avahi
- Update avahi-daemon-check-dns.sh from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking avahi-daemon-check-dns.sh (boo#1180827
  CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
bind
- dnssec-keygen can no longer generate HMAC keys.
  Use tsig-keygen instead.
  modified genDDNSkey script to reflect this.
  [vendor-files/tools/bind.genDDNSkey, bsc#1180933]
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
  negotiation can be targeted by a buffer overflow attack
  [bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]
containerd
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
  fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
  boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
  * 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
  bsc#1153367 bsc#1157330
docker
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
  bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
  * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
  It appears that SLES doesn't like the patch. bsc#1180401
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
  was fixed.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
  https://github.com/docker/docker-ce/releases/tag/v19.03.14
- Enable fish-completion
- Add a patch which makes Docker compatible with firewalld with
  nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
  (boo#1178801, SLE-16460)
  * boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Emergency fix: %requires_eq does not work with provide symbols,
  only effective package names. Convert back to regular Requires.
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md.
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
  spurrious errors due to Go returning -EINTR from I/O syscalls much more often
  (due to Go 1.14's pre-emptive goroutine support).
  - bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- Add BuildRequires for all -git dependencies so that we catch missing
  dependencies much more quickly.
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
docker-runc
- Switch to Go 1.13 for build.
gcc7
- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- add gcc7-pr81942.patch [bsc#1181618]
glibc
- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
  (CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
  IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
  bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
  non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
  /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
golang-github-docker-libnetwork
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
  It appears that SLES doesn't like the patch. bsc#1180401
- Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce.
  bsc#1180243
- Add patch which makes libnetwork compatible with firewalld with
  nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
  (boo#1178801, SLE-16460)
  * boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to libnetwork 026aabaa6598, which is required for Docker 19.03.12-ce.
grub2
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
  * 0028-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
  * 0029-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
  * 0030-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
  * 0031-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
  * 0032-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
  * 0033-util-mkimage-Improve-data_size-value-calculation.patch
  * 0034-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
  * 0035-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
  * 0036-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
  * 0019-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
  * 0021-kern-parser-Fix-resource-leak-if-argc-0.patch
  * 0022-kern-parser-Fix-a-memory-leak.patch
  * 0023-kern-parser-Introduce-process_char-helper.patch
  * 0024-kern-parser-Introduce-terminate_arg-helper.patch
  * 0025-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
  * 0026-kern-buffer-Add-variable-sized-heap-buffer.patch
  * 0027-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
  * 0020-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
  * 0018-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
  * 0017-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
  * 0001-mkimage-Clarify-file-alignment-in-efi-case.patch
  * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
  * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
  * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
  * 0005-efi-Add-secure-boot-detection.patch
  * 0006-kern-Add-lockdown-support.patch
  * 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
  * 0008-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
  * 0009-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
  * 0010-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
  * 0011-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
  * 0012-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
  * 0013-commands-setpci-Restrict-setpci-command-when-locked-.patch
  * 0014-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
  * 0015-gdb-Restrict-GDB-access-when-locked-down.patch
  * 0016-loader-xnu-Don-t-allow-loading-extension-and-package.patch
  * 0037-squash-Add-secureboot-support-on-efi-chainloader.patch
  * 0038-squash-grub2-efi-chainload-harder.patch
  * 0039-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
  * 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch
  * 0041-squash-kern-Add-lockdown-support.patch
- Add SBAT metadata section to grub.efi
  * grub2.spec
hawk2
- Update to version 2.6.0:
  * Use fullpath of binary (bsc#1181436)
  * remove %x (bsc#1182163)
java-1_8_0-ibm
- Update to Java 8.0 Service Refresh 6 Fix Pack 25
  [bsc#1182186, bsc#1181239, CVE-2020-27221, CVE-2020-14803]
  * CVE-2020-27221: Potential for a stack-based buffer overflow
    when the virtual machine or JNI natives are converting from
    UTF-8 characters to platform encoding.
  * CVE-2020-14803: Unauthenticated attacker with network access
    via multiple protocols allows to compromise Java SE.
kernel-default
- SLE15-SP1 went to LTSS, hand over to L3
- commit 547a203
- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049).
- commit 9a1258d
- kernfs: deal with kernfs_fill_super() failures (bsc#1181809).
- commit 2955da8
- Fix the inconsistent kfree() call at rawmidi (CVE-2020-27786 bsc#1179601
  Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit b3ad1de
- scsi: qla2xxx: Fix description for parameter
  ql2xenforce_iocb_limit (bsc#1179142).
- commit 547d89c
- Fix a bug in rawmidi UAF fix patch (bsc#1179601, CVE-2020-27786)
  Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit ce80dfa
- kABI: Fix kABI for extended APIC-ID support (bsc#1181260,
  jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260,
  jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where
  available (bsc#1181260, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE
  (bsc#1181260, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit
  (bsc#1181260, jsc#ECO-3191).
- x86/apic: Fix x2apic enablement without interrupt remapping
  (bsc#1181260, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260,
  jsc#ECO-3191).
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is
  not built (bsc#1181260, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported
  address widths (bsc#1181260, jsc#ECO-3191).
- commit bd17758
- nbd: freeze the queue while we're adding connections
  (bsc#1181504 CVE-2021-3348).
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- commit 447797a
- Move futex fixes into the sorted section (bsc#1181349 CVE-2021-3347)
- commit c34c9df
- drm/i915: Check for all subplatform bits (git-fixes).
- can: dev: prevent potential information leak in can_fill_info()
  (git-fixes).
- xhci: tegra: Delay for disabling LFPS detector (git-fixes).
- xhci: make sure TRB is fully written before giving it to the
  controller (git-fixes).
- USB: ehci: fix an interrupt calltrace error (git-fixes).
- ehci: fix EHCI host controller initialization sequence
  (git-fixes).
- ALSA: seq: oss: Fix missing error check in
  snd_seq_oss_synth_make_info() (git-fixes).
- ALSA: hda/via: Add minimum mute flag (git-fixes).
- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner
  fields (git-fixes).
- drm/nouveau/privring: ack interrupts the same way as RM
  (git-fixes).
- drm/nouveau/bios: fix issue shadowing expansion ROMs
  (git-fixes).
- ALSA: doc: Fix reference to mixart.rst (git-fixes).
- ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
- can: c_can: c_can_power_up(): fix error handling (git-fixes).
- commit 6556b1a
- Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347)
- commit afd051d
- Refresh patches.suse/futex-Handle-transient-ownerless-rtmutex-state-corre.patch
  As of patches.suse/0001-locking-futex-Allow-low-level-atomic-operations-to-r.patch
  we need to update the patch such that we set EAGAIN and avoid a warn (albeit benign).
- commit 96704b7
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
  (git-fixes).
- s390/qeth: fix locking for discipline setup / removal
  (git-fixes).
- s390/qeth: fix deadlock during recovery (git-fixes).
- s390/qeth: delay draining the TX buffers (git-fixes).
- commit eca39ca
- s390/cio: fix use-after-free in ccw_device_destroy_console
  (git-fixes).
- commit 2bcefd5
- net/smc: fix sleep bug in smc_pnet_find_roce_resource()
  (git-fixes).
- Refresh
  patches.suse/net-smc-switch-smcd_dev_list-spinlock-to-mutex.
- commit b63038e
- net/smc: cancel event worker during device removal (git-fixes).
- net/smc: check for valid ib_client_data (git-fixes).
- net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
- net/smc: receive returns without data (git-fixes).
- commit 4050493
- Refresh patches.suse/4.4.136-002-powerpc-64s-Clear-PCR-on-boot.patch
  Also clear PCR on POWER9 and in dt_cpu_ftrs.
- commit 6cd712e
- net/mlx5: Fix memory leak on flow table creation error flow
  (bsc#1046305 FATE#322943).
- igc: fix link speed advertising (jsc#SLE-4799).
- commit 37cbcd7
- Refresh
  patches.suse/0013-net-liquidio-Delete-non-working-LIQUIDIO_PACKAGE-che.patch.
- Delete
  patches.suse/0012-net-liquidio-Delete-driver-version-assignment.patch.
  As we don't have upstream commit 6a7e25c7fb48 ("/net/core: Replace driver
  version to be kernel version"/) in our trees, removing driver version
  assignments is wrong. Therefore removed commit and adapted fixes backport.
- commit 226c353
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- commit 0ba69a9
- futex: Handle faults correctly for PI futexes (bsc#1181349
  bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349
  bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state()
  (bsc#1181349 bsc#1149032).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
  (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349
  bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349
  bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi()
  (bsc#1181349 bsc#1149032).
- futex: Don't enable IRQs unconditionally in put_pi_state()
  (bsc#1149032).
- locking/futex: Allow low-level atomic operations to return
  - EAGAIN (bsc#1149032).
- commit 058c695
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- commit 786eb3d
- cxgb4: fix the panic caused by non smac rewrite (bsc#1064802
  bsc#1066129).
- commit b5006a4
- net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
- commit 3aea956
- net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (git-fixes). - Refresh patches.suse/net-dsa-b53-Rework-ARL-bin-logic.patch.
- commit a432764
- net/liquidio: Delete non-working LIQUIDIO_PACKAGE check
  (git-fixes).
- commit 61efd0a
- net/liquidio: Delete driver version assignment (git-fixes).
- commit 8fe74e2
- net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
- commit c6bce34
- net: atlantic: fix potential error handling (git-fixes).
- commit dbd80e5
- net: atlantic: fix use after free kasan warn (git-fixes).
- commit 038a344
- net: smc911x: Adjust indentation in smc911x_phy_configure
  (git-fixes).
- commit d99da08
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
  (git-fixes).
- commit a3ef2cc
- net/sonic: Add mutual exclusion for accessing shared state
  (git-fixes).
- commit 3796c70
- mlxsw: switchx2: Do not modify cloned SKBs during xmit
  (git-fixes).
- commit 1f71af0
- mlxsw: spectrum: Do not modify cloned SKBs during xmit
  (git-fixes).
- commit 606b6bb
- net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
- commit bd3b5d1
- RDMA/mlx5: Fix wrong free of blue flame register on error
  (bsc#1103991 FATE#326007).
- bnxt_en: Improve stats context resource accounting with RDMA
  driver loaded (bsc#1104745 FATE#325918).
- net/mlx5e: Fix two double free cases (bsc#1046305 FATE#322943).
- chtls: Fix chtls resources release sequence (bsc#1104270
  FATE#325931).
- chtls: Added a check to avoid NULL pointer dereference
  (bsc#1104270 FATE#325931).
- chtls: Replace skb_dequeue with skb_peek (bsc#1104270
  FATE#325931).
- chtls: Remove invalid set_tcb call (bsc#1104270 FATE#325931).
- chtls: Fix hardware tid leak (bsc#1104270 FATE#325931).
- net: hns3: fix the number of queues actually used by ARQ
  (bsc#1104353 FATE#326415).
- net: mvpp2: fix pkt coalescing int-threshold configuration
  (bsc#1098633).
- tun: fix return value when the number of iovs exceeds
  MAX_SKB_FRAGS (bsc#1109837).
- net: mvpp2: Fix GoP port 3 Networking Complex Control
  configurations (bsc#1098633).
- RDMA/cma: Don't overwrite sgid_attr after device is released
  (bsc#1103992 FATE#326009).
- ixgbe: avoid premature Rx buffer reuse (bsc#1109837
  FATE#326322).
- i40e: avoid premature Rx buffer reuse (bsc#1111981 FATE#326312
  FATE#326313).
- net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113
  FATE#326472).
- chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix panic during unload reload chtls (bsc#1104270
  FATE#325931).
- bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242
  FATE#322914).
- RDMA/hns: Bugfix for memory window mtpt configuration
  (bsc#1104427 FATE#326416).
- net/mlx5: Add handling of port type in rule deletion
  (bsc#1103991 FATE#326007).
- chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix memory leaks caused by a race (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix deadlock issue (bsc#1104270 FATE#325931).
- cxgb4: set up filter action after rewrites (bsc#1064802
  bsc#1066129).
- chelsio/chtls: fix tls record info to user (bsc#1104270
  FATE#325931).
- net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN
  tunnels (bsc#1109837).
- chelsio/chtls: correct function return and return type
  (bsc#1104270 FATE#325931).
- chelsio/chtls: correct netdevice for vlan interface (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix socket lock (bsc#1104270 FATE#325931).
- RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
  (bsc#1103992 FATE#326009).
- RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427
  FATE#326416).
- commit ddb281e
- blacklist.conf: add NFS patches which hurt kabi
- commit f3c5ae2
- nfsd4: readdirplus shouldn't return parent of export
  (git-fixes).
- commit 94a53d9
- net: hns3: fix a wrong reset interrupt status mask (git-fixes).
- commit f402199
- bnxt_en: return proper error codes in bnxt_show_temp
  (bsc#1104745 FATE#325918).
- cxgb4: fix all-mask IP address comparison (bsc#1064802
  bsc#1066129).
- IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
  (bsc#1103991 FATE#326007).
- RDMA/core: Ensure security pkey modify is not lost (bsc#1046306
  FATE#322942).
- RDMA/core: Fix pkey and port assignment in get_new_pps
  (bsc#1046306 FATE#322942).
- RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306
  FATE#322942).
- commit fb4b60c
- net: hns3: add compatible handling for command
  HCLGE_OPC_PF_RST_DONE (git-fixes).
- net: hns3: check reset interrupt status when reset fails
  (git-fixes).
- commit 3bdc4a9
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
  (git-fixes).
- net/mlx4_en: Avoid scheduling restart task if it is already
  running (git-fixes).
- cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
- net: ena: set initial DMA width to avoid intel iommu issue
  (git-fixes).
- i40e: Fix removing driver while bare-metal VFs pass traffic
  (git-fixes).
- bnxt_en: Release PCI regions when DMA mask setup fails during
  probe (git-fixes).
- bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
- bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
  (git-fixes).
- RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545
  FATE#322893).
- net: ethernet: mlx4: Avoid assigning a value to ring_cons but
  not used it anymore in mlx4_en_xmit() (git-fixes).
- net: team: fix memory leak in __team_options_register
  (git-fixes).
- net/mlx5e: Fix VLAN create flow (git-fixes).
- net/mlx5e: Fix VLAN cleanup flow (git-fixes).
- team: set dev->needed_headroom in team_setup_by_port()
  (git-fixes).
- bonding: set dev->needed_headroom in bond_setup_by_slave()
  (git-fixes).
- RDMA/core: Fix reported speed and width (bsc#1046306
  FATE#322942).
- RDMA/bnxt_re: Do not report transparent vlan from QP1
  (bsc#1104742 FATE#325917).
- cxgb4: fix thermal zone device registration (bsc#1104279
  FATE#325938 bsc#1104277 FATE#325936).
- bnxt_en: fix HWRM error when querying VF temperature
  (bsc#1104745 FATE#325918).
- bnxt_en: Don't query FW when netif_running() is false
  (bsc#1086282 FATE#324873).
- RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244
  FATE#322915).
- RDMA/core: Fix return error value in _ib_modify_qp() to negative
  (bsc#1103992 FATE#326009).
- RDMA/mlx5: Fix typo in enum name (bsc#1103991 FATE#326007).
- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
  (bsc#1103990 FATE#326006).
- net: hns3: fix a TX timeout issue (bsc#1104353 FATE#326415).
- net: hns3: fix error handling for desc filling (bsc#1104353
  FATE#326415).
- net: hns3: fix for not calculating TX BD send size correctly
  (bsc#1126390).
- mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
  (bsc#1112374).
- net: hns3: fix use-after-free when doing self test (bsc#1104353
  FATE#326415).
- net: hns3: add a missing uninit debugfs when unload driver
  (bsc#1104353 FATE#326415).
- cxgb4: move DCB version extern to header file (bsc#1104279
  FATE#325938).
- cxgb4: remove cast when saving IPv4 partial checksum
  (bsc#1074220).
- cxgb4: fix SGE queue dump destination buffer context
  (bsc#1073513).
- cxgb4: use correct type for all-mask IP address comparison
  (bsc#1064802 bsc#1066129).
- cxgb4: use unaligned conversion for fetching timestamp
  (bsc#1046540 bsc#1046648).
- xdp: Fix xsk_generic_xmit errno (bsc#1109837).
- net/filter: Permit reading NET in load_bytes_relative when
  MAC not set (bsc#1109837).
- RDMA/mlx5: Add init2init as a modify command (bsc#1103991
  FATE#326007).
- RDMA/hns: Fix cmdq parameter of querying pf timer resource
  (bsc#1104427 FATE#326416 bsc#1126206).
- net_failover: fixed rollback in net_failover_open()
  (bsc#1109837).
- igb: Report speed and duplex as unknown when device is runtime
  suspended (git-fixes).
- net/mlx5e: IPoIB, Drop multicast packets that this interface
  sent (bsc#1075020).
- ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
  (bsc#1109837 FATE#326322).
- veth: Adjust hard_start offset on redirect XDP frames
  (bsc#1109837).
- Revert "/crypto: chelsio - Inline single pdu only"/ (git-fixes).
- bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745
  FATE#325918).
- mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set
  in case reload fails (bsc#1112374).
- __netif_receive_skb_core: pass skb by reference (bsc#1109837).
- RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348
  jsc#SLE-4684).
- cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled
  (bsc#1109837).
- cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
- cxgb4: fix large delays in PTP synchronization (bsc#1046540
  bsc#1046648).
- qed: Fix use after free in qed_chain_free (bsc#1050536
  FATE#322898 bsc#1050538 FATE#322897).
- qed: Fix race condition between scheduling and destroying
  the slowpath workqueue (bsc#1086314 FATE#324886 bsc#1086313
  FATE#324885 bsc#1086301 FATE#3248881).
- virtio_net: Keep vnet header zeroed if XDP is loaded for small
  buffer (git-fixes).
- net: cbs: Fix software cbs to consider packet sending time
  (bsc#1109837).
- bnxt_en: Reset rings if ring reservation fails during open()
  (bsc#1086282 FATE#324873).
- cxgb4: fix throughput drop during Tx backpressure (bsc#1127354
  bsc#1127371).
- RDMA/core: Fix protection fault in get_pkey_idx_qp_list
  (bsc#1046306 FATE#322942).
- RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348
  jsc#SLE-4684).
- net: hns3: add management table after IMP reset (bsc#1104353
  FATE#326415).
- drivers: net: xgene: Fix the order of the arguments of
  'alloc_etherdev_mqs()' (git-fixes).
- cxgb4/cxgb4vf: fix flow control display for auto negotiation
  (bsc#1046540 FATE#322930 bsc#1046542 FATE#322928).
- net: hns3: reallocate SSU' buffer size when pfc_en changes
  (bsc#1104353 FATE#326415).
- net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990
  FATE#326006).
- net: hns3: fix mis-counting IRQ vector numbers issue
  (bsc#1104353 FATE#326415).
- RDMA/hns: bugfix for slab-out-of-bounds when loading hip08
  driver (bsc#1104427 FATE#326416).
- RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08
  driver (bsc#1104427 FATE#326416).
- net_sched: let qdisc_put() accept NULL pointer (bsc#1056657
  FATE#322189 bsc#1056653 FATE#322190 bsc#1056787).
- net: hns3: fix shaper parameter algorithm (bsc#1104353
  FATE#326415).
- net: hns3: fix error VF index when setting VLAN offload
  (bsc#1104353 FATE#326415).
- net: hns3: fix interrupt clearing error for VF (bsc#1104353
  FATE#326415).
- net: hns3: clear reset interrupt status in hclge_irq_handle()
  (git-fixes).
- nfp: validate the return code from dev_queue_xmit() (git-fixes).
- vhost/vsock: fix vhost vsock cid hashing inconsistent
  (git-fixes).
- commit b766aed
- scsi: ibmvfc: Set default timeout to avoid crash during
  migration (bsc#1181425 ltc#188252).
- commit 195b2a9
- blacklist.conf: add c8d647a326f0 xen/pvcallsback: use lateeoi irq binding
- commit 308c42d
- scsi: lpfc: Simplify bool comparison (bsc#1180891).
- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better
  readability (bsc#1180891).
- scsi: lpfc: Implement health checking when aborting I/O
  (bsc#1180891).
- scsi: lpfc: Fix vport create logging (bsc#1180891).
- scsi: lpfc: Fix NVMe recovery after mailbox timeout
  (bsc#1180891).
- scsi: lpfc: Fix target reset failing (bsc#1180891).
- scsi: lpfc: Fix error log messages being logged following SCSI
  task mgnt (bsc#1180891).
- scsi: lpfc: Prevent duplicate requests to unregister with
  cpuhp framework (bsc#1180891).
- scsi: lpfc: Fix FW reset action if I/Os are outstanding
  (bsc#1180891).
- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS
  requests (bsc#1180891).
- scsi: lpfc: Fix crash when a fabric node is released prematurely
  (bsc#1180891).
- scsi: lpfc: Refresh ndlp when a new PRLI is received in the
  PRLI issue state (bsc#1180891).
- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT
  for SLI3 (bsc#1180891).
- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
- commit 88024a9
- vfio iommu: Add dma available capability (bsc#1179573
  LTC#190106).
- commit c234a3f
- iio: ad5504: Fix setting power-down state (git-fixes).
- serial: mvebu-uart: fix tx lost characters at power off
  (git-fixes).
- usb: udc: core: Use lock when write to soft_connect (git-fixes).
- i2c: octeon: check correct size of maximum RECV_LEN packet
  (git-fixes).
- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
- drm/atomic: put state on error path (git-fixes).
- ACPI: scan: Make acpi_bus_get_device() clear return pointer
  on error (git-fixes).
- spi: cadence: cache reference clock rate during probe
  (git-fixes).
- ACPI: scan: Harden acpi_device_add() against device ID overflows
  (git-fixes).
- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
  (git-fixes).
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
  (git-fixes).
- ASoC: dapm: remove widget from dirty list on free (git-fixes).
- ACPI: scan: add stub acpi_create_platform_device() for
  !CONFIG_ACPI (git-fixes).
- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
- commit 4e17252
- blacklist.conf: add CONFIG_PROC_FS=n fix
- commit d506362
- net: vlan: avoid leaks on register_vlan_dev() failures
  (git-fixes).
- commit 588ae15
- s390/dasd: fix list corruption of lcu list (bsc#1181170
  LTC#190915).
- s390/dasd: fix list corruption of pavgroup group list
  (bsc#1181170 LTC#190915).
- s390/dasd: prevent inconsistent LCU device data (bsc#1181170
  LTC#190915).
- commit e73b11c
- s390/smp: perform initial CPU reset also for SMT siblings
  (git-fixes).
- commit 9853cb5
- net/af_iucv: set correct sk_protocol for child sockets
  (git-fixes).
- net/af_iucv: always register net_device notifier (git-fixes).
- commit aebe99b
- net/af_iucv: fix null pointer dereference on shutdown
  (bsc#1179563 LTC#190108).
- commit 0a706d4
- Drop drm/sun4i patches that broke the build
  They don't build properly on 32bit arm config
- commit ef6a2c5
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
  (bsc#1181231).
- KVM: x86/mmu: Commit zap of remaining invalid pages when
  recovering lpages (bsc#1181230).
- commit 3da333d
- netfilter: ctnetlink: add a range check for l3/l4 protonum
  (CVE-2020-25211 bsc#1176395).
- commit 92230c0
- blacklist.conf: Add a couple of VFIO/PCI and SWIOTLB fixes
- commit 9053ccf
- SUNRPC: cache: ignore timestamp written to 'flush' file
  (bsc#1178036).
- commit 0eac715
- Update
  patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch
  (CVE-2020-27673 XSA-332 bsc#1065600).
- Update
  patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
  (CVE-2020-27675 XSA-331 bsc#1177410).
- Update
  patches.suse/xen-events-don-t-use-chip_data-for-legacy-IRQs.patch
  (CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 77fc141
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770)
  Backporting changes:
  * context changes
- commit 2cc0fa0
- drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178)
  Backporting changes:
  * context changes
- commit 67fea56
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- commit 7b17926
- arm64: pgtable: Ensure dirty bit is preserved across
  pte_wrprotect() (bsc#1180130).
- arm64: pgtable: Fix pte_accessible() (bsc#1180130).
- commit 50f7568
- netfilter: clear skb->next in NF_HOOK_LIST() (bsc#1180765
  CVE-2021-20177).
- commit 979e397
- drm/amdkfd: Put ACPI table after using it (bsc#1129770)
  Backporting changes:
  * context changes
- commit d706a4a
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
  Backporting changes:
  * context changes
  * removed reference to msm_gem_is_locked()
- commit 2473171
- drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
- commit 74c8661
- drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
  Backporting changes:
  * context changes
  * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc
- commit 235aa45
- blacklist.conf: Append 'drm/i915: Clear the repeater bit on HDCP disable'
- commit dd4f37c
- blacklist.conf: Append 'drm/i915: Fix sha_text population code'
- commit 7f2c93c
- drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178)
  Backporting changes:
  * context changes
- commit 3d4aebe
- drm/i915: Fix sha_text population code (bsc#1112178)
  Backporting changes:
  * context changes
- commit b3b6c93
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 5511837
- blacklist.conf: Append 'drm/amd/powerplay: fix a crash when overclocking Vega M'
- commit 17cad3d
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 15580f1
- drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178)
  Backporting changes:
  * context changes
- commit fb51493
- drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
- commit 909795d
- drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
- commit 76afd33
- NFS: nfs_igrab_and_active must first reference the superblock
  (git-fixes).
- pNFS: Mark layout for return if return-on-close was not sent
  (git-fixes).
- net: sunrpc: interpret the return value of kstrtou32 correctly
  (git-fixes).
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
  (git-fixes).
- NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
- lockd: don't use interval-based rebinding over TCP (git-fixes).
- NFSv4.2: condition READDIR's mask for security label based on
  LSM state (git-fixes).
- md/raid10: initialize r10_bio->read_slot before use (git-fixes).
- md: fix a warning caused by a race between concurrent
  md_ioctl()s (git-fixes).
- nfs_common: need lock during iterate through the list
  (git-fixes).
- nfsd: Fix message level for normal termination (git-fixes).
- commit 4d661ca
- Remove patches.suse/nfs-mark-nfsiod-cpu-intensive.patch
  About to get replaced by upstream version.
- commit 7d82450
- tun: correct header offsets in napi frags mode (bsc#1180812
  CVE-2021-0342).
- commit 0ae29aa
- net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
  (git-fixes).
- commit 91e8143
- blacklist.conf: Removal of HMM function breaks KABI
- commit 1cd8ef8
- blacklist.conf: SLUB not enabled in kernel config
- commit 6202d29
- page_frag: Recover from memory pressure (git fixes
  (mm/pgalloc)).
- commit 4457ecd
- mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes
  (mm/hotplug)).
- commit 840f046
- blacklist.conf: CMA not enabled in kernel config
- commit 4513c12
- blacklist.conf: CMA not enabled in kernel config
- commit 016b829
- mm/slab: use memzero_explicit() in kzfree() (git fixes
  (mm/slab)).
- commit e7d7f67
- Refresh
  patches.suse/mm-fix-mremap-not-considering-huge-pmd-devmap.patch.
- commit 2a2a762
- blacklist.conf: SLUB not enabled in kernel config
- commit 1d41e83
- blacklist.conf: SLUB not enabled in kernel config
- commit f29f5d9
- mm/page_alloc: fix watchdog soft lockups during
  set_zone_contiguous() (git fixes (mm/pgalloc)).
- commit d02bb6f
- mm/rmap: map_pte() was not handling private ZONE_DEVICE page
  properly (git fixes (mm/hmm)).
- commit 433e971
- mm: hwpoison: disable memory error handling on 1GB hugepage
  (git fixes (mm/hwpoison)).
- commit 5bd329a
- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
- commit e44aeda
- Move the build fix for g2d driver into patches.suse
  It's actaully no kABI fix but the pure build fix, hence it must be
  out of patches.kabi
- commit 9c47154
- Refresh
  patches.suse/IB-hfi1-Ensure-correct-mm-is-used-at-all-times.patch.
  Fixed backport (removed one line too much, d'oh).
- commit 6dc4356
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
  CVE-2020-27835).
- commit 39a2b87
- net: stmmac: Enable 16KB buffer size (git-fixes).
- commit f223efb
- net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
- commit 3ccc81e
- net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
- commit 05ff9e2
- net: stmmac: Do not accept invalid MTU values (git-fixes).
- commit 63ae7fc
- net: usb: lan78xx: Fix error message format specifier (git-fixes).
- commit 3dd5ee1
- caif: no need to check return value of debugfs_create functions (git-fixes).
- commit 4fb5202
- drivers/net: Use octal not symbolic permissions (git-fixes). - Refresh patches.suse/msft-hv-1661-scsi-netvsc-Use-the-vmbus-function-to-calculate-ring.patch. - Refresh patches.suse/msft-hv-1707-hv_netvsc-fix-network-namespace-issues-with-VF-suppo.patch.
- commit e4e6ab9
- net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
- commit 5d03a23
- net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes).
- commit dc3e380
- net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes).
- commit 287fdc5
- Drop uvcvideo patch that doesn't build
- commit 298bbff
- blacklist.conf: remove invalid entry, already backported
- commit a469334
- blacklist.conf: Tables not used currently in-tree
- commit 2aec284
- blacklist.conf: UP not enabled in config
- commit 9b055fe
- blacklist.conf: build fix not relevant in our config
- commit eaf3550
- docs: Fix reST markup when linking to sections (git-fixes).
- commit 2ffe4fe
- blacklist.conf: kABI
- commit 546297f
- powerpc/perf: Fix crashes with generic_compat_pmu & BHRB
  (bsc#1178900 ltc#189284 git-fixes).
- commit 5b292b4
- powerpc/perf: Add generic compat mode pmu driver (bsc#1178900
  ltc#189284).
- powerpc/perf: init pmu from core-book3s (bsc#1178900
  ltc#189284).
- commit 2d3c61b
- x86/resctrl: Don't move a task to the same resource group
  (bsc#1112178).
- commit 162f4b0
- x86/resctrl: Use an IPI instead of task_work_add() to update
  PQR_ASSOC MSR (bsc#1112178).
- commit 304df7d
- net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
- commit 09d7b00
- net: bcmgenet: reapply manual settings to the PHY (git-fixes).
- commit 7d07690
- net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
- commit d3b5290
- net: phy: micrel: make sure the factory test bit is cleared
  (git-fixes).
- commit 043ec37
- net: stmmac: fix length of PTP clock's name string (git-fixes).
- commit 6c3c8e0
- net: stmmac: gmac4+: Not all Unicast addresses may be available
  (git-fixes).
- commit eac7cd9
- net: ethernet: stmmac: Fix signedness bug in
  ipq806x_gmac_of_parse() (git-fixes).
- commit bff5c88
- net: stmmac: dwmac-meson8b: Fix signedness bug in probe
  (git-fixes).
- commit 84a3dda
- net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
  (git-fixes).
- commit 227f036
- blacklist.conf: update the blacklist
- commit 250ebee
- USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
- usb: gadget: configfs: Preserve function ordering after bind
  failure (git-fixes).
- usb: gadget: select CONFIG_CRC32 (git-fixes).
- usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
- usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
  completion (git-fixes).
- USB: yurex: fix control-URB timeout handling (git-fixes).
- usb: chipidea: ci_hdrc_imx: add missing put_device() call in
  usbmisc_get_init_data() (git-fixes).
- USB: gadget: legacy: fix return error code in acm_ms_bind()
  (git-fixes).
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
  quirk set (git-fixes).
- dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
  (git-fixes).
- dmaengine: xilinx_dma: check dma_async_device_register return
  value (git-fixes).
- Revert "/device property: Keep secondary firmware node secondary
  by type"/ (git-fixes).
- wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
- wil6210: select CONFIG_CRC32 (git-fixes).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
  (git-fixes).
- ALSA: pcm: Clear the full allocated memory at hw_params
  (git-fixes).
- misc: vmw_vmci: fix kernel info-leak by initializing dbells
  in vmci_ctx_get_chkpt_doorbells() (git-fixes).
- media: gp8psk: initialize stats at power control logic
  (git-fixes).
- commit 2f3aec2
- x86/mtrr: Correct the range check before performing MTRR type
  lookups (bsc#1112178).
- commit 0c96651
- x86/mm: Fix leak of pmd ptlock (bsc#1112178).
- commit aeba3ea
- xen: support having only one event pending per watch
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit d884e81
- xen: revert Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 2a4a8da
- xen: revert Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6baf8b8
- xen: revert Support will_handle watch callback (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 3918801
- mm: don't wake kswapd prematurely when watermark boosting is
  disabled (git fixes (mm/vmscan)).
- commit b2e95ac
- xen: revert Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 9d30f4d
- xen: revert Disallow pending watch messages (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit d039881
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
  (bsc#1179509 XSA-350 CVE-2020-29569).
- commit 1aab73c
- xenbus/xenbus_backend: Disallow pending watch messages
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0cdf358
- xen/xenbus: Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit a14bb56
- xen/xenbus/xen_bus_type: Support will_handle watch callback
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 33a4600
- xen/xenbus: Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 5ef1497
- xen/xenbus: Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6f7a44e
- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list
  (bsc#1179093).
- sched/fair: Fix enqueue_task_fair() warning some more
  (bsc#1179093).
- sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
- sched/fair: Fix reordering of enqueue/dequeue_task_fair()
  (bsc#1179093).
- sched/fair: Reorder enqueue/dequeue_task_fair path
  (bsc#1179093).
- commit 1b239da
- Drop the previous drm/nouveau fix that turned out to be superfluous (CVE-2020-25639 bsc#1176846)
- commit 001c6e5
- Move upstreamed vgacon patch into sorted section
- commit 73d2a02
- drm: bail out of nouveau_channel_new if channel init fails
  (CVE-2020-25639 bsc#1176846).
- commit 55debf7
- btrfs: qgroup: don't try to wait flushing if we're already
  holding a transaction (bsc#1179575).
- commit bda1cb8
- x86/i8259: Use printk_deferred() to prevent deadlock
  (bsc#1112178).
- commit d166bf5
- Refresh patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch.
  Refresh to v2 URL
- commit 97aafaa
- blacklist.conf: 44623b2818f4 crypto: x86/crc32c - fix building with clang ias
- commit a557330
- x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
- commit 8dd9b08
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
- commit c485186
- scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049,
  git-fixes).
- commit 3730025
- Refresh
  patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- commit 5851206
- EDAC/amd64: Fix PCI component registration (bsc#1112178).
- commit 522b115
- Refresh patch metadata.
- Refresh patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch.
- commit d7a2a14
- btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
- commit 1d58635
- btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206).
- commit 01c5612
- btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
- Refresh
  patches.suse/revert-btrfs-qgroup-move-half-of-the-qgroup-accounting-time-out-of-commit-trans.patch.
- commit 91f3982
openssh
- Update openssh-7.7p1-audit.patch (bsc#1180501). This fixes
  occasional crashes on connection termination caused by accessing
  freed memory.
python-Jinja2
- Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244)
- CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have
  been called with untrusted user data (bsc#1181944).
  Added CVE-2020-28493.patch
python3
- Resync with python36 Factory package.
- Make this %primary_interpreter
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Change setuptools and pip version numbers according to new
  wheels (bsc#1179756).
salt
- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
- Added:
  * fix_regression_in_cmd_run_after_cve.patch
- Allow extra_filerefs as sanitized kwargs for SSH client
- Added:
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
- Fix errors with virt.update
- Added:
  * backport-commit-1b16478c51fb75c25cd8d217c80955feefb6.patch
- Fix for multiple for security issues
  (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)
  (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)
  (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)
  (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
- Added:
  * fix-for-some-cves-bsc1181550.patch
- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
  Fix virtual network generated DNS XML for SRV records
  Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
  * open-suse-3002.2-xen-grub-316.patch
  * virt-uefi-fix-backport-312.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
screen
- Fix double width combining char handling that could lead
  to a segfault [bnc#1182092] [CVE-2021-26937]
  new patch: combchar.diff
tcl
- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc.
yast2-packager
- Backport of PR#521.
- prevent race condition between log rotation and migration
  log backup (bsc#1166174)
- 4.1.52