SAPHanaSR
- Version bump to 0.162.3
  * Fix the hexdump log for empty node states
  * catch monitor calls for non-cloned resources and report them as
    unsupported instead of 'command not found'
    (bsc#1218333)
  * fix scope of variable 'site' to be global
    (bsc#1219194)
  * susChkSrv.py - relocate function logTimestamp()
  * update man pages:
    SAPHanaSR.7
    ocf_suse_SAPHana.7
    SAPHanaSR_maintenance_examples.7
    SAPHanaSR.py.7
    SAPHanaSR-showAttr.8
000release-packages:SLES_SAP-release
n/a
aaa_base
- silence the output in the case of broken symlinks (bsc#1218232)

- fix git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  to actually apply

- replace git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  by git-47-056fc66c699a8544c7692a03c905fca568f5390b.patch
  * fix the issues from bsc#1107342 and bsc#1215434 and just
    use the settings from update-alternatives to set JAVA_HOME
audit-secondary
- Fix plugin termination when using systemd service units (bsc#1215377)
  * add auditd.service-fix-plugin-termination.patch
autofs
- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
  Don't use initgroups at spawn (bsc#1214710, bsc#1221181)
bind
- Update to release 9.16.48
  Feature Changes:
  * The IP addresses for B.ROOT-SERVERS.NET have been updated to
    170.247.170.2 and 2801:1b8:10::b.
  Security Fixes:
  * Validating DNS messages containing a lot of DNSSEC signatures
    could cause excessive CPU load, leading to a denial-of-service
    condition. This has been fixed. (CVE-2023-50387)
    [bsc#1219823]
  * Preparing an NSEC3 closest encloser proof could cause excessive
    CPU load, leading to a denial-of-service condition. This has
    been fixed. (CVE-2023-50868)
    [bsc#1219826]
  * Parsing DNS messages with many different names could cause
    excessive CPU load. This has been fixed. (CVE-2023-4408)
    [bsc#1219851]
  * Specific queries could cause named to crash with an assertion
    failure when nxdomain-redirect was enabled. This has been
    fixed. (CVE-2023-5517)
    [bsc#1219852]
  * A bad interaction between DNS64 and serve-stale could cause
    named to crash with an assertion failure, when both of these
    features were enabled. This has been fixed. (CVE-2023-5679)
    [bsc#1219853]
  * Query patterns that continuously triggered cache database
    maintenance could cause an excessive amount of memory to be
    allocated, exceeding max-cache-size and potentially leading to
    all available memory on the host running named being exhausted.
    This has been fixed. (CVE-2023-6516)
    [bsc#1219854]
  Removed Features:
  * Support for using AES as the DNS COOKIE algorithm
    (cookie-algorithm aes;) has been deprecated and will be removed
    in a future release. Please use the current default,
    SipHash-2-4, instead.
ca-certificates
- Update to version 2+git20240416.98ae794 (bsc#1221184):
  * Use flock to serialize calls (boo#1188500)
  * Make certbundle.run container friendly
  * Create /var/lib/ca-certificates if needed
cloud-init
- Add cloud-init-no-nmcfg-needed.patch (bsc#1221726)
  + Do not require a NetworkManager config file in order to detect
    NetworkManager as the renderer

- Add cloud-init-no-openstack-guess.patch (bsc#1222113)
  + Do not guess if we are running on OpenStack or not. Only recognize
    the known markers and enable cloud-init if we know for sure.

- Add  cloud-init-ds-deterministic.patch (bsc#1221132)
  + Do not guess a data source when checking for a CloudStack
    environment

- Hardcode distribution to suse for proper cloud.cfg generation
  (bsc#1220132).

- Prepare for RPM 4.20 switch patch syntax

- Add cloud-init-skip-empty-conf.patch
  + Skip tests with empty config

- Add cloud-init-pckg-reboot.patch (boo#1198533, bsc#1218952,  jsc#SMO-326)
  + Support reboot on package update/upgrade via the cloud-init config

- Switch build dependency to the generic distribution-release package
cloud-netconfig
- Update to version 1.14
  + Use '-s' instead of '--no-progress-meter' for curl (bsc#1221757)

- Add version settings to Provides/Obsoletes

- Update to version 1.12 (bsc#1221202)
  + If token access succeeds using IPv4 do not use the IPv6 endpoint
    only use the IPv6 IMDS endpoint if IPv4 access fails.

- Add Provides/Obsoletes for dropped cloud-netconfig-nm
- Install dispatcher script into /etc/NetworkManager/dispatcher.d
  on older distributions
- Add BuildReqires: NetworkManager to avoid owning dispatcher.d
  parent directory

- Update to version 1.11:
  + Revert address metadata lookup in GCE to local lookup (bsc#1219454)
  + Fix hang on warning log messages
  + Check whether getting IPv4 addresses from metadata failed and abort
    if true
  + Only delete policy rules if they exist
  + Skip adding/removing IPv4 ranges if metdata lookup failed
  + Improve error handling and logging in Azure
  + Set SCRIPTDIR when installing netconfig wrapper

- Update to version 1.10:
  + Drop cloud-netconfig-nm sub package and include NM dispatcher
    script in main packages (bsc#1219007)
  + Spec file cleanup

- Update to version 1.9:
  + Drop package dependency on sysconfig-netconfig
  + Improve log level handling
  + Support IPv6 IMDS endpoint in EC2 (bsc#1218069)
cloud-regionsrv-client
- Update to version 10.1.7 (bsc#1220164, bsc#1220165)
  + Fix the failover path to a new target update server. At present a new
    server is not found since credential validation fails. We targeted
    the server detected in down condition to verify the credentials instead
    of the replacement server.
kernel-default
- KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).
- commit 7f00c86

- x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746).
- commit ee70608

- Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746).
- commit c955133

- bpf: Fix re-attachment branch in bpf_tracing_prog_attach
  (bsc#1220254 CVE-2024-26591).
- commit fc948d3

- selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS (bsc#1220255
  CVE-2024-26589).
- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255
  CVE-2024-26589).
- commit 8a833ce

- tls: fix race between tx work scheduling and socket close
  (CVE-2024-26585 bsc#1220187).
- commit 1306bff

- kabi: restore return type of dst_ops::gc() callback
  (CVE-2023-52340 bsc#1219295).
- ipv6: remove max_size check inline with ipv4 (CVE-2023-52340
  bsc#1219295).
- commit b8eec42

- netfilter: nf_tables: fix 64-bit load issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit e095cd0

- netfilter: nft_set_pipapo: skip inactive elements during set
  walk (CVE-2023-6817 bsc#1218195).
- commit 4032aa7

- tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825
  CVE-2024-26622).
- commit c8e5b38

- btrfs: fix double free of anonymous device after snapshot
  creation failure (bsc#1219126 CVE-2024-23850).
- commit 257a534

- btrfs: do not ASSERT() if the newly created subvolume already
  got read (bsc#1219126 CVE-2024-23850).
- commit a2ac581

- bpf: Minor cleanup around stack bounds (bsc#1220257
  CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
  CVE-2023-52452).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
  (git-fixes).
- bpf: Minor cleanup around stack bounds (bsc#1220257
  CVE-2023-52452).
- bpf: Fix accesses to uninit stack slots (bsc#1220257
  CVE-2023-52452).
- bpf: Add some comments to stack representation (bsc#1220257
  CVE-2023-52452).
- Refresh patches.kabi/kABI-fix-bpf-Tighten-ptr_to_btf_id-checks.patch
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
  (git-fixes).
- bpf: Minor logging improvement (bsc#1220257).
- commit 7d03125

- serial: 8250: omap: Don't skip resource freeing if
  pm_runtime_resume_and_get() failed (bsc#1220350 CVE-2023-52457).
- commit c82f528

- serial: imx: fix tx statemachine deadlock (bsc#1220364
  CVE-2023-52456).
- commit cd9f92c

- powerpc/pseries/memhp: Fix access beyond end of drmem array
  (bsc#1220250,CVE-2023-52451).
- commit fdc7254

- Update patch reference for input fix (CVE-2021-46932 bsc#1220444)
- commit e44e0b1

- usb: dwc3: gadget: Ignore End Transfer delay on teardown
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Add-1ms-delay-after-end-transfer-com.patch.
- commit 251cd08

- tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
- wifi: nl80211: reject iftype change with mesh ID change
  (git-fixes).
- usb: dwc3: gadget: Don't disconnect if not started (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call
  (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen
  (git-fixes).
- usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit
  (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- usb: dwc3: gadget: Queue PM runtime idle on disconnect event
  (git-fixes).
- usb: dwc3: gadget: Handle EP0 request dequeuing properly
  (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro
  (git-fixes).
- tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE
  (git-fixes).
- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for
  IT8784/IT8786 (git-fixes).
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
  (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
  (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
  (git-fixes).
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
  (git-fixes).
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
  ath9k_htc_txstatus() (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset
  (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow
  (git-fixes).
- wifi: wext-core: Fix -Wstringop-overflow warning in
  ioctl_standard_iw_point() (git-fixes).
- wifi: ath11k: fix registration of 6Ghz-only phy without the
  full channel range (git-fixes).
- usb: dwc3: gadget: Refactor EP0 forced stall/restart into a
  separate API (git-fixes).
- usb: dwc3: gadget: Submit endxfer command if delayed during
  disconnect (git-fixes).
- commit 8b4f9a3

- power: supply: bq27xxx-i2c: Do not free non existing IRQ
  (git-fixes).
- mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
- mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
- mmc: core: Fix eMMC initialization with 1-bit bus connection
  (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
  (git-fixes).
- mtd: spinand: gigadevice: Fix the get ecc status issue
  (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission
  (git-fixes).
- mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
- regulator: pwm-regulator: Add validity checks in continuous
  .get_voltage (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the TECLAST X16
  Plus tablet (git-fixes).
- spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were
  detected (git-fixes).
- PCI: switchtec: Fix stdev_release() crash after surprise hot
  remove (git-fixes).
- PCI: Fix 64GT/s effective data rate calculation (git-fixes).
- PCI: Only override AMD USB controller if required (git-fixes).
- PCI/AER: Decode Requester ID when no error info found
  (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe
  (git-fixes).
- mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
- mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
  (git-fixes).
- pstore/ram: Fix crash when setting number of cpus to an odd
  number (git-fixes).
- PNP: ACPI: fix fortify warning (git-fixes).
- regulator: core: Only increment use_count when enable_count
  changes (git-fixes).
- PM: core: Remove unnecessary (void *) conversions (git-fixes).
- serial: 8250: Remove serial_rs485 sanitization from em485
  (git-fixes).
- PM: runtime: Have devm_pm_runtime_enable() handle
  pm_runtime_dont_use_autosuspend() (git-fixes).
- commit 9894050

- gpio: fix resource unwinding order in error path (git-fixes).
- commit f4d7f82

- gpiolib: Fix the error path order in
  gpiochip_add_data_with_key() (git-fixes).
- commit 9367441

- Update patches.suse/i2c-Fix-a-potential-use-after-free.patch
  (git-fixes bsc#1220409 CVE-2019-25162).
  Add bug and CVE references.
- commit 6df4ebd

- Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and
  pm_sleep_ptr() (git-fixes).
- Refresh
  patches.suse/Input-iqs269a-do-not-poll-during-suspend-or-resume.patch.
- commit 7360a05

- i2c: imx: Add timer for handling the stop condition (git-fixes).
- Refresh
  patches.suse/i2c-imx-Make-sure-to-unregister-adapter-on-remove.patch.
- commit 3a3d0f8

- gpio: 74x164: Enable output pins after registers are reset
  (git-fixes).
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font()
  (git-fixes).
- lan78xx: enable auto speed configuration for LAN7850 if no
  EEPROM is detected (git-fixes).
- i2c: imx: when being a target, mark the last read as processed
  (git-fixes).
- i2c: i801: Fix block process call transactions (git-fixes).
- iio: hid-sensor-als: Return 0 for
  HID_USAGE_SENSOR_TIME_TIMESTAMP (git-fixes).
- firewire: core: send bus reset promptly on gap count error
  (git-fixes).
- efi: Don't add memblocks for soft-reserved memory (git-fixes).
- hwmon: (coretemp) Enlarge per package core count limit
  (git-fixes).
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
  (git-fixes).
- fbdev: sis: Error out if pixclock equals zero (git-fixes).
- fbdev: savage: Error out if pixclock equals zero (git-fixes).
- libsubcmd: Fix memory leak in uniq() (git-fixes).
- iio: adc: ad7091r: Set alert bit in config register (git-fixes).
- i3c: master: cdns: Update maximum prescaler value for i2c clock
  (git-fixes).
- leds: trigger: panic: Don't register panic notifier if creating
  the trigger failed (git-fixes).
- media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
- media: stk1160: Fixed high volume of stk1160_dbg messages
  (git-fixes).
- i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
- HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
- HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
- commit 0f0032c

- dmaengine: ptdma: use consistent DMA masks (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization
  (git-fixes).
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
  (git-fixes).
- Revert "drm/amd/pm: resolve reboot exception for si oland"
  (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE
  flag is set (git-fixes).
- drm/ttm: Fix an invalid freeing on already freed page in error
  path (git-fixes).
- drm/amd/display: Preserve original aspect ratio in create stream
  (git-fixes).
- Revert "drm/amd/display: increased min_dcfclk_mhz and
  min_fclk_mhz" (git-fixes).
- drm/prime: Support page array >= 4GB (git-fixes).
- efi: runtime: Fix potential overflow of soft-reserved region
  size (git-fixes).
- drm/amd/display: Increase frame-larger-than for all
  display_mode_vba files (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program GFXDEC registers for suspend abort
  (git-fixes).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
  command DMA (git-fixes).
- dmaengine: ti: edma: Add some null pointer checks to the
  edma_probe (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
  (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- commit 61b82a0

- ALSA: Drop leftover snd-rtctimer stuff from Makefile
  (git-fixes).
- ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
- Bluetooth: qca: Fix wrong event type for patch config command
  (git-fixes).
- Bluetooth: Enforce validation on max value of connection
  interval (git-fixes).
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
  (git-fixes).
- Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
  (git-fixes).
- Bluetooth: hci_sync: Fix accept_list when attempting to suspend
  (git-fixes).
- Bluetooth: Avoid potential use-after-free in hci_error_reset
  (git-fixes).
- Bluetooth: hci_sync: Check the correct flag before starting
  a scan (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED For HP mt645
  (git-fixes).
- ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
  (git-fixes).
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
- bus: moxtet: Add spi device table (git-fixes).
- Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
- crypto: api - Disallow identical driver names (git-fixes).
- commit a409ffd

- ALSA: usb-audio: Ignore clock selector errors for single
  connection (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
  (git-fixes).
- ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287
  thinkpads (git-fixes).
- ALSA: usb-audio: Check presence of valid altsetting control
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
  (git-fixes).
- ALSA: hda/realtek: Fix the external mic not being recognised
  for Acer Swift 1 SF114-32 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
  (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- ACPI: extlog: fix NULL pointer dereference check (git-fixes).
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on
  synchronous events (git-fixes).
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
  (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1
  and iMac12,2 (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad
  X131e (3371 AMD version) (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
  (git-fixes).
- ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
  (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
  (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
  (git-fixes).
- ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
- commit 728134a

- efivarfs: force RO when remounting if SetVariable is not
  supported (bsc#1220328 CVE-2023-52463).
- commit 6239d33

- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
  CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
  CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
  CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
  CVE-2023-52447).
- commit b7359fc

- btrfs: fix double free of anonymous device after snapshot
  creation failure (bsc#1219126 CVE-2024-23850).
- commit f8ba729

- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
  (bsc#1220238 CVE-2023-52449).
- commit c132b67

- fs/mount_setattr: always cleanup mount_kattr (bsc#1220457
  CVE-2021-46923).
- commit 89afe2f

- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
  CVE-2023-52447).
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
  CVE-2023-52447).
- commit bec1c61

- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
  CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
  CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
  CVE-2023-52447).
- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
  CVE-2023-52447).
- bpf: Defer the free of inner map when necessary (bsc#1220251
  CVE-2023-52447).
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
  CVE-2023-52447).
- commit aa6db76

- Update patch reference for HID fix (CVE-2023-52478 bsc#1220796)
- commit 4aec836

- Update patch reference for input fix (CVE-2023-52475 bsc#1220649)
- commit 00a87c8

- topology/sysfs: Add PPIN in sysfs under cpu topology  (jsc#PED-7618).
- Refresh
  patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch.
- commit e74360b

- topology/sysfs: Add format parameter to macro defining "show"  functions for proc (jsc#PED-7618).
- Refresh
  patches.suse/drivers-base-fix-userspace-break-from-using-bin_attr.patch.
- commit 978a12d

- x86/cpu: X86_FEATURE_INTEL_PPIN finally has a CPUID bit (jsc#PED-7618).
- Refresh patches.suse/x86-speculation-disable-rrsba-behavior.patch.
- commit f7bed0d

- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation
  cache (bsc#1220326, CVE-2024-26598).
- commit 74fd0dd

- scsi: lpfc: Replace deprecated strncpy() with strscpy()
  (bsc#1220021).
- scsi: lpfc: Copyright updates for 14.4.0.0 patches
  (bsc#1220021).
- scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: Change lpfc_vport load_flag member into a bitmask
  (bsc#1220021).
- scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask
  (bsc#1220021).
- scsi: lpfc: Protect vport fc_nodes list with an explicit spin
  lock (bsc#1220021).
- scsi: lpfc: Change nlp state statistic counters into atomic_t
  (bsc#1220021).
- scsi: lpfc: Remove shost_lock protection for fc_host_port
  shost APIs (bsc#1220021).
- scsi: lpfc: Move handling of reset congestion statistics events
  (bsc#1220021).
- scsi: lpfc: Save FPIN frequency statistics upon receipt of
  peer cgn notifications (bsc#1220021).
- scsi: lpfc: Add condition to delete ndlp object after sending
  BLS_RJT to an ABTS (bsc#1220021).
- scsi: lpfc: Fix failure to delete vports when discovery is in
  progress (bsc#1220021).
- scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN
  processing for ndlps (bsc#1220021).
- scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute
  for Fabric nodes (bsc#1220021).
- scsi: lpfc: Remove D_ID swap log message from trace event logger
  (bsc#1220021).
- scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's
  length (bsc#1220021).
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
  (bsc#1220021).
- scsi: lpfc: Initialize status local variable in
  lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal
  (bsc#1220021).
- PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
- commit 41ec061

- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (bsc#1220335, CVE-2024-26603).
- commit 4cbbdbf

- Update patch reference for NFC fix (CVE-2021-46924 bsc#1220459)
- commit 8ac32a8

- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- commit 71868f2

- media: pvrusb2: fix use after free on context disconnection
  (CVE-2023-52445 bsc#1220241).
- commit e4643a5

- RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
- commit 62d6d3a

- RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
- Delete patches.suse/EDAC-amd64-Add-MI300-row-retirement-support.patch.
- commit 3cc5727

- uio: Fix use-after-free in uio_open (bsc#1220140
  CVE-2023-52439).
- commit fbf52b1

- apparmor: avoid crash when parsed profile name is empty
  (CVE-2023-52443 bsc#1220240).
- commit 732bc93

- ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
- commit c9fe433

- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- commit 6df2cbb

- xfs: short circuit xfs_growfs_data_private() if delta is zero
  (git-fixes).
- commit fcba050

- xfs: remove unused fields from struct xbtree_ifakeroot
  (git-fixes).
- commit 86da8f9

- fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
- commit 595274a

- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
  (git-fixes).
- commit 8b6113c

- nilfs2: fix data corruption in dsync block recovery for small
  block sizes (git-fixes).
- commit 3bf00f7

- jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
- commit 95bef1f

- jfs: fix uaf in jfs_evict_inode (git-fixes).
- commit d7a8248

- jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit e676b4f

- jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
- commit fc7d276

- UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
- commit bcf9251

- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit 9b22efe

- afs: Increase buffer size in afs_update_volume_status()
  (git-fixes).
- commit dd84cc3

- afs: Hide silly-rename files from userspace (git-fixes).
- commit 3ff836d

- afs: fix the usage of read_seqbegin_or_lock() in
  afs_find_server*() (git-fixes).
- commit c7a2b9c

- afs: fix the usage of read_seqbegin_or_lock() in
  afs_lookup_volume_rcu() (git-fixes).
- commit 4fa847b

- btrfs: do not ASSERT() if the newly created subvolume already
  got read (bsc#1219126 CVE-2024-23850).
- commit 087f1fb

- Update
  patches.suse/sched-membarrier-reduce-the-ability-to-hammer-on-sys.patch
  (git-fixes, bsc1220398, CVE-2024-26602).
- commit 7349e3e

- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- commit edd994d

- i2c: i801: Fix block process call transactions (bsc#1220009
  CVE-2024-26593).
- commit 1b64da9

- RDMA/core: Fix uninit-value access in ib_get_eth_speed()
  (bsc#1219934).
- commit 3ebf8e4

- mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243
  CVE-2024-26586).
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
  error path (bsc#1220344 CVE-2024-26595).
- commit 6e8b589

- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464)
- commit 369d1fd

- RDMA/core: Get IB width and speed from netdev (bsc#1219934).
- commit 24279f3

- KVM: s390: vsie: fix race during shadow creation (git-fixes
  bsc#1220393).
- commit 72fd28e

- Update config files.
  Cleanup with run_oldconfig.sh
- commit ef734e5

- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
- commit 8d2ffe7

- supported.conf: remove external flag from IBM supported modules.
  (bsc#1209412)
- commit a25e99f

- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-fixes)
- commit 7e2b55c

- arm64: irq: set the correct node for shadow call stack (git-fixes)
- commit b343796

- arm64: irq: set the correct node for VMAP stack (git-fixes)
- commit f682ae8

- blacklist.conf: ("arm64: lib: Import latest version of Arm Optimized Routines' strncmp")
- commit 88ead84

- Refresh sorted patches.
- commit 9f45380

- powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features
  (bsc#1220348).
- powerpc/pseries: Add a clear modifier to ibm,pa/pi-features
  parser (bsc#1220348).
- commit 7e988f6

- usb: gadget: ncm: Avoid dropping datagrams of properly parsed
  NTBs (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet
  (git-fixes).
- usb: cdns3: fixed memory use after free at
  cdns3_gadget_ep_disable() (git-fixes).
- usb: roles: don't get/set_role() when usb_role_switch is
  unregistered (git-fixes).
- usb: roles: fix NULL pointer issue when put module's reference
  (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting CDNSP family
  controllers (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- USB: serial: option: add Fibocom FM101-GL variant (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
  (git-fixes).
- USB: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
- commit 6aacbee

- s390: use the correct count for __iowrite64_copy() (git-fixes
  bsc#1220317).
- commit 3d0908e

- md: bypass block throttle for superblock update (bsc#1220154,
  CVE-2023-52437).
- commit 3b94bb4

- cachefiles: fix memory leak in cachefiles_add_cache()
  (bsc#1220267).
- commit 9bb720c

- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
  (bsc#1220253 CVE-2023-52448).
- commit 12cdab5

- platform/x86: thinkpad_acpi: Only update profile if successfully
  converted (git-fixes).
- platform/x86: touchscreen_dmi: Allow partial (prefix) matches
  for ACPI names (git-fixes).
- commit d153a3a

- USB: gadget: core: adjust uevent timing on gadget unbind
  (git-fixes).
- commit e3b30d8

- blacklist.conf: entry for usb/gadget/udc/core that has been reverted
- commit 50292b0

- mm,page_owner: Update Documentation regarding page_owner_stacks
  (jsc-PED#7423).
- commit 96f4587

- mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
- commit e683246

- mm,page_owner: Display all stacks and their count
  (jsc-PED#7423).
- commit cfad590

- mm,page_owner: Implement the tracking of the stacks count
  (jsc-PED#7423).
- commit 4c2de65

- mm,page_owner: Maintain own list of stack_records structs
  (jsc-PED#7423).
- commit 91e49cb

- scsi: ibmvfc: Open-code reset loop for target reset
  (bsc#1220106).
- commit 8ab46b6

- scsi: ibmvfc: Limit max hw queues by num_online_cpus()
  (bsc#1220106).
- commit 648a1af

- lib/stackdepot: Move stack_record struct definition into the
  header (jsc-PED#7423).
- commit 6077ffb

- lib/stackdepot: Fix first entry having a 0-handle
  (jsc-PED#7423).
- commit 992fd7d

- lib/stackdepot: add refcount for records (jsc-PED#7423).
- commit 714c529

- sched/membarrier: reduce the ability to hammer on sys_membarrier
  (git-fixes).
- commit 050cced

- lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
- commit 2786362

- RDMA/srpt: fix function pointer cast warnings (git-fixes)
- commit dac438c

- RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
- commit b146859

- RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
- commit 8d48d24

- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
- commit da3f72a

- RDMA/irdma: Add AE for too many RNRS (git-fixes)
- commit f63a394

- RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
- commit 3b512eb

- RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
- commit 98f2343

- RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
- commit 83211d5

- RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
- commit 675dc2d

- RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
- commit c51f388

- IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
- commit 2afc750

- x86/mm: Fix memory encryption features advertisement (bsc#1206453).
- commit 143c33b

- rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE
  Introduced by commit 68fb3ca0e408 ("update workarounds for gcc "asm
  goto" issue").
- commit be1bdab

- net: openvswitch: limit the number of recursions from action
  sets (bsc#1219835 CVE-2024-1151).
- commit ed2fd55

- scsi: core: Move scsi_host_busy() out of host lock if it is
  for per-command (git-fixes).
- commit 65a3d05

- mfd: syscon: Fix null pointer dereference in
  of_syscon_register() (git-fixes).
- commit ac6a500

- powerpc/64: Set task pt_regs->link to the LR value on scv entry
  (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y
  (bsc#1194869).
- powerpc/watchpoints: Annotate atomic context in more places
  (bsc#1194869).
- powerpc/watchpoint: Disable pagefaults when getting user
  instruction (bsc#1194869).
- powerpc/watchpoints: Disable preemption in thread_change_pc()
  (bsc#1194869).
- powerpc/pseries: Rework lppaca_shared_proc() to avoid
  DEBUG_PREEMPT (bsc#1194869).
- powerpc: Don't include lppaca.h in paca.h (bsc#1194869).
- powerpc/powernv: Fix fortify source warnings in opal-prd.c
  (bsc#1194869).
- commit 148ec5a

- modpost: trim leading spaces when processing source files list
  (git-fixes).
- kbuild: Fix changing ELF file type for output of gen_btf for
  big endian (git-fixes).
- irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit
  (git-fixes).
- driver core: Fix device_link_flag_is_sync_state_only()
  (git-fixes).
- iio: accel: bma400: Fix a compilation problem (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value
  read from RM3100_REG_TMRC (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- commit 55c0c3a

- compute-PATCHVERSION: Do not produce output when awk fails
  compute-PATCHVERSION uses awk to produce a shell script that is
  subsequently executed to update shell variables which are then printed
  as the patchversion.
  Some versions of awk, most notably bysybox-gawk do not understand the
  awk program and fail to run. This results in no script generated as
  output, and printing the initial values of the shell variables as
  the patchversion.
  When the awk program fails to run produce 'exit 1' as the shell script
  to run instead. That prevents printing the stale values, generates no
  output, and generates invalid rpm spec file down the line. Then the
  problem is flagged early and should be easier to diagnose.
- commit 8ef8383

- Drop bcm5974 input patch causing a regression (bsc#1220030)
- commit cdfe144

- nvme-fabrics: fix I/O connect error handling (git-fixes).
- commit 1cf32dd

- scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes
  bsc#1219141).
- scsi: Revert "scsi: fcoe: Fix potential deadlock on
  &fip->ctlr_lock" (git-fixes bsc#1219141).
- scsi: core: Move scsi_host_busy() out of host lock for waking
  up EH handler (git-fixes).
- scsi: isci: Fix an error code problem in isci_io_request_build()
  (git-fixes).
- scsi: mpi3mr: Refresh sdev queue depth after controller reset
  (git-fixes).
- commit bb93e52

- scsi: hisi_sas: Prevent parallel FLR and controller reset
  (git-fixes).
- Refresh
  patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch.
- commit 90473ca

- drm/amdgpu/display: Initialize gamma correction mode variable
  in dcn30_get_gamcor_current() (git-fixes).
- drm/amd/display: Fix possible NULL dereference on device
  remove/driver unload (git-fixes).
- Revert "drm/amd: flush any delayed gfxoff on suspend entry"
  (git-fixes).
- drm/amd/display: Fix possible buffer overflow in
  'find_dcfclk_for_voltage()' (git-fixes).
- drm/crtc: fix uninitialized variable use even harder
  (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- can: j1939: Fix UAF in j1939_sk_match_filter during
  setsockopt(SO_J1939_FILTER) (git-fixes).
- wifi: iwlwifi: uninitialized variable in
  iwl_acpi_get_ppag_table() (git-fixes).
- wifi: iwlwifi: Fix some error codes (git-fixes).
- spi-mxs: Fix chipselect glitch (git-fixes).
- spi: ppc4xx: Drop write-only variable (git-fixes).
- HID: wacom: generic: Avoid reporting a serial of '0' to
  userspace (git-fixes).
- HID: wacom: Do not register input devices until after
  hid_hw_start (git-fixes).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
  (git-fixes).
- hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- drm/msm/dpu: check for valid hw_pp in
  dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msm/dp: return correct Colorimetry for
  DP_TEST_DYNAMIC_RANGE_CEA case (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in
  BPC unknown case (git-fixes).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
  (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- crypto: ccp - Fix null pointer dereference in
  __sev_platform_shutdown_locked (git-fixes).
- commit 8c41a3a

- ALSA: usb-audio: More relaxed check of MIDI jack names
  (git-fixes).
- ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
  (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks
  table (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix device ID / model name
  (git-fixes).
- ALSA: usb-audio: Sort quirk table entries (git-fixes).
- ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
- ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
  (git-fixes).
- ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
  (git-fixes).
- commit 4ee9775

- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- commit 515312a

- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
  Also add mds_user_clear to kABI severities since it's strictly
  mitigation related so should be low risk.
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- commit f298aab

- netfs, fscache: Prevent Oops in fscache_put_cache()
  (bsc#1220003).
- commit 70831f5

- mm: memory-failure: fix potential unexpected return value from
  unpoison_memory() (git-fixes).
- commit 4c346fc

- netfilter: nf_tables: disallow rule removal from chain binding
  (bsc#1218216 CVE-2023-5197).
- commit dcfc62f

- netfilter: nf_tables: skip bound chain in netns release path
  (bsc#1218216 CVE-2023-5197).
- commit 29d741f

- netfilter: nf_tables: disallow rule removal from chain binding
  (bsc#1218216 CVE-2023-5197).
- commit d7a1a4d

- netfilter: nf_tables: skip bound chain in netns release path
  (bsc#1218216 CVE-2023-5197).
- commit af879c8

- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- commit e5b6bde

- mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE
  (bsc#1218663).
- commit d6fa958

- mm/hwpoison: mf_mutex for soft offline and unpoison
  (bsc#1218663).
- commit 177fcfa

- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
  (bsc#1219127 CVE-2024-23849).
- commit 43577c1

- Refresh
  patches.suse/scsi-lpfc-use-unsigned-type-for-num_sge.patch.
- commit 6b5c8aa

- USB: hub: check for alternate port before enabling
  A_ALT_HNP_SUPPORT (bsc#1218527).
- Delete patches.suse/usb-otg-numberpad-exception.patch.
  Removal of temporary work around
- commit 51410f7

- blacklist.conf: irrelevant in our configs
- commit 011570e

- dm: limit the number of targets and parameter size area
  (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
- commit 26dc83e

- usb: cdns3: Modify the return value of cdns_set_active ()
  to void when CONFIG_PM_SLEEP is disabled (git-fixes).
- Refresh patches.kabi/usb-cdns-readd-old-API.patch.
- commit f63fe1f

- usb: cdns: readd old API (git-fixes).
- commit e63cfaf

- usb: gadget: f_hid: fix report descriptor allocation
  (git-fixes).
- commit b1aee6d

- Refresh
  patches.suse/USB-dwc2-write-HCINT-with-INTMASK-applied.patch.
  moved into sorted section
- commit 19ade31

- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
  (git-fixes).
- commit e5f0b82

- usb: cdns3: Put the cdns set active part outside the spin lock
  (git-fixes).
- commit 86f2eb0

- USB: Gadget: core: Help prevent panic during UVC unconfigure
  (git-fixes).
- commit 00fdbf2

- usb: gadget: core: remove unbalanced mutex_unlock in
  usb_gadget_activate (git-fixes).
- commit 4803ff6

- usb: gadget: udc: Handle gadget_connect failure during bind
  operation (git-fixes).
- commit 70218de

- USB: gadget: core: Add missing kerneldoc for vbus_work
  (git-fixes).
- commit 25e9543

- usb: gadget: udc: core: Prevent soft_connect_store() race
  (git-fixes).
- commit eb5f8ac

- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
  (git-fixes).
- commit 7a7bf5a

- blacklist.conf: changed reason
  The old reason applied only to SP4. However
  this patch by coincidence still needs to be blacklisted in SP5
  for a completely different reason
- commit 5f8bebe

- USB: gadget: Fix obscure lockdep violation for udc_mutex
  (git-fixes).
- Refresh
  patches.suse/USB-gadget-Fix-use-after-free-during-usb-config-swit.patch.
- commit a8658e1

- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
  (git-fixes).
- commit 6205e50

- s390/qeth: Fix potential loss of L3-IP@ in case of network
  issues (git-fixes bsc#1219840).
- commit 4987d16

- KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
- commit 47fbb44

- Add reference to recently released CVE
- Update
  patches.suse/x86-entry-convert-int-0x80-emulation-to-idtentry.patch
  (bsc#1217927 CVE-2024-25744).
- Update
  patches.suse/x86-entry-do-not-allow-external-0x80-interrupts.patch
  (bsc#1217927 CVE-2024-25744).
- commit 1dc32d2

- nvme-host: fix the updating of the firmware version (git-fixes).
- commit 27cca59

- arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
- commit 8b0cea9

- arm64: entry: Simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- commit 713244d

- arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
- commit 2aa2cc1

- Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
  Fix following error when building kvmsmall config by removing left over
  declaration:
  [  216s] In file included from ../arch/x86/kernel/cpu/mce/core.c:52:0:
  [  216s] ../arch/x86/include/asm/mce.h:366:1: error: duplicate 'static'
  [  216s]  static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
  [  216s]  ^~~~~~
  [  216s] ../arch/x86/include/asm/mce.h:366:15: error: two or more data types in declaration specifiers
  [  216s]  static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
  [  216s]                ^~~~
  [  216s] ../arch/x86/include/asm/mce.h: In function 'mce_hygon_feature_init':
  [  216s] ../arch/x86/include/asm/mce.h:366:75: error: void value not ignored as it ought to be
  [  216s]  static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
  [  216s]                                                                            ^~~~~~~~~~~~~~~~~~~~~~~
  [  216s] ../arch/x86/include/asm/mce.h:366:50: error: control reaches end of non-void function [-Werror=return-type]
  [  216s]  static inline void mce_hygon_feature_init(struct cpuinfo_x86 *c) { return mce_amd_feature_init(c); }
- commit 7015e17

- arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443)
  Enable workaround.
- commit 72bb690

- arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443)
- Update config files.
- Refresh caps file
- commit 12d16a6

- arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443)
  Enable workaround without kABI break.
- Update config files.
- Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 2067234

- arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes)
  Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break
- Update config files
- Refresh patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 4d24e79

- Refresh patches.suse/EDAC-amd64-Use-new-AMD-Address-Translation-Library.patch.
  Fix build due to incomplete line removal
- commit 720d084

- vhost: use kzalloc() instead of kmalloc() followed by memset()
  (CVE-2024-0340, bsc#1218689).
- commit 4c5a740

- README.BRANCH: Update cve/linux-5.14 maintainers
  Add myself to match SLE15-SP5 consumer + fix typo in branch name.
- commit da26653

- Refresh patches.suse/nfsd-fix-RELEASE_LOCKOWNER.patch.
  Accidentally removed nfs4_get_stateowner
- commit ad106c0

- Bluetooth: Fix atomicity violation in {min,max}_key_size_set
  (git-fixes bsc#1219608 CVE-2024-24860).
- commit a1186fd

- Update
  patches.suse/Bluetooth-Fix-atomicity-violation-in-min-max-_key_si.patch
  (git-fixes bsc#1219608 CVE-2024-24860).
- commit dedfe8a

- README.BRANCH: update branch name to cve/linux-5.14, update maintainers
  as requested
- commit 8e34879

- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config
  (bsc#1219653)
  They are put into -devel subpackage. And a proper link to
  /usr/share/gdb/auto-load/ is created.
- commit 1dccf2a

- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- commit fb688f3

- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- commit a26a502

- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- commit 83df5af

- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- commit 761e3c8

- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- commit d6e1334

- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- commit f1baba4

- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- commit d6ad6ba

- netfilter: nf_tables: check if catch-all set element is active
  in next generation (CVE-2024-1085 bsc#1219429).
- commit 7b3f4c4

- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  (CVE-2024-1086 bsc#1219434).
- commit 5f917ff

- fs: indicate request originates from old mount API (git-fixes).
- commit 8ccbbb1

- tracefs: Add missing lockdown check to tracefs_create_dir()
  (git-fixes).
- commit 36d0f04

- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- commit b1a5e63

- attr: block mode changes of symlinks (git-fixes).
- commit c0d7be1

- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- commit 3a099ca

- kernfs: fix missing kernfs_idr_lock to remove an ID from the
  IDR (git-fixes).
- commit 5156b80

- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based
  tmpfs (git-fixes).
- commit a75bdfb

- fs: drop peer group ids under namespace lock (git-fixes).
- commit b6028f3

- nsfs: add compat ioctl handler (git-fixes).
- commit 38694b2

- aio: fix mremap after fork null-deref (git-fixes).
- commit 22e33d9

- fs: don't audit the capability check in simple_xattr_list()
  (git-fixes).
- commit 5b6e2cc

- mm: fs: initialize fsdata passed to write_begin/write_end
  interface (git-fixes).
- commit af45b4c

- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- commit 088d52b

- vfs: make freeze_super abort when sync_filesystem returns error
  (git-fixes).
- commit 6a3b59b

- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- commit 113e698

- Update
  patches.suse/drm-amdgpu-Fix-potential-fence-use-after-free-v2.patch
  (bsc#1219128 CVE-2023-51042 git-fixes).
- commit 4b937fc

- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()'
  (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in
  'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in
  'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in
  'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table'
  in 'get_platform_power_management_table()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070
  and SN6140 (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in
  'kfd_add_peer_prop()' (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()'
  (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in
  'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable
  (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases
  (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on
  same heap (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind
  time (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp
  (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- commit 3c1f8a7

- rpm/mkspec: sort entries in _multibuild
  Otherwise it creates unnecessary diffs when tar-up-ing. It's of course
  due to readdir() using "random" order as served by the underlying
  filesystem.
  See for example:
  https://build.opensuse.org/request/show/1144457/changes
- commit d1155de

- Revert "tracing: Increase trace array ref count on enable and
  filter files" (bsc#1219490).
  Deleted:
  patches.suse/tracing-Increase-trace-array-ref-count-on-enable-and-filter-files.patch
  patches.suse/tracing-Fix-uaf-issue-when-open-the-hist-or-hist_debug-file.patch
  patches.suse/tracing-Have-event-inject-files-inc-the-trace-array-ref-count.patch
  Backported commit f5ca233e2e66 ("tracing: Increase trace array ref count
  on enable and filter files") causes a kernel panic and its upstream
  fix-up bb32500fb9b7 ("tracing: Have trace_event_file have ref counters")
  cannot be easily backported because it affects kABI. Revert the commit
  and its two related + dependent patches, at least for now.
- commit b75b68d

- fs: Move notify_change permission checks into may_setattr
  (git-fixes).
- commit 9c54f53

- blacklist.conf: add 'nvme: fix error-handling for io_uring
  nvme-passthrough'
- commit 580a5ab

- nvme-rdma: Fix transfer length when write_generate/read_verify
  are 0 (git-fixes).
- commit b0bd240

- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context
  (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- commit 45d7afe

- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID
  reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after
  FDISC (bsc#1219582).
- scsi: lpfc: Change VMID driver load time parameters to read only
  (bsc#1219582).
- commit bb7c841

- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- commit 5e28675

- misc: fastrpc: Mark all sessions as invalid in cb_remove
  (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable
  (git-fixes).
- serial: max310x: improve crystal stable clock detection
  (git-fixes).
- serial: max310x: set default value when reading clock ready bit
  (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget
  (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: host: xhci-plat: Add support for
  XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- dmaengine: fix is_slave_direction() return false when
  DMA_DEV_TO_DEV (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools
  (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
  (git-fixes).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code
  (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor
  (git-fixes).
- commit 4d4442b

- Input: atkbd - do not skip atkbd_deactivate() when skipping
  ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping
  ATKBD_CMD_GETID (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic
  (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack
  (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls
  (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models
  (git-fixes).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
  (git-fixes).
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- firewire: core: correct documentation of fw_csr_string()
  kernel API (git-fixes).
- commit 2100750

- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- commit a1a4e04

- perf/x86/uncore: Use u64 to replace unsigned for the uncore
  offsets array (bsc#1219512).
- commit 1425233

- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
  bsc#1218730).
- commit 658d424

- fbdev: Only disable sysfb on the primary device (bsc#1216441)
  Update an existing patch to fix bsc#1216441.
- commit 1c5c5fe

- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
  XSA-448, bsc#1218836).
- commit 9a897ff

- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- commit fe7e152

- nouveau/vmm: don't set addr on the fail path to avoid warning
  (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable
  W/A (git-fixes).
- drm: Don't unref the same fb many times by mistake due to
  deadlock handling (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event
  (git-fixes).
- commit 962c8b3

- Update
  patches.suse/ext4-fix-kernel-BUG-in-ext4_write_inline_data_end.patch
  (CVE-2021-33631 bsc#1219412 bsc#1206894).
- commit 2260246

- kabi, vmstat: skip periodic vmstat update for isolated CPUs
  (bsc#1217895).
- commit 8cb5798

- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- trace,smp: Add tracepoints around remotelly called functions
  (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs
  (bsc#1217895).
- Refresh
  patches.suse/0002-kernel-smp-make-csdlock-timeout-depend-on-boot-param.patch.
- commit 668c0e0

- kernel-source: Fix description typo
- commit 8abff35

- nvmet-tcp: Fix the H2C expected PDU len calculation
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356).
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
  bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: fix a crash in nvmet_req_complete() (bsc#1217987
  bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
  CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
  PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
  CVE-2023-6536 CVE-2023-6356).
- commit d968940

- clocksource: disable watchdog checks on TSC when TSC is watchdog
  (bsc#1215885).
- commit b33ffd8

- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968
  bsc#1219349).
- commit e7c782d

- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
  (CVE-2023-47233 bsc#1216702).
- commit 433859d

- rpm/constraints.in: set jobs for riscv to 8
  The same workers are used for x86 and riscv and the riscv builds take
  ages. So align the riscv jobs count to x86.
- commit b2c82b9

- blacklist.conf: add a not-relevant module commit
- commit d1799c4

- tracing/trigger: Fix to return error if failed to alloc snapshot
  (git-fixes).
- commit 6a3a4f2

- blacklist.conf: Add bunch of uclamp fixups
  244226035a1f sched/uclamp: Fix fits_capacity() check in feec()
  b759caa1d9f6 sched/uclamp: Make select_idle_capacity() use util_fits_cpu()
  c56ab1b3506b sched/uclamp: Make cpu_overutilized() use util_fits_cpu()
  d81304bc6193 sched/uclamp: Cater for uclamp in find_energy_efficient_cpu()'s early exit condition
  6b00a4014765 sched/uclamp: Set max_spare_cap_cpu even if max_spare_cap is 0
- commit 6be119f

- platform/x86: ISST: Reduce noise for missing numa information
  in logs (bsc#1219285).
- commit 017b316

- tracing: Ensure visibility when inserting an element into
  tracing_map (git-fixes).
- commit 95dfb0f

- bpf: Limit the number of kprobes when attaching program to
  multiple kprobes (git-fixes).
- commit ecd4878

- ring-buffer: Do not record in NMI if the arch does not support
  cmpxchg in NMI (git-fixes).
- commit 2ced0ce

- tracing: Fix uaf issue when open the hist or hist_debug file
  (git-fixes).
- commit 8c95da9

- tracing: Add size check when printing trace_marker output
  (git-fixes).
- commit ea9dc7e

- tracing: Have large events show up as '[LINE TOO BIG]' instead of
  nothing (git-fixes).
- commit 57bb6f3

- asix: Add check for usbnet_get_endpoints (git-fixes).
- commit ce1c3e3

- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250
  (git-fixes).
- commit a726891

- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in
  the error case (git-fixes).
- commit b1d3207

- clocksource: Skip watchdog check for large watchdog intervals
  (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable()
  (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in
  .post_disable() (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma
  tm070jvhg[30/33] (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX
  transfer (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in
  gsc_runtime_resume (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane
  (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type
  (git-fixes).
- commit 0576231

- net: sched: sch_qfq: Use non-work-conserving warning handler
  (CVE-2023-4921 bsc#1215275).
- commit b50ba0e

- mkspec: Use variant in constraints template
  Constraints are not applied consistently with kernel package variants.
  Add variant to the constraints template as appropriate, and expand it
  in mkspec.
- commit cc68ab9

- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol
  It's an internal function that shouldn't have been exported
- commit eb24ddf

- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry
  (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels
  (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift()
  (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- pstore: ram_core: fix possible overflow in
  persistent_ram_init_ecc() (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference
  (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning
  (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where
  applicable (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of
  streamon (git-fixes).
- commit d4f3c53

- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5
  (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
  boost on HP ZBook (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx
  (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command
  (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic
  (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx
  (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab
  S10346 (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- ASoC: ops: add correct range check for limiting volume
  (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure
  (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration
  (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function
  (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to
  restricted __be16 (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path
  (git-fixes).
- commit f91e3c6

- Drop clk imx patch that was reverted in the stable tree
- commit ab74263

- Drop ASoC atmel patch that was reverted on stable tree
- commit 7e99407

- rpm/constraints.in: add static multibuild packages
  Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
  constraints on multibuild) added "kernel-source:" prefix to the
  dynamically generated kernels. But there are also static ones like
  kernel-docs. Those fail to build as the constraints are still not
  applied.
  So add the prefix also to the static ones.
  Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
  will ever be multibuilt...
- commit c2e0681

- Update
  patches.suse/drm-atomic-Fix-potential-use-after-free-in-nonblocki.patch
  (bsc#1219120 CVE-2023-51043 git-fixes).
- commit d004027

- Revert "Limit kernel-source build to architectures for which the kernel binary"
  This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
  The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a

- mkspec: Include constraints for both multibuild and plain package always
  There is no need to check for multibuild flag, the constraints can be
  always generated for both cases.
- commit 308ea09

- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
  Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b

- scsi: hisi_sas: Correct the number of global debugfs registers
  (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed
  (git-fixes).
- commit 2336743

- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT
  (git-fixes).
- Refresh
  patches.suse/scsi-hisi_sas-Add-more-logs-for-runtime-suspend-resume.patch.
- Refresh
  patches.suse/scsi-hisi_sas-Fix-rescan-after-deleting-a-disk.
- Refresh
  patches.suse/scsi-hisi_sas-Replace-with-standard-error-code-return-value.patch.
- Refresh
  patches.suse/scsi-hisi_sas-Use-libsas-internal-abort-support.patch.
- Refresh
  patches.suse/scsi-libsas-Don-t-always-drain-event-workqueue-for-HA-resume.patch.
- commit 6d49430

- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- commit afe2033

- rpm/kernel-source.rpmlintrc: add action-ebpf
  Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
  plugin) added this precompiled binary blob. Adapt rpmlintrc for
  kernel-source.
- commit b5ccb33

- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- commit ef8225f

- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA
  (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13
  (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common
  code (bsc#1219136).
- commit 4161e83

- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL
  (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming
  Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting
  Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols
  (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols
  (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies
  (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings
  (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform
  (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file
  (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and
  config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream
  (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver
  (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in
  pci probe call (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable
  interrupts functions (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for
  rembrandt platform (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence
  (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- commit 120d62d

- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table
  (bsc#1219136).
- commit 150a883

- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12
  (bsc#1219136).
- commit c977ecd

- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x
  (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG
  (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh
  platform (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions
  (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers
  (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x
  (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver
  (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the
  quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x
  (bsc#1219136).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx
  (8A42) (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false
  condition (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function
  (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop
  16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx
  (8A43) (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks
  (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain
  (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain
  (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain
  (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms
  (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver
  (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence
  (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation
  (bsc#1219136).
- ASoC: amd: acp: Add new cpu dai's in machine driver
  (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in
  create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in
  pdm driver (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers
  (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler
  (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic
  (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config
  (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table
  (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms
  (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table
  (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table
  (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver
  (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention
  (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine
  driver (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S
  controller (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header
  (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table
  (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks
  table (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo
  ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of
  devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc()
  (bsc#1219136).
- ASoC: amd: fix spelling mistake: "i.e" -> "i.e." (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build
  (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic
  (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver
  (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build
  (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic
  driver (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header
  (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic
  (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean
  (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream
  (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during
  pcm_open (bsc#1219136).
- commit 14632ae

- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- commit 3eba4f6

- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- commit ee809a9

- xhci: track port suspend state correctly in unsuccessful resume
  cases (git-fixes).
- commit 5f8b948

- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- commit a7b727f

- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- commit f3c4bfe

- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- commit 7e17ca6

- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- commit ed0fb4a

- blacklist.conf: ("arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer")
- commit 76fd77c

- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- commit 872bee1

- scsi: hisi_sas: Replace with standard error code return value
  (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: core: Always send batch on reset or error handling command
  (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle()
  (git-fixes).
- commit 3a87f07

- blacklist.conf: add commit that breaks kabi
- commit 4ab1644

- scsi: qla2xxx: Fix system crash due to bad pointer access
  (git-fixes).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from
  3 to 30 for selected registers (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in
  fc_lport_ptp_setup() (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall
  return code (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing
  debugfs (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing
  OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending
  PHY_START command (git-fixes).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump
  (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed
  (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param()
  (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing
  (git-fixes).
- commit d038b1c

- xhci: pass port pointer as parameter to xhci_set_port_power()
  (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- commit b297848

- USB: xhci: workaround for grace period (git-fixes).
- commit 66e1fb8

- xhci: Add grace period after xHC start to prevent premature
  runtime suspend (git-fixes).
- blacklist.conf: I wanted to avoid the kABI workaround for this, but it
  is needed; reinstate it.
- Refresh
  patches.suse/xhci-remove-unused-command-member-from-struct-xhci_h.patch.
- commit e6ea339

- scripts/tar-up.sh: don't add spurious entry from kernel-sources.changes.old
  The previous change added the manual entry from kernel-sources.change.old
  to old_changelog.txt unnecessarily.  Let's fix it.
- commit fb033e8

- Update
  patches.suse/ext4-improve-error-recovery-code-paths-in-__ext4_rem.patch
  (bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit 97ea702

- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- commit e0e972e

- blacklist.conf: add 4fbc3a52cd4d ("RDMA/core: Fix umem iterator when PAGE_SIZE is greater then HCA pgsz")
- commit 294e9b8

- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- commit 345f1ff

- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- commit 4a6aa38

- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- commit 281db3f

- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- commit 63679fd

- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- commit 3c73c12

- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- commit 8cc2bd1

- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- commit 8d9fb90

- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- commit e242a3d

- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- commit 29a41f7

- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- commit 538f2e3

- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- commit 263fc9c

- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- commit 59ab729

- rpm/kernel-docs.spec.in: fix build with 6.8
  Since upstream commit f061c9f7d058 (Documentation: Document each netlink
  family), the build needs python yaml.
- commit 6a7ece3

- scsi: hisi_sas: Modify v3 HW SSP underflow error processing
  (git-fixes).
- Refresh
  patches.suse/scsi-hisi_sas-Handle-NCQ-error-when-IPTT-is-valid.patch.
- commit 44aa3a5

- blacklist.conf: kABI
- commit d83f18a

- blacklist.conf: kABI
- commit 59ff7e1

- Update patch reference for ax88179 fix (bsc#1218948)
- commit 5a21b74

- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize
  hv_nmi_unknown() (git-fixes).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM
  (git-fixes).
- commit 7633c65

- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel
  null pointer (git-fixes).
- commit 3bf351b

- dmaengine: fix NULL pointer in channel unregistration function
  (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type
  on io.h (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer
  (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs
  (git-fixes).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init
  (git-fixes).
- apparmor: avoid crash when parsed profile name is empty
  (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360
  13-ay0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models
  (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info
  table (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix a potential error pointer dereference
  (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32
  bps format (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- commit 091325f

- net: usb: ax88179_178a: avoid two consecutive device resets
  (bsc#1218948).
- net: usb: ax88179_178a: Bind only to vendor-specific interface
  (bsc#1218948).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- commit d91b154

- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- commit ad625bb

- badblocks: avoid checking invalid range in badblocks_check()
  (bsc#1174649).
- badblocks: switch to the improved badblock handling code
  (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges
  handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges
  handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling
  (bsc#1174649).
- badblocks: add helper routines for badblock ranges handling
  (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h
  (bsc#1174649).
- commit 6a46786

- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- commit 4ac18f0

- perf/x86/intel/uncore: Factor out topology_gidnid_map()
  (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in
  upi_fill_topology() (bsc#1218958).
- commit fe3658c

- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- Refresh
  patches.suse/net-usb-ax88179_178a-wol-optimizations.patch.
- commit 8b1488e

- s390/vfio-ap: let on_scan_complete() callback filter matrix
  and update guest's APCB (git-fixes bsc#1219014).
- commit b83db20

- s390/vfio-ap: loop over the shadow APCB when filtering guest's
  AP configuration (git-fixes bsc#1219013).
- commit 0f291d1

- s390/vfio-ap: always filter entire AP matrix (git-fixes
  bsc#1219012).
- commit a461bd5

- s390/pci: fix max size calculation in zpci_memcpy_toio()
  (git-fixes bsc#1219006).
- commit 18b0ac3

- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h
  (git-fixes).
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling
  mode (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- pwm: jz4740: Don't use dev_err_probe() in .request()
  (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate()
  (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault
  (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
  (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer
  (git-fixes).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for
  mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq
  (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg
  enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled
  (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart
  (git-fixes).
- Revert "usb: dwc3: don't reset device side if dwc3 was
  configured as host-only" (git-fixes).
- Revert "usb: dwc3: Soft reset phy on probe for host"
  (git-fixes).
- Revert "usb: typec: class: fix typec_altmode_put_partner to
  put plugs" (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency
  (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during
  probe (git-fixes).
- serial: imx: Correct clock error message in function probe()
  (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable()
  fails (git-fixes).
- serial: 8250: omap: Don't skip resource freeing if
  pm_runtime_resume_and_get() failed (git-fixes).
- software node: Let args be NULL in
  software_node_get_reference_args (git-fixes).
- acpi: property: Let args be NULL in
  __acpi_node_get_property_reference (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: don't ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers
  (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing
  TREs (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer
  (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs
  (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- pinctrl: intel: Revert "Unexport intel_pinctrl_probe()"
  (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate
  (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags
  (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen
  machines and ASM108x/VT630x PCIe cards (git-fixes).
- mmc: core: Cancel delayed work before releasing host
  (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- commit 050b9b3

- blacklist.conf: documentation fix
- commit 056879c

- KVM: s390: vsie: Fix STFLE interpretive execution identification
  (git-fixes bsc#1218997).
- commit a78caf7

- nvme: move nvme_stop_keep_alive() back to original position
  (bsc#1211515).
- commit d640b69

- netfilter: nf_tables: Reject tables of unsupported family
  (bsc#1218752 CVE-2023-6040).
- commit e03f1d3

- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme-loop: always quiesce and cancel commands before destroying
  admin q (bsc#1211515).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue()
  (bsc#1211515).
- commit f407c87

- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- commit 79783f0

- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path
  (git-fixes).
- commit cc469c7

- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under
  @c->lp_mutex (git-fixes).
- commit d5d1991

- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
  CVE-2024-0641).
- commit d898738

- Drop PCI vmd patches that caused a regression (bsc#1218005)
  Deleted:
  patches.suse/PCI-vmd-Fix-secondary-bus-reset-for-Intel-bridges.patch
  patches.suse/PCI-vmd-Fix-uninitialized-variable-usage-in-vmd_enab.patch
- commit 1697177

- tipc: fix a potential deadlock on &tx->lock (bsc#1218916
  CVE-2024-0641).
- commit 7953be2

- Update metadata
- commit c015ae2

- smb: client: fix OOB in receive_encrypted_standard()
  (bsc#1218832 CVE-2024-0565).
- commit 3cac9c2

- smb: client: fix OOB in receive_encrypted_standard()
  (bsc#1218832 CVE-2024-0565).
- commit e9083ae

- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- commit b54373d

- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- commit 69805de

- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- commit 17233cd

- IB/iser: Prevent invalidating wrong MR (git-fixes)
- commit 3e4d18d

- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- commit c22413e

- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- commit 366f439

- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- commit bb70cd4

- Documentation: Begin a RAS section (jsc#PED-7622).
- commit b55cb06

- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- commit 2a68e97

- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- commit 44e51c1

- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- commit 05504bb

- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- commit ea69eb6

- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- Refresh
  patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch.
- commit 7126e83

- ida: Fix crash in ida_free when the bitmap is empty (bsc#1218804
  CVE-2023-6915).
- commit 7caa324

- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- commit 12e7799

- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- commit 1360d63

- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- commit 289eab7

- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- commit ac44ea2

- platform/x86: use PLATFORM_DEVID_NONE instead of -1  (jsc#PED-7620).
- Refresh
  patches.suse/platform-x86-amd-pmc-remove-CONFIG_DEBUG_FS-checks.patch.
- commit 9b51c97

- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- commit 58aa5aa

- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- commit f30c55c

- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- commit ffa78e3

- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- commit cfe246e

- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- Refresh
  patches.suse/PCI-Prevent-xHCI-driver-from-claiming-AMD-VanGogh-US.patch.
- commit cb392fd

- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- Refresh
  patches.suse/edac-add-rddr5-and-lrddr5-memory-types.patch.
- commit eca21a4

- usb: otg numberpad exception (bsc#1218527).
- commit 3d70e84

- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- commit 16c2c66

- EDAC/amd64: Remove module version string (jsc#PED-7615).
- commit b84231c

- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- commit b7d2f10

- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- commit ea43a00

- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- commit 2c6263f

- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- commit 375eb6a

- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- commit 2903760

- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- commit 9071635

- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- commit 21842b7

- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- commit 93157a0

- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- commit 01c4123

- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- commit 59d41b9

- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- commit ddb7d7a

- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- commit cb412ef

- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- commit f32e3e6

- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- commit e87aae6

- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- commit 555ada3

- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- commit 8839a23

- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- commit 9f0bb93

- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- commit 13890aa

- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false  positive (jsc#PED-7615).
- commit 78d7b48

- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- commit a00b2ae

- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- commit 49bc10d

- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- commit c2e9755

- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- commit 320ccbc

- EDAC/amd64: Don't set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- commit 85a16a7

- EDAC/amd64: Add context struct (jsc#PED-7615).
- commit 98c3472

- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- commit d8a1ed8

- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- commit deabf4e

- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- commit c071d82

- s390: vfio-ap: tighten the NIB validity check (git-fixes)
  blacklist.conf: the reason for valid for SLE15-SP4, not so much for SP5
- commit fbc62d2

- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- commit 854c05d

- blacklist.conf: not a fix
- commit e48ddb7

- Delete
  patches.suse/s390-sles15sp2-kdump-fix-out-of-memory-with-PCI.patch.
  Patch obsoleted by 73045a08cf55 ("s390: unify identity mapping limits
  handling")
- commit efb62ac

- s390/dasd: fix double module refcount decrement (bsc#1141539).
- commit 3b938a7

- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- commit a6bc99c

- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- commit 36e1498

- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- commit aa5d7f2

- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- commit cf6ac73

- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- commit 1e7e6ff

- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- commit 86846ee

- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- commit 6ecb7b5
coreutils
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
  - add coreutils-tail-fix-tailing-sysfs-files-where-PAGE_SIZE-BUFSIZ.patch
cpio
- Fix cpio not working after the fix in bsc#1218571, fixes bsc#1219238
  * fix-bsc1219238.patch
crmsh
- Update to version 4.5.1+20240220.de17a142:
  * Fix: report: Escape special characters in pattern (bsc#1220022)

- Update to version 4.5.1+20240124.63fbb492:
  * Fix: bootstrap: ssh key of the init node is duplicated in the authorized_keys files of other node (bsc#1218940)
  * Fix: parallax: refine error message when parallax fails to perform passwordless authentication (bsc#1218940)
  * Fix: ui_cluster: Improve the process of 'crm cluster stop' (bsc#1213889)
  * Dev: report: Redirect warning and error from remote node into stderr
  * Fix: utils: Add 'sudo' only when there is a sudoer(bsc#1215549)
samba
-  fd_handle_destructor() panics within an smbd_smb2_close()
  if vfs_stat_fsp() fails in fd_close(); (bso#15527);
  (bsc#1219937).

- Remove -x from bash shebang update-apparmor-samba-profile;
  (bsc#1218431).
curl
- Security fix: [bsc#1221665, CVE-2024-2004]
  * Usage of disabled protocol
  * Add curl-CVE-2024-2004.patch

- Security fix: [bsc#1221667, CVE-2024-2398]
  * curl: HTTP/2 push headers memory-leak
  * Add curl-CVE-2024-2398.patch
docker
- Add patch to fix bsc#1220339
  * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch

- Allow to disable apparmor support (ALP supports only SELinux)

- Vendor latest buildkit v0.11:
  Add patch 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch that
  vendors in the latest v0.11 buildkit branch including bugfixes for the following:
  * bsc#1219438: CVE-2024-23653
  * bsc#1219268: CVE-2024-23652
  * bsc#1219267: CVE-2024-23651
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- switch from %patchN to %patch -PN syntax
- remove unused rpmlint filters and add filters to silence pointless bash & zsh
  completion warnings
dracut
- Update to version 055+suse.382.g80b55af2:
  * fix(dracut): correct regression with multiple `rd.break=` options (bsc#1221675)
  * fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841)
  * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
  * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083)
expat
- Security fix (boo#1221289, CVE-2024-28757): XML Entity Expansion
  attack when there is isolated use of external parsers.
  * Added expat-CVE-2024-28757.patch

- Security fix:
  * (CVE-2023-52425, bsc#1219559) denial of service (resource
    consumption) caused by processing large tokens.
  - Added patch expat-CVE-2023-52425-1.patch
  - Added patch expat-CVE-2023-52425-2.patch
  - Added patch expat-CVE-2023-52425-backport-parser-changes.patch
  - Added patch expat-CVE-2023-52425-fix-tests.patch
glibc
- iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound
  writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

- duplocale-global-locale.patch: duplocale: protect use of global locale
  (bsc#1220441, BZ #23970)

- qsort-invalid-cmp.patch: qsort: handle degenerated compare function
  (bsc#1218866)

- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
  EAI_MEMORY (bsc#1217589, BZ #31163)

- aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr
  (bsc#1217445, BZ #31113)
gnutls
- Security fix: [bsc#1221747, CVE-2024-28835]
  * gnutls: certtool crash when verifying a certificate chain
  * Add gnutls-CVE-2024-28835.patch

- Security fix: [bsc#1221746, CVE-2024-28834]
  * gnutls: side-channel in the deterministic ECDSA
  * Add gnutls-CVE-2024-28834.patch

- jitterentropy: Release the memory of the entropy collector when
  using jitterentropy with phtreads as there is also a
  pre-intitization done in the main thread. [bsc#1221242]
  * Add gnutls-FIPS-jitterentropy-deinit-threads.patch

- Security fix: [bsc#1218862, CVE-2024-0567]
  * gnutls: rejects certificate chain with distributed trust
  * Cockpit (which uses gnuTLS) rejects certificate chain with
    distributed trust.
  * Add gnutls-CVE-2024-0567.patch

- Security fix: [bsc#1218865, CVE-2024-0553]
  * Incomplete fix for CVE-2023-5981.
  * The response times to malformed ciphertexts in RSA-PSK
    ClientKeyExchange differ from response times of ciphertexts
    with correct PKCS#1 v1.5 padding.
  * Add gnutls-CVE-2024-0553.patch
graphviz
- VUL-0: CVE-2023-46045: graphviz: out-of-bounds read via a crafted config6a file
  bsc#1219491
  A gvc-detect-plugin-installation-failure-and-display-an-error.patch
grub2
- Fix LPAR falls into grub shell after installation with lvm (bsc#1221866)
  * 0001-ofdisk-Enhance-canonical-path-handling-for-bootpath.patch

- Fix memdisk becomes the default boot entry, resolving no graphic display
  device error in guest vnc console (bsc#1221779)
  * grub2-xen-pv-firmware.cfg

- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
  (bsc#1219248) (bsc#1181762)
  * grub2-xen-pv-firmware.cfg
  * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch

- Fix PowerPC grub loads 5 to 10 minutes slower on SLE-15-SP5 compared to
  SLE-15-SP2 (bsc#1217102)
  * add 0001-ofdisk-enhance-boot-time-by-focusing-on-boot-disk-re.patch
  * add 0002-ofdisk-add-early_log-support.patch
hawk2
- Update to version 2.6.4+git.1708604510.dc8c081f:
  * Enable ACL (bsc#1214396,bsc#1219548)
kdump
- dracut: always create fstab, even if empty (bsc#1218494)
- fix NOSPLIT option
- Honor the KDUMP_VERBOSE setting in kdump-save
krb5
- Fix memory leaks, add patch 0010-Fix-three-memory-leaks.patch
  * CVE-2024-26458, bsc#1220770
  * CVE-2024-26461, bsc#1220771
  * CVE-2024-26462, bsc#1220772
resource-agents
- resource-agents:azure-lb IPv6 support (bsc#1220997)
  Add patch:
    0001-Support-IPv6-with-Azure-load-balncer.patch
less
- Fix CVE-2022-48624, LESSCLOSE handling in less does not quote shell
  metacharacters, bsc#1219901
  * CVE-2022-48624.patch
gcc13
- Add gcc13-pr111731.patch to fix unwinding for JIT code.
  [bsc#1221239]

- Revert libgccjit dependency change.  [boo#1220724]

- Fix libgccjit-devel dependency, a newer shared library is OK.
- Fix libgccjit dependency, the corresponding compiler isn't required.

- Use %patch -P N instead of %patchN.

- Add gcc13-sanitizer-remove-crypt-interception.patch to remove
  crypt and crypt_r interceptors.  The crypt API change in SLE15 SP3
  breaks them.  [bsc#1219520]

- Update to gcc-13 branch head, 67ac78caf31f7cb3202177e642, git8285
- Add gcc13-pr88345-min-func-alignment.diff to add support for
  - fmin-function-alignment.  [bsc#1214934]

- Use %{_target_cpu} to determine host and build.

- Update to gcc-13 branch head, fc7d87e0ffadca49bec29b2107, git8250
  * Includes fix for building TVM.  [boo#1218492]

- Add cross-X-newlib-devel requires to newlib cross compilers.
  [boo#1219031]

- Package m2rte.so plugin in the gcc13-m2 sub-package rather than
  in gcc13-devel.  [boo#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs
  are linked against libstdc++6.

- Update to gcc-13 branch head, 36ddb5230f56a30317630a928, git8205

- Update to gcc-13 branch head, 741743c028dc00f27b9c8b1d5, git8109
  * Includes fix for building mariadb on i686.  [bsc#1217667]
  * Remove pr111411.patch contained in the update.

- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
  cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
  %product_libs_llvm_ver where available and adjust tool discovery
  accordingly.  This should also properly trigger re-builds when
  the patchlevel version of llvmVER changes, possibly changing
  the binary names we link to.  [bsc#1217450]
avahi
- Add avahi-CVE-2023-38471.patch: Extract host name using
  avahi_unescape_label (bsc#1216594, CVE-2023-38471).
- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
  records (bsc#1216598, CVE-2023-38469).
util-linux
- Properly neutralize escape sequences in wall
  (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
  and its prerequisites: util-linux-fputs_careful1.patch,
  util-linux-wall-migrate-to-memstream.patch
  util-linux-fputs_careful2.patch).
c-ares
- CVE-2024-25629.patch: fix out of bounds read in ares__read_line()
  (bsc#1220279, CVE-2024-25629)
duktape
- Ship libduktape206-32bit: needed by libproxy since version 0.5.
mozilla-nss
- update to NSS 3.90.2
  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
    decryption in TLS. (bsc#1216198)
  * bmo#1867408 - add a defensive check for large ssl_DefSend
    return values.
ncurses
- Add patch ncurses-6.1-bsc1220061.patch (bsc#1220061, CVE-2023-45918)
  * Backport from ncurses-6.4-20230615.patch
    improve checks in convert_string() for corrupt terminfo entry
nftables
- port python-single-spec logic from Factory package to allow shipment of
  python311 modules as well (bsc#1219253).
nghttp2
- security update
- added patches
  fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + nghttp2-CVE-2024-28182-1.patch
  fix CVE-2024-28182-2 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
  + nghttp2-CVE-2024-28182-2.patch
openssl-1_1
- Security fix: [bsc#1219243, CVE-2024-0727]
  * Add NULL checks where ContentInfo data can be NULL
  * Add openssl-CVE-2024-0727.patch
polkit
- Change permissions for rules folders (bsc#1209282)
protobuf
- update to 25.1:
  * Raise warnings for deprecated python syntax usages
  * Add support for extensions in CRuby, JRuby, and FFI Ruby
  * Add support for options in CRuby, JRuby and FFI (#14594)
- update to 25.0:
  * Implement proto2/proto3 with editions
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add utf8_validation feature back to the global feature set.
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Merge the protobuf and upb Bazel repos
  * Editions: Introduce functionality to protoc for generating
    edition feature set defaults.
  * Editions: Migrate edition strings to enum in C++ code.
  * Create a reflection helper for ExtensionIdentifier.
  * Editions: Provide an API for C++ generators to specify their
    features.
  * Editions: Refactor feature resolution to use an intermediate
    message.
  * Publish extension declarations with declaration
    verifications.
  * Editions: Stop propagating partially resolved feature sets to
    plugins.
  * Editions: Migrate string_field_validation to a C++ feature
  * Editions: Include defaults for any features in the generated
    pool.
  * Protoc: parser rejects explicit use of map_entry option
  * Protoc: validate that reserved range start is before end
  * Protoc: support identifiers as reserved names in addition to
    string literals (only in editions)
  * Drop support for Bazel 5.
  * Allow code generators to specify whether or not they support
    editions.
  [#] C++
  * Set `PROTOBUF_EXPORT` on
    `InternalOutOfLineDeleteMessageLite()`
  * Update stale checked-in files
  * Apply PROTOBUF_NOINLINE to declarations of some functions
    that want it.
  * Implement proto2/proto3 with editions
  * Make JSON UTF-8 boundary check inclusive of the largest
    possible UTF-8 character.
  * Reduce `Map::size_type` to 32-bits. Protobuf containers can't
    have more than that
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    oneof accessors.
  * Fix bug in reflection based Swap of map fields.
  * Add utf8_validation feature back to the global feature set.
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Add prefetching to arena allocations.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    repeated and map field accessors.
  * Editions: Migrate edition strings to enum in C++ code.
  * Create a reflection helper for ExtensionIdentifier.
  * Editions: Provide an API for C++ generators to specify their
    features.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    string field accessors.
  * Editions: Refactor feature resolution to use an intermediate
    message.
  * Fixes for 32-bit MSVC.
  * Publish extension declarations with declaration
    verifications.
  * Export the constants in protobuf's any.h to support DLL
    builds.
  * Implement AbslStringify for the Descriptor family of types.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    message field accessors.
  * Editions: Stop propagating partially resolved feature sets to
    plugins.
  * Editions: Migrate string_field_validation to a C++ feature
  * Editions: Include defaults for any features in the generated
    pool.
  * Introduce C++ feature for UTF8 validation.
  * Protoc: validate that reserved range start is before end
  * Remove option to disable the table-driven parser in protoc.
  * Lock down ctype=CORD in proto file.
  * Support split repeated fields.
  * In OSS mode omit some extern template specializations.
  * Allow code generators to specify whether or not they support
    editions.
  [#] Java
  * Implement proto2/proto3 with editions
  * Remove synthetic oneofs from Java gencode field accessor
    tables.
  * Timestamps.parse: Add error handling for invalid
    hours/minutes in the timezone offset.
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    oneof accessors.
  * Add missing debugging version info to Protobuf Java gencode
    when multiple files are generated.
  * Fix a bad cast in putBuilderIfAbsent when already present due
    to using the result of put() directly (which is null if it
    currently has no value)
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Fix a NPE in putBuilderIfAbsent due to using the result of
    put() directly (which is null if it currently has no value)
  * Update Kotlin compiler to escape package names
  * Add MapFieldBuilder and change codegen to generate it and the
    put{field}BuilderIfAbsent method.
  * Introduce recursion limit in Java text format parsing
  * Consider the protobuf.Any invalid if typeUrl.split("/")
    returns an empty array.
  * Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
  * Fixed Python memory leak in map lookup.
  * Loosen upb for json name conflict check in proto2 between
    json name and field
  * Defines Protobuf compiler version strings as macros and
    separates out suffix string definition.
  * Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
    oneof accessors.
  * Ensure Timestamp.ToDatetime(tz) has correct offset
  * Do not check required field for upb python MergeFrom
  * Setting up version updater to prepare for poison pills and
    embedding version info into C++, Python and Java gencode.
  * Merge the protobuf and upb Bazel repos
  * Comparing a proto message with an object of unknown returns
    NotImplemented
  * Emit __slots__ in pyi output as a tuple rather than a list
    for --pyi_out.
  * Fix a bug that strips options from descriptor.proto in
    Python.
  * Raise warings for message.UnknownFields() usages and navigate
    to the new add
  * Add protobuf python keyword support in path for stub
    generator.
  * Add tuple support to set Struct
  * ### Python C-Extension (Default)
  * Comparing a proto message with an object of unknown returns
    NotImplemented
  * Check that ffi-compiler loads before using it to define
    tasks.
  [#] UPB (Python/PHP/Ruby C-Extension)
  * Include .inc files directly instead of through a filegroup
  * Loosen upb for json name conflict check in proto2 between
    json name and field
  * Add utf8_validation feature back to the global feature set.
  * Do not check required field for upb python MergeFrom
  * Merge the protobuf and upb Bazel repos
  * Added malloc_trim() calls to Python allocator so RSS will
    decrease when memory is freed
  * Upb: fix a Python memory leak in ByteSize()
  * Support ASAN detection on clang
  * Upb: bugfix for importing a proto3 enum from within a proto2
    file
  * Expose methods needed by Ruby FFI using UPB_API
  * Fix `PyUpb_Message_MergeInternal` segfault

- build against modern python on sle15

- Build with source and target levels 8
  * fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
  macro resolves the variables at the install time

- update to 23.4:
  * Add dllexport_decl for generated default instance.
  * Deps: Update Guava to 32.0.1

- update to 23.3:
  C++
  * Regenerate stale files
  * Use the same ABI for static and shared libraries on non-
    Windows platforms
  * Add a workaround for GCC constexpr bug
  Objective-C
  * Regenerate stale files
  UPB (Python/PHP/Ruby C-Extension)
  * Fixed a bug in `upb_Map_Delete()` that caused crashes in
    map.delete(k) for Ruby when string-keyed maps were in use.
  Compiler
  * Add missing header to Objective-c generator
  * Add a workaround for GCC constexpr bug
  Java
  * Rollback of: Simplify protobuf Java message builder by
    removing methods that calls the super class only.
  Csharp
  * [C#] Replace regex that validates descriptor names
- drop 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch (upstream)

- Add patch to fix linking ThreadSafeArena:
  * 0001-Use-the-same-ABI-for-static-and-shared-libraries-on-.patch
- Drop the protobuf-source package, no longer used

- update to 22.5:
  C++
  * Add missing cstdint header
  * Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
  * Avoid using string(JOIN..., which requires cmake 3.12
  * Explicitly include GTest package in examples
  * Bump Abseil submodule to 20230125.3 (#12660)
- update to 22.4:
  C++
  * Fix libprotoc: export useful symbols from .so
  * Fix btree issue in map tests.
  Python
  * Fix bug in _internal_copy_files where the rule would fail in
    downstream repositories.
  Other
  * Bump utf8_range to version with working pkg-config (#12584)
  * Fix declared dependencies for pkg-config
  * Update abseil dependency and reorder dependencies to ensure
    we use the version specified in protobuf_deps.
  * Turn off clang::musttail on i386

- drop python2 handling
- fix version handling and package the private libs again

- Fix confusion in versions

- Mention the rpmlintrc file in the spec.

- Make possible to build on older systems, like SLE12 that miss
  some of the used macros.

- update to v22.3
  UPB (Python/PHP/Ruby C-Extension)
  * Remove src prefix from proto import
  * Fix .gitmodules to use the correct absl branch
  * Remove erroneous dependency on googletest
- update to 22.2:
  Java
  * Add version to intra proto dependencies and add kotlin stdlib
    dependency
  * Add $ back for osgi header
  * Remove $ in pom files
- update to 22.1:
  * Add visibility of plugin.proto to python directory
  * Strip "src" from file name of plugin.proto
  * Add OSGi headers to pom files.
  * Remove errorprone dependency from kotlin protos.
  * Version protoc according to the compiler version number.
- update to 22.0:
  * This version includes breaking changes to: Cpp.
    Please refer to the migration guide for information:
    https://protobuf.dev/support/migration/#compiler-22
  * [Cpp] Migrate to Abseil's logging library.
  * [Cpp] `proto2::Map::value_type` changes to `std::pair`.
  * [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
    and DefaultFieldComparator classes.
  * [Cpp] Add a dependency on Abseil (#10416)
  * [Cpp] Remove all autotools usage (#10132)
  * [Cpp] Add C++20 reserved keywords
  * [Cpp] Dropped C++11 Support
  * [Cpp] Delete Arena::Init
  * [Cpp] Replace JSON parser with new implementation
  * [Cpp] Make RepeatedField::GetArena non-const in order to
    support split RepeatedFields.
  * long list of bindings specific fixes see
    https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
- python sub packages version is set 4.22.3 as defined in
  python/google/protobuf/__init__.py to stay compatible
- skip python2 builds by default
- drop patches:
  * 10355.patch,
  * gcc12-disable-__constinit-with-c++-11.patch (merged upstream)
- added patches:
  * add-missing-stdint-header.patch   added for compile fixes

- Enable LTO (boo#1133277).

- update to v21.12:
  * Python
  * Fix broken enum ranges (#11171)
  * Stop requiring extension fields to have a sythetic oneof (#11091)
  * Python runtime 4.21.10 not works generated code can not load valid
    proto.

- update to 21.11:
  * Python
  * Add license file to pypi wheels (#10936)
  * Fix round-trip bug (#10158)

- update to 21.10:
  * Java
  * Use bit-field int values in buildPartial to skip work on unset groups of
    fields. (#10960)
  * Mark nested builder as clean after clear is called (#10984)

- update to 21.9:
  * Ruby
  * Replace libc strdup usage with internal impl to restore musl compat (#10818)
  * Auto capitalize enums name in Ruby (#10454) (#10763)
  * Other
  * Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
  * C++
  * 21.x No longer define no_threadlocal on OpenBSD (#10743)
  * Java
  * Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
  * Refactoring java full runtime to reuse sub-message builders and prepare to
    migrate parsing logic from parse constructor to builder.
  * Move proto wireformat parsing functionality from the private "parsing
    constructor" to the Builder class.
  * Change the Lite runtime to prefer merging from the wireformat into mutable
    messages rather than building up a new immutable object before merging. This
    way results in fewer allocations and copy operations.
  * Make message-type extensions merge from wire-format instead of building up
    instances and merging afterwards. This has much better performance.
  * Fix TextFormat parser to build up recurring (but supposedly not repeated)
    sub-messages directly from text rather than building a new sub-message and
    merging the fully formed message into the existing field.

- update to 21.6:
  C++:
  * Reduce memory consumption of MessageSet parsing

- update to 21.5:
  PHP
  * Added getContainingOneof and getRealContainingOneof to descriptor.
  * fix PHP readonly legacy files for nested messages
  Python
  * Fixed comparison of maps in Python.

- add 10355.patch to fix soversioning

- update to 21.4:
  * Reduce the required alignment of ArenaString from 8 to 4

- update to 21.3:
  * C++
  * Add header search paths to Protobuf-C++.podspec (#10024)
  * Fixed Visual Studio constinit errors (#10232)
  * Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
  * UPB
  * Allow empty package names (fixes behavior regression in 4.21.0)
  * Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
  * Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
  * for x in mapping now yields keys rather than values, to match Python
    conventions and the behavior of the old library.
  * Lookup operations now correctly reject unhashable types as map keys.
  * We implement repr() to use the same format as dict.
  * Fix maps to use the ScalarMapContainer class when appropriate
  * Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
  * PHP
  * Add "readonly" as a keyword for PHP and add previous classnames to descriptor pool (#10041)
  * Python
  * Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
  * Bazel
  * Add back a filegroup for :well_known_protos (#10061)

- Update to 21.2:
- C++
  - cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
  - Escape GetObject macro inside protoc-generated code (#9739)
  - Update CMake configuration to add a dependency on Abseil (#9793)
  - Fix cmake install targets (#9822)
  - Use __constinit only in GCC 12.2 and up (#9936)
- Java
  - Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python
  - Increment python major version to 4 in version.json for python upb (#9926)
  - The C extension module for Python has been rewritten to use the upb library.
  - This is expected to deliver significant performance benefits, especially when
    parsing large payloads. There are some minor breaking changes, but these
    should not impact most users. For more information see:
    https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP
  - [PHP] fix PHP build system (#9571)
  - Fix building packaged PHP extension (#9727)
  - fix: reserve "ReadOnly" keyword for PHP 8.1 and add compatibility (#9633)
  - fix: phpdoc syntax for repeatedfield parameters (#9784)
  - fix: phpdoc for repeatedfield (#9783)
  - Change enum string name for reserved words (#9780)
  - chore: [PHP] fix phpdoc for MapField keys (#9536)
  - Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby
  - Allow pre-compiled binaries for ruby 3.1.0 (#9566)
  - Implement respond_to? in RubyMessage (#9677)
  - [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
  - Do not use range based UTF-8 validation in truffleruby (#9769)
  - Improve range handling logic of RepeatedField (#9799)
- Other
  - Fix invalid dependency manifest when using descriptor_set_out (#9647)
  - Remove duplicate java generated code (#9909)

- Do not use %%autosetup, but %%setup and %%patch on other line
  * Allows building on SLE-12-SP5

- Add temporary patch gcc12-disable-__constinit-with-c++-11.patch
  that addresses gh#protocolbuffers/protobuf#9916.
python3
- Add bpo38361-syslog-no-slash-ident.patch (bsc#1222109,
  gh#python/cpython!16557) fixes syslog making default "ident"
  from sys.argv[0].

- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
  tempfile.TemporaryDirectory.
- Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into
  skip_SSL_tests.patch, and make them include all conditionals.

- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
libsolv
- build for multiple python versions [jsc#PED-6218]
- bump version to 0.7.28
libssh
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
  * Added libssh-fix-ipv6-hostname-regression.patch
libssh2_org
- Fix an issue with Encrypt-then-MAC family. [bsc#1221622]
  * Test the ETM feature in the remote end's configuration when
    receiving data. Upstream issue: #1331.
  * Add libssh2_org-ETM-remote.patch

- Always add the KEX pseudo-methods "ext-info-c" and "kex-strict-c-v00@openssh.com"
  when configuring custom method list. [bsc#1218971, CVE-2023-48795]
  * The strict-kex extension is announced in the list of available
    KEX methods. However, when the default KEX method list is modified
    or replaced, the extension is not added back automatically.
  * Add libssh2_org-CVE-2023-48795-ext.patch
suseconnect-ng
- Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)

- Update to version 1.7.0
  * Allow SUSEConnect on read write transactional systems (bsc#1219425)
tiff
- security update:
  * CVE-2023-40745[bsc#1214687] CVE-2023-41175[bsc#1214686] [bsc#1221187]
    CVE-2023-38288[bsc#1213590]
    Fix potential int overflow in raw2tiff.c and tiffcp.c
    Rename tiff-CVE-2023-38288.patch into
    tiff-CVE-2023-38288,CVE-2023-40745,CVE-2023-41175.patch

- security update:
  * CVE-2023-52356 [bsc#1219213]
    Fix segfault in TIFFReadRGBATileExt()
    + tiff-CVE-2023-52356.patch
libvirt
- CVE-2024-2494: remote: check for negative array lengths before
  allocation
  bsc#1221815

- interface: fix udev_device_get_sysattr_value return value check
  CVE-2024-2496
  bsc#1221468

- Fix off-by-one error in udevListInterfacesByStatus
  CVE-2024-1441
  bsc#1221237

- qemu: domain: Fix logic when tainting domain
  bsc#1220512

- conf: Remove some firmware validation checks
  bsc#1216980

- libxl: Fix connection to modular network daemon
  bsc#1214223
libxkbcommon
- enable 32bit libxkbregistry0 and libxkbregistry0-devel
  for use by Wine. (bsc#1218639)
libxml2
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
  * Added libxml2-CVE-2024-25062.patch
libzypp
- Fix creation of sibling cache dirs with too restrictive mode
  (bsc#1222398)
  Some install workflows in YAST may lead to too restrictive (0700)
  raw cache directories in case of newly created repos. Later
  commands running with user privileges may not be able to access
  these repos.
- version 17.32.4 (32)

- Update RepoStatus fromCookieFile according to the files mtime
  (bsc#1222086)
- TmpFile: Don't call chmod if makeSibling failed.
- version 17.32.3 (32)

- Fixup New VendorSupportOption flag VendorSupportSuperseded
  (jsc#OBS-301, jsc#PED-8014)
  Fixed the name of the keyword to "support_superseded" as it was
  agreed on in jsc#OBS-301.
- version 17.32.2 (32)

- Add resolver option 'removeUnneeded' to file weak remove jobs
  for unneeded packages (bsc#1175678)
- version 17.32.1 (32)

- Add resolver option 'removeOrphaned' for distupgrade
  (bsc#1221525)
- New VendorSupportOption flag VendorSupportSuperseded
  (jsc#OBS-301, jsc#PED-8014)
- Tests: fix vsftpd.conf where SUSE and Fedora use different
  defaults (fixes #522)
- Add default stripe minimum (#529)
- Don't expose std::optional where YAST/PK explicitly use c++11.
- Digest: Avoid using the deprecated OPENSSL_config.
- version 17.32.0 (32)

- ProblemSolution::skipsPatchesOnly overload to handout the
  patches.
- Remove https->http redirection exceptions for
  download.opensuse.org.
- version 17.31.32 (22)

- tui: allow to access the underlying ostream of out::Info.
- Add MLSep: Helper to produce not-NL-terminated multi line
  output.
- version 17.31.31 (22)

- applydeltaprm: Create target directory if it does not exist
  (bsc#1219442)
- Add ProblemSolution::skipsPatchesOnly (for openSUSE/zypper#514)
- Fix problems with EINTR in ExternalDataSource::getline (fixes
  bsc#1215698)
- version 17.31.30 (22)

- CheckAccessDeleted: fix running_in_container detection
  (bsc#1218782)
- Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime
  (bsc#1218831)
- Make Wakeup class EINTR safe.
- Add a way to cancel media operations on shutdown
  (openSUSE/zypper#522)
  This patch adds a mechanism to signal libzypp that a shutdown was
  requested, usually when CTRL+C was pressed by the user. Currently
  only the media backend will utilize this, but can be extended to
  all code paths that use g_poll() to wait for events.
- Manually poll fds for curl in MediaCurl.
  Using curl_easy_perform does not give us the required control on
  when we want to cancel a download. Switching to the MultiCurl
  implementation with a external poll() event loop will give us
  much more freedom and helps us to improve our Ctrl+C handling.
- Move reusable curl poll code to curlhelper.h.
- version 17.31.29 (22)

- Fix to build with libxml 2.12.x (fixes #505)
- version 17.31.28 (22)
shadow
- bsc#1176006: Fix chage date miscalculation
  Add shadow-bsc1176006-chage-date.patch
- bsc#1188307: Fix passwd segfault
  Add shadow-bsc1188307-passwd-segfault.patch
- bsc#1203823: Remove pam_keyinit from PAM config files
  Remove pam_keyinit from PAM configuration.
  This was introduced for bsc#1144060.
netcfg
- Add krb-prop entry, fix for bsc#1211886.
opensc
- Security fix: [CVE-2023-5992, bsc#1219386]
  * Add patch:
  - opensc-CVE-2023-5992.patch
openssh
- Add patches from upstream to change the default value of
  UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled).
  This makes ssh update the known_hosts stored keys with all
  published versions by the server (after it's authenticated
  with an existing key), which will allow to identify the
  server with a different key if the existing key is considered
  insecure at some point in the future (bsc#1222831).
  * 0001-upstream-enable-UpdateHostkeys-by-default-when-the.patch
  * 0002-upstream-disable-UpdateHostkeys-by-default-if.patch

- Add patches openssh-7.7p1-seccomp_getuid.patch and
  openssh-bsc1216474-s390-leave-fds-open.patch
  (bsc#1216474, bsc#1218871)

- Fix hostbased ssh login failing occasionally with "signature
  unverified: incorrect signature" by fixing a typo in patch
  (bsc#1221123):
  * openssh-7.8p1-role-mls.patch

- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
  This limits the use of shell metacharacters in host- and
  user names.
pacemaker
- libcrmservice: avoid async zombie children by resending ignored SIGCHLD (bsc#1216972, gh#ClusterLabs/pacemaker#3374)
  * bsc#1216972-0001-Fix-libcrmservice-avoid-async-zombie-children-by-res.patch
- fencer: fix pcmk_delay_max description (gh#ClusterLabs/pacemaker#3373)
  * pacemaker#3373-0001-Doc-fencer-fix-pcmk_delay_max-description.patch

- libcrmcommon: avoid file descriptor leak in IPC client with async connection (bsc#1219323, gh#ClusterLabs/pacemaker#3351)
  * bsc#1219323-0001-Fix-libcrmcommon-avoid-file-descriptor-leak-in-IPC-c.patch

- libcrmcommon: Always output request= in XML output. (gh#ClusterLabs/pacemaker#3362)
  * pacemaker#3362-0001-Low-libcrmcommon-Always-output-request-in-XML-output.patch
- libcrmcommon: crm_xml_escape() shouldn't stop on Unicode characters (gh#ClusterLabs/pacemaker#3323)
  * pacemaker#3323-0001-Low-libcrmcommon-crm_xml_escape-shouldn-t-stop-on-Un.patch

- tools: crm_attribute emits garbage for --node localhost or auto (gh#ClusterLabs/pacemaker#3339)
  * pacemaker#3339-0001-Fix-tools-crm_attribute-emits-garbage-for-node-local.patch
- tools: Fix memory leak in crm_mon with HTML output (gh#ClusterLabs/pacemaker#3332)
  * pacemaker#3332-0001-Low-tools-Fix-memory-leak-in-crm_mon-with-HTML-outpu.patch

- tools: crm_mon segfaults when fencer connection is lost (bsc#1219220, gh#ClusterLabs/pacemaker#3331)
  * bsc#1219220-0001-Fix-tools-crm_mon-segfaults-when-fencer-connection-i.patch

- attrd: write Pacemaker Remote node attributes even if not in cache (gh#ClusterLabs/pacemaker#3304)
  * pacemaker#3304-0001-Fix-attrd-write-Pacemaker-Remote-node-attributes-eve.patch
- agents: Use attrd_updater dampen delay in SysInfo (gh#ClusterLabs/pacemaker#3286)
  * pacemaker#3286-0002-Fix-agents-Use-attrd_updater-dampen-delay-in-SysInfo.patch
- libcrmcommon: Check correct env vars in pcmk__node_attr_target() (gh#ClusterLabs/pacemaker#3286)
  * pacemaker#3286-0001-Low-libcrmcommon-Check-correct-env-vars-in-pcmk__nod.patch

- scheduler: restore nvpair behavior without id-ref (gh#ClusterLabs/pacemaker#3292)
  * pacemaker#3292-0004-Low-scheduler-restore-nvpair-behavior-without-id-ref.patch
- scheduler: reject expression without op sooner (gh#ClusterLabs/pacemaker#3292)
  * pacemaker#3292-0003-Low-scheduler-reject-expression-without-op-sooner.patch
- libcrmcommon: fix NULL dereference in expand_idref() (gh#ClusterLabs/pacemaker#3292)
  * pacemaker#3292-0002-Low-libcrmcommon-fix-NULL-dereference-in-expand_idre.patch
- scheduler: improve logs for invalid id-ref's (gh#ClusterLabs/pacemaker#3292)
  * pacemaker#3292-0001-Log-scheduler-improve-logs-for-invalid-id-ref-s.patch
- pacemaker-attrd,libcrmcluster: avoid use-after-free when remote node in cluster node cache (gh#ClusterLabs/pacemaker#3293)
  * pacemaker#3293-0002-Fix-pacemaker-attrd-libcrmcluster-avoid-use-after-fr.patch
- libcrmcluster: avoid use-after-free in trace log (gh#ClusterLabs/pacemaker#3293)
  * pacemaker#3293-0001-Low-libcrmcluster-avoid-use-after-free-in-trace-log.patch
- HealthSmart: Check the parameter values of check_temperature to avoid error output (gh#ClusterLabs/pacemaker#3289)
  * pacemaker#3289-0001-Fix-HealthSmart-Check-the-parameter-values-of-check_.patch

- agents: handle dampening parameter consistently and correctly
  * 0001-Fix-agents-handle-dampening-parameter-consistently-a.patch

- crm_resource: make --wait wait for pending actions in CIB
  * 0001-Refactor-crm_resource-make-wait-wait-for-pending-act.patch

- scheduler: don't show pending nodes as having "<3.15.1" feature set
  * 0001-Fix-scheduler-don-t-show-pending-nodes-as-having-3.1.patch

- scheduler: avoid double free with disabled recurring actions
  * 0001-Fix-scheduler-avoid-double-free-with-disabled-recurr.patch

- agents: HealthCPU - fix the validation of input
  * 0001-fix-the-validation-of-input.patch

- controller: don't try to execute agent action at shutdown
  * 0001-Fix-controller-don-t-try-to-execute-agent-action-at-.patch
- tools: The dampen parameter is disabled when setting values with attrd_updater.
  * 0001-High-tools-The-dampen-parameter-is-disabled-when-set.patch

- libcrmcommon: wait for reply from appropriate controller commands (bsc#1218312, rh#2225631, rh#2221084)
  * bsc#1218312-0001-Fix-libcrmcommon-wait-for-reply-from-appropriate-con.patch
pam-config
- Fix pam_gnome_keyring module for AUTH.
  [pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#166
- log grub2-install errors correctly (bsc#1221470)
- 0.947

- merge gh#openSUSE/perl-bootloader#161
- support old grub versions (<= 2.02) that used /usr/lib
  (bsc#1218842)
- create EFI boot fallback directory if necessary
- 0.946
python-instance-billing-flavor-check
- Version 0.0.6 (bsc#1218561)
  Support proxy setup on the client to access the update infrastructure
  API

- Version 0.0.5
  Add IPv6 support (bsc#1218739)
python3-M2Crypto
- Disable broken tests with openssl 3.2, bsc#1217782

- add timeout_300hz.patch to accept a small deviation from time
  in the testsuite (bsc#1212757)

- Adapt tests for OpenSSL v3.1.0
  * Add openssl-adapt-tests-for-3.1.0.patch

- add openssl-stop-parsing-header.patch (bsc#1205042)
- add m2crypto-0.38-ossl3-tests.patch
python-idna
- Add CVE-2024-3651.patch, backported from upstream commit
  gh#kjd/idna#172/commits/5beb28b9dd77912c0dd656d8b0fdba3eb80222e7
  (bsc#1222842, CVE-2024-3651)
salt
- Prevent directory traversal when creating syndic cache directory
  on the master (CVE-2024-22231, bsc#1219430)
- Prevent directory traversal attacks in the master's serve_file
  method (CVE-2024-22232, bsc#1219431)
- Added:
  * fix-cve-2024-22231-and-cve-2024-22232-bsc-1219430-bs.patch

- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable "KeepAlive" probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs "__env__" and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
- Added:
  * enable-keepalive-probes-for-salt-ssh-executions-bsc-.patch
  * update-__pillar__-during-pillar_refresh.patch
  * fix-gitfs-__env__-and-improve-cache-cleaning-bsc-119.patch
  * dereference-symlinks-to-set-proper-__cli-opt-bsc-121.patch
  * prefer-unittest.mock-for-python-versions-that-are-su.patch
  * fix-the-aptpkg.py-unit-test-failure.patch
  * revert-make-sure-configured-user-is-properly-set-by-.patch
rpm-ndb
- remove imaevmsign plugin from rpm-ndb [bsc#1222259]
rubygem-rack
- security update
- added patches
  fix CVE-2024-25126 [bsc#1220239], Denial of Service Vulnerability in Rack Content-Type Parsing
  + rubygem-rack-CVE-2024-25126.patch
  fix CVE-2024-26141 [bsc#1220242], Denial of Service Vulnerability in Range request header parsing
  + rubygem-rack-CVE-2024-26141.patch
  fix CVE-2024-26146 [bsc#1220248], Denial of Service vulnerability in Rack headers parsing routine
  + rubygem-rack-CVE-2024-26146.patch
runc
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
  properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
  + 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  + 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  + 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch

- Update to runc v1.1.12. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.12>. bsc#1218894
  * This release fixes a container breakout vulnerability (CVE-2024-21626). For
    more details, see the upstream security advisory:
    <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
  * Remove upstreamed patches:
  - CVE-2024-21626.patch
  * Update runc.keyring to match upstream changes.

[ This was only ever released for SLES. ]
- Add upstream patch to fix embargoed issue CVE-2024-21626. bsc#1218894
  <https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv>
  + CVE-2024-21626.patch

- Update to runc v1.1.11. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.11>.
sapconf
- add require of package sysctl-logger for 15SP4 and 15SP5 too
  (jsc#PED-6220)

- version update from 5.0.6 to 5.0.7
- add require of package sysctl-logger for 15SP6
  (jsc#PED-5025)
- suppress error message regarding missing systemd service file
  during posttrans script
saptune
- add require of package sysctl-logger for 15SP4 and 15SP5 too
  (jsc#PED-6220)

- update package version of saptune to 3.1.2
  * to support setups with saptune monitoring and heavy automation
    we limited the setting of our saptune lock to commands having
    the potential to change anything in the system.
    (bsc#1219500)
  * fix timestamp in log messages of saptune
  * remove redundant version information in header comment of
    note definition files
  * SAP Note 1656250 updated to Version 63
    SAP Note 1771258 updated to Version 8
    SAP Note 2382421 updated to Version 45
    SAP Note 3024346 updated to Version 10
    but without parameter value changes, only house keeping of the
    version section and comment updates
  * SAP Note 1984787 updated to Version 42
    SAP Note 2578899 updated to Version 47
- add require of package sysctl-logger for 15SP6
  (jsc#PED-5025)
scap-security-guide
- updated to 0.1.71 (jsc#ECO-3319)
  - Add RHEL 9 STIG
  - Add support for Debian 12
  - Update PCI-DSS profile for RHEL
  - lots of bugfixes and improvements for SLE
- removed left over file
  0001-Revert-fix-aide-remediations-add-crontabs.patch upstreamed in 0.1.69
sed
- 0001-sed-set-correct-umask-on-temporary-files.patch
  Fix for bsc#1221218
000release-packages:sle-ha-release
n/a
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-sap-applications-release
n/a
000release-packages:sle-module-server-applications-release
n/a
sudo
- Fix NOPASSWD issue introduced by patches for CVE-2023-42465
  [bsc#1221151, bsc#1221134]
  * Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
  * Enable running regression selftests during build time.

- Security fix: [bsc#1219026, bsc#1220389, CVE-2023-42465]
  * Try to make sudo less vulnerable to ROWHAMMER attacks.
  * Add sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
supportutils-plugin-ha-sap
- Update to version 0.0.5+git.1709295499.1c8e8cd
  * adapt documentation links
  * add support for SAP systemd services regarding SID retrieval
  * add information about SAP related systemd services
  * add information about sapcontrol function GetStartProfile
  * add information from daemon.ini
  * collect hook script logs (suschksrv and saphanasr_multitarget_hook)
  * collect logs of sap_suse_cluster_connector and sapstartsrv
  * Add python version
  * Check sudoers for srhook configuration
supportutils-plugin-suse-public-cloud
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
  + Remove duplicate data collection for the plugin itself
  + Collect archive metering data when available
  + Query billing flavor status
supportutils
- Changes to version 3.1.29
  + Extended scaling for performance (bsc#1214713)
  + Fixed kdumptool output error (bsc#1218632)
  + Corrected podman ID errors (bsc#1218812)
  + Duplicate non root podman entries removed (bsc#1218814)
  + Corrected get_sles_ver for SLE Micro (bsc#1219241)
  + Check nvidida-persistenced state (bsc#1219639)

- Additional changes in version 3.1.28
  + ipset - List entries for all sets
  + ipvsadm - Inspect the virtual server table (pr#185)
  + Correctly detects Xen Dom0 (bsc#1218201)
  + Fixed smart disk error (bsc#1218282)

- Changes in version 3.1.28
  + Inhibit the conversion of port numbers to port names for network files (cherry picked from commit 55f5f716638fb15e3eb1315443949ed98723d250)
  + powerpc: collect rtas_errd.log and lp_diag.log files (pr#175)
  + Get list of pam.d file (cherry picked from commit eaf35c77fd4bc039fd7e3d779ec1c2c6521283e2)
  + Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173)
  + Added missing klp information to kernel-livepatch.txt (bsc#1216390)
  + Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388)
  + Provides long listing for /etc/sssd/sssd.conf (bsc#1211547)
  + Optimize lsof usage (bsc#1183663)
  + Added mokutil commands for secureboot (pr#179)
  + Collects chrony or ntp as needed (bsc#1196293)

- Changes in version 3.1.27
  + Fixed podman display issue (bsc#1217287)
  + Added nvme-stas configuration to nvme.txt (bsc#1216049)
  + Added timed command to fs-files.txt (bsc#1216827)
  + Collects zypp history file issue#166 (bsc#1216522)
  + Changed -x OPTION to really be exclude only (issue#146)
  + Collect HA related rpm package versions in ha.txt (pr#169)
suse-build-key
- Switch container key to be default RSA 4096bit. (jsc#PED-2777)

- run rpm commands in import script only when libzypp is not
  active. bsc#1219189 bsc#1219123

- run import script also in %posttrans section, but only when
  libzypp is not active. bsc#1219189 bsc#1219123
systemd-default-settings
- Import 0.10
  5088997 SLE: Disable pids controller limit under user instances (jsc#SLE-10123)

- Import 0.9
  bb859bf user@.service: Disable controllers by default (jsc#PED-2276)

- The usage of drop-ins is now the official way for configuring systemd and its
  various daemons on Factory/ALP. Hence the early drop-ins SUSE specific
  "feature" has been abandoned.

- Import 0.8
  f34372f User priority '26' for SLE-Micro
  c8b6f0a Revert "Convert more drop-ins into early ones"

- Import commit 6b8dde1d4f867aff713af6d6830510a84fad58d2
  6b8dde1 Convert more drop-ins into early ones
systemd-presets-common-SUSE
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
  (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84)
  Support both the old and new service to avoid complex version interdependency.
systemd-rpm-macros
- Bump version to 15

- Order packages that requires systemd after systemd-sysvcompat when this part
  of the transaction (bsc#1217964)
  systemd-sysvcompat has been introduced recently and contains the compatibility
  scripts used to support SysV init scripts. Make sure that the packages ordered
  after systemd are also ordered after systemd-sysvcompat so theirs rpm
  scriptlets can still rely on the compat scripts.
  On distributions where systemd-sysvcompat doesn't exist, the new ordering
  constraint should be a nop.
timezone
- update to 2024a:
  * Kazakhstan unifies on UTC+5.  This affects Asia/Almaty and
    Asia/Qostanay which together represent the eastern portion of the
    country that will transition from UTC+6 on 2024-03-01 at 00:00 to
    join the western portion.  (Thanks to Zhanbolat Raimbekov.)
  * Palestine springs forward a week later than previously predicted
    in 2024 and 2025.  (Thanks to Heba Hamad.)  Change spring-forward
    predictions to the second Saturday after Ramadan, not the first;
    this also affects other predictions starting in 2039.
  * Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00
    not 00:00.  (Thanks to Đoàn Trần Công Danh.)
  * From 1947 through 1949, Toronto's transitions occurred at 02:00
    not 00:00.  (Thanks to Chris Walton.)
  * In 1911 Miquelon adopted standard time on June 15, not May 15.
  * The FROM and TO columns of Rule lines can no longer be "minimum"
    or an abbreviation of "minimum", because TZif files do not support
    DST rules that extend into the indefinite past - although these
    rules were supported when TZif files had only 32-bit data, this
    stopped working when 64-bit TZif files were introduced in 1995.
    This should not be a problem for realistic data, since DST was
    first used in the 20th century.  As a transition aid, FROM columns
    like "minimum" are now diagnosed and then treated as if they were
    the year 1900; this should suffice for TZif files on old systems
    with only 32-bit time_t, and it is more compatible with bugs in
    2023c-and-earlier localtime.c.  (Problem reported by Yoshito
    Umaoka.)
  * localtime and related functions no longer mishandle some
    timestamps that occur about 400 years after a switch to a time
    zone with a DST schedule.  In 2023d data this problem was visible
    for some timestamps in November 2422, November 2822, etc. in
    America/Ciudad_Juarez.  (Problem reported by Gilmore Davidson.)
  * strftime %s now uses tm_gmtoff if available.  (Problem and draft
    patch reported by Dag-Erling Smørgrav.)
  * The strftime man page documents which struct tm members affect
    which conversion specs, and that tzset is called.  (Problems
    reported by Robert Elz and Steve Summit.)

- update to 2023d:
  * Ittoqqortoormiit, Greenland changes time zones on
    2024-03-31.
  * Vostok, Antarctica changed time zones on 2023-12-18.
  * Casey, Antarctica changed time zones five times since
    2020.
  * Code and data fixes for Palestine timestamps starting in
    2072.
  * A new data file zonenow.tab for timestamps starting now.
  * Fix predictions for DST transitions in Palestine in
    2072-2075, correcting a typo introduced in 2023a.
  * Vostok, Antarctica changed to +05 on 2023-12-18.  It had
    been at +07 (not +06) for years.
  * Change data for Casey, Antarctica to agree with
    timeanddate.com, by adding five time zone changes since 2020.
    Casey is now at +08 instead of +11.
  * Much of Greenland, represented by America/Nuuk, changed
    its standard time from -03 to -02 on 2023-03-25, not on
    2023-10-28.
  * localtime.c no longer mishandles TZif files that contain
    a single transition into a DST regime.  Previously,
    it incorrectly assumed DST was in effect before the transition
    too.
  * tzselect no longer creates temporary files.
  * tzselect no longer mishandles the following:
  * Spaces and most other special characters in BUGEMAIL,
    PACKAGE, TZDIR, and VERSION.
  * TZ strings when using mawk 1.4.3, which mishandles
    regular expressions of the form /X{2,}/.
  * ISO 6709 coordinates when using an awk that lacks the
    GNU extension of newlines in -v option-arguments.
  * Non UTF-8 locales when using an iconv command that
    lacks the GNU //TRANSLIT extension.
  * zic no longer mishandles data for Palestine after the
    year 2075.
- Refresh tzdata-china.diff
util-linux-systemd
- Properly neutralize escape sequences in wall
  (util-linux-CVE-2024-28085.patch, bsc#1221831, CVE-2024-28085,
  and its prerequisites: util-linux-fputs_careful1.patch,
  util-linux-wall-migrate-to-memstream.patch
  util-linux-fputs_careful2.patch).

- Add upstream patch
  util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
  bsc#1207987 gh#util-linux/util-linux@1d98827edde4
vim
- Updated to version 9.1 with patch level 0330, fixes the following problems
  * Fixing bsc#1220763 - vim gets Segmentation fault after updating to version 9.1.0111-150500.20.9.1
- refreshed vim-7.3-filetype_spec.patch
- refreshed vim-7.3-filetype_ftl.patch
- Update spec.skeleton to use autosetup in place of setup macro.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.1.0111...v9.1.0330

- Updated to version 9.1 with patch level 0111, fixes the following security problems
  * Fixing bsc#1217316 (CVE-2023-48231) - VUL-0: CVE-2023-48231: vim: Use-After-Free in win_close()
  * Fixing bsc#1217320 (CVE-2023-48232) - VUL-0: CVE-2023-48232: vim: Floating point Exception in adjust_plines_for_skipcol()
  * Fixing bsc#1217321 (CVE-2023-48233) - VUL-0: CVE-2023-48233: vim: overflow with count for :s command
  * Fixing bsc#1217324 (CVE-2023-48234) - VUL-0: CVE-2023-48234: vim: overflow in nv_z_get_count
  * Fixing bsc#1217326 (CVE-2023-48235) - VUL-0: CVE-2023-48235: vim: overflow in ex address parsing
  * Fixing bsc#1217329 (CVE-2023-48236) - VUL-0: CVE-2023-48236: vim: overflow in get_number
  * Fixing bsc#1217330 (CVE-2023-48237) - VUL-0: CVE-2023-48237: vim: overflow in shift_line
  * Fixing bsc#1217432 (CVE-2023-48706) - VUL-0: CVE-2023-48706: vim: heap-use-after-free in ex_substitute
  * Fixing bsc#1219581 (CVE-2024-22667) - VUL-0: CVE-2024-22667: vim: stack-based buffer overflow in did_set_langmap function in map.c
  * Fixing bsc#1215005 (CVE-2023-4750) - VUL-0: CVE-2023-4750: vim: Heap use-after-free in function bt_quickfix
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111
wicked
- client: do not convert sec to msec twice (bsc#1222105)
  [+ 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]

- addrconf: fix fallback-lease drop (bsc#1220996)
  [+ 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
- extensions/nbft: use upstream `nvme nbft show` (bsc#1221358)
  [+ 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
- hide secrets in debug log (bsc#1221194)
  [+ 0003-move-all-attribute-definitions-to-compiler-h.patch]
  [+ 0004-hide-secrets-in-debug-log-bsc-1221194.patch]

- update to version 0.6.74
  + team: add new options like link_watch_policy (jsc#PED-7183)
  + Fix memory leaks in dbus variant destroy and fsm free (gh#openSUSE/wicked#1001)
  + xpath: allow underscore in node identifier (gh#openSUSE/wicked#999)
  + vxlan: don't format unknown rtnl attrs (bsc#1219751)
- removed patches included in the source archive:
  [- 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
  [- 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
  [- 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
  [- 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
  [- 0005-duid-fix-comment-for-v6time.patch]
  [- 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
  [- 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [- 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
  [- 0001-fix_arp_notify_loop_and_burst_sending.patch]

- ifreload: VLAN changes require device deletion (bsc#1218927)
  [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
- ifcheck: fix config changed check (bsc#1218926)
  [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
- client: fix exit code for no-carrier status (bsc#1219265)
  [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
  [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
- duid: fix comment for v6time
  (https://github.com/openSUSE/wicked/pull/989)
  [+ 0005-duid-fix-comment-for-v6time.patch]
- rtnl: fix peer address parsing for non ptp-interfaces
  (https://github.com/openSUSE/wicked/pull/987,
  https://github.com/openSUSE/wicked/pull/988)
  [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
- system-updater: Parse updater format from XML configuration to
  ensure install calls can run.
  (https://github.com/openSUSE/wicked/pull/985)
  [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
xen
- Update to Xen 4.17.4 security bug fix release (bsc#1027519)
  xen-4.17.4-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1221984 - VUL-0: CVE-2023-46842: xen: x86 HVM hypercalls may
  trigger Xen bug check (XSA-454)
- bsc#1222302 - VUL-0: CVE-2024-31142: xen: x86: Incorrect logic
  for BTC/SRSO mitigations (XSA-455)
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
  History Injection (XSA-456)
- Dropped patches contained in new tarball
  650dac01-x86-paging-drop-update_cr3-do_locking.patch
  65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
  659d44da-x86-HVM-hide-SVM-VMX-when.patch
  65a7a0a4-x86-Intel-GPCC-setup.patch
  65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
  65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
  65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
  65b8f9ab-VT-d-else-vs-endif-misplacement.patch
  65c2104d-AMD-IVMD-memtype-check.patch
  65cb29fe-x86-HVM-tidy-state-on-hvmemul_map_linear_addr.patch
  65d7277f-build-fail-when-kconfig-fails.patch
  65d727cf-x86emul-EVEX-R-checks.patch
  65dca902-x86-spec-set-BRANCH_HARDEN-option-only-when.patch
  65dcd66b-x86-entry-EFRAME_-constants.patch
  65ddda52-x86-CET-stub-exn-recovery.patch
  65ddea60-x86-spec-log-builtin-HARDEN-options.patch
  65ddea7c-x86-spec-set-INDIRECT_THUNK-only-when-enabled.patch
  65ddea90-x86-spec-dont-log-thunk-option-if-not.patch
  65df3430-x86-Resync-intel-family-h.patch
  65e02fce-libxl-SEGV-in-device_model_spawn_outcome.patch
  65e2371b-x86-CP-allow-levelling-of-VERW-side-effects.patch
  65eee676-x86-mm-last-L1e-detection-in-mxml.patch
  65f079a1-VMX-perform-VERW-flushing-later.patch
  65f079a2-x86-spec-ctrl-perform-VERW-flushing-later.patch
  65f079a3-x86-spec-ctrl-rename-VERW-related-options.patch
  65f079a4-x86-spec-ctrl-VERW-handling-adjustments.patch
  65f079a5-x86-spec-ctrl-mitigate-RFDS.patch
  65f079a6-swap-order-of-actions-in-FREE-macros.patch
  65f079a7-x86-spinlock-block-speculation-into.patch
  65f079a8-rwlock-block-speculation-into.patch
  65f079a9-percpu-rwlock-block-speculation-into.patch
  65f079aa-locking-wrappers-always-inline.patch
  65f079ab-x86-mm-speculation-barriers-in-open-coded.patch
  65f079ac-x86-protect-conditional-locking-from-speculative.patch

- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
  Sampling (XSA-452)
  65dcd66b-x86-entry-EFRAME_-constants.patch
  65df3430-x86-Resync-intel-family-h.patch
  65f079a1-VMX-perform-VERW-flushing-later.patch
  65f079a2-x86-spec-ctrl-perform-VERW-flushing-later.patch
  65f079a3-x86-spec-ctrl-rename-VERW-related-options.patch
  65f079a4-x86-spec-ctrl-VERW-handling-adjustments.patch
  65f079a5-x86-spec-ctrl-mitigate-RFDS.patch
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)
  650dac01-x86-paging-drop-update_cr3-do_locking.patch
  65f079a6-swap-order-of-actions-in-FREE-macros.patch
  65f079a7-x86-spinlock-block-speculation-into.patch
  65f079a8-rwlock-block-speculation-into.patch
  65f079a9-percpu-rwlock-block-speculation-into.patch
  65f079aa-locking-wrappers-always-inline.patch
  65f079ab-x86-mm-speculation-barriers-in-open-coded.patch
  65f079ac-x86-protect-conditional-locking-from-speculative.patch
- Upstream bug fixes (bsc#1027519)
  65eee676-x86-mm-last-L1e-detection-in-mxml.patch

- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)
  65ddda52-x86-CET-stub-exn-recovery.patch
- Upstream bug fixes (bsc#1027519)
  659d44da-x86-HVM-hide-SVM-VMX-when.patch
  65c2104d-AMD-IVMD-memtype-check.patch
  65cb29fe-x86-HVM-tidy-state-on-hvmemul_map_linear_addr.patch
  65d7277f-build-fail-when-kconfig-fails.patch
  65d727cf-x86emul-EVEX-R-checks.patch
  65dca902-x86-spec-set-BRANCH_HARDEN-option-only-when.patch
  65ddea60-x86-spec-log-builtin-HARDEN-options.patch
  65ddea7c-x86-spec-set-INDIRECT_THUNK-only-when-enabled.patch
  65ddea90-x86-spec-dont-log-thunk-option-if-not.patch
  65e02fce-libxl-SEGV-in-device_model_spawn_outcome.patch
  65e2371b-x86-CP-allow-levelling-of-VERW-side-effects.patch
- Patches replaced by newer upstream versions
  xsa451.patch

- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)
  xsa451.patch

- Upstream bug fixes (bsc#1027519)
  65842d5c-x86-AMD-extend-CPU-erratum-1474-fix.patch
  65a7a0a4-x86-Intel-GPCC-setup.patch
  65a9911a-VMX-IRQ-handling-for-EXIT_REASON_INIT.patch
  65b27990-x86-p2m-pt-off-by-1-in-entry-check.patch
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  65b8f961-PCI-fail-dev-assign-if-phantom-functions.patch
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
  65b8f9ab-VT-d-else-vs-endif-misplacement.patch
- Patches replaced by newer upstream versions
  xsa449.patch
  xsa450.patch

- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
  xsa450.patch

- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  xsa449.patch
xterm
- xterm-reset-parsing-state.patch: A bug in the parser for several
  escape sequences causes the first character following the
  sequence to be ignored (bsc#1220585). Patch backported from
  version 335n.
yast2-http-server
- bsc#1218943
  - followup of previous fix - fixed internal issue which caused
    Server modules not to be displayed at all.
  - 4.5.2
yast2
- Allow host/domain names starting with an underscore (bsc#1219920)
- 4.5.26
yast2-network
- Guard secret attributes against leaking to the log (bsc#1221194)
- 4.5.24

- Consider firmware configured interfaces as non bridgeable
  (bsc#1218595).
- 4.5.23
yast2-packager
- Reimplemented the hardcoded product mapping to support also the
  migration from SLE_HPC to SLES SP6+ (with the HPC module)
  (bsc#1220567)
- 4.5.20

- Fixed ERB template loading in self update, if the template
  cannot be found using a relative path then fallback to the
  absolute path (bsc#1219174)
- 4.5.19

- After installation disable the empty installation repository
  from the SLE15 Online medium (bsc#1182303)
- 4.5.18
yast2-registration
- Set the new product mapping when upgrading SLE_HPC to SLES SP6+
  (with the HPC module), use the old product mapping when upgrading
  from SLE_HPC-SP4 to SLE_HPC-SP5 (bsc#1220567)
- 4.5.9
zypper
- Do not try to refresh repo metadata as non-root user
  (bsc#1222086)
  Instead show refresh stats and hint how to update them.
- man: Explain how to protect orphaned packages by collecting
  them in a plaindir repo.
- packages: Add --autoinstalled and --userinstalled options to
  list them.
- Don't print 'reboot required' message if download-only or
  dry-run (fixes #529)
  Instead point out that a reboot would be required if the option
  was not used.
- Resepect zypper.conf option `showAlias` search commands
  (bsc#1221963)
  Repository::asUserString (or Repository::label) respects the
  zypper.conf option, while name/alias return the property.
- version 1.14.71

- dup: New option --remove-orphaned to remove all orphaned
  packages in dup (bsc#1221525)
- version 1.14.70

- info,summary: Support VendorSupportOption flag
  VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014)
- BuildRequires:  libzypp-devel >= 17.32.0.
  API cleanup and changes for VendorSupportSuperseded.
- Show active dry-run/download-only at the commit propmpt.
- patch: Add --skip-not-applicable-patches option (closes #514)
- Fix printing detailed solver problem description.
  The problem description() is one rule out possibly many in
  completeProblemInfo() the solver has chosen to represent the
  problem. So either description or completeProblemInfo should be
  printed, but not both.
- Fix bash-completion to work with right adjusted numbers in the
  1st column too (closes #505)
- Set libzypp shutdown request signal on Ctrl+C (fixes #522)
- lr REPO: In the detailed view show all baseurls not just the
  first one (bsc#1218171)
- version 1.14.69