NetworkManager
- Drop nm-add-CAP_CHOWN-capability.patch: This solution was denied
  by upstream maintainers.
- Add nm-add-CAP_CHOWN-capability.patch: Add CAP_CHOWN to
  CapabilityBoundingSet to make teamd work properly
  (glfo#NetworkManager/NetworkManager!860, bsc#1185424).
- Exclude systemd.automount from nfs processing: fix boo#1116625
  as suggested from Neil Brown
SUSEConnect
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
aaa_base
- use autopatch
  - update first two patches from git originals to have the
    same apply depth as the rest:
  - git-01-61c106aac03930e03935172eaf94d92c02a343bd.patch
  - git-02-4e5fe2a6ec5690b51a369d2134a1119962438fd1.patch
  - fix get_kernel_version.c to work also for recent kernels
    on the s390/X platform (bsc#1191563)
  - git-37-dfc5b8af96bec249e44a83d573af1f95a661a85c.patch
  - support xz compressed kernel (bsc#1162581)
  - git-38-4c0060639f6fa854830a708a823976772afe7764.patch
  - Fixing possible resource leak
  - git-39-df622b89bc92fd882a6715c5743095528a643546.patch
  - excluding new kernel string in version search
- Add git-36-16d1cb895c2742e96a56af98111f8281bedd3188.patch:
  * Add $HOME/.local/bin to PATH, if it exists (bsc#1192248)
- Add patch git-34-9a1bc15517d6da56d75182338c0f1bc4518b2b75.patch
  * sysctl.d/50-default.conf:
    allow everybody to create IPPROTO_ICMP sockets (bsc#1174504)
- Add patch git-35-91f496b1f65af29832192bad949685a7bc25da0a.patch
  * sysctl.d/50-default.conf: fix ping_group_range syntax error
apache2
  fix CVE-2021-40438 [bsc#1190703], SSRF via a crafted request uri-path
  + apache2-CVE-2021-40438.patch
  fix CVE-2021-36160 [bsc#1190702], out-of-bounds read via a crafted request uri-path
  + apache2-CVE-2021-36160.patch
  fix CVE-2021-39275 [bsc#1190666], out-of-bounds write in ap_escape_quotes() via malicious input
  + apache2-CVE-2021-39275.patch
  fix CVE-2021-34798 [bsc#1190669], NULL pointer dereference via malformed requests
  + apache2-CVE-2021-34798.patch
- security update
- added patches
apache2-mod_wsgi-python3
- Enable installation of Python sitelib wrapper
  This enabled Python Projects to require mod_wsgi in the install_requires
  without receiving a "/DistributionNotFound"/ error on entrypoint script
  generated by setuptools
- Backport of https://build.opensuse.org/request/show/794038
- Fixes bsc#1189467
apparmor
- fixed requires of python3 module (bsc#1191690).
- Don't provide python2 symbol for python3 package (bsc#1191690).
- Be explicit about using python2 macros, when needed.
augeas
- Allow all printable ASCII characters in WPA-PSK definition
  * augeas-allow_printable_ASCII.patch
  * bsc#1187512
  * Sourced from https://github.com/hercules-team/augeas/pull/723/commits
  * Credit to Michal Filka <mfilka@suse.com
autoyast2
- Add the "/keep_unknown_lv"/ element to the partitioning schema
  (bsc#1191968).
- 4.3.91
- Add the "/hostname"/ element to the rules schema (bsc#1190696).
- 4.3.90
- Ensure closing notification pop-ups even if a user script
  was not executed to prevent "/No widget with ID ..."/ error pop-up
  (bsc#1188930, bsc#1188716)
- 4.3.89
- Fixed handling of the "/final_reboot"/ and "/final_halt"/ options,
  add the custom scripts only once and avoid displaying
  a warning popup during installation (bsc#1188356)
- 4.3.88
- Copy the init-scripts to the right location during 1st stage
  (bsc#1188360).
- 4.3.87
azure-cli
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- Add missing python3-azure-mgmt-resource dependency to Requires
- New upstream release
  + Version 2.16.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
  + Version 2.15.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
- New upstream release
azure-cli-core
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 2.16.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Refresh patches for new version
  + acc_disable-update-check.patch
- Update Requires from setup.py
  + Temporarily use a vendored copy of azure-mgmt-resource
- New upstream release
  + Version 2.15.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
binutils
- Add binutils-revert-hlasm-insns.diff for compatibility on old
  code stream that expect 'brcl 0,label' to not be disassembled
  as 'jgnop label' on s390x.  [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
  (boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
  toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
  PR28422, PR28192, PR28391.  Also adds some s390x arch14
  instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
  binutils in different ways, adds  binutils-compat-old-behaviour.diff
  and adjusts binutils-revert-nm-symversion.diff and
  binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
  * The GNU Binutils sources now requires a C99 compiler and library to
    build.
  * Support for the arm-symbianelf format has been removed.
  * Support for Realm Management Extension (RME) for AArch64 has been
    added.
  * A new linker option '-z report-relative-reloc' for x86 ELF targets
    has been added to report dynamic relative relocations.
  * A new linker option '-z start-stop-gc' has been added to disable
    special treatment of __start_*/__stop_* references when
  - -gc-sections.
  * A new linker options '-Bno-symbolic' has been added which will
    cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
  * The readelf tool has a new command line option which can be used to
    specify how the numeric values of symbols are reported.
  - -sym-base=0|8|10|16 tells readelf to display the values in base 8,
    base 10 or base 16.  A sym base of 0 represents the default action
    of displaying values under 10000 in base 10 and values above that in
    base 16.
  * A new format has been added to the nm program.  Specifying
    '--format=just-symbols' (or just using -j) will tell the program to
    only display symbol names and nothing else.
  * A new command line option '--keep-section-symbols' has been added to
    objcopy and strip.  This stops the removal of unused section symbols
    when the file is copied.  Removing these symbols saves space, but
    sometimes they are needed by other tools.
  * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
    supported by objcopy now make undefined symbols weak on targets that
    support weak symbols.
  * Readelf and objdump can now display and use the contents of .debug_sup
    sections.
  * Readelf and objdump will now follow links to separate debug info
    files by default.  This behaviour can be stopped via the use of the
    new '-wN' or '--debug-dump=no-follow-links' options for readelf and
    the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
    the old behaviour can be restored by the use of the
    '--enable-follow-debug-links=no' configure time option.
    The semantics of the =follow-links option have also been slightly
    changed.  When enabled, the option allows for the loading of symbol
    tables and string tables from the separate files which can be used
    to enhance the information displayed when dumping other sections,
    but it does not automatically imply that information from the
    separate files should be displayed.
    If other debug section display options are also enabled (eg
    '--debug-dump=info') then the contents of matching sections in both
    the main file and the separate debuginfo file *will* be displayed.
    This is because in most cases the debug section will only be present
    in one of the files.
    If however non-debug section display options are enabled (eg
    '--sections') then the contents of matching parts of the separate
    debuginfo file will *not* be displayed.  This is because in most
    cases the user probably only wanted to load the symbol information
    from the separate debuginfo file.  In order to change this behaviour
    a new command line option --process-links can be used.  This will
    allow di0pslay options to applied to both the main file and any
    separate debuginfo files.
  * Nm has a new command line option: '--quiet'.  This suppresses "/no
    symbols"/ diagnostic.
- Includes fixes for these CVEs:
  bnc#1181452 aka CVE-2021-20197 aka PR26945
  bnc#1183511 aka CVE-2021-20284 aka PR26931
  bnc#1184519 aka CVE-2021-20294 aka PR26929
  bnc#1184620 aka CVE-2021-3487 aka PR26946
  bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
  bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
  binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
  binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
  ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
  on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
  patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
  It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
  0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
  New features in the Assembler:
    General:
  * When setting the link order attribute of ELF sections, it is now
    possible to use a numeric section index instead of symbol name.
  * Added a .nop directive to generate a single no-op instruction in
    a target neutral manner.  This instruction does have an effect on
    DWARF line number generation, if that is active.
  * Removed --reduce-memory-overheads and --hash-size as gas now
    uses hash tables that can be expand and shrink automatically.
    X86/x86_64:
  * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
    Locker instructions.
  * Support non-absolute segment values for lcall and ljmp.
  * Add {disp16} pseudo prefix to x86 assembler.
  * Configure with --enable-x86-used-note by default for Linux/x86.
    ARM/AArch64:
  * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
    Cortex-R82, Neoverse V1, and Neoverse N2 cores.
  * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
    Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
    Stack Recorder Extension) and BRBE (Branch Record Buffer
    Extension) system registers.
  * Add support for Armv8-R and Armv8.7-A ISA extensions.
  * Add support for DSB memory nXS barrier, WFET and WFIT
    instruction for Armv8.7.
  * Add support for +csre feature for -march. Add CSR PDEC
    instruction for CSRE feature in AArch64.
  * Add support for +flagm feature for -march in Armv8.4 AArch64.
  * Add support for +ls64 feature for -march in Armv8.7
    AArch64. Add atomic 64-byte load/store instructions for this
    feature.
  * Add support for +pauth (Pointer Authentication) feature for
  - march in AArch64.
    New features in the Linker:
  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new
    command-line option --ctf-share-types describes how to do this:
    its default value, share-unconflicted, produces the most compact
    output.
  * The linker now omits the "/variable section"/ from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.
  New features in other binary tools:
  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
  - -no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.
- Includes fixes for these CVEs:
  bnc#1179898 aka CVE-2020-16590 aka PR25821
  bnc#1179899 aka CVE-2020-16591 aka PR25822
  bnc#1179900 aka CVE-2020-16592 aka PR25823
  bnc#1179901 aka CVE-2020-16593 aka PR25827
  bnc#1179902 aka CVE-2020-16598 aka PR25840
  bnc#1179903 aka CVE-2020-16599 aka PR25842
  bnc#1180451 aka CVE-2020-35493 aka PR25307
  bnc#1180454 aka CVE-2020-35496 aka PR25308
  bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
  * binutils-fix-relax.diff
  * binutils-revert-nm-symversion.diff
  * binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
blktrace
- Fix crash due to dropped first event while using pipe input (bsc#1191788).
  * blkparse: skip check_cpu_map with pipe input
  * blkparse: fix incorrectly sized memset in check_cpu_map
  * Added:
  - blkparse-skip-check_cpu_map-with-pipe-input.patch
  - blkparse-fix-incorrectly-sized-memset-in-check_cpu_m.patch
brotli
- Fix CVE-2020-8927, decoder: integer overflow when input chunk
  is larger than 2GiB. (CVE-2020-8927, bsc#1175825)
  * fix-cve-2020-8927.patch
ca-certificates-mozilla
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
  (bsc#1190858)
cobbler
- Fixed modify_setting test to complete successfully
- Added:
  * v3-1-2-fix-failing-test-after-cve-fix.patch
containerd
- Update to containerd v1.4.11, to fix CVE-2021-41103 bsc#1191121. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Install systemd service file as well (fixes bsc#1190826)
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
  - bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
cracklib
- %check: really test the package [bsc#1191736]
crash
- Fix build on ppc64 - it needs full TOC as much as ppc64le.
- Fix module loading (bsc#1190743 ltc#194414).
  + crash-mod-fix-module-object-file-lookup.patch
createrepo_c
- removed %is_opensuse (CtLG)
- disabled drpm for SLE/Leap 15.3
- Update to 0.16.0
  + Never do dir walk when --recycle-pkglist specified
  + Add automatic module metadata handling for repos (rh#1795936)
- Update to 0.15.11
  + Add python unittest for invalid date in updateinfo record get_datetime
  + Simplify case when attr is empty (prevents covscan warnings)
  + Fix couple of memory leaks, some mistakenly dead code and error handling
  + Add --arch-expand option
  + Fix spelling errors.
- Update to 0.15.7
  + Add relogin_suggested to updatecollectionpackage (rh#1779751)
  + Support issued date in epoch format in Python API (rh#1779751)
- Update to 0.15.6
  + Set global_exit_status on sigint so that .repodata are cleaned up
  + Fix various issues discovered by covscans (rh#1789707)
  + Enhance error handling when locating repositories (rh#1762697)
  + Switch updateinfo to explicitly include bool values (rh#1772466)
  + add --recycle-pkglist option
  + use pkg href for cache lookup with --update
  + Sync --excludes matching for dir-walk vs. --pkglist
curl
- MIME: Properly check Content-Type even if it has parameters
  * Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
  * STARTTLS protocol injection via MITM
  * Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
  * Protocol downgrade required TLS bypassed
  * Add curl-CVE-2021-22946.patch
docker
- Update to Docker 20.10.9-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1191355
  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
  bsc#1190670
  + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
dracut
- Update to version 049.1+suse.216.gf705637b:
  * fix(iscsi): add support for the new iscsiadm "/no-wait"/ (-W) command
  * fix(iscsi): add iscsid.service requirements
    (bsc#1187190)
- Update to version 049.1+suse.213.g346cf20c:
  * fix(suse): add 60-io-scheduler.rules (bsc#1188713)
  * fix(kernel-modules): add blk_mq_alloc_disk and blk_cleanup_disk to blockfuncs (bsc#1190326)
- Update to version 049.1+suse.209.gebcf4f33:
  * fix(systemd): add unit files for systemd-coredump (bsc#1190845)
- Update to version 049.1+suse.207.g72a93d93:
  * fcoe/fcoe-genrules.sh: use $name instead of $env{INTERFACE} (bsc#1186260)
  * fix: /var/lib/nfs/statd/sm is /var/lib/nfs/sm on SUSE (bsc#1184970)
gcc7
- Adjust some ambiguous SPDX license specifications to prevent
  spec-cleaner from messing up.
- Add gcc7-pr55917.patch to do not handle exceptions in std::thread
  (jsc#CAR-1182)
- - Add gcc7-pfe-0001-Backport-Add-entry-for-patchable_function_entry.patch
  gcc7-pfe-0002-Backport-Skip-fpatchable-function-entry-tests-for-nv.patch
  gcc7-pfe-0003-Backport-Error-out-on-nvptx-for-fpatchable-function-.patch
  gcc7-pfe-0004-Backport-Adapt-scan-assembler-times-for-alpha.patch
  gcc7-pfe-0005-Backport-patchable_function_entry-decl.c-Use-3-NOPs-.patch
  gcc7-pfe-0006-Backport-IBM-Z-Use-the-dedicated-NOP-instructions-fo.patch
  gcc7-pfe-0007-Backport-Add-regex-to-search-for-uppercase-NOP-instr.patch
  gcc7-pfe-0008-Backport-ICE-segmentation-fault-with-patchable_funct.patch
  gcc7-pfe-0009-Backport-patchable_function_entry-decl.c-Pass-mcpu-g.patch
  gcc7-pfe-0010-Backport-patchable_function_entry-decl.c-Do-not-run-.patch
  gcc7-pfe-0011-Backport-patchable_function_entry-decl.c-Add-fno-pie.patch
  gcc7-pfe-0012-Backport-PR-c-89946-ICE-in-assemble_start_function-a.patch
  gcc7-pfe-0013-Backport-targhooks.c-default_print_patchable_functio.patch
  gcc7-pfe-0014-Backport-Align-__patchable_function_entries-to-POINT.patch
  gcc7-pfe-0015-Backport-Fix-PR-93242-patchable-function-entry-broke.patch
  gcc7-pfe-0016-Backport-AArch64-PR92424-Fix-fpatchable-function-ent.patch
  gcc7-pfe-0017-Backport-Fix-patchable-function-entry-on-arc.patch
  gcc7-pfe-0018-Backport-Add-patch_area_size-and-patch_area_entry-to.patch
  gcc7-pfe-0019-Backport-testsuite-Adjust-patchable_function-tests-f.patch
  gcc7-pfe-0020-Backport-Use-the-section-flag-o-for-__patchable_func.patch
  gcc7-pfe-0021-Backport-varasm-Fix-up-__patchable_function_entries-.patch
  gcc7-pfe-0022-Backport-rs6000-Avoid-fpatchable-function-entry-regr.patch
  gcc7-pfe-0023-Fix-unwinding-issues-when-pfe-is-enabled.patch
  to add -fpatchable-function-entry feature to gcc-7.
- Add gcc7-ada-MINSTKSZ.patch to fix build with glibc 2.34.
- Add bits/unistd_ext.h to the list of removed fixed includes.
- Add gcc7-sanitizer-cyclades.patch to remove cyclades.h use from
  libsanitizer fixing builds with recent kernels.
glibc
- 0001-s390x-Align-child-stack-while-clone.-BZ-27968.patch,
  0002-S390-Optimize-__memcpy_z196.patch,
  0003-S390-Optimize-__memset_z196.patch,
  0004-S390-Sync-HWCAP-names-with-kernel-by-adding-aliases-.patch,
  0005-S390-Add-new-hwcap-values.patch,
  0006-S390-Add-PCI_MIO-and-SIE-HWCAPs.patch: [15sp4 FEAT] GNU2007 -
  GLIBC: Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869)
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
  (CVE-2021-33574, bsc#1186489, BZ #27896)
- wordexp-param-overflow.patch: wordexp: handle overflow in positional
  parameter number (CVE-2021-35942, bsc#1187911, BZ #28011)
gmp
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
hwdata
- Update to version 0.353 (bsc#1192587):
  + Updated pci, usb and vendor ids.
- Update to version 0.352 (bsc#1191375):
  + Updated pci, usb and vendor ids.
iproute2
  ss-fix-end-of-line-printing-in-misc-ss.c.patch
  xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
  bridge-Fix-typo.patch
  bridge-Fix-output-with-empty-vlan-lists.patch
  tc-action-fix-time-values-output-in-JSON-format.patch
  Revert-bpf-replace-snprintf-with-asprintf-when-deali.patch
  bpf-Fixes-a-snprintf-truncation-warning.patch
  tipc-fixed-a-compile-warning-in-tipc-link.c.patch
  ip-xfrm-update-man-page-on-setting-printing-XFRMA_IF.patch
  bridge-fdb-show-fix-fdb-entry-state-output-for-json-.patch
  ip-link-Fix-indenting-in-help-text.patch
  ip-iplink_ipoib.c-Remove-extra-spaces.patch
  devlink-fix-uninitialized-warning.patch
  bridge-fix-string-length-warning.patch
  f_u32-fix-compiler-gcc-10-compiler-warning.patch
  rdma-Fix-statistics-bind-unbing-argument-handling.patch
  lib-namespace-fix-ip-all-netns-return-code.patch
  lib-bpf-Fix-and-simplify-bpf_mnt_check_target.patch
  lib-fs-avoid-double-call-to-mkdir-on-make_path.patch
  q_cake-Fix-incorrect-printing-of-signed-values-in-cl.patch
  ip-xfrm-limit-the-length-of-the-security-context-nam.patch
  erspan-fix-JSON-output.patch
  devlink-always-check-strslashrsplit-return-value.patch
  nexthop-fix-memory-leak-in-add_nh_group_attr.patch
  rdma-stat-initialize-ret-in-stat_qp_show_parse_cb.patch
  rdma-stat-fix-return-code.patch
  lib-bpf_legacy-treat-0-as-a-valid-file-descriptor.patch
  lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
  ip-drop-2-char-command-assumption.patch
  man-fix-syntax-for-ip-link-property.patch
  lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
  ip-route-ignore-ENOENT-during-save-if-RT_TABLE_MAIN-.patch
  libnetlink-check-error-handler-is-present-before-a-c.patch
  ipmonitor-Fix-recvmsg-with-ancillary-data.patch
  tc-u32-Fix-key-folding-in-sample-option.patch
  man-bridge-fix-the-typo-to-change-c-lor-into-c-olor-.patch
  ss-fix-fallback-to-procfs-for-raw-sockets.patch
  iptuntap-fix-multi-queue-flag-display.patch
  tc-f_flower-fix-port-range-parsing.patch
  lib-bpf_legacy-fix-bpffs-mount-when-sys-fs-bpf-exist.patch
- refresh:
  ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
  tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
  ip-link_gre-Do-not-send-ERSPAN-attributes-to-GRE-tun.patch
  tc-fq_codel-fix-class-stat-deficit-is-signed-int.patch
- follow-up fixes backported from upstream (bsc#1160242):
java-11-openjdk
- Update to upstream tag jdk-11.0.13+8 (October 2021 CPU)
  * Security fixes
    + JDK-8163326, CVE-2021-35550, bsc#1191901: Update the default
    enabled cipher suites preference
    + JDK-8254967, CVE-2021-35565, bsc#1191909:
    com.sun.net.HttpsServer spins on TLS session close
    + JDK-8263314: Enhance XML Dsig modes
    + JDK-8265167, CVE-2021-35556, bsc#1191910: Richer Text Editors
    + JDK-8265574: Improve handling of sheets
    + JDK-8265580, CVE-2021-35559, bsc#1191911: Enhanced style for
    RTF kit
    + JDK-8265776: Improve Stream handling for SSL
    + JDK-8266097, CVE-2021-35561, bsc#1191912: Better hashing
    support
    + JDK-8266103: Better specified spec values
    + JDK-8266109: More Resilient Classloading
    + JDK-8266115: More Manifest Jar Loading
    + JDK-8266137, CVE-2021-35564, bsc#1191913: Improve Keystore
    integrity
    + JDK-8266689, CVE-2021-35567, bsc#1191903: More Constrained
    Delegation
    + JDK-8267086: ArrayIndexOutOfBoundsException in
    java.security.KeyFactory.generatePublic
    + JDK-8267712: Better LDAP reference processing
    + JDK-8267729, CVE-2021-35578, bsc#1191904: Improve TLS client
    handshaking
    + JDK-8267735, CVE-2021-35586, bsc#1191914: Better BMP support
    + JDK-8268193: Improve requests of certificates
    + JDK-8268199: Correct certificate requests
    + JDK-8268205: Enhance DTLS client handshake
    + JDK-8268506: More Manifest Digests
    + JDK-8269618, CVE-2021-35603, bsc#1191906: Better session
    identification
    + JDK-8269624: Enhance method selection support
    + JDK-8270398: Enhance canonicalization
    + JDK-8270404: Better canonicalization
  * Other changes
    + JDK-8024368: private methods are allocated vtable indices
    + JDK-8042902: Test java/net/Inet6Address/serialize/
    /Inet6AddressSerializationTest.java fails intermittently
    + JDK-8140466: ChaCha20 and Poly1305 TLS Cipher Suites
    + JDK-8157404: Unable to read certain PKCS12 keystores from
    SequenceInputStream
    + JDK-8158066: SourceDebugExtensionTest fails to rename file
    + JDK-8168304: Make all of DependencyContext_test available in
    product mode
    + JDK-8169246: java/net/DatagramSocket/ReportSocketClosed.java
    fails intermittently with BindException
    + JDK-8181313: SA: Remove libthread_db dependency on Linux
    + JDK-8193214: Incorrect annotations.without.processors
    warnings with JDK 9
    + JDK-8194230: jdk/internal/jrtfs/remote/
    /RemoteRuntimeImageTest.java fails with
    java.lang.NullPointerException
    + JDK-8196092: javax/swing/JComboBox/8032878/bug8032878.java
    fails
    + JDK-8199931: java/net/MulticastSocket/
    /UnreferencedMulticastSockets.java fails with "/incorrect data
    received"/
    + JDK-8206083: Make tools/javac/api/T6265137.java robust to JDK
    version changes
    + JDK-8206350: java/util/Locale/bcp47u/SystemPropertyTests.java
    failed on Mac 10.13 with zh_CN and zh_TW locales.
    + JDK-8207316: java/nio/channels/spi/SelectorProvider/
    /inheritedChannel/InheritedChannelTest.java failed
    + JDK-8208227: tools/jdeps/DotFileTest.java fails on Win-X64
    + JDK-8208363: test/jdk/java/lang/Package/
    /PackageFromManifest.java missing module dependencies
    declaration
    + JDK-8209380: ARM: cleanup maybe-uninitialized and reorder
    compiler warnings
    + JDK-8209768: Refactor java/util/prefs/CheckUserPrefsStorage.sh
    to plain java test
    + JDK-8209772: Refactor shell test java/util/ServiceLoader/
    /basic/basic.sh to java
    + JDK-8209773: Refactor shell test javax/naming/module/basic.sh
    to java
    + JDK-8209832: Refactor jdk/internal/reflect/Reflection/
    /GetCallerClassTest.sh to plain java test
    + JDK-8209930: Refactor java/util/zip/ZipFile/deletetempjar.sh
    to plain java test
    + JDK-8210406: Refactor java.util.PluggableLocale:i18n shell
    tests to plain java tests
    + JDK-8210407: Refactor java.util.Calendar:i18n shell tests to
    plain java tests
    + JDK-8210495: compiler crashes because of illegal signature in
    otherwise legal code
    + JDK-8210669: Some launcher tests assume a pre-JDK 9 run-time
    image layout
    + JDK-8210802: temp files left by tests in
    jdk/java/net/httpclient
    + JDK-8210819: Update the host name in CNameTest.java
    + JDK-8210908: Refactor java/util/prefs/PrefsSpi.sh to plain
    java test
    + JDK-8210934: Move sun/net/www/protocol/http/
    /GetErrorStream.java to OpenJDK
    + JDK-8210959: JShell fails and exits when statement throws an
    exception whose message contains a '%'.
    + JDK-8211055: Provide print to a file (PDF) feature even when
    printer was not connected
    + JDK-8211092: test/jdk/sun/net/www/http/HttpClient/
    /MultiThreadTest.java fails intermittently when cleaning up
    + JDK-8211296: Remove HotSpot deprecation warning suppression
    for Mac/clang
    + JDK-8211325: test/jdk/java/net/Socket/LingerTest.java fails
    with cleaning up
    + JDK-8212040: Compilation error due to wrong usage of
    NSPrintJobDispositionValue in mac10.12
    + JDK-8212695: Add explicit timeout to several HTTP Client tests
    + JDK-8212718: Refactor some annotation processor tests to
    better use collections
    + JDK-8213007: Update the link in test/jdk/sun/security/
    /provider/SecureRandom/DrbgCavp.java
    + JDK-8213137: Remove static initialization of monitor/mutex
    instances
    + JDK-8213235: java/nio/channels/SocketChannel/
    /AsyncCloseChannel.java fails with threads that didn't exit
    + JDK-8213409: Refactor sun.text.IntHashtable:i18n shell tests
    to plain java tests
    + JDK-8213576: Make test AsyncCloseChannel.java run in othervm
    + JDK-8213694: Test Timeout.java should run in othervm mode
    + JDK-8213718: [TEST] Wrong classname in vmTestbase/nsk/stress/
    /except/except002 and except003
    + JDK-8213922: fix ctw stand-alone build
    + JDK-8214195: Align stdout messages in
    test/jdk/java/math/BigInteger/PrimitiveConversionTests.java
    + JDK-8214520: [TEST_BUG] sun/security/mscapi/nonUniqueAliases/
    /NonUniqueAliases.java failed with incorrect jtreg tags order
    + JDK-8214937: sun/security/tools/jarsigner/warnings/
    /NoTimestampTest.java failed due to unexpected expiration date
    + JDK-8216532: tools/launcher/Test7029048.java fails (Solaris)
    + JDK-8217825: Verify @AfterTest is used correctly in WebSocket
    tests
    + JDK-8218145: block_if_requested is not proper inlined due to
    size
    + JDK-8219417: bump jtreg requiredVersion to b14
    + JDK-8219552: bump jtreg requiredVersion to b14 in
    test/jdk/sanity/client/
    + JDK-8219804: java/net/MulticastSocket/Promiscuous.java fails
    intermittently due to NumberFormatException
    + JDK-8220445: Support for side by side MSVC Toolset versions
    + JDK-8221988: add possibility to build with Visual Studio 2019
    + JDK-8222751: closed/test/jdk/sun/security/util/
    /DerIndefLenConverter/IndefBerPkcs12.java fail
    + JDK-8223050: JVMCI: findUniqueConcreteMethod() should not use
    Dependencies::find_unique_concrete_method() for non-virtual
    methods
    + JDK-8224853: CDS address sanitizer errors
    + JDK-8225082: Remove IdenTrust certificate that is expiring in
    September 2021
    + JDK-8225583: Examine the HttpResponse.BodySubscribers for
    null handling and multiple subscriptions
    + JDK-8225690: Multiple AttachListener threads can be created
    + JDK-8225790: Two NestedDialogs tests fail on Ubuntu
    + JDK-8226319: Add forgotten test/jdk/java/net/httpclient/
    /BodySubscribersTest.java
    + JDK-8226533: JVMCI: findUniqueConcreteMethod should handle
    statically bindable methods directly
    + JDK-8226602: Test convenience reactive primitives from
    java.net.http with RS TCK
    + JDK-8226683: Remove review suggestion from fix to 8219804
    + JDK-8227738: jvmti/DataDumpRequest/datadumpreq001 failed due
    to "/exit code is 134"/
    + JDK-8227766: CheckUnhandledOops is broken in MemAllocator
    + JDK-8227815: Minimal VM: set_state is not a member of
    AttachListener
    + JDK-8230674: Heap dumps should exclude dormant CDS archived
    objects of unloaded classes
    + JDK-8230808: Remove Access::equals()
    + JDK-8230841: Remove oopDesc::equals()
    + JDK-8231717: Improve performance of charset decoding when
    charset is always compactable
    + JDK-8232243: Wrong caret position in JTextPane on Windows
    with a screen resolution > 100%
    + JDK-8232782: Shenandoah: streamline post-LRB CAS barrier
    (aarch64)
    + JDK-8233790: Forward output from heap dumper to jcmd/jmap
    + JDK-8233989: Create an IPv4 version of
    java/net/MulticastSocket/SetLoopbackMode.java
    + JDK-8234510: Remove file seeking requirement for writing a
    heap dump
    + JDK-8235211: serviceability/attach/
    /RemovingUnixDomainSocketTest.java fails with
    AttachNotSupportedException: Unable to open socket file
    + JDK-8235216: typo in test filename
    + JDK-8235866: bump jtreg requiredVersion to 4.2b16
    + JDK-8236111: narrow allowSmartActionArgs disabling
    + JDK-8236413: AbstractConnectTimeout should tolerate both
    NoRouteToHostException and UnresolvedAddressException
    + JDK-8236671: NullPointerException in JKS keystore
    + JDK-8238930: problem list compiler/c2/Test8004741.java
    + JDK-8238943: switch to jtreg 5.0
    + JDK-8240555: Using env of JAVA_TOOL_OPTIONS and _JAVA_OPTIONS
    breaks QuietOption.java test
    + JDK-8240983: Incorrect copyright header in Apache Santuario
    2.1.3 files
    + JDK-8241336: Some java.net tests failed with
    NoRouteToHostException on MacOS with special network
    configuration
    + JDK-8241353: NPE in ToolProvider.getSystemJavaCompiler
    + JDK-8241768: git needs .gitattributes
    + JDK-8242882: opening jar file with large manifest might throw
    NegativeArraySizeException
    + JDK-8244973: serviceability/attach/
    /RemovingUnixDomainSocketTest.java fails "/stderr was not
    empty"/
    + JDK-8245134: test/lib/jdk/test/lib/security/
    /KeyStoreUtils.java should allow to specify aliases
    + JDK-8246261: TCKLocalTime.java failed due to "/AssertionError:
    expected [18:14:22] but found [18:14:23]"/
    + JDK-8246387: switch to jtreg 5.1
    + JDK-8247421: [TESTBUG] ReturnBlobToWrongHeapTest.java failed
    allocating blob
    + JDK-8247469: getSystemCpuLoad() returns -1 on linux when some
    offline cpus are present and cpusets.effective_cpus is not
    available
    + JDK-8248352: [TEST_BUG] Test test/jdk/java/awt/font/
    /TextLayout/ArabicDiacriticTest.java can leave frame open
    + JDK-8248403: AArch64: Remove uses of kernel integer types
    + JDK-8248414: AArch64: Remove uses of long and unsigned long
    ints
    + JDK-8248657: Windows: strengthening in ThreadCritical
    regarding memory model
    + JDK-8248666: AArch64: Use THREAD_LOCAL instead of __thread
    + JDK-8248668: AArch64: Avoid MIN/MAX macros when using MSVC
    + JDK-8248671: AArch64: Remove unused variables
    + JDK-8248682: AArch64: Use ATTRIBUTE_ALIGNED helper
    + JDK-8248816: C1: Fix signature conflict in
    LIRGenerator::strength_reduce_multiply
    + JDK-8249095: tools/javac/launcher/SourceLauncherTest.java
    fails on Windows
    + JDK-8249548: backward focus traversal gets stuck in button
    group
    + JDK-8249773: Upgrade ReceiveISA.java test to be resilient to
    failure due to stray packets and interference
    + JDK-8249897: jdk/javadoc/tool/LangVers.java uses @ignore w/o
    bug-id
    + JDK-8249898: jdk/javadoc/tool/6176978/T6176978.java uses
    @ignore w/o bug-id
    + JDK-8249899: jdk/javadoc/tool/InlineTagsWithBraces.java uses
    @ignore w/o bug-id
    + JDK-8250588: Shenandoah: LRB needs to save/restore fp
    registers for runtime call
    + JDK-8250824: AArch64: follow up for JDK-8248414
    + JDK-8251166: Add automated testcases for changes done in
    JDK-8214112
    + JDK-8251252: Add automated testcase for fix done in
    JDK-8214253
    + JDK-8251254: Add automated test for fix done in JDK-8218472
    + JDK-8251361: Potential race between Logger configuration and
    GCs in HttpURLConWithProxy test
    + JDK-8251549: Update docs on building for Git
    + JDK-8251945: SIGSEGV in
    PackageEntry::purge_qualified_exports()
    + JDK-8252194: Add automated test for fix done in JDK-8218469
    + JDK-8252648: Shenandoah: name gang tasks consistently
    + JDK-8252825: Add automated test for fix done in JDK-8218479
    + JDK-8252853: AArch64: gc/shenandoah/TestVerifyJCStress.java
    fails intermittently with C1
    + JDK-8252857: AArch64: Shenandoah C1 CAS is not sequentially
    consistent
    + JDK-8253048: AArch64: When CallLeaf, no need to preserve
    callee-saved registers in caller
    + JDK-8253424: Add support for running pre-submit testing using
    GitHub Actions
    + JDK-8253631: Remove unimplemented CompileBroker methods after
    JEP-165
    + JDK-8253865: Pre-submit testing using GitHub Actions does not
    detect failures reliably
    + JDK-8253899: Make IsClassUnloadingEnabled signature match
    specification
    + JDK-8254024: Enhance native libs for AWT and Swing to work
    with GraalVM Native Image
    + JDK-8254054: Pre-submit testing using GitHub Actions should
    not use the deprecated set-env command
    + JDK-8254173: Add Zero, Minimal hotspot targets to submit
    workflow
    + JDK-8254175: Build no-pch configuration in debug mode for
    submit checks
    + JDK-8254244: Some code emitted by TemplateTable::branch is
    unused when running TieredCompilation
    + JDK-8254270: linux 32 bit build doesn't compile
    libjdwp/log_messages.c
    + JDK-8254282: Add Linux x86_32 builds to submit workflow
    + JDK-8254850: Update terminology in java.awt.GridBagLayout
    source code comments
    + JDK-8255255: Update Apache Santuario (XML Signature) to
    version 2.2.1
    + JDK-8255305: Add Linux x86_32 tier1 to submit workflow
    + JDK-8255352: Archive important test outputs in submit workflow
    + JDK-8255373: Submit workflow artifact name is always
    "/test-results_.zip"/
    + JDK-8255452: Doing GC during JVMTI MethodExit event posting
    breaks return oop
    + JDK-8255718: Zero: VM should know it runs in interpreter-only
    mode
    + JDK-8255790: GTKL&F: Java 16 crashes on initialising GTKL&F
    on Manjaro Linux
    + JDK-8255810: Zero: build fails without JVMTI
    + JDK-8255895: Submit workflow artifacts miss hs_errs/replays
    due to ZIP include mismatch
    + JDK-8256127: Add cross-compiled foreign architectures builds
    to submit workflow
    + JDK-8256215: Shenandoah: re-organize saving/restoring machine
    state in assembler code
    + JDK-8256267: Relax compiler/floatingpoint/NaNTest.java for
    x86_32 and lower -XX:+UseSSE
    + JDK-8256277: Github Action build on macOS should define OS
    and Xcode versions
    + JDK-8256354: Github Action build on Windows should define OS
    and MSVC versions
    + JDK-8256393: Github Actions build on Linux should define OS
    and GCC versions
    + JDK-8256414: add optimized build to submit workflow
    + JDK-8256747: GitHub Actions: decouple the hotspot build-only
    jobs from Linux x64 testing
    + JDK-8257056: Submit workflow should apt-get update to avoid
    package installation errors
    + JDK-8257148: Remove obsolete code in AWTView.m
    + JDK-8257497: Update keytool to create AKID from the SKID of
    the issuing certificate as specified by RFC 5280
    + JDK-8257620: Do not use objc_msgSend_stret to get macOS
    version
    + JDK-8257913: Add more known library locations to simplify
    Linux cross-compilation
    + JDK-8258703: Incorrect 512-bit vector registers restore on
    x86_32
    + JDK-8259338: Add expiry exception for identrustdstx3 alias to
    VerifyCACerts.java test
    + JDK-8259535: ECDSA SignatureValue do not always have the
    specified length
    + JDK-8259679: GitHub actions should use MSVC 14.28
    + JDK-8259924: GitHub actions fail on Linux x86_32 with "/Could
    not configure libc6:i386"/
    + JDK-8260460: GitHub actions still fail on Linux x86_32 with
    "/Could not configure libc6:i386"/
    + JDK-8260589: Crash in JfrTraceIdLoadBarrier::load(_jclass*)
    + JDK-8260923: Add more tests for SSLSocket input/output
    shutdown
    + JDK-8261072: AArch64: Fix MacroAssembler::get_thread
    convention
    + JDK-8261147: C2: Node is wrongly marked as reduction
    resulting in a wrong execution due to wrong vector instructions
    + JDK-8261238: NMT should not limit baselining by size threshold
    + JDK-8261496: Shenandoah: reconsider pacing updates memory
    ordering
    + JDK-8261652: Remove some dead comments from os_bsd_x86
    + JDK-8261846: [JVMCI] c2v_iterateFrames can get out of sync
    with the StackFrameStream
    + JDK-8262000: jdk/jfr/event/gc/detailed/
    /TestPromotionFailedEventWithParallelScavenge.java failed with
    "/OutOfMemoryError: Java heap space"/
    + JDK-8262017: C2: assert(n != __null) failed: Bad immediate
    dominator info.
    + JDK-8262392: Update Mesa 3-D Headers to version 21.0.3
    + JDK-8262409: sun/security/ssl/SSLSocketImpl/
    /SSLSocketImplThrowsWrongExceptions. SSL test failures caused
    by java failed with "/Server reported the wrong exception"/
    + JDK-8262470: Printed GlyphVector outline with low DPI has bad
    quality on Windows
    + JDK-8262862: Harden tests sun/security/x509/URICertStore/
    /ExtensionsWithLDAP.java and krb5/canonicalize/Test.java
    + JDK-8263136: C4530 was reported from VS 2019 at access bridge
    + JDK-8263227: C2: inconsistent spilling due to dead nodes in
    exception block
    + JDK-8263382: java/util/logging/ParentLoggersTest.java failed
    with "/checkLoggers: getLoggerNames() returned unexpected
    loggers"/
    + JDK-8263407: SPARC64 detection fails on Athena (SPARC64-X)
    + JDK-8263432: javac may report an invalid package/class clash
    on case insensitive filesystems
    + JDK-8263490: [macos] Crash occurs on JPasswordField with
    activated InputMethod
    + JDK-8263531: Remove unused buffer int
    + JDK-8263667: Avoid running GitHub actions on branches named
    pr/*
    + JDK-8263776: [JVMCI] add helper to perform Java upcalls
    + JDK-8264016: [JVMCI] add some thread local fields for use by
    JVMCI
    + JDK-8264752: SIGFPE crash with option
    FlightRecorderOptions:threadbuffersize=30M
    + JDK-8265132: C2 compilation fails with assert "/missing
    precedence edge"/
    + JDK-8265231: (fc) ReadDirect and WriteDirect tests fail after
    fix for JDK-8264821
    + JDK-8265335: Epsilon: Minor typo in EpsilonElasticTLABDecay
    description
    + JDK-8265756: AArch64: initialize memory allocated for locals
    according to Windows AArch64 stack page growth requirement in
    template interpreter
    + JDK-8265761: Font with missed font family name is not
    properly printed on Windows
    + JDK-8265773: incorrect jdeps message "/jdk8internals"/ to
    describe a removed JDK internal API
    + JDK-8265836: OperatingSystemImpl.getCpuLoad() returns
    incorrect CPU load inside a container
    + JDK-8266018: Shenandoah: fix an incorrect assert
    + JDK-8266206: Build failure after JDK-8264752 with older GCCs
    + JDK-8266248: Compilation failure in
    PLATFORM_API_MacOSX_MidiUtils.c with Xcode 12.5
    + JDK-8266288: assert root method not found in
    witnessed_reabstraction_in_supers is too strong
    + JDK-8266404: Fatal error report generated with
  - XX:+CrashOnOutOfMemoryError should not contain suggestion to
    submit a bug report
    + JDK-8266480: Implicit null check optimization does not update
    control of hoisted memory operation
    + JDK-8266615: C2 incorrectly folds subtype checks involving an
    interface array
    + JDK-8266642: Improve ResolvedMethodTable hash function
    + JDK-8266749: AArch64: Backtracing broken on PAC enabled
    systems
    + JDK-8266761: AssertionError in
    sun.net.httpserver.ServerImpl.responseCompleted
    + JDK-8266813: Shenandoah: Use shorter instruction sequence for
    checking if marking in progress
    + JDK-8267042: bug in monitor locking/unlocking on ARM32 C1 due
    to uninitialized BasicObjectLock::_displaced_header
    + JDK-8267348: Rewrite gc/epsilon/TestClasses.java to use
    Metaspace with less classes
    + JDK-8267396: Avoid recording "/pc"/ in unhandled oops detector
    for better performance
    + JDK-8267399: C2: java/text/Normalizer/ConformanceTest.java
    test failed with assertion
    + JDK-8267424: CTW: C1 fails with "/State must not be null"/
    + JDK-8267459: Pasting Unicode characters into JShell does not
    work.
    + JDK-8267625: AARCH64: typo in LIR_Assembler::emit_profile_type
    + JDK-8267666: Add option to jcmd GC.heap_dump to use existing
    file
    + JDK-8267695: Bump update version for OpenJDK: jdk-11.0.13
    + JDK-8267751: (test) jtreg.SkippedException has no serial
    VersionUID
    + JDK-8267773: PhaseStringOpts::int_stringSize doesn't handle
    min_jint correctly
    + JDK-8268103: JNI functions incorrectly return a double after
    JDK-8265836
    + JDK-8268127: Shenandoah: Heap size may be too small for
    region to align to large page size
    + JDK-8268261: C2: assert(n != __null) failed: Bad immediate
    dominator info.
    + JDK-8268347: C2: nested locks optimization may create
    unbalanced monitor enter/exit code
    + JDK-8268360: Missing check for infinite loop during node
    placement
    + JDK-8268362: [REDO] C2 crash when compile negative
    Arrays.copyOf length after loop
    + JDK-8268366: Incorrect calculation of has_fpu_registers in C1
    linear scan
    + JDK-8268369: SIGSEGV in PhaseCFG::implicit_null_check due to
    missing null check
    + JDK-8268417: Add test from JDK-8268360
    + JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm
    performance
    + JDK-8268617: [11u REDO] - WebSocket over authenticating proxy
    fails with NPE
    + JDK-8268620: InfiniteLoopException test may fail on x86
    platforms
    + JDK-8268635: Corrupt oop in ClassLoaderData
    + JDK-8268699: Shenandoah: Add test for JDK-8268127
    + JDK-8268771: javadoc -notimestamp option does not work on
    index.html
    + JDK-8268775: Password is being converted to String in
    AccessibleJPasswordField
    + JDK-8268776: Test `ADatagramSocket.java` missing /othervm
    from @run tag
    + JDK-8268965: TCP Connection Reset when connecting simple
    socket to SSL server
    + JDK-8269304: Regression ~5% in 2005 in b27
    + JDK-8269415: [11u] Remove ea from
    DEFAULT_PROMOTED_VERSION_PRE in OpenJDK 11u
    + JDK-8269478: Shenandoah: gc/shenandoah/mxbeans tests should
    be more resilient
    + JDK-8269529: javax/swing/reliability/
    /HangDuringStaticInitialization.java fails in Windows debug
    build
    + JDK-8269594: assert(_handle_mark_nesting > 1) failed: memory
    leak: allocating handle outside HandleMark
    + JDK-8269614: [s390] Interpreter checks wrong bit for slow
    path instance allocation
    + JDK-8269650: Optimize gc-locker in
    [Get|Release]StringCritical for latin string
    + JDK-8269661: JNI_GetStringCritical does not lock char array
    + JDK-8269668: [aarch64] java.library.path not including
    /usr/lib64
    + JDK-8269763: The JEditorPane is blank after JDK-8265167
    + JDK-8269795: C2: Out of bounds array load floats above its
    range check in loop peeling resulting in SEGV
    + JDK-8269847: JDK-8269594 backport breaks 11u builds
    + JDK-8269850: Most JDK releases report macOS version 12 as
    10.16 instead of 12.0
    + JDK-8269851: OperatingSystemMXBean getProcessCpuLoad reports
    incorrect process cpu usage in containers
    + JDK-8269882: stack-use-after-scope in NewObjectA
    + JDK-8269934: RunThese24H.java failed with
    EXCEPTION_ACCESS_VIOLATION in
    java_lang_Thread::get_thread_status
    + JDK-8270096: Shenandoah: Optimize gc/shenandoah/
    /TestRefprocSanity.java for interpreter mode
    + JDK-8270137: Kerberos Credential Retrieval from Cache not
    Working in Cross-Realm Setup
    + JDK-8270184: [TESTBUG] Add coverage for jvmci
    ResolvedJavaType.toJavaName() for lambdas
    + JDK-8270196: [11u] [JVMCI] JavaType.toJavaName() returns
    incorrect type name for lambdas
    + JDK-8270556: Exclude security/infra/java/security/cert/
    /CertPathValidator/certification/LetsEncryptCA
    + JDK-8270893: IndexOutOfBoundsException while reading large
    TIFF file
    + JDK-8272078: Wrong Checksums in Temurin BootJDK dependencies
    + JDK-8272124: Cgroup v1 initialization causes
    NullPointerException when cgroup path contains colon
    + JDK-8272131: PhaseMacroExpand::generate_slow_arraycopy crash
    when clone null CallProjections.fallthrough_ioproj
    + JDK-8272197: Update 11u GHA workflow with Shenandoah
    configurations
    + JDK-8272332: --with-harfbuzz=system doesn't add -lharfbuzz
    after JDK-8255790
    + JDK-8272472: StackGuardPages test doesn't build with glibc
    2.34
    + JDK-8272602: [macos] not all KEY_PRESSED events sent when
    control modifier is used
    + JDK-8272628: Problemlist gc/stress/gcbasher/
    /TestGCBasherWithCMS.java for x86_32
    + JDK-8272700: [macos] Build failure with Xcode 13.0 after
    JDK-8264848
    + JDK-8272772: Shenandoah: compiler/c2/aarch64/
    /TestVolatilesShenandoah.java fails in 11u
    + JDK-8273939: Backport of 8248414 to JDK11 breaks
    MacroAssembler::adrp
- Remove the unneeded icedtea-sound provider
- Removed patches:
  * icedtea-sound-1.0.1-jdk9.patch
  * icedtea-sound-soundproperties.patch
    + not needed since the icedtea-sound provider is removed
  * jdk11-glibc234.patch
    + integrated upstream
kdump
- kdump-do-not-iterate-past-end-of-string.patch:
  URLParser::extractAuthority(): Do not iterate past end of string
  (bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
  code checking after "/local"/ with assignment (bsc#1184616
  LTC#192282).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
  when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
  /etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
  initrd.target.wants directory exists (bsc#1172670).
kernel-default
- config: disable unprivileged BPF by default (jsc#SLE-22573)
  Backport of mainline commit 8a03e56b253e ("/bpf: Disallow unprivileged bpf
  by default"/) only changes kconfig default, used e.g. for "/make oldconfig"/
  when the config option is missing, but does not update our kernel configs
  used for build. Update also these to make sure unprivileged BPF is really
  disabled by default.
- commit 9a413cc
- Input: elantench - fix misreporting trackpoint coordinates
  (bsc#1192918).
- commit af3fd37
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- commit 4bfee1a
- blacklist.conf: Add 04f8ef5643bc cgroup: Fix memory leak caused by missing cgroup_bpf_offline
- commit d046894
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/btrfs-fix-memory-ordering-between-normal-and-ordered-work-functions.patch
- commit 7ca7de6
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/scsi-core-Fix-spelling-in-a-source-code-comment
  - patches.suse/scsi-csiostor-Uninitialized-data-in-csio_ln_vnp_read_cbfn
  - patches.suse/scsi-dc395-Fix-error-case-unwinding
  - patches.suse/scsi-ufs-ufshcd-pltfrm-Fix-memory-leak-due-to-probe-defer
- commit 2c768e7
- btrfs: update comments for chunk allocation -ENOSPC cases
  (bsc#1192896).
- btrfs: fix deadlock between chunk allocation and chunk btree
  modifications (bsc#1192896).
- btrfs: block-group: Rework documentation of check_system_chunk
  function (bsc#1192896).
- commit 20b2047
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/ipv4-make-exception-cache-less-predictible.patch
  - patches.suse/ipv6-make-exception-cache-less-predictible.patch
  - patches.suse/qtnfmac-fix-potential-spectre-vulnerabilities.patch
- commit 5c2e4e8
- fix patches metadata
- fix Patch-mainline:
  - patches.suse/edac-sb_edac-fix-top-of-high-memory-value-for-broadwell-haswell.patch
  - patches.suse/x86-sme-use-define-use_early_pgtable_l5-in-mem_encrypt_identity-c.patch
- commit fd7ddeb
- blacklist.conf: Add 8520e224f547 bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
- commit 04918fc
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- commit 2b13f6d
- blacklist.conf: 5c9d706f6133 ("/bpf: Fix BPF_LSM kconfig symbol dependency"/)
  Not needed since 30897832d8b9 ("/bpf: Allow local storage to be used from LSM
  programs"/) is not backported.
- commit 22dfc3c
- Eradicate Patch-mainline: No
  The pre-commit check can reject this deprecated tag then.
- Refresh patches.suse/acpi_thinkpad_introduce_acpi_root_table_boot_param.patch.
- Refresh patches.suse/btrfs-provide-super_operations-get_inode_dev.
- commit e877505
- ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE
  (bsc#1192473).
- commit b39e9ef
- Update
  patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch
  (bsc#1155518 bsc#1192045 CVE-2021-0941).
- commit 5daf798
- Update
  patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch
  (bsc#1155518 bsc#1192045 CVE-2021-0941).
- commit 33fb6b6
- drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
- commit 5952a38
- drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758).
- commit 29d7f7a
- Update config files: pull BPF configs together
- commit 86a3134
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
- bpf: Add kconfig knob for disabling unpriv bpf
  by default (jsc#SLE-22573)
- Update config files: Add
  CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- commit cb7628d
- dm ioctl: fix out of bounds array access when no devices
  (CVE-2021-31916 bsc#1192781).
- commit 49351dc
- bpf: Disallow unprivileged bpf by default (jsc#SLE-22574).
- commit 7b9dddf
- bpf: Fix BPF_JIT kconfig symbol dependency
  (git-fixes jsc#SLE-22574).
- bpf: Add kconfig knob for disabling unpriv bpf
  by default (jsc#SLE-22574)
- Update config files: Add
  CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
- bpf, kconfig: Add consolidated menu entry for bpf with core
  options (jsc#SLE-22574).
- commit 5bd323f
- patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
- commit 75a41c2
- patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- commit 406dc3d
- patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- commit cb34e92
- patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- commit 09f1f4d
- patches.suse/zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).
- commit 6a0e897
- patches.suse/zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
- commit 2c18cb4
- patches.suse/zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
- commit 913e901
- patches.suse/zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
- commit 173dc9b
- blacklist.conf: printk/workqueue: very hard to hit; works well with lockless
  ringuffer; but it might cause wrong timestamps or even lost messages
  on 5.3 where using par-CPU buffers (bsc#1192750)
- commit 63c8c7f
- printk/console: Allow to disable console output by using
  console="/"/ or console=null (bsc#1192753).
- commit 4f99186
- printk: handle blank console arguments passed in (bsc#1192753).
- commit db08758
- ALSA: hda: fix general protection fault in azx_runtime_idle
  (git-fixes).
- ALSA: hda: Free card instance properly at probe errors
  (git-fixes).
- commit 57f0538
- ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink
  (bsc#1192375).
- ALSA: usb-audio: Add minimal-mute notion in dB mapping table
  (bsc#1192375).
- ALSA: usb-audio: Use int for dB map values (bsc#1192375).
- commit 561c434
- Move upstreamed sound fix into sorted section
- commit b52485e
- net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown
  skb (git-fixes).
- gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the
  code and avoid a leak (git-fixes).
- stmmac: platform: Fix signedness bug in stmmac_probe_config_dt()
  (git-fixes).
- net: dsa: felix: re-enable TX flow control in
  ocelot_port_flush() (git-fixes).
- net: mscc: ocelot: fix hardware timestamp dequeue logic.
- commit 4fdc3dd
- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
  docker together (bsc#1192745).
- commit bc3e5c2
- blacklist.conf: add mscc driver fixes
- commit 109b7ec
- kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
- commit a133bf4
- random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924)
- commit d4705fe
- blacklist.conf: changes device names, kABI massacre
- commit 68b0003
- fuse: fix page stealing (bsc#1192718).
- commit 5c46aef
- ipv4: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv6: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
  (bsc#1191790, CVE-2021-20322).
- ipv6: use siphash in rt6_exception_hash() (bsc#1191790,
  CVE-2021-20322).
- commit 191e9b3
- Revert "/x86/kvm: fix vcpu-id indexed array sizes"/ (git-fixes).
- commit 918d1fd
- Delete patches.kabi/kabi-fix-after-kvm-vcpu-id-array-fix.patch, as
  the patch causing its introduction is being reverted.
- commit 2e03b9d
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
  (git-fixes).
- commit bb35029
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- commit 94628c1
- xen: Fix implicit type conversion (git-fixes).
- commit 89e345e
- x86/sme: Use #define USE_EARLY_PGTABLE_L5 in
  mem_encrypt_identity.c (bsc#1152489).
- commit 60c8f9c
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
  (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
  (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of
  qla2x00_process_els() (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues()
  (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
  (git-fixes).
- scsi: smartpqi: Fix an error code in pqi_get_raid_map()
  (git-fixes).
- scsi: fdomain: Fix error return code in fdomain_probe()
  (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: be2iscsi: Fix an error handling path in
  beiscsi_dev_probe() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
  (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed()
  (git-fixes).
- Revert "/scsi: ufs: fix a missing check of
  devm_reset_control_get"/ (git-fixes).
- scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel
  EHL (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed
  (git-fixes).
- commit c10ecb2
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
  (bsc#1152489).
- commit e920f56
- s390/qeth: fix deadlock during failing recovery (git-fixes).
- s390/qeth: Fix deadlock in remove_discipline (git-fixes).
- s390/qeth: fix NULL deref in qeth_clear_working_pool_list()
  (git-fixes).
- commit 8d9df1e
- s390/pci: fix zpci_zdev_put() on reserve (git-fixes).
- commit 5f2d7a4
- net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work
  (git-fixes).
- s390/pci: fix use after free of zpci_dev (git-fixes).
- net/smc: Correct smc link connection counter in case of smc
  client (git-fixes).
- s390/dasd: fix use after free in dasd path handling (git-fixes).
- s390/topology: clear thread/group maps for offline cpus
  (git-fixes).
- commit 4287499
- Fix problem with missing installkernel on Tumbleweed.
- commit 2ed6686
- Update patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
  (bsc#1191628 bsc#1192549).
  dir_cookie is a pointer to the cookie in older kernels,
  not the cookie itself.
- commit ee8ec20
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273
  ltc#194629).
- ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629).
- commit 99d6daa
- Revert "/ibmvnic: check failover_pending in login response"/
  (bsc#1190523 ltc#194510).
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit ac4c874
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
  (bsc#1191961 CVE-2021-34981).
- commit a4ff591
- Update kabi files.
- commit 6361848
- Revert "/r8152: adjust the settings about MAC clock speed down
  for RTL8153"/ (git-fixes).
- commit 541bc3e
- r8152: don't enable U1U2 with USB_SPEED_HIGH for RTL8153B
  (git-fixes).
- commit e20d73d
- r8152: Disable PLA MCU clock speed down (git-fixes).
- Refresh patches.suse/r8152-disable-test-IO-for-RTL8153B.patch.
- commit 9b878a2
- r8152: disable U2P3 for RTL8153B (git-fixes).
- commit d6c58f7
- r8152: reset flow control patch when linking on for RTL8153B
  (git-fixes).
- commit 7f46ee2
- r8152: fix runtime resume for linking change (git-fixes).
- commit 0ff2979
- r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock
  Gen 2 (git-fixes).
- commit d73c455
- r8152: add a helper function about setting EEE (git-fixes).
- commit 5f95fd2
- r8152: divide the tx and rx bottom functions (git-fixes).
- Refresh
  patches.suse/r8152-Re-order-napi_disable-in-rtl8152_close.patch.
- Refresh
  patches.suse/r8152-avoid-to-call-napi_disable-twice.patch.
- commit 248b976
- r8152: saving the settings of EEE (git-fixes).
- commit 7c0dac3
- r8152: use alloc_pages for rx buffer (git-fixes).
- commit 3304002
- r8152: replace array with linking list for rx information
  (git-fixes).
- commit b5a7bd7
- r8152: separate the rx buffer size (git-fixes).
- commit 4176c6f
- rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM
  request (git-fixes).
- commit 3af49ca
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- commit 11f64ca
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- commit fa10b1f
- crypto: caam - disable pkc for non-E SoCs (git-fixes).
- commit 49a0bf8
- blacklist.conf: build warning only
- commit 389a467
- kabi/severities: update kabi list
- commit 5cf2719
- bpf: Fix potential race in tail call compatibility check
  (git-fixes).
- commit 6fdd9c7
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
- commit c3f4c78
- exfat: handle wrong stream entry size in exfat_readdir()
  (git-fixes).
- exfat: fix erroneous discard when clear cluster bit
  (git-fixes).
- commit 366e900
- exfat: truncate atimes to 2s granularity  (bsc#1192328).
- Refresh
  patches.suse/exfat-fix-use-of-uninitialized-spinlock-on-error-path.patch.
- exfat: properly set s_time_gran  (bsc#1192328).
- commit 832525a
- Drop two USB patches that are reverted by stable 5.4.158
  Deleted:
  patches.suse/usb-core-hcd-Add-support-for-deferring-roothub-regis.patch
  patches.suse/xhci-Set-HCD-flag-to-defer-primary-roothub-registrat.patch
  blacklist.conf: updated
- commit 10f1374
- serial: xilinx_uartps: Fix race condition causing stuck TX
  (git-fixes).
- serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
- staging: rtl8192u: fix control-message timeouts (git-fixes).
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- USB: iowarrior: fix control-message timeouts (git-fixes).
- usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
- usb: max-3421: Use driver data instead of maintaining a list
  of bound devices (git-fixes).
- usb: gadget: hid: fix error code in do_config() (git-fixes).
- commit b954450
- power: supply: bq27xxx: Fix kernel crash on IRQ handler register
  error (git-fixes).
- power: supply: max17042_battery: Prevent int underflow in
  set_soc_threshold (git-fixes).
- =?UTF-8?q?power:=20supply:=20rt5033=5Fbattery:=20Change?=
  =?UTF-8?q?=20voltage=20values=20to=20=C2=B5V?= (git-fixes).
- power: supply: max17042_battery: use VFSOC for capacity when
  no rsns (git-fixes).
- iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
- staging: r8712u: fix control-message timeout (git-fixes).
- Revert "/platform/x86: i2c-multi-instantiate: Don't create
  platform device for INT3515 ACPI nodes"/ (git-fixes).
- commit 0f3a4f1
- PCI: uniphier: Serialize INTx masking/unmasking and fix the
  bit operation (git-fixes).
- PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG
  (git-fixes).
- PCI: aardvark: Fix return value of MSI domain .alloc() method
  (git-fixes).
- PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
- HID: u2fzero: properly handle timeouts in usb_submit_urb
  (git-fixes).
- HID: u2fzero: clarify error check and length calculations
  (git-fixes).
- pinctrl: core: fix possible memory leak in pinctrl_enable()
  (git-fixes).
- video: fbdev: chipsfb: use memset_io() instead of memset()
  (git-fixes).
- ABI: sysfs-kernel-slab: Document some stats (git-fixes).
- commit 92991a1
- auxdisplay: ht16k33: Fix frame buffer device blanking
  (git-fixes).
- auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
- auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty
  string (git-fixes).
- PCI: aardvark: Fix reporting Data Link Layer Link Active
  (git-fixes).
- PCI: aardvark: Fix checking for link up via LTSSM state
  (git-fixes).
- PCI: aardvark: Do not unmask unused interrupts (git-fixes).
- PCI: aardvark: Do not clear status bits of masked interrupts
  (git-fixes).
- PCI: aardvark: Don't spam about PIO Response Status (git-fixes).
- commit 3e5c258
- ALSA: usb-audio: Add Audient iD14 to mixer map quirk table
  (git-fixes).
- ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table
  (git-fixes).
- commit b23c22d
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- commit 5f3b3d8
- ocfs2: fix data corruption on truncate (bsc#1190795).
- commit 4b0d91a
- ftrace: Fix scripts/recordmcount.pl due to new binutils
  (bsc#1192267).
- commit f07ed1b
- PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set()
  (bsc#1169263).
- PCI/ACPI: Move _OSC query checks to separate function
  (bsc#1169263).
- PCI/ACPI: Move supported and control calculations to separate
  functions (bsc#1169263).
- PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS
  (bsc#1169263).
- PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
- PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
- commit a38114a
- series.conf: refresh
- update upstream references and resort
  - patches.suse/scsi-lpfc-Adjust-bytes-received-vales-during-cmf-tim.patch
  - patches.suse/scsi-lpfc-Allow-PLOGI-retry-if-previous-PLOGI-was-ab.patch
  - patches.suse/scsi-lpfc-Allow-fabric-node-recovery-if-recovery-is-.patch
  - patches.suse/scsi-lpfc-Correct-sysfs-reporting-of-loop-support-af.patch
  - patches.suse/scsi-lpfc-Don-t-release-final-kref-on-Fport-node-whi.patch
  - patches.suse/scsi-lpfc-Don-t-remove-ndlp-on-PRLI-errors-in-P2P-mo.patch
  - patches.suse/scsi-lpfc-Fix-EEH-support-for-NVMe-I-O.patch
  - patches.suse/scsi-lpfc-Fix-FCP-I-O-flush-functionality-for-TMF-ro.patch
  - patches.suse/scsi-lpfc-Fix-I-O-block-after-enabling-managed-conge.patch
  - patches.suse/scsi-lpfc-Fix-NVMe-I-O-failover-to-non-optimized-pat.patch
  - patches.suse/scsi-lpfc-Fix-hang-on-unload-due-to-stuck-fport-node.patch
  - patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch
  - patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch
  - patches.suse/scsi-lpfc-Fix-premature-rpi-release-for-unsolicited-.patch
  - patches.suse/scsi-lpfc-Fix-rediscovery-of-tape-device-after-LIP.patch
  - patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch
  - patches.suse/scsi-lpfc-Improve-PBDE-checks-during-SGL-processing.patch
  - patches.suse/scsi-lpfc-Revert-LOG_TRACE_EVENT-back-to-LOG_INIT-pr.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.2.patch
  - patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.3.patch
  - patches.suse/scsi-lpfc-Wait-for-successful-restart-of-SLI3-adapte.patch
  - patches.suse/scsi-lpfc-Zero-CGN-stats-only-during-initial-driver-.patch
  - patches.suse/scsi-qla2xxx-Add-support-for-mailbox-passthru.patch
  - patches.suse/scsi-qla2xxx-Call-process_response_queue-in-Tx-path.patch
  - patches.suse/scsi-qla2xxx-Check-for-firmware-capability-before-cr.patch
  - patches.suse/scsi-qla2xxx-Display-16G-only-as-supported-speeds-fo.patch
  - patches.suse/scsi-qla2xxx-Fix-crash-in-NVMe-abort-path.patch
  - patches.suse/scsi-qla2xxx-Fix-kernel-crash-when-accessing-port_sp.patch
  - patches.suse/scsi-qla2xxx-Fix-use-after-free-in-eh_abort-path.patch
  - patches.suse/scsi-qla2xxx-Move-heartbeat-handling-from-DPC-thread.patch
  - patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-poin.patch
  - patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.100-k.patch
  - patches.suse/scsi-qla2xxx-edif-Use-link-event-to-wake-up-app.patch
  No effect on expanded tree.
- commit 69f2186
- Refresh
  patches.suse/ibmvnic-Consolidate-code-in-replenish_rx_pool.patch.
- Refresh
  patches.suse/ibmvnic-Fix-up-some-comments-and-messages.patch.
- Refresh patches.suse/ibmvnic-Reuse-LTB-when-possible.patch.
- Refresh patches.suse/ibmvnic-Reuse-rx-pools-when-possible.patch.
- Refresh patches.suse/ibmvnic-Reuse-tx-pools-when-possible.patch.
- Refresh patches.suse/ibmvnic-Use-bitmap-for-LTB-map_ids.patch.
- Refresh
  patches.suse/ibmvnic-Use-rename-local-vars-in-init_rx_pools.patch.
- Refresh
  patches.suse/ibmvnic-Use-rename-local-vars-in-init_tx_pools.patch.
- Refresh
  patches.suse/ibmvnic-init_tx_pools-move-loop-invariant-code.patch.
  Metadata update
- commit 62eb415
- README.BRANCH: Add Oscar Salvador as SLE15-SP3 maintainer
- commit 8e13353
- Update patch reference for ISDN fix (CVE-2021-43389 bsc#1191958)
- commit b343e2f
- EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh
  (bsc#1192288).
- commit a0f44db
- Update
  patches.suse/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch
  (bsc#1188601 CVE-2021-37159).
  Added bsc and CVE numbers
- commit e17f2ff
- kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
- commit 659ddc7
- ASoC: topology: Fix stub for snd_soc_tplg_component_remove()
  (git-fixes).
- ASoC: SOF: topology: do not power down primary core during
  topology removal (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes).
- ALSA: hda: Use position buffer for SKL+ again (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting
  (git-fixes).
- ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14
  (git-fixes).
- commit a82ebfb
- memory: fsl_ifc: fix leak of irq and nand_irq in
  fsl_ifc_ctrl_probe (git-fixes).
- ASoC: dt-bindings: cs42l42: Correct description of ts-inv
  (git-fixes).
- ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
- ASoC: rockchip: Use generic dmaengine code (git-fixes).
- ASoC: cs42l42: Defer probe if request_threaded_irq() returns
  EPROBE_DEFER (git-fixes).
- ASoC: cs42l42: Don't set defaults for volatile registers
  (git-fixes).
- ASoC: cs42l42: Correct some register default values (git-fixes).
- ALSA: ua101: fix division by zero at probe (git-fixes).
- ALSA: hda: Reduce udelay() at SKL+ position reporting
  (git-fixes).
- platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning
  (git-fixes).
- commit 7e1e84d
- Update patch reference for AMDGPU fix (bsc#1180749)
- commit 6ea4cbc
- drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes).
- drm/amdgpu/display: add quirk handling for stutter mode
  (git-fixes).
- drm/msm: uninitialized variable in msm_gem_import() (git-fixes).
- drm/msm: potential error pointer dereference in init()
  (git-fixes).
- drm/ttm: stop calling tt_swapin in vm_access (git-fixes).
- PM: sleep: Do not let "/syscore"/ devices runtime-suspend during
  system transitions (git-fixes).
- iwlwifi: mvm: fix some kerneldoc issues (git-fixes).
- mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
  (git-fixes).
- mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes).
- mt76: mt7915: fix possible infinite loop release semaphore
  (git-fixes).
- mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi
  (git-fixes).
- ath10k: sdio: Add missing BH locking around napi_schdule()
  (git-fixes).
- commit a012b20
- regulator: dt-bindings: samsung,s5m8767: correct
  s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
- regulator: s5m8767: do not use reset value as DVS voltage if
  GPIO DVS is disabled (git-fixes).
- mmc: mxs-mmc: disable regulator on error and in the remove
  function (git-fixes).
- memstick: jmb38x_ms: use appropriate free function in
  jmb38x_ms_alloc_host() (git-fixes).
- memstick: avoid out-of-range warning (git-fixes).
- mmc: sdhci-omap: Fix NULL pointer exception if regulator is
  not configured (git-fixes).
- media: ite-cir: IR receiver stop working after receive overflow
  (git-fixes).
- tpm: Check for integer overflow in tpm2_map_response_body()
  (git-fixes).
- commit d39cbe5
- media: dvb-frontends: mn88443x: Handle errors of
  clk_prepare_enable() (git-fixes).
- media: em28xx: Don't use ops->suspend if it is NULL (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: mxl111sf: change mutex_init() location (git-fixes).
- media: cx23885: Fix snd_card_free call on null card pointer
  (git-fixes).
- media: tm6000: Avoid card name truncation (git-fixes).
- media: si470x: Avoid card name truncation (git-fixes).
- media: radio-wl1273: Avoid card name truncation (git-fixes).
- media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
- media: mtk-vpu: Fix a resource leak in the error handling path
  of 'mtk_vpu_probe()' (git-fixes).
- commit db843c8
- hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
- hwmon: (pmbus/lm25066) Let compiler determine outer dimension
  of lm25066_coeff (git-fixes).
- hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
- media: TDA1997x: handle short reads of hdmi info frame
  (git-fixes).
- media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
- media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
- media: staging/intel-ipu3: css: Fix wrong size comparison
  imgu_css_fw_init (git-fixes).
- media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
- media: cxd2880-spi: Fix a null pointer dereference on error
  handling path (git-fixes).
- media: em28xx: add missing em28xx_close_extension (git-fixes).
- commit cc194ed
- virtio-gpu: fix possible memory allocation failure (git-fixes).
- rsi: fix control-message timeout (git-fixes).
- rtl8187: fix control-message timeouts (git-fixes).
- wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
- wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
- wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass
  two's complement (git-fixes).
- hwmon: Fix possible memleak in __hwmon_device_register()
  (git-fixes).
- firmware/psci: fix application of sizeof to pointer (git-fixes).
- usbnet: fix error return code in usbnet_probe() (git-fixes).
- usbnet: sanity check for maxpacket (git-fixes).
- commit 4c5043d
- mwifiex: fix division by zero in fw download path (git-fixes).
- libertas_tf: Fix possible memory leak in probe and disconnect
  (git-fixes).
- mt76: mt76x02: fix endianness warnings in mt76x02_mac.c
  (git-fixes).
- mwifiex: Send DELBA requests according to spec (git-fixes).
- rsi: stop thread firstly in rsi_91x_init() error handling
  (git-fixes).
- rsi: Fix module dev_oper_mode parameter description (git-fixes).
- mmc: sdhci: Map more voltage level to SDHCI_POWER_330
  (git-fixes).
- commit e68a671
- drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
- drm/amdgpu: fix warning for overflow check (git-fixes).
- drm/v3d: fix wait for TMU write combiner flush (git-fixes).
- drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
- libertas: Fix possible memory leak in probe and disconnect
  (git-fixes).
- b43legacy: fix a lower bounds test (git-fixes).
- Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync
  (git-fixes).
- Bluetooth: fix init and cleanup of sco_conn.timeout_work
  (git-fixes).
- commit 58db500
- ath6kl: fix division by zero in send path (git-fixes).
- ath10k: fix division by zero in send path (git-fixes).
- ath6kl: fix control-message timeout (git-fixes).
- ath10k: fix control-message timeout (git-fixes).
- ath10k: fix max antenna gain unit (git-fixes).
- ath9k: Fix potential interrupt storm on queue reset (git-fixes).
- b43: fix a lower bounds test (git-fixes).
- ath10k: Fix missing frame timestamp for beacon/probe-resp
  (git-fixes).
- ata: sata_mv: Fix the error handling of mv_chip_id()
  (git-fixes).
- commit 276cbd3
- Input: i8042 - Add quirk for Fujitsu Lifebook T725
  (bsc#1191980).
- commit 9545e5e
- x86/msi: Force affinity setup before startup (bsc#1152489).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- commit a7cad27
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- commit f2c4d71
- xfs: don't allow log writes if the data device is readonly
  (bsc#1192229).
- commit 67ee0ba
- series.conf: refresh
- update upstream references and resort:
  - patches.suse/ibmvnic-Consolidate-code-in-replenish_rx_pool.patch
  - patches.suse/ibmvnic-Fix-up-some-comments-and-messages.patch
  - patches.suse/ibmvnic-Reuse-LTB-when-possible.patch
  - patches.suse/ibmvnic-Reuse-rx-pools-when-possible.patch
  - patches.suse/ibmvnic-Reuse-tx-pools-when-possible.patch
  - patches.suse/ibmvnic-Use-bitmap-for-LTB-map_ids.patch
  - patches.suse/ibmvnic-Use-rename-local-vars-in-init_rx_pools.patch
  - patches.suse/ibmvnic-Use-rename-local-vars-in-init_tx_pools.patch
  - patches.suse/ibmvnic-init_tx_pools-move-loop-invariant-code.patch
- commit 35d2ed0
- Update kabi files.
- update from November 2021 maintenance update submission (commit fb4a33cb1752)
- commit 24b46c0
- x86/ioapic: Force affinity setup before startup (bsc#1152489).
- commit 305e50a
- genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
- commit e709b2b
- gpio/rockchip: fetch deferred output settings on probe
  (bsc#1192217).
- pinctrl/rockchip: add a queue for deferred pin output settings
  on probe (bsc#1192217).
- gpio/rockchip: fix get_direction value handling (bsc#1192217).
- gpio/rockchip: extended debounce support is only available on v2
  (bsc#1192217).
- pinctrl/rockchip: drop the gpio related codes (bsc#1192217).
- gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type
  (bsc#1192217).
- gpio/rockchip: support next version gpio controller
  (bsc#1192217).
- gpio/rockchip: use struct rockchip_gpio_regs for gpio controller
  (bsc#1192217).
- gpio/rockchip: add driver for rockchip gpio (bsc#1192217).
- pinctrl/rockchip: add pinctrl device to gpio bank struct
  (bsc#1192217).
- pinctrl/rockchip: separate struct rockchip_pin_bank to a head
  file (bsc#1192217).
- pinctrl/rockchip: always enable clock for gpio controller
  (bsc#1192217).
- pinctrl: rockchip: do coding style for mux route struct
  (bsc#1192217).
- pinctrl: rockchip: add support for rk3568 (bsc#1192217).
- pinctrl: rockchip: make driver be tristate module (bsc#1192217).
- pinctrl: rockchip: clear int status when driver probed
  (bsc#1192217).
- pinctrl: rockchip: create irq mapping in gpio_to_irq
  (bsc#1192217).
- pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq
  (bsc#1192217).
- pinctrl: rockchip: Replace HTTP links with HTTPS ones
  (bsc#1192217).
- pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc
  misdemeanours (bsc#1192217).
- pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation
  fails (bsc#1192217).
- pinctrl: rockchip: add rk3308 SoC support (bsc#1192217).
- commit de4b584
- nvme-pci: set min_align_mask (bsc#1191851).
- swiotlb: respect min_align_mask (bsc#1191851).
- swiotlb: don't modify orig_addr in swiotlb_tbl_sync_single
  (bsc#1191851).
- swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
- swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
- swiotlb: factor out a nr_slots helper (bsc#1191851).
- swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
- swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
- commit 63c0e38
- driver core: add a min_align_mask field to struct
  device_dma_parameters (bsc#1191851).
- commit cb95969
- KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
- KVM: s390: VSIE: correctly handle MVPG when in VSIE
  (bsc#1133021).
- KVM: s390: extend kvm_s390_shadow_fault to return entry pointer
  (bsc#1133021).
- KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
- commit ef66201
- blacklist.conf: ed65df63a39a ("/tracing: Have all levels of checks prevent recursion"/)
  It fixes a corner case, which should be rare. The patch changes a public
  header file and even if the API should not be used externally, there is
  always a risk.
- commit 80def7c
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
  (bsc#1152489).
- commit 96ee990
- netfilter: conntrack: collect all entries in one cycle
  (bsc#1173604).
- commit c4117de
- ipv6/netfilter: Discard first fragment not including all headers
  (bsc#1191241).
- IPv6: reply ICMP error if the first fragment don't include
  all headers (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
  (bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU
  (bsc#1191241).
- commit c74316d
- swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
- Refresh
  patches.suse/dma-direct-exclude-dma_direct_map_resource-from-the-min_low_pfn-check.patch.
- commit 0eae9b5
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode
  changing registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode
  (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0
  when guest SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
  (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- commit 2ce76cc
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
  (fate#322438 bsc#1085030 git-fixes).
- commit 3106974
- powerpc/64s: Remove irq mask workaround in
  accumulate_stolen_time() (jsc#SLE-9246 git-fixes).
- commit 5f2cf7e
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- commit 1702f6b
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
  (bsc#1065729).
- commit 4a60f84
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
  (bsc#1190351).
- commit c4ecd47
- mmc: vub300: fix control-message timeouts (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value
  (git-fixes).
- commit 15296ab
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in
  progress before devloss (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer
  dereference (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
  (bsc#1192145).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
  (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP
  status change (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
  host sg_reset (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
  driver_resource_setup() (bsc#1192145).
- commit ea0ad63
- kABI workaround for cfg80211 mgmt_registration_lock changes
  (git-fixes).
- commit 85ca292
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- commit 38a77a6
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: batman-adv: fix error handling (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list()
  (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit()
  (git-fixes).
- commit 1fb45c2
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
  (git-fixes).
- commit c406ead
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp
  (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- ionic: don't remove netdev->dev_addr when syncing uc list
  (bsc#1167773).
- iavf: fix double unlock of crit_lock (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- gve: report 64bit tx_bytes counter from
  gve_handle_report_stats() (bsc#1176940).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- net: bridge: use nla_total_size_64bit() in
  br_get_linkxstats_size() (git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup
  (git-fixes).
- net/mlx4_en: Don't allow aRFS for encapsulated packets
  (git-fixes).
- qed: rdma - don't wait for resources under hw error recovery
  flow (git-fixes).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
  (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- qed: Handle management FW error (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net/mlx5: FWTrace, cancel work on alloc pd error flow
  (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- i40e: Fix ATR queue selection (git-fixes).
- mlx5: count all link events (git-fixes).
- commit 64e7f77
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type
  has garbage value (bsc#1176447).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter
  (jsc#SLE-15172).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- RDMA/cma: Do not change route.addr.src_addr.ss_family
  (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
  (bsc#1181147).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- bnxt_en: make bnxt_free_skbs() safe to call after
  bnxt_free_mem() (jsc#SLE-16649).
- ice: Only lock to update netdev dev_addr (git-fixes).
- net/sched: ets: fix crash when flipping from 'strict' to
  'quantum' (bsc#1176774).
- net/mlx5e: RX, Avoid possible data corruption when relaxed
  ordering and LRO combined (jsc#SLE-15172).
- commit 016bdb7
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
  (CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
  bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
  bsc#1188563).
- commit e419503
- powerpc/idle: Don't corrupt back chain when going idle
  (bko#206669 bsc#1174585 bsc#1192107 CVE-2021-43056).
- KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return
  0 if it went to guest (bko#206669 bsc#1174585 bsc#1192107
  CVE-2021-43056).
- KVM: PPC: Book3S HV: Fix stack handling in
  idle_kvm_start_guest() (bko#206669 bsc#1174585 bsc#1192107
  CVE-2021-43056).
- powerpc64/idle: Fix SP offsets when saving GPRs (bko#206669
  bsc#1174585 bsc#1192107 CVE-2021-43056).
- commit 90745c9
- Update patch reference for ISDN fix (CVE-2021-3896 bsc#1191958)
- commit b1524c3
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- commit fc21d20
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- commit 3a9d8cd
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
  (git-fixes).
- isdn: cpai: check ctr->cnr to avoid array index out of bound
  (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset
  (git-fixes).
- platform/x86: intel_scu_ipc: Update timeout value in comment
  (git-fixes).
- commit 26182ff
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating
  inodes (bsc#1190642).
- commit 4a5d10a
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks
  read (git-fixes).
- drm/msm: Avoid potential overflow in timeout_to_jiffies()
  (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with
  ALC3254 (git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision
  5560 laptop (git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid
  batching (git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and
  SRAM types (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and
  SRAM types (git-fixes).
- ASoC: fsl_spdif: register platform component before registering
  cpu dai (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic
  (git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module
  (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
  (git-fixes).
- ASoC: Intel: update sof_pcm512x quirks (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move "/Platform Clock"/ routes to
  the maps for the matching in-/output (git-fixes).
- ASoC: atmel: ATMEL drivers don't need HAS_DMA (git-fixes).
- commit 6765039
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to
  ERROR_ACTIVE state notification (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- lan78xx: select CRC32 (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- audit: fix possible null-pointer dereference in
  audit_filter_rules (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
  ahci_platform_enable_regulators() (git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
  (git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS
  G551JW (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid
  ambiguity (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- commit 2657409
- xfs: fix I_DONTCACHE (bsc#1192074).
- commit c29b8dd
- Delete
  patches.suse/e1000e-Do-not-take-care-about-recovery-NVM-checksum.patch.
  Drop patch to avoid regressions until real fix is available (bsc#1191663)
- commit e7e000a
- blacklist.conf: irrelevant
- commit 4c2a4eb
- USB: xhci: dbc: fix tty registration race (git-fixes).
- commit 8800f76
- xhci: guard accesses to ep_state in xhci_endpoint_reset()
  (git-fixes).
- commit 2947d1e
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
  bsc#1190067).
- commit 9eabc0c
- Update patch reference for firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 2adc0e5
- cipso,calipso: resolve a number of problems with the DOI
  refcounts (CVE-2021-33033 bsc#1186109).
- commit 499c5a0
- ceph: fix handling of "/meta"/ errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut
  down when mounting (bsc#1192040).
- commit 329e544
- kabi: hide return value type change of sctp_af::from_addr_param
  (CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
  (CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
  bsc#1188563).
- commit 9f59a3f
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
- commit bd39990
- Revert "/sched/fair: Add ancestors of unthrottled undecayed cfs_rq"/
  The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
  Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
  reverted as part of short-term solution of bsc#1191343.
  This reverts commit d8d828e03d4f1e436c3580616c7b53db38e38dcb.
- commit c6395e4
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 9bccba9
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
  ltc#194757).
- commit 38f073b
- Added 3 SCSI-iscsi git-fix commits
- commit 2073942
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
  (git-fixes).
- Refresh
  patches.suse/scsi-iscsi-verify-lengths-on-passthrough-pdus.
- commit 6addc19
- scsi: target: Fix the pgr/alua_support_store functions
  (git-fixes).
- commit 5bcb387
- scsi: mpi3mr: Fix error return code in mpi3mr_init_ioc() (git-fixes)
  Also refreshed scsi-mpi3mr-Set-up-IRQs-in-resume-path, since this
  commit changed the context.
- commit 0352f63
- USB: serial: option: add Quectel EC200S-CN module support
  (git-fixes).
- commit e1df2bf
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- commit b42181b
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- commit cff3cf9
- USB: serial: option: add Telit LE910Cx composition 0x1204
  (git-fixes).
- commit 3ccad62
- xhci: Enable trust tx length quirk for Fresco FL11 USB
  controller (git-fixes).
- commit 55acfbd
- xhci: Fix command ring pointer corruption while aborting a
  command (git-fixes).
- commit bf02a9c
- Input: xpad - add support for another USB ID of Nacon GC-100
  (git-fixes).
- commit eba25ff
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- commit f4b9433
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr()
  (git-fixes).
- commit 0eebf69
- x86/sev: Return an error on a returned non-zero
  SW_EXITINFO1[31:0] (bsc#1178134).
- commit 3b2a96a
- media: firewire: firedtv-avc: fix a buffer overflow in
  avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit fab3d4f
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
  bsc#1191800).
- commit 8c6d0b8
- ocfs2: fix data corruption after conversion from inline format
  (bsc#1190795).
- commit ac3ffc2
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit c40c7ae
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit eee3b41
- blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
- commit da61791
- gpio: pca953x: Improve bias setting (git-fixes).
- spi: spi-nxp-fspi: don't depend on a specific node name erratum
  workaround (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
  (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init()
  (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp
  (git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- commit c393393
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in
  ssp_parse_dataframe() (git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug()
  (git-fixes).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
  (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
  (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device
  IDs (git-fixes).
- HID: apple: Fix logical maximum and usage maximum of Magic
  Keyboard JIS (git-fixes).
- commit 372fd90
- pata_legacy: fix a couple uninitialized variable bugs
  (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error
  (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
  (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes).
- commit 1a13895
- rpm/kernel-obs-build.spec.in: reduce initrd functionality
  For building in OBS, we always build inside a virtual machine
  that gets a new, freshly created scratch filesystem image. So
  we do not need to handle fscks because that ain't gonna happen,
  as well as not we do not need to handle microcode update in the
  initrd as these only can be run on the host system anyway. We
  can also strip and hardlink as an additional optimisation that
  should not significantly hurt.
- commit c72c6fc
- nvme-pci: Fix abort command id (git-fixes).
- nvme: add command id quirk for apple controllers (git-fixes).
- commit 210cebb
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
  Backporting notes:
  * context changes
- commit dbfac3c
- drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472)
  Backporting notes:
  * context changes in panfrost_job_irq_handler()
- commit 78a582b
- drm/i915: Fix syncmap memory leak (bsc#1152489)
  Backporting notes:
  * context changes in intel_timeline_fini()
- commit d5e337e
- blacklist.conf: Append 'drm/i915/overlay: Fix active retire callback alignment'
- commit c6cc973
- xen: reset legacy rtc flag for PV domU (git-fixes).
- commit 2ae68ea
- xen: fix setting of max_pfn in shared_info (git-fixes).
- commit 2d2e1e0
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch
- commit b7dfcc7
- NFS: Do uncached readdir when we're seeking a cookie in an
  empty page cache (bsc#1191628).
- commit 5ca83d3
- Update patches.suse/bpf-Fix-ringbuf-helper-function-compatibility.patch
  (git-fixes, bsc#1191645, CVE-2021-34866).
  Update references.
- commit 3bcb18d
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat
  ioctl (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on
  the Lenovo 13s Gen2 (git-fixes).
- commit f5dfccc
- NFC: digital: fix possible memory leak in
  digital_in_send_sdd_req() (git-fixes).
- NFC: digital: fix possible memory leak in
  digital_tg_listen_mdaa() (git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
  (git-fixes).
- commit aada78f
- netfilter: Drop fragmented ndisc packets assembled in netfilter
  (git-fixes).
- commit e526835
- net: ipv6: Discard next-hop MTU less than minimum link MTU
  (bsc#1191241).
- commit ba09279
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues
  (bsc#1185762).
- nvme-fc: avoid race between time out and tear down
  (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- commit 4afdc63
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
  (bsc#1191349).
- commit c7eb218
- acpi/arm64: fix next_platform_timer() section mismatch error
  (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time
  (git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size
  attributes (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after
  assign_windows (git-fixes).
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell
  XPS 15 (git-fixes).
- ACPI: NFIT: Use fallback node id when numa info in NFIT table
  is incorrect (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- commit 0673e50
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- commit 901c621
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32()
  call (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
  (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
  (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
  (git-fixes).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment
  (git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870
  SSD (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
  (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
  (git-fixes).
- commit 4915e73
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
  (git-fixes).
- commit aaf0697
- scsi: qla2xxx: Remove redundant initialization of pointer req
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path
  (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to
  workqueue (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path
  (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
  sysfs file (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app
  (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating
  QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c
  card (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout
  (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset()
  (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()
  (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
  (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
  (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list
  (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx
  (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang
  (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190941).
- commit c17f95e
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
  The semantic changed in an incompatible way so invoking the macro now
  causes a build failure.
- commit 3e55f55
- powerpc/feature-fixups: use a semicolon rather than a comma
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- commit c85e1c6
- powerpc/lib/feature-fixups: Use PPC_RAW_xxx() macros
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- Refresh patches.suse/powerpc-Don-t-use-struct-ppc_inst-to-reference-instr.patch.
- powerpc/ppc-opcode: Add PPC_RAW_MFSPR() (bsc#1188983
  CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- commit 5a3ede4
- powerpc/opcodes: Add shorter macros for registers for use
  with PPC_RAW_xx() (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- commit 6a14724
- powerpc/signal: Use PPC_RAW_xx() macros (bsc#1188983
  CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/asm: Add some opcodes in asm/ppc-opcode.h for PPC32 eBPF
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- commit 66c500d
- ipv6/netfilter: Discard first fragment not including all headers
  (bsc#1191241).
- commit 040f020
- IPv6: reply ICMP error if the first fragment don't include
  all headers (bsc#1191241).
- commit abf80f6
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
  (bsc#1191241).
- commit b3ab292
- powerpc: Don't use 'struct ppc_inst' to reference instruction
  location (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Don't use struct 'ppc_inst' for
  runnable code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr()
  static (jsc#SLE-13847 git-fixes).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
  code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
  (jsc#SLE-13847 git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction
  (jsc#SLE-13847 git-fixes).
- commit 5729394
- powerpc/bpf: Emit stf barrier instruction sequences
  for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
  bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
  conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/bpf: Emit stf barrier instruction sequences
  for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
  bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
  conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- commit 3f6738b
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- commit 09be9b3
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
  (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting
  (git-fixes).
- commit b5d0357
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit
  from run_smbios_call (git-fixes).
- commit a539d65
- x86/resctrl: Free the ctrlval arrays when
  domain_setup_mon_state() fails (bsc#1152489).
- commit dba5675
- can: xilinx_can: handle failure cases of pm_runtime_get_sync
  (git-fixes).
- commit 82f6db6
- blacklist.conf: feature, not a fix
- commit fd65896
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
  (git-fixes).
- commit 5487063
- can: peak_usb: fix use after free bugs (git-fixes).
- commit 3ad9b4d
- can: dev: can_restart: fix use after free bug (git-fixes).
- commit 0943ca2
- can: ti_hecc: ti_hecc_probe(): add missed
  clk_disable_unprepare() in error path (git-fixes).
- commit 2fec0e3
- Update patch reference for soc fix (CVE-2021-42252 bsc#1190479)
- commit f05067d
- blacklist.conf: requires newer USB PD version than we have
- commit a8bbe8f
- blacklist.conf: needs newer USB PD than we have
- commit d0d6a50
- Update kabi files.
- commit a156da7
- USB: cdc-acm: fix minor-number release (git-fixes).
- commit 477b833
- USB: cdc-acm: clean up probe error labels (git-fixes).
- commit 576c313
- blacklist.conf: 4758fd801f91 x86/platform/olpc: Correct ifdef symbol to intended CONFIG_OLPC_XO15_SCI
- commit fab5572
- blacklist.conf: 225bac2dc5d1 x86/Kconfig: Correct reference to MWINCHIP3D
- commit 08dc820
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge()
  (bsc#1191456).
- commit 7832c25
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle
  (git-fixes).
- commit b332e18
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines
  (jsc#SLE-12936 git-fixes).
- commit 825316d
- tpm: ibmvtpm: Avoid error message when process gets signal
  while waiting (bsc#1065729).
- commit 1910f07
- powerpc/numa: Update cpu_cpu_map on CPU online/offline
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
  bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
  ltc#190257 git-fixes).
- Refresh patches.suse/powerpc-cacheinfo-Lookup-cache-by-dt-node-and-thread.patch.
- Revert "/powerpc/topology: Update topology_core_cpumask"/
  (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
  bsc#1180100 ltc#190257 git-fixes).
- Refresh patches.suse/powerpc-cacheinfo-Lookup-cache-by-dt-node-and-thread.patch
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615
  bsc#1180100 ltc#190257 git-fixes).
- commit 6f6565a
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620
  ltc#194498 git-fixes).
- commit 6c29f54
- cpuidle: pseries: Mark pseries_idle_proble() as __init
  (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes).
- commit 319f0f3
- xfs: fix up non-directory creation in SGID directories
  (bsc#1190006 CVE-2018-13405).
- commit f5a61c4
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- commit 7385144
- xfs: ensure that the inode uid/gid match values match the
  icdinode ones (bsc#1190006).
- commit 0ddcc0f
- xfs: merge the projid fields in struct xfs_icdinode
  (bsc#1190006).
- commit 3a30ff3
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- commit aede7cc
- Revert "/sched/fair: Correctly insert cfs_rq's to list on unthrottle
  (git-fixes)"/ (bsc#1191343, bsc#1191238)
  The commit a7b359fc6a37 ("/sched/fair: Correctly insert cfs_rq's to list
  on unthrottle"/) causes more severe problems than the problem it aims to
  solve (corrupting cfs_rq leaf list vs insufficient fairness). While both
  need to be solved eventually, revert the commit until non-breaking
  solution is found.
  Blacklist the commit as well, to prevent a regression via git-fixes.
  This reverts commit 1732b9ba91b4b7a0822e98bd910feefbcb5424dc.
- commit b8c1ddd
- Revert "/sched/fair: Ensure that the CFS parent is added after unthrottling (git-fixes)."/
  The reverted commit is a followup of a7b359fc6a37 ("/sched/fair:
  Correctly insert cfs_rq's to list on unthrottle"/) which is going to be
  reverted as part of short-term solution of bsc#1191343.
  This reverts commit f3a38fbebab3f88070c129511f99a896f5532f7e.
- commit 4f925fc
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
  (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (jsc#SLE-18120).
- commit fc7fb17
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
  (bsc#1191449).
- commit 549a3d8
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check
  (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume
  (jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection
  of VD I/O timeout (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging
  (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe
  drives (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook
  (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks
  (jsc#SLE-18120).
- scsi: mpi3mr: Add bios_param SCSI host template hook
  (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware
  (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller
  (jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling
  (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling
  (jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread
  (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing
  (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair
  (jsc#SLE-18120).
- commit 259660e
- blk: Fix lock inversion between ioc lock and bfqd lock
  (bsc#1191456).
- commit adb5e59
- bfq: Remove merged request already in bfq_requests_merged()
  (bsc#1191456).
- commit 0d474e5
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- commit cd60ce3
- blacklist.conf: Blacklist 889c05cc5834
- commit ea30b1a
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- Update config files (enabling tthe driver as a module)
- commit 3c0fd36
- blacklist.conf: Blacklist 6961fed42014
- commit b6fb7af
- blktrace: Fix uaf in blk_trace access after removing by sysfs
  (bsc#1191452).
- commit a4f24d0
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- commit 34735be
- ext4: fix reserved space counter leakage (bsc#1191450).
- commit 449ab75
- ext4: report correct st_size for encrypted symlinks
  (bsc#1191449).
- commit 3669a7f
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
  (bsc#1191317, CVE-2021-41864).
- commit d4466f5
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- ALSA: hda: intel: Allow repeatedly probing on codec
  configuration errors (bsc#1190801).
- commit 27f79df
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo
  Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops
  (git-fixes).
- ASoC: dapm: use component prefix when checking widget names
  (git-fixes).
- commit 9bf3e05
- Add cherry-picked commit id to the usb hso fix (git-fixes)
- commit a4c3be7
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- HID: u2fzero: ignore incomplete packets without data
  (git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe
  (git-fixes).
- net: hso: add failure handler for add_net_device (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device
  (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling
  (git-fixes).
- commit 51aaf55
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig
  (jsc#SLE-18120).
- Update config files.
- commit 54f9bad
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu
  is absent (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when
  fails (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- commit b4b8a3b
- Update kabi files.
- update from October 2021 maintenance update submission (commit c909dd500033)
- commit d500b18
- rpm: use _rpmmacrodir (boo#1191384)
- commit e350c14
- net: 6pack: fix slab-out-of-bounds in decode_data
  (CVE-2021-42008 bsc#1191315).
- commit b0db75a
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- powercap: intel_rapl: add support for Sapphire Rapids
  (jsc#SLE-15289).
- commit 053c38b
- series.conf: cleanup
- move a kabi workaround into correct section:
  patches.kabi/ipvs-Fix-up-kabi-for-expire_nodest_conn_work-additio.patch
- commit bc02214
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq
  (bsc#1191292).
- commit d8d828e
- blacklist.conf: Update for 51e1bb9eeaf7
- commit fe28675
- x86/alternatives: Teach text_poke_bp() to emulate instructions
  (bsc#1185302).
- Refresh
  patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit ef191ae
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
  (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 71f9eaf
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: don't deactivate hctx if managed irq isn't used
  (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- commit 57a6cb7
- blacklist.conf: 3a1255396b5a x86/alternatives: add missing insn.h include
- commit 53a5b9c
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- hwmon: (mlxreg-fan) Return non-zero value when fan current
  state is enforced from sysfs (git-fixes).
- commit 2560193
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  Refreshing patch with upstream metadata.
- commit 2d6ef2e
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit 628c3ee
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 466f31b
- powerpc/powernv: Fix machine check reporting of async store
  errors (bsc#1065729).
- commit 0b715ae
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
  pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
  ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
  flags (bsc#1065729).
- commit f3110f1
- drm/i915/rkl: Remove require_force_probe protection
  (bsc#1189257).
- commit 94530db
- apparmor: remove duplicate macro list_entry_is_head()
  (git-fixes).
- commit 514b75b
- xhci: Set HCD flag to defer primary roothub registration
  (git-fixes).
- commit 8f4e75e
- USB: serial: option: add device id for Foxconn T99W265
  (git-fixes).
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
  Multimeter (git-fixes).
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
  (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration
  (git-fixes).
- commit 0a6378c
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- mac80211: limit injected vht mcs/nss in
  ieee80211_parse_tx_radiotap (git-fixes).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
  (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations
  (git-fixes).
- commit dbd9f90
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug
  (git-fixes).
- ALSA: firewire-motu: fix truncated bytes in message tracepoints
  (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ASoC: fsl_micfil: register platform component before registering
  cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume
  function (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- watchdog/sb_watchdog: fix compilation problem due to
  COMPILE_TEST (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs
  (git-fixes).
- dmaengine: ioat: depends on !UML (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- commit 71b860e
- thermal/core: Potential buffer overflow in
  thermal_build_list_of_policies() (git-fixes).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- pwm: stm32-lp: Don't modify HW state in .remove() callback
  (git-fixes).
- pwm: rockchip: Don't modify HW state in .remove() callback
  (git-fixes).
- pwm: img: Don't modify HW state in .remove() callback
  (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register
  (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety
  (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- commit a8d4022
- fpga: machxo2-spi: Fix missing error code in
  machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA
  (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- gpio: uniphier: Fix void functions to remove return value
  (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B
  (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- commit 79aec8d
- clk: at91: clk-generated: pass the id of changeable parent at
  registration (git-fixes).
- Refresh
  patches.suse/clk-at91-clk-generated-Limit-the-requested-rate-to-o.patch.
- commit 39cefdd
- drm/amd/amdgpu: Update debugfs link_settings output link_rate
  field in hex (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section
  (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry
  (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd
  (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing
  to the head (git-fixes).
- commit 60017cf
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix
  possible uninitialized-variable access in
  amdgpu_i2c_router_select_ddc_port() (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value
  (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops
  (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional
  regulator (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status'
  structure (git-fixes).
- iwlwifi: mvm: fix a memory leak in
  iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object
  to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- commit 4c6f48f
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- mfd: Don't use irq_create_mapping() to resolve a mapping
  (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error
  (git-fixes).
- media: uvc: don't do DMA on stack (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- parport: remove non-zero check on count (git-fixes).
- mmc: core: Return correct emmc response in case of ioctl error
  (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled
  (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions
  (git-fixes).
- commit 9209c5a
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts
  (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting
  for PIO response (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PM: base: power: don't try to use non-existing RTC for storing
  data (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices
  (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms
  (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported
  (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
  (git-fixes).
- commit 61f24a4
- rtc: tps65910: Correct driver module alias (git-fixes).
- USB: EHCI: ehci-mv: improve error handling in mv_ehci_enable()
  (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference
  (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet
  (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- serial: 8250_pci: make setup_port() parameters explicitly
  unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices
  (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line
  changes (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size
  (git-fixes).
- commit f3797b6
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero
  (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input
  (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state
  (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup
  (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb
  (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional
  opportunities calculation (git-fixes).
- commit f1407f0
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
  ath9k modules have some exported symbols for the common helpers
  and the recent fixes broke kABI of those.  They are specific to
  ath9k's own usages, so safe to ignore.
- commit 7579b4b
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
  bsc#1191193).
- commit bc02804
- ath9k: Postpone key cache entry deletion for TXQ frames
  reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
  (CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- commit 5fe383f
- Refresh
  patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch.
- commit 7f69543
- Update patches.kabi/NFS-pass-cred-explicitly-for-access-tests.patch
  (bsc#1190746 bsc#1191172).
  cache.group_info (aka cache.cred) was not properly initialized when
  - >access() was called.
- commit 9ff84db
- ipc: replace costly bailout check in sysvipc_find_ipc()
  (bsc#1159886 bsc#1188986 CVE-2021-3669).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- commit af97833
- scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition
  (bsc#1171688 bsc#1174003 bsc#1190576).
- commit 3952cc0
- Update config files.
- commit 48075c9
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/net-mana-Fix-a-memory-leak-in-an-error-handling-path.patch
- commit 12cbf84
- series.conf: cleanup
- move submitted patches to "/almost mainline"/ section:
  - patches.suse/NFS-change-nfs_access_get_cached-to-only-report-the-.patch
  - patches.suse/NFS-pass-cred-explicitly-for-access-tests.patch
  - patches.suse/NFS-don-t-store-struct-cred-in-struct-nfs_access_ent.patch
- commit a3b4285
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit b88ab2e
- blacklist.conf: too intrusive, gone in through SP3
- commit a81e8d3
- blacklist.conf: too intrusive, gone in through SP3
- commit 4bedee6
- blacklist.conf: too intrusive, gone in through SP3
- commit 0474866
- blacklist.conf: kABI
- commit e8337cf
- cpuidle: pseries: Do not cap the CEDE0 latency in
  fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes
  jsc#SLE-18128).
- commit cfe4b84
- x86/mm: Fix kern_addr_valid() to cope with existing but not
  present entries (bsc#1152489).
- commit 1efaf04
- x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134).
- commit 54b59b3
- Refresh
  patches.suse/drm-amd-display-Initialize-attribute-for-hdcp_srm-sy.patch.
  Added Alt-commit for duplicate
- commit 86167e7
- drm/ast: Fix missing conversions to managed API (git-fixes).
- commit cab6852
- Refresh patches.suse/drm-i915-Fix-crash-in-auto_retire.patch.
  Added Alt-commit for duplicate
- commit 334db42
- drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes).
- commit ed3952b
- drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes).
- commit 4e7e865
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- commit 44e26ca
- Refresh
  patches.suse/drm-amdgpu-Init-GFX10_ADDR_CONFIG-for-VCN-v3-in-DPG-.patch.
  Added Alt-commit for duplicate
- commit fa028bf
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- commit bac299d
- nvme: fix refcounting imbalance when all paths are down
  (bsc#1188067).
- Refresh
  patches.suse/nvme-only-call-synchronize_srcu-when-clearing-curren.patch.
- commit 44b2d54
- series: Update meta data and resort
  Refresh the metad data and sort into correct position:
  patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch
  patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch
  patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch
  patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch
  patches.suse/scsi-lpfc-Remove-unneeded-variable.patch
  patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch
- commit 12f1564
- Update
  patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
  (CVE-2021-3752 bsc#1190023).
- commit 6b966b4
- Update
  patches.suse/Bluetooth-check-for-zapped-sk-before-connecting.patch
  (CVE-2021-3752 bsc#1190023).
- commit 65458cc
- drm/mgag200: Select clock in PLL update functions (git-fixes).
- commit 8e058be
- Restore kabi after NFS: pass cred explicitly for access tests
  (bsc#1190746).
- NFS: don't store 'struct cred *' in struct nfs_access_entry
  (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- NFS: change nfs_access_get_cached to only report the mask
  (bsc#1190746).
- commit 907996a
- dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER
  (git-fixes).
- commit 931b672
- usb: musb: tusb6010: uninitialized data in
  tusb_fifo_write_unaligned() (git-fixes).
- commit 11a541f
- drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume
  __maybe_unused (git-fixes).
- commit 6bec20e
- drm/i915: Allow the sysadmin to override security mitigations
  (git-fixes).
- commit c1eb827
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- commit 3009743
- EDAC/synopsys: Fix wrong value type assignment for edac_mode
  (bsc#1152489).
- commit 15eb225
- kernel-binary.spec: Do not sign kernel when no key provided
  (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided
  (bsc#1187167).
- commit c909dd5
- enetc: Fix uninitialized struct dim_sample field usage
  (git-fixes).
- PCI: of: Don't fail devm_pci_alloc_host_bridge() on missing
  'ranges' (git-fixes).
- mmc: sdhci: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- net: ethernet: ti: cpsw: fix min eth packet size for non-switch
  use-cases (git-fixes).
- optee: Fix memory leak when failing to register shm pages
  (git-fixes).
- commit 1758b20
- powerpc: fix function annotations to avoid section mismatch
  warnings with gcc-10 (bsc#1148868).
- commit 9e9276f
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
  ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit e17894e
- Revert "/rpm: Abolish scritplet templating (bsc#1189841)."/ (bsc#1190598)
  This reverts commit e98096d5cf85dbe90f74a930eb1f0e3fe4a70c7f.
  These changes depend on a suse-module-tools update which has not reached
  SLE15-SP2/3 and Leap 15.2/3 yet, causing both build failures and
  unsatisfiable dependency of resulting binary packages.
  Revert the commit temporarily until suse-module-tools is updated.
- commit 7d43568
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 9763078
- powerpc/pseries: Prevent free CPU ids being reused on another
  node (bsc#1190620 ltc#194498).
- commit 7097b6c
- net: sched: sch_teql: fix null-pointer dereference
  (bsc#1190717).
- commit 0a89f09
- x86/alternatives: Teach text_poke_bp() to emulate instructions
  (bsc#1190561).
- Refresh
  patches.suse/x86-alternatives-sync-bp_patching-update-for-avoiding-null-pointer-exception.patch.
- commit 1c9f1df
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
  well.
  Fixes: e98096d5cf85 ("/rpm: Abolish scritplet templating (bsc#1189841)."/)
- commit e082fbf
- mm/swap: consider max pages in iomap_swapfile_add_extent
  (bsc#1190785).
- commit afb626e
- iomap: Fix negative assignment to unsigned sis->pages in
  iomap_swapfile_activate (bsc#1190784).
- commit 7126cba
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
  (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
  (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
  and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
  (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
  interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
  (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
  (bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
  (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
  (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
  (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
  and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
  outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
  (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
  CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
  processing (bsc#1190576).
- commit 1435c13
- blacklist.conf: kABI
- commit 3cb18d9
- blacklist.conf: kABI
- commit dcb25ee
- blacklist.conf: kABI
- commit d400b4c
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0fb9cd2
- usb: dwc2: Avoid leaving the error_debugfs label unused
  (git-fixes).
- commit fb08350
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758
  ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758
  ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758
  ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758
  ltc#191943).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758
  ltc#191943).
- commit dea5bd2
- x86/resctrl: Fix a maybe-uninitialized build warning treated
  as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting
  (bsc#1152489).
- commit 450cdb2
- vmxnet3: update to version 6 (bsc#1190406).
- commit 8d3dc67
- vmxnet3: increase maximum configurable mtu to 9190
  (bsc#1190406).
- commit bd5109d
- vmxnet3: set correct hash type based on rss information
  (bsc#1190406).
- commit e1e474b
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- commit 1687646
- vmxnet3: remove power of 2 limitation on the queues
  (bsc#1190406).
- commit f3834f6
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- commit fbdf2fe
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- commit 7e0fe82
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- commit 73351a3
- xfs: sync lazy sb accounting on quiesce of read-only mounts
  (bsc#1190679).
- commit 668fdef
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 7e0dc1d
- s390/unwind: use current_frame_address() to unwind current task
  (bsc#1185677).
- commit 92c31e7
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
  (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
  (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
  (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
  (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
  to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
  Refresh and update:
  - patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_RDP-definition.patch
- scsi: core: Add helper to return number of logical blocks in
  a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
  (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
  (bsc#1190576).
- commit e13d431
- Refresh patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
  Add else braces.
- commit f230c58
- series.conf: cleanup
- update upstream reference and resort:
  - patches.suse/ibmvnic-check-failover_pending-in-login-response.patch
- commit 2b5f056
- kernel-binary.spec: Check for no kernel signing certificates.
  Also remove unused variable.
- commit bdc323e
- Revert "/rpm/kernel-binary.spec: Use only non-empty certificates."/
  This reverts commit 30360abfb58aec2c9ee7b6a27edebe875c90029d.
- commit 413e05b
- fuse: flush extending writes (bsc#1190595).
- cuse: fix broken release (bsc#1190596).
- commit 232b4ea
- rpm/kernel-binary.spec: Use only non-empty certificates.
- commit 30360ab
- ipvs: Fix up kabi for expire_nodest_conn_work addition
  (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections
  if expire_nodest_conn=1 (bsc#1190467).
- ipvs: allow connection reuse for unconfirmed conntrack
  (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- commit e0da213
- ext4: fix race writing to an inline_data file while its xattrs
  are changing (bsc#1190159 CVE-2021-40490).
- commit 4fadd7d
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
  (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 4ee91a7
- xfs: allow mount/remount when stripe width alignment is zero
  (bsc#1188651).
- commit e701c22
- bnxt_en: Fix asic.rev in devlink dev info command
  (jsc#SLE-16649).
- bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649).
- RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777).
- RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176).
- RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175).
- IB/hfi1: Indicate DMA wait when txq is queued for wakeup
  (jsc#SLE-13208).
- devlink: Clear whole devlink_flash_notify struct (bsc#1176447).
- net/mlx5: Fix missing return value in
  mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: drop useless check of PCI driver data validity
  (bsc#1167773).
- i40e: improve locking of mac_filter_hash (jsc#SLE-13701).
- igc: Use num_tx_queues when iterating over tx_ring queue
  (jsc#SLE-13533).
- ice: do not abort devlink info if board identifier can't be
  found (jsc#SLE-12878).
- sch_cake: fix srchost/dsthost hashing mode (bsc#1176447).
- ice: don't remove netdev->dev_addr from uc sync list
  (git-fixes).
- bareudp: Fix invalid read beyond skb's linear data
  (jsc#SLE-15172).
- RDMA/mlx5: Delay emptying a cache entry when a new MR is added
  to it recently (jsc#SLE-15175).
- commit 3dc7052
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
  (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
  (bsc#1173746).
- devlink: Break parameter notification sequence to be
  before/after unload/load driver (bsc#1154353).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- ionic: cleanly release devlink instance (bsc#1167773).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- cxgb4: dont touch blocked freelist bitmap after free
  (git-fixes).
- e1000e: Do not take care about recovery NVM checksum
  (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
  'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init()
  (bsc#1170774).
- iavf: Fix ping is lost after untrusted VF had tried to change
  MAC (jsc#SLE-7940).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
  (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells
  (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: don't lock the tx queue from napi poll (git-fixes).
- net/mlx5: Fix return value from tracer initialization
  (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route
  (git-fixes).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5: E-Switch, handle devcom events only for ports on
  the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- ionic: count csum_none when offload enabled (bsc#1167773).
- i40e: Fix log TC creation failure when max num of queues is
  exceeded (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware
  (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- commit f97144d
- powerpc/numa: Consider the max NUMA node for migratable LPAR
  (bsc#1190544 ltc#194520).
- commit ea0d9bb
- iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha
  (git-fixes).
- drm/msm/mdp4: move HW revision detection to earlier phase
  (git-fixes).
- drm/msm/mdp4: refactor HW revision detection into
  read_mdp_hw_revision (git-fixes).
- ASoC: rt5682: Remove unused variable in rt5682_i2c_remove()
  (git-fixes).
- ASoC: rt5682: Properly turn off regulators if wrong device ID
  (git-fixes).
- ASoC: Intel: Fix platform ID matching (git-fixes).
- ASoC: rt5682: Implement remove callback (git-fixes).
- commit 6612614
- fbmem: don't allow too huge resolutions (git-fixes).
- backlight: pwm_bl: Improve bootloader/kernel device handover
  (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats
  (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc()
  (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- libata: fix ata_host_start() (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF
  (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on
  readb / writeb errors (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- commit 0c36126
- time: Handle negative seconds correctly in timespec64_to_ns()
  (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted()
  (git-fixes).
- commit b2d42ef
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit 9f9cec0
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
  patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- Refresh
  patches.suse/msft-hv-2119-irqdomain-treewide-Keep-firmware-node-unconditionall.patch.
- commit a89813f
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- commit 9def092
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
  (bsc#1189297).
- commit 913942c
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT
  state (bsc#1190062).
- commit e5272e8
- clk: at91: clk-generated: Limit the requested rate to our range
  (git-fixes).
- commit c432b6b
- nvme: only call synchronize_srcu when clearing current path
  (bsc#1188067).
- nvme-tcp: Do not reset transport on data digest errors
  (bsc#1188418).
- nvme-multipath: revalidate paths during rescan (bsc#1187211).
- commit 359f763
- phy: tegra: xusb: Fix dangling pointer on probe failure
  (git-fixes).
- misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes).
- misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes).
- commit b7afa19
- blacklist.conf: add efa non backportable patch
- commit ebbcbd1
- selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the
  dest IP (git-fixes).
- bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's
  optstring (git-fixes).
- libbpf: Fix removal of inner map in bpf_object__create_map
  (git-fixes).
- libbpf: Fix the possible memory leak on error (git-fixes).
- bpf: Fix ringbuf helper function compatibility (git-fixes).
- tools: bpf: Fix error in 'make -C tools/ bpf_install'
  (git-fixes).
- selftests/bpf: Whitelist test_progs.h from .gitignore
  (git-fixes).
- bpftool: Add sock_release help info for cgroup attach/prog
  load command (bsc#1177028).
- selftests/bpf: Define string const as global for
  test_sysctl_prog.c (git-fixes).
- selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang
  change (git-fixes).
- commit 37bd48e
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc()
  fails (git-fixes).
- commit bc5a062
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- commit 561fbd8
- kernel-binary.spec.in Stop templating the scriptlets for subpackages
  (bsc#1190358).
  The script part for base package case is completely separate from the
  part for subpackages. Remove the part for subpackages from the base
  package script and use the KMP scripts for subpackages instead.
- commit 5d1f677
- kernel-binary.spec: Do not fail silently when KMP is empty
  (bsc#1190358).
  Copy the code from kernel-module-subpackage that deals with empty KMPs.
- commit d7d2e6e
- EDAC/mce_amd: Do not load edac_mce_amd module on guests
  (bsc#1190138).
- commit 2d1891d
- rpm: Abolish scritplet templating (bsc#1189841).
  Outsource kernel-binary and KMP scriptlets to suse-module-tools.
  This allows fixing bugs in the scriptlets as well as defining initrd
  regeneration policy independent of the kernel packages.
- commit 940cfb4
- rpm/kernel-binary.spec.in: avoid conflicting suse-release
  suse-release has arbitrary values in staging, we can't use it for
  dependencies. The filesystem one has to be enough (boo#1184804).
- commit 56f2cba
- rpm: fix kmp install path
- commit 22ec560
- bluetooth: eliminate the potential race condition when removing
  the HCI controller (bsc#1184611 CVE-2021-32399).
- commit b57a022
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- commit f037781
keyutils
- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)
- update to 1.6.3:
  * Revert the change notifications that were using /dev/watch_queue.
  * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
  * Allow "/keyctl supports"/ to retrieve raw capability data.
  * Allow "/keyctl id"/ to turn a symbolic key ID into a numeric ID.
  * Allow "/keyctl new_session"/ to name the keyring.
  * Allow "/keyctl add/padd/etc."/ to take hex-encoded data.
  * Add "/keyctl watch*"/ to expose kernel change notifications on keys.
  * Add caps for namespacing and notifications.
  * Set a default TTL on keys that upcall for name resolution.
  * Explicitly clear memory after it's held sensitive information.
  * Various manual page fixes.
  * Fix C++-related errors.
  * Add support for keyctl_move().
  * Add support for keyctl_capabilities().
  * Make key=val list optional for various public-key ops.
  * Fix system call signature for KEYCTL_PKEY_QUERY.
  * Fix 'keyctl pkey_query' argument passing.
  * Use keyctl_read_alloc() in dump_key_tree_aux().
  * Various manual page fixes.
- spec-cleaner run (fixup failing homepage url)
- prepare usrmerge (boo#1029961)
- updated to 1.6
  - Apply various specfile cleanups from Fedora.
  - request-key: Provide a command line option to suppress helper execution.
  - request-key: Find least-wildcard match rather than first match.
  - Remove the dependency on MIT Kerberos.
  - Fix some error messages
  - keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
  - Fix doc and comment typos.
  - Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
  - Add pkg-config support for finding libkeyutils.
- upstream isn't offering PGP signatures for the source tarballs anymore
- Replace krb5-devel BuildRequires with pkgconfig(krb5): Allow OBS
  to shortcut the ring0 bootstrap cycle by also using krb5-mini.
- add upstream signing key and verify source signature
- updated to 1.5.11 (bsc#1113013)
  - Add keyring restriction support.
  - Add KDF support to the Diffie-Helman function.
  - DNS: Add support for AFS config files and SRV records
kmod
- Enable ZSTD on 15.3 as well (boo#1192104).
- Only test ZSTD in testsuite on releases where it is available.
- Enable ZSTD on 15.4 (jsc#SLE-21256).
krb5
- Fix KDC null pointer dereference via a FAST inner body that
  lacks a server field; (CVE-2021-37750); (bsc#1189929);
- Added patches:
  * 0012-Fix-KDC-null-deref-on-TGS-inner-body-null-server.patch
ldb
- Add ldb-cve-2020-25718.patch &
  CVE-2020-25718-lib-Add-hex_byte-to-replace.h.patch to backport all
  changes from ldb-2.4.1.
  + CVE-2020-25718: samba: An RODC can issue (forge) administrator
    tickets to other servers; (bsc#1192246); (bso#14558)
  + CVE-2021-3738: samba: crash in dsdb stack;
    (bsc#1192215);(bso#14848)
-  Release ldb 2.2.2
  + Corrected python behaviour for 'in' for LDAP attributes
  contained as part of ldb.Message;(bso#14845).
  + Fix memory handling in ldb.msg_diff
  Corrected python docstrings;(bso#14836)
  + Backport bronze bit fixes, tests, and selftest improvements;
  (bso#14881).
less
- Add missing runtime dependency on which, which is used by lessopen.sh.
  Fix bsc#1190552.
libsolv
- fix misparsing of '&' in attributes with libxml2
- choice rules: treat orphaned packages as newest [bsc#1190465]
- fix compatibility with Python 3.10
- new SOLVER_EXCLUDEFROMWEAK job type
- support for environments in comps parser
- bump version to 0.7.20
- Disable python2 usage on suse_version >= 1550 by default (still
  possible to use osc build --with=python).
libstorage-ng
- prefer file system over empty MS-DOS partition table (bsc#1186823)
- 4.3.109
libyui
- Fixed crash in NCurses online update when retracted packages
  are present (bsc#1191130)
- 4.1.5
libzypp
- Disable logger in the child after fork (bsc#1192436)
- version 17.28.8 (22)
- Check log writer before accessing it (fixes #355, bsc#1192337)
- Save locks: Update an existing locks changed comment string.
- Allow uname-r format in purge kernels keepspec (fixes
  openSUSE/zypper#418)
- version 17.28.7 (22)
- Zypper should keep cached files if transaction is aborted
  (bsc#1190356)
  Singletrans mode currently does not keep files around if the
  transaction is aborted. This patch fixes the problem.
- Require a minimum number of mirrors for multicurl (bsc#1191609)
- Use procfs to detect nr of open fd's if rlimit is too high
  (bsc#1191324)
  Especially in a VM iterating over all possible fd's to close open
  ones right before a exec() slows down zypper unnecessarily. This
  patch uses /proc/self/fd to iterate over open fd's in case rlimit
  is above 1024.
- po: Fix some lost '%' signs in positional args (bsc#1191370)
- RepoManager: Don't probe for plaindir repo if URL schema is
  plugin: (bsc#1191286)
- version 17.28.6 (22)
- Downloader does not respect checkExistsOnly flag (bsc#1190712)
  A missing check causes zyppng::Downloader to always download full
  files even if the checkExistsOnly flag is set. This patch adds
  the missing logic.
- Fix kernel-*-livepatch removal in purge-kernels (bsc#1190815)
  The kernel-*-livepatch packages are supposed to serve as a stable
  handle for the ephemeral kernel livepatch packages. See
  FATE#320268 for details. As part of the kernel live patching
  ecosystem, kernel-*-livepatch packages should not block the
  purge-kernels step.
- version 17.28.5 (22)
- Make sure to keep states alives while transitioning
  (bsc#1190199)
- May set techpreview variables for testing in /etc/zypp/zypp.conf.
  If environment variables are unhandy one may enable the desired
  techpreview in zypp.conf as well:
    [main]
    techpreview.ZYPP_SINGLE_RPMTRANS=1
    techpreview.ZYPP_MEDIANETWORK=1
- version 17.28.4 (22)
- CMake/spec: Add option to force SINGLE_RPMTRANS as default for
  zypper (fixes #340)
- Make sure singleTrans is zypper-only for now.
- Do not double check signatures and keys (bsc#1190059)
- version 17.28.3 (22)
- Workaround Bug 1189788: Don't allow ZYPP_SINGLE_RPMTRANS=1 on a
  not UsrMerged Tumbleweed system.
- version 17.28.2 (22)
- Fix crashes in logging code when shutting down (bsc#1189031)
- version 17.28.1 (22)
- Rephrase vendor conflict message in case 2 packages are
  involved (bsc#1187760)
  This covers the case where not the packages itself would change
  its vendor, but replaces a package from a different vendor.
- Fix solver jobs for PTFs (bsc#1186503)
- spec: switch to pkgconfig(openssl)
- Show key fpr from signature when signature check fails
  (bsc#1187224)
  Rpm by default only shows the short key ID when checking the
  signature of a package fails. This patch reads the signatures
  from the RPM headers and replaces she short IDs with the key
  fingerprints fetched from the signatures.
- Implement alternative single transaction commit strategy.
  This patch adds a experimental commit strategy that runs all
  operations in a single rpm transaction, speeding up the execution
  a lot.
- Use ZYPP_MEDIANETWORK=1 to enable the experimental new media
  backend.
- Implement zchunk download, refactor Downloader backend.
- Fix purge-kernels fails with kernels from Kernel:HEAD
  (bsc#1187738)
  There recently was a change in the kernel package naming scheme
  in regards to rc kernels. Since kernel upstream uses characters
  in the version that are not allowed in rpm versions a "/-rc"/ was
  previously replaced with "/.rc"/ which broke sorting by version, to
  fix this issue it was replaced with "/~rc"/, which unfortunately
  broke the purge-kernels logic. This patch makes sure purge-kernel
  does apply the same conversion.
- version 17.28.0 (22)
log4j12
- Remove src/main/java/org/apache/log4j/net/JMSAppender.java from
  the build to mitigate CVE-2021-4104. [bsc#1193662]
lvm2
- vgextend crash when extending VG with missing PV (bsc#1191019)
  + bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
man-pages
- install kernel_lockdown.7 man page [bsc#1185534]
- added sources
  + kernel_lockdown.7
mozilla-nss
- Mozilla NSS 3.68.1
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
  nss-bsc1193170.patch
ncurses
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
  CVE-2021-39537: ncurses: heap-based buffer overflow in
  _nc_captoinfo in captoinfo.c
numactl
- Update to version 2.0.14.20.g4ee5e0c:
  * Fix system call numbers on s390x
  * numactl.c: fixed debug verify for --preferred option
  * numactl.c: Fixed description for the usage of numactl
- Update to version 2.0.14.17.g498385e:
  * numactl.c: fix use after free
  * sysfs.c: prevent mem leak in sysfs_node_read()
  * sysfs.c: don't leak fd if fail in sysfs_read()
  * shm.c: fix memleak in verify_shm()
  * shm.c: fix memleak in dump_shm()
  * fix description for numa_node_size64 in man as well
  * fix numa_node_size definition in manpage numa.3
  * link with -latomic if needed
  * libnuma: make numa_police_memory() free of race
  * numademo: Use first two nodes instead of node 0 and 1
- Enhance _service magic
- Enable automake
- update to 2.0.14 (SLE-17217):
open-iscsi
- Merged latest upstream. Mostly cleanup, but includes a fix for
  iscsi-init.service when trying to write to the root volume too
  early (bsc#1192568), as well as an upstream fix for possible
  deadlock when dealing with sysfs.
- Fix the usr-merge changes (bsc#1192013). This includes catching
  all the places that /sbin was still used directly, as well as
  making the SPEC file build using /usr/sbin for openSUSE but
  still use /sbin for SLE, for now.
- Fix possible systemd cycle by adding an "/obsoletes"/ for
  the old libopeniscsiusr for older versions.
- Update to latest from upstream, fixing:
  * Moving the executables from /sbin to /usr/sbin (bsc#1191054)
  * Remove default dependencies from iscsi-init.service
  (bsc#1187190)
- Updated to latest upstream 2.1.5 as 2.1.5-suse, which contains
  these changes not already present:
  * Handle IPv6 interfaces correctly. (bsc#1187958)
  * Handle qedi correctly in NPAR mode (bsc#1187958)
  * Update iscsiadm man page (bsc#1187958)
  * Update iface.example for ipv6
  * Change iscsi IP type from defines to enum.
  * Handle recv() returning 0 in iscsid_response()
- Merged latest upstream, which includes:
  * iscsid: set PR_SET_IO_FLUSHER (bsc#1188869)
openssh
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
  (bsc#1190975, CVE-2021-41617), backported from upstream by
  Ali Abdallah.
pam
- Corrected a bad directive file which resulted in
  the "/securetty"/ file to be installed as "/macros.pam"/.
  [pam.spec]
- Added tmpfiles for pam to set up directory for pam_faillock.
  [pam.conf]
- Corrected macros.pam entry for %_pam_moduledir
  Cleanup in pam.spec:
  * Replaced all references to ${_lib}/security in pam.spec by
  %{_pam_moduledir}
  * Removed definition of (unused) "/amdir"/.
- Added new file macros.pam on request of systemd.
  [bsc#1190052, macros.pam]
- Added pam_faillock to the set of modules.
  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
patterns-suse-manager
- Add prometheus-blackbox_exporter as recommended for the Proxy
- virtualization-host-formula was renamed to virtualization-formulas
pcre
- pcre 8.45 (the final release)
  * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
  * Small patch to pcreposix.c to set the erroroffset field to -1 immediately
  after a successful compile, instead of at the start of matching to avoid a
  sanitizer complaint (regexec is supposed to be thread safe).
  * Check the size of the number after (?C as it is read, in order to avoid
  integer overflow. (bsc#1172974, CVE-2020-14155)
  * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
  in pcretest.
- pcre 8.43
  * In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
  negative class with no characters less than 0x100 followed by a positive class
  with only characters less than 0x100, the first class was incorrectly being
  auto-possessified, causing incorrect match failures.
  * If the only branch in a conditional subpattern was anchored, the whole
  subpattern was treated as anchored, when it should not have been, since the
  assumed empty second branch cannot be anchored. Demonstrated by test patterns
  such as /(?(1)^())b/ or /(?(?=^))b/.
  * Fix subject buffer overread in JIT when UTF is disabled and X or R has
  a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
  (bsc#1172973 CVE-2019-20838)
  * If a pattern started with a subroutine call that had a quantifier with a
  minimum of zero, an incorrect "/match must start with this character"/ could be
  recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
  be the first character of a match.
- pcre 8.42
  * If a backreference with a minimum repeat count of zero was first in a
  pattern, apart from assertions, an incorrect first matching character could be
  recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
  as the first character of a match.
  * Fix out-of-bounds read for partial matching of /./ against an empty string
  when the newline type is CRLF.
  * When matching using the the REG_STARTEND feature of the POSIX API with a
  non-zero starting offset, unset capturing groups with lower numbers than a
  group that did capture something were not being correctly returned as "/unset"/
  (that is, with offset values of -1).
  * Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
  containing multi-code-unit characters caused bad behaviour and possibly a
  crash. This issue was fixed for other kinds of repeat in release 8.37 by change
  38, but repeating character classes were overlooked.
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#136
- report error if config file could not be updated (bsc#1188768)
- 0.936
- merge gh#openSUSE/perl-bootloader#135
- fix typo in update-bootloader
- 0.935
postfix
- config.postfix not updatet after lmdb switch
  (bsc#1190945)
  Adapt config.postfix
postgresql
- Bump version to 14, leave default at 13.
postgresql13
- bsc#1192516: Upgrade to 13.5:
  * Make the server reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23214).
  * Make libpq reject extraneous data after an SSL or GSS
    encryption handshake (CVE-2021-23222).
  * https://www.postgresql.org/docs/13/release-13-4.html
- Stop building the mini and lib packages as they are now coming
  from postgresql14.
- Let genlists skip non-existing binaries to avoid lots of version
  conditionals in the file lists.
- Remove postgresql-testsuite-int8.sql.patch, because its purpose
  is unclear. This affects only the test subpackage.
- bsc#1185952: fix build with llvm12 on s390x.
  0001-jit-Workaround-potential-datalayout-mismatch-on-s390.patch
- bsc#1179945: Re-enable icu for PostgreSQL 10.
- Upgrade to version 13.4:
  https://www.postgresql.org/docs/13/release-13-4.html
  * CVE-2021-3677 (boo#1189748)
    The planner could create an incorrect plan in cases where two
    ProjectionPaths were stacked on top of each other. The only
    known way to trigger that situation involves parallel sort
    operations, but there may be other instances. The result would
    be crashes or incorrect query results. Disclosure of server
    memory contents is also possible.
- bsc#1187751: Make the dependency of postgresqlXX-server-devel on
  llvm and clang optional (postgresql-llvm-optional.patch).
- bsc#1185952: llvm12 breaks PostgreSQL 11 and 12 on s390x.
  Use llvm11 as a workaround.
py26-compat-salt
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
py26-compat-tornado
- Added compatibility to Enterprise Linux 8
py27-compat-salt
- Remove wrong _parse_cpe_name from grains.core
- Fix file.find tracebacks with non utf8 file names (bsc#1190114)
- Added:
  * fix-file.find-tracebacks-with-non-utf8-file-names-bs.patch
  * remove-wrong-_parse_cpe_name-from-grains.core-454.patch
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Added Python2 build possibility for RHEL8
- Added:
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
  * 3000.3-do-not-consider-skipped-targets-as-failed-for.patch
  * fix-traceback.-_exc-calls-431.patch
- Fix the regression of docker_container state module
- Added:
  * fix-the-regression-brought-in-with-pr-402-422.patch
- Support querying for JSON data in external sql pillar
- Added:
  * 3000.3-postgresql-json-support-in-pillar-425.patch
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Added:
  * templates-move-the-globals-up-to-the-environment-jin.patch
python
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-Babel
- Add CVE-2021-42771-rel-path-traversal.patch fixing
  CVE-2021-42771 by cleaning locale identifiers before loading
  from file (bsc#1185768).
python-Pygments
- Add cve_2021_27291.patch (CVE-2021-27291, bsc#1184812)
  + fix several exponential/cubic complexity regexes
python-azure-mgmt-billing
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 1.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
python-azure-mgmt-cdn
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 5.2.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-mgmt-hdinsight
- Update in SLE-15 (bsc#1187880, bsc#1188178)
  + Version 2.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-mgmt-netapp
- Update in SLE-15 (bsc#1187880, bsc#1188178)
  + Version 0.14.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-mgmt-resource
- Update in SLE-15 (bsc#1187880, bsc#1188178)
  + Version 15.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
- New upstream release
python-azure-mgmt-synapse
- Update in SLE-15 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 0.5.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-base
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-pip
- Add CVE-2021-3572-split-unicode-separators.patch stopping the script
  from splitting references on Unicode separators (CVE-2021-3572,
  bsc#1186819).
python3
- The previous construct works only on the current Factory, not
  in SLE.
- BuildRequire rpm-build-python: The provider to inject python(abi)
  has been moved there. rpm-build pulls rpm-build-python
  automatically in when building anything against python3-base, but
  this implies that the initial build of python3-base does not
  trigger the automatic installation.
- Due to conflicting demands of bsc#1183858 and platforms where
  Python 3.6 is only in interpreter+pip set we have to make
  complicated ugly construct about Sphinx BR.
- Make python36 primary interpreter on SLE-15
- Make build working even on older SLEs.
- Update to 3.6.15:
  - bpo-43124: Made the internal putcmd function in smtplib
    sanitize input for presence of r and n characters to avoid
    (unlikely) command injection. Library
  - bpo-45001: Made email date parsing more robust against
    malformed input, namely a whitespace-only Date: header. Patch
    by Wouter Bolsterlee. Tests
  - bpo-38965: Fix test_faulthandler on GCC 10. Use the
    “volatile” keyword in faulthandler._stack_overflow() to
    prevent tail call optimization on any compiler, rather than
    relying on compiler specific pragma.
- Remove upstreamed patches:
  - faulthandler_stack_overflow_on_GCC10.patch
- test_faulthandler is still problematic under qemu linux-user emulation,
  disable it there
- Update to 3.6.14:
  * Security
  - bpo-44022 (bsc#1189241, CVE-2021-3737): mod:http.client now
    avoids infinitely reading potential HTTP headers after
    a 100 Continue status response from the server.
  - bpo-43882: The presence of newline or tab characters in parts
    of a URL could allow some forms of attacks.
    Following the controlling specification for URLs defined by
    WHATWG urllib.parse() now removes ASCII newlines and tabs
    from URLs, preventing such attacks.
  - bpo-42988 (CVE-2021-3426, bsc#1183374): Remove the getfile feature
    of the pydoc module which could be abused to read arbitrary files
    on the disk (directory traversal vulnerability). Moreover, even
    source code of Python modules can contain sensitive data like
    passwords. Vulnerability reported by David Schwörer.
  - bpo-43285: ftplib no longer trusts the IP address value
    returned from the server in response to the PASV command by
    default. This prevents a malicious FTP server from using the
    response to probe IPv4 address and port combinations on the
    client network.
    Code that requires the former vulnerable behavior may set a
    trust_server_pasv_ipv4_address attribute on their ftplib.FTP
    instances to True to re-enable it.
  - bpo-43075 (CVE-2021-3733, bsc#1189287): Fix Regular Expression
    Denial of Service (ReDoS) vulnerability in
    urllib.request.AbstractBasicAuthHandler. The ReDoS-vulnerable
    regex has quadratic worst-case complexity and it allows cause
    a denial of service when identifying crafted invalid RFCs. This
    ReDoS issue is on the client side and needs remote attackers to
    control the HTTP server.
- Upstreamed patches were removed:
  - CVE-2021-3426-inf-disclosure-pydoc-getfile.patch
- Refreshed patches:
  - python3-sorted_tar.patch
  - riscv64-ctypes.patch
- Use versioned python-Sphinx to avoid dependency on other
  version of Python (bsc#1183858).
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
- add 22198.patch to build with Sphinx 4
- Stop providing "/python"/ symbol (bsc#1185588), which means
  python2 currently.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
release-notes-sles
- 15.3.20211201 (tracked in bsc#933411)
- Added note about unprivileged eBPF (jsc#SLE-22593)
- 15.3.20211130 (tracked in bsc#933411)
- Added note about ping_group_range (bsc#1193054)
- Added note about KillMode=none (bsc#1183034)
- Added note about removal of NodeJS 10 (bsc#1191917)
- Updated note about Vagrant boxes (jsc#DOCTEAM-413)
- Updated note about PostgreSQL support (bsc#1183998)
- Updated note about AutoYaST compact mode (bsc#1191408)
- 15.3.20211025 (tracked in bsc#933411)
- Added note about NVMe-oF TCP support (bsc#1190394)
- Added note about manual pages (bsc#1188302)
- Added keepalived to support exceptions (bsc#1183906)
- Updated note about support information (bsc#1189989)
- Updated SELinux note to include warning (bsc#1186099)
rpm
- backport zstd detection fix [bsc#1187670]
  new patch: zstddetection.diff
- backport ndb rofs support [bsc#1188548]
  new patch: ndbrofs.diff
- backport pgp hardening changes from upstream [bsc#1185299]
  new patch: pgpharden.diff
- fix deadlock when multiple rpm processes try tp acquire the
  database lock [bsc#1183659]
  new patch: deadlock.diff
rpm-config-SUSE
- Add bsc1192160-rpm-config-SUSE-support-compressed-firmware-files.patch:
  Backported from e4c04ac, the upcoming kernel will support the
  compressed firmware files, and this patch corresponds to that kernel
  change, fixing firmware.prov to deal with the xz-compressed firmware
  files as well (bsc#1192160).
- Support ZSTD compressed kernel modules
  [bsc#1190850,
  bsc1190850-support-zstd-compressed-kernel-modules.patch]
rsync
- Fixed an error when using the external compression library
  where files larger that 1GB would not be transferred completely
  and failing with error:
  - deflate on token returned 0 (XXX bytes left)
  - rsync error: error in rsync protocol data stream (code 12)
  * Add rsync-fix-external-compression.patch [bsc#1190828]
- Fix a segmentation fault in iconv [bsc#1188258]
  * Add rsync-iconv-segfault.patch
ruby2
Add patches to fix the following CVE's:
  - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
    vulnerability in Net:IMAP (bsc#1188160)
  - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
    responses vulnerability in  Net:FTP (bsc#1188161)
  - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
    vulnerability in RDoc (bsc#1190375)
runc
- Update to runc v1.0.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.2
  * Fixed a failure to set CPU quota period in some cases on cgroup v1.
  * Fixed the inability to start a container with the "/adding seccomp filter
    rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
    that has action equal to the default one). Such redundant rules are now
    skipped.
  * Made release builds reproducible from now on.
  * Fixed a rare debug log race in runc init, which can result in occasional
    harmful "/failed to decode ..."/ errors from runc run or exec.
  * Fixed the check in cgroup v1 systemd manager if a container needs to be
    frozen before Set, and add a setting to skip such freeze unconditionally.
    The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.1
  * Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
    Azure volume.
  * Fixed "/unable to find groups ... token too long"/ error with /etc/group
    containing lines longer than 64K characters.
  * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
    frozen. This is a regression in 1.0.0, not affecting runc itself but some
    of libcontainer users (e.g Kubernetes).
  * cgroupv2: bpf: Ignore inaccessible existing programs in case of
    permission error when handling replacement of existing bpf cgroup
    programs. This fixes a regression in 1.0.0, where some SELinux
    policies would block runc from being able to run entirely.
  * cgroup/systemd/v2: don't freeze cgroup on Set.
  * cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
  with runc under openSUSE MicroOS's SELinux policy. boo#1187704
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0
  ! The usage of relative paths for mountpoints will now produce a warning
    (such configurations are outside of the spec, and in future runc will
    produce an error when given such configurations).
  * cgroupv2: devices: rework the filter generation to produce consistent
    results with cgroupv1, and always clobber any existing eBPF
    program(s) to fix runc update and avoid leaking eBPF programs
    (resulting in errors when managing containers).
  * cgroupv2: correctly convert "/number of IOs"/ statistics in a
    cgroupv1-compatible way.
  * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
  * cgroupv2: wait for freeze to finish before returning from the freezing
    code, optimize the method for checking whether a cgroup is frozen.
  * cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
  * cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
    cgroup manager (regression in rc94)
  + cgroupv2: support SkipDevices with systemd driver
  + cgroup/systemd: return, not ignore, stop unit error from Destroy
  + Make "/runc --version"/ output sane even when built with go get or
    otherwise outside of our build scripts.
  + cgroups: set SkipDevices during runc update (so we don't modify
    cgroups at all during runc update).
  + cgroup1: blkio: support BFQ weights.
  + cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
  This release of runc contains a fix for CVE-2021-30465, and users are
  strongly recommended to update (especially if you are providing
  semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
    syscalls unusable for glibc.
salt
- Use dnfnotify instead yumnotify for relevant distros
- Remove wrong _parse_cpe_name from grains.core
- dnfnotify pkgset plugin implementation
- Add rpm_vercmp python library support for version comparison
- Prevent pkg plugins errors on missing cookie path (bsc#1186738)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Make "/salt-api"/ package to require python3-cherrypy on RHEL systems
- tar is required by minion on transactional-update system
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Added:
  * mock-ip_addrs-in-utils-minions.py-unit-test-444.patch
  * remove-wrong-_parse_cpe_name-from-grains.core-452.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * 3002.2-do-not-consider-skipped-targets-as-failed-for.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * fix-traceback.-_exc-calls-429.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
  malicious code (bsc#1190265) (CVE-2021-21996)
- Added:
  * 3002.2-postgresql-json-support-in-pillar-424.patch
  * exclude-the-full-path-of-a-download-url-to-prevent-i.patch
samba
- Fix regression introduced by CVE-2020-25717 patches, winbindd
  does not start when 'allow trusted domains' is off; (bso#14899);
- CVE-2020-25717: samba: A user on the domain can become root on
  domain members; (bsc#1192284); (bso#14556).
- CVE-2020-25721: auth: Fill in the new HAS_SAM_NAME_AND_SID
  values; (bsc#1192505); (bso#14564).
- CVE-2020-25718: An RODC can issue (forge) administrator tickets
  to other servers; (bsc#1192246);(bso#14558).
- CVE-2020-25719: samba: AD DC Username based races when no PAC
  is given;(bsc#1192247);(bso#14561).
- CVE-2020-25722: samba: AD DC UPN vs samAccountName not checked
  (top-level bug for AD DC validation issues);(bsc#1192283);
  (bso#14564).
- CVE-2021-3738: samba: crash in dsdb stack;(bsc#1192215);
  (bso#14468).
- CVE-2021-23192: samba: dcerpc requests don't check all fragments
  against the first auth_state;(bsc#1192214);(bso#14875).
- CVE-2016-2124: don't fallback to non spnego authentication if we
  require kerberos; (bsc#1014440); (bso#12444).
- Update to 4.13.13
  * rodc_rwdc test flaps;(bso#14868).
  * Backport bronze bit fixes, tests, and selftest improvements;
    (bso#14881).
  * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY]
    'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba
    with embedded Heimdal;(bso#14642).
  * Python ldb.msg_diff() memory handling failure;(bso#14836).
  * "/in"/ operator on ldb.Message is case sensitive;(bso#14845).
  * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
  * Allow special chars like "/@"/ in samAccountName when generating
    the salt;(bso#14874).
  * Fix transit path validation;(bso#12998).
  * Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
  * rpcclient NetFileEnum and net rpc file both cause lock order
    violation: brlock.tdb, share_entries.tdb;(bso#14645).
  * Python ldb.msg_diff() memory handling failure;(bso#14836).
  * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).
- Update to 4.13.12
  * Address a signifcant performance regression in database access
    in the AD DC since Samba 4.12;(bso#14806).
  * Fix performance regression in lsa_LookupSids3/LookupNames4
    since Samba 4.9 by using an explicit database handle cache;
    (bso#14807).
  * An unuthenticated user can crash the AD DC KDC by omitting the
    server name in a TGS-REQ;(bso#14817).
  * Address flapping samba_tool_drs_showrepl test;(bso#14818).
  * Address flapping dsdb_schema_attributes test;(bso#14819).
  * An unuthenticated user can crash the AD DC KDC by omitting the
    server name in a TGS-REQ;(bso#14817).
  * Fix CTDB flag/status update race conditions(bso#14784).
- Update to 4.13.11
  * smbd: panic on force-close share during offload write;
    (bso#14769).
  * Fix returned attributes on fake quota file handle and avoid
    hitting the VFS;(bso#14731).
  * smbd: "/deadtime"/ parameter doesn't work anymore;(bso#14783).
  * net conf list crashes when run as normal user;(bso#14787).
  * Work around special SMB2 READ response behavior of NetApp Ontap
    7.3.7;(bso#14607).
  * Start the SMB encryption as soon as possible;(bso#14793).
  * Winbind should not start if the socket path for the privileged
    pipe is too long;(bso#14792).
- Fix 'net rpc' authentication when using the machine account;
  (bsc#1189017); (bso#14796);
- Fix dependency problem upgrading from libndr0 to libndr1;
  (bsc#1189875);
- Fix dependency problem upgrading from libsmbldap0 to libsmbldap2;
  (bsc#1189875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
  to replication delay; (bsc#1188727);
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18456).
- Update to 4.13.10
  * s3: smbd: Ensure POSIX default ACL is mapped into returned
    Windows ACL for directory handles; (bso#14708);
  * Take a copy to make sure we don't reference free'd memory; (bso#14721);
  * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
  * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
    change_file_owner_to_parent() error path; (bso#14736);
  * samba-tool: Give better error information when the
    'domain backup restore' fails with a duplicate SID; (bso#14575);
  * smbd: Correctly initialize close timestamp fields; (bso#14714);
  * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
  * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
  * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
  * smbXsrv_{open,session,tcon}: Protect
    smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752);
  * samba-tool domain backup offline doesn't work against bind DLZ
    backend; (bso#14027);
  * netcmd: Use next_free_rid() function to calculate a SID for
    restoring a backup; (bso#14669);
- Update to 4.13.9
  * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);
  * Add documentation for dsdb_group_audit and dsdb_group_json_audit
    to "/log level"/, synchronise "/log level"/ in smb.conf with the code; (bso#14689);
  * Fix smbd panic when two clients open same file; (bso#14672);
  * Fix memory leak in the RPC server; (bso#14675);
  * s3: smbd: Fix deferred renames; (bso#14679);
  * s3-iremotewinspool: Set the per-request memory context; (bso#14675);
  * rpc_server3: Fix a memleak for internal pipes; (bso#14675);
  * third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
  * third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
  * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
    conflict; (bso#14663);
  * Fix the build on OmniOS; (bso#14288);
- Update to 4.13.8
  * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571
- Update to 4.13.7
  * Release with dependency on ldb version 2.2.1.
spacecmd
- version 4.2.14-1
  * Update translation strings
- version 4.2.13-1
  * Update translation strings
  * configchannel_updatefile handles directory properly (bsc#1190512)
  * Add schedule_archivecompleted to mass archive actions (bsc#1181223)
  * Remove whoami from the list of unauthenticated commands (bsc#1188977)
spacewalk-admin
- version 4.2.9-1
  * Fix setup with rhn-config-satellite (bsc#1190300)
  * Allow admins to modify only spacewalk config files with
    rhn-config-satellite.pl (bsc#1190040) (CVE-2021-40348)
spacewalk-backend
- version 4.2.18-1
  * Reposync: replace architecture variables in mirror lists
  * Minor spec update.
  * Added RHN config parameter httpd_config_dir.
  * Avoid GPG errors messages in reposync caused by rpm not understanding signatures (bsc#1191538)
  * Improved the diskcheck script to return an exit value and to
    allow performing the check without sending notification
- version 4.2.17-1
  * Update translations strings
  * handle download of metadata filesnames with checksums (bsc#1188315)
  * Sanitize cached filename for custom SSL certs used by reposync (bsc#1190751)
spacewalk-certs-tools
- version 4.2.14-1
  * Make bootstrap script to use bash when called with a different
    interpreter (bsc#1191656)
  * set key format to PEM when generating key for traditional
    clients push ssh (bsc#1189643)
- version 4.2.13-1
  * add GPG keys using apt-key on debian machines (bsc#1187998)
spacewalk-client-tools
- version 4.2.15-1
  * Update translation strings
- version 4.2.14-1
  * Update translation strings
spacewalk-java
- version 4.2.31-1
  * Fix calling wrong XMLRPC bootstrap method (bsc#1192736)
  * Fix package update action with shared channels (bsc#1191313)
  * fix openscap scan with tailoring-file option (bsc#1192321)
  * switch to best repo auth item for contentsources (bsc#1191442)
  * Implement using re-activation keys when bootstrapping with the Web UI
    or XMLRPC API
  * update last boot time of SSH Minions after bootstrapping
    (bsc#1191899)
  * Add compressed flag to image pillars when kiwi image is compressed
    (bsc#1191702)
  * Use an 'allow' filter for the kernel packages with live patching
    filter templates (bsc#1191460)
  * Move pickedup actions to history as soon as they are pickedup
    (bsc#1191444)
  * fix issue with empty action chains getting deleted too early (bsc#1191377)
  * Set product name and version in the User-Agent header when connecting to SCC
  * On salt-ssh minions, enforce package list refresh after state apply
  * Run Prometheus JMX exporter as Java agent (bsc#1184617)
  * Fix internal server error on DuplicateSystemsCompare (bsc#1191643)
  * Hide link to CLM live patching template in system details for
    products that don't support live patching (bsc#1190866)
  * Execute the diskcheck script at login to validate the available space
  * trigger reboot needed message also when installhint is available
    on package level
  * add Content Lifecycle Management filter for package provides and
    use it in live patching filter template
  * Allow usage of jinja template in Salt config channels
  * Remove NullPointerException in rhn_web_ui.log when building an image (bsc#1185951)
  * mgr-sync refresh logs when a vendor channel is expired and shows how to remove it (bsc#1191222)
- version 4.2.30-1
  * Fix datetime format parsing with moment (bsc#1191348)
- version 4.2.29-1
  * Update translation strings
  * fix logging of the spark framework and map requests to media.1
    directory in the download controller (bsc#1189933)
  * Add 'Last build date' column to CLM project list (jsc#PM-2644)
    (jsc#SUMA-61)
  * Improve exception handling and logging for mgr-libmod calls
  * Add checksums to repository metadata filenames (bsc#1188315)
  * Fix ISE in product migration if base product is missing (bsc#1190151)
  * use TLSv1.3 if it is a supported Protocol
  * Adapt auto errata update to respect maintenance windows
  * Adapt auto errata update to skip during CLM build (bsc#1189609)
  * add CentOS 7/8 aarch64
  * add Oracle Linux 7/8 aarch64
  * add Rocky Linux 8 aarch64
  * add AlmaLinux 8 aarch64
  * add Amazon Linux 2 aarch64
  * Add new endpoints to saltkeys API: acceptedList, pendingList, rejectedList,
    deniedList, accept and reject
  * fix ISE in SSM when scheduling patches on multiple systems (bsc#1190396, bsc#1190275)
  * Add 'Flush cache' option to Ansible playbook execution
    (bsc#1190405)
  * Update kernel live patch version on minion startup (bsc#1190276)
  * Allow getting all completed actions via XMLRPC without display limit (bsc#1181223)
  * Support syncing patches with advisory status 'pending' (bsc#1190455)
  * Add XMLRPC API to force refreshing pillar data (bsc#1190123)
  * Add missing string on XCCDF scan results (bsc#1190164)
  * Ignore duplicates in 'pkg.installed' result when applying patches (bsc#1187572)
  * Improved timezone support
  * implement package locking for salt minions
- Readable error when "/mgr-sync add channel"/ is called with a non-existing label (bsc#1173143)
spacewalk-reports
- version 4.2.6-1
  * Improve performance of inventory report (bsc#1191495)
spacewalk-setup
- version 4.2.9-1
  * Increase "/max_event_size"/ value for the Salt master (bsc#1191340)
  * Leave Cobbler bootloader directory at the default (bsc#1187708)
  * Don't delete cobbler.conf contents.
  * Fixed FileNotFoundError on cobbler setup.
  * cobbler20-setup was removed
  * spacewalk-setup-cobbler was reimplemented in Python
  * Config files for Cobbler don't get edited in place anymore, thus the original
    ones are saved with a "/.backup"/ suffix
spacewalk-utils
- version 4.2.14-1
  * When renaming: don't regenerate CA, allow using third-party
    certificate and trigger pillar refresh (bsc#1190123)
spacewalk-web
- version 4.2.24-1
  * Implement using re-activation keys when bootstrapping with the Web UI
  * Disable the SPA engine for download links (bsc#1190964)
  * Fix CLM filter edit modal opening (bsc#1190867)
  * Display a warning in the login page if the available disk space
    on the server is running out
  * add Content Lifecycle Management filter for package provides
- version 4.2.23-1
  * Fix datetime format parsing with moment (bsc#1191348)
- version 4.2.22-1
  * Add 'Last build date' column to CLM project list (jsc#PM-2644)
    (jsc#SUMA-61)
  * Fix 'Type' input in CLM source edit form (bsc#1190820)
  * Add 'Flush cache' checkbox to Ansible playbook execution page
    (bsc#1190405)
  * Fix the VM creation and editing submit button action (bsc#1190602)
  * Improved timezone support
  * Enhance the default base channel help message (bsc#1171520)
subscription-matcher
- Version 0.27
  * update subscription rules for new SKUs (bsc#1189818)
supportutils-plugin-susemanager
- version 4.2.3-1
  * detect broken symlinks in tomcat, taskomatic and search daemon
suse-module-tools
- Update to version 15.3.15:
  * blacklist isst_if_mbox_msr (bsc#1187196)
- Update to version 15.3.14:
  * add commit which was missing by mistake:
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).
- Update to version 15.3.13:
  * fixup "/rpm-script: fix bad exit status in OpenQA (bsc#1191922)"/
- Update to version 15.3.12:
  * rpm-script: fix bad exit status in OpenQA (bsc#1191922)
  * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
- Update to version 15.3.11:
  * inkmp-script(postun): don't pass  existing files to weak-modules2
    (boo#1191200)
  * kernel-scriptlets: skip cert scriptlet on non-UEFI systems
    (boo#1191260)
- Update to version 15.3.10:
  * Import kernel scriptlets from kernel-source
    (bsc#1189841, bsc#1190598)
  * Provide "/suse-kernel-rpm-scriptlets"/
- Update to version 15.3.9:
  * fix problem that initrd may not be rebuilt after installing
    kernel-$flavor-extra (bsc#1189441)
susemanager
- version 4.2.26-1
  * Reorganize bootstrap SSL state
  * Add missing packages on SSL bootstrap of Debian-10 and SLES-15
  * Update translation strings
- version 4.2.25-1
  * Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap repository
    so bootstrapping without any enabled repositories is possible (bsc#1191898)
- version 4.2.24-1
  * Fix syntax error on migration script (bsc#1191551)
- version 4.2.23-1
  * Add aarch64 bootstrap repositories for CentOS 7/8, Oracle Linux 7/8,
    Rocky Linux8, AlmaLinux8, Amazon Linux 2 and openSUSE Leap 15.3
  * Add the gnupg package for ubuntu which is then needed by apt-key (bsc#1187998)
  * Add SLE 15 SAP Product ID to SLE15 bootstrap repositories, as
    it is required to get python3-M2Crypto (bsc#1189422)
susemanager-doc-indexes
- Support for reboot flags added to SLS State for Ubuntu, Debian
  and Red Hat Enterprise Linux 7 in Keeping Clients updated section
  of the Cookbook
- Fixed base channel label for Red Hat 8 products in the Client
  Configuration Guide
- In the Client Configuration Guide, move the information about requiring
  Python to the section covering WebUI registration procedures.
- Warn about building ARM images on aarch64 architecture in the
  Administration Guide
- Added DNS resolution for minions to the Troubleshooting section of
  the Client Configuration Guide
- Documented low on disc space warnings in the Managing Disk Space
  chapter in Administration Guide
- In the Installation Guide, fix slow downloads via proxy when huge
  files are requested (bsc#1185465)
- Reactivation key in the Web UI added to the Client Configuration Guide
- Updated the 'max_connections' section of the Salt Guide (bsc#1191267)
- In the ports section of the Installation Guide, mention "/tftpsync"/
  explicitly for port 443 (bsc#1190665)
- In server upgrade procedure in the Upgrade Guide add 'zypper ref' step
  to refresh repositories reliably.
- Update 'effective_cache_size' section of the Salt Guide (bsc#1191274)
- Documented new filter in the Content Lifecycle Management chapter of
  the Administration Guide
- Added aarch64 support for selection of clients in the Installation
  Guide and Client Configuration Guide
- Documented Amazon Web Services permissions for Virtual Host Manager
  in the Virtual Host Manager and Amazon Web Service chapters in the
  Client Configuration Guide
- Fixed unpublished patches note in the server update chapter of the
  Upgrade Guide
- Updated Proxy installation screenshots to reflect SUSE Manager 4.2
  version in the Installation Guide
- Updated migration instructions to help avoid migration from Proxy 4.0
  to 4.1 if 4.2 is already available to the Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
  commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
  of the Administration Guide
- Documented package lock as a supported feature for some Salt clients
  in the Client Configuration Guide.
susemanager-docs_en
- Support for reboot flags added to SLS State for Ubuntu, Debian
  and Red Hat Enterprise Linux 7 in Keeping Clients updated section
  of the Cookbook
- Fixed base channel label for Red Hat 8 products in the Client
  Configuration Guide
- In the Client Configuration Guide, move the information about requiring
  Python to the section covering WebUI registration procedures.
- Warn about building ARM images on aarch64 architecture in the
  Administration Guide
- Added DNS resolution for minions to the Troubleshooting section of
  the Client Configuration Guide
- Documented low on disc space warnings in the Managing Disk Space
  chapter in Administration Guide
- In the Installation Guide, fix slow downloads via proxy when huge
  files are requested (bsc#1185465)
- Reactivation key in the Web UI added to the Client Configuration Guide
- Updated the 'max_connections' section of the Salt Guide (bsc#1191267)
- In the ports section of the Installation Guide, mention "/tftpsync"/
  explicitly for port 443 (bsc#1190665)
- In server upgrade procedure in the Upgrade Guide add 'zypper ref' step
  to refresh repositories reliably.
- Update 'effective_cache_size' section of the Salt Guide (bsc#1191274)
- Documented new filter in the Content Lifecycle Management chapter of
  the Administration Guide
- Added aarch64 support for selection of clients in the Installation
  Guide and Client Configuration Guide
- Documented Amazon Web Services permissions for Virtual Host Manager
  in the Virtual Host Manager and Amazon Web Service chapters in the
  Client Configuration Guide
- Fixed unpublished patches note in the server update chapter of the
  Upgrade Guide
- Updated Proxy installation screenshots to reflect SUSE Manager 4.2
  version in the Installation Guide
- Updated migration instructions to help avoid migration from Proxy 4.0
  to 4.1 if 4.2 is already available to the Upgrade Guide
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
  commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
  of the Administration Guide
- Documented package lock as a supported feature for some Salt clients
  in the Client Configuration Guide.
susemanager-schema
- version 4.2.19-1
  * Add schema directory for susemanager-schema-4.2.18
- version 4.2.18-1
  * create unique index on package details action id (bsc#1190396, bsc#1190275)
  * Add 'flush_cache' flag to Ansible playbook execution action
    (bsc#1190405)
  * Support syncing patches with advisory status 'pending' (bsc#1190455)
  * allow Ansible Control Node entitlement for aarch64, ppc64le and
    s390x (bsc#1189799)
  * implement package locking for salt minions
susemanager-sls
- version 4.2.19-1
  * fix openscap scan with tailoring options (bsc#1192321)
  * Fix virt_utils module python 2.6 compatibility (bsc#1191123)
  * Implement using re-activation keys when bootstrapping
  * Add missing compressed_hash value from Kiwi inspect (bsc#1191702)
  * Don't create skeleton /srv/salt/top.sls
  * Run Prometheus JMX exporter as Java agent (bsc#1184617)
  * Replace FileNotFoundError by python2-compatible OSError (bsc#1191139)
- version 4.2.18-1
  * revert disable unaccessible local repos before bootstrapping (bsc#1186405)
- version 4.2.17-1
  * Fix cpuinfo grain and virt_utils state python2 compatibility
    (bsc#1191139, bsc#1191123)
  * deploy certificate on SLE Micro 5.1
  * Realign pkgset cookie path for Salt Bundle changes
  * Fix pkgset beacon to work with salt-minion 2016.11.10 (bsc#1189260)
  * Fix virt grain python2 compatibility
  * disable unaccessible local repos before bootstrapping (bsc#1186405)
  * Fix mgrcompat state module to work with Salt 3003 and 3004
  * Add 'flush_cache' flag to 'ansible.playbooks' call (bsc#1190405)
  * Update kernel live patch version on minion startup (bsc#1190276)
  * don't use libvirt API to get its version for the virt features grain
  * implement package locking for salt minions
susemanager-sync-data
- version 4.2.10-1
  * add SLES15 SP2 LTSS
  * use mirrorlist URLs for Alma Linux 8
- version 4.2.9-1
  * add CentOS 7/8 aarch64
  * add Oracle Linux 7/8 aarch64
  * add Rocky Linux 8 aarch64
  * add AlmaLinux 8 aarch64
  * add Amazon Linux 2 aarch64
system-users
- system-user-tss.conf: Remove group entry, not needed and did
  contain syntax errors (bsc#1190401).
systemd
- Fix IO scheduler udev rules
  * 60-io-scheduler.rules: don't use BFQ for real multiqueue devices
    (jsc#SLE-21032, bsc#1192161)
  * 60-io-scheduler.rules: use "/none"/ for multipath components
    (bsc#1192161)
- Import commit f2f061f1da064bfd47e2201967a854bb9281ca5b
  98e87fc3fd busctl: use usec granularity for the timestamp printed by the busctl monitor command (jsc#SLE-17798)
- Import commit 5d20af26eee6507bfa9fdb6e5dd4bfc187e3399e
  37e021ee84 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
  2aee16afd0 mountpoint-util: rebreak some comments
  962e487cb4 virt: Support detection for ARM64 Hyper-V guests (bsc#1186071)
  8545a66afd Use BIOS characteristics to distinguish EC2 bare-metal from VMs
  03311b59c3 machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
  0fc3118a67 id128-util: use common implementation of helper to get/validate product ID
  83bfa06ebc virt: detect Amazon EC2 Nitro instance (bsc#1190440)
  e8b8df3ed9 core: move several source files to src/shared
- Enable support for Portable Services (jsc#SLE-21694)
  Will be released in Leap only.
- Import commit 263f7076bc77475045193653a785bbdc0457b5c6
  239e0ce5e7 journalctl: never fail at flushing when the flushed flag is set (bsc#1188588)
  0db7e590e1 manager: reexecute on SIGRTMIN+25, user instances only
  ef8afc4545 core: Make sure cgroup_oom_queue is flushed on manager exit
  f794e01080 cgroup: do 'catchup' for unit cgroup inotify watch files
  54369b7660 manager: Fix HW watchdog when systemd starts before driver loaded (bsc#1189446)
  1d0524bd54 pid1: various minor watchdog modernizations
- Drop 1007-tmpfiles-follow-SUSE-policies.patch
  Since most of the tmpfiles config files shipped by upstream are
  ignored (see previous commit "/Drop most of the tmpfiles that deal
  with generic paths"/), this patch is no more relevant.
- Update 60-io-scheduler.rules (jsc#SLE-21032, bsc#1134353)
  * rules weren't applied to dm devices (multipath), fix it
    (bsc#1188713)
  * ignore obsolete "/elevator"/ kernel parameter (bsc#1184994)
    ("/elevator"/ did falsely overide settings even for blk-mq, fixed).
  * remove support for single-queue block IO which the kernel doesn't
    support any more.
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Import commit f5c33d9f82d3d782d28938df9ff09484360c540d (merge of v246.16)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d
- Avoid the error message when udev is updated due to udev being
  already active when the sockets are started again (bsc#1188291)
systemd-rpm-macros
- Bump version to 9
- Introduce %_systemd_util_dir
  It's a backport of upstream commit 3bc66bfa0136e370a8f7b06c3b69a52f5636ef82.
timezone
- timezone update 2021e (bsc#1177460):
  * Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
  * Fiji suspends DST for the 2021/2022 season
  * 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
  * Revert almost all of 2021b's changes to the 'backward' file
  * Fix a bug in 'zic -b fat' that caused old timestamps to be
    mishandled in 32-bit-only readers
- timezone update 2021b:
  * Jordan now starts DST on February's last Thursday.
  * Samoa no longer observes DST.
  * Move some backward-compatibility links to 'backward'.
  * Rename Pacific/Enderbury to Pacific/Kanton.
  * Correct many pre-1993 transitions in Malawi, Portugal, etc.
  * zic now creates each output file or link atomically.
  * zic -L no longer omits the POSIX TZ string in its output.
  * zic fixes for truncation and leap second table expiration.
  * zic now follows POSIX for TZ strings using all-year DST.
  * Fix some localtime crashes and bugs in obscure cases.
  * zdump -v now outputs more-useful boundary cases.
  * tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
tomcat
  * CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279)
  * CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1. clients (bsc#1188278)
- Added patches:
  * tomcat-9.0-CVE-2021-30640.patch
  * tomcat-9.0-CVE-2021-33037.patch
- Fixed CVEs:
  * CVE-2021-41079: Validate incoming TLS packet (bsc#1190558)
- Added patches:
  * tomcat-9.0-CVE-2021-41079.patch
- Fixed CVEs:
util-linux
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
  fix testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
util-linux-systemd
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
  fix testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
xen
- bsc#1192554 - VUL-0: CVE-2021-28706: xen: guests may exceed their
  designated memory limit (XSA-385)
  xsa385.patch
- bsc#1192557 - VUL-0: CVE-2021-28704,CVE-2021-28707,CVE-2021-28708:
  xen: PoD operations on misaligned GFNs (XSA-388)
  xsa388-1.patch
  xsa388-2.patch
- bsc#1192559 - VUL-0: CVE-2021-28705,CVE-2021-28709: xen: issues
  with partially successful P2M updates on x86 (XSA-389)
  xsa389.patch
- Upstream bug fixes (bsc#1027519)
  6138b7a1-x86-spec-ctrl-split-diagnostics-line.patch
  6138b7a2-x86-AMD-enum-speculative-hints.patch
  6138b7a3-x86-AMD-use-newer-SSBD.patch
  6139f1b1-x86-spec-ctrl-print-AMD-features.patch
  6148453b-VT-d-hidden-devices-unmap.patch
  6148455f-VT-d-PCI-segment-numbers-16-bits.patch
  61532102-PCI-bridge-with-subord-bus-0xFF.patch
- bsc#1191363 - VUL-0: CVE-2021-28702: xen: PCI devices with RMRRs
  not deassigned correctly (XSA-386)
  615c9fd0-VT-d-fix-deassign-of-device-with-RMRR.patch
- Update to Xen 4.14.3 bug fix release (bsc#1027519)
  xen-4.14.3-testing-src.tar.bz2
- Drop patches contained in new tarball
  608676f2-VT-d-register-based-invalidation-optional.patch
  60a27288-x86emul-gas-2-36-test-harness-build.patch
  60af933d-x86-gcc11-hypervisor-build.patch
  60afe616-x86-CPUID-rework-HLE-and-RTM-handling.patch
  60afe617-x86-TSX-minor-cleanup-and-improvements.patch
  60afe618-x86-TSX-deprecate-vpmu=rtm-abort.patch
  60be0e24-credit2-pick-runnable-unit.patch
  60be0e42-credit2-per-entity-load-tracking-when-continuing.patch
  60be3097-x86-CPUID-fix-HLE-and-RTM-handling-again.patch
  60bf9e19-Arm-create-dom0less-domUs-earlier.patch
  60bf9e1a-Arm-boot-modules-scrubbing.patch
  60bf9e1b-VT-d-size-qinval-queue-dynamically.patch
  60bf9e1c-AMD-IOMMU-size-command-buffer-dynamically.patch
  60bf9e1d-VT-d-eliminate-flush-related-timeouts.patch
  60bf9e1e-x86-spec-ctrl-protect-against-SCSB.patch
  60bf9e1f-x86-spec-ctrl-mitigate-TAA-after-S3.patch
  60bfa904-AMD-IOMMU-wait-for-command-slot.patch
  60bfa906-AMD-IOMMU-drop-command-completion-timeout.patch
  60c0bf86-x86-TSX-cope-with-deprecation.patch
  60c8a7ac-x86-vpt-fully-init-timers-before-enlisting.patch
  60c8de6e-osdep_xenforeignmemory_map-prototype.patch
  60d49689-VT-d-undo-device-mappings-upon-error.patch
  60d496b9-VT-d-adjust-domid-map-updating-on-unmap.patch
  60d496d6-VT-d-clear_fault_bits-should-clear-all.patch
  60d496ee-VT-d-dont-lose-errors-on-multi-IOMMU-flush.patch
  60d5c6df-IOMMU-PCI-dont-let-domain-cleanup-continue.patch
  61001231-x86-work-around-GNU-ld-2-37-issue.patch
  61122ac6-credit2-avoid-spuriously-picking-idle.patch
  611a7e38-x86-CET-shstk-WARN-manipulation.patch
  611cba4e-VT-d-Tylersburg-errata-more-steppings.patch
  611f844b-AMD-IOMMU-dont-leave-pt-mapped.patch
  6126339d-AMD-IOMMU-global-ER-extending.patch
  6126344f-AMD-IOMMU-unity-map-handling.patch
  61263464-IOMMU-pass-access-to-p2m_get_iommu_flags.patch
  6126347d-IOMMU-generalize-VT-d-mapped-RMRR-tracking.patch
  6126349a-AMD-IOMMU-rearrange-reassignment.patch
  612634ae-AMD-IOMMU-rearrange-ER-UM-recording.patch
  612634c3-x86-p2m-introduce-p2m_is_special.patch
  612634dc-x86-p2m-guard-identity-mappings.patch
  612634f4-x86-mm-widen-locked-region-in-xatp1.patch
  6126350a-gnttab-release-mappings-preemption.patch
  6126351f-gnttab-replace-mapkind.patch
  6126353d-gnttab-get-status-frames-array-capacity.patch
  61263553-Arm-restrict-maxmem-for-dom0less.patch
  6128a856-gnttab-radix-tree-node-init.patch
  xsa384.patch
xfsprogs
- xfsprogs-devel: add libhandle1 dependency following split
  (bsc#1191566)
- xfs_admin: support external log devices (bsc#1189984)
  * Add xfsprogs-xfs_admin-support-external-log-devices.patch
- xfs_quota: state command should report ugp grace times (bsc#1189983)
  * Add xfsprogs-xfs_quota-display-warning-limits-when-printing-quota.patch
  * Add xfsprogs-xfs_quota-state-command-should-report-ugp-grace-time.patch
- xfsprogs: Remove barrier/nobarrier mount options from xfs.5
  (bsc#1191675)
  * Add xfsprogs-man-Remove-barrier-nobarrier-mount-options-from.patch
- xfs_io: add label command (bsc#1191500)
  * Add xfsprogs-xfs_io-add-label-command.patch
- xfs_bmap: remove -c from manpage (bsc#1189552)
- xfs_bmap: don't reject -e (bsc#1189552)
  * Add xfsprogs-xfs_bmap-remove-c-from-manpage.patch
  * Add xfsprogs-xfs_bmap-don-t-reject-e.patch
- xfs_repair: check plausibility of root dir pointer before trashing it
  (bsc#1188651)
  * Add xfsprogs-xfs_repair-refactor-fixed-inode-location-checks.patch
  * Add xfsprogs-xfs_repair-check-plausibility-of-root-dir-pointer-be.patch
- xfsprogs: split libhandle1 into a separate package, since nothing
  within xfsprogs dynamically links against it. The shared library
  is still required by xfsdump as a runtime dependency.
- mkfs.xfs: fix ASSERT on too-small device with stripe geometry
  (bsc#1181536)
  * Add xfsprogs-mkfs.xfs-fix-ASSERT-on-too-small-device-with-stripe-.patch
- mkfs.xfs: if either sunit or swidth is nonzero, the other must be as
  well (bsc#1085917, bsc#1181535)
  * Add xfsprogs-mkfs.xfs-if-either-sunit-or-swidth-is-nonzero-the-ot.patch
- xfs_growfs: refactor geometry reporting (bsc#1181306)
  * Add xfsprogs-xfs_growfs-refactor-geometry-reporting.patch
- xfs_growfs: allow mounted device node as argument (bsc#1181299)
  * Add xfsprogs-libfrog-fs_table_lookup_mount-should-realpath-the-ar.patch
  * Add xfsprogs-xfs_fsr-refactor-mountpoint-finding-to-use-libfrog-p.patch
  * Add xfsprogs-xfs_growfs-allow-mounted-device-node-as-argument.patch
- xfs_repair: rebuild directory when non-root leafn blocks claim block 0
  (bsc#1181309)
  * Add xfsprogs-xfs_repair-rebuild-directory-when-non-root-leafn-blo.patch
xstream
- Upgrade to 1.4.18
  * Security fixes
    + This maintenance release addresses following security
    vulnerabilities, when unmarshalling with an XStream instance
    using the default blacklist of an uninitialized security
    framework. XStream is therefore now using a whitelist by
    default. (CVE-2021-39139, CVE-2021-39140, CVE-2021-39141,
    CVE-2021-39144, CVE-2021-39145, CVE-2021-39146,
    CVE-2021-39147, CVE-2021-39148, CVE-2021-39149,
    CVE-2021-39150, CVE-2021-39151, CVE-2021-39152,
    CVE-2021-39153, CVE-2021-39154, bsc#1189798)
  * Minor changes
    + Support serializable types with non-serializable parent with
    PureJavaReflectionConverter.
  * Stream compatibility
    + Starting with version 1.14.12 nine years ago, XStream contains
    a Security Framework to implement a black- or whitelist for
    the allowed types at deserialization time. Until version
    1.4.17, XStream kept a default blacklist in order to deny all
    types of the Java runtime, which are used for all kinds of
    security attacks, in order to guarantee optimal runtime
    compatibility for existing users. However, this approach has
    failed. The last months have shown, that the Java runtime
    alone contains dozens of types that can be used for an attack,
    not even looking at the 3rd party libraries on a classpath.
    The new version of XStream uses therefore now by default a
    whitelist, which is recommended since nine years. It also has
    been complaining on the console for a long time about an
    uninitialized security framework the first time it was run.
    Anyone who has followed the advice and initialized the
    security framework for their own scenario can easily update
    to the new version without any problem. Everyone else will
    have to do a proper initialization now, otherwise the new
    version will fail with certainty at deserialization time.
- Modified patch:
  * Revert-MXParser-changes.patch
    + rediff to changed context
yast2-add-on
- Auto client does not crash when trying to import from an
  empty add-on section (bsc#1189154).
- 4.3.9
yast2-country
- Use official China timezone Asia/Shanghai (bsc#1187857)
- 4.3.18
- Move the keyboards database to lib/ to make the module compatible
  with the self-update mechanism (bsc#1189461).
- 4.3.17
yast2-installation
- Filter the installation proposals (in the Installation Settings
  screen) according to the AutoYaST profile even before
  tab switching (related to bsc#1190294)
- 4.3.44
- Fix file copying when using relurl:// and file:// naming schemes
  (bsc#1191160).
- 4.3.43
- Display release notes during upgrade (bsc#1186044)
- 4.3.42
yast2-iscsi-client
- Add iscsi support for qedi/qede offload cards
  (bsc#1188139, bsc#1187958).
- 4.3.4
yast2-network
- Fixed interfaces table description for s390 Group devices
  (bsc#1192560).
- 4.3.81
- Replace calls to dropped method InterfacesTable#friendly_name
  (bsc#1192560).
- 4.3.80
- AutoYaST
  - When the interface section contains the "/device"/ (deprecated)
    and "/name"/ elements then use the "/device"/ as the "/name"/ and the
    "/name"/ as the "/description"/. (bsc#1192270)
  - Add the "/description"/ element to the interface section.
- 4.3.79
- Do not crash when checking if a virtual interface is connected
  (bsc#1192183, bsc#1192270).
- 4.3.78
- bnc#1185524, bsc#1187512
  - do not crash at the end of installation when storing wifi
    configuration for NetworkManager at the target
- 4.3.77
- Do not crash when the interfaces table contains a not configured
  one (bnc#1190645, bsc#1190915)
- Fix the shown description using the interface friendly name when
  it is empty (bsc#1190933)
- 4.3.76
- Consider aliases sections as case insensitive (bsc#1190739).
- 4.3.75
- bnc#1190645
  - display user defined device name in the devices overview
- 4.3.74
- Do not crash when the aliases defined in the AutoYaST profile
  are not defined as a map (bsc#1188344)
- 4.3.73
- Support 'boot' and 'on' as aliases for the 'auto' startmode
  (bsc#1186910)
- 4.3.72
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.3.71
- Use the linuxrc proxy settings for the HTTPS and FTP proxies
  (bsc#1185016)
- 4.3.70
yast2-packager
- Use consistent names for the Full medium repositories
  (bsc#1191652)
- 4.3.25
- When editing a repository display the repository alias as a
  fallback if the repository name is not set, do not display
  empty name (bsc#1184935)
- 4.3.24
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.3.23
yast2-python-bindings
- Fix backtrace formatting for Python exceptions (bsc#1181595).
- 4.2.0
yast2-registration
- Report properly that no product is selected in autoinstallation
  instead of nil crash (bsc#1188211)
- 4.3.25
- Fixed evaluating the update repositories (bsc#1188717),
  the SUSE Manager update repositories were not disabled
  when installing the system without updates
- 4.3.24
yast2-schema
- Add 'description' to the interfaces in the networking section
  (bsc#1192270).
- 4.3.27
- Add the "/keep_unknown_lv"/ element to the partitioning schema
  (bsc#1191968).
- 4.3.26
- Add the "/hostname"/ element to the rules schema (bsc#1190696).
- 4.3.25
- Add missing elements to rules.xml schema:
  - installed_product and installed_product_version (boo#1176089)
  - dialog section (bsc#1188153)
- 4.3.24
yast2-storage-ng
- Set the volume group extent size according to the AutoYaST
  profile (bsc#1192124).
- 4.3.57
- Fix (un)masking systemd units by using the systemctl --plain
  flag for getting an output without status glyphs (bsc#1191347).
- 4.3.56
- Recommend to install libyui-qt-graph package (bsc#1191109) in
  order to offer the View/Device Graphs menu option.
- 4.3.55
- Fix the Comment entry in the desktop file so the tooltip
  in the control center is properly translated (bsc#1187270).
- 4.3.54
zypper
- Fix compiler warning.
- zypper.conf: New option whether to collect subcommands found in
  $PATH (fixes #379)
  +[subcommand] i
  +
  +##  Whether to look for subcommands in $PATH
  +##
  +## If a subcommand is not found in the zypper_execdir, the wrapper
  +## will look in the rest of your $PATH for it. Thus, it's possible
  +## to write local zypper extensions that don't live in system space.
  +## See section SUBCOMMANDS in the zypper manpage.
  +##
  +## Valid values: boolean
  +## Default value: yes
  +##
  +# seachSubcommandInPath = yes.
- help subcommand: show path of command found in $PATH.
- version 1.14.50
- Avoid calling 'su' to detect a too restrictive sudo user umask
  (bsc#1186602)
- Fix typo in German translation (fixes #395)
- BuildRequires:  libzypp-devel >= 17.28.3.
- version 1.14.49
- Support new reports for singletrans rpm commit.
- BuildRequires:  libzypp-devel >= 17.27.1.
  For lock/query comments.
- Prompt: choose exact match if prompt options are not prefix
  free (bsc#1188156)
- Install summary: Show new and removed packages closer to the
  prompt (fixes #403)
  These packages are usually more interesting than the updated
  ones. In case of doubt less scrolling is needed to see them.
- Add need reboot/restart hint to XML install summary
  (bsc#1188435)
- Add comment option for lock command (fixes #388).
- version 1.14.48
- Quick fix obs:// platform guessing for Leap (bsc#1187425)
- man: point out more clearly that patches update affected
  packages to the latest version (bsc#1187466)
- version 1.14.47