catatonit
- Update to catatonit v0.2.0.
  * Change license to GPL-2.0-or-later.
- Remove upstreamed patches:
  - 99bb9048f.patch
coreutils
- ls: avoid triggering automounts (bsc#1221632)
  - add coreutils-ls-avoid-triggering-automounts.patch
e2fsprogs
EA Inode handling fixes:
- ext2fs-avoid-re-reading-inode-multiple-times.patch: ext2fs: avoid re-reading
  inode multiple times (bsc#1223596)
- e2fsck-fix-potential-out-of-bounds-read-in-inc_ea_in.patch: e2fsck: fix
  potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596)
- e2fsck-add-more-checks-for-ea-inode-consistency.patch: e2fsck: add more
  checks for ea inode consistency (bsc#1223596)
- e2fsck-fix-golden-output-of-several-tests.patch: e2fsck: fix golden output of
  several tests (bsc#1223596)
kdump
- spec: return success from pre, post, preun and postun scriplets
  (bsc#1222228, bsc#1191410)
- spec: differentiate between uninstall and upgrade in postun/preun
  (bsc#1191410)
kernel-default
- Update
  patches.suse/efi-libstub-Implement-support-for-unaccepted-memory.patch
  (jsc#PED-7167, bsc#1224169).
- commit a57eb93

- Update
  patches.suse/SUNRPC-fix-a-memleak-in-gss_import_v2_context.patch
  (git-fixes bsc#1223858).
- commit e50ed21

- netfilter: nft_ct: fix l3num expectations with inet pseudo
  family (git-fixes).
- commit 87e8a80

- Reapply "drm/qxl: simplify qxl_fence_wait" (stable-fixes).
- commit 8f3269f

- Update
  patches.suse/1576-drm-amd-display-fix-memory-leak-when-using-debugfs_l.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
  CVE-2022-48698 bsc#1223956).
- commit a0e3008

- Update patches.suse/ice-Fix-DMA-mappings-leak.patch (jsc#PED-376
  CVE-2022-48690 bsc#1223960).
- commit 7e1bf3d

- Update
  patches.suse/ALSA-emu10k1-Fix-out-of-bounds-access-in-snd_emu10k1.patch
  (git-fixes CVE-2022-48702 bsc#1223923).
- Update
  patches.suse/ALSA-usb-audio-Fix-an-out-of-bounds-bug-in-__snd_usb.patch
  (git-fixes CVE-2022-48701 bsc#1223921).
- Update
  patches.suse/RDMA-irdma-Fix-drain-SQ-hang-with-no-completion.patch
  (jsc#SLE-18383 CVE-2022-48694 bsc#1223964).
- Update
  patches.suse/RDMA-srp-Set-scmnd-result-only-when-scmnd-is-not-NUL.patch
  (git-fixes CVE-2022-48692 bsc#1223962).
- Update
  patches.suse/cgroup-Add-missing-cpus_read_lock-to-cgroup_attach_task_all.patch
  (bsc#1196869 CVE-2022-48671 bsc#1223929).
- Update
  patches.suse/drm-radeon-add-a-force-flush-to-delay-work-when-rade.patch
  (git-fixes CVE-2022-48704 bsc#1223932).
- Update
  patches.suse/i40e-Fix-kernel-crash-during-module-removal.patch
  (jsc#SLE-18378 CVE-2022-48688 bsc#1223953).
- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860 CVE-2022-48687 bsc#1223952).
- Update
  patches.suse/net-smc-Fix-possible-access-to-freed-memory-in-link-clear
  (git-fixes CVE-2022-48673 bsc#1223934).
- Update
  patches.suse/nvme-tcp-fix-uaf-when-detecting-digest-errors.patch
  (bsc#1200313 bsc#1201489 CVE-2022-48686 bsc#1223948).
- Update patches.suse/nvmet-fix-a-use-after-free.patch (git-fixes
  CVE-2022-48697 bsc#1223922).
- Update
  patches.suse/of-fdt-fix-off-by-one-error-in-unflatten_dt_nodes.patch
  (git-fixes CVE-2022-48672 bsc#1223931).
- Update
  patches.suse/scsi-mpt3sas-Fix-use-after-free-warning.patch
  (git-fixes CVE-2022-48695 bsc#1223941).
- Update
  patches.suse/soc-brcmstb-pm-arm-Fix-refcount-leak-and-__iomem-lea.patch
  (git-fixes CVE-2022-48693 bsc#1223963).
- Update
  patches.suse/thermal-int340x_thermal-handle-data_vault-when-the-v.patch
  (bsc#1201308 CVE-2022-48703 bsc#1223924).
- Update patches.suse/vfio-type1-Unpin-zero-pages.patch (git-fixes
  CVE-2022-48700 bsc#1223957).
- commit c8677b5

- packet: annotate data-races around ignore_outgoing
  (CVE-2024-26862 bsc#1223111).
- commit 6e591e7

- sctp: fix potential deadlock on &net->sctp.addr_wq_lock
  (CVE-2024-0639 bsc#1218917).
- commit 517d4f7

- Update
  patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
  (CVE-2022-48662 bsc#1223505).
  Unbreak metadata (References: collides with our internal tracking,
  switch to Fixes: when referencing a commit).
- commit cd38265

- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in
  custom expectations (bsc#1222368 CVE-2024-26673).
- commit 785b7d0

- igc: avoid returning frame twice in XDP_REDIRECT (bsc#1223061
  CVE-2024-26853).
- commit 021db33

- net: sparx5: Fix use after free inside sparx5_del_mact_entry
  (bsc#1223052 CVE-2024-26856).
- commit fc5c6ad

- fs: sysfs: Fix reference leak in sysfs_break_active_protection() (CVE-2024-26993 bsc#1223693)
- commit b0c9830

- Update
  patches.suse/IB-core-Fix-a-nested-dead-lock-as-part-of-ODP-flow.patch
  (git-fixes CVE-2022-48675 bsc#1223894).
- Update
  patches.suse/drm-gma500-Fix-BUG-sleeping-function-called-from-inv.patch
  (git-fixes CVE-2022-48634 bsc#1223501).
- Update
  patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch
  (CVE-2022-48662 bsc#1223505a4e7ccdac38e ("drm/i915: Move
  context management under GEM") bsc#1223505).
- Update
  patches.suse/i2c-mlxbf-prevent-stack-overflow-in-mlxbf_i2c_smbus_.patch
  (git-fixes CVE-2022-48632 bsc#1223481).
- Update
  patches.suse/ice-Fix-crash-by-keep-old-cfg-when-update-TCs-more-t.patch
  (git-fixes CVE-2022-48652 bsc#1223520).
- Update
  patches.suse/s390-dasd-fix-Oops-in-dasd_alias_get_start_dev-due-to-missing-pavgroup
  (git-fixes CVE-2022-48636 bsc#1223512).
- commit 523501c

- blacklist.conf: add a not-relevant module-loader patch
- commit 90c64db

- ring-buffer: Only update pages_touched when a new page is
  touched (git-fixes).
- commit b42aba1

- kprobes: Fix possible use-after-free issue on kprobe
  registration (git-fixes).
- commit e007447

- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page
  in concurrent environment (git-fixes).
- commit 118cfcd

- tracing/net_sched: Fix tracepoints that save qdisc_dev()
  as a string (git-fixes).
- commit a272f90

- tracing: Show size of requested perf buffer (git-fixes).
- commit f8d068b

- Bluetooth: Add new quirk for broken read key length on ATS2851
  (git-fixes).
- commit 9ac913a

- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE
  (git-fixes).
- commit 83cd609

- fuse: don't unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal
  (bsc#1223949).
- commit fdf9216

- RDMA/cm: Print the old state when cm_destroy_id gets timeout
  (git-fixes).
- commit 9b2934b

- nouveau: lock the client object tree. (bsc#1223834 CVE-2024-27062)
- commit e828498

- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- commit 5647172

- drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() (CVE-2024-27041 bsc#1223714)
- commit ae6f7a9

- tun: limit printing rate when illegal packet received by tun
  dev (bsc#1223745 CVE-2024-27013).
- net/mlx5e: Prevent deadlock while disabling aRFS (bsc#1223735
  CVE-2024-27014).
- octeontx2-af: Use separate handlers for interrupts (bsc#1223790
  CVE-2024-27030).
- wireguard: netlink: access device through ctx instead of peer
  (bsc#1223661 CVE-2024-26950).
- wireguard: netlink: check for dangling peer via is_dead instead
  of empty list (bsc#1223660 CVE-2024-26951).
- wireguard: receive: annotate data-race around
  receiving_counter.counter (bsc#1223076 CVE-2024-26861).
- nfp: flower: handle acti_netdevs allocation failure (bsc#1223827
  CVE-2024-27046).
- commit b495510

- drm/amd/display: Add a dc_state NULL check in dc_state_release (CVE-2024-26948 bsc#1223664)
- commit 211db77

- slimbus: qcom-ngd-ctrl: Add timeout for wait operation
  (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- usb: typec: tcpm: Check for port partner validity before
  consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before
  re-registration (bsc#1220569).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual
  SuperSpeed device (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup
  packets (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic
  (git-fixes).
- commit d9cff03

- pstore: inode: Only d_invalidate() is needed (bsc#1223705
  CVE-2024-27389).
- commit bbe965a

- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU
  (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops
  (stable-fixes).
- commit 86753e0

- ASoC: meson: axg-tdm-interface: manage formatters in trigger
  (git-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe
  (git-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of
  device_get_named_child_node() (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events
  (git-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move()
  v2 (git-fixes).
- spi: hisi-kunpeng: Delete the dump interface of data registers
  in debugfs (git-fixes).
- commit 79c4a57

- wifi: iwlwifi: mvm: ensure offloading TID queue exists
  (CVE-2024-27056 bsc#1223822).
- wifi: iwlwifi: mvm: protect TXQ list manipulation
  (CVE-2024-27056 bsc#1223822).
- commit 5895d13

- media: edia: dvbdev: fix a use-after-free (CVE-2024-27043
  bsc#1223824).
- commit e3d9ce5

- clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()
  (CVE-2024-27039 bsc#1223821).
- commit 70ad74a

- clk: Fix clk_core_get NULL dereference (CVE-2024-27038
  bsc#1223816).
- commit bcf8ce4

- Rename to
  patches.suse/drm-i915-gem-Really-move-i915_gem_context.link-under.patch.
- commit e953a9a

- s390/qeth: Fix kernel panic after setting hsuid (git-fixes
  bsc#1223879).
- commit 1b0c7f2

- s390/mm: Fix storage key clearing for guest huge pages
  (git-fixes bsc#1223878).
- commit fc57acc

- s390/mm: Fix clearing storage keys for huge pages (git-fixes
  bsc#1223877).
- commit c73273d

- s390/vdso: Add CFI for RA register to asm macro vdso_func
  (git-fixes bsc#1223876).
- commit 15b93ff

- s390/cio: Ensure the copied buf is NUL terminated (git-fixes
  bsc#1223875).
- commit c670b5d

- NTB: fix possible name leak in ntb_register_device()
  (CVE-2023-52652 bsc#1223686).
- commit 206337a

- mm: swap: fix race between free_swap_and_cache() and swapoff()
  (CVE-2024-26960 bsc#1223655).
- commit b6bee56

- swap: comments get_swap_device() with usage rule (CVE-2024-26960
  bsc#1223655).
- commit 15510e4

- Refresh patches.suse/powerpc-pseries-iommu-LPAR-panics-when-rebooted-with.patch.
- commit 2ecdc0a

- clk: qcom: mmcc-msm8974: fix terminating of frequency table
  arrays (CVE-2024-26965 bsc#1223648).
- commit 1dd34df

- clk: qcom: mmcc-apq8084: fix terminating of frequency table
  arrays (CVE-2024-26966 bsc#1223646).
- commit a12a96e

- clk: qcom: gcc-ipq8074: fix terminating of frequency table
  arrays (CVE-2024-26969 bsc#1223645).
- commit 8dca0be

- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit f5401a7

- ipv6/addrconf: fix a potential refcount underflow for idev
  (git-fixes).
- commit cdd225e

- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- commit 87fa6a6

- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp
  (git-fixes).
- commit 77fb94f

- net: stream: purge sk_error_queue in sk_stream_kill_queues()
  (git-fixes).
- commit cb9fa4c

- netfilter: br_netfilter: Drop dst references before setting
  (git-fixes).
- commit 28508ef

- net: mld: fix reference count leak in mld_{query |
  report}_work() (git-fixes).
- commit 389c7c7

- net: ipv6: ensure we call ipv6_mc_down() at most once
  (git-fixes).
- commit e46b1a5

- net: fix a memleak when uncloning an skb dst and its metadata
  (git-fixes).
- commit 9e895dd

- net: bridge: vlan: fix memory leak in __allowed_ingress
  (git-fixes).
- commit 26122cb

- Update patches.suse/nfsd-use-__fput_sync-to-avoid-delayed-closing-of-fil.patch
  (bsc#1223380 bsc#1217408 bsc#1223640).
- commit 48bb894

- netfilter: ipt_CLUSTERIP: fix refcount leak in
  clusterip_tg_check() (git-fixes).
- commit 014c7bb

- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- commit f6e1f81

- x86/sev: Skip ROM range scans and validation for SEV-SNP guests
  (jsc#PED-7167 git-fixes).
- Refresh
  patches.suse/0003-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mode.patch.
- Refresh
  patches.suse/0004-efi-Lock-down-the-kernel-at-the-integrity-level-if-b.patch.
- commit 8eb012f

- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit
  type (jsc#PED-7167 git-fixes).
- commit 554f303

- Update
  patches.suse/ext4-fix-bug-in-extents-parsing-when-eh_entries-0-an.patch
  (bsc#1206881 bsc#1223475 CVE-2022-48631).
- commit 718df1c

- clk: qcom: gcc-ipq6018: fix terminating of frequency table
  arrays (CVE-2024-26970 bsc#1223644).
- commit 0c0dddd

- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3
  (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails
  (stable-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853
  (stable-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old()
  (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore()
  (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry
  (stable-fixes).
- commit ac12ea7

- net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
  (CVE-2024-26852 bsc#1223057)
- commit d89430d

- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- commit 4bfffd4

- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- commit 1d62037

- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- commit 93fb4e2

- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- commit 5fec238

- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- commit 8f27cd5

- md/raid5: fix atomicity violation in raid5_cache_count
  (bsc#1219169, CVE-2024-23307).
- commit d2d22f0

- s390/decompressor: fix misaligned symbol build error (git-fixes
  bsc#1223785).
- commit 47fb728

- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- commit c7b5bd6

- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- commit a134662

- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- commit bb84f10

- kABI workaround for cec_adapter (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid recursive cec_claim_log_addrs
  (CVE-2024-23848 bsc#1219104).
- media: cec: core: avoid confusing "transmit timed out" message
  (CVE-2024-23848 bsc#1219104).
- media: cec: cec-api: add locking in cec_release()
  (CVE-2024-23848 bsc#1219104).
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh
  (CVE-2024-23848 bsc#1219104).
- commit 70ecf73

- mm/slub: fix to return errno if kmalloc() fails (CVE-2022-48659
  bsc#1223498).
- commit d72759d

- drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() (CVE-2023-52585 bsc#1221080).
- commit cde7c84

- bonding: fix NULL deref in bond_rr_gen_slave_id (bsc#1223499
  CVE-2022-48640).
- commit 9f14266

- media: cec: abort if the current transmit was canceled
  (CVE-2024-23848 bsc#1219104).
- commit e51b978

- Squashfs: check the inode number is not the invalid value of
  zero (bsc#1223634 CVE-2024-26982).
- commit 8ad2647

- Update
  patches.suse/ubifs-ubifs_symlink-Fix-memleak-of-inode-i_link-in-error-path.patch
  (git-fixes CVE-2024-26972 bsc#1223643).
- commit c1d0983

- Update
  patches.suse/nilfs2-prevent-kernel-bug-at-submit_bh_wbc.patch
  (git-fixes CVE-2024-26955 bsc#1223657).
- commit 59db655

- Update
  patches.suse/nilfs2-fix-failure-to-detect-DAT-corruption-in-btree.patch
  (git-fixes CVE-2024-26956 bsc#1223663).
- commit b968ba7

- Update patches.suse/nilfs2-fix-OOB-in-nilfs_set_de_type.patch
  (git-fixes CVE-2024-26981 bsc#1223668).
- commit 7b2eba5

- ASoC: SOF: Add some bounds checking to firmware data
  (CVE-2024-26927 bsc#1223525).
- commit 797ef67

- Update
  patches.suse/gpio-mockup-fix-NULL-pointer-dereference-when-removi.patch
  (git-fixes CVE-2022-48663 bsc#1223523).
- commit fb50f4d

- Update
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch
  (bsc#1203906 CVE-2022-48638 bsc#1223522).
- commit 1b1d545

- Update
  patches.suse/sfc-fix-TX-channel-offset-when-using-legacy-interrup.patch
  (git-fixes CVE-2022-48647 bsc#1223519).
- commit 2df3009

- Update
  patches.suse/smb3-fix-temporary-data-corruption-in-insert-range.patch
  (bsc#1193629 CVE-2022-48667 bsc#1223518).
- commit 2544640

- Update
  patches.suse/bnxt-prevent-skb-UAF-after-handing-over-to-PTP-worke.patch
  (jsc#SLE-18978 CVE-2022-48637 bsc#1223517).
- commit 8af9f52

- Update
  patches.suse/smb3-fix-temporary-data-corruption-in-collapse-range.patch
  (bsc#1193629 CVE-2022-48668 bsc#1223516).
- commit ea57df6

- drm/i915/gem: Really move i915_gem_context.link under ref
  protection (CVE-2022-48662 bsc#1223505).
- commit 1ea0422

- Update
  patches.suse/net-sched-taprio-avoid-disabling-offload-when-it-was.patch
  (bsc#1207361 CVE-2022-48644 bsc#1223511).
- commit 32036dc

- Update
  patches.suse/1631-drm-i915-gem-Really-move-i915_gem_context.link-under.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
  jsc#PED-2849a4e7ccdac38e ("drm/i915: Move context management
  under GEM") CVE-2022-48662 bsc#1223505).
- commit 16b0082

- netfilter: nf_tables: disallow timeout for anonymous sets
  (CVE-2023-52620 bsc#1221825).
- commit 19a9222

- Update
  patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
  (bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit a4b4019

- Update
  patches.suse/scsi-qla2xxx-Fix-memory-leak-in-__qlt_24xx_handle_ab.patch
  (bsc#1203935 CVE-2022-48650 bsc#1223509).
- commit ecd523c

- Update
  patches.suse/sfc-fix-null-pointer-dereference-in-efx_hard_start_x.patch
  (git-fixes CVE-2022-48648 bsc#1223503).
- commit 2cd307a

- Update
  patches.suse/sfc-siena-fix-null-pointer-dereference-in-efx_hard_s.patch
  (jsc#PED-1565 CVE-2022-48646 bsc#1223502).
- commit 54704c0

- Update
  patches.suse/net-sched-fix-possible-refcount-leak-in-tc_new_tfilt.patch
  (bsc#1207361 CVE-2022-48639 bsc#1223490).
- commit 1b88973

- Update
  patches.suse/gpiolib-cdev-Set-lineevent_state-irq-after-IRQ-regis.patch
  (git-fixes CVE-2022-48660 bsc#1223487).
- commit 30d7811

- Update
  patches.suse/arm64-topology-fix-possible-overflow-in-amu_fie_setu.patch
  (git-fixes CVE-2022-48657 bsc#1223484).
- commit d7e1659

- Update
  patches.suse/netfilter-nfnetlink_osf-fix-possible-bogus-match-in-.patch
  (bsc#1204614 CVE-2022-48654 bsc#1223482).
- commit a8a2952

- Update
  patches.suse/dmaengine-ti-k3-udma-private-Fix-refcount-leak-bug-i.patch
  (git-fixes CVE-2022-48656 bsc#1223479).
- commit 90546f3

- netfilter: nf_tables: fix percpu memory leak at
  nf_tables_addchain() (bsc#1223478 CVE-2022-48642).
- commit 839888a

- blacklist.conf: code refactoring
- commit f72ed44

- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- commit 15c6bc2

- printk: Avoid non-panic CPUs writing to ringbuffer
  (bsc#1223574).
- commit d14ad8e

- Update
  patches.suse/ice-Don-t-double-unplug-aux-on-peer-initiated-reset.patch
  (git-fixes CVE-2022-48653 bsc#1223474).
- commit dba84ad

- blacklist.conf: refactoring, not a fix
- commit ef0f94f

- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- commit ed11fe0

- printk: Disable passing console lock owner completely during
  panic() (bsc#1223574).
- commit d98358d

- s390/zcrypt: fix reference counting on zcrypt card objects
  (git-fixes bsc#1223595).
- commit 0483eb1

- Update
  patches.suse/media-pvrusb2-fix-uaf-in-pvr2_context_set_notify.patch
  (git-fixes CVE-2024-26875 bsc#1223118).
- commit fd5a947

- printk: ringbuffer: Skip non-finalized records in panic
  (bsc#1223574).
- commit c9df6e3

- printk: Wait for all reserved records with pr_flush()
  (bsc#1223574).
- commit d04f93d

- Update
  patches.suse/RDMA-srpt-Do-not-register-event-handler-until-srpt-d.patch
  (git-fixes CVE-2024-26872 bsc#1223115).
- commit 66d99f5

- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- commit a92ce86

- printk: Add this_cpu_in_panic() (bsc#1223574).
- commit 0b039ad

- quota: Fix potential NULL pointer dereference (bsc#1223060
  CVE-2024-26878).
- commit 93c484c

- do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
  (bsc#1223198 CVE-2024-26901).
- commit a397ff1

- blk-mq: fix IO hang from sbitmap wakeup race (bsc#1222357
  CVE-2024-26671).
- commit 9908e06

- ext4: avoid allocating blocks from corrupted group in
  ext4_mb_find_by_goal() (bsc#1222613 CVE-2024-26772).
- commit be73fd6

- printk: Rename abandon_console_lock_in_panic() to
  other_cpu_in_panic() (bsc#1223574).
- commit 6336c25

- Update
  patches.suse/s390-Once-the-discipline-is-associated-with-the-device-de.patch
  (bsc#1141539 git-fixes).
- commit 111a038

- printk: Drop console_sem during panic (bsc#1223574).
- commit 725427c

- clk: meson: Add missing clocks to axg_clk_regmaps
  (CVE-2024-26879 bsc#1223066).
- commit 46eee50

- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- commit 0f13b5c

- printk: ringbuffer: Do not skip non-finalized records with
  prb_next_seq() (bsc#1223574).
- commit 28b403a

- printk: ringbuffer: Improve prb_next_seq() performance
  (bsc#1223574).
- commit 6a93375

- Update
  patches.suse/msft-hv-2942-hv_netvsc-Register-VF-in-netvsc_probe-if-NET_DEVICE_.patch
  (git-fixes CVE-2024-26820 bsc#1223078).
- commit d0bb689

- Update
  patches.suse/nfc-nci-free-rx_data_reassembly-skb-on-NCI-device-cl.patch
  (git-fixes CVE-2024-26825 bsc#1223065).
- commit 4685711

- wifi: wfx: fix memory leak when starting AP (CVE-2024-26896
  bsc#1223042).
- commit f3e25cb

- Update
  patches.suse/scsi-Revert-scsi-fcoe-Fix-potential-deadlock-on-fip-ctlr_lock.patch
  (git-fixes bsc#1219141 CVE-2024-26917 bsc#1223056).
- commit f3895d7

- printk: Use prb_first_seq() as base for 32bit seq macros
  (bsc#1223574).
- commit e3b59e0

- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- commit 6dcabeb

- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- commit c13f8d3

- PM / devfreq: Fix buffer overflow in trans_stat_show
  (CVE-2023-52614 bsc#1221617).
- commit 43b7d5b

- Update
  patches.suse/0002-iommu-vt-d-Don-t-issue-ATS-Invalidation-request-when.patch
  (git-fixes CVE-2024-26891 bsc#1223037).
- commit 7b52ba2

- Update
  patches.suse/drm-amd-display-Fix-memory-leak-in-dm_sw_fini.patch
  (git-fixes CVE-2024-26833 bsc#1223036).
- commit 6c18411

- ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
  (bsc#1223513 CVE-2022-48651).
- commit c96a663

- net: hns3: fix kernel crash when 1588 is received on HIP08
  devices (bsc#1223041 CVE-2024-26881).
- net: ice: Fix potential NULL pointer dereference in
  ice_bridge_setlink() (bsc#1223051 CVE-2024-26855).
- geneve: make sure to pull inner header in geneve_rx()
  (bsc#1223058 CVE-2024-26857).
- ppp_async: limit MRU to 64K (bsc#1222379 CVE-2024-26675).
- commit 61a60e2

- Update
  patches.suse/efi-runtime-Fix-potential-overflow-of-soft-reserved-.patch
  (git-fixes CVE-2024-26843 bsc#1223014).
- commit 3f9577f

- net: usb: ax88179_178a: stop lying about skb->truesize
  (git-fixes).
- commit 416a90a

- Update
  patches.suse/wifi-ath9k-delay-all-of-ath9k_wmi_event_tasklet-unti.patch
  (git-fixes CVE-2024-26897 bsc#1223323).
- commit 938950f

- drm/amd/display: Fix MST Null Ptr for RV (CVE-2021-47200 bsc#1222838)
- commit 3d0cc91

- Update
  patches.suse/wifi-wilc1000-prevent-use-after-free-on-vif-when-cle.patch
  (git-fixes CVE-2024-26895 bsc#1223197).
- commit 73cb93c

- amdkfd: use calloc instead of kzalloc to avoid integer overflow (CVE-2024-26817 bsc#1222812)
- commit 5946a4f

- Update patches.suse/firmware-arm_scmi-Harden-accesses-to-the-reset-domai.patch (git-fixes CVE-2022-48655 bsc#1223477)
- commit 2dabafb

- mm: slub: fix flush_cpu_slab()/__free_slab() invocations in
  task context (CVE-2022-48658 bsc#1223496).
- commit 3480d23

- firmware: arm_scmi: Fix double free in SMC transport cleanup
  path (CVE-2024-26893 bsc#1223196).
- commit 689202d

- nfsd: use __fput_sync() to avoid delayed closing of files
  (bsc#1223380 bsc#1217408).
- commit aa925bb

- Revert "ice: Fix ice VF reset during iavf initialization (jsc#PED-376)." (bsc#1223275)
  This reverts commit b92b60703522e3531f77c5af2f34b4b165007b3a.
  This commit was reverted upstream by commit 0ecff05e6c59dd82dbcb9706db911f7fd9f40fb8
  with note:
  ice_check_vf_ready_for_cfg() already contain waiting for reset.
  New condition in ice_check_vf_ready_for_reset() causing only problems.
- commit 33e8bb2

- Update patches.suse/powerpc-pseries-vas-Hold-mmap_mutex-after-mmap-lock-.patch
  (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- commit 29ca2f7

- livepatch: Fix missing newline character in
  klp_resolve_symbols() (bsc#1223539).
- commit ccf2afb

- blacklist.conf: cosmetic; kind of code documentation
- commit 6c8cbf7

- blacklist.conf: workqueue: prevent false circular dependency by lockdep,
  code churn, primary useful when developing new code, lockdep is
  disabled on production kernels (bsc#1223536)
- commit 6ab7164

- Update
  patches.suse/spi-spi-zynqmp-gqspi-Handle-error-for-dma_set_mask.patch
  (git-fixes CVE-2021-47047 bsc#1220761).
- commit 1f6461d

- crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init
  (CVE-2023-52616 bsc#1221612).
- commit 6fa74bc

- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone
  index (bsc#1222615 CVE-2024-26783).
- commit d2a6383

- mm/vmscan: make sure wakeup_kswapd with managed zone
  (bsc#1223473).
- commit c954567

- x86/boot: Ignore relocations in .notes sections in walk_relocs() too (bsc#1222624 CVE-2024-26816).
- commit 9c9dbbd

- x86, relocs: Ignore relocations in .notes section (bsc#1222624 CVE-2024-26816).
- commit 9bcfc48

- hugetlb, userfaultfd: fix reservation restore on userfaultfd
  error (bsc#1222710 CVE-2021-47214).
- commit 4a75d88

- drm/amdgpu: fix use-after-free bug (CVE-2024-26656 bsc#1222307)
- commit 2c0e8cb

- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
  (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- idma64: Don't try to serve interrupts when device is powered
  off (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions
  (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support
  (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product
  (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650
  (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models
  (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants
  (stable-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume
  (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug
  (stable-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb
  ep transport error (stable-fixes).
- clk: Get runtime PM before walking tree during disable_unused
  (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- arm64: hibernate: Fix level3 translation fault in swsusp_save()
  (git-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with
  ALC269VC (stable-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/amd/display: Do not recursively call manual trigger
  programming (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11
  (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go
  (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support
  (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support
  (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages
  (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB
  (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct
  (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- clk: Print an info line before disabling unused clocks
  (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11
  (stable-fixes).
- clk: remove extra empty line (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- commit 2a4676e

- i40e: Fix VF MAC filter removal (git-fixes).
- commit 03f8d56

- mmc: sdhci-msm: pervent access to suspended controller
  (git-fixes).
- fbdev: fix incorrect address computation in deferred IO
  (git-fixes).
- wifi: nl80211: don't free NULL coalescing rule (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd
  (git-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new
  one (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend
  (git-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports
  (git-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized
  dev->devc (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow
  (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer
  (git-fixes).
- commit eb0d29c

- blacklist.conf: Add 246f80a0b17f8 ("sh: push-switch: Reorder cleanup operations to avoid use-after-free bug")
- commit 701f2ea

- Update
  patches.suse/aoe-fix-the-potential-use-after-free-problem-in-aoec.patch
  (bsc#1218562 CVE-2023-6270 CVE-2024-26898 bsc#1223016).
- commit 5a56f33

- i40e: Do not allow untrusted VF to remove administratively
  set MAC (git-fixes CVE-2024-26830 bsc#1223012).
- commit 67a5cff

- net: ip_tunnel: make sure to pull inner header in
  ip_tunnel_rcv() (git-fixes CVE-2024-26882 bsc#1223034).
- commit 1915836

- PM / devfreq: Synchronize devfreq_monitor_[start/stop]
  (CVE-2023-52635 bsc#1222294).
- commit 6f88f1b

- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369
  ltc#205888).
- powerpc/rtas: define pr_fmt and convert printk call sites
  (bsc#1223369 ltc#205888).
- commit 13f68b5

- Update
  patches.suse/Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_.patch
  (bsc#1219170 CVE-2024-22099 CVE-2024-26903 bsc#1223187).
- commit 1a4ee0a

- Renamepatches before cve/linux-5.14-LTSS
- commit 0b096bb

- PCI: rpaphp: Error out on busy status from get-sensor-state
  (bsc#1223369 ltc#205888).
- commit f9716ef

- bpf: Fix stackmap overflow check on 32-bit arches (bsc#1223035
  CVE-2024-26883).
- bpf: Fix hashtab overflow check on 32-bit arches (bsc#1223189
  CVE-2024-26884).
- bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
  (bsc#1223190 CVE-2024-26885).
- commit c435af8

- Update
  patches.suse/scsi-target-pscsi-Fix-bio_put-for-error-case.patch
  (bsc#1222596 cve-2024-26760), updating CVE number.
- commit 0b78c9a

- powerpc/kasan: Don't instrument non-maskable or raw interrupts
  (bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
  - Refresh patches.suse/powerpc-64s-Fix-unrecoverable-MCE-calling-async-hand.patch
- commit 8a00767

- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt
  (bsc#1221645 ltc#205739 bsc#1223191).
- commit caf6e20

- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood
  (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state
  (git-fixes).
- Revert "usb: cdc-wdm: close race between read and workqueue"
  (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow
  (git-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- commit 28e1f50

- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- commit e92aa40

- blacklist.conf: We don't support FRED
- commit ce7dd35

- clk: Remove prepare_lock hold assertion in __clk_release()
  (git-fixes).
- commit 7812d3f

- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit 236cddf

- drm/panel: visionox-rm69299: don't unregister DSI device
  (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference
  (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- nouveau: fix instmem race condition around ptr stores
  (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations
  more clearly (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- commit d2ecf52

- pmdomain: mediatek: fix race conditions with genpd
  (CVE-2023-52645 bsc#1223033).
- commit 9a65bfe

- spi: spi-fsl-lpspi: remove redundant spi_controller_put call
  (CVE-2024-26866 bsc#1223024).
- commit 1408e84

- spi: lpspi: Avoid potential use-after-free in probe()
  (CVE-2024-26866 bsc#1223024).
- commit 233d8aa

- platform/x86: think-lmi: Fix password opcode ordering for
  workstations (CVE-2024-26836 bsc#1222968).
- platform/x86: think-lmi: Enable opcode support on BIOS settings
  (CVE-2024-26836 bsc#1222968).
- commit 13fd3e3

- net: usb: ax88179_178a: avoid writing the mac address before
  first reading (git-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed()
  (git-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex
  (stable-fixes).
- nouveau: fix function cast warning (git-fixes).
- Revert "drm/qxl: simplify qxl_fence_wait" (git-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316
  (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
  (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure
  (stable-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used
  (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are
  active (git-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input
  (git-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input
  (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input
  (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input
  (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete()
  (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT
  (git-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of
  probe (git-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack
  (stable-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn
  establishes (stable-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset
  (stable-fixes).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- Revert "usb: phy: generic: Get the vbus supply" (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not
  attached (stable-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN
  changes (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode()
  (stable-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2
  (stable-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms
  (stable-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and
  MM0110113M (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product
  (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100
  (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB
  (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic
  (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy
  (stable-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is
  defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible
  (stable-fixes).
- ahci: asm1064: asm1166: don't limit reported ports (git-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for
  "phys" fails (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- media: cec: core: remove length check of Timer Status
  (stable-fixes).
- ALSA: firewire-lib: handle quirk to calculate payload quadlets
  as data block counter (stable-fixes).
- Revert "ACPI: PM: Block ASUS B1400CEAE from suspend to idle
  by default" (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant
  of the Chuwi Vi8 tablet (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle
  (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided
  IDs (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini
  (stable-fixes).
- drm/vc4: don't check if plane->state->fb == state->fb
  (stable-fixes).
- hwmon: (amc6821) add of_match table (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version
  (stable-fixes).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan()
  (stable-fixes).
- pstore/zone: Add a null pointer check to the psz_kmsg_read
  (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags
  (stable-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running
  (stable-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- commit 5f4b68d

- Update
  patches.suse/fbcon-always-restore-the-old-font-data-in-fbcon_do_s.patch
  (git-fixes CVE-2024-26798 bsc#1222798).
- commit 3f5154a

- Update
  patches.suse/0001-fs-hugetlb-fix-NULL-pointer-dereference-in-hugetlbs_.patch
  (bsc#1219264 CVE-2024-0841 CVE-2024-26688 bsc#1222482).
- Update
  patches.suse/btrfs-fix-double-free-of-anonymous-device-after-snap.patch
  (bsc#1219126 CVE-2024-23850 CVE-2024-26792 bsc#1222430).
- Update
  patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
  (CVE-2024-26733 bsc#1222585 CVE-2024-26739 bsc#1222559).
- commit ac0df3e

- Update
  patches.suse/ALSA-gus-fix-null-pointer-dereference-on-pointer-blo.patch
  (git-fixes CVE-2021-47207 bsc#1222790).
- Update
  patches.suse/ALSA-usb-audio-fix-null-pointer-dereference-on-point.patch
  (bsc#1192354 CVE-2021-47211 bsc#1222869).
- Update
  patches.suse/RDMA-core-Set-send-and-receive-CQ-before-forwarding-.patch
  (jsc#SLE-19249 CVE-2021-47196 bsc#1222773).
- Update
  patches.suse/arm64-dts-qcom-msm8998-Fix-CPU-L2-idle-state-latency.patch
  (git-fixes CVE-2021-47187 bsc#1222703).
- Update
  patches.suse/cfg80211-call-cfg80211_stop_ap-when-switch-from-P2P_.patch
  (git-fixes CVE-2021-47194 bsc#1222829).
- Update
  patches.suse/clk-sunxi-ng-Unregister-clocks-resets-when-unbinding.patch
  (git-fixes CVE-2021-47205 bsc#1222888).
- Update
  patches.suse/drm-prime-Fix-use-after-free-in-mmap-with-drm_gem_tt.patch
  (git-fixes CVE-2021-47200 bsc#1222838).
- Update
  patches.suse/i40e-Fix-NULL-ptr-dereference-on-VSI-filter-sync.patch
  (jsc#SLE-18378 CVE-2021-47184 bsc#1222666).
- Update
  patches.suse/iavf-free-q_vectors-before-queues-in-iavf_disable_vf.patch
  (jsc#SLE-18385 CVE-2021-47201 bsc#1222792).
- Update
  patches.suse/msft-hv-2480-x86-hyperv-Fix-NULL-deref-in-set_hv_tscchange_cb-if-.patch
  (git-fixes CVE-2021-47217 bsc#1222836).
- Update
  patches.suse/net-dpaa2-eth-fix-use-after-free-in-dpaa2_eth_remove.patch
  (git-fixes CVE-2021-47204 bsc#1222787).
- Update
  patches.suse/net-mlx5-Update-error-handler-for-UCTX-and-UMEM.patch
  (jsc#SLE-19253 CVE-2021-47212 bsc#1222709).
- Update
  patches.suse/net-mlx5e-CT-Fix-multiple-allocations-and-memleak-of.patch
  (jsc#SLE-19253 CVE-2021-47199 bsc#1222785).
- Update
  patches.suse/net-mlx5e-kTLS-Fix-crash-in-RX-resync-flow.patch
  (jsc#SLE-19253 CVE-2021-47215 bsc#1222704).
- Update
  patches.suse/net-mlx5e-nullify-cq-dbg-pointer-in-mlx5_debug_cq_re.patch
  (jsc#SLE-19253 CVE-2021-47197 bsc#1222776).
- Update
  patches.suse/sched-fair-Prevent-dead-task-groups-from-regaining-cfs_rq-s.patch
  (bsc#1192837 CVE-2021-47209 bsc#1222796).
- Update patches.suse/scsi-advansys-Fix-kernel-pointer-leak.patch
  (git-fixes CVE-2021-47216 bsc#1222876).
- Update
  patches.suse/scsi-core-sysfs-Fix-hang-when-device-state-is-set-via-sysfs
  (git-fixes CVE-2021-47192 bsc#1222867).
- Update
  patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
  (bsc#1190576 CVE-2021-47203 bsc#1222881).
- Update
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
  (bsc#1192145 CVE-2021-47198 bsc#1222883).
- Update
  patches.suse/scsi-pm80xx-Fix-memory-leak-during-rmmod.patch
  (git-fixes CVE-2021-47193 bsc#1222879).
- Update
  patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_readcap16.patch
  (git-fixes CVE-2021-47191 bsc#1222866).
- Update
  patches.suse/scsi-scsi_debug-Fix-out-of-bound-read-in-resp_report_tgtpgs.patch
  (git-fixes CVE-2021-47219 bsc#1222824).
- Update patches.suse/scsi-ufs-core-Improve-SCSI-abort-handling
  (git-fixes CVE-2021-47188 bsc#1222671).
- Update
  patches.suse/selinux-fix-NULL-pointer-dereference-when-hashtab-al.patch
  (git-fixes CVE-2021-47218 bsc#1222791).
- Update
  patches.suse/thermal-Fix-NULL-pointer-dereferences-in-of_thermal_.patch
  (stable-5.14.21 CVE-2021-47202 bsc#1222878).
- Update
  patches.suse/tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_.patch
  (git-fixes CVE-2021-47185 bsc#1222669).
- Update
  patches.suse/usb-host-ohci-tmio-check-return-value-after-calling-.patch
  (git-fixes CVE-2021-47206 bsc#1222894).
- Update
  patches.suse/usb-typec-tipd-Remove-WARN_ON-in-tps6598x_block_read.patch
  (git-fixes CVE-2021-47210 bsc#1222901).
- commit 48b69db

- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982
  (git-fixes).
- Refresh
  patches.suse/coresight-etm-Override-TRCIDR3.CCITMIN-on-errata-affected-cpus.patch.
- commit d93f0f0

- Update
  patches.suse/wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch
  (git-fixes CVE-2024-26779 bsc#1222772).
- commit c8c8675

- wifi: wfx: fix possible NULL pointer dereference in
  wfx_set_mfp_ap() (CVE-2023-52593 bsc#1221042).
- commit 846e85e

- iommu/mediatek: Flush IOTLB completely only if domain has
  been attached (git-fixes).
- commit 623c929

- media: rkisp1: Fix IRQ disable race issue (CVE-2023-52589
  bsc#1221084).
- commit e4627b0

- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- commit b3bdbef

- Update patch reference of iio fix (CVE-2024-26702 bsc#1222424)
- commit 9b2027c

- iommu/amd: Don't block updates to GATag if guest mode is on
  (git-fixes).
- commit 9ffdfc7

- iommu/rockchip: Fix unwind goto issue (git-fixes).
- commit c8c9239

- wifi: iwlwifi: fix a memory corruption (CVE-2024-26610
  bsc#1221299).
- commit e7967c5

- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- commit 6d1aa27

- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c
  (git-fixes).
- commit 452d862

- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if  any
  (git-fixes).
- commit 161366f

- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- commit b3ada40

- xen/events: close evtchn after mapping cleanup (CVE-2024-26687,
  bsc#1222435).
- commit eb41ab9

- xen/xenbus: document will_handle argument for
  xenbus_watch_path() (git-fixes).
- commit c749895

- blacklist.conf: Append 'drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()''
- commit f765ec7

- Update patches.suse/arp-Prevent-overflow-in-arp_req_get.patch
- fix build warning
- commit b98055d

- blacklist.conf: Append 'drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()''
- commit 182dade

- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- libceph: init the cursor when preparing sparse read in msgr2
  (bsc#1222247 CVE-2023-52636).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap
  (bsc#1223067).
- libceph: just wait for more data to be available on the socket
  (bsc#1222247 CVE-2023-52636).
- libceph: rename read_sparse_msg_*() to
  read_partial_sparse_msg_*() (bsc#1222247 CVE-2023-52636).
- commit c683288

- serial: sc16is7xx: convert from _raw_ to _noinc_ regmap
  functions for FIFO (bsc#1221162 CVE-2023-52488).
- commit 0ac4803

- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- commit aa65491
less
- Fix CVE-2024-32487, mishandling of \n character in paths when
  LESSOPEN is set leads to OS command execution
  (CVE-2024-32487, bsc#1222849)
  * CVE-2024-32487.patch
util-linux
- lscpu: Add more ARM cores (bsc#1223605,
  util-linux-lscpu-add-more-ARM-cores-1.patch,
  util-linux-lscpu-add-more-ARM-cores-2.patch,
  util-linux-lscpu-add-more-ARM-cores-3.patch,
  util-linux-lscpu-add-more-ARM-cores-4.patch,
  util-linux-lscpu-add-more-ARM-cores-5.patch,
  util-linux-lscpu-add-more-ARM-cores-6.patch).

- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
  util-linux-chcpu-document-zVM-limitations.patch).

- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
  + util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
glib2
- Add patches to fix CVE-2024-34397 (boo#1224044):
  glib2-CVE-2024-34397.patch (glgo#GNOME/glib#3268).
  glib2-fix-ibus-regression.patch (glgo#GNOME/glib#3353)
openssl-1_1
- Security fix: [bsc#1222548, CVE-2024-2511]
  * Fix unconstrained session cache growth in TLSv1.3
  * Add openssl-CVE-2024-2511.patch
tpm2-0-tss
- add 0001-FAPI-Fix-check-of-magic-number-in-verify-quote.patch: fixes
  CVE-2024-29040 (bsc#1223690): Missing verification of the magic number in
  Fapi_VerifyQuote(), which might allow an attacker to generate arbitrary
  quote data, which would not be detected by Fapi_VerifyQuote().
perl
- fix space calculation issues in pp_pack.c [bnc#1082216]
  [CVE-2018-6913]
  * new patch: perl-pack-overflow.diff
- fix heap buffer overflow in regexec.c [bnc#1082233]
  [CVE-2018-6798]
  new patch: perl-regexec-heap-overflow.diff
- make Net::FTP work with TLS 1.3 [bnc#1213638]
  new patch: perl-net-ftp-tls13.diff
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
000release-packages:SLES-release
n/a
suseconnect-ng
- Update to version 1.9.0
  * Fix certificate import for Yast when using a registration proxy with
    self-signed SSL certificate (bsc#1223107)
systemd-presets-branding-SLE
- Enable sysctl-logger (jsc#PED-5024)
tpm2.0-tools
- Add 0001-tpm2_checkquote-Fix-check-of-magic-number.patch: tpm2_checkquote
  did not check whether the magic number in the attest is equal to
  TPM2_GENERATED_VALUE, which might allow a malicious actor to generate
  arbitrary quote data, undetected by tpm2_checkquote (bsc#1223687, CVE-2024-29038).
- Add 0001-tpm2_checkquote-Add-comparison-of-pcr-selection.patch:
  tpm2_checkquote did not compare the --pcr parameter passed to the tool with
  the attest. A malicious actor might thus be able to fake a valid
  attestation (bsc#1223689, CVE-2024-29039).
util-linux-systemd
- lscpu: Add more ARM cores (bsc#1223605,
  util-linux-lscpu-add-more-ARM-cores-1.patch,
  util-linux-lscpu-add-more-ARM-cores-2.patch,
  util-linux-lscpu-add-more-ARM-cores-3.patch,
  util-linux-lscpu-add-more-ARM-cores-4.patch,
  util-linux-lscpu-add-more-ARM-cores-5.patch,
  util-linux-lscpu-add-more-ARM-cores-6.patch).

- Document that chcpu -g is not supported on IBM z/VM (bsc#1218609,
  util-linux-chcpu-document-zVM-limitations.patch).

- bsc#1220117: Processes not cleaned up after failed SSH session are using up 100% CPU
  + util-linux-more-exit-if-POLLERR-and-POLLHUP-on-stdin-is-received.patch
wicked
- client: fix ifreload to pull UP ports/links again when the config
  of their master/lower changed (bsc#1224100,gh#openSUSE/wicked#1014).
  [+ 0001-ifreload-pull-UP-again-on-master-lower-changes-bsc1224100.patch]

- Update to version 0.6.75:
  - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings
  - cleanup: fix overflow warnings in a socket testcase on i586
  - ifcheck: report new and deleted configs as changed (bsc#1218926)
  - man: improve ARP configuration options in the wicked-config.5
  - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108)
  - cleanup: fix interface dependencies and shutdown order (bsc#1205604)
  - Remove port arrays from bond,team,bridge,ovs-bridge (redundant)
    and consistently use config and state info attached to the port
    interface as in rtnetlink(7).
  - Cleanup ifcfg parsing, schema configuration and service properties
  - Migrate ports in xml config and policies already applied in nanny
  - Remove "missed config" generation from finite state machine, which
    is completed while parsing the config or while xml config migration.
  - Issue a warning when "lower" interface (e.g. eth0) config is missed
    while parsing config depending on it (e.g. eth0.42 vlan).
  - Resolve ovs master to the effective bridge in config and wickedd
  - Implement netif-check-state require checks using system relations
    from wickedd/kernel instead of config relations for ifdown and add
    linkDown and deleteDevice checks to all master and lower references.
  - Add a `wicked <ifup|ifdown|ifreload> --dry-run …` option to show the
    system/config interface hierarchies as notice with +/- marked
    interfaces to setup and/or shutdown.
- Removed patches included in the source archive:
  [- 0001-addrconf-fix-fallback-lease-drop-bsc-1220996.patch]
  [- 0002-extensions-nbft-replace-nvme-show-nbft-with-nvme-nbf.patch]
  [- 0003-move-all-attribute-definitions-to-compiler-h.patch]
  [- 0004-hide-secrets-in-debug-log-bsc-1221194.patch]
  [- 0005-client-do-to-not-convert-sec-to-msec-twice-bsc-1222105.patch]