NetworkManager
- Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied
  by upstream maintainers.
- Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to
  CapabilityBoundingSet to make teamd work properly
  (glfo#NetworkManager/NetworkManager!860, bsc#1185424).
- Exclude systemd.automount from nfs processing: fix boo#1116625
  as suggested from Neil Brown
SUSEConnect
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
- Update to 0.3.31
- Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
- Add subscription name to output of 'SUSEConnect --status'
- Update to 0.3.30
- send payload of GET requests as part of the url,
  not in the body (see bsc#1185611)
aaa_base
- use autopatch
  - update first two patches from git originals to have the
    same apply depth as the rest:
  - git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
  - git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
  - fix get_kernel_version.c to work also for recent kernels
    on the s390/X platform (bsc#1191563)
  - git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch
  - support xz compressed kernel (bsc#1162581)
  - git-38-4c0060639f6fa854830a708a823976772afe7764.patch
  - Fixing possible resource leak
  - git-39-df622b89bc92fd882a6715c5743095528a643546.patch
  - excluding new kernel string in version search
- Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch:
  * Add $HOME/.local/bin to PATH, if it exists (bsc#1192248)
- Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch
  * sysctl.d/50-default.conf:
    allow everybody to create IPPROTO_ICMP sockets (bsc#1174504)
- Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch
  * sysctl.d/50-default.conf: fix ping_group_range syntax error
apache2
  fix CVE-2021-40438 [bsc#1190703], SSRF via a crafted request uri-path
  + apache2-CVE-2021-40438.patch
  fix CVE-2021-36160 [bsc#1190702], out-of-bounds read via a crafted request uri-path
  + apache2-CVE-2021-36160.patch
  fix CVE-2021-39275 [bsc#1190666], out-of-bounds write in ap_escape_quotes() via malicious input
  + apache2-CVE-2021-39275.patch
  fix CVE-2021-34798 [bsc#1190669], NULL pointer dereference via malformed requests
  + apache2-CVE-2021-34798.patch
- security update
- added patches
apache2-mod_wsgi-python3
- Enable installation of Python sitelib wrapper
  This enabled Python Projects to require mod_wsgi in the install_requires
  without receiving a "/DistributionNotFound"/ error on entrypoint script
  generated by setuptools
- Backport of https://build.opensuse.org/request/show/794038
- Fixes bsc#1189467
apparmor
- Don't provide python2 symbol for python3 package (bsc#1191690).
- Be explicit about using python2 macros, when needed.
augeas
- Allow all printable ASCII characters in WPA-PSK definition
  * augeas-allow_printable_ASCII.patch
  * bsc#1187512
  * Sourced from https://github.com/hercules-team/augeas/pull/723/commits
  * Credit to Michal Filka <mfilka@suse.com
autoyast2
- Update the rules.xml schema:
  - add the "/hostname"/ element (bsc#1190696).
  - remove the 'haspcmica' element (related to bsc#1183352).
- 4.2.56
- Copy the files to the right location when a <file_location>
  is given (bsc#1188357).
- 4.2.55
- Add missing elements to rules.xml schema:
  - installed_product and installed_product_version (boo#1176089)
  - dialog section (bsc#1188153)
- 4.2.54
- Do not export the general/storage section when it is empty
  (related to bsc#1171356 and bsc#1187916).
- 4.2.53
- Backport gh#651 by schubi@suse.de:
  - Moving <files> section handling from second installation stage
    to first installation stage. (bsc#1174194)
- 4.2.52
azure-cli
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- Add missing python3-azure-mgmt-resource dependency to Requires
- New upstream release
  + Version 2.16.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
  + Version 2.15.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
- New upstream release
azure-cli-core
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 2.16.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Refresh patches for new version
  + acc_disable-update-check.patch
- Update Requires from setup.py
  + Temporarily use a vendored copy of azure-mgmt-resource
- New upstream release
  + Version 2.15.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
bind
- Fixed CVE-2021-25219:
  The lame-ttl option controls how long named caches certain types
  of broken responses from authoritative servers (see the security
  advisory for details). This caching mechanism could be abused by
  an attacker to significantly degrade resolver performance. The
  vulnerability has been mitigated by changing the default value of
  lame-ttl to 0 and overriding any explicitly set value with 0,
  effectively disabling this mechanism altogether. ISC's testing has
  determined that doing that has a negligible impact on resolver
  performance while also preventing abuse.
  Administrators may observe more traffic towards servers issuing
  certain types of broken responses than in previous BIND 9 releases.
  [bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
binutils
- Add binutils-revert-hlasm-insns.diff for compatibility on old
  code stream that expect 'brcl 0,label' to not be disassembled
  as 'jgnop label' on s390x.  [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
  (boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
  toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
  PR28422, PR28192, PR28391.  Also adds some s390x arch14
  instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
  binutils in different ways, adds  binutils-compat-old-behaviour.diff
  and adjusts binutils-revert-nm-symversion.diff and
  binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
  * The GNU Binutils sources now requires a C99 compiler and library to
    build.
  * Support for the arm-symbianelf format has been removed.
  * Support for Realm Management Extension (RME) for AArch64 has been
    added.
  * A new linker option '-z report-relative-reloc' for x86 ELF targets
    has been added to report dynamic relative relocations.
  * A new linker option '-z start-stop-gc' has been added to disable
    special treatment of __start_*/__stop_* references when
  - -gc-sections.
  * A new linker options '-Bno-symbolic' has been added which will
    cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
  * The readelf tool has a new command line option which can be used to
    specify how the numeric values of symbols are reported.
  - -sym-base=0|8|10|16 tells readelf to display the values in base 8,
    base 10 or base 16.  A sym base of 0 represents the default action
    of displaying values under 10000 in base 10 and values above that in
    base 16.
  * A new format has been added to the nm program.  Specifying
    '--format=just-symbols' (or just using -j) will tell the program to
    only display symbol names and nothing else.
  * A new command line option '--keep-section-symbols' has been added to
    objcopy and strip.  This stops the removal of unused section symbols
    when the file is copied.  Removing these symbols saves space, but
    sometimes they are needed by other tools.
  * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
    supported by objcopy now make undefined symbols weak on targets that
    support weak symbols.
  * Readelf and objdump can now display and use the contents of .debug_sup
    sections.
  * Readelf and objdump will now follow links to separate debug info
    files by default.  This behaviour can be stopped via the use of the
    new '-wN' or '--debug-dump=no-follow-links' options for readelf and
    the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
    the old behaviour can be restored by the use of the
    '--enable-follow-debug-links=no' configure time option.
    The semantics of the =follow-links option have also been slightly
    changed.  When enabled, the option allows for the loading of symbol
    tables and string tables from the separate files which can be used
    to enhance the information displayed when dumping other sections,
    but it does not automatically imply that information from the
    separate files should be displayed.
    If other debug section display options are also enabled (eg
    '--debug-dump=info') then the contents of matching sections in both
    the main file and the separate debuginfo file *will* be displayed.
    This is because in most cases the debug section will only be present
    in one of the files.
    If however non-debug section display options are enabled (eg
    '--sections') then the contents of matching parts of the separate
    debuginfo file will *not* be displayed.  This is because in most
    cases the user probably only wanted to load the symbol information
    from the separate debuginfo file.  In order to change this behaviour
    a new command line option --process-links can be used.  This will
    allow di0pslay options to applied to both the main file and any
    separate debuginfo files.
  * Nm has a new command line option: '--quiet'.  This suppresses "/no
    symbols"/ diagnostic.
- Includes fixes for these CVEs:
  bnc#1181452 aka CVE-2021-20197 aka PR26945
  bnc#1183511 aka CVE-2021-20284 aka PR26931
  bnc#1184519 aka CVE-2021-20294 aka PR26929
  bnc#1184620 aka CVE-2021-3487 aka PR26946
  bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
  bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
  binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
  binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
  ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
  on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
  patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
  It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
  0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
  New features in the Assembler:
    General:
  * When setting the link order attribute of ELF sections, it is now
    possible to use a numeric section index instead of symbol name.
  * Added a .nop directive to generate a single no-op instruction in
    a target neutral manner.  This instruction does have an effect on
    DWARF line number generation, if that is active.
  * Removed --reduce-memory-overheads and --hash-size as gas now
    uses hash tables that can be expand and shrink automatically.
    X86/x86_64:
  * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
    Locker instructions.
  * Support non-absolute segment values for lcall and ljmp.
  * Add {disp16} pseudo prefix to x86 assembler.
  * Configure with --enable-x86-used-note by default for Linux/x86.
    ARM/AArch64:
  * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
    Cortex-R82, Neoverse V1, and Neoverse N2 cores.
  * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
    Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
    Stack Recorder Extension) and BRBE (Branch Record Buffer
    Extension) system registers.
  * Add support for Armv8-R and Armv8.7-A ISA extensions.
  * Add support for DSB memory nXS barrier, WFET and WFIT
    instruction for Armv8.7.
  * Add support for +csre feature for -march. Add CSR PDEC
    instruction for CSRE feature in AArch64.
  * Add support for +flagm feature for -march in Armv8.4 AArch64.
  * Add support for +ls64 feature for -march in Armv8.7
    AArch64. Add atomic 64-byte load/store instructions for this
    feature.
  * Add support for +pauth (Pointer Authentication) feature for
  - march in AArch64.
    New features in the Linker:
  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new
    command-line option --ctf-share-types describes how to do this:
    its default value, share-unconflicted, produces the most compact
    output.
  * The linker now omits the "/variable section"/ from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.
  New features in other binary tools:
  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
  - -no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.
- Includes fixes for these CVEs:
  bnc#1179898 aka CVE-2020-16590 aka PR25821
  bnc#1179899 aka CVE-2020-16591 aka PR25822
  bnc#1179900 aka CVE-2020-16592 aka PR25823
  bnc#1179901 aka CVE-2020-16593 aka PR25827
  bnc#1179902 aka CVE-2020-16598 aka PR25840
  bnc#1179903 aka CVE-2020-16599 aka PR25842
  bnc#1180451 aka CVE-2020-35493 aka PR25307
  bnc#1180454 aka CVE-2020-35496 aka PR25308
  bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
  * binutils-fix-relax.diff
  * binutils-revert-nm-symversion.diff
  * binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
blktrace
- Fix crash due to dropped first event while using pipe input (bsc#1191788).
  * blkparse: skip check_cpu_map with pipe input
  * blkparse: fix incorrectly sized memset in check_cpu_map
  * Added:
  - blkparse-skip-check_cpu_map-with-pipe-input.patch
  - blkparse-fix-incorrectly-sized-memset-in-check_cpu_m.patch
brotli
- Fix CVE-2020-8927, decoder: integer overflow when input chunk
  is larger than 2GiB. (CVE-2020-8927, bsc#1175825)
  * fix-cve-2020-8927.patch
c-ares
- 5c995d5.patch: augment input validation on hostnames to allow _
  as part of DNS response (bsc#1190225)
ca-certificates-mozilla
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
  (bsc#1190858)
cobbler
- Fixed Remote Code Execution in the XMLRPC API which additionally
  allowed arbitrary file read and write as root
  (bsc#1189458, CVE-2021-40323, CVE-2021-40324, CVE-2021-40325)
- This patch introduces a regression where valid log data from Anamon
  (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected
- Added:
  * v3-0-0-arbitrary-file-read-write-plus-RCE.patch
containerd
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Install systemd service file as well (fixes bsc#1190826)
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
  - bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
cracklib
- %check: really test the package [bsc#1191736]
createrepo_c
- removed %is_opensuse (CtLG)
- disabled drpm for SLE/Leap 15.3
- Update to 0.16.0
  + Never do dir walk when --recycle-pkglist specified
  + Add automatic module metadata handling for repos (rh#1795936)
- Update to 0.15.11
  + Add python unittest for invalid date in updateinfo record get_datetime
  + Simplify case when attr is empty (prevents covscan warnings)
  + Fix couple of memory leaks, some mistakenly dead code and error handling
  + Add --arch-expand option
  + Fix spelling errors.
- Update to 0.15.7
  + Add relogin_suggested to updatecollectionpackage (rh#1779751)
  + Support issued date in epoch format in Python API (rh#1779751)
- Update to 0.15.6
  + Set global_exit_status on sigint so that .repodata are cleaned up
  + Fix various issues discovered by covscans (rh#1789707)
  + Enhance error handling when locating repositories (rh#1762697)
  + Switch updateinfo to explicitly include bool values (rh#1772466)
  + add --recycle-pkglist option
  + use pkg href for cache lookup with --update
  + Sync --excludes matching for dir-walk vs. --pkglist
cronie
- Increase limit of allowed entries in crontab files to fix bsc#1187508
  * cronie-1.5.1-increase_crontab_limit.patch
curl
- MIME: Properly check Content-Type even if it has parameters
  * Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
  * STARTTLS protocol injection via MITM
  * Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
  * Protocol downgrade required TLS bypassed
  * Add curl-CVE-2021-22946.patch
docker
- Update to Docker 20.10.9-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1191355
  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
  bsc#1190670
  + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
dracut
- Update to version 049.1+suse.216.gf705637b:
  * fix(iscsi): add support for the new iscsiadm "/no-wait"/ (-W) command
  * fix(iscsi): add iscsid.service requirements
    (bsc#1187190)
- Update to version 049.1+suse.213.g346cf20c:
  * fix(suse): add 60-io-scheduler.rules (bsc#1188713)
  * fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326)
- Update to version 049.1+suse.209.gebcf4f33:
  * fix(systemd): add unit files for systemd-coredump (bsc#1190845)
- Update to version 049.1+suse.207.g72a93d93:
  * fcoe/fcoe-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1186260)
  * fix: /var/lib/nfs/statd/sm is /var/lib/nfs/sm on SUSE (bsc#1184970)
efibootmgr

      
file
- Add patch bsc1189996-9fbe768a.patch to fix bsc#1189996
gcc
- With gcc-PIE add -pie even when -fPIC is specified but we are
  not linking a shared library.  [boo#1185348]
- Fix postun of gcc-go alternative.
gcc7
- Adjust some ambiguous SPDX license specifications to prevent
  spec-cleaner from messing up.
- Add gcc7-pr55917.patch to do not handle exceptions in std::thread
  (jsc#CAR-1182)
- - Add gcc7-pfe-0001-Backport-Add-entry-for-patchable_function_entry.patch
  gcc7-pfe-0002-Backport-Skip-fpatchable-function-entry-tests-for-nv.patch
  gcc7-pfe-0003-Backport-Error-out-on-nvptx-for-fpatchable-function-.patch
  gcc7-pfe-0004-Backport-Adapt-scan-assembler-times-for-alpha.patch
  gcc7-pfe-0005-Backport-patchable_function_entry-decl.c-Use-3-NOPs-.patch
  gcc7-pfe-0006-Backport-IBM-Z-Use-the-dedicated-NOP-instructions-fo.patch
  gcc7-pfe-0007-Backport-Add-regex-to-search-for-uppercase-NOP-instr.patch
  gcc7-pfe-0008-Backport-ICE-segmentation-fault-with-patchable_funct.patch
  gcc7-pfe-0009-Backport-patchable_function_entry-decl.c-Pass-mcpu-g.patch
  gcc7-pfe-0010-Backport-patchable_function_entry-decl.c-Do-not-run-.patch
  gcc7-pfe-0011-Backport-patchable_function_entry-decl.c-Add-fno-pie.patch
  gcc7-pfe-0012-Backport-PR-c-89946-ICE-in-assemble_start_function-a.patch
  gcc7-pfe-0013-Backport-targhooks.c-default_print_patchable_functio.patch
  gcc7-pfe-0014-Backport-Align-__patchable_function_entries-to-POINT.patch
  gcc7-pfe-0015-Backport-Fix-PR-93242-patchable-function-entry-broke.patch
  gcc7-pfe-0016-Backport-AArch64-PR92424-Fix-fpatchable-function-ent.patch
  gcc7-pfe-0017-Backport-Fix-patchable-function-entry-on-arc.patch
  gcc7-pfe-0018-Backport-Add-patch_area_size-and-patch_area_entry-to.patch
  gcc7-pfe-0019-Backport-testsuite-Adjust-patchable_function-tests-f.patch
  gcc7-pfe-0020-Backport-Use-the-section-flag-o-for-__patchable_func.patch
  gcc7-pfe-0021-Backport-varasm-Fix-up-__patchable_function_entries-.patch
  gcc7-pfe-0022-Backport-rs6000-Avoid-fpatchable-function-entry-regr.patch
  gcc7-pfe-0023-Fix-unwinding-issues-when-pfe-is-enabled.patch
  to add -fpatchable-function-entry feature to gcc-7.
- Add gcc7-ada-MINSTKSZ.patch to fix build with glibc 2.34.
- Add bits/unistd_ext.h to the list of removed fixed includes.
- Add gcc7-sanitizer-cyclades.patch to remove cyclades.h use from
  libsanitizer fixing builds with recent kernels.
glibc
- always-do-locking-when-iterating-over-list-of-streams.patch: Upstream
  part of fix-locking-in-_IO_cleanup.patch
- libio-do-not-attempt-to-free-wide-buffers-of-legacy-streams.patch:
  libio: do not attempt to free wide buffers of legacy streams
  (bsc#1183085, BZ #24228)
- fix-locking-in-_IO_cleanup.patch: rediff
- iconv-option-parsing.patch: Rewrite iconv option parsing
  (CVE-2016-10228, bsc#1027496, BZ #19519)
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
  (CVE-2021-33574, bsc#1186489, BZ #27896)
gmp
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
grub2
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
  * grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure after kdump due to the content of grub.cfg is not
  completed with pending modificaton in xfs journal (bsc#1186975)
- Patch refreshed
  * grub-install-force-journal-draining-to-ensure-data-i.patch
  * grub2-mkconfig-default-entry-correction.patch
hwdata
- Update to version 0.353 (bsc#1192587):
  + Updated pci, usb and vendor ids.
- Update to version 0.352 (bsc#1191375):
  + Updated pci, usb and vendor ids.
iproute2
  ss-fix-end-of-line-printing-in-misc-ss.c.patch
  xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
  bridge-Fix-typo.patch
  bridge-Fix-output-with-empty-vlan-lists.patch
  tc-action-fix-time-values-output-in-JSON-format.patch
  Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch
  bpf-Fixes-a-snprintf-truncation-warning.patch
  tipc-fixed-a-compile-warning-in-tipc-link.c.patch
  ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch
  bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch
  ip-link-Fix-indenting-in-help-text.patch
  ip-iplink_ipoib.c-Remove-extra-spaces.patch
  devlink-fix-uninitialized-warning.patch
  bridge-fix-string-length-warning.patch
  f_u32-fix-compiler-gcc-10-compiler-warning.patch
  rdma-Fix-statistics-bind-unbing-argument-handling.patch
  lib-namespace-fix-ip-all-netns-return-code.patch
  lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch
  lib-fs-avoid-double-call-to-mkdir-on-make_path.patch
  q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch
  ip-xfrm-limit-the-length-of-the-security-context-nam.patch
  erspan-fix-JSON-output.patch
  devlink-always-check-strslashrsplit-return-value.patch
  nexthop-fix-memory-leak-in-add_nh_group_attr.patch
  rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch
  rdma-stat-fix-return-code.patch
  lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch
  lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
  ip-drop-2-char-command-assumption.patch
  man-fix-syntax-for-ip-link-property.patch
  lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
  ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch
  libnetlink-check-error-handler-is-present-before-a-c.patch
  ipmonitor-Fix-recvmsg-with-ancillary-data.patch
  tc-u32-Fix-key-folding-in-sample-option.patch
  man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch
  ss-fix-fallback-to-procfs-for-raw-sockets.patch
  iptuntap-fix-multi-queue-flag-display.patch
  tc-f_flower-fix-port-range-parsing.patch
  lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch
- refresh:
  ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
  tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
  ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
  tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
java-11-openjdk
- Update to upstream tag jdk-11.0.13+8 (October 2021 CPU)
  * Security fixes
    + JDK-8163326, CVE-2021-35550, bsc#1191901: Update the default
    enabled cipher suites preference
    + JDK-8254967, CVE-2021-35565, bsc#1191909:
    com.sun.net.HttpsServer spins on TLS session close
    + JDK-8263314: Enhance XML Dsig modes
    + JDK-8265167, CVE-2021-35556, bsc#1191910: Richer Text Editors
    + JDK-8265574: Improve handling of sheets
    + JDK-8265580, CVE-2021-35559, bsc#1191911: Enhanced style for
    RTF kit
    + JDK-8265776: Improve Stream handling for SSL
    + JDK-8266097, CVE-2021-35561, bsc#1191912: Better hashing
    support
    + JDK-8266103: Better specified spec values
    + JDK-8266109: More Resilient Classloading
    + JDK-8266115: More Manifest Jar Loading
    + JDK-8266137, CVE-2021-35564, bsc#1191913: Improve Keystore
    integrity
    + JDK-8266689, CVE-2021-35567, bsc#1191903: More Constrained
    Delegation
    + JDK-8267086: ArrayIndexOutOfBoundsException in
    java.security.KeyFactory.generatePublic
    + JDK-8267712: Better LDAP reference processing
    + JDK-8267729, CVE-2021-35578, bsc#1191904: Improve TLS client
    handshaking
    + JDK-8267735, CVE-2021-35586, bsc#1191914: Better BMP support
    + JDK-8268193: Improve requests of certificates
    + JDK-8268199: Correct certificate requests
    + JDK-8268205: Enhance DTLS client handshake
    + JDK-8268506: More Manifest Digests
    + JDK-8269618, CVE-2021-35603, bsc#1191906: Better session
    identification
    + JDK-8269624: Enhance method selection support
    + JDK-8270398: Enhance canonicalization
    + JDK-8270404: Better canonicalization
  * Other changes
    + JDK-8024368: private methods are allocated vtable indices
    + JDK-8042902: Test java/net/Inet6Address/serialize/
    /Inet6AddressSerializationTest.java fails intermittently
    + JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
    + JDK-8157404: Unable to read certain PKCS12 keystores from
    SequenceInputStream
    + JDK-8158066: SourceDebugExtensionTest fails to rename file
    + JDK-8168304: Make all of DependencyContext_test available in
    product mode
    + JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java
    fails intermittently with BindException
    + JDK-8181313: SA: Remove libthread_db dependency on Linux
    + JDK-8193214: Incorrect annotations.without.processors
    warnings with JDK 9
    + JDK-8194230: jdk/internal/jrtfs/remote/
    /RemoteRuntimeImageTest.java fails with
    java.lang.NullPointerException
    + JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java
    fails
    + JDK-8199931: java/net/MulticastSocket/
    /UnreferencedMulticastSockets.java fails with "/incorrect data
    received"/
    + JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK
    version changes
    + JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java
    failed on Mac 10.13 with zh_CN and zh_TW locales.
    + JDK-8207316: java/nio/channels/spi/SelectorProvider/
    /inheritedChannel/InheritedChannelTest.java failed
    + JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
    + JDK-8208363: test/jdk/java/lang/Package/
    /PackageFromManifest.java missing module dependencies
    declaration
    + JDK-8209380: ARM: cleanup maybe-uninitialized and reorder
    compiler warnings
    + JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh
    to plain java test
    + JDK-8209772: Refactor shell test java/util/ServiceLoader/
    /basic/basic.sh to java
    + JDK-8209773: Refactor shell test javax/naming/module/basic.sh
    to java
    + JDK-8209832: Refactor jdk/internal/reflect/Reflection/
    /GetCallerClassTest.sh to plain java test
    + JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh
    to plain java test
    + JDK-8210406: Refactor java.util.PluggableLocale:i18n shell
    tests to plain java tests
    + JDK-8210407: Refactor java.util.Calendar:i18n shell tests to
    plain java tests
    + JDK-8210495: compiler crashes because of illegal signature in
    otherwise legal code
    + JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time
    image layout
    + JDK-8210802: temp files left by tests in
    jdk/java/net/httpclient
    + JDK-8210819: Update the host name in CNameTest.java
    + JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain
    java test
    + JDK-8210934: Move sun/net/www/protocol/http/
    /GetErrorStream.java to OpenJDK
    + JDK-8210959: JShell fails and exits when statement throws an
    exception whose message contains a '%'.
    + JDK-8211055: Provide print to a file (PDF) feature even when
    printer was not connected
    + JDK-8211092: test/jdk/sun/net/www/http/HttpClient/
    /MultiThreadTest.java fails intermittently when cleaning up
    + JDK-8211296: Remove HotSpot deprecation warning suppression
    for Mac/clang
    + JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails
    with cleaning up
    + JDK-8212040: Compilation error due to wrong usage of
    NSPrintJobDispositionValue in mac10.12
    + JDK-8212695: Add explicit timeout to several HTTP Client tests
    + JDK-8212718: Refactor some annotation processor tests to
    better use collections
    + JDK-8213007: Update the link in test/jdk/sun/security/
    /provider/SecureRandom/DrbgCavp.java
    + JDK-8213137: Remove static initialization of monitor/mutex
    instances
    + JDK-8213235: java/nio/channels/SocketChannel/
    /AsyncCloseChannel.java fails with threads that didn't exit
    + JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests
    to plain java tests
    + JDK-8213576: Make test AsyncCloseChannel.java run in othervm
    + JDK-8213694: Test Timeout.java should run in othervm mode
    + JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/
    /except/except002 and except003
    + JDK-8213922: fix ctw stand-alone build
    + JDK-8214195: Align stdout messages in
    test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
    + JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/
    /NonUniqueAliases.java failed with incorrect jtreg tags order
    + JDK-8214937: sun/security/tools/jarsigner/warnings/
    /NoTimestampTest.java failed due to unexpected expiration date
    + JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
    + JDK-8217825: Verify @AfterTest is used correctly in WebSocket
    tests
    + JDK-8218145: block_if_requested is not proper inlined due to
    size
    + JDK-8219417: bump jtreg requiredVersion to b14
    + JDK-8219552: bump jtreg requiredVersion to b14 in
    test/jdk/sanity/client/
    + JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails
    intermittently due to NumberFormatException
    + JDK-8220445: Support for side by side MSVC Toolset versions
    + JDK-8221988: add possibility to build with Visual Studio 2019
    + JDK-8222751: closed/test/jdk/sun/security/util/
    /DerIndefLenConverter/IndefBerPkcs12.java fail
    + JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use
    Dependencies::find_unique_concrete_method() for non-virtual
    methods
    + JDK-8224853: CDS address sanitizer errors
    + JDK-8225082: Remove IdenTrust certificate that is expiring in
    September 2021
    + JDK-8225583: Examine the HttpResponse.BodySubscribers for
    null handling and multiple subscriptions
    + JDK-8225690: Multiple AttachListener threads can be created
    + JDK-8225790: Two NestedDialogs tests fail on Ubuntu
    + JDK-8226319: Add forgotten test/jdk/java/net/httpclient/
    /BodySubscribersTest.java
    + JDK-8226533: JVMCI: findUniqueConcreteMethod should handle
    statically bindable methods directly
    + JDK-8226602: Test convenience reactive primitives from
    java.net.http with RS TCK
    + JDK-8226683: Remove review suggestion from fix to 8219804
    + JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due
    to "/exit code is 134"/
    + JDK-8227766: CheckUnhandledOops is broken in MemAllocator
    + JDK-8227815: Minimal VM: set_state is not a member of
    AttachListener
    + JDK-8230674: Heap dumps should exclude dormant CDS archived
    objects of unloaded classes
    + JDK-8230808: Remove Access::equals()
    + JDK-8230841: Remove oopDesc::equals()
    + JDK-8231717: Improve performance of charset decoding when
    charset is always compactable
    + JDK-8232243: Wrong caret position in JTextPane on Windows
    with a screen resolution > 100%
    + JDK-8232782: Shenandoah: streamline post-LRB CAS barrier
    (aarch64)
    + JDK-8233790: Forward output from heap dumper to jcmd/jmap
    + JDK-8233989: Create an IPv4 version of
    java/net/MulticastSocket/SetLoopbackMode.java
    + JDK-8234510: Remove file seeking requirement for writing a
    heap dump
    + JDK-8235211: serviceability/attach/
    /RemovingUnixDomainSocketTest.java fails with
    AttachNotSupportedException: Unable to open socket file
    + JDK-8235216: typo in test filename
    + JDK-8235866: bump jtreg requiredVersion to 4.2b16
    + JDK-8236111: narrow allowSmartActionArgs disabling
    + JDK-8236413: AbstractConnectTimeout should tolerate both
    NoRouteToHostException and UnresolvedAddressException
    + JDK-8236671: NullPointerException in JKS keystore
    + JDK-8238930: problem list compiler/c2/Test8004741.java
    + JDK-8238943: switch to jtreg 5.0
    + JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS
    breaks QuietOption.java test
    + JDK-8240983: Incorrect copyright header in Apache Santuario
    2.1.3 files
    + JDK-8241336: Some java.net tests failed with
    NoRouteToHostException on MacOS with special network
    configuration
    + JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
    + JDK-8241768: git needs .gitattributes
    + JDK-8242882: opening jar file with large manifest might throw
    NegativeArraySizeException
    + JDK-8244973: serviceability/attach/
    /RemovingUnixDomainSocketTest.java fails "/stderr was not
    empty"/
    + JDK-8245134: test/lib/jdk/test/lib/security/
    /KeyStoreUtils.java should allow to specify aliases
    + JDK-8246261: TCKLocalTime.java failed due to "/AssertionError:
    expected [18:14:22] but found [18:14:23]"/
    + JDK-8246387: switch to jtreg 5.1
    + JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed
    allocating blob
    + JDK-8247469: getSystemCpuLoad() returns -1 on linux when some
    offline cpus are present and cpusets.effective_cpus is not
    available
    + JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/
    /TextLayout/ArabicDiacriticTest.java can leave frame open
    + JDK-8248403: AArch64: Remove uses of kernel integer types
    + JDK-8248414: AArch64: Remove uses of long and unsigned long
    ints
    + JDK-8248657: Windows: strengthening in ThreadCritical
    regarding memory model
    + JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
    + JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
    + JDK-8248671: AArch64: Remove unused variables
    + JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
    + JDK-8248816: C1: Fix signature conflict in
    LIRGenerator::strength_reduce_multiply
    + JDK-8249095: tools/javac/launcher/SourceLauncherTest.java
    fails on Windows
    + JDK-8249548: backward focus traversal gets stuck in button
    group
    + JDK-8249773: Upgrade ReceiveISA.java test to be resilient to
    failure due to stray packets and interference
    + JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o
    bug-id
    + JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses
    @ignore w/o bug-id
    + JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses
    @ignore w/o bug-id
    + JDK-8250588: Shenandoah: LRB needs to save/restore fp
    registers for runtime call
    + JDK-8250824: AArch64: follow up for JDK-8248414
    + JDK-8251166: Add automated testcases for changes done in
    JDK-8214112
    + JDK-8251252: Add automated testcase for fix done in
    JDK-8214253
    + JDK-8251254: Add automated test for fix done in JDK-8218472
    + JDK-8251361: Potential race between Logger configuration and
    GCs in HttpURLConWithProxy test
    + JDK-8251549: Update docs on building for Git
    + JDK-8251945: SIGSEGV in
    PackageEntry::purge_qualified_exports()
    + JDK-8252194: Add automated test for fix done in JDK-8218469
    + JDK-8252648: Shenandoah: name gang tasks consistently
    + JDK-8252825: Add automated test for fix done in JDK-8218479
    + JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java
    fails intermittently with C1
    + JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially
    consistent
    + JDK-8253048: AArch64: When CallLeaf, no need to preserve
    callee-saved registers in caller
    + JDK-8253424: Add support for running pre-submit testing using
    GitHub Actions
    + JDK-8253631: Remove unimplemented CompileBroker methods after
    JEP-165
    + JDK-8253865: Pre-submit testing using GitHub Actions does not
    detect failures reliably
    + JDK-8253899: Make IsClassUnloadingEnabled signature match
    specification
    + JDK-8254024: Enhance native libs for AWT and Swing to work
    with GraalVM Native Image
    + JDK-8254054: Pre-submit testing using GitHub Actions should
    not use the deprecated set-env command
    + JDK-8254173: Add Zero, Minimal hotspot targets to submit
    workflow
    + JDK-8254175: Build no-pch configuration in debug mode for
    submit checks
    + JDK-8254244: Some code emitted by TemplateTable::branch is
    unused when running TieredCompilation
    + JDK-8254270: linux 32 bit build doesn't compile
    libjdwp/log_messages.c
    + JDK-8254282: Add Linux x86_32 builds to submit workflow
    + JDK-8254850: Update terminology in java.awt.GridBagLayout
    source code comments
    + JDK-8255255: Update Apache Santuario (XML Signature) to
    version 2.2.1
    + JDK-8255305: Add Linux x86_32 tier1 to submit workflow
    + JDK-8255352: Archive important test outputs in submit workflow
    + JDK-8255373: Submit workflow artifact name is always
    "/test-results_.zip"/
    + JDK-8255452: Doing GC during JVMTI MethodExit event posting
    breaks return oop
    + JDK-8255718: Zero: VM should know it runs in interpreter-only
    mode
    + JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F
    on Manjaro Linux
    + JDK-8255810: Zero: build fails without JVMTI
    + JDK-8255895: Submit workflow artifacts miss hs_errs/replays
    due to ZIP include mismatch
    + JDK-8256127: Add cross-compiled foreign architectures builds
    to submit workflow
    + JDK-8256215: Shenandoah: re-organize saving/restoring machine
    state in assembler code
    + JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for
    x86_32 and lower -XX:+UseSSE
    + JDK-8256277: Github Action build on macOS should define OS
    and Xcode versions
    + JDK-8256354: Github Action build on Windows should define OS
    and MSVC versions
    + JDK-8256393: Github Actions build on Linux should define OS
    and GCC versions
    + JDK-8256414: add optimized build to submit workflow
    + JDK-8256747: GitHub Actions: decouple the hotspot build-only
    jobs from Linux x64 testing
    + JDK-8257056: Submit workflow should apt-get update to avoid
    package installation errors
    + JDK-8257148: Remove obsolete code in AWTView.m
    + JDK-8257497: Update keytool to create AKID from the SKID of
    the issuing certificate as specified by RFC 5280
    + JDK-8257620: Do not use objc_msgSend_stret to get macOS
    version
    + JDK-8257913: Add more known library locations to simplify
    Linux cross-compilation
    + JDK-8258703: Incorrect 512-bit vector registers restore on
    x86_32
    + JDK-8259338: Add expiry exception for identrustdstx3 alias to
    VerifyCACerts.java test
    + JDK-8259535: ECDSA SignatureValue do not always have the
    specified length
    + JDK-8259679: GitHub actions should use MSVC 14.28
    + JDK-8259924: GitHub actions fail on Linux x86_32 with "/Could
    not configure libc6:i386"/
    + JDK-8260460: GitHub actions still fail on Linux x86_32 with
    "/Could not configure libc6:i386"/
    + JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
    + JDK-8260923: Add more tests for SSLSocket input/output
    shutdown
    + JDK-8261072: AArch64: Fix MacroAssembler::get_thread
    convention
    + JDK-8261147: C2: Node is wrongly marked as reduction
    resulting in a wrong execution due to wrong vector instructions
    + JDK-8261238: NMT should not limit baselining by size threshold
    + JDK-8261496: Shenandoah: reconsider pacing updates memory
    ordering
    + JDK-8261652: Remove some dead comments from os_bsd_x86
    + JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync
    with the StackFrameStream
    + JDK-8262000: jdk/jfr/event/gc/detailed/
    /TestPromotionFailedEventWithParallelScavenge.java failed with
    "/OutOfMemoryError: Java heap space"/
    + JDK-8262017: C2: assert(n != __null) failed: Bad immediate
    dominator info.
    + JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
    + JDK-8262409: sun/security/ssl/SSLSocketImpl/
    /SSLSocketImplThrowsWrongExceptions. SSL test failures caused
    by java failed with "/Server reported the wrong exception"/
    + JDK-8262470: Printed GlyphVector outline with low DPI has bad
    quality on Windows
    + JDK-8262862: Harden tests sun/security/x509/URICertStore/
    /ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
    + JDK-8263136: C4530 was reported from VS 2019 at access bridge
    + JDK-8263227: C2: inconsistent spilling due to dead nodes in
    exception block
    + JDK-8263382: java/util/logging/ParentLoggersTest.java failed
    with "/checkLoggers: getLoggerNames() returned unexpected
    loggers"/
    + JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
    + JDK-8263432: javac may report an invalid package/class clash
    on case insensitive filesystems
    + JDK-8263490: [macos] Crash occurs on JPasswordField with
    activated InputMethod
    + JDK-8263531: Remove unused buffer int
    + JDK-8263667: Avoid running GitHub actions on branches named
    pr/*
    + JDK-8263776: [JVMCI] add helper to perform Java upcalls
    + JDK-8264016: [JVMCI] add some thread local fields for use by
    JVMCI
    + JDK-8264752: SIGFPE crash with option
    FlightRecorderOptions:threadbuffersize=30M
    + JDK-8265132: C2 compilation fails with assert "/missing
    precedence edge"/
    + JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after
    fix for JDK-8264821
    + JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay
    description
    + JDK-8265756: AArch64: initialize memory allocated for locals
    according to Windows AArch64 stack page growth requirement in
    template interpreter
    + JDK-8265761: Font with missed font family name is not
    properly printed on Windows
    + JDK-8265773: incorrect jdeps message "/jdk8internals"/ to
    describe a removed JDK internal API
    + JDK-8265836: OperatingSystemImpl.getCpuLoad() returns
    incorrect CPU load inside a container
    + JDK-8266018: Shenandoah: fix an incorrect assert
    + JDK-8266206: Build failure after JDK-8264752 with older GCCs
    + JDK-8266248: Compilation failure in
    PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
    + JDK-8266288: assert root method not found in
    witnessed_reabstraction_in_supers is too strong
    + JDK-8266404: Fatal error report generated with
  - XX:+CrashOnOutOfMemoryError should not contain suggestion to
    submit a bug report
    + JDK-8266480: Implicit null check optimization does not update
    control of hoisted memory operation
    + JDK-8266615: C2 incorrectly folds subtype checks involving an
    interface array
    + JDK-8266642: Improve ResolvedMethodTable hash function
    + JDK-8266749: AArch64: Backtracing broken on PAC enabled
    systems
    + JDK-8266761: AssertionError in
    sun.net.httpserver.ServerImpl.responseCompleted
    + JDK-8266813: Shenandoah: Use shorter instruction sequence for
    checking if marking in progress
    + JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due
    to uninitialized BasicObjectLock::_displaced_header
    + JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use
    Metaspace with less classes
    + JDK-8267396: Avoid recording "/pc"/ in unhandled oops detector
    for better performance
    + JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java
    test failed with assertion
    + JDK-8267424: CTW: C1 fails with "/State must not be null"/
    + JDK-8267459: Pasting Unicode characters into JShell does not
    work.
    + JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
    + JDK-8267666: Add option to jcmd GC.heap_dump to use existing
    file
    + JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
    + JDK-8267751: (test) jtreg.SkippedException has no serial
    VersionUID
    + JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle
    min_jint correctly
    + JDK-8268103: JNI functions incorrectly return a double after
    JDK-8265836
    + JDK-8268127: Shenandoah: Heap size may be too small for
    region to align to large page size
    + JDK-8268261: C2: assert(n != __null) failed: Bad immediate
    dominator info.
    + JDK-8268347: C2: nested locks optimization may create
    unbalanced monitor enter/exit code
    + JDK-8268360: Missing check for infinite loop during node
    placement
    + JDK-8268362: [REDO] C2 crash when compile negative
    Arrays.copyOf length after loop
    + JDK-8268366: Incorrect calculation of has_fpu_registers in C1
    linear scan
    + JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to
    missing null check
    + JDK-8268417: Add test from JDK-8268360
    + JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm
    performance
    + JDK-8268617: [11u REDO] - WebSocket over authenticating proxy
    fails with NPE
    + JDK-8268620: InfiniteLoopException test may fail on x86
    platforms
    + JDK-8268635: Corrupt oop in ClassLoaderData
    + JDK-8268699: Shenandoah: Add test for JDK-8268127
    + JDK-8268771: javadoc -notimestamp option does not work on
    index.html
    + JDK-8268775: Password is being converted to String in
    AccessibleJPasswordField
    + JDK-8268776: Test `ADatagramSocket.java` missing /othervm
    from @run tag
    + JDK-8268965: TCP Connection Reset when connecting simple
    socket to SSL server
    + JDK-8269304: Regression ~5% in 2005 in b27
    + JDK-8269415: [11u] Remove ea from
    DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
    + JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should
    be more resilient
    + JDK-8269529: javax/swing/reliability/
    /HangDuringStaticInitialization.java fails in Windows debug
    build
    + JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory
    leak: allocating handle outside HandleMark
    + JDK-8269614: [s390] Interpreter checks wrong bit for slow
    path instance allocation
    + JDK-8269650: Optimize gc-locker in
    [Get|Release]StringCritical for latin string
    + JDK-8269661: JNI_GetStringCritical does not lock char array
    + JDK-8269668: [aarch64] java.library.path not including
    /usr/lib64
    + JDK-8269763: The JEditorPane is blank after JDK-8265167
    + JDK-8269795: C2: Out of bounds array load floats above its
    range check in loop peeling resulting in SEGV
    + JDK-8269847: JDK-8269594 backport breaks 11u builds
    + JDK-8269850: Most JDK releases report macOS version 12 as
    10.16 instead of 12.0
    + JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports
    incorrect process cpu usage in containers
    + JDK-8269882: stack-use-after-scope in NewObjectA
    + JDK-8269934: RunThese24H.java failed with
    EXCEPTION_ACCESS_VIOLATION in
    java_lang_Thread::get_thread_status
    + JDK-8270096: Shenandoah: Optimize gc/shenandoah/
    /TestRefprocSanity.java for interpreter mode
    + JDK-8270137: Kerberos Credential Retrieval from Cache not
    Working in Cross-Realm Setup
    + JDK-8270184: [TESTBUG] Add coverage for jvmci
    ResolvedJavaType.toJavaName() for lambdas
    + JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns
    incorrect type name for lambdas
    + JDK-8270556: Exclude security/infra/java/security/cert/
    /CertPathValidator/certification/LetsEncryptCA
    + JDK-8270893: IndexOutOfBoundsException while reading large
    TIFF file
    + JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
    + JDK-8272124: Cgroup v1 initialization causes
    NullPointerException when cgroup path contains colon
    + JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash
    when clone null CallProjections.fallthrough_ioproj
    + JDK-8272197: Update 11u GHA workflow with Shenandoah
    configurations
    + JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz
    after JDK-8255790
    + JDK-8272472: StackGuardPages test doesn't build with glibc
    2.34
    + JDK-8272602: [macos] not all KEY_PRESSED events sent when
    control modifier is used
    + JDK-8272628: Problemlist gc/stress/gcbasher/
    /TestGCBasherWithCMS.java for x86_32
    + JDK-8272700: [macos] Build failure with Xcode 13.0 after
    JDK-8264848
    + JDK-8272772: Shenandoah: compiler/c2/aarch64/
    /TestVolatilesShenandoah.java fails in 11u
    + JDK-8273939: Backport of 8248414 to JDK11 breaks
    MacroAssembler::adrp
- Remove the unneeded icedtea-sound provider
- Removed patches:
  * icedtea-sound-1.0.1-jdk9.patch
  * icedtea-sound-soundproperties.patch
    + not needed since the icedtea-sound provider is removed
  * jdk11-glibc234.patch
    + integrated upstream
- Added patch:
  * fips.patch
    + implement FIPS support in OpenJDK
- Modified patch:
  * nss-security-provider.patch
    + revert recent changes making NSS provider the default one
    + fixes bsc#1190252
- Added patch:
  * jdk11-glibc234.patch
    + fix build with glibc-2.34 (bsc#1189201)
- riscv64-zero.patch: Add support for riscv64 (zero VM)
kdump
- kdump-do-not-iterate-past-end-of-string.patch:
  URLParser::extractAuthority(): Do not iterate past end of string
  (bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
  code checking after "/local"/ with assignment (bsc#1184616
  LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
  dracut command line (bsc#1182309).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
  /etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
  when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
  network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
  dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
  LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
  initrd.target.wants directory exists (bsc#1172670).
kernel-default
- config: disable unprivileged BPF by default (jsc#SLE-22573)
  Backport of mainline commit 8a03e56b253e ("/bpf: Disallow unprivileged bpf
  by default"/) only changes kconfig default, used e.g. for "/make oldconfig"/
  when the config option is missing, but does not update our kernel configs
  used for build. Update also these to make sure unprivileged BPF is really
  disabled by default.
- commit 9a413cc
- Input: elantench - fix misreporting trackpoint coordinates
  (bsc#1192918).
- commit af3fd37
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- commit 4bfee1a
- blacklist.conf: Add 04f8ef5643bc cgroup: Fix memory leak caused by missing cgroup_bpf_offline
- commit d046894
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
- commit 7ca7de6
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/scsi-core-Fix-spelling-in-a-source-code-comment
  - patches.suse/scsi-csiostor-Uninitialized-data-in-csio_ln_vnp_read_cbfn
  - patches.suse/scsi-dc395-Fix-error-case-unwinding
  - patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-memory-leak-due-to-probe-defer
- commit 2c768e7
- btrfs: update comments for chunk allocation -ENOSPC cases
  (bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree
  modifications (bsc#1192896).
- btrfs: block-group: Rework documentation of check_system_chunk
  function (bsc#1192896).
- commit 20b2047
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/ipv4-make-exception-cache-less-predictible.patch
  - patches.suse/ipv6-make-exception-cache-less-predictible.patch
  - patches.suse/qtnfmac-fix-potential-spectre-vulnerabilities.patch
- commit 5c2e4e8
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/edac-sb_edac-fix-top-of-high-memory-value-for-broadwell-haswell.patch
  - patches.suse/x86-sme-use-define-use_early_pgtable_l5-in-mem_encrypt_identity-c.patch
- commit fd7ddeb
- blacklist.conf: Add 8520e224f547 bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
- commit 04918fc
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- commit 2b13f6d
- Eradicate Patch-mainline: No
  The pre-commit check can reject this deprecated tag then.
- Refresh patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch.
- Refresh patches.suse/btrfs-provide-super_operations-get_inode_dev.
- commit e877505
- Update
  patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch
  (bsc#1155518 bsc#1192045 CVE-2021-0941).
- commit 33fb6b6
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- commit 5952a38
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Add kconfig knob for disabling unpriv bpf
  by default (jsc#SLE-22573)
- Update config files: Add
  CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- commit cb7628d
- dm ioctl: fix out of bounds array access when no devices
  (CVE-2021-31916 bsc#1192781).
- commit 49351dc
- patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
- commit 75a41c2
- patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- commit 406dc3d
- patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- commit cb34e92
- patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- commit 09f1f4d
- blacklist.conf: printk/workqueue: very hard to hit; works well with lockless
  ringuffer; but it might cause wrong timestamps or even lost messages
  on 5.3 where using par-CPU buffers (bsc#1192750)
- commit 63c8c7f
- printk/console: Allow to disable console output by using
  console="/"/ or console=null (bsc#1192753).
- commit 4f99186
- printk: handle blank console arguments passed in (bsc#1192753).
- commit db08758
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown
  skb (git-fixes).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
  code and avoid a leak (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
  (git-fixes).
- net: dsa: felix: re-enable TX flow control in
  ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- commit 4fdc3dd
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
  docker together (bsc#1192745).
- commit bc3e5c2
- blacklist.conf: add mscc driver fixes
- commit 109b7ec
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- commit a133bf4
- blacklist.conf: changes device names, kABI massacre
- commit 68b0003
- fuse: fix page stealing (bsc#1192718).
- commit 5c46aef
- ipv4: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv6: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
  (bsc#1191790, CVE-2021-20322).
- ipv6: use siphash in rt6_exception_hash() (bsc#1191790,
  CVE-2021-20322).
- commit 191e9b3
- Revert "/x86/kvm: fix vcpu-id indexed array sizes"/ (git-fixes).
- commit 918d1fd
- Delete patches.kabi/kabi-fix-after-kvm-vcpu-id-array-fix.patch, as
  the patch causing its introduction is being reverted.
- commit 2e03b9d
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
  (git-fixes).
- commit bb35029
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- commit 94628c1
- xen: Fix implicit type conversion (git-fixes).
- commit 89e345e
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in
  mem_encrypt_identity.c (bsc#1152489).
- commit 60c8f9c
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
  (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
  (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of
  qla2x00_process_els() (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues()
  (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
  (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map()
  (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe()
  (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: be2iscsi: Fix an error handling path in
  beiscsi_dev_probe() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
  (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed()
  (git-fixes).
- Revert "/scsi: ufs: fix a missing check of
  devm_reset_control_get"/ (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel
  EHL (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed
  (git-fixes).
- commit c10ecb2
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
  (bsc#1152489).
- commit e920f56
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
  (git-fixes).
- commit 8d9df1e
- Fix problem with missing installkernel on Tumbleweed.
- commit 2ed6686
- Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
  (bsc#1191628 bsc#1192549).
  dir_cookie is a pointer to the cookie in older kernels,
  not the cookie itself.
- commit ee8ec20
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273
  ltc#194629).
- ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629).
- commit 99d6daa
- Revert "/ibmvnic: check failover_pending in login response"/
  (bsc#1190523 ltc#194510).
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit ac4c874
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
  (bsc#1191961 CVE-2021-34981).
- commit a4ff591
- Revert "/r8152: adjust the settings about MAC clock speed down
  for RTL8153"/ (git-fixes).
- commit 541bc3e
- r8152: don't enable U1U2 with USB_SPEED_HIGH for RTL8153B
  (git-fixes).
- commit e20d73d
- r8152: Disable PLA MCU clock speed down (git-fixes).
- Refresh patches.suse/r8152-disable-test-IO-for-RTL8153B.patch.
- commit 9b878a2
- r8152: disable U2P3 for RTL8153B (git-fixes).
- commit d6c58f7
- r8152: reset flow control patch when linking on for RTL8153B
  (git-fixes).
- commit 7f46ee2
- r8152: fix runtime resume for linking change (git-fixes).
- commit 0ff2979
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock
  Gen 2 (git-fixes).
- commit d73c455
- r8152: add a helper function about setting EEE (git-fixes).
- commit 5f95fd2
- r8152: divide the tx and rx bottom functions (git-fixes).
- Refresh
  patches.suse/r8152-Re-order-napi_disable-in-rtl8152_close.patch.
- Refresh
  patches.suse/r8152-avoid-to-call-napi_disable-twice.patch.
- commit 248b976
- r8152: saving the settings of EEE (git-fixes).
- commit 7c0dac3
- r8152: use alloc_pages for rx buffer (git-fixes).
- commit 3304002
- r8152: replace array with linking list for rx information
  (git-fixes).
- commit b5a7bd7
- r8152: separate the rx buffer size (git-fixes).
- commit 4176c6f
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM
  request (git-fixes).
- commit 3af49ca
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- commit 11f64ca
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- commit fa10b1f
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- commit 49a0bf8
- blacklist.conf: build warning only
- commit 389a467
- bpf: Fix potential race in tail call compatibility check
  (git-fixes).
- commit 6fdd9c7
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- commit c3f4c78
- exfat: handle wrong stream entry size in exfat_readdir()
  (git-fixes).
- exfat: fix erroneous discard when clear cluster bit
  (git-fixes).
- commit 366e900
- exfat: truncate atimes to 2s granularity  (bsc#1192328).
- Refresh
  patches.suse/exfat-fix-use-of-uninitialized-spinlock-on-error-path.patch.
- exfat: properly set s_time_gran  (bsc#1192328).
- commit 832525a
- Drop two USB patches that are reverted by stable 5.4.158
  Deleted:
  patches.suse/usb-core-hcd-Add-support-for-deferring-roothub-regis.patch
  patches.suse/xhci-Set-HCD-flag-to-defer-primary-roothub-registrat.patch
  blacklist.conf: updated
- commit 10f1374
- serial: xilinx_uartps: Fix race condition causing stuck TX
  (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- USB: iowarrior: fix control-message timeouts (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list
  of bound devices (git-fixes).
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- commit b954450
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register
  error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in
  set_soc_threshold (git-fixes).
- =?UTF-8?q?power:=20supply:=20rt5033=5Fbattery:=20Change?=
  =?UTF-8?q?=20voltage=20values=20to=20=C2=B5V?= (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when
  no rsns (git-fixes).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- Revert "/platform/x86: i2c-multi-instantiate: Don't create
  platform device for INT3515 ACPI nodes"/ (git-fixes).
- commit 0f3a4f1
- PCI: uniphier: Serialize INTx masking/unmasking and fix the
  bit operation (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
  (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method
  (git-fixes).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb
  (git-fixes).
- HID: u2fzero: clarify error check and length calculations
  (git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable()
  (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset()
  (git-fixes).
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- commit 92991a1
- auxdisplay: ht16k33: Fix frame buffer device blanking
  (git-fixes).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty
  string (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active
  (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state
  (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Do not clear status bits of masked interrupts
  (git-fixes).
- PCI: aardvark: Don't spam about PIO Response Status (git-fixes).
- commit 3e5c258
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table
  (git-fixes).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
  (git-fixes).
- commit b23c22d
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- commit 5f3b3d8
- ocfs2: fix data corruption on truncate (bsc#1190795).
- commit 4b0d91a
- ftrace: Fix scripts/recordmcount.pl due to new binutils
  (bsc#1192267).
- commit f07ed1b
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set()
  (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function
  (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate
  functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS
  (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- commit a38114a
- series.conf: refresh
- update upstream references and resort
  - patches.suse/scsi-lpfc-Adjust-bytes-received-vales-during-cmf-tim.patch
  - patches.suse/scsi-lpfc-Allow-PLOGI-retry-if-previous-PLOGI-was-ab.patch
  - patches.suse/scsi-lpfc-Allow-fabric-node-recovery-if-recovery-is-.patch
  - patches.suse/scsi-lpfc-Correct-sysfs-reporting-of-loop-support-af.patch
  - patches.suse/scsi-lpfc-Don-t-release-final-kref-on-Fport-node-whi.patch
  - patches.suse/scsi-lpfc-Don-t-remove-ndlp-on-PRLI-errors-in-P2P-mo.patch
  - patches.suse/scsi-lpfc-Fix-EEH-support-for-NVMe-I-O.patch
  - patches.suse/scsi-lpfc-Fix-FCP-I-O-flush-functionality-for-TMF-ro.patch
  - patches.suse/scsi-lpfc-Fix-I-O-block-after-enabling-managed-conge.patch
  - patches.suse/scsi-lpfc-Fix-NVMe-I-O-failover-to-non-optimized-pat.patch
  - patches.suse/scsi-lpfc-Fix-hang-on-unload-due-to-stuck-fport-node.patch
  - patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
  - patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
  - patches.suse/scsi-lpfc-Fix-premature-rpi-release-for-unsolicited-.patch
  - patches.suse/scsi-lpfc-Fix-rediscovery-of-tape-device-after-LIP.patch
  - patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
  - patches.suse/scsi-lpfc-Improve-PBDE-checks-during-SGL-processing.patch
  - patches.suse/scsi-lpfc-Revert-LOG_TRACE_EVENT-back-to-LOG_INIT-pr.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.2.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.3.patch
  - patches.suse/scsi-lpfc-Wait-for-successful-restart-of-SLI3-adapte.patch
  - patches.suse/scsi-lpfc-Zero-CGN-stats-only-during-initial-driver-.patch
  - patches.suse/scsi-qla2xxx-Add-support-for-mailbox-passthru.patch
  - patches.suse/scsi-qla2xxx-Call-process_response_queue-in-Tx-path.patch
  - patches.suse/scsi-qla2xxx-Check-for-firmware-capability-before-cr.patch
  - patches.suse/scsi-qla2xxx-Display-16G-only-as-supported-speeds-fo.patch
  - patches.suse/scsi-qla2xxx-Fix-crash-in-NVMe-abort-path.patch
  - patches.suse/scsi-qla2xxx-Fix-kernel-crash-when-accessing-port_sp.patch
  - patches.suse/scsi-qla2xxx-Fix-use-after-free-in-eh_abort-path.patch
  - patches.suse/scsi-qla2xxx-Move-heartbeat-handling-from-DPC-thread.patch
  - patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-poin.patch
  - patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.100-k.patch
  - patches.suse/scsi-qla2xxx-edif-Use-link-event-to-wake-up-app.patch
  No effect on expanded tree.
- commit 69f2186
- Update patch reference for ISDN fix (CVE-2021-43389 bsc#1191958)
- commit b343e2f
- Update
  patches.suse/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch
  (bsc#1188601 CVE-2021-37159).
  Added bsc and CVE numbers
- commit e17f2ff
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- commit 659ddc7
- memory: fsl_ifc: fix leak of irq and nand_irq in
  fsl_ifc_ctrl_probe (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv
  (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns
  EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Don't set defaults for volatile registers
  (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting
  (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
  (git-fixes).
- commit 7e1e84d
- regulator: dt-bindings: samsung,s5m8767: correct
  s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if
  GPIO DVS is disabled (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove
  function (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in
  jmb38x_ms_alloc_host() (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is
  not configured (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow
  (git-fixes).
- tpm: Check for integer overflow in tpm2_map_response_body()
  (git-fixes).
- commit d39cbe5
- media: dvb-frontends: mn88443x: Handle errors of
  clk_prepare_enable() (git-fixes).
- media: em28xx: Don't use ops->suspend if it is NULL (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer
  (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path
  of 'mtk_vpu_probe()' (git-fixes).
- commit db843c8
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension
  of lm25066_coeff (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame
  (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison
  imgu_css_fw_init (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error
  handling path (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- commit cc194ed
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- rsi: fix control-message timeout (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass
  two's complement (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register()
  (git-fixes).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- commit 4c5043d
- mwifiex: fix division by zero in fw download path (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect
  (git-fixes).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
  (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling
  (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330
  (git-fixes).
- commit e68a671
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- libertas: Fix possible memory leak in probe and disconnect
  (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
  (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work
  (git-fixes).
- commit 58db500
- ath6kl: fix division by zero in send path (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp
  (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id()
  (git-fixes).
- commit 276cbd3
- Input: i8042 - Add quirk for Fujitsu Lifebook T725
  (bsc#1191980).
- commit 9545e5e
- x86/msi: Force affinity setup before startup (bsc#1152489).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- commit a7cad27
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- commit f2c4d71
- xfs: don't allow log writes if the data device is readonly
  (bsc#1192229).
- commit 67ee0ba
- series.conf: refresh
- update upstream references and resort:
  - patches.suse/ibmvnic-Consolidate-code-in-replenish_rx_pool.patch
  - patches.suse/ibmvnic-Fix-up-some-comments-and-messages.patch
  - patches.suse/ibmvnic-Reuse-LTB-when-possible.patch
  - patches.suse/ibmvnic-Reuse-rx-pools-when-possible.patch
  - patches.suse/ibmvnic-Reuse-tx-pools-when-possible.patch
  - patches.suse/ibmvnic-Use-bitmap-for-LTB-map_ids.patch
  - patches.suse/ibmvnic-Use-rename-local-vars-in-init_rx_pools.patch
  - patches.suse/ibmvnic-Use-rename-local-vars-in-init_tx_pools.patch
  - patches.suse/ibmvnic-init_tx_pools-move-loop-invariant-code.patch
- commit 35d2ed0
- Update kabi files.
- update from November 2021 maintenance update submission (commit fb4a33cb1752)
- commit 24b46c0
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- commit 305e50a
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- commit e709b2b
- nvme-pci: set min_align_mask (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
  (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- commit 63c0e38
- driver core: add a min_align_mask field to struct
  device_dma_parameters (bsc#1191851).
- commit cb95969
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE
  (bsc#1133021).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
  (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- commit ef66201
- blacklist.conf: ed65df63a39a ("/tracing: Have all levels of checks prevent recursion"/)
  It fixes a corner case, which should be rare. The patch changes a public
  header file and even if the API should not be used externally, there is
  always a risk.
- commit 80def7c
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
  (bsc#1152489).
- commit 96ee990
- netfilter: conntrack: collect all entries in one cycle
  (bsc#1173604).
- commit c4117de
- ipv6/netfilter: Discard first fragment not including all headers
  (bsc#1191241).
- IPv6: reply ICMP error if the first fragment don't include
  all headers (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
  (bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU
  (bsc#1191241).
- commit c74316d
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- Refresh
  patches.suse/dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch.
- commit 0eae9b5
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
  changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode
  (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0
  when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
  (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- commit 2ce76cc
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
  (fate#322438 bsc#1085030 git-fixes).
- commit 3106974
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- commit 1702f6b
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
  (bsc#1065729).
- commit 4a60f84
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
  (bsc#1190351).
- commit c4ecd47
- mmc: vub300: fix control-message timeouts (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value
  (git-fixes).
- commit 15296ab
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in
  progress before devloss (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer
  dereference (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
  (bsc#1192145).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
  (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP
  status change (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
  host sg_reset (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
  driver_resource_setup() (bsc#1192145).
- commit ea0ad63
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
  (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit()
  (git-fixes).
- commit 1fb45c2
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
  (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- ionic: don't remove netdev->dev_addr when syncing uc list
  (bsc#1167773).
- iavf: fix double unlock of crit_lock (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- gve: report 64bit tx_bytes counter from
  gve_handle_report_stats() (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- net: bridge: use nla_total_size_64bit() in
  br_get_linkxstats_size() (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
  (git-fixes).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
  (git-fixes).
- qed: rdma - don't wait for resources under hw error recovery
  flow (git-fixes).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
  (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- qed: Handle management FW error (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
  (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- i40e: Fix ATR queue selection (git-fixes).
- mlx5: count all link events (git-fixes).
- commit 64e7f77
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
  (CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
  bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
  bsc#1188563).
- commit e419503
- powerpc/idle: Don't corrupt back chain when going idle
  (bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056).
- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return
  0 if it went to guest (bko#206669 bsc#1174585 bsc#1192107
  CVE-2021-43056).
- KVM: PPC: Book3S HV: Fix stack handling in
  idle_kvm_start_guest() (bko#206669 bsc#1174585 bsc#1192107
  CVE-2021-43056).
- powerpc64/idle: Fix SP offsets when saving GPRs (bko#206669
  bsc#1174585 bsc#1192107 CVE-2021-43056).
- commit 90745c9
- Update patch reference for ISDN fix (CVE-2021-3896 bsc#1191958)
- commit b1524c3
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- commit 3a9d8cd
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
  (git-fixes).
- isdn: cpai: check ctr->cnr to avoid array index out of bound
  (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset
  (git-fixes).
- platform/x86: intel_scu_ipc: Update timeout value in comment
  (git-fixes).
- commit 26182ff
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating
  inodes (bsc#1190642).
- commit 4a5d10a
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to
  ERROR_ACTIVE state notification (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- lan78xx: select CRC32 (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- audit: fix possible null-pointer dereference in
  audit_filter_rules (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
  ahci_platform_enable_regulators() (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
  (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS
  G551JW (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid
  ambiguity (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- commit 2657409
- blacklist.conf: irrelevant
- commit 4c2a4eb
- USB: xhci: dbc: fix tty registration race (git-fixes).
- commit 8800f76
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
  (git-fixes).
- commit 2947d1e
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
  bsc#1190067).
- commit 9eabc0c
- Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 2adc0e5
- cipso,calipso: resolve a number of problems with the DOI
  refcounts (CVE-2021-33033 bsc#1186109).
- commit 499c5a0
- ceph: fix handling of "/meta"/ errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut
  down when mounting (bsc#1192040).
- commit 329e544
- kabi: hide return value type change of sctp_af::from_addr_param
  (CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
  (CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
  bsc#1188563).
- commit 9f59a3f
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
- commit bd39990
- Revert "/sched/fair: Add ancestors of unthrottled undecayed cfs_rq"/
  The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
  Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
  reverted as part of short-term solution of bsc#1191343.
  This reverts commit d8d828e03d4f1e436c3580616c7b53db38e38dcb.
- commit c6395e4
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 9bccba9
- USB: serial: option: add Quectel EC200S-CN module support
  (git-fixes).
- commit e1df2bf
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- commit b42181b
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- commit cff3cf9
- USB: serial: option: add Telit LE910Cx composition 0x1204
  (git-fixes).
- commit 3ccad62
- xhci: Enable trust tx length quirk for Fresco FL11 USB
  controller (git-fixes).
- commit 55acfbd
- xhci: Fix command ring pointer corruption while aborting a
  command (git-fixes).
- commit bf02a9c
- Input: xpad - add support for another USB ID of Nacon GC-100
  (git-fixes).
- commit eba25ff
- media: firewire: firedtv-avc: fix a buffer overflow in
  avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit fab3d4f
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
  bsc#1191800).
- commit 8c6d0b8
- ocfs2: fix data corruption after conversion from inline format
  (bsc#1190795).
- commit ac3ffc2
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit c40c7ae
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit eee3b41
- blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
- commit da61791
- gpio: pca953x: Improve bias setting (git-fixes).
- spi: spi-nxp-fspi: don't depend on a specific node name erratum
  workaround (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
  (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
  (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp
  (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- commit c393393
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in
  ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
  (git-fixes).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
  (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
  (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device
  IDs (git-fixes).
- HID: apple: Fix logical maximum and usage maximum of Magic
  Keyboard JIS (git-fixes).
- commit 372fd90
- pata_legacy: fix a couple uninitialized variable bugs
  (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error
  (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
  (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes).
- commit 1a13895
- rpm/kernel-obs-build.spec.in: reduce initrd functionality
  For building in OBS, we always build inside a virtual machine
  that gets a new, freshly created scratch filesystem image. So
  we do not need to handle fscks because that ain't gonna happen,
  as well as not we do not need to handle microcode update in the
  initrd as these only can be run on the host system anyway. We
  can also strip and hardlink as an additional optimisation that
  should not significantly hurt.
- commit c72c6fc
- nvme-pci: Fix abort command id (git-fixes).
- nvme: add command id quirk for apple controllers (git-fixes).
- commit 210cebb
- xen: reset legacy rtc flag for PV domU (git-fixes).
- commit 2ae68ea
- xen: fix setting of max_pfn in shared_info (git-fixes).
- commit 2d2e1e0
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
- commit b7dfcc7
- NFS: Do uncached readdir when we're seeking a cookie in an
  empty page cache (bsc#1191628).
- commit 5ca83d3
- NFC: digital: fix possible memory leak in
  digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in
  digital_tg_listen_mdaa() (git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
  (git-fixes).
- commit aada78f
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
  (bsc#1185762).
- nvme-fc: avoid race between time out and tear down
  (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- commit 4afdc63
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
  (bsc#1191349).
- commit c7eb218
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- commit 901c621
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32()
  call (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
  (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
  (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
  (git-fixes).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
  (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
  SSD (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
  (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
  (git-fixes).
- commit 4915e73
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
  (git-fixes).
- commit aaf0697
- scsi: qla2xxx: Remove redundant initialization of pointer req
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path
  (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to
  workqueue (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path
  (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
  sysfs file (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app
  (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating
  QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c
  card (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout
  (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset()
  (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()
  (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
  (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
  (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list
  (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx
  (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang
  (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190941).
- commit c17f95e
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
  The semantic changed in an incompatible way so invoking the macro now
  causes a build failure.
- commit 3e55f55
- powerpc/bpf: Emit stf barrier instruction sequences
  for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
  bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
  conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- commit 3f6738b
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
  (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting
  (git-fixes).
- commit b5d0357
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit
  from run_smbios_call (git-fixes).
- commit a539d65
- x86/resctrl: Free the ctrlval arrays when
  domain_setup_mon_state() fails (bsc#1152489).
- commit dba5675
- can: xilinx_can: handle failure cases of pm_runtime_get_sync
  (git-fixes).
- commit 82f6db6
- blacklist.conf: feature, not a fix
- commit fd65896
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
  (git-fixes).
- commit 5487063
- can: peak_usb: fix use after free bugs (git-fixes).
- commit 3ad9b4d
- can: dev: can_restart: fix use after free bug (git-fixes).
- commit 0943ca2
- can: ti_hecc: ti_hecc_probe(): add missed
  clk_disable_unprepare() in error path (git-fixes).
- commit 2fec0e3
- Update patch reference for soc fix (CVE-2021-42252 bsc#1190479)
- commit f05067d
- blacklist.conf: requires newer USB PD version than we have
- commit a8bbe8f
- blacklist.conf: needs newer USB PD than we have
- commit d0d6a50
- USB: cdc-acm: fix minor-number release (git-fixes).
- commit 477b833
- USB: cdc-acm: clean up probe error labels (git-fixes).
- commit 576c313
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit fab5572
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit 08dc820
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge()
  (bsc#1191456).
- commit 7832c25
- tpm: ibmvtpm: Avoid error message when process gets signal
  while waiting (bsc#1065729).
- commit 544cf01
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620
  ltc#194498 git-fixes).
- commit 6c29f54
- xfs: fix up non-directory creation in SGID directories
  (bsc#1190006 CVE-2018-13405).
- commit f5a61c4
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- commit 7385144
- xfs: ensure that the inode uid/gid match values match the
  icdinode ones (bsc#1190006).
- commit 0ddcc0f
- xfs: merge the projid fields in struct xfs_icdinode
  (bsc#1190006).
- commit 3a30ff3
- Revert "/sched/fair: Correctly insert cfs_rq's to list on unthrottle
  (git-fixes)"/ (bsc#1191343, bsc#1191238)
  The commit a7b359fc6a37 ("/sched/fair: Correctly insert cfs_rq's to list
  on unthrottle"/) causes more severe problems than the problem it aims to
  solve (corrupting cfs_rq leaf list vs insufficient fairness). While both
  need to be solved eventually, revert the commit until non-breaking
  solution is found.
  Blacklist the commit as well, to prevent a regression via git-fixes.
  This reverts commit 1732b9ba91b4b7a0822e98bd910feefbcb5424dc.
- commit b8c1ddd
- Revert "/sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes)."/
  The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
  Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
  reverted as part of short-term solution of bsc#1191343.
  This reverts commit f3a38fbebab3f88070c129511f99a896f5532f7e.
- commit 4f925fc
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
  (bsc#1191449).
- commit 549a3d8
- blk: Fix lock inversion between ioc lock and bfqd lock
  (bsc#1191456).
- commit adb5e59
- bfq: Remove merged request already in bfq_requests_merged()
  (bsc#1191456).
- commit 0d474e5
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- commit cd60ce3
- blacklist.conf: Blacklist 889c05cc5834
- commit ea30b1a
- blacklist.conf: Blacklist 6961fed42014
- commit b6fb7af
- blktrace: Fix uaf in blk_trace access after removing by sysfs
  (bsc#1191452).
- commit a4f24d0
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- commit 34735be
- ext4: fix reserved space counter leakage (bsc#1191450).
- commit 449ab75
- ext4: report correct st_size for encrypted symlinks
  (bsc#1191449).
- commit 3669a7f
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
  (bsc#1191317, CVE-2021-41864).
- commit d4466f5
- Add cherry-picked commit id to the usb hso fix (git-fixes)
- commit a4c3be7
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- HID: u2fzero: ignore incomplete packets without data
  (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
  (git-fixes).
- net: hso: add failure handler for add_net_device (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device
  (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling
  (git-fixes).
- commit 51aaf55
- Update kabi files.
- update from October 2021 maintenance update submission (commit c909dd500033)
- commit d500b18
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
- net: 6pack: fix slab-out-of-bounds in decode_data
  (CVE-2021-42008 bsc#1191315).
- commit b0db75a
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- powercap: intel_rapl: add support for Sapphire Rapids
  (jsc#SLE-15289).
- commit 053c38b
- series.conf: cleanup
- move a kabi workaround into correct section:
  patches.kabi/ipvs-Fix-up-kabi-for-expire_nodest_conn_work-additio.patch
- commit bc02214
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
  (bsc#1191292).
- commit d8d828e
- blacklist.conf: Update for 51e1bb9eeaf7
- commit fe28675
- x86/alternatives: Teach text_poke_bp() to emulate instructions
  (bsc#1185302).
- Refresh
  patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit ef191ae
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
  (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 57a6cb7
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
  state is enforced from sysfs (git-fixes).
- commit 2560193
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  Refreshing patch with upstream metadata.
- commit 2d6ef2e
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit 628c3ee
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 466f31b
- powerpc/powernv: Fix machine check reporting of async store
  errors (bsc#1065729).
- commit 0b715ae
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
  pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
  ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
  flags (bsc#1065729).
- commit f3110f1
- apparmor: remove duplicate macro list_entry_is_head()
  (git-fixes).
- commit 514b75b
- xhci: Set HCD flag to defer primary roothub registration
  (git-fixes).
- commit 8f4e75e
- USB: serial: option: add device id for Foxconn T99W265
  (git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
  Multimeter (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
  (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
  (git-fixes).
- commit 0a6378c
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mac80211: limit injected vht mcs/nss in
  ieee80211_parse_tx_radiotap (git-fixes).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
  (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations
  (git-fixes).
- commit dbd9f90
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
  (git-fixes).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
  (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: fsl_micfil: register platform component before registering
  cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume
  function (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- watchdog/sb_watchdog: fix compilation problem due to
  COMPILE_TEST (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
  (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- commit 71b860e
- thermal/core: Potential buffer overflow in
  thermal_build_list_of_policies() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
  (git-fixes).
- pwm: rockchip: Don't modify HW state in .remove() callback
  (git-fixes).
- pwm: img: Don't modify HW state in .remove() callback
  (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
  (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
  (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- commit a8d4022
- fpga: machxo2-spi: Fix missing error code in
  machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
  (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- gpio: uniphier: Fix void functions to remove return value
  (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
  (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- commit 79aec8d
- clk: at91: clk-generated: pass the id of changeable parent at
  registration (git-fixes).
- Refresh
  patches.suse/clk-at91-clk-generated-Limit-the-requested-rate-to-o.patch.
- commit 39cefdd
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
  field in hex (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section
  (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry
  (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd
  (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing
  to the head (git-fixes).
- commit 60017cf
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
  possible uninitialized-variable access in
  amdgpu_i2c_router_select_ddc_port() (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
  (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
  (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional
  regulator (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status'
  structure (git-fixes).
- iwlwifi: mvm: fix a memory leak in
  iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object
  to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- commit 4c6f48f
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- mfd: Don't use irq_create_mapping() to resolve a mapping
  (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error
  (git-fixes).
- media: uvc: don't do DMA on stack (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error
  (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
  (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
  (git-fixes).
- commit 9209c5a
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
  (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
  for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PM: base: power: don't try to use non-existing RTC for storing
  data (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
  (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
  (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
  (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
  (git-fixes).
- commit 61f24a4
- rtc: tps65910: Correct driver module alias (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
  (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference
  (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet
  (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly
  unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
  (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line
  changes (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size
  (git-fixes).
- commit f3797b6
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input
  (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state
  (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup
  (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb
  (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional
  opportunities calculation (git-fixes).
- commit f1407f0
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
  ath9k modules have some exported symbols for the common helpers
  and the recent fixes broke kABI of those.  They are specific to
  ath9k's own usages, so safe to ignore.
- commit 7579b4b
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
  bsc#1191193).
- commit bc02804
- ath9k: Postpone key cache entry deletion for TXQ frames
  reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
  (CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- commit 5fe383f
- Update patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch
  (bsc#1190746 bsc#1191172).
  cache.group_info (aka cache.cred) was not properly initialized when
  - >access() was called.
- commit 9ff84db
- ipc: replace costly bailout check in sysvipc_find_ipc()
  (bsc#1159886 bsc#1188986 CVE-2021-3669).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- commit af97833
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/net-mana-Fix-a-memory-leak-in-an-error-handling-path.patch
- commit 12cbf84
- series.conf: cleanup
- move submitted patches to "/almost mainline"/ section:
  - patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch
  - patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch
  - patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch
- commit a3b4285
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit b88ab2e
- blacklist.conf: too intrusive, gone in through SP3
- commit a81e8d3
- blacklist.conf: too intrusive, gone in through SP3
- commit 4bedee6
- blacklist.conf: too intrusive, gone in through SP3
- commit 0474866
- blacklist.conf: kABI
- commit e8337cf
- x86/mm: Fix kern_addr_valid() to cope with existing but not
  present entries (bsc#1152489).
- commit 1efaf04
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- commit 44e26ca
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- commit bac299d
- nvme: fix refcounting imbalance when all paths are down
  (bsc#1188067).
- Refresh
  patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch.
- commit 44b2d54
- series: Update meta data and resort
  Refresh the metad data and sort into correct position:
  patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch
  patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch
  patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch
  patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch
  patches.suse/scsi-lpfc-Remove-unneeded-variable.patch
  patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch
- commit 12f1564
- Update
  patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
  (CVE-2021-3752 bsc#1190023).
- commit 65458cc
- Restore kabi after NFS: pass cred explicitly for access tests
  (bsc#1190746).
- NFS: don't store 'struct cred *' in struct nfs_access_entry
  (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- NFS: change nfs_access_get_cached to only report the mask
  (bsc#1190746).
- commit 907996a
- usb: musb: tusb6010: uninitialized data in
  tusb_fifo_write_unaligned() (git-fixes).
- commit 11a541f
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- commit 3009743
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
  (bsc#1152489).
- commit 15eb225
- kernel-binary.spec: Do not sign kernel when no key provided
  (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided
  (bsc#1187167).
- commit c909dd5
- powerpc: fix function annotations to avoid section mismatch
  warnings with gcc-10 (bsc#1148868).
- commit 9e9276f
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
  ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit e17894e
- Revert "/rpm: Abolish scritplet templating (bsc#1189841)."/ (bsc#1190598)
  This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
  These changes depend on a suse-module-tools update which has not reached
  SLE15-SP2/3 and Leap 15.2/3 yet, causing both build failures and
  unsatisfiable dependency of resulting binary packages.
  Revert the commit temporarily until suse-module-tools is updated.
- commit 7d43568
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 9763078
- powerpc/pseries: Prevent free CPU ids being reused on another
  node (bsc#1190620 ltc#194498).
- commit 7097b6c
- net: sched: sch_teql: fix null-pointer dereference
  (bsc#1190717).
- commit 0a89f09
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
  well.
  Fixes: e98096d5cf85 ("/rpm: Abolish scritplet templating (bsc#1189841)."/)
- commit e082fbf
- mm/swap: consider max pages in iomap_swapfile_add_extent
  (bsc#1190785).
- commit afb626e
- iomap: Fix negative assignment to unsigned sis->pages in
  iomap_swapfile_activate (bsc#1190784).
- commit 7126cba
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
  (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
  (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
  and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
  (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
  interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
  (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
  (bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
  (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
  (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
  (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
  and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
  outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
  (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
  CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
  processing (bsc#1190576).
- commit 1435c13
- blacklist.conf: kABI
- commit 3cb18d9
- blacklist.conf: kABI
- commit dcb25ee
- blacklist.conf: kABI
- commit d400b4c
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0fb9cd2
- usb: dwc2: Avoid leaving the error_debugfs label unused
  (git-fixes).
- commit fb08350
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758
  ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758
  ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758
  ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758
  ltc#191943).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
  ltc#191943).
- commit dea5bd2
- x86/resctrl: Fix a maybe-uninitialized build warning treated
  as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting
  (bsc#1152489).
- commit 450cdb2
- vmxnet3: update to version 6 (bsc#1190406).
- commit 8d3dc67
- vmxnet3: increase maximum configurable mtu to 9190
  (bsc#1190406).
- commit bd5109d
- vmxnet3: set correct hash type based on rss information
  (bsc#1190406).
- commit e1e474b
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- commit 1687646
- vmxnet3: remove power of 2 limitation on the queues
  (bsc#1190406).
- commit f3834f6
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- commit fbdf2fe
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- commit 7e0fe82
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- commit 73351a3
- xfs: sync lazy sb accounting on quiesce of read-only mounts
  (bsc#1190679).
- commit 668fdef
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 7e0dc1d
- s390/unwind: use current_frame_address() to unwind current task
  (bsc#1185677).
- commit 92c31e7
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
  (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
  (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
  (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
  (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
  to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
  Refresh and update:
  - patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch
- scsi: core: Add helper to return number of logical blocks in
  a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
  (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
  (bsc#1190576).
- commit e13d431
- Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
  Add else braces.
- commit f230c58
- series.conf: cleanup
- update upstream reference and resort:
  - patches.suse/ibmvnic-check-failover_pending-in-login-response.patch
- commit 2b5f056
- kernel-binary.spec: Check for no kernel signing certificates.
  Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
  This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- fuse: flush extending writes (bsc#1190595).
- cuse: fix broken release (bsc#1190596).
- commit 232b4ea
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- ipvs: Fix up kabi for expire_nodest_conn_work addition
  (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections
  if expire_nodest_conn=1 (bsc#1190467).
- ipvs: allow connection reuse for unconfirmed conntrack
  (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- commit e0da213
- ext4: fix race writing to an inline_data file while its xattrs
  are changing (bsc#1190159 CVE-2021-40490).
- commit 4fadd7d
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
  (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 4ee91a7
- xfs: allow mount/remount when stripe width alignment is zero
  (bsc#1188651).
- commit e701c22
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
  (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
  (bsc#1173746).
- devlink: Break parameter notification sequence to be
  before/after unload/load driver (bsc#1154353).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- ionic: cleanly release devlink instance (bsc#1167773).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- cxgb4: dont touch blocked freelist bitmap after free
  (git-fixes).
- e1000e: Do not take care about recovery NVM checksum
  (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
  'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
  (bsc#1170774).
- iavf: Fix ping is lost after untrusted VF had tried to change
  MAC (jsc#SLE-7940).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
  (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells
  (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- net/mlx5: Fix return value from tracer initialization
  (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route
  (git-fixes).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on
  the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- ionic: count csum_none when offload enabled (bsc#1167773).
- i40e: Fix log TC creation failure when max num of queues is
  exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware
  (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- commit f97144d
- fbmem: don't allow too huge resolutions (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover
  (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
  (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
  (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
  (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on
  readb / writeb errors (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- commit 0c36126
- time: Handle negative seconds correctly in timespec64_to_ns()
  (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted()
  (git-fixes).
- commit b2d42ef
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit 9f9cec0
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
  patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- Refresh
  patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
- commit a89813f
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- commit 9def092
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
  (bsc#1189297).
- commit 913942c
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT
  state (bsc#1190062).
- commit e5272e8
- clk: at91: clk-generated: Limit the requested rate to our range
  (git-fixes).
- commit c432b6b
- blacklist.conf: add efa non backportable patch
- commit ebbcbd1
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc()
  fails (git-fixes).
- commit bc5a062
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- commit 561fbd8
- series.conf: refresh
- update upstream references and resort:
  - patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch
  - patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch
  - patches.suse/nvme-tcp-Do-not-reset-transport-on-data-digest-error.patch
- commit ebb6bcb
- fixup "/rpm: support gz and zst compression methods"/ once more
  (bsc#1190428, bsc#1190358)
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
  Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 165378a
- PCI: xilinx-nwl: Enable the clock through CCF (git-fixes).
- PCI: iproc: Fix BCMA probe resource handling (git-fixes).
- usb: dwc2: Fix error path in gadget registration (git-fixes).
- commit 59e7328
- thermal/drivers/exynos: Fix an error code in exynos_tmu_probe()
  (git-fixes).
- drm/panfrost: Simplify lock_region calculation (git-fixes).
- dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
  (git-fixes).
- mfd: lpc_sch: Rename GPIOBASE to prevent build error
  (git-fixes).
- mfd: tqmx86: Clear GPIO IRQ resource when no IRQ is set
  (git-fixes).
- mfd: axp20x: Update AXP288 volatile ranges (git-fixes).
- gpio: mpc8xxx: Fix a resources leak in the error handling path
  of 'mpc8xxx_probe()' (git-fixes).
- commit 75d69a6
- pwm: lpc32xx: Don't modify HW state in .probe() after the PWM
  chip was registered (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 800
  (git-fixes).
- PCI: Fix pci_dev_str_match_path() alloc while atomic bug
  (git-fixes).
- PCI/portdrv: Enable Bandwidth Notification only if port supports
  it (git-fixes).
- PCI: Return ~0 data on pciconfig_read() CAP_SYS_ADMIN failure
  (git-fixes).
- PCI: Call Max Payload Size-related fixup quirks early
  (git-fixes).
- ALSA: hda/realtek: Workaround for conflicting SSID on ASUS
  ROG Strix G17 (git-fixes).
- reset: reset-zynqmp: Fixed the argument data type (git-fixes).
- gpu: ipu-v3: Fix i.MX IPU-v3 offset calculations for
  (semi)planar U/V formats (git-fixes).
- commit f395ad9
- Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412)
  Deleted and blacklisted:
  patches.suse/platform-x86-intel_int0002_vgpio-Only-call-enable_ir.patch
  patches.suse/platform-x86-intel_int0002_vgpio-Pass-irqchip-when-a.patch
- commit bebba41
- fixup "/rpm: support gz and zst compression methods"/ once more
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
  Fixes: 23510fce36ec ("/fixup "/rpm: support gz and zst compression methods"/"/)
- commit 34e68f4
- fixup "/rpm: support gz and zst compression methods"/
  Fixes: 3b8c4d9bcc24 ("/rpm: support gz and zst compression methods"/)
- commit 23510fc
- kernel-cert-subpackage: Fix certificate location in scriptlets
  (bsc#1189841).
  Fixes: d9a1357edd73 ("/rpm: Define $certs as rpm macro (bsc#1189841)."/)
- commit 8684de8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
  (bsc#1190358).
  The script part for base package case is completely separate from the
  part for subpackages. Remove the part for subpackages from the base
  package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
  (bsc#1190358).
  Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- mm/vmscan: fix infinite loop in drop_slab_node (VM
  Functionality, bsc#1189301).
- commit 016e8e0
- blacklist.conf: blacklist an unwanted commit
- commit 910824e
- SUNRPC: Simplify socket shutdown when not reusing TCP ports
  (git-fixes).
- SUNRPC: Fix potential memory corruption (git-fixes).
- NFSv4/pNFS: Fix a layoutget livelock loop (git-fixes).
- nfsd4: Fix forced-expiry locking (git-fixes).
- lockd: Fix invalid lockowner cast after vfs_test_lock
  (git-fixes).
- commit 59642ba
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006).
- commit a70a19d
- Sort nvme patches into linux-block.
- commit 090f7ef
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481).
- Delete
  patches.suse/btrfs-dump_space_info-when-encountering-total_bytes_pinned-0-at-umount.patch.
- commit bfb1107
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481).
- commit 9722825
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481).
- commit 350aa4f
- btrfs: rip out may_commit_transaction (bsc#1135481).
- commit 4606638
- btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481).
- commit 631f16e
- btrfs: adjust the flush trace point to include the source (bsc#1135481).
- commit e32ea57
- btrfs: implement space clamping for preemptive flushing (bsc#1135481).
- commit ca710c1
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481).
- commit 4b02073
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481).
- commit 7205c9f
- btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481).
- Refresh
  patches.suse/btrfs-account-ticket-size-at-add-delete-time.patch.
- commit bcb2da5
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481).
- commit fba4763
- btrfs: rename need_do_async_reclaim (bsc#1135481).
- commit f764126
- btrfs: improve preemptive background space flushing (bsc#1135481).
- commit 874aca2
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481).
- commit 7ec1638
- btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481).
- commit c78869d
- btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481).
- commit c805821
- btrfs: add a trace point for reserve tickets (bsc#1135481).
- commit ed22c30
- btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481).
- commit f6a0397
- SUNRPC: improve error response to over-size gss credential
  (bsc#1190022).
- commit 0678bd3
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
  CVE2020-12770).
- commit 59a4a94
- Bluetooth: schedule SCO timeouts with delayed_work
  (CVE-2021-3640 bsc#1188172).
- Refresh
  patches.suse/Bluetooth-fix-repeated-calls-to-sco_sock_kill.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit 69c5b94
- sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes).
- commit f3a38fb
- rpm/kernel-source.spec.in: do some more for vanilla_only
  Make sure:
  * sources are NOT executable
  * env is not used as interpreter
  * timestamps are correct
  We do all this for normal kernel builds, but not for vanilla_only
  kernels (linux-next and vanilla).
- commit b41e4fd
- Revert "/memcg: enable accounting for file lock caches (bsc#1190115)."/
  This reverts commit 78b761616bfb31a0d54806624e7c8db23fbeda9c.
  It's effectively upstream commit
  3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to
  avoid proliferation of patches). Make a note in blacklist.conf too.
- commit eba498f
- Update kabi files.
- update from September 2021 maintenance update submission (commit 21030bc7f9be)
- commit 63b67d5
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/mm-vmscan-guarantee-drop_slab_node-termination.patch
- commit bddec27
- blacklist.conf: kABI
- commit 2b1e710
- mm, vmscan: guarantee drop_slab_node() termination (VM
  Functionality, bsc#1189301).
- commit 56cc71b
- blacklist.conf: cosmetic fix
- commit c872ce5
- blacklist.conf: 33cba859220b ("/fscache: Fix fscache_cookie_put() to not deref after dec"/)
  Needs prerequisites to backport which could be problematic.
- commit 648a5e5
- usb: dwc3: core: Properly default unspecified speed (git-fixes).
- commit 714137e
- libata: add ATA_HORKAGE_NO_NCQ_TRIM for Samsung 860 and 870 SSDs
  (git-fixes).
- commit 5a2ecd2
- kABI: revert change in struct bpf_insn_aux_data (bsc#1188983,
  bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 425bbd2
- memcg: enable accounting of ipc resources (bsc#1190115
  CVE-2021-3759).
- memcg: enable accounting for file lock caches (bsc#1190115).
- commit 925e30c
- Refresh
  patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch.
- commit f3cba28
- series.conf: cleanup
- update upstream references and resort:
  - patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch
- commit 0d42678
- update nvme patch references and move them out of sorted section
  Within a few days, nvme repository was not only rebased again but the
  patches has been also reordered. To avoid further spurious git-sort errors,
  move the nvme patches out of sorted section until they reach mainline or
  some better behaving subsystem repository.
- update Git-commit and move out of sorted section:
  - patches.suse/nvme-multipath-revalidate-paths-during-rescan.patch
  - patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch
  - patches.suse/nvme-tcp-Do-not-reset-transport-on-data-digest-error.patch
- commit 95e9f8b
- rpm: Fold kernel-devel and kernel-source scriptlets into spec files
  (bsc#1189841).
  These are unchanged since 2011 when they were introduced. No need to
  track them separately.
- commit 692d38b
- rpm: Abolish image suffix (bsc#1189841).
  This is used only with vanilla kernel which is not supported in any way.
  The only effect is has is that the image and initrd symlinks are created
  with this suffix.
  These symlinks are not used except on s390 where the unsuffixed symlinks
  are used by zipl.
  There is no reason why a vanilla kernel could not be used with zipl as
  well as it's quite unexpected to not be able to boot when only a vanilla
  kernel is installed.
  Finally we now have a backup zipl kernel so if the vanilla kernel is
  indeed unsuitable the backup kernel can be used.
- commit e2f37db
- kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
- commit e602b0f
- rpm: Define $certs as rpm macro (bsc#1189841).
  Also pass around only the shortened hash rather than full filename.
  As has been discussed in bsc#1124431 comment 51
  https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of
  the certificates is an API which cannot be changed unless we can ensure
  that no two kernels that use different certificate location can be built
  with the same certificate.
- commit d9a1357
- HID: input: do not report stylus battery state as "/full"/
  (git-fixes).
- HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast
  (git-fixes).
- pinctrl: single: Fix error return code in
  pcs_parse_bits_in_pinctrl_entry() (git-fixes).
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- overflow: Correct check_shl_overflow() comment (git-fixes).
- commit 835ad7d
- mtd: rawnand: cafe: Fix a resource leak in the error handling
  path of 'cafe_nand_probe()' (git-fixes).
- USB: serial: option: add new VID/PID to support Fibocom FG150
  (git-fixes).
- drm/nouveau/disp: power down unused DP links during init
  (git-fixes).
- drm: Copy drm_wait_vblank to user before returning (git-fixes).
- virtio_pci: Support surprise removal of virtio pci device
  (git-fixes).
- commit ce46f13
- ocfs2: ocfs2_downconvert_lock failure results in deadlock
  (bsc#1188439).
- commit d85d8fa
- cgroup1: fix leaked context root causing sporadic NULL deref
  in LTP (bsc#1190181).
- commit d57aed6
- Refresh patches.suse/powerpc-stacktrace-Include-linux-delay.h.patch.
- commit aec8493
- series.conf: cleanup
- update upstream references and resort:
  - patches.suse/scsi-core-Add-scsi_prot_ref_tag-helper.patch
  - patches.suse/scsi-ibmvfc-Do-not-wait-for-initial-device-scan.patch
  - patches.suse/scsi-lpfc-Add-256-Gb-link-speed-support.patch
  - patches.suse/scsi-lpfc-Add-PCI-ID-support-for-LPe37000-LPe38000-s.patch
  - patches.suse/scsi-lpfc-Call-discovery-state-machine-when-handling.patch
  - patches.suse/scsi-lpfc-Clear-outstanding-active-mailbox-during-PC.patch
  - patches.suse/scsi-lpfc-Copyright-updates-for-12.8.0.11-patches.patch
  - patches.suse/scsi-lpfc-Copyright-updates-for-14.0.0.0-patches.patch
  - patches.suse/scsi-lpfc-Delay-unregistering-from-transport-until-G.patch
  - patches.suse/scsi-lpfc-Discovery-state-machine-fixes-for-LOGO-han.patch
  - patches.suse/scsi-lpfc-Enable-adisc-discovery-after-RSCN-by-defau.patch
  - patches.suse/scsi-lpfc-Fix-KASAN-slab-out-of-bounds-in-lpfc_unreg.patch
  - patches.suse/scsi-lpfc-Fix-NULL-ptr-dereference-with-NPIV-ports-f.patch
  - patches.suse/scsi-lpfc-Fix-NVMe-support-reporting-in-log-message.patch
  - patches.suse/scsi-lpfc-Fix-cq_id-truncation-in-rq-create.patch
  - patches.suse/scsi-lpfc-Fix-function-description-comments-for-vmid.patch
  - patches.suse/scsi-lpfc-Fix-memory-leaks-in-error-paths-while-issu.patch
  - patches.suse/scsi-lpfc-Fix-possible-ABBA-deadlock-in-nvmet_xri_ab.patch
  - patches.suse/scsi-lpfc-Fix-target-reset-handler-from-falsely-retu.patch
  - patches.suse/scsi-lpfc-Improve-firmware-download-logging.patch
  - patches.suse/scsi-lpfc-Keep-NDLP-reference-until-after-freeing-th.patch
  - patches.suse/scsi-lpfc-Remove-REG_LOGIN-check-requirement-to-issu.patch
  - patches.suse/scsi-lpfc-Remove-redundant-assignment-to-pointer-pcm.patch
  - patches.suse/scsi-lpfc-Remove-use-of-kmalloc-in-trace-event-loggi.patch
  - patches.suse/scsi-lpfc-Revise-Topology-and-RAS-support-checks-for.patch
  - patches.suse/scsi-lpfc-Skip-issuing-ADISC-when-node-is-in-NPR-sta.patch
  - patches.suse/scsi-lpfc-Skip-reg_vpi-when-link-is-down-for-SLI3-in.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-12.8.0.11.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.0.patch
  - patches.suse/scsi-lpfc-Use-PBDE-feature-enabled-bit-to-determine-.patch
  - patches.suse/scsi-qla2xxx-Fix-spelling-mistakes-allloc-alloc.patch
  - patches.suse/scsi-qla2xxx-Fix-use-after-free-in-debug-code.patch
  - patches.suse/scsi-qla2xxx-Remove-redundant-continue-statement-in-.patch
  - patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-vari.patch
  - patches.suse/scsi-qla2xxx-Remove-unused-variable-status.patch
  - patches.suse/scsi-qla2xxx-Update-version-to-10.02.00.107-k.patch
  - patches.suse/scsi-qla2xxx-Use-the-proper-SCSI-midlayer-interfaces.patch
  - patches.suse/scsi-qla2xxx-edif-Add-authentication-pass-fail-bsgs.patch
  - patches.suse/scsi-qla2xxx-edif-Add-detection-of-secure-device.patch
  - patches.suse/scsi-qla2xxx-edif-Add-doorbell-notification-for-app.patch
  - patches.suse/scsi-qla2xxx-edif-Add-encryption-to-I-O-path.patch
  - patches.suse/scsi-qla2xxx-edif-Add-extraction-of-auth_els-from-th.patch
  - patches.suse/scsi-qla2xxx-edif-Add-getfcinfo-and-statistic-bsgs.patch
  - patches.suse/scsi-qla2xxx-edif-Add-key-update.patch
  - patches.suse/scsi-qla2xxx-edif-Add-send-receive-and-accept-for-au.patch
  - patches.suse/scsi-qla2xxx-edif-Add-start-stop-bsgs.patch
  - patches.suse/scsi-qla2xxx-edif-Increment-command-and-completion-c.patch
- commit 9a3c219
- update patches metadata
  Once again, the nvme repository branch has been rebased so that patches
  from it must have their Git-commit tags updated to avoid git-sort errors.
- commit cca729c
- fix patch metadata
- fix Patch-mainline:
  patches.suse/NFS-Correct-size-calculation-for-create-reply-length.patch
- commit fbde034
- series.conf: refresh
- update upstream references and resort:
  - patches.suse/nvme-code-command_id-with-a-genctr-for-use-after-fre.patch
  - patches.suse/nvme-pci-limit-maximum-queue-depth-to-4095.patch
  - patches.suse/nvme-tcp-don-t-check-blk_mq_tag_to_rq-when-receiving.patch
  - patches.suse/params-lift-param_set_uint_minmax-to-common-code.patch
- commit 5b98a5d
- cgroup: verify that source is a string (bsc#1190131).
- commit b8204f1
- blacklist.conf: Add 2ca11b0e043b cgroup: Fix kernel-doc
- commit 0b9195b
- Update patch reference for virtio_console fix (CVE-2021-38160 bsc#1190117)
- commit c8baed7
- scsi: libfc: Fix array index out of bound exception
  (bsc#1188616).
- commit de260d1
- nvme-tcp: Do not reset transport on data digest errors
  (bsc#1188418).
- nvme: only call synchronize_srcu when clearing current path
  (bsc#1188067).
- commit bbe789f
- VMCI: fix NULL pointer dereference when unmapping queue pair
  (git-fixes).
- commit 45162f9
- usb: host: xhci-rcar: Don't reload firmware after the completion
  (git-fixes).
- usb: bdc: Fix an error handling path in 'bdc_probe()' when no
  suitable DMA config is available (git-fixes).
- usb: ehci-orion: Handle errors of clk_prepare_enable() in probe
  (git-fixes).
- usb: gadget: mv_u3d: request_irq() after initializing UDC
  (git-fixes).
- usb: phy: tahvo: add IRQ check (git-fixes).
- usb: host: ohci-tmio: add IRQ check (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse
  (git-fixes).
- usb: mtu3: fix the wrong HS mult value (git-fixes).
- usb: mtu3: use @mult for HS isoc or intr (git-fixes).
- usb: phy: twl6030: add IRQ checks (git-fixes).
- commit 2b2a9dc
- soc: qcom: smsm: Fix missed interrupts if state changes while
  masked (git-fixes).
- soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
- soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
- usb: phy: fsl-usb: add IRQ check (git-fixes).
- usb: gadget: udc: at91: add IRQ check (git-fixes).
- usb: dwc3: meson-g12a: add IRQ check (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value
  (git-fixes).
- staging: rtl8192u: Fix bitwise vs logical operator in
  TranslateRxSignalStuff819xUsb() (git-fixes).
- commit 7e7cd62
- media: venus: venc: Fix potential null pointer dereference on
  pointer fmt (git-fixes).
- media: em28xx-input: fix refcount bug in em28xx_usb_disconnect
  (git-fixes).
- media: stkwebcam: fix memory leak in stk_camera_probe
  (git-fixes).
- media: go7007: remove redundant initialization (git-fixes).
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- media: dvb-usb: Fix error handling in dvb_usb_i2c_init
  (git-fixes).
- media: dvb-usb: fix uninit-value in vp702x_read_mac_addr
  (git-fixes).
- media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init
  (git-fixes).
- media: cxd2880-spi: Fix an error handling path (git-fixes).
- commit c67010c
- drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
- drm/msm/dsi: Fix some reference counted resource leaks
  (git-fixes).
- drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear
  necessary LMs (git-fixes).
- drm/amdgpu/acp: Make PM domain really work (git-fixes).
- drm/panfrost: Fix missing clk_disable_unprepare() on error in
  panfrost_clk_init() (git-fixes).
- media: TDA1997x: enable EDID support (git-fixes).
- fpga: zynqmp-fpga: Address warning about unused variable
  (git-fixes).
- fpga: xiilnx-spi: Address warning about unused variable
  (git-fixes).
- fpga: altera-freeze-bridge: Address warning about unused
  variable (git-fixes).
- commit 6aaa769
- dmaengine: imx-sdma: remove duplicated sdma_load_context
  (git-fixes).
- Revert "/dmaengine: imx-sdma: refine to load context only once"/
  (git-fixes).
- ASoC: wcd9335: Disable irq on slave ports in the remove function
  (git-fixes).
- ASoC: wcd9335: Fix a memory leak in the error handling path
  of the probe function (git-fixes).
- ASoC: wcd9335: Fix a double irq free in the remove function
  (git-fixes).
- ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs
  (git-fixes).
- ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
- ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
- ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC
  (git-fixes).
- commit bdcb5b3
- xprtrdma: Pad optimization, revisited (bsc#1189760).
- commit 0acbfd0
- Refresh
  patches.suse/btrfs-fix-NULL-pointer-dereference-when-deleting-dev.patch.
- commit 2264bac
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
  (CVE-2021-3640 bsc#1188172).
- commit a21f4da
- Move upstreamed BT fixes into sorted section
- commit 0de160e
- brcmfmac: pcie: fix oops on failure to resume and reprobe
  (git-fixes).
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
  (git-fixes).
- rsi: fix an error code in rsi_probe() (git-fixes).
- rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
  buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in
  sco_conn_defer_accept() (git-fixes).
- leds: trigger: audio: Add an activate callback to ensure the
  initial brightness is set (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold
  (git-fixes).
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
  (git-fixes).
- commit 9a711f4
- Add alt-commit for a BT fix patch (git-fixes)
- commit 3dbcbb3
- nvme-multipath: revalidate paths during rescan (bsc#1187211)
- commit b61f128
- usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Enable-suspend-events.patch.
- commit 8846c72
- vt_kdsetmode: extend console locking (bsc#1190025
  CVE-2021-3753).
- commit 025c5d0
- nbd: Aovid double completion of a request (git-fixes).
- commit 7a1bece
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after
  table load fails (git-fixes).
- dm integrity: fix missing goto in bitmap_flush_interval error
  handling (git-fixes).
- drivers/block/null_blk/main: Fix a double free in null_init
  (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- nbd: don't update block size after device is started
  (git-fixes).
- commit 6df7d5d
- blacklist.conf: add following commit IDs,
- 27ba3e8ff3ab86449e63d38a8d623053591e65fa
- 0ebcdd702f49aeb0ad2e2d894f8c124a0acc6e23
- 854f32648b8a5e424d682953b1a9f3b7c3322701
- a4c8dd9c2d0987cf542a2a0c42684c9c6d78a04e
- 24f6b6036c9eec21191646930ad42808e6180510
- 5b0fab508992c2e120971da658ce80027acbc405
- commit eb9efeb
- rpm: Abolish scritplet templating (bsc#1189841).
  Outsource kernel-binary and KMP scriptlets to suse-module-tools.
  This allows fixing bugs in the scriptlets as well as defining initrd
  regeneration policy independent of the kernel packages.
- commit 940cfb4
- usb: dwc2: Postponed gadget registration to the udc class driver
  (git-fixes).
- commit e55ae9a
- rpm/kernel-binary.spec.in: Use kmod-zstd provide.
  This makes it possible to use kmod with ZSTD support on non-Tumbleweed.
- commit 357f09a
- crypto: qat - use proper type for vf_mask (git-fixes).
- lib/mpi: use kcalloc in mpi_resize (git-fixes).
- power: supply: max17042: handle fails of reading status register
  (git-fixes).
- spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- regulator: vctrl: Avoid lockdep warning in enable/disable ops
  (git-fixes).
- regulator: vctrl: Use locked regulator_get_voltage in probe path
  (git-fixes).
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- commit d2a4523
- mm: swap: properly update readahead statistics in
  unuse_pte_range() (bsc#1187619).
- commit 6ceb471
- NFS: Correct size calculation for create reply length
  (bsc#1189870).
- commit 7843408
- sched/rt: Fix RT utilization tracking during policy change (git-fixes)
- commit 8fc8b7f
- sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
- commit 1732b9b
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
  suse-release has arbitrary values in staging, we can't use it for
  dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- commit 53f17d6
- usb: dwc3: gadget: Stop EP0 transfers during pullup disable
  (git-fixes).
- usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
- Revert "/USB: serial: ch341: fix character loss at high transfer
  rates"/ (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange
  of the CAN RX and TX error counters (git-fixes).
- dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if
  controller is not yet available (git-fixes).
- dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe()
  (git-fixes).
- usb: dwc3: gadget: Properly track pending and queued SG
  (git-fixes).
- ath9k: Clear key cache explicitly on disabling hardware
  (git-fixes).
- ath: Use safer key clearing with key cache entries (git-fixes).
- Bluetooth: hidp: use correct wait queue when removing ctrl_wait
  (git-fixes).
- commit 6ee1085
- Revert "/mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN
  on BCM2711"/ (git-fixes).
- PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
- mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
- dmaengine: xilinx_dma: Fix read-after-free bug when terminating
  transfers (git-fixes).
- USB: core: Avoid WARNings for 0-length descriptor requests
  (git-fixes).
- media: drivers/media/usb: fix memory leak in zr364xx_probe
  (git-fixes).
- media: zr364xx: fix memory leaks in probe() (git-fixes).
- media: zr364xx: propagate errors from zr364xx_start_readpipe()
  (git-fixes).
- commit de359d6
- cpuidle: Consolidate disabled state checks (bsc#1175543)
  patches.suse/cpuidle-Poll-for-a-minimum-of-30ns-and-poll-for-a-tick-if-lower-c-states-are-disabled.patch
  was refreshed as well by this patch for code adjustment.
- commit 486ca9f
- cpuidle: cpuidle_state kABI fix (bsc#1175543)
  The patch bsc1175543-cpuidle-Drop-disabled-field-from-struct-cpuidle_stat.patch
  Dropped the 'disabled' field in struct cpuidle_state because no drivers
  use it, They use the state flag instead.
  Fix kABI to avoid offset changes.
- commit aa615e8
- intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
- commit da07134
- intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
- commit 81641db
- intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
- commit b93fbf1
- cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
- commit d669a61
- cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
- commit 8d2d96f
- intel_idle: Customize IceLake server support (bsc#1175543)
- commit 25d205d
- intel_idle: Annotate init time data structures (bsc#1175543)
  The patches.suse/intel_idle-Customize-IceLake-server-support.patch was
  refreshed as well by this patch for code adjustment.
- commit 2ed77d7
- Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
- commit 65d3c96
- intel_idle: Use ACPI _CST on server systems (bsc#1175543)
  Below 2 patches were refreshed as well by this patch for code
  adjustment:
  patches.suse/intel_idle-convert-to-new-x86-cpu-match-macros.patch
  patches.suse/intel_idle-Customize-IceLake-server-support.patch
- commit f10f8c4
- intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
- commit 79ec477
- intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
- commit ecacb28
- cpuidle: Allow idle states to be disabled by default (bsc#1175543)
- commit 48a3541
- intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
- commit 9dbf3f1
- intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
- commit 462302a
- ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
- commit 70c6258
- ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
- commit c99fda3
- ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
- commit 9eb9d8c
- ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
- commit c0d7249
- ACPI: processor: Export function to claim _CST control (bsc#1175543)
- commit 66eadb0
- cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
- commit c479621
- net: qrtr: fix another OOB Read in qrtr_endpoint_post
  (CVE-2021-3743 bsc#1189883).
- net: qrtr: fix OOB Read in qrtr_endpoint_post (CVE-2021-3743
  bsc#1189883).
- commit 78ff8ba
- rpm: fix kmp install path
- commit 22ec560
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- commit 3288077
- btrfs: fix NULL pointer dereference when deleting device by
  invalid id (bsc#1189832 CVE-2021-3739).
- commit 6bfce07
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- commit cfb3b9b
- nvme: code command_id with a genctr for use-after-free
  validation (bsc#1181972).
- nvme-tcp: don't check blk_mq_tag_to_rq when receiving pdu data
  (bsc#1181972).
- nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
- params: lift param_set_uint_minmax to common code (bsc#1181972).
- nvme: avoid possible double fetch in handling CQE (bsc#1181972).
- nvme-pci: fix NULL req in completion handler (bsc#1181972).
- nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth
  (bsc#1181972).
- nvme-pci: use unsigned for io queue depth (bsc#1181972).
- commit 01de302
- post.sh: detect /usr mountpoint too
- commit c7b3d74
- md/raid10: properly indicate failure when ending a failed
  write request (git-fixes).
- Refresh for the above change,
  patches.suse/md-display-timeout-error.patch.
- commit 2088aff
- kernel, fs: Introduce and use set_restart_fn() and
  arch_set_restart_data() (bsc#1189153).
- commit 8bf2f14
- kABI fix of usb_dcd_config_params (git-fixes).
- commit 8726268
- x86/fpu: Limit xstate copy size in xstateregs_set()
  (bsc#1152489).
- commit 33182b7
- blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling
- commit 50f6bfa
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- commit 41aa06c
- usb: gadget: Export recommended BESL values (git-fixes).
- commit 96bbeda
- ovl: prevent private clone if bind mount is not allowed
  (bsc#1189706, CVE-2021-3732).
- commit d40514b
- blacklist.conf: 6c34df6f350d ("/tracing: Apply trace filters on all output channels"/)
  Requires at least commit 8cfcf15503f6 ("/tracing: kprobes: Output kprobe
  event to printk buffer"/) too. Let's wait if there is an actual problem
  for someone.
- commit ef40598
- kernel-binary.spec.in: make sure zstd is supported by kmod if used
- commit f36412b
- kernel-binary.spec.in: add zstd to BuildRequires if used
- commit aa61dba
- tracing / histogram: Fix NULL pointer dereference on strcmp()
  on NULL event name (git-fixes).
- commit bf4be33
- x86/signal: Detect and prevent an alternate signal stack
  overflow (bsc#1152489).
- commit 72c8a0d
- slimbus: ngd: reset dma setup during runtime pm (git-fixes).
- slimbus: messaging: check for valid transaction id (git-fixes).
- slimbus: messaging: start transaction ids from 1 instead of zero
  (git-fixes).
- mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on
  BCM2711 (git-fixes).
- mmc: sdhci-iproc: Cap min clock frequency on BCM2711
  (git-fixes).
- commit cc02968
- Fix breakage of swap over NFS (bsc#1188924).
- commit 9f3f2ef
- ASoC: intel: atom: Fix breakage for PCM buffer address setup
  (git-fixes).
- commit 0bed191
- rpm: support gz and zst compression methods
  Extend commit 18fcdff43a00 ("/rpm: support compressed modules"/) for
  compression methods other than xz.
- commit 3b8c4d9
- SUNRPC: 'Directory with parent 'rpc_clnt' already
  present!' (bsc#1168202 bsc#1188924).
- SUNRPC: fix use-after-free in rpc_free_client_work()
  (bsc#1168202 bsc#1188924).
- kabi fix for SUNRPC: defer slow parts of rpc_free_client()
  to a workqueue (bsc#1168202 bsc#1188924).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue
  (bsc#1168202 bsc#1188924).
- commit a690151
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI/MSI: Correct misleading comments (git-fixes).
- PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
  (git-fixes).
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace
  (git-fixes).
- commit 4d62c8f
- ALSA: hda/via: Apply runtime PM workaround for ASUS B23E
  (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15
  9510 laptop (git-fixes).
- ALSA: hda - fix the 'Capture Switch' value change notifications
  (git-fixes).
- commit bb87ddf
- s390/boot: fix use of expolines in the DMA code (bsc#1188878
  ltc#193771).
- commit 46381a6
- series.conf: cleanup
- move mainline backports to sorted section:
  - patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch
  - patches.suse/KVM-nSVM-always-intercept-VMLOAD-VMSAVE-when-nested.patch
- commit 30636ef
- Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
- commit da7e3ca
- ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
  (bsc#1189587).
- commit ae93a20
- ubifs: journal: Fix error return code in ubifs_jnl_write_inode()
  (bsc#1189586).
- commit 50b39b2
- ubifs: Only check replay with inode type to judge if inode
  linked (bsc#1187455).
- commit 3cfd5e7
- ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
- blacklist.conf:
- commit d0fe9df
- ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
- commit abd23d2
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- commit 7960ad8
- ocfs2: fix snprintf() checking (bsc#1189581).
- commit ca894bd
- ocfs2: fix zero out valid data (bsc#1189579).
- commit 42e68bc
- writeback: fix obtain a reference to a freeing memcg css
  (bsc#1189577).
- commit b318f10
- ext4: fix potential htree corruption when growing large_dir
  directories (bsc#1189576).
- commit 13d68f1
- rq-qos: fix missed wake-ups in rq_qos_throttle try two
  (bsc#1189575).
- commit edbcd21
- fanotify: fix copy_event_to_user() fid error clean up
  (bsc#1189574).
- commit a8937b5
- bdi: Do not use freezable workqueue (bsc#1189573).
- commit 60e4174
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
  (bsc#1189569).
- commit 1b1dfcf
- ext4: cleanup in-core orphan list if ext4_truncate() failed
  to get a transaction handle (bsc#1189568).
- commit 0ace36d
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- commit 4329025
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- commit d7bfbbd
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
  (bsc#1189565).
- commit 3ca5f18
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
  (bsc#1189564).
- commit cd60859
- ext4: return error code when ext4_fill_flex_info() fails
  (bsc#1189563).
- commit 200d004
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- commit fd9a225
- scsi: lpfc: Move initialization of phba->poll_list earlier to
  avoid crash (git-fixes).
- commit 92c63a5
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  (bsc#1189399, CVE-2021-3653).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  (bsc#1189400, CVE-2021-3656).
- KVM: X86: MMU: Use the correct inherited permissions to get
  shadow page (CVE-2021-38198 bsc#1189262).
- commit 7902615
- usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
- commit 2a94579
- Revert "/xfrm: policy: Read seqcount outside of rcu-read side
  in xfrm_policy_lookup_bytype"/ (bsc#1185675).
  This revert was initially applied to SLE15-SP2-RT (70e4d04b75f). Since
  the reverted commit went into SLE15-SP2 (96f285dfa8b), the revert needs
  to move from SLE15-SP2-RT to SLE15-SP2.
- commit f32a28c
- Update
  patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch
  (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- commit 8a87839
- blacklist.conf: add an entry for the reverted iTCO_wdt
- commit 4c97ae2
- usb: dwc3: gadget: Fix handling ZLP (git-fixes).
- commit 5e0eec9
- tracing: Reject string operand in the histogram expression
  (git-fixes).
- commit edab067
- tracing / histogram: Give calculation hist_fields a size
  (git-fixes).
- commit 49985ee
- blacklist.conf: 1e3bac71c505 ("/tracing/histogram: Rename "/cpu"/ to "/common_cpu"/"/)
  Better not to backport the commit as it changes the semantics of an
  existing field.
- commit 00d0183
- blacklist.conf: 6c881ca0b304 ("/afs: Fix tracepoint string placement with built-in AFS"/)
  CONFIG_AFS_FS is not set on SLE15-SP2. It is on SLE15-SP3 but only as a
  module, not built-in. No need to backport the commit.
- commit 43483b1
- bpf: Fix leakage due to insufficient speculative store
  bypass mitigation (bsc#1188983, bsc#1188985, CVE-2021-34556,
  CVE-2021-35477).
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit f87c7ce
- blk-iolatency: error out if blk_get_queue() failed in
  iolatency_set_limit() (bsc#1189507).
- commit b15ef07
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
  (bsc#1189506).
- commit 7fe32f7
- block: fix trace completion for chained bio (bsc#1189505).
- commit 47344da
- blk-wbt: make sure throttle is enabled properly (bsc#1189504).
- commit 7b07185
- blk-wbt: introduce a new disable state to prevent false positive
  by rwb_enabled() (bsc#1189503).
- commit 798c57a
- misc: rtsx: do not setting OC_POWER_DOWN reg in
  rtsx_pci_init_ocp() (git-fixes).
- misc: atmel-ssc: lock with mutex instead of spinlock
  (git-fixes).
- commit 55d9570
- gpio: eic-sprd: break loop when getting NULL device resource
  (git-fixes).
- Revert "/gpio: eic-sprd: Use devm_platform_ioremap_resource()"/
  (git-fixes).
- commit 990b695
- Revert a BT patch that was reverted on stable trees (git-fixes)
  Delete patches.suse/Bluetooth-Shutdown-controller-after-workqueues-are-f.patch
- commit 127d54b
- mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards
  (git-fixes).
- commit 0a223c6
- x86/fpu: Make init_fpstate correct with optimized XSAVE
  (bsc#1152489).
- commit 603fc19
- kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is
  enabled (jsc#SLE-17288).
  About the pahole version: v1.18 should be bare mnimum, v1.22 should be
  fully functional, for now we ship git snapshot with fixes on top of
  v1.21.
- commit 8ba3382
- x86/fpu: Reset state for all signal restore failures
  (bsc#1152489).
- commit f42aa15
- blacklist.conf: blacklist davicom legacy ethernet driver
- commit 78e9c10
- usb: dwc3: gadget: Check MPS of the request length (git-fixes).
- commit 0d1e1fe
- Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449)
  Also blacklisted
- commit e5dd4ab
- s390/ap: Fix hanging ioctl caused by wrong msg counter
  (bsc#1188982 LTC#193817).
- commit 7e146ac
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
  bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
  (CVE-2021-3640 bsc#1188172).
- commit f2d375d
- Update patch reference for a BT fix (CVE-2021-3640 bsc#1188172)
- commit 98aa089
- powerpc/pseries: Fix update of LPAR security flavor after LPM
  (bsc#1188885 ltc#193722 git-fixes).
- commit fbccd6a
- usb: dwc3: gadget: Clear DEP flags after stop transfers in ep
  disable (git-fixes).
- commit 5733c23
- usb: dwc3: gadget: Disable gadget IRQ during pullup disable
  (git-fixes).
- usb: dwc3: gadget: Prevent EP queuing while stopping transfers
  (git-fixes).
- commit 124c915
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time
  (git-fixes).
- iio: adc: ti-ads7950: Ensure CS is deasserted after reading
  channels (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup
  (git-fixes).
- usb: dwc3: Stop active transfers before halting the controller
  (git-fixes).
- commit 627b67a
- config: refresh
- commit a299bb8
- ceph: take snap_empty_lock atomically with snaprealm refcount
  change (bsc#1189427).
- ceph: reduce contention in ceph_check_delayed_caps()
  (bsc#1187468).
- commit 93c7440
- blacklist.conf: Add 'fix poly1305_core_setkey() declaration'
  Commit 8d195e7a8ada ("/crypto: poly1305 - fix poly1305_core_setkey()
  declaration"/) is a cleanup which breaks kABI.
- commit 37e4183
- scsi: blkcg: Fix application ID config options (bsc#1189385
  jsc#SLE-18970).
- Update config files.
- commit 1317caa
- crypto: x86/curve25519 - fix cpu feature checking logic in
  mod_exit (git-fixes).
- wireguard: allowedips: free empty intermediate nodes when
  removing single node (git-fixes).
- wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
- wireguard: allowedips: remove nodes in O(1) (git-fixes).
- commit 6aa0bda
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
  (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056
  (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates
  (git-fixes).
- usb: gadget: f_hid: idle uses the highest byte for duration
  (git-fixes).
- usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers
  (git-fixes).
- usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
- commit f089244
- ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
- ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
- ASoC: intel: atom: Fix reference to PCM buffer address
  (git-fixes).
- ASoC: tlv320aic31xx: Fix jack detection after suspend
  (git-fixes).
- spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
- virt_wifi: fix error on connect (git-fixes).
- commit 690710b
- staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
  (git-fixes).
- serial: 8250_mtk: fix uart corruption issue when rx power off
  (git-fixes).
- soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
- soc: ixp4xx: fix printing resources (git-fixes).
- spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation
  (git-fixes).
- spi: meson-spicc: fix memory leak in meson_spicc_remove
  (git-fixes).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
- spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay
  (git-fixes).
- commit 24af025
- ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency
  (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control
  (git-fixes).
- ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- ASoC: cs42l42: Correct definition of ADC Volume control
  (git-fixes).
- firmware_loader: use -ETIMEDOUT instead of -EAGAIN in
  fw_load_sysfs_fallback (git-fixes).
- Revert "/ACPICA: Fix memory leak caused by _CID repair function"/
  (git-fixes).
- dmaengine: imx-dma: configure the generic DMA type to make it
  work (git-fixes).
- ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
- commit 20c4d69
- scsi: qla2xxx: Remove redundant initialization of variable
  num_cnt (bsc#1189392).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
- scsi: qla2xxx: Fix spelling mistakes "/allloc"/ -> "/alloc"/
  (bsc#1189392).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
- scsi: qla2xxx: edif: Increment command and completion counts
  (bsc#1189392).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
- scsi: qla2xxx: edif: Add doorbell notification for app
  (bsc#1189392).
- scsi: qla2xxx: edif: Add detection of secure device
  (bsc#1189392).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs
  (bsc#1189392).
- scsi: qla2xxx: edif: Add key update (bsc#1189392).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire
  (bsc#1189392).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els
  (bsc#1189392).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs
  (bsc#1189392).
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI
  (bsc#1189392).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop
  (bsc#1189392).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Log PCI address in
  qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval
  (bsc#1189392).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
  (bsc#1189392).
- scsi: qla2xxx: Fix error return code in
  qla82xx_write_flash_dword() (bsc#1189392).
- commit 4f97d8a
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted()
  (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd
  (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new
  adapters (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series
  adapters (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state
  (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC
  cmpl path (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling
  PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or
  ADISC completes (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default
  (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE
  support (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function
  reset (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi()
  routine (bsc#1189385).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an
  ELS RDF (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS
  RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF
  handling (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB
  after ELS handling (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning
  FAILURE (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling
  (bsc#1189385).
- scsi: lpfc: Fix function description comments for vmid routines
  (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging
  (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message
  (bsc#1189385).
- scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189385).
- scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker
  thread (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Append the VMID to the wqe before sending
  (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Implement ELS commands for appid
  (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add support for VMID in mailbox command
  (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc
  (bsc#1189385 jsc#SLE-18970).
- scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
- Update config files
  Add kABI fixup patch
- patches.kabi/blk-cgroup-kABI-fixes-for-new-fc_app_id-definition.patch
- scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
- scsi: lpfc: Remove redundant assignment to pointer temp_hdr
  (bsc#1189385).
- commit e47f569
- nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
- commit da8a2b6
- README: Modernize build instructions.
- commit 8cc5c28
- ovl: allow upperdir inside lowerdir (bsc#1189323).
- ovl: fix missing revert_creds() on error path (bsc#1189323).
- ovl: skip getxattr of security labels (bsc#1189323).
- ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
- ovl: expand warning in ovl_d_real() (bsc#1189323).
- commit d2a0c13
- rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
- commit 7f9ade7
- platform/x86: pcengines-apuv2: Add missing terminating entries
  to gpio-lookup tables (git-fixes).
- commit e6925d8
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/NFSv4-Initialise-connection-to-the-server-in-nfs4_al.patch
  - patches.suse/NFSv4-pNFS-Don-t-call-_nfs4_pnfs_v3_ds_connect-multi.patch
  - patches.suse/SUNRPC-Fix-the-batch-tasks-count-wraparound.patch
  - patches.suse/SUNRPC-Should-wake-up-the-privileged-task-firstly.patch
  - patches.suse/nfs-fix-acl-memory-leak-of-posix_acl_create.patch
- commit bd541fa
- net: ll_temac: Fix TX BD buffer overwrite (CVE-2021-38207
  bsc#1189298).
- commit 64dedf9
- scsi: zfcp: Report port fc_security as unknown early during
  remote cable pull (git-fixes).
- commit 071c9e5
- net: xilinx_emaclite: Do not print real IOMEM pointer
  (CVE-2021-38205 bsc#1189292).
- commit 1e538f8
- Update patch reference for a USB max3421 HCD fix (CVE-2021-38204 bsc#1189291)
- commit 68d7672
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
  state (bsc#1184180).
- commit 435d2bf
- usb: dwc3: gadget: Don't setup more than requested (git-fixes).
- commit d278880
- usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init
  (git-fixes).
- commit bc358f9
- ocfs2: initialize ip_next_orphan (bsc#1186731).
- commit fd80e8c
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
  (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- commit 1bdda2d
- NFSv4: Initialise connection to the server in
  nfs4_alloc_client() (bsc#1040364).
- Delete
  patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch.
  Upstream now has a fix for this bug, so use their version instead of ours.
- commit 350271e
- usb: dwc3: gadget: Give back staled requests (git-fixes).
- commit c4cb23f
- usb: dwc3: support continuous runtime PM with dual role
  (git-fixes).
- commit f340e0b
- iommu/vt-d: Global devTLB flush when present context entry
  changed (bsc#1189220).
- iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
- iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
- iommu/amd: Fix extended features logging (bsc#1189213).
- iommu/vt-d: Define counter explicitly as unsigned int
  (bsc#1189216).
- iommu/arm-smmu-v3: Decrease the queue size of evtq and priq
  (bsc#1189210).
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
- iommu/vt-d: Check for allocation failure in aux_detach_device()
  (bsc#1189215).
- iommu/vt-d: Force to flush iotlb before creating superpage
  (bsc#1189219).
- iommu/vt-d: Invalidate PASID cache when root/context entry
  changed (bsc#1189221).
- iommu/vt-d: Don't set then clear private data in
  prq_event_thread() (bsc#1189217).
- iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK
  (bsc#1189209).
- commit f116a8f
- blacklist.conf: Add two IOMMU fixes
  b9abb19fa5fd iommu: Check dev->iommu in iommu_dev_xxx functions
  474dd1c65064 iommu/vt-d: Fix clearing real DMA device's scalable-mode context entries
- commit 2db8dfc
- powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats
  unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769
  git-fixes).
- commit c109f3e
- Fix filesystem requirement and suse-release requires
  Reduce filesystem conflict to anything less than 16 to allow pulling the
  change into the next major stable version.
  Don't require suse-release as that's not technically required. Conflict
  with a too old one instead.
- commit 913f755
- iwlwifi: rs-fw: don't support stbc for HE 160 (git-fixes).
- commit 981ddc7
- blacklist.conf: obsoleted by 8d396bb0a5b62b326f6be7594d8bd46b088296bd
- commit d9ae913
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- commit 8c8f7df
- powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148
  ltc#190702 git-fixes).
- commit 8c2e999
- powerpc/pseries: Fix regression while building external modules
  (bsc#1160010 ltc#183046 git-fixes).
  This changes a GPL symbol to general symbol which is kABI change but not
  kABI break.
- commit 5db0ce9
- powerpc/papr_scm: Reduce error severity if nvdimm stats
  inaccessible (bsc#1189197 ltc#193906).
- commit 9021659
- firmware_loader: fix use-after-free in firmware_fallback_sysfs
  (git-fixes).
- serial: tegra: Only print FIFO error message when an error
  occurs (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits
  (git-fixes).
- spi: stm32h7: fix full duplex irq handler handling (git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
  (git-fixes).
- commit 8f575e8
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/ALSA-hda-realtek-Fix-headset-mic-for-Acer-SWIFT-SF31.patch
  - patches.suse/ALSA-hda-realtek-add-mic-quirk-for-Acer-SF314-42.patch
  - patches.suse/ALSA-seq-Fix-racy-deletion-of-subscriber.patch
  - patches.suse/ALSA-usb-audio-Add-registration-quirk-for-JBL-Quantu-4b0556b96e1f.patch
  - patches.suse/ALSA-usb-audio-Fix-superfluous-autosuspend-recovery.patch
- commit 486a747
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
- ALSA: usb-audio: Add registration quirk for JBL Quantum 600
  (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56
  (ALC256) (git-fixes).
- ALSA: usb-audio: Fix superfluous autosuspend recovery
  (git-fixes).
- commit 57d9208
- net: dsa: mv88e6xxx: also read STU state in
  mv88e6250_g1_vtu_getnext (git-fixes).
- commit 4d3a9e0
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
  (git-fixes).
- commit 38ad73f
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/NFSv4.1-Don-t-rebind-to-the-same-source-port-when-re.patch
  - patches.suse/SUNRPC-prevent-port-reuse-on-transports-which-don-t-.patch
- commit 5e54e89
- blacklist.conf: kABI changes due to kvm_mmu_rule struct.
- commit f3e0e69
- Refresh patches.suse/Input-ili210x-add-missing-negation-for-touch-indicat.patch
  Fix missing parentheses in the input backport patch.
- commit 0913716
- rpm/kernel-source.rpmlintrc: ignore new include/config files
  In 5.13, since 0e0345b77ac4, config files have no longer .h suffix.
  Adapt the zero-length check.
  Based on Martin Liska's change.
- commit b6f021b
- gpio: tqmx86: really make IRQ optional (git-fixes).
- media: videobuf2-core: dequeue if start_streaming fails
  (git-fixes).
- media: rtl28xxu: fix zero-length control request (git-fixes).
- clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
  (git-fixes).
- cfg80211: Fix possible memory leak in function
  cfg80211_bss_update (git-fixes).
- commit 7dd3f8c
- SUNRPC: prevent port reuse on transports which don't request it
  (bnc#1186264 bnc#1189021).
- commit a89b568
- kabi fix for NFSv4.1: Don't rebind to the same source port when
  reconnecting to the server
  (bnc#1186264 bnc#1189021)
- commit 844eb4c
- NFSv4.1: Don't rebind to the same source port when
  (bnc#1186264 bnc#1189021)
- commit 4b89a40
- btrfs: rework chunk allocation to avoid exhaustion of the
  system chunk array (bsc#1189077).
- btrfs: fix deadlock with concurrent chunk allocations involving
  system chunks (bsc#1189077).
- btrfs: move the chunk_mutex in btrfs_read_chunk_tree
  (bsc#1189077).
- btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk
  (bsc#1189077).
- btrfs: parameterize dev_extent_min for chunk allocation
  (bsc#1189077).
- btrfs: factor out create_chunk() (bsc#1189077).
- btrfs: factor out decide_stripe_size() (bsc#1189077).
- btrfs: factor out gather_device_info() (bsc#1189077).
- btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
- btrfs: introduce alloc_chunk_ctl (bsc#1189077).
- btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
- btrfs: introduce chunk allocation policy (bsc#1189077).
- btrfs: handle invalid profile in chunk allocation (bsc#1189077).
- commit 707ed65
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
  (CVE-2021-3679 bsc#1189057).
- commit 49b5ebf
- net/mlx5: Properly convey driver version to firmware
  (git-fixes).
- commit 44d8f42
- net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
- commit ac61742
- can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
- commit 75096f3
- net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
- commit 524d35f
- Update kabi files.
- update from August 2021 maintenance update submission (commit a13100d5f167)
- commit 75dc981
- blacklist.conf: add macsonic driver
- commit 688a554
- cifs: do not share tcp sessions of dfs connections
  (bsc#1185902).
- commit 78eb685
- cifs: prevent NULL deref in cifs_compose_mount_options()
  (bsc#1185902).
- commit a798607
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- commit 17b0494
- cifs: fix check of dfs interlinks (bsc#1185902).
- commit 1db4f4d
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- commit 064a32d
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- commit 65332c5
- cifs: set a minimum of 2 minutes for refreshing dfs cache
  (bsc#1185902).
- commit 1a16c86
- cifs: fix path comparison and hash calc (bsc#1185902).
- commit 9ae40ff
- cifs: handle different charsets in dfs cache (bsc#1185902).
- commit 7b185cd
- cifs: keep referral server sessions alive (bsc#1185902).
- commit a6fba08
- cifs: get rid of @noreq param in __dfs_cache_find()
  (bsc#1185902).
- commit 7f4ff26
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- commit 96ce669
- cifs: Remove unused inline function is_sysvol_or_netlogon()
  (bsc#1185902).
- commit 7d7b6d5
- KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
- commit 81b4c99
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit
  RSB path (bsc#1188788).
- commit f2e225f
- KVM: VMX: Enable machine check support for 32bit targets
  (bsc#1188787).
- commit 388d3fb
- KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4()
  (bsc#1188786).
- commit c5de014
- KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check
  in !64-bit (bsc#1188784).
- commit 08b2951
- KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
  (bsc#1188783).
- commit 5f8f317
- KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02
  (bsc#1188782).
- commit ef7bd2d
- KVM: nVMX: Reset the segment cache when stuffing guest segs
  (bsc#1188781).
- commit 8984ecb
- KVM: nVMX: Really make emulated nested preemption timer pinned
  (bsc#1188780).
- commit 597c5f3
- ceph: clean up and optimize ceph_check_delayed_caps()
  (bsc#1187468).
- commit 33a74a3
- cifs: constify get_normalized_path() properly (bsc#1185902).
- commit f4ccabe
- cifs: don't cargo-cult strndup() (bsc#1185902).
- commit 2296da2
- btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
- commit 9c3cf71
- btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
- commit fed2922
- btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
- commit 5426822
- btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
- commit 5e89cd2
- btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
- commit f95f181
- btrfs: add a comment explaining the data flush steps (bsc#1135481).
- commit a308556
- btrfs: do async reclaim for data reservations (bsc#1135481).
- commit deae828
- btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
- commit d82c207
- btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
- commit 6af13e4
- btrfs: don't force commit if we are data (bsc#1135481).
- commit 3380b09
- btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
- commit c6ed5f3
- btrfs: use the same helper for data and metadata reservations (bsc#1135481).
- commit 188e042
- btrfs: serialize data reservations if we are flushing (bsc#1135481).
- commit 9a68295
- btrfs: use ticketing for data space reservations (bsc#1135481).
- commit 0cad012
- btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
- commit 7c494a4
- btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
- commit 9327930
- btrfs: add flushing states for handling data reservations (bsc#1135481).
- commit ee0a32c
- btrfs: check tickets after waiting on ordered extents (bsc#1135481).
- commit e9723f6
- btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
- commit 08a821e
- btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
- commit e18060c
- btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
- commit e684a31
- btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
- commit df0d484
- btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
- commit 4167827
- btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
- commit 6287797
- btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
- commit 1eb212c
- btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
- commit acedfaf
- btrfs: remove orig from shrink_delalloc (bsc#1135481).
- commit 02659bb
- btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
- commit 5b57ee8
- usb: dwc3: core: don't do suspend for device mode if already
  suspended (git-fixes).
- commit 82b18d4
- usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set
  (git-fixes).
- commit 072728a
- usb: dwc3: gadget: Set link state to RX_Detect on disconnect
  (git-fixes).
- commit 6a1e8b7
- usb: dwc3: gadget: Don't send unintended link state change
  (git-fixes).
- commit acdee65
- usb: dwc3: of-simple: add a shutdown (git-fixes).
- commit 15b84b1
- usb: dwc3: debug: Remove newline printout (git-fixes).
- commit 5104cc5
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit a403162
- usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
- commit e16e74a
- usb: dwc3: gadget: Set BESL config parameter (git-fixes).
- commit b02b13d
- usb: dwc3: Separate field holding multiple properties
  (git-fixes).
- commit 1087836
- usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
- commit b4290b9
- usb: dwc3: st: Add of_node_put() before return in probe function
  (git-fixes).
- commit a5796ab
- usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
- commit 638e28a
- usb: dwc3: Use devres to get clocks (git-fixes).
- commit e717ac7
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- commit f037781
keyutils
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
- update to 1.6.3:
  * Revert the change notifications that were using /dev/watch_queue.
  * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
  * Allow "/keyctl supports"/ to retrieve raw capability data.
  * Allow "/keyctl id"/ to turn a symbolic key ID into a numeric ID.
  * Allow "/keyctl new_session"/ to name the keyring.
  * Allow "/keyctl add/padd/etc."/ to take hex-encoded data.
  * Add "/keyctl watch*"/ to expose kernel change notifications on keys.
  * Add caps for namespacing and notifications.
  * Set a default TTL on keys that upcall for name resolution.
  * Explicitly clear memory after it's held sensitive information.
  * Various manual page fixes.
  * Fix C++-related errors.
  * Add support for keyctl_move().
  * Add support for keyctl_capabilities().
  * Make key=val list optional for various public-key ops.
  * Fix system call signature for KEYCTL_PKEY_QUERY.
  * Fix 'keyctl pkey_query' argument passing.
  * Use keyctl_read_alloc() in dump_key_tree_aux().
  * Various manual page fixes.
- spec-cleaner run (fixup failing homepage url)
- prepare usrmerge (boo#1029961)
- updated to 1.6
  - Apply various specfile cleanups from Fedora.
  - request-key: Provide a command line option to suppress helper execution.
  - request-key: Find least-wildcard match rather than first match.
  - Remove the dependency on MIT Kerberos.
  - Fix some error messages
  - keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
  - Fix doc and comment typos.
  - Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
  - Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS
  to shortcut the ring0 bootstrap cycle by also using krb5-mini.
- add upstream signing key and verify source signature
- updated to 1.5.11 (bsc#1113013)
  - Add keyring restriction support.
  - Add KDF support to the Diffie-Helman function.
  - DNS: Add support for AFS config files and SRV records
kmod
- Remove enum padding constants, add enum.patch (boo#1097869).
krb5
- Fix KDC null pointer dereference via a FAST inner body that
  lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
  * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
less
- Add missing runtime dependency on which, which is used by lessopen.sh.
  Fix bsc#1190552.
libcroco
- Add libcroco-CVE-2020-12825.patch: limit recursion in block and
  any productions (boo#1171685 CVE-2020-12825).
libsolv
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
  possible to use osc build --with=python).
libyui-ncurses-pkg
- Fixed crash in NCurses online update when retracted packages
  are present (bsc#1191130)
- 2.50.8
libzypp
- Disable logger in the child after fork (bsc#1192436)
- version 17.28.8 (22)
- Check log writer before accessing it (fixes #355, bsc#1192337)
- Save locks: Update an existing locks changed comment string.
- Allow uname-r format in purge kernels keepspec (fixes
  openSUSE/zypper#418)
- version 17.28.7 (22)
- Zypper should keep cached files if transaction is aborted
  (bsc#1190356)
  Singletrans mode currently does not keep files around if the
  transaction is aborted. This patch fixes the problem.
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high
  (bsc#1191324)
  Especially in a VM iterating over all possible fd's to close open
  ones right before a exec() slows down zypper unnecessarily. This
  patch uses /proc/self/fd to iterate over open fd's in case rlimit
  is above 1024.
- po: Fix some lost '%' signs in positional args (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is
  plugin: (bsc#1191286)
- version 17.28.6 (22)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
  A missing check causes zyppng::Downloader to always download full
  files even if the checkExistsOnly flag is set. This patch adds
  the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
  The kernel-*-livepatch packages are supposed to serve as a stable
  handle for the ephemeral kernel livepatch packages. See
  FATE#320268 for details. As part of the kernel live patching
  ecosystem, kernel-*-livepatch packages should not block the
  purge-kernels step.
- version 17.28.5 (22)
- Make sure to keep states alives while transitioning
  (bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
  If environment variables are unhandy one may enable the desired
  techpreview in zypp.conf as well:
    [main]
    techpreview.ZYPP_SINGLE_RPMTRANS=1
    techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
  zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
  not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
- Rephrase vendor conflict message in case 2 packages are
  involved (bsc#1187760)
  This covers the case where not the packages itself would change
  its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
  (bsc#1187224)
  Rpm by default only shows the short key ID when checking the
  signature of a package fails. This patch reads the signatures
  from the RPM headers and replaces she short IDs with the key
  fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
  This patch adds a experimental commit strategy that runs all
  operations in a single rpm transaction, speeding up the execution
  a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
  backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
  (bsc#1187738)
  There recently was a change in the kernel package naming scheme
  in regards to rc kernels. Since kernel upstream uses characters
  in the version that are not allowed in rpm versions a "/-rc"/ was
  previously replaced with "/.rc"/ which broke sorting by version, to
  fix this issue it was replaced with "/~rc"/, which unfortunately
  broke the purge-kernels logic. This patch makes sure purge-kernel
  does apply the same conversion.
- version 17.28.0 (22)
lvm2
- vgextend crash when extending VG with missing PV (bsc#1191019)
  + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
man-pages
- install kernel_lockdown.7 man page [bsc#1185534]
- added sources
  + kernel_lockdown.7
mozilla-nspr
- update to version 4.32:
  * implement new socket option PR_SockOpt_DontFrag
  * support larger DNS records by increasing the default buffer
    size for DNS queries
- update to version 4.31:
  * Lock access to PRCallOnceType members in PR_CallOnce* for
    thread safety bmo#1686138
- update to version 4.30
  * support longer thread names on macOS
  * fix a build failure on OpenBSD
- update to version 4.29
  * Remove macOS Code Fragment Manager support code
  * Remove XP_MACOSX and OS_TARGET=MacOSX
  * Refresh config.guess and config.sub
  * Remove NSPR's patch to config.sub
  * Add support for e2k target (64-bit Elbrus 2000)
- update to version 4.28
  * Fix a compiler warning
  * Add rule for cross-compiling with cygwin
- update to version 4.27
  * the macOS platform code for shared library loading was
  * An include statement for a Windows system library header
    was added
- update to version 4.26
  * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
    information about the operating system build version.
  * Better support parallel building on Windows.
  * The internal release automatic script requires python 3.
mozilla-nss
- Mozilla NSS 3.68.1
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
  nss-bsc1193170.patch
- Removed nss-fips-kdf-self-tests.patch.  This was made
  obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
  reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
  * bmo#1713562 - Fix test leak.
  * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
  * bmo#1693206 - Implement PKCS8 export of ECDSA keys.
  * bmo#1712883 - DTLS 1.3 draft-43.
  * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
  * bmo#1713562 - Validate ECH public names.
  * bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
  * bmo#1683710 - Add a means to disable ALPN.
  * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
  * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
  * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
  * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
  * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
  * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
  * bmo#1708307 - Remove Trustis FPS Root CA from NSS.
  * bmo#1707097 - Add Certum Trusted Root CA to NSS.
  * bmo#1707097 - Add Certum EC-384 CA to NSS.
  * bmo#1703942 - Add ANF Secure Server Root CA to NSS.
  * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
  * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
  * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
  * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
  * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
  * bmo#1709291 - Add VerifyCodeSigningCertificateChain.
  * Use GNU tar for the release helper script.
- update to NSS 3.65
  * bmo#1709654 - Update for NetBSD configuration.
  * bmo#1709750 - Disable HPKE test when fuzzing.
  * bmo#1566124 - Optimize AES-GCM for ppc64le.
  * bmo#1699021 - Add AES-256-GCM to HPKE.
  * bmo#1698419 - ECH -10 updates.
  * bmo#1692930 - Update HPKE to final version.
  * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
  * bmo#1703936 - New coverity/cpp scanner errors.
  * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
  * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
  * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
  * bmo#1705286 - Properly detect mips64.
  * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
    disable_crypto_vsx.
  * bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
    ppc_crypto_support() for clang.
  * bmo#1613235 - Add POWER ChaCha20 stream cipher vector
    acceleration.
- update to NSS 3.63.1
  * no upstream release notes for 3.63.1 (yet)
  Fixed in 3.63
  * bmo#1697380 - Make a clang-format run on top of helpful contributions.
  * bmo#1683520 - ECCKiila P384, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
    scalar multiplication.
  * bmo#1683520 - ECCKiila P521, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
    scalar multiplication.
  * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
  * bmo#1694214 - tstclnt can't enable middlebox compat mode.
  * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
    profiles.
  * bmo#1685880 - Minor fix to prevent unused variable on early return.
  * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
    with nss build.
  * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
    of root CA changes, CA list version 2.48.
  * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
    'Chambers of Commerce' and 'Global Chambersign' roots.
  * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
  * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
  * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
  * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
    from NSS.
  * bmo#1687822 - Turn off Websites trust bit for the “Staat der
    Nederlanden Root CA - G3” root cert in NSS.
  * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
    Root - 2008' and 'Global Chambersign Root - 2008’.
  * bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
  * bmo#1688374 - Fix parallel build NSS-3.61 with make
  * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
    can corrupt "/cachedCertTable"/
  * bmo#1690583 - Fix CH padding extension size calculation
  * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
  * bmo#1690421 - Install packaged libabigail in docker-builds image
  * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
  * bmo#1674819 - Fixup a51fae403328, enum type may be signed
  * bmo#1681585 - Add ECH support to selfserv
  * bmo#1681585 - Update ECH to Draft-09
  * bmo#1678398 - Add Export/Import functions for HPKE context
  * bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
  * required for Firefox 86
  * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
    values under certain conditions.
  * bmo#1684300 - Fix default PBE iteration count when NSS is compiled
    with NSS_DISABLE_DBM.
  * bmo#1651411 - Improve constant-timeness in RSA operations.
  * bmo#1677207 - Upgrade Google Test version to latest release.
  * bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
  Notable changes in NSS 3.60:
  * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
    has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
    implementation. See bmo#1654332 for more information.
  * December 2020 batch of Root CA changes, builtins library updated
    to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
    for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
  * bmo#1679290 - Fix potential deadlock with certain third-party
    PKCS11 modules
- update to NSS 3.59
  Notable changes
  * Exported two existing functions from libnss:
    CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
  Bugfixes
  * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
  * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
  * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
  * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
  * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
    root certs when SHA1 signatures are disabled.
  * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
    solve some test intermittents
  * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
    our CVE-2020-25648 fix that broke purple-discord
    (boo#1179382)
  * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
  * bmo#1667989 - Fix gyp linking on Solaris
  * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
    CERT_AddCertToListTailWithData from libnss
  * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
  * bmo#1663091 - Remove unnecessary assertions in the streaming
    ASN.1 decoder that affected decoding certain PKCS8
    private keys when using NSS debug builds
  * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
  Bugs fixed:
  * bmo#1641480 (CVE-2020-25648)
    Tighten CCS handling for middlebox compatibility mode.
  * bmo#1631890 - Add support for Hybrid Public Key Encryption
    (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
    (draft-ietf-tls-esni).
  * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
    extensions.
  * bmo#1668328 - Handle spaces in the Python path name when using
    gyp on Windows.
  * bmo#1667153 - Add PK11_ImportDataKey for data object import.
  * bmo#1665715 - Pass the embedded SCT list extension (if present)
    to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- update to NSS 3.57
  * The following CA certificates were Added:
    bmo#1663049 - CN=Trustwave Global Certification Authority
    SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
    bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
    SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
    bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
    SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
  * The following CA certificates were Removed:
    bmo#1651211 - CN=EE Certification Centre Root CA
    SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
    bmo#1656077 - O=Government Root Certification Authority; C=TW
    SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
  * Trust settings for the following CA certificates were Modified:
    bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
    Websites (server authentication) trust bit removed.
  * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
  for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
  * nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
  being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
  obsolete by upstream changes.
- update to NSS 3.56
  Notable changes
  * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
  * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
  * bmo#1654142 - Add CPU feature detection for Intel SHA extension.
  * bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
  * bmo#1656986 - Properly detect arm64 during GYP build architecture
    detection.
  * bmo#1652729 - Add build flag to disable RC2 and relocate to
    lib/freebl/deprecated.
  * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
  * bmo#1588941 - Send empty certificate message when scheme selection
    fails.
  * bmo#1652032 - Fix failure to build in Windows arm64 makefile
    cross-compilation.
  * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
  * bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
    makefile target.
  * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
  * bmo#1659814 - Fix interop.sh failures with newer tls-interop
    commit and dependencies.
  * bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
  (boo#1176206)
- update to NSS 3.55
  Notable changes
  * P384 and P521 elliptic curve implementations are replaced with
    verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
  * PK11_FindCertInSlot is added. With this function, a given slot
    can be queried with a DER-Encoded certificate, providing performance
    and usability improvements over other mechanisms. (bmo#1649633)
  * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
  Relevant Bugfixes
  * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
    P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
  * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
  * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
  * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
    ChaCha20 (which was not functioning correctly) and more strictly
    enforce tag length.
  * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1653202 - Fix initialization bug in blapitest when compiled
    with NSS_DISABLE_DEPRECATED_SEED.
  * bmo#1646594 - Fix AVX2 detection in makefile builds.
  * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
    for a DER-encoded certificate.
  * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
  * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
  * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
  * bmo#1649226 - Add Wycheproof ECDSA tests.
  * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
  * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
    RSA_CheckSignRecover.
  * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
    signature_algorithms extension.
- update to NSS 3.54
  Notable changes
  * Support for TLS 1.3 external pre-shared keys (bmo#1603042).
  * Use ARM Cryptography Extension for SHA256, when available
    (bmo#1528113)
  * The following CA certificates were Added:
    bmo#1645186 - certSIGN Root CA G2.
    bmo#1645174 - e-Szigno Root CA 2017.
    bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
    bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
  * The following CA certificates were Removed:
    bmo#1645199 - AddTrust Class 1 CA Root.
    bmo#1645199 - AddTrust External CA Root.
    bmo#1641718 - LuxTrust Global Root 2.
    bmo#1639987 - Staat der Nederlanden Root CA - G2.
    bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
    bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
    bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
  * A number of certificates had their Email trust bit disabled.
    See bmo#1618402 for a complete list.
  Bugs fixed
  * bmo#1528113 - Use ARM Cryptography Extension for SHA256.
  * bmo#1603042 - Add TLS 1.3 external PSK support.
  * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
  * bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
  * bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
  * bmo#1641716 - Add Microsoft's non-EV root certificates.
  * bmo1621151 - Disable email trust bit for "/O=Government
    Root Certification Authority; C=TW"/ root.
  * bmo#1645199 - Remove AddTrust root certificates.
  * bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
  * bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
    certificate.
  * bmo#1618402 - Remove Symantec root certificates and disable email trust
    bit.
  * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
  * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
  * bmo#1642153 - Fix infinite recursion building NSS.
  * bmo#1642638 - Fix fuzzing assertion crash.
  * bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
  * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
  * bmo#1643557 - Fix numerous compile warnings in NSS.
  * bmo#1644774 - SSL gtests to use ClearServerCache when resetting
    self-encrypt keys.
  * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
  * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ncurses
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
  CVE-2021-39537: ncurses: heap-based buffer overflow in
  _nc_captoinfo in captoinfo.c
netcfg
- add submissions port number [bsc#1189683]
- modified patches
  % services-suse.diff
pam
- Corrected a bad directive file which resulted in
  the "/securetty"/ file to be installed as "/macros.pam"/.
  [pam.spec]
- Added tmpfiles for pam to set up directory for pam_faillock.
  [pam.conf]
- Corrected macros.pam entry for %_pam_moduledir
  Cleanup in pam.spec:
  * Replaced all references to ${_lib}/security in pam.spec by
  %{_pam_moduledir}
  * Removed definition of (unused) "/amdir"/.
- Added new file macros.pam on request of systemd.
  [bsc#1190052, macros.pam]
- Added pam_faillock to the set of modules.
  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
patterns-base
- Use the same icon in the fips pattern as the previous pattern had
  (bsc#1189550)
pcre
- pcre 8.45 (the final release)
  * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
  * Small patch to pcreposix.c to set the erroroffset field to -1 immediately
  after a successful compile, instead of at the start of matching to avoid a
  sanitizer complaint (regexec is supposed to be thread safe).
  * Check the size of the number after (?C as it is read, in order to avoid
  integer overflow. (bsc#1172974, CVE-2020-14155)
  * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
  in pcretest.
- pcre 8.43
  * In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
  negative class with no characters less than 0x100 followed by a positive class
  with only characters less than 0x100, the first class was incorrectly being
  auto-possessified, causing incorrect match failures.
  * If the only branch in a conditional subpattern was anchored, the whole
  subpattern was treated as anchored, when it should not have been, since the
  assumed empty second branch cannot be anchored. Demonstrated by test patterns
  such as /(?(1)^())b/ or /(?(?=^))b/.
  * Fix subject buffer overread in JIT when UTF is disabled and X or R has
  a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
  (bsc#1172973 CVE-2019-20838)
  * If a pattern started with a subroutine call that had a quantifier with a
  minimum of zero, an incorrect "/match must start with this character"/ could be
  recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
  be the first character of a match.
- pcre 8.42
  * If a backreference with a minimum repeat count of zero was first in a
  pattern, apart from assertions, an incorrect first matching character could be
  recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
  as the first character of a match.
  * Fix out-of-bounds read for partial matching of /./ against an empty string
  when the newline type is CRLF.
  * When matching using the the REG_STARTEND feature of the POSIX API with a
  non-zero starting offset, unset capturing groups with lower numbers than a
  group that did capture something were not being correctly returned as "/unset"/
  (that is, with offset values of -1).
  * Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
  containing multi-code-unit characters caused bad behaviour and possibly a
  crash. This issue was fixed for other kinds of repeat in release 8.37 by change
  38, but repeating character classes were overlooked.
postgresql
- Bump version to 14, leave default at 12.
postgresql12
- bsc#1192516: Upgrade to version 12.9:
  * Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/12/release-12-0.html
- Let genlists skip non-existing binaries to avoid lots of version
  conditionals in the file lists.
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
  is unclear. This affects only the test subpackage.
- bsc#1185952: fix build with llvm12 on s390x.
  0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
- bsc#1179945: Re-enable icu for PostgreSQL 10.
- Upgrade to version 12.8:
  * https://www.postgresql.org/docs/12/release-12-8.html
  * CVE-2021-3677 (boo#1189748)
    The planner could create an incorrect plan in cases where two
    ProjectionPaths were stacked on top of each other. The only
    known way to trigger that situation involves parallel sort
    operations, but there may be other instances. The result would
    be crashes or incorrect query results. Disclosure of server
    memory contents is also possible.
- bsc#1187751: Make the dependency of postgresqlXX-server-devel on
  llvm and clang optional (postgresql-llvm-optional.patch).
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
  Use llvm11 as a workaround.
py26-compat-salt
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix error handling in openscap module (bsc#1188647)
- Added:
  * fix-error-handling-in-openscap-module-bsc-1188647-41.patch
- Define license macro as doc in spec file if not existing
py26-compat-tornado
- Added compatibility to Enterprise Linux 8
py27-compat-salt
- Fix the regression of docker_container state module
- Added:
  * fix-the-regression-brought-in-with-pr-402-422.patch
- Support querying for JSON data in external sql pillar
- Added:
  * 3000.3-postgresql-json-support-in-pillar-425.patch
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Added:
  * templates-move-the-globals-up-to-the-environment-jin.patch
- Add missing aarch64 to rpm package architectures
- Consolidate some state requisites (bsc#1188641)
- Added:
  * add-missing-aarch64-to-rpm-package-architectures-407.patch
  * consolidate-some-state-requisites-55974-bsc-1188641-.patch
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Added:
  * fix-error-handling-in-openscap-module-bsc-1188647-41.patch
  * better-handling-of-bad-public-keys-from-minions-bsc-.patch
  * fix-failing-unit-tests-for-systemd.patch
- Define license macro as doc in spec file if not existing
python
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-Babel
- Add CVE-2021-42771-rel-path-traversal.patch fixing
  CVE-2021-42771 by cleaning locale identifiers before loading
  from file (bsc#1185768).
python-Pygments
- Add cve_2021_27291.patch (CVE-2021-27291, bsc#1184812)
  + fix several exponential/cubic complexity regexes
- Add cve_2021_20270.patch (CVE-2021-20270, bsc#1183169)
  + fix infinite loop in SML lexer
python-azure-mgmt-billing
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 1.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
python-azure-mgmt-cdn
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 5.2.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-mgmt-hdinsight
- Update in SLE-15 (bsc#1187880, bsc#1188178)
  + Version 2.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-mgmt-netapp
- Update in SLE-15 (bsc#1187880, bsc#1188178)
  + Version 0.14.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-mgmt-resource
- Update in SLE-15 (bsc#1187880, bsc#1188178)
  + Version 15.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
- New upstream release
python-azure-mgmt-synapse
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 0.5.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-base
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-pytz
- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when
  upgrading, before it is replaced by a symlink (bsc#1185748).
- %check: use %pyunittest rpm macro
- Bump tzdata_version
- update to 2021.1:
  * update to IANA 2021a timezone release
- update to 2020.5:
  * update to IANA 2020e timezone release
- update to 2020.4:
  * update to IANA 2020d timezone release
- specfile:
  * be more specific in %files section
  * README.txt -> README.rst
- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * Base class for all errors
  * Add flake8 settings
  * IANA 2020a
  * Fix remaining references to README.txt
  * Update README.md
  * Use .rst extension for reStructuredText
  * typo
  * highlight codes
  * use .rst extension name
  * Tidelift links
  * Add links for security reports
  * Update LICENSE.txt
  * Create FUNDING.yml
  * Make FixedOffset part of public API
- Update to 2019.3
  * IANA 2019c
- Add versioned dependency on timezone database to ensure the
  correct data is installed
- Remove system_zoneinfo.patch, and instead add a symlink to the
  system timezone database
- Replace unnecessary pytest, adding a missing __init__.py in the
  tests to allow the test suite to work on Python 2.7 without pytest
- update to 2019.2
  * IANA 2019b
  * Defer generating case-insensitive lookups
release-notes-sles
- 15.2.20211130 (tracked in bsc#933411)
- Added note about ping_group_range (bsc#1193054)
- Updated note about Vagrant boxes (jsc#DOCTEAM-413)
- Updated note about PostgreSQL support (bsc#1183998)
- Replaced master with main (jsc#SLE-22018)
- 15.2.20210922 (tracked in bsc#933411)
- Updated note about PostgreSQL support (bsc#1183998)
- Added keepalived to support exceptions (bsc#1183906)
- 15.2.20210903 (tracked in bsc#933411)
- Added note about Xen stubdom (bsc#1188109)
- Added note about pytest (jsc#SLE-11316)
- Added note about fadump on OPAL (jsc#SLE-9099)
- Added note about gssproxy (jsc#SLE-6952)
- Added note about Docker command completion in Bash (jsc#SLE-7697)
- Added note about NVMe-oF in dracut (jsc#SLE-17090)
- Added note about dtc (jsc#SLE-11052)
- Added note about BerkeleyDB and rpm (jsc#SLE-12191)
- Added note about legacy block layer (jsc#SLE-10853)
- Added note about deprecating SHA-1 (jsc#SLE-16535)
- Added note about PostgreSQL 13 (jsc#SLE-17029)
- Added note about wireguard-tools (jsc#SLE-12395)
- Added note about SMT and SLE12 (bsc#1178382)
- Added note about systemd and /usr/local (bsc#1182237)
- Added note about kubernetes-client rename (bsc#1183609)
- Added note about net-snmp 5.8 (jsc#SLE-11203)
- Added more AGPL dual-licensed packages (jsc#DOCTEAM-196)
- Added note about python-kubernetes (jsc#SLE-17159)
- Added note about Raspberry Pi known limitations (jsc#SLE-7276)
- Fixed IBM-Z doc link (bsc#1185109)
- Removed mention of SES (bsc#1188305)
release-notes-susemanager
- Update to 4.1.12
  * Bugs mentioned
    bsc#1185951, bsc#1188315, bsc#1189609, bsc#1189643,
    bsc#1189818, bsc#1190151, bsc#1190166, bsc#1190265,
    bsc#1190276, bsc#1190512, bsc#1190665, bsc#1190751,
    bsc#1191144, bsc#1191222, bsc#1191274, bsc#1191444,
    bsc#1191495, bsc#1191538, bsc#1191643, bsc#1191898,
    bsc#1187998
- Update to 4.1.11
  * Bugs mentioned
    bsc#1171483,bsc#1172671,bsc#1181223,bsc#1187150,
    bsc#1187549,bsc#1187572,bsc#1188032,bsc#1188136,
    bsc#1188163,bsc#1188641,bsc#1188647,bsc#1188656,
    bsc#1188853,bsc#1188977,bsc#1189040,bsc#1190123,
    bsc#1190164,bsc#1190455,
rpm
- backport zstd detection fix [bsc#1187670]
  new patch: zstddetection.diff
- fix potential access of freed mem in ndb's glue code [bsc#1179416]
  new patch: ndbglue.diff
- backport ndb rofs support [bsc#1188548]
  new patch: ndbrofs.diff
- backport pgp hardening changes from upstream [bsc#1185299]
  new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try tp acquire the
  database lock [bsc#1183659]
  new patch: deadlock.diff
- backport header check security fixes from upstream [CVE-2021-3421]
  [CVE-2021-20271] [CVE-2021-20266]
  [bsc#1183543] [bsc#1183545] [bsc#1183632]
  new patch: headerchk3.diff
rsync
- Fixed an error when using the external compression library
  where files larger that 1GB would not be transferred completely
  and failing with error:
  - deflate on token returned 0 (XXX bytes left)
  - rsync error: error in rsync protocol data stream (code 12)
  * Add rsync-fix-external-compression.patch [bsc#1190828]
- Fix a segmentation fault in iconv [bsc#1188258]
  * Add rsync-iconv-segfault.patch
ruby2
Add patches to fix the following CVE's:
  - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
    vulnerability in Net:IMAP (bsc#1188160)
  - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
    responses vulnerability in  Net:FTP (bsc#1188161)
  - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
    vulnerability in RDoc (bsc#1190375)
runc
- Update to runc v1.0.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.2
  * Fixed a failure to set CPU quota period in some cases on cgroup v1.
  * Fixed the inability to start a container with the "/adding seccomp filter
    rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
    that has action equal to the default one). Such redundant rules are now
    skipped.
  * Made release builds reproducible from now on.
  * Fixed a rare debug log race in runc init, which can result in occasional
    harmful "/failed to decode ..."/ errors from runc run or exec.
  * Fixed the check in cgroup v1 systemd manager if a container needs to be
    frozen before Set, and add a setting to skip such freeze unconditionally.
    The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.1
  * Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
    Azure volume.
  * Fixed "/unable to find groups ... token too long"/ error with /etc/group
    containing lines longer than 64K characters.
  * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
    frozen. This is a regression in 1.0.0, not affecting runc itself but some
    of libcontainer users (e.g Kubernetes).
  * cgroupv2: bpf: Ignore inaccessible existing programs in case of
    permission error when handling replacement of existing bpf cgroup
    programs. This fixes a regression in 1.0.0, where some SELinux
    policies would block runc from being able to run entirely.
  * cgroup/systemd/v2: don't freeze cgroup on Set.
  * cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
  with runc under openSUSE MicroOS's SELinux policy. boo#1187704
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0
  ! The usage of relative paths for mountpoints will now produce a warning
    (such configurations are outside of the spec, and in future runc will
    produce an error when given such configurations).
  * cgroupv2: devices: rework the filter generation to produce consistent
    results with cgroupv1, and always clobber any existing eBPF
    program(s) to fix runc update and avoid leaking eBPF programs
    (resulting in errors when managing containers).
  * cgroupv2: correctly convert "/number of IOs"/ statistics in a
    cgroupv1-compatible way.
  * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
  * cgroupv2: wait for freeze to finish before returning from the freezing
    code, optimize the method for checking whether a cgroup is frozen.
  * cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
  * cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
    cgroup manager (regression in rc94)
  + cgroupv2: support SkipDevices with systemd driver
  + cgroup/systemd: return, not ignore, stop unit error from Destroy
  + Make "/runc --version"/ output sane even when built with go get or
    otherwise outside of our build scripts.
  + cgroups: set SkipDevices during runc update (so we don't modify
    cgroups at all during runc update).
  + cgroup1: blkio: support BFQ weights.
  + cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
  This release of runc contains a fix for CVE-2021-30465, and users are
  strongly recommended to update (especially if you are providing
  semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
    syscalls unusable for glibc.
salt
- Use dnfnotify instead yumnotify for relevant distros
- Remove wrong _parse_cpe_name from grains.core
- dnfnotify pkgset plugin implementation
- Add rpm_vercmp python library support for version comparison
- Prevent pkg plugins errors on missing cookie path (bsc#1186738)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Make "/salt-api"/ package to require python3-cherrypy on RHEL systems
- tar is required by minion on transactional-update system
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * remove-wrong-_parse_cpe_name-from-grains.core-452.patch
  * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
  * fix-traceback.-_exc-calls-429.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-444.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * 3002.2-postgresql-json-support-in-pillar-424.patch
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Don't pass shell="//sbin/nologin"/ to onlyif/unless checks (bsc#1188259)
- Add missing aarch64 to rpm package architectures
- Backport of upstream PR#59492
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)
- Added:
  * backport-of-upstream-pr59492-to-3002.2-404.patch
  * fix-failing-unit-tests-for-systemd.patch
  * don-t-use-shell-sbin-nologin-in-requisites.patch
  * fix-error-handling-in-openscap-module-bsc-1188647-40.patch
  * add-missing-aarch64-to-rpm-package-architectures-405.patch
  * better-handling-of-bad-public-keys-from-minions-bsc-.patch
  * templates-move-the-globals-up-to-the-environment-jin.patch
samba
- CVE-2016-2124: SMB1 client connections can be downgraded to
  plaintext authentication (bsc#1014440); (bso#12444);
- CVE-2020-25717: A user in an AD Domain could become root on
  domain members; (bsc#1192284); (bso#14556);
- CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability;
  (bsc#1192214); (bso#14875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
  to replication delay; (bsc#1188727);
shim
- restore the shim-susesigned installation via buildrequires here.
spacecmd
- version 4.1.15-1
  * configchannel_updatefile handles directory properly (bsc#1190512)
- version 4.1.14-1
- Add schedule_archivecompleted to mass archive actions (bsc#1181223)
- Use proper ordering when listing activationkey
- Remove whoami from the list of unauthenticated commands (bsc#1188977)
- Make schedule_deletearchived to get all actions without display limit
- Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-admin
- version 4.1.10-1
  * Fix setup with rhn-config-satellite (bsc#1190300)
  * Allow admins to modify only spacewalk config files with
    rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)
spacewalk-backend
- version 4.1.29-1
  * Avoid GPG errors messages in reposync caused by rpm not understanding
    signatures (bsc#1191538)
  * handle download of metadata filesnames with checksums (bsc#1188315)
  * Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)
- version 4.1.28-1
- fix typo "/verfication"/ instead of "/verification"/
spacewalk-certs-tools
- version 4.1.19-1
  * add GPG keys using apt-key on debian machines (bsc#1187998)
- version 4.1.18-1
  * set key format to PEM when generating key for traditional
    clients push ssh (bsc#1189643)
spacewalk-java
- version 4.1.41-1
  * Move pickedup actions to history as soon as they are pickedup (bsc#1191444)
  * On salt-ssh minions, enforce package list refresh after state apply
  * Fix internal server error on DuplicateSystemsCompare (bsc#1191643)
  * mgr-sync refresh logs when a vendor channel is expire and shows how to remove it (bsc#1191222)
  * Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951)
  * Add checksums to repository metadata filenames (bsc#1188315)
  * Fix ISE in product migration if base product is missing (bsc#1190151)
  * use TLSv1.3 if it is a supported Protocol
  * Adapt auto errata update to respect maintenance windows
  * Adapt auto errata update to skip during CLM build (bsc#1189609)
  * Update kernel live patch version on minion startup (bsc#1190276)
- version 4.1.40-1
- Allow getting all completed actions via XMLRPC without display limit (bsc#1181223)
- Add XMLRPC API to force refreshing pillar data (bsc#1190123)
- Add missing string on XCCDF scan results (bsc#1190164)
- Support syncing patches with advisory status 'pending' (bsc#1190455)
- Ignore duplicates in 'pkg.installed' result when applying patches (bsc#1187572)
- XMLRPC: Add call for listing application monitoring endpoints
- Do not log XMLRPC fault exceptions as errors (bsc#1188853)
- Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)
- Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)
- Fix timezone offset shifted by JS Date Object (bsc#1187150)
spacewalk-reports
- version 4.1.4-1
  * Improve performance of inventory report (bsc#1191495)
spacewalk-setup
- version 4.1.9-1
- Increase max size for uploaded files to Salt master
spacewalk-utils
- version 4.1.18-1
- When renaming: don't regenerate CA, allow using third-party
  certificate and trigger pillar refresh (bsc#1190123)
spacewalk-web
- version 4.1.30-1
  * Update Web UI version to 4.1.12
- version 4.1.29-1
- Fix timezone offset shifted by JS Date Object (bsc#1187150)
subscription-matcher
- Version 0.27
  * update subscription rules for new SKUs (bsc#1189818)
- Adapted for RHEL build.
- Made Guava a minimum requirement (instead of a specific one).
sudo
- Update to 1.8.27
  - jsc#SLE-17083
  - Rebased the following patches:
    sudo-1.8.22-CVE-2019-18634.patch
    sudo-1.8.22-fix_listpw.patch
    sudo-1.8.22-pam_xauth.patch
    sudo-CVE-2019-14287.patch
    sudo-CVE-2021-23239.patch
    sudo-CVE-2021-23240.patch
    sudo-CVE-2021-3156.patch
    sudo-fix-bsc-1180687.patch
    sudo-sudoers.patch
  - Deleted sudoers2ldif-env.patch
  - Added from SLE-12-SP5:
  * sudo-1.8.27-ipa_hostname.patch
  * sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
  - Major changes between version 1.8.27 and 1.8.26:
  * Fixes and clarifications to the sudo plugin documentation.
  * The sudo manuals no longer require extensive post-processing to hide
    system-specific features. Conditionals in the roff source are now used
    instead. This fixes corruption of the sudo manual on systems without BSD
    login classes. Bug #861.
  * If an I/O logging plugin is configured but the plugin does not actually
    log any I/O, sudo will no longer force the command to be run in a pseudo-tty.
  * In visudo, it is now possible to specify the path to sudoers without
    using the -f option. Bug #864.
  * Fixed a bug introduced in sudo 1.8.22 where the utmp (or utmpx) file
    would not be updated when a command was run in a pseudo-tty. Bug #865.
  * Sudo now sets the silent flag when opening the PAM session except when
    running a shell via sudo -s or sudo -i. This prevents the pam_lastlog
    module from printing the last login information for each sudo command.
    Bug #867.
  - Major changes between version 1.8.26 and 1.8.25p1:
  * Fixed a bug in cvtsudoers when converting to JSON format when alias
    expansion is enabled. Bug #853.
  * Sudo no long sets the USERNAME environment variable when running
    commands. This is a non-standard environment variable that was set on
    some older Linux systems.
  * Sudo now treats the LOGNAME and USER environment variables (as well as
    the LOGIN variable on AIX) as a single unit. If one is preserved or removed
    from the environment using env_keep, env_check or env_delete, so is the
    other.
  * Added support for OpenLDAP's TLS_REQCERT setting in ldap.conf.
  * Sudo now logs when the command was suspended and resumed in the I/O logs.
    This information is used by sudoreplay to skip the time suspended when
    replaying the session unless the new -S flag is used.
  * Fixed documentation problems found by the igor utility. Bug #854.
  * Sudo now prints a warning message when there is an error or end of file
    while reading the password instead of exiting silently.
  * Fixed a bug in the sudoers LDAP back-end parsing the command_timeout,
    role, type, privs and limitprivs sudoOptions. This also affected cvtsudoers
    conversion from LDIF to sudoers or JSON.
  * Fixed a bug that prevented timeout settings in sudoers from functioning
    unless a timeout was also specified on the command line.
  * Asturian translation for sudo from translationproject.org.
  * When generating LDIF output, cvtsudoers can now be configured to pad the
    sudoOrder increment such that the start order is used as a prefix. Bug #856.
  * If the user specifies a group via sudo's -g option that matches any of
    the target user's groups, it is now allowed even if no groups are present
    in the Runas_Spec. Previously, it was only allowed if it matched the target
    user's primary group.
  * The sudoers LDAP back-end now supports negated sudoRunAsUser and
    sudoRunAsGroup entries.
  * Sudo now provides a proper error message when the "/fqdn"/ sudoers option
    is set and it is unable to resolve the local host name. Bug #859.
  * Portuguese translation for sudo and sudoers from translationproject.org.
  * Sudo now includes sudoers LDAP schema for the on-line configuration
    supported by OpenLDAP.
  - Major changes between version 1.8.25p1 and 1.8.25:
  * Fixed a bug introduced in sudo 1.8.25 that caused a crash on systems that
    have the poll() function but not the ppoll() function. Bug #851.
  - Major changes between version 1.8.25 and 1.8.24:
  * Fixed a bug introduced in sudo 1.8.20 that broke formatting of I/O log
    timing file entries on systems without a C99-compatible snprintf()
    function. Our replacement snprintf() doesn't support floating point so we
    can't use the %f format directive.
  * I/O log timing file entries now use a monotonic timer and include
    nanosecond precision. A monotonic timer that does not increment while the
    system is sleeping is used where available.
  * When sudo runs a command in a pseudo-tty, the slave device is now closed
    in the main process immediately after starting the monitor process. This
    removes the need for an AIX-specific workaround that was added in sudo 1.8.24.
  * Fixed a bug displaying timeout values the "/sudo -V"/ output. The value
    displayed was 3600 times the actual value. Bug #846.
  * The testsudoers utility now supports querying an LDIF-format policy.
  * Fixed a regression introduced in sudo 1.8.24 where the LDAP and SSSD
    backends evaluated the rules in reverse sudoOrder. Bug #849.
  - Major changes between version 1.8.24 and 1.8.23:
  * The LDAP and SSS back-ends now use the same rule evaluation code as the
    sudoers file backend. This builds on the work in sudo 1.8.23 where the
    formatting functions for sudo -l output were shared. The handling of
    negated commands in SSS and LDAP is unchanged.
  * Fixed a regression introduced in 1.8.23 where sudo -i could not be used
    in conjunction with --preserve-env=VARIABLE. Bug #835.
  * cvtsudoers can now parse base64-encoded attributes in LDIF files.
  * Random insults are now more random.
  * Added SUDO_CONV_PREFER_TTY flag for conversation function to tell sudo to
    try writing to /dev/tty first. Can be used in conjunction with SUDO_CONV_
    INFO_MSG and SUDO_CONV_ERROR_MSG.
  * Fixed typos in the OpenLDAP sudo schema. Bugs #839 and #840. Bug #839 and
    bug #840.
  * Fixed a race condition when building with parallel make. Bug #842.
  * Fixed a duplicate free when netgroup_base in ldap.conf is set to an
    invalid value.
  * On systems using PAM, sudo now ignores the PAM_NEW_AUTHTOK_REQD and
    PAM_AUTHTOK_EXPIRED errors from PAM account management if authentication is
    disabled for the user. This fixes a regression introduced in sudo 1.8.23.
    Bug #843.
  * Fixed an ambiguity in the sudoers manual in the description and
    definition of User, Runas, Host, and Cmnd Aliases. Bug #834.
  * Fixed a bug that resulted in only the first window size change event
    being logged.
  * Fixed a compilation problem on systems that define O_PATH or O_SEARCH in
    fnctl.h but do not define O_DIRECTORY. Bug #844.
  - Major changes between version 1.8.23 and 1.8.22:
  * PAM account management modules and BSD auth approval modules are now run
    even when no password is required.
  * For kernel-based time stamps, if no terminal is present, fall back to
    parent-pid style time stamps.
  * The new cvtsudoers utility replaces both the sudoers2ldif script and the
    visudo -x functionality. It can read a file in either sudoers or LDIF
    format and produce JSON, LDIF or sudoers output. It is also possible to
    filter the generated output file by user, group or host name.
  * The file, ldap and sss sudoers backends now share a common set of
    formatting functions for "/sudo -l"/ output, which is also used by the
    cvtsudoers utility.
  * The /run directory is now used in preference to /var/run if it exists.
    Bug #822.
  * More accurate descriptions of the --with-rundir and --with-vardir
    configure options. Bug #823.
  * The setpassent() and setgroupent() functions are now used on systems that
    support them to keep the passwd and group database open. Sudo performs a
    lot of passwd and group lookups so it can be beneficial to avoid opening
    and closing the files each time.
  * The new case_insensitive_user and case_insensitive_group sudoers options
    can be used to control whether sudo does case-sensitive matching of users
    and groups in sudoers. Case insensitive matching is now the default.
  * Fixed a bug on some systems where sudo could hang on command exit when
    I/O logging was enabled. Bug #826.
  * Fixed a problem with the process start time test in make check when run
    in a Linux container. The test now uses the "/btime"/ field in /proc/stat to
    get the system start time instead of using /proc/uptime, which is the
    container uptime. Bug #829.
  * When determining which temporary directory to use, sudoedit now checks
    the directory for writability before using it. Previously, sudoedit only
    performed an existence check. Bug #827.
  * Sudo now includes an optional set of Monty Python-inspired insults.
  * Chinese (Taiwan) translation for sudo from translationproject.org.
- Add sudo-1.8.27-ipa_hostname.patch to fix special handling of
  ipa_hostname that was lost in sudo 1.8.24.
  We now include the long and short hostname in sudo parser container
  [bsc#1181371]
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED
  option is not set in /etc/ldap.conf
  * [bsc#1176473]
  * Added sudo-1.8.27-ldap-respect-SUDOERS_TIMED.patch
    From: https://www.sudo.ws/repos/sudo/rev/d1e1bb5a6cc1
supportutils-plugin-susemanager
- version 4.1.5-1
- detect broken symlinks in tomcat, taskomatic and search daemon
suse-module-tools
- Update to version 15.2.15:
  * fixup "/rpm-script: fix bad exit status in OpenQA (bsc#1191922)"/
- Update to version 15.2.14:
  * Bump version to 15.2.14
  * rpm-script: fix bad exit status in OpenQA (bsc#1191922)
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).
  * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
  * cert-script: Only print mokutil output in verbose mode.
  * kernel-scriptlets: skip cert scriptlet on non-UEFI systems (bsc#1191260)
  * inkmp-script(postun): don't pass  existing files to weak-modules2 (bsc#1191200)
- Update to version 15.2.13:
  * Import kernel scriptlets from kernel-source
    (bsc#1189841, bsc#1190598)
  * Provide "/suse-kernel-rpm-scriptlets"/
susemanager
- version 4.1.31-1
  * Add the gnupg package for ubuntu which is then needed by apt-key (bsc#1187998)
- version 4.1.30-1
  * Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap repository
    so bootstrapping without any enabled repositories is possible (bsc#1191898)
- version 4.1.29-1
- Abort migration if data_directory is defined at the PostgreSQL
susemanager-build-keys
- Version 15.2.5
- Add Debian 11 keys
- Added:
  * debian-archive-key-11-security-A48449044AAD5C5D.asc
  * debian-archive-key-11-73A4F27B8DD47936.asc
  * debian-release-11-605C66F00D6C9793.asc
susemanager-doc-indexes
- Add SLS state for keeping clients updated in Client Configuration
  Guide
- Fixed unpublished patches note in the server update chapter of the
  Upgrade Guide
- Added DNS resolution for minions to the troubleshooting section in
  the Client Configuration Guide
- Documented low disc space warnings in the managing disk space chapter
  of the Administration Guide
- In the ports section of the Installation Guide, mention tftpsync
  explicitly for port 443 (bsc#1190665)
- In server upgrade procedure of the Upgrade Guide, add zypper ref step
  to refresh repositories reliably
- Update effective_cache_size section of the Salt Guide
  (bsc#1191274)
- Documented new filter in the content lifecycle management chapter of
  the Administration Guide
- Added aarch64 support for clients in the Installation Guide and
  Client Configuration Guide
- Documented AWS Permissions for Virtual Host Manager in VHM and
  Amazon Web Services chapter of the Client Configuration Guide
- Removed an outdated patches note in the server update chapter of the
  Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
  commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
  of the Administration Guide
- Update for hostname renaming documentation
- Add information about pam service name limitations
- Added warning about future deprecation of traditional clients
- Updated Setup section in the Installation Guide on trouble
  shooting freely available products
- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server
  Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS
  as supported client systems in the Client Configuration Guide
  (bsc#1188656)
- Correct package name for PAM authentication (bsc#1171483)
- Added more information on Salt ssh user configuration in the Salt
  Guide (bsc#1187549)
- Documented KIWI options and profile selection in Administration Guide.
- Added note about autoinstallation kernel options and Azure clients
- Removed conflict appearing on mangled pages (bsc#1172671)
susemanager-docs_en
- Add SLS state for keeping clients updated in Client Configuration
  Guide
- Fixed unpublished patches note in the server update chapter of the
  Upgrade Guide
- Added DNS resolution for minions to the troubleshooting section in
  the Client Configuration Guide
- Documented low disc space warnings in the managing disk space chapter
  of the Administration Guide
- In the ports section of the Installation Guide, mention tftpsync
  explicitly for port 443 (bsc#1190665)
- In server upgrade procedure of the Upgrade Guide, add zypper ref step
  to refresh repositories reliably
- Update effective_cache_size section of the Salt Guide
  (bsc#1191274)
- Documented new filter in the content lifecycle management chapter of
  the Administration Guide
- Added aarch64 support for clients in the Installation Guide and
  Client Configuration Guide
- Documented AWS Permissions for Virtual Host Manager in VHM and
  Amazon Web Services chapter of the Client Configuration Guide
- Removed an outdated patches note in the server update chapter of the
  Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
  commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
  of the Administration Guide
- Update for hostname renaming documentation
- Add information about pam service name limitations
- Added warning about future deprecation of traditional clients
- Updated Setup section in the Installation Guide on trouble
  shooting freely available products
- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server
  Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS
  as supported client systems in the Client Configuration Guide
  (bsc#1188656)
- Correct package name for PAM authentication (bsc#1171483)
- Added more information on Salt ssh user configuration in the Salt
  Guide (bsc#1187549)
- Documented KIWI options and profile selection in Administration Guide.
- Added note about autoinstallation kernel options and Azure clients
- Removed conflict appearing on mangled pages (bsc#1172671)
susemanager-schema
- version 4.1.23-1
- Support syncing patches with advisory status 'pending' (bsc#1190455)
- Fix wrongly assigned entitlements due to system transfer (bsc#1188032)
susemanager-sls
- version 4.1.31-1
  * Fix mgrcompat state module to work with Salt 3003 and 3004
  * Update kernel live patch version on minion startup (bsc#1190276)
susemanager-sync-data
- version 4.1.16-1
- set OES 2018 SP3 to released
syslinux
- Link all binaries as Position Independent Executables (bsc#1184124).
  + syslinux-4.04-pie.diff
systemd
- Add 0001-core-prevent-bus_init_api-from-being-called-recursiv.patch
- Import commit 43e57122ef9856db4ec4a8a2758bc8f73d2d1835
  1a6747aa01 umount: show correct error message
  e4b8a01ca5 core/umount: fix unitialized fields in MountPoint in dm_list_get()
- Fix IO scheduler udev rules
  * 60-io-scheduler.rules: don't use BFQ for real multiqueue devices
    (jsc#SLE-21032, bsc#1192161)
  * 60-io-scheduler.rules: use "/none"/ for multipath components
    (bsc#1192161)
- Import commit d126915ede24b052216ca940155ea5531970aa95
  f2cf0ac034 busctl: use usec granularity for the timestamp printed by the busctl monitor command (jsc#SLE-21862 jsc#SLE-18102 jsc#SLE-18103)
- Import commit 5acd9826521306d7b312826135afe491bd889a29
  df05d5b906 shutdown: Reduce log level of unmounts (bsc#1191252)
  31f2b51c18 umount: Don't bother remounting api and ro filesystems read-only
  4914963481 umount: Provide the same mount flags too when remounting read-only
  04463997a7 umount: Decide whether to remount read-only earlier
  143aed644f umount: Add more asserts and remove some unused arguments
  09c7ad555d umount: Fix memory leak
  1899743f50 shutdown: explicitly set a log target in shutdown.c
  a66287c2fe test: add tests for mount_option_mangle()
  036077c2a0 mount-util: add mount_option_mangle()
  e90a30bc86 dissect: automatically mark partitions read-only that have a read-only file system
  b09a5f1835 build-sys: require libmount >= 2.30 (#6795)
  2679668b86 systemd-shutdown: use log_set_prohibit_ipc(true)
  32625253bc rationalize interface for opening/closing logging
  46774b1d21 pid1: when we can't log to journal, remember our fallback log target
  cd994c1e81 log: remove LOG_TARGET_SAFE pseudo log target
  8d4ec9ec2e log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
  a914dd2003 pid1: make use of new "/prohibit_ipc"/ logging flag in PID 1 (bsc#1189803)
  496668c670 log: add new "/prohibit_ipc"/ flag to logging system
  9df8261e38 log: make log_set_upgrade_syslog_to_journal() take effect immediately
  15b3fcf953 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
  1898f668dd core: rework how we connect to the bus (bsc#1190325)
  22a4287477 dbus: split up bus_done() into seperate functions
  42ce096d80 machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
  39ea02b718 virt: detect Amazon EC2 Nitro instance (bsc#1190440)
  ef0253c6e5 virt: if we detect Xen by DMI, trust that over CPUID
- Import commit dc982a577e6d3eea8832083f470e48f6fbf227cc
  ddc6c90310 basic/unit-name: adjust comments
  390bc4e04f basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
  b83b235cac unit-name: generate a clear error code when converting an overly long fs path to a unit name
  4fd60931a5 unit-name: tighten checks for building valid unit names
  513c103faf manager: reexecute on SIGRTMIN+25, user instances only
  ff761f71a9 logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
  b236f23d9d units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
- Dropped 1001-unit-name-tighten-checks-for-building-valid-unit-nam.patch
  Dropped 1002-unit-name-generate-a-clear-error-code-when-convertin.patch
  Dropped 1003-basic-unit-name-do-not-use-strdupa-on-a-path.patch
  Dropped 1004-basic-unit-name-adjust-comments.patch
  These patches have been merged in branch SUSE/v234.
- Update 60-io-scheduler.rules (jsc#SLE-21032, bsc#1134353)
  * rules weren't applied to dm devices (multipath), fix it
    (bsc#1188713)
  * ignore obsolete "/elevator"/ kernel parameter (bsc#1184994, bsc#1190234)
    ("/elevator"/ did falsely overide settings even for blk-mq, fixed).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Avoid the error message when udev is updated due to udev being
  already active when the sockets are started again (bsc#1188291)
- Allow the systemd sysusers config files to be overriden during
  system installation (bsc#1171962).
- While at it, add a comment to explain why we don't use
  %sysusers_create in %pre and why it should be safe in %post.
timezone
- timezone update 2021e (bsc#1177460):
  * Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
  * Fiji suspends DST for the 2021/2022 season
  * 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
  * Revert almost all of 2021b's changes to the 'backward' file
  * Fix a bug in 'zic -b fat' that caused old timestamps to be
    mishandled in 32-bit-only readers
- timezone update 2021b:
  * Jordan now starts DST on February's last Thursday.
  * Samoa no longer observes DST.
  * Move some backward-compatibility links to 'backward'.
  * Rename Pacific/Enderbury to Pacific/Kanton.
  * Correct many pre-1993 transitions in Malawi, Portugal, etc.
  * zic now creates each output file or link atomically.
  * zic -L no longer omits the POSIX TZ string in its output.
  * zic fixes for truncation and leap second table expiration.
  * zic now follows POSIX for TZ strings using all-year DST.
  * Fix some localtime crashes and bugs in obscure cases.
  * zdump -v now outputs more-useful boundary cases.
  * tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
tomcat
  * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
  * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
- Added patches:
  * tomcat-9.0-CVE-2021-30640.patch
  * tomcat-9.0-CVE-2021-33037.patch
- Fixed CVEs:
  * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
  * tomcat-9.0-CVE-2021-41079.patch
- Fixed CVEs:
util-linux
- Update to version 2.33.2 to provide seamless update
  from SLE12 SP5 to SLE15 SP2:
  * agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
  * mount: Fix "/mount"/ output for net file systems (bsc#1122417).
  * Many Other fixes, see
    https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes
  * obsoletes util-linux-agetty-smart-reload-13.patch,
    util-linux-agetty-smart-reload-14.patch.
  * ported util-linux-libmount-pseudofs.patch
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Fix ipcs testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
  util-linux-ipcs-shmall-overflow-1.patch,
  util-linux-ipcs-shmall-overflow-2.patch).
util-linux-systemd
- Update to version 2.33.2 to provide seamless update
  from SLE12 SP5 to SLE15 SP2:
  * agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
  * mount: Fix "/mount"/ output for net file systems (bsc#1122417).
  * Many Other fixes, see
    https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes
  * obsoletes util-linux-agetty-smart-reload-13.patch,
    util-linux-agetty-smart-reload-14.patch.
  * ported util-linux-libmount-pseudofs.patch
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Fix ipcs testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
  util-linux-ipcs-shmall-overflow-1.patch,
  util-linux-ipcs-shmall-overflow-2.patch).
xen
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
  designated memory limit (XSA-385)
  xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
  xen: PoD operations on misaligned GFNs (XSA-388)
  xsa388-1.patch
  xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
  with partially successful P2M updates on x86 (XSA-389)
  xsa389.patch
- Upstream bug fixes (bsc#1027519)
  6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
  6138b7a2-x86-AMD-enum-speculative-hints.patch
  6138b7a3-x86-AMD-use-newer-SSBD.patch
  6139f1b1-x86-spec-ctrl-print-AMD-features.patch
  6148453b-VT-d-hidden-devices-unmap.patch
  6148455f-VT-d-PCI-segment-numbers-16-bits.patch
  61532102-PCI-bridge-with-subord-bus-0xFF.patch
  61655b5a-AMD-IOMMU-hidden-devices-flush.patch
- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs
  not deassigned correctly (XSA-386)
  615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
- Update to Xen 4.13.4 bug fix release (bsc#1027519)
  xen-4.13.4-testing-src.tar.bz2
- Drop patches contained in new tarball
  5e5001ee-x86-p2m-PoD-accounting-in-gpae.patch
  5e86fa2a-x86-p2m_remove_page-retval.patch
  5e86fa57-x86-p2m-remove-MFN-check.patch
  5f92909a-PCI-cleanup-MSI-before-removing-device.patch
  6011bbc7-x86-timer-fix-boot-without-PIT.patch
  60631c38-VT-d-QI-restore-flush-hooks.patch
  60700077-x86-vpt-avoid-pt_migrate-rwlock.patch
  60787714-x86-HPET-factor-legacy-replacement-mode-enabling.patch
  60787714-x86-HPET-avoid-legacy-replacement-mode.patch
  608676f2-VT-d-register-based-invalidation-optional.patch
  60a27288-x86emul-gas-2-36-test-harness-build.patch
  60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
  60be0e24-credit2-pick-runnable-unit.patch
  60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
  60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
  60bf9e19-Arm-create-dom0less-domUs-earlier.patch
  60bf9e1a-Arm-boot-modules-scrubbing.patch
  60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
  60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
  60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
  60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
  60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
  60bfa904-AMD-IOMMU-wait-for-command-slot.patch
  60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
  60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
  60d49689-VT-d-undo-device-mappings-upon-error.patch
  60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
  60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
  60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
  60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
  61122ac6-credit2-avoid-spuriously-picking-idle.patch
  611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
  611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
  6126339d-AMD-IOMMU-global-ER-extending.patch
  6126344f-AMD-IOMMU-unity-map-handling.patch
  61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch
  6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch
  6126349a-AMD-IOMMU-rearrange-reassignment.patch
  612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch
  612634c3-x86-p2m-introduce-p2m_is_special.patch
  612634dc-x86-p2m-guard-identity-mappings.patch
  612634f4-x86-mm-widen-locked-region-in-xatp1.patch
  6126350a-gnttab-release-mappings-preemption.patch
  6126351f-gnttab-replace-mapkind.patch
  6126353d-gnttab-get-status-frames-array-capacity.patch
  61263553-Arm-restrict-maxmem-for-dom0less.patch
  6128a856-gnttab-radix-tree-node-init.patch
  xsa384.patch
- bsc#1189632 - VUL-0: CVE-2021-28701: xen: Another race in
  XENMAPSPACE_grant_table handling (XSA-384)
  xsa384.patch
- Upstream bug fixes (bsc#1027519)
  5e5001ee-x86-p2m-PoD-accounting-in-gpae.patch (Replaces xsa378-0a.patch)
  5e86fa2a-x86-p2m_remove_page-retval.patch (Replaces xsa378-0b.patch)
  5e86fa57-x86-p2m-remove-MFN-check.patch (Replaces xsa378-0c.patch)
  61001231-x86-work-around-GNU-ld-2-37-issue.patch
  611a7e38-x86-CET-shstk-WARN-manipulation.patch
  611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
  6128a856-gnttab-radix-tree-node-init.patch
  611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
  61122ac6-credit2-avoid-spuriously-picking-idle.patch (Replaces
    credit2-avoid-picking-a-spurious-idle-unit-when-caps-are-used.patch)
  6126339d-AMD-IOMMU-global-ER-extending.patch (Replaces xsa378-1.patch)
  6126344f-AMD-IOMMU-unity-map-handling.patch (Replaces xsa378-2.patch)
  61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch (Replaces xsa378-3.patch)
  6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch (Replaces xsa378-4.patch)
  6126349a-AMD-IOMMU-rearrange-reassignment.patch (Replaces xsa378-5.patch)
  612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch (Replaces xsa378-6.patch)
  612634c3-x86-p2m-introduce-p2m_is_special.patch (Replaces xsa378-7.patch)
  612634dc-x86-p2m-guard-identity-mappings.patch (Replaces xsa378-8.patch)
  612634f4-x86-mm-widen-locked-region-in-xatp1.patch (Replaces xsa379.patch)
  6126350a-gnttab-release-mappings-preemption.patch (Replaces xsa380-1.patch
  6126351f-gnttab-replace-mapkind.patch (Replaces xsa380-2.patch)
  6126353d-gnttab-get-status-frames-array-capacity.patch (Replaces xsa382.patch)
  61263553-Arm-restrict-maxmem-for-dom0less.patch (Replaces xsa383.patch)
xfsprogs
- xfsprogs-devel: add libhandle1 dependency following split
  (bsc#1191566)
- xfs_admin: support external log devices (bsc#1189984)
  * Add xfsprogs-xfs_admin-support-external-log-devices.patch
- xfs_quota: state command should report ugp grace times (bsc#1189983)
  * Add xfsprogs-xfs_quota-display-warning-limits-when-printing-quota.patch
  * Add xfsprogs-xfs_quota-state-command-should-report-ugp-grace-time.patch
- xfsprogs: Remove barrier/nobarrier mount options from xfs.5
  (bsc#1191675)
  * Add xfsprogs-man-Remove-barrier-nobarrier-mount-options-from.patch
- xfs_io: add label command (bsc#1191500)
  * Add xfsprogs-xfs_io-add-label-command.patch
- xfs_bmap: remove -c from manpage (bsc#1189552)
- xfs_bmap: don't reject -e (bsc#1189552)
  * Add xfsprogs-xfs_bmap-remove-c-from-manpage.patch
  * Add xfsprogs-xfs_bmap-don-t-reject-e.patch
- xfs_repair: check plausibility of root dir pointer before trashing it
  (bsc#1188651)
  * Add xfsprogs-xfs_repair-refactor-fixed-inode-location-checks.patch
  * Add xfsprogs-xfs_repair-check-plausibility-of-root-dir-pointer-be.patch
- xfsprogs: split libhandle1 into a separate package, since nothing
  within xfsprogs dynamically links against it. The shared library
  is still required by xfsdump as a runtime dependency.
- mkfs.xfs: fix ASSERT on too-small device with stripe geometry
  (bsc#1181536)
  * Add xfsprogs-mkfs.xfs-fix-ASSERT-on-too-small-device-with-stripe-.patch
- mkfs.xfs: if either sunit or swidth is nonzero, the other must be as
  well (bsc#1085917, bsc#1181535)
  * Add xfsprogs-mkfs.xfs-if-either-sunit-or-swidth-is-nonzero-the-ot.patch
- xfs_growfs: refactor geometry reporting (bsc#1181306)
  * Add xfsprogs-xfs_growfs-refactor-geometry-reporting.patch
- xfs_growfs: allow mounted device node as argument (bsc#1181299)
  * Add xfsprogs-libfrog-fs_table_lookup_mount-should-realpath-the-ar.patch
  * Add xfsprogs-xfs_fsr-refactor-mountpoint-finding-to-use-libfrog-p.patch
  * Add xfsprogs-xfs_growfs-allow-mounted-device-node-as-argument.patch
- xfs_repair: rebuild directory when non-root leafn blocks claim block 0
  (bsc#1181309)
  * Add xfsprogs-xfs_repair-rebuild-directory-when-non-root-leafn-blo.patch
xstream
- Upgrade to 1.4.18
  * Security fixes
    + This maintenance release addresses following security
    vulnerabilities, when unmarshalling with an XStream instance
    using the default blacklist of an uninitialized security
    framework. XStream is therefore now using a whitelist by
    default. (CVE-2021-39139, CVE-2021-39140, CVE-2021-39141,
    CVE-2021-39144, CVE-2021-39145, CVE-2021-39146,
    CVE-2021-39147, CVE-2021-39148, CVE-2021-39149,
    CVE-2021-39150, CVE-2021-39151, CVE-2021-39152,
    CVE-2021-39153, CVE-2021-39154, bsc#1189798)
  * Minor changes
    + Support serializable types with non-serializable parent with
    PureJavaReflectionConverter.
  * Stream compatibility
    + Starting with version 1.14.12 nine years ago, XStream contains
    a Security Framework to implement a black- or whitelist for
    the allowed types at deserialization time. Until version
    1.4.17, XStream kept a default blacklist in order to deny all
    types of the Java runtime, which are used for all kinds of
    security attacks, in order to guarantee optimal runtime
    compatibility for existing users. However, this approach has
    failed. The last months have shown, that the Java runtime
    alone contains dozens of types that can be used for an attack,
    not even looking at the 3rd party libraries on a classpath.
    The new version of XStream uses therefore now by default a
    whitelist, which is recommended since nine years. It also has
    been complaining on the console for a long time about an
    uninitialized security framework the first time it was run.
    Anyone who has followed the advice and initialized the
    security framework for their own scenario can easily update
    to the new version without any problem. Everyone else will
    have to do a proper initialization now, otherwise the new
    version will fail with certainty at deserialization time.
- Modified patch:
  * Revert-MXParser-changes.patch
    + rediff to changed context
yast2-add-on
- Auto client does not crash when trying to import from an
  empty add-on section (bsc#1189154).
- 4.2.18
yast2-country
- Move the keyboards database to lib/ to make the module compatible
  with the self-update mechanism (bsc#1189461).
- 4.2.23
- AutoYaST: allow empty /profile/timezone/timezone setting,
  meaning to keep the UTC default (bsc#1188406).
- 4.2.22
yast2-installation
- Filter the installation proposals (in the Installation Settings
  screen) according to the AutoYaST profile even before
  tab switching (related to bsc#1190294)
- 4.2.54
- Activate devices before probing (bsc#1187220).
- 4.2.53
- Backport gh#872 by schubi@suse.de:
  - Moving <files> section handling from second installation stage
    to first installation stage. (bsc#1174194)
- 4.2.52
yast2-network
- Fixed interfaces table description for s390 Group devices
  (bsc#1192560).
- 4.2.109
- Replace calls to dropped method InterfacesTable#friendly_name
  (bsc#1192560).
- 4.2.108
- AutoYaST
  - When the interface section contains the "/device"/ (deprecated)
    and "/name"/ elements then use the "/device"/ as the "/name"/ and the
    "/name"/ as the "/description"/. (bsc#1192270)
  - Add the "/description"/ element to the interface section.
- 4.2.107
- Do not crash when checking if a virtual interface is connected
  (bsc#1192183, bsc#1192270).
- 4.2.106
- Do not crash when the interfaces table contains a not configured
  one (bnc#1190645, bsc#1190915)
- Fix the shown description using the interface friendly name when
  it is empty (bsc#1190933)
- 4.2.105
- Consider aliases sections as case insensitive (bsc#1190739).
- 4.2.104
- bnc#1190645
  - display user defined device name in the devices overview
- 4.2.103
yast2-registration
- Fixed evaluating the update repositories (bsc#1188717),
  the SUSE Manager update repositories were not disabled
  when installing the system without updates
- 4.2.47
yast2-schema
- Add 'description' to the interfaces in the networking section
  (bsc#1192270).
- 4.2.16
- Update the rules.xml schema:
  - add the "/hostname"/ element (bsc#1190696).
  - remove the 'haspcmica' element (related to bsc#1183352).
- 4.2.15
- Add missing elements to rules.xml schema:
  - installed_product and installed_product_version (boo#1176089)
  - dialog section (bsc#1188153)
- 4.2.14
yast2-storage-ng
- Set the volume group extent size according to the AutoYaST
  profile (bsc#1192124).
- 4.2.119
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.2.118
- ensure mount options are not doubled (bsc#1186298)
- 4.2.117
- try harder matching device names (bsc#1186268)
- 4.2.116
yast2-users
- Do not rewrite authorized_keys unless it is needed (bsc#1188361).
- 4.2.13
zypper
- Fix compiler warning.
- zypper.conf: New option whether to collect subcommands found in
  $PATH (fixes #379)
  +[subcommand] i
  +
  +##  Whether to look for subcommands in $PATH
  +##
  +## If a subcommand is not found in the zypper_execdir, the wrapper
  +## will look in the rest of your $PATH for it. Thus, it's possible
  +## to write local zypper extensions that don't live in system space.
  +## See section SUBCOMMANDS in the zypper manpage.
  +##
  +## Valid values: boolean
  +## Default value: yes
  +##
  +# seachSubcommandInPath = yes.
- help subcommand: show path of command found in $PATH.
- version 1.14.50
- Avoid calling 'su' to detect a too restrictive sudo user umask
  (bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires:  libzypp-devel >= 17.28.3.
- version 1.14.49
- Support new reports for singletrans rpm commit.
- BuildRequires:  libzypp-devel >= 17.27.1.
  For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
  free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
  prompt (fixes #403)
  These packages are usually more interesting than the updated
  ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
  (bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
  packages to the latest version (bsc#1187466)
- version 1.14.47