- Backport needs-rebooting command from Code15 (bsc#1217948)
- BuildRequires:  libzypp-devel >= 16.22.11.
- version 1.13.65
- bsc#1215801: Use system-supplied libevent instead of local copy.
- PCI: Disable ATS for specific Intel IPU E2000 devices
- commit 6c47e22

- Fix build error in debug config
- commit f49e139

- smb: client: fix potential OOB in smb2_dump_detail()
  (bsc#1217946 CVE-2023-6610).
- commit 04b527b

- smb: client: fix potential OOB in smb2_dump_detail()
  (bsc#1217946 CVE-2023-6610).
- commit 74aafd7

- Revert "Limit kernel-source-azure build to architectures for which we build binaries (bsc#1108281)."
  This reverts commit c0310207b48a78630044967e30dbace7bd25c57b.
- commit 1799de4

- Limit kernel-source build to architectures for which the kernel binary
  is built (bsc#1108281).
- commit 08a9e44

- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1202095 CVE-2022-2586).
- commit 32951b9

- netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1202095 CVE-2022-2586).
- commit d107d27

- netfilter: preserve KABI for struct nft_set (bsc#1202095 CVE-2022-2586).
- commit b3d22c5

- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (bsc#1202095 CVE-2022-2586).
- commit 61a0caa

- Resolve build warnings from previous series due to missing commit for
  Ice Lake freerunning counters
  perf/x86/intel/uncore: Add box_offsets for free-running counters
  (jsc#PED-5023 bsc#1211439).
- commit 8524ea3

- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
  (CVE-2023-51779 bsc#1218559).
- commit f63e944

- blacklist.conf: update blacklist
- commit 6de7142

- xhci: Clear EHB bit only at end of interrupt handler
- commit 21f5e35

- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
- commit d5b5186

- md/raid1: fix error: ISO C90 forbids mixed declarations
- commit c63e55d

- dm-integrity: don't modify bio's immutable bio_vec in
  integrity_metadata() (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
  md_set_readonly() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
- bcache: add code comments for bch_btree_node_get() and
  __bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
  btree_gc_coalesce() (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
- md/raid1: hold the barrier until handle_read_error() finishes
- md/raid1: free the r1bio before waiting for blocked rdev
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
  progress (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
  error paths (git-fixes).
- md/raid0: add discard support for the 'original' layout
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
  consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
- nbd: Add the maximum limit of allocated index in nbd_dev_add
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
  error path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
- dm stats: check for and propagate alloc_percpu failure
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create()
  fails (git-fixes).
- dm cache: add cond_resched() to various workqueue loops
- dm thin: add cond_resched() to various workqueue loops
- dm: remove flush_scheduled_work() during local_exit()
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors
- commit 640b528

- Previous perf cve-4.12->SLE12-SP5 manual merge was incorrect. Fix.
- Refresh
- Refresh patches.suse/perf-Fix-perf_event_validate_size.patch.
- commit 3382aa6

- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
  When MULTIBUILD option in config.sh is enabled generate a _multibuild
  file listing all spec files.
- commit f734347

- Build in the correct KOTD repository with multibuild
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  With multibuild setting repository flags is no longer supported for
  individual spec files - see
  Add ExclusiveArch conditional that depends on a macro set up by
  bs-upload-kernel instead. With that each package should build only in
  one repository - either standard or QA.
  Note: bs-upload-kernel does not interpret rpm conditionals, and only
  uses the first ExclusiveArch line to determine the architectures to
- commit aa5424d

- blacklist.conf: Add 1ca0b6051505 cgroup: Remove duplicates in cgroup v1 tasks file
- commit a77e914

- blacklist.conf: add non-backport commits of git-fixes
- commit 4d91f49

- blacklist.conf: change to logging only
- commit a144be1

- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- commit 0feae40

- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- commit d343735

- Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237
- Bluetooth: hci_event: Fix coding style (bsc#1215237
- Bluetooth: hci_event: Fix using memcmp when comparing keys
  (bsc#1215237 CVE-2020-26555).
- commit eb3189f

- Bluetooth: Reject connection with the device which has same
  BD_ADDR (bsc#1215237 CVE-2020-26555).
- commit fea8835

- Bluetooth: hci_event: Ignore NULL link key (bsc#1215237
- commit c0e1033

- perf/x86/intel/uncore: Fix reference count leak in
  __uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix reference count leak in
  snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
  PMU (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
  server (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix integer overflow on 23 bit left
  shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running
  events (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix oops when counting IMC uncore events
  on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix missing marker for
  snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439
- commit 1cc4e6d

- perf: Fix perf_event_validate_size() lockdep splat
  (CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
- commit 6cfe60a

- smb: client: fix OOB in smbCalcSize() (bsc#1217947
- commit d398d5f

- smb: client: fix OOB in smbCalcSize() (bsc#1217947
- commit 6765acb

- perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023
- commit 60ab65b

- perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023
- commit fac3f56

- perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023
- commit 7c0409f

- perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023
- commit f918ead

- perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023
- Refresh
- commit c544da1

- perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023
- commit 5b98b63

- perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023
- commit 0e12a3f

- perf/x86/intel: Fix Ice Lake event constraint table
  (jsc#PED-5023 bsc#1211439).
- commit cd283d5

- perf/x86/intel/uncore: Update Ice Lake uncore units
  (jsc#PED-5023 bsc#1211439).
- commit 0e10240

- perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR
  uncore support (jsc#PED-5023 bsc#1211439).
- commit 9c5fb1a

- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to
  the to Intel CPU family (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit 2561a0a

- perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023
- Refresh
- commit 2e1087f

- x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023
- commit 5b5d85f

- perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023
- commit c6183ea

- perf/x86/intel/uncore: Add Ice Lake server uncore support
  (jsc#PED-5023 bsc#1211439).
- commit 4150606

- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box
  (jsc#PED-5023 bsc#1211439).
- commit c73e167

- perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023
- Refresh
- Refresh
- Refresh
- commit f5492f0

- perf/x86/cstate: Update C-state counters for Ice Lake
  (jsc#PED-5023 bsc#1211439).
- Refresh
- commit fef0544

- perf/x86/msr: Add new CPU model numbers for Ice Lake
  (jsc#PED-5023 bsc#1211439).
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- commit 68588a6

- perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023
- commit 2ec338b

- x86/cpu: Add Comet Lake to the Intel CPU models header
  (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit bd3eac7

- x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023
- blacklist.conf:
- Refresh patches.suse/x86-CPU-Add-Icelake-model-number.patch.
- Refresh patches.suse/x86-cpu-sanitize-fam6_atom-naming.patch.
- commit 45e2da6

- perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023
- Refresh
- Refresh
- commit ebba1f6

- perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x
  register (jsc#PED-5023 bsc#1211439).
- commit b357e8f

- perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge
  (jsc#PED-5023 bsc#1211439).
- commit 1e6f0c4

- perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023
- commit b9f2803

- perf/x86/intel/uncore: Support MMIO type uncore blocks
  (jsc#PED-5023 bsc#1211439).
- Refresh
- commit 2ed2c09

- perf/x86/intel/uncore: Factor out box ref/unref functions
  (jsc#PED-5023 bsc#1211439).
- commit 9298d3b

- perf/x86/intel/uncore: Add uncore support for Snow Ridge server
  (jsc#PED-5023 bsc#1211439).
- Refresh
- Refresh
- Refresh
- Refresh
- commit 6e7af12

- perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023
- Refresh
- Refresh
- commit ba0eb7e

- perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- commit 7786ce1

- perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake,
  AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439).
- commit 4d459ae

- perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs
  (jsc#PED-5023 bsc#1211439).
- commit 1e8abbc

- perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023
- Refresh
- Refresh
- Refresh
- commit 55befa5

- x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023
- Refresh
- commit 34f99e6

- s390/vx: fix save/restore of fpu kernel context (git-fixes
- commit 657e47b

- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- commit 6f2b20c

- Input: powermate - fix use-after-free in
  powermate_config_complete (git-fixes).
- commit 6690cf9

- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 64cb7dc

- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
  packet (bsc#1218253 CVE-2023-6932).
- commit ebe786a

- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors
- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 9108d42

- tracing: Update snapshot buffer on resize if it is allocated
- commit 30f36d0

- ring-buffer: Fix memory leak of free page (git-fixes).
- commit 7dfbb97

- blacklist.conf: add a not-relevant ftrace fix
- commit 09bf0c1

- blacklist.conf: false positive
- commit 71ff422

- r8152: Add RTL8152_INACCESSIBLE checks to more loops
- commit 6e72146

- net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed
- commit ce068ed

- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
- commit 715a8e7

- blacklist.conf: update blacklist
- commit 9a12072

- blacklist.conf: update blacklist
- commit cc9998b

- net: stmmac: Move debugfs init/exit to ->probe()/->remove() (git-fixes).
- commit e003b9a

- net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes).
- commit 39aa8c8

- net: macb: disable scatter-gather for macb on sama5d3 (git-fixes).
- commit a5f5aa8

- netfilter: nft_compat: use-after-free when deleting targets
- commit 2ea1f0c

- netfilter: nf_tables: fix use-after-free when deleting compat
  expressions (git-fixes).
- commit b4fa1c0

- tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes).
- commit b480783

- blacklist.conf: update blacklist
- commit 14f35e3

- netfilter: ebtables: also count base chain policies (git-fixes).
- Refresh
- commit 051bd2a

- netfilter: ebtables: compat: un-break 32bit setsockopt when
  no rules are present (git-fixes).
- Refresh
- commit 332123a

- netfilter: ebtables: don't attempt to allocate 0-sized compat
  array (git-fixes).
- Refresh
- commit 39f9e26

- netfilter: preserve KABI for xt_compat_init_offsets (git-fixes).
- commit 71e46a5

- netfilter: compat: reject huge allocation requests (git-fixes).
- commit f398964

- netfilter: compat: prepare xt_compat_init_offsets to return
  errors (git-fixes).
- commit a1a8d4f

- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057).
- commit d3f8ccb

- tracing: Disable snapshot buffer when stopping instance tracers
- commit b07eab3

- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 5c0c11a

- tracing: Always update snapshot buffer size (git-fixes).
- commit c831a81

- tracing: relax trace_event_eval_update() execution with
  cond_resched() (git-fixes).
- commit f1e2f19

- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit 50692e8

- README.BRANCH: update maintainers list
- commit 4795fb8

- ipv6/addrconf: fix a potential refcount underflow for idev
- commit 0afb0f6

- ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
- commit a02e296

- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
- commit 934530e

- sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
- commit 96165ef

- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
- commit 42264ea

- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
- commit 8fe5105

- xsk: Fix incorrect netdev reference count (git-fixes).
- commit 2ed0c59

- xfrm: reuse uncached_list to track xdsts (git-fixes).
- blacklist.conf: remove from the blacklist
- Refresh
- Refresh
- commit 38edc03

- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
- commit b55327d

- tracing: Fix a possible race when disabling buffered events
- commit 5f21a8d

- net: usb: ax88179_178a: fix failed operations during
  ax88179_reset (git-fixes).
- commit 9041dc6

- r8152: Cancel hw_phy_work if we have an error in probe
- commit 6ae718a

- r8152: Run the unload routine if we have errors during probe
- commit d668b36

- r8152: Increase USB control msg timeout to 5000ms as per spec
- commit 3e20995

- tracing: Fix a warning when allocating buffered events fails
- commit 80b9661

- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
- commit 9c4175d

- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
- commit 4da118c

- nvmet: nul-terminate the NQNs passed in the connect command
  (bsc#1217250 CVE-2023-6121).
- commit 2021a67

- tracing: Fix incomplete locking when disabling buffered events
- commit 9d8e191

- tracing: Fix warning in trace_buffered_event_disable()
  (git-fixes, bsc#1217036).
- commit 693b5e0

- kernel-source: Remove config-options.changes (jsc#PED-5021)
  The file doc/config-options.changes was used in the past to document
  kernel config changes. It was introduced in 2010 but haven't received
  any updates on any branch since 2015. The file is renamed by tar-up.sh
  to config-options.changes.txt and shipped in the kernel-source RPM
  package under /usr/share/doc. As its content now only contains outdated
  information, retaining it can lead to confusion for users encountering
  this file.
  Config changes are nowadays described in associated Git commit messages,
  which get automatically collected and are incorporated into changelogs
  of kernel RPM packages.
  Drop then this obsolete file, starting with its packaging logic.
  For branch maintainers: Upon merging this commit on your branch, please
  correspondingly delete the file doc/config-options.changes.
- commit adedbd2

- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
  Reduce indentation in the list of references, make the style consistent
  with README.md.
- commit 70e3c33

- doc/README.SUSE: Add how to update the config for module signing
  Configuration files for SUSE kernels include settings to integrate with
  signing support provided by the Open Build Service. This creates
  problems if someone tries to use such a configuration file to build
  a "standalone" kernel as described in doc/README.SUSE:
  * Default configuration files available in the kernel-source repository
  unset CONFIG_MODULE_SIG_ALL to leave module signing to
  pesign-obs-integration. In case of a "standalone" build, this
  integration is not available and the modules don't get signed.
  * The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
  ".kernel_signing_key.pem" which is a file populated by certificates
  provided by OBS but otherwise not available. The value ends up in
  /boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
  decides to use one of these files as their base configuration then the
  build fails with an error because the specified module signing key is
  Add information on how to enable module signing and where to find the
  relevant upstream documentation.
- commit a699dc3

- net/ulp: use consistent error code when blocking ULP
  (CVE-2023-0461 bsc#1208787 bsc#1217079).
- net/ulp: prevent ULP without clone op from entering the LISTEN
  status (CVE-2023-0461 bsc#1208787 bsc#1217079).
- commit fb04b97

- doc/README.SUSE: Remove how to build modules using kernel-source
  Remove the first method how to build kernel modules from the readme. It
  describes a process consisting of the kernel-source installation,
  configuring this kernel and then performing an ad-hoc module build.
  This method is not ideal as no modversion data is involved in the
  process. It results in a module with no symbol CRCs which can be wrongly
  loaded on an incompatible kernel.
  Removing the method also simplifies the readme because only two main
  methods how to build the modules are then described, either doing an
  ad-hoc build using kernel-devel, or creating a proper Kernel Module
- commit 9285bb8

- Revert "Bluetooth: btsdio: fix use after free bug in
  btsdio_remove due to unfinished work" (git-fixes).
- commit a2b7495

- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: fix io loss while replacement replace rdev
- md/raid10: Do not add spare disk when recovery fails
- md/raid10: clean up md_add_new_disk() (git-fixes).
- md/raid10: prioritize adding disk to 'removed' mirror
- md/raid10: improve code of mrdev in raid10_sync_request
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request
- md/bitmap: factor out a helper to set timeout (git-fixes).
- md/bitmap: always wake up md_thread in timeout_store
- dm-raid: remove useless checking in raid_message() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md: fix data corruption for raid456 when reshape restart while
  grow up (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery
- md/raid10: fix null-ptr-deref in raid10_sync_request
- md: avoid signed overflow in slot_store() (git-fixes).
- md: fix incorrect declaration about claim_rdev in
  md_import_device (git-fixes).
- md: remove lock_bdev / unlock_bdev (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: do not return existing mddevs from mddev_find_or_alloc
- md: refactor mddev_find_or_alloc (git-fixes).
- md: factor out a mddev_alloc_unit helper from mddev_find
- md: get sysfs entry after redundancy attr group create
- commit 293695f

- md: fix deadlock causing by sysfs_notify (git-fixes).
- Refresh patches.kabi/md-backport-kabi.patch.
- commit f6c5a12

- md: flush md_rdev_misc_wq for HOT_ADD_DISK case (git-fixes).
- md: add new workqueue for delete rdev (git-fixes).
- commit 17e8908

- blacklist.conf: update for non-backport commits
- commit 8da9f2d

- usb-storage: fix deadlock when a scsi command timeouts more
  than once (git-fixes).
- commit cf05cec

- USB: serial: option: add UNISOC vendor and TOZED LT70C product
- commit 762e0de

- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- Refresh
- commit b94685a

- USB: serial: option: add Telit FE990 compositions (git-fixes).
- commit 55c3b8d

- blacklist.conf: cleanup
- commit 8877293

- blacklist.conf: pure cleanup
- commit e8a295a

- usb: typec: tcpm: Fix altmode re-registration causes sysfs
  create fail (git-fixes).
- commit fc9ee7b

- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: mana: Fix MANA VF unload when hardware is unresponsive
- commit 66a91f5

- Update patches.kabi/NFSv4-Fix-OPEN-CLOSE-race-FIX.patch
  (bsc#1176950, bsc#1217525).
- Refresh
- commit 70e60bf

- netfilter: conntrack: dccp: copy entire header to stack buffer,
  not just basic one (CVE-2023-39197 bsc#1216976).
- commit 91c26b6

- kernel-binary: suse-module-tools is also required when installed
  Requires(pre) adds dependency for the specific sciptlet.
  However, suse-module-tools also ships modprobe.d files which may be
  needed at posttrans time or any time the kernel is on the system for
  generating ramdisk. Add plain Requires as well.
- commit 8c12816

- Revert "tracing: Fix warning in trace_buffered_event_disable()"
  Temporarily revert the commit. It exposed a separate issue related to
  trace buffered event synchronization which needs to be fixed first.
- commit 579dd1d

- README.SUSE: fix patches.addon use
  It's series, not series.conf in there.
  And make it more precise on when the patches are applied.
- commit cb8969c

- Do not store build host name in initrd
  Without this patch, kernel-obs-build stored the build host name
  in its .build.initrd.kvm
  This patch allows for reproducible builds of kernel-obs-build and thus
  avoids re-publishing the kernel-obs-build.rpm when nothing changed.
  Note that this has no influence on the /etc/hosts file
  that is used during other OBS builds.
- commit fd3a75e

- cpu/hotplug: Create SMT sysfs interface for all arches
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- Refresh patches.suse/cpu-SMT-Move-SMT-prototypes-into-cpu_smt.h.patch.
- Refresh patches.suse/cpu-SMT-Store-the-current-max-number-of-threads.patch.
- Refresh patches.suse/cpu-smt-create-and-export-cpu_smt_possible.patch.
- Refresh patches.suse/x86-power-Fix-nosmt-vs-hibernation-triple-fault-duri.patch.
- commit f37a0c7

- Update config files.
- commit dbf7641

- s390/cio: unregister device when the only path is gone
  (git-fixes bsc#1217607).
- commit 750467a

- s390/dasd: use correct number of retries for ERP requests
  (git-fixes bsc#1217604).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
- commit d2fc41b

- cpu/SMT: Remove topology_smt_supported() (bsc#1214408).
- commit 3012e9b

- cpu/SMT: Store the current/max number of threads (bsc#1214408).
- Refresh
- commit bfa1761

- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214408).
- commit acb1c39

- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214408).
- Refresh
- commit 76bedc5

- s390/dasd: protect device queue against concurrent access
  (git-fixes bsc#1217519).
- commit dab3b0f

- tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and
  docker together (bsc#1216031).
- commit f260538

- Ensure ia32_emulation is always enabled for kernel-obs-build
  If ia32_emulation is disabled by default, ensure it is enabled
  back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
  [ms: Always pass the parameter, no need to grep through the config which
  may not be very reliable]
- commit 56a2c2f

- rpm: Define git commit as macro
- commit bcc92c8

- kernel-source: Move provides after sources
- commit dbbf742

- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
- commit 9922921

- xfs: make sure maxlen is still congruent with prod when rounding
  down (git-fixes).
- commit 0154927

- xfs: fix units conversion error in xfs_bmap_del_extent_delay
- commit 6c99467

- l2tp: fix refcount leakage on PPPoL2TP sockets (git-fixes).
- commit 0e54c67

- l2tp: fix {pppol2tp, l2tp_dfs}_seq_stop() in case of seq_file
  overflow (git-fixes).
- commit 28faea4

- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit f386e74

- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
  Implement KABI fix for above
- commit 5b65c0e

- perf/core: Fix __perf_read_group_add() locking (bsc#1216584
- perf/core: Fix locking for children siblings group read
  (bsc#1216584 CVE-2023-5717).
- commit 8ccfe6e

- s390/crashdump: fix TOD programmable field size (git-fixes
- commit 9780bde

- blacklist.conf: Add a not-suitable kprobes patch
- commit 0eb14eb

- ring-buffer: Avoid softlockup in ring_buffer_resize()
- commit d8d3409

- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
- scsi: qla2xxx: Fix double free of dsd_list during driver load
- commit 9172a73

- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
  Not supported by our compiler.
- commit eb32b5a

- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
  (LTC#203996 bsc#1217087).
- commit 3a41a21

- s390/cmma: fix detection of DAT pages (LTC#203996 bsc#1217087).
- commit b4ffc60

- s390/mm: add missing arch_set_page_dat() call to gmap
  allocations (LTC#203996 bsc#1217087).
- commit 1b2cc83

- s390/mm: add missing arch_set_page_dat() call to
  vmem_crst_alloc() (LTC#203996 bsc#1217087).
- commit 0dd665d

- s390/cmma: fix initial kernel address space page table walk
  (LTC#203996 bsc#1217087).
- commit 1ad76c2

- igb: set max size RX buffer when store bad packet is enabled
  (bsc#1216259 CVE-2023-45871).
- commit d675d77

- drm/qxl: fix UAF on handle creation (CVE-2023-39198
- commit 9ba677b

- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
  HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit b07c667

- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
  Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
  to fix build on x86_32.
  There was a fix submitted to upstream but it was not accepted:
  So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37

- net-memcg: Fix scope of sockmem pressure indicators
- commit 508863b

- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
- commit 0f8804e

- USB: ene_usb6250: Allocate enough memory for full object
  (bsc#1216051 CVE-2023-45862).
- commit 6d3e018

- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
- commit 64da298

- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216513).
- commit 5844864

- sched/fair: Don't balance task to its current running CPU
  (git fixes (sched)).
- sched/core: Mitigate race
  cpus_share_cache()/update_top_cache_domain() (git fixes
- sched: Reenable interrupts in do_sched_yield() (git fixes
- sched: correct SD_flags returned by tl->sd_flags() (git fixes
- sched: Avoid scale real weight down to zero (git fixes (sched)).
- sched/core: Fix migration to invalid CPU in
  __set_cpus_allowed_ptr() (git fixes (sched)).
- sched/rt: Restore rt_runtime after disabling RT_RUNTIME_SHARE
  (git fixes (sched)).
- sched/rt: Minimize rq->lock contention in
  do_sched_rt_period_timer() (git fixes (sched)).
- commit 913e5fc

- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit b83449b

- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9afb234

- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit bb2fa98

- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit d6a80de

- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit ede2396

- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit 8fb5a69

- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 1100fe5

- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit c026b47

- blacklist.conf: Potentially surprising change in behaviour, fix only in the event of a customer bug
- commit 0f74b6a

- blacklist.conf: Fix only in the event of a customer bug
- commit 17b0259

- blacklist.conf: Mostly cosmetic fix to a build warning
- commit 1af83e7

- blacklist.conf: Fix to experimental feature, fix only in the event of a customer bug
- commit 56273cd

- blacklist.conf: Complex dependencies missing that applies to an extreme corner case, fix only in the event of a customer bug
- commit d67ae17

- blacklist.conf: Complex dependencies missing, fix only in the event of a customer bug
- commit 9b299fd

- blacklist.conf: KABI hazard, fix only in the event of a customer bug
- commit cd58927

- blacklist.conf: Guard against unlikely tuning value, fix only in the event of a customer bug
- commit 166c336

- blacklist.conf: Missing dependencies, fix only in the event of a customer bug
- commit cbebcfe

- blacklist.conf: Sparse warning fix
- commit b199522

- blacklist.conf: Cosmetic, debugging patch for unused config
- commit 22b7a31

- iommu/amd: Set iommu->int_enabled consistently when interrupts
  are set up (bsc#1206010).
- commit d889c94

- iommu/amd: Remove useless irq affinity notifier (bsc#1206010).
- Delete patches.kabi/kABI-Fix-kABI-for-struct-amd_iommu.patch.
- commit 2e08e52

- kabi: iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
- iommu/amd: Fix IOMMU interrupt generation in X2APIC mode
- commit 422a4d8

- virtio_balloon: fix increment of vb->num_pfns in fill_balloon()
- commit 595e0b1

- 9p: virtio: make sure 'offs' is initialized in zc_request
- commit 10bf215

- blacklist.conf: add "hwrng: virtio - Fix race on data_avail and actual data"
- commit c5a6489

- virtio_net: Fix error unwinding of XDP initialization
- commit 2d8db2e

- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 4eba973

- virtio: Protect vqs list access (git-fixes).
- commit 0445801

- crypto: virtio: Fix use-after-free in
  virtio_crypto_skcipher_finalize_req() (git-fixes).
- commit 1c1619c

- vsock/virtio: add transport parameter to the
  virtio_transport_reset_no_sock() (git-fixes).
- Refresh
- commit b2f8fd4

- virtio_balloon: fix deadlock on OOM (git-fixes).
- commit 55dd88a

- xen-netback: use default TX queue size for vifs (git-fixes).
- commit bcb62a2

- xen/x86: obtain full video frame buffer address for Dom0 also
  under EFI (bsc#1215743).
- commit 04d5576

- xen/x86: obtain upper 32 bits of video frame buffer address
  for Dom0 (bsc#1215743).
- commit e0fb7ee

- s390/ptrace: fix setting syscall number (git-fixes bsc#1216340).
- commit 46941f7

- usb: typec: altmodes/displayport: fix pin_assignment_show
- commit d110fbf

- usb: typec: altmodes/displayport: Fix configure initial pin
  assignment (git-fixes).
- commit 849955e

- net: usb: dm9601: fix uninitialized variable use in
  dm9601_mdio_read (git-fixes).
- commit f96b2d4

- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
  xsa-441, cve-2023-34324).
- commit a9545c4

- blacklist.conf: risky backport that doesn't fix any actual bug
- commit 3d04b1a

- s390/vdso: add missing FORCE to build targets (git-fixes
- commit cd866ae

- blacklist.conf: does not really fix any bug
- commit cba9926

- blacklist.conf: changes exported symbol
- commit d468872

- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- commit 3f2541c

- blacklist.conf: cleanup, not fix
- commit 23ed894

- audit: fix potential double free on error path from
  fsnotify_add_inode_mark (git-fixes).
- commit 4086838

- blacklist.conf: irrelevant in our configs
- commit 60908b6

- tools/thermal: Fix possible path truncations (git-fixes).
- commit 012a1c3

- blacklist.conf: build only fix
- commit 9be29dc

- KVM: s390: fix sthyi error handling (git-fixes bsc#1216107).
- commit 1e42611

- blacklist.conf: the codebase changed too much to backport the patch
- commit 79518bf

- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
- commit 1a88b87

- mm, memcg: reconsider kmem.limit_in_bytes deprecation
  (bsc#1208788 bsc#1213705).
- commit 2d13fe0

- memcg: drop kmem.limit_in_bytes (bsc#1208788)
  This brings a breaking commit for easier backport, it'll be fixed
  differently in a following commit.
- commit f87e772

- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 154e29d

- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
- commit 86ad453

- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
- commit 5c6ec60

- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- commit aaff955

- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
- commit c05cfc9

- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e

- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 5490bdd

- tracing: Fix race issue between cpu buffer write and swap
- commit cd23ed9

- blacklist.conf: Add a not-needed ftrace cleanup
- commit 8f29597

- tracing: Fix memleak due to race between current_tracer and
  trace (git-fixes).
- commit 39d6a56

- tracing: Fix cpu buffers unavailable due to 'record_disabled'
  missed (git-fixes).
- commit 6f0b300
- security update
- added patches
  fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
  + nghttp2-CVE-2023-44487.patch
- update to NSS 3.90.1
  * bmo#1813401 - regenerate NameConstraints test certificates.
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.

- Add nss-fix-bmo1813401.patch to fix bsc#1214980
- Add new idmap_nss option 'use_upn' for those NSS modules able to
  handle UPNs or DOMAIN/user name format; (bsc#1215369);
- Avoid unnecessary locking in idmap parent setup; (bsc#1215369);
- Do not try to set domain online in the idmap child;
  (bsc#1215369); (bso#15317).
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
  PAX archives can lead to a crash, bsc#1217969
  * fix-CVE-2023-39804.patch
- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch
- Updated to version 9.0 with patch level 2103, fixes the following security problems
  * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
  * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
  * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
  * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
- Added openssh-cve-2023-48795.patch (bsc#1217950, CVE-2023-48795).
  This mitigates a prefix truncation attack that could be used to
  undermine channel security.
- Add patch bsc1218014-cve-2023-50495.patch
  * Fix CVE-2023-50495: segmentation fault via _nc_wrap_entry()
- Update to version 2.0.1 (bsc#1217537)
  + Replacing certs
    expiring in 8 years and new length of 4096
    These certs will replace the current certs that
    expire soon
- Update to version 12.13: added blacklist entries in modprobe.conf
  * blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
  * blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
  * blacklist isst_if_mbox_msr (bsc#1187196)
- Add 0207-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
  Inconsistencies in /etc/exports shouldn't be fatal.
- Require kmod-compat rather than kmod. It's kmod-compat that has the tools
  used by the kernel and scripts (bsc#1215533).
- Add patch bsc1216825.patch
  Avoid SIGSEGV in case of sending SIGTERM to a top command
  running in batch mode (bsc#1216825)
- Security update:
  * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
    in tree.c
  - Added file libxml2-CVE-2023-45322.patch
- fix rsyslog crash in imrelp (bsc#1210286)
  * add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch
- Touch /run/reboot-needed if a patch suggesting a reboot was
  installed (bsc#1217948)
  It is expected that /run is cleaned at boot time, so the presence
  of the file is one way to indicate that the system needs a reboot.
  The recommended way for scripts to test whether a system reboot
  is suggested will be calling `zypper needs-rebooting`.
- version 16.22.11 (0)

- Ignore if the media to unmount is no longer mounted
- Close all media after having preloaded the cache.
  Mitigates the change that during package installation e.g. a
  nfs.service restart forcefully unmounts the media we access
- version 16.22.10 (0)

- repo: Don't download unneeded sqlite metadata (fixes #476)
- version 16.22.9 (0)
- autofs-5.1.8-dont-use-initgroups-at-spawn.patch
  Don't use initgroups at spawn (bsc#1214710)
- Switch to the new SUSEConnect-ng (bsc#1212799), includes
  additional fixes:
  - SSL reload fix (bsc#1195220)
  - Detection of base products coming from SCC
    (bsc#1194989, bsc#1217317)
- 3.3.2
- Update to version 10.1.5 (bsc#1217583)
  + Fix fallback path when IPv6 network path is not usable
  + Enable an IPv6 fallback path in IMDS access if it cannot be accessed
    over IPv4
  + Enable IMDS access over IPv6

- Update to version 10.1.4 (bsc#1217451)
  + Fetch cert for new update server during failover
- Changes in version 3.0.12
  + Optimize lsof usage (bsc#1183663)
  + Collects ntp or chrony as needed (bsc#1196293)

- Added email.txt based on OPTION_EMAIL

- Added run time detection (bsc#1213127)
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
  [bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]

- pam_unix: Add no_pass_expiry option to ignore password expiration
  [bsc#1215594 pam-unix-add-no_pass_expiry-option.patch]
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
- add separate source openslp.logrotate.systemd to use systemctl
  reload for logrotate configuration [bnc#1206153]
  new file: openslp.logrotate.systemd
- Fixed the failure to detect SSL handshake timeout
  [bsc#1217717, wget-add-support-for-timeout-with-ssl.patch,
- Use --overwrite option (bsc#1216685, ca-certificates-overwrite.diff)
- Add CVE-2023-5752-r-param-hg.patch to fix bsc#1217353
  (CVE-2023-5752) avoiding injection of arbitrary configuration
  through Mercurial parameter.
- Import commit cdbaab11e02eb29810963d9248677cf5ce84dc7f
  bf57bec240 man: document that PAMName= and NotifyAccess=all don't mix well.
  823ec43d38 man: add brief documentation for the (sd-pam) processes created due to PAMName= (#4967)
  256f8e70d2 service: accept the fact that the three xyz_good() functions return ints
  2a62219d4d service: drop _pure_ decorator on static function
  14e71b9180 service: a cgroup empty notification isn't reason enough to go down (bsc#1212207)
  943f812b3d service: add explanatory comments to control_pid_good() and cgroup_good()
  87a54d3060 service: fix main_pid_good() comment

- Import commit 17837e912c887402ff309215056d441b2881f9b6
  27e9161566 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
  557ac78b1c utmp-wtmp: fix error in case isatty() fails
  3e0bde3ade sd-netlink: handle EINTR from poll() gracefully, as success
  61d939f79a stdio-bridge: don't be bothered with EINTR
  367ee82375 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
  acca59ec26 libsystemd: ignore both EINTR and EAGAIN
  0ae5743060 errno-util: introduce ERRNO_IS_TRANSIENT()

- Import commit f4af8cbfb8ddc2baddfd992ebff0fb4858e4f651
  02dde27b0e man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab (bsc#1211725)
  9f0a3ab847 units/initrd-parse-etc.service: Conflict with emergency.target
  98035f2aa8 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
  0a8225faea core/mount: Don't unmount initramfs mounts
  9eaf1537b4 man: describe that changing Storage= does not move existing data
- Fix: libssh: Implement SFTP packet size limit (bsc#1216987)
  * Add curl-libssh_Implement_SFTP_packet_size_limit.patch

- Security fixes:
  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
  * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
  * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch
- Add avahi-CVE-2023-38473.patch: derive alternative host name from
  its unescaped version (bsc#1216419 CVE-2023-38473).
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
  overflow in zipOpenNewFileInZip4_6, bsc#1216378
  * CVE-2023-45853.patch
- Fix update-alternative in %postun, bsc#1218765
- Sync version 3.44.0 from Factory
  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
  * Obsoletes sqlite-CVE-2022-46908.patch
  * Obsoletes sqlite-src-3390000-func7-pg-181.patch
- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch