- Update avahi-daemon-check-dns-suse.patch to drop privileges when
  invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
  negotiation can be targeted by a buffer overflow attack
  [bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]
- Added crash-xen-increase-__physical_mask_shift_xen-to-52.patch
- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
  Adapt suggested changes in %post section.
  Do not hide output on standard error during generating the keys.
- Fix: SFTP uploads result in empty uploaded files [bsc#1177976]
- Add curl-fix-O_APPEND.patch
- Add patch 0446fadf.patch to fix bsc#1182138
  * Bug in "/echo 8000 | file -"/ gzip
- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
  (CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
  /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
- ppc-power10-support.patch: powerpc: Add support for POWER10
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
  * 0028-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
  * 0029-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
  * 0030-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
  * 0031-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
  * 0032-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
  * 0033-util-mkimage-Improve-data_size-value-calculation.patch
  * 0034-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
  * 0035-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
  * 0036-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
  * 0019-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
  * 0021-kern-parser-Fix-resource-leak-if-argc-0.patch
  * 0022-kern-parser-Fix-a-memory-leak.patch
  * 0023-kern-parser-Introduce-process_char-helper.patch
  * 0024-kern-parser-Introduce-terminate_arg-helper.patch
  * 0025-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
  * 0026-kern-buffer-Add-variable-sized-heap-buffer.patch
  * 0027-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
  * 0020-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
  * 0018-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
  * 0017-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
  * 0001-mkimage-Clarify-file-alignment-in-efi-case.patch
  * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
  * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
  * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
  * 0005-efi-Add-secure-boot-detection.patch
  * 0006-kern-Add-lockdown-support.patch
  * 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
  * 0008-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
  * 0009-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
  * 0010-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
  * 0011-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
  * 0012-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
  * 0013-commands-setpci-Restrict-setpci-command-when-locked-.patch
  * 0014-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
  * 0015-gdb-Restrict-GDB-access-when-locked-down.patch
  * 0016-loader-xnu-Don-t-allow-loading-extension-and-package.patch
  * 0037-squash-Add-secureboot-support-on-efi-chainloader.patch
  * 0038-squash-grub2-efi-chainload-harder.patch
  * 0039-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
  * 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch
  * 0041-squash-kern-Add-lockdown-support.patch
- Add SBAT metadata section to grub.efi
  * grub2.spec
- Update to version 2.6.0:
  * Use fullpath of binary (bsc#1181436)
  * remove %x (bsc#1182163)
- bsc#1179748 CVE-2020-27828: Fix heap overflow by checking maxrlvls
  Add jasper-CVE-2020-27828.patch
- bsc#1181483 CVE-2021-3272: Fix heap overflow by ensuring number
  of channels matches image components
  Add jasper-CVE-2021-3272.patch
- Update to Java 7.1 Service Refresh 4 Fix Pack 80
  [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
  * CVE-2020-27221: Potential for a stack-based buffer overflow
    when the virtual machine or JNI natives are converting from
    UTF-8 characters to platform encoding.
  * CVE-2020-14803: Unauthenticated attacker with network access
    via multiple protocols allows to compromise Java SE.
- kABI: Fix kABI for extended APIC-ID support (bsc#1181001,
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001,
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where
  available (bsc#1181001, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE
  (bsc#1181001, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit
  (bsc#1181001, jsc#ECO-3191).
- x86/apic: Fix x2apic enablement without interrupt remapping
  (bsc#1181001, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181001,
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is
  not built (bsc#1181001, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported
  address widths (bsc#1181001, jsc#ECO-3191).
- commit f781b81
- Move futex fixes into the sorted section (bsc#1181349 CVE-2021-3347)
- commit c34c9df
- drm/i915: Check for all subplatform bits (git-fixes).
- can: dev: prevent potential information leak in can_fill_info()
- xhci: tegra: Delay for disabling LFPS detector (git-fixes).
- xhci: make sure TRB is fully written before giving it to the
  controller (git-fixes).
- USB: ehci: fix an interrupt calltrace error (git-fixes).
- ehci: fix EHCI host controller initialization sequence
- ALSA: seq: oss: Fix missing error check in
  snd_seq_oss_synth_make_info() (git-fixes).
- ALSA: hda/via: Add minimum mute flag (git-fixes).
- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner
  fields (git-fixes).
- drm/nouveau/privring: ack interrupts the same way as RM
- drm/nouveau/bios: fix issue shadowing expansion ROMs
- ALSA: doc: Fix reference to mixart.rst (git-fixes).
- ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
- can: c_can: c_can_power_up(): fix error handling (git-fixes).
- commit 6556b1a
- Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347)
- commit afd051d
- Refresh patches.suse/futex-Handle-transient-ownerless-rtmutex-state-corre.patch
  As of patches.suse/0001-locking-futex-Allow-low-level-atomic-operations-to-r.patch
  we need to update the patch such that we set EAGAIN and avoid a warn (albeit benign).
- commit 96704b7
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
- s390/qeth: fix locking for discipline setup / removal
- s390/qeth: fix deadlock during recovery (git-fixes).
- s390/qeth: delay draining the TX buffers (git-fixes).
- commit eca39ca
- s390/cio: fix use-after-free in ccw_device_destroy_console
- commit 2bcefd5
- net/smc: fix sleep bug in smc_pnet_find_roce_resource()
- Refresh
- commit b63038e
- module: delay kobject uevent until after module init call (bsc#1178631).
- Refresh patches.suse/supported-flag.
- commit 0168c1b
- net/smc: cancel event worker during device removal (git-fixes).
- net/smc: check for valid ib_client_data (git-fixes).
- net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
- net/smc: receive returns without data (git-fixes).
- commit 4050493
- Refresh patches.suse/4.4.136-002-powerpc-64s-Clear-PCR-on-boot.patch
  Also clear PCR on POWER9 and in dt_cpu_ftrs.
- commit 6cd712e
- net/mlx5: Fix memory leak on flow table creation error flow
  (bsc#1046305 FATE#322943).
- igc: fix link speed advertising (jsc#SLE-4799).
- commit 37cbcd7
- Refresh
- Delete
  As we don't have upstream commit 6a7e25c7fb48 ("/net/core: Replace driver
  version to be kernel version"/) in our trees, removing driver version
  assignments is wrong. Therefore removed commit and adapted fixes backport.
- commit 226c353
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- commit 0ba69a9
- futex: Handle faults correctly for PI futexes (bsc#1181349
- futex: Simplify fixup_pi_state_owner() (bsc#1181349
- futex: Use pi_state_update_owner() in put_pi_state()
  (bsc#1181349 bsc#1149032).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
  (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349
- futex: Replace pointless printk in fixup_owner() (bsc#1181349
- futex: Ensure the correct return value from futex_lock_pi()
  (bsc#1181349 bsc#1149032).
- futex: Don't enable IRQs unconditionally in put_pi_state()
- locking/futex: Allow low-level atomic operations to return
  - EAGAIN (bsc#1149032).
- commit 058c695
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- commit 786eb3d
- cxgb4: fix the panic caused by non smac rewrite (bsc#1064802
- commit b5006a4
- net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
- commit 3aea956
- net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (git-fixes). - Refresh patches.suse/net-dsa-b53-Rework-ARL-bin-logic.patch.
- commit a432764
- net/liquidio: Delete non-working LIQUIDIO_PACKAGE check
- commit 61efd0a
- net/liquidio: Delete driver version assignment (git-fixes).
- commit 8fe74e2
- net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
- commit c6bce34
- net: atlantic: fix potential error handling (git-fixes).
- commit dbd80e5
- net: atlantic: fix use after free kasan warn (git-fixes).
- commit 038a344
- net: smc911x: Adjust indentation in smc911x_phy_configure
- commit d99da08
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
- commit a3ef2cc
- net/sonic: Add mutual exclusion for accessing shared state
- commit 3796c70
- mlxsw: switchx2: Do not modify cloned SKBs during xmit
- commit 1f71af0
- mlxsw: spectrum: Do not modify cloned SKBs during xmit
- commit 606b6bb
- net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
- commit bd3b5d1
- RDMA/mlx5: Fix wrong free of blue flame register on error
  (bsc#1103991 FATE#326007).
- bnxt_en: Improve stats context resource accounting with RDMA
  driver loaded (bsc#1104745 FATE#325918).
- net/mlx5e: Fix two double free cases (bsc#1046305 FATE#322943).
- chtls: Fix chtls resources release sequence (bsc#1104270
- chtls: Added a check to avoid NULL pointer dereference
  (bsc#1104270 FATE#325931).
- chtls: Replace skb_dequeue with skb_peek (bsc#1104270
- chtls: Remove invalid set_tcb call (bsc#1104270 FATE#325931).
- chtls: Fix hardware tid leak (bsc#1104270 FATE#325931).
- net: hns3: fix the number of queues actually used by ARQ
  (bsc#1104353 FATE#326415).
- net: mvpp2: fix pkt coalescing int-threshold configuration
- tun: fix return value when the number of iovs exceeds
  MAX_SKB_FRAGS (bsc#1109837).
- net: mvpp2: Fix GoP port 3 Networking Complex Control
  configurations (bsc#1098633).
- RDMA/cma: Don't overwrite sgid_attr after device is released
  (bsc#1103992 FATE#326009).
- ixgbe: avoid premature Rx buffer reuse (bsc#1109837
- i40e: avoid premature Rx buffer reuse (bsc#1111981 FATE#326312
- net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113
- chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270
- chelsio/chtls: fix panic during unload reload chtls (bsc#1104270
- bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242
- RDMA/hns: Bugfix for memory window mtpt configuration
  (bsc#1104427 FATE#326416).
- net/mlx5: Add handling of port type in rule deletion
  (bsc#1103991 FATE#326007).
- chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270
- chelsio/chtls: fix memory leaks caused by a race (bsc#1104270
- chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270
- chelsio/chtls: fix deadlock issue (bsc#1104270 FATE#325931).
- cxgb4: set up filter action after rewrites (bsc#1064802
- chelsio/chtls: fix tls record info to user (bsc#1104270
- net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN
  tunnels (bsc#1109837).
- chelsio/chtls: correct function return and return type
  (bsc#1104270 FATE#325931).
- chelsio/chtls: correct netdevice for vlan interface (bsc#1104270
- chelsio/chtls: fix socket lock (bsc#1104270 FATE#325931).
- RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
  (bsc#1103992 FATE#326009).
- RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427
- commit ddb281e
- blacklist.conf: add NFS patches which hurt kabi
- commit f3c5ae2
- nfsd4: readdirplus shouldn't return parent of export
- commit 94a53d9
- net: hns3: fix a wrong reset interrupt status mask (git-fixes).
- commit f402199
- bnxt_en: return proper error codes in bnxt_show_temp
  (bsc#1104745 FATE#325918).
- cxgb4: fix all-mask IP address comparison (bsc#1064802
- IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
  (bsc#1103991 FATE#326007).
- RDMA/core: Ensure security pkey modify is not lost (bsc#1046306
- RDMA/core: Fix pkey and port assignment in get_new_pps
  (bsc#1046306 FATE#322942).
- RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306
- commit fb4b60c
- net: hns3: add compatible handling for command
  HCLGE_OPC_PF_RST_DONE (git-fixes).
- net: hns3: check reset interrupt status when reset fails
- commit 3bdc4a9
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
- net/mlx4_en: Avoid scheduling restart task if it is already
  running (git-fixes).
- cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
- net: ena: set initial DMA width to avoid intel iommu issue
- i40e: Fix removing driver while bare-metal VFs pass traffic
- bnxt_en: Release PCI regions when DMA mask setup fails during
  probe (git-fixes).
- bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
- bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
- RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545
- net: ethernet: mlx4: Avoid assigning a value to ring_cons but
  not used it anymore in mlx4_en_xmit() (git-fixes).
- net: team: fix memory leak in __team_options_register
- net/mlx5e: Fix VLAN create flow (git-fixes).
- net/mlx5e: Fix VLAN cleanup flow (git-fixes).
- team: set dev->needed_headroom in team_setup_by_port()
- bonding: set dev->needed_headroom in bond_setup_by_slave()
- RDMA/core: Fix reported speed and width (bsc#1046306
- RDMA/bnxt_re: Do not report transparent vlan from QP1
  (bsc#1104742 FATE#325917).
- cxgb4: fix thermal zone device registration (bsc#1104279
  FATE#325938 bsc#1104277 FATE#325936).
- bnxt_en: fix HWRM error when querying VF temperature
  (bsc#1104745 FATE#325918).
- bnxt_en: Don't query FW when netif_running() is false
  (bsc#1086282 FATE#324873).
- RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244
- RDMA/core: Fix return error value in _ib_modify_qp() to negative
  (bsc#1103992 FATE#326009).
- RDMA/mlx5: Fix typo in enum name (bsc#1103991 FATE#326007).
- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
  (bsc#1103990 FATE#326006).
- net: hns3: fix a TX timeout issue (bsc#1104353 FATE#326415).
- net: hns3: fix error handling for desc filling (bsc#1104353
- net: hns3: fix for not calculating TX BD send size correctly
- mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
- net: hns3: fix use-after-free when doing self test (bsc#1104353
- net: hns3: add a missing uninit debugfs when unload driver
  (bsc#1104353 FATE#326415).
- cxgb4: move DCB version extern to header file (bsc#1104279
- cxgb4: remove cast when saving IPv4 partial checksum
- cxgb4: fix SGE queue dump destination buffer context
- cxgb4: use correct type for all-mask IP address comparison
  (bsc#1064802 bsc#1066129).
- cxgb4: use unaligned conversion for fetching timestamp
  (bsc#1046540 bsc#1046648).
- xdp: Fix xsk_generic_xmit errno (bsc#1109837).
- net/filter: Permit reading NET in load_bytes_relative when
  MAC not set (bsc#1109837).
- RDMA/mlx5: Add init2init as a modify command (bsc#1103991
- RDMA/hns: Fix cmdq parameter of querying pf timer resource
  (bsc#1104427 FATE#326416 bsc#1126206).
- net_failover: fixed rollback in net_failover_open()
- igb: Report speed and duplex as unknown when device is runtime
  suspended (git-fixes).
- net/mlx5e: IPoIB, Drop multicast packets that this interface
  sent (bsc#1075020).
- ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
  (bsc#1109837 FATE#326322).
- veth: Adjust hard_start offset on redirect XDP frames
- Revert "/crypto: chelsio - Inline single pdu only"/ (git-fixes).
- bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745
- mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set
  in case reload fails (bsc#1112374).
- __netif_receive_skb_core: pass skb by reference (bsc#1109837).
- RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348
- cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled
- cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
- cxgb4: fix large delays in PTP synchronization (bsc#1046540
- qed: Fix use after free in qed_chain_free (bsc#1050536
  FATE#322898 bsc#1050538 FATE#322897).
- qed: Fix race condition between scheduling and destroying
  the slowpath workqueue (bsc#1086314 FATE#324886 bsc#1086313
  FATE#324885 bsc#1086301 FATE#3248881).
- virtio_net: Keep vnet header zeroed if XDP is loaded for small
  buffer (git-fixes).
- net: cbs: Fix software cbs to consider packet sending time
- bnxt_en: Reset rings if ring reservation fails during open()
  (bsc#1086282 FATE#324873).
- cxgb4: fix throughput drop during Tx backpressure (bsc#1127354
- RDMA/core: Fix protection fault in get_pkey_idx_qp_list
  (bsc#1046306 FATE#322942).
- RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348
- net: hns3: add management table after IMP reset (bsc#1104353
- drivers: net: xgene: Fix the order of the arguments of
  'alloc_etherdev_mqs()' (git-fixes).
- cxgb4/cxgb4vf: fix flow control display for auto negotiation
  (bsc#1046540 FATE#322930 bsc#1046542 FATE#322928).
- net: hns3: reallocate SSU' buffer size when pfc_en changes
  (bsc#1104353 FATE#326415).
- net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990
- net: hns3: fix mis-counting IRQ vector numbers issue
  (bsc#1104353 FATE#326415).
- RDMA/hns: bugfix for slab-out-of-bounds when loading hip08
  driver (bsc#1104427 FATE#326416).
- RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08
  driver (bsc#1104427 FATE#326416).
- net_sched: let qdisc_put() accept NULL pointer (bsc#1056657
  FATE#322189 bsc#1056653 FATE#322190 bsc#1056787).
- net: hns3: fix shaper parameter algorithm (bsc#1104353
- net: hns3: fix error VF index when setting VLAN offload
  (bsc#1104353 FATE#326415).
- net: hns3: fix interrupt clearing error for VF (bsc#1104353
- net: hns3: clear reset interrupt status in hclge_irq_handle()
- nfp: validate the return code from dev_queue_xmit() (git-fixes).
- vhost/vsock: fix vhost vsock cid hashing inconsistent
- commit b766aed
- scsi: ibmvfc: Set default timeout to avoid crash during
  migration (bsc#1181425 ltc#188252).
- commit 195b2a9
- blacklist.conf: add c8d647a326f0 xen/pvcallsback: use lateeoi irq binding
- commit 308c42d
- scsi: lpfc: Simplify bool comparison (bsc#1180891).
- scsi: lpfc: Update lpfc version to (bsc#1180891).
- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better
  readability (bsc#1180891).
- scsi: lpfc: Implement health checking when aborting I/O
- scsi: lpfc: Fix vport create logging (bsc#1180891).
- scsi: lpfc: Fix NVMe recovery after mailbox timeout
- scsi: lpfc: Fix target reset failing (bsc#1180891).
- scsi: lpfc: Fix error log messages being logged following SCSI
  task mgnt (bsc#1180891).
- scsi: lpfc: Prevent duplicate requests to unregister with
  cpuhp framework (bsc#1180891).
- scsi: lpfc: Fix FW reset action if I/Os are outstanding
- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS
  requests (bsc#1180891).
- scsi: lpfc: Fix crash when a fabric node is released prematurely
- scsi: lpfc: Refresh ndlp when a new PRLI is received in the
  PRLI issue state (bsc#1180891).
- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT
  for SLI3 (bsc#1180891).
- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
- commit 88024a9
- vfio iommu: Add dma available capability (bsc#1179573
- commit c234a3f
- iio: ad5504: Fix setting power-down state (git-fixes).
- serial: mvebu-uart: fix tx lost characters at power off
- usb: udc: core: Use lock when write to soft_connect (git-fixes).
- i2c: octeon: check correct size of maximum RECV_LEN packet
- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
- drm/atomic: put state on error path (git-fixes).
- ACPI: scan: Make acpi_bus_get_device() clear return pointer
  on error (git-fixes).
- spi: cadence: cache reference clock rate during probe
- ACPI: scan: Harden acpi_device_add() against device ID overflows
- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
- ASoC: dapm: remove widget from dirty list on free (git-fixes).
- ACPI: scan: add stub acpi_create_platform_device() for
  !CONFIG_ACPI (git-fixes).
- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
- commit 4e17252
- blacklist.conf: add CONFIG_PROC_FS=n fix
- commit d506362
- net: vlan: avoid leaks on register_vlan_dev() failures
- commit 588ae15
- s390/dasd: fix list corruption of lcu list (bsc#1181170
- s390/dasd: fix list corruption of pavgroup group list
  (bsc#1181170 LTC#190915).
- s390/dasd: prevent inconsistent LCU device data (bsc#1181170
- commit e73b11c
- s390/smp: perform initial CPU reset also for SMT siblings
- commit 9853cb5
- net/af_iucv: set correct sk_protocol for child sockets
- net/af_iucv: always register net_device notifier (git-fixes).
- commit aebe99b
- net/af_iucv: fix null pointer dereference on shutdown
  (bsc#1179563 LTC#190108).
- commit 0a706d4
- Drop drm/sun4i patches that broke the build
  They don't build properly on 32bit arm config
- commit ef6a2c5
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
- KVM: x86/mmu: Commit zap of remaining invalid pages when
  recovering lpages (bsc#1181230).
- commit 3da333d
- netfilter: ctnetlink: add a range check for l3/l4 protonum
  (CVE-2020-25211 bsc#1176395).
- commit 92230c0
- blacklist.conf: Add a couple of VFIO/PCI and SWIOTLB fixes
- commit 9053ccf
- SUNRPC: cache: ignore timestamp written to 'flush' file
- commit 0eac715
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  (CVE-2020-27673 XSA-332 bsc#1065600).
- Update
  (CVE-2020-27675 XSA-331 bsc#1177410).
- Update
  (CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 77fc141
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770)
  Backporting changes:
  * context changes
- commit 2cc0fa0
- drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178)
  Backporting changes:
  * context changes
- commit 67fea56
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- commit 7b17926
- arm64: pgtable: Ensure dirty bit is preserved across
  pte_wrprotect() (bsc#1180130).
- arm64: pgtable: Fix pte_accessible() (bsc#1180130).
- commit 50f7568
- netfilter: clear skb->next in NF_HOOK_LIST() (bsc#1180765
- commit 979e397
- drm/amdkfd: Put ACPI table after using it (bsc#1129770)
  Backporting changes:
  * context changes
- commit d706a4a
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
  Backporting changes:
  * context changes
  * removed reference to msm_gem_is_locked()
- commit 2473171
- drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
- commit 74c8661
- drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
  Backporting changes:
  * context changes
  * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc
- commit 235aa45
- blacklist.conf: Append 'drm/i915: Clear the repeater bit on HDCP disable'
- commit dd4f37c
- blacklist.conf: Append 'drm/i915: Fix sha_text population code'
- commit 7f2c93c
- drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178)
  Backporting changes:
  * context changes
- commit 3d4aebe
- drm/i915: Fix sha_text population code (bsc#1112178)
  Backporting changes:
  * context changes
- commit b3b6c93
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 5511837
- blacklist.conf: Append 'drm/amd/powerplay: fix a crash when overclocking Vega M'
- commit 17cad3d
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 15580f1
- drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178)
  Backporting changes:
  * context changes
- commit fb51493
- drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
- commit 909795d
- drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
- commit 76afd33
- NFS: nfs_igrab_and_active must first reference the superblock
- pNFS: Mark layout for return if return-on-close was not sent
- net: sunrpc: interpret the return value of kstrtou32 correctly
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
- NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
- lockd: don't use interval-based rebinding over TCP (git-fixes).
- NFSv4.2: condition READDIR's mask for security label based on
  LSM state (git-fixes).
- md/raid10: initialize r10_bio->read_slot before use (git-fixes).
- md: fix a warning caused by a race between concurrent
  md_ioctl()s (git-fixes).
- nfs_common: need lock during iterate through the list
- nfsd: Fix message level for normal termination (git-fixes).
- commit 4d661ca
- Remove patches.suse/nfs-mark-nfsiod-cpu-intensive.patch
  About to get replaced by upstream version.
- commit 7d82450
- tun: correct header offsets in napi frags mode (bsc#1180812
- commit 0ae29aa
- net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
- commit 91e8143
- blacklist.conf: Removal of HMM function breaks KABI
- commit 1cd8ef8
- blacklist.conf: SLUB not enabled in kernel config
- commit 6202d29
- page_frag: Recover from memory pressure (git fixes
- commit 4457ecd
- mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes
- commit 840f046
- blacklist.conf: CMA not enabled in kernel config
- commit 4513c12
- blacklist.conf: CMA not enabled in kernel config
- commit 016b829
- mm/slab: use memzero_explicit() in kzfree() (git fixes
- commit e7d7f67
- Refresh
- commit 2a2a762
- blacklist.conf: SLUB not enabled in kernel config
- commit 1d41e83
- blacklist.conf: SLUB not enabled in kernel config
- commit f29f5d9
- mm/page_alloc: fix watchdog soft lockups during
  set_zone_contiguous() (git fixes (mm/pgalloc)).
- commit d02bb6f
- mm/rmap: map_pte() was not handling private ZONE_DEVICE page
  properly (git fixes (mm/hmm)).
- commit 433e971
- mm: hwpoison: disable memory error handling on 1GB hugepage
  (git fixes (mm/hwpoison)).
- commit 5bd329a
- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
- commit e44aeda
- Move the build fix for g2d driver into patches.suse
  It's actaully no kABI fix but the pure build fix, hence it must be
  out of patches.kabi
- commit 9c47154
- Refresh
  Fixed backport (removed one line too much, d'oh).
- commit 6dc4356
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
- commit 39a2b87
- net: stmmac: Enable 16KB buffer size (git-fixes).
- commit f223efb
- net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
- commit 3ccc81e
- net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
- commit 05ff9e2
- net: stmmac: Do not accept invalid MTU values (git-fixes).
- commit 63ae7fc
- net: usb: lan78xx: Fix error message format specifier (git-fixes).
- commit 3dd5ee1
- caif: no need to check return value of debugfs_create functions (git-fixes).
- commit 4fb5202
- drivers/net: Use octal not symbolic permissions (git-fixes). - Refresh patches.suse/msft-hv-1661-scsi-netvsc-Use-the-vmbus-function-to-calculate-ring.patch. - Refresh patches.suse/msft-hv-1707-hv_netvsc-fix-network-namespace-issues-with-VF-suppo.patch.
- commit e4e6ab9
- net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
- commit 5d03a23
- net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes).
- commit dc3e380
- net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes).
- commit 287fdc5
- Drop uvcvideo patch that doesn't build
- commit 298bbff
- blacklist.conf: remove invalid entry, already backported
- commit a469334
- blacklist.conf: Tables not used currently in-tree
- commit 2aec284
- blacklist.conf: UP not enabled in config
- commit 9b055fe
- blacklist.conf: build fix not relevant in our config
- commit eaf3550
- docs: Fix reST markup when linking to sections (git-fixes).
- commit 2ffe4fe
- blacklist.conf: kABI
- commit 546297f
- powerpc/perf: Fix crashes with generic_compat_pmu & BHRB
  (bsc#1178900 ltc#189284 git-fixes).
- commit 5b292b4
- powerpc/perf: Add generic compat mode pmu driver (bsc#1178900
- powerpc/perf: init pmu from core-book3s (bsc#1178900
- commit 2d3c61b
- x86/resctrl: Don't move a task to the same resource group
- commit 162f4b0
- x86/resctrl: Use an IPI instead of task_work_add() to update
  PQR_ASSOC MSR (bsc#1112178).
- commit 304df7d
- net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
- commit 09d7b00
- net: bcmgenet: reapply manual settings to the PHY (git-fixes).
- commit 7d07690
- net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
- commit d3b5290
- net: phy: micrel: make sure the factory test bit is cleared
- commit 043ec37
- net: stmmac: fix length of PTP clock's name string (git-fixes).
- commit 6c3c8e0
- net: stmmac: gmac4+: Not all Unicast addresses may be available
- commit eac7cd9
- net: ethernet: stmmac: Fix signedness bug in
  ipq806x_gmac_of_parse() (git-fixes).
- commit bff5c88
- net: stmmac: dwmac-meson8b: Fix signedness bug in probe
- commit 84a3dda
- net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
- commit 227f036
- blacklist.conf: update the blacklist
- commit 250ebee
- USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
- usb: gadget: configfs: Preserve function ordering after bind
  failure (git-fixes).
- usb: gadget: select CONFIG_CRC32 (git-fixes).
- usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
- usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
  completion (git-fixes).
- USB: yurex: fix control-URB timeout handling (git-fixes).
- usb: chipidea: ci_hdrc_imx: add missing put_device() call in
  usbmisc_get_init_data() (git-fixes).
- USB: gadget: legacy: fix return error code in acm_ms_bind()
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
  quirk set (git-fixes).
- dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
- dmaengine: xilinx_dma: check dma_async_device_register return
  value (git-fixes).
- Revert "/device property: Keep secondary firmware node secondary
  by type"/ (git-fixes).
- wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
- wil6210: select CONFIG_CRC32 (git-fixes).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
- ALSA: pcm: Clear the full allocated memory at hw_params
- misc: vmw_vmci: fix kernel info-leak by initializing dbells
  in vmci_ctx_get_chkpt_doorbells() (git-fixes).
- media: gp8psk: initialize stats at power control logic
- commit 2f3aec2
- x86/mtrr: Correct the range check before performing MTRR type
  lookups (bsc#1112178).
- commit 0c96651
- x86/mm: Fix leak of pmd ptlock (bsc#1112178).
- commit aeba3ea
- xen: support having only one event pending per watch
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit d884e81
- xen: revert Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 2a4a8da
- xen: revert Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6baf8b8
- xen: revert Support will_handle watch callback (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 3918801
- mm: don't wake kswapd prematurely when watermark boosting is
  disabled (git fixes (mm/vmscan)).
- commit b2e95ac
- xen: revert Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 9d30f4d
- xen: revert Disallow pending watch messages (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit d039881
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
  (bsc#1179509 XSA-350 CVE-2020-29569).
- commit 1aab73c
- xenbus/xenbus_backend: Disallow pending watch messages
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0cdf358
- xen/xenbus: Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit a14bb56
- xen/xenbus/xen_bus_type: Support will_handle watch callback
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 33a4600
- xen/xenbus: Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 5ef1497
- xen/xenbus: Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6f7a44e
- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list
- sched/fair: Fix enqueue_task_fair() warning some more
- sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
- sched/fair: Fix reordering of enqueue/dequeue_task_fair()
- sched/fair: Reorder enqueue/dequeue_task_fair path
- commit 1b239da
- Drop the previous drm/nouveau fix that turned out to be superfluous (CVE-2020-25639 bsc#1176846)
- commit 001c6e5
- Move upstreamed vgacon patch into sorted section
- commit 73d2a02
- drm: bail out of nouveau_channel_new if channel init fails
  (CVE-2020-25639 bsc#1176846).
- commit 55debf7
- btrfs: qgroup: don't try to wait flushing if we're already
  holding a transaction (bsc#1179575).
- commit bda1cb8
- x86/i8259: Use printk_deferred() to prevent deadlock
- commit d166bf5
- Refresh patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch.
  Refresh to v2 URL
- commit 97aafaa
- blacklist.conf: 44623b2818f4 crypto: x86/crc32c - fix building with clang ias
- commit a557330
- x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
- commit 8dd9b08
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
- commit c485186
- scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049,
- commit 3730025
- Refresh
- commit 5851206
- EDAC/amd64: Fix PCI component registration (bsc#1112178).
- commit 522b115
- Refresh patch metadata.
- Refresh patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch.
- commit d7a2a14
- btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
- commit 1d58635
- btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206).
- commit 01c5612
- btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
- Refresh
- btrfs: add a flag to iterate_inodes_from_logical to find all
- btrfs: add a flag to iterate_inodes_from_logical to find all
  extent refs for uncompressed extents (bsc#1174206).
- Refresh
- commit 91f3982
- Added data for 4_12_14-122_57, 4_12_14-122_60, 4_12_14-95_68,
  4_4_121-92_149, 4_4_180-94_138. (bsc#1020320)
- Cherry-picked 3 commits from upstream/factory, for bsc#1179908
  (which addresses CVE-2020-17437, CVE-2020-17438, CVE-2020-13987,
  and CVE-2020-13988), changes include:
  * check for TCP urgent pointer past end of frame
  * check for u8 overflow when processing TCP options
  * check for header length underflow during checksum calculation
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
  * Using the Fernet class to symmetrically encrypt multi gigabyte values
    could result in an integer overflow and buffer overflow.
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Fix double width combining char handling that could lead
  to a segfault [bnc#1182092] [CVE-2021-26937]
  new patch: combchar.diff
- Add sudo-1.8.27-ipa_hostname.patch to fix special handling of
  ipa_hostname that was lost in sudo 1.8.24.
  We now include the long and short hostname in sudo parser container
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED
  option is not set in /etc/ldap.conf
  * [bsc#1176473]
  * Added sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
    From: https://www.sudo.ws/repos/sudo/rev/d1e1bb5a6cc1
- Import commit 4eae068097b42f2fd2a942e637e91ba3c12b37af
  386e85dcd3 core: Fix edge case when processing /proc/self/mountinfo (#7811) (bsc#1180596)
  7be6e949dc udev: create /dev/disk/by-label symlink for LUKS2 (#8998) (bsc#1180885)
  3bce298616 core: fix memory leak on reload (bsc#1180020)
  b24b36d76c journal: do not trigger assertion when journal_file_close() get NULL (bsc#1179824)
  703c08e0ae udev: Fix sound.target dependency (bsc#1179363)
  07dc6d987d rules: enable hardware-related targets also for user instances
  5cfed8b620 scope: on unified, make sure to unwatch all PIDs once they've been moved to the cgroup scope
  2710a4be38 core: serialize u->pids until the processes have been moved to the scope cgroup (bsc#1174436)
  d3b81a8940 core: make sure RequestStop signal is send directed
  bbe11f8400 time-util: treat /etc/localtime missing as UTC (bsc#1141597)