- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch curl-CVE-2023-27534-dynbuf.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch
- Security Fix: [bsc#1207992, CVE-2023-23916]
  * HTTP multi-header compression denial of service
  * Add curl-CVE-2023-23916.patch
- Fix IO lock contention, causing timeouts; (fdo#102839);
  Add fix-upstream-fdo102839-io-lock-contention.patch
- Fix IO lock contention, causing timeouts; (fdo#102839);
  Add fix-upstream-fdo102839-io-lock-contention.patch
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch
- Make linuxefi default command as linux (bsc#1176134) (bsc#1202838)
  * 0001-Fix-symbols-appearing-in-several-modules-in-linux.patch
  * 0002-linux-fixup.patch
  * 0003-cmdline-Provide-cmdline-functions-as-module.patch
  * 0004-efi-linux-provide-linux-command.patch
- scsi: qla2xxx: Synchronize the IOCB count to be in order
  (bsc#1209292 bsc#1209684 bsc#1209556).
- commit 18dd273
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 58a7e43
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit 4061009
- net: usb: smsc75xx: Move packet length check to prevent kernel
  panic in skb_pull (git-fixes).
- commit 904473f
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
  [iivanov] Fix Patch-mainline to v6.3-rc5
- commit f23280a
- seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549
- commit 6692c8c
- x86/apic: Add name to irq chip (bsc#1206010).
- commit 89bba1e
- ipv4: route: fix inet_rtm_getroute induced crash (git-fixes).
- commit e25c3f6
- blacklist.conf: update blacklist
- commit ae3ef0f
- blacklist.conf: update blacklist
- commit 3e5530d
- x86/apic: Deinline x2apic functions (bsc#1181001 jsc#ECO-3191).
- x86/x2apic: Mark set_x2apic_phys_mode() as __init (bsc#1181001
- Refresh
- Refresh
  Update to upstream patches.
  Two easy cleanups added for simpler backports.
- commit 2c2baeb
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207001).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally"/ (bsc#1207001).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1207001).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1207001).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
- commit e9cf69b
- x86/ioapic: Force affinity setup before startup (bsc#1193231).
- blacklist.conf: remove it from there as the prerequisities were
  backported already
- commit 67a8716
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 0e57c99
- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 27afda9
- powerpc/xics: fix refcount leak in icp_opal_init()
- commit f9aeabf
- powerpc/powernv/ioda: Skip unallocated resources when mapping
  to PE (bsc#1065729).
- commit 12e8c49
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
- powerpc/pseries/lpar: add missing RTAS retry status handling
  (bsc#1109158 ltc#169177 git-fixes).
- commit 4d6673f
- Input: atmel_mxt_ts - fix double free in mxt_read_info_block
- commit bd0fc95
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 32c7f24
- blacklist.conf: driver not in SLE12
- commit 3fbe4df
- blacklist.conf: driver not present in SLE12
- commit dad4545
- s390/vfio-ap: fix memory leak in vfio_ap device driver
- commit 0efdc1f
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
- commit ee49c52
- RDMA/core: Don't infoleak GRH fields (bsc#1209778 CVE-2021-3923)
- commit 007f267
- tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289
- commit 91c876a
- Update
  (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- Update
  (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455).
- commit 03cf48f
- timers: Clear timer_base::must_forward_clk with (bsc#1207890)
- commit 665e881
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d6d271d
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit a0c51f7
- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
  (CVE-2023-1281 bsc#1209634).
- commit 79d6cb4
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit 3f3dfdc
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes)
- commit 11f2537
- arm64: Do not forget syscall when starting a new thread. (git-fixes)
- commit 27dfefa
- arm64: Mark __stack_chk_guard as __ro_after_init (git-fixes)
- commit 551a661
- arm64/vdso: Discard sections in vDSO (git-fixes)
- commit b2f00e4
- blacklist.conf: ("/arm64: alternatives: Move length validation in alternative_{insn,"/)
- commit 750c32b
- KVM: arm64: Hide system instruction access to Trace registers (git-fixes)
- commit 2e3ed1c
- arm64: psci: Avoid printing in cpu_psci_cpu_die() (git-fixes)
- commit 66c3a8b
- blacklist.conf: ("/arm64: Change .weak to SYM_FUNC_START_WEAK_PI for"/)
- commit add4723
- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (git-fixes)
- commit 65bd4cc
- arm64/alternatives: move length validation inside the subsection (git-fixes)
- commit d2aefa8
- arm64: Use test_tsk_thread_flag() for checking TIF_SINGLESTEP (git-fixes)
- commit 2354853
- arm64/alternatives: don't patch up internal branches (git-fixes)
- commit 259ff6d
- arm64/alternatives: use subsections for replacement sequences (git-fixes)
- commit 206be22
- arm64/cpufeature: Drop TraceFilt feature exposure from ID_DFR0 register (git-fixes)
  Refresh patches.suse/arm64-cpufeature-Allow-different-PMU-versions-in-ID_DFR0_EL1.patch
- commit a0b4d86
- blacklist.conf: ("/arm64: cpufeature: Relax checks for AArch32 support at EL[0-2]"/)
- commit 99d129d
- blacklist.conf: ("/arm64: Delete the space separator in __emit_inst"/)
- commit e989773
- blacklist.conf: ("/arm64: fix alternatives with LLVM's integrated assembler"/)
- commit eabb21e
- Revert "/arm64: dts: juno: add dma-ranges property"/ (git-fixes)
- commit 472652a
- arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes)
- commit 126253f
- blacklist.conf: ("/arm64: fix unreachable code issue with cmpxchg"/)
- commit 27e2384
- arm64: kpti: ensure patched kernel text is fetched from PoU (git-fixes)
- commit ed14da7
- arm64/mm: fix variable 'pud' set but not used (git-fixes)
- commit bb80a31
- arm64: unwind: Prohibit probing on return_address() (git-fixes)
- commit 84859a4
- blacklist.conf: ("/arm64/efi: Mark __efistub_stext_offset as an absolute symbol"/)
- commit 7448304
- arm64: Fix compiler warning from pte_unmap() with (git-fixes)
- commit f112362
- arm64: cpu_ops: fix a leaked reference by adding missing of_node_put (git-fixes)
- commit 80aa069
- arm64: kprobe: make page to RO mode when allocate it (git-fixes)
- commit 0375ba2
- usb: typec: altmodes/displayport: Fix probe pin assign check
- commit 5ce7845
- scsi: lpfc: Return DID_TRANSPORT_DISRUPTED instead of
  DID_REQUEUE (bsc#1199837).
- commit 2f806c6
- USB: misc: iowarrior: fix up header size for
- commit 198956a
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
- commit 179a403
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 9bc607c
- tracing/hwlat: Replace sched_setaffinity with
  set_cpus_allowed_ptr (git-fixes).
- commit 10ecebb
- ring-buffer: remove obsolete comment for free_buffer_page()
- commit fb36562
- ftrace: Fix invalid address access in lookup_rec() when index
  is 0 (git-fixes).
- commit 2107853
- blacklist.conf: add not-relevant tracing fixes
- commit 89e5ff0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 59b5ef4
- tracing: Add NULL checks for buffer in
  ring_buffer_free_read_page() (git-fixes).
- commit 4ba90d9
- blacklist.conf: might break certifications
- commit bd7ab11
- blacklist.conf: kABI
- commit c99b186
- blacklist.conf: irrelevant in our configs
- commit e0f4fc3
- blacklist.conf: kABI
- commit 9748c72
- blacklist.conf: kABI
- commit abd6f40
- blacklist.conf: blacklist Documentation because we
  will not updaten the documentation package in SLE12 anyway
- commit b4fe007
- Refresh
- commit 37fbfe8
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 739342e
- xen/netfront: stop tx queues during live migration (git-fixes).
- commit ac8b9c0
- xen-netfront: fix potential deadlock in xennet_remove()
- Refresh
- commit 9294dd7
- xen/netfront: fix waiting for xenbus state change (git-fixes).
- commit fe29b44
- xen-netfront: wait xenbus state change when load module manually
- commit 0c71330
- xen-netfront: Update features after registering netdev
- commit c77bad3
- xen-netfront: Fix mismatched rtnl_unlock (git-fixes).
- commit db4108c
- xen-netfront: Fix race between device setup and open
- Refresh
- commit a087822
- blacklist.conf: add 9e6246518592 ("/xen/netback: don't call kfree_skb() under spin_lock_irqsave()"/)
- commit cae7fc6
- blacklist.conf: add 7dfa764e0223 ("/xen/netback: fix build warning"/)
- commit 31b3ee5
- blacklist.conf: add 5834e72eda0b ("/xen/netback: do some code cleanup"/)
- commit 6487e56
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit 4ce0c85
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
- commit 36249b4
- xen/platform-pci: add missing free_irq() in error path
- commit dd25a55
- xen-netfront: enable device after manual module load
- commit 6ce0b56
- blacklist.conf: add ce6f7d087e2b ("/Input: xen-kbdfront - fix multi-touch XenStore node's locations"/)
- commit 9866d94
- blacklist.conf: added 02a0d9216d4da ("/Input: xen-kbdfront - do not advertise multi-touch pressure support"/)
- commit 4d70cca
- x86/paravirt: Fix callee-saved function ELF sizes (git-fixes).
- Refresh
- commit be50a99
- SUNRPC: Fix a server shutdown leak (git-fixes).
- commit b391b37
- Revert "/mei: me: enable asynchronous probing"/ (bsc#1208048,
- commit 9a95c7f
- media: dvb-usb: az6027: fix null-ptr-deref in  az6027_i2c_xfer()
  (bsc#1209291 CVE-2023-28328).
- commit 0a0d765
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
- commit a77868e
- Bluetooth: btusb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- commit 0b2e609
- blacklist.conf: false positive
- commit 7dfc594
- ima: Fix function name error in comment (git-fixes).
- commit 889bacc
- kfifo: fix ternary sign extension bugs (git-fixes).
- commit efc9af2
- blacklist.conf:	irrelevant in our configurations
- commit fcaf3c0
- blacklist.conf: kABI
- commit 5f50816
- blacklist.conf: changes exported defaults
- commit 6e19056
- PM: hibernate: flush swap writer after marking (git-fixes).
- commit d5d514d
- blacklist.conf: false positive
- commit bcee6d7
- blacklist.conf: kABI
- commit ee8665f
- blacklist.conf: false positive
- commit 38a7585
- kgdb: Drop malformed kernel doc comment (git-fixes).
- commit 16f0840
- blacklist.conf: kABI
- commit 836cdb8
- dt-bindings: reset: meson8b: fix duplicate reset IDs
- commit 758f2cb
- timers/sched_clock: Prevent generic sched_clock wrap caused
  by tick_freeze() (git-fixes).
- commit c1996c6
- blacklist.conf: irrelevant documentation
- commit 14b48ad
- blacklist.conf: false positive
- commit 24553f6
- usb: dwc3: gadget: Stop processing more requests on IMI
- commit 1e1ba8c
- Update patches.suse/net_sched-add-__rcu-annotation-to-netdev-qdisc.patch.
- fix a mistake in the CVE-2023-0590 / bsc#1207795 backport
- commit 005c9da
- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256 CVE-2017-5753).
- commit fca254e
- usb: dwc3: exynos: Fix remove() function (git-fixes).
- commit 1162027
- usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes).
- commit c85689a
- blacklist.conf: duplicate
- commit 9a30402
- blacklist.conf: false positive
- commit 6886a4a
- NET: usb: qmi_wwan: Adding support for Cinterion MV31
- commit 64d8c67
- Update
  (bsc#1076830 bsc#1208850 CVE-2022-20567).
- commit 47065bb
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit c4928a4
- Delete
  This definition was used by kgraft codestreams (SLE12-SP3), but the
  livepatch support for such codestreams has ended.
- commit 4fbaecf
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently
- PCI: Use pci_update_current_state() in pci_enable_device_flags()
- PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
- PCI/MSI: Enforce MSI entry updates to be visible (git-fixes).
- PCI/MSI: Enforce that MSI-X table entry is masked for update
- PCI/MSI: Mask all unused MSI-X entries (git-fixes).
- PCI: aardvark: Fix checking for PIO Non-posted Request
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI/PM: Avoid using device_may_wakeup() for runtime PM
- Refresh
- commit 7a5a840
- media: platform: ti: Add missing check for devm_regulator_get
- commit 38e97d5
- media: coda: Add check for kmalloc (git-fixes).
- commit 95a83e8
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit da6b661
- rpm/ Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "/$HOME/"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
- commit 6d65136
- vxlan: changelink: Fix handling of default remotes (git-fixes).
- commit 353bf78
- vxlan: Fix error path in __vxlan_dev_create() (git-fixes).
- commit 4d54675
- net: aquantia: fix RSS table and key sizes (git-fixes).
- commit 3b040c8
- bonding: fix 802.3ad state sent to partner when unbinding slave
- commit 45191af
- vlan: Fix vlan insertion for packets without ethernet header
- commit 95ac5e1
- vlan: Fix out of order vlan headers with reorder header off
- commit 59cf369
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (CVE-2023-1118 bsc#1208837).
- commit e793953
- xfrm: Copy policy family in clone_policy (git-fixes).
- commit 9d47068
- netfilter: ipvs: Fix inappropriate output of procfs (git-fixes).
- commit 8eff166
- netfilter: xt_connlimit: don't store address in the conn nodes
- commit b335237
- icmp: don't fail on fragment reassembly time exceeded
- commit ba8013a
- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
- commit 6206180
- PCI: Unify ACS quirk desired vs provided checking (git-fixes).
- PCI: Make ACS quirk implementations more uniform (git-fixes).
- commit 6452eb0
- KABI FIX FOR: NFS: Pass error information to the pgio error
  cleanup routine (git-fixes).
- commit 00c859b
- KABI FIX FOR - SUNRPC: Fix priority queue fairness (git-fixes).
- commit 91b67c9
- README.BRANCH: Adding myself to the maintainer list
- commit 8fc11b2
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
- commit 152a069
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit c0b9b40
- kabi/severities: add l2tp local symbols
- commit 63a39ae
- l2tp: Serialize access to sk_user_data with sk_callback_lock
  (bsc#1205711 CVE-2022-4129).
- commit ef8f012
- l2tp: fix race in duplicate tunnel detection (bsc#1205711
- commit 6a8247c
- l2tp: fix races in tunnel creation (bsc#1205711 CVE-2022-4129).
- commit 4e92c0b
- Refresh
- commit d76f4ba
- nfsd: fix race to check ls_layouts (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
  failure (git-fixes).
- nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request
- NFS: Pass error information to the pgio error cleanup routine
- SUNRPC: Fix priority queue fairness (git-fixes).
- commit 24274be
- blacklist.conf: updates
- commit 79d0f01
- PCI: aardvark: Don't touch PCIe registers if no card connected
- PCI: aardvark: Indicate error in 'val' when config read fails
- PCI: aardvark: Improve link training (git-fixes).
- PCI: aardvark: Don't blindly enable ASPM L0s and don't write
  to read-only register (git-fixes).
- PCI: aardvark: Train link immediately after enabling training
- PCI: Add ACS quirk for Intel Root Complex Integrated Endpoints
- PCI: Avoid FLR for AMD Starship USB 3.0 (git-fixes).
- PCI: Avoid FLR for AMD Matisse HD Audio & USB 3.0 (git-fixes).
- PCI: endpoint: Fix for concurrent memory allocation in OB
  address region (git-fixes).
- kabi: PCI: endpoint: Fix for concurrent memory allocation in
  OB address region (git-fixes).
- PCI: endpoint: Cast the page number to phys_addr_t (git-fixes).
- PCI: aardvark: Remove PCIe outbound window configuration
- PCI: aardvark: Introduce an advk_pcie_valid_device() helper
- commit 36c0f12
- PCI: aardvark: Don't rely on jiffies while holding spinlock
- PCI: aardvark: Wait for endpoint to be ready before training
  link (git-fixes).
- PCI/PM: Always return devices to D0 when thawing (git-fixes).
- PCI: tegra: Fix OF node reference leak (git-fixes).
- commit d6e8f39
- applicom: Fix PCI device refcount leak in applicom_init()
- PCI: Add ACS quirk for iProc PAXB (git-fixes).
- Refresh
- Refresh
- PCI: PM: Avoid skipping bus-level PM on platforms without ACPI
- PCI: aardvark: Fix a leaked reference by adding missing
  of_node_put() (git-fixes).
- commit 5dd1a12
- blacklist.conf: powerpc math emulation is not used
- commit 7904b57
- blacklist.conf: 8e1278444446 powerpc/32: Fix overread/overwrite of thread_struct via ptrace
- commit 1292ac8
- powerpc/fscr: Enable interrupts earlier before calling
  get_user() (bsc#1065729).
- Refresh patches.suse/powerpc-add-interrupt_cond_local_irq_enable-helper.patch
- powerpc/powernv: Fix build error in opal-imc.c when NUMA=n
- commit 9101ec0
- powerpc/eeh: Fix use-after-release of EEH driver (bsc#1065729).
- powerpc/powernv: IMC fix out of bounds memory access at shutdown
- commit f7b6c1a
- blacklist.conf: Add oops_limit accretion disk
- commit 26414f9
- blacklist.conf: fda31c50292a signal: avoid double atomic counter increments for user accounting
- commit ad47077
- blacklist.conf: Add 11e31f608b49 watchdog/softlockup: Enforce that timestamp is valid on boot
- commit 312b206
- ipmi: fix initialization when workqueue allocation fails
- commit 62cff13
- ipmi: msghandler: Make symbol 'remove_work_wq' static
- commit f48a444
- blacklist.conf: Add 0e48f51cbbfb Revert "/libata, freezer: avoid block device removal while system is frozen"/
- commit 3b5d052
- net/ethernet/freescale: rework quiesce/activate for ucc_geth (git-fixes).
- commit 354903d
- net: bmac: Fix read of MAC address from ROM (git-fixes).
- commit f260cf5
- net: qed*: Reduce RX and TX default ring count when running inside kdump kernel (git-fixes).
- commit b08ffb4
- Refresh patches.suse/af_unix-fix-races-in-sk_peer_pid-and-sk_peer_cred-ac.patch.
- commit e51ef45
- Revert "/af_unix: fix races in sk_peer_pid and sk_peer_cred accesses"/
  This reverts commit e49e1b0f7e662d5b071015f05ead8185cb31f049
  since it breaks the kernel.
- commit f1351a4
- Revert "/sock.h: hide new member (bsc#1194535 CVE-2021-4203)."/
  This reverts commit 3cef23f4011eda051233a2e9572ae1d789313f41
  since it breaks the kernel
- commit f66a3cf
- SUNRPC: make lockless test safe (bsc#1207201).
- commit 155aec2
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit 3cef23f
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit e49e1b0
- sock.h: hide new member (bsc#1194535 CVE-2021-4203).
- commit ec6bedc
- af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
  (bsc#1194535 CVE-2021-4203).
- commit b12b939
- Refresh
- commit b1becb2
- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit d61392c
- blacklist.conf: add few PCI patches
- commit 52e540a
- ARM: 8702/1: head-common.S: Clear lr before jumping to start_kernel() (git-fixes)
- commit 0e2e532
- x86/mm: Randomize per-cpu entry area (bsc#1207845
- refresh patches.suse/x86-cpu_entry_area-Map-also-trace_idt_table.patch.
- commit 6cab2a4
- block: bio-integrity: Copy flags when bio_integrity_payload
  is cloned (bsc#1208541).
- commit 1c1919f
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
  static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
  gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
- scsi: qla2xxx: edif: Fix stall session after app start
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
  commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
- scsi: qla2xxx: Fix link failure in NPIV environment
- scsi: qla2xxx: Check if port is online before sending ELS
- commit 649e0ec
- blacklist.conf: feature not a fix
- commit 1443bd3
- blacklist.conf: feature not a fix
- commit ee1e977
- ipmi: fix memleak when unload ipmi driver (git-fixes).
- commit d05158b
- blacklist.conf: cosmetic fix
- commit 4b9f79b
- ipmi: fix use after free in _ipmi_destroy_user() (git-fixes).
- commit 2d46d95
- ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module
- commit 4c304c0
- ipmi: Move remove_work to dedicated workqueue (git-fixes).
- commit 7662fa0
- net: dsa: mv88e6xxx: Allow dsa and cpu ports in multiple vlans
- commit ae05a84
- blacklist.conf: add blacklist
- commit d1dd69b
- blacklist.conf: update blacklist
- commit 8b2622c
- blacklist.conf: update blacklist
- commit 50d7ebf
- blacklist.conf: update blacklist
- commit a32c2b4
- blacklist.conf: update blacklist
- commit 941a0ae
- blacklist.conf: update blacklist
- commit ac031d8
- x86/power: Fix 'nosmt' vs hibernation triple fault during resume
- Refresh
- commit 3ddadd1
- x86/stacktrace: Prevent infinite loop in arch_stack_walk_user()
- x86/build: Add 'set -e' to to delete broken
  capflags.c (git-fixes).
- x86/atomic: Fix smp_mb__{before,after}_atomic() (git-fixes).
- x86/PCI: Fix PCI IRQ routing table memory leak (git-fixes).
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
  vmalloc_fault() (git-fixes).
- x86/irq/64: Limit IST stack overflow check to #DB stack
- x86/uaccess, signal: Fix AC=1 bloat (git-fixes).
- x86/ia32: Fix ia32_restore_sigcontext() AC leak (git-fixes).
- commit 4fdbd92
- blacklist.conf: add some x86 commits
- commit 89c0d93
- blacklist.conf: kABI
- commit 6c2dd7a
- blacklist.conf: false positive from stable
- commit 4cb1a8d
- net: allwinner: Fix use correct return type for ndo_start_xmit()
- commit a06fb6c
- gtp: set NLM_F_MULTI flag in gtp_genl_dump_pdp() (git-fixes).
- commit 8e95e4e
- net: systemport: suppress warnings on failed Rx SKB allocations
- commit 34c447d
- net: bcmgenet: suppress warnings on failed Rx SKB allocations
- commit e3d888b
- net/mlx5e: Set of completion request bit should not clear
  other adjacent bits (git-fixes).
- commit 1fccfde
- net: stmmac: Fix sub-second increment (git-fixes).
- commit 7bcb4c9
- blacklist.conf: regression due to missing feature in boot loader
- commit d40e68d
- xhci: Don't show warning for reinit on known broken suspend
- commit 60f17f0
- USB: serial: console: move mutex_unlock() before
  usb_serial_put() (git-fixes).
- commit e9ada32
- USB: serial: ch341: fix disabled rx timer on older devices
- commit 1f1a3d6
- usb: dwc3: fix PHY disable sequence (git-fixes).
- commit f44e5ac
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
- commit c8ee3cd
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
- commit d5892e7
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- commit 3dadb30
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- commit 9a54c12
- blacklist.conf: remove duplicated entry
- commit 09dbb7d
- prlimit: do_prlimit needs to have a speculation check
- signal handling: don't use BUG_ON() for debugging (git-fixes).
- panic: unset panic_on_warn inside panic() (git-fixes).
- ptrace: make ptrace() fail if the tracee changed its pid
  unexpectedly (git-fixes).
- don't dump the threads that had been already exiting when zapped
- kernel/sys.c: avoid copying possible padding bytes in
  copy_to_user (git-fixes).
- commit b9bfdd9
- kbuild: clear LDFLAGS in the top Makefile (bsc#1203200).
- Refresh patches.suse/supported-flag.
- commit d60d0fc
- blacklist.conf: add couple CORE patches
- commit 40318d8
- net: usb: qmi_wwan: add Quectel RM520N (git-fixes).
- commit 381f355
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990
- commit 4a8728c
- net: usb: qmi_wwan: Add support for Dell DW5829e (git-fixes).
- commit 7a53afd
- net: usb: cdc_mbim: avoid altsetting toggling for Telit LN920
- commit 4eade98
- net: usb: lan78xx: don't modify phy_device state concurrently
- commit 6ef7677
- blacklist.conf: add a cleanup to disable -Wmaybe-uninitialized
- commit 5840861
- blacklist.conf: duplicate
- commit 59bea49
- blacklist.conf: add a mips-only specific revert
- commit 2cf8eeb
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
- commit 4e09bf9
- blacklist.conf: add a not-strictly needed fw-loading fix
- commit 229946b
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- commit 4cc9e19
- net: usb: sr9700: Handle negative len (git-fixes).
- commit e4e2a28
- usb: rndis_host: Secure rndis_query check against int overflow
  (CVE-2023-23559 bsc#1207051).
- commit e207be8
- xfs: Fix unreferenced object reported by kmemleak in
  xfs_sysfs_init() (git-fixes).
- commit 8137300
- xfs: fix realtime bitmap/summary file truncation when growing
  rt volume (git-fixes).
- commit e4116fa
- xfs: make sure the rt allocator doesn't run off the end
- commit 6e43199
- xfs: initialize the shortform attr header padding entry
- commit 362da99
- xfs: Fix UBSAN null-ptr-deref in xfs_sysfs_init (git-fixes).
- commit 80c6365
- xfs: fix partially uninitialized structure in
  xfs_reflink_remap_extent (git-fixes).
- commit 9049b82
- xfs: fix mount failure crash on invalid iclog memory access
- commit 1d08499
- xfs: fix attr leaf header freemap.size underflow (git-fixes).
- commit 1653047
- xfs: Fix bulkstat compat ioctls on x32 userspace (git-fixes).
- commit ab6f871
- xfs: require both realtime inodes to mount (git-fixes).
- commit 2e5ec52
- xfs: fix use-after-free race in xfs_buf_rele (git-fixes).
- commit fcdc154
- xfs: fix leaks on corruption errors in xfs_bmap.c (git-fixes).
- commit 2114c43
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit e1a86c1
- blacklist.conf: Blacklist the patch below
- Delete
  to replace it with a better alternative we have in other branches
- commit d1f6219
- x86/mce: Fix -Wmissing-prototypes warnings (git-fixes).
- Refresh
- commit 04b9b60
- cpu/hotplug: Fix "/SMT disabled by BIOS"/ detection for KVM
- kABI: cpu/hotplug: reexport cpu_smt_control (kabi).
- Refresh
- commit 450f659
- x86/hpet: Prevent potential NULL pointer dereference
- x86/mm: Don't leak kernel addresses (git-fixes).
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15
  models (git-fixes).
- x86/kexec: Don't setup EFI info if EFI runtime is not enabled
- x86/fpu: Add might_fault() to user_insn() (git-fixes).
- commit 5915eb8
- x86/speculation: Remove SPECTRE_V2_IBRS in enum
  spectre_v2_mitigation (bsc#1068032 CVE-2017-5754).
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
  Make IBRS patches closer to upstream.
- commit 4cf6d38
- x86/speculation: Add support for STIBP always-on preferred mode
- x86/speculation: Change misspelled STIPB to STIBP (git-fixes).
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
  Update STIBP patches to be closer to upstream.
- commit 1ef4c9a
- drm/vmwgfx: Validate the box size for the snooped cursor (bsc#1203332 CVE-2022-36280)
- commit 9894e8b
- x86/earlyprintk: Add a force option for pciserial device
- x86/mce-inject: Reset injection struct after injection
- kprobes, x86/ptrace.h: Make regs_get_kernel_stack_nth() not
  fault on bad stack (git-fixes).
- x86/mce/mce-inject: Preset the MCE injection struct (git-fixes).
- commit f94b2cc
- blk-mq: fix possible memleak when register 'hctx' failed
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
- md: fix a crash in mempool_free (git-fixes).
- nbd: Fix NULL pointer in flush_workqueue (git-fixes).
- commit e68f2dc
- blacklist.conf: add non-backport git-fixes commit
- commit b53530a
- x86: boot: Fix EFI stub alignment (git-fixes).
- commit 35efa28
- x86/bugs: Move the l1tf function and define pr_fmt properly
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- commit 1843a69
- Refresh patches.suse/x86-l1tf-06-add-sysfs-report.patch.
- Refresh
- Refresh
  Update to upstream version (X86_FEATURE_L1TF_PTEINV).
- commit 89f9e4a
- blacklist.conf: Add 86989c41b5ea signal: Always ignore SIGKILL and SIGSTOP sent to the global init
- commit bed9df8
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit a63545b
- blacklist.conf: Add a4055888629b mm/memcg: warning on !memcg after readahead page charged
- commit df06b7b
- blacklist.conf: Add 9a137153fc87 mm/memcg: fix device private memcg accounting
- commit 633912b
- blacklist.conf: Add d477f8c202d1 cpuset: restore sanity to cpuset_cpus_allowed_fallback()
- commit 53f3608
- arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region (git-fixes)
- commit 5ab30ad
- net: mana: Fix IRQ name - add PCI and queue number
- commit b36fcf8
- x86/asm: Add instruction suffixes to bitops (git-fixes).
- x86/entry/64: Add instruction suffix (git-fixes).
- kprobes, x86/alternatives: Use text_mutex to protect
  smp_alt_modules (git-fixes).
- x86/asm: Remove unnecessary nt in front of CC_SET() from
  asm templates (git-fixes).
- blacklist.conf: remove it from there
- commit 42cc16d
- blacklist.conf: add some x86 commits
- commit 9547ab1
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
- commit 18b587b
- tracing: Make sure trace_printk() can output as soon as it
  can be used (git-fixes).
- commit 15c6ed8
- tracing: Fix infinite loop in tracing_read_pipe on overflowed
  print_trace_line (git-fixes).
- commit 720bed5
- jbd2: use the correct print format (git-fixes).
- commit 022b5a0
- tracing: Avoid adding tracer option before update_tracer_options
- commit 3c24529
- tracing: Fix sleeping function called from invalid context on
  RT kernel (git-fixes).
- commit f5a6b6f
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate
- commit d9419a4
- tracing: Ensure trace buffer is at least 4096 bytes large
- commit 73dee6a
- tracing: Fix tp_printk option related with
  tp_printk_stop_on_boot (git-fixes).
- commit 9ae70c5
- tracing: Fix a kmemleak false positive in tracing_map
- commit 146abd5
- scsi: target: core: Add CONTROL field for trace events
- commit 5f4b9f3
- blacklist.conf: add not-relevant tracing fixes
- commit 6dbf1ea
- blacklist.conf: add qcom one thanks to present workaround
- commit 56b5e15
- Refresh
  Avoid compiler warning:
  drivers/pci/pci-acpi.c: In function ‘acpi_pci_bridge_d3’:
  drivers/pci/pci-acpi.c:549:5: warning: unused variable ‘val’ [-Wunused-variable]
  u8 val;
- commit 94c9b34
- PCI/sysfs: Fix double free in error path (git-fixes).
- PCI: Check for alloc failure in pci_request_irq() (git-fixes).
- PCI: Fix pci_device_is_present() for VFs by checking PF
- PCI: Sanitise firmware BAR assignments behind a PCI-PCI bridge
- PCI: Fix used_buses calculation in pci_scan_child_bus_extend()
- PCI/ASPM: Correct LTR_L1.2_THRESHOLD computation (git-fixes).
- PCI/ASPM: Declare threshold_ns as u32, not u64 (git-fixes).
- commit 1a1e3cb
- blacklist.conf: Add guards
- d6810d730022 ("/memcg, THP, swap: make mem_cgroup_swapout() support THP"/)
- 00f3ca2c2d66 ("/mm: memcontrol: per-lruvec stats infrastructure"/)
- 1f4aace60b0e ("/fs/seq_file.c: simplify seq_file iteration code and interface"/)
- commit fd302dd
- virtio_console: eliminate anonymous module_init & module_exit
- virtio_console: break out of buf poll on remove (git-fixes).
- commit 04f33be
- Update
  (bsc#1206664 CVE-2022-4662).
- Update
  (bsc#1206664 CVE-2022-4662).
- commit 3097f42
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590
- commit 880415e
- blacklist.conf: 8219d31effa7 powerpc/lib/sstep: Fix build errors with newer binutils
  Always building for at least POWER8
- commit 224de10
- blacklist.conf: Add fb5bf31722d0 fork: fix some -Wmissing-prototypes warnings
- commit dcf40c8
- blacklist.conf: Add 22839869f21a signal: Introduce COMPAT_SIGMINSTKSZ for use in compat_sys_sigaltstack
- commit 4599dd7
- blacklist.conf: Ad db8dd9697238 cgroup-v1: cgroup_pidlist_next should update position index
- commit 6b34bd8
- memcg: remove memcg_cgroup::id from IDR on
  mem_cgroup_css_alloc() failure (bsc#1208108).
- commit f958549
- blacklist.conf: Remove spurious whitespace
- commit 79063d5
- blacklist.conf: Add d08afa149acf mm, memcg: fix mem_cgroup_swapout() for THPs
- commit 0c330fd
- blacklist.conf: Add 4eaf431f6f71 memcg: fix per_node_info cleanup
- commit fb05fe9
- blacklist.conf: Add more unsupported ppc architecture paths
- commit e6a4392
- blacklist.conf: PCI bus numbering fixes for unsupported architectures
- commit 507eeac
- Update patches.suse/lightnvm-remove-lightnvm-implemenation.patch
  (bsc#1191881 bsc#1201420 CVE-2022-2991).
- commit 125ae88
- blacklist.conf: not a fix, but a cleanup
- commit 6c62aaf
- blacklist.conf: cosmetic
- commit 89c1ac7
- blacklist.conf: feature, not a fix
- commit 7abc364
- blacklist.conf: false positive
- commit 89c7fc0
- scsi: hpsa: Fix allocation size for scsi_host_alloc()
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init()
  fails (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in
  sdebug_add_host_helper() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register()
  fails (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device()
- scsi: hpsa: Fix error handling in hpsa_add_sas_host()
- scsi: mpt3sas: Fix possible resource leaks in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one()
- scsi: scsi_debug: Fix a warning in resp_write_scat()
- drbd: destroy workqueue when drbd device was freed (git-fixes).
- drbd: use after free in drbd_create_device() (git-fixes).
- drbd: remove usage of list iterator variable after loop
- drbd: fix potential silent data corruption (git-fixes).
- Revert "/scsi: core: run queue if SCSI device queue isn't ready
  and queue is idle"/ (git-fixes).
- drbd: dynamically allocate shash descriptor (git-fixes).
- drbd: Change drbd_request_detach_interruptible's return type
  to int (git-fixes).
- drbd: fix print_st_err()'s prototype to match the definition
- drbd: do not block when adjusting "/disk-options"/ while IO is
  frozen (git-fixes).
- drbd: reject attach of unsuitable uuids even if connected
- drbd: ignore "/all zero"/ peer volume sizes in handshake
- commit 0a624a5
- blacklist.conf: Add powerpc inapplicable fixes.
- commit 7e5ff14
- blacklist.conf: Add more unsupported architecture paths
- commit a9d28f3
- blacklist.conf: Giving up on memtrace on 4.12 kernel
  It's hopelessly outdated. It may work for some uses but definitely
  cannot be fixed to work reliably. It's only available on powernv, anyway.
- commit 52370b2
- Refresh
- commit 850359a
- blacklist.conf: remove git-fix commit
  Added before but now the context appears present.
- commit ca7ebf0
- Refresh
  Since it is not upstream.
- commit 71b544b
- scsi: smartpqi: use processor ID for hwqueue for non-mq case .
- commit f7c419d
- Revert "/scsi: smartpqi: set force_blk_mq=1.(bsc#1205397)"/
  This reverts commit 10f3936c627ef942dd3b1e94d001f74978249b48.
- commit 08dc3b9
- module: Don't wait for GOING modules (bsc#1196058, bsc#1186449,
  bsc#1204356, bsc#1204662).
- commit 4f27069
- sctp: fail if no bound addresses can be used for a given scope
- commit 297ccbe
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
  Heavily modified, as prerequisites for taking it as is would
  utterly ruin kABI
- commit f6a5968
- iforce: restore old iforce_dump_packet (git-fixes).
- commit 4231d1c
- Input: iforce - reformat the packet dump output (git-fixes).
- commit dc68ca6
- Input: i8042 - Add quirk for Fujitsu Lifebook T725 (git-fixes).
- commit 234f459
- blacklist.conf: designed to break kABI
- commit 8b4ffca
- parisc: Fix HP SDC hpa address output (git-fixes).
- commit 810aa94
- parisc: Fix serio address output (git-fixes).
- commit 0f57ebf
- Input: do not use WARN() in input_alloc_absinfo() (git-fixes).
- commit 84da185
- Input: replace hard coded string with __func__ in pr_err()
- commit cda312b
- Input: convert autorepeat timer to use timer_setup()
- commit cbdf2f3
- Input: switch to using sizeof(*type) when allocating memory
- commit 8f71a2f
- Input: use seq_puts() in input_devices_seq_show() (git-fixes).
- commit 1b69f50
- Input: use seq_putc() in input_seq_print_bitmap() (git-fixes).
- commit f2b9cd4
- blacklist.conf: blacklist drivers/input/touchscreen/stmfts.c
  Support for this driver has been added in v4.13 with
  78bcac7b2ae1e4f6e96c68ff353c140669ea231c, which we have
  not taken in SLE12. Silence the scripts.
- commit 86c295f
- struct dwc3: move new members to the end (git-fixes).
- commit 09b2302
- usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init
  during suspend/resume (git-fixes).
- Refresh
- commit d6a4fb0
- usb: dwc3: core: Call dwc3_core_get_phy() before initializing
  phys (git-fixes).
- commit f2e20db
- usb: dwc3: core: initialize ULPI before trying to get the PHY
- commit ca7dae7
- usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
- commit ba1784c
- tracing/cfi: Fix cmp_entries_* functions signature mismatch
- commit 6fe5958
- tracing: Fix stack trace event size (git-fixes).
- commit 6ddfce9
- ftrace: Fix updating FTRACE_FL_TRAMP (git-fixes).
- commit f3f9c2c
- tracing: Use address-of operator on section symbols (git-fixes).
- commit ff93892
- trigger_next should increase position index (git-fixes).
- commit 6f1b4bf
- ftrace: fpid_next() should increase position index (git-fixes).
- commit c8a082f
- tracing: Set kernel_stack's caller size properly (git-fixes).
- commit b0151c0
- tracing: Adding NULL checks for trace_array descriptor pointer
- commit 08a9d55
- ftrace: Enable trampoline when rec count returns back to one
- Refresh
- Refresh
- commit c714737
- ftrace: Fix NULL pointer dereference in
  free_ftrace_func_mapper() (git-fixes).
- commit 5646431
- blacklist.conf: add not-relevant ftrace fixes
- commit 5961e96
- blacklist.conf: add a kdb fix which breaks kABI
- commit 7191d79
- blacklist.conf: add a kbuild compiler options cleanup
- commit 5e6755f
- blacklist.conf: add not-relevant fixes for the switch_sched event
- commit ebfa63d
- blacklist.conf: Add upstream config paths.
- commit 55c391f
- xen-netfront: Fix hang on device removal (bsc#1206698).
- commit 619f87d
- HID: check empty report_list in hid_validate_values()
  (git-fixes, bsc#1206784).
- commit 0c3e451
- HID: betop: fix slab-out-of-bounds Write in betop_probe
  (git-fixes, bsc#1207186).
- commit 29e41ae
- HID: betop: check shape of output reports (git-fixes,
- commit b716c1e
- audit: ensure userspace is penalized the same as the kernel
  when under pressure (bsc#1204514).
- commit 424bf73
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent
  UAF (CVE-2023-0266 bsc#1207134).
- commit 55a788e
- audit: improve robustness of the audit queue handling
- commit 6afddf3
- blacklist.conf: Add memcg unusable fixes
- Add c3cc39118c36 mm: memcontrol: fix NR_WRITEBACK leak in memcg and system stats
- Add e27be240df53 mm: memcg: make sure is uptodate when waking pollers
- Add c892fd82cc06 mm: memcg: add __GFP_NOWARN in __memcg_schedule_kmem_cache_create()
- Add 0b3d6e6f2dd0 mm: writeback: use exact memcg dirty counts
- commit 6350151
- dm thin: Use last transaction's pmd->root when commit failed
- dm thin: resume even if in FAIL mode (git-fixes).
- dm cache: set needs_check flag after aborting metadata
- dm cache: Fix ABBA deadlock between shrink_slab and
  dm_cache_metadata_abort (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and
  dm_pool_abort_metadata (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option
  enabled (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module
  loading (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl()
- sbitmap: Avoid leaving waitqueue in invalid state in
  __sbq_wake_up() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal
- nbd: call genl_unregister_family() first in nbd_cleanup()
- md: protect md_unregister_thread from reentrancy (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap()
- dm btree: add a defensive bounds check to insert_at()
- floppy: Add max size check for user space request (git-fixes).
- blk-cgroup: fix missing put device in error path from
  blkg_conf_pref() (git-fixes).
- blk-throttle: fix UAF by deleteing timer in blk_throtl_exit()
- cryptoloop: add a deprecation warning (git-fixes).
- virtio-blk: Fix memory leak among suspend/resume procedure
- dm space maps: don't reset space map allocation cursor when
  committing (git-fixes).
- block: only update parent bi_status when bio fail (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting
  down (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- Revert "/dm cache: fix arm link errors with inline"/ (git-fixes).
- nbd: fix a block_device refcount leak in nbd_release
- blk-cgroup: Pre-allocate tree node on blkg_conf_prep
- blk-cgroup: Fix memleak on error path (git-fixes).
- nbd: make the config put is called before the notifying the
  waiter (git-fixes).
- blk-mq: insert request not through ->queue_rq into sw/scheduler
  queue (git-fixes).
- bcache: fix super block seq numbers comparision in
  register_cache_set() (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- blktrace: break out of blktrace setup on concurrent calls
- blktrace: fix endianness for blk_log_remap() (git-fixes).
- blktrace: fix endianness in get_pdu_int() (git-fixes).
- blktrace: use errno instead of bi_status (git-fixes).
- block/bio-integrity: don't free 'buf' if
  bio_integrity_add_page() failed (git-fixes).
- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to
  find a zone (git-fixes).
- ps3disk: use the default segment boundary (git-fixes).
- null_blk: fix spurious IO errors after failed past-wp access
- Revert "/blkdev: check for valid request queue before issuing
  flush"/ (git-fixes).
- block: Fix use-after-free issue accessing struct io_cq
- null_blk: Handle null_add_dev() failures properly (git-fixes).
- block, bfq: fix overwrite of bfq_group pointer in
  bfq_find_set_group() (git-fixes).
- dm bio record: save/restore bi_end_io and bi_integrity
- brd: check and limit max_part par (git-fixes).
- nbd: add a flush_workqueue in nbd_start_device (git-fixes).
- compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
- block: fix memleak when __blk_rq_map_user_iov() is failed
- nbd: fix shutdown and recv work deadlock v2 (git-fixes).
- nbd:fix memory leak in nbd_get_socket() (git-fixes).
- rsxx: add missed destroy_workqueue calls in remove (git-fixes).
- nbd: verify socket is supported during setup (git-fixes).
- nbd: handle racing with error'ed out commands (git-fixes).
- nbd: fix possible sysfs duplicate warning (git-fixes).
- commit 13f6ec9
- nbd: fix max number of supported devs (git-fixes).
- Refresh for the above change,
- commit 0c94304
- nbd: add missing config put (git-fixes).
- loop: Add LOOP_SET_DIRECT_IO to compat ioctl (git-fixes).
- block/bio-integrity: fix a memory leak bug (git-fixes).
- nbd: fix crash when the blksize is zero (git-fixes).
- dm verity: use message limit for data block corruption message
- blk-mq: move cancel of requeue_work into blk_mq_release
- block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (git-fixes).
- block, bfq: increase idling for weight-raised queues
- dm thin: add sanity checks to thin-pool and external snapshot
  creation (git-fixes).
- zram: fix double free backing device (git-fixes).
- dm flakey: Properly corrupt multi-page bios (git-fixes).
- dm crypt: use u64 instead of sector_t to store iv_offset
- dm kcopyd: Fix bug causing workqueue stalls (git-fixes).
- sunvdc: Do not spin in an infinite loop when vio_ldc_send()
  returns EAGAIN (git-fixes).
- dm raid: avoid bitmap with raid4/5/6 journal device (git-fixes).
- amiflop: clean up on errors during setup (git-fixes).
- swim: fix cleanup on setup error (git-fixes).
- drivers/block/zram/zram_drv.c: fix bug storing backing_dev
- nbd: handle unexpected replies better (git-fixes).
- nbd: don't requeue the same request twice (git-fixes).
- nbd: Add the nbd NBD_DISCONNECT_ON_CLOSE config flag
- commit 687c872
- block: add a lower-level bio_add_page interface (git-fixes).
- Refresh for the above change,
- commit 1c0212c
- dm: Use kzalloc for all structs with embedded biosets/mempools
- block/swim: Select appropriate drive on device open (git-fixes).
- block/swim: Fix IO error at end of medium (git-fixes).
- block/swim: Check drive type (git-fixes).
- block/swim: Rename macros to avoid inconsistent inverted logic
- block/swim: Don't log an error message for an invalid ioctl
- m68k/mac: Don't remap SWIM MMIO region (git-fixes).
- commit 7216c12
- blacklist.conf: Add hung task detector optimizations
- Add 401c636a0eeb kernel/hung_task.c: show all hung tasks before panic
- Add a1c6ca3c6de7 kernel: hung_task.c: disable on suspend
- Add 168e06f7937d kernel/hung_task.c: force console verbose before panic
- Add 304ae42739b1 kernel/hung_task.c: break RCU locks based on jiffies
- commit 106657e
- blacklist.conf: Add de5b55c1d4e3 stop_machine: Use raw spinlocks
- commit 70e34be
- net: sched: disallow noqueue for qdisc classes (bsc#1207237
- commit a70de61
- blacklist.conf: remove the following commits which will be
  backported as git-fixes,
  - f01b411f41f91fc3196eae4317cf8b4d872830a6
  - 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit f91ec99
- blacklist.conf: add git-fixes commits which won't be backported
- commit b06014b
- ipv6: raw: Deduct extension header length in
  rawv6_push_pending_frames (bsc#1207168).
- commit cec1a9b
- blacklist.conf: Blacklist 307af6c87937
- commit c4d1659
- mbcache: add functions to delete entry if unused (bsc#1198971).
- commit e12f310
- mbcache: don't reclaim used entries (bsc#1198971).
- commit f6dfab7
- Update tags
- commit b091c25
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- commit 6020754
- ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty
- commit b48b001
- Update
  (bsc#1207036 CVE-2023-23454).
- commit e326580
- Update
  (bsc#1207036 CVE-2023-23454).
- commit f3bb269
- powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729).
- powerpc/rtas: avoid device tree lookups in rtas_os_term()
- commit d5cf3c0
- blacklist.conf: Blacklist c915fb80eaa6
- commit 4862158
- blacklist.conf: Blacklist 7159a986b420
- commit 8b03a93
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
- commit ef0b25b
- udf_get_extendedattr() had no boundary checks (bsc#1206648).
- commit 903c6ab
- udf: Check LVID earlier (bsc#1207108).
- commit 015783c
- udf: Fix NULL pointer dereference in udf_symlink function
- commit a391f82
- udf: fix silent AED tagLocation corruption (bsc#1206645).
- commit 1573f9a
- udf: Limit sparing table size (bsc#1206643).
- commit 458f745
- udf: Avoid accessing uninitialized data on failed inode read
- commit ae4803c
- udf: Fix free space reporting for metadata and virtual
  partitions (bsc#1206641).
- commit a21c3d0
- udf: Fix BUG on corrupted inode (bsc#1207107).
- commit 142aae1
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit 1fd21c3
- blacklist.conf: Blacklist dd5532a4994b
- commit 1a95452
- blacklist.conf: Blacklist 10f04d40a9fa
- commit 9db6570
- blacklist.conf: Blacklist 6fcbcec9cfc7
- commit a38aa89
- quota: Lock s_umount in exclusive mode for Q_XQUOTA{ON,OFF}
  quotactls (bsc#1207104).
- commit 9272ca4
- mm/filemap.c: clear page error before actual read (bsc#1206635).
- commit 9135482
- blacklist.conf: Blacklist 28ce50f8d96e
- commit 4884298
- isofs: reject hardware sector size > 2048 bytes (bsc#1207103).
- commit e46cdb2
- sbitmap: fix lockup while swapping (bsc#1206602).
- commit 6127981
- sbitmap: Avoid leaving waitqueue in invalid state in
  __sbq_wake_up() (git-fixes).
- commit 8e6d6a5
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock'
- commit 7338cee
- block, bfq: fix overwrite of bfq_group pointer in
  bfq_find_set_group() (bsc#1175995,jsc#SLE-15608).
- commit d71d0e3
- blacklist.conf: Blacklist 5c099c4fdc43
- commit 665ce36
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit 7faea59
- ext4: fix use-after-free in ext4_ext_shift_extents
- commit 0eea07e
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 7a14dda
- blacklist.conf: Blacklist d1052d236edd
- commit 0c9fa3b
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit bc2f14a
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit 9a43afd
- ext4: avoid crash when inline data creation follows DIO write
- commit b5cdb98
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit 49d324e
- blacklist.conf: Blacklist 613c5a85898d
- commit 54c3380
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit b7ada6c
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- commit c7f8ba9
- ext4: unindent codeblock in ext4_xattr_block_set()
- commit cd983c4
- blacklist.conf: Blacklist 6bc0d63dad7f
- commit eaa9493
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 7e9aa45
- ext4: recover csum seed of tmp_inode after migrating to extents
- commit 2f31cd1
- ext4: correct the misjudgment in ext4_iget_extra_inode
- commit 84de60f
- ext4: correct max_inline_xattr_value_size computing
- commit 65f415c
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 3e25d04
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
- commit cc87a22
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit ede473e
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit 4f9eee6
- ext4: add reserved GDT blocks check (bsc#1202712).
- commit 22a4adc
- ext4: don't BUG if someone dirty pages without asking ext4 first
- blacklist.conf: Blacklist ea_inode related commits
- commit 9502092
- blacklist.conf: Blacklist 5dccdc5a1916
- commit 4f5adf1
- blacklist.conf: Blacklist b5776e7524af
- commit f1a0a1a
- ext4: Detect already used quota file early (bsc#1206873).
- commit 87720a2
- blacklist.conf: Blacklist 11215630aada
- commit eb3396e
- blacklist.conf: Blacklist 8418897f1bf8
- commit 16639ef
- blacklist.conf: Blacklist 907ea529fc4c
- commit 6a4fc32
- blacklist.conf: Blacklist a17a9d935dc4
- commit a76a169
- ext4: use matching invalidatepage in ext4_writepage
- commit aba337c
- blacklist.conf: Blacklist c96e2b8564ad
- commit 49f777f
- ext4: fix a data race at inode->i_disksize (bsc#1206855).
- commit 1cd40a2
- blacklist.conf: Blacklist f629afe3369e
- commit 2a1b322
- blacklist.conf: Blacklist 64d4ce892383
- commit ab3ecba
- blacklist.conf: Blacklist 65db869c754e
- commit bd9d268
- blacklist.conf: Blacklist 8c380ab4b7b5
- commit 6d50017
- ext4: prohibit fstrim in norecovery mode (bsc#1207094).
- commit 968ac45
- blacklist.conf: Blacklist 6c7328400e04
- commit 192eee8
- blacklist.conf: Blacklist ddccb6dbe780
- commit b7b4229
- ext4: clear mmp sequence number when remounting read-only
- commit 7957fbf
- ext4: fix argument checking in EXT4_IOC_MOVE_EXT (bsc#1207092).
- commit 9556f87
- blacklist.conf: Blacklist couple of commits
- commit d7f2f6c
- net: sched: cbq: dont intepret cls results when asked to drop
- commit fcfa387
- net: sched: atm: dont intepret cls results when asked to drop
- commit 9f135a3
- ibmveth: Always stop tx queues during close (bsc#1065729).
- commit d23f0d2
- module: set MODULE_STATE_GOING state when a module fails to load
- commit db5c7ff
- blacklist.conf: add f6d061d61712 ("/kernel/module: Fix memleak in
- commit adb3140
- README.BRANCH: Remove Petr Tesařík from README.BRANCH
  Petr is no longer with SUSE, and the address bounces.
- commit a114688
- blacklist.conf: ppc radix hugepage ioremap
  Add commits related to this feature we don't have on 4.12
- commit 30daa9a
- powerpc/powernv: add missing of_node_put (bsc#1065729).
- powerpc/boot: Fixup device-tree on little endian (bsc#1065729).
- powerpc/pseries: Stop calling printk in rtas_stop_self()
- powerpc/smp: Set numa node before updating mask (bsc#1065729).
- powerpc: Force inlining of cpu_has_feature() to avoid build
  failure (bsc#1065729).
- powerpc: improve handling of unrecoverable system reset
- powerpc: sysdev: add missing iounmap() on error in
  mpic_msgr_probe() (bsc#1065729).
- powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729).
- powerpc/crashkernel: Take "/mem="/ option into account
- powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729).
- powerpc/eeh: Only dump stack once if an MMIO loop is detected
- powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV
- powerpc/powernv/iov: Ensure the pdn for VFs always contains
  a valid PE number (bsc#1065729).
- commit 1c66115
- powerpc/pseries/cmm: Implement release() function for sysfs
  device (bsc#1065729).
- powerpc/pseries: Mark accumulate_stolen_time() as notrace
- powerpc/futex: Fix warning: 'oldval' may be used uninitialized
  in this function (bsc#1065729).
- Refresh patches.suse/powerpc-Add-a-framework-for-user-access-tracking.patch
- commit 3acc489
- powerpc/pci/of: Fix OF flags parsing for 64bit BARs
- powerpc/pseries/hvconsole: Fix stack overread via udbg
- powerpc/boot: Fix missing check of lseek() return value
- powerpc/traps: Fix the message printed when stack overflows
- powerpc/pseries: add of_node_put() in dlpar_detach_node()
- powerpc/pseries: Fix node leak in
  update_lmb_associativity_index() (bsc#1065729).
- powerpc/powernv/eeh/npu: Fix uninitialized variables in
  opal_pci_eeh_freeze_status (bsc#1065729).
- powerpc/mm: Make NULL pointer deferences explicit on bad page
  faults (bsc#1065729).
- powerpc/xmon: fix dump_segments() (bsc#1065729).
- powerpc/64/module: REL32 relocation range check (bsc#1065729).
- powerpc/time: Fix clockevent_decrementer initalisation for PR
  KVM (bsc#1065729).
- powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field
- powerpc/eeh: Fix possible null deref in eeh_dump_dev_log()
- powerpc/boot: Disable vector instructions (bsc#1065729).
- powerpc/time: Use clockevents_register_device(), fixing an
  issue with large decrementer (bsc#1065729).
- powerpc/xive: Move a dereference below a NULL test
- powerpc/64s/hash: Fix stab_rr off by one initialization
- powerpc/iommu: Avoid derefence before pointer check
- powerpc/powernv: opal_put_chars partial write fix (bsc#1065729).
- powerpc/boot: Fix 64-bit boot wrapper build with non-biarch
  compiler (bsc#1065729).
- Refresh patches.suse/powerpc-boot-Expose-Kconfig-symbols-to-wrapper.patch
- commit 5dcb3e2
- rpm/ Add Enhances and Supplements tags to in-tree KMPs
  This makes in-tree KMPs more consistent with externally built KMPs and
  silences several rpmlint warnings.
- commit 02b7735
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_*
  Dummy gcc pretends to support -mrecord-mcount option but actual gcc on
  ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS
  enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in
  check failure.
  in the exception list, replace them with a general pattern. And add OBJTOOL
  as well.
- commit 887416f
- powerpc/xive/spapr: correct bitmap allocation size (fate#322438
- powerpc/xive: Add a check for memory allocation failure
  (fate#322438 git-fixes).
- commit 3922d2a
- memcg, kmem: further deprecate kmem.limit_in_bytes
- commit 5804d85
- arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes)
- commit 714ef7f
- arm64: smp: Handle errors reported by the firmware (git-fixes)
- commit 9d794c2
- blacklist.conf: ("/arm64: mm: Prevent mismatched 52-bit VA support"/)
- commit f1a361c
- arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes)
- commit 6cee162
- arm64: ftrace: don't adjust the LR value (git-fixes)
- commit eb42f1a
- arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes)
- commit c7b004f
- arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes)
- commit b2c772e
- arm64: makefile fix build of .i file in external module case (git-fixes)
- commit 195399e
- blacklist.conf: ("/arm64: percpu: Initialize ret in the default case"/)
- commit 4e64a56
- blacklist.conf: ("/arm64: lib: use C string functions with KASAN enabled"/)
- commit dd95ca4
- arm64: jump_label.h: use asm_volatile_goto macro instead of "/asm (git-fixes)
- commit eb342d8
- arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes)
- commit 14aabd0
- arm64: alternative: Use true and false for boolean values (git-fixes)
- commit 301b65d
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes)
- commit a25e150
- arm64: make secondary_start_kernel() notrace (git-fixes)
- commit 4106666
- blacklist.conf: ("/arm64: defconfig: Enable Rockchip io-domain driver"/)
- commit ad93c99
- arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes)
- commit e15bbd4
- arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes)
- commit 62841b2
- arm64: ptrace: remove addr_limit manipulation (git-fixes)
- commit e003877
- blacklist.conf: Add ppc fixes only applicable to 4.14
- commit 131a7b8
- blacklist.conf: Add reverted ppc commit
- commit a8b8b81
- NFS Handle missing attributes in OPEN reply (bsc#1203740).
- commit 5c8477f
- blacklist.conf: cosmetic fix
- commit 4cdceea
- blacklist.conf: cosmetic fix
- commit 0413215
- blacklist.conf: adds a WARN only
- commit f484812
- usb: dwc3: gadget: Fix OTG events when gadget driver isn't
  loaded (git-fixes).
- commit c42a78e
- blacklist.conf: changes API
- commit df9a032
- blacklist.conf: powerpc watchdog implemented in 4.13
- commit 7400877
- blacklist.conf: pSeries and powernv get dt from firmware
- commit 3059da1
- powerpc/pseries/eeh: use correct API for error log size
- powerpc/perf: callchain validate kernel stack pointer bounds
- powerpc/xive: add missing iounmap() in error path in
  xive_spapr_populate_irq_data() (fate#322438 git-fixes).
- powerpc/pci: Fix get_phb_number() locking (bsc#1065729).
- Refresh patches.suse/powerpc-disable_fixed_phb_option.patch
- powerpc/64: Init jump labels before parse_early_param()
- commit e9baafc
- scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568).
- scsi: qla2xxx: Initialize vha->unknown_atio_[list, work]
  for NPIV hosts (jsc#PED-568).
- scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization
- scsi: qla2xxx: Remove unused variable 'found_devs'
- scsi: qla2xxx: Fix set-but-not-used variable warnings
- commit 445debb
- blacklist.conf: fixes for bugs we don't have
  git-fixes suggests patches from a later LTS which are fixes for patches
  that we don't have.  So blacklist them.
- commit 7eacd62
- Refresh patches.suse/SUNRPC-call_alloc-async-tasks-mustn-t-block-waiting-.patch.
  This has landed in mainline so update commit info
- commit 102542f
- Refresh
  gcc pointed out to me a porting error in this patch
- commit 00a42ee
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL
- NFS: swap-out must always use STABLE writes (git-fixes).
- NFS: swap IO handling is slightly different for O_DIRECT IO
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: Keep existing listeners on portlist error (git-fixes).
- rpc: fix gss_svc_init cleanup on failure (git-fixes).
- NFS: nfs_find_open_context() may only select open files
- rpc: fix NULL dereference on kmalloc failure (git-fixes).
- nfs: we don't support removing system.nfs4_acl (git-fixes).
- NFS: Correct size calculation for create reply length
- nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes).
- SUNRPC: Handle 0 length opaque XDR object data properly
- SUNRPC: Move simple_get_bytes and simple_get_netobj into
  private header (git-fixes).
- pNFS/NFSv4: Try to return invalid layout in
  pnfs_layout_process() (git-fixes).
- SUNRPC: stop printk reading past end of string (git-fixes).
- NFSv4.1 handle ERR_DELAY error reclaiming locking state on
  delegation recall (git-fixes).
- net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes).
- nfsd: Fix svc_xprt refcnt leak when setup callback client failed
- NFS: Fix memory leaks in nfs_pageio_stop_mirroring()
- NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context
  fails (git-fixes).
- sunrpc: fix crash when cache_head become valid before update
- fs: nfs: Fix possible null-pointer dereferences in
  encode_attrs() (git-fixes).
- NFSv2: Fix write regression (git-fixes).
- NFSv2: Fix eof handling (git-fixes).
- NFS: Fix initialisation of I/O result struct in
  nfs_pgio_rpcsetup (git-fixes).
- NFSv4: Fix return value in nfs_finish_open() (git-fixes).
- NFSv4: Fix return values for nfs4_file_open() (git-fixes).
- svcrdma: Ignore source port when computing DRC hash (git-fixes).
- net :sunrpc :clnt :Fix xps refcount imbalance on the error path
- nfsd: allow fh_want_write to be called twice (git-fixes).
- sunrpc: don't mark uninitialised items as VALID (git-fixes).
- nfsd: fix wrong check in write_v4_end_grace() (git-fixes).
- nfs: Fix NULL pointer dereference of dev_name (git-fixes).
- NFS: nfs_compare_mount_options always compare auth flavors
- nfsd: Return EPERM, not EACCES, in some SETATTR cases
- sunrpc: fix cache_head leak due to queued request (git-fixes).
- nfsd: fix a warning in __cld_pipe_upcall() (git-fixes).
- nfsd4: fix crash on writing v4_end_grace before nfsd startup
- lockd: fix decoding of TEST results (git-fixes).
- SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes).
- flexfiles: enforce per-mirror stateid only for v4 DSes
- flexfiles: use per-mirror specified stateid for IO (git-fixes).
- SUNRPC: Fix a bogus get/put in generic_key_to_expire()
- SUNRPC: drop pointless static qualifier in
  xdr_get_next_encode_buffer() (git-fixes).
- sunrpc: Fix connect metrics (git-fixes).
- SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes).
- NFSv4.x: fix lock recovery during delegation recall (git-fixes).
- SUNRPC: Don't call __UDPX_INC_STATS() from a preemptible context
- NFSv4: Fix open create exclusive when the server reboots
- commit 25159f5
- powerpc/pseries: unregister VPA when hot unplugging a CPU
  (bsc#1205695 ltc#200603).
- commit d06e561
- Fix kABI breakage in usb.h: struct usb_device:
  hide new member (bsc#1206664 CVE-2022-4662).
- USB: core: Prevent nested device-reset calls (bsc#1206664
- commit 3cb5d2f
- move new members of struct usbnet to end (git-fixes).
- commit 727de32
- CDC-NCM: remove "/connected"/ log message (git-fixes).
- commit 22cc214
- media: Don't let tvp5150_get_vbi() go out of vbi_ram_default
  array (git-fixes).
- commit 09471ab
- media: i2c: tvp5150: remove useless variable assignment in
  tvp5150_set_vbi() (git-fixes).
- commit 0f3eff0
- Bluetooth: L2CAP: Fix use-after-free caused by
  l2cap_reassemble_sdu (CVE-2022-3564 bsc#1206073).
- commit d5fc0df
- net: usb: cdc_ncm: don't spew notifications (git-fixes).
- commit 6849123
- net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes).
- commit b2fe9de
- net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes).
- commit bcc09f1
- rndis_host: increase sleep time in the query-response loop
- commit 7632b5d
- net: usb: qmi_wwan: restore mtu min/max values after raw_ip
  switch (git-fixes).
- commit b040831
- net: kalmia: fix memory leaks (git-fixes).
- commit c76568f
- net/usb/kalmia: use ARRAY_SIZE for various array sizing
  calculations (git-fixes).
- commit fefbe90
- net: kalmia: clean up bind error path (git-fixes).
- commit ba39d56
- net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes).
- commit a8619f3
- net: usb: asix: init MAC address buffers (git-fixes).
- commit b22ad3e
- net: usb: asix: ax88772_bind return error when hw_reset fail
- Refresh
- commit 65076ad
- blacklist.conf: duplicate
- commit 5f7f532
- net: usb: rtl8150: demote allmulti message to dev_dbg()
- commit 117cf2b
- kABI: mitigate new ufs_stats field (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper()
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it
- scsi: pmcraid: Fix missing resource cleanup in error case
- scsi: ipr: Fix missing/incorrect resource cleanup in error case
- scsi: lpfc: Fix port stuck in bypassed state after LIP in
  PT2PT topology (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: megaraid: Fix error check return value of
  register_chrdev() (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp()
- scsi: aha152x: Fix aha152x_setup() __setup handler return value
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: sr: Don't use GFP_DMA (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally
- scsi: libiscsi: Fix UAF in
  iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in
  scsi_add_host_with_dma() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake "/Unsupport"/ ->
  "/Unsupported"/ (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero
- scsi: ses: Retry failed Send/Receive Diagnostic commands
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sr: Return correct event when media event code is 3
- scsi: core: Avoid printing an error if target_alloc() returns
  - ENXIO (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach()
- scsi: megaraid_mm: Fix end of loop tests for
  list_for_each_entry() (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left
  shift of u8 (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg()
- scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST
  state (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling
- scsi: scsi_transport_srp: Don't block target in failfast state
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for
  suspend-to-disk ->poweroff() (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s
- scsi: ufs: Make sure clk scaling happens only when HBA is
  runtime ACTIVE (git-fixes).
- scsi: libiscsi: Fix NOP race condition (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: core: Don't start concurrent async scan on same host
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption
- scsi: qedi: Fix list_del corruption while removing active I/O
- scsi: ufs: ufs-qcom: Fix race conditions caused by
  ufs_qcom_testbus_config() (git-fixes).
- scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort
- commit 8407432
- net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes).
- commit ad34c09
- scsi: ufs: Clean up completed request without interrupt
  notification (git-fixes).
- Refresh
- commit 47def13
- scsi: ufs: Improve interrupt handling for shared interrupts
- scsi: ufs: Fix possible infinite loop in ufshcd_hold
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param()
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices
- scsi: scsi_transport_spi: Fix function pointer check
- scsi: sr: Fix sr_probe() missing deallocate of device minor
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj
- scsi: mpt3sas: Fix double free warnings (git-fixes).
- scsi: qedi: Fix termination timeouts in session logout
- scsi: qedi: Do not flush offload work if ARP not resolved
- scsi: iscsi: Report unbind session event when the target has
  been removed (git-fixes).
- scsi: aacraid: Disabling TM path and only processing IOP reset
- scsi: ipr: Fix softlockup when rescanning devices in petitboot
- scsi: Revert "/target: iscsi: Wait for all commands to finish
  before freeing a session"/ (git-fixes).
- scsi: iscsi: Don't destroy session if there are outstanding
  connections (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate
- scsi: ufs: Complete pending requests in host reset and restore
  path (git-fixes).
- scsi: libcxgbi: fix NULL pointer dereference in
  cxgbi_device_destroy() (git-fixes).
- scsi: iscsi: Don't send data to unbound connection (git-fixes).
- scsi: target: iscsi: Wait for all commands to finish before
  freeing a session (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: pm80xx: Fix for SATA device discovery (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
  SG_NONE (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes()
- scsi: aacraid: fix illegal IO beyond last LBA (git-fixes).
- scsi: mpt3sas: Fix clear pending bit in ioctl status
- scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE
- scsi: sni_53c710: fix compilation error (git-fixes).
- scsi: scsi_dh_alua: handle RTPG sense code correctly during
  state transitions (git-fixes).
- scsi: megaraid: disable device when probe failed after enabled
  device (git-fixes).
- scsi: ufs: skip shutdown if hba is not powered (git-fixes).
- scsi: core: Reduce memory required for SCSI logging (git-fixes).
- scsi: hpsa: correct scsi command status issue after reset
- commit 01813b3
- scsi: scsi_dh_alua: always use a 2 second delay before retrying
  RTPG (git-fixes).
- Refresh
- commit 37a1f9a
- scsi: megaraid_sas: fix panic on loading firmware crashdump
- scsi: libcxgbi: add a check for NULL pointer in
  cxgbi_check_route() (git-fixes).
- scsi: qedi: Abort ep termination if offload not scheduled
- scsi: ufs: Fix regulator load and icc-level configuration
- scsi: ufs: Avoid configuring regulator with undefined voltage
  range (git-fixes).
- scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails
- scsi: qla4xxx: fix a potential NULL pointer dereference
- scsi: iscsi: flush running unbind operations when removing a
  session (git-fixes).
- scsi: megaraid_sas: reduce module load time (git-fixes).
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
- scsi: libsas: Check SMP PHY control function result (git-fixes).
- scsi: 53c700: pass correct "/dev"/ to dma_alloc_attrs()
- scsi: ufs: Fix system suspend status (git-fixes).
- scsi: qla4xxx: check return code of
  qla4xxx_copy_from_fwddb_param (git-fixes).
- scsi: vmw_pscsi: Rearrange code to avoid multiple calls to
  free_irq during unload (git-fixes).
- scsi: libiscsi: Fix NULL pointer dereference in
  iscsi_eh_session_reset (git-fixes).
- scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes).
- scsi: dc395x: fix dma API usage in srb_done (git-fixes).
- scsi: iscsi_tcp: Explicitly cast param in
  iscsi_sw_tcp_host_get_param (git-fixes).
- scsi: isci: Change sci_controller_start_task's return type to
  sci_status (git-fixes).
- scsi: isci: Use proper enumerated type in
  atapi_d2h_reg_frame_handler (git-fixes).
- scsi: ips: fix missing break in switch (git-fixes).
- scsi: NCR5380: Check for bus reset (git-fixes).
- scsi: NCR5380: Handle BUS FREE during reselection (git-fixes).
- scsi: NCR5380: Don't call dsprintk() following reselection
  interrupt (git-fixes).
- scsi: NCR5380: Don't clear busy flag when abort fails
- scsi: NCR5380: Check for invalid reselection target (git-fixes).
- scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data
- scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE
- scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes).
- scsi: NCR5380: Clear all unissued commands on host reset
- scsi: pm80xx: Fixed system hang issue during kexec boot
- scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes).
- scsi: sd: don't crash the host on invalid commands (git-fixes).
- scsi: ibmvscsis: Ensure partition name is properly NUL
  terminated (git-fixes).
- scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes).
- scsi: 3ware: fix return 0 on the error path of probe
- scsi: vmw_pvscsi: Return DID_RESET for status
- scsi: fcoe: drop frames in ELS LOGO error path (git-fixes).
- scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send
- commit 629211b
- blacklist.conf: add git-fix commits to black list
- commit 77cd26b
- drm/amdkfd: Check for null pointer after calling kmemdup
  (CVE-2022-3108 bsc#1206389 git-fixes).
- commit d5c766f
- Update
  (CVE-2022-3107 bsc#1206395 git-fixes).
- commit 060c52f
- blacklist.conf: Risky, requires reworking of mempolicies
- commit f553475
- blacklist.conf: Risky semantic change for hugetlbfs runtime allocation
- commit d2abfa4
- blacklist.conf: fixes for old ftrace bugs, too intrusive
- commit 16e8a4b
- blacklist.conf: afs fixes which is not compiled
- commit e4c8294
- tracing: Fix code comments in trace.c (git-fixes).
- commit ec2222c
- blacklist.conf: code style cleanup for kernel/module
- commit 4ec89b1
- blacklist.conf: cosmetic fix
- commit 69fb632
- Bluetooth: hci_qca: Fix the teardown problem for real
- commit d54a6b7
- memcg: Fix possible use-after-free in
  memcg_write_event_control() (bsc#1206344).
- commit 2e65110
- blacklist.conf: removes an API
- commit e61353f
- net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes).
- commit f421241
- ext4: Fixup pages without buffers (bsc#1205495).
- commit 707f425
- Add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- commit 9d41244
- usb: dwc3: gadget: only unmap requests from DMA if mapped
- Refresh
- Refresh
- commit 5538962
- powerpc/boot: Explicitly disable usage of SPE instructions
- commit 4db02b2
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE
  This new form was added in commit b8c86872d1dc (riscv: fix detection of
  toolchain Zicbom support).
- commit e9f2ba6
- Add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- commit 888e01e
- mm, page_alloc: avoid expensive reclaim when compaction may
  not succeed (bsc#1204250).
- commit 16163cf
- rpm/check-for-config-changes: loosen pattern for AS_HAS_*
  This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- commit bdc0bf7
- arm64: Discard .note.GNU-stack section (bsc#1203693 bsc#1209798).
- commit cab7952
- Revert "/constraints: increase disk space for all architectures"/
  This reverts commit 43a9011f904bc7328d38dc340f5e71aecb6b19ca.
- commit 3d33373
- constraints: increase disk space for all architectures
  References: bsc#1203693
  aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is
  very close to the limit.
- commit 43a9011
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
- commit 7e1d602
- Update logrotate script, call systemd to reload the services
  instead of init-scripts; (bsc#1206152);
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
- LVM volume groups are not being cleaned up after kiwi image build (bsc#1142550)
  + bug-1142550_02-LVM-vg-are-not-being-cleaned-up-after-kiwi-image-build.patch
- update to NSS 3.79.4 (bsc#1208138)
  * Bug 1804640 - improve handling of unknown PKCS#12 safe bag types.
- Add upstream patch nss-fix-bmo1774654.patch to fix CVE-2022-3479
- update to NSS 3.79.3 (bsc#1207038)
  * Bug 1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3 TrustCor Root Certificates
- 0204-Don-t-assume-the-machine-account-will-be-in-upp.patch
  Be more flexabily with case of machine account name
- 0203-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
- Fix DH key generation in FIPS mode, add support for constant BN for
  DH parameters [bsc#1202062]
  * Add patch: openssl-fips_fix_DH_key_generation.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
  - openssl-Groundwork-for-a-perl-based-testing-framework.patch
  - openssl-Add-recipes-for-the-larger-protocols.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add openssl-CVE-2022-4304.patch
- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch
- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
- Security Fix: [bsc#1207533, CVE-2023-0286]
  * Fix X.400 address type confusion in X.509 GENERAL_NAME_cmp
    for x400Address
  * Add openssl-CVE-2023-0286.patch
- Security Fix: [bsc#1207536, CVE-2023-0215]
  * Use-after-free following BIO_new_NDEF()
  * Add patches:
  - openssl-CVE-2023-0215-1of4.patch
  - openssl-CVE-2023-0215-2of4.patch
  - openssl-CVE-2023-0215-3of4.patch
  - openssl-CVE-2023-0215-4of4.patch
- Security Fix: [bsc#1207538, CVE-2022-4450]
  * Double free after calling PEM_read_bio_ex()
  * Add patches:
  - openssl-CVE-2022-4450-1of2.patch
  - openssl-CVE-2022-4450-2of2.patch
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Timing Oracle in RSA Decryption
  * Add patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
- Add require-writable.patch to support the optional argument
  "/require_writable"/ in "/from_buffer"/ method, that's used by the
  python-cryptography security fix gh#pyca/cryptography@9fbf84efc861
  (bsc#1208036, CVE-2023-23931)
  The upstream patch can be found here:
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects
- Add patch CVE-2022-42969-remove-svn-traces.patch:
  * Stop using or advertising svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Remove the _path testing configuration file too, so the testsuite runs.
- Remove all traces of py._path.svn{url,wc}. (bsc#1204364, CVE-2022-42969)
- Add CVE-2022-40897-ReDos.patch to fix Regular Expression Denial of Service
  (ReDoS) in
- Add wheel_cve_2022_40898.patch (bsc#1206670)
  + Update regular expression to parse wheel data, CVE-2022-40898
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add CVE-2022-40899-ReDos-cookiejar.patch to Fix REDoS in http.cookiejar
  (gh#python/cpython#17157, bsc#1206673, CVE-2022-40899)
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add bsc1188607-pythreadstate_clear-decref.patch to fix crash in
  the garbage collection (bsc#1188607).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).
- CVE-2022-38023: Additional patches for the PDC role's netlogon
  server; (bso#15240); (bsc#1206504);
- CVE-2021-20251: samba: Bad password count not incremented
  atomically; (bso#14611); (bsc#1206546).
  * CVE-2022-37966 rc4-hmac Kerberos session keys issued to
    modern servers; (bso#15237); (bsc#1205385);
- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * Add sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.
- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "/sudo -U otheruser -l"/ would dereference
    a NULL pointer.
- Added sudo-CVE-2023-22809.patch
  * CVE-2023-22809
  * bsc#1207082
  * Prevent '--' in the EDITOR environment variable which can allow
    users to edit sensitive files as root.
- Modified sudo-1-8-27-bsc1201462-ignore-no-sudohost.patch
  * Fixes crash while using sssd plugin caused by regression
    introduced by this patch
  * bsc#1206170
- Import commit 95ad6444b8d4c9cbd6c745ba9b4463264109ee11
  acb6da7b4a pager: make pager secure when under euid is changed or explicitly requested
  7c8bbe16a2 pager: set $LESSSECURE whenver we invoke a pager (bsc#1208958 CVE-2023-26604)
  e931881112 core: if the start command vanishes during runtime don't hit an assert (bsc#1206985)
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436-1.patch
  * bsc1202436-2.patch
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * bsc1202436.patch
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
- Updated to version 9.0 with patch level 1234, fixes the following security problems
  * Fixing bsc#1207396 VUL-0: CVE-2023-0433: vim: Heap-based Buffer Overflow in vim prior to 9.0.1225
  * Fixing bsc#1207162 VUL-1: CVE-2023-0288: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189.
  * Fixing bsc#1206868 VUL-1: CVE-2023-0054: vim: Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
  * Fixing bsc#1206867 VUL-1: CVE-2023-0051: vim: Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
  * Fixing bsc#1206866 VUL-1: CVE-2023-0049: vim: Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
  * Fixing bsc#1206028 VUL-0: CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742
  * Fixing bsc#1206071 VUL-0: CVE-2022-3520: vim: Heap-based Buffer Overflow
  * Fixing bsc#1206072 VUL-0: CVE-2022-3591: vim: Use After Free
  * Fixing bsc#1206075 VUL-0: CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882.
  * Fixing bsc#1206077 VUL-0: CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804.
  * Fixing bsc#1205797 VUL-0: CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11
  * Fixing bsc#1204779 VUL-0: CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c
- refreshed vim-7.4-highlight_fstab.patch
- for the complete list of changes see
- Do not fail when the installation URL contains a space
- 3.3.5
- Follow up fix for bsc#1203652 due to libxml2 breakage
  * bsc1203652-2.patch