apache2
- security update
- added patches
  fix CVE-2021-33193 [bsc#1189387], Request splitting via HTTP/2 method injection and mod_proxy
  + apache2-CVE-2021-33193.patch
- security update
- added patches
  fix CVE-2021-30641 [bsc#1187174], MergeSlashes regression
  + apache2-CVE-2021-30641.patch
- security update
- added patches
  fix CVE-2021-31618 [bsc#1186924], NULL pointer dereference on specially crafted HTTP/2 request
  + apache2-CVE-2021-31618.patch
- security update
- added patches
  fix CVE-2020-13950 [bsc#1187040], mod_proxy NULL pointer dereference
  + apache2-CVE-2020-13950.patch
- security update
- added patches
  fix CVE-2020-35452 [bsc#1186922], Single zero byte stack overflow in mod_auth_digest
  + apache2-CVE-2020-35452.patch
  fix CVE-2021-26690 [bsc#1186923], mod_session NULL pointer dereference in parser
  + apache2-CVE-2021-26690.patch
  fix CVE-2021-26691 [bsc#1187017], Heap overflow in mod_session
  + apache2-CVE-2021-26691.patch
autoyast2
- During autoupgrade do not try to register the system if it is
  explicitly disabled in the profile (bsc#1176965)
- 4.2.51
bind
- Fix off-by-one error when calculating new hashtable size
  When calculating the new hashtable bitsize, there was an off-by-one
  error that would allow the new bitsize to be larger than maximum allowed
  causing assertion failure in the rehash() function.
  [bsc#1188763, 0001-Fix-off-by-one-error-when-calculating-new-hashtable.patch]
- Since BIND 9.9, it has been easier to use tsig-keygen and
  ddns-confgen to generare TSIG keys. In 9.13, TSIG support was
  removed from dnssec-keygen, so now it is just for DNSKEY (and KEY
  for obscure cases). tsig-keygen is now used to generate DDNS keys.
  [bsc#1187921, vendor-files.tar.bz2]
c-ares
- Version update to git snapshot 1.17.1+20200724:
  * fixes missing input validation on hostnames returned by DNS
    servers (bsc#1188881, CVE-2021-3672)
  * If ares_getaddrinfo() was terminated by an ares_destroy(),
    it would cause crash
  * Crash in sortaddrinfo() if the list size equals 0 due to
    an unexpected DNS response
  * Expand number of escaped characters in DNS replies as
    per RFC1035 5.1 to prevent spoofing
  * Use unbuffered /dev/urandom for random data to prevent early startup
    performance issues
- missing_header.patch: upstreamed
chrony
- bsc#1173760: MD5 is not available from mozilla-nss in FIPS mode,
  but needed for calculating refids from IPv6 addresses as part of
  the NTP protocol (rfc5905). As this is a non-cryptographic use of
  MD5 we can use our own implementation without violating FIPS
  rules: chrony-refid-internal-md5.patch .
- boo#1162964, bsc#1183783, clknetsim-glibc-2.31.patch:
cloud-init
- Add cloud-init-log-file-mode.patch (bsc#1183939)
  + Change log file creation mode to 640
- Add cloud-init-no-pwd-in-log.patch (bsc#1184758)
  + Do not write the generated password to the log file
- Add cloud-init-purge-cache-py-ver-change.patch
cobbler
- Avoid traceback when building tftp files for ppc arch system when boot_loader is not set (bsc#1185679)
- Added:
  * fix_issue_when_inherited_boot_loader_bsc1185679.patch
- Make "/fence_ipmitool"/ a wrapper for "/fence_ipmilan"/ using always lanplus (bsc#1184361)
- Remove unused template for fence_ipmitool.
- Added:
  * fence_ipmitool
- Removed:
  * fence_ipmitool.template
- Prevent some race conditions when writting tftpboot files and
  the destination directory is not existing (bsc#1186124)
- Added:
  * prevent-race-condition-writting-tftpboot-files-bsc1186124.patch
- Fix trail stripping in case of using UTF symbols (bsc#1184561)
- Added:
  * fix-trail-stripping-utf8.diff
containerd
- Add patch for CVE-2021-32760. bsc#1188282
  + bsc1188282-use-chmod-path-for-checking-symlink.patch
- Drop long-since upstreamed patch, originally needed to fix i386 builds on
  SLES:
  - 0001-makefile-remove-emoji.patch
- Update to containerd v1.4.4, to fix CVE-2021-21334.
- Update to handle the docker-runc removal, and drop the -kubic flavour.
  bsc#1181677 bsc#1181749
- Update to containerd v1.4.3, which is needed for Docker v20.10.2-ce.
  bsc#1181594
- Install the containerd-shim* binaries and stop creating
  docker-containerd-shim because that isn't used by Docker anymore.
  bsc#1183024
cpio
- Add another patch to fix regression (bsc#1189465)
  * fix-CVE-2021-38185_3.patch
- Fix regression in last update (bsc#1189465)
  * fix-CVE-2021-38185_2.patch
- Fix CVE-2021-38185 Remote code execution caused by an integer overflow in ds_fgetstr
  (CVE-2021-38185, bsc#1189206)
  * fix-CVE-2021-38185.patch
crash
- Added crash-xen-increase-__physical_mask_shift_xen-to-52.patch
  (bsc#1177050)
- Fix "/kmem -i"/ option on Linux 5.9-rc1 and later kernels (bsc#1179970 ltc#188981).
  crash-Fix-kmem-i-option-on-Linux-5.9-rc1-and-later-kernels.patch
- Fix crash utility is taking forever to initialize a vmcore from large config
  system (bsc#1178827 ltc#189279).
  crash-task.c-avoid-unnecessary-cpu-cycles-in-stkptr_to_tas.patch
- Corrected project URL in spec file to match the changed upstream
  location as-of May 30th 2020.
  Noted the project URL change in README.SUSE without removing the old URL
  because it represents the location the project source was obtained from.
  The next project source update is available from the new project URL. When
  the package is updated with that source all URL project references will be
  modified to only show the new URL.
  Add crash-update-whitepaper-URL.patch
  Note change of no longer valid old project whitepaper URL to current valid
  project whitepaper URL in help output. Leave the old one reported because it
  represents the location the project source was obtained from for this
  package version.
  (bsc#1179536)
- Fix build on aarch64:
  crash-gdb-fix-aarch64.patch
- Add crash-verify-exception-frame-accessible-for-all-verify-requests.patch
  In calls to search a stack for x86_64 exceptions a flag is used
  to request the stack be verified for room to contain saved
  registers. The verify is not performed if other flags are used
  in the same call. Fixing this exposes another bug where only a
  kernel stack is verified anyway, even if the exception is being
  searched for on a userspace stack. Patch fixes both problems.
  (bsc#1162297)
- Add eppic-remove-duplicate-symbols.patch
  Fix eppic extension build.
- Add crash-fix-memory_driver-build-kernel-5.8.patch
  Fix memory driver build failure with kernels 5.8+.
- Always build crash KMPs.
- remove bypass lto and add -mfull-toc for ppc64le to check boo#1146646
- Add crash-Define-fallback-PN_XNUM.patch
  Add a fallback PN_XNUM definition.
curl
- Security fix: [bsc#1188220, CVE-2021-22925]
  * TELNET stack contents disclosure again
  * Add curl-CVE-2021-22925.patch
- Security fix: [bsc#1188219, CVE-2021-22924]
  * Bad connection reuse due to flawed path name checks
  * Add curl-CVE-2021-22924.patch
- Security fix: Disable the metalink feature:
  * Insufficiently Protected Credentials [bsc#1188218, CVE-2021-22923]
  * Wrong content via metalink not discarded [bsc#1188217, CVE-2021-22922]
dbus-1
- Add missing patch for CVE-2020-12049
  * fix-upstream-CVE-2020-12049_2.patch
- Fix CVE-2020-12049 truncated messages lead to resource exhaustion
  (CVE-2020-12049, bsc#1172505)
  * fix-upstream-CVE-2020-12049.patch
- Rebased fix-CVE-2019-12749.patch
- Fix CVE-2020-35512 - shared UID's caused issues (CVE-2020-35512 bsc#1187105)
  * fix-upstream-userdb-constpointer.patch
  * fix-upstream-CVE-2020-35512.patch
docker
- Update to Docker 20.10.6-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1184768
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Backport upstream fix <https://github.com/moby/moby/pull/42273> for btrfs
  quotas being removed by Docker regularly. bsc#1183855 bsc#1175081
  + 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
- Update to Docker 20.10.5-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1182947
- Update runc dependency to 1.0.0~rc93.
- Remove upstreamed patches:
  - cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Switch version to use -ce suffix rather than _ce to avoid confusing other
  tools. boo#1182476
- Fix incorrect cast in SUSE secrets patches causing warnings on SLES.
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Update to Docker 20.10.3-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. Fixes bsc#1181732
  (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).
- Rebase patches on top of 20.10.3-ce.
  - 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  + 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  - 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  + 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  - 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  + 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  - 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Drop docker-runc, docker-test and docker-libnetwork packages. We now just use
  the upstream runc package (it's stable enough and Docker no longer pins git
  versions). docker-libnetwork is so unstable that it doesn't have any
  versioning scheme and so it really doesn't make sense to maintain the project
  as a separate package. bsc#1181641 bsc#1181677
- Remove no-longer-needed patch for packaging now that we've dropped
  docker-runc and docker-libnetwork.
  - 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
- Update to Docker 20.10.2-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1181594
- Remove upstreamed patches:
  - bsc1122469-0001-apparmor-allow-readby-and-tracedby.patch
  - boo1178801-0001-Add-docker-interfaces-to-firewalld-docker-zone.patch
- Add patches to fix build:
  + cli-0001-Rename-bin-md2man-to-bin-go-md2man.patch
- Since upstream has changed their source repo (again) we have to rebase all of
  our patches. While doing this, I've collapsed all patches into one branch
  per-release and thus all the patches are now just one series:
  - packaging-0001-revert-Remove-docker-prefix-for-containerd-and-runc-.patch
  + 0001-PACKAGING-revert-Remove-docker-prefix-for-containerd.patch
  - secrets-0001-daemon-allow-directory-creation-in-run-secrets.patch
  + 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  - secrets-0002-SUSE-implement-SUSE-container-secrets.patch
  + 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  - private-registry-0001-Add-private-registry-mirror-support.patch
  + 0004-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  - bsc1073877-0001-apparmor-clobber-docker-default-profile-on-start.patch
  + 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
dosfstools
- Add fix-calculation.patch (gh#dosfstools/dosfstools#153, bsc#1172863)
  to work with different size of clusters.
dracut
- Update to version 049.1+suse.203.g8ee14a90:
  * fix(suse-initrd): use $kernel rather than $(uname -r)
  * fix(suse-initrd): exclude modules that are built-in (bsc#1185646)
  * fix(suse-initrd): inform on usage of obsolete -f parameter (bsc#1187470)
  * docs: fix reference to insmodpost module (bsc#1187774)
- Update to version 049.1+suse.196.g8706843b:
  * fix(suse-initrd): restore INITRD_MODULES in mkinitrd script
  * fix(suse-initrd): call dracut_instmods with hostonly=
- Update to version 049.1+suse.192.g00425ead:
  * fix(suse-initrd): remove references to INITRD_MODULES (bsc#1187115)
  * fix(suse-initrd) fix list of modprobe.d directories
  * fix(install): handle $LIB in ldd output parsing (bsc#1185615)
efivar
- Add efivar-bsc1187386-fix-emmc-parsing.patch to fix the eMMC
  sysfs parsing (bsc#1187386)
fence-agents
- Update to version 4.9.0+git.1624456340.8d746be9:
  * fence_azure_arm: corrections to support Azure SDK >= 15 - including backward compatibility (#415)
    (bsc#1185058)
  * fence_gce: make serviceaccount work with new libraries
  * fence_kubevirt: new fence agent
  * fence_virt*: simple_auth: use %zu for sizeof to avoid failing verbose builds on some archs
  * configure: dont fail when --with-agents contains virt
  * fence_mpath: watchdog retries support
  * fencing: add multi plug support for reboot-action
  * fence_redfish: add missing diag logic
  * fencing: fix issue with hardcoded help text length for metadata
  * fence_lindypdu: update metadata
  * fence_lindypdu: new fence agent
  * fencing: add stonith_status_sleep parameter for sleep between status calls during a STONITH action
  * fence_openstack: code formatting fixes per: https://github.com/ClusterLabs/fence-agents/pull/397#pullrequestreview-634281798
  * Proper try-except for connection exception.
  * Fix CI.
  * Do not wrap as many values.
  * Restore port metadata.
  * Update xml metadata.
  * Use standard logging.
  * Revert change to __all__
  * fence_virt: fix required=1 parameters that used to not be required and add deprecated=1 for old deprecated params
  * Major rework of the original agent:
  * fence_gce: default method moved back to powercycle (#389)
  * fence_aws: add filter parameter to be able to limit which nodes are listed
  * virt: fix a bunch of coverity scan errors in ip_lookup
  * virt: make sure to provide an empty default to strncpy
  * virt: make sure buffers are big enough for 0 byte end string
  * virt: increase buffer size to avoid overruns
  * virt: check return code in virt-sockets
  * virt: fix error code checking
  * virt: fix plugin (minor) memory leak and plug in load race
  * virt: attempt to open file directly and avoid race condition
  * virt: fix different coverity scan errors in common/tcp
  * virt: cleanup deadcode in client/vsock
  * virt: cleanup deadcode in client/tcp
  * virt: fix potential buffer overrun
  * virt: fix mcast coverity scan errors
  * virt: drop pm-fence plugin
  * build: tidy up module sources
  * virt: drop libvirt-qmf plugin
  * virt: drop null plugin
  * build: enable fence_virtd cpg plugin by default
  * virt: drop fence_virtd non-modular build
  * virt: fix plugin installation regression on upgrades
  * build: temporary disable -Wcast-align for some agents
  * build: fix CFLAGS overrides when using clang
  * fence_virt: metadata fixes, implement manpage generation and metadata/delay/rng checks
  * virt: make sure variable is initialized
  * Drop travis CI
  * Revert "/virt: drop -Werror to avoid unnecessary failures"/
  * zvm: reformat fence_zvm to avoid gcc warnings
  * build: fix make maintainerclean
  * build: remove unnecessary build snippets
  * virt: drop -Werror to avoid unnecessary failures
  * virt: disable -Wunused for yy generated files
  * virt: disable fence-virt on bsd variants
  * virt: merge spec files
  * build: fix more gcc warnings
  * build: remove unused / obsoleted options
  * build: fix some annoying warnings at ./autogen.sh time
  * virt: move all virt CFLAGS/LDFLAGS in the right location
  * virt: fix unused gcc warnings and re-enable all build warnings
  * virt: fix write-strings gcc warnings
  * virt: fix pointer-arith gcc warnings
  * virt: fix declaration-after-statement gcc warnings
  * virt: fix build with -Wmissing-prototypes
  * build: don´t override clean target
  * virt: plug fence_virt into the build
  * virt: allow fence_virt build to be optional
  * virt: drop support for LSB init script
  * virt: collect docs in one location
  * virt: remove unnecessary files and move build macros in place
  * Ignore fence-virt man pages
  * Merge done
  * Move fence_virt to the correct location
  * Start merge
  * spec: use python3 path for newer releases
  * spec: undo autosetup change that breaks builds w/git commit hashes
  * Ignore unknown options on stdin
  * fence_gce: support google-auth and oauthlib and fallback to deprecated libs when not available
  * spec: add aliyun subpackage and fence_mpath_check* to mpath subpackage
  * fence_gce: Adds cloud-platform scope for bare metal API and optional proxy flags (#382)
  * fence_virt: Fix minor typo in metadata
  * fence_gce: update module reqs for SLES 15 (#383)
  * Add fence_ipmilanplus as fence_ipmilan wrapper always enabling lanplus
  * fence_redfish: Add diag action
  * fence_vbox: updated metadata file
  * fence_vbox: do not flood host account with vboxmanage calls
  * fence_aws/fence_gce: allow building without cloud libs
  * fence_gce: default to onoff
  * fence_lpar: Make --managed a required option
  * fence_zvmip: fix shell-timeout when using new disable-timeout parameter
  * Adds service account authentication to GCE fence agent
  * spec: dont build -all subpackage as noarch
  * fence_virt: add plug parameter that obsoletes old port parameter
  * Try to detect directory for initscripts configuration
  * Accept SIGTERM while waiting for initialization.
  * Add man pages to fence_virtd service file.
  * Fix spelling error in fence_virt.conf.5
  * build: fix BRs for suse distros
  * build: remove ExclusiveArch
  * build: removed gcc-c++ BR
  * build: add spec-file and rpm build targets
  * build: cleanup/improvements to reworked build system
  * [build] rework build system to use automake/libtool
  * fence_virtd: Fix segfault in vl_get when no domains are found
  * fence_virt: fix core dump
  * build: harden and make it possible to build with -fPIE
  * fence_virt: dont report success for incorrect parameters
  * fence_virt: mcast: config: Warn when provided mcast addr is not used
  * fence_virtd: Return control to main loop on select interruption
  * fence-virtd: Add missing vsock makefile bits
  * fence-virt: Add vsock support
  * fence_virtd: Fix transposed arguments in startup message
  * fence_virt: Rename challenge functions
  * fence_virtd: Cleanup: remove unused configuration options
  * fence_virt: Remove remaining references to checkpoints
  * fence_virt: Remove remaining references to checkpoints
  * fence-virt: Format string cleanup
  * fence_virtd: Implment hostlist for the cpg backend
  * fence_virt: Fix logic error in fence_xvm
  * fence_virtd: Cleanup config module
  * fence_virtd: cpg: Fail initialization if no hypervisor connections
  * fence_virtd: Make the libvirt backend survive libvirtd restarts
  * fence_virtd: Allow the cpg backend to survive libvirt failures
  * fence_virtd: cpg: Fix typo
  * fence-virtd: Add cpg-virt backend plugin
  * fence_virtd: Remove checkpoint, replace it with a CPG only plugin
  * fence-virt: Bump version
  * fence_virtd: Add better debugging messages for the TCP listner
  * fence_virtd: Fix potential unlocked pthread_cond_timedwait()
  * fence-virtd: Cleanup small memory leak
  * fence_virtd: Fix select logic in listener plugins
  * Factor out common libvirt code so that it can be reused by multiple backends
  * Document the fence_virtd -p command line flag
  * fence_virtd: Log an error when startup fails
  * Retry writes in the TCP, mcast, and serial listener plugins while sending a response to clients, if the write fails or is incomplete.
  * Make the packet authentication code more resilient in the face of transient failures.
  * Remove erroneous 'inline'
  * Disable the libvirt-qmf backend by default
  * Bump the versions of the libvirt and checkpoint plugins
  * fence-virtd: Enable TCP listener plugin by default
  * fence-virtd: Cleanup documentation of the TCP listener
  * fence_xvm/fence_virt: Add support for the validate-all status op
  * fence-virt: Add list-status command to man page and metadata
  * fence-virt: Cleanup numeric argument parsing
  * fence-virt: Log message to syslog in addition to stdout/stderr
  * fence-virt: Permit explicitly setting delay to 0
  * fence-virt: Add 'list-status' operation for compat with other agents
  * Fix use of undefined #define
  * Allow fence_virtd to run as non-root
  * Remove delay from the status, monitor and list functions
  * Resolves serveral problems in checkpoint plugin, making it functional.
  * Current implementation of event listener in virt-serial does not support keepalive, it does not generate nor capable to answer to keepalive requests, which causes libvirt connection to disconnect every 30 seconds (interval*timeout in libvirtd.conf). Furthermore, it does not clean up filehandlers and leaves hanging sockets. Also, if other thread opens its own connection to libvirt (i.e. checkpoint.c), event function in virt-serial.c just updates event listener file handler with a wrong one, what causes checkpoint.c malfunctions, fence_virtd hangs and so on. This patch uses default event listener implementation from libvirt and resolves theese problems.
  * daemon_init: Removed PID check and update
  * fence_virtd: drop legacy SysVStartPriority from service unit
  * fence-virt: client: Do not truncate VM domains in list output
  * client: fix "/delay"/ parameter checking (copy-paste)
  * fence-virt: Fix broken restrictions on the port ranges
  * Clarify debug message
  * fence-virtd: Use perror only if the last system call returns an error.
  * fence-virtd: Fix printing wrong system call in perror
  * fence-virtd: Allow multiple hypervisors for the libvirt backend
  * fence-virt: Don't overrwrite saved errno
  * fence-virt: Fix small memory leak in the config module
  * fence-virt: Fix mismatched sizeof in memset call
  * fence-virt: Send complete hostlist info
  * fence-virt: Clarify the path option in serial mode
  * Bump version
  * fence-virt: Bump version
  * fence_virtd: Fix broken systemd service file
  * fence_virt/fence_xvm: Print status when invoked with -o status
  * fence-virt: Fix for missed libvirtd events
  * fence-virt: Fail properly if unable to bind the listener socket
  * client: dump all arguments structure in debug mode
  * Drop executable flag for man pages (finally)
  * Honor implicit "/ip_family=auto"/ in fence_xvm w/IPv6 mult.addr.
  * Fix using bad struct item for auth algorithm
  * Drop executable flag for man pages
  * use bswap_X() instead of b_swapX()
  * fence_virtd: Fix memcpy size params in the TCP plugin
  * Revert "/fence-virt: Fix possible descriptor leak"/
  * fence_virtd: Return success if a domain exists but is already off.
  * fence-virt: Add back missing tcp_listener.h file
  * fence-virt: Fix a few fd leaks
  * fence-virt: Fix free of uninitialized variable
  * fence-virt: Fix possible null pointer dereference
  * fence-virt: Fix memory leak
  * fence-virt: Fix fd leak when finding local addresses
  * fence-virt: Fix possible descriptor leak
  * fence-virt: Fix possible fd leak
  * fence-virt: Fix null pointer deref
  * fence-virt: Explicitly set delay to 0
  * fence-virt: Fix return with lock held
  * fence_virt: Fix typo in fence_virt(8) man page
  * fence_virt: Return failure for nonexistent domains
  * Initial commit
  * Improve fence_virt.conf man page description of 'hash'
  * Add a delay (-w) option.
  * Remove duplicated port struct entry
  * Add a TCP listener plugin for use with viosproxy
  * In serial mode, return failure if the other end closes the connection before we see SERIAL_MAGIC in the reply or timeout.
  * Stop linking against unnecessary QPid libs.
  * Update libvirt-qmf plugin and docs
  * Fix crash when we fail to read key file.
  * Fix erroneous man page XML
  * Add 'interface' directive to example.conf
  * Fix build
  * Add old wait_for_backend directive handling & docs
  * Return proper error if we can't set up our socket.
  * Fix startup in systemd environments
  * Add systemd unit file and generation
  * Don't override user's pick for backend server module
  * Use libvirt as default in shipped config
  * Clean up compiler warnings
  * Fix serial domain handling
  * Fix monolithic build
  * Clean up build and comments.
  * Add missing pm_fence source code
  * Disable CMAN / checkpoint build by default
  * Rename libvirt-qpid -> libvirt-qmf
  * Fix static analysis errors
  * Reword assignment to appease static analyzers
  * Handle return value from virDomainGetInfo
  * Fix bad sizeof()
  * Make listen() retry
  * Add map_check on 'status' action
  * Update README
  * Don't reference out-of-scope temporary
  * Ensure we don't try to strdup() or atoi() on NULL
  * Add libvirt-qmf support to the libvirt-qpid plugin
  * Convert libvirt-qpid plugin to QMFv2
  * Fix incorrect return value on hash mismatch
  * Fix error getting status from libvirt-qpid plugin
  * Fix typo that broke multicast plugin
  * Make fence-virt requests endian clean
  * Update TODO
  * Fix input parsing to allow domain again
  * Provide 'domain' in metadata output for compatibility
  * High: Fix UUID lookups in checkpoint backend
  * Curtail 'list' operation requests
  * Fix man page references: fence_virtd.conf -> fence_virt.conf
  * Add 'list' operation for plugins; fix missing getopt line
  * Fix build with newer versions of qpid
  * Make configure.in actually disable plugins
  * Fix metadata output
  * Rename parameters to match other fencing agents
  * Fix fence_xvm man page to point to the right location
  * client: Clarify license in serial.c
  * Return 2 for 'off' like other fencing agents
  * Reset flags before returning from connect_nb
  * Use nonblocking connect to vmchannel sockets
  * More parity with other fencing agents' parameters
  * Fix memory leaks found with valgrind
  * Add basic daemon functions
  * Fix bug in path pruning support for serial plugin
  * Fix libvirt-qpid bugs found while testing
  * Fix segfault caused by invalid map pointer assignment
  * Fix another compiler warning
  * Fix build warnings in client/serial.c
  * Add 'monitor' as an alias for 'status'
  * Add serial listener to configuration utility
  * Make serial/vmchannel module enabled by default
  * Add missing 'metadata' option to help text
  * Add missing static_map.h
  * Add metadata support to fence_xvm/fence_virt
  * Allow IPs to be members of groups
  * Allow use of static mappings w/ mcast listener
  * Make 'path' be a directory
  * Update TODO
  * Remove useless debug printfs
  * Enable VM Channel support in serial plugin
  * Update TODO based on progress
  * Pass source VM UUID (if known) to backend
  * Mirror libvirt-qpid's settings in libvirt-qpid plugin
  * libvirt-qpid: clean up global variable
  * Enable a configurable host/port on libvirt-qpid plugin
  * Minor config utility cleanups
  * Man page cleanups
  * Remove unnecessary name_mode from multicast plugin
  * Add prototypes and clean up build warnings
  * Use seqno in serial requests
  * Minor debugging message cleanup
  * Fix build error due to improper value
  * Static map support and permissions reporting
  * Sync up on SERIAL_MAGIC while waiting for a response
  * Don't build serial vmchannel module by default
  * Update TODO
  * Initial checkin of serial server-side support
  * Fix fence_virt.conf man page name
  * Add Fedora init script
  * Compiler warning cleanups in virt-serial.c
  * Add wait-for-backend mode
  * Fix up help text for clients
  * Minor XML cleanups, add missing free() call
  * add missing module_path to fence_virtd.conf.5
  * Add capabilities to virt-serial
  * Note that serial support is experimental
  * Add a serial.so build target
  * Add vmchannel serial event interface
  * Split fence_virt vs. fence_xvm args
  * Add static map functions.
  * Fix build warning due to missing #include
  * Fix multiple query code
  * Better config query & multiple value/tag support
  * Add simple configuration mode
  * Add missing man pages
  * More minor config cleanups
  * Allow setting config values to NULL to clear them
  * Clean up example config file
  * Sort plugins by type when printing them
  * Revert "/Sort plugins by type when printing them"/
  * Sort plugins by type when printing them
  * Clean up some configuration plugin information
  * add empty line between names
  * Make libvirt to automatically use uuid or names
  * Improve error reporting
  * Fix build for hostlist functionality
  * Hostlist functionality for libvirt, libvirt-qpid
  * Update TODO
  * Work around broken nspr headers
  * Fix installation target for man pages
  * Fix default build script
  * Add man page build infrastructure
  * Initial commit of fence_virt & fence_xvm man pages
  * Make fence_xvm compatibility mode enabled by default
  * Fix libvirt / mcast support for name_mode
  * Fix agent option parsing
  * Fix dlsym mapping of C++ module
  * Make uuids work with libvirt-qpid
  * Fix uninitialized variable causing false returns
  * Update monolithic build
  * Fix linking problem
  * Add 'help' to fence_virtd
  * Fix libvirt-qpid build
  * Make 'reboot' work
  * Fix libvirt-qpid build
  * Add libvirt-qpid build target
  * Initial checking of libvirt-qpid plugin
  * Fix build on i686
  * Make symlink/compatibilty mode disabled by default
  * Add simple tarball / release script
  * Update TODO and requirements file
  * Update TODO
  * Use immediate resolution of symbols
  * Example config tweaks
  * Use sysconfdir for /etc/fence_virt.conf
  * Fix package name and install locations
  * Fix daemon return code
  * Add 'maintainer-clean' target
  * Fix build errors on Fedora
  * Add missing header file
  * Ignore automake error
  * Add missing COPYING file; update TODO
  * Make the build script actually build
  * Make cluster mode plugin work
  * Add basic cpg stuff for later
  * Enable 'on' operation for libvirt backend
  * Clean up modular build
  * Minor build cleanups
  * Yet more build fixes
  * More build cleanups
  * Build cleanups
  * Initial port to autoconf
  * Add checkpoint.c stub functions
  * Add sequence numbers to requests for tracking
  * Include missing include
  * Call generic history functions
  * Make history functions generic
  * Make debugging work from modules again
  * Revert "/Fix build issue breaking debug printing from modules"/
  * Fix build issue breaking debug printing from modules
  * Fix libvirt backend; VALIDATE was wrong
  * Cleanups, add daemon support
  * Add simple 'null' skeleton backend plugin
  * Make all plugins dynamically loaded.
  * Fix error message
  * Remove dummy serial prototypes
  * Remove modules in 'make clean'
  * Make listeners plugins.
  * Fix whitespace
  * Move name_mode to fence_virtd block
  * Add name_mode to example.conf
  * Move VM naming scheme to top level of config
  * Fix bad assignment due to wrong variable
  * Fix use of wrong variable
  * Revert "/Fix use of wrong variable"/
  * Fix use of wrong variable
  * Enable UUID use in libvirt.c
  * Add missing log.c.  Enable syslog wrapping
  * Move options.c to client directory
  * Fix context type names
  * Minor cleanup
  * Drop duplicate fencing requests
  * Don't require specifying an interface in fence_virt.conf
  * Fix empty node parsing
  * Fix segfault
  * Fix install targets
  * Actually use the default port by default
  * Don't overwrite config files
  * Install modules, too.
  * Fix config file name
  * Add temporary 'make install' target
  * Make a default configuration file
  * Make mcast work with UUIDs
  * Update TODO
  * Remove useless prototype
  * Update todo
  * Add checkpoint.so to the build
  * Fix missing carriage returns on debug prints
  * Add architecture overview description
  * Make serial_init match mcast_init.
  * Make multicast use config file
  * Integrate config file processing
  * Create server-side plugin architecture
  * Remove bad list_do/list_done macros
  * Make libvirt a built-in plugin
  * Update description text.
  * Fix header in serial.c.
  * serial: Make client work.
- remove patch contained by the update:
  - 0001-Adds-service-account-authentication-to-GCE-fence-age.patch
  (jsc#SLE-18182) ECO: Update fence-agents
  (jsc#SLE-18027) Add upstream PR to aws-vpc-move-ip and apply required resource & fence agent patches
gcc
- Add gccgo symlink, add go and gofmt as alternatives to support
  parallel install of golang.  [bnc#1096677]
gnutls
- Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579)
- Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218)
gpg2
- Fix warning: agent returned different signature type ssh-rsa
  * The gpg-agent's ssh-agent does not handle flags in signing
    requests properly [bsc#1161268, bsc#1172308]
  * Add gnupg-gpg-agent-ssh-agent.patch
hwdata
- Update to version 0.351 (bsc#1190091):
  + Updated pci, usb and vendor ids.
- Update to version 0.350 (bsc#1189005):
  + Updated pci, usb and vendor ids.
- Update to version 0.349 (bsc#1187948):
  + Updated pci, usb and vendor ids.
- Update to version 0.348 (bsc#1186749):
  + Updated pci, usb and vendor ids.
- Update to version 0.347 (bsc#1185697):
  + Updated pci, usb and vendor ids.
- Update to version 0.346:
  + Updated pci, usb and vendor ids.
  + Resolves boo#1182482 jsc#SLE-13791 bnc#1170160
insserv-compat
- Require sysvinit-tools (boo#1187941)
java-11-openjdk
- Update to upstream tag jdk-11.0.12+7 (July 2021, CPU)
  * Security fixes
    + JDK-8256157: Improve bytecode assembly
    + JDK-8256491: Better HTTP transport
    + JDK-8258432, CVE-2021-2341, bsc#1188564: Improve file
    transfers
    + JDK-8260453: Improve Font Bounding
    + JDK-8260960: Signs of jarsigner signing
    + JDK-8260967, CVE-2021-2369, bsc#1188565: Better jar file
    validation
    + JDK-8262380: Enhance XML processing passes
    + JDK-8262403: Enhanced data transfer
    + JDK-8262410: Enhanced rules for zones
    + JDK-8262477: Enhance String Conclusions
    + JDK-8262967: Improve Zip file support
    + JDK-8264066, CVE-2021-2388, bsc#1188566: Enhance compiler
    validation
    + JDK-8264079: Improve abstractions
    + JDK-8264460: Improve NTLM support
  * Other changes
    + JDK-6847157: java.lang.NullPointerException: HDC for
    component at sun.java2d.loops.Blit.Blit
    + JDK-7106851: Test should not use System.exit
    + JDK-8073446: TimeZone getOffset API does not  return a dst
    offset between years 2038-2137
    + JDK-8076190: Customizing the generation of a PKCS12 keystore
    + JDK-8153005: Upgrade the default PKCS12 encryption/MAC
    algorithms
    + JDK-8171303: sun/java2d/pipe/InterpolationQualityTest.java
    fails on Windows & Linux
    + JDK-8177068: incomplete classpath causes NPE in Flow
    + JDK-8185734: [Windows] Structured Exception Catcher missing
    around gtest execution
    + JDK-8187450: JNI local refs exceeds capacity warning in
    NetworkInterface::getAll
    + JDK-8190763: Class cast exception on (CompoundEdit)
    UndoableEditEvent.getEdit()
    + JDK-8195841: PNGImageReader.readNullTerminatedString() doesnt
    check for non-null terminated strings with length equal to
    maxLen
    + JDK-8196100: javax/swing/text/JTextComponent/5074573/
    /bug5074573.java fails
    + JDK-8199646: JShell tests: jdk/jshell/
    /FailOverDirectExecutionControlTest.java failed with
    java.lang.UnsupportedOperationException
    + JDK-8206925: Support the certificate_authorities extension
    + JDK-8207160: ClassReader::adjustMethodParams can potentially
    return null if the args list is empty
    + JDK-8207247: AARCH64: Enable Minimal and Client VM builds
    + JDK-8207404: MulticastSocket tests failing on AIX
    + JDK-8207779: Method::is_valid_method() compares 'this' with
    NULL
    + JDK-8208061: runtime/LoadClass/TestResize.java fails with
    "/Load factor too high"/ when running in CDS mode.
    + JDK-8209459: TestSHA512MultiBlockIntrinsics failed on AArch64
    + JDK-8210443: Migrate Locale matching tests to JDK Repo.
    + JDK-8213231: ThreadSnapshot::_threadObj can become stale
    + JDK-8213483: ARM32: runtime/ErrorHandling/
    /ShowRegistersOnAssertTest.java jtreg test fail
    + JDK-8213725: JShell NullPointerException due to class file
    with unexpected package
    + JDK-8213794: ARM32: disable TypeProfiling,
    CriticalJNINatives, Serviceablity tests for ARM32
    + JDK-8213845: ARM32: Interpreter doesn't call result handler
    after native calls
    + JDK-8214128: ARM32: wrong stack alignment on
    Deoptimization::unpack_frames
    + JDK-8214512: ARM32: Jtreg test compiler/c2/Test8062950.java
    fails on ARM
    + JDK-8214854: JDWP: Unforseen output truncation in logging
    + JDK-8214922: Add vectorization support for fmin/fmax
    + JDK-8215009: GCC 8 compilation error in libjli
    + JDK-8216184: CDS/appCDS tests failed on Windows due to long
    path to a classlist file
    + JDK-8216259: AArch64: Vectorize Adler32 intrinsics
    + JDK-8216314: SIGILL in CodeHeapState::print_names()
    + JDK-8217348: assert(thread->is_Java_thread()) failed: just
    checking
    + JDK-8217465: [REDO] - Optimize CodeHeap Analytics
    + JDK-8217561: X86: Add floating-point Math.min/max intrinsics
    + JDK-8217918: C2: -XX:+AggressiveUnboxing is broken
    + JDK-8218458: [TESTBUG] runtime/NMT/
    /CheckForProperDetailStackTrace.java fails with Expected
    stack trace missing from output
    + JDK-8219142: Remove unused JIMAGE_ResourcePath
    + JDK-8219586: CodeHeap State Analytics processes dead nmethods
    + JDK-8220074: Clean up GCC 8.3 errors in LittleCMS
    + JDK-8220407: compiler/intrinsics/math/
    /TestFpMinMaxIntrinsics.java timedout
    + JDK-8222302: [TESTBUG] test/hotspot/jtreg/compiler/intrinsics/
    /sha/cli/TestUseSHAOptionOnUnsupportedCPU.java fails on any
    other CPU
    + JDK-8222412: AARCH64: multiple instructions encoding issues
    + JDK-8223020: aarch64: expand minI_rReg and maxI_rReg patterns
    into separate instructions
    + JDK-8223444: Improve CodeHeap Free Space Management
    + JDK-8223504: Improve performance of forall loops by better
    inlining of "/iterator()"/ methods
    + JDK-8223667: ASAN build broken
    + JDK-8225081: Remove Telia Company CA certificate expiring in
    April 2021
    + JDK-8225116: Test OwnedWindowsLeak.java intermittently fails
    + JDK-8225438: javax/net/ssl/TLSCommon/
    /TestSessionLocalPrincipal.java failed with Read timed out
    + JDK-8225756: [testbug] compiler/loopstripmining/
    /CheckLoopStripMining.java sets too short a
    SafepointTimeoutDelay
    + JDK-8226374: Restrict TLS signature schemes and named groups
    + JDK-8226627: assert(t->singleton()) failed: must be a constant
    + JDK-8226721: Missing intrinsics for Math.ceil, floor, rint
    + JDK-8227080: (fs) Files.newInputStream(...).skip(n) is slow
    + JDK-8227222: vmTestbase/jit/FloatingPoint/gen_math/Loops04/
    /Loops04.java failed XMM register should be 0-15
    + JDK-8227609: (fs) Files.newInputStream(...).skip(n) should
    allow skipping beyond file size
    + JDK-8230428: Cleanup dead CastIP node code in formssel.cpp
    + JDK-8231460: Performance issue (CodeHeap) with large free
    blocks
    + JDK-8231713: x86_32 build failures after JDK-8226721 (Missing
    intrinsics for Math.ceil, floor, rint)
    + JDK-8231841: AArch64: debug.cpp help() is missing an AArch64
    line for pns
    + JDK-8232084: HotSpot build failed with GCC 9.2.1
    + JDK-8232591: AArch64: Add missing match rules for smaddl,
    smsubl and smnegl
    + JDK-8233185: HttpServer.stop() blocks indefinitely when
    called on dispatch thread
    + JDK-8233787: Break cycle in vm_version* includes
    + JDK-8233948: AArch64: Incorrect mapping between OptoReg and
    VMReg for high 64 bits of Vector Register
    + JDK-8234355: Buffer overflow in jcmd GC.class_stats due to
    too many classes
    + JDK-8235368: Update BCEL to Version 6.4.1
    + JDK-8236859: WebSocket over authenticating proxy fails with
    NPE
    + JDK-8236992: AArch64: remove redundant load_klass in itable
    stub
    + JDK-8237743: test/langtools/jdk/jshell/
    /FailOverExecutionControlTest.java fails No
    ExecutionControlProvider with name 'nonExistent' and parameter
    keys: []
    + JDK-8237804: sun/security/mscapi tests fail with "/Key pair
    not generated, alias <nnnnnn> already exists"/
    + JDK-8238175: CTW: Class.getDeclaredMethods fails with
    assert(k->is_subclass_of(SystemDictionary::Throwable_klass()))
    failed: invalid exception class
    + JDK-8238567: SoftMainMixer.processAudioBuffers(): Wrong
    handling of stoppedMixers
    + JDK-8238812: assert(false) failed: bad AD file
    + JDK-8239312: [macos] javax/swing/JFrame/NSTexturedJFrame/
    /NSTexturedJFrame.java
    + JDK-8239386: handle ContendedPaddingWidth in
    vm_version_aarch64
    + JDK-8239536: Can't use 'java.util.List' object after
    importing 'java.awt.List'
    + JDK-8240487: Cleanup whitespace in .cc, .hh, .m, and .mm files
    + JDK-8240848: ArrayIndexOutOfBoundsException buf for
    TextCallbackHandler
    + JDK-8241082: Upgrade IANA Language Subtag Registry data to
    03-16-2020 version
    + JDK-8241087: Build failure with VS 2019 (16.5.0) due to C2039
    and C2873
    + JDK-8241101: [s390] jtreg test failure after JDK-8238696: not
    conformant features string
    + JDK-8241248: NullPointerException in
    sun.security.ssl.HKDF.extract(HKDF.java:93)
    + JDK-8241372: Several test failures due to
    javax.net.ssl.SSLException: Connection reset
    + JDK-8241475: AArch64: Add missing support for PopCountVI node
    + JDK-8241829: Cleanup the code for PrinterJob on windows
    + JDK-8241960: The SHA3 message digests impl of SUN provider
    are not thread safe after cloned
    + JDK-8242010: Upgrade IANA Language Subtag Registry to Version
    2020-04-01
    + JDK-8242429: Better implementation for sign extract
    + JDK-8242557: Add length limit for strings in PNGImageWriter
    + JDK-8242919: Paste locks up jshell
    + JDK-8243155: AArch64: Add support for SqrtVF
    + JDK-8243240: AArch64: Add support for MulVB
    + JDK-8243452: JFR: Could not create chunk in repository with
    over 200 recordings
    + JDK-8243559: Remove root certificates with 1024-bit keys
    + JDK-8243597: AArch64: Add support for integer vector abs
    + JDK-8244031: HttpClient should have more tests for HEAD
    requests
    + JDK-8244205: HTTP/2 tunnel connections through proxy may be
    reused regardless of which proxy is selected
    + JDK-8244847: Linux/PPC: runtime/CompressedOops/
    /CompressedClassPointers: smallHeapTest fails
    + JDK-8245511: G1 adaptive IHOP does not account for
    reclamation of humongous objects by young GC
    + JDK-8246274: G1 old gen allocation tracking is not in a
    separate class
    + JDK-8247354: [aarch64] PopFrame causes
    assert(oopDesc::is_oop(obj)) failed: not an oop
    + JDK-8247408: IdealGraph bit check expression canonicalization
    + JDK-8247432: Update IANA Language Subtag Registry to Version
    2020-09-29
    + JDK-8247438: JShell: When FailOverExecutionControlProvider
    fails the proximal cause is not shown
    + JDK-8247753: UIManager.getSytemLookAndFeelClassName() returns
    wrong value on Fedora 32
    + JDK-8248043: Need to eliminate excessive i2l conversions
    + JDK-8248411: [aarch64] Insufficient error handling when
    CodeBuffer is exhausted
    + JDK-8248568: compiler/c2/TestBit.java failed: test missing
    from stdout/stderr
    + JDK-8248870: AARCH64: I2L/L2I conversions can be skipped for
    masked positive values
    + JDK-8249142: java/awt/FontClass/CreateFont/DeleteFont.sh is
    unstable
    + JDK-8249189: AARCH64: more L2I conversions can be skipped
    + JDK-8249719: MethodHandle performance suffers from bad
    ResolvedMethodTable hash function
    + JDK-8249875: GCC 10 warnings -Wtype-limits with JFR code
    + JDK-8250635: MethodArityHistogram should use Compile_lock in
    favour of fancy checks
    + JDK-8250876: Fix issues with cross-compile on macos
    + JDK-8251031: Some vmTestbase/nsk/monitoring/RuntimeMXBean
    tests fail with hostnames starting from digits
    + JDK-8251525: AARCH64: Faster Math.signum(fp)
    + JDK-8252259: AArch64: Adjust default value of FLOATPRESSURE
    + JDK-8252311: AArch64: save two words in itable lookup stub
    + JDK-8252779: compiler/graalunit/HotspotTest.java failed after
    8251525
    + JDK-8252883: AccessDeniedException caused by delayed file
    deletion on Windows
    + JDK-8253167: ARM32 builds fail after JDK-8247910
    + JDK-8253572: [windows] CDS archive may fail to open with long
    file names
    + JDK-8253923: C2 doesn't always run loop opts for compilations
    that include loops
    + JDK-8253948: Memory leak in ImageFileReader
    + JDK-8254631: Better support ALPN byte wire values in SunJSSE
    + JDK-8254717: isAssignableFrom checks in
    KeyFactorySpi.engineGetKeySpec appear to be backwards
    + JDK-8255086: Update the root locale display names
    + JDK-8255625: AArch64: Implement Base64.encodeBlock
    accelerator/intrinsic
    + JDK-8255763: C2: OSR miscompilation caused by invalid memory
    instruction placement
    + JDK-8255992: JFR EventWriter does not use first string from
    StringPool with id 0
    + JDK-8256037: [TESTBUG] com/sun/jndi/dns/ConfigTests/
    /PortUnreachable.java fails due to the hard coded threshold
    is small
    + JDK-8256244: java/lang/ProcessHandle/PermissionTest.java
    fails with TestNG 7.1
    + JDK-8256287: [windows] add loop fuse to
    map_or_reserve_memory_aligned
    + JDK-8256523: Streamline Java SHA2 implementation
    + JDK-8257414: Drag n Drop target area is wrong on high DPI
    systems
    + JDK-8257569: Failure observed with
    JfrVirtualMemory::initialize
    + JDK-8257574: C2: "/failed: parsing found no loops but there
    are some"/ assert failure
    + JDK-8257580: Bump update version for OpenJDK: jdk-11.0.12
    + JDK-8257604: JNI_ArgumentPusherVaArg leaks valist
    + JDK-8257621: JFR StringPool misses cached items across
    consecutive recordings
    + JDK-8257796: [TESTBUG]
    TestUseSHA512IntrinsicsOptionOnSupportedCPU.java fails
    on x86_32
    + JDK-8257822: C2 crashes with SIGFPE due to a division that
    floats above its zero check
    + JDK-8257828: SafeFetch may crash if invoked in non-JavaThreads
    + JDK-8257853: Remove dependencies on JNF's JNI utility
    functions in AWT and 2D code
    + JDK-8257858: [macOS]: Remove JNF dependency from
    libosxsecurity/KeystoreImpl.m
    + JDK-8257860: [macOS]: Remove JNF dependency from
    libosxkrb5/SCDynamicStoreConfig.m
    + JDK-8257988: Remove JNF dependency from
    libsaproc/MacosxDebuggerLocal.m
    + JDK-8258414: OldObjectSample events too expensive
    + JDK-8258505: [TESTBUG] TestDivZeroWithSplitIf.java fails due
    to missing UnlockDiagnosticVMOptions
    + JDK-8258753: StartTlsResponse.close() hangs due to
    synchronization issues
    + JDK-8259061: C2: assert(found) failed: memory-writing node is
    not placed in its original loop or an ancestor of it
    + JDK-8259227: C2 crashes with SIGFPE due to a division that
    floats above its zero check
    + JDK-8259232: Bad JNI lookup during printing
    + JDK-8259276: C2: Empty expression stack when reexecuting
    tableswitch/lookupswitch instructions after deoptimization
    + JDK-8259343: [macOS] Update JNI error handling in Cocoa code.
    + JDK-8259585: Accessible actions do not work on mac os x
    + JDK-8259651: [macOS] Replace JNF_COCOA_ENTER/EXIT macros
    + JDK-8259662: Don't wrap SocketExceptions into SSLExceptions
    in SSLSocketImpl
    + JDK-8259710: Inlining trace leaks memory
    + JDK-8259729: Missed JNFInstanceOf -> IsInstanceOf conversion
    + JDK-8259777: Incorrect predication condition generated by ADLC
    + JDK-8259786: initialize last parameter of getpwuid_r
    + JDK-8259843: initialize dli_fname array before calling
    dll_address_to_library_name
    + JDK-8259869: [macOS] Remove desktop module dependencies on
    JNF Reference APIs
    + JDK-8259886: Improve SSL session cache performance and
    scalability
    + JDK-8259983: do not use uninitialized expand_ms value in
    G1CollectedHeap::expand_heap_after_young_collection
    + JDK-8260030: Improve stringStream buffer handling
    + JDK-8260236: better init AnnotationCollector _contended_group
    + JDK-8260255: C1: LoopInvariantCodeMotion constructor can
    leave some fields uninitialized
    + JDK-8260284: C2: assert(_base == Int) failed: Not an Int
    + JDK-8260380: Upgrade to LittleCMS 2.12
    + JDK-8260420: C2 compilation fails with assert(found_sfpt)
    failed: no node in loop that's not input to safepoint
    + JDK-8260426: awt debug_mem.c DMem_AllocateBlock might leak
    memory
    + JDK-8260432: allocateSpaceForGP in freetypeScaler.c might
    leak memory
    + JDK-8260616: Removing remaining JNF dependencies in the
    java.desktop module
    + JDK-8260653: Unreachable nodes keep speculative types alive
    + JDK-8260707: java/lang/instrument/PremainClass/
    /InheritAgent0100.java times out
    + JDK-8260925: HttpsURLConnection does not work  with other
    JSSE provider.
    + JDK-8260926: Trace resource exhausted events unconditionally
    + JDK-8261020: Wrong format parameter in
    create_emergency_chunk_path
    + JDK-8261027: AArch64: Support for LSE atomics C++ HotSpot code
    + JDK-8261167: print_process_memory_info add a close call after
    fopen
    + JDK-8261170: Upgrade to freetype 2.10.4
    + JDK-8261198: [macOS] Incorrect JNI parameters in number
    conversion in A11Y code
    + JDK-8261235: C1 compilation fails with
    assert(res->vreg_number() == index) failed: conversion check
    + JDK-8261261: The version extra fields needs to be overridable
    in jib-profiles.js
    + JDK-8261262: Kitchensink24HStress.java crashed with
    EXCEPTION_ACCESS_VIOLATION
    + JDK-8261354: SIGSEGV at MethodIteratorHost
    + JDK-8261355: No data buffering in SunPKCS11 Cipher encryption
    when the underlying mechanism has no padding
    + JDK-8261397: try catch Method failing to work when dividing
    an integer by 0
    + JDK-8261422: Adjust problematic String.format calls in
    jdk/internal/util/Preconditions.java outOfBoundsMessage
    + JDK-8261447: MethodInvocationCounters frequently run into
    overflow
    + JDK-8261481: Cannot read Kerberos settings in dynamic store
    on macOS Big Sur
    + JDK-8261505: Test test/hotspot/jtreg/gc/parallel/
    /TestDynShrinkHeap.java killed by Linux OOM Killer
    + JDK-8261601: free memory in early return in
    Java_sun_nio_ch_sctp_SctpChannelImpl_receive0
    + JDK-8261649: AArch64: Optimize LSE atomics in C++ code
    + JDK-8261730: C2 compilation fails with
    assert(store->find_edge(load) != -1) failed: missing
    precedence edge
    + JDK-8261752: Multiple GC test are missing memory requirements
    + JDK-8261791: (sctp) handleSendFailed in SctpChannelImpl.c
    potential leaks
    + JDK-8261812: C2 compilation fails with assert(!had_error)
    failed: bad dominance
    + JDK-8261914: IfNode::fold_compares_helper faces
    non-canonicalized bool when running JRuby JSON workload
    + JDK-8262093: java/util/concurrent/tck/JSR166TestCase.java
    failed "/assert(false) failed: unexpected node"/
    + JDK-8262110: DST starts from incorrect time in 2038
    + JDK-8262121: [11u] Redo 8244287: JFR: Methods samples have
    line number 0
    + JDK-8262163: Extend settings printout in jcmd VM.metaspace
    + JDK-8262295: C2: Out-of-Bounds Array Load from Clone Source
    + JDK-8262298: G1BarrierSetC2::step_over_gc_barrier fails with
    assert "/bad barrier shape"/
    + JDK-8262446: DragAndDrop hangs on Windows
    + JDK-8262461: handle wcstombsdmp return value correctly in
    unix awt_InputMethod.c
    + JDK-8262465: Very long compilation times and high memory
    consumption in C2 debug builds
    + JDK-8262726: AArch64: C1 StubAssembler::call_RT can corrupt
    stack
    + JDK-8262739: String inflation C2 intrinsic prevents insertion
    of anti-dependencies
    + JDK-8262829: Native crash in
    Win32PrintServiceLookup.getAllPrinterNames()
    + JDK-8262837: handle split_USE correctly
    + JDK-8262900: ToolBasicTest fails to access HTTP server it
    starts
    + JDK-8263260: [s390] Support latest hardware (z14 and z15)
    + JDK-8263311: Watch registry changes for remote printers
    update instead of polling
    + JDK-8263361: Incorrect arraycopy stub selected by C2 for SATB
    collectors
    + JDK-8263404: RsaPrivateKeySpec is always recognized as
    RSAPrivateCrtKeySpec in RSAKeyFactory.engineGetKeySpec
    + JDK-8263425: AArch64: two potential bugs in C1
    LIRGenerator::generate_address()
    + JDK-8263448: CTW: fatal error: meet not symmetric
    + JDK-8263504: Some OutputMachOpcodes fields are uninitialized
    + JDK-8263557: Possible NULL dereference in
    Arena::destruct_contents()
    + JDK-8263558: Possible NULL dereference in fast path arena
    free if ZapResourceArea is true
    + JDK-8263676: AArch64: one potential bug in C1
    LIRGenerator::generate_address()
    + JDK-8263729: [test] divert spurious output away from stream
    under test in ProcessBuilder Basic test
    + JDK-8263846: Bad JNI lookup getFocusOwner in accessibility
    code on Mac OS X
    + JDK-8264047: Duplicate global variable 'jvm' in libjavajpeg
    and libawt
    + JDK-8264096: slowdebug jvm crashes when StrInflatedCopy match
    rule is not supported
    + JDK-8264151: ciMethod::ensure_method_data() should return
    false is loading resulted in empty state
    + JDK-8264173: [s390] Improve Hardware Feature Detection And
    Reporting
    + JDK-8264190: Harden TLS interop tests
    + JDK-8264223: CodeHeap::verify fails extra_hops assertion in
    fastdebug test
    + JDK-8264328: Broken license in
    javax/swing/JComboBox/8072767/bug8072767.java
    + JDK-8264360: Loop strip mining verification fails with
    "/should be on the backedge"/
    + JDK-8264626: C1 should be able to inline excluded methods
    + JDK-8264640: CMS ParScanClosure misses a barrier
    + JDK-8264786: [macos] All Swing/AWT apps cause Allow
    Notifications prompt to appear when app is launched
    + JDK-8264821: DirectIOTest fails on a system with large block
    size
    + JDK-8264848: [macos] libjvm.dylib linker warning due to macOS
    version mismatch
    + JDK-8264923: PNGImageWriter.write_zTXt throws Exception with
    a typo
    + JDK-8264958: C2 compilation fails with assert "/n is later
    than its clone"/
    + JDK-8265099: Revert backport to 11u of 8236859: WebSocket
    over authenticating proxy fails with NPE
    + JDK-8265154: vinserti128 operand mix up for KNL platforms
    + JDK-8265239: Shenandoah: Shenandoah heap region count could
    be off by 1
    + JDK-8265417: Backport of JDK-8249672 breaks Solaris x86 build
    + JDK-8265421: java/lang/String/StringRepeat.java test is
    missing a memory requirement
    + JDK-8265462: Handle multiple slots in the NSS Internal Module
    from SunPKCS11's Secmod
    + JDK-8265537: x86 version string truncated after JDK-8249672
    11u backport
    + JDK-8265666: Enable AIX build platform to make external debug
    symbols
    + JDK-8265677: CMS: CardTableBarrierSet::write_ref_array_work()
    lacks storestore barrier
    + JDK-8265690: Use the latest Ubuntu base image version in
    Docker testing
    + JDK-8265718: Build failure after JDK-8258414 11u backport
    + JDK-8265750: Fatal error in safepoint.cpp after backport of
    8258414
    + JDK-8265784: [C2] Hoisting of DecodeN leaves MachTemp inputs
    behind
    + JDK-8265938: C2's conditional move optimization does not
    handle top Phi
    + JDK-8266220: keytool still prompt for store password on a
    password-less pkcs12 file if -storetype pkcs12 is specified
    + JDK-8266293: Key protection using PBEWithMD5AndDES fails with
    "/java.security.InvalidAlgorithmParameterException: Salt must
    be 8 bytes long"/
    + JDK-8266713: [AIX] Build failure after 11u backport of
    JDK-8247753
    + JDK-8266802: Shenandoah: Round up region size to page size
    unconditionally
    + JDK-8266892: avoid maybe-uninitialized gcc warnings on linux
    s390x
    + JDK-8266929: Unable to use algorithms from 3p providers
    + JDK-8267235: [macos_aarch64]
    InterpreterRuntime::throw_pending_exception messing up LR
    results in crash
    + JDK-8267561: Shenandoah: Reference processing not properly
    setup for outside of cycle degenerated GC
    + JDK-8267599: Revert the change to the default PKCS12
    macAlgorithm and macIterationCount props for 11u/8u/7u
    + JDK-8267641: [11u] 8227609 backport typo
    + JDK-8267721: Enable sun/security/pkcs11 tests for Amazon
    Linux 2 AArch64
    + JDK-8268678: LetsEncryptCA.java test fails as Let's Encrypt
    Authority X3 is retired
- Modified patch:
  * nss-security-provider.patch
    + make the NSS provider first in the list
- Remove all Jpackage provides for SLE12 in order to avoid
  installing this package as default Java on SLE12-SP5
  (bsc#1185476)
- Set alternative priority in SLE12 to 0 in order to be able to
  push to SLE12-SP5 (fate#326790, jsc#SLE-5715)
kernel-default
- workqueue: fix UAF in pwq_unbound_release_workfn()
  (bsc#1188973).
- commit b02980f
- can: esd_usb2: fix memory leak (git-fixes).
- can: ems_usb: fix memory leak (git-fixes).
- can: usb_8dev: fix memory leak (git-fixes).
- can: mcba_usb_start(): add missing urb->transfer_dma
  initialization (git-fixes).
- can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
- nfc: nfcsim: fix use after free during module unload
  (git-fixes).
- can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF
  (git-fixes).
- Revert "/ACPI: resources: Add checks for ACPI IRQ override"/
  (git-fixes).
- firmware: arm_scmi: Fix range check for the maximum number of
  pending messages (git-fixes).
- firmware: arm_scmi: Fix possible scmi_linux_errmap buffer
  overflow (git-fixes).
- commit 7ff2c84
- fix patch metadata
- fix Patch-mainline:
  patches.suse/xfrm-xfrm_state_mtu-should-return-at-least-1280-for-.patch
- commit e52bdda
- ixgbe: Fix packet corruption due to missing DMA sync
  (git-fixes).
- bnxt_en: Check abort error state in bnxt_half_open_nic()
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in
  bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe()
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: don't disable an already disabled PCI device
  (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- igb: Fix position of assignment to *ring (git-fixes).
- igb: Check if num of q_vectors is smaller than max before
  array access (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()'
  (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- igc: Fix an error handling path in 'igc_probe()' (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
  (git-fixes).
- igc: change default return of igc_read_phy_reg() (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- igc: Fix use-after-free error during reset (git-fixes).
- virtio_net: move tx vq operation under tx queue lock
  (git-fixes).
- Revert "/be2net: disable bh with spin_lock in be_process_mcc"/
  (git-fixes).
- e1000e: Check the PCIm state (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- vxlan: add missing rcu_read_lock() in neigh_reduce()
  (git-fixes).
- mvpp2: suppress warning (git-fixes).
- net: mvpp2: Put fwnode in error case during ->probe()
  (git-fixes).
- net/mlx5e: Block offload of outer header csum for GRE tunnel
  (git-fixes).
- commit 3de5d62
- powerpc/security: Fix link stack flush instruction (bsc#1188885
  ltc#193722).
- commit 6d617e8
- powerpc/64s: Move branch cache flushing bcctr variant to
  ppc-ops.h (bsc#1188885 ltc#193722).
- commit 837e7fa
- powerpc/security: Allow for processors that flush the link
  stack using the special bcctr (bsc#1188885 ltc#193722).
- powerpc/security: split branch cache flush toggle from code
  patching (bsc#1188885 ltc#193722).
- powerpc/security: make display of branch cache flush more
  consistent (bsc#1188885 ltc#193722).
- powerpc/security: change link stack flush state to the flush
  type enum (bsc#1188885 ltc#193722).
- Delete patches.suse/powerpc-add-link-stack-flush-mitigation-in-debugfs.patch
- replaced with upstream security mitigation cleanup
- powerpc/security: re-name count cache flush to branch cache
  flush (bsc#1188885 ltc#193722).
- commit e35bcce
- powerpc/pesries: Get STF barrier requirement from
  H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
- powerpc/pseries: export LPAR security flavor in lparcfg
  (bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (bsc#1188885 ltc#193722).
- Refresh patches.suse/powerpc-pseries-mobility-notify-network-peers-after-.patch.
- powerpc/pseries: add new branch prediction security bits for
  link stack (bsc#1188885 ltc#193722).
- commit 3f019e2
- Update patch-mainline and git-commit tags
  Refresh:
  - patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch
  - patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch
- commit 758ec5c
- Move upstreamed patches to sorted section
- commit e174d5e
- net: mac802154: Fix general protection fault (CVE-2021-3659
  bsc#1188876).
- commit 61caeac
- USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick
  (git-fixes).
- USB: serial: option: add support for u-blox LARA-R6 family
  (git-fixes).
- USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS
  (git-fixes).
- usb: hub: Disable USB 3 device initiated lpm if exit latency
  is too high (git-fixes).
- usb: hub: Fix link power management max exit latency (MEL)
  calculations (git-fixes).
- xhci: Fix lost USB 2 remote wake (git-fixes).
- spi: imx: add a check for speed_hz before calculating the clock
  (git-fixes).
- commit cbaa23f
- firmware/efi: Tell memblock about EFI iomem reservations
  (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum headsets
  (git-fixes).
- ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
- ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
- ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
- drm: Return -ENOTTY for non-drm ioctls (git-fixes).
- regulator: hi6421: Fix getting wrong drvdata (git-fixes).
- regulator: hi6421: Use correct variable type for regmap api
  val argument (git-fixes).
- iio: accel: bma180: Use explicit member assignment (git-fixes).
- commit 4603b01
- xfrm: xfrm_state_mtu should return at least 1280 for ipv6
  (bsc#1185377).
- commit c3c4cb5
- use 3.0 SPDX identifier in rpm License tags
  As requested by Maintenance, change rpm License tags from "/GPL-2.0"/
  (SPDX 2.0) to "/GPL-2.0-only"/ (SPDX 3.0) so that their scripts do not have
  to adjust the tags with each maintenance update submission.
- commit f888e0b
- platform/x86: intel_int0002_vgpio: Only call enable_irq_wake()
  when using s2idle (git-fixes).
- commit 28541e7
- platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios
  (git-fixes).
- commit ffedcc6
- platform/x86: intel_int0002_vgpio: Remove dev_err() usage
  after platform_get_irq() (git-fixes).
- commit 4131c57
- platform/x86: intel_int0002_vgpio: Pass irqchip when adding
  gpiochip (git-fixes).
- commit 88a6182
- KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow (bsc#1188838
  CVE-2021-37576).
- commit 0162dcd
- platform/x86: intel_int0002_vgpio: Use device_init_wakeup
  (git-fixes).
- commit 017d588
- platform/chrome: cros_ec_lightbar: Reduce ligthbar get version
  command (git-fixes).
- commit a8f01e1
- Input: ili210x - add missing negation for touch indication on
  ili210x (git-fixes).
- commit 0575cf5
- KVM: nVMX: Preserve exception priority irrespective of exiting
  behavior (bsc#1188777).
- commit 9024fbf
- KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap
  (bsc#1188774).
- commit 7334e84
- KVM: nVMX: Consult only the "/basic"/ exit reason when routing
  nested exit (bsc#1188773).
- commit f7ab15a
- kvm: LAPIC: Restore guard to prevent illegal APIC register
  access (bsc#1188772).
- commit 8a9a1d5
- KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic
  is hw disabled (bsc#1188771).
- commit 7610884
- kvm: i8254: remove redundant assignment to pointer s
  (bsc#1188770).
- commit f768a8a
- ceph: don't WARN if we're still opening a session to an MDS
  (bsc#1188748).
- rbd: don't hold lock_rwsem while running_list is being drained
  (bsc#1188747).
- rbd: always kick acquire on "/acquired"/ and "/released"/
  notifications (bsc#1188746).
- commit 5813020
- mt76: set dma-done flag for flushed descriptors (git-fixes).
- commit aaa3cb6
- mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom
  (git-fixes).
- commit 43e0b14
- mt76: mt7615: increase MCU command timeout (git-fixes).
- commit 1ca559f
- mt76: mt7603: set 0 as min coverage_class value (git-fixes).
- commit 606bd07
- ibmvnic: retry reset if there are no other resets (bsc#1184350
  ltc#191533).
- commit fccec64
- cifs: do not fail __smb_send_rqst if non-fatal signals are
  pending (git-fixes).
- commit 80eef04
- cifs: fix interrupted close commands (git-fixes).
- commit 9eae08a
- cifs: Fix preauth hash corruption (git-fixes).
- commit a2ac7b0
- cifs: Return correct error code from smb2_get_enc_key
  (git-fixes).
- commit ffe15e7
- cifs: fix memory leak in smb2_copychunk_range (git-fixes).
- commit f974156
- uuid: Add inline helpers to import / export UUIDs (FATE#326628,
  bsc#1113295, git-fixes).
- commit 5ef7dcb
- Drop media rtl28xxu fix patch (bsc#1188683)
  The recent backport of
  patches.suse/media-rtl28xxu-fix-zero-length-control-request.patch
  caused a regression on Astrometa DVB-T2.
  Revert and blacklist it for now.
- commit 1ae8d64
- series.conf: cleanup
- update upstream references and move into sorted section:
  - patches.suse/r8152-Fix-a-deadlock-by-doubly-PM-resume.patch
  - patches.suse/r8152-Fix-potential-PM-refcount-imbalance.patch
- commit 425c935
- powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
- commit fb8c7fc
- sfp: Fix error handing in sfp_probe() (git-fixes).
- commit 3f0aed6
- cadence: force nonlinear buffers to be cloned (git-fixes).
- commit 4b76907
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- commit 6e609d3
- ravb: Fix bit fields checking in ravb_hwtstamp_get()
  (git-fixes).
- commit ed39fda
- net: hns3: Clear the CMDQ registers before unmapping BAR region
  (git-fixes).
- commit 57704e2
- wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
- commit 23af1ba
- net: wilc1000: clean up resource in error path of init mon
  interface (git-fixes).
- commit aa75b92
- Update patches.suse/ibmvnic-account-for-bufs-already-saved-in-indir_buf.patch
  (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290 bsc#1188620
  ltc#192221).
- Update patches.suse/ibmvnic-free-tx_pool-if-tso_pool-alloc-fails.patch
  (bsc#1085224 ltc#164363 bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-parenthesize-a-check.patch
  (bsc#1184114 ltc#192237 bsc#1183871 ltc#192139 git-fixes
  bsc#1188620 ltc#192221).
- Update patches.suse/ibmvnic-set-ltb-buff-to-NULL-after-freeing.patch
  (bsc#1094840 ltc#167098 bsc#1188620 ltc#192221).
- commit 8147958
- ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
- commit 8bf9d02
- blacklist.conf: kABI
- commit 7c940a5
- blacklist.conf: cosmetic cleanup
- commit 29705c7
- blacklist.conf: kABI
- commit 839f900
- rtc: max77686: Do not enforce (incorrect) interrupt trigger type
  (git-fixes).
- rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
- thermal/core: Correct function name
  thermal_zone_device_unregister() (git-fixes).
- reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
- soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
- commit c39f899
- USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
- Revert "/USB: quirks: ignore remote wake-up on Fibocom L850-GL
  LTE modem"/ (git-fixes).
- usb: dwc2: gadget: Fix sending zero length packet in DDMA mode
  (git-fixes).
- usb: renesas_usbhs: Fix superfluous irqs happen after
  usb_pkt_pop() (git-fixes).
- usb: max-3421: Prevent corruption of freed memory (git-fixes).
- commit c637f14
- net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
- commit 2c19bb5
- scsi: fc: Add 256GBit speed setting to SCSI FC transport
  (bsc#1188101).
- commit 62c8708
- r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
- r8152: Fix potential PM refcount imbalance (bsc#1186194).
- commit 539ea44
- drm/panel: raspberrypi-touchscreen: Prevent double-free
  (git-fixes).
- media: ngene: Fix out-of-bounds bug in
  ngene_command_config_free_buf() (git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift
  of u16 (git-fixes).
- spi: cadence: Correct initialisation of runtime PM again
  (git-fixes).
- spi: mediatek: fix fifo rx mode (git-fixes).
- commit 44fe76d
- bcache: avoid oversized read request in cache missing code path
  (bsc#1184631).
- bcache: remove bcache device self-defined readahead
  (bsc#1184631).
- commit aaf8eb0
- KVM: do not allow mapping valid but non-reference-counted pages
  (bsc#1186482, CVE-2021-22543).
- KVM: Use kvm_pfn_t for local PFN variable in
  hva_to_pfn_remapped() (bsc#1186482, CVE-2021-22543).
- KVM: do not assume PTE is writable after follow_pfn
  (bsc#1186482, CVE-2021-22543).
- commit 3795669
- xen/events: reset active flag for lateeoi events later
  (git-fixes).
- Refresh patches.suse/xen-events-fix-setting-irq-affinity.patch.
- commit e51ccb0
- RDMA/cma: Fix incorrect Packet Lifetime calculation
  (jsc#SLE-8449).
- RDMA/cma: Protect RMW with qp_mutex (git-fixes).
- bpf: Fix integer overflow in argument calculation for
  bpf_map_area_alloc (bsc#1154353).
- ice: Re-organizes reqstd/avail {R, T}XQ check/code for
  efficiency (jsc#SLE-7926).
- commit 94fef56
- series.conf: cleanup
- update upstream reference and move into sorted section:
  - patches.suse/seq_file-Disallow-extremely-large-seq-buffer-allocations.patch
- commit 07df461
- Update
  patches.suse/ARM-ensure-the-signal-page-contains-defined-contents.patch
  (CVE-2021-21781 bsc#1188445).
- commit 47f3aa1
- watchdog: iTCO_wdt: Account for rebooting on second timeout
  (git-fixes).
- watchdog: Fix possible use-after-free by calling
  del_timer_sync() (git-fixes).
- watchdog: sc520_wdt: Fix possible use-after-free in
  wdt_turnoff() (git-fixes).
- watchdog: Fix possible use-after-free in wdt_startup()
  (git-fixes).
- w1: ds2438: fixing bug that would always get page0 (git-fixes).
- commit 0fe04be
- virtio_console: Assure used length from device is limited
  (git-fixes).
- pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
- pwm: imx1: Don't disable clocks at device remove time
  (git-fixes).
- pwm: spear: Don't modify HW state in .remove callback
  (git-fixes).
- power: supply: ab8500: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- usb: gadget: hid: fix error return code in hid_bind()
  (git-fixes).
- usb: gadget: f_hid: fix endianness issue with descriptors
  (git-fixes).
- tty: serial: 8250: serial_cs: Fix a memory leak in error
  handling path (git-fixes).
- tty: serial: fsl_lpuart: fix the potential risk of division
  or modulo by zero (git-fixes).
- staging: rtl8723bs: fix macro value for 2.4Ghz only device
  (git-fixes).
- commit 966e79d
- PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
- power: supply: charger-manager: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: max17042: Do not enforce (incorrect) interrupt
  trigger type (git-fixes).
- power: supply: ab8500: Avoid NULL pointers (git-fixes).
- power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- misc: alcor_pci: fix inverted branch condition (git-fixes).
- net: usb: fix possible use-after-free in smsc75xx_bind
  (git-fixes).
- commit 74628f5
- iio: magn: bmc150: Balance runtime pm + use
  pm_runtime_resume_and_get() (git-fixes).
- iio: gyro: fxa21002c: Balance runtime pm + use
  pm_runtime_resume_and_get() (git-fixes).
- misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge
  (git-fixes).
- misc/libmasm/module: Fix two use after free in ibmasm_init_one
  (git-fixes).
- mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
- mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE
  (git-fixes).
- Input: hideep - fix the uninitialized use in hideep_nvm_unlock()
  (git-fixes).
- i2c: core: Disable client irq on reboot/shutdown (git-fixes).
- lib/decompress_unlz4.c: correctly handle zero-padding around
  initrds (git-fixes).
- commit 14f42b7
- backlight: lm3630a: Fix return code of .update_status() callback
  (git-fixes).
- dmaengine: fsl-qdma: check dma_set_mask return value
  (git-fixes).
- gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
- gpio: zynq: Check return value of pm_runtime_get_sync
  (git-fixes).
- ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below
  20 characters (git-fixes).
- ASoC: soc-core: Fix the error return code in
  snd_soc_of_parse_audio_routing() (git-fixes).
- ASoC: img: Fix PM reference leak in img_i2s_in_probe()
  (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions
  (git-fixes).
- ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
- ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return
  values (git-fixes).
- commit 006f207
- ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
- ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
- ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
- ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count
  (git-fixes).
- ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
- ALSA: ppc: fix error return code in snd_pmac_probe()
  (git-fixes).
- ALSA: sb: Fix potential double-free of CSP mixer elements
  (git-fixes).
- ALSA: ac97: fix PM reference leak in ac97_bus_remove()
  (git-fixes).
- ALSA: usx2y: Don't call free_pages_exact() with NULL address
  (git-fixes).
- commit eaa8acd
- config: refresh
- drop GVE on arm64 and s390x (no longer available due to dependency update)
- commit d6ed2bf
- crypto: sun4i-ss - initialize need_fallback (git-fixes).
- crypto: sun4i-ss - IV register does not work on A10 and A13
  (git-fixes).
- crypto: sun4i-ss - checking sg length is not sufficient
  (git-fixes).
- crypto: virtio: Fix dest length calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- crypto: virtio: Fix src/dst scatterlist calculation in
  __virtio_crypto_skcipher_do_req() (git-fixes).
- commit 2b4c8a1
- blacklist.conf: add 4c9c26f1e67648f41f
- commit db6c764
- powerpc/papr_scm: Properly handle UUID types and API
  (FATE#326628, bsc#1113295, git-fixes).
- commit 9bcaa28
- powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
- commit 01547d1
- powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
- commit b063178
- powerpc/stacktrace: Fix spurious "/stale"/ traces in
  raise_backtrace_ipi() (bsc#1156395).
- commit f074894
- gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
- Refresh
  patches.suse/gve-Fix-an-error-handling-path-in-gve_probe.patch.
- commit fc90ec1
- gve: DQO: Remove incorrect prefetch (bsc#1176940).
- gve: Simplify code and axe the use of a deprecated API
  (bsc#1176940).
- gve: Propagate error codes to caller (bsc#1176940).
- gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
- gve: Fix warnings reported for DQO patchset (bsc#1176940).
- gve: DQO: Add RX path (bsc#1176940).
- gve: DQO: Add TX path (bsc#1176940).
- gve: DQO: Configure interrupts on device up (bsc#1176940).
- gve: DQO: Add ring allocation and initialization (bsc#1176940).
- gve: DQO: Add core netdev features (bsc#1176940).
- gve: Update adminq commands to support DQO queues (bsc#1176940).
- gve: Add DQO fields for core data structures (bsc#1176940).
- gve: Add dqo descriptors (bsc#1176940).
- gve: Add support for DQO RX PTYPE map (bsc#1176940).
- gve: adminq: DQO specific device descriptor logic (bsc#1176940).
- gve: Introduce a new model for device options (bsc#1176940).
- gve: Make gve_rx_slot_page_info.page_offset an absolute offset
  (bsc#1176940).
- gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
- gve: Move some static functions to a common file (bsc#1176940).
- gve: Check TX QPL was actually assigned (bsc#1176940).
- net: gve: remove duplicated allowed (bsc#1176940).
- net: gve: convert strlcpy to strscpy (bsc#1176940).
- gve: Add support for raw addressing in the tx path
  (bsc#1176940).
- gve: Rx Buffer Recycling (bsc#1176940).
- gve: Add support for raw addressing to the rx path
  (bsc#1176940).
- gve: Add support for raw addressing device option (bsc#1176940).
- gve: Replace zero-length array with flexible-array member
  (bsc#1176940).
- gve: Enable Link Speed Reporting in the driver (bsc#1176940).
- gve: Use link status register to report link status
  (bsc#1176940).
- gve: Batch AQ commands for creating and destroying queues
  (bsc#1176940).
- gve: NIC stats for report-stats and for ethtool (bsc#1176940).
- gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags
  (bsc#1176940).
- gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
- gve: Add stats for gve (bsc#1176940).
- gve: Get and set Rx copybreak via ethtool (bsc#1176940).
- commit ffc7e3d
- cpu/hotplug: Cure the cpusets trainwreck (git fixes
  (sched/hotplug)).
- commit ea5f05d
- blacklist.conf: duplication
- commit eff56f7
- kprobes: Fix to check probe enabled before
  disarm_kprobe_ftrace() (git-fixes).
- commit 9aba4a6
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE
  (git-fixes).
- commit a579f68
- kABI workaround for pci/quirks.c (git-fixes).
- commit 04fb196
- Add a cherry-picked ID for AMDGPU fix patch
- commit ba73832
- wl1251: Fix possible buffer overflow in wl1251_cmd_scan
  (git-fixes).
- wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP
  (git-fixes).
- commit e3971fc
- PCI: iproc: Support multi-MSI only on uniprocessor kernel
  (git-fixes).
- PCI: iproc: Fix multi-MSI base vector number allocation
  (git-fixes).
- PCI: aardvark: Implement workaround for the readback value of
  VEND_ID (git-fixes).
- pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq()
  (git-fixes).
- pinctrl: mcp23s08: fix race condition in irq handler
  (git-fixes).
- pinctrl/amd: Add device HID for new AMD GPIO controller
  (git-fixes).
- wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
- rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
- r8169: avoid link-up interrupt issue on RTL8106e if user
  enables ASPM (git-fixes).
- qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute
  (git-fixes).
- commit 0ca454f
- PCI: aardvark: Fix checking for PIO Non-posted Request
  (git-fixes).
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- media, bpf: Do not copy more entries than user space requested
  (git-fixes).
- iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
- iwlwifi: mvm: don't change band on bound PHY contexts
  (git-fixes).
- mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
- media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K
  (git-fixes).
- mmc: core: Allow UHS-I voltage switch for SDSC cards if
  supported (git-fixes).
- commit f7d13b4
- drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
- drm/radeon: Add the missed drm_gem_object_put() in
  radeon_user_framebuffer_create() (git-fixes).
- drm/amd/display: fix incorrrect valid irq check (git-fixes).
- drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
- drm/amd/display: Verify Gamma & Degamma LUT sizes in
  amdgpu_dm_atomic_check (git-fixes).
- drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init()
  (git-fixes).
- drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
- drm/amd/display: Update scaling settings on modeset (git-fixes).
- drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer()
  (git-fixes).
- drm/amd/display: fix use_max_lb flag for 420 pixel formats
  (git-fixes).
- commit d72cf42
- drm/amd/amdgpu/sriov disable all ip hw status by default
  (git-fixes).
- drm/sched: Avoid data corruptions (git-fixes).
- drm/virtio: Fix double free on probe failure (git-fixes).
- drm/msm/mdp4: Fix modifier support enabling (git-fixes).
- drm/arm/malidp: Always list modifiers (git-fixes).
- drm/vc4: fix argument ordering in vc4_crtc_get_margins()
  (git-fixes).
- drm/zte: Don't select DRM_KMS_FB_HELPER (git-fixes).
- drm/mxsfb: Don't select DRM_KMS_FB_HELPER (git-fixes).
- drm/tegra: Don't set allow_fb_modifiers explicitly (git-fixes).
- commit b02b3f8
- ASoC: tegra: Set driver_name=tegra for all machine drivers
  (git-fixes).
- clk: tegra: Ensure that PLLU configuration is applied properly
  (git-fixes).
- clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
- Bluetooth: btusb: fix bt fiwmare downloading failure issue
  for qca btsoc (git-fixes).
- Bluetooth: Shutdown controller after workqueues are flushed
  or cancelled (git-fixes).
- Bluetooth: Fix the HCI to MGMT status conversion table
  (git-fixes).
- Bluetooth: btusb: Fixed too many in-token issue for Mediatek
  Chip (git-fixes).
- cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
- clocksource/arm_arch_timer: Improve Allwinner A64 timer
  workaround (git-fixes).
- commit c7cdd5b
- ARM: ensure the signal page contains defined contents (bsc#1188445).
- commit a1eecda
- kprobes: fix kill kprobe which has been marked as gone
  (git-fixes).
- commit ee1820f
- kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler
  (git-fixes).
- commit 865421f
- kprobes: Do not expose probe addresses to non-CAP_SYSLOG
  (git-fixes).
- commit e2cb2ae
- net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
- commit 4278aab
- net/mlx5: Don't fail driver on failure to create debugfs (git-fixes).
- commit c19d4f7
- net: marvell: Fix OF_MDIO config check (git-fixes).
- commit f372318
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- commit c2ac3ff
- net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
- commit 0997bfc
- net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes).
- commit 2e479b6
- PCI: quirks: fix false kABI positive (git-fixes).
- commit a2a8059
- tpm: efi: Use local variable for calculating final log size
  (git-fixes).
- commit 69be865
- tracing: Do not reference char * as a string in histograms
  (git-fixes).
- commit 5ff7921
- PCI: iproc: Fix multi-MSI base vector number allocation
  (git-fixes).
- commit 9e70011
- PCI: aardvark: Implement workaround for the readback value of
  VEND_ID (git-fixes).
- commit 4bfb1fd
- PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun
  (git-fixes).
- commit dbaa5b3
- PCI: Leave Apple Thunderbolt controllers on for s2idle or
  standby (git-fixes).
- commit 900ca03
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509 bsc#1187476 ltc#193646).
- commit f55c672
- fix patch metadata
- fix Patch-mainline, drop Git-repo:
  patches.suse/bpftool-Properly-close-va_list-ap-by-va_end-on-error.patch
- commit ec7585c
- Update kabi files.
- update from second July 2021 maintenance update submission (commit 44308a6ad508)
- commit ee121a0
- fbmem: Do not delete the mode that is still in use (git-fixes).
- dma-buf/sync_file: Don't leak fences on merge failure
  (git-fixes).
- fbmem: add margin check to fb_check_caps() (git-fixes).
- commit 1116a4b
- Update patches.suse/Revert-ibmvnic-remove-duplicate-napi_schedule-call-i.patch
  (bsc#1065729 bsc#1188405 ltc#193509).
- Update patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch
  (bsc#1186206 ltc#191041 bsc#1188405 ltc#193509).
- commit 5fcaf8a
- rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap
  (boo#1184804).
- commit 5b51131
- bpftool: Properly close va_list 'ap' by va_end() on error
  (bsc#1155518).
- libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
- commit a14bd1d
- blacklist.conf: add "/block: blk-mq.c: fix @at_head kernel-doc warning"/
  Also removed a remnant of a merge conflict.
- commit ebd24f1
- netfilter: x_tables: fix compat match/target pad out-of-bound
  write (CVE-2021-22555 bsc#1188116).
- commit 5d3d4da
- vmxnet3: fix cksum offload issues for tunnels with non-default
  udp ports (git-fixes).
- USB: cdc-acm: blacklist Heimann USB Appset device (git-fixes).
- usb: gadget: eem: fix echo command packet response issue
  (git-fixes).
- vfio/pci: Handle concurrent vma faults (git-fixes).
- [xarray] iov_iter_fault_in_readable() should do nothing in
  xarray case (git-fixes).
- ssb: sdio: Don't overwrite const buffer if block_write fails
  (git-fixes).
- commit 76c3ff9
- serial_cs: Add Option International GSM-Ready 56K/ISDN modem
  (git-fixes).
- serial_cs: remove wrong GLOBETROTTER.cis entry (git-fixes).
- staging: rtl8712: remove redundant check in r871xu_drv_init
  (git-fixes).
- spi: spi-loopback-test: Fix 'tx_buf' might be 'rx_buf'
  (git-fixes).
- spi: omap-100k: Fix the length judgment problem (git-fixes).
- spi: spi-topcliff-pch: Fix potential double free in
  pch_spi_process_messages() (git-fixes).
- spi: Make of_register_spi_device also set the fwnode
  (git-fixes).
- regulator: da9052: Ensure enough delay time for
  .set_voltage_time_sel (git-fixes).
- regulator: uniphier: Add missing MODULE_DEVICE_TABLE
  (git-fixes).
- commit a2b1a60
- platform/x86: toshiba_acpi: Fix missing error code in
  toshiba_acpi_setup_keyboard() (git-fixes).
- random32: Fix implicit truncation warning in
  prandom_seed_state() (git-fixes).
- media: Fix Media Controller API config checks (git-fixes).
- media: imx-csi: Skip first few frames from a BT.656 source
  (git-fixes).
- media: siano: fix device register error path (git-fixes).
- media: dvb_net: avoid speculation from net slot (git-fixes).
- media: dvd_usb: memory leak in cinergyt2_fe_attach (git-fixes).
- mmc: via-sdmmc: add a check against NULL pointer dereference
  (git-fixes).
- mmc: sdhci-sprd: use sdhci_sprd_writew (git-fixes).
- memstick: rtsx_usb_ms: fix UAF (git-fixes).
- commit 0eb2f6b
- media: st-hva: Fix potential NULL pointer dereferences
  (git-fixes).
- media: bt8xx: Fix a missing check bug in bt878_probe
  (git-fixes).
- media: v4l2-core: Avoid the dangling pointer in v4l2_fh_release
  (git-fixes).
- media: em28xx: Fix possible memory leak of em28xx struct
  (git-fixes).
- media: imx: imx7_mipi_csis: Fix logging of only error event
  counters (git-fixes).
- media: pvrusb2: fix warning in pvr2_i2c_core_done (git-fixes).
- media: cobalt: fix race condition in setting HPD (git-fixes).
- media: cpia2: fix memory leak in cpia2_usb_probe (git-fixes).
- media: sti: fix obj-$(config) targets (git-fixes).
- media: exynos-gsc: fix pm_runtime_get_sync() usage count
  (git-fixes).
- commit ba1b2bc
- iio: adc: at91-sama5d2: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: mxc4005: Fix overread of data and alignment issue
  (git-fixes).
- lib: vsprintf: Fix handling of number field widths in vsscanf
  (git-fixes).
- media: sti/bdisp: fix pm_runtime_get_sync() usage count
  (git-fixes).
- media: s5p-jpeg: fix pm_runtime_get_sync() usage count
  (git-fixes).
- media: mtk-vcodec: fix PM runtime get logic (git-fixes).
- media: sh_vou: fix pm_runtime_get_sync() usage count
  (git-fixes).
- media: mdk-mdp: fix pm_runtime_get_sync() usage count
  (git-fixes).
- iio: at91-sama5d2_adc: remove usage of iio_priv_to_dev() helper
  (git-fixes).
- iio:accel:mxc4005: Drop unnecessary explicit casts in
  regmap_bulk_read calls (git-fixes).
- commit 74c2c06
- gve: Fix an error handling path in 'gve_probe()' (git-fixes).
- fm10k: Fix an error handling path in 'fm10k_probe()'
  (git-fixes).
- HID: do not use down_interruptible() when unbinding devices
  (git-fixes).
- HID: wacom: Correct base usage for capacitive ExpressKey status
  bits (git-fixes).
- crypto: omap-sham - Fix PM reference leak in omap sham ops
  (git-fixes).
- crypto: nitrox - fix unchecked variable in
  nitrox_register_interrupts (git-fixes).
- hwrng: exynos - Fix runtime PM imbalance on error (git-fixes).
- hwmon: (max31790) Fix pwmX_enable attributes (git-fixes).
- hwmon: (max31790) Report correct current pwm duty cycles
  (git-fixes).
- commit ac66984
- ALSA: usb-audio: scarlett2: Fix wrong resume call (git-fixes).
- ALSA: hda/realtek: Fix bass speaker DAC mapping for Asus UM431D
  (git-fixes).
- ath9k: Fix kernel NULL pointer dereference during
  ath_reset_internal() (git-fixes).
- clocksource: Retry clock read if long delays detected
  (git-fixes).
- crypto: qat - remove unused macro in FW loader (git-fixes).
- crypto: qat - check return code of qat_hal_rd_rel_reg()
  (git-fixes).
- crypto: ccp - Fix a resource leak in an error handling path
  (git-fixes).
- crypto: ux500 - Fix error return code in hash_hw_final()
  (git-fixes).
- crypto: nx - add missing MODULE_DEVICE_TABLE (git-fixes).
- crypto: ixp4xx - dma_unmap the correct address (git-fixes).
- commit fcdd7a0
- ALSA: hda/realtek: Add another ALC236 variant support
  (git-fixes).
- ALSA: usb-audio: fix rate on Ozone Z90 USB headset (git-fixes).
- ACPI: bus: Call kobject_put() in acpi_init() error path
  (git-fixes).
- ACPI: EC: Make more Asus laptops use ECDT _GPE (git-fixes).
- ACPI: resources: Add checks for ACPI IRQ override (git-fixes).
- ACPI: processor idle: Fix up C-state latency if not ordered
  (git-fixes).
- ACPICA: Fix memory leak caused by _CID repair function
  (git-fixes).
- commit 930000b
- Blacklist already cherry-picked ASoC commits
- commit 5cc6c21
- usb: gadget: f_fs: Fix setting of device and driver data
  cross-references (git-fixes).
- commit 8174fed
- vfs: Convert functionfs to use the new mount API (git -fixes).
- commit bc4a6d0
- mm, futex: fix shared futex pgoff on shmem huge page (git fixes
  (kernel/futex)).
- commit b5af159
- usb: typec: fusb302: fix "/op-sink-microwatt"/ default that was
  in mW (git-fixes).
- commit dcf2645
- fuse: reject internal errno (bsc#1188269).
- fuse: check connected before queueing on fpq->io (bsc#1188267).
- fuse: ignore PG_workingset after stealing (bsc#1188268).
- commit ad3c8af
- kABI: restore struct tcpc_config definition (git-fixes).
- commit af96f3e
- media: v4l2-async: Fix trivial documentation typo (git-fixes).
- commit a677fa5
- tracing/histograms: Fix parsing of "/sym-offset"/ modifier
  (git-fixes).
- commit e43cdf6
- usb: typec: fusb302: Always provide fwnode for the port
  (git-fixes).
- commit 23df3ab
- math: Export mul_u64_u64_div_u64 (git-fixes).
- commit 3708119
- rtc: stm32: Fix unbalanced clk_disable_unprepare() on probe
  error path (git-fixes).
- rtc: fix snprintf() checking in is_rtc_hctosys() (git-fixes).
- thermal/drivers/rcar_gen3_thermal: Fix coefficient calculations
  (git-fixes).
- reset: bail if try_module_get() fails (git-fixes).
- firmware: tegra: Fix error return code in tegra210_bpmp_init()
  (git-fixes).
- memory: fsl_ifc: fix leak of private memory on probe failure
  (git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure
  (git-fixes).
- memory: pl353: Fix error return code in pl353_smc_probe()
  (git-fixes).
- memory: atmel-ebi: add missing of_node_put for loop iteration
  (git-fixes).
- reset: brcmstb: Add missing MODULE_DEVICE_TABLE (git-fixes).
- reset: a10sr: add missing of_match_table reference (git-fixes).
- ALSA: intel8x0: Fix breakage at ac97 clock measurement
  (git-fixes).
- ALSA: isa: Fix error return code in snd_cmi8330_probe()
  (git-fixes).
- commit 8a2377b
- memory: fsl_ifc: fix leak of private memory on probe failure
  (git-fixes).
- memory: fsl_ifc: fix leak of IO mapping on probe failure
  (git-fixes).
- commit b522bcb
- Refresh patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch.
  Switched to queued version.
- commit 1b185ef
- x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#1185308).
- x86/kvm: Disable all PV features on crash (bsc#1185308).
- refresh patches.suse/0001-kvm-Reintroduce-nopvspin-kernel-parameter.patch
- x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
- x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
- x86/kvm: Fix pr_info() for async PF setup/teardown
  (bsc#1185308).
- commit 80699a1
- fix patches metadata
- fix Patch-mainline:
  patches.suse/tracepoint-Add-tracepoint_probe_register_may_exist-for-BPF-tracing.patch
  patches.suse/tracing-Resize-tgid_map-to-pid_max-not-PID_MAX_DEFAULT.patch
  patches.suse/tracing-Simplify-fix-saved_tgids-logic.patch
- commit fa5e842
- soc: fsl: qbman: Delete useless kfree code (bsc#1188176).
- soc: fsl: qbman: Ensure device cleanup is run for kexec
  (bsc#1188176).
- commit ec1bcd7
- ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation
  (git-fixes).
- commit d17e17c
- dpaa2-eth: fix memory leak in XDP_REDIRECT (git-fixes).
- commit 586c229
- rpm/kernel-binary.spec.in: Remove zdebug define used only once.
- commit 85a9fc2
- kernel-binary.spec: Exctract s390 decompression code (jsc#SLE-17042).
- commit 7f97df2
- seq_file: Disallow extremely large seq buffer allocations (bsc#1188062, CVE-2021-33909).
- commit eb7ef76
- tracing: Resize tgid_map to pid_max, not PID_MAX_DEFAULT
  (git-fixes).
- commit dfc48c9
- tracing: Simplify & fix saved_tgids logic (git-fixes).
- commit c530730
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF
  tracing (git-fixes).
- commit 1ab86c5
- nvme: verify MNAN value if ANA is enabled (bsc#1185791).
- commit e620ef1
- spi: spi-nxp-fspi: Implement errata workaround for LS1028A (bsc#1188121).
- spi: spi-nxp-fspi: Add support for IP read only (bsc#1188121).
- spi: spi-nxp-fspi: Add ACPI support (bsc#1188121).
  Refresh:
  patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch
  patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch
- spi: spi-nxp-fspi: Fix a NULL vs IS_ERR() check in probe (bsc#1188121).
  Refresh:
  patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch
  patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch
- spi: spi-nxp-fspi: Enable the Octal Mode in MCR0 (bsc#1188121).
- spi: fspi: dynamically alloc AHB memory (bsc#1188121).
  Refresh:
  patches.suse/spi-spi-nxp-fspi-fix-fspi-panic-by-unexpected-interr.patch
  patches.suse/spi-spi-nxp-fspi-move-the-register-operation-after-t.patch
- spi: nxp-fspi: Use devm API to fix missed unregistration of controller (bsc#1188121).
- commit 8290109
- Fix meta data in lpfc-decouple-port_template-and-vport_template.patch
- commit d9e6471
- scsi: qedf: Do not put host in qedf_vport_create()
  unconditionally (bsc#1170511).
- commit 8665594
- kernel-binary.spec: Fix up usrmerge for non-modular kernels.
- commit d718cd9
- nvme-rdma: introduce nvme_rdma_sgl structure (git-fixes).
- commit 6ccb8a5
- nvme-rdma: fix in-casule data send for chained sgls (git-fixes).
- nvme-tcp: rerun io_work if req_list is not empty (git-fixes).
- commit a286451
- watchdog: aspeed: fix hardware timeout calculation (git-fixes).
- watchdog: sp805: Fix kernel doc description (git-fixes).
- gpio: AMD8111 and TQMX86 require HAS_IOPORT_MAP (git-fixes).
- commit 79058fa
- extcon: max8997: Add missing modalias string (git-fixes).
- extcon: sm5502: Drop invalid register write in sm5502_reg_data
  (git-fixes).
- char: pcmcia: error out if 'num_bytes_read' is greater than
  4 in set_protocol() (git-fixes).
- backlight: lm3630a_bl: Put fwnode in error case during ->probe()
  (git-fixes).
- commit 6b8c8e1
- iio: light: tcs3472: do not free unallocated IRQ (git-fixes).
- iio: prox: isl29501: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: vcnl4035: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: magn: rm3100: Fix alignment of buffer in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads8688: Fix alignment of buffer in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- staging: gdm724x: check for overflow in gdm_lte_netif_rx()
  (git-fixes).
- staging: gdm724x: check for buffer overflow in
  gdm_lte_multi_sdu_pkt() (git-fixes).
- fpga: machxo2-spi: Address warning about unused variable
  (git-fixes).
- extcon: intel-mrfld: Sync hardware and software state on init
  (git-fixes).
- fpga: stratix10-soc: Add missing fpga_mgr_free() call
  (git-fixes).
- commit b12d968
- iio: adc: mxs-lradc: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: hx711: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: ltr501: ltr501_read_ps(): add missing endianness conversion
  (git-fixes).
- iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR
  (git-fixes).
- iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1}
  and PS_DATA as volatile, too (git-fixes).
- iio: si1133: fix format string warnings (git-fixes).
- iio: potentiostat: lmp91000: Fix alignment of buffer in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3472: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: tcs3414: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: light: isl29125: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- commit 2299862
- iio: magn: bmc150: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: magn: hmc5843: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: as3935: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: pulsed-light: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: prox: srf08: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: humidity: am2315: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: gyro: bmg160: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: vf610: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ti-ads1015: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: stk8ba50: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- commit 66bbafb
- serial: mvebu-uart: correctly calculate minimal possible
  baudrate (git-fixes).
- serial: mvebu-uart: do not allow changing baudrate when uartclk
  is not available (git-fixes).
- serial: mvebu-uart: fix calculation of clock divisor
  (git-fixes).
- serial: 8250: Actually allow UPF_MAGIC_MULTIPLIER baud rates
  (git-fixes).
- serial: tegra-tcu: Reorder channel initialization (git-fixes).
- staging: rtl8712: fix memory leak in rtl871x_load_fw_cb
  (git-fixes).
- iio: accel: stk8312: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: kxcjk-1013: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: hid: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma220: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: accel: bma180: Fix buffer alignment in
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adis16400: do not return ints in irq handlers (git-fixes).
- iio: adis_buffer: do not return ints in irq handlers
  (git-fixes).
- mmc: sdhci: Fix warning message when accessing RPMB in HS400
  mode (git-fixes).
- mmc: core: clear flags before allowing to retune (git-fixes).
- Input: hil_kbd - fix error return code in hil_dev_connect()
  (git-fixes).
- Input: usbtouchscreen - fix control-request directions
  (git-fixes).
- mtd: rawnand: marvell: add missing clk_disable_unprepare()
  on error in marvell_nfc_resume() (git-fixes).
- mtd: partitions: redboot: seek fis-index-block in the right node
  (git-fixes).
- commit a219c27
- usb: dwc3: Fix debugfs creation flow (git-fixes).
- xhci: solve a double free problem while doing s4 (git-fixes).
- usb: typec: Add the missed altmode_id_remove() in
  typec_register_altmode() (git-fixes).
- usb: dwc2: Don't reset the core after setting turnaround time
  (git-fixes).
- usb: typec: wcove: Fx wrong kernel doc format (git-fixes).
- tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
  (git-fixes).
- tty: nozomi: Fix a resource leak in an error handling function
  (git-fixes).
- soundwire: stream: Fix test for DP prepare complete (git-fixes).
- visorbus: fix error return code in visorchipset_init()
  (git-fixes).
- commit e666eaf
- leds: ktd2692: Fix an error handling path (git-fixes).
- leds: as3645a: Fix error return code in as3645a_parse_node()
  (git-fixes).
- leds: lm3532: select regmap I2C API (git-fixes).
- ASoC: mediatek: mtk-btcvsd: Fix an error handling path in
  'mtk_btcvsd_snd_probe()' (git-fixes).
- ASoC: rsnd: tidyup loop on rsnd_adg_clk_query() (git-fixes).
- ASoC: atmel-i2s: Fix usage of capture and playback at the same
  time (git-fixes).
- ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK
  (git-fixes).
- ALSA: usb-audio: scarlett2: Read mux at init time (git-fixes).
- ALSA: usb-audio: scarlett2: Read mixer volumes at init time
  (git-fixes).
- Revert "/ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"/
  (git-fixes).
- commit ea3fb69
- ASoC: hisilicon: fix missing clk_disable_unprepare() on error
  in hi6210_i2s_startup() (git-fixes).
- mwifiex: re-fix for unaligned accesses (git-fixes).
- lib/decompressors: remove set but not used variabled 'level'
  (git-fixes).
- clk: si5341: Update initialization magic (git-fixes).
- clk: si5341: Avoid divide errors due to bogus register contents
  (git-fixes).
- clk: actions: Fix bisp_factor_table based clocks on Owl S500
  SoC (git-fixes).
- clk: actions: Fix SD clocks factor table on Owl S500 SoC
  (git-fixes).
- clk: actions: Fix UART clock dividers on Owl S500 SoC
  (git-fixes).
- clk: zynqmp: pll: Remove some dead code (git-fixes).
- clk: meson: g12a: fix gp0 and hifi ranges (git-fixes).
- commit b4df049
- clk: renesas: rcar-gen3: Update Z clock rate formula in comments
  (git-fixes).
- drm/msm/dpu: Fix error return code in dpu_mdss_init()
  (git-fixes).
- drm: qxl: ensure surf.data is ininitialized (git-fixes).
- drm/rockchip: dsi: remove extra component_del() call
  (git-fixes).
- drm/rockchip: dsi: move all lane config except LCDC mux to
  bind() (git-fixes).
- drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare()
  on error in cdn_dp_grf_write() (git-fixes).
- video: fbdev: imxfb: Fix an error message (git-fixes).
- ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
- commit fc44520
- can: peak_pciefd: pucan_handle_status(): fix a potential
  starvation issue in TX path (git-fixes).
- can: gw: synchronize rcu operations before removing gw job entry
  (git-fixes).
- Bluetooth: Fix handling of HCI_LE_Advertising_Set_Terminated
  event (git-fixes).
- Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid
  (git-fixes).
- ath10k: remove unused more_frags variable (git-fixes).
- ath10k: add missing error return code in ath10k_pci_probe()
  (git-fixes).
- ath10k: go to path err_unsupported when chip id is not supported
  (git-fixes).
- brcmsmac: mac80211_if: Fix a resource leak in an error handling
  path (git-fixes).
- brcmfmac: correctly report average RSSI in station info
  (git-fixes).
- brcmfmac: fix setting of station info chains bitmask
  (git-fixes).
- commit d8b0fc2
- can: hi311x: hi3110_can_probe(): silence clang warning
  (git-fixes).
- drm/radeon: wait for moving fence after pinning (git-fixes).
- drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
- cfg80211: call cfg80211_leave_ocb when switching away from OCB
  (git-fixes).
- dmaengine: mediatek: use GFP_NOWAIT instead of GFP_ATOMIC in
  prep_dma (git-fixes).
- dmaengine: mediatek: do not issue a new desc if one is still
  current (git-fixes).
- dmaengine: mediatek: free the proper desc in desc_free handler
  (git-fixes).
- dmaengine: rcar-dmac: Fix PM reference leak in rcar_dmac_probe()
  (git-fixes).
- dmaengine: zynqmp_dma: Fix PM reference leak in
  zynqmp_dma_alloc_chan_resourc() (git-fixes).
- commit 8be348d
- gve: Fix swapped vars when fetching max queues (git-fixes).
- mac80211: remove iwlwifi specific workaround NDPs of
  null_response (git-fixes).
- mac80211: remove iwlwifi specific workaround that broke sta
  NDP tx (git-fixes).
- mt76: fix possible NULL pointer dereference in mt76_tx
  (git-fixes).
- extcon: extcon-max8997: Fix IRQ freeing at error path
  (git-fixes).
- r8169: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
- mac80211_hwsim: drop pending frames on stop (git-fixes).
- mac80211: remove warning in ieee80211_get_sband() (git-fixes).
- PCI: Add AMD RS690 quirk to enable 64-bit DMA (git-fixes).
- commit c400726
- wcn36xx: Move hal_buf allocation to devm_kmalloc in probe
  (git-fixes).
- wireless: carl9170: fix LEDS build errors & warnings
  (git-fixes).
- rsi: Assign beacon rate settings to the correct rate_info
  descriptor field (git-fixes).
- ssb: Fix error return code in ssb_bus_scan() (git-fixes).
- ACPI: property: Constify stubs for CONFIG_ACPI=n case
  (git-fixes).
- ACPI: APEI: fix synchronous external aborts in user-mode
  (git-fixes).
- ACPI: sysfs: Fix a buffer overrun problem with
  description_show() (git-fixes).
- cpufreq: sc520_freq: add 'fallthrough' to one case (git-fixes).
- ata: ahci_sunxi: Disable DIPM (git-fixes).
- commit 4b20cc3
- media: siano: Fix out-of-bounds warnings in
  smscore_load_firmware_family2() (git-fixes).
- media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx
  (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- media: gspca/sunplus: fix zero-length control requests
  (git-fixes).
- media: gspca/gl860: fix zero-length control requests
  (git-fixes).
- media: gspca/sq905: fix control-request direction (git-fixes).
- media: dtv5100: fix control-request directions (git-fixes).
- hwmon: (max31790) Fix fan speed reporting for fan7..12
  (git-fixes).
- hwmon: (max31722) Remove non-standard ACPI device IDs
  (git-fixes).
- commit 655a2af
- media: zr364xx: fix memory leak in zr364xx_start_readpipe
  (git-fixes).
- media: tc358743: Fix error return code in tc358743_probe_of()
  (git-fixes).
- media: au0828: fix a NULL vs IS_ERR() check (git-fixes).
- media: exynos4-is: Fix a use after free in isp_video_release
  (git-fixes).
- media: dvb-usb: fix wrong definition (git-fixes).
- media: rc: i2c: Fix an error message (git-fixes).
- media: I2C: change 'RST' to "/RSET"/ to fix multiple build errors
  (git-fixes).
- mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
- mmc: vub3000: fix control-request direction (git-fixes).
- mmc: usdhi6rol0: fix error return code in usdhi6_probe()
  (git-fixes).
- commit 0231cde
- spi: stm32-qspi: Remove unused qspi field of struct
  stm32_qspi_flash (git-fixes).
- spi: tegra114: Fix an error message (git-fixes).
- spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
- regulator: hi655x: Fix pass wrong pointer to config.driver_data
  (git-fixes).
- mmc: block: Disable CMDQ on the ioctl path (git-fixes).
- pinctrl: stm32: fix the reported number of GPIO lines per bank
  (git-fixes).
- i2c: robotfuzz-osif: fix control-request directions (git-fixes).
- i2c: dev: Add __user annotation (git-fixes).
- commit c37129c
- can: bcm: delay release of struct bcm_op after synchronize_rcu()
  (CVE-2021-3609 bsc#1187215).
- commit a57ee2f
- Input: joydev - prevent use of not validated data in
  JSIOCSBTNMAP ioctl (CVE-2021-3612 bsc#1187585).
- commit 64519f9
- blacklist.conf: Append 'drm/vc4: hdmi: Move the HSM clock enable to runtime_pm'
- commit 23b3543
- drm/vc4: hdmi: Make sure the controller is powered in detect (bsc#1152489)
  Backporting changes:
  * context changes
  * vc4_hdmi -> vc4->hdmi
- commit 84c924f
- drm/amdgpu: Don't query CE and UE errors (bsc#1152472)
  Backporting changes:
  * unsigned long -> uint32_t
- commit 1637ecb
- amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create (bsc#1152472)
  Backporting changes:
  * context changes
- commit f40c83c
- drm/msm: Small msm_gem_purge() fix (bsc#1152489)
  Backporting changes:
  * context changes
  * GEM_WARN_ON() -> WARN_ON()
- commit f02a5b9
- drm/radeon: Fix a missing check bug in radeon_dp_mst_detect() (bsc#1152489)
  Backporting changes:
  * context changes
- commit fee040e
- blacklist.conf: Append 'drm/vc4: hdmi: Restore cec physical address on reconnect'
- commit b32f423
- Update patch reference for patches.suse/module-limit-enabling-module.sig_enforce.patch
  (git-fixes, CVE-2021-35039, bsc#1188080).
- commit 8d3fd9b
- blacklist.conf: Append 'drm/vc4: crtc: Reduce PV fifo threshold on hvs4'
- commit 3780e05
- tpm, tpm_tis: Reserve locality in tpm_tis_resume()
  (bsc#1188036).
- tpm, tpm_tis: Extend locality handling to TPM2 in
  tpm_tis_gen_interrupt() (bsc#1188036).
- tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with
  request_locality() (bsc#1188036).
- tpm, tpm_tis: Decorate tpm_get_timeouts() with
  request_locality() (bsc#1188036).
- commit 2c323b1
- drm: bridge/panel: Cleanup connector on bridge detach (bsc#1152489)
  Backporting changes:
  * context changes
- commit b16ae28
- drm/mcde/panel: Inverse misunderstood flag (bsc#1152472)
  Backporting changes:
  * only panel-samsung-s6d16d0.c exists
- commit 83514d0
- drm/stm: Fix bus_flags handling (bsc#1152472)
- commit eaa7b7a
- usb: typec: tcpm: Move
  mod_delayed_work(&port->vdm_state_machine) call into
  tcpm_queue_vdm() (git-fixes).
- Refresh
  patches.suse/usb-typec-tcpm-Refactor-tcpm_handle_vdm_request-payl.patch.
- Refresh
  patches.suse/usb-typec-tcpm-Refactor-tcpm_handle_vdm_request.patch.
- commit 25ab009
- usb: typec: tcpm: Error handling for
  tcpm_register_partner_altmodes (git-fixes).
- commit d172a56
- usb: typec: tcpm: move to SNK_UNATTACHED if sink removed for
  DRP (git-fixes).
- commit 44e186b
- usb: typec: tcpm: set correct data role for non-DRD (git-fixes).
- commit d27b294
- usb: typec: tcpm: Remove tcpc_config configuration mechanism
  (git-fixes).
- commit 20564c3
- usb: typec: tcpm: Switch to use fwnode_property_count_uXX()
  (git-fixes).
- commit 69ab721
- usb: typec: tcpm: Refactor tcpm_handle_vdm_request (git-fixes).
- commit b4b2308
- usb: typec: tcpm: Refactor tcpm_handle_vdm_request payload
  handling (git-fixes).
- commit 9417ed4
- usb: typec: ucsi: Put fwnode in any case during ->probe()
  (git-fixes).
- commit ec4c8d0
- usb: typec: ucsi: Hold con->lock for the entire duration of
  ucsi_register_port() (git-fixes).
- commit 9f0dcac
- usb: typec: tcpm: update power supply once partner accepts
  (git-fixes).
- commit 54348d7
- docs: admin-guide: update description for kernel.hotplug sysctl
  (git-fixes).
- blacklist.conf: we do ship the kernel sources and the documentation.
  They may just as well be up to date.
- commit 7d1b971
- series.conf: cleanup
- update upstream references and resort:
  patches.suse/scsi-ibmvfc-Avoid-move-login-if-fast-fail-is-enabled.patch
  patches.suse/scsi-ibmvfc-Handle-move-login-failure.patch
  patches.suse/scsi-ibmvfc-Reinit-target-retries.patch
  patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch
  patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch
  patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch
  patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch
  patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch
  patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch
  patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch
  patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch
  patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch
  patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch
  patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch
  patches.suse/scsi-scsi_dh_alua-Retry-RTPG-on-a-different-path-aft.patch
- commit 9a3a833
- fix patch metadata
- fix Patch-mainline and move to "/almost mainline"/ section:
  patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch
- commit 81935f9
- blacklist.conf: 1e886090cefe docs: admin-guide: update description for kernel.hotplug sysctl
- commit 1332420
- blacklist.conf: 89f5f8fb5bf4 EDAC/thunderx: Remove irrelevant variable from error messages
- commit 7c3f543
- blacklist.conf: d8778e393afa x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer
- commit 07e7bbd
- x86/pkru: Write hardware init value to PKRU when xstate is init
  (bsc#1152489).
- commit 05b202a
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
- commit bc82289
- cgroup1: don't allow 'n' in renaming (bsc#1187972).
- commit 31d330a
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
  bsc#1185486).
- commit 8249f86
- x86/process: Check PF_KTHREAD and not current->mm for kernel
  threads (bsc#1152489).
- commit f14058e
- kernel-binary.spec: Remove obsolete and wrong comment
  mkmakefile is repleced by echo on newer kernel
- commit d9209e7
- ceph: must hold snap_rwsem when filling inode for async create
  (bsc#1187927).
- commit 288e232
- ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114
  ltc#192237).
- ibmvnic: fix send_request_map incompatible argument (bsc#1184114
  ltc#192237).
- ibmvnic: fix kernel build warnings in build_hdr_descs_arr
  (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
- ibmvnic: fix kernel build warning in strncpy (bsc#1184114
  ltc#192237).
- ibmvnic: Allow device probe if the device is not ready at boot
  (bsc#1184114 ltc#192237).
- ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c
  (bsc#1184114 ltc#192237).
- commit 6f12df4
- series.conf: cleanup
- update upstream reference and resort:
  patches.suse/Revert-ibmvnic-simplify-reset_long_term_buff-functio.patch
- commit dc51831
- ibmvnic: account for bufs already saved in indir_buf
  (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290).
- ibmvnic: clean pending indirect buffs during reset
  (jsc#SLE-17268 jsc#SLE-17043 bsc#1179243 ltc#189290).
- commit 4925dab
- fix patch metadata
- fix upstream reference:
  patches.suse/bpfilter-Specify-the-log-level-for-the-kmsg-message.patch
- commit 4e6fe72
- ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224
  ltc#164363).
- commit badd4e0
- ibmvnic: parenthesize a check (bsc#1184114 ltc#192237
  bsc#1183871 ltc#192139 git-fixes).
- ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840
  ltc#167098).
- Revert "/ibmvnic: remove duplicate napi_schedule call in open
  function"/ (bsc#1065729).
- commit e5fa23c
- series.conf: cleanup
- update upstream references and resort:
  patches.suse/0001-ipmi-watchdog-Stop-watchdog-timer-when-the-current-a.patch
  patches.suse/block-return-the-correct-bvec-when-checking-for-gaps.patch
  patches.suse/ibmvnic-remove-default-label-from-to_string-switch.patch
  patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch
- commit fc2830a
- bpfilter: Specify the log level for the kmsg message
  (bsc#1155518).
- commit a6b5aff
- Blacklisted SCSI ufs core patch: way out of context.
- commit 33b89f4
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration
  (bsc#1187886).
- commit bf3226e
- Blacklisted libsas new gfp variant patches
- commit 7d45a44
- scsi: core: Fix race between handling STS_RESOURCE and
  completion (bsc#1187883).
- Refresh
  patches.suse/scsi_dh_alua-return-BLK_STS_AGAIN-for-ALUA-transitio.patch.
- commit 1a66f28
- Blacklisted scsi commit that should be skipped.
- commit 6c0722b
- kthread: prevent deadlock when kthread_mod_delayed_work()
  races with kthread_cancel_delayed_work_sync() (bsc#1187867).
- commit 4323f85
- kthread_worker: split code for canceling the delayed work timer
  (bsc#1187867).
- commit f950430
- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
- commit fa16d18
- Revert "/ibmvnic: simplify reset_long_term_buff function"/
  (bsc#1186206 ltc#191041).
- commit ae5a395
- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
- scsi: ufs: Fix imprecise load calculation in devfreq window
  (bsc#1187795).
- commit 51e8b33
- Blacklisted commit already removed, to keep it away
- commit 2ac8cfe
- s390/stack: fix possible register corruption with stack switch
  helper (bsc#1185677).
- commit d57c991
- Revert "/video: imsttfb: fix potential NULL pointer dereferences"/ (bsc#1152489)
- commit cb44bac
- kernel: kexec_file: fix error return code of
  kexec_calculate_store_digests() (git-fixes).
- commit c886494
- blacklist.conf: Add amdgpu entries that have been reverted (git-fixes)
- commit 41610da
- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk
  (git-fixes).
- commit c1d2306
- Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
  This patch was suggested as a git-fix for SLE15-SP2, but the
  commits it fixes are not present there.
- commit fc1818c
- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix TQM fastpath ring backing store computation
  (jsc#SLE-8371 bsc#1153274).
- bnxt_en: Rediscover PHY capabilities after firmware reset
  (jsc#SLE-8371 bsc#1153274).
- cxgb4: fix wrong shift (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
  (git-fixes).
- qlcnic: Fix an error handling path in 'qlcnic_probe()'
  (git-fixes).
- net/mlx5e: Block offload of outer header csum for UDP tunnels
  (git-fixes).
- net/mlx5: Consider RoCE cap before init RDMA resources
  (git-fixes).
- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
- net/mlx5e: Remove dependency in IPsec initialization flows
  (git-fixes).
- ice: add ndo_bpf callback for safe mode netdev ops
  (jsc#SLE-7926).
- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
- vrf: fix maximum MTU (git-fixes).
- net/mlx5: Fix PBMC register mapping (git-fixes).
- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa
  (git-fixes).
- commit 060a647
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- commit ce71c77
- PCI: aardvark: Don't rely on jiffies while holding spinlock
  (git-fixes).
- commit 1bd7ff7
- spi: spi-nxp-fspi: move the register operation after the clock
  enable (git-fixes).
- Revert "/PCI: PM: Do not read power state in
  pci_enable_device_flags()"/ (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
- spi: stm32-qspi: Always wait BUSY bit to be cleared in
  stm32_qspi_wait_cmd() (git-fixes).
- regulator: bd70528: Fix off-by-one for buck123 .n_voltages
  setting (git-fixes).
- commit 8ac9ce3
- cfg80211: make certificate generation more robust (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum
  (git-fixes).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- ASoC: rt5659: Fix the lost powers for the HDA header
  (git-fixes).
- hwmon: (scpi-hwmon) shows the negative temperature properly
  (git-fixes).
- commit ed194e5
- fix patches metadata
- fix Patch-mainline:
  patches.suse/NFS-Fix-a-potential-NULL-dereference-in-nfs_get_clie.patch
  patches.suse/NFS-Fix-use-after-free-in-nfs4_init_client.patch
  patches.suse/NFSv4-Fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch
  patches.suse/SUNRPC-Handle-major-timeout-in-xprt_adjust_timeout.patch
- commit e5e0666
- series.conf: cleanup
- update upstream reference and resort:
  patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch
- commit cafffbc
- video: hgafb: correctly handle card detect failure during probe
  (git-fixes).
- commit 55f7ec7
- Bluetooth: use correct lock to prevent UAF of hdev object
  (git-fixes).
- video: hgafb: fix potential NULL pointer dereference
  (git-fixes).
- Revert "/video: hgafb: fix potential NULL pointer dereference"/
  (git-fixes).
- commit 83627e7
- module: limit enabling module.sig_enforce (git-fixes).
- commit 7f30f5d
- Bluetooth: use correct lock to prevent UAF of hdev object
  (bsc#1186666 CVE-2021-3573).
- commit 6781ea8
- blacklist.conf: Add unwanted commits
- commit 1da6dbc
- NFSv4: Fix deadlock between nfs4_evict_inode() and
  nfs4_opendata_get_inode() (git-fixes).
- NFS: Fix a potential NULL dereference in nfs_get_client()
  (git-fixes).
- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
- commit 3478e99
- blk-mq: Rerun dispatching in the case of budget contention
  (bsc#1180092).
- blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
- blk-mq: In blk_mq_dispatch_rq_list() "/no budget"/ is a reason
  to kick (bsc#1180092).
- commit e31a7fc
- blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no
  budget (bsc#1180092).
- commit ccd1ac3
- blk-mq: insert flush request to the front of dispatch queue
  (bsc#1180092).
- commit acc744b
- blk-mq: insert passthrough request into hctx->dispatch directly
  (bsc#1180092).
- Refresh
  patches.suse/blk-mq-call-commit_rqs-while-list-empty-but-error-ha.patch.
- Refresh
  patches.suse/blk-mq-insert-request-not-through-queue_rq-into-sw-s.patch.
- commit 4ba4b0f
- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
  Reduce delta to mainline
  Refresh patches.suse/lib-vdso-Prepare-for-time-namespace-support.patch.
- commit 7b06299
- Update patch reference for net keys fix (CVE-2021-0605 bsc#1187601)
- commit 7bb3e99
- Update patch reference for HID security fix (CVE-2021-0512 bsc#1187595)
- commit 0506954
- bpf: Fix leakage under speculation on mispredicted branches
  (bsc#1187554,CVE-2021-33624).
- commit 7949a37
- patches.suse/0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch:
  (bsc#1187263).
- commit 349dc99
- tracing: Do no increment trace_clock_global() by one
  (git-fixes).
- commit 17da93e
- tracing: Do not stop recording comms if the trace file is
  being read (git-fixes).
- commit 7d357b1
- tracing: Do not stop recording cmdlines when tracing is off
  (git-fixes).
- commit 3306bfd
- HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
  (git-fixes).
- commit c5019d9
- dt-bindings: reset: meson8b: fix duplicate reset IDs
  (git-fixes).
- commit cfc2db2
- usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
- commit 35719e0
- usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
- commit 9306e13
- SUNRPC: Handle major timeout in xprt_adjust_timeout()
  (git-fixes).
- commit 87fe1f5
- series.conf: cleanup
- update upstream references and move into sorted section:
  patches.suse/xfrm-policy-Read-seqcount-outside-of-rcu-read-side-i.patch
- commit 3bedaae
- usb: core: hub: Disable autosuspend for Cypress CY7C65632
  (git-fixes).
- net/x25: Return the correct errno code (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- commit be65fa1
- cfg80211: avoid double free of PMSR request (git-fixes).
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
- drm/amd/display: Allow bandwidth validation for 0 streams
  (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure
  (git-fixes).
- HID: hid-input: add mapping for emoji picker key (git-fixes).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65
  (git-fixes).
- commit c7889a3
- can: bcm: fix infoleak in struct bcm_msg_head (CVE-2021-34693
  bsc#1187452).
- commit 02583ee
- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
- commit 9bd57ed
- blacklist.conf: the driver has not been converted to new error codes
- commit 5e49259
- UsrMerge the kernel (boo#1184804)
- Move files in /boot to modules dir
  The file names in /boot are included as %ghost links. The %post script
  creates symlinks for the kernel, sysctl.conf and System.map in
  /boot for compatibility. Some tools require adjustments before we
  can drop those links. If boot is a separate partition, a copy is
  used instead of a link.
  The logic for /boot/vmlinuz and /boot/initrd doesn't change with
  this patch.
- Use /usr/lib/modules as module dir when usermerge is active in the
  target distro.
- commit 6f5ed04
- usb: gadget: eem: fix wrong eem header operation (git-fixes).
- commit 88ac26b
- usb: fix various gadget panics on 10gbps cabling (git-fixes).
- commit 43c2b75
- usb: f_ncm: only first packet of aggregate needs to start timer
  (git-fixes).
- commit 6960da4
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
  (git-fixes).
- commit 4b0a18c
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
  (git-fixes).
- commit a61b441
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
  (git-fixes).
- commit f1cf5e2
- usb: dwc3: ep0: fix NULL pointer exception (git-fixes).
- usb: gadget: eem: fix wrong eem header operation (git-fixes).
- usb: fix various gadget panics on 10gbps cabling (git-fixes).
- usb: f_ncm: only first packet of aggregate needs to start timer
  (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID
  (git-fixes).
- commit 6edf7f4
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus
  (git-fixes).
- usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
  (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- commit 623c00b
- dmaengine: stedma40: add missing iounmap() on error in
  d40_probe() (git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
  (git-fixes).
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830
  tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L
  tablet (git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- commit 2b181d0
- media: mtk-mdp: Fix a refcounting bug on error in init
  (git-fixes).
- commit 1d82c71
- media: mtk-mdp: Check return value of of_clk_get (git-fixes).
- commit f37fbe9
- media: s5p-g2d: Fix a memory leak in an error handling path in
  'g2d_probe()' (git-fixes).
- commit 08513d7
- usb: dwc3: debugfs: Add and remove endpoint dirs dynamically
  (git-fixes).
- commit 08559a5
- dax: Add a wakeup mode parameter to put_unlocked_entry()
  (bsc#1187411).
- commit 31da646
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- commit 1d4c2a3
- tracing: Correct the length check which causes memory corruption
  (git-fixes).
- commit 0072a4b
- tracing: Restructure trace_clock_global() to never block
  (git-fixes).
- commit 6d6d42d
- ftrace: Free the trampoline when ftrace_startup() fails
  (git-fixes).
- commit 533e192
- blacklist.conf: 75d3e7f4769d ("/s390/test_unwind: fix possible memleak in test_unwind()"/)
  We build test_unwind kernel module out of tree.
- commit abf9977
- ftrace: Do not blindly read the ip address in ftrace_bug()
  (git-fixes).
- commit 31cd567
- Revert "/ecryptfs: replace BUG_ON with error handling code"/
  (bsc#1187413).
- commit 7387ee5
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- commit 684ec92
- dax: Wake up all waiters after invalidating dax entry
  (bsc#1187411).
- commit 42391aa
- fs: fix reporting supported extra file attributes for statx()
  (bsc#1187410).
- commit 36f6f1f
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- commit d8152b1
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at
  failed (bsc#1187408).
- commit 41eb311
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- commit 350d1b1
- ext4: fix check to prevent false positive report of incorrect
  used inodes (bsc#1187404).
- commit 57c9a0a
- kyber: fix out of bounds access when preempted (bsc#1187403).
- commit 491df1f
- block: Discard page cache of zone reset target range
  (bsc#1187402).
- commit 74c08d5
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- commit 6b30fe5
- xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675).
- commit 96f285d
- Updated patch-mainline tags.
  Also moved the affected patches into the sorted section.
  Change in patch order moved devm_rpi_firmware_put but it aligns with
  mainline.
- commit 000116c
- fuse: BUG_ON correction in fuse_dev_splice_write()
  (bsc#1187356).
- commit d2e5d40
- sched/debug: Fix cgroup_path[] serialization (git-fixes)
- commit 24c7edf
- blacklist.conf: We don't support uclamp
- commit 0b70e65
- blacklist.conf: We have CONFIG_JUMP_LABEL
- commit 093a643
- series.conf: cleanup
- update upstream references and move into sorted section:
  patches.suse/mac80211-add-fragment-cache-to-sta_info.patch
  patches.suse/mac80211-assure-all-fragments-are-encrypted.patch
  patches.suse/mac80211-check-defrag-PN-against-current-frame.patch
  patches.suse/mac80211-do-not-accept-forward-invalid-EAPOL-frames.patch
  patches.suse/mac80211-drop-A-MSDUs-on-old-ciphers.patch
  patches.suse/mac80211-extend-protection-against-mixed-key-and-fra.patch
  patches.suse/mac80211-prevent-attacks-on-TKIP-WEP-as-well.patch
  patches.suse/mac80211-prevent-mixed-key-and-fragment-cache-attack.patch
  patches.suse/mac80211-properly-handle-A-MSDUs-that-start-with-an-.patch
  No effect on expanded tree.
- commit 9fdca2b
- series.conf: cleanup
  Move a SUSE specific patch ("/Patch-mainline: Never..."/) to corresponding
  per-subsystem section.
- commit 811dc9a
- fix patch metadata
- fix Patch-mainline:
  patches.suse/RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch
- commit c80eef0
- series.conf: cleanup
  Move a queued patch to "/almost mainline"/ section.
- commit a847492
- blacklist: add commit 4f06dd92b5d0 ("/fuse: fix write deadlock"/)
  This is an ancient bug (from v2.6.26) which require extra backports.  Not
  worth the risk introducing new regressions.
- commit f0ede60
- rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
  The previous commit made a module wrongly into Module.optional.
  Although it didn't influence on the end result, better to fix it.
  Also, add a comment to explain the markers briefly.
- commit 8f79742
- block: return the correct bvec when checking for gaps
  (bsc#1187144).
- commit 22678f9
- Update patches.suse/scsi-qla2xxx-Reserve-extra-IRQ-vectors.patch
  (bsc#1184436 bsc#1186286).
- commit 3b95648
- sched/fair: Make sure to update tg contrib for blocked load (git-fixes)
- commit 9eeb58b
- sched/fair: Keep load_avg and load_sum synced (git-fixes)
- commit 8888330
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
  (git-fixes).
- usb: typec: mux: Fix copy-paste mistake in typec_mux_match
  (git-fixes).
- usb: typec: ucsi: Clear PPM capability data in ucsi_init()
  error path (git-fixes).
- usb: typec: wcove: Use LE to CPU conversion when accessing
  msg->header (git-fixes).
- usb: fix various gadgets null ptr deref on 10gbps cabling
  (git-fixes).
- USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes).
- USB: serial: quatech2: fix control-request directions
  (git-fixes).
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- staging: rtl8723bs: Fix uninitialized variables (git-fixes).
- commit b524f7e
- Add arch-dependent support markers in supported.conf (bsc#1186672)
  We may need to put some modules as supported only on specific archs.
  This extends the supported.conf syntax to allow to put +arch additionally
  after the unsupported marker, then it'll be conditionally supported on
  that arch.
- commit 8cbdb41
- Create Symbols.list and ipa-clones.list determistically
  without this patch, filesystem readdir order would influence
  order of entries in these files.
  This patch was done while working on reproducible builds for SLE.
- commit a898b6d
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (bsc#1187050, CVE-2020-36385)
- commit d630126
- Update
  patches.suse/Bluetooth-SMP-Fail-if-remote-and-local-public-keys-a.patch
  (bsc#1186463 CVE-2021-0129 CVE-2020-26558).
- commit 3b40194
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- ALSA: timer: Fix master timer notification (git-fixes).
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx
  (git-fixes).
- drm/amdgpu: make sure we unpin the UVD BO (git-fixes).
- vfio/platform: fix module_put call in error flow (git-fixes).
- vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
- vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
- HID: multitouch: require Finger field to mark Win8 reports as MT
  (git-fixes).
- commit 64bd478
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure
  (bsc#1174978 bsc#1185701).
- commit 36cc9f2
- kernel-binary.spec.in: Add Supplements: for -extra package on Leap
  kernel-$flavor-extra should supplement kernel-$flavor on Leap, like
  it does on SLED, and like the kernel-$flavor-optional package does.
- commit c60d87f
- perf/x86/intel/uncore: Remove uncore extra PCI dev
  HSWEP_PCI_PCU_3 (bsc#1184685).
- commit 1c4876a
- block: return the correct bvec when checking for gaps
  (bsc#1187143).
- commit 1a99a11
- series: Resort and update metadata
  Resort series.conf and update meta data:
  patches.suse/scsi-lpfc-Add-a-option-to-enable-interlocked-ABTS-be.patch
  patches.suse/scsi-lpfc-Add-ndlp-kref-accounting-for-resume-RPI-pa.patch
  patches.suse/scsi-lpfc-Fix-Node-recovery-when-driver-is-handling-.patch
  patches.suse/scsi-lpfc-Fix-Unexpected-timeout-error-in-direct-att.patch
  patches.suse/scsi-lpfc-Fix-crash-when-lpfc_sli4_hba_setup-fails-t.patch
  patches.suse/scsi-lpfc-Fix-node-handling-for-Fabric-Controller-an.patch
  patches.suse/scsi-lpfc-Fix-non-optimized-ERSP-handling.patch
  patches.suse/scsi-lpfc-Fix-unreleased-RPIs-when-NPIV-ports-are-cr.patch
  patches.suse/scsi-lpfc-Ignore-GID-FT-response-that-may-be-receive.patch
  patches.suse/scsi-lpfc-Reregister-FPIN-types-if-ELS_RDF-is-receiv.patch
  patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.10.patch
- commit f894385
- cxgb4: avoid link re-train during TC-MQPRIO configuration
  (jsc#SLE-8389).
- ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926).
- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
  (git-fixes).
- net/mlx5: DR, Create multi-destination flow table with level
  less than 64 (jsc#SLE-8464).
- ixgbe: fix large MTU request from VF (git-fixes).
- cxgb4: avoid accessing registers when clearing filters
  (git-fixes).
- net/mlx5e: Fix multipath lag activation (git-fixes).
- net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes).
- net: hns3: put off calling register_netdev() until client
  initialize complete (bsc#1154353).
- gve: Correct SKB queue index validation (git-fixes).
- gve: Upgrade memory barrier in poll routine (git-fixes).
- gve: Add NULL pointer checks when freeing irqs (git-fixes).
- gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes).
- net: bnx2: Fix error return code in bnx2_init_board()
  (git-fixes).
- net/mlx4: Fix EEPROM dump support (git-fixes).
- Revert "/net: liquidio: fix a NULL pointer dereference"/
  (git-fixes).
- Revert "/qlcnic: Avoid potential NULL pointer dereference"/
  (git-fixes).
- net: hns3: Limiting the scope of vector_ring_chain variable
  (git-fixes).
- commit 4451268
- btrfs: open device without device_list_mutex  (bsc#1176771).
- commit c922550
- vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes).
- commit 50e12e5
- regulator: max77620: Use device_set_of_node_from_dev()
  (git-fixes).
- regulator: core: resolve supply for boot-on/always-on regulators
  (git-fixes).
- commit a6466ca
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
  (bsc#1187068).
- scsi: be2iscsi: Revert "/Fix a theoretical leak in
  beiscsi_create_eqs()"/ (bsc#1187067).
- scsi: ufs: Make ufshcd_print_trs() consider
  UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069).
- scsi: aacraid: Fix an oops in error handling (bsc#1187072).
- commit a34cc53
- Update patch reference for a BT fix (CVE-2020-36386 bsc#1187038)
- commit 673eac4
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to
  signal (git-fixes).
- commit 12081a6
- scsi: ufs: core: Narrow down fast path in system suspend path
  (bsc#1186996).
- scsi: sni_53c710: Add IRQ check (bsc#1186990).
- scsi: sun3x_esp: Add IRQ check (bsc#1186991).
- scsi: jazz_esp: Add IRQ check (bsc#1186965).
- scsi: hisi_sas: Fix IRQ checks (bsc#1186963).
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
  (bsc#1186978).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues()
  (bsc#1186984).
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context
  (bsc#1186977).
- scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980).
- scsi: sd: Fix Opal support (bsc#1186989).
- scsi: bnx2fc: Fix Kconfig warning & CNIC build errors
  (bsc#1186955).
- scsi: lpfc: Fix ancient double free (bsc#1186969).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression
  (bsc#1186973).
- scsi: cxgb4i: Fix TLS dependency (bsc#1186960).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962).
- scsi: pm80xx: Fix error return in pm8001_pci_probe()
  (bsc#1186981).
- scsi: qedi: Fix missing destroy_workqueue() on error in
  __qedi_probe (bsc#1186985).
- scsi: qla4xxx: Remove in_interrupt() (bsc#1186987).
- scsi: hisi_sas: Remove preemptible() (bsc#1186964).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1186970).
- scsi: libfc: Fix enum-conversion warning (bsc#1186966).
- scsi: bnx2i: Requires MMU (bsc#1186956).
- scsi: mpt3sas: Fix ioctl timeout (bsc#1186979).
- scsi: ufs: Fix race between shutdown and runtime resume flow
  (bsc#1186998).
- scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954).
- scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
  (bsc#1186953).
- scsi: aacraid: Remove erroneous fallthrough annotation
  (bsc#1186950).
- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
  (bsc#1186957).
- scsi: qla4xxx: Fix an error handling path in
  'qla4xxx_get_host_stats()' (bsc#1186986).
- scsi: ufs: Properly release resources if a task is aborted
  successfully (bsc#1187001).
- scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
  (bsc#1186967).
- scsi: megaraid_sas: Don't call disable_irq from process IRQ poll
  (bsc#1186972).
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as
  NODATA (bsc#1186968).
- scsi: mesh: Fix panic after host or bus reset (bsc#1186976).
- scsi: megaraid_sas: Clear affinity hint (bsc#1186971).
- scsi: scsi_debug: Add check for sdebug_max_queue during module
  init (bsc#1186988).
- scsi: eesox: Fix different dev_id between request_irq() and
  free_irq() (bsc#1186961).
- scsi: powertec: Fix different dev_id between request_irq()
  and free_irq() (bsc#1186982).
- scsi: cumana_2: Fix different dev_id between request_irq()
  and free_irq() (bsc#1186958).
- scsi: ufs: Add quirk to fix abnormal ocs fatal error
  (bsc#1186994).
- scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk
  (bsc#1187000).
- scsi: ufs: Add quirk to enable host controller without hce
  (bsc#1186993).
- scsi: ufs: Add quirk to disallow reset of interrupt aggregation
  (bsc#1186992).
- scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr
  (bsc#1186995).
- scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro
  (bsc#1186974).
- scsi: acornscsi: Fix an error handling path in acornscsi_probe()
  (bsc#1186952).
- scsi: ufs: Don't update urgent bkops level when toggling auto
  bkops (bsc#1186997).
- scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959).
- scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002).
- scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951).
- scsi: qedi: Check for buffer overflow in qedi_set_path()
  (bsc#1186983).
- Revert "/scsi: core: run queue if SCSI device queue isn't ready
  and queue is idle"/ (bsc#1186949).
- scsi: ufshcd: use an enum for quirks (bsc#1186999).
- commit 063da01
- scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
- scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
- commit df14b8a
- blacklist: Add not necessary git-fixes
- commit 203b357
- wireguard: allowedips: initialize list head in selftest
  (git-fixes).
- wireguard: peer: allocate in kmem_cache (git-fixes).
- wireguard: use synchronize_net rather than synchronize_rcu
  (git-fixes).
- wireguard: do not use -O3 (git-fixes).
- wireguard: selftests: make sure rp_filter is disabled on vethc
  (git-fixes).
- wireguard: selftests: remove old conntrack kconfig value
  (git-fixes).
- wireguard: queueing: get rid of per-peer ring buffers
  (git-fixes).
- wireguard: peer: put frequently used members above cache lines
  (git-fixes).
- commit f17f786
- pid: take a reference when initializing `cad_pid` (bsc#1152489).
- commit 7fbca02
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
  (bsc#1152489).
- commit 76a898b
- NFC: SUSE specific brutal fix for runtime PM (bsc#1185589).
- commit c32c592
- x86/fault: Don't send SIGSEGV twice on SEGV_PKUERR
  (bsc#1152489).
- commit e986350
- config: refresh
- drop PCIE_BW (removed by a backported patch)
- commit 8a54d2d
- fix patches metadata
- fix Patch-mainline:
  patches.suse/NFS-Deal-correctly-with-attribute-generation-counter.patch
  patches.suse/NFS-Don-t-corrupt-the-value-of-pg_bytes_written-in-n.patch
  patches.suse/NFS-Don-t-discard-pNFS-layout-segments-that-are-mark.patch
  patches.suse/NFS-Don-t-gratuitously-clear-the-inode-cache-when-lo.patch
  patches.suse/NFS-Don-t-revalidate-the-directory-permissions-on-a-.patch
  patches.suse/NFS-Fix-an-Oopsable-condition-in-__nfs_pageio_add_re.patch
  patches.suse/NFS-fix-an-incorrect-limit-in-filelayout_decode_layo.patch
  patches.suse/NFSD-Repair-misuse-of-sv_lock-in-5.10.16-rt30.patch
  patches.suse/NFSv4-Don-t-discard-segments-marked-for-return-in-_p.patch
  patches.suse/NFSv4-Fix-a-NULL-pointer-dereference-in-pnfs_mark_ma.patch
  patches.suse/NFSv4-Fix-v4.0-v4.1-SEEK_DATA-return-ENOTSUPP-when-s.patch
  patches.suse/NFSv4.2-Always-flush-out-writes-in-nfs42_proc_falloc.patch
  patches.suse/NFSv4.2-fix-handling-of-sr_eof-in-SEEK-s-reply.patch
  patches.suse/NFSv4.2-fix-return-value-of-_nfs4_get_security_label.patch
  patches.suse/NFSv42-Copy-offload-should-update-the-file-size-when.patch
  patches.suse/SUNRPC-Move-fault-injection-call-sites.patch
  patches.suse/SUNRPC-Set-memalloc_nofs_save-for-sync-tasks.patch
  patches.suse/fs-nfs-Use-fatal_signal_pending-instead-of-signal_pe.patch
  patches.suse/md-Fix-missing-unused-status-line-of-proc-mdstat.patch
  patches.suse/nfsd-register-pernet-ops-last-unregister-first.patch
  patches.suse/pNFS-NFSv4-Fix-a-layout-segment-leak-in-pnfs_layout_.patch
  patches.suse/pNFS-flexfiles-fix-incorrect-size-check-in-decode_nf.patch
  patches.suse/sunrpc-fix-refcount-leak-for-rpc-auth-modules.patch
  patches.suse/svcrdma-disable-timeouts-on-rdma-backchannel.patch
  patches.suse/x86-fix-seq_file-iteration-for-pat-memtype.c.patch
  patches.suse/xprtrdma-Avoid-Receive-Queue-wrapping.patch
  patches.suse/xprtrdma-rpcrdma_mr_pop-already-does-list_del_init.patch
- commit 08c81db
- fix patch metadata
- fix Patch-mainline:
  patches.suse/pm-sleep-add-pm_debug_messages-kernel-command-line-option.patch
- commit 9d4ad2b
- kABI workaround for struct lis3lv02d change (git-fixes).
- commit b20df4c
- bus: ti-sysc: Fix flakey idling of uarts and stop using
  swsup_sidle_act (git-fixes).
- i2c: qcom-geni: Suspend and resume the bus during
  SYSTEM_SLEEP_PM ops (git-fixes).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after
  failed connect (git-fixes).
- ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes).
- commit 957e0af
- thermal/drivers/intel: Initialize RW trip to
  THERMAL_TEMP_INVALID (git-fixes).
- serial: rp2: use 'request_firmware' instead of
  'request_firmware_nowait' (git-fixes).
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC
  (git-fixes).
- USB: serial: ti_usb_3410_5052: add startech.com device id
  (git-fixes).
- USB: serial: option: add Telit LE910-S1 compositions 0x7010,
  0x7011 (git-fixes).
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products
  (git-fixes).
- USB: usbfs: Don't WARN about excessively large memory
  allocations (git-fixes).
- serial: max310x: unregister uart driver in case of failure
  and abort (git-fixes).
- Revert "/serial: max310x: pass return value of
  spi_register_driver"/ (git-fixes).
- usb: core: reduce power-on-good delay time of root hub
  (git-fixes).
- commit 5cd70a0
- mei: request autosuspend after sending rx flow control
  (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad
  7.0 W700 tablet (git-fixes).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for
  ACPI (git-fixes).
- platform/x86: hp-wireless: add AMD's hardware id to the
  supported list (git-fixes).
- platform/x86: hp_accel: Avoid invoking _INI to speed up resume
  (git-fixes).
- media: gspca: properly check for errors in po1030_probe()
  (git-fixes).
- Revert "/media: gspca: Check the return value of write_bridge
  for timeout"/ (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout
  (git-fixes).
- Revert "/media: gspca: mt9m111: Check write_bridge for timeout"/
  (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- commit c7b5e47
- gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes).
- Revert "/media: dvb: Add check on sp8870_readreg"/ (git-fixes).
- libertas: register sysfs groups properly (git-fixes).
- Revert "/libertas: add checks for the return value of
  sysfs_create_group"/ (git-fixes).
- isdn: mISDN: correctly handle ph_info allocation failure in
  hfcsusb_ph_info (git-fixes).
- Revert "/isdn: mISDN: Fix potential NULL pointer dereference
  of kzalloc"/ (git-fixes).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly
  in setup_io (git-fixes).
- Revert "/isdn: mISDNinfineon: fix potential NULL pointer
  dereference"/ (git-fixes).
- Revert "/media: usb: gspca: add a missed check for
  goto_low_power"/ (git-fixes).
- commit 337d971
- cfg80211: mitigate A-MSDU aggregation attacks (CVE-2020-24588
  bsc#1185861).
- drm/amd/amdgpu: fix a potential deadlock in gpu reset
  (git-fixes).
- drm/amdgpu: Fix a use-after-free (git-fixes).
- drm/amd/amdgpu: fix refcount leak (git-fixes).
- drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
- dmaengine: qcom_hidma: comment platform_driver_register call
  (git-fixes).
- Revert "/dmaengine: qcom_hidma: Check for driver register
  failure"/ (git-fixes).
- char: hpet: add checks after calling ioremap (git-fixes).
- Revert "/char: hpet: fix a missing check of ioremap"/ (git-fixes).
- commit 17141be
- efi: cper: fix snprintf() use in cper_dimm_err_location()
  (git-fixes).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
  (git-fixes).
- ACPICA: Clean up context mutex during object deletion
  (git-fixes).
- hwmon: (dell-smm-hwmon) Fix index values (git-fixes).
- brcmfmac: properly check for bus register errors (git-fixes).
- Revert "/brcmfmac: add a check for the status of usb_register"/
  (git-fixes).
- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()
  (git-fixes).
- Revert "/ath6kl: return error code in
  ath6kl_wmi_set_roam_lrssi_cmd()"/ (git-fixes).
- commit d3cc1eb
- Revert "/char: hpet: fix a missing check of ioremap"/ (git-fixes).
- ttyprintk: Add TTY hangup callback (git-fixes).
- commit dac98b4
- kernel-binary.spec.in: build-id check requires elfutils.
- commit 01569b3
- NFSv4: Fix a NULL pointer dereference in
  pnfs_mark_matching_lsegs_return() (git-fixes).
- commit 33829e2
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set
  NFS_V4_2 config (git-fixes).
- NFS: Don't corrupt the value of pg_bytes_written in
  nfs_do_recoalesce() (git-fixes).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request()
  (git-fixes).
- NFS: fix an incorrect limit in filelayout_decode_layout()
  (git-fixes).
- fs/nfs: Use fatal_signal_pending instead of signal_pending
  (git-fixes).
- xprtrdma: rpcrdma_mr_pop() already does list_del_init()
  (git-fixes).
- xprtrdma: Avoid Receive Queue wrapping (git-fixes).
- NFSv4: Don't discard segments marked for return in
  _pnfs_return_layout() (git-fixes).
- NFS: Don't discard pNFS layout segments that are marked for
  return (git-fixes).
- NFSv42: Copy offload should update the file size when
  appropriate (git-fixes).
- SUNRPC: Move fault injection call sites (git-fixes).
- NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
  (git-fixes).
- NFS: Deal correctly with attribute generation counter overflow
  (git-fixes).
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate()
  (git-fixes).
- md: Fix missing unused status line of /proc/mdstat (git-fixes).
- sunrpc: fix refcount leak for rpc auth modules (git-fixes).
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
- svcrdma: disable timeouts on rdma backchannel (git-fixes).
- NFSv4.2: fix return value of _nfs4_get_security_label()
  (git-fixes).
- NFS: Don't gratuitously clear the inode cache when lookup failed
  (git-fixes).
- NFS: Don't revalidate the directory permissions on a lookup
  failure (git-fixes).
- SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes).
- x86: fix seq_file iteration for pat.c (git-fixes).
- nfsd: register pernet ops last, unregister first (git-fixes).
- net: fix iteration for sctp transport seq_files (git-fixes).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
  (git-fixes).
- commit 60296fb
- kernel-binary.spec: Only use mkmakefile when it exists
  Linux 5.13 no longer has a mkmakefile script
- commit b453c7b
- PM: sleep: Add pm_debug_messages kernel command line option
  (bsc#1186752).
- commit 735920b
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- commit 2133cbd
- blacklist.conf: cosmetic fix
- commit ce72d5a
- media: gspca: properly check for errors in po1030_probe()
  (git-fixes).
- commit 1750a2e
- Revert "/media: gspca: Check the return value of write_bridge
  for timeout"/ (git-fixes).
- commit b97e22b
- media: gspca: mt9m111: Check write_bridge for timeout
  (git-fixes).
- commit 7f3a7f1
- Revert "/media: gspca: mt9m111: Check write_bridge for timeout"/
  (git-fixes).
- commit d087481
- blacklist.conf: depends on PD 3.0 which we don't have and cannot be
  backported
- commit a396f2f
- Update kabi files.
- update from June 2021 maitenance update submission (commit f0fe006fa3e1)
- commit 3b5c05b
- HID: magicmouse: fix NULL-deref on disconnect (git-fixes).
- HID: i2c-hid: fix format string mismatch (git-fixes).
- HID: pidff: fix error return code in hid_pidff_init()
  (git-fixes).
- HID: i2c-hid: Skip ELAN power-on command after reset
  (git-fixes).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl()
  (git-fixes).
- vsock/vmci: log once the failed queue pair allocation
  (git-fixes).
- commit e5695e4
- Revert "/media: dvb: Add check on sp8870_readreg"/ (git-fixes).
- commit 3655f21
- usb: typec: tcpm: Use LE to CPU conversion when accessing
  msg->header (git-fixes).
- commit f61bf4c
- xen-pciback: redo VF placement in the virtual topology
  (git-fixes).
- commit 323098d
- usb: typec: mux: Fix matching with typec_altmode_desc
  (git-fixes).
- commit 2c2aed2
- Fix patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch (bsc#1186681)
  The backport for bsc#1182999 bsc#1178378 introduced a bug.  It's not
  possible to use bdget_disk() in nvme_failover_req() as this can run in
  IRQ context and bdget_disk() can sleep.
  Luckily, we don't need to set bdev via bio_set_dev() as we can set
  bi_disk directly.
  Refresh:
  - patches.suse/nvme-multipath-retry-commands-for-dying-queues.patch
- commit f0fe006
- series.conf: cleanup
- move unsortable patch out of sorted section
  patches.suse/nxp-nci-add-NXP1002-id.patch
- commit d0ca1ba
- Refresh patches.suse/scsi-ibmvfc-Reinit-target-retries.patch.
  Update patch metadata.
- commit e269098
- nxp-i2c: restore includes for kABI (bsc#1185589).
- commit 1786af1
- nxp-nci: add NXP1002 id (bsc#1185589).
- commit 9d43526
- block/genhd: use atomic_t for disk_event->block (bsc#1185497).
- commit 57427b3
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is
  supported (bsc#1152489).
- commit 1931741
- xen-pciback: reconfigure also from backend watch handler
  (git-fixes).
- commit 5795686
- xen-blkback: fix compatibility bug with single page rings
  (git-fixes).
- commit c1a440a
- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
- commit 085f359
- series.conf: cleanup
  update upstream references and resort:
  patches.suse/ipc-mqueue-msg-sem-Avoid-relying-on-a-stack-reference.patch
- commit a8331c9
- nvme: fix deadlock in disconnect during scan_work and/or
  ana_work (git-fixes).
- Refresh
  patches.suse/nvme-fabrics-reject-I-O-to-offline-device.patch.
- commit 4805fdc
- arm64: vdso32: make vdso32 install conditional (git-fixes).
- commit de92552
- blacklist.conf: arm64: add fix for unsupported SOC
- commit 7c4e5f6
- nvme: document nvme controller states (git-fixes).
- commit 495f482
- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
- nvme-pci: make sure write/poll_queues less or equal then cpu
  (git-fixes).
- nvme-pci: align io queue count with allocted nvme_queue in
  (git-fixes).
- nvme-pci: remove last_sq_tail (git-fixes).
- nvme-pci: remove volatile cqes (git-fixes).
- nvme-pci: avoid race between nvme_reap_pending_cqes() and
  nvme_poll() (git-fixes).
- nvme-pci: dma read memory barrier for completions (git-fixes).
- nvme-pci: fix "/slimmer CQ head update"/ (git-fixes).
- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
- nvme-pci: Remove two-pass completions (git-fixes).
- nvme-pci: Remove tag from process cq (git-fixes).
- nvme-pci: slimmer CQ head update (git-fixes).
- commit dd74a78
- i2c: s3c2410: fix possible NULL pointer deref on read message
  after write (git-fixes).
- i2c: i801: Don't generate an interrupt on bus reset (git-fixes).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
  (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup()
  (git-fixes).
- iio: adc: ad7768-1: Fix too small buffer passed to
  iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: gyro: fxas21002c: balance runtime power in error path
  (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels
  (git-fixes).
- iio: adc: ad7124: Fix potential overflow due to non sequential
  channel numbers (git-fixes).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable
  on error (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register
  setting (git-fixes).
- serial: core: fix suspicious security_locked_down() call
  (git-fixes).
- serial: tegra: Fix a mask operation that is always true
  (git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset
  issue (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
  (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- drm/meson: fix shutdown crash when component not probed
  (git-fixes).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- cdrom: gdrom: initialize global variable at init time
  (git-fixes).
- cdrom: gdrom: deallocate struct gdrom_unit fields in
  remove_gdrom (git-fixes).
- Revert "/gdrom: fix a memory leak bug"/ (git-fixes).
- usb: dwc3: gadget: Enable suspend events (git-fixes).
- commit 62c76a6
- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
- block: Fix three kernel-doc warnings (git-fixes).
- commit e222970
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- commit c0de1ec
- series.conf: cleanup
- update upstream references and resort:
  patches.suse/nvme-fabrics-decode-host-pathing-error-for-connect.patch
  patches.suse/nvme-fc-short-circuit-reconnect-retries.patch
- whitespace cleanup
- commit 03158d3
- series.conf: cleanup
- fix Patch-mainline and move unsortable patches out of sorted section
  patches.suse/0001-netfilter-conntrack-improve-RST-handling-when-tuple-.patch
  patches.suse/0001-netfilter-conntrack-add-new-sysctl-to-disable-RST-ch.patch
- commit 9d82526
- ASoC: cs35l33: fix an error code in probe() (git-fixes).
- ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
- ALSA: usb-audio: scarlett2: snd_scarlett_gen2_controls_create()
  can be static (git-fixes).
- commit 72126c6
- ALSA: hda/realtek: Headphone volume is controlled by Front mixer
  (git-fixes).
- ALSA: usb-audio: scarlett2: Improve driver startup messages
  (git-fixes).
- ALSA: usb-audio: scarlett2: Fix device hang with ehci-pci
  (git-fixes).
- ALSA: usb-audio: fix control-request direction (git-fixes).
- commit ad502bc
- futex: Make syscall entry points less convoluted (git-fixes).
- futex: Get rid of the val2 conditional dance (git-fixes).
- futex: Do not apply time namespace adjustment on FUTEX_LOCK_PI
  (bsc#1164648).
- futex: Change utime parameter to be 'const ... *' (git-fixes).
- commit c6c39e0
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL
  (git-fixes).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory
  (git-fixes).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL)
  (git-fixes).
- arm64: Add missing ISB after invalidating TLB in
  __primary_switch (git-fixes).
- arm64: kexec_file: fix memory leakage in create_dtb() when
  fdt_open_into() fails (git-fixes).
- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
- arm64: avoid -Woverride-init warning (git-fixes).
- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE
  (git-fixes).
- Revert "/arm64: vdso: Fix compilation with clang older than 8"/
  (git-fixes).
- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
- arm64: ptrace: Use NO_SYSCALL instead of -1 in
  syscall_trace_enter() (git-fixes).
- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
- commit 4accc73
- blacklist.conf: arm64: dts: add fixes
- commit 918cf09
- netfilter: conntrack: add new sysctl to disable RST check
  (bsc#1183947 bsc#1185950).
- commit 54ae065
- netfilter: conntrack: improve RST handling when tuple is re-used
  (bsc#1183947 bsc#1185950).
- commit 3e0da56
- netfilter: conntrack: avoid misleading 'invalid' in log message
  (bsc#1183947 bsc#1185950).
- commit 9338bce
- net: enetc: fix link error again (git-fixes).
- commit 0d4ccc0
- blacklist.conf: add misc dt-bindings fixes
  References: git-fixes
- commit fc2fb63
- NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
- commit 2bba556
- scsi: libfc: Avoid invoking response handler twice if ep is
  already completed (bsc#1186573).
- commit 679d56e
- SUNRPC in case of backlog, hand free slots directly to waiting task (bsc#1185428).
- commit 862f15d
- bpf: No need to simulate speculative domain for immediates
  (bsc#1186484,CVE-2021-33200).
- bpf: Fix mask direction swap upon off reg sign change
  (bsc#1186484,CVE-2021-33200).
- bpf: Wrap aux data inside bpf_sanitize_info container
  (bsc#1186484,CVE-2021-33200).
- commit fc0b52a
- Update
  patches.suse/powerpc-64s-Fix-crashes-when-toggling-entry-flush-ba.patch
  (bsc#1177666 git-fixes bsc#1186460 ltc#192531).
- Update
  patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch
  (bsc#1087082 git-fixes bsc#1186460 ltc#192531).
- commit ce0ebfb
- ceph: fix inode leak on getattr error in __fh_to_dentry
  (bsc#1186501).
- ceph: only check pool permissions for regular files
  (bsc#1186501).
- ceph: don't clobber i_snap_caps on non-I_NEW inode
  (bsc#1186501).
- ceph: fix up error handling with snapdirs (bsc#1186501).
- commit 7d20748
- uio_hv_generic: Fix another memory leak in error handling paths
  (git-fixes).
- uio_hv_generic: Fix a memory leak in error handling paths
  (git-fixes).
- uio: uio_hv_generic: use devm_kzalloc() for private data alloc
  (git-fixes).
- uio_hv_generic: add missed sysfs_remove_bin_file (git-fixes).
- commit 0e1067b
- nvme-fabrics: decode host pathing error for connect
  (bsc#1179827).
- nvme-fc: short-circuit reconnect retries (bsc#1179827).
- nvme-fc: check sgl supported by target (bsc#1179827).
- commit 97321b0
- scsi: lpfc: Fix bad memory access during VPD DUMP mailbox
  command (bsc#1186451).
- commit 192cba3
- scsi: lpfc: Update lpfc version to 12.8.0.10 (bsc#1186451).
- scsi: lpfc: Reregister FPIN types if ELS_RDF is received from
  fabric controller (bsc#1186451).
- scsi: lpfc: Add a option to enable interlocked ABTS before
  job completion (bsc#1186451).
- scsi: lpfc: Fix crash when lpfc_sli4_hba_setup() fails to
  initialize the SGLs (bsc#1186451).
- scsi: lpfc: Ignore GID-FT response that may be received after
  a link flip (bsc#1186451).
- scsi: lpfc: Fix node handling for Fabric Controller and Domain
  Controller (bsc#1186451).
- scsi: lpfc: Fix Node recovery when driver is handling
  simultaneous PLOGIs (bsc#1186451).
- scsi: lpfc: Add ndlp kref accounting for resume RPI path
  (bsc#1186451).
- scsi: lpfc: Fix "/Unexpected timeout"/ error in direct attach
  topology (bsc#1186451).
- scsi: lpfc: Fix non-optimized ERSP handling (bsc#1186451).
- scsi: lpfc: Fix unreleased RPIs when NPIV ports are created
  (bsc#1186451).
- commit 19dc8b6
- Bluetooth: L2CAP: Fix handling LE modes by L2CAP_OPTIONS
  (git-fixes).
- commit 322fe2d
- nvme-fc: clear q_live at beginning of association teardown
  (bsc#1186479).
- commit 6f0e9b4
- RDMA/core: create ib_cm with WQ_MEM_RECLAIM flag (bsc#1183346).
- RDMA/addr: create addr_wq with WQ_MEM_RECLAIM flag
  (bsc#1183346).
- commit 18a82b0
- drm/amdgpu: disable 3DCGCG on picasso/raven1 to avoid compute
  hang (git-fixes).
- ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
- ALSA: intel8x0: Don't update period unless prepared (git-fixes).
- ALSA: hda/realtek: Add some CLOVE SSIDs of ALC293 (git-fixes).
- ALSA: usb-audio: Validate MS endpoint descriptors (git-fixes).
- ALSA: hda: fixup headset for ASUS GU502 laptop (git-fixes).
- ALSA: hda/realtek: reset eapd coeff to default value for alc287
  (git-fixes).
- leds: lp5523: check return value of lp5xx_read and jump to
  cleanup code (git-fixes).
- Revert "/leds: lp5523: fix a missing check of return value of
  lp55xx_read"/ (git-fixes).
- Bluetooth: SMP: Fail if remote and local public keys are
  identical (git-fixes).
- commit 57f36e1
- ipmi/watchdog: Stop watchdog timer when the current action is
  'none' (bsc#1184855).
- commit 725c479
- btrfs: fix race between transaction aborts and fsyncs leading
  to use-after-free (bsc#1186441).
- commit 9be975d
- btrfs: fix race when picking most recent mod log operation
  for an old root (bsc#1186439).
- commit f318368
- scsi: core: Run queue in case of I/O resource contention failure
  (bsc#1186416).
- commit 50bad37
- USB: serial: pl2303: fix line-speed handling on newer chips
  (bsc#1186320).
- USB: serial: pl2303: add support for PL2303HXN (bsc#1186320).
- commit bc4a20a
- s390/kdump: fix out-of-memory with PCI (bsc#1182257 LTC#191375).
- commit b91dd8c
- spi: spi-fsl-dspi: Fix a resource leak in an error handling path
  (git-fixes).
- gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
- mmc: sdhci-pci-gli: increase 1.8V regulator wait (git-fixes).
- drm/amd/display: Fix two cursor duplication when using overlay
  (git-fixes).
- Input: silead - add workaround for x86 BIOS-es which bring
  the chip up in a stuck state (git-fixes).
- Input: elants_i2c - do not bind to i2c-hid compatible ACPI
  instantiated devices (git-fixes).
- PCI: thunder: Fix compile testing (git-fixes).
- ACPI / hotplug / PCI: Fix reference count leak in enable_slot()
  (git-fixes).
- gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue
  10 Pro 5055 (git-fixes).
- dmaengine: dw-edma: Fix crash on loading/unloading driver
  (git-fixes).
- usb: sl811-hcd: improve misleading indentation (git-fixes).
- pinctrl: ingenic: Improve unreachable code generation
  (git-fixes).
- commit 4488c4d
- firmware: arm_scpi: Prevent the ternary sign expansion bug
  (git-fixes).
- ALSA: dice: fix stream format for TC Electronic Konnekt Live
  at high sampling transfer frequency (git-fixes).
- ALSA: firewire-lib: fix calculation for size of IR context
  payload (git-fixes).
- ALSA: firewire-lib: fix check for the size of isochronous
  packet payload (git-fixes).
- ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro
  (git-fixes).
- ALSA: dice: fix stream format at middle sampling rate for
  Alesis iO 26 (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue
  (git-fixes).
- ics932s401: fix broken handling of errors when word reading
  fails (git-fixes).
- ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
- ASoC: rsnd: call rsnd_ssi_master_clk_start() from
  rsnd_ssi_init() (git-fixes).
- commit 309a9af
- ALSA: hda/conexant: Re-order CX5066 quirk table entries
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Chuwi Hi8 tablet
  (git-fixes).
- ASoC: rsnd: core: Check convert rate in rsnd_hw_params
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Enable jack-detect support on Asus
  T100TAF (git-fixes).
- ASoC: rt286: Make RT286_SET_GPIO_* readable and writable
  (git-fixes).
- ALSA: bebob: enable to deliver MIDI messages for multiple ports
  (git-fixes).
- ALSA: rme9652: don't disable if not enabled (git-fixes).
- ALSA: hdspm: don't disable if not enabled (git-fixes).
- ALSA: hdsp: don't disable if not enabled (git-fixes).
- commit 0897647
- usb: core: hub: fix race condition about TRSMRCY of resume
  (git-fixes).
- usb: xhci: Increase timeout for HC halt (git-fixes).
- usb: dwc3: omap: improve extcon initialization (git-fixes).
- cdc-wdm: untangle a circular dependency between callback and
  softint (git-fixes).
- drm/i915: Avoid div-by-zero on gen2 (git-fixes).
- drm/radeon/dpm: Disable sclk switching on Oland when two 4K
  60Hz monitors are connected (git-fixes).
- pinctrl: samsung: use 'int' for register masks in Exynos
  (git-fixes).
- i2c: Add I2C_AQ_NO_REP_START adapter quirk (git-fixes).
- i2c: bail out early when RDWR parameters are wrong (git-fixes).
- drm/amd/display: fixed divide by zero kernel crash during dsc
  enablement (git-fixes).
- drm/amd/display: Force vsync flip when reconfiguring MPCC
  (git-fixes).
- qtnfmac: Fix possible buffer overflow in
  qtnf_event_handle_external_auth (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join
  (git-fixes).
- wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt
  (git-fixes).
- mac80211: clear the beacon's CRC after channel switch
  (git-fixes).
- Bluetooth: check for zapped sk before connecting (git-fixes).
- Bluetooth: initialize skb_queue_head at l2cap_chan_create()
  (git-fixes).
- Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default
  (git-fixes).
- commit 6a99610
- s390/dasd: fix hanging DASD driver unbind (bsc#1183932
  LTC#192153).
- commit f5a02db
- genirq/irqdomain: Don't try to free an interrupt that has no (git-fixes)
- commit 6059d03
- sched/fair: Avoid stale CPU util_est value for schedutil in (git-fixes)
- commit 3ca2554
- sched/eas: Don't update misfit status if the task is pinned (git-fixes)
- commit 7849a6f
- posix-timers: Preserve return value in clock_adjtime32() (git-fixes)
- commit 637287d
- hrtimer: Update softirq_expires_next correctly after (git-fixes)
- commit 123b070
- genirq: Disable interrupts for force threaded handlers (git-fixes)
- commit a3b0361
- sched/fair: Fix unfairness caused by missing load decay (git-fixes)
- commit 25deacb
- lpfc: Decouple port_template and vport_template (bsc#185032).
- commit 77503a8
- workqueue: Minor follow-ups to the rescuer destruction change
  (bsc#1185911).
- commit 682a642
- workqueue: more destroy_workqueue() fixes (bsc#1185911).
- commit 63656eb
- ibmvnic: remove default label from to_string switch (bsc#1152457
  ltc#174432 git-fixes).
- commit 5e94000
- series.conf: cleanup
- move submitted patch to "/almost mainline"/ section:
  patches.suse/cpufreq-intel_pstate-Add-Icelake-servers-support-in-.patch
- commit 0ccf9b6
- nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has
  been aborted (bsc#1184259).
- nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
  (bsc#1184259).
- nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
  (bsc#1184259).
- nvme: simplify error logic in nvme_validate_ns() (bsc#1184259).
- commit 56bb69c
- smc: disallow TCP_ULP in smc_setsockopt() (git-fixes).
- ethernet:enic: Fix a use after free bug in enic_hard_start_xmit
  (git-fixes).
- RDMA/srpt: Fix error return code in srpt_cm_req_recv()
  (git-fixes).
- RDMA/hns: Delete redundant abnormal interrupt status
  (git-fixes).
- RDMA/hns: Delete redundant condition judgment related to eq
  (git-fixes).
- net, xdp: Update pkt_type if generic XDP changes unicast MAC
  (git-fixes).
- xsk: Respect device's headroom and tailroom on generic xmit path
  (git-fixes).
- commit 7c9514e
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP
  mode (bsc#1185758).
- commit d0a78d0
- i40e: Fix PHY type identifiers for 2.5G and 5G adapters
  (git-fixes).
- i40e: fix the restart auto-negotiation after FEC modified
  (git-fixes).
- i40e: Fix use-after-free in i40e_client_subtask() (git-fixes).
- i40e: fix broken XDP support (git-fixes).
- mlxsw: spectrum_mr: Update egress RIF list before route's action
  (git-fixes).
- net: hns3: disable phy loopback setting in hclge_mac_start_phy
  (git-fixes).
- net: hns3: clear unnecessary reset request in
  hclge_reset_rebuild (git-fixes).
- net: hns3: use netif_tx_disable to stop the transmit queue
  (git-fixes).
- net: hns3: fix for vxlan gpe tx checksum bug (git-fixes).
- net: hns3: add check for HNS3_NIC_STATE_INITED in
  hns3_reset_notify_up_enet() (git-fixes).
- net: hns3: initialize the message content in
  hclge_get_link_mode() (git-fixes).
- net: hns3: fix incorrect configuration for igu_egu_hw_err
  (git-fixes).
- RDMA/qedr: Fix error return code in qedr_iw_connect()
  (jsc#SLE-8215).
- bnxt_en: Fix RX consumer index logic in the error path
  (git-fixes).
- bnxt_en: fix ternary sign extension bug in bnxt_show_temp()
  (git-fixes).
- net: thunderx: Fix unintentional sign extension issue
  (git-fixes).
- cxgb4: Fix unintentional sign extension issues (git-fixes).
- netdevice: Add missing IFF_PHONY_HEADROOM self-definition
  (git-fixes).
- vrf: fix a comment about loopback device (git-fixes).
- net: hns3: Fix for geneve tx checksum bug (git-fixes).
- commit d07ce98
- Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882
  jsc#ECO-3691)
  Nvidia switched its vGPU mechanism from mdev to SRIOV since Ampere
  architecutre. For the SRIOV implementation, they used pci-pf-stub
  module. We only need to enable CONFIG_PCI_PF_STUB here,
  other dependencies have been enabled already.
- commit 8ab8eb0
- nvme: explicitly update mpath disk capacity on revalidation
  (git-fixes).
- commit 71b6570
- nvme: retrigger ANA log update if group descriptor isn't found (git-fixes)
- commit d9afd49
- nvme-tcp: fix misuse of __smp_processor_id with preemption
  (git-fixes).
- dm: avoid filesystem lookup in dm_get_dev_t() (git-fixes).
- nvme: don't intialize hwmon for discovery controllers
  (git-fixes).
- nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT (git-fixes).
- nvme-tcp: Fix possible race of io_work and direct send
  (git-fixes).
- nvme-tcp: fix kconfig dependency warning when !CRYPTO
  (git-fixes).
- blk-iocost: ioc_pd_free() shouldn't assume irq disabled
  (git-fixes).
- nvme: fix controller instance leak (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- block: fix get_max_io_size() (git-fixes).
- nvme-tcp: fix possible hang waiting for icresp response
  (bsc#1179519).
- commit 6431b47
- nvme: fix possible deadlock when I/O is blocked (git-fixes).
- Delete
  patches.suse/nvme-do-not-update-disk-info-for-multipathed-device.patch.
- commit c1000c4
- nvme: define constants for identification values (git-fixes).
- commit ef03dba
- powerpc/64s: Fix crashes when toggling entry flush barrier
  (bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling stf barrier (bsc#1087082
  git-fixes).
- commit f06d724
- nvmet: use new ana_log_size instead the old one (bsc#1184259).
  note: the upstream commit msg is misleading, this is an nvme host fix,
  not nvmet.
- commit 99e6038
- nvme: don't intialize hwmon for discovery controllers
  (bsc#1184259).
- commit 48fa885
- kABI workaround for hci_chan amp field addition (CVE-2021-33034
  bsc#1186111).
- commit 82f4155
- Bluetooth: verify AMP hci_chan before amp_destroy
  (CVE-2021-33034 bsc#1186111).
- commit f6d837e
- USB: serial: ti_usb_3410_5052: fix TIOCSSERIAL permission check
  (git-fixes).
- tty: moxa: fix TIOCSSERIAL permission check (git-fixes).
- tty: moxa: fix TIOCSSERIAL jiffies conversions (git-fixes).
- tty: amiserial: fix TIOCSSERIAL permission check (git-fixes).
- commit ec86798
- drm/amd/display: Reject non-zero src_y and src_x for video
  planes (git-fixes).
- PCI: Allow VPD access for QLogic ISP2722 (git-fixes).
- cfg80211: scan: drop entry from hidden_list on overflow
  (git-fixes).
- serial: core: return early on unsupported ioctls (git-fixes).
- serial: stm32: fix tx_empty condition (git-fixes).
- serial: stm32: fix incorrect characters on console (git-fixes).
- commit 4d97fe4
- video: hyperv_fb: Add ratelimit on error message (bsc#1185725).
- Drivers: hv: vmbus: Increase wait time for VMbus unload
  (bsc#1185725).
- Drivers: hv: vmbus: Initialize unload_event statically
  (bsc#1185725).
- Drivers: hv: vmbus: Use after free in __vmbus_open()
  (git-fixes).
- drivers: hv: Fix whitespace errors (bsc#1185725).
- Drivers: hv: vmbus: Fix Suspend-to-Idle for Generation-2 VM
  (git-fixes).
- commit ebeaec2
- iio: tsl2583: Fix division by a zero lux_val (git-fixes).
- iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
- iio: proximity: pulsedlight: Fix rumtime PM imbalance on error
  (git-fixes).
- xhci: Do not use GFP_KERNEL in (potentially) atomic context
  (git-fixes).
- usb: fotg210-hcd: Fix an error message (git-fixes).
- usb: dwc3: gadget: Return success always for kick transfer in
  ep queue (git-fixes).
- usb: dwc2: Fix gadget DMA unmap direction (git-fixes).
- usb: dwc3: pci: Enable usb2-gadget-lpm-disable for Intel
  Merrifield (git-fixes).
- commit c94cc71
- ipc/mqueue, msg, sem: Avoid relying on a stack reference past
  its expiry (bsc#1185988).
- commit 5e2321a
- Correct CVE number for a mac80211 fix (CVE-2020-26139 bsc#1186062)
- commit 747a941
- net/nfc: fix use-after-free llcp_sock_bind/connect
  (CVE-2021-23134 bsc#1186060).
- commit ffbe2a6
- watchdog/softlockup: Remove obsolete check of last reported task
  (bsc#1185982).
- commit 6d9c3a2
- nvmet: seset ns->file when open fails (bsc#1183873).
- commit ca1c5ff
- KVM: s390: fix guarded storage control register handling
  (bsc#1133021).
- commit 6757070
- vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
- hwmon: (occ) Fix poll rate limiting (git-fixes).
- PM / devfreq: Use more accurate returned new_freq as resume_freq
  (git-fixes).
- commit 63ad411
- nvme: remove superfluous else in nvme_ctrl_loss_tmo_store
  (bsc#1182378).
- commit f263745
- nvme: Fix NULL dereference for pci nvme controllers
  (bsc#1182378).
- commit cf7170b
- nvme: expose reconnect_delay and ctrl_loss_tmo via sysfs
  (bsc#1182378).
- Refresh patches.suse/nvme-add-kato-sysfs-attribute.patch.
  Context adjustment in kato patch.
- commit 7126f4d
- watchdog/softlockup: report the overall time of softlockups
  (bsc#1185982).
- commit 88ee1b3
- watchdog: explicitly update timestamp when reporting softlockup
  (bsc#1185982).
- commit e1f93d5
- watchdog: rename __touch_watchdog() to a better descriptive name
  (bsc#1185982).
- commit c09eacd
- Update to mainline version and move into sorted section:
  patches.suse/scsi-fnic-Use-scsi_host_busy_iter-to-traverse-commands.patch (bsc#1179851)
- commit 5bb3cbc
- scsi: fnic: Kill 'exclude_id' argument to fnic_cleanup_io()
  (bsc#1179851).
  temporarily disable patches.suse/fnic-use-blk_mq_tagset_busy_iter-to-traverse-commands.patch
- commit da3e4e8
- Update upstream references and move into sorted section:
  patches.suse/scsi-fnic-do-not-call-scsi_done-for-unhandled-commands.patch
- commit 0dfec7c
- ath10k: Validate first subframe of A-MSDU before processing
  the list (CVE-2020-26141 bsc#1185863 bsc#1185987).
- commit ea14c35
- ath10k: Fix TKIP Michael MIC verification for PCIe
  (CVE-2020-26141 bsc#1185863 bsc#1185987).
- commit 4eb2710
- nvme-multipath: fix double initialization of ANA state
  (bsc#1178612, bsc#1184259).
- commit 4aa67c6
- ath10k kABI workaround for CVE-2020-24588 fix (CVE-2020-24588
  bsc#1185861).
- ath10k: drop MPDU which has discard flag set by firmware for
  SDIO (CVE-2020-24588 bsc#1185861).
- ath10k: drop fragments with multicast DA for SDIO
  (CVE-2020-26145 bsc#1185860).
- ath10k: drop fragments with multicast DA for PCIe
  (CVE-2020-26145 bsc#1185860).
- ath10k: add CCMP PN replay protection for fragmented frames
  for PCIe (CVE-2020-26145 bsc#1185860).
- commit e9158ad
- kABI workaround for cfg80211 changes (CVE-2020-24586
  bsc#1185859).
- mac80211: extend protection against mixed key and fragment
  cache attacks (CVE-2020-24586 bsc#1185859).
- mac80211: do not accept/forward invalid EAPOL frames
  (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: prevent attacks on TKIP/WEP as well (CVE-2020-24586
  bsc#1185859).
- mac80211: check defrag PN against current frame (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: add fragment cache to sta_info (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185859).
- mac80211: drop A-MSDUs on old ciphers (CVE-2020-24587
  CVE-2020-24586 bsc#1185863 bsc#1185862 bsc#1185859).
- mac80211: properly handle A-MSDUs that start with an RFC 1042
  header (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: prevent mixed key and fragment cache attacks
  (CVE-2020-24587 CVE-2020-24586 bsc#1185863 bsc#1185862
  bsc#1185859).
- mac80211: assure all fragments are encrypted (CVE-2020-26147
  bsc#1185863 bsc#1185859).
- commit e747a3d
- ftrace: Handle commands when closing set_ftrace_filter file
  (git-fixes).
- commit 7c0272c
- tracing: Map all PIDs to command lines (git-fixes).
- commit ed170f4
- ibmvfc: Reinit target retries (bsc#1185938 ltc#192043).
- ibmvfc: Avoid move login if fast fail is enabled (bsc#1185938
  ltc#192043).
- ibmvfc: Handle move login failure (bsc#1185938 ltc#192043).
- commit 0d8166b
- xhci: fix potential array out of bounds with several
  interrupters (git-fixes).
- xhci: check control context is valid before dereferencing it
  (git-fixes).
- commit c3f83a0
- usb: gadget: dummy_hcd: fix gpf in gadget_setup (git-fixes).
- usb: core: hub: Fix PM reference leak in usb_port_resume()
  (git-fixes).
- usb: musb: fix PM reference leak in musb_irq_work() (git-fixes).
- usb: xhci: Fix port minor revision (git-fixes).
- usb: gadget: f_uac1: validate input parameters (git-fixes).
- usb: gadget: f_uac2: validate input parameters (git-fixes).
- usb: gadget/function/f_fs string table fix for multiple
  languages (git-fixes).
- usb: webcam: Invalid size of Processing Unit Descriptor
  (git-fixes).
- commit 4c3dc8b
- power: supply: s3c_adc_battery: fix possible use-after-free
  in s3c_adc_bat_remove() (git-fixes).
- power: supply: generic-adc-battery: fix possible use-after-free
  in gab_remove() (git-fixes).
- power: supply: Use IRQF_ONESHOT (git-fixes).
- spi: qup: fix PM reference leak in spi_qup_remove() (git-fixes).
- spi: omap-100k: Fix reference leak to master (git-fixes).
- spi: dln2: Fix reference leak to master (git-fixes).
- spi: ath79: remove spi-master setup and cleanup assignment
  (git-fixes).
- spi: ath79: always call chipselect function (git-fixes).
- usb: gadget: uvc: add bInterval checking for HS mode
  (git-fixes).
- tty: fix memory leak in vc_deallocate (git-fixes).
- commit fbbea32
- mmc: block: Update ext_csd.cache_ctrl if it was written
  (git-fixes).
- mmc: sdhci-pci: Fix initialization of some SD cards for Intel
  BYT-based controllers (git-fixes).
- mmc: sdhci-pci: Add PCI IDs for Intel LKF (git-fixes).
- mmc: sdhci: Check for reset prior to DMA address unmap
  (git-fixes).
- mmc: core: Set read only for SD cards with permanent write
  protect bit (git-fixes).
- PCI: PM: Do not read power state in pci_enable_device_flags()
  (git-fixes).
- phy: phy-twl4030-usb: Fix possible use-after-free in
  twl4030_usb_remove() (git-fixes).
- platform/x86: intel_pmc_core: Don't use global pmcdev in quirks
  (git-fixes).
- commit f8dc44d
- mfd: arizona: Fix rumtime PM imbalance on error (git-fixes).
- mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
- media: dvb-usb: fix memory leak in dvb_usb_adapter_init
  (git-fixes).
- media: platform: sti: Fix runtime PM imbalance in regs_show
  (git-fixes).
- media: i2c: adv7842: fix possible use-after-free in
  adv7842_remove() (git-fixes).
- media: i2c: tda1997: Fix possible use-after-free in
  tda1997x_remove() (git-fixes).
- media: i2c: adv7511-v4l2: fix possible use-after-free in
  adv7511_remove() (git-fixes).
- media: adv7604: fix possible use-after-free in adv76xx_remove()
  (git-fixes).
- media: tc358743: fix possible use-after-free in
  tc358743_remove() (git-fixes).
- commit bddb0b7
- media: em28xx: fix memory leak (git-fixes).
- media: gspca/sq905.c: fix uninitialized variable (git-fixes).
- media: media/saa7164: fix saa7164_encoder_register() memory
  leak bugs (git-fixes).
- media: imx: capture: Return -EPIPE from
  __capture_legacy_try_fmt() (git-fixes).
- media: drivers: media: pci: sta2x11: fix Kconfig dependency
  on GPIOLIB (git-fixes).
- media: ite-cir: check for receive overflow (git-fixes).
- commit f5f8b81
- extcon: arizona: Fix various races on driver unbind (git-fixes).
- extcon: arizona: Fix some issues when HPDET IRQ fires after
  the jack has been unplugged (git-fixes).
- drm/msm/mdp5: Do not multiply vclk line count by 100
  (git-fixes).
- drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal
  (git-fixes).
- drm/amdgpu: fix NULL pointer dereference (git-fixes).
- drm/amdkfd: Fix cat debugfs hang_hws file causes system crash
  bug (git-fixes).
- drm/vkms: fix misuse of WARN_ON (git-fixes).
- drm/amd/display: fix dml prefetch validation (git-fixes).
- intel_th: Consistency and off-by-one fix (git-fixes).
- fbdev: zero-fill colormap in fbcmap.c (git-fixes).
- commit e59ac4d
- drm/amd/display: Fix UBSAN warning for not a valid value for
  type '_Bool' (git-fixes).
- drm/amdgpu : Fix asic reset regression issue introduce by
  8f211fe8ac7c4f (git-fixes).
- drm/amdgpu: mask the xgmi number of hops reported from psp to
  kfd (git-fixes).
- drm: Added orientation quirk for OneGX1 Pro (git-fixes).
- crypto: stm32/cryp - Fix PM reference leak on stm32-cryp.c
  (git-fixes).
- crypto: stm32/hash - Fix PM reference leak on stm32-hash.c
  (git-fixes).
- crypto: qat - Fix a double free in adf_create_ring (git-fixes).
- crypto: qat - fix error path in adf_isr_resource_alloc()
  (git-fixes).
- commit 4f7d7a0
- clk: socfpga: arria10: Fix memory leak of socfpga_clk on error
  return (git-fixes).
- ata: ahci: Disable SXS for Hisilicon Kunpeng920 (git-fixes).
- amdgpu: avoid incorrect %hu format string (git-fixes).
- crypto: qat - ADF_STATUS_PF_RUNNING should be set after
  adf_dev_init (git-fixes).
- crypto: qat - don't release uninitialized resources (git-fixes).
- crypto: qat - fix unmap invalid dma address (git-fixes).
- crypto: api - check for ERR pointers in crypto_destroy_tfm()
  (git-fixes).
- crypto: mips/poly1305 - enable for all MIPS processors
  (git-fixes).
- commit e379274
- Move upstreamed media fixes into sorted section
- commit 5bae3a8
- scripts/git_sort/git_sort.py: add bpf git repo
- commit 65979e3
- proc: Avoid mixing integer types in mem_rw() (CVE-2021-3491
  bsc#1185642).
- commit 757f76b
- blacklist: add commit b166a20b0738
  Mainline commit b166a20b0738 ("/net/sctp: fix race condition in
  sctp_destroy_sock"/) was found buggy so that it was reverted by commit
  01bfe5e8e428 ("/Revert "/net/sctp: fix race condition in sctp_destroy_sock"/"/)
  and replaced by a new fix, commit 34e5b0118685 ("/sctp: delay auto_asconf
  init until binding the first addr"/).
- commit 7c2eabc
- sctp: delay auto_asconf init until binding the first addr
  (<cover.1620748346.git.mkubecek@suse.cz>).
- commit cb84c72
- tcp: fix to update snd_wl1 in bulk receiver fast path
  (<cover.1620748346.git.mkubecek@suse.cz>).
- commit 627e2e2
- Update patch reference for BT fix (CVE-2021-32399 bsc#1185898)
- commit 81179ec
- Revert 337f13046ff0 ("/futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT op"/) (git-fixes).
- commit 9e8eea0
- series.conf: cleanup
- move a submitted patch to "/almost mainline"/ section
  patches.suse/rtc-pcf2127-handle-timestamp-interrupts.patch
- commit baf1232
- fix patch metadata
- fix Patch-mainline:
  patches.suse/fs-epoll-restore-waking-from-ep_done_scan.patch
- commit 220b548
- series.conf: cleanup
- update upstream references and resort:
  patches.suse/nvme-multipath-reset-bdev-to-ns-head-when-failover.patch
  patches.suse/scsi-lpfc-Fix-DMA-virtual-address-ptr-assignment-in-.patch
  patches.suse/scsi-lpfc-Fix-illegal-memory-access-on-Abort-IOCBs.patch
- commit a062422
- drm/radeon: Avoid power table parsing memory leaks (git-fixes).
- drm/radeon: Fix off-by-one power_state index heap overwrite
  (git-fixes).
- commit dad28e7
- bpf: Fix leakage of uninitialized bpf stack under speculation
  (bsc#1155518).
- bpf: Fix masking negation logic upon negative dst register
  (bsc#1155518).
- commit 876c85a
- ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP
  (git-fixes).
- commit cb198d3
- Revert "/i3c master: fix missing destroy_workqueue() on error
  in i3c_master_register"/ (git-fixes).
- ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe
  failure (git-fixes).
- ALSA: hda/realtek: ALC285 Thinkpad jack pin quirk is unreachable
  (git-fixes).
- USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
- USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
  (git-fixes).
- platform/x86: thinkpad_acpi: Correct thermal sensor allocation
  (git-fixes).
- commit 23adf05
- fs/epoll: restore waking from ep_done_scan() (bsc#1183868).
- commit b803549
- iommu/amd: Add support for map/unmap_resource (jsc#ECO-3482).
- commit 7b9e3ca
- ACPI: custom_method: fix a possible memory leak (git-fixes).
- ACPI: custom_method: fix potential use-after-free issue
  (git-fixes).
- commit 2b51e47
- kernel-docs.spec.in: Build using an utf-8 locale.
  Sphinx cannot handle UTF-8 input in non-UTF-8 locale.
- commit 0db6da1
- md-cluster: fix use-after-free issue when removing rdev
  (bsc#1184082).
- md: split mddev_find (bsc#1184081).
- md: factor out a mddev_find_locked helper from mddev_find
  (bsc#1184081).
- md: md_open returns -EBUSY when entering racing area
  (bsc#1184081).
- md: don't flush workqueue unconditionally in md_open
  (bsc#1184081).
- commit 255ac58
- genirq: Reduce irqdebug cacheline bouncing (bsc#1185703
  ltc#192641).
- commit 54b345b
- PCI: iproc: Fix return value of iproc_msi_irq_domain_alloc()
  (git-fixes).
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- PCI/RCEC: Fix RCiEP device to RCEC association (git-fixes).
- PCI: Release OF node in pci_scan_device()'s error path
  (git-fixes).
- thermal/drivers/ti-soc-thermal/bandgap Remove unused variable
  'val' (git-fixes).
- docs: kernel-parameters: Add gpio_mockup_named_lines
  (git-fixes).
- docs: kernel-parameters: Move gpio-mockup for alphabetic order
  (git-fixes).
- commit 6976ceb
- md/raid1: properly indicate failure when ending a failed write
  request (bsc#1185680).
- commit 67fde5a
- s390/entry: save the caller of psw_idle (bsc#1185677).
- commit d82aadb
- rtc: pcf2127: handle timestamp interrupts (bsc#1185495).
- commit f74f90f
- Update patches.suse/powerpc-eeh-Fix-EEH-handling-for-hugepages-in-iorema.patch
  (bsc#1156395 bsc#1185645 ltc#192576).
- commit b0c1c70
- fix patch metadata
- fix Patch-mainline:
  patches.suse/mm-memcontrol-fix-cpuhotplug-statistics-flushing.patch
- commit fc7f89c
- Update kabi files.
- update from May 2021 maintenance update submission (commit 0a8fae2b39f2)
- commit 8a0c3f3
- rpm: drop /usr/bin/env in interpreter specification
  OBS checks don't like /usr/bin/env in script interpreter lines but upstream
  developers tend to use it. A proper solution would be fixing the depedency
  extraction and drop the OBS check error but that's unlikely to happen so
  that we have to work around the problem on our side and rewrite the
  interpreter lines in scripts before collecting files for packages instead.
- commit 45c5c1a
- nvme: add 'kato' sysfs attribute (bsc#1179825).
- nvme: sanitize KATO setting (bsc#1179825).
- commit f3a2791
- patches.suse/NFC-nxp-nci-Add-GPIO-ACPI-mapping-table.patch:
  (bsc#1185589).
- commit 4004e31
- patches.suse/NFC-nxp-nci-Convert-to-use-GPIO-descriptor.patch:
  (bsc#1185589).
- commit a3f193f
- patches.suse/NFC-nxp-nci-Get-rid-of-platform-data.patch:
  (bsc#1185589).
- commit 3e24d09
- patches.suse/NFC-nxp-nci-Add-NXP1001-to-the-ACPI-ID-table.patch:
  (bsc#1185589).
- commit 68d285a
- mm: memcontrol: fix cpuhotplug statistics flushing
  (bsc#1185606).
- commit 3bba386
- nvme-multipath: reset bdev to ns head when failover (bsc#178378
  bsc#1182999).
  Refresh:
  - patches.suse/nvme-multipath-retry-commands-for-dying-queues.patch
- commit ee2dc7b
- scripts/git_sort/git_sort.py: Update nvme repositories
- commit e849c44
- blk-settings: align max_sectors on "/logical_block_size"/ boundary
  (bsc#1185195).
- commit e302bd9
- patches.suse/btrfs-fs-super.c-add-new-super-block-devices-super_block_d.patch: (bsc#865869,bsc#1178418).
  Fix initialization of the the super block for a btrfs specific enhancement
  which we added. The btrfs specific enhancement augmented the super block to
  add support to ustat() and it is only used by btrfs. For that, the super block
  was extended with a new linked list which is only used only in btrfs. The
  initialization of the linked list however was done late, and if any allocation
  fails early on alloc_super() it meant that the WARNING check on free'ing
  it could fail, as the list may be read as not empty. This warning then
  is triggerable when stress testing allocations, and you run out of
  memory. It can happen regardless of the filesystem you use.
  The sget_fc() contention when stress testing with the unshare system
  call reported on bsc#1178418 which leads to a soft lockup is still being
  investigate, however this fixes the kernel warning reproduced when doing
  that stress testing.
- commit 67dd047
- nvme-tcp: use cancel tagset helper for tear down (bsc#1183976).
- nvme-tcp: add clean action for failed reconnection
  (bsc#1183976).
- nvme-core: add cancel tagset helpers (bsc#1183976).
- commit 5f7f322
- ibmvnic: Use 'skb_frag_address()' instead of hand coding it
  (bsc#1184114 ltc#192237).
- commit 52ca26e
- PCI/LINK: Remove bandwidth notification (bsc#1183712).
- commit 56c94c5
- rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796)
  The product string was changed from openSUSE to Leap.
- commit 3cb7943
- rpm/split-modules: Avoid errors even if Module.* are not present
- commit 752fbc6
- Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
  This change allows to create kernel-*-optional subpackage containing
  the modules that are not shipped on SLE but only on Leap.  Those
  modules are marked in the new "/-!optional"/ marker in supported.conf.
  Flip split_optional definition in kernel-binaries.spec.in for the
  branch that needs the splitting.
- commit 1fa25f8
krb5
- Fix KDC null deref on bad encrypted challenge; (CVE-2021-36222);
  (bsc#1188571);
- Added patches:
  * 0011-Fix-KDC-null-deref-on-bad-encrypted-challenge.patch
libX11
- redone U_CVE-2021-31535.patch due to regressions (boo#1186643)
  * fixes segfaults for xforms applications like fdesign
-  U_CVE-2021-31535.patch
libesmtp
- Add libesmtp-fix-cve-2019-19977.patch: Fix stack-based buffer
  over-read in ntlm/ntlmstruct.c (bsc#1160462 bsc#1189097).
libgcrypt
- Security fix: [bsc#1187212, CVE-2021-33560]
  * Libgcrypt mishandles ElGamal encryption because it lacks exponent
    blinding to address a side-channel attack against mpi_powm
- Add patches:
  * libgcrypt-CVE-2021-33560-ElGamal-exponent-blinding.patch
  * libgcrypt-CVE-2021-33560-fix-ElGamal-enc.patch
libjpeg-turbo
  fix CVE-2020-17541 [bsc#1186764], stack-based buffer overflow in the "/transform"/ component
  + libjpeg-turbo-CVE-2020-17541.patch
- security update
- added patches
libnettle
- Security fix: [CVE-2021-3580, bsc#1187060]
  * Remote crash in RSA decryption via manipulated ciphertext
- Add patches:
  * libnettle-CVE-2021-3580-rsa_sec.patch
  * libnettle-CVE-2021-3580-rsa_decrypt.patch
libsndfile
- Fix heap buffer overflow vulnerability in msadpcm_decode_block
  (CVE-2021-3246, bsc#1188540):
  ms_adpcm-Fix-and-extend-size-checks.patch
- Fix segfault in wav conversion due to the invalid loop count
  (CVE-2018-19758, bsc#1117954):
  libsndfile-wav-loop-count-fix.patch
- Fix buffer overflow in sndfile-deinterleave, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139, bsc#1116993,
  CVE-2018-19432):
libstorage-ng
- remove double mount options (see bsc#1186298)
- 4.2.77
libxml2
- Security fix: [bsc#1186015, CVE-2021-3541]
  * Exponential entity expansion attack bypasses all existing
    protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
- Security fix: [bsc#1185698, bsc#1185879, CVE-2021-3537]
libzypp
- Enhance XML output of repo GPG options (fixes openSUSE/zypper#390)
  In addition to the effective values, add optional attributes
  showing the raw values actually present in the .repo file.
  (raw_gpgcheck, raw_repo_gpgcheck, raw_pkg_gpgcheck)
- Link all executables with -pie (bsc#1186447)
- Ship an empty /etc/zypp/needreboot per default (fixes #311, jsc#PM-2645)
  If packages want to trigger the reboot-needed hiint upon installation
  they may provide 'installhint(reboot-needed)'.
  Builtin packages triggering the hint without the provides are
  only kernel and kernel-firmware related.
- Add Solvable::isBlacklisted as superset of retracted and ptf
  packages (bsc#1186503)
- Fix segv if ZYPP_FULLOG is set (fixes #317)
- version 17.27.0 (22)
- Work around download.o.o broken https redirects.
- Allow trusted repos to add additional signing keys (bsc#1184326)
  Repositories signed with a trusted gpg key may import additional
  package signing keys. This is needed if different keys were used
  to sign the the packages shipped by the repository.
- MediaCurl: Fix logging of redirects.
- Use 15.3 resolver problem and solution texts on all distros.
- $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the
  zypp lock (bsc#1184399)
  Helps boot time services like 'zypper purge-kernels' to wait for
  the zypp lock until other services using zypper have completed.
- Fix purge-kernels is broken in Leap 15.3 (bsc#1185325)
  Leap 15.3 introduces a new kernel package called
  kernel-flavour-extra, which contain kmp's. Currently kmp's are
  detected by name "/.*-kmp(-.*)?"/ but this does not work which
  those new packages. This patch fixes the problem by checking
  packages for kmod(*) and ksym(*) provides and only falls back to
  name checking if the package in question does not provide one of
  those.
- Introduce zypp-runpurge, a tool to run purge-kernels on
  testcases.
- version 17.26.0 (22)
- Fix service detection with cgroupv2 (bsc#1184997)
lua53
- Sync with Factory (5.3.6), includes fixes for
  - Long brackets with a huge number of '=' overflow some
    internal buffer arithmetic.
  - bsc#1123043 CVE-2019-6706 Fix free-after-use bug in
    lua_upvaluejoin function of lapi.c
- Remove upstreamed patches:
  - CVE-2019-6706-use-after-free-lua_upvaluejoin.patch
- Update to version 5.3.6:
  * Fixes bugs found in Lua 5.3.5 and Lua 5.4.0
  * Lua 5.3 is now EOL
- Removed upstream-bugs.patch: new release (no bugs found yet)
- Removed upstream-bugs-backport-lua54.patch: new release (no bugs found yet)
- Added upstream-bugs.patch: upstream bug patches
  * Patches 2,3,4
- Added upstream-bugs-backport-lua54.patch: bugs discovered in lua54
  * Patch 10: CVE-2020-24371, boo#1175449
  * Patch 11: CVE-2020-24370, boo#1175448
  * Patch 13
- Add RISC-V to list of 64-bit architectures
- Use FAT LTO objects in order to provide proper static library.
- Update to 5.3.5:
  (it is really problematic to find ANY documentation of changes
  between minor versions; the best we have is
  https://www.lua.org/bugs.html)
  - Long brackets with a huge number of '=' overflow some
    internal buffer arithmetic.
  - Small build tweaks.
lvm2
- Link test as position independent executable (bsc#1184124).
  + bug-1184124-link-tests-as-PIE.patch
mgr-libmod
- version 4.1.9-1
- Ignore self-dependencies (bsc#1186502)
nfs-utils
- Add 0019-gssd-use-mutex-to-protect-decrement-of-refcount.patch
  A field was modified by multiple threads without locking.
  This can lead to use-after-free.
  (bsc#1183194)
openldap2
- bsc#1187210 - Resolve bug in the idle / connection TTL timeout
  implementation in OpenLDAP.
  * 0231-ITS-9468-Added-test-case-for-proxy-re-binding-anonym.patch
  * 0232-ITS-9468-back-ldap-Return-disconect-if-rebind-cannot.patch
  * 0233-ITS-9468-removed-accidental-unicode-characters.patch
  * 0234-ITS-9468-documented-that-re-connecting-does-not-happ.patch
  * 0235-ITS-9468-summarize-discussion-about-rebind-as-user.patch
  * 0236-ITS-9468-fixed-typos.patch
  * 0237-ITS-9468-always-init-lc_time-and-lc_create_time.patch
  * 0238-ITS-9468-do-not-arm-expire-timer-for-connections-tha.patch
openssh
- Add openssh-mitigate-lingering-secrets.patch (bsc#1186673), which
  attempts to mitigate instances of secrets lingering in memory
  after a session exits.
openssl-1_1
- Other OpenSSL functions that print ASN.1 data have been found to assume that
  the ASN1_STRING byte array will be NUL terminated, even though this is not
  guaranteed for strings that have been directly constructed. Where an application
  requests an ASN.1 structure to be printed, and where that ASN.1 structure
  contains ASN1_STRINGs that have been directly constructed by the application
  without NUL terminating the "/data"/ field, then a read buffer overrun can occur.
  * CVE-2021-3712 continued
  * bsc#1189521
  * Add CVE-2021-3712-other-ASN1_STRING-issues.patch
  * Sourced from openssl-CVE-2021-3712.tar.bz2 posted on bsc-1189521
    2021-08-24 00:47 PDT by Marcus Meissner
- A bug in the implementation of the SM2 decryption code means that the
  calculation of the buffer size required to hold the plaintext returned by the
  first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
  the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
  called by the application a second time with a buffer that is too small.
  * CVE-2021-3711
  * bsc#1189520
  * Add:
    CVE-2021-3711-1-Correctly-calculate-the-length-of-SM2-plaintext-give.patch
    CVE-2021-3711-2-Extend-tests-for-SM2-decryption.patch
    CVE-2021-3711-3-Check-the-plaintext-buffer-is-large-enough-when-decr.patch
- The function X509_aux_print() has a bug which may cause a read buffer overrun
  when printing certificate details. A malicious actor could construct a
  certificate to deliberately hit this bug, which may result in a crash of the
  application (causing a Denial of Service attack).
  * CVE-2021-3712
  * bsc#1189521
  * Add CVE-2021-3712-Fix-read-buffer-overrun-in-X509_aux_print.patch
pam-config
- Add "/revoke"/ to the option list for pam_keyinit
  (Remove some leftover debugs while we're at it)
  [pam-config-fix-pam_keyinit-options.patch]
- prior to writing an service-specific config file, the main function
  calls access() on the destination file in /etc/pam.d.
  This will fail and no config file will be written when the original
  config file was installed in /usr/etc/pam.d.
  A similar problem exists when creating the new service file:
  create_service_file() wants to give the new service file the same
  user, group and mode as the old one, but the old one may not exist.
  In that case, set these to 0(root), 0(root), and 0644.
  [pam-config-remove-bad-access-call.patch, bsc#1187091]
patterns-base
- Fix bug in create_32bit-patterns_file.pl leading to bogus
  "/Recommends: pattern()-32bit"/
- Ignore boolean deps in create_32bit-patterns_file.pl for now
- Run pre_checkin.sh, was overdue
- Make the fips pattern supersede "/patterns-server-enterprise-fips"/,
  take missing pieces and obsolete it
- Add pattern to install necessary packages for FIPS (bsc#1183154)
patterns-suse-manager
- Add require for py27-compat-salt (salt 3002 does not provide
  python2-salt anymore)
pcre
- Do not run profiling 'check' in parallel
  to make package build reproducible (boo#1040589)
pcre2
- Added 0001-Fixed-atomic-group-backtracking-bug.patch
  * bsc#1187937
  * PHP 7.6.4 on s390x returns different results for preg_match
    function as compared to older PHP versions and x86
  * Sourced from upstream subversion commit:
    $ svn log -r965 svn://vcs.pcre.org/pcre2/code/trunk
postfix
- (bsc#1186669) - postfix.service has "/Requires=var-run.mount"/
  Remove bad requirements
postgresql
- Re-enable build of the llvmjit subpackage on SLE, but it will
  only be delivered on PackageHub for now (boo#1183118).
- Bump default version to 13 for SLE-15-SP3.
postgresql12
- Upgrade to version 12.7:
  * https://www.postgresql.org/docs/12/release-12-7.html
  * CVE-2021-32027, bsc#1185924:
    Prevent integer overflows in array subscripting calculations.
  * CVE-2021-32028, bsc#1185925: Fix mishandling of “junk”
    columns in INSERT ... ON CONFLICT ... UPDATE target lists.
  * CVE-2021-32029, bsc#1185926: Fix possibly-incorrect
    computation of UPDATE ... RETURNING
    "/pg_psql_temporary_savepoint"/ does not exist”.
- Don't use %_stop_on_removal, because it was meant to be private
  and got removed from openSUSE. %_restart_on_update is also
  private, but still supported and needed for now (bsc#1183168).
- Re-enable build of the llvmjit subpackage on SLE, but it will
  only be delivered on PackageHub for now (boo#1183118).
- Remove leftover PreReq on chkconfig, we stopped using it long
  time ago.
- boo#1179945: Disable icu for PostgreSQL 10 (and older) on TW.
psmisc
  * Fix bsc#1185208 to make private mount namespaces work as well
    as to distinguish NFS mounts from same remote device share.
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
publicsuffix
- Update to version 20210804 (bsc#1189124):
  * Add elementor.cloud and elementor.cool (#1386)
  * add eero ddns domains (#1359)
  * add Adobe Project Helix domains to the list (#1378)
  * util: gTLD data autopull updates for 2021-07-24T15:13:29 UTC (#1384)
  * Add Spreadshop hosting domains: myspreadshop.com plus country-specific (#1368)
  * Add Supabase domains (#1363)
  * Add YunoHost DynDns domains: ynh.fr (#1380)
  * Update public_suffix_list.dat (#1376)
  * add new domains for thingdust AG (#1361)
  * Update public_suffix_list.dat (#1381)
  * Adding sellfy.store pages which render user generated content (#1379)
  * Add itcouldbewor.se to public suffix list (#1375)
  * Adding bitbucket.io pages which render user generated content (#1374)
  * Add rs.ba suffix (#1367)
  * Add tuleap-partners.com (#1360)
  * Add drr.ac and ju.mp (#1355)
  * Add cdn.prod.atlassian-dev.net (#1357)
  * Remove uwu.nu (#1377)
  * util: gTLD data autopull updates for 2021-07-22T15:14:11 UTC (#1382)
- Update to version 20210707:
  * util: gTLD data autopull updates for 2021-07-07T15:17:15 UTC (#1369)
  * util: gTLD data autopull updates for 2021-06-26T15:13:32 UTC (#1362)
- Update to version 20210615:
  * Removing a private subregistry in .CL due to deprecation. (#1352)
  * Add ddns5.com to private section (#1353)
  * Add shop.brendly.rs (#1309)
  * add mediatech.by and mediatech.dev domains (#1333)
  * newgtlds.go : update Autopull - Added URL for the IANA PSL for #1325 (#1347)
  * Add minisite.ms (#1344)
  * Revert "/Add multibaas.app and multibaas.com (#1233)"/ (#1337)
  * Add appudo.net (#1340)
  * Adding adimo.co.uk (#1343)
  * Add postman dev domains (#1339)
  * Reverting change
  * set default project to list modification and assign to jothan
  * Tickboxes and text added to help reduce self-harm requests
  * submitter affirm not working around 3p limits; ask DNS leaf remain
  * Remove github.dev from PSL (#1335)
  * Add novecore.site (#1331)
  * Add jotelulu.cloud (#1330)
  * Add bluebite.io (#1313)
  * Added onavstack.net (#1299)
  * Update public_suffix_list.dat (#1273)
- Update to version 20210519:
  * Update Contributing.md
  * Change domain list for PE Ulyanov Kirill Sergeevic (#1306)
  * Remove wildcard (#1318)
- Update to version 20210511:
  * util: gTLD data autopull updates for 2021-05-11T15:13:51 UTC (#1316)
  * Add authgearapps.com authgear-staging.com (#1304)
  * Add goupile.fr (#1307)
  * Add hosp.uk to our existing domains (#1308)
  * Update README.md
  * Add noop.app and *.developer.app to PSL (#1265)
  * Add github dev domains (#1290)
  * added Storebase.store (#1291)
  * Update to pythonanywhere entries (#1298)
  * Update README.md - added Apple / Facebook note
  * addition of ss sld's sch.ss and me.ss (#1247)
  * util: gTLD data autopull updates for 2021-04-22T15:17:15 UTC (#1292)
- Update to version 20210419:
  * exclude gov.st from publicsuffix since host act as public domain (#1257)
  * util: gTLD data autopull updates for 2021-04-17T15:15:54 UTC (#1284)
  * Add wixsite.com and editorx.io (#927)
  * Update public_suffix_list.dat (#1263)
  * Adding reserve-online.net, reserve-online.com, bookonline.app, hotelwithflight.com (#1254)
  * Update Platform.sh domains (#1256)
  * New Jelastic public domains are added and existing ones are reviewed (#1259)
- Update to version 20210330:
  * Fix-up ordering of entries (#1255)
  * Adding mazeplay.com (#1253)
  * Adding Tradable Bits (#1240)
  * Update forgeblocks, add subdomain to psl (#1252)
  * Additional suffix `id.repl.co` for Repl.it (#1239)
  * Add ravpage.co.il (#1250)
  * accesso - Adding devcdnaccesso (#1248)
  * util: gTLD data autopull updates for 2021-03-27T15:15:49 UTC (#1249)
  * Added forgeblocks.com to psl (#1238)
  * Update atl/njs/ric.jelastic.vps host.net (#1242)
  * util: gTLD data autopull updates for 2021-03-24T15:07:34 UTC (#1243)
  * add paywhirl.com for site users (#1237)
  * Add shiftcrypto.dev and shiftcrypto.io (#1236)
  * Add hra.health to PSL (#1234)
  * Add multibaas.app and multibaas.com (#1233)
  * added service magnet to PSL (#1232)
  * Add subdomains of pythonanywhere.com and eu.pythonanywhere.com (#1229)
  * Add cafjs.com (#1228)
  * Update public_suffix_list.dat (#1225)
  * Switch the TLD update workflow to daily (#1226)
  * util: gTLD data autopull updates for 2021-03-04T15:37:37 UTC (#1224)
  * Update Email address for GOV.UK PaaS (#1220)
  * Add Clerk staging domains, change email to systems@ (#1222)
  * sourcehut: add srht.site (#1218)
  * Add cloudsite.builders (#1219)
  * Add service.gov.scot (#1221)
  * Add framer.app and framercanvas.com to PSL (#1217)
- Update to version 20210221:
  * Add noticeable.news (#1216)
  * CI: remove "/labels"/ config from tld-update.yml workflow. (#1215)
  * util: gTLD data autopull updates for 2021-02-20T20:31:36 UTC (#1214)
  * Update .my in ICANN section (#1213)
  * Add edgecompute.app (#1212)
  * tools: improved newgtlds.go, removed replace-between. (#1204)
  * Update PSL for broader use-cases for northflank.app and code.run domains. (#1210)
  * Added eurodir.ru (#1207)
- Update to version 20210211:
  * Add mcpre.ru, mcdir.me to mchost.ru subsection (#1206)
  * Add awsglobalaccelerator.com (#1199)
  * Add northflank.app and code.run to PSL (#1198)
  * gTLD autopull: 2021-02-07 (#1203)
- Update to version 20210128:
  * Add Appspace to PSL (#1197)
  * add torproject.net (#1196)
  * Public suffixes KU Leuven (#1194)
  * added clickrising.net (#1192)
  * Add hosting and paas from OVHcloud (#1193)
  * add missing IDN ccTLDs:  for Bahrain and Laos ( .xn--mgbcpq6gpa1a and .xn--q7ce6a ) (#1175)
  * Add try-snowplow.com to PSL (#1184)
  * Update public_suffix_list.dat (#1189)
  * Update public_suffix_list.dat (#1187)
  * removal of scapp.io and applicationcloud.io (#1186)
  * Update public_suffix_list.dat (#1185)
  * Added fireweb.app to PSL (#1181)
  * Update and rename tld-update.yml to tld-update.yml.hold
  * CI: Add Github Actions workflow for TLD updates PRs. (#1166)
- Update to version 20210108:
  * Added ghost.io to PSL (#1180)
  * Add myshopify.com (#1179)
- Update to version 20201223:
  * gTLD autopull: 2020-12-21 (#1172)
  * Featherhead: Remove defunct project (#1171)
  * Add needed suffixes for WPMU DEV hosting and CDNs (#1169)
  * Add GünstigBestellen domains (#1170)
  * add deno.dev (#1167)
  * Update WoltLab Cloud Domains (#1168)
  * gTLD autopull: 2020-12-11 (#1165)
  * Update public_suffix_list.dat (#1162)
  * Add lohmus.me to the private section (#1161)
  * Add flap.id domain (#1160)
  * UPDATE TO SLD ON HOSTBIP SECTION (#1130)
  * Third level .рус domains for the PRIVATE section (#1159)
  * Add orsites.com to the list of domains (#1157)
  * Add webthings.io and krellian.net (#1154)
  * gTLD autopull: 2020-12-10 (#1164)
  * gTLD autopull: 2020-11-30 (#1155)
  * The list of Jelastic public domains was extended. Addition to #1023 #1063 #1092 #1095 (#1151)
  * gTLD autopull: 2020-11-21 (#1152)
  * Add ondigitalocean.app to the list of domains (#1150)
  * Add private domains for airy.host (#1149)
  * gTLD autopull: 2020-11-11 (#1148)
  * Update public_suffix_list.dat (#1147)
  * Add of.je (#1131)
  * Update the existing Names.of.London Public List (#1146)
  * Del linkitools.space nxd from Private (#1145)
  * Del ptplus.fit NXD from Private (#1144)
  * Del cloudeity.net NXD from Private (#1143)
  * Del uklugs.org NXD from Private section (#1142)
  * Del xenapponazure.com from Private (#1141)
  * Added an RSS feed URL (#1140)
  * gTLD autopull: 2020-11-03 (#1139)
  * Add secaas.hk (#1138)
  * Adding qoto.io (#1129)
  * Add fh-muenster.io to PSL (#1134)
  * gTLD autopull: 2020-10-28 (#1135)
  * Update pull_request_template.md (#1116)
- Update to version 20201026:
  * gTLD autopull: 2020-10-12
  * Remove algorithmia.com
  * Add azurestaticapps.net dns suffixes
  * Adds *.gateway.dev
  * Add cdn-edges.net
  * Sort Alphabet entries by TLD first and then by SLDD
  * Add service.one as a public suffix
  * Add tlon.network
  * Add iopsys.se
  * The list of Jelastic public domains was extended
  * Add wapblog's domain
  * added localzone.xyz
  * Adds translate.goog and tr-test.goog
  * Add bip.sh
  * Add .tm.dz
  * Add js.wpenginepowered.com
  * Updated comments with new URLs to the different lists of domains
- Update to version 20200909:
  * Update gTLD list to 2020-09-09
  * Add pages.dev
  * Add gsj.bz
  * Added gitapp.si
  * Add small-web.org domain under Small Technology Foundation
  * Update to ICANN and private SLDs on CentralNic registry platform
  * The list of Jelastic public domains was extended
  * Add forte.id
  * Add Danger Science Group domains
  * Switch cloud.metacentrum.cz from suffix to wildcard notation
  * Added mcpe.me
  * Add omniwe.site
  * Add GOV.UK Pay test environment domain
- Update to version 20200810:
  * Add algorithmia.com (#1071)
  * Added Mythic Beasts (#1075)
  * gTLD autopull: 2020-08-07 (#1085)
  * add rdv.to domains for pcarrier.ca Software Inc. (#1039)
  * thingdust AG: added in-house domains of internal services (#1031)
  * Add mcdir.ru and vps.mcdir.ru (#1051)
  * Add na4u.ru to list (#998)
  * gTLD autopull: 2020-07-29 (#1079)
  * gTLD autopull: 2020-07-28 (#1077)
  * add impertrix.com and impertrixcdn.com (#1060)
  * gTLD autopull: 2020-07-18 (#1069)
  * Add 12 sub zones to .br [20200714 update] (#1068)
- Update to version 20200715:
  * Add cn.vu (#987)
  * Add opensocial.site (#1056)
  * Add wpenginepowered.com (#1064)
  * The list of Jelastic public domains was extended. Addition to #1023 (#1063)
  * Update platform.sh (#1061)
  * add pages.wiardweb.com (#1035)
  * Update public_suffix_list.dat (#1036)
  * gTLD autopull: 2020-06-27 (#1059)
  * Removal of education.tas.edu.au (#977)
  * gTLD autopull: 2020-06-24 (#1057)
  * gTLD autopull: 2020-06-20 (#1055)
- Update to version 20200616:
  * Fix broken links in nic.lk (#1053)
  * Remove fastpanel.direct for FASTVPS EESTI OU (#1024)
  * Add gitpage.si to private domains section (#1013)
  * add hostyhosting.io (#1046)
  * Add wien.funkfeuer.at to private section (#1041)
  * Update public_suffix_list.dat (#1029)
  * Update public_suffix_list.dat (#1050)
  * Add plesk.page and pleskns.com suffix to private section (#1048)
  * gTLD autopull: 2020-06-11 (#1049)
  * gTLD autopull: 2020-06-05 (#1047)
  * gTLD autopull: 2020-05-28 (#1045)
  * gTLD autopull: 2020-05-27 (#1044)
  * add g.vbrplsbx.io domain (#994)
  * Jelastic public domains are added (#1023)
  * Add vercel.app and vercel.dev and update now.sh listing in private section (#1019)
  * Add *.backyards.banzaicloud.io and *.banzai.cloud (#1025)
  * add seidat.net private domain (#974)
  * Added gentlentapis.com (#984)
  * Update public_suffix_list.dat (#1037)
  * Remove bitballoon.com and netlify.com (#1020)
  * Add *.owo.codes (#973)
  * Add plesk.page and pdns.page suffix to private section (#1022)
  * Add kasserver.com to Private Section (#1016)
  * Update Linode PSL entries (#1026)
  * Add fly.io suffixes (#1015)
  * Update public_suffix_list.dat (#1000)
  * Add Voxel.sh DNS public suffixes (#1014)
py26-compat-salt
- Enhance openscap module: add "/xccdf_eval"/ call
- Added:
  * enhance-openscap-module-add-xccdf_eval-call-397.patch
- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
- Added:
  * prevent-command-injection-in-the-snapper-module-bsc-.patch
python-dbus-python
- Update to latest version from tumbleweed jira#OPENSUSE-22
  boo#1183818
- Enable testsuite
- update to 1.2.16:
  * All tests are run even if the tap.py module is not available, although
    diagnostics for failing tests will be better if it is present.
  * Forbid unexpanded AX-prefixed macros more selectively
- Support builds with more than one python3 flavor
  gh#openSUSE/python-rpm-macros#66
- Remove shebang from examples (rpmlint warning, is in common doc)
- Clean duplicate python flavor variables for configure
- Update the provides/obsoletes tags for old-style dbus-1-$python
- Version update to version 1.2.14:
  * Ensure that the numeric types from dbus.types get the same
    str() under Python 3.8 that they did under previous versions.
  * Disable -Winline.
  * Add Python 3.8 to CI.
  - Changes in version 1.2.12:
  * Don't save and restore the exception indicator when called
    from C code.
  - Changes in version 1.2.10:
  * Rewrite CONTRIBUTING.md document, based on Wayland's equivalent
  * Add clearer license information using SPDX-License-Identifier.
  * Improve test coverage.
  * Don't set deprecated tp_print to NULL under Python 3.
  * Include inherited methods and properties when documenting
    objects, which regressed when migrating from epydoc to sphinx.
  * Add missing variant_level member to UnixFd type, for parity
    with the other dbus.types types (dbus-python!3.
  - Note that this is a potentially incompatible change: unknown
    keyword arguments were previously ignored (!) and are now an
    error.
  * Don't reply to method calls if they have the NO_REPLY_EXPECTED
    flag (fd.o#32529, dbus-python#26.
  * Silence -Wcast-function-type with gcc 8.
  * Fix distcheck with python3.7 by deleting __pycache__ during
    uninstall.
  * Consistently save and restore the exception indicator when
    called from C code.
  * Avoid a long-standing race condition in the automated tests.
  * Fix Qt website URL.
- Up dbus dependency; 1.8 is now required.
- Add missing dependency for pkg-config files
- Version update to version 1.2.8:
  * Python 2.7 required or 3.4 respectively
  * Tests use tap.py functionality
  * Upstream dropped epydoc completely
  * See NEWS for more
- Use requires_ge instead of the rpm calls
python-hwdata
- Modified to build on RHEL8.
python-libxml2-python
- Security fix: [bsc#1186015, CVE-2021-3541]
  * Exponential entity expansion attack bypasses all existing
    protection mechanisms.
- Add libxml2-CVE-2021-3541.patch
- Security fix: [bsc#1185698, bsc#1185879, CVE-2021-3537]
python-pyasn1

      
python-pycparser

      
python-pyzmq
- update to version 17.1.2 (fixes boo#1186945)
  * Fix possible hang when working with asyncio
  * Remove some outdated workarounds for old Cython versions
  * Fix some compilation with custom compilers
  * Remove unneeded link of libstdc++ on PyPy
python-urllib3
- Add %dir declaration for %{_licensedir}
- Add CVE-2021-33503.patch (bsc#1187045, CVE-2021-33503)
  * Improve performance of sub-authority splitting in URL
- Update in SLE-15 (bsc#1182422, jsc#ECO-3352, jsc#PM-2485)
- Enable python2 builds
- Re-add file permissions in %file section
- Undo python2/3 split in %install section
- Skip test for RECENT_DATE. It is a test purely for developers.
  To maintain reproducibility, keep upstreams possibly outdated
  RECENT_DATE in the source code.
- Add CI variable, which makes timeouts in the test suite longer
  (gh#urllib3/urllib3#2109, bsc#1176389) and
  test_timeout_errors_cause_retries should not fail.
- Generate pyc for ssl_match_hostname too
- update to 1.25.10:
  * Added support for ``SSLKEYLOGFILE`` environment variable for
    logging TLS session keys with use with programs like
    Wireshark for decrypting captured web traffic (Pull #1867)
  * Fixed loading of SecureTransport libraries on macOS Big Sur
    due to the new dynamic linker cache (Pull #1905)
  * Collapse chunked request bodies data and framing into one
  call to ``send()`` to reduce the number of TCP packets by 2-4x (Pull #1906)
  * Don't insert ``None`` into ``ConnectionPool`` if the pool
    was empty when requesting a connection (Pull #1866)
  * Avoid ``hasattr`` call in ``BrotliDecoder.decompress()`` (Pull #1858)
- update to 1.25.9 (bsc#1177120, CVE-2020-26137):
  * Added ``InvalidProxyConfigurationWarning`` which is raised when
    erroneously specifying an HTTPS proxy URL. urllib3 doesn't currently
    support connecting to HTTPS proxies but will soon be able to
    and we would like users to migrate properly without much breakage.
  * Drain connection after ``PoolManager`` redirect (Pull #1817)
  * Ensure ``load_verify_locations`` raises ``SSLError`` for all backends (Pull #1812)
  * Rename ``VerifiedHTTPSConnection`` to ``HTTPSConnection`` (Pull #1805)
  * Allow the CA certificate data to be passed as a string (Pull #1804)
  * Raise ``ValueError`` if method contains control characters (Pull #1800)
  * Add ``__repr__`` to ``Timeout`` (Pull #1795)
- Explicitly switch off building python 2 version.
- update to 1.25.8
  * Drop support for EOL Python 3.4
  * Optimize _encode_invalid_chars
  * Preserve chunked parameter on retries
  * Allow unset SERVER_SOFTWARE in App Engine
  * Fix issue where URL fragment was sent within the request target.
  * Fix issue where an empty query section in a URL would fail to parse.
  * Remove TLS 1.3 support in SecureTransport due to Apple removing support.
- Require a new enough release of python-six. 1.25.6 needs at least
  1.12.0 for ensure_text() and friends.
- Updae to 1.25.6:
  * Fix issue where tilde (~) characters were incorrectly percent-encoded in the path. (Pull #1692)
- Restrict the tornado dep from tom to 5 or older release as the
  6.x changed the API
- Update to 1.25.5:
  * Add mitigation for BPO-37428 affecting Python <3.7.4 and OpenSSL 1.1.1+ which caused certificate verification to be enabled when using cert_reqs=CERT_NONE. (Issue #1682)
  * Propagate Retry-After header settings to subsequent retries. (Pull #1607)
  * Fix edge case where Retry-After header was still respected even when explicitly opted out of. (Pull #1607)
  * Remove dependency on rfc3986 for URL parsing.
  * Fix issue where URLs containing invalid characters within Url.auth would raise an exception instead of percent-encoding those characters.
  * Add support for HTTPResponse.auto_close = False which makes HTTP responses work well with BufferedReaders and other io module features. (Pull #1652)
  * Percent-encode invalid characters in URL for HTTPConnectionPool.request() (Pull #1673)
- Drop patch urllib3-ssl-default-context.patch
- Drop patch python-urllib3-recent-date.patch the date is recent
  enough on its own
- Use have/skip_python2/3 macros to allow building only one flavour
- Use old pytest 3.x as newer do not work with this release
  * this will be fixed with next release, just spread among
    numerous fixes in the git for quick backporting
- Fixup pre script: the migration issue happens when changing from
  python-urllib3 to python2-urllib3: the number of installed
  instances of python2-urlliib3 is at this moment 1, unlike in
  regular updates. This is due to a name change, which consists not
  of a pure package update.
- Provides/Obsoletes does not fix the issue: we have a
  directory-to-symlink switch, which cannot be handled by RPM
  internally. Assist using pre script (boo#1138715).
- Fix Upgrade from Leap 42.1/42.2 by adding Obsoletes/Provides:
  python-urllib3, fixes boo#1138746
- Add more test to skip as with new openssl some behaviour changed
  and we can't rely on them anymore
- Unbundle the six, rfc3986, and backports.ssl_match_hostname
- Add missing dependency on python-six (bsc#1150895)
- Update to 1.25.3:
  * Change HTTPSConnection to load system CA certificates when ca_certs, ca_cert_dir, and ssl_context are unspecified. (Pull #1608, Issue #1603)
  * Upgrade bundled rfc3986 to v1.3.2. (Pull #1609, Issue #1605)
- Update to 1.25.2:
  * Change is_ipaddress to not detect IPvFuture addresses. (Pull #1583)
  * Change parse_url to percent-encode invalid characters within the path, query, and target components. (Pull #1586)
  * Add support for Google's Brotli package. (Pull #1572, Pull #1579)
  * Upgrade bundled rfc3986 to v1.3.1 (Pull #1578)
- Require all the deps from the secure list rather than Recommend.
  This makes the check to be run always and ensure the urls are
  "/secure"/.
- Remove ndg-httpsclient as it is not needed since 2015
- Add missing dependency on brotlipy
- Fix the tests to pass again
- update to 1.25 (bsc#1132663, bsc#1129071, CVE-2019-9740, CVE-2019-11236):
  * Require and validate certificates by default when using HTTPS
  * Upgraded ``urllib3.utils.parse_url()`` to be RFC 3986 compliant.
  * Added support for ``key_password`` for ``HTTPSConnectionPool`` to use
    encrypted ``key_file`` without creating your own ``SSLContext`` object.
  * Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport ``SSLContext``
    implementations. (Pull #1496)
  * Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
  * Fixed issue where OpenSSL would block if an encrypted client private key was
    given and no password was given. Instead an ``SSLError`` is raised.
  * Added support for Brotli content encoding. It is enabled automatically if
  ``brotlipy`` package is installed which can be requested with
  ``urllib3[brotli]`` extra.
  * Drop ciphers using DSS key exchange from default TLS cipher suites.
    Improve default ciphers when using SecureTransport.
  * Implemented a more efficient ``HTTPResponse.__iter__()`` method.
- Drop urllib3-test-ssl-drop-sslv3.patch . No longer needed
- Update to 1.24.2 (bsc#1132900, CVE-2019-11324):
  - Implemented a more efficient HTTPResponse.__iter__() method.
    (Issue #1483)
  - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
    (Pull #1487)
  - Remove Authorization header regardless of case when
    redirecting to cross-site. (Issue #1510)
  - Added support for key_password for HTTPSConnectionPool to use
    encrypted key_file without creating your own SSLContext
    object. (Pull #1489)
  - Fixed issue where OpenSSL would block if an encrypted client
    private key was given and no password was given. Instead an
    SSLError is raised. (Pull #1489)
  - Require and validate certificates by default when using HTTPS
    (Pull #1507)
  - Added support for Brotli content encoding. It is enabled
    automatically if brotlipy package is installed which can be
    requested with urllib3[brotli] extra. (Pull #1532)
  - Add TLSv1.3 support to CPython, pyOpenSSL, and
    SecureTransport SSLContext implementations. (Pull #1496)
  - Drop ciphers using DSS key exchange from default TLS cipher
    suites. Improve default ciphers when using SecureTransport.
    (Pull #1496)
  - Add support for IPv6 addresses in subjectAltName section of
    certificates. (Issue #1269)
  - Switched the default multipart header encoder from RFC 2231
    to HTML 5 working draft. (Issue #303, PR #1492)
- Update to 1.24.1:
  * Remove quadratic behavior within GzipDecoder.decompress()
    (Issue #1467)
  * Restored functionality of ciphers parameter for
    create_urllib3_context(). (Issue #1462)
release-notes-susemanager
- Revision 4.1.10
- Bugs mentiond
  bsc#1164192, bsc#1167586, bsc#1173143, bsc#1181223, bsc#1182769,
  bsc#1182817, bsc#1186025, bsc#1186650, bsc#1187441, bsc#1187621,
  bsc#1187787, bsc#1187813, bsc#1187963, bsc#1188032, bsc#1188073,
  bsc#1188170, bsc#1188193, bsc#1188260, bsc#1188400
- Revision 4.1.9
- Bugs mentioned
  bsc#1164192, bsc#1167586, bsc#1173692, bsc#1176512, bsc#1179954,
  bsc#1180650, bsc#1182810, bsc#1183151, bsc#1183992, bsc#1183994,
  bsc#1184118, bsc#1184283, bsc#1184330, bsc#1184659, bsc#1184813,
  bsc#1185015, bsc#1185131, bsc#1185507, bsc#1185522, bsc#1185628,
  bsc#1185679, bsc#1186016, bsc#1186017, bsc#1186281, bsc#1186287,
  bsc#1186310, bsc#1186319, bsc#1186325, bsc#1186502, bsc#1186581,
  bsc#1186653, bsc#1186744, bsc#1187066
- SUSE Manager 4.1.8. Explictly mention SLES ES 6 is also EOL, and
  mention the Prometheus Exporters formula can now be used for Ubuntu.
- Revision 4.1.8
- Bugs mentioned
  bsc#1186124, bsc#1184561, bsc#1184361, bsc#1151558, bsc#1184471,
  bsc#1186025, bsc#1182744, bsc#1185281, bsc#1185042, bsc#1185097,
  bsc#1183864, bsc#1184351, bsc#1185568, bsc#1178767, bsc#1180673,
  bsc#1184940, bsc#1184849, bsc#1184929, bsc#1184475, bsc#1184311,
  bsc#1184005, bsc#1184286, bsc#1175216, bsc#1185965, bsc#1183845,
  bsc#1184332, bsc#1186346, bsc#1183649, bsc#1183649, bsc#1184617,
  bsc#1172711, bsc#1183573, bsc#1186765, bsc#1185506, bsc#1185568,
  bsc#1186858, bsc#1183845, bsc#1184892, bsc#1186508, bsc#1180994
salt
- Do noop for services states when running systemd in offline mode (bsc#1187787)
- transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
- Handle "/master tops"/ data when states are applied by "/transactional_update"/ (bsc#1187787)
- Enhance openscap module: add "/xccdf_eval"/ call
- virt: pass emulator when getting domain capabilities from libvirt
- Adding preliminary support for Rocky Linux
- Implementation of held/unheld functions for state pkg (bsc#1187813)
- Replace deprecated Thread.isAlive() with Thread.is_alive()
- Fix exception in yumpkg.remove for not installed package
- Fix save for iptables state module (bsc#1185131)
- virt: use /dev/kvm to detect KVM
- zypperpkg: improve logic for handling vendorchange flags
- Add bundled provides for tornado to the spec file
- Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
- Add "/python3-pyinotify"/ as a recommended package for Salt in SUSE/OpenSUSE distros
- Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
- Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
- Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
- grains.extra: support old non-intel kernels (bsc#1180650)
- Fix missing minion returns in batch mode (bsc#1184659)
- Parsing Epoch out of version provided during pkg remove (bsc#1173692)
- Added:
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * move-vendor-change-logic-to-zypper-class-355.patch
  * enhance-logging-when-inotify-beacon-is-missing-pyino.patch
  * grains.extra-support-old-non-intel-kernels-bsc-11806.patch
  * fix-missing-minion-returns-in-batch-mode-360.patch
  * parsing-epoch-out-of-version-provided-during-pkg-rem.patch
  * handle-master-tops-data-when-states-are-applied-by-t.patch
  * figure-out-python-interpreter-to-use-inside-containe.patch
  * fix-save-for-iptables-state-module-bsc-1185131-372.patch
  * do-noop-for-services-states-when-running-systemd-in-.patch
  * virt-use-dev-kvm-to-detect-kvm-383.patch
  * virt-pass-emulator-when-getting-domain-capabilities-.patch
  * backport-thread.is_alive-fix-390.patch
  * handle-volumes-on-stopped-pools-in-virt.vm_info-373.patch
  * adding-preliminary-support-for-rocky.-59682-391.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
- Check if dpkgnotify is executable (bsc#1186674)
- Added:
  * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
- Update to Salt release version 3002.2 (jsc#ECO-3212) (jsc#SLE-18033)
- See release notes: https://docs.saltstack.com/en/latest/topics/releases/3002.2.html
- Drop support for Python2. Obsoletes "/python2-salt"/ package
- virt module updates
  * network: handle missing ipv4 netmask attribute
  * more network support
  * PCI/USB host devices passthrough support
  * drop wrong capabilities code after rebasing patches
- Set distro requirement to oldest supported version in requirements/base.txt
- Bring missing part of async batch implementation back (bsc#1182382) (CVE-2021-25315)
- Always require python3-distro (bsc#1182293)
- Remove deprecated warning that breaks minion execution when "/server_id_use_crc"/ opts is missing
- Fix pkg states when DEB package has "/all"/ arch
- Do not force beacons configuration to be a list.
  (Revert https://github.com/saltstack/salt/pull/58655)
- Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
- msgpack support for version >= 1.0.0 (bsc#1171257)
- Added:
  * 3002-set-distro-requirement-to-oldest-supported-vers.patch
  * add-alibaba-cloud-linux-2-by-backporting-upstream-s-.patch
  * add-almalinux-and-alibaba-cloud-linux-to-the-os-fami.patch
  * add-sleep-on-exception-handling-on-minion-connection.patch
  * async-batch-implementation-fix-320.patch
  * drop-wrong-virt-capabilities-code-after-rebasing-pat.patch
  * fix-aptpkg.normalize_name-when-package-arch-is-all.patch
  * fix-grains.test_core-unit-test-277.patch
  * fix-__mount_device-wrapper-254.patch
  * opensuse-3000.2-virt-backports-236-257.patch
  * opensuse-3000.3-spacewalk-runner-parse-command-250.patch
  * opensuse-3000-libvirt-engine-fixes-251.patc
  * open-suse-3002.2-bigvm-310.patch
  * open-suse-3002.2-virt-network-311.patch
  * pkgrepo-support-python-2.7-function-call-295.patch
  * remove-deprecated-warning-that-breaks-miniion-execut.patch
  * remove-msgpack-1.0.0-requirement-in-the-installed-me.patch
  * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
  * support-transactional-systems-microos-271.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * virt.network_update-handle-missing-ipv4-netmask-attr.patch
  * zypperpkg-filter-patterns-that-start-with-dot-244.patch
- Modified:
  * 3002.2-xen-spicevmc-dns-srv-records-backports-314.patch
  * accumulated-changes-from-yomi-167.patch
  * accumulated-changes-required-for-yomi-165.patch
  * activate-all-beacons-sources-config-pillar-grains.patch
  * add-all_versions-parameter-to-include-all-installed-.patch
  * add-astra-linux-common-edition-to-the-os-family-list.patch
  * add-batch_presence_ping_timeout-and-batch_presence_p.patch
  * add-cpe_name-for-osversion-grain-parsing-u-49946.patch
  * add-custom-suse-capabilities-as-grains.patch
  * add-docker-logout-237.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-hold-unhold-functions.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * add-multi-file-support-and-globbing-to-the-filetree-.patch
  * add-new-custom-suse-capability-for-saltutil-state-mo.patch
  * add-patch-support-for-allow-vendor-change-option-wit.patch
  * add-pkg.services_need_restart-302.patch
  * add-publish_batch-to-clearfuncs-exposed-methods.patch
  * add-saltssh-multi-version-support-across-python-inte.patch
  * adds-explicit-type-cast-for-port.patch
  * add-standalone-configuration-file-for-enabling-packa.patch
  * add-supportconfig-module-for-remote-calls-and-saltss.patch
  * add-virt.all_capabilities.patch
  * allow-extra_filerefs-as-sanitized-kwargs-for-ssh-cli.patch
  * allow-passing-kwargs-to-pkg.list_downloaded-bsc-1140.patch
  * allow-vendor-change-option-with-zypper-313.patch
  * ansiblegate-take-care-of-failed-skipped-and-unreacha.patch
  * apply-patch-from-upstream-to-support-python-3.8.patch
  * async-batch-implementation.patch
  * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
  * avoid-traceback-when-http.query-request-cannot-be-pe.patch
  * backport-a-few-virt-prs-272.patch
  * backport-virt-patches-from-3001-256.patch
  * batch_async-avoid-using-fnmatch-to-match-event-217.patch
  * batch-async-catch-exceptions-and-safety-unregister-a.patch
  * batch.py-avoid-exception-when-minion-does-not-respon.patch
  * bsc-1176024-fix-file-directory-user-and-group-owners.patch
  * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
  * changed-imports-to-vendored-tornado.patch
  * debian-info_installed-compatibility-50453.patch
  * do-not-break-repo-files-with-multiple-line-values-on.patch
  * do-not-crash-when-there-are-ipv6-established-connect.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * do-not-make-ansiblegate-to-crash-on-python3-minions.patch
  * do-not-monkey-patch-yaml-bsc-1177474.patch
  * do-not-raise-streamclosederror-traceback-but-only-lo.patch
  * don-t-call-zypper-with-more-than-one-no-refresh.patch
  * drop-wrong-mock-from-chroot-unit-test.patch
  * early-feature-support-config.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * ensure-virt.update-stop_on_reboot-is-updated-with-it.patch
  * fall-back-to-pymysql.patch
  * fix-aptpkg-systemd-call-bsc-1143301.patch
  * fix-async-batch-multiple-done-events.patch
  * fix-async-batch-race-conditions.patch
  * fix-a-test-and-some-variable-names-229.patch
  * fix-a-wrong-rebase-in-test_core.py-180.patch
  * fix-batch_async-obsolete-test.patch
  * fix-bsc-1065792.patch
  * fix-cve-2020-25592-and-add-tests-bsc-1178319.patch
  * fixed-bug-lvm-has-no-parttion-type.-the-scipt-later-.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * fixes-cve-2018-15750-cve-2018-15751.patch
  * fix-failing-unit-tests-for-batch-async.patch
  * fix-for-log-checking-in-x509-test.patch
  * fix-for-some-cves-bsc1181550.patch
  * fix-for-suse-expanded-support-detection.patch
  * fix-for-temp-folder-definition-in-loader-unit-test.patch
  * fix-git_pillar-merging-across-multiple-__env__-repos.patch
  * fixing-streamclosed-issue.patch
  * fix-ipv6-scope-bsc-1108557.patch
  * fix-issue-2068-test.patch
  * fix-issue-parsing-errors-in-ansiblegate-state-module.patch
  * fix-memory-leak-produced-by-batch-async-find_jobs-me.patch
  * fix-novendorchange-option-284.patch
  * fix-onlyif-unless-when-multiple-conditions-bsc-11808.patch
  * fix-regression-on-cmd.run-when-passing-tuples-as-cmd.patch
  * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
  * fix-the-removed-six.itermitems-and-six.-_type-262.patch
  * fix-unit-test-for-grains-core.patch
  * fix-unit-tests-for-batch-async-after-refactor.patch
  * fix-virt.update-with-cpu-defined-263.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
  * fix-zypper-pkg.list_pkgs-expectation-and-dpkg-mockin.patch
  * force-zyppnotify-to-prefer-packages.db-than-packages.patch
  * get-os_arch-also-without-rpm-package-installed.patch
  * grains-master-can-read-grains.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
  * implement-network.fqdns-module-function-bsc-1134860-.patch
  * improve-batch_async-to-release-consumed-memory-bsc-1.patch
  * improvements-on-ansiblegate-module-354.patch
  * include-aliases-in-the-fqdns-grains.patch
  * info_installed-works-without-status-attr-now.patch
  * integration-of-msi-authentication-with-azurearm-clou.patch
  * invalidate-file-list-cache-when-cache-file-modified-.patch
  * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
  * loop-fix-variable-names-for-until_no_eval.patch
  * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
  * make-aptpkg.list_repos-compatible-on-enabled-disable.patch
  * make-profiles-a-package.patch
  * make-setup.py-script-to-not-require-setuptools-9.1.patch
  * move-server_id-deprecation-warning-to-reduce-log-spa.patch
  * notify-beacon-for-debian-ubuntu-systems-347.patch
  * opensuse-3000-virt-defined-states-222.patch
  * open-suse-3002.2-xen-grub-316.patch
  * option-to-en-disable-force-refresh-in-zypper-215.patch
  * path-replace-functools.wraps-with-six.wraps-bsc-1177.patch
  * prevent-ansiblegate-unit-tests-to-fail-on-ubuntu.patch
  * prevent-command-injection-in-the-snapper-module-bsc-.patch
  * prevent-import-errors-when-running-test_btrfs-unit-t.patch
  * prevent-logging-deadlock-on-salt-api-subprocesses-bs.patch
  * prevent-race-condition-on-sigterm-for-the-minion-bsc.patch
  * prevent-systemd-run-description-issue-when-running-a.patch
  * prevent-test_mod_del_repo_multiline_values-to-fail.patch
  * provide-the-missing-features-required-for-yomi-yet-o.patch
  * python3.8-compatibility-pr-s-235.patch
  * re-adding-function-to-test-for-root.patch
  * read-repo-info-without-using-interpolation-bsc-11356.patch
  * regression-fix-of-salt-ssh-on-processing-targets-353.patch
  * reintroducing-reverted-changes.patch
  * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
  * remove-deprecated-usage-of-no_mock-and-no_mock_reaso.patch
  * remove-unnecessary-yield-causing-badyielderror-bsc-1.patch
  * remove-vendored-backports-abc-from-requirements.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * return-the-expected-powerpc-os-arch-bsc-1117995.patch
  * revert-add-patch-support-for-allow-vendor-change-opt.patch
  * run-salt-api-as-user-salt-bsc-1064520.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * sanitize-grains-loaded-from-roster_grains.json.patch
  * strip-trailing-from-repo.uri-when-comparing-repos-in.patch
  * support-config-non-root-permission-issues-fixes-u-50.patch
  * support-for-btrfs-and-xfs-in-parted-and-mkfs.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
  * transactional_update-detect-recursion-in-the-executo.patch
  * transactional_update-unify-with-chroot.call.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * use-current-ioloop-for-the-localclient-instance-of-b.patch
  * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
  * virt-adding-kernel-boot-parameters-to-libvirt-xml-55.patch
  * virt._get_domain-don-t-raise-an-exception-if-there-i.patch
  * virt-uefi-fix-backport-312.patch
  * x509-fixes-111.patch
  * xen-disk-fixes-264.patch
  * xfs-do-not-fails-if-type-is-not-present.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
  * add-alibaba-cloud-linux-2-to-salt-3000-branch-351.patch
  * add-almalinux-to-the-os-family-list-340.patch
  * add-ip-filtering-by-network.patch
  * add-missing-fun-for-returns-from-wfunc-executions.patch
  * add-missing-_utils-at-loader-grains_func.patch
  * add-sleep-on-exception-handling-minion-connecting-to.patch
  * avoid-has_docker-true-if-import-messes-with-salt.uti.patch
  * backport-commit-1b16478c51fb75c25cd8d217c80955feefb6.patch
  * decide-if-the-source-should-be-actually-skipped.patch
  * do-not-report-patches-as-installed-when-not-all-the-.patch
  * fix-cve-2020-11651-and-fix-cve-2020-11652.patch
  * fix-for-bsc-1102248-psutil-is-broken-and-so-process-.patch
  * fix-for-return-value-ret-vs-return-in-batch-mode.patch
  * fix-for-unless-requisite-when-pip-is-not-installed.patch
  * fix-grains.test_core-unit-test-276.patch
  * fix-__mount_device-wrapper-253.patch
  * fix-recursion-false-detectioni-in-payload-305.patch
  * fix-regression-in-service-states-with-reload-argumen.patch
  * fix-type-error-in-tornadoimporter.patch patch
  * fix-typo-on-msgpack-version-when-sanitizing-msgpack-.patch
  * fix-zmq-hang-backport-of-saltstack-salt-58364.patch
  * loader-invalidate-the-import-cachefor-extra-modules.patch
  * make-lazyloader.__init__-call-to-_refresh_file_mappi.patch
  * make-salt.ext.tornado.gen-to-use-salt.ext.backports_.patch
  * opensuse-3000.2-virt-backports-236.patch
  * opensuse-3000-bigvm-backports-300.patch
  * opensuse-3000-libvirt-engine-fixes-248.patch
  * opensuse-3000-spacewalk-runner-parse-command-247.patch
  * opensuse-3000-virtual-network-backports-329.patch
  * pkgrepo-support-python-2.7-function-call-294.patch
  * removes-unresolved-merge-conflict-in-yumpkg-module.patch
  * revert-changes-to-slspath-saltstack-salt-56341.patch
  * set-passphrase-for-salt-ssh-keys-to-empty-string-293.patch
  * support-transactional-systems-microos-268.patch
  * update-target-fix-for-salt-ssh-and-avoiding-race-con.patch
  * use-full-option-name-instead-of-undocumented-abbrevi.patch
  * various-fixes-to-the-mysql-module-to-break-out-the-h.patch
  * zypperpkg-filter-patterns-that-start-with-dot-243.patch
- Fix issue parsing errors in ansiblegate state module
- Added:
  * fix-issue-parsing-errors-in-ansiblegate-state-module.patch
- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
- transactional_update: detect recursion in the executor
- Add subpackage salt-transactional-update (jsc#SLE-18028)
- Remove duplicate directories from specfile
- Added:
  * transactional_update-detect-recursion-in-the-executo.patch
  * prevent-command-injection-in-the-snapper-module-bsc-.patch
- Improvements on "/ansiblegate"/ module (bsc#1185092):
  * New methods: ansible.targets / ansible.discover_playbooks
  * General bugfixes
- Added:
  * improvements-on-ansiblegate-module-354.patch
- Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
- Regression fix of salt-ssh on processing targets
- Added:
  * add-alibaba-cloud-linux-2-to-salt-3000-branch-351.patch
  * regression-fix-of-salt-ssh-on-processing-targets-353.patch
- Update target fix for salt-ssh and avoiding race condition
  on salt-ssh event processing (bsc#1179831, bsc#1182281)
- Added:
  * update-target-fix-for-salt-ssh-and-avoiding-race-con.patch
- Add notify beacon for Debian/Ubuntu systems
- Added:
  * notify-beacon-for-debian-ubuntu-systems-347.patch
- Fix zmq bug that causes salt-call to freeze (bsc#1181368)
- Added:
  * fix-zmq-hang-backport-of-saltstack-salt-58364.patch
samba
- Add msDS-AdditionalDnsHostName to the keytab; (bso#14396);
  (bsc#1185420);
- Add net-ads-join dnshostname option; (bso#14396); (bsc#1185420);
- Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC;
  (bso#14406); (bsc#1185420);
shim
- Update to shim to 15.4-4.7.1 from SLE15-SP3
  + Version: 15.4, "/Thu Jul 15 2021"/
  + Update the SLE signatures
  + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441,
    bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261,
    bsc#1187260, bsc#1185232.
- Remove shim-install because the shim-install is updated in SLE
  15.4 RPM.
- shim-install: remove the unexpected residual "/removable"/ label
  for Azure (bsc#1185464, bsc#1185961)
snakeyaml
- Upgrade to upstream release 1.28
  * Fixes bsc#1159488, bsc#1186088, CVE-2017-18640
- Removed patch:
  * 0003-fix-broken-test.patch
    + not needed since integrated upstream
- Modified patch:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
  * rediff to changed context
- Upgrade to upstream release 1.25
- Removed patch:
  * 0001-Replace-bundled-base64-implementation.patch
    + replaced by other implementation
- Modified patch:
  * 0002-Replace-bundled-gdata-java-client-classes-with-commo.patch
    + Rediff to changed context
- Added patches:
  * 0001-replace-bundled-base64coder-with-java.util.Base64.patch
    + Replace with internal jdk8+ implementation
  * 0003-fix-broken-test.patch
    + fix a broken test
- Packaging of snakeyaml 1.17 based on Fedora package
- Generated and customized ant build file
- Removed patch:
  * snakeyaml-1.10-jdk9.patch
    + not needed any more
spacecmd
- version 4.1.13-1
- Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)
- version 4.1.12-1
- enhance help for installation types when creating distributions (bsc#1186581)
spacewalk-admin
- version 4.1.9-1
- stop jabberd when osa-dispatcher is enabled (bsc#1185042)
spacewalk-backend
- version 4.1.27-1
- Fix rpm handling of empty package group and devicefiles tag (bsc#1186650)
- show better error message when reposync failed
- version 4.1.26-1
- Check if batch needs to be imported even after failure (bsc#1183151)
- fix downloading comps files by matching type in repomd.xml (bsc#1186653)
- Added logging for dpkg repository detection
- version 4.1.25-1
- Fix binary blob corruptions in tradidional config file deployment (bsc#1183864)
- Fix for GPG checking on synchonizing mirrored dpkg repo (bsc#1184351)
- version 4.1.24-1
- switch to www group for satellite logs (bsc#1185097)
- version 4.1.23-1
- Fail traditional errata and package actions when they act on retracted items
- Add advisory_status to reposync and ISS
- Add minrate/timeout configuration values for downloading DEB/RPM packages
spacewalk-branding
- version 4.1.13-1
- change white space behavior on modal bodies
- version 4.1.12-1
- Add the CSS class for retracted errata/packages
spacewalk-certs-tools
- version 4.1.17-1
- Add support of DISABLE_LOCAL_REPOS=0 for salt minions (bsc#1185568)
- Add missing environment variable SALT_RUNNING for pkg module
  to the minion configuration
- version 4.1.16-1
- Fix typo: activaion -> activation
spacewalk-java
- version 4.1.39-1
- Fix random NullPointerException when rendering page tabs (bsc#1182769)
- Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260)
- Fix entitlements not being updated during system transfer (bsc#1188032)
- Add Beijing timezone to selectable timezones (bsc#1188193)
- Fix updating primary net interface on hardware refresh (bsc#1188400)
- Fix issues when removing archived actions using XMLRPC api (bsc#1181223)
- Readable error when "/mgr-sync add channel"/ is called with a no-existing label (bsc#1173143)
- SP migration: wait some seconds before scheduling "/package refresh"/ action after migration is completed (bsc#1187963)
- manually disable repositories on redhat like systems
- show reposync errors in user notification details
- do not check accessibility of free product repositories (bsc#1182817)
- define a pillar for the https port when connection as ssh-push with tunnel (bsc#1187441)
- Do not update Kickstart session when download after session is complete or failed (bsc#1187621)
- version 4.1.38-1
- Run database table analyze in most used tables of CLM for better performance (bsc#1188113, bsc#1186704)
- version 4.1.37-1
- Add missing task status strings (bsc#1186744)
- Fix product migration when scheduled from the event page (bsc#1187066)
- fix permission problem with /srv/susemanager/salt/custom files (bsc#1186325)
- Strip the modular metadata for newly created channels in CLM if modular filters present (bsc#1184118)
- fixing ISE when searching in docs for logged-in users (bsc#1186319)
- Allow virtualization host entitlement on Xen Dom0 (bsc#1185522)
- Fix start/end timestamps for xccdf scan details (bsc#1186016)
- Fix report links for SCAP Scans (bsc#1186017)
- Remove duplicate entries on AppStream filter channel browser
- fix problem reading product_tree.json from wrong location in offline setups (bsc#1184283)
- XMLRPC: Endpoint for aligning channel metadata based on another channel (bsc#1182810)
- Fix the problem with wrong icons for virtual systems (bsc#1185507)
- Add group by clause to reduce the number of rows for groupAdvisoryTypes CTE to improve performance(bsc#1185015)
- fix file ownership and permissions in /srv/susemanager/pillar_data/ (bsc#1179954)
- fix disapearing Autoinstallation Menu for minions (bsc#1184813)
- catch not found repository and create a standard error page (bsc#1183992)
- version 4.1.36-1
- Change Prometheus exporters formula data schema to make it more generic and extendable
- version 4.1.35-1
- Do not require advisory_status to be set in ErrataHandler.create (bsc#1185965)
- version 4.1.34-1
- Speed up pages to compare or add packages to channels (bsc#1178767)
- version 4.1.33-1
- Bugfix: Remove the unneeded check that was stopping updating a virtual instance type (bsc#1180673)
- Exclude minions from the list of locally-managed/sandbox systems when copying config files (bsc#1184940)
- Lower case fqdn comparation when calculating minion connection path (bsc#1184849)
- Bugfix: Retracted Patches: Filter minion correctly when executing package install (bsc#1184929)
- Implement retracted patches
- for a SUSE system get metadata and package from same source (bsc#1184475)
- Check if the directory exists prior to modular data cleanup (bsc#1184311)
- assign right base product for res8 (bsc#1184005)
- Fix docs link in my organization configuration (bsc#1184286)
- Only update the kickstart path in cobbler if necessary (bsc#1175216)
spacewalk-search
- version 4.1.5-1
- prevent writing error messages when just skipping the indexer run
  (bsc#1185628)
spacewalk-utils
- version 4.1.17-1
- Align the modules.yaml of target channel after cloning errata (bsc#1182810)
- adapt hostname rename check to allow also short hostname in various
  hostname files on the filesystem (bsc#1176512)
- spacewalk-hostname-rename: change hostname in /root/.mgr-sync (bsc#1183994)
- version 4.1.16-1
- Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports
- Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04
spacewalk-web
- version 4.1.28-1
- Update web UI version to 4.1.10
- version 4.1.27-1
- Do not render the section toolbar if it is empty
- version 4.1.26-1
- Upgrade react-select to 4.3.0 and lodash to 4.17.21
- version 4.1.25-1
- Show the info about unsynced patches in the Content Lifecycle Management screens
sqlite3
- Sync version 3.36.0 from Factory to implement jsc#SLE-16032.
- Obsoletes sqlite3-CVE-2019-16168.patch.
- The following CVEs have been fixed in upstream releases up to
  this point, but were not mentioned in the change log so far:
  * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
    multiSelectOrderBy due to mishandling of query-flattener
    optimization
  * bsc#1164719, CVE-2020-9327: NULL pointer dereference and
    segmentation fault because of generated column optimizations in
    isAuxiliaryVtabOperator
  * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
    with WITH stack unwinding even after a parsing error
  * bsc#1160438, CVE-2019-19959: memory-management error via
    ext/misc/zipfile.c involving embedded '0' input
  * bsc#1160309, CVE-2019-19923: improper handling  of  certain uses
    of SELECT DISTINCT in flattenSubquery may lead to null pointer
    dereference
  * bsc#1159850, CVE-2019-19924: improper error handling in
    sqlite3WindowRewrite()
  * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
    during an update of a ZIP archive
  * bsc#1159715, CVE-2019-19926: improper handling  of certain
    errors during parsing  multiSelect in select.c
  * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
    allows attackers to trigger an invalid pointer dereference
  * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
    and CREATE VIEW statements, does not consider confusion with
    a shadow table name
  * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
    integrity_check PRAGMA command in certain cases of generated
    columns
  * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
    infinite recursion via certain types of self-referential views
    in conjunction with ALTER TABLE statements
  * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
    from the colUsed bitmask in the case of a generated column,
    which allows attackers to cause a denial of service
  * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
    function sqlite3Select in select.c allows a crash if a
    sub-select uses both DISTINCT and window functions, and also
    has certain ORDER BY usage
  * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
    vulnerability
  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
    collation-sequence names
  * CVE-2020-13434 boo#1172115: integer overflow in
    sqlite3_str_vappendf
  * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
  * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
    to one of its shadow tables
  * CVE-2020-13632 boo#1172240: NULL pointer dereference via
    crafted matchinfo() query
  * CVE-2020-13435: Malicious SQL statements could have crashed the
    process that is running SQLite (boo#1172091)
supportutils
- Changes to version 3.1.17
  + Adding ethtool options g l m to network.txt (jsc#SLE-18240)
- Changes to version 3.1.16
  + lsof options to improve performance (bsc#1186687)
- Fixes to supportconfig
  + Exclude rhn.conf from etc.txt (bsc#1186347)
- analyzevmcore supports local directories (bsc#1186397)
- getappcore checks for valid compression binary (bsc#1185991)
- getappcore does not trigger errors with help message (bsc#1185993)
suse-module-tools
- Update to version 15.2.12:
  * modprobe.d: Remove dma=none setting for parport_pc
    (bsc#1177695)
susemanager
- version 4.1.28-1
- Fix a typo so mgr-create-bootstrap-script can exit gracefully when interrupted (bsc#1188073)
- version 4.1.27-1
- sort products in mgr-sync output
- fix creating deb bootstrap repos with packages having new checksums
  (bsc#1184330)
- version 4.1.26-1
- add python3-pycryptodome to Ubuntu and Debian 10 bootstrap repos (bsc#1186346)
- add gnupg and its dependencies to debian 10 bootstrap repo
- version 4.1.25-1
- Add bootstrap repo data for SUSE Manager 4.1 Proxy
- Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15
- add bootstrap repo data for OES2018-SP3-x86_64 (bsc#1183845)
- Enable bootstrap repository creation for openSUSE Leap 15.3 for Uyuni
- Add python3-distro to RES8, SLE15, Ubuntu20.04 and Debian 10 bootstrap
  repositories to fix bootstrapping issues (bsc#1184332)
susemanager-build-keys
- Version 15.2.4
- Add SLE15SP3 Updates for openSUSE Leap 15.3 key (bsc#1186852)
- Added:
  * gpg-pubkey-d78c6b69-5fc7b9e7.asc
susemanager-doc-indexes
- Amended client configuration guide to exclude paragraphs that are uyuni
  specific for centos and oracle clients
- Updated image management chapter in administration guide; python and python-xml
  are no longer required for container image inspection (bsc#1167586, bsc#1164192)
- Document update for openSUSE Leap 15.3
- RHEL 6, Oracle Linux 6, CentOS 6, SUSE Linux Enterprise Expanded Support 6,
  and Ubuntu 16.04 are end-of-life upstream and no longer supported by SUSE as
  client operating systems.
- Adds additional dependencies for Debian client registration
  in Client Configuration Guide (bsc#1183649)
- Remove some openSUSE Leap 15.1 references
- Add reposync configuration settings to Troubleshooting chapter of
  the Administration Guide
- Update the entry about module.run for SAP Guide
susemanager-docs_en
- Amended client configuration guide to exclude paragraphs that are uyuni
  specific for centos and oracle clients
- Updated image management chapter in administration guide; python and python-xml
  are no longer required for container image inspection (bsc#1167586, bsc#1164192)
- Document update for openSUSE Leap 15.3
- RHEL 6, Oracle Linux 6, CentOS 6, SUSE Linux Enterprise Expanded Support 6,
  and Ubuntu 16.04 are end-of-life upstream and no longer supported by SUSE as
  client operating systems.
- Adds additional dependencies for Debian client registration
  in Client Configuration Guide (bsc#1183649)
- Remove some openSUSE Leap 15.1 references
- Add reposync configuration settings to Troubleshooting chapter of
  the Administration Guide
- Update the entry about module.run for SAP Guide
susemanager-schema
- version 4.1.22-1
- Force a one-off VACUUM ANALYZE
- Upgrade scripts idempotency fixes
- Add Beijing timezone to selectable timezones (bsc#1188193)
- version 4.1.21-1
- DB schema & migrations for retracted patches
susemanager-sls
- version 4.1.30-1
- Skip 'update-ca-certificates' run if the certs are updated automatically
- when bootstrapping with ssh-push with tunnel use the port number
  for fetching GPG keys from the server (bsc#1187441)
- version 4.1.29-1
- Fix deleting stopped virtual network (bsc#1186281)
- version 4.1.28-1
- exclude openSUSE Leap 15.3 from product installation (bsc#1186858)
- version 4.1.27-1
- Enable certificate deployment for Leap 15.3 clients which is needed for
  bootstrapping (bsc#1186765)
- version 4.1.26-1
- fix installation of gnupg on Debian 10
- version 4.1.25-1
- Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506)
- Add support for 'disable_local_repos' salt minion config parameter
  (bsc#1185568)
- version 4.1.24-1
- Fix insecure JMX configuration (bsc#1184617)
- Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711)
- keep salt-minion when it is installed to prevent update problems with
  dependend packages not available in the bootstrap repo (bsc#1183573)
susemanager-sync-data
- version 4.1.15-1
- set free flag for free products (bsc#1182817)
- version 4.1.14-1
- add OES2018 SP3 (bsc#1183845)
sysconfig
- Link as Position Independent Executable (bsc#1184124).
systemd
- Added patches to fix CVE-2021-33910 (bsc#1188063)
  Added 1001-unit-name-tighten-checks-for-building-valid-unit-nam.patch
  Added 1002-unit-name-generate-a-clear-error-code-when-convertin.patch
  Added 1003-basic-unit-name-do-not-use-strdupa-on-a-path.patch
  Added 1004-basic-unit-name-adjust-comments.patch
  These patches will be moved to the git repo once the bug will become
  public.
- Added fix for bsc#1184994 to skip udev rules if 'elevator=' is used
- Create /run/lock/subsys again (bsc#1187292)
  The creation of this directory was mistakenly dropped when
  'filesystem' package took the initialization of the generic paths
  over.
  Paths under /run/lock are still managed by systemd for lack of
  better place.
- Import commit f6f87c1cb4119c41f6fb93702e03cec794829b7c
  d7ed4af259 mount-util: shorten the loop a bit (#7545)
  cdf9cbb509 mount-util: do not use the official MAX_HANDLE_SZ (#7523)
  bbcc63a032 mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761)
  d44adc63ab test: fix test-mount-util when handling duplicate mounts on the same location
  7c74260899 mount-util: fix bad indenting
  c4ef3248e2 mount-util: EOVERFLOW might have other causes than buffer size issues
  3f3eb23ccb mount-util: fix error propagation in fd_fdinfo_mnt_id()
  9f170ee221 mount-util: drop exponential buffer growing in name_to_handle_at_loop()
  5c709e7b31 udev: port udev_has_devtmpfs() to use path_get_mnt_id()
  ac57cefcb9 mount-util: add new path_get_mnt_id() call that queries the mnt ID of a path
  e49d88b898 mount-util: add name_to_handle_at_loop() wrapper around name_to_handle_at()
  060b1db043 core: fix output (logging) for mount units (#7603) (bsc#1187400)
- Import commit 93910b81b809729afa7ff9529b45b1e67f229232
  c289e1e5ae sysusers: use the usual comment style
  f11535886f test/TEST-21-SYSUSERS: add tests for new functionality
  2f2bfa731c sysusers: allow admin/runtime overrides to command-line config
  dbd190cd3b basic/strv: add function to insert items at position
  3c7b4c67fa sysusers: allow the shell to be specified
  f316974ebe man: reformat table in sysusers.d(5)
  24113b7f00 sysusers: take configuration as positional arguments
  8232e059d8 sysusers: emit a bit more info at debug level when locking fails
  461356cfe9 sysusers: allow force reusing existing user/group IDs (#8037)
  dd9349e71a sysusers: ensure GID in uid:gid syntax exists
  5e0ab33e59 sysusers: make ADD_GROUP always create a group
  0dd4a69687 test: add TEST-21-SYSUSERS test
  4dea8a2774 sysuser: use OrderedHashmap
  de09744500 sysusers: allow uid:gid in sysusers.conf files
  9271c17657 meson: "/conf.get(condition)"/ fails if condition was not defined
  These commits implement the option '--replace' for systemd-sysusers
  so %sysusers_create_package can be introduced in SLE and packages
  can rely on this rpm macro without wondering whether the macro is
  available on the different target the package is submitted to.
- udev requires systemd in its %post (bsc#1185958)
  udevadm, called in udev's %post, requires libsystemd-shared-xxx.so.
- Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)
- Import commit ca070cf0125f3b83fb3d7300ef4f524af47c49a3
  3daea193a1 cgroup: Parse infinity properly for memory protections (bsc#1167471)
  a3f4d2980e cgroup: Make empty assignments reset to default (bsc#1167471)
  72bbd3928c cgroup: Support 0-value for memory protection directives (bsc#1167471)
  9c192a00a4 core/cgroup: accepts MemorySwapMax=0 (#8366) (bsc#1154935)
  d64f691eb7 bus-unit-util: add proper MemorySwapMax= serialization
  98af04a71c core: accept MemorySwapMax= properties that are scaled, too
  d4528bcaa3 execute: make sure to call into PAM after initializing resource limits (bsc#1184967)
  7fb1ab4f38 rlimit-util: introduce setrlimit_closest_all()
  c0d1ae3086 system-conf: drop reference to ShutdownWatchdogUsec=
  9f66f43082 core: rename ShutdownWatchdogSec to RebootWatchdogSec (bsc#1185331)
  82a5f215a3 Return -EAGAIN instead of -EALREADY from unit_reload (bsc#1185046)
- Drop 0010-core-accept-MemorySwapMax-properties-that-are-scaled.patch
  Drop 0011-bus-unit-util-add-proper-MemorySwapMax-serialization.patch
  Drop 0012-core-cgroup-accepts-MemorySwapMax-0-8366.patch
  Drop 0013-cgroup-Support-0-value-for-memory-protection-directi.patch
  Drop 0014-cgroup-Make-empty-assignments-reset-to-default.patch
  Drop 0015-cgroup-Parse-infinity-properly-for-memory-protection.patch
  These patches have been merged in SUSE/v234 branch.
- Import commit bb23f007799c0ad2b14a6da7f74ee242e10b00b9
  611376f830 rules: don't ignore Xen virtual interfaces anymore (bsc#1178561)
  65f4fa852e write_net_rules: set execute bits (bsc#1178561)
  f60153e565 udev: rework network device renaming
  df31eb968a Revert "/Revert "/udev: network device renaming - immediately give up if the target name isn't available"/"/
systemd-presets-common-SUSE
- When installing the systemd-presets-common-SUSE package for the
  first time in a new system, it might happen that some services
  are installed before systemd so the %systemd_pre/post macros
  would not work. This is handled by enabling all preset services
  in this package's %posttrans section but it wasn't enabling
  user services, just system services. Now it enables also the
  user services installed before this package, thus fixing
  boo#1186561
systemd-rpm-macros
- Bump to version 8
- Make use of "/Suggests:"/ in %systemd_ordering
  Until libzypp supports "/OrderWithRequires:"/, we need to specify a
  similar ordering constraint that can be understood by the dep solver
  as well. Hence the use of "/Suggests:"/ in %systemd_ordering
  (workaround for bsc#1187332).
- Introduce %sysusers_create_package
  %sysusers_create and %sysusers_create_inline are now deprecated and
  the new macro should be used instead.
  Upstream commit 07a7d4a0040d221ff09e527e91c112b4ffab1dba.
- %sysusers_create_inline: use here-docs instead of echo (bsc#1186282)
  Upstream commit dd2490ae12ad1e1795ecbf8f8944b950da9c8d06.
tar
- Link /var/lib/tests/tar/bin/genfile as Position-Independent Executable
  (bsc#1184124).
  + tar-PIE.patch
thin-provisioning-tools
- Link as position-independent executable (bsc#1184124).
tika-core
- New upstream version 1.26. Fixes:
  * Infinite loop in the MP3Parser (bsc#1184892, CVE-2021-28657)
  * Out of memory error while loading a file in PDFBox before 2.0.23.
  * Infinite loop while loading a file in PDFBox before 2.0.23.
  * System.exit vulnerability in Tika's OneNote Parser; out of memory errors
    and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser,
    OneNoteParser and ImageParser.
  * Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser
  * Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser
timezone
- Install tzdata.zi (bsc#1188127)
uyuni-common-libs
- version 4.1.9-1
- Handle broken RPM packages to prevent exceptions
  causing fails on repository synchronization (bsc#1186650)
- version 4.1.8-1
- Maintainer field in debian packages are only recommended (bsc#1186508)
wget
- When running recursively, wget will verify the length of the whole
  URL when saving the files. This will make it overwrite files with
  truncated names, throwing the "/The name is too long, ... trying to
  shorten"/ messages. The patch moves the length check code to a
  separate function and call it from the append_dir_structure() for each
  path element.
  [ bsc#1181173, 0001-possibly-truncate-pathname-components.patch]
xen
- bsc#1189882 - refresh libxc.sr.superpage.patch
  prevent superpage allocation in the LAPIC and ACPI_INFO range
- bsc#1189373 - VUL-0: CVE-2021-28694,CVE-2021-28695,
  CVE-2021-28696: xen: IOMMU page mapping issues on x86 (XSA-378)
  xsa378-0a.patch
  xsa378-0b.patch
  xsa378-0c.patch
  xsa378-1.patch
  xsa378-2.patch
  xsa378-3.patch
  xsa378-4.patch
  xsa378-5.patch
  xsa378-6.patch
  xsa378-7.patch
  xsa378-8.patch
- bsc#1189376 - VUL-0: CVE-2021-28697: xen: grant table v2 status
  pages may remain accessible after de-allocation. (XSA-379)
  xsa379.patch
- bsc#1189378 - VUL-0: CVE-2021-28698: xen: long running loops in
  grant table handling. (XSA-380)
  xsa380-1.patch
  xsa380-2.patch
- bsc#1189380 - VUL-0: CVE-2021-28699: xen: inadequate grant-v2
  status frames array bounds check. (XSA-382)
  xsa382.patch
- bsc#1189381 - VUL-0: CVE-2021-28700: xen: xen/arm: No memory
  limit for dom0less domUs. (XSA-383)
  xsa383.patch
- bsc#1188050 - L3: Xen guest yval1a80 SLES11SP4 hangs on cluster
  See also bsc#1179246.
  credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch
- Drop aarch64-maybe-uninitialized.patch as the fix is in tarball.
- bsc#1176189 - xl monitoring process exits during xl save -p|-c
  keep the monitoring process running to cleanup the domU during shutdown
  xl-save-pc.patch
- bsc#1179246 - Dom0 hangs when pinning CPUs for dom0 with HVM guest
  60be0e24-credit2-pick-runnable-unit.patch
  60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
- Upstream bug fixes (bsc#1027519)
  60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
  60bf9e19-Arm-create-dom0less-domUs-earlier.patch (Replaces xsa372-1.patch)
  60bf9e1a-Arm-boot-modules-scrubbing.patch (Replaces xsa372-2.patch)
  60bf9e1b-VT-d-size-qinval-queue-dynamically.patch (Replaces xsa373-1.patch)
  60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch (Replaces xsa373-2.patch)
  60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch (Replaces xsa373-2.patch)
  60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch (Replaces xsa375.patch)
  60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch (Replaces xsa377.patch)
  60bfa904-AMD-IOMMU-wait-for-command-slot.patch (Replaces xsa373-4.patch)
  60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch (Replaces xsa373-5.patch)
  60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
  60d49689-VT-d-undo-device-mappings-upon-error.patch
  60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
  60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
  60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
  60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
- bsc#1183243 - L3: Core cannot be opened when using xl dump-core
  of VM with PTF
  60ba695e-tools-libs-ctrl-fix-xc_core_arch_map_p2m-to-support.patch
- Update logrotate.conf, move global options into per-file sections
  to prevent globbering of global state (bsc#1187406)
- Fix shell macro expansion in xen.spec, so that ExecStart=
  in xendomains-wait-disks.service is created correctly (bsc#1183877)
- bsc#1186428 - VUL-0: CVE-2021-28693: xen: xen/arm: Boot modules
  are not scrubbed (XSA-372)
  xsa372-1.patch
  xsa372-2.patch
- bsc#1186429 - VUL-0: CVE-2021-28692: xen: inappropriate x86 IOMMU
  timeout detection / handling (XSA-373)
  xsa373-1.patch
  xsa373-2.patch
  xsa373-3.patch
  xsa373-4.patch
  xsa373-5.patch
- bsc#1186433 - VUL-0: CVE-2021-0089: xen: Speculative Code Store
  Bypass (XSA-375)
  xsa375.patch
- bsc#1186434 - VUL-0: CVE-2021-28690: xen: x86: TSX Async Abort
  protections not restored after S3 (XSA-377)
  xsa377.patch
- bsc#1180491 - "/Panic on CPU 0: IO-APIC + timer doesn't work!"/
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
- Upstream bug fixes (bsc#1027519)
  60631c38-VT-d-QI-restore-flush-hooks.patch
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  608676f2-VT-d-register-based-invalidation-optional.patch
  60a27288-x86emul-gas-2-36-test-harness-build.patch
  60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
- Drop gcc10-fixes.patch
- Add xen.sysconfig-fillup.patch to make sure xencommons is in a
  format as expected by fillup. (bsc#1185682)
  Each comment needs to be followed by an enabled key. Otherwise
  fillup will remove manually enabled key=value pairs, along with
  everything that looks like a stale comment, during next pkg update
- Refresh xenstore-launch.patch to cover also daemon case
- Update to Xen 4.13.3 bug fix release (bsc#1027519)
  xen-4.13.3-testing-src.tar.bz2
- Drop patches contained in new tarball
  5faa974f-evtchn-rework-per-channel-lock.patch
  5faa978b-evtchn-revert-52e1fc47abc3a0123.patch
  5faac497-xen-arm-Always-trap-AMU-system-registers.patch
  5fbcdf2e-evtchn-FIFO-access-last.patch
  5fbcdf99-x86-DMI-fix-SMBIOS-pointer-check.patch
  5fbd042b-memory-off-by-one-in-XSA-346.patch
  5fc4ee23-evtchn-FIFO-queue-locking.patch
  5fd8aebb-x86-replace-reset_stack_and_jump_nolp.patch
  5fd8aee5-x86-fold-guest_idle_loop.patch
  5fd8aef3-x86-avoid-calling-do_resume.patch
  5fd8af4b-evtchn-FIFO-add-2nd-smp_rmb.patch
  5fd8b02d-evtchn-FIFO-reorder-and-synchronize.patch
  5ff458f2-x86-vPCI-tolerate-disabled-MSI-X-entry.patch
  5ff71655-x86-dpci-EOI-regardless-of-masking.patch
  5ffc58e8-x86-ACPI-dont-overwrite-FADT.patch
  600999ad-x86-dpci-do-not-remove-pirqs-from.patch
  600ab341-x86-vioapic-EOI-check-IRR-before-inject.patch
  6013e4bd-memory-bail-from-page-scrub-when-CPU-offline.patch
  6013e546-x86-HVM-reorder-domain-init-error-path.patch
  601d4396-x86-EFI-suppress-ld-2-36-debug-info.patch
  602bd768-page_alloc-only-flush-after-scrubbing.patch
  602cfe3d-IOMMU-check-if-initialized-before-teardown.patch
  602e5a8c-gnttab-never-permit-mapping-transitive-grants.patch
  602e5abb-gnttab-bypass-IOMMU-when-mapping-own-grant.patch
  6037b02e-x86-EFI-suppress-ld-2-36-base-relocs.patch
  60410127-gcc11-adjust-rijndaelEncrypt.patch
  60422428-x86-shadow-avoid-fast-fault-path.patch
  xen-4.13.2-testing-src.tar.bz2
  xsa115-1.patch
  xsa115-10.patch
  xsa115-2.patch
  xsa115-3.patch
  xsa115-4.patch
  xsa115-5.patch
  xsa115-6.patch
  xsa115-7.patch
  xsa115-8.patch
  xsa115-9.patch
  xsa322.patch
  xsa324.patch
  xsa325.patch
  xsa351-1.patch
  xsa351-2.patch
  xsa368.patch
- bsc#1137251 - Restore changes for xen-dom0-modules.service which
  were silently removed on 2019-10-17
- bsc#1183072 - VUL-0: CVE-2021-28687: xen: HVM soft-reset crashes
  toolstack (XSA-368). Also resolves,
  bsc#1179148 - kdump of HVM fails, soft-reset not handled by libxl
  bsc#1181989 - openQA job causes libvirtd to dump core when
  running kdump inside domain
xstream
- Upgrade to 1.4.17
  * Security fix:
  * bsc#1186651, CVE-2021-29505: potential code execution when
    unmarshalling with XStream instances using an uninitialized
    security framework
- Upgrade to 1.4.16
  * Security fixes:
    + bsc#1184796, CVE-2021-21351: remote attacker to load and
    execute arbitrary code
    + bsc#1184797, CVE-2021-21349: SSRF can lead to a remote
    attacker to request data from internal resources
    + bsc#1184380, CVE-2021-21350: arbitrary code execution
    + bsc#1184374, CVE-2021-21348: remote attacker could cause
    denial of service by consuming maximum CPU time
    + bsc#1184378, CVE-2021-21347: remote attacker to load and
    execute arbitrary code from a remote host
    + bsc#1184375, CVE-2021-21344: remote attacker could load and
    execute arbitrary code from a remote host
    + bsc#1184379, CVE-2021-21342: server-side forgery
    + bsc#1184377, CVE-2021-21341: remote attacker could cause a
    denial of service by allocating 100% CPU time
    + bsc#1184373, CVE-2021-21346: remote attacker could load and
    execute arbitrary code
    + bsc#1184372, CVE-2021-21345: remote attacker with sufficient
    rights could execute commands
    + bsc#1184376, CVE-2021-21343: replace or inject objects, that
    result in the deletion of files on the local host
- Add patch:
  * Revert-MXParser-changes.patch
    + revert changes that would force us to add new dependency
yast2
- Do not escape "/$"/ in URL paths (bsc#1187581).
- 4.2.95
- Ignore sysctl configuration files that do not have the .conf
  extension. The only exception are kernel files
  (/boot/sysctl.conf-*) (bsc#1187018).
- 4.2.94
yast2-country
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.2.21
yast2-ftp-server
- Fix the label of the certificate input field (bsc#1183786).
- 4.2.6
yast2-network
- Support 'boot' and 'on' as aliases for the 'auto' startmode
  (bsc#1186910)
- 4.2.102
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.2.101
- Fix error when determining the removed interfaces in order to
  remove their associated routes too (bsc#1186082)
- 4.2.100
yast2-nfs-server
- Set X-SuSE-YaST-AutoInstClient in the desktop file to properly
  determine the client name (bsc#1188618).
- 4.2.5
yast2-nis-server
- Set X-SuSE-YaST-AutoInstClient in the desktop file to properly
  determine the client name (bsc#1188644).
- 4.2.3
yast2-update
- Avoid to bind-mount /run twice (bsc#1181066).
- 4.2.22
yast2-users
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.2.12
zypper
- Link all executables with -pie (bsc#1186447)
- Tag PTF packages in the status column (bsc#1186503)
  Like retracted packages, a program temporary fix must be
  explicitly selected and will otherwise not be considered in
  dependency resolution.
- BuildRequires:  libzypp-devel >= 17.26.1.
- version 1.14.46
- Add hints to 'trust GPG key' prompt.
- Add report when receiving new package signing keys from a
  trusted repo (bsc#1184326)
- Added translation using Weblate (Kabyle)
- version 1.14.45