NetworkManager
- Add 0001-rdisc-fix-parsing-ndp_msg_opt_dnssl_lifetime-from-IP.patch:
  rdisc: fix parsing ndp_msg_opt_dnssl_lifetime() from IPv6 RA
  (bsc#1195222).
- Add 0001-ndisc-don-t-artificially-extend-the-lifetime-of-DNSS.patch:
  ndisc: don't artificially extend the lifetime of DNSSL/RDNSS
  options (bsc#1195222).
- Add NetworkManager-RFC8106.patch: Backport upstream fixes to
  implement RFC 8106(glfo#NetworkManager/NetworkManager#874,
  bsc#1195173).
autofs
- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
  Fix problem with quote handling
  (bsc#1181715)
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
  Fix locking problem that causes deadlock when sss used.
  (bsc#1196485)
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
  Suppress portmap calls when port explicitly given
  (bsc#1195697)
autoyast2
- Properly handle the "/dopackages"/ option in the openFile
  method of the AyastSetup module (bsc#1196566).
- 4.3.100
- Avoid login while running AutoYaST init-scripts (bsc#1196594 and
  related to bsc#1195059).
- 4.3.99
- add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910)
- 4.3.98
- Modified init-scripts service dependencies fixing a root login
  systemd timeout when installing with ssh (bsc#1195059)
- 4.3.97
binutils
- Add binutils-add-z16-name.diff so that the now official name
  z16 for arch14 is recognized.  [bsc#1198237]
cifs-utils
- CVE-2022-27239: mount.cifs: fix length check for ip option
  parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
  * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
cloud-init
- Update to version 21.4 (bsc#1192343, jsc#PM-3181)
  + Also include VMWare functionality for (jsc#PM-3175)
  + Remove patches included upstream:
  - cloud-init-purge-cache-py-ver-change.patch
  - cloud-init-update-test-characters-in-substitution-unit-test.patch
  + Forward port:
  - cloud-init-write-routes.patch
  - cloud-init-no-tempnet-oci.patch
  + Add cloud-init-vmware-test.patch
  - Test is system dependend, not properly mocked
  + Azure: fallback nic needs to be reevaluated during reprovisioning
    (#1094) [Anh Vo]
  + azure: pps imds (#1093) [Anh Vo]
  + testing: Remove calls to 'install_new_cloud_init' (#1092)
  + Add LXD datasource (#1040)
  + Fix unhandled apt_configure case. (#1065) [Brett Holman]
  + Allow libexec for hotplug (#1088)
  + Add necessary mocks to test_ovf unit tests (#1087)
  + Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336)
  + distros: Remove a completed "/TODO"/ comment (#1086)
  + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083)
    [dermotbradley]
  + Add "/install hotplug"/ module (SC-476) (#1069) (LP: #1946003)
  + hosts.alpine.tmpl: rearrange the order of short and long hostnames
    (#1084) [dermotbradley]
  + Add max version to docutils
  + cloudinit/dmi.py: Change warning to debug to prevent console display
    (#1082) [dermotbradley]
  + remove unnecessary EOF string in
    disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele
    Giuseppe Esposito]
  + Add module 'write-files-deferred' executed in stage 'final' (#916)
    [Lucendio]
  + Bump pycloudlib to fix CI (#1080)
  + Remove pin in dependencies for jsonschema (#1078)
  + Add "/Google"/ as possible system-product-name (#1077) [vteratipally]
  + Update Debian security suite for bullseye (#1076) [Johann Queuniet]
  + Leave the details of service management to the distro (#1074)
    [Andy Fiddaman]
  + Fix typos in setup.py (#1059) [Christian Clauss]
  + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644)
  + cc_ssh.py: fix private key group owner and permissions (#1070)
    [Emanuele Giuseppe Esposito]
  + VMware: read network-config from ISO (#1066) [Thomas Weißschuh]
  + testing: mock sleep in gce unit tests (#1072)
  + CloudStack: fix data-server DNS resolution (#1004)
    [Olivier Lemasle] (LP: #1942232)
  + Fix unit test broken by pyyaml upgrade (#1071)
  + testing: add get_cloud function (SC-461) (#1038)
  + Inhibit sshd-keygen@.service if cloud-init is active (#1028)
    [Ryan Harper]
  + VMWARE: search the deployPkg plugin in multiarch dir (#1061)
    [xiaofengw-vmware] (LP: #1944946)
  + Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493)
  + Use specified tmp location for growpart (#1046) [jshen28]
  + .gitignore: ignore tags file for ctags users (#1057) [Brett Holman]
  + Allow comments in runcmd and report failed commands correctly (#1049)
    [Brett Holman] (LP: #1853146)
  + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050)
    [Paride Legovini]
  + Allow disabling of network activation (SC-307) (#1048) (LP: #1938299)
  + renderer: convert relative imports to absolute (#1052) [Paride Legovini]
  + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045)
    [Vlastimil Holer]
  + integration-requirements: bump the pycloudlib commit (#1047)
    [Paride Legovini]
  + Allow Vultr to set MTU and use as-is configs (#1037) [eb3095]
  + pin jsonschema in requirements.txt (#1043)
  + testing: remove cloud_tests (#1020)
  + Add andgein as contributor (#1042) [Andrew Gein]
  + Make wording for module frequency consistent (#1039) [Nicolas Bock]
  + Use ascii code for growpart (#1036) [jshen28]
  + Add jshen28 as contributor (#1035) [jshen28]
  + Skip test_cache_purged_on_version_change on Azure (#1033)
  + Remove invalid ssh_import_id from examples (#1031)
  + Cleanup Vultr support (#987) [eb3095]
  + docs: update cc_disk_setup for fs to raw disk (#1017)
  + HACKING.rst: change contact info to James Falcon (#1030)
  + tox: bump the pinned flake8 and pylint version (#1029)
    [Paride Legovini] (LP: #1944414)
  + Add retries to DataSourceGCE.py when connecting to GCE (#1005)
    [vteratipally]
  + Set Azure to apply networking config every BOOT (#1023)
  + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603)
  + docs: fix typo and include sudo for report bugs commands (#1022)
    [Renan Rodrigo] (LP: #1940236)
  + VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun]
  + Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798)
  + Integration test upgrades for the 21.3-1 SRU (#1001)
  + Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans]
  + Improve ug_util.py (#1013) [Shreenidhi Shedi]
  + Support openEuler OS (#1012) [zhuzaifangxuele]
  + ssh_utils.py: ignore when sshd_config options are not key/value pairs
    (#1007) [Emanuele Giuseppe Esposito]
  + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006)
  + cc_update_etc_hosts: Use the distribution-defined path for the hosts
    file (#983) [Andy Fiddaman]
  + Add CloudLinux OS support (#1003) [Alexandr Kravchenko]
  + puppet config: add the start_agent option (#1002) [Andrew Bogott]
  + Fix `make style-check` errors (#1000) [Shreenidhi Shedi]
  + Make cloud-id copyright year (#991) [Andrii Podanenko]
  + Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi]
  + Update ds-identify to pass shellcheck (#979) [Andrew Kutz]
  + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998)
    [aswinrajamannar]
  + testing: Fix ssh keys integration test (#992)
- From 21.3
  + Azure: During primary nic detection, check interface status continuously
    before rebinding again (#990) [aswinrajamannar]
  + Fix home permissions modified by ssh module (SC-338) (#984)
    (LP: #1940233)
  + Add integration test for sensitive jinja substitution (#986)
  + Ignore hotplug socket when collecting logs (#985) (LP: #1940235)
  + testing: Add missing mocks to test_vmware.py (#982)
  + add Zadara Edge Cloud Platform to the supported clouds list (#963)
    [sarahwzadara]
  + testing: skip upgrade tests on LXD VMs (#980)
  + Only invoke hotplug socket when functionality is enabled (#952)
  + Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz]
  + cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi]
  + Replace broken httpretty tests with mock (SC-324) (#973)
  + Azure: Check if interface is up after sleep when trying to bring it up
    (#972) [aswinrajamannar]
  + Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi]
  + Azure: Logging the detected interfaces (#968) [Moustafa Moustafa]
  + Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz]
  + Azure: Limit polling network metadata on connection errors (#961)
    [aswinrajamannar]
  + Update inconsistent indentation (#962) [Andrew Kutz]
  + cc_puppet: support AIO installations and more (#960) [Gabriel Nagy]
  + Add Puppet contributors to CLA signers (#964) [Noah Fontes]
  + Datasource for VMware (#953) [Andrew Kutz]
  + photon: refactor hostname handling and add networkd activator (#958)
    [sshedi]
  + Stop copying ssh system keys and check folder permissions (#956)
    [Emanuele Giuseppe Esposito]
  + testing: port remaining cloud tests to integration testing framework
    (SC-191) (#955)
  + generate contents for ovf-env.xml when provisioning via IMDS (#959)
    [Anh Vo]
  + Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski]
  + Implementing device_aliases as described in docs (#945)
    [Mal Graty] (LP: #1867532)
  + testing: fix test_ssh_import_id.py (#954)
  + Add ability to manage fallback network config on PhotonOS (#941) [sshedi]
  + Add VZLinux support (#951) [eb3095]
  + VMware: add network-config support in ovf-env.xml (#947) [PengpengSun]
  + Update pylint to v2.9.3 and fix the new issues it spots (#946)
    [Paride Legovini]
  + Azure: mount default provisioning iso before try device listing (#870)
    [Anh Vo]
  + Document known hotplug limitations (#950)
  + Initial hotplug support (#936)
  + Fix MIME policy failure on python version upgrade (#934)
  + run-container: fixup the centos repos baseurls when using http_proxy
    (#944) [Paride Legovini]
  + tools: add support for building rpms on rocky linux (#940)
  + ssh-util: allow cloudinit to merge all ssh keys into a custom user
    file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito]
    (LP: #1911680)
  + VMware: new "/allow_raw_data"/ switch (#939) [xiaofengw-vmware]
  + bump pycloudlib version (#935)
  + add renanrodrigo as a contributor (#938) [Renan Rodrigo]
  + testing: simplify test_upgrade.py (#932)
  + freebsd/net_v1 format: read MTU from root (#930) [Gonéri Le Bouder]
  + Add new network activators to bring up interfaces (#919)
  + Detect a Python version change and clear the cache (#857)
    [Robert Schweikert]
  + cloud_tests: fix the Impish release name (#931) [Paride Legovini]
  + Removed distro specific network code from Photon (#929) [sshedi]
  + Add support for VMware PhotonOS (#909) [sshedi]
  + cloud_tests: add impish release definition (#927) [Paride Legovini]
  + docs: fix stale links rename master branch to main (#926)
  + Fix DNS in NetworkState (SC-133) (#923)
  + tests: Add 'adhoc' mark for integration tests (#925)
  + Fix the spelling of "/DigitalOcean"/ (#924) [Mark Mercado]
  + Small Doc Update for ReportEventStack and Test (#920) [Mike Russell]
  + Replace deprecated collections.Iterable with abc replacement (#922)
    (LP: #1932048)
  + testing: OCI availability domain is now required (SC-59) (#910)
  + add DragonFlyBSD support (#904) [Gonéri Le Bouder]
  + Use instance-data-sensitive.json in jinja templates (SC-117) (#917)
    (LP: #1931392)
  + doc: Update NoCloud docs stating required files (#918) (LP: #1931577)
  + build-on-netbsd: don't pin a specific py3 version (#913)
    [Gonéri Le Bouder]
  + Create the log file with 640 permissions (#858) [Robert Schweikert]
  + Allow braces to appear in dhclient output (#911) [eb3095]
  + Docs: Replace all freenode references with libera (#912)
  + openbsd/net: flush the route table on net restart (#908)
    [Gonéri Le Bouder]
  + Add Rocky Linux support to cloud-init (#906) [Louis Abel]
  + Add "/esposem"/ as contributor (#907) [Emanuele Giuseppe Esposito]
  + Add integration test for #868 (#901)
  + Added support for importing keys via primary/security mirror clauses
    (#882) [Paul Goins] (LP: #1925395)
  + [examples] config-user-groups expire in the future (#902)
    [Geert Stappers]
  + BSD: static network, set the mtu (#894) [Gonéri Le Bouder]
  + Add integration test for lp-1920939 (#891)
  + Fix unit tests breaking from new httpretty version (#903)
  + Allow user control over update events (#834)
  + Update test characters in substitution unit test (#893)
  + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886)
    [dermotbradley]
  + Add AlmaLinux OS support (#872) [Andrew Lukoshko]
  + Still need to consider the "/network"/ configuration option
cloud-regionsrv-client
- Update to version 10.0.3 (bsc#1198389)
  - Descend into the extension tree even if top level module is recommended
  - Cache license state for AHB support to detect type switch
  - Properly clean suse.com credentials when switching from SCC to update
    infrastructure
  - New log message to indicate base product registration success
dracut
- Update to version 049.1+suse.234.g902e489c:
  * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
- Update to version 049.1+suse.232.g2ccee559:
  * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
  * fix(dracut-functions.sh): ip route parsing (bsc#1195011)
e2fsprogs
- libss-add-newer-libreadline.so.7-to-dlopen-path.patch: libss: Add support
  for libreadline.so.7 for Leap 15.3 (bsc#1196939)
firewalld
- Provide dummy firewalld-prometheus-config package (bsc#1197042)
gcc11
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
  packages provided by older GCC work.  Add a requires from that
  package to the corresponding libstc++6 package to keep those
  at the same version.  [bsc#1196107]
- Add gcc11-D-dependence-fix.patch to fix memory corruption when
  creating dependences with the D language frontend.
- Sync cross.spec.in to avoid trying to build cross-aarch64-gcc1-bootstrap
  on aarch64 which is unresolvable.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
  to Recommends.
glib2
- Add glib2-CVE-2021-28153.patch: fix CREATE_REPLACE_DESTINATION
  with symlinks (boo#1183533 glgo#GNOME/glib#2325 CVE-2021-28153).
grub2
- Fix grub-install error when efi system partition is created as mdadm software
  raid1 device (bsc#1179981) (bsc#1195204)
  * 0001-install-fix-software-raid1-on-esp.patch
- Fix error in grub-install when linux root device is on lvm thin volume
  (bsc#1192622) (bsc#1191974)
  * 0001-grub-install-bailout-root-device-probing.patch
gzip
- Add support to zstd in zgrep, fixes bsc#1198922
  * xz_lzma.patch -> xz_lzma_zstd.patch
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
  * bsc1198062.patch
  * bsc1198062-2.patch
hwdata
- Update to version 0.357 (bsc#1196332):
  + Updated pci, usb and vendor ids.
- Update to version 0.356:
  + Updated pci, usb and vendor ids.
kdump
- Update kdump-add-watchdog-modules.patch
  Fix return code when no watchdog sysfs entry is found (bsc#1197069)
- kdump-add-watchdog-modules.patch
  Add watchdog modules to kdump initrd (bsc#1189923)
kernel-default
- drm: drm_file struct kABI compatibility workaround
  (bsc#1197914).
- commit 7d8a3b5
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
  (bsc#1197914).
- drm: add a locked version of drm_is_current_master
  (bsc#1197914).
- commit 05fda16
- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460)
- commit 8d52c36
- Reinstate some of "/swiotlb: rework "/fix info leak with
  DMA_FROM_DEVICE"/"/ (CVE-2022-0854 bsc#1196823).
- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854
  bsc#1196823).
- commit ff554b5
- blacklist.conf: list unneeded commit
- commit 27adcc4
- NFSv4/pNFS: Fix another issue with a list iterator pointing
  to the head (git-fixes).
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
  (git-fixes).
- NFS: Return valid errors from nfs2/3_decode_dirent()
  (git-fixes).
- NFS: Use of mapping_set_error() results in spurious errors
  (git-fixes).
- commit 0460a48
- netfilter: nf_tables: initialize registers in nft_do_chain()
  (CVE-2022-1016 bsc#1197227).
- commit 7111961
- Delete
  patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
  This was the original work-in-progress patch for CVE-2022-0435 /
  bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266
  ("/tipc: improve size validations for received domain records"/) was added as
  patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but
  this patch was left in place. As it adds the check a bit later than
  upstream fix, it did not cause a conflict so nobody noticed the duplicity.
- commit ef08708
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit 2237578
- net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028).
- commit 49e69cc
- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027).
- ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205
  bsc#1198027).
- ax25: Fix NULL pointer dereferences in ax25 timers
  (CVE-2022-1205 bsc#1198027).
- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205
  bsc#1198027).
- ax25: fix UAF bugs of net_device caused by rebinding operation
  (CVE-2022-1205 bsc#1198027).
- ax25: fix reference count leaks of ax25_dev (CVE-2022-1205
  bsc#1198027).
- commit cfa1c37
- Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028)
- commit 1b5a483
- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199
  bsc#1198028).
- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199
  bsc#1198028).
- commit f30e94a
- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
  (CVE-2022-1198 bsc#1198030).
- commit 6da2b7d
- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195
  bsc#1198029).
- commit fcd70e2
- hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195
  bsc#1198029).
- hamradio: defer 6pack kfree after unregister_netdev
  (CVE-2022-1195 bsc#1198029).
- hamradio: defer ax25 kfree after unregister_netdev
  (CVE-2022-1195 bsc#1198029).
- net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195
  bsc#1198029).
- commit d30e348
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
  in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28390 bsc#1198031).
- commit d6e6523
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time
  (bsc#1180153).
- commit 96da58a
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit bd0a18b
- KVM: SVM: Don't flush cache if hardware enforces cache coherency
  across encryption domains (bsc#1178134).
- commit 706a179
- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
- commit e2095ad
- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
- powerpc/perf: Don't use perf_hw_context for trace IMC PMU
  (bsc#1156395).
- commit 130da3b
- mm/page_alloc.c: do not warn allocation failure on zone DMA
  if no managed pages (bsc#1197501).
- dma/pool: create dma atomic pool only if dma zone has managed
  pages (bsc#1197501).
- mm_zone: add function to check if managed dma zone exists
  (bsc#1197501).
- commit c0f79a1
- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
  (git-fixes).
- wireguard: socket: free skb in send6 when ipv6 is disabled
  (git-fixes).
- wireguard: queueing: use CFI-safe ptr_ring cleanup function
  (git-fixes).
- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
  (git-fixes).
- commit 972eb7f
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
  (bsc#1197675).
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity
  error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
  (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
  (bsc#1197675 bsc#1196478).
- commit 6fc0429
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
  (git-fixes).
- can: mcba_usb: properly check endpoint type (git-fixes).
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
  in error path (git-fixes).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
  in error path (git-fixes).
- pwm: lpc18xx-sct: Initialize driver data and hardware before
  pwmchip_add() (git-fixes).
- remoteproc: qcom_wcnss: Add missing of_node_put() in
  wcnss_alloc_memory_region (git-fixes).
- remoteproc: qcom: Fix missing of_node_put in
  adsp_alloc_memory_region (git-fixes).
- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
- clk: qcom: clk-rcg2: Update the frac table for pixel clock
  (git-fixes).
- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
  (git-fixes).
- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
- clk: uniphier: Fix fixed-rate initialization (git-fixes).
- clk: Initialize orphan req_rate (git-fixes).
- clk: bcm2835: Remove unused variable (git-fixes).
- clk: tegra: tegra124-emc: Fix missing put_device() call in
  emc_ensure_emc_driver (git-fixes).
- clk: clps711x: Terminate clk_div_table with sentinel element
  (git-fixes).
- clk: loongson1: Terminate clk_div_table with sentinel element
  (git-fixes).
- clk: actions: Terminate clk_div_table with sentinel element
  (git-fixes).
- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
- clk: nxp: Remove unused variable (git-fixes).
- commit 01f6f64
- printk: disable optimistic spin during panic (bsc#1197894).
- commit 0716386
- printk: Add panic_in_progress helper (bsc#1197894).
- commit f29520c
- blacklist.conf: printk: cosmetic problem
- commit eabafef
- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
- commit dcd324e
- btrfs: Remove unnecessary check from join_running_log_trans
  (bsc#1194649).
- commit dc4697b
- btrfs: do not commit delayed inode when logging a file in full
  sync mode (bsc#1194649).
- btrfs: do not log new dentries when logging that a new name
  exists (bsc#1194649).
- commit b03bb01
- Revert "/module, async: async_synchronize_full() on module init
  iff async is used"/ (bsc#1197888).
- commit 2252be2
- btrfs: avoid unnecessary lock and leaf splits when updating
  inode in the log (bsc#1194649).
- btrfs: remove unnecessary list head initialization when syncing
  log (bsc#1194649).
- btrfs: avoid unnecessary log mutex contention when syncing log
  (bsc#1194649).
- commit c49b58c
- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
  (bsc#1194649).
- commit bcb58d4
- btrfs: check error value from btrfs_update_inode in tree log
  (bsc#1194649).
- btrfs: fixup error handling in fixup_inode_link_counts
  (bsc#1194649).
- commit 215b0a5
- btrfs: remove unnecessary directory inode item update when
  deleting dir entry (bsc#1194649).
- commit ebbb134
- x86/mm/pat: Don't flush cache if hardware enforces cache
  coherency across encryption domnains (bsc#1178134).
- commit ed78280
- btrfs: fix race leading to unnecessary transaction commit when
  logging inode (bsc#1194649).
- btrfs: fix race that makes inode logging fallback to transaction
  commit (bsc#1194649).
- btrfs: fix race that causes unnecessary logging of ancestor
  inodes (bsc#1194649).
- btrfs: fix race that results in logging old extents during a
  fast fsync (bsc#1194649).
- commit 54994e0
- scsi: lpfc: Copyright updates for 14.2.0.0 patches
  (bsc#1197675).
- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths
  (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR
  paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
  (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor base ELS paths and the
  FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe
  (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor fast and slow paths to
  native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
  (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt()
  (bsc#1197675).
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call
  (bsc#1197675).
- scsi: lpfc: Reduce log messages seen after firmware download
  (bsc#1197675).
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
  (bsc#1197675).
- commit e642242
- btrfs: check if a log tree exists at inode_logged()
  (bsc#1194649).
- commit 1fd0acd
- btrfs: remove no longer needed full sync flag check at
  inode_logged() (bsc#1194649).
- btrfs: eliminate some false positives when checking if inode
  was logged (bsc#1194649).
- commit df30719
- btrfs: skip unnecessary searches for xattrs when logging an
  inode (bsc#1194649).
- commit e2ffdf0
- btrfs: check if a log root exists before locking the log_mutex
  on unlink (bsc#1194649).
- Refresh
  patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch.
- commit 2097b4a
- ext2: correct max file size computing (bsc#1197820).
- commit f1d2053
- block/wbt: fix negative inflight counter when remove scsi device
  (bsc#1197819).
- commit 6f18f30
- block: update io_ticks when io hang (bsc#1197817).
- commit 4ee5ce6
- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815).
- commit 0c58e0d
- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
- commit 18f264d
- ecryptfs: Fix typo in message (bsc#1197811).
- commit 9a64b6f
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit 2d63590
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
- commit db7647d
- bpf: Remove config check to enable bpf support for branch
  records (git-fixes bsc#1177028).
- commit 5fff22c
- net: sched: fix use-after-free in tc_new_tfilter()
  (CVE-2022-1055 bsc#1197702).
- commit 4c7dc78
- blacklist.conf: kABI
- commit 79d1df3
- blacklist.conf: cleanup, not a bugfix
- commit 3a5b1ab
- blacklist.conf: cleanup, not a bugfix
- commit a1c1b85
- Revert "/usb: dwc3: gadget: Use list_replace_init() before
  traversing lists"/ (git-fixes).
- commit 978c488
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues
  (bsc#1197661).
- scsi: qla2xxx: Use correct feature type field during RFF_ID
  processing (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery
  (bsc#1197661).
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix crash during module load unload test
  (bsc#1197661).
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
  (bsc#1197661).
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload
  test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management
  failure (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state
  (bsc#1197661).
- scsi: qla2xxx: Use named initializers for port_state_str
  (bsc#1197661).
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- commit d7f7c48
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
  (bsc#1065729).
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
  (bsc#1065729).
- commit 14ca561
- usb: bdc: Fix a resource leak in the error handling path of
  'bdc_probe()' (git-fixes).
- commit b8afee8
- usb: bdc: remove duplicated error message (git-fixes).
- commit 3971aef
- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
- commit 0a2966f
- usb: bdc: Use devm_clk_get_optional() (git-fixes).
- commit f4c7fea
- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
- commit 3293f5c
- usb: gadget: bdc: use readl_poll_timeout() to simplify code
  (git-fixes).
- commit 686f431
- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
- serial: 8250: Fix race condition in RTS-after-send handling
  (git-fixes).
- serial: 8250_lpss: Balance reference count for PCI DMA device
  (git-fixes).
- serial: 8250_mid: Balance reference count for PCI DMA device
  (git-fixes).
- serial: core: Fix the definition name in the comment of UPF_*
  flags (git-fixes).
- soundwire: intel: fix wrong register name in intel_shim_wake
  (git-fixes).
- misc: sgi-gru: Don't cast parameter in bit operations
  (git-fixes).
- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
- misc: alcor_pci: Fix an error handling path (git-fixes).
- pinctrl/rockchip: Add missing of_node_put() in
  rockchip_pinctrl_probe (git-fixes).
- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
  (git-fixes).
- pinctrl: mediatek: paris: Fix pingroup pin config state readback
  (git-fixes).
- pinctrl: mediatek: paris: Fix "/argument"/ argument type for
  mtk_pinconf_get() (git-fixes).
- pinctrl: pinconf-generic: Print arguments for bias-pull-*
  (git-fixes).
- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
  (git-fixes).
- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
  (git-fixes).
- pinctrl: nuvoton: npcm7xx: Use %zu printk format for
  ARRAY_SIZE() (git-fixes).
- mac80211: fix potential double free on mesh join (git-fixes).
- commit ed99607
- usb: bdc: use devm_platform_ioremap_resource() to simplify code
  (git-fixes).
- commit d8de3ca
- driver core: dd: fix return value of __setup handler
  (git-fixes).
- firmware: google: Properly state IOMEM dependency (git-fixes).
- iio: accel: mma8452: use the correct logic to get mma8452_data
  (git-fixes).
- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
- staging:iio:adc:ad7280a: Fix handing of device address bit
  reversing (git-fixes).
- iio: afe: rescale: use s64 for temporary scale calculations
  (git-fixes).
- iio: inkern: make a best effort on offset calculation
  (git-fixes).
- iio: inkern: apply consumer scale when no channel scale is
  available (git-fixes).
- iio: inkern: apply consumer scale on IIO_VAL_INT cases
  (git-fixes).
- ALSA: pci: fix reading of swapped values from pcmreg in AC97
  codec (git-fixes).
- ALSA: pcm: Add stream lock during PCM reset ioctl operations
  (git-fixes).
- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on RODE
  NT-USB (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc671 (git-fixes).
- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
  (git-fixes).
- ACPI: battery: Add device HID and quirk for Microsoft Surface
  Go 3 (git-fixes).
- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
  (git-fixes).
- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
- commit 34d0dc9
- blacklist.conf: Add 1e9d74660d4d "/bpf: Fix mount source show for bpffs"/
  Missing required dependency
- commit 5a8e47e
- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
  (git-fixes).
- commit 36f2c3d
- bpf: Fix comment for helper bpf_current_task_under_cgroup()
  (git-fixes).
- commit b94b06c
- x86/cpu: Add hardware-enforced cache coherency as a CPUID
  feature (bsc#1178134).
- Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature.
- commit 9b8fd9f
- Metadata update
- commit 20a72ea
- Revert "/Input: clear BTN_RIGHT/MIDDLE on buttonpads"/
  (bsc#1197243).
- commit 1e324a1
- Drop HID multitouch fix patch (bsc#1197243)
  Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch.
  Replaced with another revert patch.
- commit 169cf98
- usb: dwc3: qcom: add IRQ check (git-fixes).
- commit 0f04f35
- usb: dwc3: gadget: Use list_replace_init() before traversing
  lists (git-fixes).
- commit fa45b43
- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
- commit 6c80c92
- Add CVE tags to
  patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch
  (bsc#1189562 bsc#1196761 CVE-2022-0850).
- commit f3cb08f
- blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP
- commit ae70ffd
- drm/i915/gem: add missing boundary check in vm_access
  (git-fixes).
- commit 99cd925
- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
- commit 9c986de
- drm/bridge: dw-hdmi: use safe format when first in bridge chain
  (git-fixes).
- commit 38ac9a8
- Refresh
  patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch.
  Alt-commit
- commit 81cf826
- Refresh
  patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch.
  Alt-commit
- commit 9f55faf
- Refresh
  patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch.
  Alt-commit
- commit eb12d1f
- drm/amd/display: Add affected crtcs to atomic state for dsc
  mst unplug (git-fixes).
- commit 1b3e76b
- blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don't offset by 2 in FRU EEPROM
- commit 6877985
- drm/amd/pm: return -ENOTSUPP if there is no
  get_dpm_ultimate_freq function (git-fixes).
- commit fb7d1f2
- drm/nouveau/acr: Fix undefined behavior in
  nvkm_acr_hsfw_load_bl() (git-fixes).
- commit 4a1a717
- drm/doc: overview before functions for drm_writeback.c
  (git-fixes).
- commit 6d05b7f
- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
- commit 8027fb9
- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in
  nwl_dsi_probe (git-fixes).
- commit c253ca8
- drm/meson: Fix error handling when afbcd.ops->init fails
  (git-fixes).
- commit 42a3562
- drm/meson: osd_afbcd: Add an exit callback to struct
  meson_afbcd_ops (git-fixes).
- commit f2138e4
- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
  parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
- commit 4765cfb
- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
- commit 047d2b7
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
  as vbG200 to avoid black screen (git-fixes).
- commit 3094fd1
- drm/vc4: crtc: Make sure the HDMI controller is powered when
  disabling (git-fixes).
- commit 0e082ec
- esp: Fix possible buffer overflow in ESP transformation
  (bsc#1197131 CVE-2022-0886 CVE-2022-27666).
- commit 39a5891
- Update
  patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch
  (bsc#1194589 bsc#1197366 CVE-2021-45868).
- commit 1a6f8a7
- pinctrl: samsung: drop pin banks references on error paths
  (git-fixes).
- memory: emif: check the pointer temp in get_device_details()
  (git-fixes).
- memory: emif: Add check for setup_interrupts (git-fixes).
- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
- soc: qcom: rpmpd: Check for null return of devm_kcalloc
  (git-fixes).
- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
  (git-fixes).
- media: usb: go7007: s2250-board: fix leak in probe()
  (git-fixes).
- media: em28xx: initialize refcount before kref_get (git-fixes).
- media: stk1160: If start stream fails, return buffers with
  VB2_BUF_STATE_QUEUED (git-fixes).
- media: Revert "/media: em28xx: add missing
  em28xx_close_extension"/ (git-fixes).
- media: video/hdmi: handle short reads of hdmi info frame
  (git-fixes).
- media: aspeed: Correct value for h-total-pixels (git-fixes).
- media: hantro: Fix overfill bottom register field name
  (git-fixes).
- media: coda: Fix missing put_device() call in coda_get_vdoa_data
  (git-fixes).
- media: bttv: fix WARNING regression on tunerless devices
  (git-fixes).
- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
  (git-fixes).
- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
  (git-fixes).
- video: fbdev: atmel_lcdfb: fix an error code in
  atmel_lcdfb_probe() (git-fixes).
- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
  (git-fixes).
- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
  as vbG200 to avoid black screen (git-fixes).
- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
- usb: usbtmc: Fix bug in pipe direction for control transfers
  (git-fixes).
- net: phy: marvell: Fix invalid comparison in the resume and
  suspend functions (git-fixes).
- commit 33bac97
- firmware: qcom: scm: Remove reassignment to desc following
  initializer (git-fixes).
- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
  (git-fixes).
- ASoC: codecs: wcd934x: Add missing of_node_put() in
  wcd934x_codec_parse_data (git-fixes).
- ASoC: msm8916-wcd-analog: Fix error handling in
  pm8916_wcd_analog_spmi_probe (git-fixes).
- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare()
  in msm8916_wcd_digital_probe (git-fixes).
- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
  (git-fixes).
- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
- ASoC: SOF: topology: remove redundant code (git-fixes).
- ASoC: dmaengine: do not use a NULL prepare_slave_config()
  callback (git-fixes).
- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
- ASoC: fsi: Add check for clk_enable (git-fixes).
- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
- ASoC: atmel: Add missing of_node_put() in
  at91sam9g20ek_audio_probe (git-fixes).
- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
- ASoC: rt5663: check the return value of devm_kzalloc() in
  rt5663_parse_dp() (git-fixes).
- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
  (git-fixes).
- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
  (git-fixes).
- ASoC: topology: Allow TLV control to be either read or write
  (git-fixes).
- ALSA: spi: Add check for clk_enable() (git-fixes).
- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
- ASoC: codecs: wcd934x: fix return value of
  wcd934x_rx_hph_mode_put (git-fixes).
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred
  transaction (git-fixes).
- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
  (git-fixes).
- commit 364280e
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit 0f1f53e
- cifs: use the correct max-length for dentry_path_raw()
  (bsc1196196).
- commit d014f56
- blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
- commit 2d7347b
- quota: check block number when reading the block in quota file
  (bsc#1197366 CVE-2021-45868).
- commit a7d4915
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
  bsc#1197331).
- commit 8a9b87d
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
  bsc#1197331).
- commit 12628f8
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit aee063f
- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
- commit 8c138d0
- fuse: handle kABI change in struct fuse_args (bsc#1197343
  CVE-2022-1011).
- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
  CVE-2022-1011).
- commit 112493c
- spi: pxa2xx-pci: Balance reference count for PCI DMA device
  (git-fixes).
- spi: tegra114: Add missing IRQ check in tegra_spi_probe
  (git-fixes).
- regulator: qcom_smd: fix for_each_child.cocci warnings
  (git-fixes).
- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
  (git-fixes).
- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
- crypto: ccp - ccp_dmaengine_unregister release dma channels
  (git-fixes).
- crypto: cavium/nitrox - don't cast parameter in bit operations
  (git-fixes).
- crypto: vmx - add missing dependencies (git-fixes).
- hwrng: atmel - disable trng on failure path (git-fixes).
- crypto: ccree - don't attempt 0 len DMA mappings (git-fixes).
- crypto: qat - don't cast parameter in bit operations
  (git-fixes).
- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
- crypto: authenc - Fix sleep in atomic context in decrypt_tail
  (git-fixes).
- crypto: rsa-pkcs1pad - fix buffer overread in
  pkcs1pad_verify_complete() (git-fixes).
- crypto: rsa-pkcs1pad - restore signature length check
  (git-fixes).
- crypto: rsa-pkcs1pad - correctly get hash from source
  scatterlist (git-fixes).
- thermal: int340x: Increase bitmap size (git-fixes).
- thermal: int340x: Check for NULL after calling kmemdup()
  (git-fixes).
- PM: suspend: fix return value of __setup handler (git-fixes).
- PM: hibernate: fix __setup handler error handling (git-fixes).
- ACPI: docs: enumeration: Remove redundant .owner assignment
  (git-fixes).
- ACPI: docs: enumeration: Update UART serial bus resource
  documentation (git-fixes).
- ACPI: docs: enumeration: Discourage to use custom _DSM methods
  (git-fixes).
- ACPI: APEI: fix return value of __setup handlers (git-fixes).
- clocksource: acpi_pm: fix return value of __setup handler
  (git-fixes).
- ACPI: properties: Consistently return -ENOENT if there are no
  more references (git-fixes).
- clocksource/drivers/timer-of: Check return value of of_iomap
  in timer_of_base_init() (git-fixes).
- Input: aiptek - properly check endpoint type (git-fixes).
- usb: gadget: Fix use-after-free bug by not setting
  udc->dev.driver (git-fixes).
- usb: gadget: rndis: prevent integer overflow in
  rndis_set_response() (git-fixes).
- drm/vrr: Set VRR capable prop only if it is attached to
  connector (git-fixes).
- nl80211: Update bss channel on channel switch for P2P_CLIENT
  (git-fixes).
- iwlwifi: don't advertise TWT support (git-fixes).
- mac80211: refuse aggregations sessions before authorized
  (git-fixes).
- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN
  device when fully ready (git-fixes).
- commit 240077f
- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
- commit 4fc5228
- blacklist.conf: Add 2ecedd756908 ("/membarrier: Add an actual barrier before rseq_preempt()"/)
- commit e7a5059
- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
- commit 3a3c855
- netfilter: conntrack: don't refresh sctp entries in closed state
  (bsc#1197389).
- commit d30cf2f
- NFS: Do not report writeback errors in nfs_getattr()
  (git-fixes).
- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field
  (git-fixes).
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Don't skip directory entries when doing uncached readdir
  (git-fixes).
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
  client (git-fixes).
- NFS: Ensure the server has an up to date ctime before
  hardlinking (git-fixes).
- commit 0dffa33
- blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3
- commit 7de8046
- net: hns3: add a check for tqp_index in
  hclge_get_ring_chain_from_mbx() (git-fixes).
- commit 197c612
- net: watchdog: hold device global xmit lock during tx disable
  (git-fixes).
- commit 5f626af
- net: stmmac: set TxQ mode back to DCB after disabling CBS
  (git-fixes).
- commit 64e0e15
- net: enetc: initialize the RFS and RSS memories (git-fixes).
- commit 48628ab
- net: dsa: mv88e6xxx: override existent unicast portvec in
  port_fdb_add (git-fixes).
- commit d733e4e
- team: protect features update by RCU to avoid deadlock
  (git-fixes).
- commit 0917ada
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- commit e20b4bd
- Update config files.
- commit 5e3d4fd
- drm/i915: Fix dbuf slice config lookup (git-fixes).
- commit 2e1e919
- drm/imx: parallel-display: Remove bus flags check in
  imx_pd_bridge_atomic_check() (git-fixes).
- commit 37de9a5
- ibmvnic: fix race between xmit and reset (bsc#1197302
  ltc#197259).
- commit 1372669
- Revert "/Revert "/build initrd without systemd"/ (bsc#1197300)"/
  This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd.
- commit 72ed14f
- Update config files (bsc#1195926 bsc#1175667).
  VIRTIO_PCI=m -> VIRTIO_PCI=y
- commit 3edad5c
- Revert "/Revert "/rpm/kernel-source.spec.in: call fdupes per subpackage"/"/
  This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15.
  Which was propagated from my local local tree. Restore the commit
- commit ee9cedc
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
  (bsc#1178134).
- Refresh
  patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch.
- commit 8588aa6
- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
- commit 5c5db21
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
  SMT (bsc#1178134).
- commit a719566
- HID: multitouch: fix Dell Precision 7550 and 7750 button type
  (bsc#1197243).
- commit 53c2db3
- Sort in upstreamed BHB patches
- Refresh
  patches.suse/documentation-hw-vuln-update-spectre-doc.patch.
- Refresh
  patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
- Refresh
  patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
- Refresh
  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
- Refresh
  patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch.
- commit 4062a7a
- s390/mm: fix VMA and page table handling code in storage key
  handling functions (git-fixes).
- s390/mm: validate VMA in PGSTE manipulation functions
  (git-fixes).
- s390/gmap: don't unconditionally call pte_unmap_unlock()
  in __gmap_zap() (git-fixes).
- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
- s390/pci_mmio: fully validate the VMA before calling
  follow_pte() (git-fixes).
- mm: add vma_lookup(), update find_vma_intersection() comments
  (git-fixes).
- commit 808c094
- net/smc: Reset conn->lgr when link group registration fails
  (git-fixes).
- net/smc: fix using of uninitialized completions (git-fixes).
- net/smc: fix wrong list_del in smc_lgr_cleanup_early
  (git-fixes).
- net/smc: Fix loop in smc_listen (git-fixes).
- net/smc: Make sure the link_id is unique (git-fixes).
- commit 759dc2b
- blacklist.conf: net/smc cleanup with no functional change
- commit 5a33cbb
- s390/hypfs: include z/VM guests with access control group set
  (bsc#1195640 LTC#196352).
- commit 598f26f
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
  (bsc#1196018).
- commit 1580ab2
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
  (bsc#1196018).
- commit 1cdc779
- s390/module: fix loading modules with a lot of relocations
  (git-fixes).
- commit bc1865f
- s390/kexec_file: fix error handling when applying relocations
  (git-fixes).
- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
- s390/kexec: fix return code handling (git-fixes).
- commit 2f0dd10
- s390/bpf: Perform r1 range checking before accessing
  jit->seen_reg (git-fixes).
- commit 1cc7c78
ldb
- Update to version 2.4.2
  + Fix for CVE-2021-3670, ensure that the LDB request has not
    timed out during filter processing as the LDAP server
    MaxQueryDuration is otherwise not honoured (bsc#1198397).
libsolv
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code
  [bsc#1196514]
- support parsing of Debian's Multi-Arch indicator
- bump version to 0.7.22
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden
  vendor change
- support strict repository priorities
  new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members
  ("/requires"/ is a keyword in C++20)
- support setting/reading userdata in solv files
  new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
  new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
- bump version to 0.7.21
libtirpc
- add option to enforce connection via protocol version 2 first
  (bsc#1196647)
  add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
libzypp
- ZConfig: Update solver settings if target changes (bsc#1196368)
- version 17.30.0 (22)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- version 17.29.7 (22)
- Fix package signature check (bsc#1184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
  A previously released ISO image may need a bit more time to
  release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
  protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- version 17.29.6 (22)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
- version 17.29.5 (22)
lvm2
- udev: create symlinks and watch even in suspended state (bsc#1195231)
  + bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
mgr-cfg
- version 4.2.8-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15 (bsc#1197579)
- version 4.2.7-1
  * Fix installation problem for SLE15SP4 due missing python-selinux
mgr-push
- version 4.2.5-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
mozilla-nss
- Mozilla NSS 3.68.3 (bsc#1197903)
  This release improves the stability of NSS when used in a multi-threaded
  environment. In particular, it fixes memory safety violations that
  can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
  We presume that with enough effort these memory safety violations are exploitable.
  * Remove token member from NSSSlot struct (bmo#1756271).
  * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
    (bmo#1755555).
  * Check return value of PK11Slot_GetNSSToken (bmo#1370866).
nfs-utils
- Add 0023-cache.c-removed-a-couple-warning.patch
  Fix compilation with new glibc (SLE15-SP4)
  (bsc#1197788)
- Add 0021-mount.nfs-insert-sloppy-at-beginning-of-the-options.patch
  Add 0022-mount.nfs-Fix-the-sloppy-option-processing.patch
  Ensure "/sloppy"/ is added correctly for newer kernels.  Particularly
  required for kernels since 5.6 (so SLE15-SP4), and safe for all kernels.
  (boo#1197297)
openldap2
- bsc#1191157 - Correct version specification in ppolicy to allow
  submission to SP3 for TLS1.3
- bsc#1191157 - allow specification of max/min TLS version with TLS1.3
  * 0239-ITS-9422-Update-for-TLS-v1.3.patch
  * 0240-ITS-9518-add-LDAP_OPT_X_TLS_PROTOCOL_MAX-option.patch
  * 0241-TLS-set-protocol-version.patch
- bsc#1197004 - libldap was able to be out of step with openldap in
  some cases which could cause incorrect installations and symbol
  resolution failures. openldap2 and libldap now are locked to their
  related release versions.
- jsc#PM-3288 - restore CLDAP functionality in CLI tools
patterns-suse-manager
- golang-github-wrouesnel-postgres_exporter was renamed to
  prometheus-postgres_exporter
perl
- Stabilize Socket::VERSION comparisons [bnc#1193489]
  new patch: perl-Stabilize-Socket-VERSION-comparisons.patch
psmisc
  * Add a fallback if the system call name_to_handle_at() is
    not supported by the used file system.
- Add patch psmisc-22.21-semaphores.patch
  * Replace the synchronizing over pipes of the sub process for the
    stat(2) system call with mutex and conditions from pthreads(7)
    (bsc#1194172)
- Add patch psmisc-22.21-statx.patch
  * Use statx(2) or SYS_statx system call to replace the stat(2)
    system call and avoid the sub process at all (bsc#1194172)
- Change patch 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch
python-paramiko
- Add CVE-2022-24302-race-condition.patch:
  * Fix a race condition between creation and chmod when writing private
    keys. (bsc#1197279)
python-pip
- Add wheel subpackage with the generated wheel for this package
  (bsc#1176262, CVE-2019-20916).
- Make wheel a separate build run to avoid the setuptools/wheel build
  cycle.
- Switch this package to use update-alternatives for all files
  in %{_bindir} so it doesn't collide with the versions on
  "/the latest"/ versions of Python interpreter (jsc#SLE-18038,
  bsc#1195831).
python-uamqp
- Update in SLE-15 (bsc#1197848)
- New upstream release
  + Version 1.5.3
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
  + Version 1.5.1
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
  + Version 1.5.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
  + Version 1.4.3
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
  + Version 1.4.1
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
  + Version 1.4.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- New upstream release
  + Version 1.2.15
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Refresh patches for new version
  + u_strip-werror.patch
- New upstream release
  + Version 1.2.13
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Only build Python3 flavors for distributions 15 and greater
rhnlib
- version 4.2.6-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
rsyslog
- (CVE-2022-24903) fix potential heap buffer overflow in modules for TCP
  syslog reception (bsc#1199061)
  * add CVE-2022-24903.patch
ruby2
- Update suse.patch:
  - backport fix for CVE-2022-28739: ruby: Buffer overrun in
    String-to-Float conversion (boo#1198441)
  - back port date 2.0.3 CVE-2021-41817 (boo#1193035)
  - merge the previous bug fixes into suse.patch
  - CVE-2021-32066.patch
  - CVE-2021-31810.patch
  - CVE-2021-31799.patch
- Add Requires to make and gcc to ruby-devel to make the default
  extconf.rb work
salt
- Fix regression preventing bootstrapping new clients caused by
  redundant dependency on psutil (bsc#1197533)
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Added:
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
- Fix salt-ssh opts poisoning (bsc#1197637)
- Clear network interfaces cache on grains request (bsc#1196050)
- Add salt-ssh with Salt Bundle support (venv-salt-minion)
- (bsc#1182851, bsc#1196432)
- Remove duplicated method definitions in salt.netapi
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
  * add-salt-ssh-support-with-venv-salt-minion-3002.2-47.patch
  * remove-duplicated-method-definitions-in-salt.netapi-.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3002.2-500.patch
  * fix-state.orchestrate_single-to-not-pass-pillar-none.patch
  * clear-network-interface-cache-when-grains-are-reques.patch
- Renamed:
  * patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Fix multiple security issues (bsc#1197417)
  * Sign authentication replies to prevent MiTM (CVE-2022-22935)
  * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
  * Prevent job and fileserver replays (CVE-2022-22936)
  * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
spacewalk-backend
- version 4.2.20-1
  * Fix reposync update notice formatting and date parsing (bsc#1194447)
  * implement more decompression algorithms for reposync (bsc#1196704)
  * enable check for client certificates in reposync
  * remove auto inherit of host entitlements for virtual guests
spacewalk-certs-tools
- version 4.2.15-1
  * Add dynamic version for bootstrap script header (bsc#1186336)
spacewalk-client-tools
- version 4.2.18-1
  * Fix the condition for preventing building python 2 subpackage
    for SLE15
- version 4.2.17-1
  * Update translation strings
spacewalk-proxy
- version 4.2.10-1
  * Expose release notes to www_path
spacewalk-proxy-html
- version 4.2.3-1
  * Expose release notes to www_path
spacewalk-web
- version 4.2.26-1
  * Provide link to Sync page when unsynced patches message show up
    (bsc#1196094)
  * Provide a search box on section name for Formulas content
  * Add expand/collapse all button for formula sections
  * Improved large data support in channel selection
  * Provide link for CVEs
  * Improved error handling in the product setup page
  * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360)
  * susemanager-web-libs is now packaged as a part of spacewalk-html
suse-build-key
- No longer install 1024bit keys by default. (bsc#1197293)
  - SLE11 key moved to documentation
  - old PTF (pre March 2022) moved to documentation only
systemd
- Import commit 12b0904b9117aeaef138784e5b118b82cd87d7cb
  b579fe1e09 tmpfiles: constify item_compatible() parameters
  01f4af3573 test: add test checking tmpfiles conf file precedence
  e8f4d24e97 test tmpfiles: add a test for 'w+'
  9c559f3854 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
  7fab6b6a6e journald: make use of CLAMP() in cache_space_refresh()
  1c8b02567c journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
  0007446abc journal-file: port journal_file_open() to openat_report_new()
  a07ad29813 fs-util: make sure openat_report_new() initializes return param also on shortcut
  6bb087a1fc fs-util: fix typos in comments
  42532a8bfb fs-util: add openat_report_new() wrapper around openat()
- spec: cope with %{_modprobedir} being /lib/modprobe.d on SLE
- Fix the default target when it's been incorrectly set to one of the runlevel
  targets (bsc#1196567)
  The script 'upgrade-from-pre-210.sh' used to initialize the default target
  during migration from sysvinit to systemd. However it created symlinks to
  runlevel targets, which are deprecated. If such symlinks are found the script
  now renames them to point to 'true' systemd target units.
- When migrating from sysvinit to systemd (it probably won't happen anymore),
  let's use the default systemd target, which is the graphical.target one. In
  most cases it will do the right thing anyway.
- Import commit 117e7b96f8e8c63a9eec3459147f5352015a6d08
  3a395b156d Don't open /var journals in volatile mode when runtime_journal==NULL
  1cd65c15e4 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
  3ee9953dd4 man: tweak description of auto/noauto (bsc#1191502)
  6cfeacbf86 shared/install: ignore failures for auxiliary files
  37083278ed install: make UnitFileChangeType enum anonymous
  0a02185526 shared/install: reduce scope of iterator variables
  86c55bde7f systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- update s390 udev rules conversion script to include the case when
  the legacy rule was also 41-* (bsc#1195247)
  * change scripts-udev-convert-rules.sh
- Add in quarantine 6000-udev-net_id-add-debug-logging-for-construction-of-de.patch
  Add in quarantine 6001-udev-net_id-show-the-correct-identifier-in-the-debug.patch
- Add 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (bsc#1193086)
systemd-presets-common-SUSE
- enable vgauthd service for VMWare by default (bsc#1195251)
tar
- tests-skip-time01-on-32bit-time_t.patch: Add patch to skip test
  'tests/time01.at' on platforms with 32-bit time_t for now.
- tar.spec: Reference it.
  (%check): Output the testsuite.log in case the testsuite failed.
- The following issues have already been fixed in this package but
  weren't previously mentioned in the changes file:
  * bsc#1181131, CVE-2021-20193
  * bsc#1120610
- GNU tar 1.34:
  * Fix extraction over pipe
  * Fix memory leak in read_header
  * Fix extraction when . and .. are unreadable
  * Gracefully handle duplicate symlinks when extracting
  * Re-initialize supplementary groups when switching to user
    privileges
- GNU tar 1.33:
  * POSIX extended format headers do not include PID by default
  * --delay-directory-restore works for archives with reversed
    member ordering
  * Fix extraction of a symbolic link hardlinked to another
    symbolic link
  * Wildcards in exclude-vcs-ignore mode don't match slash
  * Fix the --no-overwrite-dir option
  * Fix handling of chained renames in incremental backups
  * Link counting works for file names supplied with -T
  * Accept only position-sensitive (file-selection) options in file
    list files
- remove deprecated texinfo packaging macros
- prepare usrmerge (boo#1029961)
- Drop Requires(pre) info in the preamble: the main package does
  not contain any info files, and has not even a pre script. The
  - doc subpackage already has the correct deps.
- No longer recommend -lang: supplements are in use.
- update to version 1.32
  * Fix the use of --checkpoint without explicit --checkpoint-action
  * Fix extraction with the -U option
  * Fix iconv usage on BSD-based systems
  * Fix possible NULL dereference (savannah bug #55369)
    [bsc#1130496] [CVE-2019-9923]
  * Improve the testsuite
- remove tar-1.31-tests_dirrem.patch and
  tar-1.31-racy_compress_tests.patch that are no longer needed
  (applied usptream)
- Remove libattr-devel from buildrequires, tar no longer uses
  it but finds xattr functions in libc.
- update to version 1.31
  * Fix heap-buffer-overrun with --one-top-level, bug introduced
    with the addition of that option in 1.28
  * Support for zstd compression
  * New option '--zstd' instructs tar to use zstd as compression
    program. When listing, extractng and comparing, zstd compressed
    archives are recognized automatically. When '-a' option is in
    effect, zstd compression is selected if the destination archive
    name ends in '.zst' or '.tzst'.
  * The -K option interacts properly with member names given in the
    command line. Names of members to extract can be specified along
    with the "/-K NAME"/ option. In this case, tar will extract NAME
    and those of named members that appear in the archive after it,
    which is consistent with the semantics of the option. Previous
    versions of tar extracted NAME, those of named members that
    appeared before it, and everything after it.
  * Fix CVE-2018-20482 - When creating archives with the --sparse
    option, previous versions of tar would loop endlessly if a
    sparse file had been truncated while being archived.
- remove the following patches (upstreamed)
  * tar-1.30-tests-difflink.patch
  * tar-1.30-tests_dirrem_race.patch
- refresh add_readme-tests.patch
- add tar-1.31-tests_dirrem.patch to fix expected output in dirrem
  tests
- add tar-1.31-racy_compress_tests.patch to fix compression tests
xen
- bsc#1197423 - VUL-0: CVE-2022-26356: xen: Racy interactions
  between dirty vram tracking and paging log dirty hypercalls
  (XSA-397)
  xsa397.patch
- bsc#1197425 - VUL-0: CVE-2022-26357: xen: race in VT-d domain ID
  cleanup (XSA-399)
  xsa399.patch
- bsc#1197426 - VUL-0: CVE-2022-26358,CVE-2022-26359,
  CVE-2022-26360,CVE-2022-26361: xen: IOMMU: RMRR (VT-d) and unity
  map (AMD-Vi) handling issues (XSA-400)
  xsa400-01.patch
  xsa400-02.patch
  xsa400-03.patch
  xsa400-04.patch
  xsa400-05.patch
  xsa400-06.patch
  xsa400-07.patch
  xsa400-08.patch
  xsa400-09.patch
  xsa400-10.patch
  xsa400-11.patch
xz
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
  (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
  * bsc1198062.patch
yast2
- Fixed refreshing old repositories during system upgrade
  (bsc#1196120, similar to bsc#1190228)
- 4.3.69
yast2-audit-laf
- Set the name of the auto client in the desktop file
  (bsc#1196590).
- 4.3.2
yast2-bootloader
- AutoYaST: do not clone device for hibernation and also check
  during autoinstallation if device for hibernation exists and if
  not then use proposed one. (bsc#1187690 and bsc#1197192)
- 4.3.31
yast2-country
- Fixed passing multiple arguments to "/localectl set-locale"/
  (bsc#1177863)
- 4.3.19
yast2-installation
- Do not stop xvnc.socket but run the YaST2-Second-Stage and
  YaST2-Firsboot services before it in order to prevent early
  vnc connections (bsc#1197265)
-4.3.50
- Run the YaST2-Second-Stage and YaST2-Firsboot services after
  purge-kernels to prevent a zypper lock error message
  (bsc#1196431).
- 4.3.49
- Prevent getty auto-generation because it makes xvnc to fail when
  it is started in YaST second stage (bsc#1196614).
- 4.3.48
- Avoid terminal login prompt when running Second Stage service
  (bsc#1196594 and related to bsc#1195059).
- 4.3.47
- Modified Second Stage service dependencies fixing a root login
  systemd timeout when installing with ssh (bsc#1195059)
- 4.3.46
- Do not create a Btrfs snapshot at the end of the installation
  or upgrade when the root filesystem is mounted as read-only
  (jsc#SLE-22560).
- 4.3.45
yast2-packager
- do not keep file handle to repo metadata open accidentally (bsc#1196061)
- 4.3.26
yast2-schema
- Added fcoe-client schema (bsc#1194895)
- 4.3.28
zypper
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
- version 1.14.52