- silence the output in the case of broken symlinks (bsc#1218232)
- Fix plugin termination when using systemd service units (bsc#1215377)
  * add auditd.service-fix-plugin-termination.patch
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
  - add coreutils-tail-fix-tailing-sysfs-files-where-PAGE_SIZE-BUFSIZ.patch
- Add patch to fix bsc#1220339
  * 0007-daemon-overlay2-remove-world-writable-permission-fro.patch
- rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
  * 0006-Vendor-in-latest-buildkit-v0.11-branch-including-CVE.patch

- Allow to disable apparmor support (ALP supports only SELinux)
- Update to version 055+suse.382.g80b55af2:
  * fix(dracut): correct regression with multiple `rd.break=` options (bsc#1221675)
  * fix(dracut-util): do not call `strcmp` if the `value` argument is NULL (bsc#1219841)
  * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485)
  * fix( skip README for AMD microcode generation (bsc#1217083)
- qsort-invalid-cmp.patch: qsort: handle degenerated compare function

- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
  EAI_MEMORY (bsc#1217589, BZ #31163)

- aarch64-rawmemchr-unwind.patch: aarch64: correct CFI in rawmemchr
  (bsc#1217445, BZ #31113)
- Update to version 1.0.7 (bsc#1219941)
  + Support root to be in a btrfs snapshot
  + 1.0.6 had different implementation for btrfs in snapshot support
- Fix memdisk becomes the default boot entry, resolving no graphic display
  device error in guest vnc console (bsc#1221779)
  * grub2-xen-pv-firmware.cfg

- Fix grub.xen memdisk script doesn't look for /boot/grub/grub.cfg
  (bsc#1219248) (bsc#1181762)
  * grub2-xen-pv-firmware.cfg
  * 0001-disk-Optimize-disk-iteration-by-moving-memdisk-to-th.patch
- KVM: x86: Export RFDS_NO and RFDS_CLEAR to guests (bsc#1213456 CVE-2023-28746).
- commit 7f00c86

- x86/rfds: Mitigate Register File Data Sampling (RFDS) (bsc#1213456 CVE-2023-28746).
- commit ee70608

- Documentation/hw-vuln: Add documentation for RFDS (bsc#1213456 CVE-2023-28746).
- commit c955133

- bpf: Fix re-attachment branch in bpf_tracing_prog_attach
  (bsc#1220254 CVE-2024-26591).
- commit fc948d3

- selftests/bpf: Add test for alu on PTR_TO_FLOW_KEYS (bsc#1220255
- bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255
- commit 8a833ce

- tls: fix race between tx work scheduling and socket close
  (CVE-2024-26585 bsc#1220187).
- commit 1306bff

- kabi: restore return type of dst_ops::gc() callback
  (CVE-2023-52340 bsc#1219295).
- ipv6: remove max_size check inline with ipv4 (CVE-2023-52340
- commit b8eec42

- netfilter: nf_tables: fix 64-bit load issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- netfilter: nf_tables: fix pointer math issue in
  nft_byteorder_eval() (CVE-2024-0607 bsc#1218915).
- commit e095cd0

- netfilter: nft_set_pipapo: skip inactive elements during set
  walk (CVE-2023-6817 bsc#1218195).
- commit 4032aa7

- tomoyo: fix UAF write bug in tomoyo_write_control() (bsc#1220825
- commit c8e5b38

- btrfs: fix double free of anonymous device after snapshot
  creation failure (bsc#1219126 CVE-2024-23850).
- commit 257a534

- btrfs: do not ASSERT() if the newly created subvolume already
  got read (bsc#1219126 CVE-2024-23850).
- commit a2ac581

- bpf: Minor cleanup around stack bounds (bsc#1220257
- bpf: Fix accesses to uninit stack slots (bsc#1220257
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
- bpf: Minor cleanup around stack bounds (bsc#1220257
- bpf: Fix accesses to uninit stack slots (bsc#1220257
- bpf: Add some comments to stack representation (bsc#1220257
- Refresh patches.kabi/kABI-fix-bpf-Tighten-ptr_to_btf_id-checks.patch
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Fix verification of indirect var-off stack access
- bpf: Minor logging improvement (bsc#1220257).
- commit 7d03125

- serial: 8250: omap: Don't skip resource freeing if
  pm_runtime_resume_and_get() failed (bsc#1220350 CVE-2023-52457).
- commit c82f528

- serial: imx: fix tx statemachine deadlock (bsc#1220364
- commit cd9f92c

- powerpc/pseries/memhp: Fix access beyond end of drmem array
- commit fdc7254

- Update patch reference for input fix (CVE-2021-46932 bsc#1220444)
- commit e44e0b1

- usb: dwc3: gadget: Ignore End Transfer delay on teardown
- Refresh
- commit 251cd08

- tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
- wifi: nl80211: reject iftype change with mesh ID change
- usb: dwc3: gadget: Don't disconnect if not started (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call
- usb: f_mass_storage: forbid async queue when shutdown happen
- usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- usb: dwc3: gadget: Queue PM runtime idle on disconnect event
- usb: dwc3: gadget: Handle EP0 request dequeuing properly
- usb: hub: Replace hardcoded quirk value with BIT() macro
- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for
  IT8784/IT8786 (git-fixes).
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift()
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices
- wifi: ath9k: Fix potential array-index-out-of-bounds read in
  ath9k_htc_txstatus() (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset
- wifi: iwlwifi: mvm: avoid baid size integer overflow
- wifi: wext-core: Fix -Wstringop-overflow warning in
  ioctl_standard_iw_point() (git-fixes).
- wifi: ath11k: fix registration of 6Ghz-only phy without the
  full channel range (git-fixes).
- usb: dwc3: gadget: Refactor EP0 forced stall/restart into a
  separate API (git-fixes).
- usb: dwc3: gadget: Submit endxfer command if delayed during
  disconnect (git-fixes).
- commit 8b4f9a3

- power: supply: bq27xxx-i2c: Do not free non existing IRQ
- mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
- mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
- mmc: core: Fix eMMC initialization with 1-bit bus connection
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read
- mtd: spinand: gigadevice: Fix the get ecc status issue
- nouveau: fix function cast warnings (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission
- mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
- regulator: pwm-regulator: Add validity checks in continuous
  .get_voltage (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the TECLAST X16
  Plus tablet (git-fixes).
- spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were
  detected (git-fixes).
- PCI: switchtec: Fix stdev_release() crash after surprise hot
  remove (git-fixes).
- PCI: Fix 64GT/s effective data rate calculation (git-fixes).
- PCI: Only override AMD USB controller if required (git-fixes).
- PCI/AER: Decode Requester ID when no error info found
- media: ddbridge: fix an error code problem in ddb_probe
- mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
- mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices
- pstore/ram: Fix crash when setting number of cpus to an odd
  number (git-fixes).
- PNP: ACPI: fix fortify warning (git-fixes).
- regulator: core: Only increment use_count when enable_count
  changes (git-fixes).
- PM: core: Remove unnecessary (void *) conversions (git-fixes).
- serial: 8250: Remove serial_rs485 sanitization from em485
- PM: runtime: Have devm_pm_runtime_enable() handle
  pm_runtime_dont_use_autosuspend() (git-fixes).
- commit 9894050

- gpio: fix resource unwinding order in error path (git-fixes).
- commit f4d7f82

- gpiolib: Fix the error path order in
  gpiochip_add_data_with_key() (git-fixes).
- commit 9367441

- Update patches.suse/i2c-Fix-a-potential-use-after-free.patch
  (git-fixes bsc#1220409 CVE-2019-25162).
  Add bug and CVE references.
- commit 6df4ebd

- Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and
  pm_sleep_ptr() (git-fixes).
- Refresh
- commit 7360a05

- i2c: imx: Add timer for handling the stop condition (git-fixes).
- Refresh
- commit 3a3d0f8

- gpio: 74x164: Enable output pins after registers are reset
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font()
- lan78xx: enable auto speed configuration for LAN7850 if no
  EEPROM is detected (git-fixes).
- i2c: imx: when being a target, mark the last read as processed
- i2c: i801: Fix block process call transactions (git-fixes).
- iio: hid-sensor-als: Return 0 for
- firewire: core: send bus reset promptly on gap count error
- efi: Don't add memblocks for soft-reserved memory (git-fixes).
- hwmon: (coretemp) Enlarge per package core count limit
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04
- fbdev: sis: Error out if pixclock equals zero (git-fixes).
- fbdev: savage: Error out if pixclock equals zero (git-fixes).
- libsubcmd: Fix memory leak in uniq() (git-fixes).
- iio: adc: ad7091r: Set alert bit in config register (git-fixes).
- i3c: master: cdns: Update maximum prescaler value for i2c clock
- leds: trigger: panic: Don't register panic notifier if creating
  the trigger failed (git-fixes).
- media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
- media: stk1160: Fixed high volume of stk1160_dbg messages
- i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
- HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
- HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
- commit 0f0032c

- dmaengine: ptdma: use consistent DMA masks (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
- Revert "drm/amd/pm: resolve reboot exception for si oland"
- drm/buddy: fix range bias (git-fixes).
- drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE
  flag is set (git-fixes).
- drm/ttm: Fix an invalid freeing on already freed page in error
  path (git-fixes).
- drm/amd/display: Preserve original aspect ratio in create stream
- Revert "drm/amd/display: increased min_dcfclk_mhz and
  min_fclk_mhz" (git-fixes).
- drm/prime: Support page array >= 4GB (git-fixes).
- efi: runtime: Fix potential overflow of soft-reserved region
  size (git-fixes).
- drm/amd/display: Increase frame-larger-than for all
  display_mode_vba files (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program GFXDEC registers for suspend abort
- dmaengine: fsl-qdma: Fix a memory leak related to the queue
  command DMA (git-fixes).
- dmaengine: ti: edma: Add some null pointer checks to the
  edma_probe (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- commit 61b82a0

- ALSA: Drop leftover snd-rtctimer stuff from Makefile
- ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
- Bluetooth: qca: Fix wrong event type for patch config command
- Bluetooth: Enforce validation on max value of connection
  interval (git-fixes).
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
- Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR
- Bluetooth: hci_sync: Fix accept_list when attempting to suspend
- Bluetooth: Avoid potential use-after-free in hci_error_reset
- Bluetooth: hci_sync: Check the correct flag before starting
  a scan (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED For HP mt645
- ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
- bus: moxtet: Add spi device table (git-fixes).
- Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
- crypto: api - Disallow identical driver names (git-fixes).
- commit a409ffd

- ALSA: usb-audio: Ignore clock selector errors for single
  connection (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
- ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287
  thinkpads (git-fixes).
- ALSA: usb-audio: Check presence of valid altsetting control
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
- ALSA: hda/realtek: Fix the external mic not being recognised
  for Acer Swift 1 SF114-32 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
- ahci: asm1166: correct count of reported ports (git-fixes).
- ACPI: extlog: fix NULL pointer dereference check (git-fixes).
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on
  synchronous events (git-fixes).
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop
- ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1
  and iMac12,2 (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad
  X131e (3371 AMD version) (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3
- ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA
- ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
- commit 728134a

- efivarfs: force RO when remounting if SetVariable is not
  supported (bsc#1220328 CVE-2023-52463).
- commit 6239d33

- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
- bpf: Defer the free of inner map when necessary (bsc#1220251
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
- commit b7359fc

- btrfs: fix double free of anonymous device after snapshot
  creation failure (bsc#1219126 CVE-2024-23850).
- commit f8ba729

- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
  (bsc#1220238 CVE-2023-52449).
- commit c132b67

- fs/mount_setattr: always cleanup mount_kattr (bsc#1220457
- commit 89afe2f

- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
- kABI: bpf: map_fd_put_ptr() signature kABI workaround
  (bsc#1220251 CVE-2023-52447).
- kABI: bpf: struct bpf_map kABI workaround (bsc#1220251
- commit bec1c61

- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
- bpf: Defer the free of inner map when necessary (bsc#1220251
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
- selftests/bpf: Test outer map update operations in syscall
  program (bsc#1220251 CVE-2023-52447).
- selftests/bpf: Add test cases for inner map (bsc#1220251
- bpf: Defer the free of inner map when necessary (bsc#1220251
- Refresh patches.suse/kABI-padding-for-bpf.patch
- bpf: Set need_defer as false when clearing fd array during
  map free (bsc#1220251 CVE-2023-52447).
- bpf: Add map and need_defer parameters to .map_fd_put_ptr()
  (bsc#1220251 CVE-2023-52447).
- bpf: Check rcu_read_lock_trace_held() before calling bpf map
  helpers (bsc#1220251 CVE-2023-52447).
- rcu-tasks: Provide rcu_trace_implies_rcu_gp() (bsc#1220251
- commit aa6db76

- Update patch reference for HID fix (CVE-2023-52478 bsc#1220796)
- commit 4aec836

- Update patch reference for input fix (CVE-2023-52475 bsc#1220649)
- commit 00a87c8

- topology/sysfs: Add PPIN in sysfs under cpu topology  (jsc#PED-7618).
- Refresh
- commit e74360b

- topology/sysfs: Add format parameter to macro defining "show"  functions for proc (jsc#PED-7618).
- Refresh
- commit 978a12d

- x86/cpu: X86_FEATURE_INTEL_PPIN finally has a CPUID bit (jsc#PED-7618).
- Refresh patches.suse/x86-speculation-disable-rrsba-behavior.patch.
- commit f7bed0d

- KVM: arm64: vgic-its: Avoid potential UAF in LPI translation
  cache (bsc#1220326, CVE-2024-26598).
- commit 74fd0dd

- scsi: lpfc: Replace deprecated strncpy() with strscpy()
- scsi: lpfc: Copyright updates for patches
- scsi: lpfc: Update lpfc version to (bsc#1220021).
- scsi: lpfc: Change lpfc_vport load_flag member into a bitmask
- scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask
- scsi: lpfc: Protect vport fc_nodes list with an explicit spin
  lock (bsc#1220021).
- scsi: lpfc: Change nlp state statistic counters into atomic_t
- scsi: lpfc: Remove shost_lock protection for fc_host_port
  shost APIs (bsc#1220021).
- scsi: lpfc: Move handling of reset congestion statistics events
- scsi: lpfc: Save FPIN frequency statistics upon receipt of
  peer cgn notifications (bsc#1220021).
- scsi: lpfc: Add condition to delete ndlp object after sending
  BLS_RJT to an ABTS (bsc#1220021).
- scsi: lpfc: Fix failure to delete vports when discovery is in
  progress (bsc#1220021).
- scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN
  processing for ndlps (bsc#1220021).
- scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute
  for Fabric nodes (bsc#1220021).
- scsi: lpfc: Remove D_ID swap log message from trace event logger
- scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's
  length (bsc#1220021).
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
- scsi: lpfc: Initialize status local variable in
  lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal
- PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
- commit 41ec061

- x86/fpu: Stop relying on userspace for info to fault in xsave buffer (bsc#1220335, CVE-2024-26603).
- commit 4cbbdbf

- Update patch reference for NFC fix (CVE-2021-46924 bsc#1220459)
- commit 8ac32a8

- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- commit 71868f2

- media: pvrusb2: fix use after free on context disconnection
  (CVE-2023-52445 bsc#1220241).
- commit e4643a5

- RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
- commit 62d6d3a

- RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
- Delete patches.suse/EDAC-amd64-Add-MI300-row-retirement-support.patch.
- commit 3cc5727

- uio: Fix use-after-free in uio_open (bsc#1220140
- commit fbf52b1

- apparmor: avoid crash when parsed profile name is empty
  (CVE-2023-52443 bsc#1220240).
- commit 732bc93

- ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
- commit c9fe433

- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- commit 6df2cbb

- xfs: short circuit xfs_growfs_data_private() if delta is zero
- commit fcba050

- xfs: remove unused fields from struct xbtree_ifakeroot
- commit 86da8f9

- fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
- commit 595274a

- nilfs2: replace WARN_ONs for invalid DAT metadata block requests
- commit 8b6113c

- nilfs2: fix data corruption in dsync block recovery for small
  block sizes (git-fixes).
- commit 3bf00f7

- jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
- commit 95bef1f

- jfs: fix uaf in jfs_evict_inode (git-fixes).
- commit d7a8248

- jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit e676b4f

- jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
- commit fc7d276

- UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
- commit bcf9251

- FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree (git-fixes).
- commit 9b22efe

- afs: Increase buffer size in afs_update_volume_status()
- commit dd84cc3

- afs: Hide silly-rename files from userspace (git-fixes).
- commit 3ff836d

- afs: fix the usage of read_seqbegin_or_lock() in
  afs_find_server*() (git-fixes).
- commit c7a2b9c

- afs: fix the usage of read_seqbegin_or_lock() in
  afs_lookup_volume_rcu() (git-fixes).
- commit 4fa847b

- btrfs: do not ASSERT() if the newly created subvolume already
  got read (bsc#1219126 CVE-2024-23850).
- commit 087f1fb

- Update
  (git-fixes, bsc1220398, CVE-2024-26602).
- commit 7349e3e

- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- commit edd994d

- i2c: i801: Fix block process call transactions (bsc#1220009
- commit 1b64da9

- RDMA/core: Fix uninit-value access in ib_get_eth_speed()
- commit 3ebf8e4

- mlxsw: spectrum_acl_tcam: Fix stack corruption (bsc#1220243
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in
  error path (bsc#1220344 CVE-2024-26595).
- commit 6e8b589

- EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330, CVE-2023-52464)
- commit 369d1fd

- RDMA/core: Get IB width and speed from netdev (bsc#1219934).
- commit 24279f3

- KVM: s390: vsie: fix race during shadow creation (git-fixes
- commit 72fd28e

- Update config files.
  Cleanup with
- commit ef734e5

- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
- commit 8d2ffe7

- supported.conf: remove external flag from IBM supported modules.
- commit a25e99f

- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-fixes)
- commit 7e2b55c

- arm64: irq: set the correct node for shadow call stack (git-fixes)
- commit b343796

- arm64: irq: set the correct node for VMAP stack (git-fixes)
- commit f682ae8

- blacklist.conf: ("arm64: lib: Import latest version of Arm Optimized Routines' strncmp")
- commit 88ead84

- Refresh sorted patches.
- commit 9f45380

- powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features
- powerpc/pseries: Add a clear modifier to ibm,pa/pi-features
  parser (bsc#1220348).
- commit 7e988f6

- usb: gadget: ncm: Avoid dropping datagrams of properly parsed
  NTBs (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet
- usb: cdns3: fixed memory use after free at
  cdns3_gadget_ep_disable() (git-fixes).
- usb: roles: don't get/set_role() when usb_role_switch is
  unregistered (git-fixes).
- usb: roles: fix NULL pointer issue when put module's reference
- usb: cdnsp: fixed issue with incorrect detecting CDNSP family
  controllers (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- USB: serial: option: add Fibocom FM101-GL variant (git-fixes).
- USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e
- USB: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
- commit 6aacbee

- s390: use the correct count for __iowrite64_copy() (git-fixes
- commit 3d0908e

- md: bypass block throttle for superblock update (bsc#1220154,
- commit 3b94bb4

- cachefiles: fix memory leak in cachefiles_add_cache()
- commit 9bb720c

- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump
  (bsc#1220253 CVE-2023-52448).
- commit 12cdab5

- platform/x86: thinkpad_acpi: Only update profile if successfully
  converted (git-fixes).
- platform/x86: touchscreen_dmi: Allow partial (prefix) matches
  for ACPI names (git-fixes).
- commit d153a3a

- USB: gadget: core: adjust uevent timing on gadget unbind
- commit e3b30d8

- blacklist.conf: entry for usb/gadget/udc/core that has been reverted
- commit 50292b0

- mm,page_owner: Update Documentation regarding page_owner_stacks
- commit 96f4587

- mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
- commit e683246

- mm,page_owner: Display all stacks and their count
- commit cfad590

- mm,page_owner: Implement the tracking of the stacks count
- commit 4c2de65

- mm,page_owner: Maintain own list of stack_records structs
- commit 91e49cb

- scsi: ibmvfc: Open-code reset loop for target reset
- commit 8ab46b6

- scsi: ibmvfc: Limit max hw queues by num_online_cpus()
- commit 648a1af

- lib/stackdepot: Move stack_record struct definition into the
  header (jsc-PED#7423).
- commit 6077ffb

- lib/stackdepot: Fix first entry having a 0-handle
- commit 992fd7d

- lib/stackdepot: add refcount for records (jsc-PED#7423).
- commit 714c529

- sched/membarrier: reduce the ability to hammer on sys_membarrier
- commit 050cced

- lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
- commit 2786362

- RDMA/srpt: fix function pointer cast warnings (git-fixes)
- commit dac438c

- RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
- commit b146859

- RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
- commit 8d48d24

- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
- commit da3f72a

- RDMA/irdma: Add AE for too many RNRS (git-fixes)
- commit f63a394

- RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
- commit 3b512eb

- RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
- commit 98f2343

- RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
- commit 83211d5

- RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
- commit 675dc2d

- RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
- commit c51f388

- IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
- commit 2afc750

- x86/mm: Fix memory encryption features advertisement (bsc#1206453).
- commit 143c33b

- rpm/check-for-config-changes: add GCC_ASM_GOTO_OUTPUT_WORKAROUND to IGNORED_CONFIGS_RE
  Introduced by commit 68fb3ca0e408 ("update workarounds for gcc "asm
  goto" issue").
- commit be1bdab

- net: openvswitch: limit the number of recursions from action
  sets (bsc#1219835 CVE-2024-1151).
- commit ed2fd55

- scsi: core: Move scsi_host_busy() out of host lock if it is
  for per-command (git-fixes).
- commit 65a3d05

- mfd: syscon: Fix null pointer dereference in
  of_syscon_register() (git-fixes).
- commit ac6a500

- powerpc/64: Set task pt_regs->link to the LR value on scv entry
- powerpc: add crtsavres.o to always-y instead of extra-y
- powerpc/watchpoints: Annotate atomic context in more places
- powerpc/watchpoint: Disable pagefaults when getting user
  instruction (bsc#1194869).
- powerpc/watchpoints: Disable preemption in thread_change_pc()
- powerpc/pseries: Rework lppaca_shared_proc() to avoid
  DEBUG_PREEMPT (bsc#1194869).
- powerpc: Don't include lppaca.h in paca.h (bsc#1194869).
- powerpc/powernv: Fix fortify source warnings in opal-prd.c
- commit 148ec5a

- modpost: trim leading spaces when processing source files list
- kbuild: Fix changing ELF file type for output of gen_btf for
  big endian (git-fixes).
- irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit
- driver core: Fix device_link_flag_is_sync_state_only()
- iio: accel: bma400: Fix a compilation problem (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value
  read from RM3100_REG_TMRC (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- commit 55c0c3a

- compute-PATCHVERSION: Do not produce output when awk fails
  compute-PATCHVERSION uses awk to produce a shell script that is
  subsequently executed to update shell variables which are then printed
  as the patchversion.
  Some versions of awk, most notably bysybox-gawk do not understand the
  awk program and fail to run. This results in no script generated as
  output, and printing the initial values of the shell variables as
  the patchversion.
  When the awk program fails to run produce 'exit 1' as the shell script
  to run instead. That prevents printing the stale values, generates no
  output, and generates invalid rpm spec file down the line. Then the
  problem is flagged early and should be easier to diagnose.
- commit 8ef8383

- Drop bcm5974 input patch causing a regression (bsc#1220030)
- commit cdfe144

- nvme-fabrics: fix I/O connect error handling (git-fixes).
- commit 1cf32dd

- scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes
- scsi: Revert "scsi: fcoe: Fix potential deadlock on
  &fip->ctlr_lock" (git-fixes bsc#1219141).
- scsi: core: Move scsi_host_busy() out of host lock for waking
  up EH handler (git-fixes).
- scsi: isci: Fix an error code problem in isci_io_request_build()
- scsi: mpi3mr: Refresh sdev queue depth after controller reset
- commit bb93e52

- scsi: hisi_sas: Prevent parallel FLR and controller reset
- Refresh
- commit 90473ca

- drm/amdgpu/display: Initialize gamma correction mode variable
  in dcn30_get_gamcor_current() (git-fixes).
- drm/amd/display: Fix possible NULL dereference on device
  remove/driver unload (git-fixes).
- Revert "drm/amd: flush any delayed gfxoff on suspend entry"
- drm/amd/display: Fix possible buffer overflow in
  'find_dcfclk_for_voltage()' (git-fixes).
- drm/crtc: fix uninitialized variable use even harder
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- can: j1939: Fix UAF in j1939_sk_match_filter during
  setsockopt(SO_J1939_FILTER) (git-fixes).
- wifi: iwlwifi: uninitialized variable in
  iwl_acpi_get_ppag_table() (git-fixes).
- wifi: iwlwifi: Fix some error codes (git-fixes).
- spi-mxs: Fix chipselect glitch (git-fixes).
- spi: ppc4xx: Drop write-only variable (git-fixes).
- HID: wacom: generic: Avoid reporting a serial of '0' to
  userspace (git-fixes).
- HID: wacom: Do not register input devices until after
  hid_hw_start (git-fixes).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping
- hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- drm/msm/dpu: check for valid hw_pp in
  dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msm/dp: return correct Colorimetry for
  DP_TEST_DYNAMIC_RANGE_CEA case (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in
  BPC unknown case (git-fixes).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio()
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- crypto: ccp - Fix null pointer dereference in
  __sev_platform_shutdown_locked (git-fixes).
- commit 8c41a3a

- ALSA: usb-audio: More relaxed check of MIDI jack names
- ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
- ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks
  table (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix device ID / model name
- ALSA: usb-audio: Sort quirk table entries (git-fixes).
- ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
- ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision
- ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter
- commit 4ee9775

- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- commit 515312a

- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes).
  Also add mds_user_clear to kABI severities since it's strictly
  mitigation related so should be low risk.
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- commit f298aab

- netfs, fscache: Prevent Oops in fscache_put_cache()
- commit 70831f5

- mm: memory-failure: fix potential unexpected return value from
  unpoison_memory() (git-fixes).
- commit 4c346fc

- netfilter: nf_tables: disallow rule removal from chain binding
  (bsc#1218216 CVE-2023-5197).
- commit dcfc62f

- netfilter: nf_tables: skip bound chain in netns release path
  (bsc#1218216 CVE-2023-5197).
- commit 29d741f

- netfilter: nf_tables: disallow rule removal from chain binding
  (bsc#1218216 CVE-2023-5197).
- commit d7a1a4d

- netfilter: nf_tables: skip bound chain in netns release path
  (bsc#1218216 CVE-2023-5197).
- commit af879c8

- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- commit e5b6bde

- mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE
- commit d6fa958

- mm/hwpoison: mf_mutex for soft offline and unpoison
- commit 177fcfa

- net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv
  (bsc#1219127 CVE-2024-23849).
- commit 43577c1

- Refresh
- commit 6b5c8aa

- USB: hub: check for alternate port before enabling
  A_ALT_HNP_SUPPORT (bsc#1218527).
- Delete patches.suse/usb-otg-numberpad-exception.patch.
  Removal of temporary work around
- commit 51410f7

- blacklist.conf: irrelevant in our configs
- commit 011570e

- dm: limit the number of targets and parameter size area
  (bsc#1219827, bsc#1219146, CVE-2023-52429, CVE-2024-23851).
- commit 26dc83e

- usb: cdns3: Modify the return value of cdns_set_active ()
  to void when CONFIG_PM_SLEEP is disabled (git-fixes).
- Refresh patches.kabi/usb-cdns-readd-old-API.patch.
- commit f63fe1f

- usb: cdns: readd old API (git-fixes).
- commit e63cfaf

- usb: gadget: f_hid: fix report descriptor allocation
- commit b1aee6d

- Refresh
  moved into sorted section
- commit 19ade31

- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc
- commit e5f0b82

- usb: cdns3: Put the cdns set active part outside the spin lock
- commit 86f2eb0

- USB: Gadget: core: Help prevent panic during UVC unconfigure
- commit 00fdbf2

- usb: gadget: core: remove unbalanced mutex_unlock in
  usb_gadget_activate (git-fixes).
- commit 4803ff6

- usb: gadget: udc: Handle gadget_connect failure during bind
  operation (git-fixes).
- commit 70218de

- USB: gadget: core: Add missing kerneldoc for vbus_work
- commit 25e9543

- usb: gadget: udc: core: Prevent soft_connect_store() race
- commit eb5f8ac

- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
- commit 7a7bf5a

- blacklist.conf: changed reason
  The old reason applied only to SP4. However
  this patch by coincidence still needs to be blacklisted in SP5
  for a completely different reason
- commit 5f8bebe

- USB: gadget: Fix obscure lockdep violation for udc_mutex
- Refresh
- commit a8658e1

- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
- commit 6205e50

- s390/qeth: Fix potential loss of L3-IP@ in case of network
  issues (git-fixes bsc#1219840).
- commit 4987d16

- KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
- commit 47fbb44

- Add reference to recently released CVE
- Update
  (bsc#1217927 CVE-2024-25744).
- Update
  (bsc#1217927 CVE-2024-25744).
- commit 1dc32d2

- nvme-host: fix the updating of the firmware version (git-fixes).
- commit 27cca59

- arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
- commit 8b0cea9

- arm64: entry: Simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- commit 713244d

- arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
- commit 2aa2cc1
- Fix memory leaks, add patch 0010-Fix-three-memory-leaks.patch
  * CVE-2024-26458, bsc#1220770
  * CVE-2024-26461, bsc#1220771
  * CVE-2024-26462, bsc#1220772
- Add avahi-CVE-2023-38471.patch: Extract host name using
  avahi_unescape_label (bsc#1216594, CVE-2023-38471).
- Add avahi-CVE-2023-38469.patch: Reject overly long TXT resource
  records (bsc#1216598, CVE-2023-38469).
- (bsc#1219666, CVE-2023-6597) Add
  CVE-2023-6597-TempDir-cleaning-symlink.patch (patch from
  gh#python/cpython!99930) fixing symlink bug in cleanup of
- Merge together bpo-36576-skip_tests_for_OpenSSL-111.patch into
  skip_SSL_tests.patch, and make them include all conditionals.
- bsc#1176006: Fix chage date miscalculation
  Add shadow-bsc1176006-chage-date.patch
- bsc#1188307: Fix passwd segfault
  Add shadow-bsc1188307-passwd-segfault.patch
- bsc#1203823: Remove pam_keyinit from PAM config files
  Remove pam_keyinit from PAM configuration.
  This was introduced for bsc#1144060.
- Fix pam_gnome_keyring module for AUTH.
  [pam-config-fix-pam_gnome_keyring.patch, bsc#1219767]
- merge gh#openSUSE/perl-bootloader#166
- log grub2-install errors correctly (bsc#1221470)
- 0.947

- merge gh#openSUSE/perl-bootloader#161
- support old grub versions (<= 2.02) that used /usr/lib
- create EFI boot fallback directory if necessary
- 0.946
- Add upstream patch <> to
  properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
  + 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
  + 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
  + 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- 0001-sed-set-correct-umask-on-temporary-files.patch
  Fix for bsc#1221218
- Fix NOPASSWD issue introduced by patches for CVE-2023-42465
  [bsc#1221151, bsc#1221134]
  * Update sudo-CVE-2023-42465-1of2.patch sudo-CVE-2023-42465-2of2.patch
  * Enable running regression selftests during build time.
- Changes to version 3.1.29
  + Extended scaling for performance (bsc#1214713)
  + Fixed kdumptool output error (bsc#1218632)
  + Corrected podman ID errors (bsc#1218812)
  + Duplicate non root podman entries removed (bsc#1218814)
  + Corrected get_sles_ver for SLE Micro (bsc#1219241)
  + Check nvidida-persistenced state (bsc#1219639)
- Allow "--rollback" flag to run on readonly filesystem (bsc#1220679)
- Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked
  (bsc#1200731 ltc#198485
  Support both the old and new service to avoid complex version interdependency.
- Bump version to 15

- Order packages that requires systemd after systemd-sysvcompat when this part
  of the transaction (bsc#1217964)
  systemd-sysvcompat has been introduced recently and contains the compatibility
  scripts used to support SysV init scripts. Make sure that the packages ordered
  after systemd are also ordered after systemd-sysvcompat so theirs rpm
  scriptlets can still rely on the compat scripts.
  On distributions where systemd-sysvcompat doesn't exist, the new ordering
  constraint should be a nop.
- update to version 0.6.74
  + team: add new options like link_watch_policy (jsc#PED-7183)
  + Fix memory leaks in dbus variant destroy and fsm free (gh#openSUSE/wicked#1001)
  + xpath: allow underscore in node identifier (gh#openSUSE/wicked#999)
  + vxlan: don't format unknown rtnl attrs (bsc#1219751)
- removed patches included in the source archive:
  [- 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
  [- 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
  [- 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
  [- 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
  [- 0005-duid-fix-comment-for-v6time.patch]
  [- 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
  [- 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [- 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
  [- 0001-fix_arp_notify_loop_and_burst_sending.patch]

- ifreload: VLAN changes require device deletion (bsc#1218927)
  [+ 0009-ifreload-VLAN-changes-require-device-deletion-bsc-12.patch]
- ifcheck: fix config changed check (bsc#1218926)
  [+ 0008-ifcheck-fix-config-changed-check-bsc-1218926.patch]
- client: fix exit code for no-carrier status (bsc#1219265)
  [+ 0007-Fix-ifstatus-exit-code-for-NI_WICKED_ST_NO_CARRIER-s.patch]
- dhcp6: omit the SO_REUSEPORT option (bsc#1215692)
  [+ 0006-dhcp6-omit-the-SO_REUSEPORT-option-bsc-1215692.patch]
- duid: fix comment for v6time
  [+ 0005-duid-fix-comment-for-v6time.patch]
- rtnl: fix peer address parsing for non ptp-interfaces
  [+ 0003-rtnl-pass-ifname-in-newaddr-parsing-and-logging.patch]
  [+ 0004-rtnl-parse-peer-address-on-non-ptp-interfaces.patch]
- system-updater: Parse updater format from XML configuration to
  ensure install calls can run.
  [+ 0002-system-updater-Parse-updater-format-from-XML-configu.patch]
- bsc#1221332 - VUL-0: CVE-2023-28746: xen: x86: Register File Data
  Sampling (XSA-452)
- bsc#1221334 - VUL-0: CVE-2024-2193: xen: GhostRace: Speculative
  Race Conditions (XSA-453)
- Upstream bug fixes (bsc#1027519)

- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)
- Upstream bug fixes (bsc#1027519)
- Patches replaced by newer upstream versions

- bsc#1219885 - VUL-0: CVE-2023-46841: xen: x86: shadow stack vs
  exceptions from emulation stubs (XSA-451)

- Upstream bug fixes (bsc#1027519)
- bsc#1218851 - VUL-0: CVE-2023-46839: xen: phantom functions
  assigned to incorrect contexts (XSA-449)
- bsc#1219080 - VUL-0: CVE-2023-46840: xen: VT-d: Failure to
  quarantine devices in !HVM builds (XSA-450)
- Patches replaced by newer upstream versions