- Update to release 9.16.31
  This is the first of monthly updates of "/bind"/. It is planned
  to update bind when a new upstream maintennace release becomes
  available, which is usually towards the end of a month, see
  Compared to the previous SUSE release, in this release,
  53 (minor) bugs were fixed
  13 (minor) functional enhancements were made
  3 security issues are now fixed upstream:
    CVE-2022-0396, CVE-2021-25220, CVE-2021-25219
  plus a few minor changes.
  For a full list of changes, please refer to the
  CHANGES file in the source rpm.
  This update obsoletes the following patches:
  * bind-fix-build-with-older-sphinx.patch
  * bind-CVE-2021-25219.patch
  * bind-9.16.27-0001-CVE-2021-25220.patch
  * bind-9.16.27-0002-CVE-2022-0396.patch
  [bind-9.16.31.tar.xz, bind-9.16.31.tar.xz.sha512.asc,
  bind-9.16.20.tar.xz, bind-9.16.20.tar.xz.sha512.asc,
  bind-fix-build-with-older-sphinx.patch, bind-CVE-2021-25219.patch,
- When enabling query_logging by un-commenting an example in
  bind.conf, named attempts to create a file in /var/log which
  fails due to missing credentials. This also applies to the
  "/dump-file"/ and the "/statistics-file"/.
  This is solved by having systemd-tmpfiles create a subdirectory
  "//var/log/named"/ owned by named:named and changing the file
  paths accordingly:
  /var/log/named_querylog -> /var/log/named/querylog
  /var/log/named_dump.db -> /var/log/named/dump.db
  /var/log/named.stats -> /var/log/named/stats
  Also, in "/named.service"/, the ReadWritePath was changed to
  include "//var/log/named"/ rather than just "/var/log"/.
  [bsc#1200685, bind.spec, vendor-files/config/named.conf,
- A non-existent initialization script (eg a leftorver
  "/createNamedConfInclude"/ in /etc/sysconfig/named) may cause named
  not to start. A warning message is printed in named.prep and
  the fact is ignored.
  Also, the return value of a failed script was not handled properly
  causing a failed script to not prevent named to start. This
  is now fixed properly.
  [bsc#1199044, vendor-files.tar.bz2]
- Update to version 055+suse.279.g3b3c36b2:
  * fix(bluetooth): accept compressed firmwares in inst_multiple (bsc#1200236)
  * fix(network-legacy): support (bsc#1200360)
  * fix(convertfs): ignore commented lines in fstab (bsc#1200251)
  * fix(integrity): do not display any error if there is no IMA certificate (bsc#1187654)
- Update to version 055+suse.271.g70f710e4:
  * fix(nfs): /var is not mounted during the transactional-update run (bsc#1184970)
  * fix(nfs): give /run/rpcbind ownership to rpc user (bsc#1177461)
  * fix(dracut-install): copy files preserving ownership attributes (bsc#1197967)
  * fix(crypt): remove quotes from cryptsetupopts (bsc#1197635)
  * fix(lvm): restore setting LVM_MD_PV_ACTIVATED (bsc#1195604)
  * fix(iscsi): remove unneeded iscsi NOP-disable code (bsc#1196267)
  * fix(dracut-systemd): do not require vconsole-setup.service (bsc#1195508)
  * fix(bluetooth): make hostonly configuration files optional (bsc#1195047)
- Azure fence agent doesn’t work correctly on SLES15 SP3 - fence_azure_arm
  fails with error 'MSIAuthentication' object has no attribute 'get_token' - SFSC00334437
  - Apply proposed patch
- Security fix [CVE-2022-34903, bsc#1201225]
  - Vulnerable to status injection
  - Added patch gnupg-CVE-2022-34903.patch
- gnupg-detect_FIPS_mode.patch: use AES as default cipher instead
  of 3DES if we are in FIPS mode. (bsc#1196125)
- Add harfbuzz-CVE-2022-33068.patch: sbix: limit glyph extents
  (boo#1200900 CVE-2022-33068).
- merge gh#openSUSE/hwinfo#113
- Keep NVMe's namespace output consistency when
  nvme_core.multipath=1 (bsc#1199948)
- 21.82
- Update to upstream tag jdk-11.0.16+8 (July 2022 CPU)
  * Security fixes:
    + JDK-8272243: Improve DER parsing
    + JDK-8272249: Better properties of loaded Properties
    + JDK-8277608: Address IP Addressing
    + JDK-8281859, CVE-2022-21540, bsc#1201694: Improve class
    + JDK-8281866, CVE-2022-21541, bsc#1201692: Enhance
    MethodHandle invocations
    + JDK-8283190: Improve MIDI processing
    + JDK-8284370: Improve zlib usage
    + JDK-8285407, CVE-2022-34169, bsc#1201684: Improve Xalan
  * Other fixes:
    + JDK-6986863: ProfileDeferralMgr throwing
    + JDK-7124293: [macosx] VoiceOver reads percentages rather than
    the actual values for sliders.
    + JDK-7124301: [macosx] When in a tab group if you arrow
    between tabs there are no VoiceOver announcements.
    + JDK-8133713: [macosx] Accessible JTables always reported as
    + JDK-8139046: Compiler Control: IGVPrintLevel directive should
    set PrintIdealGraph
    + JDK-8139173: [macosx] JInternalFrame shadow is not properly
    + JDK-8163498: Many long-running security libs tests
    + JDK-8166727: javac crashed: [jimage.dll+0x1942]
    + JDK-8169004: Fix redundant @requires tags in tests
    + JDK-8181571: printing to CUPS fails on mac sandbox app
    + JDK-8182404: remove jdk.testlibrary.JDKToolFinder and
    + JDK-8186548: move jdk.testlibrary.JcmdBase closer to tests
    + JDK-8192057: com/sun/jdi/ fails with
    + JDK-8193682: Infinite loop in ZipOutputStream.close()
    + JDK-8199874: [TESTBUG] runtime/Thread/
    fails with "/expected 0 to equal 10"/
    + JDK-8202886: [macos] Test java/awt/MenuBar/8007006/
    / fails on MacOS
    + JDK-8203238: [TESTBUG] rewrite MemOptions shell test in Java
    + JDK-8203239: [TESTBUG] remove vmTestbase/vm/gc/kind/parOld
    + JDK-8206187: javax/management/remote/mandatory/connection/
    / fails with Port already in use
    + JDK-8206330: Revisit com/sun/jdi/
    + JDK-8207364: nsk/jvmti/ResourceExhausted/resexhausted003
    fails to start
    + JDK-8208207: Test nsk/stress/jni/gclocker/gcl001 fails after
    + JDK-8208246: flags duplications in
    vmTestbase_vm_g1classunloading tests
    + JDK-8208249: TriggerUnloadingByFillingMetaspace generates
    garbage class names
    + JDK-8208697: vmTestbase/metaspace/stressHierarchy/
    /stressHierarchy012/ fails with
    OutOfMemoryError: Metaspace
    + JDK-8209150: [TESTBUG] Add logging to verify JDK-8197901 to a
    different test
    + JDK-8209776: Refactor jdk/security/JavaDotSecurity/
    to plain java test
    + JDK-8209883: ZGC: Compile without C1 broken
    + JDK-8209920: runtime/logging/ fail with
    OOME with ZGC
    + JDK-8210022: remove jdk.testlibrary.ProcessThread, TestThread
    and XRun
    + JDK-8210039: move OSInfo to top level testlibrary
    + JDK-8210108: sun/tools/jstatd test build failures after
    + JDK-8210112: remove jdk.testlibrary.ProcessTools
    + JDK-8210649: AssertionError @
    + JDK-8210732: remove jdk.testlibrary.Utils
    + JDK-8211795: ArrayIndexOutOfBoundsException in PNGImageReader
    after JDK-6788458
    + JDK-8211822: Some tests fail after JDK-8210039
    + JDK-8211962: Implicit narrowing in MacOSX java.desktop jsound
    + JDK-8212151: jdi/ times out due to "/bind
    failed: Address already in use"/ on Solaris-X64
    + JDK-8213440: Lingering INCLUDE_ALL_GCS in
    + JDK-8214275: CondyRepeatFailedResolution asserts "/Dynamic
    constant has no fixed basic type"/
    + JDK-8214799: Add package declaration to each JTREG test case
    in the gc folder
    + JDK-8215544: SA: Modify ClhsdbLauncher to add sudo privileges
    to enable MacOS tests on Mach5
    + JDK-8216137: assert(Compile::current()->live_nodes() <
    Compile::current()->max_node_limit()) failed: Live Node limit
    exceeded limit
    + JDK-8216265: [testbug] Introduce
    Platform.sharedLibraryPathVariableName() and adapt all tests.
    + JDK-8217017: [TESTBUG] Tests fail to compile after JDK-8216265
    + JDK-8217233: Update build settings for AIX/xlc
    + JDK-8217340: Compilation failed:
    + JDK-8217473: SA: Tests using ClhsdbLauncher fail on SAP
    docker containers
    + JDK-8218136: minor hotspot adjustments for xlclang++ from
    xlc16 on AIX
    + JDK-8218751: Do not store original classfiles inside the CDS
    + JDK-8218965: aix:  support xlclang++ in the compiler detection
    + JDK-8220658: Improve the readability of container information
    in the error log
    + JDK-8220813: update hotspot tier1_gc tests depending on GC to
    use @requires vm.gc.X
    + JDK-8222799: java.beans.Introspector uses an obsolete methods
    + JDK-8222926: Shenandoah build fails with
  - -with-jvm-features=-compiler1
    + JDK-8223143: Restructure/clean-up for 'loopexit_or_null()'.
    + JDK-8223363: Bad node estimate assertion failure
    + JDK-8223502: Node estimate for loop unswitching is not
    correct: assert(delta <= 2 * required) failed: Bad node estimate
    + JDK-8224648: assert(!exceeding_node_budget()) failed: Too
    many NODES required! failure with ctw
    + JDK-8223389: Shenandoah optimizations fail with
    + JDK-8223396: [TESTBUG] several jfr tests do not clean up
    files created in /tmp
    + JDK-8225475: Node budget asserts on x86_32/64
    + JDK-8227171: provide function names in native stack trace on
    aix with xlc16
    + JDK-8227389: Remove unsupported xlc16 compile options on aix
    + JDK-8229210: [TESTBUG] Move gc stress tests from JFR
    directory tree to gc/stress
    + JDK-8229486: Replace wildcard address with loopback or local
    host in tests - part 21
    + JDK-8229499: Node budget assert in fuzzed test
    + JDK-8230305: Cgroups v2: Container awareness
    + JDK-8229202: Docker reporting causes secondary crashes in
    error handling
    + JDK-8216366: Add rationale to PER_CPU_SHARES define
    + JDK-8230865: [TESTBUG] jdk/jfr/event/io/
    fails at-run shell target
    + JDK-8231111: Cgroups v2: Rework Metrics in java.base so as to
    recognize unified hierarchy
    + JDK-8231454: File lock in Windows on a loaded jar due to a
    leak in Introspector::getBeanInfo
    + JDK-8231489: GC watermark_0_1 failed due to
    "/metaspace.gc.Fault: GC has happened too rare"/
    + JDK-8231565: More node budget asserts in fuzzed tests
    + JDK-8233551: [TESTBUG] fails on MacOS
    + JDK-8234382: Test tools/javac/processing/model/
    /testgetallmembers/ using too small heap
    + JDK-8234605: C2 failed "/assert(C->live_nodes() -
    live_at_begin <= 2 * _nodes_required) failed: Bad node
    estimate: actual = 208 >> request = 101"/
    + JDK-8234608: [TESTBUG] Fix G1 redefineClasses tests and a
    memory leak
    + JDK-8235220: fails with
    + JDK-8235385: Crash on aarch64 JDK due to long offset
    + JDK-8237479: 8230305 causes slowdebug build failure
    + JDK-8239559: Cgroups: Incorrect detection logic on some
    + JDK-8239785: Cgroups: Incorrect detection logic on old
    systems in hotspot
    + JDK-8240132: ProblemList com/sun/jdi/
    + JDK-8240189: [TESTBUG] Some cgroup tests are failing after
    + JDK-8240335: C2: assert(found_sfpt) failed: no node in loop
    that's not input to safepoint
    + JDK-8240734: ModuleHashes attribute not reproducible between
    + JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese
    characters were garbled
    + JDK-8241707: introduce randomness k/w to hotspot test suite
    + JDK-8242310: use reproducible random in hotspot compiler tests
    + JDK-8242311: use reproducible random in hotspot runtime tests
    + JDK-8242312: use reproducible random in hotspot gc tests
    + JDK-8242313: use reproducible random in hotspot svc tests
    + JDK-8242538: java/security/SecureRandom/
    failed on windows
    + JDK-8243429: use reproducible random in :vmTestbase_nsk_stress
    + JDK-8243666: ModuleHashes attribute generated for JMOD and
    JAR files depends on timestamps
    + JDK-8244500: jtreg test error in test/hotspot/jtreg/
    + JDK-8244602: Add JTREG_REPEAT_COUNT to repeat execution of a
    + JDK-8245543: Cgroups: Incorrect detection logic on some
    systems (still reproducible)
    + JDK-8245938: Remove unused print_stack(void) method from
    + JDK-8246494: introduce vm.flagless at-requires property
    + JDK-8246741: NetworkInterface/UniqueMacAddressesTest: mac
    address uniqueness test failed
    + JDK-8247589: Implementation of Alpine Linux/x64 Port
    + JDK-8247591: Document Alpine Linux build steps in OpenJDK
    build guide
    + JDK-8247592: refactor test/jdk/tools/launcher/
    + JDK-8247614: java/nio/channels/DatagramChannel/
    timed out
    + JDK-8248876: LoadObject with bad base address created for
    exec file on linux
    + JDK-8249592: Robot.mouseMove moves cursor to incorrect
    location when display scale varies and Java runs in DPI
    Unaware mode
    + JDK-8252117: com/sun/jdi/ failed with
    "/ConnectException: Connection refused: connect"/
    + JDK-8252248: __SIGRTMAX is not declared in musl libc
    + JDK-8252250: isnanf is obsolete
    + JDK-8252359: HotSpot Not Identifying it is Running in a
    + JDK-8252957: Wrong comment in CgroupV1Subsystem::cpu_quota
    + JDK-8253435: Cgroup: 'stomping of _mount_path' crash if
    manually mounted cpusets exist
    + JDK-8253714: [cgroups v2] Soft memory limit incorrectly using
    + JDK-8253727: [cgroups v2] Memory and swap limits reported
    + JDK-8253797: [cgroups v2] Account for the fact that swap
    accounting is disabled on some systems
    + JDK-8253872: ArgumentHandler must use the same delimiters as
    in jvmti_tools.cpp
    + JDK-8253939: [TESTBUG] Increase coverage of the cgroups
    detection code
    + JDK-8254001: [Metrics] Enhance parsing of cgroup interface
    files for version detection
    + JDK-8254887: C2: assert(cl->trip_count() > 0) failed: peeling
    a fully unrolled loop
    + JDK-8254997: Remove unimplemented
    + JDK-8255266: Update Public Suffix List to 3c213aa
    + JDK-8255604: java/nio/channels/DatagramChannel/
    fails with Cannot assign requested
    address: connect
    + JDK-8255787: Tag container tests that use cGroups with
    cgroups keyword
    + JDK-8256146: Cleanup test/jdk/java/nio/channels/
    + JDK-8256722: handle VC++:1927 VS2019 in  abstract_vm_version
    + JDK-8257794: Zero: assert(istate->_stack_limit ==
    istate->_thread->last_Java_sp() + 1) failed: wrong on
    + JDK-8258795: Update IANA Language Subtag Registry to Version
    + JDK-8258956: Memory Leak in StringCoding on ThreadLocal
    resultCached StringCoding.Result
    + JDK-8259517: Incorrect test path in test cases
    + JDK-8260518: Change default -mmacosx-version-min to 10.12
    + JDK-8261169: Upgrade HarfBuzz to the latest 2.8.0
    + JDK-8262379: Add regression test for JDK-8257746
    + JDK-8263364: sun/net/www/http/KeepAliveStream/
    / wedged in
    + JDK-8263718: unused-result warning happens at os_linux.cpp
    + JDK-8263856: Github Actions for macos/aarch64 cross-build
    + JDK-8264179: [TESTBUG] Some compiler tests fail when running
    without C2
    + JDK-8265261: java/nio/file/Files/ fails
    with java.lang.RuntimeException: Copy was not interrupted
    + JDK-8265297: javax/net/ssl/SSLSession/
    / failed with "/RuntimeException: Connection reset"/
    + JDK-8265343: Update Debian-based cross-compilation recipes
    + JDK-8266251: compiler.inlining.InlineAccessors shouldn't do
    testing in driver VM
    + JDK-8266318: Switch to macos prefix for macOS bundles
    + JDK-8266391: Replace use of reflection in
    + JDK-8266545: 8261169 broke Harfbuzz build with gcc 7 and 8
    + JDK-8268773: Improvements related to: Failed to start thread
  - pthread_create failed (EAGAIN)
    + JDK-8269772: [macos-aarch64] test compilation failed with
    "/SocketException: No buffer space available"/
    + JDK-8269933: test/jdk/javax/net/ssl/compatibility/JdkInfo
    incorrect verification of protocol and cipher support
    + JDK-8270797: test is not complete
    + JDK-8271055: Crash during deoptimization with
    "/assert(bb->is_reachable()) failed: getting result from
    unreachable basicblock"/ with -XX:+VerifyStack
    + JDK-8271199: Mutual TLS handshake fails signing client
    certificate with custom sensitive PKCS11 key
    + JDK-8272167: should skip *.dSYM
    + JDK-8272358: Some tests may fail when executed with other
    locales than the US
    + JDK-8272493: Suboptimal code generation around
    Preconditions.checkIndex intrinsic with AVX2
    + JDK-8272908: Missing coverage for certain classes in
    + JDK-8272964: java/nio/file/Files/ fails
    with java.lang.RuntimeException: Copy was not interrupted
    + JDK-8273176: handle latest VS2019 in abstract_vm_version
    + JDK-8273655: files are missing some
    common types
    + JDK-8274171: java/nio/file/Files/probeContentType/
    failed on "/Content type"/ mismatches
    + JDK-8274233: Minor cleanup for ToolBox
    + JDK-8274735: javax.imageio.IIOException: Unsupported Image
    Type while processing a valid JPEG image
    + JDK-8274751: Drag And Drop hangs on Windows
    + JDK-8275082: Update XML Security for Java to 2.3.0
    + JDK-8275330: C2:  assert(n->is_Root() || n->is_Region() ||
    n->is_Phi() || n->is_MachMerge() ||
    def_block->dominates(block)) failed: uses must be dominated
    by definitions
    + JDK-8275337: C1: assert(false) failed: live_in set of first
    block must be empty
    + JDK-8276657: XSLT compiler tries to define a class with empty
    + JDK-8276990: Memory leak in invoker.c fillInvokeRequest()
    during JDI operations
    + JDK-8277072: ObjectStreamClass caches keep ClassLoaders alive
    + JDK-8277093: Vector should throw ClassNotFoundException for a
    missing class of an element
    + JDK-8277396: [TESTBUG] In,
    frame is accessed from main thread
    + JDK-8277422: tools/jar/ fails with modified
    time mismatch
    + JDK-8277922: Unable to click JCheckBox in JTable through Java
    Access Bridge
    + JDK-8278065: Refactor subclassAudits to use ClassValue
    + JDK-8278186:
    .parseIdFromSameDocumentURI throws
    StringIndexOutOfBoundsException when calling substring method
    + JDK-8278346: java/nio/file/Files/probeContentType/
    fails on Linux SLES15 machine
    + JDK-8278472: Invalid value set to CANDIDATEFORM structure
    + JDK-8278794: Infinite loop in DeflaterOutputStream.finish()
    + JDK-8278851: Correct signer logic for jars signed with
    multiple digestalgs
    + JDK-8278951: containers/cgroup/ fails on Ubuntu
    + JDK-8279219: [REDO] C2 crash when allocating array of size
    too large
    + JDK-8279356: Method linking fails with
    guarantee(mh->adapter() != NULL) failed: Adapter blob must
    already exist!
    + JDK-8279505: Update documentation for RETRY_COUNT and
    + JDK-8279520: SPNEGO has not passed channel binding info into
    the underlying mechanism
    + JDK-8279529: ProblemList java/nio/channels/DatagramChannel/
    / on macosx-aarch64
    + JDK-8279532: ProblemList sun/security/ssl/SSLSessionImpl/
    + JDK-8279668: x86: AVX2 versions of vpxor should be asserted
    + JDK-8279837: C2: assert(is_Loop()) failed: invalid node
    class: Region
    + JDK-8279842: HTTPS Channel Binding support for Java
    + JDK-8279958: Provide configure hints for Alpine/apk package
    + JDK-8280041: Retry loop issues in
    + JDK-8280373: Update Xalan serializer / SystemIDResolver to
    align with JDK-8270492
    + JDK-8280476: [macOS] : hotspot arm64 bug exposed by latest
    + JDK-8280684: JfrRecorderService failes with
    guarantee(num_written > 0) when no space left on device.
    + JDK-8280799: С2: assert(false) failed: cyclic dependency
    prevents range check elimination
    + JDK-8280867: Cpuid1Ecx feature parsing is incorrect for AMD
    + JDK-8280964: [Linux aarch64] : drawImage dithers
    TYPE_BYTE_INDEXED images incorrectly
    + JDK-8281274: deal with ActiveProcessorCount in
    + JDK-8281275: Upgrading from 8 to 11 no longer accepts '/' as
    filepath separator in gc paths
    + JDK-8281615: Deadlock caused by jdwp agent
    + JDK-8281811: assert(_base == Tuple) failed: Not a Tuple after
    + JDK-8282008: Incorrect handling of quoted arguments in
    + JDK-8282172: CompileBroker::log_metaspace_failure is called
    from non-Java/compiler threads
    + JDK-8282225: GHA: Allow one concurrent run per PR only
    + JDK-8282231: x86-32: runtime call to SharedRuntime::ldiv
    corrupts registers
    + JDK-8282293: Domain value for system property
    jdk.https.negotiate.cbt should be case-insensitive
    + JDK-8282312: Minor corrections to evbroadcasti32x4 intrinsic
    on x86
    + JDK-8282382: Report glibc malloc tunables in error reports
    + JDK-8282422: JTable.print() failed with
    UnsupportedCharsetException on AIX ko_KR locale
    + JDK-8282501: Bump update version for OpenJDK: jdk-11.0.16
    + JDK-8282583: Update BCEL md to include the copyright notice
    + JDK-8282588: [11] set harfbuzz compilation flag to -std=c++11
    + JDK-8282589: runtime/ErrorHandling/ fails on
    MacOS aarch64 in jdk 11
    + JDK-8282887: Potential memory leak in sun.util.locale.provider
    .HostLocaleProviderAdapterImpl.getNumberPattern() on Windows
    + JDK-8283018: 11u GHA: Update GCC 9 minor versions
    + JDK-8283217: Leak FcObjectSet in getFontConfigLocations() in
    + JDK-8283323: libharfbuzz optimization level results in
    extreme build times
    + JDK-8283350: (tz) Update Timezone Data to 2022a
    + JDK-8283408: Fix a C2 crash when filling arrays with unsafe
    + JDK-8283420: [AOT] Exclude TrackedFlagTest/NotTrackedFlagTest
    in 11u because of intermittent java.lang.AssertionError:
    duplicate classes for name Ljava/lang/Boolean;
    + JDK-8283424: compiler/loopopts/
    / fails with release VMs due
    to lack of -XX:+UnlockDiagnosticVMOptions
    + JDK-8283451: C2: assert(_base == Long) failed: Not a Long
    + JDK-8283469: Don't use memset to initialize members in
    FileMapInfo and fix memory leak
    + JDK-8283497: [windows] print TMP and TEMP in hs_err and
    + JDK-8283614: [11] Repair compiler versions handling after
    + JDK-8283641: Large value for CompileThresholdScaling causes
    + JDK-8283834: Unmappable character for US-ASCII encoding in
    + JDK-8284033: Leak XVisualInfo in getAllConfigs in
    + JDK-8284094: Memory leak in invoker_completeInvokeRequest()
    + JDK-8284102: [TESTBUG] [11u] Retroactively add regression
    test for JDK-8272124
    + JDK-8284369: TestFailedAllocationBadGraph fails with
  - XX:TieredStopAtLevel < 4
    + JDK-8284389: Improve stability of GHA Pre-submit testing by
    caching cygwin installer
    + JDK-8284458: CodeHeapState::aggregate() leaks blob_name
    + JDK-8284507: GHA: Only check test results if testing was not
    + JDK-8284549: JFR: FieldTable leaks FieldInfoTable member
    + JDK-8284573: [11u] ProblemList and because of 8272195
    + JDK-8284604: [11u] Update Boot JDK used in GHA to
    + JDK-8284620: CodeBuffer may leak _overflow_arena
    + JDK-8284622: Update versions of some Github Actions used in
    JDK workflow
    + JDK-8284756: [11u] Remove unused isUseContainerSupport in
    + JDK-8285395: [JVMCI] [11u] Partial backport of JDK-8220623:
    + JDK-8285397: JNI exception pending in CUPSfuncs.c:250
    + JDK-8285445: cannot open file "/NUL:"/
    + JDK-8285515: (dc) DatagramChannel.disconnect fails with
    "/Invalid argument"/ on macOS 12.4
    + JDK-8285523: Improve test
    + JDK-8285591: [11] add signum checks in engineVerify
    + JDK-8285686: Update FreeType to 2.12.0
    + JDK-8285720: test/jdk/java/nio/file/Files/probeContentType/
    / fails to compile after backport of 8273655
    + JDK-8285726: [11u, 17u] Unify fix for JDK-8284548 with
    version from head
    + JDK-8285727: [11u, 17u] Unify fix for JDK-8284920 with
    version from head
    + JDK-8285828: runtime/execstack/ fails with
    zipped debug symbols
    + JDK-8286013: Incorrect test configurations for
    + JDK-8286198: [linux] Fix process-memory information
    + JDK-8286293: Tests ShortResponseBody and
    ShortResponseBodyWithRetry should use less resources
    + JDK-8286444: javac errors after JDK-8251329 are not helpful
    enough to find root cause
    + JDK-8286594: (zipfs) Mention paths with dot elements in
    ZipException and cleanups
    + JDK-8286630: [11] avoid -std=c++11 CXX harfbuzz buildflag on
    + JDK-8286855: javac error on invalid jar should only print
    + JDK-8287109: failed with
    + JDK-8287119: Add to ProblemList
    + JDK-8287362: FieldAccessWatch testcase failed on AIX platform
    + JDK-8287378: GHA: Update cygwin to fix issues in langtools
    tests on Windows
    + JDK-8287739: [11u] ProblemList sun/security/ssl/
- fix race between exit_itimers() and /proc/pid/timers
- commit 62d2eea
- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (CVE-2022-2585 bsc#1202094).
- commit 2decf97
- x86/speculation: Add LFENCE to RSB fill sequence (bsc#1201726
- commit e9f7bfc
- x86/speculation: Add RSB VM Exit protections (bsc#1201726
- commit 87cc728
- sched/core: Do not requeue task on CPU excluded from cpus_mask
- commit f226af5
- KVM: emulate: do not adjust size of fastop and setcc subroutines
- commit 935d297
- kvm/emulate: Fix SETcc emulation function offsets with SLS
- Refresh
- commit 154606a
- net/sched: cls_u32: fix netns refcount changes in u32_change()
  (CVE-2022-29581 bsc#1199665).
- commit 6f81977
- blacklist.conf: This is a cleanup, not fixing any bug
- commit 6f050ff
- tee: fix put order in teedev_close_context() (git-fixes).
- commit 1650ec3
- blacklist.conf: duplicate
- commit 1c70642
- random: fix typo in comments (git-fixes).
- commit 6de6114
- blacklist.conf: breaks kABI for a cleanup
- commit 678666e
- random: document add_hwgenerator_randomness() with other input
  functions (git-fixes).
- commit 0fb6e8a
- Bluetooth: btusb: Add the new support IDs for WCN6855
- Refresh
- commit 91ad5ba
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
  (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
- watchdog: export lockup_detector_reconfigure (bsc#1201846
- powerpc/mobility: wait for memory transfer to complete
  (bsc#1201846 ltc#198761).
- commit 4c3e250
- page_alloc: fix invalid watemark check on a negative value
  (git fixes (mm/pgalloc)).
- commit 11d19f6
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- commit 91f9b43
- VMCI: Release notification_bitmap in error path (bsc#1199291,
- VMCI: Check exclusive_vectors when freeing interrupt 1
  (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device()
  (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive
  (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
- VMCI: dma dg: allocate send and receive buffers for DMA
  datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
  (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
- VMCI: dma dg: add MMIO access to registers (bsc#1199291,
- VMCI: dma dg: whitespace formatting change for vmci register
  defines (bsc#1199291, jsc#SLE-24635).
- commit 0e13b0d
- blacklist.conf: add commit 7acae6183cf3
  I blacklisted the wrong commit: instead of adding 7acae6183cf3, I added the
  commit that introduced the bug fixed by it (which isn't present in SLE15-SP4).
- commit 8ec5489
- net: mscc: ocelot: fix backwards compatibility with single-chain
  tc-flower offload (git-fixes).
- commit 5dd0ec2
- net: bcmgenet: skip invalid partial checksums (git-fixes).
- commit af8e915
- ice: Fix race condition during interface enslave (git-fixes).
- commit 873e269
- net: bcmgenet: Don't claim WOL when its not available
- commit a981d90
- net: marvell: prestera: Add missing of_node_put() in
  prestera_switch_set_base_mac_addr (git-fixes).
- commit 4aa2b33
- net: ethernet: lpc_eth: Handle error for clk_enable (git-fixes).
- commit b08b10f
- net: ethernet: ti: cpts: Handle error for clk_enable
- commit 549b785
- ice: Fix error with handling of bonding MTU (git-fixes).
- commit 03f6b8d
- ice: stop disabling VFs due to PF error responses (git-fixes).
- commit 13b5865
- ethernet: Fix error handling in xemaclite_of_probe (git-fixes).
- commit 1b69809
- net: dsa: mt7530: fix incorrect test in
  mt753x_phylink_validate() (git-fixes).
- commit 8344b36
- spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref
  for non DMA transfers (git-fixes).
- commit 2faff78
- i2c: cadence: Change large transfer count reset logic to be
  unconditional (git-fixes).
- i2c: mlxcpld: Fix register setting for 400KHz frequency
- gpio: gpio-xilinx: Fix integer overflow (git-fixes).
- gpio: pca953x: use the correct register address when regcache
  sync during init (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync
- gpio: pca953x: only use single read/write for No AI mode
- drm/imx/dcss: Add missing of_node_put() in fail path
- drm/ttm: fix locking in vmap/vunmap TTM GEM helpers (git-fixes).
- commit 7a76772
- Update kabi files: import symvers from MU 5.14.21-150400.24.11
- commit 5ac1ff2
- r8152: fix a WOL issue (git-fixes).
- docs: net: dsa: re-explain what port_fdb_dump actually does
- docs: net: dsa: delete port_mdb_dump (git-fixes).
- docs: net: dsa: remove port_vlan_dump (git-fixes).
- docs: net: dsa: document port_fast_age (git-fixes).
- docs: net: dsa: document port_setup and port_teardown
- docs: net: dsa: document the teardown method (git-fixes).
- docs: net: dsa: document change_tag_protocol (git-fixes).
- docs: net: dsa: add more info about the other arguments to
  get_tag_protocol (git-fixes).
- docs: net: dsa: rename tag_protocol to get_tag_protocol
- docs: net: dsa: document the shutdown behavior (git-fixes).
- docs: net: dsa: update probing documentation (git-fixes).
- Revert "/e1000e: Fix possible HW unit hang after an s0ix exit"/
- e1000e: Enable GPT clock before sending message to CSME
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- serial: 8250: fix return error code in
  serial8250_request_std_resource() (git-fixes).
- tty: serial: samsung_tty: set dma burst_size to 1 (git-fixes).
- drm/i915/gt: Serialize GRDOM access between multiple engine
  resets (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces
- pinctrl: aspeed: Fix potential NULL dereference in
  aspeed_pinmux_set_mux() (git-fixes).
- irqchip: or1k-pic: Undefine mask_ack for level triggered
  hardware (git-fixes).
- ASoC: madera: Fix event generation for rate controls
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
- ASoC: dapm: Initialise kcontrol data for mux/demux controls
- ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO
  error (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix GPIO related probe-ordering
  problem (git-fixes).
- ASoC: wcd938x: Fix event generation for some controls
- ASoC: SOF: Intel: hda-loader: Clarify the cl_dsp_init() flow
- ASoC: codecs: rt700/rt711/rt711-sdca: initialize workqueues
  in probe (git-fixes).
- ASoC: rt7*-sdw: harden jack_detect_handler (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (git-fixes).
- NFC: nxp-nci: don't print header length mismatch on i2c error
- platform/x86: hp-wmi: Ignore Sanitization Mode event
- virtio_mmio: Restore guest page size on resume (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- cpufreq: mediatek: Unregister platform device on exit
- cpufreq: mediatek: Use module_init and add module_exit
- drm/i915/dg2: Add Wa_22011100796 (git-fixes).
- drm/i915: Require the vm mutex for i915_vma_bind() (git-fixes).
- drm/i915/uc: correctly track uc_fw init failure (git-fixes).
- commit 4bd213d
- ARM: 9214/1: alignment: advance IT state after emulating Thumb
  instruction (git-fixes).
- ARM: 9213/1: Print message about disabled Spectre workarounds
  only once (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc221 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines
- ALSA: hda/realtek - Fix headset mic problem for a HP machine
  with alc671 (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
  model (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51
- ASoC: rt711: fix calibrate mutex initialization (git-fixes).
- ASoC: Intel: sof_sdw: handle errors on card registration
- ASoC: rt711-sdca-sdw: fix calibrate mutex initialization
- ASoC: Realtek/Maxim SoundWire codecs: disable pm_runtime on
  remove (git-fixes).
- ASoC: ops: Fix off by one in range control validation
- ALSA: usb-audio: Add quirk for Fiero SC-01 (fw v1.0.0)
- ALSA: usb-audio: Add quirk for Fiero SC-01 (git-fixes).
- ALSA: usb-audio: Add quirks for MacroSilicon MS2100/MS2106
  devices (git-fixes).
- ARM: dts: stm32: use the correct clock source for CEC on
  stm32mp151 (git-fixes).
- commit 65713d7
- Move upstreamed be2net patch into sorted section
- commit c55a187
- Drop doubly applied arm64 dts patch
  Delete patches.suse/arm64-dts-broadcom-bcm4908-Fix-timer-node-for-BCM4906-SoC.patch
- commit efd9176
- net: macb: Fix lost RX packet wakeup race in NAPI receive (git-fixes).
- commit eb2677a
- net: ipa: add an interconnect dependency (git-fixes).
- commit 94e475f
- net: stmmac: fix return value of __setup handler (git-fixes).
- commit 3c858ea
- net: sxgbe: fix return value of __setup handler (git-fixes).
- commit 723d359
- net: sparx5: Fix add vlan when invalid operation (git-fixes).
- commit 1d88b17
- net: chelsio: cxgb3: check the return value of
  pci_find_capability() (git-fixes).
- commit 74c8cc9
- net: mv643xx_eth: process retval from of_get_mac_address
- commit 810f895
- net: ll_temac: check the return value of devm_kmalloc()
- commit 093ee20
- net: dsa: lan9303: add VLAN IDs to master device (git-fixes).
- commit 13c2302
- Revert "/net: ethernet: bgmac: Use
  devm_platform_ioremap_resource_byname"/ (git-fixes).
- commit 411126e
- dpaa2-eth: Initialize mutex used in one step timestamping path
- commit b952b7a
- net: ieee802154: ca8210: Fix lifs/sifs periods (git-fixes).
- commit 7bd7001
- blacklist.conf: add ARCnet drivers
- commit 1614d85
- Sort patches from bsc#1201323
- commit 4165437
- Refresh
- commit c3b4451
- lockdown: Fix kexec lockdown bypass with ima policy
  (CVE-2022-21505 bsc#1201458).
- commit 5f6e1e5
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- commit e2263d4
- scsi: make sure that request queue queiesce and unquiesce
  balanced (bsc#1201651).
  - patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch
  - patches.kabi/kABI-fix-adding-field-to-scsi_device.patch
  - patches.suse/scsi-core-sd-Add-silence_suspend-flag-to-suppress-some-PM-messages.patch
- scsi: avoid to quiesce sdev->request_queue two times
- dm: don't stop request queue after the dm device is suspended
- commit 4dedd62
- kabi/severities: add intel ice
- commit 77a60f8
- Delete patches.suse/xhci-turn-off-port-power-in-shutdown.patch
  This patch leads to a failure to power off.
- commit f2d59c9
- i2c: smbus: Check for parent device before dereference
- net: dsa: mv88e6xxx: fix use-after-free in
  mv88e6xxx_mdios_unregister (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- commit c96154e
- net: dsa: mv88e6xxx: flush switchdev FDB workqueue before
  removing VLAN (git-fixes).
- commit c4e0776
- net: dsa: lan9303: fix reset on probe (git-fixes).
- commit 33805f1
- ice: Avoid RTNL lock when re-creating auxiliary device
- commit c168b96
- net: mscc: ocelot: fix mutex lock error during ethtool stats
  read (git-fixes).
- commit ceff3da
- dpaa2-eth: unregister the netdev before disconnecting from
  the PHY (git-fixes).
- commit c46c86b
- net: amd-xgbe: disable interrupts during pci removal
- commit c2f5c50
- net: mdio: aspeed: Add missing MODULE_DEVICE_TABLE (git-fixes).
- commit 1ebdd4d
- net: dsa: lantiq_gswip: don't use devres for mdiobus
- commit 93f4a90
- net: dsa: mt7530: fix kernel bug in mdiobus_free() when
  unbinding (git-fixes).
- commit 76cc859
- ethtool: Fix get module eeprom fallback (bsc#1201323).
- commit f5666fa
- nvme: wait until quiesce is done (bsc#1201651).
- blk-mq: add one API for waiting until quiesce is done
- commit d28bf38
- arm64: cpufeature: add HWCAP for FEAT_RPRES (git-fixes)
  Refresh patches.suse/0019-arm64-Use-the-clearbhb-instruction-in-mitigations.patch
- commit cbc315a
- arm64: cpufeature: add HWCAP for FEAT_AFP (git-fixes)
- commit b3a2425
- blk-mq: fix kabi support concurrent queue quiesce unquiesce
- commit def3ab7
- net: dsa: felix: don't use devres for mdiobus (git-fixes).
- commit a03978a
- net: dsa: bcm_sf2: don't use devres for mdiobus (git-fixes).
- commit 682abc6
- net: dsa: ar9331: register the mdiobus under devres (git-fixes).
- commit 6f8e329
- net: dsa: mv88e6xxx: don't use devres for mdiobus (git-fixes).
- commit 61ee304
- gve: Recording rx queue before sending to napi (git-fixes).
- commit 6edbff0
- ixgbevf: Require large buffers for build_skb on 82599VF
- commit 2479d47
- net: sparx5: Fix get_stat64 crash in tcpdump (git-fixes).
- commit ea855e1
- net: stmmac: ensure PTP time register reads are consistent
- commit 993d341
- net: macsec: Verify that send_sci is on when setting Tx sci
  explicitly (git-fixes).
- commit 3b02b3e
- net: macsec: Fix offload support for NETDEV_UNREGISTER event
- commit d048544
- net: stmmac: dump gmac4 DMA registers correctly (git-fixes).
- commit 741baff
- blk-mq: support concurrent queue quiesce/unquiesce
- nvme: loop: clear NVME_CTRL_ADMIN_Q_STOPPED after admin queue
  is reallocated (bsc#1201651).
- nvme: paring quiesce/unquiesce (bsc#1201651).
- nvme: prepare for pairing quiescing and unquiescing
- nvme: apply nvme API to quiesce/unquiesce admin queue
- nvme: add APIs for stopping/starting admin queue (bsc#1201651).
- commit 6f75240
- net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY
- commit c68ab05
- be2net: Fix buffer overflow in be_get_module_eeprom
- commit 46a7cc8
- net: stmmac: properly handle with runtime pm in
  stmmac_dvr_remove() (git-fixes).
- commit 904137a
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- commit fe79137
- Input: i8042 - Apply probe defer to more ASUS ZenBook models
- commit cf06848
- net: ieee802154: mcr20a: Fix lifs/sifs periods (git-fixes).
- commit 92bd067
- net: ieee802154: hwsim: Ensure proper channel selection at
  probe time (git-fixes).
- commit 7ae5bdc
- tun: fix bonding active backup with arp monitoring (git-fixes).
- commit cf865a3
- Update patch references for fbcon fixes (CVE-2021-33655 bsc#1201635)
- commit eb3d075
- supported.conf: rvu_mbox as supported (jsc#SLE-24682)
- commit f21578a
- blacklist.conf: Add memcg/rstat optimizations 11192d9c124d fd25a9e0e23b 5b3be698a872
- commit 932b7ef
- blacklist.conf: Add 26d5badbccdd signal: Implement force_fatal_sig
- commit 1fe0fd9
- nbd: fix possible overflow on 'first_minor' in nbd_dev_add()
- md: bcache: check the return value of kzalloc() in
  detached_dev_do_request() (git-fixes).
- commit e2af2db
- kABI workaround for snd-soc-rt5682-* (git-fixes).
- kabi/severities: ignore dropped symbol rt5682_headset_detect
- commit 5e19e6d
- net: stmmac: dwmac-visconti: No change to ETHER_CLOCK_SEL for
  unexpected speed request (git-fixes).
- commit 59356c4
- net: amd-xgbe: ensure to reset the tx_timer_active flag
- commit 3831453
- net: amd-xgbe: Fix skb data length underflow (git-fixes).
- commit 50d3988
- net: stmmac: skip only stmmac_ptp_register when resume from
  suspend (git-fixes).
- commit b59b0a9
- blacklist: added commit e1a4541ec0b9
- commit 7d0447e
- net: stmmac: configure PTP clock source prior to PTP
  initialization (git-fixes).
- commit 6cefa9d
- libceph: fix potential use-after-free on linger ping and resends
- ceph: fix up non-directory creation in SGID directories
- commit 8aa4851
- net: cpsw: Properly initialise struct page_pool_params
- commit d65aa35
- net: sfp: ignore disabled SFP node (git-fixes).
- commit 5b8ce08
- octeontx2-pf: Forward error codes to VF (git-fixes).
- commit 562327e
- octeontx2-af: cn10k: Do not enable RPM loopback for LPC
  interfaces (git-fixes).
- commit b549cad
- octeontx2-af: Do not fixup all VF action entries (git-fixes).
- commit dd1aa95
- net: stmmac: dwmac-visconti: Fix clock configuration for RMII
  mode (git-fixes).
- commit e3e3f07
- net: stmmac: dwmac-visconti: Fix bit definitions for
  ETHER_CLK_SEL (git-fixes).
- commit 1470b40
- net/fsl: xgmac_mdio: Fix incorrect iounmap when removing module
- commit f842d14
- net/fsl: xgmac_mdio: Add workaround for erratum A-009885
- commit 6cf1273
- net: mscc: ocelot: fix using match before it is set (git-fixes).
- commit 78b3f03
- net: cpsw: avoid alignment faults by taking NET_IP_ALIGN into
  account (git-fixes).
- commit cfa26bb
- net: axienet: increase default TX ring size to 128 (git-fixes).
- commit d910ea1
- net: axienet: fix for TX busy handling (git-fixes).
- commit 99e0d80
- net: axienet: fix number of TX ring slots for available check
- commit 0c7e435
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201593).
- fuse: make sure reclaim doesn't write the inode (bsc#1201592).
- commit 938aae2
- net: axienet: Fix TX ring slot available check (git-fixes).
- commit c151ff3
- net: axienet: limit minimum TX ring size (git-fixes).
- commit 13afdcb
- net: axienet: add missing memory barriers (git-fixes).
- commit d466816
- net: axienet: Wait for PhyRstCmplt after core reset (git-fixes).
- commit 7c11a1f
- net: axienet: increase reset timeout (git-fixes).
- commit 5cd6041
- net: sfp: fix high power modules without diagnostic monitoring
- commit 8a29229
- net: ethernet: mtk_eth_soc: fix error checking in
  mtk_mac_config() (git-fixes).
- commit 7d643fb
- bcmgenet: add WOL IRQ check (git-fixes).
- commit d56437b
- net: ipa: prevent concurrent replenish (git-fixes).
- commit 63abe4d
- net: ipa: use a bitmap for endpoint replenish_enabled
- commit 4d71717
- net: ipa: fix atomic update in ipa_endpoint_replenish()
- commit f58c0c8
- fsl/fman: Check for null pointer after calling devm_ioremap
- commit 2af3cae
- rocker: fix a sleeping in atomic bug (git-fixes).
- commit 75f1355
- kABI workaround for phy_device changes (git-fixes).
- commit 91e246e
- mm: swap: get rid of livelock in swapin readahead (git fixes
- mm: don't try to NUMA-migrate COW pages that have other uses
  (git fixes (mm/numa)).
- mm/large system hash: avoid possible NULL deref in
  alloc_large_system_hash (git fixes (mm/pgalloc)).
- mm/vmalloc: make sure to dump unpurged areas in
  /proc/vmallocinfo (git fixes (mm/vmalloc)).
- mm/vmalloc: repair warn_alloc()s in __vmalloc_area_node()
  (git fixes (mm/vmalloc)).
- kasan: fix tag for large allocations when using CONFIG_SLAB
  (git fixes (mm/kasan)).
- mm/vmalloc: fix numa spreading for large hash tables (git fixes
- mm/secretmem: avoid letting secretmem_users drop to zero
  (git fixes (mm/secretmem)).
- memcg: page_alloc: skip bulk allocator for __GFP_ACCOUNT
  (git fixes (mm/pgalloc)).
- commit 4d0f0a6
- Update patch metadata and move to sorted section
- commit 14b9fbe
- usbnet: fix memory leak in error case (git-fixes).
- commit 7372d17
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC (git-fixes)
- commit 9119799
- rpm/modules.fips: add ecdsa_generic (jsc#SLE-21132,bsc#1201258).
- commit 0d8f996
- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA transfer (git-fixes)
- commit 3250248
- crypto: testmgr - allow ecdsa-nist in FIPS mode
- commit d8e5343
- blacklist.conf: ffc95a46: CONFIG_SLAB not set in config
- commit d12fa0c
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- commit 3919bf9
- usb: typec: add missing uevent when partner support PD
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- vt: fix memory overlapping when deleting chars in the buffer
- wifi: mac80211_hwsim: set virtio device ready in probe()
- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
- sysctl: Fix data-races in proc_dou8vec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_doulongvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- commit 2f456a6
- serial: 8250: Fix PM usage_count for console handover
- serial: stm32: Clear prev values before setting RTS delays
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
- spi: amd: Limit max transfer and message size (git-fixes).
- reset: Fix devm bulk optional exclusive control getter
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- Revert "/serial: sc16is7xx: Clear RS485 bits in the shutdown"/
- serial: sc16is7xx: Clear RS485 bits in the shutdown (git-fixes).
- commit f48404b
- power/reset: arm-versatile: Fix refcount leak in
  versatile_reboot_probe (git-fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept
- misc: rtsx_usb: set return value in rsp_buf alloc err path
- r8169: fix accessing unset transport header (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
- net: phy: Don't trigger state machine while in suspend
- mt76: mt7921: get rid of mt7921_mac_set_beacon_filter
- commit 8948cad
- kABI workaround for rtsx_usb (git-fixes).
- commit ea7f901
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- ima: force signature verification when CONFIG_KEXEC_SIG is
  configured (git-fixes).
- ima: Fix a potential integer overflow in
  ima_appraise_measurement (git-fixes).
- ida: don't use BUG_ON() for debugging (git-fixes).
- misc: rtsx_usb: use separate command and response buffers
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
  transfer (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path
- i2c: piix4: Fix a memory leak in the EFCH MMIO support
- memregion: Fix memregion_free() fallback definition (git-fixes).
- Input: cpcap-pwrbutton - handle errors from platform_get_irq()
- commit 41d4678
- efi/x86: use naked RET on mixed mode call wrapper (git-fixes).
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fbcon: Prevent that screen size is smaller than font size
- fbcon: Disallow setting font bigger than screen size
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- hwmon: (occ) Prevent power cap command overwriting poll response
- dt-bindings: soc: qcom: smd-rpm: Fix missing MSM8936 compatible
- hwmon: (occ) Remove sequence numbering and checksum calculation
- dt-bindings: soc: qcom: smd-rpm: Add compatible for MSM8953 SoC
- commit 5a5128b
- drm/amd/display: Only use depth 36 bpp linebuffers on DCN
  display engines (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
- drm/i915/gvt: IS_ERR() vs NULL bug in
  intel_gvt_update_reg_whitelist() (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
- drm/panfrost: Put mapping instead of shmem obj on
  panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/i915: fix a possible refcount leak in
  intel_dp_add_mst_connector() (git-fixes).
- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
- dmaengine: pl330: Fix lockdep warning about non-static key
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
  correctly (git-fixes).
- dmaengine: qcom: bam_dma: fix runtime PM underflow (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series (git-fixes).
- drm/amd/display: Fix by adding FPU protection for
  dcn30_internal_validate_bw (git-fixes).
- drm/amd/vcn: fix an error msg on vcn 3.0 (git-fixes).
- drm/i915: Fix a race between vma / object destruction and
  unbinding (git-fixes).
- drm/mediatek: Detect CMDQ execution timeout (git-fixes).
- drm/mediatek: Remove the pointer of struct cmdq_client
- drm/mediatek: Use mailbox rx_callback instead of cmdq_task_cb
- drm/amd/display: Set min dcfclk if pipe count is 0 (git-fixes).
- commit d7feb0b
- dmaengine: ti: Add missing put_device in
  ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
  broken CRC on TBC register (git-fixes).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
  handling for mcp2517fd (git-fixes).
- can: m_can: m_can_chip_config(): actually enable internal
  timestamping (git-fixes).
- can: grcan: grcan_probe(): remove extra of_node_get()
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- Revert "/can: xilinx_can: Limit CANFD brp to 2"/ (git-fixes).
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
- batman-adv: Use netif_rx() (git-fixes).
- commit ee36772
- ASoC: Intel: Skylake: Correct the handling of fmt_config
  flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
  skl_get_ssp_clks() (git-fixes).
- ASoC: tas2764: Fix amp gain register offset & default
- ASoC: tas2764: Correct playback volume range (git-fixes).
- ASoC: tas2764: Fix and extend FSYNC polarity handling
- ASoC: tas2764: Add post reset delays (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
  .set_jack_detect (git-fixes).
- ASoC: rt711-sdca: Add endianness flag in
  snd_soc_component_driver (git-fixes).
- commit 46eda4a
- arm64: Add HWCAP for self-synchronising virtual counter (git-fixes)
- commit e9387c5
- ASoC: rt5682: Fix deadlock on resume (git-fixes).
- Refresh
- commit b58000f
- ASoC: rt5682: Re-detect the combo jack after resuming
- Refresh
- commit e602e5e
- arm64: dts: broadcom: bcm4908: Fix cpu node for smp boot
- arm64: dts: broadcom: bcm4908: Fix timer node for BCM4906 SoC
- ARM: dts: imx6qdl-ts7970: Fix ngpio typo and count (git-fixes).
- arm64: dts: rockchip: Assign RK3399 VDU clock rate (git-fixes).
- ASoC: rt711: Add endianness flag in snd_soc_component_driver
- ASoC: rt5682: fix an incorrect NULL check on list iterator
- ASoC: rt5682: Avoid the unexpected IRQ event during going to
  suspend (git-fixes).
- ASoC: rt5682: move clk related code to rt5682_i2c_probe
- commit 9f44c25
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero
- ARM: dts: at91: sama5d2: Fix typo in i2s1 node (git-fixes).
- ACPI: video: Fix acpi_video_handles_brightness_key_presses()
- ARM: 9210/1: Mark the FDT_FIXED sections as shareable
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU
  comes out of idle (git-fixes).
- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
- commit 72aed94
- Move upstreamed netfilter and tty patches to sorted section
- commit 9d5e117
- x86/bugs: Remove apostrophe typo (bsc#1190497).
- commit 0e5e638
- Sort in RETbleed backport into the sorted section
  Now that it is upstream...
- Refresh
- Refresh
- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
- Refresh
- Refresh
- Refresh
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh
- Refresh
- Refresh patches.suse/objtool-Update-Retpoline-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
- Refresh
- Refresh
- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
- Refresh
- Refresh
- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh patches.suse/x86-kvm-vmx-Make-noinstr-clean.patch.
- Refresh patches.suse/x86-objtool-Create-.return_sites.patch.
- Refresh patches.suse/x86-retpoline-Cleanup-some-ifdefery.patch.
- Refresh
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
- commit cc67fa3
- kABI: fix adding field to ufs_hba  (git-fixes).
- kABI: fix adding field to scsi_device (git-fixes).
- scsi: iscsi: Exclude zero from the endpoint ID range
- scsi: scsi_debug: Fix zone transition to full condition
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- drbd: fix potential silent data corruption (git-fixes).
- scsi: ufs: core: scsi_get_lba() error fix (git-fixes).
- scsi: ufs: Fix runtime PM messages never-ending cycle
- scsi: core: sd: Add silence_suspend flag to suppress some PM
  messages (git-fixes).
- scsi: ufs: Fix a deadlock in the error handler (git-fixes).
- scsi: ufs: Remove dead code (git-fixes).
- scsi: scsi_debug: Sanity check block descriptor length in
  resp_mode_select() (git-fixes).
- scsi: scsi_debug: Fix type in min_t to avoid stack OOB
- scsi: scsi_debug: Don't call kcalloc() if size arg is zero
- scsi: sd: Fix sd_do_mode_sense() buffer length handling
- scsi: lpfc: Fix mailbox command failure during driver
  initialization (git-fixes).
- commit fb67102
- perf/amd/ibs: Advertise zen4_ibs_extensions as pmu capability
  attribute (jsc#SLE-24578).
- commit 9992992
- perf/amd/ibs: Add support for L3 miss filtering (jsc#SLE-24578).
- commit 3de312d
- perf/amd/ibs: Use ->is_visible callback for dynamic attributes
- commit 1a42a36
- perf/amd/ibs: Cascade pmu init functions' return value
- commit 82fef3c
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- crypto: qat - set CIPHER capability for DH895XCC (git-fixes).
- commit 3585cf1
- kabi/severities: add stmmac network driver local symbols
- commit 832dcf3
- ppp: ensure minimum packet size in ppp_write() (git-fixes).
- commit 1871bcf
- veth: Do not record rx queue hint in veth_xmit (git-fixes).
- commit 4e81b53
- net: ethernet: mtk_eth_soc: fix return values and refactor
  MDIO ops (git-fixes).
- commit 89745b1
- net: stmmac: Add platform level debug register dump feature
- commit 1f1e295
- fsl/fman: Fix missing put_device() call in fman_port_probe
- commit 1ea5bd4
- net: lantiq_xrx200: fix statistics of received bytes
- commit 21661cb
- net: ag71xx: Fix a potential double free in error handling paths
- commit bdd4068
- net: stmmac: dwmac-visconti: Fix value of
  ETHER_CLK_SEL_FREQ_SEL_2P5M (git-fixes).
- commit 100c8d7
- net: stmmac: ptp: fix potentially overflowing expression
- commit c8a3960
- veth: ensure skb entering GRO are not cloned (git-fixes).
- commit de7c3ec
- net: ks8851: Check for error irq (git-fixes).
- commit c6aa897
- drivers: net: smc911x: Check for error irq (git-fixes).
- commit 76302d7
- fjes: Check for error irq (git-fixes).
- commit 3518c05
- net: marvell: prestera: fix incorrect return of port_find
- commit caea254
- net: systemport: Add global locking for descriptor lifecycle
- commit ca205ab
- net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup
- commit d928a50
- net: stmmac: fix tc flower deletion for VLAN priority Rx
  steering (git-fixes).
- commit c13727a
- netdevsim: don't overwrite read only ethtool parms (git-fixes).
- commit e49332e
- nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
- commit 14806b1
- net: mvpp2: fix XDP rx queues registering (git-fixes).
- commit 785d73e
- net: fec: only clear interrupt of handling queue in
  fec_enet_rx_queue() (git-fixes).
- commit e300fac
- net/qla3xxx: fix an error code in ql_adapter_up() (git-fixes).
- commit 1aeafc7
- qede: validate non LSO skb length (git-fixes).
- commit a6a6f45
- net: altera: set a couple error code in probe() (git-fixes).
- commit 4b6f9c2
- net: bcm4908: Handle dma_set_coherent_mask error codes
- commit 57e402c
- net: annotate data-races on txq->xmit_lock_owner (git-fixes).
- commit 823f883
- octeontx2-af: Fix a memleak bug in rvu_mbox_init() (git-fixes).
- commit ab94872
- vrf: Reset IPCB/IP6CB when processing outbound pkts in vrf
  dev xmit (git-fixes).
- commit eb079a6
- natsemi: xtensa: fix section mismatch warnings (git-fixes).
- commit dbb5264
- dpaa2-eth: destroy workqueue at the end of remove function
- commit 1aeeaf7
- net: marvell: mvpp2: Fix the computation of shared CPUs
- commit f25bb21
- Remove Half duplex mode speed capabilities (git-fixes).
- commit 92878dd
- net: stmmac: Avoid DMA_CHAN_CONTROL write if no Split Header
  support (git-fixes).
- commit de8c06a
- net: stmmac: retain PTP clock time during SIOCSHWTSTAMP ioctls
- commit a6567bd
- net: phylink: Force retrigger in case of latched link-fail
  indicator (git-fixes).
- commit 6d547bd
- net: phylink: Force link down and retrigger resolve on interface
  change (git-fixes).
- commit 4e89e84
- gpio: tegra186: Add IRQ per bank for Tegra241 (jsc#SLE-24571)
- commit 6cf809d
- gpio: tegra186: Add support for Tegra241 (jsc#SLE-24571)
- commit f025bf7
- dt-bindings: gpio: Add Tegra241 support (jsc#SLE-24571)
- commit f8d4262
- spi: tegra210-quad: combined sequence mode (jsc#SLE-24570)
- commit e187f9a
- spi: tegra210-quad: add new chips to compatible (jsc#SLE-24570)
- commit f0be9d3
- spi: tegra210-quad: add acpi support (jsc#SLE-24570)
- commit 55e4b0b
- spi: tegra210-quad: use devm call for cdata memory (jsc#SLE-24570)
- commit 45eae59
- spi: tegra210-quad: use device_reset method (jsc#SLE-24570)
- commit 3f5e1a3
- spi: Add Tegra234 QUAD SPI compatible (jsc#SLE-24570)
- commit 58f5e5f
- i2c: tegra: use i2c_timings for bus clock freq (jsc#SLE-24569)
- commit 47fa6c7
- i2c: tegra: Add the ACPI support (jsc#SLE-24569)
- commit d323c6e
- i2c: tegra: Add SMBus block read function (jsc#SLE-24569)
- commit 3dd00f6
- i2c: smbus: Use device_*() functions instead of of_*() (jsc#SLE-24569)
- commit 3c0a341
- docs: firmware-guide: ACPI: Add named interrupt doc (jsc#SLE-24569)
- commit 6cd5dd2
- device property: Add fwnode_irq_get_byname (jsc#SLE-24569)
- commit cd979cf
- crypto: octeontx2 - fix missing unlock (jsc#SLE-24682).
- hwrng: cavium - fix NULL but dereferenced coccicheck error
- crypto: octeontx2 - add synchronization between mailbox accesses
- crypto: octeontx2 - increase CPT HW instruction queue length
- crypto: octeontx2 - CN10K CPT to RNM workaround (jsc#SLE-24682).
- crypto: octeontx2 - select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- arm64: Add cavium_erratum_23154_cpus missing sentinel
- irqchip/gic-v3: Workaround Marvell erratum 38545 when reading
  IAR (jsc#SLE-24682).
- crypto: octeontx2 - Avoid stack variable overflow
- crypto: octeontx2 - out of bounds access in
  otx2_cpt_dl_custom_egrp_delete() (jsc#SLE-24682).
- crypto: octeontx2 - Use swap() instead of swap_engines()
- crypto: octeontx2 - parameters for custom engine groups
- crypto: octeontx2 - add apis for custom engine groups
- crypto: octeontx2 - use swap() to make code cleaner
- commit e64c29a
- crypto: hisilicon/qm - modify the uacce mode check (bsc#1201391).
- commit 755232f
- supported.conf: mark marvell octeontx2 crypto driver as supported (jsc#SLE-24682)
  Mark rvu_cptpf.ko and rvu_cptvf.ko as supported.
- commit 2c9f726
- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
- commit 0702138
- kABI: i2c: smbus: restore of_ alert variant (jsc#SLE-24569).
  kABI fix for "/i2c: smbus: Use device_*() functions instead of of_*()"/
- commit d0b5048
- Add ldb-memory-bug-15096-4.15-ldbonly.patch to backport all
  changes for ldb-2.4.4.
  + CVE-2022-32745: samba: ldb: AD users can crash the server
    process with an LDAP add or modify request; (bso#15008);
    (bso#15096); (bsc#1201492).
  + CVE-2022-2031: samba, ldb: AD users can bypass certain
    restrictions associated with changing passwords; (bso#15047);
  + CVE-2022-32744: samba, ldb: AD users can forge password change
    requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to version 2.4.3
  + Fix build problems, waf produces incorrect names for python
    extensions; (bso#15071);
- Update to 2.9.14:
  * Security:
    + [CVE-2022-29824] Integer overflow in xmlBuf and xmlBuffer
    + Fix potential double-free in xmlXPtrStringRangeFunction
    + Fix memory leak in xmlFindCharEncodingHandler
    + Normalize XPath strings in-place
    + Prevent integer-overflow in htmlSkipBlankChars() and
    + Fix leak of xmlElementContent
  * Bug fixes:
    + Fix parsing of subtracted regex character classes
    + Fix recursion check in xinclude.c
    + Reset last error in xmlCleanupGlobals
    + Fix certain combinations of regex range quantifiers
    + Fix range quantifier on subregex
  * Improvements:
    + Fix recovery from invalid HTML start tags
  * Build system, portability:
    + Define LFS macros before including system headers
    + Initialize XPath floating-point globals
    + configure: check for icu DEFS
    + produce tar.xz only (GNOME policy)
    + CMakeLists.txt: Fix LIBXML_VERSION_NUMBER
    + Fix build with older Python versions
    + Fix --without-valid build
- Build python bindings in a 2nd run, using multibuild: otherwise,
  libxml2 requires pkgconfig(libxml-2.0) to build, causing issues
  to bootstrap.
- Update to version 2.9.13:
  * Security fixes:
    + [CVE-2022-23308] Use-after-free of ID and IDREF attributes
    + Several memory leaks and another issues.
  * Many regressions fixes.
  * Numerous bug fixes, including, among many others:
    + xmllint's --maxmem option should work as expected now;
    + xmllint now returns an error if arguments are missing.
  * Numerous tests and code and fuzzing fixes and improvements.
  * Updated documentation.
- The full Libxml2 2.9.13 NEWS can be found here:
- Replace version-release macros in all 3 Obsoletes tag with
  plain 2.9.13 to avoid unwanted behaviors in the future.
- Remove dropped upstream AUTHORS file from list of files to be
  installed in the documentation location with 'cp' command.
- Update URL tag to Libxml2's new web home:
- Update Source tag to Libxml2's new download
- Drop deprecated Python-2-related macro definitions/conditional
  statement from spec file.
- Drop merged upstream patches:
- Drop libxml2.keyring source file as the new download host doesn't
  offer GPG signatures.
- Use ldconfig_scriptlets macro for post(un) handling.
  * Fix CVE-2021-3541, CVE-2021-3537 (bsc#1185698, bsc#1185879),
    CVE-2021-3518, CVE-2021-3517, CVE-2021-3516, CVE-2020-7595,
    CVE-2019-20388, CVE-2020-24977, and CVE-2019-19956 (bsc#1159928)
- Security fix: [bsc#1185698, CVE-2021-3537]
    decompression (boo#1088279 boo#1105166).
- appdata plugin: Pass path to the repodata/ directory inside the
  cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending
- version 17.30.2 (22)
- PluginRepoverification: initial version hooked into
  repo::Downloader and repo refresh.
- Immediately start monitoring the download.transfer_timeout.
  Do not wait until the first data arrived. (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only.
- Work around cases where sat repo.start points to an invalid
  solvable.  May happen if (wrong arch) solvables were removed
  at the  beginning of the repo.
  (fixes #388)
- version 17.30.1 (22)
- update to version 4.34
  * add an API that returns a preferred loopback IP on hosts that
    have two IP stacks available.
- update to 4.33:
  * fixes to build system and export of private symbols
- Update nss-fips-constructor-self-tests.patch to add on-demand
  integrity tests through sftk_FIPSRepeatIntegrityCheck()
- Update nss-fips-approved-crypto-non-ec.patch to mark algorithms
  as approved/non-approved according to security policy
  (bsc#1191546, bsc#1201298).
- Update nss-fips-approved-crypto-non-ec.patch to remove hard
  disabling of unapproved algorithms. This requirement is now
  fulfilled by the service level indicator (bsc#1200325).
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
  the workaround in FIPS mode (bsc#1200325).
- Remove nss-fips-tests-skip.patch. This is no longer needed since
  we removed the code to short-circuit broken hashes and moved to
  using the SLI.
- Remove upstreamed patches:
  * nss-fips-version-indicators.patch
  * nss-fips-tests-pin-paypalee-cert.patch
- update to NSS 3.79
  - bmo#205717 - Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
  - bmo#1766907 - Update mercurial in clang-format docker image.
  - bmo#1454072 - Use of uninitialized pointer in lg_init after alloc fail.
  - bmo#1769295 - selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
  - bmo#1753315 - Add SECMOD_LockedModuleHasRemovableSlots.
  - bmo#1387919 - Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
  - bmo#1765753 - Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat extension alerts.
  - bmo#1765753 - TLS 1.3 Server: Send protocol_version alert on unsupported ClientHello.legacy_version.
  - bmo#1764788 - Correct invalid record inner and outer content type alerts.
  - bmo#1757075 - NSS does not properly import or export pkcs12 files with large passwords and pkcs5v2 encoding.
  - bmo#1766978 - improve error handling after nssCKFWInstance_CreateObjectHandle.
  - bmo#1767590 - Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
  - bmo#1769302 - NSS 3.79 should depend on NSPR 4.34
- update to NSS 3.78.1
  * bmo#1767590 - Initialize pointers passed to
- update to NSS 3.78
    bmo#1755264 - Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length record/fragment handling tests.
    bmo#1294978 - Reworked overlong record size checks and added TLS1.3 specific boundaries.
    bmo#1763120 - Add ECH Grease Support to tstclnt
    bmo#1765003 - Add a strict variant of moz::pkix::CheckCertHostname.
    bmo#1166338 - Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
    bmo#1760813 - Make SEC_PKCS12EnableCipher succeed
    bmo#1762489 - Update zlib in NSS to 1.2.12.
- update to NSS 3.77
  * Bug 1762244 - resolve mpitests build failure on Windows.
  * bmo#1761779 - Fix link to TLS page on wireshark wiki
  * bmo#1754890 - Add two D-TRUST 2020 root certificates.
  * bmo#1751298 - Add Telia Root CA v2 root certificate.
  * bmo#1751305 - Remove expired explicitly distrusted certificates
    from certdata.txt.
  * bmo#1005084 - support specific RSA-PSS parameters in mozilla::pkix
  * bmo#1753535 - Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
  * bmo#1756271 - Remove token member from NSSSlot struct.
  * bmo#1602379 - Provide secure variants of mpp_pprime and mpp_make_prime.
  * bmo#1757279 - Support UTF-8 library path in the module spec string.
  * bmo#1396616 - Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
  * bmo#1760827 - Add a CI Target for gcc-11.
  * bmo#1760828 - Change to makefiles for gcc-4.8.
  * bmo#1741688 - Update googletest to 1.11.0
  * bmo#1759525 - Add SetTls13GreaseEchSize to experimental API.
  * bmo#1755264 - TLS 1.3 Illegal legacy_version handling/alerts.
  * bmo#1755904 - Fix calculation of ECH HRR Transcript.
  * bmo#1758741 - Allow ld path to be set as environment variable.
  * bmo#1760653 - Ensure we don't read uninitialized memory in ssl gtests.
  * bmo#1758478 - Fix DataBuffer Move Assignment.
  * bmo#1552254 - internal_error alert on Certificate Request with
    sha1+ecdsa in TLS 1.3
  * bmo#1755092 - rework signature verification in mozilla::pkix
- Require nss-util in nss.pc and subsequently remove -lnssutil3
- update to NSS 3.76.1
  NSS 3.76.1
  * bmo#1756271 - Remove token member from NSSSlot struct.
  NSS 3.76
  * bmo#1755555 - Hold tokensLock through nssToken_GetSlot calls in
  * bmo#1370866 - Check return value of PK11Slot_GetNSSToken.
  * bmo#1747957 - Use Wycheproof JSON for RSASSA-PSS
  * bmo#1679803 - Add SHA256 fingerprint comments to old
    certdata.txt entries.
  * bmo#1753505 - Avoid truncating files in
  * bmo#1751157 - Throw illegal_parameter alert for illegal extensions
    in handshake message.
- Add nss-util pkgconfig and config files (copied from RH/Fedora)
- update to NSS 3.75
  * bmo#1749030 - This patch adds gcc-9 and gcc-10 to the CI.
  * bmo#1749794 - Make compatible with python3.
  * bmo#1749475 - Avoid undefined shift in SSL_CERT_IS while fuzzing.
  * bmo#1748386 - Remove redundant key type check.
  * bmo#1749869 - Update ABI expectations to match ECH changes.
  * bmo#1748386 - Enable CKM_CHACHA20.
  * bmo#1747327 - check return on NSS_NoDB_Init and NSS_Shutdown.
  * bmo#1747310 - real move assignment operator.
  * bmo#1748245 - Run ECDSA test vectors from bltest as part of the CI tests.
  * bmo#1743302 - Add ECDSA test vectors to the bltest command line tool.
  * bmo#1747772 - Allow to build using clang's integrated assembler.
  * bmo#1321398 - Allow to override python for the build.
  * bmo#1747317 - test HKDF output rather than input.
  * bmo#1747316 - Use ASSERT macros to end failed tests early.
  * bmo#1747310 - move assignment operator for DataBuffer.
  * bmo#1712879 - Add test cases for ECH compression and unexpected
    extensions in SH.
  * bmo#1725938 - Update tests for ECH-13.
  * bmo#1725938 - Tidy up error handling.
  * bmo#1728281 - Add tests for ECH HRR Changes.
  * bmo#1728281 - Server only sends GREASE HRR extension if enabled
    by preference.
  * bmo#1725938 - Update generation of the Associated Data for ECH-13.
  * bmo#1712879 - When ECH is accepted, reject extensions which were
    only advertised in the Outer Client Hello.
  * bmo#1712879 - Allow for compressed, non-contiguous, extensions.
  * bmo#1712879 - Scramble the PSK extension in CHOuter.
  * bmo#1712647 - Split custom extension handling for ECH.
  * bmo#1728281 - Add ECH-13 HRR Handling.
  * bmo#1677181 - Client side ECH padding.
  * bmo#1725938 - Stricter ClientHelloInner Decompression.
  * bmo#1725938 - Remove ECH_inner extension, use new enum format.
  * bmo#1725938 - Update the version number for ECH-13 and adjust
    the ECHConfig size.
- update to NSS 3.74
  * bmo#966856 - mozilla::pkix: support SHA-2 hashes in CertIDs in
    OCSP responses
  * bmo#1553612 - Ensure clients offer consistent ciphersuites after HRR
  * bmo#1721426 - NSS does not properly restrict server keys based on policy
  * bmo#1733003 - Set nssckbi version number to 2.54
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R4 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R3 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R2 root certificate
  * bmo#1735407 - Replace Google Trust Services LLC (GTS) R1 root certificate
  * bmo#1735407 - Replace GlobalSign ECC Root CA R4
  * bmo#1733560 - Remove Expired Root Certificates - DST Root CA X3
  * bmo#1740807 - Remove Expiring Cybertrust Global Root and GlobalSign root
  * bmo#1741930 - Add renewed Autoridad de Certificacion Firmaprofesional
    CIF A62634068 root certificate
  * bmo#1740095 - Add iTrusChina ECC root certificate
  * bmo#1740095 - Add iTrusChina RSA root certificate
  * bmo#1738805 - Add ISRG Root X2 root certificate
  * bmo#1733012 - Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
  * bmo#1738028 - Avoid a clang 13 unused variable warning in opt build
  * bmo#1735028 - Check for missing signedData field
  * bmo#1737470 - Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
- update to NSS 3.73.1:
  * Add SHA-2 support to mozilla::pkix's OSCP implementation
- update to NSS 3.73
  * bmo#1735028 - check for missing signedData field.
  * bmo#1737470 - Ensure DER encoded signatures are within size limits.
  * bmo#1729550 - NSS needs FiPS 140-3 version indicators.
  * bmo#1692132 - pkix_CacheCert_Lookup doesn't return cached certs
  * bmo#1738600 - sunset Coverity from NSS
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- update to NSS 3.72
  * Remove newline at the end of coreconf.dep
  * bmo#1731911 - Fix nsinstall parallel failure.
  * bmo#1729930 - Increase KDF cache size to mitigate perf
    regression in about:logins
- update to NSS 3.71
  * bmo#1717716 - Set nssckbi version number to 2.52.
  * bmo#1667000 - Respect server requirements of tlsfuzzer/
  * bmo#1373716 - Import of PKCS#12 files with Camellia encryption is not supported
  * bmo#1717707 - Add HARICA Client ECC Root CA 2021.
  * bmo#1717707 - Add HARICA Client RSA Root CA 2021.
  * bmo#1717707 - Add HARICA TLS ECC Root CA 2021.
  * bmo#1717707 - Add HARICA TLS RSA Root CA 2021.
  * bmo#1728394 - Add TunTrust Root CA certificate to NSS.
- update to NSS 3.70
  * bmo#1726022 - Update test case to verify fix.
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectStreamTls13.EchOuterWith12Max
  * bmo#1714579 - Explicitly disable downgrade check in TlsConnectTest.DisableFalseStartOnFallback
  * bmo#1681975 - Avoid using a lookup table in nssb64d.
  * bmo#1724629 - Use HW accelerated SHA2 on AArch64 Big Endian.
  * bmo#1714579 - Change default value of enableHelloDowngradeCheck to true.
  * bmo#1726022 - Cache additional PBE entries.
  * bmo#1709750 - Read HPKE vectors from official JSON.
- Update to NSS 3.69.1
  * bmo#1722613 (Backout) - Disable DTLS 1.0 and 1.1 by default
  * bmo#1720226 (Backout) - integrity checks in key4.db not happening
    on private components with AES_CBC
  NSS 3.69
  * bmo#1722613 - Disable DTLS 1.0 and 1.1 by default (backed out again)
  * bmo#1720226 - integrity checks in key4.db not happening on private
    components with AES_CBC (backed out again)
  * bmo#1720235 - SSL handling of signature algorithms ignores
    environmental invalid algorithms.
  * bmo#1721476 - sqlite 3.34 changed it's open semantics, causing
    nss failures.
    (removed obsolete nss-btrfs-sqlite.patch)
  * bmo#1720230 - Gtest update changed the gtest reports, losing gtest
    details in reports.
  * bmo#1720228 - NSS incorrectly accepting 1536 bit DH primes in FIPS mode
  * bmo#1720232 - SQLite calls could timeout in starvation situations.
  * bmo#1720225 - Coverity/cpp scanner errors found in nss 3.67
  * bmo#1709817 - Import the NSS documentation from MDN in nss/doc.
  * bmo#1720227 - NSS using a tempdir to measure sql performance not active
- add nss-fips-stricter-dh.patch
- updated existing patches with latest SLE
- Mozilla NSS 3.68.4 (bsc#1200027)
  * Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- Update nss-fips-constructor-self-tests.patch to scan
  LD_LIBRARY_PATH for external libraries to be checksummed.
- Run test suite at build time, and make it pass (bsc#1198486).
  Based on work by Marcus Meissner.
- Add nss-fips-tests-skip.patch to skip algorithms that are hard
  disabled in FIPS mode.
- Add nss-fips-tests-pin-paypalee-cert.patch to prevent expired
  PayPalEE cert from failing the tests.
- Add nss-fips-tests-enable-fips.patch, which enables FIPS during
  test certificate creation and disables the library checksum
  validation during same.
- Update nss-fips-constructor-self-tests.patch to allow
  checksumming to be disabled, but only if we entered FIPS mode
  due to NSS_FIPS being set, not if it came from /proc.
- Add patch ncurses-bnc1198627.patch
  * Fix bsc#1198627: CVE-2022-29458: ncurses: segfaulting OOB read
- Strictly require OpenJDK 11 (bsc#1202142)
- Added pcre2-bsc1199235-CVE-2022-1587.patch
  * CVE-2022-1587 / bsc#1199235
  * Fix out-of-bounds read due to bug in recursions
  * Sourced from:
  * postfix: add postlog setgid for maildrop binary (bsc#1201385)
- Update to version 20201225:
  * apptainer: fix starter-suid location (bsc#1198720)
- Update to version 20201225:
  * static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
- Update to version 20201225:
- Fix the pg_server_requires macro on older rpm versions (SLE-12).
- Avoid a dependency on awk in postgresql-script.
- Move the dependency of llvmjit-devel on clang and llvm to the
  implementation packages where we can depend on the correct
- fix postgresql_has_llvm usage
- First round of changes to make it easier to build extensions for
  - add postgresql-llvmjit-devel subpackage:
    This package will pull in clang and llvm if the distro has a
    recent enough version, otherwise it will just pull
  - add postgresql macros to the postgresql-server-devel package
    those cover all the variables from pg_config and some macros
    to remove repitition from the spec files
- Bump version to 14.
- Bump default to 14 on Factory and future SPs.
- Address arbitrary File Write Vulnerability CVE-2022-26520
  * Add: CVE-2022-26520.patch
- update CVE-2020-25657-Bleichenbacher-attack.patch to actually
  contain the fix rather than just being empty (CVE-2020-25657,
- Add CVE-2020-25657-Bleichenbacher-attack.patch (CVE-2020-25657,
  bsc#1178829), which mitigates the Bleichenbacher timing attacks
  in the RSA decryption API.
- Add python-M2Crypto.keyring to verify GPG signature of tarball.
- Update in SLE-15 (bsc#1195916, bsc#1196696, jsc#PM-3356, jsc#SLE-23972)
- Drop CVE-2020-29651.patch, issue fixed upstream in 1.10.0
- Update to 1.10.0
  * Fix a regular expression DoS vulnerability in the py.path.svnwc
    SVN blame functionality (CVE-2020-29651)
- Devendor apipkg and iniconfig
- Add pr_222.patch to activate test suite
- Update to 1.9.0
  * Add type annotation stubs
- Security fix: [bsc#1201840, CVE-2022-29154]
  * arbitrary file write vulnerability via do_server_recv function
  * Added patch rsync-rsync-CVE-2022-29154.patch
- CVE-2022-32746: samba: Use-after-free occurring in database
  audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
  process with an LDAP add or modify request; (bso#15008);
  (bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
  restrictions associated with changing passwords; (bso#15047);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
  SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
- CVE-2022-32744: samba, ldb: AD users can forge password change
  requests for any user; (bso#15074); (bso#15047); (bsc#1201493).
- Update to 4.15.8
  * Use pathref fd instead of io fd in vfs_default_durable_cookie;
  * Setting fruit:resource = stream in vfs_fruit causes a panic;
  * Add support for bind 9.18; (bso#14986);
  * logging dsdb audit to specific files does not work; (bso#15076);
  * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
    file had been deleted; (bso#15069);
  * netgroups support removed; (bso#15087); (bsc#1199247);
  * net ads info shows LDAP Server: depending on contacted
    server; (bso#14674); (bsc#1199734);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * smbclient commands del & deltree fail with
    NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
  * vfs_gpfs recalls=no option prevents listing files; (bso#15055);
  * waf produces incorrect names for python extensions with Python
    3.11; (bso#15071);
  * Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
  * ldconfig: /lib64/ is not a symbolic link;
  * smbd doesn't handle UPNs for looking up names; (bso#15054);
  * Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
  samba-client-libs and remove samba-libs requirement from
  samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
  (bsc#1196224); (bso#14979);
- Fix  smbclient commands del & deltree failing with
- enable ignition-delete-config by default (bsc#1199524)
- Modify branding-preset-states to fix systemd-presets-common-SUSE
  not enabling new user systemd service preset configuration just
  as it handles system service presets. By passing an (optional)
  second parameter "/user"/, the save/apply-changes commands now
  work with user services instead of system ones (boo#1200485)
- Add the wireplumber user service preset to enable it by default
  in SLE15-SP4 where it replaced pipewire-media-session, but keep
  pipewire-media-session preset so we don't have to branch the
  systemd-presets-common-SUSE package for SP4 (boo#1200485)
- bsc1200657.patch was previously incomplete leading to deadlocks
  * bsc#1202436
  * bsc1200657.patch updated
- Fix race condition while creating intermediate subdirectories,
  * bsc1200657.patch
- Added --disable-pvshim when running configure in xen.spec.
  We have never shipped the shim and don't need to build it.
- bsc#1199965 - VUL-0: CVE-2022-26362: xen: Race condition
  in typeref acquisition
- bsc#1199966 - VUL-0: CVE-2022-26363,CVE-2022-26364: xen:
  Insufficient care with non-coherent mappings
- bsc#1200549 VUL-0: CVE-2022-21123,CVE-2022-21125,CVE-2022-21166:
  xen: x86: MMIO Stale Data vulnerabilities (XSA-404)
- bsc#1201469 - VUL-0: CVE-2022-23816,CVE-2022-23825,CVE-2022-29900:
  xen: retbleed - arbitrary speculative code execution with return
  instructions (XSA-407)
- Upstream bug fixes (bsc#1027519)
- Drop patches replaced by upstream versions
- bsc#1201394 - VUL-0: CVE-2022-33745: xen: insufficient TLB flush
  for x86 PV guests in shadow mode (XSA-408)
- Fix gcc13 compilation error
- Moved logrotate files from user specific directory /etc/logrotate.d
  to vendor specific directory /usr/etc/logrotate.d.
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol
  from the old ABI to prevent ABI breakage and crash of
  applications compiled with 0.6.1 (bsc#1200624, bsc#1178332,
  bsc#1178331, bsc#1160171, yaml-cpp-abi-breakage.patch).
- Basic JobReport for "/cmdout/monitor"/.
- versioncmp: if verbose, also print the edition 'parts' which are
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally (fixes #433)
- Honor the NO_COLOR environment variable when auto-detecting
  whether to use color (fixes #432)
- Define table columns which should be sorted natural [case
  insensitive] (fixes #391, closes #396, fixes #424)
- lr/ls: Use highlight color on name and alias as well.
- version 1.14.53