avahi
- Update avahi-daemon-check-dns.sh from Debian. Our previous
  version relied on ifconfig, route, and init.d.
- Rebase avahi-daemon-check-dns-suse.patch, and drop privileges
  when invoking avahi-daemon-check-dns.sh (boo#1180827
  CVE-2021-26720).
- Add sudo to requires: used to drop privileges.
bind
- dnssec-keygen can no longer generate HMAC keys.
  Use tsig-keygen instead.
  modified genDDNSkey script to reflect this.
  [vendor-files/tools/bind.genDDNSkey, bsc#1180933]
- CVE-2020-8625: A vulnerability in BIND's GSSAPI security policy
  negotiation can be targeted by a buffer overflow attack
  [bsc#1182246, CVE-2020-8625, bind-CVE-2020-8625.patch]
gcc7
- Remove include-fixed/pthread.h
- Change GCC exception licenses to SPDX format
- add gcc7-pr81942.patch [bsc#1181618]
glibc
- euc-kr-overrun.patch: Fix buffer overrun in EUC-KR conversion module
  (CVE-2019-25013, bsc#1182117, BZ #24973)
- gconv-assertion-iso-2022-jp.patch: gconv: Fix assertion failure in
  ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256)
- iconv-redundant-shift.patch: iconv: Accept redundant shift sequences in
  IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224)
- iconv-ucs4-loop-bounds.patch: iconv: Fix incorrect UCS4 inner loop
  bounds (CVE-2020-29562, bsc#1179694, BZ #26923)
- printf-long-double-non-normal.patch: x86: Harden printf against
  non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649)
- get-nprocs-cpu-online-parsing.patch: Fix parsing of
  /sys/devices/system/cpu/online (bsc#1180038, BZ #25859)
grub2
- VUL-0: grub2,shim: implement new SBAT method (bsc#1182057)
  * 0028-util-mkimage-Remove-unused-code-to-add-BSS-section.patch
  * 0029-util-mkimage-Use-grub_host_to_target32-instead-of-gr.patch
  * 0030-util-mkimage-Always-use-grub_host_to_target32-to-ini.patch
  * 0031-util-mkimage-Unify-more-of-the-PE32-and-PE32-header-.patch
  * 0032-util-mkimage-Reorder-PE-optional-header-fields-set-u.patch
  * 0033-util-mkimage-Improve-data_size-value-calculation.patch
  * 0034-util-mkimage-Refactor-section-setup-to-use-a-helper.patch
  * 0035-util-mkimage-Add-an-option-to-import-SBAT-metadata-i.patch
  * 0036-grub-install-common-Add-sbat-option.patch
- Fix CVE-2021-20225 (bsc#1182262)
  * 0019-lib-arg-Block-repeated-short-options-that-require-an.patch
- Fix CVE-2020-27749 (bsc#1179264)
  * 0021-kern-parser-Fix-resource-leak-if-argc-0.patch
  * 0022-kern-parser-Fix-a-memory-leak.patch
  * 0023-kern-parser-Introduce-process_char-helper.patch
  * 0024-kern-parser-Introduce-terminate_arg-helper.patch
  * 0025-kern-parser-Refactor-grub_parser_split_cmdline-clean.patch
  * 0026-kern-buffer-Add-variable-sized-heap-buffer.patch
  * 0027-kern-parser-Fix-a-stack-buffer-overflow.patch
- Fix CVE-2021-20233 (bsc#1182263)
  * 0020-commands-menuentry-Fix-quoting-in-setparams_prefix.patch
- Fix CVE-2020-25647 (bsc#1177883)
  * 0018-usb-Avoid-possible-out-of-bound-accesses-caused-by-m.patch
- Fix CVE-2020-25632 (bsc#1176711)
  * 0017-dl-Only-allow-unloading-modules-that-are-not-depende.patch
- Fix CVE-2020-27779, CVE-2020-14372 (bsc#1179265) (bsc#1175970)
  * 0001-mkimage-Clarify-file-alignment-in-efi-case.patch
  * 0002-efi-Make-shim_lock-GUID-and-protocol-type-public.patch
  * 0003-efi-Return-grub_efi_status_t-from-grub_efi_get_varia.patch
  * 0004-efi-Add-a-function-to-read-EFI-variables-with-attrib.patch
  * 0005-efi-Add-secure-boot-detection.patch
  * 0006-kern-Add-lockdown-support.patch
  * 0007-kern-lockdown-Set-a-variable-if-the-GRUB-is-locked-d.patch
  * 0008-efi-Lockdown-the-GRUB-when-the-UEFI-Secure-Boot-is-e.patch
  * 0009-efi-Use-grub_is_lockdown-instead-of-hardcoding-a-dis.patch
  * 0010-acpi-Don-t-register-the-acpi-command-when-locked-dow.patch
  * 0011-mmap-Don-t-register-cutmem-and-badram-commands-when-.patch
  * 0012-commands-Restrict-commands-that-can-load-BIOS-or-DT-.patch
  * 0013-commands-setpci-Restrict-setpci-command-when-locked-.patch
  * 0014-commands-hdparm-Restrict-hdparm-command-when-locked-.patch
  * 0015-gdb-Restrict-GDB-access-when-locked-down.patch
  * 0016-loader-xnu-Don-t-allow-loading-extension-and-package.patch
  * 0037-squash-Add-secureboot-support-on-efi-chainloader.patch
  * 0038-squash-grub2-efi-chainload-harder.patch
  * 0039-squash-Don-t-allow-insmod-when-secure-boot-is-enable.patch
  * 0040-squash-linuxefi-fail-kernel-validation-without-shim-.patch
  * 0041-squash-kern-Add-lockdown-support.patch
- Add SBAT metadata section to grub.efi
  * grub2.spec
hwdata
- Add merge-pciids.pl to fully duplicate behavior of pciutils-ids
  * Resolves SLE issue bsc#1180422 bsc#1180482
- Update to version 0.343:
  + Updated pci, usb and vendor ids.
- Update to version 0.342:
  + Updated pci, usb and vendor ids.
- Update to version 0.341:
  + Updated pci, usb and vendor ids.
- Update to version 0.340:
  + Updated pci, usb and vendor ids.
- Update to version 0.339:
  + Updated pci, usb and vendor ids.
- Update to version 0.338:
  + Updated pci, usb and vendor ids.
- Update to version 0.337:
  + Updated pci, usb and vendor ids.
- Update to version 0.336:
  + Updated pci, usb and vendor ids.
- Update to version 0.335:
  * Updated pci, usb and vendor ids.
kernel-default
- SLE15-SP1 went to LTSS, hand over to L3
- commit 547a203
- dm: avoid filesystem lookup in dm_get_dev_t() (bsc#1178049).
- commit 9a1258d
- kernfs: deal with kernfs_fill_super() failures (bsc#1181809).
- commit 2955da8
- Fix the inconsistent kfree() call at rawmidi (CVE-2020-27786 bsc#1179601
  Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit b3ad1de
- scsi: qla2xxx: Fix description for parameter
  ql2xenforce_iocb_limit (bsc#1179142).
- commit 547d89c
- Fix a bug in rawmidi UAF fix patch (bsc#1179601, CVE-2020-27786)
  Refresh patches.suse/ALSA-rawmidi-Fix-racy-buffer-resize-under-concurrent.patch
- commit ce80dfa
- kABI: Fix kABI for extended APIC-ID support (bsc#1181260,
  jsc#ECO-3191).
- x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260,
  jsc#ECO-3191).
- x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where
  available (bsc#1181260, jsc#ECO-3191).
- x86/ioapic: Handle Extended Destination ID field in RTE
  (bsc#1181260, jsc#ECO-3191).
- x86/msi: Only use high bits of MSI address for DMAR unit
  (bsc#1181260, jsc#ECO-3191).
- x86/apic: Fix x2apic enablement without interrupt remapping
  (bsc#1181260, jsc#ECO-3191).
- x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181260,
  jsc#ECO-3191).
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is
  not built (bsc#1181260, jsc#ECO-3191).
- iommu/vt-d: Gracefully handle DMAR units with no supported
  address widths (bsc#1181260, jsc#ECO-3191).
- commit bd17758
- nbd: freeze the queue while we're adding connections
  (bsc#1181504 CVE-2021-3348).
- nbd: Fix memory leak in nbd_add_socket (bsc#1181504).
- commit 447797a
- Move futex fixes into the sorted section (bsc#1181349 CVE-2021-3347)
- commit c34c9df
- drm/i915: Check for all subplatform bits (git-fixes).
- can: dev: prevent potential information leak in can_fill_info()
  (git-fixes).
- xhci: tegra: Delay for disabling LFPS detector (git-fixes).
- xhci: make sure TRB is fully written before giving it to the
  controller (git-fixes).
- USB: ehci: fix an interrupt calltrace error (git-fixes).
- ehci: fix EHCI host controller initialization sequence
  (git-fixes).
- ALSA: seq: oss: Fix missing error check in
  snd_seq_oss_synth_make_info() (git-fixes).
- ALSA: hda/via: Add minimum mute flag (git-fixes).
- can: vxcan: vxcan_xmit: fix use after free bug (git-fixes).
- drm/nouveau/i2c/gm200: increase width of aux semaphore owner
  fields (git-fixes).
- drm/nouveau/privring: ack interrupts the same way as RM
  (git-fixes).
- drm/nouveau/bios: fix issue shadowing expansion ROMs
  (git-fixes).
- ALSA: doc: Fix reference to mixart.rst (git-fixes).
- ASoC: Intel: haswell: Add missing pm_ops (git-fixes).
- can: c_can: c_can_power_up(): fix error handling (git-fixes).
- commit 6556b1a
- Update patch References tags for futex fixes (bsc#1181349 CVE-2021-3347)
- commit afd051d
- Refresh patches.suse/futex-Handle-transient-ownerless-rtmutex-state-corre.patch
  As of patches.suse/0001-locking-futex-Allow-low-level-atomic-operations-to-r.patch
  we need to update the patch such that we set EAGAIN and avoid a warn (albeit benign).
- commit 96704b7
- s390/qeth: fix L2 header access in qeth_l3_osa_features_check()
  (git-fixes).
- s390/qeth: fix locking for discipline setup / removal
  (git-fixes).
- s390/qeth: fix deadlock during recovery (git-fixes).
- s390/qeth: delay draining the TX buffers (git-fixes).
- commit eca39ca
- s390/cio: fix use-after-free in ccw_device_destroy_console
  (git-fixes).
- commit 2bcefd5
- net/smc: fix sleep bug in smc_pnet_find_roce_resource()
  (git-fixes).
- Refresh
  patches.suse/net-smc-switch-smcd_dev_list-spinlock-to-mutex.
- commit b63038e
- net/smc: cancel event worker during device removal (git-fixes).
- net/smc: check for valid ib_client_data (git-fixes).
- net/smc: receive pending data after RCV_SHUTDOWN (git-fixes).
- net/smc: receive returns without data (git-fixes).
- commit 4050493
- Refresh patches.suse/4.4.136-002-powerpc-64s-Clear-PCR-on-boot.patch
  Also clear PCR on POWER9 and in dt_cpu_ftrs.
- commit 6cd712e
- net/mlx5: Fix memory leak on flow table creation error flow
  (bsc#1046305 FATE#322943).
- igc: fix link speed advertising (jsc#SLE-4799).
- commit 37cbcd7
- Refresh
  patches.suse/0013-net-liquidio-Delete-non-working-LIQUIDIO_PACKAGE-che.patch.
- Delete
  patches.suse/0012-net-liquidio-Delete-driver-version-assignment.patch.
  As we don't have upstream commit 6a7e25c7fb48 ("/net/core: Replace driver
  version to be kernel version"/) in our trees, removing driver version
  assignments is wrong. Therefore removed commit and adapted fixes backport.
- commit 226c353
- futex: Fix incorrect should_fail_futex() handling (bsc#1181349).
- commit 0ba69a9
- futex: Handle faults correctly for PI futexes (bsc#1181349
  bsc#1149032).
- futex: Simplify fixup_pi_state_owner() (bsc#1181349
  bsc#1149032).
- futex: Use pi_state_update_owner() in put_pi_state()
  (bsc#1181349 bsc#1149032).
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock()
  (bsc#1181349 bsc#1149032).
- futex: Provide and use pi_state_update_owner() (bsc#1181349
  bsc#1149032).
- futex: Replace pointless printk in fixup_owner() (bsc#1181349
  bsc#1149032).
- futex: Ensure the correct return value from futex_lock_pi()
  (bsc#1181349 bsc#1149032).
- futex: Don't enable IRQs unconditionally in put_pi_state()
  (bsc#1149032).
- locking/futex: Allow low-level atomic operations to return
  - EAGAIN (bsc#1149032).
- commit 058c695
- x86/hyperv: Fix kexec panic/hang issues (bsc#1176831).
- commit 786eb3d
- cxgb4: fix the panic caused by non smac rewrite (bsc#1064802
  bsc#1066129).
- commit b5006a4
- net: dsa: b53: b53_arl_rw_op() needs to select IVL or SVL (git-fixes).
- commit 3aea956
- net: dsa: b53: Lookup VID in ARL searches when VLAN is enabled (git-fixes). - Refresh patches.suse/net-dsa-b53-Rework-ARL-bin-logic.patch.
- commit a432764
- net/liquidio: Delete non-working LIQUIDIO_PACKAGE check
  (git-fixes).
- commit 61efd0a
- net/liquidio: Delete driver version assignment (git-fixes).
- commit 8fe74e2
- net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).
- commit c6bce34
- net: atlantic: fix potential error handling (git-fixes).
- commit dbd80e5
- net: atlantic: fix use after free kasan warn (git-fixes).
- commit 038a344
- net: smc911x: Adjust indentation in smc911x_phy_configure
  (git-fixes).
- commit d99da08
- net: tulip: Adjust indentation in {dmfe, uli526x}_init_module
  (git-fixes).
- commit a3ef2cc
- net/sonic: Add mutual exclusion for accessing shared state
  (git-fixes).
- commit 3796c70
- mlxsw: switchx2: Do not modify cloned SKBs during xmit
  (git-fixes).
- commit 1f71af0
- mlxsw: spectrum: Do not modify cloned SKBs during xmit
  (git-fixes).
- commit 606b6bb
- net: freescale: fec: Fix ethtool -d runtime PM (git-fixes).
- commit bd3b5d1
- RDMA/mlx5: Fix wrong free of blue flame register on error
  (bsc#1103991 FATE#326007).
- bnxt_en: Improve stats context resource accounting with RDMA
  driver loaded (bsc#1104745 FATE#325918).
- net/mlx5e: Fix two double free cases (bsc#1046305 FATE#322943).
- chtls: Fix chtls resources release sequence (bsc#1104270
  FATE#325931).
- chtls: Added a check to avoid NULL pointer dereference
  (bsc#1104270 FATE#325931).
- chtls: Replace skb_dequeue with skb_peek (bsc#1104270
  FATE#325931).
- chtls: Remove invalid set_tcb call (bsc#1104270 FATE#325931).
- chtls: Fix hardware tid leak (bsc#1104270 FATE#325931).
- net: hns3: fix the number of queues actually used by ARQ
  (bsc#1104353 FATE#326415).
- net: mvpp2: fix pkt coalescing int-threshold configuration
  (bsc#1098633).
- tun: fix return value when the number of iovs exceeds
  MAX_SKB_FRAGS (bsc#1109837).
- net: mvpp2: Fix GoP port 3 Networking Complex Control
  configurations (bsc#1098633).
- RDMA/cma: Don't overwrite sgid_attr after device is released
  (bsc#1103992 FATE#326009).
- ixgbe: avoid premature Rx buffer reuse (bsc#1109837
  FATE#326322).
- i40e: avoid premature Rx buffer reuse (bsc#1111981 FATE#326312
  FATE#326313).
- net: mvpp2: Fix error return code in mvpp2_open() (bsc#1119113
  FATE#326472).
- chelsio/chtls: fix a double free in chtls_setkey() (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix panic during unload reload chtls (bsc#1104270
  FATE#325931).
- bnxt_en: fix error return code in bnxt_init_one() (bsc#1050242
  FATE#322914).
- RDMA/hns: Bugfix for memory window mtpt configuration
  (bsc#1104427 FATE#326416).
- net/mlx5: Add handling of port type in rule deletion
  (bsc#1103991 FATE#326007).
- chelsio/chtls: fix always leaking ctrl_skb (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix memory leaks caused by a race (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix memory leaks in CPL handlers (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix deadlock issue (bsc#1104270 FATE#325931).
- cxgb4: set up filter action after rewrites (bsc#1064802
  bsc#1066129).
- chelsio/chtls: fix tls record info to user (bsc#1104270
  FATE#325931).
- net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN
  tunnels (bsc#1109837).
- chelsio/chtls: correct function return and return type
  (bsc#1104270 FATE#325931).
- chelsio/chtls: correct netdevice for vlan interface (bsc#1104270
  FATE#325931).
- chelsio/chtls: fix socket lock (bsc#1104270 FATE#325931).
- RDMA/addr: Fix race with netevent_callback()/rdma_addr_cancel()
  (bsc#1103992 FATE#326009).
- RDMA/hns: Fix missing sq_sig_type when querying QP (bsc#1104427
  FATE#326416).
- commit ddb281e
- blacklist.conf: add NFS patches which hurt kabi
- commit f3c5ae2
- nfsd4: readdirplus shouldn't return parent of export
  (git-fixes).
- commit 94a53d9
- net: hns3: fix a wrong reset interrupt status mask (git-fixes).
- commit f402199
- bnxt_en: return proper error codes in bnxt_show_temp
  (bsc#1104745 FATE#325918).
- cxgb4: fix all-mask IP address comparison (bsc#1064802
  bsc#1066129).
- IB/mlx5: Fix DEVX support for MLX5_CMD_OP_INIT2INIT_QP command
  (bsc#1103991 FATE#326007).
- RDMA/core: Ensure security pkey modify is not lost (bsc#1046306
  FATE#322942).
- RDMA/core: Fix pkey and port assignment in get_new_pps
  (bsc#1046306 FATE#322942).
- RDMA/core: Fix use of logical OR in get_new_pps (bsc#1046306
  FATE#322942).
- commit fb4b60c
- net: hns3: add compatible handling for command
  HCLGE_OPC_PF_RST_DONE (git-fixes).
- net: hns3: check reset interrupt status when reset fails
  (git-fixes).
- commit 3bdc4a9
- net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups
  (git-fixes).
- net/mlx4_en: Avoid scheduling restart task if it is already
  running (git-fixes).
- cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).
- net: ena: set initial DMA width to avoid intel iommu issue
  (git-fixes).
- i40e: Fix removing driver while bare-metal VFs pass traffic
  (git-fixes).
- bnxt_en: Release PCI regions when DMA mask setup fails during
  probe (git-fixes).
- bnxt_en: fix error return code in bnxt_init_board() (git-fixes).
- bnxt_en: read EEPROM A2h address using page 0 (git-fixes).
- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish()
  (git-fixes).
- RDMA/qedr: Fix inline size returned for iWARP (bsc#1050545
  FATE#322893).
- net: ethernet: mlx4: Avoid assigning a value to ring_cons but
  not used it anymore in mlx4_en_xmit() (git-fixes).
- net: team: fix memory leak in __team_options_register
  (git-fixes).
- net/mlx5e: Fix VLAN create flow (git-fixes).
- net/mlx5e: Fix VLAN cleanup flow (git-fixes).
- team: set dev->needed_headroom in team_setup_by_port()
  (git-fixes).
- bonding: set dev->needed_headroom in bond_setup_by_slave()
  (git-fixes).
- RDMA/core: Fix reported speed and width (bsc#1046306
  FATE#322942).
- RDMA/bnxt_re: Do not report transparent vlan from QP1
  (bsc#1104742 FATE#325917).
- cxgb4: fix thermal zone device registration (bsc#1104279
  FATE#325938 bsc#1104277 FATE#325936).
- bnxt_en: fix HWRM error when querying VF temperature
  (bsc#1104745 FATE#325918).
- bnxt_en: Don't query FW when netif_running() is false
  (bsc#1086282 FATE#324873).
- RDMA/bnxt_re: Do not add user qps to flushlist (bsc#1050244
  FATE#322915).
- RDMA/core: Fix return error value in _ib_modify_qp() to negative
  (bsc#1103992 FATE#326009).
- RDMA/mlx5: Fix typo in enum name (bsc#1103991 FATE#326007).
- net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq
  (bsc#1103990 FATE#326006).
- net: hns3: fix a TX timeout issue (bsc#1104353 FATE#326415).
- net: hns3: fix error handling for desc filling (bsc#1104353
  FATE#326415).
- net: hns3: fix for not calculating TX BD send size correctly
  (bsc#1126390).
- mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
  (bsc#1112374).
- net: hns3: fix use-after-free when doing self test (bsc#1104353
  FATE#326415).
- net: hns3: add a missing uninit debugfs when unload driver
  (bsc#1104353 FATE#326415).
- cxgb4: move DCB version extern to header file (bsc#1104279
  FATE#325938).
- cxgb4: remove cast when saving IPv4 partial checksum
  (bsc#1074220).
- cxgb4: fix SGE queue dump destination buffer context
  (bsc#1073513).
- cxgb4: use correct type for all-mask IP address comparison
  (bsc#1064802 bsc#1066129).
- cxgb4: use unaligned conversion for fetching timestamp
  (bsc#1046540 bsc#1046648).
- xdp: Fix xsk_generic_xmit errno (bsc#1109837).
- net/filter: Permit reading NET in load_bytes_relative when
  MAC not set (bsc#1109837).
- RDMA/mlx5: Add init2init as a modify command (bsc#1103991
  FATE#326007).
- RDMA/hns: Fix cmdq parameter of querying pf timer resource
  (bsc#1104427 FATE#326416 bsc#1126206).
- net_failover: fixed rollback in net_failover_open()
  (bsc#1109837).
- igb: Report speed and duplex as unknown when device is runtime
  suspended (git-fixes).
- net/mlx5e: IPoIB, Drop multicast packets that this interface
  sent (bsc#1075020).
- ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K
  (bsc#1109837 FATE#326322).
- veth: Adjust hard_start offset on redirect XDP frames
  (bsc#1109837).
- Revert "/crypto: chelsio - Inline single pdu only"/ (git-fixes).
- bnxt_en: Fix accumulation of bp->net_stats_prev (bsc#1104745
  FATE#325918).
- mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set
  in case reload fails (bsc#1112374).
- __netif_receive_skb_core: pass skb by reference (bsc#1109837).
- RDMA/iw_cxgb4: Fix incorrect function parameters (bsc#1136348
  jsc#SLE-4684).
- cpumap: Avoid warning when CONFIG_DEBUG_PER_CPU_MAPS is enabled
  (bsc#1109837).
- cxgb4: fix adapter crash due to wrong MC size (bsc#1073513).
- cxgb4: fix large delays in PTP synchronization (bsc#1046540
  bsc#1046648).
- qed: Fix use after free in qed_chain_free (bsc#1050536
  FATE#322898 bsc#1050538 FATE#322897).
- qed: Fix race condition between scheduling and destroying
  the slowpath workqueue (bsc#1086314 FATE#324886 bsc#1086313
  FATE#324885 bsc#1086301 FATE#3248881).
- virtio_net: Keep vnet header zeroed if XDP is loaded for small
  buffer (git-fixes).
- net: cbs: Fix software cbs to consider packet sending time
  (bsc#1109837).
- bnxt_en: Reset rings if ring reservation fails during open()
  (bsc#1086282 FATE#324873).
- cxgb4: fix throughput drop during Tx backpressure (bsc#1127354
  bsc#1127371).
- RDMA/core: Fix protection fault in get_pkey_idx_qp_list
  (bsc#1046306 FATE#322942).
- RDMA/iw_cxgb4: initiate CLOSE when entering TERM (bsc#1136348
  jsc#SLE-4684).
- net: hns3: add management table after IMP reset (bsc#1104353
  FATE#326415).
- drivers: net: xgene: Fix the order of the arguments of
  'alloc_etherdev_mqs()' (git-fixes).
- cxgb4/cxgb4vf: fix flow control display for auto negotiation
  (bsc#1046540 FATE#322930 bsc#1046542 FATE#322928).
- net: hns3: reallocate SSU' buffer size when pfc_en changes
  (bsc#1104353 FATE#326415).
- net/mlx5e: TX, Fix consumer index of error cqe dump (bsc#1103990
  FATE#326006).
- net: hns3: fix mis-counting IRQ vector numbers issue
  (bsc#1104353 FATE#326415).
- RDMA/hns: bugfix for slab-out-of-bounds when loading hip08
  driver (bsc#1104427 FATE#326416).
- RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08
  driver (bsc#1104427 FATE#326416).
- net_sched: let qdisc_put() accept NULL pointer (bsc#1056657
  FATE#322189 bsc#1056653 FATE#322190 bsc#1056787).
- net: hns3: fix shaper parameter algorithm (bsc#1104353
  FATE#326415).
- net: hns3: fix error VF index when setting VLAN offload
  (bsc#1104353 FATE#326415).
- net: hns3: fix interrupt clearing error for VF (bsc#1104353
  FATE#326415).
- net: hns3: clear reset interrupt status in hclge_irq_handle()
  (git-fixes).
- nfp: validate the return code from dev_queue_xmit() (git-fixes).
- vhost/vsock: fix vhost vsock cid hashing inconsistent
  (git-fixes).
- commit b766aed
- scsi: ibmvfc: Set default timeout to avoid crash during
  migration (bsc#1181425 ltc#188252).
- commit 195b2a9
- blacklist.conf: add c8d647a326f0 xen/pvcallsback: use lateeoi irq binding
- commit 308c42d
- scsi: lpfc: Simplify bool comparison (bsc#1180891).
- scsi: lpfc: Update lpfc version to 12.8.0.7 (bsc#1180891).
- scsi: lpfc: Enhancements to LOG_TRACE_EVENT for better
  readability (bsc#1180891).
- scsi: lpfc: Implement health checking when aborting I/O
  (bsc#1180891).
- scsi: lpfc: Fix vport create logging (bsc#1180891).
- scsi: lpfc: Fix NVMe recovery after mailbox timeout
  (bsc#1180891).
- scsi: lpfc: Fix target reset failing (bsc#1180891).
- scsi: lpfc: Fix error log messages being logged following SCSI
  task mgnt (bsc#1180891).
- scsi: lpfc: Prevent duplicate requests to unregister with
  cpuhp framework (bsc#1180891).
- scsi: lpfc: Fix FW reset action if I/Os are outstanding
  (bsc#1180891).
- scsi: lpfc: Use the nvme-fc transport supplied timeout for LS
  requests (bsc#1180891).
- scsi: lpfc: Fix crash when a fabric node is released prematurely
  (bsc#1180891).
- scsi: lpfc: Refresh ndlp when a new PRLI is received in the
  PRLI issue state (bsc#1180891).
- scsi: lpfc: Fix auto sli_mode and its effect on CONFIG_PORT
  for SLI3 (bsc#1180891).
- scsi: lpfc: Fix PLOGI S_ID of 0 on pt2pt config (bsc#1180891).
- commit 88024a9
- vfio iommu: Add dma available capability (bsc#1179573
  LTC#190106).
- commit c234a3f
- iio: ad5504: Fix setting power-down state (git-fixes).
- serial: mvebu-uart: fix tx lost characters at power off
  (git-fixes).
- usb: udc: core: Use lock when write to soft_connect (git-fixes).
- i2c: octeon: check correct size of maximum RECV_LEN packet
  (git-fixes).
- mmc: sdhci-xenon: fix 1.8v regulator stabilization (git-fixes).
- drm/atomic: put state on error path (git-fixes).
- ACPI: scan: Make acpi_bus_get_device() clear return pointer
  on error (git-fixes).
- spi: cadence: cache reference clock rate during probe
  (git-fixes).
- ACPI: scan: Harden acpi_device_add() against device ID overflows
  (git-fixes).
- r8152: Add Lenovo Powered USB-C Travel Hub (git-fixes).
- ALSA: firewire-tascam: Fix integer overflow in midi_port_work()
  (git-fixes).
- ALSA: fireface: Fix integer overflow in transmit_midi_msg()
  (git-fixes).
- ASoC: dapm: remove widget from dirty list on free (git-fixes).
- ACPI: scan: add stub acpi_create_platform_device() for
  !CONFIG_ACPI (git-fixes).
- misdn: dsp: select CONFIG_BITREVERSE (git-fixes).
- commit 4e17252
- blacklist.conf: add CONFIG_PROC_FS=n fix
- commit d506362
- net: vlan: avoid leaks on register_vlan_dev() failures
  (git-fixes).
- commit 588ae15
- s390/dasd: fix list corruption of lcu list (bsc#1181170
  LTC#190915).
- s390/dasd: fix list corruption of pavgroup group list
  (bsc#1181170 LTC#190915).
- s390/dasd: prevent inconsistent LCU device data (bsc#1181170
  LTC#190915).
- commit e73b11c
- s390/smp: perform initial CPU reset also for SMT siblings
  (git-fixes).
- commit 9853cb5
- net/af_iucv: set correct sk_protocol for child sockets
  (git-fixes).
- net/af_iucv: always register net_device notifier (git-fixes).
- commit aebe99b
- net/af_iucv: fix null pointer dereference on shutdown
  (bsc#1179563 LTC#190108).
- commit 0a706d4
- Drop drm/sun4i patches that broke the build
  They don't build properly on 32bit arm config
- commit ef6a2c5
- vfio-pci: Use io_remap_pfn_range() for PCI IO memory
  (bsc#1181231).
- KVM: x86/mmu: Commit zap of remaining invalid pages when
  recovering lpages (bsc#1181230).
- commit 3da333d
- netfilter: ctnetlink: add a range check for l3/l4 protonum
  (CVE-2020-25211 bsc#1176395).
- commit 92230c0
- blacklist.conf: Add a couple of VFIO/PCI and SWIOTLB fixes
- commit 9053ccf
- SUNRPC: cache: ignore timestamp written to 'flush' file
  (bsc#1178036).
- commit 0eac715
- Update
  patches.suse/0001-xen-events-add-a-proper-barrier-to-2-level-uevent-un.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0002-xen-events-fix-race-in-evtchn_fifo_unmask.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0003-xen-events-add-a-new-late-EOI-evtchn-framework.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0004-xen-blkback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0005-xen-netback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0006-xen-scsiback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0008-xen-pciback-use-lateeoi-irq-binding.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0009-xen-events-switch-user-event-channels-to-lateeoi-mod.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0010-xen-events-use-a-common-cpu-hotplug-hook-for-event-c.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0011-xen-events-defer-eoi-in-case-of-excessive-number-of-.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/0012-xen-events-block-rogue-events-for-some-time.patch
  (CVE-2020-27673 XSA-332 bsc#1177411).
- Update
  patches.suse/XEN-uses-irqdesc-irq_data_common-handler_data-to-sto.patch
  (CVE-2020-27673 XSA-332 bsc#1065600).
- Update
  patches.suse/xen-events-avoid-removing-an-event-channel-while-han.patch
  (CVE-2020-27675 XSA-331 bsc#1177410).
- Update
  patches.suse/xen-events-don-t-use-chip_data-for-legacy-IRQs.patch
  (CVE-2020-27673 XSA-332 bsc#1065600).
- Added CVE numbers for above patches.
- commit 77fc141
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1129770)
  Backporting changes:
  * context changes
- commit 2cc0fa0
- drm: sun4i: hdmi: Fix inverted HPD result (bsc#1112178)
  Backporting changes:
  * context changes
- commit 67fea56
- floppy: reintroduce O_NDELAY fix (boo#1181018).
- commit 7b17926
- arm64: pgtable: Ensure dirty bit is preserved across
  pte_wrprotect() (bsc#1180130).
- arm64: pgtable: Fix pte_accessible() (bsc#1180130).
- commit 50f7568
- netfilter: clear skb->next in NF_HOOK_LIST() (bsc#1180765
  CVE-2021-20177).
- commit 979e397
- drm/amdkfd: Put ACPI table after using it (bsc#1129770)
  Backporting changes:
  * context changes
- commit d706a4a
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1129770)
  Backporting changes:
  * context changes
  * removed reference to msm_gem_is_locked()
- commit 2473171
- drm/tve200: Fix handling of platform_get_irq() error (bsc#1129770)
- commit 74c8661
- drm/msm: Avoid div-by-zero in dpu_crtc_atomic_check() (bsc#1129770)
  Backporting changes:
  * context changes
  * moved num_mixers from struct dpu_crtc_state to struct dpu_crtc
- commit 235aa45
- blacklist.conf: Append 'drm/i915: Clear the repeater bit on HDCP disable'
- commit dd4f37c
- blacklist.conf: Append 'drm/i915: Fix sha_text population code'
- commit 7f2c93c
- drm/i915: Clear the repeater bit on HDCP disable (bsc#1112178)
  Backporting changes:
  * context changes
- commit 3d4aebe
- drm/i915: Fix sha_text population code (bsc#1112178)
  Backporting changes:
  * context changes
- commit b3b6c93
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 5511837
- blacklist.conf: Append 'drm/amd/powerplay: fix a crash when overclocking Vega M'
- commit 17cad3d
- blacklist.conf: Append 'drm/i915: Move cec_notifier to intel_hdmi_connector_unregister, v2.'
- commit 15580f1
- drm/vgem: Replace opencoded version of drm_gem_dumb_map_offset() (bsc#1112178)
  Backporting changes:
  * context changes
- commit fb51493
- drm/amd/powerplay: fix a crash when overclocking Vega M (bsc#1113956)
- commit 909795d
- drm: sun4i: hdmi: Remove extra HPD polling (bsc#1112178)
- commit 76afd33
- NFS: nfs_igrab_and_active must first reference the superblock
  (git-fixes).
- pNFS: Mark layout for return if return-on-close was not sent
  (git-fixes).
- net: sunrpc: interpret the return value of kstrtou32 correctly
  (git-fixes).
- NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock
  (git-fixes).
- NFS: switch nfsiod to be an UNBOUND workqueue (git-fixes).
- lockd: don't use interval-based rebinding over TCP (git-fixes).
- NFSv4.2: condition READDIR's mask for security label based on
  LSM state (git-fixes).
- md/raid10: initialize r10_bio->read_slot before use (git-fixes).
- md: fix a warning caused by a race between concurrent
  md_ioctl()s (git-fixes).
- nfs_common: need lock during iterate through the list
  (git-fixes).
- nfsd: Fix message level for normal termination (git-fixes).
- commit 4d661ca
- Remove patches.suse/nfs-mark-nfsiod-cpu-intensive.patch
  About to get replaced by upstream version.
- commit 7d82450
- tun: correct header offsets in napi frags mode (bsc#1180812
  CVE-2021-0342).
- commit 0ae29aa
- net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes
  (git-fixes).
- commit 91e8143
- blacklist.conf: Removal of HMM function breaks KABI
- commit 1cd8ef8
- blacklist.conf: SLUB not enabled in kernel config
- commit 6202d29
- page_frag: Recover from memory pressure (git fixes
  (mm/pgalloc)).
- commit 4457ecd
- mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes
  (mm/hotplug)).
- commit 840f046
- blacklist.conf: CMA not enabled in kernel config
- commit 4513c12
- blacklist.conf: CMA not enabled in kernel config
- commit 016b829
- mm/slab: use memzero_explicit() in kzfree() (git fixes
  (mm/slab)).
- commit e7d7f67
- Refresh
  patches.suse/mm-fix-mremap-not-considering-huge-pmd-devmap.patch.
- commit 2a2a762
- blacklist.conf: SLUB not enabled in kernel config
- commit 1d41e83
- blacklist.conf: SLUB not enabled in kernel config
- commit f29f5d9
- mm/page_alloc: fix watchdog soft lockups during
  set_zone_contiguous() (git fixes (mm/pgalloc)).
- commit d02bb6f
- mm/rmap: map_pte() was not handling private ZONE_DEVICE page
  properly (git fixes (mm/hmm)).
- commit 433e971
- mm: hwpoison: disable memory error handling on 1GB hugepage
  (git fixes (mm/hwpoison)).
- commit 5bd329a
- KVM: SVM: Initialize prev_ga_tag before use (bsc#1180912).
- commit e44aeda
- Move the build fix for g2d driver into patches.suse
  It's actaully no kABI fix but the pure build fix, hence it must be
  out of patches.kabi
- commit 9c47154
- Refresh
  patches.suse/IB-hfi1-Ensure-correct-mm-is-used-at-all-times.patch.
  Fixed backport (removed one line too much, d'oh).
- commit 6dc4356
- IB/hfi1: Ensure correct mm is used at all times (bsc#1179878
  CVE-2020-27835).
- commit 39a2b87
- net: stmmac: Enable 16KB buffer size (git-fixes).
- commit f223efb
- net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).
- commit 3ccc81e
- net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).
- commit 05ff9e2
- net: stmmac: Do not accept invalid MTU values (git-fixes).
- commit 63ae7fc
- net: usb: lan78xx: Fix error message format specifier (git-fixes).
- commit 3dd5ee1
- caif: no need to check return value of debugfs_create functions (git-fixes).
- commit 4fb5202
- drivers/net: Use octal not symbolic permissions (git-fixes). - Refresh patches.suse/msft-hv-1661-scsi-netvsc-Use-the-vmbus-function-to-calculate-ring.patch. - Refresh patches.suse/msft-hv-1707-hv_netvsc-fix-network-namespace-issues-with-VF-suppo.patch.
- commit e4e6ab9
- net: dsa: LAN9303: select REGMAP when LAN9303 enable (git-fixes).
- commit 5d03a23
- net: phy: broadcom: Fix RGMII delays configuration for BCM54210E (git-fixes).
- commit dc3e380
- net: phy: Allow BCM54616S PHY to setup internal TX/RX clock delay (git-fixes).
- commit 287fdc5
- Drop uvcvideo patch that doesn't build
- commit 298bbff
- blacklist.conf: remove invalid entry, already backported
- commit a469334
- blacklist.conf: Tables not used currently in-tree
- commit 2aec284
- blacklist.conf: UP not enabled in config
- commit 9b055fe
- blacklist.conf: build fix not relevant in our config
- commit eaf3550
- docs: Fix reST markup when linking to sections (git-fixes).
- commit 2ffe4fe
- blacklist.conf: kABI
- commit 546297f
- powerpc/perf: Fix crashes with generic_compat_pmu & BHRB
  (bsc#1178900 ltc#189284 git-fixes).
- commit 5b292b4
- powerpc/perf: Add generic compat mode pmu driver (bsc#1178900
  ltc#189284).
- powerpc/perf: init pmu from core-book3s (bsc#1178900
  ltc#189284).
- commit 2d3c61b
- x86/resctrl: Don't move a task to the same resource group
  (bsc#1112178).
- commit 162f4b0
- x86/resctrl: Use an IPI instead of task_work_add() to update
  PQR_ASSOC MSR (bsc#1112178).
- commit 304df7d
- net: qca_spi: Move reset_count to struct qcaspi (git-fixes).
- commit 09d7b00
- net: bcmgenet: reapply manual settings to the PHY (git-fixes).
- commit 7d07690
- net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).
- commit d3b5290
- net: phy: micrel: make sure the factory test bit is cleared
  (git-fixes).
- commit 043ec37
- net: stmmac: fix length of PTP clock's name string (git-fixes).
- commit 6c3c8e0
- net: stmmac: gmac4+: Not all Unicast addresses may be available
  (git-fixes).
- commit eac7cd9
- net: ethernet: stmmac: Fix signedness bug in
  ipq806x_gmac_of_parse() (git-fixes).
- commit bff5c88
- net: stmmac: dwmac-meson8b: Fix signedness bug in probe
  (git-fixes).
- commit 84a3dda
- net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()
  (git-fixes).
- commit 227f036
- blacklist.conf: update the blacklist
- commit 250ebee
- USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).
- usb: gadget: configfs: Preserve function ordering after bind
  failure (git-fixes).
- usb: gadget: select CONFIG_CRC32 (git-fixes).
- usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).
- usb: dwc3: ulpi: Use VStsDone to detect PHY regs access
  completion (git-fixes).
- USB: yurex: fix control-URB timeout handling (git-fixes).
- usb: chipidea: ci_hdrc_imx: add missing put_device() call in
  usbmisc_get_init_data() (git-fixes).
- USB: gadget: legacy: fix return error code in acm_ms_bind()
  (git-fixes).
- USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
  quirk set (git-fixes).
- dmaengine: xilinx_dma: fix mixed_enum_type coverity warning
  (git-fixes).
- dmaengine: xilinx_dma: check dma_async_device_register return
  value (git-fixes).
- Revert "/device property: Keep secondary firmware node secondary
  by type"/ (git-fixes).
- wan: ds26522: select CONFIG_BITREVERSE (git-fixes).
- wil6210: select CONFIG_CRC32 (git-fixes).
- ethernet: ucc_geth: fix use-after-free in ucc_geth_remove()
  (git-fixes).
- ALSA: pcm: Clear the full allocated memory at hw_params
  (git-fixes).
- misc: vmw_vmci: fix kernel info-leak by initializing dbells
  in vmci_ctx_get_chkpt_doorbells() (git-fixes).
- media: gp8psk: initialize stats at power control logic
  (git-fixes).
- commit 2f3aec2
- x86/mtrr: Correct the range check before performing MTRR type
  lookups (bsc#1112178).
- commit 0c96651
- x86/mm: Fix leak of pmd ptlock (bsc#1112178).
- commit aeba3ea
- xen: support having only one event pending per watch
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit d884e81
- xen: revert Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 2a4a8da
- xen: revert Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6baf8b8
- xen: revert Support will_handle watch callback (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 3918801
- mm: don't wake kswapd prematurely when watermark boosting is
  disabled (git fixes (mm/vmscan)).
- commit b2e95ac
- xen: revert Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit 9d30f4d
- xen: revert Disallow pending watch messages (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit d039881
- xen-blkback: set ring->xenblkd to NULL after kthread_stop()
  (bsc#1179509 XSA-350 CVE-2020-29569).
- commit 1aab73c
- xenbus/xenbus_backend: Disallow pending watch messages
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 0cdf358
- xen/xenbus: Count pending messages for each watch (bsc#1179508
  XSA-349 CVE-2020-29568).
- commit a14bb56
- xen/xenbus/xen_bus_type: Support will_handle watch callback
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 33a4600
- xen/xenbus: Add 'will_handle' callback support in
  xenbus_watch_path() (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 5ef1497
- xen/xenbus: Allow watches discard events before queueing
  (bsc#1179508 XSA-349 CVE-2020-29568).
- commit 6f7a44e
- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list
  (bsc#1179093).
- sched/fair: Fix enqueue_task_fair() warning some more
  (bsc#1179093).
- sched/fair: Fix enqueue_task_fair warning (bsc#1179093).
- sched/fair: Fix reordering of enqueue/dequeue_task_fair()
  (bsc#1179093).
- sched/fair: Reorder enqueue/dequeue_task_fair path
  (bsc#1179093).
- commit 1b239da
- Drop the previous drm/nouveau fix that turned out to be superfluous (CVE-2020-25639 bsc#1176846)
- commit 001c6e5
- Move upstreamed vgacon patch into sorted section
- commit 73d2a02
- drm: bail out of nouveau_channel_new if channel init fails
  (CVE-2020-25639 bsc#1176846).
- commit 55debf7
- btrfs: qgroup: don't try to wait flushing if we're already
  holding a transaction (bsc#1179575).
- commit bda1cb8
- x86/i8259: Use printk_deferred() to prevent deadlock
  (bsc#1112178).
- commit d166bf5
- Refresh patches.suse/nvdimm-Avoid-race-between-probe-and-reading-device-a.patch.
  Refresh to v2 URL
- commit 97aafaa
- blacklist.conf: 44623b2818f4 crypto: x86/crc32c - fix building with clang ias
- commit a557330
- x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).
- commit 8dd9b08
- ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).
- commit c485186
- scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049,
  git-fixes).
- commit 3730025
- Refresh
  patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- commit 5851206
- EDAC/amd64: Fix PCI component registration (bsc#1112178).
- commit 522b115
- Refresh patch metadata.
- Refresh patches.suse/ibmvnic-continue-fatal-error-reset-after-passive-ini.patch.
- Refresh patches.suse/ibmvnic-fix-NULL-pointer-dereference.patch.
- commit d7a2a14
- btrfs: increase output size for LOGICAL_INO_V2 ioctl (bsc#1174206).
- commit 1d58635
- btrfs: add a flags argument to LOGICAL_INO and call it LOGICAL_INO_V2 (bsc#1174206).
- commit 01c5612
- btrfs: add a flag to iterate_inodes_from_logical to find all extent refs for uncompressed extents (bsc#1174206).
- Refresh
  patches.suse/revert-btrfs-qgroup-move-half-of-the-qgroup-accounting-time-out-of-commit-trans.patch.
- commit 91f3982
openssh
- Update openssh-7.7p1-audit.patch (bsc#1180501). This fixes
  occasional crashes on connection termination caused by accessing
  freed memory.
python-Jinja2
- Fixed IndentationError in CVE-2020-28493.patch (bsc#1182244)
- CVE-2020-28493: Fixed a ReDOS vulnerability where urlize could have
  been called with untrusted user data (bsc#1181944).
  Added CVE-2020-28493.patch
python-cffi
- add cc2546f3388b6eeb8b18bdbe82a8c3a4c7b48ceb.patch (bsc#1182471):
  Restore compatibility with Python 2.7 update
python-cryptography
- Add patch CVE-2020-36242-buffer-overflow.patch (bsc#1182066, CVE-2020-36242)
  * Using the Fernet class to symmetrically encrypt multi gigabyte values
    could result in an integer overflow and buffer overflow.
python3
- Resync with python36 Factory package.
- Make this %primary_interpreter
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Change setuptools and pip version numbers according to new
  wheels (bsc#1179756).
salt
- Fix regression on cmd.run when passing tuples as cmd (bsc#1182740)
- Added:
  * fix_regression_in_cmd_run_after_cve.patch
- Allow extra_filerefs as sanitized kwargs for SSH client
- Added:
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
- Fix errors with virt.update
- Added:
  * backport-commit-1b16478c51fb75c25cd8d217c80955feefb6.patch
- Fix for multiple for security issues
  (CVE-2020-28243) (CVE-2020-28972) (CVE-2020-35662) (CVE-2021-3148) (CVE-2021-3144)
  (CVE-2021-25281) (CVE-2021-25282) (CVE-2021-25283) (CVE-2021-25284) (CVE-2021-3197)
  (bsc#1181550) (bsc#1181556) (bsc#1181557) (bsc#1181558) (bsc#1181559) (bsc#1181560)
  (bsc#1181561) (bsc#1181562) (bsc#1181563) (bsc#1181564) (bsc#1181565)
- Added:
  * fix-for-some-cves-bsc1181550.patch
- virt: search for grub.xen path
- Xen spicevmc, DNS SRV records backports:
  Fix virtual network generated DNS XML for SRV records
  Don't add spicevmc channel to xen VMs
- virt UEFI fix: virt.update when efi=True
- Added:
  * open-suse-3002.2-xen-grub-316.patch
  * virt-uefi-fix-backport-312.patch
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
screen
- Fix double width combining char handling that could lead
  to a segfault [bnc#1182092] [CVE-2021-26937]
  new patch: combchar.diff
spacewalk-backend
- version 4.0.36-1
- Reposync: Fixed Kickstart functionality.
- Reposync: Fixed URLGrabber error handling.
- Reposync: Fix modular data handling for cloned channels (bsc#1177508)
- Truncate author name in the changelog (bsc#1180285)
- Drop Transfer-Encoding header from proxy respone to fix error response messages (bsc#1176906)
- Prevent tracebacks on missing mail configuration (bsc#1179990)
- Fix pycurl.error handling in suseLib.py (bsc#1179990)
- Use sanitized repo label to build reposync repo cache path (bsc#1179410)
- Quote the proxy settings to be used by Zypper (bsc#1179087)
- Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
- fix errors in spacewalk-debug and align postgresql queries to new DB version
spacewalk-certs-tools
- version 4.0.18-1
- improve check for correct CA trust store directory (bsc#1176417)
spacewalk-proxy
- version 4.0.15-1
- fix package manager string compare - python3 porting issue
spacewalk-web
- version 4.0.26-1
- Prevent deletion of CLM environments if they're used in an autoinstallation
  profile (bsc#1179552)
- Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)
supportutils-plugin-susemanager-client
- version 4.0.4-1
- remove checks for obsolete packages
- gather new configfiles
- add more important informations
supportutils-plugin-susemanager-proxy
- version 4.0.4-1
- remove checks for obsolete packages
- gather new configfiles
- add more important informations
systemd-rpm-macros
- Bump to version 6
- Make upstream %systemd_{pre,post,preun,postun} aliases to their SUSE
  counterparts
  Packagers can now choose to use the upstream or the SUSE variants
  indifferently. For consistency the SUSE variants should be preferred
  since almost all SUSE packages already use them but the upstream
  versions might be usefull in certain cases where packages need to
  support multiple distros based on RPM.
- Improve the logic used to apply the presets (bsc#1177039)
  Before presests were applied at a) package installation b) new units
  introduced via a package update (but after making sure that it was
  not a SysV initscript being converted).
  The problem is that a) didn't handle package a renaming or split
  properly since the package with the new name is installed rather
  being updated and therefore the presets were applied even if they
  were already with the old name.
  We now cover this case (and the other ones) by applying presets only
  if the units are new and the services are not being migrated. This
  regardless of whether this happens during an install or an update.
tcl
- bsc#1181840: Same fix as for tclConfig.sh is needed for tcl.pc.