apparmor
- Add update-samba-bgqd.diff to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).
audit-secondary
- Fix unhandled ECONNREFUSED with LDAP environments (bsc#1196645)
  * add libaudit-fix-unhandled-ECONNREFUSED-from-getpwnam-25.patch
augeas
- add augeas-sysctl_parsing.patch (bsc#1197443)
  * backport original patch and rebase.
autofs
- autofs-5.1.3-only-take-master-map-mutex-for-master-m.patch
  Take master map mutex for master map updates only. (bsc#1191625)
bind
- Security Fixes:
  * Previously, there was no limit to the number of database lookups
  performed while processing large delegations, which could be abused
  to severely impact the performance of named running as a recursive
  resolver. This has been fixed.
  [bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
  * A memory leak was fixed that could be externally triggered in the
  DNSSEC verification code for the ECDSA algorithm.
  [bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
  * Memory leaks were fixed that could be externally triggered in the
  DNSSEC verification code for the EdDSA algorithm.
  [bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
binutils
- Add binutils-revert-rela.diff to revert back to old behaviour
  of not ignoring the in-section content of to be relocated
  fields on x86-64, even though that's a RELA architecture.
  Compatibility with buggy object files generated by old tools.
  [bsc#1198422]
ca-certificates-mozilla
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
  Added:
  - Certainly Root E1
  - Certainly Root R1
  - DigiCert SMIME ECC P384 Root G5
  - DigiCert SMIME RSA4096 Root G5
  - DigiCert TLS ECC P384 Root G5
  - DigiCert TLS RSA4096 Root G5
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  Removed:
  - Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
  Added:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - D-TRUST BR Root CA 1 2020
  - D-TRUST EV Root CA 1 2020
  - GlobalSign ECC Root CA R4
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
  - HiPKI Root CA - G1
  - ISRG Root X2
  - Telia Root CA v2
  - vTrus ECC Root CA
  - vTrus Root CA
  Removed:
  - Cybertrust Global Root
  - DST Root CA X3
  - DigiNotar PKIoverheid CA Organisatie - G2
  - GlobalSign ECC Root CA R4
  - GlobalSign Root CA R2
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
  + HARICA Client ECC Root CA 2021
  + HARICA Client RSA Root CA 2021
  + HARICA TLS ECC Root CA 2021
  + HARICA TLS RSA Root CA 2021
  + TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5
cifs-utils
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
  (bsc#1198976, CVE-2022-29869)
  * add cifs-utils-CVE-2022-29869.patch
- CVE-2022-27239: mount.cifs: fix length check for ip option
  parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
  * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
cloud-regionsrv-client
- Follow up fix to 10.0.4 (bsc#1202706)
  - While the source code was updated to support SLE Micro the spec file
    was not updated for the new locations of the cache and the certs.
    Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
  - Handle exception when trying to deregister a system form the server
- Update to version 10.0.4 (bsc#1199668)
  - Store the update server certs in the /etc path instead of /usr to
    accomodate read only setup of SLE-Micro
crash
- Fix lookup of symbol "/linux_banner"/, as in newer kernels the symbol is
  placed in the .init section ('D') as opposed to the read-only section ('R').
  Also make this specific to kernels >= 2.6.11. This fix is a combination of
  upstream commit fce91bec and a chunk from upstream commit 9fab193e.
  (bsc#1195911)
  Added:
    crash-Fix-the-failure-of-reporting-vmcore-and-vmlinux-do-n.patch
  - ------------------------------------------------------------------
cronie
- Allow to define the logger info and warning priority, fixes
  jsc#SLE-24577
  * run-crons
  * sysconfig.cron
curl
- Security fix: [bsc#1202593, CVE-2022-35252]
  * Control codes in cookie denial of service
  * Add curl-CVE-2022-35252.patch
- Security fix: [bsc#1200735, CVE-2022-32206]
  * HTTP compression denial of service
  * Add curl-CVE-2022-32206.patch
- Security fix: [bsc#1200737, CVE-2022-32208]
  * FTP-KRB bad message verification
  * Add curl-CVE-2022-32208.patch
- Securiy fix: [bsc#1199223, CVE-2022-27781]
  * CERTINFO never-ending busy-loop
  * Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
  * TLS and SSH connection too eager reuse
  * Add curl-CVE-2022-27782.patch
- Security fix: [bsc#1198766, CVE-2022-27776]
  * Auth/cookie leak on redirect
  * Add backported curl-CVE-2022-27776.patch
- Security fix: [bsc#1198614, CVE-2022-22576]
  * OAUTH2 bearer bypass in connection re-use
  * Add curl-CVE-2022-22576.patch
dhcp
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
dracut
- fix kernel name parsing in purge-kernels script (bsc#1199453)
e2fsprogs
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
  sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
expat
- Security fix:
  * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
    function in xmlparse.c
  - Added patch expat-CVE-2022-40674.patch
gcc11
- Update to the GCC 11.3.0 release.
  * includes SLS hardening backport on x86_64.  [bsc#1195283]
- Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635
  * includes gcc11-pr104931.patch
  * includes fix for Firefox ICE  [gcc#105256]
- Add provides/conflicts to glibc crosses since only one GCC version
  for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit.
- Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406
  * includes change to adjust gnats idea of the target, fixing
    the build of gprbuild.  [bsc#1196861]
- Add gcc11-pr104931.patch to fix miscompile of embedded premake
  in 0ad on i586.  [bsc#1197065]
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
  to Recoomends.
- Remove sys/rseq.h from include-fixed
- Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173
  * Fix D memory corruption in -M output.
  * Fix ICE in is_this_parameter with coroutines.  [boo#1193659]
- Enable the cross compilers also on i586
- Enable some cross compilers also in rings
- Remove cross compilers for i386 target
- Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018
  * fixes issue with debug dumping together with -o /dev/null
  * fixes libgccjit issue showing up in emacs build  [boo#1192951]
- Package mwaitintrin.h
- Remove spurious exit from change_spec.
- Enable the full cross compiler, cross-aarch64-gcc11 and
  cross-riscv64-gcc11 now provide a fully hosted C (and C++)
  cross compiler, not just a freestanding one.  I.e. with a cross
  glibc.  They don't yet support the sanitizer libraries.
  Part of [jsc#OBS-124].
glib2
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
  with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
google-guest-agent
- Update to version 20220204.00 (bsc#1195437, bsc#1195438)
  * remove han from owners (#154)
  * Remove extra slash from metadata URL. (#151)
- from version 20220104.00
  * List IPv6 routes (#150)
- from version 20211228.00
  * add add or remove route integration test, utils (#147)
- from version 20211214.00
  * add malformed ssh key unit test  (#142)
google-guest-configs
- Update to version 20220211.00 (bsc#1195437, bsc#1195438)
  * Set NVMe-PD IO timeout to 4294967295. (#32)
google-guest-oslogin
- Update to version 20220205.00 (bsc#1195437, bsc#1195438)
  * Fix build for EL9. (#82)
- from version 20211213.00
  * Reauth error (#81)
- Rename Source0 field to Source
- Update URL in Source field to point to upstream tarball
google-osconfig-agent
- Update to version 20220209.00 (bsc#1195437, bsc#1195438)
  * Update licences, remove deprecated centos-8 tests (#414)
- Update to version 20220204.00
  * Add DisableLocalLogging option (#413)
- from version 20220107.00
  * OS assignment example: Copy file from bucket
gpg2
- Security fix [CVE-2022-34903, bsc#1201225]
  - Vulnerable to status injection
  - Added patch gnupg-CVE-2022-34903.patch
grub2
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
  * 0001-video-Remove-trailing-whitespaces.patch
  * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
  * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
  * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
  * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
  * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
  * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
  * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
  * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
  * 0010-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
  * 0011-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
  * 0012-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
  * 0013-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
  * 0014-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
  * 0015-video-readers-png-Sanity-check-some-huffman-codes.patch
  * 0016-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  * 0017-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
  * 0018-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
  * 0019-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
  * 0020-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
  * 0021-net-ip-Do-IP-fragment-maths-safely.patch
  * 0022-net-netbuff-Block-overly-large-netbuff-allocs.patch
  * 0023-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
  * 0024-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
  * 0025-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
  * 0026-net-tftp-Avoid-a-trivial-UAF.patch
  * 0027-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0028-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0029-net-http-Error-out-on-headers-with-LF-without-CR.patch
  * 0030-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
  * 0031-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
  * 0032-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
  * 0033-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
  0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
  the root LV is completely in the boot LUN (bsc#1197948)
  * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
gzip
- Add hardening for zgrep (CVE-2022-1271, bsc#1198062)
  * bsc1198062-2.patch
icu
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
  from upstream, use LocalMemory for cmd to prevent use after free
  (bsc#1193951 CVE-2020-21913).
json-c
- Added CVE-2020-12762.patch (bsc#1171479, CVE-2020-12762)
- Added gcc7-fix.patch
- Update to upstream release 0.12.1
- Removed upstream fixed json-c-0.12-unused_variable_size.patch
- Added fix-set-but-not-used.patch
- json-c 0.12
  Fixes for security issues contained in this release have been
  previously patched into this package, but listed for completeness:
  * Address security issues:
  * CVE-2013-6371: hash collision denial of service
  * CVE-2013-6370: buffer overflow if size_t is larger than int
- Further changes:
  * Avoid potential overflow in json_object_get_double
  * Eliminate the mc_abort() function and MC_ABORT macro.
  * Make the json_tokener_errors array local.  It has been deprecated for
    a while, and json_tokener_error_desc() should be used instead.
  * change the floating point output format to %.17g so values with
    more than 6 digits show up in the output.
  * Remove the old libjson.so name compatibility support.  The library is
    only created as libjson-c.so now and headers are only installed
    into the ${prefix}/json-c directory.
  * When supported by the linker, add the -Bsymbolic-functions flag.
  * Make strict mode more strict:
  * number must not start with 0
  * no single-quote strings
  * no comments
  * trailing char not allowed
  * only allow lowercase literals
  * Added a json_object_new_double_s() convenience function to allow
    an exact string representation of a double to be specified when
    creating the object and use it in json_tokener_parse_ex() so
    a re-serialized object more exactly matches the input.
  * Add support NaN and Infinity
- packaging changes:
  * json-c-hash-dos-and-overflow-random-seed-4e.patch is upstream
  * Move from json-c-lfs.patch which removed warning errors and
    autoconf call to json-c-0.12-unused_variable_size.patch from
    upstream which fixes the warning
  * except for SLE 11 where autoreconf call is required
  * add licence file to main package
kernel-default
- Revert "/sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)"/
  This reverts commit 8d1c33d1ed3d4b198344cf4cf8763447532f6b90
  since it breaks the build
- commit 253e49e
- Add CVE reference on lightnvm removal patch
  modified:
  - patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 0412b0e
- fbdev: fb_pm2fb: Avoid potential divide by zero error (bsc#1154048)
- commit 0429966
- video: fbdev: s3fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 1828312
- video: fbdev: arkfb: Check the size of screen before memset_io() (bsc#1154048)
- commit 960c031
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (bsc#1154048)
- commit 8e21ba7
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (bsc#1154048)
- commit 24dad4e
- video: fbdev: sis: fix typos in SiS_GetModeID() (bsc#1154048)
- commit 3b41e99
- video: fbdev: amba-clcd: Fix refcount leak bugs (bsc#1154048)
  Backporting notes:
  * context changes
- commit f023a62
- Revert "/drivers/video/backlight/platform_lcd.c: add support for (bsc#1154048)
- commit 6c2117a
- sysfb: Enable boot time VESA graphic mode selection (bsc#1129770)
  Backporting notes:
  * context changes
  * config update
- commit 8d1c33d
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1129770)
- commit 015493e
- Revert "/video: hgafb: fix potential NULL pointer dereference"/ (bsc#1129770)
  Backporting notes:
  * test return value of ioremap() and return an error
- commit dfae32b
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
  (CVE-2022-41848 bsc#1203987).
- commit 4b5f9dc
- Input: melfas_mip4 - fix return value check in mip4_probe()
  (git-fixes).
- commit 327938f
- xhci: bail out early if driver can't accress host in resume
  (git-fixes).
- commit 7b6647e
- blacklist.conf: no gadget mode in SLE12
- commit 4ef9a32
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 0686374
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit 6704bc6
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 0c59466
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 80ea4bf
- scsi: qla2xxx: Remove unused declarations for qla2xxx
  (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
  Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
  handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
  informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
  qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 6a1070c
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
  ISP27XX (bsc#1203935).
- commit c812e29
- blacklist.conf: Add 1bf4580e00a2 fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- commit 2a37e27
- Input: stop telling users to snail-mail Vojtech (git-fixes).
- commit d956a8c
- Input: iforce - constify usb_device_id and fix space before
  '[' error (git-fixes).
- commit bfb50de
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (git-fixes).
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: lpfc: Add missing destroy_workqueue() in error path
  (git-fixes).
- commit b282bf7
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- commit f6eaf2e
- USB: serial: option: add Quectel RM500K module support.
- commit 981a205
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- commit 3376669
- USB: serial: option: add Telit LE910Cx 0x1250 composition
  (git-fixes).
- commit f8d705a
- blacklist.conf: irrelevant in our configurations
- commit c5487ee
- USB: serial: option: add support for Cinterion MV31 with new
  baseline (git-fixes).
- commit ce91afd
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
  (git-fixes).
- commit 2a4a3b7
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
  (git-fixes).
- commit 4e282b8
- usb: typec: altmodes/displayport: correct pin assignment for
  UFP receptacles (git-fixes).
- commit 85d64e6
- usb: dwc2: fix wrong order of phy_power_on and phy_init
  (git-fixes).
- commit 63072dd
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
  (git-fixes).
- commit 93c7c8f
- blacklist.conf: irrelevant in our configurations
- commit 1ea4ae1
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit fc09d0c
- blacklist.conf: blacklist commit 02c0cab8e734
- commit 07b2c53
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 21400d8
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
  bsc#1203769).
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit accf4df
- md: call __md_stop_writes in md_stop (git-fixes).
- Revert "/md-raid: destroy the bitmap after destroying the thread"/
  (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
  reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFSD: Fix zero-length NFSv3 WRITEs (git-fixes).
- commit ab754e2
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit a86f7ba
- media: dvb-core: Fix UAF due to refcount races at releasing
  (CVE-2022-41218 bsc#1202960).
- commit 231362a
- blacklist.conf: add several SCSI commits to black list
- commit 82ee683
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit b210a45
- media: em28xx: initialize refcount before kref_get
  (CVE-2022-3239 bsc#1203552).
- commit 477c587
- powerpc: Use device_type helpers to access the node type
  (bsc#1203424 ltc#199544).
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-update-code.patch.
- commit b1e0425
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
  ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 5d51965
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- Refresh for the above patch added in,
  blacklist.conf: remove the above patch from blaclist.conf
  patches.suse/0034-dm-verity-add-check_at_most_once-option-to-only-vali.patch.
- commit 1b3d265
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit b644c0f
- Update references:
  - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
  - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
  - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
  - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
  - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
  - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
  - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
  - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
  (add CVE-2022-32296 bsc#1200288)
- commit 97c264a
- x86/bugs: Reenable retbleed=off
  While for older kernels the return thunks are statically built in and
  cannot be dynamically patched out, retbleed=off should still be possible
  to do so that the mitigation can still be disabled on Intel who don't
  use the return thunks but IBRS.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit e330fc7
- dm thin metadata: Fix use-after-free in dm_bm_set_read_only
  (bsc#1203462).
- commit b3b2090
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit 39653db
- Update
  patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
  (bsc#1124235), adding back Refernces lost in previous update.
- commit 47c6490
- scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure
  (git-fixes).
- Refresh patches.suse/scsi-libfc-handling-of-extra-kref.
- commit 27f7754
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit 1fdd74c
- git_sort: Cleanup series_insert test setup and add test for patch with
  missing headers
- commit 05c630d
- scsi: ch: Make it possible to open a ch device multiple times
  again (git-fixes).
- Refresh
  patches.suse/ch-add-missing-mutex_lock-mutex_unlock-in-ch_release.patch.
- Replace/Refresh
  patches.suse/ch-fixup-refcounting-imbalance-for-SCSI-devices.patch
  ("/scsi: ch: fixup refcounting imbalance for SCSI devices"/)
  with actual upstream version of this commit, which makes it apply
  correctly (it was just a "/submitted"/ version)
- commit cb2ed7c
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
  when ftrace is dead (git-fixes).
- commit 6d3bb9f
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 85ce439
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit a67ea91
- Refresh
  patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit ed06fa8
- scsi: lpfc: Check the return value of alloc_workqueue()
  (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
  device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: sd: Fix Opal support (git-fixes).
- scsi: mpt3sas: Fix ioctl timeout (git-fixes).
- scsi: mpt3sas: Fix sync irqs (git-fixes).
- scsi: mpt3sas: Don't call disable_irq from IRQ poll handler
  (git-fixes).
- scsi: sd: enable compat ioctls for sed-opal (git-fixes).
- scsi: sd_zbc: Fix compilation warning (git-fixes).
- Revert "/scsi: sd: Keep disk read-only when re-reading partition"/
  (git-fixes).
- scsi: core: Avoid that a kernel warning appears during system
  resume (git-fixes).
- scsi: core: Avoid that system resume triggers a kernel warning
  (git-fixes).
- commit 2cdb167
- cifs: clean up an inconsistent indenting (bsc#1190317).
- commit 84e7187
- git_sort: Check if Patch-mainline tag exists
  If Patch-mainline and Git-commit tags are missing in the patch, sort script
  will fail with:
    IndexError: list index out of range
  This change ensures that Patch-mainline tag is present and if not, raise
  an error to warn the user.
- commit 10d17a7
- Update
  patches.suse/mm-rmap.c-don-t-reuse-anon_vma-if-we-just-want-a-copy.patch
  (git-fixes, bsc#1203098).
- commit 3881fc3
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
  (CVE-2022-39188, bsc#1203107).
- commit 7df6276
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
  (CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
  bsc#1202097).
- commit 7253cd6
- fuse: limit nsec (bsc#1203126).
- commit 4695dc9
- blacklist.conf: add 2fdbb8dd0155 to blacklist
- commit 374db7c
- objtool: Track original function across branches (bsc#1202396).
- Refresh
  patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- Refresh
  patches.suse/objtool-make-bp-scratch-register-warning-more-robust.patch.
- commit d5d2614
- objtool: Don't use ignore flag for fake jumps (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- commit 3c1c10e
- objtool: Add --backtrace support (bsc#1202396).
- Refresh
  patches.suse/objtool-clean-instruction-state-before-each-function-validation.patch.
- commit 59346c1
- objtool: Set insn->func for alternatives (bsc#1202396).
- Refresh patches.suse/objtool-add-is_static_jump-helper.patch.
- Refresh
  patches.suse/objtool-add-relocation-check-for-alternative-sections.patch.
- commit 55a9c4c
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  (git-fixes, bsc#1203098).
  kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
  leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit 9b79372
- mm/rmap.c: don't reuse anon_vma if we just want a copy
  (git-fixes, bsc#1203098).
- commit d3fffdb
- cifs: fix the cifs_reconnect path for DFS (bsc#1190317).
- commit 8addcab
- MyBS: Fix upload to OBS.
  When a cookie is received and SSH authentication is not used osc_wrapper
  crashes with message:
  Can't use an undefined value as a symbol reference at MyBS.pm line 290.
  Fix this by not trying to save cookies for plain authentication.
- commit fc4c81a
- blacklist.conf: add c5deb27895e0, as no fix is needed (problem can't occur)
- commit d29d53a
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit 7fc364d
- Update
  patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Update
  patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
  Add missing objtool annotations from upstream commits to fix bsc#1202396.
- commit 8f6e21f
- KVM: x86: Set error code to segment selector on LLDT/LTR
  non-canonical #GP (git-fixes).
- commit 3b2de9e
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
  checks (git-fixes).
- commit beb4e5a
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- commit df2ab3a
- objtool: Add support for intra-function calls (bsc#1202396).
- commit 72c2448
- objtool: Remove INSN_STACK (bsc#1202396).
- commit df6f4c2
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit 696a729
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit 9614631
- objtool: Fix ORC vs alternatives (bsc#1202396).
- commit 7725f8e
- objtool: Uniquely identify alternative instruction groups
  (bsc#1202396).
- commit cad8676
- objtool: Remove check preventing branches within alternative
  (bsc#1202396).
- commit f556567
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- commit 7537bdc
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit b0b1864
- objtool: Rename struct cfi_state (bsc#1202396).
- commit f1ccddb
- objtool: Support multiple stack_op per instruction
  (bsc#1202396).
- commit bd1355d
- objtool: Support conditional retpolines (bsc#1202396).
- commit 7d5809e
- objtool: Convert insn type to enum (bsc#1202396).
- commit 1160056
- objtool: Rename elf_open() to prevent conflict with libelf
  from elftoolchain (bsc#1202396).
- commit c167b3d
- objtool: Use Elf_Scn typedef instead of assuming struct name
  (bsc#1202396).
- commit fc37030
- squashfs: fix xattr id and id lookup sanity checks
  (bsc#1203013).
- commit e118d89
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- commit 6748621
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
  "/find -xtype l"/ will report them, so use that to make the search a bit
  faster (without using shell).
- commit 13bbc51
- cifs: move from strlcpy with unused retval to strscpy
  (bsc#1190317).
- commit bb4c21d
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl()
  (bsc#1190317).
- commit f2b9741
- cifs: remove unused server parameter from calc_smb_size()
  (bsc#1190317).
- commit c52dabc
- cifs: Do not use tcon->cfid directly, use the cfid we get from
  open_cached_dir (bsc#1190317).
- commit ed7d7cd
- cifs: fix lock length calculation (bsc#1190317).
- commit 704a256
- cifs: alloc_mid function should be marked as static
  (bsc#1190317).
- commit 1cd087c
- cifs: remove "/cifs_"/ prefix from init/destroy mids functions
  (bsc#1190317).
- commit 7d1a646
- cifs: remove useless DeleteMidQEntry() (bsc#1190317).
- commit 39cdb6e
- cifs: remove remaining build warnings (bsc#1190317).
- commit bb9d34f
- smb2: small refactor in smb2_check_message() (bsc#1190317).
- commit 36dc5c1
- cifs: remove minor build warning (bsc#1190317).
- commit 99f07da
- cifs: remove some camelCase and also some static build warnings
  (bsc#1190317).
- commit 12a6e0e
- cifs: remove unnecessary (void*) conversions (bsc#1190317).
- commit 042656d
- cifs: remove redundant initialization to variable
  mnt_sign_enabled (bsc#1190317).
- commit 5f2fe58
- smb3: check xattr value length earlier (bsc#1190317).
- commit 420acb4
- linux.keyring: Downgrade to older format.
  Compatibility with SLE12 SP5.
- commit cd7de7f
- mkspec: eliminate @NOSOURCE@ macro
  This should be alsways used with @SOURCES@, just include the content
  there.
- commit 403d89f
- kernel-source: include the kernel signature file
  We assume that the upstream tarball is used for released kernels.
  Then we can also include the signature file and keyring in the
  kernel-source src.rpm.
  Because of mkspec code limitation exclude the signature and keyring from
  binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
  Same as other kernel binary packages there is no need to carry duplicate
  sources in dtb packages.
- commit 1bd288c
- smb3: add trace point for SMB2_set_eof (bsc#1190317).
- commit cc50c41
- cifs: return errors during session setup during reconnects
  (bsc#1190317).
- commit f26e757
- cifs: fix uninitialized pointer in error case in
  dfs_cache_get_tgt_share (bsc#1190317).
- commit 2cd67ba
- cifs: skip trailing separators of prefix paths (bsc#1190317).
- commit 6ad2a16
- cifs: version operations for smb20 unneeded when legacy support
  disabled (bsc#1190317).
- commit c14744a
- cifs: when extending a file with falloc we should make files
  not-sparse (bsc#1190317).
- commit 722a067
- smb3: check for null tcon (bsc#1190317).
- commit 19827ce
- cifs: return the more nuanced writeback error on close()
  (bsc#1190317).
- commit 21102b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
  (bsc#1190317).
- commit 55e93f1
- smb3: don't set rc when used and unneeded in query_info_compound
  (bsc#1190317).
- commit b7a8710
- cifs: smbd: fix typo in comment (bsc#1190317).
- commit 0fd8d36
- cifs: set the CREATE_NOT_FILE when opening the directory in
  use_cached_dir() (bsc#1190317).
- commit 18a7023
- cifs: check for smb1 in open_cached_dir() (bsc#1190317).
- commit cebd44b
- cifs: move definition of cifs_fattr earlier in cifsglob.h
  (bsc#1190317).
- commit de5bdb2
- objtool: Fix sibling call detection (bsc#1202396).
- commit 7a3804d
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- commit 34b4ec9
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
  CVE-2022-3028).
- commit e68eb5b
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit c9ac9a2
- tar-up.sh: Include kernel signature in OBS upload.
  It is not clear that OBS can handle uncompressed tar signatures but it
  can still be verified manually.
- commit cb24650
- Update patch reference for net rds fix (CVE-2022-21385 bsc#1202897)
- commit d995183
- scripts: Verify tarball signature before use.
  While there are Linux tarballs provided in standard location on many
  machines it is not clear where these mirrors are mounted from, how
  secure was the mirroring proccess, and the storage itself.
  For local testing it is faster to use git but for OBS builds we want
  the upstream tarballs to get bit-identical tarball files, and then we
  also want the verification to ensure integrity of the mirror.
  xz compressions is not completely deterministic, and while the tarball
  content should be the same the bit representation varies. When
  uploadiong to OBS it is desirable to use bit-identical files to prevent
  OBS storing multiple big files with the same content inside but not
  apparently identical.
- commit a075c40
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit cbbd572
- powerpc/perf: Add privileged access check for thread_imc
  (FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
  (FATE#322448, bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in
  (FATE#322448, bsc#1054914, git-fixes).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo)
  (FATE#322448, bsc#1054914, git-fixes).
  - Refresh patches.suse/powerpc-powernv-Return-for-invalid-IMC-domain.patch
- commit 0095cdd
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
  (bsc#1190317).
- commit ef2c03a
- SMB3: EBADF/EIO errors in rename/open caused by race condition
  in smb2_compound_op (bsc#1190317).
- commit 1850f8f
- cifs: use correct lock type in cifs_reconnect() (bsc#1190317).
- commit a9f06fa
- cifs: fix NULL ptr dereference in refresh_mounts()
  (bsc#1190317).
- commit 67eb87c
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1190317).
- commit 60e64c6
- cifs: verify that tcon is valid before dereference in
  cifs_kill_sb (bsc#1190317).
- commit 2548aaa
- cifs: potential buffer overflow in handling symlinks
  (bsc#1190317).
- commit 4a3401c
- cifs: Split the smb3_add_credits tracepoint (bsc#1190317).
- commit a7766a9
- cifs: release cached dentries only if mount is complete
  (bsc#1190317).
- commit 0e4cc46
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1190317).
- commit 396d99d
- cifs: remove check of list iterator against head past the loop
  body (bsc#1190317).
- commit 53771a6
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
  (bsc#1190317).
- commit 4dc7010
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
  (bsc#1190317).
- commit d9eafa4
- ceph: don't truncate file in atomic_open (bsc#1202830).
- commit 5d95105
- cifs: change smb2_query_info_compound to use a cached fid,
  if available (bsc#1190317).
- commit 8153d9b
- cifs: convert the path to utf16 in smb2_query_info_compound
  (bsc#1190317).
- commit feab50e
- cifs: we do not need a spinlock around the tree access during
  umount (bsc#1190317).
- commit 3cf620b
- cifs: fix handlecache and multiuser (bsc#1190317).
- commit 61380d0
- Backport causes crashes on all arches so revert the patch until
  I find the root cause
- commit 83c44b2
- cifs: modefromsids must add an ACE for authenticated users
  (bsc#1190317).
- commit 33643f3
- cifs: fix double free race when mount fails in cifs_get_root()
  (bsc#1190317).
- commit 96ae468
- cifs: do not use uninitialized data in the owner/group sid
  (bsc#1190317).
- commit dd406c0
- cifs: fix set of group SID via NTSD xattrs (bsc#1190317).
- commit 063a3b9
- cifs: mark sessions for reconnection in helper function
  (bsc#1190317).
- commit 145a355
- Fix a warning about a malformed kernel doc comment in cifs
  (bsc#1190317).
- commit 5777710
- check sk_peer_cred pointer before put_cred() call
- commit 78087f4
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
  path is empty (bsc#1190317).
- commit 11e7725
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
  bsc#1202672).
- commit 743f12e
- net: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit c37013b
- Drop the unused function after porting on 4.12
- commit a8cf8a3
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
  functions (git-fixes).
- commit 977d6ab
- blacklist.conf: update blacklist
- commit 185c40c
- mvpp2: fix panic on module removal (git-fixes).
- commit 7f3079c
- mvpp2: refactor the HW checksum setup (git-fixes).
- commit 8ea5b04
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- commit 10e6082
- net/mlx5e: Use the inner headers to determine tc/pedit offload
  limitation on decap flows (git-fixes).
- commit 9697304
- blacklist.conf: update blacklist
- commit 46ff3d0
- fuse: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit cb0be42
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit cfbed38
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit 851ec16
- tracing/uprobes: Check the return value of kstrdup() for
  tu->filename (git-fixes).
- commit 8dca833
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF
  tracing (git-fixes).
- commit 7aa1321
- xprtrdma: Fix trace point use-after-free race (git-fixes).
- commit a8b511a
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- commit 2512414
- tracing/perf: Use strndup_user() instead of buggy open-coded
  version (git-fixes).
- commit f7c4f1b
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1190317).
- commit 2dd27f0
- cifs: move superblock magic defitions to magic.h (bsc#1190317).
- commit ec6873e
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
  (bsc#1190317).
- commit c2c268e
- cifs: sanitize multiple delimiters in prepath (bsc#1190317).
- commit f5d8a69
- cifs: fix ntlmssp auth when there is no key exchange
  (bsc#1190317).
- commit 0965ebd
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- commit ea690c7
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- commit 73ad842
- usb: misc: fix improper handling of refcount in uss720_probe()
  (git-fixes).
- commit 7d782ba
- Revert "/USB: xhci: fix U1/U2 handling for hardware with
  XHCI_INTEL_HOST quirk set"/ (git-fixes).
- commit 7bb63b3
- blacklist.conf: cleanup designed to break kABI
- commit d77a5a8
- blacklist.conf: cleanup on a minor driver that would require a kABI fixup
- commit 4b84bde
- blacklist.conf: optimization on a minor driver that would require a kABI fixup
- commit ab46ac0
- blacklist.conf: driver only introduced in v4.14
- commit c8efaee
- blacklist.conf: for an architecture unsupported on SLE12
- commit e27f3be
- blacklist.conf: irrelevant in our config
- commit cca8fdf
- blacklist.conf: subsystem the patch is for is introduced only in v4.13
- commit 94d5cd2
- squashfs: add more sanity checks in id lookup (git-fixes).
- commit 0993c72
- squashfs: add more sanity checks in inode lookup (git-fixes).
- commit 5e5b6f8
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- commit acc3d9a
- phy: tegra: fix device-tree node lookups (git-fixes).
- commit 8650336
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit f2d03b6
- blacklist.conf: very likely to cause regressions
- commit 857d8cc
- powerpc/xive: Fix refcount leak in xive_get_max_prio
  (fate#322438 git-fixess).
- commit 6f2e0e1
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit ccc3683
- powerpc: define get_cycles macro for arch-override
  (bsc#1065729).
- commit db10d90
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit c398028
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
  (CVE-2022-2588 bsc#1202096).
- commit 05c19f7
- KVM: PPC: Book3S HV: Context tracking exit guest context before
  enabling irqs (bsc#1065729).
- commit d7f9277
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit 2e356ce
- blacklist.conf: later reverted upstream
- commit a099951
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 202a421
- Revert "/r8152: adjust the settings about MAC clock speed down
  for RTL8153"/ (git-fixes).
- commit 893a9a7
- MyBS: Avoid lock recursion in certificate check
  SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
  CA certificate as the SSL trust root.
  Check that the error is caused by bad certificate, and don't handle
  other errors so that users can see authentication errors correctly.
  Also unlock the cookie storage in case the problem is resolved with
  using the built-in certificate.
- commit 21d6a61
- net: usb: lan78xx: Connect PHY before registering MAC
  (git-fixes).
- commit d406530
- blacklist.conf: misattributed
- commit 113cb73
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
  ZDI-CAN-17325).
- commit 30cd9be
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit ea9c6cd
- MyBS: Save hoarded cookies to disk
  The performance of the OBS SSH authentication system is very bad, and
  can be overwhelmed by about 1 authentication/s.
  With osc saving cookies to disk this is not seen as problem.
  Saving cookies to disk in MyBS should work around the authentication
  system performance problem until it's resolved.
  The design ensures that processes competing for authentication use the
  same cookie once one become available rether than authenticating
  independently, overwhelming the authentication service.
  - Reading cookie file is lockless, file update atomic with mv
  - Requesting auth & writing out obtained cookie is locked
  - To be able to break stale lock the lockfile is empty, cookie is saved
  to a separate tmeporary file
  Cookie file contains the whole Set-Cookie header content. It would be
  possible to add support for multiple cookies but OBS only ever sets one
  cookie so multiple cookies are not supported.
- commit 37ed7ba
- ext4: make sure ext4_append() always allocates new block
  (bsc#1198577 CVE-2022-1184).
- commit bc8c541
- ext4: check if directory block is within i_size (bsc#1198577
  CVE-2022-1184).
- commit b9efa04
- ext4: Fix check for block being out of directory size
  (bsc#1198577 CVE-2022-1184).
- commit be40637
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1202528).
- commit e115339
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- commit f4a62aa
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- commit bfdf1f9
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking (bsc#1202528).
- commit a4caa5b
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- commit eedfc1d
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- commit 0d074a5
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc (bsc#1202528).
- commit 83cf4e8
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- commit b1b7482
- Fix releasing of old bundles in xfrm_bundle_lookup()
  (bsc#1201264 bsc#1190397 bsc#1199617).
- commit bc50d6c
- btrfs: include delalloc related info in dump space info tracepoint (bsc#1202528).
- commit 41ed5ae
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- commit 7ff1a2f
- cxgb4vf: update kernel-doc line comments (git-fixes).
- commit 86bb074
- cxgb4: update kernel-doc line comments (git-fixes).
- commit 54c720b
- cxgb4: fix endian conversions for L4 ports in filters
  (git-fixes).
- commit aa42e53
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- commit dc23e3b
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- commit b83d2bf
- blacklist.conf: update blacklist
- commit 8032df7
- blacklist.conf: update blacklist
- commit aea5602
- btrfs: rip out btrfs_space_info::total_bytes_pinned  (bsc#1202528).
- Delete
  patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit 354153b
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- commit 68811a9
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1202528).
- commit d9b864b
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- commit a73dbd4
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- commit 60db43c
- btrfs: rip out may_commit_transaction (bsc#1202528).
- Refresh
  patches.suse/btrfs-handle-preemptive-delalloc-flushing-slightly-differently.patch.
- commit c5ab5f9
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt (bsc#1202528).
- Refresh
  patches.suse/btrfs-only-ignore-delalloc-if-delalloc-is-much-smaller-than-ordered.patch.
- commit 59f31f6
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1202528).
- commit f7a119e
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1202528).
- commit 9a30ad9
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1202528).
- commit a265556
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1202528).
- commit b31d6c3
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1202528).
- commit fbc80a6
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- commit db608fb
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- commit 8aab0b2
- btrfs: Convert fs_info->free_chunk_space to atomic64_t  (bsc#1202528).
- Refresh
  patches.suse/0006-btrfs-move-and-export-can_overcommit.patch.
- Refresh
  patches.suse/0020-btrfs-do-not-account-global-reserve-in-can_overcommit.patch.
- Refresh
  patches.suse/Btrfs-fix-race-between-adding-and-putting-tree-mod-s.patch.
- Refresh
  patches.suse/btrfs-ensure-replaced-device-doesn-t-have-pending-chunk-allocation.patch.
- Refresh
  patches.suse/btrfs-fix-btrfs_calc_reclaim_metadata_size-calculation.patch.
- commit f88ccad
- net/mlx5: Clear LAG notifier pointer after unregister
  (git-fixes).
- commit d878d7c
- net: dsa: mt7530: Change the LINK bit to reflect the link status
  (git-fixes).
- commit ece75a8
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC
  pressure (git-fixes).
- commit 8794a66
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- commit 9d72e43
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- commit 3faa94c
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1202528).
- commit 9bb464a
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- commit dfed983
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- commit fa5b783
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- commit ed57e7f
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- commit 99a8046
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- commit efb656d
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- commit f95c0ae
- btrfs: improve preemptive background space flushing (bsc#1202528).
- commit 951dafe
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- commit f16f950
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- commit ac2920d
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1202528).
- commit 5a1a4e8
- ata: libata: add qc->flags in ata_qc_complete_template
  tracepoint (git-fixes).
- commit 8897145
- blacklist.conf: not-relevant cleanups for drivers/char/random
- commit 4551df9
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
  stale pointer (git-fixes).
- commit 8449873
- MyBS: Only send authorization when out of cookies
- commit 0e13567
- MyBS: Hoard cookies
- commit f84b974
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
  (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
  (git-fixes).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
  (git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX
  (git-fixes).
- commit ce1e4d8
- MyBS: Add OBS SSH key support
- commit 2992b24
- kabi/severities: add mlx5 internal symbols
- commit 8c6dd4b
- net: ll_temac: Add more error handling of dma_map_single()
  calls (git-fixes).
- commit af7573f
- net: ll_temac: Fix support for little-endian platforms
  (git-fixes).
- Refresh
  patches.suse/net-ll_temac-Fix-race-condition-causing-TX-hang.patch.
- commit 12402e7
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- commit 5bf9adc
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- commit 5222049
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq
  for drop profiles (git-fixes).
- commit e2d5d61
- net: emaclite: Simplify if-else statements (git-fixes).
- commit 43fe9bd
- net/mlx5: Fix auto group size calculation (git-fixes).
- commit f65c99f
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- commit 717b8ab
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
  We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
  The type test and print line are the same for both cases. The usrmerged
  case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
  in xfrm_bundle_lookup() (bsc#1201948 CVE-2022-36879).
- commit 6a240fe
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
  (CVE-2022-20368 bsc#1202346).
- commit bcc8988
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
  across ioctls (bsc#1202347 CVE-2022-20369).
- commit 0cf8c8f
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- commit 832ae90
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- commit 10f3936
- Update metadata references
- commit 7183678
- md/bitmap: don't set sb values if can't pass sanity check
  (bsc#1197158).
- commit 34e4bcc
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
  CVE-2022-26373).
- commit a207cec
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
  CVE-2022-26373).
- commit 30ef9f9
- Move kABI patches to kABI section.
- commit a80bab0
- powerpc: powernv: kABI: add back powernv_get_random_long
  (bsc#1065729).
- commit 3080872
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
  (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
  later in boot (bsc#1065729).
- commit 869d405
- md-raid: destroy the bitmap after destroying the thread
  (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- pNFS: Don't keep retrying if the server replied
  NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- commit 3bc259d
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
  (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit 42e06ba
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP
  (bsc#1120716).
- commit ce36184
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
  (bsc#1065729).
- powerpc/powernv: Use darn instruction for get_random_seed()
  on Power9 (bsc#1065729).
- commit 4e67aee
- xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
- commit 9ad699f
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit a44d410
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1201726
  CVE-2022-26373).
- commit 8e898cd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  (bsc#1201726 CVE-2022-26373).
- commit 9388584
- net/sched: cls_u32: fix netns refcount changes in u32_change()
  (CVE-2022-29581 bsc#1199665).
- commit 944805b
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
  bsc#1202154).
- commit 0d36370
- ipv4: avoid using shared IP generator for connected sockets
  (CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
  bsc#1196616).
- commit df5e606
- blacklist.conf: Relatively high risk of unexpected performance change
- commit 58f819d
- blacklist.conf: Many dependencies with relatively high risk of unexpected performance change
- commit 56dc959
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- xfs: always free inline data before resetting inode fork during
  ifree (bsc#1202017).
- commit 89a46fc
- blacklist.conf: remove 98c4f78dcdd8 from blacklist
  This is a required fix, as 43518812d2 was backported.
- commit 62ac6c4
- blacklist.conf: Add fadump commits introducing boot_mem_top
  bec53196adf4 powerpc/fadump: add support to preserve crash data on FADUMP disabled kernel
  7dee93a9a880 powerpc/fadump: support holes in kernel boot memory area
  The current fadump code in 4.12 kernel does not support bootmem holes.
  If these commits are backported the current backports need review for
  use of boot_memory_size instead of boot_mem_top
- commit 66afc75
- powerpc/fadump: fix PT_LOAD segment for boot memory area
  (bsc#1103269 ltc#169948 git-fixes).
- powerpc/fadump: make crash memory ranges array allocation
  generic (bsc#1103269 ltc#169948 git-fixes).
- Refresh patches.suse/powerpc-fadump-fix-race-between-pstore-write-and-fad.patch
- commit 2607c5c
- blacklist.conf: Append 'drm/amdgpu/acp: Make PM domain really work'
- commit 5d0cbbf
- blacklist.conf: Append 'drm: mxsfb: Clear FIFO_CLEAR bit'
- commit a9d2273
- blacklist.conf: Append 'drm: mxsfb: Increase number of outstanding requests on V4 and newer HW'
- commit eb95663
- blacklist.conf: Append 'drm: mxsfb: Enable recovery on underflow'
- commit 5c872c1
- blacklist.conf: Append 'drm/i915/display: Fix the 12 BPC bits for PIPE_MISC reg'
- commit 9af6ddf
- blacklist.conf: Append 'drm/radeon: Fix off-by-one power_state index heap overwrite'
- commit 0f57ec5
- blacklist.conf: Append 'drm/radeon: Avoid power table parsing memory leaks'
- commit 2212d5c
- blacklist.conf: Append 'amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create'
- commit 6d1e3d5
- blacklist.conf: Append 'drm/radeon: Fix a missing check bug in radeon_dp_mst_detect()'
- commit 5ae4891
- blacklist.conf: Append 'Fix misc new gcc warnings'
- commit ba680f8
- blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4'
- commit 6465ff9
- blacklist.conf: Append 'drm/amdgpu: check alignment on CPU page for bo map'
- commit 11881ba
- blacklist.conf: Append 'drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()'
- commit 06bd647
- blacklist.conf: Append 'drm/i915: Fix the GT fence revocation runtime PM logic'
- commit 278dbb6
- blacklist.conf: Append 'drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence'
- commit 46e7a2f
- blacklist.conf: Append 'drm/i915/dp: Track pm_qos per connector'
- commit 1a3ef34
- blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies'
- commit e361acc
- blacklist.conf: Append 'drm/i915/gem: Avoid implicit vmap for highmem on x86-32'
- commit f730816
- blacklist.conf: Append 'drm/dp_mst: Kill the second sideband tx slot, save the world'
- commit ee6a373
- blacklist.conf: Append 'drm: mst: Fix query_payload ack reply struct'
- commit 9b06dd2
- blacklist.conf: Append 'drm/i915/gen8+: Add RC6 CTX corruption WA'
- commit 7617aa6
- blacklist.conf: Append 'make 'user_access_begin()' do 'access_ok()''
- commit 36185b4
- lkdtm: Disable return thunks in rodata.c (bsc#1114648).
- commit 1db863b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1114648).
- commit c693b03
- blacklist.conf: Add ppc numa commits
  e75130f20b1f powerpc/numa: Offline memoryless cpuless node 0
  10f78fd0dabb powerpc/numa: Fix a regression on memoryless node 0
- commit f94fd1c
- KVM: emulate: do not adjust size of fastop and setcc subroutines
  (bsc#1201930).
- commit 7c39b90
- kvm/emulate: Fix SETcc emulation function offsets with SLS
  (bsc#1201930).
- commit 0c004d2
- netfilter: nf_queue: do not allow packet truncation below
  transport header offset (bsc#1201940 CVE-2022-36946).
- commit 06aa700
- latent_entropy: avoid build error when plugin cflags are not
  set (git-fixes).
- Refresh patches.suse/fdt-add-support-for-rng-seed.patch.
- commit 66e3bae
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
  explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
  (git-fixes).
- random: always fill buffer in get_random_bytes_wait (git-fixes).
- commit 4bf323f
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201651).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
  (bsc#1201651).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201651).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201651).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1201651).
- scsi: qla2xxx: Zero undefined mailbox IN registers
  (bsc#1201651).
- scsi: qla2xxx: Fix incorrect display of max frame size
  (bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
  (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201958).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
  injection (bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
  with I/Os (bsc#1201958).
  Refresh:
  - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
  (bsc#1201958).
- scsi: qla2xxx: Fix losing target when it reappears during delete
  (bsc#1201958).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
  tests (bsc#1201958).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
  timeouts (bsc#1201958).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
  (bsc#1201958).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201958).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
  (bsc#1201958).
- scsi: qla2xxx: Fix excessive I/O error messages by default
  (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201958).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201958).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201958).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
  (bsc#1201958).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
  (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
  (bsc#1201958).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
  (bsc#1201958).
- scsi: qla2xxx: edif: Remove old doorbell interface
  (bsc#1201958).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
  (bsc#1201958).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
  authentication application (bsc#1201958).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
  (bsc#1201958).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
  (bsc#1201958).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
  (bsc#1201958).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201958).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
  (bsc#1201958).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
  (bsc#1201958).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
  (bsc#1201958).
- commit a8936d6
- Drop qla2xxx patch which prevented nvme port discovery
  (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
  Upstream fixed the problem by reverting the offending commit.
  Delete:
  - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 452db23
- scsi: lpfc: Address NULL pointer dereference after
  starget_to_rport() (git-fixes).
- commit 996de99
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit 5f1b81f
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit 8656e81
- net: xilinx_emaclite: Do not print real IOMEM pointer
  (git-fixes).
- commit 1032862
- mvpp2: suppress warning (git-fixes).
- commit 163d5b9
- net: ethernet: fix potential use-after-free in ec_bhf_remove
  (git-fixes).
- commit 08e620e
- net: hamradio: fix memory leak in mkiss_close (git-fixes).
- commit d5b5550
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 4e39a7a
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
  (git-fixes).
- commit 5a1c833
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
  (git-fixes).
- commit 70491b7
- net: stmmac: dwmac1000: Fix extended MAC address registers
  definition (git-fixes).
- commit 0a365bd
- net: mdio: octeon: Fix some double free issues (git-fixes).
- commit 770566f
- net: mdio: thunder: Fix a double free issue in the .remove
  function (git-fixes).
- commit 77a03ff
- net: fec: fix the potential memory leak in fec_enet_init()
  (git-fixes).
- commit 3c37ef9
- net: fec: check DMA addressing limitations (git-fixes).
- commit 994eea1
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
  (git-fixes).
- commit c9228da
- net: stmmac: fix incorrect DMA channel intr enable setting of
  EQoS v4.10 (git-fixes).
- commit 2b936dd
- Refresh
  patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c149c1b
- Remove our homegrown IBRS implementation
  ... now that there's an upstream version.
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Delete
  patches.suse/x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch.
- Delete
  patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Delete
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Delete
  patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete
  patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- commit 7278759
- media: saa7146: mxb: Fix a NULL pointer dereference in
  mxb_attach() (git-fixes).
- commit d6ee03c
- media: dib8000: Fix a memleak in dib8000_init() (git-fixes).
- commit 2128de3
- media: uvcvideo: fix division by zero at stream start
  (git-fixes).
- commit 24c7763
- blacklist.conf: cleanup breaking kABI by renames
- commit 112598f
- blacklist.conf: cleanup breaking kABI by renames
- commit 25ac149
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
  (git-fixes).
- commit 945069e
- blacklist.conf: misattributed patch
- commit 379c546
- bnxt_en: Re-write PCI BARs after PCI fatal error (git-fixes).
- commit 3e6c035
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- commit acd09d7
- net: macb: mark device wake capable when "/magic-packet"/
  property present (git-fixes).
- commit 674240e
- net/sonic: Fix a resource leak in an error handling path in
  'jazz_sonic_probe()' (git-fixes).
- commit 0674aaf
- vrf: Fix IPv6 with qdisc and xfrm (git-fixes).
- commit 0a2458c
- net: stmmac: dwmac1000: Disable ACS if enhanced descs are not
  used (git-fixes).
- commit 2e76107
- net: stmmac: Fix misuses of GENMASK macro (git-fixes).
- commit fc6700d
- kABI workaround for including mm.h in fs/sysfs/file.c
  (bsc#1200598 CVE-2022-20166).
- commit fe1fe6b
- blacklist.conf: update blacklist
- commit ae741a4
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
  sysfs_emit (bsc#1200598 CVE-2022-20166).
- commit 3d23964
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
  CVE-2022-20166).
- commit c8e2e5b
- drivers core: Remove strcat uses around sysfs_emit and neaten
  (bsc#1200598 CVE-2022-20166).
- commit 5cd9512
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
  * ...) functions (bsc#1200598 CVE-2022-20166).
- commit 7554520
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
  (bsc#1200598 CVE-2022-20166).
- commit c5a70d7
- cxgb3/l2t: Fix undefined behaviour (git-fixes).
- commit 8076d39
- kabi/severities: add cxgb3 network driver
- commit 3a6a137
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit 5efdb64
- Sort in RETbleed backport into the sorted section
  Now that it is upstream...
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh
  patches.suse/sched-topology-Improve-load-balancing-on-AMD-EPYC.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
  patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
  patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
  patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
  patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh
  patches.suse/x86-cpu-add-a-steppings-field-to-struct-x86_cpu_id.patch.
- Refresh
  patches.suse/x86-cpu-add-table-argument-to-cpu_matches.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
  patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
  patches.suse/x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
  patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh
  patches.suse/x86-microcode-amd-increase-microcode-patch_max_size.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
  patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
  patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
  patches.suse/x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Refresh
  patches.suse/x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
  patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
  patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
  patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
  patches.suse/x86-speculation-add-special-register-buffer-data-sampling-srbds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-srbds-vulnerability-and-mitigation-documentation.patch.
- Refresh
  patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch.
- Refresh
  patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
  patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- commit d06c642
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
  for migration (bsc#1201610).
- commit 674875f
- random: fix crash on multiple early calls to (git-fixes)
- commit cf465a0
- vt: vt_ioctl: fix race in VT_RESIZEX (bsc#1200910
  CVE-2020-36558).
- commit 3c76a1f
- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
  (bsc#1201429 CVE-2020-36557).
- commit f15e18d
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-no.patch.
- commit 7e31757
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit 704434f
- Refresh patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch
  Fix the build error due to missing is_console_locked()
- commit 39e2064
- Delete patches.suse/IBRS-forbid-shooting-in-foot.patch.
  Backported upstream commit
  7c693f54c873 ("/x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS"/)
  already takes care of that.
- commit e4bbbc2
- fbmem: Check virtual screen sizes in fb_set_var()
  (CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
  (CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
  (CVE-2021-33655 bsc#1201635).
- commit c1a0922
- Delete patches.suse/x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch.
  Superceded by the upstream version
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch
- commit 5309cbd
- blacklist.conf: add a few patches
- commit cf91d33
- serial: mvebu-uart: correctly report configured baudrate value
  (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
  of_alias_get_id and ida_simple_get (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
  (git-fixes).
- fsl_lpuart: Don't enable interrupts too early (git-fixes).
- arch_topology: Do not set llc_sibling if llc_id is invalid
  (git-fixes).
- net: dpaa2-eth: fix use-after-free in dpaa2_eth_remove
  (git-fixes).
- commit 4567918
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit c9dc552
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 08341d7
- blacklist.conf: cosmetic fix
- commit 5ba3d81
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- commit 346b0d8
- blacklist.conf: adds an uevent user space is not ready for
- commit 6ac2a70
- usbnet: fix memory leak in error case (git-fixes).
- commit f3b6abf
- usbnet: fix memory allocation in helpers.
- commit 9363858
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
  rx queue (bsc#1201381).
- commit 334fe0b
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- commit 6824fa5
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 1dda89e
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
  Dwarves 1.22 or newer is required to build kernels with BTF information
  embedded in modules.
- commit ee19e9d
- pty: do tty_flip_buffer_push without port->lock in pty_write
  (bsc#1198829 CVE-2022-1462).
- commit c0b9f34
- tty: use new tty_insert_flip_string_and_push_buffer() in
  pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit 1b70eb4
- dm mirror log: round up region bitmap size to BITS_PER_LONG
  (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
  (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
  (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
  (git-fixes).
- blk-cgroup: synchronize blkg creation against policy
  deactivation (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
  (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
  (git-fixes).
- blk-zoned: allow zone management send operations without
  CAP_SYS_ADMIN (git-fixes).
- lib/hexdump.c: return -EINVAL in case of error in hex2bin()
  (git-fixes).
- commit 4cd1fd7
- blacklist.conf: Update for git-fixes
- commit e740cc0
- net: ll_temac: Fix TX BD buffer overwrite (git-fixes).
- commit 1ff015f
- net: ll_temac: Fix race condition causing TX hang (git-fixes).
- commit 0c73d92
- net: ll_temac: Fix bug causing buffer descriptor overrun
  (git-fixes).
- commit 2fe2e0f
- net: stmmac: fix missing IFF_MULTICAST check in
  dwmac4_set_filter (git-fixes).
- commit 075d2fd
- bnxt_en: Remove the setting of dev_port (git-fixes).
- commit 1fccfbd
- blacklist.conf: update
- commit d2fcee3
- Refresh
  patches.suse/v5-0001-crypto-DRBG-add-FIPS-140-2-CTRNG-for-noise-source.patch.
  A modified version of the patch did make it mainline. Detected by git-fixes.
- commit 9eec360
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 2a23102
- Revert "/net/mlx5: Fix auto group size calculation (git-fixes)."/
  This reverts commit b079f3521c00edccd6945f2e30562a049f4e8875.
  I have to be sure that it's safe to modify mlx5 (KABI breakage)
- commit 0f9878e
- Revert "/net/mlx5e: Replace reciprocal_scale in TX select queue function"/
  This reverts commit d5b41e7c4ddab05e45b493d6b8ed03c1b40281a0.
  I have to be sure that it's safe to modify mlx5
- commit 37c02b5
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b5316fa
- CVE Mitigation for CVE-2022-29900 and CVE-2022-29901
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 594c7f1
- ibmvnic: Properly dispose of all skbs during a failover
  (bsc#1200925).
- commit 0f02acf
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 8e56414
- KVM: x86: Trace the original requested CPUID function in
  kvm_cpuid() (git-fixes).
- commit ca28b57
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 0f78721
- x86/common: Stamp out the stepping madness (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit ef0778a
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit cce4286
- x86/speculation: Use cached host SPEC_CTRL value for guest
  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit bd05ee9
- x86/speculation: Fix SPEC_CTRL write on SMT state change
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 6c7f2f9
- x86/speculation: Fix firmware entry SPEC_CTRL handling
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 3a4c15c
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 739064a
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
  (git-fixes).
- commit 75c6284
- blacklist.conf: exclusive to an unsupported architecture
- commit 2b062b1
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking
  (git-fixes).
- commit 66d1de0
- Input: elan_i2c - fix regulator enable count imbalance after
  suspend/resume (git-fixes).
- commit 8dddf8b
- Input: elan_i2c - move regulator_[en|dis]able() out of
  elan_[en|dis]able_power() (git-fixes).
- commit bdb6893
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit ce4a75d
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b64e2f2
- intel_idle: Disable IBRS during long idle (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 24132fd
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 98205eb
- x86/bugs: Split spectre_v2_select_mitigation() and
  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 899b6e2
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit c97dcea
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 2807530
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 6c366af
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 5b948ee
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 4af828d
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit d021246
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 25b1e2a
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit c23e13d
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 24e2d3e
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit a639386
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit a624aee
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit bfe5a3a
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 6905344
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 41db50f
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit f1df027
- x86: Add straight-line-speculation mitigation (bsc#1201050
  CVE-2021-26341).
- Update config files.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit b67585f
- x86: Prepare inline-asm for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit a53fbef
- x86: Prepare asm files for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit 3593ddf
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
  CVE-2021-26341).
- commit fa24b57
- net: Rename and export copy_skb_header (bsc#1200762,
  CVE-2022-33741, XSA-403).
- commit 5e3ad99
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
  bsc#1201251).
- commit 6ad5c1f
- xen/netfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33741, XSA-403).
- commit 459e62a
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-33740, XSA-403).
- commit b225a00
- xen/blkfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33742, XSA-403).
- commit 8bcc9cd
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-26365, XSA-403).
- commit f3412de
- scripts/sequence-patch.sh: create sub-function apply_one_patch()
  Carve out the main functionality of applying a single patch from
  apply_patches() into a sub-function.
- commit f24575e
- scripts/sequence-patch.sh: let "/--fast"/, "/--rapid"/ and "/"/ behave consistently
  Today scripts/sequence-patch.sh will stop before applying a patch when
  being called with "/--fast"/ or "/--rapid"/ and a patch name, while it will
  apply the named patch when being called without "/--fast"/ or "/--rapid"/.
  Change that by letting apply_patches() use the PATCHES_BEFORE[] and
  PATCHES_AFTER[] arrays as apply_rapid_patches() and
  apply_fast_patches() are doing already.
  In order to keep the capability to single step through the remaining
  patches add a function for that purpose.
- commit 134d511
- blacklist.conf: not relevant in the configs of SLE12
- commit 7a87c74
- USB: serial: option: add Quectel BG95 modem (git-fixes).
- commit c1672b3
- PCI/ACPI: Allow D3 only if Root Port can signal and wake from D3
  (git-fixes).
- commit 4822675
- blacklist.conf: update
- commit 9b0cda8
- bnxt_en: Remove the setting of dev_port (git-fixes).
- commit b4944bb
- blacklist.conf: update
- commit b981815
- bonding: fix bond_neigh_init() (git-fixes).
- commit bd377d1
- net/mlx5: Fix auto group size calculation (git-fixes).
- commit b079f35
- net/mlx5e: Replace reciprocal_scale in TX select queue function
  (git-fixes).
- commit d5b41e7
- net/mlx5: Avoid double free of root ns in the error flow path
  (git-fixes).
- commit 847972f
- net: stmmac: update rx tail pointer register to fix rx dma
  hang issue (git-fixes).
- commit d50f8cc
- blacklist.conf: update
- commit 6b42a65
- net/mlx5e: Switch to Toeplitz RSS hash by default (git-fixes).
- commit cc111a8
- blacklist.conf: update
- commit def294a
- audit: fix a race condition with the auditd tracking code
  (bsc#1197170).
- commit fb844f5
- Update metadata references
- commit 9f48d7c
- Refresh
  patches.suse/msft-hv-2588-PCI-hv-Do-not-set-PCI_COMMAND_MEMORY-to-reduce-VM-bo.patch.
  Fix a build warning.
- commit 539b424
- md: bcache: check the return value of kzalloc() in
  detached_dev_do_request() (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
  sizes (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
  crypt_page_alloc() (git-fixes).
- commit 7b5f638
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
  bsc#1200599).
- commit c46afe6
- sctp: use call_rcu to free endpoint (CVE-2022-20154 bsc#1200599).
- commit 3cb182d
- scripts/tar-up.sh: Detect untracked changes to rpm directory.
- commit bd49209
- ext4: make variable "/count"/ signed (bsc#1200820).
- commit 0ad871f
- writeback: Fix inode->i_io_list not be protected by
  inode->i_lock error (bsc#1200821).
- commit b9b0ac9
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
  patches.suse/vfs-add-super_operations-get_inode_dev: Refresh
- commit b58cf61
- blacklist.conf: Blacklist 623af4f538b5, 14362a254179, e730558adffb
- commit 2c2fce2
- blacklist.conf: Blacklist e583b5c472bd
- commit d532d93
- iomap: iomap_write_failed fix (bsc#1200829).
- commit fe41db9
- fs-writeback: writeback_sb_inodes Recalculate 'wrote' according skipped pages
  (bsc#1200873).
- commit 32bf312
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- commit e785aa5
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- commit cd7168a
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 6d17248
- blacklist.conf: Blacklist cb8435dc8ba3
- commit b518aff
- ext4: fix race condition between ext4_write and
  ext4_convert_inline_data (bsc#1200807).
- commit 514183b
- ext4: fix use-after-free in ext4_rename_dir_prepare
  (bsc#1200871).
- commit 895fa7d
- ext4: force overhead calculation if the s_overhead_cluster
  makes no sense (bsc#1200870).
- commit 0291865
- ext4: fix overhead calculation to account for the reserved
  gdt blocks (bsc#1200869).
- commit 5d9af1f
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
  (bsc#1200806).
- commit 490eab5
- ext4: fix symlink file size not match to file content
  (bsc#1200868).
- commit c9b8c45
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- commit 7ed9bdf
- writeback: Avoid skipping inode writeback (bsc#1200813).
- commit 0cccfea
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
  Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
  universally for now) added two new compiler-dependent configs:
  * CC_NO_ARRAY_BOUNDS
  * GCC12_NO_ARRAY_BOUNDS
  Ignore them -- they are unset by dummy tools (they depend on gcc version
  == 12), but set as needed during real compilation.
- commit a14607c
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
  bsc#1199487).
- commit 2c5abda
- Update series.conf
- commit 3724c0a
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 22a9ddc
- powerpc/perf: Fix the threshold compare group constraint for
  power9 (bsc#1065729).
- powerpc/idle: Fix return value of __setup() handler
  (bsc#1065729).
- commit 9f37a25
- md/raid0: Ignore RAID0 layout if the second zone has only one
  device (git-fixes).
- commit 4cc9ba2
- tcp: drop the hash_32() part from the index calculation
  (CVE-2022-1012 bsc#1199482).
- tcp: increase source port perturb table to 2^16 (CVE-2022-1012
  bsc#1199482).
- tcp: dynamically allocate the perturb table used by source ports
  (CVE-2022-1012 bsc#1199482).
  Refresh patches.kabi/tcp-fix-race-condition-when-creating-child-sockets-from-syncookies-kABI-fix.patch
- tcp: add small random increments to the source port
  (CVE-2022-1012 bsc#1199482).
- tcp: resalt the secret every 10 seconds (CVE-2022-1012
  bsc#1199482).
  Refresh patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
- tcp: use different parts of the port_offset for index and offset
  (CVE-2022-1012 bsc#1199482).
- kabi: return type change of secure_ipv_port_ephemeral()
  (CVE-2022-1012 bsc#1199482).
- secure_seq: use the 64 bits of the siphash for port offset
  calculation (CVE-2022-1012 bsc#1199482).
- commit 8d93613
- exec: Force single empty string when argv is empty
  (bsc#1200571).
- commit 4ee3bdd
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null
  buffer address (bsc#1200343 ltc#198477).
- commit 1848f62
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- s390/mm: fix VMA and page table handling code in storage key
  handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions
  (git-fixes).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
  in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/ftrace: fix ftrace_update_ftrace_func implementation
  (git-fixes).
- mm: add vma_lookup(), update find_vma_intersection() comments
  (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector
  packed decimal facility (git-fixes).
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- commit 29454c7
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
  (CVE-2022-20132 bsc#1200619).
- HID: check for valid USB device for many HID drivers
  (CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
  detection (CVE-2022-20132 bsc#1200619).
- HID: introduce hid_is_using_ll_driver (CVE-2022-20132
  bsc#1200619).
- commit fb86cdd
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
  CVE-2022-20141).
- commit 5040a6d
- certs: Add EFI_CERT_X509_GUID support for dbx entries
  (bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 3cf594e
- kernel-binary.spec: check s390x vmlinux location
  As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
  startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
  directly into arch/s390/boot. As the specfile is shared among branches,
  check both locations and let objcopy use one that exists.
- commit cd15543
- net: qede: Disable aRFS for NPAR and 100G (git-fixes).
- commit 3550a36
- net: qed: Disable aRFS for NPAR and 100G (git-fixes).
- commit 5318f6c
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- platform/chrome: cros_ec_proto: Send command again when timeout
  occurs (git-fixes).
- commit 4cd9896
- blacklist.conf: optimization, not bugfix, polling mode works
- commit 9425795
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (bsc#1129770)
- commit 2fedb7a
- SUNRPC: Fix the calculation of xdr->end in
  xdr_get_next_encode_buffer() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
  (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing
  (git-fixes).
- commit ae718ea
- usb: musb: Fix missing of_node_put() in omap2430_probe
  (git-fixes).
- commit 3a2cb6a
- USB: storage: karma: fix rio_karma_init return (git-fixes).
- commit 7629407
- usb: usbip: add missing device lock on tweak configuration cmd
  (git-fixes).
- commit dc00497
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- commit 5dbe808
- blacklist.conf: cleanup with extensive prerequisites
- commit a84a222
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
  architectural PMU (git-fixes).
- commit a1252d0
- KVM: x86/emulator: Defer not-present segment check in
  __load_segment_descriptor() (git-fixes).
- commit 99b3a77
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- commit 8e75ed3
- kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
- commit f2e7348
- KVM: x86: Update vCPU's hv_clock before back to guest when
  tsc_offset is adjusted (git-fixes).
- commit 86ddc48
- KVM: x86: Don't force set BSP bit when local APIC is managed
  by userspace (git-fixes).
- commit 57ed1a0
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any
  BSP (git-fixes).
- commit e73c808
- KVM: x86: clflushopt should be treated as a no-op by emulation
  (git-fixes).
- commit c8ffffc
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic
  is hw disabled (git-fixes).
- commit 2e9d5c6
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in
  64-bit mode (git-fixes).
- commit 043f4fa
- kvm: i8254: remove redundant assignment to pointer s
  (git-fixes).
- commit afdf86c
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
  (git-fixes).
- commit 7924673
- KVM: x86: Allocate new rmap and large page tracking when moving
  memslot (git-fixes).
- commit af3a295
- KVM: x86: remove stale comment from struct x86_emulate_ctxt
  (git-fixes).
- commit 4941176
- KVM: x86: clear stale x86_emulate_ctxt->intercept value
  (git-fixes).
- commit eab5f4b
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
  attacks (git-fixes).
- commit 9438453
- KVM: x86: Remove spurious clearing of async #PF MSR (git-fixes).
- commit 7592a55
- KVM: x86: Remove spurious kvm_mmu_unload() from vcpu destruction
  path (git-fixes).
- commit 52b7185
- KVM: x86: Free wbinvd_dirty_mask if vCPU creation fails
  (git-fixes).
- commit c996e8b
- KVM: x86: Fix potential put_fpu() w/o load_fpu() on MPX platform
  (git-fixes).
- commit 9a1420d
- KVM: x86: do not modify masked bits of shared MSRs (git-fixes).
- commit 95ee3f1
- kvm: x86: Improve emulation of CPUID leaves 0BH and 1FH
  (git-fixes).
- commit 562c585
- KVM: x86/mmu: Treat invalid shadow pages as obsolete
  (git-fixes).
- commit 73ee6fe
- KVM: x86: Manually flush collapsible SPTEs only when toggling
  flags (git-fixes).
- commit b8ef0f8
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
  (git-fixes).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: use bdev_alignment_offset instead of
  queue_alignment_offset (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes
  (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- target: remove an incorrect unmap zeroes data deduction
  (git-fixes).
- commit d98a418
- blacklist.conf: add commit not needed
  This commit needs another commmit not present,
  and too large to add.
- commit 3afd40c
- blacklist.conf: add commit that breaks kABI
  This commit just makes the compiler happy, but
  breaks kABI.
- commit e382736
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit 9af4e3a
- tracing: Fix return value of trace_pid_write() (git-fixes).
- commit 0e11fd3
- KVM: x86: set ctxt->have_exception in x86_decode_insn()
  (git-fixes).
- commit dc27a5e
- KVM: x86: always stop emulation on page fault (git-fixes).
- commit e9cd420
- KVM: x86: Manually calculate reserved bits when loading PDPTRS
  (git-fixes).
- commit b1a2cff
- KVM: x86: Unconditionally call x86 ops that are always
  implemented (git-fixes).
  update patches.suse/0005-kvm-x86-mmu-Recovery-of-shattered-NX-large-pages.patch
- commit d42160c
- KVM: x86: Fix x86_decode_insn() return when fetching insn
  bytes fails (git-fixes).
- commit 3ff57f4
- kvm: x86: skip populating logical dest map if apic is not sw
  enabled (git-fixes).
- commit 5dc0bda
- Remove unused variable in fbdev
  Fixes the error shown below.
  ../drivers/video/fbdev/core/fbmem.c: In function 'fb_set_suspend':
  ../drivers/video/fbdev/core/fbmem.c:1904:6: warning: unused variable 'unused' [-Wunused-variable]
- commit e49f9c6
- KVM: nVMX: reset cache/shadows when switching loaded VMCS (git-fixes).
  update patches.suse/kvm-nvmx-move-check_vmentry_postreqs-call-to-nested_vmx_enter_non_root_mode
  update patches.suse/kvm-nvmx-don-t-reread-vmcs-agnostic-state-when-switching-vmcs.patch
  update patches.suse/kvm-nvmx-skip-ibpb-when-switching-between-vmcs01-and-vmcs02.patch
- commit e121eab
- scripts/check-embargoed-bugz: Skip check for the direct to push to *_EMBARGO branch, too
- commit 2553069
- PCI: Tidy comments (git-fixes).
- Refresh
  patches.suse/PCI-AER-Remove-HEST-FIRMWARE_FIRST-parsing-for-AER-o.patch.
- commit e6a6078
- add mainline tag for a pci-hyperv change
- commit 5039771
- netfilter: nf_tables: disallow non-stateful expression in sets
  earlier (bsc#1200015).
- commit 1bb9b5b
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 996513e
- Update metadata references
- commit e2a92b4
- powerpc/xive: Add some error handling code to
  'xive_spapr_init()' (fate#322438 git-fixes).
- commit 4f26eea
- net: sched: fixed barrier to prevent skbuff sticking in qdisc
  backlog (git-fixes).
- commit 1c252cc
- powerpc/numa: Prefer node id queried from vphn (bsc#1199237
  bsc#1200173 ltc#198329).
- commit aa6b831
- powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438
  git-fixes).
- commit e0a7e2f
- NFC: netlink: fix sleep in atomic bug when firmware download
  timeout (CVE-2022-1975 bsc#1200143).
- commit a8211d8
- nfc: replace improper check device_is_registered() in netlink
  related functions (CVE-2022-1974 bsc#1200144).
- commit d539b18
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200045).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200045).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200045).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands
  (bsc#1200045).
- commit 11584e2
- revert scsi: qla2xxx: Changes to support FCP2 Target
  (bsc#1198438).
- commit 6f4a9ff
- lpfc: Set default protocol support to FCP only (bsc#1194124
  bsc#1198899).
- commit 712c9e0
- lpfc: drop driver update 14.2.0.x
  The amount of backport changes necessary for due to the refactoring is
  introducing to much code churn and is likely to introduce regressions.
  This ends the backport effort to keep the lpfc in sync with mainline.
- commit 38e014b
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask (bsc#1061840 git-fixes).
- Refresh patches.suse/powerpc-64s-Remove-POWER9-DD1-support.patch.
- Refresh patches.suse/powerpc-Remove-Power8-DD1-from-cputable.patch.
- commit d40bf50
- usb: dwc3: gadget: Don't send unintended link state change
  (git-fixes).
- commit 2385b45
- series: Resort and update meta data
  Update meta data:
  - patches.suse/powerpc-Enable-the-DAWR-on-POWER9-DD2.3-and-above.patch
  - patches.suse/scsi-fnic-Replace-DMA-mask-of-64-bits-with-47-bits
- commit 27ea8c3
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- commit 415e104
- powerpc/powernv: Get STF barrier requirements from device-tree
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry
  and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- commit e5cd72e
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host
  (git-fixes).
- commit 0a0f653
- blacklist.conf: relevant only if CONFIG_REGULATOR is set
- commit b1bf5bb
- blacklist.conf: adding 40fdea0284bb20, as it requires 8480ed9c2bbd56
    which is not in the SLE12-SP5 kernel
- commit de76d0c
- smp: Fix offline cpu check in flush_smp_call_function_queue()
  (git-fixes).
- commit 9088d9f
- blacklist.conf: add cdb07bdea28e, which is not suitable. It is
    supposed to be a cleanup patch removing a variable never read,
    but this reasoning is wrong in the SLE12-SP5 kernel.
- commit fb2bee4
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- commit ae78266
- PCI / ACPI: Mark expected switch fall-through (git-fixes).
- commit a34b722
- btrfs: extent-tree: kill the BUG_ON() in
  insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 7762823
- btrfs: extent-tree: kill BUG_ON() in  __btrfs_free_extent()
  (CVE-2019-19377 bsc#1158266).
- commit fa0dbe1
- KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 0f0e4c1
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 5415e79
- x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 8723394
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 9f38802
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f7cab5d
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit cc5a89b
- Blacklist some git-fixes for arm32 (stm32 and sun4i)
- commit 3b070b0
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180). - Refresh patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch. - Refresh patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit bb2155d
- crypto: qat - don't cast parameter in bit operations
  (git-fixes).
- crypto: ixp4xx - dma_unmap the correct address (git-fixes).
- crypto: virtio: Fix dest length calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio - deal with unsupported input sizes (git-fixes).
- commit 7fb5389
- x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 5316230
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit bbc94eb
- i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).
- commit fb03aa3
- i40e: always propagate error value in i40e_set_vsi_promisc()
  (git-fixes).
- commit 2566276
- i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc
  (git-fixes).
- commit d2d5567
- i40e: Remove scheduling while atomic possibility (git-fixes).
- commit 3b40ec0
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps
  (git-fixes).
- commit 95721a6
- i40e: Fix virtchnl_queue_select bitmap validation (git-fixes).
- commit 93094b6
- i40e: Refactoring VF MAC filters counting to make more reliable
  (git-fixes).
- commit 02ed711
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- commit 1d0e0bf
- kernel-binary.spec: Support radio selection for debuginfo.
  To disable debuginfo on 5.18 kernel a radio selection needs to be
  switched to a different selection. This requires disabling the currently
  active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- perf: Fix sys_perf_event_open() race against self
  (CVE-2022-1729, bsc#1199507).
- commit fc77f1c
- vxlan: fix memleak of fdb (git-fixes).
- commit 385caa2
- ext4: avoid cycles in directory h-tree (bsc#1198577
  CVE-2022-1184).
- commit ec51c1b
- ext4: verify dir block before splitting it (bsc#1198577
  CVE-2022-1184).
- commit 97bfb10
- USB: serial: qcserial: add support for Sierra Wireless EM7590
  (git-fixes).
- commit 9a26d35
- USB: serial: option: add Fibocom MA510 modem (git-fixes).
- commit 1ba0453
- USB: serial: option: add Fibocom L610 modem (git-fixes).
- commit c12b9bf
- USB: serial: pl2303: add device id for HP LM930 Display
  (git-fixes).
- commit cb3a9ba
- blacklist.conf: no support for gadget mode in SLE12
- commit f8ace79
- ACPI: property: Release subnode properties with data nodes
  (git-fixes).
- commit c063047
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
  (bsc#1065729).
- commit 2da357e
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits
  (bsc#1199631).
- commit e59adf4
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
  ltc#159753).
- powerpc: Remove Power8 DD1 from cputable (bsc#1055117
  ltc#159753).
- Refresh patches.suse/powerpc-64s-Remove-POWER9-DD1-support.patch
- commit 28c0fba
- debug: Lock down kgdb (bsc#1199426 CVE-2022-21499).
- commit 1cd17a0
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
  cpuset_init_smp() (bsc#1199839).
- commit 9b6eecc
- scripts/git_sort/git_sort.py: add driver for-next repo
- commit bd4759e
- crypto: rsa-pkcs1pad - fix buffer overread in
  pkcs1pad_verify_complete() (bsc#1197601).
- commit b5cd00f
- Add dtb-starfive
- commit 85335b1
- KVM: PPC: Propagate errors to the guest when failed instead
  of ignoring (bsc#1061840 git-fixes).
- commit c8989fb
- Update patch reference for ACPI fix (CVE-2017-13695 bsc#1055710)
- commit e74f546
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- commit f0e0eab
- floppy: use a statically allocated error counter (bsc#1199063
  CVE-2022-1652).
- commit 7173277
- Export new inet_ehash_nolisten3 symbol (bsc#1199671)
  Update:
  patches.kabi/tcp-fix-race-condition-when-creating-child-sockets-from-syncookies-kABI-fix.patch
- commit 92e37e7
- media: netup_unidvb: Don't leak SPI master in probe error path
  (git-fixes).
- commit baae2da
- blacklist.conf: extremely intrusive prerequisites
- commit 331d415
- media: vim2m: Remove surplus name initialization (git-fixes).
- commit ff43341
- netfilter: nf_conntrack_tcp: re-init for syn packets only
  (bsc#1199035).
- commit 7f196b5
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp
  options (bsc#1199035).
- commit f94c482
- netfilter: conntrack: re-init state for retransmitted syn-ack
  (bsc#1199035).
- commit dd4faf1
- netfilter: conntrack: move synack init code to helper
  (bsc#1199035).
- commit a34ad9a
- netfilter: conntrack: connection timeout after re-register
  (bsc#1199035).
- commit 84b725c
- blacklist.conf: ("/watchdog: iTCO_wdt: Account for rebooting on second timeout"/)
  Delete
  patches.suse/watchdog-iTCO_wdt-Account-for-rebooting-on-second-ti.patch.
  This change caused a regression on some systems (watchdog firing up
  too fast) and ended up being reverted upstream (bsc#1199526).
- commit 001c898
- blacklist.conf: Add 7d613f9f72ec signal: Remove the bogus sigkill_pending in ptrace_stop
- commit 4730b82
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit a90bbcf
- nfc: nfcmrvl: main: reorder destructive operations in
  nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
  bsc#1199605).
- commit d9ccce0
- SUNRPC: Ensure that the gssproxy client can start in a connected
  state (git-fixes).
- Refresh
  patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch.
- commit e49922d
- Revert "/SUNRPC: Ensure gss-proxy connects on setup"/ (git-fixes).
- Refresh
  patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch.
- commit 7a29594
- btrfs: relocation: Only remove reloc rb_trees if reloc  control
  has been initialized (bsc#1199399).
- commit d95d9f9
- NFS: limit use of ACCESS cache for negative responses
  (bsc#1196570).
- commit ef9d19f
- Fix incorrect back-port, fixing 2 build warnings.
- commit 9439daf
- Input: aiptek - properly check endpoint type (git-fixes).
- commit adce64b
- Input: ti_am335x_tsc - fix STEPCONFIG setup for Z2 (git-fixes).
- commit c0c510c
- Input: ti_am335x_tsc - set ADCREFM for X configuration
  (git-fixes).
- commit e4c804c
- Input: spaceball - fix parsing of movement data packets
  (git-fixes).
- commit 539174a
- Input: appletouch - initialize work before device registration
  (git-fixes).
- commit c34cd8b
- Input: elantench - fix misreporting trackpoint coordinates
  (git-fixes).
- commit 7997e49
- blacklist.conf: cosmetic, fixes only a warning building kerneldoc
- commit 6049774
- blacklist.conf: cosmetic cleanup not relevant with our compiler
- commit ba2d5e6
- Input: xpad - add support for another USB ID of Nacon GC-100
  (git-fixes).
- commit 2ec4daa
- blacklist.conf: ("/arm64: patch_text: Fixup last cpu should be master"/)
- commit be0ce1e
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- commit e712368
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 18f8665
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes).
- commit 0999b33
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 04ca715
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes)
- commit 800afa6
- arm64: Add missing ISB after invalidating TLB in __primary_switch (git-fixes)
- commit 39de1e2
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ca97ce7
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 3d5101e
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit a87c9dd
- arm64: avoid -Woverride-init warning (git-fixes)
- commit 2129334
- arm64: berlin: Select DW_APB_TIMER_OF (git-fixes)
  Update arm64 default config too.
- commit 0ecd431
- arm64: futex: Restore oldval initialization to work around buggy (git-fixes)
- commit aff6d26
- USB: quirks: add STRING quirk for VCOM device (git-fixes).
- commit b3561b8
- USB: quirks: add a Realtek card reader (git-fixes).
- commit 00ce130
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- commit 89b73ba
- USB: serial: whiteheat: fix heap overflow in
  WHITEHEAT_GET_DTR_RTS (git-fixes).
- commit 59b9eb6
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
  (git-fixes).
- commit 17cb6f5
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
  (git-fixes).
- commit cd550fd
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075
  compositions (git-fixes).
- commit de2ee2e
- xhci: stop polling roothubs after shutdown (git-fixes).
- commit 7a8d134
- bpf: fix panic due to oob in bpf_prog_test_run_skb (bsc#1197219,
  CVE-2021-39711).
- commit 51bae76
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
  (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
  (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of
  list iterator (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state
  (git-fixes).
- scsi: hisi_sas: Change permission of parameter prot_mask
  (git-fixes).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling
  (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization
  (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
  (git-fixes).
- scsi: pm8001: Fix le32 values handling in
  pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix payload initialization in
  pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix le32 values handling in
  pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix payload initialization in
  pm80xx_set_thermal_config() (git-fixes).
- scsi: pm8001: Fix command initialization in
  pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in
  pm80XX_send_read_log() (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- commit 7d2dad7
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit 26d8e0b
- Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413)
  Also shorten the patch file name to standard size
- commit 636bc07
- arm64: csum: Fix handling of bad packets (git-fixes)
- commit f574d06
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 2b0b29d
- arm64: kgdb: Fix single-step exception handling oops (git-fixes)
- commit 2bf8d9a
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit d7f377c
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit 9b7c58a
- arm64: hw_breakpoint: Don't invoke overflow handler on uaccess (git-fixes)
- commit 1bcd840
- arm64: fix the flush_icache_range arguments in machine_kexec (git-fixes)
- commit 882df6a
- arm64: hugetlb: avoid potential NULL dereference (git-fixes)
- commit 555706d
- arm64: armv8_deprecated: Fix undef_hook mask for thumb setend (git-fixes)
- commit b96856e
- blacklist.conf: ("/arm64: bcm2835: Drop select of nonexistent HAVE_ARM_ARCH_TIMER"/)
- commit c43d835
- blacklist.conf: ("/arm64: alternative: fix build with clang integrated assembler"/)
- commit 54b996b
- arm64: smp: fix crash_smp_send_stop() behaviour (git-fixes)
- commit 1b169cc
- arm64: smp: fix smp_send_stop() behaviour (git-fixes)
- commit b6d82e4
- arm64: ptrace: nofpsimd: Fail FP/SIMD regset operations (git-fixes)
- commit 1cb7bae
- arm64: cpufeature: Set the FP/SIMD compat HWCAP bits properly (git-fixes)
- commit c507980
- arm64: cpufeature: Fix the type of no FP/SIMD capability (git-fixes)
- commit 254dd7d
- arm64: kbuild: remove compressed images on 'make ARCH=arm64 (git-fixes)
- commit 24f9c76
- arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess (git-fixes)
- commit b66e175
- arm64: hibernate: check pgd table allocation (git-fixes)
- commit d832f17
- blacklist.conf: Add 173ee3962959 of: Add missing exports of node name compare functions
- commit 0dd7ac0
- blacklist.conf: Add 35d2f249ef0 powerpc/64s: Fix copy-paste data exposure into newly created tasks
- commit ed610b6
- blacklist.conf: Add ef0e3b650f8d powerpc/perf: Fix Threshold Event Counter Multiplier width for P10
- commit a1fd7b5
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
  file (bsc#1195612 CVE-2022-24448).
- commit dd7b1a9
- media: dib0700: fix undefined behavior in tuner shutdown
  (git-fixes).
- commit 161f5d6
- media: dmxdev: fix UAF when dvb_register_device() fails
  (git-fixes).
- commit a5f86c7
- media: stk1160: fix control-message timeouts (git-fixes).
- commit a12f4c4
- media: s2255: fix control-message timeouts (git-fixes).
- commit a9c8dfb
- media: pvrusb2: fix control-message timeouts (git-fixes).
- commit 16e2d20
- media: em28xx: fix control-message timeouts.
- commit a04e6eb
- media: cpia2: fix control-message timeouts (git-fixes).
- commit 08eac6f
- media: flexcop-usb: fix control-message timeouts (git-fixes).
- commit 723dad6
- media: redrat3: fix control-message timeouts (git-fixes).
- commit 8ba5db7
- media: mceusb: fix control-message timeouts (git-fixes).
- commit 2cb626b
- media: cx23885: Fix snd_card_free call on null card pointer
  (git-fixes).
- commit 00ecca7
- media: mtk-vpu: Fix a resource leak in the error handling path
  of 'mtk_vpu_probe()' (git-fixes).
- commit f0a6451
- blacklist.conf: breaks API in a way visible to user space
- commit c6a60a3
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 961a274
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- commit 09cd25b
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit 604de00
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit 50f0114
- sched/core: Add __sched tag for io_schedule() (git-fixes)
- commit 9d87590
- sched/core: Fix comment regarding nr_iowait_cpu() and (git-fixes)
- commit ecffaaa
- Fix kernel-vanilla build issue
  Fix:
  [  315s]   CC [M]  fs/fat/namei_vfat.o
  [  315s]   CC      kernel/elfcore.o
  [  315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed
  [  315s] Cannot find symbol for section 1: .text.
  [  315s] kernel/elfcore.o: failed
  [  315s] make[3]: *** [kernel/elfcore.o] Error 1
  due to toolchain updates and the patch missing in the vanilla flavor. So
  move it there.
- Fix kernel-vanilla build issue
  Fix:
  [  315s]   CC [M]  fs/fat/namei_vfat.o
  [  315s]   CC      kernel/elfcore.o
  [  315s] ../scripts/Makefile.build:302: recipe for target 'kernel/elfcore.o' failed
  [  315s] Cannot find symbol for section 1: .text.
  [  315s] kernel/elfcore.o: failed
  [  315s] make[3]: *** [kernel/elfcore.o] Error 1
  due to toolchain updates and those two missing in the vanilla flavor. So
  move them there.
- commit 23d6a8f
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit 356d15d
- Revert "/SUNRPC: attempt AF_LOCAL connect on setup"/ (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- NFSv4: Don't invalidate inode attributes on delegation return
  (git-fixes).
- commit 68eb601
- Refresh patches.suse/edac-amd64-add-family-ops-for-family-19h-models-00h-0fh.patch.
  Fix a mis-backport, see bsc#1199239.
- commit f96a9c6
- veth: Ensure eth header is in skb's linear part (git-fixes).
- commit 6ff2c01
- drivers: net: xgene: Fix regression in CRC stripping
  (git-fixes).
- commit 602a1e3
- qed: validate and restrict untrusted VFs vlan promisc mode
  (git-fixes).
- commit ad0651e
- qed: display VF trust config (git-fixes).
- commit 9699ef6
- net: bcmgenet: Don't claim WOL when its not available
  (git-fixes).
- commit a1f5118
- qed: return status of qed_iov_get_link (git-fixes).
- commit 159f7e9
- net: qlogic: check the return value of dma_alloc_coherent()
  in qed_vf_hw_prepare() (git-fixes).
- commit 9c3a46d
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- commit b8799d9
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- arm64: kprobes: Recover pstate.D in single-step exception handler (git-fixes)
- commit 08b3135
- arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} (git-fixes)
- commit 0fb13cd
- arm64: compat: Allow single-byte watchpoints on all addresses (git-fixes)
- commit 07a9393
- arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (git-fixes)
- commit e55d0f7
- blacklist.conf: ("/arm64: kaslr: keep modules inside module region when KASAN is enabled"/)
- commit 1b6c511
- arm64/mm: Inhibit huge-vmap with ptdump (git-fixes).
  Refresh patches.suse/arm64-map-FDT-as-RW-for-early_init_dt_scan.patch.
- commit 1547369
- arm64/iommu: handle non-remapped addresses in ->mmap and (git-fixes)
- commit 4d8706c
- crypto: arm64/aes-neonbs - don't access already-freed walk.iv (git-fixes)
- commit fac52ff
- arm64: futex: Avoid copying out uninitialised stack in failed (git-fixes)
- commit 1717208
- arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP (git-fixes)
- commit 684672b
- blacklist.conf: ("/arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value"/)
- commit 94505c7
- arm64: Fix size of __early_cpu_boot_status (git-fixes)
- commit 6601dcf
- arm64: compat: Reduce address limit (git-fixes)
- commit 04e4a55
- arm64: Save and restore OSDLR_EL1 across suspend/resume (git-fixes)
- commit 02dab80
- arm64: Clear OSDLR_EL1 on CPU boot (git-fixes)
- commit 67d23fd
- blacklist.conf: ("/arm64/mm: fix kernel-doc comments"/)
- commit b109706
- arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value (git-fixes)
- commit 60a1549
- arm64: debug: Ensure debug handlers check triggering exception level (git-fixes)
- commit b48e6fb
- arm64: debug: Don't propagate UNKNOWN FAR into si_code for debug (git-fixes)
- commit aa9cc22
- arm64: Fix HCR.TGE status for NMI contexts (git-fixes)
- commit 931dd8d
- arm64: Relax GIC version check during early boot (git-fixes)
- commit 755c19b
- arm64: dts: marvell: Fix A37xx UART0 register size (git-fixes)
- commit 54c508c
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
  (bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
  (bsc#1196426 CVE-2021-33061).
- commit 7ca9841
- net: mana: Remove unnecessary check of cqe_type in
  mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Use struct_size() helper in
  mana_gd_create_dma_region() (bsc#1195651).
- commit 1c0dbce
- Revert lpfc driver update to 14.2.0.1 (bsc#1198989)
- commit be1f831
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1129770)
- commit 1a3a046
- video: hyperv_fb: Fix validation of screen resolution (bsc#1129770)
- commit b9d0ff6
- video: backlight: Drop maximum brightness override for brightness (bsc#1129770)
- commit 43837e5
- PCI: Do not enable AtomicOps on VFs (bsc#1129770)
- commit c8f8eeb
- ARM: 9110/1: oabi-compat: fix oabi epoll sparse warning (bsc#1129770)
- commit d1ab88b
- fsl/fman: Check for null pointer after calling devm_ioremap
  (git-fixes).
- commit a939025
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- commit df66a4a
- can: gs_usb: fix use of uninitialized variable, detach device
  on reception of invalid USB data (git-fixes).
- commit 8660202
- net: ethernet: mtk_eth_soc: fix return values and refactor
  MDIO ops (git-fixes).
- commit 0892190
- ieee802154: atusb: fix uninit value in atusb_set_extended_addr
  (git-fixes).
- commit 039c504
- i40e: Fix incorrect netdev's real number of RX/TX queues
  (git-fixes).
- commit 71ccdfa
- bnx2x: fix napi API usage sequence (bsc#1198217).
- commit 0fdc23e
- powerpc/perf: Fix power9 event alternatives (bsc#1137728,
  LTC#178106, git-fixes).
- Revert "/ibmvnic: Add ethtool private flag for driver-defined
  queue limits"/ (bsc#1121726 ltc#174633 git-fixes).
- commit e2aedd0
- USB: Fix xhci event ring dequeue pointer ERDP update issue
  (git-fixes).
- commit c9dd9d4
- blacklist.conf: Append 'vgacon: Propagate console boot parameters before calling `vc_resize''
- commit 049412f
- blacklist.conf: kABI
- commit 82bdaff
- blacklist.conf: irrelevant in our configs
- commit 56584e8
- blacklist.conf: cleanup, not a fix
- commit d0b397b
- net/x25: Fix null-ptr-deref caused by x25_disconnect
  (CVE-2022-1516 bsc#1199012).
- commit 70361a9
- blacklist.conf: Append 'backlight: qcom-wled: Fix off-by-one maximum with default num_strings'
- commit 51cd556
- blacklist.conf: Append 'vt: Fix character height handling with VT_RESIZEX'
- commit f58734a
- video: fbdev: udlfb: properly check endpoint type (bsc#1129770)
- commit 783e7a7
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (bsc#1129770)
- commit 155ebc4
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (bsc#1129770)
- commit 639ac93
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (bsc#1129770)
- commit e434e14
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (bsc#1129770)
- commit 344bc32
- video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (bsc#1129770)
- commit 66c9a63
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (bsc#1129770)
- commit 816cbfa
- parisc/sticon: fix reverse colors (bsc#1129770)
- commit 96cba65
- video: fbdev: chipsfb: use memset_io() instead of memset() (bsc#1129770)
- commit b2ee4b1
- fbmem: don't allow too huge resolutions (bsc#1129770)
- commit 3261ce6
- backlight: pwm_bl: Improve bootloader/kernel device handover (bsc#1129770)
- commit 1e071a0
- Restore kabi after Revert "/NFSv4: Handle the special Linux file
  open access mode"/ (git-fixes).
- commit 454c575
- media: em28xx: fix memory leak in em28xx_init_dev (git-fixes).
- commit ae8eb8d
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- commit 1ab34f7
- blacklist.conf: misattributed
- commit 67e9964
- blacklist.conf: irrelevant in our config
- commit b67c63d
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- commit fba8723
- media: stkwebcam: fix memory leak in stk_camera_probe
  (git-fixes).
- commit 93825c5
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
  (git-fixes).
- commit 40501ef
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
  (git-fixes).
- commit 451e148
- media: rc-loopback: return number of emitters rather than error
  (git-fixes).
- commit cff83f4
- media: uvc: don't do DMA on stack (git-fixes).
- commit c3b7b8e
- media: videobuf2-core: dequeue if start_streaming fails
  (git-fixes).
- commit dc1215d
- media: lmedm04: Fix misuse of comma (git-fixes).
- commit fdc42cf
- ovl: fix missing negative dentry check in ovl_rename()
  (CVE-2021-20321 bsc#1191647).
- commit 3e23b63
- blacklist.conf: duplicate
- commit cf7be65
- blacklist.conf: cleanup
- commit 41d47c2
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
  (bsc#1028340 bsc#1198825).
- commit 058dc1f
- rtl8187: fix control-message timeouts (git-fixes).
- commit 79977ac
- ath6kl: fix division by zero in send path (git-fixes).
- commit 4d7c95f
- ath6kl: fix control-message timeout (git-fixes).
- commit 77388d0
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- commit 4a06a7f
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- commit 85a369e
- libertas: Fix possible memory leak in probe and disconnect
  (git-fixes).
- commit 3b6017c
- libertas_tf: Fix possible memory leak in probe and disconnect
  (git-fixes).
- commit 966339e
- ath10k: fix max antenna gain unit (git-fixes).
- commit b33c09d
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- commit d0dc5a4
- mwifiex: Send DELBA requests according to spec (git-fixes).
- commit 1fdac31
- mwifiex: Read a PCI register after writing the TX ring write
  pointer (git-fixes).
- commit 3308154
- b43: fix a lower bounds test (git-fixes).
- commit 1a2c981
- b43legacy: fix a lower bounds test (git-fixes).
- commit 12ea1d7
- blacklist.conf: optimization that breaks kABI
- commit 0b8cb68
- USB: usb-storage: Fix use of bitfields for hardware data in
  ene_ub6250.c (git-fixes).
- commit 8485f85
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- commit e071cd2
- USB: serial: simple: add Nokia phone driver (git-fixes).
- commit 6cdbd34
- blacklist.conf: optimization
- commit efab6ed
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- commit 8306949
- blacklist.conf: no gadget mode in SLE12
- commit 6d57b76
- usb: ulpi: Call of_node_put correctly (git-fixes).
- commit 98c8547
- USB: core: Fix bug in resuming hub's handling of wakeup requests
  (git-fixes).
- commit d42a2ba
- USB: Fix "/slab-out-of-bounds Write"/ bug in
  usb_hcd_poll_rh_status (git-fixes).
- commit 7c8f2b6
- usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect
  (git-fixes).
- commit 6c78568
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: hub: Fix usb enumeration issue due to address0 race
  (git-fixes).
- commit 62d7e13
- io-64-nonatomic: add io{read|write}64{_lo_hi|_hi_lo} macros
  (git-fixes).
- commit 48bc31d
- mxser: fix xmit_buf leak in activate when LSR == 0xff
  (git-fixes).
- PCI: iproc: Fix out-of-bound array accesses (git-fixes).
- PCI: Fix overflow in command-line resource alignment requests
  (git-fixes).
- PCI: qcom: Make sure PCIe is reset before init for rev 2.1.0
  (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- PCI: qcom: Change duplicate PCI reset to phy reset (git-fixes).
- Refresh
  patches.suse/PCI-qcom-Add-missing-reset-for-ipq806x.patch.
- PCI: Add device even if driver attach failed (git-fixes).
- PCI/switchtec: Read all 64 bits of part_event_bitmap
  (git-fixes).
- commit 9f2996c
- SUNRPC: Handle low memory situations in call_status()
  (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- Revert "/NFSv4: Handle the special Linux file open access mode"/
  (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
  (git-fixes).
- fs/nfs: Use fatal_signal_pending instead of signal_pending
  (git-fixes).
- commit 2cecf8b
- Refresh
  patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch.
  Update git-commit now that it has landed.
- commit 4e48858
- Update
  patches.suse/drm-ttm-nouveau-don-t-call-tt-destroy-callback-on-al.patch
  (bsc#1175232 bsc#1183723 CVE-2021-20292).
- commit 9708de1
- net-sysfs: call dev_hold if kobject_init_and_add success
  (CVE-2019-20811 bsc#1172456).
- commit 5de8a61
- pahole 1.22 required for full BTF features.
  also recommend pahole for kernel-source to make the kernel buildable
  with standard config
- commit 364f54b
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748).
- commit 25ea790
- random: check for signal_pending() outside of need_resched()
  check (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
  (git-fixes).
- char/mwave: Adjust io port register size (git-fixes).
- random: fix data race on crng_node_pool (git-fixes).
- commit 0ec1c9f
- blacklist.conf: blacklist compile fix for test routines
- commit 0cd9e6f
- blacklist.conf: add one ARCH_NOMADIK entry
- commit f5b6eaf
- Update
  patches.suse/floppy-Do-not-copy-a-kernel-pointer-to-user-memory-i.patch
  (bsc#1051510 bsc#1084513 CVE-2018-7755).
- commit 371ca37
- use jobs not processors in the constraints
  jobs is the number of vcpus available to the build, while processors
  is the total processor count of the machine the VM is running on.
- commit a6e141d
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit f3d608f
- drm/vgem: Close use-after-free race in vgem_gem_create (CVE-2022-1419 bsc#1198742)
- commit c2b5f0e
- scripts/run_oldconfig.sh: use pahole from dummy-tools if available (bsc#1198388)
  Similar to other dummy-tools, use also pahole from dummy-tools, if it is
  available. This makes the configs consistent on all distros, not
  dependining on developers' version.
- commit a9e6b6c
- isdn: cpai: check ctr->cnr to avoid array index out of bound
  (bsc#1191958 CVE-2021-43389).
- commit 6296574
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
  failed connect (CVE-2021-38208 bsc#1187055).
- commit 54aed86
- Update patch reference for NFC fix (CVE-2021-38208 bsc#1187055)
- commit 01cc4ae
- Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
  (bsc#1065729 bsc#1198660 ltc#197803).
- commit e3bcaa0
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
  function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit ffb367f
- kABI fix for tcp: fix race condition when creating child
  sockets from syncookies (bsc#1197075).
- commit fd09edb
- tcp: Fix potential use-after-free due to double kfree()
  (bsc#1197075).
- commit ad52893
- tcp: fix race condition when creating child sockets from
  syncookies (bsc#1197075).
- commit 6729a4f
- NFSv4: Fix a regression in nfs_set_open_stateid_locked()
  (bsc#1196247).
- kabi fix for NFSv4: Wait for stateid updates after
  CLOSE/OPEN_DOWNGRADE (bsc#1196247).
- NFSv4: Wait for stateid updates after CLOSE/OPEN_DOWNGRADE
  (bsc#1196247).
  Adjust some kabi fixes to match.
- NFSv4.x recover from pre-mature loss of openstateid (bsc#1196247).
- NFSv4: Handle NFS4ERR_OLD_STATEID in CLOSE/OPEN_DOWNGRADE
  (bsc#1196247).
- NFSv4: Don't try to CLOSE if the stateid 'other' field has
  changed (bsc#1196247).
- commit 639faa6
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- commit c63cb9b
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- commit 323e981
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- commit 9fa453a
- net/mlx5e: Reduce tc unsupported key print level (git-fixes).
- commit ccf2751
- Update
  patches.suse/x86-pm-save-the-msr-validity-status-at-context-setup.patch
  (bsc#1198400).
- Update
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400).
- commit b81f481
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (bsc#1198413).
- commit 9eb132f
- blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler
- commit f836b54
- Update patch references of drm fixes (CVE-2022-1280 bsc#1197914)
- commit b729b95
- Revert "/module, async: async_synchronize_full() on module init
  iff async is used"/ (bsc#1197888).
- commit 23e6efe
- i40e: add correct exception tracing for XDP (git-fixes).
- commit 646c060
- drm/ttm/nouveau: don't call tt destroy callback on alloc failure
  (CVE-2021-20292 bsc#1183723).
- commit f1a5fa2
- i40e: optimize for XDP_REDIRECT in xsk path (git-fixes).
- commit eba7817
- blacklist.conf: misattributed in upstream
- commit d24b230
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- commit 49769d6
- blacklist.conf: cleanup, not a fix
- commit 7a11af1
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
  (git-fixes).
- commit dc3e8da
- blacklist.conf: depends on intrusive updates
- commit 86c3906
- x86/speculation: Restore speculation related MSRs during S3
  resume (bsc#1114648).
- commit 46f1ca5
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
  commands (git-fixes).
- commit d81a725
- git_sort: Fix error message for patches missing Git-commit.
  To reject unsortable patches from out-of-tree section patches without a
  Git-commit that don't have Patch-mainline Submitted or Not yet are
  rejected with an error message saying that this tag is not supported.
  However, this is the case also for patches that have Patch-mainline
  Queued or version which are missing Git-commit.
  Add a separate error message for this case.
  Fixes: eaff9bcc7268 ("/git_sort/lib: Only allow patches intended for mainline."/)
- commit 24354fd
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
  (git-fixes).
- commit 3893e26
- fuse: handle kABI change in struct fuse_req (bsc#1197343
  CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
  CVE-2022-1011).
- commit e67cd7e
- x86/pm: Save the MSR validity status at context setup
  (bsc#1114648).
- commit 87c5893
- livepatch: Don't block removal of patches that are safe to
  unload (bsc#1071995).
- commit 3b32a28
- fix parallelism for rpc tasks (bsc#1197663).
- Make the xprtiod workqueue unbounded (bsc#1197663).
- commit 8b97258
- Refresh
  patches.suse/net-sched-use-Qdisc-rcu-API-instead-of-relying-on-rt.patch.
  Fix missplaced qdisc_put()
- commit 883b3be
- xen: fix is_xen_pmu() (git-fixes).
- commit bd40deb
- xen/blkfront: fix comment for need_copy (git-fixes).
- commit 0c99cc8
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit dd22f66
- xen: don't continue xenstore initialization in case of errors
  (git-fixes).
- commit 6a9b916
- blacklist.conf: 1dbd11ca75fe ("/xen: remove gnttab_query_foreign_access()"/)
- commit 37fa08f
- IB/qib: Fix memory leak in qib_user_sdma_queue_pkts() (git-fixes)
- commit c239ab7
- RDMA/rxe: Restore setting tot_len in the IPv4 header (git-fixes)
- commit 986a537
- RDMA/rxe: Use the correct size of wqe when processing SRQ (git-fixes)
- commit dacc35c
- RDMA/rxe: Missing unlock on error in get_srq_wqe() (git-fixes)
- commit f3ecb3d
- Update
  patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
  references (add CVE-2022-28356 bsc#1197391).
- commit 658b50e
- net: rtlwifi: properly check for alloc_workqueue() failure
  (git-fixes).
- commit 3c2f34d
- blacklist.conf: dependency would break kABI
- commit 0dc5499
- mac80211: fix station rate table updates on assoc (git-fixes).
- commit 7c6c73d
- mt7601u: fix rx buffer refcounting (git-fixes).
- commit f6f3ca9
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- commit cfcccfb
- arm64: hibernate: Clean the __hyp_text to PoC after resume (git-fixes)
- commit bbc565a
- arm64: hyp-stub: Forbid kprobing of the hyp-stub (git-fixes)
- commit 03dcd08
- arm64: kprobe: Always blacklist the KVM world-switch code (git-fixes)
- commit a917d0c
- arm64: kaslr: ensure randomized quantities are clean also when kaslr (git-fixes)
- commit f170463
- arm64: kaslr: ensure randomized quantities are clean to the PoC (git-fixes)
- commit b039486
- blacklist.conf: ("/arm64: defconfig: Re-enable bcm2835-thermal driver"/)
- commit e6a130b
- arm64: cmpxchg: Use "/K"/ instead of "/L"/ for ll/sc immediate constraint (git-fixes)
- commit 7722c1f
- arm64: relocatable: fix inconsistencies in linker script and options (git-fixes)
- commit 64d186d
- arm64: drop linker script hack to hide __efistub_ symbols (git-fixes)
- commit 310ed92
- arm64: compat: Provide definition for COMPAT_SIGMINSTKSZ (git-fixes)
- commit 2bbad05
- arm64: fix for bad_mode() handler to always result in panic (git-fixes)
- commit 14351ce
- arm64: only advance singlestep for user instruction traps (git-fixes)
- commit cf205ee
- crypto: arm64/aes-ce-cipher - move assembler code to .S file (git-fixes)
- commit 3a20ee6
- scripts/python: Align with kbuild.
  The port to python3 happened independently in kernel-source and kbuild
  creating some source differences.
  These differences cause problems with applying patches across different
  repositories. Align the sources by removing trivial differences.
- commit 9796048
- qed: Enable automatic recovery on error condition (bsc#1196964).
- commit 2fdc961
- scripts/gitlog2changes: Fix parsing of GPG-signed commit
- commit a384f30
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- scripts: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit 2ea024c
- scripts/run_oldconfig.sh: Ignore PAHOLE_VERSION.
- commit c585f2b
- git_sort.py: Add bpf-next tree.
- commit a4d4ce2
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- powerpc: Set crashkernel offset to mid of RMA region
  (bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit b6d78fb
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
  bsc#1198484)
  Let's iron out the reduced initrd optimisation in Tumbleweed.
  Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- git_sort: Fix error when sorted section is empty.
- commit 06a0c32
- MyBS.pm: support the password-store keyring
  osc can use password-store via the Python keyring and password-store backend.
  We can detect this configuration from its specific credentials_mgr_class
  setting, and instead call the 'pass' command directly, similarly to the
  secret-tool.
- commit 38694df
- README: Remove remaining traces of Novell
- commit fbc8e4e
- git_sort: tests: Fix warning about default branch
  Since the version in SLE 15 git init prints this warning which is logged
  in the test result:
  hint: Using 'master' as the name for the initial branch. This default branch name
  hint: is subject to change. To configure the initial branch name to use in all
  hint: of your new repositories, which will suppress this warning, call:
  hint:
  hint:   git config --global init.defaultBranch <name>
  hint:
  hint: Names commonly chosen instead of 'master' are 'main', 'trunk' and
  hint: 'development'. The just-created branch can be renamed via this command:
  hint:
  hint:   git branch -m <name>
  The -b argument to git init to suppress this warning is not available on
  git versions that do not print the warning.
  pygit2.init_repository does not print this warning so use it instead.
- commit 873477c
- git_sort: tests: Fix quilt mode test on TW
  The quilt mode test requires getopt which is no longer installed by
  default.
- commit 2e0e020
- scripts/check-embargoed-bugz: git pre-push script for checking embargoed bugs
- commit f5044f8
- scripts/stableids: allow machine to be localhost
  And do not attempt to ssh anywhere in that case.
- commit 2e223ff
- scripts/stableids: number more than 999 patches properly
  I.e. pad enough number of zeros for patches count >= 1000.
- commit ecfeb07
- scripts/git_sort/git_sort.py: Remove a dev branch of the -rcu tree
- commit ce56f17
- scripts/git-pre-commit: Detect empty patches.
- commit 616effa
- git_sort/lib: use correct class name for MutableSet
  [BUG]
  With latest python3.10, all git_sort scripts fails to start:
  $ ./scripts/git_sort/series_insert.py
  Traceback (most recent call last):
  File "/~/btrfs/suse/kernel-source/./scripts/git_sort/series_insert.py"/, line 34, in <module>
  import lib
  File "/~/btrfs/suse/kernel-source/scripts/git_sort/lib.py"/, line 569, in <module>
  class OrderedSet(collections.MutableSet):
  AttributeError: module 'collections' has no attribute 'MutableSet'
  [CAUSE]
  From python3.3 and later, MutableSet needs to be referred using
  "/collections.abc.MutableSet"/, instead of just "/collections.MutableSet"/.
  After python3.9, the old compatible behavior seems to be removed, thus
  causing above crash.
  [FIX]
  Try to import MutableSet from collections.abc first, if not found, then
  try again from collections.
  For v3.10 the first try should success, while on v3.4 I don't have any
  system to test though. Hopes this would work.
- commit 5fedfe0
- git_sort: Use -next rather than -testing in gregkh/usb
- commit 7232b7b
- git_sort: Add driver-core repository.
- commit d7ae15d
- scripts/git_sort/git_sort.py: add Greg KH's USB repo
- commit bd0fd0c
- scripts/osc_wrapper: fix issue where osc build cannot find git HEAD if
  checked out branch is a worktree
- commit 14421cd
- test_series_sort.py: Also test submitted patch.
- commit 6a7dd95
- scripts/git_sort/tests: Update to current codestreams.
- commit 94b31df
- git_sort/lib: Only allow patches intended for mainline.
- commit eaff9bc
- check-patchhdr: Do not require Patch-mainline on kABI patches.
  These patches are not meant to be submitted, anyway.
- commit b5822d2
- header.py: Reject Patch-mainline: No
  This tag is deprecated. Never or Not yet should be used instead.
- commit 50efd72
- scripts/git_sort/git_sort.py: add a dev branch of the -rcu tree
- commit 60ddeaf
- scripts/git_sort/git_sort.py: add gpio maintainers git tree
- commit 189ee55
- MyBS.pm: Do not use pool as suffix for QA repository.
- commit 1c60609
- MyBS.pm: Use pool repository when present.
  The standard repository in SLE15 SP3 in OBS does not contain packages.
- commit a1fda61
- scripts/git_sort/git_sort.py: Update drm-next repo
- commit c36d95b
- scripts/bugzilla: report only active versions
  Report only product versions that are marked as active. This makes
  bugzilla-create work properly for products with inactive versions.
- commit ef0f3ae
- scripts/run_oldconfig.sh: pretend RUSTC doesn't exist
  HAS_RUST and RUSTC_VERSION is set (or unset) depending if rustc exists
  on a machine where run_oldconfig.sh is run. We don't want the config to
  oscillate, so disable rust completely for the time being.
  Don't use /bin/false, use nonsense like /nothing/nowhere instead. It
  makes scripts/rust-version.sh NOT to scream about missing output.
  If we ever want to support rust, we have to:
  * introduce dummy-tools into rust world (there is no CROSS_COMPILE
  before RUST currently)
  * change ignored configs in rpm/check-for-config-changes
- commit 8149db0
- test-all.sh: Pass argument list to Python and make script executable
  Improve the helper shell script:
- Pass command line options to python3 to allow things like "/-v"/.
- Set the executable bit, so it can be invoked directly.
- commit 7cc2bcf
- scripts/git_sort/git_sort.py: Add repo for Chuck Lever
  Check Lever (aka "/cel"/) is co-maintainer for nfsd.
- commit 7d3e0dc
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 3bdd6db
- header.py: Fix unmatched prentheses.
  Fixes: 65d0b2d07e8c ("/README, patch-tag-template, header.py: Abolish Novell and FATE (bsc#1189904)."/)
- commit ffde1c0
- README, patch-tag-template, header.py: Abolish Novell and FATE
  (bsc#1189904).
- commit 65d0b2d
- scripts/sequence-patch.sh: Add --signing-key option
  The --signing-key option allows the user to specify a certificate and key
  to be used for module signing.  Checks ensure that it can also be used
  for signing the kernel for UEFI Secure Boot.
- commit d2affe4
- scripts: support gz and zst compression methods
  Extend 95df98b61fde ("/scripts/supported-conf-fixup: recognize compressed modules"/)
  for gzip and zstd compression.
- commit deab245
- run_oldconfig.sh: Also make scripts executable.
  When new scripts ar added by a patch they are not executable after
  sequence-patch.
- commit 17cad6a
- commit b70c29e
- Add dtb-microchip
- commit c797107
- MyBS: Fix the kernel-obs-build existence check.
- commit 9cd6187
- MyBS: Only wipe kernel-obs-build when it exists.
  It does not exist for livepatches.
- commit ca3fae0
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
  (git-fixes CVE-2021-4157 bnc#1194013).
- commit 957ab2c
- MyBS: Wipe kernel-obs-build after uploading a kernel.
  kernel-obs-build is a subpackage of kernel-default built by repacking
  kernel-default and is used for building other packages.
  In development repositories it is possible that a broken kernel that
  does not boot is uploaded, and when kernel-obs-build is built with the
  broken content no packages can be built anymore in the QA repository
  that uses the kernel-obs-build.
  Wipe the kernel-obs-build binaries on upload so that stale broken
  binaries don't remain. The package need to be rebuilt with the new
  kernel binaries anyway so this does not cause useless rebuilds (unless
  you reup-load same git revsion).
  Alternative would be to create much more complex repository setup with
  aggeregates which does not sound like it would save anything.
- commit c5a3108
  This was accidentally merged into packaging rather than scripts as
  kernel-source commit 65979e3c8b2d ("/scripts/git_sort/git_sort.py: add bpf
  git repo"/).
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 3b45eef
- commit abd8982
- blacklist.conf: Add c420644c0a8f powerpc: Use mm_context vas_windows
  counter to issue CP_ABORT
- commit e9d175b
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit 6b8a8e7
- scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862).
- commit d3f1aea
- run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862).
- commit 2b68831
- scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862).
  scripts/dummy-tools is a cross-toolchain from the kernel which
  advertises support for _everything_ (on the toolchain side). Using
  these, we obtain super-configs which are then reduced during build time
  when real toolchain (like gcc, ld, ...) is used.
  This allows us to drop the need for cross-compilers, specific versions
  of gcc etc. This is always pain as run_oldconfig.sh ran on different
  machines produces different configs.
- commit f1e7bc3
- rpm/kernel-source.spec.in: temporary workaround for a build failure
  Upstream c6x architecture removal left a dangling link behind which
  triggers openSUSE post-build check in kernel-source, failing
  kernel-source build.
  A fix deleting the danglink link has been submitted but it did not make
  it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
  utility does not handle symlink removal. Add a temporary band-aid which
  deletes all dangling symlinks after unpacking the kernel source tarball.
  [jslaby] It's not that temporary as we are dragging this for quite some
  time in master. The reason is that this can happen any time again, so
  let's have this in packaging instead.
- commit 52a1ad7
- scripts/wd-functions.sh: add tar.gz base kernel tarball
  Linux -rc snapshots are released as tar.gz files, add support for them.
- commit d4457f3
- git-sort: Update nvme repo branch.
- commit f005189
- scripts/python/check-patchhdr: explicitly prefer python3
  Debian and OpenSUSE Tumblweed no longer have the /usr/bin/python
  symlink, at least this is explained and spelled out on the Debian
  Python Policy [0]. This guideline specifically requests that scripts
  do not use `/usr/bin/env`, do not use `/usr/bin/python` and instead
  use the exact version desired.
  So do just that. Without this, you cannot use kernel-source and commit
  changes without a warning of the python interpreter missing.
  With regards to support to Python 2, some SLE release will simply have
  a python2 script, and some releases for Python3. Release branches where
  we have python 3 can opt-in to embrace this patch.
  [0] https://www.debian.org/doc/packaging-manuals/python-policy/ch-python.html#s-interpreter
- commit a81b795
- scripts/tar-up.sh: remove -u from helptext
  Fixes commit 3efbe774d5cfa0ced909811a7fc3fe16bffaf580
- commit 606be75
- commit 3233d64
- scripts/renamepatches: Add explanation.
- commit c7715af
- scripts/renamepatches: Tool for unifying patch filenames across
  branches.
  It often happens that different developers add patches under different
  names to different branches. When the branches are merged the patches
  are added twice instead of causing a conflict.
  Renaming patches in advance in one of the branches makes merging much
  more straightforwared.
- commit 0951065
- scripts/stableids: s/bnc/bsc/ and cleanup old versions
  The current reference to be used is bsc, not bnc anymore. So update the
  script.
  And remove all discontinued stable versions.
- commit 193862b
- scripts/git_sort/git_sort.py: Add clock maintainer tree
- commit 5435172
- scripts/git_sort/git_sort.py: update SCSI and NVMe repositories
- commit 509f06e
- commit 793c656
- scripts: Support gnome_keyring for OBS connections
  .oscrc may specify keyring= or gnome_keyring= directive to instruct us
  obtaining the password from the local keyring. When only the latter is
  specified we would fail to fetch the password. Fix this by handling
  gnome_keyring= as keyring= too.
- commit c496909
- scripts/git-fixes: Import script from kbuild.
- commit 3e66f73
- scripts/git_sort/git_sort.py: add gitloite to k_org_prefixes
  If you define in your gitconfig to use gitolite for accessing kernel.org
  the scripts won't recongnise your remotes in $LINUX_GIT
  Add gitloite support to k_org_prefixes
- commit 27af818
- scripts/run_oldconfig.sh: support setting config options with value
  Existing -nco-* options for run_oldconfig.sh only allow adding/replacing
  options with y or m values or disabling them but cannot be used to set
  options which take e.g. a number or string as value.
  Add new parameter -nco which allows setting a config option to an arbitrary
  value, e.g.
    ./run_oldconfig -nco LOG_BUF_SHIFT=18
    ./run_oldconfig -nco DEFAULT_TCP_CONG="/cubic"/
- commit 9c449cf
- MyBS.pm: use secret-tool instead of custom script
  secret-tool is available from the package of the same name under
  Leap and Tumbleweed.
- commit d2378aa
- scripts/lib/SUSE/MyBS.pm: Fix uninitialized value.
- commit 47ccb93
- scripts/lib/SUSE/MyBS.pm: Support new style obfuscated password.
- commit 5f57bd3
- scripts: Simplistic keyring implementation for bs-upload-kernel
  This adds a very simply PoC implementation for querying the keyring
  for the OBS password. It's obviously not really secure, but still
  better than storing the password in plain text or with trivial
  encryption. I couldn't find a plain perl implementation of the
  secretstorage protocol.
- commit 4bafc0a
- scripts/run_oldconfig.sh: Ignore CONFIG_CC_VERSION_TEXT
- commit e81b5cd
- git_sort: drop nvme repositories from the list
  The nvme-5.8 branch has been rebased four times in three weeks so that
  trying to manage nvme patches with git_sort means more harm than good.
- commit b382424
- scripts/lib/SUSE/MyBS.pm: update for OBS
  Similar to 3ae8f5694d41...
- commit 54326bb
- scripts/lib/SUSE/MyBS.pm: Adjust basic auth realm for IBS.
- commit 3ae8f56
- scripts/run_oldconfig.sh: Ignore LD_VERSION in config.
- commit e3040fe
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e1a964f
- git_sort: update URL of net and net-next reporitories
  With the introduction of Jakub Kicinski as co-maintainer, the official
  URL of net and net-next trees was changed from davem/* to netdev/*.
  The original URLs are preserved as aliases but let's switch to the
  official ones.
  Keeping the old URLs with lower priority so that git_sort can update
  Git-repo tags and subsection headers without complaints about unrecognized
  repository.
- commit 4457462
-  scripts/git_sort/git_sort.py: add masahiroy/linux-kbuild.git repository
- commit 1ed2975
- scripts/git_sort/git_sort.py: Add ulfh/mmc
- commit 7febf5c
- scripts/supported-conf-fixup: support guards containing a dash
  The script expects guards to contain only letters and digits (apart from
  the leading '-' or '+'). As we are using "/+foo-kmp"/ style guards to mark
  modules to put into an internal KMP, we need the script to expect '-'
  characters as well.
- commit ce984f3
- scripts/git_sort/git_sort.py: add efi/next repository
- commit 5c191a3
- scripts/git_sort/git_sort.py: add linux-pinctrl repository
- commit 73604d8
- scripts/git_sort/git_sort.py: Add EDAC for-next queue
- commit e718107
- scripts/git_sort/git_sort.py: add thermal/linux.git to the repo list
- commit 84aca34
- scripts/git_sort/git_sort.py: add linux-ipmi repository
- commit 78b705e
- Remove git_sort tests for openSUSE-42.3 (EOL).
- commit d090435
- scripts/check-patch-blacklist: Exit gracefully if blacklist.conf is not present
- commit fe1be04
- scripts/osc_wrapper: make it work with osc >= 0.165
  osc >= 0.165 by default tries to run services. This needs an .osc dir
  and _project, _package, and _files in it. So disable running services as
  we do not need them.
- commit 58db0dd
- scripts/stableids: handle new DRM commits tagging
- commit 4fec579
- scripts/log2: Add --amend option
  This works similarly like git-commit --amend option, used for folding the
  changes onto the commit HEAD.  Unlike git-commit, this re-invokes
  scripts/log and the changelog entry is completely refreshed, hence the
  previous manual change in the log may be lost and need to be re-entered.
- commit 38eaa49
- Copy git-sort merge tool installation instructions to README.md
- commit 5596d4b
- scripts/git_sort/git_sort.py: Remove s390/linux.git for-linus
  This branch no longer exists.
- commit c4479c2
- scripts/sequence-patch.sh: Add --dry-run option
  It is often sufficient to check whether the patch series applies
  without writing out the patched files.
- commit b999a1f
- scripts/git_sort/git_sort.py: Add device tree repository
- commit 3069f2e
- scripts/git_sort/git_sort.py: add dma-mapping repository
- commit bf870d0
- scripts: stableids, handle new pattern
  They started using capital C in commit.
- commit dd41f26
- scripts/git_sort/git_sort.py: add arm64 repository
  Delete no longer existing repository linux-mmots
- commit 2e5580a
- scripts/install-git-hooks: Fix spelling of git option --remove-section
- commit 19cc664
- git_sort.py: add soundwire repo.
- commit 99afd50
- git-pre-commit: Warn on blacklisted commits.
- commit 0dea234
- scripts/git_sort/git_sort.py: Add perf repository.
- commit 727e371
- Revert "/scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote"/
  This reverts commit 061a324a9d93e90ad21e077b956ed3184203e3cc.
- commit 3373b12
- scripts/git_sort/git_sort.py: Remove s390/linux for-linus remote
  It doesn't exist (anymore).
- commit 061a324
- cripts/git_sort/git_sort.py add jejb/scsi repository.
- commit d1fd61a
- scripts/stableids: add dump_only option
  This is useful for generating only SHAs. These are used for putting
  stable patches into sorted section.
- commit 7669764
- scripts/stableids: add bnc for 5.3 kernel
  There is a map of bncs for various kernels. SLE15-SP2 is based on 5.3,
  so add the reference.
- commit 7650550
- commit 74150a8
- scripts/git_sort/git_sort.py:
- commit a6474a1
- git-sort: merge_tool: Catch parsing errors of patches from remote branch
  Avoids unsightly python backtraces for problems such as a Git-commit id
  which is not in LINUX_GIT.
- commit 1eef4e7
- scripts/sort_supported.rb: Script for sorting supported.conf
  This script uses a heuristic that works on 99% entries.
  There are two lines in current supported.conf that need adjustment in
  comment to pass.
- commit 398394f
- scripts/supported-conf-fixup: recognize compressed modules
  At the moment, just allow *.ko.xz in addition to *.ko. It would be nice to
  make it respect COMPRESS_MODULES from rpm/config.sh but that would require
  someone who does actually speak Perl.
- commit 95df98b
- git-sort: merge_tool: Preserve the order of patches when calculating "/added"/
  When merging, the relative order of the patches added to the out-of-tree
  section between the merge base and remote must be preserved. Previously it
  was not, on the erroneous expectation that all added patches are
  commit-sorted. Therefore, added patches (remote - base) in the oot
  subsection were appended in shuffled order to the oot subsection of the
  result.
- commit aa6b527
- scripts/run_oldconfig.sh: support rt partial debug config.
- commit e1353be
- scripts/git_sort/README.md: Update quilt-ks repository URL
- commit 03c796b
- commit 03c6291
- commit 6c1fcb9
- scripts/run_oldconfig.sh: Fix native config check in kbuild.
- commit 93c6080
- commit cbd56d5
- commit 629ccf3
- scripts/tar-up.sh: do not make assumptions about the remote name (bsc#1141488)
  The script assumed a remote named 'origin' exists. While this is true
  for cloning a repo with default options, the name of the remote can be
  easily changed. Also there can be more than one remotes.
  Extend the script to exclude a branch named 'scripts' in all configured
  remotes.
- commit b98fb06
- commit df44667
- scripts/git_sort/git_sort.py:
- commit f216f54
- scripts/guards: Add missing link.
- commit 9d16ecd
- commit c2096bb
- commit 3f9c688
- git_sort: add crypto maintainer tree.
- commit f74c585
- git-sort: tests: Use --no-gpg-checks in SLE12-SP2 Dockerfile
  The updated SLE12-SP2 docker image uses a repo that needs --no-gpg-checks
  for non-interactive usage.
- commit ce25676
- git-sort: qcp: Create subdir of quilt's .pc if needed
  qcp.py creates a ~refresh file under a subdirectory of quilt's "/.pc"/
  directory. If there haven't been other patches applied yet which are in the
  same subdirectory (ex: "/patches.fixes"/), that directory does not exist.
  This situation can also occur in other scenarios when using `rapidquilt`.
  change qcp to create the directory if needed, instead of failing.
- commit 4f437ad
- commit 3d5eb00
- git-sort: README: Add information about how to report problems
- commit 332fdaa
- scripts/bugzilla-create: Set 'Proactive-Upstream-Fix' keyword
- commit 3ef3587
- git-sort: Always explicitely handle a pygit2 import error
  As pointed out by Michal Suchanek, the limitation in commit 6d67b1042a73
  ("/series_sort: Catch pygit2 import failure."/) is wrong; given that there is
  no explicit installation step of the git-sort scripts and that they are
  "/just there"/ in the kernel-source repository, every user-callable script
  needs to check that the user followed installation requirements.
- commit 50602bd
- git-sort: Move mainline remote check to series_sort
  git_sort can be used on any git repository. series_sort OTOH needs the
  reference repository to be a clone of the mainline Linux kernel repository.
  Move the warning accordingly.
  Using the same rationale as in commit 6d67b1042a73 ("/series_sort: Catch
  pygit2 import failure."/), the check is only in series_sort.py even though
  other scripts like series_insert.py have the same requirement.
  Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 6daf637
- git-sort: Move mainline remote check to series_sort
  git_sort can be used on any git repository. series_sort() OTOH expects the
  reference repository to be a clone of the mainline Linux kernel repository.
  Move the warning accordingly and make it an error since further operations
  would fail.
  Fixes: 027d52475873 ("/scripts: git_sort: Warn about missing upstream repo"/)
- commit 9b0e07a
- scripts: git_sort: Warn about missing upstream repo
  I've witnessed several people having misconfigured their remotes and
  then calling sortig scripts on series.conf results in cryptic error
  messages like:
  > Traceback (most recent call last):
  >   File "/scripts/git_sort/series_sort.py"/, line 121, in <module>
  >     sorted_entries = lib.series_sort(index, input_entries)
  >   File "//home/mkoutny/suse/kernel-source-12-sp3/scripts/git_sort/lib.py"/, line 425, in series_sort
  >     for e in sorted(result[head].items(), key=operator.itemgetter(0))])
  > KeyError: None HEAD
  Add warning when the upstream torvalds/linux remote is not found to give
  users a clue about the situation.
- commit 027d524
- scripts/sequence-patch.sh: fix --fuzz option
  The --fuzz getopt long param was not accepting values.
- commit 0307fc9
- README: Adjust links to internal wiki.
- commit 2ee9bf3
- commit 52b5cf3
- commit 86af8b9
- scripts/git_sort/git_sort.py: Add s390/linux.git fixes.
- commit e19d62a
- scripts/git_sort/git_sort.py: Add mkp/scsi 5.0/scsi-fixes
- commit 4223e69
- scripts/bugzilla: use /usr/bin/python3 directly
  /usr/bin/env python3 allows the first interpreter in $PATH to be use, which
  can product unreliable results.
- commit 8296635
- scripts/python/suse_git/header.py: add jsc#w+-d+ for Jira references
  With the upcoming switch to Jira for feature tracking, we need to teach
  the checker about the new tag.  Enforcement is still disabled.
- commit b7bee5d
- scritps/log2: add patch changes to index before running checks.
- commit 90691bf
- git-sort: series_sort: Make "/series.conf"/ the implicit argument
  Similar to series_insert, "/series.conf"/ becomes the default file where to
  read/write the patch series. In contrast to series_sort, if the input is
  not a tty and no argument is specified, the old mode is preserved, which is
  to behave as an stdin/stdout filter. This way, the original usecase of
  piping all or a subset of series.conf lines through series_sort (for
  example, in the method described in the script header) remains unchanged.
- commit a010ff5
- git-sort: quilt-mode: Fix git_sort.py path
  Commit e5655f63f99c ("/git-sort: Remove tools not related to series_sort"/)
  removed the "/git-sort"/ symlink but did not update quilt-mode.sh to use the
  direct path to git_sort.py.
- commit 949d090
- scripts/git_sort/git_sort.py: add kvalo/wireless-drivers-next/master
- commit 46e9bdf
- git-sort: Handle new pygit2.discover_repository behavior
  A consequence of pygit2 commit c32ee0c25384 ("/Now discover_repository
  returns None if repo not found"/).
- commit 9ae2824
- tar-up.sh: do not copy files ending with ~
- commit 70993c1
- check-patchhdr: Remove "/slightly strange pattern"/
  Make fuller use of the unittest API:
  * use assertRaises when testing exceptions
  * use assertEqual when testing for equality
  * reorder arguments to (expected value, actual value) when testing for
  equality, for more intuitive output in case of failure
  * use unittest.skip instead of commenting out tests
- commit ba48e04
- git-sort: Add license text
- commit c7a1094
- git-sort: Remove tools not related to series_sort
  Some scripts were copied over from the ksapply repository but are not
  needed for git-sort, series_sort or quilt-mode. In preparation for moving
  the series_sort code to its own repository, remove these scripts. They can
  still be found in the ksapply repository:
  https://gitlab.suse.de/benjamin_poirier/ksapply
- commit e5655f6
- scripts/sequence-patch.sh: Add --rapid option
  It uses rapidquilt to apply patches.
- commit 7178c2c
- commit 8ce95c7
- scripts: Run pre-commit checks only once when splitting changes into multiple commits
  Instead of repeating the series_sort check for each patch, we can do the
  check once at the beginning, which saves time. Same goes for the other
  checks part of the pre-commit hook.
- commit 0f98ccc
- run_oldconfig - crosscompile
- commit 98367ef
- scripts/log2: add --no-edit argument.
- commit 990531c
- scripts/lib/SUSE/MyBS.pm: new osc stores oscrc in .config
  So enumerate both possibilities before giving up.
- commit cd4eb98
- scripts: use syncconfig instead of silentoldconfig where available
  Since mainline commit 0085b4191f3e ("/kconfig: remove silentoldconfig
  target"/), "/make silentoldconfig"/ can be no longer used. Use "/make
  syncconfig"/ instead if available.
- commit 0d0454a
- git_sort.py: Add drm-misc-next to list of repos/branches
  DRM fixes occationally go from drm-misc-next directly into linux-next
  without the intermediate step of drm-next. Support for drm-misc-next is
  required by several recent commits.
- commit 379ad30
- git_sort.py: Remove trailing whitespace
- commit c5e56ea
- scripts/series2git: Strip [PATCH] prefix in the subject line
  This makes the commit a bit more similar to the original change.
- commit 3d0cc05
- Distribute git configuration in a versioned file
  The kernel-source repository uses a script to set certain git config values
  which are meant to be distributed to all users. This mechanism makes it
  cumbersome to update these configuration values and eventually track their
  history.
  For security reasons, git does not have a way to implicitly include
  configuration values in a repository's content. However, we can explicitly
  include extra configuration values from a versioned file using the
  "/include.path"/ configuration directive. Reuse the old mechanism to add this
  directive (which should hopefully not need changes in the future) and
  include the actual configuration values of interest to all users in a
  separate file.
- extra-gitconfig:
- scripts/install-git-hooks:
- commit c8faf99
- Configure attributes using .gitattributes file
  As stated in gitattributes(5):
  Attributes which should be version-controlled and distributed to
  other repositories (i.e., attributes of interest to all users)
  should go into .gitattributes files.
  Therefore, move the currently-used attributes to a .gitattributes file.
  This is to support future changes to attributes.
  The attributes in $GIT_DIR/info/attributes have precedence over
  .gitattributes. Therefore, users who have run scripts/install-git-hooks
  from a version predating this patch may have attributes in
  $GIT_DIR/info/attributes that override the ones in .gitattributes.
  Unfortunately, we are stuck with this blemish from the past and must
  forever clean up the mess.
- .gitattributes:
- .gitignore:
- scripts/install-git-hooks:
- commit 668a353
- commit 097d8f0
- Update documentation wrt. Patch-mainline
  Common practice is to set Patch-mainline to a Linux release tag. More
  than 95% of all patches follow this convention. The remaining 5% have
  been fixed accordingly in SLE15.
  The documentation is inconsistent wrt. to the content of Patch-mainline.
  In some places it refers to a release tag, in others it refers to a version
  number. With this cleanup, documentation in scripts/ refers to release tags.
  This change is a follow-up for commit 1d81d2699cd3.
- README: Update documentation wrt. Patch-mainline
  Common practice is to set Patch-mainline to a Linux release tag. More
  than 95% of all patches follow this convention. The remaining 5% have
  been fixed accordingly in SLE15.
  The README file is inconsistent wrt. to the content of Patch-mainline.
  In some places it refers to a release tag, in others it refers to a version
  number. With this cleanup, it refers to release tags everywhere.
  This change is a follow-up for commit 1d81d2699cd3.
- commit 57b996f
- tar-up.sh: allow packaging multiple architectures.
  tar-up.sh has -a option to generate package for a particular
  architecture. Extend the -a option processing to accept comma separated
  list of architectures. Also fix a bug with ppc64 selecting both ppc64
  and ppc64le.
- commit 1d17b6d
- scripts/git_sort/README.md: Add update_clone.py documentation
- commit 2286fa5
- scripts/tar-up.sh: Don't package gitlog-excludes file
  Also fix the evaluation of gitlog-excludes file, too
- commit 18a9758
- scripts: sequence-patch.sh: Use '_' to replace '#' charactor (bsc#1107937)
  The pound char ('#') could cause kernel "/make prepare"/ failure if
  toolchain contains latest automake (1.15).
  "/make prepare"/ wil fail like:
  $ LANG=C make modules_prepare
  [snip]
  CALL    scripts/checksyscalls.sh
  DESCEND  objtool
  HOSTCC   /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep.o
  HOSTLD   /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o
  LINK     /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep
  /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/.fixdep-in.o.cmd:1: *** missing separator.  Stop.
  make[4]: *** [Makefile:42: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/fixdep-in.o] Error 2
  make[3]: *** [/home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/build/Makefile.include:4: fixdep] Error 2
  make[2]: *** [Makefile:52: /home/adam/btrfs/suse/kernel-source/tmp/linux-4.12-bsc#123456/tools/objtool/libsubcmd.a] Error 2
  make[1]: *** [Makefile:61: objtool] Error 2
  make: *** [Makefile:1689: tools/objtool] Error 2
  The cause is latest make will consider pound char as a separator.
  Kernel has some fixes for it:
  9feeb638cde0 ("/tools build: fix # escaping in .cmd files for future Make"/)
  9564a8cf422d ("/Kbuild: fix # escaping in .cmd files for future Make"/)
  But backporting those 2 fixes can't solve the problem if the kernel
  path contains '#'.
  Considering how common we name the branch using bsc#123456, it would
  definitely cause problem if using some rolling release distributions.
  Fix the $TAG variable by replacing the '#' to '_', so we won't need to
  bother the problem.
- commit 4be920f
- commit b5a813e
- scripts/sequence-patch.sh: use kernel-azure instead of kernel-default
- commit c2c287e
- scripts/git_sort/qcp.py: Print info message on stdout
- commit 38de9a0
- git-sort: Run tests under SLE15
- commit a31a983
- git-sort: Run tests under openSUSE Leap 15.0
- commit 825f5ea
- git-sort: Update sle12-sp3 docker image name
  name changed, most likely as a result of the recent changes to
  registry.suse.de
- commit 678ee7d
- git-sort: Update openSUSE docker image names
  The "/opensuse"/ project "/has been deprecated in favor of the opensuse/leap
  and opensuse/tumbleweed images provided and maintained by the openSUSE
  Project release team"/. [https://store.docker.com/images/opensuse]
- commit 7a9578c
- commit 8effdc9
- scripts/cvs-wd-timestamp: use UTC timezone
  Do not respect users' time zone and use the predictable one. So that
  when people upload a kernel (e.g. tar-up and osc_wrapper upload), the
  time stamp makes no difference.
- commit 386cbe7
- scripts/git_sort/git_sort.py:
- commit 3ac5af6
- commit 17f9140
- commit 36a3f5c
- scripts: run_oldconfig.sh: pass $CC via $MAKE_ARGS
  For some reason, "/make oldconfig"/ ignores CC environment variable so that
  "/CC=gcc-8 make oldconfig"/ still uses default gcc. To actually use compiler
  passed to run_oldconfig.sh by buildtest-kernel script, we need to pass CC
  value as an argument to make, i.e. "/make CC=gcc-8 oldconfig"/.
  If run_oldconfig.sh is run with CC set, add its value to MAKE_ARGS.
- commit 5672543
- scripts/git_sort/README.md: Add quilt-ks OBS repo key fingerprint
- commit 1b3ea9a
- scripts/git_sort/git_sort.py: add modules-next tree
- commit 9804f92
- commit 1cbf60e
- scripts/git_sort/patch.py: Fix patch writeback
  The file must be truncated otherwise we have stray content from the former
  patch leftover at the end of the file when the new patch is shorter.
- commit a597010
- scripts/git_sort/series_conf.py: Fix Patch parameter
  Fixes: e68bd465cdc4 ("/git-sort: Rewrite Patch class to read bytes instead of str"/)
- commit 7674464
- scripts: Make sure hooks directory exists
  When using git worktrees they have a separate git directory which does not
  contain the 'hooks' directory by default. Let's create it when installing
  hooks.
- commit 2905fbd
- scripts/git_sort/patch.py: Fix detection of patch header end
  Consider linux commit 1e047eaab3bb ("/block/loop: fix deadlock after
  loop_set_status"/), some lines from the log start with "/---"/ but do not mark
  the end of the patch header. Fix the pattern matching to match what is done
  in quilt.
  Also add a test which triggers the issue.
- commit b710f8d
- scripts: ignore CONFIG_GCC_VERSION when checking for oldconfig changes
  Since 4.18-rc1, "/make oldconfig"/ writes gcc version and capabilities into
  generated .config. Thus whenever we build the package or run checks with
  different gcc version than used to update config/*/*, check for "/outdated
  configs"/ fails.
  As a quick band-aid, omit the lines with CONFIG_GCC_VERSION from both
  configs before comparing them. This way, the check won't fail unless run
  with newer gcc which would add new capabilities. More robust solution will
  require a wider discussion.
- scripts/git_sort/git_sort.py: Remove dead code
- commit 45100db
- scripts/git_sort/lib.py: Add some docstrings
- commit 271ab0a
- scripts: Support a bare LINUX_GIT
  This was already tried in commit 130e61c098de ("/scripts/linux_git.sh:
  support more dirs and bare repos"/) but it missed modifying all related
  usages which hardcode "//.git"/.
- commit a6d98d2
- scripts/git_sort/git_sort.py: Support bare repository
  get_heads() assumes that the repository has the default configuration of
  fetch refspecs following `git clone`. This does not work if the user
  modified the refspecs or used `git clone --bare`. Change get_heads()
  to perform the transformation of the remote branch name into the local ref
  according to refspec configuration.
- commit 56e8686
- scripts/tests/test_linux_git.py: Clarify tests
  Each actual test case is moved to its own unittest case. This produces
  clearer output.
- commit 9ce16e2
- Delete series.conf.
  Commit 8c4b29dee8b2 ("/scripts/git-pre-commit: only sort series when
  required"/) added an empty series.conf to the scripts branch.
- commit b6e9b17
- check-patchhdr: Use print_function instead of sys.stderr.write.
  Commit 5ba62488b03 switched to using sys.stderr.write(), but the right
  way to do prints with python 2/3 compatibilty is to import
  print_function and use print().
- commit 653e07e
- git-sort: Rewrite Patch class to read bytes instead of str
  Some patches contain characters from multiple encodings, for example a
  backport of commit 395072592e8e ("/drm/i915: broken copyright encoding in
  intel_bios.c"/). Reading those files in text mode triggers a
  UnicodeDecodeError. Therefore, read patch files as bytes and convert the
  header only to str. At the same time, the constructor is simplified to
  accept only a stream.
- commit 0c3fcd6
- check-patchhdr fix error printing on python2.
- commit 5ba6248
- scripts: scripts/log should work with python2.
- commit 3a12a82
- git-sort: Handle empty Git-commit tags
  Although rejected by the current check-patchhdr, some old patches still
  have such invalid tags.
- commit 3b4c077
- scripts/git_sort/update_clone.py: Support modifying remotes in an existing repository
- commit ced4b81
- scripts/git_sort/git_sort.py: Use Repository.remotes instead of parsing config
- commit 93be9e4
- scripts/bugzilla-create: fix usage header
  The usage header specified BUGIDs for the arguments when it expects
  patch files.
- commit 791c922
- scripts/bugzilla-create: skip 'unspecified' version
  Some products provide an 'unspecified' version name in the list of versions
  but it can't be used to file a report.  Let's skip it.
- commit d7a9adc
- scripts/log2: splice_series: Use cat to echo all remaining lines
  The "/after patch"/ state echoes all remaining lines from the old series
  without any possible state change. Instead of reading line by line, use the
  more efficient `cat`.
- commit f6fb30c
- scripts/log2: Fix splice_series when adding two consecutive sections
  Currently, if adding two new sections back to back, when doing
  splice_series for the patches in the first section, they will be followed
  by all of the added whitespace lines, including the ones that followed the
  second section. That's unsightly. Stop echoing added whitespace lines once
  a new non-empty line is encountered.
- commit dae2e83
- scripts/git_sort/git_sort.py: Support libgit/pygit2 0.27
  With the update to libgit 0.27, pygit2 returns Repository Config elements
  ConfigEntry instances instead of plain str as before. Introduce an
  adaptation layer to support both old and new interfaces.
- commit f170315
- scripts/log2: Fix argument passing to splice_series
  Multiple users reported seeing the following error
  Error: new series does not contain all lines from old series.
  after commit 4a3b64a07ab6 ("/scripts/log2: Improve automatic series.conf
  modifications"/).
  Reproduction seems to depend on the bash version; it occurs on SLE12-SP3
  with 4.3.42 but not on tumbleweed with 4.4.19. The problem is caused by the
  fact that `read -r -u 4 new` in splice_series reads the entire content of
  $new_series as one line. $new_series is passed as a here string on file
  descriptor 4, `4<<<$new_series`.
  According to bash(1) for version 4.3.42, "/Pathname expansion and word
  splitting are not performed."/ for here strings. However, it appears like
  word splitting might be for certain invocations (not all, for reasons I
  don't understand). Work around the problem by replacing the here string
  with a simpler construct.
  Referenches: bsc#1094120
- commit 5845ab1
- git-sort: merge_tool: Fix handling of moved patches in remote branch
  Patches that have changed subsystem section between the base and remote
  refs must be processed in upstreaming mode because their new git-repo tag
  after the merge will not match their old section in series.conf from the
  local ref.
  References: bsc#1093777
- commit b806cf0
- scripts/git_sort/tests/test_series_insert.py: Make it executable, like other tests
- commit ecd3542
- scripts/git_sort/series_conf.py: Document pygit2 dependency avoidance
- commit ac02a72
- scripts/git_sort/sequence-insert.py: Udate doc to reflect path change
  The scripts have been merged in kernel-source and are no longer part of a
  separate "/ksapply"/ repository.
- commit 597c570
- scripts/git_sort/clone_all.py: Combine --no-tags option
- commit 5c06131
- scripts/sequence-patch.sh: update supported.conf parsing (fate#319339)
  +*-kmp is a valid guard that should results in a module being flagged
  as supported.  This clones the logic from the spec file to reflect that.
- commit d897f77
- scripts/python/check-patchhdr: Port to python3
- commit 4e62ede
- scripts/git_sort/README.md: Update according to the new --upstream option
- commit 18d4825
- scripts/osc_wrapper: fix argument swap
- commit 511c395
- commit 94752b1
- scripts/tests/lib.py:
- scripts/tests/test_log2.py:
- scripts/log2:
  Add splice_series() tests. Coverage is measured using kcov:
  https://github.com/SimonKagstrom/kcov
- commit 82873ff
- scripts/log2: Improve automatic series.conf modifications
  When multiple patches are added at once and individual commits are created
  automatically, the modifications to series.conf are split into individual
  changes that add one new patch line each. Currently, all new comments and
  empty lines are added along with the first patch. Change scripts/log2 so
  that the comments preceding a patch and the whitespace lines following it
  are added together with the patch.
- commit 4a3b64a
- scripts/git_sort/series_conf.py: Update pipe workaround for python3
  The workaround needs to be updated after the migration from python 2 to 3.
  Use the solution described here:
  https://stackoverflow.com/questions/26692284/brokenpipeerror-in-python
  https://bugs.python.org/issue11380
- commit c45b3a2
- bs-upload-kernel: build klp_symbols when supported.
  cherry-picked from kbuild
- commit aa873d6
- scripts/git_sort/clone_all.py: Add a script to setup a repository with all remotes from git_sort
- commit 55a1366
- scripts/git_sort/git_sort.py: Fix Head uniqueness check
- commit 7c5bc66
- scripts/git_sort/git_sort.py: Fix remote list
- commit 64ee72a
- git-sort: Add option to control movement of patches between subsystem sections
  Currently, a valid ordering in series.conf may become outdated after a
  subsystem repository is merged into an upstream repository. At that point,
  a series.conf which passed the validation check in the past would no longer
  be accepted because, for example, patches in the "/net"/ section should move
  to the "/mainline"/ section. This means that users often have to first
  refresh the ordering in series.conf to reflect upstream changes before
  adding new patches. In order to reduce the burden on users, make it the
  default that patches will remain in their current subsystem section unless
  it is explicitely requested to move them to upstream sections. This should
  effectively accept an outdated but once-valid ordering.
- commit cb21f89
- git-sort: Ignore empty input lines
- commit 51f0b86
- git-sort: Encapsulate indexed commit information in a sortable object
  This eases the comparison and sorting of commits from different heads.
- commit 3959932
- sequence-patch: just exist if there is no config.sh
- commit 7ae9881
- git-sort: Fix compatibility with old `comm`
  Certain distro releases have an older `comm` which doesn't support the
  "/--total"/ option. Use a trivial workaround. Also add tests for
  pre-commit.sh, including one which triggers this problem.
- commit 52e4510
- git-sort: Fix interpreter
- commit c6628e6
- git-sort: Extend series_sort tests
  ... and fix related issues.
- commit 535548a
- git_sort.py: remove duplicate remote.
- commit e5476dc
- scripts: add bugzilla-create and bugzilla-resolve scripts
  bugzilla-create will accept a list of one or more patches, and
  for each one:
- create bugzilla reports with the patch subject as the summary
- update the patch References tag to contain the new report ID
- attach the patch to the report
- assign the bug to the reporter
  bugzilla-resolve will accept a list of one or more bug IDs and resolve
  them as FIXED with an automated message indicating they have been
  committed to the kernel git repo.
  Use of either requires that the user set up a ~/.bugzillarc as documented
  in the scripts/bugzilla-create help or attempts to create bug reports
  will fail with authorization required errors.
- commit 3dff52c
- commit de89c2b
- scripts/git_sort/git_sort.py: Handle unsupported cache db format
  The upcoming python3 port will introduce two changes to the database format
  used for the cache: the default database format of python's "/shelve"/ module
  changed from bdb to gnu dbm and the default protocol version of the
  "/pickle"/ module changed from 0 to 3.
  python2 only supports the gnu dbm format if the gdbm module is available.
  python2 does not handle pickle protocol version 3. In case a user runs the
  python3 version of git-sort and then runs the python2 version again, the
  cache file will be unreadable. Handle that situation explicitly by
  rebuilding the cache.
  If this commit is not available, the alternative workaround is to delete
  the cache file manually (typically under ~/.cache/git-sort).
- commit 15bd1c2
- commit 17db4b8
- scripts/git_sort/git_sort.py:
- commit bfef53d
- git-sort: pre-commit: Don't specify series.conf path relative to scripts
  commit hooks run from the root of the working tree in a non-bare repository
  (according to githooks(5)). Therefore, the path to series.conf can be
  specified relative to that root. This change also allows to run the scripts
  from an alternate location during development.
- commit b87f537
- git-sort: pre-commit: Run if sorted patch files have changed
  Previously we would run the checker script only if the sorted section of
  series.conf had changed. However, a commit could render the sort invalid by
  making changes to the tags of a patch that is in the sorted section but no
  changes to series.conf. Therefore, check the sorted series and the patches
  that it contains if either have changed.
- commit 9ea0831
- git-sort: series_conf: Add a mode to print names only
  Print patch file names from the sorted section without comments or empty
  lines.
- commit 58b9d36
- git-sort: Extend series_insert.py test to trigger an error
  adds a test which triggers the problem fixed in commit 4c26c132dc7b
  ("/scripts/git_sort/series_insert.py: Fix exception names"/)
- commit 21902a2
- git-sort: Add a test of series_insert.py
- commit 25ab285
- git-sort: Factor out test code to write patches
- commit 39e1be1
- scripts: Allow excluding commits in changelog
  For ignoring superfluous commits appearing the changelog, add a
  capability to scripts to ignore the given commit list.
  User can put the commit IDs in rpm/gitlog-excludes file so taht
  tar-up.sh will ignore them.
- commit 2d24811
- scripts/git_sort/series_insert.py: Fix exception names
  After factoring out exception classes, series_insert.py was not
  updated.
  Fixes: 9ad1206cfd3a45dc0f7825d0f93053a9fd9fb07e
- commit 4c26c13
- scripts/git_sort/pre-commit.sh:
- scripts/git-pre-commit:
  Refine the sorted section check
  Because series_sort.py has some dependencies (namely pygit2), avoid running
  it unless there was a change in the sorted section.
- commit 27a0058
- git-sort: Factor out series.conf splitting
- commit 9e149fc
- git-sort: Factor out exception classes
- commit 9ad1206
- scripts/git_sort/merge_tool.py: Update tags
  merge_tool can create an invalid series.conf (example in merge commit
  3e43fe0554). It may move patches to upstream repositories sections in
  series.conf but it does not update the Git-repo tags in those patches
  accordingly. Fix that problem. Also explicitely `git add` those modified
  patches to make sure that they end up in the merge commit.
- commit 7b8db07
- git-sort: Add Dockerfiles to run tests under different OS releases
- commit eef6cac
- commit f41d7e5
- commit e4a7aa9
- git-sort: Catch some simple error cases
  .. and print formatted error messages instead of python backtraces.
- commit 4f82790
- git-sort: Use a consistent variable name for subprocess results
- commit a240443
- git-sort: Add merge_tool test
- commit a426acf
- git-sort: Port to python3
  Most of the changes are related to subprocess calling, encoding and str vs.
  bytes.
- commit 600ead2
- git-sort: Replace __cmp__ operators
  In Python 3 the support for __cmp__() has been removed.
- commit 404509f
- Revert "/scripts/osc_wrapper: fix quoting of osc define"/
  This reverts commit ac17e1f7e8d084b86ee7094833db7f9fce9bc503.
  Apparently the quoting level is different depending on how you build :/
- commit e08c406
- git-sort: Fix tag parsing for describe()
  Fix the following traceback:
  File "/./scripts/git_sort/series_sort.py"/, line 123, in <module>
    lib.update_tags(index, to_update)
  File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/lib.py"/, line 454, in update_tags
    patch.change(tag_name, index.describe(entry.cindex))
  File "//home/nborisov/projects/kernel/suse/kernel-source/scripts/git_sort/git_sort.py"/, line 516, in describe
    if self.version_match.match(tag)]
  AttributeError: '_pygit2.Commit' object has no attribute 'get_object'
  It happens when there are lightweight tags formatted like release tags (ex:
  v2.6.13.4).
- commit cf4f000
- git_sort: Add an alias of linux.git
- commit 5aa06b0
- commit e89e2b8
- scripts/git_sort/merge_tool.py: Catch `merge` execution failure.
  Print a verbose error message.
- commit b9651cd
- git_sort: add remotes from SLE15
- commit f433a01
- scripts/git_sort/merge_tool.py: Update instructions.
  Since the git-sort scripts have been merged in the kernel-source
  repository, the path can be stated in an unambiguous way.
- commit 6e10fbf
- commit dd15feb
- Relax checks on xen patches.
- commit b3a11cb
- commit 1134911
- git-sort: lib: Fix handling of workdir with no patches applied.
- commit b1c58cb
- git-sort: lib_tag.sh: Limit the attribution tags that are recognized.
  limits the attribution tags that are recognized to the ones accepted by
  check-patchhdr.
- commit bc6beb7
- git-sort: qdupcheck: Fix handling of workdir with no patches applied.
- commit 4aa2f24
- git-sort: tag: Trivial, use specialized function.
- commit 6573793
- git-sort: qgoto: Fix handling of workdir with no patches applied.
- commit 375c498
- git-sort: Fix splitting of series.conf
  If "/before"/ and "/after"/ have the same content (for example, empty), the
  assertion would inappropriately trigger.
  Also flush remaining comments and whitespace buffers.
  Add a related test.
- commit 3e2b4fa
- git-sort: series_sort: Fix error message when the sorted subsection is absent.
  ... and add a test that triggers it.
- commit 9602358
- scripts/osc_wrapper: fix quoting of osc define
- commit ac17e1f
- git-sort: Fix SortIndex interface to repository heads.
  A few library functions assume that they can access the repo_heads from
  index.repo_heads. Restore that attribute and add a basic test of
  series_sort which catches this problem.
  Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 6a71e74
- git-sort: Fix cache rebuild condition.
  Currently, when "/-d"/ gives the expected information that the cache will not
  be rebuilt, `git sort` still rebuilds the cache. Fix this problem and add a
  test to catch it.
  Fixes: 2c7d8e4f5b45 ("/git-sort: Encapsulate cache management in an object."/)
- commit 7b8b987
- git-sort: Check cache integrity
  References: bsc#1078216
- commit bcc8a71
- git-sort: Add cache tests
- commit f888ef7
- git-sort: Encapsulate cache management in an object.
  moves cache management code out of the SortIndex and avoids instantiating a
  SortIndex when running in the dump mode.
- commit 2c7d8e4
- git-sort: Factor out functions to read local repository.
  moves repository reading functions out of the SortIndex. Those functions
  are not closely tied to the index and moving them out will ease
  refactoring.
- commit 587a8d2
- git-sort: Extend unit test with (fake) Linux repository.
  Add a basic test of the sorting functionality.
- commit 5dd770a
- git-sort: Control quilt configuration.
  Some scripts parse the output of quilt. However that output can change
  depending on certain quilt options. This, in turn, breaks some expectations
  of the scripts. Fix this by specifying which configuration quilt should use
  when its output will be parsed.
  For example, qgoto assumed that the output of `quilt top` begins with
  "/patches/"/ but that depends on the QUILT_PATCHES_PREFIX configuration
  variable.
- commit 79b5128
- scripts/install-git-hooks: Use /bin/bash when creating new pre-commit hook
  Commit c8a5532f3db3 ("/scripts/*: Set /bin/bash explicitly"/) already
  explicitly set all shebangs to point to /bin/bash since the majority
  of the scripts are using bashisms. However, it missed the shebang that
  is created by install_snippet() function in install-git-hooks. This
  commit makes the printed shebang also point to /bin/bash.
  This fixes a failure due to scripts/git-pre-commit having a /bin/bash
  shebang, but being sourced from .git/hooks/pre-commit, which in turn
  uses /bin/sh, essentially ignoring the shebang of the git-pre-commit
  script.
  This will apply to newly installed hooks.
- commit 7c8b438
- scripts/git_sort: fix Patch-mainline generated for untagged mainline commits
  For patches with commit id in mainline but not tagged yet, git_sort.py
  generates Patch-mainline referring to next expected tag. If latest mainline
  tag is an RC, e.g. 4.15-rc7, it generates text like
  Patch-mainline: v4.16 or v4.15-rc8 (next release)
  but it should be
  Patch-mainline: v4.15 or v4.15-rc8 (next release)
  Fixes: 7dce3df8966c ("/Make series_sort and commit check work together."/)
- commit 4f08653
- commit e85eac6
- commit b2e262e
- commit afc2448
- commit 2364997
- commit 2f6a084
- commit 6d67b10
- scripts/git_sort/lib.py: Suppress quilt output in check_series().
  In particular, this fixes garbage output when running qgoto.py before the
  series file has been swapped.
- commit 5574911
- commit 70729dd
- git_sort: Check for a tag's presence when changing it.
  Its absence would indicate an improperly tagged patch.
- commit 0acd905
- scripts/git_sort/qcp.py: Fix function call with wrong arguments.
  One of the calls to Patch.get() was not properly changed when updating from
  tag_get().
  Also throw in a comment fix for the related function.
  Fixes: c089092e7d98 ("/git-sort: Encapsulate patch tag operations in an object."/)
- commit 442047d
- scripts/git_sort/git_sort.py: add more networking remotes
  pablo/nf.git			netfilter fixes for net
  pablo/nf-next.git		netfilter patches for net-next
  horms/ipvs.git			IPVS fixes for net
  homes/ipvs-next			IPVS patches for net-next
  klassert/ipsec.git		IPsec fixes for net
  klassert/ipsec-next.git		IPSEC patches for net-next
- commit daa89da
- scripts/git_sort/clean_header.sh: Explicitely handle an error.
  The code to determine the remote url for a commit may fail without any
  output. Add a message for this common error scenario.
- commit 2d3beda
- scripts/git_sort/series_insert.py: Catch an exception for nicer output.
- commit 0d59b48
- scripts/git-pre-commit: only sort series when required
  The series file only needs sorting when a patch or the series.conf
  file have changed.  We can skip sorting if there is nothing to do.
- commit 8c4b29d
- scripts/git-pre-commit: make series sorting configurable by branch
  Since we don't want to sort the series on every branch, we should
  make that configurable.  Adding "/SERIES_SORT=yes"/ to rpm/config.sh
  will enable it.
- commit 9e192a4
- scripts/log2: actually invoke scripts/check-patch-dirs
  The previous commit added scripts/check-patch-dirs but didn't actually
  invoke it as indicated in the log message.
- commit 23674da
- scripts/check-patch-dirs: enforce adding patches only into proper dirs
  The master and stable branches now only allow patches in patches.suse,
  patches.kernel.org, patches.rpmify, and patches.kabi.
  scripts/check-patch-dirs will check the branch and ensure that patches
  being added or modified are only allowed in the directories listed
  above.  It will be invoked automatically via scripts/log2.
- commit 77b939d
- Make series_sort and commit check work together.
- commit 7dce3df
- scripts/git_sort/git_sort.py: Add some remote heads.
  According to current patches in SLE15.
- commit 131a901
- scripts/git_sort/git_sort.py: Remove linux-next from remotes.
  As pointed out by Vlastimil, linux-next is not even good for patches from
  akpm:
  Using linux-next commit id's for akpm's mmotm tree is almost
  certainly wrong, because they unique to next-$DATE snapshot, and on
  the next day the commit id will be different. It will also never be
  merged into mainline with the same id.
- commit 4809ebe
- scripts/git_sort/git_sort.py: Add some remote heads.
  According to patches currently found in SLE15.
- commit a3e6d3f
- scripts/git_sort/git_sort.py: Move linux-next at the end of the remote list.
- commit 3a30505
- scripts/git_sort/git_sort.py: add s390 maintainer tree
- commit 58f8a70
- scripts/git_sort/lib.py: Only set cindex when it matches with dest_head.
  Consider a patch which is in the section for a remote head that is not
  available locally and the commit from that patch is found in another remote
  head which is available locally and is sorted as downstream from the
  current one.
  In that case (commit found, repo not indexed, patch moved downstream, good
  tag), self.cindex is set to a value relative to a different head ("/head"/)
  than self.dest_head ("/current_head"/). This leads to an exception in
  series_sort().
- commit 28ae23c
- scripts/git-pre-commit: Check the content of the series.conf sorted section.
- commit 869e9a9
- scripts/git_sort/git_sort.py: Clear environment before running git.
  Otherwise we run into trouble when running git_sort as part of a git commit
  hook.
- commit a0f314d
- README: Add information about sorted patches section of series.conf
- commit 636f808
- scripts/git_sort/series_sort.py: Pass --check if there is no sorted section.
- commit 270922f
- scripts/git_sort/README.md: Add information about series_insert.py
- commit ad9a342
- scripts/git_sort/lib.py: Rewrite Git-repo tag when patch moves upstream.
  The first change is cosmetic since in that branch head == current_head.
  The second change fixes a (copy/paste) bug.
  These two branches now contain the same code. Leave them separate
  nevertheless for clarity (with the comments).
- commit fe1fe99
- git-sort: Add a script to insert new entries in series.conf.
  Specifically, to add new patches to the sorted section of series.conf.
- commit 089b4ef
- scripts/git_sort/lib.py: Rewrite Git-repo only if it differs.
  An entry may move upstream but already have the target Git-repo tag. This
  will happen if a series.conf line is moved to the "/out-of-tree"/ section to
  be resorted. Currently, if the Git-repo is not in the canonical (git://)
  form, the tag value will be needlessly rewritten.
- commit 0ac6457
- Revert "/scripts/linux_git.sh: support more dirs and bare repos"/
  This reverts commit 130e61c098de9f6c49d36a9210ecc5d5b7758c47.
  This breaks user branch builds.
- commit d76dbca
- commit 9f5c189
- scripts/linux_git.sh: support more dirs and bare repos
  linux-2.6 was used only for historical reasons. New clones put
  theirselves to "/linux"/. Or even to "/linux.git"/ when only a bare
  repository is created. So walk over all these and pick the right one.
- commit 130e61c
- scripts: Factor out function to determine mainline Linux git repository path.
- commit 842e04c
- git-sort: Factor out function to determine scripts path
- commit 02a6641
- scripts/series2git: skip expanded stable patches.
- commit 79c578b
- scripts/git_sort/lib.py: Automatically try to replace series.
  The modified quilt (described in scripts/git_sort/README.md) replaces the
  stock "/series"/ file with a symlink to series.conf when any command is run
  from a kernel-source expanded tree.
  If we detect that this replacement has not been done, instead of directly
  erroring out, first try to run a simple quilt command so that the
  replacement takes place.
- commit 1a7c329
- scripts/git_sort/git_sort.py: Fix != comparison of RepoURL objects.
  __cmp__() needs to be implemented.
- commit 7b51a6e
- git-sort: Update Git-repo tags.
  Patch tags are updated when a patch is moved to a new section or a tag is
  outdated. Note that this only happens when the respective commit is found
  locally.
- commit 79c65c9
- scripts/git_sort/lib.py: Remove section headers from series header.
  Currently, if there is no mainline section, the first thing that will be
  found inside the sorted patches section is a section header like
  "/# out-of-tree patches"/. It will be considered to be a comment that's part
  of the series header ("/# sorted patches"/). Change series_header() to filter
  out such section headers.
- commit 455039b
- scripts/git_sort/lib.py: provide LINUX_GIT fallback.
  This is same as previous scripts do (see scripts/wd-functions.sh)
- commit edc5eca
- scripts/git_sort/git_sort.py: Introduce describe() function.
  It is similar to `git describe --contains` while restricting the result to
  the mainline linux tags corresponding to releases and release candidates
  (rc).
- commit 0abe03a
- scripts/git_sort/git_sort.py: Fix an erroneous reference to a global variable.
- commit 2811919
- git-sort: Set cwd when calling git.
  avoids repetitive code
- commit 3611e1d
- git-sort: Encapsulate patch tag operations in an object.
  This allows a single read of the patch file, multiple operations (read and
  write) followed by a single write.
- commit c089092
- commit e814cbe
- scripts/git_sort/git_sort.py: Recognize repository urls that don't end with .git
  It is possible to clone from a URL while omitting the suffix "/.git"/.
- commit 439e8ef
- scripts/git_sort/lib.py: Group related code together.
  There should be no difference in "/object"/ code.
- commit a1e71a3
- scripts/git_sort/lib.py: Remove unused function.
- commit 8a0c736
- scripts/git_sort/git_sort.py: Update remote list according to currently in-use remotes
- commit 5d61b5f
- git-sort: Get commit information from git-sort index
  Currently, we assume that a commit can be sorted if it is found in the git
  repository. However, this assumption is wrong because some commits are not
  indexed (not reachable from one of the (url, branch) pairs in "/remotes"/).
  These commits end up in the "/unknown/local patches"/ section. Moreover, we
  determine the Head for a commit by matching the content of the Git-repo tag
  to a reverse map of the urls in "/remotes"/. This artificially limits us to a
  single branch per url in the Git-sort index.
  This patch changes from_patch() to use the git-sort index to determine if a
  commit can be sorted. If the commit is found, the Head for a patch is
  determined using the git-sort index information. If the commit is not found
  (because its respective subsystem repository is not available locally), we
  rely on the section comment in series.conf. The Git-repo tag is ignored.
- commit 1a4488a
- scripts/git_sort/lib.py: Extract some constants
- commit 21e1549
- scripts/git_sort/git_sort.py: Make Head objects comparable.
  If "/remotes"/ is properly sorted, this allows to determine is one Head is
  the upstream of another.
- commit 8d50e81
- scripts/git_sort/git_sort.py: Parse abbreviated url without extension.
  This is the format output by RepoURL.str()
- commit 16928c0
- git-sort: Encode local/virtual head urls using None.
- commit 2056d71
- scripts/git_sort/git_sort.py: Add a function to lookup a commit.
- commit 544f5d0
- git-sort: Store history as a dict of indexes.
  .. instead of a list of commits. This new structure is faster to look up if
  a commit was reached from a head.
- commit e8d72dd
- scripts/git_sort/git_sort.py: Avoid a dual personality history
  Since commit 897bbc34bdb7 ("/git-sort: Encapsulate repo url and branch name
  into objects"/) history will either be a plain dict or an OrderedDict
  depending on whether it comes from the cache or get_history(). Always use
  an OrderedDict.
- commit e8e47be
- scripts/git_sort/series_sort.py: Introduce --check option.
  This mode does not modify the series file but reports via exit status 2 if
  the series is not sorted. It should be helpful in implementing a commit
  hook.
- commit 9dd4e1b
- scripts/git_sort/git_sort.py: Disambiguate remote revision.
  avoids ambiguity in case there is a local branch or tag with a name that
  conflicts with the remote.
- commit e57d843
- scripts/git_sort/git_sort.py: Recognize http protocol for kernel.org
  As reported by Oliver Neukum, git repositories hosted on kernel.org are
  also available (via redirect) from http.
- commit 720a01f
- commit 22da616
- commit 2a6898e
- scripts/git_sort/lib.py: Give some advice in error message.
- commit 32b858b
- git-sort: Encapsulate repo url and branch name into objects
  This fixes the fact that alias urls for the same repository (ex: via git://
  or https:// protocol) were no longer recognized as such.
- commit 897bbc3
- git-sort: Introduce cache version
  to support updating from older format.
- commit 4f1bbbb
- git-sort: Encapsulate sorting logic into an object
  This allows initializing the cache once and then making repeated calls that
  consult it.
- commit 76bf0ca
- scripts/git_sort/lib.py: Fix format string
  Fixes: ksapply.git 1714bbedc549 ("/Preserve order and name of unavailable subsystem sections"/)
  - --
  lib.py | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
  diff --git a/lib.py b/lib.py
  index c5e7d8f..e8bb65d 100644
  - -- a/lib.py
  +++ b/lib.py
  @@ -340,7 +340,7 @@ def get_url_map():
    for canon_url, branch_name in git_sort.remotes:
    if canon_url in result:
    raise KSException("/URL mapping is ambiguous, "/%s"/ may map to "/
-                              "/multiple head names"/)
  +                              "/multiple head names"/ % (canon_url,))
    result[canon_url] = git_sort.head_name(canon_url, branch_name)
    return result
  - -
  2.14.2
- commit fc35d7f
- scripts/git_sort/lib.py: Remove printing of leftover subsystem entries
  There should be no more of those after ksapply.git c4dea303ad73 ("/Error out
  when trying to series_sort a patch from a repo that is not indexed"/)
- commit 29ae46a
- scripts/git_sort/git_sort.py: Catch some exceptions.
  ... to make the output less scary for users.
  As in lib.py, GSException is for internal errors (in the git_sort code) and
  GSError is for external errors.
- commit e8de5e6
- scripts/git_sort/git_sort.py: Give some advice in error message.
- commit 5aee432
- No more icecream.
- commit 04a66b3
- scripts/git_sort/lib.py:
  Update marker for the end of the sorted section. "/Wireless Networking"/ will
  not always follow the sorted section.
- commit d0e0545
- git-sort: Add more remote heads
  Contributed by Jiri Kosina <jkosina@suse.cz>
- commit 785f657
- scripts/series_sort.py:
- scripts/git_sort/README.md:
- scripts/git_sort/lib.py:
- scripts/git_sort/quilt-mode.sh:
  Make required adjustments for flattened directory structure.
- commit 62c6754
- scripts/git_sort/README.md:
- scripts/git_sort/armor_origin.sh:
- scripts/git_sort/backport-mode.sh:
- scripts/git_sort/check_missing_fixes.sh:
- scripts/git_sort/clean_conflicts.awk:
- scripts/git_sort/clean_header.sh:
- scripts/git_sort/git-f1:
- scripts/git_sort/git-overview:
- scripts/git_sort/git-sort:
- scripts/git_sort/git_sort.py:
- scripts/git_sort/ksapply.sh:
- scripts/git_sort/lib.py:
- scripts/git_sort/lib.sh:
- scripts/git_sort/lib_from.sh:
- scripts/git_sort/lib_tag.py:
- scripts/git_sort/lib_tag.sh:
- scripts/git_sort/merge_tool.py:
- scripts/git_sort/patch_body.awk:
- scripts/git_sort/patch_header.awk:
- scripts/git_sort/qcp.py:
- scripts/git_sort/qdupcheck.py:
- scripts/git_sort/qgoto.py:
- scripts/git_sort/quilt-mode.sh:
- scripts/git_sort/refs_in_series.sh:
- scripts/git_sort/rename_patch.sh:
- scripts/git_sort/sequence-insert.py:
- scripts/git_sort/series_sort.py:
- scripts/git_sort/update-configs.sh:
- scripts/git_sort/vi-conflicts.sh:
  Import from
  https://gitlab.suse.de/benjamin_poirier/ksapply 5b025d0
  https://github.com/benthaman/git-helpers 6479796
- commit 0aaea3b
- scripts/stableids: add 4.12 as SLE15 kernel
- commit 58b8d0c
- scripts/stable*: generate one file per commit
- commit 1dc9b0e
- scripts/stableids: drop support for 2.6.x.y
- commit e23e1fc
- SUSE::MyBS: Do not create repositories with no architectures to build
- commit 31029c0
- scripts/stableids: pass --no-renames to diff
- commit 55832be
- scripts/osc_wrapper: Accept --ibs | --obs as the first parameter
  It is a parameter of the subcommands, but people tend to confuse it.
- commit 30f26fb
- scripts/stop-sync: Use the kerncvs.suse.de hostname
- commit e52fa92
- README: add comment regarding bisectability of patch series
- commit c8c4199
- scripts/osc_wrapper: Replace '/' with ':' in cve/* branch names
- commit 117c8c7
- bs-upload-kernel: Workaround for vim syntax highlighting
- commit dcede42
- SUSE::MyBS: Sync with kbuild.git
  Cherry-pick part of 948fd5e15d06 ("/bs-check-kernel-results: Use
  make-stderr.log if available"/).
- commit 7a4e6fb
keyutils
- Apply default TTL to DNS records from getaddrinfo() (upstream):
  * dns-Apply-a-default-TTL-to-records-obtained-from-get.patch
less
- Fix Startup terminal initialization, bsc#1200738
  * bsc1200738.patch
libcroco
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
  any productions (boo#1171685 CVE-2020-12825).
libfastjson
- update to 0.99.8:
  * make build under gcc7 with strict settings (warning==error)
  * bugfix: constant key names not properly handled
  * fix potentially invalid return value of fjson_object_iter_begin
  * fix small potential memory leak in json_tokener
- update to 0.99.7:
  * add option for case-insensitive comparisons
  * Remove userdata and custom-serialization functions
- update to 0.99.6:
  * fixes for platforms other than GNU/Linux
- update to 0.99.5:
  * fix floating point representation when fractional part is missing
  * m4: fix detection of atomics
  * add fjson_object_dump() and fjson_object_write() functions
libgcrypt
- FIPS: Auto-initialize drbg if needed. [bsc#1200095]
  * Add a _gcry_drbg_init() to _gcry_drbg_randomize() and to
    _gcry_drbg_add_bytes() to fix a crash in FIPS mode.
  * Add libgcrypt-FIPS-Autoinitialize-drbg-if-needed.patch
libnl-1_1
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
  Add: libnl-1_1-fix-elevation-of-privilege-vulnerability.patch
libnl3
- Fix elevation of privilege vulnerability (bsc#1020123, CVE-2017-0386).
  Add: libnl3-fix-elevation-of-privilege-vulnerability.patch
libtirpc
- fix memory leak in params.r_addr assignement (bsc#1198752)
  - add 0001-fix-parms.r_addr-memory-leak.patch
libxml2
- Security fix: [bsc#1069689, CVE-2017-16932]
  * parser.c in libxml2 before 2.9.5 does not prevent infinite
    recursion inparameter entities.
  * Add libxml2-CVE-2017-16932.patch
- Sync and fix changelog entries between libxml2 and
  python-libxml2.
- Security fix: [bsc#1199132, CVE-2022-29824]
  * Integer overflow leading to out-of-bounds write in buf.c
    (xmlBuf*) and tree.c (xmlBuffer*)
  * Add libxml2-CVE-2022-29824.patch
  * Add libxml2-CVE-2022-23308.patch
  * Add libxml2-CVE-2021-3541.patch
- Version update to 2.9.7 release:
  * Bug Fixes:
    + xmlcatalog: restore ability to query system catalog easily
    + Fix comparison of nodesets to strings
  * Improvements:
    + Add Makefile rules to rebuild HTML man pages
    + Remove generated file python/setup.py from version control
    + Fix mixed decls and code in timsort.h
    + Rework handling of return values in thread tests
    + Fix unused variable warnings in testrecurse
    + Fix -Wimplicit-fallthrough warnings
    + Upgrade timsort.h to latest revision
    + Fix a couple of warnings in dict.c and threads.c
    + Fix unused variable warnings in nanohttp.c
    + Don't include winsock2.h in xmllint.c
    + Use __linux__ macro in generated code
  * Portability:
    + Add declaration for DllMain
    + Fix preprocessor conditional in threads.h
    + Fix macro redefinition warning
    + many Windows specific improvements
  * Documentation:
    + xmlcatalog: refresh man page wrt. quering system catalog easily
- Includes bug fixes from 2.9.6:
  * Fix XPath stack frame logic
  * Report undefined XPath variable error message
  * Fix regression with librsvg
  * Handle more invalid entity values in recovery mode
  * Fix structured validation errors
  * Fix memory leak in LZMA decompressor
  * Set memory limit for LZMA decompression
  * Handle illegal entity values in recovery mode
  * Fix debug dump of streaming XPath expressions
  * Fix memory leak in nanoftp
  * Fix memory leaks in SAX1 parser
- Drop libxml2-bug787941.patch
  * upstreamed in 3157cf4e53c03bc3da604472c015c63141907db8
- Update package summaries and RPM groups. Trim descriptions for
  size on secondary subpackages. Replace install call by a
  commonly-used macro.
- Add patch to fix TW integration:
  * libxml2-bug787941.patch
- Version update to 2.9.5 release:
  * Merged all the previous cve fixes that were patched in
  * Few small tweaks
- Remove merged patches:
  * libxml2-CVE-2016-4658.patch
  * libxml2-CVE-2017-0663.patch
  * libxml2-CVE-2017-5969.patch
  * libxml2-CVE-2017-9047.patch
  * libxml2-CVE-2017-9048.patch
  * libxml2-CVE-2017-9049.patch
  * libxml2-2.9.4-fix_attribute_decoding.patch
- Added libxml2-CVE-2016-4658.patch: Disallow namespace nodes in
  XPointer ranges. Namespace nodes must be copied to avoid
  use-after-free errors. But they don't necessarily have a physical
  representation in a document, so simply disallow them in XPointer
  ranges [bsc#1005544] [CVE-2016-4658]
- Remove obsolete patches libxml2-2.9.1-CVE-2016-3627.patch,
  0001-Add-missing-increments-of-recursion-depth-counter-to.patch,
  and libxml2-2.9.3-bogus_UTF-8_encoding_error.patch.
- add libxml2-2.9.3-bogus_UTF-8_encoding_error.patch to fix XML
  push parser that fails with bogus UTF-8 encoding error when
  multi-byte character in large CDATA section is split across
  buffer [bnc#962796]
- temporarily reverting libxml2-CVE-2014-0191.patch until there is a fix
  that doesn't break other applications
- buildignore python to avoid build cycle
- fix version
- renamed to python-libxml2 to follow python naming expectations
- do not require python but let rpm figure it out
- buildrequire python-xml to fix build
logrotate
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
  * enforce stricter parsing to avoid CVE-2021-3864
  * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
  separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
  * Added patch logrotate-dont_warn_on_size=_syntax.patch
mozilla-nspr
- update to version 4.34
  * add an API that returns a preferred loopback IP on hosts that
    have two IP stacks available.
- update to 4.33:
  * fixes to build system and export of private symbols
mozilla-nss
- update to NSS 3.79.1 (bsc#1202645)
  * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1759794 - protect SFTKSlot needLogin with slotLock.
  * bmo#1760998 - avoid data race on primary password change.
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
  rest of the DSA ciphers, keeping signature verification only
  (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
  warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
  integrity tests through sftk_FIPSRepeatIntegrityCheck()
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
  as approved/non-approved according to security policy
  (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
  disabling of unapproved algorithms. This requirement is now
  fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
  the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
  we removed the code to short-circuit broken hashes and moved to
  using the SLI.
- Remove upstreamed patches:
  * nss-fips-version-indicators.patch
  * nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
  - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
  - bmo#1766907 - Update mercurial in clang-format docker image.
  - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
  - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
  - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
  - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
  - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
  - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
  - bmo#1764788 - Correct invalid record inner and outer content type alerts.
  - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
  - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
  - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
  - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
    NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
    bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
    bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
    bmo#1763120 - Add ECH Grease Support to tstclnt
    bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
    bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
    bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
    bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
    from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
    sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
    nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
    certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
    in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
    extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
    by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
    only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.
  * bmo#1677181 - Client side ECH padding.
  * bmo#1725938 - Stricter ClientHelloInner Decompression.
  * bmo#1725938 - Remove ECH_inner extension, use new enum format.
  * bmo#1725938 - Update the version number for ECH-13 and adjust
    the ECHConfig size.
- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
    OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
    certificates
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
    CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
  * Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
    regression in about:logins
- update to NSS 3.71
  * bmo#1717716 - Set nssckbi version number to 2.52.
  * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
  * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
  * bmo#1717707 - Add HARICA Client ECC Root CA 2021.
  * bmo#1717707 - Add HARICA Client RSA Root CA 2021.
  * bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
  * bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
  * bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
  * bmo#1726022 - Update test case to verify fix.
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
  * bmo#1681975 - Avoid using a lookup table in nssb64d.
  * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
  * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
  * bmo#1726022 - Cache additional PBE entries.
  * bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
  * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
  * bmo#1720226 (Backout) - integrity checks in key4.db not happening
    on private components with AES_CBC
  NSS 3.69
  * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
  * bmo#1720226 - integrity checks in key4.db not happening on private
    components with AES_CBC (backed out again)
  * bmo#1720235 - SSL handling of signature algorithms ignores
    environmental invalid algorithms.
  * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
    nss failures.
    (removed obsolete nss-btrfs-sqlite.patch)
  * bmo#1720230 - Gtest update changed the gtest reports, losing gtest
    details in all.sh reports.
  * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
  * bmo#1720232 - SQLite calls could timeout in starvation situations.
  * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
  * bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
  * bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Update nss-fips-constructor-self-tests.patch to scan
  LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
  Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
  disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
  PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
  test certificate creation and disables the library checksum
  validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
  checksumming to be disabled, but only if we entered FIPS mode
  due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
  makes the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
  from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
  for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
  unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
  of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
  This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
  Most of the relevant changes are already upstream since NSS 3.60.
- Mozilla NSS 3.68.4 (bsc#1200027)
  * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
    (bmo#1767590)
ncurses
- Add patch ncurses-bnc1198627.patch
  * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
openldap2
- bsc#1198341 - Prevent memory reuse which may lead to instability
  * 0226-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
  * 0225-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1198383 - Resolve issue with SASL init
  * 0224-ITS-8648-init-SASL-library-in-global-init.patch
openssl-1_0_0
- Added	openssl-1_0_0-Fix-file-operations-in-c_rehash.patch
  * bsc#1200550
  * CVE-2022-2068
  * Fixed more shell code injection issues in c_rehash
- Fixed error in openssl-CVE-2022-1292.patch resulting in misnamed
  variable.
- Security fix: [bsc#1199166, CVE-2022-1292]
  * Added: openssl-CVE-2022-1292.patch
  * properly sanitise shell metacharacters in c_rehash script.
openssl-1_1
- Encrypt the sixteen bytes that were unencrypted in some circumstances
  on 32-bit x86 platforms.
  * [bsc#1201099, CVE-2022-2097]
  * added openssl-CVE-2022-2097.patch
- Added	openssl-1_1-Fix-file-operations-in-c_rehash.patch
  * bsc#1200550
  * CVE-2022-2068
  * Fixed more shell code injection issues in c_rehash
- Added openssl-update_expired_certificates.patch
  * Openssl failed tests because of expired certificates.
  * bsc#1185637
  * Sourced from https://github.com/openssl/openssl/pull/18446/commits
- Security fix: [bsc#1199166, CVE-2022-1292]
  * Added: openssl-CVE-2022-1292.patch
  * properly sanitise shell metacharacters in c_rehash script.
p11-kit
- Conflict with ca-certificates < 1_201403302107-15.6.2 to make sure
  update-ca-certifictes calls trust export with --format=pem-directory-hash
  (bsc#1201985)
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
  Added p11-kit-CVE-2020-29362.patch:
pcre
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
  * bsc#1199232
  * CVE-2022-1586
  * Fixes unicode property matching issue
permissions
  * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
  * add capability for prometheus-blackbox_exporter (bsc#1191194)
  * make btmp root:utmp (bsc#1050467)
  * pcp: remove no longer needed / conflicting entries
- Update to version 20170707:
psmisc
  * Add a fallback if the system call name_to_handle_at() is
    not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
  * Replace the synchronizing over pipes of the sub process for the
    stat(2) system call with mutex and conditions from pthreads(7)
    (bsc#1194172)
- Add patch psmisc-22.21-statx.patch
  * Use statx(2) or SYS_statx system call to replace the stat(2)
    system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
python
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
python-M2Crypto
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
  bsc#1178829), which mitigates the Bleichenbacher timing attacks
  in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
python-base
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
python3
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
  on s390x.
- drop PYTHONSTARTUP hooks that cause spurious startup errors
  (bsc#1070738, bsc#1199441), as the relevant feature (REPL
  history) is now built into Python itself.
python3-base
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
  on s390x.
- drop PYTHONSTARTUP hooks that cause spurious startup errors
  (bsc#1070738, bsc#1199441), as the relevant feature (REPL
  history) is now built into Python itself.
python3-lxml
- Add patch CVE-2020-27783.patch to fix CVE-2020-27783 mXSS due to the use of
  improper parser
  Fix bsc#1179534
python36
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Rename support-expat-245.patch to
  support-expat-CVE-2022-25236-patched.patch to unify the patch
  with other packages.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
  on s390x.
release-notes-sles
- 12.5.20220718 (tracked in bsc#933411)
- Added note about Samba 4.15 (jsc#SLE-23330)
  (bsc#1196097)
- Added note about DFS share failover (jsc#SLE-20041)
- Added note about Xenstore stubdom (bsc#1185196)
- Added note about CONFIG_NUMA_EMU (jsc#SLE-11600)
- Removed LibreOffice and MariaDB from requiring specific contracts
rsync
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
  in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
rsyslog
- add Requires for latest lbfastjsion version (bsc#1202243)
- fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
  * add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
  syslog reception (bsc#1199061)
  * add CVE-2022-24903.patch
-  Upgrade to rsyslog 8.2106.0 (bsc#1188039)
  * remove obsolete patches:
    0001-Fix-race-condition-related-to-libfastjson-when-using.patch
    0001-core-action-if-commitTransaction-fails-try-individua.patch
    0001-core-bugfix-memory-leak-when-internal-messages-not-p.patch
    0001-core-fix-sequence-error-in-msg-object-deserializer.patch
    0001-imfile-multiline-timeout-does-not-work-after-rsyslog.patch
    0001-imptcp-fix-Segmentation-Fault-when-octet-count-is-to.patch
    0001-imudp-bugfix-potential-segfault-in-ratelimiting.patch
    0001-omfile-bugfix-file-handle-leak.patch Deleted
    0001-omfile-bugfix-race-file-when-async-writing-is-enable.patch
    0002-core-action-bugfix-100-CPU-utilization-on-suspension.patch
    pmaixforwardedfrom-bugfix-potential-misadressing.patch Deleted
    pmcisconames-bugfix-potential-misadressing.patch Deleted
    rsyslog-flush-dyn-file.patch Deleted
    rsyslog-unit.patch Deleted
  * update changelog with changes from newer version
- Upgrade to rsyslog 8.2106.0:
  * NOTE: the prime new feature is support for TLS and non-TLS connections
    via imtcp in parallel. Furthermore, most TLS parameters can now be overriden
    at the input() level. The notable exceptions are certificate files, something
    that is due to be implemented as next step.
  * 2021-06-14: new global option "/parser.supportCompressionExtension"/
    This permits to turn off rsyslog's single-message compression extension
    when it interferes with non-syslog message processing (the parser
    subsystem expects syslog messages, not generic text)
    closes https://github.com/rsyslog/rsyslog/issues/4598
  * 2021-05-12: imtcp: add more override config params to input()
    It is now possible to override all module parameters at the input() level. Module
    parameters serve as defaults. Existing configs need no modification.
  * 2021-05-06: imtcp: add stream driver parameter to input() configuration
    This permits to have different inputs use different stream drivers
    and stream driver parameters.
    closes https://github.com/rsyslog/rsyslog/issues/3727
  * 2021-04-29: imtcp: permit to run multiple inputs in parallel
    Previously, a single server was used to run all imtcp inputs. This
    had a couple of drawsbacks. First and foremost, we could not use
    different stream drivers in the varios inputs. This patch now
    provides a baseline to do that, but does still not implement the
    capability (in this sense it is a staging patch).
    Secondly, we now ensure that each input has at least one exclusive
    thread for processing, untangling the performance of multiple
    inputs from each other.
    see also: https://github.com/rsyslog/rsyslog/issues/3727
  * 2021-04-27: tcpsrv bugfix: potential sluggishnes and hang on shutdown
    tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and,
    in theory, also others - even ones we do not know about). However, the
    internal synchornization did not properly take multiple tcpsrv users
    in consideration.
    As such, a single user could hang under some circumstances. This was
    caused by improperly awaking all users from a pthread condition wait.
    That in turn could lead to some sluggish behaviour and, in rare cases,
    a hang at shutdown.
    Note: it was highly unlikely to experience real problems with the
    officially provided modules.
  * 2021-04-22: refactoring of syslog/tcp driver parameter passing
    This has now been generalized to a parameter block, which makes it much cleaner and
    also easier to add new parameters in the future.
  * 2021-04-22: config script: add re_match_i() and re_extract_i() functions
    This provides case-insensitive regex functionality.
    closes https://github.com/rsyslog/rsyslog/issues/4429
- Upgrade to rsyslog 8.2104.0:
  * rainerscript: call getgrnam_r repeatedly to get all group members
    (bsc#1178490)
  * new contributed module imhiredis
  * new built-in function get_property() to access property vars
  * mmdblookup: add support for mmdb DB reload on HUP
  * script bugfix: empty array in foreach() improperly handled
  * imjournal bugfixes (handle leak, empty file)
  * new contributed function module fmunflatten
  * test bugfix: some tests did not work with newer TLS library versions
  * some improvements to project CI
- update remote.conf example file to new 'Address' and 'Port' notation
  (bsc#1182653)
- HTTPS URLs used for source
- Upgrade to rsyslog 8.2102.0:
  * omfwd: add stats counter for sent bytes
  * omfwd: add error reporting configuration option
  * action stats counter bugfix: failure count was not properly incremented
  * action stats counter bugfix: resume count was not incremented
  * omfwd bugfix: segfault or error if port not given
  * lookup table bugfix: data race on lookup table reload
  * testbench modernization
  * testbench: fix invalid sequence of kafka tests runs
  * testbench: fix kafkacat issues
  * testbench: fix year-dependendt clickhouse test
- Upgrade to rsyslog 8.2012.0:
  * testbench bugfix: some tests did not work in make distcheck
  * immark: rewrite with many improvements
  * usability: re-phrase error message to help users better understand cause
  * add new system property $now-unixtimestamp
  * omfwd: add new rate limit option
  * omfwd bug: param "/StreamDriver.PermitExpiredCerts"/ is not "/off"/ by default
- prepare usrmerge (boo#1029961)
- fix location and naming of journald dropin (bsc#1178288)
- remove legacy stuff from specfile
  * sysvinit is not supported anymore, so remove all tests
    related to systemv in the specfile
- Upgrade to rsyslog 8.2010.0:
  * gnutls TLS subsystem bugfix: handshake error handling
  * core/msg bugfix: memory leak
  * core/msg bugfix: segfault in jsonPathFindNext() when <root> not an object
  * openssl TLS subsystem: improvments of error and status messages
  * add 'exists()' script function to check if variable exists
  * core bugfix: do not create empty JSON objects on non-existent key access
  * gnutls subsysem bugfix: potential hang on session closure
  * core/network bugfix: obey net.enableDNS=off when querying local hostname
  * core bugfix: potential segfault on query of PROGRAMNAME property
  * imtcp bugfix: broken connection not necessariy detected
  * new module: imhttp - http input
  * mmdarwin bugfix: potential zero uuid when reusing existing one
  * imdocker bugfix: build issue on some platforms
  * omudpspoof bugfix: make compatbile with Solaris build
  * testbench fix: python 3 incompatibility
  * core bugfix: segfault if disk-queue file cannot be created
  * cosmetic: fix dummy module name in debug output
  * config bugfix: intended warning emitted as error
- Upgrade to rsyslog 8.2008.0
  Way too many changes since 8.39.0 to be listed here.
- Added custom unit file rsyslog.service because
  systemd service file was removed from upstream project
- Removed obsolete patches:
  * 0001-satisfy-gcc-flag-fno-common.patch
  * rsyslog-pgsql-pkg-config.patch
  * rsyslog-unit.patch
- fix memory leak in omfile (bsc#1189737)
- fix race in async writer (bsc#1179089)
- fix potential misaddressing in pmcisconames (CVE-2019-17042,
  bsc#1153459)
- fix potential misaddressing in pmaixforwardedfrom (CVE-2019-17041,
  bsc#1153451)
- omfile bugfix: FlushOnTXEnd does not work reliably with dynafiles
  (bsc#1084682)
- Use systemd_ordering instead of requiring to make rsyslog useable
  in containers.
- Fix the URL for bug reporting, should not point to novell.com
  (bsc#1173433)
- Add support for omkafka which is now in Factory, and 15.x repos
- avoid build error with gcc flag -fno-common (bsc#1160414)
  * add 0001-satisfy-gcc-flag-fno-common.patch
- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by
  firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
- Add rsyslog-pgsql-pkg-config.patch: use pkgconfig to find the
  right libraries/directories for postgresql. According to pgsql
  upstream, pg_config must only be used to buildpgsql modules.
-  Upgrade to rsyslog 8.39.0
  * imfile: improve truncation detection
  * imjournal: work around journald excessive reloading behavior
  * errmsg: remove no longer needed code
  * queue bugfix: invalid error message on queue startup
  * bugfix imrelp: regression with legacy configuration startup fail
  * bugfix imudp: stall of connection and/or potential segfault
  * bugfix gcry crypto driver: small memleak
  * fix potential misadressing in encryption subsystem
  * ksi subsystem changes
  * bugfix core: regex compile error messages could be incorrect
  * bugfix core: potential hang on rsyslog termination
  * bugfix imkafka: system hang when backgrounded
  * bugfix imfile: file change was not reliably detected
  * bugfix imrelp: do not fail build if librelp does not have relpSrvSetLstnAddr
  * bugfix queue subsystem: DA queue did ignore encryption settings
  * bugfix KSI: lmsig-ksils12 module skips signing the last block
  * bugfix fmhash: function hash64mod sometimes returned wrong result
  * bugfix core/debug: data written to random fd 2 under some debug settings
- rsyslog configuration cleanup by filter rules in separate files  (bug#1102720)
  * add parsing of additional filter rules in /etc/rsyslog.d/*.frule
  * add acpid.frule, firewall.frule, NetworkManager.frule
- Enable ForwardToSyslog for journald to get syslog messages
  [bsc#1110456]
- Update to rsyslog 8.38.0:
  * imfile: support for endmsg.regex
  * omhttp: new contribued module
  * imrelp: add support for seting address to bind to (#894)
  * ommysql: support mysql unix domain socket
  * omusrmsg: do not fall back to max username length of 8
  * various bug fixes and minor updates to other modules and core
  * various fixes for memory leaks
- remove references to obsolete SYSLOG_REQUIRES_NETWORK
  variable (bsc#1101642)
- rsyslog 8.36.0:
  * Liblogging-stdlog deprecated
  * OpenSSL based TLS driver added in addition to GnuTLS
  * GnuTLS TLS driver: support intermediate certificates
  * imptcp: add ability to configure socket backlog
  * fmhash: new hash function module
  * updates and fixes to various modules
  * omfwd: add support for bind-to-address for UDP
  * mmkubernetes: new module
- updates and fixes to various modules
- rsyslog 8.33.1:
  * devcontainer: use some more sensible defaults
  * auto-detect if running inside a container (as pid 1)
  * config: add include() script object
  * template: add option to generate json "/container"/
  * core/template: add format jsonf to constant template entries
  * config: add ability to disable config parameter ("/config.enable"/)
  * script: permit to use environment variables during configuration
  * new global config parameter "/shutdown.enable.ctlc"/
  * config optimizer: detect totally empty "/if"/ statements and optimize them out
  * template: constant entry can now also be formatted as json field
  * omstdout: support for new-style configuration parameters added
  * core: set TZ on startup if not already set
  * imjournal bugfix: file handle leak during journal rotation
  * lmsig_ksils12 bugfix: dirOwner and dirGroup config was not respected
  * script bugfix: replace() function worked incorrectly in some cases
  * core bugfix: misadressing in external command parser
  * core bugfix: small memory leak in external command parser
  * core bugfix: string not properly terminated when RFC5424 MSGID is used
  * bugfix: strndup() compatibility layer func copies too much
- the upstream systemd unit file was changed to no longer write the
  rsyslog pid, as it is no longer required for tracking under
  systemd (-iNONE). Adjust rsyslog-unit.patch to match.
- Use %license instead of %doc [bsc#1082318]
- fix includes for apparmor profile (bsc#1080238) (bsc#901418)
- rsyslog 8.32.0
  * libfastjson 0.99.8 required
  * libczmq >= 3.0.2 is now required for omczmq
  * libcurl is now needed for rsyslog core
  * rsyslogd: add capability to specify that no pid file shall be written
  * core improvements and bug fixes
  * RainerScript improvements and bug fixes
  * build fixes, including gcc7 fixes
    drop 0001-imgssapi-fix-compiler-warnings.patch
  * various bug fixes in multiple modules
  * imudp: fix segfault in ratelimit code (bsc#1149094)
- remove build dependency on libee
- Disable news by default, we don't need to clobber all systems
  with this for the very few remaining news servers
- Replace references to /var/adm/fillup-templates with new
  %_fillupdir macro (boo#1069468)
- Ensure user "/news"/ exists - bsc#1068678
- rsyslog 8.30.0
  * changed behaviour: all variables are now case-insensitive by default
  * core: handle (JSON) variables in case-insensitive way
  * imjournal: made switching to persistent journal in runtime possible
  * mmanon: complete refactor and enhancements
  * imfile: add "/fileoffset"/ metadata
  * RainerScript: add ltrim and rtrim functions
  * core: report module name when suspending action
  * core: add ability to limit number of error messages going to stderr
  * tcpsrv subsystem: improvate clarity of some error messages
  * imptcp: include module name in error msg
  * imtcp: include module name in error msg
  * tls improvement: better error message if certificate file cannot be read
  * omfwd: slightly improved error messages during config parsing
  * ommysql improvements
  * ommysql bugfix: do not duplicate entries on failed transaction
  * imtcp bugfix: parameter priorityString was ignored
  * template/bugfix: invalid template option conflict detection
  * core/actions: fix handling of data-induced errors
  * core/action bugfix: no "/action suspended"/ message during retry processing
  * core/action: if commitTransaction fails, try individual messages (bsc#1152760)
  * core/ratelimit bugfix: race can lead to segfault
  * core bugfix: rsyslog aborts if errmsg is generated in early startup
  * core bugfix: informational messages was logged with error severity
  * core bugfix: --enable-debugless build was broken
  * queue bugfix: file write error message was incorrect
  * omrelp bugfix:  segfault when rebindinterval parameter is used
  * omkafka bugfix: invalid load of failedmsg file on startup if disabled
  * kafka bugfix: problem on invalid kafka configuration values
  * imudp bugfix: UDP oversize message not properly handled
  * core bugfix: memory corruption during configuration parsing
  * core bugfix: race on worker thread termination during shutdown
  * omelasticsearch: avoid ES5 warnings while sending json in bulkmode
  * omelasticsearch bugfix: incompatibility with newer ElasticSearch version
  * imptcp bugfix: invalid mutex addressing on some platforms
  * imptcp bugfix: do not accept missing port in legacy listener definition
- build requirements:
  * libfastjson 0.99.7 is now mandatory
  * libsystemd-journal >= 234 is now recommended
- packaging:
  * add upstream build fix 0001-imgssapi-fix-compiler-warnings.patch
- rsyslog 8.29.0:
  * imptcp: add experimental parameter "/multiline"/
  * imptcp: framing-related error messages now also indicate remote peer
  * imtcp: framing-related error messages now also indicate remote peer
  * imptcp: add session statistics conunter
  * imtcp: add ability to specify GnuTLS priority string
  * impstats: add new ressoure counter "/openfiles"/
  * pmnormalize: new parser module
  * core/queue: provide informational messages on thread startup and shutdown
  * omfwd/udp: improve error reporting, depricate maxerrormessages parameter
  * core: add parameters debug.file and debug.whitelist
  * core/net.c: improve UDP socket creation error messages
  * omfwd/udp: add "/udp.sendbuf"/ parameter
  * core: make rsyslog internal message rate-limiter configurable
  * omelasticsearch bugfixes and changed ES5 API support
    + avoid 404 during health check
    + avoid ES5 warnings while sending json
    + bugfix for memomry leak while writing error file
  * imfile bugfix: wildcard detection issue on path wildcards
  * omfwd bugfix: always give reason for suspension
  * omfwd bugfix: configured compression level was not properly used
  * imptcp bugfix: potential socket leak on session shutdown
  * omfwd/omudpspoof bugfix: switch udp client sockets to nonblocking mode
  * imklog: fix permitnonkernelfacility not working
  * impstats bugfix: impstats does not handle HUP
  * core bugfix: segfault after configuration errors
  * core/queue bugfixes
  * lmsig_ksi: removed pre-KSI_LS12 components
Version 8.28.0 [v8-stable] 2017-06-27
  * omfwd: add parameter "/tcp_frameDelimiter"/
  * omkafka: large refactor of kafka subsystem
  * imfile: improved handling of atomically renamed file (w/ wildcards)
  * imfile: add capability to truncate oversize messages or split into multiple
  * mmdblookup fixes and extensions
  * bugfix: fixed multiple memory leaks
  * imptcp: add new parameter "/flowControl"/
  * imrelp: add "/maxDataSize"/ config parameter
  * multiple modules: gtls: improve error if certificate file can't be opened
  * omsnare: allow different tab escapes
  * omelasticsearch: converted to use libfastjson instead of json-c
  * imjournal: _PID fallback
  * added fallback for _PID proprety when SYSLOG_PID is not available
  * introduced new option "/usepid"/ which sets which property should
    rsyslog use, it has 3 states system|syslog|both, default is both
  * deprecated "/usepidfromsystem"/ option, still can be used
    and override the "/usepid"/
  * it is possible to revert previous default with usepid="/syslog"/
  * multiple modules: add better error messages when regcomp is failing
  * omhiredis: fix build warnings
  * imfile bugfix: files mv-ed in into directory were not handled
  * omprog bugfix: execve() incorrectly called
  * imfile bugfix: multiline timeout did not work if state file exists
  * lmsig_ksi-ls12 bugfix: build problems on some platforms
  * core bugfix: invalid object type assertion
  * regression fix: local hostname was not always detected properly...
  * bugfix: format security issues in zmq3 modules (bsc#1051798)
  * bugfix build system: add libksi only to those binaries that need it
  * bugfix KSI ls12 components: invalid tree height calculation
  * bugfix imfile: fix multiline timeout code (bsc#1133847)
- Drop module-guardtime package
  * Upstream libgt died and it does not work with new openssl
Version 8.27.0 [v8-stable] 2017-05-16
- imkafka: add module
- imptcp enhancements:
  * optionally emit an error message if incoming messages are truncated
  * optionally emit connection tracking message (on connection create and
    close)
  * add "/maxFrameSize"/ parameter to specify the maximum size permitted
    in octet-counted mode
  * add parameter "/discardTruncatedMsg"/ to permit truncation of
    oversize messages
  * improve octect-counted mode detection: if the octet count is larger
    then the set frame size (or overly large in general), it is now
    assumed that octet-stuffing mode is used. This probably solves a
    number of issues seen in real deployments.
- imtcp enhancements:
  * add parameter "/discardTruncatedMsg"/ to permit truncation of
    oversize messages
  * add "/maxFrameSize"/ parameter to specify the maximum size permitted
    in octet-counted mode
- imfile bugfix: "/file not found error"/ repeatedly being reported
  for configured non-existing file. In polling mode, this message
  appeared once in each polling cycle, causing a potentially very large
  amout of error messages. Note that they were usually emitted too
  infrequently to trigger the error message rate limiter, albeit often
  enough to be a major annoance.
- imfile: in inotify mode, add error message if configured file cannot
  be found
- imfile: add parameter "/fileNotFoundError"/ to optinally disable
  "/file not found"/ error messages
- core: replaced gethostbyname() with getaddrinfo() call
  Gethostbyname() is generally considered obsolete, is not reentrant and
  cannot really work with IPv6. Changed the only place in rsyslog where
  this call remained.
  Thanks to github user jvymazal for the patch
- omkafka: add "/origin"/ field to stats output
  See also https://github.com/rsyslog/rsyslog/issues/1508
  Thanks to Yury Bushmelev for providing the patch.
- imuxsock: rate-limiting also uses process name
  both for the actual limit procesing as well as warning messages emitted
  see also https://github.com/rsyslog/rsyslog/pull/1520
  Thanks to github user jvymazal for the patch
- Added new module: KSI log signing ver. 1.2 (lmsig_ksi_ls12)
- rsylsog base functionality now builds on osx (Mac)
  Thanks to github user hdatma for his help in getting this done.
- build now works on solaris again
- imfile: fix cross-platform build issue
  see also https://github.com/rsyslog/rsyslog/issues/1494
  Thanks to Felix Janda for bug report and solution suggestion.
- bugfix core: segfault when no parser could parse message
- core bugfix: memory leak when internal messages not processed
  internally (bsc#1190483)
- VUL-0: CVE-2018-16881: rsyslog: imptcp: integer overflow when Octet-Counted
  TCP Framing is enabled (bsc#1123164)
- rsyslog 8.26.0:
  * liblognorm 2.0.3 is required for mmnormalize
  * enable internal error messages at all times
  * core: added logging name of source of rate-limited messages
  * omfwd: omfwd: add support for network namespaces
  * imrelp: honor input name if provided when submitting to impstats
  * imptcp: add ability to set owner/group/access perms for uds
  * mmnormalize: add ability to load a rulebase from action() parameter
  * pmrfc3164 improvements
    + permit to ignore leading space in MSG
    + permit to use at-sign in host names
    + permit to require tag to end in colon
  * add new global parameter "/umask"/
  * core: make use of -T command line option more secure
  * omfile: add error if both file and dynafile are set
  * bugfix: build problem on MacOS (not a supported platform)
  * regression fix: in 8.25, str2num() returned error on empty string
  * bugfix omsnmp: improper handling of new-style configuration parameters
  * bugfix: rsyslog identifies itself as "/liblogging-stdlog"/ in internal messages
  * bugfix imfile: wrong files were monitored when using multiple imfile inputs
  * bugfix: setting net.aclResolveHostname/net.acladdhostnameonfail segfaults
  * bugfix: immark emitted error messages with text "/imuxsock"/
  * bugfix tcpflood: build failed if RELP was disabled
  * fix gcc6 compiler warnings
  * the output module array passing interface has been removed
- use 8.25.0 documentation tarball
- rsyslog 8.25.0:
  * imfile: add support for wildcards in directory names
  * add new global option "/parser.PermitSlashInProgramname"/
  * mmdblookup: fix build issues, code cleanup
  * improved debug output for queue corruption cases
  * an error message is now displayed when a directory owner cannot be set
  * rainerscript: add new function ipv42num
  * rainerscript: add new function num2ipv4
  * bugfix: ratelimiter does not work correctly is time is set back
  * core: fix potential message loss in old-style transactional interface
  * bugfix queue subsystem: queue corrupted if certain msg props are used
  * bugfix imjournal: fixed situation when time goes backwards
  * bugfix: bFlushOnTxEnd == 0 not honored when writing w/o async writer
  * bugfix core: str2num mishandling empty strings
  * bugfix rainerscript: set/unset statement do not check variable name validity
  * bugfix mmrm1stspace: last character of rawmsg property was doubled
  * bugfix imtcp: fix very small (cosmetic) memory leak
  * However, the leak breaks memleak checks in the testbench.
  * fix segfault in libc (bsc#1156499)
salt
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372)
- Added:
  * fix-salt.states.file.managed-for-follow_symlinks-tru.patch
  * add-support-for-gpgautoimport-to-refresh_db-in-the-z.patch
- Add support for name, pkgs and diff_attr parameters to upgrade
  function for zypper and yum (bsc#1198489)
- Added:
  * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
- Added:
  * normalize-package-names-once-with-pkg.installed-remo.patch
  * unify-logic-on-using-multiple-requisites-and-add-onf.patch
- Fix handling of a sign-in response by a syndic node (bsc#1199906)
- Added:
  * fix-handling-of-a-sign-in-response-by-a-syndic-node-.patch
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
- Added:
  * remove-redundand-overrides-causing-confusing-debug-l.patch
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value (CVE-2022-22967) (bsc#1200566)
- Added:
  * fix-for-cve-2022-22967-bsc-1200566.patch
samba
- CVE-2022-1615: Do not ignore errors in random number generation;
  (bso#15103); (bsc#1202976);
- Fix Use after free when iterating
  smbd_server_connection->connections after tree disconnect
  failure; (bso#15128); (bsc#1200102).
- CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
  (bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
  (bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042).
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
    (bso#15099).
  * Add support for bind 9.18; (bso#14986).
  * logging dsdb audit to specific files does not work;
    (bso#15076).
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069)
  * netgroups support removed; (bso#15087); (bsc#1199247).
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674); (bsc#1199734).
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071).
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556).
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055).
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071).
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091).
  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
    (bso#15108).
  * smbd doesn't handle UPNs for looking up names; (bso#15054).
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443).
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Revert NIS support removal; (bsc#1199247);
- Add missing samba-client requirement to samba-winbind package;
  (bsc#1198255);
- Update to 4.15.7
  * Share and server swapped in smbget password prompt; (bso#14831);
  * Durable handles won't reconnect if the leased file is written
    to; (bso#15022);
  * rmdir silently fails if directory contains unreadable files and
    hide unreadable is yes; (bso#15023);
  * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
    on renamed file handle; (bso#15038);
  * vfs_shadow_copy2 breaks "/smbd async dosmode"/ sync fallback;
    (bso#14957);
  * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    (bso#15035);
  * PAM Kerberos authentication incorrectly fails with a clock skew
    error; (bso#15046);
  * username map - samba erroneously applies unix group memberships
    to user account entries; (bso#15041);
  * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
    in SMBC_server_internal; (bso#14983);
  * Simple bind doesn't work against an RODC (with non-preloaded users);
    (bso#13879);
  * Crash of winbind on RODC; (bso#14641);
  * uncached logon on RODC always fails once; (bso#14865);
  * KVNO off by 100000; (bso#14951);
  * LDAP simple binds should honour "/old password allowed period"/;
    (bso#15001);
  * wbinfo -a doesn't work reliable with upn names; (bso#15003);
  * Simple bind doesn't work against an RODC (with non-preloaded
    users); (bso#13879);
  * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  * Regression: create krb5 conf = yes doesn't work with a single KDC;
    (bso#15016);
- Add provides to samba-client-libs package to fix upgrades from
  previous versions; (bsc#1198663);
- Update to 4.15.6
  * Renaming file on DFS root fails with
    NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
  * Samba does not response STATUS_INVALID_PARAMETER when opening 2
    objects with same lease key; (bso#14737);
  * NT error code is not set when overwriting a file during rename
    in libsmbclient; (bso#14938);
  * Fix ldap simple bind with TLS auditing; (bso#14996);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * pam_winbind will not allow gdm login if password about to
    expire; (bso#8691);
  * virusfilter_vfs_openat: Not scanned: Directory or special file;
    (bso#14971);
  * DFS fix for AIX broken; (bso#13631);
  * Solaris and AIX acl modules: wrong function arguments;
    (bso#14974);
  * Function aixacl_sys_acl_get_file not declared / coredump;
    (bso#7239);
  * Regression: Samba 4.15.2 on macOS segfaults intermittently
    during strcpy in tdbsam_getsampwnam; (bso#14900);
  * Fix a use-after-free in SMB1 server; (bso#14989);
  * smb2_signing_decrypt_pdu() may not decrypt with
    gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    (bso#14968);
  * Changing the machine password against an RODC likely destroys
    the domain join; (bso#14984);
  * authsam_make_user_info_dc() steals memory from its struct
    ldb_message *msg argument; (bso#14993);
  * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    (bso#14995);
  * Samba autorid fails to map AD users if id rangesize fits in the
    id range only once; (bso#14967);
- Add missing samba-libs requirement to samba-winbind package;
  (bsc#1198255);
sqlite3
- update to 3.39.3:
  * Use a statement journal on DML statement affecting two or more
    database rows if the statement makes use of a SQL functions
    that might abort.
  * Use a mutex to protect the PRAGMA temp_store_directory and
    PRAGMA data_store_directory statements, even though they are
    decremented and documented as not being threadsafe.
- update to 3.39.2:
  * Fix a performance regression in the query planner associated
    with rearranging the order of FROM clause terms in the
    presences of a LEFT JOIN.
  * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
    1345947, forum post 3607259d3c, and other minor problems
    discovered by internal testing. [boo#1201783]
- update to 3.39.1:
  * Fix an incorrect result from a query that uses a view that
    contains a compound SELECT in which only one arm contains a
    RIGHT JOIN and where the view is not the first FROM clause term
    of the query that contains the view
  * Fix a long-standing problem with ALTER TABLE RENAME that can
    only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
    to a very small value.
  * Fix a long-standing problem in FTS3 that can only arise when
    compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
    option.
  * Fix the initial-prefix optimization for the REGEXP extension so
    that it works correctly even if the prefix contains characters
    that require a 3-byte UTF8 encoding.
  * Enhance the sqlite_stmt virtual table so that it buffers all of
    its output.
- update to 3.39.0:
  * Add (long overdue) support for RIGHT and FULL OUTER JOIN
  * Add new binary comparison operators IS NOT DISTINCT FROM and
    IS DISTINCT FROM that are equivalent to IS and IS NOT,
    respective, for compatibility with PostgreSQL and SQL standards
  * Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
    interface that indicates a query that has both DISTINCT and
    ORDER BY clauses
  * Added the sqlite3_db_name() interface
  * The unix os interface resolves all symbolic links in database
    filenames to create a canonical name for the database before
    the file is opened
  * Defer materializing views until the materialization is actually
    needed, thus avoiding unnecessary work if the materialization
    turns out to never be used
  * The HAVING clause of a SELECT statement is now allowed on any
    aggregate query, even queries that do not have a GROUP BY
    clause
  * Many microoptimizations collectively reduce CPU cycles by about
    2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
  related test failures on 32 bit
- update to 3.38.5:
  * Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
  * fix a byte-code problem in the Bloom filter pull-down
    optimization added by release 3.38.0 in which an error in the
    byte code causes the byte code engine to enter an infinite loop
    when the pull-down optimization encounters a NULL key
- update to 3.38.3:
  * Fix a case of the query planner be overly aggressive with
    optimizing automatic-index and Bloom-filter construction,
    using inappropriate ON clause terms to restrict the size of the
    automatic-index or Bloom filter, and resulting in missing rows
    in the output.
  * Other minor patches. See the timeline for details.
- update to 3.38.2:
  * Fix a problem with the Bloom filter optimization that might
    cause an incorrect answer when doing a LEFT JOIN with a WHERE
    clause constraint that says that one of the columns on the
    right table of the LEFT JOIN is NULL.
  * Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
  of SQLite (bsc#1195773).
- update to 3.38.1:
  * Fix problems with the new Bloom filter optimization that might
    cause some obscure queries to get an incorrect answer.
  * Fix the localtime modifier of the date and time functions so
    that it preserves fractional seconds.
  * Fix the sqlite_offset SQL function so that it works correctly
    even in corner cases such as when the argument is a virtual
    column or the column of a view.
  * Fix row value IN operator constraints on virtual tables so that
    they work correctly even if the virtual table implementation
    relies on bytecode to filter rows that do not satisfy the
    constraint.
  * Other minor fixes to assert() statements, test cases, and
    documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
  sqlite-src-3380100-atof1.patch
- update to 3.38.0
  * Add the -> and ->> operators for easier processing of JSON
  * The JSON functions are now built-ins
  * Enhancements to date and time functions
  * Rename the printf() SQL function to format() for better
    compatibility, with alias for backwards compatibility.
  * Add the sqlite3_error_offset() interface for helping localize
    an SQL error to a specific character in the input SQL text
  * Enhance the interface to virtual tables
  * CLI columnar output modes are enhanced to correctly handle tabs
    and newlines embedded in text, and add options like "/--wrap N"/,
    "/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
  * Query planner enhancements using a Bloom filter to speed up
    large analytic queries, and a balanced merge tree to evaluate
    UNION or UNION ALL compound SELECT statements that have an
    ORDER BY clause.
  * The ALTER TABLE statement is changed to silently ignores
    entries in the sqlite_schema table that do not parse when
    PRAGMA writable_schema=ON
- update to 3.37.2:
  * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
    cause database corruption if a SAVEPOINT is rolled back while
    in PRAGMA temp_store=MEMORY mode, and other changes are made,
    and then the outer transaction commits
  * Fix a long-standing problem with ON DELETE CASCADE and ON
    UPDATE CASCADE in which a cache of the bytecode used to
    implement the cascading change was not being reset following a
    local DDL change
- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("/START"/) is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.
  * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
    extension when a column has no collating sequence.
systemd-presets-branding-SLE
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
timezone
- Update to reflect new Chile DST change, bsc#1202310
  * bsc1202310.patch
unzip
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
  to a local string (CVE-2022-0530, bsc#1196177)
  * CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
  conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
  * CVE-2022-0529.patch
update-alternatives

      
util-linux
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
util-linux-systemd
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
which
- https urls, added signature (but did not find the public key)
- Use %license instead of %doc [bsc#1082318]
- Move installinfo scriptlet to preun so it won't fail
- Cleanup spec file with spec-cleaner
- Correct usage of info scriplets
- GNU which 2.21:
  * Upgraded code from bash to version 4.3 (now uses eaccess).
  * Fixed a bug related to getgroups / sysconfig that caused Which
    not to see more than 64 groups for a single user
  * Build system maintenance.
- Update project and source URL to GNU project
xfsprogs
- mkfs: validate extent size hint parameters (bsc#1138247)
  - add xfsprogs-xfs-move-inode-extent-size-hint-validation-to-libxfs.patch
  - add xfsprogs-xfs_repair-use-libxfs-extsize-cowextsize-validation-.patch
  - add xfsprogs-mkfs-validate-extent-size-hint-parameters.patch
- xfs_repair: Fix root inode's parent when it's bogus for sf directory
  (bsc#1138227)
  - add xfsprogs-xfs_repair-Fix-root-inode-s-parent-when-it-s-bogus-f.patch
yast2-storage
- Partitioner: PVs are not wrongly removed when resizing a VG
  (bsc#1197208).
- 3.2.23
zlib
- Fix heap-based buffer over-read or buffer overflow in inflate via
  large gzip header extra field (bsc#1202175, CVE-2022-37434,
  CVE-2022-37434-extra-header-1.patch,
  CVE-2022-37434-extra-header-2.patch).
zypper
- Return ZYPPER_EXIT_INF_RPM_SCRIPT_FAILED (107) also if %posttrans
  script failed. Requires ZYPPER_ON_CODE12_RETURN_107=1 being set
  in the environment (bsc#1198139)
- version 1.13.62
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- version 1.13.61