SAPHanaSR
- Version bump to 0.162.1
  * fix for SAPHanaTopology failing with error code 1
    (OCF_ERR_GENERIC) during a normal stop action
    (bsc#1207466)
  * set srhook attribute to PRIM during a probe so that we do not
    need to wait for the first srConnectionChanged() to set the
    attribute
    (bsc#1205535)
    (jsc#PED-1739, jsc#PED-2608)
cloud-netconfig
- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
compat-openssl098
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patch: openssl-CVE-2022-4304.patch
crmsh
- Update to version 4.1.1+git.1672364762.c6594863:
  * Fix: report: Catch read exception (bsc#1206606)
curl
- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
  * HTTP multi-header compression denial of service
  * Add curl-CVE-2023-23916.patch
dbus-1
- Fix IO lock contention, causing timeouts; (fdo#102839);
  (bsc#1193780).
  Add fix-upstream-fdo102839-io-lock-contention.patch
dbus-1-x11
- Fix IO lock contention, causing timeouts; (fdo#102839);
  (bsc#1193780).
  Add fix-upstream-fdo102839-io-lock-contention.patch
drbd
- drbd reporting: drbd data0/0 drbd0 lnxxxx-pa: Retrying drbd_rs_del_all() later (bsc#1207127)
  * bsc1207127-01_drbd-Pause-sync-souce-when-we-decide-to-pause-a-sync.patch
  * bsc1207127-02_drbd-Fix-setting-other-repl-state-in-other-connectio.patch
  * bsc1207127-03_drbd-fix-termination-of-verify-with-stop-sector.patch
  * bsc1207127-04_drbd-do-not-execute-drbd_resync_finished-if-work-is.patch
google-guest-agent
- Bump go API version to 1.18 (bsc#1208723)
  + Address CVE-2021-38297 and CVE-2022-23806
- Update to version 20230221.00
  * Allow a comment part of a pub ssh key to have an arbitrary format (#198)
    + Split GetUserKey() into two functions: get and validate
    + Correct the name of ValidateUser func as it validates only users
    + Update tests
  * Update OWNERS (#201)
- from version  20230207.00
  * Update OWNERS file (#199)
- Update to version 20230112.00
  * Updating logging module so cloud logs are flushed prior to exit (#196)
  * Windows: retry adding MDS route (#194)
- Update to version 20221109.00
  * Validate user key for whitespace chars (#188)
- from version 20221107.00
  * Fix typo with wsfc agent (#189)
- from version 20221104.00
  * Updates to gce-workload-cert-refresh (#186)
- from version 20221025.00
  * Add workload cert refresh to preset (#185)
- Update to version 20221018.00
  * Write workload cert status file (#184)
- from version 20221017.00
  * Update workload_cert permissions (#180)
- Update to version 20220927.00
  * Workload certificate refresh (#182)
- Update to version 20220824.00
  * Workload certs (#177)
- from version 20220823.00
  * add members to OWNERS (#178)
  * Expired key tests (#176)
  * correct expired key handling (#175)
- avoid bashism in post-install scripts (bsc#1195391)
- Update to version 20220713.00 (bsc#1202100, bsc#1202101)
  * try restoring module mode (#172)
  * update for golang 1.16 (#171)
- from version 20220614.00
  * Remove log that can break startup scripts (#170)
- from version 20220603.00
  * repeat fix for arm (#169)
  * no authorized keys on debian (#168)
- from version 20220527.00
  * Add authorized keys command to the Windows agent package. (#167)
  * Support for Windows SSH (#164)
- from version 20220523.00
  * restore double slash metadata url (#166)
- from version 20220520.00
  * Support .exe as an option for scripts and refactor runScript (#165)
- Update to version 20220429.00
  * Move some functionality to a utils module (#162)
- Update to version 20220412.00
  * enable goproxy during build (#163)
- from version 20220321.00
  * enable routes for ipv6 (#160)
google-osconfig-agent
- Bump go API version to 1.18 (bsc#1208723)
  + Address CVE-2021-38297 and CVE-2022-23806
- Update to version 20230222.00
  * Remove Debian 9 from e2e tests image list (#460)
- from version 20230217.00
  * Update OWNERS (#458)
- from version 20230208.00
  * Fix the error in the `copy_file_from_bucket.yaml` example. (#456)
- from version 20230202.00
  * Update owners file. (#455)
- from version 20230123.00
  * Call FQDN (#454)
- Update to version 20221214.00
  * Close clients that are not passed anywhere (#450)
- Update to version 20221013.01
  * Don't print raw pointer data. (#446)
- from version 20221013.00
  * Delete yum transaction files if created. (#445)
- Update to version 20220829.00
  * Fix exclude packages field processing (#440)
- from version 20220824.00
  * Check for exclusive patches. (#442)
- Use install command in %post section to create state file (bsc#1202826)
- Remove useless creation of state file directory in /var/lib
- avoid bashim in post install scripts (bsc#1195391)
- Update to version 20220801.00 (bsc#1202100, bsc#1202101)
  * update OWNERS (#438)
  * Close client when RegisterAgent fails. (#436)
- from version 20220714.00
  * Add timeouts for pip/gem updates. (#433)
- from version 20220623.00
  * upgrade to golang 1.16 and override deb build settings for compatibility (#432)
- from version 20220606.00
  * new example policy to ensure sshd is running on windows VMs (#430)
- from version 20220531.00
  * Add default timeout for pip and gem list commands (#429)
- Don't restart daemon on package upgrade, create a state file instead (bsc#1194319)
- Update to version 20220314.01
  * Support COS on arm64 (#426)
- from version 20220314.00
  * Fix previous PR: exec.CommandContext cannot be reused (#425)
- from version 20220304.00
  * Update the error message when an exec task is run on Windows
    without an interpreter (#423)
  * Fix string that apt-get returns when requiring downgrade (#422)
  * e2e_tests: fix patch test rerun (#421)
  * Add --allow-downgrades flag to apt-get calls when it
    fails because of wanting to downgrade a package (#418)
  * Create e2e test that runs apt-get in a state that makes
    it downgrade a package (#420)
  * e2e_tests: update OS targets, adjust retries (#419)
  * Create change_group.yaml (#416)
- from version 20220215.00
  * Add regex support to package exclusion in OS Patch (#415)
grub2
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch
- Make linuxefi default command as linux (bsc#1176134) (bsc#1202838)
  * 0001-Fix-symbols-appearing-in-several-modules-in-linux.patch
  * 0002-linux-fixup.patch
  * 0003-cmdline-Provide-cmdline-functions-as-module.patch
  * 0004-efi-linux-provide-linux-command.patch
harfbuzz
- Add CVE-2023-25193.patch: limit how far we skip when looking
  back (bsc#1207922 CVE-2023-25193).
kernel-default
- scsi: qla2xxx: Synchronize the IOCB count to be in order
  (bsc#1209292 bsc#1209684 bsc#1209556).
- commit 18dd273
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 58a7e43
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit 4061009
- net: usb: smsc75xx: Move packet length check to prevent kernel
  panic in skb_pull (git-fixes).
- commit 904473f
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
  [iivanov] Fix Patch-mainline to v6.3-rc5
- commit f23280a
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
  CVE-2023-28772).
- commit 6692c8c
- x86/apic: Add name to irq chip (bsc#1206010).
- commit 89bba1e
- ipv4: route: fix inet_rtm_getroute induced crash (git-fixes).
- commit e25c3f6
- blacklist.conf: update blacklist
- commit ae3ef0f
- blacklist.conf: update blacklist
- commit 3e5530d
- x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191).
- x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001
  jsc#ECO-3191).
- Refresh
  patches.kabi/kABI-Fix-kABI-for-extended-APIC-ID-support.patch.
- Refresh
  patches.suse/x86-msi-Force-affinity-setup-before-startup.patch.
  Update to upstream patches.
  Two easy cleanups added for simpler backports.
- commit 2c2baeb
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207001).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally"/ (bsc#1207001).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1207001).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1207001).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
  (bsc#1207001).
- commit e9cf69b
- x86/ioapic: Force affinity setup before startup (bsc#1193231).
- blacklist.conf: remove it from there as the prerequisities were
  backported already
- commit 67a8716
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 0e57c99
- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 27afda9
- powerpc/xics: fix refcount leak in icp_opal_init()
  (bsc#1065729).
- commit f9aeabf
- powerpc/powernv/ioda: Skip unallocated resources when mapping
  to PE (bsc#1065729).
- commit 12e8c49
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
  (bsc#1065729).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
  (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling
  (bsc#1109158 ltc#169177 git-fixes).
- commit 4d6673f
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
  (git-fixes).
- commit bd0fc95
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 32c7f24
- blacklist.conf: driver not in SLE12
- commit 3fbe4df
- blacklist.conf: driver not present in SLE12
- commit dad4545
- s390/vfio-ap: fix memory leak in vfio_ap device driver
  (git-fixes).
- commit 0efdc1f
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
  CVE-2023-28464).
- commit ee49c52
- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 007f267
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
  CVE-2023-1390).
- commit 91c876a
- Update
  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- commit 03cf48f
- timers: Clear timer_base::must_forward_clk with (bsc#1207890)
- commit 665e881
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d6d271d
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit a0c51f7
- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
  (CVE-2023-1281 bsc#1209634).
- commit 79d6cb4
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit 3f3dfdc
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes)
- commit 11f2537
- arm64: Do not forget syscall when starting a new thread. (git-fixes)
- commit 27dfefa
- arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes)
- commit 551a661
- arm64/vdso: Discard .note.gnu.property sections in vDSO (git-fixes)
- commit b2f00e4
- blacklist.conf: ("/arm64: alternatives: Move length validation in alternative_{insn,"/)
- commit 750c32b
- KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
- commit 2e3ed1c
- arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes)
- commit 66c3a8b
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit add4723
- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes)
- commit 65bd4cc
- arm64/alternatives: move length validation inside the subsection (git-fixes)
- commit d2aefa8
- arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes)
- commit 2354853
- arm64/alternatives: don't patch up internal branches (git-fixes)
- commit 259ff6d
- arm64/alternatives: use subsections for replacement sequences (git-fixes)
- commit 206be22
- arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register (git-fixes)
  Refresh patches.suse/arm64-cpufeature-Allow-different-PMU-versions-in-ID_DFR0_EL1.patch
- commit a0b4d86
- blacklist.conf: ("/arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]"/)
- commit 99d129d
- blacklist.conf: ("/arm64: Delete the space separator in __emit_inst"/)
- commit e989773
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit eabb21e
- Revert "/arm64: dts: juno: add dma-ranges property"/ (git-fixes)
- commit 472652a
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes)
- commit 126253f
- blacklist.conf: ("/arm64: fix unreachable code issue with cmpxchg"/)
- commit 27e2384
- arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes)
- commit ed14da7
- arm64/mm: fix variable 'pud' set but not used (git-fixes)
- commit bb80a31
- arm64: unwind: Prohibit probing on return_address() (git-fixes)
- commit 84859a4
- blacklist.conf: ("/arm64/efi: Mark __efistub_stext_offset as an absolute symbol"/)
- commit 7448304
- arm64: Fix compiler warning from pte_unmap() with (git-fixes)
- commit f112362
- arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git-fixes)
- commit 80aa069
- arm64: kprobe: make page to RO mode when allocate it (git-fixes)
- commit 0375ba2
- usb: typec: altmodes/displayport: Fix probe pin assign check
  (git-fixes).
- commit 5ce7845
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
  DID_REQUEUE (bsc#1199837).
- commit 2f806c6
- USB: misc: iowarrior: fix up header size for
  USB_DEVICE_ID_CODEMERCS_IOW100 (git-fixes).
- commit 198956a
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
  CVE-2017-5753).
- commit 179a403
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 9bc607c
- tracing/hwlat: Replace sched_setaffinity with
  set_cpus_allowed_ptr (git-fixes).
- commit 10ecebb
- ring-buffer: remove obsolete comment for free_buffer_page()
  (git-fixes).
- commit fb36562
- ftrace: Fix invalid address access in lookup_rec() when index
  is 0 (git-fixes).
- commit 2107853
- blacklist.conf: add not-relevant tracing fixes
- commit 89e5ff0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 59b5ef4
- tracing: Add NULL checks for buffer in
  ring_buffer_free_read_page() (git-fixes).
- commit 4ba90d9
- blacklist.conf: might break certifications
- commit bd7ab11
- blacklist.conf: kABI
- commit c99b186
- blacklist.conf: irrelevant in our configs
- commit e0f4fc3
- blacklist.conf: kABI
- commit 9748c72
- blacklist.conf: kABI
- commit abd6f40
- blacklist.conf: blacklist Documentation because we
  will not updaten the documentation package in SLE12 anyway
- commit b4fe007
- Refresh
  patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch.
- commit 37fbfe8
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 739342e
- xen/netfront: stop tx queues during live migration (git-fixes).
- commit ac8b9c0
- xen-netfront: fix potential deadlock in xennet_remove()
  (git-fixes).
- Refresh
  patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch.
- commit 9294dd7
- xen/netfront: fix waiting for xenbus state change (git-fixes).
- commit fe29b44
- xen-netfront: wait xenbus state change when load module manually
  (git-fixes).
- commit 0c71330
- xen-netfront: Update features after registering netdev
  (git-fixes).
- commit c77bad3
- xen-netfront: Fix mismatched rtnl_unlock (git-fixes).
- commit db4108c
- xen-netfront: Fix race between device setup and open
  (git-fixes).
- Refresh
  patches.suse/xen-netfront-don-t-trust-the-backend-response-data-b.patch.
- commit a087822
- blacklist.conf: add 9e6246518592 ("/xen/netback: don't call kfree_skb() under spin_lock_irqsave()"/)
- commit cae7fc6
- blacklist.conf: add 7dfa764e0223 ("/xen/netback: fix build warning"/)
- commit 31b3ee5
- blacklist.conf: add 5834e72eda0b ("/xen/netback: do some code cleanup"/)
- commit 6487e56
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit 4ce0c85
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
  (git-fixes).
- commit 36249b4
- xen/platform-pci: add missing free_irq() in error path
  (git-fixes).
- commit dd25a55
- xen-netfront: enable device after manual module load
  (git-fixes).
- commit 6ce0b56
- blacklist.conf: add ce6f7d087e2b ("/Input: xen-kbdfront - fix multi-touch XenStore node's locations"/)
- commit 9866d94
- blacklist.conf: added 02a0d9216d4da ("/Input: xen-kbdfront - do not advertise multi-touch pressure support"/)
- commit 4d70cca
- x86/paravirt: Fix callee-saved function ELF sizes (git-fixes).
- Refresh
  patches.suse/x86-prepare-inline-asm-for-straight-line-speculation.patch.
- commit be50a99
- SUNRPC: Fix a server shutdown leak (git-fixes).
- commit b391b37
- Revert "/mei: me: enable asynchronous probing"/ (bsc#1208048,
  bsc#1209126).
- commit 9a95c7f
- media: dvb-usb: az6027: fix null-ptr-deref in  az6027_i2c_xfer()
  (bsc#1209291 CVE-2023-28328).
- commit 0a0d765
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
  (git-fixes).
- commit a77868e
- Bluetooth: btusb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- commit 0b2e609
- blacklist.conf: false positive
- commit 7dfc594
- ima: Fix function name error in comment (git-fixes).
- commit 889bacc
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit efc9af2
- blacklist.conf:	irrelevant in our configurations
- commit fcaf3c0
- blacklist.conf: kABI
- commit 5f50816
- blacklist.conf: changes exported defaults
- commit 6e19056
- PM: hibernate: flush swap writer after marking (git-fixes).
- commit d5d514d
- blacklist.conf: false positive
- commit bcee6d7
- blacklist.conf: kABI
- commit ee8665f
- blacklist.conf: false positive
- commit 38a7585
- kgdb: Drop malformed kernel doc comment (git-fixes).
- commit 16f0840
- blacklist.conf: kABI
- commit 836cdb8
- dt-bindings: reset: meson8b: fix duplicate reset IDs
  (git-fixes).
- commit 758f2cb
- timers/sched_clock: Prevent generic sched_clock wrap caused
  by tick_freeze() (git-fixes).
- commit c1996c6
- blacklist.conf: irrelevant documentation
- commit 14b48ad
- blacklist.conf: false positive
- commit 24553f6
- usb: dwc3: gadget: Stop processing more requests on IMI
  (git-fixes).
- commit 1e1ba8c
- Update patches.suse/net_sched-add-__rcu-annotation-to-netdev-qdisc.patch.
- fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
- commit 005c9da
- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256 CVE-2017-5753).
- commit fca254e
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- commit 1162027
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit c85689a
- blacklist.conf: duplicate
- commit 9a30402
- blacklist.conf: false positive
- commit 6886a4a
- NET: usb: qmi_wwan: Adding support for Cinterion MV31
  (git-fixes).
- commit 64d8c67
- Update
  patches.suse/l2tp-fix-race-in-pppol2tp_release-with-session-objec.patch
  (bsc#1076830 bsc#1208850 CVE-2022-20567).
- commit 47065bb
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
  bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit c4928a4
- Delete
  patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
  This definition was used by kgraft codestreams (SLE12-SP3), but the
  livepatch support for such codestreams has ended.
- commit 4fbaecf
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
  (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
  (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
  (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI: aardvark: Fix checking for PIO Non-posted Request
  (git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler
  (git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI/PM: Avoid using device_may_wakeup() for runtime PM
  (git-fixes).
- Refresh
  patches.suse/0002-PCI-PM-Use-the-NEVER_SKIP-driver-flag.patch.
- commit 7a5a840
- media: platform: ti: Add missing check for devm_regulator_get
  (git-fixes).
- commit 38e97d5
- media: coda: Add check for kmalloc (git-fixes).
- commit 95a83e8
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit da6b661
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  ...
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
  Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- vxlan: changelink: Fix handling of default remotes (git-fixes).
- commit 353bf78
- vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
- commit 4d54675
- net: aquantia: fix RSS table and key sizes (git-fixes).
- commit 3b040c8
- bonding: fix 802.3ad state sent to partner when unbinding slave
  (git-fixes).
- commit 45191af
- vlan: Fix vlan insertion for packets without ethernet header
  (git-fixes).
- commit 95ac5e1
- vlan: Fix out of order vlan headers with reorder header off
  (git-fixes).
- commit 59cf369
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (CVE-2023-1118 bsc#1208837).
- commit e793953
- xfrm: Copy policy family in clone_policy (git-fixes).
- commit 9d47068
- netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
- commit 8eff166
- netfilter: xt_connlimit: don't store address in the conn nodes
  (git-fixes).
- commit b335237
- icmp: don't fail on fragment reassembly time exceeded
  (git-fixes).
- commit ba8013a
- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
  patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 6206180
- PCI: Unify ACS quirk desired vs provided checking (git-fixes).
- PCI: Make ACS quirk implementations more uniform (git-fixes).
- commit 6452eb0
- KABI FIX FOR: NFS: Pass error information to the pgio error
  cleanup routine (git-fixes).
- commit 00c859b
- KABI FIX FOR - SUNRPC: Fix priority queue fairness (git-fixes).
- commit 91b67c9
- README.BRANCH: Adding myself to the maintainer list
- commit 8fc11b2
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
  instead.
- commit 152a069
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit c0b9b40
- kabi/severities: add l2tp local symbols
- commit 63a39ae
- l2tp: Serialize access to sk_user_data with sk_callback_lock
  (bsc#1205711 CVE-2022-4129).
- commit ef8f012
- l2tp: fix race in duplicate tunnel detection (bsc#1205711
  CVE-2022-4129).
- commit 6a8247c
- l2tp: fix races in tunnel creation (bsc#1205711 CVE-2022-4129).
- commit 4e92c0b
- Refresh
  patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit d76f4ba
- nfsd: fix race to check ls_layouts (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
  (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
  (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
  failure (git-fixes).
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
  (git-fixes).
- NFS: Pass error information to the pgio error cleanup routine
  (git-fixes).
- SUNRPC: Fix priority queue fairness (git-fixes).
- commit 24274be
- blacklist.conf: updates
- commit 79d0f01
- scripts/sequence-patch.sh: remove obsolete egrep
  Avoids a warning and prepares for ultimate removal - boo#1203092
- commit 7a787f7
- PCI: aardvark: Don't touch PCIe registers if no card connected
  (git-fixes).
- PCI: aardvark: Indicate error in 'val' when config read fails
  (git-fixes).
- PCI: aardvark: Improve link training (git-fixes).
- PCI: aardvark: Don't blindly enable ASPM L0s and don't write
  to read-only register (git-fixes).
- PCI: aardvark: Train link immediately after enabling training
  (git-fixes).
- PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
  (git-fixes).
- PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
- PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
- PCI: endpoint: Fix for concurrent memory allocation in OB
  address region (git-fixes).
- kabi: PCI: endpoint: Fix for concurrent memory allocation in
  OB address region (git-fixes).
- PCI: endpoint: Cast the page number to phys_addr_t (git-fixes).
- PCI: aardvark: Remove PCIe outbound window configuration
  (git-fixes).
- PCI: aardvark: Introduce an advk_pcie_valid_device() helper
  (git-fixes).
- commit 36c0f12
- PCI: aardvark: Don't rely on jiffies while holding spinlock
  (git-fixes).
- PCI: aardvark: Wait for endpoint to be ready before training
  link (git-fixes).
- PCI/PM: Always return devices to D0 when thawing (git-fixes).
- PCI: tegra: Fix OF node reference leak (git-fixes).
- commit d6e8f39
- applicom: Fix PCI device refcount leak in applicom_init()
  (git-fixes).
- PCI: Add ACS quirk for iProc PAXB (git-fixes).
- Refresh
  patches.suse/PCI-Add-ACS-quirk-for-Amazon-Annapurna-Labs-root-por.patch.
- Refresh
  patches.suse/PCI-Add-ACS-quirk-for-Broadcom-BCM57414-NIC.patch.
- PCI: PM: Avoid skipping bus-level PM on platforms without ACPI
  (git-fixes).
- PCI: aardvark: Fix a leaked reference by adding missing
  of_node_put() (git-fixes).
- commit 5dd1a12
- blacklist.conf: powerpc math emulation is not used
- commit 7904b57
- blacklist.conf: 8e1278444446 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
- commit 1292ac8
- powerpc/fscr: Enable interrupts earlier before calling
  get_user() (bsc#1065729).
- Refresh patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch
- powerpc/powernv: Fix build error in opal-imc.c when NUMA=n
  (bsc#1065729).
- commit 9101ec0
- powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
- powerpc/powernv: IMC fix out of bounds memory access at shutdown
  (bsc#1065729).
- commit f7b6c1a
- blacklist.conf: Add oops_limit accretion disk
- commit 26414f9
- blacklist.conf: fda31c50292a signal: avoid double atomic counter increments for user accounting
- commit ad47077
- blacklist.conf: Add 11e31f608b49 watchdog/softlockup: Enforce that timestamp is valid on boot
- commit 312b206
- ipmi: fix initialization when workqueue allocation fails
  (git-fixes).
- commit 62cff13
- ipmi: msghandler: Make symbol 'remove_work_wq' static
  (git-fixes).
- commit f48a444
- blacklist.conf: Add 0e48f51cbbfb Revert "/libata, freezer: avoid block device removal while system is frozen"/
- commit 3b5d052
- net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
- commit 354903d
- net: bmac: Fix read of MAC address from ROM (git-fixes).
- commit f260cf5
- net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).
- commit b08ffb4
- Refresh patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit e51ef45
- Revert "/af_unix: fix races in sk_peer_pid and sk_peer_cred accesses"/
  This reverts commit e49e1b0f7e662d5b071015f05ead8185cb31f049
  since it breaks the kernel.
- commit f1351a4
- Revert "/sock.h: hide new member (bsc#1194535 CVE-2021-4203)."/
  This reverts commit 3cef23f4011eda051233a2e9572ae1d789313f41
  since it breaks the kernel
- commit f66a3cf
- SUNRPC: make lockless test safe (bsc#1207201).
- commit 155aec2
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit 3cef23f
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit e49e1b0
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit ec6bedc
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit b12b939
- Refresh
  patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit b1becb2
- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit d61392c
- blacklist.conf: add few PCI patches
- commit 52e540a
- x86/mm: Randomize per-cpu entry area (bsc#1207845
  CVE-2023-0597).
- refresh patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch.
- commit 6cab2a4
- block: bio-integrity: Copy flags when bio_integrity_payload
  is cloned (bsc#1208541).
- commit 1c1919f
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
  (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
  static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
  gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
  (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
  (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
  commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
  (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
  (bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
  (bsc#1208570).
- commit 649e0ec
- git_sort: tests: do not disable package repository GPG check
  This adds the Kernel repository key and enables GPG check for package
  installation inside containers.
- commit b2615b2
- git_sort: tests: Adjust to new net repository location
- commit de2dc43
- git_sort: tests: Fix tests failing on SLE15
  Use the correct base image, pygit2 is not found by pythong otherwise.
- commit 1088359
- git_sort: tests: exit on error
- commit 767bb07
- blacklist.conf: feature not a fix
- commit 1443bd3
- blacklist.conf: feature not a fix
- commit ee1e977
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- commit d05158b
- blacklist.conf: cosmetic fix
- commit 4b9f79b
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- commit 2d46d95
- git_sort: tests: Use 15.4, 15.3 is EOL
- commit 3624818
- git_sort: tests: Kernel:tools does not have Leap repos, use SLE
- commit 46626b0
- scripts/renamepatches: Fix grep warning
  grep: warning: stray  before /
- commit 20e6e67
- scripts/renamepatches: Exclude search in irrelevant files
  Especially large files in kabi/ can be simply avoided on slow devices
  (or NFS).
- commit 9e1b932
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
  (git-fixes).
- commit 4c304c0
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- commit 7662fa0
- net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans
  (git-fixes).
- commit ae05a84
- blacklist.conf: add blacklist
- commit d1dd69b
- blacklist.conf: update blacklist
- commit 8b2622c
- blacklist.conf: update blacklist
- commit 50d7ebf
- blacklist.conf: update blacklist
- commit a32c2b4
- blacklist.conf: update blacklist
- commit 941a0ae
- blacklist.conf: update blacklist
- commit ac031d8
- x86/power: Fix 'nosmt' vs hibernation triple fault during resume
  (git-fixes).
- Refresh
  patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 3ddadd1
- x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
  (git-fixes).
- x86/build: Add 'set -e' to mkcapflags.sh to delete broken
  capflags.c (git-fixes).
- x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes).
- x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes).
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
  vmalloc_fault() (git-fixes).
- x86/irq/64: Limit IST stack overflow check to #DB stack
  (git-fixes).
- x86/uaccess, signal: Fix AC=1 bloat (git-fixes).
- x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes).
- commit 4fdbd92
- blacklist.conf: add some x86 commits
- commit 89c0d93
- scripts/renamepatches: Optimize search
  Use bash hashmap instead of grepping list file.
  sample:
  5.0s -> 2.5s
  Composed result with previous commit on SLE15-SP4->SLE15-SP5:
  original
  Executed in  207.82 secs    fish           external
  usr time  263.64 secs  459.00 micros  263.64 secs
  sys time   60.61 secs  185.00 micros   60.61 secs
  optimized
  Executed in   65.73 secs    fish           external
  usr time   49.16 secs  639.00 micros   49.16 secs
  sys time   18.52 secs    0.00 micros   18.52 secs
- commit 68e276c
- scripts/renamepatches: Optimize forks
  Use single awk instead of multiple utilites.
  sample:
  6.4s -> 5.0s
- commit c44b590
- blacklist.conf: kABI
- commit 6c2dd7a
- blacklist.conf: false positive from stable
- commit 4cb1a8d
- net: allwinner: Fix use correct return type for ndo_start_xmit()
  (git-fixes).
- commit a06fb6c
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
- commit 8e95e4e
- net: systemport: suppress warnings on failed Rx SKB allocations
  (git-fixes).
- commit 34c447d
- net: bcmgenet: suppress warnings on failed Rx SKB allocations
  (git-fixes).
- commit e3d888b
- net/mlx5e: Set of completion request bit should not clear
  other adjacent bits (git-fixes).
- commit 1fccfde
- net: stmmac: Fix sub-second increment (git-fixes).
- commit 7bcb4c9
- blacklist.conf: regression due to missing feature in boot loader
- commit d40e68d
- xhci: Don't show warning for reinit on known broken suspend
  (git-fixes).
- commit 60f17f0
- USB: serial: console: move mutex_unlock() before
  usb_serial_put() (git-fixes).
- commit e9ada32
- USB: serial: ch341: fix disabled rx timer on older devices
  (git-fixes).
- commit 1f1a3d6
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit f44e5ac
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
  (git-fixes).
- commit c8ee3cd
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
  (git-fixes).
- commit d5892e7
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 3dadb30
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- commit 9a54c12
- blacklist.conf: remove duplicated entry
- commit 09dbb7d
- Update SUSE Root certificate file
  Pull the root certificate from a later bundle where it is correctly
  marked as CA certificate. Without this the certificate won't be added
  into CA bundle.
- commit b2e67d7
- prlimit: do_prlimit needs to have a speculation check
  (git-fixes).
- signal handling: don't use BUG_ON() for debugging (git-fixes).
- panic: unset panic_on_warn inside panic() (git-fixes).
- ptrace: make ptrace() fail if the tracee changed its pid
  unexpectedly (git-fixes).
- don't dump the threads that had been already exiting when zapped
  (git-fixes).
- kernel/sys.c: avoid copying possible padding bytes in
  copy_to_user (git-fixes).
- commit b9bfdd9
- kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
- Refresh patches.suse/supported-flag.
- commit d60d0fc
- blacklist.conf: add couple CORE patches
- commit 40318d8
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit 381f355
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
  (git-fixes).
- commit 4a8728c
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- commit 7a53afd
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
  (git-fixes).
- commit 4eade98
- net: usb: lan78xx: don't modify phy_device state concurrently
  (git-fixes).
- commit 6ef7677
- blacklist.conf: add a cleanup to disable -Wmaybe-uninitialized
- commit 5840861
- blacklist.conf: duplicate
- commit 59bea49
- blacklist.conf: add a mips-only specific revert
- commit 2cf8eeb
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
  (git-fixes).
- commit 4e09bf9
- blacklist.conf: add a not-strictly needed fw-loading fix
- commit 229946b
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- commit 4cc9e19
- net: usb: sr9700: Handle negative len (git-fixes).
- commit e4e2a28
- usb: rndis_host: Secure rndis_query check against int overflow
  (CVE-2023-23559 bsc#1207051).
- commit e207be8
- xfs: Fix unreferenced object reported by kmemleak in
  xfs_sysfs_init() (git-fixes).
- commit 8137300
- xfs: fix realtime bitmap/summary file truncation when growing
  rt volume (git-fixes).
- commit e4116fa
- xfs: make sure the rt allocator doesn't run off the end
  (git-fixes).
- commit 6e43199
- xfs: initialize the shortform attr header padding entry
  (git-fixes).
- commit 362da99
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
- commit 80c6365
- xfs: fix partially uninitialized structure in
  xfs_reflink_remap_extent (git-fixes).
- commit 9049b82
- xfs: fix mount failure crash on invalid iclog memory access
  (git-fixes).
- commit 1d08499
- xfs: fix attr leaf header freemap.size underflow (git-fixes).
- commit 1653047
- xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
- commit ab6f871
- xfs: require both realtime inodes to mount (git-fixes).
- commit 2e5ec52
- xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
- commit fcdc154
- xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
- commit 2114c43
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit e1a86c1
- blacklist.conf: Blacklist the patch below
- Delete
  patches.suse/ext4-don-t-BUG-if-someone-dirty-pages-without-asking.patch
  to replace it with a better alternative we have in other branches
- commit d1f6219
- x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
- Refresh
  patches.suse/x86-mce-amd-edac-mce_amd-add-new-mp5-nbio-and-pcie-smca-bank-types.patch.
- commit 04b9b60
- cpu/hotplug: Fix "/SMT disabled by BIOS"/ detection for KVM
  (git-fixes).
- kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
- Refresh
  patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- commit 450f659
- x86/hpet: Prevent potential NULL pointer dereference
  (git-fixes).
- x86/mm: Don't leak kernel addresses (git-fixes).
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
  (git-fixes).
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15
  models (git-fixes).
- x86/kexec: Don't setup EFI info if EFI runtime is not enabled
  (git-fixes).
- x86/fpu: Add might_fault() to user_insn() (git-fixes).
- commit 5915eb8
- x86/speculation: Remove SPECTRE_V2_IBRS in enum
  spectre_v2_mitigation (bsc#1068032 CVE-2017-5754).
- Refresh
  patches.suse/x86-retpoline-remove-minimal-retpoline-support.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
  patches.suse/x86-speculation-support-enhanced-ibrs-on-future-cpus.patch.
  Make IBRS patches closer to upstream.
- commit 4cf6d38
- x86/speculation: Add support for STIBP always-on preferred mode
  (git-fixes).
- x86/speculation: Change misspelled STIPB to STIBP (git-fixes).
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
  patches.suse/x86-speculation-allow-ibpb-to-be-conditionally-enabled-on-cpus-with-always-on-stibp.patch.
- Refresh
  patches.suse/x86-speculation-avoid-force-disabling-ibpb-based-on-stibp-and-enhanced-ibrs.patch.
- Refresh
  patches.suse/x86-speculation-merge-one-test-in-spectre_v2_user_select_mitigation.patch.
- Refresh
  patches.suse/x86-speculation-pr_spec_force_disable-enforcement-for-indirect-branches.patch.
  Update STIBP patches to be closer to upstream.
- commit 1ef4c9a
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit 9894e8b
- x86/earlyprintk: Add a force option for pciserial device
  (git-fixes).
- x86/mce-inject: Reset injection struct after injection
  (git-fixes).
- kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not
  fault on bad stack (git-fixes).
- x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).
- commit f94b2cc
- blk-mq: fix possible memleak when register 'hctx' failed
  (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
  (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- commit e68f2dc
- blacklist.conf: add non-backport git-fixes commit
- commit b53530a
- x86: boot: Fix EFI stub alignment (git-fixes).
- commit 35efa28
- x86/bugs: Move the l1tf function and define pr_fmt properly
  (git-fixes).
- Refresh
  patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
  patches.suse/0007-x86-kvm-Allow-runtime-control-of-L1D-flush.patch.
- Refresh
  patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
- Refresh
  patches.suse/x86-speculation-mds-add-mitigation-control-for-mds.patch.
- Refresh
  patches.suse/x86-speculation-reorder-the-spec_v2-code.patch.
- Refresh
  patches.suse/x86-speculation-support-mitigations-cmdline-option.patch.
- commit 1843a69
- Refresh patches.suse/x86-l1tf-06-add-sysfs-report.patch.
- Refresh
  patches.suse/0001-x86-litf-Introduce-vmx-status-variable.patch.
- Refresh
  patches.suse/0010-x86-bugs-kvm-Introduce-boot-time-control-of-L1TF-mit.patch.
  Update to upstream version (X86_FEATURE_L1TF_PTEINV).
- commit 89f9e4a
- blacklist.conf: Add 86989c41b5ea signal: Always ignore SIGKILL and SIGSTOP sent to the global init
- commit bed9df8
- scripts/osc_wrapper: Assign spec with *.spec file when building
  Commit 270fc6884c5b ("/scripts/osc_wrapper: Pass more options to osc"/),
  decided that only the last argument of osc_wrapper can be the spec file.
  But on commit 30f26fbbe86c ("/scripts/osc_wrapper: Accept --ibs | --obs
  as the first parameter"/), it swaps the order of arguments, leaving
  - -ibs/--obs as the last ones.
  This creates a problem when running osc_wrapper with --ibs
  kernel-default.spec, since it'll add the specfile in osc_args, and
  letting spec variable empty. Later on, if spec if empty, the find_spec
  function is called, setting the spec automatically. The end result is
  messy:
  $ ./scripts/osc_wrapper --ibs kernel-source/kernel-default.spec
  osc -A https://api.suse.de build --no-service --local-package --alternative-project=Devel:Kernel:SLE15-SP4 +  kernel-source/kernel-default.spec +  <some other options here...> +  - -define klp_symbols 1 standard kernel-source/kernel-default.spec
  The osc command contains two spec definitions, which is wrong. The first
  one is wrongly assumed to be an argument to be used for osc or
  osc_wrapper.
  The fix is to respect the argument of *.spec and assign it to spec
  variable, and let other options to be handled by the code that is
  currently present.
- commit 86d0aae
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit a63545b
- blacklist.conf: Add a4055888629b mm/memcg: warning on !memcg after readahead page charged
- commit df06b7b
- blacklist.conf: Add 9a137153fc87 mm/memcg: fix device private memcg accounting
- commit 633912b
- blacklist.conf: Add d477f8c202d1 cpuset: restore sanity to cpuset_cpus_allowed_fallback()
- commit 53f3608
- net: mana: Fix IRQ name - add PCI and queue number
  (bsc#1207875).
- commit b36fcf8
- x86/asm: Add instruction suffixes to bitops (git-fixes).
- x86/entry/64: Add instruction suffix (git-fixes).
- kprobes, x86/alternatives: Use text_mutex to protect
  smp_alt_modules (git-fixes).
- x86/asm: Remove unnecessary nt in front of CC_SET() from
  asm templates (git-fixes).
- blacklist.conf: remove it from there
- commit 42cc16d
- blacklist.conf: add some x86 commits
- commit 9547ab1
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
  CVE-2023-0045).
- commit 18b587b
- tracing: Make sure trace_printk() can output as soon as it
  can be used (git-fixes).
- commit 15c6ed8
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
  print_trace_line (git-fixes).
- commit 720bed5
- jbd2: use the correct print format (git-fixes).
- commit 022b5a0
- tracing: Avoid adding tracer option before update_tracer_options
  (git-fixes).
- commit 3c24529
- tracing: Fix sleeping function called from invalid context on
  RT kernel (git-fixes).
- commit f5a6b6f
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
  (git-fixes).
- commit d9419a4
- tracing: Ensure trace buffer is at least 4096 bytes large
  (git-fixes).
- commit 73dee6a
- tracing: Fix tp_printk option related with
  tp_printk_stop_on_boot (git-fixes).
- commit 9ae70c5
- tracing: Fix a kmemleak false positive in tracing_map
  (git-fixes).
- commit 146abd5
- scsi: target: core: Add CONTROL field for trace events
  (git-fixes).
- commit 5f4b9f3
- blacklist.conf: add not-relevant tracing fixes
- commit 6dbf1ea
- blacklist.conf: add qcom one thanks to present workaround
- commit 56b5e15
- Refresh
  patches.suse/PCI-ACPI-Allow-D3-only-if-Root-Port-can-signal-and-w.patch.
  Avoid compiler warning:
  drivers/pci/pci-acpi.c: In function ‘acpi_pci_bridge_d3’:
  drivers/pci/pci-acpi.c:549:5: warning: unused variable ‘val’ [-Wunused-variable]
  u8 val;
    ^~~
- commit 94c9b34
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
  (git-fixes).
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
  (git-fixes).
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
  (git-fixes).
- PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
- PCI/ASPM: Declare threshold_ns as u32, not u64 (git-fixes).
- commit 1a1e3cb
- blacklist.conf: Add guards
- d6810d730022 ("/memcg, THP, swap: make mem_cgroup_swapout() support THP"/)
- 00f3ca2c2d66 ("/mm: memcontrol: per-lruvec stats infrastructure"/)
- 1f4aace60b0e ("/fs/seq_file.c: simplify seq_file iteration code and interface"/)
- commit fd302dd
- virtio_console: eliminate anonymous module_init & module_exit
  (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit 04f33be
- Update
  patches.kabi/usb.h-struct-usb_device-hide-new-member.patch
  (bsc#1206664 CVE-2022-4662).
- Update
  patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
  (bsc#1206664 CVE-2022-4662).
- commit 3097f42
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
  bsc#1207795).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
  bsc#1207795).
- commit 880415e
- blacklist.conf: 8219d31effa7 powerpc/lib/sstep: Fix build errors with newer binutils
  Always building for at least POWER8
- commit 224de10
- blacklist.conf: Add fb5bf31722d0 fork: fix some -Wmissing-prototypes warnings
- commit dcf40c8
- blacklist.conf: Add 22839869f21a signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
- commit 4599dd7
- blacklist.conf: Ad db8dd9697238 cgroup-v1: cgroup_pidlist_next should update position index
- commit 6b34bd8
- memcg: remove memcg_cgroup::id from IDR on
  mem_cgroup_css_alloc() failure (bsc#1208108).
- commit f958549
- blacklist.conf: Remove spurious whitespace
- commit 79063d5
- blacklist.conf: Add d08afa149acf mm, memcg: fix mem_cgroup_swapout() for THPs
- commit 0c330fd
- blacklist.conf: Add 4eaf431f6f71 memcg: fix per_node_info cleanup
- commit fb05fe9
- blacklist.conf: Add more unsupported ppc architecture paths
- commit e6a4392
- blacklist.conf: PCI bus numbering fixes for unsupported architectures
- commit 507eeac
- Update patches.suse/lightnvm-remove-lightnvm-implemenation.patch
  (bsc#1191881 bsc#1201420 CVE-2022-2991).
- commit 125ae88
- blacklist.conf: not a fix, but a cleanup
- commit 6c62aaf
- blacklist.conf: cosmetic
- commit 89c1ac7
- blacklist.conf: feature, not a fix
- commit 7abc364
- blacklist.conf: false positive
- commit 89c7fc0
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
  (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
  (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
  (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
  (git-fixes).
- scsi: scsi_debug: Fix a warning in resp_write_scat()
  (git-fixes).
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
  (git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- Revert "/scsi: core: run queue if SCSI device queue isn't ready
  and queue is idle"/ (git-fixes).
- drbd: dynamically allocate shash descriptor (git-fixes).
- drbd: Change drbd_request_detach_interruptible's return type
  to int (git-fixes).
- drbd: fix print_st_err()'s prototype to match the definition
  (git-fixes).
- drbd: do not block when adjusting "/disk-options"/ while IO is
  frozen (git-fixes).
- drbd: reject attach of unsuitable uuids even if connected
  (git-fixes).
- drbd: ignore "/all zero"/ peer volume sizes in handshake
  (git-fixes).
- commit 0a624a5
- blacklist.conf: Add powerpc inapplicable fixes.
- commit 7e5ff14
- blacklist.conf: Add more unsupported architecture paths
- commit a9d28f3
- blacklist.conf: Giving up on memtrace on 4.12 kernel
  It's hopelessly outdated. It may work for some uses but definitely
  cannot be fixed to work reliably. It's only available on powernv, anyway.
- commit 52370b2
- Refresh
  patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
- commit 850359a
- blacklist.conf: remove git-fix commit
  Added before but now the context appears present.
- commit ca7ebf0
- Refresh
  patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch.
  Since it is not upstream.
- commit 71b544b
- scsi: smartpqi: use processor ID for hwqueue for non-mq case .
- commit f7c419d
- Revert "/scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)"/
  This reverts commit 10f3936c627ef942dd3b1e94d001f74978249b48.
- commit 08dc3b9
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
  bsc#1204356, bsc#1204662).
- commit 4f27069
- sctp: fail if no bound addresses can be used for a given scope
  (bsc#1206677).
- commit 297ccbe
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
  (git-fixes).
  Heavily modified, as prerequisites for taking it as is would
  utterly ruin kABI
- commit f6a5968
- iforce: restore old iforce_dump_packet (git-fixes).
- commit 4231d1c
- Input: iforce - reformat the packet dump output (git-fixes).
- commit dc68ca6
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).
- commit 234f459
- blacklist.conf: designed to break kABI
- commit 8b4ffca
- parisc: Fix HP SDC hpa address output (git-fixes).
- commit 810aa94
- parisc: Fix serio address output (git-fixes).
- commit 0f57ebf
- Input: do not use WARN() in input_alloc_absinfo() (git-fixes).
- commit 84da185
- Input: replace hard coded string with __func__ in pr_err()
  (git-fixes).
- commit cda312b
- Input: convert autorepeat timer to use timer_setup()
  (git-fixes).
- commit cbdf2f3
- Input: switch to using sizeof(*type) when allocating memory
  (git-fixes).
- commit 8f71a2f
- Input: use seq_puts() in input_devices_seq_show() (git-fixes).
- commit 1b69f50
- Input: use seq_putc() in input_seq_print_bitmap() (git-fixes).
- commit f2b9cd4
- blacklist.conf: blacklist drivers/input/touchscreen/stmfts.c
  Support for this driver has been added in v4.13 with
  78bcac7b2ae1e4f6e96c68ff353c140669ea231c, which we have
  not taken in SLE12. Silence the scripts.
- commit 86c295f
- struct dwc3: move new members to the end (git-fixes).
- commit 09b2302
- usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init
  during suspend/resume (git-fixes).
- Refresh
  patches.suse/usb-dwc3-Disable-phy-suspend-after-power-on-reset.patch.
- commit d6a4fb0
- usb: dwc3: core: Call dwc3_core_get_phy() before initializing
  phys (git-fixes).
- commit f2e20db
- usb: dwc3: core: initialize ULPI before trying to get the PHY
  (git-fixes).
- commit ca7dae7
- README: remove copy of config and update the text (bsc#1191924)
  * the config is copied by sequence_patch.
  * it makes no sense to copy a file called "/default"/ to the build tree
  anyway.
  * update the text, so that prerequisites are pre-installed.
- commit aef2a28
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit ba1784c
- tracing/cfi: Fix cmp_entries_* functions signature mismatch
  (git-fixes).
- commit 6fe5958
- tracing: Fix stack trace event size (git-fixes).
- commit 6ddfce9
- ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).
- commit f3f9c2c
- tracing: Use address-of operator on section symbols (git-fixes).
- commit ff93892
- trigger_next should increase position index (git-fixes).
- commit 6f1b4bf
- ftrace: fpid_next() should increase position index (git-fixes).
- commit c8a082f
- tracing: Set kernel_stack's caller size properly (git-fixes).
- commit b0151c0
- tracing: Adding NULL checks for trace_array descriptor pointer
  (git-fixes).
- commit 08a9d55
- ftrace: Enable trampoline when rec count returns back to one
  (git-fixes).
- Refresh
  patches.suse/ftrace-Do-not-blindly-read-the-ip-address-in-ftrace_bug.patch.
- Refresh
  patches.suse/ftrace-Fix-char-print-issue-in-print_ip_ins.patch.
- commit c714737
- ftrace: Fix NULL pointer dereference in
  free_ftrace_func_mapper() (git-fixes).
- commit 5646431
- blacklist.conf: add not-relevant ftrace fixes
- commit 5961e96
- blacklist.conf: add a kdb fix which breaks kABI
- commit 7191d79
- blacklist.conf: add a kbuild compiler options cleanup
- commit 5e6755f
- blacklist.conf: add not-relevant fixes for the switch_sched event
- commit ebfa63d
- blacklist.conf: Add upstream config paths.
- commit 55c391f
- xen-netfront: Fix hang on device removal (bsc#1206698).
- commit 619f87d
- HID: check empty report_list in hid_validate_values()
  (git-fixes, bsc#1206784).
- commit 0c3e451
- HID: betop: fix slab-out-of-bounds Write in betop_probe
  (git-fixes, bsc#1207186).
- commit 29e41ae
- HID: betop: check shape of output reports (git-fixes,
  bsc#1207186).
- commit b716c1e
- git_sort: add usb-linus branch for gregkh/usb
- commit ea34985
- audit: ensure userspace is penalized the same as the kernel
  when under pressure (bsc#1204514).
- commit 424bf73
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (CVE-2023-0266 bsc#1207134).
- commit 55a788e
- audit: improve robustness of the audit queue handling
  (bsc#1204514).
- commit 6afddf3
- blacklist.conf: Add memcg unusable fixes
- Add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
- Add e27be240df53 mm: memcg: make sure memory.events is uptodate when waking pollers
- Add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
- Add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts
- commit 6350151
- dm thin: Use last transaction's pmd->root when commit failed
  (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
  (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
  (git-fixes).
- sbitmap: Avoid leaving waitqueue in invalid state in
  __sbq_wake_up() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
  (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup()
  (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
  (git-fixes).
- dm btree: add a defensive bounds check to insert_at()
  (git-fixes).
- floppy: Add max size check for user space request (git-fixes).
- blk-cgroup: fix missing put device in error path from
  blkg_conf_pref() (git-fixes).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
  (git-fixes).
- cryptoloop: add a deprecation warning (git-fixes).
- virtio-blk: Fix memory leak among suspend/resume procedure
  (git-fixes).
- dm space maps: don't reset space map allocation cursor when
  committing (git-fixes).
- block: only update parent bi_status when bio fail (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
  down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- Revert "/dm cache: fix arm link errors with inline"/ (git-fixes).
- nbd: fix a block_device refcount leak in nbd_release
  (git-fixes).
- blk-cgroup: Pre-allocate tree node on blkg_conf_prep
  (git-fixes).
- blk-cgroup: Fix memleak on error path (git-fixes).
- nbd: make the config put is called before the notifying the
  waiter (git-fixes).
- blk-mq: insert request not through ->queue_rq into sw/scheduler
  queue (git-fixes).
- bcache: fix super block seq numbers comparision in
  register_cache_set() (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- blktrace: break out of blktrace setup on concurrent calls
  (git-fixes).
- blktrace: fix endianness for blk_log_remap() (git-fixes).
- blktrace: fix endianness in get_pdu_int() (git-fixes).
- blktrace: use errno instead of bi_status (git-fixes).
- block/bio-integrity: don't free 'buf' if
  bio_integrity_add_page() failed (git-fixes).
- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to
  find a zone (git-fixes).
- ps3disk: use the default segment boundary (git-fixes).
- null_blk: fix spurious IO errors after failed past-wp access
  (git-fixes).
- Revert "/blkdev: check for valid request queue before issuing
  flush"/ (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq
  (git-fixes).
- null_blk: Handle null_add_dev() failures properly (git-fixes).
- block, bfq: fix overwrite of bfq_group pointer in
  bfq_find_set_group() (git-fixes).
- dm bio record: save/restore bi_end_io and bi_integrity
  (git-fixes).
- brd: check and limit max_part par (git-fixes).
- nbd: add a flush_workqueue in nbd_start_device (git-fixes).
- compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
  (git-fixes).
- block: fix memleak when __blk_rq_map_user_iov() is failed
  (git-fixes).
- nbd: fix shutdown and recv work deadlock v2 (git-fixes).
- nbd:fix memory leak in nbd_get_socket() (git-fixes).
- rsxx: add missed destroy_workqueue calls in remove (git-fixes).
- nbd: verify socket is supported during setup (git-fixes).
- nbd: handle racing with error'ed out commands (git-fixes).
- nbd: fix possible sysfs duplicate warning (git-fixes).
- commit 13f6ec9
- nbd: fix max number of supported devs (git-fixes).
- Refresh for the above change,
  patches.suse/0006-nbd-don-t-update-block-size-after-device-is-started.patch.
- commit 0c94304
- nbd: add missing config put (git-fixes).
- loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).
- block/bio-integrity: fix a memory leak bug (git-fixes).
- nbd: fix crash when the blksize is zero (git-fixes).
- dm verity: use message limit for data block corruption message
  (git-fixes).
- blk-mq: move cancel of requeue_work into blk_mq_release
  (git-fixes).
- block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).
- block, bfq: increase idling for weight-raised queues
  (git-fixes).
- dm thin: add sanity checks to thin-pool and external snapshot
  creation (git-fixes).
- zram: fix double free backing device (git-fixes).
- dm flakey: Properly corrupt multi-page bios (git-fixes).
- dm crypt: use u64 instead of sector_t to store iv_offset
  (git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (git-fixes).
- sunvdc: Do not spin in an infinite loop when vio_ldc_send()
  returns EAGAIN (git-fixes).
- dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).
- amiflop: clean up on errors during setup (git-fixes).
- swim: fix cleanup on setup error (git-fixes).
- drivers/block/zram/zram_drv.c: fix bug storing backing_dev
  (git-fixes).
- nbd: handle unexpected replies better (git-fixes).
- nbd: don't requeue the same request twice (git-fixes).
- nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag
  (git-fixes).
- commit 687c872
- block: add a lower-level bio_add_page interface (git-fixes).
- Refresh for the above change,
  patches.suse/block-remove-bvec_to_phys.patch.
- commit 1c0212c
- dm: Use kzalloc for all structs with embedded biosets/mempools
  (git-fixes).
- block/swim: Select appropriate drive on device open (git-fixes).
- block/swim: Fix IO error at end of medium (git-fixes).
- block/swim: Check drive type (git-fixes).
- block/swim: Rename macros to avoid inconsistent inverted logic
  (git-fixes).
- block/swim: Don't log an error message for an invalid ioctl
  (git-fixes).
- m68k/mac: Don't remap SWIM MMIO region (git-fixes).
- commit 7216c12
- blacklist.conf: Add hung task detector optimizations
- Add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic
- Add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend
- Add 168e06f7937d kernel/hung_task.c: force console verbose before panic
- Add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies
- commit 106657e
- blacklist.conf: Add de5b55c1d4e3 stop_machine: Use raw spinlocks
- commit 70e34be
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
  CVE-2022-47929).
- commit a70de61
- blacklist.conf: remove the following commits which will be
  backported as git-fixes,
  - f01b411f41f91fc3196eae4317cf8b4d872830a6
  - 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit f91ec99
- blacklist.conf: add git-fixes commits which won't be backported
- commit b06014b
- ipv6: raw: Deduct extension header length in
  rawv6_push_pending_frames (bsc#1207168).
- commit cec1a9b
- blacklist.conf: Blacklist 307af6c87937
- commit c4d1659
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit e12f310
- mbcache: don't reclaim used entries (bsc#1198971).
- commit f6dfab7
- Update tags
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit b091c25
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
  (bsc#1207195).
- commit b48b001
- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454).
- commit e326580
- Update
  patches.suse/net-sched-atm-dont-intepret-cls-results-when-asked-t.patch
  (bsc#1207036 CVE-2023-23454).
- commit f3bb269
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
  (bsc#1065729).
- commit d5cf3c0
- blacklist.conf: Blacklist c915fb80eaa6
- commit 4862158
- blacklist.conf: Blacklist 7159a986b420
- commit 8b03a93
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit ef0b25b
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 903c6ab
- udf: Check LVID earlier (bsc#1207108).
- commit 015783c
- udf: Fix NULL pointer dereference in udf_symlink function
  (bsc#1206646).
- commit a391f82
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit 1573f9a
- udf: Limit sparing table size (bsc#1206643).
- commit 458f745
- udf: Avoid accessing uninitialized data on failed inode read
  (bsc#1206642).
- commit ae4803c
- udf: Fix free space reporting for metadata and virtual
  partitions (bsc#1206641).
- commit a21c3d0
- udf: Fix BUG on corrupted inode (bsc#1207107).
- commit 142aae1
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit 1fd21c3
- blacklist.conf: Blacklist dd5532a4994b
- commit 1a95452
- blacklist.conf: Blacklist 10f04d40a9fa
- commit 9db6570
- blacklist.conf: Blacklist 6fcbcec9cfc7
- commit a38aa89
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF}
  quotactls (bsc#1207104).
- commit 9272ca4
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 9135482
- blacklist.conf: Blacklist 28ce50f8d96e
- commit 4884298
- isofs: reject hardware sector size > 2048 bytes (bsc#1207103).
- commit e46cdb2
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 6127981
- sbitmap: Avoid leaving waitqueue in invalid state in
  __sbq_wake_up() (git-fixes).
- commit 8e6d6a5
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
  (bsc#1207102).
- commit 7338cee
- block, bfq: fix overwrite of bfq_group pointer in
  bfq_find_set_group() (bsc#1175995,jsc#SLE-15608).
- commit d71d0e3
- blacklist.conf: Blacklist 5c099c4fdc43
- commit 665ce36
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit 7faea59
- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 0eea07e
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 7a14dda
- blacklist.conf: Blacklist d1052d236edd
- commit 0c9fa3b
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit bc2f14a
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 9a43afd
- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit b5cdb98
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit 49d324e
- blacklist.conf: Blacklist 613c5a85898d
- commit 54c3380
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit b7ada6c
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit c7f8ba9
- ext4: unindent codeblock in ext4_xattr_block_set()
  (bsc#1198971).
- commit cd983c4
- blacklist.conf: Blacklist 6bc0d63dad7f
- commit eaa9493
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 7e9aa45
- ext4: recover csum seed of tmp_inode after migrating to extents
  (bsc#1202713).
- commit 2f31cd1
- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit 84de60f
- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit 65f415c
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 3e25d04
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit cc87a22
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit ede473e
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit 4f9eee6
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit 22a4adc
- ext4: don't BUG if someone dirty pages without asking ext4 first
  (bsc#1207097).
- blacklist.conf: Blacklist ea_inode related commits
- commit 9502092
- blacklist.conf: Blacklist 5dccdc5a1916
- commit 4f5adf1
- blacklist.conf: Blacklist b5776e7524af
- commit f1a0a1a
- ext4: Detect already used quota file early (bsc#1206873).
- commit 87720a2
- blacklist.conf: Blacklist 11215630aada
- commit eb3396e
- blacklist.conf: Blacklist 8418897f1bf8
- commit 16639ef
- blacklist.conf: Blacklist 907ea529fc4c
- commit 6a4fc32
- blacklist.conf: Blacklist a17a9d935dc4
- commit a76a169
- ext4: use matching invalidatepage in ext4_writepage
  (bsc#1206858).
- commit aba337c
- blacklist.conf: Blacklist c96e2b8564ad
- commit 49f777f
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 1cd40a2
- blacklist.conf: Blacklist f629afe3369e
- commit 2a1b322
- blacklist.conf: Blacklist 64d4ce892383
- commit ab3ecba
- blacklist.conf: Blacklist 65db869c754e
- commit bd9d268
- blacklist.conf: Blacklist 8c380ab4b7b5
- commit 6d50017
- ext4: prohibit fstrim in norecovery mode (bsc#1207094).
- commit 968ac45
- blacklist.conf: Blacklist 6c7328400e04
- commit 192eee8
- blacklist.conf: Blacklist ddccb6dbe780
- commit b7b4229
- ext4: clear mmp sequence number when remounting read-only
  (bsc#1207093).
- commit 7957fbf
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).
- commit 9556f87
- blacklist.conf: Blacklist couple of commits
- commit d7f2f6c
- net: sched: cbq: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit fcfa387
- net: sched: atm: dont intepret cls results when asked to drop
  (bsc#1207036).
- commit 9f135a3
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit d23f0d2
- module: set MODULE_STATE_GOING state when a module fails to load
  (git-fixes).
- commit db5c7ff
- blacklist.conf: add f6d061d61712 ("/kernel/module: Fix memleak in
  module_add_modinfo_attrs()"/)
- commit adb3140
- README.BRANCH: Remove Petr Tesařík from README.BRANCH
  Petr is no longer with SUSE, and the address bounces.
- commit a114688
- blacklist.conf: ppc radix hugepage ioremap
  Add commits related to this feature we don't have on 4.12
- commit 30daa9a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
  (bsc#1065729).
- powerpc/smp: Set numa node before updating mask (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
  failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
  (bsc#1065729).
- powerpc: sysdev: add missing iounmap() on error in
  mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
  (bsc#1065729).
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
  (bsc#1065729).
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
  (bsc#1065729).
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
  a valid PE number (bsc#1065729).
- commit 1c66115
- powerpc/pseries/cmm: Implement release() function for sysfs
  device (bsc#1065729).
- powerpc/pseries: Mark accumulate_stolen_time() as notrace
  (bsc#1065729).
- powerpc/futex: Fix warning: 'oldval' may be used uninitialized
  in this function (bsc#1065729).
- Refresh patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch
- commit 3acc489
- powerpc/pci/of: Fix OF flags parsing for 64bit BARs
  (bsc#1065729).
- powerpc/pseries/hvconsole: Fix stack overread via udbg
  (bsc#1065729).
- powerpc/boot: Fix missing check of lseek() return value
  (bsc#1065729).
- powerpc/traps: Fix the message printed when stack overflows
  (bsc#1065729).
- powerpc/pseries: add of_node_put() in dlpar_detach_node()
  (bsc#1065729).
- powerpc/pseries: Fix node leak in
  update_lmb_associativity_index() (bsc#1065729).
- powerpc/powernv/eeh/npu: Fix uninitialized variables in
  opal_pci_eeh_freeze_status (bsc#1065729).
- powerpc/mm: Make NULL pointer deferences explicit on bad page
  faults (bsc#1065729).
- powerpc/xmon: fix dump_segments() (bsc#1065729).
- powerpc/64/module: REL32 relocation range check (bsc#1065729).
- powerpc/time: Fix clockevent_decrementer initalisation for PR
  KVM (bsc#1065729).
- powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
  (bsc#1065729).
- powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
  (bsc#1065729).
- powerpc/boot: Disable vector instructions (bsc#1065729).
- powerpc/time: Use clockevents_register_device(), fixing an
  issue with large decrementer (bsc#1065729).
- powerpc/xive: Move a dereference below a NULL test
  (bsc#1065729).
- powerpc/64s/hash: Fix stab_rr off by one initialization
  (bsc#1065729).
- powerpc/iommu: Avoid derefence before pointer check
  (bsc#1065729).
- powerpc/powernv: opal_put_chars partial write fix (bsc#1065729).
- powerpc/boot: Fix 64-bit boot wrapper build with non-biarch
  compiler (bsc#1065729).
- Refresh patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch
- commit 5dcb3e2
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
  git-fixes).
- powerpc/xive: Add a check for memory allocation failure
  (fate#322438 git-fixes).
- commit 3922d2a
- memcg, kmem: further deprecate kmem.limit_in_bytes
  (bsc#1206896).
- commit 5804d85
- arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes)
- commit 714ef7f
- arm64: smp: Handle errors reported by the firmware (git-fixes)
- commit 9d794c2
- blacklist.conf: ("/arm64: mm: Prevent mismatched 52-bit VA support"/)
- commit f1a361c
- arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes)
- commit 6cee162
- arm64: ftrace: don't adjust the LR value (git-fixes)
- commit eb42f1a
- arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes)
- commit c7b004f
- arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes)
- commit b2c772e
- arm64: makefile fix build of .i file in external module case (git-fixes)
- commit 195399e
- blacklist.conf: ("/arm64: percpu: Initialize ret in the default case"/)
- commit 4e64a56
- blacklist.conf: ("/arm64: lib: use C string functions with KASAN enabled"/)
- commit dd95ca4
- arm64: jump_label.h: use asm_volatile_goto macro instead of "/asm (git-fixes)
- commit eb342d8
- arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes)
- commit 14aabd0
- arm64: alternative: Use true and false for boolean values (git-fixes)
- commit 301b65d
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes)
- commit a25e150
- arm64: make secondary_start_kernel() notrace (git-fixes)
- commit 4106666
- blacklist.conf: ("/arm64: defconfig: Enable Rockchip io-domain driver"/)
- commit ad93c99
- arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes)
- commit e15bbd4
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes)
- commit 62841b2
- arm64: ptrace: remove addr_limit manipulation (git-fixes)
- commit e003877
- blacklist.conf: Add ppc fixes only applicable to 4.14
- commit 131a7b8
- blacklist.conf: Add reverted ppc commit
- commit a8b8b81
- NFS Handle missing attributes in OPEN reply (bsc#1203740).
- commit 5c8477f
- blacklist.conf: cosmetic fix
- commit 4cdceea
- blacklist.conf: cosmetic fix
- commit 0413215
- blacklist.conf: adds a WARN only
- commit f484812
- usb: dwc3: gadget: Fix OTG events when gadget driver isn't
  loaded (git-fixes).
- commit c42a78e
- blacklist.conf: changes API
- commit df9a032
- blacklist.conf: powerpc watchdog implemented in 4.13
- commit 7400877
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 3059da1
- powerpc/pseries/eeh: use correct API for error log size
  (bsc#1065729).
- powerpc/perf: callchain validate kernel stack pointer bounds
  (bsc#1065729).
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- Refresh patches.suse/powerpc-disable_fixed_phb_option.patch
- powerpc/64: Init jump labels before parse_early_param()
  (bsc#1065729).
- commit e9baafc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
  (jsc#PED-568).
- scsi: qla2xxx: Remove unused variable 'found_devs'
  (jsc#PED-568).
- scsi: qla2xxx: Fix set-but-not-used variable warnings
  (jsc#PED-568).
- commit 445debb
- blacklist.conf: fixes for bugs we don't have
  git-fixes suggests patches from a later LTS which are fixes for patches
  that we don't have.  So blacklist them.
- commit 7eacd62
- Refresh patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch.
  This has landed in mainline so update commit info
- commit 102542f
- Refresh
  patches.suse/NFS-Further-fixes-to-the-writeback-error-handling.patch.
  gcc pointed out to me a porting error in this patch
- commit 00a42ee
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
  (git-fixes).
- NFS: swap-out must always use STABLE writes (git-fixes).
- NFS: swap IO handling is slightly different for O_DIRECT IO
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
  (git-fixes).
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- NFS: Correct size calculation for create reply length
  (git-fixes).
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
  (git-fixes).
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
  private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
  pnfs_layout_process() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
  delegation recall (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
  (git-fixes).
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
  (git-fixes).
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
  fails (git-fixes).
- sunrpc: fix crash when cache_head become valid before update
  (git-fixes).
- fs: nfs: Fix possible null-pointer dereferences in
  encode_attrs() (git-fixes).
- NFSv2: Fix write regression (git-fixes).
- NFSv2: Fix eof handling (git-fixes).
- NFS: Fix initialisation of I/O result struct in
  nfs_pgio_rpcsetup (git-fixes).
- NFSv4: Fix return value in nfs_finish_open() (git-fixes).
- NFSv4: Fix return values for nfs4_file_open() (git-fixes).
- svcrdma: Ignore source port when computing DRC hash (git-fixes).
- net :sunrpc :clnt :Fix xps refcount imbalance on the error path
  (git-fixes).
- nfsd: allow fh_want_write to be called twice (git-fixes).
- sunrpc: don't mark uninitialised items as VALID (git-fixes).
- nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
- nfs: Fix NULL pointer dereference of dev_name (git-fixes).
- NFS: nfs_compare_mount_options always compare auth flavors
  (git-fixes).
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
  (git-fixes).
- sunrpc: fix cache_head leak due to queued request (git-fixes).
- nfsd: fix a warning in __cld_pipe_upcall() (git-fixes).
- nfsd4: fix crash on writing v4_end_grace before nfsd startup
  (git-fixes).
- lockd: fix decoding of TEST results (git-fixes).
- SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes).
- flexfiles: enforce per-mirror stateid only for v4 DSes
  (git-fixes).
- flexfiles: use per-mirror specified stateid for IO (git-fixes).
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
  (git-fixes).
- SUNRPC: drop pointless static qualifier in
  xdr_get_next_encode_buffer() (git-fixes).
- sunrpc: Fix connect metrics (git-fixes).
- SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes).
- NFSv4.x: fix lock recovery during delegation recall (git-fixes).
- SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
  (git-fixes).
- NFSv4: Fix open create exclusive when the server reboots
  (git-fixes).
- commit 25159f5
- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit d06e561
- Fix kABI breakage in usb.h: struct usb_device:
  hide new member (bsc#1206664 CVE-2022-4662).
- USB: core: Prevent nested device-reset calls (bsc#1206664
  CVE-2022-4662).
- commit 3cb5d2f
- move new members of struct usbnet to end (git-fixes).
- commit 727de32
- CDC-NCM: remove "/connected"/ log message (git-fixes).
- commit 22cc214
- media: Don't let tvp5150_get_vbi() go out of vbi_ram_default
  array (git-fixes).
- commit 09471ab
- media: i2c: tvp5150: remove useless variable assignment in
  tvp5150_set_vbi() (git-fixes).
- commit 0f3eff0
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit d5fc0df
- Add Tegra repository to git_sort.
- commit a3bc12e
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
  Refresh
  patches.suse/0002-Add-a-void-suse_kabi_padding-placeholder-to-some-USB.patch.
- commit 6849123
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- commit b2fe9de
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bcc09f1
- rndis_host: increase sleep time in the query-response loop
  (git-fixes).
- commit 7632b5d
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
  switch (git-fixes).
- commit b040831
- net: kalmia: fix memory leaks (git-fixes).
- commit c76568f
- net/usb/kalmia: use ARRAY_SIZE for various array sizing
  calculations (git-fixes).
- commit fefbe90
- net: kalmia: clean up bind error path (git-fixes).
- commit ba39d56
- net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes).
- commit a8619f3
- net: usb: asix: init MAC address buffers (git-fixes).
- commit b22ad3e
- net: usb: asix: ax88772_bind return error when hw_reset fail
  (git-fixes).
- Refresh
  patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch.
- commit 65076ad
- blacklist.conf: duplicate
- commit 5f7f532
- net: usb: rtl8150: demote allmulti message to dev_dbg()
  (git-fixes).
- commit 117cf2b
- kABI: mitigate new ufs_stats field (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
  (git-fixes).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
  (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case
  (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
  (git-fixes).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
  PT2PT topology (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
  (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
  (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
  (git-fixes).
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
  (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
  scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
  "/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
  (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands
  (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sr: Return correct event when media event code is 3
  (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns
  - ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
  (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for
  list_for_each_entry() (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
  shift of u8 (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
  (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
  (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
  (git-fixes).
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
  state (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
  (git-fixes).
- scsi: scsi_transport_srp: Don't block target in failfast state
  (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
  suspend-to-disk ->poweroff() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
  (git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is
  runtime ACTIVE (git-fixes).
- scsi: libiscsi: Fix NOP race condition (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
  (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
  (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O
  (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by
  ufs_qcom_testbus_config() (git-fixes).
- scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
  (git-fixes).
- commit 8407432
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit ad34c09
- scsi: ufs: Clean up completed request without interrupt
  notification (git-fixes).
- Refresh
  patches.suse/scsi-ufs-properly-release-resources-if-a-task-is-aborted-successfully.
- commit 47def13
- scsi: ufs: Improve interrupt handling for shared interrupts
  (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
  (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
  (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
  (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check
  (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor
  (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
  (git-fixes).
- scsi: mpt3sas: Fix double free warnings (git-fixes).
- scsi: qedi: Fix termination timeouts in session logout
  (git-fixes).
- scsi: qedi: Do not flush offload work if ARP not resolved
  (git-fixes).
- scsi: iscsi: Report unbind session event when the target has
  been removed (git-fixes).
- scsi: aacraid: Disabling TM path and only processing IOP reset
  (git-fixes).
- scsi: ipr: Fix softlockup when rescanning devices in petitboot
  (git-fixes).
- scsi: Revert "/target: iscsi: Wait for all commands to finish
  before freeing a session"/ (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
  connections (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
  (git-fixes).
- scsi: ufs: Complete pending requests in host reset and restore
  path (git-fixes).
- scsi: libcxgbi: fix NULL pointer dereference in
  cxgbi_device_destroy() (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: target: iscsi: Wait for all commands to finish before
  freeing a session (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: pm80xx: Fix for SATA device discovery (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
  SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
  (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
  (git-fixes).
- scsi: aacraid: fix illegal IO beyond last LBA (git-fixes).
- scsi: mpt3sas: Fix clear pending bit in ioctl status
  (git-fixes).
- scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
  (git-fixes).
- scsi: sni_53c710: fix compilation error (git-fixes).
- scsi: scsi_dh_alua: handle RTPG sense code correctly during
  state transitions (git-fixes).
- scsi: megaraid: disable device when probe failed after enabled
  device (git-fixes).
- scsi: ufs: skip shutdown if hba is not powered (git-fixes).
- scsi: core: Reduce memory required for SCSI logging (git-fixes).
- scsi: hpsa: correct scsi command status issue after reset
  (git-fixes).
- commit 01813b3
- scsi: scsi_dh_alua: always use a 2 second delay before retrying
  RTPG (git-fixes).
- Refresh
  patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch.
- commit 37a1f9a
- scsi: megaraid_sas: fix panic on loading firmware crashdump
  (git-fixes).
- scsi: libcxgbi: add a check for NULL pointer in
  cxgbi_check_route() (git-fixes).
- scsi: qedi: Abort ep termination if offload not scheduled
  (git-fixes).
- scsi: ufs: Fix regulator load and icc-level configuration
  (git-fixes).
- scsi: ufs: Avoid configuring regulator with undefined voltage
  range (git-fixes).
- scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
  (git-fixes).
- scsi: qla4xxx: fix a potential NULL pointer dereference
  (git-fixes).
- scsi: iscsi: flush running unbind operations when removing a
  session (git-fixes).
- scsi: megaraid_sas: reduce module load time (git-fixes).
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
  (git-fixes).
- scsi: libsas: Check SMP PHY control function result (git-fixes).
- scsi: 53c700: pass correct "/dev"/ to dma_alloc_attrs()
  (git-fixes).
- scsi: ufs: Fix system suspend status (git-fixes).
- scsi: qla4xxx: check return code of
  qla4xxx_copy_from_fwddb_param (git-fixes).
- scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
  free_irq during unload (git-fixes).
- scsi: libiscsi: Fix NULL pointer dereference in
  iscsi_eh_session_reset (git-fixes).
- scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes).
- scsi: dc395x: fix dma API usage in srb_done (git-fixes).
- scsi: iscsi_tcp: Explicitly cast param in
  iscsi_sw_tcp_host_get_param (git-fixes).
- scsi: isci: Change sci_controller_start_task's return type to
  sci_status (git-fixes).
- scsi: isci: Use proper enumerated type in
  atapi_d2h_reg_frame_handler (git-fixes).
- scsi: ips: fix missing break in switch (git-fixes).
- scsi: NCR5380: Check for bus reset (git-fixes).
- scsi: NCR5380: Handle BUS FREE during reselection (git-fixes).
- scsi: NCR5380: Don't call dsprintk() following reselection
  interrupt (git-fixes).
- scsi: NCR5380: Don't clear busy flag when abort fails
  (git-fixes).
- scsi: NCR5380: Check for invalid reselection target (git-fixes).
- scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
  (git-fixes).
- scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
  (git-fixes).
- scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes).
- scsi: NCR5380: Clear all unissued commands on host reset
  (git-fixes).
- scsi: pm80xx: Fixed system hang issue during kexec boot
  (git-fixes).
- scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes).
- scsi: sd: don't crash the host on invalid commands (git-fixes).
- scsi: ibmvscsis: Ensure partition name is properly NUL
  terminated (git-fixes).
- scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes).
- scsi: 3ware: fix return 0 on the error path of probe
  (git-fixes).
- scsi: vmw_pvscsi: Return DID_RESET for status
  SAM_STAT_COMMAND_TERMINATED (git-fixes).
- scsi: fcoe: drop frames in ELS LOGO error path (git-fixes).
- scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
  (git-fixes).
- commit 629211b
- blacklist.conf: add git-fix commits to black list
- commit 77cd26b
- drm/amdkfd: Check for null pointer after calling kmemdup
  (CVE-2022-3108 bsc#1206389 git-fixes).
- commit d5c766f
- Update
  patches.suse/msft-hv-2553-hv_netvsc-Add-check-for-kvmalloc_array.patch
  (CVE-2022-3107 bsc#1206395 git-fixes).
- commit 060c52f
- blacklist.conf: Risky, requires reworking of mempolicies
- commit f553475
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit d2abfa4
- blacklist.conf: fixes for old ftrace bugs, too intrusive
- commit 16e8a4b
- blacklist.conf: afs fixes which is not compiled
- commit e4c8294
- tracing: Fix code comments in trace.c (git-fixes).
- commit ec2222c
- blacklist.conf: code style cleanup for kernel/module
- commit 4ec89b1
- blacklist.conf: cosmetic fix
- commit 69fb632
- Bluetooth: hci_qca: Fix the teardown problem for real
  (git-fixes).
- commit d54a6b7
- memcg: Fix possible use-after-free in
  memcg_write_event_control() (bsc#1206344).
- commit 2e65110
- blacklist.conf: removes an API
- commit e61353f
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- commit f421241
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 707f425
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- usb: dwc3: gadget: only unmap requests from DMA if mapped
  (git-fixes).
- Refresh
  patches.suse/0001-usb-dwc3-gadget-Clear-req-needs_extra_trb-flag-on-cl.patch.
- Refresh
  patches.suse/usb-dwc3-gadget-never-call-complete-from-ep_queue.patch.
- commit 5538962
- scripts/git_sort/git_sort.py: Add arm-soc for-next tree.
- commit e5f5f10
- powerpc/boot: Explicitly disable usage of SPE instructions
  (bsc#1065729).
- commit 4db02b2
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
  This new form was added in commit b8c86872d1dc (riscv: fix detection of
  toolchain Zicbom support).
- commit e9f2ba6
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- mm, page_alloc: avoid expensive reclaim when compaction may
  not succeed (bsc#1204250).
- commit 16163cf
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
  This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798).
- commit cab7952
- Revert "/constraints: increase disk space for all architectures"/
  (bsc#1203693).
  This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- constraints: increase disk space for all architectures
  References: bsc#1203693
  aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
  very close to the limit.
- commit 43a9011
- scripts/CKC: don't output from shopt
  shopt outputs the status of the flag, so that git grep looks like:
  git grep -qi 'nocasematch     off
  ^References:.*bsc#1202195' remotes/origin/SLE15-SP2-RT -- 'patches.*'
  I don't know how it can work (it does -- maybe thanks to ^), but it's
  not definitely OK.
  So make shopt in term2regex() quiet.
- commit 9ca71fb
- scripts/CKC: store local branches with $USER prefix
  So that on shared machines, it can be overwritten when expires.
- commit 1dae151
- scripts/CKC: speed up the git-grep
  Search only in patches.*. I.e. skip especially all those large kabi
  files.
  The speedup is significant:
  real    1m28,309s
  to:
  real    0m57,260s
- commit 2ea817a
- scripts/CKC: simplify print_branch
  AFAIU, it's simply:
  printf "/%-23s"/
- commit ec10bb9
- scripts/CKC: test accepts only =, not ==
  And put $1 into "/"/ too.
- commit acae7f9
- scripts/CKC: Don't use empty branches file
  Don't use it and don't write neither.
- commit 311b204
- scripts/python/suse_git/header.py: Catch the use of "/Not yet, submitted"/
  Also add a test case for it.
  For submitted patches, you should use "/Patch-mainline: Submitted"/
  rather than "/Not yet, submitted"/. Enforce this in check-patchhdr so
  that such mistakes are caught earlier.
- commit 475b64b
- scripts/CKC: Search also CVE and generic references
  Sometimes it's useful to check that references exits, not the commit
  itself.
- commit c34e0ed
- scripts/CKC: Make checker more specific
- commit 5cdb9a3
- scripts/CKC: Make checker script download branches.conf
  Requires curl, downloads and caches the branches.conf file.
- commit e7c8885
- scripts/CKC: Modify check-kernel-commit to parse branches.conf
  Thus we can use the same source of truth.
- commit 0c2b4b3
- scripts: Add helper script to search commit presence in kernel-source
  The helper can have various uses. Checking for CVE patches is on of the
  existing use cases.
  This version of the script relies on file with branches to check.
  It will be modified to be interoperable with branches.conf.
- commit 809939e
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- commit 7e1d602
- git_sort: update netfilter repositories
  The official URL of netfilter repositories (nf and nf-next) was changed by
  mainline commit 1f6339e034d5 ("/MAINTAINERS: netfilter: update git links"/)
  and the old repositories (with "/pablo"/) have not been updated since
  May 2022.
- commit 33c6a43
- scripts/wd-functions.sh: fix get_branch_name() in worktree
  Instead of using a hard-coded path for the git directory, use git
  rev-parse with --git-dir flag, introduced since 0.99.7, to find the git
  directory so branch name can be correctly detected while in git
  worktrees.
- commit 283838a
krb5
- Update logrotate script, call systemd to reload the services
  instead of init-scripts; (bsc#1206152);
libX11
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)
libXpm
- U_regression2-bug1207029_1207030_1207031.patch
  * second regression fix: Use gzip -d instead of gunzip
- U_regression-bug1207029_1207030_1207031.patch
  * regression fix for above patches
- U_0000-Update-README-for-gitlab-migration.patch
  * needed by U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
- U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch
  * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
- U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch
  * libXpm: Infinite loop on unclosed comments (CVE-2022-46285,
    bsc#1207029)
- U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch
  * libXpm: Runaway loop on width of 0 and enormous height
    (CVE-2022-44617, bsc#1207030)
- U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch
  * libXpm: compression commands depend on $PATH (CVE-2022-4883,
    bsc#1207031)
libvirt
- cpu_map: Drop pconfig from Icelake-Server CPU model
  dbc04114-cpu_x86-Require-cpuid-within-feature-in-CPU-map.patch,
  3673269e-cpu_x86-Introduce-virCPUx86DataItem-container-struct.patch,
  c02d70d5-cpu_x86-Rename-virCPUx86Vendor.cpuid.patch,
  6c22b329-cpu_x86-Rename-virCPUx86DataItem-variables.patch,
  5655b831-cpu_x86-Rename-x86DataCpuidNext-function.patch,
  609f467f-cpu_x86-Rename-x86DataCpuid.patch,
  95accfa7-cpu_x86-Rename-virCPUx86CPUIDSorter.patch,
  ce420425-cpu_x86-Rename-virCPUx86DataAddCPUIDInt.patch,
  8f1a8ce3-cpu_x86-Rename-virCPUx86DataAddCPUID.patch,
  3eff71a2-cpu_x86-Rename-virCPUx86VendorToCPUID.patch,
  0fdc0ad8-cpu_x86-Simplify-x86DataAdd.patch,
  559ccd78-cpu_x86-Introduce-virCPUx86DataCmp.patch,
  9c6f00fc-cpu_x86-Make-x86cpuidSetBits-more-general.patch,
  4e3cab2d-cpu_x86-Make-x86cpuidClearBits-more-general.patch,
  da1efddf-cpu_x86-Make-x86cpuidAndBits-more-general.patch,
  2eea67a9-cpu_x86-Make-x86cpuidMatchMasked-more-general.patch,
  10b80165-cpu_x86-Make-x86cpuidMatch-more-general.patch,
  370177e2-cpu_x86-Store-virCPUx86DataItem-content-in-union.patch,
  fcf4846a-cpu_x86-Add-support-for-storing-MSR-features-in-CPU-.patch,
  e17d1038-cpu_x86-Move-CheckFeature-functions.patch,
  0a97486e-cpu_x86-Fix-placement-of-CheckFeature-functions.patch,
  32f577ab-cpu_x86-Fix-placement-of-CheckFeature-functions.patch,
  b1286526-qemu-Drop-qemuFeatureNoEffect.patch,
  955fd6e7-qemu_process-Drop-cleanup-label-from-qemuProcessUpda.patch,
  c145b660-cpu_conf-Introduce-virCPUDefFilterFeatures.patch,
  0b763774-qemu-Filter-CPU-features-in-active-XML.patch,
  4e6f58b8-conf-Introduce-virCPUDefCheckFeatures.patch,
  b8e086a5-cpu_x86-Turn-virCPUx86DataIteratorInit-into-a-functi.patch,
  bcfed7f1-cpu_x86-Introduce-virCPUx86FeatureFilter-MSR.patch,
  668797dc-cpu_conf-Pass-policy-to-CPU-feature-filtering-callba.patch,
  ac34e141-qemu-Drop-disabled-CPU-features-unknown-to-QEMU.patch,
  9cd03f79-cpu_map-Drop-pconfig-from-Icelake-Server-CPU-model.patch,
  2816fe2e-qemu-fix-NULL-ptr-deref.patch
  bsc#1203536
libxslt
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
lvm2
- LVM volume groups are not being cleaned up after kiwi image build (bsc#1142550)
  + bug-1142550_02-LVM-vg-are-not-being-cleaned-up-after-kiwi-image-build.patch
mozilla-nss
- update to NSS 3.79.4 (bsc#1208138)
  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
    (CVE-2023-0767)
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
  (bsc#1204272)
- update to NSS 3.79.3 (bsc#1207038)
  * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
    (CVE-2022-23491)
nfs-utils
- 0204-Don-t-assume-the-machine-account-will-be-in-upp.patch
  Be more flexabily with case of machine account name
  (bsc#1207245)
- 0203-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
openssl-1_0_0
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
- Fix DH key generation in FIPS mode, add support for constant BN for
  DH parameters [bsc#1202062]
  * Add patch: openssl-fips_fix_DH_key_generation.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
  - openssl-Groundwork-for-a-perl-based-testing-framework.patch
  - openssl-Add-recipes-for-the-larger-protocols.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add openssl-CVE-2022-4304.patch
- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch
openssl-1_1
- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
pacemaker
- cts-scheduler: update test for preventing inactive instances from starting if probe is unrunnable on any nodes (bsc#1206263)
  * bsc#1206263-0006-Test-cts-scheduler-update-test-for-preventing-inacti.patch
- scheduler: prevent inactive instances from starting if probe is unrunnable on any nodes  (bsc#1206263)
  * bsc#1206263-0005-Fix-scheduler-prevent-inactive-instances-from-starti.patch
- libpacemaker: ensure any pending recurring monitor gets updated if it fails (bsc#1206263)
  * bsc#1206263-0004-Fix-libpacemaker-ensure-any-pending-recurring-monito.patch
- cts-scheduler: update test for preventing a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
  * bsc#1206263-0003-Test-cts-scheduler-update-test-for-preventing-a-left.patch
- scheduler: prevent a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
  * bsc#1206263-0002-Fix-scheduler-prevent-a-leftover-pending-monitor-fro.patch
- cts-scheduler: add test for preventing a leftover pending monitor from causing unexpected stop of other instances (bsc#1206263)
  * bsc#1206263-0001-Test-cts-scheduler-add-test-for-preventing-a-leftove.patch
- Use effective OCF rc-code to avoid increasing failcount for DEGRADED statuses (bsc#1205861)
  * bsc#1205861-0002-Fix-Use-effective-OCF-rc-code-to-avoid-increasing-fa.patch
- Accept PCMK_OCF_DEGRADED and PCMK_OCF_DEGRADED_MASTER status codes (bsc#1205861)
  * bsc#1205861-0001-Fix-Accept-PCMK_OCF_DEGRADED-and-PCMK_OCF_DEGRADED_M.patch
python-cffi
- Add require-writable.patch to support the optional argument
  "/require_writable"/ in "/from_buffer"/ method, that's used by the
  python-cryptography security fix gh#pyca/cryptography@9fbf84efc861
  (bsc#1208036, CVE-2023-23931)
  The upstream patch can be found here:
  https://foss.heptapod.net/pypy/cffi/-/commit/c5c4d32c3e3ec0fbaabc4b9890fd17c9c58407d2
python-cryptography
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects
python-py-doc
- Add patch CVE-2022-42969-remove-svn-traces.patch:
  * Stop using or advertising svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Remove the _path testing configuration file too, so the testsuite runs.
  (bsc#1208181)
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
python-setuptools
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
  (ReDoS) in package_index.py.
  bsc#1206667
python3
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
  (gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
python3-base
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
python36
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
  the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
resource-agents
- ECO: Maint: Remove ocf_heartbeat_ZFS (jsc#PED-2841)
  Add patch:
    remove-zfs-support.patch
- SAPInstance can break if kill.sap includes unexpected content.
  (bsc#1206100)
  Include upstream patch:
    1825.patch
- ECO: Maint: AWS EFS Support in Filesystem OCF required
  (jsc#PED-2794)
  Include upstream patch:
    0001-Filesystem-Add-support-for-Amazon-EFS-mount-helper.patch
- Pacemaker should provide a dynamic option to specify a logfile
  (jsc#PED-121)
  Add upstream patch:
    1739.patch
samba
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).
- CVE-2022-38023: Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
sudo
- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.
- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "/sudo -U otheruser -l"/ would dereference
    a NULL pointer.
- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.
- Modified sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
  * Fixes crash while using sssd plugin caused by regression
    introduced by this patch
  * bsc#1206170
systemd
- Import commit 95ad6444b8d4c9cbd6c745ba9b4463264109ee11
  acb6da7b4a pager: make pager secure when under euid is changed or explicitly requested
  7c8bbe16a2 pager: set $LESSSECURE whenver we invoke a pager (bsc#1208958 CVE-2023-26604)
  e931881112 core: if the start command vanishes during runtime don't hit an assert (bsc#1206985)
tar
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436-1.patch
  * bsc1202436-2.patch
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch
tcl
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.
tiff
  * CVE-2022-48281 [bsc#1207413]
    + tiff-CVE-2022-48281.patch
- security update:
timezone
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
vim
- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
  * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
  * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
  * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
  * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
  * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
  * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.0814...v9.0.1234
xterm
- xterm-CVE-2022-45063.patch: Fixed code injection via fontops ESC 50
  when a font is not present (bsc#1205305 CVE-2022-45063)
yast2-packager
- Do not fail when the installation URL contains a space
  (bsc#1201816)
- 3.3.5
zlib
- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch