000release-packages:SLE-Micro-release
n/a
btrfsprogs
- btrfs-progs: fix defrag -c option parsing (bsc#1218029)
  * btrfs-progs-fix-defrag-c-option-parsing.patch
cloud-regionsrv-client
- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
  + Fix the algorithm to determine the region from the availability zone
    information retrieved from IMDS.
- Update to version 10.1.6
  + Support specifying an IPv6 address for a manually configured target
    update server.

- Update to version 10.1.5 (bsc#1217583)
  + Fix fallback path when IPv6 network path is not usable
  + Enable an IPv6 fallback path in IMDS access if it cannot be accessed
    over IPv4
  + Enable IMDS access over IPv6

- Update to version 10.1.4 (bsc#1217451)
  + Fetch cert for new update server during failover

- Update to version 10.1.3 (bsc#1214801)
  + Add a warning if we detect a Python package cert bundle for certifi
    This will help with debugging and point to potential issues when
    using SUSE images in AWS, Azure, and GCE
containerd
- Add patch for bsc#1217952:
  + 0002-shim-Create-pid-file-with-0644-permissions.patch

- Update to containerd v1.7.10. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.10>
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.8. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.8> bsc#1200528
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
cpio
- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
  * fix-CVE-2023-7207.patch
crypto-policies
- Make the supported versions change in the update-crypto-policies(8)
  man page persistent [bsc#1209998].
  * Add patch crypto-policies-supported.patch
  * Rebase patches:
  - crypto-policies-asciidoc.patch
  - crypto-policies-no-build-manpages.patch

- FIPS: Adapt the fips-mode-setup script to use the pbl command
  from the perl-Bootloader package to replace grubby. Add a note
  for transactional systems. Ship the man 8 pages for
  fips-mode-setup and fips-finish-install [jsc#PED-5041].
  * Rebase crypto-policies-FIPS.patch

- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
  and fips-finish-install commands, add also the man pages.
  * Adapt the fips-mode-setup script for SLE [jsc#PED-5041]
  * Rebase crypto-policies-FIPS.patch
  * Simplify the man pages creation:
  - Rebase crypto-policies-no-build-manpages.patch
  - Add crypto-policies-asciidoc.patch
curl
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
  * Add curl-libssh_Implement_SFTP_packet_size_limit.patch

- Security fixes:
  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
  * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
  * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
docker
- Update to Docker 24.0.7-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
  * Deny containers access to /sys/devices/virtual/powercap by default.
  - CVE-2020-8694 bsc#1170415
  - CVE-2020-8695 bsc#1170446
  - CVE-2020-12912 bsc#1178760
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Add a patch to fix apparmor on SLE-12, reverting the upstream removal of
  version-specific templating for the default apparmor profile. bsc#1213500
  + 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch

- Update to Docker 24.0.6-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2406>. bsc#1215323
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Switch from disabledrun to manualrun in _service.
- Add a docker.socket unit file, but with socket activation effectively
  disabled to ensure that Docker will always run even if you start the socket
  individually. Users should probably just ignore this unit file. bsc#1210141
dracut
- Update to version 055+suse.351.g30f0cda6:
  * fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL] (bsc#1217031)
  * fix(network): correct network device naming (bsc#1192986)
gpg2
- Suppress error message on trial reading as PEM format when using
  dirmngr to validate broken DER encoded files (bsc#1217212)
  * Add patches:
  - gnupg-dirmngr-Suppress-error-message-on-trial-reading-as-PEM.patch
  - gnupg-dirmngr-Clear-the-error-count-to-try-certificate-as-binary.patch
grub2
- Fix failure to identify recent ext4 filesystem (bsc#1216010)
  * 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
  * 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
- Add patch to fix reading files from btrfs with "implicit" holes
  * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch

- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
  * 0001-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch

- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
  when signed image installation is specified (bsc#1216075)
  * 0003-grub-install-support-prep-environment-block.patch
- grub2.spec: Add support to unlocking multiple encrypted disks in signed
  grub.elf image for logical disks
kernel-default
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- commit 8afebed

- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free()
  (bsc#1218659).
- commit 4ee6819

- swiotlb-xen: provide the "max_mapping_size" method (git-fixes).
- commit a036bcf

- xen/events: fix delayed eoi list handling (git-fixes).
- commit eb0149c

- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled
  (git-fixes).
- commit f6ed3e4

- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- commit a41e3fe

- vsock/virtio: Fix unsigned integer wrap around in
  virtio_transport_has_space() (git-fixes).
- commit db5c328

- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE
  (git-fixes).
- commit ad9e29a

- virtio_balloon: Fix endless deflation and inflation on arm64
  (git-fixes).
- commit 6583f74

- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- commit d624528

- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES
  (git-fixes).
- commit 8696527

- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- commit 146bca2

- io_uring/af_unix: disable sending io_uring over sockets
  (bsc#1218447, CVE-2023-6531).
- commit fdc256b

- smb: client: fix potential OOB in smb2_dump_detail()
  (bsc#1217946 CVE-2023-6610).
- commit cfca7f7

- x86/purgatory: Remove LTO flags (git-fixes).
- commit bbd4f84

- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- commit 46d60b3

- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- commit 7686df9

- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- Refresh patches.suse/x86-srso-set-cpuid-feature-bits-independently-of-bug-or-mitigation-status.patch.
- commit c22f4b4

- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- commit d74349c

- vsprintf/kallsyms: Prevent invalid data when printing symbol
  (bsc#1217602).
- commit 8dab9cc

- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- commit fdc98a7

- x86/boot/compressed: Reserve more memory for page tables  (git-fixes).
- commit 6bf16e1

- gfs2: Silence "suspicious RCU usage in gfs2_permission" warning
  (git-fixes).
- commit 3929c70

- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- commit 4a0b72a

- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- commit 7029135

- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- commit 8087b92

- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- commit 7b8dfd1

- x86/srso: Fix SBPB enablement for (possible) future fixed HW   (git-fixes).
- Refresh
  patches.suse/x86-srso-fix-vulnerability-reporting-for-missing-microcode.patch.
- commit b121d1d

- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- commit 43e31d9

- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- commit 98085ae

- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- commit 270b9c8

- x86/alternatives: Disable interrupts and sync when optimizing NOPs in  place (git-fixes).
- commit 1bd102b

- gfs2: fix an oops in gfs2_permission (git-fixes).
- commit 60a8e84

- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- commit a2dd84b

- gfs2: ignore negated quota changes (git-fixes).
- commit c2a4d43

- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- commit 50de71c

- gfs2: Fix possible data races in gfs2_show_options()
  (git-fixes).
- commit 7592b99

- gfs2: Fix inode height consistency check (git-fixes).
- commit 935054a

- gfs2: jdata writepage fix (git-fixes).
- commit e5f9516

- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- commit 86c44aa

- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- commit 130df3d

- gfs2: Switch from strlcpy to strscpy (git-fixes).
- commit 3054547

- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- commit 4e4b75a

- gfs2: Fix filesystem block deallocation for short writes
  (git-fixes).
- commit 87cd867

- gfs2: Make sure FITRIM minlen is rounded up to fs block size
  (git-fixes).
- commit 62669a7

- gfs2: gfs2_setattr_size error path fix (git-fixes).
- commit d0e789c

- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- commit 1a34aa3

- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- commit 09da26e

- gfs2: Clean up function may_grant (git-fixes).
- commit ce33b14

- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- commit e045f1b

- locks: fix KASAN: use-after-free in
  trace_event_raw_event_filelock_lock (git-fixes).
- commit 4758492

- fs: avoid empty option when generating legacy mount string
  (git-fixes).
- commit 00945db

- statfs: enforce statfs[64] structure initialization (git-fixes).
- commit d4a18c5

- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init()
  (git-fixes).
- commit b9e9b76

- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
  (git-fixes).
- commit 1d47e4a

- orangefs: Fix sysfs not cleanup when dev init failed
  (git-fixes).
- commit f7a82d1

- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- commit e861bd6

- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- commit 41989d9

- orangefs: Fix the size of a memory allocation in
  orangefs_bufmap_alloc() (git-fixes).
- commit 6623b23

- iomap: Fix iomap_dio_rw return value for user copies
  (git-fixes).
- commit 2b65ea1

- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- commit dfe9a1f

- ubifs: fix possible dereference after free (git-fixes).
- commit 971dae9

- fs: ocfs2: namei: check return value of ocfs2_add_entry()
  (git-fixes).
- commit 63eae38

- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- commit 8906b9a

- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- commit 28815ad

- fs/jfs: Add validity check for db_maxag and db_agpref
  (git-fixes).
- commit 39d5b5e

- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- commit f831778

- jfs: validate max amount of blocks before allocation
  (git-fixes).
- commit 4be1419

- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount
  (git-fixes).
- commit 5b4b023

- fs/jfs: prevent double-free in dbUnmount() after failed
  jfs_remount() (git-fixes).
- commit 51a993a

- reiserfs: Replace 1-element array with C99 style flex-array
  (git-fixes).
- commit 6ad83f4

- reiserfs: Check the return value from __getblk() (git-fixes).
- commit 0e912c9

- afs: Fix use-after-free due to get/remove race in volume tree
  (git-fixes).
- commit f4a57bf

- afs: Fix overwriting of result of DNS query (git-fixes).
- commit fe0f4c6

- afs: Fix dynamic root lookup DNS check (git-fixes).
- commit 1e86064

- afs: Fix the dynamic root's d_delete to always delete unused
  dentries (git-fixes).
- commit 3d5b3d7

- afs: Fix refcount underflow from error handling race
  (git-fixes).
- commit 0a9c8bb

- afs: Fix file locking on R/O volumes to operate in local mode
  (git-fixes).
- commit 5431cb3

- afs: Return ENOENT if no cell DNS record can be found
  (git-fixes).
- commit 863355b

- afs: Make error on cell lookup failure consistent with OpenAFS
  (git-fixes).
- commit 5fcd2cf

- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- commit 8fc4f69

- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- commit 6bd8135

- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
  (CVE-2023-51779 bsc#1218559).
- commit b8b3309

- Delete doc/config-options.changes (jsc#PED-5021)
  Following on adedbd2a5c6 ("kernel-source: Remove config-options.changes
  (jsc#PED-5021)"), remove the now unused file from the tree.
- commit d1b9e97

- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- commit f6f3907

- ring-buffer: Fix wake ups when buffer_percent is set to 100
  (git-fixes).
- commit 21c1070

- tracing / synthetic: Disable events after testing in
  synth_event_gen_test_init() (git-fixes).
- commit e21c29f

- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- commit 62cdcf8

- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()"
  (git-fixes).
- commit 9be35d2

- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
  When MULTIBUILD option in config.sh is enabled generate a _multibuild
  file listing all spec files.
- commit f734347

- Build in the correct KOTD repository with multibuild
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  With multibuild setting repository flags is no longer supported for
  individual spec files - see
  https://github.com/openSUSE/open-build-service/issues/3574
  Add ExclusiveArch conditional that depends on a macro set up by
  bs-upload-kernel instead. With that each package should build only in
  one repository - either standard or QA.
  Note: bs-upload-kernel does not interpret rpm conditionals, and only
  uses the first ExclusiveArch line to determine the architectures to
  enable.
- commit aa5424d

- blacklist.conf: Add c98c18270be1 sched, cgroup: Restore meaning to hierarchical_quota
- commit 6115840

- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors
  (bsc#1218515).
- commit 00f113e

- blacklist.conf: e63a57303599 blk-cgroup: bypass blkcg_deactivate_policy after destroying
- commit 895355e

- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- commit dbe7edd

- ring-buffer: Remove useless update to write_stamp in
  rb_try_to_discard() (git-fixes).
- commit 64ff947

- RDMA/hfi1: Workaround truncation compilation error (git-fixes)
- commit 2302fb3

- RDMA/hns: The UD mode can only be configured with DCQCN (git-fixes)
- commit ca9d38d

- RDMA/hns: Add check for SL (git-fixes)
- commit cf9e8e3

- RDMA/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- commit 34178f4

- RDMA/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- commit 47c4074

- RDMA/hns: Fix printing level of asynchronous events (git-fixes)
- commit 892f8ec

- IB/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- commit ffaf04e

- RDMA/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- commit 4b8aeed

- RDMA/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- commit 605983a

- uapi: propagate __struct_group() attributes to the container
  union (jsc#SLE-18978).
- commit 3b553e2

- Update References
  patches.suse/Bluetooth-Reject-connection-with-the-device-which-ha.patch
  (git-fixes bsc#1215237 CVE-2020-26555).
- commit 0b8be40

- Update References
  patches.suse/Bluetooth-hci_event-Ignore-NULL-link-key.patch
  (git-fixes bsc#1215237 CVE-2020-26555).
- commit 3386934

- iio: adc: ti_am335x_adc: Fix return value check of
  tiadc_request_dma() (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer
  (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in
  inv_mpu6050_read_raw (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion
  time table (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error
  (git-fixes).
- Input: ipaq-micro-keys - add error handling for devm_kmemdup
  (git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0
  (git-fixes).
- ASoC: hdmi-codec: fix missing report for jack initial status
  (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the
  start conditions (git-fixes).
- pinctrl: at91-pio4: use dedicated lock class for IRQ
  (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for
  rxq->lock (git-fixes).
- ARM: OMAP2+: Fix null pointer dereference and memory leak in
  omap_soc_device_init (git-fixes).
- spi: atmel: Fix clock issue when using devices with different
  polarities (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link
  (git-fixes).
- Revert "PCI: acpiphp: Reassign resources on bridge if necessary"
  (git-fixes).
- PCI: loongson: Limit MRRS to 256 (git-fixes).
- ALSA: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- ALSA: hda/hdmi: add force-connect quirks for ASUSTeK Z170
  variants (git-fixes).
- ALSA: hda/hdmi: add force-connect quirk for NUC5CPYB
  (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- commit ed00079

- Drop PCI AER patch that has been reverted on stable trees
  Deleted:
  patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch
- commit 43c7676

- Drop drm/bridge lt9611uxc patches that have been reverted on stable trees
- commit b9351c7

- smb: client: fix OOB in smbCalcSize() (bsc#1217947
  CVE-2023-6606).
- commit 97b24d1

- Update References
  patches.suse/tty-n_gsm-fix-the-UAF-caused-by-race-condition-in-gs.patch
  (git-fixes bsc#1218335 CVE-2023-6546).
- commit ad12641

- perf: Fix perf_event_validate_size() lockdep splat
  (CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
  bsc#1218258).
- commit 00427a6

- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev
  (git-fixes).
- commit 6c500e1

- s390/vx: fix save/restore of fpu kernel context (git-fixes
  bsc#1218357).
- commit 4f47f85

- blacklist.conf: add nvme entries
- commit 9216151

- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap
  pointers (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none
  (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-pci: factor the iod mempool creation into a helper
  (git-fixes).
  Refresh:
  - patches.suse/nvme-pci-fix-page-size-checks.patch
- commit 19bc755

- Rename to
  patches.suse/nvme-auth-use-chap-s2-to-indicate-bidirectional-auth.patch.
  and move the patch into the sorted section
- commit 633cfe2

- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- commit 513a67c

- bus: ti-sysc: Flush posted write only after srst_udelay
  (git-fixes).
- commit c942b7c

- reset: Fix crash when freeing non-existent optional resets
  (git-fixes).
- commit 6de5ad5

- HID: multitouch: Add quirk for HONOR GLO-GXXX touchpad
  (git-fixes).
- commit 60dd723

- HID: hid-asus: reset the backlight brightness level on resume
  (git-fixes).
- commit 79eff80

- HID: hid-asus: add const to read-only outgoing usb buffer
  (git-fixes).
- commit 1c939ed

- HID: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- commit d088123

- restore renamed device IDs for USB HID devices (git-fixes).
- commit 5519e39

- HID: glorious: fix Glorious Model I HID report (git-fixes).
- commit ad69d7e

- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- commit 513fc35

- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 3ae518f

- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1()
  (git-fixes).
- commit d714a95

- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash()
  (git-fixes).
- commit ad9ad0d

- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- commit 697b74c

- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
  packet (bsc#1218253 CVE-2023-6932).
- commit 87dfb84

- Refresh patches.suse/gve-Tx-path-for-DQO-QPL.patch.
  Fix backport.
- commit f5531ee

- Input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- commit 6d0690b

- Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN
  (git-fixes).
- commit 8fa7ef8

- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs
  (git-fixes).
- commit a4fe241

- ring-buffer: Do not try to put back write_stamp (git-fixes).
- commit df9fac1

- ring-buffer: Have saved event hold the entire event (git-fixes).
- commit 5347597

- ring-buffer: Do not update before stamp when switching
  sub-buffers (git-fixes).
- commit 9c594ba

- tracing: Update snapshot buffer on resize if it is allocated
  (git-fixes).
- commit d5996f1

- ring-buffer: Fix memory leak of free page (git-fixes).
- commit ee5f869

- ring-buffer: Fix writing to the buffer with max_data_size
  (git-fixes).
- commit bb90d48

- blacklist.conf: cleanup
- commit 16dcb62

- usb: hub: Guard against accesses to uninitialized BOS
  descriptors (git-fixes).
- commit 573da1a

- kABI: restore void return to typec_altmode_attention
  (git-fixes).
- commit 9821aa3

- usb: typec: bus: verify partner exists in
  typec_altmode_attention (git-fixes).
- commit 5fea3d2

- blacklist.conf: it changes only logging
- commit 3cbbd08

- r8152: Add RTL8152_INACCESSIBLE checks to more loops
  (git-fixes).
- commit f62163f

- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
  (git-fixes).
- commit 064cc95

- Documentation: drop more IDE boot options and ide-cd.rst
  (git-fixes).
- commit 7993dcc

- Update patches.suse/spi-tegra210-quad-Fix-duplicate-resource-error.patch (git-fixes, jsc#PED-3459
  Add reference to PED-3459
- commit c4a5ea6

- Update patches.suse/spi-tegra210-quad-Multi-cs-support.patch (bsc#1212584, jsc#PED-3459
  Add reference to PED-3459.
- commit fc374a4

- Update patches.suse/spi-tegra210-quad-Fix-combined-sequence.patch (bsc#1212584, jsc#PED-3459)
  Add reference to PED-3459.
- commit bff7fca

- Drop Documentation/ide/ (git-fixes).
- commit d3eb72d

- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- commit 5219779

- tracing: Set actual size after ring buffer resize (git-fixes).
- commit b915dbf

- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- commit 9da609b

- tracing: Reuse logic from perf's get_recursion_context()
  (git-fixes).
- commit adc2c65

- tracing: relax trace_event_eval_update() execution with
  cond_resched() (git-fixes).
- commit 017c09c

- ring-buffer: Force absolute timestamp on discard of event
  (git-fixes).
- commit 703d47b

- tracing: Disable snapshot buffer when stopping instance tracers
  (git-fixes).
- commit ea1804c

- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 416045c

- tracing: Always update snapshot buffer size (git-fixes).
- commit ab3ac02

- kprobes: consistent rcu api usage for kretprobe holder
  (git-fixes).
- commit bd133f6

- tracing/kprobes: Fix the order of argument descriptions
  (git-fixes).
- commit 4822ad0

- tracing: Have the user copy of synthetic event address use
  correct context (git-fixes).
- commit ee4a2b2

- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- commit 5b3fa66

- kabi/severities: ignore kABI for asus-wmi drivers
  Tolerate the kABI changes, as used only locally for asus-wmi stuff
- commit 42dad1e

- platform/x86: asus-wmi: Add support for ROG X13 tablet mode
  (git-fixes).
- commit 1640ab2

- serial: sc16is7xx: address RX timeout interrupt errata
  (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards
  (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe()
  (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- ALSA: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- ALSA: hda/realtek: Enable headset on Lenovo M90 Gen5
  (git-fixes).
- ALSA: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage()
  (git-fixes).
- nilfs2: fix missing error check for sb_set_blocksize call
  (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared
  asus-wmi code (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count
  (git-fixes).
- kconfig: fix memory leak from range properties (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR
  (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c
  (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch
  reporting (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use
  struct wmi_driver (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling
  (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing
  (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use
  enum (git-fixes).
- commit e47d99c

- tracing/kprobes: Fix the description of variable length
  arguments (git-fixes).
- commit ee78d8b

- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section
  (git-fixes).
- commit 946e077

- netfilter: nf_tables: bail out on mismatching dynset and set
  expressions (bsc#1217938 CVE-2023-6622).
- commit de1dd10

- HID: lenovo: Restrict detection of patched firmware only to
  USB cptkbd (git-fixes).
- commit 1bd99d4

- ASoC: wm_adsp: fix memleak in wm_adsp_buffer_populate
  (git-fixes).
- Bluetooth: hci_qca: Fix the teardown problem for real
  (git-fixes).
- Documentation: qat: Use code block for qat sysfs example
  (git-fixes).
- commit c75f6d8

- ALSA: hda/realtek: Add supported ALC257 for ChromeOS
  (git-fixes).
- ALSA: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects
  (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo Ideapad
  Z470 (git-fixes).
- ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- ALSA: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- commit 200c0a2

- blacklist.conf: add two ceph commits
- commit d8d4641

- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- libceph: use kernel_connect() (bsc#1217981).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
  (bsc#1217980).
- commit e3e482f

- arm64: mm: Fix "rodata=on" when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- commit 794f0e7

- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- commit 4dcfded

- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- commit 0fd1b8d

- arm64: dts: arm: add missing cache properties (git-fixes)
- commit 710ea40

- blacklist.conf: ("arm64: dts: broadcom: bcmbca: bcm4908: fix LED nodenames")
- commit 37fe1b1

- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- commit 8cd5213

- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- commit 68db0d6

- tracing: Fix a possible race when disabling buffered events
  (bsc#1217036).
- commit 26540da

- tracing: Fix a warning when allocating buffered events fails
  (bsc#1217036).
- commit ec57b73

- tracing: Fix incomplete locking when disabling buffered events
  (bsc#1217036).
- commit 2d81a3a

- tracing: Disable preemption when using the filter buffer
  (bsc#1217036).
- commit 0ade134

- tracing: Use __this_cpu_read() in
  trace_event_buffer_lock_reserver() (bsc#1217036).
- commit 8aa5d9a

- tracing: Fix warning in trace_buffered_event_disable()
  (git-fixes, bsc#1217036).
- commit b71b6ff

- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325
  (git-fixes).
- commit 19f2446

- nvmet: nul-terminate the NQNs passed in the connect command
  (bsc#1217250 CVE-2023-6121).
- commit e359ed1

- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
  bsc#1217933).
- commit e39e7a6

- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- Revert "xhci: Loosen RPM as default policy to cover for AMD
  xHC 1.1" (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs
  (git-fixes).
- ARM: PL011: Fix DMA support (git-fixes).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit
  (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt
  (git-fixes).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in
  mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write
  (git-fixes).
- commit 09a57bf

- md/raid1: fix error: ISO C90 forbids mixed declarations
  (git-fixes).
- md: raid0: account for split bio in iostat accounting
  (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes
  (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev
  (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store()
  (git-fixes).
- md/md-bitmap: remove unnecessary local variable in
  backlog_store() (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices
  (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- Revert "md: unlock mddev before reap sync_thread in
  action_store" (git-fixes).
- md/raid0: add discard support for the 'original' layout
  (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct()
  (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
  (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
  (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
  (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in
  raid5_read_one_chunk() (git-fixes).
- md/raid10: don't call bio_start_io_acct twice for bio which
  experienced read error (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
  (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request
  (git-fixes).
- commit 75c9e76

- md/raid10: fix task hung in raid10d (git-fixes).
- Refresh patches.suse/md-display-timeout-error.patch for the above change.
- commit 90d12ef

- md: avoid signed overflow in slot_store() (git-fixes).
- md/raid10: factor out code from wait_barrier() to
  stop_waiting_barrier() (git-fixes).
- commit c35659b

- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- Update patches.suse/md-display-timeout-error.patch for the above change.
- commit 77abf5c

- md: raid10 add nowait support (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md/bitmap: don't set max_write_behind if there is no write
  mostly device (git-fixes).
- commit 44a1c08

- blacklist.conf: add non-backport commits
- commit 731fcaa

- kernel-source: Remove config-options.changes (jsc#PED-5021)
  The file doc/config-options.changes was used in the past to document
  kernel config changes. It was introduced in 2010 but haven't received
  any updates on any branch since 2015. The file is renamed by tar-up.sh
  to config-options.changes.txt and shipped in the kernel-source RPM
  package under /usr/share/doc. As its content now only contains outdated
  information, retaining it can lead to confusion for users encountering
  this file.
  Config changes are nowadays described in associated Git commit messages,
  which get automatically collected and are incorporated into changelogs
  of kernel RPM packages.
  Drop then this obsolete file, starting with its packaging logic.
  For branch maintainers: Upon merging this commit on your branch, please
  correspondingly delete the file doc/config-options.changes.
- commit adedbd2

- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
  Reduce indentation in the list of references, make the style consistent
  with README.md.
- commit 70e3c33

- regmap: fix bogus error on regcache_sync success (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value
  (git-fixes).
- commit e5d6930

- doc/README.SUSE: Add how to update the config for module signing
  (jsc#PED-5021)
  Configuration files for SUSE kernels include settings to integrate with
  signing support provided by the Open Build Service. This creates
  problems if someone tries to use such a configuration file to build
  a "standalone" kernel as described in doc/README.SUSE:
  * Default configuration files available in the kernel-source repository
  unset CONFIG_MODULE_SIG_ALL to leave module signing to
  pesign-obs-integration. In case of a "standalone" build, this
  integration is not available and the modules don't get signed.
  * The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
  ".kernel_signing_key.pem" which is a file populated by certificates
  provided by OBS but otherwise not available. The value ends up in
  /boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
  decides to use one of these files as their base configuration then the
  build fails with an error because the specified module signing key is
  missing.
  Add information on how to enable module signing and where to find the
  relevant upstream documentation.
- commit a699dc3

- doc/README.SUSE: Remove how to build modules using kernel-source
  (jsc#PED-5021)
  Remove the first method how to build kernel modules from the readme. It
  describes a process consisting of the kernel-source installation,
  configuring this kernel and then performing an ad-hoc module build.
  This method is not ideal as no modversion data is involved in the
  process. It results in a module with no symbol CRCs which can be wrongly
  loaded on an incompatible kernel.
  Removing the method also simplifies the readme because only two main
  methods how to build the modules are then described, either doing an
  ad-hoc build using kernel-devel, or creating a proper Kernel Module
  Package.
- commit 9285bb8

- blacklist.conf: just in case fix for a corner case
- commit a3fc582

- xhci: Clear EHB bit only at end of interrupt handler
  (git-fixes).
- commit d5adf2a

- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
  (git-fixes).
- commit 5cdcb2d

- usb: host: xhci-plat: fix possible kernel oops while resuming
  (git-fixes).
- commit b0504f4

- NFS: More fixes for nfs_direct_write_reschedule_io()
  (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group()
  (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths
  (bsc#1211162).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling
  (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group()
  (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted
  data (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release
  semantics (bsc#1211162).
- commit e61bcf9

- xfs: make sure maxlen is still congruent with prod when rounding
  down (git-fixes).
- commit 2b9fc44

- xfs: fix units conversion error in xfs_bmap_del_extent_delay
  (git-fixes).
- commit 95e2620

- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- commit bfb62b0

- xfs: return EINTR when a fatal signal terminates scrub
  (git-fixes).
- commit e6f4fe7

- xfs: fix a bug in the online fsck directory leaf1 bestcount
  check (git-fixes).
- commit e328537

- xfs: fix incorrect unit conversion in scrub tracepoint
  (git-fixes).
- Refresh
  patches.suse/xfs-standardize-AG-block-number-formatting-in-ftrace-output.patch.
- Refresh
  patches.suse/xfs-standardize-AG-number-formatting-in-ftrace-output.patch.
- commit e256630

- xfs: decode scrub flags in ftrace output (git-fixes).
- commit d1fe7f7

- xfs: remove the xfs_dsb_t typedef (git-fixes).
- commit 4e9f379

- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- commit e9c4821

- xfs: convert flex-array declarations in struct xfs_attrlist*
  (git-fixes).
- commit e33e297

- xfs: remove the xfs_dinode_t typedef (git-fixes).
- commit c807e19

- xfs: convert flex-array declarations in xfs attr shortform
  objects (git-fixes).
- commit 757cbc7

- xfs: convert flex-array declarations in xfs attr leaf blocks
  (git-fixes).
- commit 1823624

- xfs: use swap() to make dabtree code cleaner (git-fixes).
- commit d160cc2

- xfs: fix silly whitespace problems with kernel libxfs
  (git-fixes).
- commit d822e52

- xfs: rename xfs_has_attr() (git-fixes).
- commit fe8702c

- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- commit 6ea2cef

- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- commit 74d9b5c

- xfs: replace snprintf in show functions with sysfs_emit
  (git-fixes).
- commit 84db35d

- xfs: simplify two-level sysctl registration for xfs_table
  (git-fixes).
- commit 0321d28

- xfs: add selinux labels to whiteout inodes (git-fixes).
- commit 8dc479c

- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- Refresh
  patches.suse/xfs-reject-crazy-array-sizes-being-fed-to-XFS_IOC_GE.patch.
- commit 89900e3

- xfs: clean up "%Ld/%Lu" which doesn't meet C standard
  (git-fixes).
- commit dbcc289

- xfs: aborting inodes on shutdown may need buffer lock
  (git-fixes).
- commit 8b202be

- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- commit 4747a77

- xfs: dump log intent items that cannot be recovered due to
  corruption (git-fixes).
- commit 6f8c678

- xfs: sb verifier doesn't handle uncached sb buffer (git-fixes).
- commit c0c7079

- xfs: remove kmem_alloc_io() (git-fixes).
- commit 831b642

- x86/platform/uv: Use alternate source for socket to node data
  (bsc#1215696 bsc#1217790).
- commit ec7f699

- powerpc: Don't clobber f0/vs0 during fp|altivec register save
  (bsc#1217780).
- commit 46d31e2

- USB: serial: option: add Luat Air72*U series products
  (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: don't claim interface 4 for ZTE MF290
  (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
  (git-fixes).
- commit 4c40fde

- firewire: core: fix possible memory leak in create_units()
  (git-fixes).
- commit 0ade49c

- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- commit 57245d3

- xfs: convert quota options flags to unsigned (git-fixes).
- commit 7dfe466

- xfs: convert inode lock flags to unsigned (git-fixes).
- commit 831f7e2

- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- commit 411032a

- xfs: convert dquot flags to unsigned (git-fixes).
- commit 1630213

- xfs: convert da btree operations flags to unsigned (git-fixes).
- commit 41198d9

- xfs: convert buffer log item flags to unsigned (git-fixes).
- commit d4d0c9c

- xfs: convert btree buffer log flags to unsigned (git-fixes).
- commit ced67a9

- xfs: convert AGI log flags to unsigned (git-fixes).
- commit 66d955b

- xfs: convert AGF log flags to unsigned (git-fixes).
- commit 91cefbb

- xfs: convert bmapi flags to unsigned (git-fixes).
- commit 1ec6360

- xfs: convert bmap extent type flags to unsigned (git-fixes).
- commit 30fead3

- xfs: convert scrub type flags to unsigned (git-fixes).
- commit c3c7c82

- xfs: convert attr type flags to unsigned (git-fixes).
- commit c641f4d

- xfs: convert buffer flags to unsigned (git-fixes).
- commit 6147a1c

- xfs: standardize inode generation formatting in ftrace output
  (git-fixes).
- commit 81e4504

- xfs: standardize remaining xfs_buf length tracepoints
  (git-fixes).
- commit 0960978

- xfs: resolve fork names in trace output (git-fixes).
- commit f8059aa

- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- commit 57eae70

- xfs: disambiguate units for ftrace fields tagged "count"
  (git-fixes).
- commit 863210b

- xfs: disambiguate units for ftrace fields tagged "len"
  (git-fixes).
- commit 09c5eba

- xfs: disambiguate units for ftrace fields tagged "offset"
  (git-fixes).
- commit fd948b6

- xfs: disambiguate units for ftrace fields tagged "blkno",
  "block", or "bno" (git-fixes).
- commit 21df855

- xfs: standardize daddr formatting in ftrace output (git-fixes).
- commit 4559eca

- xfs: standardize rmap owner number formatting in ftrace output
  (git-fixes).
- commit 1582a5c

- xfs: standardize AG block number formatting in ftrace output
  (git-fixes).
- commit c4b29ba

- xfs: standardize AG number formatting in ftrace output
  (git-fixes).
- commit a02451d

- xfs: standardize inode number formatting in ftrace output
  (git-fixes).
- commit 3a0db07

- xfs: add attr state machine tracepoints (git-fixes).
- commit b0c0355

- xfs: mark the record passed into xchk_btree functions as const
  (git-fixes).
- commit 3247184

- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- commit 4b79f37

- xfs: constify btree function parameters that are not modified
  (git-fixes).
- commit ca93659

- xfs: make the start pointer passed to btree update_lastrec
  functions const (git-fixes).
- commit 28eb06c

- xfs: make the start pointer passed to btree alloc_block
  functions const (git-fixes).
- commit 481ec89

- xfs: make the pointer passed to btree set_root functions const
  (git-fixes).
- commit 068596a

- xfs: make the keys and records passed to btree inorder functions
  const (git-fixes).
- commit 42fdf3b

- xfs: mark the record passed into btree init_key functions as
  const (git-fixes).
- Refresh
  patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch.
- commit ff2d5e6

- xfs: make the key parameters to all btree query range functions
  const (git-fixes).
- Refresh
  patches.suse/xfs-make-the-record-pointer-passed-to-query_range-functions-const.patch.
- commit 6c6efbb

- xfs: make the key parameters to all btree key comparison
  functions const (git-fixes).
- Refresh
  patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch.
- commit ff17042

- kernel-binary: suse-module-tools is also required when installed
  Requires(pre) adds dependency for the specific sciptlet.
  However, suse-module-tools also ships modprobe.d files which may be
  needed at posttrans time or any time the kernel is on the system for
  generating ramdisk. Add plain Requires as well.
- commit 8c12816

- scsi: lpfc: Copyright updates for 14.2.0.16 patches
  (bsc#1217731).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events
  (bsc#1217731).
- scsi: lpfc: Refactor and clean up mailbox command memory free
  (bsc#1217731).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver
  is unloading (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in
  lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in
  lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating
  firmware (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw
  logging (bsc#1217731).
- commit beb2571

- x86/tsc: Extend watchdog check exemption to 4-Sockets platform
  (bsc#1215885 bsc#1217217).
- commit 9971d9f

- clocksource: Handle negative skews in "skew is too large"
  messages (bsc#1215885 bsc#1217217).
- commit 0c97af9

- clocksource: Enable TSC watchdog checking of HPET and PMTMR
  only when requested (bsc#1215885 bsc#1217217).
- commit 0d6dfea

- clocksource: Verify HPET and PMTMR when TSC unverified
  (bsc#1215885 bsc#1217217).
- commit e0464f3

- x86/tsc: Add option to force frequency recalibration with HW
  timer (bsc#1215885 bsc#1217217).
- commit 6710fea

- clocksource: Improve "skew is too large" messages (bsc#1215885
  bsc#1217217).
- commit b4f2f8a

- clocksource: Improve read-back-delay message (bsc#1215885
  bsc#1217217).
- commit 7fcc88d

- clocksource: Loosen clocksource watchdog constraints
  (bsc#1215885 bsc#1217217).
- commit 4542fad

- clocksource: Print clocksource name when clocksource is tested
  unstable (bsc#1215885 bsc#1217217).
- commit 9b735fa

- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885
  bsc#1217217).
- commit 8d1f4f9

- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW
  (bsc#1215885 bsc#1217217).
- Update config files. The value of 125 corresponds to a later patch
  in the series.
- commit fd39c65

- net/tls: do not free tls_rec on async operation in
  bpf_exec_tx_verdict() (bsc#1217332 CVE-2023-6176).
- commit 4d4ef94

- Update metadata
- commit ca96232

- Revert "tracing: Fix warning in trace_buffered_event_disable()"
  (bsc#1217036)
  Temporarily revert the commit. It exposed a separate issue related to
  trace buffered event synchronization which needs to be fixed first.
- commit 4a725b5

- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery
  (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery
  (git-fixes).
- commit 49c4783

- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- commit 05bfbfe

- Disable Loongson drivers
  Loongson is a mips architecture, it doesn't make sense to build
  Loongson drivers on other architectures.
- commit 23ca0fb

- NLM: Defend against file_lock changes after vfs_test_lock()
  (bsc#1217692).
- commit 9a0dbb5

- s390/ap: fix AP bus crash on early config change callback
  invocation (git-fixes bsc#1217687).
- commit 7155857

- pinctrl: avoid reload of p state in list iteration (git-fixes).
- commit 37ee48d

- README.SUSE: fix patches.addon use
  It's series, not series.conf in there.
  And make it more precise on when the patches are applied.
- commit cb8969c

- rxrpc: Fix race between conn bundle lookup and bundle removal
  (CVE-2023-2006 bsc#1210447).
- commit 88c559c

- kabi/severities: ignore kabi in rxrpc (bsc#1210447)
  The rxrpc module is built since SLE15-SP3 but it is not shipped as part of
  any SLE product, only in Leap (in kernel-*-optional).
- commit 10d922d

- Do not store build host name in initrd
  Without this patch, kernel-obs-build stored the build host name
  in its .build.initrd.kvm
  This patch allows for reproducible builds of kernel-obs-build and thus
  avoids re-publishing the kernel-obs-build.rpm when nothing changed.
  Note that this has no influence on the /etc/hosts file
  that is used during other OBS builds.
  https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e

- drm/amd/display: use full update for clip size increase of
  large plane source (git-fixes).
- commit 05445b7

- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- Refresh patches.suse/Input-xpad-add-PXN-V900-support.patch.
- commit a3a5e84

- Revert "i2c: pxa: move to generic GPIO recovery" (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from
  FB to inbox (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get()
  (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of
  AER (git-fixes).
- pwm: Fix double shift bug (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block
  length byte (git-fixes).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- drm/amd/display: Avoid NULL dereference of timing generator
  (git-fixes).
- drm/amdgpu: don't use ATRM for external devices (git-fixes).
- media: imon: fix access to invalid resource for the second
  interface (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width
  (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker
  (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i2c: i801: fix potential race in
  i801_block_transaction_byte_by_byte (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing
  DAT_data (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in
  hci_dma_irq_handler (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind()
  (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying
  workaround (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
  (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
  (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width
  fields (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe
  controller (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak
  (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test
  (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM
  L1.2 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer
  is NULL (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum
  (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and
  Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
  (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm
  code (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer
  dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens
  (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad
  X120e (git-fixes).
- regmap: Ensure range selector registers are updated after
  cache sync (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
  (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device
  tables (git-fixes).
- wifi: ath10k: Don't touch the CE interrupt registers after
  power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: mac80211: don't return unset power in
  ieee80211_get_tx_power() (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt
  (git-fixes).
- commit 9bb6805

- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
  (git-fixes).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream
  (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
  (git-fixes).
- commit 806162c

- netfilter: conntrack: dccp: copy entire header to stack buffer,
  not just basic one (CVE-2023-39197 bsc#1216976).
- commit b489a86

- Update upstream references (add CVE-2023-4244 bsc#1215420)
- patches.kabi/kabi-hide-changes-in-struct-nft_set.patch
- patches.suse/netfilter-nf_tables-GC-transaction-API-to-avoid-race.patch
- patches.suse/netfilter-nf_tables-GC-transaction-race-with-abort-p.patch
- patches.suse/netfilter-nf_tables-GC-transaction-race-with-netns-d.patch
- patches.suse/netfilter-nf_tables-fix-GC-transaction-races-with-ne.patch
- patches.suse/netfilter-nf_tables-fix-kdoc-warnings-after-gc-rewor.patch
- patches.suse/netfilter-nf_tables-use-correct-lock-to-protect-gc_l.patch
- commit fee74b6

- blacklist.conf: non-trivial dependencies (bsc#1216105)
- commit b8ada5d

- s390/dasd: fix hanging device after request requeue (git-fixes
  LTC#203629 bsc#1215124).
- commit 1f9716b

- s390/cio: unregister device when the only path is gone
  (git-fixes bsc#1217609).
- commit 1a12a29

- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
  bsc#1217599).
- commit c32f016

- s390/dasd: use correct number of retries for ERP requests
  (git-fixes bsc#1217598).
- commit 71adc5d

- Drivers: hv: vmbus: Remove unused extern declaration
  vmbus_ontimer() (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg
  (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array
  member (git-fixes).
- commit be51c3e

- Update
  patches.suse/net-usb-lan78xx-reorder-cleanup-operations-to-avoid-.patch
  (bsc#1217068 CVE-2023-6039).
  Update reference. Bug retroactively declared a security issue.
- commit 867c96b

- hv_netvsc: Mark VF as slave before exposing it to user-mode
  (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF
  register (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice
  (git-fixes).
- commit bbb7bfb

- s390/dasd: protect device queue against concurrent access
  (git-fixes bsc#1217515).
- commit 85f31b8

- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- commit 9a9e0ef

- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors
  (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral
  (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types
  (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget
  (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery
  (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example
  (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP
  full (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
  (git-fixes).
- ata: pata_isapnp: Add missing error check for devm_ioport_map()
  (git-fixes).
- net: usb: ax88179_178a: fix failed operations during
  ax88179_reset (git-fixes).
- xhci: Enable RPM on controllers that support low-power states
  (git-fixes).
- commit 77def7a

- Ensure ia32_emulation is always enabled for kernel-obs-build
  If ia32_emulation is disabled by default, ensure it is enabled
  back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
  [ms: Always pass the parameter, no need to grep through the config which
  may not be very reliable]
- commit 56a2c2f

- blk-mq: fix null pointer dereference in
  blk_mq_clear_rq_mapping() (bsc#1217366).
- blk-mq: Don't clear driver tags own mapping (bsc#1217366).
- commit dfa78ac

- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
  CVE-2023-45863).
- commit 40e4871

- rpm: Define git commit as macro
- commit bcc92c8

- kernel-source: Move provides after sources
- commit dbbf742

- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error
  path (git-fixes).
- commit 04adf1c

- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers
  (git-fixes).
- Refresh
  patches.suse/drm-bridge-lt8912b-Add-hot-plug-detection.patch.
- commit 44c514b

- drm/bridge: tc358768: Disable non-continuous clock mode
  (git-fixes).
- Refresh
  patches.suse/drm-bridge-tc358768-always-enable-HS-video-mode.patch.
- Refresh
  patches.suse/drm-bridge-tc358768-fix-TCLK_TRAILCNT-computation.patch.
- commit 1bb57d4

- platform/x86: wmi: remove unnecessary initializations
  (git-fixes).
- Refresh
  patches.suse/platform-x86-wmi-use-bool-instead-of-int.patch.
- commit 9e3bd62

- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
  (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
  (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
  (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check
  to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Revert "Don't restart communication if
  not necessary" (git-fixes).
- HID: logitech-hidpp: Don't restart IO, instead defer
  hid_connect() only (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path
  (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free
  of svm code (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled
  (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup()
  (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx
  queues (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
  (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices
  (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi
  (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name()
  (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use
  ti_dt_clk_name() (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names
  (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at
  probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers
  (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe
  (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- commit ff3b9ac

- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
  (git-fixes).
- commit fe6b179

- Update
  patches.suse/vringh-don-t-use-vringh_kiov_advance-in-vringh_iov_x.patch
  (git-fixes, bsc#1215710, CVE-2023-5158).
- commit aba4986

- s390/crashdump: fix TOD programmable field size (git-fixes
  bsc#1217205).
- commit 4fa67bc

- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- commit 705073c

- s390/pkey: fix/harmonize internal keyblob headers (git-fixes
  bsc#1217200).
- commit 1330336

- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- commit 797642c

- s390/ipl: add missing secure/has_secure file to ipl type
  'unknown' (bsc#1214976 git-fixes).
- commit 293b1d2

- hv_netvsc: fix netvsc_send_completion to avoid multiple message
  length checks (git-fixes).
- commit e571a42

- blacklist.conf: fix for only partially backported commit
- commit f8344aa

- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- Update config files.
- supported.conf: marked idpf supported
- commit 8518538

- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- PCI: Disable ATS for specific Intel IPU E2000 devices
  (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: piggy back on the memory barrier in bql when waking queues
  (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake
  code (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- docs: net: move the probe and open/close sections of driver.rst
  up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections
  (bsc#1215458).
- Documentation: networking: correct possessive "its"
  (bsc#1215458).
- commit 0dd7c0b

- blacklist.conf: Add 2ef269ef1ac0 cgroup/cpuset: Free DL BW in case can_attach() fails
- commit 635fb82

- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag
  (bsc#1217124).
- scsi: lpfc: Validate ELS LS_ACC completion payload
  (bsc#1217124).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role
  for NPIV ports (bsc#1217124).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the
  same as pci offline (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in
  lpfc_sli4_hba_setup (bsc#1217124).
- commit 36a063a

- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
  (git-fixes).
- scsi: qla2xxx: Fix double free of dsd_list during driver load
  (git-fixes).
- commit 7802965

- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- commit 8a9ffd3

- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- commit ec1fe6f

- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- commit bff85fe

- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- commit 5802265

- arm64: armv8_deprecated move emulation functions (git-fixes)
- commit cb05023

- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- commit 3a9b307

- arm64: rework EL0 MRS emulation (git-fixes)
- commit 9ce6c60

- arm64: factor insn read out of call_undef_hook() (git-fixes)
- commit 6831136

- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- commit c8a644d

- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- commit de48edd

- arm64: allow kprobes on EL0 handlers (git-fixes)
- commit c9ac567

- arm64: rework BTI exception handling (git-fixes)
- commit f21a31f

- arm64: rework FPAC exception handling (git-fixes)
- commit da959d5

- arm64: consistently pass ESR_ELx to die() (git-fixes)
- commit b804637

- arm64: die(): pass 'err' as long (git-fixes)
- commit bac59fc

- arm64: report EL1 UNDEFs better (git-fixes)
- commit 0e93130

- nvme: update firmware version after commit (bsc#1215292).
- commit 1d3b546

- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
  Not supported by our compiler.
- commit eb32b5a

- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
  (LTC#203997 bsc#1217086).
- commit 651d5ec

- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- commit aa2ec99

- s390/mm: add missing arch_set_page_dat() call to gmap
  allocations (LTC#203997 bsc#1217086).
- commit b3d336b

- s390/mm: add missing arch_set_page_dat() call to
  vmem_crst_alloc() (LTC#203997 bsc#1217086).
- commit f15e0fe

- s390/cmma: fix initial kernel address space page table walk
  (LTC#203997 bsc#1217086).
- commit d8f4afa

- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- commit 39cb2fd

- igb: set max size RX buffer when store bad packet is enabled
  (bsc#1216259 CVE-2023-45871).
- commit 15c91c9

- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
  (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe
  (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
  (git-fixes).
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
  (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing
  (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- Input: synaptics-rmi4 - fix use after free in
  rmi_unregister_function() (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
  (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of
  chip_data (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait
  behavior (git-fixes).
- commit ba5a839

- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit 90eeaff

- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
  Implement KABI fix for above
- commit 6ca2dbc

- Update patch reference for QXL fix (CVE-2023-39198 bsc#1216965)
- commit d6014b6

- Add tag to
  patches.suse/RDMA-irdma-Prevent-zero-length-STAG-registration.patch
  (git-fixes CVE-2023-25775).
- commit 3c6e962

- can: isotp: fix race between isotp_sendsmg() and isotp_release()
  (git-fixes).
- Refresh
  patches.suse/can-isotp-isotp_sendmsg-fix-return-error-fix-on-TX-p.patch.
- commit b988ee1

- can: isotp: split tx timer into transmission and timeout
  (git-fixes).
- commit 65b452a

- can: isotp: fix tx state handling for echo tx processing
  (git-fixes).
- commit 9db78d6

- can: isotp: add local echo tx processing for consecutive frames
  (git-fixes).
- Refresh
  patches.suse/can-isotp-set-default-value-for-N_As-to-50-micro-sec.patch.
- commit 6c424b2

- usb: storage: set 1.50 as the lower bcdDevice for older "Super
  Top" compatibility (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards
  (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards
  (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
  (git-fixes).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD
  device (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of
  of_clk_get_parent_name (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en()
  (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus
  trsnsport (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in
  d40_probe (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation
  (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling
  (git-fixes).
- can: isotp: handle wait_event_interruptible() return values
  (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID
  formatting (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- commit d668003

- regmap: prevent noinc writes from clobbering cache (git-fixes).
- pcmcia: ds: fix possible name leak in error path in
  pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add()
  (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd()
  (git-fixes).
- commit afd2c59

- media: venus: hfi_parser: Add check to keep the number of
  codecs within range (git-fixes).
- media: venus: hfi: add checks to handle capabilities from
  firmware (git-fixes).
- media: venus: hfi: fix the check to handle session buffer
  requirement (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue
  pointers (git-fixes).
- media: siano: Drop unnecessary error check for
  debugfs_create_dir/file() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- media: lirc: drop trailing space from scancode transmit
  (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: ccs: Correctly initialise try compose rectangle
  (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer
  (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls
  (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check
  (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output()
  (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe
  (git-fixes).
- commit b662ba0

- xfs: can't use kmem_zalloc() for attribute buffers
  (bsc#1216909).
- commit 02f7309

- i3c: master: svc: fix SDA keep low when polling IBIWON timeout
  happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler
  (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte
  (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during
  start frame (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread
  (git-fixes).
- i3c: Fix potential refcount leak in
  i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band
  data while checking for ECC failure (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
  (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running
  (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in
  pxad_free_desc() (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors
  (git-fixes).
- usb: raw-gadget: properly handle interrupted requests
  (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
  (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
  (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by
  driver concurrency (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead
  connections (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks
  (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu()
  (git-fixes).
- serial: exar: Revert "serial: exar: Add support for Sealevel
  7xxxC serial cards" (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
  (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- commit 9eaffc2

- mm/hmm: fault non-owner device private entries (bsc#1216844,
  jsc#PED-7237, git-fixes).
- commit 32900e8

- ARM: 9321/1: memset: cast the constant byte to unsigned char
  (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated'
  issue for 'cpu' (git-fixes).
- leds: pwm: Don't disable the PWM when the LED should be off
  (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated
  devs (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting
  (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
  (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
  (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter
  or member not described (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables
  with name prefix (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
  (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time
  (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler
  (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space
  (git-fixes).
- PCI: keystone: Don't discard .probe() callback (git-fixes).
- PCI: keystone: Don't discard .remove() callback (git-fixes).
- PCI: exynos: Don't discard .remove() callback (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
  (git-fixes).
- commit ee1f9b6

- selftests/resctrl: Reduce failures due to outliers in MBA/MBM
  tests (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its
  array (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption
  (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid
  info are skipped (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
  (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands
  (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating
  plane state (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc()
  (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in
  cdn_dp_probe() (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable
  (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call
  (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
  drm_bridge_state (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc
  funcs (git-fixes).
- commit 811f56a

- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
  (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from
  PLL clocks (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
  (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: qcom: mmcc-msm8998: Don't check halt bit on some branch
  clks (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent
  frequencies (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
  (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register
  WMI devices (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name
  (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe()
  (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf()
  (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the
  list (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
  (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
  (git-fixes).
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- thermal: core: prevent potential string overflow (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for
  debugfs_create_file() (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- can: dev: can_put_echo_skb(): don't crash kernel if
  can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): fix race condition between controller
  restart and netif_carrier_on() (git-fixes).
- can: dev: can_restart(): don't crash kernel if carrier is OK
  (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- commit 23d4c08

- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
  Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
  to fix build on x86_32.
  There was a fix submitted to upstream but it was not accepted:
  https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
  So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37

- io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
  (bsc#1216693 CVE-2023-46862).
- commit 7e92d76

- blacklist.conf: Add d243b34459ce kernel/fork: beware of __put_task_struct() calling context
- commit 6b082e7

- net-memcg: Fix scope of sockmem pressure indicators
  (bsc#1216759).
- commit adef0b8

- blacklist.conf: Add dc6e0818bc9a sched/cpuacct: Optimize away RCU read lock
- commit 3d40657

- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- commit 589a255

- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- commit 7c87ee0

- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- commit b9734f1

- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- commit 4f89ad9

- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- commit 83c32c0

- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- commit 215ed36

- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- commit 4005ffa

- iio: exynos-adc: request second interupt only when touchscreen
  mode is used (git-fixes).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for
  UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature
  thresholds (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures
  (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
  (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event
  (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
  (git-fixes).
- r8152: Release firmware if we have an error in probe
  (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe
  (git-fixes).
- r8152: Run the unload routine if we have errors during probe
  (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec
  (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
  (git-fixes).
- net: ieee802154: adf7242: Fix some potential buffer overflow
  in adf7242_stats_show() (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- commit e69ab42

- netfilter: nf_tables: skip bound chain on rule flush
  (bsc#1215095 CVE-2023-3777).
- commit afb7c25

- Update
  patches.suse/0001-x86-sev-Disable-MMIO-emulation-from-user-mode.patch
  (bsc#1212649 CVE-2023-46813).
- Update
  patches.suse/0002-x86-sev-Check-IOBM-for-IOIO-exceptions-from-user-spa.patch
  (bsc#1212649 CVE-2023-46813).
- Update
  patches.suse/0003-x86-sev-Check-for-user-space-IOIO-pointing-to-kernel.patch
  (bsc#1212649 CVE-2023-46813).
- commit dd6a315

- quota: Fix slow quotaoff (bsc#1216621).
- commit 988e5f4

- x86/sev: Check for user-space IOIO pointing to kernel space
  (bsc#1212649).
- commit 816f817

- x86/sev: Check IOBM for IOIO exceptions from user-space
  (bsc#1212649).
- commit 2b69036

- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- commit 5dae47e

- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
  (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch
  (git-fixes).
- platform/surface: platform_profile: Propagate error if profile
  registration fails (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c
  events (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from
  0x20 to 0x2e (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
  (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new
  firmware (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
  (git-fixes).
- mmc: core: Capture correct oemid-bits for eMMC cards
  (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad
  HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event
  (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: Reject connection with the device which has same
  BD_ADDR (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S
  (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device
  (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in
  holtek_kbd_input_event (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted
  key (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
  (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- i2c: mux: Avoid potential false error message in
  i2c_mux_add_adapter (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock
  (git-fixes).
- commit b480af6

- nvme-fc: Prevent null pointer dereference in
  nvme_fc_io_getuuid() (bsc#1214842).
- commit 3b513db

- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
  bsc#1210778).
- commit 86e05f1

- Update
  patches.suse/USB-ene_usb6250-Allocate-enough-memory-for-full-obje.patch
  (bsc#1216051 CVE-2023-45862).
  Retroactively recognized as a security issue
- commit 716929e

- KVM: s390: fix gisa destroy operation might lead to cpu stalls
  (git-fixes bsc#1216512).
- commit 3976fa9

- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- commit 2bb6835

- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes
  bsc#1216510).
- commit d475feb

- ACPI: irq: Fix incorrect return value in acpi_register_gsi()
  (git-fixes).
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
  (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure
  (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are
  successful (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are
  successful (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status
  (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are
  successful (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
  (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode
  (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe
  errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
  (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling
  (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers
  (git-fixes).
- commit 766bf5d

- net/sched: fix netdevice reference leaks in
  attach_default_qdiscs() (git-fixes).
- commit 31c27cf

- net: sched: add barrier to fix packet stuck problem for lockless
  qdisc (bsc#1216345).
- commit 508758e

- net: sched: fixed barrier to prevent skbuff sticking in qdisc
  backlog (bsc#1216345).
- commit 839637c

- Fix metadata references
- commit 42e4c9a

- net: rfkill: gpio: prevent value glitch during probe
  (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
  (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
  (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn
  (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in
  send_acknowledge() (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane
  bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with
  Intel Maple Ridge (git-fixes).
- Input: powermate - fix use-after-free in
  powermate_config_complete (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- Input: goodix - ensure int GPIO is in input for gpio_count ==
  1 && gpio_int_idx == 0 case (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
  (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amd/display: Don't set dpms_off for seamless boot
  (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl()
  (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
  (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
  (git-fixes).
- commit e8f9edc

- sched/rt: Fix live lock between select_fallback_rq() and RT push
  (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes
  (sched)).
- commit a2350c1

- blacklist.conf: Applies only to RCU tiny configurations
- commit 1d1726b

- blacklist.conf: Cosmetic change for !SMP configurations
- commit c9d6cc0

- blacklist.conf: KABI hazard, only backport in response to a customer bug to justify the complexity
- commit 96bc817

- sched/deadline,rt: Remove unused parameter from
  pick_next_[rt|dl]_entity() (git fixes (sched)).
- Refresh
  patches.suse/sched-rt-pick_next_rt_entity-check-list_entry.patch.
- commit d7f894e

- regmap: fix NULL deref on lookup (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting
  mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
  (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
  (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap
  call (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback
  (git-fixes).
- usb: musb: Modify the "HWVers" register address (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests
  (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
  (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK
  logic (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode
  (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer
  (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
  (git-fixes).
- dmaengine: idxd: use spin_lock_irqsave before
  wait_event_lock_irq (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid
  overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking
  (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable
  (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link
  training (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe
  (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- commit 7f63276

- netfilter: nf_tables: unbind non-anonymous set if rule
  construction fails (git-fixes).
- commit b7f718b

- KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in
  usermode (git-fixes).
- commit 5316d19

- block: fix revalidate performance regression (bsc#1216057).
- commit 1c2461c

- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs
  is changed (git-fixes).
- commit 1d58a92

- vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  (git-fixes).
- commit d4a31a2

- 9p: virtio: make sure 'offs' is initialized in zc_request
  (git-fixes).
- commit 66e7266

- Update config files: unset CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B
  for Arm
  Configuration option CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B=y is used
  only in the armv7hl + arm64 configurations and appears to be a relic
  from the update procedure in commit 98da1c5f42d ("SLE15-SP4: Update the
  base kernel version to 5.14.").
  Unset it because the option is intended for debugging, not really useful
  for production and makes the text size of vmlinux unnecessarily bigger
  by ~10%
- commit 4229357

- xen-netback: use default TX queue size for vifs (git-fixes).
- commit 84805af

- netfilter: nf_tables: skip immediate deactivate in
  _PREPARE_ERROR (CVE-2023-39193 bsc#1215860).
- commit 6c937af

- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- commit 0a3d3d4

- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with
  bound set/chain (git-fixes).
- commit 2e62a61

- Update metadata
- commit e780ccd

- net: usb: dm9601: fix uninitialized variable use in
  dm9601_mdio_read (git-fixes).
- commit 236df4a

- crypto: qat - fix crypto capability detection for 4xxx
  (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree()
  (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - set deprecated capabilities as reserved
  (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h
  (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc
  service (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - fix concurrency issue when device state changes
  (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - Include algapi.h for low-level Crypto API
  (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node()
  (PED-6401).
- Documentation: qat: change kernel version (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer'
  (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe
  (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- commit 3c119b1

- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- commit 555c311

- vmbus_testing: fix wrong python syntax for integer value
  comparison (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present
  CPUs (git-fixes).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc()
  fails (git-fixes).
- commit a15e7ae

- nvmet-tcp: Fix a possible UAF in queue intialization setup
  (bsc#1215768 CVE-2023-5178).
- commit b965ee1

- bpf: Fix incorrect verifier pruning due to missing register
  precision taints (bsc#1215518 CVE-2023-2163).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- commit 71da1d6

- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- commit 3666b58

- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
  xsa-441, cve-2023-34324).
- commit 291fb99

- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
  CVE-2023-39189).
- commit 77dc791

- blacklist.conf: the codebase changed too much to backport the patch
- commit 11474a7

- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- commit cf25442

- blk-cgroup: support to track if policy is online (bsc#1216062).
- commit 45c3300

- mm, memcg: reconsider kmem.limit_in_bytes deprecation
  (bsc#1208788 bsc#1213705).
- commit bdf774a

- Revert "Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch."
  This reverts commit 52c1db3eb4e2acbdd91aaaefddc26b7207cd4c90.
  It'll be fixed differently in a following commit.
  Restore the commit with upstream commit already for proper sorting.
- commit 8474b47

- blk-cgroup: Fix NULL deref caused by blkg_policy_data being
  installed before init (bsc#1216062).
- commit c2395af

- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 6f5ac45

- HID: sony: remove duplicate NULL check before calling
  usb_free_urb() (git-fixes).
- commit 7cd0962

- i2c: mux: gpio: Replace custom acpi_get_local_address()
  (git-fixes).
- commit ef5fd69

- gpio: aspeed: fix the GPIO number passed to
  pinctrl_gpio_set_config() (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
  (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe()
  (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
  (git-fixes).
- wifi: mwifiex: Fix oob check condition in
  mwifiex_process_rx_packet (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when
  creating new node (git-fixes).
- nilfs2: fix potential use after free in
  nilfs_gccache_submit_read_data() (git-fixes).
- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- firmware: arm_ffa: Don't set the memory region attributes for
  MEM_LEND (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading
  registers (git-fixes).
- firmware: imx-dsp: Fix an error handling path in
  imx_dsp_setup_channels() (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in
  sysc_reset() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports
  (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED
  OPERATION CODES (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
  (git-fixes).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property()
  (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
  (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of
  devm_kstrdup() (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path
  (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
  (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
  (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo
  ThinkCentre M70q (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl
  (git-fixes).
- drm/amd/display: Don't check registers, if using AUX BL control
  (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and
  RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte
  (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not
  already running (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe
  (git-fixes).
- commit 22d41cc

- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- commit 38bd5fc

- r8152: check budget for r8152_poll() (git-fixes).
- commit b4330ba

- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- commit 165e98e

- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- commit ad12009

- RDMA/mlx5: Fix NULL string error (git-fixes)
- commit 5556b81

- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- commit 8c4cdf4

- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- commit a7c580d

- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- commit 7e80897

- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- commit 6e18278

- RDMA/siw: Fix connection failure handling (git-fixes)
- commit 107f7c6

- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- commit ecb5c5e

- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
  (jsc#PED-5021)
- commit c05cfc9

- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e

- ring-buffer: Do not attempt to read past "commit" (git-fixes).
- commit ee556e0

- ring-buffer: Avoid softlockup in ring_buffer_resize()
  (git-fixes).
- commit bd7050f

- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- commit fda0bf6

- ring-buffer: Update "shortest_full" in polling (git-fixes).
- commit aad1d04

- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 296da6c

- tracing: Have event inject files inc the trace array ref count
  (git-fixes).
- commit 817c093

- tracing: Have option files inc the trace array ref count
  (git-fixes).
- commit 921a48a

- tracing: Have current_trace inc the trace array ref count
  (git-fixes).
- commit 586ee6a

- tracing: Have tracing_max_latency inc the trace array ref count
  (git-fixes).
- commit 322c826

- tracing: Increase trace array ref count on enable and filter
  files (git-fixes).
- commit fa9da0d

- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- commit de7b87f

- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback
  support (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops
  callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops
  callback (bsc#1212423).
- commit b7a7693

- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860).
- commit 6e15654

- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- commit 7ac0d16

- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- commit 14aa242

- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956
  LTC#203788 bsc#1215957).
- commit a4355b3

- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
  (bsc#1215955).
- commit 59f5010

- blacklist.conf: Add c0f78fd5edcf cgroup/cpuset: Iterate only if DEADLINE tasks are present
  ... and its prereqs
- commit a4ba12c

- blacklist.conf: Add 98dfdd9ee939 sched/psi: Select KERNFS as needed
- commit d326b7e

- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- commit 48235ff

- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- commit 237820b

- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 8ed20a4
util-linux
- Add upstream patch
  util-linux-libuuid-avoid-truncate-clocks.txt-to-improve-perform.patch
  bsc#1207987 gh#util-linux/util-linux@1d98827edde4
libxcrypt
- fix variable name for datamember in 'struct crypt_data' [bsc#1215496]
- added patches
  fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2
  + libxcrypt-man-fix-variable-name.patch
lvm2
- Error creating linux volume on SAN device lvmlockd (bsc#1215229)
  + bug-1215229_lvmlockd-use-4K-sector-size-when-any-dev-is-4K.patch
mozilla-nss
- update to NSS 3.90.1
  * bmo#1813401 - regenerate NameConstraints test certificates.
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.

- Add nss-fix-bmo1813401.patch to fix bsc#1214980
gcc13
- Add gcc13-bsc1216664.patch, works around SAP ASE DB crash during
  C++ standard library initialization.  [bsc#1216664]

- add pr111411.patch (bsc#1215427)
ncurses
- Add patch bsc1218014-cve-2023-50495.patch
  * Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()

- Add patch boo1201384.patch
  * Do not fully reset serial lines
openssl-1_1
- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch
pciutils
- Apply "lspci-Fixed-buffer-overflows-in-ls-tree.c.patch" to fix a
  buffer overflow error that would cause lspci to crash on systems
  with complex topologies. [bsc#1215265]
- Add "pciutils.keyring" so that the tarball's signature can be
  verified at build time.
- Use "%license" tag instead of "%doc" to install the package's
  license file.
polkit
- Change permissions for rules folders (bsc#1209282)
procps
- Submit latest procps 3.3.17 to SLE-15 tree for jira#PED-3244
  and jira#PED-6369
- The patches now upstream had been dropped meanwhile
  * procps-vmstat-1b9ea611.patch (bsc#1185417)
  - For support up to 2048 CPU as well
  * bsc1209122-a6c0795d.patch (bnc#1209122)
  - allow `-´ as leading character to ignore possible errors
    on systctl entries
  * patch procps-ng-3.3.9-bsc1121753-Cpus.patch (bsc#1121753)
  - was a backport of an upstream fix to get the first CPU
    summary correct
- Enable pidof for SLE-15 as this is provided by sysvinit-tools
- Use a check on syscall __NR_pidfd_open to decide if
  the pwait tool and its manual page will be build

- Modify patches
  * procps-ng-3.3.9-w-notruncate.diff
  * procps-ng-3.3.17-logind.patch
  to real to not truncate output of w with option -n

- procps-ng-3.3.17-logind.patch: Backport from 4.x git, prefer
  logind over utmp (jsc#PED-3144)
libsolv
- add zstd support for the installcheck tool
- add putinowndirpool cache to make file list handling in
  repo_write much faster
- bump version to 0.7.27

- fix evr roundtrip in testcases
- do not use deprecated headerUnload with newer rpm versions
- bump version to 0.7.26

- support complex deps in SOLVABLE_PREREQ_IGNOREINST
- fix minimization not prefering installed packages in some cases
- reduce memory usage in repo_updateinfoxml
- fix lock-step interfering with architecture selection
- fix choice rule handing for package downgrades
- fix complex dependencies with an "else" part sometimes leading
  to unsolved dependencies
- bump version to 0.7.25
sqlite3
- Sync version 3.44.0 from Factory
  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
  * Obsoletes sqlite-CVE-2022-46908.patch
  * Obsoletes sqlite-src-3390000-func7-pg-181.patch
libssh
- Update to version 0.9.8
  * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
  * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
  * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
  * Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
  * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
    guessing (bsc#1211188)
  * Fix CVE-2023-2283: a possible authorization bypass in
    pki_verify_data_signature under low-memory conditions (bsc#1211190)
  * Fix several memory leaks in GSSAPI handling code
systemd
- Import commit 2cb4d40f1c6a388706af8a83d5344fc0de3c6f4d (merge of v249.17)
  c8578cef7f resolved: actually check authenticated flag of SOA transaction

- Import commit 86f0670d3a01c1a2d4df17f1c68d03f1586195e3
  ba7f1df7a5 vconsole-setup: simplify error handling
  94f4eaea77 Introduce RET_GATHER and use it in src/shared/
  e02406fcc1 mount: replace UNIT_DEPENDENCY_MOUNTINFO_OR_FILE with UNIT_DEPENDENCY_MOUNTINFO/UNIT_DEPENDENCY_MOUNT_FILE
  0b8db54511 mount: drop UNIT_DEPENDENCY_MOUNTINFO_IMPLICIT and UNIT_DEPENDENCY_MOUNTINFO_DEFAULT
  98ba536bd1 mount: always use UNIT_DEPENDENCY_FILE in mount_add_quota_dependencies()
  73c7b2bb48 core/mount: make device deps from /proc/self/mountinfo and .mount unit file exclusive
  ba585a28d7 core: Add trace logging to mount_add_device_dependencies()
  36e0a4f80f core/mount: also remove default deps from /proc/self/mountinfo when it is updated (bsc#1217460)
  bc107c86c3 core/mount: set Mount.from_proc_self_mountinfo flag before adding default dependencies
  ce4907c7c3 core: wrap some long comment

- Import commit e677079182c975ecdad88a76f657fecb4de523d9
  7692c5bda8 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
  29c3eb4681 utmp-wtmp: fix error in case isatty() fails
  98970eb90b homed: handle EINTR gracefully when waiting for device node
  0305809edd resolved: handle -EINTR returned from fd_wait_for_event() better
  40db4d6abe sd-netlink: handle EINTR from poll() gracefully, as success
  5e681711c6 varlink: also handle EINTR gracefully when waiting for EIO via ppoll()
  6bbd70f092 stdio-bridge: don't be bothered with EINTR
  f978feb591 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
  746962ff40 core: replace slice dependencies as they get added (bsc#1214668)

- systemd.spec: add missing `%tmpfiles_create systemd-resolve.conf`

- Rename 0001-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch into
  1013-strip-the-domain-part-from-etc-hostname-when-setting.patch
- Rename 0003-strip-the-domain-part-from-etc-hostname-when-setting.patch into
  1014-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
- Rename 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch into
  1015-networkd-make-network.service-an-alias-of-systemd-ne.patch
- Rename 0007-networkd-make-network.service-an-alias-of-systemd-ne.patch into
  1016-core-disable-session-keyring-per-system-sevice-entir.patch
- Rename 0011-core-disable-session-keyring-per-system-sevice-entir.patch into
  1017-restore-var-run-and-var-lock-bind-mount-if-they-aren.patch
  Hence these patch files can be easily identified as SLE specific ones.
libtirpc
- fix sed parsing for libtirpc.pc.in in specfile (boo#1216862)

-  update to 1.3.4 (bsc#1199467)
  * binddynport.c honor ip_local_reserved_ports
  - replaces: binddynport-honor-ip_local_reserved_ports.patch
  * gss-api: expose gss major/minor error in authgss_refresh()
  * rpcb_clnt.c: Eliminate double frees in delete_cache()
  * rpcb_clnt.c: memory leak in destroy_addr
  * portmapper: allow TCP-only portmapper
  * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
  * clnt_raw.c: fix a possible null pointer dereference
  * bindresvport.c: fix a potential resource leakage
- update to 1.3.3 (bsc#1201680, CVE-2021-46828):
  * Fix DoS vulnerability in libtirpc
  - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
  * _rpc_dtablesize: use portable system call
  * libtirpc: Fix use-after-free accessing the error number
  * Fix potential memory leak of parms.r_addr
  - replaces 0001-fix-parms.r_addr-memory-leak.patch
  * rpcb_clnt.c add mechanism to try v2 protocol first
  - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  * Eliminate deadlocks in connects with an MT environment
  * clnt_dg_freeres() uncleared set active state may deadlock
  * thread safe clnt destruction
  * SUNRPC: mutexed access blacklist_read state variable
  * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
- drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream)
- update to 1.3.2:
  * Replace the final SunRPC licenses with BSD licenses
  * blacklist: Add a few more well known ports
  * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
- Update to libtirpc 1.3.1
  * Remove AUTH_DES interfaces from auth_des.h
    The unsupported  AUTH_DES authentication has be
    compiled out since commit d918e41d889 (Wed Oct 9 2019)
    replaced by API routines that return errors.
  * svc_dg: Free xp_netid during destroy
  * Fix memory management issues of fd locks
  * libtirpc: replace array with list for per-fd locks
  * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
  * __rpc_dtbsize: rlim_cur instead of rlim_max
  * pkg-config: use the correct replacements for libdir/includedir
  Patches replaced by update:
  binddynport-honor-ip_local_reserved_ports.patch (bsc#1199467)
  0001-Fix-DoS-vulnerability-in-libtirpc.patch (bsc#1201680)
  0001-fix-parms.r_addr-memory-leak.patch (bsc#1198752)
  0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  (bsc#1196647), (bsc#1200800), (bsc#1198176)
  * replaces /etc/netconfig-try-2-first by the environment variable
  RPCB_V2FIRST
libxml2
- Security update:
  * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
    in tree.c
  - Added file libxml2-CVE-2023-45322.patch
libzypp
- CheckAccessDeleted: fix 'running in container' filter
  (bsc#1218291)
- version 17.31.27 (22)

- Call zypp commit plugins during transactional update (fixes #506)
- Add support for loongarch64 (fixes #504)
- Teach MediaMultiCurl to download HTTP Multibyte ranges.
- Teach zsync downloads to MultiCurl.
- Expand RepoVars in URLs downloading a .repo file (bsc#1212160)
  Convenient and helps documentation as it may refer to a single
  command for a bunch of distributions. Like e.g. "zypper ar
  'https://server.my/$releasever/my.repo'".
- version 17.31.26 (22)

- Fix build issue with zchunk build flags (fixes #500)
- version 17.31.25 (22)

- Open rpmdb just once during execution of %posttrans scripts
  (bsc#1216412)
- Avoid using select() since it does not support fd numbers >
  1024 (fixes #447)
- tools/DownloadFiles: use standard zypp progress bar (fixes #489)
- Revert "Color download progress bar" (fixes #475)
  Cyan is already used for the output of RPM scriptlets. Avoid this
  colorific collision between download progress bar and scriptlet
  output.
- Fix ProgressBar's calculation of the printed tag position (fixes #494)
- Switch zypp::Digest to Openssl 3.0 Provider API (fixes #144)
- Fix usage of deprecated CURL features (fixes #486)
- version 17.31.24 (22)

- Stop using boost version 1 timer library (fixes #489,
  bsc#1215294)
- version 17.31.23 (22)

- Preliminary disable 'rpm --runposttrans' usage for chrooted
  systems (bsc#1216091)
  This limits the %transfiletrigger(postun|in) support in the
  default installer if --root is used (as described in bsc#1041742).
  The chrooted execution of the scripts in 'rpm --runposttrans'
  broke in rpm-4.18. It's expected to be fixed in rpm-4.19.
  Then we'll enable the feature again.
- fix comment typo on zypp.conf (boo#1215979)
- version 17.31.22 (22)

- Attempt to delay %transfiletrigger(postun|in) execution if rpm
  supports it (bsc#1041742)
  Decide during installation whether rpm is capable of delayed
  %posttrans %transfiletrigger(postun|in) execution or whether we
  can just handle the packages %posttrans. On TW a delayed
  %transfiletrigger handling is possible since rpm-4.17.
- Make sure the old target is deleted before a new one is created
  (bsc#1203760)
- version 17.31.21 (22)
openssh
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
  This mitigates a prefix truncation attack that could be used to
  undermine channel security.

- Enhanced SELinux functionality. Added
  * openssh-7.8p1-role-mls.patch
    Proper handling of MLS systems and basis for other SELinux
    improvements
  * openssh-6.6p1-privsep-selinux.patch
    Properly set contexts during privilege separation
  * openssh-6.6p1-keycat.patch
    Add ssh-keycat command to allow retrival of authorized_keys
    on MLS setups with polyinstantiation
  * openssh-6.6.1p1-selinux-contexts.patch
    Additional changes to set the proper context during privilege
    separation
  * openssh-7.6p1-cleanup-selinux.patch
    Various changes and putting the pieces together
  For now we don't ship the ssh-keycat command, but we need the patch
  for the other SELinux infrastructure
  This change fixes issues like bsc#1214788, where the ssh daemon
  needs to act on behalf of a user and needs a proper context for this
pam
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
  [bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]

- pam_lastlog: check localtime_r() return value (bsc#1217000)
  * Added: pam-bsc1217000-pam_lastlog-check-localtime_r-return-value.patch
psmisc
- Fix version at configure time as there was no .tarball-version
python-instance-billing-flavor-check
- Version 0.0.4
  Run the command as sudo only (bsc#1217696, bsc#1217695)

- Version 0.0.3
  Handle exception for Python 3.4
python-chardet
- Fix update-alternative in %postun, bsc#1218765
python3-cryptography
- Add CVE-2023-49083.patch to fix A null-pointer-dereference and
  segfault could occur when loading certificates from a PKCS#7 bundle.
  bsc#1217592
python-psutil
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Fix tests: setuptools changed the builddir library path and does
  not find the module from it. Use the installed platlib instead
  and exclude psutil.tests only later.
- Refresh skip-obs.patch
salt
- Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157)
- Allow all primitive grain types for autosign_grains (bsc#1214477)
- Added:
  * allow-all-primitive-grain-types-for-autosign_grains-.patch
  * fix-cve-2023-34049-bsc-1215157.patch

- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
  on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Added:
  * improve-salt.utils.json.find_json-bsc-1213293.patch
  * only-call-native_str-on-curl_debug-message-in-tornad.patch
  * fix-optimization_order-opt-to-prevent-test-fails.patch
  * use-salt-call-from-salt-bundle-with-transactional_up.patch
  * implement-the-calling-for-batch-async-from-the-salt-.patch
  * fix-calculation-of-sls-context-vars-when-trailing-do.patch
python-urllib3
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
  gh#urllib3/urllib3@4e98d57809da
regionServiceClientConfigGCE
- Update to version 4.0.1 (bsc#1217538)
  + Replace 130.211.242.136.pem and 130.211.88.88.pem certs
    expiring in 8 years and new length of 4096
    These certs will replace the current certs that
    expire soon
runc
- Update to runc v1.1.10. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.10>.
selinux-policy
- Update to version 20210716+git65.8c9b6599:
  * Allow keepalived_t read+write kernel_t pipes (bsc#1216060)
  * Support new PING_CHECK health checker in keepalived
  * allow init to run bpf programs. We do this during early startup (bsc#1215423)
  * Allow sysadm_t run kernel bpf programs

- Extend module list for targeted policy
  * timedatex
  * rrdcached
  * stratisd

- Update to version 20210716+git59.bb8b3de0:
  * Allow keepalived to manage its tmp files (bsc#1216060)

- Packaging rework. Move policy to git repository
  Please use `osc service manualrun` to update this OBS package to the
  newest git version.
  * Added _service and _servicedata file that pulls from selinux-policy and tar it
  * Replaced old tar file: fedora-policy-20210716.tar.bz2
    with tar file generated via OBS service: selinux-policy-20210716+git57.84b4e7eb.tar.xz
  * Updated selinux-policy.spec to build selinux-policy with
    container-selinux
  * Removed suse specific modules as they are now covered by git commits
  * packagekit.te packagekit.if packagekit.fc
  * rebootmgr.te rebootmgr.if rebootmgr.fc
  * rtorrent.te rtorrent.if rtorrent.fc
  * wicked.te wicked.if wicked.fc
  * Removed *.patch as they are now covered by git commits:
  * fix_accountsd.patch
  * fix_apache.patch
  * fix_auditd.patch
  * fix_authlogin.patch
  * fix_automount.patch
  * fix_chronyd.patch
  * fix_cockpit.patch
  * fix_colord.patch
  * fix_corecommand.patch
  * fix_cron.patch
  * fix_dbus.patch
  * fix_djbdns.patch
  * fix_dovecot.patch
  * fix_firewalld.patch
  * fix_fwupd.patch
  * fix_geoclue.patch
  * fix_hadoop.patch
  * fix_hypervkvp.patch
  * fix_init.patch
  * fix_iptables.patch
  * fix_irqbalance.patch
  * fix_java.patch
  * fix_kernel_sysctl.patch
  * fix_libraries.patch
  * fix_locallogin.patch
  * fix_logging.patch
  * fix_logrotate.patch
  * fix_mcelog.patch
  * fix_miscfiles.patch
  * fix_nagios.patch
  * fix_networkmanager.patch
  * fix_nis.patch
  * fix_nscd.patch
  * fix_ntp.patch
  * fix_openvpn.patch
  * fix_postfix.patch
  * fix_rpm.patch
  * fix_screen.patch
  * fix_selinuxutil.patch
  * fix_smartmon.patch
  * fix_snapper.patch
  * fix_sslh.patch
  * fix_sysnetwork.patch
  * fix_systemd.patch
  * fix_systemd_watch.patch
  * fix_thunderbird.patch
  * fix_unconfined.patch
  * fix_unconfineduser.patch
  * fix_unprivuser.patch
  * fix_usermanage.patch
  * fix_xserver.patch
  * init_watch_unallocated_ttys.patch
  * sedoctool.patch
- Move update.sh to selinux-devel-tools git repository (does not need
  to be tracked by OBS since it is an internal tool for package update)
suse-build-key
- replace libzypp-post-script based installation with a systemd timer
  and service.
  - suse-build-key-import.service
  - suse-build-key-import.timer
suse-module-tools
- Update to version 15.4.19:
  * rpm-script: add symlink /boot/.vmlinuz.hmac (bsc#1217775)
suseconnect-ng
- Update to version 1.6.0
  * Disable EULA display for addons (bsc#1218649 and bsc#1217961)

- Update to version 1.5.0
  * Configure docker credentials for registry authentication
  * Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364)
  * Add --json output option

- Update to version 1.4.0
  * Added EULA display for addons (bsc#1170267)
  * Fix zypper argument for auto-agreeing licenses (bsc#1214781)
  * Enable building on SLE12 SP5 (jsc#PED-3179)

- Update to version 1.3.0
  * Track .changes file in git

- Update to version 1.2.0~git0.abd0fec:
  * enhance docs for package testing
  * Fixed `provides` to work with yast2-registration on SLE15 < SP4 (bsc#1212799)
  * Improve error message if product set more than once
tar
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
  PAX archives can lead to a crash, bsc#1217969
  * fix-CVE-2023-39804.patch
vim
- Updated to version 9.0 with patch level 2103, fixes the following security problems
  * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
  * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
  * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
  * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103
xen
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
  xsa449.patch

- Upstream bug fixes (bsc#1027519)
  62ab2ed9-x86-more-MSR_ARCH_CAPS.patch
  64763137-x86-AutoIBRS-definitions.patch
  652fef4f-x86-AMD-erratum-1485.patch
  6532858d-x86-DOITM.patch
  65437103-x86-i8259-dont-assume-IRQs-always-target-CPU0.patch
  65536847-AMD-IOMMU-correct-level-for-quarantine-pt.patch
  65536848-x86-spec-ctrl-remove-conditional-IRQs-on-ness.patch
  655b2ba9-fix-sched_move_domain.patch
  6566fef3-x86-vLAPIC-x2APIC-derive-LDR-from-APIC-ID.patch
  6569ad03-libxg-mem-leak-in-cpu-policy-get-set.patch
  656ee5e1-x86emul-avoid-triggering-event-assertions.patch
  656ee602-cpupool-adding-offline-CPU.patch
  656ee6c3-domain_create-error-path.patch
- Patches dropped / replaced by newer upstream versions
  xsa445.patch
  xsa446.patch

- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
  fully effective (XSA-446)
  xsa446.patch

- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
  IOMMU quarantine page table levels (XSA-445)
  xsa445.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  650abbfe-x86-shadow-defer-PV-top-level-release.patch
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
  65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
  65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
  65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
  65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
  65087004-x86-entry-restore_all_xen-stack_end.patch
  65087005-x86-entry-track-IST-ness-of-entry.patch
  65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
  65087007-x86-AMD-Zen-1-2-predicates.patch
  65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  65263471-libfsimage-xfs-remove-dead-code.patch
  65263472-libfsimage-xfs-amend-mask32lo.patch
  65263473-libfsimage-xfs-sanity-check-superblock.patch
  65263474-libfsimage-xfs-compile-time-check.patch
  65263475-pygrub-remove-unnecessary-hypercall.patch
  65263476-pygrub-small-refactors.patch
  65263477-pygrub-open-output-files-earlier.patch
  65263478-libfsimage-function-to-preload-plugins.patch
  65263479-pygrub-deprivilege.patch
  6526347a-libxl-allow-bootloader-restricted-mode.patch
  6526347b-libxl-limit-bootloader-when-restricted.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
  6526347d-x86-PV-auditing-of-guest-breakpoints.patch
- Upstream bug fixes (bsc#1027519)
  64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
  64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
  64f71f50-Arm-handle-cache-flush-at-top.patch
  65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
- Patches dropped / replaced by newer upstream versions
  xsa438.patch
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch
  xsa442.patch
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
  xsa444-1.patch
  xsa444-2.patch
zypper
- Fix search/info commands ignoring --ignore-unknown (bsc#1217593)
  The switch makes search commands return 0 rather than 104 for
  empty search results.
- version 1.14.68

- patch: Make sure reboot-needed is remembered until next boot
  (bsc#1217873)
- version 1.14.67

- Return 104 also if info suggests near matches (fixes #504)
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- Fix typo (fixes #484)
- version 1.14.66

- Fix some typos and spelling errors found by Lintian (fixes #501)
- Prefer unaliased `grep` to avoid unexpected/wrong completions.
  (#503)
- commit: Insert a headline to separate output of different rpm
  scripts (bsc#1041742)
- Fix typo in changes file.
- version 1.14.65