avahi
- Update avahi-daemon-check-dns.sh from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking avahi-daemon-check-dns.sh (boo#1180827
  CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
bind
- dnssec-keygen can no longer generate HMAC keys.
  Use tsig-keygen instead.
  modified genDDNSkey script to reflect this.
  [vendor-files/tools/bind.genDDNSkey, bsc#1180933]
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
  negotiation can be targeted by a buffer overflow attack
  [bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]
containerd
- Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and
  fixes CVE-2020-15257. bsc#1178969 bsc#1180243
- Update to containerd v1.3.7, which is required for Docker 19.03.13-ce.
  boo#1176708 bsc#1177598 CVE-2020-15157
- Refresh patches:
  * 0001-makefile-remove-emoji.patch
- Use Go 1.13 for build.
  bsc#1153367 bsc#1157330
docker
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Update Docker to 19.03.15-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for
  bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches:
  * bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
  It appears that SLES doesn't like the patch. bsc#1180401
- Re-apply secrets fix for bsc#1065609 which appears to have been lost after it
  was fixed.
  * secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  * secrets-0002-SUSE-implement-SUSE-container-secrets.patch
- Add Conflicts and Provides for kubic flavour of docker-fish-completion.
- Update to Docker 19.03.14-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243
  https://github.com/docker/docker-ce/releases/tag/v19.03.14
- Enable fish-completion
- Add a patch which makes Docker compatible with firewalld with
  nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
  (boo#1178801, SLE-16460)
  * boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to Docker 19.03.13-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Emergency fix: %requires_eq does not work with provide symbols,
  only effective package names. Convert back to regular Requires.
- Update to Docker 19.03.12-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md.
- Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of
  spurrious errors due to Go returning -EINTR from I/O syscalls much more often
  (due to Go 1.14's pre-emptive goroutine support).
  - bsc1172377-0001-unexport-testcase.Cleanup-to-fix-Go-1.14.patch
- Add BuildRequires for all -git dependencies so that we catch missing
  dependencies much more quickly.
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1158590 bsc#1157330
docker-runc
- Switch to Go 1.13 for build.
dracut
- Update to version 049.1+suse.185.g9324648a:
  * 90kernel-modules: arm/arm64: Add reset controllers (bsc#1180336)
  * Prevent creating unexpected files on the host when running dracut (bsc#1176171)
glibc
- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
  (CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
  IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
  bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
  non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
  /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
golang-github-docker-libnetwork
[NOTE: This update was only ever released in SLES and Leap.]
- It turns out the boo#1178801 libnetwork patch is also broken on Leap, so drop
  the patch entirely. bsc#1180401 bsc#1182168
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE.
  It appears that SLES doesn't like the patch. bsc#1180401
- Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce.
  bsc#1180243
- Add patch which makes libnetwork compatible with firewalld with
  nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548
  (boo#1178801, SLE-16460)
  * boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Update to libnetwork 026aabaa6598, which is required for Docker 19.03.12-ce.
grub2
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
  * 0031-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
  * 0032-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
  * 0033-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
  * 0034-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
  * 0035-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
  * 0036-util-mkimage-Improve-data_size-value-calculation.patch
  * 0037-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
  * 0038-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
  * 0039-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
  * 0022-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
  * 0024-kern-parser-Fix-resource-leak-if-argc-0.patch
  * 0025-kern-parser-Fix-a-memory-leak.patch
  * 0026-kern-parser-Introduce-process_char-helper.patch
  * 0027-kern-parser-Introduce-terminate_arg-helper.patch
  * 0028-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
  * 0029-kern-buffer-Add-variable-sized-heap-buffer.patch
  * 0030-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
  * 0023-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
  * 0021-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
  * 0020-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
  * 0001-include-grub-i386-linux.h-Include-missing-grub-types.patch
  * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
  * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
  * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
  * 0005-efi-Add-secure-boot-detection.patch
  * 0006-efi-Only-register-shim_lock-verifier-if-shim_lock-pr.patch
  * 0007-verifiers-Move-verifiers-API-to-kernel-image.patch
  * 0008-efi-Move-the-shim_lock-verifier-to-the-GRUB-core.patch
  * 0009-kern-Add-lockdown-support.patch
  * 0010-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
  * 0011-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
  * 0012-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
  * 0013-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
  * 0014-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
  * 0015-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
  * 0016-commands-setpci-Restrict-setpci-command-when-locked-.patch
  * 0017-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
  * 0018-gdb-Restrict-GDB-access-when-locked-down.patch
  * 0019-loader-xnu-Don-t-allow-loading-extension-and-package.patch
  * 0040-shim_lock-Only-skip-loading-shim_lock-verifier-with-.patch
  * 0041-squash-Add-secureboot-support-on-efi-chainloader.patch
  * 0042-squash-grub2-efi-chainload-harder.patch
  * 0043-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
  * 0044-squash-kern-Add-lockdown-support.patch
  * 0045-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- Drop patch supersceded by the new backport
  * 0001-linuxefi-fail-kernel-validation-without-shim-protoco.patch
  * 0001-shim_lock-Disable-GRUB_VERIFY_FLAGS_DEFER_AUTH-if-se.patch
- Add SBAT metadata section to grub.efi
- Drop shim_lock module as it is part of core of grub.efi
  * grub2.spec
kernel-default
- scsi: qla2xxx: Fix description for parameter
  ql2xenforce_iocb_limit (bsc#1179142).
- commit f3ce867
- blacklist.conf: no need to fix code for CONFIG_KEXEC_JUMP
- commit 3abe54d
- blacklist.conf: e45122893a98 x86/fpu: Add kernel_fpu_begin_mask() to selectively initialize state
- commit f36235a
- nbd: freeze the queue while we're adding connections
  (CVE-2021-3348 bsc#1181504).
- commit 78453ee
- leds: trigger: fix potential deadlock with libata (git-fixes).
- commit d410ad0
-  Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347)
- commit b3fac23
- HID: wacom: Correct NULL dereference on AES pen proximity
  (git-fixes).
- HID: wacom: Fix memory leakage caused by kfifo_alloc
  (git-fixes).
- HID: wacom: Constify attribute_groups (git-fixes).
- HID: wacom: do not call hid_set_drvdata(hdev, NULL) (git-fixes).
- commit c0ccdd7
- ACPI/IORT: Do not blindly trust DMA masks from firmware
  (git-fixes).
- PM: hibernate: flush swap writer after marking (git-fixes).
- ACPI: sysfs: Prefer "/compatible"/ modalias (git-fixes).
- drm/i915: Check for all subplatform bits (git-fixes).
- drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported
  devices (git-fixes).
- commit 274cf96
- iomap: fix WARN_ON_ONCE() from unprivileged users (bsc#1181494).
- commit 2958b80
- net/smc: fix direct access to ib_gid_addr->ndev in
  smc_ib_determine_gid() (git-fixes).
- net/smc: fix valid DMBE buffer sizes (git-fixes).
- net/smc: fix sock refcounting in case of termination
  (git-fixes).
- net/smc: reset sndbuf_desc if freed (git-fixes).
- net/smc: set rx_off for SMCR explicitly (git-fixes).
- net/smc: fix dmb buffer shortage (git-fixes).
- net/smc: remove freed buffer from list (git-fixes).
- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
- net/smc: fix sleep bug in smc_pnet_find_roce_resource()
  (git-fixes).
- net/smc: cancel event worker during device removal (git-fixes).
- net/smc: check for valid ib_client_data (git-fixes).
- net/smc: fix cleanup for linkgroup setup failures (git-fixes).
- net/smc: no peer ID in CLC decline for SMCD (git-fixes).
- net/smc: transfer fasync_list in case of fallback (git-fixes).
- commit a9e7337
- mm: memcontrol: fix missing wakeup polling thread (bsc#1181584).
- commit c0272b7
- blacklist.conf: Add 4230e2deaa48 stop_machine, rcu: Mark functions as notrace
- commit 9596511
- blacklist.conf: Add 15ec0fcff6da kernel/sys.c: replace do_brk with do_brk_flags in comment of prctl_set_mm_map()
- commit 7773384
- ptrace: Set PF_SUPERPRIV when checking capability (bsc#1163930).
- ptrace: reintroduce usage of subjective credentials in
  ptrace_has_cap() (bsc#1163930).
- commit 1d6137d
- module: delay kobject uevent until after module init call (bsc#1178631).
- Refresh patches.suse/supported-flag
- commit 2796828
- vfio iommu: Add dma available capability (bsc#1179572
  LTC#190110).
- commit 6544fbc
- HID: multitouch: Remove MT_CLS_WIN_8_DUAL (git-fixes).
- Refresh
  patches.suse/HID-quirks-Always-poll-three-more-Lenovo-PixArt-mice.patch.
- commit bed41ce
- can: dev: prevent potential information leak in can_fill_info()
  (git-fixes).
- mt7601u: fix kernel crash unplugging the device (git-fixes).
- mt7601u: fix rx buffer refcounting (git-fixes).
- NFC: fix resource leak when target index is invalid (git-fixes).
- NFC: fix possible resource leak (git-fixes).
- firmware: imx: select SOC_BUS to fix firmware build (git-fixes).
- HID: multitouch: Apply MT_QUIRK_CONFIDENCE quirk for multi-input
  devices (git-fixes).
- media: rc: ensure that uevent can be read directly after rc
  device register (git-fixes).
- HID: multitouch: do not filter mice nodes (git-fixes).
- commit f7694e1
- series.conf: cleanup
- update upstream references and move into sorted section:
  patches.suse/0001-futex-Ensure-the-correct-return-value-from-futex_loc.patch
  patches.suse/0002-futex-Replace-pointless-printk-in-fixup_owner.patch
  patches.suse/0003-futex-Provide-and-use-pi_state_update_owner.patch
  patches.suse/0004-rtmutex-Remove-unused-argument-from-rt_mutex_proxy_u.patch
  patches.suse/0005-futex-Use-pi_state_update_owner-in-put_pi_state.patch
  patches.suse/0006-futex-Simplify-fixup_pi_state_owner.patch
  patches.suse/0007-futex-Handle-faults-correctly-for-PI-futexes.patch
- commit 16c5d87
- Move upstreamed sound patches into sorted section
- commit 84af2ff
- ALSA: hda/via: Apply the workaround generically for Clevo
  machines (git-fixes).
- ASoC: ak4458: correct reset polarity (git-fixes).
- ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
  (git-fixes).
- commit e5943b7
- xfs: show the proper user quota options (bsc#1181538).
- commit e34397a
- futex: Handle faults correctly for PI futexes (bsc#1181349
  bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349
  bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state()
  (bsc#1181349 bsc#1149032).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
  (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349
  bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349
  bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi()
  (bsc#1181349 bsc#1149032).
- futex: Remove unused empty compat_exit_robust_list()
  (bsc#1149032).
- futex: Remove needless goto's (bsc#1149032).
- commit 8a00d32
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- refresh patches.suse/suse-hv-kabi.patch
- commit 3bdfdcf
- btrfs: send: fix invalid clone operations when cloning from
  the same file and root (bsc#1181511).
- commit 090f75a
- fix patch metadata
- fix Patch-mainline:
  patches.suse/nfsd4-readdirplus-shouldn-t-return-parent-of-export.patch
- commit 2f3e2e1
- xhci: tegra: Delay for disabling LFPS detector (git-fixes).
- xhci: make sure TRB is fully written before giving it to the
  controller (git-fixes).
- USB: ehci: fix an interrupt calltrace error (git-fixes).
- ehci: fix EHCI host controller initialization sequence
  (git-fixes).
- i2c: bpmp-tegra: Ignore unknown I2C_M flags (git-fixes).
- platform/x86: ideapad-laptop: Disable touchpad_switch for
  ELAN0634 (git-fixes).
- drm/nouveau/kms/nv50-: fix case where notifier buffer is at
  offset 0 (git-fixes).
- drm/nouveau/mmu: fix vram heap sizing (git-fixes).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner
  fields (git-fixes).
- drm/nouveau/privring: ack interrupts the same way as RM
  (git-fixes).
- drm/nouveau/bios: fix issue shadowing expansion ROMs
  (git-fixes).
- drm/amdgpu/psp: fix psp gfx ctrl cmds (git-fixes).
- HID: Ignore battery for Elan touchscreen on ASUS UX550
  (git-fixes).
- HID: logitech-dj: add the G602 receiver (git-fixes).
- HID: multitouch: Enable multi-input for Synaptics
  pointstick/touchpad device (git-fixes).
- commit 6194af6
- blacklist.conf: unwanted NFS patches
- commit 6f9f1d0
- nfsd4: readdirplus shouldn't return parent of export
  (git-fixes).
- commit 5e9f700
- nvme-tcp: avoid request double completion for concurrent
  nvme_tcp_timeout (bsc#1181161).
- nvme-rdma: avoid request double completion for concurrent
  nvme_rdma_timeout (bsc#1181161).
- commit 7760e28
- x86/xen: avoid warning in Xen pv guest with
  CONFIG_AMD_MEM_ENCRYPT enabled (bsc#1181335).
- commit ada97e4
- xen-blkfront: allow discard-* nodes to be optional
  (bsc#1181346).
- commit 958c625
- xen/privcmd: allow fetching resource sizes (bsc#1065600).
- commit 21fc6aa
- scsi: ibmvfc: Set default timeout to avoid crash during
  migration (bsc#1181425 ltc#188252).
- commit 9a4138b
- series.conf: cleanup
- rename patches to get rid of numeric prefix (for easier resolve of merge conflict)
  patches.suse/0001-drm-rockchip-Avoid-uninitialized-use-of-endpoint-id-.patch -> patches.suse/drm-rockchip-Avoid-uninitialized-use-of-endpoint-id-.patch
  patches.suse/0002-drm-gma500-fix-double-free-of-gma_connector.patch -> patches.suse/drm-gma500-fix-double-free-of-gma_connector.patch
  patches.suse/0003-drm-aspeed-Fix-Kconfig-warning-subsequent-build-erro.patch -> patches.suse/drm-aspeed-Fix-Kconfig-warning-subsequent-build-erro.patch
  patches.suse/0004-drm-dp_aux_dev-check-aux_dev-before-use-in-drm_dp_au.patch -> patches.suse/drm-dp_aux_dev-check-aux_dev-before-use-in-drm_dp_au.patch
  patches.suse/0005-drm-mcde-Fix-handling-of-platform_get_irq-error.patch -> patches.suse/drm-mcde-Fix-handling-of-platform_get_irq-error.patch
  patches.suse/0006-drm-tve200-Fix-handling-of-platform_get_irq-error.patch -> patches.suse/drm-tve200-Fix-handling-of-platform_get_irq-error.patch
  (no effect on expanded tree)
- commit 772573f
- series.conf: cleanup
- move unsortable patch out of sorted section
  patches.suse/floppy-reintroduce-O_NDELAY-fix.patch
- commit 39bee61
- arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache()
  cache writeback (bsc#1152489).
- commit 852fa4b
- scsi: lpfc: Simplify bool comparison (bsc#1180891).
- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better
  readability (bsc#1180891).
- scsi: lpfc: Implement health checking when aborting I/O
  (bsc#1180891).
- scsi: lpfc: Fix crash when nvmet transport calls host_release
  (bsc#1180891).
- scsi: lpfc: Fix vport create logging (bsc#1180891).
- scsi: lpfc: Fix NVMe recovery after mailbox timeout
  (bsc#1180891).
- scsi: lpfc: Fix target reset failing (bsc#1180891).
- scsi: lpfc: Fix error log messages being logged following SCSI
  task mgnt (bsc#1180891).
- scsi: lpfc: Prevent duplicate requests to unregister with
  cpuhp framework (bsc#1180891).
- scsi: lpfc: Fix FW reset action if I/Os are outstanding
  (bsc#1180891).
- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS
  requests (bsc#1180891).
- scsi: lpfc: Fix crash when a fabric node is released prematurely
  (bsc#1180891).
- scsi: lpfc: Refresh ndlp when a new PRLI is received in the
  PRLI issue state (bsc#1180891).
- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT
  for SLI3 (bsc#1180891).
- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
- commit cdea5d0
- x86/topology: Make __max_die_per_package available
  unconditionally (bsc#1152489).
- commit 0e0c8a8
- x86/cpu/amd: Set __max_die_per_package on AMD (bsc#1152489).
- commit 3044309
- drm/i915/gt: Declare gen9 has 64 mocs entries! (git-fixes).
- drm/etnaviv: always start/stop scheduler in timeout processing
  (git-fixes).
- commit 6ef999c
- drm/i915/dsi: Use unconditional msleep for the panel_on_delay
  when there is no reset-deassert MIPI-sequence (git-fixes).
- drm/i915: clear the gpu reloc batch (git-fixes).
- drm/amdgpu: fix a GPU hang issue when remove device (git-fixes).
- drm/i915: Fix mismatch between misplaced vma check and vma
  insert (git-fixes).
- commit cc8174e
- drm/amdkfd: Fix leak in dmabuf import (git-fixes).
- drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).
- drm/msm/dsi_pll_10nm: restore VCO rate during restore_state
  (git-fixes).
- drm/msm/dpu: Add newline to printks (git-fixes).
- drm/meson: dw-hdmi: Register a callback to disable the regulator
  (git-fixes).
- drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()
  (git-fixes).
- drm/amdgpu: fix build_coefficients() argument (git-fixes).
- drm/amd/display: remove useless if/else (git-fixes).
- drm/tve200: Fix handling of platform_get_irq() error
  (git-fixes).
- drm/mcde: Fix handling of platform_get_irq() error (git-fixes).
- drm/dp_aux_dev: check aux_dev before use in
  drm_dp_aux_dev_get_by_minor() (git-fixes).
- drm/aspeed: Fix Kconfig warning & subsequent build errors
  (git-fixes).
- drm/gma500: fix double free of gma_connector (git-fixes).
- drm/i915/display/dp: Compute the correct slice count for VDSC
  on DP (git-fixes).
- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS
  (git-fixes).
- drm/i915/gt: Program mocs:63 for cache eviction on gen9
  (git-fixes).
- drm/tegra: sor: Disable clocks on error in tegra_sor_init()
  (git-fixes).
- drm/tegra: replace idr_init() by idr_init_base() (git-fixes).
- drm/i915/gt: Free stale request on destroying the virtual engine
  (git-fixes).
- drm/i915/gvt: return error when failing to take the module
  reference (git-fixes).
- drm/i915/gvt: Set ENHANCED_FRAME_CAP bit (git-fixes).
- drm/i915: Handle max_bpc==16 (git-fixes).
- drm/i915: Avoid memory leak with more than 16 workarounds on
  a list (git-fixes).
- drm/amd/display: Add missing pflip irq for dcn2.0 (git-fixes).
- drm/gma500: Fix out-of-bounds access to struct
  drm_device.vblank[] (git-fixes).
- drm/amdgpu: perform srbm soft reset always on SDMA resume
  (git-fixes).
- commit bd76ab9
- drm/nouveau/nouveau: fix the start/end range for migration
  (git-fixes).
- drm/vc4: drv: Add error handding for bind (git-fixes).
- drm/sun4i: frontend: Fix the scaler phase on A33 (git-fixes).
- drm/sun4i: frontend: Reuse the ch0 phase for RGB formats
  (git-fixes).
- drm/sun4i: frontend: Rework a bit the phase data (git-fixes).
- drm/amd/display: Don't invoke kgdb_breakpoint() unconditionally
  (git-fixes).
- drm/amdgpu: increase the reserved VM size to 2MB (git-fixes).
- drm/amdgpu: don't map BO in reserved region (git-fixes).
- drm/amdgpu: add DID for navi10 blockchain SKU (git-fixes).
- drm/i915: Drop runtime-pm assert from vgpu io accessors
  (git-fixes).
- drm/i915: Force VT'd workarounds when running as a guest OS
  (git-fixes).
- drm/i915/gt: Delay execlist processing for tgl (git-fixes).
- commit d9edd32
- drm/amdkfd: Use same SQ prefetch setting as amdgpu (git-fixes).
- drm/amd/display: Avoid MST manager resource leak (git-fixes).
- drm/amdgpu: correct the gpu reset handling for job != NULL case
  (git-fixes).
- drm/ttm: fix eviction valuable range check (git-fixes).
- drm/amd/display: HDMI remote sink need mode validation for Linux
  (git-fixes).
- drm/amd/display: Increase timeout for DP Disable (git-fixes).
- drm/i915: Break up error capture compression loops with
  cond_resched() (git-fixes).
- drm/msm/a6xx: fix a potential overflow issue (git-fixes).
- drm/panfrost: add amlogic reset quirk callback (git-fixes).
- drm/bridge/synopsys: dsi: add support for non-continuous HS
  clock (git-fixes).
- commit 3790415
- drm/brige/megachips: Add checking if ge_b850v3_lvds_init()
  is working correctly (git-fixes).
- drm/nouveau/mem: guard against NULL pointer access in mem_del
  (git-fixes).
- drm/amdgpu: prevent double kfree ttm->sg (git-fixes).
- drm/sun4i: mixer: Extend regmap max_register (git-fixes).
- commit f36768e
- drm/i915: Filter wake_flags passed to default_wake_function
  (git-fixes).
- drm/amdgpu/dc: Require primary plane to be enabled whenever
  the CRTC is (git-fixes).
- drm/amd/display: update nv1x stutter latencies (git-fixes).
- drm/amdkfd: fix a memory leak issue (git-fixes).
- drm/tve200: Stabilize enable/disable (git-fixes).
- drm/msm: Disable preemption on all 5xx targets (git-fixes).
- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).
- drm/amd/pm: avoid false alarm due to confusing
  softwareshutdowntemp setting (git-fixes).
- drm/omap: fix incorrect lock state (git-fixes).
- drm/amd/display: Fix memleak in amdgpu_dm_mode_config_init
  (git-fixes).
- drm/amd/display: Retry AUX write when fail occurs (git-fixes).
- drm/amd/display: Reject overlay plane configurations in
  multi-display scenarios (git-fixes).
- drm/msm/a6xx: fix gmu start on newer firmware (git-fixes).
- drm/msm: add shutdown support for display platform_driver
  (git-fixes).
- drm/msm/dpu: Fix scale params in plane validation (git-fixes).
- drm/i915/selftests: Avoid passing a random 0 into ilog2
  (git-fixes).
- drm/amdgpu: Fix bug where DPM is not enabled after hibernate
  and resume (git-fixes).
- drm/amd/display: dchubbub p-state warning during surface planes
  switch (git-fixes).
- commit 64cc324
- drm: Added orientation quirk for ASUS tablet model T103HAF
  (git-fixes).
- drm/amdkfd: fix restore worker race condition (git-fixes).
- drm/nouveau/dispnv50: fix runtime pm imbalance on error
  (git-fixes).
- drm/nouveau: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/debugfs: fix runtime pm imbalance on error
  (git-fixes).
- commit 406e9f7
- drm/exynos: dsi: Remove bridge node reference in error handling
  path in probe function (git-fixes).
- drm: rcar-du: Set primary plane zpos immutably at initializing
  (git-fixes).
- drm/amdgpu/sriov add amdgpu_amdkfd_pre_reset in gpu reset
  (git-fixes).
- drm/msm/a5xx: Always set an OPP supported hardware value
  (git-fixes).
- drm/msm: fix leaks if initialization fails (git-fixes).
- drm/amd/display: Stop if retimer is not available (git-fixes).
- drm/amdgpu: increase atombios cmd timeout (git-fixes).
- drm/omap: dss: Cleanup DSS ports on initialisation failure
  (git-fixes).
- commit db34b82
- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing
  panic (git-fixes).
- drm/omap: fix possible object reference leak (git-fixes).
- drm/amdgpu: fix calltrace during kmd unload(v3) (git-fixes).
- drm/scheduler: Avoid accessing freed bad job (git-fixes).
- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom
  powerplay table (git-fixes).
- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay
  table (git-fixes).
- drm/amd/display: Free gamma after calculating legacy transfer
  function (git-fixes).
- drm/amd/display: Do not double-buffer DTO adjustments
  (git-fixes).
- commit c18126a
- drm/i915/gt: Prevent use of engine->wa_ctx after error
  (git-fixes).
- drm/syncobj: Fix use-after-free (git-fixes).
- drm/atomic: put state on error path (git-fixes).
- commit 4cd1094
- ACPI: scan: Make acpi_bus_get_device() clear return pointer
  on error (git-fixes).
- cachefiles: Drop superfluous readpages aops NULL check
  (git-fixes).
- ACPI: scan: Harden acpi_device_add() against device ID overflows
  (git-fixes).
- commit 963543c
- net/mlx5e: ethtool, Fix restriction of autoneg with 56G
  (jsc#SLE-8464).
- net: hns3: fix a phy loopback fail issue (bsc#1154353).
- net: vlan: avoid leaks on register_vlan_dev() failures
  (bsc#1154353).
- bnxt_en: Fix AER recovery (jsc#SLE-8371 bsc#1153274).
- e1000e: bump up timeout to wait when ME un-configures ULP mode
  (jsc#SLE-8100).
- ionic: account for vlan tag len in rx buffer len (bsc#1167773).
- ice, xsk: clear the status bits for the next_to_use descriptor
  (jsc#SLE-7926).
- net: fix proc_fs init handling in af_packet and tls
  (bsc#1154353).
- ice: avoid premature Rx buffer reuse (jsc#SLE-7926).
- net: hns3: remove a misused pragma packed (bsc#1154353).
- commit 465e7d7
- blacklist.conf: Add 08685be7761d powerpc/64s: fix scv entry fallback flush vs interrupt
  No scv support.
- commit 7e491e5
- selftests: net: fib_tests: remove duplicate log test
  (git-fixes).
- net: mscc: ocelot: allow offloading of bridge on top of LAG
  (git-fixes).
- udp: Prevent reuseport_select_sock from reading uninitialized
  socks (git-fixes).
- pNFS: Mark layout for return if return-on-close was not sent
  (git-fixes).
- commit 87c48df
- series.conf: cleanup
- move kabi workaround into patches.kabi:
  patches.suse/ALSA-pcm-fix-hw_rule-deps-kABI.patch
- commit 3eee3e1
- series.conf: refresh
- update upstream references and resort:
  patches.suse/scsi-scsi_transport_srp-Don-t-block-target-in-failfa.patch
  patches.suse/selftests-powerpc-Only-test-lwm-stmw-on-big-endian.patch
- commit 5218f70
- series.conf: cleanup
- move an unsortable patch out of sorted section
  patches.suse/powerpc-Fix-build-error-in-paravirt.h.patch
- commit 0f64295
- drm/tve200: Fix handling of platform_get_irq() error (bsc#1152472)
- commit 8541d40
- drm/mcde: Fix handling of platform_get_irq() error (bsc#1152472)
- commit 60b9525
- drm/dp_aux_dev: check aux_dev before use in (bsc#1152472)
- commit 21532d2
- drm/aspeed: Fix Kconfig warning & subsequent build errors (bsc#1152472)
- commit 3d14ba8
- drm/gma500: fix double free of gma_connector (bsc#1152472)
  Backporting notes:
  * context changes
- commit 2ce14eb
- drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (bsc#1152472)
- commit 103a121
- iio: ad5504: Fix setting power-down state (git-fixes).
- serial: mvebu-uart: fix tx lost characters at power off
  (git-fixes).
- usb: udc: core: Use lock when write to soft_connect (git-fixes).
- usb: gadget: aspeed: fix stop dma register setting (git-fixes).
- commit 4d850d2
- blacklist.conf: Append 'drm/vc4: gem: Add a managed action to cleanup the job queue'
- commit ce3d22f
- blacklist.conf: Append 'drm/vc4: bo: Add a managed action to cleanup the cache'
- commit 2cf161b
- bpf: Fix helper bpf_map_peek_elem_proto pointing to wrong
  callback (bsc#1155518).
- bpf: Don't leak memory in bpf getsockopt when optlen == 0
  (bsc#1155518).
- commit 609f544
- i2c: octeon: check correct size of maximum RECV_LEN packet
  (git-fixes).
- commit 54a675e
- ALSA: pcm: fix hw_rule deps kABI (bsc#1181014).
- commit 3c80769
- ALSA: pcm: One more dependency for hw constraints (bsc#1181014).
- commit d71290f
- mmc: core: don't initialize block size from ext_csd if not
  present (git-fixes).
- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
- platform/x86: intel-vbtn: Drop HP Stream x360 Convertible PC
  11 from allow-list (git-fixes).
- platform/x86: i2c-multi-instantiate: Don't create platform
  device for INT3515 ACPI nodes (git-fixes).
- commit 9c2a03f
- timers: Use only bucket expiry for base->next_expiry value
  (bsc#1181318).
- timers: Preserve higher bits of expiration on index calculation
  (bsc#1181318).
- commit f60f618
- s390/cio: fix use-after-free in ccw_device_destroy_console
  (git-fixes).
- commit d3e26e8
- KVM: s390: pv: Mark mm as protected after the set secure
  parameters and improve cleanup (jsc#SLE-7512 bsc#1165545).
- commit 719d24b
- net/af_iucv: set correct sk_protocol for child sockets
  (git-fixes).
- net/af_iucv: fix null pointer dereference on shutdown
  (bsc#1179567 LTC#190111).
- commit ddc328b
- s390/dasd: fix hanging device offline processing (bsc#1181169
  LTC#190914).
- commit 9b7644e
- ALSA: hda: Add Cometlake-R PCI ID (git-fixes).
- ALSA: seq: oss: Fix missing error check in
  snd_seq_oss_synth_make_info() (git-fixes).
- ALSA: hda/via: Add minimum mute flag (git-fixes).
- ALSA: hda/realtek - Limit int mic boost on Acer Aspire E5-575T
  (git-fixes).
- commit 70d9202
- Move upstreamed sound patches into sorted section
- commit f5195da
- blacklist.conf: Add entries for platform/x86/intel-vbtn that are reverted
- commit 5482ef1
- platform/x86: intel-vbtn: Fix SW_TABLET_MODE always reporting
  1 on some HP x360 models (git-fixes).
- commit d6ac163
- power: vexpress: add suppress_bind_attrs to true (git-fixes).
- commit bb22b7b
- btrfs: send: fix wrong file path when there is an inode with
  a pending rmdir (bsc#1181237).
- commit be4e71d
- media: dvb-usb: Fix use-after-free access (bsc#1181104).
- media: dvb-usb: Fix memory leak at error in
  dvb_usb_device_init() (bsc#1181104).
- commit 3a92626
- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
- mac80211: check if atf has been disabled in
  __ieee80211_schedule_txq (git-fixes).
- mac80211: do not drop tx nulldata packets on encrypted links
  (git-fixes).
- commit dfeeb94
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
  (bsc#1181220).
- iommu/vt-d: Fix a bug for PDP check in prq_event_thread
  (bsc#1181217).
- vfio/pci: Implement ioeventfd thread handler for contended
  memory lock (bsc#1181219).
- KVM: nVMX: Reload vmcs01 if getting vmcs12's pages fails
  (bsc#1181218).
- commit 517d1e9
- Update patches.suse/selftests-ftrace-Select-an-existing-function-in-kpro.patch (bsc#1181203 ltc#190909).
- commit e5512d0
- drm/sun4i: dw-hdmi: fix error return code in sun8i_dw_hdmi_bind() (bsc#1152472)
- commit d0d0905
- drm: bridge: dw-hdmi: Avoid resetting force in the detect function (bsc#1152472)
- commit 9ad528c
- drm/i915: Correctly set SFC capability for video engines (bsc#1152489)
  Backporting notes:
  * context changes
- commit d15d9b1
- ALSA: usb-audio: Fix hw constraints dependencies (bsc#1181014).
- commit 58d7b94
- spi: cadence: cache reference clock rate during probe
  (git-fixes).
- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
- usb: typec: Fix copy paste error for NVIDIA alt-mode description
  (git-fixes).
- hwmon: (pwm-fan) Ensure that calculation doesn't discard big
  period values (git-fixes).
- ACPI: scan: add stub acpi_create_platform_device() for
  !CONFIG_ACPI (git-fixes).
- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
- commit 01db302
- selftests/ftrace: Select an existing function in
  kprobe_eventname test (bsc#1179396 ltc#185738).
- commit 3e9ea6f
- selftests/powerpc: spectre_v2 test must be built 64-bit
  (bsc#1181158 ltc#190851).
- commit 52f3d6b
- Update
  patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0007-xen-pvcallsback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
  (CVE-2020-27675 XSA-331 bsc#1177410).
- Added CVE numbers for above patches.
- commit 3b60580
- selftests/powerpc: Move set_dscr() into rfi_flush.c (bsc#1181158
  ltc#190851).
- selftests/powerpc: Move Hash MMU check to utilities (bsc#1181158
  ltc#190851).
- selftests/powerpc: Add a test of bad (out-of-range) accesses
  (bsc#1181158 ltc#190851).
- Refresh patches.suse/selftests-powerpc-Add-tlbie_test-in-.gitignore.patch.
- selftests/powerpc: Add a test of spectre_v2 mitigations
  (bsc#1181158 ltc#190851).
- Refresh patches.suse/selftests-powerpc-entry-flush-test.patch.
- selftests/powerpc: Ignore generated files (bsc#1181158
  ltc#190851).
- commit f53f10b
- selftests/powerpc: Only test lwm/stmw on big endian (bsc#1180412
  ltc#190579).
- commit 21bd682
- powerpc: Fix build error in paravirt.h (bsc#1181148 ltc#190702).
- commit 251d2f4
- Exclude Symbols.list again.
  Removing the exclude builds vanilla/linux-next builds.
  Fixes: 55877625c800 ("/kernel-binary.spec.in: Package the obj_install_dir as explicit filelist."/)
- commit a1728f2
- powerpc/paravirt: Use is_kvm_guest() in vcpu_is_preempted()
  (bsc#1181148 ltc#190702).
- powerpc: Reintroduce is_kvm_guest() as a fast-path check
  (bsc#1181148 ltc#190702).
- powerpc: Rename is_kvm_guest() to check_kvm_guest() (bsc#1181148
  ltc#190702).
- powerpc: Refactor is_kvm_guest() declaration to new header
  (bsc#1181148 ltc#190702).
- commit 17fe8f8
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- commit ab10a7d
- arm64: pgtable: Ensure dirty bit is preserved across
  pte_wrprotect() (bsc#1180130).
- arm64: pgtable: Fix pte_accessible() (bsc#1180130).
- commit 585bbd5
- Revive usb-audio Keep Interface mixer (bsc#1181014).
- commit 80020db
- netfilter: ctnetlink: add a range check for l3/l4 protonum
  (CVE-2020-25211 bsc#1176395).
- commit ebf5e43
- fix patches metadata
- fix Patch-mainline:
  patches.suse/NFS-nfs_delegation_find_inode_server-must-first-refe.patch
  patches.suse/NFS-nfs_igrab_and_active-must-first-reference-the-su.patch
  patches.suse/NFS-pNFS-Fix-a-leak-of-the-layout-plh_outstanding-co.patch
  patches.suse/NFS-pNFS-Fix-a-typo-in-ff_layout_resend_pnfs_read.patch
  patches.suse/NFS-switch-nfsiod-to-be-an-UNBOUND-workqueue.patch
  patches.suse/NFS4-Fix-use-after-free-in-trace_event_raw_event_nfs.patch
  patches.suse/NFSv4-Fix-the-alignment-of-page-data-in-the-getdevic.patch
  patches.suse/NFSv4.2-condition-READDIR-s-mask-for-security-label-.patch
  patches.suse/Revert-nfsd4-support-change_attr_type-attribute.patch
  patches.suse/SUNRPC-Clean-up-the-handling-of-page-padding-in-rpc_.patch
  patches.suse/SUNRPC-rpc_wake_up-should-wake-up-tasks-in-the-corre.patch
  patches.suse/lockd-don-t-use-interval-based-rebinding-over-TCP.patch
  patches.suse/md-fix-a-warning-caused-by-a-race-between-concurrent.patch
  patches.suse/net-sunrpc-Fix-snprintf-return-value-check-in-do_xpr.patch
  patches.suse/net-sunrpc-interpret-the-return-value-of-kstrtou32-c.patch
  patches.suse/nfs_common-need-lock-during-iterate-through-the-list.patch
  patches.suse/nfsd-Fix-message-level-for-normal-termination.patch
  patches.suse/sunrpc-fix-xs_read_xdr_buf-for-partial-pages-receive.patch
- commit f5dfabc
- fix patches metadata
- fix Patch-mainline:
  patches.suse/kprobes-tracing-kprobes-Fix-to-kill-kprobes-on-initmem-after-boot.patch
  patches.suse/mm-vmalloc-Fix-unlock-order-in-s_stop.patch
- commit 8ea9f59
- Refresh
  patches.suse/0011-x86-hpet-Move-MSI-support-into-hpet.c.patch.
- Update
  patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch
  (git-fixes bsc#1180889).
  Add missing hunks in the e3beca48a45b's backport.
- commit 977a539
- Update
  patches.suse/tun-correct-header-offsets-in-napi-frags-mode.patch
  (git-fixes bsc#1180812 CVE-2021-0342).
  Added CVE reference
- commit 0059c1d
- NFS: nfs_igrab_and_active must first reference the superblock
  (for-next).
- NFS: nfs_delegation_find_inode_server must first reference
  the superblock (for-next).
- NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter
  (for-next).
- net: sunrpc: interpret the return value of kstrtou32 correctly
  (for-next).
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
  (for-next).
- NFS/pNFS: Fix a typo in ff_layout_resend_pnfs_read() (for-next).
- sunrpc: fix xs_read_xdr_buf for partial pages receive
  (for-next).
- NFS: switch nfsiod to be an UNBOUND workqueue (for-next).
- lockd: don't use interval-based rebinding over TCP (for-next).
- net: sunrpc: Fix 'snprintf' return value check in
  'do_xprt_debugfs' (for-next).
- SUNRPC: Clean up the handling of page padding in
  rpc_prepare_reply_pages() (for-next).
- NFSv4: Fix the alignment of page data in the getdeviceinfo reply
  (for-next).
- NFSv4.2: condition READDIR's mask for security label based on
  LSM state (for-next).
- SUNRPC: rpc_wake_up() should wake up tasks in the correct order
  (for-next).
- md: fix a warning caused by a race between concurrent
  md_ioctl()s (for-next).
- Revert "/nfsd4: support change_attr_type attribute"/ (for-next).
- nfs_common: need lock during iterate through the list
  (for-next).
- nfsd: Fix message level for normal termination (for-next).
- commit 685e8f2
- x86/cpu/amd: Call init_amd_zn() om Family 19h processors too
  (bsc#1181077).
- commit a71f120
- blacklist.conf: No in-tree users of the table
- commit 9c6c6be
- kprobes: tracing/kprobes: Fix to kill kprobes on initmem after
  boot (git fixes (kernel/kprobe)).
- commit 47f3848
- blacklist.conf: UP not enabled in kernel config
- commit c97848a
- mm/vmalloc: Fix unlock order in s_stop() (git fixes
  (mm/vmalloc)).
- commit 70dafb3
- blacklist.conf: nilfs2 not enabled in kernel config
- commit 409ae2f
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
  (git-fixes).
- s390/qeth: fix locking for discipline setup / removal
  (git-fixes).
- s390/qeth: fix deadlock during recovery (git-fixes).
- s390/dasd: fix list corruption of lcu list (git-fixes).
- s390/dasd: fix list corruption of pavgroup group list
  (git-fixes).
- s390/dasd: prevent inconsistent LCU device data (git-fixes).
- s390/smp: perform initial CPU reset also for SMT siblings
  (git-fixes).
- s390/kexec_file: fix diag308 subcode when loading crash kernel
  (git-fixes).
- s390/qeth: consolidate online/offline code (git-fixes).
- s390/qeth: don't raise NETDEV_REBOOT event from L3 offline path
  (git-fixes).
- commit 22371f9
- blacklist.conf: 78762b0e79bc x86/asm/32: Add ENDs to some functions and relabel with SYM_CODE_*
- commit 2b5cd2a
- ALSA: usb-audio: Avoid implicit feedback on Pioneer devices
  (bsc#1181014).
- ALSA: usb-audio: Set sample rate for all sharing EPs on UAC1
  (bsc#1181014).
- ALSA: usb-audio: Fix UAC1 rate setup for secondary endpoints
  (bsc#1181014).
- ALSA: usb-audio: Always apply the hw constraints for implicit
  fb sync (bsc#1181014).
- commit b78b9c6
- Revert dwc3 series.
  As of now, this recently merged series fails to build without the kabi
  workaround which would break SLE15-SP3 merge. Drop the patches until the
  build failure is fixed.
- commit a8aaab2
- drivers/perf: Fix kernel panic when rmmod PMU modules during
  perf sampling (bsc#1180848).
- commit 8584e95
- Drop incorrectly re-backported radeon patch again (bsc#1180971)
  Also add cherry-picked commit ids in the two relevant patches
- commit bb3221b
- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180809).
- commit 953316b
- blacklist.conf: 035fff1f7aab x86/PCI: Fix intel_mid_pci.c build error when ACPI is not enabled
- commit e52f15d
- x86/kprobes: Restore BTF if the single-stepping is cancelled
  (bsc#1152489).
- commit f89b6b0
- kABI fixup for dwc3 introduction of DWC_usb32 (git-fixes).
- commit 03d1108
- ALSA: doc: Fix reference to mixart.rst (git-fixes).
- commit b4c3583
- ASoC: meson: axg-tdm-interface: fix loopback (git-fixes).
- ASoC: dapm: remove widget from dirty list on free (git-fixes).
- ASoC: Intel: fix error code cnl_set_dsp_D0() (git-fixes).
- commit 04a1c91
- ALSA: hda/hdmi - enable runtime pm for CI AMD display audio
  (git-fixes).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
  (git-fixes).
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
  (git-fixes).
- ALSA: hda/tegra: fix tegra-hda on tegra30 soc (git-fixes).
- clk: tegra30: Add hda clock default rates to clock driver
  (git-fixes).
- ALSA: usb-audio: Fix implicit feedback sync setup for Pioneer
  devices (git-fixes).
- ALSA: usb-audio: Annotate the endpoint index in audioformat
  (git-fixes).
- ALSA: usb-audio: Avoid unnecessary interface re-setup
  (git-fixes).
- ALSA: usb-audio: Choose audioformat of a counter-part substream
  (git-fixes).
- ALSA: usb-audio: Fix the missing endpoints creations for quirks
  (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machines (git-fixes).
- commit db30ae4
- x86/apic: Fix x2apic enablement without interrupt remapping
  (bsc#1152489).
- commit a8a5227
- netfilter: add and use nf_hook_slow_list() (bsc#1180765
  CVE-2021-20177).
- commit 465dae1
- Refresh patches.suse/edac-amd64-add-amd-family-17h-model-60h-pci-ids.patch.
  Complete the backport now that
  5e4c55276ae8 ("/EDAC/amd64: Save max number of controllers to family type"/)
  has been backported too.
- commit f6cb75f
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- commit f699093
- usb: dwc3: Update soft-reset wait polling rate (git-fixes).
- commit 227b9e8
- drivers/perf: hisi: Permit modular builds of HiSilicon uncore drivers (bsc#1180848). - Update config files. - supported.conf:
- commit 3ceea3c
- scsi: scsi_transport_srp: Don't block target in failfast state
  (bsc#1172355).
- commit 4d51a17
- xen: support having only one event pending per watch
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit b454020
- xen: revert Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 7a45cd4
- xen: revert Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit b9e03df
- xen: revert Support will_handle watch callback (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 3082598
- xen: revert Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 9d4ca48
- video: fbdev: atmel_lcdfb: fix return error code in
  atmel_lcdfb_of_init() (git-fixes).
- video: fbdev: vga16fb: fix setting of pixclock because a
  pass-by-value error (git-fixes).
- video: fbdev: pvr2fb: initialize variables (git-fixes).
- video: fbdev: fix OOB read in vga_8planes_imageblit()
  (git-fixes).
- commit 7cdcf45
- xen: revert Disallow pending watch messages (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit a948c9f
- usb: gadget: enable super speed plus (git-fixes).
- USB: serial: option: add LongSung M5710 module support
  (git-fixes).
- USB: serial: option: add Quectel EM160R-GL (git-fixes).
- usb: uas: Add PNY USB Portable SSD to unusual_uas (git-fixes).
- usb: gadget: configfs: Fix use-after-free issue with udc_name
  (git-fixes).
- USB: usblp: fix DMA to stack (git-fixes).
- usb: gadget: Fix spinlock lockup on usb_function_deactivate
  (git-fixes).
- usb: gadget: function: printer: Fix a memory leak for interface
  descriptor (git-fixes).
- USB: cdc-wdm: Fix use after free in
  service_outstanding_interrupt() (git-fixes).
- USB: cdc-acm: blacklist another IR Droid device (git-fixes).
- crypto: asym_tpm: correct zero out potential secrets
  (git-fixes).
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- CDC-NCM: remove "/connected"/ log message (git-fixes).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
  (git-fixes).
- lib/genalloc: fix the overflow when size is too big (git-fixes).
- Bluetooth: revert: hci_h5: close serdev device and free hu in
  h5_close (git-fixes).
- commit 052b915
- fix patch metadata
- fix Patch-mainline:
  patches.suse/sched-fair-Check-for-idle-core-in-wake_affine.patch
- commit b5830a4
- blacklist.conf: 4f8af077a02e docs: Fix reST markup when linking to sections
- commit 28e1ebf
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- commit 777b42e
- x86/resctrl: Don't move a task to the same resource group
  (bsc#1152489).
- commit 8a696c5
- x86/resctrl: Use an IPI instead of task_work_add() to update
  PQR_ASSOC MSR (bsc#1152489).
- commit 309f3cb
- x86/mtrr: Correct the range check before performing MTRR type
  lookups (bsc#1152489).
- commit 41cceca
- x86/mm: Fix leak of pmd ptlock (bsc#1152489).
- commit cb571f0
- btrfs: fix missing delalloc new bit for new delalloc ranges
  (bsc#1180773).
- btrfs: make btrfs_dirty_pages take btrfs_inode (bsc#1180773).
- btrfs: make btrfs_set_extent_delalloc take btrfs_inode
  (bsc#1180773).
- commit fba9b10
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
  CVE-2020-27835).
- IB/hfi1: Remove module parameter for KDETH qpns (bsc#1179878).
- IB/hfi1: Remove kobj from hfi1_devdata (bsc#1179878).
- commit 79bac5c
- regmap: debugfs: Fix a reversed if statement in
  regmap_debugfs_init() (git-fixes).
- commit 6e1e482
- USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
- usb: gadget: configfs: Preserve function ordering after bind
  failure (git-fixes).
- usb: gadget: select CONFIG_CRC32 (git-fixes).
- usb: usbip: vhci_hcd: protect shift size (git-fixes).
- usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
- usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
  completion (git-fixes).
- USB: yurex: fix control-URB timeout handling (git-fixes).
- usb: chipidea: ci_hdrc_imx: add missing put_device() call in
  usbmisc_get_init_data() (git-fixes).
- usb: gadget: u_ether: Fix MTU size mismatch with RX packet size
  (git-fixes).
- USB: gadget: legacy: fix return error code in acm_ms_bind()
  (git-fixes).
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
  quirk set (git-fixes).
- staging: mt7621-dma: Fix a resource leak in an error handling
  path (git-fixes).
- dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
  (git-fixes).
- dmaengine: xilinx_dma: fix incompatible param warning in
  _child_probe() (git-fixes).
- dmaengine: xilinx_dma: check dma_async_device_register return
  value (git-fixes).
- dmaengine: dw-edma: Fix use after free in dw_edma_alloc_chunk()
  (git-fixes).
- dmaengine: mediatek: mtk-hsdma: Fix a resource leak in the
  error handling path of the probe function (git-fixes).
- i2c: i801: Fix the i2c-mux gpiod_lookup_table not being properly
  terminated (git-fixes).
- i2c: sprd: use a specific timeout to avoid system hang up issue
  (git-fixes).
- wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
- wil6210: select CONFIG_CRC32 (git-fixes).
- crypto: ecdh - avoid buffer overflow in ecdh_set_secret()
  (git-fixes).
- spi: stm32: FIFO threshold level - fix align packet size
  (git-fixes).
- regmap: debugfs: Fix a memory leak when calling
  regmap_attach_dev (git-fixes).
- dmaengine: at_hdmac: add missing kfree() call in at_dma_xlate()
  (git-fixes).
- dmaengine: at_hdmac: add missing put_device() call in
  at_dma_xlate() (git-fixes).
- dmaengine: at_hdmac: Substitute kzalloc with kmalloc
  (git-fixes).
- commit da0ba2f
- sched/fair: Check for idle core in wake_affine (git fixes
  (sched)).
- commit 2caffed
- arm64: mm: Fix ARCH_LOW_ADDRESS_LIMIT when !CONFIG_ZONE_DMA
  (git-fixes).
- commit 52bc22f
- blacklist.conf: 2c2b3ad2c4c8 ("/spi: spi-fsl-dspi: Use max_native_cs
  instead of num_chipselect to set SPI_MCR"/)
  Depends on 7d93aecdb58d4 ("/spi: Add generic support for unused native cs
  with cs-gpios"/) which at the moment is not worth back-porting as it'll
  break kABI.
- commit bafcdfd
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
  (bsc#1179509 XSA-350 CVE-2020-29569).
- commit 552ca06
- xenbus/xenbus_backend: Disallow pending watch messages
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit b293dfc
- xen/xenbus: Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit d8a62d9
- xen/xenbus/xen_bus_type: Support will_handle watch callback
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 8be4352
- xen/xenbus: Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 4383a8c
- xen/xenbus: Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit ec8d064
- drm: bail out of nouveau_channel_new if channel init fails
  (CVE-2020-25639 bsc#1176846).
- commit 1ef70aa
- nvme-multipath: fix bogus request queue reference put
  (bsc#1175389).
- commit ef51578
- Move "/btrfs: qgroup: don't try to wait flushing if we're already holding
  a transaction (bsc#1179575)."/ to sorted section
- commit 464edf7
- Refresh patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch.
  Refresh to v2 URL
- commit 82e37f2
- blacklist.conf: 44623b2818f4 crypto: x86/crc32c - fix building with clang ias
- commit 4260c52
- x86/mm/numa: Remove uninitialized_var() usage (bsc#1152489).
- commit ec737c3
- series.conf: refresh
- update upstream reference and resort:
  patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch
- commit c554179
- Update kabi files.
- update from January 2021 maintenance update submission (commit 4ff469b6e1a0)
- commit a9bc2aa
- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io
  (git-fixes).
- commit e4eab60
- ALSA: hda/realtek - Modify Dell platform name (git-fixes).
- ALSA: hda/realtek - Supported Dell fixed type headset
  (git-fixes).
- ALSA: hda/realtek: Remove dummy lineout on Acer TravelMate
  P648/P658 (git-fixes).
- commit 5e10442
- r8169: work around power-saving bug on some chip versions
  (git-fixes).
- ALSA: pcm: Clear the full allocated memory at hw_params
  (git-fixes).
- rtc: pl031: fix resource leak in pl031_probe (git-fixes).
- rtc: sun6i: Fix memleak in sun6i_rtc_clk_init (git-fixes).
- i3c master: fix missing destroy_workqueue() on error in
  i3c_master_register (git-fixes).
- misc: vmw_vmci: fix kernel info-leak by initializing dbells
  in vmci_ctx_get_chkpt_doorbells() (git-fixes).
- xhci: Give USB2 ports time to enter U3 in bus suspend
  (git-fixes).
- USB: dummy-hcd: Fix uninitialized array use in init()
  (git-fixes).
- Bluetooth: hci_h5: close serdev device and free hu in h5_close
  (git-fixes).
- media: gp8psk: initialize stats at power control logic
  (git-fixes).
- staging: wlan-ng: fix out of bounds read in
  prism2sta_probe_usb() (git-fixes).
- commit 57824b9
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
- ALSA: usb-audio: Add quirk for RC-505 (git-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP EliteBook
  850 G7 (git-fixes).
- ALSA: hda/realtek: Add two "/Intel Reference board"/ SSID in
  the ALC256 (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for more HP laptops
  (git-fixes).
- ALSA: hda/conexant: add a new hda codec CX11970 (git-fixes).
- ALSA: usb-audio: Add quirk for BOSS AD-10 (git-fixes).
- ALSA: usb-audio: Fix UBSAN warnings for MIDI jacks (git-fixes).
- ALSA: hda/realtek - Fix speaker volume control on Lenovo C940
  (git-fixes).
- commit 3b01e24
- Refresh patches.suse/nvme-fc-avoid-calling-_nvme_fc_abort_outstanding_ios-from-interrupt-context.patch
  Fix commit hash
- commit fdfd462
- Refresh patch metadata.
- Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch.
- commit 45ce7d1
- lib/string: remove unnecessary #undefs (git-fixes).
- bitmap: remove unused function declaration (git-fixes).
- swiotlb: using SIZE_MAX needs limits.h included (git-fixes).
- swiotlb: fix "/x86: Don't panic if can not alloc buffer for
  swiotlb"/ (git-fixes).
- kdb: Fix pager search for multi-line strings (git-fixes).
- kgdb: Drop malformed kernel doc comment (git-fixes).
- commit 28d99cb
- EDAC/amd64: Fix PCI component registration (bsc#1152489).
- commit 6c4ae9b
- drivers/base/memory.c: indicate all memory blocks as removable
  (bsc#1180264).
- commit 64673b1
- blacklist.conf: two git-fixes that break kabi too much
- commit 7df1e74
- prom_init: enable verbose prints (bsc#1178142 bsc#1180759).
- commit c0bbedb
open-iscsi
- Update to latest upstream (no new tag yet). To fix
  bsc#1181313. Changes since last update added to
  open-iscsi-SUSE-latest.diff.bz2:
  * Fix iscsiadm segfault when exiting
  * iscsid: Add NO_SYSTEMD to CFLAGS
  * Change mkdir permissions to 0770, adjust usmask
  * Fix typo in util.py
  * iscsid: Do not allow conflicting pid-file options
  * iscsiadm: Fix memory leak in iscsiadm
  * libopeniscsiusr: Fix memory leak in iscsi_sessions_get()
  * libopeniscsiusr: Fix memory leak in iscsi_nodes_get()
  * idbm: Fix memory leak and NULL pointer dereference in idbm_rec_update_param()
  * Add etc/systemd/iscsi-init.service to SYSTEMDFILES Makefile variable
openssh
- Update openssh-8.1p1-audit.patch (bsc#1180501). This fixes
  occasional crashes on connection termination caused by accessing
  freed memory.
pam
- Create macros.pam with definition of %_pamdir so packages which
  are commonly shared between Factory and SLE can use this macro
  [pam.spec]
python-Jinja2
- Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244)
- CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have
  been called with untrusted user data (bsc#1181944).
  Added CVE-2020-28493.patch
python3
- Resync with python36 Factory package.
- Make this %primary_interpreter
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Change setuptools and pip version numbers according to new
  wheels (bsc#1179756).
release-notes-sles
- 15.2.20210217 (tracked in bsc#1182359)
- Added note about Idaville uncore support (jsc#SLE-7957)
- Added note about removal of software scrollback (bsc#1176235)
- Added note about AutoYaST profile changes (bsc#1178261)
- Added note about exception to recommending TLS 1.3 (bsc#1181043)
- Added note about deprecating LXC containers (jsc#SLE-16660)
- 15.2.20210127 (tracked in bsc#1181476)
- Added back OpenLDAP note from SLES 15 GA (jsc#SLE-16552)
- Added note about update of golang-packaging package (jsc#SLE-12475)
- Fixed link to 'seccheck' documentation (bsc#1180078)
- Replaced invalid entity slesa (fixed bsc#1180647)
salt
- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
- Added:
  * fix_regression_in_cmd_run_after_cve.patch
- Allow extra_filerefs as sanitized kwargs for SSH client
- Added:
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
- Fix errors with virt.update
- Added:
  * backport-commit-1b16478c51fb75c25cd8d217c80955feefb6.patch
- Fix for multiple for security issues
  (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)
  (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)
  (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)
  (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
- Added:
  * fix-for-some-cves-bsc1181550.patch
- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
  Fix virtual network generated DNS XML for SRV records
  Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
  * open-suse-3002.2-xen-grub-316.patch
  * virt-uefi-fix-backport-312.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
- Revert wrong zypper patch to support vendorchanges flags on pkg.install
- Adjusted python2-cherrypy naming in salt-api. (#40)
- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Add pkg.services_need_restart
- Bigvm backports
  virt consoles, CPU tuning and topology, and memory tuning.
- Fix for file.check_perms to work with numeric uid/gid
- change 'Requires(pre)' to 'Requires' for salt-minion package (bsc#1083110)
- Added:
  * force-zyppnotify-to-prefer-packages.db-than-packages.patch
  * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
  * opensuse-3000-bigvm-backports-300.patch
  * revert-add-patch-support-for-allow-vendor-change-opt.patch
  * add-patch-support-for-allow-vendor-change-option-wit.patch
  * add-pkg.services_need_restart-302.patch
screen
- Fix double width combining char handling that could lead
  to a segfault [bnc#1182092] [CVE-2021-26937]
  new patch: combchar.diff
tcl
- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc.
yast2
- Do not use the 'installation-helper' binary to create snapshots
  during installation or offline upgrade (bsc#1180142).
- Add a new exception to properly handle exceptions
  when reading/writing snapshots numbers (related to bsc#1180142).
- 4.2.92
yast2-firewall
- Add to firewall/security proposal option to setup selinux if
  given product require it. (jsc#SLE-17427)
- 4.2.6
yast2-installation
- Do not crash when it is not possible to create a snapshot after
  installing or upgrading the system (bsc#1180142).
- 4.2.49
yast2-network
- Improve the AutoYaST interfaces reader handling better the IP
  Addresses configuration. (bsc#1174353, bsc#1178107)
- 4.2.91
yast2-packager
- Show correct number of downloaded packages in log (bsc#1180278)
- 4.2.69
- Fix crash when installation proposal require pattern and such
  pattern is not available in any repository (found during testing
  jsc#SLE-17427)
- 4.2.68
yast2-security
- Move SELinux .autorelabel file from / to /etc/selinux if root
  filesystem will be mounted as read only (jsc#SLE-17307).
- 4.2.19
- AutoYaST: add support for SELinux configuration (jsc#SMO-20,
  jsc#SLE-17342).
- 4.2.18
- Avoid crashing when the SELinux configuration file does not
  exist yet (jsc#SMO-20, jsc#SLE-17342).
- 4.2.17
- Improve the class for handling the SELinux configuration.
- Saves the SELinux mode in the configuration file (jsc#SMO-20,
  jsc#SLE-17342).
- 4.2.16
- Add class for managing SELinux configuration at boot time
  (jsc#SMO-20, jsc#SLE-17342).
- 4.2.15
yast2-update
- Do not rely on the 'installation-helper' binary to create
  snapshots after installation or offline upgrade (bsc#1180142).
- Do not crash when it is not possible to create a snapshot before
  upgrading the system (related to bsc#1180142).
- 4.2.21