuased a regression (bsc#1206703)
  Delete:
  patches.suse/ASoC-soc-pcm-Don-t-zero-TDM-masks-in-__soc_pcm_open.patch
- commit f822682
- Refresh patches.suse/drm-i915-ttm-never-purge-busy-objects.patch
  Fix the compilation warning/error for SLE15-SP4 code;
  should be reverted for SLE15-SP5
- commit 01b9ce4
- cifs: update internal module number (bsc#1193629).
- commit 2c23471
- cifs: don't leak -ENOMEM in smb2_open_file() (bsc#1193629).
- cifs: use origin fullpath for automounts (bsc#1193629).
- commit d701916
- cifs: set correct status of tcon ipc when reconnecting
  (bsc#1193629).
- commit 57f84f1
- cifs: optimize reconnect of nested links (bsc#1193629).
- cifs: fix source pathname comparison of dfs supers
  (bsc#1193629).
- commit 2490abe
- cifs: fix confusing debug message (bsc#1193629).
- cifs: don't block in dfs_cache_noreq_update_tgthint()
  (bsc#1193629).
- commit 2d792b4
- cifs: refresh root referrals (bsc#1193629).
- cifs: fix refresh of cached referrals (bsc#1193629).
- commit 5f89779
- cifs: don't refresh cached referrals from unactive mounts
  (bsc#1193629).
- cifs: share dfs connections and supers (bsc#1193629).
- commit d487cdb
- cifs: split out ses and tcon retrieval from mount_get_conns()
  (bsc#1193629).
- cifs: set resolved ip in sockaddr (bsc#1193629).
- commit 6b4ca3c
- cifs: remove unused smb3_fs_context::mount_options
  (bsc#1193629).
- commit 45748b3
- cifs: get rid of mount options string parsing (bsc#1193629).
- cifs: use fs_context for automounts (bsc#1193629).
- commit 3459851
- cifs: reduce roundtrips on create/qinfo requests (bsc#1193629).
- commit 5298349
- cifs: set correct ipc status after initial tree connect
  (bsc#1193629).
- cifs: set correct tcon status after initial tree connect
  (bsc#1193629).
- commit c4c2e58
- cifs: Remove duplicated include in cifsglob.h (bsc#1193629).
- commit e5a8551
- cifs: fix oops during encryption (bsc#1199294).
- commit ddcc642
- cifs: print warning when conflicting soft vs. hard mount
  options specified (bsc#1193629).
- commit d3798b8
- cifs: fix missing display of three mount options (bsc#1193629).
- commit de33d28
- cifs: fix various whitespace errors in headers (bsc#1193629).
- commit 8d59280
- cifs: minor cleanup of some headers (bsc#1193629).
- commit 86a2d1f
- cifs: skip alloc when request has no pages (bsc#1193629).
- commit 992bc71
- cifs: Parse owner/group for stat in smb311 posix extensions
  (bsc#1193629).
- commit fa4a327
- cifs: Add "/extbuf"/ and "/extbuflen"/ args to smb2_compound_op()
  (bsc#1193629).
- commit 9c7ee24
- pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES
  (git-fixes).
- crypto: ccree - Make cc_debugfs_global_fini() available for
  module init function (git-fixes).
- ASoC: ops: Correct bounds check for second channel on SX
  controls (git-fixes).
- clk: Fix pointer casting to prevent oops in devm_clk_release()
  (git-fixes).
- commit b22634c
- usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags
  (git-fixes).
- usb: dwc3: core: defer probe on ulpi_read_id timeout
  (git-fixes).
- usb: ulpi: defer ulpi_register on ulpi_read_id timeout
  (git-fixes).
- usb: gadget: uvc: Prevent buffer overflow in setup handler
  (git-fixes).
- usb: storage: Add check for kcalloc (git-fixes).
- USB: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: f81534: fix division by zero on line-speed change
  (git-fixes).
- USB: serial: f81232: fix division by zero on line-speed change
  (git-fixes).
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes).
- usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode
  (git-fixes).
- usb: cdnsp: fix lack of ZLP for ep0 (git-fixes).
- usb: xhci-mtk: fix leakage of shared hcd when fail to set
  wakeup irq (git-fixes).
- usb: dwc3: pci: Update PCIe device ID for USB3 controller on
  CPU sub-system for Raptor Lake (git-fixes).
- wifi: brcmfmac: Fix error return code in
  brcmf_sdio_download_firmware() (git-fixes).
- wifi: rtl8xxxu: Fix the channel width reporting (git-fixes).
- wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h
  (git-fixes).
- wifi: iwlwifi: mvm: fix double free on tx path (git-fixes).
- wifi: mt76: fix coverity overrun-call in mt76_get_txpower()
  (git-fixes).
- wifi: cfg80211: Fix not unregister reg_pdev when
  load_builtin_regdb_keys() fails (git-fixes).
- wifi: mac80211: fix memory leak in ieee80211_if_add()
  (git-fixes).
- wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes).
- wifi: rtw89: fix physts IE page check (git-fixes).
- wifi: rtw89: Fix some error handling path in
  rtw89_core_sta_assoc() (git-fixes).
- wifi: rtw89: use u32_encode_bits() to fill MAC quota value
  (git-fixes).
- wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control
  port (git-fixes).
- wifi: ath9k: hif_usb: Fix use-after-free in
  ath9k_hif_usb_reg_in_cb() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of urbs in
  ath9k_hif_usb_dealloc_tx_urbs() (git-fixes).
- wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes).
- commit 4d78293
- uio: uio_dmem_genirq: Fix deadlock between irq config and
  handling (git-fixes).
- uio: uio_dmem_genirq: Fix missing unlock in irq configuration
  (git-fixes).
- usb: roles: fix of node refcount leak in
  usb_role_switch_is_parent() (git-fixes).
- usb: typec: tipd: Fix spurious fwnode_handle_put in error path
  (git-fixes).
- usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register
  fails (git-fixes).
- usb: typec: tcpci: fix of node refcount leak in
  tcpci_register_port() (git-fixes).
- usb: typec: Check for ops->exit instead of ops->enter in
  altmode_exit (git-fixes).
- tpm/tpm_crb: Fix error message in __crb_relinquish_locality()
  (git-fixes).
- usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer
  (git-fixes).
- commit 00e7f07
- test_firmware: fix memory leak in test_firmware_init()
  (git-fixes).
- thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2
  (git-fixes).
- thermal/drivers/imx8mm_thermal: Validate temperature range
  (git-fixes).
- spi: spi-gpio: Don't set MOSI as an input if not 3WIRE mode
  (git-fixes).
- spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes).
- thermal: core: fix some possible name leaks in error paths
  (git-fixes).
- tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init()
  (git-fixes).
- tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak
  (git-fixes).
- tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak
  (git-fixes).
- tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes).
- commit 3ea2187
- soc: mediatek: pm-domains: Fix the power glitch issue
  (git-fixes).
- serial: sunsab: Fix error handling in sunsab_init() (git-fixes).
- serial: pch: Fix PCI device refcount leak in pch_request_dma()
  (git-fixes).
- serial: stm32: move dma_request_chan() before
  clk_prepare_enable() (git-fixes).
- spi: Update reference to struct spi_controller (git-fixes).
- soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes).
- soc: ti: smartreflex: Fix PM disable depth imbalance in
  omap_sr_probe (git-fixes).
- drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as
  static (git-fixes).
- soc: qcom: llcc: make irq truly optional (git-fixes).
- commit 41d3c92
- regulator: core: fix deadlock on regulator enable (git-fixes).
- pstore: Properly assign mem_type property (git-fixes).
- pstore: Switch pmsg_lock to an rt_mutex to avoid priority
  inversion (git-fixes).
- pwm: mediatek: always use bus clock for PWM on MT7622
  (git-fixes).
- pwm: lpc18xx-sct: Fix a comment to match code (git-fixes).
- pwm: sifive: Call pwm_sifive_update_clock() while mutex is held
  (git-fixes).
- pwm: tegra: Improve required rate calculation (git-fixes).
- selftests: devlink: fix the fd redirect in dummy_reporter_test
  (git-fixes).
- r6040: Fix kmemleak in probe and remove (git-fixes).
- selftests/powerpc: Fix resource leaks (git-fixes).
- serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle
  (git-fixes).
- serial: amba-pl011: avoid SBSA UART accessing DMACR register
  (git-fixes).
- serial: 8250_bcm7271: Fix error handling in brcmuart_init()
  (git-fixes).
- serial: tegra: Read DMA status before terminating (git-fixes).
- staging: rtl8192e: Fix potential use-after-free in
  rtllib_rx_Monitor() (git-fixes).
- staging: rtl8192u: Fix use after free in ieee80211_rx()
  (git-fixes).
- regulator: qcom-labibb: Fix missing of_node_put() in
  qcom_labibb_regulator_probe() (git-fixes).
- regulator: core: fix resource leak in regulator_register()
  (git-fixes).
- regulator: core: fix module refcount leak in set_supply()
  (git-fixes).
- regulator: bd718x7: Drop unnecessary info print (git-fixes).
- regulator: core: use kfree_const() to free space conditionally
  (git-fixes).
- regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes).
- regulator: core: fix unbalanced of node refcount in
  regulator_dev_lookup() (git-fixes).
- selftests/efivarfs: Add checking of the test return value
  (git-fixes).
- selftests/ftrace: event_triggers: wait longer for
  test_event_enable (git-fixes).
- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
  (git-fixes).
- pstore/ram: Fix error return code in ramoops_probe()
  (git-fixes).
- pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes).
- regulator: twl6030: fix get status of twl6032 regulators
  (git-fixes).
- regulator: slg51000: Wait after asserting CS pin (git-fixes).
- commit b3e3245
- nfc: pn533: Clear nfc_target before being used (git-fixes).
- phy: usb: s2 WoL wakeup_count not incremented for USB->Eth
  devices (git-fixes).
- power: supply: fix null pointer dereferencing in
  power_supply_get_battery_info (git-fixes).
- power: supply: ab8500: Fix error handling in
  ab8500_charger_init() (git-fixes).
- power: supply: z2_battery: Fix possible memleak in
  z2_batt_probe() (git-fixes).
- power: supply: fix residue sysfs file in error handle route
  of __power_supply_register() (git-fixes).
- PCI: pci-epf-test: Register notifier if only core_init_notifier
  is enabled (git-fixes).
- PCI: vmd: Disable MSI remapping after suspend (git-fixes).
- PCI: dwc: Fix n_fts[] array overrun (git-fixes).
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- pinctrl: pinconf-generic: add missing of_node_put() (git-fixes).
- pinctrl: k210: call of_node_put() (git-fixes).
- mtd: spi-nor: Fix the number of bytes for the dummy cycles
  (git-fixes).
- mtd: spi-nor: hide jedec_id sysfs attribute if not present
  (git-fixes).
- mtd: spi-nor: Check for zero erase size in
  spi_nor_find_best_erase_type() (git-fixes).
- mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes).
- mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes).
- proc: fixup uptime selftest (git-fixes).
- PNP: fix name memory leak in pnp_alloc_dev() (git-fixes).
- PM: hibernate: Fix mistake in kerneldoc comment (git-fixes).
- PM: runtime: Do not call __rpm_callback() from rpm_idle()
  (git-fixes).
- platform/chrome: cros_usbpd_notify: Fix error handling in
  cros_usbpd_notify_init() (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes).
- platform/x86: intel_scu_ipc: fix possible name leak in
  __intel_scu_ipc_register() (git-fixes).
- platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]()
  (git-fixes).
- platform/x86: huawei-wmi: fix return value calculation
  (git-fixes).
- pinctrl: meditatek: Startup with the IRQs disabled (git-fixes).
- commit 9546018
- mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than
  400K (git-fixes).
- mmc: vub300: fix warning - do not call blocking ops when
  !TASK_RUNNING (git-fixes).
- mmc: core: Normalize the error handling branch in
  sd_read_ext_regs() (git-fixes).
- mmc: renesas_sdhi: alway populate SCC pointer (git-fixes).
- mmc: mmci: fix return value check of mmc_add_host() (git-fixes).
- mmc: wbsd: fix return value check of mmc_add_host() (git-fixes).
- mmc: via-sdmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: meson-gx: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: omap_hsmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: atmel-mci: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: wmt-sdmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: vub300: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: toshsd: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: rtsx_pci: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: pxamci: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: mxcmmc: fix return value check of mmc_add_host()
  (git-fixes).
- mmc: moxart: fix return value check of mmc_add_host()
  (git-fixes).
- mtd: Fix device name leak when register device failed in
  add_mtd_device() (git-fixes).
- commit 5e3071e
- mailbox: zynq-ipi: fix error handling while device_register()
  fails (git-fixes).
- mailbox: arm_mhuv2: Fix return value check in mhuv2_probe()
  (git-fixes).
- mailbox: mpfs: read the system controller's status (git-fixes).
- mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe()
  (git-fixes).
- mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes).
- mfd: mt6360: Add bounds checking in Regmap read/write call-backs
  (git-fixes).
- mISDN: hfcmulti: don't call dev_kfree_skb/kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- mISDN: hfcpci: don't call dev_kfree_skb/kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- mISDN: hfcsusb: don't call dev_kfree_skb/kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- HSI: omap_ssi_core: Fix error handling in ssi_init()
  (git-fixes).
- HSI: omap_ssi_core: fix possible memory leak in ssi_probe()
  (git-fixes).
- iio: fix memory leak in iio_device_register_eventset()
  (git-fixes).
- iio: adc128s052: add proper .data members in adc128_of_match
  table (git-fixes).
- iio: temperature: ltc2983: make bulk write buffer DMA-safe
  (git-fixes).
- iio: adc: ad_sigma_delta: do not use internal iio_dev lock
  (git-fixes).
- i2c: ismt: Fix an out-of-bounds bug in ismt_access()
  (git-fixes).
- i2c: mux: reg: check return value after calling
  platform_get_resource() (git-fixes).
- i2c: pxa-pci: fix missing pci_disable_device() on error in
  ce4100_i2c_probe (git-fixes).
- hwrng: amd - Fix PCI device refcount leak (git-fixes).
- integrity: Fix memory leakage in keyring allocation error path
  (git-fixes).
- mmc: alcor: fix return value check of mmc_add_host()
  (git-fixes).
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes).
- Input: wistron_btns - disable on UML (git-fixes).
- Input: elants_i2c - properly handle the reset GPIO when power
  is off (git-fixes).
- Input: joystick - fix Kconfig warning for JOYSTICK_ADC
  (git-fixes).
- media: saa7164: fix missing pci_disable_device() (git-fixes).
- media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
  (git-fixes).
- media: dvb-core: Fix ignored return value in
  dvb_register_frontend() (git-fixes).
- media: dvb-core: Fix double free in dvb_register_device()
  (git-fixes).
- media: imon: fix a race condition in send_packet() (git-fixes).
- media: solo6x10: fix possible memory leak in solo_sysfs_init()
  (git-fixes).
- media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
  (git-fixes).
- media: vimc: Fix wrong function called when vimc_init() fails
  (git-fixes).
- media: adv748x: afe: Select input port when initializing AFE
  (git-fixes).
- media: v4l2-ctrls: Fix off-by-one error in integer menu control
  check (git-fixes).
- media: vivid: fix compose size exceed boundary (git-fixes).
- staging: media: tegra-video: fix device_node use after free
  (git-fixes).
- staging: media: tegra-video: fix chan->mipi value on error
  (git-fixes).
- media: i2c: ad5820: Fix error path (git-fixes).
- ipu3-imgu: Fix NULL pointer dereference in
  imgu_subdev_set_selection() (git-fixes).
- media: camss: Clean up received buffers on failed start of
  streaming (git-fixes).
- media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes).
- lib/fonts: fix undefined behavior in bit shift for
  get_default_font (git-fixes).
- lib/debugobjects: fix stat count and optimize
  debug_objects_mem_init (git-fixes).
- media: v4l2-dv-timings.c: fix too strict blanking sanity checks
  (git-fixes).
- mmc: mtk-sd: Fix missing clk_disable_unprepare in
  msdc_of_clock_parse() (git-fixes).
- commit 492bdad
- driver core: Fix bus_type.match() error handling in
  __driver_attach() (git-fixes).
- Refresh
  patches.suse/drivers-base-implement-dev_enable_async_probe.patch.
- commit 72f2b42
- drm/i915/display: Don't disable DDI/Transcoder when setting
  phy test pattern (git-fixes).
- drm/i915: Fix documentation for
  intel_uncore_forcewake_put__locked (git-fixes).
- dmaengine: idxd: Fix crc_val field for completion record
  (git-fixes).
- Documentation: devres: add missing
  devm_acpi_dma_controller_free() helper (git-fixes).
- HSI: omap_ssi_core: fix unbalanced pm_runtime_disable()
  (git-fixes).
- device property: Fix documentation for fwnode_get_next_parent()
  (git-fixes).
- Documentation: devres: add missing MEM helper (git-fixes).
- firmware: raspberrypi: fix possible memory leak in
  rpi_firmware_probe() (git-fixes).
- drivers: dio: fix possible memory leak in dio_init()
  (git-fixes).
- Documentation: devres: add missing PHY helpers (git-fixes).
- dt-bindings: gpio: gpio-davinci: Increase maxItems in
  gpio-line-names (git-fixes).
- fbdev: fbcon: release buffer when fbcon_do_set_font() failed
  (git-fixes).
- fbdev: uvesafb: Fixes an error handling path in uvesafb_probe()
  (git-fixes).
- fbdev: uvesafb: don't build on UML (git-fixes).
- fbdev: geode: don't build on UML (git-fixes).
- fbdev: vermilion: decrease reference count in error path
  (git-fixes).
- fbdev: via: Fix error in via_core_init() (git-fixes).
- fbdev: pm2fb: fix missing pci_disable_device() (git-fixes).
- fbdev: ssd1307fb: Drop optional dependency (git-fixes).
- crypto: img-hash - Fix variable dereferenced before check
  'hdev->req' (git-fixes).
- crypto: omap-sham - Use pm_runtime_resume_and_get() in
  omap_sham_probe() (git-fixes).
- crypto: tcrypt - Fix multibuffer skcipher speed test mem leak
  (git-fixes).
- crypto: cryptd - Use request context instead of stack for
  sub-request (git-fixes).
- crypto: ccree - Remove debugfs when platform_driver_register
  failed (git-fixes).
- crypto: rockchip - rework by using crypto_engine (git-fixes).
- crypto: rockchip - remove non-aligned handling (git-fixes).
- crypto: rockchip - better handle cipher key (git-fixes).
- crypto: rockchip - add fallback for ahash (git-fixes).
- crypto: rockchip - add fallback for cipher (git-fixes).
- crypto: rockchip - do not store mode globally (git-fixes).
- crypto: rockchip - do not do custom power management
  (git-fixes).
- crypto: n2 - add missing hash statesize (git-fixes).
- crypto: nitrox - avoid double free on error path in
  nitrox_sriov_init() (git-fixes).
- crypto: sun8i-ss - use dma_addr instead u32 (git-fixes).
- hamradio: don't call dev_kfree_skb() under spin_lock_irqsave()
  (git-fixes).
- Documentation: bonding: update miimon default to 100
  (git-fixes).
- Revert "/dt-bindings: marvell,prestera: Add description for
  device-tree bindings"/ (git-fixes).
- dt-bindings: clock: qcom,aoncc-sm8250: fix compatible
  (git-fixes).
- drm/amdkfd: Fix memory leakage (git-fixes).
- drm/amdgpu: Fix PCI device refcount leak in
  amdgpu_atrm_get_bios() (git-fixes).
- drm/radeon: Fix PCI device refcount leak in
  radeon_atrm_get_bios() (git-fixes).
- drm/amd/pm/smu11: BACO is supported when it's in BACO state
  (git-fixes).
- drm/i915/dsi: fix VBT send packet port selection for dual link
  DSI (git-fixes).
- drm/amdgpu: fix pci device refcount leak (git-fixes).
- drm/tegra: Add missing clk_disable_unprepare() in
  tegra_dc_probe() (git-fixes).
- drm/mediatek: Modify dpi power on/off sequence (git-fixes).
- drm/i915: remove circ_buf.h includes (git-fixes).
- drm/i915/ttm: never purge busy objects (git-fixes).
- drm/radeon: Add the missed acpi_put_table() to fix memory leak
  (git-fixes).
- drm/etnaviv: don't truncate physical page address (git-fixes).
- dt-bindings: display: sun6i-dsi: Fix clock conditional
  (git-fixes).
- drm/ingenic: Fix missing platform_driver_unregister() call in
  ingenic_drm_init() (git-fixes).
- Revert "/drm/amd/display: Limit max DSC target bpp for specific
  monitors"/ (git-fixes).
- drm/amdgpu/powerplay/psm: Fix memory leak in power state init
  (git-fixes).
- drm/panel/panel-sitronix-st7701: Remove panel on DSI attach
  failure (git-fixes).
- drm/vmwgfx: Validate the box size for the snooped cursor
  (git-fixes).
- drm/rockchip: lvds: fix PM usage counter unbalance in poweron
  (git-fixes).
- drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes).
- drm/bridge: adv7533: remove dynamic lane switching from adv7533
  bridge (git-fixes).
- drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink
  (git-fixes).
- floppy: Fix memory leak in do_floppy_init() (git-fixes).
- Documentation/features-refresh.sh: Only sed the beginning
  "/arch"/ of ARCH_DIR (git-fixes).
- docs/zh_CN: Fix '.. only::' directive's expression (git-fixes).
- Documentation: devres: add missing PWM helper (git-fixes).
- drm/vmwgfx: Don't use screen objects when SEV is active
  (git-fixes).
- drm/shmem-helper: Avoid vm_open error paths (git-fixes).
- drm/shmem-helper: Remove errant put in error path (git-fixes).
- drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420
  (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix output polarity setting bug
  (git-fixes).
- drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle
  suspend (git-fixes).
- HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes).
- HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire
  Switch V 10 (git-fixes).
- gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes).
- fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes).
- gpiolib: check the 'ngpios' property in core gpiolib code
  (git-fixes).
- gpiolib: improve coding style for local variables (git-fixes).
- drm/bridge: anx7625: Fix edid_read break case in
  sp_tx_edid_read() (git-fixes).
- commit 1ce780f
- Refresh patches.suse/dt-bindings-clocks-imx8mp-Add-ID-for-usb-suspend-clo.patch
  Correct the doubly defined IMX8MP_CLK_END
- commit 880f395
- ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes).
- ASoC: rockchip: spdif: Add missing clk_disable_unprepare()
  in rk_spdif_runtime_resume() (git-fixes).
- ASoC: wm8994: Fix potential deadlock (git-fixes).
- ASoC: mediatek: mt8183: fix refcount leak in
  mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes).
- ASoC: rockchip: pdm: Add missing clk_disable_unprepare()
  in rockchip_pdm_runtime_resume() (git-fixes).
- ASoC: audio-graph-card: fix refcount leak of cpu_ep in
  __graph_for_each_link() (git-fixes).
- ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in
  mt8173_rt5650_rt5514_dev_probe() (git-fixes).
- class: fix possible memory leak in __class_register()
  (git-fixes).
- chardev: fix error handling in cdev_device_add() (git-fixes).
- Bluetooth: RFCOMM: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_core: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_bcsp: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_h5: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_ll: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: hci_qca: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: btusb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: btintel: Fix missing free skb in
  btintel_setup_combined() (git-fixes).
- Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS
  (git-fixes).
- can: tcan4x5x: Remove invalid write in clear_interrupts
  (git-fixes).
- can: kvaser_usb_leaf: Fix bogus restart events (git-fixes).
- can: kvaser_usb_leaf: Fix wrong CAN state after stopping
  (git-fixes).
- can: kvaser_usb_leaf: Set Warning state even without bus errors
  (git-fixes).
- clk: qcom: clk-krait: fix wrong div2 functions (git-fixes).
- clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes).
- clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs
  (git-fixes).
- clk: imx: replace osc_hdmi with dummy (git-fixes).
- clk: imx: imx8mp: add shared clk gate for usb suspend clk
  (git-fixes).
- clk: rockchip: Fix memory leak in rockchip_clk_register_pll()
  (git-fixes).
- clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h
  (git-fixes).
- clk: renesas: r9a06g032: Repair grave increment error
  (git-fixes).
- clk: nomadik: correct struct name kernel-doc warning
  (git-fixes).
- clk: socfpga: Fix memory leak in socfpga_gate_init()
  (git-fixes).
- clk: samsung: Fix memory leak in _samsung_clk_register_pll()
  (git-fixes).
- ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe
  (git-fixes).
- ASoC: mediatek: mt8173: Enable IRQ when pdata is ready
  (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Add checks for write and read of
  mtk_btcvsd_snd (git-fixes).
- ASoC: dt-bindings: wcd9335: fix reset line polarity in example
  (git-fixes).
- binfmt: Fix error return code in load_elf_fdpic_binary()
  (git-fixes).
- binfmt_elf: fix documented return value for load_elf_phdrs()
  (git-fixes).
- Bluetooth: btusb: Add debug message for CSR controllers
  (git-fixes).
- can: mcba_usb: Fix termination command argument (git-fixes).
- can: sja1000: fix size of OCR_MODE_MASK define (git-fixes).
- clk: Provide new devm_clk helpers for prepared and enabled
  clocks (git-fixes).
- clk: generalize devm_clk_get() a bit (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
  (git-fixes).
- commit 4b9e60b
- arm64: dts: mt8183: Fix Mali GPU clock (git-fixes).
- amdgpu/pm: prevent array underflow in
  vega20_odn_edit_dpm_table() (git-fixes).
- ASoC: qcom: Add checks for devm_kcalloc (git-fixes).
- ASoC: pxa: fix null-pointer dereference in filter() (git-fixes).
- ASoC: jz4740-i2s: Handle independent FIFO flush bits
  (git-fixes).
- ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt
  (git-fixes).
- ALSA: pcm: Set missing stop_operating flag at undoing trigger
  start (git-fixes).
- ALSA: asihpi: fix missing pci_disable_device() (git-fixes).
- ACPICA: Fix use-after-free in
  acpi_ut_copy_ipackage_to_ipackage() (git-fixes).
- ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes).
- arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes).
- ARM: dts: armada-39x: Fix compatible string for gpios
  (git-fixes).
- ARM: dts: armada-38x: Fix compatible string for gpios
  (git-fixes).
- ARM: dts: turris-omnia: Add switch port 6 node (git-fixes).
- ARM: dts: turris-omnia: Add ethernet aliases (git-fixes).
- ARM: dts: armada-39x: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-38x: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-375: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-xp: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: armada-370: Fix assigned-addresses for every PCIe
  Root Port (git-fixes).
- ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port
  (git-fixes).
- arm64: dts: armada-3720-turris-mox: Add missing interrupt for
  RTC (git-fixes).
- arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes).
- arm64: dts: qcom: sm8250: correct LPASS pin pull down
  (git-fixes).
- arm64: dts: qcom: msm8916: Drop MSS fallback compatible
  (git-fixes).
- arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias
  (git-fixes).
- arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive
  strength (git-fixes).
- arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes).
- arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes).
- arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP
  tables (git-fixes).
- arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes).
- arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins
  drive strength (git-fixes).
- arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen
  bias-disable (git-fixes).
- arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes).
- ARM: dts: nuvoton: Remove bogus unit addresses from
  fixed-partition nodes (git-fixes).
- arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node
  (git-fixes).
- arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node
  (git-fixes).
- arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name
  (git-fixes).
- arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings
  (git-fixes).
- arm64: dts: mt2712-evb: Fix usb vbus regulators unit names
  (git-fixes).
- arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names
  (git-fixes).
- arm64: dts: mt2712e: Fix unit address for pinctrl node
  (git-fixes).
- arm64: dts: mt2712e: Fix unit_address_vs_reg warning for
  oscillators (git-fixes).
- arm64: dts: mt6779: Fix devicetree build warnings (git-fixes).
- arm64: dts: mt7622: drop r_smpl property from mmc node
  (git-fixes).
- arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes).
- ARM: dts: stm32: Fix AV96 WLAN regulator gpio property
  (git-fixes).
- ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96
  (git-fixes).
- arm: dts: spear600: Fix clcd interrupt (git-fixes).
- ARM: mmp: fix timer_read delay (git-fixes).
- ARM: ux500: do not directly dereference __iomem (git-fixes).
- Revert "/ARM: dts: imx7: Fix NAND controller size-cells"/
  (git-fixes).
- ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes).
- ASoC: ops: Check bounds for second channel in
  snd_soc_put_volsw_sx() (git-fixes).
- ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes).
- ASoC: fsl_micfil: explicitly clear software reset bit
  (git-fixes).
- ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes).
- ASoC: rt711-sdca: fix the latency time of clock stop prepare
  state machine transitions (git-fixes).
- ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1
  register (git-fixes).
- ALSA: seq: Fix function prototype mismatch in
  snd_seq_expand_var_event (git-fixes).
- ARM: dts: rockchip: disable arm_global_timer on rk3066 and
  rk3188 (git-fixes).
- ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name
  (git-fixes).
- arm64: dts: rockchip: fix ir-receiver node names (git-fixes).
- ARM: dts: rockchip: fix ir-receiver node names (git-fixes).
- arm: dts: rockchip: remove clock-frequency from rtc (git-fixes).
- arm: dts: rockchip: fix node name for hym8563 rtc (git-fixes).
- arm64: dts: rockchip: keep I2S1 disabled for GPIO function on
  ROCK Pi 4 series (git-fixes).
- ARM: 9251/1: perf: Fix stacktraces for tracepoint events in
  THUMB2 kernels (git-fixes).
- commit 0882612
- Move upstreamed patches into sorted section
- commit 407fb87
- Update
  patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
  (git-fixes bsc#1206664 CVE-2022-4662).
- Update
  patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
  (git-fixes bsc#1206664 CVE-2022-4662).
- commit 3b17120
- Update patch reference for mali drm fix (CVE-2022-3115 bsc#1206393)
- commit 92552e2
- Update patch reference for wilc1000 fix (CVE-2022-47520 bsc#1206515)
- commit 9822092
- kabi/severities: ignore kABI change for meson driver fix (CVE-2022-3112 bsc#1206399)
- commit d487c3e
- media: meson: vdec: potential dereference of null pointer
  (CVE-2022-3112 bsc#1206399).
- commit 9d391c5
- usb: dwc3: qcom: fix runtime PM wakeup (git-fixes).
- commit e80a310
- Update patch reference for BT fix (CVE-2022-3564 bsc#1206073)
- commit 6efc048
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit 7228f51
- blacklist.conf: cleanup that depends on the new feature of support for scatter/gather in uvc gadgets
- commit 0558392
- blacklist.conf: cleanup that depends on the new feature of support for
  scatter/gather in uvc gadgets
- commit 788ee91
- blacklist.conf: cleanup breaking kABI
- commit e89eed6
- blacklist.conf: cleanup designed to break kABI
- commit 8110223
- net: usb: smsc95xx: fix external PHY reset (git-fixes).
- commit d0d567a
- scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes).
- commit ed33fcf
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit dc64fbc
- vsock: Enable y2038 safe timeval for timeout (bsc#1206101).
- vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt
  (bsc#1206101).
- commit e791efd
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit 4371191
- blacklist.conf: misattributed
- commit e5b755e
- rtc: pcf85063: Fix reading alarm (git-fixes).
- commit 424b0c4
- rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes).
- commit 6c3ba9b
- rtc: ds1347: fix value written to century register (git-fixes).
- commit c64b579
- net/mlx5: Fix mlx5_get_next_dev() peer device matching
  (bsc#1206536).
- net/mlx5: Lag, filter non compatible devices (bsc#1206536).
- commit 7f6b5b4
- blacklist.conf: duplicate
- commit 302a460
- blacklist.conf: misattributed in upstream, fixes a feature we lack
- commit fca7a76
- tracing/doc: Fix typos on the timerlat tracer documentation
  (git-fixes).
- commit f1f58a1
- MAINTAINERS: update arm,vic.yaml reference (git-fixes).
- commit 60bf131
- MAINTAINERS: fix update references to stm32 audio bindings
  (git-fixes).
- commit 5fab9fb
- blacklist.conf: breaks kABI, not important in our configurations
- commit 93e7ee0
- MAINTAINERS: update gpio-zynq.yaml reference (git-fixes).
- commit ced834d
- MAINTAINERS: update arm,pl353-smc.yaml reference (git-fixes).
- commit 62c9d5b
- efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes).
- commit 3bcf3ad
- NFSD: fix use-after-free in __nfs42_ssc_open() (bsc#1206209
  CVE-2022-4379).
- commit 42200b2
- Update
  patches.suse/drm-amdkfd-Check-for-null-pointer-after-calling-kmem.patch
  (CVE-2022-3108 bsc#1206389 git-fixes).
- commit cc09cbc
- lkdtm/bugs: Check for the NULL pointer after calling kmalloc
  (CVE-2022-3104 bsc#1206396).
- commit 5144632
- Update
  patches.suse/media-mtk-vcodec-potential-dereference-of-null-point.patch
  (CVE-2022-3113 bsc#1206390 git-fixes).
- commit 3cbcfe5
- Update
  patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
  (CVE-2022-3107 bsc#1206395 git-fixes).
- commit 74c81de
- Update
  patches.suse/power-supply-wm8350-power-Add-missing-free-in-free_c.patch
  (CVE-2022-3111 bsc#1206394 git-fixes).
- commit 3e68171
- Update
  patches.suse/RDMA-uverbs-Check-for-null-return-of-kmalloc_array.patch
  (jsc#SLE-19249 bsc#1206398 CVE-2022-3105).
- commit 1d5d55f
- Update
  patches.suse/sfc_ef100-potential-dereference-of-null-pointer.patch
  (git-fixes bsc#1206397 CVE-2022-3106).
  Added CVE reference
- commit 7a802f9
- Update
  patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
  (git-fixes bsc#1206188).
  Added bugzilla reference
- commit 495320f
- padata: Fix list iterator in padata_do_serial() (git-fixes).
- commit 7ce0fe3
- HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes).
- commit 43731f8
- restore m_can_lec_type (git-fixes).
- commit 785d940
- can: m_can: is_lec_err(): clean up LEC error handling
  (git-fixes).
- commit c7997f5
- can: m_can: fix typo prescalar -> prescaler (git-fixes).
- commit b0ef074
- can: do not increase rx_bytes statistics for RTR frames
  (git-fixes).
- commit 5858150
- can: do not increase rx statistics when generating a CAN rx
  error message frame (git-fixes).
- Refresh
  patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch.
- Refresh
  patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch.
- Refresh
  patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch.
- commit db678c8
- Update patches.suse/clk-imx-Add-check-for-kcalloc.patch
  (CVE-2022-3114 bsc#1206391 git-fixes).
- commit 064b31b
- kABI: reintroduce a non-inline usleep_range (git-fixes).
- commit 21c3a5e
- units: add the HZ macros (git-fixes).
- commit 3f20d38
- units: Add SI metric prefix definitions (git-fixes).
- commit de9d9f3
- can: kvaser_usb: make use of units.h in assignment of frequency
  (git-fixes).
- commit 595fe30
- dt-bindings: clocks: imx8mp: Add ID for usb suspend clock
  (git-fixes).
- commit c4d1409
- module: change to print useful messages from
  elf_validity_check() (git-fixes).
- commit cc1513a
- module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes).
- commit f0db1f3
- blacklist.conf: module loader cleanup, not a bug fix
- commit 143fbeb
- tracing: Free buffers when a used dynamic event is removed
  (git-fixes).
- commit f5bb197
- tracing: Add tracing_reset_all_online_cpus_unlocked() function
  (git-fixes).
- commit 1bf2379
- tracing/osnoise: Fix duration type (git-fixes).
- commit e223ebb
- timers: implement usleep_idle_range() (git-fixes).
- commit 8d5d397
- ext4: avoid BUG_ON when creating xattrs (bsc#1205496).
- commit 99b40af
- rtmutex: Add acquire semantics for rtmutex lock acquisition
  slow path (bnc#1203829).
- commit f0851ea
- memcg: Fix possible use-after-free in
  memcg_write_event_control() (bsc#1206344).
- commit bb70275
- net: mana: Fix race on per-CQ variable napi work_done
  (git-fixes).
- commit 82dd88a
- s390/boot: add secure boot trailer (bsc#1205257 LTC#200451).
- commit 9fd2fd0
- blacklist.conf: Append 'drm/vc4: hvs: Reset muxes at probe time'
- commit 7d65cb6
- random: convert to using fops->write_iter() (bsc#1204911).
- commit a7bff26
- random: zero buffer after reading entropy from userspace
  (bsc#1204911).
- commit 3217a87
- random: allow partial reads if later user copies fail
  (bsc#1204911).
- commit 9005c8f
- random: check for signals every PAGE_SIZE chunk of /dev/random
  (bsc#1204911).
- commit 19aa9ae
- random: convert to using fops->read_iter() (bsc#1204911).
- commit 10d2455
- random: remove outdated INT_MAX >> 6 check in urandom_read()
  (bsc#1204911).
- commit 485f330
- Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259)
- Delete
  patches.suse/0001-char-random-wire-up-userspace-interface-to-SP800-90B.patch.
- Delete
  patches.suse/0002-char-random-reinstantiate-DRBGs-once-optimized-sha51.patch.
- commit 84d63aa
- SCSI: iscsi: kabi: fix libiscsi new field (git-fixes).
- scsi: iscsi: Fix possible memory leak when device_register()
  failed (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
  (git-fixes).
- scsi: scsi_debug: Make the READ CAPACITY response compliant
  with ZBC (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs
  (git-fixes).
- scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling
  getpeername() (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
  (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: iscsi: Run recv path from workqueue (git-fixes).
- scsi: iscsi: Add recv workqueue helpers (git-fixes).
- scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes).
- scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case
  (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
  (git-fixes).
- scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup()
  (git-fixes).
- scsi: ufs: Use pm_runtime_resume_and_get() instead of
  pm_runtime_get_sync() (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: iscsi: Fix harmless double shift bug (git-fixes).
- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state
  (git-fixes).
- commit 49caf69
- fuse: lock inode unconditionally in fuse_fallocate()
  (bsc#1206273).
- commit f576f6c
- blacklist.conf: added 80019f113832 ("/fuse: always initialize sb->s_fs_info"/)
- commit dda205a
- fbdev: smscufx: Fix several use-after-free bugs (git-fixes).
- commit a097aee
- Refresh
  patches.suse/fbdev-smscufx-Fix-use-after-free-in-ufx_ops_open.patch.
  Update metadata (Git-commit and Patch-mainline).
- commit 8f64db0
- Update patch reference for proc fixes (CVE-2022-4378 bsc#1206207)
- commit cab6fa7
- Revert "/drm/vc4: hvs: Reset muxes at probe time (git-fixes)."/ (bsc#1202341)
  This reverts commit 303122d0f2160411fa1068220bc59849d848550d.
  The reverted change clears hardware state on the RPi4, which leaves the
  screen blank. Without it, the display works correctly.
- commit 957f968
- selftests: rtnetlink: correct xfrm policy rule in
  kci_test_ipsec_offload (git-fixes).
- vmxnet3: use correct intrConf reference when using extended
  queues (git-fixes).
- vmxnet3: correctly report encapsulated LRO packet (git-fixes).
- proc: proc_skip_spaces() shouldn't think it is working on C
  strings (git-fixes).
- proc: avoid integer type confusion in get_proc_long (git-fixes).
- commit 3a866aa
- macsec: add missing attribute validation for offload
  (git-fixes).
- net: thunderbolt: fix memory leak in tbnet_open() (git-fixes).
- mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add()
  (git-fixes).
- ca8210: Fix crash by zero initializing data (git-fixes).
- ieee802154: cc2520: Fix error return code in cc2520_hw_init()
  (git-fixes).
- net: mdio: fix unbalanced fwnode reference count in
  mdio_device_release() (git-fixes).
- NFC: nci: Bounds check struct nfc_target arrays (git-fixes).
- Bluetooth: Fix not cleanup led when bt_init fails (git-fixes).
- Bluetooth: 6LoWPAN: add missing hci_dev_put() in
  get_l2cap_conn() (git-fixes).
- e1000e: Fix TX dispatch condition (git-fixes).
- HID: core: fix shift-out-of-bounds in hid_report_raw_event
  (git-fixes).
- HID: hid-lg4ff: Add check for empty lbuf (git-fixes).
- gpio: amd8111: Fix PCI device reference count leak (git-fixes).
- ACPI: HMAT: Fix initiator registration for single-initiator
  systems (git-fixes).
- ACPI: HMAT: remove unnecessary variable initialization
  (git-fixes).
- pinctrl: intel: Save and restore pins in "/direct IRQ"/ mode
  (git-fixes).
- nilfs2: fix NULL pointer dereference in
  nilfs_palloc_commit_free_entry() (git-fixes).
- commit a0e4929
- scsi: iscsi: Merge suspend fields (git-fixes).
- Refresh
  patches.suse/scsi-iscsi-Fix-NOP-handling-during-conn-recovery.patch.
- commit 0f7d01e
- scsi: megaraid_sas: Target with invalid LUN ID is deleted
  during scan (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mpt3sas: Fail reset operation if config request timed out
  (git-fixes).
- scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map()
  (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
  (git-fixes).
- scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
  (git-fixes).
- scsi: pm8001: Fix memory leak in
  pm8001_chip_fw_flash_update_req() (git-fixes).
- scsi: pm8001: Fix tag leaks on error (git-fixes).
- scsi: pm8001: Fix task leak in pm8001_send_abort_all()
  (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes).
- scsi: mpi3mr: Fix memory leaks (git-fixes).
- scsi: mpi3mr: Fix reporting of actual data transfer size
  (git-fixes).
- scsi: smartpqi: Fix kdump issue when controller is locked up
  (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task
  (git-fixes).
- scsi: pm8001: Fix use-after-free for aborted TMF sas_task
  (git-fixes).
- scsi: core: Reallocate device's budget map on queue depth change
  (git-fixes).
- scsi: pm80xx: Fix double completion for SATA devices
  (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: ufs: Treat link loss as fatal error (git-fixes).
- scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode()
  (git-fixes).
- scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes).
- scsi: qedf: Change context reset messages to ratelimited
  (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF
  (git-fixes).
- scsi: qedf: Add stag_work to all the vports (git-fixes).
- scsi: ufs: ufshcd-pltfrm: Check the return value of
  devm_kstrdup() (git-fixes).
- scsi: mpi3mr: Fixes around reply request queues (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: ufs: Fix a kernel crash during shutdown (git-fixes).
- commit b966a92
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 31c03d6
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- Refresh
  patches.suse/scsi-libiscsi-Teardown-iscsi_cls_conn-gracefully.patch.
- commit c3c0393
- scsi: iscsi: Unblock session then wake up error handler
  (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()
  (git-fixes).
- scsi: scsi_debug: Fix out-of-bound read in resp_readcap16()
  (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- commit 82fa2c6
- scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match
  the definition (git-fixes).
- Refresh
  patches.suse/scsi-ufs-core-Stop-clearing-UNIT-ATTENTIONS.
- commit 0c849f9
- kbuild: Unify options for BTF generation for vmlinux and modules
  (bsc#1204693).
- Refresh patches.suse/kbuild-Add-skip_encoding_btf_enum64-option-to-pahole.patch
- commit 5addeac
- scsi: core: Fix scsi_mode_sense() buffer length handling
  (git-fixes).
- scsi: pm80xx: Fix memory leak during rmmod (git-fixes).
- scsi: hisi_sas: Use managed PCI functions (git-fixes).
- scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list()
  function (git-fixes).
- commit 5431fc1
- blacklist.conf: add git-fixes to be blacklisted
- commit cbba3af
- btrfs: check if root is readonly while setting security xattr
  (bsc#1206147).
- commit 50a73ba
- btrfs: do not allow compression on nodatacow files
  (bsc#1206149).
- commit 5167f62
- btrfs: export a helper for compression hard check (bsc#1206149).
- commit f5cf2dc
- x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon
  resume from S3 (bsc#1206037).
- commit 6215cd5
- xen/netback: don't call kfree_skb() with interrupts disabled
  (bsc#1206114, XSA-424, CVE-2022-42328, CVE-2022-42329).
- commit 90098d3
- xen/netback: Ensure protocol headers don't fall in the
  non-linear area (bsc#1206113, XSA-423, CVE-2022-3643).
- commit 6c8da66
- mm/memory.c: fix race when faulting a device private page
  (CVE-2022-3523, bsc#1204363).
  nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523,
  bsc#1204363).
  mm/memory: return vm_fault_t result from migrate_to_ram()
  callback (CVE-2022-3523, bsc#1204363).
  kabi: workaround for migrate_vma.fault_page (CVE-2022-3523,
  bsc#1204363).
- commit 14f6a2f
- btrfs: fix processing of delayed tree block refs during backref
  walking (bsc#1206057).
- commit 83a8ed2
- btrfs: fix processing of delayed data refs during backref
  walking (bsc#1206056).
- commit 2ec426f
- btrfs: send: fix send failure of a subcase of orphan inodes
  (bsc#1206036).
- commit 90cbaac
- btrfs: send: fix failures when processing inodes with no links
  (bsc#1206036).
- commit f017ade
- btrfs: send: use boolean types for current inode status
  (bsc#1206036).
- commit 36f86c0
- btrfs: send: refactor arguments of get_inode_info()
  (bsc#1206036).
- commit a80bf85
- ceph: avoid putting the realm twice when decoding snaps fails
  (bsc#1206051).
- ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050).
- ceph: fix memory leak in ceph_readdir when note_last_dentry
  returns  error (bsc#1206049).
- ceph: fix inode reference leakage in ceph_get_snapdir()
  (bsc#1206048).
- ceph: do not update snapshot context when there is no new
  snapshot (bsc#1206047).
- ceph: switch netfs read ops to use rreq->inode instead of
  rreq->mapping->host (bsc#1206046).
- ceph: properly handle statfs on multifs setups (bsc#1206045).
- commit 777e847
- btrfs: send: remove unused type parameter to iterate_inode_ref_t
  (bsc#1206036).
- commit 0e9e4f2
- btrfs: send: remove unused found_type parameter to
  lookup_dir_item_inode() (bsc#1206036).
- commit 7f2d376
- blacklist.conf: added 1b2ba3c5616e ("/ceph: flush the mdlog for filesystem sync"/)
- commit a1975bc
- btrfs: send: always use the rbtree based inode ref management
  infrastructure (bsc#1206036).
- commit e503e70
- blacklist.conf: added 5bd76b8de5b7 ("/ceph: fix NULL pointer dereference for req->r_session"/)
- commit 33375e7
- btrfs: send: fix sending link commands for existing file paths
  (bsc#1206036).
- commit 382a30f
- blacklist.conf: added aa1d627207ca ("/ceph: Use kcalloc for allocating multiple elements"/)
- commit 169da79
- blacklist.conf: added 89d43d0551a8 ("/ceph: put the requests/sessions when it fails to alloc memory"/)
- commit e095309
- blacklist.conf: added 0e24421ac431 ("/ceph: fix mdsmap decode when there are MDS's beyond max_mds"/)
- commit 0e95811
- btrfs: send: introduce recorded_ref_alloc and recorded_ref_free
  (bsc#1206036).
- commit f582043
- btrfs: prevent subvol with swapfile from being deleted
  (bsc#1206035).
- commit 17d1de0
- sched: Disable sched domain debugfs creation on ppc64 unless
  sched_verbose is specified (bnc#1205653).
- commit 039564b
- char: tpm: Protect tpm_pm_suspend with locks (git-fixes).
- Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send()
  (git-fixes).
- commit 0216ffd
- usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Clear-ep-descriptor-last.patch.
- commit eede34a
- usb: dwc3: gadget: conditionally remove requests (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Clear-ep-descriptor-last.patch.
- commit baddb4e
- i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set
  (git-fixes).
- i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes).
- pinctrl: single: Fix potential division by zero (git-fixes).
- mmc: sdhci-sprd: Fix no reset data and command after voltage
  switch (git-fixes).
- mmc: mmc_test: Fix removal of debugfs file (git-fixes).
- mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check
  (git-fixes).
- mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes).
- ASoC: ops: Fix bounds check for _sx controls (git-fixes).
- ALSA: dice: fix regression for Lexicon I-ONIX FW810S
  (git-fixes).
- wifi: wilc1000: validate number of channels (git-fixes).
- wifi: wilc1000: validate length of
  IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes).
- wifi: wilc1000: validate length of
  IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes).
- wifi: wilc1000: validate pairwise and authentication suite
  offsets (git-fixes).
- ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove
  (git-fixes).
- dma-buf: fix racing conflict of dma_heap_add() (git-fixes).
- selftests: mptcp: fix mibit vs mbit mix up (git-fixes).
- Input: soc_button_array - add Acer Switch V 10 to
  dmi_use_low_level_irq[] (git-fixes).
- Input: soc_button_array - add use_low_level_irq module parameter
  (git-fixes).
- Input: goodix - try resetting the controller when no config
  is set (git-fixes).
- Input: synaptics - switch touchpad on HP Laptop 15-da3001TU
  to RMI mode (git-fixes).
- serial: 8250: 8250_omap: Avoid RS485 RTS glitch on
  - >set_termios() (git-fixes).
- tools: iio: iio_generic_buffer: Fix read size (git-fixes).
- iio: pressure: ms5611: fixed value compensation bug (git-fixes).
- ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes).
- ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes).
- ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01
  (git-fixes).
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- platform/x86: hp-wmi: Ignore Smart Experience App event
  (git-fixes).
- platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10
  (SW5-017) (git-fixes).
- platform/x86: asus-wmi: add missing pci_dev_put() in
  asus_wmi_set_xusb2pr() (git-fixes).
- ata: libata-core: do not issue non-internal commands once EH
  is pending (git-fixes).
- arm64/syscall: Include asm/ptrace.h in syscall_wrapper header
  (git-fixes).
- spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk
  for every run (git-fixes).
- mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue
  (git-fixes).
- wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes).
- wifi: mac80211: Fix ack frame idr leak when mesh has no route
  (git-fixes).
- wifi: airo: do not assign -1 to unsigned char (git-fixes).
- wifi: mac80211_hwsim: fix debugfs attribute ps with rc table
  support (git-fixes).
- wifi: mac80211: fix memory free error when registering wiphy
  fail (git-fixes).
- audit: fix undefined behavior in bit shift for AUDIT_BIT
  (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the RCA Cambio
  W101 v2 2-in-1 (git-fixes).
- platform/x86: ideapad-laptop: Disable touchpad_switch
  (git-fixes).
- selftests: mptcp: make sendfile selftest work (git-fixes).
- ASoC: fsl_sai: use local device pointer (git-fixes).
- mmc: sdhci-brcmstb: Enable Clock Gating to save power
  (git-fixes).
- mmc: sdhci-brcmstb: Re-organize flags (git-fixes).
- ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes).
- iio: ms5611: Simplify IO callback parameters (git-fixes).
- selftests: mptcp: more stable simult_flows tests (git-fixes).
- commit 4ec7214
- Blacklist io-wq-max_worker-fixes on SP4
  Commit bc369921d670 ("/io-wq: max_worker fixes"/) claims to fix
  2e480058ddc2 ("/io-wq: provide a way to limit max number of workers"/) but
  actually fixes 7a842fb589e3 ("/io-wq: code clean of
  io_wqe_create_worker()"/) which we don't carry in SP4.  Blacklist it to
  silent git-fixes.
  Nevertheless, it is required in SP5. This commit must be reverted there.
- commit 4da02f1
- io-wq: exclusively gate signal based exit on get_signal()
  return (git-fixes).
- commit 0f61b91
- Do not enable CONFIG_ATARI_PARTITION (jsc#PED-1573)
- commit 51c7091
- Fix patches.suse/MM-reclaim-mustn-t-enter-FS-for-swap-over-NFS.patch
  Fixed implicit-function-declaration warning when
  swap is disabled (bsc#1205993).
- commit 2816166
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()
  (git-fixes).
- hwmon: (coretemp) Check for null before removing sysfs attrs
  (git-fixes).
- hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc()
  fails (git-fixes).
- hwmon: (i5500_temp) fix missing pci_disable_device()
  (git-fixes).
- hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes).
- hwmon: (ltc2947) fix temperature scaling (git-fixes).
- ARM: at91: rm9200: fix usb device clock id (git-fixes).
- commit e077c40
- block: Do not reread partition table on exclusively open device
  (bsc#1190969).
- commit e522e07
- Update patch reference for ATM fix (CVE-2022-3635 bsc#1204631)
- commit 7ef6216
- Move upstreamed i915 fix into sorted section
- commit 8ee5ebf
- x86/hyperv: Update 'struct hv_enlightened_vmcs' definition
  (git-fixes).
- x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition
  (git-fixes).
- commit 86dd4ce
- net: ethernet: renesas: ravb: Fix promiscuous mode after system
  resumed (git-fixes).
- net: mdiobus: fix unbalanced node reference count (git-fixes).
- wifi: mac8021: fix possible oob access in
  ieee80211_get_rate_duration (git-fixes).
- wifi: cfg80211: don't allow multi-BSSID in S1G (git-fixes).
- wifi: cfg80211: fix buffer overflow in elem comparison
  (git-fixes).
- net: wwan: iosm: fix dma_alloc_coherent incompatible pointer
  type (git-fixes).
- net: wwan: iosm: fix kernel test robot reported error
  (git-fixes).
- net: ethernet: nixge: fix NULL dereference (git-fixes).
- net: ethernet: ti: am65-cpsw: fix error handling in
  am65_cpsw_nuss_probe() (git-fixes).
- e100: Fix possible use after free in e100_xmit_prepare
  (git-fixes).
- fm10k: Fix error handling in fm10k_init_module() (git-fixes).
- net: phy: fix null-ptr-deref while probe() failed (git-fixes).
- can: m_can: Add check for devm_clk_get (git-fixes).
- can: m_can: pci: add missing m_can_class_free_dev() in
  probe/remove methods (git-fixes).
- can: etas_es58x: es58x_init_netdev(): free netdev when
  register_candev() (git-fixes).
- can: cc770: cc770_isa_probe(): add missing free_cc770dev()
  (git-fixes).
- can: sja1000_isa: sja1000_isa_probe(): add missing
  free_sja1000dev() (git-fixes).
- Revert "/net: phy: meson-gxl: improve link-up behavior"/
  (git-fixes).
- commit 225e8fd
- net: stmmac: work around sporadic tx issue on link-up
  (git-fixes).
- commit e5a3408
- KVM: x86/mmu: Fix race condition in direct_page_fault
  (bsc#1205882, CVE-2022-45869).
- commit e2a86d6
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- blacklist.conf: faeture, not fix
- commit 8c4e5cb
- blacklist.conf: kABI
- commit e518f66
- blacklist.conf: misattributed
- commit dd8dac1
- blacklist.conf: kABI
- commit 267578b
- blacklist.conf: kABI
- commit ca10017
- mac80211: radiotap: Use BIT() instead of shifts (git-fixes).
- commit fa4dbfe
- char: xillybus: Fix trivial bug with mutex (bsc#1205764
  CVE-2022-45888).
- char: xillybus: Prevent use-after-free due to race condition
  (bsc#1205764 CVE-2022-45888).
- commit 8d88aac
- platform/x86/intel/pmt: Sapphire Rapids PMT errata fix
  (jsc#PED-2684 bsc#1205683).
- commit a6ac9d8
- Refresh patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch.
  Fix metadata
- commit f4fe6e0
- ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533
  git-fixes).
- commit 9f37b44
- config: arm64: Fix Freescale LPUART dependency (boo#1204063)
  Commit 8d7f37c61a07 inserted CONFIG_SERIAL_FSL_LPUART_CONSOLE=y
  but forgot to change CONFIG_SERIAL_FSL_LPUART=m to =y as dependency,
  as the upstream Kconfig appears to be missing it for this driver.
- commit c1cdcc5
- blacklist.conf: kABI
- commit 27ebcbb
- Move upstreamed input patch into sorted section (bsc#1190256)
- commit 32c618e
- usb: dwc3: gadget: Clear ep descriptor last (git-fixes).
- commit 17b7c9d
- blacklist.conf: kABI
- commit 3301053
- usb: xhci-mtk: check boundary before check tt (git-fixes).
- commit 401f88b
- usb: xhci-mtk: update fs bus bandwidth by bw_budget_table
  (git-fixes).
- commit bfe9566
- xen/pcpu: fix possible memory leak in register_pcpu()
  (git-fixes).
- commit dab6b8a
- x86/entry: Work around Clang __bdos() bug (git-fixes).
- commit e06d1d8
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32
  (git-fixes).
- commit ec4c7d4
- x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes).
- commit eddf207
- init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
  (git-fixes).
- commit 9e93e06
- io_uring: fix possible poll event lost in multi shot mode
  (git-fixes).
- commit 2b11ccf
- io-wq: ensure we exit if thread group is exiting (git-fixes).
- io_uring: fix missing sigmask restore in io_cqring_wait()
  (git-fixes).
- io_uring: pin SQPOLL data before unlocking ring lock
  (git-fixes).
- io_uring: drop ctx->uring_lock before acquiring sqd->lock
  (git-fixes).
- io_uring: fix missing mb() before waitqueue_active (git-fixes).
- commit 83b832a
- cifs: fix missing unlock in cifs_file_copychunk_range()
  (git-fixes).
- commit c1df133
- cifs: Use after free in debug code (git-fixes).
- commit 64acc9c
- cifs: add check for returning value of SMB2_set_info_init
  (git-fixes).
- commit 98fbee7
- cifs: Fix wrong return value checking when GETFLAGS (git-fixes).
- commit 70eda18
- cifs: add check for returning value of SMB2_close_init
  (git-fixes).
- commit f80dd26
- cifs: Fix connections leak when tlink setup failed (git-fixes).
- commit 173646f
- KVM: x86: Retry page fault if MMU reload is pending and root
  has no sp (bsc#1205744).
- commit 2631fac
- drm/i915: fix TLB invalidation for Gen12 video and compute
  engines (CVE-2022-4139 bsc#1205700).
- commit 80818ce
- Refresh patches.suse/misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch (CVE-2022-3424 bsc#1204166)
  Taken from v10 patch in char-misc subsystem tree
- commit 70dae18
- Update
  patches.suse/HID-roccat-Fix-use-after-free-in-roccat_read.patch
  (bsc#1203960 CVE-2022-41850).
- commit 94bd71f
- Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes).
- Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes).
- v3 of "/PCI: hv: Only reuse existing IRTE allocation for Multi-MSI"/
- scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes).
- commit a5fb15b
- Bluetooth: L2CAP: Fix u8 overflow (CVE-2022-45934 bsc#1205796).
- commit 966bbc0
- usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes).
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- usb: cdnsp: Fix issue with Clear Feature Halt Endpoint
  (git-fixes).
- iio: core: Fix entry not deleted when
  iio_register_sw_trigger_type() fails (git-fixes).
- iio: light: rpr0521: add missing Kconfig dependencies
  (git-fixes).
- iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw
  (git-fixes).
- iio: health: afe4403: Fix oob read in afe4403_read_raw
  (git-fixes).
- iio: light: apds9960: fix wrong register for gesture gain
  (git-fixes).
- scripts/faddr2line: Fix regression in name resolution on ppc64le
  (git-fixes).
- commit 45d3e4c
- x86/kexec: Fix double-free of elf header buffer (bsc#1205567).
- commit 0c767bc
- Move upstreamed sound and WiFi patches into sorted section
- commit 5e6ff3d
- drm/amd/display: Add HUBP surface flip interrupt handler
  (git-fixes).
- USB: serial: option: add u-blox LARA-L6 modem (git-fixes).
- USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes).
- USB: serial: option: remove old LARA-R6 PID (git-fixes).
- USB: serial: option: add Fibocom FM160 0x0111 composition
  (git-fixes).
- USB: serial: option: add Sierra Wireless EM9191 (git-fixes).
- usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes).
- usb: cdns3: host: fix endless superspeed hub port reset
  (git-fixes).
- USB: bcma: Make GPIO explicitly optional (git-fixes).
- serial: 8250_lpss: Configure DMA also w/o DMA filter
  (git-fixes).
- docs: update mediator contact information in CoC doc
  (git-fixes).
- ALSA: usb-audio: Drop snd_BUG_ON() from
  snd_usbmidi_output_open() (git-fixes).
- mmc: sdhci-pci-o2micro: fix card detect fail issue caused by
  CD# debounce timeout (git-fixes).
- ACPI: x86: Add another system to quirk list for forcing
  StorageD3Enable (git-fixes).
- i2c: i801: add lis3lv02d's I2C address for Vostro 5568
  (git-fixes).
- i2c: tegra: Allocate DMA memory for DMA engine (git-fixes).
- drm/imx: imx-tve: Fix return type of
  imx_tve_connector_mode_valid (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes).
- ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes).
- ASoC: codecs: jz4725b: Fix spelling mistake "/Sourc"/ -> "/Source"/,
  "/Routee"/ -> "/Route"/ (git-fixes).
- ASoC: codecs: jz4725b: fix capture selector naming (git-fixes).
- ASoC: codecs: jz4725b: use right control for Capture Volume
  (git-fixes).
- ASoC: codecs: jz4725b: fix reported volume for Master ctl
  (git-fixes).
- ASoC: codecs: jz4725b: add missed Line In power control bit
  (git-fixes).
- ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15
  (git-fixes).
- ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK
  (git-fixes).
- ASoC: rt1019: Fix the TDM settings (git-fixes).
- ASoC: mt6660: Keep the pm_runtime enables before component
  stuff in mt6660_i2c_probe (git-fixes).
- selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes).
- wifi: wext: use flex array destination for memcpy() (git-fixes).
- docs, kprobes: Fix the wrong location of Kprobes (git-fixes).
- docs/core-api: expand Fedora instructions for GCC plugins
  (git-fixes).
- mtd: spi-nor: intel-spi: Disable write protection only if asked
  (git-fixes).
- commit 26e07a5
- io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with
  SQPOLL (git-fixes).
- commit 8665d84
- Refresh
  patches.suse/xfs-move-recovery-needed-state-updates-to-xfs_log_mo.patch.
- commit 4ec24fa
- regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes).
- regulator: core: fix UAF in destroy_regulator() (git-fixes).
- regulator: core: fix kobject release warning and memory leak
  in regulator_register() (git-fixes).
- nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage
  as dirty (git-fixes).
- ASoC: max98373: Add checks for devm_kcalloc (git-fixes).
- ASoC: soc-pcm: Don't zero TDM masks in __soc_pcm_open()
  (git-fixes).
- net: thunderx: Fix the ACPI memory leak (git-fixes).
- nfc: st-nci: fix incorrect sizing calculations in
  EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes).
- nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION
  (git-fixes).
- arcnet: fix potential memory leak in com20020_probe()
  (git-fixes).
- NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes).
- nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send()
  (git-fixes).
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send()
  (git-fixes).
- nfc: nfcmrvl: Fix potential memory leak in
  nfcmrvl_i2c_nci_send() (git-fixes).
- macsec: Fix invalid error code set (git-fixes).
- nfc/nci: fix race with opening and closing (git-fixes).
- arm64: dts: rockchip: lower rk3399-puma-haikou SD controller
  clock frequency (git-fixes).
- arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy
  on nanopi4 (git-fixes).
- ARM: dts: am335x-pcm-953: Define fixed regulators in root node
  (git-fixes).
- ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties
  (git-fixes).
- ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes).
- bus: sunxi-rsb: Support atomic transfers (git-fixes).
- bus: sunxi-rsb: Remove the shutdown callback (git-fixes).
- ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl
  (git-fixes).
- commit 39ef4db
- l2tp: Serialize access to sk_user_data with sk_callback_lock
  (bsc#1205711 CVE-2022-4129).
- commit ad37086
- Update metadata references
- commit a01d008
- RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes)
- commit 396a739
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes)
- commit 981cb44
- RDMA/hns: Disable local invalidate operation (git-fixes)
- commit 90ecfab
- IB/hfi1: Correctly move list in sc_disable() (git-fixes)
- commit fa439f0
- RDMA/cma: Use output interface for net_dev check (git-fixes)
- commit 568074d
- IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes)
- commit 569a9cb
- RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes)
- commit e86643f
- RDMA/irdma: Use s/g array in post send only when its valid (git-fixes)
- commit 6692dc0
- RDMA/mlx5: Set local port to one when accessing counters (git-fixes)
- commit 9acd436
- RDMA/hns: Remove the num_qpc_timer variable (git-fixes)
- commit 89b5b80
- RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes)
- commit c586fc0
- RDMA/hns: Fix supported page size (git-fixes)
- commit 64653d9
- RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes)
- commit 78022ca
- RDMA/rxe: Limit the number of calls to each tasklet (git-fixes)
- commit 37d447b
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes)
- commit ba2976b
- RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes)
- commit 97ffea6
- RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes)
- commit 46a2a2b
- RDMA/rxe: Remove useless pkt parameters (git-fixes)
- commit 06b2d37
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes)
- commit 7ec3772
- RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes)
- commit ba8caf3
- RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes)
- commit b510b17
- RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes)
- commit 6c11e07
- RDMA/hns: Remove the num_cqc_timer variable (git-fixes)
- commit ed86cd6
- RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes)
- commit cecc570
- RDMA/hns: Replace tab with space in the right-side comments (git-fixes)
- commit 4c89a77
- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes)
- commit 40de52c
- RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes)
- commit 36c1898
- RDMA/hns: Remove magic number (git-fixes)
- commit 014def9
- KVM: s390: pv: don't allow userspace to set the clock under PV
  (git-fixes).
- KVM: s390: Add a routine for setting userspace CPU state
  (git-fixes jsc#PED-611).
- KVM: s390: Simplify SIGP Set Arch handling (git-fixes
  jsc#PED-611).
- commit c226df2
- Update patch references for Bluetooth fixes (CVE-2022-42896 bsc#1205709 CVE-2022-42895 bsc#1205705)
- commit 30ec8de
- spi: tegra210-quad: Fix duplicate resource error (git-fixes).
- spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld()
  (git-fixes).
- spi: spi-imx: Fix spi_bus_clk if requested clock is higher
  than input clock (git-fixes).
- commit 019145b
- blacklist.conf: duplicate
- commit 5eaee0f
- blacklist.conf: duplicate
- commit d84acf3
- blacklist.conf: duplicate
- commit 5ea51bc
- blacklist.conf: duplicate
- commit f3d467e
- scsi: zfcp: Fix double free of FSF request when qdio send fails
  (git-fixes).
- s390: fix nospec table alignments (git-fixes).
- KVM: s390: pv: leak the topmost page table when destroy fails
  (git-fixes).
- commit 378329e
- xfs: reserve quota for target dir expansion when renaming files
  (bsc#1205679).
- commit d93b22e
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (bsc#1205671
  CVE-2022-41858).
- commit 99b5127
- dm: remove unnecessary assignment statement in alloc_dev()
  (git-fixes).
- md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk()
  (git-fixes).
- md/raid5: Ensure stripe_fill happens on non-read IO with journal
  (git-fixes).
- commit 79ca470
- md: Replace snprintf with scnprintf (git-fixes, bsc#1164051).
- Replace the in-house patch by the above upstream version,
  patches.suse/md-raid0-fix-buffer-overflow-at-debug-print.patch.
- commit e122ea5
- dm: return early from dm_pr_call() if DM device is suspended
  (git-fixes).
- dm thin: fix use-after-free crash in
  dm_sm_register_threshold_callback (git-fixes).
- dm raid: fix accesses beyond end of raid member array
  (git-fixes).
- dm mirror log: clear log bits up to BITS_PER_LONG boundary
  (git-fixes).
- dm era: commit metadata in postsuspend after worker stops
  (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm stats: add cond_resched when looping over entries
  (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than
  digest size (git-fixes).
- dm: fix double accounting of flush with data (git-fixes).
- dm: interlock pending dm_io and dm_wait_for_bios_completion
  (git-fixes).
- dm: properly fix redundant bio-based IO accounting (git-fixes).
- dm: revert partial fix for redundant bio-based IO accounting
  (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
  (git-fixes).
- commit 6214ae1
- blacklist.conf: add non-backport git-fixes commit
- commit 054a1a9
- NFSD: Cap rsize_bop result based on send buffer size
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READ
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv3 READDIR
  (bsc#1205128 CVE-2022-43945).
- NFSD: Protect against send buffer overflow in NFSv2 READDIR
  (bsc#1205128 CVE-2022-43945).
- SUNRPC: Fix svcxdr_init_encode's buflen calculation (bsc#1205128
  CVE-2022-43945).
- SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation
  (bsc#1205128 CVE-2022-43945).
- commit dd4f720
- xfs: reserve quota for dir expansion when linking/unlinking
  files (bsc#1205616).
- commit 1330e05
- add another bug reference to some hyperv changes (bsc#1205617).
- commit 0b5e3d4
- net/smc: kABI workarounds for struct smc_sock (git-fixes).
- commit d9f52e8
- blacklist.conf: kABI
- commit f550bb4
- tracing: kprobe: Fix potential null-ptr-deref on trace_array
  in kprobe_event_gen_test_exit() (git-fixes).
- commit dc34c13
- tracing: kprobe: Fix potential null-ptr-deref on
  trace_event_file in kprobe_event_gen_test_exit() (git-fixes).
- commit 23caa81
- tracing: Fix wild-memory-access in register_synth_event()
  (git-fixes).
- commit 9bbef30
- tracing: Fix memory leak in test_gen_synth_cmd() and
  test_empty_synth_event() (git-fixes).
- commit 68dace2
- ftrace: Fix null pointer dereference in ftrace_add_mod()
  (git-fixes).
- commit 2e9b117
- ring_buffer: Do not deactivate non-existant pages (git-fixes).
- commit 0458d7a
- ftrace: Optimize the allocation for mcount entries (git-fixes).
- commit 5b2b25a
- ftrace: Fix the possible incorrect kernel message (git-fixes).
- commit 7323c8c
- tracing: Fix memory leak in tracing_read_pipe() (git-fixes).
- commit 690c08a
- net/smc: kABI workarounds for struct smc_link (git-fixes).
- commit 0cbe94a
- ring-buffer: Include dropped pages in counting dirty patches
  (git-fixes).
- commit 11920bc
- blacklist.conf: duplicate
- commit ddd82f9
- powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395).
- Refresh patches.suse/gup-Turn-fault_in_pages_-readable-writeable-into-fault_in_-readable-writeable.patch.
- commit aec526a
- blacklist.conf: duplicate
- commit dcdcbbd
- MIPS: Loongson: Use hwmon_device_register_with_groups() to
  register hwmon (git-fixes).
- commit 16f21a3
- tracing/ring-buffer: Have polling block on watermark
  (git-fixes).
- commit 5c3e4d5
- powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn()
  as static (bsc#1194869).
- commit 02a3582
- ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes).
- commit f98b221
- blacklist.conf: kABI
- commit 431bd9c
- blacklist.conf: duplicate
- commit 53c7bfc
- platform/x86/intel: hid: add quirk to support Surface Go 3
  (git-fixes).
- commit 23ccaa2
- blacklist.conf: too intrusive
- commit 67ad270
- powerpc/boot: Explicitly disable usage of SPE instructions
  (bsc#1156395).
- commit 7c94cdb
- blacklist.conf: Add fixes for unsupported platforms
- commit 10ca02b
- net: smsc95xx: add support for Microchip EVB-LAN8670-USB
  (git-fixes).
- commit af40ba9
- Update patch reference for rtl8712 driver fix (CVE-2022-4095 bsc#1205514)
- commit 67f2ad4
- usbnet: smsc95xx: Don't reset PHY behind PHY driver's back
  (git-fixes).
- commit b693ef6
- usb: smsc: use eth_hw_addr_set() (git-fixes).
- commit 67dd1e9
- powerpc/64: Fix build failure with allyesconfig in
  book3s_64_entry.S (bsc#1194869).
- commit 6d56eff
- patches.suse/btrfs-fix-deadlock-between-quota-enable-and-other-qu.patch:
  (bsc#1205521).
- commit a75b0e8
- ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41
  (git-fixes).
- commit c6c293f
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
  (git-fixes).
- commit 287b2ba
- Input: i8042 - fix leaking of platform device on module removal
  (git-fixes).
- Input: iforce - invert valid length check when fetching device
  IDs (git-fixes).
- drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker()
  (git-fixes).
- drm/drv: Fix potential memory leak in drm_dev_init()
  (git-fixes).
- drm/panel: simple: set bpc field for logic technologies displays
  (git-fixes).
- drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms
  (git-fixes).
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- usb: typec: mux: Enter safe mode only when pins need to be
  reconfigured (git-fixes).
- Revert "/usb: dwc3: disable USB core PHY management"/ (git-fixes).
- serial: 8250: Flush DMA Rx on RLSI (git-fixes).
- serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs
  (git-fixes).
- tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send
  (git-fixes).
- Revert "/tty: n_gsm: replace kicktimer with delayed_work"/
  (git-fixes).
- Revert "/tty: n_gsm: avoid call of sleeping functions from
  atomic context"/ (git-fixes).
- serial: imx: Add missing .thaw_noirq hook (git-fixes).
- tty: serial: fsl_lpuart: don't break the on-going transfer
  when global reset (git-fixes).
- serial: 8250: omap: Flush PM QOS work on remove (git-fixes).
- serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in
  omap8250_remove() (git-fixes).
- serial: 8250_omap: remove wait loop from Errata i202 workaround
  (git-fixes).
- firmware: coreboot: Register bus in module init (git-fixes).
- slimbus: stream: correct presence rate frequencies (git-fixes).
- parport_pc: Avoid FIFO port location truncation (git-fixes).
- siox: fix possible memory leak in siox_device_add() (git-fixes).
- misc/vmw_vmci: fix an infoleak in
  vmci_host_do_receive_datagram() (git-fixes).
- speakup: fix a segfault caused by switching consoles
  (git-fixes).
- iio: adc: at91_adc: fix possible memory leak in
  at91_adc_allocate_trigger() (git-fixes).
- iio: adc: mp2629: fix potential array out of bound access
  (git-fixes).
- iio: adc: mp2629: fix wrong comparison of channel (git-fixes).
- iio: pressure: ms5611: changed hardcoded SPI speed to value
  limited (git-fixes).
- iio: trigger: sysfs: fix possible memory leak in
  iio_sysfs_trig_init() (git-fixes).
- ASoC: tas2764: Fix set_tdm_slot in case of single slot
  (git-fixes).
- ASoC: tas2770: Fix set_tdm_slot in case of single slot
  (git-fixes).
- ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes).
- mmc: sdhci-pci: Fix possible memory leak caused by missing
  pci_dev_put() (git-fixes).
- mmc: core: properly select voltage range without power cycle
  (git-fixes).
- commit 5d6506d
- net/smc: Fix possible leaked pernet namespace in smc_init()
  (git-fixes).
- net/smc: Fix an error code in smc_lgr_create() (git-fixes).
- net/smc: Fix possible access to freed memory in link clear
  (git-fixes).
- net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes).
- net/smc: Only save the original clcsock callback functions
  (git-fixes).
- net/smc: Fix sock leak when release after smc_shutdown()
  (git-fixes).
- net/smc: send directly on setting TCP_NODELAY (git-fixes).
- net/smc: Send directly when TCP_CORK is cleared (git-fixes).
- net/smc: Avoid overwriting the copies of clcsock callback
  functions (git-fixes).
- net/smc: Forward wakeup to smc socket waitqueue after fallback
  (git-fixes).
- commit a5aa4ad
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes).
- x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes).
- clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes).
- Drivers: hv: fix repeated words in comments (git-fixes).
- HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes).
- drm/hyperv: Add ratelimit on error message (git-fixes).
- scsi: storvsc: remove an extraneous "/to"/ in a comment (git-fixes).
- Drivers: hv: vmbus: Don't wait for the ACPI device upon initialization (git-fixes).
- Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes).
- Drivers: hv: vmbus: Fix kernel-doc (git-fixes).
- drm/hyperv: Don't overwrite dirt_needed value set by host (git-fixes).
- Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes).
- scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes).
- Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes).
- Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes).
- PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes).
- tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes).
- Drivers: hv: remove duplicate word in a comment (git-fixes).
- tools: hv: Remove an extraneous "/the"/ (git-fixes).
- scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes).
- Drivers: hv: vmbus: Release cpu lock in error case (git-fixes).
- Drivers: hv: Fix syntax errors in comments (git-fixes).
- scsi: storvsc: Fix typo in comment (git-fixes).
- Drivers: hv: vmbus: fix typo in comment (git-fixes).
- PCI: hv: Add validation for untrusted Hyper-V values (git-fixes).
- x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes).
- Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes).
- hv_sock: Add validation for untrusted Hyper-V values (git-fixes).
- hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes).
- hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes).
- Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes).
- hv_netvsc: Fix potential dereference of NULL pointer (git-fixes).
- hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes).
- net: hyperv: remove use of bpf_op_t (git-fixes).
- commit 5a5a746
- Update kabi files. Update using the released November MU kernel
  5.14.21-150400.24.33.2
- commit b0daa6c
- sched: Clear ttwu_pending after enqueue_task() (git fixes
  (sched/core)).
- commit 8216675
- soc: imx8m: Enable OCOTP clock before reading the register
  (git-fixes).
- arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes).
- arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes).
- ARM: dts: imx7: Fix NAND controller size-cells (git-fixes).
- arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are
  allowed (git-fixes).
- arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes
  are allowed (git-fixes).
- arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO
  modes are allowed (git-fixes).
- arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are
  allowed (git-fixes).
- net: thunderbolt: Fix error handling in tbnet_init()
  (git-fixes).
- net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes).
- bridge: switchdev: Fix memory leaks when changing VLAN protocol
  (git-fixes).
- net: phy: marvell: add sleep time after enabling the loopback
  bit (git-fixes).
- mISDN: fix misuse of put_device() in mISDN_register_device()
  (git-fixes).
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
  (git-fixes).
- commit f0f96f8
- soundwire: intel: Initialize clock stop timeout (bsc#1205507).
- commit ed7ad85
- io_uring: fix io_timeout_remove locking (git-fixes).
- io_uring: correct __must_hold annotation (git-fixes).
- commit afa1999
- Update metadata references
- commit 48537d5
- KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes).
- commit 64aefe3
- KVM: SVM: retrieve VMCB from assembly (git-fixes).
- commit fdd0aa2
- blk-mq: Properly init requests from blk_mq_alloc_request_hctx()
  (git-fixes).
- rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes).
- blk-wbt: call rq_qos_add() after wb_normal is initialized
  (git-fixes).
- block: blk_queue_enter() / __bio_queue_enter() must return
  - EAGAIN for nowait (git-fixes).
- blk-mq: fix io hung due to missing commit_rqs (git-fixes).
- block/rnbd-srv: Set keep_id to true after mutex_trylock
  (git-fixes).
- blktrace: Trace remapped requests correctly (git-fixes).
- blk-mq: don't create hctx debugfs dir until q->debugfs_dir is
  created (git-fixes).
- block: add bio_start_io_acct_time() to control start_time
  (git-fixes).
- blk-cgroup: fix missing put device in error path from
  blkg_conf_pref() (git-fixes).
- commit 58eed28
- nbd: Fix incorrect error handle when first_minor is illegal
  in nbd_dev_add (git-fixes).
- Refresh for the above change,
  patches.suse/0002-nbd-fix-possible-overflow-on-first_minor-in-nbd_dev_.patch.
- commit 8281951
- KVM: SVM: adjust register allocation for __svm_vcpu_run()
  (git-fixes).
- commit 7b25718
- KVM: SVM: replace regs argument of __svm_vcpu_run() with
  vcpu_svm (git-fixes).
- commit 7867341
- KVM: x86: use a separate asm-offsets.c file (git-fixes).
- commit 0602ab1
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest
  (git-fixes).
- commit 499c3ca
- drm/amdkfd: Migrate in CPU page fault use current mm
  (git-fixes).
- commit f476661
- pinctrl: devicetree: fix null pointer dereferencing in
  pinctrl_dt_to_map (git-fixes).
- pinctrl: rockchip: list all pins in a possible mux route for
  PX30 (git-fixes).
- platform/surface: aggregator: Do not check for repeated
  unsequenced packets (git-fixes).
- platform/x86/intel: pmc: Don't unconditionally attach Intel
  PMC when virtualized (git-fixes).
- arm64: efi: Fix handling of misaligned runtime regions and
  drop warning (git-fixes).
- ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure
  (git-fixes).
- nilfs2: fix use-after-free bug of ns_writer on remount
  (git-fixes).
- mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes).
- mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI
  (git-fixes).
- ALSA: hda: fix potential memleak in 'add_widget_node'
  (git-fixes).
- ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes).
- ALSA: usb-audio: Add DSD support for Accuphase DAC-60
  (git-fixes).
- ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes).
- ALSA: hda/hdmi - enable runtime pm for more AMD display audio
  (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes).
- drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes).
- wifi: ath11k: avoid deadlock during regulatory update in
  ath11k_regd_update() (git-fixes).
- platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi
  (git-fixes).
- drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
  (git-fixes).
- thunderbolt: Add DP OUT resource when DP tunnel is discovered
  (git-fixes).
- drm/amdkfd: handle CPU fault on COW mapping (git-fixes).
- drm/amdkfd: avoid recursive lock in migrations back to RAM
  (git-fixes).
- commit 438c140
- KVM: x86: Treat #DBs from the emulator as fault-like (code
  and DR7.GD=1) (git-fixes).
- commit 89491ed
- KVM: x86: Report error when setting CPUID if Hyper-V allocation
  fails (git-fixes).
- commit 335e5aa
- virtio-blk: Use blk_validate_block_size() to validate block size
  (git-fixes).
- block: drop unused includes in <linux/genhd.h> (git-fixes).
- commit a549255
- blacklist.conf: add commits suggested by git-fixes which won't be backported
- commit d1fe12d
- KVM: SVM: Disable SEV-ES support if MMIO caching is disable
  (git-fixes).
- commit d6a15a7
- KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init()
  (git-fixes).
- commit ce66979
- KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff
  it exists (git-fixes).
- commit 3387324
- KVM: VMX: Add helper to check if the guest PMU has
  PERF_GLOBAL_CTRL (git-fixes).
- commit 1b36b28
- KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if
  there's no vPMU (git-fixes).
- commit 3ada3ae
- tcp: Fix data races around icsk->icsk_af_ops (CVE-2022-3566
  bsc#1204405).
- commit f7cc985
- ipv6: Fix data races around sk->sk_prot (CVE-2022-3567
  bsc#1204414).
- ipv6: annotate some data-races around sk->sk_prot (CVE-2022-3567
  bsc#1204414).
- commit 654a4f7
- KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}()
  (git-fixes).
- commit 7218ba7
- KVM: nVMX: Always enable TSC scaling for L2 when it was enabled
  for L1 (git-fixes).
- commit b0f3ab9
- KVM: x86: Fully initialize 'struct kvm_lapic_irq' in
  kvm_pv_kick_cpu_op() (git-fixes).
- commit 81fd9e6
- KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS)
  (git-fixes).
- commit 1a1eab3
- KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS
  is supported (git-fixes).
- commit e7e1382
- KVM: SEV: Mark nested locking of vcpu->lock (git-fixes).
- commit 5f6bf6f
- KVM: x86/svm: Account for family 17h event renumberings in
  amd_pmc_perf_hw_id (git-fixes).
- commit e3ae104
- KVM: x86: avoid loading a vCPU after .vm_destroy was called
  (git-fixes).
- commit 29af845
- KVM: Move wiping of the kvm->vcpus array to common code
  (git-fixes).
- commit 9720dc5
- s390/pci: add missing EX_TABLE entries to
  __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427
  LTC#200502).
- s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
  (bsc#1205427 LTC#200502).
- s390/uaccess: add missing EX_TABLE entries to __clear_user(),
  copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc()
  and __strnlen_user() (bsc#1205428 LTC#200501).
- commit ad7cfae
- nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes).
- dmaengine: at_hdmac: Check return code of
  dma_async_device_register (git-fixes).
- dmaengine: at_hdmac: Fix impossible condition (git-fixes).
- dmaengine: at_hdmac: Don't allow CPU to reorder channel enable
  (git-fixes).
- dmaengine: at_hdmac: Fix completion of unissued descriptor in
  case of errors (git-fixes).
- dmaengine: at_hdmac: Fix descriptor handling when issuing it
  to hardware (git-fixes).
- spi: stm32: Print summary 'callbacks suppressed' message
  (git-fixes).
- mmc: sdhci-esdhc-imx: use the correct host caps for
  MMC_CAP_8_BIT_DATA (git-fixes).
- drm/i915/dmabuf: fix sg_table handling in map_dma_buf
  (git-fixes).
- drm/vc4: Fix missing platform_unregister_drivers() call in
  vc4_drm_register() (git-fixes).
- nilfs2: replace WARN_ONs by nilfs_error for checkpoint
  acquisition failure (git-fixes).
- commit f7fc242
- dmaengine: at_hdmac: Fix concurrency over the active list
  (git-fixes).
- dmaengine: at_hdmac: Free the memset buf without holding the
  chan lock (git-fixes).
- dmaengine: at_hdmac: Fix concurrency over descriptor
  (git-fixes).
- dmaengine: at_hdmac: Fix concurrency problems by removing
  atc_complete_all() (git-fixes).
- dmaengine: at_hdmac: Protect atchan->status with the channel
  lock (git-fixes).
- dmaengine: at_hdmac: Do not call the complete callback on
  device_terminate_all (git-fixes).
- dmaengine: at_hdmac: Fix premature completion of desc in
  issue_pending (git-fixes).
- dmaengine: at_hdmac: Start transfer for cyclic channels in
  issue_pending (git-fixes).
- dmaengine: at_hdmac: Don't start transactions at tx_submit level
  (git-fixes).
- dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes).
- commit 718fc6d
- KVM: x86/pmu: Update AMD PMC sample period to fix guest
  NMI-watchdog (git-fixes).
- commit d582f6e
- ata: libata-transport: fix error handling in ata_tdev_add()
  (git-fixes).
- ata: libata-transport: fix error handling in ata_tlink_add()
  (git-fixes).
- ata: libata-transport: fix error handling in ata_tport_add()
  (git-fixes).
- ata: libata-transport: fix double ata_host_put() in
  ata_tport_add() (git-fixes).
- dmaengine: ti: k3-udma-glue: fix memory leak when register
  device fail (git-fixes).
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove()
  (git-fixes).
- dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes).
- commit 3e58402
- x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473).
- commit d022167
- KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses
  (git-fixes).
- commit af8969b
- KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
  (git-fixes).
- commit 4c10c2f
- x86/futex: Remove .fixup usage (git-fixes).
- commit 687839d
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book Pro 360 (bsc#1205100).
- ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro
  (bsc#1205100).
- commit ca2ce49
- x86/extable: Extend extable functionality (git-fixes).
- commit 28f726d
- x86/microcode/AMD: Apply the patch early on every logical thread
  (bsc#1205264).
- commit 6805cb3
- x86/uaccess: Implement macros for CMPXCHG on user addresses
  (git-fixes).
- commit 680ab7c
- Kconfig: Add option for asm goto w/ tied outputs to workaround
  clang-13 bug (git-fixes).
- Refresh config.
- commit 7888244
- KVM: x86/pmu: Fix and isolate TSX-specific performance event
  logic (git-fixes).
- commit e13feb1
- kABI: Fix kABI after "/KVM: x86/pmu: Use different raw event
  masks for AMD and Intel"/ (git-fixes).
- commit d086901
- KVM: x86/pmu: Use different raw event masks for AMD and Intel
  (git-fixes).
- commit fd5bd7c
- xen/gntdev: Accommodate VMA splitting (git-fixes).
- commit 0745691
- KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic
  path (git-fixes).
- commit bc980a8
- KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap
  (git-fixes).
- commit d3e6160
- blacklist.conf: add fcb732d8f8cf ("/KVM: x86/xen: Fix runstate
  updates to be atomic when preempting vCPU"/)
- commit d42ecb5
- blacklist.conf: add 55749769fe60 ("/KVM: x86: Fix wall clock writes
  in Xen shared_info not to mark page dirty"/)
- commit 08e6ef4
- KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes).
- commit a7fc31c
- KVM: x86: emulator: update the emulation mode after CR0 write
  (git-fixes).
- commit f0c4a2c
- KVM: x86: emulator: update the emulation mode after rsm
  (git-fixes).
- commit debb42a
- KVM: x86: emulator: introduce emulator_recalc_and_set_mode
  (git-fixes).
- commit a9da797
- KVM: x86: emulator: em_sysexit should update ctxt->mode
  (git-fixes).
- commit e252f98
- KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING
  unavailable (git-fixes).
- commit f452678
- KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes).
- commit c7494f8
- KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes).
- commit b042017
- KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes).
- commit ce5ff67
- KVM: VMX: Drop bits 31:16 when shoving exception error code
  into VMCS (git-fixes).
- commit e0caade
- Update patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch
  Patch (44b3834b2eed5 "/arm64: errata: Remove AES hwcap for COMPAT tasks"/) added
  new workaround identifier. Remove one placeholder to keep kABI intact.
- commit e23b992
- arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes)
  Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default
- commit fbe1536
- arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes)
- commit c70ddd5
- arm64: fix rodata=full again (git-fixes)
- commit 62260a8
- kabi: sk_buff.scm_io_uring (bsc#1204228 CVE-2022-2602).
- commit 9a9bd27
- scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
  (git-fixes).
- scsi: megaraid_sas: Correct value passed to scsi_device_lookup()
  (git-fixes).
- scsi: qedf: Populate sysfs attributes for vport (git-fixes).
- scsi: mpt3sas: Fix return value check of dma_get_required_mask()
  (git-fixes).
- commit 71fe2f3
- intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936).
- commit 6f9a5d3
- cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936).
- commit 593da52
- cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849).
- commit 4bf905f
- cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849).
- commit 41e314e
- intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936).
- commit 29ea7f2
- intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936).
- commit 07146fb
- intel_idle: Add AlderLake support (jsc#PED-824).
- commit 6094f58
- panic, kexec: make __crash_kexec() NMI safe (git-fixes).
- kexec: turn all kexec_mutex acquisitions into trylocks
  (git-fixes).
- commit 1a14cb1
- KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled
  (bsc#1205007).
- commit a0ddd6a
- io_uring/af_unix: defer registered files gc to io_uring release
  (bsc#1204228 CVE-2022-2602).
- commit 52299ff
- fuse: add file_modified() to fallocate (bsc#1205332).
- fuse: fix readdir cache race (bsc#1205331).
- commit 75f741e
- netfilter: nfnetlink_osf: fix possible bogus match in
  nf_osf_find() (bsc#1204614).
- commit aa8c5d3
- net: phy: mscc: macsec: clear encryption keys when freeing a
  flow (git-fixes).
- macsec: clear encryption keys from the stack after setting up
  offload (git-fixes).
- macsec: fix detection of RXSCs when toggling offloading
  (git-fixes).
- macsec: fix secy->n_rx_sc accounting (git-fixes).
- macsec: delete new rxsc when offload fails (git-fixes).
- wifi: cfg80211: fix memory leak in query_regdb_file()
  (git-fixes).
- wifi: cfg80211: silence a sparse RCU warning (git-fixes).
- soundwire: qcom: check for outanding writes before doing a read
  (git-fixes).
- soundwire: qcom: reinit broadcast completion (git-fixes).
- phy: ralink: mt7621-pci: add sentinel to quirks table
  (git-fixes).
- phy: stm32: fix an error code in probe (git-fixes).
- mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes).
- media: v4l: subdev: Fail graciously when getting try data for
  NULL state (git-fixes).
- media: meson: vdec: fix possible refcount leak in vdec_probe()
  (git-fixes).
- media: dvb-frontends/drxk: initialize err to 0 (git-fixes).
- media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE
  (git-fixes).
- media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes).
- media: rkisp1: Zero v4l2_subdev_format fields in when validating
  links (git-fixes).
- media: rkisp1: Use correct macro for gradient registers
  (git-fixes).
- media: rkisp1: Initialize color space on resizer sink and
  source pads (git-fixes).
- media: rkisp1: Don't pass the quantization to
  rkisp1_csm_config() (git-fixes).
- mtd: parsers: bcm47xxpart: print correct offset on read error
  (git-fixes).
- video/fbdev/stifb: Implement the stifb_fillrect() function
  (git-fixes).
- commit 5883e57
- can: j1939: j1939_send_one(): fix missing CAN header
  initialization (git-fixes).
- can: af_can: fix NULL pointer dereference in can_rx_register()
  (git-fixes).
- hamradio: fix issue of dev reference count leakage in
  bpq_device_event() (git-fixes).
- efi: random: Use 'ACPI reclaim' memory for random seed
  (git-fixes).
- efi: random: reduce seed size to 32 bytes (git-fixes).
- drm/i915/sdvo: Setup DDC fully before output init (git-fixes).
- drm/i915/sdvo: Filter out invalid outputs more sensibly
  (git-fixes).
- drm/rockchip: dsi: Force synchronous probe (git-fixes).
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  (git-fixes).
- Bluetooth: L2CAP: Fix accepting connection request for invalid
  SPSM (git-fixes).
- drm/msm/hdmi: fix IRQ lifetime (git-fixes).
- i2c: xiic: Add platform module alias (git-fixes).
- ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
  (git-fixes).
- HID: saitek: add madcatz variant of MMO7 mouse device ID
  (git-fixes).
- HID: playstation: add initial DualSense Edge controller support
  (git-fixes).
- drm/amdgpu: set vm_update_mode=0 as default for Sienna Cichlid
  in SRIOV case (git-fixes).
- drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes).
- commit 5a3b429
- x86/fpu: Drop fpregs lock before inheriting FPU permissions
  (bnc#1205282).
- commit bbde2ef
- blacklist.conf: cleanup designed to break kABI
- commit e1ca2ce
- blacklist.conf: cleanup designed to break kABI
- commit 3471afe
- ipv6: ping: fix wrong checksum for large frames (bsc#1203183).
- commit f29a164
- io_uring: disable polling signalfd pollfree files (CVE-2022-3176
  bsc#1203391).
- commit ff11e05
- blacklist.conf: kABI
- commit 52ff77d
- blacklist.conf: prerequisites would break kABI
- commit 3f3b1f5
- blacklist.conf: this patch would need an inordinary number of
  prerequisites for a race in a corner case
- commit 4987ef8
- blacklist.conf: kABI
- commit 29e4b4e
- Update patch metadata for media fix (CVE-2022-3903 bsc#1205220)
- commit 899a453
- capabilities: fix undefined behavior in bit shift for
  CAP_TO_MASK (git-fixes).
- capabilities: fix potential memleak on error path from
  vfs_getxattr_alloc() (git-fixes).
- commit 9091aa0
- Update patches.suse/scsi-ibmvfc-Avoid-path-failures-during-live-migratio.patch
  (bsc#1065729 bsc#1204810 ltc#200162).
- commit ba4e679
- drm/i915/gvt: fix double free bug in split_2MB_gtt_entry (bsc#1204780, CVE-2022-3707)
- commit 3d29636
- scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024
  (bsc#1156395).
- commit 32de176
- Refresh patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch.
  Refresh to upstream version of patch.
- commit aba4ad9
- Refresh sorted patches.
- commit 3d3be93
- scsi: ibmvfc: Avoid path failures during live migration
  (bsc#1065729).
- commit 2f0fa7f
- Update patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch (git-fixes, bsc#1205153).
  Add reference to bsc#1205153.
- commit 08070be
- arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes).
- arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes).
  Enable CONFIG_ARM64_ERRATUM_2441007, too
- commit 57ef351
- ALSA: usb-audio: Remove redundant workaround for Roland quirk
  (bsc#1205111).
- ALSA: usb-audio: Yet more regression for for the delayed card
  registration (bsc#1205111).
- commit fdb6d05
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
  This new form was added in commit b8c86872d1dc (riscv: fix detection of
  toolchain Zicbom support).
- commit e9f2ba6
- tracing: kprobe: Fix memory leak in
  test_gen_kprobe/kretprobe_cmd() (git-fixes).
- commit 4b18e0d
- io-wq: don't retry task_work creation failure on fatal
  conditions (bnc#1205113).
- io-wq: Remove duplicate code in io_workqueue_create()
  (bnc#1205113).
- io-wq: fix silly logic error in io_task_work_match()
  (bnc#1205113).
- io-wq: fix cancellation on create-worker failure (bnc#1205113).
- commit f9f6f38
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- cifs: fix use-after-free on the link name (bsc#1193629).
- commit c8e18d6
- cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629).
- commit 3b19f83
- cifs: always iterate smb sessions using primary channel
  (bsc#1193629).
- commit 5cac47b
- cifs: fix use-after-free caused by invalid pointer `hostname`
  (bsc#1193629).
- commit 6bd980d
- cifs: Fix pages leak when writedata alloc failed in
  cifs_write_from_iter() (bsc#1193629).
- commit 4170ae6
- cifs: Fix pages array leak when writedata alloc failed in
  cifs_writedata_alloc() (bsc#1193629).
- commit b7ff361
- Move upstreamed tracing patch into sorted section
- commit c9209ac
- hv_netvsc: Fix race between VF offering and VF association
  message from host (bsc#1204850).
- commit e9c6d7c
- arm64: entry: avoid kprobe recursion (git-fixes).
- Documentation: devres: add missing I2C helper (git-fixes).
- i2c: piix4: Fix adapter not be removed in piix4_remove()
  (git-fixes).
- efi/tpm: Pass correct address to memblock_reserve (git-fixes).
- arm64: dts: juno: Add thermal critical trip points (git-fixes).
- firmware: arm_scmi: Make Rx chan_setup fail on memory errors
  (git-fixes).
- firmware: arm_scmi: Suppress the driver's bind attributes
  (git-fixes).
- arm64: dts: ls208xa: specify clock frequencies for the MDIO
  controllers (git-fixes).
- arm64: dts: ls1088a: specify clock frequencies for the MDIO
  controllers (git-fixes).
- arm64: dts: lx2160a: specify clock frequencies for the MDIO
  controllers (git-fixes).
- dt-bindings: power: gpcv2: add power-domains property
  (git-fixes).
- arm64: dts: imx8: correct clock order (git-fixes).
- ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset
  (git-fixes).
- commit 9fbcbe8
- xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown()
  (git-fixes).
- commit ab97572
- xfs: fix xfs_ifree() error handling to not leak perag ref
  (git-fixes).
- commit 2b17a84
- cifs: update internal module number (bsc#1193629).
- commit 4202154
- cifs: fix memory leaks in session setup (bsc#1193629).
- commit 5c729d0
- cifs: drop the lease for cached directories on rmdir or rename
  (bsc#1193629).
- commit 46e0f22
- smb3: interface count displayed incorrectly (bsc#1193629).
- commit e073a89
- cifs: Fix memory leak when build ntlmssp negotiate blob failed
  (bsc#1193629).
- commit 7afbdb6
- cifs: set rc to -ENOENT if we can not get a dentry for the
  cached dir (bsc#1193629).
- commit 328e60a
- cifs: use LIST_HEAD() and list_move() to simplify code
  (bsc#1193629).
- commit e5c0c94
- cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629).
- commit a50e886
- cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629).
- commit 45683eb
- cifs: Fix xid leak in cifs_flock() (bsc#1193629).
- commit d234b14
- cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629).
- commit f56cd1f
- cifs: Fix xid leak in cifs_create() (bsc#1193629).
- commit a1d5012
- smb3: improve SMB3 change notification support (bsc#1193629).
- commit 8a4313f
- cifs: lease key is uninitialized in two additional functions
  when smb1 (bsc#1193629).
- commit 181d702
- cifs: lease key is uninitialized in smb1 paths (bsc#1193629).
- commit 395fb1f
- smb3: must initialize two ACL struct fields to zero
  (bsc#1193629).
- commit 2dfd980
- cifs: fix double-fault crash during ntlmssp (bsc#1193629).
- commit 958d087
- cifs: fix static checker warning (bsc#1193629).
- commit 6695ea2
- cifs: use ALIGN() and round_up() macros (bsc#1193629).
- commit b4d4efd
- cifs: find and use the dentry for cached non-root directories
  also (bsc#1193629).
- commit 14482fe
- cifs: enable caching of directories for which a lease is held
  (bsc#1193629).
- commit cc4f4c4
- cifs: prevent copying past input buffer boundaries
  (bsc#1193629).
- commit 9130844
- cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629).
- commit bdc0943
- cifs: improve symlink handling for smb2+ (bsc#1193629).
- commit 0b6be9d
- smb3: clarify multichannel warning (bsc#1193629).
- commit 96b1224
- cifs: fix skipping to incorrect offset in emit_cached_dirents
  (bsc#1193629).
- commit 6750b0a
- smb3: fix oops in calculating shash_setkey (bsc#1193629).
- commit fdb4064
- cifs: secmech: use shash_desc directly, remove sdesc
  (bsc#1193629).
- commit d652300
- smb3: rename encryption/decryption TFMs (bsc#1193629).
- commit 074ff14
- cifs: replace kfree() with kfree_sensitive() for sensitive data
  (bsc#1193629).
- commit a9c83e0
- cifs: remove initialization value (bsc#1193629).
- commit 650b157
- cifs: Replace a couple of one-element arrays with flexible-array
  members (bsc#1193629).
- commit 2e6a4d1
- smb3: do not log confusing message when server returns no
  network interfaces (bsc#1193629).
- commit fe343ed
- cifs: store a pointer to a fid in the cfid structure instead
  of the struct (bsc#1193629).
- commit 4bc719f
- cifs: improve handlecaching (bsc#1193629).
- commit 460040b
- cifs: Make tcon contain a wrapper structure cached_fids instead
  of cached_fid (bsc#1193629).
- commit 999f1a7
- smb3: add dynamic trace points for tree disconnect
  (bsc#1193629).
- commit c71b282
- Fix formatting of client smbdirect RDMA logging (bsc#1193629).
- commit bc2ae55
- Handle variable number of SGEs in client smbdirect send
  (bsc#1193629).
- commit af0f632
- Reduce client smbdirect max receive segment size (bsc#1193629).
- commit e36b32c
- Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629).
- commit 1c625b9
- cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message
  (bsc#1193629).
- commit 174687c
- cifs: destage dirty pages before re-reading them for cache=none
  (bsc#1193629).
- commit 9eab309
- cifs: return correct error in ->calc_signature() (bsc#1193629).
- commit 0ace108
- cifs: misc: fix spelling typo in comment (bsc#1193629).
- commit 0177a68
- cifs: update internal module number (bsc#1193629).
- commit a83e618
- cifs: add missing spinlock around tcon refcount (bsc#1193629).
- commit a915086
- cifs: always initialize struct msghdr smb_msg completely
  (bsc#1193629).
- commit 7ba2dbe
- cifs: don't send down the destination address to sendmsg for
  a SOCK_STREAM (bsc#1193629).
- commit cc67d16
- cifs: revalidate mapping when doing direct writes (bsc#1193629).
- commit 3e6da03
- cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629).
- commit 9ad1214
- smb3: use filemap_write_and_wait_range instead of
  filemap_write_and_wait (bsc#1193629).
- commit 569211d
- smb3: fix temporary data corruption in insert range
  (bsc#1193629).
- commit 4153b9f
- smb3: fix temporary data corruption in collapse range
  (bsc#1193629).
- commit e11095d
- smb3: Move the flush out of smb2_copychunk_range() into its
  callers (bsc#1193629).
- commit 7cc3491
- cifs: Add helper function to check smb1+ server (bsc#1193629).
- commit 8d3cf57
- cifs: Use help macro to get the mid header size (bsc#1193629).
- commit 56cfb79
- cifs: Use help macro to get the header preamble size
  (bsc#1193629).
- commit a32d0c7
- cifs: skip extra NULL byte in filenames (bsc#1193629).
- commit 3c2966f
- smb3: missing inode locks in punch hole (bsc#1193629).
- commit d5ef2ce
- smb3: missing inode locks in zero range (bsc#1193629).
- commit 67739d5
- cifs: move from strlcpy with unused retval to strscpy
  (bsc#1193629).
- commit 1545859
- cifs: Fix memory leak on the deferred close (bsc#1193629).
- commit 0e66dd6
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
  (bsc#1193629).
- commit e09b402
- cifs: remove unused server parameter from calc_smb_size()
  (bsc#1193629).
- commit 3f30130
- cifs: Do not access tcon->cfids->cfid directly from
  is_path_accessible (bsc#1193629).
- commit 7188f4f
- cifs: Add constructor/destructors for tcon->cfid (bsc#1193629).
- commit 7eb31f4
- SMB3: fix lease break timeout when multiple deferred close
  handles for the same file (bsc#1193629).
- commit 7267460
- smb3: allow deferred close timeout to be configurable
  (bsc#1193629).
- commit 19f7caa
- cifs: Do not use tcon->cfid directly, use the cfid we get from
  open_cached_dir (bsc#1193629).
- commit 25de0c1
- cifs: Move cached-dir functions into a separate file
  (bsc#1193629).
- commit fc0e55e
- cifs: fix lock length calculation (bsc#1193629).
- commit 2661e11
- cifs: update internal module number (bsc#1193629).
- commit 53f5daf
- cifs: alloc_mid function should be marked as static
  (bsc#1193629).
- commit f066ea5
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
  (bsc#1193629).
- commit 21e261c
- cifs: remove useless DeleteMidQEntry() (bsc#1193629).
- commit b684635
- cifs: when insecure legacy is disabled shrink amount of SMB1
  code (bsc#1193629).
- commit 96f98e3
- cifs: fix wrong unlock before return from cifs_tree_connect()
  (bsc#1193629).
- commit ca24a6e
- cifs: avoid use of global locks for high contention data
  (bsc#1193629).
- commit 003b496
- cifs: remove remaining build warnings (bsc#1193629).
- commit 2a6d64f
- cifs: list_for_each() -> list_for_each_entry() (bsc#1193629).
- commit 98f1884
- smb2: small refactor in smb2_check_message() (bsc#1193629).
- commit 2913774
- cifs: remove minor build warning (bsc#1193629).
- commit 9dd2f9e
- cifs: remove some camelCase and also some static build warnings
  (bsc#1193629).
- commit 7a903b5
- cifs: remove unnecessary (void*) conversions (bsc#1193629).
- commit 352182a
- cifs: remove unnecessary type castings (bsc#1193629).
- commit e2ea7fd
- cifs: remove redundant initialization to variable
  mnt_sign_enabled (bsc#1193629).
- commit 8c39800
- smb3: check xattr value length earlier (bsc#1193629).
- commit 87cd516
- smb3: workaround negprot bug in some Samba servers
  (bsc#1193629).
- commit 031af61
- cifs: remove unnecessary locking of chan_lock while freeing
  session (bsc#1193629).
- commit 0303046
- cifs: fix race condition with delayed threads (bsc#1193629).
- commit 491d550
- cifs: update cifs_ses::ip_addr after failover (bsc#1193629).
- commit 9ed4aa9
- cifs: avoid deadlocks while updating iface (bsc#1193629).
- commit 3a5c612
- cifs: periodically query network interfaces from server
  (bsc#1193629).
- commit dd3e063
- cifs: during reconnect, update interface if necessary
  (bsc#1193629).
- commit 8dea5e1
- cifs: change iface_list from array to sorted linked list
  (bsc#1193629).
- commit 1b05ccf
- smb3: use netname when available on secondary channels
  (bsc#1193629).
- commit 6d17daa
- smb3: fix empty netname context on secondary channels
  (bsc#1193629).
- commit 51fad96
- cifs: when a channel is not found for server, log its connection
  id (bsc#1193629).
- commit 1b306b2
- smb3: add trace point for SMB2_set_eof (bsc#1193629).
- commit c6da1d3
- cifs: populate empty hostnames for extra channels (bsc#1193629).
- commit f2f92b2
- cifs: return errors during session setup during reconnects
  (bsc#1193629).
- commit d557671
- smb3: remove unneeded null check in cifs_readdir (bsc#1193629).
- commit 7eaa3dc
- cifs: cache the dirents for entries in a cached directory
  (bsc#1193629).
- commit 0ddb648
- cifs: truncate the inode and mapping when we simulate fcollapse
  (bsc#1193629).
- commit 3b07034
- kabi/severities: add mlx5 internal symbols
- commit cbdf7d1
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- commit 7e1512f
- blacklist.conf: Add reverted patch
  d11219ad53dc amdgpu: disable powerpc support for the newer display engine
  c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc
- commit 15ec992
- xfs: fix perag reference leak on iteration race with growfs
  (git-fixes).
- commit fc22ca3
- SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297).
- commit 623bb84
- commit 84d7ba8
- commit d292a81
kexec-tools
- kexec-tools-ppc64-remove-rma_top-limit.patch: remove ram_top
  restriction (bsc#1203410)
- kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820).
ldb
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
  discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
  + CVE-2022-32746 ldb: db: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
  + CVE-2022-32746: samba: ldb: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
less
- Apply "/cve-2022-46663.patch"/ to fix a vulnerability in less that
  could be exploited for denial-of-service attacks or even remote
  code execution by printing specially crafted escape sequences to
  the terminal. [CVE-2022-46663, bsc#1207815]
libX11
- U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
  * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)
libXpm
- U_regression2-bug1207029_1207030_1207031.patch
  * second regression fix: Use gzip -d instead of gunzip
- U_regression-bug1207029_1207030_1207031.patch
  * regression fix for above patches
- U_0000-Update-README-for-gitlab-migration.patch
  * needed by U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
  * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
  * libXpm: Infinite loop on unclosed comments (CVE-2022-46285,
    bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
  * libXpm: Runaway loop on width of 0 and enormous height
    (CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
  * libXpm: compression commands depend on $PATH (CVE-2022-4883,
    bsc#1207031)
libfastjson
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
  large JSON file (bsc#1171479)
  add 0001-Fix-CVE-2020-12762.patch
libgcrypt
- FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
  * Add libgcrypt-FIPS-ECC-PCT-Add-transition-to-error.patch
- FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
  * Add libgcrypt-FIPS-ECC-disallow-skip-test.patch
- FIPS: PBKDF2: Add additional checks for the minimum key length,
  salt length, iteration count and passphrase length to the kdf
  fips indicator in _gcry_fips_indicator_kdf() [bsc#1208926]
  * Add libgcrypt-FIPS-pkdf2-Additional-checks.patch
libksba
- Security fix: [bsc#1206579, CVE-2022-47629]
  * Integer overflow in the CRL signature parser.
  * Add libksba-CVE-2022-47629.patch
libsigc++2
- Add libsigc++2-remove-unnecessary-executable-flag-from-file.patch:
  cancel executable permission for file
  /usr/share/doc/packages/libsigc-2_0-0/NEWS(bsc#1209094,bsc#1209140).
libsodium
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
-  Revert previous change about cpuid as previous change rejected
  in https://build.opensuse.org/request/show/724809
-  Disable LTO as bypass boo#1148184
-  Add libsodium_configure_cpuid_chg.patch and call autoconf
  to regenerate configure script with proper CPUID checking.
  Required at least for PowerPC and ARM now that LTO enabled.
- Update to 1.0.18
  - Enterprise versions of Visual Studio are now supported.
  - Visual Studio 2019 is now supported.
  - 32-bit binaries for Visual Studio 2010 are now provided.
  - A test designed to trigger an OOM condition didn't work on
    Linux systems with memory overcommit turned on. It has been
    removed in order to fix Ansible builds.
  - Emscripten: print and printErr functions are overridden to send
    errors to the console, if there is one.
  - Emscripten: UTF8ToString() is now exported since
    Pointer_stringify() has been deprecated.
  - Libsodium version detection has been fixed in the CMake recipe.
  - Generic hashing got a 10% speedup on AVX2.
  - New target: WebAssembly/WASI
    (compile with dist-builds/wasm32-wasi.sh).
  - New functions to map a hash to an edwards25519 point
    or get a random point:
    core_ed25519_from_hash() and core_ed25519_random().
  - crypto_core_ed25519_scalar_mul() has been implemented for
    scalar*scalar (mod L) multiplication.
  - Support for the Ristretto group has been implemented for
    interoperability with wasm-crypto.
  - Improvements have been made to the test suite.
  - Portability improvements have been made.
  - getentropy() is now used on systems providing this system call.
  - randombytes_salsa20 has been renamed to randombytes_internal.
  - Support for NativeClient has been removed.
  - Most ((nonnull)) attributes have been relaxed to allow 0-length
    inputs to be NULL.
  - The -ftree-vectorize and -ftree-slp-vectorize compiler switches
    are now used, if available, for optimized builds.
- Update to 1.0.17
  - Bug fix: sodium_pad() didn't properly support block sizes
    >= 256 bytes.
  - JS/WebAssembly: some old iOS versions can't instantiate the
    WebAssembly module; fall back to Javascript on these.
  - JS/WebAssembly: compatibility with newer Emscripten versions.
  - Bug fix: crypto_pwhash_scryptsalsa208sha256_str_verify() and
    crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()didn't
    returnEINVAL` on input strings with a short length, unlike
    their high-level counterpart.
  - Added a workaround for Visual Studio 2010 bug causing CPU
    features not to be detected.
  - Portability improvements.
  - Test vectors from Project Wycheproof have been added.
  - New low-level APIs for arithmetic mod the order of the prime
    order group:
  - crypto_core_ed25519_scalar_random(),
    crypto_core_ed25519_scalar_reduce(),
  - crypto_core_ed25519_scalar_invert(),
    crypto_core_ed25519_scalar_negate(),
  - crypto_core_ed25519_scalar_complement(),
    crypto_core_ed25519_scalar_add() and
    crypto_core_ed25519_scalar_sub().
  - New low-level APIs for scalar multiplication without clamping:
    crypto_scalarmult_ed25519_base_noclamp() and
    crypto_scalarmult_ed25519_noclamp().
    These new APIs are especially useful for blinding.
  - sodium_sub() has been implemented.
  - Support for WatchOS has been added.
  - getrandom(2) is now used on FreeBSD 12+.
  - The nonnull attribute has been added to all relevant
    prototypes.
  - More reliable AVX512 detection.
  - Javascript/Webassembly builds now use dynamic memory growth.
libsolv
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
  [bsc#1195633]
- bump version to 0.7.24
- fix "/keep installed"/ jobs not disabling "/best update"/ rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
libtirpc
- consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding
  to a random port (bsc#1199467)
  - add binddynport-honor-ip_local_reserved_ports.patch
libvirt
- CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList
  6425a311-virpci-Resolve-leak-in-virPCIVirtualFunctionList.patch
  bsc#1211390
- qemu: Fix potential crash during driver cleanup
  15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch
  bsc#1209861
- Apparmor: Add support for SUSE edk2 firmware paths
  4959490e-support-SUSE-edk2-firmware-paths.patch
  boo#1208567
- Fix lxc container initialization with systemd and hybrid cgroups
  suse-fix-lxc-container-init.patch
  boo#1183247
- qemu: Support specifying the virtual CPU address size in bits
  95c95f1b-virml-Introduce-VIR_XML_PROP_NONNEGATIVE-flag.patch,
  e6c29f09-conf-Add-support-for-specifying-CPU-max-physical-add.patch,
  c647bf29-capabilities-Report-number-of-host-CPU-physical-addr.patch,
  1c1a7cdd-qemu-Add-support-for-max-physical-address-size.patch,
  b5f63691-schema-Remove-optional-nesting-in-hostcpu-rng.patch,
  65e8ac6f-schema-Don-t-enforce-ordering-of-hostcpu-capabilitie.patch,
  231af0a0-schema-Add-maxphysaddr-element-to-hostcpu.patch,
  d81ae1f-docs-Fix-missing-slashes-in-the-maxphysaddr-example.patch,
  85aafea4-qemu-Remove-host-passthrough-validation-check-for-ho.patch
  bsc#1199583
libwebp
- Add libwebp-double-free.patch: Avoid a double free, upstream
  commit a486d800 (bsc#1210212 CVE-2023-1999).
libxml2
- Security update:
  * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn't deterministic
  - Added patch libxml2-CVE-2023-29469.patch
  * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
    xmlSchemaFixupComplexType
  - Added patch libxml2-CVE-2023-28484-1.patch
  - Added patch libxml2-CVE-2023-28484-2.patch
- Remove unneeded dependency (bsc#1209918).
- Add W3C conformance tests to the testsuite (bsc#1204585):
  * Added file xmlts20080827.tar.gz
libxslt
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
libyui
- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.3.7
- Qt UI: Fixed loading icons from an absolute path (bsc#1210591)
  https://github.com/libyui/libyui/pull/94
- 4.3.6
- Backported fix for main window stacking order in YQMainWinDock to avoid
  unintentional transparency when QSS-styling YQDialogs
  (bsc#1199020, bsc#1191112)
- 4.3.5
- Force messages from .ui file through our translation mechanism
  (bsc#1198097)
- 4.3.4
libzypp
- curl: Trim user agent string (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. Violation
  results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)
- Do not unconditionally release a medium if provideFile failed
  (bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
- MediaCurl: Fix endless loop if wrong credentials are stored in
  credentials.cat (bsc#1210870)
  Since libzypp-17.31.7 wrong credentials stored in credentials.cat
  may lead to an endless loop. Rather than asking for the right
  credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
  (bsc#1208329)
  Maximum time in seconds that you allow the connection phase to
  the server to take. This only limits the connection phase, it has
  no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)
- fix build with boost 1.82
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
  support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
  parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
  (boo#1127591)
  Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
  NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
  [#439])
  Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
  CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
- ProgressData: enforce reporting the INIT||END state
  (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
  (bsc#1205636)
- version 17.31.8 (22)
- Hint to "/zypper removeptf"/ to remove PTFs.
- Removing a PTF without enabled repos should always fail
  (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be
  removed (not replaced!) as well. To remove a PTF "/zypper install
  - - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
  This will update the installed PTF packages to theit latest
  version.
- version 17.31.7 (22)
- Avoid calling getsockopt when we know the info already.
  This patch hopefully fixes logging on WSL, getsockopt seems to
  not be fully supported but the code required it when accepting
  new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
  falling back.
- version 17.31.6 (22)
- Create '.no_auto_prune' in the package cache dir to prevent auto
  cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
- Do not clean up MediaSetAccess before using the geoip file
  (fixes #424)
- version 17.31.4 (22)
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
  settings.
- Implement geoIP feature for zypp.
  This patch adds a feature to rewrite request URLs to the repo
  servers by querying a geoIP file from download.opensuse.org. This
  file can return a redirection target depending on the clients IP
  adress, this way we can directly contact a local mirror of d.o.o
  instead. The redir target stays valid for 24hrs.
  This feature can be disabled in zypp.conf by setting
  'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server
  MediaMultiCurl used to fallback to a fixed, relatively small
  BLKSIZE. This patch changes the fallback into a dynamic value
  based on the filesize using a similar metric as the MirrorCache
  implementation on the server side.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to
  calculate if a repository needs to be refreshed. This
  optimisation only takes place if the repo does specify only
  downloading base urls.
- version 17.31.3 (22)
lifecycle-data-sle-module-live-patching
- Added data for 4_12_14-150100_197_134, 5_14_21-150400_24_41,
  5_14_21-150400_24_46, 5_3_18-150200_24_142,
  5_3_18-150300_59_109, 5_3_18-150300_59_112,
  +kernel-livepatch-5_14_21-150400_15_11-rt,*,2024-02-23+kernel-livepatch-5_14_21-150400_15_8-rt,*,2024-01-26 (bsc#1020320)
- Added data for 4_12_14-150000_150_109,
  4_12_14-150100_197_131, 5_14_21-150400_24_33,
  5_14_21-150400_24_38, 5_3_18-150200_24_139,
  5_3_18-150300_59_101, 5_3_18-150300_59_106,
  +kernel-livepatch-5_14_21-150400_15_5-rt,*,2023-12-23 (bsc#1020320)
- Added data for 4_12_14-150000_150_101, 4_12_14-150000_150_104,
  4_12_14-150100_197_123, 4_12_14-150100_197_126,
  5_14_21-150400_24_21, 5_14_21-150400_24_28,
  5_3_18-150200_24_129, 5_3_18-150200_24_134,
  5_3_18-150300_59_93, 5_3_18-150300_59_98. (bsc#1020320)
makedumpfile
- fix wrong free issue in init_xen_crash_info (bsc#1201209)
mlocate
- Pass "/--shell=/bin/sh"/ to "/su"/ when running the "/updatedb"/
  command so that we don't depend on the "/${RUN_UPDATEDB_AS}"/
  user's login shell. Since that user is "/nobody"/ by default, the
  login shell will oftentimes be "//bin/false"/. [jsc#PED-1717]
mozilla-nss
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
  fixes to PBKDF2 parameter validation.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
  validate extra PBKDF2 parameters according to FIPS 140-3.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
  update session->lastOpWasFIPS before destroying the key after
  derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
  CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
  CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
  excess code.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
  checks. Thanks to Martin for the DHKey parts.
- Add manpages to mozilla-nss-tools (bsc#1208242)
- update to NSS 3.79.4 (bsc#1208138)
  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
    (CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
  (bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
  * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
    (CVE-2022-23491)
- Update nss-fips-approved-crypto-non-ec.patch to disapprove the
  creation of DSA keys, i.e. mark them as not-fips (bsc#1201298)
- Update nss-fips-approved-crypto-non-ec.patch to allow the use SHA
  keygen mechs (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to ensure abort() is
  called when the repeat integrity check fails (bsc#1198980).
ncurses
- Modify patch ncurses-6.1.dif
  * Secure writing terminfo entries by setfs[gu]id in s[gu]id
    (boo#1210434, CVE-2023-29491)
  * Reading is done since 2000/01/17
net-snmp
- Hardening systemd services setting "/ProtectHome=true"/ caused home directory
  size and allocation to be listed incorrectly (bsc#1206044).
  add:
  * net-snmp-5.9.3-harden_snmpd.service.patch
  * net-snmp-5.9.3-harden_snmptrapd.service.patch
  delete:
  * net-snmp-5.9.1-harden_snmpd.service.patch
  * net-snmp-5.9.1-harden_snmptrapd.service.patch
- Fixed NULL pointer exception issue when handling ipDefaultTTL or
  pv6IpForwarding (bsc#1205148, CVE-2022-44793, bsc#1205150, CVE-2022-44792).
  add:
  * net-snmp-5.9.3-disallow_SET_requests_with_NULL_varbind.patch
- Enable AES-192 and AES-256 privacy protocol (bsc#1206828).
nfs-utils
- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride
  with a drop-in with a later sequence number.
  resource-agents does this.
  (bsc#1207843)
- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
  Add "/-S scope"/ option to rpc.nfsd to simplify fail-over cluster
  config.
  (bsc#1203746)
nftables
- add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this
  fixes a crash in nftables if layer2 reject rules are processed (e.g.
  Ethernet MAC address based reject rich rule in firewalld, bsc#1210773).
openldap2
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
  * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
openssh
- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
  This caused invalid and irrelevant environment assignments (bsc#1207014).
- Add openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish: Make ssh
  connections update their dbus environment (bsc#1179465).
openssl-1_1
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Add openssl-CVE-2022-4304.patch
  * Removed patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
  * Refreshed patches:
  - openssl-CVE-2023-0464.patch
  - openssl-CVE-2023-0465.patch
- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch
- Security Fix: [CVE-2023-2650, bsc#1211430]
  * Possible DoS translating ASN.1 object identifiers
  * Add openssl-CVE-2023-2650.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
FIPS: Service-level indicator [bsc#1208998]
  * Add additional check required by FIPS 140-3. Minimum values for
    PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for
    iteration count and 20 characters for password.
  * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
- FIPS: Serialize jitterentropy calls [bsc#1207994]
  * Add openssl-1_1-serialize-jitterentropy-calls.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
- FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182]
  * Add openssl-fips-DH-Pair-wise-Consistency.patch
pacemaker
- tools: Fix a segfault in error handling in crm_resource. (clbz#5496, bsc#1206761)
  * bsc#1206761-0001-High-tools-Fix-a-segfault-in-error-handling-in-crm_r.patch
- cts-scheduler: update test for preventing inactive instances from starting if probe is unrunnable on any nodes (bsc#1206263)
  * bsc#1206263-0006-Test-cts-scheduler-update-test-for-preventing-inacti.patch
- scheduler: prevent inactive instances from starting if probe is unrunnable on any nodes  (bsc#1206263)
  * bsc#1206263-0005-Fix-scheduler-prevent-inactive-instances-from-starti.patch
- libpacemaker: ensure any pending recurring monitor gets updated if it fails (bsc#1206263)
  * bsc#1206263-0004-Fix-libpacemaker-ensure-any-pending-recurring-monito.patch
- cts-scheduler: update test for preventing a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
  * bsc#1206263-0003-Test-cts-scheduler-update-test-for-preventing-a-left.patch
- scheduler: prevent a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
  * bsc#1206263-0002-Fix-scheduler-prevent-a-leftover-pending-monitor-fro.patch
- cts-scheduler: add test for preventing a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
  * bsc#1206263-0001-Test-cts-scheduler-add-test-for-preventing-a-leftove.patch
- Use effective OCF rc-code to avoid increasing failcount for DEGRADED statuses (bsc#1205861)
- Accept PCMK_OCF_DEGRADED and PCMK_OCF_DEGRADED_MASTER status codes (bsc#1205861)
patterns-base
- removed openssl1_0_0, it is not certifed in SLES 15 (bsc#1209108)
- change FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
polkit-default-privs
- Update to version 13.2+20230317.d2bceab:
  * backport of kinfocenter5 (bsc#1209378)
- Update to version 13.2+20221216.a0c29e6:
  * backport usbguard actions (bsc#1206414)
procps
- Add patch bsc1209122-a6c0795d.patch
  * Fix for bsc#1209122 to allow `-´ as leading character to ignore
    possible errors on systctl entries
- Extend patch procps-3.3.17-library-bsc1181475.patch (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
purge-kernels-service
- Change service type to exec (boo#1198668).
python-PyJWT
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
  was fixed upstream in version 2.4.0
- Update to 2.4.0 (CVE-2022-29217 boo#1199756)
  - Security
  - [CVE-2022-29217] Prevent key confusion through
    non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
  - Other changes:
  - Explicit check the key for ECAlgorithm by @estin in
    https://github.com/jpadilla/pyjwt/pull/713
  - Raise DeprecationWarning for jwt.decode(verify=...) by @akx
    in https://github.com/jpadilla/pyjwt/pull/742
  - Don't use implicit optionals by @rekyungmin in
    https://github.com/jpadilla/pyjwt/pull/705
  - documentation fix: show correct scope for decode_complete()
    by @sseering in https://github.com/jpadilla/pyjwt/pull/661
  - fix: Update copyright information by @kkirsche in
    https://github.com/jpadilla/pyjwt/pull/729
  - Don't mutate options dictionary in .decode_complete() by @akx
    in https://github.com/jpadilla/pyjwt/pull/743
  - Add support for Python 3.10 by @hugovk in
    https://github.com/jpadilla/pyjwt/pull/699
  - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in
    https://github.com/jpadilla/pyjwt/pull/725
  - Update usage.rst by @guneybilen in
    https://github.com/jpadilla/pyjwt/pull/727
  - Docs: mention performance reasons for reusing RSAPrivateKey
    when encoding by @dmahr1 in
    https://github.com/jpadilla/pyjwt/pull/734
  - Fixed typo in usage.rst by @israelabraham in
    https://github.com/jpadilla/pyjwt/pull/738
  - Add detached payload support for JWS encoding and decoding by
    @fviard in https://github.com/jpadilla/pyjwt/pull/723
  - Replace various string interpolations with f-strings by @akx
    in https://github.com/jpadilla/pyjwt/pull/744
- Update to 2.3.0
  * Revert "/Remove arbitrary kwargs."/ (#701)
  * Add exception chaining (#702)
- from version 2.2.0
  * Remove arbitrary kwargs. (#657)
  * Use timezone package as Python 3.5+ is required. (#694)
  * Assume JWK without the "/use"/ claim is valid for signing
    as per RFC7517 (#668)
  * Prefer `headers["/alg"/]` to `algorithm` in `jwt.encode()`. (#673)
  * Fix aud validation to support {'aud': null} case. (#670)
  * Make `typ` optional in JWT to be compliant with RFC7519. (#644)
  * Remove upper bound on cryptography version. (#693)
  * Add support for Ed448/EdDSA. (#675)
- update to 2.1.0:
  - Allow claims validation without making JWT signature validation mandatory. `
  - Remove padding from JWK test data. `
  - Make `kty` mandatory in JWK to be compliant with RFC7517. `
  - Allow JWK without `alg` to be compliant with RFC7517. `
  - Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `
  - Add caching by default to PyJWKClient `
  - Add missing exceptions.InvalidKeyError to jwt module __init__ imports `
  - Add support for ES256K algorithm `
  - Add `from_jwk()` to Ed25519Algorithm `
  - Add `to_jwk()` to Ed25519Algorithm `
  - Export `PyJWK` and `PyJWKSet`
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.0.1:
  * Drop support for Python 2 and Python 3.0-3.5
  * Require cryptography >= 3
  * Drop support for PyCrypto and ECDSA
  * Drop CLI
  * Improve typings
  * Dropped deprecated errors
  * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
  * Dropped deprecated ``verify`` param in ``jwt.decode(...)``
  * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
  * Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
  * Introduce better experience for JWKs
  * further details see included CHANGELOG.rst
- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)
python-PyNaCl
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- six is needed by testsuite
- Update to 1.4.0
  * Update ``libsodium`` to 1.0.18.
  * **BACKWARDS INCOMPATIBLE:** We no longer distribute 32-bit ``manylinux1``
    wheels. Continuing to produce them was a maintenance burden.
  * Added support for Python 3.8, and removed support for Python 3.4.
  * Add low level bindings for extracting the seed and the public key
    from crypto_sign_ed25519 secret key
  * Add low level bindings for deterministic random generation.
  * Add ``wheel`` and ``setuptools`` setup_requirements in ``setup.py`` (#485)
  * Fix checks on very slow builders (#481, #495)
  * Add low-level bindings to ed25519 arithmetic functions
  * Update low-level blake2b state implementation
  * Fix wrong short-input behavior of SealedBox.decrypt() (#517)
  * Raise CryptPrefixError exception instead of InvalidkeyError when trying
    to check a password against a verifier stored in a unknown format (#519)
  * Add support for minimal builds of libsodium. Trying to call functions
    not available in a minimal build will raise an UnavailableError
    exception. To compile a minimal build of the bundled libsodium, set
    the SODIUM_INSTALL_MINIMAL environment variable to any non-empty
    string (e.g. ``SODIUM_INSTALL_MINIMAL=1``) for setup.
- removed obsolete back-port patch:
  * fix_tests.patch
  * hypothesis-no-unilmited.patch
  * python-PyNaCl-hypothesis-remove-average_size.patch
- Fix tests with latest hypothesis:
  * hypothesis-no-unilmited.patch
- Add missing runtime dependency on cffi
- add fix_tests.patch for new pytest
- run the testsuite
- added patches
  https://github.com/pyca/pynacl/commit/a8c08b18f3a2e8f2140c531afaf42715fcab68e7
  + python-PyNaCl-hypothesis-remove-average_size.patch
- Update to 1.3.0
  * Added support for Python 3.7.
  * Run and test all code examples in PyNaCl docs through sphinx's doctest
    builder.
  * Add low-level bindings for chacha20-poly1305 AEAD constructions.
  * Add low-level bindings for the chacha20-poly1305 secretstream
    constructions.
  * Add low-level bindings for ed25519ph pre-hashed signing construction.
  * Add low-level bindings for constant-time increment and addition on
    fixed-precision big integers represented as little-endian byte sequences.
  * Add low-level bindings for the ISO/IEC 7816-4 compatible padding API.
  * Add low-level bindings for libsodium's crypto_kx... key exchange
    construction.
  * Set hypothesis deadline to None in tests/test_pwhash.py to avoid incorrect
    test failures on slower processor architectures.
python-boto3
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Update to 1.26.89
  * api-change:``ivschat``: [``botocore``] This release adds a new exception returned when calling
    AWS IVS chat UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return
    ConflictException when invalid updates are made in sequence to Logging Configurations.
  * api-change:``secretsmanager``: [``botocore``] The type definitions of SecretString and
    SecretBinary now have a minimum length of 1 in the model to match the exception thrown when you
    pass in empty values.
- from version 1.26.88
  * api-change:``codeartifact``: [``botocore``] This release introduces the generic package format, a
    mechanism for storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to
    allow for publishing generic packages.
  * api-change:``connect``: [``botocore``] This release adds a new API, GetMetricDataV2, which
    returns metric data for Amazon Connect.
  * api-change:``evidently``: [``botocore``] Updated entity override documentation
  * api-change:``networkmanager``: [``botocore``] This update provides example usage for
    TransitGatewayRouteTableArn.
  * api-change:``quicksight``: [``botocore``] This release has two changes: add state persistence
    feature for embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties
    for hidden collapsed row dimensions in PivotTableOptions.
  * api-change:``redshift-data``: [``botocore``] Added support for Redshift Serverless workgroup-arn
    wherever the WorkgroupName parameter is available.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now allows SSM access to
    customer's model container by setting the "/EnableSSMAccess"/ parameter for a ProductionVariant in
    CreateEndpointConfig API.
  * api-change:``servicediscovery``: [``botocore``] Updated all AWS Cloud Map APIs to provide
    consistent throttling exception (RequestLimitExceeded)
  * api-change:``sesv2``: [``botocore``] This release introduces a new recommendation in Virtual
    Deliverability Manager Advisor, which detects missing or misconfigured Brand Indicator for Message
    Identification (BIMI) DNS records for customer sending identities.
- from version 1.26.87
  * api-change:``athena``: [``botocore``] A new field SubstatementType is added to GetQueryExecution
    API, so customers have an error free way to detect the query type and interpret the result.
  * api-change:``dynamodb``: [``botocore``] Adds deletion protection support to DynamoDB tables.
    Tables with deletion protection enabled cannot be deleted. Deletion protection is disabled by
    default, can be enabled via the CreateTable or UpdateTable APIs, and is visible in
    TableDescription. This setting is not replicated for Global Tables.
  * api-change:``ec2``: [``botocore``] Introducing Amazon EC2 C7g, M7g and R7g instances, powered by
    the latest generation AWS Graviton3 processors and deliver up to 25% better performance over
    Graviton2-based instances.
  * api-change:``lakeformation``: [``botocore``] This release adds two new API support
    "/GetDataCellsFiler"/ and "/UpdateDataCellsFilter"/, and also updates the corresponding documentation.
  * api-change:``mediapackage-vod``: [``botocore``] This release provides the date and time VOD
    resources were created.
  * api-change:``mediapackage``: [``botocore``] This release provides the date and time live
    resources were created.
  * api-change:``route53resolver``: [``botocore``] Add dual-stack and IPv6 support for Route 53
    Resolver Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
  * api-change:``sagemaker``: [``botocore``] There needs to be a user identity to specify the
    SageMaker user who perform each action regarding the entity. However, these is a not a unified
    concept of user identity across SageMaker service that could be used today.
- from version 1.26.86
  * api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor Target Recommendation APIs
    and exposes functionality for DMS Fleet Advisor. It adds functionality to start Target
    Recommendation calculation.
  * api-change:``location``: [``botocore``] Documentation update for the release of 3 additional map
    styles for use with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open
    Data Visualization Dark.
- from version 1.26.85
  * api-change:``account``: [``botocore``] AWS Account alternate contact email addresses can now have
    a length of 254 characters and contain the character "/|"/.
  * api-change:``ivs``: [``botocore``] Updated text description in DeleteChannel, Stream, and
    StreamSummary.
- from version 1.26.84
  * api-change:``dynamodb``: [``botocore``] Documentation updates for DynamoDB.
  * api-change:``ec2``: [``botocore``] This release adds support for a new boot mode for EC2
    instances called 'UEFI Preferred'.
  * api-change:``macie2``: [``botocore``] Documentation updates for Amazon Macie
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has improved
    handling for different input and output color space combinations.
  * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for Nielsen
    watermark timezones.
  * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports role access for these
    API operations: CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and
    UpdateVocabularyFilter.
- from version 1.26.83
  * api-change:``iot``: [``botocore``] A recurring maintenance window is an optional configuration
    used for rolling out the job document to all devices in the target group observing a predetermined
    start time, duration, and frequency that the maintenance window occurs.
  * api-change:``migrationhubstrategy``: [``botocore``] This release updates the File Import API to
    allow importing servers already discovered by customers with reduced pre-requisites.
  * api-change:``organizations``: [``botocore``] This release introduces a new reason code,
    ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
  * api-change:``pi``: [``botocore``] This release adds a new field PeriodAlignment to allow the
    customer specifying the returned timestamp of time periods to be either the start or end time.
  * api-change:``pipes``: [``botocore``] This release fixes some input parameter range and patterns.
  * api-change:``sagemaker``: [``botocore``] Add a new field "/EndpointMetrics"/ in SageMaker Inference
    Recommender "/ListInferenceRecommendationsJobSteps"/ API response.
- from version 1.26.82
  * api-change:``codecatalyst``: [``botocore``] Published Dev Environments StopDevEnvironmentSession
    API
  * api-change:``pricing``: [``botocore``] This release adds 2 new APIs - ListPriceLists which
    returns a list of applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve
    your price lists from the generated file from ListPriceLists
  * api-change:``s3outposts``: [``botocore``] S3 on Outposts introduces a new API ListOutpostsWithS3,
    with this API you can list all your Outposts with S3 capacity.
- from version 1.26.81
  * enhancement:Documentation: Splits service documentation into multiple sub-pages for better
    organization and faster loading time.
  * enhancement:Documentation: [``botocore``] Splits service documentation into multiple sub-pages
    for better organization and faster loading time.
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports flywheels to help you
    train and manage new model versions for custom models.
  * api-change:``ec2``: [``botocore``] This release allows IMDS support to be set to v2-only on an
    existing AMI, so that all future instances launched from that AMI will use IMDSv2 by default.
  * api-change:``kms``: [``botocore``] AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm
    option in the GetParametersForImport API that is used in the AWS KMS Import Key Material feature.
    AWS KMS will end support for this wrapping algorithm by October 1, 2023.
  * api-change:``lightsail``: [``botocore``] This release adds Lightsail for Research feature
    support, such as GUI session access, cost estimates, stop instance on idle, and disk auto mount.
  * api-change:``managedblockchain``: [``botocore``] This release adds support for tagging to the
    accessor resource in Amazon Managed Blockchain
  * api-change:``omics``: [``botocore``] Minor model changes to accomodate batch imports feature
- from version 1.26.80
  * api-change:``devops-guru``: [``botocore``] This release adds the description field on
    ListAnomaliesForInsight and DescribeAnomaly API responses for proactive anomalies.
  * api-change:``drs``: [``botocore``] New fields were added to reflect availability zone data in
    source server and recovery instance description commands responses, as well as source server launch
    status.
  * api-change:``internetmonitor``: [``botocore``] CloudWatch Internet Monitor is a a new service
    within CloudWatch that will help application developers and network engineers continuously monitor
    internet performance metrics such as availability and performance between their AWS-hosted
    applications and end-users of these applications
  * api-change:``lambda``: [``botocore``] This release adds the ability to create ESMs with Document
    DB change streams as event source. For more information see
    https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for HDR10 to SDR tone mapping, and animated GIF video input sources.
  * api-change:``timestream-write``: [``botocore``] This release adds the ability to ingest batched
    historical data or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.26.79
  * api-change:``connect``: [``botocore``] StartTaskContact API now supports linked task creation
    with a new optional RelatedContactId parameter
  * api-change:``connectcases``: [``botocore``] This release adds the ability to delete domains
    through the DeleteDomain API. For more information see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``redshift``: [``botocore``] Documentation updates for Redshift API bringing it in
    line with IAM best practices.
  * api-change:``securityhub``: [``botocore``] New Security Hub APIs and updates to existing APIs
    that help you consolidate control findings and enable and disable controls across all supported
    standards
  * api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- Update BuildRequires and Requires from setup.py
- Update to 1.26.78
  * api-change:``appflow``: [``botocore``] This release enables the customers to choose whether to
    use Private Link for Metadata and Authorization call when using a private Salesforce connections
  * api-change:``ecs``: [``botocore``] This release supports deleting Amazon ECS task definitions
    that are in the INACTIVE state.
  * api-change:``grafana``: [``botocore``] Doc-only update. Updated information on attached role
    policies for customer provided roles
  * api-change:``guardduty``: [``botocore``] Updated API and data types descriptions for
    CreateFilter, UpdateFilter, and TriggerDetails.
  * api-change:``iotwireless``: [``botocore``] In this release, we add additional capabilities for
    the FUOTA which allows user to configure the fragment size, the sending interval and the redundancy
    ratio of the FUOTA tasks
  * api-change:``location``: [``botocore``] This release adds support for using Maps APIs with an API
    Key in addition to AWS Cognito. This includes support for adding, listing, updating and deleting
    API Keys.
  * api-change:``macie2``: [``botocore``] This release adds support for a new finding type,
    Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
    shared with an Amazon CloudFront OAI or OAC.
  * api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF v2 web ACL with an AWS App
    Runner service.
- from version 1.26.77
  * api-change:``chime-sdk-voice``: [``botocore``] This release introduces support for Voice
    Connector media metrics in the Amazon Chime SDK Voice namespace
  * api-change:``cloudfront``: [``botocore``] CloudFront now supports block lists in origin request
    policies so that you can forward all headers, cookies, or query string from viewer requests to the
    origin *except* for those specified in the block list.
  * api-change:``datasync``: [``botocore``] AWS DataSync has relaxed the minimum length constraint of
    AccessKey for Object Storage locations to 1.
  * api-change:``opensearch``: [``botocore``] This release lets customers configure Off-peak window
    and software update related properties for a new/existing domain. It enhances the capabilities of
    StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
    allows Auto-tune to make use of Off-peak window.
  * api-change:``rum``: [``botocore``] CloudWatch RUM now supports CloudWatch Custom Metrics
  * api-change:``ssm``: [``botocore``] Document only update for Feb 2023
- from version 1.26.76
  * api-change:``quicksight``: [``botocore``] S3 data sources now accept a custom IAM role.
  * api-change:``resiliencehub``: [``botocore``] In this release we improved resilience hub
    application creation and maintenance by introducing new resource and app component crud APIs,
    improving visibility and maintenance of application input sources and added support for additional
    information attributes to be provided by customers.
  * api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
  * api-change:``tnb``: [``botocore``] This is the initial SDK release for AWS Telco Network Builder
    (TNB). AWS Telco Network Builder is a network automation service that helps you deploy and manage
    telecom networks.
- from version 1.26.75
  * bugfix:SSO: [``botocore``] Fixes aws/aws-cli`#7496
    <https://github.com/aws/aws-cli/issues/7496>`__ by using the correct profile name rather than the
    one set in the session.
  * api-change:``auditmanager``: [``botocore``] This release introduces a
    ServiceQuotaExceededException to the UpdateAssessmentFrameworkShare API operation.
  * api-change:``connect``: [``botocore``] Reasons for failed diff has been approved by SDK Reviewer
- from version 1.26.74
  * api-change:``apprunner``: [``botocore``] This release supports removing MaxSize limit for
    AutoScalingConfiguration.
  * api-change:``glue``: [``botocore``] Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.26.73
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``grafana``: [``botocore``] With this release Amazon Managed Grafana now supports
    inbound Network Access Control that helps you to restrict user access to your Grafana workspaces
  * api-change:``ivs``: [``botocore``] Doc-only update. Updated text description in DeleteChannel,
    Stream, and StreamSummary.
  * api-change:``wafv2``: [``botocore``] Added a notice for account takeover prevention (ATP). The
    interface incorrectly lets you to configure ATP response inspection in regional web ACLs in Region
    US East (N. Virginia), without returning an error. ATP response inspection is only available in web
    ACLs that protect CloudFront distributions.
- from version 1.26.72
  * api-change:``cloudtrail``: [``botocore``] This release adds an
    InsufficientEncryptionPolicyException type to the StartImport endpoint
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``frauddetector``: [``botocore``] This release introduces Lists feature which allows
    customers to reference a set of values in Fraud Detector's rules. With Lists, customers can
    dynamically manage these attributes in real time. Lists can be created/deleted and its contents can
    be modified using the Fraud Detector API.
  * api-change:``glue``: [``botocore``] Fix DirectJDBCSource not showing up in CLI code gen
  * api-change:``privatenetworks``: [``botocore``] This release introduces a new
    StartNetworkResourceUpdate API, which enables return/replacement of hardware from a NetworkSite.
  * api-change:``rds``: [``botocore``] Database Activity Stream support for RDS for SQL Server.
  * api-change:``wafv2``: [``botocore``] For protected CloudFront distributions, you can now use the
    AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login
    attempts from clients that have recently submitted too many failed login attempts.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.71
  * api-change:``appconfig``: [``botocore``] AWS AppConfig now offers the option to set a version
    label on hosted configuration versions. Version labels allow you to identify specific hosted
    configuration versions based on an alternate versioning scheme that you define.
  * api-change:``datasync``: [``botocore``] With this launch, we are giving customers the ability to
    use older SMB protocol versions, enabling them to use DataSync to copy data to and from their
    legacy storage arrays.
  * api-change:``ec2``: [``botocore``] With this release customers can turn host maintenance on or
    off when allocating or modifying a supported dedicated host. Host maintenance is turned on by
    default for supported hosts.
- from version 1.26.70
  * api-change:``account``: [``botocore``] This release of the Account Management API enables
    customers to view and manage whether AWS Opt-In Regions are enabled or disabled for their Account.
    For more information, see
    https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
  * api-change:``appconfigdata``: [``botocore``] AWS AppConfig now offers the option to set a version
    label on hosted configuration versions. If a labeled hosted configuration version is deployed, its
    version label is available in the GetLatestConfiguration response.
  * api-change:``snowball``: [``botocore``] Adds support for EKS Anywhere on Snowball. AWS Snow
    Family customers can now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.26.69
  * api-change:``autoscaling``: [``botocore``] You can now either terminate/replace, ignore, or wait
    for EC2 Auto Scaling instances on standby or protected from scale in. Also, you can also roll back
    changes from a failed instance refresh.
  * api-change:``connect``: [``botocore``] This update provides the Wisdom session ARN for contacts
    enabled for Wisdom in the chat channel.
  * api-change:``ec2``: [``botocore``] Adds support for waiters that automatically poll for an
    imported snapshot until it reaches the completed state.
  * api-change:``polly``: [``botocore``] Amazon Polly adds two new neural Japanese voices - Kazuha,
    Tomoko
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for selecting
    algorithms in CreateAutoMLJob API.
  * api-change:``sns``: [``botocore``] This release adds support for SNS X-Ray active tracing as well
    as other updates.
- from version 1.26.68
  * api-change:``chime-sdk-meetings``: [``botocore``] Documentation updates for Chime Meetings SDK
  * api-change:``emr-containers``: [``botocore``] EMR on EKS allows configuring retry policies for
    job runs through the StartJobRun API. Using retry policies, a job cause a driver pod to be
    restarted automatically if it fails or is deleted. The job's status can be seen in the
    DescribeJobRun and ListJobRun APIs and monitored using CloudWatch events.
  * api-change:``evidently``: [``botocore``] Updated entity overrides parameter to accept up to 2500
    overrides or a total of 40KB.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``lightsail``: [``botocore``] Documentation updates for Lightsail
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for
    creating environments with a network fabric type of NONE
  * api-change:``workdocs``: [``botocore``] Doc only update for the WorkDocs APIs.
  * api-change:``workspaces``: [``botocore``] Removed Windows Server 2016 BYOL and made changes based
    on IAM campaign.
- from version 1.26.67
  * api-change:``backup``: [``botocore``] This release added one attribute (resource name) in the
    output model of our 9 existing APIs in AWS backup so that customers will see the resource name at
    the output. No input required from Customers.
  * api-change:``cloudfront``: [``botocore``] CloudFront Origin Access Control extends support to AWS
    Elemental MediaStore origins.
  * api-change:``glue``: [``botocore``] DirectJDBCSource + Glue 4.0 streaming options
  * api-change:``lakeformation``: [``botocore``] This release removes the LFTagpolicyResource
    expression limits.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.66
  * api-change:``transfer``: [``botocore``] Updated the documentation for the ImportCertificate API
    call, and added examples.
- from version 1.26.65
  * api-change:``compute-optimizer``: [``botocore``] AWS Compute optimizer can now infer if Kafka is
    running on an instance.
  * api-change:``customer-profiles``: [``botocore``] This release deprecates the PartyType and Gender
    enum data types from the Profile model and replaces them with new PartyTypeString and GenderString
    attributes, which accept any string of length up to 255.
  * api-change:``frauddetector``: [``botocore``] My AWS Service (Amazon Fraud Detector) - This
    release introduces Cold Start Model Training which optimizes training for small datasets and adds
    intelligent methods for treating unlabeled data. You can now train Online Fraud Insights or
    Transaction Fraud Insights models with minimal historical-data.
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added improved
    scene change detection capabilities and a bandwidth reduction filter, along with video quality
    enhancements, to the AVC encoder.
  * api-change:``outposts``: [``botocore``] Adds OrderType to Order structure. Adds PreviousOrderId
    and PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
    length of pagination token.
- from version 1.26.64
  * enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.16.9
  * api-change:``proton``: [``botocore``] Add new GetResourcesSummary API
  * api-change:``redshift``: [``botocore``] Corrects descriptions of the parameters for the API
    operations RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.26.63
  * api-change:``appconfig``: [``botocore``] AWS AppConfig introduces KMS customer-managed key (CMK)
    encryption of configuration data, along with AWS Secrets Manager as a new configuration data
    source. S3 objects using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now
    supported.
  * api-change:``connect``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``keyspaces``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``quicksight``: [``botocore``] QuickSight support for Radar Chart and Dashboard
    Publish Options
  * api-change:``redshift``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``sso-admin``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.62
  * bugfix:``s3``: [``botocore``] boto3 no longer overwrites user supplied `Content-Encoding` with
    `aws-chunked` when user also supplies `ChecksumAlgorithm`.
  * api-change:``devops-guru``: [``botocore``] This release adds filter support ListAnomalyForInsight
    API.
  * api-change:``forecast``: [``botocore``] This release will enable customer select INCREMENTAL as
    ImportModel in Forecast's CreateDatasetImportJob API. Verified latest SDK containing required
    attribute, following https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``mediatailor``: [``botocore``] The AWS Elemental MediaTailor SDK for Channel Assembly
    has added support for program updates, and the ability to clip the end of VOD sources in programs.
  * api-change:``sns``: [``botocore``] Additional attributes added for set-topic-attributes.
- from version 1.26.61
  * api-change:``accessanalyzer``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``appsync``: [``botocore``] This release introduces the feature to support EventBridge
    as AppSync data source.
  * api-change:``cloudtrail-data``: [``botocore``] Add CloudTrail Data Service to enable users to
    ingest activity events from non-AWS sources into CloudTrail Lake.
  * api-change:``cloudtrail``: [``botocore``] Add new "/Channel"/ APIs to enable users to manage
    channels used for CloudTrail Lake integrations, and "/Resource Policy"/ APIs to enable users to
    manage the resource-based permissions policy attached to a channel.
  * api-change:``codeartifact``: [``botocore``] This release introduces a new DeletePackage API,
    which enables deletion of a package and all of its versions from a repository.
  * api-change:``connectparticipant``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
    regions in SDK.
  * api-change:``ec2``: [``botocore``] This launch allows customers to associate up to 8 IP addresses
    to their NAT Gateways to increase the limit on concurrent connections to a single destination by
    eight times from 55K to 440K.
  * api-change:``groundstation``: [``botocore``] DigIF Expansion changes to the Customer APIs.
  * api-change:``iot``: [``botocore``] Added support for IoT Rules Engine Cloudwatch Logs action
    batch mode.
  * api-change:``kinesis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service adds the option for a VPC
    endpoint connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3.
    You can now use remote reindex to copy indices from one VPC domain to another without a reverse
    proxy.
  * api-change:``outposts``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``polly``: [``botocore``] Amazon Polly adds two new neural American English voices -
    Ruth, Stephen
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    more completion criteria for Hyperparameter Optimization.
  * api-change:``securityhub``: [``botocore``] New fields have been added to the AWS Security Finding
    Format. Compliance.SecurityControlId is a unique identifier for a security control across
    standards. Compliance.AssociatedStandards contains all enabled standards in which a security
    control is enabled.
  * api-change:``support``: [``botocore``] This fixes incorrect endpoint construction when a customer
    is explicitly setting a region.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.60
  * api-change:``clouddirectory``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``cloudformation``: [``botocore``] This feature provides a method of obtaining which
    regions a stackset has stack instances deployed in.
  * api-change:``discovery``: [``botocore``] Update ImportName validation to 255 from the current
    length of 100
  * api-change:``dlm``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: [``botocore``] We add Prefix Lists as a new route destination option for
    LocalGatewayRoutes. This will allow customers to create routes to Prefix Lists. Prefix List routes
    will allow customers to group individual CIDR routes with the same target into a single route.
  * api-change:``imagebuilder``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``kafka``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``mediaconvert``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
  * api-change:``swf``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.26.59
  * api-change:``application-autoscaling``: [``botocore``] Enabled FIPS endpoints for GovCloud (US)
    regions in SDK.
  * api-change:``appstream``: [``botocore``] Fixing the issue where Appstream waiters hang for
    fleet_started and fleet_stopped.
  * api-change:``elasticbeanstalk``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions
    in SDK.
  * api-change:``fis``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``glacier``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrass``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrassv2``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) in SDK.
  * api-change:``mediatailor``: [``botocore``] This release introduces the As Run logging type, along
    with API and documentation updates.
  * api-change:``outposts``: [``botocore``] Adding support for payment term in GetOrder, CreateOrder
    responses.
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: [``botocore``] This release supports running SageMaker Training jobs
    with container images that are in a private Docker registry.
  * api-change:``serverlessrepo``: [``botocore``] Enabled FIPS endpoints for GovCloud (US) regions in
    SDK.
- Update BuildRequires and Requires from setup.py
- Update to 1.26.58
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``iotfleetwise``: [``botocore``] Add model validation to BatchCreateVehicle and
    BatchUpdateVehicle operations that invalidate requests with an empty vehicles list.
  * api-change:``s3``: [``botocore``] Allow FIPS to be used with path-style URLs.
- from version 1.26.57
  * api-change:``cloudformation``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``ec2``: [``botocore``] This release adds new functionality that allows customers to
    provision IPv6 CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing
    customers to utilize IPAM Resource Discovery APIs.
  * api-change:``m2``: [``botocore``] Add returnCode, batchJobIdentifier in GetBatchJobExecution
    response, for user to view the batch job execution result & unique identifier from engine. Also
    removed unused headers from REST APIs
  * api-change:``polly``: [``botocore``] Add 5 new neural voices - Sergio (es-ES), Andres (es-MX),
    Remi (fr-FR), Adriano (it-IT) and Thiago (pt-BR).
  * api-change:``redshift-serverless``: [``botocore``] Added query monitoring rules as possible
    parameters for create and update workgroup operations.
  * api-change:``s3control``: [``botocore``] Add additional endpoint tests for S3 Control. Fix
    missing endpoint parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix,
    those operations may have resulted in an invalid endpoint being resolved.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now decouples from Model
    Registry and could accept Model Name to invoke inference recommendations job; Inference Recommender
    now provides CPU/Memory Utilization metrics data in recommendation output.
  * api-change:``sts``: [``botocore``] Doc only change to update wording in a key topic
- from version 1.26.56
  * api-change:``databrew``: [``botocore``] Enabled FIPS us-gov-west-1 endpoints in SDK.
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Melbourne)
    Region (ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs
    in that region.
  * api-change:``ssm-sap``: [``botocore``] This release provides updates to documentation and support
    for listing operations performed by AWS Systems Manager for SAP.
- from version 1.26.55
  * api-change:``lambda``: [``botocore``] Release Lambda RuntimeManagementConfig, enabling customers
    to better manage runtime updates to their Lambda functions. This release adds two new APIs,
    GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
    Create/Get/Update function APIs.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Inference now supports P4de instance
    types.
- from version 1.26.54
  * api-change:``ec2``: [``botocore``] C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd
    Generation Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of
    3.5 GHz.
  * api-change:``ivs``: [``botocore``] API and Doc update. Update to arns field in BatchGetStreamKey.
    Also updates to operations and structures.
  * api-change:``quicksight``: [``botocore``] This release adds support for data bars in QuickSight
    table and increases pivot table field well limit.
- from version 1.26.53
  * api-change:``appflow``: [``botocore``] Adding support for Salesforce Pardot connector in Amazon
    AppFlow.
  * api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
  * api-change:``connect``: [``botocore``] Amazon Connect Chat introduces Persistent Chat, allowing
    customers to resume previous conversations with context and transcripts carried over from previous
    chats, eliminating the need to repeat themselves and allowing agents to provide personalized
    service with access to entire conversation history.
  * api-change:``connectparticipant``: [``botocore``] This release updates Amazon Connect
    Participant's GetTranscript api to provide transcripts of past chats on a persistent chat session.
  * api-change:``ec2``: [``botocore``] Adds SSM Parameter Resource Aliasing support to EC2 Launch
    Templates. Launch Templates can now store parameter aliases in place of AMI Resource IDs.
    CreateLaunchTemplateVersion and DescribeLaunchTemplateVersions now support a convenience flag,
    ResolveAlias, to return the resolved parameter value.
  * api-change:``glue``: [``botocore``] Release Glue Studio Hudi Data Lake Format for SDK/CLI
  * api-change:``groundstation``: [``botocore``] Add configurable prepass and postpass times for
    DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
    through ReserveContact
  * api-change:``logs``: [``botocore``] Bug fix - Removed the regex pattern validation from
    CoralModel to avoid potential security issue.
  * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive adds support for SCTE 35
    preRollMilliSeconds.
  * api-change:``opensearch``: [``botocore``] This release adds the enhanced dry run option, that
    checks for validation errors that might occur when deploying configuration changes and provides a
    summary of these errors, if any. The feature will also indicate whether a blue/green deployment
    will be required to apply a change.
  * api-change:``panorama``: [``botocore``] Added AllowMajorVersionUpdate option to OTAJobConfig to
    make appliance software major version updates opt-in.
  * api-change:``sagemaker``: [``botocore``] HyperParameterTuningJobs now allow passing environment
    variables into the corresponding TrainingJobs
- Update BuildRequires and Requires from setup.py
- Update to 1.26.52
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``ivschat``: [``botocore``] Updates the range for a Chat Room's
    maximumMessageRatePerSecond field.
  * api-change:``wafv2``: [``botocore``] Improved the visibility of the guidance for updating AWS WAF
    resources, such as web ACLs and rule groups.
- from version 1.26.51
  * api-change:``billingconductor``: [``botocore``] This release adds support for SKU Scope for
    pricing plans.
  * api-change:``cloud9``: [``botocore``] Added minimum value to AutomaticStopTimeMinutes parameter.
  * api-change:``imagebuilder``: [``botocore``] Add support for AWS Marketplace product IDs as input
    during CreateImageRecipe for the parent-image parameter. Add support for listing third-party
    components.
  * api-change:``network-firewall``: [``botocore``] Network Firewall now allows creation of dual
    stack endpoints, enabling inspection of IPv6 traffic.
- from version 1.26.50
  * api-change:``connect``: [``botocore``] This release updates the responses of
    UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName and DeleteContactFlow
    API with empty responses.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``outposts``: [``botocore``] This release adds POWER_30_KVA as an option for
    PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure in the CreateSite
    request.
  * api-change:``resource-groups``: [``botocore``] AWS Resource Groups customers can now turn on
    Group Lifecycle Events in their AWS account. When you turn this on, Resource Groups monitors your
    groups for changes to group state or membership. Those changes are sent to Amazon EventBridge as
    events that you can respond to using rules you create.
- from version 1.26.49
  * api-change:``cleanrooms``: [``botocore``] Initial release of AWS Clean Rooms
  * api-change:``lambda``: [``botocore``] Add support for MaximumConcurrency parameter for SQS event
    source. Customers can now limit the maximum concurrent invocations for their SQS Event Source
    Mapping.
  * api-change:``logs``: [``botocore``] Bug fix: logGroupName is now not a required field in
    GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams APIs as logGroupIdentifier
    can be provided instead
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for compact DASH manifest generation, audio normalization using TruePeak measurements, and the
    ability to clip the sample range in the color corrector.
  * api-change:``secretsmanager``: [``botocore``] Update documentation for new ListSecrets and
    DescribeSecret parameters
- from version 1.26.48
  * api-change:``kendra``: [``botocore``] This release adds support to new document types - RTF, XML,
    XSLT, MS_EXCEL, CSV, JSON, MD
- from version 1.26.47
  * api-change:``location``: [``botocore``] This release adds support for two new route travel
    models, Bicycle and Motorcycle which can be used with Grab data source.
  * api-change:``rds``: [``botocore``] This release adds support for configuring allocated storage on
    the CreateDBInstanceReadReplica, RestoreDBInstanceFromDBSnapshot, and
    RestoreDBInstanceToPointInTime APIs.
- from version 1.26.46
  * api-change:``ecr-public``: [``botocore``] This release for Amazon ECR Public makes several change
    to bring the SDK into sync with the API.
  * api-change:``kendra-ranking``: [``botocore``] Introducing Amazon Kendra Intelligent Ranking, a
    new set of Kendra APIs that leverages Kendra semantic ranking capabilities to improve the quality
    of search results from other search services (i.e. OpenSearch, ElasticSearch, Solr).
  * api-change:``network-firewall``: [``botocore``] Network Firewall now supports the Suricata rule
    action reject, in addition to the actions pass, drop, and alert.
  * api-change:``ram``: [``botocore``] Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``workspaces-web``: [``botocore``] This release adds support for a new portal
    authentication type: AWS IAM Identity Center (successor to AWS Single Sign-On).
- from version 1.26.45
  * api-change:``acm-pca``: [``botocore``] Added revocation parameter validation: bucket names must
    match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions on the use of special
    characters in URIs.
  * api-change:``auditmanager``: [``botocore``] This release introduces a new data retention option
    in your Audit Manager settings. You can now use the DeregistrationPolicy parameter to specify if
    you want to delete your data when you deregister Audit Manager.
- from version 1.26.44
  * api-change:``amplifybackend``: [``botocore``] Updated GetBackendAPIModels response to include
    ModelIntrospectionSchema json string
  * api-change:``apprunner``: [``botocore``] This release adds support of securely referencing
    secrets and configuration data that are stored in Secrets Manager and SSM Parameter Store by adding
    them as environment secrets in your App Runner service.
  * api-change:``connect``: [``botocore``] Documentation update for a new Initiation Method value in
    DescribeContact API
  * api-change:``emr-serverless``: [``botocore``] Adds support for customized images. You can now
    provide runtime images when creating or updating EMR Serverless Applications.
  * api-change:``lightsail``: [``botocore``] Documentation updates for Amazon Lightsail.
  * api-change:``mwaa``: [``botocore``] MWAA supports Apache Airflow version 2.4.3.
  * api-change:``rds``: [``botocore``] This release adds support for specifying which certificate
    authority (CA) to use for a DB instance's server certificate during DB instance creation, as well
    as other CA enhancements.
- from version 1.26.43
  * api-change:``application-autoscaling``: [``botocore``] Customers can now use the existing
    DescribeScalingActivities API to also see the detailed and machine-readable reasons for Application
    Auto Scaling not scaling their resources and, if needed, take the necessary corrective actions.
  * api-change:``logs``: [``botocore``] Update to remove sequenceToken as a required field in
    PutLogEvents calls.
  * api-change:``ssm``: [``botocore``] Adding support for QuickSetup Document Type in Systems Manager
- Update BuildRequires and Requires from setup.py
- update to 1.26.42:
  * api-change:``securitylake``: [``botocore``] Allow CreateSubscriber API
    to take string input that allows setting more descriptive
    SubscriberDescription field. Make souceTypes field required in model
    level for UpdateSubscriberRequest as it is required for every API call
    on the backend. Allow ListSubscribers take any String as nextToken
    param.
- Update to version 1.26.41
  * api-change:``cloudfront``: [``botocore``] Extend response headers policy to support removing
    headers from viewer responses
  * api-change:``iotfleetwise``: [``botocore``] Update documentation - correct the epoch constant
    value of default value for expiryTime field in CreateCampaign request.
- from version 1.26.40
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``secretsmanager``: [``botocore``] Added owning service filter, include planned
    deletion flag, and next rotation date response parameter in ListSecrets.
  * api-change:``wisdom``: [``botocore``] This release extends Wisdom CreateContent and
    StartContentUpload APIs to support PDF and MicrosoftWord docx document uploading.
- from version 1.26.39
  * api-change:``elasticache``: [``botocore``] This release allows you to modify the encryption in
    transit setting, for existing Redis clusters. You can now change the TLS configuration of your
    Redis clusters without the need to re-build or re-provision the clusters or impact application
    availability.
  * api-change:``network-firewall``: [``botocore``] AWS Network Firewall now provides status messages
    for firewalls to help you troubleshoot when your endpoint fails.
  * api-change:``rds``: [``botocore``] This release adds support for Custom Engine Version (CEV) on
    RDS Custom SQL Server.
  * api-change:``route53-recovery-control-config``: [``botocore``] Added support for Python
    paginators in the route53-recovery-control-config List* APIs.
- from version 1.26.38
  * api-change:``memorydb``: [``botocore``] This release adds support for MemoryDB Reserved nodes
    which provides a significant discount compared to on-demand node pricing. Reserved nodes are not
    physical nodes, but rather a billing discount applied to the use of on-demand nodes in your account.
  * api-change:``transfer``: [``botocore``] Add additional operations to throw ThrottlingExceptions
- from version 1.26.37
  * api-change:``connect``: [``botocore``] Support for Routing Profile filter, SortCriteria, and
    grouping by Routing Profiles for GetCurrentMetricData API. Support for RoutingProfiles,
    UserHierarchyGroups, and Agents as filters, NextStatus and AgentStatusName for GetCurrentUserData.
    Adds ApproximateTotalCount to both APIs.
  * api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat introduces the Message
    Receipts feature. This feature allows agents and customers to receive message delivered and read
    receipts after they send a chat message.
  * api-change:``detective``: [``botocore``] This release adds a missed AccessDeniedException type to
    several endpoints.
  * api-change:``fsx``: [``botocore``] Fix a bug where a recent release might break certain existing
    SDKs.
  * api-change:``inspector2``: [``botocore``] Amazon Inspector adds support for scanning NodeJS 18.x
    and Go 1.x AWS Lambda function runtimes.
- from version 1.26.36
  * api-change:``compute-optimizer``: [``botocore``] This release enables AWS Compute Optimizer to
    analyze and generate optimization recommendations for ecs services running on Fargate.
  * api-change:``connect``: [``botocore``] Amazon Connect Chat introduces the Idle
    Participant/Autodisconnect feature, which allows users to set timeouts relating to the activity of
    chat participants, using the new UpdateParticipantRoleConfig API.
  * api-change:``iotdeviceadvisor``: [``botocore``] This release adds the following new features: 1)
    Documentation updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT
    Device Advisor APIs. 3) Added new service feature: ability to provide the test endpoint when
    customer executing the StartSuiteRun API.
  * api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
    capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
    and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
    real-time streaming, as well as media ingestion to the cloud.
  * api-change:``rds``: [``botocore``] Add support for managing master user password in AWS Secrets
    Manager for the DBInstance and DBCluster.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
- from version 1.26.35
  * api-change:``connect``: [``botocore``] Amazon Connect Chat now allows for JSON (application/json)
    message types to be sent as part of the initial message in the StartChatContact API.
  * api-change:``connectparticipant``: [``botocore``] Amazon Connect Chat now allows for JSON
    (application/json) message types to be sent in the SendMessage API.
  * api-change:``license-manager-linux-subscriptions``: [``botocore``] AWS License Manager now offers
    cross-region, cross-account tracking of commercial Linux subscriptions on AWS. This includes
    subscriptions purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or
    brought to AWS via Red Hat Cloud Access Program.
  * api-change:``macie2``: [``botocore``] This release adds support for analyzing Amazon S3 objects
    that use the S3 Glacier Instant Retrieval (Glacier_IR) storage class.
  * api-change:``sagemaker``: [``botocore``] This release enables adding RStudio Workbench support to
    an existing Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
    configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
    parameters for existing domains
  * api-change:``scheduler``: [``botocore``] Updated the ListSchedules and ListScheduleGroups APIs to
    allow the NamePrefix field to start with a number. Updated the validation for executionRole field
    to support any role name.
  * api-change:``ssm``: [``botocore``] Doc-only updates for December 2022.
  * api-change:``support``: [``botocore``] Documentation updates for the AWS Support API
  * api-change:``transfer``: [``botocore``] This release adds support for Decrypt as a workflow step
    type.
- from version 1.26.34
  * api-change:``batch``: [``botocore``] Adds isCancelled and isTerminated to DescribeJobs response.
  * api-change:``ec2``: [``botocore``] Adds support for pagination in the EC2 DescribeImages API.
  * api-change:``lookoutequipment``: [``botocore``] This release adds support for listing inference
    schedulers by status.
  * api-change:``medialive``: [``botocore``] This release adds support for two new features to AWS
    Elemental MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now
    now support the ability to decode Dolby E audio when it comes in on an input.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio now supports configuring session
    storage volumes and persistence, as well as backup and restore sessions through launch profiles.
  * api-change:``resource-explorer-2``: [``botocore``] Documentation updates for AWS Resource
    Explorer.
  * api-change:``route53domains``: [``botocore``] Use Route 53 domain APIs to change owner,
    create/delete DS record, modify IPS tag, resend authorization. New:
    AssociateDelegationSignerToDomain, DisassociateDelegationSignerFromDomain, PushDomain,
    ResendOperationAuthorization. Updated: UpdateDomainContact, ListOperations,
    CheckDomainTransferability.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for new
    objective metrics in CreateAutoMLJob API.
  * api-change:``transcribe``: [``botocore``] Enable our batch transcription jobs for Swedish and
    Vietnamese.
- from version 1.26.33
  * api-change:``athena``: [``botocore``] Add missed InvalidRequestException in
    GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
    Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
  * api-change:``ecs``: [``botocore``] This release adds support for alarm-based rollbacks in ECS, a
    new feature that allows customers to add automated safeguards for Amazon ECS service rolling
    updates.
  * api-change:``kinesis-video-webrtc-storage``: [``botocore``] Amazon Kinesis Video Streams offers
    capabilities to stream video and audio in real-time via WebRTC to the cloud for storage, playback,
    and analytical processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable
    real-time streaming, as well as media ingestion to the cloud.
  * api-change:``kinesisvideo``: [``botocore``] Amazon Kinesis Video Streams offers capabilities to
    stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
    processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
    as well as media ingestion to the cloud.
  * api-change:``rds``: [``botocore``] Add support for --enable-customer-owned-ip to RDS
    create-db-instance-read-replica API for RDS on Outposts.
  * api-change:``sagemaker``: [``botocore``] AWS Sagemaker - Sagemaker Images now supports Aliases as
    secondary identifiers for ImageVersions. SageMaker Images now supports additional metadata for
    ImageVersions for better images management.
- from version 1.26.32
  * enhancement:s3: s3.transfer methods accept path-like objects as input
  * api-change:``appflow``: [``botocore``] This release updates the ListConnectorEntities API action
    so that it returns paginated responses that customers can retrieve with next tokens.
  * api-change:``cloudfront``: [``botocore``] Updated documentation for CloudFront
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports the use of tags with task
    executions. With this new feature, you can apply tags each time you execute a task, giving you
    greater control and management over your task executions.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``guardduty``: [``botocore``] This release provides the valid characters for the
    Description and Name field.
  * api-change:``iotfleetwise``: [``botocore``] Updated error handling for empty resource names in
    "/UpdateSignalCatalog"/ and "/GetModelManifest"/ operations.
  * api-change:``sagemaker``: [``botocore``] AWS sagemaker - Features: This release adds support for
    random seed, it's an integer value used to initialize a pseudo-random number generator. Setting a
    random seed will allow the hyperparameter tuning search strategies to produce more consistent
    configurations for the same tuning job.
- from version 1.26.31
  * api-change:``backup-gateway``: [``botocore``] This release adds support for VMware vSphere tags,
    enabling customer to protect VMware virtual machines using tag-based policies for AWS tags mapped
    from vSphere tags. This release also adds support for customer-accessible gateway-hypervisor
    interaction log and upload bandwidth rate limit schedule.
  * api-change:``connect``: [``botocore``] Added support for "/English - New Zealand"/ and "/English -
    South African"/ to be used with Amazon Connect Custom Vocabulary APIs.
  * api-change:``ecs``: [``botocore``] This release adds support for container port ranges in ECS, a
    new capability that allows customers to provide container port ranges to simplify use cases where
    multiple ports are in use in a container. This release updates TaskDefinition mutation APIs and the
    Task description APIs.
  * api-change:``eks``: [``botocore``] Add support for Windows managed nodes groups.
  * api-change:``glue``: [``botocore``] This release adds support for AWS Glue Crawler with native
    DeltaLake tables, allowing Crawlers to classify Delta Lake format tables and catalog them for query
    engines to query against.
  * api-change:``kinesis``: [``botocore``] Added StreamARN parameter for Kinesis Data Streams APIs.
    Added a new opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when
    accessing Kinesis Data Streams.
  * api-change:``location``: [``botocore``] This release adds support for a new style,
    "/VectorOpenDataStandardLight"/ which can be used with the new data source, "/Open Data Maps
    (Preview)"/.
  * api-change:``m2``: [``botocore``] Adds an optional create-only `KmsKeyId` property to Environment
    and Application resources.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now allows customers to
    load tests their models on various instance types using private VPC.
  * api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
    resources for AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and
    AwsWafv2RuleGroup.
  * api-change:``translate``: [``botocore``] Raised the input byte size limit of the Text field in
    the TranslateText API to 10000 bytes.
- from version 1.26.30
  * api-change:``ce``: [``botocore``] This release supports percentage-based thresholds on Cost
    Anomaly Detection alert subscriptions.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``networkmanager``: [``botocore``] Appliance Mode support for AWS Cloud WAN.
  * api-change:``redshift-data``: [``botocore``] This release adds a new --client-token field to
    ExecuteStatement and BatchExecuteStatement operations. Customers can now run queries with the
    additional client token parameter to ensures idempotency.
  * api-change:``sagemaker-metrics``: [``botocore``] Update SageMaker Metrics documentation.
- from version 1.26.29
  * api-change:``cloudtrail``: [``botocore``] Merging mainline branch for service model into mainline
    release branch. There are no new APIs.
  * api-change:``rds``: [``botocore``] This deployment adds ClientPasswordAuthType field to the Auth
    structure of the DBProxy.
- from version 1.26.28
  * bugfix:Endpoint provider: [``botocore``] Updates ARN parsing ``resourceId`` delimiters
  * api-change:``customer-profiles``: [``botocore``] This release allows custom strings in PartyType
    and Gender through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString
    and GenderString.
  * api-change:``ec2``: [``botocore``] This release updates DescribeFpgaImages to show supported
    instance types of AFIs in its response.
  * api-change:``kinesisvideo``: [``botocore``] This release adds support for public preview of
    Kinesis Video Stream at Edge enabling customers to provide configuration for the Kinesis Video
    Stream EdgeAgent running on an on-premise IoT device. Customers can now locally record from cameras
    and stream videos to the cloud on configured schedule.
  * api-change:``lookoutvision``: [``botocore``] This documentation update adds kms:GenerateDataKey
    as a required permission to StartModelPackagingJob.
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds support for Lambda
    alias service endpoints. Lambda alias ARNs can now be passed into CreateService.
  * api-change:``rds``: [``botocore``] Update the RDS API model to support copying option groups
    during the CopyDBSnapshot operation
  * api-change:``rekognition``: [``botocore``] Adds support for "/aliases"/ and "/categories"/, inclusion
    and exclusion filters for labels and label categories, and aggregating labels by video segment
    timestamps for Stored Video Label Detection APIs.
  * api-change:``sagemaker-metrics``: [``botocore``] This release introduces support SageMaker
    Metrics APIs.
  * api-change:``wafv2``: [``botocore``] Documents the naming requirement for logging destinations
    that you use with web ACLs.
- from version 1.26.27
  * api-change:``iotfleetwise``: [``botocore``] Deprecated assignedValue property for actuators and
    attributes.  Added a message to invalid nodes and invalid decoder manifest exceptions.
  * api-change:``logs``: [``botocore``] Doc-only update for CloudWatch Logs, for Tagging Permissions
    clarifications
  * api-change:``medialive``: [``botocore``] Link devices now support buffer size (latency)
    configuration. A higher latency value means a longer delay in transmitting from the device to
    MediaLive, but improved resiliency. A lower latency value means a shorter delay, but less
    resiliency.
  * api-change:``mediapackage-vod``: [``botocore``] This release provides the approximate number of
    assets in a packaging group.
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.26
  * enhancement:Endpoint Provider Standard Library: [``botocore``] Correct spelling of 'library' in
    ``StandardLibrary`` class
  * api-change:``autoscaling``: [``botocore``] Adds support for metric math for target tracking
    scaling policies, saving you the cost and effort of publishing a custom metric to CloudWatch. Also
    adds support for VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new
    health check type to the CreateAutoScalingGroup API.
  * api-change:``iottwinmaker``: [``botocore``] This release adds the following new features: 1) New
    APIs for managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support
    user friendly names for component types (ComponentTypeName) and properties (DisplayName).
  * api-change:``migrationhubstrategy``: [``botocore``] This release adds known application
    filtering, server selection for assessments, support for potential recommendations, and indications
    for configuration and assessment status. For more information, see the AWS Migration Hub
    documentation at https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.26.25
  * api-change:``ce``: [``botocore``] This release adds the LinkedAccountName field to the
    GetAnomalies API response under RootCause
  * api-change:``cloudfront``: [``botocore``] Introducing UpdateDistributionWithStagingConfig that
    can be used to promote the staging configuration to the production.
  * api-change:``eks``: [``botocore``] Adds support for EKS add-ons configurationValues fields and
    DescribeAddonConfiguration function
  * api-change:``kms``: [``botocore``] Updated examples and exceptions for External Key Store (XKS).
- from version 1.26.24
  * api-change:``billingconductor``: [``botocore``] This release adds the Tiering Pricing Rule
    feature.
  * api-change:``connect``: [``botocore``] This release provides APIs that enable you to
    programmatically manage rules for Contact Lens conversational analytics and third party
    applications. For more information, see
    https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
  * api-change:``dynamodb``: [``botocore``] Endpoint Ruleset update: Use http instead of https for
    the "/local"/ region.
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
  * api-change:``rds``: [``botocore``] This release adds the BlueGreenDeploymentNotFoundFault to the
    AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
  * api-change:``sagemaker-featurestore-runtime``: [``botocore``] For online + offline Feature
    Groups, added ability to target PutRecord and DeleteRecord actions to only online store, or only
    offline store. If target store parameter is not specified, actions will apply to both stores.
- from version 1.26.23
  * api-change:``ce``: [``botocore``] This release introduces two new APIs that offer a 1-click
    experience to refresh Savings Plans recommendations. The two APIs are
    StartSavingsPlansPurchaseRecommendationGeneration and
    ListSavingsPlansPurchaseRecommendationGeneration.
  * api-change:``ec2``: [``botocore``] Documentation updates for EC2.
  * api-change:``ivschat``: [``botocore``] Adds PendingVerification error type to messaging APIs to
    block the resource usage for accounts identified as being fraudulent.
  * api-change:``rds``: [``botocore``] This release adds the InvalidDBInstanceStateFault to the
    RestoreDBClusterFromSnapshot operation.
  * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports creating custom language
    models in the following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.26.22
  * api-change:``appsync``: [``botocore``] Fixes the URI for the evaluatecode endpoint to include the
    /v1 prefix (ie. "//v1/dataplane-evaluatecode"/).
  * api-change:``ecs``: [``botocore``] Documentation updates for Amazon ECS
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports Fortigate Cloud Native
    Firewall as a Service as a third-party policy type.
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags
    in DASH and CMAF outputs.
  * api-change:``medialive``: [``botocore``] Updates to Event Signaling and Management (ESAM) API and
    documentation.
  * api-change:``polly``: [``botocore``] Add language code for Finnish (fi-FI)
  * api-change:``proton``: [``botocore``] CreateEnvironmentAccountConnection RoleArn input is now
    optional
  * api-change:``redshift-serverless``: [``botocore``] Add Table Level Restore operations for Amazon
    Redshift Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging
    support to Snapshots and Recovery Points in Amazon Redshift Serverless.
  * api-change:``sns``: [``botocore``] This release adds the message payload-filtering feature to the
    SNS Subscribe, SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.21
  * api-change:``codecatalyst``: [``botocore``] This release adds operations that support customers
    using the AWS Toolkits and Amazon CodeCatalyst, a unified software development service that helps
    developers develop, deploy, and maintain applications in the cloud. For more information, see the
    documentation.
  * api-change:``comprehend``: [``botocore``] Comprehend now supports semi-structured documents (such
    as PDF files or image files) as inputs for custom analysis using the synchronous APIs
    (ClassifyDocument and DetectEntities).
  * api-change:``gamelift``: [``botocore``] GameLift introduces a new feature, GameLift Anywhere.
    GameLift Anywhere allows you to integrate your own compute resources with GameLift. You can also
    use GameLift Anywhere to iteratively test your game servers without uploading the build to GameLift
    for every iteration.
  * api-change:``pipes``: [``botocore``] AWS introduces new Amazon EventBridge Pipes which allow you
    to connect sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any
    code, with filtering, batching, input transformation, and an optional Enrichment stage (Lambda,
    StepFunctions, ApiGateway, ApiDestinations)
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
- from version 1.26.20
  * api-change:``accessanalyzer``: [``botocore``] This release adds support for S3 cross account
    access points. IAM Access Analyzer will now produce public or cross account findings when it
    detects bucket delegation to external account access points.
  * api-change:``athena``: [``botocore``] This release includes support for using Apache Spark in
    Amazon Athena.
  * api-change:``dataexchange``: [``botocore``] This release enables data providers to license direct
    access to data in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data
    Exchange. Subscribers get read-only access to the data and can use it in downstream AWS services,
    like Amazon Athena, without creating or managing copies.
  * api-change:``docdb-elastic``: [``botocore``] Launched Amazon DocumentDB Elastic Clusters. You can
    now use the SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
  * api-change:``glue``: [``botocore``] This release adds support for AWS Glue Data Quality, which
    helps you evaluate and monitor the quality of your data and includes the API for creating,
    deleting, or updating data quality rulesets, runs and evaluations.
  * api-change:``s3control``: [``botocore``] Amazon S3 now supports cross-account access points. S3
    bucket owners can now allow trusted AWS accounts to create access points associated with their
    bucket.
  * api-change:``sagemaker-geospatial``: [``botocore``] This release provides Amazon SageMaker
    geospatial APIs to build, train, deploy and visualize geospatial models.
  * api-change:``sagemaker``: [``botocore``] Added Models as part of the Search API. Added Model
    shadow deployments in realtime inference, and shadow testing in managed inference. Added support
    for shared spaces, geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on
    user profiles and domains, Model sharing in Jumpstart.
- from version 1.26.19
  * api-change:``ec2``: [``botocore``] This release adds support for AWS Verified Access and the
    Hpc6id Amazon EC2 compute optimized instance type, which features 3rd generation Intel Xeon
    Scalable processors.
  * api-change:``firehose``: [``botocore``] Allow support for the Serverless offering for Amazon
    OpenSearch Service as a Kinesis Data Firehose delivery destination.
  * api-change:``kms``: [``botocore``] AWS KMS introduces the External Key Store (XKS), a new feature
    for customers who want to protect their data with encryption keys stored in an external key
    management system under their control.
  * api-change:``omics``: [``botocore``] Amazon Omics is a new, purpose-built service that can be
    used by healthcare and life science organizations to store, query, and analyze omics data. The
    insights from that data can be used to accelerate scientific discoveries and improve healthcare.
  * api-change:``opensearchserverless``: [``botocore``] Publish SDK for Amazon OpenSearch Serverless
  * api-change:``securitylake``: [``botocore``] Amazon Security Lake automatically centralizes
    security data from cloud, on-premises, and custom sources into a purpose-built data lake stored in
    your account. Security Lake makes it easier to analyze security data, so you can improve the
    protection of your workloads, applications, and data
  * api-change:``simspaceweaver``: [``botocore``] AWS SimSpace Weaver is a new service that helps
    customers build spatial simulations at new levels of scale - resulting in virtual worlds with
    millions of dynamic entities. See the AWS SimSpace Weaver developer guide for more details on how
    to get started. https://docs.aws.amazon.com/simspaceweaver
- from version 1.26.18
  * api-change:``arc-zonal-shift``: [``botocore``] Amazon Route 53 Application Recovery Controller
    Zonal Shift is a new service that makes it easy to shift traffic away from an Availability Zone in
    a Region. See the developer guide for more information:
    https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
  * api-change:``compute-optimizer``: [``botocore``] Adds support for a new recommendation preference
    that makes it possible for customers to optimize their EC2 recommendations by utilizing an external
    metrics ingestion service to provide metrics.
  * api-change:``config``: [``botocore``] With this release, you can use AWS Config to evaluate your
    resources for compliance with Config rules before they are created or updated. Using Config rules
    in proactive mode enables you to test and build compliant resource templates or check resource
    configurations at the time they are provisioned.
  * api-change:``ec2``: [``botocore``] Introduces ENA Express, which uses AWS SRD and dynamic routing
    to increase throughput and minimize latency, adds support for trust relationships between
    Reachability Analyzer and AWS Organizations to enable cross-account analysis, and adds support for
    Infrastructure Performance metric subscriptions.
  * api-change:``eks``: [``botocore``] Adds support for additional EKS add-ons metadata and filtering
    fields
  * api-change:``fsx``: [``botocore``] This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP
    file systems and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP,
    this also adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route
    table updates.
  * api-change:``glue``: [``botocore``] This release allows the creation of Custom Visual Transforms
    (Dynamic Transforms) to be created via AWS Glue CLI/SDK.
  * api-change:``inspector2``: [``botocore``] This release adds support for Inspector to scan AWS
    Lambda.
  * api-change:``lambda``: [``botocore``] Adds support for Lambda SnapStart, which helps improve the
    startup performance of functions. Customers can now manage SnapStart based functions via
    CreateFunction and UpdateFunctionConfiguration APIs
  * api-change:``license-manager-user-subscriptions``: [``botocore``] AWS now offers fully-compliant,
    Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
    on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
    launch instances on-demand without any long-term licensing commitments.
  * api-change:``macie2``: [``botocore``] Added support for configuring Macie to continually sample
    objects from S3 buckets and inspect them for sensitive data. Results appear in statistics,
    findings, and other data that Macie provides.
  * api-change:``quicksight``: [``botocore``] This release adds new Describe APIs and updates Create
    and Update APIs to support the data model for Dashboards, Analyses, and Templates.
  * api-change:``s3control``: [``botocore``] Added two new APIs to support Amazon S3 Multi-Region
    Access Point failover controls: GetMultiRegionAccessPointRoutes and
    SubmitMultiRegionAccessPointRoutes. The failover control APIs are supported in the following
    Regions: us-east-1, us-west-2, eu-west-1, ap-southeast-2, and ap-northeast-1.
  * api-change:``securityhub``: [``botocore``] Adding StandardsManagedBy field to DescribeStandards
    API response
- from version 1.26.17
  * bugfix:dynamodb: Fixes duplicate serialization issue in DynamoDB BatchWriter
  * api-change:``backup``: [``botocore``] AWS Backup introduces support for legal hold and
    application stack backups. AWS Backup Audit Manager introduces support for cross-Region,
    cross-account reports.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``drs``: [``botocore``] Non breaking changes to existing APIs, and additional APIs
    added to support in-AWS failing back using AWS Elastic Disaster Recovery.
  * api-change:``ecs``: [``botocore``] This release adds support for ECS Service Connect, a new
    capability that simplifies writing and operating resilient distributed applications. This release
    updates the TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also
    adds a new ListServicesByNamespace API.
  * api-change:``efs``: [``botocore``] Update efs client to latest version
  * api-change:``iot-data``: [``botocore``] This release adds support for MQTT5 properties to AWS IoT
    HTTP Publish API.
  * api-change:``iot``: [``botocore``] Job scheduling enables the scheduled rollout of a Job with
    start and end times and a customizable end behavior when end time is reached. This is available for
    continuous and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish
    Action.
  * api-change:``iotwireless``: [``botocore``] This release includes a new feature for customers to
    calculate the position of their devices by adding three new APIs: UpdateResourcePosition,
    GetResourcePosition, and GetPositionEstimate.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now supports preview of table information
    from HTML tables in the search results. The most relevant cells with their corresponding rows,
    columns are displayed as a preview in the search result. The most relevant table cell or cells are
    also highlighted in table preview.
  * api-change:``logs``: [``botocore``] Updates to support CloudWatch Logs data protection and
    CloudWatch cross-account observability
  * api-change:``mgn``: [``botocore``] This release adds support for Application and Wave management.
    We also now support custom post-launch actions.
  * api-change:``oam``: [``botocore``] Amazon CloudWatch Observability Access Manager is a new
    service that allows configuration of the CloudWatch cross-account observability feature.
  * api-change:``organizations``: [``botocore``] This release introduces delegated administrator for
    AWS Organizations, a new feature to help you delegate the management of your Organizations
    policies, enabling you to govern your AWS organization in a decentralized way. You can now allow
    member accounts to manage Organizations policies.
  * api-change:``rds``: [``botocore``] This release enables new Aurora and RDS feature called
    Blue/Green Deployments that makes updates to databases safer, simpler and faster.
  * api-change:``textract``: [``botocore``] This release adds support for classifying and splitting
    lending documents by type, and extracting information by using the Analyze Lending APIs. This
    release also includes support for summarized information of the processed lending document package,
    in addition to per document results.
  * api-change:``transcribe``: [``botocore``] This release adds support for 'inputType' for post-call
    and real-time (streaming) Call Analytics within Amazon Transcribe.
- from version 1.26.16
  * api-change:``grafana``: [``botocore``] This release includes support for configuring a Grafana
    workspace to connect to a datasource within a VPC as well as new APIs for configuring Grafana
    settings.
  * api-change:``rbin``: [``botocore``] This release adds support for Rule Lock for Recycle Bin,
    which allows you to lock retention rules so that they can no longer be modified or deleted.
- from version 1.26.15
  * bugfix:Endpoints: [``botocore``] Resolve endpoint with default partition when no region is set
  * bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 object lambda
  * api-change:``appflow``: [``botocore``] Adding support for Amazon AppFlow to transfer the data to
    Amazon Redshift databases through Amazon Redshift Data API service. This feature will support the
    Redshift destination connector on both public and private accessible Amazon Redshift Clusters and
    Amazon Redshift Serverless.
  * api-change:``kinesisanalyticsv2``: [``botocore``] Support for Apache Flink 1.15 in Kinesis Data
    Analytics.
- from version 1.26.14
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Asia Pacific (Hyderabad)
    Region (ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in
    that region.
- from version 1.26.13
  * api-change:``appflow``: [``botocore``] AppFlow provides a new API called
    UpdateConnectorRegistration to update a custom connector that customers have previously registered.
    With this API, customers no longer need to unregister and then register a connector to make an
    update.
  * api-change:``auditmanager``: [``botocore``] This release introduces a new feature for Audit
    Manager: Evidence finder. You can now use evidence finder to quickly query your evidence, and add
    the matching evidence results to an assessment report.
  * api-change:``chime-sdk-voice``: [``botocore``] Amazon Chime Voice Connector, Voice Connector
    Group and PSTN Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
    https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
  * api-change:``cloudfront``: [``botocore``] CloudFront API support for staging distributions and
    associated traffic management policies.
  * api-change:``connect``: [``botocore``] Added AllowedAccessControlTags and TagRestrictedResource
    for Tag Based Access Control on Amazon Connect Webpage
  * api-change:``dynamodb``: [``botocore``] Updated minor fixes for DynamoDB documentation.
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
  * api-change:``ec2``: [``botocore``] This release adds support for copying an Amazon Machine
    Image's tags when copying an AMI.
  * api-change:``glue``: [``botocore``] AWSGlue Crawler - Adding support for Table and Column level
    Comments with database level datatypes for JDBC based crawler.
  * api-change:``iot-roborunner``: [``botocore``] AWS IoT RoboRunner is a new service that makes it
    easy to build applications that help multi-vendor robots work together seamlessly. See the IoT
    RoboRunner developer guide for more details on getting started.
    https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
  * api-change:``quicksight``: [``botocore``] This release adds the following: 1) Asset management
    for centralized assets governance 2) QuickSight Q now supports public embedding 3) New Termination
    protection flag to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role
    5) QuickSight supports connectivity to Databricks
  * api-change:``sagemaker``: [``botocore``] Added DisableProfiler flag as a new field in
    ProfilerConfig
  * api-change:``servicecatalog``: [``botocore``] This release 1. adds support for Principal Name
    Sharing with Service Catalog portfolio sharing. 2. Introduces repo sourced products which are
    created and managed with existing SC APIs. These products are synced to external repos and auto
    create new product versions based on changes in the repo.
  * api-change:``ssm-sap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
    and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
    can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
  * api-change:``stepfunctions``: [``botocore``] Update stepfunctions client to latest version
  * api-change:``transfer``: [``botocore``] Adds a NONE encryption algorithm type to AS2 connectors,
    providing support for skipping encryption of the AS2 message body when a HTTPS URL is also
    specified.
- from version 1.26.12
  * api-change:``amplify``: [``botocore``] Adds a new value (WEB_COMPUTE) to the Platform enum that
    allows customers to create Amplify Apps with Server-Side Rendering support.
  * api-change:``appflow``: [``botocore``] AppFlow simplifies the preparation and cataloging of SaaS
    data into the AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics
    and ML services. AppFlow now also supports data field partitioning and file size optimization to
    improve query performance and reduce cost.
  * api-change:``appsync``: [``botocore``] This release introduces the APPSYNC_JS runtime, and adds
    support for JavaScript in AppSync functions and AppSync pipeline resolvers.
  * api-change:``dms``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) on DMS
    Replication Instances
  * api-change:``ec2``: [``botocore``] This release adds a new optional parameter "/privateIpAddress"/
    for the CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4
    address instead of having it be auto-assigned.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``emr-serverless``: [``botocore``] Adds support for AWS Graviton2 based applications.
    You can now select CPU architecture when creating new applications or updating existing ones.
  * api-change:``ivschat``: [``botocore``] Adds LoggingConfiguration APIs for IVS Chat - a feature
    that allows customers to store and record sent messages in a chat room to S3 buckets, CloudWatch
    logs, or Kinesis firehose.
  * api-change:``lambda``: [``botocore``] Add Node 18 (nodejs18.x) support to AWS Lambda.
  * api-change:``personalize``: [``botocore``] This release provides support for creation and use of
    metric attributions in AWS Personalize
  * api-change:``polly``: [``botocore``] Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
  * api-change:``rum``: [``botocore``] CloudWatch RUM now supports custom events. To use custom
    events, create an app monitor or update an app monitor with CustomEvent Status as ENABLED.
  * api-change:``s3control``: [``botocore``] Added 34 new S3 Storage Lens metrics to support
    additional customer use cases.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
  * api-change:``securityhub``: [``botocore``] Added SourceLayerArn and SourceLayerHash field for
    security findings.  Updated AwsLambdaFunction Resource detail
  * api-change:``servicecatalog-appregistry``: [``botocore``] This release adds support for tagged
    resource associations, which allows you to associate a group of resources with a defined resource
    tag key and value to the application.
  * api-change:``sts``: [``botocore``] Documentation updates for AWS Security Token Service.
  * api-change:``textract``: [``botocore``] This release adds support for specifying and extracting
    information from documents using the Signatures feature within Analyze Document API
  * api-change:``workspaces``: [``botocore``] The release introduces CreateStandbyWorkspaces, an API
    that allows you to create standby WorkSpaces associated with a primary WorkSpace in another Region.
    DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
    CreateWorkspaceBundle now return more bundle details.
- from version 1.26.11
  * api-change:``batch``: [``botocore``] Documentation updates related to Batch on EKS
  * api-change:``billingconductor``: [``botocore``] This release adds a new feature BillingEntity
    pricing rule.
  * api-change:``cloudformation``: [``botocore``] Added UnsupportedTarget HandlerErrorCode for use
    with CFN Resource Hooks
  * api-change:``comprehendmedical``: [``botocore``] This release supports new set of entities and
    traits. It also adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
  * api-change:``connect``: [``botocore``] This release adds a new MonitorContact API for initiating
    monitoring of ongoing Voice and Chat contacts.
  * api-change:``eks``: [``botocore``] Adds support for customer-provided placement groups for
    Kubernetes control plane instances when creating local EKS clusters on Outposts
  * api-change:``elasticache``: [``botocore``] for Redis now supports AWS Identity and Access
    Management authentication access to Redis clusters starting with redis-engine version 7.0
  * api-change:``iottwinmaker``: [``botocore``] This release adds the following: 1) ExecuteQuery API
    allows users to query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to
    configure and manage their pricing mode 3) Support for property groups and tabular property values
    in existing AWS IoT TwinMaker APIs.
  * api-change:``personalize-events``: [``botocore``] This release provides support for creation and
    use of metric attributions in AWS Personalize
  * api-change:``proton``: [``botocore``] Add support for sorting and filtering in
    ListServiceInstances
  * api-change:``rds``: [``botocore``] This release adds support for container databases (CDBs) to
    Amazon RDS Custom for Oracle. A CDB contains one PDB at creation. You can add more PDBs using
    Oracle SQL. You can also customize your database installation by setting the Oracle base, Oracle
    home, and the OS user name and group.
  * api-change:``ssm-incidents``: [``botocore``] Add support for PagerDuty integrations on
    ResponsePlan, IncidentRecord, and RelatedItem APIs
  * api-change:``ssm``: [``botocore``] This release adds support for cross account access in
    CreateOpsItem, UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for
    SSM resources: PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
  * api-change:``transfer``: [``botocore``] Allow additional operations to throw ThrottlingException
  * api-change:``xray``: [``botocore``] This release adds new APIs - PutResourcePolicy,
    DeleteResourcePolicy, ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.26.10
  * bugfix:s3: [``botocore``] fixes missing x-amz-content-sha256 header for s3 on outpost
  * enhancement:sso: [``botocore``] Add support for loading sso-session profiles from the aws config
  * api-change:``connect``: [``botocore``] This release updates the APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
    enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
    specified Amazon Connect instance.
  * api-change:``greengrassv2``: [``botocore``] Adds new parent target ARN paramater to
    CreateDeployment, GetDeployment, and ListDeployments APIs for the new subdeployments feature.
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Spain) Region
    (eu-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``ssmsap``: [``botocore``] AWS Systems Manager for SAP provides simplified operations
    and management of SAP applications such as SAP HANA. With this release, SAP customers and partners
    can automate and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
  * api-change:``workspaces``: [``botocore``] This release introduces
    ModifyCertificateBasedAuthProperties, a new API that allows control of certificate-based auth
    properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories API will now
    additionally return certificate-based auth properties in its responses.
- from version 1.26.9
  * api-change:``customer-profiles``: [``botocore``] This release enhances the SearchProfiles API by
    providing functionality to search for profiles using multiple keys and logical operators.
  * api-change:``lakeformation``: [``botocore``] This release adds a new parameter "/Parameters"/ in
    the DataLakeSettings.
  * api-change:``managedblockchain``: [``botocore``] Updating the API docs data type:
    NetworkEthereumAttributes, and the operations DeleteNode, and CreateNode to also include the
    supported Goerli network.
  * api-change:``proton``: [``botocore``] Add support for CodeBuild Provisioning
  * api-change:``rds``: [``botocore``] This release adds support for restoring an RDS Multi-AZ DB
    cluster snapshot to a Single-AZ deployment or a Multi-AZ DB instance deployment.
  * api-change:``workdocs``: [``botocore``] Added 2 new document related operations,
    DeleteDocumentVersion and RestoreDocumentVersions.
  * api-change:``xray``: [``botocore``] This release enhances GetServiceGraph API to support new type
    of edge to represent links between SQS and Lambda in event-driven applications.
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.8
  * api-change:``glue``: [``botocore``] Added links related to enabling job bookmarks.
  * api-change:``iot``: [``botocore``] This release add new api listRelatedResourcesForAuditFinding
    and new member type IssuerCertificates for Iot device device defender Audit.
  * api-change:``license-manager``: [``botocore``] AWS License Manager now supports onboarded
    Management Accounts or Delegated Admins to view granted licenses aggregated from all accounts in
    the organization.
  * api-change:``marketplace-catalog``: [``botocore``] Added three new APIs to support tagging and
    tag-based authorization: TagResource, UntagResource, and ListTagsForResource. Added optional
    parameters to the StartChangeSet API to support tagging a resource while making a request to create
    it.
  * api-change:``rekognition``: [``botocore``] Adding support for ImageProperties feature to detect
    dominant colors and image brightness, sharpness, and contrast, inclusion and exclusion filters for
    labels and label categories, new fields to the API response, "/aliases"/ and "/categories"/
  * api-change:``securityhub``: [``botocore``] Documentation updates for Security Hub
  * api-change:``ssm-incidents``: [``botocore``] RelatedItems now have an ID field which can be used
    for referencing them else where. Introducing event references in TimelineEvent API and increasing
    maximum length of "/eventData"/ to 12K characters.
- from version 1.26.7
  * api-change:``autoscaling``: [``botocore``] This release adds a new price capacity optimized
    allocation strategy for Spot Instances to help customers optimize provisioning of Spot Instances
    via EC2 Auto Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare
    capacity availability and Spot Instance price.
  * api-change:``ec2``: [``botocore``] This release adds a new price capacity optimized allocation
    strategy for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto
    Scaling, EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity
    availability and Spot Instance price.
  * api-change:``ecs``: [``botocore``] This release adds support for task scale-in protection with
    updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
    service managed task from being terminated by scale-in events and getTaskProtection API to get the
    scale-in protection status of a task.
  * api-change:``es``: [``botocore``] Amazon OpenSearch Service now offers managed VPC endpoints to
    connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This
    feature allows you to privately access OpenSearch Service domain without using public IPs or
    requiring traffic to traverse the Internet.
  * api-change:``resource-explorer-2``: [``botocore``] Text only updates to some Resource Explorer
    descriptions.
  * api-change:``scheduler``: [``botocore``] AWS introduces the new Amazon EventBridge Scheduler.
    EventBridge Scheduler is a serverless scheduler that allows you to create, run, and manage tasks
    from one central, managed service.
- from version 1.26.6
  * api-change:``connect``: [``botocore``] This release adds new fields SignInUrl, UserArn, and
    UserId to GetFederationToken response payload.
  * api-change:``connectcases``: [``botocore``] This release adds the ability to disable templates
    through the UpdateTemplate API. Disabling templates prevents customers from creating cases using
    the template. For more information see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: [``botocore``] Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are
    purpose built for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge
    High Memory instances are purpose-built to run large in-memory databases.
  * api-change:``groundstation``: [``botocore``] This release adds the preview of customer-provided
    ephemeris support for AWS Ground Station, allowing space vehicle owners to provide their own
    position and trajectory information for a satellite.
  * api-change:``mediapackage-vod``: [``botocore``] This release adds "/IncludeIframeOnlyStream"/ for
    Dash endpoints.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.5
  * api-change:``acm``: [``botocore``] Support added for requesting elliptic curve certificate key
    algorithm types P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
  * api-change:``billingconductor``: [``botocore``] This release adds the Recurring Custom Line Item
    feature along with a new API ListCustomLineItemVersions.
  * api-change:``ec2``: [``botocore``] This release enables sharing of EC2 Placement Groups across
    accounts and within AWS Organizations using Resource Access Manager
  * api-change:``fms``: [``botocore``] AWS Firewall Manager now supports importing existing AWS
    Network Firewall firewalls into Firewall Manager policies.
  * api-change:``lightsail``: [``botocore``] This release adds support for Amazon Lightsail to
    automate the delegation of domains registered through Amazon Route 53 to Lightsail DNS management
    and to automate record creation for DNS validation of Lightsail SSL/TLS certificates.
  * api-change:``opensearch``: [``botocore``] Amazon OpenSearch Service now offers managed VPC
    endpoints to connect to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private
    Cloud (VPC). This feature allows you to privately access OpenSearch Service domain without using
    public IPs or requiring traffic to traverse the Internet.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO),
    Laura (nl-NL) and Suvi (fi-FI). They are available as neural voices only.
  * api-change:``resource-explorer-2``: [``botocore``] This is the initial SDK release for AWS
    Resource Explorer. AWS Resource Explorer lets your users search for and discover your AWS resources
    across the AWS Regions in your account.
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Europe (Zurich) Region
    (eu-central-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.4
  * api-change:``athena``: [``botocore``] Adds support for using Query Result Reuse
  * api-change:``autoscaling``: [``botocore``] This release adds support for two new attributes for
    attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``cloudtrail``: [``botocore``] This release includes support for configuring a
    delegated administrator to manage an AWS Organizations organization CloudTrail trails and event
    data stores, and AWS Key Management Service encryption of CloudTrail Lake event data stores.
  * api-change:``ec2``: [``botocore``] This release adds support for two new attributes for
    attribute-based instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``elasticache``: [``botocore``] Added support for IPv6 and dual stack for Memcached
    and Redis clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual
    stack networking support.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``mediaconvert``: [``botocore``] The AWS Elemental MediaConvert SDK has added support
    for setting the SDR reference white point for HDR conversions and conversion of HDR10 to
    DolbyVision without mastering metadata.
  * api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
    to multi account multi region Systems Manager Automation
  * api-change:``wafv2``: [``botocore``] The geo match statement now adds labels for country and
    region. You can match requests at the region level by combining a geo match statement with label
    match statements.
  * api-change:``wellarchitected``: [``botocore``] This release adds support for integrations with
    AWS Trusted Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up
    your workload reviews.
  * api-change:``workspaces``: [``botocore``] This release adds protocols attribute to workspaces
    properties data type. This enables customers to migrate workspaces from PC over IP (PCoIP) to
    WorkSpaces Streaming Protocol (WSP) using create and modify workspaces public APIs.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.3
  * api-change:``ec2``: [``botocore``] This release adds API support for the recipient of an AMI
    account share to remove shared AMI launch permissions.
  * api-change:``emr-containers``: [``botocore``] Adding support for Job templates. Job templates
    allow you to create and store templates to configure Spark applications parameters. This helps you
    ensure consistent settings across applications by reusing and enforcing configuration overrides in
    data pipelines.
  * api-change:``logs``: [``botocore``] Doc-only update for bug fixes and support of export to
    buckets encrypted with SSE-KMS
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- Update BuildRequires and Requires from setup.py
- Update to version 1.26.2
  * api-change:``memorydb``: [``botocore``] Adding support for r6gd instances for MemoryDB Redis with
    data tiering. In a cluster with data tiering enabled, when available memory capacity is exhausted,
    the least recently used data is automatically tiered to solid state drives for cost-effective
    capacity scaling with minimal performance impact.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker now supports running training jobs on
    ml.trn1 instance types.
  * api-change:``endpoint-rules``: [``botocore``] Update endpoint-rules client to latest version
- from version 1.26.1
  * api-change:``iotsitewise``: [``botocore``] This release adds the ListAssetModelProperties and
    ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
    using these two new APIs.
  * api-change:``s3control``: [``botocore``] S3 on Outposts launches support for Lifecycle
    configuration for Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they
    are stored cost effectively. You can manage objects using size-based rules and specify how many
    noncurrent versions bucket will retain.
  * api-change:``sagemaker``: [``botocore``] This release updates Framework model regex for
    ModelPackage to support new Framework version xgboost, sklearn.
  * api-change:``ssm-incidents``: [``botocore``] Adds support for tagging replication-set on creation.
- from version 1.26.0
  * feature:Endpoints: [``botocore``] Migrate all services to use new AWS Endpoint Resolution
    framework
  * Enhancement:Endpoints: [``botocore``] Discontinued use of `sslCommonName` hosts as detailed in
    1.27.0 (see `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
  * api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
    configuring Storage Throughput on RDS database instances.
  * api-change:``textract``: [``botocore``] Add ocr results in AnalyzeIDResponse as blocks
- from version 1.25.5
  * api-change:``apprunner``: [``botocore``] This release adds support for private App Runner
    services. Services may now be configured to be made private and only accessible from a VPC. The
    changes include a new VpcIngressConnection resource and several new and modified APIs.
  * api-change:``connect``: [``botocore``] Amazon connect now support a new API DismissUserContact to
    dismiss or remove terminated contacts in Agent CCP
  * api-change:``ec2``: [``botocore``] Elastic IP transfer is a new Amazon VPC feature that allows
    you to transfer your Elastic IP addresses from one AWS Account to another.
  * api-change:``iot``: [``botocore``] This release adds the Amazon Location action to IoT Rules
    Engine.
  * api-change:``logs``: [``botocore``] SDK release to support tagging for destinations and log
    groups with TagResource. Also supports tag on create with PutDestination.
  * api-change:``sesv2``: [``botocore``] This release includes support for interacting with the
    Virtual Deliverability Manager, allowing you to opt in/out of the feature and to retrieve
    recommendations and metric data.
  * api-change:``textract``: [``botocore``] This release introduces additional support for 30+
    normalized fields such as vendor address and currency. It also includes OCR output in the response
    and accuracy improvements for the already supported fields in previous version
- from version 1.25.4
  * api-change:``apprunner``: [``botocore``] AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1
    runtimes.
  * api-change:``appstream``: [``botocore``] This release includes CertificateBasedAuthProperties in
    CreateDirectoryConfig and UpdateDirectoryConfig.
  * api-change:``cloud9``: [``botocore``] Update to the documentation section of the Cloud9 API
    Reference guide.
  * api-change:``cloudformation``: [``botocore``] This release adds more fields to improves
    visibility of AWS CloudFormation StackSets information in following APIs: ListStackInstances,
    DescribeStackInstance, ListStackSetOperationResults, ListStackSetOperations,
    DescribeStackSetOperation.
  * api-change:``gamesparks``: [``botocore``] Add LATEST as a possible GameSDK Version on snapshot
  * api-change:``mediatailor``: [``botocore``] This release introduces support for SCTE-35
    segmentation descriptor messages which can be sent within time signal messages.
- from version 1.25.3
  * api-change:``ec2``: [``botocore``] Feature supports the replacement of instance root volume using
    an updated AMI without requiring customers to stop their instance.
  * api-change:``fms``: [``botocore``] Add support NetworkFirewall Managed Rule Group Override flag
    in GetViolationDetails API
  * api-change:``glue``: [``botocore``] Added support for custom datatypes when using custom csv
    classifier.
  * api-change:``redshift``: [``botocore``] This release clarifies use for the ElasticIp parameter of
    the CreateCluster and RestoreFromClusterSnapshot APIs.
  * api-change:``sagemaker``: [``botocore``] This change allows customers to provide a custom
    entrypoint script for the docker container to be run while executing training jobs, and provide
    custom arguments to the entrypoint script.
  * api-change:``wafv2``: [``botocore``] This release adds the following: Challenge rule action, to
    silently verify client browsers; rule group rule action override to any valid rule action, not just
    Count; token sharing between protected applications for challenge/CAPTCHA token; targeted rules
    option for Bot Control managed rule group.
- from version 1.25.2
  * api-change:``iam``: [``botocore``] Doc only update that corrects instances of CLI not using an
    entity.
  * api-change:``kafka``: [``botocore``] This release adds support for Tiered Storage. UpdateStorage
    allows you to control the Storage Mode for supported storage tiers.
  * api-change:``neptune``: [``botocore``] Added a new cluster-level attribute to set the capacity
    range for Neptune Serverless instances.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    specifying Grid Search strategy for tuning jobs, which evaluates all hyperparameter combinations
    exhaustively based on the categorical hyperparameters provided.
- from version 1.25.1
  * api-change:``accessanalyzer``: [``botocore``] This release adds support for six new resource
    types in IAM Access Analyzer to help you easily identify public and cross-account access to your
    AWS resources. Updated service API, documentation, and paginators.
  * api-change:``location``: [``botocore``] Added new map styles with satellite imagery for map
    resources using HERE as a data provider.
  * api-change:``mediatailor``: [``botocore``] This release is a documentation update
  * api-change:``rds``: [``botocore``] Relational Database Service - This release adds support for
    exporting DB cluster data to Amazon S3.
  * api-change:``workspaces``: [``botocore``] This release adds new enums for supporting Workspaces
    Core features, including creating Manual running mode workspaces, importing regular Workspaces Core
    images and importing g4dn Workspaces Core images.
- Update BuildRequires and Requires from setup.py
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to version 1.25.0
  * feature:Endpoints: [``botocore``] Implemented new endpoint ruleset system to dynamically derive
    endpoints and settings for services
  * api-change:``acm-pca``: [``botocore``] AWS Private Certificate Authority (AWS Private CA) now
    offers usage modes which are combination of features to address specific use cases.
  * api-change:``batch``: [``botocore``] This release adds support for AWS Batch on Amazon EKS.
  * api-change:``datasync``: [``botocore``] Added support for self-signed certificates when using
    object storage locations; added BytesCompressed to the TaskExecution response.
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now supports a new API
    ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
    inference recommendation job.
- from version 1.24.96
  * api-change:``cognito-idp``: [``botocore``] This release adds a new "/DeletionProtection"/ field to
    the UserPool in Cognito. Application admins can configure this value with either ACTIVE or INACTIVE
    value. Setting this field to ACTIVE will prevent a user pool from accidental deletion.
  * api-change:``sagemaker``: [``botocore``] CreateInferenceRecommenderjob API now supports passing
    endpoint details directly, that will help customers to identify the max invocation and max latency
    they can achieve for their model and the associated endpoint along with getting recommendations on
    other instances.
- from version 1.24.95
  * api-change:``devops-guru``: [``botocore``] This release adds information about the resources
    DevOps Guru is analyzing.
  * api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports AddEndpoints and
    RemoveEndpoints operations for standard endpoint groups.
  * api-change:``resiliencehub``: [``botocore``] In this release, we are introducing support for
    regional optimization for AWS Resilience Hub applications. It also includes a few documentation
    updates to improve clarity.
  * api-change:``rum``: [``botocore``] CloudWatch RUM now supports Extended CloudWatch Metrics with
    Additional Dimensions
- from version 1.24.94
  * api-change:``chime-sdk-messaging``: [``botocore``] Documentation updates for Chime Messaging SDK
  * api-change:``cloudtrail``: [``botocore``] This release includes support for exporting CloudTrail
    Lake query results to an Amazon S3 bucket.
  * api-change:``config``: [``botocore``] This release adds resourceType enums for AppConfig,
    AppSync, DataSync, EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
  * api-change:``connect``: [``botocore``] This release adds API support for managing phone numbers
    that can be used across multiple AWS regions through telephony traffic distribution.
  * api-change:``events``: [``botocore``] Update events client to latest version
  * api-change:``managedblockchain``: [``botocore``] Adding new Accessor APIs for Amazon Managed
    Blockchain
  * api-change:``s3``: [``botocore``] Updates internal logic for constructing API endpoints. We have
    added rule-based endpoints and internal model parameters.
  * api-change:``s3control``: [``botocore``] Updates internal logic for constructing API endpoints.
    We have added rule-based endpoints and internal model parameters.
  * api-change:``support-app``: [``botocore``] This release adds the
    RegisterSlackWorkspaceForOrganization API. You can use the API to register a Slack workspace for an
    AWS account that is part of an organization.
  * api-change:``workspaces-web``: [``botocore``] WorkSpaces Web now supports user access logging for
    recording session start, stop, and URL navigation.
- from version 1.24.93
  * api-change:``frauddetector``: [``botocore``] Documentation Updates for Amazon Fraud Detector
  * api-change:``sagemaker``: [``botocore``] This change allows customers to enable data capturing
    while running a batch transform job, and configure monitoring schedule to monitoring the captured
    data.
  * api-change:``servicediscovery``: [``botocore``] Updated the ListNamespaces API to support the
    NAME and HTTP_NAME filters, and the BEGINS_WITH filter condition.
  * api-change:``sesv2``: [``botocore``] This release allows subscribers to enable Dedicated IPs
    (managed) to send email via a fully managed dedicated IP experience. It also adds identities'
    VerificationStatus in the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs
    counts in the response of ListImportJobs API.
- from version 1.24.92
  * api-change:``greengrass``: [``botocore``] This change allows customers to specify
    FunctionRuntimeOverride in FunctionDefinitionVersion. This configuration can be used if the runtime
    on the device is different from the AWS Lambda runtime specified for that function.
  * api-change:``sagemaker``: [``botocore``] This release adds support for C7g, C6g, C6gd, C6gn, M6g,
    M6gd, R6g, and R6gn Graviton instance types in Amazon SageMaker Inference.
- Update BuildRequires and Requires from setup.py
- Remove version constraint for python-pytest in BuildRequires
- Update to version 1.24.91
  * api-change:``mediaconvert``: [``botocore``] MediaConvert now supports specifying the minimum
    percentage of the HRD buffer available at the end of each encoded video segment.
- from version 1.24.90
  * api-change:``amplifyuibuilder``: [``botocore``] We are releasing the ability for fields to be
    configured as arrays.
  * api-change:``appflow``: [``botocore``] With this update, you can choose which Salesforce API is
    used by Amazon AppFlow to transfer data to or from your Salesforce account. You can choose the
    Salesforce REST API or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API
    automatically.
  * api-change:``connect``: [``botocore``] This release adds support for a secondary email and a
    mobile number for Amazon Connect instance users.
  * api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
    Managed Microsoft AD set up.
  * api-change:``ecs``: [``botocore``] Documentation update to address tickets.
  * api-change:``guardduty``: [``botocore``] Add UnprocessedDataSources to CreateDetectorResponse
    which specifies the data sources that couldn't be enabled during the CreateDetector request. In
    addition, update documentations.
  * api-change:``iam``: [``botocore``] Documentation updates for the AWS Identity and Access
    Management API Reference.
  * api-change:``iotfleetwise``: [``botocore``] Documentation update for AWS IoT FleetWise
  * api-change:``medialive``: [``botocore``] AWS Elemental MediaLive now supports forwarding SCTE-35
    messages through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages
    from an inactive source.
  * api-change:``mediapackage-vod``: [``botocore``] This release adds SPEKE v2 support for
    MediaPackage VOD. Speke v2 is an upgrade to the existing SPEKE API to support multiple encryption
    keys, based on an encryption contract selected by the customer.
  * api-change:``panorama``: [``botocore``] Pause and resume camera stream processing with
    SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
    application state information in DescribeApplicationInstance response.
  * api-change:``rds-data``: [``botocore``] Doc update to reflect no support for schema parameter on
    BatchExecuteStatement API
  * api-change:``ssm-incidents``: [``botocore``] Update RelatedItem enum to support Tasks
  * api-change:``ssm``: [``botocore``] Support of AmazonLinux2022 by Patch Manager
  * api-change:``transfer``: [``botocore``] This release adds an option for customers to configure
    workflows that are triggered when files are only partially received from a client due to premature
    session disconnect.
  * api-change:``translate``: [``botocore``] This release enables customers to specify multiple
    target languages in asynchronous batch translation requests.
  * api-change:``wisdom``: [``botocore``] This release updates the GetRecommendations API to include
    a trigger event list for classifying and grouping recommendations.
- from version 1.24.89
  * api-change:``codeguru-reviewer``: [``botocore``] Documentation update to replace broken link.
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``greengrassv2``: [``botocore``] This release adds error status details for
    deployments and components that failed on a device and adds features to improve visibility into
    component installation.
  * api-change:``quicksight``: [``botocore``] Amazon QuickSight now supports SecretsManager Secret
    ARN in place of CredentialPair for DataSource creation and update. This release also has some minor
    documentation updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.24.88
  * api-change:``resiliencehub``: [``botocore``] Documentation change for AWS Resilience Hub.
    Doc-only update to fix Documentation layout
- from version 1.24.87
  * api-change:``glue``: [``botocore``] This SDK release adds support to sync glue jobs with source
    control provider. Additionally, a new parameter called SourceControlDetails will be added to Job
    model.
  * api-change:``network-firewall``: [``botocore``] StreamExceptionPolicy configures how AWS Network
    Firewall processes traffic when a network connection breaks midstream
  * api-change:``outposts``: [``botocore``] This release adds the Asset state information to the
    ListAssets response. The ListAssets request supports filtering on Asset state.
- from version 1.24.86
  * api-change:``connect``: [``botocore``] Updated the CreateIntegrationAssociation API to support
    the CASES_DOMAIN IntegrationType.
  * api-change:``connectcases``: [``botocore``] This release adds APIs for Amazon Connect Cases.
    Cases allows your agents to quickly track and manage customer issues that require multiple
    interactions, follow-up tasks, and teams in your contact center.  For more information, see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: [``botocore``] Added EnableNetworkAddressUsageMetrics flag for
    ModifyVpcAttribute, DescribeVpcAttribute APIs.
  * api-change:``ecs``: [``botocore``] Documentation updates to address various Amazon ECS tickets.
  * api-change:``s3control``: [``botocore``] S3 Object Lambda adds support to allow customers to
    intercept HeadObject and ListObjects requests and introduce their own compute. These requests were
    previously proxied to S3.
  * api-change:``workmail``: [``botocore``] This release adds support for impersonation roles in
    Amazon WorkMail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.85
  * api-change:``accessanalyzer``: [``botocore``] AWS IAM Access Analyzer policy validation
    introduces new checks for role trust policies. As customers author a policy, IAM Access Analyzer
    policy validation evaluates the policy for any issues to make it easier for customers to author
    secure policies.
  * api-change:``ec2``: [``botocore``] Adding an imdsSupport attribute to EC2 AMIs
  * api-change:``snowball``: [``botocore``] Adds support for V3_5C. This is a refreshed AWS Snowball
    Edge Compute Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.24.84
  * api-change:``codedeploy``: [``botocore``] This release allows you to override the alarm
    configurations when creating a deployment.
  * api-change:``devops-guru``: [``botocore``] This release adds filter feature on
    AddNotificationChannel API, enable customer to configure the SNS notification messages by Severity
    or MessageTypes
  * api-change:``dlm``: [``botocore``] This release adds support for archival of single-volume
    snapshots created by Amazon Data Lifecycle Manager policies
  * api-change:``sagemaker-runtime``: [``botocore``] Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: [``botocore``] A new parameter called ExplainerConfig is added to
    CreateEndpointConfig API to enable SageMaker Clarify online explainability feature.
  * api-change:``sso-oidc``: [``botocore``] Documentation updates for the IAM Identity Center OIDC
    CLI Reference.
- from version 1.24.83
  * api-change:``acm``: [``botocore``] This update returns additional certificate details such as
    certificate SANs and allows sorting in the ListCertificates API.
  * api-change:``ec2``: [``botocore``] u-3tb1 instances are powered by Intel Xeon Platinum 8176M
    (Skylake) processors and are purpose-built to run large in-memory databases.
  * api-change:``emr-serverless``: [``botocore``] This release adds API support to debug Amazon EMR
    Serverless jobs in real-time with live application UIs
  * api-change:``fsx``: [``botocore``] This release adds support for Amazon File Cache.
  * api-change:``migrationhuborchestrator``: [``botocore``] Introducing AWS MigrationHubOrchestrator.
    This is the first public release of AWS MigrationHubOrchestrator.
  * api-change:``polly``: [``botocore``] Added support for the new Cantonese voice - Hiujin. Hiujin
    is available as a Neural voice only.
  * api-change:``proton``: [``botocore``] This release adds an option to delete pipeline provisioning
    repositories using the UpdateAccountSettings API
  * api-change:``sagemaker``: [``botocore``] SageMaker Training Managed Warm Pools let you retain
    provisioned infrastructure to reduce latency for repetitive training workloads.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``translate``: [``botocore``] This release enables customers to access control rights
    on Translate resources like Parallel Data and Custom Terminology using Tag Based Authorization.
  * api-change:``workspaces``: [``botocore``] This release includes diagnostic log uploading feature.
    If it is enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces
    automatically for troubleshooting. You can use modifyClientProperty api to enable/disable this
    feature.
- from version 1.24.82
  * api-change:``ce``: [``botocore``] This release is to support retroactive Cost Categories. The new
    field will enable you to retroactively apply new and existing cost category rules to previous
    months.
  * api-change:``kendra``: [``botocore``] My AWS Service (placeholder) - Amazon Kendra now provides a
    data source connector for DropBox. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
  * api-change:``location``: [``botocore``] This release adds place IDs, which are unique identifiers
    of places, along with a new GetPlace operation, which can be used with place IDs to find a place
    again later. UnitNumber and UnitType are also added as new properties of places.
- from version 1.24.81
  * api-change:``cur``: [``botocore``] This release adds two new support
    regions(me-central-1/eu-south-2) for OSG.
  * api-change:``iotfleetwise``: [``botocore``] General availability (GA) for AWS IoT Fleetwise. It
    adds AWS IoT Fleetwise to AWS SDK. For more information, see
    https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
  * api-change:``ssm``: [``botocore``] This release includes support for applying a CloudWatch alarm
    to Systems Manager capabilities like Automation, Run Command, State Manager, and Maintenance
    Windows.
- from version 1.24.80
  * api-change:``apprunner``: [``botocore``] AWS App Runner adds a Node.js 16 runtime.
  * api-change:``ec2``: [``botocore``] Letting external AWS customers provide ImageId as a Launch
    Template override in FleetLaunchTemplateOverridesRequest
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``lightsail``: [``botocore``] This release adds Instance Metadata Service (IMDS)
    support for Lightsail instances.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for on-demand Amazon
    Elastic Compute Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU
    instance types for their creative projects.
  * api-change:``ssm``: [``botocore``] This release adds new SSM document types
    ConformancePackTemplate and CloudFormation
  * api-change:``wafv2``: [``botocore``] Add the default specification for ResourceType in
    ListResourcesForWebACL.
- from version 1.24.79
  * api-change:``backup-gateway``: [``botocore``] Changes include: new GetVirtualMachineApi to fetch
    a single user's VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and
    improving GetGatewayApi to now also return the gateway's MaintenanceStartTime.
  * api-change:``devicefarm``: [``botocore``] This release adds the support for VPC-ENI based
    connectivity for private devices on AWS Device Farm.
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``glue``: [``botocore``] Added support for S3 Event Notifications for Catalog Target
    Crawlers.
  * api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
    Reference.
- from version 1.24.78
  * api-change:``comprehend``: [``botocore``] Amazon Comprehend now supports synchronous mode for
    targeted sentiment API operations.
  * api-change:``s3control``: [``botocore``] S3 on Outposts launches support for object versioning
    for Outposts buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of
    every object stored in your buckets. You can recover from both unintended user actions and
    application failures.
  * api-change:``sagemaker``: [``botocore``] SageMaker now allows customization on Canvas Application
    settings, including enabling/disabling time-series forecasting and specifying an Amazon Forecast
    execution role at both the Domain and UserProfile levels.
- from version 1.24.77
  * api-change:``ec2``: [``botocore``] This release adds support for blocked paths to Amazon VPC
    Reachability Analyzer.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.76
  * api-change:``cloudtrail``: [``botocore``] This release includes support for importing existing
    trails into CloudTrail Lake.
  * api-change:``ec2``: [``botocore``] This release adds CapacityAllocations field to
    DescribeCapacityReservations
  * api-change:``mediaconnect``: [``botocore``] This change allows the customer to use the SRT Caller
    protocol as part of their flows
  * api-change:``rds``: [``botocore``] This release adds support for Amazon RDS Proxy with SQL Server
    compatibility.
- from version 1.24.75
  * api-change:``codestar-notifications``: [``botocore``] This release adds tag based access control
    for the UntagResource API.
  * api-change:``ecs``: [``botocore``] This release supports new task definition sizes.
- from version 1.24.74
  * api-change:``dynamodb``: [``botocore``] Increased DynamoDB transaction limit from 25 to 100.
  * api-change:``ec2``: [``botocore``] This feature allows customers to create tags for
    vpc-endpoint-connections and vpc-endpoint-service-permissions.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    specifying Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to
    stop underperforming hyperparameter configurations early.
- from version 1.24.73
  * api-change:``amplifyuibuilder``: [``botocore``] Amplify Studio UIBuilder is introducing forms
    functionality. Forms can be configured from Data Store models, JSON, or from scratch. These forms
    can then be generated in your project and used like any other React components.
  * api-change:``ec2``: [``botocore``] This update introduces API operations to manage and create
    local gateway route tables, CoIP pools, and VIF group associations.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.72
  * api-change:``customer-profiles``: [``botocore``] Added isUnstructured in response for Customer
    Profiles Integration APIs
  * api-change:``drs``: [``botocore``] Fixed the data type of lagDuration that is returned in
    Describe Source Server API
  * api-change:``ec2``: [``botocore``] Two new features for local gateway route tables: support for
    static routes targeting Elastic Network Interfaces and direct VPC routing.
  * api-change:``evidently``: [``botocore``] This release adds support for the client-side evaluation
  - powered by AWS AppConfig feature.
  * api-change:``kendra``: [``botocore``] This release enables our customer to choose the option of
    Sharepoint 2019 for the on-premise Sharepoint connector.
  * api-change:``transfer``: [``botocore``] This release introduces the ability to have multiple
    server host keys for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.24.71
  * api-change:``eks``: [``botocore``] Adding support for local Amazon EKS clusters on Outposts
- from version 1.24.70
  * api-change:``cloudtrail``: [``botocore``] This release adds CloudTrail getChannel and
    listChannels APIs to allow customer to view the ServiceLinkedChannel configurations.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: [``botocore``] Update lexv2-runtime client to latest version
  * api-change:``pi``: [``botocore``] Increases the maximum values of two RDS Performance Insights
    APIs. The maximum value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is
    now 25 for the following APIs: DescribeDimensionKeys, GetResourceMetrics,
    ListAvailableResourceDimensions, and ListAvailableResourceMetrics.
  * api-change:``redshift``: [``botocore``] This release updates documentation for AQUA features and
    other description updates.
- from version 1.24.69
  * api-change:``ec2``: [``botocore``] This release adds support to send VPC Flow Logs to
    kinesis-data-firehose as new destination type
  * api-change:``emr-containers``: [``botocore``] EMR on EKS now allows running Spark SQL using the
    newly introduced Spark SQL Job Driver in the Start Job Run API
  * api-change:``lookoutmetrics``: [``botocore``] Release dimension value filtering feature to allow
    customers to define dimension filters for including only a subset of their dataset to be used by
    LookoutMetrics.
  * api-change:``medialive``: [``botocore``] This change exposes API settings which allow Dolby Atmos
    and Dolby Vision to be used when running a channel using Elemental Media Live
  * api-change:``route53``: [``botocore``] Amazon Route 53 now supports the Middle East (UAE) Region
    (me-central-1) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``sagemaker``: [``botocore``] This release adds Mode to AutoMLJobConfig.
  * api-change:``ssm``: [``botocore``] This release adds support for Systems Manager State Manager
    Association tagging.
- from version 1.24.68
  * api-change:``dataexchange``: [``botocore``] Documentation updates for AWS Data Exchange.
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``eks``: [``botocore``] Adds support for EKS Addons ResolveConflicts "/preserve"/ flag.
    Also adds new update failed status for EKS Addons.
  * api-change:``fsx``: [``botocore``] Documentation update for Amazon FSx.
  * api-change:``inspector2``: [``botocore``] This release adds new fields like fixAvailable,
    fixedInVersion and remediation to the finding model. The requirement to have vulnerablePackages in
    the finding model has also been removed. The documentation has been updated to reflect these
    changes.
  * api-change:``iotsitewise``: [``botocore``] Allow specifying units in Asset Properties
  * api-change:``sagemaker``: [``botocore``] SageMaker Hosting now allows customization on ML
    instance storage volume size, model data download timeout and inference container startup ping
    health check timeout for each ProductionVariant in CreateEndpointConfig API.
  * api-change:``sns``: [``botocore``] Amazon SNS introduces the Data Protection Policy APIs, which
    enable customers to attach a data protection policy to an SNS topic. This allows topic owners to
    enable the new message data protection feature to audit and block sensitive data that is exchanged
    through their topics.
- from version 1.24.67
  * api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
    Reference.
  * api-change:``sagemaker``: [``botocore``] This release adds HyperParameterTuningJob type in Search
    API.
- from version 1.24.66
  * api-change:``cognito-idp``: [``botocore``] This release adds a new "/AuthSessionValidity"/ field to
    the UserPoolClient in Cognito. Application admins can configure this value for their users'
    authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
    field will also apply to the SMS MFA authentication flow.
  * api-change:``connect``: [``botocore``] This release adds search APIs for Routing Profiles and
    Queues, which can be used to search for those resources within a Connect Instance.
  * api-change:``mediapackage``: [``botocore``] Added support for AES_CTR encryption to CMAF origin
    endpoints
  * api-change:``sagemaker``: [``botocore``] This release enables administrators to attribute user
    activity and API calls from Studio notebooks, Data Wrangler and Canvas to specific users even when
    users share the same execution IAM role.  ExecutionRoleIdentityConfig at Sagemaker domain level
    enables this feature.
- from version 1.24.65
  * api-change:``codeguru-reviewer``: [``botocore``] Documentation updates to fix formatting issues
    in CLI and SDK documentation.
  * api-change:``controltower``: [``botocore``] This release contains the first SDK for AWS Control
    Tower. It introduces  a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
    ListEnabledControls.
  * api-change:``route53``: [``botocore``] Documentation updates for Amazon Route 53.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.64
  * api-change:``cloudfront``: [``botocore``] Update API documentation for CloudFront origin access
    control (OAC)
  * api-change:``identitystore``: [``botocore``] Expand IdentityStore API to support Create, Read,
    Update, Delete and Get operations for User, Group and GroupMembership resources.
  * api-change:``iotthingsgraph``: [``botocore``] This release deprecates all APIs of the ThingsGraph
    service
  * api-change:``ivs``: [``botocore``] IVS Merge Fragmented Streams. This release adds support for
    recordingReconnectWindow field in IVS recordingConfigurations. For more information see
    https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
  * api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
  * api-change:``sagemaker``: [``botocore``] SageMaker Inference Recommender now accepts Inference
    Recommender fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes,
    SupportedInstanceTypes, directly in our CreateInferenceRecommendationsJob API through
    ContainerConfig
- from version 1.24.63
  * enhancement:Endpoints: [``botocore``] Deprecate SSL common name
  * api-change:``greengrassv2``: [``botocore``] Adds topologyFilter to ListInstalledComponentsRequest
    which allows filtration of components by ROOT or ALL (including root and dependency components).
    Adds lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a
    component changed state on a device.
  * api-change:``identitystore``: [``botocore``] Documentation updates for the Identity Store CLI
    Reference.
  * api-change:``lookoutequipment``: [``botocore``] This release adds new apis for providing labels.
  * api-change:``macie2``: [``botocore``] This release of the Amazon Macie API adds support for using
    allow lists to define specific text and text patterns to ignore when inspecting data sources for
    sensitive data.
  * api-change:``sso-admin``: [``botocore``] Documentation updates for the AWS IAM Identity Center
    CLI Reference.
  * api-change:``sso``: [``botocore``] Documentation updates for the AWS IAM Identity Center Portal
    CLI Reference.
- from version 1.24.62
  * api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx for NetApp ONTAP.
  * api-change:``voice-id``: [``botocore``] Amazon Connect Voice ID now detects voice spoofing.  When
    a prospective fraudster tries to spoof caller audio using audio playback or synthesized speech,
    Voice ID will return a risk score and outcome to indicate the how likely it is that the voice is
    spoofed.
- from version 1.24.61
  * api-change:``mediapackage``: [``botocore``] This release adds Ads AdTriggers and
    AdsOnDeliveryRestrictions to describe calls for CMAF endpoints on MediaPackage.
  * api-change:``rds``: [``botocore``] Removes support for RDS Custom from DBInstanceClass in
    ModifyDBInstance
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.60
  * enhancement:Identity: [``botocore``] TokenProvider added for bearer auth support
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``gamelift``: [``botocore``] This release adds support for eight EC2 local zones as
    fleet locations; Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los
    Angeles, and Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
  * api-change:``iotwireless``: [``botocore``] This release includes a new feature for the customers
    to enable the LoRa gateways to send out beacons for Class B devices and an option to select one or
    more gateways for Class C devices when sending the LoRaWAN downlink messages.
  * api-change:``ivschat``: [``botocore``] Documentation change for IVS Chat API Reference. Doc-only
    update to add a paragraph on ARNs to the Welcome section.
  * api-change:``panorama``: [``botocore``] Support sorting and filtering in ListDevices API, and add
    more fields to device listings and single device detail
  * api-change:``sso-oidc``: [``botocore``] Updated required request parameters on IAM Identity
    Center's OIDC CreateToken action.
- from version 1.24.59
  * api-change:``cloudfront``: [``botocore``] Adds support for CloudFront origin access control
    (OAC), making it possible to restrict public access to S3 bucket origins in all AWS Regions, those
    with SSE-KMS, and more.
  * api-change:``config``: [``botocore``] AWS Config now supports ConformancePackTemplate documents
    in SSM Docs for the deployment and update of conformance packs.
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``ivs``: [``botocore``] Documentation Change for IVS API Reference - Doc-only update
    to type field description for CreateChannel and UpdateChannel actions and for Channel data type.
    Also added Amazon Resource Names (ARNs) paragraph to Welcome section.
  * api-change:``quicksight``: [``botocore``] Added a new optional property DashboardVisual under
    ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
    GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
    QuickSight dashboards.
  * api-change:``transfer``: [``botocore``] Documentation updates for AWS Transfer Family
- from version 1.24.58
  * api-change:``rds``: [``botocore``] RDS for Oracle supports Oracle Data Guard switchover and read
    replica backups.
  * api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
    IAM Identity Center (successor to AWS Single Sign-On)
- from version 1.24.57
  * api-change:``docdb``: [``botocore``] Update document for volume clone
  * api-change:``ec2``: [``botocore``] R6a instances are powered by 3rd generation AMD EPYC (Milan)
    processors delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are
    powered by 3rd generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo
    frequency of 3.5 GHz.
  * api-change:``forecast``: [``botocore``] releasing What-If Analysis APIs and update ARN regex
    pattern to be more strict in accordance with security recommendation
  * api-change:``forecastquery``: [``botocore``] releasing What-If Analysis APIs
  * api-change:``iotsitewise``: [``botocore``] Enable non-unique asset names under different
    hierarchies
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``securityhub``: [``botocore``] Added new resource details objects to ASFF, including
    resources for AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added
    FixAvailable, FixedInVersion and Remediation  to Vulnerability.
  * api-change:``support-app``: [``botocore``] This is the initial SDK release for the AWS Support
    App in Slack.
- from version 1.24.56
  * api-change:``connect``: [``botocore``] This release adds SearchSecurityProfiles API which can be
    used to search for Security Profile resources within a Connect Instance.
  * api-change:``ivschat``: [``botocore``] Documentation Change for IVS Chat API Reference - Doc-only
    update to change text/description for tags field.
  * api-change:``kendra``: [``botocore``] This release adds support for a new authentication type -
    Personal Access Token (PAT) for confluence server.
  * api-change:``lookoutmetrics``: [``botocore``] This release is to make GetDataQualityMetrics API
    publicly available.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.55
  * api-change:``chime-sdk-media-pipelines``: [``botocore``] The Amazon Chime SDK now supports live
    streaming of real-time video from the Amazon Chime SDK sessions to streaming platforms such as
    Amazon IVS and Amazon Elemental MediaLive. We have also added support for concatenation to create a
    single media capture file.
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``cognito-idp``: [``botocore``] This change is being made simply to fix the public
    documentation based on the models. We have included the PasswordChange and ResendCode events, along
    with the Pass, Fail and InProgress status. We have removed the Success and Failure status which are
    never returned by our APIs.
  * api-change:``dynamodb``: [``botocore``] This release adds support for importing data from S3 into
    a new DynamoDB table
  * api-change:``ec2``: [``botocore``] This release adds support for VPN log options , a new feature
    allowing S2S VPN connections to send IKE activity logs to CloudWatch Logs
  * api-change:``networkmanager``: [``botocore``] Add TransitGatewayPeeringAttachmentId property to
    TransitGatewayPeering Model
- from version 1.24.54
  * api-change:``appmesh``: [``botocore``] AWS App Mesh release to support Multiple Listener and
    Access Log Format feature
  * api-change:``connectcampaigns``: [``botocore``] Updated exceptions for Amazon Connect Outbound
    Campaign api's.
  * api-change:``kendra``: [``botocore``] This release adds Zendesk connector (which allows you to
    specify Zendesk SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server
    (which allows you to specify the proxy configuration if proxy is required to connect to your
    Sharepoint/Confluence Server as data source).
  * api-change:``lakeformation``: [``botocore``] This release adds a new API support
    "/AssumeDecoratedRoleWithSAML"/ and also release updates the corresponding documentation.
  * api-change:``lambda``: [``botocore``] Added support for customization of Consumer Group ID for
    MSK and Kafka Event Source Mappings.
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``rds``: [``botocore``] Adds support for Internet Protocol Version 6 (IPv6) for RDS
    Aurora database clusters.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager.
- from version 1.24.53
  * api-change:``rekognition``: [``botocore``] This release adds APIs which support copying an Amazon
    Rekognition Custom Labels model and managing project policies across AWS account.
  * api-change:``servicecatalog``: [``botocore``] Documentation updates for Service Catalog
- from version 1.24.52
  * enhancement:AWSCRT: [``botocore``] Upgrade awscrt version to 0.14.0
  * api-change:``cloudfront``: [``botocore``] Adds Http 3 support to distributions
  * api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
    AWS IAM Identity Center (successor to AWS Single Sign-On)
  * api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
    Identity Center (successor to AWS Single Sign-On)
  * api-change:``wisdom``: [``botocore``] This release introduces a new API PutFeedback that allows
    submitting feedback to Wisdom on content relevance.
- from version 1.24.51
  * api-change:``amp``: [``botocore``] This release adds log APIs that allow customers to manage
    logging for their Amazon Managed Service for Prometheus workspaces.
  * api-change:``chime-sdk-messaging``: [``botocore``] The Amazon Chime SDK now supports channels
    with up to one million participants with elastic channels.
  * api-change:``ivs``: [``botocore``] Updates various list api MaxResults ranges
  * api-change:``personalize-runtime``: [``botocore``] This release provides support for promotions
    in AWS Personalize runtime.
  * api-change:``rds``: [``botocore``] Adds support for RDS Custom to DBInstanceClass in
    ModifyDBInstance
- from version 1.24.50
  * api-change:``backupstorage``: [``botocore``] This is the first public release of AWS Backup
    Storage. We are exposing some previously-internal APIs for use by external services. These APIs are
    not meant to be used directly by customers.
  * api-change:``glue``: [``botocore``] Add support for Python 3.9 AWS Glue Python Shell jobs
  * api-change:``privatenetworks``: [``botocore``] This is the initial SDK release for AWS Private
    5G. AWS Private 5G is a managed service that makes it easy to deploy, operate, and scale your own
    private mobile network at your on-premises location.
- from version 1.24.49
  * api-change:``dlm``: [``botocore``] This release adds support for excluding specific data
    (non-boot) volumes from multi-volume snapshot sets created by snapshot lifecycle policies
  * api-change:``ec2``: [``botocore``] This release adds support for excluding specific data
    (non-root) volumes from multi-volume snapshot sets created from instances.
- from version 1.24.48
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``location``: [``botocore``] Amazon Location Service now allows circular geofences in
    BatchPutGeofence, PutGeofence, and GetGeofence  APIs.
  * api-change:``sagemaker-a2i-runtime``: [``botocore``] Fix bug with parsing ISO-8601 CreationTime
    in Java SDK in DescribeHumanLoop
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Automatic Model Tuning now supports
    specifying multiple alternate EC2 instance types to make tuning jobs more robust when the preferred
    instance type is not available due to insufficient capacity.
- from version 1.24.47
  * api-change:``glue``: [``botocore``] Add an option to run non-urgent or non-time sensitive Glue
    Jobs on spare capacity
  * api-change:``identitystore``: [``botocore``] Documentation updates to reflect service rename -
    AWS IAM Identity Center (successor to AWS Single Sign-On)
  * api-change:``iotwireless``: [``botocore``] AWS IoT Wireless release support for sidewalk data
    reliability.
  * api-change:``pinpoint``: [``botocore``] Adds support for Advance Quiet Time in Journeys. Adds
    RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
  * api-change:``quicksight``: [``botocore``] A series of documentation updates to the QuickSight API
    reference.
  * api-change:``sso-admin``: [``botocore``] Documentation updates to reflect service rename - AWS
    IAM Identity Center (successor to AWS Single Sign-On)
  * api-change:``sso-oidc``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
    Identity Center (successor to AWS Single Sign-On)
  * api-change:``sso``: [``botocore``] Documentation updates to reflect service rename - AWS IAM
    Identity Center (successor to AWS Single Sign-On)
- from version 1.24.46
  * enhancement:Lambda: [``botocore``] Add support for Trace ID in Lambda environments
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for Tags on Amazon Chime SDK
    WebRTC sessions
  * api-change:``config``: [``botocore``] Add resourceType enums for Athena, GlobalAccelerator,
    Detective and EC2 types
  * api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
  * api-change:``iot``: [``botocore``] The release is to support attach a provisioning template to
    CACert for JITP function,  Customer now doesn't have to hardcode a roleArn and templateBody during
    register a CACert to enable JITP.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.45
  * api-change:``cognito-idp``: [``botocore``] Add a new exception type, ForbiddenException, that is
    returned when request is not allowed
  * api-change:``wafv2``: [``botocore``] You can now associate an AWS WAF web ACL with an Amazon
    Cognito user pool.
- from version 1.24.44
  * api-change:``license-manager-user-subscriptions``: [``botocore``] This release supports user
    based subscription for Microsoft Visual Studio Professional and Enterprise on EC2.
  * api-change:``personalize``: [``botocore``] This release adds support for incremental bulk
    ingestion for the Personalize CreateDatasetImportJob API.
- from version 1.24.43
  * api-change:``config``: [``botocore``] Documentation update for PutConfigRule and
    PutOrganizationConfigRule
  * api-change:``workspaces``: [``botocore``] This release introduces ModifySamlProperties, a new API
    that allows control of SAML properties associated with a WorkSpaces directory. The
    DescribeWorkspaceDirectories API will now additionally return SAML properties in its responses.
- from version 1.24.42
  * bugfix:TraceId: [``botocore``] Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.24.41
  * bugfix:Config: [``botocore``] Obey _X_AMZN_TRACE_ID environment variable instead of
    _X_AMZ_TRACE_ID
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``fsx``: [``botocore``] Documentation updates for Amazon FSx
  * api-change:``shield``: [``botocore``] AWS Shield Advanced now supports filtering for
    ListProtections and ListProtectionGroups.
- from version 1.24.40
  * api-change:``ec2``: [``botocore``] Documentation updates for VM Import/Export.
  * api-change:``es``: [``botocore``] This release adds support for gp3 EBS (Elastic Block Store)
    storage.
  * api-change:``lookoutvision``: [``botocore``] This release introduces support for image
    segmentation models and updates CPU accelerator options for models hosted on edge devices.
  * api-change:``opensearch``: [``botocore``] This release adds support for gp3 EBS (Elastic Block
    Store) storage.
- from version 1.24.39
  * api-change:``auditmanager``: [``botocore``] This release adds an exceeded quota exception to
    several APIs. We added a ServiceQuotaExceededException for the following operations:
    CreateAssessment, CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
  * api-change:``chime``: [``botocore``] Chime VoiceConnector will now support ValidateE911Address
    which will allow customers to prevalidate their addresses included in their SIP invites for
    emergency calling
  * api-change:``config``: [``botocore``] This release adds ListConformancePackComplianceScores API
    to support the new compliance score feature, which provides a percentage of the number of compliant
    rule-resource combinations in a conformance pack compared to the number of total possible
    rule-resource combinations in the conformance pack.
  * api-change:``globalaccelerator``: [``botocore``] Global Accelerator now supports dual-stack
    accelerators, enabling support for IPv4 and IPv6 traffic.
  * api-change:``marketplace-catalog``: [``botocore``] The SDK for the StartChangeSet API will now
    automatically set and use an idempotency token in the ClientRequestToken request parameter if the
    customer does not provide it.
  * api-change:``polly``: [``botocore``] Amazon Polly adds new English and Hindi voice - Kajal. Kajal
    is available as Neural voice only.
  * api-change:``ssm``: [``botocore``] Adding doc updates for OpsCenter support in Service Setting
    actions.
  * api-change:``workspaces``: [``botocore``] Added CreateWorkspaceImage API to create a new
    WorkSpace image from an existing WorkSpace.
- from version 1.24.38
  * api-change:``appsync``: [``botocore``] Adds support for a new API to evaluate mapping templates
    with mock data, allowing you to remotely unit test your AppSync resolvers and functions.
  * api-change:``detective``: [``botocore``] Added the ability to get data source package information
    for the behavior graph. Graph administrators can now start (or stop) optional datasources on the
    behavior graph.
  * api-change:``guardduty``: [``botocore``] Amazon GuardDuty introduces a new Malware Protection
    feature that triggers malware scan on selected EC2 instance resources, after the service detects a
    potentially malicious activity.
  * api-change:``lookoutvision``: [``botocore``] This release introduces support for the automatic
    scaling of inference units used by Amazon Lookout for Vision models.
  * api-change:``macie2``: [``botocore``] This release adds support for retrieving (revealing) sample
    occurrences of sensitive data that Amazon Macie detects and reports in findings.
  * api-change:``rds``: [``botocore``] Adds support for using RDS Proxies with RDS for MariaDB
    databases.
  * api-change:``rekognition``: [``botocore``] This release introduces support for the automatic
    scaling of inference units used by Amazon Rekognition Custom Labels models.
  * api-change:``securityhub``: [``botocore``] Documentation updates for AWS Security Hub
  * api-change:``transfer``: [``botocore``] AWS Transfer Family now supports Applicability Statement
    2 (AS2), a network protocol used for the secure and reliable transfer of critical
    Business-to-Business (B2B) data over the public internet using HTTP/HTTPS as the transport
    mechanism.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.37
  * api-change:``autoscaling``: [``botocore``] Documentation update for Amazon EC2 Auto Scaling.
- from version 1.24.36
  * api-change:``account``: [``botocore``] This release enables customers to manage the primary
    contact information for their AWS accounts. For more information, see
    https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
  * api-change:``ec2``: [``botocore``] Added support for EC2 M1 Mac instances. For more information,
    please visit aws.amazon.com/mac.
  * api-change:``iotdeviceadvisor``: [``botocore``] Added new service feature (Early access only) -
    Long Duration Test, where customers can test the IoT device to observe how it behaves when the
    device is in operation for longer period.
  * api-change:``medialive``: [``botocore``] Link devices now support remote rebooting. Link devices
    now support maintenance windows. Maintenance windows allow a Link device to install software
    updates without stopping the MediaLive channel. The channel will experience a brief loss of input
    from the device while updates are installed.
  * api-change:``rds``: [``botocore``] This release adds the "/ModifyActivityStream"/ API with support
    for audit policy state locking and unlocking.
  * api-change:``transcribe``: [``botocore``] Remove unsupported language codes for
    StartTranscriptionJob and update VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.24.35
  * api-change:``athena``: [``botocore``] This feature allows customers to retrieve runtime
    statistics for completed queries
  * api-change:``cloudwatch``: [``botocore``] Update cloudwatch client to latest version
  * api-change:``dms``: [``botocore``] Documentation updates for Database Migration Service (DMS).
  * api-change:``docdb``: [``botocore``] Enable copy-on-write restore type
  * api-change:``ec2-instance-connect``: [``botocore``] This release includes a new exception type
    "/EC2InstanceUnavailableException"/ for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
  * api-change:``frauddetector``: [``botocore``] The release introduces Account Takeover Insights
    (ATI) model. The ATI model detects fraud relating to account takeover. This release also adds
    support for new variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to
    Model Version APIs.
  * api-change:``iotsitewise``: [``botocore``] Added asynchronous API to ingest bulk historical and
    current data into IoT SiteWise.
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides Oauth2 support for SharePoint
    Online. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
  * api-change:``network-firewall``: [``botocore``] Network Firewall now supports referencing dynamic
    IP sets from stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
  * api-change:``rds``: [``botocore``] Adds support for creating an RDS Proxy for an RDS for MariaDB
    database.
- from version 1.24.34
  * api-change:``acm-pca``: [``botocore``] AWS Certificate Manager (ACM) Private Certificate
    Authority (PCA) documentation updates
  * api-change:``iot``: [``botocore``] GA release the ability to enable/disable IoT Fleet Indexing
    for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
    This includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.24.33
  * api-change:``devops-guru``: [``botocore``] Added new APIs for log anomaly detection feature.
  * api-change:``glue``: [``botocore``] Documentation updates for AWS Glue Job Timeout and Autoscaling
  * api-change:``sagemaker-edge``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight
    model deployment feature to deploy machine learning models on requested devices.
  * api-change:``sagemaker``: [``botocore``] Fixed an issue with cross account QueryLineage
  * api-change:``workspaces``: [``botocore``] Increased the character limit of the login message from
    850 to 2000 characters.
- from version 1.24.32
  * api-change:``discovery``: [``botocore``] Add AWS Agentless Collector details to the
    GetDiscoverySummary API response
  * api-change:``ec2``: [``botocore``] Documentation updates for Amazon EC2.
  * api-change:``elasticache``: [``botocore``] Adding AutoMinorVersionUpgrade in the
    DescribeReplicationGroups API
  * api-change:``kms``: [``botocore``] Added support for the SM2 KeySpec in China Partition Regions
  * api-change:``mediapackage``: [``botocore``] This release adds "/IncludeIframeOnlyStream"/ for Dash
    endpoints and increases the number of supported video and audio encryption presets for Speke v2
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Edge Manager provides lightweight model
    deployment feature to deploy machine learning models on requested devices.
  * api-change:``sso-admin``: [``botocore``] AWS SSO now supports attaching customer managed policies
    and a permissions boundary to your permission sets. This release adds new API operations to manage
    and view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.24.31
  * api-change:``datasync``: [``botocore``] Documentation updates for AWS DataSync regarding
    configuring Amazon FSx for ONTAP location security groups and SMB user permissions.
  * api-change:``drs``: [``botocore``] Changed existing APIs to allow choosing a dynamic volume type
    for replicating volumes, to reduce costs for customers.
  * api-change:``evidently``: [``botocore``] This release adds support for the new segmentation
    feature.
  * api-change:``wafv2``: [``botocore``] This SDK release provide customers ability to add
    sensitivity level for WAF SQLI Match Statements.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.30
  * api-change:``athena``: [``botocore``] This release updates data types that contain either
    QueryExecutionId, NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and
    contain only non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
  * api-change:``codeartifact``: [``botocore``] This release introduces Package Origin Controls, a
    mechanism used to counteract Dependency Confusion attacks. Adds two new APIs,
    PutPackageOriginConfiguration and DescribePackage, and updates the ListPackage,
    DescribePackageVersion and ListPackageVersion APIs in support of the feature.
  * api-change:``config``: [``botocore``] Update ResourceType enum with values for Route53Resolver,
    Batch, DMS, Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
  * api-change:``ec2``: [``botocore``] This release adds flow logs for Transit Gateway to  allow
    customers to gain deeper visibility and insights into network traffic through their Transit
    Gateways.
  * api-change:``fms``: [``botocore``] Adds support for strict ordering in stateful rule groups in
    Network Firewall policies.
  * api-change:``glue``: [``botocore``] This release adds an additional worker type for Glue
    Streaming jobs.
  * api-change:``inspector2``: [``botocore``] This release adds support for Inspector V2 scan
    configurations through the get and update configuration APIs. Currently this allows configuring ECR
    automated re-scan duration to lifetime or 180 days or 30 days.
  * api-change:``kendra``: [``botocore``] This release adds AccessControlConfigurations which allow
    you to redefine your document level access control without the need for content re-indexing.
  * api-change:``nimble``: [``botocore``] Amazon Nimble Studio adds support for IAM-based access to
    AWS resources for Nimble Studio components and custom studio components. Studio Component scripts
    use these roles on Nimble Studio workstation to mount filesystems, access S3 buckets, or other
    configured resources in the Studio's AWS account
  * api-change:``outposts``: [``botocore``] This release adds the ShipmentInformation and
    AssetInformationList fields to the GetOrder API response.
  * api-change:``sagemaker``: [``botocore``] This release adds support for G5, P4d, and C6i instance
    types in Amazon SageMaker Inference and increases the number of hyperparameters that can be
    searched from 20 to 30 in Amazon SageMaker Automatic Model Tuning
- from version 1.24.29
  * api-change:``appconfig``: [``botocore``] Adding Create, Get, Update, Delete, and List APIs for
    new two new resources: Extensions and ExtensionAssociations.
- from version 1.24.28
  * api-change:``networkmanager``: [``botocore``] This release adds general availability API support
    for AWS Cloud WAN.
- from version 1.24.27
  * api-change:``ec2``: [``botocore``] Build, manage, and monitor a unified global network that
    connects resources running across your cloud and on-premises environments using the AWS Cloud WAN
    APIs.
  * api-change:``redshift-serverless``: [``botocore``] Removed prerelease language for GA launch.
  * api-change:``redshift``: [``botocore``] This release adds a new --snapshot-arn field for
    describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
    authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
    snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.24.26
  * api-change:``backup``: [``botocore``] This release adds support for authentication using IAM user
    identity instead of passed IAM role, identified by excluding the IamRoleArn field in the
    StartRestoreJob API. This feature applies to only resource clients with a destructive restore
    nature (e.g. SAP HANA).
- from version 1.24.25
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for AppKeys and TenantIds in
    Amazon Chime SDK WebRTC sessions
  * api-change:``dms``: [``botocore``] New api to migrate event subscriptions to event bridge rules
  * api-change:``iot``: [``botocore``] This release adds support to register a CA certificate without
    having to provide a verification certificate. This also allows multiple AWS accounts to register
    the same CA in the same region.
  * api-change:``iotwireless``: [``botocore``] Adds 5 APIs: PutPositionConfiguration,
    GetPositionConfiguration, ListPositionConfigurations, UpdatePosition, GetPosition for the new
    Positioning Service feature which enables customers to configure solvers to calculate position of
    LoRaWAN devices, or specify position of LoRaWAN devices & gateways.
  * api-change:``sagemaker``: [``botocore``] Heterogeneous clusters: the ability to launch training
    jobs with multiple instance types. This enables running component of the training job on the
    instance type that is most suitable for it. e.g. doing data processing and augmentation on CPU
    instances and neural network training on GPU instances
- from version 1.24.24
  * api-change:``cloudformation``: [``botocore``] My AWS Service (placeholder) - Add a new feature
    Account-level Targeting for StackSet operation
  * api-change:``synthetics``: [``botocore``] This release introduces Group feature, which enables
    users to group cross-region canaries.
- from version 1.24.23
  * api-change:``config``: [``botocore``] Updating documentation service limits
  * api-change:``lexv2-models``: [``botocore``] Update lexv2-models client to latest version
  * api-change:``quicksight``: [``botocore``] This release allows customers to programmatically
    create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases
    allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs.
  * api-change:``rds``: [``botocore``] Adds waiters support for DBCluster.
  * api-change:``rolesanywhere``: [``botocore``] IAM Roles Anywhere allows your workloads such as
    servers, containers, and applications to obtain temporary AWS credentials and use the same IAM
    roles and policies that you have configured for your AWS workloads to access AWS resources.
  * api-change:``ssm-incidents``: [``botocore``] Adds support for tagging incident-record on creation
    by providing incident tags in the template within a response-plan.
- from version 1.24.22
  * api-change:``dms``: [``botocore``] Added new features for AWS DMS version 3.4.7 that includes new
    endpoint settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
  * api-change:``rds``: [``botocore``] Adds support for additional retention periods to Performance
    Insights.
- from version 1.24.21
  * api-change:``athena``: [``botocore``] This feature introduces the API support for Athena's
    parameterized query and BatchGetPreparedStatement API.
  * api-change:``customer-profiles``: [``botocore``] This release adds the optional
    MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
    GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
    the profile auto-merging step of the Identity Resolution process.
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``glue``: [``botocore``] This release adds tag as an input of CreateDatabase
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    alfresco
  * api-change:``mwaa``: [``botocore``] Documentation updates for Amazon Managed Workflows for Apache
    Airflow.
  * api-change:``pricing``: [``botocore``] Documentation update for GetProducts Response.
  * api-change:``wellarchitected``: [``botocore``] Added support for UpdateGlobalSettings API. Added
    status filter to ListWorkloadShares and ListLensShares.
  * api-change:``workmail``: [``botocore``] This release adds support for managing user availability
    configurations in Amazon WorkMail.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.20
  * api-change:``appstream``: [``botocore``] Includes support for StreamingExperienceSettings in
    CreateStack and UpdateStack APIs
  * api-change:``elbv2``: [``botocore``] Update elbv2 client to latest version
  * api-change:``emr``: [``botocore``] Update emr client to latest version
  * api-change:``medialive``: [``botocore``] This release adds support for automatic renewal of
    MediaLive reservations at the end of each reservation term. Automatic renewal is optional. This
    release also adds support for labelling accessibility-focused audio and caption tracks in HLS
    outputs.
  * api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
    Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
    clusters. The new operations let you interact with Redshift Serverless resources, such as create
    snapshots, list VPC endpoints, delete resource policies, and more.
  * api-change:``sagemaker``: [``botocore``] This release adds: UpdateFeatureGroup,
    UpdateFeatureMetadata, DescribeFeatureMetadata APIs; FeatureMetadata type in Search API;
    LastModifiedTime, LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
  * api-change:``translate``: [``botocore``] Added ListLanguages API which can be used to list the
    languages supported by Translate.
- from version 1.24.19
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports Amazon FSx for NetApp ONTAP
    locations.
  * api-change:``ec2``: [``botocore``] This release adds a new spread placement group to EC2
    Placement Groups: host level spread, which spread instances between physical hosts, available to
    Outpost customers only. CreatePlacementGroup and DescribePlacementGroups APIs were updated with a
    new parameter: SpreadLevel to support this feature.
  * api-change:``finspace-data``: [``botocore``] Release new API GetExternalDataViewAccessDetails
  * api-change:``polly``: [``botocore``] Add 4 new neural voices - Pedro (es-US), Liam (fr-CA),
    Daniel (de-DE) and Arthur (en-GB).
- from version 1.24.18
  * api-change:``iot``: [``botocore``] This release ease the restriction for the input of tag value
    to align with AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.24.17
  * api-change:``glue``: [``botocore``] This release enables the new ListCrawls API for viewing the
    AWS Glue Crawler run history.
  * api-change:``rds-data``: [``botocore``] Documentation updates for RDS Data API
- from version 1.24.16
  * api-change:``lookoutequipment``: [``botocore``] This release adds visualizations to the scheduled
    inference results. Users will be able to see interference results, including diagnostic results
    from their running inference schedulers.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has released support
    for automatic DolbyVision metadata generation when converting HDR10 to DolbyVision.
  * api-change:``mgn``: [``botocore``] New and modified APIs for the Post-Migration Framework
  * api-change:``migration-hub-refactor-spaces``: [``botocore``] This release adds the new API
    UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API
    will now allow users to create route in ACTIVE/INACTIVE state.
  * api-change:``sagemaker``: [``botocore``] SageMaker Ground Truth now supports Virtual Private
    Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.24.15
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``pricing``: [``botocore``] This release introduces 1 update to the GetProducts API.
    The serviceCode attribute is now required when you use the GetProductsRequest.
  * api-change:``transfer``: [``botocore``] Until today, the service supported only RSA host keys and
    user keys. Now with this launch, Transfer Family has expanded the support for ECDSA and ED25519
    host keys and user keys, enabling customers to support a broader set of clients by choosing RSA,
    ECDSA, and ED25519 host and user keys.
- from version 1.24.14
  * api-change:``ec2``: [``botocore``] This release adds support for Private IP VPNs, a new feature
    allowing S2S VPN connections to use private ip addresses as the tunnel outside ip address over
    Direct Connect as transport.
  * api-change:``ecs``: [``botocore``] Amazon ECS UpdateService now supports the following
    parameters: PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
  * api-change:``wellarchitected``: [``botocore``] Adds support for lens tagging, Adds support for
    multiple helpful-resource urls and multiple improvement-plan urls.
- from version 1.24.13
  * api-change:``ds``: [``botocore``] This release adds support for describing and updating AWS
    Managed Microsoft AD settings
  * api-change:``kafka``: [``botocore``] Documentation updates to use Az Id during cluster creation.
  * api-change:``outposts``: [``botocore``] This release adds the AssetLocation structure to the
    ListAssets response. AssetLocation includes the RackElevation for an Asset.
- from version 1.24.12
  * api-change:``connect``: [``botocore``] This release updates these APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
    enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
    specified Amazon Connect instance.
  * api-change:``connectcampaigns``: [``botocore``] Added Amazon Connect high volume outbound
    communications SDK.
  * api-change:``dynamodb``: [``botocore``] Doc only update for DynamoDB service
  * api-change:``dynamodbstreams``: [``botocore``] Update dynamodbstreams client to latest version
- from version 1.24.11
  * api-change:``redshift-data``: [``botocore``] This release adds a new --workgroup-name field to
    operations that connect to an endpoint. Customers can now execute queries against their serverless
    workgroups.
  * api-change:``redshiftserverless``: [``botocore``] Add new API operations for Amazon Redshift
    Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
    clusters. The new operations let you interact with Redshift Serverless resources, such as create
    snapshots, list VPC endpoints, delete resource policies, and more.
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``securityhub``: [``botocore``] Added Threats field for security findings. Added new
    resource details for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2
    TransitGateway, EFS AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and
    WAF Rules
- from version 1.24.10
  * api-change:``finspace-data``: [``botocore``] This release adds a new set of APIs,
    GetPermissionGroup, DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup,
    ListPermissionGroupsByUser, ListUsersByPermissionGroup.
  * api-change:``guardduty``: [``botocore``] Adds finding fields available from GuardDuty Console.
    Adds FreeTrial related operations. Deprecates the use of various APIs related to Master Accounts
    and Replace them with Administrator Accounts.
  * api-change:``servicecatalog-appregistry``: [``botocore``] This release adds a new API
    ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
    addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
    'Name' attribute.
  * api-change:``workspaces``: [``botocore``] Added new field "/reason"/ to
    OperationNotSupportedException. Receiving this exception in the DeregisterWorkspaceDirectory API
    will now return a reason giving more context on the failure.
- from version 1.24.9
  * api-change:``budgets``: [``botocore``] Add a budgets ThrottlingException. Update the CostFilters
    value pattern.
  * api-change:``lookoutmetrics``: [``botocore``] Adding filters to Alert and adding new UpdateAlert
    API.
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.24.8
  * api-change:``outposts``: [``botocore``] This release adds API operations AWS uses to install
    Outpost servers.
- from version 1.24.7
  * api-change:``frauddetector``: [``botocore``] Documentation updates for Amazon Fraud Detector
    (AWSHawksNest)
- from version 1.24.6
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for live transcription in AWS
    GovCloud (US) Regions.
- from version 1.24.5
  * api-change:``dms``: [``botocore``] This release adds DMS Fleet Advisor APIs and exposes
    functionality for DMS Fleet Advisor. It adds functionality to create and modify fleet advisor
    instances, and to collect and analyze information about the local data infrastructure.
  * api-change:``iam``: [``botocore``] Documentation updates for AWS Identity and Access Management
    (IAM).
  * api-change:``m2``: [``botocore``] AWS Mainframe Modernization service is a managed mainframe
    service and set of tools for planning, migrating, modernizing, and running mainframe workloads on
    AWS
  * api-change:``neptune``: [``botocore``] This release adds support for Neptune to be configured as
    a global database, with a primary DB cluster in one region, and up to five secondary DB clusters in
    other regions.
  * api-change:``redshift-serverless``: [``botocore``] Add new API operations for Amazon Redshift
    Serverless, a new way of using Amazon Redshift without needing to manually manage provisioned
    clusters. The new operations let you interact with Redshift Serverless resources, such as create
    snapshots, list VPC endpoints, delete resource policies, and more.
  * api-change:``redshift``: [``botocore``] Adds new API GetClusterCredentialsWithIAM to return
    temporary credentials.
- from version 1.24.4
  * api-change:``auditmanager``: [``botocore``] This release introduces 2 updates to the Audit
    Manager API. The roleType and roleArn attributes are now required when you use the CreateAssessment
    or UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
    operation.
  * api-change:``ce``: [``botocore``] Added two new APIs to support cost allocation tags operations:
    ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.24.3
  * api-change:``chime-sdk-messaging``: [``botocore``] This release adds support for searching
    channels by members via the SearchChannels API, removes required restrictions for Name and Mode in
    UpdateChannel API and enhances CreateChannel API by exposing member and moderator list as well as
    channel id as optional parameters.
  * api-change:``connect``: [``botocore``] This release adds a new API, GetCurrentUserData, which
    returns real-time details about users' current activity.
- Update BuildRequires and Requires from setup.py
- Update to version 1.24.2
  * api-change:``codeartifact``: [``botocore``] Documentation updates for CodeArtifact
  * api-change:``voice-id``: [``botocore``] Added a new attribute ServerSideEncryptionUpdateDetails
    to Domain and DomainSummary.
  * api-change:``proton``: [``botocore``] Add new "/Components"/ API to enable users to Create, Delete
    and Update AWS Proton components.
  * api-change:``connect``: [``botocore``] This release adds the following features: 1) New APIs to
    manage (create, list, update) task template resources, 2) Updates to startTaskContact API to
    support task templates, and 3) new TransferContact API to programmatically transfer in-progress
    tasks via a contact flow.
  * api-change:``application-insights``: [``botocore``] Provide Account Level onboarding support
    through CFN/CLI
  * api-change:``kendra``: [``botocore``] Amazon Kendra now provides a data source connector for
    GitHub. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.24.1
  * api-change:``backup-gateway``: [``botocore``] Adds GetGateway and UpdateGatewaySoftwareNow API
    and adds hypervisor name to UpdateHypervisor API
  * api-change:``forecast``: [``botocore``] Added Format field to Import and Export APIs in Amazon
    Forecast. Added TimeSeriesSelector to Create Forecast API.
  * api-change:``chime-sdk-meetings``: [``botocore``] Adds support for centrally controlling each
    participant's ability to send and receive audio, video and screen share within a WebRTC session.
    Attendee capabilities can be specified when the attendee is created and updated during the session
    with the new BatchUpdateAttendeeCapabilitiesExcept API.
  * api-change:``route53``: [``botocore``] Add new APIs to support Route 53 IP Based Routing
- from version 1.24.0
  * api-change:``iotsitewise``: [``botocore``] This release adds the following new optional field to
    the IoT SiteWise asset resource: assetDescription.
  * api-change:``lookoutmetrics``: [``botocore``] Adding backtest mode to detectors using the
    Cloudwatch data source.
  * api-change:``transcribe``: [``botocore``] Amazon Transcribe now supports automatic language
    identification for multi-lingual audio in batch mode.
  * feature:Python: Dropped support for Python 3.6
  * feature:Python: [``botocore``] Dropped support for Python 3.6
  * api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports IP Address propagation for
    all unauthenticated APIs (e.g. SignUp, ForgotPassword).
  * api-change:``drs``: [``botocore``] Changed existing APIs and added new APIs to accommodate using
    multiple AWS accounts with AWS Elastic Disaster Recovery.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now support Jupyter
    Lab 3.
- from version 1.23.10
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Notebook Instances now allows
    configuration of Instance Metadata Service version and Amazon SageMaker Studio now supports G5
    instance types.
  * api-change:``appflow``: [``botocore``] Adding the following features/changes: Parquet output that
    preserves typing from the source connector, Failed executions threshold before deactivation for
    scheduled flows, increasing max size of access and refresh token from 2048 to 4096
  * api-change:``datasync``: [``botocore``] AWS DataSync now supports TLS encryption in transit, file
    system policies and access points for EFS locations.
  * api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
    Serverless, a serverless runtime environment that simplifies running analytics applications using
    the latest open source frameworks such as Apache Spark and Apache Hive.
- from version 1.23.9
  * api-change:``lightsail``: [``botocore``] Amazon Lightsail now supports the ability to configure a
    Lightsail Container Service to pull images from Amazon ECR private repositories in your account.
  * api-change:``emr-serverless``: [``botocore``] This release adds support for Amazon EMR
    Serverless, a serverless runtime environment that simplifies running analytics applications using
    the latest open source frameworks such as Apache Spark and Apache Hive.
  * api-change:``ec2``: [``botocore``] C7g instances, powered by the latest generation AWS Graviton3
    processors, provide the best price performance in Amazon EC2 for compute-intensive workloads.
  * api-change:``forecast``: [``botocore``] Introduced a new field in Auto Predictor as Time
    Alignment Boundary. It helps in aligning the timestamps generated during Forecast exports
- from version 1.23.8
  * api-change:``secretsmanager``: [``botocore``] Documentation updates for Secrets Manager
  * api-change:``fsx``: [``botocore``] This release adds root squash support to FSx for Lustre to
    restrict root level access from clients by mapping root users to a less-privileged user/group with
    limited permissions.
  * api-change:``lookoutmetrics``: [``botocore``] Adding AthenaSourceConfig for MetricSet APIs to
    support Athena as a data source.
  * api-change:``voice-id``: [``botocore``] VoiceID will now automatically expire Speakers if they
    haven't been accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker
    APIs now return a "/LastAccessedAt"/ time for Speakers, and the EvaluateSession API returns
    "/SPEAKER_EXPIRED"/ Auth Decision for EXPIRED Speakers.
  * api-change:``cloudformation``: [``botocore``] Add a new parameter statusReason to
    DescribeStackSetOperation output for additional details
  * api-change:``apigateway``: [``botocore``] Documentation updates for Amazon API Gateway
  * api-change:``apprunner``: [``botocore``] Documentation-only update added for CodeConfiguration.
  * api-change:``sagemaker``: [``botocore``] Amazon SageMaker Autopilot adds support for manually
    selecting features from the input dataset using the CreateAutoMLJob API.
- from version 1.23.7
  * api-change:``mediaconvert``: [``botocore``] AWS Elemental MediaConvert SDK has added support for
    rules that constrain Automatic-ABR rendition selection when generating ABR package ladders.
  * api-change:``cognito-idp``: [``botocore``] Amazon Cognito now supports requiring attribute
    verification (ex. email and phone number) before update.
  * api-change:``networkmanager``: [``botocore``] This release adds Multi Account API support for a
    TGW Global Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network
    Manager service and dependency CloudFormation StackSets service.
  * api-change:``ivschat``: [``botocore``] Doc-only update. For MessageReviewHandler structure, added
    timeout period in the description of the fallbackResult field
  * api-change:``ec2``: [``botocore``] Stop Protection feature enables customers to protect their
    instances from accidental stop actions.
- from version 1.23.6
  * api-change:``elasticache``: [``botocore``] Added support for encryption in transit for Memcached
    clusters. Customers can now launch Memcached cluster with encryption in transit enabled when using
    Memcached version 1.6.12 or later.
  * api-change:``forecast``: [``botocore``] New APIs for Monitor that help you understand how your
    predictors perform over time.
  * api-change:``personalize``: [``botocore``] Adding modelMetrics as part of DescribeRecommender API
    response for Personalize.
- from version 1.23.5
  * api-change:``comprehend``: [``botocore``] Comprehend releases 14 new entity types for
    DetectPiiEntities and ContainsPiiEntities APIs.
  * api-change:``logs``: [``botocore``] Doc-only update to publish the new valid values for log
    retention
- Update BuildRequires and Requires from setup.py
python-botocore
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Remove version constraint on python-pytest in BuildRequires
- Revert changes to Requires that introduced new incompatible syntax
- Update to 1.29.89
  * api-change:``ivschat``: This release adds a new exception returned when calling AWS IVS chat
    UpdateLoggingConfiguration. Now UpdateLoggingConfiguration can return ConflictException when
    invalid updates are made in sequence to Logging Configurations.
  * api-change:``secretsmanager``: The type definitions of SecretString and SecretBinary now have a
    minimum length of 1 in the model to match the exception thrown when you pass in empty values.
- from version 1.29.88
  * api-change:``codeartifact``: This release introduces the generic package format, a mechanism for
    storing arbitrary binary assets. It also adds a new API, PublishPackageVersion, to allow for
    publishing generic packages.
  * api-change:``connect``: This release adds a new API, GetMetricDataV2, which returns metric data
    for Amazon Connect.
  * api-change:``evidently``: Updated entity override documentation
  * api-change:``networkmanager``: This update provides example usage for TransitGatewayRouteTableArn.
  * api-change:``quicksight``: This release has two changes: add state persistence feature for
    embedded dashboard and console in GenerateEmbedUrlForRegisteredUser API; add properties for hidden
    collapsed row dimensions in PivotTableOptions.
  * api-change:``redshift-data``: Added support for Redshift Serverless workgroup-arn wherever the
    WorkgroupName parameter is available.
  * api-change:``sagemaker``: Amazon SageMaker Inference now allows SSM access to customer's model
    container by setting the "/EnableSSMAccess"/ parameter for a ProductionVariant in
    CreateEndpointConfig API.
  * api-change:``servicediscovery``: Updated all AWS Cloud Map APIs to provide consistent throttling
    exception (RequestLimitExceeded)
  * api-change:``sesv2``: This release introduces a new recommendation in Virtual Deliverability
    Manager Advisor, which detects missing or misconfigured Brand Indicator for Message Identification
    (BIMI) DNS records for customer sending identities.
- from version 1.29.87
  * api-change:``athena``: A new field SubstatementType is added to GetQueryExecution API, so
    customers have an error free way to detect the query type and interpret the result.
  * api-change:``dynamodb``: Adds deletion protection support to DynamoDB tables. Tables with
    deletion protection enabled cannot be deleted. Deletion protection is disabled by default, can be
    enabled via the CreateTable or UpdateTable APIs, and is visible in TableDescription. This setting
    is not replicated for Global Tables.
  * api-change:``ec2``: Introducing Amazon EC2 C7g, M7g and R7g instances, powered by the latest
    generation AWS Graviton3 processors and deliver up to 25% better performance over Graviton2-based
    instances.
  * api-change:``lakeformation``: This release adds two new API support "/GetDataCellsFiler"/ and
    "/UpdateDataCellsFilter"/, and also updates the corresponding documentation.
  * api-change:``mediapackage-vod``: This release provides the date and time VOD resources were
    created.
  * api-change:``mediapackage``: This release provides the date and time live resources were created.
  * api-change:``route53resolver``: Add dual-stack and IPv6 support for Route 53 Resolver
    Endpoint,Add IPv6 target IP in Route 53 Resolver Forwarding Rule
  * api-change:``sagemaker``: There needs to be a user identity to specify the SageMaker user who
    perform each action regarding the entity. However, these is a not a unified concept of user
    identity across SageMaker service that could be used today.
- from version 1.29.86
  * api-change:``dms``: This release adds DMS Fleet Advisor Target Recommendation APIs and exposes
    functionality for DMS Fleet Advisor. It adds functionality to start Target Recommendation
    calculation.
  * api-change:``location``: Documentation update for the release of 3 additional map styles for use
    with Open Data Maps: Open Data Standard Dark, Open Data Visualization Light & Open Data
    Visualization Dark.
- from version 1.29.85
  * api-change:``account``: AWS Account alternate contact email addresses can now have a length of
    254 characters and contain the character "/|"/.
  * api-change:``ivs``: Updated text description in DeleteChannel, Stream, and StreamSummary.
- from version 1.29.84
  * api-change:``dynamodb``: Documentation updates for DynamoDB.
  * api-change:``ec2``: This release adds support for a new boot mode for EC2 instances called 'UEFI
    Preferred'.
  * api-change:``macie2``: Documentation updates for Amazon Macie
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has improved handling for
    different input and output color space combinations.
  * api-change:``medialive``: AWS Elemental MediaLive adds support for Nielsen watermark timezones.
  * api-change:``transcribe``: Amazon Transcribe now supports role access for these API operations:
    CreateVocabulary, UpdateVocabulary, CreateVocabularyFilter, and UpdateVocabularyFilter.
- from version 1.29.83
  * api-change:``iot``: A recurring maintenance window is an optional configuration used for rolling
    out the job document to all devices in the target group observing a predetermined start time,
    duration, and frequency that the maintenance window occurs.
  * api-change:``migrationhubstrategy``: This release updates the File Import API to allow importing
    servers already discovered by customers with reduced pre-requisites.
  * api-change:``organizations``: This release introduces a new reason code,
    ACCOUNT_CREATION_NOT_COMPLETE, to ConstraintViolationException in CreateOrganization API.
  * api-change:``pi``: This release adds a new field PeriodAlignment to allow the customer specifying
    the returned timestamp of time periods to be either the start or end time.
  * api-change:``pipes``: This release fixes some input parameter range and patterns.
  * api-change:``sagemaker``: Add a new field "/EndpointMetrics"/ in SageMaker Inference Recommender
    "/ListInferenceRecommendationsJobSteps"/ API response.
- from version 1.29.82
  * api-change:``codecatalyst``: Published Dev Environments StopDevEnvironmentSession API
  * api-change:``pricing``: This release adds 2 new APIs - ListPriceLists which returns a list of
    applicable price lists, and GetPriceListFileUrl which outputs a URL to retrieve your price lists
    from the generated file from ListPriceLists
  * api-change:``s3outposts``: S3 on Outposts introduces a new API ListOutpostsWithS3, with this API
    you can list all your Outposts with S3 capacity.
- from version 1.29.81
  * enhancement:Documentation: Splits service documentation into multiple sub-pages for better
    organization and faster loading time.
  * api-change:``comprehend``: Amazon Comprehend now supports flywheels to help you train and manage
    new model versions for custom models.
  * api-change:``ec2``: This release allows IMDS support to be set to v2-only on an existing AMI, so
    that all future instances launched from that AMI will use IMDSv2 by default.
  * api-change:``kms``: AWS KMS is deprecating the RSAES_PKCS1_V1_5 wrapping algorithm option in the
    GetParametersForImport API that is used in the AWS KMS Import Key Material feature. AWS KMS will
    end support for this wrapping algorithm by October 1, 2023.
  * api-change:``lightsail``: This release adds Lightsail for Research feature support, such as GUI
    session access, cost estimates, stop instance on idle, and disk auto mount.
  * api-change:``managedblockchain``: This release adds support for tagging to the accessor resource
    in Amazon Managed Blockchain
  * api-change:``omics``: Minor model changes to accomodate batch imports feature
- from version 1.29.80
  * api-change:``devops-guru``: This release adds the description field on ListAnomaliesForInsight
    and DescribeAnomaly API responses for proactive anomalies.
  * api-change:``drs``: New fields were added to reflect availability zone data in source server and
    recovery instance description commands responses, as well as source server launch status.
  * api-change:``internetmonitor``: CloudWatch Internet Monitor is a a new service within CloudWatch
    that will help application developers and network engineers continuously monitor internet
    performance metrics such as availability and performance between their AWS-hosted applications and
    end-users of these applications
  * api-change:``lambda``: This release adds the ability to create ESMs with Document DB change
    streams as event source. For more information see
    https://docs.aws.amazon.com/lambda/latest/dg/with-documentdb.html.
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for HDR10 to
    SDR tone mapping, and animated GIF video input sources.
  * api-change:``timestream-write``: This release adds the ability to ingest batched historical data
    or migrate data in bulk from S3 into Timestream using CSV files.
- from version 1.29.79
  * api-change:``connect``: StartTaskContact API now supports linked task creation with a new
    optional RelatedContactId parameter
  * api-change:``connectcases``: This release adds the ability to delete domains through the
    DeleteDomain API. For more information see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``redshift``: Documentation updates for Redshift API bringing it in line with IAM best
    practices.
  * api-change:``securityhub``: New Security Hub APIs and updates to existing APIs that help you
    consolidate control findings and enable and disable controls across all supported standards
  * api-change:``servicecatalog``: Documentation updates for Service Catalog
- Update to 1.29.78
  * api-change:``appflow``: This release enables the customers to choose whether to use Private Link
    for Metadata and Authorization call when using a private Salesforce connections
  * api-change:``ecs``: This release supports deleting Amazon ECS task definitions that are in the
    INACTIVE state.
  * api-change:``grafana``: Doc-only update. Updated information on attached role policies for
    customer provided roles
  * api-change:``guardduty``: Updated API and data types descriptions for CreateFilter, UpdateFilter,
    and TriggerDetails.
  * api-change:``iotwireless``: In this release, we add additional capabilities for the FUOTA which
    allows user to configure the fragment size, the sending interval and the redundancy ratio of the
    FUOTA tasks
  * api-change:``location``: This release adds support for using Maps APIs with an API Key in
    addition to AWS Cognito. This includes support for adding, listing, updating and deleting API Keys.
  * api-change:``macie2``: This release adds support for a new finding type,
    Policy:IAMUser/S3BucketSharedWithCloudFront, and S3 bucket metadata that indicates if a bucket is
    shared with an Amazon CloudFront OAI or OAC.
  * api-change:``wafv2``: You can now associate an AWS WAF v2 web ACL with an AWS App Runner service.
- from version 1.29.77
  * api-change:``chime-sdk-voice``: This release introduces support for Voice Connector media metrics
    in the Amazon Chime SDK Voice namespace
  * api-change:``cloudfront``: CloudFront now supports block lists in origin request policies so that
    you can forward all headers, cookies, or query string from viewer requests to the origin *except*
    for those specified in the block list.
  * api-change:``datasync``: AWS DataSync has relaxed the minimum length constraint of AccessKey for
    Object Storage locations to 1.
  * api-change:``opensearch``: This release lets customers configure Off-peak window and software
    update related properties for a new/existing domain. It enhances the capabilities of
    StartServiceSoftwareUpdate API; adds 2 new APIs - ListScheduledActions & UpdateScheduledAction; and
    allows Auto-tune to make use of Off-peak window.
  * api-change:``rum``: CloudWatch RUM now supports CloudWatch Custom Metrics
  * api-change:``ssm``: Document only update for Feb 2023
- from version 1.29.76
  * api-change:``quicksight``: S3 data sources now accept a custom IAM role.
  * api-change:``resiliencehub``: In this release we improved resilience hub application creation and
    maintenance by introducing new resource and app component crud APIs, improving visibility and
    maintenance of application input sources and added support for additional information attributes to
    be provided by customers.
  * api-change:``securityhub``: Documentation updates for AWS Security Hub
  * api-change:``tnb``: This is the initial SDK release for AWS Telco Network Builder (TNB). AWS
    Telco Network Builder is a network automation service that helps you deploy and manage telecom
    networks.
- from version 1.29.75
  * bugfix:SSO: Fixes aws/aws-cli`#7496 <https://github.com/aws/aws-cli/issues/7496>`__ by using the
    correct profile name rather than the one set in the session.
  * api-change:``auditmanager``: This release introduces a ServiceQuotaExceededException to the
    UpdateAssessmentFrameworkShare API operation.
  * api-change:``connect``: Reasons for failed diff has been approved by SDK Reviewer
- from version 1.29.74
  * api-change:``apprunner``: This release supports removing MaxSize limit for
    AutoScalingConfiguration.
  * api-change:``glue``: Release of Delta Lake Data Lake Format for Glue Studio Service
- from version 1.29.73
  * api-change:``emr``: Update emr client to latest version
  * api-change:``grafana``: With this release Amazon Managed Grafana now supports inbound Network
    Access Control that helps you to restrict user access to your Grafana workspaces
  * api-change:``ivs``: Doc-only update. Updated text description in DeleteChannel, Stream, and
    StreamSummary.
  * api-change:``wafv2``: Added a notice for account takeover prevention (ATP). The interface
    incorrectly lets you to configure ATP response inspection in regional web ACLs in Region US East
    (N. Virginia), without returning an error. ATP response inspection is only available in web ACLs
    that protect CloudFront distributions.
- from version 1.29.72
  * api-change:``cloudtrail``: This release adds an InsufficientEncryptionPolicyException type to the
    StartImport endpoint
  * api-change:``efs``: Update efs client to latest version
  * api-change:``frauddetector``: This release introduces Lists feature which allows customers to
    reference a set of values in Fraud Detector's rules. With Lists, customers can dynamically manage
    these attributes in real time. Lists can be created/deleted and its contents can be modified using
    the Fraud Detector API.
  * api-change:``glue``: Fix DirectJDBCSource not showing up in CLI code gen
  * api-change:``privatenetworks``: This release introduces a new StartNetworkResourceUpdate API,
    which enables return/replacement of hardware from a NetworkSite.
  * api-change:``rds``: Database Activity Stream support for RDS for SQL Server.
  * api-change:``wafv2``: For protected CloudFront distributions, you can now use the AWS WAF Fraud
    Control account takeover prevention (ATP) managed rule group to block new login attempts from
    clients that have recently submitted too many failed login attempts.
- Update to 1.29.71
  * api-change:``appconfig``: AWS AppConfig now offers the option to set a version label on hosted
    configuration versions. Version labels allow you to identify specific hosted configuration versions
    based on an alternate versioning scheme that you define.
  * api-change:``datasync``: With this launch, we are giving customers the ability to use older SMB
    protocol versions, enabling them to use DataSync to copy data to and from their legacy storage
    arrays.
  * api-change:``ec2``: With this release customers can turn host maintenance on or off when
    allocating or modifying a supported dedicated host. Host maintenance is turned on by default for
    supported hosts.
- from version 1.29.70
  * api-change:``account``: This release of the Account Management API enables customers to view and
    manage whether AWS Opt-In Regions are enabled or disabled for their Account. For more information,
    see https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-regions.html
  * api-change:``appconfigdata``: AWS AppConfig now offers the option to set a version label on
    hosted configuration versions. If a labeled hosted configuration version is deployed, its version
    label is available in the GetLatestConfiguration response.
  * api-change:``snowball``: Adds support for EKS Anywhere on Snowball. AWS Snow Family customers can
    now install EKS Anywhere service on Snowball Edge Compute Optimized devices.
- from version 1.29.69
  * api-change:``autoscaling``: You can now either terminate/replace, ignore, or wait for EC2 Auto
    Scaling instances on standby or protected from scale in. Also, you can also roll back changes from
    a failed instance refresh.
  * api-change:``connect``: This update provides the Wisdom session ARN for contacts enabled for
    Wisdom in the chat channel.
  * api-change:``ec2``: Adds support for waiters that automatically poll for an imported snapshot
    until it reaches the completed state.
  * api-change:``polly``: Amazon Polly adds two new neural Japanese voices - Kazuha, Tomoko
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for selecting algorithms in
    CreateAutoMLJob API.
  * api-change:``sns``: This release adds support for SNS X-Ray active tracing as well as other
    updates.
- from version 1.29.68
  * api-change:``chime-sdk-meetings``: Documentation updates for Chime Meetings SDK
  * api-change:``emr-containers``: EMR on EKS allows configuring retry policies for job runs through
    the StartJobRun API. Using retry policies, a job cause a driver pod to be restarted automatically
    if it fails or is deleted. The job's status can be seen in the DescribeJobRun and ListJobRun APIs
    and monitored using CloudWatch events.
  * api-change:``evidently``: Updated entity overrides parameter to accept up to 2500 overrides or a
    total of 40KB.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``lightsail``: Documentation updates for Lightsail
  * api-change:``migration-hub-refactor-spaces``: This release adds support for creating environments
    with a network fabric type of NONE
  * api-change:``workdocs``: Doc only update for the WorkDocs APIs.
  * api-change:``workspaces``: Removed Windows Server 2016 BYOL and made changes based on IAM
    campaign.
- from version 1.29.67
  * api-change:``backup``: This release added one attribute (resource name) in the output model of
    our 9 existing APIs in AWS backup so that customers will see the resource name at the output. No
    input required from Customers.
  * api-change:``cloudfront``: CloudFront Origin Access Control extends support to AWS Elemental
    MediaStore origins.
  * api-change:``glue``: DirectJDBCSource + Glue 4.0 streaming options
  * api-change:``lakeformation``: This release removes the LFTagpolicyResource expression limits.
- Update to 1.29.66
  * api-change:``transfer``: Updated the documentation for the ImportCertificate API call, and added
    examples.
- from version 1.29.65
  * api-change:``compute-optimizer``: AWS Compute optimizer can now infer if Kafka is running on an
    instance.
  * api-change:``customer-profiles``: This release deprecates the PartyType and Gender enum data
    types from the Profile model and replaces them with new PartyTypeString and GenderString
    attributes, which accept any string of length up to 255.
  * api-change:``frauddetector``: My AWS Service (Amazon Fraud Detector) - This release introduces
    Cold Start Model Training which optimizes training for small datasets and adds intelligent methods
    for treating unlabeled data. You can now train Online Fraud Insights or Transaction Fraud Insights
    models with minimal historical-data.
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added improved scene change
    detection capabilities and a bandwidth reduction filter, along with video quality enhancements, to
    the AVC encoder.
  * api-change:``outposts``: Adds OrderType to Order structure. Adds PreviousOrderId and
    PreviousLineItemId to LineItem structure. Adds new line item status REPLACED. Increases maximum
    length of pagination token.
- from version 1.29.64
  * enhancement:AWSCRT: Upgrade awscrt version to 0.16.9
  * api-change:``proton``: Add new GetResourcesSummary API
  * api-change:``redshift``: Corrects descriptions of the parameters for the API operations
    RestoreFromClusterSnapshot, RestoreTableFromClusterSnapshot, and CreateCluster.
- from version 1.29.63
  * api-change:``appconfig``: AWS AppConfig introduces KMS customer-managed key (CMK) encryption of
    configuration data, along with AWS Secrets Manager as a new configuration data source. S3 objects
    using SSE-KMS encryption and SSM Parameter Store SecureStrings are also now supported.
  * api-change:``connect``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``keyspaces``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``quicksight``: QuickSight support for Radar Chart and Dashboard Publish Options
  * api-change:``redshift``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``sso-admin``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.62
  * bugfix:``s3``: boto3 no longer overwrites user supplied `Content-Encoding` with `aws-chunked`
    when user also supplies `ChecksumAlgorithm`.
  * api-change:``devops-guru``: This release adds filter support ListAnomalyForInsight API.
  * api-change:``forecast``: This release will enable customer select INCREMENTAL as ImportModel in
    Forecast's CreateDatasetImportJob API. Verified latest SDK containing required attribute, following
    https://w.amazon.com/bin/view/AWS-Seer/Launch/Trebuchet/
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``mediatailor``: The AWS Elemental MediaTailor SDK for Channel Assembly has added
    support for program updates, and the ability to clip the end of VOD sources in programs.
  * api-change:``sns``: Additional attributes added for set-topic-attributes.
- from version 1.29.61
  * api-change:``accessanalyzer``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``appsync``: This release introduces the feature to support EventBridge as AppSync
    data source.
  * api-change:``cloudtrail-data``: Add CloudTrail Data Service to enable users to ingest activity
    events from non-AWS sources into CloudTrail Lake.
  * api-change:``cloudtrail``: Add new "/Channel"/ APIs to enable users to manage channels used for
    CloudTrail Lake integrations, and "/Resource Policy"/ APIs to enable users to manage the
    resource-based permissions policy attached to a channel.
  * api-change:``codeartifact``: This release introduces a new DeletePackage API, which enables
    deletion of a package and all of its versions from a repository.
  * api-change:``connectparticipant``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: This launch allows customers to associate up to 8 IP addresses to their NAT
    Gateways to increase the limit on concurrent connections to a single destination by eight times
    from 55K to 440K.
  * api-change:``groundstation``: DigIF Expansion changes to the Customer APIs.
  * api-change:``iot``: Added support for IoT Rules Engine Cloudwatch Logs action batch mode.
  * api-change:``kinesis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``opensearch``: Amazon OpenSearch Service adds the option for a VPC endpoint
    connection between two domains when the local domain uses OpenSearch version 1.3 or 2.3. You can
    now use remote reindex to copy indices from one VPC domain to another without a reverse proxy.
  * api-change:``outposts``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``polly``: Amazon Polly adds two new neural American English voices - Ruth, Stephen
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports more completion
    criteria for Hyperparameter Optimization.
  * api-change:``securityhub``: New fields have been added to the AWS Security Finding Format.
    Compliance.SecurityControlId is a unique identifier for a security control across standards.
    Compliance.AssociatedStandards contains all enabled standards in which a security control is
    enabled.
  * api-change:``support``: This fixes incorrect endpoint construction when a customer is explicitly
    setting a region.
- Update to 1.29.60
  * api-change:``clouddirectory``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``cloudformation``: This feature provides a method of obtaining which regions a
    stackset has stack instances deployed in.
  * api-change:``discovery``: Update ImportName validation to 255 from the current length of 100
  * api-change:``dlm``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``ec2``: We add Prefix Lists as a new route destination option for LocalGatewayRoutes.
    This will allow customers to create routes to Prefix Lists. Prefix List routes will allow customers
    to group individual CIDR routes with the same target into a single route.
  * api-change:``imagebuilder``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``kafka``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``mediaconvert``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``swf``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- from version 1.29.59
  * api-change:``application-autoscaling``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``appstream``: Fixing the issue where Appstream waiters hang for fleet_started and
    fleet_stopped.
  * api-change:``elasticbeanstalk``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``fis``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``glacier``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrass``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
  * api-change:``greengrassv2``: Enabled FIPS endpoints for GovCloud (US) in SDK.
  * api-change:``mediatailor``: This release introduces the As Run logging type, along with API and
    documentation updates.
  * api-change:``outposts``: Adding support for payment term in GetOrder, CreateOrder responses.
  * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: This release supports running SageMaker Training jobs with container
    images that are in a private Docker registry.
  * api-change:``serverlessrepo``: Enabled FIPS endpoints for GovCloud (US) regions in SDK.
- Update to 1.29.58
  * api-change:``events``: Update events client to latest version
  * api-change:``iotfleetwise``: Add model validation to BatchCreateVehicle and BatchUpdateVehicle
    operations that invalidate requests with an empty vehicles list.
  * api-change:``s3``: Allow FIPS to be used with path-style URLs.
- from version 1.29.57
  * api-change:``cloudformation``: Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``ec2``: This release adds new functionality that allows customers to provision IPv6
    CIDR blocks through Amazon VPC IP Address Manager (IPAM) as well as allowing customers to utilize
    IPAM Resource Discovery APIs.
  * api-change:``m2``: Add returnCode, batchJobIdentifier in GetBatchJobExecution response, for user
    to view the batch job execution result & unique identifier from engine. Also removed unused headers
    from REST APIs
  * api-change:``polly``: Add 5 new neural voices - Sergio (es-ES), Andres (es-MX), Remi (fr-FR),
    Adriano (it-IT) and Thiago (pt-BR).
  * api-change:``redshift-serverless``: Added query monitoring rules as possible parameters for
    create and update workgroup operations.
  * api-change:``s3control``: Add additional endpoint tests for S3 Control. Fix missing endpoint
    parameters for PutBucketVersioning and GetBucketVersioning. Prior to this fix, those operations may
    have resulted in an invalid endpoint being resolved.
  * api-change:``sagemaker``: SageMaker Inference Recommender now decouples from Model Registry and
    could accept Model Name to invoke inference recommendations job; Inference Recommender now provides
    CPU/Memory Utilization metrics data in recommendation output.
  * api-change:``sts``: Doc only change to update wording in a key topic
- from version 1.29.56
  * api-change:``databrew``: Enabled FIPS us-gov-west-1 endpoints in SDK.
  * api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Melbourne) Region
    (ap-southeast-4) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
  * api-change:``ssm-sap``: This release provides updates to documentation and support for listing
    operations performed by AWS Systems Manager for SAP.
- from version 1.29.55
  * api-change:``lambda``: Release Lambda RuntimeManagementConfig, enabling customers to better
    manage runtime updates to their Lambda functions. This release adds two new APIs,
    GetRuntimeManagementConfig and PutRuntimeManagementConfig, as well as support on existing
    Create/Get/Update function APIs.
  * api-change:``sagemaker``: Amazon SageMaker Inference now supports P4de instance types.
- from version 1.29.54
  * api-change:``ec2``: C6in, M6in, M6idn, R6in and R6idn instances are powered by 3rd Generation
    Intel Xeon Scalable processors (code named Ice Lake) with an all-core turbo frequency of 3.5 GHz.
  * api-change:``ivs``: API and Doc update. Update to arns field in BatchGetStreamKey. Also updates
    to operations and structures.
  * api-change:``quicksight``: This release adds support for data bars in QuickSight table and
    increases pivot table field well limit.
- from version 1.29.53
  * api-change:``appflow``: Adding support for Salesforce Pardot connector in Amazon AppFlow.
  * api-change:``codeartifact``: Documentation updates for CodeArtifact
  * api-change:``connect``: Amazon Connect Chat introduces Persistent Chat, allowing customers to
    resume previous conversations with context and transcripts carried over from previous chats,
    eliminating the need to repeat themselves and allowing agents to provide personalized service with
    access to entire conversation history.
  * api-change:``connectparticipant``: This release updates Amazon Connect Participant's
    GetTranscript api to provide transcripts of past chats on a persistent chat session.
  * api-change:``ec2``: Adds SSM Parameter Resource Aliasing support to EC2 Launch Templates. Launch
    Templates can now store parameter aliases in place of AMI Resource IDs. CreateLaunchTemplateVersion
    and DescribeLaunchTemplateVersions now support a convenience flag, ResolveAlias, to return the
    resolved parameter value.
  * api-change:``glue``: Release Glue Studio Hudi Data Lake Format for SDK/CLI
  * api-change:``groundstation``: Add configurable prepass and postpass times for
    DataflowEndpointGroup. Add Waiter to allow customers to wait for a contact that was reserved
    through ReserveContact
  * api-change:``logs``: Bug fix - Removed the regex pattern validation from CoralModel to avoid
    potential security issue.
  * api-change:``medialive``: AWS Elemental MediaLive adds support for SCTE 35 preRollMilliSeconds.
  * api-change:``opensearch``: This release adds the enhanced dry run option, that checks for
    validation errors that might occur when deploying configuration changes and provides a summary of
    these errors, if any. The feature will also indicate whether a blue/green deployment will be
    required to apply a change.
  * api-change:``panorama``: Added AllowMajorVersionUpdate option to OTAJobConfig to make appliance
    software major version updates opt-in.
  * api-change:``sagemaker``: HyperParameterTuningJobs now allow passing environment variables into
    the corresponding TrainingJobs
- Update to 1.29.52
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``efs``: Update efs client to latest version
  * api-change:``ivschat``: Updates the range for a Chat Room's maximumMessageRatePerSecond field.
  * api-change:``wafv2``: Improved the visibility of the guidance for updating AWS WAF resources,
    such as web ACLs and rule groups.
- from version 1.29.51
  * api-change:``billingconductor``: This release adds support for SKU Scope for pricing plans.
  * api-change:``cloud9``: Added minimum value to AutomaticStopTimeMinutes parameter.
  * api-change:``imagebuilder``: Add support for AWS Marketplace product IDs as input during
    CreateImageRecipe for the parent-image parameter. Add support for listing third-party components.
  * api-change:``network-firewall``: Network Firewall now allows creation of dual stack endpoints,
    enabling inspection of IPv6 traffic.
- update to 1.29.50:
  * api-change:``connect``: This release updates the responses of
    UpdateContactFlowContent, UpdateContactFlowMetadata, UpdateContactFlowName
    and DeleteContactFlow API with empty responses.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``outposts``: This release adds POWER_30_KVA as an option for
    PowerDrawKva. PowerDrawKva is part of the RackPhysicalProperties structure
    in the CreateSite request.
  * api-change:``resource-groups``: AWS Resource Groups customers can now turn
    on Group Lifecycle Events in their AWS account. When you turn this on,
    Resource Groups monitors your groups for changes to group state or
    membership. Those changes are sent to Amazon EventBridge as events that you
    can respond to using rules you create.
  * api-change:``cleanrooms``: Initial release of AWS Clean Rooms
  * api-change:``lambda``: Add support for MaximumConcurrency parameter for SQS
    event source. Customers can now limit the maximum concurrent invocations
    for their SQS Event Source Mapping.
  * api-change:``logs``: Bug fix: logGroupName is now not a required field in
    GetLogEvents, FilterLogEvents, GetLogGroupFields, and DescribeLogStreams
    APIs as logGroupIdentifier can be provided instead
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added
    support for compact DASH manifest generation, audio normalization using
    TruePeak measurements, and the ability to clip the sample range in the
    color corrector.
  * api-change:``secretsmanager``: Update documentation for new ListSecrets and DescribeSecret parameters
  * api-change:``kendra``: This release adds support to new document types -
    RTF, XML, XSLT, MS_EXCEL, CSV, JSON, MD
  * api-change:``location``: This release adds support for two new route travel
    models, Bicycle and Motorcycle which can be used with Grab data source.
  * api-change:``rds``: This release adds support for configuring allocated
    storage on the CreateDBInstanceReadReplica,
    RestoreDBInstanceFromDBSnapshot, and RestoreDBInstanceToPointInTime APIs.
  * api-change:``ecr-public``: This release for Amazon ECR Public makes several
    change to bring the SDK into sync with the API.
  * api-change:``kendra-ranking``: Introducing Amazon Kendra Intelligent
    Ranking, a new set of Kendra APIs that leverages Kendra semantic ranking
    capabilities to improve the quality of search results from other search
    services (i.e. OpenSearch, ElasticSearch, Solr).
  * api-change:``network-firewall``: Network Firewall now supports the Suricata
    rule action reject, in addition to the actions pass, drop, and alert.
  * api-change:``ram``: Enabled FIPS aws-us-gov endpoints in SDK.
  * api-change:``workspaces-web``: This release adds support for a new portal
    authentication type: AWS IAM Identity Center (successor to AWS Single
    Sign-On).
- correct requires
- update to 1.29.45:
  * api-change:``acm-pca``: Added revocation parameter validation: bucket names
    must match S3 bucket naming rules and CNAMEs conform to RFC2396 restrictions
    on the use of special characters in URIs.
  * api-change:``auditmanager``: This release introduces a new data retention
    option in your Audit Manager settings. You can now use the
    DeregistrationPolicy parameter to specify if you want to delete your data
    when you deregister Audit Manager.
  * api-change:``amplifybackend``: Updated GetBackendAPIModels response to
    include ModelIntrospectionSchema json string
  * api-change:``apprunner``: This release adds support of securely referencing
    secrets and configuration data that are stored in Secrets Manager and SSM
    Parameter Store by adding them as environment secrets in your App Runner
    service.
  * api-change:``connect``: Documentation update for a new Initiation Method
    value in DescribeContact API
  * api-change:``emr-serverless``: Adds support for customized images. You can
    now provide runtime images when creating or updating EMR Serverless
    Applications.
  * api-change:``lightsail``: Documentation updates for Amazon Lightsail.
  * api-change:``mwaa``: MWAA supports Apache Airflow version 2.4.3.
  * api-change:``rds``: This release adds support for specifying which
    certificate authority (CA) to use for a DB instance's server certificate
    during DB instance creation, as well as other CA enhancements.
  * api-change:``application-autoscaling``: Customers can now use the existing
    DescribeScalingActivities API to also see the detailed and machine-readable
    reasons for Application Auto Scaling not scaling their resources and, if
    needed, take the necessary corrective actions.
  * api-change:``logs``: Update to remove sequenceToken as a required field in
    PutLogEvents calls.
  * api-change:``ssm``: Adding support for QuickSetup Document Type in Systems
    Manager
  * api-change:``securitylake``: Allow CreateSubscriber API to take string input
    that allows setting more descriptive SubscriberDescription field. Make
    souceTypes field required in model level for UpdateSubscriberRequest as it is
    required for every API call on the backend. Allow ListSubscribers take any
    String as nextToken param.
- Update to 1.29.41
  * api-change:``cloudfront``: Extend response headers policy to support removing headers from viewer
    responses
  * api-change:``iotfleetwise``: Update documentation - correct the epoch constant value of default
    value for expiryTime field in CreateCampaign request.
- from version 1.29.40
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``emr``: Update emr client to latest version
  * api-change:``secretsmanager``: Added owning service filter, include planned deletion flag, and
    next rotation date response parameter in ListSecrets.
  * api-change:``wisdom``: This release extends Wisdom CreateContent and StartContentUpload APIs to
    support PDF and MicrosoftWord docx document uploading.
- from version 1.29.39
  * api-change:``elasticache``: This release allows you to modify the encryption in transit setting,
    for existing Redis clusters. You can now change the TLS configuration of your Redis clusters
    without the need to re-build or re-provision the clusters or impact application availability.
  * api-change:``network-firewall``: AWS Network Firewall now provides status messages for firewalls
    to help you troubleshoot when your endpoint fails.
  * api-change:``rds``: This release adds support for Custom Engine Version (CEV) on RDS Custom SQL
    Server.
  * api-change:``route53-recovery-control-config``: Added support for Python paginators in the
    route53-recovery-control-config List* APIs.
- from version 1.29.38
  * api-change:``memorydb``: This release adds support for MemoryDB Reserved nodes which provides a
    significant discount compared to on-demand node pricing. Reserved nodes are not physical nodes, but
    rather a billing discount applied to the use of on-demand nodes in your account.
  * api-change:``transfer``: Add additional operations to throw ThrottlingExceptions
- from version 1.29.37
  * api-change:``connect``: Support for Routing Profile filter, SortCriteria, and grouping by Routing
    Profiles for GetCurrentMetricData API. Support for RoutingProfiles, UserHierarchyGroups, and Agents
    as filters, NextStatus and AgentStatusName for GetCurrentUserData. Adds ApproximateTotalCount to
    both APIs.
  * api-change:``connectparticipant``: Amazon Connect Chat introduces the Message Receipts feature.
    This feature allows agents and customers to receive message delivered and read receipts after they
    send a chat message.
  * api-change:``detective``: This release adds a missed AccessDeniedException type to several
    endpoints.
  * api-change:``fsx``: Fix a bug where a recent release might break certain existing SDKs.
  * api-change:``inspector2``: Amazon Inspector adds support for scanning NodeJS 18.x and Go 1.x AWS
    Lambda function runtimes.
- from version 1.29.36
  * api-change:``compute-optimizer``: This release enables AWS Compute Optimizer to analyze and
    generate optimization recommendations for ecs services running on Fargate.
  * api-change:``connect``: Amazon Connect Chat introduces the Idle Participant/Autodisconnect
    feature, which allows users to set timeouts relating to the activity of chat participants, using
    the new UpdateParticipantRoleConfig API.
  * api-change:``iotdeviceadvisor``: This release adds the following new features: 1) Documentation
    updates for IoT Device Advisor APIs. 2) Updated required request parameters for IoT Device Advisor
    APIs. 3) Added new service feature: ability to provide the test endpoint when customer executing
    the StartSuiteRun API.
  * api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
    stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
    processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
    as well as media ingestion to the cloud.
  * api-change:``rds``: Add support for managing master user password in AWS Secrets Manager for the
    DBInstance and DBCluster.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
- from version 1.29.35
  * api-change:``connect``: Amazon Connect Chat now allows for JSON (application/json) message types
    to be sent as part of the initial message in the StartChatContact API.
  * api-change:``connectparticipant``: Amazon Connect Chat now allows for JSON (application/json)
    message types to be sent in the SendMessage API.
  * api-change:``license-manager-linux-subscriptions``: AWS License Manager now offers cross-region,
    cross-account tracking of commercial Linux subscriptions on AWS. This includes subscriptions
    purchased as part of EC2 subscription-included AMIs, on the AWS Marketplace, or brought to AWS via
    Red Hat Cloud Access Program.
  * api-change:``macie2``: This release adds support for analyzing Amazon S3 objects that use the S3
    Glacier Instant Retrieval (Glacier_IR) storage class.
  * api-change:``sagemaker``: This release enables adding RStudio Workbench support to an existing
    Amazon SageMaker Studio domain. It allows setting your RStudio on SageMaker environment
    configuration parameters and also updating the RStudioConnectUrl and RStudioPackageManagerUrl
    parameters for existing domains
  * api-change:``scheduler``: Updated the ListSchedules and ListScheduleGroups APIs to allow the
    NamePrefix field to start with a number. Updated the validation for executionRole field to support
    any role name.
  * api-change:``ssm``: Doc-only updates for December 2022.
  * api-change:``support``: Documentation updates for the AWS Support API
  * api-change:``transfer``: This release adds support for Decrypt as a workflow step type.
- from version 1.29.34
  * api-change:``batch``: Adds isCancelled and isTerminated to DescribeJobs response.
  * api-change:``ec2``: Adds support for pagination in the EC2 DescribeImages API.
  * api-change:``lookoutequipment``: This release adds support for listing inference schedulers by
    status.
  * api-change:``medialive``: This release adds support for two new features to AWS Elemental
    MediaLive. First, you can now burn-in timecodes to your MediaLive outputs. Second, we now now
    support the ability to decode Dolby E audio when it comes in on an input.
  * api-change:``nimble``: Amazon Nimble Studio now supports configuring session storage volumes and
    persistence, as well as backup and restore sessions through launch profiles.
  * api-change:``resource-explorer-2``: Documentation updates for AWS Resource Explorer.
  * api-change:``route53domains``: Use Route 53 domain APIs to change owner, create/delete DS record,
    modify IPS tag, resend authorization. New: AssociateDelegationSignerToDomain,
    DisassociateDelegationSignerFromDomain, PushDomain, ResendOperationAuthorization. Updated:
    UpdateDomainContact, ListOperations, CheckDomainTransferability.
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for new objective metrics in
    CreateAutoMLJob API.
  * api-change:``transcribe``: Enable our batch transcription jobs for Swedish and Vietnamese.
- from version 1.29.33
  * api-change:``athena``: Add missed InvalidRequestException in
    GetCalculationExecutionCode,StopCalculationExecution APIs. Correct required parameters (Payload and
    Type) in UpdateNotebook API. Change Notebook size from 15 Mb to 10 Mb.
  * api-change:``ecs``: This release adds support for alarm-based rollbacks in ECS, a new feature
    that allows customers to add automated safeguards for Amazon ECS service rolling updates.
  * api-change:``kinesis-video-webrtc-storage``: Amazon Kinesis Video Streams offers capabilities to
    stream video and audio in real-time via WebRTC to the cloud for storage, playback, and analytical
    processing. Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming,
    as well as media ingestion to the cloud.
  * api-change:``kinesisvideo``: Amazon Kinesis Video Streams offers capabilities to stream video and
    audio in real-time via WebRTC to the cloud for storage, playback, and analytical processing.
    Customers can use our enhanced WebRTC SDK and cloud APIs to enable real-time streaming, as well as
    media ingestion to the cloud.
  * api-change:``rds``: Add support for --enable-customer-owned-ip to RDS
    create-db-instance-read-replica API for RDS on Outposts.
  * api-change:``sagemaker``: AWS Sagemaker - Sagemaker Images now supports Aliases as secondary
    identifiers for ImageVersions. SageMaker Images now supports additional metadata for ImageVersions
    for better images management.
- from version 1.29.32
  * api-change:``appflow``: This release updates the ListConnectorEntities API action so that it
    returns paginated responses that customers can retrieve with next tokens.
  * api-change:``cloudfront``: Updated documentation for CloudFront
  * api-change:``datasync``: AWS DataSync now supports the use of tags with task executions. With
    this new feature, you can apply tags each time you execute a task, giving you greater control and
    management over your task executions.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``guardduty``: This release provides the valid characters for the Description and Name
    field.
  * api-change:``iotfleetwise``: Updated error handling for empty resource names in
    "/UpdateSignalCatalog"/ and "/GetModelManifest"/ operations.
  * api-change:``sagemaker``: AWS sagemaker - Features: This release adds support for random seed,
    it's an integer value used to initialize a pseudo-random number generator. Setting a random seed
    will allow the hyperparameter tuning search strategies to produce more consistent configurations
    for the same tuning job.
- from version 1.29.31
  * api-change:``backup-gateway``: This release adds support for VMware vSphere tags, enabling
    customer to protect VMware virtual machines using tag-based policies for AWS tags mapped from
    vSphere tags. This release also adds support for customer-accessible gateway-hypervisor interaction
    log and upload bandwidth rate limit schedule.
  * api-change:``connect``: Added support for "/English - New Zealand"/ and "/English - South African"/
    to be used with Amazon Connect Custom Vocabulary APIs.
  * api-change:``ecs``: This release adds support for container port ranges in ECS, a new capability
    that allows customers to provide container port ranges to simplify use cases where multiple ports
    are in use in a container. This release updates TaskDefinition mutation APIs and the Task
    description APIs.
  * api-change:``eks``: Add support for Windows managed nodes groups.
  * api-change:``glue``: This release adds support for AWS Glue Crawler with native DeltaLake tables,
    allowing Crawlers to classify Delta Lake format tables and catalog them for query engines to query
    against.
  * api-change:``kinesis``: Added StreamARN parameter for Kinesis Data Streams APIs. Added a new
    opaque pagination token for ListStreams. SDKs will auto-generate Account Endpoint when accessing
    Kinesis Data Streams.
  * api-change:``location``: This release adds support for a new style, "/VectorOpenDataStandardLight"/
    which can be used with the new data source, "/Open Data Maps (Preview)"/.
  * api-change:``m2``: Adds an optional create-only `KmsKeyId` property to Environment and
    Application resources.
  * api-change:``sagemaker``: SageMaker Inference Recommender now allows customers to load tests
    their models on various instance types using private VPC.
  * api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
    AwsEc2LaunchTemplate, AwsSageMakerNotebookInstance, AwsWafv2WebAcl and AwsWafv2RuleGroup.
  * api-change:``translate``: Raised the input byte size limit of the Text field in the TranslateText
    API to 10000 bytes.
- from version 1.29.30
  * api-change:``ce``: This release supports percentage-based thresholds on Cost Anomaly Detection
    alert subscriptions.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``networkmanager``: Appliance Mode support for AWS Cloud WAN.
  * api-change:``redshift-data``: This release adds a new --client-token field to ExecuteStatement
    and BatchExecuteStatement operations. Customers can now run queries with the additional client
    token parameter to ensures idempotency.
  * api-change:``sagemaker-metrics``: Update SageMaker Metrics documentation.
- from version 1.29.29
  * api-change:``cloudtrail``: Merging mainline branch for service model into mainline release
    branch. There are no new APIs.
  * api-change:``rds``: This deployment adds ClientPasswordAuthType field to the Auth structure of
    the DBProxy.
- from version 1.29.28
  * bugfix:Endpoint provider: Updates ARN parsing ``resourceId`` delimiters
  * api-change:``customer-profiles``: This release allows custom strings in PartyType and Gender
    through 2 new attributes in the CreateProfile and UpdateProfile APIs: PartyTypeString and
    GenderString.
  * api-change:``ec2``: This release updates DescribeFpgaImages to show supported instance types of
    AFIs in its response.
  * api-change:``kinesisvideo``: This release adds support for public preview of Kinesis Video Stream
    at Edge enabling customers to provide configuration for the Kinesis Video Stream EdgeAgent running
    on an on-premise IoT device. Customers can now locally record from cameras and stream videos to the
    cloud on configured schedule.
  * api-change:``lookoutvision``: This documentation update adds kms:GenerateDataKey as a required
    permission to StartModelPackagingJob.
  * api-change:``migration-hub-refactor-spaces``: This release adds support for Lambda alias service
    endpoints. Lambda alias ARNs can now be passed into CreateService.
  * api-change:``rds``: Update the RDS API model to support copying option groups during the
    CopyDBSnapshot operation
  * api-change:``rekognition``: Adds support for "/aliases"/ and "/categories"/, inclusion and exclusion
    filters for labels and label categories, and aggregating labels by video segment timestamps for
    Stored Video Label Detection APIs.
  * api-change:``sagemaker-metrics``: This release introduces support SageMaker Metrics APIs.
  * api-change:``wafv2``: Documents the naming requirement for logging destinations that you use with
    web ACLs.
- from version 1.29.27
  * api-change:``iotfleetwise``: Deprecated assignedValue property for actuators and attributes.
    Added a message to invalid nodes and invalid decoder manifest exceptions.
  * api-change:``logs``: Doc-only update for CloudWatch Logs, for Tagging Permissions clarifications
  * api-change:``medialive``: Link devices now support buffer size (latency) configuration. A higher
    latency value means a longer delay in transmitting from the device to MediaLive, but improved
    resiliency. A lower latency value means a shorter delay, but less resiliency.
  * api-change:``mediapackage-vod``: This release provides the approximate number of assets in a
    packaging group.
- Update to 1.29.26
  * enhancement:Endpoint Provider Standard Library: Correct spelling of 'library' in
    ``StandardLibrary`` class
  * api-change:``autoscaling``: Adds support for metric math for target tracking scaling policies,
    saving you the cost and effort of publishing a custom metric to CloudWatch. Also adds support for
    VPC Lattice by adding the Attach/Detach/DescribeTrafficSources APIs and a new health check type to
    the CreateAutoScalingGroup API.
  * api-change:``iottwinmaker``: This release adds the following new features: 1) New APIs for
    managing a continuous sync of assets and asset models from AWS IoT SiteWise. 2) Support user
    friendly names for component types (ComponentTypeName) and properties (DisplayName).
  * api-change:``migrationhubstrategy``: This release adds known application filtering, server
    selection for assessments, support for potential recommendations, and indications for configuration
    and assessment status. For more information, see the AWS Migration Hub documentation at
    https://docs.aws.amazon.com/migrationhub/index.html
- from version 1.29.25
  * api-change:``ce``: This release adds the LinkedAccountName field to the GetAnomalies API response
    under RootCause
  * api-change:``cloudfront``: Introducing UpdateDistributionWithStagingConfig that can be used to
    promote the staging configuration to the production.
  * api-change:``eks``: Adds support for EKS add-ons configurationValues fields and
    DescribeAddonConfiguration function
  * api-change:``kms``: Updated examples and exceptions for External Key Store (XKS).
- from version 1.29.24
  * api-change:``billingconductor``: This release adds the Tiering Pricing Rule feature.
  * api-change:``connect``: This release provides APIs that enable you to programmatically manage
    rules for Contact Lens conversational analytics and third party applications. For more information,
    see   https://docs.aws.amazon.com/connect/latest/APIReference/rules-api.html
  * api-change:``dynamodb``: Endpoint Ruleset update: Use http instead of https for the "/local"/
    region.
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
  * api-change:``rds``: This release adds the BlueGreenDeploymentNotFoundFault to the
    AddTagsToResource, ListTagsForResource, and RemoveTagsFromResource operations.
  * api-change:``sagemaker-featurestore-runtime``: For online + offline Feature Groups, added ability
    to target PutRecord and DeleteRecord actions to only online store, or only offline store. If target
    store parameter is not specified, actions will apply to both stores.
- from version 1.29.23
  * api-change:``ce``: This release introduces two new APIs that offer a 1-click experience to
    refresh Savings Plans recommendations. The two APIs are
    StartSavingsPlansPurchaseRecommendationGeneration and
    ListSavingsPlansPurchaseRecommendationGeneration.
  * api-change:``ec2``: Documentation updates for EC2.
  * api-change:``ivschat``: Adds PendingVerification error type to messaging APIs to block the
    resource usage for accounts identified as being fraudulent.
  * api-change:``rds``: This release adds the InvalidDBInstanceStateFault to the
    RestoreDBClusterFromSnapshot operation.
  * api-change:``transcribe``: Amazon Transcribe now supports creating custom language models in the
    following languages: Japanese (ja-JP) and German (de-DE).
- from version 1.29.22
  * api-change:``appsync``: Fixes the URI for the evaluatecode endpoint to include the /v1 prefix
    (ie. "//v1/dataplane-evaluatecode"/).
  * api-change:``ecs``: Documentation updates for Amazon ECS
  * api-change:``fms``: AWS Firewall Manager now supports Fortigate Cloud Native Firewall as a
    Service as a third-party policy type.
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for
    configurable ID3 eMSG box attributes and the ability to signal them with InbandEventStream tags in
    DASH and CMAF outputs.
  * api-change:``medialive``: Updates to Event Signaling and Management (ESAM) API and documentation.
  * api-change:``polly``: Add language code for Finnish (fi-FI)
  * api-change:``proton``: CreateEnvironmentAccountConnection RoleArn input is now optional
  * api-change:``redshift-serverless``: Add Table Level Restore operations for Amazon Redshift
    Serverless. Add multi-port support for Amazon Redshift Serverless endpoints. Add Tagging support to
    Snapshots and Recovery Points in Amazon Redshift Serverless.
  * api-change:``sns``: This release adds the message payload-filtering feature to the SNS Subscribe,
    SetSubscriptionAttributes, and GetSubscriptionAttributes API actions
- Update to 1.29.21
  * api-change:``codecatalyst``: This release adds operations that support customers using the AWS
    Toolkits and Amazon CodeCatalyst, a unified software development service that helps developers
    develop, deploy, and maintain applications in the cloud. For more information, see the
    documentation.
  * api-change:``comprehend``: Comprehend now supports semi-structured documents (such as PDF files
    or image files) as inputs for custom analysis using the synchronous APIs (ClassifyDocument and
    DetectEntities).
  * api-change:``gamelift``: GameLift introduces a new feature, GameLift Anywhere. GameLift Anywhere
    allows you to integrate your own compute resources with GameLift. You can also use GameLift
    Anywhere to iteratively test your game servers without uploading the build to GameLift for every
    iteration.
  * api-change:``pipes``: AWS introduces new Amazon EventBridge Pipes which allow you to connect
    sources (SQS, Kinesis, DDB, Kafka, MQ) to Targets (14+ EventBridge Targets) without any code, with
    filtering, batching, input transformation, and an optional Enrichment stage (Lambda, StepFunctions,
    ApiGateway, ApiDestinations)
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
- from version 1.29.20
  * api-change:``accessanalyzer``: This release adds support for S3 cross account access points. IAM
    Access Analyzer will now produce public or cross account findings when it detects bucket delegation
    to external account access points.
  * api-change:``athena``: This release includes support for using Apache Spark in Amazon Athena.
  * api-change:``dataexchange``: This release enables data providers to license direct access to data
    in their Amazon S3 buckets or AWS Lake Formation data lakes through AWS Data Exchange. Subscribers
    get read-only access to the data and can use it in downstream AWS services, like Amazon Athena,
    without creating or managing copies.
  * api-change:``docdb-elastic``: Launched Amazon DocumentDB Elastic Clusters. You can now use the
    SDK to create, list, update and delete Amazon DocumentDB Elastic Cluster resources
  * api-change:``glue``: This release adds support for AWS Glue Data Quality, which helps you
    evaluate and monitor the quality of your data and includes the API for creating, deleting, or
    updating data quality rulesets, runs and evaluations.
  * api-change:``s3control``: Amazon S3 now supports cross-account access points. S3 bucket owners
    can now allow trusted AWS accounts to create access points associated with their bucket.
  * api-change:``sagemaker-geospatial``: This release provides Amazon SageMaker geospatial APIs to
    build, train, deploy and visualize geospatial models.
  * api-change:``sagemaker``: Added Models as part of the Search API. Added Model shadow deployments
    in realtime inference, and shadow testing in managed inference. Added support for shared spaces,
    geospatial APIs, Model Cards, AutoMLJobStep in pipelines, Git repositories on user profiles and
    domains, Model sharing in Jumpstart.
- from version 1.29.19
  * api-change:``ec2``: This release adds support for AWS Verified Access and the Hpc6id Amazon EC2
    compute optimized instance type, which features 3rd generation Intel Xeon Scalable processors.
  * api-change:``firehose``: Allow support for the Serverless offering for Amazon OpenSearch Service
    as a Kinesis Data Firehose delivery destination.
  * api-change:``kms``: AWS KMS introduces the External Key Store (XKS), a new feature for customers
    who want to protect their data with encryption keys stored in an external key management system
    under their control.
  * api-change:``omics``: Amazon Omics is a new, purpose-built service that can be used by healthcare
    and life science organizations to store, query, and analyze omics data. The insights from that data
    can be used to accelerate scientific discoveries and improve healthcare.
  * api-change:``opensearchserverless``: Publish SDK for Amazon OpenSearch Serverless
  * api-change:``securitylake``: Amazon Security Lake automatically centralizes security data from
    cloud, on-premises, and custom sources into a purpose-built data lake stored in your account.
    Security Lake makes it easier to analyze security data, so you can improve the protection of your
    workloads, applications, and data
  * api-change:``simspaceweaver``: AWS SimSpace Weaver is a new service that helps customers build
    spatial simulations at new levels of scale - resulting in virtual worlds with millions of dynamic
    entities. See the AWS SimSpace Weaver developer guide for more details on how to get started.
    https://docs.aws.amazon.com/simspaceweaver
- from version 1.29.18
  * api-change:``arc-zonal-shift``: Amazon Route 53 Application Recovery Controller Zonal Shift is a
    new service that makes it easy to shift traffic away from an Availability Zone in a Region. See the
    developer guide for more information:
    https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route53-recovery.html
  * api-change:``compute-optimizer``: Adds support for a new recommendation preference that makes it
    possible for customers to optimize their EC2 recommendations by utilizing an external metrics
    ingestion service to provide metrics.
  * api-change:``config``: With this release, you can use AWS Config to evaluate your resources for
    compliance with Config rules before they are created or updated. Using Config rules in proactive
    mode enables you to test and build compliant resource templates or check resource configurations at
    the time they are provisioned.
  * api-change:``ec2``: Introduces ENA Express, which uses AWS SRD and dynamic routing to increase
    throughput and minimize latency, adds support for trust relationships between Reachability Analyzer
    and AWS Organizations to enable cross-account analysis, and adds support for Infrastructure
    Performance metric subscriptions.
  * api-change:``eks``: Adds support for additional EKS add-ons metadata and filtering fields
  * api-change:``fsx``: This release adds support for 4GB/s / 160K PIOPS FSx for ONTAP file systems
    and 10GB/s / 350K PIOPS FSx for OpenZFS file systems (Single_AZ_2). For FSx for ONTAP, this also
    adds support for DP volumes, snapshot policy, copy tags to backups, and Multi-AZ route table
    updates.
  * api-change:``glue``: This release allows the creation of Custom Visual Transforms (Dynamic
    Transforms) to be created via AWS Glue CLI/SDK.
  * api-change:``inspector2``: This release adds support for Inspector to scan AWS Lambda.
  * api-change:``lambda``: Adds support for Lambda SnapStart, which helps improve the startup
    performance of functions. Customers can now manage SnapStart based functions via CreateFunction and
    UpdateFunctionConfiguration APIs
  * api-change:``license-manager-user-subscriptions``: AWS now offers fully-compliant,
    Amazon-provided licenses for Microsoft Office Professional Plus 2021 Amazon Machine Images (AMIs)
    on Amazon EC2. These AMIs are now available on the Amazon EC2 console and on AWS Marketplace to
    launch instances on-demand without any long-term licensing commitments.
  * api-change:``macie2``: Added support for configuring Macie to continually sample objects from S3
    buckets and inspect them for sensitive data. Results appear in statistics, findings, and other data
    that Macie provides.
  * api-change:``quicksight``: This release adds new Describe APIs and updates Create and Update APIs
    to support the data model for Dashboards, Analyses, and Templates.
  * api-change:``s3control``: Added two new APIs to support Amazon S3 Multi-Region Access Point
    failover controls: GetMultiRegionAccessPointRoutes and SubmitMultiRegionAccessPointRoutes. The
    failover control APIs are supported in the following Regions: us-east-1, us-west-2, eu-west-1,
    ap-southeast-2, and ap-northeast-1.
  * api-change:``securityhub``: Adding StandardsManagedBy field to DescribeStandards API response
- from version 1.29.17
  * api-change:``backup``: AWS Backup introduces support for legal hold and application stack
    backups. AWS Backup Audit Manager introduces support for cross-Region, cross-account reports.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``drs``: Non breaking changes to existing APIs, and additional APIs added to support
    in-AWS failing back using AWS Elastic Disaster Recovery.
  * api-change:``ecs``: This release adds support for ECS Service Connect, a new capability that
    simplifies writing and operating resilient distributed applications. This release updates the
    TaskDefinition, Cluster, Service mutation APIs with Service connect constructs and also adds a new
    ListServicesByNamespace API.
  * api-change:``efs``: Update efs client to latest version
  * api-change:``iot-data``: This release adds support for MQTT5 properties to AWS IoT HTTP Publish
    API.
  * api-change:``iot``: Job scheduling enables the scheduled rollout of a Job with start and end
    times and a customizable end behavior when end time is reached. This is available for continuous
    and snapshot jobs. Added support for MQTT5 properties to AWS IoT TopicRule Republish Action.
  * api-change:``iotwireless``: This release includes a new feature for customers to calculate the
    position of their devices by adding three new APIs: UpdateResourcePosition, GetResourcePosition,
    and GetPositionEstimate.
  * api-change:``kendra``: Amazon Kendra now supports preview of table information from HTML tables
    in the search results. The most relevant cells with their corresponding rows, columns are displayed
    as a preview in the search result. The most relevant table cell or cells are also highlighted in
    table preview.
  * api-change:``logs``: Updates to support CloudWatch Logs data protection and CloudWatch
    cross-account observability
  * api-change:``mgn``: This release adds support for Application and Wave management. We also now
    support custom post-launch actions.
  * api-change:``oam``: Amazon CloudWatch Observability Access Manager is a new service that allows
    configuration of the CloudWatch cross-account observability feature.
  * api-change:``organizations``: This release introduces delegated administrator for AWS
    Organizations, a new feature to help you delegate the management of your Organizations policies,
    enabling you to govern your AWS organization in a decentralized way. You can now allow member
    accounts to manage Organizations policies.
  * api-change:``rds``: This release enables new Aurora and RDS feature called Blue/Green Deployments
    that makes updates to databases safer, simpler and faster.
  * api-change:``textract``: This release adds support for classifying and splitting lending
    documents by type, and extracting information by using the Analyze Lending APIs. This release also
    includes support for summarized information of the processed lending document package, in addition
    to per document results.
  * api-change:``transcribe``: This release adds support for 'inputType' for post-call and real-time
    (streaming) Call Analytics within Amazon Transcribe.
- from version 1.29.16
  * api-change:``grafana``: This release includes support for configuring a Grafana workspace to
    connect to a datasource within a VPC as well as new APIs for configuring Grafana settings.
  * api-change:``rbin``: This release adds support for Rule Lock for Recycle Bin, which allows you to
    lock retention rules so that they can no longer be modified or deleted.
- from version 1.29.15
  * bugfix:Endpoints: Resolve endpoint with default partition when no region is set
  * bugfix:s3: fixes missing x-amz-content-sha256 header for s3 object lambda
  * api-change:``appflow``: Adding support for Amazon AppFlow to transfer the data to Amazon Redshift
    databases through Amazon Redshift Data API service. This feature will support the Redshift
    destination connector on both public and private accessible Amazon Redshift Clusters and Amazon
    Redshift Serverless.
  * api-change:``kinesisanalyticsv2``: Support for Apache Flink 1.15 in Kinesis Data Analytics.
- from version 1.29.14
  * api-change:``route53``: Amazon Route 53 now supports the Asia Pacific (Hyderabad) Region
    (ap-south-2) for latency records, geoproximity records, and private DNS for Amazon VPCs in that
    region.
- from version 1.29.13
  * api-change:``appflow``: AppFlow provides a new API called UpdateConnectorRegistration to update a
    custom connector that customers have previously registered. With this API, customers no longer need
    to unregister and then register a connector to make an update.
  * api-change:``auditmanager``: This release introduces a new feature for Audit Manager: Evidence
    finder. You can now use evidence finder to quickly query your evidence, and add the matching
    evidence results to an assessment report.
  * api-change:``chime-sdk-voice``: Amazon Chime Voice Connector, Voice Connector Group and PSTN
    Audio Service APIs are now available in the Amazon Chime SDK Voice namespace. See
    https://docs.aws.amazon.com/chime-sdk/latest/dg/sdk-available-regions.html for more details.
  * api-change:``cloudfront``: CloudFront API support for staging distributions and associated
    traffic management policies.
  * api-change:``connect``: Added AllowedAccessControlTags and TagRestrictedResource for Tag Based
    Access Control on Amazon Connect Webpage
  * api-change:``dynamodb``: Updated minor fixes for DynamoDB documentation.
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
  * api-change:``ec2``: This release adds support for copying an Amazon Machine Image's tags when
    copying an AMI.
  * api-change:``glue``: AWSGlue Crawler - Adding support for Table and Column level Comments with
    database level datatypes for JDBC based crawler.
  * api-change:``iot-roborunner``: AWS IoT RoboRunner is a new service that makes it easy to build
    applications that help multi-vendor robots work together seamlessly. See the IoT RoboRunner
    developer guide for more details on getting started.
    https://docs.aws.amazon.com/iotroborunner/latest/dev/iotroborunner-welcome.html
  * api-change:``quicksight``: This release adds the following: 1) Asset management for centralized
    assets governance 2) QuickSight Q now supports public embedding 3) New Termination protection flag
    to mitigate accidental deletes 4) Athena data sources now accept a custom IAM role 5) QuickSight
    supports connectivity to Databricks
  * api-change:``sagemaker``: Added DisableProfiler flag as a new field in ProfilerConfig
  * api-change:``servicecatalog``: This release 1. adds support for Principal Name Sharing with
    Service Catalog portfolio sharing. 2. Introduces repo sourced products which are created and
    managed with existing SC APIs. These products are synced to external repos and auto create new
    product versions based on changes in the repo.
  * api-change:``ssm-sap``: AWS Systems Manager for SAP provides simplified operations and management
    of SAP applications such as SAP HANA. With this release, SAP customers and partners can automate
    and simplify their SAP system administration tasks such as backup/restore of SAP HANA.
  * api-change:``stepfunctions``: Update stepfunctions client to latest version
  * api-change:``transfer``: Adds a NONE encryption algorithm type to AS2 connectors, providing
    support for skipping encryption of the AS2 message body when a HTTPS URL is also specified.
- from version 1.29.12
  * api-change:``amplify``: Adds a new value (WEB_COMPUTE) to the Platform enum that allows customers
    to create Amplify Apps with Server-Side Rendering support.
  * api-change:``appflow``: AppFlow simplifies the preparation and cataloging of SaaS data into the
    AWS Glue Data Catalog where your data can be discovered and accessed by AWS analytics and ML
    services. AppFlow now also supports data field partitioning and file size optimization to improve
    query performance and reduce cost.
  * api-change:``appsync``: This release introduces the APPSYNC_JS runtime, and adds support for
    JavaScript in AppSync functions and AppSync pipeline resolvers.
  * api-change:``dms``: Adds support for Internet Protocol Version 6 (IPv6) on DMS Replication
    Instances
  * api-change:``ec2``: This release adds a new optional parameter "/privateIpAddress"/ for the
    CreateNatGateway API. PrivateIPAddress will allow customers to select a custom Private IPv4 address
    instead of having it be auto-assigned.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``emr-serverless``: Adds support for AWS Graviton2 based applications. You can now
    select CPU architecture when creating new applications or updating existing ones.
  * api-change:``ivschat``: Adds LoggingConfiguration APIs for IVS Chat - a feature that allows
    customers to store and record sent messages in a chat room to S3 buckets, CloudWatch logs, or
    Kinesis firehose.
  * api-change:``lambda``: Add Node 18 (nodejs18.x) support to AWS Lambda.
  * api-change:``personalize``: This release provides support for creation and use of metric
    attributions in AWS Personalize
  * api-change:``polly``: Add two new neural voices - Ola (pl-PL) and Hala (ar-AE).
  * api-change:``rum``: CloudWatch RUM now supports custom events. To use custom events, create an
    app monitor or update an app monitor with CustomEvent Status as ENABLED.
  * api-change:``s3control``: Added 34 new S3 Storage Lens metrics to support additional customer use
    cases.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager.
  * api-change:``securityhub``: Added SourceLayerArn and SourceLayerHash field for security findings.
    Updated AwsLambdaFunction Resource detail
  * api-change:``servicecatalog-appregistry``: This release adds support for tagged resource
    associations, which allows you to associate a group of resources with a defined resource tag key
    and value to the application.
  * api-change:``sts``: Documentation updates for AWS Security Token Service.
  * api-change:``textract``: This release adds support for specifying and extracting information from
    documents using the Signatures feature within Analyze Document API
  * api-change:``workspaces``: The release introduces CreateStandbyWorkspaces, an API that allows you
    to create standby WorkSpaces associated with a primary WorkSpace in another Region.
    DescribeWorkspaces now includes related WorkSpaces properties. DescribeWorkspaceBundles and
    CreateWorkspaceBundle now return more bundle details.
- from version 1.29.11
  * api-change:``batch``: Documentation updates related to Batch on EKS
  * api-change:``billingconductor``: This release adds a new feature BillingEntity pricing rule.
  * api-change:``cloudformation``: Added UnsupportedTarget HandlerErrorCode for use with CFN Resource
    Hooks
  * api-change:``comprehendmedical``: This release supports new set of entities and traits. It also
    adds new category (BEHAVIORAL_ENVIRONMENTAL_SOCIAL).
  * api-change:``connect``: This release adds a new MonitorContact API for initiating monitoring of
    ongoing Voice and Chat contacts.
  * api-change:``eks``: Adds support for customer-provided placement groups for Kubernetes control
    plane instances when creating local EKS clusters on Outposts
  * api-change:``elasticache``: for Redis now supports AWS Identity and Access Management
    authentication access to Redis clusters starting with redis-engine version 7.0
  * api-change:``iottwinmaker``: This release adds the following: 1) ExecuteQuery API allows users to
    query their AWS IoT TwinMaker Knowledge Graph 2) Pricing plan APIs allow users to configure and
    manage their pricing mode 3) Support for property groups and tabular property values in existing
    AWS IoT TwinMaker APIs.
  * api-change:``personalize-events``: This release provides support for creation and use of metric
    attributions in AWS Personalize
  * api-change:``proton``: Add support for sorting and filtering in ListServiceInstances
  * api-change:``rds``: This release adds support for container databases (CDBs) to Amazon RDS Custom
    for Oracle. A CDB contains one PDB at creation. You can add more PDBs using Oracle SQL. You can
    also customize your database installation by setting the Oracle base, Oracle home, and the OS user
    name and group.
  * api-change:``ssm-incidents``: Add support for PagerDuty integrations on ResponsePlan,
    IncidentRecord, and RelatedItem APIs
  * api-change:``ssm``: This release adds support for cross account access in CreateOpsItem,
    UpdateOpsItem and GetOpsItem. It introduces new APIs to setup resource policies for SSM resources:
    PutResourcePolicy, GetResourcePolicies and DeleteResourcePolicy.
  * api-change:``transfer``: Allow additional operations to throw ThrottlingException
  * api-change:``xray``: This release adds new APIs - PutResourcePolicy, DeleteResourcePolicy,
    ListResourcePolicies for supporting resource based policies for AWS X-Ray.
- from version 1.29.10
  * bugfix:s3: fixes missing x-amz-content-sha256 header for s3 on outpost
  * enhancement:sso: Add support for loading sso-session profiles from the aws config
  * api-change:``connect``: This release updates the APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute, and ListInstanceAttributes. You can use it to programmatically
    enable/disable enhanced contact monitoring using attribute type ENHANCED_CONTACT_MONITORING on the
    specified Amazon Connect instance.
  * api-change:``greengrassv2``: Adds new parent target ARN paramater to CreateDeployment,
    GetDeployment, and ListDeployments APIs for the new subdeployments feature.
  * api-change:``route53``: Amazon Route 53 now supports the Europe (Spain) Region (eu-south-2) for
    latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
  * api-change:``workspaces``: This release introduces ModifyCertificateBasedAuthProperties, a new
    API that allows control of certificate-based auth properties associated with a WorkSpaces
    directory. The DescribeWorkspaceDirectories API will now additionally return certificate-based auth
    properties in its responses.
- from version 1.29.9
  * api-change:``customer-profiles``: This release enhances the SearchProfiles API by providing
    functionality to search for profiles using multiple keys and logical operators.
  * api-change:``lakeformation``: This release adds a new parameter "/Parameters"/ in the
    DataLakeSettings.
  * api-change:``managedblockchain``: Updating the API docs data type: NetworkEthereumAttributes, and
    the operations DeleteNode, and CreateNode to also include the supported Goerli network.
  * api-change:``proton``: Add support for CodeBuild Provisioning
  * api-change:``rds``: This release adds support for restoring an RDS Multi-AZ DB cluster snapshot
    to a Single-AZ deployment or a Multi-AZ DB instance deployment.
  * api-change:``workdocs``: Added 2 new document related operations, DeleteDocumentVersion and
    RestoreDocumentVersions.
  * api-change:``xray``: This release enhances GetServiceGraph API to support new type of edge to
    represent links between SQS and Lambda in event-driven applications.
- Update to 1.29.8
  * api-change:``glue``: Added links related to enabling job bookmarks.
  * api-change:``iot``: This release add new api listRelatedResourcesForAuditFinding and new member
    type IssuerCertificates for Iot device device defender Audit.
  * api-change:``license-manager``: AWS License Manager now supports onboarded Management Accounts or
    Delegated Admins to view granted licenses aggregated from all accounts in the organization.
  * api-change:``marketplace-catalog``: Added three new APIs to support tagging and tag-based
    authorization: TagResource, UntagResource, and ListTagsForResource. Added optional parameters to
    the StartChangeSet API to support tagging a resource while making a request to create it.
  * api-change:``rekognition``: Adding support for ImageProperties feature to detect dominant colors
    and image brightness, sharpness, and contrast, inclusion and exclusion filters for labels and label
    categories, new fields to the API response, "/aliases"/ and "/categories"/
  * api-change:``securityhub``: Documentation updates for Security Hub
  * api-change:``ssm-incidents``: RelatedItems now have an ID field which can be used for referencing
    them else where. Introducing event references in TimelineEvent API and increasing maximum length of
    "/eventData"/ to 12K characters.
- from version 1.29.7
  * api-change:``autoscaling``: This release adds a new price capacity optimized allocation strategy
    for Spot Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling,
    EC2 Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability
    and Spot Instance price.
  * api-change:``ec2``: This release adds a new price capacity optimized allocation strategy for Spot
    Instances to help customers optimize provisioning of Spot Instances via EC2 Auto Scaling, EC2
    Fleet, and Spot Fleet. It allocates Spot Instances based on both spare capacity availability and
    Spot Instance price.
  * api-change:``ecs``: This release adds support for task scale-in protection with
    updateTaskProtection and getTaskProtection APIs. UpdateTaskProtection API can be used to protect a
    service managed task from being terminated by scale-in events and getTaskProtection API to get the
    scale-in protection status of a task.
  * api-change:``es``: Amazon OpenSearch Service now offers managed VPC endpoints to connect to your
    Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature allows
    you to privately access OpenSearch Service domain without using public IPs or requiring traffic to
    traverse the Internet.
  * api-change:``resource-explorer-2``: Text only updates to some Resource Explorer descriptions.
  * api-change:``scheduler``: AWS introduces the new Amazon EventBridge Scheduler. EventBridge
    Scheduler is a serverless scheduler that allows you to create, run, and manage tasks from one
    central, managed service.
- from version 1.29.6
  * api-change:``connect``: This release adds new fields SignInUrl, UserArn, and UserId to
    GetFederationToken response payload.
  * api-change:``connectcases``: This release adds the ability to disable templates through the
    UpdateTemplate API. Disabling templates prevents customers from creating cases using the template.
    For more information see https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: Amazon EC2 Trn1 instances, powered by AWS Trainium chips, are purpose built
    for high-performance deep learning training. u-24tb1.112xlarge and u-18tb1.112xlarge High Memory
    instances are purpose-built to run large in-memory databases.
  * api-change:``groundstation``: This release adds the preview of customer-provided ephemeris
    support for AWS Ground Station, allowing space vehicle owners to provide their own position and
    trajectory information for a satellite.
  * api-change:``mediapackage-vod``: This release adds "/IncludeIframeOnlyStream"/ for Dash endpoints.
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.5
  * api-change:``acm``: Support added for requesting elliptic curve certificate key algorithm types
    P-256 (EC_prime256v1) and P-384 (EC_secp384r1).
  * api-change:``billingconductor``: This release adds the Recurring Custom Line Item feature along
    with a new API ListCustomLineItemVersions.
  * api-change:``ec2``: This release enables sharing of EC2 Placement Groups across accounts and
    within AWS Organizations using Resource Access Manager
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
  * api-change:``fms``: AWS Firewall Manager now supports importing existing AWS Network Firewall
    firewalls into Firewall Manager policies.
  * api-change:``lightsail``: This release adds support for Amazon Lightsail to automate the
    delegation of domains registered through Amazon Route 53 to Lightsail DNS management and to
    automate record creation for DNS validation of Lightsail SSL/TLS certificates.
  * api-change:``opensearch``: Amazon OpenSearch Service now offers managed VPC endpoints to connect
    to your Amazon OpenSearch Service VPC-enabled domain in a Virtual Private Cloud (VPC). This feature
    allows you to privately access OpenSearch Service domain without using public IPs or requiring
    traffic to traverse the Internet.
  * api-change:``polly``: Amazon Polly adds new voices: Elin (sv-SE), Ida (nb-NO), Laura (nl-NL) and
    Suvi (fi-FI). They are available as neural voices only.
  * api-change:``resource-explorer-2``: This is the initial SDK release for AWS Resource Explorer.
    AWS Resource Explorer lets your users search for and discover your AWS resources across the AWS
    Regions in your account.
  * api-change:``route53``: Amazon Route 53 now supports the Europe (Zurich) Region (eu-central-2)
    for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
- from version 1.29.4
  * api-change:``athena``: Adds support for using Query Result Reuse
  * api-change:``autoscaling``: This release adds support for two new attributes for attribute-based
    instance type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``cloudtrail``: This release includes support for configuring a delegated
    administrator to manage an AWS Organizations organization CloudTrail trails and event data stores,
    and AWS Key Management Service encryption of CloudTrail Lake event data stores.
  * api-change:``ec2``: This release adds support for two new attributes for attribute-based instance
    type selection - NetworkBandwidthGbps and AllowedInstanceTypes.
  * api-change:``elasticache``: Added support for IPv6 and dual stack for Memcached and Redis
    clusters. Customers can now launch new Redis and Memcached clusters with IPv6 and dual stack
    networking support.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``mediaconvert``: The AWS Elemental MediaConvert SDK has added support for setting the
    SDR reference white point for HDR conversions and conversion of HDR10 to DolbyVision without
    mastering metadata.
  * api-change:``ssm``: This release includes support for applying a CloudWatch alarm to multi
    account multi region Systems Manager Automation
  * api-change:``wafv2``: The geo match statement now adds labels for country and region. You can
    match requests at the region level by combining a geo match statement with label match statements.
  * api-change:``wellarchitected``: This release adds support for integrations with AWS Trusted
    Advisor and AWS Service Catalog AppRegistry to improve workload discovery and speed up your
    workload reviews.
  * api-change:``workspaces``: This release adds protocols attribute to workspaces properties data
    type. This enables customers to migrate workspaces from PC over IP (PCoIP) to WorkSpaces Streaming
    Protocol (WSP) using create and modify workspaces public APIs.
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.3
  * api-change:``ec2``: This release adds API support for the recipient of an AMI account share to
    remove shared AMI launch permissions.
  * api-change:``emr-containers``: Adding support for Job templates. Job templates allow you to
    create and store templates to configure Spark applications parameters. This helps you ensure
    consistent settings across applications by reusing and enforcing configuration overrides in data
    pipelines.
  * api-change:``logs``: Doc-only update for bug fixes and support of export to buckets encrypted
    with SSE-KMS
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- Add psuffix on the name to have the multibuild flavor packages identify themselves by a different name
- Update to 1.29.2
  * api-change:``memorydb``: Adding support for r6gd instances for MemoryDB Redis with data tiering.
    In a cluster with data tiering enabled, when available memory capacity is exhausted, the least
    recently used data is automatically tiered to solid state drives for cost-effective capacity
    scaling with minimal performance impact.
  * api-change:``sagemaker``: Amazon SageMaker now supports running training jobs on ml.trn1 instance
    types.
  * api-change:``endpoint-rules``: Update endpoint-rules client to latest version
- from version 1.29.1
  * api-change:``iotsitewise``: This release adds the ListAssetModelProperties and
    ListAssetProperties APIs. You can list all properties that belong to a single asset model or asset
    using these two new APIs.
  * api-change:``s3control``: S3 on Outposts launches support for Lifecycle configuration for
    Outposts buckets. With S3 Lifecycle configuration, you can mange objects so they are stored cost
    effectively. You can manage objects using size-based rules and specify how many noncurrent versions
    bucket will retain.
  * api-change:``sagemaker``: This release updates Framework model regex for ModelPackage to support
    new Framework version xgboost, sklearn.
  * api-change:``ssm-incidents``: Adds support for tagging replication-set on creation.
- from version 1.29.0
  * feature:Endpoints: Migrate all services to use new AWS Endpoint Resolution framework
  * Enhancement:Endpoints: Discontinued use of `sslCommonName` hosts as detailed in 1.27.0 (see
    `#2705 <https://github.com/boto/botocore/issues/2705>`__ for more info)
  * api-change:``rds``: Relational Database Service - This release adds support for configuring
    Storage Throughput on RDS database instances.
  * api-change:``textract``: Add ocr results in AnalyzeIDResponse as blocks
- from version 1.28.5
  * api-change:``apprunner``: This release adds support for private App Runner services. Services may
    now be configured to be made private and only accessible from a VPC. The changes include a new
    VpcIngressConnection resource and several new and modified APIs.
  * api-change:``connect``: Amazon connect now support a new API DismissUserContact to dismiss or
    remove terminated contacts in Agent CCP
  * api-change:``ec2``: Elastic IP transfer is a new Amazon VPC feature that allows you to transfer
    your Elastic IP addresses from one AWS Account to another.
  * api-change:``iot``: This release adds the Amazon Location action to IoT Rules Engine.
  * api-change:``logs``: SDK release to support tagging for destinations and log groups with
    TagResource. Also supports tag on create with PutDestination.
  * api-change:``sesv2``: This release includes support for interacting with the Virtual
    Deliverability Manager, allowing you to opt in/out of the feature and to retrieve recommendations
    and metric data.
  * api-change:``textract``: This release introduces additional support for 30+ normalized fields
    such as vendor address and currency. It also includes OCR output in the response and accuracy
    improvements for the already supported fields in previous version
- from version 1.28.4
  * api-change:``apprunner``: AWS App Runner adds .NET 6, Go 1, PHP 8.1 and Ruby 3.1 runtimes.
  * api-change:``appstream``: This release includes CertificateBasedAuthProperties in
    CreateDirectoryConfig and UpdateDirectoryConfig.
  * api-change:``cloud9``: Update to the documentation section of the Cloud9 API Reference guide.
  * api-change:``cloudformation``: This release adds more fields to improves visibility of AWS
    CloudFormation StackSets information in following APIs: ListStackInstances, DescribeStackInstance,
    ListStackSetOperationResults, ListStackSetOperations, DescribeStackSetOperation.
  * api-change:``gamesparks``: Add LATEST as a possible GameSDK Version on snapshot
  * api-change:``mediatailor``: This release introduces support for SCTE-35 segmentation descriptor
    messages which can be sent within time signal messages.
- from version 1.28.3
  * api-change:``ec2``: Feature supports the replacement of instance root volume using an updated AMI
    without requiring customers to stop their instance.
  * api-change:``fms``: Add support NetworkFirewall Managed Rule Group Override flag in
    GetViolationDetails API
  * api-change:``glue``: Added support for custom datatypes when using custom csv classifier.
  * api-change:``redshift``: This release clarifies use for the ElasticIp parameter of the
    CreateCluster and RestoreFromClusterSnapshot APIs.
  * api-change:``sagemaker``: This change allows customers to provide a custom entrypoint script for
    the docker container to be run while executing training jobs, and provide custom arguments to the
    entrypoint script.
  * api-change:``wafv2``: This release adds the following: Challenge rule action, to silently verify
    client browsers; rule group rule action override to any valid rule action, not just Count; token
    sharing between protected applications for challenge/CAPTCHA token; targeted rules option for Bot
    Control managed rule group.
- from version 1.28.2
  * api-change:``iam``: Doc only update that corrects instances of CLI not using an entity.
  * api-change:``kafka``: This release adds support for Tiered Storage. UpdateStorage allows you to
    control the Storage Mode for supported storage tiers.
  * api-change:``neptune``: Added a new cluster-level attribute to set the capacity range for Neptune
    Serverless instances.
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying Grid
    Search strategy for tuning jobs, which evaluates all hyperparameter combinations exhaustively based
    on the categorical hyperparameters provided.
- from version 1.28.1
  * api-change:``accessanalyzer``: This release adds support for six new resource types in IAM Access
    Analyzer to help you easily identify public and cross-account access to your AWS resources. Updated
    service API, documentation, and paginators.
  * api-change:``location``: Added new map styles with satellite imagery for map resources using HERE
    as a data provider.
  * api-change:``mediatailor``: This release is a documentation update
  * api-change:``rds``: Relational Database Service - This release adds support for exporting DB
    cluster data to Amazon S3.
  * api-change:``workspaces``: This release adds new enums for supporting Workspaces Core features,
    including creating Manual running mode workspaces, importing regular Workspaces Core images and
    importing g4dn Workspaces Core images.
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to 1.28.0
  * feature:Endpoints: Implemented new endpoint ruleset system to dynamically derive endpoints and
    settings for services
  * api-change:``acm-pca``: AWS Private Certificate Authority (AWS Private CA) now offers usage modes
    which are combination of features to address specific use cases.
  * api-change:``batch``: This release adds support for AWS Batch on Amazon EKS.
  * api-change:``datasync``: Added support for self-signed certificates when using object storage
    locations; added BytesCompressed to the TaskExecution response.
  * api-change:``sagemaker``: SageMaker Inference Recommender now supports a new API
    ListInferenceRecommendationJobSteps to return the details of all the benchmark we create for an
    inference recommendation job.
- from version 1.27.96
  * api-change:``cognito-idp``: This release adds a new "/DeletionProtection"/ field to the UserPool in
    Cognito. Application admins can configure this value with either ACTIVE or INACTIVE value. Setting
    this field to ACTIVE will prevent a user pool from accidental deletion.
  * api-change:``sagemaker``: CreateInferenceRecommenderjob API now supports passing endpoint details
    directly, that will help customers to identify the max invocation and max latency they can achieve
    for their model and the associated endpoint along with getting recommendations on other instances.
- from version 1.27.95
  * api-change:``devops-guru``: This release adds information about the resources DevOps Guru is
    analyzing.
  * api-change:``globalaccelerator``: Global Accelerator now supports AddEndpoints and
    RemoveEndpoints operations for standard endpoint groups.
  * api-change:``resiliencehub``: In this release, we are introducing support for regional
    optimization for AWS Resilience Hub applications. It also includes a few documentation updates to
    improve clarity.
  * api-change:``rum``: CloudWatch RUM now supports Extended CloudWatch Metrics with Additional
    Dimensions
- from version 1.27.94
  * api-change:``chime-sdk-messaging``: Documentation updates for Chime Messaging SDK
  * api-change:``cloudtrail``: This release includes support for exporting CloudTrail Lake query
    results to an Amazon S3 bucket.
  * api-change:``config``: This release adds resourceType enums for AppConfig, AppSync, DataSync,
    EC2, EKS, Glue, GuardDuty, SageMaker, ServiceDiscovery, SES, Route53 types.
  * api-change:``connect``: This release adds API support for managing phone numbers that can be used
    across multiple AWS regions through telephony traffic distribution.
  * api-change:``events``: Update events client to latest version
  * api-change:``managedblockchain``: Adding new Accessor APIs for Amazon Managed Blockchain
  * api-change:``s3``: Updates internal logic for constructing API endpoints. We have added
    rule-based endpoints and internal model parameters.
  * api-change:``s3control``: Updates internal logic for constructing API endpoints. We have added
    rule-based endpoints and internal model parameters.
  * api-change:``support-app``: This release adds the RegisterSlackWorkspaceForOrganization API. You
    can use the API to register a Slack workspace for an AWS account that is part of an organization.
  * api-change:``workspaces-web``: WorkSpaces Web now supports user access logging for recording
    session start, stop, and URL navigation.
- from version 1.27.93
  * api-change:``frauddetector``: Documentation Updates for Amazon Fraud Detector
  * api-change:``sagemaker``: This change allows customers to enable data capturing while running a
    batch transform job, and configure monitoring schedule to monitoring the captured data.
  * api-change:``servicediscovery``: Updated the ListNamespaces API to support the NAME and HTTP_NAME
    filters, and the BEGINS_WITH filter condition.
  * api-change:``sesv2``: This release allows subscribers to enable Dedicated IPs (managed) to send
    email via a fully managed dedicated IP experience. It also adds identities' VerificationStatus in
    the response of GetEmailIdentity and ListEmailIdentities APIs, and ImportJobs counts in the
    response of ListImportJobs API.
- from version 1.27.92
  * api-change:``greengrass``: This change allows customers to specify FunctionRuntimeOverride in
    FunctionDefinitionVersion. This configuration can be used if the runtime on the device is different
    from the AWS Lambda runtime specified for that function.
  * api-change:``sagemaker``: This release adds support for C7g, C6g, C6gd, C6gn, M6g, M6gd, R6g, and
    R6gn Graviton instance types in Amazon SageMaker Inference.
- Remove version constraint for python-pytest in BuildRequires
- Update to 1.27.91
  * api-change:``mediaconvert``: MediaConvert now supports specifying the minimum percentage of the
    HRD buffer available at the end of each encoded video segment.
- from version 1.27.90
  * api-change:``amplifyuibuilder``: We are releasing the ability for fields to be configured as
    arrays.
  * api-change:``appflow``: With this update, you can choose which Salesforce API is used by Amazon
    AppFlow to transfer data to or from your Salesforce account. You can choose the Salesforce REST API
    or Bulk API 2.0. You can also choose for Amazon AppFlow to pick the API automatically.
  * api-change:``connect``: This release adds support for a secondary email and a mobile number for
    Amazon Connect instance users.
  * api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
    set up.
  * api-change:``ecs``: Documentation update to address tickets.
  * api-change:``guardduty``: Add UnprocessedDataSources to CreateDetectorResponse which specifies
    the data sources that couldn't be enabled during the CreateDetector request. In addition, update
    documentations.
  * api-change:``iam``: Documentation updates for the AWS Identity and Access Management API
    Reference.
  * api-change:``iotfleetwise``: Documentation update for AWS IoT FleetWise
  * api-change:``medialive``: AWS Elemental MediaLive now supports forwarding SCTE-35 messages
    through the Event Signaling and Management (ESAM) API, and can read those SCTE-35 messages from an
    inactive source.
  * api-change:``mediapackage-vod``: This release adds SPEKE v2 support for MediaPackage VOD. Speke
    v2 is an upgrade to the existing SPEKE API to support multiple encryption keys, based on an
    encryption contract selected by the customer.
  * api-change:``panorama``: Pause and resume camera stream processing with
    SignalApplicationInstanceNodeInstances. Reboot an appliance with CreateJobForDevices. More
    application state information in DescribeApplicationInstance response.
  * api-change:``rds-data``: Doc update to reflect no support for schema parameter on
    BatchExecuteStatement API
  * api-change:``ssm-incidents``: Update RelatedItem enum to support Tasks
  * api-change:``ssm``: Support of AmazonLinux2022 by Patch Manager
  * api-change:``transfer``: This release adds an option for customers to configure workflows that
    are triggered when files are only partially received from a client due to premature session
    disconnect.
  * api-change:``translate``: This release enables customers to specify multiple target languages in
    asynchronous batch translation requests.
  * api-change:``wisdom``: This release updates the GetRecommendations API to include a trigger event
    list for classifying and grouping recommendations.
- from version 1.27.89
  * api-change:``codeguru-reviewer``: Documentation update to replace broken link.
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``greengrassv2``: This release adds error status details for deployments and
    components that failed on a device and adds features to improve visibility into component
    installation.
  * api-change:``quicksight``: Amazon QuickSight now supports SecretsManager Secret ARN in place of
    CredentialPair for DataSource creation and update. This release also has some minor documentation
    updates and removes CountryCode as a required parameter in GeoSpatialColumnGroup
- from version 1.27.88
  * api-change:``resiliencehub``: Documentation change for AWS Resilience Hub. Doc-only update to fix
    Documentation layout
- from version 1.27.87
  * api-change:``glue``: This SDK release adds support to sync glue jobs with source control
    provider. Additionally, a new parameter called SourceControlDetails will be added to Job model.
  * api-change:``network-firewall``: StreamExceptionPolicy configures how AWS Network Firewall
    processes traffic when a network connection breaks midstream
  * api-change:``outposts``: This release adds the Asset state information to the ListAssets
    response. The ListAssets request supports filtering on Asset state.
- from version 1.27.86
  * api-change:``connect``: Updated the CreateIntegrationAssociation API to support the CASES_DOMAIN
    IntegrationType.
  * api-change:``connectcases``: This release adds APIs for Amazon Connect Cases. Cases allows your
    agents to quickly track and manage customer issues that require multiple interactions, follow-up
    tasks, and teams in your contact center.  For more information, see
    https://docs.aws.amazon.com/cases/latest/APIReference/Welcome.html
  * api-change:``ec2``: Added EnableNetworkAddressUsageMetrics flag for ModifyVpcAttribute,
    DescribeVpcAttribute APIs.
  * api-change:``ecs``: Documentation updates to address various Amazon ECS tickets.
  * api-change:``s3control``: S3 Object Lambda adds support to allow customers to intercept
    HeadObject and ListObjects requests and introduce their own compute. These requests were previously
    proxied to S3.
  * api-change:``workmail``: This release adds support for impersonation roles in Amazon WorkMail.
- drop remove-six.patch, rejected by upstream and breaks
  all dependent projects of botocore
- Add remove-six.patch, which eliminates need for the six dependency.
- Update to 1.27.85
  * api-change:``accessanalyzer``: AWS IAM Access Analyzer policy validation introduces new checks
    for role trust policies. As customers author a policy, IAM Access Analyzer policy validation
    evaluates the policy for any issues to make it easier for customers to author secure policies.
  * api-change:``ec2``: Adding an imdsSupport attribute to EC2 AMIs
  * api-change:``snowball``: Adds support for V3_5C. This is a refreshed AWS Snowball Edge Compute
    Optimized device type with 28TB SSD, 104 vCPU and 416GB memory (customer usable).
- from version 1.27.84
  * api-change:``codedeploy``: This release allows you to override the alarm configurations when
    creating a deployment.
  * api-change:``devops-guru``: This release adds filter feature on AddNotificationChannel API,
    enable customer to configure the SNS notification messages by Severity or MessageTypes
  * api-change:``dlm``: This release adds support for archival of single-volume snapshots created by
    Amazon Data Lifecycle Manager policies
  * api-change:``sagemaker-runtime``: Update sagemaker-runtime client to latest version
  * api-change:``sagemaker``: A new parameter called ExplainerConfig is added to CreateEndpointConfig
    API to enable SageMaker Clarify online explainability feature.
  * api-change:``sso-oidc``: Documentation updates for the IAM Identity Center OIDC CLI Reference.
- from version 1.27.83
  * api-change:``acm``: This update returns additional certificate details such as certificate SANs
    and allows sorting in the ListCertificates API.
  * api-change:``ec2``: u-3tb1 instances are powered by Intel Xeon Platinum 8176M (Skylake)
    processors and are purpose-built to run large in-memory databases.
  * api-change:``emr-serverless``: This release adds API support to debug Amazon EMR Serverless jobs
    in real-time with live application UIs
  * api-change:``fsx``: This release adds support for Amazon File Cache.
  * api-change:``migrationhuborchestrator``: Introducing AWS MigrationHubOrchestrator. This is the
    first public release of AWS MigrationHubOrchestrator.
  * api-change:``polly``: Added support for the new Cantonese voice - Hiujin. Hiujin is available as
    a Neural voice only.
  * api-change:``proton``: This release adds an option to delete pipeline provisioning repositories
    using the UpdateAccountSettings API
  * api-change:``sagemaker``: SageMaker Training Managed Warm Pools let you retain provisioned
    infrastructure to reduce latency for repetitive training workloads.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``translate``: This release enables customers to access control rights on Translate
    resources like Parallel Data and Custom Terminology using Tag Based Authorization.
  * api-change:``workspaces``: This release includes diagnostic log uploading feature. If it is
    enabled, the log files of WorkSpaces Windows client will be sent to Amazon WorkSpaces automatically
    for troubleshooting. You can use modifyClientProperty api to enable/disable this feature.
- from version 1.27.82
  * api-change:``ce``: This release is to support retroactive Cost Categories. The new field will
    enable you to retroactively apply new and existing cost category rules to previous months.
  * api-change:``kendra``: My AWS Service (placeholder) - Amazon Kendra now provides a data source
    connector for DropBox. For more information, see
    https://docs.aws.amazon.com/kendra/latest/dg/data-source-dropbox.html
  * api-change:``location``: This release adds place IDs, which are unique identifiers of places,
    along with a new GetPlace operation, which can be used with place IDs to find a place again later.
    UnitNumber and UnitType are also added as new properties of places.
- from version 1.27.81
  * api-change:``cur``: This release adds two new support regions(me-central-1/eu-south-2) for OSG.
  * api-change:``iotfleetwise``: General availability (GA) for AWS IoT Fleetwise. It adds AWS IoT
    Fleetwise to AWS SDK. For more information, see
    https://docs.aws.amazon.com/iot-fleetwise/latest/APIReference/Welcome.html.
  * api-change:``ssm``: This release includes support for applying a CloudWatch alarm to Systems
    Manager capabilities like Automation, Run Command, State Manager, and Maintenance Windows.
- from version 1.27.80
  * api-change:``apprunner``: AWS App Runner adds a Node.js 16 runtime.
  * api-change:``ec2``: Letting external AWS customers provide ImageId as a Launch Template override
    in FleetLaunchTemplateOverridesRequest
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``lightsail``: This release adds Instance Metadata Service (IMDS) support for
    Lightsail instances.
  * api-change:``nimble``: Amazon Nimble Studio adds support for on-demand Amazon Elastic Compute
    Cloud (EC2) G3 and G5 instances, allowing customers to utilize additional GPU instance types for
    their creative projects.
  * api-change:``ssm``: This release adds new SSM document types ConformancePackTemplate and
    CloudFormation
  * api-change:``wafv2``: Add the default specification for ResourceType in ListResourcesForWebACL.
- from version 1.27.79
  * api-change:``backup-gateway``: Changes include: new GetVirtualMachineApi to fetch a single user's
    VM, improving ListVirtualMachines to fetch filtered VMs as well as all VMs, and improving
    GetGatewayApi to now also return the gateway's MaintenanceStartTime.
  * api-change:``devicefarm``: This release adds the support for VPC-ENI based connectivity for
    private devices on AWS Device Farm.
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``glue``: Added support for S3 Event Notifications for Catalog Target Crawlers.
  * api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
- from version 1.27.78
  * api-change:``comprehend``: Amazon Comprehend now supports synchronous mode for targeted sentiment
    API operations.
  * api-change:``s3control``: S3 on Outposts launches support for object versioning for Outposts
    buckets. With S3 Versioning, you can preserve, retrieve, and restore every version of every object
    stored in your buckets. You can recover from both unintended user actions and application failures.
  * api-change:``sagemaker``: SageMaker now allows customization on Canvas Application settings,
    including enabling/disabling time-series forecasting and specifying an Amazon Forecast execution
    role at both the Domain and UserProfile levels.
- from version 1.27.77
  * api-change:``ec2``: This release adds support for blocked paths to Amazon VPC Reachability
    Analyzer.
- Update to 1.27.76
  * api-change:``cloudtrail``: This release includes support for importing existing trails into
    CloudTrail Lake.
  * api-change:``ec2``: This release adds CapacityAllocations field to DescribeCapacityReservations
  * api-change:``mediaconnect``: This change allows the customer to use the SRT Caller protocol as
    part of their flows
  * api-change:``rds``: This release adds support for Amazon RDS Proxy with SQL Server compatibility.
- from version 1.27.75
  * api-change:``codestar-notifications``: This release adds tag based access control for the
    UntagResource API.
  * api-change:``ecs``: This release supports new task definition sizes.
- from version 1.27.74
  * api-change:``dynamodb``: Increased DynamoDB transaction limit from 25 to 100.
  * api-change:``ec2``: This feature allows customers to create tags for vpc-endpoint-connections and
    vpc-endpoint-service-permissions.
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
    Hyperband strategy for tuning jobs, which uses a multi-fidelity based tuning strategy to stop
    underperforming hyperparameter configurations early.
- from version 1.27.73
  * api-change:``amplifyuibuilder``: Amplify Studio UIBuilder is introducing forms functionality.
    Forms can be configured from Data Store models, JSON, or from scratch. These forms can then be
    generated in your project and used like any other React components.
  * api-change:``ec2``: This update introduces API operations to manage and create local gateway
    route tables, CoIP pools, and VIF group associations.
- Update to 1.27.72
  * api-change:``customer-profiles``: Added isUnstructured in response for Customer Profiles
    Integration APIs
  * api-change:``drs``: Fixed the data type of lagDuration that is returned in Describe Source Server
    API
  * api-change:``ec2``: Two new features for local gateway route tables: support for static routes
    targeting Elastic Network Interfaces and direct VPC routing.
  * api-change:``evidently``: This release adds support for the client-side evaluation - powered by
    AWS AppConfig feature.
  * api-change:``kendra``: This release enables our customer to choose the option of Sharepoint 2019
    for the on-premise Sharepoint connector.
  * api-change:``transfer``: This release introduces the ability to have multiple server host keys
    for any of your Transfer Family servers that use the SFTP protocol.
- from version 1.27.71
  * api-change:``eks``: Adding support for local Amazon EKS clusters on Outposts
- from version 1.27.70
  * api-change:``cloudtrail``: This release adds CloudTrail getChannel and listChannels APIs to allow
    customer to view the ServiceLinkedChannel configurations.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``lexv2-runtime``: Update lexv2-runtime client to latest version
  * api-change:``pi``: Increases the maximum values of two RDS Performance Insights APIs. The maximum
    value of the Limit parameter of DimensionGroup is 25. The MaxResult maximum is now 25 for the
    following APIs: DescribeDimensionKeys, GetResourceMetrics, ListAvailableResourceDimensions, and
    ListAvailableResourceMetrics.
  * api-change:``redshift``: This release updates documentation for AQUA features and other
    description updates.
- from version 1.27.69
  * api-change:``ec2``: This release adds support to send VPC Flow Logs to kinesis-data-firehose as
    new destination type
  * api-change:``emr-containers``: EMR on EKS now allows running Spark SQL using the newly introduced
    Spark SQL Job Driver in the Start Job Run API
  * api-change:``lookoutmetrics``: Release dimension value filtering feature to allow customers to
    define dimension filters for including only a subset of their dataset to be used by LookoutMetrics.
  * api-change:``medialive``: This change exposes API settings which allow Dolby Atmos and Dolby
    Vision to be used when running a channel using Elemental Media Live
  * api-change:``route53``: Amazon Route 53 now supports the Middle East (UAE) Region (me-central-1)
    for latency records, geoproximity records, and private DNS for Amazon VPCs in that region.
  * api-change:``sagemaker``: This release adds Mode to AutoMLJobConfig.
  * api-change:``ssm``: This release adds support for Systems Manager State Manager Association
    tagging.
- from version 1.27.68
  * api-change:``dataexchange``: Documentation updates for AWS Data Exchange.
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``eks``: Adds support for EKS Addons ResolveConflicts "/preserve"/ flag. Also adds new
    update failed status for EKS Addons.
  * api-change:``fsx``: Documentation update for Amazon FSx.
  * api-change:``inspector2``: This release adds new fields like fixAvailable, fixedInVersion and
    remediation to the finding model. The requirement to have vulnerablePackages in the finding model
    has also been removed. The documentation has been updated to reflect these changes.
  * api-change:``iotsitewise``: Allow specifying units in Asset Properties
  * api-change:``sagemaker``: SageMaker Hosting now allows customization on ML instance storage
    volume size, model data download timeout and inference container startup ping health check timeout
    for each ProductionVariant in CreateEndpointConfig API.
  * api-change:``sns``: Amazon SNS introduces the Data Protection Policy APIs, which enable customers
    to attach a data protection policy to an SNS topic. This allows topic owners to enable the new
    message data protection feature to audit and block sensitive data that is exchanged through their
    topics.
- from version 1.27.67
  * api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
  * api-change:``sagemaker``: This release adds HyperParameterTuningJob type in Search API.
- from version 1.27.66
  * api-change:``cognito-idp``: This release adds a new "/AuthSessionValidity"/ field to the
    UserPoolClient in Cognito. Application admins can configure this value for their users'
    authentication duration, which is currently fixed at 3 minutes, up to 15 minutes. Setting this
    field will also apply to the SMS MFA authentication flow.
  * api-change:``connect``: This release adds search APIs for Routing Profiles and Queues, which can
    be used to search for those resources within a Connect Instance.
  * api-change:``mediapackage``: Added support for AES_CTR encryption to CMAF origin endpoints
  * api-change:``sagemaker``: This release enables administrators to attribute user activity and API
    calls from Studio notebooks, Data Wrangler and Canvas to specific users even when users share the
    same execution IAM role.  ExecutionRoleIdentityConfig at Sagemaker domain level enables this
    feature.
- from version 1.27.65
  * api-change:``codeguru-reviewer``: Documentation updates to fix formatting issues in CLI and SDK
    documentation.
  * api-change:``controltower``: This release contains the first SDK for AWS Control Tower. It
    introduces  a new set of APIs: EnableControl, DisableControl, GetControlOperation, and
    ListEnabledControls.
  * api-change:``route53``: Documentation updates for Amazon Route 53.
- Update to 1.27.64
  * api-change:``cloudfront``: Update API documentation for CloudFront origin access control (OAC)
  * api-change:``identitystore``: Expand IdentityStore API to support Create, Read, Update, Delete
    and Get operations for User, Group and GroupMembership resources.
  * api-change:``iotthingsgraph``: This release deprecates all APIs of the ThingsGraph service
  * api-change:``ivs``: IVS Merge Fragmented Streams. This release adds support for
    recordingReconnectWindow field in IVS recordingConfigurations. For more information see
    https://docs.aws.amazon.com/ivs/latest/APIReference/Welcome.html
  * api-change:``rds-data``: Documentation updates for RDS Data API
  * api-change:``sagemaker``: SageMaker Inference Recommender now accepts Inference Recommender
    fields: Domain, Task, Framework, SamplePayloadUrl, SupportedContentTypes, SupportedInstanceTypes,
    directly in our CreateInferenceRecommendationsJob API through ContainerConfig
- from version 1.27.63
  * enhancement:Endpoints: Deprecate SSL common name
  * api-change:``greengrassv2``: Adds topologyFilter to ListInstalledComponentsRequest which allows
    filtration of components by ROOT or ALL (including root and dependency components). Adds
    lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a component
    changed state on a device.
  * api-change:``identitystore``: Documentation updates for the Identity Store CLI Reference.
  * api-change:``lookoutequipment``: This release adds new apis for providing labels.
  * api-change:``macie2``: This release of the Amazon Macie API adds support for using allow lists to
    define specific text and text patterns to ignore when inspecting data sources for sensitive data.
  * api-change:``sso-admin``: Documentation updates for the AWS IAM Identity Center CLI Reference.
  * api-change:``sso``: Documentation updates for the AWS IAM Identity Center Portal CLI Reference.
- from version 1.27.62
  * api-change:``fsx``: Documentation updates for Amazon FSx for NetApp ONTAP.
  * api-change:``voice-id``: Amazon Connect Voice ID now detects voice spoofing.  When a prospective
    fraudster tries to spoof caller audio using audio playback or synthesized speech, Voice ID will
    return a risk score and outcome to indicate the how likely it is that the voice is spoofed.
- from version 1.27.61
  * api-change:``mediapackage``: This release adds Ads AdTriggers and AdsOnDeliveryRestrictions to
    describe calls for CMAF endpoints on MediaPackage.
  * api-change:``rds``: Removes support for RDS Custom from DBInstanceClass in ModifyDBInstance
- Update to 1.27.60
  * enhancement:Identity: TokenProvider added for bearer auth support
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``gamelift``: This release adds support for eight EC2 local zones as fleet locations;
    Atlanta, Chicago, Dallas, Denver, Houston, Kansas City (us-east-1-mci-1a), Los Angeles, and
    Phoenix. It also adds support for C5d, C6a, C6i, and R5d EC2 instance families.
  * api-change:``iotwireless``: This release includes a new feature for the customers to enable the
    LoRa gateways to send out beacons for Class B devices and an option to select one or more gateways
    for Class C devices when sending the LoRaWAN downlink messages.
  * api-change:``ivschat``: Documentation change for IVS Chat API Reference. Doc-only update to add a
    paragraph on ARNs to the Welcome section.
  * api-change:``panorama``: Support sorting and filtering in ListDevices API, and add more fields to
    device listings and single device detail
  * api-change:``sso-oidc``: Updated required request parameters on IAM Identity Center's OIDC
    CreateToken action.
- from version 1.27.59
  * api-change:``cloudfront``: Adds support for CloudFront origin access control (OAC), making it
    possible to restrict public access to S3 bucket origins in all AWS Regions, those with SSE-KMS, and
    more.
  * api-change:``config``: AWS Config now supports ConformancePackTemplate documents in SSM Docs for
    the deployment and update of conformance packs.
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``ivs``: Documentation Change for IVS API Reference - Doc-only update to type field
    description for CreateChannel and UpdateChannel actions and for Channel data type. Also added
    Amazon Resource Names (ARNs) paragraph to Welcome section.
  * api-change:``quicksight``: Added a new optional property DashboardVisual under
    ExperienceConfiguration parameter of GenerateEmbedUrlForAnonymousUser and
    GenerateEmbedUrlForRegisteredUser API operations. This supports embedding of specific visuals in
    QuickSight dashboards.
  * api-change:``transfer``: Documentation updates for AWS Transfer Family
- from version 1.27.58
  * api-change:``rds``: RDS for Oracle supports Oracle Data Guard switchover and read replica backups.
  * api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
- from version 1.27.57
  * api-change:``docdb``: Update document for volume clone
  * api-change:``ec2``: R6a instances are powered by 3rd generation AMD EPYC (Milan) processors
    delivering all-core turbo frequency of 3.6 GHz. C6id, M6id, and R6id instances are powered by 3rd
    generation Intel Xeon Scalable processor (Ice Lake) delivering all-core turbo frequency of 3.5 GHz.
  * api-change:``forecast``: releasing What-If Analysis APIs and update ARN regex pattern to be more
    strict in accordance with security recommendation
  * api-change:``forecastquery``: releasing What-If Analysis APIs
  * api-change:``iotsitewise``: Enable non-unique asset names under different hierarchies
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``securityhub``: Added new resource details objects to ASFF, including resources for
    AwsBackupBackupVault, AwsBackupBackupPlan and AwsBackupRecoveryPoint. Added FixAvailable,
    FixedInVersion and Remediation  to Vulnerability.
  * api-change:``support-app``: This is the initial SDK release for the AWS Support App in Slack.
- from version 1.27.56
  * api-change:``connect``: This release adds SearchSecurityProfiles API which can be used to search
    for Security Profile resources within a Connect Instance.
  * api-change:``ivschat``: Documentation Change for IVS Chat API Reference - Doc-only update to
    change text/description for tags field.
  * api-change:``kendra``: This release adds support for a new authentication type - Personal Access
    Token (PAT) for confluence server.
  * api-change:``lookoutmetrics``: This release is to make GetDataQualityMetrics API publicly
    available.
- Update to 1.27.55
  * api-change:``chime-sdk-media-pipelines``: The Amazon Chime SDK now supports live streaming of
    real-time video from the Amazon Chime SDK sessions to streaming platforms such as Amazon IVS and
    Amazon Elemental MediaLive. We have also added support for concatenation to create a single media
    capture file.
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``cognito-idp``: This change is being made simply to fix the public documentation
    based on the models. We have included the PasswordChange and ResendCode events, along with the
    Pass, Fail and InProgress status. We have removed the Success and Failure status which are never
    returned by our APIs.
  * api-change:``dynamodb``: This release adds support for importing data from S3 into a new DynamoDB
    table
  * api-change:``ec2``: This release adds support for VPN log options , a new feature allowing S2S
    VPN connections to send IKE activity logs to CloudWatch Logs
  * api-change:``networkmanager``: Add TransitGatewayPeeringAttachmentId property to
    TransitGatewayPeering Model
- from version 1.27.54
  * api-change:``appmesh``: AWS App Mesh release to support Multiple Listener and Access Log Format
    feature
  * api-change:``connectcampaigns``: Updated exceptions for Amazon Connect Outbound Campaign api's.
  * api-change:``kendra``: This release adds Zendesk connector (which allows you to specify Zendesk
    SAAS platform as data source), Proxy Support for Sharepoint and Confluence Server (which allows you
    to specify the proxy configuration if proxy is required to connect to your Sharepoint/Confluence
    Server as data source).
  * api-change:``lakeformation``: This release adds a new API support "/AssumeDecoratedRoleWithSAML"/
    and also release updates the corresponding documentation.
  * api-change:``lambda``: Added support for customization of Consumer Group ID for MSK and Kafka
    Event Source Mappings.
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``rds``: Adds support for Internet Protocol Version 6 (IPv6) for RDS Aurora database
    clusters.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager.
- from version 1.27.53
  * api-change:``rekognition``: This release adds APIs which support copying an Amazon Rekognition
    Custom Labels model and managing project policies across AWS account.
  * api-change:``servicecatalog``: Documentation updates for Service Catalog
- from version 1.27.52
  * enhancement:AWSCRT: Upgrade awscrt version to 0.14.0
  * api-change:``cloudfront``: Adds Http 3 support to distributions
  * api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
    (successor to AWS Single Sign-On)
  * api-change:``wisdom``: This release introduces a new API PutFeedback that allows submitting
    feedback to Wisdom on content relevance.
- from version 1.27.51
  * api-change:``amp``: This release adds log APIs that allow customers to manage logging for their
    Amazon Managed Service for Prometheus workspaces.
  * api-change:``chime-sdk-messaging``: The Amazon Chime SDK now supports channels with up to one
    million participants with elastic channels.
  * api-change:``ivs``: Updates various list api MaxResults ranges
  * api-change:``personalize-runtime``: This release provides support for promotions in AWS
    Personalize runtime.
  * api-change:``rds``: Adds support for RDS Custom to DBInstanceClass in ModifyDBInstance
- from version 1.27.50
  * api-change:``backupstorage``: This is the first public release of AWS Backup Storage. We are
    exposing some previously-internal APIs for use by external services. These APIs are not meant to be
    used directly by customers.
  * api-change:``glue``: Add support for Python 3.9 AWS Glue Python Shell jobs
  * api-change:``privatenetworks``: This is the initial SDK release for AWS Private 5G. AWS Private
    5G is a managed service that makes it easy to deploy, operate, and scale your own private mobile
    network at your on-premises location.
- from version 1.27.49
  * api-change:``dlm``: This release adds support for excluding specific data (non-boot) volumes from
    multi-volume snapshot sets created by snapshot lifecycle policies
  * api-change:``ec2``: This release adds support for excluding specific data (non-root) volumes from
    multi-volume snapshot sets created from instances.
- from version 1.27.48
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``location``: Amazon Location Service now allows circular geofences in
    BatchPutGeofence, PutGeofence, and GetGeofence  APIs.
  * api-change:``sagemaker-a2i-runtime``: Fix bug with parsing ISO-8601 CreationTime in Java SDK in
    DescribeHumanLoop
  * api-change:``sagemaker``: Amazon SageMaker Automatic Model Tuning now supports specifying
    multiple alternate EC2 instance types to make tuning jobs more robust when the preferred instance
    type is not available due to insufficient capacity.
- from version 1.27.47
  * api-change:``glue``: Add an option to run non-urgent or non-time sensitive Glue Jobs on spare
    capacity
  * api-change:``identitystore``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``iotwireless``: AWS IoT Wireless release support for sidewalk data reliability.
  * api-change:``pinpoint``: Adds support for Advance Quiet Time in Journeys. Adds
    RefreshOnSegmentUpdate and WaitForQuietTime to JourneyResponse.
  * api-change:``quicksight``: A series of documentation updates to the QuickSight API reference.
  * api-change:``sso-admin``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``sso-oidc``: Documentation updates to reflect service rename - AWS IAM Identity
    Center (successor to AWS Single Sign-On)
  * api-change:``sso``: Documentation updates to reflect service rename - AWS IAM Identity Center
    (successor to AWS Single Sign-On)
- from version 1.27.46
  * enhancement:Lambda: Add support for Trace ID in Lambda environments
  * api-change:``chime-sdk-meetings``: Adds support for Tags on Amazon Chime SDK WebRTC sessions
  * api-change:``config``: Add resourceType enums for Athena, GlobalAccelerator, Detective and EC2
    types
  * api-change:``dms``: Documentation updates for Database Migration Service (DMS).
  * api-change:``iot``: The release is to support attach a provisioning template to CACert for JITP
    function,  Customer now doesn't have to hardcode a roleArn and templateBody during register a
    CACert to enable JITP.
- Update to 1.27.45
  * api-change:``cognito-idp``: Add a new exception type, ForbiddenException, that is returned when
    request is not allowed
  * api-change:``wafv2``: You can now associate an AWS WAF web ACL with an Amazon Cognito user pool.
- from version 1.27.44
  * api-change:``license-manager-user-subscriptions``: This release supports user based subscription
    for Microsoft Visual Studio Professional and Enterprise on EC2.
  * api-change:``personalize``: This release adds support for incremental bulk ingestion for the
    Personalize CreateDatasetImportJob API.
- from version 1.27.43
  * api-change:``config``: Documentation update for PutConfigRule and PutOrganizationConfigRule
  * api-change:``workspaces``: This release introduces ModifySamlProperties, a new API that allows
    control of SAML properties associated with a WorkSpaces directory. The DescribeWorkspaceDirectories
    API will now additionally return SAML properties in its responses.
- from version 1.27.42
  * bugfix:TraceId: Rollback bugfix for obeying _X_AMZN_TRACE_ID env var
- from version 1.27.41
  * bugfix:Config: Obey _X_AMZN_TRACE_ID environment variable instead of _X_AMZ_TRACE_ID
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``fsx``: Documentation updates for Amazon FSx
  * api-change:``shield``: AWS Shield Advanced now supports filtering for ListProtections and
    ListProtectionGroups.
- from version 1.27.40
  * api-change:``ec2``: Documentation updates for VM Import/Export.
  * api-change:``es``: This release adds support for gp3 EBS (Elastic Block Store) storage.
  * api-change:``lookoutvision``: This release introduces support for image segmentation models and
    updates CPU accelerator options for models hosted on edge devices.
  * api-change:``opensearch``: This release adds support for gp3 EBS (Elastic Block Store) storage.
- from version 1.27.39
  * api-change:``auditmanager``: This release adds an exceeded quota exception to several APIs. We
    added a ServiceQuotaExceededException for the following operations: CreateAssessment,
    CreateControl, CreateAssessmentFramework, and UpdateAssessmentStatus.
  * api-change:``chime``: Chime VoiceConnector will now support ValidateE911Address which will allow
    customers to prevalidate their addresses included in their SIP invites for emergency calling
  * api-change:``config``: This release adds ListConformancePackComplianceScores API to support the
    new compliance score feature, which provides a percentage of the number of compliant rule-resource
    combinations in a conformance pack compared to the number of total possible rule-resource
    combinations in the conformance pack.
  * api-change:``globalaccelerator``: Global Accelerator now supports dual-stack accelerators,
    enabling support for IPv4 and IPv6 traffic.
  * api-change:``marketplace-catalog``: The SDK for the StartChangeSet API will now automatically set
    and use an idempotency token in the ClientRequestToken request parameter if the customer does not
    provide it.
  * api-change:``polly``: Amazon Polly adds new English and Hindi voice - Kajal. Kajal is available
    as Neural voice only.
  * api-change:``ssm``: Adding doc updates for OpsCenter support in Service Setting actions.
  * api-change:``workspaces``: Added CreateWorkspaceImage API to create a new WorkSpace image from an
    existing WorkSpace.
- from version 1.27.38
  * api-change:``appsync``: Adds support for a new API to evaluate mapping templates with mock data,
    allowing you to remotely unit test your AppSync resolvers and functions.
  * api-change:``detective``: Added the ability to get data source package information for the
    behavior graph. Graph administrators can now start (or stop) optional datasources on the behavior
    graph.
  * api-change:``guardduty``: Amazon GuardDuty introduces a new Malware Protection feature that
    triggers malware scan on selected EC2 instance resources, after the service detects a potentially
    malicious activity.
  * api-change:``lookoutvision``: This release introduces support for the automatic scaling of
    inference units used by Amazon Lookout for Vision models.
  * api-change:``macie2``: This release adds support for retrieving (revealing) sample occurrences of
    sensitive data that Amazon Macie detects and reports in findings.
  * api-change:``rds``: Adds support for using RDS Proxies with RDS for MariaDB databases.
  * api-change:``rekognition``: This release introduces support for the automatic scaling of
    inference units used by Amazon Rekognition Custom Labels models.
  * api-change:``securityhub``: Documentation updates for AWS Security Hub
  * api-change:``transfer``: AWS Transfer Family now supports Applicability Statement 2 (AS2), a
    network protocol used for the secure and reliable transfer of critical Business-to-Business (B2B)
    data over the public internet using HTTP/HTTPS as the transport mechanism.
- Update to 1.27.37
  * api-change:``autoscaling``: Documentation update for Amazon EC2 Auto Scaling.
- from version 1.27.36
  * api-change:``account``: This release enables customers to manage the primary contact information
    for their AWS accounts. For more information, see
    https://docs.aws.amazon.com/accounts/latest/reference/API_Operations.html
  * api-change:``ec2``: Added support for EC2 M1 Mac instances. For more information, please visit
    aws.amazon.com/mac.
  * api-change:``iotdeviceadvisor``: Added new service feature (Early access only) - Long Duration
    Test, where customers can test the IoT device to observe how it behaves when the device is in
    operation for longer period.
  * api-change:``medialive``: Link devices now support remote rebooting. Link devices now support
    maintenance windows. Maintenance windows allow a Link device to install software updates without
    stopping the MediaLive channel. The channel will experience a brief loss of input from the device
    while updates are installed.
  * api-change:``rds``: This release adds the "/ModifyActivityStream"/ API with support for audit
    policy state locking and unlocking.
  * api-change:``transcribe``: Remove unsupported language codes for StartTranscriptionJob and update
    VocabularyFileUri for UpdateMedicalVocabulary
- from version 1.27.35
  * api-change:``athena``: This feature allows customers to retrieve runtime statistics for completed
    queries
  * api-change:``cloudwatch``: Update cloudwatch client to latest version
  * api-change:``dms``: Documentation updates for Database Migration Service (DMS).
  * api-change:``docdb``: Enable copy-on-write restore type
  * api-change:``ec2-instance-connect``: This release includes a new exception type
    "/EC2InstanceUnavailableException"/ for SendSSHPublicKey and SendSerialConsoleSSHPublicKey APIs.
  * api-change:``frauddetector``: The release introduces Account Takeover Insights (ATI) model. The
    ATI model detects fraud relating to account takeover. This release also adds support for new
    variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to Model Version APIs.
  * api-change:``iotsitewise``: Added asynchronous API to ingest bulk historical and current data
    into IoT SiteWise.
  * api-change:``kendra``: Amazon Kendra now provides Oauth2 support for SharePoint Online. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-sharepoint.html
  * api-change:``network-firewall``: Network Firewall now supports referencing dynamic IP sets from
    stateful rule groups, for IP sets stored in Amazon VPC prefix lists.
  * api-change:``rds``: Adds support for creating an RDS Proxy for an RDS for MariaDB database.
- from version 1.27.34
  * api-change:``acm-pca``: AWS Certificate Manager (ACM) Private Certificate Authority (PCA)
    documentation updates
  * api-change:``iot``: GA release the ability to enable/disable IoT Fleet Indexing for Device
    Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs. This
    includes Named Shadow Selection as a part of the UpdateIndexingConfiguration API.
- from version 1.27.33
  * api-change:``devops-guru``: Added new APIs for log anomaly detection feature.
  * api-change:``glue``: Documentation updates for AWS Glue Job Timeout and Autoscaling
  * api-change:``sagemaker-edge``: Amazon SageMaker Edge Manager provides lightweight model
    deployment feature to deploy machine learning models on requested devices.
  * api-change:``sagemaker``: Fixed an issue with cross account QueryLineage
  * api-change:``workspaces``: Increased the character limit of the login message from 850 to 2000
    characters.
- from version 1.27.32
  * api-change:``discovery``: Add AWS Agentless Collector details to the GetDiscoverySummary API
    response
  * api-change:``ec2``: Documentation updates for Amazon EC2.
  * api-change:``elasticache``: Adding AutoMinorVersionUpgrade in the DescribeReplicationGroups API
  * api-change:``kms``: Added support for the SM2 KeySpec in China Partition Regions
  * api-change:``mediapackage``: This release adds "/IncludeIframeOnlyStream"/ for Dash endpoints and
    increases the number of supported video and audio encryption presets for Speke v2
  * api-change:``sagemaker``: Amazon SageMaker Edge Manager provides lightweight model deployment
    feature to deploy machine learning models on requested devices.
  * api-change:``sso-admin``: AWS SSO now supports attaching customer managed policies and a
    permissions boundary to your permission sets. This release adds new API operations to manage and
    view the customer managed policies and the permissions boundary for a given permission set.
- from version 1.27.31
  * api-change:``datasync``: Documentation updates for AWS DataSync regarding configuring Amazon FSx
    for ONTAP location security groups and SMB user permissions.
  * api-change:``drs``: Changed existing APIs to allow choosing a dynamic volume type for replicating
    volumes, to reduce costs for customers.
  * api-change:``evidently``: This release adds support for the new segmentation feature.
  * api-change:``wafv2``: This SDK release provide customers ability to add sensitivity level for WAF
    SQLI Match Statements.
- Update to 1.27.30
  * api-change:``athena``: This release updates data types that contain either QueryExecutionId,
    NamedQueryId or ExpectedBucketOwner. Ids must be between 1 and 128 characters and contain only
    non-whitespace characters. ExpectedBucketOwner must be 12-digit string.
  * api-change:``codeartifact``: This release introduces Package Origin Controls, a mechanism used to
    counteract Dependency Confusion attacks. Adds two new APIs, PutPackageOriginConfiguration and
    DescribePackage, and updates the ListPackage, DescribePackageVersion and ListPackageVersion APIs in
    support of the feature.
  * api-change:``config``: Update ResourceType enum with values for Route53Resolver, Batch, DMS,
    Workspaces, Stepfunctions, SageMaker, ElasticLoadBalancingV2, MSK types
  * api-change:``ec2``: This release adds flow logs for Transit Gateway to  allow customers to gain
    deeper visibility and insights into network traffic through their Transit Gateways.
  * api-change:``fms``: Adds support for strict ordering in stateful rule groups in Network Firewall
    policies.
  * api-change:``glue``: This release adds an additional worker type for Glue Streaming jobs.
  * api-change:``inspector2``: This release adds support for Inspector V2 scan configurations through
    the get and update configuration APIs. Currently this allows configuring ECR automated re-scan
    duration to lifetime or 180 days or 30 days.
  * api-change:``kendra``: This release adds AccessControlConfigurations which allow you to redefine
    your document level access control without the need for content re-indexing.
  * api-change:``nimble``: Amazon Nimble Studio adds support for IAM-based access to AWS resources
    for Nimble Studio components and custom studio components. Studio Component scripts use these roles
    on Nimble Studio workstation to mount filesystems, access S3 buckets, or other configured resources
    in the Studio's AWS account
  * api-change:``outposts``: This release adds the ShipmentInformation and AssetInformationList
    fields to the GetOrder API response.
  * api-change:``sagemaker``: This release adds support for G5, P4d, and C6i instance types in Amazon
    SageMaker Inference and increases the number of hyperparameters that can be searched from 20 to 30
    in Amazon SageMaker Automatic Model Tuning
- from version 1.27.29
  * api-change:``appconfig``: Adding Create, Get, Update, Delete, and List APIs for new two new
    resources: Extensions and ExtensionAssociations.
- from version 1.27.28
  * api-change:``networkmanager``: This release adds general availability API support for AWS Cloud
    WAN.
- from version 1.27.27
  * api-change:``ec2``: Build, manage, and monitor a unified global network that connects resources
    running across your cloud and on-premises environments using the AWS Cloud WAN APIs.
  * api-change:``redshift-serverless``: Removed prerelease language for GA launch.
  * api-change:``redshift``: This release adds a new --snapshot-arn field for
    describe-cluster-snapshots, describe-node-configuration-options, restore-from-cluster-snapshot,
    authorize-snapshot-acsess, and revoke-snapshot-acsess APIs. It allows customers to give a Redshift
    snapshot ARN or a Redshift Serverless ARN as input.
- from version 1.27.26
  * api-change:``backup``: This release adds support for authentication using IAM user identity
    instead of passed IAM role, identified by excluding the IamRoleArn field in the StartRestoreJob
    API. This feature applies to only resource clients with a destructive restore nature (e.g. SAP
    HANA).
- from version 1.27.25
  * api-change:``chime-sdk-meetings``: Adds support for AppKeys and TenantIds in Amazon Chime SDK
    WebRTC sessions
  * api-change:``dms``: New api to migrate event subscriptions to event bridge rules
  * api-change:``iot``: This release adds support to register a CA certificate without having to
    provide a verification certificate. This also allows multiple AWS accounts to register the same CA
    in the same region.
  * api-change:``iotwireless``: Adds 5 APIs: PutPositionConfiguration, GetPositionConfiguration,
    ListPositionConfigurations, UpdatePosition, GetPosition for the new Positioning Service feature
    which enables customers to configure solvers to calculate position of LoRaWAN devices, or specify
    position of LoRaWAN devices & gateways.
  * api-change:``sagemaker``: Heterogeneous clusters: the ability to launch training jobs with
    multiple instance types. This enables running component of the training job on the instance type
    that is most suitable for it. e.g. doing data processing and augmentation on CPU instances and
    neural network training on GPU instances
- from version 1.27.24
  * api-change:``cloudformation``: My AWS Service (placeholder) - Add a new feature Account-level
    Targeting for StackSet operation
  * api-change:``synthetics``: This release introduces Group feature, which enables users to group
    cross-region canaries.
- from version 1.27.23
  * api-change:``config``: Updating documentation service limits
  * api-change:``lexv2-models``: Update lexv2-models client to latest version
  * api-change:``quicksight``: This release allows customers to programmatically create QuickSight
    accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for
    embedding QuickSight dashboards at runtime through the embedding APIs.
  * api-change:``rds``: Adds waiters support for DBCluster.
  * api-change:``rolesanywhere``: IAM Roles Anywhere allows your workloads such as servers,
    containers, and applications to obtain temporary AWS credentials and use the same IAM roles and
    policies that you have configured for your AWS workloads to access AWS resources.
  * api-change:``ssm-incidents``: Adds support for tagging incident-record on creation by providing
    incident tags in the template within a response-plan.
- from version 1.27.22
  * api-change:``dms``: Added new features for AWS DMS version 3.4.7 that includes new endpoint
    settings for S3, OpenSearch, Postgres, SQLServer and Oracle.
  * api-change:``rds``: Adds support for additional retention periods to Performance Insights.
- from version 1.27.21
  * api-change:``athena``: This feature introduces the API support for Athena's parameterized query
    and BatchGetPreparedStatement API.
  * api-change:``customer-profiles``: This release adds the optional
    MinAllowedConfidenceScoreForMerging parameter to the CreateDomain, UpdateDomain, and
    GetAutoMergingPreview APIs in Customer Profiles. This parameter is used as a threshold to influence
    the profile auto-merging step of the Identity Resolution process.
  * api-change:``emr``: Update emr client to latest version
  * api-change:``glue``: This release adds tag as an input of CreateDatabase
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for alfresco
  * api-change:``mwaa``: Documentation updates for Amazon Managed Workflows for Apache Airflow.
  * api-change:``pricing``: Documentation update for GetProducts Response.
  * api-change:``wellarchitected``: Added support for UpdateGlobalSettings API. Added status filter
    to ListWorkloadShares and ListLensShares.
  * api-change:``workmail``: This release adds support for managing user availability configurations
    in Amazon WorkMail.
- Update to 1.27.20
  * api-change:``appstream``: Includes support for StreamingExperienceSettings in CreateStack and
    UpdateStack APIs
  * api-change:``elbv2``: Update elbv2 client to latest version
  * api-change:``emr``: Update emr client to latest version
  * api-change:``medialive``: This release adds support for automatic renewal of MediaLive
    reservations at the end of each reservation term. Automatic renewal is optional. This release also
    adds support for labelling accessibility-focused audio and caption tracks in HLS outputs.
  * api-change:``redshift-serverless``: Add new API operations for Amazon Redshift Serverless, a new
    way of using Amazon Redshift without needing to manually manage provisioned clusters. The new
    operations let you interact with Redshift Serverless resources, such as create snapshots, list VPC
    endpoints, delete resource policies, and more.
  * api-change:``sagemaker``: This release adds: UpdateFeatureGroup, UpdateFeatureMetadata,
    DescribeFeatureMetadata APIs; FeatureMetadata type in Search API; LastModifiedTime,
    LastUpdateStatus, OnlineStoreTotalSizeBytes in DescribeFeatureGroup API.
  * api-change:``translate``: Added ListLanguages API which can be used to list the languages
    supported by Translate.
- from version 1.27.19
  * api-change:``datasync``: AWS DataSync now supports Amazon FSx for NetApp ONTAP locations.
  * api-change:``ec2``: This release adds a new spread placement group to EC2 Placement Groups: host
    level spread, which spread instances between physical hosts, available to Outpost customers only.
    CreatePlacementGroup and DescribePlacementGroups APIs were updated with a new parameter:
    SpreadLevel to support this feature.
  * api-change:``finspace-data``: Release new API GetExternalDataViewAccessDetails
  * api-change:``polly``: Add 4 new neural voices - Pedro (es-US), Liam (fr-CA), Daniel (de-DE) and
    Arthur (en-GB).
- from version 1.27.18
  * api-change:``iot``: This release ease the restriction for the input of tag value to align with
    AWS standard, now instead of min length 1, we change it to min length 0.
- from version 1.27.17
  * api-change:``glue``: This release enables the new ListCrawls API for viewing the AWS Glue Crawler
    run history.
  * api-change:``rds-data``: Documentation updates for RDS Data API
- from version 1.27.16
  * api-change:``lookoutequipment``: This release adds visualizations to the scheduled inference
    results. Users will be able to see interference results, including diagnostic results from their
    running inference schedulers.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has released support for automatic
    DolbyVision metadata generation when converting HDR10 to DolbyVision.
  * api-change:``mgn``: New and modified APIs for the Post-Migration Framework
  * api-change:``migration-hub-refactor-spaces``: This release adds the new API UpdateRoute that
    allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow
    users to create route in ACTIVE/INACTIVE state.
  * api-change:``sagemaker``: SageMaker Ground Truth now supports Virtual Private Cloud. Customers
    can launch labeling jobs and access to their private workforce in VPC mode.
- from version 1.27.15
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``pricing``: This release introduces 1 update to the GetProducts API. The serviceCode
    attribute is now required when you use the GetProductsRequest.
  * api-change:``transfer``: Until today, the service supported only RSA host keys and user keys. Now
    with this launch, Transfer Family has expanded the support for ECDSA and ED25519 host keys and user
    keys, enabling customers to support a broader set of clients by choosing RSA, ECDSA, and ED25519
    host and user keys.
- from version 1.27.14
  * api-change:``ec2``: This release adds support for Private IP VPNs, a new feature allowing S2S VPN
    connections to use private ip addresses as the tunnel outside ip address over Direct Connect as
    transport.
  * api-change:``ecs``: Amazon ECS UpdateService now supports the following parameters:
    PlacementStrategies, PlacementConstraints and CapacityProviderStrategy.
  * api-change:``wellarchitected``: Adds support for lens tagging, Adds support for multiple
    helpful-resource urls and multiple improvement-plan urls.
- from version 1.27.13
  * api-change:``ds``: This release adds support for describing and updating AWS Managed Microsoft AD
    settings
  * api-change:``kafka``: Documentation updates to use Az Id during cluster creation.
  * api-change:``outposts``: This release adds the AssetLocation structure to the ListAssets
    response. AssetLocation includes the RackElevation for an Asset.
- from version 1.27.12
  * api-change:``connect``: This release updates these APIs: UpdateInstanceAttribute,
    DescribeInstanceAttribute and ListInstanceAttributes. You can use it to programmatically
    enable/disable High volume outbound communications using attribute type HIGH_VOLUME_OUTBOUND on the
    specified Amazon Connect instance.
  * api-change:``connectcampaigns``: Added Amazon Connect high volume outbound communications SDK.
  * api-change:``dynamodb``: Doc only update for DynamoDB service
  * api-change:``dynamodbstreams``: Update dynamodbstreams client to latest version
- from version 1.27.11
  * api-change:``redshift-data``: This release adds a new --workgroup-name field to operations that
    connect to an endpoint. Customers can now execute queries against their serverless workgroups.
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``securityhub``: Added Threats field for security findings. Added new resource details
    for ECS Container, ECS Task, RDS SecurityGroup, Kinesis Stream, EC2 TransitGateway, EFS
    AccessPoint, CloudFormation Stack, CloudWatch Alarm, VPC Peering Connection and WAF Rules
- from version 1.27.10
  * api-change:``finspace-data``: This release adds a new set of APIs, GetPermissionGroup,
    DisassociateUserFromPermissionGroup, AssociateUserToPermissionGroup, ListPermissionGroupsByUser,
    ListUsersByPermissionGroup.
  * api-change:``guardduty``: Adds finding fields available from GuardDuty Console. Adds FreeTrial
    related operations. Deprecates the use of various APIs related to Master Accounts and Replace them
    with Administrator Accounts.
  * api-change:``servicecatalog-appregistry``: This release adds a new API
    ListAttributeGroupsForApplication that returns associated attribute groups of an application. In
    addition, the UpdateApplication and UpdateAttributeGroup APIs will not allow users to update the
    'Name' attribute.
  * api-change:``workspaces``: Added new field "/reason"/ to OperationNotSupportedException. Receiving
    this exception in the DeregisterWorkspaceDirectory API will now return a reason giving more context
    on the failure.
- from version 1.27.9
  * api-change:``budgets``: Add a budgets ThrottlingException. Update the CostFilters value pattern.
  * api-change:``lookoutmetrics``: Adding filters to Alert and adding new UpdateAlert API.
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
    constrain Automatic-ABR rendition selection when generating ABR package ladders.
- from version 1.27.8
  * api-change:``outposts``: This release adds API operations AWS uses to install Outpost servers.
- from version 1.27.7
  * api-change:``frauddetector``: Documentation updates for Amazon Fraud Detector (AWSHawksNest)
- from version 1.27.6
  * api-change:``chime-sdk-meetings``: Adds support for live transcription in AWS GovCloud (US)
    Regions.
- from version 1.27.5
  * api-change:``dms``: This release adds DMS Fleet Advisor APIs and exposes functionality for DMS
    Fleet Advisor. It adds functionality to create and modify fleet advisor instances, and to collect
    and analyze information about the local data infrastructure.
  * api-change:``iam``: Documentation updates for AWS Identity and Access Management (IAM).
  * api-change:``m2``: AWS Mainframe Modernization service is a managed mainframe service and set of
    tools for planning, migrating, modernizing, and running mainframe workloads on AWS
  * api-change:``neptune``: This release adds support for Neptune to be configured as a global
    database, with a primary DB cluster in one region, and up to five secondary DB clusters in other
    regions.
  * api-change:``redshift``: Adds new API GetClusterCredentialsWithIAM to return temporary
    credentials.
- from version 1.27.4
  * api-change:``auditmanager``: This release introduces 2 updates to the Audit Manager API. The
    roleType and roleArn attributes are now required when you use the CreateAssessment or
    UpdateAssessment operation. We also added a throttling exception to the RegisterAccount API
    operation.
  * api-change:``ce``: Added two new APIs to support cost allocation tags operations:
    ListCostAllocationTags, UpdateCostAllocationTagsStatus.
- from version 1.27.3
  * api-change:``chime-sdk-messaging``: This release adds support for searching channels by members
    via the SearchChannels API, removes required restrictions for Name and Mode in UpdateChannel API
    and enhances CreateChannel API by exposing member and moderator list as well as channel id as
    optional parameters.
  * api-change:``connect``: This release adds a new API, GetCurrentUserData, which returns real-time
    details about users' current activity.
- Update to 1.27.2
  * api-change:``codeartifact``: Documentation updates for CodeArtifact
  * api-change:``voice-id``: Added a new attribute ServerSideEncryptionUpdateDetails to Domain and
    DomainSummary.
  * api-change:``proton``: Add new "/Components"/ API to enable users to Create, Delete and Update AWS
    Proton components.
  * api-change:``connect``: This release adds the following features: 1) New APIs to manage (create,
    list, update) task template resources, 2) Updates to startTaskContact API to support task
    templates, and 3) new TransferContact API to programmatically transfer in-progress tasks via a
    contact flow.
  * api-change:``application-insights``: Provide Account Level onboarding support through CFN/CLI
  * api-change:``kendra``: Amazon Kendra now provides a data source connector for GitHub. For more
    information, see https://docs.aws.amazon.com/kendra/latest/dg/data-source-github.html
- from version 1.27.1
  * api-change:``backup-gateway``: Adds GetGateway and UpdateGatewaySoftwareNow API and adds
    hypervisor name to UpdateHypervisor API
  * api-change:``forecast``: Added Format field to Import and Export APIs in Amazon Forecast. Added
    TimeSeriesSelector to Create Forecast API.
  * api-change:``chime-sdk-meetings``: Adds support for centrally controlling each participant's
    ability to send and receive audio, video and screen share within a WebRTC session.  Attendee
    capabilities can be specified when the attendee is created and updated during the session with the
    new BatchUpdateAttendeeCapabilitiesExcept API.
  * api-change:``route53``: Add new APIs to support Route 53 IP Based Routing
- from version 1.27.0
  * api-change:``iotsitewise``: This release adds the following new optional field to the IoT
    SiteWise asset resource: assetDescription.
  * api-change:``lookoutmetrics``: Adding backtest mode to detectors using the Cloudwatch data source.
  * api-change:``transcribe``: Amazon Transcribe now supports automatic language identification for
    multi-lingual audio in batch mode.
  * feature:Python: Dropped support for Python 3.6
  * api-change:``cognito-idp``: Amazon Cognito now supports IP Address propagation for all
    unauthenticated APIs (e.g. SignUp, ForgotPassword).
  * api-change:``drs``: Changed existing APIs and added new APIs to accommodate using multiple AWS
    accounts with AWS Elastic Disaster Recovery.
  * api-change:``sagemaker``: Amazon SageMaker Notebook Instances now support Jupyter Lab 3.
- from version 1.26.10
  * api-change:``sagemaker``: Amazon SageMaker Notebook Instances now allows configuration of
    Instance Metadata Service version and Amazon SageMaker Studio now supports G5 instance types.
  * api-change:``appflow``: Adding the following features/changes: Parquet output that preserves
    typing from the source connector, Failed executions threshold before deactivation for scheduled
    flows, increasing max size of access and refresh token from 2048 to 4096
  * api-change:``datasync``: AWS DataSync now supports TLS encryption in transit, file system
    policies and access points for EFS locations.
  * api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
    runtime environment that simplifies running analytics applications using the latest open source
    frameworks such as Apache Spark and Apache Hive.
- from version 1.26.9
  * api-change:``lightsail``: Amazon Lightsail now supports the ability to configure a Lightsail
    Container Service to pull images from Amazon ECR private repositories in your account.
  * api-change:``emr-serverless``: This release adds support for Amazon EMR Serverless, a serverless
    runtime environment that simplifies running analytics applications using the latest open source
    frameworks such as Apache Spark and Apache Hive.
  * api-change:``ec2``: C7g instances, powered by the latest generation AWS Graviton3 processors,
    provide the best price performance in Amazon EC2 for compute-intensive workloads.
  * api-change:``forecast``: Introduced a new field in Auto Predictor as Time Alignment Boundary. It
    helps in aligning the timestamps generated during Forecast exports
- from version 1.26.8
  * api-change:``secretsmanager``: Documentation updates for Secrets Manager
  * api-change:``fsx``: This release adds root squash support to FSx for Lustre to restrict root
    level access from clients by mapping root users to a less-privileged user/group with limited
    permissions.
  * api-change:``lookoutmetrics``: Adding AthenaSourceConfig for MetricSet APIs to support Athena as
    a data source.
  * api-change:``voice-id``: VoiceID will now automatically expire Speakers if they haven't been
    accessed for Enrollment, Re-enrollment or Successful Auth for three years. The Speaker APIs now
    return a "/LastAccessedAt"/ time for Speakers, and the EvaluateSession API returns "/SPEAKER_EXPIRED"/
    Auth Decision for EXPIRED Speakers.
  * api-change:``cloudformation``: Add a new parameter statusReason to DescribeStackSetOperation
    output for additional details
  * api-change:``apigateway``: Documentation updates for Amazon API Gateway
  * api-change:``apprunner``: Documentation-only update added for CodeConfiguration.
  * api-change:``sagemaker``: Amazon SageMaker Autopilot adds support for manually selecting features
    from the input dataset using the CreateAutoMLJob API.
- from version 1.26.7
  * api-change:``mediaconvert``: AWS Elemental MediaConvert SDK has added support for rules that
    constrain Automatic-ABR rendition selection when generating ABR package ladders.
  * api-change:``cognito-idp``: Amazon Cognito now supports requiring attribute verification (ex.
    email and phone number) before update.
  * api-change:``networkmanager``: This release adds Multi Account API support for a TGW Global
    Network, to enable and disable AWSServiceAccess with AwsOrganizations for Network Manager service
    and dependency CloudFormation StackSets service.
  * api-change:``ivschat``: Doc-only update. For MessageReviewHandler structure, added timeout period
    in the description of the fallbackResult field
  * api-change:``ec2``: Stop Protection feature enables customers to protect their instances from
    accidental stop actions.
- from version 1.26.6
  * api-change:``elasticache``: Added support for encryption in transit for Memcached clusters.
    Customers can now launch Memcached cluster with encryption in transit enabled when using Memcached
    version 1.6.12 or later.
  * api-change:``forecast``: New APIs for Monitor that help you understand how your predictors
    perform over time.
  * api-change:``personalize``: Adding modelMetrics as part of DescribeRecommender API response for
    Personalize.
- from version 1.26.5
  * api-change:``comprehend``: Comprehend releases 14 new entity types for DetectPiiEntities and
    ContainsPiiEntities APIs.
  * api-change:``logs``: Doc-only update to publish the new valid values for log retention
python-certifi
- remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle
  certs (bsc#1206212 CVE-2022-23491)
  - TrustCor RootCert CA-1
  - TrustCor RootCert CA-2
  - TrustCor ECA-1
- Add removeTrustCor.patch
python-cryptography
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects
python-gobject
- Update to version 3.42.2:
  * Error out instead of crashing when marshaling unsupported
    fundamental types in some cases :mr:`180`
  * Add a workaround for a PyPy 3.9+ bug when threads are used
    :mr:`200`
  * Fix crashes when marshaling zero terminated arrays for certain
    item types :mr:`191`
  * Fix a crash/refcounting error in case marshaling a hash table
    fails :mr:`191`
  * Make the test suite pass again with PyPy :mr:`191`
  * tests: support running tests with (MSVC) CPython 3.8+ on
    Windows :mr:`206`
  * interface: Fix leak when overriding GInterfaceInfo :mr:`204`
  * setup.py: look up pycairo headers without importing the module
    (helps with building on Windows and MSVC CPython 3.8+)
    :mr:`205`
- Add dependency on python-cairo to python-gobject-cairo: The
  introspection wrapper needs the actual pycairo underneath
  (boo#1179584).
- Update to version 3.42.1:
  + Do not error out for unknown scopes.
  + gtk overrides: restore Gtk.ListStore.insert_with_valuesv with
    newer GTK4.
  + gtk overrides: Do not override Treeview.enable_model_drag_xx
    for GTK4.
  + Implement DynamicImporter.find_spec() to silence deprecation
    warning.
  + Some test/CI fixes.
python-jmespath

      
python-packaging
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
  + fix-big-endian-build.patch
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
  * Add a pp3-none-any tag (gh#pypa/packaging#311)
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
    (gh#pypa/packaging#481), (gh#pypa/packaging#486)
  * Fix a spelling mistake (gh#pypa/packaging#479)
- update to 21.2:
  * Update documentation entry for 21.1.
  * Update pin to pyparsing to exclude 3.0.0.
  * PEP 656: musllinux support
  * Drop support for Python 2.7, Python 3.4 and Python 3.5.
  * Replace distutils usage with sysconfig
  * Add support for zip files in ``parse_sdist_filename``
  * Use cached ``_hash`` attribute to short-circuit tag equality comparisons
  * Specify the default value for the ``specifier`` argument to ``SpecifierSet``
  * Proper keyword-only "/warn"/ argument in packaging.tags
  * Correctly remove prerelease suffixes from ~= check
  * Fix type hints for ``Version.post`` and ``Version.dev``
  * Use typing alias ``UnparsedVersion``
  * Improve type inference for ``packaging.specifiers.filter()``
  * Tighten the return type of ``canonicalize_version()``
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
  * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
  * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
  * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
  * Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
  * Do not insert an underscore in wheel tags when the interpreter version number
    is more than 2 digits (:issue:`372`)
  * Fix flit configuration, to include LICENSE files (:issue:`357`)
  * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
  * Add some missing type hints to `packaging.requirements` (issue:`350`)
  * Officially support Python 3.9 (:issue:`343`)
  * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
  * Handle ``OSError`` on non-dynamic executables when attempting to resolve
    the glibc version string.
- update to 20.4:
  * Canonicalize version before comparing specifiers. (:issue:`282`)
  * Change type hint for ``canonicalize_name`` to return
  ``packaging.utils.NormalizedName``.
  This enables the use of static typing tools (like mypy) to detect mixing of
  normalized and un-normalized names.
python-parallax
- Fix: manager: writer thread can only be started once (bsc#1208817)
  Add patch 0001-Fix-manager-writer-thread-can-only-be-started-once-b.patch
- Fix: manager: file descriptor leakage (bsc#1205116)
- Release 1.0.8
- Release 1.0.7
- Remove patches since already included:
  Remove patch 0001-Add-ssh_key-option-used-by-i-option-of-ssh-scp.patch
  Remove patch 0002-Change-format-of-scp-command-for-ipv6-compatible.patch
  Remove patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
  Remove patch 0004-Fix-Error-inherit-from-Exception-instead-of-BaseExce.patch
  Remove patch 0005-Dev-add-parallax.run-to-return-non-zero-rc-without-r.patch
- Dev: add parallax.run() to return non-zero rc without raising exceptions
  Add patch 0005-Dev-add-parallax.run-to-return-non-zero-rc-without-r.patch
- Fix: Error: inherit from Exception instead of BaseExceptin
  Add patch 0004-Fix-Error-inherit-from-Exception-instead-of-BaseExce.patch
python-paramiko
- Add rsa-key-loading-fix.patch (bsc#1205132) fixing loading RSA
  key.
python-ply

      
python-py
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add patch remove-svn-remants.patch to help with that goal.
- Refresh pr_222.patch as needed for above.
python-s3transfer
- Update in SLE-15 (bsc#1209255, jsc#PED-3780)
- Add python-python-dateutil and python-jmespath to BuildRequires
- Update in SLE-15 (bsc#1204537, jsc#PED-2333)
- Update to 0.6.0
  * feature:Python: Dropped support for Python 3.6
- from version 0.5.2
  * enhancement:``s3``: Added support for flexible checksums
    when uploading or downloading objects.
- from version 0.5.1
  * enhancement:Python: Officially add Python 3.10 support
- Drop unused python-mock dependency from BuildRequires
- Refresh patches for new version
  + no-bundled-packages.patch
python3
- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
release-notes-sles-for-sap
- 15.4.20221130 (tracked in bsc#933411)
- Added note about susChkSrv.py (bsc#1204008)
resource-agents
- azure-events-az errors with newer pacemaker with azure events active
  (bsc#1210433)
  Add upstream patches:
    1854.patch
    1864.patch
- ECO: Maint: Remove ocf_heartbeat_ZFS (jsc#PED-2841)
  Add patch:
    remove-zfs-support.patch
- SAPInstance can break if kill.sap includes unexpected content.
  (bsc#1206100)
  Include upstream patch:
    1825.patch
- ECO: Maint: AWS EFS Support in Filesystem OCF required
  (jsc#PED-2794)
  Include upstream patch:
    0001-Filesystem-Add-support-for-Amazon-EFS-mount-helper.patch
- Pacemaker should provide a dynamic option to specify a logfile
  (jsc#PED-121)
  Add upstream patch:
    1739.patch
rsyslog
- fix parsing of legacy config syntax (bsc#1205275)
  * add:
    0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
    0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
- remove $klogConsoleLogLevel setting from rsyslog.conf (bsc#1191833)
  * this legacy setting from pre-systemd times is obsolete and can
    block important systemd messages
rubygem-actionpack-5_1
- Add patch to fix CVE-2023-22795 (bsc#1207451)
  0007-CVE-2023-22795.patch
- Add patch to fix CVE-2023-22792 (bsc#1207455)
  0006-CVE-2023-22792.patch
rubygem-actionview-5_1
- Add patch to fix CVE-2022-27777 (bsc#1199060)
  0004-CVE-2022-27777.patch
- Add patch to fix CVE-2020-15169 (bsc#1176421)
  0003-CVE-2020-15169.patch
- Add patch to fix CVE-2020-8167 (bsc#1172184)
  0002-CVE-2020-8167.patch
rubygem-activerecord-5_1
- Add patch to fix CVE-2022-44566 (bsc#1207450)
  CVE-2022-44566.patch
rubygem-activesupport-5_1
- Add patch to fix CVE-2023-22796 (bsc#1207454)
  CVE-2023-22796.patch
rubygem-globalid
- security update
- added patches
  fix CVE-2023-22799 [bsc#1207587], ReDoS vulnerability
  + rubygem-globalid-CVE-2023-22799.patch
rubygem-loofah
- Added patch CVE-2022-23516.patch to fix CVE-2022-23516 (bsc#1206416)
- Added patch CVE-2022-23514.patch to fix CVE-2022-23514 (bsc#1206415)
- Added patch CVE-2022-23515.patch to fix CVE-2022-23515 (bsc#1206417)
rubygem-rack
  fix CVE-2023-27539 [bsc#1209503], denial of service in header parsing
  + rubygem-rack-CVE-2023-27539.patch
- security update
- added patches
  fix CVE-2023-27530 [bsc#1209095], Denial of service in Multipart MIME parsing
  + rubygem-rack-CVE-2023-27530.patch
- security update
- added patches
  fix CVE-2022-44570 [bsc#1207597], denial of service in Content-Disposition parsing
  + rubygem-rack-CVE-2022-44570.patch
  fix CVE-2022-44571 [bsc#1207599], denial of service in Content-Disposition parsing
  + rubygem-rack-CVE-2022-44571.patch
  fix CVE-2022-44572 [bsc#1207596], denial of service in Content-Disposition parsing
  + rubygem-rack-CVE-2022-44572.patch
- security update
- added patches
rubygem-websocket-extensions
- security update
- added patches
  fix CVE-2020-7663 [bsc#1172445], Denial of Service (DoS) via Regex Backtracking
  + rubygem-websocket-extensions-CVE-2020-7663.patch
runc
- Update to runc v1.1.7. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.
- Update to runc v1.1.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
- Update to runc v1.1.5. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
  Includes fixes for the following CVEs:
  - CVE-2023-25809 bsc#1209884
  - CVE-2023-27561 bsc#1208962
  - CVE-2023-28642 bsc#1209888
  * Fix the inability to use `/dev/null` when inside a container. bsc#1168481
  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
    (a regression in 1.1.1). bsc#1207004
  * Fix rare runc exec/enter unshare error on older kernels.
  * nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
samba
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "/dnsHostname"/ attribute can be
  deleted by unprivileged authenticated users; (bso#15276);
  (bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
  be discovered; (bso#15270); (bsc#1209485).
- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).
- CVE-2022-38023 Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).
- Update to 4.15.13
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
  * CVE-2022-37967 Kerberos constrained delegation ticket forgery
    possible against Samba AD DC; (bso#15231); (bsc#1205386);
  * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
    and should be avoided; (bso#15240); (bsc#1206504);
  * filter-subunit is inefficient with large numbers of
    knownfails; (bso#15258);
  * The KDC logic arround msDs-supportedEncryptionTypes differs
    from Windows; (bso#13135);
  * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
    (bso#15197);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
  * Paths are additive so do not repeat paths from named.service
  * Prefix the samba DLZ directory with "/-"/ to ignore this path
    if it does not exists
- Install a systemd drop-in file for named service to allow
  read/write access to the DLZ directory; (bsc#1201689);
- Update to 4.15.12
  * CVE-2022-42898: samba: heimdal: Samba buffer overflow
    vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
  * Allow rebuild of Centos 8 images after move to vault for
    Samba 4.15; (bso#15193).
  * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
    (bso#15134); (bsc#1204254)
- Update to 4.15.10
  * Possible use after free of connection_struct when iterating
    smbd_server_connection->connections; (bso#15128);
    (bsc#1200102).
  * smbXsrv_connection_shutdown_send result leaked; (bso#15174).
  * Spotlight RPC service returns wrong response when Spotlight
    is disabled on a share; (bso#15086).
  * acl_xattr VFS module may unintentionally use filesystem
    permissions instead of ACL from xattr; (bso#15126).
  * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
    (bso#15153).
  * assert failed: !is_named_stream(smb_fname)"/) at
    ../../lib/util/fault.c:197; (bso#15161).
  * Missing READ_LEASE break could cause data corruption;
    (bso#15148).
  * rpcclient can crash using setuserinfo(2); (bso#15124).
  * Samba fails to build with glibc 2.36 caused by including
    <sys/mount.h> in libreplace; (bso#15132).
  * SMB1 negotiation can fail to handle connection errors;
    (bso#15152).
  * samba-tool domain join segfault when joining a samba ad
    domain; (bso#15078).
- Update to 4.15.9
  * CVE-2022-32742:SMB1 code does not correct verify SMB1write,
    SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
    (bsc#1201496).
  * CVE-2022-32746: samba: Use-after-free occurring in database
    audit logging; (bso#15009); (bso#15096); (bsc#1201490).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  * CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  * CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
sapconf
- version update from 5.0.5 to 5.0.6
- add parameter IGNORE_RELOAD to /etc/sysconfig/sapconf to prevent
  sapconf from changing any system tunables during package update
  (bsc#1209408)
- fix for a race condition which leads to a missing start/restart
  of sapconf, which ends up with restored kernel parameters to
  defaults
  (bsc#1207899)
sbd
- Update to version 1.5.1+20221128.8ec8e01:
- sbd-inquisitor: fail startup if pacemaker integration is disabled while SBD_SYNC_RESOURCE_STARTUP is conflicting (bsc#1204319)
- sbd-inquisitor: do not warn about startup syncing if pacemaker integration is even intentionally disabled (bsc#1204319)
- sbd-inquisitor: log a warning if SBD_PACEMAKER is overridden by -P or -PP option (bsc#1204319)
- sbd-inquisitor: ensure a log info only tells the fact about how SBD_PACEMAKER is set (bsc#1204319)
- Rebase:
  * bsc#1180966-0001-Log-sbd-inquisitor-downgrade-the-warning-about-SBD_S.patch
- Update to version 1.5.1+20220716.c43276f:
- Be a bit more descriptive on issues opening watchdog-devices
- test: a few tweaks regarding setup of test-environment
- Update to version 1.5.1+20211210.92ff8d8:
- configure: have --with-runstatedir overrule --runstatedir (bsc#1185182)
- services: enable systemd sandboxing settings for releases >= 15.4
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
  * harden_sbd.service.patch
  * harden_sbd_remote.service.patch
sg3_utils
- Update to version 1.47+13.75d23ac:
  * rescan-scsi-bus: speed large multipath scans (bsc#1207706)
  * rescan-scsi-bus.sh speed testonline()
  * rescan-scsi-bus.sh: add option --no-lip-scan
  * rescan-scsi-bus: sgdevice26: do not traverse sg class if scsi_device isnot added
  * rescan-scsi-bus.sh: fix handling of '-I <secs>' option
shadow
- bsc#1210507 (CVE-2023-29383):
  Check for control characters
- Add shadow-CVE-2023-29383.patch
- Added patch:
  * shadow-4.8.1-AUDIT_NO_ID.patch
    + fix bsc#1205502: useradd audit event user id field cannot
    be interpreted
shim
- Updated shim.changes to add CVE-2022-28737 number for bsc#1198458.
  The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737)
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
  signature. When submit request on IBS for updating SLE shim, the submitreq
  project be generated, but it always be blocked by checking the signature
  of openSUSE shim.
  It doesn't make sense checking openSUSE shim signature when building
  SLE shim on SLE platform, and vice versa. So the following change adds the
  logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
  When and only when hash mismatch and distro_id match with suffix, stop
  building.
    [#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
    [#] when hash mismatch and distro_id match with suffix, stop building
- Upgrade shim-install for bsc#1210382
  After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
  uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
  CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
  so all files in /boot/efi/EFI/boot are not updated.
  The 86b73d1 patch added the logic that using ID field in os-release for
  checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
  Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
  86b73d1 Fix that bootx64.efi is not updated on Leap
  f2e8143 Use the long name to specify the grub2 key protector
  7283012 cryptodisk: support TPM authorized policies
  49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
  26c6bd5 Have grub take a snapshot of "/relevant"/ TPM PCRs
  5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
  a5c5734 Introduce --no-grub-install option
- Updated shim signature after shim 15.7 be signed back:
  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
  disable the NX compatibility flag when using post-process-pe because
  grub2 is not ready. (bsc#1205588)
  - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
    be merged to v5.19. On the other hand, upstream is working on
    improve compressed kernel stage for NX:
    [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
    https://www.spinics.net/lists/kernel/msg4599636.html
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
  enable the NX compatibility flag by default. (jsc#PED-127)
- Drop upstreamed patch:
  - shim-Enable-TDX-measurement-to-RTMR-register.patch
  - Enable TDX measurement to RTMR register (jsc#PED-1273)
  - 4fd484e4c2	15.7
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
  - Patches (git log --oneline --reverse 15.6..15.7)
  0eb07e1 Make SBAT variable payload introspectable
  092c2b2 Reference MokListRT instead of MokList
  8b59b69 Add a link to the test plan in the readme.
  4fd484e Enable TDX measurement to RTMR register
  14d6339 Discard load-options that start with a NUL
  5c537b3 shim: Flush the memory region from i-cache before execution
  2d4ebb5 load_cert_file: Fix stack issue
  ea4911c load_cert_file: Use EFI RT memory function
  0cf43ac Add -malign-double to IA32 compiler flags
  17f0233 pe: Fix image section entry-point validation
  5169769 make-archive: Build reproducible tarball
  aa1b289 mok: remove MokListTrusted from PCR 7
  53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
  616c566 More coverity modeling
  ea0d0a5 Update shim's .sbat to sbat,3
  dd8be98 Bump grub's sbat requirement to grub,3
  1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
  - 15.7 release note https://github.com/rhboot/shim/releases
  Make SBAT variable payload introspectable by @chrisccoulson in #483
  Reference MokListRT instead of MokList by @esnowberg in #488
  Add a link to the test plan in the readme. by @vathpela in #494
  [V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
  Discard load-options that start with a NUL by @frozencemetery in #505
  load_cert_file bugs by @esnowberg in #523
  Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
  pe: Fix image section entry-point validation by @iokomin in #518
  make-archive: Build reproducible tarball by @julian-klode in #527
  mok: remove MokListTrusted from PCR 7 by @baloo in #519
  - Drop upstreamed patch:
  - shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in  AuthenticodeVerify()
  - 53509eaf22	15.7
  - shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
  - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
  - The following patches are merged to 15.7
  aa1b289a1a mok: remove MokListTrusted from PCR 7
  0cf43ac6d7 Add -malign-double to IA32 compiler flags
  ea4911c2f3 load_cert_file: Use EFI RT memory function
  2d4ebb5a79 load_cert_file: Fix stack issue
  5c537b3d0c shim: Flush the memory region from i-cache before execution
  14d6339829 Discard load-options that start with a NUL
  092c2b2bbe Reference MokListRT instead of MokList
  0eb07e11b2 Make SBAT variable payload introspectable
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
  the item in Update to 15.6. (bsc#1198458)
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
  patches between 15.6 with aa1b289a1a (jsc#PED-127):
    aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
    0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
    ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
    2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
    5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
    14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
    092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
    0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
  enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
  and shim.changes: (jsc#PED-127)
  - Add some change log from SLE shim.changes to Factory shim.changes
    Those messages are added "/(sync shim.changes from SLE)"/ tag.
  - Add the following changes to shim.spec
  - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
    on openSUSE.
  - Enable the AArch64 signature check for SLE:
  [#] AArch64 signature
  signature=%{SOURCE13}
- shim-install: ensure grub.cfg created is not overwritten after
  installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
  (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before
  using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "/use common SBAT values (boo#1193282)"/
  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
    is unstable for building out a stable shim binary for signing. (bsc#1198458)
  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
    not for openSUSE. (bsc#1198458)
- Update to 15.6 (bsc#1198458)
  - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
    which is from upstream grub2.cve_2021_3695.ms keybase channel.
  - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
    support efi-app-aarch64 target. So we need the following patches in bintuils:
  - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
    b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
  - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
    32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
  - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
    d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
  - Patches (git log --oneline --reverse 15.5~..77144e5a4)
    448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
    a2da05f shim: implement SBAT verification for the shim_lock protocol
    bda03b8 post-process-pe: Fix a missing return code check
    af18810 CI: don't cancel testing when one fails
    ba580f9 CI: remove EOL Fedoras from github actions
    bfeb4b3 Remove aarch64 build tests before f35
    38cc646 CI: Add f36 and centos9 CI build tests.
    b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
    31094e5 tests: also look for system headers in multi-arch directories
    4df989a mock-variables.c: fix gcc warning
    6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
    2670c6a Allow MokListTrusted to be enabled by default
    5c44aaf Add code of conduct
    d6eb9c6 Modernize aarch64
    9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
    de87985 make: don't treat cert.S specially
    803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
    6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
    bb4b60e Add verify_image
    acfd48f Abstract out image reading
    35d7378 Load additional certs from a signed binary
    8ce2832 post-process-pe: there is no 's' argument.
    465663e Add some missing PE image flag definitions
    226fee2 PE Loader: support and require NX
    df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
    b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
    f81a7cc SBAT revocation management
    abe41ab make: unbreak scan-build again for gnu-efi
    610a1ac sbat.h: minor reformatting for legibility
    f28833f peimage.h: make our signature macros force the type
    5d789ca Always initialize data/datasize before calling read_image()
    a50d364 sbat policy: make our policy change actions symbolic
    5868789 load_certs: trust dir->Read() slightly less.
    a78673b mok.c: fix a trivial dead assignment
    759f061 Fix preserve_sbat_uefi_variable() logic
    aa61fdf Give the Coverity scanner some more GCC blinders...
    0214cd9 load_cert_file(): don't defererence NULL
    1eca363 mok import: handle OOM case
    75449bc sbat: Make nth_sbat_field() honor the size limit
    c0bcd04 shim-15.6~rc1
    77144e5 SBAT Policy latest should be a one-shot
  - 15.5 release note https://github.com/rhboot/shim/releases
  Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
  mok: allocate MOK config table as BootServicesData by @lcp in #361
  Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
  Relax the check for import_mok_state() by @lcp in #372
  SBAT.md: trivial changes by @hallyn in #389
  shim: another attempt to fix load options handling by @chrisccoulson in #379
  Add tests for our load options parsing. by @vathpela in #390
  arm/aa64: fix the size of .rela* sections by @lcp in #383
  mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
  mok: relax the maximum variable size check by @lcp in #369
  Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
  fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
  httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
  Fallback allocation errors by @vathpela in #402
  shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
  str: remove duplicate parameter check by @xypron in #408
  fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
  Test mok mirror by @vathpela in #394
  Modify sbat.md to help with readability. by @eshiman in #398
  csv: detect end of csv file correctly by @xypron in #404
  Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
  tests: add "/include-fixed"/ GCC directory to include directories by @diabonas in #415
  pe: simplify generate_hash() by @xypron in #411
  Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
  Fallback to default loader if parsed one does not exist by @julian-klode in #393
  fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
  Better console checks by @vathpela in #416
  docs: update SBAT UEFI variable name by @nicholasbishop in #421
  Don't parse load options if invoked from removable media path by @julian-klode in #399
  fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
  shim: Don't stop forever at "/Secure Boot not enabled"/ notification by @rmetrich in #438
  Shim 15.5 coverity by @vathpela in #439
  Allocate mokvar table in runtime memory. by @vathpela in #447
  Remove post-process-pe on 'make clean' by @vathpela in #448
  pe: missing perror argument by @xypron in #443
  - 15.6-rc1 release note https://github.com/rhboot/shim/releases
  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
  post-process-pe: Fix a missing return code check by @vathpela in #462
  Update github actions matrix to be more useful by @frozencemetery in #469
  Add f36 and centos9 CI builds by @vathpela in #470
  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
  tests: fix gcc warnings by @akodanev in #463
  Allow MokListTrusted to be enabled by default by @esnowberg in #455
  Add code of conduct by @frozencemetery in #427
  Re-add ARM AArch64 support by @vathpela in #468
  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
  make: don't treat cert.S specially by @vathpela in #475
  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
  Support loading additional certificates by @esnowberg in #446
  Add support for NX (W^X) mitigations. by @vathpela in #459
  Misc fixups from scan-build. by @vathpela in #477
  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
  - 15.6 release note https://github.com/rhboot/shim/releases
  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
  post-process-pe: Fix a missing return code check by @vathpela in #462
  Update github actions matrix to be more useful by @frozencemetery in #469
  Add f36 and centos9 CI builds by @vathpela in #470
  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
  tests: fix gcc warnings by @akodanev in #463
  Allow MokListTrusted to be enabled by default by @esnowberg in #455
  Add code of conduct by @frozencemetery in #427
  Re-add ARM AArch64 support by @vathpela in #468
  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
  make: don't treat cert.S specially by @vathpela in #475
  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
  Support loading additional certificates by @esnowberg in #446
  Add support for NX (W^X) mitigations. by @vathpela in #459
  Misc fixups from scan-build. by @vathpela in #477
  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
  SBAT Policy latest should be a one-shot by @jsetje in #481
  pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
  pe: Perform image verification earlier when loading grub by @chriscoulson
  Update advertised sbat generation number for shim by @jsetje
  Update SBAT generation requirements for 05/24/22 by @jsetje
  Also avoid CVE-2022-28737 in verify_image() by @vathpela
  - Drop upstreamed patch:
  - shim-bsc1184454-allocate-mok-config-table-BS.patch
  - Allocate MOK config table as BootServicesData to avoid the error message
  from linux kernel
  - 4068fd42c8		15.5-rc1~70
  - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  - Handle ignore_db and user_insecure_mode correctly
  - 822d07ad4f07		15.5-rc1~73
  - shim-bsc1185621-relax-max-var-sz-check.patch
  - Relax the maximum variable size check for u-boot
  - 3f327f546c219634b2	15.5-rc1~49
  - shim-bsc1185261-relax-import_mok_state-check.patch
  - Relax the check for import_mok_state() when Secure Boot is off
  - 9f973e4e95b113	15.5-rc1~67
  - shim-bsc1185232-relax-loadoptions-length-check.patch
  - Relax the check for the LoadOptions length
  - ada7ff69bd8a95	15.5-rc1~52
  - shim-fix-aa64-relsz.patch
  - Fix the size of rela* sections for AArch64
  - 34e3ef205c5d65	15.5-rc1~51
  - shim-bsc1187260-fix-efi-1.10-machines.patch
  - Don't call QueryVariableInfo() on EFI 1.10 machines
  - 493bd940e5		15.5-rc1~69
  - shim-bsc1185232-fix-config-table-copying.patch
  - Avoid buffer overflow when copying the MOK config table
  - 7501b6bb44		15.5-rc1~50
  - shim-bsc1187696-avoid-deleting-rt-variables.patch
  - Avoid deleting the mirrored RT variables
  - b1fead0f7c9		15.5-rc1~37
  - Add "/rm -f *.o"/ after building MokManager/fallback in shim.spec
    to make sure all object files gets rebuilt
  - reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
  in shim-15.6.tar.bz2
  - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
    pe: Fix a buffer overflow when SizeOfRawData VirtualSize
  - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
    pe: Perform image verification earlier when loading grub
  - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
    Update advertised sbat generation number for shim
  - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
    Update SBAT generation requirements for 05/24/22
  - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
    Also avoid CVE-2022-28737 in verify_image()
  - 0006-shim-15.6-rc2.patch
  - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
    sbat: add the parsed SBAT variable entries to the debug log
  - 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
  when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
  (bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
  show the prompt to ask whether the user trusts openSUSE certificate or not
  (bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
  - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
    SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
    openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
    and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
  - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
    file which includes all .der for testing environment.
- use common SBAT values (boo#1193282)
- Update the SLE signatures (sync shim.changes from SLE)
(sync shim.changes from SLE)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
  buffer overflow when copying data to the MOK config table
  (bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
  vendor-dbx to MokListXRT since writing a large RT variable
  could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
  potential crash when calling QueryVariableInfo in EFI 1.10
  machines (bsc#1187260)
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
  for AArch64
  Fix: https://github.com/rhboot/shim/issues/371
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
  ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "/shim.efi"/ if the given
  file doesn't exist
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)
  (sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
  maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  to handle ignore_db and user_insecure_mode correctly
  (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261)
  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
- Update the SLE signatures (sync shim.changes from SLE)
sqlite3
- bsc#1206337, CVE-2022-46908, sqlite-CVE-2022-46908.patch:
  relying on --safe for execution of an untrusted CLI script
sudo
- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.
- Added sudo-no-double-free.patch
  * bsc#1208595, CVE-2023-27320
  * Fix a situation where per-command chroot sudoers rules can cause
    a double-free.
- Added sudo-no-passwd-for-nonexisting-cmd.patch
  * bsc#1206772
  * If NOPASSWD is specified, don't ask for password if command is
    not found.
- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "/sudo -U otheruser -l"/ would dereference
    a NULL pointer.
- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.
- Added sudo-utf8-ldap-schema.patch
  * Change sudo-ldap schema from ASCII to UTF8.
  * Fixes bsc#1197998
  * Credit to William Brown <william.brown@suse.com>
  * https://github.com/sudo-project/sudo/pull/163
supportutils
- Changes to supportconfig version 3.1.11-46.3
  + Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
  + Added check to _sanitize_file
  + Using variable for replement text in _sanitize_file
supportutils-plugin-suse-public-cloud
- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during
    registration
suse-build-key
- Establish multiple new 4096 RSA keys that we will switch
  to mid of 2023. (jsc#PED-2777)
  - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
  - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
  - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
  - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
    new RSA 4096 key for the SUSE registry registry.suse.com, installed as
    suse-container-key-2023.pem and suse-container-key-2023.asc
  - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
    New PTF container signing key for registry.suse.com/ptf/ space.
- added /usr/share/pki/containers directory for container pem keys
  (cosign/sigstore style), put our PEM key there too (bsc#1204706)
suse-module-tools
- Update to version 15.4.16:
  * modprobe.conf: s390x: remove softdep on fbcon (boo#1207853)
- Update to version 15.4.15: Backport bug fixes from factory
  * driver-check.sh, unblacklist: convert egrep to grep -E (bsc#1203092)
  * kernel-scriptlets: don't pass flags to weak-modules2 (bsc#1195391)
  * driver-check.sh: avoid false positive error messages (boo#1200107)
- Update to version 15.4.14:
  * 80-hotplug-cpu-mem.rules: use CONST{arch} (bsc#1204423)
- Update to version 15.4.13:
  * 80-hotplug-cpu-mem.rules: restrict cpu rule to x86_64 (bsc#1204423)
suseconnect-ng
- Update to version 1.1.0~git2.f42b4b2a060e:
  * Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)
- Update to version 1.1.0~git0.e3c41e60892e:
  * Bump to v1.1.0
- Update to version 1.0.0~git23.406b219ccc9e:
  * Added MemTotal detection for HwInfo
  * move 'ExcludeArch' out of the if block
- Update to version 1.0.0~git19.b225bc3:
  * Make keepalive on SUMA systems exit without error (bsc#1207876)
  * Update README.md
  * Add deactivate API to ruby bindings (bsc#1202705)
- Update to version 1.0.0~git14.17a7901:
  * Don't write system_token to service credentials files
  * Allow non-root users to use --version
  * Add: ExcludeArch: %ix86 s390 ppc64 to the .spec file, so we skip builds for unsupported architectures.
  * Update Dockerfile.yast
  * Use openssl go for SLE and Leap 15.5+ builds
  * Fix keepalive feature notice during installation
  * Fix requires for all rhel clone distributions like alma, rocky...
systemd
- Import commit 6441bb41141aaa8bfb63559917362748a3044c15
  165ca0d018 udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Update 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1203141)
  Optimize when hundred workers claim the same symlink with the same priority.
- Update 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
  Since commit 38f3e20883ff658935aae5c9 (v248), the symlinks /dev/cdrw and
  /dev/dvdrw could have no longer been created. Futhermore the rule added by
  this patch dealing with /dev/cdrom was redundant with the upstream one
- Import commit dad0071f15341be2b24c2c9d073e62617e0b4673 (merge of v249.16)
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not more needed since udev hwdb was
  introduced 11 years ago.
- Move systemd-boot and all components managing (secure) UEFI boot into udev
  sub-package: they may deserve a dedicated sub-package in the future but for
  now move them to udev so they aren't installed in systemd based containers.
- Drop a workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
  support enabled (i.e. SLE).
- Import commit 119740915155d473de087bd633ba62c1c3e47d36 (merge of v249.15)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/1bfa716e7fb6d7169cece864e75dfe9e52914c99...119740915155d473de087bd633ba62c1c3e47d36
- Make use of the %systemd_* rpm macros consistently. Using the upstream
  variants will ease the backports of Factory changes to SLE since Factory
  systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
  the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
- Make sure that /lib/udev exists and is a symlink to /usr/lib/udev when the
  testsuite is run.
- Import commit 1bfa716e7fb6d7169cece864e75dfe9e52914c99 (merge of v249.14)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/540e0bd5374f9f42f1e645eb15971431ebb4b8c8...1bfa716e7fb6d7169cece864e75dfe9e52914c99
- Rebase 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch
- Don't overwrite /etc/pam.d/systemd-user on update (bsc#1207264)
  Regression introduced when systemd was forked for 15.4.
- Ship systemd-pstore with udev (jsc#PED-2663)
- Import commit 540e0bd5374f9f42f1e645eb15971431ebb4b8c8
  29fb8a2dd0 core/unit: try to submit stop_when_unneeded queue on removing dependencies
  bd63eab381 core/device: start units specified in SYSTEMD_WANTS if it is not running
  e0898fa873 coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  119424f96e coredump: adjust whitespace
  3833d5a408 coredump: drop an unused variable
  36728edcfd coredump: Fix format string type mismatch
  34f6867a8a analyze: use DumpUnitsMatchingPatternsByFileDescriptor
  e67a7087ec manager: add DumpUnitsMatchingPatternsByFileDescriptor()
  feb8f2a983 manager: rename dbus method
  98fed27339 analyze: extend the dump command to accept patterns
  a06d9470af man: document the Dump() calls of the PID 1 D-Bus interface, and what they are
  79eb37a5e0 cryptsetup: retry TPM2 unseal operation if it fails with TPM2_RC_PCR_CHANGED (bsc#1204944)
- Drop 5000-coredump-Fix-format-string-type-mismatch.patch
    5001-coredump-drop-an-unused-variable.patch
    5002-coredump-adjust-whitespace.patch
    5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
  They have been merged into SUSE/v249 branch.
- Fix systemd-coredump to not allow user to access coredumps with changed
  uid/gid/capabilities (bsc#1205000 CVE-2022-4415)
  Add 5000-coredump-Fix-format-string-type-mismatch.patch
  Add 5001-coredump-drop-an-unused-variable.patch
  Add 5002-coredump-adjust-whitespace.patch
  Add 5003-coredump-do-not-allow-user-to-access-coredumps-with-.patch
- Import commit bcf040075f682f67370ddf7ab93d7a0d8b9cd9cc
  ab0f962e4c core/device: Log on every event received from udev
  2dcb7c77fe udev/net_id: show the correct identifier in the debug output of dev_pci_onboard()
  5b824103e0 udev/net_id: add debug logging for construction of device names
  cb6925410b udev: add one more assertion
  82e343153a udev: drop assertion which is always false
  cef726986b udev: support by-path devlink for multipath nvme block devices (bsc#1200723)
  00b34f08d9 tests: minor simplification in test-execute
  e5b4571c20 tests: make test-execute pass on openSUSE
- Drop the following patches since they have been merged in 'SUSE/v249' branch:
  6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
  6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
systemd-presets-common-SUSE
- Enable systemd-pstore.service by default (jsc#PED-2663)
systemd-rpm-macros
- Bump version to 13
- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
  a chroot (bsc#1211272)
- Bump version to 12
- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not
  present as it's expected (bsc#1208079).
tar
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * remove bsc1202436.patch
  * bsc1202436-1.patch
  * bsc1202436-1.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch
tcl
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.
- Fix a race condition in test socket-13.1
  (tcl-test-socket-13.1.patch).
- Remove the SQLite extension and package it as a subpackage of
  sqlite3 to have only a single copy and keep it more up to date
  (bsc#1195773).
- Clean up the lib dependencies in tclConfig.sh and tcl.pc.
tiff
  * CVE-2023-0795 [bsc#1208226]
  * CVE-2023-0796 [bsc#1208227]
  * CVE-2023-0797 [bsc#1208228]
  * CVE-2023-0798 [bsc#1208229]
  * CVE-2023-0799 [bsc#1208230]
    + tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
  * CVE-2023-0800 [bsc#1208231]
  * CVE-2023-0801 [bsc#1208232]
  * CVE-2023-0802 [bsc#1208233]
  * CVE-2023-0803 [bsc#1208234]
  * CVE-2023-0804 [bsc#1208236]
    + tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
- security update:
  * CVE-2022-48281 [bsc#1207413]
    + tiff-CVE-2022-48281.patch
- security update:
  * CVE-2022-3570 [bsc#1205422]
  * CVE-2022-3598 [bsc#1204642]
    + tiff-CVE-2022-3598,3570.patch
- security update:
tigervnc
- Fixes for bsc#1209283
  * Drop chown vnc:vnc calls in with-vnc-key.sh
  * Add TLSNone to -securitytypes to increase security in xvnc@.service
timezone
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
- timezone update 2022g (bsc#1177460):
  * In the Mexican state of Chihuahua, the border strip near the US
    will change to agree with nearby US locations on 2022-11-30.
    The strip's western part, represented by Ciudad Juárez, switches
    from -06 all year to -07/-06 with US DST rules, like El Paso, TX.
    The eastern part, represented by Ojinaga, will observe US DST next
    year, like Presidio, TX.
    A new Zone America/Ciudad_Juarez splits from America/Ojinaga.
  * Much of Greenland, represented by America/Nuuk, stops observing
    winter time after March 2023, so its daylight saving time becomes
    standard time.
  * Changes for pre-1996 northern Canada
  * Update to past DST transition in Colombia (1993), Singapore
    (1981)
  * timegm is now supported by default
util-linux
- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
util-linux-systemd
- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
- libuuid continuous clock handling for time based UUIDs:
  Prevent use of the new libuuid ABI by uuidd %post before update
  of libuuid1 (bsc#1205646).
- util-linux-uuidd-prevent-root-owning.patch: Use chown --quiet
  to prevent error message if /var/lib/libuuid/clock.txt does not
  exist.
vim
- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572
- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
  * Revert the creation standalone xxd packages
- Updated to version 9.0 with patch level 1443, fixes the following security problems
  * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
  * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
  * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
  remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1040...v9.0.1234
- Updated to version 9.0 with patch level 1040, fixes the following security problems
  * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
  * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
  * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
  * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
  * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
  * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.814...v9.0.1040
wayland
- U_util-Limit-size-of-wl_map.patch
  U_util-set-errno-when-hitting-WL_MAP_MAX_OBJECTS.patch
  * fixes Reference-count overflow in libwayland-server SHM
    handling (CVE-2021-3782, bsc#1190486)
xen
- bsc#1209237 - xen-syms doesn't contain debug-info
  643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
  6447a8fd-x86-EFI-permit-crash-dump-analysis.patch
- Update to Xen 4.16.4 bug fix release (bsc#1027519)
  xen-4.16.4-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
  63a03e28-x86-high-freq-TSC-overflow.patch
  63c05478-VMX-calculate-model-specific-LBRs-once.patch
  63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
  63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
  63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
  63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
  63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
  63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
  641041e8-VT-d-constrain-IGD-check.patch
  6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
  64199e0c-x86-shadow-account-for-log-dirty-mode.patch
  64199e0d-x86-HVM-bound-number-of-pca-regions.patch
  64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
  64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
  libxl.fix-guest-kexec-skip-cpuid-policy.patch
- Upstream bug fixes (bsc#1027519)
  63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
  63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
  63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
  63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
  641041e8-VT-d-constrain-IGD-check.patch
  6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "/proper"/ upstream backports:
  64199e0c-x86-shadow-account-for-log-dirty-mode.patch
  64199e0d-x86-HVM-bound-number-of-pca-regions.patch
  64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
  64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
  xsa427.patch
  xsa428-1.patch
  xsa428-2.patch
  xsa429.patch
- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
  libxl.fix-guest-kexec-skip-cpuid-policy.patch
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
  log-dirty mode use-after-free (XSA-427)
  xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
  pinned cache attributes mis-handling (XSA-428)
  xsa428-1.patch
  xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
  vulnerability in 32bit SYSCALL path (XSA-429)
  xsa429.patch
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
  Address Predictions (XSA-426)
  63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
  SLES15 SP4 xen kernel.
  63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
- Upstream bug fixes (bsc#1027519)
  63c05478-VMX-calculate-model-specific-LBRs-once.patch
  63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
- Upstream bug fixes (bsc#1027519)
  63a03e28-x86-high-freq-TSC-overflow.patch
- Update to Xen 4.16.3 bug fix release (bsc#1027519)
  xen-4.16.3-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
  62fde97e-tools-libxl-Replace-deprecated-soundhw-on-QEMU-command-line.patch
  6306185f-x86-XSTATE-CPUID-subleaf-1-EBX.patch
  631b5ba6-gnttab-acquire-resource-vaddrs.patch
  63455f82-Arm-P2M-prevent-adding-mapping-when-dying.patch
  63455fa8-Arm-P2M-preempt-when-freeing-intermediate.patch
  63455fc3-x86-p2m_teardown-allow-skip-root-pt-removal.patch
  63455fe4-x86-HAP-monitor-table-error-handling.patch
  63456000-x86-tolerate-sh_set_toplevel_shadow-failure.patch
  6345601d-x86-tolerate-shadow_prealloc-failure.patch
  6345603a-x86-P2M-refuse-new-alloc-for-dying.patch
  63456057-x86-P2M-truly-free-paging-pool-for-dying.patch
  63456075-x86-P2M-free-paging-pool-preemptively.patch
  63456090-x86-p2m_teardown-preemption.patch
  63456175-libxl-per-arch-extra-default-paging-memory.patch
  63456177-Arm-construct-P2M-pool-for-guests.patch
  6345617a-Arm-XEN_DOMCTL_shadow_op.patch
  6345617c-Arm-take-P2M-pages-P2M-pool.patch
  634561aa-gnttab-locking-on-transitive-copy-error-path.patch
  634561f1-x86emul-respect-NSCB.patch
  6346e404-VMX-correct-error-handling-in-vmx_create_vmcs.patch
  6351095c-Arm-rework-p2m_init.patch
  6351096a-Arm-P2M-populate-pages-for-GICv2-mapping.patch
  635274c0-EFI-dont-convert-runtime-mem-to-RAM.patch
  635665fb-sched-fix-restore_vcpu_affinity.patch
  63569723-x86-shadow-replace-bogus-assertions.patch
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
  xsa326-01.patch
  xsa326-02.patch
  xsa326-03.patch
  xsa326-04.patch
  xsa326-05.patch
  xsa326-06.patch
  xsa326-07.patch
  xsa326-08.patch
  xsa326-09.patch
  xsa326-10.patch
  xsa326-11.patch
  xsa326-12.patch
  xsa326-13.patch
  xsa326-14.patch
  xsa326-15.patch
  xsa326-16.patch
  xsa412.patch
  xsa414.patch
  xsa415.patch
  xsa416.patch
  xsa417.patch
  xsa418-01.patch
  xsa418-02.patch
  xsa418-03.patch
  xsa418-04.patch
  xsa418-05.patch
  xsa418-06.patch
  xsa418-07.patch
  xsa419-01.patch
  xsa419-02.patch
  xsa419-03.patch
  xsa421-01.patch
  xsa421-02.patch
- bsc#1205209 - VUL-0: CVE-2022-23824: xen: x86: Multiple
  speculative security issues (XSA-422)
  636a9130-x86-spec-ctrl-Enumeration-for-IBPB_RET.patch
  636a9130-x86-spec-ctrl-Mitigate-IBPB-not-flushing-the-RSB-RAS.patch
xfsprogs
- mkfs: don't trample the gid set in the protofile (bsc#1205266)
  - Add xfsprogs-mkfs-don-t-trample-the-gid-set-in-the-protofile.patch
- mkfs: prevent corruption of passed-in suboption string values
  (bsc#1205377)
  - Add xfsprogs-mkfs-prevent-corruption-of-passed-in-suboption-strin.patch
- mkfs: terminate getsubopt arrays properly (bsc#1205284)
  - Add xfsprogs-mkfs-terminate-getsubopt-arrays-properly.patch
- xfs_repair: ignore empty xattr leaf blocks (bsc#1205272)
  - Add xfsprogs-xfs_repair-ignore-empty-xattr-leaf-blocks.patch
xterm
- xterm-CVE-2022-45063.patch: Fixed use-after-free in fontops when
  a font is not present (bsc#1205305 CVE-2022-45063)
yast2-add-on
- Fixed failure with the "/media_url"/ element in AutoYaST profile
  containing CDATA block with spaces (bsc#1205928)
- 4.4.8
yast2-bootloader
- make secure boot for ppc64 consistent with how secure boot works
  on other architectures (bsc#1206295)
- 4.4.19
yast2-cluster
- bsc#1204530, set crypto_hash as "/sha1"/ and set crypto_cipher as "/aes256"/,
- set transport as "/udpu"/ by default,
- set default values for mcastaddr/mcastport/bindnedaddr when cluster firstly configured
- Set focus on "/Generate Auth Key File"/ when secauth is true
- Implement ValidateSecurity method
- Set focus on memberaddr add when using udpu
- Version 4.4.3
yast2-country
- Update language cache when selecting new language to ensure that
  always the correct language translations are used in the license
  translations selection combo box on the next wizard page
  (bsc#1204845, bsc#1193009)
- 4.4.13
yast2-drbd
- Validate DRBD Device name (bsc#1207952)
- 4.4.3
yast2-installation
- Fixed the help in the installation summary to include the texts
  from the corresponding proposals (related to jsc#SLE-24764).
- 4.4.58
- Write config for ssg-apply script according to the enabled
  security policy (part of jsc#SLE-24764).
- 4.4.54
yast2-network
- bsc#1211431
  - Do not crash installation when storing vlan configuration into
    NetworkManager
- 4.4.58
- Do not write the EAP auth attribute when writing a wireless
  wicked configuration using the EAP mode as TLS (bsc#1211026)
- 4.4.57
- Fixed a random build failure (introduced by the previous fix for
  bsc#1207221) (bsc#1208796).
- 4.4.56
- Fix the return of packages needed by the selected backend when
  running an autoinstallation (bsc#1207221)
- 4.4.55
- Do not crash when the NETMASK or PREFIXLEN are invalid
  (bsc#1206551).
- 4.4.54
yast2-online-update
- Fix showing of release notes when we update a rubygem
  (bsc#1205913)
- 4.4.5
- bsc#1204907
  - Dropped old workaround from 2.13.15 with unconditional refresh
    of all repositories.
- 4.4.4
yast2-packager
- Do not add an empty repository to the system when upgrading
  a registered system using the Full installation medium
  (bsc#1204399)
- 4.4.33
yast2-pkg-bindings
- Pkg.TargetInitializeOptions() - added a new option for
  rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- 4.4.6
- Allow querying orphaned packages (related to bsc#1202007)
- 4.4.5
yast2-sap-ha
- Clean up Rakefile
- 1.0.18
- Use ruby base64 to replace uuencode/uudecode
  (bsc#1206601)
- 1.0.17
- YaST2 HA Setup for SAP Products - cannot input several instance numbers
  (bsc#1202979)
- 1.0.16
yast2-security
- AutoYaST: export security policy settings (related to
  jsc#SLE-24764).
- 4.4.18
- Fixed wrong steps count causing a crash during saving (bsc#1205918)
- 4.4.17
- Disable the ssg-apply service if the selected SCAP action is
  "/do nothing"/ (related to jsc#SLE-24764).
- 4.4.16
- Add support for DISA STIG security policy validation
  (jsc#SLE-24764).
- 4.4.15
yast2-storage-ng
- Extended regexp to identify Dell BOSS storage devices (bsc#1200975)
- 4.4.42
- Validate security policies in both guided proposal and
  partitioner (part of jsc#SLE-24764).
- 4.4.41
yast2-transfer
- Fixed TFTP download, truncate the target file to avoid garbage
  at the end of the file when saving to an already existing file
  (bsc#1208754)
- 4.4.2
yast2-update
- Display a warning in the upgrade summary when removing orphaned
  3rd party packages (bsc#1202007)
- 4.4.8
yast2-users
- Stop mangling the value of "/Create as Btrfs Subvolume"/ for new
  users when clicking on "/Edit -> Details"/ (bsc#1209377).
- 4.4.13
zlib
- Fix deflateBound() before deflateInit(), bsc#1210593
  bsc1210593.patch
- Add DFLTCC support for using inflate() with a small window,
  fixes bsc#1206513
  * bsc1206513.patch
- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch
zstd
- Fix CVE-2022-4899, bsc#1209533
  * Fix buffer underflow when dir1 == "/"/
  * Disallow empty string as an argument for --output-dir-flat="/"/
  and --output-dir-mirror="/"/.
- Added patches:
  * Disallow-empty-output-directory.patch
  * Fix-buffer-underflow-for-null-dir1.patch
zypper
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60
- BuildRequires:  libzypp-devel >= 17.31.7.
- Provide "/removeptf"/ command (bsc#1203249)
  A remove command which prefers replacing dependant packages to
  removing them as well.
  A PTF is typically removed as soon as the fix it provides is
  applied to the latest official update of the dependant packages.
  But you don't want the dependant packages to be removed together
  with the PTF, which is what the remove command would do. The
  removeptf command however will aim to replace the dependant
  packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
  (bsc#1205570)
- version 1.14.59
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires:  libzypp-devel >= 17.31.5
- version 1.14.58