avahi
- Add avahi-CVE-2023-1981.patch: emit error if requested service
  is not found (boo#1210328 CVE-2023-1981).
- switch to use _multibuild
- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete
- use https urls
containerd
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.19>
  Includes fixes for:
  - CVE-2023-25153 bsc#1208423
  - CVE-2023-25173 bsc#1208426
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
cups
- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
  improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
  that fixes bsc#1191467, bsc#1198932:
  "/lpr reports 'No such file or directory' for missing catalogue files"/
  "//usr/bin/lpr: No such file or directory"/
- after-network_target-sssd_service.patch
  is derived from https://github.com/apple/cups/issues/5550 with its
  https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
  and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
  to add "/After=network.target sssd.service"/ to the systemd unit
  source files cupsd.service.in and cups.cups-lpdAT.service.in
  to fix bsc#1201234, bsc#1200321:
  "/Missing network dependency in systemd unit for cups-2.2.7"/
  "/CUPS may not always start if sssd is in use"/
- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
  is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
  which belongs to https://github.com/OpenPrinting/cups/issues/308
  that fixes bsc#1191525, bsc#1203446:
  "/Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"/
  "//usr/bin/lpr: Error - The printer or class does not exist."/
dmidecode
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
  which would prevent root from using the --from-dump option since
  the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
  Clean up function dmi_table so that it does only one thing
  (bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
  - -dump-bin is used, write the whole dump file at once, instead of
  opening and closing the file separately for the table and then
  for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
  Make sure that the file passed to option --dump-bin does not
  already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
  check on the type of the mem device file we are asked to read
  from, if we are root (bsc#1210418).
  3 recommended fixes from upstream:
- dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a
  user-visible string.
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
  the SMBIOS entry point is long enough to include all the fields
  we need.
- dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode
  the last field of HPE OEM record type 237.
dracut
- Update to version 055+suse.335.gccf7fbc6:
  * feat(lvm): always include all drivers that LVM can use (bsc#1206195)
  * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439)
glib2
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
  Backported from upstream to fix regression on s390x.
  (bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
  from upstream to fix normal form handling in GVariant.
  (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
  glgo#GNOME/glib!3125)
grub2
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
  (bsc#1209234)
  * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
  (bsc#1187810) (bsc#1209667) (bsc#1209372)
  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
  btrfs filesystem. (bsc#1209165)
  * grub2-btrfs-05-grub2-mkconfig.patch
- Make grub more robust against storage race condition causing system boot
  failures (bsc#1189036)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
haveged
- Synchronize haveged instances during switching root (bsc#1203079)
  * Add haveged-switch-root.patch
hwdata
- update to 0.368:
  * Update pci, usb and vendor ids
- update to 0.367:
  * Update pci, usb and vendor ids
- update to 0.366:
  * Update pci, usb and vendor ids
kernel-default
- mm: take a page reference when removing device exclusive entries
  (bsc#1211025).
- commit fd0cc4f
- Update
  patches.suse/perf-Fix-check-before-add_event_to_groups-in-perf_group_detach.patch
  (git fixes, bsc#1210986, CVE-2023-2235).
- commit c5399e7
- blacklist.conf: Exclude unrelated kconfig patch
- commit 2595126
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit f115e36
- locking/rwbase: Mitigate indefinite writer starvation.
  Move out of sorted as the patch has moved within the tip tree.
- commit 0ba915d
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
  (git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused
  (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current
  time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program
  prototype (git-fixes).
- commit 4f6ef5f
- power: supply: generic-adc-battery: fix unit scaling
  (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if'
  match (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src
  to reparent (git-fixes).
- clk: add missing of_node_put() in "/assigned-clocks"/ property
  parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in
  davinci_timer_register when init fails (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
  (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
  (git-fixes).
- selftests/kselftest/runner/run_one(): allow running
  non-executable files (git-fixes).
- commit fc18250
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: callback request does not use correct credential for
  AUTH_SYS (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- nfsd: call op_release, even when op_func returns an error
  (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
  (git-fixes).
- commit aa8b700
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992
  CVE-2022-2196).
- commit 2cab1a4
- nvme: send Identify with CNS 06h only to I/O controllers
  (bsc#1209693).
- commit fe51de7
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
  (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches
  (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation
  logic (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in
  unrecoverable state (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with
  no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before
  completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if
  aborted (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when
  unloading driver (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their
  list removal (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer
  overflow (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks
  (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to
  fc_host_fpin_rcv() (bsc#1210943).
- commit 7354766
- ACPI: CPPC: Disable FIE if registers in PCC regions
  (bsc#1210953).
- cpufreq: CPPC: Fix build error without
  CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- commit 5d50d5f
- keys: Fix linking a duplicate key to a keyring's assoc_array
  (bsc#1207088).
- commit 52b6749
- virtio_ring: don't update event idx on get_buf (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property
  (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF
  (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- driver core: Don't require dynamic_debug for initcall_debug
  probe timing (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
  (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  rtw_scan_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  _rtw_join_timeout_handler() (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended
  size (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
  (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in
  renesas_usb3_remove due to race condition (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event
  (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling
  (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on
  error path (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations
  (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Don't skip cleanup in remove's error path (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location
  (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config
  (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match
  (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and
  device_lock (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery
  (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device
  (git-fixes).
- commit 30ae662
- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
  The target code is only for testing and there are no external users.
- commit a8c10fa
- blacklist.conf: add nvme git-fixes
- commit be17720
- Update
  patches.suse/net-mlx5-DR-Fix-NULL-vs-IS_ERR-checking-in-dr_domain.patch
  (jsc#SLE-19253 bsc#1208845 CVE-2023-23006).
  Added CVE reference.
- commit 53f1f7b
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- commit da2e21e
- ext4: use ext4_journal_start/stop for fast commit transactions
  (bsc#1210793).
  Refresh patches.suse/ext4-fast-commit-may-not-fallback-for-ineligible-com.patch
  patches.suse/ext4-fix-fallocate-to-use-file_modified-to-update-pe.patch
  patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
- commit b470a11
- nvme-fcloop: fix "/inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W}
  usage"/ (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller
  (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling
  (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- commit da5f4d4
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
  (bsc#1210816).
- signal: Don't always set SA_IMMUTABLE for forced signals
  (bsc#1210816).
- commit 1d55fab
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
  (git-fixes).
- Revert "/Bluetooth: btsdio: fix use after free bug in
  btsdio_remove due to unfinished work"/ (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent
  rx/status calls (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
  (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective
  (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error
  (git-fixes).
- wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported
  protocols (git-fixes).
- wifi: iwlwifi: trans: don't trigger d3 interrupt twice
  (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
  (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init
  and napi_enable (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath5k: fix an off by one check in
  ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs
  (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_pwr_seq_parser() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older
  firmware (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode
  (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure
  (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks
  (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
  (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
  (git-fixes).
- commit ce41906
- nvmet: force reconnect when number of queue changes (git-fixes).
- commit 4fecb2d
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
  (bsc#1194869).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- amdgpu: disable powerpc support for the newer display engine
  (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- commit a05fdb3
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on
  a HP platform (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle
  and lock (git-fixes).
- commit 94a71e8
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support
  for HP Laptops (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-2ae147d643d3.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-9fdc1605c504.patch.
- commit d95e43b
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- commit fa425c8
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvmet: don't defer passthrough commands with trivial effects
  to the workqueue (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem
  (git-fixes).
- nvme: fix SRCU protection of nvme_ns_head list (git-fixes).
  Refresh:
  - patches.suse/nvme-multipath-skip-not-ready-namespaces-when-revalidating.patch
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a
  controller under memory pressure (git-fixes).
- nvmet: fix invalid memory reference in
  nvmet_subsys_attr_qid_max_show (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
  (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA
  access (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvmet: add helpers to set the result field for connect commands
  (git-fixes).
- nvmet-auth: don't try to cancel a non-initialized work_struct
  (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme
  devices (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time
  out (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again
  (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key()
  (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
  (git-fixes).
- nvme: use command_id instead of req->tag in
  trace_nvme_complete_rq() (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation
  (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: set dma alignment to dword (git-fixes).
- nvme: fix the read-only state for zoned namespaces with
  unsupposed features (git-fixes).
- nvmet: revert "/nvmet: make discovery NQN configurable"/
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-expose-max-queues-to-configfs.patch
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
  (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvmet: looks at the passthrough controller when initializing
  CAP (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- commit 11db83e
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- commit 8544568
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y
  YM-2151E (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring
  polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is
  read-write (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error
  (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for
  data (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two
  (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies
  (git-fixes).
- regulator: core: Consistently set mutex_owner when using
  ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on
  by time since booted (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due
  to race condition (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to
  race condition (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove
  (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder()
  (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
  (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
  (git-fixes).
- commit 28cddd0
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy
  (git-fixes).
- commit 0730fed
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active
  to release shared resources (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment
  (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
  (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot
  (git-fixes).
- commit f201efd
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
  (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to
  silence known override-init warnings (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and
  adv7535 (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one
  (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- commit df8d449
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address
  from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from
  PMI8994 regulator (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
  (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
  (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
  (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
  (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP
  table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP
  table (git-fixes).
- commit 94ce2fb
- nvme: copy firmware_rev on each init (git-fixes).
- commit e5addae
- Update References
  patches.suse/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch
  (git-fixes, bsc#1209871, CVE-2023-1670).
- commit fad389c
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
  cpuset_cancel_attach() (bsc#1210827).
- commit cd76825
- blacklist.conf:
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- commit 5eafca7
- blacklist.conf: Add adb8213014b2 mm: memcg: fix stale protection of reclaim target memcg
- commit 3fa74a9
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- commit c871759
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
  changed (bsc#1210816).
- commit f20434b
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature
  (git-fixes).
- selinux: ensure av_permissions.h is built when needed
  (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- commit 0854c0e
- powerpc/papr_scm: Update the NUMA distance table for the
  target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
  code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
- commit 7bab4e8
- Update tags
  patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch.
- commit 90e3245
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit d6c6801
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 4e476eb
- udf: Support splicing to file (bsc#1210770).
- commit d2cfd5b
- writeback, cgroup: fix null-ptr-deref write in
  bdi_split_work_to_wbs (bsc#1210769).
- commit 036cbcd
- mm/filemap: fix page end in filemap_get_read_batch
  (bsc#1210768).
- commit 48f3bbb
- ext4: fix another off-by-one fsmap error on 1k block filesystems
  (bsc#1210767).
- commit 9bc20af
- ext4: fix RENAME_WHITEOUT handling for inline directories
  (bsc#1210766).
- commit 1ad1269
- ext4: fix cgroup writeback accounting with fs-layer encryption
  (bsc#1210765).
- commit 480dd33
- ext4: fix incorrect options show of original mount_opt and
  extend mount_opt2 (bsc#1210764).
- commit ec7e31c
- ext4: fix possible double unlock when moving a directory
  (bsc#1210763).
- commit 88434ef
- ext4: Fix deadlock during directory rename (bsc#1210763).
- commit 71130aa
- ext4: Fix possible corruption when moving a directory
  (bsc#1210763).
- commit 5d35ccf
- blacklist.conf: Blacklist 118901ad1f25
- commit 4dd3cc9
- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit aebc870
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- commit 57823aa
- Drivers: vmbus: Check for channel allocation before looking
  up relids (git-fixes).
- commit ab07682
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- commit 34b9f7a
- iio: light: tsl2772: fix reading proximity-diodes from device
  tree (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in
  at91_adc_allocate_trigger() (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
  (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- commit fa0048a
- Update
  patches.suse/NFSD-fix-problems-with-cleanup-on-errors-in-nfsd4_co.patch
  (git-fixes bsc#1210725).
- commit aab0dd8
- e1000e: Disable TSO on i219-LM card to increase speed
  (git-fixes).
- clk: sprd: set max_register according to mapping range
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in
  l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread
  (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X
  state in D3hot (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
  (git-fixes).
- power: supply: cros_usbpd: reclassify "/default case!"/ as debug
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book
  X90F (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk
  (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
  (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message
  (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
  (git-fixes).
- commit ba21d6e
- regulator: fan53555: Explicitly include bits header (git-fixes).
- commit 9852306
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler
  functional and performance backports)).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
  initialized (bsc#1155798 (CPU scheduler functional and
  performance backports)).
- sched/fair: Move calculate of avg_load to a better location
  (bsc#1155798 (CPU scheduler functional and performance
  backports)).
- commit 1c631df
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
  (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk
  (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- commit c742154
- x86/entry: Avoid very early RET (git-fixes).
- commit 7f33ce2
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit a844601
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- commit f5a41ba
- x86/entry: Don't call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro
  (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
  (git-fixes).
- x86/entry: Switch the stack after error_entry() returns
  (git-fixes).
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
  fails (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests
  (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
  (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
  (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- Refresh
  patches.suse/0010-KVM-x86-speculation-Disable-Fill-buffer-clear-within.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- stat: fix inconsistency between struct stat and struct
  compat_stat (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- commit fc2d705
- blacklist.conf: add some x86 git-fixes
- commit 67b8a58
- memstick: fix memory leak if card device is never registered
  (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
  (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the
  PHY node (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
  (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range
  (git-fixes).
- commit e50472a
- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
  bsc#1209615).
- commit c351e67
- supported.conf: support u_ether and libcomposite
  (jsc-PED#3750)
  This is necessary for g_ncm
  (for maintainance see jsc-PED#3759)
- commit 93dcc25
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- commit 96566e9
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- commit 048d3b4
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- commit e08b805
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- commit b64d8ba
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- commit c3ec287
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- commit 6a66ca6
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit b706955
- supported.conf: declaring usb_f_ncm supported as
  requested in (jsc#PED-3750)
  Support for the legacy functionality g_ncm is still
  under discussion
  (see jsc-PED#3200)
  For maintainance see (jsc#PED-3759)
- commit 2970881
- blacklist.conf: vsprintf: just a small code size optimization
- commit 11066c4
- blacklist.conf: fix for a feature which was not backported
- commit 40356f9
- blacklist.conf: needed just for a cleanup
- commit 2ad4085
- x86/speculation: Allow enabling STIBP with legacy IBRS
  (bsc#1210506 CVE-2023-1998).
- commit 43f265f
- Update patch reference for hwmon fix (CVE-2023-1855 bsc#1210202)
- commit 0565559
- cifs: fix negotiate context parsing (bsc#1210301).
- commit 6999463
- blacklist.conf: add perf git-fixes we are not taking
- commit affe5db
- perf/core: Fix the same task check in perf_event_set_output
  (git fixes).
- perf: Fix check before add_event_to_groups() in
  perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly
  invoked in perf_event_bpf_output (git fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling
  (git fixes).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc: declare unmodified attribute_group usages const
  (git-fixes).
- commit c25cc8c
- Update patch reference for power driver fix (CVE-2023-30772 bsc#1210329)
- commit d3db856
- sched/fair: Sanitize vruntime of entity being migrated
  (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed
  (bsc#1203325).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler
  functional and performance backports)).
- sched/numa: Stop an exhastive search if an idle core is found
  (bsc#1189999 (Scheduler functional and performance backports)).
- commit 24ed78f
- mm: page_alloc: skip regions with hugetlbfs pages when
  allocating 1G pages (bsc#1210034).
- commit 421448a
- i2c: ocores: generate stop condition after timeout in polling
  mode (git-fixes).
- commit 95ee80d
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
  (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
  (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in
  snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: emu10k1: don't create old pass-through playback device
  on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking
  (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
  (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG
  motherboard (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation
  (git-fixes).
- commit 4a758e5
- scsi: iscsi_tcp: Check that sock is valid before
  iscsi_set_param() (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
  (git-fixes).
- scsi: mpt3sas: Don't print sense pool info twice (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
  (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
  (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
  (git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
  (git-fixes).
- scsi: core: Fix a procfs host directory removal regression
  (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during
  revalidate (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240
  (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop
  (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
  (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value
  (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
  (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
  (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
  ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
  (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup()
  (git-fixes).
- scsi: libsas: Remove useless dev_list delete in
  sas_ex_discover_end_dev() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
  ipaddress (git-fixes).
- commit fce4b5b
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- scsi: iscsi_tcp: Fix UAF during logout when accessing the
  shost ipaddress (git-fixes).
- Refresh
  patches.kabi/kABI-fix-change-of-iscsi_host_remove-arguments.patch.
- commit dfafac0
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- Update
  patches.kabi/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch
  (kabi bsc#1210206).
  Fix kabi breakage.
- commit cf0ac3f
- Update CVE reference to
  patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
  (git-fixes bsc#1210454 CVE-2023-2019).
- commit 4e95d11
- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
  (git-fixes bsc#1210453 CVE-2023-2008).
- commit 62da89a
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication
  overflow (git-fixes).
- Revert "/pinctrl: amd: Disable and mask interrupts on resume"/
  (git-fixes).
- drm/armada: Fix a potential double free in an error handling
  path (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S
  (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
  (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in
  nilfs_segctor_thread() (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc
  (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards
  (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O
  cards (git-fixes).
- commit f9cf523
- scsi: hisi_sas: Set a port invalid only if there are no devices
  attached when refreshing port id (git-fixes).
- commit 5cdcc2b
- signal handling: don't use BUG_ON() for debugging (bsc#1210439).
- commit 3f10ae8
- Update
  patches.suse/scsi-core-Add-BLIST_NO_VPD_SIZE-for-some-VDASD.patch
  (git-fixes bsc#1203039), adding back the bug number reference.
- commit 2587a1f
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes
  bsc#1203039) (renamed now that it's upstgream)
- Refresh
  patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch.
- Refresh
  patches.kabi/kABI-fix-adding-another-field-to-scsi_device.patch.
- Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch.
- commit 14ff6ce
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
  (bsc#1210158).
- commit 5691022
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to
  a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into
  a helper (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in
  handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling
  (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time
  (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large
  enough (bsc#1209927).
- commit b35c5f2
- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- commit 2383449
- Update CVE reference to
  patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
  (git-fixes bsc#1210337 CVE-2023-1990).
- commit ddf99ea
- mtd: rawnand: meson: fix bitmask for length in command word
  (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking
  tRC_min (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
  (git-fixes).
- commit 6504d96
- tracing: Add trace_array_puts() to write into instance
  (git-fixes).
- commit 059865f
- blacklist.conf: add a not-relevant ftrace commit
- commit 2220417
- ftrace: Fix issue that 'direct->addr' not restored in
  modify_ftrace_direct() (git-fixes).
- commit 03fd814
- tracing: Free error logs of tracing instances (git-fixes).
- commit b4f001c
- tracing: Have tracing_snapshot_instance_cond() write errors
  to the appropriate instance (git-fixes).
- commit b3421ec
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- commit 46954c5
- ring-buffer: Fix race while reader and writer are on the same
  page (git-fixes).
- commit c740036
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- commit cb9e9b0
- mm: mmap: remove newline at the end of the trace (git-fixes).
- commit 01340e1
- tracing: Fix wrong return in kprobe_event_gen_test.c
  (git-fixes).
- commit f76dcf0
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- commit cdf6666
- kABI workaround for xhci (git-fixes).
- commit cbab93c
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
  (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit
  (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present
  (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete
  when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
  (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler
  (git-fixes).
- usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin
  assignment (git-fixes).
- xhci: Free the command allocated for setting LPM if we return
  early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough
  iommu (git-fixes).
- usb: xhci: tegra: fix sleep in atomic call (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- commit 3aae146
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it
  (git-fixes).
- commit b56644c
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- commit f336cd9
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT
  events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory
  access (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
  non-uploaded sta (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: cros-ec: Explicitly set .polarity in .get_state()
  (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
  (git-fixes).
- platform/x86: think-lmi: Clean up display of current_value on
  Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing
  ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current
  settings (git-fixes).
- commit a8eaaa9
- btrfs: fix race between quota disable and quota assign ioctls
  (CVE-2023-1611 bsc#1209687).
- commit dcf095c
- Update
  patches.suse/Fix-double-fget-in-vhost_net_set_backend.patch
  (git-fixes bsc#1210203 CVE-2023-1838).
  Added CVE reference.
- commit 39f99de
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report
  DMI table (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer
  (git-fixes).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
  (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
  (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
  (git-fixes).
- commit 83ef835
- blacklist.conf: b8ac29b40183 timekeeping: contribute wall clock to rng on time change
  Breaks kABI and not critical
- commit 3ea8922
- timers: Prevent union confusion from unexpected (git-fixes)
- commit 80b3ef6
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- commit 67d84fc
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- commit b77ea41
- ipv6: raw: Deduct extension header length in
  rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394).
- commit cab54ec
- Refresh
  patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch.
- commit c7b89ec
- blacklist.conf: cosmetic, not a fix
- commit 524a401
- Refresh
  patches.suse/HID-u2fzero-ignore-incomplete-packets-without-data.patch.
  added alternate commit ID
- commit d8e619b
- clocksource/drivers/mediatek: Optimize systimer irq clear flow
  on shutdown (git-fixes).
- commit 5ced514
- usb: ucsi: Fix ucsi->connector race (git-fixes).
- commit 513d457
- Define kernel-vanilla as source variant
  The vanilla_only macro is overloaded. It is used for determining if
  there should be two kernel sources built as well as for the purpose of
  determmioning if vanilla kernel should be used for kernel-obs-build.
  While the former can be determined at build time the latter needs to be
  baked into the spec file template. Separate the two while also making
  the latter more generic.
  $build_dtbs is enabled on every single rt and azure branch since 15.3
  when the setting was introduced, gate on the new $obs_build_variant
  setting as well.
- commit 36ba909
- USB: fotg210: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 632f169
- Refresh
  patches.suse/drm-amd-display-Fail-atomic_check-early-on-normalize.patch
  (git-fixes)
  Alt-commit
- commit ceb3eab
- Refresh
  patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
  (git-fixes)
  Alt-commit
- commit c85372d
- Refresh
  patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch
  (git-fixes)
  Alt-commit
- commit e974612
- Refresh
  patches.suse/drm-amd-display-Fix-COLOR_SPACE_YCBCR2020_TYPE-matri.patch
  (git-fixes)
  Alt-commit
- commit 7941903
- Refresh
  patches.suse/drm-amd-display-Calculate-output_color_space-after-p.patch
  (git-fixes)
  Alt-commit
- commit 107d5d6
- scsi: qla2xxx: Synchronize the IOCB count to be in order
  (bsc#1209292 bsc#1209684 bsc#1209556).
- nvme-tcp: always fail a request when sending it failed
  (bsc#1208902).
- commit 8d76faa
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- commit edea1ec
- cifs: prevent infinite recursion in CIFSGetDFSRefer()
  (bsc#1193629).
- commit dd2e168
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- commit e5fbb85
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
  (bsc#1193629).
- commit 435fcff
- platform/x86: think-lmi: Use min_t() for comparison and
  assignment (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups
  (bsc#1210050).
- platform/x86: think-lmi: Certificate authentication support
  (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store()
  (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling
  a bit (bsc#1210050).
- platform/x86: think-lmi: Move kobject_init() call into
  tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- commit 49b6cc8
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
  It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness
  returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel
  platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT
  mode (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1
  machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second
  fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode
  on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported
  systems (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode
  transitions (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel
  platforms (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
  resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a
  number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks
  (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status
  return (bsc#1210050).
- platform/x86: thinkpad_acpi: Don't use test_bit on an integer
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about
  uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g
  (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform
  profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without
  a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to
  led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused
  sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing
  up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver
  attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after
  subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove "/goto err_exit"/ from
  hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in
  tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return
  - ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init()
  returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use
  dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow
  ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey()
  helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of
  safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode
  and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes
  (bsc#1210050).
- commit 9704026
- NFSv4: Fix hangs when recovering open state after a server
  reboot (git-fixes).
- commit bb218a4
- Input: alps - fix compatibility with -funsigned-char
  (bsc#1209805).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- commit 4704fd1
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
  (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- commit b056d1f
- ca8210: Fix unsigned mac_len comparison with zero in
  ca8210_skb_tx() (git-fixes).
- commit 1abdd92
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
  (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260
  (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops
  (git-fixes).
- commit 5254cf5
- remove "/PCI: hv: Use async probing to reduce boot time"/ (bsc#1207185).
- commit 9e80db8
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
  (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay
  (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
  (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100
  (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing
  (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo
  (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit
  and auto_clear_bit (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index`
  (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth
  (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters
  (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
  (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
  (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
  (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing
  (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm
  (git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending
  on it (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
  (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work
  function (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as
  threaded (git-fixes).
- ACPI: x86: utils: Add Cezanne to the list for forcing
  StorageD3Enable (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on
  ARCH_ASPEED (git-fixes).
- commit 182d88d
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- commit 2ca3471
- Fix error path in pci-hyperv to unlock the mutex state_lock
- commit 3898057
- lockd: set file_lock start and end when decoding nlm4 testargs
  (git-fixes).
- commit b3df611
- Delete
  patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch.
- Delete
  patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch.
  Again, delete patches causing bsc#1209798, which were restored by accident.
- commit bbfb5d1
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive
  instrumentation (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup()
  (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security
  mitigation switch (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/vmlinux.lds: Don't discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
  (bsc#1194869).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds
  (bsc#1194869).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries
  (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
  (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init()
  (bsc#1194869).
- commit 3d61390
- blacklist.conf: Add fix not needed in 5.14
  d80f6de9d601 powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
- commit 8fa612c
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 986d3dc
- net: asix: fix modprobe "/sysfs: cannot create duplicate
  filename"/ (git-fixes).
- commit f535630
- net: usb: asix: remove redundant assignment to variable reg
  (git-fixes).
- commit c20b71b
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit f6de603
- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 0b16baa
- powerpc/powernv/ioda: Skip unallocated resources when mapping
  to PE (bsc#1065729).
- commit 8723ead
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
  (bsc#1065729).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
  (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling
  (bsc#1109158 ltc#169177 git-fixes).
- commit 6122a0b
- Update
  patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch
  (bsc#1209256 CVE-2017-5753).
- commit e09128d
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 448e27d
- blacklist.conf: cleanup, not a fix
- commit 29c7dbf
- blacklist.conf: cleanup, not fix
- commit e3722ae
- blacklist.conf: documentation update of a little used driver only
- commit 9deed66
- blacklist.conf: documentation only
- commit de3860f
- s390/vfio-ap: fix memory leak in vfio_ap device driver
  (git-fixes).
- commit 8168fab
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally"/ (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
  (bsc#1207185).
- commit b4eeab5
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
  CVE-2023-28464).
- commit 8b25016
- smb3: fix unusable share after force unmount failure
  (bsc#1193629).
- commit 1091b58
- cifs: fix dentry lookups in directory handle cache
  (bsc#1193629).
- commit 663c78d
- smb3: lower default deferred close timeout to address perf
  regression (bsc#1193629).
- commit bb31b2c
- cifs: fix missing unload_nls() in smb2_reconnect()
  (bsc#1193629).
- commit 7a7c9a9
- cifs: avoid race conditions with parallel reconnects
  (bsc#1193629).
- commit e64476f
- cifs: append path to open_enter trace event (bsc#1193629).
- commit 2eff580
- cifs: print session id while listing open files (bsc#1193629).
- commit 851a108
- cifs: dump pending mids for all channels in DebugData
  (bsc#1193629).
- commit 6d11c27
- cifs: empty interface list when server doesn't support query
  interfaces (bsc#1193629).
- commit 9a0c2a5
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- commit 7762f86
- cifs: lock chan_lock outside match_session (bsc#1193629).
- commit 4cfd2c2
- cifs: check only tcon status on tcon related functions
  (bsc#1193629).
- commit 6e30684
- net: tls: fix possible race condition between
  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  (bsc#1209366 CVE-2023-28466).
- commit 3dab1fe
- s390/boot: simplify and fix kernel memory layout setup
  (bsc#1209600).
- blacklist.conf: remove 9a39abb7c9aa
- commit bbd2ed5
- s390/dasd: fix no record found for raw_track_access
  (bsc#1207574).
- commit f363675
- Update references in
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400 bsc#1209779 CVE-2023-1637).
- commit 87fc4f6
- Update references in
  patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
  (git-fixes bsc#1209788 CVE-2023-1652).
- commit f81ee89
- platform/x86: think-lmi: Add possible_values for ThinkStation
  (git-fixes).
- platform/x86: think-lmi: only display possible_values if
  available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters
  (git-fixes).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit
  (git-fixes).
- commit 0563887
- Revert "/Revert "/x86: link vdso and boot with -z noexecstack"/ (bsc#1209798)"/
  This reverts commit 26c6d5069004c3a470d53c3a53228ad5d44aa2a5.
- commit 4af196c
- Revert "/Revert "/Makefile: link with -z noexecstack --no-warn-rwx-segments"/ (bsc#1209798)"/
  This reverts commit 7db37fcbd312a083337d722b2c5543e6bf3a5c70.
- commit e9292ed
- Revert "/Makefile: link with -z noexecstack --no-warn-rwx-segments"/ (bsc#1209798)
  This reverts commit 34f9acb95470d2d2543e314cadd40a0e1c0ee6e1.
  It causes problems on aarch64:
  ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- commit 7db37fc
- Revert "/x86: link vdso and boot with -z noexecstack"/ (bsc#1209798)
  This reverts commit dc30142edffcbb9537e3cc47b176cb97109792c7.
  It causes problems on aarch64:
  ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- commit 26c6d50
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- commit 8f8bc2f
- xfs: pass the correct cursor to xfs_iomap_prealloc_size
  (git-fixes).
- commit 6692117
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- commit aa31e13
- blacklist.conf: Add da34a8484d16 mm: memcontrol: deprecate charge moving
- commit 6635ae8
- blacklist.conf: Add c91bdc935899 mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
- commit 61fff14
- blacklist.conf: Add dbb16df6443c Revert "/memcg: cleanup racy sum avoidance code"/
- commit 6069ccd
- blacklist.conf: Add 9b3016154c91 memcg: sync flush only if periodic flush is delayed
- commit b4b0020
- sched/psi: Fix use-after-free in ep_remove_wait_queue()
  (bsc#1209799).
- commit 40303b2
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 53c4e74
- lan78xx: Fix memory allocation bug (git-fixes).
- commit 8d1f2f9
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- commit 5612173
- lan78xx: Fix race conditions in suspend/resume handling
  (git-fixes).
- commit 27662e3
- lan78xx: Fix partial packet errors on suspend/resume
  (git-fixes).
- commit 6979f29
- lan78xx: Fix exception on link speed change (git-fixes).
- commit f7c495b
- lan78xx: Add missing return code checks (git-fixes).
- Refresh
  patches.suse/lan78xx-Enable-LEDs-and-auto-negotiation.patch.
- commit adb9750
- lan78xx: Remove unused pause frame queue (git-fixes).
- commit f843fdb
- lan78xx: Set flow control threshold to prevent packet loss
  (git-fixes).
- commit 6bbd43a
- lan78xx: Remove unused timer (git-fixes).
- commit 685aa9a
- lan78xx: Fix white space and style issues (git-fixes).
- commit 7f22f3d
- usb: dwc2: fix a devres leak in hw_enable upon suspend resume
  (git-fixes).
- usb: chipdea: core: fix return -EINVAL if request role is the
  same with current role (git-fixes).
- usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3
  driver (git-fixes).
- usb: cdns3: Fix issue with using incorrect PCI device function
  (git-fixes).
- usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- usb: typec: tcpm: fix warning when handle discover_identity
  message (git-fixes).
- usb: gadget: u_audio: don't let userspace block driver unbind
  (git-fixes).
- usb: dwc3: gadget: Add 1ms delay after end transfer command
  without IOC (git-fixes).
- usb: dwc3: Fix a typo in field name (git-fixes).
- usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
  (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 7d86b44
- hwmon: fix potential sensor registration fail if of_node is
  missing (git-fixes).
- commit 07bdfd9
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent
  (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox
  transport (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
  (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
  (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
  (git-fixes).
- power: supply: da9150: Fix use after free bug in
  da9150_charger_remove due to race condition (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection
  (git-fixes).
- drm/i915/active: Fix missing debug object activation
  (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
  (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from
  ioctl (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in
  xgene_slimpro_i2c_xfer() (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the
  transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags
  (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type
  (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD
  address (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to
  race condition (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop()
  (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
  (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit d23fee6
- Refresh
  patches.suse/arm64-Avoid-repeated-AA64MMFR1_EL1-register-read-on-.patch.
  Patch is merged upstream. Update headers.
- commit 1a36cd0
- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681)
  linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly,
  they dropped *-71.ucode, hence the workaround leads to the firmware load
  failure.  Drop the old workaround now.
- commit 7a74f9a
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- commit 7b4b228
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- commit 33ca96b
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- commit 6f82a6d
- blacklist.conf: ("/lockdep: Fix -Wunused-parameter for _THIS_IP_"/)
- commit a81781d
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- commit 3fb6c9b
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- commit 6bf0b7f
- Update
  patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
  (bsc#1209635 CVE-2022-4744 git-fixes).
  Added CVE reference.
- commit 730f781
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d75fe48
- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- commit aced962
- Delete patches.suse/trace-hwlat-make-use-of-the-helper-function-kthread_run_on_cpu.patch
  Cleanup commit ff78f6679d2e ("/trace/hwlat: make use of the helper
  function kthread_run_on_cpu()"/) was added to SLE15-SP4 to avoid
  a conflict when backporting 08697bca9bbb ("/trace/hwlat: Do not start
  per-cpu thread if it is already running"/). However, the needed helper
  function kthread_run_on_cpu() is missing in this codestream. The
  rt_debug config enables hwlat and then failed to build.
  Revert adding the cleanup patch and instead adjust context of
  patches.suse/trace-hwlat-Do-not-start-per-cpu-thread-if-it-is-already-running.patch.
- commit 86cbb00
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- commit 67abae4
- cifs: return DFS root session id in DebugData (bsc#1193629).
- commit cadd823
- cifs: fix use-after-free bug in refresh_cache_worker()
  (bsc#1193629).
- commit 596d51f
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- commit 8d91ba8
- cifs: generate signkey for the channel that's reconnecting
  (bsc#1193629).
- commit a188b7e
- cifs: Fix smb2_set_path_size() (git-fixes).
- commit 969e280
- cifs: Move the in_send statistic to __smb_send_rqst()
  (git-fixes).
- commit 9c6865d
- Refresh
  patches.suse/locking-rwbase-Mitigate-indefinite-writer-starvation.patch.
  Update patch metadata and move to sorted section.
- commit b2600c8
- fs/proc: task_mmu.c: don't read mapcount for migration entry
  (CVE-2023-1582, bsc#1209636).
- commit 7b0d6b1
- drm/i915/active: Fix misuse of non-idle barriers as fence
  trackers (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- commit d37a1a8
- Add the already cherry-picked id to a driver base patch
- commit c16d60a
- Add i915 revert on stable 5.15.y to blacklist
  It's fixed by the proper patch instead
- commit 23d11f5
- tty: serial: fsl_lpuart: skip waiting for transmission complete
  when UARTCTRL_SBK is asserted (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var()
  checks (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if
  genphy_read_status fails (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
  (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book2 Pro (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in
  vdpasim_queue_ready (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in
  CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of
  next command (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset
  (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at
  every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate
  plane damaged area (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2
  selective fetch enabled (git-fixes).
- commit f8f59a8
- drm/i915: Don't use BAR mappings for ring buffers with LLC
  (git-fixes).
- drm/i915: Don't use stolen memory for ring buffers with LLC
  (git-fixes).
- commit 60b6f88
- locking/rwbase: Mitigate indefinite writer starvation
  (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- commit ec97cf5
- blacklist.conf: kABI
- commit d693a6f
- blacklist.conf: changes exports to user space in a way that is not a bug
  fix
- commit f047586
- kconfig: Update config changed flag before calling callback
  (git-fixes).
- commit 4822afa
- drivers/base: Fix unsigned comparison to -1 in
  CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- commit 263387d
- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
  (bsc#1209290 CVE-2023-28327).
- commit dee84d8
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
  CVE-2017-5753).
- commit 35271d8
- drivers/base: fix userspace break from using bin_attributes
  for cpumap and cpulist (bsc#1208815).
- commit d8ec347
- keys: Do not cache key in task struct if key is requested from
  kernel thread (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel
  panic in skb_pull (git-fixes).
- commit 2977668
- KABI FIX FOR: NFSv4: keep state manager thread active if swap
  is enabled (Never, kabi).
- commit b299bd6
- SUNRPC: Fix a server shutdown leak (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- nfs4trace: fix state manager flag printing (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy
  (git-fixes).
- nfsd: fix race to check ls_layouts (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item
  (git-fixes).
- nfsd: zero out pointers after putting nfsd_files on COPY setup
  error (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
  (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
  (git-fixes).
- nfsd: shut down the NFSv4 state objects before the filecache
  (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
  failure (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking()
  (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery
  (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled
  (git-fixes).
- commit 4ee2a42
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 757cf27
- struct dwc3: mask new member (git-fixes).
- commit 29d28eb
- USB: dwc3: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 5d4bb23
- blacklist.conf: kABI
- commit 1170e89
- blacklist.conf: kABI
- commit fb6be59
- tracing/hwlat: Replace sched_setaffinity with
  set_cpus_allowed_ptr (git-fixes).
- commit 5dae012
- ring-buffer: remove obsolete comment for free_buffer_page()
  (git-fixes).
- commit e7730cf
- tracing: Make splice_read available again (git-fixes).
- commit 83c2809
- trace/hwlat: Do not start per-cpu thread if it is already
  running (git-fixes).
- commit b67192b
- trace/hwlat: make use of the helper function
  kthread_run_on_cpu() (git-fixes).
- commit 091a305
- trace/hwlat: Do not wipe the contents of per-cpu thread data
  (git-fixes).
- commit 907b256
- tracing: Make tracepoint lockdep check actually test something
  (git-fixes).
- commit b2e4082
- blacklist.conf: kABI
- commit 6922af5
- ftrace: Fix invalid address access in lookup_rec() when index
  is 0 (git-fixes).
- commit 59f3693
- tracing: Check field value in hist_field_name() (git-fixes).
- commit a92eb30
- tracing: Do not let histogram values have some modifiers
  (git-fixes).
- commit 2761bfa
- tracing: Add NULL checks for buffer in
  ring_buffer_free_read_page() (git-fixes).
- commit 1bf9381
- ring-buffer: Handle race between rb_move_tail and rb_check_pages
  (git-fixes).
- commit 94bd9c6
- blacklist.conf: add a not-relevant ftrace cleanup
- commit 57cd4dc
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- commit 6f9f252
- Update
  patches.suse/scsi-ufs-ufs-mediatek-Fix-error-checking-in-ufs_mtk_init_va09_pwr_ctrl
  Adding CVE and bsc reference (git-fixes CVE-2023-23001 bsc#1208829).
- commit 2128b6e
- fotg210-udc: Add missing completion handler (git-fixes).
- commit 6b598ac
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- commit 4c4d5c0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 146b5ac
- Refresh
  patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch.
  Fix build warning:
  .../amdgpu_dm/amdgpu_dm.c: In function 'amdgpu_dm_fini':
  .../amdgpu_dm/amdgpu_dm.c:1417:6: warning: unused variable 'i' [-Wunused-variable]
  int i;
    ^
- commit 25c8b43
- x86/msr: Remove .fixup usage (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- Refresh patches.suse/x86-futex-Remove-.fixup-usage.patch.
- commit c013cdd
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- commit b735f37
- x86/fpu/xsave: Handle compacted offsets correctly with
  supervisor states (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
  (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page
  (git-fixes).
- Refresh
  patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch.
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
  (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
  (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large
  enclaves (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
  (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Allow instrumentation during task work queueing
  (git-fixes).
- x86/uaccess: Move variable into switch case statement
  (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table
  (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with
  supervisor states (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
  (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page
  (git-fixes).
- Refresh
  patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch.
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
  (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
  (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large
  enclaves (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
  (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Allow instrumentation during task work queueing
  (git-fixes).
- x86/uaccess: Move variable into switch case statement
  (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table
  (git-fixes).
- commit cd115f3
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty
  list (bsc#1208602, git-fixes).
- commit 4b74bf5
- blacklist.conf: add some X86 ARCHITECTURE git-fixes
- commit 6e9c445
- xfs: convert ptag flags to unsigned (git-fixes).
- commit a339957
- xfs: don't leak btree cursor when insrec fails after a split
  (git-fixes).
- commit fb35824
- xfs: don't assert fail on perag references on teardown
  (git-fixes).
- commit d42b263
- xfs: zero inode fork buffer at allocation (git-fixes).
- commit e8b3335
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- commit 7e1512f
kexec-tools
- kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820).
libfastjson
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
  large JSON file (bsc#1171479)
  add 0001-Fix-CVE-2020-12762.patch
libxml2
- Security update:
  * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn't deterministic
  - Added patch libxml2-CVE-2023-29469.patch
  * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
    xmlSchemaFixupComplexType
  - Added patch libxml2-CVE-2023-28484-1.patch
  - Added patch libxml2-CVE-2023-28484-2.patch
- Remove unneeded dependency (bsc#1209918).
makedumpfile
- fix wrong free issue in init_xen_crash_info (bsc#1201209)
ncurses
- Modify patch ncurses-6.1.dif
  * Secure writing terminfo entries by setfs[gu]id in s[gu]id
    (boo#1210434, CVE-2023-29491)
  * Reading is done since 2000/01/17
openssh
- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
  This caused invalid and irrelevant environment assignments (bsc#1207014).
openssl-1_1
- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch
procps
- Add patch bsc1209122-a6c0795d.patch
  * Fix for bsc#1209122 to allow `-´ as leading character to ignore
    possible errors on systctl entries
runc
- Update to runc v1.1.5. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
  Includes fixes for the following CVEs:
  - CVE-2023-25809 bsc#1209884
  - CVE-2023-27561 bsc#1208962
  - CVE-2023-28642 bsc#1209888
  * Fix the inability to use `/dev/null` when inside a container.
  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
    (a regression in 1.1.1). bsc#1168481
  * Fix rare runc exec/enter unshare error on older kernels.
  * nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
shadow
- bsc#1210507 (CVE-2023-29383):
  Check for control characters
- Add shadow-CVE-2023-29383.patch
shim
- Updated shim.changes to add CVE-2022-28737 number for bsc#1198458.
  The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737)
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
  signature. When submit request on IBS for updating SLE shim, the submitreq
  project be generated, but it always be blocked by checking the signature
  of openSUSE shim.
  It doesn't make sense checking openSUSE shim signature when building
  SLE shim on SLE platform, and vice versa. So the following change adds the
  logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
  When and only when hash mismatch and distro_id match with suffix, stop
  building.
    [#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
    [#] when hash mismatch and distro_id match with suffix, stop building
- Upgrade shim-install for bsc#1210382
  After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
  uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
  CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
  so all files in /boot/efi/EFI/boot are not updated.
  The 86b73d1 patch added the logic that using ID field in os-release for
  checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
  Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
  86b73d1 Fix that bootx64.efi is not updated on Leap
  f2e8143 Use the long name to specify the grub2 key protector
  7283012 cryptodisk: support TPM authorized policies
  49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
  26c6bd5 Have grub take a snapshot of "/relevant"/ TPM PCRs
  5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
  a5c5734 Introduce --no-grub-install option
  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
supportutils-plugin-suse-public-cloud
- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during
    registration
suseconnect-ng
- Update to version 1.1.0~git0.e3c41e60892e:
  * Bump to v1.1.0
- Update to version 1.0.0~git23.406b219ccc9e:
  * Added MemTotal detection for HwInfo
  * move 'ExcludeArch' out of the if block
- Update to version 1.0.0~git19.b225bc3:
  * Make keepalive on SUMA systems exit without error (bsc#1207876)
  * Update README.md
  * Add deactivate API to ruby bindings (bsc#1202705)
- Update to version 1.0.0~git14.17a7901:
  * Don't write system_token to service credentials files
  * Allow non-root users to use --version
  * Add: ExcludeArch: %ix86 s390 ppc64 to the .spec file, so we skip builds for unsupported architectures.
  * Update Dockerfile.yast
  * Use openssl go for SLE and Leap 15.5+ builds
  * Fix keepalive feature notice during installation
  * Fix requires for all rhel clone distributions like alma, rocky...
systemd-rpm-macros
- Bump version to 12
- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not
  present as it's expected (bsc#1208079).
timezone
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
vim
- Updated to version 9.0 with patch level 1443, fixes the following security problems
  * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
  * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
  * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
  remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
zlib
- Add DFLTCC support for using inflate() with a small window,
  fixes bsc#1206513
  * bsc1206513.patch