bzip2
- Remove bzip2-faster.patch, it causes a crash with libarchive and
  valgrind points out uninitialized memory. See
  https://github.com/libarchive/libarchive/issues/637#issuecomment-170612576
  Required for bsc#1188891
- Fix basisms in bzgrep and bznew
  * bzip2-1.0.6-fix-bashisms.patch
cloud-regionsrv-client
- Update to version 9.2.0 (bsc#1029162)
  + Support IPv6 as best-effort, with fallback to IPv4
compat-openssl098
- The function X509_CERT_AUX_print() has a bug which may cause a read buffer overrun
  when printing certificate details. A malicious actor could construct a
  certificate to deliberately hit this bug, which may result in a crash of the
  application (causing a Denial of Service attack).
  * CVE-2021-3712
  * bsc#1189521
  * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch
cpio
- Fix segmentation fault caused by a regression (bsc#1189465)
  * fix-CVE-2021-38185_4.patch
- Add another patch to fix regression (bsc#1189465)
  * fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
  * fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
  (CVE-2021-38185, bsc#1189206)
  * fix-CVE-2021-38185.patch
crmsh
- Update to version 4.1.1+git.1625191010.47a3ee14:
  * Dev: crash_test: Add big warnings to have users' attention to potential failover
  * Dev: crash_test: rename preflight_check as crash_test (jsc#SLE-18367 for ECO jsc#SLE-18374)
  * Fix: completers: return complete start/stop resource id list correctly(bsc#1180137)
  * Medium: integrate preflight_check into crmsh
  * Fix: help: show help message from argparse(bsc#1175982)
  * Fix: resource: make untrace consistent with trace (bsc#1187396)
  * Fix: parse: shouldn't allow property setting with an empty value(bsc#1185423)
- Update to version 4.1.0+git.1620355744.c0b5142f:
  * Fix: bootstrap: change StrictHostKeyChecking=no as a constants(bsc#1185437)
  * Dev: bootstrap: disable unnecessary warnings (bsc#1178118)
  * Fix: bootstrap: raise warning when configuring diskless SBD with node's count less than 3(bsc#1181907)
  * Fix: bootstrap: sync corosync.conf before finished joining(bsc#1183359)
  * Fix: bootstrap: parse space in sbd device correctly(bsc#1183883)
  * Fix: bootstrap: get the peer node name correctly (bsc#1183654)
  * Fix: update verion and author (bsc#1183689)
  * Fix: ui_resource: change return code and error to warning for some unharmful actions(bsc#1180332)
  * Fix: ui_configure: raise error when params not exist(bsc#1180126)
csync2
- VUL-1: CVE-2019-15522: csync2: daemon fails to enforce TLS
  (bsc#1147137)
- VUL-1: CVE-2019-15523: csync2: incorrect TLS handshake error handling
  (bsc#1147139)
  Apply upstream patch:
  0001-fail-HELLO-command-when-SSL-is-required.patch
  0002-repeat-gnutls_handshake-call-in-case-of-warnings.patch
curl
- Security fix: [bsc#1188220, CVE-2021-22925]
  * TELNET stack contents disclosure again
  * Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
  * Bad connection reuse due to flawed path name checks
  * Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
  * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
  * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
dbus-1
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049_2.patch
dbus-1-x11
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049_2.patch
dracut
- remove references to INITRD_MODULES (bsc#1187115)
  * add 0627-fix-suse-initrd-remove-references-to-INITRD_MODULES-.patch
fastjar
- Security fix: [bsc#1188517, CVE-2010-2322]
  * Directory traversal vulnerabilities
  * Add fastjar-CVE-2010-2322.patch
fence-agents
- Update to version 4.9.0+git.1624456340.8d746be9:
  * fence_azure_arm: corrections to support Azure SDK >= 15 - including backward compatibility (#415)
  (bsc#1185058)
  * fence_gce: make serviceaccount work with new libraries
  * fence_kubevirt: new fence agent
  * fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs
  * configure: dont fail when --with-agents contains virt
  * fence_mpath: watchdog retries support
  * fencing: add multi plug support for reboot-action
  * fence_redfish: add missing diag logic
  * fencing: fix issue with hardcoded help text length for metadata
  * fence_lindypdu: update metadata
  * fence_lindypdu: new fence agent
  * fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action
  * fence_openstack: code formatting fixes per: https://github.com/ClusterLabs/fence-agents/pull/397#pullrequestreview-634281798
  * Proper try-except for connection exception.
  * Fix CI.
  * Do not wrap as many values.
  * Restore port metadata.
  * Update xml metadata.
  * Use standard logging.
  * Revert change to __all__
  * fence_virt: fix required=1 parameters that used to not be required and add deprecated=1 for old deprecated params
  * Major rework of the original agent:
  * fence_gce: default method moved back to powercycle (#389)
  * fence_aws: add filter parameter to be able to limit which nodes are listed
  * virt: fix a bunch of coverity scan errors in ip_lookup
  * virt: make sure to provide an empty default to strncpy
  * virt: make sure buffers are big enough for 0 byte end string
  * virt: increase buffer size to avoid overruns
  * virt: check return code in virt-sockets
  * virt: fix error code checking
  * virt: fix plugin (minor) memory leak and plug in load race
  * virt: attempt to open file directly and avoid race condition
  * virt: fix different coverity scan errors in common/tcp
  * virt: cleanup deadcode in client/vsock
  * virt: cleanup deadcode in client/tcp
  * virt: fix potential buffer overrun
  * virt: fix mcast coverity scan errors
  * virt: drop pm-fence plugin
  * build: tidy up module sources
  * virt: drop libvirt-qmf plugin
  * virt: drop null plugin
  * build: enable fence_virtd cpg plugin by default
  * virt: drop fence_virtd non-modular build
  * virt: fix plugin installation regression on upgrades
  * build: temporary disable -Wcast-align for some agents
  * build: fix CFLAGS overrides when using clang
  * fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks
  * virt: make sure variable is initialized
  * Drop travis CI
  * Revert "/virt: drop -Werror to avoid unnecessary failures"/
  * zvm: reformat fence_zvm to avoid gcc warnings
  * build: fix make maintainerclean
  * build: remove unnecessary build snippets
  * virt: drop -Werror to avoid unnecessary failures
  * virt: disable -Wunused for yy generated files
  * virt: disable fence-virt on bsd variants
  * virt: merge spec files
  * build: fix more gcc warnings
  * build: remove unused / obsoleted options
  * build: fix some annoying warnings at ./autogen.sh time
  * virt: move all virt CFLAGS/LDFLAGS in the right location
  * virt: fix unused gcc warnings and re-enable all build warnings
  * virt: fix write-strings gcc warnings
  * virt: fix pointer-arith gcc warnings
  * virt: fix declaration-after-statement gcc warnings
  * virt: fix build with -Wmissing-prototypes
  * build: don´t override clean target
  * virt: plug fence_virt into the build
  * virt: allow fence_virt build to be optional
  * virt: drop support for LSB init script
  * virt: collect docs in one location
  * virt: remove unnecessary files and move build macros in place
  * Ignore fence-virt man pages
  * Merge done
  * Move fence_virt to the correct location
  * Start merge
  * spec: use python3 path for newer releases
  * spec: undo autosetup change that breaks builds w/git commit hashes
  * Ignore unknown options on stdin
  * fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available
  * spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
  * fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382)
  * fence_virt: Fix minor typo in metadata
  * fence_gce: update module reqs for SLES 15 (#383)
  * Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus
  * fence_redfish: Add diag action
  * fence_vbox: updated metadata file
  * fence_vbox: do not flood host account with vboxmanage calls
  * fence_aws/fence_gce: allow building without cloud libs
  * fence_gce: default to onoff
  * fence_lpar: Make --managed a required option
  * fence_zvmip: fix shell-timeout when using new disable-timeout parameter
  * Adds service account authentication to GCE fence agent
  * spec: dont build -all subpackage as noarch
  * fence_mpath, fence_scsi: Improve logging for failed res/key get
  * fence_mpath, fence_scsi: Capture stderr in run_cmd()
  * build: depend on config changes to rebuild when running make after running ./configure
  * fence_redfish: Fix typo in help.
  * fence_aws: add support for IMDSv2
  * fence_virt: add plug parameter that obsoletes old port parameter
  * Try to detect directory for initscripts configuration
  * Accept SIGTERM while waiting for initialization.
  * Add man pages to fence_virtd service file.
  * Fix spelling error in fence_virt.conf.5
  * build: fix BRs for suse distros
  * build: remove ExclusiveArch
  * build: removed gcc-c++ BR
  * build: add spec-file and rpm build targets
  * build: cleanup/improvements to reworked build system
  * [build] rework build system to use automake/libtool
  * fence_virtd: Fix segfault in vl_get when no domains are found
  * fence_virt: fix core dump
  * build: harden and make it possible to build with -fPIE
  * fence_virt: dont report success for incorrect parameters
  * fence_virt: mcast: config: Warn when provided mcast addr is not used
  * fence_virtd: Return control to main loop on select interruption
  * fence-virtd: Add missing vsock makefile bits
  * fence-virt: Add vsock support
  * fence_virtd: Fix transposed arguments in startup message
  * fence_virt: Rename challenge functions
  * fence_virtd: Cleanup: remove unused configuration options
  * fence_virt: Remove remaining references to checkpoints
  * fence_virt: Remove remaining references to checkpoints
  * fence-virt: Format string cleanup
  * fence_virtd: Implment hostlist for the cpg backend
  * fence_virt: Fix logic error in fence_xvm
  * fence_virtd: Cleanup config module
  * fence_virtd: cpg: Fail initialization if no hypervisor connections
  * fence_virtd: Make the libvirt backend survive libvirtd restarts
  * fence_virtd: Allow the cpg backend to survive libvirt failures
  * fence_virtd: cpg: Fix typo
  * fence-virtd: Add cpg-virt backend plugin
  * fence_virtd: Remove checkpoint, replace it with a CPG only plugin
  * fence-virt: Bump version
  * fence_virtd: Add better debugging messages for the TCP listner
  * fence_virtd: Fix potential unlocked pthread_cond_timedwait()
  * fence-virtd: Cleanup small memory leak
  * fence_virtd: Fix select logic in listener plugins
  * Factor out common libvirt code so that it can be reused by multiple backends
  * Document the fence_virtd -p command line flag
  * fence_virtd: Log an error when startup fails
  * Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete.
  * Make the packet authentication code more resilient in the face of transient failures.
  * Remove erroneous 'inline'
  * Disable the libvirt-qmf backend by default
  * Bump the versions of the libvirt and checkpoint plugins
  * fence-virtd: Enable TCP listener plugin by default
  * fence-virtd: Cleanup documentation of the TCP listener
  * fence_xvm/fence_virt: Add support for the validate-all status op
  * fence-virt: Add list-status command to man page and metadata
  * fence-virt: Cleanup numeric argument parsing
  * fence-virt: Log message to syslog in addition to stdout/stderr
  * fence-virt: Permit explicitly setting delay to 0
  * fence-virt: Add 'list-status' operation for compat with other agents
  * Fix use of undefined #define
  * Allow fence_virtd to run as non-root
  * Remove delay from the status, monitor and list functions
  * Resolves serveral problems in checkpoint plugin, making it functional.
  * Current implementation of event listener in virt-serial does not support keepalive, it does not generate nor capable to answer to keepalive requests, which causes libvirt connection to disconnect every 30 seconds (interval*timeout in libvirtd.conf). Furthermore, it does not clean up filehandlers and leaves hanging sockets. Also, if other thread opens its own connection to libvirt (i.e. checkpoint.c), event function in virt-serial.c just updates event listener file handler with a wrong one, what causes checkpoint.c malfunctions, fence_virtd hangs and so on. This patch uses default event listener implementation from libvirt and resolves theese problems.
  * daemon_init: Removed PID check and update
  * fence_virtd: drop legacy SysVStartPriority from service unit
  * fence-virt: client: Do not truncate VM domains in list output
  * client: fix "/delay"/ parameter checking (copy-paste)
  * fence-virt: Fix broken restrictions on the port ranges
  * Clarify debug message
  * fence-virtd: Use perror only if the last system call returns an error.
  * fence-virtd: Fix printing wrong system call in perror
  * fence-virtd: Allow multiple hypervisors for the libvirt backend
  * fence-virt: Don't overrwrite saved errno
  * fence-virt: Fix small memory leak in the config module
  * fence-virt: Fix mismatched sizeof in memset call
  * fence-virt: Send complete hostlist info
  * fence-virt: Clarify the path option in serial mode
  * Bump version
  * fence-virt: Bump version
  * fence_virtd: Fix broken systemd service file
  * fence_virt/fence_xvm: Print status when invoked with -o status
  * fence-virt: Fix for missed libvirtd events
  * fence-virt: Fail properly if unable to bind the listener socket
  * client: dump all arguments structure in debug mode
  * Drop executable flag for man pages (finally)
  * Honor implicit "/ip_family=auto"/ in fence_xvm w/IPv6 mult.addr.
  * Fix using bad struct item for auth algorithm
  * Drop executable flag for man pages
  * use bswap_X() instead of b_swapX()
  * fence_virtd: Fix memcpy size params in the TCP plugin
  * Revert "/fence-virt: Fix possible descriptor leak"/
  * fence_virtd: Return success if a domain exists but is already off.
  * fence-virt: Add back missing tcp_listener.h file
  * fence-virt: Fix a few fd leaks
  * fence-virt: Fix free of uninitialized variable
  * fence-virt: Fix possible null pointer dereference
  * fence-virt: Fix memory leak
  * fence-virt: Fix fd leak when finding local addresses
  * fence-virt: Fix possible descriptor leak
  * fence-virt: Fix possible fd leak
  * fence-virt: Fix null pointer deref
  * fence-virt: Explicitly set delay to 0
  * fence-virt: Fix return with lock held
  * fence_virt: Fix typo in fence_virt(8) man page
  * fence_virt: Return failure for nonexistent domains
  * Initial commit
  * Improve fence_virt.conf man page description of 'hash'
  * Add a delay (-w) option.
  * Remove duplicated port struct entry
  * Add a TCP listener plugin for use with viosproxy
  * In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout.
  * Stop linking against unnecessary QPid libs.
  * Update libvirt-qmf plugin and docs
  * Fix crash when we fail to read key file.
  * Fix erroneous man page XML
  * Add 'interface' directive to example.conf
  * Fix build
  * Add old wait_for_backend directive handling & docs
  * Return proper error if we can't set up our socket.
  * Fix startup in systemd environments
  * Add systemd unit file and generation
  * Don't override user's pick for backend server module
  * Use libvirt as default in shipped config
  * Clean up compiler warnings
  * Fix serial domain handling
  * Fix monolithic build
  * Clean up build and comments.
  * Add missing pm_fence source code
  * Disable CMAN / checkpoint build by default
  * Rename libvirt-qpid -> libvirt-qmf
  * Fix static analysis errors
  * Reword assignment to appease static analyzers
  * Handle return value from virDomainGetInfo
  * Fix bad sizeof()
  * Make listen() retry
  * Add map_check on 'status' action
  * Update README
  * Don't reference out-of-scope temporary
  * Ensure we don't try to strdup() or atoi() on NULL
  * Add libvirt-qmf support to the libvirt-qpid plugin
  * Convert libvirt-qpid plugin to QMFv2
  * Fix incorrect return value on hash mismatch
  * Fix error getting status from libvirt-qpid plugin
  * Fix typo that broke multicast plugin
  * Make fence-virt requests endian clean
  * Update TODO
  * Fix input parsing to allow domain again
  * Provide 'domain' in metadata output for compatibility
  * High: Fix UUID lookups in checkpoint backend
  * Curtail 'list' operation requests
  * Fix man page references: fence_virtd.conf -> fence_virt.conf
  * Add 'list' operation for plugins; fix missing getopt line
  * Fix build with newer versions of qpid
  * Make configure.in actually disable plugins
  * Fix metadata output
  * Rename parameters to match other fencing agents
  * Fix fence_xvm man page to point to the right location
  * client: Clarify license in serial.c
  * Return 2 for 'off' like other fencing agents
  * Reset flags before returning from connect_nb
  * Use nonblocking connect to vmchannel sockets
  * More parity with other fencing agents' parameters
  * Fix memory leaks found with valgrind
  * Add basic daemon functions
  * Fix bug in path pruning support for serial plugin
  * Fix libvirt-qpid bugs found while testing
  * Fix segfault caused by invalid map pointer assignment
  * Fix another compiler warning
  * Fix build warnings in client/serial.c
  * Add 'monitor' as an alias for 'status'
  * Add serial listener to configuration utility
  * Make serial/vmchannel module enabled by default
  * Add missing 'metadata' option to help text
  * Add missing static_map.h
  * Add metadata support to fence_xvm/fence_virt
  * Allow IPs to be members of groups
  * Allow use of static mappings w/ mcast listener
  * Make 'path' be a directory
  * Update TODO
  * Remove useless debug printfs
  * Enable VM Channel support in serial plugin
  * Update TODO based on progress
  * Pass source VM UUID (if known) to backend
  * Mirror libvirt-qpid's settings in libvirt-qpid plugin
  * libvirt-qpid: clean up global variable
  * Enable a configurable host/port on libvirt-qpid plugin
  * Minor config utility cleanups
  * Man page cleanups
  * Remove unnecessary name_mode from multicast plugin
  * Add prototypes and clean up build warnings
  * Use seqno in serial requests
  * Minor debugging message cleanup
  * Fix build error due to improper value
  * Static map support and permissions reporting
  * Sync up on SERIAL_MAGIC while waiting for a response
  * Don't build serial vmchannel module by default
  * Update TODO
  * Initial checkin of serial server-side support
  * Fix fence_virt.conf man page name
  * Add Fedora init script
  * Compiler warning cleanups in virt-serial.c
  * Add wait-for-backend mode
  * Fix up help text for clients
  * Minor XML cleanups, add missing free() call
  * add missing module_path to fence_virtd.conf.5
  * Add capabilities to virt-serial
  * Note that serial support is experimental
  * Add a serial.so build target
  * Add vmchannel serial event interface
  * Split fence_virt vs. fence_xvm args
  * Add static map functions.
  * Fix build warning due to missing #include
  * Fix multiple query code
  * Better config query & multiple value/tag support
  * Add simple configuration mode
  * Add missing man pages
  * More minor config cleanups
  * Allow setting config values to NULL to clear them
  * Clean up example config file
  * Sort plugins by type when printing them
  * Revert "/Sort plugins by type when printing them"/
  * Sort plugins by type when printing them
  * Clean up some configuration plugin information
  * add empty line between names
  * Make libvirt to automatically use uuid or names
  * Improve error reporting
  * Fix build for hostlist functionality
  * Hostlist functionality for libvirt, libvirt-qpid
  * Update TODO
  * Work around broken nspr headers
  * Fix installation target for man pages
  * Fix default build script
  * Add man page build infrastructure
  * Initial commit of fence_virt & fence_xvm man pages
  * Make fence_xvm compatibility mode enabled by default
  * Fix libvirt / mcast support for name_mode
  * Fix agent option parsing
  * Fix dlsym mapping of C++ module
  * Make uuids work with libvirt-qpid
  * Fix uninitialized variable causing false returns
  * Update monolithic build
  * Fix linking problem
  * Add 'help' to fence_virtd
  * Fix libvirt-qpid build
  * Make 'reboot' work
  * Fix libvirt-qpid build
  * Add libvirt-qpid build target
  * Initial checking of libvirt-qpid plugin
  * Fix build on i686
  * Make symlink/compatibilty mode disabled by default
  * Add simple tarball / release script
  * Update TODO and requirements file
  * Update TODO
  * Use immediate resolution of symbols
  * Example config tweaks
  * Use sysconfdir for /etc/fence_virt.conf
  * Fix package name and install locations
  * Fix daemon return code
  * Add 'maintainer-clean' target
  * Fix build errors on Fedora
  * Add missing header file
  * Ignore automake error
  * Add missing COPYING file; update TODO
  * Make the build script actually build
  * Make cluster mode plugin work
  * Add basic cpg stuff for later
  * Enable 'on' operation for libvirt backend
  * Clean up modular build
  * Minor build cleanups
  * Yet more build fixes
  * More build cleanups
  * Build cleanups
  * Initial port to autoconf
  * Add checkpoint.c stub functions
  * Add sequence numbers to requests for tracking
  * Include missing include
  * Call generic history functions
  * Make history functions generic
  * Make debugging work from modules again
  * Revert "/Fix build issue breaking debug printing from modules"/
  * Fix build issue breaking debug printing from modules
  * Fix libvirt backend; VALIDATE was wrong
  * Cleanups, add daemon support
  * Add simple 'null' skeleton backend plugin
  * Make all plugins dynamically loaded.
  * Fix error message
  * Remove dummy serial prototypes
  * Remove modules in 'make clean'
  * Make listeners plugins.
  * Fix whitespace
  * Move name_mode to fence_virtd block
  * Add name_mode to example.conf
  * Move VM naming scheme to top level of config
  * Fix bad assignment due to wrong variable
  * Fix use of wrong variable
  * Revert "/Fix use of wrong variable"/
  * Fix use of wrong variable
  * Enable UUID use in libvirt.c
  * Add missing log.c.  Enable syslog wrapping
  * Move options.c to client directory
  * Fix context type names
  * Minor cleanup
  * Drop duplicate fencing requests
  * Don't require specifying an interface in fence_virt.conf
  * Fix empty node parsing
  * Fix segfault
  * Fix install targets
  * Actually use the default port by default
  * Don't overwrite config files
  * Install modules, too.
  * Fix config file name
  * Add temporary 'make install' target
  * Make a default configuration file
  * Make mcast work with UUIDs
  * Update TODO
  * Remove useless prototype
  * Update todo
  * Add checkpoint.so to the build
  * Fix missing carriage returns on debug prints
  * Add architecture overview description
  * Make serial_init match mcast_init.
  * Make multicast use config file
  * Integrate config file processing
  * Create server-side plugin architecture
  * Remove bad list_do/list_done macros
  * Make libvirt a built-in plugin
  * Update description text.
  * Fix header in serial.c.
  * serial: Make client work.
- remove patch contained by the update:
  - 0001-Adds-service-account-authentication-to-GCE-fence-age.patch
  (jsc#SLE-18227) ECO: Update fence-agents
  (jsc#SLE-18200) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
  (jsc#SLE-18202) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
file
- Add temporary patch CVE-2019-18218-46a8443f.patch from upstream
  to fix bsc#1154661 -- heap-based buffer overflow in cdf_read_property_info in cdf.c
  as well as bsc#1189093
glibc
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- iconv-option-parsing.patch: Rewrite iconv option parsing
  (CVE-2016-10228, bsc#1027496, BZ #19519)
- force-elision-race.patch: Fix race in pthread_mutex_lock while promoting
  to PTHREAD_MUTEX_ELISION_NP (bsc#1131330, BZ #23275)
kernel-default
- blacklist.conf: update blacklist
- commit da3bee6
- net: broadcom CNIC: requires MMU (git-fixes).
- commit 7a9b304
- can: sun4i_can: sun4i_can_err(): don't count arbitration lose
  as an error (git-fixes).
- commit f2b9a85
- can: sja1000: sja1000_err(): don't count arbitration lose as
  an error (git-fixes).
- commit 8d35272
- net/mlx5: Disable QoS when min_rates on all VFs are zero
  (git-fixes).
- commit 63457bc
- mlxsw: core: Use variable timeout for EMAD retries (git-fixes).
- commit efdff69
- net: b44: fix error return code in b44_init_one() (git-fixes).
- commit b53c730
- qlcnic: fix error return code in qlcnic_83xx_restart_hw()
  (git-fixes).
- commit b0364c3
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- commit 07885d5
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- commit 49966d6
- cosa: Add missing kfree in error path of cosa_write (git-fixes).
- commit fdb8784
- workqueue: fix UAF in pwq_unbound_release_workfn()
  (bsc#1188973).
- commit 09deb72
- can: esd_usb2: fix memory leak (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma
  initialization (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- nfc: nfcsim: fix use after free during module unload
  (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
  (git-fixes).
- commit 54b9891
- powerpc/security: Fix link stack flush instruction (bsc#1188885
  ltc#193722).
- commit d179798
- series.conf: Move kABI patches to kABI section.
- commit 184c027
- powerpc/64s: Move branch cache flushing bcctr variant to
  ppc-ops.h (bsc#1188885 ltc#193722).
- commit 8982c96
- powerpc/security: Allow for processors that flush the link
  stack using the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code
  patching (bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more
  consistent (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush
  type enum (bsc#1188885 ltc#193722).
- Delete patches.suse/powerpc-add-link-stack-flush-mitigation-in-debugfs.patch
- replaced with upstream security mitigation cleanup
- powerpc/security: re-name count cache flush to branch cache
  flush (bsc#1188885 ltc#193722).
- commit 109b093
- powerpc/pesries: Get STF barrier requirement from
  H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg
  (bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (bsc#1188885 ltc#193722).
- powerpc/pseries: add new branch prediction security bits for
  link stack (bsc#1188885 ltc#193722).
- commit 661ddc3
- Update patch-mainline and git-commit tags
  Refresh:
  - patches.suse/netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch
  - patches.suse/netfilter-conntrack-improve-RST-handling-when-tuple-.patch
- commit b6e4fe6
- rpm/kernel-binary.spec.in: Fix merge.
- commit 2a4b53c
- net: mac802154: Fix general protection fault (CVE-2021-3659
  bsc#1188876).
- commit c0396b9
- watchdog: iTCO_wdt: Account for rebooting on second timeout
  (git-fixes).
- watchdog: Fix possible use-after-free by calling
  del_timer_sync() (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in
  wdt_turnoff() (git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup()
  (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan
  (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
  (git-fixes).
- commit 210bf3c
- virtio_console: Assure used length from device is limited
  (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error
  handling path (git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division
  or modulo by zero (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- ssb: sdio: Don't overwrite const buffer if block_write fails
  (git-fixes).
- spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
  (git-fixes).
- spi: omap-100k: Fix the length judgment problem (git-fixes).
- spi: spi-topcliff-pch: Fix potential double free in
  pch_spi_process_messages() (git-fixes).
- spi: Make of_register_spi_device also set the fwnode
  (git-fixes).
- regulator: da9052: Ensure enough delay time for
  .set_voltage_time_sel (git-fixes).
- commit cfd7baa
- pwm: spear: Don't modify HW state in .remove callback
  (git-fixes).
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
  (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- platform/x86: toshiba_acpi: Fix missing error code in
  toshiba_acpi_setup_keyboard() (git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
  (git-fixes).
- mmc: via-sdmmc: add a check against NULL pointer dereference
  (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if
  supported (git-fixes).
- commit 88e79c8
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
  (git-fixes).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- media: siano: fix device register error path (git-fixes).
- media: dvb_net: avoid speculation from net slot (git-fixes).
- media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
- media: st-hva: Fix potential NULL pointer dereferences
  (git-fixes).
- media: bt8xx: Fix a missing check bug in bt878_probe
  (git-fixes).
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
  (git-fixes).
- media: em28xx: Fix possible memory leak of em28xx struct
  (git-fixes).
- commit cd44d27
- drm/radeon: Add the missed drm_gem_object_put() in
  radeon_user_framebuffer_create() (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync
  (git-fixes).
- lib/decompress_unlz4.c: correctly handle zero-padding around
  initrds (git-fixes).
- drm/amd/amdgpu/sriov disable all ip hw status by default
  (git-fixes).
- iwlwifi: mvm: don't change band on bound PHY contexts
  (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- HID: wacom: Correct base usage for capacitive ExpressKey status
  bits (git-fixes).
- media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
- media: cobalt: fix race condition in setting HPD (git-fixes).
- media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
- commit a688411
- ASoC: soc-core: Fix the error return code in
  snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: tegra: Set driver_name=tegra for all machine drivers
  (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue
  for qca btsoc (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed
  or cancelled (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table
  (git-fixes).
- ath9k: Fix kernel NULL pointer dereference during
  ath_reset_internal() (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- commit 4d1c7b6
- drm/panel: raspberrypi-touchscreen: Prevent double-free
  (git-fixes).
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe()
  (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements
  (git-fixes).
- ACPI: bus: Call kobject_put() in acpi_init() error path
  (git-fixes).
- ACPI: processor idle: Fix up C-state latency if not ordered
  (git-fixes).
- commit 1974a9a
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
  (git-fixes).
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family
  (git-fixes).
- Revert "/USB: quirks: ignore remote wake-up on Fibocom L850-GL
  LTE modem"/ (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
  (git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
  (git-fixes).
- xhci: Fix lost USB 2 remote wake (git-fixes).
- commit 9dc903c
- usb: hub: Disable USB 3 device initiated lpm if exit latency
  is too high (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- media: ngene: Fix out-of-bounds bug in
  ngene_command_config_free_buf() (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- dma-buf/sync_file: Don't leak fences on merge failure
  (git-fixes).
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
  (git-fixes).
- USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- commit 3916e82
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6
  (bsc#1185377).
- commit 6f8f910
- Update
  patches.suse/l2tp-ensure-sessions-are-freed-after-their-PPPOL2TP-.patch
  references (add CVE-2020-0429 bsc#1176724).
- Update
  patches.suse/l2tp-fix-race-between-l2tp_session_delete-and-l2tp_t.patch
  references (add CVE-2020-0429 bsc#1176724).
- commit b29ebd9
- use 3.0 SPDX identifier in rpm License tags
  As requested by Maintenance, change rpm License tags from "/GPL-2.0"/
  (SPDX 2.0) to "/GPL-2.0-only"/ (SPDX 3.0) so that their scripts do not have
  to adjust the tags with each maintenance update submission.
- commit f888e0b
- cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting
  cifs_sb->prepath (git-fixes).
- commit 374d8af
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
  CVE-2021-37576).
- commit 50c1fab
- cifs: Return correct error code from smb2_get_enc_key
  (git-fixes).
- commit 5f88df6
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- commit 7d8f8a2
- cifs: fix interrupted close commands (git-fixes).
- commit b8af0ed
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (git-fixes).
- commit 9b861a7
- cifs: Fix preauth hash corruption (git-fixes).
- commit 4b534bf
- ceph: don't WARN if we're still opening a session to an MDS
  (bsc#1188750).
- commit 16bdea5
- blacklist.conf: drop SHA1 for commit that has been applied already
- commit 6c2921f
- ibmvnic: retry reset if there are no other resets (bsc#1184350
  ltc#191533).
- Delete patches.suse/ibmvnic-Continue-with-reset-if-set-link-down-failed.patch
- replaced with above upstream fix.
- commit af4231e
- uuid: Add inline helpers to import / export UUIDs (FATE#326628,
  bsc#1113295, git-fixes).
- commit a73070e
- Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch
  (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-parenthesize-a-check.patch
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes
  bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch
  (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221).
- commit a05390d
- Update
  patches.suse/Bluetooth-Fix-slab-out-of-bounds-read-in-hci_extende.patch
  (bsc#1111666, bsc#1187038, CVE-2020-36386).
- Update
  patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch
  (bsc#1186463, CVE-2021-0129, CVE-2020-26558).
- Update
  patches.suse/PCI-rpadlpar-Fix-potential-drc_name-corruption-in-st.patch
  (bsc#1183416, ltc#191079, bsc#1184198, CVE-2021-28972).
- Update
  patches.suse/ext4-check-journal-inode-extents-more-carefully.patch
  (bsc#1173485, bsc#1183509, CVE-2021-3428).
- Update
  patches.suse/usbip-fix-stub_dev-usbip_sockfd_store-races-leading-.patch
  (bsc#1184167, CVE-2021-29265).
- commit 9d15825
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- commit 3e9f472
- blacklist.conf: build dependency fix we already meet
- commit 60116f2
- blacklist.conf: cosmetic fix
- commit 5e8b700
- crypto: do not free algorithm before using (git-fixes).
- commit 5d844b7
- blacklist.conf: add 1139aeb1c521eb4a050920ce6c64c36c4f2a3ab7 due to kABI breakage
- commit 96f58e8
- blacklist.conf: unsupported architecture
- commit d46783d
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
  (git-fixes).
- commit 1717144
- USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
- commit 0bc0188
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- commit bdc0f66
- blacklist.conf: regressions on old firmware
- commit 237c064
- xen-pciback: reconfigure also from backend watch handler
  (git-fixes).
- commit 9c368c1
- scsi: fc: Add 256GBit speed setting to SCSI FC transport
  (bsc#1188101).
- commit ff563e0
- KVM: do not allow mapping valid but non-reference-counted pages
  (bsc#1186482, CVE-2021-22543).
- KVM: Use kvm_pfn_t for local PFN variable in
  hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543).
- KVM: do not assume PTE is writable after follow_pfn
  (bsc#1186482, CVE-2021-22543).
- kvm: Map PFN-type memory regions as writable (if possible)
  (bsc#1186482, CVE-2021-22543).
- commit 9c4f9b4
- KVM: do not allow mapping valid but non-reference-counted pages
  (bsc#1186482, CVE-2021-22543).
- KVM: Use kvm_pfn_t for local PFN variable in
  hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543).
- KVM: do not assume PTE is writable after follow_pfn
  (bsc#1186482, CVE-2021-22543).
- kvm: Map PFN-type memory regions as writable (if possible)
  (bsc#1186482, CVE-2021-22543).
- commit f5f8f06
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API
  (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: Fix an error handling path in 'gve_probe()' (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset
  (bsc#1176940).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: Correct SKB queue index validation (bsc#1176940).
- gve: Upgrade memory barrier in poll routine (bsc#1176940).
- gve: Add NULL pointer checks when freeing irqs (bsc#1176940).
- gve: Update mgmt_msix_idx if num_ntfy changes (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- gve: Add support for raw addressing in the tx path
  (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Add support for raw addressing to the rx path
  (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Replace zero-length array with flexible-array member
  (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Use link status register to report link status
  (bsc#1176940).
- gve: Batch AQ commands for creating and destroying queues
  (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
  (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Add stats for gve (bsc#1176940).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- net: Google gve: Remove dma_wmb() before ringing doorbell
  (bsc#1176940).
- gve: Fix the queue page list allocated pages count
  (bsc#1176940).
- gve: fix dma sync bug where not all pages synced (bsc#1176940).
- commit b6be8ac
- net/mlx5: Query PPS pin operational status before registering it
  (git-fixes).
- commit 6048180
- net/mlx5: Verify Hardware supports requested ptp function on
  a given pin (git-fixes).
- commit c94c93b
- blacklist.conf: drop wrongly added commit from the list
- commit 0e82be0
- blacklist.conf: update blacklist
- commit 47f8e8c
- Update seq_file fix to the upstreamed one and moved into sorted section (bsc#1188062, CVE-2021-33909).
- commit 175d85f
- gve: Add basic driver framework for Compute Engine Virtual NIC
  (jsc#SLE-10538).
- gve: Add ethtool support (jsc#SLE-10538).
- gve: Add workqueue and reset support (jsc#SLE-10538).
- gve: Copy and paste bug in gve_get_stats() (jsc#SLE-10538).
- gve: Fix case where desc_cnt and data_cnt can get out of sync
  (jsc#SLE-10538).
- gve: Fix error return code in gve_alloc_qpls() (jsc#SLE-10538).
- gve: Fix u64_stats_sync to initialize start (jsc#SLE-10538).
- gve: Fixes DMA synchronization (jsc#SLE-10538).
- gve: Remove the exporting of gve_probe (jsc#SLE-10538).
- gve: fix -ENOMEM null check on a page allocation
  (jsc#SLE-10538).
- gve: fix unused variable/label warnings (jsc#SLE-10538).
- gve: replace kfree with kvfree (jsc#SLE-10538).
  Replaced single commit gve driver add commit with all its upstream commits.
  This is done in a single commit to keep bisectability.
- commit bce4ed6
- usbip: vudc: fix missing unlock on error in usbip_sockfd_store()
  (git-fixes).
- commit 32d27e5
- usbip: Fix incorrect double assignment to udc->ud.tcp_rx
  (git-fixes).
- commit 8778c79
- blacklist.conf: blacklist macsonic ethernet driver
- commit 348ef52
- blacklist.conf: cleanup only
- commit ccff10d
- blacklist.conf: cleanup
- commit 4ec39ee
- usbip: vudc synchronize sysfs code paths (git-fixes).
- commit 6c7af9d
- powerpc/papr_scm: Properly handle UUID types and API
  (FATE#326628, bsc#1113295, git-fixes).
- powerpc/pseries/scm: Use a specific endian format for storing
  uuid from the device tree (FATE#326628, bsc#1113295, git-fixes).
- commit 0668ee0
- usbip: fix vudc usbip_sockfd_store races leading to gpf
  (git-fixes).
- blacklist.conf: needed for infrastructure
- commit a2558d1
- USB: move many drivers to use DEVICE_ATTR_WO (git-fixes).
- Refresh
  patches.suse/usb-udc-core-Use-lock-when-write-to-soft_connect.patch.
- Refresh
  patches.suse/usbip-add-sysfs_lock-to-synchronize-sysfs-code-paths.patch.
- Refresh
  patches.suse/usbip-stub-dev-synchronize-sysfs-code-paths.patch.
- Refresh
  patches.suse/usbip-vhci_sysfs-fix-potential-Spectre-v1.patch.
- commit 5d7caad
- blacklist.conf: made obsolete by other patch
- commit 6537e96
- PCI: quirks: fix false kABI positive (git-fixes).
- commit cd613d3
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- commit 23864e6
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- commit c8e485d
- tracing: Do not reference char * as a string in histograms
  (git-fixes).
- commit 60c5067
- blacklist.conf: no bug fix and breks kABI
- commit 04fd2cb
- blacklist.conf: no bug fix and breaks kABI
- commit 45457ab
- blacklist.conf: designed to break kABI
- commit 7a73b3f
- blacklist.conf: designed to break kABI
- commit 88264d0
- blacklist.conf: designed to break kABI
- commit 818518f
- blacklist.conf: designed to break kABI
- commit ea8d798
- kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit
  (git-fixes).
- commit c531ee5
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646).
- commit 9645e6a
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509).
- Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch
  (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509).
- commit 1253e46
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
  (boo#1184804).
- commit 5b51131
- blacklist.conf: update blacklist
- commit d956375
- net: usb: fix possible use-after-free in smsc75xx_bind
  (git-fixes).
- commit c282bc3
- scsi: smartpqi: create module parameters for LUN reset
  (bsc#1179195).
- commit 6b59a5f
- blacklist.conf: update blacklist
- commit 2bed29b
- cxgb4: fix wrong shift (git-fixes).
- commit bb3605d
- netfilter: x_tables: fix compat match/target pad out-of-bound
  write (CVE-2021-22555 bsc#1188116).
- commit 62f1359
- blacklist.conf: update blacklist
- commit e9dee07
- blacklist.conf: not relevant in configurations used before SP3
- commit 33aa137
- blacklist.conf: breaks kAPI semantics in an unacceptable way
- commit 6e7dabc
- blacklist.conf: breaks kAPI semantics in an unacceptable way
- commit 9d439a4
- blacklist.conf: breaks kAPI semantics in an unacceptable way
- commit 08c4801
- blacklist.conf: breaks kAPI semantics in an unacceptable way
- commit fb320aa
- blacklist.conf: breaks kAPI semantics in an unacceptable way
- commit 93a14b7
- blacklist.conf: breaks kAPI semantics in an unacceptable way
- commit fc9d079
- blacklist.conf: breaks kAPI in an unacceptable way
- commit c961ff8
- blacklist.conf: breaks kABI
- commit c3a0404
- blacklist.conf: this is a change to the kernel build process, whose
  requirement are set in the RPM script. No need for a change.
- commit 2cf08df
- blacklist.conf: just a cleanup
- commit 8d01d16
- blacklist.conf: not relevant in our config
- commit c106caa
- crypto: cavium/nitrox - Fix an error rhandling path in
  'nitrox_probe()' (git-fixes).
- commit f619086
- Revert "/USB: cdc-acm: fix rounding error in TIOCSSERIAL"/
  (git-fixes).
- commit 43945da
- fuse: reject internal errno (bsc#1188274).
- fuse: check connected before queueing on fpq->io (bsc#1188273).
- commit 25bf928
- serial: mvebu-uart: do not allow changing baudrate when uartclk
  is not available (git-fixes).
- serial: mvebu-uart: fix calculation of clock divisor
  (git-fixes).
- arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode
  (git-fixes).
- arm64/mm: Fix ttbr0 values stored in struct thread_info for
  software-pan (git-fixes).
- netsec: restore phy power state after controller reset
  (git-fixes).
- serial: mvebu-uart: clarify the baud rate derivation
  (git-fixes).
- commit 6e4a5b0
- reset: bail if try_module_get() fails (git-fixes).
- memory: fsl_ifc: fix leak of private memory on probe failure
  (git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure
  (git-fixes).
- memory: atmel-ebi: add missing of_node_put for loop iteration
  (git-fixes).
- reset: a10sr: add missing of_match_table reference (git-fixes).
- ALSA: isa: Fix error return code in snd_cmi8330_probe()
  (git-fixes).
- memory: gpmc: fix out of bounds read and dereference on
  gpmc_cs[] (git-fixes).
- reset: sti: reset-syscfg: fix struct description warnings
  (git-fixes).
- commit a0955f5
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308).
- x86/kvm: Disable all PV features on crash (bsc#1185308).
- refresh patches.suse/0001-kvm-Introduce-nopvspin-kernel-parameter.patch
- x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
- x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
- x86/kvm: Fix pr_info() for async PF setup/teardown
  (bsc#1185308).
- commit e66df2d
- rpm/kernel-binary.spec.in: Remove zdebug define used only once.
- commit 85a9fc2
- kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042).
- commit 7f97df2
- seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909).
- commit c848c42
- nvme: verify MNAN value if ANA is enabled (bsc#1185791).
- commit 9a1a0a6
- lpfc: Decouple port_template and vport_template (bsc#1185032).
- commit e38948f
- watchdog: aspeed: fix hardware timeout calculation (git-fixes).
- watchdog: sp805: Fix kernel doc description (git-fixes).
- char: pcmcia: error out if 'num_bytes_read' is greater than
  4 in set_protocol() (git-fixes).
- commit 9659505
- iio: adc: mxs-lradc: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion
  (git-fixes).
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
  (git-fixes).
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1}
  and PS_DATA as volatile, too (git-fixes).
- staging: gdm724x: check for overflow in gdm_lte_netif_rx()
  (git-fixes).
- staging: gdm724x: check for buffer overflow in
  gdm_lte_multi_sdu_pkt() (git-fixes).
- iio: potentiostat: lmp91000: Fix alignment of buffer in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- extcon: max8997: Add missing modalias string (git-fixes).
- extcon: sm5502: Drop invalid register write in sm5502_reg_data
  (git-fixes).
- fpga: stratix10-soc: Add missing fpga_mgr_free() call
  (git-fixes).
- commit 60b118d
- iio: light: tcs3414: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: isl29125: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: pulsed-light: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: humidity: am2315: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: gyro: bmg160: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: vf610: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads1015: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8ba50: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8312: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: kxcjk-1013: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- commit d470e5b
- serial: mvebu-uart: correctly calculate minimal possible
  baudrate (git-fixes).
- iio: accel: hid: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma220: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma180: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adis_buffer: do not return ints in irq handlers
  (git-fixes).
- mmc: sdhci: Fix warning message when accessing RPMB in HS400
  mode (git-fixes).
- mmc: core: clear flags before allowing to retune (git-fixes).
- Input: hil_kbd - fix error return code in hil_dev_connect()
  (git-fixes).
- Input: usbtouchscreen - fix control-request directions
  (git-fixes).
- commit 7219463
- usb: typec: Add the missed altmode_id_remove() in
  typec_register_altmode() (git-fixes).
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
  (git-fixes).
- tty: nozomi: Fix a resource leak in an error handling function
  (git-fixes).
- leds: ktd2692: Fix an error handling path (git-fixes).
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error
  in hi6210_i2s_startup() (git-fixes).
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
  (git-fixes).
- Revert "/ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"/
  (git-fixes).
- leds: trigger: fix potential deadlock with libata (git-fixes).
- commit 6fb682e
- mwifiex: re-fix for unaligned accesses (git-fixes).
- lib/decompressors: remove set but not used variabled 'level'
  (git-fixes).
- drm: qxl: ensure surf.data is ininitialized (git-fixes).
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare()
  on error in cdn_dp_grf_write() (git-fixes).
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
  (git-fixes).
- ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
- brcmsmac: mac80211_if: Fix a resource leak in an error handling
  path (git-fixes).
- brcmfmac: correctly report average RSSI in station info
  (git-fixes).
- brcmfmac: fix setting of station info chains bitmask
  (git-fixes).
- commit 3649d5b
- gve: Fix swapped vars when fetching max queues (git-fixes).
- can: peak_pciefd: pucan_handle_status(): fix a potential
  starvation issue in TX path (git-fixes).
- can: gw: synchronize rcu operations before removing gw job entry
  (git-fixes).
- can: hi311x: hi3110_can_probe(): silence clang warning
  (git-fixes).
- drm/radeon: wait for moving fence after pinning (git-fixes).
- drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
- cfg80211: call cfg80211_leave_ocb when switching away from OCB
  (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- commit e686f08
- mac80211: remove iwlwifi specific workaround NDPs of
  null_response (git-fixes).
- wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
  (git-fixes).
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- mac80211: remove warning in ieee80211_get_sband() (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum
  (git-fixes).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure
  (git-fixes).
- commit 956f2da
- wireless: carl9170: fix LEDS build errors & warnings
  (git-fixes).
- ACPI: property: Constify stubs for CONFIG_ACPI=n case
  (git-fixes).
- ACPI: sysfs: Fix a buffer overrun problem with
  description_show() (git-fixes).
- media: siano: Fix out-of-bounds warnings in
  smscore_load_firmware_family2() (git-fixes).
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
  (git-fixes).
- hwmon: (max31790) Fix fan speed reporting for fan7..12
  (git-fixes).
- hwmon: (max31722) Remove non-standard ACPI device IDs
  (git-fixes).
- ata: ahci_sunxi: Disable DIPM (git-fixes).
- Revert "/hwmon: (lm80) fix a missing check of bus read in lm80
  probe"/ (git-fixes).
- commit d27756f
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: gspca/sunplus: fix zero-length control requests
  (git-fixes).
- media: gspca/gl860: fix zero-length control requests
  (git-fixes).
- media: gspca/sq905: fix control-request direction (git-fixes).
- media: dtv5100: fix control-request directions (git-fixes).
- media: zr364xx: fix memory leak in zr364xx_start_readpipe
  (git-fixes).
- media: tc358743: Fix error return code in tc358743_probe_of()
  (git-fixes).
- media: exynos4-is: Fix a use after free in isp_video_release
  (git-fixes).
- media: dvb-usb: fix wrong definition (git-fixes).
- media: I2C: change 'RST' to "/RSET"/ to fix multiple build errors
  (git-fixes).
- commit a5bb7a3
- spi: tegra114: Fix an error message (git-fixes).
- spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
- mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
- mmc: vub3000: fix control-request direction (git-fixes).
- mmc: usdhi6rol0: fix error return code in usdhi6_probe()
  (git-fixes).
- mmc: block: Disable CMDQ on the ioctl path (git-fixes).
- i2c: robotfuzz-osif: fix control-request directions (git-fixes).
- Revert "/PCI: PM: Do not read power state in
  pci_enable_device_flags()"/ (git-fixes).
- commit 61860fd
- scsi: qedf: Do not put host in qedf_vport_create()
  unconditionally (bsc#1170511).
- commit 95ece30
- kernel-binary.spec: Fix up usrmerge for non-modular kernels.
- commit d718cd9
- can: bcm: delay release of struct bcm_op after synchronize_rcu()
  (CVE-2021-3609 bsc#1187215).
- commit 36fe7da
- Input: joydev - prevent use of not validated data in
  JSIOCSBTNMAP ioctl (CVE-2021-3612 bsc#1187585).
- commit 9a29b89
- can: flexcan: disable completely the ECC mechanism (git-fixes).
- commit 2f7ce28
- net: caif: Fix debugfs on 64-bit platforms (git-fixes).
- commit 7404e3b
- net: stmmac: Correctly take timestamp for PTPv2 (git-fixes).
- commit d9e22e0
- net: dsa: qca8k: Use up to 7 ports for all operations
  (git-fixes).
- commit 3231548
- can: xilinx_can: xcan_chip_start(): fix failure with invalid
  bus (git-fixes).
- commit 288b5af
- mlxsw: spectrum: Do not process learned records with a dummy
  FID (git-fixes).
- commit 9debec9
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010).
- commit 3ab3555
- blacklist.conf: 1e886090cefe docs: admin-guide: update description for kernel.hotplug sysctl
- commit 6f6371b
- crypto: ccp - Fix a resource leak in an error handling path
  (12sp5).
- commit 41961a0
- blacklist.conf: 89f5f8fb5bf4 EDAC/thunderx: Remove irrelevant variable from error messages
- commit 7bb138a
- Drop patches.suse/scsi-qla2xxx-Make-sure-that-aborted-commands-are-fre.patch
  The commit has been reverted upstream. Drop the patch and update the
  blacklist.conf accordingly.
- commit 604745c
- cgroup1: don't allow 'n' in renaming (bsc#1187972).
- commit 54068c8
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
  bsc#1185486).
- commit 1af7517
- kernel-binary.spec: Remove obsolete and wrong comment
  mkmakefile is repleced by echo on newer kernel
- commit d9209e7
- ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114
  ltc#192237).
- ibmvnic: fix send_request_map incompatible argument (bsc#1184114
  ltc#192237).
- ibmvnic: fix kernel build warnings in build_hdr_descs_arr
  (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning in strncpy (bsc#1184114
  ltc#192237).
- ibmvnic: Allow device probe if the device is not ready at boot
  (bsc#1184114 ltc#192237).
- ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
  (bsc#1184114 ltc#192237).
- commit b1f20e0
- btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#1187833).
- Refresh
  patches.suse/btrfs-check-return-value-of-btrfs_commit_transaction-in-relocation.patch.
- Refresh
  patches.suse/btrfs-suspend-qgroups-during-relocation-recovery.patch.
- commit ca4d23e
- btrfs: check return value of btrfs_commit_transaction in relocation (bsc#1187833).
- commit 72cdead
- btrfs: do proper error handling in merge_reloc_roots (bsc#1187833).
- commit a58d880
- btrfs: handle extent corruption with select_one_root properly (bsc#1187833).
- commit 0b8e99a
- btrfs: cleanup error handling in prepare_to_merge (bsc#1187833).
- commit c99940b
- btrfs: do not panic in __add_reloc_root (bsc#1187833).
- commit ed30dc8
- btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#1187833).
- commit b9ca752
- btrfs: unset reloc control if we fail to recover (bsc#1187833).
- Refresh patches.suse/btrfs-suspend-qgroups-during-relocation-recovery.patch.
- commit b37c098
- btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833).
- commit 82adb25
- ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224
  ltc#164363).
- commit 4fbec52
- btrfs: do proper error handling in create_reloc_inode (bsc#1187833).
- commit 3e7d899
- btrfs: remove the extent item sanity checks in relocate_block_group (bsc#1187833).
- commit 7d68d87
- ibmvnic: parenthesize a check (bsc#1184114 ltc#192237
  bsc#1183871 ltc#192139 git-fixes).
- ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840
  ltc#167098).
- Revert "/ibmvnic: remove duplicate napi_schedule call in open
  function"/ (bsc#1065729).
- commit 12f6e8c
- btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being  set improperly (bsc#1187833).
- commit fab018c
- btrfs: handle extent reference errors in do_relocation (bsc#1187833).
- commit bcbac5a
- btrfs: handle errors in reference count manipulation in replace_path (bsc#1187833).
- commit 205dfa8
- btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833).
- commit 552e776
- btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833).
- commit 6a0a8ea
- btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#1187833).
- commit 10f895e
- btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833).
- commit 944ca58
- btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#1187833).
- commit 7e242ca
- btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#1187833).
- commit 2b1fd96
- btrfs: change insert_dirty_subvol to return errors (bsc#1187833).
- commit bbb9a02
- btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#1187833).
- commit 60cbf3f
- btrfs: validate root::reloc_root after recording root in trans (bsc#1187833).
- commit 0dc7f03
- btrfs: do proper error handling in create_reloc_root (bsc#1187833).
- commit 607d41b
- btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833).
- commit c8ec76a
- btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833).
- commit af90619
- btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#1187833).
- commit 5d72578
- btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans (bsc#1187833).
- commit 4a36387
- btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#1187833).
- commit e15ea04
- btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#1187833).
- commit 27a2c9f
- btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block (bsc#1187833).
- commit ad5e88e
- btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#1187833).
- commit fa0619e
- btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees (bsc#1187833).
- commit 08b89c2
- btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#1187833).
- commit 5b6ba52
- btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange (bsc#1187833).
- commit 97f447a
- btrfs: do proper error handling in record_reloc_root_in_trans (bsc#1187833).
- commit 1deb5bd
- btrfs: check record_root_in_trans related failures in select_reloc_root (bsc#1187833).
- commit af870df
- btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#1187833).
- commit 608ab6c
- btrfs: handle errors from select_reloc_root() (bsc#1187833).
- commit d624a20
- btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833).
- commit 21b0727
- btrfs: remove err variable from do_relocation (bsc#1187833).
- Refresh
  patches.suse/btrfs-convert-some-bug_on-s-to-assert-s-in-do_relocation.patch.
- commit 3737d4a
- Btrfs: add missing error handling after doing leaf/node binary search (bsc#1187833).
- commit 149cead
- btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#1187833).
- commit bdbb109
- kthread: prevent deadlock when kthread_mod_delayed_work()
  races with kthread_cancel_delayed_work_sync() (bsc#1187867).
- commit 5c7c981
- kthread_worker: split code for canceling the delayed work timer
  (bsc#1187867).
- commit 5cb1799
- Revert "/ibmvnic: simplify reset_long_term_buff function"/
  (bsc#1186206 ltc#191041).
- commit af8a88d
- s390/stack: fix possible register corruption with stack switch
  helper (bsc#1185677).
- commit 74d2da9
- kernel: kexec_file: fix error return code of
  kexec_calculate_store_digests() (git-fixes).
- ima: Free IMA measurement buffer after kexec syscall
  (git-fixes).
- commit 38eadf8
- net/smc: remove device from smcd_dev_list after failed
  device_add() (git-fixes).
- commit 45adab5
- blacklist.conf: not fixing comments
- commit 56b3b1e
- SCSI: ufs: fix ktime_t kabi change (bsc#1187630).
- commit 2eda222
- net: stmmac: ensure that the device has released ownership
  before reading data (git-fixes).
- commit b268f32
- ravb: fix invalid context bug while changing link options by
  ethtool (git-fixes).
- commit 70ed7a0
- ravb: fix invalid context bug while calling auto-negotiation
  by ethtool (git-fixes).
- commit 8a60aaf
- net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes).
- commit 7e0ad74
- bpf: Fix leakage under speculation on mispredicted branches
  (bsc#1187554,CVE-2021-33624).
- commit daa92a2
- Added scsi ufs patch to blacklist: too invasive
- commit 90b1394
- blacklist.conf: 3fe1e56d0e68, 34e64705ad41, and ebfac7b778fa
  Commits 3fe1e56d0e68 ("/modules: unexport __module_text_address"/) and
  34e64705ad41 ("/modules: unexport __module_address"/) break kABI, and
  commit ebfac7b778fa is clang-specific.
- commit f5c7bb6
- kabi fix for NFSv4.1: Don't rebind to the same source port
  when reconnecting to the server (bnc#1186264).
- commit bb7e709
- NFS: Fix a potential NULL dereference in nfs_get_client()
  (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
  on error (git-fixes).
- commit 962fc63
- blacklist.conf: blacklist a doc fix and risky backport
- commit 116777e
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631).
- scsi: ufs: Fix imprecise load calculation in devfreq window
  (bsc#1187630).
- commit cd5b265
- Blacklisting SCSI ufs patch that requires conext not present.
- commit 3d023a4
- Update patch reference for a xfrm fix (CVE-2019-25045 bsc#1187049)
- commit 7a529d9
- Update patch reference for net keys fix (CVE-2021-0605 bsc#1187601)
- commit 69cb780
- af_key: pfkey_dump needs parameter validation (CVE-2021-0605
  bsc#1187601).
- commit 685407a
- Update patch reference for a HID fix (CVE-2021-0512 bsc#1187595)
- commit 3e295c6
- HID: make arrays usage and value to be the same (CVE-2021-0512
  bsc#1187595).
- commit 3d7a48c
- Update patch reference for a BT fix (CVE-2020-26558)
- commit ee30101
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- dmaengine: stedma40: add missing iounmap() on error in
  d40_probe() (git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- commit 2874a0e
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
  (git-fixes).
- usb: dwc3: ep0: fix NULL pointer exception (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
  (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
  (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- commit 8cfc832
- staging: rtl8723bs: Fix uninitialized variables (git-fixes).
- Bluetooth: use correct lock to prevent UAF of hdev object
  (git-fixes).
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
  failed connect (git-fixes).
- ALSA: timer: Fix master timer notification (git-fixes).
- efi: cper: fix snprintf() use in cper_dimm_err_location()
  (git-fixes).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
  (git-fixes).
- commit 0ca1ae6
- mei: request autosuspend after sending rx flow control
  (git-fixes).
- drm/amdgpu: Fix a use-after-free (git-fixes).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for
  ACPI (git-fixes).
- media: gspca: properly check for errors in po1030_probe()
  (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- libertas: register sysfs groups properly (git-fixes).
- dmaengine: qcom_hidma: comment platform_driver_register call
  (git-fixes).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly
  in setup_io (git-fixes).
- char: hpet: add checks after calling ioremap (git-fixes).
- commit 9948ed3
- vfio/platform: fix module_put call in error flow (git-fixes).
- vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
- vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
- HID: pidff: fix error return code in hid_pidff_init()
  (git-fixes).
- serial: rp2: use 'request_firmware' instead of
  'request_firmware_nowait' (git-fixes).
- platform/x86: hp-wireless: add AMD's hardware id to the
  supported list (git-fixes).
- serial: max310x: unregister uart driver in case of failure
  and abort (git-fixes).
- commit e0fb402
- video: hgafb: correctly handle card detect failure during probe (bsc#1129770)
- commit 8125f75
- video: hgafb: fix potential NULL pointer dereference (bsc#1129770)
  Backporting changes:
  * context changes
- commit 59633f5
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770)
  Backporting changes:
  * move from driver/video/fbdev/core to driver/video/console
  * context changes
- commit 422c763
- parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770)
- commit fa46fd6
- tracing: Do no increment trace_clock_global() by one
  (git-fixes).
- commit 06e15ef
- blacklist.conf: 4fdd595e4f9a ("/tracing: Do not stop recording comms if the trace file is being read"/)
  Mostly cosmetic.
- commit 69b9e40
- blacklist.conf: 85550c83da42 ("/tracing: Do not stop recording cmdlines when tracing is off"/)
  Mostly cosmetic fix. A backport would not be straightforward.
- commit 11e8529
- Blacklisting SCSI ufs patch that requires conext not present.
- commit 1f0720a
- can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693
  bsc#1187452).
- commit 8f80d3a
- scsi: ufs: core: Narrow down fast path in system suspend path
  (bsc#1186551).
- commit 4636cc3
- nvmet: use new ana_log_size instead the old one (bsc#1181161).
- commit d4d0d34
- kabi: fix nvme_wait_freeze_timeout() return type (bsc#1181161).
- commit 5e933f7
- scsi: hisi_sas: Remove preemptible() (bsc#1186638).
- commit 956ecdf
- nvme-multipath: fix double initialization of ANA state
  (bsc#1181161).
- commit 2cc0605
- x86/debug: Extend the lower bound of crash kernel low
  reservations (bsc#1153720).
- commit 30b5c1d
- nvme: have nvme_wait_freeze_timeout return if it timed out
  (bsc#1181161).
- Refresh patches.suse/nvme-introduce-nvme_sync_io_queues.patch.
- commit 045f17a
- UsrMerge the kernel (boo#1184804)
- Move files in /boot to modules dir
  The file names in /boot are included as %ghost links. The %post script
  creates symlinks for the kernel, sysctl.conf and System.map in
  /boot for compatibility. Some tools require adjustments before we
  can drop those links. If boot is a separate partition, a copy is
  used instead of a link.
  The logic for /boot/vmlinuz and /boot/initrd doesn't change with
  this patch.
- Use /usr/lib/modules as module dir when usermerge is active in the
  target distro.
- commit 6f5ed04
- ubifs: Only check replay with inode type to judge if inode
  linked (bsc#1187455).
- commit 779491f
- blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453).
- commit 135422d
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
- commit ce13622
- blacklist.conf: relevant only on unsupported systems
- commit f376a3d
- usb: typec: ucsi: Clear PPM capability data in ucsi_init()
  error path (git-fixes).
- commit 576412e
- SUNRPC: prevent port reuse on transports which don't request it
  (bnc#1186264).
- NFSv4.1: Don't rebind to the same source port when reconnecting
  to the server (bnc#1186264).
- commit fe9ea77
- nvme-rdma: use cancel tagset helper for tear down (bsc#1181161).
- commit 1916150
- nvme-rdma: add clean action for failed reconnection
  (bsc#1181161).
- commit 240af56
- nvme-rdma: fix reset hang if controller died in the middle of
  a reset (bsc#1181161).
- commit 5b8daba
- nvme-core: add cancel tagset helpers (bsc#1181161).
- commit 23f6258
- swiotlb: fix "/x86: Don't panic if can not alloc buffer for swiotlb"/ (git-fixes).
- commit 4d3e4f2
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- commit f67cbae
- scsi: sg: add sg_remove_request in sg_write (bsc#1186635).
- commit d18bd27
- dax: Add a wakeup mode parameter to put_unlocked_entry()
  (bsc#1187411).
- commit 8410dea
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- commit c318e2a
- USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions
  (git-fixes).
- commit f9faa66
- tracing: Correct the length check which causes memory corruption
  (git-fixes).
- commit 24d3633
- tracing: Restructure trace_clock_global() to never block
  (git-fixes).
- commit 9e04e53
- sched/fair: Don't assign runtime for throttled cfs_rq (git-fixes)
- commit 8ebb137
- ftrace: Free the trampoline when ftrace_startup() fails
  (git-fixes).
- commit 102a5fe
- blacklist.conf: 75d3e7f4769d ("/s390/test_unwind: fix possible memleak in test_unwind()"/)
  We build test_unwind kernel module out of tree.
- commit 5c80317
- ftrace: Do not blindly read the ip address in ftrace_bug()
  (git-fixes).
- commit 086872a
- sched/numa: Fix a possible divide-by-zero (git-fixes)
- commit 6711c8e
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- commit b95db18
- dax: Wake up all waiters after invalidating dax entry
  (bsc#1187411).
- commit 7040182
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- commit 21c6508
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at
  failed (bsc#1187408).
- commit 988ac11
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- commit 78050ac
- ext4: fix check to prevent false positive report of incorrect
  used inodes (bsc#1187404).
- commit dcbef4a
- blacklist.conf: needless API churn
- commit 84231ed
- blacklist.conf: needless API churn
- commit 938d12f
- block: Discard page cache of zone reset target range
  (bsc#1187402).
- commit 21bf716
- blacklist.conf: needless API change
- commit 95d57a7
- blacklist.conf: an optimization we do not want in older kernels
- commit 0c395ad
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC
  (git-fixes).
- commit 9556331
- USB: serial: ti_usb_3410_5052: add startech.com device id
  (git-fixes).
- commit ca5a06a
- USB: serial: option: add Telit LE910-S1 compositions 0x7010,
  0x7011 (git-fixes).
- commit 7954f7f
- sched/fair: Fix the min_vruntime update logic in (git-fixes)
- commit 2738874
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products
  (git-fixes).
- commit 5f9d6df
- blacklist.conf: not relevant to our kernels
- commit 3f4b79f
- USB: serial: quatech2: fix control-request directions
  (git-fixes).
- commit d152f8d
- blacklist.conf: would break kABI
- commit 6cf9a55
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- commit 6b30fe5
- sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes)
- commit 7f8b193
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- commit b68089c
- genirq/irqdomain: Don't try to free an interrupt that has no (git-fixes)
- commit e56acf6
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- commit ab47ba4
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- commit 4ddbb8f
- blacklist.conf: blacklisting a patch requiring USB PD 3.0, which we do
  not have
- commit b8723d7
- usb: typec: tcpm: Use LE to CPU conversion when accessing
  msg->header (git-fixes).
- commit ce4dd8c
- usb: typec: ucsi: Put fwnode in any case during ->probe()
  (git-fixes).
- commit d61826b
- blacklist.conf: update blacklist
- commit cd251a4
- Revert 337f13046ff0 ("/futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op"/) (git-fixes).
- commit 14cb21a
- blacklist: add commit 4f06dd92b5d0 ("/fuse: fix write deadlock"/)
  This is an ancient bug (from v2.6.26) which require extra backports.  Not
  worth the risk introducing new regressions.
- commit 8d8b36d
- rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
  The previous commit made a module wrongly into Module.optional.
  Although it didn't influence on the end result, better to fix it.
  Also, add a comment to explain the markers briefly.
- commit 8f79742
- blacklist.conf: d4c639990036 vmlinux.lds.h: Avoid orphan section with !SMP
- commit 5e60ce2
- Add arch-dependent support markers in supported.conf (bsc#1186672)
  We may need to put some modules as supported only on specific archs.
  This extends the supported.conf syntax to allow to put +arch additionally
  after the unsupported marker, then it'll be conditionally supported on
  that arch.
- commit 8cbdb41
- Create Symbols.list and ipa-clones.list determistically
  without this patch, filesystem readdir order would influence
  order of entries in these files.
  This patch was done while working on reproducible builds for SLE.
- commit a898b6d
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1187050, CVE-2020-36385)
- commit ee0f2cc
- Bluetooth: SMP: Fail if remote and local public keys are
  identical (bsc#1186463 CVE-2021-0129).
- commit effcfea
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure
  (bsc#1174978 bsc#1185701).
- commit 6d42a9e
- kernel-binary.spec.in: Add Supplements: for -extra package on Leap
  kernel-$flavor-extra should supplement kernel-$flavor on Leap, like
  it does on SLED, and like the kernel-$flavor-optional package does.
- commit c60d87f
- USB: cdc-acm: do not log successful probe on later errors
  (git-fixes).
- commit ba1c956
- USB: cdc-acm: always claim data interface (git-fixes).
- commit d2a211f
- ixgbe: fix large MTU request from VF (git-fixes).
- net: bnx2: Fix error return code in bnx2_init_board()
  (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb
  (git-fixes).
- commit 77c638c
- ixgbevf: add correct exception tracing for XDP (bsc#1113994
  FATE#326315 FATE#326317).
- cxgb4: avoid accessing registers when clearing filters
  (bsc#1136345 jsc#SLE-4681).
- tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT
  (bsc#1103990 FATE#326006).
- RDMA/mlx5: Recover from fatal event in dual port mode
  (bsc#1103991 FATE#326007).
- net: hns3: Limiting the scope of vector_ring_chain variable
  (bsc#1104353 FATE#326415).
- commit 5ff1fcf
- Bluetooth: Fix slab-out-of-bounds read in
  hci_extended_inquiry_result_evt() (CVE-2020-36386 bsc#1187038).
- commit e0be120
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is
  supported (bsc#1114648).
- commit d272c88
- scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
- commit e37fb3e
- series: Resort sorted section
- commit f65e61d
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- commit 483868b
- pid: take a reference when initializing `cad_pid` (bsc#1114648).
- commit 5fa1f1c
- Refresh   patches.suse/0016-btrfs-wakeup-cleaner-thread-when-adding-delayed-iput.patch.
  The cleaner wakeup code is supposed to be executed from
  btrfs_add_delayed_iput and not from btrfs_run_delayed_iputs.
- Refresh patches.suse/0001-btrfs-run-delayed-iput-at-unlink-time.patch.
- Refresh
  patches.suse/0004-btrfs-replace-cleaner_delayed_iput_mutex-with-a-waitqueue.patch.
- commit d0ccb23
- cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588
  bsc#1185861).
- commit 821e5ae
- blk-wbt: Fix missed wakeup (bsc#1186627).
- commit 735bd67
- ttyprintk: Add TTY hangup callback (git-fixes).
- commit 28d8f78
- Refresh patches.suse/bpf-prevent-out-of-bounds-speculation-on-pointer-ari.patch.
  Adjust the diff for fixup_bpf_calls() to apply to the correct code block
- commit dd58306
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- commit 41d6104
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref  itself (bsc#1135481).
- Refresh
  patches.suse/revert-btrfs-qgroup-move-half-of-the-qgroup-accounting-time-out-of-commit-trans.patch.
- commit d889435
- btrfs: use customized batch size for total_bytes_pinned (bsc#1135481).
  Turns out using the batched percpu api has an effect on timing w.r.t
  metadata/data reclaim. So backport this patch as well, side effect is
  it's also bringing the code closer to upstream so future backports shall
  be made easier.
- Refresh
  patches.suse/0003-btrfs-add-cleanup_ref_head_accounting-helper.patch.
- Refresh
  patches.suse/0005-btrfs-check-if-there-are-free-block-groups-for-commit.patch.
- Refresh
  patches.suse/0005-btrfs-introduce-delayed_refs_rsv.patch.
- Refresh
  patches.suse/0005-btrfs-move-the-space_info-handling-code-to-space-info-c.patch.
- Refresh
  patches.suse/0006-btrfs-update-may_commit_transaction-to-use-the-delayed-refs-rsv.patch.
- Refresh
  patches.suse/0007-btrfs-move-the-space-info-update-macro-to-space-info-h.patch.
- Refresh
  patches.suse/0009-btrfs-roll-tracepoint-into-btrfs_space_info_update-helper.patch.
- Refresh
  patches.suse/0011-btrfs-move-reserve_metadata_bytes-and-supporting-code-to-space-info-c.patch.
- Refresh
  patches.suse/0013-btrfs-migrate-the-block-group-removal-code.patch.
- Refresh
  patches.suse/0018-btrfs-export-block-group-accounting-helpers.patch.
- Refresh
  patches.suse/0019-btrfs-migrate-the-block-group-space-accounting-helpers.patch.
- Refresh
  patches.suse/0022-btrfs-migrate-the-delalloc-space-stuff-to-it-s-own-home.patch.
- Refresh
  patches.suse/btrfs-add-btrfs_reserve_data_bytes-and-use-it.patch.
- Refresh
  patches.suse/btrfs-add-the-data-transaction-commit-logic-into-may_commit_transaction.patch.
- Refresh
  patches.suse/btrfs-don-t-force-commit-if-we-are-data.patch.
- Refresh
  patches.suse/btrfs-extent-tree-add-trace-events-for-space-info-numbers-update.patch.
- Refresh
  patches.suse/btrfs-extent-tree-detect-bytes_pinned-underflow-earlier.patch.
- commit f74fc8c
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set
  NFS_V4_2 config (git-fixes).
- NFS: Don't corrupt the value of pg_bytes_written in
  nfs_do_recoalesce() (git-fixes).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
  (git-fixes).
- NFSv4: Fix a NULL pointer dereference in
  pnfs_mark_matching_lsegs_return() (git-fixes).
- NFS: fix an incorrect limit in filelayout_decode_layout()
  (git-fixes).
- NFSv4: Don't discard segments marked for return in
  _pnfs_return_layout() (git-fixes).
- NFSv42: Copy offload should update the file size when
  appropriate (git-fixes).
- SUNRPC: Move fault injection call sites (git-fixes).
- NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
  (git-fixes).
- NFS: Deal correctly with attribute generation counter overflow
  (git-fixes).
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
  (git-fixes).
- md: Fix missing unused status line of /proc/mdstat (git-fixes).
- sunrpc: fix refcount leak for rpc auth modules (git-fixes).
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
- svcrdma: disable timeouts on rdma backchannel (git-fixes).
- NFSv4.2: fix return value of _nfs4_get_security_label()
  (git-fixes).
- NFS: Don't gratuitously clear the inode cache when lookup failed
  (git-fixes).
- NFS: Don't revalidate the directory permissions on a lookup
  failure (git-fixes).
- x86: fix seq_file iteration for pat/memtype.c (git-fixes).
- SUNRPC: correct error code comment in xs_tcp_setup_socket()
  (git-fixes).
- net: fix iteration for sctp transport seq_files (git-fixes).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
  (git-fixes).
- commit 1dc32b4
- Move nfs backports into sorted section
- commit 4278c46
- kernel-binary.spec.in: build-id check requires elfutils.
- commit 01569b3
- kernel-binary.spec: Only use mkmakefile when it exists
  Linux 5.13 no longer has a mkmakefile script
- commit b453c7b
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- commit f5ff86f
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- commit f03fa3a
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- commit 3d82471
- btrfs: do async reclaim for data reservations (bsc#1135481).
- commit f4a0829
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- commit 85dc3df
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- commit 427037d
- btrfs: don't force commit if we are data (bsc#1135481).
- commit 9f6de64
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- commit a66af65
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- commit 7445627
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- commit e345f22
- btrfs: use ticketing for data space reservations (bsc#1135481).
- commit 7ba516e
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- commit 0e29992
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- commit 9b4e4ae
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- commit a4e8f90
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- commit 59982d5
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- commit 6af3d43
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- commit ec8b910
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- commit 040a965
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- commit 8f371a0
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- commit 79539b4
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- commit 8462c5d
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- commit a858d0b
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- commit 2fe9365
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- commit 6826a76
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- commit 62d89f1
- net: qed: RDMA personality shouldn't fail VF load (git-fixes).
- commit 88c00f1
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- commit ac56b73
- bnxt_en: Fix PCI AER error recovery flow (git-fixes).
- commit ca03530
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
  (bsc#1186700).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
  (bsc#1186701).
- scsi: be2iscsi: Revert "/Fix a theoretical leak in
  beiscsi_create_eqs()"/ (bsc#1186699).
- scsi: aacraid: Fix an oops in error handling (bsc#1186698).
- commit 9241688
- i2c: i801: Don't generate an interrupt on bus reset (git-fixes).
- commit 83e8404
- Btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481).
  Preparation for ticketed data space flushing in btrfs.
- Refresh
  patches.suse/0005-btrfs-introduce-delayed_refs_rsv.patch.
- Refresh
  patches.suse/Btrfs-fix-race-between-adding-and-putting-tree-mod-s.patch.
- Refresh
  patches.suse/btrfs-use-tagged-writepage-to-mitigate-livelock-of-snapshot.patch.
- commit 29f9ec2
- Btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481).
- commit 5d9d30e
- Btrfs: remove nr_async_bios (bsc#1135481).
- commit d2aad9c
- btrfs: use tagged writepage to mitigate livelock of snapshot  (bsc#1135481).
  Preparation for introducing ticketed space handling for data space. Due
  to the sequence of patches, the main patch has embedded in it changes
  from other patches which remove some unused arguments. This is done to
  ease backporting itself and shouldn't have any repercussions on
  functionality.
- Refresh
  patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch.
- Refresh
  patches.suse/btrfs-qgroup-don-t-commit-transaction-when-we-alread.patch.
- Refresh
  patches.suse/btrfs-qgroup-don-t-try-to-wait-flushing-if-we-re-alr.patch.
- Refresh
  patches.suse/btrfs-send-flush-dellaloc-in-order-to-avoid-data-los.patch.
- commit 5cf4e6a
- blacklist.conf: update blacklist
- commit 81788a3
- bpf: No need to simulate speculative domain for immediates
  (bsc#1186484,CVE-2021-33200).
- bpf: Fix leakage of uninitialized bpf stack under speculation (bsc#1186484,CVE-2021-33200).
  Refresh patches.suse/bpf-Wrap-aux-data-inside-bpf_sanitize_info-container.patch
- bpf: Fix masking negation logic upon negative dst register
  (bsc#1186484,CVE-2021-33200).
- commit b1c6278
- series.conf: Move an NFS patch up to where it belongs.
- commit 3d1a1ba
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- Refresh
  patches.suse/SUNRPC-in-case-of-backlog-hand-free-slots-directly-t.patch.
- commit 0679c1f
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528).
- commit a332c5a
- i2c: s3c2410: fix possible NULL pointer deref on read message
  after write (git-fixes).
- i2c: i801: Don't generate an interrupt on bus reset (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup()
  (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels
  (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register
  setting (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset
  issue (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- drm/meson: fix shutdown crash when component not probed
  (git-fixes).
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- commit d125e8b
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- NFC: fix resource leak when target index is invalid (git-fixes).
- NFC: fix possible resource leak (git-fixes).
- commit 143f654
- netfilter: conntrack: add new sysctl to disable RST check
  (bsc#1183947 bsc#1185950).
- commit a5af9d3
- ARM: footbridge: fix PCI interrupt mapping (git-fixes).
- commit 1e5d17d
- blacklist.conf: caam: add fixes which are missing dependencies
- commit b830165
- Revert "/Avoid potentially erroneos RST drop (bsc#1183947)."/
  A better fix has been discussed and submitted upstream.
  This reverts commit dfdf90e4ad8e3641716fcc13ba42f2fd93c617bf.
- commit 363032c
- Revert "/Don't drop out of segments RST if tcp_be_liberal is set"/
  upstream prefers a different sysctl for that.
  This reverts commit 4727a1cec317db8c8e34d8081f82f399986f2a0d.
- commit 07b7188
- netfilter: conntrack: improve RST handling when tuple is re-used
  (bsc#1183947 bsc#1185950).
- commit a4b5873
- netfilter: conntrack: tcp: only close if RST matches exact
  sequence (bsc#1183947 bsc#1185950).
- commit d58d316
- netfilter: conntrack: avoid misleading 'invalid' in log message
  (bsc#1183947 bsc#1185950).
- commit 8090662
- scsi: libfc: Avoid invoking response handler twice if ep is
  already completed (bsc#1186573).
- commit 0d4f7b3
- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
- commit 60c5b37
- bpf: Fix mask direction swap upon off reg sign change
  (bsc#1186484,CVE-2021-33200).
- bpf: Wrap aux data inside bpf_sanitize_info container
  (bsc#1186484,CVE-2021-33200).
- commit 3ce8728
- Update
  patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch
  (bsc#1177666 git-fixes bsc#1186460 ltc#192531).
- Update
  patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch
  (bsc#1087082 git-fixes bsc#1186460 ltc#192531).
- commit 70f4fdf
- scsi: sni_53c710: Add IRQ check (bsc#1186549).
- scsi: sun3x_esp: Add IRQ check (bsc#1186550).
- scsi: jazz_esp: Add IRQ check (bsc#1186531).
- scsi: hisi_sas: Fix IRQ checks (bsc#1186530).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration
  (bsc#1186528).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
  (bsc#1186538).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues()
  (bsc#1186542).
- scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
  (bsc#1186521).
- scsi: cxgb4i: Fix TLS dependency (bsc#1186526).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529).
- scsi: pm80xx: Fix error return in pm8001_pci_probe()
  (bsc#1186539).
- scsi: qedi: Fix missing destroy_workqueue() on error in
  __qedi_probe (bsc#1186543).
- scsi: qla4xxx: Remove in_interrupt() (bsc#1186546).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1186535).
- scsi: libfc: Fix enum-conversion warning (bsc#1186532).
- scsi: bnx2i: Requires MMU (bsc#1186522).
- scsi: ufs: Fix race between shutdown and runtime resume flow
  (bsc#1186554).
- scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520).
- scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
  (bsc#1186519).
- scsi: aacraid: Remove erroneous fallthrough annotation
  (bsc#1186516).
- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
  (bsc#1186523).
- scsi: qla4xxx: Fix an error handling path in
  'qla4xxx_get_host_stats()' (bsc#1186545).
- scsi: ufs: Properly release resources if a task is aborted
  successfully (bsc#1186555).
- scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
  (bsc#1186533).
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as
  NODATA (bsc#1186534).
- scsi: mesh: Fix panic after host or bus reset (bsc#1186537).
- scsi: scsi_debug: Add check for sdebug_max_queue during module
  init (bsc#1186547).
- scsi: eesox: Fix different dev_id between request_irq() and
  free_irq() (bsc#1186527).
- scsi: powertec: Fix different dev_id between request_irq()
  and free_irq() (bsc#1186540).
- scsi: cumana_2: Fix different dev_id between request_irq()
  and free_irq() (bsc#1186524).
- drbd: Remove uninitialized_var() usage (bsc#1186515).
- scsi: acornscsi: Fix an error handling path in acornscsi_probe()
  (bsc#1186518).
- scsi: ufs: Don't update urgent bkops level when toggling auto
  bkops (bsc#1186552).
- scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525).
- scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556).
- scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517).
- scsi: qedi: Check for buffer overflow in qedi_set_path()
  (bsc#1186541).
- scsi: sd: Fix optimal I/O size for devices that change reported
  values (bsc#1186548).
- commit 6cd3c4f
- kABI: powerpc/64: add back start_tb and accum_tb to
  thread_struct.
- commit ce8b78a
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287
  (git-fixes).
- leds: lp5523: check return value of lp5xx_read and jump to
  cleanup code (git-fixes).
- Revert "/leds: lp5523: fix a missing check of return value of
  lp55xx_read"/ (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are
  identical (git-fixes).
- commit a8640e1
- powerpc/pseries: lparcfg calculate PURR on demand (bsc#1186487
  ltc#177613).
- powerpc/64: remove start_tb and accum_tb from thread_struct
  (bsc#1186487 ltc#177613).
- commit 692986d
- uio_hv_generic: Fix another memory leak in error handling paths
  (git-fixes).
- uio_hv_generic: Fix a memory leak in error handling paths
  (git-fixes).
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc
  (git-fixes).
- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
- commit 41373eb
- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186452).
- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from
  fabric controller (bsc#1186452).
- scsi: lpfc: Add a option to enable interlocked ABTS before
  job completion (bsc#1186452).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to
  initialize the SGLs (bsc#1186452).
- scsi: lpfc: Ignore GID-FT response that may be received after
  a link flip (bsc#1186452).
- scsi: lpfc: Fix node handling for Fabric Controller and Domain
  Controller (bsc#1186452).
- scsi: lpfc: Fix Node recovery when driver is handling
  simultaneous PLOGIs (bsc#1186452).
- scsi: lpfc: Add ndlp kref accounting for resume RPI path
  (bsc#1186452).
- scsi: lpfc: Fix "/Unexpected timeout"/ error in direct attach
  topology (bsc#1186452).
- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186452).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created
  (bsc#1186452).
- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox
  command (bsc#1186452).
- commit 1f3ffea
- video: hyperv_fb: Add ratelimit on error message (bsc#1185724).
- commit f6806d9
- Drivers: hv: vmbus: Increase wait time for VMbus unload
  (bsc#1185724).
- commit f1e50ab
- Drivers: hv: vmbus: Initialize unload_event statically
  (bsc#1185724).
- commit 873d149
- Drivers: hv: vmbus: Use after free in __vmbus_open()
  (git-fixes).
- commit d401742
- usb: core: hub: fix race condition about TRSMRCY of resume
  (git-fixes).
- commit b4b66bd
- usb: xhci: Increase timeout for HC halt (git-fixes).
- commit fa28717
- xhci: Do not use GFP_KERNEL in (potentially) atomic context
  (git-fixes).
- commit cf1a0e1
- ipmi/watchdog: Stop watchdog timer when the current action is
  'none' (bsc#1184855).
- commit 8737c75
- ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
  (git-fixes).
- ALSA: hda/conexant: Re-order CX5066 quirk table entries
  (git-fixes).
- ALSA: hda/realtek: Remove redundant entry for ALC861
  Haier/Uniwill devices (git-fixes).
- ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries
  (git-fixes).
- commit 3dbd8cd
- ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries
  (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries
  (git-fixes).
- ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries
  (git-fixes).
- ALSA: sb: Fix two use after free in snd_sb_qsound_build
  (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
  (git-fixes).
- ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
- ALSA: rme9652: don't disable if not enabled (git-fixes).
- ALSA: hdspm: don't disable if not enabled (git-fixes).
- ALSA: hdsp: don't disable if not enabled (git-fixes).
- commit 65870a0
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K
  60Hz monitors are connected (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
  (git-fixes).
- cfg80211: scan: drop entry from hidden_list on overflow
  (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create()
  (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
  (git-fixes).
- extcon: arizona: Fix some issues when HPDET IRQ fires after
  the jack has been unplugged (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
  (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by
  8f211fe8ac7c4f (git-fixes).
- commit 2c77ae3
- Input: silead - add workaround for x86 BIOS-es which bring
  the chip up in a stuck state (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI
  instantiated devices (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue
  10 Pro 5055 (git-fixes).
- i2c: sh7760: fix IRQ error path (git-fixes).
- i2c: sh7760: add IRQ check (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- commit 65697d2
- mac80211: clear the beacon's CRC after channel switch
  (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init
  (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in
  adv7842_remove() (git-fixes).
- media: adv7604: fix possible use-after-free in adv76xx_remove()
  (git-fixes).
- media: em28xx: fix memory leak (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory
  leak bugs (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- commit cbdbf4d
- mmc: block: Update ext_csd.cache_ctrl if it was written
  (git-fixes).
- mmc: core: Set read only for SD cards with permanent write
  protect bit (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- commit 3726ef5
- pinctrl: samsung: use 'int' for register masks in Exynos
  (git-fixes).
- net: phy: intel-xway: enable integrated led functions
  (git-fixes).
- power: supply: s3c_adc_battery: fix possible use-after-free
  in s3c_adc_bat_remove() (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free
  in gab_remove() (git-fixes).
- power: supply: Use IRQF_ONESHOT (git-fixes).
- PCI: PM: Do not read power state in pci_enable_device_flags()
  (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- phy: phy-twl4030-usb: Fix possible use-after-free in
  twl4030_usb_remove() (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation
  (git-fixes).
- commit 5e70774
- usb: core: hub: fix race condition about TRSMRCY of resume
  (git-fixes).
- usb: xhci: Increase timeout for HC halt (git-fixes).
- usb: dwc3: omap: improve extcon initialization (git-fixes).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl()
  (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
  (git-fixes).
- usb: xhci: Fix port minor revision (git-fixes).
- commit 563f795
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
  (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
  (git-fixes).
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
  (git-fixes).
- vsock/vmci: log once the failed queue pair allocation
  (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
  (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
  (git-fixes).
- usb: sl811-hcd: improve misleading indentation (git-fixes).
- commit a13fccc
- usb: fotg210-hcd: Fix an error message (git-fixes).
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite
  (git-fixes).
- ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe
  failure (git-fixes).
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue
  (git-fixes).
- commit e843679
- btrfs: fix race when picking most recent mod log operation
  for an old root (bsc#1186439).
- btrfs: fix race between transaction aborts and fsyncs leading
  to use-after-free (bsc#1186441).
- commit 903f5ba
- scsi: core: Run queue in case of I/O resource contention failure
  (bsc#1186416).
- commit a5b2fa4
- cpufreq: Add NULL checks to show() and store() methods of
  cpufreq (bsc#1184040).
- cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown
  (bsc#1184040).
- commit 04b4bb1
- nvme-fc: clear q_live at beginning of association teardown
  (git-fixes).
- commit 9602170
- s390/kdump: fix out-of-memory with PCI (bsc#1182256 LTC#191375).
- commit 383ef42
- s390/dasd: fix hanging IO request during DASD driver unbind
  (bsc#1183754 LTC#192081).
- s390/dasd: fix hanging DASD driver unbind (bsc#1183754
  LTC#192081).
- commit 97004d6
- Revert an incorrect SMC NULL pointer dereference fix
- Delete patches.suse/net-smc-fix-a-null-pointer-dereference.
- blacklist.conf: Add the above commit.
- commit 8d7cdb2
- scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug
  (bsc#1185995).
- commit 28b6062
- ibmvnic: remove default label from to_string switch (bsc#1152457
  ltc#174432 git-fixes).
- commit 6ac458c
- mm: mempolicy: fix potential pte_unmap_unlock pte error
  (bsc#1185906).
- commit 5958019
- blacklist.conf: Blacklist SEV fixes which are for SLE15 not 12
- commit 7c39780
- i40e: fix broken XDP support (git-fixes).
- commit 6fa06e0
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters
  (jsc#SLE-4797).
- i40e: fix the restart auto-negotiation after FEC modified
  (jsc#SLE-4797).
- i40e: Fix use-after-free in i40e_client_subtask() (bsc#1101816
  FATE#325147 FATE#325149).
- mlxsw: spectrum_mr: Update egress RIF list before route's action
  (bsc#1112374).
- smc: disallow TCP_ULP in smc_setsockopt() (bsc#1109837).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
  (bsc#1113431).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy
  (bsc#1104353 FATE#326415).
- net: hns3: use netif_tx_disable to stop the transmit queue
  (bsc#1104353 FATE#326415).
- net: hns3: fix for vxlan gpe tx checksum bug (bsc#1104353
  FATE#326415).
- net: hns3: add check for HNS3_NIC_STATE_INITED in
  hns3_reset_notify_up_enet() (bsc#1104353 FATE#326415).
- net: hns3: initialize the message content in
  hclge_get_link_mode() (bsc#1126390).
- net: hns3: fix incorrect configuration for igu_egu_hw_err
  (bsc#1104353 FATE#326415).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv()
  (bsc#1103992 FATE#326009).
- RDMA/hns: Delete redundant condition judgment related to eq
  (bsc#1104427 FATE#326416).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
  (bsc#1104745 FATE#325918).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC
  (bsc#1109837).
- net: thunderx: Fix unintentional sign extension issue
  (git-fixes).
- cxgb4: Fix unintentional sign extension issues (bsc#1064802
  bsc#1066129).
- liquidio: Fix unintented sign extension of a left shift of a
  u16 (git-fixes).
- xsk: Respect device's headroom and tailroom on generic xmit path
  (bsc#1109837).
- netdevice: Add missing IFF_PHONY_HEADROOM self-definition
  (git-fixes).
- i40e: fix the panic when running bpf in xdpdrv mode (git-fixes).
- i40e: Fix sparse errors in i40e_txrx.c (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev
  (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- i40e: Added Asym_Pause to supported link modes (git-fixes).
- net/mlx5e: Fix error path for ethtool set-priv-flag (git-fixes).
- igb: check timestamp validity (git-fixes).
- igb: Fix duplicate include guard (git-fixes).
- e1000e: Fix duplicate include guard (git-fixes).
- net/qlcnic: Fix a use after free in
  qlcnic_83xx_get_minidump_template (git-fixes).
- e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
  (git-fixes).
- e1000e: add rtnl_lock() to e1000_reset_task (git-fixes).
- macvlan: macvlan_count_rx() needs to be aware of preemption
  (git-fixes).
- net/mlx4_en: update moderation when config reset (git-fixes).
- net: hns3: Fix for geneve tx checksum bug (bsc#1104353
  FATE#326415).
- commit c4abc8e
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP
  mode (bsc#1185758).
- commit 19f8052
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- commit f95167e
- powerpc/64s: Fix crashes when toggling entry flush barrier
  (bsc#1177666 git-fixes).
- commit 49a18f2
- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082 git-fixes).
- Refresh patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit dd997aa
- mm: mempolicy: make mbind() return -EIO when MPOL_MF_STRICT
  is specified (bsc#1185906).
- commit 6255792
- kabi: preserve struct header_ops after bsc#1176081 fix
  (bsc#1176081).
- commit da92f24
- af_packet: fix the tx skb protocol in raw sockets with ETH_P_ALL
  (bsc#1176081).
- commit cf2f9ad
- net/mlx5e: Trust kernel regarding transport offset
  (bsc#1176081).
- commit 96352c0
- net/mlx5e: Remove the wrong assumption about transport offset
  (bsc#1176081).
- commit 38cbd65
- net/packet: Remove redundant skb->protocol set (bsc#1176081).
- commit 16c0a52
- net/packet: Ask driver for protocol if not provided by user
  (bsc#1176081).
- commit b9c9867
- net/ethernet: Add parse_protocol header_ops support
  (bsc#1176081).
- commit 7f1c969
- net: Introduce parse_protocol header_ops callback (bsc#1176081).
- commit 164e308
- net: Don't set transport offset to invalid value (bsc#1176081).
  Refresh patches.suse/net-stricter-validation-of-untrusted-gso-packets.patch
- commit bc48b29
- kABI workaround for hci_chan amp field addition (CVE-2021-33034
  bsc#1186111).
- commit 53b1091
- Bluetooth: verify AMP hci_chan before amp_destroy
  (CVE-2021-33034 bsc#1186111).
- commit daddd4e
- Refresh
  patches.suse/kernel-smp-add-boot-parameter-for-controlling-CSD.patch.
- Refresh
  patches.suse/kernel-smp-add-more-data-to-CSD-lock-debugging.patch.
- Refresh
  patches.suse/kernel-smp-prepare-more-CSD-lock-debugging.patch.
- commit 5ad8838
- Correct CVE number for a mac80211 fix (CVE-2020-26139 bsc#1186062)
- commit 9e5446b
- net/nfc: fix use-after-free llcp_sock_bind/connect
  (CVE-2021-23134 bsc#1186060).
- commit 577df82
- KVM: s390: fix guarded storage control register handling
  (bsc#1133021).
- commit dca08ec
- kABI workaround for cfg80211 changes (CVE-2020-24586
  bsc#1185859).
- ath10k: Validate first subframe of A-MSDU before processing
  the list (CVE-2020-26141 bsc#1185863 bsc#1185987).
- ath10k: Fix TKIP Michael MIC verification for PCIe
  (CVE-2020-26141 bsc#1185863 bsc#1185987).
- ath10k: drop fragments with multicast DA for PCIe
  (CVE-2020-26145 bsc#1185860).
- mac80211: extend protection against mixed key and fragment
  cache attacks (CVE-2020-24586 bsc#1185859).
- mac80211: do not accept/forward invalid EAPOL frames
  (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586
  bsc#1185859).
- mac80211: check defrag PN against current frame (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: add fragment cache to sta_info (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185859).
- mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: properly handle A-MSDUs that start with an RFC 1042
  header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: prevent mixed key and fragment cache attacks
  (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: assure all fragments are encrypted (CVE-2020-26147
  bsc#1185863 bsc#1185859).
- commit f9c088d
- nvme-loop: Introduce no merge flag for biovec (bsc#1174682).
- commit 5f228ec
- ftrace: Handle commands when closing set_ftrace_filter file
  (git-fixes).
- commit 98e43e7
- tracing: Map all PIDs to command lines (git-fixes).
- commit 0fcc342
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938
  ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- commit e3724d2
- Refresh
  patches.suse/scsi-qla2xxx-Prevent-PRLI-in-target-mode.patch.
- commit 347c36a
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 65979e3
- proc: Avoid mixing integer types in mem_rw() (CVE-2021-3491
  bsc#1185642).
- commit fb84449
- blacklist: add commit b166a20b0738
  Mainline commit b166a20b0738 ("/net/sctp: fix race condition in
  sctp_destroy_sock"/) was found buggy so that it was reverted by commit
  01bfe5e8e428 ("/Revert "/net/sctp: fix race condition in sctp_destroy_sock"/"/)
  and replaced by a new fix, commit 34e5b0118685 ("/sctp: delay auto_asconf
  init until binding the first addr"/).
- commit 23ad848
- sctp: delay auto_asconf init until binding the first addr
  (CVE-2021-23133 bsc#1184675).
- commit c06b5aa
- tcp: fix to update snd_wl1 in bulk receiver fast path
  (bsc#1185827).
- commit c74da56
- bluetooth: eliminate the potential race condition when removing
  the HCI controller (CVE-2021-32399 bsc#1185898).
- commit 4b51cab
- Update patch reference for BT fix (CVE-2021-32399 bsc#1185898)
- commit 31eef43
- scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
- commit 068a51e
- dm: fix redundant IO accounting for bios that need splitting
  (bsc#1183738).
- commit a8fe9f8
- bpf: Fix masking negation logic upon negative dst register
  (git-fixes).
- commit b440c58
- kernel-docs.spec.in: Build using an utf-8 locale.
  Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- commit 0db6da1
- md-cluster: fix use-after-free issue when removing rdev
  (bsc#1184082).
- md: split mddev_find (bsc#1184081).
- md: factor out a mddev_find_locked helper from mddev_find
  (bsc#1184081).
- md: md_open returns -EBUSY when entering racing area
  (bsc#1184081).
- md: don't flush workqueue unconditionally in md_open
  (bsc#1184081).
- commit 5fa22d5
- phy: marvell: ARMADA375_USBCLUSTER_PHY should not default to y,
  unconditionally (git-fixes).
- clk: fix invalid usage of list cursor in unregister (git-fixes).
- clk: fix invalid usage of list cursor in register (git-fixes).
- clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
- cfg80211: remove WARN_ON() in cfg80211_sme_connect (git-fixes).
- gianfar: Handle error code at MAC address change (git-fixes).
- ASoC: intel: atom: Stop advertising non working S24LE support
  (git-fixes).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for
  some chips (git-fixes).
- regulator: bd9571mwv: Fix AVS and DVFS voltage range
  (git-fixes).
- drm/imx: imx-ldb: fix out of bounds array access warning
  (git-fixes).
- batman-adv: Don't always reallocate the fragmentation skb head
  (git-fixes).
- commit 1879486
- sata_mv: add IRQ checks (git-fixes).
- pata_ipx4xx_cf: fix IRQ check (git-fixes).
- rsxx: remove extraneous 'const' qualifier (git-fixes).
- crypto: qat - Fix a double free in adf_create_ring (git-fixes).
- crypto: qat - fix error path in adf_isr_resource_alloc()
  (git-fixes).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after
  adf_dev_init (git-fixes).
- crypto: qat - don't release uninitialized resources (git-fixes).
- pinctrl: lewisburg: Update number of pins in community
  (git-fixes).
- pcnet32: Use pci_resource_len to validate PCI resource
  (git-fixes).
- commit 7bc308a
- mfd: lpc_sch: Partially revert "/Add support for Intel Quark
  X1000"/ (git-fixes).
- mfd: stm32-timers: Avoid clearing auto reload register
  (git-fixes).
- mmc: mmc_spi: Drop unused NO_IRQ definition (git-fixes).
- mmc: core: Correct descriptions in mmc_of_parse() (git-fixes).
- pata_arasan_cf: fix IRQ check (git-fixes).
- media: dvbdev: Fix memory leak in dvb_media_device_free()
  (git-fixes).
- media: m88rs6000t: avoid potential out-of-bounds reads on arrays
  (git-fixes).
- media: omap4iss: return error code when omap4iss_get() failed
  (git-fixes).
- mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN
  (git-fixes).
- commit e69eff0
- clk: uniphier: Fix potential infinite loop (git-fixes).
- clk: exynos7: Mark aclk_fsys1_200 as critical (git-fixes).
- backlight: journada720: Fix Wmisleading-indentation warning
  (git-fixes).
- ata: libahci_platform: fix IRQ check (git-fixes).
- drm/omap: fix misleading indentation in pixinc() (git-fixes).
- drm/amdkfd: fix build error with AMD_IOMMU_V2=m (git-fixes).
- drm/radeon: fix copy of uninitialized variable back to userspace
  (git-fixes).
- dmaengine: dw: Make it dependent to HAS_IOMEM (git-fixes).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
- commit bbc1ca9
- pinctrl: core: Fix kernel doc string for pin_get_name()
  (git-fixes).
- i2c: jz4780: add IRQ check (git-fixes).
- i2c: emev2: add IRQ check (git-fixes).
- ath9k: Fix error check in ath9k_hw_read_revisions() for PCI
  devices (git-fixes).
- mac80211: bail out if cipher schemes are invalid (git-fixes).
- ipw2x00: potential buffer overflow in libipw_wx_set_encodeext()
  (git-fixes).
- rtlwifi: 8821ae: upgrade PHY and RF parameters (git-fixes).
- mt7601u: fix always true expression (git-fixes).
- nfc: pn533: prevent potential memory corruption (git-fixes).
- commit 4f3d3bb
- i2c: cadence: add IRQ check (git-fixes).
- ALSA: usb: midi: don't return -ENOMEM when usb_urb_ep_type_check
  fails (git-fixes).
- ALSA: usb-audio: Add error checks for
  usb_driver_claim_interface() calls (git-fixes).
- ALSA: core: remove redundant spin_lock pair in
  snd_card_disconnect (git-fixes).
- drm/i915/gvt: Fix error code in intel_gvt_init_device()
  (git-fixes).
- USB: serial: fix return value for unsupported ioctls
  (git-fixes).
- USB: serial: usb_wwan: fix unprivileged TIOCCSERIAL (git-fixes).
- usb: dwc3: gadget: Fix START_TRANSFER link state check
  (git-fixes).
- ALSA: aloop: Fix initialization of controls (git-fixes).
- commit 3ef3e83
- rtc: ds1307: Fix wday settings for rx8130 (git-fixes).
- spi: spi-ti-qspi: Free DMA resources (git-fixes).
- mtd: require write permissions for locking and badblock ioctls
  (git-fixes).
- soc: qcom: mdt_loader: Validate that p_filesz < p_memsz
  (git-fixes).
- usb: typec: tcpci: Check ROLE_CONTROL while interpreting
  CC_STATUS (git-fixes).
- staging: rtl8192u: Fix potential infinite loop (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_datagram payload
  (git-fixes).
- platform/x86: pmc_atom: Match all Beckhoff Automation baytrail
  boards with critclk_systems DMI table (git-fixes).
- commit 0dec572
- HID: plantronics: Workaround for double volume key presses
  (git-fixes).
- commit 3a5fd6a
- cpufreq: Kconfig: fix documentation links (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix workaround for switching
  from L1 to L0 (git-fixes).
- misc: vmw_vmci: explicitly initialize vmci_notify_bm_set_msg
  struct (git-fixes).
- misc: lis3lv02d: Fix false-positive WARN on various HP models
  (git-fixes).
- HID: wacom: set EV_KEY and EV_ABS only for non-HID_GENERIC
  type of devices (git-fixes).
- HID: wacom: Assign boolean values to a bool variable
  (git-fixes).
- HID: alps: fix error return code in alps_input_configured()
  (git-fixes).
- Input: nspire-keypad - enable interrupts only when opened
  (git-fixes).
- Input: i8042 - fix Pegatron C15B ID entry (git-fixes).
- commit 8b3ba31
- PCI: Release OF node in pci_scan_device()'s error path
  (git-fixes).
- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable
  'val' (git-fixes).
- docs: kernel-parameters: Add gpio_mockup_named_lines
  (git-fixes).
- docs: kernel-parameters: Move gpio-mockup for alphabetic order
  (git-fixes).
- clk: mvebu: armada-37xx-periph: Fix switching CPU freq from
  250 Mhz to 1 GHz (git-fixes).
- clk: mvebu: armada-37xx-periph: remove .set_parent method for
  CPU PM clock (git-fixes).
- ACPI: CPPC: Replace cppc_attr with kobj_attribute (git-fixes).
- bus: qcom: Put child node before return (git-fixes).
- bluetooth: eliminate the potential race condition when removing
  the HCI controller (git-fixes).
- commit 5331a6f
- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703
  ltc#192641).
- commit 7556481
- NFSv4: Replace closed stateids with the "/invalid special stateid"/ (bsc#1185481).
- commit a91ecf3
- md/raid1: properly indicate failure when ending a failed write
  request (bsc#1185680).
- commit 97cfe4b
- s390/entry: save the caller of psw_idle (bsc#1185677).
- commit 0077472
- rpm: drop /usr/bin/env in interpreter specification
  OBS checks don't like /usr/bin/env in script interpreter lines but upstream
  developers tend to use it. A proper solution would be fixing the depedency
  extraction and drop the OBS check error but that's unlikely to happen so
  that we have to work around the problem on our side and rewrite the
  interpreter lines in scripts before collecting files for packages instead.
- commit 45c5c1a
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e849c44
- rpm/constraints.in: bump disk space to 45GB on riscv64
- commit f8b883f
- rpm/constraints.in: remove aarch64 disk size exception
  obs://Kernel:stable/kernel-default/ARM/aarch64 currrently fails:
  installing package kernel-default-livepatch-devel-5.12.0-3.1.g6208a83.aarch64 needs 3MB more space on the / filesystem
  The stats say:
  Maximal used disk space: 31799 Mbyte
  By default, we require 35G. For aarch64 we had an exception to lower
  this limit to 30G there. Drop this exception as it is obviously no
  longer valid.
- commit ee00b50
- rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796)
  The product string was changed from openSUSE to Leap.
- commit 3cb7943
- EDAC/amd64: Save max number of controllers to family type
  (bsc#1180552).
  Refresh
  patches.suse/edac-amd64-fix-pci-component-registration.patch.
- commit 455d3cf
- EDAC/amd64: Gather hardware information early (bsc#1180552).
- commit 7e558c6
- EDAC/amd64: Make struct amd64_family_type global (bsc#1180552).
- commit a88cdd7
- rpm/split-modules: Avoid errors even if Module.* are not present
- commit 752fbc6
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
  This change allows to create kernel-*-optional subpackage containing
  the modules that are not shipped on SLE but only on Leap.  Those
  modules are marked in the new "/-!optional"/ marker in supported.conf.
  Flip split_optional definition in kernel-binaries.spec.in for the
  branch that needs the splitting.
- commit 1fa25f8
libX11
- redone U_CVE-2021-31535.patch due to regressions (boo#1186643)
  * fixes segfaults for xforms applications like fdesign
- U_CVE-2021-31535.patch
libesmtp
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
libgcrypt
- Security fix: [bsc#1187212, CVE-2021-33560]
  * Libgcrypt mishandles ElGamal encryption because it lacks exponent
    blinding to address a side-channel attack against mpi_powm
- Add patches:
  * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch
  * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
libjpeg-turbo
  fix CVE-2020-17541 [bsc#1186764], stack-based buffer overflow in the "/transform"/ component
  + libjpeg-turbo-CVE-2020-17541.patch
- security update
- added patches
libjpeg62-turbo
  fix CVE-2020-17541 [bsc#1186764], stack-based buffer overflow in the "/transform"/ component
  + libjpeg-turbo-CVE-2020-17541.patch
- security update
- added patches
libnettle
- Security fix: [CVE-2021-3580, bsc#1187060]
  * Remote crash in RSA decryption via manipulated ciphertext
  * Add libnettle-CVE-2021-3580.patch
libsolv
- fix heap-buffer-overflow in repodata_schema2id [CVE-2019-20387]
  [bnc#1161510]
- backport support for blacklisted packages to support ptf
  packages and retracted patches [jsc#SLE-17973]
- fix ruleinfo of complex dependencies returning the wrong origin
- fix SOLVER_FLAG_FOCUS_BEST updateing packages without reason
- fix add_complex_recommends() selecting conflicted packages in rare
  cases
- testcase_read: error out if repos are added or the system is changed
  too late [CVE-2021-3200] [bnc#1186229]
- fix potential segfault in resolve_jobrules
- fix solv_zchunk decoding error if large chunks are used
- bump version to 0.6.37
libxml2
- Security fix: [bsc#1186015, CVE-2021-3541]
  * Exponential entity expansion attack bypasses all existing
    protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
lifecycle-data-sle-live-patching
- Added data for 4_12_14-122_74, 4_12_14-95_77. (bsc#1020320)
- Added data for 4_12_14-122_66, 4_12_14-122_71, 4_12_14-95_74,
  4_4_180-94_144. (bsc#1020320)
multipath-tools
- Update to version 0.7.9+207+suse.58b7a57:
  * Improve handling of changed WWIDs and temporary failure
  to obtain WWID. Option "/disable_changed_wwids"/ is now ignored.
  (bsc#1184260)
  * enable negated regular expression syntax in conf file
    (bsc#1182917)
  * change default devnode blacklist to
    '!^(sd[a-z]|dasd[a-z]|nvme[0-9])'
  * fixes for SAS expanders (bsc#1178377, bsc#1178379, bsc#1177081)
- Update to version 0.7.9+201+suse.84066bc:
  Avoid "/illegal request"/ errors on non-RDAC storage
  (#bsc#1182072, bsc#1177371, bsc#1182072)
- Update to version 0.7.9+199+suse.951a622:
  Fix problem determining device node names in complex SAS topology
  (bsc#1178377, bsc#1178379)
- Update to version 0.7.9+197+suse.b681a9f:
  * fix issues with SAS expanders (bsc#1178377, bsc#1178379, bsc#1177081)
- Missing bugref: Added hwtable entry for ETERNUS AHB (bsc#1174026)
  * This is fixed since 0.7.9+195+suse.16740c5
ntp
- bsc#1186431: Fix a typo in %post .
- jsc#SLE-15482, ntp-clarify-interface.patch:
  Adjust the documentation to clarify that "/interface ignore all"/
  does not cover the wildcard and localhost addresses.
openssl-1_0_0
- The function X509_CERT_AUX_print() has a bug which may cause a read buffer overrun
  when printing certificate details. A malicious actor could construct a
  certificate to deliberately hit this bug, which may result in a crash of the
  application (causing a Denial of Service attack).
  * CVE-2021-3712
  * bsc#1189521
  * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_CERT_AUX_print.patch
pacemaker
- controller: re-joined node gets the host names of non-DC nodes (bsc#1180618)
  * bsc#1180618-0001-Fix-crmd-update-crm_peer_cache.patch
- iso8601: prevent sec overrun before adding up as long long
  * 0001-Fix-iso8601-prevent-sec-overrun-before-adding-up-as-.patch
- Update to version 1.1.24+20210224.476f63722:
- fencer: optimize merging of fencing history by removing unneeded entries on creation of history diff (bsc#1181744)
- fencing: new function stonith_op_state_pending() for checking if a fencing operation is in pending state (bsc#1181744)
- fencer: update outdated pending operations according to returned ones from remote peer history (bsc#1181744)
- fencer: broadcast returned fencing operations to update outdated pending ones in remote peer history (bsc#1181744)
- execd: Skips merging of canceled fencing monitors.(Fix:#CLBZ5393)
  * 0001-Mid-execd-Skips-merging-of-canceled-fencing-monitors.patch
- fencing: remove any devices that are not installed
  * 0001-Fix-fencing-remove-any-devices-that-are-not-installe.patch
- liblrmd: Limit node name addition to proxied attrd update commands (rh#1907726)
  * rh#1907726-0001-Fix-liblrmd-Limit-node-name-addition-to-proxied-attr.patch
- attrd: prevent leftover attributes of shutdown node in cib (bsc#1173668)
  * bsc#1173668-0001-Fix-attrd-prevent-leftover-attributes-of-shutdown-no.patch
- controller, Pacemaker Explained: improve the documentation of `stonith-watchdog-timeout` cluster option (bsc#1174696, bsc#1184557)
- scheduler: improve the documentation of `have-watchdog` cluster option (bsc#1174696, bsc#1184557)
- libpe_status: downgrade the message about the meaning of `have-watchdog=true` to info (bsc#1174696, bsc#1184557)
- scheduler: update migrate-fail-9 test for migration code change (bsc#1177212, bsc#1182607)
- scheduler: don't schedule a dangling migration stop if one already occurred (bsc#1177212, bsc#1182607)
- fenced: Remove relayed stonith operation.(Fix:CLBZ#5401) (bsc#1181744)
- scheduler: properly detect dangling migrations (bsc#1177212)
- scheduler: only successful ops count for migration comparisons (bsc#1177212)
- libpe_status: check for stops correctly when unpacking migration (bsc#1177212)
- fence-history: resync fence-history after stonithd crash (bsc#1181744)
- crmd: add notice-log for successful fencer-connect (bsc#1181744)
- crmd: remove-stonith-notifications upon connection-destroy (bsc#1181744)
- fence-history: add notification upon history-synced (bsc#1181744)
- st_client: make safe to remove notifications from notifications (bsc#1181744)
- fence-history: fail leftover pending-actions after stonithd-restart (bsc#1181744)
pam
- In the 32-bit compatibility package for 64-bit architectures,
  require "/systemd-32bit"/ to be also installed as it contains
  pam_systemd.so for 32 bit applications.
  [bsc#1185562, baselibs.conf]
- pam_limits: "/unlimited"/ is not a legitimate value for "/nofile"/
  (see setrlimit(2)). So, when "/nofile"/ is set to one of the
  "/unlimited"/ values, it is set to the contents of
  "//proc/sys/fs/nr_open"/ instead.
  Also changed the manpage of pam_limits to express this.
  [bsc#1181443, pam-bsc1181443-make-nofile-unlimited-mean-nr_open.patch]
psmisc
  * Fix bsc#1185208 to make private mount namespaces work as well
    as to distinguish NFS mounts from same remote device share.
- Remove patch bsc1185208.patch as now solved in main patch/commit
- Fix for SG#60627, bsc#1185208:
  * bsc1185208.patch: Don't list all processes from different private
    namespace when fuser is run on a NFS mount.
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
python-py-doc
- CVE-2020-29651.patch (bsc#1179805, CVE-2020-29651, bsc#1184505)
  * python-py: regular expression denial of service in svnwc.py
python-requests
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Fix build on SLE-12
  + Add python to BuildRequires for suse_version < 1500
- remove patch pr_5251-pytest5.patch, not needed anymore.
- update to version 2.24.0:
  - pyOpenSSL TLS implementation is now only used if Python
  either doesn't have an `ssl` module or doesn't support
  SNI. Previously pyOpenSSL was unconditionally used if available.
  This applies even if pyOpenSSL is installed via the
  `requests[security]` extra (#5443)
  - Redirect resolution should now only occur when
  `allow_redirects` is True. (#5492)
  - No longer perform unnecessary Content-Length calculation for
  requests that won't use it. (#5496)
- update to 2.23.0
- dropped merged_pr_5049.patch
- refreshed requests-no-hardcoded-version.patch
  * Remove defunct reference to prefetch in Session __attrs__
  * Requests no longer outputs password in basic auth usage warning
- Remove python-urllib3, python-certifi and ca-certificates from
  main package BuildRequires, not required for building.
- Do not require full python, (implicit) python-base is sufficient.
- Add two patches only updating test logic to remove pytest 3 pin
  - merged_pr_5049.patch
  - pr_5251-pytest5.patch
- Hardcode pytest 3.x series as upstream even in git does not work
  with newer versions (they pinned the release)
- Update to 2.22.0:
  * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)
- Rebase requests-no-hardcoded-version.patch
- Do not hardcode version requirements in setup.py allowing us to
  update and verify functionality on our own:
  * requests-no-hardcoded-version.patch
- Skip one more test that is flaky
- Do not depend on python-py
- Update few of the requirements
- update to version 2.21.0:
  * Requests now supports idna v2.8.
- Support older Red Hat platforms that don't offer "/Recommends:"/
- Move name ahead of version in spec file to resolve build issues
  on older distributions
- fdupe more thoroughly.
- update to version 2.20.1:
  * Bugfixes
    + Fixed bug with unintended Authorization header stripping for
    redirects using default ports (http/80, https/443).
python-urllib3
- Add %dir declaration for %{_licensedir}
- Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503)
  * Improve performance of sub-authority splitting in URL
- Update in SLE-12 (bsc#1182421, jsc#ECO-3352, jsc#PM-2485)
- Enable python2 builds
- Re-add file permissions in %file section
- Undo python2/3 split in %install section
- Skip test for RECENT_DATE. It is a test purely for developers.
  To maintain reproducibility, keep upstreams possibly outdated
  RECENT_DATE in the source code.
- Add CI variable, which makes timeouts in the test suite longer
  (gh#urllib3/urllib3#2109, bsc#1176389) and
  test_timeout_errors_cause_retries should not fail.
- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request
  method. (bsc#1177120, CVE-2020-26137)
- Generate pyc for ssl_match_hostname too
- update to 1.25.10:
  * Added support for ``SSLKEYLOGFILE`` environment variable for
    logging TLS session keys with use with programs like
    Wireshark for decrypting captured web traffic (Pull #1867)
  * Fixed loading of SecureTransport libraries on macOS Big Sur
    due to the new dynamic linker cache (Pull #1905)
  * Collapse chunked request bodies data and framing into one
  call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
  * Don't insert ``None`` into ``ConnectionPool`` if the pool
    was empty when requesting a connection (Pull #1866)
  * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
- update to 1.25.9 (bsc#1177120, CVE-2020-26137):
  * Added ``InvalidProxyConfigurationWarning`` which is raised when
    erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
    support connecting to HTTPS proxies but will soon be able to
    and we would like users to migrate properly without much breakage.
  * Drain connection after ``PoolManager`` redirect (Pull #1817)
  * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
  * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
  * Allow the CA certificate data to be passed as a string (Pull #1804)
  * Raise ``ValueError`` if method contains control characters (Pull #1800)
  * Add ``__repr__`` to ``Timeout`` (Pull #1795)
- Explicitly switch off building python 2 version.
- update to 1.25.8
  * Drop support for EOL Python 3.4
  * Optimize _encode_invalid_chars
  * Preserve chunked parameter on retries
  * Allow unset SERVER_SOFTWARE in App Engine
  * Fix issue where URL fragment was sent within the request target.
  * Fix issue where an empty query section in a URL would fail to parse.
  * Remove TLS 1.3 support in SecureTransport due to Apple removing support.
- Require a new enough release of python-six. 1.25.6 needs at least
  1.12.0 for ensure_text() and friends.
- Updae to 1.25.6:
  * Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Restrict the tornado dep from tom to 5 or older release as the
  6.x changed the API
- Update to 1.25.5:
  * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
  * Remove dependency on rfc3986 for URL parsing.
  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
  enough on its own
- Use have/skip_python2/3 macros to allow building only one flavour
- Add urllib3-remove-authorization-header-when-redirecting-cross-host.patch
  Remove Authorization header when redirecting cross-host
  (gh#urllib3/urllib3#1316,boo#1119376,CVE-2018-20060)
- Use old pytest 3.x as newer do not work with this release
  * this will be fixed with next release, just spread among
    numerous fixes in the git for quick backporting
- Fixup pre script: the migration issue happens when changing from
  python-urllib3 to python2-urllib3: the number of installed
  instances of python2-urlliib3 is at this moment 1, unlike in
  regular updates. This is due to a name change, which consists not
  of a pure package update.
- Provides/Obsoletes does not fix the issue: we have a
  directory-to-symlink switch, which cannot be handled by RPM
  internally. Assist using pre script (boo#1138715).
- Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides:
  python-urllib3, fixes boo#1138746
- Skip test_source_address_error as we raise different error with
  fixes that we provide in new python2/3
- Add more test to skip as with new openssl some behaviour changed
  and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Add missing dependency on python-six (bsc#1150895)
- Update to 1.25.3:
  * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
  * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
  * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
  * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
  * Add support for Google's Brotli package. (Pull #1572, Pull #1579)
  * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
  This makes the check to be run always and ensure the urls are
  "/secure"/.
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
  * Require and validate certificates by default when using HTTPS
  * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
  * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
    encrypted ``key_file`` without creating your own ``SSLContext`` object.
  * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
    implementations. (Pull #1496)
  * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
  * Fixed issue where OpenSSL would block if an encrypted client private key was
    given and no password was given. Instead an ``SSLError`` is raised.
  * Added support for Brotli content encoding. It is enabled automatically if
  ``brotlipy`` package is installed which can be requested with
  ``urllib3[brotli]`` extra.
  * Drop ciphers using DSS key exchange from default TLS cipher suites.
    Improve default ciphers when using SecureTransport.
  * Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
  - Implemented a more efficient HTTPResponse.__iter__() method.
    (Issue #1483)
  - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
    (Pull #1487)
  - Remove Authorization header regardless of case when
    redirecting to cross-site. (Issue #1510)
  - Added support for key_password for HTTPSConnectionPool to use
    encrypted key_file without creating your own SSLContext
    object. (Pull #1489)
  - Fixed issue where OpenSSL would block if an encrypted client
    private key was given and no password was given. Instead an
    SSLError is raised. (Pull #1489)
  - Require and validate certificates by default when using HTTPS
    (Pull #1507)
  - Added support for Brotli content encoding. It is enabled
    automatically if brotlipy package is installed which can be
    requested with urllib3[brotli] extra. (Pull #1532)
  - Add TLSv1.3 support to CPython, pyOpenSSL, and
    SecureTransport SSLContext implementations. (Pull #1496)
  - Drop ciphers using DSS key exchange from default TLS cipher
    suites. Improve default ciphers when using SecureTransport.
    (Pull #1496)
  - Add support for IPv6 addresses in subjectAltName section of
    certificates. (Issue #1269)
  - Switched the default multipart header encoder from RFC 2231
    to HTML 5 working draft. (Issue #303, PR #1492)
- Update to 1.24.1:
  * Remove quadratic behavior within GzipDecoder.decompress()
    (Issue #1467)
  * Restored functionality of ciphers parameter for
    create_urllib3_context(). (Issue #1462)
- Update to 1.24:
  * Allow key_server_hostname to be specified when initializing a PoolManager to allow custom SNI to be overridden. (Pull #1449)
  * Test against Python 3.7 on AppVeyor. (Pull #1453)
  * Early-out ipv6 checks when running on App Engine. (Pull #1450)
  * Change ambiguous description of backoff_factor (Pull #1436)
  * Add ability to handle multiple Content-Encodings (Issue #1441 and Pull #1442)
  * Skip DNS names that can't be idna-decoded when using pyOpenSSL (Issue #1405).
  * Add a server_hostname parameter to HTTPSConnection which allows for overriding the SNI hostname sent in the handshake. (Pull #1397)
  * Drop support for EOL Python 2.6 (Pull #1429 and Pull #1430)
  * Fixed bug where responses with header Content-Type: message/* erroneously raised HeaderParsingError, resulting in a warning being logged. (Pull #1439)
  * Move urllib3 to src/urllib3 (Pull #1409)
- Drop patch 1414.patch merged upstream
- Refresh patches:
  * python-urllib3-recent-date.patch
  * urllib3-ssl-default-context.patch
- Switch to multibuild to minize requirements for providing
  urllib3 module.
- fix dependency again for passing tests for python 2.x
- Do not use ifpython2 for BRs where it does not work
- add python-ipaddress dependency for python 2.x
- Drop not needed devel and nose deps
- update to 1.23
- add 1414.patch - fix tests with new tornado
- refresh python-urllib3-recent-date.patch
- drop urllib3-test-no-coverage.patch
  * Allow providing a list of headers to strip from requests when redirecting
  to a different host. Defaults to the Authorization header. Different
  headers can be set via Retry.remove_headers_on_redirect.
  * Fix util.selectors._fileobj_to_fd to accept long
  * Dropped Python 3.3 support.
  * Put the connection back in the pool when calling stream()
  or read_chunked() on a chunked HEAD response.
  * Fixed pyOpenSSL-specific ssl client authentication issue when clients
  attempted to auth via certificate + chain
  * Add the port to the connectionpool connect print
  * Don't use the uuid module to create multipart data boundaries.
  * read_chunked() on a closed response returns no chunks.
  * Add Python 2.6 support to contrib.securetransport
  * Added support for auth info in url for SOCKS proxy
python3-PyYAML
- Add pyyaml.CVE-2020-14343.patch (bsc#1174514 CVE-2020-14343)
  Prevents arbitrary code execution during python/object/* constructors
  This patch contains the upstream git commit a001f27 from the 5.4 release.
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- update to 5.3.1
  * fixes boo#1165439 (cve-2020-1747) Prevents arbitrary code execution
  during python/object/new constructor
- update to 5.3
  * Use `is` instead of equality for comparing with `None`
  * fix typos and stylistic nit
  * Fix up small typo
  * Fix handling of __slots__
  * Allow calling add_multi_constructor with None
  * Add use of safe_load() function in README
  * Fix reader for Unicode code points over 0xFFFF
  * Enable certain unicode tests when maxunicode not > 0xffff
  * Use full_load in yaml-highlight example
  * Document that PyYAML is implemented with Cython
  * Fix for Python 3.10
  * increase size of index, line, and column fields
  * remove some unused imports
  * Create timezone-aware datetimes when parsed as such
  * Add tests for timezone
- update to 5.2
  * A more flexible fix for custom tag constructors
  * Change default loader for yaml.add_constructor
  * Change default loader for add_implicit_resolver, add_path_resolver
  * Move constructor for object/apply to UnsafeConstructor
  * Fix logic for quoting special characters
python3-requests
- Update in SLE-12 (bsc#1176784, jsc#ECO-3105, jsc#PM-2352)
- Update to version 2.24.0
  * Improvements
    + pyOpenSSL TLS implementation is now only used if Python
    either doesn't have an `ssl` module or doesn't support
    SNI. Previously pyOpenSSL was unconditionally used if available.
    This applies even if pyOpenSSL is installed via the
    `requests[security]` extra (#5443)
  + Redirect resolution should now only occur when
    `allow_redirects` is True. (#5492)
  + No longer perform unnecessary Content-Length calculation for
    requests that won't use it. (#5496)
- from version 2.23.0
  * Improvements
    + Remove defunct reference to `prefetch` in Session `__attrs__` (#5110)
  * Bugfixes
    + Requests no longer outputs password in basic auth usage warning. (#5099)
  * Dependencies
    + Pinning for `chardet` and `idna` now uses major version instead of minor.
    This hopefully reduces the need for releases everytime a dependency is updated.
- from version 2.22.0
  * Dependencies
    + Requests now supports urllib3 v1.25.2.
    (note: 1.25.0 and 1.25.1 are incompatible)
  * Deprecations
    + Requests has officially stopped support for Python 3.4.
- from version 2.21.0
  * Dependencies
    + Requests now supports idna v2.8.
- from version 2.20.1
  * Bugfixes
    + Fixed bug with unintended Authorization header stripping for
    redirects using default ports (http/80, https/443).
- Add patch to remove hardcoded version requirements from setup.py
  + requests-no-hardcoded-version.patch
resource-agents
- ECO (jsc#SLE-18233)
  * Backport aws-vpc-move-ip patches to SLE12 codestreams.
  * (bsc#1186652) New GCP Load Balancer Resource Agent
  Add upstream patches:
    ECO-SLE-18233.diff
    0001-gcp-ilb-resource-wrapping-nc-or-socat-to-respond-to-.patch
  Add upstream patch:
rsyslog
- fix SIGSEV/SIGABRT in da-queue when using libfastjson (bsc#1187590)
  * add 0001-Fix-race-condition-related-to-libfastjson-when-using.patch
samba
- Update baselibs.conf to fix a problem updating 32bit libraries;
  (bsc#1187401);
- s3-libads: Fix LDAP TLS connections certificate validation;
  (bso#13124); (bsc#1184310);
sbd
- Revert "/Doc: adapt description of startup/shutdown sync with pacemaker"/
  * 0001-Revert-Doc-adapt-description-of-startup-shutdown-syn.patch
- Deprecated path "//var/run/"/ used in systemd-services (bsc#1185182)
- Update to version 1.4.2+20210305.926b554:
- sbd-inquisitor: take the defaults for the options set in sysconfig with empty strings (bsc#1183259)
- Update to version 1.4.2+20210305.57b84b5:
- sbd-inquisitor: prevent segfault if no command is supplied (bsc#1183237)
- Update to version 1.4.2+20210304.488a5b9:
- sbd-inquisitor,sbd-md: make watchdog warning messages more understandable (bsc#1182648)
- sbd-inquisitor: calculate the default timeout for watchdog warning based on the watchdog timeout consistently (bsc#1182648)
- sbd-inquisitor: ensure the timeout for watchdog warning specified with `-5` option is respected (bsc#1182648)
- sbd-common: ensure the default timeout for watchdog warning is about 3/5 of the default watchdog timeout (bsc#1182648)
- sbd-inquisitor: downgrade the warning about SBD_SYNC_RESOURCE_STARTUP to notice (bsc#1180966)
  * bsc#1180966-0001-Log-sbd-inquisitor-downgrade-the-warning-about-SBD_S.patch
- Update to version 1.4.2+20210129.5e2100f:
- Doc: adapt description of startup/shutdown sync with pacemaker
- Update to version 1.4.2+20201214.01c18c7:
- sbd-inquisitor: check SBD_SYNC_RESOURCE_STARTUP only in watch mode (bsc#1180966)
- Update to version 1.4.2+20201202.0446439 (v1.4.2):
- ship sbd.pc with basic sbd build information for downstream packages to use
- Update to version 1.4.1+20201105.507bd5f:
- sbd: inform the user to restart the sbd service (bsc#1179655)
- Update the uses of the systemd rpm macros
  * use '%service_del_postun_without_restart' instead of '%service_del_postun -n'
  * drop use of '%service_del_preun -n' as '-n' is unsafe and is deprecated
    This part still needs to be reworked as leaving services running why their
    package has been removed is unsafe.
- Update to version 1.4.1+20200819.4a02ef2:
- sbd-pacemaker: stay with basic string handling
- build: use configure for watchdog-default-timeout & others
- Update to version 1.4.1+20200807.7c21899:
- Update to version 1.4.1+20200727.1117c6b:
- make syncing of pacemaker resource startup configurable
- sbd-pacemaker: sync with pacemakerd for robustness
- Update to version 1.4.1+20200727.971affb:
- sbd-cluster: match qdevice-sync_timeout against wd-timeout
- Rebase:
  * bsc#1140065-Fix-sbd-cluster-exit-if-cmap-is-disconnected.patch
- Update to version 1.4.1+20200624.cee826a:
- sbd-pacemaker: handle new no_quorum_demote (rh#1850078)
shim
- Update shim to 15.4-4.7.1 from SLE15-SP3
  + Version: 15.4, "/Thu Jul 15 2021"/
  + Update the SLE signatures
  + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441,
    bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261,
    bsc#1187260, bsc#1185232.
- shim-install: instead of assuming "/removable"/ for Azure, remove
  fallback.efi from EFIBoot and copy grub.efi/cfg to EFIBoot
  to make EFIBoot bootable and keep the boot option created by
  efibootmgr (bsc#1185464, bsc#1185961)
- shim-install: always assume "/removable"/ for Azure to avoid the
  endless reset loop (bsc#1185464)
- Update to the unified shim binary from SLE15-SP3 for SBAT support
  (bsc#1182057)
  + Version: 15.4, "/Thu Apr 22 03:26:48 UTC 2021"/
supportutils
- Changes to version 3.0.10
  + Adding ethtool options g l m to network.txt (jsc#SLE-18239)
  + lsof options to improve performance (bsc#1186687)
  + Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
supportutils-plugin-ha-sap
- Update to version 0.0.2+git.1623772960.fed5aa7:
  to fix bsc#1187373
  * Added process list for sid<adm> user
  * Added ENSA1 and ENSA2 informational messages
  * Added filter to gather logs for "/sap_suse_cluster_connector"/
  * Fixed documentation links
  * Updated Documentation Links
  * Added Authentication Section and capture information about
    sid<adm> user
  * Added some additional logic.
  * Obscure clear text password from cluster resources using
    "/crm configure show"/ output
systemd
- Added 1001-basic-unit-name-do-not-use-strdupa-on-a-path.patch (CVE-2021-33910 bsc#1188063)
  This patch will be moved to the git repo once the bug will become
  public.
- Import commit 45e55ba407af6c95bb31ee6274a410221b270631
  7ee5d00c35 mount-util: shorten the loop a bit (#7545)
  d11f9ecd26 mount-util: do not use the official MAX_HANDLE_SZ (#7523)
  061ad6d042 mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  a3b6ac5b16 mount-util: fix bad indenting
  2f1216da61 mount-util: EOVERFLOW might have other causes than buffer size issues
  6aad8e1164 mount-util: fix error propagation in fd_fdinfo_mnt_id()
  7f212aaf82 mount-util: drop exponential buffer growing in name_to_handle_at_loop()
  575cd1cd59 udev: port udev_has_devtmpfs() to use path_get_mnt_id()
  6e640e0f72 mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
  f897e6fa6b mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
  9a99b8e39b mount-util: accept that name_to_handle_at() might fail with EPERM (#5499)
  2d37137b9a basic: fallback to the fstat if we don't have access to the /proc/self/fdinfo
- Import commit e41f1650e7f69f44569d5b27a7ca27b69b162792
  514ffd3db7 sysusers: use the usual comment style
  5aa120f089 test/TEST-21-SYSUSERS: add tests for new functionality
  8e55e98aae sysusers: allow admin/runtime overrides to command-line config
  dca71da06a basic/strv: add function to insert items at position
  0b0c80f431 sysusers: allow the shell to be specified
  57cf9a6680 sysusers: move various user credential validity checks to src/basic/
  cece58038d man: reformat table in sysusers.d(5)
  579642f528 sysusers: take configuration as positional arguments
  c3b02cbec6 sysusers: emit a bit more info at debug level when locking fails
  e1beaac365 sysusers: allow force reusing existing user/group IDs (#8037)
  c4dc42a352 sysusers: ensure GID in uid:gid syntax exists
  7a55d8caf3 sysusers: make ADD_GROUP always create a group
  895392a9a4 test: add TEST-21-SYSUSERS test
  753dc29ca0 sysuser: use OrderedHashmap
  5275d4e204 sysusers: allow uid:gid in sysusers.conf files
  a15c051441 sysusers: fix memleak (#4430)
  These commits implement the option '--replace' for systemd-sysusers
  so %sysusers_create_package can be introduced in SLE and packages
  can rely on this rpm macro without wondering whether the macro is
  available on the different target the package is submitted to.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
tigervnc
- tigervnc-FIPS-use-RFC7919.patch
  * Enable GnuTLS 3.6.0 and later to use Diffie-Hellman parameters
    from RFC7919 instead of generating our own, for FIPS compliance.
  * Specify RFC7919 parameters for GnuTLS older than 3.6.0.
  * bsc#1179809
timezone
- Install tzdata.zi (bsc#1188127)
xfsprogs
- xfs_repair: initialize realloced bplist in longform_dir2_entry_check
  (bsc#1187832)
  - add xfsprogs-xfs_repair-initialize-realloced-bplist-in-longform_d.patch
xterm
- xterm-CVE-2021-27135.patch: Fixed buffer-overflow when clicking
  on selected utf8 text. (bsc#1182091 CVE-2021-27135)
yast2-ftp-server
- Fix the label of the certificate input field (bsc#1183786).
- 3.4.2
zypper
- man: point out more clearly that patches update affected
  packages to the latest available version (bsc#1187466)
- version 1.13.59