HANA-Firewall
- Adaption to new go compiler behavior regarding test and build
  (bsc#1197697)
Mesa
- previous change didn't have any effect; default driver for Intel
  Gen8-11 hardware was already "/i965"/ since Mesa 20.x still checked
  for option 'prefer-iris' and gallium iris driver build to make it
  default - which is only true in Mesa-drivers, but not in Mesa
  build; let's just remove this confusing "/-Dprefer-iris=false"/
  option (boo#1202850, comment#29)
- change default driver from 'iris' back to 'i965' for Intel
  Gen8-11 hardware; that way we also use the same driver used by X
  and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
NetworkManager
- Add 0001-supplicant-interface-Match-more-ciphers-to-determine.patch:
  supplicant/interface: Match more ciphers todetermine AP security
  (glfo#NetworkManager/NetworkManager/commit/e0191320, bsc#1198381);
- Add 0001-rdisc-fix-parsing-ndp_msg_opt_dnssl_lifetime-from-IP.patch:
  rdisc: fix parsing ndp_msg_opt_dnssl_lifetime() from IPv6 RA
  (bsc#1195222).
- Add 0001-ndisc-don-t-artificially-extend-the-lifetime-of-DNSS.patch:
  ndisc: don't artificially extend the lifetime of DNSSL/RDNSS
  options (bsc#1195222).
- Add NetworkManager-RFC8106.patch: Backport upstream fixes to
  implement RFC 8106(glfo#NetworkManager/NetworkManager#874,
  bsc#1195173).
SAPHanaSR
- SAPHanaSR-monitor not reporting correctly
  (bsc#1192963)
  add patch:
    0001-bsc-1192963.patch
- Version bump to 0.161.1_BF
- add the required 'xmllint' to the package
  (bsc#1201945)
- changes to the demote_clone function of the resource agent:
  if the role is '1:P' (topology agent run into timeouts) the
  function fail with rc=1, to get the managed resource stopped
  changes to the stop_clone function of the topology agent:
  call landscapeHostConfiguration.py and set the roles as they were
  reported. If the command timed out, set the role to '1:P' and
  return 1 to get the node fenced.
  The used timeout for the landscapeHostConfiguration.py call can
  be configured by the cluster action timeout, if needed. It will
  be 50% of the action timeout or the minimum of 300s.
  (bsc#1198127)
- add new HA/DR provider hook susChkSrv
  (jsc#PED-1241, jsc#PED-1240)
- add new tool SAPHanaSR-manageProvider to show, add and delete
  HA/DR provider sections in the global.ini of SAP HANA.
- update suse icon to new branding
- Version bump to 0.160.1
- fix HANA_CALL function to support MCOS environments again
  (bsc#1198780)
- fix SAPHanaSR-replay-archive to handle hb_report archives again
  (bsc#1198897)
- add HANA_CALL_TIMEOUT parameter back to the resource agents and
  read the setting from the cluster configuration, if available.
  Defaults to '60'.
  Related to github issue#36
- add new HA/DR provider hook susTkOver
  (jsc#SLE-16347)
- add new hook script for SAP HANA System Replication Scale-Up Cost
  Optimized Scenario.
  (jsc#SLE-18613)
- add a new instance parameter 'REMOVE_SAP_SOCKETS'.
  It is an optional parameter and defaults to 'true'. Now you can
  control, if the RA should remove the unix domain sockets related
  to sapstartsrv before (re-)start sapstartsrv or if it should try
  to adjust the permissions and ownership of these files instead.
- Version bump to 0.155.0
- Add systemd support for the resource agent to interact with the
  new SAP unit files for sapstartsrv.
  As the new version of the SAP Startup Framework will use systemd
  unit files to control the sapstartsrv process instead of the
  previous used SysV init script, we need to adapt the handling of
  sapstartsrv inside the resource agents to support both ways.
  (bsc#1189530, bsc#1189531)
- The resource start and stop timeout is now configurable by
  increasing the timeout for the action 'start' and/or 'stop'.
  We will use 95% of this action timeouts to calculate the new
  resource start and stop timeout for the 'WaitforStarted' and
  'WaitforStopped' functions. If the new, calculated timeout value
  is less than '3600', it will be set to '3600', so that we do not
  decrease this timeout by accident
  (bsc#1182545)
- change promotion scoring during maintenance procedure to prevent
  that both sides have an equal promotion scoring after refresh
  which might result in a critical promotion of the secondary.
  (bsc#1174557)
- update of man page SAPHanaSR.py.7 - correct the supported HANA
  version.
  (bsc#1182201)
- if the $hdbState command fails to retrieve the current state of
  the System Replication, the resource agent now uses the
  system_replication/actual_mode attribute (if available) from the
  global.ini file as a fallback.
  This should prevent some confusing and misleading log messages
  during a takeover and solves the problem of a not working
  takeover back (after a successful first takeover)
  (bsc#1181765)
- add dedicated logging of HANA_CALL problems. So it will be now
  possible to identify, if the called hana command or the needed
  su command throws the error and for further hints we log the
  stderr output.
  Additional it is possible to get regular log messages for the
  used commands, their return code and their stderr output by
  enabling the 'debug' mode of the resource agents.
  (bsc#1182774)
SUSEConnect
- Update to 0.3.36
- Allow suseconnect-keepalive.service to recognize a configured proxy. (bsc#1200994)
- Remove the `WantedBy` statement from suseconnect-keepalive.service since it's only to be triggered by a systemd timer.
- SUSEConnect will now ensure that the `PROXY_ENABLED` environment variable is honored.
- Write services with ssl_verify=no when using connect with insecure
- Update to 0.3.35
- Rely on system-wide defaults for enabling the keepalive timer by systemd-presets-branding-SLE. (bsc#1200641)
- Update to 0.3.34
- Manage the `System-Token` header. The `System-Token` header as delivered by
  SCC will be stored inside of the credentials file for later use on API calls.
  This way we add system clone detection for systems using this version of SUSE
  Connect.
- Update to 0.3.33
- Add --keepalive command to send pings to SCC.
- Add service/timer to periodically call --keepalive command to make system
  information in SCC and proxies more accurate. (bsc#1196076)
aaa_base
- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
  * The wrapper rootsh is not a restricted shell (bsc#1199492)
- fix (bsc#1194883) - aaa_base: Set net.ipv4.ping_group_range to
  allow ICMP ping
- added patches
  + git-40-d004657a244d75b372a107c4f6097b42ba1992d5.patch
- Port change from Thu Sep 30 08:51:55 UTC 2022 forword to
  current version which includes a rename of patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  as otherwise autopatch macro does not work anymore
- Include all fixes and changes for systemwide inputrc to remove
  the 8 bit escape sequence which interfere with UTF-8 multi byte
  characters as well as support the vi mode of readline library.
  This is done with the patches
  * git-41-f00ca2600331602241954533a1b1610d1da57edf.patch
  * git-42-f39a8d18719c3b34373e0e36098f0f404121b5c5.patch
  before the changed patch
    git-13-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  rename it to
    git-43-14003c19eaa863ae9d80a0ebb9b5cab6273a5a9e.patch
  and also add the patches
  * git-44-425f3e9b44ba9ead865d70ff6690d5f2869442dc.patch
  * git-45-bf0a31597d0ed3562bfc5e6be0ade2fe5dc1f7a1.patch
apparmor
- update add-samba-bgqd.diff:  to add new rule to fix 'DENIED' open on
  /proc/{pid}/fd for samba-bgqd (bnc#1196850).
- Add update-usr-sbin-smbd.diff to add new rule to allow reading of
  openssl.cnf (bnc#1195463).
augeas
- add augeas-sysctl_parsing.patch (bsc#1197443)
  * backport original patch and rebase
- support new chrony 4.1 options (jsc#SLE-17334)
  augeas-new_options_for_chrony.patch
autofs
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
  Fix problem with quote handling
  (bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
  Fix locking problem that causes deadlock when sss used.
  (bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
  Suppress portmap calls when port explicitly given
  (bsc#1195697)
autoyast2
- Fix detection disk serial and size in the "/disks"/ ERB helper
  (bsc#1199000).
- Fix rules validation when using a dialog (bsc#1199165).
- 4.3.102
- Respect general/signature-handling settings during the 2nd
  stage (bsc#1197655).
- 4.3.101
- Properly handle the "/dopackages"/ option in the openFile
  method of the AyastSetup module (bsc#1196566).
- 4.3.100
- Avoid login while running AutoYaST init-scripts (bsc#1196594 and
  related to bsc#1195059).
- 4.3.99
- add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910)
- 4.3.98
- Modified init-scripts service dependencies fixing a root login
  systemd timeout when installing with ssh (bsc#1195059)
- 4.3.97
avahi
- Downgrade python3-Twisted to a Recommends. It is not available
  on SLED or PackageHub, and it is only needed by avahi-bookmarks
  (bsc#1196282).
- Add avahi-bookmarks-import-warning.patch: fix warning when
  twisted is not available.
- Replace avahi-0.6.31-systemd-order.patch with
  avahi-add-resolv-conf-to-inotify.patch: re-read configuration
  when resolv.conf changes, per discussion on the bug
  (boo#1194561).
- Have python3-avahi require python3-dbus-python, not the
  python 2 dbus-1-python package (bsc#1195614).
- Reinstate avahi-0.6.31-systemd-order.patch (boo#1194561).
  This can probably go away if/when gh#lathiat/avahi#118 is fixed.
- Drop avahi-0.6.32-suppress-resolv-conf-warning.patch: we should
  no longer need this given the above patch.
- Move sftp-ssh and ssh services to the doc directory. They allow
  a host's up/down status to be easily discovered and should not
  be enabled by default (boo#1179060).
bind
- Security Fixes:
  * Previously, there was no limit to the number of database lookups
  performed while processing large delegations, which could be abused
  to severely impact the performance of named running as a recursive
  resolver. This has been fixed.
  [bsc#1203614, CVE-2022-2795, bind-CVE-2022-2795.patch]
  * A memory leak was fixed that could be externally triggered in the
  DNSSEC verification code for the ECDSA algorithm.
  [bsc#1203619, CVE-2022-38177, bind-CVE-2022-38177.patch]
  * Memory leaks were fixed that could be externally triggered in the
  DNSSEC verification code for the EdDSA algorithm.
  [bsc#1203620, CVE-2022-38178, bind-CVE-2022-38178.patch]
- Changed ownership of /var/lib/named/master from named:named to
  root:root.
  [bsc#1201247, bind.conf]
- When using forwarders, bogus NS records supplied by, or via, those
  forwarders may be cached and used by named if it needs to recurse
  for any reason, causing it to obtain and pass on potentially
  incorrect answers.
  [CVE-2021-25220, bsc#1197135, bind-9.16.27-0001-CVE-2021-25220.patch]
binutils
- For building shim 15.6~rc1 (and later versions) aarch64 image, objcopy
  needs to support efi-app-aarch64 target. (bsc#1198458)
  Adds binutils-add-efi-aarch64-1.diff,
  binutils-add-efi-aarch64-2.diff, binutils-add-efi-aarch64-3.diff .
- Add binutils-fix-keepdebug.diff for fix bsc#1191908, a problem
  in crash not accepting some of our .ko.debug files.
- Add binutils-revert-rela.diff to revert back to old behaviour
  of not ignoring the in-section content of to be relocated
  fields on x86-64, even though that's a RELA architecture.
  Compatibility with buggy object files generated by old tools.
  [bsc#1198422]
- Add binutils-add-z16-name.diff so that the now official name
  z16 for arch14 is recognized.  [bsc#1198237]
ca-certificates-mozilla
- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
  Added:
  - Certainly Root E1
  - Certainly Root R1
  - DigiCert SMIME ECC P384 Root G5
  - DigiCert SMIME RSA4096 Root G5
  - DigiCert TLS ECC P384 Root G5
  - DigiCert TLS RSA4096 Root G5
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  Removed:
  - Hellenic Academic and Research Institutions RootCA 2011
- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
  Added:
  - Autoridad de Certificacion Firmaprofesional CIF A62634068
  - D-TRUST BR Root CA 1 2020
  - D-TRUST EV Root CA 1 2020
  - GlobalSign ECC Root CA R4
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
  - HiPKI Root CA - G1
  - ISRG Root X2
  - Telia Root CA v2
  - vTrus ECC Root CA
  - vTrus Root CA
  Removed:
  - Cybertrust Global Root
  - DST Root CA X3
  - DigiNotar PKIoverheid CA Organisatie - G2
  - GlobalSign ECC Root CA R4
  - GlobalSign Root CA R2
  - GTS Root R1
  - GTS Root R2
  - GTS Root R3
  - GTS Root R4
- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
  + HARICA Client ECC Root CA 2021
  + HARICA Client RSA Root CA 2021
  + HARICA TLS ECC Root CA 2021
  + HARICA TLS RSA Root CA 2021
  + TunTrust Root CA
- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
  - NAVER Global Root Certification Authority
- Removed old root CA:
  - GeoTrust Global CA
  - GeoTrust Primary Certification Authority
  - GeoTrust Primary Certification Authority - G3
  - GeoTrust Universal CA
  - GeoTrust Universal CA 2
  - thawte Primary Root CA
  - thawte Primary Root CA - G2
  - thawte Primary Root CA - G3
  - VeriSign Class 3 Public Primary Certification Authority - G4
  - VeriSign Class 3 Public Primary Certification Authority - G5
chrony
- Fix config file handling in the spec file and remove "/ntsdumpdir"/
  from default config, because augeas-lenses cannot parse it during
  installation of SLE Micro on SLE-15-SP3 (bsc#1194220).
- bsc#1194229: Fix pool package dependencies, so that SLE actually
  prefers chrony-pool-suse over chrony-pool-empty.
- Add chrony-htonl.patch to work around undocumented behaviour of
  htonl() in older glibc versions (SLE-12) on 64 bit big endian
  architectures (s390x).
- SLE bugs that have been fixed in openSUSE up to this point
  without explicit references: bsc#1183783, bsc#1184400,
  bsc#1171806, bsc#1161119, bsc#1159840.
- Obsoleted SLE patches:
  * chrony-fix-open.patch
  * chrony-gettimeofday.patch
  * chrony-ntp-era-split.patch
  * chrony-pidfile.patch
  * chrony-select-timeout.patch
  * chrony-urandom.patch
  * chrony.sysconfig
  * clknetsim-glibc-2.31.patch
- boo#1190926: PrivateDevices is too strict, we might need to
  access the rtc and ptp devices.
- Add back support to build chrony on SLE12.
- Drop dependency on asciidoctor. It is only needed for building
  the HTML documentation which we don't package anyway.
- Added hardening to systemd service(s). Added patch(es):
  * harden_chrony-wait.service.patch
  * harden_chronyd.service.patch
- boo#1187906: Consolidate all references to the helper script.
- Add now working CONFIG parameter to sysusers generator
- Change to using systemd-sysusers
- Remove otherproviders, not needed anymore
- Update to 4.1
  * Add support for NTS servers specified by IP address (matching
    Subject Alternative Name in server certificate)
  * Add source-specific configuration of trusted certificates
  * Allow multiple files and directories with trusted certificates
  * Allow multiple pairs of server keys and certificates
  * Add copy option to server/pool directive
  * Increase PPS lock limit to 40% of pulse interval
  * Perform source selection immediately after loading dump files
  * Reload dump files for addresses negotiated by NTS-KE server
  * Update seccomp filter and add less restrictive level
  * Restart ongoing name resolution on online command
  * Fix dump files to not include uncorrected offset
  * Fix initstepslew to accept time from own NTP clients
  * Reset NTP address and port when no longer negotiated by NTS-KE
    server
- Update clknetsim to snapshot f89702d.
- Refresh chrony.keyring from
  https://chrony.tuxfamily.org/gpgkey-8F375C7E8D0EE125A3D3BD51537E2B76F7680DAC.asc
- Ensure the correct pool packages are installed for openSUSE
  and SLE (bsc#1180689).
- Enable syscallfilter unconditionally [boo#1181826].
- drop buildrequires on NSS. We need gnutls for NTS anyway and we
  can do all the other required crypto via nettle+gnutls. no need
  for another crypto library.
- Update to 4.0
  - Enhancements
  - Add support for Network Time Security (NTS) authentication
  - Add support for AES-CMAC keys (AES128, AES256) with Nettle
  - Add authselectmode directive to control selection of
    unauthenticated sources
  - Add binddevice, bindacqdevice, bindcmddevice directives
  - Add confdir directive to better support fragmented
    configuration
  - Add sourcedir directive and "/reload sources"/ command to
    support dynamic NTP sources specified in files
  - Add clockprecision directive
  - Add dscp directive to set Differentiated Services Code Point
    (DSCP)
  - Add -L option to limit log messages by severity
  - Add -p option to print whole configuration with included
    files
  - Add -U option to allow start under non-root user
  - Allow maxsamples to be set to 1 for faster update with -q/-Q
    option
  - Avoid replacing NTP sources with sources that have
    unreachable address
  - Improve pools to repeat name resolution to get "/maxsources"/
    sources
  - Improve source selection with trusted sources
  - Improve NTP loop test to prevent synchronisation to itself
  - Repeat iburst when NTP source is switched from offline state
    to online
  - Update clock synchronisation status and leap status more
    frequently
  - Update seccomp filter
  - Add "/add pool"/ command
  - Add "/reset sources"/ command to drop all measurements
  - Add authdata command to print details about NTP
    authentication
  - Add selectdata command to print details about source
    selection
  - Add -N option and sourcename command to print original names
    of sources
  - Add -a option to some commands to print also unresolved
    sources
  - Add -k, -p, -r options to clients command to select, limit,
    reset data
  - Bug fixes
  - Don’t set interface for NTP responses to allow asymmetric
    routing
  - Handle RTCs that don’t support interrupts
  - Respond to command requests with correct address on
    multihomed hosts
  - Removed features
  - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
  - Drop support for long (non-standard) MACs in NTPv4 packets
    (chrony 2.x clients using non-MD5/SHA1 keys need to use
    option "/version 3"/)
  - Drop support for line editing with GNU Readline
- add BuildRequires for gnutls-devel (which also pulls nettle to
  enable the new features)
- drop patches which are included in the update:
  chrony-test-update-processing-of-packet-log.patch
  chrony-test-fix-util-unit-test-for-NTP-era-split.patch
- refreshed chrony-config.patch
- track series file for easier quilt setup
- added option to turn off testsuite with
  osc build --without=testsuite
  testsuite still runs by default
- By default we don't write log files but log to journald, so
  only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
  expectations of chronyd.service (bsc#1173277).
- Update to 3.5.1:
  * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
  synchronisation (bsc#1172113).
- Use _systemdutildir instead of _libexecdir/systemd: systemd does
  not actually live below libexecdir.
- Add chrony-test-update-processing-of-packet-log.patch in order
  to fix test-suite failure.
- Update clknetsim to version 79ffe44 (fixes boo#1162964).
- Backport chrony-test-fix-util-unit-test-for-NTP-era-split.patch.
- Change to BuildRequires: rubygem(asciidoctor) and remove conditional
  (is available in SLE12-SP4 and SLE15* as well)
- Fix typo in %install
- Fix asciidoc in Tumbleweed
- Revert clknetsim to version 58c5e8b
- Fix incorrect download link for package signature
- Temporarily disable signature usage as its expired
- Update clknetsim to version ac3c832
- fix chrony-service-helper.patch
- Update to 3.5:
  + Add support for more accurate reading of PHC on Linux 5.0
  + Add support for hardware timestamping on interfaces with read-only timestamping configuration
  + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
  + Update seccomp filter to work on more architectures
  + Validate refclock driver options
  + Fix bindaddress directive on FreeBSD
  + Fix transposition of hardware RX timestamp on Linux 4.13 and later
  + Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
  (bsc#1128846).
- Update testsuite to version 58c5e8b
- Read runtime servers from /var/run/netconfig/chrony.servers to
  fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
  should be no executables in /usr/share.
- Update clknetsim to revision 8b48422
- Remove discrepancies between spec file and chrony-tmpfiles (boo#1115529)
- Update the keyring and uncomment it in the spec file
- Comment out bad signature
- Added %{_tmpfilesdir}/%{name}.conf
- Updated clknetsim
- Update to version 3.4
  * Enhancements
    + Add filter option to server/pool/peer directive
    + Add minsamples and maxsamples options to hwtimestamp directive
    + Add support for faster frequency adjustments in Linux 4.19
    + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
    without root privileges to remove it on exit
    + Disable sub-second polling intervals for distant NTP sources
    + Extend range of supported sub-second polling intervals
    + Get/set IPv4 destination/source address of NTP packets on FreeBSD
    + Make burst options and command useful with short polling intervals
    + Modify auto_offline option to activate when sending request failed
    + Respond from interface that received NTP request if possible
    + Add onoffline command to switch between online and offline state
    according to current system network configuration
    + Improve example NetworkManager dispatcher script
  * Bug fixes
    + Avoid waiting in Linux getrandom system call
    + Fix PPS support on FreeBSD and NetBSD
- Update clknetsim to revision 42b693b
  * Drop not needed chrony-fix-open.patch
- Build tests with optflags as well
- Do not run tests on i586
- Enable signd
- Mention all sources as such in spec file
- Fix formatting of changelog
- Drop reference to change is not present
- Update to version 3.3
  * Enhancements:
    + Add burst option to server/pool directive
    + Add stratum and tai options to refclock directive
    + Add support for Nettle crypto library
    + Add workaround for missing kernel receive timestamps on Linux
    + Wait for late hardware transmit timestamps
    + Improve source selection with unreachable sources
    + Improve protection against replay attacks on symmetric mode
    + Allow PHC refclock to use socket in /var/run/chrony
    + Add shutdown command to stop chronyd
    + Simplify format of response to manual list command
    + Improve handling of unknown responses in chronyc
  * Bug fixes:
    + Respond to NTPv1 client requests with zero mode
    + Fix -x option to not require CAP_SYS_TIME under non-root user
    + Fix acquisitionport directive to work with privilege separation
    + Fix handling of socket errors on Linux to avoid high CPU usage
    + Fix chronyc to not get stuck in infinite loop after clock step
cifs-utils
- CVE-2022-29869: mount.cifs: fix verbose messages on option parsing
  (bsc#1198976, CVE-2022-29869)
  * add cifs-utils-CVE-2022-29869.patch
- CVE-2022-27239: mount.cifs: fix length check for ip option
  parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
  * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
cloud-regionsrv-client
- Follow up fix to 10.0.4 (bsc#1202706)
  - While the source code was updated to support SLE Micro the spec file
    was not updated for the new locations of the cache and the certs.
    Update the spec file to be consistent with the code implementation.
- Update to version 10.0.5 (bsc#1201612)
  - Handle exception when trying to deregister a system form the server
- Update to version 10.0.4 (bsc#1199668)
  - Store the update server certs in the /etc path instead of /usr to
    accomodate read only setup of SLE-Micro
- Update to version 10.0.3 (bsc#1198389)
  - Descend into the extension tree even if top level module is recommended
  - Cache license state for AHB support to detect type switch
  - Properly clean suse.com credentials when switching from SCC to update
    infrastructure
  - New log message to indicate base product registration success
- Update to version 10.0.2
  + Fix name of logfile in error message
  + Fix variable scoping to properly detect registration error
  + Cleanup any artifacts on registration failure
  + Fix latent bug with /etc/hosts population
  + Do not throw error when attemting to unregister a system that is not
    registered
  + Skip extension registration if the extension is recommended by the
    baseproduct as it gets automatically installed
- Update to version 10.0.1 (bsc#1197113)
  + Provide status feedback on registration, success or failure
  + Log warning message if data provider is configured but no data
    can be retrieved
- Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564)
  + The repo enablement timer cannot depend on guestregister.service
- Update -addon-azure to 1.0.2 (bsc#1196305)
  + The is-registered() function expects a string of the update server FQDN.
    The regionsrv-enabler-azure passed an Object of type SMT. Fix the call
    in regionsrv-enabler-azure.
- Update -plugin-azure to 2.0.0 (bsc#1196146)
  + Lower case the region hint to reduce issues with Azure region name
    case inconsistencies
- Update to version 10.0.0 (bsc#1195414, bsc#1195564)
  + Refactor removes check_registration() function in utils implementation
  + Only start the registration service for PAYG images
  - addon-azure sub-package to version 1.0.1
cluster-glue
- Requesting cluster-glue bugfix (bsc#1197681)
  * Add upstream patch:
    0002-bugfix-for-comment-in-external-ec2.patch
- (jsc#SLE-23490) (jsc#SLE-23491) (jsc#SLE-23492) (jsc#SLE-23494)
  IMDSv2 support in ec2 stonith agent
  * add upstream patch:
    0001-Update-external-ec2-to-support-IMDSv2.patch
containerd
- Update to containerd v1.6.6 to fix CVE-2022-31030 and meet the requirements
  of Docker v20.10.17-ce. bsc#1200145
- Remove upstreamed patches:
  - bsc1200145-Limit-the-response-size-of-ExecSync.patch
[ This patch was only released in SLES and Leap. ]
- Backport patch to fix GHSA-5ffw-gxpp-mxpf CVE-2022-31030. bsc#1200145
  + bsc1200145-Limit-the-response-size-of-ExecSync.patch
- Update to containerd v1.5.12. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.5.12>
- Update to containerd v1.5.11 to fix CVE-2022-24769. bsc#1197517
- Update to containerd v1.4.13 to fix CVE-2022-23648. bsc#1196441
- Remove upstreamed patch:
  - CVE-2022-23648.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for CVE-2022-23648. bsc#1196441
  + CVE-2022-23648.patch
crmsh
- Update to version 4.3.1+20220610.733357e2:
  * Dev: crm report: put info/warning/debug messages into stdout
  * Fix: crm report: use sudo when under non root and hacluster user (bsc#1199634)
  * Fix: utils: wait4dc: Make change since output of 'crmadmin -S' changed(bsc#1199412)
  * Fix: bootstrap: stop and disable csync2.socket on removed node (bsc#1199325)
- Update to version 4.3.1+20220505.cf4ab649:
  * Fix: hb_report: Read data in a save way, to avoid UnicodeDecodeError (bsc#1198180)
  * Dev: ocfs2: Fix running ocfs2 stage on cluster with diskless-sbd
  * Fix: ui_configure: Give a deprecated warning when using "/ms"/ subcommand (bsc#1194125)
  * Fix: xmlutil: Parse promotable clone correctly and also consider compatibility (bsc#1194125)
  * Fix: bootstrap: Change default transport type as udpu(unicast) (bsc#1132375)
- Update to version 4.3.1+20220321.bd33abac:
  * Dev: Parametrize the log dir
  * medium: utils: update detect_cloud pattern for aws (bsc#1197351)
  * Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726)
- Update to version 4.3.1+20220208.73603501:
  * Fix: sbd: not overwrite SYSCONFIG_SBD and sbd-disk-metadata if input 'n'(bsc#1194870)
  * Fix: crash_test: Adjust help output of 'crm cluster crash_test -h'(bsc#1194615)
  * Fix: bootstrap: Change log info when need to change user login shell (bsc#1194026)
cups
- cups-branch-2.2-commit-3e4dd41459dabc5d18edbe06eb5b81291885204b.diff
  is 'git show 3e4dd41459dabc5d18edbe06eb5b81291885204b' for
  https://github.com/apple/cups/commit/3e4dd41459dabc5d18edbe06eb5b81291885204b
  (except the not needed hunk for patching CHANGES.md which fails)
  that fixes handling of MaxJobTime 0 (Issue #5438) in the CUPS 2.2 branch
  bsc#1201511:
  Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0
- cups-2.2.7-CVE-2022-26691.patch fixes CVE-2022-26691
  cups: authentication bypass and code execution (bsc#1199474)
- SUSE_bsc_1189517.patch is
  https://github.com/apple/cups/commit/821b3cc956d46b811facd50986acc9f24f0e1c79
  which belongs to https://github.com/apple/cups/issues/5288
  that fixes bsc#1189517
  "/cups printservice takes much longer than before
  with a big number of printers"/
  see in particular
  https://github.com/apple/cups/issues/5288#issuecomment-921626381
- SUSE_bsc_1195115.patch is
  https://github.com/apple/cups/commit/ba9d68cc7467a7a47ef219071902b9e9eb6dbc44
  which belongs to https://github.com/apple/cups/issues/5538
  that fixes bsc#1195115
  "/CUPS PreserveJobHistory doesn't work with seconds"/
curl
- Security Fix: [bsc#1204383, CVE-2022-32221]
  * POST following PUT confusion
  * Add curl-CVE-2022-32221.patch
- Security fix: [bsc#1202593, CVE-2022-35252]
  * Control codes in cookie denial of service
  * Add curl-CVE-2022-35252.patch
- Security fix: [bsc#1200735, CVE-2022-32206]
  * HTTP compression denial of service
  * Add curl-CVE-2022-32206.patch
- Security fix: [bsc#1200737, CVE-2022-32208]
  * FTP-KRB bad message verification
  * Add curl-CVE-2022-32208.patch
- Securiy fix: [bsc#1199223, CVE-2022-27781]
  * CERTINFO never-ending busy-loop
  * Add curl-CVE-2022-27781.patch
- Securiy fix: [bsc#1199224, CVE-2022-27782]
  * TLS and SSH connection too eager reuse
  * Add curl-CVE-2022-27782.patch
- Security fix: [bsc#1198766, CVE-2022-27776]
  * Auth/cookie leak on redirect
  * Add backported curl-CVE-2022-27776.patch
- Security fix: [bsc#1198723, CVE-2022-27775]
  * Bad local IPv6 connection reuse
  * Add backported curl-CVE-2022-27775.patch
- Security fix: [bsc#1198614, CVE-2022-22576]
  * OAUTH2 bearer bypass in connection re-use
  * Add backported curl-CVE-2022-22576.patch
cyrus-sasl
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
  in plugins/sql.c (bsc#1196036)
  o add upstream patch:
    0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
cyrus-sasl-saslauthd
- CVE-2022-24407: cyrus-sasl: SQL injection in sql_auxprop_store
  in plugins/sql.c (bsc#1196036)
  o add upstream patch:
    0001-CVE-2022-24407-Escape-password-for-SQL-insert-update.patch
- postfix: sasl authentication with password fails (bsc#1194265)
  Add config parameter --with-dblib=gdbm
dbus-1
- Fix a potential crash that could be triggered by an invalid signature.
  (CVE-2022-42010, bsc#1204111)
  * fix-upstream-CVE-2022-42010.patch
- Fix an out of bounds read caused by a fixed length array (CVE-2022-42011,
  bsc#1204112)
  * fix-upstream-CVE-2022-42011.patch
- A message in non-native endianness with out-of-band Unix file descriptors
  would cause a use-after-free and possible memory corruption CVE-2022-42012,
  bsc#1204113)
  * fix-upstream-CVE-2022-42012.patch
- Disable asserts (bsc#1087072)
- Refreshed patches
  * fix-upstream-CVE-2020-35512.patch
dhcp
- bsc#1198657: properly handle DHCRELAY(6)_OPTIONS.
docker
- Update to Docker 20.10.17-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201017>. bsc#1200145
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Add patch to update golang.org/x/crypto for CVE-2021-43565 and CVE-2022-27191.
  bsc#1193930 bsc#1197284
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.14-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201014>. bsc#1197517
  CVE-2022-24769
dracut
- Update to version 049.1+suse.238.gd8dbb075:
  * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
  * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
- Update to version 049.1+suse.234.g902e489c:
  * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
- Update to version 049.1+suse.232.g2ccee559:
  * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
  * fix(dracut-functions.sh): ip route parsing (bsc#1195011)
e2fsprogs
- libext2fs-add-sanity-check-to-extent-manipulation.patch: libext2fs: add
  sanity check to extent manipulation (bsc#1198446 CVE-2022-1304)
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
  for libreadline.so.7 for Leap 15.3 (bsc#1196939)
elfutils
- Added 4G memory build constraint for aarch64 to pass testing.
- Update to version 0.177 (Martin Liška):
    elfclassify: New tool to analyze ELF objects.
    readelf: Print DW_AT_data_member_location as decimal offset.
    Decode DW_AT_discr_list block attributes.
    libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
    libdwelf: Add dwelf_elf_e_machine_string.
    dwelf_elf_begin now only returns NULL when there is an error
    reading or decompressing a file. If the file is not an ELF file
    an ELF handle of type ELF_K_NONE is returned.
    backends: Add support for C-SKY.
  - Update to version 0.176
    build: Add new --enable-install-elfh option.
    Do NOT use this for system installs (it overrides glibc elf.h).
    backends: riscv improved core file and return value location support.
    Fixes CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664
  - CVE-2019-7150: dwfl_segment_report_module doesn't check whether
    the dyn data read from core file is truncated (bnc#1123685)
  - CVE-2019-7665: NT_PLATFORM core file note should be a zero
    terminated string (CVE is a bit misleading, as this is not a bug
    in libelf as described) (bnc#1125007)
  - Removed patches:
  - libdwfl-sanity-check-partial-core-file-dyn-data-read.patch
  - libebl-check-NT_PLATFORM-core-notes.patch
  - Update to version 0.175 (Martin Liška):
    readelf: Handle mutliple .debug_macro sections.
    Recognize and parse GNU Property, NT_VERSION and
    GNU Build Attribute ELF Notes.
    strip: Handle SHT_GROUP correctly.
    Add strip --reloc-debug-sections-only option.
    Handle relocations against GNU compressed sections.
    libdwelf: New function dwelf_elf_begin.
    libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
    and BPF_JSLE.
    backends: RISCV handles ADD/SUB relocations.
    Handle SHT_X86_64_UNWIND.
  - CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the
    function arlib_add_symbols() used by eu-ranlib (bnc#1112723)
  - CVE-2018-18310: Invalid Address Read problem in
    dwfl_segment_report_module.c (bnc#1111973)
  - CVE-2018-18520: eu-size: Bad handling of ar files inside are
    files (bnc#1112726)
  - Removed patches:
  - arlib-check-that-sh_entsize-isnt-zero.patch
  - libdwfl-sanity-check-partial-core-file-data-reads.patch
  - size-handle-recursive-elf-ar-files.patch
  - Update to version 0.174 (Martin Liška):
    libelf, libdw and all tools now handle extended shnum and
    shstrndx correctly.
    elfcompress: Don't rewrite input file if no section data needs
    updating. Try harder to keep same file mode bits
    (suid) on rewrite.
    strip: Handle mixed (out of order) allocated/non-allocated
    sections.
    unstrip: Handle SHT_GROUP sections.
    backends: RISCV and M68K now have backend implementations to
    generate CFI based backtraces.
  - CVE-2018-16402: libelf: denial of service/double free on an
    attempt to decompress the same section twice (bnc#1107066)
    Double-free crash in nm and readelf
  - CVE-2018-16403: heap buffer overflow in readelf (bnc#1107067)
  - CVE-2018-16062: heap-buffer-overflow in
    /elfutils/libdw/dwarf_getaranges.c:156 (bnc#1106390)
    Removed patches:
    libelf-error-if-elf_compress_gnu-is-used-on-SHF_COMPRESSED.patch
    libdw-check-end-of-attributes-list-consistently.patch
    libdw-readelf-make-sure-there-is-enough-data-to-read.patch
  - Update to version 0.173 (Martin Liška):
    More fixes for crashes and hangs found by afl-fuzz. In particular various
    functions now detect and break infinite loops caused by bad DIE tree cycles.
    readelf: Will now lookup the size and signedness of constant value types
    to display them correctly (and not just how they were encoded).
    libdw: New function dwarf_next_lines to read CU-less .debug_line data.
    dwarf_begin_elf now accepts ELF files containing just .debug_line
    or .debug_frame sections (which can be read without needing a DIE
    tree from the .debug_info section).
    Removed dwarf_getscn_info, which was never implemented.
    backends: Handle BPF simple relocations.
    The RISCV backends now handles ABI specific CFI and knows about
    RISCV register types and names.
  - Update to version 0.172 (Martin Liška):
    No functional changes compared to 0.171.
    Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
    Thanks to running the afl fuzzer on eu-readelf and various testcases.
  - Update to version 0.171 (Martin Liška):
    DWARF5 and split dwarf, including GNU DebugFission, are supported now.
    Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
    .debug_loclists, .debug_str_offsets and .debug_rnglists.  Plus the new
    DWARF5 and GNU DebugFission encodings of the existing .debug sections.
    Also in split DWARF .dwo (DWARF object) files.  This support is mostly
    handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
    dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
    sections and data formats.  But some new functions have been added
    to more easily get information about skeleton and split compile units
    (dwarf_get_units and dwarf_cu_info), handle new attribute data
    (dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
    that might come from different sections or files (dwarf_die_addr_die).
    Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
    files, the .debug_names index, the .debug_cu_index and .debug_tu_index
    sections. Only a single .debug_info (and .debug_types) section are
    currently handled.
    readelf: Handle all new DWARF5 sections.
  - -debug-dump=info+ will show split unit DIEs when found.
  - -dwarf-skeleton can be used when inspecting a .dwo file.
    Recognizes GNU locviews with --debug-dump=loc.
    libdw: New functions dwarf_die_addr_die, dwarf_get_units,
    dwarf_getabbrevattr_data and dwarf_cu_info.
    libdw will now try to resolve the alt file on first use of
    an alt attribute FORM when not set yet with dwarf_set_alt.
    dwarf_aggregate_size() now works with multi-dimensional arrays.
    libdwfl: Use process_vm_readv when available instead of ptrace.
    backends: Add a RISC-V backend.
    There were various improvements to build on Windows.
    The sha1 and md5 implementations have been removed, they weren't used.
  - Update to version 0.170 (Martin Liška):
    libdw: Added new DWARF5 attribute, tag, character encoding, language code,
    calling convention, defaulted member function and macro constants
    to dwarf.h.
  New functions dwarf_default_lower_bound and dwarf_line_file.
  dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
  dwarf_getmacros now handles DWARF5 .debug_macro sections.
    strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
    backends: The bpf disassembler is now always build on all platforms.
  - Includes changes in 0.169
    backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
    Frame pointer unwinding fallback support for i386, x86_64, aarch64.
    translations: Update Polish translation.
  - CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
    application crash) via a crafted ELF file (bnc#1033088)
  - CVE-2017-7610: elflint: heap-based buffer overflow in check_group
    (bnc#1033087)
  - CVE-2017-7609: memory allocation failure in __libelf_decompress
    (bnc#1033086)
  - CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
    (readelf.c) (bnc#1033084)
  - CVE-2017-7608: heap-based buffer overflow in
    ebl_object_note_type_name (eblobjnotetypename.c) (bnc#1033085)
  - CVE-2017-7613: elfutils: denial of service (memory consumption)
    via a crafted ELF file (bnc#1033090)
  - CVE-2017-7612: elfutils: denial of service (heap-based buffer
    over-read and application crash) via a crafted ELF file (bnc#1033089)
  - Removed patches:
  - obsolete 0001-backends-Add-support-for-EM_PPC64-GNU_ATTRIBUTES.patch
  - ppc-machine-flags.patch
  - elflint-check-symbol-table-data-is-big-enough-before-check.patch
  - elflint-dont-check-section-group-without-flags-word.patch
  - libelf-check-compression-before-allocate-output-buffer.patch
  - readelf-fix-off-by-one-sanity-check.patch
  - use-the-empty-string-for-note-names-with-zero-size.patch
  - elflint-sanity-check-the-number-of-phdrs-and-shdrs.patch
  - elfutils-dont-trust-sh_entsize.patch
- Packaging cleanups:
  - Modernize specfile and metadata. (Jan Engelhardt)
  - Use %make_build (Martin Liška)
  - Update License tag to GPL-3.0-or-later, as requested by legal
    review. (Dominique Leuenberger)
  - Don't make elfutils recommend elfutils-lang as elfutils-lang
    already supplements elfutils. (Antoine Belvire)
  - Fix typo in the recommends name bsc#1104264 (Tomas Chvatal)
  - Use %license (boo#1082318) (Fabian Vogt)
- Test fixes (Andreas Schwab):
  - disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
  - dwelf_elf_e_machine_string.patch: Avoid spurious failure
- disable-tests-with-ptrace.patch: Remove, set XFAIL_TESTS instead
- dwelf_elf_e_machine_string.patch: Avoid spurious failure
expat
- Security fix:
  * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
    function in xmlparse.c
  - Added patch expat-CVE-2022-40674.patch
- Security fixes:
  * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
    breaks biboumi, ClairMeta, jxmlease, libwbxml,
    openleadr-python, rnv, xmltodict
  - Added expat-CVE-2022-25236-relax-fix.patch
- Security fixes:
  * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
    attackers to insert namespace-separator characters into
    namespace URIs
  - Added expat-CVE-2022-25236.patch
  * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
    2.4.5 does not check whether a UTF-8 character is valid in a
    certain context.
  - Added expat-CVE-2022-25235.patch
  * (CVE-2022-25313, bsc#1196168) Stack exhaustion in
    build_model() via uncontrolled recursion
  - Added expat-CVE-2022-25313.patch
  - The fix upstream introduced a regression that was later
    amended in 2.4.6 version
    + Added expat-CVE-2022-25313-fix-regression.patch
  * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
  - Added expat-CVE-2022-25314.patch
  * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
  - Added expat-CVE-2022-25315.patch
fence-agents
- Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm
  fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437
  (bsc#1195891)
  - Apply proposed patch
    0001-fix_support_for_sovereign_clouds_and_MSI-439.patch
- fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in
  GCP due to missing "/--zone"/ parameter (bsc#1198872)
  - Apply proposed patch
    0001-fence_gce-Make-zone-optional-for-get_nodes_list-487.patch
- fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 broken in GCP due to missing "/--zone"/ parameter
  (bsc#1198872)
- (bsc#1196350) fence_gce updates pull from Clusterlabs repo
  - Apply proposed upstream patch
    0001-fence_gce-Add-timeouts-and-failure-options-458.patch
filesystem
- Add /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
firewalld
- Fix regression introduced in previous patch (an api change to a
  function also needed backporting) (bsc#1198814)
  * feature-upstream-new-check-config-1.patch
  * feature-upstream-new-check-config-2.patch
- Provide dummy firewalld-prometheus-config package (bsc#1197042)
- Add patch which fixes the zone configuration (bsc#1191837)
  * 0001-chore-fw_zone-call-permanent-config-checks-at-runtim.patch
freetype2
- disable brotli linkage / WOFF2 support for now to keep dependencies
  as before.
- Added patches:
  * CVE-2022-27404.patch
    + fixes bsc#1198830, CVE-2022-27404: Buffer Overflow
  * CVE-2022-27405.patch
    + fixes bsc#1198832, CVE-2022-27405: Segmentation Fault
  * CVE-2022-27406.patch
    + fixes bsc#1198823, CVE-2022-27406: Segmentation violation
- Update to version 2.10.4
  * Fix a heap buffer overflow has been found  in the handling of
    embedded PNG bitmaps, introduced in FreeType version 2.6
    (CVE-2020-15999 bsc#1177914)
  * Minor improvements to the B/W rasterizer.
  * Auto-hinter support for Medefaidrin script.
  * Fix various  memory leaks (mainly  for CFF) and other  issues that
    might cause crashes in rare circumstances.
- Update to version 2.10.2
  * Support for WOFF2 fonts, add BR on pkgconfig(libbrotlidec)
  * Function `FT_Get_Var_Axis_Flags' returned random data for Type 1
    MM fonts.
  * Type 1 fonts with non-integer metrics are now supported by the new
    (CFF) engine introduced in FreeType 2.9.
  * Drop support for Python 2 in Freetype's API reference generator
  * Auto-hinter support for Hanifi Rohingya
  * Document the `FT2_KEEP_ALIVE' debugging environment variable.
fribidi
- Add fribidi-CVE-2022-25308.patch: fix a stack overflow (boo#1196147
  CVE-2022-25308).
- Add fribidi-CVE-2022-25309.patch: protect against garbage in the
  CapRTL encoder (boo#1196148 CVE-2022-25309).
- Add fribidi-CVE-2022-25310.patch: fix a SEGV in
  fribidi_remove_bidi_marks (boo#1196150 CVE-2022-25310).
gcc11
- Update to the GCC 11.3.0 release.
  * includes SLS hardening backport on x86_64.  [bsc#1195283]
- Update to gcc-11 branch head (691af15031e00227ba6d5935c), git1635
  * includes gcc11-pr104931.patch
  * includes fix for Firefox ICE  [gcc#105256]
- Add provides/conflicts to glibc crosses since only one GCC version
  for the same target can be installed at the same time.
- Add provides/conflicts to libgccjit.
- Update to gcc-11 branch head (6a1150d1524aeda3381b21717), git1406
  * includes change to adjust gnats idea of the target, fixing
    the build of gprbuild.  [bsc#1196861]
- Add gcc11-pr104931.patch to fix miscompile of embedded premake
  in 0ad on i586.  [bsc#1197065]
- drop armv5tel, merge arm and armv6hl
- use --with-cpu rather than specifying --with-arch/--with-tune
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recoomends.
- Remove sys/rseq.h from include-fixed
- Update to gcc-11 branch head (d4a1d3c4b377f1d4acb), git1173
  * Fix D memory corruption in -M output.
  * Fix ICE in is_this_parameter with coroutines.  [boo#1193659]
- Enable the cross compilers also on i586
- Enable some cross compilers also in rings
- Remove cross compilers for i386 target
- Update to gcc-11 branch head (7510c23c1ec53aa4a62705f03), git1018
  * fixes issue with debug dumping together with -o /dev/null
  * fixes libgccjit issue showing up in emacs build  [boo#1192951]
- Package mwaitintrin.h
- Remove spurious exit from change_spec.
- Enable the full cross compiler, cross-aarch64-gcc11 and
  cross-riscv64-gcc11 now provide a fully hosted C (and C++)
  cross compiler, not just a freestanding one.  I.e. with a cross
  glibc.  They don't yet support the sanitizer libraries.
  Part of [jsc#OBS-124].
gdk-pixbuf
- Add gdk-pixbuf-CVE_2021-44648.patch: check for maximum LZW code
  size (boo#1194633 CVE-2021-44648). Also add
  gdk_pixbuf_new_tests.tar.xz for some new gif tests.
- Add gdk-pixbuf-CVE-2021-46829.patch: check for overflow when
  compositing or clearing frames (boo#1201826 CVE-2021-46829).
glib2
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
  with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
glibc
- x86-shared-non-temporal-threshold.patch: Reversing calculation of
  __x86_shared_non_temporal_threshold (bsc#1201942)
- memcmp-power10.patch: powerpc: Optimized memcmp for power10
  (jsc#PED-987)
- disable-check-consistency.patch: i386: Disable check_consistency for GCC
  5 and above (bsc#1201640, BZ #25788)
- static-tls-surplus.patch: Remove tunables (bsc#1201560)
- static-tls-surplus.patch: rtld: Avoid using up static TLS surplus for
  optimizations (bsc#1200855, BZ #25051)
- strncpy-power9-vsx.patch: powerpc: Fix VSX register number on
  __strncpy_power9 (bsc#1200334, BZ #29197)
- selinux-deprecated.patch: Disable warnings due to deprecated libselinux
  symbols used by nss and nscd (bsc#1197718)
- systemtap-altmacro.patch: i386: Remove broken CAN_USE_REGISTER_ASM_EBP
  (bsc#1197718, BZ #28771)
- Add s390-add-z16-name.diff for bsc#1198751.
gnutls
- Security fix: [bsc#1202020, CVE-2022-2509]
  * Fixed double free during verification of pkcs7 signatures
  * Add gnutls-CVE-2022-2509.patch
- Security fix: [bsc#1196167, CVE-2021-4209]
  * Null pointer dereference in MD_UPDATE
  * Add gnutls-CVE-2021-4209.patch
google-guest-agent
- Update to version 20220713.00 (bsc#1202100, bsc#1202101)
  * try restoring module mode (#172)
  * update for golang 1.16 (#171)
- from version 20220614.00
  * Remove log that can break startup scripts (#170)
- from version 20220603.00
  * repeat fix for arm (#169)
  * no authorized keys on debian (#168)
- from version 20220527.00
  * Add authorized keys command to the Windows agent package. (#167)
  * Support for Windows SSH (#164)
- from version 20220523.00
  * restore double slash metadata url (#166)
- from version 20220520.00
  * Support .exe as an option for scripts and refactor runScript (#165)
- Update to version 20220429.00
  * Move some functionality to a utils module (#162)
- Update to version 20220412.00
  * enable goproxy during build (#163)
- from version 20220321.00
  * enable routes for ipv6 (#160)
- Update to version 20220204.00 (bsc#1195437, bsc#1195438)
  * remove han from owners (#154)
  * Remove extra slash from metadata URL. (#151)
- from version 20220104.00
  * List IPv6 routes (#150)
- from version 20211228.00
  * add add or remove route integration test, utils (#147)
- from version 20211214.00
  * add malformed ssh key unit test  (#142)
google-guest-configs
- Update to version 20220211.00 (bsc#1195437, bsc#1195438)
  * Set NVMe-PD IO timeout to 4294967295. (#32)
google-guest-oslogin
- Update to version 20220721.00 (bsc#1202100, bsc#1202101)
  * prune outdated info from readme (#86)
- from version 20220714.00
  * strip json-c version symbol (#84)
- from version 20220622.00
  * pam login: split conditions for logging (#83)
- use pam_moduledir (boo#1191036)
  * Support UsrMerge project
- Update to version 20220411.00
  * pam login: split conditions for logging (#83)
- Update to version 20220205.00 (bsc#1195437, bsc#1195438)
  * Fix build for EL9. (#82)
- from version 20211213.00
  * Reauth error (#81)
- Rename Source0 field to Source
- Update URL in Source field to point to upstream tarball
google-osconfig-agent
- Use install command in %post section to create state file (bsc#1202826)
- Remove useless creation of state file directory in /var/lib
- avoid bashim in post install scripts (bsc#1195391)
- Update to version 20220801.00 (bsc#1202100, bsc#1202101)
  * update OWNERS (#438)
  * Close client when RegisterAgent fails. (#436)
- from version 20220714.00
  * Add timeouts for pip/gem updates. (#433)
- from version 20220623.00
  * upgrade to golang 1.16 and override deb build settings for compatibility (#432)
- from version 20220606.00
  * new example policy to ensure sshd is running on windows VMs (#430)
- from version 20220531.00
  * Add default timeout for pip and gem list commands (#429)
- Don't restart daemon on package upgrade, create a state file instead (bsc#1194319)
- Update to version 20220314.01
  * Support COS on arm64 (#426)
- from version 20220314.00
  * Fix previous PR: exec.CommandContext cannot be reused (#425)
- from version 20220304.00
  * Update the error message when an exec task is run on Windows
    without an interpreter (#423)
  * Fix string that apt-get returns when requiring downgrade (#422)
  * e2e_tests: fix patch test rerun (#421)
  * Add --allow-downgrades flag to apt-get calls when it
    fails because of wanting to downgrade a package (#418)
  * Create e2e test that runs apt-get in a state that makes
    it downgrade a package (#420)
  * e2e_tests: update OS targets, adjust retries (#419)
  * Create change_group.yaml (#416)
- from version 20220215.00
  * Add regex support to package exclusion in OS Patch (#415)
- Update to version 20220209.00 (bsc#1195437, bsc#1195438)
  * Update licences, remove deprecated centos-8 tests (#414)
- Update to version 20220204.00
  * Add DisableLocalLogging option (#413)
- from version 20220107.00
  * OS assignment example: Copy file from bucket
gpg2
- Security fix [CVE-2022-34903, bsc#1201225]
  - Vulnerable to status injection
  - Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
  of 3DES if we are in FIPS mode. (bsc#1196125)
grep
- Make profiling deterministic (bsc#1040589, SLE-24115)
grub2
- Security fixes and hardenings for boothole 3 / boothole 2022 (bsc#1198581)
  * 0001-video-Remove-trailing-whitespaces.patch
  * 0002-video-readers-jpeg-Test-for-an-invalid-next-marker-r.patch
  * 0003-video-readers-jpeg-Catch-files-with-unsupported-quan.patch
  * 0004-video-readers-jpeg-Catch-OOB-reads-writes-in-grub_jp.patch
  * 0005-video-readers-jpeg-Don-t-decode-data-before-start-of.patch
  * 0006-misc-Format-string-for-grub_error-should-be-a-litera.patch
  * 0007-loader-efi-chainloader-Simplify-the-loader-state.patch
  * 0008-commands-boot-Add-API-to-pass-context-to-loader.patch
- Fix CVE-2022-28736 (bsc#1198496)
  * 0009-loader-efi-chainloader-Use-grub_loader_set_ex.patch
- Fix CVE-2022-28735 (bsc#1198495)
  * 0010-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch
  * 0011-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch
  * 0012-video-readers-png-Abort-sooner-if-a-read-operation-f.patch
  * 0013-video-readers-png-Refuse-to-handle-multiple-image-he.patch
- Fix CVE-2021-3695 (bsc#1191184)
  * 0014-video-readers-png-Drop-greyscale-support-to-fix-heap.patch
- Fix CVE-2021-3696 (bsc#1191185)
  * 0015-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch
  * 0016-video-readers-png-Sanity-check-some-huffman-codes.patch
  * 0017-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
  * 0018-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch
  * 0019-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
- Fix CVE-2021-3697 (bsc#1191186)
  * 0020-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch
  * 0021-normal-charset-Fix-array-out-of-bounds-formatting-un.patch
- Fix CVE-2022-28733 (bsc#1198460)
  * 0022-net-ip-Do-IP-fragment-maths-safely.patch
  * 0023-net-netbuff-Block-overly-large-netbuff-allocs.patch
  * 0024-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch
  * 0025-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch
  * 0026-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch
  * 0027-net-tftp-Avoid-a-trivial-UAF.patch
  * 0028-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0029-net-http-Fix-OOB-write-for-split-http-headers.patch
- Fix CVE-2022-28734 (bsc#1198493)
  * 0030-net-http-Error-out-on-headers-with-LF-without-CR.patch
  * 0031-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch
  * 0032-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch
  * 0033-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch
  * 0034-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch
  * 0035-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch
  * 0036-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch
  * 0037-Use-grub_loader_set_ex-for-secureboot-chainloader.patch
- Update SBAT security contact (boo#1193282)
- Bump grub's SBAT generation to 2
- Use boot disks in OpenFirmware, fixing regression caused by
  0001-ieee1275-implement-FCP-methods-for-WWPN-and-LUNs.patch, when
  the root LV is completely in the boot LUN (bsc#1197948)
  * 0001-ofdisk-improve-boot-time-by-lookup-boot-disk-first.patch
- Fix grub-install error when efi system partition is created as mdadm software
  raid1 device (bsc#1179981) (bsc#1195204)
  * 0001-install-fix-software-raid1-on-esp.patch
- Fix error in grub-install when linux root device is on lvm thin volume
  (bsc#1192622) (bsc#1191974)
  * 0001-grub-install-bailout-root-device-probing.patch
gzip
- Add support to zstd in zgrep, fixes bsc#1198922
  * xz_lzma.patch -> xz_lzma_zstd.patch
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
  * bsc1198062.patch
  * bsc1198062-2.patch
harfbuzz
- Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents
  (boo#1200900 CVE-2022-33068).
hwinfo
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
  nvme_core.multipath=1 (bsc#1199948)
- 21.82
- merge gh#openSUSE/hwinfo#112
- fix bug in determining serial console device name (bsc#1198043)
- 21.81
- merge gh#openSUSE/hwinfo#109
- fix logic around cdrom detection
- 21.80
- merge gh#openSUSE/hwinfo#108
- Donot close the open tray after read_cdrom_info.
- Donot close the open tray after read.
- 21.79
- merge gh#openSUSE/hwinfo#106
- Always read numerical 32bit serial number from EDID header.
  Override this with ASCII serial number from display descriptor,
  if available.
- Display numerical 32bit serial number for monitors without serial
  number display descriptor
- 21.78
- merge gh#openSUSE/hwinfo#105
- Use license file from gnu.org
- Fix spelling
- Add missing final newline
- Trim excess whitespace
- Simple maintenance improvements
- 21.77
- merge gh#openSUSE/hwinfo#104
- Fix timezone issue in SOURCE_DATE_EPOCH code
- 21.76
- merge gh#openSUSE/hwinfo#100
- recognize loongarch64 architecture
- 21.75
- merge gh#openSUSE/hwinfo#98
- update pci and usb ids
- 21.74
- merge gh#openSUSE/hwinfo#95
- don't rely on select() updating its timeout arg (bsc#1184339)
- 21.73
icewm
- Add icewm-build-with-glib2-ver-gt-2.67.3.patch:
  A later glib2 update will cause icewm failed to build by including
  gdk-pixbuf-xlib with extern "/C"/ annotation:
  https://gitlab.gnome.org/GNOME/glib/-/commit/51003d409bb4b6c9a8540f70b92f8045abc4f0c9?merge_request_iid=1715
  The patch aims to remove the annotation caused the issue
  (bsc#1197729).
icu
- Backport icu-CVE-2020-21913.patch: backport commit 727505bdd
  from upstream, use LocalMemory for cmd to prevent use after free
  (bsc#1193951 CVE-2020-21913).
ipmitool
- When really starting the daemon, in lib/helper.c::ipmi_start_daemon()
  stdin/stdout/stderr are redirected to /dev/null and this is checked
  but the check for stderr tests for STDOUT_FILENO. This is, most
  likely, a copy-paste error.
  [bsc#1175328, 0007-bsc#1175328-check-for-correct-fd.patch]
- Do not append the device number to the PIDFILE pathname
  as this will confuse systemd.
  [bsc#1181063, 0008-bsc#1181063-dont-parametrize-pidfile-name.patch]
java-1_8_0-ibm
- Update to Java 8.0 Service Refresh 7 Fix Pack 11 [bsc#1202427]
  [bsc#1201684, CVE-2022-34169] [bsc#1201692, CVE-2022-21541]
  [bsc#1201685, CVE-2022-21549] [bsc#1201694, CVE-2022-21540]
  * Defect Fixes:
  - Java Virtual Machine: Long dely in AttachAPI
- Update to Java 8.0 Service Refresh 7 Fix Pack 10 [bsc#1201643]
  [bsc#1198671, CVE-2022-21476] [bsc#1198670, CVE-2022-21449]
  [bsc#1198673, CVE-2022-21496] [bsc#1198674, CVE-2022-21434]
  [bsc#1198672, CVE-2022-21426] [bsc#1198675, CVE-2022-21443]
  [bsc#1191912, CVE-2021-35561] [bsc#1194931, CVE-2022-21299]
  * Class Libraries:
  - BigDecimal gives incorrect arithmetic results for the add
    and subtract operations on the result of a divide
  * Java Virtual Machine:
  - jstacktrace sub-option of xtrace doesn't print java stack
    while doing method trace
  * Security:
  - 8217633: Configurable Extensions with system properties
  - 8241248: NullPointerException in com.ibm.jsse2.ssl.HKDF.extract
  - 8270344: Session resumption errors
  - 8277967: Validate the SSLLogger object in KeyShareExtension
  - JVM crashes computing Diffie-Hellman shared secrets and JNI
    errors while creating elliptic curve public key using IBMJCEPlus
  - Key Certificate Manager authority key identifier value incorrect
  - SSLv2Hello property value is ignored if specified in
    jdk.tls.disabledAlgorithms and SSLv2Hello is set by
    setEnabledProtocols()
  - There is a memory growth observed during digest operations
    using IBMJCEPlus as the provider.
- Update to Java 8.0 Service Refresh 7 Fix Pack 6
  * Java Virtual Machine: Crash while generating javacore, or
    javacore contains 'Unable to walk in-flight data on call stack'
    instead of java stack
  * JIT Compiler:
  - Java JIT, bad field reference from a tenured object into
    the nursery
  - JIT compiler crash with vmstate=0x0005ff04
  * XML: Fix security vulnerability CVE-2022-21299
- Update to Java 8.0 Service Refresh 7 Fix Pack 5 [bsc#1197126]
  * https://www.ibm.com/support/pages/java-sdk-security-vulnerabilities
    [bsc#1194927, CVE-2022-21366] [bsc#1194928, CVE-2022-21365]
    [bsc#1194929, CVE-2022-21360] [bsc#1196500, CVE-2022-21349]
    [bsc#1194941, CVE-2022-21341] [bsc#1194940, CVE-2022-21340]
    [bsc#1194939, CVE-2022-21305] [bsc#1194930, CVE-2022-21277]
    [bsc#1194931, CVE-2022-21299] [bsc#1194932, CVE-2022-21296]
    [bsc#1194933, CVE-2022-21282] [bsc#1194934, CVE-2022-21294]
    [bsc#1194935, CVE-2022-21293] [bsc#1194925, CVE-2022-21291]
    [bsc#1194937, CVE-2022-21283] [bsc#1194926, CVE-2022-21248]
    [CVE-2022-21271]
- Fix a javaws broken symlink [bsc#1195146]
kdump
- unload.sh-support-kexec-unload-when-kexec_file_load.patch
  Fix unload when secure boot enabled (bsc#1186272)
- fix-network-related-dracut-options-handling-for-fadu.patch
  Fix network-related dracut options handling for fadump case
  (bsc#1201051)
- Update kdump-add-watchdog-modules.patch
  Fix return code when no watchdog sysfs entry is found (bsc#1197069)
- kdump-add-watchdog-modules.patch
  Add watchdog modules to kdump initrd (bsc#1189923)
kernel-default
- Update metadata references
- commit 26d4ba7
- wifi: mac80211: fix crash in beacon protection for P2P-device
  (CVE-2022-42722 bsc#1204125).
- commit a6f4ca8
- wifi: mac80211: refactor elements parsing with parameter struct
  (CVE-2022-42719 bsc#1204051).
- commit 26c2d4f
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
  bsc#1204051).
- commit a818808
- mac80211: always allocate struct ieee802_11_elems
  (CVE-2022-42719 bsc#1204051).
- commit a183a67
- wifi: cfg80211: avoid nontransmitted BSS list corruption
  (CVE-2022-42721 bsc#1204060).
- commit 5fe81ec
- wifi: mac80211: fix MBSSID parsing use-after-free
  (CVE-2022-42719 bsc#1204051).
- commit 6462e9c
- wifi: mac80211: refactor elements parsing with parameter struct
  (CVE-2022-42719 bsc#1204051).
- commit 7b3171e
- mac80211: fix memory leaks with element parsing (CVE-2022-42719
  bsc#1204051).
- mac80211: always allocate struct ieee802_11_elems
  (CVE-2022-42719 bsc#1204051).
- commit 1d0e42c
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
  bsc#1204059).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
  bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
  bsc#1204051).
- wifi: cfg80211: fix BSS refcounting bugs (CVE-2022-42720
  bsc#1204059).
- cfg80211: hold bss_lock while updating nontrans_list
  (CVE-2022-42719 bsc#1204051).
- mac80211: mlme: find auth challenge directly (CVE-2022-42719
  bsc#1204051).
- mac80211: move CRC into struct ieee802_11_elems (CVE-2022-42719
  bsc#1204051).
- mac80211: don't re-parse elems in ieee80211_assoc_success()
  (CVE-2022-42719 bsc#1204051).
- commit cf17eed
- Refresh metadata
  Refresh:
  patches.suse/nvme-ensure-subsystem-reset-is-single-threaded.patch
  patches.suse/nvme-restrict-management-ioctls-to-admin.patch
- commit 32aee9f
- scsi: stex: Properly zero out the passthrough command structure
  (bsc#1203514 CVE-2022-40768).
- commit b5c1e4b
- nvme: ensure subsystem reset is single threaded (bsc#1203290
  CVE-2022-3169).
- nvme: restrict management ioctls to admin (bsc#1203290
  CVE-2022-3169).
- commit fb89dd3
- Add CVE reference on lightnvm removal patch
  modified:
  - patches.drivers/lightnvm-remove-lightnvm-implemenation.patch
- commit 6251214
- char: pcmcia: synclink_cs: Fix use-after-free in mgslpc_ops
  (CVE-2022-41848 bsc#1203987).
- commit c6f643b
- fbdev: smscufx: Fix use-after-free in ufx_ops_open()
  (CVE-2022-41849 bsc#1203992).
- commit 1b1c9cc
- Input: snvs_pwrkey - fix SNVS_HPVIDR1 register address
  (git-fixes).
- commit d6b115e
- Input: melfas_mip4 - fix return value check in mip4_probe()
  (git-fixes).
- commit 6863cfd
- blacklist.conf: cleanup that breaks kABI
- commit 9b1761f
- USB: core: Fix RST error in hub.c (git-fixes).
- commit 0a4bc80
- struct ehci_hcd: hide new member (git-fixes).
- commit 47be3bf
- usb: ehci: handshake CMD_RUN instead of STS_HALT (git-fixes).
- commit 6d316e7
- struct otg_fsm: hide new boolean member in gap (git-fixes).
- commit f6f0e1f
- usb: otg-fsm: Fix hrtimer list corruption (git-fixes).
- commit 659ffb3
- blacklist.conf: breaks kABI for an issue relevant only in a minor HC
- commit 803fd47
- usbnet: Fix memory leak in usbnet_disconnect() (git-fixes).
- commit cd54e08
- bpf: Compile out btf_parse_module() if module BTF is not enabled
  (git-fixes).
- commit 1eec519
- net: mana: Add rmb after checking owner bits (git-fixes).
- commit 78526f5
- arm64: dts: rockchip: Remove 'enable-active-low' from rk3399-puma (git-fixes)
- commit 1907554
- arm64: dts: rockchip: Set RK3399-Gru PCLK_EDP to 24 MHz (git-fixes)
- commit b65f350
- arm64: dts: rockchip: Pull up wlan wake# on Gru-Bob (git-fixes)
- commit bdc6c6e
- net: mana: Add support of XDP_REDIRECT action (bug#1201310, jsc#PED-529).
- commit a9060b8
- net: mana: Add the Linux MANA PF driver (bug#1201309, jsc#PED-529).
- commit 25390e7
- scsi: lpfc: Update lpfc version to 14.2.0.7 (bsc#1203939).
- scsi: lpfc: Fix various issues reported by tools (bsc#1203939).
- scsi: lpfc: Add reporting capability for Link Degrade Signaling
  (bsc#1203939).
- scsi: lpfc: Rework FDMI attribute registration for unintential
  padding (bsc#1203939).
- scsi: lpfc: Rework lpfc_fdmi_cmd() routine for cleanup and
  consistency (bsc#1203939).
- scsi: lpfc: Rename mp/bmp dma buffers to rq/rsp in lpfc_fdmi_cmd
  (bsc#1203939).
- scsi: lpfc: Update congestion mode logging for Emulex SAN
  Manager application (bsc#1203939).
- scsi: lpfc: Move scsi_host_template outside dynamically
  allocated/freed phba (bsc#1185032 bsc#1203939).
  Dropped:
  patches.suse/lpfc-decouple-port_template-and-vport_template.patch
- scsi: lpfc: Fix multiple NVMe remoteport registration calls
  for the same NPort ID (bsc#1203939).
- scsi: lpfc: Add missing free iocb and nlp kref put for early
  return VMID cases (bsc#1203939).
- scsi: lpfc: Fix mbuf pool resource detected as busy at driver
  unload (bsc#1203939).
- scsi: lpfc: Fix FLOGI ACC with wrong SID in PT2PT topology
  (bsc#1203939).
- scsi: lpfc: Fix prli_fc4_req checks in PRLI handling
  (bsc#1203939).
- scsi: lpfc: Remove unneeded result variable (bsc#1203939).
- scsi: lpfc: Remove the unneeded result variable (bsc#1203939).
- commit 829fcfa
- scsi: lpfc: Add missing destroy_workqueue() in error path
  (bsc#1203939).
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
  DID_REQUEUE (bsc#1203939).
- commit 26a6fd8
- wifi: cfg80211: ensure length byte is present before access
  (CVE-2022-41674 bsc#1203770).
- wifi: cfg80211/mac80211: reject bad MBSSID elements
  (CVE-2022-41674 bsc#1203770).
- wifi: cfg80211: fix u8 overflow in
  cfg80211_update_notlisted_nontrans() (CVE-2022-41674
  bsc#1203770).
- commit a878ee7
- scsi: qla2xxx: Remove unused declarations for qla2xxx
  (bsc#1203935).
- scsi: qla2xxx: Drop DID_TARGET_FAILURE use (bsc#1203935).
- scsi: qla2xxx: Update version to 10.02.07.900-k (bsc#1203935).
- scsi: qla2xxx: Add NVMe parameters support in Auxiliary Image
  Status (bsc#1203935).
- scsi: qla2xxx: Add debugfs create/delete helpers (bsc#1203935).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1203935).
- scsi: qla2xxx: Revert "/scsi: qla2xxx: Fix response queue
  handler reading stale packets"/ (bsc#1203935).
- scsi: qla2xxx: Log message "/skipping scsi_scan_host()"/ as
  informational (bsc#1203935).
- scsi: qla2xxx: Avoid flush_scheduled_work() usage (bsc#1203935).
- scsi: qla2xxx: Always wait for qlt_sess_work_fn() from
  qlt_stop_phase1() (bsc#1203935).
- scsi: qla2xxx: Remove unused qlt_tmr_work() (bsc#1203935).
- scsi: qla2xxx: Remove unused del_sess_list field (bsc#1203935).
- commit 7c106a6
- scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts()
  (bsc#1203935).
- scsi: qla2xxx: Disable ATIO interrupt coalesce for quad port
  ISP27XX (bsc#1203935).
- commit 80690be
- psi: Fix uaf issue when psi trigger is destroyed while being
  polled (bsc#1203909).
- commit fd0515b
- cgroup: cgroup_get_from_id() must check the looked-up kn is
  a directory (bsc#1203906).
- Refresh patches.suse/scsi-cgroup-Add-cgroup_get_from_id.patch.
- commit f918358
- mm/mremap: hold the rmap lock in write mode when moving page
  table entries (CVE-2022-41222 bsc#1203622).
- commit 07909f0
- USB: core: Prevent nested device-reset calls (git-fixes).
- commit 5a61004
- blacklist.conf: irrelevant in our kernel configurations
- commit 0547ac8
- usb: dwc3: disable USB core PHY management (git-fixes).
- commit 5595967
- blacklist.conf: black list commit 2fdbb8dd0155
  Add commit 2fdbb8dd0155 ("/fuse: fix deadlock between atomic O_TRUNC and page
  invalidation"/) to the blacklist.  It's a real bug, but it's been there for a
  long time, it seems to have low impact and the backport risks are high.
- commit e45fa09
- usb.h: struct usb_device: hide new member (git-fixes).
- commit 345c930
- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (CVE-2022-3303
  bsc#1203769).
- commit aa1dc74
- Revert "/SUNRPC: Remove unreachable error condition"/ (git-fixes).
- md: call __md_stop_writes in md_stop (git-fixes).
- SUNRPC: RPC level errors should set task->tk_rpc_status
  (git-fixes).
- SUNRPC: Reinitialise the backchannel request buffers before
  reuse (git-fixes).
- NFSv4.1: RECLAIM_COMPLETE must handle EACCES (git-fixes).
- NFSv4: Fix races in the legacy idmapper upcall (git-fixes).
- sunrpc: fix expiry of auth creds (git-fixes).
- NFSv4.1: Handle NFS4ERR_DELAY replies to OP_SEQUENCE correctly
  (git-fixes).
- NFSv4.1: Don't decrease the value of seq_nr_highest_sent
  (git-fixes).
- md-raid10: fix KASAN warning (git-fixes).
- SUNRPC: Don't leak sockets in xs_local_connect() (git-fixes).
- SUNRPC: Don't call connect() more than once on a TCP socket
  (git-fixes).
- NFSD: Fix offset type in I/O trace points (git-fixes).
- SUNRPC: Partial revert of commit 6f9f17287e78 (git-fixes).
- sunrpc: Fix misplaced barrier in call_decode (git-fixes).
- xprtrdma: Fix cwnd update ordering (git-fixes).
- svcrdma: Hold private mutex while invoking rdma_accept()
  (git-fixes).
- commit 3437f45
- blacklist.conf: 441947019138 Documentation: Add documentation for Processor MMIO Stale Data
- commit 7da5a85
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 2078b95
- ima: force signature verification when CONFIG_KEXEC_SIG is
  configured (bsc#1203737).
- kexec: do not verify the signature without the lockdown or
  mandatory signature (bsc#1203737).
- commit 6aaef78
- kABI: x86: kexec: hide new include from genksyms (bsc#1196444).
- commit f16766a
- kexec, KEYS, s390: Make use of built-in and secondary keyring
  for signature verification (bsc#1196444).
- arm64: kexec_file: use more system keyrings to verify kernel
  image signature (bsc#1196444).
- kexec, KEYS: make the code in bzImage64_verify_sig generic
  (bsc#1196444).
- kexec: clean up arch_kexec_kernel_verify_sig (bsc#1196444).
- kexec: drop weak attribute from functions (bsc#1196444).
- kexec_file: drop weak attribute from functions (bsc#1196444).
- x86/kexec: fix memory leak of elf header buffer (bsc#1196444).
- kexec_file: drop weak attribute from
  arch_kexec_apply_relocations[_add] (bsc#1196444).
- commit 57f8f15
- scsi: mpt3sas: Fix use-after-free warning (git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed
  device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: core: Fix bad pointer dereference when ehandler kthread
  is invalid (git-fixes).
- commit 3a8854b
- blacklist.conf: add git-fixes not needed to list
- commit 0514bb0
- gpio: mpc8xxx: Fix support for IRQ_TYPE_LEVEL_LOW flow_type
  in mpc85xx (git-fixes).
- pinctrl: rockchip: Enhance support for IRQ_TYPE_EDGE_BOTH
  (git-fixes).
- drm/meson: Fix OSD1 RGB to YCbCr coefficient (git-fixes).
- drm/meson: Correct OSD1 global alpha value (git-fixes).
- of/device: Fix up of_dma_configure_id() stub (git-fixes).
- of: fdt: fix off-by-one error in unflatten_dt_nodes()
  (git-fixes).
- efi: capsule-loader: Fix use-after-free in efi_capsule_write
  (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
  (git-fixes).
- Input: iforce - add support for Boeder Force Feedback Wheel
  (git-fixes).
- vt: Clear selection before changing the font (git-fixes).
- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
  (git-fixes).
- usb: storage: Add ASUS <0x0b05:0x1932> to IGNORE_UAS
  (git-fixes).
- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/WB
  RmNet mode (git-fixes).
- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
  (git-fixes).
- USB: serial: option: add Quectel EM060K modem (git-fixes).
- USB: serial: option: add support for OPPO R11 diag port
  (git-fixes).
- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
  (git-fixes).
- usb-storage: Add ignore-residue quirk for NXP PN7462AU
  (git-fixes).
- platform/x86: acer-wmi: Acer Aspire One AOD270/Packard Bell
  Dot keymap fixes (git-fixes).
- ieee802154: cc2520: add rc code in cc2520_tx() (git-fixes).
- hid: intel-ish-hid: ishtp: Fix ishtp client sending disordered
  message (git-fixes).
- HID: ishtp-hid-clientHID: ishtp-hid-client: Fix comment typo
  (git-fixes).
- fbdev: chipsfb: Add missing pci_disable_device() in
  chipsfb_pci_init() (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error
  (git-fixes).
- drm/amdgpu: mmVM_L2_CNTL3 register not initialized correctly
  (git-fixes).
- drm/radeon: add a force flush to delay work when radeon
  (git-fixes).
- drm/amdgpu: Check num_gfx_rings for gfx v9_0 rb setup
  (git-fixes).
- drm/gem: Fix GEM handle release errors (git-fixes).
- vt: selection, introduce vc_is_sel (git-fixes).
- commit 41cd9fa
- blacklist.conf: Remove vt patch entry that is needed by other fix
- commit d86dd83
- Revert "/ALSA: usb-audio: Split endpoint setups for hw_params
  and prepare"/ (git-fixes).
- ALSA: hda/realtek: Re-arrange quirk table entries (git-fixes).
- ALSA: emu10k1: Fix out of bounds access in
  snd_emu10k1_pcm_channel_alloc() (git-fixes).
- ALSA: usb-audio: Fix an out-of-bounds bug in
  __snd_usb_parse_audio_interface() (git-fixes).
- ALSA: aloop: Fix random zeros in capture data when using
  jiffies timer (git-fixes).
- drm/msm/rd: Fix FIFO-full deadlock (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access
  (git-fixes).
- commit c844286
- Move upstreamed patches into sorted section
- commit 8fc0f8a
- media: dvb-core: Fix UAF due to refcount races at releasing
  (CVE-2022-41218 bsc#1202960).
- commit 260d985
- blacklist.conf: e9b6013a7ce3 x86/speculation: Update link to AMD speculation whitepaper
- commit 698f0eb
- Refresh
  patches.suse/netfilter-nf_conntrack_irc-Fix-forged-IP-logic.patch.
- commit a7baae2
- Delete
  patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch.
  (bsc#1203313)
- commit 95f983b
- blacklist.conf: ad2c302bc604 EDAC/sifive: Fix non-kernel-doc comment
- commit de5ca80
- media: em28xx: initialize refcount before kref_get
  (CVE-2022-3239 bsc#1203552).
- commit b9d53ba
- powerpc/memhotplug: Make lmb size 64bit (bsc#1203424
  ltc#199544).
- powerpc/drmem: Make lmb_size 64 bit (bsc#1203424 ltc#199544).
- commit 7105c05
- scsi: smartpqi: Shorten drive visibility after removal
  (bsc#1200622).
  Delete no longer needed SUSE-specific patch that adds tunable
  parameters for smartpqi reset.
  Deleted:
  patches.suse/scsi-smartpqi-create-module-parameters-for-LUN-reset.patch.
- commit 46fd862
- squashfs: fix divide error in calculate_skip() (git-fixes).
- commit 8eb4b9e
- arm64: dts: allwinner: a64-sopine-baseboard: change RGMII mode to (bsc#1202341)
- commit 6f5d84d
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit 8fdd2ed
- dm verity: set DM_TARGET_IMMUTABLE feature flag (CVE-2022-2503,
  bsc#1202677).
- commit cb91fc5
- x86/bugs: Reenable retbleed=off
  While for older kernels the return thunks are statically built in and
  cannot be dynamically patched out, retbleed=off should still work so
  that it can be disabled.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- commit 922ee7a
- md: unlock mddev before reap sync_thread in action_store
  (bsc#1197659).
- commit a26c618
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- commit b06f37e
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported
  value (git-fixes).
- commit 16015a8
- KVM: x86: Set error code to segment selector on LLDT/LTR
  non-canonical #GP (git-fixes).
- commit 3f756c3
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault
  checks (git-fixes).
- commit 56bf87e
- x86/xen: Remove undefined behavior in setup_features()
  (git-fixes).
- commit a4e3370
- Update references:
  - patches.kabi/kabi-return-type-change-of-secure_ipv-46-_port_ephem.patch
  - patches.suse/secure_seq-use-the-64-bits-of-the-siphash-for-port-o.patch
  - patches.suse/tcp-add-small-random-increments-to-the-source-port.patch
  - patches.suse/tcp-drop-the-hash_32-part-from-the-index-calculation.patch
  - patches.suse/tcp-dynamically-allocate-the-perturb-table-used-by-s.patch
  - patches.suse/tcp-increase-source-port-perturb-table-to-2-16.patch
  - patches.suse/tcp-resalt-the-secret-every-10-seconds.patch
  - patches.suse/tcp-use-different-parts-of-the-port_offset-for-index.patch
  (add CVE-2022-32296 bsc#1200288)
- commit 01ba066
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 3a4afff
- Revert "/random: fix crash on multiple early calls to (bsc#1201645)"/
  This reverts commit d8168ccb1401eeeed63fa376ac53b5ab983f6d1e.
  This version of the patch causes regression of the problem it's supposed
  to fix, drop it again.
- commit 55b3759
- Refresh sorted patches, move out-of-tree ppc patches to ppc section.
- commit 4fb7690
- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
- commit d91e617
- JFS: more checks for invalid superblock (git-fixes).
- commit 9d9aa1f
- JFS: fix memleak in jfs_mount (git-fixes).
- commit aaf1dca
- jfs: prevent NULL deref in diFree (bsc#1203389).
- commit 55c4d53
- jfs: fix GPF in diFree (bsc#1203389).
- commit 48bda4c
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit de3f02b
- tracing: hold caller_addr to hardirq_{enable,disable}_ip
  (git-fixes).
- commit 16424ba
- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
  when ftrace is dead (git-fixes).
- commit 5b60469
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes)
- commit 9208a35
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes)
- commit 790c147
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
- commit 68c8906
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes)
- commit ec68a76
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes)
- commit 3cd5dd6
- arm64: mm: fix p?d_leaf() (git-fixes)
- commit a914a52
- blacklist.conf: ("/arm64: fix clang warning about TRAMP_VALIAS"/)
- commit 77f79cc
- arm64: tegra: Remove non existent Tegra194 reset (git-fixes)
- commit 500bc08
- arm64: tlb: fix the TTL value of tlb_get_level (git-fixes)
- commit 93eea81
- arm64: mm: use a 48-bit ID map when possible on 52-bit VA builds (git-fixes)
- commit f1a43b3
- arm64: mm: Always update TCR_EL1 from __cpu_set_tcr_t0sz() (git-fixes)
- commit b0eb54a
- blacklist.conf: ("/arm64: Fix kernel address detection of __is_lm_address()"/)
- commit 2aab643
- arm64: dts: allwinner: H5: NanoPi Neo Plus2: phy-mode rgmii-id (git-fixes)
- commit f8968ca
- arm64: dts: allwinner: A64 Sopine: phy-mode rgmii-id (git-fixes)
- commit cfcfe62
- arm64/mm: Validate hotplug range before creating linear mapping (git-fixes)
- commit 067e57e
- blacklist.conf: ("/arm64: Drop unnecessary include from asm/smp.h"/)
- commit 998d48c
- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
  table (CVE-2022-2586 bsc#1202095).
  Note: this patch is a backport of a 5.9-rc1 mainline commit which was only
  backported into SLE15-SP3 so that it cannot be added to cve/linux-5.3.
- commit 10f848d
- dccp: don't duplicate ccid when cloning dccp sock
  (CVE-2020-16119 bsc#1177471).
- commit 7c77568
- netfilter: nf_tables: do not allow RULE_ID to refer to another
  chain (CVE-2022-2586 bsc#1202095).
- netfilter: nf_tables: do not allow SET_ID to refer to another
  table (CVE-2022-2586 bsc#1202095).
- commit 9335568
- watchdog: wdat_wdt: Set the min and max timeout values properly
  (bsc#1194023).
- commit cc91c04
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
  (git-fixes).
- ALSA: usb-audio: Register card again for iface over
  delayed_register option (git-fixes).
- ALSA: usb-audio: Inform the delayed registration more properly
  (git-fixes).
- ALSA: usb-audio: fix spelling mistakes (git-fixes).
- commit b46a495
- s390/qeth: cache link_info for ethtool (bsc#1202984 LTC#199607).
- s390/qeth: improve selection of ethtool link modes (bsc#1202984
  LTC#199607).
- s390/qeth: use QUERY OAT for initial link info (bsc#1202984
  LTC#199607).
- s390/qeth: clean up default cases for ethtool link mode
  (bsc#1202984 LTC#199607).
- s390/qeth: set static link info during initialization
  (bsc#1202984 LTC#199607).
- s390/qeth: improve QUERY CARD INFO processing (bsc#1202984
  LTC#199607).
- s390/qeth: tolerate error when querying card info (bsc#1202984
  LTC#199607).
- commit 9031a4b
- regulator: core: Clean up on enable failure (git-fixes).
- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
  overflow in il4965_rs_fill_link_cmd() (git-fixes).
- commit e4c4fe1
- USB: serial: ch341: fix disabled rx timer on older devices
  (git-fixes).
- commit 85a0dd6
- USB: serial: ch341: fix lost character on LCR updates
  (git-fixes).
- commit bf1a320
- USB: serial: ch341: name prescaler, divisor registers
  (git-fixes).
- commit 63aa28e
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313
  bsc#1201489).
- commit d4bd81f
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvmet: Expose max queues to configfs (bsc#1201865).
- commit cdc0881
- nvme-fabrics: parse nvme connect Linux error codes
  (bsc#1201865).
- commit 9e2c1de
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
  bsc#1203159).
- commit 173564a
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit ed68f11
- mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()
  (CVE-2022-39188, bsc#1203107).
- commit 84aac57
- netfilter: nf_tables: disallow binding to already bound chain
  (bsc#1203117 CVE-2022-39190).
- commit 933f567
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- commit e82b600
- netfilter: nf_conntrack_irc: Tighten matching on DCC message
  (CVE-2022-2663 bsc#1202097).
- netfilter: nf_conntrack_irc: Fix forged IP logic (CVE-2022-2663
  bsc#1202097).
- commit a949534
- Revert "/clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"/
  (git-fixes).
- Revert "/usb: gadget: udc-xilinx: replace memcpy with
  memcpy_toio"/ (git-fixes).
- commit 855ba08
- gpio: pca953x: Add mutex_lock for regcache sync in PM
  (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
  (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for
  the transmit engine to complete (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate
  (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare()
  (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops
  (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg
  (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/i915/reg: Fix spelling mistake "/Unsupport"/ -> "/Unsupported"/
  (git-fixes).
- driver core: Don't probe devices after bus_type.match() probe
  deferral (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion
  (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
  (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init
  (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
  (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error()
  (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for
  UFP receptacles (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
  (git-fixes).
- wifi: mac80211: Don't finalize CSA in IBSS mode if state is
  disconnected (git-fixes).
- HID: steam: Prevent NULL pointer dereference in
  steam_{recv,send}_report (git-fixes).
- commit ed7b741
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk()
  (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status
  instead of uvcg_info (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast
  (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet
  (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- commit 86912f8
- mmc: pxamci: Fix another error handling path in pxamci_probe()
  (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue
  (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s
  error path (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of
  (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in
  sm_release (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile
  (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- commit b9934d3
- i2c: imx: Make sure to unregister adapter on remove()
  (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe()
  (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps
  (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: wacom: Don't register pad_input for touch switch
  (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- commit f90560c
- drm/amdgpu: remove useless condition in
  amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
  (git-fixes).
- drm/meson: Fix refcount bugs in
  meson_vpu_has_available_connectors() (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings
  (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after
  pm_runtime_get_sync() failed (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
  preferred_domains (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters
  (git-fixes).
- commit 9b0074c
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs
  (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ALSA: info: Fix llseek return value when using callback
  (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
  (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path
  (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp()
  (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV
  (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to
  S8_TLV (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in
  mt6797_mt6351_dev_probe (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock()
  (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from
  DMI quirks (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machine (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks
  (git-fixes).
- commit a8924db
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit f477eb5
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
  (git-fixes, bsc#1203098).
  kABI: Fix kABI after "/mm/rmap: Fix anon_vma->degree ambiguity
  leading to double-reuse"/ (git-fixes, bsc#1203098).
- commit cfac9ee
- scsi: lpfc: Copyright updates for 14.2.0.6 patches
  (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
  (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic
  (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit
  path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during
  PT2PT discovery (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue()
  (bsc#1203063).
- commit e207225
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for
  !nested_run_pending case (git-fixes).
- commit 17df333
- blacklist.conf: add dbac14a5a05f, as it would break kabi
- commit 55dfee4
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending
  case (git-fixes).
- commit 1a5a475
- KVM: x86: accept userspace interrupt only if no event is
  injected (git-fixes).
- commit b61f5d7
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
  (git-fixes).
- commit b27e2cd
- blacklist.conf: Add three patches
  44585f7bc0cb psi: fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
  5102bb1c9f82 psi: Fix "/defined but not used"/ warnings when CONFIG_PROC_FS=n
  ec2444530612 psi: Fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit f8fef55
- s390/mm: do not trigger write fault when vma does not allow
  VM_WRITE (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
  (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes
  copied (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- commit 32b8c39
- rpm/kernel-source.spec.in: simplify finding of broken symlinks
  "/find -xtype l"/ will report them, so use that to make the search a bit
  faster (without using shell).
- commit 13bbc51
- mkspec: eliminate @NOSOURCE@ macro
  This should be alsways used with @SOURCES@, just include the content
  there.
- commit 403d89f
- kernel-source: include the kernel signature file
  We assume that the upstream tarball is used for released kernels.
  Then we can also include the signature file and keyring in the
  kernel-source src.rpm.
  Because of mkspec code limitation exclude the signature and keyring from
  binary packages always - mkspec does not parse spec conditionals.
- commit e76c4ca
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- commit 4b42fb2
- dtb: Do not include sources in src.rpm - refer to kernel-source
  Same as other kernel binary packages there is no need to carry duplicate
  sources in dtb packages.
- commit 1bd288c
- nvme: fix RCU hole that allowed for endless looping in multipath
  round robin (bsc#1202636).
- commit e7e083b
- af_key: Do not call xfrm_probe_algs in parallel (bsc#1202898
  CVE-2022-3028).
- commit 50479c7
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
  (git-fixes).
- commit 4ad76ff
- Update patches.suse/watchdog-export-lockup_detector_reconfigure.patch (bsc#1202872 ltc#197920).
- commit 52cb092
- usb: dwc3: gadget: Store resource index of start cmd
  (git-fixes).
- commit 4fd8e68
- Update patch reference for USB gadget fix (CVE-2020-27784 bsc#1202895)
- commit 8033d12
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 32c5550
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 7db43e6
- usb: dwc3: Switch to platform_get_irq_byname_optional()
  (git-fixes).
- commit 73d1e58
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like
  fallocate (bsc#1194272 CVE-2021-4155).
- commit 049d5e6
- usb: gadget: u_audio: fix race condition on endpoint stop
  (git-fixes).
- commit 152ca21
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- commit af1df0f
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- commit 9881846
- bpf: Don't use tnum_range on array range checking for poke
  descriptors (bsc#1202564 bsc#1202860 CVE-2022-2905).
- commit c59b8fc
- blacklist.conf: Add reverted patch
  d11219ad53dc amdgpu: disable powerpc support for the newer display engine
  c653c591789b drm/amdgpu: Re-enable DCN for 64-bit powerpc
- commit b8f5e97
- SUNRPC: Don't dereference xprt->snd_task if it's a cookie
  (git-fixes).
- commit 16c3d44
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
  (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet
  (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for out of order rx completion
  (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register
  (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- net: vmxnet3: fix possible NULL pointer dereference in
  vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
  vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration
  (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
  (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach()
  (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- commit b577aa9
- kbuild: do not create built-in objects for external module
  builds (jsc#SLE-24559 bsc#1202756).
- commit 56b8142
- tracing/probes: Have kprobes and uprobes use $COMM too
  (git-fixes).
- commit 26bf0d1
- spmi: trace: fix stack-out-of-bound access in SPMI tracing
  functions (git-fixes).
- commit 8c340f6
- tracing/histograms: Fix memory leak problem (git-fixes).
- commit 07d4ab9
- blacklist.conf: tracepoint cleanup for drivers/char/random
- commit f75eb58
- tracing/histogram: Fix a potential memory leak for kstrdup()
  (git-fixes).
- commit cce24b0
- ceph: don't truncate file in atomic_open (bsc#1202811).
- ceph: don't leak snap_rwsem in handle_cap_grant (bsc#1202810).
- commit 75744b6
- blacklist.conf: blacklist fea013e020e6
- commit 2fc68a2
- tracing: Add ustring operation to filtering string pointers
  (git-fixes).
- commit 3fbf519
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- commit dade489
- blacklist.conf: not-relevant cleanup for drivers/char/random
- commit c90e359
- blktrace: fix blk_rq_merge documentation (git-fixes).
- commit c03c0ec
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet
  info (bsc#1202701).
- commit 173844d
- tpm: fix reference counting for struct tpm_chip (CVE-2022-2977
  bsc#1202672).
- commit b71aab0
- list: add "/list_del_init_careful()"/ to go with
  "/list_empty_careful()"/ (bsc#1202745).
- commit 71ed084
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 595e8a4
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
  (bsc#1202722).
- commit f84d929
- blk-iocost: rename propagate_active_weights() to
  propagate_weights() (bsc#1202722).
- commit 2724a56
- blacklist.conf: Blacklist aebf5db91705
- commit 578fbe5
- blk-iocost: fix operation ordering in iocg_wake_fn()
  (bsc#1202720).
- commit 31b540e
- loop: Fix missing discard support when using LOOP_CONFIGURE
  (bsc#1202718).
- commit c85296f
- blk-iocost: fix weight updates of inner active iocgs
  (bsc#1202717).
- commit 06cf027
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
  (bsc#1197763).
- commit f7b5cbd
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when
  journal aborted (bsc#1202716).
- commit d741558
- jbd2: fix outstanding credits assert in
  jbd2_journal_commit_transaction() (bsc#1202715).
- commit 4df2139
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages
  (bsc#1200873).
- commit b654d4c
- ocfs2: fix crash when initialize filecheck kobj fails
  (bsc#1197920).
- commit 137054f
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- commit 24a97d8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit d8cc34a
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
  (bsc#1202714).
- commit 4fc81aa
- ext4: recover csum seed of tmp_inode after migrating to extents
  (bsc#1202713).
- commit 79e5db2
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit e96e640
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- commit 8d9a89d
- ext4: fix use-after-free in ext4_rename_dir_prepare
  (bsc#1200871).
- commit c9d1b13
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- commit f4c59a1
- ext4: force overhead calculation if the s_overhead_cluster
  makes no sense (bsc#1200870).
- commit 24d5cfc
- ext4: fix overhead calculation to account for the reserved
  gdt blocks (bsc#1200869).
- commit 8fa6a02
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- commit bc9242b
- ext4: fix symlink file size not match to file content
  (bsc#1200868).
- commit 888bc97
- ext4: fix error handling in ext4_restore_inline_data()
  (bsc#1197757).
- commit ed0d1f6
- ext4: don't use the orphan list when migrating an inode
  (bsc#1197756).
- commit 2d21beb
- ext4: Fix BUG_ON in ext4_bread when write quota data
  (bsc#1197755).
- commit 0551e1a
- ext4: fix potential infinite loop in ext4_dx_readdir()
  (bsc#1191662).
- commit 26c80a3
- ext4: fix loff_t overflow in ext4_max_bitmap_size()
  (bsc#1202709).
- commit bb20240
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup()
  (bsc#1202708).
- commit 070ad26
- ext4: fix invalid inode checksum (bsc#1179723).
- commit e670453
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- commit 5b945e4
- blacklist.conf: Blacklist ext2 since we don't even compile it
- commit 8f69ba8
- xfs: prevent a UAF when log IO errors race with unmount
  (git-fixes).
- commit f7eb5c7
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- commit f514fcd
- xfs: make xfs_rtalloc_query_range input parameters const
  (git-fixes).
- commit 0b84c2b
- xfs: only reset incore inode health state flags when reclaiming
  an inode (git-fixes).
- commit a9e17d5
- xfs: bunmapi has unnecessary AG lock ordering issues
  (git-fixes).
- commit a76eaaf
- xfs: mark a data structure sick if there are cross-referencing
  errors (git-fixes).
- commit b0269a0
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- commit 1433b65
- fuse: handle kABI change in struct sock (bsc#1194535
  CVE-2021-4203).
- commit 53bc420
- usb: dwc3: qcom: fix missing optional irq warnings.
- commit de0c0d4
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation
  (git-fixes).
- commit fff57cf
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit 603bd9d
- powerpc/perf: Optimize clearing the pending PMI and remove
  WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- commit d72c6fd
- powerpc/xive: Fix refcount leak in xive_get_max_prio
  (fate#322438 git-fixess).
- commit 76798e0
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- commit 35df6ef
- powerpc: define get_cycles macro for arch-override
  (bsc#1065729).
- commit 39ee615
- blacklist.conf: Add c26d4c5d4f0d powerpc/kvm: Remove obsolete and unneeded select
- commit b069bcf
- blacklist.conf: Add 235cee162459 KVM: PPC: Tick accounting should defer vtime accounting 'til after IRQ handling
- commit a0b9b11
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: remove from list when handle is 0
  (CVE-2022-2588 bsc#1202096).
- commit b08a235
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
  (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for
  kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- commit b08465c
- blacklist.conf: duplicate
- commit 23a0769
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch.
- commit 86ac68c
- KVM: PPC: Book3S HV: Context tracking exit guest context before
  enabling irqs (bsc#1065729).
- commit b7e4839
- blacklist.conf: later reverted in upstream
- commit 31b3f5b
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- commit f3043dc
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- commit 1ba1d86
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
  ZDI-CAN-17325).
- commit 1b534db
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- commit 47070d3
- ext4: Fix check for block being out of directory size
  (bsc#1198577 CVE-2022-1184).
- commit e41d129
- ext4: make sure ext4_append() always allocates new block
  (bsc#1198577 CVE-2022-1184).
- commit 5c3a0a2
- ext4: check if directory block is within i_size (bsc#1198577
  CVE-2022-1184).
- commit d289dcd
- Refresh
  patches.suse/locking-lockdep-Avoid-potential-access-of-invalid-me.patch.
  Fix builds with CONFIG_LOCKDEP on.
- commit b4f11f2
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI
  (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
  (bsc#1200845).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector
  (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific
  interfaces (bsc#1200845).
- commit 7ab7313
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit 18b6fb8
- ext4: unindent codeblock in ext4_xattr_block_set()
  (bsc#1198971).
- commit 948b7e8
- ext4: remove EA inode entry from mbcache on inode eviction
  (bsc#1198971).
- commit d96ae24
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit dc90bf2
- mbcache: don't reclaim used entries (bsc#1198971).
- commit 9b2430e
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference
  stale pointer (git-fixes).
- commit 267c700
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
  (git-fixes).
- commit ece08bc
- ARM: 9078/1: Add warn suppress parameter to
  arm_gen_branch_link() (git-fixes).
- commit 3398bca
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
  DYNAMIC_FTRACE (git-fixes).
- commit 1d2e217
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- commit 83b5d04
- blacklist.conf: rework and optimization ftrace commits, not bug fixes
- commit e11832c
- Update config files.
- commit 7f7a8ef
- Update config files (bsc#1201361 bsc#1192968 https://github.com/rear/rear/issues/2554).
  ppc64: NVRAM=y
- commit 5e8bf01
- Refresh
  patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- Updated
  patches.suse/x86-speculation-change-fill_return_buffer-to-work-with-objtool.patch.
  Add missing objtool annotations from upstream commits and update the latter
  patch to fix bsc#1202396.
- commit 8f03705
- objtool: Add support for intra-function calls (bsc#1202396).
- commit eabf007
- objtool: Remove INSN_STACK (bsc#1202396).
- commit c48377d
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- commit ef33ad6
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- commit cd6e886
- objtool: Support multiple stack_op per instruction
  (bsc#1202396).
- Refresh
  patches.suse/objtool-allow-no-op-cfi-ops-in-alternatives.patch.
- Refresh
  patches.suse/objtool-fix-cfi-insn_state-propagation.patch.
- Refresh patches.suse/objtool-fix-orc-vs-alternatives.patch.
- Refresh patches.suse/objtool-rename-struct-cfi_state.patch.
- commit 5c735b5
- s390/ptrace: pass invalid syscall numbers to tracing
  (bsc#1192594 LTC#197522).
- commit ad9e50e
- lib: bitmap: provide devm_bitmap_alloc() and
  devm_bitmap_zalloc() (git-fixes).
- commit 2469dd3
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
  (git-fixes).
- commit 99eaa98
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined
  symbols (git-fixes).
- commit 35509ca
- blacklist.conf: unneeded and kABI-breaking module loader commits
- commit 3ccf763
- mm: memcontrol: fix potential oom_lock recursion deadlock
  (bsc#1202447).
- commit bc21375
- blacklist.conf: Add 7b3c36fc4c23 ptrace: fix task_join_group_stop() for the case when current is traced
- commit 572eadd
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
  We do the move only on 15.5+.
- commit 9c7ade3
- rpm/kernel-binary.spec.in: simplify find for usrmerged
  The type test and print line are the same for both cases. The usrmerged
  case only ignores more, so refactor it to make it more obvious.
- commit 583c9be
- net: enetc: Use pci_release_region() to release some resources
  (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
  (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING
  (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent
  methods (git-fixes).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when
  not available (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from
  the PHY (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params
  (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- random: fix crash on multiple early calls to
  add_bootloader_randomness() (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for
  tegra20 and tegra30 (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters
  in ethtool (git-fixes).
- net: mscc: ocelot: don't downgrade timestamping RX filters in
  SIOCSHWTSTAMP (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
  (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put
  (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- commit b9e0ed7
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- commit 7d8ce88
- locking/lockdep: Avoid potential access of invalid memory in
  lock_class (git-fixes).
- commit 6e699d5
- Update
  patches.suse/can-ems_usb-ems_usb_start_xmit-fix-double-dev_kfree_.patch
  (CVE-2022-28390 bsc#1198031).
- commit 9c17688
- Update
  patches.suse/can-mcba_usb-mcba_usb_start_xmit-fix-double-dev_kfre.patch
  (CVE-2022-28389 bsc#1198033).
- commit 1983a37
- net: ethernet: ezchip: fix error handling (git-fixes).
- commit 5d377ed
- net: ethernet: ezchip: remove redundant check (git-fixes).
- commit cb426d4
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- commit ed56f34
- blacklist.conf: v5.16-rc2-1-gd257cc8cb8d5 introduces a rwsem regression
- commit edee2a5
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- commit f83edca
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- commit d5e4943
- perf bench: Share some global variables to fix build with gcc 10
  (git-fixes).
- commit a397021
- net: moxa: Use devm_platform_get_and_ioremap_resource()
  (git-fixes).
- commit d13dcd2
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- commit f14e06e
- net: pch_gbe: Propagate error from devm_gpio_request_one()
  (git-fixes).
- commit 51f37b6
- net: ethernet: fix potential use-after-free in ec_bhf_remove
  (git-fixes).
- commit 7175e70
- net: fec_ptp: add clock rate zero check (git-fixes).
- commit 16317aa
- net: stmmac: disable clocks in stmmac_remove_config_dt()
  (git-fixes).
- commit 1bbbc9a
- net: stmmac: dwmac1000: Fix extended MAC address registers
  definition (git-fixes).
- commit c6d0ccf
- ice: report supported and advertised autoneg using PHY
  capabilities (git-fixes).
- commit 2243129
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- commit b4db988
- net/mlx5e: Check for needed capability for cvlan matching
  (git-fixes).
- commit e46f646
- net: hns: Fix kernel-doc (git-fixes).
- commit 80f2716
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- commit 99b3a0b
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- commit 55781d8
- net: fec: fix the potential memory leak in fec_enet_init()
  (git-fixes).
- commit 43431b4
- net: netcp: Fix an error message (git-fixes).
- commit 0432102
- qlcnic: Add null check after calling netdev_alloc_skb
  (git-fixes).
- commit 9764dcc
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
  (git-fixes).
- commit ca3de9d
- Revert "/niu: fix missing checks of niu_pci_eeprom_read"/
  (git-fixes).
- commit c1a547c
- net: stmicro: handle clk_prepare() failure during init
  (git-fixes).
- commit 1249947
- Revert "/net: stmicro: fix a missing check of clk_prepare"/
  (git-fixes).
- commit c8483b4
- Revert "/net: fujitsu: fix a potential NULL pointer dereference"/
  (git-fixes).
- commit 35e4846
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
  (git-fixes).
- commit 11b1f00
- net: davinci_emac: Fix incorrect masking of tx and rx error
  channel (git-fixes).
- commit cef2ac2
- blacklist.conf: update blacklist
- commit e0f7a96
- blacklist.conf: Add 59b18a1e65b7 x86/msi: Fix msi message data shadow struct
- commit b422277
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- commit 090b87e
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda: realtek: Fix race at concurrent COEF updates
  (git-fixes).
- commit 5b77923
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
  (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- commit 8286b1b
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
  HP machines (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-Add-quirk-for-HP-Dev-One.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-HP-machin.patch.
- commit 3b1083d
- NTB: ntb_tool: uninitialized heap data in tool_fn_write()
  (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing
  (git-fixes).
- commit e17531e
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
  (git-fixes).
- commit 6646862
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- commit 4dbfddf
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- commit 99b2a82
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
  (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
  (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop
  (git-fixes).
- commit a6cb05c
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG
  Zenith II (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
  (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model
  (git-fixes).
- drm/gem: Properly annotate WW context on
  drm_gem_lock_reservations() error (git-fixes).
- commit fc95967
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put()
  in xfrm_bundle_lookup() (CVE-2022-36879 bsc#1201948).
- commit 97b83f0
- devlink: Fix use-after-free after a failed reload (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
  vsock_connect_timeout() (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning
  (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression
  (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer
  (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable
  (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes()
  should be bool (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
  (git-fixes).
- pinctrl: nomadik: Fix refcount leak in
  nmk_pinctrl_dt_subnode_to_map (git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- Revert "/scripts/mod/modpost.c: permit '.cranges' secton for
  sh64 architecture."/ (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
  (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
  (git-fixes).
- commit 4ff3e1b
- blacklist.conf: Add 5f89468e2f06 swiotlb: manipulate orig_addr when tlb_addr has offset
- commit a6010ca
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- commit f1b6523
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- commit c36c19c
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- commit 34bbfc0
- iommu/exynos: Handle failed IOMMU device registration properly
  (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator
  (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
  (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask
  (git-fixes).
- commit 040a9c6
- blacklist.conf: add various fixes
- commit 73738d1
- net/packet: fix slab-out-of-bounds access in packet_recvmsg()
  (CVE-2022-20368 bsc#1202346).
- commit e8bbbca
- media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers
  across ioctls (bsc#1202347 CVE-2022-20369).
- commit 36d8575
- iommu/vt-d: avoid invalid memory access via
  node_online(NUMA_NO_NODE) (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking
  out of loop (git-fixes).
- commit c88bace
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
  git-fixes).
- commit d5191b9
- mm: proc: smaps_rollup: do not stall write attempts on mmap_lock
  (bsc#1201990).
- mm: smaps*: extend smap_gather_stats to support specified
  beginning (bsc#1201990).
- mmap locking API: add mmap_lock_is_contended() (bsc#1201990).
- commit 7944adf
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner()
  (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs()
  (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP
  on error (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID
  flag (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- SUNRPC reverting d03727b248d0 ("/NFSv4 fix CLOSE not waiting
  for direct IO compeletion"/) (git-fixes).
- commit a827eeb
- md/bitmap: don't set sb values if can't pass sanity check
  (bsc#1197158).
- commit 3927074
- kabi/severities: add stmmac driver local sumbols
- commit 31f077f
- net: lapbether: Prevent racing when checking whether the netif
  is running (git-fixes).
- commit 9af3eff
- octeontx2-af: fix infinite loop in unmapping NPC counter
  (git-fixes).
- commit c88fc73
- net: mvpp2: fix interrupt mask/unmask skip condition
  (git-fixes).
- commit 3584e08
- net: hdlc_x25: Return meaningful error code in x25_open
  (git-fixes).
- commit 212e2be
- Update metadata references
- commit b372491
- net: dsa: b53: fix an off by one in checking "/vlan->vid"/
  (git-fixes).
- commit ea4caa5
- can: m_can: process interrupt only when not runtime suspended
  (git-fixes).
- commit bd4c919
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- commit 834df98
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
  (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of
  devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
  (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
  dw8250_tx_wait_empty() (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand
  side' (git-fixes).
- kfifo: fix kfifo_to_user() return type (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
  (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
  (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before
  memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in
  ark_set_pixclock() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using
  giveback (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit c5d77c5
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
  CVE-2022-26373).
- commit abba98d
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
  CVE-2022-26373).
- commit 061bcfd
- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool
  (bsc#1201726 CVE-2022-26373).
- commit 16768aa
- acpi: Disable APEI error injection if the kernel is locked down
  (bsc#1023051, CVE-2016-3695).
- commit 80750a7
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- commit 6458cfa
- net: stmmac: Modify configuration method of EEE timers
  (git-fixes).
- commit b6da91b
- net: stmmac: Use resolved link config in mac_link_up()
  (git-fixes).
- commit 4dba15f
- net/sonic: Fix a resource leak in an error handling path in
  'jazz_sonic_probe()' (git-fixes).
- commit 8d37be1
- blacklist.conf: update blacklist
- commit 51d7b18
- powerpc: powernv: kABI: add back powernv_get_random_long
  (bsc#1065729).
- commit f61a28c
- KVM: PPC: Use arch_get_random_seed_long instead of powernv
  variant (bsc#1156395).
- commit 3e6dc98
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
  (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until
  later in boot (bsc#1065729).
- commit 74ae44c
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9
  (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- commit a69b0d7
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- Refresh patches.suse/powerpc-64s-rename-pnv-pseries_setup_rfi_flush-to-_s.patch
- powerpc/powernv: Staticify functions without prototypes
  (bsc#1065729).
- commit 98a575d
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- commit ec6a677
- blacklist.conf: update blacklist
- commit 63fa2f9
- blacklist.conf: update blacklist
- commit cc1d04f
- mmc: cavium-thunderx: Add of_node_put() when breaking out of
  loop (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
  (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
  (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation
  (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in
  esdhc_signal_voltage_switch (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
  (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
  (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
  (git-fixes).
- PCI: dwc: Always enable CDM check if "/snps,enable-cdm-check"/
  exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
  (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using
  iATU (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
  (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
  (git-fixes).
- PCI/portdrv: Don't disable AER reporting in
  get_port_device_capability() (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write
  (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now
  useless comments (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
  dm_fsync_timer_callback (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
  completion (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb()
  (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
  (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
  (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove()
  (git-fixes).
- soundwire: bus_type: fix remove and shutdown support
  (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety
  (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety
  (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer
  (git-fixes).
- intel_th: Fix a resource leak in an error handling path
  (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
  (git-fixes).
- commit 2bc728a
- iio: potentiometer: mcp4131: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety
  (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety
  (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety
  (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety
  (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety
  (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety
  (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety
  (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- commit 7981ef6
- clk: qcom: camcc-sdm845: Fix topology around titan_top power
  domain (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
  (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
  (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion
  (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
  (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
  (git-fixes).
- driver core: fix potential deadlock in __driver_attach
  (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety
  (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
  large (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
  (git-fixes).
- commit 9bda156
- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
  bsc#1202154).
- commit bfc6551
- blacklist.conf: update blacklist
- commit 847721e
- virtio-gpu: fix a missing check to avoid NULL dereference
  (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
  `wil_write_file_wmi()` (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe()
  (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at
  iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
  (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe()
  (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in
  mt76_led_init() (git-fixes).
- mt76: mt76x02u: fix possible memory leak in
  __mt76x02u_mcu_send_msg (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
  (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
  il4965_rs_fill_link_cmd() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
  (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
  (git-fixes).
- regulator: of: Fix refcount leak bug in
  of_get_regulation_constraints() (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
  (git-fixes).
- virtio-net: fix the race between refill work and close
  (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi
  Dongle (git-fixes).
- commit 347666b
- drm/amd/display: Enable building new display engine with KCOV
  enabled (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when
  clk_set_parent() failed (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
  (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
  (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
  function (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe()
  (git-fixes).
- drm/rockchip: vop: Don't crash for invalid duplicate_state()
  (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
  ni_set_mc_special_registers() (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
  modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: dsi: Add correct stop condition to
  vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom
  edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
  (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
  (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T
  (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
  (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- commit cce0615
- drm/bridge: tc358767: Make sure Refclk clock are enabled
  (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register
  (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
  (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during
  bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during
  bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off
  (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by
  board_name only (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old
  error logs (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
  hisi_lpc_acpi_probe() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
  (git-fixes).
- ath10k: Fix error handling in ath10k_setup_msa_resources
  (git-fixes).
- commit 6ee2d65
- ipv4: avoid using shared IP generator for connected sockets
  (CVE-2020-36516 bsc#1196616).
- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
  bsc#1196616).
- commit 6c53c05
- blacklist.conf: add "/sched: Reenable interrupts in do_sched_yield()"/
  This patch caused unexplained regressions and it's not fixing any
  important issue.
- commit 7b4ecae
- Revert "/Refresh patches.suse/random-fix-crash-on-multiple-early-calls..."/ (bsc#1201645)
  This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46.
- commit ef555c8
- media: smipcie: fix interrupt handling and IR timeout
  (git-fixes).
- commit 72251a4
- sched/fair: Revise comment about lb decision matrix (git fixes
  (sched/fair)).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
  (git fixes (kernel/time)).
- random: remove useless header comment (git fixes).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- sched/membarrier: fix missing local execution of
  ipi_sync_rq_state() (git fixes (sched/membarrier)).
- mm: fix page reference leak in soft_offline_page() (git fixes
  (mm/memory-failure)).
- commit b0029fe
- blacklist.conf: xtensa not used
- commit c7e553d
- blacklist.conf: UML not used
- commit d38c3c3
- blacklist.conf: Cosmetic patch
- commit 137482b
- blacklist.conf: GCC-12 not used
- commit b35581e
- blacklist.conf: KASAN not configured
- commit ddca4d2
- blacklist.conf: Clang not used for build
- commit f6cb05a
- blacklist.conf: KASAN not configured
- commit db5c6ef
- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190
- commit ae569d4
- blacklist.conf: Build time micro-optimisation
- commit 091232d
- blacklist.conf: Build time micro-optimisation
- commit 06fea81
- blacklist.conf: Build time micro-optimisation
- commit c5a48f8
- blacklist.conf: Build fix that assumes bash does not exist
- commit a35739b
- blacklist.conf: Comment fix only
- commit 1f940f0
- blacklist.conf: Fixes pointing to misleading commit
- commit b94c0dc
- blacklist.conf: Patch has a number of high risk dependencies
- commit 58c61ac
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- commit 9816878
- media: rtl28xxu: add missing sleep before probing slave demod
  (git-fixes).
- commit ac926ca
- media: usb: dvb-usb-v2: rtl28xxu: convert to use
  i2c_new_client_device() (git-fixes).
- commit 47f6029
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T
  dongle (git-fixes).
- commit cf3cc2d
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- commit 27a23c1
- media: rc: increase rc-mm tolerance and add debug message
  (git-fixes).
- commit 532733e
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
  (git-fixes).
- commit 981dce5
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll()
  (git-fixes).
- commit 691e7d8
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
  (git-fixes).
- commit 2786445
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- Refresh
  patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch.
- Refresh
  patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch.
- commit de6720f
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit bafbca0
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- commit a77b059
- KVM: x86: Update vCPU's hv_clock before back to guest when
  tsc_offset is adjusted (git-fixes).
- commit 143ba5a
- Updated commit IDs from a rebased upstream branch:
- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch.
- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch.
- patches.suse/watchdog-export-lockup_detector_reconfigure.patch.
- commit a3cdcd5
- KVM: x86: Fix split-irqchip vs interrupt injection window
  request (git-fixes).
- commit 69e8da6
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
  (git-fixes).
- commit 156ec3b
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- commit 2fe0bb0
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit cd08705
- KVM: VMX: Don't freeze guest when event delivery causes an
  APIC-access exit (git-fixes).
- commit 13e27e5
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- commit 5a414a0
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- commit 65c08ec
- net: usb: ax88179_178a: remove redundant assignment to variable
  ret (git-fixes).
- commit 75d1e2c
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- commit 8bcd286
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
  (git-fixes).
- commit 18afbc0
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
  (git-fixes).
- commit ad2b012
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- commit 564965b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- commit 8fc5407
- netfilter: nf_queue: do not allow packet truncation below
  transport header offset (bsc#1201940 CVE-2022-36946).
- commit f4f33cd
- kvm/emulate: Fix SETcc emulation function offsets with SLS
  (bsc#1201930).
- commit 0a6851d
- nvme: consider also host_iface when checking ip options
  (bsc#1199670).
- commit edd56ec
- drivers/net: Fix kABI in tun.c (git-fixes).
- commit 3adafd5
- FDDI: defxx: Make MMIO the configuration default except for EISA
  (git-fixes).
- commit 49c7c8d
- FDDI: defxx: Bail out gracefully with unassigned PCI resource
  for CSR (git-fixes).
- commit 87b1bf0
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
  (git-fixes).
- commit 11d0ba1
- net: macb: restore cmp registers on resume path (git-fixes).
- commit 73e4cc3
- drivers: net: fix memory leak in peak_usb_create_dev
  (git-fixes).
- commit bf7b83d
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- commit 1811ff5
- amd-xgbe: Update DMA coherency values (git-fixes).
- commit 58be63e
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
  clock (git-fixes).
- commit 5683f5d
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
  (git-fixes).
- commit a1e8450
- ftgmac100: Restart MAC HW once (git-fixes).
- commit 9b2ea44
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
  (git-fixes).
- commit 74dff8e
- net/mlx5e: When changing XDP program without reset, take refs
  for XSK RQs (git-fixes).
- commit 4584eb8
- net: lapbether: Remove netif_start_queue / netif_stop_queue
  (git-fixes).
- commit 9195d10
- net: stmmac: fix incorrect DMA channel intr enable setting of
  EQoS v4.10 (git-fixes).
- commit 3eac36a
- net: enetc: keep RX ring consumer index in sync with hardware
  (git-fixes).
- commit 5b9c123
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
  packets (git-fixes).
- commit d2c7696
- net: hns3: fix error mask definition of flow director
  (git-fixes).
- commit e86b116
- blacklist.conf: update blacklist
- commit 545a342
- scsi: lpfc: Copyright updates for 14.2.0.5 patches
  (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
  lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
  configuration (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
  (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
  (bsc#1201956).
- scsi: lpfc: Fix possible memory leak when failing to issue
  CMF WQE (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
  queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in
  XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
  malformed user input (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in
  lpfc_nvme_cancel_iocb() (bsc#1201956).
- commit 6e7b732
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology
  (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
  (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers
  (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size
  (bsc#1201958).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
  (bsc#1201958).
- commit d5c3642
- Drop qla2xxx patch which prevented nvme port discovery
  (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
  Upstream fixed the problem by reverting the offending commit.
  Delete:
  - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
- commit 1cb16fb
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback()
  (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
  (bsc#1199364).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
  (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive
  buffer (bsc#1199364).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
  (bsc#1199364).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb
  signature (bsc#1199364).
- commit cffae99
- KVM: emulate: do not adjust size of fastop and setcc subroutines
  (bsc#1201930).
- commit 317f350
- Refresh
  patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
- commit c513474
- Update
  patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
  references (add CVE-2022-32250).
- commit 8871b3f
- net/sched: cls_u32: fix netns refcount changes in u32_change()
  (CVE-2022-29581 bsc#1199665).
- commit e1d6992
- random: fix typo in comments (git-fixes).
- commit 49bfcbe
- blacklist.conf: a cleanup that breaks kABI
- commit f8d13cb
- random: document add_hwgenerator_randomness() with other input
  functions (git-fixes).
- commit 9a03f2f
- drbd: fix potential silent data corruption (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
  explicit (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
  (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed
  (git-fixes).
- commit a9f5081
- kABI workaround for including mm.h in fs/sysfs/file.c
  (bsc#1200598 cve-2022-20166).
- commit 29d7d8a
- net: stmmac: fix watchdog timeout during suspend/resume stress
  test (git-fixes).
- commit b651717
- net: stmmac: stop each tx channel independently (git-fixes).
- commit 3ba5a53
- net: stmmac: fix CBS idleslope and sendslope calculation
  (git-fixes).
- commit e0b11c6
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- commit 6020ebf
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
  SFP (git-fixes).
- commit 858de54
- net: amd-xgbe: Reset link when the link never comes back
  (git-fixes).
- commit 75c3dff
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
  warning (git-fixes).
- commit 2d480f1
- net: amd-xgbe: Reset the PHY rx data path when mailbox command
  timeout (git-fixes).
- commit 5734e3e
- net: axienet: Handle deferred probe on clock properly
  (git-fixes).
- commit c2493d6
- net: mvneta: Remove per-cpu queue mapping for Armada 3700
  (git-fixes).
- commit 421a813
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- commit f6ff8de
- macvlan: remove redundant null check on data (git-fixes).
- commit 37296a9
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- commit d83cfd7
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
  (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
  ltc#198761).
- watchdog: export lockup_detector_reconfigure (bsc#1201846
  ltc#198761).
- powerpc/mobility: wait for memory transfer to complete
  (bsc#1201846 ltc#198761).
- commit 4aa9f78
- net: macb: unprepare clocks in case of failure (git-fixes).
- commit 9b3aefc
- net: macb: add function to disable all macb clocks (git-fixes).
- commit e67caf5
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- commit 2629e74
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- commit 12700d6
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- commit 823b92f
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- commit 3311dc2
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- commit 0e7bc32
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown
  (git-fixes).
- commit 0b9accc
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- commit 96affe9
- net: ll_temac: Fix potential NULL dereference in temac_probe()
  (git-fixes).
- commit 9f3a68c
- net: stmmac: dwmac1000: provide multicast filter fallback
  (git-fixes).
- commit 173655e
- net: ll_temac: Use devm_platform_ioremap_resource_byname()
  (git-fixes).
- commit bd77f60
- net: mscc: Fix OF_MDIO config check (git-fixes).
- commit 6a2a9df
- blacklist.conf: update blacklist
- commit 5495889
- blacklist.conf: update blacklist
- commit ccb0438
- i2c: cadence: Change large transfer count reset logic to be
  unconditional (git-fixes).
- gpio: pca953x: use the correct register address when regcache
  sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
  (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode
  (git-fixes).
- commit 20d420c
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
  serial8250_request_std_resource() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
  (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
  (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
  model (git-fixes).
- ASoC: madera: Fix event generation for rate controls
  (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
  (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: ops: Fix off by one in range control validation
  (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
  (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event
  (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- commit 7b686cc
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- cgroup: Use separate src/dst nodes when preloading css_sets
  for migration (bsc#1201610).
- commit fecc544
-  Fix 1201644, 1201664, 1201672, 1201673, 1201676
  All are reports of the same problem - the IBRS_* regs push/popping was
  wrong but it needs
  1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
  too.
- commit cc90276
- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch
  (git-fixes bsc#1200910 CVE-2020-36558).
  Add references.
- commit d84e9d7
- Update
  patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch
  (git-fixes bsc#1201429 CVE-2020-36557).
  Add references.
- commit 76ab189
- lockdown: Fix kexec lockdown bypass with ima policy
  (CVE-2022-21505 bsc#1201458).
- commit 5806b46
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- commit b51a741
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- commit 9493568
- Fix 1201644, 1201664, 1201672, 1201673, 1201676
  All are reports of the same problem - the IBRS_* regs push/popping was
  wrong but it needs
  1b331eeea7b8 ("/x86/entry: Remove skip_r11rcx"/)
  too.
- commit 7226005
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- commit b81e242
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- blacklist.conf: updated blacklist for new issue
- commit 93feb45
- mm: and drivers core: Convert hugetlb_report_node_meminfo to
  sysfs_emit (bsc#1200598 cve-2022-20166).
- commit 6f05f26
- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
  cve-2022-20166).
- commit 6ff7ebb
- drivers core: Remove strcat uses around sysfs_emit and neaten
  (bsc#1200598 cve-2022-20166).
- commit 4cafd1f
- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
- commit bcf7213
- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
  * ...) functions (bsc#1200598 cve-2022-20166).
- commit 747b6a7
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
  (bsc#1200598 cve-2022-20166).
- commit 4aaf7f0
- fbmem: Check virtual screen sizes in fb_set_var()
  (CVE-2021-33655 bsc#1201635).
- fbcon: Prevent that screen size is smaller than font size
  (CVE-2021-33655 bsc#1201635).
- fbcon: Disallow setting font bigger than screen size
  (CVE-2021-33655 bsc#1201635).
- commit a7693d8
- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206)
  The patch seems causing a regression on Mac.
- commit f885f68
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- commit 036b703
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- commit 9d510a3
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit e7722fa
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- commit 2f78693
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- commit 5213f10
- kABI workaround for rtsx_usb (git-fixes).
- commit 4ee0d92
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- commit 0dca060
- power/reset: arm-versatile: Fix refcount leak in
  versatile_reboot_probe (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays
  (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
  (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
  (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
  (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
  (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
  (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: Fix a potential integer overflow in
  ima_appraise_measurement (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
  (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
  panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
  intel_dp_add_mst_connector() (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key
  (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
  (git-fixes).
- misc: rtsx_usb: use separate command and response buffers
  (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
  transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
  (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
  (git-fixes).
- fbcon: Disallow setting font bigger than screen size
  (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
  (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
  (git-fixes).
- commit aa669e5
- ASoC: Intel: Skylake: Correct the handling of fmt_config
  flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
  skl_get_ssp_clks() (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
  correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: ti: Add missing put_device in
  ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
  (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- commit 2be6c70
- arm64: fix compat syscall return truncation (git-fixes)
- commit 24bf105
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- commit 992de8b
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- commit 867aa84
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- commit ad8af15
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- commit 02d9d74
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- commit 4265617
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- commit 080c096
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- commit ddc1d85
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- commit aff711b
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- commit d286e63
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- commit 437cb00
- usb: typec: add missing uevent when partner support PD
  (git-fixes).
- commit 8f7dacd
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 052f747
- blacklist.conf: will speed up booting in exchange for breaking charging
  from a switched off laptop with some firmwares
- commit bd8e45d
- blacklist.conf: build fix that does not matter on a released kernel
- commit 3296a39
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- commit a69d674
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit 1caf14d
- Sort in RETbleed backport into the sorted section
  Now that it is upstream..
- Refresh
  patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
- Refresh
  patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
  patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
- Refresh
  patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
- Refresh
  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
- Refresh
  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
- Refresh
  patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
  patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
- Refresh
  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
  patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
- Refresh
  patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
- Refresh
  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
- Refresh
  patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
- Refresh
  patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
- Refresh
  patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
  patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- Refresh
  patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
  patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
- Refresh
  patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
- Refresh
  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
- Refresh
  patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
- Refresh
  patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
- Refresh
  patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
- Refresh
  patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
- Refresh
  patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
- Refresh
  patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
- Refresh
  patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
- Refresh
  patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit 94dfede
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- commit ed82a39
- blacklist.conf: blocks a driver from building
- commit 2f8d19f
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- commit 1950671
- arm64: lib: Use modern annotations for assembly functions (git-fixes)
  Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch.
- commit fb5a868
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
  (git-fixes).
- Refresh
  patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch.
- commit 8e36894
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- commit a5d53f5
- usbnet: fix memory leak in error case (git-fixes).
- commit 988ba16
- arm64: module: rework special section handling (git-fixes)
- commit 7d368bc
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit fb0447a
- dm mirror log: round up region bitmap size to BITS_PER_LONG
  (git-fixes).
- md: bcache: check the return value of kzalloc() in
  detached_dev_do_request() (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm stats: add cond_resched when looping over entries
  (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one
  device (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than
  digest size (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
  (git-fixes).
- block: don't delete queue kobject before its children
  (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval
  sizes (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- dm btree remove: fix use after free in rebalance_children()
  (git-fixes).
- dm: fix mempool NULL pointer race when completing IO
  (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in
  crypt_page_alloc() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
  (git-fixes).
- blk-zoned: allow zone management send operations without
  CAP_SYS_ADMIN (git-fixes).
- dm btree remove: assign new_root only when removal succeeds
  (git-fixes).
- dm snapshot: properly fix a crash when an origin has no
  snapshots (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk
  size (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6
  table reload sequences (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
  (git-fixes).
- dm persistent data: packed struct should have an aligned()
  attribute too (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during
  tear down (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size
  (git-fixes).
- dm bufio: subtract the number of initial sectors in
  dm_bufio_get_device_size (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way
  (git-fixes).
- dm integrity: conditionally disable "/recalculate"/ feature
  (git-fixes).
- dm integrity: fix a crash if "/recalculate"/ used without
  "/internal_hash"/ (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm snapshot: flush merged data before committing metadata
  (git-fixes).
- lib/string.c: implement stpcpy (git-fixes).
- commit ab41893
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
  rx queue (bsc#1201381).
- commit ae4d431
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- Refresh
  patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
  revert the effect of mainline 453431a54934d917153 on patch.
- commit 5e710e7
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - disable registration of algorithms (git-fixes).
- commit 8d18bba
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
  Dwarves 1.22 or newer is required to build kernels with BTF information
  embedded in modules.
- commit 2dbbe9d
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- commit 6a3fc85
- pty: do tty_flip_buffer_push without port->lock in pty_write
  (bsc#1198829 CVE-2022-1462).
- commit ce8f318
- tty: use new tty_insert_flip_string_and_push_buffer() in
  pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cbf8ad3
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- Update config files:
  - MODULE_ALLOW_BTF_MISMATCH=y
- commit 0660602
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- Refresh
  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit 6a4211c
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- Refresh
  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
- commit ec84a18
- kbuild: Skip module BTF generation for out-of-tree external
  modules (jsc#SLE-24559).
- commit b411a90
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- commit dd48d54
- kbuild: Build kernel module BTFs if BTF is enabled and pahole
  supports it (jsc#SLE-24559).
- Update config files:
  - PAHOLE_HAS_SPLIT_BTF=y
  - DEBUG_INFO_BTF_MODULES=y
- commit 00469b9
- bpf: Assign ID to vmlinux BTF and return extra info for BTF
  in GET_OBJ_INFO (jsc#SLE-24559).
- commit bf525c4
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- commit de75fe3
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- Refresh
  patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch.
- commit 97960b8
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- commit d74c2bd
- kbuild: drop $(wildcard $^) check in if_changed* for faster
  rebuild (jsc#SLE-24559).
- commit 2b23691
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- Refresh
  patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch.
- Refresh
  patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch.
- Refresh
  patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch.
- Refresh
  patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch.
- commit 860eb7e
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- Refresh
  patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch.
- commit e48ca3e
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- commit 089d37f
- io_uring: fix fs->users overflow  (CVE-2022-1116, bsc#1199647).
- commit e8dfed6
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
  resp_mode_select() (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
  (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
  (git-fixes).
- scsi: core: Only put parent device if host state differs from
  SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
  changes to RUNNING (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma()
  (git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get
  error (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- commit cad0d5f
- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
- commit 12197a1
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit ef1c2ca
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 41afdd9
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 6b54061
- ibmvnic: Properly dispose of all skbs during a failover
  (bsc#1200925).
- commit 06221e8
- mm/slub: add missing TID updates on slab deactivation
  (git-fixes).
- commit af73675
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- commit 89b5cfc
- xen: don't continue xenstore initialization in case of errors
  (git-fixes).
- commit a397042
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- commit 223f7ba
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
  intel_pmu_refresh() (git-fixes).
- commit 2a600a1
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS
  GPAs (git-fixes).
- commit a048eb5
- KVM: apic: avoid calculating pending eoi from an uninitialized
  val (git-fixes).
- commit bd607c6
- KVM: nVMX: handle nested posted interrupts when apicv is
  disabled for L1 (git-fixes).
- commit a486b7a
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
  attacks (git-fixes).
- commit eb73c2f
- KVM: x86: Don't let userspace set host-reserved cr4 bits
  (git-fixes).
- commit 404b24a
- net: hso: bail out on interrupt URB allocation failure
  (git-fixes).
- commit f562212
- blacklist.conf: misattributed in upstream
- commit 202e210
- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
  bsc#1201251).
- commit 84c7e09
- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251)
- commit 4566057
- scsi: smartpqi: Update LUN reset handler (bsc#1200622).
- commit 8890fb5
- xen/netfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33741, XSA-403).
- commit 7daee4f
- xen/netfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-33740, XSA-403).
- commit bfb8cc2
- xen/blkfront: force data bouncing when backend is untrusted
  (bsc#1200762, CVE-2022-33742, XSA-403).
- commit 9c6c1df
- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
  CVE-2022-26365, XSA-403).
- commit 7095954
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b7a3331
- x86/common: Stamp out the stepping madness (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 3962a01
- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit a2b7d09
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit fd58624
- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 79152af
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit f625aa5
- KVM: VMX: Convert launched argument to flags (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit e0dd694
- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 528b21e
- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 5c70c82
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 4f79cdb
- x86/speculation: Use cached host SPEC_CTRL value for guest
  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 140d756
- x86/speculation: Fix SPEC_CTRL write on SMT state change
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 43488f5
- x86/speculation: Fix firmware entry SPEC_CTRL handling
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 410bedf
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 3ed82bb
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 914bf03
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 0636a43
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
  (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
  (git-fixes).
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- virtio-net: fix race between ndo_open() and
  virtio_device_ready() (git-fixes).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in
  brcmstb_pm_probe (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation
  (git-fixes).
- usb: chipidea: udc: check request status before setting device
  address (git-fixes).
- USB: serial: option: add Quectel RM500K module support
  (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition
  (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting
  (git-fixes).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask
  chips (git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume
  (git-fixes).
- commit 3920c43
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
  (git-fixes).
- hwmon: (ibmaem) don't call platform_device_del() if
  platform_device_add() fails (git-fixes).
- caif_virtio: fix race between virtio_device_ready() and
  ndo_open() (git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name
  (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register
  (git-fixes).
- iio:accel:bma180: rearrange iio trigger get and register
  (git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
  (git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models
  (git-fixes).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
  (git-fixes).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure
  (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template
  tracepoint (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- commit aa4e5a5
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (bsc#1185762).
- blacklist.conf:
  remove this entry
- commit 6e5bc29
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
  This patches never made it to mainline. Instead a simpler solution was
  added upstream 14dc7a18abbe ("/block: Fix handling of offline queues in
  blk_mq_alloc_request_hctx().
- commit a4e1276
- blacklist.conf: breaks kABI in an unfixable manner
- commit de9d595
- kabi: nvme workaround header include (bsc#1201193).
- commit 1e4257b
- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b3da909
- intel_idle: Disable IBRS during long idle (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit bff00e1
- xhci: Add reset resume quirk for AMD xhci controller
  (git-fixes).
- commit 144d367
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 9a4b6fa
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC
  (git-fixes).
- Refresh
  patches.suse/usb-pci-quirks-disable-D3cold-on-xhci-suspend-for-s2.patch.
- Refresh
  patches.suse/usb-xhci-do-not-perform-Soft-Retry-for-some-xHCI-hos.patch.
- commit 1d0d070
- x86/bugs: Split spectre_v2_select_mitigation() and
  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit eda1e45
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit c12a655
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 94eb4a2
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 7077b17
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit c21cae3
- netfilter: nf_tables: stricter validation of element data
  (CVE-2022-34918 bsc#1201171).
- commit d3cb893
- scsi: nvme: Added a new sysfs attribute appid_store
  (bsc#1201193).
- commit 946af0d
- blacklist.conf: update
- blacklist.conf: Add new commit
- commit 6c8c02b
- block/keyslot-manager: prevent crash when num_slots=1
  (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats
  (git-fixes).
- commit ef13f5c
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet-rdma: Fix NULL deref when SEND is completed with error
  (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr
  INADDR_ANY (git-fixes).
- commit ad1ec47
- blacklist.conf: Add nvmet patch
- commit f8744f6
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- commit 781a006
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 3a3473f
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit 89f84ec
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 13522d3
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit b13e1ec
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit ba20e78
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit e26025b
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit a16eea7
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 1744d2e
- x86/bpf: Use alternative RET encoding (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit 3599ff8
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 9c190f7
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for
  nvme_admin_async_event cmd completion (bsc#1201193).
- scsi: lpfc: Add more logging of cmd and cqe information for
  aborted NVMe cmds (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
  PT2PT topology (bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is
  aborted (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after
  starget_to_rport() (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path
  refactoring (bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path
  refactoring (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in
  lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices
  (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os
  (bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol
  independent (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid()
  (bsc#1201193).
- commit 7f7c840
- net: stmmac: reset Tx desc base address before restarting Tx
  (git-fixes).
- commit db66d0c
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- commit 021df50
- net: ethernet: stmmac: Disable hardware multicast filter
  (git-fixes).
- commit 36ce5b8
- sunvnet: use icmp_ndo_send helper (git-fixes).
- commit 22762aa
- gtp: use icmp_ndo_send helper (git-fixes).
- commit b9a3ced
- veth: fix races around rq->rx_notify_masked (git-fixes).
- commit c90500d
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit 8c700c0
- Update config files.
- commit d2069d8
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error
  injection (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable
  with I/Os (bsc#1201160).
  Refresh:
  - patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch
- scsi: qla2xxx: Add debug prints in the device remove path
  (bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete
  (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation
  tests (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O
  timeouts (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters
  (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature
  (bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default
  (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
  (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
  (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device
  (bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
  (bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface
  (bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough
  (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with
  authentication application (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
  (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
  (bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down
  (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing
  (bsc#1201160).
- commit d2cb0ed
- Revert "/block: Fix a lockdep complaint triggered by request
  queue flushing"/ (git-fixes).
- commit 4eca7cd
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter
  (bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
  (bsc#1201160).
- commit 4780b01
- nvme-multipath: set nr_zones for zoned namespaces (git-fixes). - Refresh patches.suse/nvme-fix-refcounting-imbalance-when-all-paths-are-do.patch.
- commit 76d2349
- ceph: clean up locking annotation for ceph_get_snap_realm and
  __lookup_snap_realm (bsc#1201149).
- Refresh
  patches.suse/ceph-take-snap_empty_lock-atomically-with-snaprealm-refcount-change.patch.
- commit d26c619
- ceph: add some lockdep assertions around snaprealm handling
  (bsc#1201147).
- Refresh
  patches.suse/ceph-take-snap_empty_lock-atomically-with-snaprealm-refcount-change.patch.
- commit 2f1c9fc
- blacklist.conf: add commit
- commit aaeabea
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 9a7c312
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- commit 8a0b165
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- commit 7e67c38
- blacklist.conf: ignore documentation fix
- commit ea0880a
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- commit d76d5ab
- scsi: sd_zbc: Support disks with more than 2**32 logical
  (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE
  (git-fixes).
- scsi: sd: sd_zbc: Don't pass GFP_NOIO to kvcalloc (git-fixes).
- commit 29c91b5
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit ea71447
- crypto: x86/poly1305 - Fixup SLS (bsc#1201050 CVE-2021-26341).
- commit af7f65a
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- commit 9db78a9
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks
  (git-fixes).
- blacklist.conf: Remove entry from blacklist
- commit 5cb2eb0
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Don't limit max_zone_append sectors to
  (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- commit 6f51c10
- x86: Add straight-line-speculation mitigation (bsc#1201050
  CVE-2021-26341).
- Update config files.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- commit d2ed44a
- x86/alternative: Relax text_poke_bp() constraint (bsc#1201050
  CVE-2021-26341).
- commit 2e7822c
- x86/alternatives: Teach text_poke_bp() to emulate RET
  (bsc#1201050 CVE-2021-26341).
- commit 4eb3542
- x86/alternatives: Implement a better poke_int3_handler()
  completion scheme (bsc#1201050 CVE-2021-26341).
- commit cf0f438
- x86/alternative: Shrink text_poke_loc (bsc#1201050
  CVE-2021-26341).
- commit db3f434
- x86/alternative: Remove text_poke_loc::len (bsc#1201050
  CVE-2021-26341).
- commit 90aebc8
- x86/alternative: Add text_opcode_size() (bsc#1201050
  CVE-2021-26341).
- commit 83d7faa
- x86/alternatives: Add and use text_gen_insn() helper
  (bsc#1201050 CVE-2021-26341).
- commit 5121e4e
- x86/alternatives, jump_label: Provide better text_poke()
  batching interface (bsc#1201050 CVE-2021-26341).
- commit 1b220c6
- x86: Prepare inline-asm for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit 6687132
- x86: Prepare asm files for straight-line-speculation
  (bsc#1201050 CVE-2021-26341).
- commit f2fec2e
- x86/lib/atomic64_386_32: Rename things (bsc#1201050
  CVE-2021-26341).
- commit 88d97d1
- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds
  (bsc#1201050 CVE-2021-26341).
- commit 59b7688
- Update metadata references
- commit 45bbc74
- usb: gadget: u_ether: fix regression in setting fixed MAC
  address (git-fixes).
- commit 23f9eaa
- move devm_allocate to end of structure for kABI (git-fixes).
- commit 39ff4a9
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- commit 531527e
- sctp: handle kABI change in struct sctp_endpoint (CVE-2022-20154
  bsc#1200599).
- commit b1e8eec
- sctp: use call_rcu to free endpoint (CVE-2022-20154
  bsc#1200599).
- commit 44ec44b
- kABI fix of sysctl_run_estimation (git-fixes).
- ipvs: add sysctl_run_estimation to support disable estimation
  (bsc#1195504).
- commit 326d103
- bcache: avoid unnecessary soft lockup in kworker
  update_writeback_rate() (bsc#1197362).
- bcache: memset on stack variables in bch_btree_check() and
  bch_sectors_dirty_init() (git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal
  bucket (git-fixes).
- bcache: remove incremental dirty sector counting for
  bch_sectors_dirty_init() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init()
  (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions
  (git-fixes).
- bcache: fixup multiple threads crash (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- commit 702bf9b
- Fixup !CONFIG_BLK_CGROUP build in
  patches.suse/block-don-t-merge-across-cgroup-boundaries-if-blkcg-.patch.
- commit bfec8fb
- phy: aquantia: Fix AN when higher speeds than 1G are not
  advertised (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
  (git-fixes).
- i2c: designware: Use standard optional ref clock implementation
  (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
  (git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new
  baseline (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
  registration failed (git-fixes).
- ata: libata-core: fix NULL pointer deref in
  ata_host_alloc_pinfo() (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put()
  (git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control
  (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume
  controls (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls
  (git-fixes).
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on
  (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred
  (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs()
  (git-fixes).
- commit 3c059bb
- arm64: ftrace: fix branch range checks (git-fixes)
- commit 78ca39c
- block: Fix kABI in blk-merge.c (bsc#1198020).
- commit fa9f9d3
- ext4: add check to prevent attempting to resize an fs with
  sparse_super2 (bsc#1197754).
- commit 063f013
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
  Exported symbols under drivers/nvme/target/ are only used by the
  nvmet subsystem itself.
- commit 60db37f
- blacklist.conf: Blacklist 14dc7a18abbe
- commit e3d2bff
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- commit 5d5a2b9
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- commit e2cebc4
- blacklist.conf: Blacklist e583b5c472bd
- commit e1ae80a
- iomap: iomap_write_failed fix (bsc#1200829).
- commit c8ee717
- jfs: fix divide error in dbNextAG (bsc#1200828).
- commit 8668968
- ext4: make variable "/count"/ signed (bsc#1200820).
- commit 8506661
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- commit 9bcd180
- writeback: Fix inode->i_io_list not be protected by
  inode->i_lock error (bsc#1200821).
- commit 5276354
- blk-mq: do not update io_ticks with passthrough requests
  (bsc#1200816).
- commit 25cf6a6
- blacklist.conf: Blacklist 14362a254179 and e730558adffb
- commit 84080f8
- blacklist.conf: Blacklist 623af4f538b5
- commit e09c291
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- commit dd7c510
- Update tags in:
  patches.suse/bfq-Drop-pointless-unlock-lock-pair.patch.
  patches.suse/bfq-Get-rid-of-__bio_blkcg-usage.patch.
  patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch.
  patches.suse/bfq-Remove-pointless-bfq_init_rq-calls.patch.
  patches.suse/bfq-Split-shared-queues-on-move-between-cgroups.patch.
  patches.suse/bfq-Track-whether-bfq_group-is-still-online.patch.
  patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch.
- commit fa82b91
- writeback: Avoid skipping inode writeback (bsc#1200813).
- commit fbc0033
- blk-iolatency: Fix inflight count imbalances and IO hangs on
  offline (bsc#1200825).
- commit 77a71d2
- block: don't merge across cgroup boundaries if blkcg is enabled
  (bsc#1198020).
- commit 08df09c
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- commit 90ad366
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- commit 599d1b0
- blacklist.conf: Blacklist cb8435dc8ba3
- commit 82be35e
- ext4: fix race condition between ext4_write and
  ext4_convert_inline_data (bsc#1200807).
- commit ab76d02
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
  (bsc#1200806).
- commit 6fb9b0d
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- nvme: add new discovery log page entry definitions
  (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
  Refresh:
  - patches.suse/nvme-add-iopolicy-module-parameter.patch
- nvme: expose subsystem type in sysfs attribute 'subsystype'
  (bsc#1192761).
  Refresh:
  - patches.suse/nvme-add-iopolicy-module-parameter.patch
- nvmet: set 'CNTRLTYPE' in the identify controller data
  (bsc#1192761).
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvme: add CNTRLTYPE definitions for 'identify controller'
  (bsc#1192761).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet: don't check iosqes,iocqes for discovery controllers
  (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- commit 829b0a6
- blk-mq: clear active_queues before clearing
  BLK_MQ_F_TAG_QUEUE_SHARED (bsc#1200263).
- commit e0430df
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
  Upstream commit f0be87c42cbd (gcc-12: disable '-Warray-bounds'
  universally for now) added two new compiler-dependent configs:
  * CC_NO_ARRAY_BOUNDS
  * GCC12_NO_ARRAY_BOUNDS
  Ignore them -- they are unset by dummy tools (they depend on gcc version
  == 12), but set as needed during real compilation.
- commit a14607c
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (CVE-2022-1679
  bsc#1199487).
- commit 1ae14c9
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 272b7b1
- powerpc/perf: Fix the threshold compare group constraint for
  power9 (bsc#1065729).
- powerpc/idle: Fix return value of __setup() handler
  (bsc#1065729).
- commit 60a1a9d
- scsi: ibmvfc: Store vhost pointer during subcrq allocation
  (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during
  probe/remove (jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- commit 161dd5d
- pNFS: Don't keep retrying if the server replied
  NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in
  xdr_get_next_encode_buffer() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS
  layout (git-fixes).
- NFS: Memory allocation failures are not server fatal errors
  (git-fixes).
- NFS: Don't report errors from nfs_pageio_complete() more than
  once (git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors
  (git-fixes).
- commit b6dcac2
- Update patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch
  (git-fixes CVE-2021-4157 bnc#1194013).
- commit fccebe3
- random: Add and use pr_fmt() (bsc#1184924).
- commit 565b0b7
- random: remove unnecessary unlikely() (bsc#1184924).
- commit 30b0d5d
- Refresh patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch.
  Update to  upstream version.
- commit f01d1a8
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null
  buffer address (bsc#1200343 ltc#198477).
- commit eae5ebe
- exec: Force single empty string when argv is empty
  (bsc#1200571).
- commit dffa04e
- scsi: smartpqi: create module parameters for LUN reset
  (bsc#1179195 bsc#1200622).
- commit 96f3f82
- HID: add USB_HID dependancy to hid-prodikeys (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy to hid-chicony (CVE-2022-20132
  bsc#1200619).
- HID: bigbenff: prevent null pointer dereference (CVE-2022-20132
  bsc#1200619).
- HID: add USB_HID dependancy on some USB HID drivers
  (CVE-2022-20132 bsc#1200619).
- commit f2f08be
- HID: holtek: fix mouse probing (CVE-2022-20132 bsc#1200619).
- commit f8ff78e
- HID: check for valid USB device for many HID drivers
  (CVE-2022-20132 bsc#1200619).
- HID: add hid_is_usb() function to make it simpler for USB
  detection (CVE-2022-20132 bsc#1200619).
- commit 3fe30db
- blacklist.conf: add already cherry-picked usb revert commit
- commit 5b3636f
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
  (git-fixes).
- commit 6e1c6be
- drm/i915/reset: Fix error_state_read ptr + offset use
  (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in
  ax25_recvmsg (git-fixes).
- commit 24d4858
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (bsc#1200604
  CVE-2022-20141).
- commit 34bf464
- ALSA: usb-audio: Optimize TEAC clock quirk (git-fixes).
- commit 4bfd1c5
- vringh: Fix loop descriptors check in the indirect cases
  (git-fixes).
- mmc: block: Fix CQE recovery reset success (git-fixes).
- modpost: fix undefined behavior of is_arm_mapping_symbol()
  (git-fixes).
- modpost: fix removing numeric suffixes (git-fixes).
- misc: rtsx: set NULL intfdata when probe fails (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: option: add Quectel BG95 modem (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
  (git-fixes).
- usb: dwc2: gadget: don't reset gadget's driver->bus (git-fixes).
- USB: hcd-pci: Fully suspend across freeze/thaw cycle
  (git-fixes).
- drivers: usb: host: Fix deadlock in oxu_bus_suspend()
  (git-fixes).
- USB: host: isp116x: check return value after calling
  platform_get_resource() (git-fixes).
- serial: msm_serial: disable interrupts in __msm_console_write()
  (git-fixes).
- drivers: tty: serial: Fix deadlock in sa1100_set_termios()
  (git-fixes).
- tty: Fix a possible resource leak in icom_probe (git-fixes).
- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean()
  (git-fixes).
- staging: rtl8712: fix uninit-value in r871xu_drv_init()
  (git-fixes).
- staging: rtl8712: fix uninit-value in usb_read8() and friends
  (git-fixes).
- drivers: staging: rtl8192e: Fix deadlock in
  rtllib_beacons_stop() (git-fixes).
- drivers: staging: rtl8192u: Fix deadlock in
  ieee80211_beacons_stop() (git-fixes).
- watchdog: wdat_wdt: Stop watchdog when rebooting the system
  (git-fixes).
- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (git-fixes).
- video: fbdev: pxa3xx-gcu: release the resources correctly in
  pxa3xx_gcu_probe/remove() (git-fixes).
- rtlwifi: Use pr_warn instead of WARN_ONCE (git-fixes).
- rtl818x: Prevent using not initialized queues (git-fixes).
- mwifiex: add mutex lock for call in
  mwifiex_dfs_chan_sw_work_queue (git-fixes).
- media: cx25821: Fix the warning when removing the module
  (git-fixes).
- media: pci: cx23885: Fix the error handling in cx23885_initdev()
  (git-fixes).
- media: venus: hfi: avoid null dereference in deinit (git-fixes).
- PM / devfreq: rk3399_dmc: Disable edev on remove() (git-fixes).
- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (git-fixes).
- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width}
  based on DMA direction (git-fixes).
- mmc: jz4740: Apply DMA engine limits to maximum segment size
  (git-fixes).
- pinctrl: sunxi: fix f1c100s uart2 function (git-fixes).
- platform/chrome: cros_ec_proto: Send command again when timeout
  occurs (git-fixes).
- commit f8749e6
- efi: Do not import certificates from UEFI Secure Boot for T2
  Macs (git-fixes).
- Refresh
  patches.suse/0003-MODSIGN-load-blacklist-from-MOKx.patch.
- commit 316d54d
- drm/atomic: Force bridge self-refresh-exit on CRTC switch
  (git-fixes).
- drm/bridge: analogix_dp: Support PSR-exit to disable transition
  (git-fixes).
- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag
  (git-fixes).
- iio: dummy: iio_simple_dummy: check the return value of
  kstrdup() (git-fixes).
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour
  (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- i2c: cadence: Increase timeout per message if necessary
  (git-fixes).
- drm/amdgpu/ucode: Remove firmware load type check in
  amdgpu_ucode_free_bo (git-fixes).
- drm: msm: fix error check return value of irq_of_parse_and_map()
  (git-fixes).
- drm/plane: Move range check for format_count earlier
  (git-fixes).
- drm/komeda: return early if drm_universal_plane_init() fails
  (git-fixes).
- fbcon: Consistently protect deferred_takeover with
  console_lock() (git-fixes).
- drm/virtio: fix NULL pointer dereference in
  virtio_gpu_conn_get_modes (git-fixes).
- drm/i915: Fix -Wstringop-overflow warning in call to
  intel_read_wm_latency() (git-fixes).
- iwlwifi: mvm: fix assert 1F04 upon reconfig (git-fixes).
- mac80211: upgrade passive scan to active scan on DFS channels
  after beacon rx (git-fixes).
- ipw2x00: Fix potential NULL dereference in libipw_xmit()
  (git-fixes).
- HID: bigben: fix slab-out-of-bounds Write in bigben_probe
  (git-fixes).
- HID: multitouch: Add support for Google Whiskers Touchpad
  (git-fixes).
- hwmon: Make chip parameter for with_info API mandatory
  (git-fixes).
- irqchip: irq-xtensa-mx: fix initial IRQ affinity (git-fixes).
- irqchip/armada-370-xp: Do not touch Performance Counter Overflow
  on A375, A38x, A39x (git-fixes).
- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value
  (git-fixes).
- irqchip/exiu: Fix acknowledgment of edge triggered interrupts
  (git-fixes).
- efi: Add missing prototype for efi_capsule_setup_info
  (git-fixes).
- drivers: i2c: thunderx: Allow driver to work with ACPI defined
  TWSI controllers (git-fixes).
- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging
  (git-fixes).
- Input: goodix - fix spurious key release events (git-fixes).
- commit 71b82f0
- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files
  (git-fixes).
- ALSA: hda/conexant - Fix loopback issue with CX20632
  (git-fixes).
- ALSA: usb-audio: Set up (implicit) sync for Saffire 6
  (git-fixes).
- ALSA: usb-audio: Skip generic sync EP parse for secondary EP
  (git-fixes).
- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map()
  return value (git-fixes).
- clocksource/drivers/sp804: Avoid error on multiple instances
  (git-fixes).
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size
  data type (git-fixes).
- ASoC: max98357a: remove dependency on GPIOLIB (git-fixes).
- ASoC: rt5645: Fix errorenous cleanup order (git-fixes).
- ASoC: tscs454: Add endianness flag in snd_soc_component_driver
  (git-fixes).
- ASoC: dapm: Don't fold register value changes into notifications
  (git-fixes).
- ALSA: usb-audio: Workaround for clock setup on TEAC devices
  (git-fixes).
- ath9k: fix QCA9561 PA bias level (git-fixes).
- b43: Fix assigning negative value to unsigned variable
  (git-fixes).
- b43legacy: Fix assigning negative value to unsigned variable
  (git-fixes).
- ACPI: sysfs: Fix BERT error region memory mapping (git-fixes).
- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default
  (git-fixes).
- cfg80211: set custom regdomain after wiphy registration
  (git-fixes).
- ACPI: sysfs: Make sparse happy about address space in use
  (git-fixes).
- commit d8922a7
- kabi: return type change of secure_ipv_port_ephemeral()
  (CVE-2022-1012 bsc#1199482).
- tcp: drop the hash_32() part from the index calculation
  (CVE-2022-1012 bsc#1199482).
- tcp: increase source port perturb table to 2^16 (CVE-2022-1012
  bsc#1199482).
- tcp: dynamically allocate the perturb table used by source ports
  (CVE-2022-1012 bsc#1199482).
- tcp: add small random increments to the source port
  (CVE-2022-1012 bsc#1199482).
- tcp: resalt the secret every 10 seconds (CVE-2022-1012
  bsc#1199482).
- tcp: use different parts of the port_offset for index and offset
  (CVE-2022-1012 bsc#1199482).
- secure_seq: use the 64 bits of the siphash for port offset
  calculation (CVE-2022-1012 bsc#1199482).
- commit f0bb4ae
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (git-fixes)
- commit 000b775
- Refresh 0002-PKCS-7-Check-codeSigning-EKU-for-kernel-module-and-k.patch
- commit 4835ae7
- kernel-binary.spec: check s390x vmlinux location
  As a side effect of mainline commit edd4a8667355 ("/s390/boot: get rid of
  startup archive"/), vmlinux on s390x moved from "/compressed"/ subdirectory
  directly into arch/s390/boot. As the specfile is shared among branches,
  check both locations and let objcopy use one that exists.
- commit cd15543
- platform/x86: wmi: Fix driver->notify() vs ->probe() race
  (git-fixes).
- commit e932131
- platform/x86: wmi: Replace read_takes_no_args with a flags field
  (git-fixes).
- commit 2771a0e
- Add missing recommends of kernel-install-tools to kernel-source-vanilla (bsc#1200442)
- commit 93b1375
- Update config files
- commit 0d6e862
- s390/mcck: isolate SIE instruction when setting CIF_MCCK_GUEST
  flag (git-fixes).
- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM
  (git-fixes).
- s390/lcs: fix variable dereferenced before check (git-fixes).
- s390/ctcm: fix potential memory leak (git-fixes).
- s390/ctcm: fix variable dereferenced before check (git-fixes).
- s390/dasd: Fix read inconsistency for ESE DASD devices
  (bsc#1200206 LTC#198455).
- s390/dasd: Fix read for ESE with blksize < 4k (bsc#1200206
  LTC#198455).
- s390/dasd: prevent double format of tracks for ESE devices
  (bsc#1200207 LTC#198454).
- s390/dasd: fix data corruption for ESE devices (bsc#1200207
  LTC#198454).
- KVM: s390: vsie/gmap: reduce gmap_rmap overhead (git-fixes).
- s390/nmi: handle vector validity failures for KVM guests
  (git-fixes).
- s390/nmi: handle guarded storage validity failures for KVM
  guests (git-fixes).
- vfio/ccw: Remove unneeded GFP_DMA (git-fixes).
- KVM: s390: pv: avoid stalls for kvm_s390_pv_init_vm (git-fixes).
- KVM: s390: pv: avoid double free of sida page (git-fixes).
- KVM: s390: pv: add macros for UVC CC values (git-fixes).
- s390: fix strrchr() implementation (git-fixes).
- s390/pv: fix the forcing of the swiotlb (git-fixes).
- s390/qdio: cancel the ESTABLISH ccw after timeout (git-fixes).
- s390/qdio: fix roll-back after timeout on ESTABLISH ccw
  (git-fixes).
- s390/ftrace: fix ftrace_update_ftrace_func implementation
  (git-fixes).
- s390/cio: dont call css_wait_for_slow_path() inside a lock
  (git-fixes).
- s390/cio: Fix the "/type"/ field in s390_cio_tpi tracepoint
  (git-fixes).
- s390/mcck: fix invalid KVM guest condition check (git-fixes).
- vfio-ccw: Check initialized flag in cp_init() (git-fixes).
- s390: fix detection of vector enhancements facility 1 vs. vector
  packed decimal facility (git-fixes).
- s390/vfio-ap: fix circular lockdep when setting/clearing crypto
  masks (git-fixes).
- virtio/s390: implement virtio-ccw revision 2 correctly
  (git-fixes).
- commit 61a09d5
- NFS: Don't report ENOSPC write errors twice (git-fixes).
- nfsd: Fix null-ptr-deref in nfsd_fill_super() (git-fixes).
- md: fix an incorrect NULL check in md_reload_sb (git-fixes).
- md: fix an incorrect NULL check in does_sb_need_changing
  (git-fixes).
- raid5: introduce MD_BROKEN (git-fixes).
- commit a49fc21
- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
- commit 070ca14
- blk-mq: Fix wrong wakeup batch configuration which will cause
  hang (bsc#1200263).
- commit d25a54b
- blk-mq: fix tag_get wait task can't be awakened (bsc#1200263).
- commit 0a1fb57
- PCI: hv: Fix NUMA node assignment when kernel boots with custom
  NUMA topology (bsc#1199365).
- commit 533234b
- cifs: fix uninitialized pointer in error case in
  dfs_cache_get_tgt_share (bsc#1200217).
- commit 61fbb01
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- commit ee56e7d
- cifs: update internal module number (bsc#1200217).
- commit f5cdb99
- cifs: version operations for smb20 unneeded when legacy support
  disabled (bsc#1200217).
- commit 1734132
- cifs: do not build smb1ops if legacy support is disabled
  (bsc#1200217).
- commit aba3c47
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- commit e9cc20c
- cifs: when extending a file with falloc we should make files
  not-sparse (bsc#1200217).
- commit 294d1b1
- cifs: remove repeated debug message on cifs_put_smb_ses()
  (bsc#1200217).
- commit 98c0db1
- cifs: fix potential double free during failed mount
  (bsc#1200217).
- commit bce142b
- cifs: avoid parallel session setups on same channel
  (bsc#1200217).
- commit 1f42004
- cifs: use new enum for ses_status (bsc#1200217).
- commit 7268b31
- cifs: do not use tcpStatus after negotiate completes
  (bsc#1200217).
- commit 7674d31
- smb3: add mount parm nosparse (bsc#1200217).
- commit 2ffada9
- smb3: don't set rc when used and unneeded in query_info_compound
  (bsc#1200217).
- commit 6fd63ad
- smb3: check for null tcon (bsc#1200217).
- commit b858070
- cifs: fix minor compile warning (bsc#1200217).
- commit fd0fc4d
- Add various fsctl structs (bsc#1200217).
- commit 90bede3
- smb3: add trace point for oplock not found (bsc#1200217).
- commit 346f7ed
- cifs: return the more nuanced writeback error on close()
  (bsc#1200217).
- commit 7742646
- smb3: add trace point for lease not found issue (bsc#1200217).
- commit 0658354
- cifs: smbd: fix typo in comment (bsc#1200217).
- commit c4afc8a
- cifs: set the CREATE_NOT_FILE when opening the directory in
  use_cached_dir() (bsc#1200217).
- commit 706627f
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- commit 6a639c3
- cifs: move definition of cifs_fattr earlier in cifsglob.h
  (bsc#1200217).
- commit f6bc702
- cifs: print TIDs as hex (bsc#1200217).
- commit e89f4ca
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- commit 415ae81
- cifs: don't call cifs_dfs_query_info_nonascii_quirk() if nodfs
  was set (bsc#1200217).
- commit a90922b
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
  (bsc#1200217).
- commit 586cc75
- SMB3: EBADF/EIO errors in rename/open caused by race condition
  in smb2_compound_op (bsc#1200217).
- commit ee0782f
- cifs: destage any unwritten data to the server before calling
  copychunk_write (bsc#1200217).
- commit 1bda1c7
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- commit 8a9f3fb
- cifs: fix NULL ptr dereference in refresh_mounts()
  (bsc#1200217).
- commit 6a33928
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- commit b1096ec
- cifs: verify that tcon is valid before dereference in
  cifs_kill_sb (bsc#1200217).
- commit 7b9058f
- cifs: potential buffer overflow in handling symlinks
  (bsc#1200217).
- commit 6cb9820
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- commit 349ed65
- cifs: release cached dentries only if mount is complete
  (bsc#1200217).
- commit 6b464d5
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- commit dde64e8
- cifs: update internal module number (bsc#1193629).
- commit 92220f4
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- commit 83df40d
- cifs: remove check of list iterator against head past the loop
  body (bsc#1200217).
- commit c041716
- cifs: fix potential race with cifsd thread (bsc#1200217).
- commit 4db1b1e
- smb3: fix ksmbd bigendian bug in oplock break, and move its
  struct to smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 49a5253
- smb3: cleanup and clarify status of tree connections
  (bsc#1200217).
- commit 7a8d282
- smb3: move defines for query info and query fsinfo to
  smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 980c599
- smb3: move defines for ioctl protocol header and SMB2 sizes
  to smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 4816364
- [smb3] move more common protocol header definitions to
  smbfs_common (bsc#1200217).
  [ ematsumiya: remove ksmbd parts ]
- commit 6224ee1
- cifs: fix incorrect use of list iterator after the loop
  (bsc#1200217).
- commit aef3af4
- cifs: change smb2_query_info_compound to use a cached fid,
  if available (bsc#1200217).
- commit 351d3bd
- cifs: use a different reconnect helper for non-cifsd threads
  (bsc#1200217).
- commit f30e918
- cifs: we do not need a spinlock around the tree access during
  umount (bsc#1200217).
- commit 7cfcd55
- cifs: fix handlecache and multiuser (bsc#1200217).
- commit 3ed19f3
- smb3: fix incorrect session setup check for multiuser mounts
  (bsc#1200217).
- commit 7016d61
- cifs: fix confusing unneeded warning message on smb2.1 and
  earlier (bsc#1200217).
- commit 5c8e870
- cifs: modefromsids must add an ACE for authenticated users
  (bsc#1200217).
- commit 48a34af
- cifs: fix double free race when mount fails in cifs_get_root()
  (bsc#1200217).
- commit f99992c
- cifs: do not use uninitialized data in the owner/group sid
  (bsc#1200217).
- commit 84b55ef
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- commit eb184a1
- smb3: fix snapshot mount option (bsc#1200217).
- commit 874c094
- cifs: mark sessions for reconnection in helper function
  (bsc#1200217).
- commit 0a58bbf
- cifs: call helper functions for marking channels for reconnect
  (bsc#1200217).
- commit 9ee8dff
- cifs: call cifs_reconnect when a connection is marked
  (bsc#1200217).
- commit da0085d
- [smb3] improve error message when mount options conflict with
  posix (bsc#1200217).
- commit 2105c8f
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- commit 5c19405
- cifs: unlock chan_lock before calling cifs_put_tcp_session
  (bsc#1200217).
- commit 154c129
- Fix a warning about a malformed kernel doc comment in cifs
  (bsc#1200217).
- commit b2b7511
- cifs: update internal module number (bsc#1200217).
- commit fd57627
- smb3: send NTLMSSP version information (bsc#1200217).
- commit 713e861
- cifs: cifs_ses_mark_for_reconnect should also update reconnect
  bits (bsc#1200217).
- commit 9a2f0ac
- cifs: update tcpStatus during negotiate and sess setup
  (bsc#1200217).
- commit d9e3178
- cifs: make status checks in version independent callers
  (bsc#1200217).
- commit bd7b0d4
- cifs: remove repeated state change in dfs tree connect
  (bsc#1200217).
- commit 010f86c
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- commit 8872018
- cifs: remove unused variable ses_selected (bsc#1200217).
- commit ff25a18
- cifs: protect all accesses to chan_* with chan_lock
  (bsc#1200217).
- commit 570e7fa
- cifs: fix the connection state transitions with multichannel
  (bsc#1200217).
- commit 9e04600
- cifs: check reconnects for channels of active tcons too
  (bsc#1200217).
- commit 7d36579
- cifs: serialize all mount attempts (bsc#1200217).
- commit 551fdd3
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for
  non-ASCII dfs refs (bsc#1200217).
- commit c9efbf1
- cifs: alloc_path_with_tree_prefix: do not append sep. if the
  path is empty (bsc#1200217).
- commit 764a91d
- cifs: clean up an inconsistent indenting (bsc#1200217).
- commit 248e46d
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- commit 43eb5cf
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- commit 41d17b7
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- commit ef6d710
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment
  (bsc#1200217).
- commit f53ea90
- cifs: avoid race during socket reconnect between send and recv
  (bsc#1200217).
- commit 722c8b7
- cifs: maintain a state machine for tcp/smb/tcon sessions
  (bsc#1200217).
- commit 51b486f
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- commit fd0e196
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- commit 27f6fb8
- cifs: reconnect only the connection and not smb session where
  possible (bsc#1200217).
- commit 16bf87d
- cifs: add WARN_ON for when chan_count goes below minimum
  (bsc#1200217).
- commit a58714b
- cifs: adjust DebugData to use chans_need_reconnect for conn
  status (bsc#1200217).
- commit 7ddcbf5
- cifs: use the chans_need_reconnect bitmap for reconnect status
  (bsc#1200217).
- commit d6f970b
- cifs: track individual channel status using chans_need_reconnect
  (bsc#1200217).
- commit b7aed75
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- commit a5a52e3
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- commit d076172
- cifs: ignore resource_id while getting fscache super cookie
  (bsc#1200217).
- commit 2d5c0e6
- cifs: fix ntlmssp auth when there is no key exchange
  (bsc#1200217).
- commit 93704ce
- cifs: wait for tcon resource_id before getting fscache super
  (bsc#1200217).
- commit b7f6657
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- commit e83f639
- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has
  architectural PMU (git-fixes).
- commit b46bf26
- KVM: x86/emulator: Defer not-present segment check in
  __load_segment_descriptor() (git-fixes).
- commit 27bee90
- KVM: x86: Fix emulation in writing cr8 (git-fixes).
- commit a28f4e5
- KVM: nVMX: Query current VMCS when determining if MSR bitmaps
  are in use (git-fixes).
- commit d008aa3
- kvm: fix wrong exception emulation in check_rdtsc (git-fixes).
- commit 5797afc
- KVM: nVMX: Unconditionally clear nested.pi_pending on nested
  VM-Enter (git-fixes).
- commit acadff0
- KVM: VMX: Use current VMCS to query WAITPKG support for MSR
  emulation (git-fixes).
- commit e4539a4
- KVM: x86: Don't force set BSP bit when local APIC is managed
  by userspace (git-fixes).
- commit eb244fb
- KVM: x86: Migrate the PIT only if vcpu0 is migrated, not any
  BSP (git-fixes).
- commit e4d1ca5
- KVM: nVMX: Set LDTR to its architecturally defined value on
  nested VM-Exit (git-fixes).
- commit 738798b
- KVM: x86: Immediately reset the MMU context when the SMM flag
  is cleared (git-fixes).
- commit 09330a5
- floppy: disable FDRAWCMD by default (bsc#1198866 CVE-2022-1836).
- Update config files.
- commit f9d0532
- KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in
  intel_arch_events[] (git-fixes).
- commit d9ed32f
- KVM: x86: clflushopt should be treated as a no-op by emulation
  (git-fixes).
- commit 9620f9a
- kvm: x86: Toggling CR4.PKE does not load PDPTEs in PAE mode
  (git-fixes).
- commit ef4dd36
- kvm: x86: Toggling CR4.SMAP does not load PDPTEs in PAE mode
  (git-fixes).
- commit f6cd4b8
- KVM: x86: Mark CR4.TSD as being possibly owned by the guest
  (git-fixes).
- commit 0207dce
- KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in
  64-bit mode (git-fixes).
- commit 167dd6e
- Revert "/KVM: x86: work around leak of uninitialized stack
  contents"/ (git-fixes).
- commit 750d1b0
- nfc: st21nfca: fix incorrect sizing calculations in
  EVT_TRANSACTION (git-fixes).
- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
  (git-fixes).
- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION
  (git-fixes).
- drm: imx: fix compiler warning with gcc-12 (git-fixes).
- commit 31b71c0
- KVM: x86: Fix off-by-one error in kvm_vcpu_ioctl_x86_setup_mce
  (git-fixes).
- commit 006ad54
- KVM: nVMX: Invalidate all roots when emulating INVVPID without
  EPT (git-fixes).
- commit 6adfb0f
- KVM: VMX: Flush all EPTP/VPID contexts on remote TLB flush
  (git-fixes).
- commit a06b778
- ftrace: Clean up hash direct_functions on register failures
  (git-fixes).
- commit adaac4e
- tilcdc: tilcdc_external: fix an incorrect NULL check on list
  iterator (git-fixes).
- commit 8f16892
- Refresh
  patches.suse/drm-vmwgfx-Initialize-drm_mode_fb_cmd2.patch.
  Alt-commit
- commit 30ee9bf
- Refresh
  patches.suse/0001-drm-vmwgfx-Remove-unused-compile-options.patch.
  Alt-commit
- commit e57beef
- blacklist.conf: Remove blacklisting of backported patch
- Refresh
  patches.suse/drm-vc4-hdmi-Move-the-HSM-clock-enable-to-runtime_pm.patch.
  Alt-commit
- commit 64d3607
- block: fix bio_clone_blkg_association() to associate with
  proper blkcg_gq (bsc#1200259).
- commit ce6dfd1
- Refresh
  patches.suse/drm-i915-Call-i915_globals_exit-if-pci_register_devi.patch.
  Alt-commit
- commit fbaa188
- drm/msm/dsi: fix address for second DSI PHY on SDM660
  (git-fixes).
- commit 2435776
- Refresh
  patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch.
  Alt-commit
- commit 693f083
- Refresh patches.suse/drm-amdkfd-Fix-GWS-queue-count.patch.
  Alt-commit
- commit cef7148
- Refresh
  patches.suse/drm-amdgpu-smu10-fix-SoC-fclk-units-in-auto-mode.patch.
  Alt-commit
- commit 7e7296e
- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace
  (git-fixes).
- commit 25b074b
- drm/amdgpu/smu10: fix SoC/fclk units in auto mode (git-fixes).
- commit cd35e5a
- blacklist.conf: 0d979509539e drm/ttm: remove ttm_bo_vm_insert_huge()
- commit b0d7e4a
- blacklist.conf: 10a6de19cad6 seq_file: fix passing wrong private data
- commit 88787ec
- drm/i915: fix i915_globals_exit() section mismatch error
  (git-fixes).
- commit f035fef
- add mainline tag for a pci-hyperv change
- commit 77f42e9
- netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
  (CVE-2022-1972 bsc#1200019).
- commit 323e166
- netfilter: nf_tables: disallow non-stateful expression in sets
  earlier (CVE-2022-1966 bsc#1200015).
- commit 41de480
- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled
  (git-fixes).
- scsi: dc395x: Fix a missing check on list iterator (git-fixes).
- scsi: ufs: core: Exclude UECxx from SFR dump list (git-fixes).
- scsi: ufs: qcom: Fix ufs_qcom_resume() (git-fixes).
- drbd: fix duplicate array initializer (git-fixes).
- drbd: use bdev_alignment_offset instead of
  queue_alignment_offset (git-fixes).
- drbd: use bdev based limit helpers in drbd_send_sizes
  (git-fixes).
- drbd: remove assign_p_sizes_qlim (git-fixes).
- commit d165ee8
- Added blacklist git-fix: just fixes compiler warning but breaks kabi
- commit 2f740d4
- jbd2: Fake symbols defined under CONFIG_JBD2_DEBUG
  (bsc#1198971).
- Update config files to disable mistakenly enabled CONFIG_JBD2_DEBUG
- commit 1c1f326
- net: stmmac: dwmac-sun8i: Balance syscon (de)initialization (git-fixes).
- commit 3c1ac51
- net: stmmac: dwmac-sun8i: Balance internal PHY power (git-fixes).
- commit a293be9
- net: stmmac: dwmac-sun8i: Balance internal PHY resource references (git-fixes).
- commit 5ddd111
- net: stmmac: dwmac-sun8i: Fix probe error handling (git-fixes).
- commit b7d0c5f
- net: dsa: lantiq_gswip: Fix GSWIP_MII_CFG(p) register access (git-fixes).
- commit ac2aae4
- net: dsa: lantiq_gswip: Enable GSWIP_MII_CFG_EN also for internal PHYs (git-fixes).
- commit dd8afe7
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes).
- commit de37b40
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- commit b06c831
- qlcnic: Fix error code in probe (git-fixes).
- commit 34dcd67
- net: korina: fix return value (git-fixes).
- commit 2399b03
- ice: Fix race conditions between virtchnl handling and VF ndo ops (git-fixes).
- commit ecd49f2
- net: hns3: fix kernel crash when unload VF while it is being reset (git-fixes).
- commit 5655db7
- btrfs: tree-checker: fix incorrect printk format (bsc#1200249).
- commit 9d94c81
- netdevice: demote the type of some dev_addr_set() helpers
  (bsc#1200216).
- commit eaa7009
- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS
  (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
  9520 laptop (git-fixes).
- ALSA: hda/realtek - Add new type for ALC245 (git-fixes).
- ASoC: rt5514: Fix event generation for "/DSP Voice Wake Up"/
  control (git-fixes).
- ALSA: ctxfi: Add SB046x PCI ID (git-fixes).
- commit f5268ed
- gpio: adp5588: Remove support for platform setup and teardown
  callbacks (git-fixes).
- gpio: pca953x: use the correct register address to do regcache
  sync (git-fixes).
- driver core: fix deadlock in __device_attach (git-fixes).
- driver: base: fix UAF when driver_attach failed (git-fixes).
- selftests: firmware: Use smaller dictionary for XZ compression
  (git-fixes).
- bus: ti-sysc: Fix warnings for unbind for serial (git-fixes).
- firmware: dmi-sysfs: Fix memory leak in
  dmi_sysfs_register_handle (git-fixes).
- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure
  (git-fixes).
- phy: qcom-qmp: fix reset-controller leak on probe errors
  (git-fixes).
- phy: qcom-qmp: fix struct clk leak on probe errors (git-fixes).
- iio: adc: sc27xx: Fine tune the scale calibration values
  (git-fixes).
- iio: adc: sc27xx: fix read big scale voltage not right
  (git-fixes).
- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return
  value check (git-fixes).
- iio: adc: ad7124: Remove shift from scan_type (git-fixes).
- firmware: stratix10-svc: fix a missing check on list iterator
  (git-fixes).
- usb: ehci-omap: drop unused ehci_read() function (git-fixes).
- usb: typec: mux: Check dev_set_name() return value (git-fixes).
- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking
  (git-fixes).
- usb: musb: Fix missing of_node_put() in omap2430_probe
  (git-fixes).
- USB: storage: karma: fix rio_karma_init return (git-fixes).
- usb: usbip: add missing device lock on tweak configuration cmd
  (git-fixes).
- usb: usbip: fix a refcount leak in stub_probe() (git-fixes).
- serial: stm32-usart: Correct CSIZE, bits, and parity
  (git-fixes).
- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7
  (git-fixes).
- serial: sifive: Sanitize CSIZE and c_iflag (git-fixes).
- serial: sh-sci: Don't allow CS5-6 (git-fixes).
- serial: txx9: Don't allow CS5-6 (git-fixes).
- serial: rda-uart: Don't allow CS5-6 (git-fixes).
- serial: digicolor-usart: Don't allow CS5-6 (git-fixes).
- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485
  (git-fixes).
- serial: meson: acquire port->lock in startup() (git-fixes).
- serial: pch: don't overwrite xmit->buf[0] by x_char (git-fixes).
- serial: 8250: pxa: Remove unneeded <linux/pm_runtime.h>
  (git-fixes).
- serial: 8250: core: Remove unneeded <linux/pm_runtime.h>
  (git-fixes).
- tty: serial: fsl_lpuart: fix potential bug when using both
  of_alias_get_id and ida_simple_get (git-fixes).
- tty: serial: owl: Fix missing clk_disable_unprepare() in
  owl_uart_probe (git-fixes).
- tty: goldfish: Use tty_port_destroy() to destroy port
  (git-fixes).
- staging: fieldbus: Fix the error handling path in
  anybuss_host_common_probe() (git-fixes).
- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (git-fixes).
- commit e15e5e6
- powerpc/xive: Add some error handling code to
  'xive_spapr_init()' (fate#322438 git-fixes).
- commit 29a15ff
- net: sched: fixed barrier to prevent skbuff sticking in qdisc
  backlog (bsc#1183405).
- commit 5f8489b
- tracing: Fix return value of trace_pid_write() (git-fixes).
- commit 332fdc6
- tracing: Fix potential double free in create_var_ref()
  (git-fixes).
- commit 142f9d7
- wireguard: device: check for metadata_dst with skb_valid_dst()
  (git-fixes).
- commit 9790edc
- nvme-tcp: use __dev_get_by_name instead dev_get_by_name for
  OPT_HOST_IFACE (bsc#1199670).
- commit a8aa700
- ceph: fix setting of xattrs on async created inodes
  (bsc#1200192).
- commit 91687d7
- i2c: at91: Initialize dma_buf in at91_twi_xfer() (git-fixes).
- commit 9250a63
- soc: rockchip: Fix refcount leak in rockchip_grf_init
  (git-fixes).
- wifi: mac80211: fix use-after-free in chanctx code (git-fixes).
- assoc_array: Fix BUG_ON during garbage collect (git-fixes).
- rtc: mt6397: check return value after calling
  platform_get_resource() (git-fixes).
- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
  (git-fixes).
- pwm: raspberrypi-poe: Fix endianness in firmware struct
  (git-fixes).
- pwm: lp3943: Fix duty calculation in case period was clamped
  (git-fixes).
- i2c: at91: use dma safe buffers (git-fixes).
- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
  (git-fixes).
- commit db358bc
- powerpc/xive: Fix refcount leak in xive_spapr_init (fate#322438
  git-fixes).
- commit 4062633
- NFC: netlink: fix sleep in atomic bug when firmware download
  timeout (CVE-2022-1975 bsc#1200143).
- commit bcae1e0
- nfc: replace improper check device_is_registered() in netlink
  related functions (CVE-2022-1974 bsc#1200144).
- Refresh
  patches.suse/NFC-SUSE-specific-brutal-fix-for-runtime-PM.patch.
- commit 8ab4a08
- certs: Add EFI_CERT_X509_GUID support for dbx entries
  (bsc#1177282 CVE-2020-26541).
- Update config files.
- commit 6bf28b7
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 43f073a
- arm: mediatek: select arch timer for mt7629 (git-fixes)
- commit 013d17b
- ARM: dts: qcom: msm8974: Drop flags for mdss irqs (git-fixes)
- commit 42eec11
- ARM: dts: suniv: F1C100: fix watchdog compatible (git-fixes)
- commit 93d1bda
- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (git-fixes)
- commit 7e7bd88
- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (git-fixes)
- commit 5ee912a
- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (git-fixes)
- commit 8161416
- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (git-fixes)
- commit 4e538b6
- ARM: dts: imx6ull-colibri: fix vqmmc regulator (git-fixes)
- commit 676db9a
- ARM: dts: logicpd-som-lv: Fix wrong pinmuxing on OMAP35 (git-fixes)
- commit 70b2b9b
- ARM: dts: am3517-evm: Fix misc pinmuxing (git-fixes)
- commit 50fc702
- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (git-fixes)
- commit 12ddc7c
- ARM: dts: at91: Map MCLK for wm8731 on at91sam9g20ek (git-fixes)
- commit 123bc41
- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (git-fixes)
- commit d5627c3
- ARM: config: u8500: Re-enable AB8500 battery charging (git-fixes)
- commit 5b0fb4f
- ARM: davinci: da850-evm: Avoid NULL pointer dereference (git-fixes)
- commit 7371c56
- ARM: 9187/1: JIVE: fix return value of __setup handler (git-fixes)
- commit f4ca8bd
- blacklist.conf: ("/ARM: dts: spear1340: Update serial node properties"/)
- commit 2719ba1
- blacklist.conf: ("/ARM: dts: spear13xx: Update SPI dma properties"/)
- commit d4905d6
- ARM: dts: qcom: ipq4019: fix sleep clock (git-fixes)
- commit 23153db
- ARM: dts: Fix OpenBMC flash layout label addresses (git-fixes)
- commit 5fc1380
- ARM: dts: at91: sama5d2: Fix PMERRLOC resource size (git-fixes)
- commit 71afe29
- ARM: dts: imx: Add missing LVDS decoder on M53Menlo (git-fixes)
- commit afc6580
- ARM: dts: exynos: fix UART3 pins configuration in Exynos5250 (git-fixes)
- commit bc1fb03
- ARM: ftrace: ensure that ADR takes the Thumb bit into account (git-fixes)
- commit fee81b1
- blacklist.conf: ("/ARM: iop32x: offset IRQ numbers by 1"/)
- commit abcec77
- ARM: tegra: Move panels to AUX bus (git-fixes)
- commit 50fd172
- ARM: dts: meson8b: Fix the UART device-tree schema validation (git-fixes)
- commit 0f51816
- ARM: dts: meson8: Fix the UART device-tree schema validation (git-fixes)
- commit 40ff6d7
- ARM: dts: meson: Fix the UART compatible strings (git-fixes)
- commit 27df56a
- ARM: socfpga: fix missing RESET_CONTROLLER (git-fixes)
- commit 62b05df
- ARM: dts: imx23-evk: Remove MX23_PAD_SSP1_DETECT from hog group (git-fixes)
- commit 587bb4a
- ARM: dts: imx6qdl-udoo: Properly describe the SD card detect (git-fixes)
- commit 8309249
- ARM: 9170/1: fix panic when kasan and kprobe are enabled (git-fixes)
- commit 2e353f0
- ARM: dts: armada-38x: Add generic compatible to UART nodes (git-fixes)
- commit c7c1408
- ARM: 9169/1: entry: fix Thumb2 bug in iWMMXt exception handling (git-fixes)
- commit ca31c5d
- ARM: dts: imx6ull-pinfunc: Fix CSI_DATA07__ESAI_TX0 pad name (git-fixes)
- commit 43a6857
- ARM: socfpga: dts: fix qspi node compatible (git-fixes)
- commit 8773156
- nvme-tcp: allow selecting the network interface for connections
  (bsc#1199670).
- commit 24adf25
- scsi: qla2xxx: edif: Remove unneeded variable (bsc#1200046).
- scsi: qla2xxx: Remove unneeded flush_workqueue() (bsc#1200046).
- scsi: qla2xxx: Remove free_sg command flag (bsc#1200046).
- scsi: qla2xxx: Fix missed DMA unmap for aborted commands
  (bsc#1200046).
- commit 0e2231e
- Refresh
  patches.suse/nvme-multipath-use-vmalloc-for-ana-log-buffer.patch.
- commit 971fe0e
- scsi: lpfc: Update lpfc version to 14.2.0.3 (bsc#1200045).
- scsi: lpfc: Use sg_dma_address() and sg_dma_len() macros for
  NVMe I/O (bsc#1200045).
- scsi: lpfc: Alter FPIN stat accounting logic (bsc#1200045).
- scsi: lpfc: Rework FDMI initialization after link up
  (bsc#1200045).
- scsi: lpfc: Change VMID registration to be based on fabric
  parameters (bsc#1200045).
- scsi: lpfc: Decrement outstanding gidft_inp counter if
  lpfc_err_lost_link() (bsc#1200045).
- scsi: lpfc: Use list_for_each_entry_safe() in
  rscn_recovery_check() (bsc#1200045).
- scsi: lpfc: Fix dmabuf ptr assignment in lpfc_ct_reject_event()
  (bsc#1200045).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
  (bsc#1200045).
- scsi: lpfc: Fix ndlp put following a LOGO completion
  (bsc#1200045).
- scsi: lpfc: Fill in missing ndlp kref puts in error paths
  (bsc#1200045).
- scsi: lpfc: Fix element offset in __lpfc_sli_release_iocbq_s4()
  (bsc#1200045).
- scsi: lpfc: Remove redundant lpfc_sli_prep_wqe() call
  (bsc#1200045).
- scsi: lpfc: Fix additional reference counting in
  lpfc_bsg_rport_els() (bsc#1200045).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
  (bsc#1200045).
- scsi: lpfc: Remove unnecessary null ndlp check in
  lpfc_sli_prep_wqe() (bsc#1200045).
- scsi: lpfc: Remove unneeded variable (bsc#1200045).
- scsi: lpfc: Copyright updates for 14.2.0.2 patches
  (bsc#1200045).
- scsi: lpfc: Update lpfc version to 14.2.0.2 (bsc#1200045).
- scsi: lpfc: Expand setting ELS_ID field in ELS_REQUEST64_WQE
  (bsc#1200045).
- scsi: lpfc: Update stat accounting for READ_STATUS mbox command
  (bsc#1200045).
- scsi: lpfc: Change FA-PWWN detection methodology (bsc#1200045).
- scsi: lpfc: Refactor cleanup of mailbox commands (bsc#1200045).
- scsi: lpfc: Fix field overload in lpfc_iocbq data structure
  (bsc#1200045).
- scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post
  RSCN completion (bsc#1200045).
- scsi: lpfc: Register for Application Services FC-4 type in
  Fabric topology (bsc#1200045).
- scsi: lpfc: Remove false FDMI NVMe FC-4 support for NPIV ports
  (bsc#1200045).
- scsi: lpfc: Revise FDMI reporting of supported port speed for
  trunk groups (bsc#1200045).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
  (bsc#1200045).
- scsi: lpfc: Correct CRC32 calculation for congestion stats
  (bsc#1200045).
- scsi: lpfc: Move MI module parameter check to handle dynamic
  disable (bsc#1200045).
- scsi: lpfc: Remove unnecessary NULL pointer assignment for
  ELS_RDF path (bsc#1200045).
- scsi: lpfc: Transition to NPR state upon LOGO cmpl if link
  down or aborted (bsc#1200045).
- scsi: lpfc: Update fc_prli_sent outstanding only after
  guaranteed IOCB submit (bsc#1200045).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
  (bsc#1200045).
- scsi: lpfc: Fix null pointer dereference after failing to
  issue FLOGI and PLOGI (bsc#1200045).
- scsi: lpfc: Clear fabric topology flag before initiating a
  new FLOGI (bsc#1200045).
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
  (bsc#1200045).
- scsi: lpfc: Requeue SCSI I/O to upper layer when fw reports
  link down (bsc#1200045).
- scsi: lpfc: Zero SLI4 fcp_cmnd buffer's fcpCntl0 field
  (bsc#1200045).
- scsi: lpfc: Fix diagnostic fw logging after a function reset
  (bsc#1200045).
- scsi: lpfc: Move cfg_log_verbose check before calling
  lpfc_dmp_dbg() (bsc#1200045).
- scsi: lpfc: Tweak message log categories for ELS/FDMI/NVMe
  rescan (bsc#1200045).
- blk-cgroup: move blkcg_{get,set}_fc_appid out of line
  (bsc#1200045).
- scsi: lpfc: Correct BDE DMA address assignment for GEN_REQ_WQE
  (bsc#1200045 bsc#1198989 bsc#1197675).
- scsi: lpfc: Fix split code for FLOGI on FCoE (bsc#1200045
  bsc#1198989 bsc#1197675).
- commit d7157b7
- iommu/amd: Increase timeout waiting for GA log enablement
  (bsc#1199052).
- commit fe9fbe6
- lpfc: Readd update to version 14.2.0.1 (bsc#1197675 bsc#1196478 bsc#1198989)
  The update was reverted due to some regression on older
  hardware. These have been fixed in the meantime, thus update the
  driver.
- commit 200ac05
- revert scsi: qla2xxx: Changes to support FCP2 Target
  (bsc#1198438).
- commit 12ff2a5
- net: rtlwifi: properly check for alloc_workqueue() failure
  (git-fixes).
- Revert "/rtlwifi: fix a potential NULL pointer dereference"/
  (git-fixes).
- commit 24fe374
- mt76: check return value of mt76_txq_send_burst in
  mt76_txq_schedule_list (git-fixes).
- commit 962a439
- spi: Introduce device-managed SPI controller allocation
  (git-fixes).
- commit 9cd5722
- powerpc/64s: Add CPU_FTRS_POWER10 to ALWAYS mask (jsc#SLE-13521
  git-fixes).
- powerpc/64s: Add CPU_FTRS_POWER9_DD2_2 to CPU_FTRS_ALWAYS mask
  (bsc#1061840 git-fixes).
- commit 6362663
- blacklist.conf: kABI, cleanup that renames constants
- commit e8bfcff
- blacklist.conf: kABI, renames declarations
- commit 1b506e7
- blacklist.conf: switches off compilation of a driver on some arches. Either irrelevant or breaks kABI.
- commit a8132c8
- media: netup_unidvb: Don't leak SPI master in probe error path
  (git-fixes).
- commit 539b59b
- Refresh
  patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch.
  In this case, we can not simply use __GENKSYMS__ to wrap new
  LOCKDOWN_DBG_WRITE/READ_KERNEL fields in enum lockdown_reason
  struct. So let's remove __GENKSYMS__ and add a kabi workaround
  patch. (bsc#1199426 CVE-2022-21499)
- commit 88eddb5
- lockdown: kABI workaround for lockdown_reason changes
  (bsc#1199426, CVE-2022-21499).
- commit fe7a29a
- powerpc/powernv: Get STF barrier requirements from device-tree
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Get L1D flush requirements from device-tree
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Add __init attribute to eligible functions
  (bsc#1188885 ltc#193722 git-fixes).
- powerpc/powernv: Remove POWER9 PVR version check for entry
  and uaccess flushes (bsc#1188885 ltc#193722 git-fixes).
- commit 4e35232
- powerpc/fadump: fix PT_LOAD segment for boot memory area
  (bsc#1103269 ltc#169948 git-fixes).
- commit 726e54b
- Update patch metadata references
- commit c29f6ae
- KVM: VMX: Fix stale docs for
  kvm-intel.emulate_invalid_guest_state (git-fixes).
- commit 56b5e51
- Kconfig.debug: drop selecting non-existing
  HARDLOCKUP_DETECTOR_ARCH (git-fixes).
- commit 9876873
- arm64: paravirt: Use RCU read locks to guard stolen_time
  (git-fixes).
- commit 06cf912
- smp: Fix offline cpu check in flush_smp_call_function_queue()
  (git-fixes).
- commit 798956d
- mm, page_alloc: fix build_zonerefs_node() (git-fixes).
- commit 25a1706
- Input: stmfts - do not leave device disabled in
  stmfts_input_open (git-fixes).
- commit 7f01cd9
- dmaengine: stm32-mdma: remove GISR1 register (git-fixes).
- dmaengine: idxd: Fix the error handling path in
  idxd_cdev_register() (git-fixes).
- Input: sparcspkr - fix refcount leak in bbc_beep_probe
  (git-fixes).
- misc: ocxl: fix possible double free in ocxl_file_register_afu
  (git-fixes).
- pinctrl: mvebu: Fix irq_of_parse_and_map() return value
  (git-fixes).
- pinctrl/rockchip: support deferring other gpio params
  (git-fixes).
- commit 9a75e78
- btrfs: extent-tree: kill the BUG_ON() in
  insert_inline_extent_backref() (CVE-2019-19377 bsc#1158266).
- commit 31a8792
- btrfs: extent-tree: kill BUG_ON() in  __btrfs_free_extent()
  (CVE-2019-19377 bsc#1158266).
- commit 75b17c1
- crypto: ecrdsa - Fix incorrect use of vli_cmp (git-fixes).
- crypto: caam - fix i.MX6SX entropy delay value (git-fixes).
- crypto: x86 - eliminate anonymous module_init & module_exit
  (git-fixes).
- mfd: ipaq-micro: Fix error check return value of
  platform_get_irq() (git-fixes).
- clk: imx8mp: fix usb_root_clk parent (git-fixes).
- clk: renesas: r9a06g032: Fix the RTC hclock description
  (git-fixes).
- PCI: rockchip: Fix find_first_zero_bit() limit (git-fixes).
- PCI: qcom: Fix unbalanced PHY init on probe errors (git-fixes).
- PCI: qcom: Fix runtime PM imbalance on probe errors (git-fixes).
- PCI: imx6: Fix PERST# start-up sequence (git-fixes).
- PCI: dwc: Fix setting error return on MSI DMA mapping failure
  (git-fixes).
- PCI: cadence: Fix find_first_zero_bit() limit (git-fixes).
- PCI/PM: Power up all devices during runtime resume (git-fixes).
- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (git-fixes).
- tty: fix deadlock caused by calling printk() under
  tty_port->lock (git-fixes).
- commit ec70afa
- NFC: hci: fix sleep in atomic context bugs in
  nfc_hci_hcp_message_tx (git-fixes).
- commit 61459e4
- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc
  (git-fixes).
- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc
  (git-fixes).
- nl80211: show SSID for P2P_GO interfaces (git-fixes).
- NFC: NULL out the dev->rfkill to prevent UAF (git-fixes).
- media: ov7670: remove ov7670_power_off from ov7670_remove
  (git-fixes).
- media: pvrusb2: fix array-index-out-of-bounds in
  pvr2_i2c_core_init (git-fixes).
- thermal/drivers/broadcom: Fix potential NULL dereference in
  sr_thermal_probe (git-fixes).
- thermal/drivers/bcm2711: Don't clamp temperature at zero
  (git-fixes).
- spi: spi-fsl-qspi: check return value after calling
  platform_get_resource_byname() (git-fixes).
- spi: img-spfi: Fix pm_runtime_get_sync() error checking
  (git-fixes).
- spi: spi-ti-qspi: Fix return value handling of
  wait_for_completion_timeout (git-fixes).
- spi: spi-cadence: Fix kernel-doc format for resume/suspend
  (git-fixes).
- regulator: pfuze100: Fix refcount leak in
  pfuze_parse_regulators_dt (git-fixes).
- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET
  (git-fixes).
- mtd: spi-nor: core: Check written SR value in
  spi_nor_write_16bit_sr_and_check() (git-fixes).
- tpm: Fix buffer access in tpm2_get_tpm_pt() (git-fixes).
- platform/chrome: cros_ec_debugfs: detach log reader wq from devm
  (git-fixes).
- rtc: mc146818-lib: Fix the AltCentury for AMD platforms
  (git-fixes).
- rtc: fix use-after-free on device removal (git-fixes).
- mmc: block: Use generic_cmd6_time when modifying
  INAND_CMD38_ARG_EXT_CSD (git-fixes).
- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC
  (git-fixes).
- commit 45f0e7e
- gma500: fix an incorrect NULL check on list iterator
  (git-fixes).
- media: uvcvideo: Fix missing check to determine if element is
  found in list (git-fixes).
- media: media-entity.h: Fix documentation for
  media_create_intf_link (git-fixes).
- HID: elan: Fix potential double free in elan_input_configured
  (git-fixes).
- HID: hid-led: fix maximum brightness for Dream Cheeky
  (git-fixes).
- Fix double fget() in vhost_net_set_backend() (git-fixes).
- mac80211: fix rx reordering with non explicit / psmp ack policy
  (git-fixes).
- Input: stmfts - fix reference leak in stmfts_input_open
  (git-fixes).
- Input: add bounds checking to input_set_capability()
  (git-fixes).
- commit 6469b91
- firmware: arm_scmi: Validate BASE_DISCOVER_LIST_PROTOCOLS
  response (git-fixes).
- firmware: arm_scmi: Fix list protocols enumeration in the base
  protocol (git-fixes).
- drm/i915: Fix CFI violation with show_dynamic_id() (git-fixes).
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set()
  (git-fixes).
- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (git-fixes).
- drm/msm: return an error pointer in msm_gem_prime_get_sg_table()
  (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_mixer_release when
  deadlock is detected (git-fixes).
- drm/msm/mdp5: Return error code in mdp5_pipe_release when
  deadlock is detected (git-fixes).
- drm/msm/hdmi: fix error check return value of
  irq_of_parse_and_map() (git-fixes).
- commit 0cce114
- drm/msm/hdmi: check return value after calling
  platform_get_resource_byname() (git-fixes).
- drm/msm/dsi: fix error checks and return values for DSI xmit
  functions (git-fixes).
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use
  after memory free during pm runtime resume (git-fixes).
- drm/msm/dpu: adjust display_v_end for eDP and DP (git-fixes).
- drm/mediatek: Fix mtk_cec_mask() (git-fixes).
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind()
  (git-fixes).
- drm/panel: simple: Add missing bus flags for Innolux G070Y2-L01
  (git-fixes).
- drm/bridge: Fix error handling in analogix_dp_probe (git-fixes).
- drm: mali-dp: potential dereference of null pointer (git-fixes).
- commit def8c76
- drivers/base/memory: fix an unlikely reference counting issue
  in __add_memory_block() (git-fixes).
- drivers/base/node.c: fix compaction sysfs file leak (git-fixes).
- ALSA: usb-audio: Configure sync endpoints before data
  (git-fixes).
- ASoC: max98090: Move check for invalid values before casting
  in max98090_put_enab_tlv() (git-fixes).
- ASoC: wm2000: fix missing clk_disable_unprepare() on error in
  wm2000_anc_transition() (git-fixes).
- ASoC: ti: j721e-evm: Fix refcount leak in j721e_soc_probe_*
  (git-fixes).
- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (git-fixes).
- ASoC: atmel-classd: Remove endianness flag on class d component
  (git-fixes).
- ASoC: atmel-pdmic: Remove endianness flag on pdmic component
  (git-fixes).
- ASoC: rk3328: fix disabling mclk on pclk probe failure
  (git-fixes).
- ASoC: mediatek: Fix missing of_node_put in
  mt2701_wm8960_machine_probe (git-fixes).
- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe
  (git-fixes).
- ALSA: usb-audio: Add missing ep_idx in fixed EP quirks
  (git-fixes).
- ALSA: pcm: Check for null pointer of pointer substream before
  dereferencing it (git-fixes).
- drm/komeda: Fix an undefined behavior bug in komeda_plane_add()
  (git-fixes).
- drm/vc4: txp: Force alpha to be 0xff if it's disabled
  (git-fixes).
- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (git-fixes).
- drm/vc4: hvs: Reset muxes at probe time (git-fixes).
- drm: sti: don't use kernel-doc markers (git-fixes).
- drm/nouveau/clk: Fix an incorrect NULL check on list iterator
  (git-fixes).
- drm/bridge: adv7511: clean up CEC adapter when probe fails
  (git-fixes).
- drm/edid: fix invalid EDID extension block filtering
  (git-fixes).
- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on
  list iterator (git-fixes).
- drm/blend: fix typo in the comment (git-fixes).
- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX
  (git-fixes).
- Bluetooth: hci_qca: Use del_timer_sync() before freeing
  (git-fixes).
- Bluetooth: fix dangling sco_conn and use-after-free in
  sco_sock_timeout (git-fixes).
- carl9170: tx: fix an incorrect use of list iterator (git-fixes).
- ath9k_htc: fix potential out of bounds access with invalid
  rxstatus->rs_keyix (git-fixes).
- ath9k: fix ar9003_get_eepmisc (git-fixes).
- docs: submitting-patches: Fix crossref to 'The canonical patch
  format' (git-fixes).
- ACPI: property: Release subnode properties with data nodes
  (git-fixes).
- ALSA: wavefront: Proper check of get_user() error (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo P360
  (git-fixes).
- crypto: x86/chacha20 - Avoid spurious jumps to other functions
  (git-fixes).
- crypto: stm32 - fix reference leak in stm32_crc_remove
  (git-fixes).
- Bluetooth: call hci_le_conn_failed with hdev lock in
  hci_le_conn_failed (git-fixes).
- commit 72b8536
- Update patch reference for libata fix (bsc#1118212).
- commit 9e93177
- KVM: x86/speculation: Disable Fill buffer clear within guests (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 3afdfd4
- lockdown: also lock down previous kgdb use (bsc#1199426
  CVE-2022-21499).
- commit 090b59e
- kernel-binary.spec: Support radio selection for debuginfo.
  To disable debuginfo on 5.18 kernel a radio selection needs to be
  switched to a different selection. This requires disabling the currently
  active option and selecting NONE as debuginfo type.
- commit 43b5dd3
- perf: Fix sys_perf_event_open() race against self
  (CVE-2022-1729, bsc#1199507).
- commit feaf8f1
- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 7356a15
- Update bug reference to bsc#1196840
  bsc#1195826 is for SLE15-SP4
- commit c323b60
- ext4: avoid cycles in directory h-tree (bsc#1198577
  CVE-2022-1184).
- commit b98a7a0
- ext4: verify dir block before splitting it (bsc#1198577
  CVE-2022-1184).
- commit 1b10a51
- x86/speculation/srbds: Update SRBDS mitigation selection (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f7e3619
- series.conf: sort the patches
- commit 77394cc
- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 449a24c
- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe()
  (bsc#1065729).
- commit 55daac9
- scsi: fnic: Replace DMA mask of 64 bits with 47 bits
  (bsc#1199631).
- commit 9223fba
- ionic: fix missing pci_release_regions() on error in
  ionic_probe() (bsc#1167773).
- net/mlx5e: Fix the calling of update_buffer_lossy() API
  (jsc#SLE-15172).
- bnxt_en: Fix unnecessary dropping of RX packets (jsc#SLE-15075).
- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS
  flag (jsc#SLE-8371 bsc#1153274).
- hinic: fix bug of wq out of bound access (bsc#1176447).
- net: hns3: clear inited state and stop client after failed to
  register netdev (bsc#1154353).
- netfilter: nft_set_rbtree: overlap detection with element
  re-addition after deletion (bsc#1176447).
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
  (jsc#SLE-15176, jsc#SLE-16387).
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
  (jsc#SLE-12878).
- ice: synchronize_rcu() when terminating rings (jsc#SLE-7926).
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
  (jsc#SLE-7926).
- ice: Clear default forwarding VSI during VSI release
  (jsc#SLE-12878).
- net: hns3: fix bug when PF set the duplicate MAC address for
  VFs (jsc#SLE-14777).
- ionic: remove the dbid_inuse bitmap (bsc#1167773).
- ionic: disable napi when ionic_lif_init() fails (bsc#1167773).
- ionic: Cleanups in the Tx hotpath code (bsc#1167773).
- ionic: Don't send reset commands if FW isn't running
  (bsc#1167773).
- ionic: start watchdog after all is setup (bsc#1167773).
- ionic: fix type complaint in ionic_dev_cmd_clean()
  (jsc#SLE-16649).
- net/mlx5: Fix a race on command flush flow (jsc#SLE-15172).
- i40e: stop disabling VFs due to PF error responses (git-fixes).
- ionic: monitor fw status generation (bsc#1167773).
- ionic: avoid races in ionic_heartbeat_check (bsc#1167773).
- commit 16310e3
- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit c2d3c0f
- docs: powerpc: Fix misspellings and grammar errors (bsc#1055117
  ltc#159753).
- commit a757a54
- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 93d2214
- powerpc: Enable the DAWR on POWER9 DD2.3 and above (bsc#1055117
  ltc#159753).
- commit 76e65ef
- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit f354e6f
- blacklist.conf: add Renesas SuperH Ethernet
- commit d918a41
- x86/speculation: Add a common function for MD_CLEAR mitigation update (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit e71b0a6
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in
  cpuset_init_smp() (bsc#1199839).
- commit 1cc3b7f
- Update patch reference for crypto fix (bsc#1197601)
- commit afd04b9
- Add dtb-starfive
- commit 85335b1
- Update patch references for ax25 fixes (CVE-2022-1204 bsc#1198025)
- commit 18cea2f
- KVM: PPC: Fix TCE handling for VFIO (bsc#1061840 git-fixes).
- commit b16b2e0
- blacklist.conf: riscv architecture not supported.
- commit c0e1845
- i2c: mt7621: fix missing clk_disable_unprepare() on error in
  mtk_i2c_probe() (git-fixes).
- commit ee5045f
- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180).
- commit 81d7b12
- Input: ili210x - fix reset timing (git-fixes).
- commit 6a3dd7d
- clk: at91: generated: consider range when calculating best rate
  (git-fixes).
- clk: bcm2835: fix bcm2835_clock_choose_div (git-fixes).
- gpio: mvebu/pwm: Refuse requests with inverted polarity
  (git-fixes).
- gpio: gpio-vf610: do not touch other bits when set the target
  bit (git-fixes).
- commit cb7aee7
- ping: fix the sk_bound_dev_if match in ping_lookup
  (bsc#1195826).
- commit fc7752f
- NFC: nci: fix sleep in atomic context bugs caused by
  nci_skb_alloc (git-fixes).
- ALSA: usb-audio: Restore Rane SL-1 quirk (git-fixes).
- ALSA: hda - fix unused Realtek function when PM is not enabled
  (git-fixes).
- tty/serial: digicolor: fix possible null-ptr-deref in
  digicolor_uart_probe() (git-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM7590
  (git-fixes).
- USB: serial: option: add Fibocom MA510 modem (git-fixes).
- USB: serial: option: add Fibocom L610 modem (git-fixes).
- USB: serial: pl2303: add device id for HP LM930 Display
  (git-fixes).
- drm/nouveau/tegra: Stop using iommu_present() (git-fixes).
- ASoC: ops: Validate input values in snd_soc_put_volsw_range()
  (git-fixes).
- ASoC: max98090: Generate notifications on changes for custom
  control (git-fixes).
- ASoC: max98090: Reject invalid values in custom control put()
  (git-fixes).
- hwmon: (f71882fg) Fix negative temperature (git-fixes).
- commit f35fecc
- kABI: Fix kABI after CVE-2022-0171 backport (CVE-2022-0171
  bsc#1199509).
- commit da4b250
- KVM: SEV: add cache flush to solve SEV cache incoherency issues
  (CVE-2022-0171 bsc#1199509).
- commit b851a8d
- ping: remove pr_err from ping_lookup (bsc#1195826).
- commit d9c0959
- patches.suse/ping-fix-the-dif-and-sdif-check-in-ping_lookup.patch:
  (bsc#1195826).
- commit 964b9e7
- floppy: use a statically allocated error counter (bsc#1199063
  CVE-2022-1652).
- commit 3cde83e
- media: vim2m: Register video device after setting up internals
  (git-fixes).
- commit c68692a
- netfilter: nf_conntrack_tcp: re-init for syn packets only
  (bsc#1199035).
- commit adf0a01
- netfilter: nf_conntrack_tcp: preserve liberal flag in tcp
  options (bsc#1199035).
- commit 306abaf
- netfilter: conntrack: re-init state for retransmitted syn-ack
  (bsc#1199035).
- commit 9167545
- netfilter: conntrack: move synack init code to helper
  (bsc#1199035).
- commit 0f49ef3
- netfilter: conntrack: connection timeout after re-register
  (bsc#1199035).
- commit f95a3ee
- copy_process(): Move fd_install() out of sighand->siglock
  critical section (bsc#1199626).
- commit 7c0210b
- blacklist.conf: Add 7d613f9f72ec signal: Remove the bogus sigkill_pending in ptrace_stop
- commit e163427
- blacklist.conf: Add e7f7c99ba911 signal: In get_signal test for signal_group_exit every time through the loop
- commit b279627
- Update patch reference for NFC fix (CVE-2022-1734 bsc#1199605).
- commit d3208d6
- nfc: nfcmrvl: main: reorder destructive operations in
  nfcmrvl_nci_unregister_dev to avoid bugs (CVE-2022-1734
  bsc#1199605 git-fixes).
- commit 4841312
- blacklist.conf: kABI
- commit 3cbffe4
- blacklist.conf: fixes only a warning, generated code not changed
- commit e762772
- blacklist.conf: depends on support for the AST2600, which we don't have
- commit 10f8b9b
- media: platform: add missing put_device() call in
  mtk_jpeg_probe() and mtk_jpeg_remove() (git-fixes).
- commit 686e148
- slimbus: qcom: Fix IRQ check in qcom_slim_probe (git-fixes).
- serial: 8250_mtk: Fix register address for XON/XOFF character
  (git-fixes).
- serial: 8250_mtk: Fix UART_EFR register address (git-fixes).
- usb: typec: tcpci: Don't skip cleanup in .remove() on error
  (git-fixes).
- drm/nouveau: Fix a potential theorical leak in
  nouveau_get_backlight_name() (git-fixes).
- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (git-fixes).
- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (git-fixes).
- hwmon: (tmp401) Add OF device ID table (git-fixes).
- Bluetooth: Fix the creation of hdev->name (git-fixes).
- drm/amd/display/dc/gpio/gpio_service: Pass around correct
  dce_{version, environment} types (git-fixes).
- commit ffb14db
- SUNRPC: Ensure that the gssproxy client can start in a connected
  state (git-fixes).
- commit d77dab5
- Revert "/SUNRPC: Ensure gss-proxy connects on setup"/ (git-fixes).
- commit 7ee04aa
- NFS: limit use of ACCESS cache for negative responses
  (bsc#1196570).
- Refresh
  patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch.
- commit 0b13da9
- Update
  patches.suse/sctp-delay-auto_asconf-init-until-binding-the-first-.patch
  headers (CVE-2021-23133 bsc#1184675).
  Remove unwanted patch headers which have hidden intended CVE and bugzilla
  references (shown above) when the patch was added. The primary purpose of
  this commit is to get the CVE/bugzilla references to git and rpm changelog.
- commit 33c2a2f
- ata: pata_hpt37x: fix PCI clock detection (git-fixes).
- commit 8a557d3
- sata_fsl: fix warning in remove_proc_entry when rmmod sata_fsl
  (git-fixes).
- commit 287c3d2
- sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
  (git-fixes).
- commit 8690a8c
- ARM: dts: at91: fix pinctrl phandles (git-fixes)
- commit f0cde52
- ARM: dts: at91: sama5d4_xplained: fix pinctrl phandle name (git-fixes)
- commit 61bf915
- mmc: block: fix read single on recovery logic (CVE-2022-20008
  bsc#1199564).
- commit b8775dd
- usb: cdc-wdm: fix reading stuck on device close (git-fixes).
- commit 8f25bcd
- scsi: sr: Do not leak information in ioctl (git-fixes).
- scsi: pm80xx: Enable upper inbound, outbound queues (git-fixes).
- scsi: pm80xx: Mask and unmask upper interrupt vectors 32-63
  (git-fixes).
- scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
  (git-fixes).
- scsi: virtio-scsi: Eliminate anonymous module_init & module_exit
  (git-fixes).
- drbd: fix an invalid memory access caused by incorrect use of
  list iterator (git-fixes).
- drbd: Fix five use after free bugs in get_initial_state
  (git-fixes).
- scsi: hisi_sas: Change permission of parameter prot_mask
  (git-fixes).
- scsi: pm8001: Fix abort all task initialization (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command completion handling
  (git-fixes).
- scsi: pm8001: Fix NCQ NON DATA command task initialization
  (git-fixes).
- scsi: pm8001: Fix le32 values handling in pm80xx_chip_sata_req()
  (git-fixes).
- scsi: pm8001: Fix le32 values handling in
  pm80xx_chip_ssp_io_req() (git-fixes).
- scsi: pm8001: Fix payload initialization in
  pm80xx_encrypt_update() (git-fixes).
- scsi: pm8001: Fix le32 values handling in
  pm80xx_set_sas_protocol_timer_config() (git-fixes).
- scsi: pm8001: Fix payload initialization in
  pm80xx_set_thermal_config() (git-fixes).
- scsi: pm8001: Fix command initialization in
  pm8001_chip_ssp_tm_req() (git-fixes).
- scsi: pm8001: Fix command initialization in
  pm80XX_send_read_log() (git-fixes).
- scsi: fnic: Fix a tracing statement (git-fixes).
- commit 4f3c957
- Added two git-fixes to be blacklisted
- commit 35e3e29
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (CVE-2022-30594 bsc#1199505 bsc#1198413).
- commit fd4d93d
- Add patch reference to seccomp fix (CVE-2022-30594 bsc#1199505 bsc#1198413)
  Also shorten the patch file name to standard size
- commit 483f56d
- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU
  protection (git-fixes).
- mac80211: Reset MBSSID parameters upon connection (git-fixes).
- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing
  (git-fixes).
- batman-adv: Don't skb_split skbuffs with frag_list (git-fixes).
- dim: initialize all struct fields (git-fixes).
- ASoC: meson: Fix event generation for G12A tohdmi mux
  (git-fixes).
- ASoC: da7219: Fix change notifications for tone generator
  frequency (git-fixes).
- ASoC: wm8958: Fix change notifications for DSP controls
  (git-fixes).
- firewire: core: extend card->lock in fw_core_handle_bus_reset
  (git-fixes).
- firewire: remove check of list iterator against head past the
  loop body (git-fixes).
- firewire: fix potential uaf in outbound_phy_packet_callback()
  (git-fixes).
- PCI: aardvark: Clear all MSIs at setup (git-fixes).
- commit 7fe0786
- smsc911x: allow using IRQ0 (git-fixes).
- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device
  (git-fixes).
- USB: serial: whiteheat: fix heap overflow in
  WHITEHEAT_GET_DTR_RTS (git-fixes).
- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader
  (git-fixes).
- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB
  (git-fixes).
- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075
  compositions (git-fixes).
- usb: gadget: configfs: clear deactivation flag in
  configfs_composite_unbind() (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
  (git-fixes).
- xhci: increase usb U3 -> U0 link resume timeout from 100ms to
  500ms (git-fixes).
- xhci: stop polling roothubs after shutdown (git-fixes).
- thermal: int340x: Fix attr.show callback prototype (git-fixes).
- commit 432e747
- NFC: netlink: fix sleep in atomic bug when firmware download
  timeout (git-fixes).
- nfc: nfcmrvl: main: reorder destructive operations in
  nfcmrvl_nci_unregister_dev to avoid bugs (git-fixes).
- iio: dac: ad5446: Fix read_raw not returning set value
  (git-fixes).
- iio: magnetometer: ak8975: Fix the error handling in
  ak8975_power_on() (git-fixes).
- phy: ti: Add missing pm_runtime_disable() in serdes_am654_probe
  (git-fixes).
- phy: mapphone-mdm6600: Fix PM error handling in
  phy_mdm6600_probe (git-fixes).
- phy: ti: omap-usb2: Fix error handling in
  omap_usb2_enable_clocks (git-fixes).
- phy: samsung: exynos5250-sata: fix missing device put in probe
  error paths (git-fixes).
- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe
  (git-fixes).
- serial: 8250: Also set sticky MCR bits in console restoration
  (git-fixes).
- serial: imx: fix overrun interrupts in DMA mode (git-fixes).
- mtd: rawnand: Fix return value check of
  wait_for_completion_timeout (git-fixes).
- mtd: rawnand: fix ecc parameters for mt7622 (git-fixes).
- pinctrl: pistachio: fix use of irq_of_parse_and_map()
  (git-fixes).
- pinctrl: rockchip: fix RK3308 pinmux bits (git-fixes).
- reset: tegra-bpmp: Restore Handle errors in BPMP response
  (git-fixes).
- mt76: Fix undefined behavior due to shift overflowing the
  constant (git-fixes).
- platform/x86: samsung-laptop: Fix an unsigned comparison which
  can never be negative (git-fixes).
- PCI: Do not enable AtomicOps on VFs (git-fixes).
- PCI: iproc: Set affinity mask on MSI interrupts (git-fixes).
- commit 6ee3f02
- ASoC: dmaengine: Restore NULL prepare_slave_config() callback
  (git-fixes).
- ALSA: fireworks: fix wrong return count shorter than expected
  by 4 bytes (git-fixes).
- gpio: pca953x: fix irq_stat not updated when irq is disabled
  (irq_mask not set) (git-fixes).
- gpiolib: of: fix bounds check for 'gpio-reserved-ranges'
  (git-fixes).
- can: grcan: use ofdev->dev when allocating DMA memory
  (git-fixes).
- can: grcan: grcan_close(): fix deadlock (git-fixes).
- iio: dac: ad5592r: Fix the missing return value (git-fixes).
- bus: sunxi-rsb: Fix the return value of
  sunxi_rsb_device_create() (git-fixes).
- clk: sunxi: sun9i-mmc: check return value after calling
  platform_get_resource() (git-fixes).
- drm/amdkfd: Fix GWS queue count (git-fixes).
- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses
  (git-fixes).
- hex2bin: fix access beyond string end (git-fixes).
- ata: pata_marvell: Check the 'bmdma_addr' beforing reading
  (git-fixes).
- ALSA: usb-audio: Clear MIDI port active flag after draining
  (git-fixes).
- drm/msm/mdp5: check the return of kzalloc() (git-fixes).
- brcmfmac: sdio: Fix undefined behavior due to shift overflowing
  the constant (git-fixes).
- ALSA: usb-audio: Fix undefined behavior due to shift overflowing
  the constant (git-fixes).
- commit 12e07e6
- EDAC/synopsys: Read the error count from the correct register
  (bsc#1178134).
- commit 247c29e
- powerpc/64s/radix: Fix huge vmap false positive (bsc#1156395).
- commit 72503c7
- blacklist.conf: Add 35d2f249ef0 powerpc/64s: Fix copy-paste data exposure into newly created tasks
- commit f5594b7
- NFSv4: nfs_atomic_open() can race when looking up a non-regular
  file (bsc#1195612 CVE-2022-24448).
- commit db3a8ef
- kABI: ivtv: restore caps member (git-fixes).
- commit 2c3f6cc
- ivtv: fix incorrect device_caps for ivtvfb (git-fixes).
- commit 2ffad22
- media: saa7134: fix incorrect use to determine if list is empty
  (git-fixes).
- commit faf8c31
- blacklist.conf: changes API visible to user space
- commit e83f4b0
- blacklist.conf: cleanup designed to break kABI
- commit a17a5f2
- media: davinci: vpif: fix use-after-free on driver unbind
  (git-fixes).
- commit 0d124d5
- media: davinci: vpif: fix unbalanced runtime PM enable
  (git-fixes).
- commit 62da1d6
- media: davinci: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- commit 8aa4890
- media: videobuf2: Fix the size printk format (git-fixes).
- commit 0442925
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (bsc#1199314).
- commit 039ffb2
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 46bcd39
- usb: mtu3: fix USB 3.0 dual-role-switch from device to host
  (git-fixes).
- commit e008ec3
- usb: typec: ucsi: Fix role swapping (git-fixes).
- commit 0f6815d
- usb: typec: ucsi: Fix reuse of completion structure (git-fixes).
- commit 384b054
- USB: quirks: add STRING quirk for VCOM device (git-fixes).
- commit 9995a55
- USB: quirks: add a Realtek card reader (git-fixes).
- commit 1c7cb74
- timekeeping: Really make sure wall_to_monotonic isn't (git-fixes)
- commit e27a1b4
- sched/pelt: Fix attach_entity_load_avg() corner case (git-fixes)
- commit d7997c9
- genirq/affinity: Consider that CPUs on nodes can be (git-fixes)
- commit abdcbca
- genirq/timings: Fix error return code in (git-fixes)
- commit 12c2013
- genirq/msi: Ensure deactivation on teardown (git-fixes)
- commit f56bf3a
- genirq/timings: Prevent potential array overflow in (git-fixes)
- commit 218e50c
- genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
- commit 8a841da
- lib/raid6/test: fix multiple definition linking error
  (git-fixes).
- commit 22722bc
- genirq/affinity: Handle affinity setting on inactive (git-fixes)
- commit bc0a024
- drm/i915: Update TGL and RKL DMC firmware versions
  (bsc#1198924).
- commit cce0630
- genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
- commit 7b2fde0
- genirq/proc: Reject invalid affinity masks (again) (git-fixes)
- commit 420a601
- series.conf: cleanup
  - Move submitted patch to "/sorted"/ section
    patches.suse/SUNRPC-change-locking-for-xs_swap_enable-disable.patch
- commit d411c20
- timers: Fix warning condition in __run_timers() (git-fixes)
- commit 91079b8
- Revert "/SUNRPC: attempt AF_LOCAL connect on setup"/ (git-fixes).
- SUNRPC: Ensure gss-proxy connects on setup (git-fixes).
- NFSv4: Don't invalidate inode attributes on delegation return
  (git-fixes).
- commit c794712
- cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
  (CVE-2022-0168 bsc#1197472).
- commit 5256a40
- cifs: prevent bad output lengths in smb2_ioctl_query_info()
  (CVE-2022-0168 bsc#1197472).
- commit 3989909
- nvdimm/region: always show the 'align' attribute (bsc#1199114).
- commit 6437352
- net: hns3: add a check for index in hclge_get_rss_key()
  (git-fixes).
- commit 43b8d6e
- net: hdlc_ppp: Fix issues when mod_timer is called while timer
  is running (git-fixes).
- commit e3f1aee
- net: bcmgenet: Fix a resource leak in an error handling path
  in the probe functin (git-fixes).
- commit 93f6ac8
- lan743x: fix rx_napi_poll/interrupt ping-pong (git-fixes).
- commit 47f1751
- lan743x: remove redundant assignment to variable
  rx_process_result (git-fixes).
- commit 529465d
- series.conf: sort out patches
- commit a6ad4ca
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- commit 5d4e32c
- sched/topology: Skip updating masks for non-online nodes
  (bsc#1197446 ltc#183000).
- commit 1e43cf6
- Update patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes bsc#1197446 ltc#183000).
- commit 89f63a7
- iwlwifi: mvm: fix the return type for DSM functions 1 and 2
  (git-fixes).
- commit 7bb7073
- objtool: Fix type of reloc::addend (git-fixes).
- commit 9c82829
- ixgbevf: add disable link state (bsc#1196426 CVE-2021-33061).
- ixgbe: add improvement for MDD response functionality
  (bsc#1196426 CVE-2021-33061).
- ixgbe: add the ability for the PF to disable VF link state
  (bsc#1196426 CVE-2021-33061).
- commit c5d1777
- mt76: mt7663s: fix rx buffer refcounting (git-fixes).
- commit 098565a
- usb: dwc3: gadget: Return proper request status (git-fixes).
- commit 73a340f
- usb: dwc3: core: Only handle soft-reset in DCTL (git-fixes).
- commit 454e4d6
- usb: dwc3: core: Fix tx/rx threshold settings (git-fixes).
- commit c81dcdc
- Revert lpfc driver update to 14.2.0.1 (bsc#1198989)
- commit eb15c95
- blacklist.conf: ("/arm64: patch_text: Fixup last cpu should be master"/)
- commit ec52e4c
- blacklist.conf: ("/arm64: prevent instrumentation of bp hardening callbacks"/)
- commit 4711dc6
- blacklist.conf: ("/arm64: dts: ls1046a: Update i2c node dma properties"/)
- commit 35426a5
- blacklist.conf: ("/arm64: dts: ls1043a: Update i2c dma properties"/)
- commit 080fa21
- arm64: dts: rockchip: Fix SDIO regulator supply properties on (git-fixes)
- commit ff56d7c
- arm64: dts: broadcom: Fix sata nodename (git-fixes)
- commit ae709d6
- arm64: dts: ns2: Fix spi-cpol and spi-cpha property (git-fixes)
- commit 7fe2a15
- arm64/mm: avoid fixmap race condition when create pud mapping (git-fixes)
- commit 86007a2
- net: mana: Remove unnecessary check of cqe_type in
  mana_process_rx_cqe() (bsc#1195651).
- net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).
- net: mana: Reuse XDP dropped page (bsc#1195651).
- net: mana: Add counter for XDP_TX (bsc#1195651).
- net: mana: Add counter for packet dropped by XDP (bsc#1195651).
- net: mana: Use struct_size() helper in
  mana_gd_create_dma_region() (bsc#1195651).
- commit c23f4de
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline functions (git-fixes)
- commit 1b82f10
- drivers: base: cacheinfo: Get rid of DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes)
- commit dd7ee34
- arm64: Always force a branch protection mode when the compiler has one (git-fixes).
  Refresh patches.suse/arm64-enable-tlbi-range-instructions.patch.
- commit fa4122b
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit a40b3c9
- blacklist.conf: Append 'drm/tegra: Add back arm_iommu_detach_device()'
- commit f7fdb0f
- blacklist.conf: Append 'drm/i915: Fix syncmap memory leak'
- commit 5ad47f2
- drm/amd/display: Fix memory leak in dcn21_clock_source_create (bsc#1152472)
- commit f640496
- USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs (bsc#1152489)
- commit 30a990e
- drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)
- commit 40b57d4
- drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)
- commit e9f409a
- drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)
- commit 20ca121
- drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)
- commit dd83cfa
- backlight: qcom-wled: Respect enabled-strings in set_brightness (bsc#1152489)
- commit 9612dd6
- drm/vmwgfx: Remove unused compile options (bsc#1152472)
- commit fdc716b
- mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).
- commit 83451f5
- adm8211: fix error return code in adm8211_probe() (git-fixes).
- blacklist.conf:
- commit 88c7ed6
- bnx2x: fix napi API usage sequence (bsc#1198217).
- commit 62d4fc3
- blacklist.conf: Append 'Revert "/drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"/'
- commit f314ea7
- Revert "/drm/i915/tgl/dsi: Gate the ddi clocks after pll mapping"/ (bsc#1152489)
- commit 3316fe5
- drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)
- commit 1614767
- drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)
- commit c29d398
- blacklist.conf: Append 'drm/i915: Drop all references to DRM IRQ midlayer'
- commit 0f90ce0
- drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)
- commit 7533a77
- powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513
  git-fixes).
- commit 2fb7add
- powerpc/perf: Fix power9 event alternatives (bsc#1137728,
  LTC#178106, git-fixes).
- Revert "/ibmvnic: Add ethtool private flag for driver-defined
  queue limits"/ (bsc#1121726 ltc#174633 git-fixes).
- commit fb3d244
- usb: gadget: uvc: Fix crash when encoding data for usb request
  (git-fixes).
- commit 41fb68a
- USB: Fix xhci event ring dequeue pointer ERDP update issue
  (git-fixes).
- commit a4a5749
- net/x25: Fix null-ptr-deref caused by x25_disconnect
  (CVE-2022-1516 bsc#1199012).
- commit bd2f1ec
- blacklist.conf: Append 'vt: Fix character height handling with VT_RESIZEX'
- commit c8d9e53
- video: fbdev: udlfb: properly check endpoint type (bsc#1152489)
- commit 6f1b5e7
- vgacon: Propagate console boot parameters before calling `vc_resize' (bsc#1152489)
- commit 9480dc7
- drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)
  Refresh patches.suse/drm-vc4-crtc-Make-sure-the-HDMI-controller-is-powere.patch.
- commit f23bc57
- Refresh patches.suse/nvme-pci-disable-the-write-zeros-command-for-Intel-6.patch.
  Workaround rapidquilt patch parsing bug.
- commit 87d73da
- bfq: Make sure bfqg for which we are queueing requests is online
  (bsc#1197926).
- bfq: Get rid of __bio_blkcg() usage (bsc#1197926).
- bfq: Track whether bfq_group is still online (bsc#1197926).
- bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).
  Refresh patches.kabi/block-fixup-kabi-blk_mq_sched_try_insert_merge.patch
- bfq: Drop pointless unlock-lock pair (bsc#1197926).
- bfq: Update cgroup information before merging bio (bsc#1197926).
- bfq: Split shared queues on move between cgroups (bsc#1197926).
- bfq: Avoid merging queues with different parents (bsc#1197926).
- commit ad5069e
- Update config files (bsc#1199024).
  arm LIBNVDIMM y->m
  ppc64le ND_BLK ->m
- commit bfd0e0e
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- commit f31a75c
- ovl: fix missing negative dentry check in ovl_rename()
  (CVE-2021-20321 bsc#1191647).
- commit 14422d8
- Update of patches.suse/xen-x86-obtain-full-video-frame-buffer-address-for-D.patch
- commit e4f67dd
- Update of patches.suse/xen-x86-obtain-upper-32-bits-of-video-frame-buffer-a.patch
- commit 62cffc1
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- commit 5792732
- scsi: scsi_dh_alua: Avoid crash during alua_bus_detach()
  (bsc#1028340 bsc#1198825).
- commit daeb829
- block: Drop leftover references to RQF_SORTED (bsc#1182073).
- commit 8b93fb0
- Report kabi after Revert "/NFSv4: Handle the special Linux file
  open access mode"/ (git-fixes).
- commit eaf3351
- SUNRPC: Handle low memory situations in call_status()
  (git-fixes).
- SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).
- SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
  (git-fixes).
- NFSv4: fix open failure with O_ACCMODE flag (git-fixes).
- Revert "/NFSv4: Handle the special Linux file open access mode"/
  (git-fixes).
- commit bc9b111
- Refresh
  patches.suse/SUNRPC-avoid-race-between-mod_timer-and-del_timer_sy.patch.
  update info now this has landed in mainline
- commit 62eff20
- Input: omap4-keypad - fix pm_runtime_get_sync() error checking
  (git-fixes).
- commit ae48f44
- pahole 1.22 required for full BTF features.
  also recommend pahole for kernel-source to make the kernel buildable
  with standard config
- commit 364f54b
- net: asix: add proper error handling of usb read errors
  (git-fixes).
- commit ff1011e
- blacklist.conf: breaks ABI
- commit 8ec9040
- Update
  patches.suse/net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch
  (bsc#1196018 CVE-2022-28748).
  added CVE number
- commit dfbe27e
- random: check for signal_pending() outside of need_resched()
  check (git-fixes).
- hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER
  (git-fixes).
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
  (git-fixes).
- ipmi: bail out if init_srcu_struct fails (git-fixes).
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- ath5k: fix building with LEDS=m (git-fixes).
- commit 628fd01
- blacklist.conf: add one ARCH_NOMADIK entry
- commit e6296cd
- drm/vc4: Use pm_runtime_resume_and_get to fix
  pm_runtime_get_sync() usage (git-fixes).
- drm/panel/raspberrypi-touchscreen: Initialise the bridge in
  prepare (git-fixes).
- drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not
  initialised (git-fixes).
- ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec
  is in use (git-fixes).
- ASoC: msm8916-wcd-digital: Check failure for
  devm_snd_soc_register_component (git-fixes).
- ASoC: soc-dapm: fix two incorrect uses of list iterator
  (git-fixes).
- ASoC: atmel: Remove system clock tree configuration for
  at91sam9g20ek (git-fixes).
- ALSA: hda/hdmi: fix warning about PCM count when used with SOF
  (git-fixes).
- commit 964158d
- drm/mediatek: Add AAL output size configuration (git-fixes).
- commit 655aeed
- drm/i915: Call i915_globals_exit() if pci_register_device()
  fails (git-fixes).
- commit 1f2658b
- blacklist.conf: 0abb33bfca0f drm/i915/gtt: drop the page table optimisation
- commit e68827f
- blacklist.conf: 11e3c676683c drm/imx: ipuv3-plane: Remove two unnecessary export symbols
- commit 6474a0a
- blacklist.conf: b2423184ac33 drm/i915: Enable -Wuninitialized
- commit d70d26a
- blacklist.conf: 34b07d47dd00 drm/i915: Enable -Wuninitialized
- commit fb880ad
- drm/mediatek: Fix aal size config (git-fixes).
- commit 0c5a7bd
- Refresh
  patches.suse/drm-i915-gem-Flush-coherency-domains-on-first-set-do.patch.
  Alt-commit
- commit 4d3e42c
- drm/i915/gem: Flush coherency domains on first set-domain-ioctl
  (git-fixes).
- commit 174f497
- use jobs not processors in the constraints
  jobs is the number of vcpus available to the build, while processors
  is the total processor count of the machine the VM is running on.
- commit a6e141d
- Refresh
  patches.suse/0007-drm-vc4-hdmi-Make-sure-the-controller-is-powered-in-.patch.
  Alt-commit
- commit 02dff0c
- Refresh
  patches.suse/0004-drm-amdgpu-Don-t-query-CE-and-UE-errors.patch.
  Alt-commit
- commit 875e622
- Refresh
  patches.suse/drm-radeon-Avoid-power-table-parsing-memory-leaks.patch.
  Alt-commit
- commit 5dbb1a1
- Refresh
  patches.suse/drm-radeon-Fix-off-by-one-power_state-index-heap-ove.patch.
  Alt-commit
- commit 0db3384
- Refresh
  patches.suse/0003-amdgpu-fix-GEM-obj-leak-in-amdgpu_display_user_frame.patch.
  Alt-commit
- commit f3ae579
- Refresh
  patches.suse/drm-i915-gt-Prevent-use-of-engine-wa_ctx-after-error.patch.
  Alt-commit
- commit bdf1613
- Update patch reference for drm fix (CVE-2022-1419 bsc#1198742)
- commit 5c0501b
- dmaengine: idxd: add RO check for wq max_transfer_size write
  (git-fixes).
- dmaengine: idxd: add RO check for wq max_batch_size write
  (git-fixes).
- dmaengine: mediatek:Fix PM usage reference leak of
  mtk_uart_apdma_alloc_chan_resources (git-fixes).
- dmaengine: imx-sdma: Fix error checking in sdma_event_remap
  (git-fixes).
- dma: at_xdmac: fix a missing check on list iterator (git-fixes).
- e1000e: Fix possible overflow in LTR decoding (git-fixes).
- commit c3cb470
- RDMA/hfi1: Fix use-after-free bug for mm struct (bsc#1179878
  CVE-2020-27835).
- RDMA/mlx5: Add a missing update of cache->last_add
  (jsc#SLE-15175).
- RDMA/mlx5: Don't remove cache MRs when a delay is needed
  (jsc#SLE-15175).
- IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).
- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache
  ODP MR (jsc#SLE-15175).
- RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).
- bareudp: use ipv6_mod_enabled to check if IPv6 enabled
  (jsc#SLE-15172).
- commit 8664ee1
- drm/amd/display: don't ignore alpha property on pre-multiplied
  mode (git-fixes).
- ALSA: pcm: Test for "/silence"/ field in struct "/pcm_format_data"/
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).
- regulator: wm8994: Add an off-on delay for WM8994 variant
  (git-fixes).
- drm/amd/display: Fix allocate_mst_payload assert on resume
  (git-fixes).
- gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).
- drm/amdkfd: Check for potential null return of kmalloc_array()
  (git-fixes).
- drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).
- drm/amd/display: Update VTEM Infopacket definition (git-fixes).
- drm/amd/display: fix audio format not updated after edid updated
  (git-fixes).
- drm/amd: Add USBC connector ID (git-fixes).
- net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
  (git-fixes).
- ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs
  (git-fixes).
- commit d7352af
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (CVE-2022-1158 bsc#1197660).
- commit 0581a66
- Update patch reference for NFC fix (CVE-2021-38208 bsc#1187055)
- commit 37ea6b2
- Update patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
  (bsc#1065729 bsc#1198660 ltc#197803).
- commit d408779
- ath9k: Fix usage of driver-private space in tx_info (git-fixes).
- ALSA: usb-audio: Limit max buffer and period sizes per time
  (git-fixes).
- ALSA: usb-audio: Increase max buffer size (git-fixes).
- commit fa0433d
- Delete patches.suse/PM-wakeup-simplify-the-output-logic-of-pm_show_wakel.patch
  The patch is superfluous (config not enabled) and would break the build.
- commit 6270819
- spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem
  and controller (git-fixes).
- nfc: nci: add flush_workqueue to prevent uaf (git-fixes).
- staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree
  (git-fixes).
- virtio_console: eliminate anonymous module_init & module_exit
  (git-fixes).
- w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).
- USB: usb-storage: Fix use of bitfields for hardware data in
  ene_ub6250.c (git-fixes).
- usb: dwc3: omap: fix "/unbalanced disables for smps10_out1"/
  on omap5evm (git-fixes).
- USB: serial: pl2303: add IBM device IDs (git-fixes).
- USB: serial: simple: add Nokia phone driver (git-fixes).
- xhci: fix runtime PM imbalance in USB2 resume (git-fixes).
- xhci: fix uninitialized string returned by
  xhci_decode_ctrl_ctx() (git-fixes).
- mtd: rawnand: atmel: fix refcount issue in
  atmel_nand_controller_init (git-fixes).
- mtd: rawnand: gpmi: fix controller timings setting (git-fixes).
- mtd: onenand: Check for error irq (git-fixes).
- spi: mxic: Fix the transmit path (git-fixes).
- power: supply: wm8350-power: Add missing free in
  free_charger_irq (git-fixes).
- power: supply: wm8350-power: Handle error for
  wm8350_register_irq (git-fixes).
- power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled()
  wrong false return (git-fixes).
- power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).
- power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init
  (git-fixes).
- power: supply: axp20x_battery: properly report current when
  discharging (git-fixes).
- power: reset: gemini-poweroff: Fix IRQ check in
  gemini_poweroff_probe (git-fixes).
- PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails
  (git-fixes).
- PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated
  bridge (git-fixes).
- PCI: aardvark: Fix support for MSI interrupts (git-fixes).
- PCI: pciehp: Add Qualcomm quirk for Command Completed erratum
  (git-fixes).
- PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).
- mt76: mt7615: check sta_rates pointer in
  mt7615_sta_rate_tbl_update (git-fixes).
- mt76: mt7603: check sta_rates pointer in
  mt7603_sta_rate_tbl_update (git-fixes).
- ray_cs: Check ioremap return value (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).
- video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).
- video: fbdev: atari: Atari 2 bpp (STe) palette bugfix
  (git-fixes).
- video: fbdev: cirrusfb: check pixclock to avoid divide by zero
  (git-fixes).
- video: fbdev: w100fb: Reset global state (git-fixes).
- video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
  (git-fixes).
- spi: Fix erroneous sgs value with min_t() (git-fixes).
- spi: tegra20: Use of_device_get_match_data() (git-fixes).
- PM: core: keep irq flags in device_pm_check_callbacks()
  (git-fixes).
- spi: Fix invalid sgs value (git-fixes).
- virtio_console: break out of buf poll on remove (git-fixes).
- commit a1662ac
- i2c: dev: Force case user pointers in compat_i2cdev_ioctl()
  (git-fixes).
- gpiolib: acpi: use correct format characters (git-fixes).
- memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe
  (git-fixes).
- firmware: arm_scmi: Fix sorting of retrieved clock rates
  (git-fixes).
- drm/msm/dsi: Use connector directly in
  msm_dsi_manager_connector_init() (git-fixes).
- lz4: fix LZ4_decompress_safe_partial read out of bound
  (git-fixes).
- mmc: mmci: stm32: correctly check all elements of sg list
  (git-fixes).
- drm/edid: check basic audio support on CEA extension block
  (git-fixes).
- mfd: asic3: Add missing iounmap() on error asic3_mfd_probe
  (git-fixes).
- mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).
- HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports
  (git-fixes).
- HID: intel-ish-hid: Use dma_alloc_coherent for firmware update
  (git-fixes).
- drm/bridge: cdns-dsi: Make sure to to create proper aliases
  for dt (git-fixes).
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe
  (git-fixes).
- drm/amd/display: Remove vupdate_int_entry definition
  (git-fixes).
- drm/amdkfd: make CRAT table missing message informational only
  (git-fixes).
- drm/amdgpu: Fix recursive locking warning (git-fixes).
- drm/amd/display: Fix a NULL pointer dereference in
  amdgpu_dm_connector_add_common_modes() (git-fixes).
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj
  (git-fixes).
- drm: Add orientation quirk for GPD Win Max (git-fixes).
- drm/edid: Don't clear formats if using deep color (git-fixes).
- drm/bridge: Add missing pm_runtime_disable() in
  __dw_mipi_dsi_probe (git-fixes).
- iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).
- iwlwifi: Fix -EIO error code that is never returned (git-fixes).
- media: cx88-mpeg: clear interrupt status register before
  streaming video (git-fixes).
- media: hdpvr: initialize dev->worker at hdpvr_register_videodev
  (git-fixes).
- mmc: host: Return an error when ->enable_sdio_irq() ops is
  missing (git-fixes).
- KEYS: fix length validation in keyctl_pkey_params_get_2()
  (git-fixes).
- mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).
- commit f6dc585
- cfg80211: hold bss_lock while updating nontrans_list
  (git-fixes).
- ath9k: Properly clear TX status area before reporting to
  mac80211 (git-fixes).
- ALSA: usb-audio: Cap upper limits of buffer/period bytes for
  implicit fb (git-fixes).
- dmaengine: Revert "/dmaengine: shdma: Fix runtime PM imbalance
  on error"/ (git-fixes).
- clk: Enforce that disjoints limits are invalid (git-fixes).
- clk: si5341: fix reported clk_rate when output divider is 2
  (git-fixes).
- dma-debug: fix return value of __setup handlers (git-fixes).
- Documentation: update stable tree link (git-fixes).
- Documentation: add link to stable release candidate tree
  (git-fixes).
- drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev
  (git-fixes).
- Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt
  (git-fixes).
- Bluetooth: Fix use after free in hci_send_acl (git-fixes).
- carl9170: fix missing bit-wise or operator for tx_params
  (git-fixes).
- brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).
- brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with
  memcpy_toio (git-fixes).
- brcmfmac: firmware: Allocate space for default boardrev in nvram
  (git-fixes).
- brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup
  error path (git-fixes).
- ath9k_htc: fix uninit value bugs (git-fixes).
- ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).
- ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern
  (git-fixes).
- Bluetooth: hci_serdev: call init_rwsem() before p->open()
  (git-fixes).
- ALSA: hda/realtek: Add alc256-samsung-headphone fixup
  (git-fixes).
- ASoC: soc-compress: Change the check for codec_dai (git-fixes).
- ASoC: soc-compress: prevent the potentially use of null pointer
  (git-fixes).
- ASoC: soc-core: skip zero num_dai component in searching dai
  name (git-fixes).
- ACPI: processor idle: Check for architectural support for LPI
  (git-fixes).
- ACPI/APEI: Limit printable size of BERT table data (git-fixes).
- ACPICA: Avoid walking the ACPI Namespace if it is not there
  (git-fixes).
- commit d3a3908
- fibmap: Reject negative block numbers (bsc#1198448).
- commit a2724a8
- fibmap: Use bmap instead of ->bmap method in ioctl_fibmap
  (bsc#1198448).
- commit d8c35f2
- af_key: add __GFP_ZERO flag for compose_sadb_supported in
  function pfkey_register (CVE-2022-1353 bsc#1198516).
- commit 981f1ec
- Update
  patches.suse/RDMA-rtrs-clt-Fix-possible-double-free-in-error-case.patch
  (jsc#SLE-15176 bsc#1198515 CVE-2022-29156).
  Added CVE reference.
- commit 377f598
- SUNRPC: Ensure we flush any closed sockets before
  xs_xprt_free() (bsc#1198330 CVE-2022-28893).
- commit f607730
- Update patch reference for dma-buf fix (CVE-2021-0707 bsc#1198437)
- commit 05bffce
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on
  PTRACE_SEIZE (bsc#1198413).
- commit daaf8a2
- blacklist.conf: Add 460a79e18842 mm/memcontrol: return 1 from cgroup.memory __setup() handler
- commit 91b4481
- Update patches.suse/cgroup-verify-that-source-is-a-string.patch
  (bsc#1190131 bsc#1193842 CVE-2021-4154).
- commit 0f6b5cd
- Update patch references of drm fixes (CVE-2022-1280 bsc#1197914)
- commit 5e3bc51
- bpf: Resolve to prog->aux->dst_prog->type only for
  BPF_PROG_TYPE_EXT (git-fixes bsc#1177028).
- commit 3b5cd8a
- blacklist.conf: kABI
- commit 2d0be1f
- Update patch reference for DRM fix (CVE-2021-20292 bsc#1183723)
- commit f6cdff5
- spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()
  (git-fixes).
- mmc: renesas_sdhi: don't overwrite TAP settings when HS400
  tuning is complete (git-fixes).
- Revert "/mmc: sdhci-xenon: fix annoying 1.8V regulator warning"/
  (git-fixes).
- drm/imx: Fix memory leak in imx_pd_connector_get_modes
  (git-fixes).
- drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire()
  (git-fixes).
- commit 5e07dff
- scsi: mpt3sas: Fix use after free in
  _scsih_expander_node_remove() (git-fixes).
- commit 139e22c
- scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA
  commands (git-fixes).
- scsi: mpt3sas: Page fault in reply q processing (git-fixes).
- commit 1ac8b89
- Update
  patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr.ss_family.patch
  (bsc#1181147 bsc#1192845 CVE-2021-43975).
  Added CVE reference
- commit 3261376
- fuse: handle kABI change in struct fuse_req (bsc#1197343
  CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
  CVE-2022-1011).
- commit 5920a58
- x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO
  (git-fixes).
- commit caea381
- Update patch reference for NFS/RDMA fix (CVE-2022-0812 bsc#1196639)
- commit 7e276c6
- livepatch: Don't block removal of patches that are safe to
  unload (bsc#1071995).
- commit 21cea26
- ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).
- ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).
- ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020
  (git-fixes).
- ALSA: cs4236: fix an incorrect NULL check on list iterator
  (git-fixes).
- rtc: check if __rtc_read_time was successful (git-fixes).
- rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
  (git-fixes).
- commit 1e2cb1a
- Move upstreamed ALSA, BT and input patches into sorted section
- commit d4e3d80
- x86/speculation: Restore speculation related MSRs during S3
  resume (bsc#1198400).
- commit aece496
- arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0 (git-fixes)
- commit 087a75e
- arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1 (git-fixes)
- commit cb1ef60
- arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)
- commit e6f7c40
- arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)
- commit 5770b13
- blacklist.conf: ("/arm64: dts: rockchip: fix audio-supply for Rock Pi 4"/)
- commit 65a864d
- arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)
- commit 66efebd
- arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)
- commit 1a4266e
- x86/pm: Save the MSR validity status at context setup
  (bsc#1198400).
- commit 2364cfa
- arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)
- commit 45ad518
- arm64/sve: Use correct size when reinitialising SVE state (git-fixes)
- commit 470d68d
- arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)
- commit 9b2d9f5
- arm64: dts: exynos: correct GIC CPU interfaces address range on (git-fixes)
- commit 146ef42
- arm64: head: avoid over-mapping in map_memory (git-fixes)
- commit 027cf90
- arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)
- commit 6684287
- arm64: dts: marvell: armada-37xx: Fix reg for standard variant of (git-fixes)
- commit 4fac006
- blacklist.conf: ("/arm64/mm: Fix ttbr0 values stored in struct thread_info for"/)
- commit db10f73
- arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)
- commit c603535
- arm64: dts: ls1028a: fix memory node (git-fixes)
- commit 578cf73
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit 61796af
- direct-io: defer alignment check until after the EOF check
  (bsc#1197656).
- commit 709fa3b
- direct-io: don't force writeback for reads beyond EOF
  (bsc#1197656).
- commit 8628885
- direct-io: clean up error paths of do_blockdev_direct_IO
  (bsc#1197656).
- commit 16ec2fe
- xen: fix is_xen_pmu() (git-fixes).
- commit b66d3d5
- xen/blkfront: fix comment for need_copy (git-fixes).
- commit 0c15cd4
- blacklist.conf: add 1dbd11ca75 ("/xen: remove gnttab_query_foreign_access()"/)
- commit f877952
- powerpc/perf: Expose Performance Monitor Counter SPR's as part
  of extended regs (bsc#1198077 ltc#197299).
- powerpc/perf: Include PMCs as part of per-cpu cpuhw_events
  struct (bsc#1198077 ltc#197299).
- commit 141f049
- Update
  patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
  references (add CVE-2022-28356 bsc#1197391).
- commit bf5ad66
- cifs: fix bad fids sent over wire (bsc#1197157).
- commit 604b674
- cifs: do not skip link targets when an I/O fails (bsc#1194625).
- commit e700718
- s390/tape: fix timer initialization in tape_std_assign()
  (bsc#1197677 LTC#197378).
- commit cc6ef16
- drm: drm_file struct kABI compatibility workaround
  (bsc#1197914).
- commit dd24982
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
  (bsc#1197914).
- drm: add a locked version of drm_is_current_master
  (bsc#1197914).
- commit 82a498a
- drm: drm_file struct kABI compatibility workaround
  (bsc#1197914).
- commit 7d8a3b5
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
  (bsc#1197914).
- drm: add a locked version of drm_is_current_master
  (bsc#1197914).
- commit 05fda16
- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460)
- commit 8d52c36
- Reinstate some of "/swiotlb: rework "/fix info leak with
  DMA_FROM_DEVICE"/"/ (CVE-2022-0854 bsc#1196823).
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854
  bsc#1196823).
- commit ff554b5
- blacklist.conf: list unneeded commit
- commit 27adcc4
- NFSv4/pNFS: Fix another issue with a list iterator pointing
  to the head (git-fixes).
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
  (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent()
  (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors
  (git-fixes).
- commit 0460a48
- netfilter: nf_tables: initialize registers in nft_do_chain()
  (CVE-2022-1016 bsc#1197227).
- commit 7111961
- Delete
  patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
  This was the original work-in-progress patch for CVE-2022-0435 /
  bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266
  ("/tipc: improve size validations for received domain records"/) was added as
  patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but
  this patch was left in place. As it adds the check a bit later than
  upstream fix, it did not cause a conflict so nobody noticed the duplicity.
- commit ef08708
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit 2237578
- net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028).
- commit 49e69cc
- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027).
- ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205
  bsc#1198027).
- ax25: Fix NULL pointer dereferences in ax25 timers
  (CVE-2022-1205 bsc#1198027).
- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205
  bsc#1198027).
- ax25: fix UAF bugs of net_device caused by rebinding operation
  (CVE-2022-1205 bsc#1198027).
- ax25: fix reference count leaks of ax25_dev (CVE-2022-1205
  bsc#1198027).
- commit cfa1c37
- Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028)
- commit 1b5a483
- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199
  bsc#1198028).
- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199
  bsc#1198028).
- commit f30e94a
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
  (CVE-2022-1198 bsc#1198030).
- commit 6da2b7d
- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195
  bsc#1198029).
- commit fcd70e2
- hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195
  bsc#1198029).
- hamradio: defer 6pack kfree after unregister_netdev
  (CVE-2022-1195 bsc#1198029).
- hamradio: defer ax25 kfree after unregister_netdev
  (CVE-2022-1195 bsc#1198029).
- net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195
  bsc#1198029).
- commit d30e348
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
  in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28390 bsc#1198031).
- commit d6e6523
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time
  (bsc#1180153).
- commit 96da58a
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit bd0a18b
- KVM: SVM: Don't flush cache if hardware enforces cache coherency
  across encryption domains (bsc#1178134).
- commit 706a179
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- commit e2095ad
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/perf: Don't use perf_hw_context for trace IMC PMU
  (bsc#1156395).
- commit 130da3b
- mm/page_alloc.c: do not warn allocation failure on zone DMA
  if no managed pages (bsc#1197501).
- dma/pool: create dma atomic pool only if dma zone has managed
  pages (bsc#1197501).
- mm_zone: add function to check if managed dma zone exists
  (bsc#1197501).
- commit c0f79a1
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
  (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled
  (git-fixes).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
  (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
  (git-fixes).
- commit 972eb7f
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
  (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity
  error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
  (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
  (bsc#1197675 bsc#1196478).
- commit 6fc0429
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
  (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
  in error path (git-fixes).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
  in error path (git-fixes).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
  pwmchip_add() (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
  wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in
  adsp_alloc_memory_region (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock
  (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
  (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
  emc_ensure_emc_driver (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element
  (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element
  (git-fixes).
- clk: actions: Terminate clk_div_table with sentinel element
  (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- commit 01f6f64
- printk: disable optimistic spin during panic (bsc#1197894).
- commit 0716386
- printk: Add panic_in_progress helper (bsc#1197894).
- commit f29520c
- blacklist.conf: printk: cosmetic problem
- commit eabafef
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- commit dcd324e
- btrfs: Remove unnecessary check from join_running_log_trans
  (bsc#1194649).
- commit dc4697b
- btrfs: do not commit delayed inode when logging a file in full
  sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name
  exists (bsc#1194649).
- commit b03bb01
- Revert "/module, async: async_synchronize_full() on module init
  iff async is used"/ (bsc#1197888).
- commit 2252be2
- btrfs: avoid unnecessary lock and leaf splits when updating
  inode in the log (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing
  log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log
  (bsc#1194649).
- commit c49b58c
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
  (bsc#1194649).
- commit bcb58d4
- btrfs: check error value from btrfs_update_inode in tree log
  (bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts
  (bsc#1194649).
- commit 215b0a5
- btrfs: remove unnecessary directory inode item update when
  deleting dir entry (bsc#1194649).
- commit ebbb134
- x86/mm/pat: Don't flush cache if hardware enforces cache
  coherency across encryption domnains (bsc#1178134).
- commit ed78280
- btrfs: fix race leading to unnecessary transaction commit when
  logging inode (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction
  commit (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor
  inodes (bsc#1194649).
- btrfs: fix race that results in logging old extents during a
  fast fsync (bsc#1194649).
- commit 54994e0
- scsi: lpfc: Copyright updates for 14.2.0.0 patches
  (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths
  (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR
  paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
  (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the
  FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe
  (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to
  native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
  (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt()
  (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call
  (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
  (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
  (bsc#1197675).
- commit e642242
- btrfs: check if a log tree exists at inode_logged()
  (bsc#1194649).
- commit 1fd0acd
- btrfs: remove no longer needed full sync flag check at
  inode_logged() (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode
  was logged (bsc#1194649).
- commit df30719
- btrfs: skip unnecessary searches for xattrs when logging an
  inode (bsc#1194649).
- commit e2ffdf0
- btrfs: check if a log root exists before locking the log_mutex
  on unlink (bsc#1194649).
- Refresh
  patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch.
- commit 2097b4a
- ext2: correct max file size computing (bsc#1197820).
- commit f1d2053
- block/wbt: fix negative inflight counter when remove scsi device
  (bsc#1197819).
- commit 6f18f30
- block: update io_ticks when io hang (bsc#1197817).
- commit 4ee5ce6
- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815).
- commit 0c58e0d
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- commit 18f264d
- ecryptfs: Fix typo in message (bsc#1197811).
- commit 9a64b6f
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 2d63590
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit db7647d
- bpf: Remove config check to enable bpf support for branch
  records (git-fixes bsc#1177028).
- commit 5fff22c
- net: sched: fix use-after-free in tc_new_tfilter()
  (CVE-2022-1055 bsc#1197702).
- commit 4c7dc78
- net: mcs7830: handle usb read errors properly (git-fixes).
- commit b5b4cb6
- blacklist.conf: kABI
- commit 79d1df3
- blacklist.conf: cleanup, not a bugfix
- commit 3a5b1ab
- blacklist.conf: cleanup, not a bugfix
- commit a1c1b85
- Revert "/usb: dwc3: gadget: Use list_replace_init() before
  traversing lists"/ (git-fixes).
- commit 978c488
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues
  (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID
  processing (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery
  (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix crash during module load unload test
  (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
  (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload
  test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management
  failure (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state
  (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str
  (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- commit d7f7c48
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
  (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
  (bsc#1065729).
- commit 14ca561
- usb: bdc: Fix a resource leak in the error handling path of
  'bdc_probe()' (git-fixes).
- commit b8afee8
- usb: bdc: remove duplicated error message (git-fixes).
- commit 3971aef
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- commit 0a2966f
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- commit f4c7fea
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- commit 3293f5c
- usb: gadget: bdc: use readl_poll_timeout() to simplify code
  (git-fixes).
- commit 686f431
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling
  (git-fixes).
- serial: 8250_lpss: Balance reference count for PCI DMA device
  (git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device
  (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_*
  flags (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake
  (git-fixes).
- misc: sgi-gru: Don't cast parameter in bit operations
  (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in
  rockchip_pinctrl_probe (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
  (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
  (git-fixes).
- pinctrl: mediatek: paris: Fix "/argument"/ argument type for
  mtk_pinconf_get() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
  (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
  (git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
  (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for
  ARRAY_SIZE() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- commit ed99607
- usb: bdc: use devm_platform_ioremap_resource() to simplify code
  (git-fixes).
- commit d8de3ca
- driver core: dd: fix return value of __setup handler
  (git-fixes).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- iio: accel: mma8452: use the correct logic to get mma8452_data
  (git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit
  reversing (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations
  (git-fixes).
- iio: inkern: make a best effort on offset calculation
  (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is
  available (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
  (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97
  codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
  (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE
  NT-USB (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc671 (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
  (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface
  Go 3 (git-fixes).
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
  (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- commit 34d0dc9
- blacklist.conf: Add 1e9d74660d4d "/bpf: Fix mount source show for bpffs"/
  Missing required dependency
- commit 5a8e47e
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
  (git-fixes).
- commit 36f2c3d
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
  (git-fixes).
- commit b94b06c
- x86/cpu: Add hardware-enforced cache coherency as a CPUID
  feature (bsc#1178134).
- Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature.
- commit 9b8fd9f
- Metadata update
- commit 20a72ea
- Revert "/Input: clear BTN_RIGHT/MIDDLE on buttonpads"/
  (bsc#1197243).
- commit 1e324a1
- Drop HID multitouch fix patch (bsc#1197243)
  Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch.
  Replaced with another revert patch.
- commit 169cf98
- usb: dwc3: qcom: add IRQ check (git-fixes).
- commit 0f04f35
- usb: dwc3: gadget: Use list_replace_init() before traversing
  lists (git-fixes).
- commit fa45b43
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
- commit 6c80c92
- Add CVE tags to
  patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch
  (bsc#1189562 bsc#1196761 CVE-2022-0850).
- commit f3cb08f
- blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP
- commit ae70ffd
- drm/i915/gem: add missing boundary check in vm_access
  (git-fixes).
- commit 99cd925
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- commit 9c986de
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
  (git-fixes).
- commit 38ac9a8
- Refresh
  patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch.
  Alt-commit
- commit 81cf826
- Refresh
  patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch.
  Alt-commit
- commit 9f55faf
- Refresh
  patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch.
  Alt-commit
- commit eb12d1f
- drm/amd/display: Add affected crtcs to atomic state for dsc
  mst unplug (git-fixes).
- commit 1b3e76b
- blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don't offset by 2 in FRU EEPROM
- commit 6877985
- drm/amd/pm: return -ENOTSUPP if there is no
  get_dpm_ultimate_freq function (git-fixes).
- commit fb7d1f2
- drm/nouveau/acr: Fix undefined behavior in
  nvkm_acr_hsfw_load_bl() (git-fixes).
- commit 4a1a717
- drm/doc: overview before functions for drm_writeback.c
  (git-fixes).
- commit 6d05b7f
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- commit 8027fb9
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in
  nwl_dsi_probe (git-fixes).
- commit c253ca8
- drm/meson: Fix error handling when afbcd.ops->init fails
  (git-fixes).
- commit 42a3562
- drm/meson: osd_afbcd: Add an exit callback to struct
  meson_afbcd_ops (git-fixes).
- commit f2138e4
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
  parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- commit 4765cfb
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- commit 047d2b7
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
  as vbG200 to avoid black screen (git-fixes).
- commit 3094fd1
- drm/vc4: crtc: Make sure the HDMI controller is powered when
  disabling (git-fixes).
- commit 0e082ec
- esp: Fix possible buffer overflow in ESP transformation
  (bsc#1197131 CVE-2022-0886 CVE-2022-27666).
- commit 39a5891
- Update
  patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch
  (bsc#1194589 bsc#1197366 CVE-2021-45868).
- commit 1a6f8a7
- pinctrl: samsung: drop pin banks references on error paths
  (git-fixes).
- memory: emif: check the pointer temp in get_device_details()
  (git-fixes).
- memory: emif: Add check for setup_interrupts (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc
  (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
  (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe()
  (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: stk1160: If start stream fails, return buffers with
  VB2_BUF_STATE_QUEUED (git-fixes).
- media: Revert "/media: em28xx: add missing
  em28xx_close_extension"/ (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame
  (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: hantro: Fix overfill bottom register field name
  (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
  (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices
  (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
  (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
  (git-fixes).
- video: fbdev: atmel_lcdfb: fix an error code in
  atmel_lcdfb_probe() (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
  (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
  as vbG200 to avoid black screen (git-fixes).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers
  (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and
  suspend functions (git-fixes).
- commit 33bac97
- firmware: qcom: scm: Remove reassignment to desc following
  initializer (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
  (git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
  wcd934x_codec_parse_data (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in
  pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare()
  in msm8916_wcd_digital_probe (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
  (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config()
  callback (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: atmel: Add missing of_node_put() in
  at91sam9g20ek_audio_probe (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in
  rt5663_parse_dp() (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
  (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
  (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write
  (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ASoC: codecs: wcd934x: fix return value of
  wcd934x_rx_hph_mode_put (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred
  transaction (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
  (git-fixes).
- commit 364280e
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit 0f1f53e
- cifs: use the correct max-length for dentry_path_raw()
  (bsc1196196).
- commit d014f56
- blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
- commit 2d7347b
- config: enable DEBUG_INFO_BTF
  This option allows users to access the btf type information for vmlinux
  but not kernel modules.
- commit fb07e10
- quota: check block number when reading the block in quota file
  (bsc#1197366 CVE-2021-45868).
- commit a7d4915
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
  bsc#1197331).
- commit 8a9b87d
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
  bsc#1197331).
- commit 12628f8
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit aee063f
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- commit 8c138d0
- fuse: handle kABI change in struct fuse_args (bsc#1197343
  CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
  CVE-2022-1011).
- commit 112493c
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
  (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe
  (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings
  (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
  (git-fixes).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels
  (git-fixes).
- crypto: cavium/nitrox - don't cast parameter in bit operations
  (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- crypto: ccree - don't attempt 0 len DMA mappings (git-fixes).
- crypto: qat - don't cast parameter in bit operations
  (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
  (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in
  pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check
  (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source
  scatterlist (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup()
  (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment
  (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource
  documentation (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods
  (git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler
  (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no
  more references (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap
  in timer_of_base_init() (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting
  udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in
  rndis_set_response() (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to
  connector (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT
  (git-fixes).
- iwlwifi: don't advertise TWT support (git-fixes).
- mac80211: refuse aggregations sessions before authorized
  (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN
  device when fully ready (git-fixes).
- commit 240077f
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- commit 4fc5228
- blacklist.conf: Add 2ecedd756908 ("/membarrier: Add an actual barrier before rseq_preempt()"/)
- commit e7a5059
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- commit 3a3c855
- netfilter: conntrack: don't refresh sctp entries in closed state
  (bsc#1197389).
- commit d30cf2f
- NFS: Do not report writeback errors in nfs_getattr()
  (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field
  (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Don't skip directory entries when doing uncached readdir
  (git-fixes).
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
  client (git-fixes).
- NFS: Ensure the server has an up to date ctime before
  hardlinking (git-fixes).
- commit 0dffa33
- blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3
- commit 7de8046
- rpm/constraints.in: skip SLOW_DISK workers for kernel-source
- commit e84694f
- net: hns3: add a check for tqp_index in
  hclge_get_ring_chain_from_mbx() (git-fixes).
- commit 197c612
- net: watchdog: hold device global xmit lock during tx disable
  (git-fixes).
- commit 5f626af
- net: stmmac: set TxQ mode back to DCB after disabling CBS
  (git-fixes).
- commit 64e0e15
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- commit 48628ab
- net: dsa: mv88e6xxx: override existent unicast portvec in
  port_fdb_add (git-fixes).
- commit d733e4e
- team: protect features update by RCU to avoid deadlock
  (git-fixes).
- commit 0917ada
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- commit e20b4bd
- Update config files.
- commit 5e3d4fd
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- commit 2e1e919
- drm/imx: parallel-display: Remove bus flags check in
  imx_pd_bridge_atomic_check() (git-fixes).
- commit 37de9a5
- macros.kernel-source: Fix conditional expansion.
  Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/)
- commit 7e857f7
- ibmvnic: fix race between xmit and reset (bsc#1197302
  ltc#197259).
- commit 1372669
- Revert "/Revert "/build initrd without systemd"/ (bsc#1197300)"/
  This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd.
- commit 72ed14f
- Update config files (bsc#1195926 bsc#1175667).
  VIRTIO_PCI=m -> VIRTIO_PCI=y
- commit 3edad5c
- Revert "/Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/"/
  This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15.
  Which was propagated from my local local tree. Restore the commit
- commit ee9cedc
- rpm: Use bash for %() expansion (jsc#SLE-18234).
  Since 15.4 alternatives for /bin/sh are provided by packages
  <something>-sh. While the interpreter for the build script can be
  selected the interpreter for %() cannot.
  The kernel spec files use bashisms in %().
  While this could technically be fixed there is more serious underlying
  problem: neither bash nor any of the alternatives are 100% POSIX
  compliant nor bug-free.
  It is not my intent to maintain bug compatibility with any number of
  shells for shell scripts embedded in the kernel spec file. The spec file
  syntax is not documented so embedding the shell script in it causes some
  unspecified transformation to be applied to it. That means that
  ultimately any changes must be tested by building the kernel, n times if
  n shells are supported.
  To reduce maintenance effort require that bash is used for kernel build
  always.
- commit bb95fef
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
  (bsc#1178134).
- Refresh
  patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch.
- commit 8588aa6
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- commit 5c5db21
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
  SMT (bsc#1178134).
- commit a719566
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
  (bsc#1197243).
- commit 53c2db3
- Sort in upstreamed BHB patches
- Refresh
  patches.suse/documentation-hw-vuln-update-spectre-doc.patch.
- Refresh
  patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
  patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
  patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch.
- commit 4062a7a
- s390/mm: fix VMA and page table handling code in storage key
  handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions
  (git-fixes).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
  in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling
  follow_pte() (git-fixes).
- mm: add vma_lookup(), update find_vma_intersection() comments
  (git-fixes).
- commit 808c094
- Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/
  This reverts commit 1da843983718d4cfdd652a76e428abee98e37450.
- commit f349b81
- Revert "/build initrd without systemd"/ (bsc#1197300)
  This reverts commit ef4c569b998635a9369390d4e9cfe3a922815c76.
  It seems to be the cause of a stall in OBS build that resulted in
  the failure with obs-build-qa (and possibly others).
- commit ff2b28e
- net/smc: Reset conn->lgr when link group registration fails
  (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early
  (git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- commit 759dc2b
- blacklist.conf: net/smc cleanup with no functional change
- commit 5a33cbb
- Update patch reference for USB gadget fix (CVE-2022-27223 bsc#1197245)
- commit fd3b6e8
- s390/hypfs: include z/VM guests with access control group set
  (bsc#1195640 LTC#196352).
- commit 598f26f
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
  (bsc#1196018).
- commit 1580ab2
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
  (bsc#1196018).
- commit 1cdc779
- Rename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 891ddc4
- rpm: Run external scriptlets on uninstall only when available
  (bsc#1196514 bsc#1196114 bsc#1196942).
  When dependency cycles are encountered package dependencies may not be
  fulfilled during zypper transaction at the time scriptlets are run.
  This is a problem for kernel scriptlets provided by suse-module-tools
  when migrating to a SLE release that provides these scriptlets only as
  part of LTSS. The suse-module-tools that provides kernel scriptlets may
  be removed early causing migration to fail.
- commit ab8dd2d
- sr9700: sanity check for packet length (bsc#1196836
  CVE-2022-26966).
- commit edaafdd
- rpm/*.spec.in: remove backtick usage
- commit 87ca1fb
- s390/module: fix loading modules with a lot of relocations
  (git-fixes).
- commit bc1865f
- blacklist.conf: prerequisites break kABI
- commit d0b972b
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- s390/kexec_file: fix error handling when applying relocations
  (git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- commit 2f0dd10
- s390/bpf: Perform r1 range checking before accessing
  jit->seen_reg (git-fixes).
- commit 1cc7c78
- usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes).
- commit 3863766
- usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes).
- commit 9d7504f
- aio: fix use-after-free due to missing POLLFREE handling
  (CVE-2021-39698 bsc#1196956).
- aio: keep poll requests on waitqueue until completed
  (CVE-2021-39698 bsc#1196956).
- signalfd: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- binder: use wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- wait: add wake_up_pollfree() (CVE-2021-39698 bsc#1196956).
- commit b026506
- usb: dwc2: gadget: Fix kill_all_requests race (git-fixes).
- commit 5ad82f7
- usb: dwc3: meson-g12a: Disable the regulator in the error
  handling path of the probe (git-fixes).
- commit 6109544
- mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes).
- drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes).
- commit 44ceec6
- rpm/kernel-source.spec.in: call fdupes per subpackage
  It is a waste of time to do a global fdupes when we have
  subpackages.
- commit 1da8439
- af_unix: fix garbage collect vs MSG_PEEK (CVE-2021-0920
  bsc#1193731).
- commit 7040fdd
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 8d867d6
- bpf, selftests: Add test case trying to taint map value pointer
  (bsc#1196130,CVE-2021-45402).
- bpf: Make 32->64 bounds propagation slightly more robust
  (bsc#1196130,CVE-2021-45402).
- bpf: Fix signed bounds propagation after mov32
  (bsc#1196130,CVE-2021-45402).
- commit 63a6298
- net: phy: DP83822: clear MISR2 register to disable interrupts
  (git-fixes).
- gianfar: ethtool: Fix refcount leak in gfar_get_ts_info
  (git-fixes).
- NFC: port100: fix use-after-free in port100_send_complete
  (git-fixes).
- ax25: Fix NULL pointer dereference in ax25_kill_by_device
  (git-fixes).
- staging: gdm724x: fix use after free in gdm_lte_rx()
  (git-fixes).
- gpio: ts4900: Do not set DAT and OE together (git-fixes).
- gpiolib: acpi: Convert ACPI value of debounce to microseconds
  (git-fixes).
- usb: hub: Fix locking issues with address0_mutex (git-fixes).
- commit ea6e976
- EDAC: Fix calculation of returned address and next offset in
  edac_align_ptr() (bsc#1178134).
- commit c292d6b
- xen/netfront: react properly to failing
  gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
  CVE-2022-23042).
- commit fe0a923
- xen/gnttab: fix gnttab_end_foreign_access() without page
  specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 58c801b
- xen/pvcalls: use alloc/free_pages_exact() (bsc#1196488,
  XSA-396, CVE-2022-23041).
- commit afb2dba
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
  CVE-2022-23041).
- commit cee63b9
- xen/usb: don't use gnttab_end_foreign_access() in
  xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit b1d434d
- xen/gntalloc: don't use gnttab_query_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23039).
- commit a4ec4aa
- xen/scsifront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit fd9cb30
- xen/netfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 4e33999
- xen/blkfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 4334af7
- xen/grant-table: add gnttab_try_end_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit 19b769a
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
  error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 5aacf1f
- EDAC/altera: Fix deferred probing (bsc#1178134).
- commit 13cc9b2
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- nvme-rdma: fix possible use-after-free in transport
  error_recovery work (git-fixes).
- commit f4a5de3
- usb: host: xen-hcd: add missing unlock in error path
  (git-fixes).
- commit daa9ea7
- Refresh
  patches.suse/0002-usb-Introduce-Xen-pvUSB-frontend-xen-hcd.patch.
- commit d9066f6
- Refresh
  patches.suse/0001-usb-Add-Xen-pvUSB-protocol-description.patch.
- commit 5c41eb3
- rpm/kernel-docs.spec.in: use %%license for license declarations
  Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/*.spec.in: Use https:// urls
- commit 77b5f8e
- nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787).
- commit 8823060
- Bluetooth: btusb: Add missing Chicony device for Realtek
  RTL8723BE (bsc#1196779).
- commit 504b440
- ixgbe: xsk: change !netif_carrier_ok() handling in
  ixgbe_xmit_zc() (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust
  (bsc#1176774).
- net: fix up skbs delta_truesize in UDP GRO frag_list
  (bsc#1176447).
- igc: igc_write_phy_reg_gpy: drop premature return (git-fixes).
- igc: igc_read_phy_reg_gpy: drop premature return (git-fixes).
- iavf: Fix missing check for running netdev (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr outside state checks
  (bsc#1181147).
- RDMA/ib_srp: Fix a deadlock (git-fixes).
- RDMA/rtrs-clt: Fix possible double free in error case
  (jsc#SLE-15176).
- net/mlx5e: TC, Reject rules with forward and drop actions
  (git-fixes).
- net/mlx5e: TC, Reject rules with drop and modify hdr action
  (git-fixes).
- net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded
  packets (jsc#SLE-15172).
- net/mlx5e: Fix wrong return value on ioctl EEPROM query failure
  (git-fixes).
- net/mlx5: Fix possible deadlock on rule deletion (git-fixes).
- net/mlx5: Fix wrong limitation of metadata match on ecpf
  (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
  (git-fixes).
- netfilter: nf_tables: fix memory leak during stateful obj update
  (bsc#1176447).
- bnxt_en: Fix incorrect multicast rx mask setting when not
  requested (git-fixes).
- bnxt_en: Fix occasional ethtool -t loopback test failures
  (git-fixes).
- bnxt_en: Fix offline ethtool selftest with RDMA enabled
  (git-fixes).
- bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649).
- ice: initialize local variable 'tlv' (jsc#SLE-12878).
- nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
  (git-fixes).
- net/sched: act_ct: Fix flow table lookup after ct clear or
  switching zones (jsc#SLE-15172).
- bonding: force carrier update when releasing slave (git-fixes).
- RDMA/mlx4: Don't continue event handler after memory allocation
  failure (git-fixes).
- RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes).
- IB/rdmavt: Validate remote_addr during loopback atomic tests
  (git-fixes).
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes).
- RDMA/rxe: Fix a typo in opcode name (git-fixes).
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after
  empty entry (git-fixes).
- RDMA/core: Let ib_find_gid() continue search even after empty
  entry (git-fixes).
- RDMA/uverbs: Remove the unnecessary assignment (git-fixes).
- RDMA/cma: Remove open coding of overflow checking for
  private_data_len (git-fixes).
- RDMA/hns: Validate the pkey index (git-fixes).
- RDMA/bnxt_re: Scan the whole bitmap when checking if "/disabling
  RCFW with pending cmd-bit"/ (git-fixes).
- RDMA/core: Don't infoleak GRH fields (git-fixes).
- RDMA/uverbs: Check for null return of kmalloc_array (git-fixes).
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes).
- IB/hfi1: Fix early init panic (git-fixes).
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled
  (git-fixes).
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes).
- net/mlx5: Update the list of the PCI supported devices
  (git-fixes).
- commit 5d0d3c3
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- commit 954cba8
- usb: hub: Fix usb enumeration issue due to address0 race
  (git-fixes).
- commit 831632a
- USB: hub: Clean up use of port initialization schemes and
  retries (git-fixes).
- commit 39e09e3
- powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433
  ltc#196449).
- commit 5cf33af
- mask out added spinlock in rndis_params (git-fixes).
- commit cf77fd5
- usb: gadget: rndis: add spinlock for rndis response list
  (git-fixes).
- commit 6500e0b
- HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes).
- HID: add mapping for KEY_DICTATE (git-fixes).
- Input: elan_i2c - fix regulator enable count imbalance after
  suspend/resume (git-fixes).
- Input: elan_i2c - move regulator_[en|dis]able() out of
  elan_[en|dis]able_power() (git-fixes).
- arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output
  (git-fixes).
- dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes).
- i2c: bcm2835: Avoid clock stretching timeouts (git-fixes).
- Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes).
- ASoC: rt5682: do not block workqueue if card is unbound
  (git-fixes).
- ASoC: rt5668: do not block workqueue if card is unbound
  (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
  (git-fixes).
- mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work
  (git-fixes).
- mac80211_hwsim: report NOACK frames in tx_status (git-fixes).
- hamradio: fix macro redefine warning (git-fixes).
- commit add4eb4
- scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes).
- scsi: bnx2fc: Flush destroy_work queue before calling
  bnx2fc_interface_put() (git-fixes).
- scsi: nsp_cs: Check of ioremap return value (git-fixes).
- scsi: qedf: Fix potential dereference of NULL pointer
  (git-fixes).
- scsi: ufs: Fix race conditions related to driver data
  (git-fixes).
- scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write()
  (git-fixes).
- commit 2185cf5
- Add SCSI git-fix to blacklist: too pervasive
- commit 3f4a3f6
- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- commit 511f680
- cgroup/cpuset: Fix "/suspicious RCU usage"/ lockdep warning
  (bsc#1196868).
- commit 30013c2
- cpuset: Fix the bug that subpart_cpus updated wrongly in
  update_cpumask() (bsc#1196866).
- commit 8ee9c97
- blacklist.conf: prerequisites break kABI
- commit 88b00ea
- blacklist.conf: kABI
- commit 11980b2
- blacklist.conf: patch not applicable due to missing infrastructure
- commit be9f64f
- usb: dwc2: use well defined macros for power_down (git-fixes).
- commit 781db9c
- ename colliding patches before the next cve/linux-5.3 -> SLE15-SP3 merge
- commit 59d5e34
- Hand over the maintainership to SLE15-SP3 maintainers
- commit 0c92742
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
  (bnc#1195403).
- commit f6cf219
- cputime, cpuacct: Include guest time in user time in (git-fixes)
- commit b360f79
- sched/core: Mitigate race (git-fixes)
- commit d6e526f
- cpufreq: schedutil: Use kobject release() method to free (git-fixes)
- commit 3b82dc0
- blacklist.conf: Blacklist uclamp related fixes
- commit af69679
- sr9700: sanity check for packet length (bsc#1196836).
- commit 558034f
- tracing: Fix return value of __setup handlers (git-fixes).
- commit 184ff86
- exfat: fix i_blocks for files truncated over 4 GiB  (git-fixes).
- exfat: fix incorrect loading of i_blocks for large files
  (git-fixes).
- commit f1e7b8d
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
  (CVE-2022-26490 bsc#1196830).
- commit fd10ace
- nvme-tcp: fix possible use-after-free in transport
  error_recovery work (git-fixes).
- nvme: fix a possible use-after-free in controller reset during
  load (git-fixes).
- commit 8b4713c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
  (bsc#1194516 CVE-2022-0487).
- Update
  patches.suse/NFSv4-Handle-case-where-the-lookup-of-a-directory-fa.patch
  (bsc#1195612 CVE-2022-24448).
- Update
  patches.suse/udf-Fix-NULL-ptr-deref-when-converting-from-inline-f.patch
  (bsc#1196079 CVE-2022-0617).
- Update
  patches.suse/udf-Restore-i_lenAlloc-when-inode-expansion-fails.patch
  (bsc#1196079 CVE-2022-0617).
- Update
  patches.suse/vfs-check-fd-has-read-access-in-kernel_read_file_from_fd.patch
  (bsc#1194888 CVE-2022-0644 bsc#1196155).
- commit 096ea36
- ALSA: intel_hdmi: Fix reference to PCM buffer address
  (git-fixes).
- ASoC: cs4265: Fix the duplicated control name (git-fixes).
- ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min
  (git-fixes).
- commit 46ecf36
- scsi: smartpqi: Add PCI IDs (bsc#1196627).
- commit 0f3e3c7
- Revert PCI MSI-X patch that caused a regression on network devices (bsc#1196403)
  Deleted:
  patches.suse/PCI-MSI-Mask-MSI-X-vectors-only-on-success.patch
- commit 0c68bb9
- vrf: Fix fast path output packet handling with async Netfilter
  rules (git-fixes).
- commit 4dafe3d
- net/mlx5e: Fix modify header actions memory leak (git-fixes).
- commit 2d08f14
- net: ethernet: ti: cpsw: disable PTPv1 hw timestamping
  advertisement (git-fixes).
- commit 644c57f
- net: hns3: Clear the CMDQ registers before unmapping BAR region
  (git-fixes).
- commit 09653f6
- netsec: ignore 'phy-mode' device property on ACPI systems
  (git-fixes).
- commit b2241ca
- net: sfc: Replace in_interrupt() usage (git-fixes).
- commit 254377d
- gtp: remove useless rcu_read_lock() (git-fixes).
- commit 2588833
- net: dsa: mv88e6xxx: MV88E6097 does not support jumbo
  configuration (git-fixes).
- commit 28ecaea
- Refresh
  patches.suse/ibmvnic-Allow-queueing-resets-during-probe.patch.
- Refresh
  patches.suse/ibmvnic-clear-fop-when-retrying-probe.patch.
- Refresh
  patches.suse/ibmvnic-complete-init_done-on-transport-events.patch.
- Refresh
  patches.suse/ibmvnic-define-flush_reset_queue-helper.patch.
- Refresh
  patches.suse/ibmvnic-don-t-release-napi-in-__ibmvnic_open.patch.
- Refresh
  patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch.
- Refresh patches.suse/ibmvnic-init-init_done_rc-earlier.patch.
- Refresh
  patches.suse/ibmvnic-initialize-rc-before-completing-wait.patch.
- Refresh
  patches.suse/ibmvnic-register-netdev-after-init-of-adapter.patch.
- Refresh
  patches.suse/ibmvnic-schedule-failover-only-if-vioctl-fails.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-pt2pt-NVMe-PRLI-reject-LOGO-loop.patch.
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 25457d5
- netfilter: nf_tables_offload: incorrect flow offload action
  array size (bsc#1196299 CVE-2022-25636).
- commit 30b89a9
- batman-adv: Don't expect inter-netns unique iflink indices
  (git-fixes).
- batman-adv: Request iflink once in batadv_get_real_netdevice
  (git-fixes).
- batman-adv: Request iflink once in batadv-on-batadv check
  (git-fixes).
- nl80211: Handle nla_memdup failures in handle_nan_filter
  (git-fixes).
- mac80211: fix forwarded mesh frames AC & queue selection
  (git-fixes).
- can: gs_usb: change active_channels's type from atomic_t to u8
  (git-fixes).
- commit 1c8fa49
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 1dafeb6
- cgroup-v1: Correct privileges check in release_agent writes
  (bsc#1196723).
- commit 3d0b2e2
- blacklist.conf: Add 51e50fbd3efc psi: fix "/no previous prototype"/ warnings when CONFIG_CGROUPS=n
- commit 2727993
- ARM: 9182/1: mmu: fix returns from early_param() and __setup()
  functions (git-fixes).
- ARM: Fix kgdb breakpoint for Thumb2 (git-fixes).
- ntb: intel: fix port config status offset for SPR (git-fixes).
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- USB: serial: option: add support for DW5829e (git-fixes).
- USB: gadget: validate endpoint index for xilinx udc (git-fixes).
- xhci: re-initialize the HC during resume if HCE was set
  (git-fixes).
- drm/amdgpu: disable MMHUB PG for Picasso (git-fixes).
- USB: zaurus: support another broken Zaurus (git-fixes).
- USB: gadget: validate interface OS descriptor requests
  (git-fixes).
- commit a54291e
- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch
  (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985).
- commit 59ca885
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit 6dcfd65
- blk-mq: don't free tags if the tag_set is used by other device
  in queue initialztion (bsc#1193787).
- commit 5b79ad2
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
  There is a check in OBS that fails when it is included. Also the key is
  not reproducible.
  Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- powerpc/fadump: register for fadump as early as possible
  (bsc#1179439 ltc#190038).
- commit 3f54d95
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- powerpc/pseries/iommu: Fix window size for direct mapping with
  pmem (bsc#1196472 ltc#192278).
- powerpc/dma: Fallback to dma_ops when persistent memory present
  (bsc#1196472 ltc#192278).
  Update config files.
- dma-mapping: Allow mixing bypass and mapped DMA operation
  (bsc#1196472 ltc#192278).
- dma-direct: Fix potential NULL pointer dereference (bsc#1196472
  ltc#192278).
- commit a04953d
- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
  and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit b546cd9
- arm64: Mitigate spectre style branch history side channels
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Update config files.
- commit d035616
- KVM: arm64: Add templates for BHB mitigation sequences
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- Refresh
  patches.suse/kabi-arm64-reserve-space-in-cpu_hwcaps-and-cpu_hwcap.patch.
- commit 8c9b0c2
- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit c3c4a06
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part
  of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
  CVE-2022-0002).
- arm64: entry: Add macro for reading symbol addresses from the
  trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add vectors that have the bhb mitigation sequences
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
  mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow the trampoline text to occupy multiple pages
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move trampoline macros out of ifdef'd section
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Don't assume tramp_vectors is the start of the
  vectors (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Allow tramp_alias to access symbols after the
  4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Move the trampoline data page before the text page
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Free up another register on kpti's tramp_exit path
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit 284cd49
- lib/iov_iter: initialize "/flags"/ in new pipe_buffer
  (bsc#1196584).
- commit 4f3bbf5
- soc: fsl: qe: Check of ioremap return value (git-fixes).
- soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes).
- soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY)
  (git-fixes).
- firmware: arm_scmi: Remove space in MODULE_ALIAS name
  (git-fixes).
- efivars: Respect "/block"/ flag in efivar_entry_set_safe()
  (git-fixes).
- gpio: tegra186: Fix chip_data type confusion (git-fixes).
- gpio: rockchip: Reset int_bothedge when changing trigger
  (git-fixes).
- spi: spi-zynq-qspi: Fix a NULL pointer dereference in
  zynq_qspi_exec_mem_op() (git-fixes).
- iio: Fix error handling for PM (git-fixes).
- iio: adc: men_z188_adc: Fix a resource leak in an error handling
  path (git-fixes).
- iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM
  bits (git-fixes).
- tty: n_gsm: fix proper link termination after failed open
  (git-fixes).
- tty: n_gsm: fix encoding of control signal octet bit DV
  (git-fixes).
- Revert "/USB: serial: ch341: add new Product ID for CH341A"/
  (git-fixes).
- usb: dwc3: gadget: Let the interrupt handler disable bottom
  halves (git-fixes).
- usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes).
- xhci: Prevent futile URB re-submissions due to incorrect return
  value (git-fixes).
- ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes).
- clk: jz4725b: fix mmc0 clock gating (git-fixes).
- drm/edid: Always set RGB444 (git-fixes).
- commit c381750
- x86/speculation: Use generic retpoline by default on AMD
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit bed48b1
- ibmvnic: Allow queueing resets during probe (bsc#1196516
  ltc#196391).
- ibmvnic: clear fop when retrying probe (bsc#1196516 ltc#196391).
- ibmvnic: init init_done_rc earlier (bsc#1196516 ltc#196391).
- ibmvnic: register netdev after init of adapter (bsc#1196516
  ltc#196391).
- ibmvnic: complete init_done on transport events (bsc#1196516
  ltc#196391).
- ibmvnic: define flush_reset_queue helper (bsc#1196516
  ltc#196391).
- ibmvnic: initialize rc before completing wait (bsc#1196516
  ltc#196391).
- ibmvnic: free reset-work-item when flushing (bsc#1196516
  ltc#196391).
- commit 1cc99d0
- tracing: Have traceon and traceoff trigger honor the instance
  (git-fixes).
- commit 92ab7ec
- tracing: Dump stacktrace trigger to the corresponding instance
  (git-fixes).
- commit a3c85e9
- nvme: also mark passthrough-only namespaces ready in
  nvme_update_ns_info (git-fixes).
- nvme: don't return an error from nvme_configure_metadata
  (git-fixes).
- nvme: let namespace probing continue for unsupported features
  (git-fixes).
- commit a5b2a87
- blk-mq: avoid to iterate over stale request (bsc#1193787).
- blk-mq: fix is_flush_rq (bsc#1193787 git-fixes).
- blk-mq: fix kernel panic during iterating over flush request
  (bsc#1193787 git-fixes).
- blk-mq: don't grab rq's refcount in blk_mq_check_expired()
  (bsc#1193787 git-fixes).
- blk-mq: always allow reserved allocation in hctx_may_queue
  (bsc#1193787).
- commit cc53802
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut module (bsc#1195775)
- commit d9a821b
- drm/i915: Fix bw atomic check when switching between SAGV
  vs. no SAGV (git-fixes).
- commit 209cee8
- drm/i915: Correctly populate use_sagv_wm for all pipes
  (git-fixes).
- commit 5d7b5fe
- kABI fixup after adding vcpu_idx to struct kvm_cpu (bsc#1190972
  LTC#194674).
- KVM: remember position in kvm->vcpus array (bsc#1190972
  LTC#194674).
- commit 81f3dbb
- s390/cpumf: Support for CPU Measurement Sampling Facility LS
  bit (bsc#1195081 LTC#196088).
- s390/cpumf: Support for CPU Measurement Facility CSVN 7
  (bsc#1195081 LTC#196088).
- commit 0ce3482
- s390/cio: verify the driver availability for path_event call
  (bsc#1195928 LTC#196418).
- commit 4741f1a
- scsi: zfcp: Fix failed recovery on gone remote port with
  non-NPIV FCP devices (bsc#1195378 LTC#196244).
- commit 6fb3d19
- s390/pci: add s390_iommu_aperture kernel parameter (bsc#1193233
  LTC#195540).
- commit 79f1350
- s390/pci: move pseudo-MMIO to prevent MIO overlap (bsc#1194967
  LTC#196028).
- commit 512e596
- s390/cio: make ccw_device_dma_* more robust (bsc#1193243
  LTC#195549).
- commit 6f84bff
- powerpc/mm: Remove dcache flush from memory remove (bsc#1196433
  ltc#196449).
- commit 72793cf
- block: do not send a rezise udev event for hidden block device
  (bsc#1193096).
- commit c3addda
- s390/bpf: Fix optimizing out zero-extensions (git-fixes).
- commit 542287e
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
  (git-fixes).
- commit 774f927
- ibmvnic: schedule failover only if vioctl fails (bsc#1196400
  ltc#195815).
- commit 7099d61
- ext4: prevent partial update of the extent blocks (bsc#1194163
  bsc#1196339).
- commit 9b7f6a6
- ext4: check for inconsistent extents between index and leaf
  block (bsc#1194163 bsc#1196339).
- commit 8a25180
- ext4: check for out-of-order index extents in
  ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- commit b72afd9
- i2c: brcmstb: fix support for DSL and CM variants (git-fixes).
- mtd: rawnand: brcmnand: Fixed incorrect sub-page ECC status
  (git-fixes).
- mtd: rawnand: gpmi: don't leak PM reference in error path
  (git-fixes).
- mtd: rawnand: qcom: Fix clock sequencing in qcom_nandc_probe()
  (git-fixes).
- ASoC: Revert "/ASoC: mediatek: Check for error clk pointer"/
  (git-fixes).
- ASoC: ops: Fix stereo change notifications in
  snd_soc_put_volsw_range() (git-fixes).
- ASoC: ops: Fix stereo change notifications in
  snd_soc_put_volsw() (git-fixes).
- ALSA: hda: Fix missing codec probe on Shenker Dock 15
  (git-fixes).
- ALSA: hda: Fix regression on forced probe mask option
  (git-fixes).
- drm/radeon: Fix backlight control on iMac 12,1 (git-fixes).
- HID:Add support for UGTABLET WP5540 (git-fixes).
- ata: libata-core: Disable TRIM on M88V29 (git-fixes).
- drm/rockchip: dw_hdmi: Do not leave clock enabled in error case
  (git-fixes).
- net: macb: Align the dma and coherent dma masks (git-fixes).
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- drm/amdgpu: fix logic inversion in check (git-fixes).
- ax25: improve the incomplete fix to avoid UAF and NPD bugs
  (git-fixes).
- commit ea7f847
- udf: Restore i_lenAlloc when inode expansion fails (bsc#1196079
  CVE-2022-0617).
- commit a1deb2a
- udf: Fix NULL ptr deref when converting from inline format
  (bsc#1196079 CVE-2022-0617).
- commit 43cd4ed
- blk-tag: Hide spin_lock (bsc#1193787).
- commit 78741a7
- blk-mq: clearing flush request reference in tags->rqs
  (bsc#1193787).
- blk-mq: clear stale request in tags->rq before freeing one
  request pool (bsc#1193787).
- blk-mq: grab rq->refcount before calling ->fn in
  blk_mq_tagset_busy_iter (bsc#1193787).
- block: avoid double io accounting for flush request
  (bsc#1193787).
- block: mark flush request as IDLE when it is really finished
  (bsc#1193787).
- blk-mq: mark flush request as IDLE in flush_end_io()
  (bsc#1193787).
- commit 2d33352
- btrfs: do not do preemptive flushing if the majority is global rsv (bsc#1196195).
- commit 445785b
- btrfs: handle preemptive delalloc flushing slightly differently (bsc#1196195).
- commit 436acc9
- btrfs: only ignore delalloc if delalloc is much smaller than ordered (bsc#1196195).
- commit a9ec6c0
- btrfs: don't include the global rsv size in the preemptive used amount (bsc#1196195).
- commit ace9b16
- btrfs: use the global rsv size in the preemptive thresh calculation (bsc#1196195).
- commit 4beb0b0
- btrfs: take into account global rsv in need_preemptive_reclaim (bsc#1196195).
- Refresh patches.suse/btrfs-reduce-the-preemptive-flushing-threshold-to-90.patch.
- commit 41c6188
- btrfs: only clamp the first time we have to start flushing (bsc#1196195).
- commit b25996b
- btrfs: check worker before need_preemptive_reclaim (bsc#1196195).
- commit f36b423
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1196195).
- commit ef6e83a
- x86/speculation: Include unprivileged eBPF status in Spectre v2
  mitigation reporting (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit d42fa20
- Documentation/hw-vuln: Update spectre doc (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit a48cfcc
- x86/speculation: Add eIBRS + Retpoline options (bsc#1191580
  CVE-2022-0001 CVE-2022-0002).
- commit 1a20a7e
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 80f47a3
- x86,bugs: Unconditionally allow spectre_v2=retpoline,amd
  (bsc#1191580 CVE-2022-0001 CVE-2022-0002).
- commit 1f9dd65
- kABI: Fix kABI for AMD IOMMU driver (git-fixes).
- commit 718c631
- blacklist.conf: Add 2cbc61a1b166 iommu/dma: Account for min_align_mask w/swiotlb
- commit 142c6ac
- iommu/amd: Fix loop timeout issue in iommu_ga_log_enable()
  (git-fixes).
- iommu/vt-d: Fix potential memory leak in
  intel_setup_irq_remapping() (git-fixes).
- iommu/iova: Fix race between FQ timeout and teardown
  (git-fixes).
- iommu/io-pgtable-arm: Fix table descriptor paddr formatting
  (git-fixes).
- iommu/amd: Remove useless irq affinity notifier (git-fixes).
- iommu/amd: X2apic mode: mask/unmask interrupts on suspend/resume
  (git-fixes).
- iommu/amd: X2apic mode: setup the INTX registers on mask/unmask
  (git-fixes).
- iommu/amd: X2apic mode: re-enable after resume (git-fixes).
- iommu/amd: Restore GA log/tail pointer on host resume
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add error handle for page table
  allocation failure (git-fixes).
- commit 50e60e3
- Update patch reference for USB gadget fix (CVE-2022-25375 bsc#1196235)
- commit b7dc18b
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
  (CVE-2022-25375 bsc#1196235).
- commit 4e7d746
- Update patch reference for vfs fix (CVE-2022-0644 bsc#1196155)
- commit 900b4f0
- net/ibmvnic: Cleanup workaround doing an EOI after partition
  migration (bsc#1089644 ltc#166495 ltc#165544 git-fixes).
- commit 0dfd4da
- drm/i915/opregion: check port number bounds for SWSCI display
  power state (git-fixes).
- drm/i915/gvt: Make DRM_I915_GVT depend on X86 (git-fixes).
- drm/i915/gvt: clean up kernel-doc in gtt.c (git-fixes).
- iwlwifi: fix use-after-free (git-fixes).
- iwlwifi: pcie: gen2: fix locking when "/HW not ready"/
  (git-fixes).
- iwlwifi: pcie: fix locking when "/HW not ready"/ (git-fixes).
- libsubcmd: Fix use-after-free for realloc(..., 0) (git-fixes).
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- USB: serial: cp210x: add NCR Retail IO box id (git-fixes).
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
  (git-fixes).
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
  devices (git-fixes).
- usb: gadget: rndis: check size of RNDIS_MSG_SET command
  (git-fixes).
- usb: gadget: f_uac2: Define specific wTerminalType (git-fixes).
- ACPI/IORT: Check node revision for PMCG resources (git-fixes).
- net: phy: marvell: Fix RGMII Tx/Rx delays setting in
  88e1121-compatible PHYs (git-fixes).
- net: phy: marvell: Fix MDI-x polarity setting in
  88e1118-compatible PHYs (git-fixes).
- usb: dwc2: gadget: don't try to disable ep0 in
  dwc2_hsotg_suspend (git-fixes).
- PM: hibernate: Remove register_nosave_region_late() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for the 1Netbook
  OneXPlayer (git-fixes).
- net: phy: marvell: configure RGMII delays for 88E1118
  (git-fixes).
- commit cc7a24c
- NFSD: Fix the behavior of READ near OFFSET_MAX (bsc#1195957).
- commit 9af94a7
- USB: gadget: validate interface OS descriptor requests
  (CVE-2022-25258 bsc#1196095).
- commit 4c69367
- Drop PCI xgene patch that caused a regression for mxl4 (bsc#1195352)
  Delete patches.suse/PCI-xgene-Fix-IB-window-setup.patch
  Also update blacklist
- commit 4f68062
- gve: Recording rx queue before sending to napi (bsc#1191655).
- gve: Add consumed counts to ethtool stats (bsc#1191655).
- gve: Implement suspend/resume/shutdown (bsc#1191655).
- gve: Add optional metadata descriptor type GVE_TXD_MTD
  (bsc#1191655).
- gve: remove memory barrier around seqno (bsc#1191655).
- gve: Update gve_free_queue_page_list signature (bsc#1191655).
- gve: Move the irq db indexes out of the ntfy block struct
  (bsc#1191655).
- gve: Correct order of processing device options (bsc#1191655).
- gve: fix for null pointer dereference (bsc#1191655).
- gve: fix unmatched u64_stats_update_end() (bsc#1191655).
- gve: Fix off by one in gve_tx_timeout() (bsc#1191655).
- gve: Add a jumbo-frame device option (bsc#1191655).
- gve: Implement packet continuation for RX (bsc#1191655).
- gve: Add RX context (bsc#1191655).
- gve: Recover from queue stall due to missed IRQ (bsc#1191655).
- gve: Use kvcalloc() instead of kvzalloc() (bsc#1191655).
- commit 4a8e1e2
- scsi_transport_fc: kabi fix blank out FC_PORTSTATE_MARGINAL
  (bsc#1195506).
- commit c74c330
- scsi: kABI fix for 'eh_should_retry_cmd' (bsc#1195506).
- commit 8ef8f22
- md/raid5: fix oops during stripe resizing (bsc#1181588).
- commit bcd3697
- powerpc/pseries: read the lpar name from the firmware
  (bsc#1187716 ltc#193451).
- commit 181541b
- Refresh patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
- commit c964381
- powerpc: add link stack flush mitigation status in debugfs
  (bsc#1157038 bsc#1157923 ltc#182612 git-fixes).
- powerpc/64s: Fix debugfs_simple_attr.cocci warnings (bsc#1157038
  bsc#1157923 ltc#182612 git-fixes).
- commit 5862a79
- powerpc: Set crashkernel offset to mid of RMA region
  (bsc#1190812).
- powerpc/64: Move paca allocation later in boot (bsc#1190812).
- commit 11e3668
- nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts()
  (bsc#1195012).
- commit 4d29ac4
- scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126).
- commit 73dbd5c
- scsi: qla2xxx: Remove unused qla_sess_op_cmd_list from
  scsi_qla_host_t (bsc#1195823).
- scsi: qla2xxx: Add qla2x00_async_done() for async routines
  (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.300-k (bsc#1195823).
- scsi: qla2xxx: Check for firmware dump already collected
  (bsc#1195823).
- scsi: qla2xxx: Add devids and conditionals for 28xx
  (bsc#1195823).
- scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
  (bsc#1195823).
- scsi: qla2xxx: Fix T10 PI tag escape and IP guard options for
  28XX adapters (bsc#1195823).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1195823).
- scsi: qla2xxx: Fix warning for missing error code (bsc#1195823).
- scsi: qla2xxx: Fix device reconnect in loop topology
  (bsc#1195823).
- scsi: qla2xxx: Add ql2xnvme_queues module param to configure
  number of NVMe queues (bsc#1195823).
- scsi: qla2xxx: Fix wrong FDMI data for 64G adapter
  (bsc#1195823).
- scsi: qla2xxx: Add retry for exec firmware (bsc#1195823).
- scsi: qla2xxx: Fix scheduling while atomic (bsc#1195823).
- scsi: qla2xxx: Fix premature hw access after PCI error
  (bsc#1195823).
- scsi: qla2xxx: Fix warning message due to adisc being flushed
  (bsc#1195823).
- scsi: qla2xxx: Fix stuck session in gpdb (bsc#1195823).
- scsi: qla2xxx: Implement ref count for SRB (bsc#1195823).
- scsi: qla2xxx: Refactor asynchronous command initialization
  (bsc#1195823).
- scsi: qla2xxx: Update version to 10.02.07.200-k (bsc#1195823).
- scsi: qla2xxx: edif: Fix inconsistent check of db_flags
  (bsc#1195823).
- scsi: qla2xxx: edif: Reduce connection thrash (bsc#1195823).
- scsi: qla2xxx: edif: Tweak trace message (bsc#1195823).
- scsi: qla2xxx: edif: Replace list_for_each_safe with
  list_for_each_entry_safe (bsc#1195823).
- scsi: qla2xxx: Remove a declaration (bsc#1195823).
- scsi: qla2xxx: Fix unmap of already freed sgl (bsc#1195823).
- scsi: qla2xxx: Return -ENOMEM if kzalloc() fails (bsc#1195823).
- commit c358f38
- ice: fix IPIP and SIT TSO offload (git-fixes).
- ice: fix an error code in ice_cfg_phy_fec() (jsc#SLE-12878).
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE
  (bsc#1176447).
- nfp: flower: fix ida_idx not being released (bsc#1154353).
- bonding: pair enable_port with slave_arr_updates (git-fixes).
- ixgbevf: Require large buffers for build_skb on 82599VF
  (git-fixes).
- RDMA/cma: Use correct address when leaving multicast group
  (bsc#1181147).
- IB/cma: Do not send IGMP leaves for sendonly Multicast groups
  (git-fixes).
- commit 679175c
- USB: serial: mos7840: remove duplicated 0xac24 device ID
  (git-fixes).
- commit 546d043
- tracing: Don't inc err_log entry count if entry allocation fails
  (git-fixes).
- commit 5c45742
- tracing: Propagate is_signed to expression (git-fixes).
- commit a834cba
- blacklist.conf: b59f2f2b865c ("/tracing: Fix smatch warning for do while check in event_hist_trigger_parse()"/)
  Cosmetic only.
- commit f0fcec9
- tracing: Fix smatch warning for null glob in
  event_hist_trigger_parse() (git-fixes).
- commit 329e4ac
- rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,
  bsc#1198484)
  Let's iron out the reduced initrd optimisation in Tumbleweed.
  Build full blown dracut initrd with systemd for SLE15 SP4.
- commit ea76821
- powerpc/pseries/ddw: Revert "/Extend upper limit for huge DMA
  window for persistent memory"/ (bsc#1195995 ltc#196394).
- commit 877b9c1
- f2fs: fix to do sanity check on inode type during garbage
  collection (CVE-2021-44879 bsc#1195987).
- commit 139271b
- misc: fastrpc: avoid double fput() on failed usercopy
  (git-fixes).
- staging: fbtft: Fix error path in fbtft_driver_module_init()
  (git-fixes).
- usb: dwc3: gadget: Prevent core from processing stale TRBs
  (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix host to USB_ROLE_NONE
  transition (git-fixes).
- usb: ulpi: Call of_node_put correctly (git-fixes).
- usb: ulpi: Move of_node_put to ulpi_dev_release (git-fixes).
- usb: f_fs: Fix use-after-free for epfile (git-fixes).
- PM: s2idle: ACPI: Fix wakeup interrupts handling (git-fixes).
- drm/rockchip: vop: Correct RK3399 VOP register fields
  (git-fixes).
- drm/panel: simple: Assign data from panel_dpi_probe() correctly
  (git-fixes).
- drm/vc4: hdmi: Allow DBLCLK modes even if horz timing is odd
  (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx()
  (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx()
  (git-fixes).
- ASoC: ops: Reject out of bounds values in snd_soc_put_volsw()
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus
  Xtreme after reboot from Windows (git-fixes).
- ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus
  Master (newer chipset) (git-fixes).
- ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte
  X570 ALC1220 quirks (git-fixes).
- staging/fbtft: Fix backlight (git-fixes).
- commit 033cee4
- usb: dwc2: Fix NULL qh in dwc2_queue_transaction (git-fixes).
- commit 7b9eed7
- blacklist.conf: misattributed upstream
- commit f62cf37
- usb: gadget: s3c: remove unused 'udc' variable (git-fixes).
- commit a103972
- tipc: improve size validations for received domain records
  (bsc#1195254, CVE-2022-0435).
- commit 48911da
- yam: fix a memory leak in yam_siocdevprivate() (CVE-2022-24959
  bsc#1195897).
- commit 60220af
- usb: gadget: clear related members when goto fail
  (CVE-2022-24958 bsc#1195905).
- usb: gadget: don't release an existing dev->buf (CVE-2022-24958
  bsc#1195905).
- commit 96dda76
- scsi: target: iscsi: Fix cmd abort fabric stop race
  (bsc#1195286).
- commit 52d26b6
- kabi: Hide changes to s390/AP structures (jsc#SLE-20807).
- commit 3d90f3c
- Update patches.suse/0001-mmc-moxart_remove-Fix-UAF.patch
  (bsc#1194516 CVE-2022-0487).
- commit f68f189
- nfsd: don't admin-revoke NSv4.0 state ids (bsc#1192483).
- nfsd: allow delegation state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow lock state ids to be revoked and then freed (bsc#1192483).
- nfsd: allow open state ids to be revoked and then freed (bsc#1192483).
- nfsd: prepare for supporting admin-revocation of state (bsc#1192483).
- commit c0baca0
- EDAC/xgene: Fix deferred probing (bsc#1178134).
- commit 9308a14
- kernel-binary: Do not include sourcedir in certificate path.
  The certs macro runs before build directory is set up so it creates the
  aggregate of supplied certificates in the source directory.
  Using this file directly as the certificate in kernel config works but
  embeds the source directory path in the kernel config.
  To avoid this symlink the certificate to the build directory and use
  relative path to refer to it.
  Also fabricate a certificate in the same location in build directory
  when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- s390/protvirt: fix error return code in uv_info_init()
  (jsc#SLE-22135).
- commit 7f8b088
- s390/AP: support new dynamic AP bus size limit (jsc#SLE-20807).
- commit 004f3c6
- KVM: s390: Return error on SIDA memop on normal guest
  (bsc#1195516 CVE-2022-0516).
- commit d46602b
- ceph: set pool_ns in new inode layout for async creates
  (bsc#1195799).
- ceph: properly put ceph_string reference after async create
  attempt (bsc#1195798).
- commit 8f44ef0
- btrfs: make sure SB_I_VERSION doesn't get unset by remount (bsc#1192210).
- commit 9acc804
- s390/uv: fix prot virt host indication compilation
  (jsc#SLE-22135).
- s390/uv: add prot virt guest/host indication files
  (jsc#SLE-22135).
- commit f479d35
- drm/i915: Remove memory frequency calculation (bsc#1195211).
- commit ea4d32b
- drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed
  (bsc#1195211).
- drm/i915/gen11+: Only load DRAM information from pcode
  (bsc#1195211).
- drm/i915: Nuke not needed members of dram_info (bsc#1195211).
- drm/i915/dg1: Wait for pcode/uncore handshake at startup
  (bsc#1195211).
- commit d7995a2
- ibmvnic: don't release napi in __ibmvnic_open() (bsc#1195668
  ltc#195811).
- commit 902d854
- NFSv4: Handle case where the lookup of a directory fails
  (bsc#1195612 CVE-2022-24448).
- commit 1023a28
- btrfs: check for missing device in btrfs_trim_fs (bsc#1195701).
- commit ccd41ed
- cgroup-v1: Require capabilities to set release_agent
  (bsc#1195543 CVE-2022-0492).
- commit 413d689
- RDMA/ucma: Protect mc during concurrent multicast leaves
  (bsc#1181147).
- IB/hfi1: Fix AIP early init panic (jsc#SLE-13208).
- net/mlx5e: Fix handling of wrong devices during bond netevent
  (jsc#SLE-15172).
- gve: fix the wrong AdminQ buffer queue index check
  (bsc#1176940).
- gve: Fix GFP flags when allocing pages (git-fixes).
- i40e: fix unsigned stat widths (git-fixes).
- i40e: Fix for failed to init adminq while VF reset (git-fixes).
- i40e: Fix queues reservation for XDP (git-fixes).
- i40e: Fix issue when maximum queues is exceeded (git-fixes).
- i40e: Increase delay to 1 s after global EMP reset (git-fixes).
- commit 6aa87c4
- Update patch reference for HD-audio fix (bsc#1183872)
- commit 1e16eaa
- usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe()
  (git-fixes).
- commit 2492c7d
- mmc: sdhci-of-esdhc: Check for error num after setting mask
  (git-fixes).
- ima: Do not print policy rule with inactive LSM labels
  (git-fixes).
- ima: Allow template selection with ima_template[_fmt]= after
  ima_hash= (git-fixes).
- ima: Remove ima_policy file before directory (git-fixes).
- integrity: check the return value of audit_log_start()
  (git-fixes).
- integrity: double check iint_cache was initialized (git-fixes).
- integrity: Make function integrity_add_key() static (git-fixes).
- commit a8bf0cb
- RDMA/core: Always release restrack object (git-fixes)
- commit a4c74f1
- RDMA/siw: Release xarray entry (git-fixes)
- commit cfa201c
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- commit 06f1504
- blacklist.conf: blacklist a672b2e36a64 bpf: Fix ringbuf memory type confusion when passing to helpers
- commit 2bfec1b
- bpf: Disallow BPF_LOG_KERNEL log level for bpf(BPF_BTF_LOAD)
  (git-fixes).
- bpf: Adjust BTF log size limit (git-fixes).
- commit 5e3ed1a
- s390/sclp: fix Secure-IPL facility detection (bsc#1191741
  LTC#194816).
- commit 5aa085e
- usb: dwc3: don't set gadget->is_otg flag (git-fixes).
- commit 5b20187
- scsi: ufs: Correct the LUN used in eh_device_reset_handler()
  callback (bsc#1193864 CVE-2021-39657).
- commit 5ec67f9
- scsi: qla2xxx: Add marginal path handling support (bsc#1195506).
- scsi: lpfc: Add support for eh_should_retry_cmd() (bsc#1195506).
- scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (bsc#1195506).
- scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (bsc#1195506).
- scsi: core: No retries on abort success (bsc#1195506).
- scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (bsc#1195506).
- scsi: core: Add limitless cmd retry support (bsc#1195506).
- commit af99987
- kernel-obs-build: include 9p (boo#1195353)
  To be able to share files between host and the qemu vm of the build
  script, the 9p and 9p_virtio kernel modules need to be included in
  the initrd of kernel-obs-build.
- commit 0cfe67a
- net: tipc: validate domain record count on input (bsc#1195254).
- commit 96de11b
- xen/x86: obtain full video frame buffer address for Dom0 also under EFI (bsc#1193556).
- commit b8c892e
- xen/x86: obtain upper 32 bits of video frame buffer address for Dom0 (bsc#1193556).
- commit c13ff0b
- kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr
  directory (bsc#1195051).
- commit c80b5de
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
  Using the the default path is broken since Linux 5.17
- commit 68b36f0
- fix rpm build warning
  tumbleweed rpm is adding these warnings to the log:
  It's not recommended to have unversioned Obsoletes: Obsoletes:      microcode_ctl
- commit 3ba8941
- build initrd without systemd
  This reduces the size of the initrd by over 25%, which
  improves startup time of the virtual machine by 0.5-0.6s on
  very fast machines, more on slower ones.
- commit ef4c569
- Align s390 NVME target options with other architectures
  (bsc#1188404, jsc#SLE-22494).
  CONFIG_NVME_TARGET=m
  CONFIG_NVME_TARGET_PASSTHRU=y
  CONFIG_NVME_TARGET_LOOP=m
  CONFIG_NVME_TARGET_RDMA=m
  CONFIG_NVME_TARGET_FC=m
  CONFIG_NVME_TARGET_FCLOOP=m
  CONFIG_NVME_TARGET_TCP=m
- commit 5b2b9f6
- Add dtb-microchip
- commit c797107
- rpm/kernel-source.spec.in: temporary workaround for a build failure
  Upstream c6x architecture removal left a dangling link behind which
  triggers openSUSE post-build check in kernel-source, failing
  kernel-source build.
  A fix deleting the danglink link has been submitted but it did not make
  it into 5.12-rc1. Unfortunately we cannot add it as a patch as patch
  utility does not handle symlink removal. Add a temporary band-aid which
  deletes all dangling symlinks after unpacking the kernel source tarball.
  [jslaby] It's not that temporary as we are dragging this for quite some
  time in master. The reason is that this can happen any time again, so
  let's have this in packaging instead.
- commit 52a1ad7
- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
- commit b1b6d4b
ldb
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
  changes for ldb-2.4.4.
  + CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  + CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
    (bsc#1201495);
  + CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
  + Fix build problems, waf produces incorrect names for python
    extensions; (bso#15071);
- Update to version 2.4.2
  + Fix for CVE-2021-3670, ensure that the LDB request has not
    timed out during filter processing as the LDAP server
    MaxQueryDuration is otherwise not honoured (bsc#1198397).
libassuan
- update to 2.5.5:
  * Fix a crash in the logging code
  * Upgrade autoconf
- update to 2.5.4:
  * Fix some minor build annoyances
- Update to 2.5.3:
  * Add a timeout for writing to a SOCKS5 proxy.
  * Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
- qemu-disable-fdpassing-test.patch: remove
-Update to 2.5.2:
  * configure.ac: Bump LT version to C8/A8/R2
  * include libassuan.pc in the spec file
libcbor
- do not build manual page for 15sp4, it does not succeed
  [bsc#1197743]
- added sources
  + libcbor.1
libgpg-error
- Drop --with-pic (no effect with --disable-static).
- update to 1.42:
  * Improve cross-compiling support
  * Improve $libdir determination by gpgrt-config
  * Support --disable-thread by gen-lock-obj.sh
  * Interface changes relative to the 1.40 release
    GPG_ERR_SOURCE_TPM2D
- update to 1.41:
  * Fixes another glitch in the "/ignore"/ meta command.
  * Fixes two typos in the German translation.
  * New function gpgrt_access.
  * Make "/ignore"/ meta command work correctly in the option parser.
  * Interface changes relative to the 1.39 release:
  gpgrt_access                     NEW.
- Update to 1.39:
  * "/gpg-error --lib-version"/ works again.
  * New function gpgrt_fcancel as alternative to gpgrt_close. This
    function avoid flushing out buffered data and also tries to delete
    a newly created file.
  * Update the gnupg project keyring
  * Interface changes relative to the 1.38 release:
  - gpgrt_fcancel: NEW.
- Update to 1.38:
  * New option parser features to implement system wide
    configuration files
  * New functions to build file names
  * New function to help reallocating arrays
  * Protect gpgrt_inc_errorcount against counter overflow
- drop needless autotools build dependencies that were added for
  gawk5.patch
- Update to 1.37
  Release-info: https://dev.gnupg.org/T4772
  * Fixes a build problems when using Gawk 5.0  [#4459]
  * Improves cross-compiling support.  [#4643]
  * New error codes to map SQLite primary error codes.
  * Now uses poll(2) instead of select(2) in gpgrt_poll if possible.
  * Fixes a bug in gpgrt_close.  [#4698]
  * Fixes a few minor portability bugs.
  * New interfaces in this release:
    GPG_ERR_NO_KEYBOXD    GPG_ERR_KEYBOXD       GPG_ERR_NO_SERVICE
    GPG_ERR_SERVICE       GPG_ERR_SQL_OK        GPG_ERR_SQL_ERROR
    GPG_ERR_SQL_INTERNAL  GPG_ERR_SQL_PERM      GPG_ERR_SQL_ABORT
    GPG_ERR_SQL_BUSY      GPG_ERR_SQL_LOCKED    GPG_ERR_SQL_NOMEM
    GPG_ERR_SQL_READONLY  GPG_ERR_SQL_INTERRUPT GPG_ERR_SQL_IOERR
    GPG_ERR_SQL_CORRUPT   GPG_ERR_SQL_NOTFOUND  GPG_ERR_SQL_FULL
    GPG_ERR_SQL_CANTOPEN  GPG_ERR_SQL_PROTOCOL  GPG_ERR_SQL_EMPTY
    GPG_ERR_SQL_SCHEMA    GPG_ERR_SQL_TOOBIG    GPG_ERR_SQL_CONSTRAINT
    GPG_ERR_SQL_MISMATCH  GPG_ERR_SQL_MISUSE    GPG_ERR_SQL_NOLFS
    GPG_ERR_SQL_AUTH      GPG_ERR_SQL_FORMAT    GPG_ERR_SQL_RANGE
    GPG_ERR_SQL_NOTADB    GPG_ERR_SQL_NOTICE    GPG_ERR_SQL_WARNING
    GPG_ERR_SQL_ROW       GPG_ERR_SQL_DONE
- Remove patch fixed upstream.
  * gawk5.patch
- Add patch to fix buidling with gawk 5.0 and newer:
  * gawk5.patch
- Update to 1.36:
  * Two new error codes to better support PIV cards
  * Support armv7a-unknown-linux-gnueabihf
- Update to 1.35:
  * Distribute the correct gpgrt-config
- update to 1.34:
  * Support for riscv32
  * New API to allow emergency cleanup after internal fatal errors
  * Minor bug and portability fixes
- update to 1.33:
  * New unified config script gpgrt-config
  * The log functions now sanitize strings printed with the "/%s"/
    format specifier
  * New fprintf style function to apply a custom filter for string
    arguments
  * New function to compare version strings
- Update to 1.32:
  * Fixes a problem with gpgrt_fflush and gpgrt_fopencookie
  * Fixes a problem with the C11 header stdnoreturn.h
- Fix %install_info_delete usage:
  * It has to be performed in %preun not in %postun.
  * See https://en.opensuse.org/openSUSE:Packaging_Conventions_RPM_Macros#.25install_info_delete.
- update to 1.31:
  * Fixes for platforms other than GNU/Linux
  * New translation for Spanish
- update to 1.30:
  * fixes for platforms other than GNU/Linux
  * Use %license (boo#1082318)
libinput
- Add libinput-CVE_2022-1215.patch: strip the device name of
  format directives (boo#1198111 CVE-2022-1215).
libjpeg-turbo
  fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function
  + libjpeg-turbo-CVE-2020-35538.patch
- security update
- added patches
libjpeg62-turbo
  fix CVE-2020-35538 [bsc#1202915], Null pointer dereference in jcopy_sample_rows() function
  + libjpeg-turbo-CVE-2020-35538.patch
- security update
- added patches
libksba
- Security fix: [bsc#1204357, CVE-2022-3515]
  * Detect a possible overflow directly in the TLV parser.
  * Add libksba-CVE-2022-3515.patch
libpsl
- fix [bsc#1197771] - FTBFS: libpsl won't compile on SP4
- added patches
  https://github.com/rockdaboot/libpsl/commit/f364cea73e351ce62e0b337fd1fbc21e70b52d56
  + libpsl-fix-test-data.patch
libqt5-qtbase
- Update patch after it was merged to dev upstream and fix another
  place missed in the first version (boo#1195386, CVE-2022-23853,
  boo#1196501, CVE-2022-25255):
  * 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch
- Add patch to avoid unintentionally using binaries from CWD
  (boo#1195386, CVE-2022-23853, boo#1196501, CVE-2022-25255):
  * 0001-QProcess-Unix-ensure-we-don-t-accidentally-execute-s.patch
libseccomp
- check if we have NR_openat2, avoid using its definition when not
  (bsc#1196825)
  Added seccomp-openat2.patch
- buildrequire python-rpm-macros
- reenable python bindings at least for the distro default python3
  package:
  - adds make-python-build.patch
- Update to release 2.5.3
  * Update the syscall table for Linux v5.15
  * Fix issues with multiplexed syscalls on mipsel introduced in v2.5.2
  * Document that seccomp_rule_add() may return -EACCES
- Skip 11-basic-basic_errors test on qemu linux-user emulation
- Update to release 2.5.2
  * Update the syscall table for Linux v5.14-rc7
  * Add a function, get_notify_fd(), to the Python bindings to
    get the nofication file descriptor.
  * Consolidate multiplexed syscall handling for all
    architectures into one location.
  * Add multiplexed syscall support to PPC and MIPS
  * The meaning of SECCOMP_IOCTL_NOTIF_ID_VALID changed within
    the kernel. libseccomp's fd notification logic was modified
    to support the kernel's previous and new usage of
    SECCOMP_IOCTL_NOTIF_ID_VALID.
- update to 2.5.1:
  * Fix a bug where seccomp_load() could only be called once
  * Change the notification fd handling to only request a notification fd if
  * the filter has a _NOTIFY action
  * Add documentation about SCMP_ACT_NOTIFY to the seccomp_add_rule(3) manpage
  * Clarify the maintainers' GPG keys
- remove testsuite-riscv64-missing-syscalls.patch
- Do not rely on gperf: pass GPERF=/bin/true to configure and
  remove gperf BuildRequires. The syscalls.perf file it would
  generate is part of the tarball already.
- testsuite-riscv64-missing-syscalls.patch: Fix testsuite failure on
  riscv64
- Ignore failure of tests/52-basic-load on qemu linux-user emulation
- Update to release 2.5.0
  * Add support for the seccomp user notifications, see the
    seccomp_notify_alloc(3), seccomp_notify_receive(3),
    seccomp_notify_respond(3) manpages for more information
  * Add support for new filter optimization approaches, including a balanced
    tree optimization, see the SCMP_FLTATR_CTL_OPTIMIZE filter attribute for
    more information
  * Add support for the 64-bit RISC-V architecture
  * Performance improvements when adding new rules to a filter thanks to the
    use of internal shadow transactions and improved syscall lookup tables
  * Properly document the libseccomp API return values and include them in the
    stable API promise
  * Improvements to the s390 and s390x multiplexed syscall handling
  * Multiple fixes and improvements to the libseccomp manpages
  * Moved from manually maintained syscall tables to an automatically generated
    syscall table in CSV format
  * Update the syscall tables to Linux v5.8.0-rc5
  * Python bindings and build now default to Python 3.x
  * Improvements to the tests have boosted code coverage to over 93%
- libseccomp.keyring: replaced by Paul Moore <pmoore@redhat.com> key.
- Update to release 2.4.3
  * Add list of authorized release signatures to README.md
  * Fix multiplexing issue with s390/s390x shm* syscalls
  * Remove the static flag from libseccomp tools compilation
  * Add define for __SNR_ppoll
  * Fix potential memory leak identified by clang in the
    scmp_bpf_sim tool
- Drop no-static.diff, libseccomp-fix_aarch64-test.patch,
  SNR_ppoll.patch (merged)
- Add patch to fix ntpsec and others build (accidental drop of symbols):
  * SNR_ppoll.patch
- Tests are passing on all architectures
- Backport patch to fix test on aarch64:
  * libseccomp-fix_aarch64-test.patch
- Update to release 2.4.2
  * Add support for io-uring related system calls
libsolv
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
  [bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
  vendor change
- support strict repository priorities
  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
  ("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
libtasn1
- Add libtasn1-CVE-2021-46848.patch: Fixed off-by-one array size check
  that affects asn1_encode_simple_der (CVE-2021-46848, bsc#1204690).
libtirpc
- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
  connections (bsc#1201680)
  - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch
-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
  - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- fix memory leak in params.r_addr assignement (bsc#1198752)
  - add 0001-fix-parms.r_addr-memory-leak.patch
- check for nullpointer in check_address (bsc#1198176)
  update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
- add option to enforce connection via protocol version 2 first
  (bsc#1196647)
  add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
libvirt
- spec: Include aarch64 in the list of architectures that 'Require'
  dmidecode
  bsc#1202608
- qemu: Support memory allocation threads
  ba7f9812-conf-intro-mem-alloc-threads.patch,
  a30dac15-qemu-detect-prealloc-threads.patch,
  75a4e016-qemu-validate-prealloc-threads.patch,
  b8d6ecc7-qemu-generate-prealloc-threads.patch
  bsc#1197084
- qemu: Improve save operation by increasing pipe size
  c61d1e9b-virfile-set-pipe-size.patch,
  47d6d185-virfile-fix-indent.patch,
  cd7acb33-virfile-report-error.patch
  bsc#1196625
- CVE-2022-0897: nwfilter: fix crash when counting number of
  network filters
  a4947e8f-nwfilter-CVE-2022-0897.patch
  bsc#1197636
- qemu: Directly query KVM for TSC scaling support
  5df2c492-use-kvm-for-tsc-scaling.patch
  bsc#1193364
- libxl: Mark auto-allocated graphics ports to used on reconnect
  e0241f33-libxl-mark-allocated-graphics-ports.patch
- libxl: Release all auto-allocated graphics ports
  18ec405a-libxl-release-graphics-ports.patch
  bsc#1191668
- libxl: Add lock process indicator to saved VM state
  31e937fb-libxl-save-lock-indicator.patch
  bsc#1191668
- spec: Weaken apparmor-abstractions dependency to Recommends
  bsc#1192119, jsc#SLE-23394
libxkbcommon
- Update to release 1.3.0
  * `xkbcli list` was changed to output YAML instead of a
    custom format.
  * Fix segmentation fault in case-insensitive
    `xkb_keysym_from_name` for certain values like the empty
    string.
- Update to release 1.2.1 [boo#1184688]
  * Fix `xkb_x11_keymap_new_from_device()` failing when the
    keymap contains key types with missing level names, like the
    one used by the `numpad:mac` option in xkeyboard-config.
    (Regressed in 1.2.0.)
- Update to release 1.2.0
  * `xkb_x11_keymap_new_from_device()` is much faster. It now
    performs only 2 roundtrips to the X server, instead of dozens
    (in first-time calls).
  * Case-sensitive `xkb_keysym_from_name()` is much faster.
  * Keysym names of the form `0x12AB` and `U12AB` are parsed more
    strictly.
  * Compose files now have a size limit (65535 internal nodes).
  * Compose table loading (`xkb_compose_table_new_from_locale()`
    and similar) is much faster.
- Update to release 1.1.0
  * Update keysym definitions to latest xorgproto. In particular,
    this adds many special keysyms corresponding to Linux evdev
    keycodes.
  * New XKB_KEY_* definitions.
- Fix dependency of libxkbregistry-devel: the devel package must
  require the library libxkbregistry0.
- Update to release 1.0.3
  * Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device()
    in some unclear situation (bug introduced in 1.0.2).
  * Fix keymaps created with xkb_x11_keymap_new_from_device() do
    not have level names (bug introduced in 0.8.0).
- Update to release 1.0.2
  * Fix a bug where a keysym that cannot be resolved in a keymap
    gets compiled to a garbage keysym. Now it is set to
    XKB_KEY_NoSymbol instead.
  * Improve the speed of xkb_x11_keymap_new_from_device() on
    repeated calls in the same xkb_context().
- Update to release 1.0.1
  * Make the table output of `xkbcli how-to-type` aligned.
- Update to release 1.0.0
  * Now it is possible to add custom layouts and options at the
    system (/etc) and user (~/.config) level, at least when
    libxkbcommon is in use.
  * libxkbregistry is a C library that lists available XKB
    models, layouts and variants for a given ruleset. This is a
    separate library (.so/.pc files) and aimed at tools that
    provide a listing of available keyboard layouts to the user.
  * Add an `xkbcli` command-line utility.
- Update to release 0.10.0
  * Fix quadratic complexity in the XKB file parser.
  * Add $XDG_CONFIG_HOME/xkb to the default search path. If
    $XDG_CONFIG_HOME is not set, $HOME/.config/xkb is used. If
    $HOME is not set, the path is not added. The XDG path is
    looked up before the existing default search path $HOME/.xkb.
  * Add support for include statements in XKB rules files.
  * Fix bug where the merge mode only applied to the first vmod
    in a "/virtual_modifiers"/ statement.
  * Reject interpret modifier predicate with more than one value.
  * Correctly handle capitalization of the ssharp keysym.
- Update to release 0.9.1
  * Fix context creation failing when run in privileged processes
    as defined by `secure_getenv(3)`, e.g. GDM.
- Update to release 0.9.0
  * Move ~/.xkb to before XKB_CONFIG_ROOT. This enables the user
    to have full control of the keymap definitions, instead of
    only augmenting them.
- Update to new upstream release 0.8.4
  * Only changes to the build procedure.
- Update to new upstream release 0.8.3
  * New APIs: XKB_KEY_XF86MonBrightnessCycle,
    XKB_KEY_XF86RotationLockToggle.
libxml2
- Security fixes:
  * [CVE-2022-40303, bsc#1204366] Fix integer overflows with
    XML_PARSE_HUGE
    + Added patch libxml2-CVE-2022-40303.patch
  * [CVE-2022-40304, bsc#1204367] Fix dict corruption caused by
    entity reference cycles
    + Added patch libxml2-CVE-2022-40304.patch
- Security fix: [bsc#1201978, CVE-2016-3709]
  * Cross-site scripting vulnerability after commit 960f0e2
  * Add libxml2-CVE-2016-3709.patch
- Security fix: [bsc#1199132, CVE-2022-29824]
  * Integer overflow leading to out-of-bounds write in buf.c
    (xmlBuf*) and tree.c (xmlBuffer*)
  * Add libxml2-CVE-2022-29824.patch
- Security fix: [bsc#1196490, CVE-2022-23308]
  * Use-after-free of ID and IDREF attributes.
  * Add libxml2-CVE-2022-23308.patch
  * Add libxml2-CVE-2021-3541.patch
libyajl
- add libyajl-CVE-2022-24795.patch (CVE-2022-24795, bsc#1198405)
libzypp
- Resolver: Fix missing --[no]-recommends initialization in
  update (fixes #openSUSE/zypper#459, bsc#1201972)
- Log ONLY_NAMESPACE_RECOMMENDED because this is what corresponds
  to --[no]-recommends.
- version 17.31.2 (22)
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #402)
- Log backtrace on SIGABRT too.
- Need to explicitly enable building experimental code. Otherwise
  an old Notcurses++ package which happens to be present in the
  buildenv breaks the build (fixes #412).
- Work around libyui/libyui#78 on code 15.4 and older.
- Stop using std::*ary_function; deprecated and removed in c++17.
- Don't expose header files which use types not available in
  c++11.  In 15.3 and older, YAST and PK compile with -std=c++11.
- Remove no longer needed %post code (bsc#1203649)
- Enable zck support for SLE15-SP4 and newer. On Leap it is enabled
  since 15.1 (bsc#1189282)
- version 17.31.1 (22)
- Add PoolItem::statusReinit to reset the status it's initial
  state in the ResPool (might help bsc#1199895)
  This may either be 'KEEP_STATE bySOLVER' or 'LOCKED byUSER' if
  the PoolItem matched a hard lock defined in /etc/zypp/locks.
- Fix building with GCC 13 on i586 (fixes #407, fixes #396)
- Be prepared to receive exceptions from curl_easy_cleanup
  (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and dependend code.
  This commit removes the MediaNetwork tech preview and all related
  code. First reason for this is that MediaNetwork was just meant
  as a way to test the new CURL based downloader and second: since
  the Provide API is going to completely replace the current media
  backend it would be extra work to ensure that changes on the
  Downloader do not break MediaNetwork.
- version 17.31.0 (22)
- Fix building with GCC 12.x release (#396)
- version 17.30.3 (22)
- appdata plugin: Pass path to the repodata/ directory inside the
  cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
  endOfScriptTag.
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
  repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
  Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
  solvable.  May happen if (wrong arch) solvables were removed
  at the  beginning of the repo.
- fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
  (fixes #388)
- version 17.30.1 (22)
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
  protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
- Fix handling of redirected command in-/output (bsc#1195326)
  This fixes delays at the end of zypper operations, where
  zypper unintentionally waits for appdata plugin scripts to
  complete.
- version 17.29.4 (22)
lifecycle-data-sle-module-live-patching
- Added data for 4_12_14-150000_150_95, 4_12_14-150000_150_98,
  4_12_14-150100_197_117, 4_12_14-150100_197_120,
  5_14_21-150400_24_11, 5_14_21-150400_24_18,
  5_3_18-150200_24_120, 5_3_18-150200_24_126,
  5_3_18-150300_59_81, 5_3_18-150300_59_87,
  5_3_18-150300_59_90. (bsc#1020320)
- Added data for 4_12_14-150000_150_92, 4_12_14-150100_197_114,
  5_14_21-150400_22, 5_3_18-150200_24_115,
  5_3_18-150300_59_68, 5_3_18-150300_59_71,
  5_3_18-150300_59_76. (bsc#1020320)
- Added data for 4_12_14-150000_150_89, 4_12_14-150100_197_111,
  5_3_18-150200_24_112, 5_3_18-150300_59_60,
  5_3_18-150300_59_63. (bsc#1020320)
- Added data for 4_12_14-150_83, 4_12_14-150_86, 4_12_14-197_105,
  4_12_14-197_108, 5_3_18-150300_59_46,
  5_3_18-150300_59_49, 5_3_18-150300_59_54, 5_3_18-24_102,
  5_3_18-24_107. (bsc#1020320)
- Added data for 5_3_18-150300_59_43, 5_3_18-24_99, 5_3_18-59_40. (bsc#1020320)
logrotate
- Security fix: (bsc#1192449) related to (bsc#1191281, CVE-2021-3864)
  * enforce stricter parsing to avoid CVE-2021-3864
  * Added patch logrotate-enforce-stricter-parsing-and-extra-tests.patch
- Fix "/logrotate emits unintended warning: keyword size not properly
  separated, found 0x3d"/ (bsc#1200278, bsc#1200802):
  * Added patch logrotate-dont_warn_on_size=_syntax.patch
lvm2
- udev: create symlinks and watch even in suspended state (bsc#1195231)
  + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
mlocate
- require apparmor-abstractions, because apparmor.service fails with
  Could not open 'tunables/global' error otherwise (bsc#1195144)
mozilla-nspr
- update to version 4.34.1
  * add file descriptor sanity checks in the NSPR poll function.
- update to version 4.34
  * add an API that returns a preferred loopback IP on hosts that
    have two IP stacks available.
- update to 4.33:
  * fixes to build system and export of private symbols
mozilla-nss
- Require libjitter only for SLE15-SP4 and greater
- update to NSS 3.79.2 (bsc#1204729)
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1.
  * bmo#1777672 - Gracefully handle null nickname in CERT_GetCertNicknameWithValidity.
- Add nss-allow-slow-tests.patch, which allows a timed test to run
  longer than 1s. This avoids turning slow builds into broken
  builds.
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
  DSA keys (verification only) (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to add
  sftk_FIPSRepeatIntegrityCheck() to softoken's .def file
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to allow the use of
  longer symmetric keys via the service level indicator
  (bsc#1191546).
- Update nss-fips-constructor-self-tests.patch to hopefully export
  sftk_FIPSRepeatIntegrityCheck() correctly (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to prevent sessions
  from getting flagged as non-FIPS (bsc#1191546).
- Mark DSA keygen unapproved (bsc#1191546, bsc#1201298).
- Enable nss-fips-drbg-libjitter.patch now that we have a patched
  libjitter to build with (bsc#1202870).
- Update nss-fips-approved-crypto-non-ec.patch to prevent keys
  from getting flagged as non-FIPS and add remaining TLS mechanisms.
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
  entropy. This is disabled until we can avoid the inline assembler
  in the latter's header file that relies on GNU extensions.
- Update nss-fips-constructor-self-tests.patch to fix an abort()
  when both NSS_FIPS and /proc FIPS mode are enabled.
- update to NSS 3.79.1 (bsc#1202645)
  * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1759794 - protect SFTKSlot needLogin with slotLock.
  * bmo#1760998 - avoid data race on primary password change.
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
  rest of the DSA ciphers, keeping signature verification only
  (bsc#1201298).
- Update nss-fips-constructor-self-tests.patch to fix compiler
  warning.
- Update nss-fips-constructor-self-tests.patch to add on-demand
  integrity tests through sftk_FIPSRepeatIntegrityCheck()
  (bsc#1198980).
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
  as approved/non-approved according to security policy
  (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
  disabling of unapproved algorithms. This requirement is now
  fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
  the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
  we removed the code to short-circuit broken hashes and moved to
  using the SLI.
- Remove upstreamed patches:
  * nss-fips-version-indicators.patch
  * nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
  - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
  - bmo#1766907 - Update mercurial in clang-format docker image.
  - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
  - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
  - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
  - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
  - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
  - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
  - bmo#1764788 - Correct invalid record inner and outer content type alerts.
  - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
  - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
  - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
  - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
    NSS_CMSDigestContext_FinishMultiple
- update to NSS 3.78
    bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
    bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
    bmo#1763120 - Add ECH Grease Support to tstclnt
    bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
    bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
    bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
    bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
    from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
    sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
    nssTrustDomain_GetActiveSlots.
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
    certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in nss-release-helper.py.
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
    in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make DottedOIDToCode.py compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
    extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
    by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
    only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.
  * bmo#1677181 - Client side ECH padding.
  * bmo#1725938 - Stricter ClientHelloInner Decompression.
  * bmo#1725938 - Remove ECH_inner extension, use new enum format.
  * bmo#1725938 - Update the version number for ECH-13 and adjust
    the ECHConfig size.
- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
    OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
    certificates
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
    CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
  * Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
    regression in about:logins
- update to NSS 3.71
  * bmo#1717716 - Set nssckbi version number to 2.52.
  * bmo#1667000 - Respect server requirements of tlsfuzzer/test-tls13-signature-algorithms.py
  * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
  * bmo#1717707 - Add HARICA Client ECC Root CA 2021.
  * bmo#1717707 - Add HARICA Client RSA Root CA 2021.
  * bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
  * bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
  * bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
  * bmo#1726022 - Update test case to verify fix.
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
  * bmo#1681975 - Avoid using a lookup table in nssb64d.
  * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
  * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
  * bmo#1726022 - Cache additional PBE entries.
  * bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
  * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
  * bmo#1720226 (Backout) - integrity checks in key4.db not happening
    on private components with AES_CBC
  NSS 3.69
  * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
  * bmo#1720226 - integrity checks in key4.db not happening on private
    components with AES_CBC (backed out again)
  * bmo#1720235 - SSL handling of signature algorithms ignores
    environmental invalid algorithms.
  * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
    nss failures.
    (removed obsolete nss-btrfs-sqlite.patch)
  * bmo#1720230 - Gtest update changed the gtest reports, losing gtest
    details in all.sh reports.
  * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
  * bmo#1720232 - SQLite calls could timeout in starvation situations.
  * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
  * bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
  * bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Mozilla NSS 3.68.4 (bsc#1200027)
  * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
    (bmo#1767590)
- Update nss-fips-constructor-self-tests.patch to scan
  LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
  Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
  disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
  PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
  test certificate creation and disables the library checksum
  validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
  checksumming to be disabled, but only if we entered FIPS mode
  due to NSS_FIPS being set, not if it came from /proc.
- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
  makes the PBKDF known answer test compliant with NIST SP800-132.
- Mozilla NSS 3.68.3 (bsc#1197903)
  This release improves the stability of NSS when used in a multi-threaded
  environment. In particular, it fixes memory safety violations that
  can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
  We presume that with enough effort these memory safety violations are exploitable.
  * Remove token member from NSSSlot struct (bmo#1756271).
  * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
    (bmo#1755555).
  * Check return value of PK11Slot_GetNSSToken (bmo#1370866).
- Update FIPS validation string to version-release format.
- Update nss-fips-approved-crypto-non-ec.patch to remove XCBC MAC
  from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID
  for build.
- Update nss-fips-approved-crypto-non-ec.patch to claim 3DES
  unapproved in FIPS mode (bsc#1192080).
- Update nss-fips-constructor-self-tests.patch to allow testing
  of unapproved algorithms (bsc#1192228).
- Add nss-fips-version-indicators.patch (bmo#1729550, bsc#1192086).
  This adds FIPS version indicators.
- Add nss-fips-180-3-csp-clearing.patch (bmo#1697303, bsc#1192087).
  Most of the relevant changes are already upstream since NSS 3.60.
ncurses
- Add patch ncurses-bnc1198627.patch
  * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
net-snmp
- Decouple snmp-mibs from net-snmp version to allow major version
  upgrade (bsc#1196955).
nfs-utils
- Add 0023-cache.c-removed-a-couple-warning.patch
  Fix compilation with new glibc (SLE15-SP4)
  (bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
  Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
  Ensure "/sloppy"/ is added correctly for newer kernels.  Particularly
  required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
  (boo#1197297)
nftables
- add 0001-cache-check-for-NULL-chain-in-cache_init.patch: this fixes rare
  crashes that could occur e.g. in firewalld (bsc#1197606).
ocfs2-tools
- fsck.ocfs2: do not try locking after replaying journals if -F is given (bsc#1196705)
  + fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch
open-iscsi
- Modify SPEC file so systemd unit files are mode 644 (not 755)
  (bsc#1200570)
- For Tumbleweed, moved logrotate files from user-specific
  directory /etc/logrotate.d to vendor-specific
  /usr/etc/logrotate.d
  (for Stefan Schubert <schubi@suse.com>)
- Set initiatorname in %post (at end of install), for cases
  where root is read-only at startup time (bsc#1198457)
- Update to latest upstream, including:
  * Added 'distclean' to Makefile targets
  * Ensure Makefile '.PHONY' targets set up correctly
  * fix an iscsid logout bug generating a false error
    and cleanup logout error messages
- Updated to latest upstream version, tagged 2.1.7. Changes
  included:
  * updated/fixed test script
  * updated build system
  * several bug fixes, including one for bsc#1199264
- Updated to latest upstream, including bug fixes and cleanups.
  Changes included:
  * add handling name/value pairs for firmware login (bsc#1196113),
    including man page update for same
  * Fix bug where some package parts were installed using
    DESTDIR twice
  * general build cleanup (in prep for removing DB files from
    /etc/iscsi some day soon)
  Also, now delivering a "/package config"/ file for libopeniscsiusr.
- Update to latest upstream, including test cleanup, minor
  bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656).
- Updated to latest upstream 2.1.6 as 2.1.6-suse, which contains
  bug fixes and cleanups. See the Changelog for more details.
openldap2
- bsc#1198341 - Prevent memory reuse which may lead to instability
  * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
- bsc#1199240 - CVE-2022-29155 - Resolve sql injection in back-sql
  * 0242-ITS-9815-slapd-sql-escape-filter-values.patch
- bsc#1191157 - Correct version specification in ppolicy to allow
  submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
  * 0239-ITS-9422-Update-for-TLS-v1.3.patch
  * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
  * 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
  some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their
  related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression
  reporting is bsc#1197004 causing SSSD to have faults.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
openssl-1_1
- Encrypt the sixteen bytes that were unencrypted in some circumstances
  on 32-bit x86 platforms.
  * [bsc#1201099, CVE-2022-2097]
  * added openssl-CVE-2022-2097.patch
- Added	openssl-1_1-Fix-file-operations-in-c_rehash.patch
  * bsc#1200550
  * CVE-2022-2068
  * Fixed more shell code injection issues in c_rehash
- Added openssl-update_expired_certificates.patch
  * Openssl failed tests because of expired certificates.
  * bsc#1185637
  * Sourced from https://github.com/openssl/openssl/pull/18446/commits
- Security fix: [bsc#1199166, CVE-2022-1292]
  * Added: openssl-CVE-2022-1292.patch
  * properly sanitise shell metacharacters in c_rehash script.
- Security Fix: [bsc#1196877, CVE-2022-0778]
  * Infinite loop in BN_mod_sqrt() reachable when parsing certificates
  * Add openssl-CVE-2022-0778.patch openssl-CVE-2022-0778-tests.patch
- Fix PAC pointer authentication in ARM [bsc#1195856]
  * PAC pointer authentication signs the return address against the
    value of the stack pointer, to prevent stack overrun exploits
    from corrupting the control flow. The Poly1305 armv8 code got
    this wrong, resulting in crashes on PAC capable hardware.
  * Add openssl-1_1-ARM-PAC.patch
- Pull libopenssl-1_1 when updating openssl-1_1 with the same
  version. [bsc#1195792]
- FIPS: Fix function and reason error codes [bsc#1182959]
  * Add openssl-1_1-FIPS-fix-error-reason-codes.patch
- Enable zlib compression support [bsc#1195149]
  * Add openssl-fix-BIO_f_zlib.patch to fix BIO_f_zlib: Properly
    handle BIO_CTRL_PENDING and BIO_CTRL_WPENDING calls.
p11-kit
- CVE-2020-29362: Fixed a 4 byte overread (bsc#1180065)
  Added p11-kit-CVE-2020-29362.patch:
pacemaker
- scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340)
  * bsc#1196340-0009-Test-scheduler-do-not-enforce-resource-stop-if-any-n.patch
- scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340)
  * bsc#1196340-0008-Test-scheduler-do-not-enforce-resource-stop-on-a-rej.patch
- scheduler: do not enforce resource stop if any new probe/monitor indicates the resource was not running on the target of a failed migrate_to (bsc#1196340)
  * bsc#1196340-0007-Fix-scheduler-do-not-enforce-resource-stop-if-any-ne.patch
- scheduler: find_lrm_op() to be able to check against a specified target_rc (bsc#1196340)
  * bsc#1196340-0006-Refactor-scheduler-find_lrm_op-to-be-able-to-check-a.patch
- cts-scheduler: fix on_node attribute of lrm_rsc_op entries in the tests (bsc#1196340)
  * bsc#1196340-0005-Test-cts-scheduler-fix-on_node-attribute-of-lrm_rsc_.patch
- scheduler: is_newer_op() to be able to compare lrm_rsc_op entries from different nodes (bsc#1196340)
  * bsc#1196340-0004-Refactor-scheduler-is_newer_op-to-be-able-to-compare.patch
- scheduler: compare ids of lrm_rsc_op entries case-sensitively (bsc#1196340)
  * bsc#1196340-0003-Fix-scheduler-compare-ids-of-lrm_rsc_op-entries-case.patch
- scheduler: functionize comparing which lrm_rsc_op is newer (bsc#1196340)
  * bsc#1196340-0002-Refactor-scheduler-functionize-comparing-which-lrm_r.patch
- scheduler: do not enforce resource stop on a rejoined node that was the target of a failed migrate_to (bsc#1196340)
  * bsc#1196340-0001-Fix-scheduler-do-not-enforce-resource-stop-on-a-rejo.patch
- tools: set command for `crm_resource -q/--query-xml` before changing any options (bsc#1198409)
  * bsc#1198409-0003-Fix-tools-set-command-for-crm_resource-q-query-xml-b.patch
- tools: prevent possible crm_resource segfaults if multiple commands are specified (bsc#1198409)
  * bsc#1198409-0002-Fix-tools-prevent-possible-crm_resource-segfaults-if.patch
- tools: set commands in crm_resource before changing any options (bsc#1198409)
  * bsc#1198409-0001-Refactor-tools-set-commands-in-crm_resource-before-c.patch
- OCF: controld: Give warning when no-quorum-policy not set as freeze while using DLM (bsc#1129707)
  * bsc#1129707-0001-OCF-controld-Give-warning-when-no-quorum-policy-not-.patch
- Pacemaker high resolution timestamps (bsc#1197668)
  * 0001-Log-all-use-high-resolution-timestamps-in-detail-log.patch
pam
- Do not include obsolete libselinux header files flask.h and
  av_permissions.h.
  [bsc#1197794, pam-bsc1197794-do-not-include-obsolete-header-files.patch]
- Between allocating the variable "/ai"/ and free'ing them, there are
  two "/return NO"/ were we don't free this variable. This patch
  inserts freaddrinfo() calls before the "/return NO;"/s.
  [bsc#1197024, pam-bsc1197024-free-addrinfo-before-return.patch]
- Define _pam_vendordir as "//%{_sysconfdir}/pam.d"/
  The variable is needed by systemd and others.
  [bsc#1196093, macros.pam]
pciutils
- Add pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
  Add pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
  (bsc#1192862)
pcre
- Added pcre-8.45-bsc1199232-unicode-property-matching.patch
  * bsc#1199232
  * CVE-2022-1586
  * Fixes unicode property matching issue
pcre2
- Added pcre2-bsc1199235-CVE-2022-1587.patch
  * CVE-2022-1587 / bsc#1199235
  * Fix out-of-bounds read due to bug in recursions
  * Sourced from:
  - https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- Added pcre2-Fix_crash_when_X_is_used_without_UTF_in_JIT.patch
  * CVE-2019-20454 / bsc#1164384
  * Fix crash when X is used in non-UTF mode on certain inputs.
  * Sourced from:
  - https://github.com/PCRE2Project/pcre2/commit/342c16ecd31bd12fc350ee31d2dcc041832ebb3f
  - https://github.com/PCRE2Project/pcre2/commit/e118e60a68f03f38dd2ff3d16ca2e2e0d800e1d9
- Added pcre2-10.31-bsc1199232-unicode-property-matching.patch
  * bsc#1199232 / CVE-2022-1586
  * Fixes unicode property matching issue
perl
- fix File::Path rmtree/remove_tree race condition
  [bnc#1047178] [CVE-2017-6512]
  new patch: perl-file_path_rmtree_fchmod.diff
- Stabilize Socket::VERSION comparisons [bnc#1193489]
  new patch: perl-Stabilize-Socket-VERSION-comparisons.patch
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#139
- fix sysconfig parsing (bsc#1198828)
- 0.939
- merge gh#openSUSE/perl-bootloader#138
- grub2/install: reset error code when passing through recover code
  (bsc#1198197)
- 0.938
- merge gh#openSUSE/perl-bootloader#137
- grub2 install: Support secure boot on powerpc (bsc#1192764
  jsc#SLE-18271).
- 0.937
perl-HTTP-Daemon
- Fix request smuggling in HTTP::Daemon
  (CVE-2022-31081, bsc#1201157)
  * CVE-2022-31081.patch
  * CVE-2022-31081-2.patch
  * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
perl-XML-LibXML
- (bsc#1197798) FTBFS: compile against latest version available of
  libxml in SP4 so perl-XML-LibXSLT compiles cleanly.
permissions
  * Revert "/drop ping capabilities in favor of ICMP_PROTO sockets"/. Older
    SLE-15 versions don't properly support this feature yet (bsc#1204137)
- Update to version 20181225:
  * fix regression introduced by backport of security fix (bsc#1203911)
- Update to version 20181225:
  * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
- Update to version 20181225:
procps
- Add the patches
  * procps-3.3.17-library-bsc1181475.patch
  * procps-3.3.17-top-bsc1181475.patch
  which are backports of current newlib tree to solve bug bsc#1181475
  * 'free' command reports misleading "/used"/ value
- Add patch bsc1195468-23da4f40.patch to fix bsc#1195468 that is
  ignore SIGURG
protobuf
- Fix incorrect parsing of nullchar in the proto symbol, CVE-2021-22570,
  bsc#1195258
  * Add protobuf-CVE-2021-22570.patch
psmisc
  * Add a fallback if the system call name_to_handle_at() is
    not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
  * Replace the synchronizing over pipes of the sub process for the
    stat(2) system call with mutex and conditions from pthreads(7)
    (bsc#1194172)
- Add patch psmisc-22.21-statx.patch
  * Use statx(2) or SYS_statx system call to replace the stat(2)
    system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
  * Determine the namespace of a process only once to speed
    up the parsing of fdinfo (bsc#1194172).
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
python-M2Crypto
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
  bsc#1178829), which mitigates the Bleichenbacher timing attacks
  in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
python-base
- Add patch CVE-2021-28861-double-slash-path.patch:
  * BaseHTTPServer: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Recover again proper value of %python2_package_prefix
  (bsc#1175619).
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Older SLE versions should use old OpenSSL.
- Add CVE-2022-0391-urllib_parse-newline-parsing.patch
  (bsc#1195396, CVE-2022-0391, bpo#43882) sanitizing URLs
  containing ASCII newline and tabs in urlparse.
- Add CVE-2021-4189-ftplib-trust-PASV-resp.patch (bsc#1194146,
  bpo#43285, CVE-2021-4189, gh#python/cpython#24838) make ftplib
  not trust the PASV response.
- build against openssl 1.1.x (incompatible with openssl 3.0x)
  for now.
- on sle12, python2 modules will still be called python-xxxx until EOL,
  for newer SLE versions they will be python2-xxxx
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
python-lxml
- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309)
- With the new update to 4.7.1, the old Bugzilla entries are also
  fixed:
  - bsc#1118088 (related to CVE-2018-19787)
  - bsc#1184177 (related to CVE-2021-28957)
- Update to 4.7.1 (officially released 2021-12-13)
  Features added
  - Chunked Unicode string parsing via parser.feed() now encodes the input
    data to the native UTF-8 encoding directly, instead of going through
    Py_UNICODE / wchar_t encoding first, which previously required duplicate
    recoding in most cases.
  Bugs fixed
  - The standard namespace prefixes were mishandled during "/C14N2"/
  serialisation
    on Python 3.
    See
  https://mail.python.org/archives/list/lxml@python.org/thread/
  6ZFBHFOVHOS5GFDOAMPCT6HM5HZPWQ4Q/
  - lxml.objectify previously accepted non-XML numbers with underscores
    (like "/1_000"/) as integers or float values in Python 3.6 and later.
    It now adheres to the number format of the XML spec again.
  - LP#1939031: Static wheels of lxml now contain the header files of zlib
    and libiconv (in addition to the already provided headers of
    libxml2/libxslt/libexslt).
  Other changes
  - Wheels include libxml2 2.9.12+ and libxslt 1.1.34 (also on Windows).
- Update to 4.7.0 (2021-12-13)
  - Release retracted due to missing files in lxml/includes/.
- UPdate to 4.6.5 (2021-12-12)
  Bugs fixed
  - A vulnerability (GHSL-2021-1038) in the HTML cleaner
  - allowed sneaking script content through SVG images
  - (bnc#1193752, CVE-2021-43818).
  - A vulnerability (GHSL-2021-1037) in the HTML cleaner allowed
  - sneaking script content through CSS imports and other crafted
  - constructs (CVE-2021-43818).
- Update 4.6.4 (2021-11-01)
  Features added
  - GH#317: A new property system_url was added to DTD entities.
  - Patch by Thirdegree.
  - GH#314: The STATIC_* variables in setup.py can now be passed
  - via env vars.
  - Patch by Isaac Jurado.
- Update 4.6.3 (2021-03-21)
  Bugs fixed
  - A vulnerability (CVE-2021-28957) was discovered in the HTML
  - Cleaner by Kevin Chung, which allowed JavaScript to pass through.
  - The cleaner now removes the HTML5 formaction attribute.
- Update 4.6.2 (2020-11-26)
  Bugs fixed
  - A vulnerability (bnc#1179534, CVE-2020-27783) was discovered in the HTML
    Cleaner
  - by Yaniv Nizry, which allowed JavaScript to pass through. The cleaner
  - now removes more sneaky "/style"/ content.
- Update 4.6.1 (2020-10-18)
  Bugs fixed
  - A vulnerability was discovered in the HTML Cleaner by Yaniv Nizry,
  - which allowed JavaScript to pass through. The cleaner now removes
  - more sneaky "/style"/ content.
- Update 4.6.0 (2020-10-17)
  Features added
  - GH#310: lxml.html.InputGetter supports __len__() to count the number
  - of input fields. Patch by Aidan Woolley.
  - lxml.html.InputGetter has a new .items() method to ease processing
  - all input fields.
  - lxml.html.InputGetter.keys() now returns the field names in document
  - order.
  - GH-309: The API documentation is now generated using sphinx-apidoc.
  - Patch by Chris Mayo.
  Bugs fixed
  - LP#1869455: C14N 2.0 serialisation failed for unprefixed attributes
  - when a default namespace was defined.
  - TreeBuilder.close() raised AssertionError in some error cases where
  - it should have raised XMLSyntaxError. It now raises a combined
  - exception to keep up backwards compatibility, while switching to
  - XMLSyntaxError as an interface.
- Update 4.5.2 (2020-07-09)
  Bugs fixed
  - Cleaner() now validates that only known configuration options
  - can be set.
  - LP#1882606: Cleaner.clean_html() discarded comments and PIs
  - regardless of the corresponding configuration option, if
  - remove_unknown_tags was set.
  - LP#1880251: Instead of globally overwriting the document loader
  - in libxml2, lxml now sets it per parser run, which improves the
  - interoperability with other users of libxml2 such as libxmlsec.
  - LP#1881960: Fix build in CPython 3.10 by using Cython 0.29.21.
  - The setup options "/--with-xml2-config"/ and "/--with-xslt-config"/
  - were accidentally renamed to "/--xml2-config"/ and "/--xslt-config"/
  - in 4.5.1 and are now available again.
- Update 4.5.1 (2020-05-19)
  Bugs fixed
  - LP#1570388: Fix failures when serialising documents larger than
  - 2GB in some cases.
  - LP#1865141, GH#298: QName values were not accepted by the
  - el.iter() method. Patch by xmo-odoo.
  - LP#1863413, GH#297: The build failed to detect libraries on Linux
  - that are only configured via pkg-config. Patch by Hugh McMaster.
- Update 4.5.0 (2020-01-29)
  Features added
  - A new function indent() was added to insert tail whitespace for
  - pretty-printing an XML tree.
  Bugs fixed
  - LP#1857794: Tail text of nodes that get removed from a document
    using item deletion disappeared silently instead of sticking with
    the node that was removed.
  Other changes
  - MacOS builds are 64-bit-only by default. Set CFLAGS and LDFLAGS
    explicitly to override it.
  - Linux/MacOS Binary wheels now use libxml2 2.9.10 and libxslt 1.1.34.
  - LP#1840234: The package version number is now available as
    lxml.__version__.
- Update 4.4.3 (2020-01-28)
  Bugs fixed
  - LP#1844674: itertext() was missing tail text of comments and PIs
    since 4.4.0.
python-parallax
- Don't use ssh if command running on local (bsc#1200833)
  Add patch 0003-Fix-task-Don-t-use-ssh-if-command-running-on-local-b.patch
python-py
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
  * Fix a regular expression DoS vulnerability in the py.path.svnwc
    SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
  * Add type annotation stubs
python-rtslib-fb
- Update parameters description in rbd-support.patch
- Add rbd-support-disable_emulate_legacy_capacity.patch (bsc#1199090)
python3
- Add patch CVE-2021-28861-double-slash-path.patch:
  * http.server: Fix an open redirection vulnerability in the HTTP server
    when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
- Add CVE-2015-20107-mailcap-unsafe-filenames.patch to avoid
  CVE-2015-20107 (bsc#1198511, gh#python/cpython#68966), the
  command injection in the mailcap module.
- Rename support-expat-245.patch to
  support-expat-CVE-2022-25236-patched.patch to unify the patch
  with other packages.
- Add bpo-46623-skip-zlib-s390x.patch skipping two failing tests
  on s390x.
- Update bundled pip wheel to the latest SLE version patched
  against bsc#1186819 (CVE-2021-3572).
- Add patch support-expat-245.patch:
  * Support Expat >= 2.4.5
- Rename 22198.patch into more descriptive remove-sphinx40-warning.patch.
- Don't use appstream-glib on SLE-12.
- Use Python 2-based Sphinx on SLE-12.
- No documentation on SLE-12.
- Add skip_SSL_tests.patch skipping tests because of patched
  OpenSSL (bpo#9425).
regionServiceClientConfigGCE
- Update to version 4.0.0 (bsc#1199668)
  + Move the cert location to /usr for compatibility with ro setup of
    SLE-Micro
  + Fix url in spec file to pint to the proper location of the source
release-notes-sles-for-sap
15.3.20220712 (tracked in bsc#1201315)
- Trento is fully supported remove it from tech preview
  section (bsc#1201315)
- Added note about native systemd integration (bsc#1197511)
resource-agents
- ECO: Maint: Azure Events RA can not handle AV Zones (jsc#PED-2000)
  Add upstream patch:
    0001-azure-events-az-new-resource-agent-1774.patch
- AUDIT-FIND: resource-agents: Predictable log file in /tmp in mariadb.in
  (bsc#1146691)
  Add patch:
    0001-mariadb-Remove-obsolete-DEBUG_LOG-functionality-1191.patch
- RA aws-vpc-move-ip is lacking the possibility to assign a label to an interface.
  (bsc#1199766)  Include upsteam patch:
    0001-aws-vpc-move-ip-Allow-to-set-the-interface-label.patch
- Can IPaddr2 run ARP for IPV6 in background during start operation
  (bsc#1196164)
  Include upstream patches:
    0001-IPaddr2-Allow-to-disable-Duplicate-Address-Detection.patch
    0002-IPaddr2-Allow-to-send-IPv6-Neighbor-Advertisements-i.patch
    0003-IPaddr2-Log-ip-addr-add-options-together.patch
    0004-IPaddr2-Clarify-behavior-of-arp_-parameters-for-IPv4.patch
- oracle RA lists monpassword as optional but fails unless provided
  (bsc#1197956)
  Add upstream patch:
    0001-Improve-the-error-message-if-monpassword-was-not-set.patch
- ECO (jsc#SLE-23736) Provide a way to manage autofs mounts from
rsync
- Add support for --trust-sender parameter (patch by Jie Gong in
  bsc#1202970). (related to CVE-2022-29154, bsc#1201840)
  * Added patch rsync-CVE-2022-29154-trust-sender-1.patch
  * Added patch rsync-CVE-2022-29154-trust-sender-2.patch
- Apply "/rsync-CVE-2022-29154.patch"/ to fix a security vulnerability
  in the do_server_recv() function. [bsc#1201840, CVE-2022-29154]
rsyslog
- - fix segfault in qDeqLinkedList during shutdown (bsc#1199283)
  * add 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
- Remove inotify watch descriptor in imfile on inode change detected
  (bsc#1198939)
  * add 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
  syslog reception (bsc#1199061)
  * add CVE-2022-24903.patch
- add service dependencies for remote logging (bsc#1194669)
- update config example in remote.conf to match upstream documentation
ruby2
- Update suse.patch to 41adc98ad1:
  - Cookie Prefix Spoofing in CGI::Cookie.parse (boo#1193081 CVE-2021-41819)
- add back some lost chunks to the suse.patch
- Update suse.patch:
  - backport fix for CVE-2022-28739: ruby: Buffer overrun in
    String-to-Float conversion (boo#1198441)
  - back port date 2.0.3 CVE-2021-41817 (boo#1193035)
  - merge the previous bug fixes into suse.patch
  - CVE-2021-32066.patch
  - CVE-2021-31810.patch
  - CVE-2021-31799.patch
- Add Requires to make and gcc to ruby-devel to make the default
  extconf.rb work
rubygem-actionpack-5_1
- Added patch 0005-CVE-2021-22904.patch to fix CVE-2021-22904
  (bsc#1185780)
- Added patch 0004-CVE-2022-23633.patch to fix CVE-2022-23633
  (bsc#1196182)
rubygem-activesupport-5_1
- Add patch to fix CVE-2022-27777 (bsc#1199060)
  CVE-2022-27777.patch
- Added patch CVE-2022-23633.patch to fix CVE-2022-23633 (bsc#1196182)
rubygem-kramdown
- security update
- added patches
  fix CVE-2020-14001 [bsc#1174297], processing template options inside documents allows unintended read access or embedded Ruby code execution
  + rubygem-kramdown-CVE-2020-14001.patch
rubygem-loofah
- Added patch CVE-2019-15587.patch to fix CVE-2019-15587 (bsc#1154751)
rubygem-puma
- updated to version 4.3.12
  * fix bsc#1197818, CVE-2022-24790
  rubygem-puma: HTTP request smuggling if proxy is not RFC7230 compliant
- updated to version 4.3.11
  * fix bsc#1196222, CVE-2022-23634
  rubygem-puma: puma would not always call 'close' on the response body
  * fix bsc#1191681, CVE-2021-41136
  * fix bsc#1188527, CVE-2021-29509
rubygem-rack
- security update
- added patches
  fix CVE-2020-8184 [bsc#1173351], percent-encoded cookies can be used to overwrite existing prefixed cookie names
  + rubygem-rack-CVE-2020-8184.patch
  fix CVE-2020-8161 [bsc#1172037], directory traversal in Rack:Directory
  + rubygem-rack-CVE-2020-8161.patch
- security update
- added patches
  fix CVE-2022-30122 [bsc#1200748], crafted multipart POST request may cause a DoS
  + rubygem-rack-CVE-2022-30122.patch
  fix CVE-2022-30123 [bsc#1200750], crafted requests can cause shell escape sequences
  + rubygem-rack-CVE-2022-30123.patch
rubygem-rails-html-sanitizer
- Add patch 0001_CVE-2022-32209.patch
  This patch fixes CVE-2022-32209 (bsc#1201183)
rubygem-tzinfo
- security update
- added patches
  fix CVE-2022-31163 [bsc#1201835], Relative path traversal vulnerability allows TZInfo::Timezone.get to load arbitrary files
  + rubygem-tzinfo-CVE-2022-31163.patch
runc
- Update to runc v1.1.4. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.4.
  * Fix mounting via wrong proc fd. When the user and mount namespaces are
    used, and the bind mount is followed by the cgroup mount in the spec,
    the cgroup was mounted using the bind mount's mount fd.
  * Switch kill() in libcontainer/nsenter to sane_kill().
  * Fix "/permission denied"/ error from runc run on noexec fs.
  * Fix failed exec after systemctl daemon-reload. Due to a regression
    in v1.1.3, the DeviceAllow=char-pts rwm rule was no longer added and
    was causing an error open /dev/pts/0: operation not permitted: unknown when systemd was reloaded.
    (boo#1202821)
- Update to runc v1.1.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.3.
  (Includes a fix for bsc#1200088.)
  * Our seccomp `-ENOSYS` stub now correctly handles multiplexed syscalls on
    s390 and s390x. This solves the issue where syscalls the host kernel did not
    support would return `-EPERM` despite the existence of the `-ENOSYS` stub
    code (this was due to how s390x does syscall multiplexing).
  * Retry on dbus disconnect logic in libcontainer/cgroups/systemd now works as
    intended; this fix does not affect runc binary itself but is important for
    libcontainer users such as Kubernetes.
  * Inability to compile with recent clang due to an issue with duplicate
    constants in libseccomp-golang.
  * When using systemd cgroup driver, skip adding device paths that don't exist,
    to stop systemd from emitting warnings about those paths.
  * Socket activation was failing when more than 3 sockets were used.
  * Various CI fixes.
  * Allow to bind mount /proc/sys/kernel/ns_last_pid to inside container.
  * runc static binaries are now linked against libseccomp v2.5.4.
- Remove upstreamed patches:
  - bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Backport <https://github.com/opencontainers/runc/pull/3474> to fix issues
  with newer syscalls (namely faccessat2) on older kernels on s390(x) caused by
  that platform's syscall multiplexing semantics. bsc#1192051 bsc#1199565
  + bsc1192051-0001-seccomp-enosys-always-return-ENOSYS-for-setup-2-on-s390x.patch
- Add ExcludeArch for s390 (not s390x) since we've never supported it.
- Update to runc v1.1.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.2.
  CVE-2022-29162 bsc#1199460
  * A bug was found in runc where runc exec --cap executed processes with
    non-empty inheritable Linux process capabilities, creating an atypical Linux
    environment. For more information, see [GHSA-f3fp-gc8g-vw66][] and
    CVE-2022-29162. bsc#1199460
  * `runc spec` no longer sets any inheritable capabilities in the created
    example OCI spec (`config.json`) file.
- Update to runc v1.1.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.1.
  * runc run/start can now run a container with read-only /dev in OCI spec,
    rather than error out. (#3355)
  * runc exec now ensures that --cgroup argument is a sub-cgroup. (#3403)
    libcontainer systemd v2 manager no longer errors out if one of the files
    listed in /sys/kernel/cgroup/delegate do not exist in container's
    cgroup. (#3387, #3404)
  * Loosen OCI spec validation to avoid bogus "/Intel RDT is not supported"/
    error. (#3406)
  * libcontainer/cgroups no longer panics in cgroup v1 managers if stat
    of /sys/fs/cgroup/unified returns an error other than ENOENT. (#3435)
- Update to runc v1.1.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0.
  - libcontainer will now refuse to build without the nsenter package being
    correctly compiled (specifically this requires CGO to be enabled). This
    should avoid folks accidentally creating broken runc binaries (and
    incorrectly importing our internal libraries into their projects). (#3331)
- Update to runc v1.1.0~rc1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.1.0-rc.1.
  + Add support for RDMA cgroup added in Linux 4.11.
  * runc exec now produces exit code of 255 when the exec failed.
    This may help in distinguishing between runc exec failures
    (such as invalid options, non-running container or non-existent
    binary etc.) and failures of the command being executed.
  + runc run: new --keep option to skip removal exited containers artefacts.
    This might be useful to check the state (e.g. of cgroup controllers) after
    the container hasexited.
  + seccomp: add support for SCMP_ACT_KILL_PROCESS and SCMP_ACT_KILL_THREAD
    (the latter is just an alias for SCMP_ACT_KILL).
  + seccomp: add support for SCMP_ACT_NOTIFY (seccomp actions). This allows
    users to create sophisticated seccomp filters where syscalls can be
    efficiently emulated by privileged processes on the host.
  + checkpoint/restore: add an option (--lsm-mount-context) to set
    a different LSM mount context on restore.
  + intelrdt: support ClosID parameter.
  + runc exec --cgroup: an option to specify a (non-top) in-container cgroup
    to use for the process being executed.
  + cgroup v1 controllers now support hybrid hierarchy (i.e. when on a cgroup v1
    machine a cgroup2 filesystem is mounted to /sys/fs/cgroup/unified, runc
    run/exec now adds the container to the appropriate cgroup under it).
  + sysctl: allow slashes in sysctl names, to better match sysctl(8)'s
    behaviour.
  + mounts: add support for bind-mounts which are inaccessible after switching
    the user namespace. Note that this does not permit the container any
    additional access to the host filesystem, it simply allows containers to
    have bind-mounts configured for paths the user can access but have
    restrictive access control settings for other users.
  + Add support for recursive mount attributes using mount_setattr(2). These
    have the same names as the proposed mount(8) options -- just prepend r
    to the option name (such as rro).
  + Add runc features subcommand to allow runc users to detect what features
    runc has been built with. This includes critical information such as
    supported mount flags, hook names, and so on. Note that the output of this
    command is subject to change and will not be considered stable until runc
    1.2 at the earliest. The runtime-spec specification for this feature is
    being developed in opencontainers/runtime-spec#1130.
  * system: improve performance of /proc/$pid/stat parsing.
  * cgroup2: when /sys/fs/cgroup is configured as a read-write mount, change
    the ownership of certain cgroup control files (as per
    /sys/kernel/cgroup/delegate) to allow for proper deferral to the container
    process.
  * runc checkpoint/restore: fixed for containers with an external bind mount
    which destination is a symlink.
  * cgroup: improve openat2 handling for cgroup directory handle hardening.
    runc delete -f now succeeds (rather than timing out) on a paused
    container.
  * runc run/start/exec now refuses a frozen cgroup (paused container in case of
    exec). Users can disable this using --ignore-paused.
- Update version data embedded in binary to correctly include the git commit of
  the release.
- Drop runc-rpmlintrc because we don't have runc-test anymore.
  bsc#1193436
samba
- CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
  (bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
  (bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
    (bso#15042);
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
    (bso#15099);
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work; (bso#15076);
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069);
  * netgroups support removed; (bso#15087); (bsc#1199247);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674); (bsc#1199734);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
    (bsc#1200556);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
  * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
    (bso#15108);
  * smbd doesn't handle UPNs for looking up names; (bso#15054);
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979);
- Fix  smbclient commands del & deltree failing with
  NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
  (bsc#1200556).
- Revert NIS support removal; (bsc#1199247);
- Use requires_eq macro to require the libldb2 version available at
  samba-dsdb-modules build time; (bsc#1199362);
- Add missing samba-client requirement to samba-winbind package;
  (bsc#1198255);
- Update to 4.15.7
  * Share and server swapped in smbget password prompt; (bso#14831);
  * Durable handles won't reconnect if the leased file is written
    to; (bso#15022);
  * rmdir silently fails if directory contains unreadable files and
    hide unreadable is yes; (bso#15023);
  * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
    on renamed file handle; (bso#15038);
  * vfs_shadow_copy2 breaks "/smbd async dosmode"/ sync fallback;
    (bso#14957);
  * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
    (bso#15035);
  * PAM Kerberos authentication incorrectly fails with a clock skew
    error; (bso#15046);
  * username map - samba erroneously applies unix group memberships
    to user account entries; (bso#15041);
  * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
    in SMBC_server_internal; (bso#14983);
  * Simple bind doesn't work against an RODC (with non-preloaded users);
    (bso#13879);
  * Crash of winbind on RODC; (bso#14641);
  * uncached logon on RODC always fails once; (bso#14865);
  * KVNO off by 100000; (bso#14951);
  * LDAP simple binds should honour "/old password allowed period"/;
    (bso#15001);
  * wbinfo -a doesn't work reliable with upn names; (bso#15003);
  * Simple bind doesn't work against an RODC (with non-preloaded
    users); (bso#13879);
  * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
  * Regression: create krb5 conf = yes doesn't work with a single KDC;
    (bso#15016);
- Add provides to samba-client-libs package to fix upgrades from
  previous versions; (bsc#1197995);
- Add missing samba-libs requirement to samba-winbind package;
  (bsc#1198255);
- Update to 4.15.6
  * Renaming file on DFS root fails with
    NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
  * Samba does not response STATUS_INVALID_PARAMETER when opening 2
    objects with same lease key; (bso#14737);
  * NT error code is not set when overwriting a file during rename
    in libsmbclient; (bso#14938);
  * Fix ldap simple bind with TLS auditing; (bso#14996);
  * net ads info shows LDAP Server: 0.0.0.0 depending on contacted
    server; (bso#14674);
  * Problem when winbind renews Kerberos; (bso#14979);
    (bsc#1196224);
  * pam_winbind will not allow gdm login if password about to
    expire; (bso#8691);
  * virusfilter_vfs_openat: Not scanned: Directory or special file;
    (bso#14971);
  * DFS fix for AIX broken; (bso#13631);
  * Solaris and AIX acl modules: wrong function arguments;
    (bso#14974);
  * Function aixacl_sys_acl_get_file not declared / coredump;
    (bso#7239);
  * Regression: Samba 4.15.2 on macOS segfaults intermittently
    during strcpy in tdbsam_getsampwnam; (bso#14900);
  * Fix a use-after-free in SMB1 server; (bso#14989);
  * smb2_signing_decrypt_pdu() may not decrypt with
    gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
    (bso#14968);
  * Changing the machine password against an RODC likely destroys
    the domain join; (bso#14984);
  * authsam_make_user_info_dc() steals memory from its struct
    ldb_message *msg argument; (bso#14993);
  * Use Heimdal 8.0 (pre) rather than an earlier snapshot;
    (bso#14995);
  * Samba autorid fails to map AD users if id rangesize fits in the
    id range only once; (bso#14967);
- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.
- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
  (bsc#1080338).
- Fix ntlm authentications with "/winbind use default domain = yes"/;
  (bso#13126); (bsc#1173429); (bsc#1196308).
- Fix samba-ad-dc status warning notification message by disabling
  systemd notifications in bgqd; (bsc#1195896); (bso#14947).
- libldb version mismatch in Samba dsdb component; (bsc#1118508);
- Update to 4.15.5
  * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
    outside target of a symlink exists; (bso#14911);
    (bsc#1193690).
  * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
    module; (bso#14914); (bsc#1194859).
  * CVE-2022-0336:  Re-adding an SPN skips subsequent SPN
    conflict checks; bso#14950); (bsc#1195048).
sapconf
- version update from 5.0.3 to 5.0.4
- change block device handling to handle multipath devices
  correctly. Only the DM multipath devices (mpath) will be used for
  the settings, but not its paths.
  (bsc#1188743)
- fixed wrong comparison used for setting force_latency
  (bsc#1185702)
- SAP Note 1771258 v6 updates nofile values to 1048576
  (bsc#1192841)
sg3_utils
- Update to version 1.44~763+22.a121545:
  * Add systemd service files for LUN masking
  (bsc#1099278, bsc#954600)
- Update to version 1.44~763+21.3d16f61:
  * sg_turs: fix exit status when not ready in single case
    (boo#1095671)
- Update to version 1.44~763+20.81dc714:
  * rescan-scsi-bus.sh: add timeout parameter (bsc#1199248)
shadow
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
sqlite3
- update to 3.39.3:
  * Use a statement journal on DML statement affecting two or more
    database rows if the statement makes use of a SQL functions
    that might abort.
  * Use a mutex to protect the PRAGMA temp_store_directory and
    PRAGMA data_store_directory statements, even though they are
    decremented and documented as not being threadsafe.
- update to 3.39.2:
  * Fix a performance regression in the query planner associated
    with rearranging the order of FROM clause terms in the
    presences of a LEFT JOIN.
  * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
    1345947, forum post 3607259d3c, and other minor problems
    discovered by internal testing. [boo#1201783]
- update to 3.39.1:
  * Fix an incorrect result from a query that uses a view that
    contains a compound SELECT in which only one arm contains a
    RIGHT JOIN and where the view is not the first FROM clause term
    of the query that contains the view
  * Fix a long-standing problem with ALTER TABLE RENAME that can
    only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
    to a very small value.
  * Fix a long-standing problem in FTS3 that can only arise when
    compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
    option.
  * Fix the initial-prefix optimization for the REGEXP extension so
    that it works correctly even if the prefix contains characters
    that require a 3-byte UTF8 encoding.
  * Enhance the sqlite_stmt virtual table so that it buffers all of
    its output.
- update to 3.39.0:
  * Add (long overdue) support for RIGHT and FULL OUTER JOIN
  * Add new binary comparison operators IS NOT DISTINCT FROM and
    IS DISTINCT FROM that are equivalent to IS and IS NOT,
    respective, for compatibility with PostgreSQL and SQL standards
  * Add a new return code (value "/3"/) from the sqlite3_vtab_distinct()
    interface that indicates a query that has both DISTINCT and
    ORDER BY clauses
  * Added the sqlite3_db_name() interface
  * The unix os interface resolves all symbolic links in database
    filenames to create a canonical name for the database before
    the file is opened
  * Defer materializing views until the materialization is actually
    needed, thus avoiding unnecessary work if the materialization
    turns out to never be used
  * The HAVING clause of a SELECT statement is now allowed on any
    aggregate query, even queries that do not have a GROUP BY
    clause
  * Many microoptimizations collectively reduce CPU cycles by about
    2.3%.
- drop sqlite-src-3380100-atof1.patch, included upstream
- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
  related test failures on 32 bit
- update to 3.38.5:
  * Fix a blunder in the CLI of the 3.38.4 release
- includes changes from 3.38.4:
  * fix a byte-code problem in the Bloom filter pull-down
    optimization added by release 3.38.0 in which an error in the
    byte code causes the byte code engine to enter an infinite loop
    when the pull-down optimization encounters a NULL key
- update to 3.38.3:
  * Fix a case of the query planner be overly aggressive with
    optimizing automatic-index and Bloom-filter construction,
    using inappropriate ON clause terms to restrict the size of the
    automatic-index or Bloom filter, and resulting in missing rows
    in the output.
  * Other minor patches. See the timeline for details.
- update to 3.38.2:
  * Fix a problem with the Bloom filter optimization that might
    cause an incorrect answer when doing a LEFT JOIN with a WHERE
    clause constraint that says that one of the columns on the
    right table of the LEFT JOIN is NULL.
  * Other minor patches.
- Remove obsolete configure flags
- Package the Tcl bindings here again so that we only ship one copy
  of SQLite (bsc#1195773).
- update to 3.38.1:
  * Fix problems with the new Bloom filter optimization that might
    cause some obscure queries to get an incorrect answer.
  * Fix the localtime modifier of the date and time functions so
    that it preserves fractional seconds.
  * Fix the sqlite_offset SQL function so that it works correctly
    even in corner cases such as when the argument is a virtual
    column or the column of a view.
  * Fix row value IN operator constraints on virtual tables so that
    they work correctly even if the virtual table implementation
    relies on bytecode to filter rows that do not satisfy the
    constraint.
  * Other minor fixes to assert() statements, test cases, and
    documentation. See the source code timeline for details.
- add upstream patch to run atof1 tests only on x86_64
  sqlite-src-3380100-atof1.patch
- update to 3.38.0
  * Add the -> and ->> operators for easier processing of JSON
  * The JSON functions are now built-ins
  * Enhancements to date and time functions
  * Rename the printf() SQL function to format() for better
    compatibility, with alias for backwards compatibility.
  * Add the sqlite3_error_offset() interface for helping localize
    an SQL error to a specific character in the input SQL text
  * Enhance the interface to virtual tables
  * CLI columnar output modes are enhanced to correctly handle tabs
    and newlines embedded in text, and add options like "/--wrap N"/,
    "/--wordwrap on"/, and "/--quote"/ to the columnar output modes.
  * Query planner enhancements using a Bloom filter to speed up
    large analytic queries, and a balanced merge tree to evaluate
    UNION or UNION ALL compound SELECT statements that have an
    ORDER BY clause.
  * The ALTER TABLE statement is changed to silently ignores
    entries in the sqlite_schema table that do not parse when
    PRAGMA writable_schema=ON
- update to 3.37.2:
  * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
    cause database corruption if a SAVEPOINT is rolled back while
    in PRAGMA temp_store=MEMORY mode, and other changes are made,
    and then the outer transaction commits
  * Fix a long-standing problem with ON DELETE CASCADE and ON
    UPDATE CASCADE in which a cache of the bytecode used to
    implement the cascading change was not being reset following a
    local DDL change
- update to 3.37.1:
  * Fix a bug introduced by the UPSERT enhancements of version
    3.35.0 that can cause incorrect byte-code to be generated for
    some obscure but valid SQL, possibly resulting in a NULL-
    pointer dereference.
  * Fix an OOB read that can occur in FTS5 when reading corrupt
    database files.
  * Improved robustness of the --safe option in the CLI.
  * Other minor fixes to assert() statements and test cases.
- SQLite3 3.37.0:
  * STRICT tables provide a prescriptive style of data type
    management, for developers who prefer that kind of thing.
  * When adding columns that contain a CHECK constraint or a
    generated column containing a NOT NULL constraint, the
    ALTER TABLE ADD COLUMN now checks new constraints against
    preexisting rows in the database and will only proceed if no
    constraints are violated.
  * Added the PRAGMA table_list statement.
  * Add the .connection command, allowing the CLI to keep multiple
    database connections open at the same time.
  * Add the --safe command-line option that disables dot-commands
    and SQL statements that might cause side-effects that extend
    beyond the single database file named on the command-line.
  * CLI: Performance improvements when reading SQL statements that
    span many lines.
  * Added the sqlite3_autovacuum_pages() interface.
  * The sqlite3_deserialize() does not and has never worked
    for the TEMP database. That limitation is now noted in the
    documentation.
  * The query planner now omits ORDER BY clauses on subqueries and
    views if removing those clauses does not change the semantics
    of the query.
  * The generate_series table-valued function extension is modified
    so that the first parameter ("/START"/) is now required. This is
    done as a way to demonstrate how to write table-valued
    functions with required parameters. The legacy behavior is
    available using the -DZERO_ARGUMENT_GENERATE_SERIES
    compile-time option.
  * Added new sqlite3_changes64() and sqlite3_total_changes64()
    interfaces.
  * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
  * Use less memory to hold the database schema.
  * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
    extension when a column has no collating sequence.
sudo
- Add sudo-1.9.5p2-honor-T_opt.patch
  * the -T option of sudo does nothing even when
  'Defaults user_command_timeouts' is present in the configuration.
  * [bsc#1193446]
  * Credit to Jaroslav Jindrak <dzejrou@gmail.com>
- Add support in the LDAP filter for negated users, patch taken
  from upstream (jsc#20068)
  * Adds sudo-feature-negated-LDAP-users.patch
- Restrict use of sudo -U other -l to people who have permission
  to run commands as that user (bsc#1181703, jsc#SLE-22569)
  * feature-upstream-restrict-sudo-U-other-l.patch
supportutils
- Spec file adjusted for usr-merge
- Changes to version 3.1.20
  + Added command blkid #114
  + Added s390x specific files and output #115
  + Fix for invalid argument during updates (bsc#1193204)
  + Optimized conf_files, conf_files_text and log_cmd functions #118
  + Fixed iscsi initiator name (bsc#1195797)
  + Added rpcinfo -p output #116
  + Included /etc/sssd/conf.d configuration files #100
- Changes to version 3.1.19
  + Made /proc directory and network names spaces configurable (bsc#1193868)
- Changes to version 3.1.19
  + Removed chronyc DNS lookups with -n switch (bsc#1193732)
- Merged Include udev rules in /lib/udev/rules.d/ #113
- Merged Move localmessage/warm logs out of messages.txt to new localwarn.txt #87
- getappcore identifies compressed core files (bsc#1191794)
- Installing to /usr/sbin instead of /sbin (bsc#1191096)
- Added shared memory as a log directory for emergency use (bsc#1190943)
- Fixed cron package for RPM validation (bsc#1190315)
- Updated spec file with correct URL
- Changes to version 3.1.18
  + Added email.txt based on OPTION_EMAIL #108 (bsc#1189028)
  + Include 'multipath -t' output in mpio.txt #105
  + Improved lsblk readability with --ascsi #106
  + Removed duplicate commands in network.txt
  + Remove duplicate firewalld status output #109
supportutils-plugin-ha-sap
- Update to version 0.0.4+git.1663748456.ad13e75:
  * fix basic support for saptune
    add saptune version 3 awareness and add a hint for the new
    saptune supportconfig plugin delivered within the saptune
    package >= 3.x
    (bsc#1203202)
- Update to version 0.0.3+git.1659022100.39bfcd6:
  * Update README.md
  * Replace spaces to tabs.
  * Search for other groups too.
  * Include /etc/group in plugin-ha_sap.txt (bsc#1201831)
  * Update ha_sap
  * Update pacemaker.log location change
  * suppress link path in Readme.md
  * add section 'Additional information' to the Readme.md
  * change release status of the project
  * Update README.md
  * Update ha_sap
supportutils-plugin-suse-public-cloud
- Update to version 1.0.6 (bsc#1195095, bsc#1195096)
  + Include cloud-init logs whenever they are present
  + Update the packages we track in AWS, Azure, and Google
  + Include the ecs logs for AWS ECS instances
suse-build-key
- still ship the old ptf key (was not added to documentation by mistake).
  (bsc#1198504)
- No longer install 1024bit keys by default. (bsc#1197293)
  - SLE11 key moved to documentation
  - old PTF (pre March 2022) moved to documentation only
- extended expiry of SUSE PTF key, move it to suse_ptf_key_old.asc
- added new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494)
- extended expiry of SUSE SLES11 key (bsc#1194845)
- added SUSE Contaner signing key in PEM format for use e.g. by cosign.
- SUSE security key replaced with 2022 edition (E-Mail usage only). (bsc#1196495)
sysconfig
- version 0.85.9
- spec: revert to recommend wicked-service on <= 15.4
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- spec: drop legacy migration (from sle11) and rpm-utils
- version 0.85.8
- netconfig: revert NM default policy change change (boo#1185882)
  With the change to the default policy, netconfig with NetworkManager
  as network.service accepted settings from all services/programs
  directly instead only from NetworkManager, where plugins/services
  have to deliver their settings to apply them.
- version 0.85.7
- spec: Drop hard dependency on /sbin/ifup
- spec: Suggest instead of recommend wicked-service
- spec: Mention that the .spec file is in git as well
- Also support service(network) provides
systemd
- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
  To decrease log level of messages about use of KillMode=none from warning to
  debug. SAP still uses this deprecated option and the warnings emitted by PID1
  confuse both SAP customers and support.
- Import commit e7211d27e1bd26b976aa74ff620cc22a0267b5b8
  1300e134a0 tmpfiles: check the directory we were supposed to create, not its parent
  e4bb32dc65 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
  d8d0c083bd logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Import commit 0fb88066f5fa4695467e930559776cc3444773ec
  90740ae2aa string-util: explicitly cast character to unsigned
  ca1455c5b9 string-util: fix build error on aarch64
  c0829f98fc basic/escape: escape control characters, but not utf-8, in shell quoting
  387a2e1fbf basic/string-util: simplify how str_realloc() is used
  cdc4d55d22 basic/string-util: inline iterator variable declarations
  d435514c85 basic/string-util: split out helper function
  bdbc4faff5 basic/escape: always escape newlines in shell_escape()
  3eb13063d1 basic/escape: add mode where empty arguments are still shown as "/"/
  08fd20d8fb Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
  ec07c1c46c basic/escape: use consistent location for "/*"/ in function declarations
  074e1b622e Allow control characters in environment variable values (bsc#1200170)
  44e419dcb0 Revert "/basic/env-util: (mostly) follow POSIX for what variable names are allowed"/
  d5756f6f71 test-env-util: Verify that r is disallowed in env var values
  d02bac33d3 basic/env-util: make function shorter
  c68d5f0ba6 basic/env-util: (mostly) follow POSIX for what variable names are allowed
  887c150a04 test-env-util: print function headers
- Import commit 40960e1ccb15071355fd3ee922877ef51f34bdbc
  e6354ebb34 core/device: device_coldplug(): don't set DEVICE_DEAD
  b593249c00 core/device: do not downgrade device state if it is already enumerated
  7b47b3c306 core/device: ignore DEVICE_FOUND_UDEV bit on switching root (bsc#1137373 bsc#1181658 bsc#1194708 bsc#1195157 bsc#1197570)
  912c07c281 core/device: drop unnecessary condition
- fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Call pam_loginuid when creating user@.service (bsc#1198507)
  It's a backport of upstream commit 1000522a60ceade446773c67031b47a566d4a70d.
- Import commit 12b0904b9117aeaef138784e5b118b82cd87d7cb
  b579fe1e09 tmpfiles: constify item_compatible() parameters
  01f4af3573 test: add test checking tmpfiles conf file precedence
  e8f4d24e97 test tmpfiles: add a test for 'w+'
  9c559f3854 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
  7fab6b6a6e journald: make use of CLAMP() in cache_space_refresh()
  1c8b02567c journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
  0007446abc journal-file: port journal_file_open() to openat_report_new()
  a07ad29813 fs-util: make sure openat_report_new() initializes return param also on shortcut
  6bb087a1fc fs-util: fix typos in comments
  42532a8bfb fs-util: add openat_report_new() wrapper around openat()
- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
- Fix the default target when it's been incorrectly set to one of the runlevel
  targets (bsc#1196567)
  The script 'upgrade-from-pre-210.sh' used to initialize the default target
  during migration from sysvinit to systemd. However it created symlinks to
  runlevel targets, which are deprecated. If such symlinks are found the script
  now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one. In
  most cases it will do the right thing anyway.
- Import commit 117e7b96f8e8c63a9eec3459147f5352015a6d08
  3a395b156d Don't open /var journals in volatile mode when runtime_journal==NULL
  1cd65c15e4 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
  3ee9953dd4 man: tweak description of auto/noauto (bsc#1191502)
  6cfeacbf86 shared/install: ignore failures for auxiliary files
  37083278ed install: make UnitFileChangeType enum anonymous
  0a02185526 shared/install: reduce scope of iterator variables
  86c55bde7f systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- update s390 udev rules conversion script to include the case when
  the legacy rule was also 41-* (bsc#1195247)
  * change scripts-udev-convert-rules.sh
- Add in quarantine 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
  Add in quarantine 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- Add 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (bsc#1193086)
systemd-presets-branding-SLE
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
systemd-presets-common-SUSE
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter "/user"/, the save/apply-changes commands now
  work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (boo#1200485)
- enable vgauthd service for VMWare by default (bsc#1195251)
tar
- bsc1200657.patch was previously incomplete leading to deadlocks
  * bsc#1202436
  * bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
  bsc#1200657
  * bsc1200657.patch
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
  'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
  (%check): Output the testsuite.log in case the testsuite failed.
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  * bsc#1181131, CVE-2021-20193
  * bsc#1120610
- GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges
- GNU tar 1.33:
  * POSIX extended format headers do not include PID by default
  * --delay-directory-restore works for archives with reversed
    member ordering
  * Fix extraction of a symbolic link hardlinked to another
    symbolic link
  * Wildcards in exclude-vcs-ignore mode don't match slash
  * Fix the --no-overwrite-dir option
  * Fix handling of chained renames in incremental backups
  * Link counting works for file names supplied with -T
  * Accept only position-sensitive (file-selection) options in file
    list files
- remove deprecated texinfo packaging macros
- prepare usrmerge (boo#1029961)
- Drop Requires(pre) info in the preamble: the main package does
  not contain any info files, and has not even a pre script. The
  - doc subpackage already has the correct deps.
- No longer recommend -lang: supplements are in use.
- update to version 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
  tar-1.31-racy_compress_tests.patch that are no longer needed
  (applied usptream)
- Remove libattr-devel from buildrequires, tar no longer uses
  it but finds xattr functions in libc.
- update to version 1.31
  * Fix heap-buffer-overrun with --one-top-level, bug introduced
    with the addition of that option in 1.28
  * Support for zstd compression
  * New option '--zstd' instructs tar to use zstd as compression
    program. When listing, extractng and comparing, zstd compressed
    archives are recognized automatically. When '-a' option is in
    effect, zstd compression is selected if the destination archive
    name ends in '.zst' or '.tzst'.
  * The -K option interacts properly with member names given in the
    command line. Names of members to extract can be specified along
    with the "/-K NAME"/ option. In this case, tar will extract NAME
    and those of named members that appear in the archive after it,
    which is consistent with the semantics of the option. Previous
    versions of tar extracted NAME, those of named members that
    appeared before it, and everything after it.
  * Fix CVE-2018-20482 - When creating archives with the --sparse
    option, previous versions of tar would loop endlessly if a
    sparse file had been truncated while being archived.
- remove the following patches (upstreamed)
  * tar-1.30-tests-difflink.patch
  * tar-1.30-tests_dirrem_race.patch
- refresh add_readme-tests.patch
- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem
  tests
- add tar-1.31-racy_compress_tests.patch to fix compression tests
tcl
- New version 8.6.12:
  * (bug)[d43f96] [string trim*] broken for Emoji
  * (bug)[22324b] [string reverse] broken for Emoji
  * (bug)[1dab71,7c64aa] BRE broken by uninitialized value use
  * (bug)[8419c5] Unix tty channels tolerate EINTR
  * ** POTENTIAL INCOMPATIBILITY ***
  * (bug)[4c591f] [string compare] EIAS violation
  * (bug)[266494] [concat foo [list #]] EIAS violation
  * (bug)[24b918] Save IO buffers from modern optimizers
  * (new) support for POSIX error EILSEQ
  * (bug)[688fcc] segfault during traced delete of alias
  * (bug)[ccc448] segfault in ensemble rewrite machinery
  * (new) Update to Unicode-14
  * (bug)[a8579d] failed proc argument spec processing
  * Obsoletes tcl-aa4a13c15516da45.patch
- Bump %itclver and ensure it stays in sync.
- bsc#1185662: Move tcl.macros /usr/lib/rpm/macros.d .
- https://core.tcl-lang.org/thread/tktview?name=98ae20f0f5:
  Add tcl-aa4a13c15516da45.patch to disable lto for the stubs
  libraries.
- tclConfig.sh: Fix path names and avoid braces in TCL_PACKAGE_PATH
- Set TCL_LIBRARY at configure time for better consistency.
- New version: 8.6.11:
  * Add tcltest::(Setup|Eval|Cleanup|)Test
  * Update to Unicode-13
  * Add 3 libtommath functions to stub table
  * Many more bug fixes
- Potentially incompatible changes:
  * (bug)[ffeb20] [binary decode base64] ignore invalid chars
  * (bug)[b8e82d] some -maxlen values break uuencode round trip
  * (bug)[085913] Tcl_DStringAppendElement # quoting precision
  * (bug)[81242a] revised documentation for Tcl_UtfAtIndex()
  * (bug)[ed2980] Tcl_UtfToUniChar reads > TCL_UTF_MAX bytes
  * (bug)[a1bd37] [clock scan] new ISO format (clock-34.(19-24))
  * (bug)[501974] [clock scan] +time zone (clock-34.(53-68))
  * (new) force -eofchar 032 when evaluating library scripts
  * (new)[48898a] improve error message consistency
  * (new) revised case of module names
- Add a manpage symlink for tclsh8.6.
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- New version: 8.6.10:
  * (bug)[7a9dc5] [file normalize ~/~foo] segfault
  * (bug)[3cf3a9] variable 'timezone' deprecated in vc2017
  * (bug)[cc1e91] [list [list {*}[set a "/ "/]]] regression
    obsoletes tcl-expand-regression.patch.
  * (bug)[e3f481] tests var-1.2[01]
  * (new) Update to Unicode 12.0
  * (new)[TIP 527] New command [timerate]
  * (bug)[39fed4] [package require] memory validity
  * (new) New command tcl::unsupported::corotype
  * (bug) memlink when namespace deletion kills linked var
  * (new) README file converted to README.md in Markdown
  * (bug)[8b9854] [info level 0] regression with ensembles
  * (bug)[6bdadf] crash multi-arg write-traced [lappend]
  * (bug)[f8a33c] crash Tcl_Exit before init
  * (bug)[fa6bf3] Bytecode fails epoch recovery at numLevel=0
  * (bug)[fec0c1] C stack overflow compiling bytecode
  * tzdata updated to Olson's tzdata2019c
  * (bug)[16768d] Fix [info hostname] on NetBSD
  * (new) libtommath updated to release 1.2.0
  * (bug)[bcd100] bad fs cache when system encoding changes
  * (bug)[135804] segfault in [next] after destroy
  * (bug)[13657a] application/json us text, not binary
- binary-40.3 is expected to fail on riscv64 which does not support NaN
  propagation
- Use FAT LTO objects in order to provide proper static
  library (boo#1138797).
- Fix a regression in the handling of denormalized empty lists
  (tcl-expand-regression.patch, tcl#cc1e91552c).
- New version: 8.6.9:
  * NR-enable [package require]
  * (bug)[9fd5c6] crash in object deletion, test oo-11.5
  * (bug)[3c32a3] crash deleting object with class mixed in
  * (platform) stop using -lieee, removed from glibc-2.27
    (bsc#1179615, bsc#1181840).
  * (bug)[8e6a9a] bad binary [string match], test string-11.55
  * (bug)[1873ea] repair multi-thread std channel init
  * (bug)[db36fa] broken bytecode for index values
  * (bug) broken compiled [string replace], test string-14.19
  * (bug) [string trim*] engine crashed on invalid UTF
  * (bug) missing trace in compiled [array set], test var-20.11
  * (bug)[46a241] crash in unset array with search, var-13.[23]
  * (bug)[27b682] race made [file delete] raise "/no such file"/
  * (bug)[925643] 32/64 cleanup of filesystem DIR operations
  * (bug) leaks in TclSetEnv and env cache
  * (bug)[3592747] [yieldto] dying namespace, tailcall-14.1
  * (bug)[270f78] race in [file mkdir]
  * (bug)[3f7af0] [file delete] raised "/permission denied"/
  * (bug)[d051b7] overflow crash in [format]
  * revised quoting of [exec] args in generated command line
  * HTTP Keep-Alive with pipelined requests
  * (new)[TIP 505] [lreplace] accepts all out of range indices
  * (bug) Prevent crash from NULL keyName in the registry package
  * Update tcltest package for Travis support
  * (bug)[35a8f1] overlong string length of some lists
  * (bug)[00d04c] Repair [binary encode base64]
- Version 8.6.8:
  * [array names -regexp] supports backrefs
  * Fix gcc build failures due to #pragma placement
  * (bug)[b50fb2] exec redir append stdout and stderr to file
  * (bug)[2a9465] http state 100 continue handling broken
  * (bug)[0e4d88] replace command, delete trace kills namespace
  * (bug)[1a5655] [info * methods] includes mixins
  * (bug)[fc1409] segfault in method cloning, oo-15.15
  * (bug)[3298012] Stop crash when hash tables overflow 32 bits
  * (bug)[5d6de6] Close failing case of [package prefer stable]
  * (bug)[4f6a1e] Crash when ensemble map and list are same
  * (bug)[ce3a21] file normalize failure when tail is empty
  * (new)[TIP 477] nmake build system reform
  * (bug)[586e71] EvalObjv exception handling at level #0
- Sync SLE12 with Factory to fix a bug in Itcl that was affecting
  iwidgets (bsc#903017).
tcpdump
- Security fix: [bsc#1195825, CVE-2018-16301]
  * Fix segfault when handling large files
  * Add tcpdump-CVE-2018-16301.patch
telnet
- Fix CVE-2022-39028, NULL pointer dereference in telnetd
  (CVE-2022-39028, bsc#1203759)
  CVE-2022-39028.patch
tiff
- security update:
  * CVE-2022-2519 [bsc#1202968]
  * CVE-2022-2520 [bsc#1202973]
  * CVE-2022-2521 [bsc#1202971]
    + tiff-CVE-2022-2519,CVE-2022-2520,CVE-2022-2521.patch
  * CVE-2022-2867 [bsc#1202466]
  * CVE-2022-2868 [bsc#1202467]
  * CVE-2022-2869 [bsc#1202468]
    + tiff-CVE-2022-2867,CVE-2022-2868,CVE-2022-2869.patch
- CVE-2022-34266 [bsc#1201971] and [bsc#1201723]:
  Rename tiff-CVE-2022-0561.patch to
  tiff-CVE-2022-0561,CVE-2022-34266.patch
  This CVE is actually a duplicate.
- security update:
  * CVE-2022-34526 [bsc#1202026]
    + tiff-CVE-2022-34526.patch
- security update
  * CVE-2022-2056 [bsc#1201176]
  * CVE-2022-2057 [bsc#1201175]
  * CVE-2022-2058 [bsc#1201174]
    + tiff-CVE-2022-2056,CVE-2022-2057,CVE-2022-2058.patch
- security update
  * CVE-2022-0561 [bsc#1195964]
    + tiff-CVE-2022-0561.patch
  * CVE-2022-0562 [bsc#1195965]
    + tiff-CVE-2022-0562.patch
  * CVE-2022-0865 [bsc#1197066]
    + tiff-CVE-2022-0865.patch
  * CVE-2022-0909 [bsc#1197072]
    + tiff-CVE-2022-0909.patch
  * CVE-2022-0924 [bsc#1197073]
    + tiff-CVE-2022-0924.patch
  * CVE-2022-0908 [bsc#1197074]
    + tiff-CVE-2022-0908.patch
- security update
  * CVE-2022-1056 [bsc#1197631]
  * CVE-2022-0891 [bsc#1197068]
    + tiff-CVE-2022-1056,CVE-2022-0891.patch
tigervnc
- U_Handle-pending-data-in-TLS-buffers.patch
  * Vncclient wasn't refreshing screen correctly due to an issue on
    TLS stream buffers.
  * bsc#1199477
- U_0003-Fix-rendering-on-big-endian-system.patch
  * Patch now handles properly endianness.
  * Patch modified from: 7ab92639848a6059e2b6b88499b008b9606f3af6
  * bsc#1197119
- U_0003-Fix-rendering-on-big-endian-system.patch
  * Backport to fix rendering on big endian systems.
  * bsc#1177758
timezone
- Update to reflect new Chile DST change, bsc#1202310
  * bsc1202310.patch
- timezone update 2022a (bsc#1177460):
  * Palestine will spring forward on 2022-03-27, not -03-26*
  * zdump -v now outputs better failure indications
  * Bug fixes for code that reads corrupted TZif data
unzip
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
  to a local string (CVE-2022-0530, bsc#1196177)
  * CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
  conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
  * CVE-2022-0529.patch
update-alternatives
- break bash <-> update-alternatives cycle by coolo's rewrite
  of %post in lua [bsc#1195654]
util-linux
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
  (bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
  bsc#1194976,
  util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
  util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
  blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
- blockdev: allow for larger values for start sector (bsc#1188507)
  blockdev-allow-for-larger-values-for-start-sector.patch
util-linux-systemd
- su: Change owner and mode for pty (bsc#1200842,
  util-linux-login-move-generic-setting-to-ttyutils.patch,
  util-linux-su-change-owner-and-mode-for-pty.patch).
- mesg: use only stat() to get the current terminal status
  (bsc#1200842, util-linux-mesg-use-only-stat.patch).
- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
- libmount: When moving a mount point, update all sub mount entries
  in utab (bsc#1198731,
  util-linux-libmount-moving-mount-point-sub-mounts.patch,
  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
- Extend cache in uuid_generate_time_generic() (bsc#1194642#c51,
  util-linux-libuuid-extend-cache.patch).
- Prevent root owning of /var/lib/libuuid/clock.txt
  (bsc#1194642, util-linux-uuidd-prevent-root-owning.patch).
- Make uuidd lock state file usable and time based UUIDs safe again
  (bsc#1194642, util-linux-uuidd-fix-lock-state.patch).
- Fix "/su -s"/ bash completion
  (bsc#1172427, util-linux-bash-completion-su-chsh-l.patch).
- Fix unauthorized umount (CVE-2021-3995, CVE-2021-3996,
  bsc#1194976,
  util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch,
  util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch).
- blockdev: Remove NBSP character in values (bsc#1188507#c31,
  blockdev-remove-nbsp.patch).
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).
- blockdev: allow for larger values for start sector (bsc#1188507)
  blockdev-allow-for-larger-values-for-start-sector.patch
vim
- Updated to version 9.0 with patch level 0313, fixes the following problems
  * Fixing bsc#1200884 Vim: Error on startup
  * Fixing bsc#1200902 VUL-0: CVE-2022-2183: vim: Out-of-bounds Read through get_lisp_indent() Mon 13:32
  * Fixing bsc#1200903 VUL-0: CVE-2022-2182: vim: Heap-based Buffer Overflow through parse_cmd_address() Tue 08:37
  * Fixing bsc#1200904 VUL-0: CVE-2022-2175: vim: Buffer Over-read through cmdline_insert_reg() Tue 08:37
  * Fixing bsc#1201249 VUL-0: CVE-2022-2304: vim: stack buffer overflow in spell_dump_compl()
  * Fixing bsc#1201356 VUL-1: CVE-2022-2343: vim: Heap-based Buffer Overflow in GitHub repository vim prior to 9.0.0044
  * Fixing bsc#1201359 VUL-1: CVE-2022-2344: vim: Another Heap-based Buffer Overflow vim prior to 9.0.0045
  * Fixing bsc#1201363 VUL-1: CVE-2022-2345: vim: Use After Free in GitHub repository vim prior to 9.0.0046.
  * Fixing bsc#1201620 PUBLIC SUSE Linux Enterprise Server 15 SP4 Basesystem zbalogh@suse.com NEW --- SLE-15-SP4-Full-x86_64-GM-Media1 and vim-plugin-tlib-1.27-bp154.2.18.noarch issue
  * Fixing bsc#1202414 VUL-1: CVE-2022-2819: vim: Heap-based Buffer Overflow in compile_lock_unlock()
  * Fixing bsc#1202552 VUL-1: CVE-2022-2874: vim: NULL Pointer Dereference in generate_loadvar()
  * Fixing bsc#1200270 VUL-1: CVE-2022-1968: vim: use after free in utf_ptr2char
  * Fixing bsc#1200697 VUL-1: CVE-2022-2124: vim: out of bounds read in current_quote()
  * Fixing bsc#1200698 VUL-1: CVE-2022-2125: vim: out of bounds read in get_lisp_indent()
  * Fixing bsc#1200700 VUL-1: CVE-2022-2126: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1200701 VUL-1: CVE-2022-2129: vim: out of bounds write in vim_regsub_both()
  * Fixing bsc#1200732 VUL-1: CVE-2022-1720: vim: out of bounds read in grab_file_name()
  * Fixing bsc#1201132 VUL-1: CVE-2022-2264: vim: out of bounds read in inc()
  * Fixing bsc#1201133 VUL-1: CVE-2022-2284: vim: out of bounds read in utfc_ptr2len()
  * Fixing bsc#1201134 VUL-1: CVE-2022-2285: vim: negative size passed to memmove() due to integer overflow
  * Fixing bsc#1201135 VUL-1: CVE-2022-2286: vim: out of bounds read in ins_bytes()
  * Fixing bsc#1201136 VUL-1: CVE-2022-2287: vim: out of bounds read in suggest_trie_walk()
  * Fixing bsc#1201150 VUL-1: CVE-2022-2231: vim: null pointer dereference skipwhite()
  * Fixing bsc#1201151 VUL-1: CVE-2022-2210: vim: out of bounds read in ml_append_int()
  * Fixing bsc#1201152 VUL-1: CVE-2022-2208: vim: null pointer dereference in diff_check()
  * Fixing bsc#1201153 VUL-1: CVE-2022-2207: vim: out of bounds read in ins_bs()
  * Fixing bsc#1201154 VUL-1: CVE-2022-2257: vim: out of bounds read in msg_outtrans_special()
  * Fixing bsc#1201155 VUL-1: CVE-2022-2206: vim: out of bounds read in msg_outtrans_attr()
  * Fixing bsc#1201863 VUL-1: CVE-2022-2522: vim: out of bounds read via nested autocommand
  * Fixing bsc#1202046 VUL-1: CVE-2022-2571: vim: Heap-based Buffer Overflow related to ins_comp_get_next_word_or_line()
  * Fixing bsc#1202049 VUL-1: CVE-2022-2580: vim: Heap-based Buffer Overflow related to eval_string()
  * Fixing bsc#1202050 VUL-1: CVE-2022-2581: vim: Out-of-bounds Read related to cstrchr()
  * Fixing bsc#1202051 VUL-1: CVE-2022-2598: vim: Undefined Behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput()
  * Fixing bsc#1202420 VUL-1: CVE-2022-2817: vim: Use After Free in f_assert_fails()
  * Fixing bsc#1202421 VUL-1: CVE-2022-2816: vim: Out-of-bounds Read in check_vim9_unlet()
  * Fixing bsc#1202511 VUL-1: CVE-2022-2862: vim: use-after-free in compile_nested_function()
  * Fixing bsc#1202512 VUL-1: CVE-2022-2849: vim: Invalid memory access related to mb_ptr2len()
  * Fixing bsc#1202515 VUL-1: CVE-2022-2845: vim: Buffer Over-read related to display_dollar()
  * Fixing bsc#1202599 VUL-1: CVE-2022-2889: vim: use-after-free in find_var_also_in_script() in evalvars.c
  * Fixing bsc#1202687 VUL-1: CVE-2022-2923: vim: NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240
  * Fixing bsc#1202689 VUL-1: CVE-2022-2946: vim: use after free in function vim_vsnprintf_typval
  * Fixing bsc#1202862 VUL-1: CVE-2022-3016: vim: Use After Free in vim prior to 9.0.0285 Mon 12:00
- Deleted patches:
  * restrict-shell-commands.patch
  * source-check-sandbox.patch
  * vim-8.0.1568-CVE-2021-3778.patch
  * vim-8.0.1568-CVE-2021-3796.patch
  * vim-8.0.1568-CVE-2021-3872.patch
  * vim-8.0.1568-CVE-2021-3927.patch
  * vim-8.0.1568-CVE-2021-3928.patch
  * vim-8.0.1568-CVE-2021-3984.patch
  * vim-8.0.1568-CVE-2021-4019.patch
  * vim-8.0.1568-CVE-2021-4193.patch
  * vim-8.0.1568-CVE-2021-46059.patch
  * vim-8.0.1568-CVE-2022-0319.patch
  * vim-8.0.1568-CVE-2022-0351.patch
  * vim-8.0.1568-CVE-2022-0361.patch
  * vim-8.0.1568-CVE-2022-0413.patch
  * vim-8.0.1568-globalvimrc.patch
- Added patches:
  * vim-8.1.0297-dump3.patch
  * vim-8.2.2411-globalvimrc.patch
  * disable-unreliable-tests-arch.patch
- Updated patches:
  * disable-unreliable-tests.patch
  * vim-7.3-filetype_changes.patch
  * vim-7.3-filetype_ftl.patch
  * vim-7.3-filetype_spec.patch
  * vim-7.3-gvimrc_fontset.patch
  * vim-7.3-help_tags.patch
  * vim-7.3-mktemp_tutor.patch
  * vim-7.3-name_vimrc.patch
  * vim-7.3-sh_is_bash.patch
  * vim-7.3-use_awk.patch
  * vim-7.4-disable_lang_no.patch
  * vim-7.4-filetype_apparmor.patch
  * vim-7.4-filetype_mine.patch
  * vim-7.4-highlight_fstab.patch
  * vim-8.0-ttytype-test.patch
  * vim-8.0.1568-defaults.patch
  * vim73-no-static-libpython.patch
- Updated to version 8.2 with patch level 5038, fixes the following problems
  * Fixing bsc#1191770 VUL-0: CVE-2021-3875: vim: heap-based buffer overflow
  * Fixing bsc#1192167 VUL-0: CVE-2021-3903: vim: heap-based buffer overflow
  * Fixing bsc#1192902 VUL-0: CVE-2021-3968: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192903 VUL-0: CVE-2021-3973: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1192904 VUL-0: CVE-2021-3974: vim: vim is vulnerable to Use
    After Free
  * Fixing bsc#1193466 VUL-1: CVE-2021-4069: vim: use-after-free in ex_open()
    in src/ex_docmd.c
  * Fixing bsc#1193905 VUL-0: CVE-2021-4136: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1194093 VUL-1: CVE-2021-4166: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194216 VUL-1: CVE-2021-4193: vim: vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1194217 VUL-0: CVE-2021-4192: vim: vulnerable to Use After Free
  * Fixing bsc#1194872 VUL-0: CVE-2022-0261: vim: Heap-based Buffer Overflow
    in vim prior to 8.2.
  * Fixing bsc#1194885 VUL-0: CVE-2022-0213: vim: vim is vulnerable to
    Heap-based Buffer Overflow
  * Fixing bsc#1195004 VUL-0: CVE-2022-0318: vim: Heap-based Buffer Overflow in
    vim prior to 8.2.
  * Fixing bsc#1195203 VUL-0: CVE-2022-0359: vim: heap-based buffer overflow in
    init_ccline() in ex_getln.c
  * Fixing bsc#1195354 VUL-0: CVE-2022-0407: vim: Heap-based Buffer Overflow in
    Conda vim prior to 8.2.
  * Fixing bsc#1198596 VUL-0: CVE-2022-1381: vim: global heap buffer overflow
    in skip_range
  * Fixing bsc#1199331 VUL-0: CVE-2022-1616: vim: Use after free in
    append_command
  * Fixing bsc#1199333 VUL-0: CVE-2022-1619: vim: Heap-based Buffer Overflow in
    function cmdline_erase_chars
  * Fixing bsc#1199334 VUL-0: CVE-2022-1620: vim: NULL Pointer Dereference in
    function vim_regexec_string
  * Fixing bsc#1199747 VUL-0: CVE-2022-1796: vim: Use After in
    find_pattern_in_path
  * Fixing bsc#1200010 VUL-0: CVE-2022-1897: vim: Out-of-bounds Write in vim
  * Fixing bsc#1200011 VUL-0: CVE-2022-1898: vim: Use After Free in vim prior
    to 8.2
  * Fixing bsc#1200012 VUL-0: CVE-2022-1927: vim: Buffer Over-read in vim prior
    to 8.2
  * Fixing bsc#1070955 VUL-1: CVE-2017-17087: vim: Sets the group ownership of a
    .swp file to the editor's primary group, which allows local users to obtain
    sensitive information
  * Fixing bsc#1194388 VUL-1: CVE-2022-0128: vim: vim is vulnerable to
    Out-of-bounds Read
  * Fixing bsc#1195332 VUL-1: CVE-2022-0392: vim: Heap-based Buffer Overflow
    in vim prior to 8.2
  * Fixing bsc#1196361 VUL-1: CVE-2022-0696: vim: NULL Pointer Dereference in
    vim prior to 8.2
  * Fixing bsc#1198748 VUL-1: CVE-2022-1420: vim: Out-of-range Pointer Offset
  * Fixing bsc#1199651 VUL-1: CVE-2022-1735: vim: heap buffer overflow
  * Fixing bsc#1199655 VUL-1: CVE-2022-1733: vim: Heap-based Buffer Overflow in
    cindent.c
  * Fixing bsc#1199693 VUL-1: CVE-2022-1771: vim: stack exhaustion in vim prior
    to 8.2.
  * Fixing bsc#1199745 VUL-1: CVE-2022-1785: vim: Out-of-bounds Write
  * Fixing bsc#1199936 VUL-1: CVE-2022-1851: vim: out of bounds read
- Minimal fix for Bug 1195004 - (CVE-2022-0318) VUL-0: CVE-2022-0318: vim:
  Heap-based Buffer Overflow in vim prior to 8.2.
  / vim-8.0.1568-CVE-2022-0413.patch
- Fixing bsc#1190570 CVE-2021-3796: vim: use-after-free in nv_replace() in
  normal.c / vim-8.0.1568-CVE-2021-3796.patch
- Fixing bsc#1191893 CVE-2021-3872: vim: heap-based buffer overflow in
  win_redr_status() drawscreen.c / vim-8.0.1568-CVE-2021-3872.patch
- Fixing bsc#1192481 CVE-2021-3927: vim: vim is vulnerable to
  Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-3927.patch
- Fixing bsc#1192478 CVE-2021-3928: vim: vim is vulnerable to
  Stack-based Buffer Overflow / vim-8.0.1568-CVE-2021-3928.patch
- Fixing bsc#1193294 CVE-2021-4019: vim: vim is vulnerable to
  Heap-based Buffer Overflow / vim-8.0.1568-CVE-2021-4019.patch
- Fixing bsc#1193298 CVE-2021-3984: vim: illegal memory access when C-indenting
  could lead to Heap Buffer Overflow / vim-8.0.1568-CVE-2021-3984.patch
- Fixing bsc#1190533 CVE-2021-3778: vim: Heap-based Buffer Overflow in regexp_nfa.c
  / vim-8.0.1568-CVE-2021-3778.patch
- Fixing bsc#1194216 CVE-2021-4193: vim: vulnerable to Out-of-bounds Read
  / vim-8.0.1568-CVE-2021-4193.patch
- Fixing bsc#1194556 CVE-2021-46059: vim: A Pointer Dereference vulnerability
  exists in Vim 8.2.3883 via the vim_regexec_multi function at regexp.c, which
  causes a denial of service. / vim-8.0.1568-CVE-2021-46059.patch
- Fixing bsc#1195066 CVE-2022-0319: vim: Out-of-bounds Read in vim/vim
  prior to 8.2. / vim-8.0.1568-CVE-2022-0319.patch
- Fixing bsc#1195126 CVE-2022-0351: vim: uncontrolled recursion in eval7()
  / vim-8.0.1568-CVE-2022-0351.patch
- Fixing bsc#1195202 CVE-2022-0361: vim: Heap-based Buffer Overflow in vim
  prior to 8.2. / vim-8.0.1568-CVE-2022-0361.patch
- Fixing bsc#1195356 CVE-2022-0413: vim: use after free in src/ex_cmds.c
  / vim-8.0.1568-CVE-2022-0413.patch
xen
- bsc#1203806 - VUL-0: CVE-2022-33746: xen: P2M pool freeing may
  take excessively long (XSA-410)
  xsa410-01.patch
  xsa410-02.patch
  xsa410-03.patch
  xsa410-04.patch
  xsa410-05.patch
  xsa410-06.patch
  xsa410-07.patch
  xsa410-08.patch
  xsa410-09.patch
  xsa410-10.patch
- bsc#1203807 - VUL-0: CVE-2022-33748: xen: lock order inversion in
  transitive grant copy handling (XSA-411)
  xsa411.patch
- bsc#1197081 - dom0 fails to boot with constrained vcpus and nodes
  62f4cfee-sched-setup-dom0-vCPU-affinity-once.patch
- Upstream bug fixes (bsc#1027519)
  62d65105-x86-spec-ctrl-MD_CLEAR-reporting.patch
  62d807c1-x86-suppress-MMX.patch
  62ecfc08-VMX-use-IST-RSB-protection.patch
  62f27ebd-x86-expose-more-MSR_ARCH_CAPS-to-hwdom.patch
  62f51e16-x86-spec-ctrl-enum-PBRSB_NO.patch
  62f523da-AMD-setup_force_cpu_cap-BSP-only.patch
- bsc#1200762 - VUL-0: CVE-2022-26365,CVE-2022-33740,
  CVE-2022-33741,CVE-2022-33742: xen: Linux disk/nic frontends data
  leaks (XSA-403)
  xsa403.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
  62dfe40a-x86-mm-gpt-TLB-flush-condition.patch
- Drop patch replaced by upstream version
  xsa408.patch
- bsc#1185104 - VUL-0: CVE-2021-28689: xen: x86: Speculative
  vulnerabilities with bare (non-shim) 32-bit PV guests (XSA-370)
  Part of already released 4.14.5 tarball
- bsc#1167608, bsc#1201631 - fix built-in default of max_event_channels
  A previous change to the built-in default had a logic error,
  effectively restoring the upstream limit of 1023 channels per domU.
  Fix the logic to calculate the default based on the number of vcpus.
  adjust libxl.max_event_channels.patch
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
  in typeref acquisition
  62a1e594-x86-clean-up-_get_page_type.patch
  62a1e5b0-x86-ABAC-race-in-_get_page_type.patch
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
  62a1e5d2-x86-introduce-_PAGE_-for-mem-types.patch
  62a1e5f0-x86-dont-change-cacheability-of-directmap.patch
  62a1e60e-x86-split-cache_flush-out-of-cache_writeback.patch
  62a1e62b-x86-AMD-work-around-CLFLUSH-ordering.patch
  62a1e649-x86-track-and-flush-non-coherent.patch
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
  xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
  62ab0fab-x86-spec-ctrl-VERW-flushing-runtime-cond.patch
  62ab0fac-x86-spec-ctrl-enum-for-MMIO-Stale-Data.patch
  62ab0fad-x86-spec-ctrl-add-unpriv-mmio.patch
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
  xen: retbleed - arbitrary speculative code execution with return
  instructions (XSA-407)
  62cc31ee-cmdline-extend-parse_boolean.patch
  62cc31ef-x86-spec-ctrl-fine-grained-cmdline-subopts.patch
  62cd91d0-x86-spec-ctrl-rework-context-switching.patch
  62cd91d1-x86-spec-ctrl-rename-SCF_ist_wrmsr.patch
  62cd91d2-x86-spec-ctrl-rename-opt_ibpb.patch
  62cd91d3-x86-spec-ctrl-rework-SPEC_CTRL_ENTRY_FROM_INTR_IST.patch
  62cd91d4-x86-spec-ctrl-IBPB-on-entry.patch
  62cd91d5-x86-cpuid-BTC_NO-enum.patch
  62cd91d6-x86-spec-ctrl-enable-Zen2-chickenbit.patch
  62cd91d7-x86-spec-ctrl-mitigate-Branch-Type-Confusion.patch
- Upstream bug fixes (bsc#1027519)
  62bdd840-x86-spec-ctrl-only-adjust-idle-with-legacy-IBRS.patch
  62bdd841-x86-spec-ctrl-knobs-for-STIBP-and-PSFD.patch
- Drop patches replaced by upstream versions
  xsa401-1.patch
  xsa401-2.patch
  xsa402-1.patch
  xsa402-2.patch
  xsa402-3.patch
  xsa402-4.patch
  xsa402-5.patch
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
  xsa408.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
  fix xsa402-5.patch
- Upstream bug fixes (bsc#1027519)
  625fca42-VT-d-reserved-CAP-ND.patch
  627549d6-IO-shutdown-race.patch
- bsc#1199965 - VUL-0: EMBARGOED: CVE-2022-26362: xen: Race condition
  in typeref acquisition
  xsa401-1.patch
  xsa401-2.patch
- bsc#1199966 - VUL-0: EMBARGOED: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
  xsa402-1.patch
  xsa402-2.patch
  xsa402-3.patch
  xsa402-4.patch
  xsa402-5.patch
- Update to Xen 4.14.5 bug fix release (bsc#1027519)
  xen-4.14.5-testing-src.tar.bz2
- Drop patches contained in new tarball
  60782745-x86-AMD-split-LFENCE-setup.patch
  6081bae4-x86-cpuid-LFENCE-always-serialising.patch
  61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
  61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
  61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
  61f933a4-x86-cpuid-advertise-SSB_NO.patch
  61f933a5-x86-drop-use_spec_ctrl-boolean.patch
  61f933a6-x86-new-has_spec_ctrl-boolean.patch
  61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
  61f933a8-x86-SPEC_CTRL-record-last-write.patch
  61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
  61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
  61f933ab-x86-AMD-SPEC_CTRL-infra.patch
  61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
  61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
  6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
  6202afa4-x86-TSX-move-has_rtm_always_abort.patch
  6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
  6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
  6202afa8-x86-Intel-PSFD-for-guests.patch
  62278667-Arm-introduce-new-processors.patch
  62278668-Arm-move-errata-CSV2-check-earlier.patch
  62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
  6227866a-Arm-Spectre-BHB-handling.patch
  6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
  6227866c-x86-AMD-cease-using-thunk-lfence.patch
  624ebcef-VT-d-dont-needlessly-look-up-DID.patch
  624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
  624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
  xsa397.patch
  xsa399.patch
  xsa400-01.patch
  xsa400-02.patch
  xsa400-03.patch
  xsa400-04.patch
  xsa400-05.patch
  xsa400-06.patch
  xsa400-07.patch
  xsa400-08.patch
  xsa400-09.patch
  xsa400-10.patch
  xsa400-11.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
  CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
  map (AMD-Vi) handling issues (XSA-400)
  624ebcef-VT-d-dont-needlessly-look-up-DID.patch
  624ebd3b-VT-d-avoid-NULL-deref-on-dcmo-error-paths.patch
  624ebd74-VT-d-avoid-infinite-recursion-on-dcmo-error-path.patch
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
  between dirty vram tracking and paging log dirty hypercalls
  (XSA-397)
  xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
  cleanup (XSA-399)
  xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
  CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
  map (AMD-Vi) handling issues (XSA-400)
  xsa400-01.patch
  xsa400-02.patch
  xsa400-03.patch
  xsa400-04.patch
  xsa400-05.patch
  xsa400-06.patch
  xsa400-07.patch
  xsa400-08.patch
  xsa400-09.patch
  xsa400-10.patch
  xsa400-11.patch
- bsc#1196915 - VUL-0: CVE-2022-0001, CVE-2022-0002,CVE-2021-26401:
  xen: BHB speculation issues (XSA-398)
  62278667-Arm-introduce-new-processors.patch
  62278668-Arm-move-errata-CSV2-check-earlier.patch
  62278669-Arm-add-ECBHB-and-CLEARBHB-ID-fields.patch
  6227866a-Arm-Spectre-BHB-handling.patch
  6227866b-Arm-allow-SMCCC_ARCH_WORKAROUND_3-use.patch
  6227866c-x86-AMD-cease-using-thunk-lfence.patch
- bsc#1191668 - L3: issue around xl and virsh operation - virsh
  list not giving any output
  Replace
    libxl-dont-try-to-free-a-NULL-list-of-vcpus.patch
    libxl-dont-touch-nr_vcpus_out-if-listing-vcpus-and-returning-NULL.patch
  by upstream backport
    61f7b2af-libxl-dont-touch-nr_vcpus_out-if-listing.patch
- Upstream bug fixes (bsc#1027519)
  60782745-x86-AMD-split-LFENCE-setup.patch
  6081bae4-x86-cpuid-LFENCE-always-serialising.patch
  61f2d886-x86-CPUID-disentangle-new-leaves-logic.patch
  61f2d887-x86-CPUID-leaf-7-1-EBX-infra.patch
  61f2dd76-x86-SPEC_CTRL-migration-compatibility.patch
  61f933a4-x86-cpuid-advertise-SSB_NO.patch
  61f933a5-x86-drop-use_spec_ctrl-boolean.patch
  61f933a6-x86-new-has_spec_ctrl-boolean.patch
  61f933a7-x86-dont-use-spec_ctrl-enter-exit-for-S3.patch
  61f933a8-x86-SPEC_CTRL-record-last-write.patch
  61f933a9-x86-SPEC_CTRL-use-common-logic-for-AMD.patch
  61f933aa-SVM-SPEC_CTRL-entry-exit-logic.patch
  61f933ab-x86-AMD-SPEC_CTRL-infra.patch
  61f933ac-SVM-enable-MSR_SPEC_CTRL-for-guests.patch
  61f946a2-VMX-drop-SPEC_CTRL-load-on-VMEntry.patch
  6202afa3-x86-clean-up-MSR_MCU_OPT_CTRL-handling.patch
  6202afa4-x86-TSX-move-has_rtm_always_abort.patch
  6202afa5-x86-TSX-cope-with-deprecation-on-WHL-R-CFL-R.patch
  6202afa7-x86-CPUID-leaf-7-2-EDX-infra.patch
  6202afa8-x86-Intel-PSFD-for-guests.patch
- Update to Xen 4.14.4 bug fix release (bsc#1027519)
  xen-4.14.4-testing-src.tar.bz2
- Drop patches contained in new tarball
  6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
  6138b7a2-x86-AMD-enum-speculative-hints.patch
  6138b7a3-x86-AMD-use-newer-SSBD.patch
  6139f1b1-x86-spec-ctrl-print-AMD-features.patch
  6148453b-VT-d-hidden-devices-unmap.patch
  6148455f-VT-d-PCI-segment-numbers-16-bits.patch
  61532102-PCI-bridge-with-subord-bus-0xFF.patch
  615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
  61655b5a-AMD-IOMMU-hidden-devices-flush.patch
  616d66bd-x86-HVM-cleanup-after-failed-viridian_vcpu_init.patch
  616e7cfe-x86-paging-restrict-paddr-width-reported.patch
  618289da-x86-shstk-fix-with-XPTI-active.patch
  619b7ac9-harden-assign_pages.patch
  619b8cb0-x86-PoD-misaligned-GFNs.patch
  619b8cb1-x86-PoD-intermediate-page-orders.patch
  619b8cb2-x86-P2M-set-partial-success.patch
  61b31d5c-x86-restrict-all-but-self-IPI.patch
  61b88e78-x86-CPUID-TSXLDTRK-definition.patch
  61bc429f-revert-hvmloader-PA-range-should-be-UC.patch
  61d5687a-x86-spec-ctrl-opt_srb_lock-default.patch
  xsa393.patch
  xsa394.patch
  xsa395.patch
  list not giving any output (see also bsc#1194267)
xkeyboard-config
- U_Add-the-new-AZERTY-layout-norm-NF-Z71-300.patch
  * Backport French standardized AZERTY layout (AFNOR: NF Z71-300)
    (bsc#1188867)
xz
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
  (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
  * bsc1198062.patch
yaml-cpp
- Fix CVE-2018-20573 The Scanner:EnsureTokensInQueue function in yaml-cpp
  allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20573, bsc#1121227)
- Fix CVE-2018-20574 The SingleDocParser:HandleFlowMap function in
  yaml-cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2018-20574, bsc#1121230)
- Fix CVE-2019-6285 The SingleDocParser::HandleFlowSequence function in
  cpp allows remote attackers to cause DOS via a crafted YAML file
  (CVE-2019-6285, bsc#1122004)
- Fix CVE-2019-6292 An issue was discovered in singledocparser.cpp in
  yaml-cpp which cause DOS by stack consumption
  (CVE-2019-6292, bsc#1122021)
- Added patch cve-2018-20574.patch
yast2
- Fixed refreshing old repositories during system upgrade
  (bsc#1196120, similar to bsc#1190228)
- 4.3.69
- do not strip surrounding white space in CDATA XML elements (bsc#1195910)
- 4.3.68
- do not strip trailing white space in XML elements (bsc#1195910)
- 4.3.67
yast2-audit-laf
- Set the name of the auto client in the desktop file
  (bsc#1196590).
- 4.3.2
yast2-bootloader
- AutoYaST: do not clone device for hibernation and also check
  during autoinstallation if device for hibernation exists and if
  not then use proposed one. (bsc#1187690 and bsc#1197192)
- 4.3.31
yast2-country
- Fixed passing multiple arguments to "/localectl set-locale"/
  (bsc#1177863)
- 4.3.19
yast2-installation
- Revert changes introduced in v4.3.50 as it produces some ordering
  cycle issues (bsc#1198294)
- 4.3.52
- AutoYaST: move custom file creation past user creation so that
  the element files/file/file_owner actually has an effect
  (bsc#1196595)
- 4.3.51
- Do not stop xvnc.socket but run the YaST2-Second-Stage and
  YaST2-Firsboot services before it in order to prevent early
  vnc connections (bsc#1197265)
-4.3.50
- Run the YaST2-Second-Stage and YaST2-Firsboot services after
  purge-kernels to prevent a zypper lock error message
  (bsc#1196431).
- 4.3.49
- Prevent getty auto-generation because it makes xvnc to fail when
  it is started in YaST second stage (bsc#1196614).
- 4.3.48
- Avoid terminal login prompt when running Second Stage service
  (bsc#1196594 and related to bsc#1195059).
- 4.3.47
- Modified Second Stage service dependencies fixing a root login
  systemd timeout when installing with ssh (bsc#1195059)
- 4.3.46
- Do not create a Btrfs snapshot at the end of the installation
  or upgrade when the root filesystem is mounted as read-only
  (jsc#SLE-22560).
- 4.3.45
yast2-network
- CFA NM: replace problematic characters when getting the filename
  for the given wireless configuration (bsc#1199451).
- 4.3.82
yast2-packager
- do not keep file handle to repo metadata open accidentally (bsc#1196061)
- 4.3.26
yast2-samba-client
- Use translation macro for range settings expert details text;
  (bsc#1197936).
- 4.3.5
yast2-sap-ha
- YaST2 sap_ha tool does not allow digits at the beginning of site names
  (bsc#1200427)
- 1.0.15
- Introduce a new function refresh_all_proposals.
  This reads the proposal for the modules watchdog and fence.
  This is neccessary when reading an earlier configuration.
- Use .gsub instead of File.basename to find all modules files.
  Replace tab with spaces.
  (bsc#1197290)
- 1.0.14
- system/watchdog.rb searches watchdog modules with .ko extension
  but we ship .ko.xz  (bsc#1197290)
- 1.0.13
- softdog missing in Yast while configuring HA for SAP Products
  (bsc#1199029)
- 1.0.12
- kmod-compat has broken dependencies (bsc#1186618)
  Update requirement
- 1.0.11
- "/SUSE SAP HA Yast wizard for HANA doesn´t configure the HANA hooks.
  (bsc#1190774)
  Add SAPHanaSR via global.ini as proposed in
  https://documentation.suse.com/sbp/all/html/SLES4SAP-hana-sr-guide-PerfOpt-15/index.html#id-1.10.6.6"/
- 1.0.10
- bsc#1158843 hana-*: Broken gettext support
- 1.0.9
yast2-schema
- Fix rules validation when using a dialog (bsc#1199165).
- 4.3.29
- Added fcoe-client schema (bsc#1194895)
- 4.3.28
yast2-storage-ng
- Fix fstab entry filesystem matching allowing the use of quotes
  surrounding the device UUID or label (bsc#1197692)
- 4.3.60
yast2-update
- Use the "/norecovery"/ mount option when searching the root
  partitions (bsc#1195894)
- 4.3.4
zlib
- Fix heap-based buffer over-read or buffer overflow in inflate via
  large gzip header extra field (bsc#1202175, CVE-2022-37434,
  CVE-2022-37434-extra-header-1.patch,
  CVE-2022-37434-extra-header-2.patch).
- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
  * bsc1197459.patch
zsh
- Added CVE-2019-20044.patch: fixes insecure dropping of privileges when
  unsetting PRIVILEGED option (CVE-2019-20044 bsc#1163882)
- Added CVE-2021-45444.patch: fixes a vulnerability in prompt expansion which
  could be exploited through e.g.  VCS_Info to execute arbitrary shell
  commands (CVE-2021-45444 bsc#1196435)
zypp-plugin

      
zypper
- BuildRequires:  libzypp-devel >= 17.31.2.
- Fix --[no]-allow-vendor-change feedback in install command
  (bsc#1201972)
- version 1.14.57
- UsrEtc: Store logrotate files in %{_distconfdir} if defined
  (fixes #441, fixes #444)
- Remove unneeded code to compute the PPP status.
  Since libzypp 17.23.0 the PPP status is auto established. No
  extra solver run is needed.
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Fix tests to use locale "/C.UTF-8"/ rather than "/en_US"/.
- Fix man page (fixes #451)
- version 1.14.56
- lr: Allow shortening the Name column if table is wider than the
  terminal (bsc#1201638)
- Don't accepts install/remove modifier without argument
  (bsc#1201576)
- zypper-download: Set correct ExitInfoCode when failing to
  resolve argument.
- zypper-download: Handle unresolvable arguments as error.
  This commit changes zypper-download such that it behaves more
  consistent to zypper-install when an argument can't be resolved.
- version 1.14.55
- Fix building with GCC 13 (fixes #448)
- Put signing key supplying repository name in quotes.
- version 1.14.54
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
  compared.
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
  whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
  insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52