SUSEConnect
- Update to 0.3.32
- Allow --regcode and --instance-data attributes at the same time (jsc#PCT-164)
- Document that 'debug' can also get set in the config file
- --status will also print the subscription name
at
- Increase TasksMax limit from 512 (systemd default) to 4915,
  fix bsc#1058557
azure-cli
- Update in SLE-12 (bsc#1187880, bsc#1188178)
- Add patch to work around compatibility issue with Python 3.4
  + ac_dont-unpack-dict.patch
- Add missing python3-azure-mgmt-resource dependency to Requires
- New upstream release
  + Version 2.16.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
  + Version 2.15.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
- New upstream release
- Remove unsupported component package from Requires
  + azure-cli-taskhelp
azure-cli-core
- Update in SLE-12 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 2.16.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Refresh patches for new version
  + acc_disable-update-check.patch
- Update Requires from setup.py
  + Temporarily use a vendored copy of azure-mgmt-resource
- New upstream release
  + Version 2.15.0
  + For detailed information about changes see the
    HISTORY.rst file provided with this package
- Update Requires from setup.py
bind
- Fixed CVE-2021-25219:
  The lame-ttl option controls how long named caches certain types
  of broken responses from authoritative servers (see the security
  advisory for details). This caching mechanism could be abused by
  an attacker to significantly degrade resolver performance. The
  vulnerability has been mitigated by changing the default value of
  lame-ttl to 0 and overriding any explicitly set value with 0,
  effectively disabling this mechanism altogether. ISC's testing has
  determined that doing that has a negligible impact on resolver
  performance while also preventing abuse.
  Administrators may observe more traffic towards servers issuing
  certain types of broken responses than in previous BIND 9 releases.
  [bsc#1192146, CVE-2021-25219, bind-CVE-2021-25219.patch]
binutils
- Add binutils-revert-hlasm-insns.diff for compatibility on old
  code stream that expect 'brcl 0,label' to not be disassembled
  as 'jgnop label' on s390x.  [bsc#1192267]
- Rebase binutils-2.37-branch.diff: fixes PR28523 aka boo#1188941.
- Fix empty man-pages from broken release tarball [PR28144].
- Update binutils-skip-rpaths.patch with contained a memory corruption
  (boo#1191473).
- Configure with --disable-x86-used-note on old code streams.
- Disable libalternatives temporarily for build cycle reasons.
- make TARGET-bfd=headers again, we patch bfd-in.h
- This state submitted to SLE12 and SLE15 code streams for annual
  toolchain update. [jsc#PM-2767, jsc#SLE-21561, jsc#SLE-19618]
- Bump binutils-2.37-branch.diff to 66d5c7003, to include fixes for
  PR28422, PR28192, PR28391.  Also adds some s390x arch14
  instructions [jsc#SLE-18637].
- Using libalternatives instead of update-alternatives.
- Adjust for testsuite fails on older products that configure
  binutils in different ways, adds  binutils-compat-old-behaviour.diff
  and adjusts binutils-revert-nm-symversion.diff and
  binutils-revert-plt32-in-branches.diff.
- Bump binutils-2.37-branch.diff: fixes PR28138.
- Use LTO & PGO build.
- Update to binutils 2.37:
  * The GNU Binutils sources now requires a C99 compiler and library to
    build.
  * Support for the arm-symbianelf format has been removed.
  * Support for Realm Management Extension (RME) for AArch64 has been
    added.
  * A new linker option '-z report-relative-reloc' for x86 ELF targets
    has been added to report dynamic relative relocations.
  * A new linker option '-z start-stop-gc' has been added to disable
    special treatment of __start_*/__stop_* references when
  - -gc-sections.
  * A new linker options '-Bno-symbolic' has been added which will
    cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
  * The readelf tool has a new command line option which can be used to
    specify how the numeric values of symbols are reported.
  - -sym-base=0|8|10|16 tells readelf to display the values in base 8,
    base 10 or base 16.  A sym base of 0 represents the default action
    of displaying values under 10000 in base 10 and values above that in
    base 16.
  * A new format has been added to the nm program.  Specifying
    '--format=just-symbols' (or just using -j) will tell the program to
    only display symbol names and nothing else.
  * A new command line option '--keep-section-symbols' has been added to
    objcopy and strip.  This stops the removal of unused section symbols
    when the file is copied.  Removing these symbols saves space, but
    sometimes they are needed by other tools.
  * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
    supported by objcopy now make undefined symbols weak on targets that
    support weak symbols.
  * Readelf and objdump can now display and use the contents of .debug_sup
    sections.
  * Readelf and objdump will now follow links to separate debug info
    files by default.  This behaviour can be stopped via the use of the
    new '-wN' or '--debug-dump=no-follow-links' options for readelf and
    the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
    the old behaviour can be restored by the use of the
    '--enable-follow-debug-links=no' configure time option.
    The semantics of the =follow-links option have also been slightly
    changed.  When enabled, the option allows for the loading of symbol
    tables and string tables from the separate files which can be used
    to enhance the information displayed when dumping other sections,
    but it does not automatically imply that information from the
    separate files should be displayed.
    If other debug section display options are also enabled (eg
    '--debug-dump=info') then the contents of matching sections in both
    the main file and the separate debuginfo file *will* be displayed.
    This is because in most cases the debug section will only be present
    in one of the files.
    If however non-debug section display options are enabled (eg
    '--sections') then the contents of matching parts of the separate
    debuginfo file will *not* be displayed.  This is because in most
    cases the user probably only wanted to load the symbol information
    from the separate debuginfo file.  In order to change this behaviour
    a new command line option --process-links can be used.  This will
    allow di0pslay options to applied to both the main file and any
    separate debuginfo files.
  * Nm has a new command line option: '--quiet'.  This suppresses "/no
    symbols"/ diagnostic.
- Includes fixes for these CVEs:
  bnc#1181452 aka CVE-2021-20197 aka PR26945
  bnc#1183511 aka CVE-2021-20284 aka PR26931
  bnc#1184519 aka CVE-2021-20294 aka PR26929
  bnc#1184620 aka CVE-2021-3487 aka PR26946
  bnc#1184794 aka CVE-2020-35448 aka PR26574
- Also fixes:
  bsc#1183909 - slow performance of stripping some binaries
- Rebased patches: binutils-build-as-needed.diff, binutils-fix-abierrormsg.diff,
  binutils-fix-invalid-op-errata.diff, binutils-fix-relax.diff,
  binutils-revert-nm-symversion.diff, binutils-revert-plt32-in-branches.diff
- Removed patches (are in upstream): ppc-ensure-undef-dynamic-weak-undefined.patch and
  ppc-use-local-plt.patch.
- Add binutils-2.37-branch.diff.gz.
- ppc-ensure-undef-dynamic-weak-undefined.patch: PPC: ensure_undef_dynamic
  on weak undef only in plt
- ppc-use-local-plt.patch: PowerPC use_local_plt (prerequisite for above
  patch)
- Update 2.36 branch diff which fixes PR27587.
- Do not run make TARGET-bfd=headers separately.
- Bump 2.36 branch diff (includes fix for PR27441 aka bsc#1182252).
- Bump 2.36 branch diff.
- Update 2.36 branch diff which should fix PR27311 completely.
  It fixes also PR27284.
- Remove temporary fix 0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Add temporary upstream fix for PR27311
  0001-PR27311-ld.bfd-symbol-from-plugin-undefined-referenc.patch.
- Update to binutils 2.36:
  New features in the Assembler:
    General:
  * When setting the link order attribute of ELF sections, it is now
    possible to use a numeric section index instead of symbol name.
  * Added a .nop directive to generate a single no-op instruction in
    a target neutral manner.  This instruction does have an effect on
    DWARF line number generation, if that is active.
  * Removed --reduce-memory-overheads and --hash-size as gas now
    uses hash tables that can be expand and shrink automatically.
    X86/x86_64:
  * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
    Locker instructions.
  * Support non-absolute segment values for lcall and ljmp.
  * Add {disp16} pseudo prefix to x86 assembler.
  * Configure with --enable-x86-used-note by default for Linux/x86.
    ARM/AArch64:
  * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
    Cortex-R82, Neoverse V1, and Neoverse N2 cores.
  * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
    Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
    Stack Recorder Extension) and BRBE (Branch Record Buffer
    Extension) system registers.
  * Add support for Armv8-R and Armv8.7-A ISA extensions.
  * Add support for DSB memory nXS barrier, WFET and WFIT
    instruction for Armv8.7.
  * Add support for +csre feature for -march. Add CSR PDEC
    instruction for CSRE feature in AArch64.
  * Add support for +flagm feature for -march in Armv8.4 AArch64.
  * Add support for +ls64 feature for -march in Armv8.7
    AArch64. Add atomic 64-byte load/store instructions for this
    feature.
  * Add support for +pauth (Pointer Authentication) feature for
  - march in AArch64.
    New features in the Linker:
  * Add --error-handling-script=<NAME> command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new
    command-line option --ctf-share-types describes how to do this:
    its default value, share-unconflicted, produces the most compact
    output.
  * The linker now omits the "/variable section"/ from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.
  New features in other binary tools:
  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=<style>,
  - -no-demangle, --recurse-limit and --no-recurse-limit options
    are also now availale.
- Includes fixes for these CVEs:
  bnc#1179898 aka CVE-2020-16590 aka PR25821
  bnc#1179899 aka CVE-2020-16591 aka PR25822
  bnc#1179900 aka CVE-2020-16592 aka PR25823
  bnc#1179901 aka CVE-2020-16593 aka PR25827
  bnc#1179902 aka CVE-2020-16598 aka PR25840
  bnc#1179903 aka CVE-2020-16599 aka PR25842
  bnc#1180451 aka CVE-2020-35493 aka PR25307
  bnc#1180454 aka CVE-2020-35496 aka PR25308
  bnc#1180461 aka CVE-2020-35507 aka PR25308
- Rebase the following patches:
  * binutils-fix-relax.diff
  * binutils-revert-nm-symversion.diff
  * binutils-revert-plt32-in-branches.diff
- Add missing dependency on bc (ld.gold testsuite uses it).
- Use --enable-obsolete for cross builds as ia64 is deprecated now.
- Add binutils-2.36-branch.diff.gz.
- Add binutils-fix-relax.diff to fix linking relaxation problems
  with old object files hitting some enterprise software. [bsc#1179341]
- Update binutils-2.35-branch.diff.gz to commit 1c5243df:
  * Fixes PR26520, aka [bsc#1179036], a problem in addr2line with
    certain DWARF variable descriptions.
  * Also fixes PR26711, PR26656, PR26655, PR26929, PR26808, PR25878,
    PR26740, PR26778, PR26763, PR26685, PR26699, PR26902, PR26869,
    PR26711
  * The above includes fixes for dwo files produced by modern dwp,
    fixing several problems in the DWARF reader.
- Reapply spec file cleanup from format_spec_file
- Remove a SLE10 version check
- Update to 2.35.1 and rebased branch diff:
  * This is a point release over the previous 2.35 version, containing bug
  fixes, and as an exception to the usual rule, one new feature.  The
  new feature is the support for a new directive in the assembler:
  "/.nop"/.  This directive creates a single no-op instruction in whatever
  encoding is correct for the target architecture.  Unlike the .space or
  .fill this is a real instruction, and it does affect the generation of
  DWARF line number tables, should they be enabled.
- Update binutils-2.35-branch.diff.gz to commit 23f268a0:
  * Add xBPF target
  * Fix various problems with DWARF 5 support in gas
- Toolchain module update for SLE15 [jsc#ECO-2373]
- Includes changes that were SLE-only in binutils-add-z15-name.diff
  for [bsc#1160590, jsc#SLE-7903 aka jsc#SLE-7464]
- Amend binutils-revert-plt32-in-branches.diff to adjust also new
  testcases.
- Add binutils-2.35-branch.diff.gz: it includes fix for
  nm -B for objects compiled with -flto and -fcommon.
- Add binutils-revert-nm-symversion.diff to be compatible with old
  output of nm relied on in scripts.
- Add binutils-fix-abierrormsg.diff to work around an eager (new)
  error message occuring without inputs and as-needed (affects
  nvme-cli build).
- Update to binutils 2.35:
  * The asseembler can now produce DWARF-5 format line number tables.
  * Readelf now has a "/lint"/ mode to enable extra checks of the files it is processing.
  * Readelf will now display "/[...]"/ when it has to truncate a symbol name.
    The old behaviour - of displaying as many characters as possible, up to
    the 80 column limit - can be restored by the use of the --silent-truncation
    option.
  * The linker can now produce a dependency file listing the inputs that it
    has processed, much like the -M -MP option supported by the compiler.
- Regenerate add-ulp-section.diff with -p1 due to a fuzzing issue.
- Remove binutils-2.34-branch.diff.gz.
- Regenerate binutils-build-as-needed.diff due to a fuzzing issue.
- Regenerate binutils-fix-invalid-op-errata.diff as one hunk was upstreamed.
- Remove upstreamed patch binutils-pr25593.diff.
- Regenerate unit-at-a-time.patch due to a fuzzing issue.
- Regenerate binutils-revert-plt32-in-branches.diff.
- Update binutils-2.34-branch.diff.gz.
- Remove fix-try_load_plugin.patch as it is part
  of the updated binutils-2.34-branch.diff.gz patch.
- Add binutils-pr25593.diff to fix DT_NEEDED order with -flto
  [bsc#1163744]
- Update fix-try_load_plugin.patch to latest version.
- Add fix-try_load_plugin.patch in order to fix fallback caused
  by backport for PR25355.
- Update to binutils 2.34:
  * The disassembler (objdump --disassemble) now has an option to
    generate ascii art thats show the arcs between that start and end
    points of control flow instructions.
  * The binutils tools now have support for debuginfod.  Debuginfod is a
    HTTP service for distributing ELF/DWARF debugging information as
    well as source code.  The tools can now connect to debuginfod
    servers in order to download debug information about the files that
    they are processing.
  * The assembler and linker now support the generation of ELF format
    files for the Z80 architecture.
- Rename and get binutils-2.34-branch.diff.gz (boo#1160254).
- Rebase add-ulp-section.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch and binutils-skip-rpaths.patch.
- Add new subpackages for libctf and libctf-nobfd.
- Disable LTO due to boo#1163333.
- Includes fixes for these CVEs:
  bnc#1153768 aka CVE-2019-17451 aka PR25070
  bnc#1153770 aka CVE-2019-17450 aka PR25078
- Disable LTO during testsuite run
- Add binutils-fix-invalid-op-errata.diff to fix various
  build fails on aarch64 (PR25210, bsc#1157755).
- Add add-ulp-section.diff for user space live patching.
- Update to binutils 2.33.1:
  * Adds support for the Arm Scalable Vector Extension version 2
    (SVE2) instructions, the Arm Transactional Memory Extension (TME)
    instructions and the Armv8.1-M Mainline and M-profile Vector
    Extension (MVE) instructions.
  * Adds support for the Arm Cortex-A76AE, Cortex-A77 and Cortex-M35P
    processors and the AArch64 Cortex-A34, Cortex-A65, Cortex-A65AE,
    Cortex-A76AE, and Cortex-A77 processors.
  * Adds a .float16 directive for both Arm and AArch64 to allow
    encoding of 16-bit floating point literals.
  * For MIPS, Add -m[no-]fix-loongson3-llsc option to fix (or not)
    Loongson3 LLSC Errata.  Add a --enable-mips-fix-loongson3-llsc=[yes|no]
    configure time option to set the default behavior. Set the default
    if the configure option is not used to "/no"/.
  * The Cortex-A53 Erratum 843419 workaround now supports a choice of
    which workaround to use.  The option --fix-cortex-a53-843419 now
    takes an optional argument --fix-cortex-a53-843419[=full|adr|adrp]
    which can be used to force a particular workaround to be used.
    See --help for AArch64 for more details.
  * Add support for GNU_PROPERTY_AARCH64_FEATURE_1_BTI and
    GNU_PROPERTY_AARCH64_FEATURE_1_PAC  in ELF GNU program properties
    in the AArch64 ELF linker.
  * Add -z force-bti for AArch64 to enable GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on output while warning about missing GNU_PROPERTY_AARCH64_FEATURE_1_BTI
    on inputs and use PLTs protected with BTI.
  * Add -z pac-plt for AArch64 to pick PAC enabled PLTs.
  * Add --source-comment[=<txt>] option to objdump which if present,
    provides a prefix to source code lines displayed in a disassembly.
  * Add --set-section-alignment <section-name>=<power-of-2-align>
    option to objcopy to allow the changing of section alignments.
  * Add --verilog-data-width option to objcopy for verilog targets to
    control width of data elements in verilog hex format.
  * The separate debug info file options of readelf (--debug-dump=links
    and --debug-dump=follow) and objdump (--dwarf=links and
  - -dwarf=follow-links) will now display and/or follow multiple
    links if more than one are present in a file.  (This usually
    happens when gcc's -gsplit-dwarf option is used).
    In addition objdump's --dwarf=follow-links now also affects its
    other display options, so that for example, when combined with
  - -syms it will cause the symbol tables in any linked debug info
    files to also be displayed.  In addition when combined with
  - -disassemble the --dwarf= follow-links option will ensure that
    any symbol tables in the linked files are read and used when
    disassembling code in the main file.
  * Add support for dumping types encoded in the Compact Type Format
    to objdump and readelf.
- Includes fixes for these CVEs:
  bnc#1126826 aka CVE-2019-9077 aka PR1126826
  bnc#1126829 aka CVE-2019-9075 aka PR1126829
  bnc#1126831 aka CVE-2019-9074 aka PR24235
  bnc#1140126 aka CVE-2019-12972 aka PR23405
  bnc#1143609 aka CVE-2019-14444 aka PR24829
  bnc#1142649 aka CVE-2019-14250 aka PR90924
- Remove patches that are now included in the release:
  binutils-2.32-branch.diff.gz, binutils-fix-ld-segv.diff,
  binutils-pr24486.patch, riscv-abi-check.patch,
  rx-gas-padding-pr24464.patch.
- Add binutils-2.33-branch.diff.gz patch.
- Rebase binutils-revert-plt32-in-branches.diff and
  cross-avr-size.patch patch.
bzip2
- Implement %check, bsc#1191648
ca-certificates-mozilla
- remove the DST_Root_CA_X3.pem trust, as it expires september 30th 2021.
  (bsc#1190858)
cloud-netconfig
- Update to version 1.6:
  + Ignore proxy when accessing metadata (bsc#1187939)
  + Print warning in case metadata is not accessible
  + Documentation update
cloud-regionsrv-client
- Update to version 9.3.0 (jsc#PCT-130)
  + Support AHB-v3
  + Support registration of BYOS instances against the update infrastructure
  + Properly extract the region for local zones in AWS to ensure instances
    get connected to the proper update servers
  + Azure addon service and executable rename
  + Support non SLE repos
  + Fix handling of regionservers configured with DNS names
- Avoid race confition with ca-certificates (bsc#1189362)
  + Make the service run after ca-sertificates is done
  + Attempt multiple times to update the trust chain
- New package to enable/disable access due to AHB
  This references bsc#1182026, (jsc#SLE-21246, jsc#SLE-21247, jsc#SLE-21248, jsc#SLE-21249, jsc#SLE-21250)
containerd
- Update to containerd v1.4.11, to fix CVE-2021-41103. bsc#1191355
- Switch to Go 1.16.x compiler, in line with upstream.
- Update to containerd v1.4.8, to fix CVE-2021-32760. bsc#1188282
- Remove upstreamed patches:
  - bsc1188282-use-chmod-path-for-checking-symlink.patch
[ This patch was only released in SLES and Leap. ]
- Add patch for GHSA-c72p-9xmj-rx3w. CVE-2021-32760 bsc#1188282
- Build with go1.15 for reproducible build results (boo#1102408)
cracklib
- %check: really test the package [bsc#1191736]
crash
- Fix module loading (bsc#1190743 ltc#194414).
  + crash-mod-fix-module-object-file-lookup.patch
curl
- libssh: do not let libssh create socket [bsc#1192790]
  * Fixes sftp over a proxy failure in curl with error:
    Failure establishing ssh session
  * Add curl-libssh-socket.patch
- MIME: Properly check Content-Type even if it has parameters
  * Add curl-check-content-type.patch [bsc#1190153]
- Security fix: [bsc#1190374, CVE-2021-22947]
  * STARTTLS protocol injection via MITM
  * Add curl-CVE-2021-22947.patch
- Security fix: [bsc#1190373, CVE-2021-22946]
  * Protocol downgrade required TLS bypassed
  * Add curl-CVE-2021-22946.patch
cyrus-sasl-saslauthd
- bsc#1159635 VUL-0: CVE-2019-19906: cyrus-sasl: cyrus-sasl
  has an out-of-bounds write leading to unauthenticated remote
  denial-of-service in OpenLDAP via a malformed LDAP packet
  o apply upstream patch
- 0001-Fix-587.patch
- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518)
  * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch
- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518)
  * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch
  * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch
  * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch
docker
- Update to Docker 20.10.9-ce. See upstream changelog in the packaged
  /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1191355
  CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Switch to Go 1.16.x compiler, in line with upstream.
- Add patch to return ENOSYS for clone3 to avoid breaking glibc again.
  bsc#1190670
  + 0006-bsc1190670-seccomp-add-support-for-clone3-syscall-in.patch
- Add shell requires for the *-completion subpackages.
dracut
- fix ordering cycle that caused boot hang (bsc#1189545)
  * add 0632-dracut-systemd-add-back-missing-dependencies.patch
- Emergency shell fixes (bsc#1188376, bsc#1188378)
  * add 0630-emergency.service-use-Type-idle.patch
  * add 0631-dracut-systemd-fixed-dependencies.patch
- fix usage information for -f parameter (bsc#1187470)
  * add 0628-fix-suse-initrd-inform-on-usage-of-obsolete-f-parame.patch
- fix obsolete reference to 96insmodpost in manpage (bsc#1187774)
  * add 0629-docs-fix-reference-to-insmodpost-module.patch
gettext-runtime
- Added msgfmt-double-free.patch to fix a double free error
  (CVE-2018-18751 bsc#1113719)
glibc
- mq-notify-use-after-free.patch: Use __pthread_attr_copy in mq_notify
  (CVE-2021-33574, bsc#1186489, BZ #27896)
gmp
- Add gmp-6.2.1-CVE-2021-43618.patch to fix buffer overflow on
  malformed input to mpz_inp_raw.  [bsc#1192717, CVE-2021-43618]
grub2
- From Stefan Seyfried <seife@novell.slipkontur.de> : Fix grub2-install fails
  with "/not a directory"/ error (boo#1161641, bsc#1162403)
  * grub2-install-fix-not-a-directory-error.patch
- Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
- Patch refreshed
  * grub2-fix-error-terminal-gfxterm-isn-t-found.patch
- Fix boot failure as journaled data not get drained due to abrupt power
  off after grub-install (bsc#1167756)
- Fix boot failure after kdump due to the content of grub.cfg is not
  completed with pending modificaton in xfs journal (bsc#1186975)
  * grub-install-force-journal-draining-to-ensure-data-i.patch
iproute2
- add follow-up fixes up to upstream 5.14 (bsc#1085669):
  tc-actions-add-helpers-to-parse-and-print-control-ac.patch
  tc-gact-fix-control-action-parsing.patch
  tc-don-t-print-error-message-on-miss-when-parsing-ac.patch
  tc-m_gact-Drop-dead-code.patch
  tc-util-Don-t-call-NEXT_ARG_FWD-in-__parse_action_co.patch
  ss-remove-duplicate-assignment.patch
  tc-fix-parsing-of-the-control-action.patch
  testsuite-Generate-generate_nlmsg-when-needed.patch
  tipc-Drop-unused-variable-genl.patch
  testsuite-declare-dependency-between-TESTS-and-gener.patch
  lib-libnetlink-ensure-a-minimum-of-32KB-for-the-buff.patch
  ip-address-Use-correct-max-attribute-value-in-print_.patch
  tc-pedit-Fix-wrong-pedit-ipv6-structure-id.patch
  devlink-Fix-monitor-command.patch
  m_mirred-don-t-bail-if-the-control-action-is-missing.patch
  tc-simple-don-t-hardcode-the-control-action.patch
  ip-reset-netns-after-each-command-in-batch-mode.patch
  ip-monitor-display-interfaces-from-all-groups.patch
  ip-address-do-not-set-nodad-option-for-IPv4-addresse.patch
  ip-address-do-not-set-home-option-for-IPv4-addresses.patch
  ip-address-do-not-set-mngtmpaddr-option-for-IPv4-add.patch
  man-tc-netem.8-fix-URL-for-netem-page.patch
  tc-netem-fix-r-parameter-in-Bernoulli-loss-model.patch
  json-fix-backslash-escape-typo-in-jsonw_puts.patch
  rdma-Check-comm-string-before-print-in-print_comm.patch
  testsuite-Fix-line-count-test.patch
  bridge-Fix-typo-in-error-messages.patch
  ip-fix-link-type-and-vlan-oneline-output.patch
  xfrm-not-try-to-delete-ipcomp-states-when-using-dele.patch
  xfrm-also-check-for-ipv6-state-in-xfrm_state_keep.patch
  bridge-Fix-typo.patch
  bpf-Fixes-a-snprintf-truncation-warning.patch
  ip-link-Fix-indenting-in-help-text.patch
  ip-iplink_ipoib.c-Remove-extra-spaces.patch
  bridge-fix-string-length-warning.patch
  f_u32-fix-compiler-gcc-10-compiler-warning.patch
  lib-namespace-fix-ip-all-netns-return-code.patch
  ip-xfrm-limit-the-length-of-the-security-context-nam.patch
  ip-drop-2-char-command-assumption.patch
  devlink-always-check-strslashrsplit-return-value.patch
  lib-bpf_legacy-fix-missing-socket-close-when-connect.patch
  lib-bpf_legacy-avoid-to-pass-invalid-argument-to-clo.patch
  ipmonitor-Fix-recvmsg-with-ancillary-data.patch
  tc-u32-Fix-key-folding-in-sample-option.patch
  ss-fix-fallback-to-procfs-for-raw-sockets.patch
  iptuntap-fix-multi-queue-flag-display.patch
- add support for IP6_TNL_F_ALLOW_LOCAL_REMOTE flag (bsc#1166978):
  ip-link_ip6tnl.c-ip6tunnel.c-Support-IP6_TNL_F_ALLOW.patch
  ip-link_gre6.c-Support-IP6_TNL_F_ALLOW_LOCAL_REMOTE-.patch
- update sync-UAPI-header-copies-with-SLE15-SP1.patch and
  rename to sync-UAPI-header-copies-with-SLE12-SP5.patch
- refresh
  gre-ip6tnl-tunnel-Fix-noencap-support.patch
- fix use after free in "/ip netns"/ (CVE-2019-20795 bsc#1171452):
  ipnetns-use-after-free-problem-in-get_netnsid_from_n.patch
kdump
- kdump-add-watchdog-modules.patch
  Add watchdog modules to kdump initrd (bsc#1189923)
- kdump-do-not-iterate-past-end-of-string.patch:
  URLParser::extractAuthority(): Do not iterate past end of string
  (bsc#1186037).
- kdump-fix-incorrect-exit-code-checking.patch: Fix incorrect exit
  code checking after "/local"/ with assignment (bsc#1184616
  LTC#192282).
- kdump-Add-bootdev-to-dracut-command-line.patch: Add 'bootdev=' to
  dracut command line (bsc#1182309).
- kdump-avoid-endless-loop-EAI_AGAIN.patch: Avoid an endless loop
  when resolving a hostname fails with EAI_AGAIN (bsc#1183070).
- kdump-install-etc-resolv.conf-using-resolved-path.patch: Install
  /etc/resolv.conf using its resolved path (bsc#1183070).
- kdump-query-systemd-network.service.patch: Query systemd
  network.service to find out if wicked is used (bsc#1182309).
- kdump-check-explicit-ip-options.patch: Do not add network-related
  dracut options if ip= is set explicitly (bsc#1182309 bsc#1188090
  LTC#193461).
- kdump-ensure-initrd.target.wants-directory.patch: Make sure that
  initrd.target.wants directory exists (bsc#1172670).
- kdump-activate-udev-rules-late-during-boot.patch: kdump: activate
  udev rules late during boot (bsc#1154837).
- kdump-make-sure-that-the-udev-runtime-directory-exists.patch:
  Make sure that the udev runtime directory exists (bsc#1164713).
kernel-azure
- mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
- commit 45f2c8a
- blacklist.conf: Add 8520e224f547 bpf, cgroups: Fix cgroup v2 fallback on v1/v2 mixed mode
- commit 9c51e14
- Refresh patches.suse/hisax-fix-spectre-issues.patch.
- commit 8ad1382
- btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
- commit 44e9fe3
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1192045
  CVE-2021-0941).
- commit b304255
- osst: fix spectre issue in osst_verify_frame (bsc#1192802).
- mpt3sas: fix spectre issues (bsc#1192802).
- infiniband: fix spectre issue in ib_uverbs_write (bsc#1192802).
- hysdn: fix spectre issue in hycapi_send_message (bsc#1192802).
- hisax: fix spectre issues (bsc#1192802).
- gigaset: fix spectre issue in do_data_b3_req (bsc#1192802).
- iwlwifi: fix spectre issue in iwl_dbgfs_update_pm (bsc#1192802).
- drm: fix spectre issue in vmw_execbuf_ioctl (bsc#1192802).
- media: wl128x: get rid of a potential spectre issue
  (bsc#1192802).
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
  (bsc#1192802).
- sysvipc/sem: mitigate semnum index against spectre v1
  (bsc#1192802).
- media: dvb_ca_en50221: prevent using slot_info for Spectre
  attacs (bsc#1192802).
- media: dvb_ca_en50221: sanity check slot number from userspace
  (bsc#1192802).
- commit f2e7f94
- dm ioctl: fix out of bounds array access when no devices
  (CVE-2021-31916 bsc#1192781).
- commit 0ab7d09
- arm64: pgtable: make __pte_to_phys/__phys_to_pte_val inline
  functions (git-fixes).
- soc: fsl: dpio: replace smp_processor_id with
  raw_smp_processor_id (git-fixes).
- arm64/sve: Use correct size when reinitialising SVE state
  (git-fixes).
- drivers: base: cacheinfo: Get rid of
  DEFINE_SMP_CALL_CACHE_FUNCTION() (git-fixes).
- prctl: allow to setup brk for et_dyn executables (git-fixes).
- tty: serial: fsl_lpuart: fix the wrong mapbase value
  (git-fixes).
- i2c: synquacer: fix deferred probing (git-fixes).
- commit 44f5032
- blacklist.conf: printk/workqueue: very hard to hit; works well with lockless
  ringuffer; but it might cause wrong timestamps or even lost messages
  on 4.12 where per-CPU buffers are used (bsc#1192750)
- commit d3cf891
- printk/console: Allow to disable console output by using
  console="/"/ or console=null (bsc#1192753).
- commit a452598
- printk: handle blank console arguments passed in (bsc#1192753).
- commit f2aeedd
- ipv4: make exception cache less predictible (bsc#1191790,
  CVE-2021-20322).
- ipv4: use siphash instead of Jenkins in fnhe_hashfun()
  (bsc#1191790, CVE-2021-20322).
- commit 74af5bd
- fuse: fix page stealing (bsc#1192718).
- commit 75eca87
- Revert "/x86/kvm: fix vcpu-id indexed array sizes"/ (git-fixes).
- commit 849d93e
- Delete patches.kabi/kabi-fix-after-kvm-vcpu-id-array-fix.patch, as the
  patch requiring it is being reverted.
- commit c94cf8b
- x86/xen: Mark cpu_bringup_and_idle() as dead_end_function
  (git-fixes).
- commit f5f547a
- xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
- commit 57bd93f
- xen: Fix implicit type conversion (git-fixes).
- commit d1f7b51
- scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer
  (git-fixes).
- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn()
  (git-fixes).
- scsi: core: Fix spelling in a source code comment (git-fixes).
- scsi: dc395: Fix error case unwinding (git-fixes).
- scsi: qla2xxx: Fix a memory leak in an error path of
  qla2x00_process_els() (git-fixes).
- scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
- scsi: qedf: Fix error codes in qedf_alloc_global_queues()
  (git-fixes).
- scsi: qedi: Fix error codes in qedi_alloc_global_queues()
  (git-fixes).
- scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
- scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
  (git-fixes).
- scsi: be2iscsi: Fix an error handling path in
  beiscsi_dev_probe() (git-fixes).
- scsi: mpt3sas: Fix error return value in _scsih_expander_add()
  (git-fixes).
- scsi: FlashPoint: Rename si_flags field (git-fixes).
- scsi: snic: Fix an error message (git-fixes).
- scsi: core: Only put parent device if host state differs from
  SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state
  changes to RUNNING (git-fixes).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
- scsi: qedf: Add pointer checks in qedf_update_link_speed()
  (git-fixes).
- scsi: qla2xxx: Make sure that aborted commands are freed
  (git-fixes).
- commit f8de973
- EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell
  (bsc#1114648).
- commit 79e2184
- bpf: Use kvmalloc for map values in syscall (stable-5.14.16).
- commit 4390e0a
- Revert "/config.sh: Build cve/linux-4.12 against SLE15-SP1."/
  This reverts commit ec3bd8c5b541a336b6608cd92493d50ba56230dc.
  See https://github.com/openSUSE/suse-module-tools/pull/44
- commit bede44a
- ibmvnic: Process crqs after enabling interrupts (bsc#1192273
  ltc#194629).
- ibmvnic: don't stop queue in xmit (bsc#1192273 ltc#194629).
- commit 7edfa65
- Revert "/ibmvnic: check failover_pending in login response"/
  (bsc#1190523 ltc#194510).
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit 49333a8
- Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
  (bsc#1191961 CVE-2021-34981).
- commit 0392318
- bpf: Fix potential race in tail call compatibility check
  (git-fixes).
- commit 122caf2
- bpf: Move owner type, jited info into array auxiliary data
  (bsc#1141655).
- commit afae5f6
- config.sh: Build cve/linux-4.12 against SLE15-SP1.
  SLE15 is no longer updated and we will need recent update to
  suse-module-tools to continue building the kernel.
- commit ec3bd8c
- ipv4: fix race condition between route lookup and invalidation
  (bsc#1190397).
- commit e4bb52c
- crypto: s5p-sss - Add error handling in s5p_aes_probe()
  (git-fixes).
- commit 776b7f3
- crypto: qat - disregard spurious PFVF interrupts (git-fixes).
- commit 80a9337
- crypto: qat - detect PFVF collision after ACK (git-fixes).
- commit b953c49
- ceph: take snap_empty_lock atomically with snaprealm refcount
  change (bsc#1191888).
- commit 4fbc9de
- blacklist.conf:
  0c0e37dc1167 x86/ioapic: Force affinity setup before startup
  ff363f480e59 x86/msi: Force affinity setup before startup
  This whole thing is needed when the affinity change happens after an
  interrupt is enabled - in that case an interrupt might get lost. The
  magic dance that protects against that is in ...apic/msi.c::msi_set_affinity().
  So both would need more involved backport as at least this prerequisite is
  needed:
  826da771291f ("/genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP"/)
  which calls irq_setup_affinity(), which, in 4.12 is called
  setup_affinity() and static... and there's likely other dependent
  changes in-between.
  So let's do the backport only when really needed in 12SP5.
- commit 24b1730
- Refresh
  patches.suse/scsi-lpfc-Adjust-bytes-received-vales-during-cmf-tim.patch.
- Refresh
  patches.suse/scsi-lpfc-Allow-PLOGI-retry-if-previous-PLOGI-was-ab.patch.
- Refresh
  patches.suse/scsi-lpfc-Allow-fabric-node-recovery-if-recovery-is-.patch.
- Refresh
  patches.suse/scsi-lpfc-Correct-sysfs-reporting-of-loop-support-af.patch.
- Refresh
  patches.suse/scsi-lpfc-Don-t-release-final-kref-on-Fport-node-whi.patch.
- Refresh
  patches.suse/scsi-lpfc-Don-t-remove-ndlp-on-PRLI-errors-in-P2P-mo.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-EEH-support-for-NVMe-I-O.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-FCP-I-O-flush-functionality-for-TMF-ro.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-I-O-block-after-enabling-managed-conge.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-NVMe-I-O-failover-to-non-optimized-pat.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-hang-on-unload-due-to-stuck-fport-node.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-link-down-processing-to-address-NULL-p.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-list_add-corruption-in-lpfc_drain_txq.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-premature-rpi-release-for-unsolicited-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-rediscovery-of-tape-device-after-LIP.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-use-after-free-in-lpfc_unreg_rpi-routi.patch.
- Refresh
  patches.suse/scsi-lpfc-Improve-PBDE-checks-during-SGL-processing.patch.
- Refresh
  patches.suse/scsi-lpfc-Revert-LOG_TRACE_EVENT-back-to-LOG_INIT-pr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.2.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.0.0.3.patch.
- Refresh
  patches.suse/scsi-lpfc-Wait-for-successful-restart-of-SLI3-adapte.patch.
- Refresh
  patches.suse/scsi-lpfc-Zero-CGN-stats-only-during-initial-driver-.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Add-support-for-mailbox-passthru.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Call-process_response_queue-in-Tx-path.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Check-for-firmware-capability-before-cr.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Display-16G-only-as-supported-speeds-fo.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Fix-crash-in-NVMe-abort-path.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Fix-kernel-crash-when-accessing-port_sp.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Fix-use-after-free-in-eh_abort-path.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Move-heartbeat-handling-from-DPC-thread.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-poin.patch.
- Refresh
  patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.100-k.patch.
- Refresh
  patches.suse/scsi-qla2xxx-edif-Use-link-event-to-wake-up-app.patch.
  Update metadata
- commit 6872efb
- USB: serial: keyspan: fix memleak on probe errors (git-fixes).
- commit 5bb827b
- USB: iowarrior: fix control-message timeouts (git-fixes).
- commit debcb75
- ocfs2: do not zero pages beyond i_size (bsc#1190795).
- commit 8c3bda1
- ftrace: Fix scripts/recordmcount.pl due to new binutils
  (bsc#1192267).
- commit adeb3ce
- Refresh
  patches.suse/NFS-Do-uncached-readdir-when-we-re-seeking-a-cookie-.patch.
  Fix backport error - dir_cookie is a pointer to a u64, not a u64.
- commit 2f2b8d1
- Update
  patches.suse/usb-hso-fix-error-handling-code-of-hso_create_net_de.patch
  (bsc#1188601 CVE-2021-37159).
  Added bsc and CVE numbers
- commit 8f0d9dd
- usb: hso: fix error handling code of hso_create_net_device
  (bsc#1188601 CVE-2021-37159).
- commit 3ae1a19
- blacklist.conf: blacklist pair of obsoleted patches
  (bsc#1188601 CVE-2021-37159)
- commit 2c55ec1
- objtool-don-t-fail-on-missing-symbol-table.patch needed for vanilla
  flavor as well.
- commit 3a74d9d
- Delete
  patches.suse/net-stmmac-honor-error-code-from-stmmac_dt_phy.patch.
  Fix compilation
- commit 0c9657c
- Delete
  patches.suse/net-stmmac-add-error-handling-in-stmmac_mtl_setup.patch.
  Drop the patch since it breaks the build
- commit 00a2937
- Refresh
  patches.suse/net-stmmac-add-error-handling-in-stmmac_mtl_setup.patch.
- Delete
  patches.suse/stmmac-use-of_property_read_u32-instead-of-read_u8.patch.
  Restore KABI
- commit 527b0fe
- ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
- commit 34b1e28
- kernel, fs: Introduce and use set_restart_fn() and
  arch_set_restart_data() (bsc#1191713).
- hrtimer: Move copyout of remaining time to do_nanosleep()
  (bsc#1191713).
- hrtimer_nanosleep(): Pass rmtp in restart_block (bsc#1191713).
- commit 6a08992
- s390x: Turn off CONFIG_NUMA_EMU (jsc#SLE-11600).
- commit cd3b0dd
- net: stmmac: make dwmac4_release_tx_desc() clear all descriptor
  fields (git-fixes).
- commit c2aaa29
- net: stmmac: use correct barrier between coherent memory and
  MMIO (git-fixes).
- commit 5b3bc71
- net: stmmac: ensure that the MSS desc is the last desc to set
  the own bit (git-fixes).
- commit 5e15577
- net: stmmac: honor error code from stmmac_dt_phy() (git-fixes).
- commit 90f4ce8
- net: stmmac: add error handling in stmmac_mtl_setup()
  (git-fixes).
- commit 7929102
- net: stmmac: WARN if tx_skbuff entries are reused before cleared
  (git-fixes).
- commit c0d84ad
- net: stmmac: do not clear tx_skbuff entries in
  stmmac_xmit()/stmmac_tso_xmit() (git-fixes).
- commit 0df2794
- net: stmmac: remove redundant enable of PMT irq (git-fixes).
- commit ba002b8
- net: stmmac: rename GMAC_INT_DEFAULT_MASK for dwmac4
  (git-fixes).
- commit 6e907fc
- net: stmmac: discard disabled flags in interrupt status register
  (git-fixes).
- commit 567573c
- net: stmmac: Fix bad RX timestamp extraction (git-fixes).
- commit afa9845
- net: stmmac: Fix TX timestamp calculation (git-fixes).
- commit 696543d
- ethernet: dwmac-stm32: Fix copyright (git-fixes).
- commit de443fc
- net: stmmac: fix LPI transitioning for dwmac4 (git-fixes).
- commit 2005c6b
- stmmac: use of_property_read_u32 instead of read_u8 (git-fixes).
- commit abba706
- stmmac: copy unicast mac address to MAC registers (git-fixes).
- commit 6977802
- net: stmmac: First Queue must always be in DCB mode (git-fixes).
- commit ad4b502
- net: stmmac: dwc-qos-eth: Fix typo in DT bindings parsing
  (git-fixes).
- commit 442b571
- net: stmmac: Prevent infinite loop in get_rx_timestamp_status()
  (git-fixes).
- commit ccd6cc8
- net: stmmac: Fix stmmac_get_rx_hwtstamp() (git-fixes).
- commit 62f9aa4
- net: stmmac: Avoid VLA usage (git-fixes).
- commit 9c5bde7
- blacklist.conf: ed65df63a39a ("/tracing: Have all levels of checks prevent recursion"/)
  It fixes a corner case, which should be rare. The patch changes a public
  header file and even if the API should not be used externally, there is
  always a risk.
- commit e57f5b1
- IB/hfi1: Fix abba locking issue with sc_disable() (git-fixes)
- commit 7fdd08f
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
  (bsc#1114648).
- commit 2cef412
- Update
  patches.suse/net-fix-race-condition-in-__inet_lookup_established.patch.
  (bsc#1180624)
- handle also race conditions in /proc/net/tcp code
- drop debugging statements
- commit 8111fc8
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
  (fate#322438 bsc#1085030 git-fixes).
- commit 73c4634
- sctp: add vtag check in sctp_sf_ootb (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_do_8_5_1_E_sa (CVE-2021-3772
  bsc#1190351).
- sctp: add vtag check in sctp_sf_violation (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for COOKIE_ECHO chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT_ACK chunk (CVE-2021-3772
  bsc#1190351).
- sctp: fix the processing for INIT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: use init_tag from inithdr for ABORT chunk (CVE-2021-3772
  bsc#1190351).
- sctp: check asoc peer.asconf_capable before processing asconf
  (bsc#1190351).
- commit 81f6dbd
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path
  (bsc#1065729).
- commit f6a28db
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in
  progress before devloss (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer
  dereference (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
  (bsc#1192145).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine
  (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP
  status change (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during
  host sg_reset (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
  driver_resource_setup() (bsc#1192145).
- commit 36710f1
- scsi: lpfc: Fix crash when nvmet transport calls host_release
  (bsc#1192145).
- Refresh
  patches.suse/scsi-lpfc-Delay-unregistering-from-transport-until-G.patch.
- commit deaaa3b
- sctp: add param size validation for SCTP_PARAM_SET_PRIMARY
  (CVE-2021-3655 bsc#1188563).
- sctp: validate chunk size in __rcv_asconf_lookup (CVE-2021-3655
  bsc#1188563).
- sctp: add size validation when walking chunks (CVE-2021-3655
  bsc#1188563).
- commit b0a2686
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
  Conflict resolution in merge commit b424dbe52c2f discarded the references
  update done in cve/linux-4.12 branch so that CVE and bugzilla references
  got lost. Add them back again.
- commit 9fe9da5
- blacklist.conf: Add a7b359fc6a37 ("/sched/fair: Correctly insert cfs_rq's to list on unthrottle"/)
  The commit causes regression (bsc#1191238) more severe than the issue it
  solves. The blacklisting can be lifted when there is an upstream
  solution to both issues.
- commit 2abfc18
- cipso,calipso: resolve a number of problems with the DOI
  refcounts (CVE-2021-33033 bsc#1186109).
- commit 017dde5
- nfc: nci: fix the UAF of rf_conn_info object (CVE-2021-3760
  bsc#1190067).
- commit 6401849
- Update patch reference for a firewire fix (CVE-2021-42739 CVE-2021-3542 bsc#1184673)
- commit 7614f38
- blacklist.conf: fix later reverted
- commit 82b7006
- USB: xhci: dbc: fix tty registration race (git-fixes).
- commit 7a85cc3
- usb: xhci: dbc: Use GFP_KERNEL instead of GFP_ATOMIC in
  'xhci_dbc_alloc_requests()' (git-fixes).
- commit e64ec99
- usb: xhci: dbc: Simplify error handling in
  'xhci_dbc_alloc_requests()' (git-fixes).
- commit cb17031
- xfs: fix up non-directory creation in SGID directories
  (bsc#1190006 CVE-2018-13405).
- commit 888b5ee
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006
  CVE-2018-13405).
- commit d7d9af2
- xfs: ensure that the inode uid/gid match values match the
  icdinode ones (bsc#1190006 CVE-2018-13405).
- commit f969983
- kabi: hide return value type change of sctp_af::from_addr_param
  (CVE-2021-3655 bsc#1188563).
- sctp: fix return value check in __sctp_rcv_asconf_lookup
  (CVE-2021-3655 bsc#1188563).
- sctp: validate from_addr_param return (CVE-2021-3655
  bsc#1188563).
- sctp: fully initialize v4 addr in some functions (bsc#1188563).
- commit 535a60e
- Update
  patches.suse/net_sched-cls_route-remove-the-right-filter-from-has.patch
  references (add CVE-2021-3715 bsc#1190349).
- commit 2e6d83a
- ocfs2: Fix data corruption on truncate (bsc#1190795).
- commit be1119a
- kernel, fs: Introduce and use set_restart_fn() and
  arch_set_restart_data() (bsc#1191713).
- commit 510c626
- scsi: smartpqi: Fix an error code in pqi_get_raid_map()
  (git-fixes).
- uapi: nfnetlink_cthelper.h: fix userspace compilation error
  (git-fixes).
- commit 71655bf
- blacklist scsi sense patch: changes kABI, too invasive
- commit da61b32
- net: ipv6: Discard next-hop MTU less than minimum link MTU
  (bsc#1191241).
- commit a2d889b
- ipv6/netfilter: Discard first fragment not including all headers
  (bsc#1191241).
- commit 1b109bb
- IPv6: reply ICMP error if the first fragment don't include
  all headers (bsc#1191241).
- commit ac897ff
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
  (bsc#1191241).
- commit cc7d40a
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
  bsc#1191801).
- commit 4ef5cd4
- media: firewire: firedtv-avc: fix a buffer overflow in
  avc_ca_pmt() (CVE-2021-3542 bsc#1184673).
- commit d196d58
- ocfs2: fix data corruption after conversion from inline format
  (bsc#1190795).
- commit cc44997
- xfs: fix string handling in label get/set functions
  (bsc#1191500, git-fixes).
- commit 91a6d54
- xfs: xfs_fsops: drop useless LIST_HEAD (bsc#1191500, git-fixes).
- commit 747051c
- xfs: fix check on struct_version for versions 4 or greater
  (bsc#1191500, git-fixes).
- commit 709b4ec
- blacklist.conf: 711885906b5c x86/Kconfig: Do not enable AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT automatically
- commit e4d714b
- xen: reset legacy rtc flag for PV domU (git-fixes).
- commit 96789b2
- PM: base: power: don't try to use non-existing RTC for storing
  data (git-fixes).
- commit 0d0e287
- xen: fix setting of max_pfn in shared_info (git-fixes).
- commit 21f0574
- xfs: implement online get/set fs label (bsc#1191500).
- commit 322151d
- fs: copy BTRFS_IOC_[SG]ET_FSLABEL to vfs (bsc#1191500).
- commit 7cf692c
- xfs: move growfs core to libxfs (bsc#1191500).
- commit d95e8c0
- xfs: rework secondary superblock updates in growfs
  (bsc#1191500).
- commit 215c2e3
- xfs: separate secondary sb update in growfs (bsc#1191500).
- commit e06611a
- xfs: make imaxpct changes in growfs separate (bsc#1191500).
- commit 186aca9
- xfs: turn ag header initialisation into a table driven operation
  (bsc#1191500).
- commit 4718772
- xfs: factor ag btree root block initialisation (bsc#1191500).
- commit 2ea00a7
- NFS: Do uncached readdir when we're seeking a cookie in an
  empty page cache (bsc#1191628).
- commit 63090c9
- xfs: always honor OWN_UNKNOWN rmap removal requests
  (bsc#1191500).
- commit 15e2299
- xfs: convert growfs AG header init to use buffer lists
  (bsc#1191500).
- commit 65b6b97
- xfs: factor out AG header initialisation from growfs core
  (bsc#1191500).
- commit b0c0c3a
- xfs: one-shot cached buffers (bsc#1191500).
- commit a177a16
- xfs: refactor the geometry structure filling function
  (bsc#1191500).
- commit 266f45c
- xfs: hoist xfs_fs_geometry to libxfs (bsc#1191500).
- commit b0f32c6
- Correctly sort PPC patches.
- Refresh patches.suse/powerpc-64s-Fix-crashes-when-toggling-stf-barrier.patch.
- Refresh patches.suse/powerpc-64s-flush-L1D-after-user-accesses.patch.
- Refresh patches.suse/powerpc-64s-flush-L1D-on-kernel-entry.patch.
- commit 2c6662e
- netfilter: Drop fragmented ndisc packets assembled in netfilter
  (git-fixes).
- commit 587232d
- series.conf: update ordering
- commit 338b36a
- ext4: fix reserved space counter leakage (bsc#1191450).
- commit 445fefd
- blacklist.conf: Blacklist fd2ef39cc9a6
- commit 1e6ddf8
- ocfs2: drop acl cache for directories too (bsc#1191667).
- commit e858da2
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- commit 756937a
- blacklist.conf: Blacklist 889c05cc5834
- commit 67fc346
- blacklist.conf: Blacklist 6961fed42014
- commit 99285c7
- blacklist.conf: Blacklist filesystems that are not compiled
- commit ec1cca5
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
  (bsc#1191349).
- commit e288eba
- blktrace: Fix uaf in blk_trace access after removing by sysfs
  (bsc#1191452).
- commit 60f6902
- ext4: fix potential infinite loop in ext4_dx_readdir()
  (bsc#1191662).
- commit c48ebd7
- blacklist.conf: blacklist 8c4bca10ceaf
- commit 2f013b8
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
  (git-fixes).
- commit df75ef9
- x86/resctrl: Free the ctrlval arrays when
  domain_setup_mon_state() fails (bsc#1114648).
- commit 849f5e6
- scsi: qla2xxx: Remove redundant initialization of pointer req
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path
  (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to
  workqueue (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path
  (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed
  sysfs file (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app
  (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating
  QPair (bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c
  card (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout
  (bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset()
  (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset()
  (bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
  (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
  (bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down
  (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
  (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
  (bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list
  (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx
  (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang
  (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190941).
- commit fb73e90
- powerpc/bpf: Emit stf barrier instruction sequences
  for BPF_NOSPEC (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/security: Add a helper to query stf_barrier type
  (bsc#1188983 CVE-2021-34556 bsc#1188985 CVE-2021-35477).
- powerpc/bpf: Validate branch ranges (bsc#1188983 CVE-2021-34556
  bsc#1188985 CVE-2021-35477).
- powerpc/lib: Add helper to check if offset is within
  conditional branch range (bsc#1188983 CVE-2021-34556 bsc#1188985
  CVE-2021-35477).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- commit d4beb54
- blacklist.conf: ff1c08e1f74b ("/bpf: Change size to u64 for bpf_map_{area_alloc, charge_init}()"/)
  Only needed on 32-bit system and breaks kABI.
- commit f2ee98f
- blacklist.conf: cosmetic fix
- commit 5d07092
- blacklist.conf: misattributed, not needed
- commit e03f28e
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- commit 9a6227e
- net: usb: qmi_wwan: added support for Thales Cinterion PLSx3
  modem family (git-fixes).
- commit 4db3d45
- blacklist.conf: feature, not a fix
- commit 9144587
- Move upstreamed bpf patch into sorted section
- commit 848cbf8
- iov_iter_fault_in_readable() should do nothing in xarray  case
  (bsc#1191579).
- commit 1aec87e
- blacklist.conf: no CAN in SLE12
- commit 5fcdd60
- blacklist.conf: no CAN in SLE12
- commit 02f489a
- blacklist.conf: no CAN in SLE12
- commit e673913
- blacklist.conf: no CAN in SLE12
- commit 36eb69c
- blacklist.conf: no CAN in SLE12
- commit 3bde2bd
- blacklist.conf: no CAN in SLE12
- commit e3892df
- blacklist.conf: no CAN in SLE12
- commit 4b0b899
- blacklist.conf: feature, not a fix
- commit 41fc29b
- blacklist.conf: no CAN in SLE12
- commit f1f89ff
- blacklist.conf: no CAN in SLE12
- commit 420c816
- gianfar: Account for Tx PTP timestamp in the skb headroom
  (git-fixes).
- commit 5aee288
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
  (git-fixes).
- commit 3aeb7bc
- gianfar: Fix TX timestamping with a stacked DSA driver
  (git-fixes).
- commit 53a66df
- gianfar: simplify FCS handling and fix memory leak (git-fixes).
- commit 082815a
- blacklist.conf: 79f32b221b18 ("/ARM: 9079/1: ftrace: Add MODULE_PLTS support"/)
  We do not support arm32.
- commit eb72851
- soc: aspeed: lpc-ctrl: Fix boundary check for mmap
  (CVE-2021-42252 bsc#1190479).
- commit 5b9f8af
- USB: serial: option: add device id for Foxconn T99W265
  (git-fixes).
- commit 4cdae00
- USB: serial: cp210x: add ID for GW Instek GDM-834x Digital
  Multimeter (git-fixes).
- commit 2a96462
- USB: serial: option: add Telit LN920 compositions (git-fixes).
- commit 496498d
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk
  (git-fixes).
- commit 6aff9cd
- Refresh
  patches.suse/bpf-Fix-integer-overflow-in-prealloc_elems_and_freel.patch.
- commit 956dc09
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c
  (git-fixes).
- commit 9490aec
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to
  signal (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error
  handling (git-fxes).
- selinux: fix error initialization in inode_doinit_with_dentry()
  (git-fixes).
- bitmap: remove unused function declaration (git-fixes).
- kernel/locking/mutex.c: remove caller signal_pending branch
  predictions (bsc#1050549).
- locking/pvqspinlock/x86: Use LOCK_PREFIX in
  __pv_queued_spin_unlock() assembly code (bsc#1050549).
- commit cdebbbe
- blacklist.conf: irrelevant in our config
- commit 0fad9fd
- USB: cdc-acm: fix break reporting (git-fixes).
- commit b5f11d9
- tpm: ibmvtpm: Avoid error message when process gets signal
  while waiting (bsc#1065729).
- commit 4d59711
- usb: typec: tcpm: handle SRC_STARTUP state if cc changes
  (git-fixes).
- commit 31b3220
- USB: cdc-acm: fix racy tty buffer accesses (git-fixes).
- commit 032b5be
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- commit 21929b4
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620
  ltc#194498 git-fixes).
- commit 662c283
- bpf: Fix integer overflow in prealloc_elems_and_freelist()
  (bsc#1191317, CVE-2021-41864).
- commit d0cde41
- net: hso: add failure handler for add_net_device (git-fixes).
- commit 3b14c25
- usb: hso: fix error handling code of hso_create_net_device
  (git-fixes).
- commit ebd03d3
- net: hso: fix null-ptr-deref during tty device unregistration
  (git-fixes).
- commit f398fe2
- net: hso: remove redundant unused variable dev (git-fixes).
- Refresh
  patches.suse/usb-hso-check-for-return-value-in-hso_serial_common_.patch.
- commit b58b0ce
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- commit ffbfb2e
- blacklist.conf: kABI
- commit 7b017ad
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- commit b100ada
- net: cdc_ncm: use tasklet_init() for tasklet_struct init
  (git-fixes).
- commit 0200bdd
- cdc_ncm: Set NTB format again after altsetting switch for
  Huawei devices (git-fixes).
- commit a2bf5c7
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
  (git-fixes).
- commit 86bb85d
- blacklist.conf: kABI
- commit 25076fb
- blacklist.conf: kABI
- commit a8e4dd5
- net: 6pack: fix slab-out-of-bounds in decode_data
  (CVE-2021-42008 bsc#1191315).
- commit 7ea0770
- SUNRPC: Ensure to ratelimit the "/server not responding"/ syslog
  messages (bsc#1191136).
- commit 126cc01
- blacklist.conf: for 51e1bb9eeaf7
- commit 69a2dab
- crypto: x86/aes-ni-xts - use direct calls to and 4-way stride
  (bsc#1114648).
- commit 3c40299
- blacklist.conf: requires newer version of USB PD breaking kABI
- commit 27f4776
- blacklist.conf: kABI
- commit dbb45af
- blacklist.conf: already merged under different ID
- commit 6050f00
- usb: xhci-mtk: fix broken streams issue on 0.96 xHCI
  (git-fixes).
- commit 18d73ac
- blacklist.conf: not relevant in our config
- commit c99be6f
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115 CVE-2021-3759).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  This commit is effectively patch refresh but filename changed too. This
  only adds metadata to the patch after it was accepted upstream.
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- Delete
  patches.suse/ipc-remove-memcg-accounting-for-sops-objects.patch.
  Refreshing patch with upstream metadata.
- commit d2aacd0
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- commit a0d125b
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- commit 3ec91a3
- powerpc/powernv: Fix machine check reporting of async store
  errors (bsc#1065729).
- commit abcaf17
- powerpc/mm/radix: Free PUD table when freeing pagetable
  (bsc#1065729).
- commit ab507b2
- blacklist.conf: update blacklist
- commit 158e64e
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Drop the case of returning 0 as instruction
  pointer (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when
  ppmu is not set (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode
  flags (bsc#1065729).
- commit 673ee59
- kABI compatibility for ath_key_delete() changes (CVE-2020-3702
  bsc#1191193).
- commit f8ebcef
- ath9k: Postpone key cache entry deletion for TXQ frames
  reference it (CVE-2020-3702 bsc#1191193).
- ath: Modify ath_key_delete() to not need full key entry
  (CVE-2020-3702 bsc#1191193).
- ath: Export ath_hw_keysetmac() (CVE-2020-3702 bsc#1191193).
- ath9k: Clear key cache explicitly on disabling hardware
  (CVE-2020-3702 bsc#1191193).
- ath: Use safer key clearing with key cache entries
  (CVE-2020-3702 bsc#1191193).
- commit 9bf1f45
- kabi/severities: skip kABI check for ath9k-local symbols (CVE-2020-3702 bsc#1191193)
  ath9k modules have some exported symbols for the common helpers
  and the recent fixes broke kABI of those.  They are specific to
  ath9k's own usages, so safe to ignore.
- commit b554871
- Refresh patches.suse/powerpc-pseries-Move-mm-book3s64-vphn.c-under-platfo.patch.
  Add back vphn.h
  There is a symlink pointing to this file which canot be removed because
  symlink removal is not supported by rapidquilt, and broken symlinks are
  not allowed by rpmlint so the file itself must stay as well.
- commit ba6520a
- drm/qxl: lost qxl_bo_kunmap_atomic_page in
  qxl_image_init_helper() (bsc#1186785).
- commit 555e9f5
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185727).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185727).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185727).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185727).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185727).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185727).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185727).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185727).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185727).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185727).
- hv: mana: adjust mana_select_queue to old API (jsc#SLE-18779, bsc#1185727).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185727).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185727).
- commit b0be2a7
- powerpc/pseries: Move mm/book3s64/vphn.c under platforms/pseries/
  (bsc#1190914).
- Refresh patches.suse/powerpc-numa-remove-timed_topology_update.patch.
- Refresh patches.suse/powerpc-numa-remove-unreachable-topology-timer-code.patch.
- Refresh patches.suse/powerpc-numa-remove-vphn_enabled-and-prrn_enabled-in.patch.
- Refresh patches.suse/powerpc-numa-stub-out-numa_update_cpu_topology.patch.
- commit 1e05ad9
- powerpc/numa: Early request for home node associativity
  (bsc#1190914).
- commit 6ce9c36
- blacklist.conf: prerequisites break kABI
- commit 8166416
- x86/mm: Fix kern_addr_valid() to cope with existing but not
  present entries (bsc#1114648).
- commit 0682cd5
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- commit bd71d08
- blacklist.conf: kABI
- commit ba647f3
- blacklist.conf: too intrusive
- commit b584766
- blacklist.conf: cosmetic fix
- commit 7a64292
- blacklist.conf: feature, not a bug fix
- commit c497262
- blacklist.conf: false positive
- commit 94e4d75
- fuse: truncate pagecache on atomic_o_trunc (bsc#1191051).
- commit 4e5d656
- qla2xxx: Fix bug reference for qla2xxx update to 10.02.00.107-k
  The bug reference changed half of the update of the qla2xxx driver.
  Use the correct.
  Meta data udpate for:
  patches.suse/scsi-qla2xxx-Fix-spelling-mistakes-allloc-alloc.patch
  patches.suse/scsi-qla2xxx-Fix-use-after-free-in-debug-code.patch
  patches.suse/scsi-qla2xxx-Remove-redundant-initialization-of-vari.patch
  patches.suse/scsi-qla2xxx-Update-version-to-10.02.00.107-k.patch
  patches.suse/scsi-qla2xxx-edif-Add-authentication-pass-fail-bsgs.patch
  patches.suse/scsi-qla2xxx-edif-Add-detection-of-secure-device.patch
  patches.suse/scsi-qla2xxx-edif-Add-doorbell-notification-for-app.patch
  patches.suse/scsi-qla2xxx-edif-Add-encryption-to-I-O-path.patch
  patches.suse/scsi-qla2xxx-edif-Add-extraction-of-auth_els-from-th.patch
  patches.suse/scsi-qla2xxx-edif-Add-getfcinfo-and-statistic-bsgs.patch
  patches.suse/scsi-qla2xxx-edif-Add-key-update.patch
  patches.suse/scsi-qla2xxx-edif-Add-send-receive-and-accept-for-au.patch
  patches.suse/scsi-qla2xxx-edif-Increment-command-and-completion-c.patch
- commit 1dca311
- Bluetooth: check for zapped sk before connecting (CVE-2021-3752
  bsc#1190023).
- commit 7504476
- usb: musb: tusb6010: uninitialized data in
  tusb_fifo_write_unaligned() (git-fixes).
- commit 371e551
- blacklist.conf: cosmetic fix
- commit 0680bbd
- USB: serial: option: remove duplicate USB device ID (git-fixes).
- commit 91495db
- Refresh
  patches.suse/scsi-lpfc-Fix-CPU-to-from-endian-warnings-introduced.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-compilation-errors-on-kernels-with-no-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-gcc-Wstringop-overread-warning-again.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-sprintf-overflow-in-lpfc_display_fpin_.patch.
- Refresh patches.suse/scsi-lpfc-Remove-unneeded-variable.patch.
- Refresh
  patches.suse/scsi-lpfc-Use-correct-scnprintf-limit.patch.
  Update metadata
- commit 8a58a10
- blacklist.conf: 5297cfa6bdf9 EDAC/synopsys: Fix wrong value type assignment for edac_mode
- commit 7f5d8e7
- powerpc/mm: Fix section mismatch warning (bsc#1148868).
- Refresh patches.suse/powerpc-Chunk-calls-to-flush_dcache_range-in-arch_-_.patch
- commit 3e2861d
- powerpc/mm: Fix section mismatch warning in early_check_vec5()
  (bsc#1148868).
- commit efdfc43
- powerpc: fix function annotations to avoid section mismatch
  warnings with gcc-10 (bsc#1148868).
- commit 9bd3650
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543
  ltc#194523).
- Refresh patches.suse/pseries-drmem-update-LMBs-after-LPM.patch
- commit f032951
- cifs: create sd context must be a multiple of 8 (bsc#1190317).
- commit 0c189c0
- smb3: rc uninitialized in one fallocate path (bsc#1190317).
- commit ef65cd9
- SMB3: fix readpage for large swap cache (bsc#1190317).
- commit 9777939
- cifs: fix fallocate when trying to allocate a hole
  (bsc#1190317).
- commit e1aae9a
- CIFS: Clarify SMB1 code for POSIX delete file (bsc#1190317).
- commit 33b0806
- CIFS: Clarify SMB1 code for POSIX Create (bsc#1190317).
- commit 0420aa1
- cifs: only write 64kb at a time when fallocating a small region
  of a file (bsc#1190317).
- commit ab6dfdc
- SMB3.1.1: fix mount failure to some servers when compression
  enabled (bsc#1190317).
- commit 8fc56eb
- cifs: added WARN_ON for all the count decrements (bsc#1190317).
- commit 9af5354
- cifs: fix missing null session check in mount (bsc#1190317).
- commit 585846b
- cifs: handle reconnect of tcon when there is no cached dfs
  referral (bsc#1190317).
- commit e915f2a
- cifs: fix the out of range assignment to bit fields in
  parse_server_interfaces (bsc#1190317).
- commit b640bcd
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- commit 8a1b030
- powerpc/pseries: Prevent free CPU ids being reused on another
  node (bsc#1190620 ltc#194498).
- commit b044bb6
- net: sched: sch_teql: fix null-pointer dereference
  (bsc#1190717).
- commit 595c68d
- cifs: Do not use the original cruid when following DFS links
  for multiuser mounts (bsc#1190317).
- commit 11a9d6f
- cifs: use the expiry output of dns_query to schedule next
  resolution (bsc#1190317).
- commit eff2eb7
- CIFS: Clarify SMB1 code for POSIX Lock (bsc#1190317).
- commit cdd10c4
- CIFS: Clarify SMB1 code for rename open file (bsc#1190317).
- commit fda787c
- CIFS: Clarify SMB1 code for delete (bsc#1190317).
- commit 2162abd
- CIFS: Clarify SMB1 code for SetFileSize (bsc#1190317).
- commit 8043e27
- CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1190317).
- commit ee3dce0
- CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1190317).
- commit 1764af8
- cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1190317).
- commit cda0cd6
- cifs: make locking consistent around the server session status
  (bsc#1190317).
- commit 64d8217
- smb3: prevent races updating CurrentMid (bsc#1190317).
- commit fb5243c
- cifs: fix missing spinlock around update to ses->status
  (bsc#1190317).
- commit 8dde9ff
- smb3: fix possible access to uninitialized pointer to DACL
  (bsc#1190317).
- commit 3fb727d
- cifs: missing null check for newinode pointer (bsc#1190317).
- commit 32bd34a
- cifs: remove two cases where rc is set unnecessarily in
  sid_to_id (bsc#1190317).
- commit 7a8b905
- SMB3: Add new info level for query directory (bsc#1190317).
- commit 654aa5b
- cifs: fix NULL dereference in smb2_check_message()
  (bsc#1190317).
- commit 255dcbb
- cifs: Avoid field over-reading memcpy() (bsc#1190317).
- commit 334ee76
- cifs: fix SMB1 error path in cifs_get_file_info_unix
  (bsc#1190317).
- commit 7a643a8
- cifs: convert list_for_each to entry variant in cifs_debug.c
  (bsc#1190317).
- commit dd6750b
- cifs: convert list_for_each to entry variant in smb2misc.c
  (bsc#1190317).
- commit 855734a
- cifs: avoid extra calls in posix_info_parse (bsc#1190317).
- commit 13b1c32
- cifs: retry lookup and readdir when EAGAIN is returned
  (bsc#1190317).
- commit c673d7a
- cifs: improve fallocate emulation (bsc#1190317).
- commit 2a8db5f
- cifs: fix string declarations and assignments in tracepoints
  (bsc#1190317).
- commit 3e93365
- cifs: set server->cipher_type to AES-128-CCM for SMB3.0
  (bsc#1190317).
- commit c1692d4
- SMB3: incorrect file id in requests compounded with open
  (bsc#1190317).
- commit 6131456
- cifs: use echo_interval even when connection not ready
  (bsc#1190317).
- commit 12fbbbf
- cifs: detect dead connections only when echoes are enabled
  (bsc#1190317).
- commit ad68003
- cifs: add shutdown support (bsc#1190317).
- commit 50e9950
- smb3: limit noisy error (bsc#1190317).
- commit 74153ab
- cifs: remove unnecessary copies of tcon->crfid.fid
  (bsc#1190317).
- commit 7d56d84
- cifs: fix out-of-bound memory access when calling smb3_notify()
  at mount point (bsc#1190317).
- commit 2dc39ec
- smb2: fix use-after-free in smb2_ioctl_query_info()
  (bsc#1190317).
- commit 88d30f9
- cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1190317).
- commit 7873b68
- cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1190317).
- commit bba7899
- cifs: check the timestamp for the cached dirent when deciding
  on revalidate (bsc#1190317).
- commit 77d92f7
- cifs: pass the dentry instead of the inode down to the
  revalidation check functions (bsc#1190317).
- commit f3bdae2
- cifs: add a timestamp to track when the lease of the cached
  dir was taken (bsc#1190317).
- commit 2d38159
- cifs: add a function to get a cached dir based on its dentry
  (bsc#1190317).
- commit 6007f92
- cifs: Grab a reference for the dentry of the cached directory
  during the lifetime of the cache (bsc#1190317).
- commit 30fd1a2
- cifs: store a pointer to the root dentry in cifs_sb_info once
  we have completed mounting the share (bsc#1190317).
- commit ee518fe
- cifs: rename the *_shroot* functions to *_cached_dir*
  (bsc#1190317).
- commit c613589
- cifs: pass a path to open_shroot and check if it is the root
  or not (bsc#1190317).
- commit d014649
- cifs: move the check for nohandlecache into open_shroot
  (bsc#1190317).
- commit 2fb508c
- cifs: make build_path_from_dentry() return const char *
  (bsc#1190317).
- commit 3fd50e9
- cifs: constify pathname arguments in a bunch of helpers
  (bsc#1190317).
- commit 1c4348c
- cifs: constify path argument of ->make_node() (bsc#1190317).
- commit 8fe9c35
- SMB3: update structures for new compression protocol definitions
  (bsc#1190317).
- commit 13f517a
- update structure definitions from updated protocol documentation
  (bsc#1190317).
- commit 39cc1ab
- cifs: remove old dead code (bsc#1190317).
- commit 8f437f9
- blacklist.conf: update blacklist
- commit 1733bdb
- x86/crash: Add e820 reserved ranges to kdump kernel's e820 table
  (bsc#1181193).
- commit d98824b
- x86/mm: Rework ioremap resource mapping determination
  (bsc#1181193).
- commit 0779517
- blacklist.conf: update blacklist
- commit cac7733
- x86/e820, ioport: Add a new I/O resource descriptor
  IORES_DESC_RESERVED (bsc#1181193).
- commit bbfb43c
- smb3: fix cached file size problems in duplicate extents
  (reflink) (bsc#1190317).
- commit cd5036a
- cifs: Silently ignore unknown oplock break handle (bsc#1190317).
- commit 323a094
- cifs: revalidate mapping when we open files for SMB1 POSIX
  (bsc#1190317).
- commit 22ad98e
- cifs: Fix chmod with modefromsid when an older ACE already
  exists (bsc#1190317).
- commit e0a19c1
- cifs: fix allocation size on newly created files (bsc#1190317).
- commit 485bf0c
- cifs: update new ACE pointer after populate_new_aces
  (bsc#1190317).
- commit ff11875
- cifs: have ->mkdir() handle race with another client sanely
  (bsc#1190317).
- commit 7d96ff8
- do_cifs_create(): don't set ->i_mode of something we had not
  created (bsc#1190317).
- commit 0814ca5
- cifs: ask for more credit on async read/write code paths
  (bsc#1190317).
- commit 3b81574
- resource: Fix find_next_iomem_res() iteration issue
  (bsc#1181193).
- Refresh
  patches.suse/0001-mm-resource-Let-walk_system_ram_range-search-child-r.patch.
- Refresh
  patches.suse/0001-mm-resource-Return-real-error-codes-from-walk-failur.patch.
- Refresh
  patches.suse/resource-fix-locking-in-find_next_iomem_res.patch.
- commit 0f2ad3d
- blacklist.conf: kABI
- commit 339a14d
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again
  (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn()
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing
  (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load
  and stat reset (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode
  (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer
  interval (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines
  (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path
  (bsc#1190576).
- scsi: lpfc: Don't remove ndlp on PRLI errors in P2P mode
  (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP
  (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node
  (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS
  and LS_RJT (bsc#1190576).
- scsi: lpfc: Don't release final kref on Fport node while ABTS
  outstanding (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq()
  (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no
  CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS
  processing (bsc#1190576).
- commit 789627e
- blacklist.conf: Append 'drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence'
- commit 5666bbd
- blacklist.conf: Append 'drm/i915: Fix mismatch between misplaced vma check and vma insert'
- commit 0f10a6a
- blacklist.conf: Append 'drm/i915/gt: Program mocs:63 for cache eviction on gen9'
- commit 41bde63
- blacklist.conf: Append 'drm/i915: Avoid mixing integer types during batch copies'
- commit 44ead34
- blacklist.conf: Append 'drm/i915/gem: Avoid implicit vmap for highmem on x86-32'
- commit 60f6fe8
- blacklist.conf: Append 'drm/i915/dp: Track pm_qos per connector'
- commit 3d26f53
- blacklist.conf: Append 'drm/i915: Fix the GT fence revocation runtime PM logic'
- commit f507dcc
- blacklist.conf: Append 'drm/radeon: Avoid power table parsing memory leaks'
- commit 11e69b0
- blacklist.conf: Append 'amdgpu: fix GEM obj leak in amdgpu_display_user_framebuffer_create'
- commit 7770bde
- blacklist.conf: # not used in SLE12
- commit bf56840
- blacklist.conf: not used in SLE12
- commit 24e4b8a
- blacklist.conf: not used in SLE12
- commit 1d62d53
- blacklist.conf: not used in SLE12
- commit 516aee1
- USB: serial: option: add new VID/PID to support Fibocom FG150
  (git-fixes).
- commit 224b5d3
- cifs: If a corrupted DACL is returned by the server, bail out
  (bsc#1190317).
- commit 3b11d19
- cifs: minor simplification to smb2_is_network_name_deleted
  (bsc#1190317).
- commit acad494
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1190317).
- commit 7ce4a95
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c
  (bsc#1190317).
- commit cce87e3
- cifs: Change SIDs in ACEs while transferring file ownership
  (bsc#1190317).
- commit c9f530c
- cifs: Retain old ACEs when converting between mode bits and ACL
  (bsc#1190317).
- commit c2e6395
- cifs: Fix cifsacl ACE mask for group and others (bsc#1190317).
- commit 0dda4bf
- cifs: Fix in error types returned for out-of-credit situations
  (bsc#1190317).
- commit 4559efe
- cifs: do not fail __smb_send_rqst if non-fatal signals are
  pending (bsc#1190317).
- commit d22783f
- x86/resctrl: Fix a maybe-uninitialized build warning treated
  as error (bsc#1114648).
- x86/resctrl: Fix default monitoring groups reporting
  (bsc#1114648).
- commit eb311f7
- blacklist.conf: Append 'drm/bridge: ti-sn65dsi86: Add some 100 us delays'
- commit ee5f3ed
- drm/msm/dsi: Fix some reference counted resource leaks (bsc#1129770)
- commit 97968dc
- drm/gma500: Fix end of loop tests for list_for_each_entry (bsc#1129770)
  Backporting changes:
  * refresh
- commit 6b17f22
- drm/mediatek: Add AAL output size configuration (bsc#1129770)
  Backporting changes:
  * adapted code to use writel() function
- commit 96668c3
- drm/rockchip: cdn-dp: fix sign extension on an int multiply for a u64 (bsc#1129770)
  Backporting changes
  * context changes
- commit 5a384ea
- drm/imx: ipuv3-plane: Remove two unnecessary export symbols (bsc#1129770)
  Backporting changes:
  * refreshed
- commit 7224acc
- drm/msm: Small msm_gem_purge() fix (bsc#1129770)
  Backporting changes:
  * context changes in msm_gem_purge()
  * remove test for non-existant msm_gem_is_locked()
- commit 4e9715d
- video: fbdev: imxfb: Fix an error message (bsc#1129770)
  Backporting changes:
  * context changes in imxfb_probe()
- commit 1484b0c
- fbmem: add margin check to fb_check_caps() (bsc#1129770)
  Backporting changes:
  * context chacnges in fb_set_var()
- commit 1b4eaeb
- blacklist.conf: 3bff147b187d x86/mce: Defer processing of early errors
- commit 2e4a7f5
- s390/bpf: Fix optimizing out zero-extensions (bsc#1190601).
- s390/bpf: Fix 64-bit subtraction of the -0x80000000 constant
  (bsc#1190601).
- s390/bpf: Fix branch shortening during codegen pass
  (bsc#1190601).
- s390/bpf: Wrap JIT macro parameter usages in parentheses
  (bsc#1190601).
- s390: bpf: implement jitting of BPF_ALU | BPF_ARSH | BPF_*
  (bsc#1190601).
- commit 79e76b1
- EDAC/i10nm: Fix NVDIMM detection (bsc#1114648).
- commit 9106036
- net: qed: fix left elements count calculation (git-fixes).
- commit a9679cd
- dt-bindings: pwm: stm32: Add #pwm-cells (git-fixes).
- commit e45ad2c
- fs/select: avoid clang stack usage warning (git-fixes).
- commit 45d68dc
- kdb: do a sanity check on the cpu in kdb_per_cpu() (git-fixes).
- commit 16d216d
- docs: Fix infiniband uverbs minor number (git-fixes).
- commit 0bc342c
- profiling: fix shift-out-of-bounds bugs (git-fixes).
- commit 7f38641
- s390/unwind: use current_frame_address() to unwind current task
  (bsc#1185677).
- commit 84c56d2
- KVM: x86: Use kernel's x86_phys_bits to handle reduced
  MAXPHYADDR (bsc#1114648).
- commit e37928c
- Refresh
  patches.suse/ibmvnic-check-failover_pending-in-login-response.patch.
- commit 9672a40
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom
  (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod
  (bsc#1173746).
- net: sched: Fix qdisc_rate_table refcount leak when get
  tcf_block failed (bsc#1056657 FATE#322189 bsc#1056653
  FATE#322190 bsc#1056787).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- e1000e: Do not take care about recovery NVM checksum
  (bsc#1158533).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- xgene-v2: Fix a resource leak in the error handling path of
  'xge_probe()' (git-fixes).
- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244
  FATE#322915).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32
  (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt: disable napi before canceling DIM (bsc#1104745
  FATE#325918).
- net: linkwatch: fix failure to restore device state across
  suspend/resume (bsc#1109837).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ice: Prevent probing virtual functions (bsc#1118661
  FATE#325277).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is
  exceeded (bsc#1109837 bsc#1111981 FATE#326312).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- net: sched: cls_api: Fix the the wrong parameter (bsc#1109837).
- bnxt_en: don't disable an already disabled PCI device
  (git-fixes).
- liquidio: Fix unintentional sign extension issue on left shift
  of u16 (git-fixes).
- cxgb4: fix IRQ free race during driver unload (git-fixes).
- igb: Check if num of q_vectors is smaller than max before
  array access (git-fixes).
- iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
- e1000e: Fix an error handling path in 'e1000_probe()'
  (git-fixes).
- fm10k: Fix an error handling path in 'fm10k_probe()'
  (git-fixes).
- igb: Fix an error handling path in 'igb_probe()' (git-fixes).
- ixgbe: Fix an error handling path in 'ixgbe_probe()'
  (git-fixes).
- igb: Fix use-after-free error during reset (git-fixes).
- i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
- i40e: Fix error handling in i40e_vsi_open (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one()
  (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- commit 3c06958
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI
  (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches
  (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data
  (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers
  (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer
  (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info
  to firmware (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
  Refresh:
  - patches.kabi/scsi-fc-kABI-fixes-for-new-ELS_FPIN-definition.patch
- scsi: core: Add helper to return number of logical blocks in
  a request (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
  (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function
  (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions
  (bsc#1190576).
- commit 7baf690
- irqchip/gic-v3: Don't try to reset AP0Rn (bsc#1189407).
- commit e2955e8
- cifs: check pointer before freeing (bsc#1190317).
- Refresh
  patches.suse/cifs-keep-referral-server-sessions-alive.patch.
  Context adjustment.
- commit c622c6c
- Add SMB 2 support for getting and setting SACLs (bsc#1190317).
- commit f616635
- SMB3: Add support for getting and setting SACLs (bsc#1190317).
- commit 0a5aeb6
- cifs: fix rsize/wsize to be negotiated values (bsc#1190317).
- commit d6a5280
- cifs: remove some minor warnings pointed out by kernel test
  robot (bsc#1190317).
- commit 09fcc8a
- cifs: remove various function description warnings
  (bsc#1190317).
- commit bab1cd5
- cifs: cleanup misc.c (bsc#1190317).
- commit 82336f3
- cifs: minor kernel style fixes for comments (bsc#1190317).
- commit 827feef
- cifs: Make extract_sharename function public (bsc#1190317).
- commit fafbd95
- cifs: Make extract_hostname function public (bsc#1190317).
- commit 9e4ad61
- SMB3.1.1: do not log warning message if server doesn't populate
  salt (bsc#1190317).
- commit 90221e4
- SMB3.1.1: update comments clarifying SPNEGO info in negprot
  response (bsc#1190317).
- commit 8c596de
- cifs: Enable sticky bit with cifsacl mount option (bsc#1190317).
- commit 3513140
- cifs: Fix unix perm bits to cifsacl conversion for "/other"/
  bits (bsc#1190317).
- commit a058fee
- SMB3.1.1: remove confusing mount warning when no SPNEGO info
  on negprot rsp (bsc#1190317).
- commit 4cc3ecb
- SMB3: avoid confusing warning message on mount to Azure
  (bsc#1190317).
- commit 772de9a
- cifs: refactor create_sd_buf() and and avoid corrupting the
  buffer (bsc#1190317).
- commit aa87e05
- smb3: Handle error case during offload read path (bsc#1190317).
- commit 91f2cf7
- smb3: Avoid Mid pending list corruption (bsc#1190317).
- commit e4b377f
- smb3: Call cifs reconnect from demultiplex thread (bsc#1190317).
- commit 094f065
- cifs: fix a memleak with modefromsid (bsc#1190317).
- commit a829d6e
- smb3: add some missing definitions from MS-FSCC (bsc#1190317).
- commit 8475495
- SMB3: add support for recognizing WSL reparse tags
  (bsc#1190317).
- commit 5a9bbe0
- Fix build warnings.
  Also align code location with later codestreams and improve
  bisectability.
- Refresh patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh patches.suse/x86-apic-msi-Plug-non-maskable-MSI-affinity-race.patch.
- commit cc966a5
- smb3: do not try to cache root directory if dir leases not
  supported (bsc#1190317).
- commit 36f12b1
- smb3: fix stat when special device file and mounted with
  modefromsid (bsc#1190317).
- commit 777d7b7
- cifs: Print the address and port we are connecting to in
  generic_ip_connect() (bsc#1190317).
- commit c72e2a3
- SMB3: Resolve data corruption of TCP server info fields
  (bsc#1190317).
- commit aa71f25
- cifs: make const array static, makes object smaller
  (bsc#1190317).
- commit 33cdb7a
- SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1190317).
- commit 851b243
- cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1190317).
- commit 144d874
- cifs: handle -EINTR in cifs_setattr (bsc#1190317).
- commit 59a70c7
- Handle STATUS_IO_TIMEOUT gracefully (bsc#1190317).
- commit b72a929
- cifs: compute full_path already in cifs_readdir() (bsc#1190317).
- commit 3c0e63a
- cifs: return cached_fid from open_shroot (bsc#1190317).
- commit ef8f80c
- cifs: fix DFS mount with cifsacl/modefromsid (bsc#1190317).
- commit 1fbec56
- SMB3: Fix mkdir when idsfromsid configured on mount
  (bsc#1190317).
- commit 2eb2464
- cifs: convert to use be32_add_cpu() (bsc#1190317).
- commit d6c1b47
- cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails
  (bsc#1190317).
- commit 4a6a7ef
- cifs`: handle ERRBaduid for SMB1 (bsc#1190317).
- commit 5c74855
- cifs: fix reference leak for tlink (bsc#1190317).
- commit fa6dc6f
- smb3: fix unneeded error message on change notify (bsc#1190317).
- commit 0d42fab
- cifs: remove the retry in cifs_poxis_lock_set (bsc#1190317).
- commit d476887
- smb3: fix access denied on change notify request to some servers
  (bsc#1190317).
- commit d2074d0
- cifs: prevent truncation from long to int in
  wait_for_free_credits (bsc#1190317).
- commit 3e51fb2
- cifs: Display local UID details for SMB sessions in DebugData
  (bsc#1190317).
- commit 6481ffc
- cifs: update ctime and mtime during truncate (bsc#1190317).
- commit e54222d
- ext4: fix race writing to an inline_data file while its xattrs
  are changing (bsc#1190159 CVE-2021-40490).
- commit 3973759
- irqchip/gic-v3: Reset APgRn registers at boot time
  (bsc#1189407).
- irqchip/gic-v2: Reset APRn registers at boot time (bsc#1189407).
- commit 3ed7bff
- crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
  (bsc#1189884 CVE-2021-3744 bsc#1190534 CVE-2021-3764).
- commit 5fef1e1
- series.conf: refresh order
- commit d9ddc03
- ibmvnic: check failover_pending in login response (bsc#1190523
  ltc#194510).
- commit c0c0352
- fix patch metadata
- fix Patch-mainline:
  - patches.suse/x86-apic-msi-Plug-non-maskable-MSI-affinity-race.patch
- commit d256a15
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- Refresh
  patches.suse/0002-x86-msi-Only-use-high-bits-of-MSI-address-for-DMAR-u.patch.
- Refresh
  patches.suse/0004-x86-apic-Support-15-bits-of-APIC-ID-in-IOAPIC-MSI-wh.patch.
- commit c750b3b
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V
  (bsc#1189297).
- commit 990d684
- pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
- commit c5a81f3
- clk: kirkwood: Fix a clocking boot regression (git-fixes).
- commit bcee2f3
- clk: at91: clk-generated: Limit the requested rate to our range
  (git-fixes).
- commit 6b2f323
- mailbox: sti: quieten kernel-doc warnings (git-fixes).
- commit e59288f
- blacklist.conf: add efa not applicable patches
- commit c7d022e
- RDMA/efa: Use the correct current and new states in modify QP (git-fixes)
- commit 3ad22e3
- RDMA/efa: Be consistent with modify QP bitmask (git-fixes)
- commit 2fd4a53
- time: Handle negative seconds correctly in timespec64_to_ns()
  (git-fixes).
- commit 5621854
- ipc: remove memcg accounting for sops objects in do_semtimedop()
  (bsc#1190115).
- commit 2e73db0
- Update patches.suse/scsi-sg-add-sg_remove_request-in-sg_write
  (bsc#1171420 CVE-2020-12770).
- commit 3c3facb
- mm/memory.c: do_fault: avoid usage of stale vm_area_struct
  (bsc#1136513).
- commit b87a4b0
- RDMA/efa: Remove double QP type assignment (git-fixes)
- commit 25e0934
- bpf: Fix leakage due to insufficient speculative store bypass mitigation
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- Refresh
  patches.kabi/bpf-prevent-memory-disambiguation-attack.patch.
- Refresh
  patches.kabi/bpf-prevent-out-of-bounds-speculation-on-pointer-ari.patch.
- commit 15cd454
- SUNRPC: Simplify socket shutdown when not reusing TCP ports
  (git-fixes).
- commit a1a975a
- SUNRPC: improve error response to over-size gss credential
  (bsc#1190022).
- commit f82dc9a
- smb3: Add new parm "/nodelete"/ (bsc#1190317).
- commit caf8424
- cifs: Fix double add page to memcg when cifs_readpages
  (bsc#1190317).
- commit 3720270
- cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1190317).
- commit d22575e
- smb3: Add debug message for new file creation with idsfromsid
  mount option (bsc#1190317).
- commit 511211a
- cifs: fix chown and chgrp when idsfromsid mount option enabled
  (bsc#1190317).
- commit 6bcaaec
- smb3: allow uid and gid owners to be set on create with
  idsfromsid mount option (bsc#1190317).
- commit dae5890
- smb3: add indatalen that can be a non-zero value to calculation
  of credit charge in smb2 ioctl (bsc#1190317).
- commit 5def2a1
- cifs: Add get_security_type_str function to return sec type
  (bsc#1190317).
- commit 08884b6
- smb3: remove static checker warning (bsc#1190317).
- commit ea12d61
- cifs: dump Security Type info in DebugData (bsc#1190317).
- commit 694fbdf
- smb3: fix incorrect number of credits when ioctl
  MaxOutputResponse > 64K (bsc#1190317).
- commit 686f50f
- smb3: minor update to compression header definitions
  (bsc#1190317).
- commit 66cc9e8
- cifs: move some variables off the stack in smb2_ioctl_query_info
  (bsc#1190317).
- commit aa7fba4
- cifs: reduce stack use in smb2_compound_op (bsc#1190317).
- Refresh
  patches.suse/cifs-do-not-send-close-in-compound-create-close-requests.patch.
  Context adjustment.
- commit 4732ad6
- cifs: handle "/nolease"/ option for vers=1.0 (bsc#1190317).
- commit dbe99c3
- cifs: fix leaked reference on requeued write (bsc#1190317).
- commit 874dba4
- cifs: Fix null pointer check in cifs_read (bsc#1190317).
- commit e94b8d3
- scsi: sg: add sg_remove_request in sg_write (bsc#1171420
  CVE-2020-12770).
- commit c1e2c47
- Bluetooth: schedule SCO timeouts with delayed_work
  (CVE-2021-3640 bsc#1188172).
- Refresh patches.kabi/bt_accept_enqueue-kabi-workaround.patch.
- Refresh patches.suse/Bluetooth-switch-to-lock_sock-in-SCO.patch.
- commit adfd842
- Revert "/memcg: enable accounting for file lock caches (bsc#1190115)."/
  This reverts commit 912b4421a3e9bb9f0ef1aadc64a436666259bd4d.
  It's effectively upstream commit
  3754707bcc3e190e5dadc978d172b61e809cb3bd applied to kernel-source (to
  avoid proliferation of patches). Make a note in blacklist.conf too.
- commit 84da196
- PCI: endpoint: Fix missing destroy_workqueue() (git-fixes).
- commit d20804d
- net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes).
- commit 4eddc26
- net: mvpp2: Add TCAM entry to drop flow control pause frames
  (git-fixes).
- commit 0572c9e
- blacklist.conf: cosmetic fix
- commit 872d107
- i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).
- commit ca293f5
- crypto: qat - use proper type for vf_mask (git-fixes).
- commit ef65d03
- virtio_net: Fix error code in probe() (git-fixes).
- commit a794197
- qlcnic: Fix error code in probe (git-fixes).
- commit a9a3898
- blacklist.conf: cosmetic fix
- commit 72e5d3d
- blacklist.conf: update blacklist
- commit ca7b8d4
- blacklist.conf: kABI
- commit fb7b745
- crypto: picoxcell - Fix potential race condition bug
  (git-fixes).
- commit 59b3b00
- crypto: picoxcell - Fix error handling in spacc_probe()
  (git-fixes).
- Refresh
  patches.suse/crypto-picoxcell-adjust-the-position-of-tasklet_init.patch.
- commit 7e7ebc8
- mm, vmscan: guarantee drop_slab_node() termination (VM
  Functionality, bsc#1189301).
- commit 7ca9c36
- blacklist.conf: prerequisites are too intrusive
- commit f71e985
- media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
- commit 5eabb65
- kABI: revert change in struct bpf_insn_aux_data (bsc#1188983,
  bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 842ede0
- vhost: scsi: add weight support (CVE-2019-3900 bsc#1133374).
- vhost: vsock: add weight support (CVE-2019-3900 bsc#1133374).
- vhost_net: fix possible infinite loop (CVE-2019-3900 bsc#1133374).
- refresh patches.kabi/kabi-mask-changes-to-vhost_dev_init-and-struct-vhost.patch
- kabi: mask changes to vhost_dev_init() and struct vhost_dev
  (CVE-2019-3900 bsc#1133374).
- vhost: introduce vhost_exceeds_weight() (CVE-2019-3900
  bsc#1133374).
- vhost_net: introduce vhost_exceeds_weight() (CVE-2019-3900
  bsc#1133374).
- refresh patches.suse/vhost-log-dirty-page-correctly.patch
- vhost_net: use packet weight for rx handler, too (CVE-2019-3900
  bsc#1133374).
- refresh patches.suse/vhost-log-dirty-page-correctly.patch
- vhost-net: set packet weight of tx polling to 2 * vq size
  (CVE-2019-3900 bsc#1133374).
- commit fac5272
- sctp: implement memory accounting on rx path (CVE-2019-3874
  bsc#1129898).
- sctp: implement memory accounting on tx path (CVE-2019-3874
  bsc#1129898).
- commit d1cd2ad
- Update
  patches.suse/l2tp-pass-tunnel-pointer-to-session_create.patch
  references (add CVE-2018-9517 bsc#1108488).
- commit 902e6bb
- memcg: enable accounting of ipc resources (bsc#1190115
  CVE-2021-3759).
- memcg: enable accounting for file lock caches (bsc#1190115).
- commit e2a14e4
- Update
  patches.suse/usb-max-3421-Prevent-corruption-of-freed-memory.patch
  (CVE-2021-38204, bsc#1189291).
- Update
  patches.suse/virtio_console-Assure-used-length-from-device-is-lim.patch
  (CVE-2021-38160, bsc#1190117).
  Update metadata
- commit 4208778
- ocfs2: ocfs2_downconvert_lock failure results in deadlock
  (bsc#1188439).
- commit b239fae
- blacklist.conf: Add 2ca11b0e043b cgroup: Fix kernel-doc
- commit 70aa566
- virtio_console: Assure used length from device is limited
  (CVE-2021-38160 bsc#1190117).
- commit 495fc27
- scsi: libfc: Fix array index out of bound exception
  (bsc#1188616).
- commit f9984e7
- bcma: Fix memory leak for internally-handled cores (git-fixes).
- ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point()
  (git-fixes).
- mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
- Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
- Bluetooth: Move shutdown callback before flushing tx and rx
  queue (git-fixes).
- Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
- Bluetooth: increase BTNAMSIZ to 21 chars to fix potential
  buffer overflow (git-fixes).
- Bluetooth: sco: prevent information leak in
  sco_conn_defer_accept() (git-fixes).
- i2c: mt65xx: fix IRQ check (git-fixes).
- i2c: s3c2410: fix IRQ check (git-fixes).
- i2c: iop3xx: fix deferred probing (git-fixes).
- i2c: highlander: add IRQ check (git-fixes).
- mmc: moxart: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- mmc: dw_mmc: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- PCI: PM: Enable PME if it can be signaled from D3cold
  (git-fixes).
- power: supply: max17042: handle fails of reading status register
  (git-fixes).
- spi: spi-pic32: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config
  (git-fixes).
- Revert "/USB: serial: ch341: fix character loss at high transfer
  rates"/ (git-fixes).
- can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange
  of the CAN RX and TX error counters (git-fixes).
- PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
- PCI/MSI: Correct misleading comments (git-fixes).
- i2c: dev: zero out array used for i2c reads from userspace
  (git-fixes).
- commit e31f28c
- Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
  (CVE-2021-3640 bsc#1188172).
- commit d78ba89
- Move upstreamed BT fixes into sorted section
- commit f6001e5
- blacklist.conf: add following commit ids,
- 7f3d176f5f7e3f0477bf82df0f600fcddcdcc4e4
- 27ba3e8ff3ab86449e63d38a8d623053591e65fa
- 24f6b6036c9eec21191646930ad42808e6180510
- 848378812e40152abe9b9baf58ce2004f76fb988
- 854f32648b8a5e424d682953b1a9f3b7c3322701
- commit 9bb3f0c
- md/raid10: properly indicate failure when ending a failed
  write request (git-fixes).
- Refresh for the above change,
  patches.suse/md-display-timeout-error.patch.
- commit 41eb7ae
- overflow: Correct check_shl_overflow() comment (git-fixes).
- dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
- mm/rmap: fix potential pte_unmap on an not mapped pte
  (git-fixes).
- dm zoned: select CONFIG_CRC32 (git-fixes).
- dm: remove invalid sparse __acquires and __releases annotations
  (git-fixes).
- dm writecache: remove BUG() and fail gracefully instead
  (git-fixes).
- dm writecache: fix the maximum number of arguments (git-fixes).
- overflow: Include header file with SIZE_MAX declaration
  (git-fixes).
- arch/x86/lib/usercopy_64.c: fix __copy_user_flushcache()
  cache writeback (git-fixes).
- dm writecache: handle DAX to partitions on persistent memory
  correctly (git-fixes).
- commit 7e2c4a9
- vt_kdsetmode: extend console locking (bsc#1190025
  CVE-2021-3753).
- commit 9420ba7
- kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
- commit c0132a4
- mm: vmscan: scan anonymous pages on file refaults (VM
  Performance, bsc#1183050).
- blacklist.conf: unblacklist the backported commit.
- Delete patches.suse/prevent-active-list-thrashing.patch.
- commit 0d76c9c
- Refresh
  patches.suse/target-fix-XCOPY-NAA-identifier-lookup.patch.
- commit e4de461
- x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
- commit 69834db
- xen/events: Fix race in set_evtchn_to_irq (git-fixes).
- commit 7115060
- ovl: prevent private clone if bind mount is not allowed
  (bsc#1189706, CVE-2021-3732).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1189846).
- ovl: initialize error in ovl_copy_xattr (bsc#1189846).
- ovl: relax WARN_ON() on rename to self (bsc#1189846).
- ovl: filter of trusted xattr results in audit (bsc#1189846).
- ovl: check whiteout in ovl_create_over_whiteout() (bsc#1189846).
- commit 1f3eb84
- crypto: talitos - fix ECB algs ivsize (git-fixes).
- commit efdc2b9
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit b5c7137
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 676baa3
- blacklist.conf: already included
- commit c2ae172
- scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
- commit 9967c14
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 42b1f41
- blacklist.conf: cosmetical fix
- commit 30e7d35
- blacklist.conf: breaks kABI
- commit 51da5eb
- blacklist.conf: this enables use of a feature untested on this code base
- commit 3b2714a
- RDMA/efa: Free IRQ vectors on error flow (git-fixes)
- commit 92c4f0d
- x86/fpu: Limit xstate copy size in xstateregs_set()
  (bsc#1114648).
- commit 6e18da3
- blacklist.conf: 9625895011d1 x86/fpu: Fix copy_xstate_to_kernel() gap handling
- commit 982c8df
- dm btree remove: assign new_root only when removal succeeds
  (git fixes).
- commit d9e29a1
- dm snapshot: fix crash with transient storage and zero chunk
  size (git fixes).
- commit 765f88e
- blacklist.conf: add following commits,
- 974f51e8633f0f3f33e8f86bbb5ae66758aa63c7
- 5b0fab508992c2e120971da658ce80027acbc405
- 35d2835d2ac41dc0b3e3469f8e2b08ce9709ace8
- commit b30df21
- PCI: vmd: Filter resource type bits from shadow register (bsc#1183983).
- PCI: vmd: Fix shadow offsets to reflect spec changes (bsc#1183983).
- PCI: vmd: Fix config addressing when using bus offsets (bsc#1183983).
- commit d9a2aba
- blacklist.conf: 6c34df6f350d ("/tracing: Apply trace filters on all output channels"/)
  Requires at least commit 8cfcf15503f6 ("/tracing: kprobes: Output kprobe
  event to printk buffer"/) too. Let's wait if there is an actual problem
  for someone.
- commit feb6790
- x86/signal: Detect and prevent an alternate signal stack
  overflow (bsc#1114648).
- commit bef29d1
- PCI: vmd: Add an additional VMD device id to driver device id table (bsc#1183983).
- PCI: vmd: Add offset to bus numbers if necessary (bsc#1183983).
- PCI: vmd: Assign membar addresses from shadow registers (bsc#1183983).
- PCI: Add Intel VMD devices to pci ids (bsc#1183983).
- commit 992b9c8
- blacklist.conf: blacklist f5e55e777cc9
- commit 1dc35ff
- mm/memory-failure: unnecessary amount of unmapping
  (bsc#1189640).
- commit 8be0d40
- readdir: make sure to verify directory entry for legacy
  interfaces too (bsc#1189639).
- commit aa13def
- blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling
  (bsc#1189506).
- commit 0b494bd
- ocfs2: issue zeroout to EOF blocks (bsc#1189582).
- commit f5940a3
- ocfs2: fix zero out valid data (bsc#1189579).
- commit 7499943
- ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
- commit fbbd945
- writeback: fix obtain a reference to a freeing memcg css
  (bsc#1189577).
- commit 822695f
- ext4: fix avefreec in find_group_orlov (bsc#1189566).
- commit c07c38c
- ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit
  (bsc#1189564).
- commit 6138aa9
- ext4: remove check for zero nr_to_scan in ext4_es_scan()
  (bsc#1189565).
- commit 050f1ea
- ext4: cleanup in-core orphan list if ext4_truncate() failed
  to get a transaction handle (bsc#1189568).
- commit 56dc9c6
- ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
- commit 2400907
- block: fix trace completion for chained bio (bsc#1189505).
- commit 388c70c
- ocfs2: fix snprintf() checking (bsc#1189581).
- commit c5a4e36
- mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page()
  (bsc#1189569).
- commit fa5864d
- bdi: Do not use freezable workqueue (bsc#1189573).
- commit 470e6f6
- PCI: hv: Use expected affinity when unmasking IRQ (bsc#1185973).
- commit 6b9e6fa
- Refresh patches.suse/KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.
- commit a1c39b1
- blacklist.conf: not needed in our config
- commit b0d7db4
- blacklist.conf: kABI
- commit 2996958
- blacklist.conf: kABI
- commit 2eafdea
- blacklist.conf: prerequisites break kABI
- commit bdd94ea
- blacklist.conf: optimization, not bug fix
- commit ed21db2
- blacklist.conf: optimization, not bug fix
- commit ae0ed70
- blacklist.conf: prerequisites break kABI
- commit fa576e3
- scsi: lpfc: Move initialization of phba->poll_list earlier to
  avoid crash (git-fixes).
- commit d0a33c0
- ASoC: cs42l42: Remove duplicate control for WNF filter frequency
  (git-fixes).
- ASoC: cs42l42: Fix inversion of ADC Notch Switch control
  (git-fixes).
- ASoC: cs42l42: Don't allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
- USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2
  (git-fixes).
- USB: serial: option: add Telit FD980 composition 0x1056
  (git-fixes).
- USB: serial: ch341: fix character loss at high transfer rates
  (git-fixes).
- USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
- commit 5e66bd7
- PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
- PCI/MSI: Enable and mask MSI-X early (git-fixes).
- ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
- iio: adc: Fix incorrect exit of for-loop (git-fixes).
- iio: humidity: hdc100x: Add margin to the conversion time
  (git-fixes).
- ALSA: seq: Fix racy deletion of subscriber (git-fixes).
- pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
- commit 4a00cc6
- Update
  patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch
  (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
- commit 06981c0
- crypto: nx - Fix RCU warning in nx842_OF_upd_status (git-fixes).
- commit 207e5e5
- crypto: nx - Fix memcpy() over-reading in nonce (git-fixes).
- commit 76d0d30
- crypto: ux500 - Fix error return code in hash_hw_final()
  (git-fixes).
- commit e17fffe
- blacklist.conf: Add acpica entry that has been reverted in the upstream (git-fixes)
- commit 3e0cbce
- blacklist.conf: 6c881ca0b304 ("/afs: Fix tracepoint string placement with built-in AFS"/)
  AFS is not supported on SLE12-SP5 (CONFIG_AFS_FS is not set).
- commit 79dd1f0
- x86/fpu: Make init_fpstate correct with optimized XSAVE
  (bsc#1114648).
- commit b2d2af9
- bpf: Introduce BPF nospec instruction for mitigating Spectre v4
  (bsc#1188983, bsc#1188985, CVE-2021-34556, CVE-2021-35477).
- commit 84b20f7
- kABI: s390/ap: Fix hanging ioctl caused by wrong msg counter
  (bsc#1188982 LTC#193818).
- commit afd3cd6
- net: usb: ax88179_178a: remove redundant assignment to variable
  ret (git-fixes).
- commit 2fd56c0
- net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32
  (git-fixes).
- commit 7a3468e
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
  (git-fixes).
- commit 0aeb3bd
- ftgmac100: Restart MAC HW once (git-fixes).
- commit e02aa55
- net: lapbether: Remove netif_start_queue / netif_stop_queue
  (git-fixes).
- commit a01b187
- x86/fpu: Reset state for all signal restore failures
  (bsc#1114648).
- commit a4f88f9
- blacklist.conf: add davicom legacy ethernet driver
- commit e12ce22
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl
  (bsc#1189399, CVE-2021-3653).
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested
  (bsc#1189400, CVE-2021-3656).
- KVM: X86: MMU: Use the correct inherited permissions to get
  shadow page (CVE-2021-38198 bsc#1189262).
- commit 9c35f8d
- s390/ap: Fix hanging ioctl caused by wrong msg counter
  (bsc#1188982 LTC#193818).
- commit 7c2e796
- scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted()
  (bsc#1189385).
- scsi: lpfc: Remove redundant assignment to pointer pcmd
  (bsc#1189385).
- scsi: lpfc: Copyright updates for 14.0.0.0 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
- scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
- scsi: lpfc: Revise Topology and RAS support checks for new
  adapters (bsc#1189385).
- scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
- scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series
  adapters (bsc#1189385).
- scsi: lpfc: Copyright updates for 12.8.0.11 patches
  (bsc#1189385).
- scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
- scsi: lpfc: Skip issuing ADISC when node is in NPR state
  (bsc#1189385).
- scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC
  cmpl path (bsc#1189385).
- scsi: lpfc: Call discovery state machine when handling
  PLOGI/ADISC completions (bsc#1189385).
- scsi: lpfc: Delay unregistering from transport until GIDFT or
  ADISC completes (bsc#1189385).
- scsi: lpfc: Enable adisc discovery after RSCN by default
  (bsc#1189385).
- scsi: lpfc: Use PBDE feature enabled bit to determine PBDE
  support (bsc#1189385).
- scsi: lpfc: Clear outstanding active mailbox during PCI function
  reset (bsc#1189385).
- scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi()
  routine (bsc#1189385).
- scsi: lpfc: Remove REG_LOGIN check requirement to issue an
  ELS RDF (bsc#1189385).
- scsi: lpfc: Fix memory leaks in error paths while issuing ELS
  RDF/SCR request (bsc#1189385).
- scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF
  handling (bsc#1189385).
- scsi: lpfc: Keep NDLP reference until after freeing the IOCB
  after ELS handling (bsc#1189385).
- scsi: lpfc: Fix target reset handler from falsely returning
  FAILURE (bsc#1189385).
- scsi: lpfc: Discovery state machine fixes for LOGO handling
  (bsc#1189385).
- scsi: lpfc: Improve firmware download logging (bsc#1189385).
- scsi: lpfc: Remove use of kmalloc() in trace event logging
  (bsc#1189385).
- scsi: lpfc: Fix NVMe support reporting in log message
  (bsc#1189385).
- scsi: lpfc: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189385).
- commit 7bc2e6b
- Bluetooth: switch to lock_sock in SCO (CVE-2021-3640
  bsc#1188172).
- Bluetooth: avoid circular locks in sco_sock_connect
  (CVE-2021-3640 bsc#1188172).
- commit 73d3a49
- Bluetooth: defer cleanup of resources in hci_unregister_dev()
  (CVE-2021-3640 bsc#1188172).
- commit c8012e0
- powerpc/pseries: Fix update of LPAR security flavor after LPM
  (bsc#1188885 ltc#193722 git-fixes).
- commit a405caa
- SUNRPC: Fix the batch tasks count wraparound (git-fixes).
- commit 86aec27
- mm/vmscan: fix infinite loop in drop_slab_node (VM Performance,
  bsc#1189301).
- commit 76f168e
- scsi: qla2xxx: Remove redundant initialization of variable
  num_cnt (bsc#1189384).
- scsi: qla2xxx: Fix use after free in debug code (bsc#1189384).
- scsi: qla2xxx: Fix spelling mistakes "/allloc"/ -> "/alloc"/
  (bsc#1189384).
- scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189384).
- scsi: qla2xxx: edif: Increment command and completion counts
  (bsc#1189384).
- scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189384).
- scsi: qla2xxx: edif: Add doorbell notification for app
  (bsc#1189384).
- scsi: qla2xxx: edif: Add detection of secure device
  (bsc#1189384).
- scsi: qla2xxx: edif: Add authentication pass + fail bsgs
  (bsc#1189384).
- scsi: qla2xxx: edif: Add key update (bsc#1189384).
- scsi: qla2xxx: edif: Add extraction of auth_els from the wire
  (bsc#1189384).
- scsi: qla2xxx: edif: Add send, receive, and accept for auth_els
  (bsc#1189384).
- scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs
  (bsc#1189384).
- commit 6e032e1
- scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
- scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
- scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI
  (bsc#1189392).
- scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
- scsi: qla2xxx: Remove redundant continue statement in a for-loop
  (bsc#1189392).
- scsi: qla2xxx: Add heartbeat check (bsc#1189392).
- scsi: qla2xxx: Use list_move_tail() instead of
  list_del()/list_add_tail() (bsc#1189392).
- scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
- scsi: qla2xxx: Log PCI address in
  qla_nvme_unregister_remote_port() (bsc#1189392).
- scsi: qla2xxx: Remove redundant assignment to rval
  (bsc#1189392).
- scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal
  (bsc#1189392).
- scsi: qla2xxx: Fix error return code in
  qla82xx_write_flash_dword() (bsc#1189392).
- commit 87ac3e9
- dm snapshot: properly fix a crash when an origin has no snapshots (git fixes).
- dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git fixes).
- dm ioctl: fix out of bounds array access when no devices (git fixes).
- dm era: only resize metadata in preresume (git fixes).
- dm era: Use correct value size in equality function of writeset tree (git fixes).
- dm era: Fix bitset memory leaks (git fixes).
- dm era: Verify the data block size hasn't changed (git fixes).
- dm era: Reinitialize bitset cache before digesting a new writeset (git fixes).
- dm era: Update in-core bitset after committing the metadata (git fixes).
- dm era: Recover committed writeset after crash (git fixes).
- dm table: fix iterate_devices based device capability checks (git fixes).
- Revert "/bcache: Kill btree_io_wq"/ (git fixes).
- dm: eliminate potential source of excessive kernel log noise (git fixes).
- dm snapshot: flush merged data before committing metadata (git fixes).
- dm ioctl: fix error return code in target_message (git fixes).
- dm thin metadata: Avoid returning cmd->bm wild pointer on error (git fixes).
- dm cache metadata: Avoid returning cmd->bm wild pointer on error (git fixes).
- commit 9b8016f
- staging: rtl8723bs: Fix a resource leak in sd_int_dpc
  (git-fixes).
- serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
- spi: mediatek: Fix fifo transfer (git-fixes).
- r8152: Fix potential PM refcount imbalance (git-fixes).
- regulator: rt5033: Fix n_voltages settings for BUCK and LDO
  (git-fixes).
- commit 6b8ffcb
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 5796a14
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 9582878
- blacklist.conf: not needed in kernels older than SLE15-SP2
- commit 24a4db1
- blacklist.conf: # not needed in kernels older than SLE15-SP2
- commit 2ec93d3
- KVM: SVM: Call SEV Guest Decommission if ASID binding fails
  (12sp5).
- commit 70fb6f0
- usb: max-3421: Prevent corruption of freed memory
  (CVE-2021-38204 bsc#1189291).
- commit cfb9fc6
- blacklist.conf: Add fixes
  38c527aeb419 iommu/vt-d: Force to flush iotlb before creating superpage
  3ad1a6cb0abc bug: Remove redundant condition check in report_bug
- commit f77fdc6
- iommu/amd: Fix extended features logging (bsc#1189269).
- iommu/vt-d: Define counter explicitly as unsigned int
  (bsc#1189271).
- crypto: ccp - Annotate SEV Firmware file names (bsc#1189268).
- iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189272).
- iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK
  (bsc#1189270).
- commit 134494e
- NFSv4/pNFS: Don't call _nfs4_pnfs_v3_ds_connect multiple times
  (git-fixes).
- SUNRPC: Should wake up the privileged task firstly (git-fixes).
- nfs: fix acl memory leak of posix_acl_create() (git-fixes).
- commit 2cf4f18
- NFSv4: Initialise connection to the server in
  nfs4_alloc_client() (bsc#1040364).
- Delete
  patches.suse/0001-NFSv4-don-t-let-hanging-mounts-block-other-mounts.patch.
  Upstream found a fix for this, so our local fix is no longer needed.
- commit 0f7c89e
- net: stmmac: use netif_tx_start|stop_all_queues() function
  (git-fixes).
- commit baf0e0c
- blacklist.conf: update blacklist
- commit ab18898
- USB: usbtmc: Fix RCU stall warning (git-fixes).
- commit 163a60e
- media: rtl28xxu: fix zero-length control request (git-fixes).
- clk: stm32f4: fix post divisor setup for I2S/SAI PLLs
  (git-fixes).
- cfg80211: Fix possible memory leak in function
  cfg80211_bss_update (git-fixes).
- commit df1ae37
- Drop bogus rtl28xx patch (bsc#1188683)
- commit 3c6c2e1
- tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop
  (CVE-2021-3679 bsc#1189057).
- commit dfd73b3
- crypto: talitos - Do not modify req->cryptlen on decryption
  (git-fixes).
- Refresh
  patches.suse/crypto-talitos-properly-handle-split-ICV.patch.
- commit 8d54016
- blacklist.conf: requires firmware update we cannot guarantee
- commit 301d584
- blacklist.conf: irrelevant fix of build dependency
- commit 53dd5e6
- cifs: keep referral server sessions alive (bsc#1185902).
- commit b3e1d78
- Refresh patches.suse/cifs-set_root_ses-ipc.patch.
- commit b39987c
- Delete
  patches.suse/nvme-do-not-update-disk-info-for-multipathed-device.patch.
- Delete
  patches.suse/nvme-do-not-update-multipath-disk-information-if-the.patch.
  Revert interim patches (bsc#1188000)
- commit 50d0280
- cifs: do not share tcp sessions of dfs connections
  (bsc#1185902).
- commit 78cebff
- cifs: prevent NULL deref in cifs_compose_mount_options()
  (bsc#1185902).
- commit b5900e6
- cifs: missing null pointer check in cifs_mount (bsc#1185902).
- commit afe3030
- cifs: fix check of dfs interlinks (bsc#1185902).
- commit 7b8fe47
- cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
- commit b94fa41
- cifs: do not share tcp servers with dfs mounts (bsc#1185902).
- commit d0f5918
- cifs: set a minimum of 2 minutes for refreshing dfs cache
  (bsc#1185902).
- commit 2a60483
- cifs: fix path comparison and hash calc (bsc#1185902).
- commit 1934371
- cifs: handle different charsets in dfs cache (bsc#1185902).
- commit 029a8fd
- Revert "/block: revert back to synchronous request_queue removal (git"/
  For details, see bsc#1188863 #c15, bsc#1171285 #c16
  This reverts commit 7a0cca0c9b1cb9ca8862fd7570c645dfba392247.
- commit 678e48f
- cifs: get rid of @noreq param in __dfs_cache_find()
  (bsc#1185902).
- commit 06bac4e
- cifs: do not send tree disconnect to ipc shares (bsc#1185902).
- commit dc3818c
- cifs: Remove unused inline function is_sysvol_or_netlogon()
  (bsc#1185902).
- commit 8726f5c
  H_GET_CPU_CHARACTERISTICS (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/security: Add a security feature for STF barrier
  (CVE-2018-3639 bsc#1087082 git-fixes bsc#1188885 ltc#193722).
- powerpc/pseries: Get entry and uaccess flush required bits
  from H_GET_CPU_CHARACTERISTICS (CVE-2020-4788 bsc#1177666 git-fixes bsc#1188885 ltc#193722).
- powerpc/64s: rename pnv|pseries_setup_rfi_flush to
  _setup_security_mitigations (CVE-2018-3639, bsc#1087082, bsc#1188885 ltc#193722).
- powerpc/pesries: Get STF barrier requirement from
- commit bd9e95f
- commit 6b810aa
- nvme-fc: fix racing controller reset and create association
  (bsc#1187076).
- nvme-fc: avoid calling _nvme_fc_abort_outstanding_ios from
  interrupt context (bsc#1187076).
- nvme-fc: remove nvme_fc_terminate_io() (bsc#1187076).
  Refresh:
  - patches.suse/nvme-flush-scan_work-when-resetting-controller.patch
- nvme-fc: eliminate terminate_io use by nvme_fc_error_recovery
  (bsc#1187076).
- nvme-fc: remove err_work work item (bsc#1187076).
- commit 870c933
- nvme-fc: track error_recovery while connecting (bsc#1187076).
- nvme-fc: fix io timeout to abort I/O (bsc#1187076).
  Refresh:
  - patches.suse/nvme-fc-clear-q_live-at-beginning-of-association-tea.patch
- nvme-fc: convert assoc_active flag to bit op (bsc#1187076).
  Refreshed:
  - patches.suse/nvme-fc-clear-q_live-at-beginning-of-association-tea.patch
- nvme-fc: fix double-free scenarios on hw queues (bsc#1187076).
- commit ccba174
- cifs: constify get_normalized_path() properly (bsc#1185902).
- commit 7d12947
- cifs: don't cargo-cult strndup() (bsc#1185902).
- commit d22c90a
  (CVE-2020-4788 bsc#1177666 git-fixes).
- powerpc/64s: Fix crashes when toggling entry flush barrier
- commit 3917f8f
- powerpc/64s: Fix crashes when toggling stf barrier (CVE-2018-3639 bsc#1087082 git-fixes).
- commit 2a6a70d
- objtool: Don't fail on missing symbol table (bsc#1192379).
- commit e7ec5af
- net_sched: cls_route: remove the right filter from hashtable
  (networking-stable-20_03_28).
- commit a96d7a8
less
- Add missing runtime dependency on which, which is used by lessopen.sh.
  Fix bsc#1190552.
libsolv
- Turn on rich dependency handling needed for ptf support
  [jsc#SLE-17973] [jsc#SLE-17974] [bnc#1190530]
- bump version to 0.6.38
libzypp
- Rephrase vendor conflict message in case 2 packages are
  involved (bsc#1187760)
  This covers the case where not the packages itself would change
  its vendor, but replaces a package from a different vendor.
- RepoManager: Don't probe for plaindir repo if URL schema is
  plugin: (bsc#1191286)
- version 16.22.3 (0)
- BuildRequires:  libsolv-devel >= 0.6.38
  Must rebuild all caches to make sure rich dependency handling is
  turned on. Needed for PTF support. (jsc#SLE-17974, bsc#1190530)
- version 16.22.2 (0)
- Fix solver jobs for PTFs (bsc#1186503)
- version 16.22.1 (0)
- Add support for PTFs (jsc#SLE-17974)
- version 16.22.0 (0)
- Patch: Identify well-known category names (bsc#1179847)
  This allows to use the RH and SUSE patch categrory names synonymously:
  (recommendedi = bugfix) and (optional = feature = enhancement).
- version 16.21.5 (0)
lvm2
- Update to LVM2.2.02.188 (bsc#1188202)
  * ** WHATS_NEW from 2.02.181 to 2.02.188 ***
  Version 2.02.188 - 07th May 2021
  ================================
    Fix problem with unbound variable usage within fsadm.
    Avoid removing LVs on error path of lvconvert during creation volumes.
    Fix crashing lvdisplay when thin volume was waiting for merge.
    Support option --errorwhenfull when converting volume to thin-pool.
    Improve thin-performance profile support conversion to thin-pool.
    Support resize of cached volumes.
    Allocation prints better error when metadata cannot fit on a single PV.
    Pvmove can better resolve full thin-pool tree move.
    Limit pool metadata spare to 16GiB.
    Improves convertsion and allocation of pool metadata.
    Support thin pool metadata 15.88GiB, adds 64MiB, thin_pool_crop_metadata=0.
    Enhance lvdisplay to report raid availiable/partial.
    Enhance error handling for fsadm and hanled correct fsck result.
    Stop logging rename errors from persintent filter.
    Dmeventd lvm plugin ignores higher reserved_stack lvm.conf values.
    Support using BLKZEROOUT for clearing devices.
    Support interruption when wipping LVs.
    Add configure --enable-editline support as an alternative to readline.
    Zero pool metadata on allocation (disable with allocation/zero_metadata=0).
    Failure in zeroing or wiping will fail command (bypass with -Zn, -Wn).
    Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
    Support interruption for bcache waiting.
    Fix bcache when device has too many failing writes.
    Fix bcache waiting for IO completion with failing disks.
    Configure use own python path name order to prefer using python3.
    Enhance reporting and error handling when creating thin volumes.
    Use revert_lv() on reload error path after vg_revert().
    Improve estimation of needed extents when creating thin-pool.
    Use extra 1% when resizing thin-pool metadata LV with --use-policy.
    Enhance --use-policy percentage rounding.
    Switch code base to use flexible array syntax.
    Preserve uint32_t for seqno handling.
    Switch from mmap to plain read when loading regular files.
    Fix running out of free buffers for async writing for larger writes.
    Fix conversion to raid from striped lagging type.
    Fix conversion to 'mirrored' mirror log with larger regionsize.
    Fix support for lvconvert --repair used by foreign apps (i.e. Docker).
  Version 2.02.187 - 24th March 2020
  ==================================
    Avoid running cache input arg validation when creating vdo pool.
    Prevent raid reshaping of stacked volumes.
    Ensure minimum required region size on striped RaidLV creation.
    Fix resize of thin-pool with data and metadata of different segtype.
    Fix splitting mirror leg in cluster.
    Fix activation order when removing merged snapshot.
    Add support for DM_DEVICE_GET_TARGET_VERSION into device_mapper.
    Add lvextend-raid.sh to check on RaidLV extensions synchronization.
    Fix lvmetad shutdown and avoid lenghty timeouts when rebooting system.
    Prevent creating VGs with PVs with different logical block sizes.
    Pvmove runs in exlusively activating mode for exclusively active LVs.
    Activate thin-pool layered volume as 'read-only' device.
    Ignore crypto devices with UUID signature CRYPT-SUBDEV.
    Enhance validation for thin and cache pool conversion and swapping.
    Fixed activation on boot - lvm2 no longer activates incomplete VGs.
  Version 2.02.186 - 27th August 2019
  ===================================
    Improve internal removal of cached devices.
    Synchronize with udev when dropping snapshot.
    Add missing device synchronization point before removing pvmove node.
    Correctly set read_ahead for LVs when pvmove is finished.
    Fix metadata writes from corrupting with large physical block size.
    Report no_discard_passdown for cache LVs with lvs -o+kernel_discards.
    Prevent shared active mirror LVs with lvmlockd.
  Version 2.02.185 - 13th May 2019
  ================================
    Fix change of monitoring in clustered volumes.
    Improve -lXXX%VG modifier which improves cache segment estimation.
    Add synchronization with udev before removing cached devices.
    Fix missing growth of _pmspare volume when extending _tmeta volume.
    Automatically grow thin metadata, when thin data gets too big.
    Add support for vgsplit with cached devices.
    Fix signal delivery checking race in libdaemon (lvmetad).
    Add missing Before=shutdown.target to LVM2 services to fix shutdown ordering.
  Version 2.02.184 - 22nd March 2019
  ==================================
    Fix (de)activation of RaidLVs with visible SubLVs
    Change scan_lvs default to 0 so LVs are not scanned for PVs.
    Add scan_lvs config setting to control if lvm scans LVs for PVs.
    Fix missing proper initialization of pv_list struct when adding pv.
  Version 2.02.183 - 07th December 2018
  =====================================
    Avoid disabling lvmetad when repair does nothing.
    Fix component detection for md version 0.90.
    Use sync io if async io_setup fails, or use_aio=0 is set in config.
    Avoid opening devices to get block size by using existing open fd.
  Version 2.02.182 - 30th October 2018
  ====================================
    Fix possible write race between last metadata block and the first extent.
    Fix filtering of md 1.0 devices so they are not seen as duplicate PVs.
    Fix lvconvert striped/raid0/raid0_meta -> raid6 regression.
    Add After=rbdmap.service to {lvm2-activation-net,blk-availability}.service.
    Fix pvs with lvmetad to avoid too many open files from filter reads.
    Fix pvscan --cache to avoid too many open files from filter reads.
    Reduce max concurrent aios to avoid EMFILE with many devices.
    Fix lvconvert conversion attempts to linear.
    Fix lvconvert raid0/raid0_meta -> striped regression.
    Fix lvconvert --splitmirror for mirror type (2.02.178).
    Do not pair cache policy and cache metadata format.
    Fix mirrors honoring read_only_volume_list.
  Version 2.02.181 - 01 August 2018
  =================================
    Reject conversions on raid1 LVs with split tracked SubLVs.
    Reject conversions on raid1 split tracked SubLVs.
    Fix dmstats list failing when no regions exist.
    Reject conversions of LVs under snapshot.
    Limit suggested options on incorrect option for lvconvert subcommand.
  * ** WHATS_NEW_DM from 1.02.150 to 1.02.172 ***
  Version 1.02.172 - 07th May 2021
  ================================
    Add dm_tree_node_add_thin_pool_target_v1 with crop_metadata support.
    Add support for VDO in blkdeactivate script.
    Try to remove all created devices on dm preload tree error path.
    Fix dm_list interators with gcc 10 optimization (-ftree-pta).
    Dmeventd handles timer without looping on short intervals.
  Version 1.02.170 - 24th March 2020
  ==================================
    Add support for DM_DEVICE_GET_TARGET_VERSION.
  Version 1.02.164 - 27th August 2019
  ===================================
    Add debug of dmsetup udevcomplete with hexa print DM_COOKIE_COMPLETED.
    Fix versioning of dm_stats_create_region and dm_stats_create_region.
    Parsing of cache status understand no_discard_passdown.
  Version 1.02.158 - 13th May 2019
  ================================
  Version 1.02.156 - 22nd March 2019
  ==================================
    Ensure migration_threshold for cache is at least 8 chunks.
    Enhance ioctl flattening and add parameters only when needed.
    Add DM_DEVICE_ARM_POLL for API completness matching kernel.
  Version 1.02.154 - 07th December 2018
  =====================================
    Do not add parameters for RESUME with DM_DEVICE_CREATE dm task.
    Fix dmstats report printing no output.
  Version 1.02.152 - 30th October 2018
  ====================================
    Add hot fix to avoiding locking collision when monitoring thin-pools.
  Version 1.02.150 - 01 August 2018
  =================================
    Add vdo plugin for monitoring VDO devices.
- Drop patches that have been merged into upstream
  - bug-1164718_01-vgcreate-close-exclusive-fd-after-pvcreate.patch
  - bug-1158358_bcache-reduce-MAX_IO-to-256.patch
  - bug-1145231_lvmetad-improve-scan-for-pvscan-all.patch
  - bug-1173503_lvmetad-fix-pvs-for-many-devices.patch
  - bug-1145231_scan-use-full-md-filter-when-md-1.0-devices-are-pres.patch
  - bug-1145231_scan-enable-full-md-filter-when-md-1.0-devices-are-p.patch
  - bug-1114113_metadata-prevent-writing-beyond-metadata-area.patch
  - bug-1164718_02-io-use-sync-io-if-aio-fails.patch
  - bug-1164718_03-bcache-sync-io-fixes.patch
  - bug-1164718_04-lvconvert-restrict-command-matching-for-no-option-va.patch
  - bug-1145231_scan-md-metadata-version-0.90-is-at-the-end-of-disk.patch
  - bug-1145231_pvscan-lvmetad-use-full-md-filter-when-md-1.0-device.patch
  - bug-1145231_pvscan-lvmetad-use-udev-info-to-improve-md-component.patch
  - bug-1164718_05-lvmetad-only-disable-if-repair-will-do-something.patch
  - bug-1164718_06-lvmetad-fix-disabling-in-previous-commit.patch
  - bug-1164718_07-filter-add-config-setting-to-skip-scanning-LVs.patch
  - bug-1164718_08-pvscan-lvmetad-init-should-set-updating-before-scann.patch
  - bug-1164718_09-config-change-scan_lvs-default-to-0.patch
  - bug-1145231_apply-obtain_device_list_from_udev-to-all-libudev-us.patch
  - bug-1123327_pvscan.service.in-Move-StartLimitInterval-to-Service.patch
  - bug-1164718_10-config-add-new-setting-io_memory_size.patch
  - bug-1164718_11-io-warn-when-metadata-size-approaches-io-memory-size.patch
  - bug-1164718_12-io-increase-the-default-io-memory-from-4-to-8-MiB.patch
  - bug-1164718_13-bcache-Fix-memory-leak.patch
  - bug-1155668_systemd-add-missing-Before-shutdown.target-to-LVM2.patch
  - bug-1172597_1-libdaemon-use-pselect-to-avoid-condition-checking-ra.patch
  - bug-1172597_2-cleanup-missed-string-specifier.patch
  - bug-1122666_devices-drop-open-error-message.patch
  - bug-1172597_3-libdaemon-ensure-threads-are-reaped-before-checking-.patch
  - bug-1135984_cache-support-no_discard_passdown.patch
  - bug-1164718_14-lvmcache-remove-unused_duplicate_devs-list-from-cmd.patch
  - bug-1164718_15-cov-release-iterator-on-error-path.patch
  - bug-1164718_16-cov-check-lv_info.patch
  - bug-1172597_4-cov-check-for-socket_path-being-set.patch
  - bug-1164718_17-cov-add-stack-tracing-for-error-paths.patch
  - bug-1164718_18-cov-validate-pagesize-is-not-negative.patch
  - bug-1164718_19-cov-remove-unused-headers.patch
  - bug-1137296_pvremove-vgextend-fix-using-device-aliases-with-lvmetad.patch
  - bug-1164718_20-cov-check-result-of-dev_get_block_size.patch
  - bug-1164718_21-gcc-clean-uninitialized-var-warning.patch
  - bug-1164718_22-cov-release-iterator-on-error-path.patch
  - bug-1164718_23-Fix-rounding-writes-up-to-sector-size.patch
  - bug-1164718_24-pvscan-avoid-redundant-activation.patch
  - bug-1164718_25-devs-check-for-no-dev-when-dropping-aliases.patch
  - bug-1164718_26-pvscan-fix-activation-of-incomplete-VGs.patch
  - bug-1175110_dmeventd-avoid-bail-out-preventing-repair-in-raid-pl.patch
  - bug-1164718_27-lvmetad-fix-sync-cache-to-lvmetad.patch
  - bug-1172597_5-lvmetad-fix-timeout-on-shutdown.patch
  - bug-1164718_28-lvmcache-free-resource-on-error-path.patch
  - bug-1149408_01-vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch
  - bug-1149408_02-tests-allow-mixed-block-sizes.patch
  - bug-1149408_03-tests-allow-mixed-block-sizes-skip-with-older-losetu.patch
  - bug-1149408_04-config-allow_mixed_block_sizes-set-default-to-1.patch
  - bug-1149408_05-config-allow_mixed_block_sizes-set-version-2.02.187.patch
  - bug-1172597_6-cov-missing-checks-of-syscalls.patch
  - bug-1172597_7-daemon-better-error-path-handling-for-shutdown.patch
  - bug-1172597_8-daemons-check-for-non-zero-thread_id.patch
  - bug-1150021_01-fix-dev_unset_last_byte-after-write-error.patch
  - bug-1150021_02-radix-tree-Bring-radix-tree-up-to-date-with-the-mast.patch
  - bug-1150021_03-cov-Fix-a-leak.patch
  - bug-1150021_04-bcache-Bring-bcache-into-sync-with-master-branch.patch
  - bug-1150021_05-bcache-add-bcache_abort.patch
  - bug-1150021_06-label-Use-bcache_abort_fd-to-ensure-blocks-are-no-lo.patch
  - bug-1150021_07-bcache-add-unit-test.patch
  - bug-1150021_08-bcache-pass-up-the-error-from-io_submit-rather-than.patch
  - bug-1150021_09-bcache-reverse-earlier-patch.patch
  - bug-1150021_10-bcache-bcache_invalidate_fd-only-remove-prefixes-on.patch
  - bug-1150021_11-radix-tree-Add-missing-test-case.patch
  - bug-1150021_12-base-Get-Makefile-from-master.patch
  - bug-1164126_lvmetad-fix-heap-memory-leak.patch
  - bug-1150021_13-Fix-rounding-writes-up-to-sector-size.patch
  - bug-1150021_14-bcache-Fix-memory-leak-in-error-path.patch
  - bug-1179326_pvmove-correcting-read_ahead-setting.patch
  - bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch
  - bug-1043040_test-fix-read-ahead-issues-in-test-scripts.patch
- Update patch
  - bug-998893_make_pvscan_service_after_multipathd.patch
  - fate-31841_fsadm-add-support-for-btrfs.patch
- lvm.conf, only list important changings
  - change indent from space to TAB
  - make it closely to upstream settings
  - [value change] global/cache_check_executable: "/autodetect"/ to "//usr/sbin/cache_check"/
  - [value change] global/cache_dump_executable = "/autodetect"/ to "//usr/sbin/cache_dump"/
  - [value change] global/cache_repair_executable: "/autodetect"/ to "//usr/sbin/cache_repair"/
  - [value change] global/cache_check_options: [ "/-q"/ ] to [ "/-q"/, "/--clear-needs-check-flag"/ ]
  - [value change] dmeventd/executable: "/"/ to "//usr/sbin/dmeventd"/
  - [item add] devices/scan_lvs = 0.
  - [item add] allocation/thin_pool_crop_metadata = 0
  - [item add] allocation/zero_metadata = 1
  - [item add] global/fsadm_executable = "//usr/sbin/fsadm"/
  - [item add] global/io_memory_size = 8192
  - [item add] log/debug_classes: add "/io"/
  - [item add] dmeventd/raid_library = "/libdevmapper-event-lvm2raid.so"/
  - [item add] add section tags
  - [no support] global/fallback_to_lvm1
  - [no support] global/format
  - [no support] detect_internal_vg_cache_corruption = 0
- lvm2.spec
  - enable clvmd feature "/singlenode"/ to allow running tests
mozilla-nspr
- update to version 4.32:
  * implement new socket option PR_SockOpt_DontFrag
  * support larger DNS records by increasing the default buffer
    size for DNS queries
- update to version 4.31:
  * Lock access to PRCallOnceType members in PR_CallOnce* for
    thread safety bmo#1686138
- update to version 4.30
  * support longer thread names on macOS
  * fix a build failure on OpenBSD
- update to version 4.29
  * Remove macOS Code Fragment Manager support code
  * Remove XP_MACOSX and OS_TARGET=MacOSX
  * Refresh config.guess and config.sub
  * Remove NSPR's patch to config.sub
  * Add support for e2k target (64-bit Elbrus 2000)
- update to version 4.28
  * Fix a compiler warning
  * Add rule for cross-compiling with cygwin
- update to version 4.27
  * the macOS platform code for shared library loading was
    changed to support macOS 11.
    If the absolute path parameter given to PR_LoadLibrary
    begins with either /System/ or /usr/lib/ then no test is
    performed if the library exists at a file.
  * An include statement for a Windows system library header
    was added
- update to version 4.26
  * PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get
    information about the operating system build version.
  * Better support parallel building on Windows.
  * The internal release automatic script requires python 3.
mozilla-nss
- Mozilla NSS 3.68.1
  MFSA 2021-51 (bsc#1193170)
  * CVE-2021-43527 (bmo#1737470)
    Memory corruption via DER-encoded DSA and RSA-PSS signatures
- Remove now obsolete patch nss-bsc1193170.patch
- Add patch to fix CVE-2021-43527 (bsc#1193170):
  nss-bsc1193170.patch
- Removed nss-fips-kdf-self-tests.patch.  This was made
  obsolete by upstream changes. (bmo#1660304)
- Rebase nss-fips-stricter-dh.patch needed due to upstream changes.
- Update nss-fips-constructor-self-tests.patch to fix crashes
  reported by upstream. This was likely affecting WebRTC calls.
- update to NSS 3.68
  * bmo#1713562 - Fix test leak.
  * bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
  * bmo#1693206 - Implement PKCS8 export of ECDSA keys.
  * bmo#1712883 - DTLS 1.3 draft-43.
  * bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
  * bmo#1713562 - Validate ECH public names.
  * bmo#1717610 - Add function to get seconds from epoch from pkix::Time.
- update to NSS 3.67
  * bmo#1683710 - Add a means to disable ALPN.
  * bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
  * bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
  * bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
  * bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.
- update to NSS 3.66
  * bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
  * bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
  * bmo#1708307 - Remove Trustis FPS Root CA from NSS.
  * bmo#1707097 - Add Certum Trusted Root CA to NSS.
  * bmo#1707097 - Add Certum EC-384 CA to NSS.
  * bmo#1703942 - Add ANF Secure Server Root CA to NSS.
  * bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
  * bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
  * bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
  * bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
  * bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
  * bmo#1709291 - Add VerifyCodeSigningCertificateChain.
  * Use GNU tar for the release helper script.
- update to NSS 3.65
  * bmo#1709654 - Update for NetBSD configuration.
  * bmo#1709750 - Disable HPKE test when fuzzing.
  * bmo#1566124 - Optimize AES-GCM for ppc64le.
  * bmo#1699021 - Add AES-256-GCM to HPKE.
  * bmo#1698419 - ECH -10 updates.
  * bmo#1692930 - Update HPKE to final version.
  * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
  * bmo#1703936 - New coverity/cpp scanner errors.
  * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
  * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
  * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
- update to NSS 3.64
  * bmo#1705286 - Properly detect mips64.
  * bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and
    disable_crypto_vsx.
  * bmo#1698320 - replace __builtin_cpu_supports("/vsx"/) with
    ppc_crypto_support() for clang.
  * bmo#1613235 - Add POWER ChaCha20 stream cipher vector
    acceleration.
- update to NSS 3.63.1
  * no upstream release notes for 3.63.1 (yet)
  Fixed in 3.63
  * bmo#1697380 - Make a clang-format run on top of helpful contributions.
  * bmo#1683520 - ECCKiila P384, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-384: allow zero scalars in dual
    scalar multiplication.
  * bmo#1683520 - ECCKiila P521, change syntax of nested structs
    initialization to prevent build isses with GCC 4.8.
  * bmo#1683520 - [lib/freebl/ecl] P-521: allow zero scalars in dual
    scalar multiplication.
  * bmo#1696800 - HACL* update March 2021 - c95ab70fcb2bc21025d8845281bc4bc8987ca683.
  * bmo#1694214 - tstclnt can't enable middlebox compat mode.
  * bmo#1694392 - NSS does not work with PKCS #11 modules not supporting
    profiles.
  * bmo#1685880 - Minor fix to prevent unused variable on early return.
  * bmo#1685880 - Fix for the gcc compiler version 7 to support setenv
    with nss build.
  * bmo#1693217 - Increase nssckbi.h version number for March 2021 batch
    of root CA changes, CA list version 2.48.
  * bmo#1692094 - Set email distrust after to 21-03-01 for Camerfirma's
    'Chambers of Commerce' and 'Global Chambersign' roots.
  * bmo#1618407 - Symantec root certs - Set CKA_NSS_EMAIL_DISTRUST_AFTER.
  * bmo#1693173 - Add GlobalSign R45, E45, R46, and E46 root certs to NSS.
  * bmo#1683738 - Add AC RAIZ FNMT-RCM SERVIDORES SEGUROS root cert to NSS.
  * bmo#1686854 - Remove GeoTrust PCA-G2 and VeriSign Universal root certs
    from NSS.
  * bmo#1687822 - Turn off Websites trust bit for the ā€œStaat der
    Nederlanden Root CA - G3ā€ root cert in NSS.
  * bmo#1692094 - Turn off Websites Trust Bit for 'Chambers of Commerce
    Root - 2008' and 'Global Chambersign Root - 2008ā€™.
  * bmo#1694291 - Tracing fixes for ECH.
- required for Firefox 88
- update to NSS 3.62
  * bmo#1688374 - Fix parallel build NSS-3.61 with make
  * bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()
    can corrupt "/cachedCertTable"/
  * bmo#1690583 - Fix CH padding extension size calculation
  * bmo#1690421 - Adjust 3.62 ABI report formatting for new libabigail
  * bmo#1690421 - Install packaged libabigail in docker-builds image
  * bmo#1689228 - Minor ECH -09 fixes for interop testing, fuzzing
  * bmo#1674819 - Fixup a51fae403328, enum type may be signed
  * bmo#1681585 - Add ECH support to selfserv
  * bmo#1681585 - Update ECH to Draft-09
  * bmo#1678398 - Add Export/Import functions for HPKE context
  * bmo#1678398 - Update HPKE to draft-07
- required for Firefox 87
- Add nss-btrfs-sqlite.patch to address bmo#1690232
- update to NSS 3.61
  * required for Firefox 86
  * bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key
    values under certain conditions.
  * bmo#1684300 - Fix default PBE iteration count when NSS is compiled
    with NSS_DISABLE_DBM.
  * bmo#1651411 - Improve constant-timeness in RSA operations.
  * bmo#1677207 - Upgrade Google Test version to latest release.
  * bmo#1654332 - Add aarch64-make target to nss-try.
- update to NSS 3.60.1
  Notable changes in NSS 3.60:
  * TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support
    has been added, replacing the previous ESNI (draft-ietf-tls-esni-01)
    implementation. See bmo#1654332 for more information.
  * December 2020 batch of Root CA changes, builtins library updated
    to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769
    for more information.
- removed obsolete ppc-old-abi-v3.patch
- update to NSS 3.59.1
  * bmo#1679290 - Fix potential deadlock with certain third-party
    PKCS11 modules
- update to NSS 3.59
  Notable changes
  * Exported two existing functions from libnss:
    CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData
  Bugfixes
  * bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
  * bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
  * bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
  * bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
  * bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed
    root certs when SHA1 signatures are disabled.
  * bmo#1644209 - Fix broken SelectedCipherSuiteReplacer filter to
    solve some test intermittents
  * bmo#1672703 - Tolerate the first CCS in TLS 1.3 to fix a regression in
    our CVE-2020-25648 fix that broke purple-discord
    (boo#1179382)
  * bmo#1666891 - Support key wrap/unwrap with RSA-OAEP
  * bmo#1667989 - Fix gyp linking on Solaris
  * bmo#1668123 - Export CERT_AddCertToListHeadWithData and
    CERT_AddCertToListTailWithData from libnss
  * bmo#1634584 - Set CKA_NSS_SERVER_DISTRUST_AFTER for Trustis FPS Root CA
  * bmo#1663091 - Remove unnecessary assertions in the streaming
    ASN.1 decoder that affected decoding certain PKCS8
    private keys when using NSS debug builds
  * bmo#670839 - Use ARM crypto extension for AES, SHA1 and SHA2 on MacOS.
- update to NSS 3.58
  Bugs fixed:
  * bmo#1641480 (CVE-2020-25648)
    Tighten CCS handling for middlebox compatibility mode.
  * bmo#1631890 - Add support for Hybrid Public Key Encryption
    (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello
    (draft-ietf-tls-esni).
  * bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto
    extensions.
  * bmo#1668328 - Handle spaces in the Python path name when using
    gyp on Windows.
  * bmo#1667153 - Add PK11_ImportDataKey for data object import.
  * bmo#1665715 - Pass the embedded SCT list extension (if present)
    to TrustDomain::CheckRevocation instead of the notBefore value.
- install libraries in %{_libdir} (boo#1029961)
- Fix build with RPM 4.16: error: bare words are no longer
  supported, please use "/..."/:  lib64 == lib64.
- update to NSS 3.57
  * The following CA certificates were Added:
    bmo#1663049 - CN=Trustwave Global Certification Authority
    SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8
    bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority
    SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4
    bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority
    SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
  * The following CA certificates were Removed:
    bmo#1651211 - CN=EE Certification Centre Root CA
    SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76
    bmo#1656077 - O=Government Root Certification Authority; C=TW
    SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
  * Trust settings for the following CA certificates were Modified:
    bmo#1653092 - CN=OISTE WISeKey Global Root GA CA
    Websites (server authentication) trust bit removed.
  * https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes
- requires NSPR 4.29
- removed obsolete nss-freebl-fix-aarch64.patch (bmo#1659256)
- introduced _constraints due to high memory requirements especially
  for LTO on Tumbleweed
- Add patch to fix build on aarch64 - boo#1176934:
  * nss-freebl-fix-aarch64.patch
- Update nss-fips-approved-crypto-non-ec.patch to match RC2 code
  being moved to deprecated/.
- Remove nss-fix-dh-pkcs-derive-inverted-logic.patch. This was made
  obsolete by upstream changes.
- Modifications for NIST SP 800-56Ar3 compliance. This adds checks
  and restricts Diffie-Hellman parameters in FIPS mode
  (bsc#1176173).
  New patches:
  * nss-fips-stricter-dh.patch
  * nss-fips-kdf-self-tests.patch
- update to NSS 3.56
  Notable changes
  * bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
  * bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
  * bmo#1654142 - Add CPU feature detection for Intel SHA extension.
  * bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
  * bmo#1656986 - Properly detect arm64 during GYP build architecture
    detection.
  * bmo#1652729 - Add build flag to disable RC2 and relocate to
    lib/freebl/deprecated.
  * bmo#1656429 - Correct RTT estimate used in 0-RTT anti-replay.
  * bmo#1588941 - Send empty certificate message when scheme selection
    fails.
  * bmo#1652032 - Fix failure to build in Windows arm64 makefile
    cross-compilation.
  * bmo#1625791 - Fix deadlock issue in nssSlot_IsTokenPresent.
  * bmo#1653975 - Fix 3.53 regression by setting "/all"/ as the default
    makefile target.
  * bmo#1659792 - Fix broken libpkix tests with unexpired PayPal cert.
  * bmo#1659814 - Fix interop.sh failures with newer tls-interop
    commit and dependencies.
  * bmo#1656519 - NSPR dependency updated to 4.28
- do not hard require mozilla-nss-certs-32bit via baselibs
  (boo#1176206)
- update to NSS 3.55
  Notable changes
  * P384 and P521 elliptic curve implementations are replaced with
    verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
  * PK11_FindCertInSlot is added. With this function, a given slot
    can be queried with a DER-Encoded certificate, providing performance
    and usability improvements over other mechanisms. (bmo#1649633)
  * DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)
  Relevant Bugfixes
  * bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and
    P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
  * bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
  * bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
  * bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part
    ChaCha20 (which was not functioning correctly) and more strictly
    enforce tag length.
  * bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
  * bmo#1653202 - Fix initialization bug in blapitest when compiled
    with NSS_DISABLE_DEPRECATED_SEED.
  * bmo#1646594 - Fix AVX2 detection in makefile builds.
  * bmo#1649633 - Add PK11_FindCertInSlot to search a given slot
    for a DER-encoded certificate.
  * bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
  * bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
  * bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
  * bmo#1649226 - Add Wycheproof ECDSA tests.
  * bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
  * bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in
    RSA_CheckSignRecover.
  * bmo#1646324 - Advertise PKCS#1 schemes for certificates in the
    signature_algorithms extension.
    nss-fips-constructor-self-tests.patch
- update to NSS 3.54
  Notable changes
  * Support for TLS 1.3 external pre-shared keys (bmo#1603042).
  * Use ARM Cryptography Extension for SHA256, when available
    (bmo#1528113)
  * The following CA certificates were Added:
    bmo#1645186 - certSIGN Root CA G2.
    bmo#1645174 - e-Szigno Root CA 2017.
    bmo#1641716 - Microsoft ECC Root Certificate Authority 2017.
    bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
  * The following CA certificates were Removed:
    bmo#1645199 - AddTrust Class 1 CA Root.
    bmo#1645199 - AddTrust External CA Root.
    bmo#1641718 - LuxTrust Global Root 2.
    bmo#1639987 - Staat der Nederlanden Root CA - G2.
    bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4.
    bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4.
    bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.
  * A number of certificates had their Email trust bit disabled.
    See bmo#1618402 for a complete list.
  Bugs fixed
  * bmo#1528113 - Use ARM Cryptography Extension for SHA256.
  * bmo#1603042 - Add TLS 1.3 external PSK support.
  * bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
  * bmo#1645186 - Add "/certSIGN Root CA G2"/ root certificate.
  * bmo#1645174 - Add Microsec's "/e-Szigno Root CA 2017"/ root certificate.
  * bmo#1641716 - Add Microsoft's non-EV root certificates.
  * bmo1621151 - Disable email trust bit for "/O=Government
    Root Certification Authority; C=TW"/ root.
  * bmo#1645199 - Remove AddTrust root certificates.
  * bmo#1641718 - Remove "/LuxTrust Global Root 2"/ root certificate.
  * bmo#1639987 - Remove "/Staat der Nederlanden Root CA - G2"/ root
    certificate.
  * bmo#1618402 - Remove Symantec root certificates and disable email trust
    bit.
  * bmo#1640516 - NSS 3.54 should depend on NSPR 4.26.
  * bmo#1642146 - Fix undefined reference to `PORT_ZAlloc_stub' in seed.c.
  * bmo#1642153 - Fix infinite recursion building NSS.
  * bmo#1642638 - Fix fuzzing assertion crash.
  * bmo#1642871 - Enable SSL_SendSessionTicket after resumption.
  * bmo#1643123 - Support SSL_ExportEarlyKeyingMaterial with External PSKs.
  * bmo#1643557 - Fix numerous compile warnings in NSS.
  * bmo#1644774 - SSL gtests to use ClearServerCache when resetting
    self-encrypt keys.
  * bmo#1645479 - Don't use SECITEM_MakeItem in secutil.c.
  * bmo#1646520 - Stricter enforcement of ASN.1 INTEGER encoding.
ncurses
- Add patch bsc1190793-63ca9e06.patch to fix bsc#1190793 for
  CVE-2021-39537: ncurses: heap-based buffer overflow in
  _nc_captoinfo in captoinfo.c
openssh
- Add openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch
  (bsc#1190975, CVE-2021-41617), backported from upstream by
  Ali Abdallah.
pam
- pam_cracklib: backported code to check whether the password contains
  a substring of of the user's name of at least <N> characters length
  in some form from SLE-15.
  This is enabled by the new parameter "/usersubstr=<N>"/
  See https://github.com/libpwquality/libpwquality/commit/bfef79dbe6aa525e9557bf4b0a61e6dde12749c4
  [jsc#SLE-21741, pam-pam_cracklib-add-usersubstr.patch]
- Added tmpfiles for pam to set up directory for pam_faillock.
  [pam.conf]
- Added pam_faillock to the set of modules.
  [jsc#sle-20638, pam-sle20638-add-pam_faillock.patch]
pcre
- pcre 8.45 (the final release)
  * Fixed a small (*MARK) bug in the interpreter (Bugzilla #2771).
- pcre 8.44
  * Small patch to pcreposix.c to set the erroroffset field to -1 immediately
  after a successful compile, instead of at the start of matching to avoid a
  sanitizer complaint (regexec is supposed to be thread safe).
  * Check the size of the number after (?C as it is read, in order to avoid
  integer overflow. (bsc#1172974, CVE-2020-14155)
  * Tidy up left shifts to avoid sanitize warnings; also fix one NULL deference
  in pcretest.
- pcre 8.43
  * In a pattern such as /[^x{100}-x{ffff}]*[x80-xff]/ which has a repeated
  negative class with no characters less than 0x100 followed by a positive class
  with only characters less than 0x100, the first class was incorrectly being
  auto-possessified, causing incorrect match failures.
  * If the only branch in a conditional subpattern was anchored, the whole
  subpattern was treated as anchored, when it should not have been, since the
  assumed empty second branch cannot be anchored. Demonstrated by test patterns
  such as /(?(1)^())b/ or /(?(?=^))b/.
  * Fix subject buffer overread in JIT when UTF is disabled and X or R has
  a greater than 1 fixed quantifier. This issue was found by Yunho Kim.
  (bsc#1172973 CVE-2019-20838)
  * If a pattern started with a subroutine call that had a quantifier with a
  minimum of zero, an incorrect "/match must start with this character"/ could be
  recorded. Example: /(?&xxx)*ABC(?<xxx>XYZ)/ would (incorrectly) expect 'A' to
  be the first character of a match.
- pcre 8.42
  * If a backreference with a minimum repeat count of zero was first in a
  pattern, apart from assertions, an incorrect first matching character could be
  recorded. For example, for the pattern /(?=(a))1?b/, "/b"/ was incorrectly set
  as the first character of a match.
  * Fix out-of-bounds read for partial matching of /./ against an empty string
  when the newline type is CRLF.
  * When matching using the the REG_STARTEND feature of the POSIX API with a
  non-zero starting offset, unset capturing groups with lower numbers than a
  group that did capture something were not being correctly returned as "/unset"/
  (that is, with offset values of -1).
  * Matching the pattern /(*UTF)C[^v]+x80/ against an 8-bit string
  containing multi-code-unit characters caused bad behaviour and possibly a
  crash. This issue was fixed for other kinds of repeat in release 8.37 by change
  38, but repeating character classes were overlooked.
- pcre 8.41
  * Fix a missing else in the JIT compiler (bsc#1025709 CVE-2017-6004)
  * A (?# style comment is now ignored between a basic quantifier and a
    following '+' or '?' (example: /X+(?#comment)?Y/.
  * Avoid use of a potentially overflowing buffer in pcregrep (patch by Petr
    Pisar).
  * In the 32-bit library in non-UTF mode, an attempt to find a Unicode
  property for a character with a code point greater than 0x10ffff (the Unicode
  maximum) caused a crash. (bsc#1030807 CVE-2017-7244)
  * The alternative matching function, pcre_dfa_exec() misbehaved if it
  encountered a character class with a possessive repeat, for example [a-f]{3}+.
  (bsc#1030066 CVE-2017-7186)
  * When pcretest called pcre_copy_substring() in 32-bit mode, it set the buffer
  length incorrectly, which could result in buffer overflow.
  (bsc#1030805 CVE-2017-7245, bsc#1030803 CVE-2017-7246)
  * Fix returned offsets from regexec() when REG_STARTEND is used with a
  starting offset greater than zero.
- pcre 8.40
  * Fix register overwite in JIT when SSE2 acceleration is enabled.
  * Ignore "/show all captures"/ (/=) for DFA matching.
  * Fix JIT unaligned accesses on x86. Patch by Marc Mutz.
  * In any wide-character mode (8-bit UTF or any 16-bit or 32-bit mode),
    without PCRE_UCP set, a negative character type such as D in a positive
    class should cause all characters greater than 255 to match, whatever else
    is in the class. There was a bug that caused this not to happen if a
    Unicode property item was added to such a class, for example [DP{Nd}] or
    [WpL].
  * A pattern such as (?<RA>abc)(?(R)xyz) was incorrectly compiled such that
    the conditional was interpreted as a reference to capturing group 1 instead
    of a test for recursion. Any group whose name began with R was
    misinterpreted in this way. (The reference interpretation should only
    happen if the group's name is precisely "/R"/.)
  * A number of bugs have been mended relating to match start-up optimizations
    when the first thing in a pattern is a positive lookahead. These all
    applied only when PCRE_NO_START_OPTIMIZE was *not* set:
    (a) A pattern such as (?=.*X)X$ was incorrectly optimized as if it needed
    both an initial 'X' and a following 'X'.
    (b) Some patterns starting with an assertion that started with .* were
    incorrectly optimized as having to match at the start of the subject or
    after a newline. There are cases where this is not true, for example,
    (?=.*[A-Z])(?=.{8,16})(?!.*[s]) matches after the start in lines that
    start with spaces. Starting .* in an assertion is no longer taken as an
    indication of matching at the start (or after a newline).
permissions
  * add capability for prometheus-blackbox_exporter (bsc#1191194)
- Update to version 20170707:
python
- Set correct value of %python2_package_prefix to python
  (as expected on SLE-12). (bsc#1175619)
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "/Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-Pygments
- Add cve_2021_27291.patch (CVE-2021-27291, bsc#1184812)
  + fix several exponential/cubic complexity regexes
- Rebase cve_2021_20270.patch (bsc#1183169)
- Rebase denose.path, so applies clearly
python-azure-mgmt-billing
- Update in SLE-12 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 1.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
python-azure-mgmt-cdn
- Update in SLE-12 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 5.2.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-azure-mgmt-hdinsight
- Update in SLE-12 (bsc#1187880, bsc#1188178)
  + Version 2.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-mgmt-netapp
- Update in SLE-12 (bsc#1187880, bsc#1188178)
  + Version 0.14.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- New upstream release
python-azure-mgmt-resource
- Update in SLE-12 (bsc#1187880, bsc#1188178)
  + Version 15.0.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
- New upstream release
python-azure-mgmt-synapse
- Update in SLE-12 (bsc#1187880, bsc#1188178)
- New upstream release
  + Version 0.5.0
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
python-base
- Add CVE-2019-20907_tarfile-inf-loop.patch fixing bsc#1174091
  (CVE-2019-20907, bpo#39017) avoiding possible infinite loop
  in specifically crafted tarball.
  Add recursion.tar as a testing tarball for the patch.
- Provide the newest setuptools wheel (bsc#1176262,
  CVE-2019-20916) in their correct form (bsc#1180686).
- Add CVE-2020-26116-httplib-header-injection.patch fixing bsc#1177211
  (CVE-2020-26116, bpo#39603) no longer allowing special characters in
  the method parameter of HTTPConnection.putrequest in httplib, stopping
  injection of headers. Such characters now raise ValueError.
- Renamed patch for assigned CVE:
  * bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch ->
    CVE-2021-3737-fix-HTTP-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
    (boo#1189241, CVE-2021-3737)
- Renamed patch for assigned CVE:
  * bpo43075-fix-ReDoS-in-request.patch -> CVE-2021-3733-fix-ReDoS-in-request.patch
    (boo#1189287, CVE-2021-3733)
- Fix python-doc build (bpo#35293):
  * sphinx-update-removed-function.patch
- Update documentation formatting for Sphinx 3.0 (bpo#40204).
- Add bpo43075-fix-ReDoS-in-request.patch which fixes ReDoS in
  request (bpo#43075, boo#1189287).
- Add missing security announcement to
  bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch.
- Add bpo44022-fix-http-client-infinite-line-reading-after-a-HTTP-100-Continue.patch
  which fixes http client infinite line reading (DoS) after a http
  100 (bpo#44022, boo#1189241).
- Add CVE-2021-3177-buf_ovrfl_PyCArg_repr.patch fixing
  bsc#1181126 (CVE-2021-3177) buffer overflow in PyCArg_repr in
  _ctypes/callproc.c, which may lead to remote code execution.
- (bsc#1180125) We really don't Require python-rpm-macros package.
  Unnecessary dependency.
- Add patch configure_PYTHON_FOR_REGEN.patch which makes
  configure.ac to consider the correct version of
  PYTHON_FO_REGEN (bsc#1078326).
- Use python3-Sphinx on anything more recent than SLE-15 (inclusive).
  - Fixes a ReDoS vulnerability in `http.cookiejar`. Patch by Ben
    Caller.
  - bsc#1155094 (CVE-2019-18348) Disallow control characters in
    hostnames in http.client. Such potentially malicious header
  - Fixed possible leak in `PyArg_Parse` and similar
    `PY_SSIZE_T_CLEAN` is not defined.
  - python-2.7.14-CVE-2017-1000158.patch
  - CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch
  - CVE-2018-1061-DOS-via-regexp-difflib.patch
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-16056-email-parse-addr.patch
- Add CVE-2019-9674-zip-bomb.patch to improve documentation
  warning about dangers of zip-bombs and other security problems
  with zipfile library. (bsc#1162825 CVE-2019-9674)
- Change to Requires: libpython%{so_version} == %{version}-%{release}
  to python-base to keep both packages always synchronized (add
  %{so_version}) (bsc#1162224).
- Add CVE-2020-8492-urllib-ReDoS.patch fixing the security bug
  "/Python urrlib allowed an HTTP server to conduct Regular
  Expression Denial of Service (ReDoS)"/ (bsc#1162367)
- Provide python-testsuite from devel subkg to ease py2->py3
  dependencies
- bsc#1109847 (CVE-2018-14647): add
  CVE-2018-14647_XML_SetHashSalt-in_elementtree.patch fixing
  bpo-34623.
  fixing bpo-35746 (CVE-2019-5010).
python-pip
- Add CVE-2021-3572-split-unicode-separators.patch stopping the script
  from splitting references on Unicode separators (CVE-2021-3572,
  bsc#1186819).
python3
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
  fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
  CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
  (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
  reading potential HTTP headers after a 100 Continue status response
  from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
  rechecking solution for bsc#1129071).
- Refresh patches:
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2020-8492-urllib-ReDoS.patch
  - Python-3.3.0b2-multilib.patch
  - python-3.6-CVE-2017-18207.patch
  - python3-urllib-prefer-lowercase-proxies.patch
  - subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
python3-base
- Add CVE-2021-3733-ReDoS-urllib-AbstractBasicAuthHandler.patch
  fixing ReDoS in urllib AbstractBasicAuthHandler (bsc#1189287,
  CVE-2021-3733, bpo#43075)
- Add CVE-2021-3737-infinite-loop-on-100-Continue.patch fixing bpo-44022
  (bsc#1189241, CVE-2021-3737): http.client now avoids infinitely
  reading potential HTTP headers after a 100 Continue status response
  from the server.
- Reorder and better documented patches related to bpo#30458 (also, for
  rechecking solution for bsc#1129071).
- Refresh patches:
  - CVE-2019-10160-netloc-port-regression.patch
  - CVE-2019-18348-CRLF_injection_via_host_part.patch
  - CVE-2019-9947-no-ctrl-char-http.patch
  - CVE-2020-8492-urllib-ReDoS.patch
  - Python-3.3.0b2-multilib.patch
  - python-3.6-CVE-2017-18207.patch
  - python3-urllib-prefer-lowercase-proxies.patch
  - subprocess-raise-timeout.patch
- Modify Lib/ensurepip/__init__.py to contain the same version
  numbers as are in reality the ones in the bundled wheels
  (bsc#1187668).
release-notes-sles
- 12.5.20210831 (tracked in bsc#933411)
- Added note about user login fail (bsc#1187484)
- Removed mention of SES (bsc#1188305)
- Updated note about psqlODBC (jsc#SLE-11413)
- Added note about updated psqlODBC (jsc#SLE-13589)
- Added note about nested VMX (jsc#SLE-11270)
- Added note about Vagrant box support (bsc#1174599)
- Added support end date for PHP 7.2 (jsc#SLE-12474)
- Fixed IBM-Z doc link (bsc#1185109)
rsync
- Fixed an error when using the external compression library
  where files larger that 1GB would not be transferred completely
  and failing with error:
  - deflate on token returned 0 (XXX bytes left)
  - rsync error: error in rsync protocol data stream (code 12)
  * Add rsync-fix-external-compression.patch [bsc#1190828]
- Fix a segmentation fault in iconv [bsc#1188258]
  * Add rsync-iconv-segfault.patch
rsyslog
- fix memory leak when internal messages not processed internally
  (bsc#1190483)
  * add 0001-core-bugfix-memory-leak-when-internal-messages-not-p.patch
- fix memory leak in omfile (bsc#1189737)
  * add 0001-omfile-bugfix-file-handle-leak.patch
ruby2
Add patches to fix the following CVE's:
  - CVE-2021-32066.patch (CVE-2021-32066): Fix StartTLS stripping
    vulnerability in Net:IMAP (bsc#1188160)
  - CVE-2021-31810.patch (CVE-2021-31810): Fix trusting FTP PASV
    responses vulnerability in  Net:FTP (bsc#1188161)
  - CVE-2020-25613.patch (CVE-2020-25613): Fix potential HTTP request
    smuggling in WEBrick (bsc#1177125)
  - CVE-2021-31799.patch (CVE-2021-31799): Fix Command injection
    vulnerability in RDoc (bsc#1190375)
runc
- Update to runc v1.0.3. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.3. CVE-2021-43784
  (bsc#1193436)
  * A potential vulnerability was discovered in runc (related to an internal
    usage of netlink), however upon further investigation we discovered that
    while this bug was exploitable on the master branch of runc, no released
    version of runc could be exploited using this bug. The exploit required
    being able to create a netlink attribute with a length that would overflow a
    uint16 but this was not possible in any released version of runc. For more
    information see GHSA-v95c-p5hm-xq8f and CVE-2021-43784.
    Due to an abundance of caution we decided to do an emergency release with
    this fix, but to reiterate we do not believe this vulnerability was
    possible to exploit. Thanks to Felix Wilhelm from Google Project Zero for
    discovering and reporting this vulnerability so quickly.
  * Fixed inability to start a container with read-write bind mount of a
    read-only fuse host mount.
  * Fixed inability to start when read-only /dev in set in spec.
  * Fixed not removing sub-cgroups upon container delete, when rootless cgroup
    v2 is used with older systemd.
  * Fixed returning error from GetStats when hugetlb is unsupported (which
    causes excessive logging for kubernetes).
- Update to runc v1.0.2. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.2
  * Fixed a failure to set CPU quota period in some cases on cgroup v1.
  * Fixed the inability to start a container with the "/adding seccomp filter
    rule for syscall ..."/ error, caused by redundant seccomp rules (i.e. those
    that has action equal to the default one). Such redundant rules are now
    skipped.
  * Made release builds reproducible from now on.
  * Fixed a rare debug log race in runc init, which can result in occasional
    harmful "/failed to decode ..."/ errors from runc run or exec.
  * Fixed the check in cgroup v1 systemd manager if a container needs to be
    frozen before Set, and add a setting to skip such freeze unconditionally.
    The previous fix for that issue, done in runc 1.0.1, was not working.
- Update to runc v1.0.1. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.1
  * Fixed occasional runc exec/run failure ("/interrupted system call"/) on an
    Azure volume.
  * Fixed "/unable to find groups ... token too long"/ error with /etc/group
    containing lines longer than 64K characters.
  * cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is
    frozen. This is a regression in 1.0.0, not affecting runc itself but some
    of libcontainer users (e.g Kubernetes).
  * cgroupv2: bpf: Ignore inaccessible existing programs in case of
    permission error when handling replacement of existing bpf cgroup
    programs. This fixes a regression in 1.0.0, where some SELinux
    policies would block runc from being able to run entirely.
  * cgroup/systemd/v2: don't freeze cgroup on Set.
  * cgroup/systemd/v1: avoid unnecessary freeze on Set.
- Remove upstreamed patches:
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Backport <https://github.com/opencontainers/runc/pull/3055> to fix issues
  with runc under openSUSE MicroOS's SELinux policy. boo#1187704
  + boo1187704-0001-cgroupv2-ebpf-ignore-inaccessible-existing-programs.patch
- Update to runc v1.0.0. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0
  ! The usage of relative paths for mountpoints will now produce a warning
    (such configurations are outside of the spec, and in future runc will
    produce an error when given such configurations).
  * cgroupv2: devices: rework the filter generation to produce consistent
    results with cgroupv1, and always clobber any existing eBPF
    program(s) to fix runc update and avoid leaking eBPF programs
    (resulting in errors when managing containers).
  * cgroupv2: correctly convert "/number of IOs"/ statistics in a
    cgroupv1-compatible way.
  * cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
  * cgroupv2: wait for freeze to finish before returning from the freezing
    code, optimize the method for checking whether a cgroup is frozen.
  * cgroups/systemd: fixed "/retry on dbus disconnect"/ logic introduced in rc94
  * cgroups/systemd: fixed returning "/unit already exists"/ error from a systemd
    cgroup manager (regression in rc94)
  + cgroupv2: support SkipDevices with systemd driver
  + cgroup/systemd: return, not ignore, stop unit error from Destroy
  + Make "/runc --version"/ output sane even when built with go get or
    otherwise outside of our build scripts.
  + cgroups: set SkipDevices during runc update (so we don't modify
    cgroups at all during runc update).
  + cgroup1: blkio: support BFQ weights.
  + cgroupv2: set per-device io weights if BFQ IO scheduler is available.
- Update to runc v1.0.0~rc95. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc95
  This release of runc contains a fix for CVE-2021-30465, and users are
  strongly recommended to update (especially if you are providing
  semi-limited access to spawn containers to untrusted users). bsc#1185405
- Update to runc v1.0.0~rc94. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc94
  Breaking Changes:
  * cgroupv1: kernel memory limits are now always ignored, as kmemcg has
    been effectively deprecated by the kernel. Users should make use of regular
    memory cgroup controls.
  Regression Fixes:
  * seccomp: fix 32-bit compilation errors
  * runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
  * runc start: fix "/chdir to cwd: permission denied"/ for some setups
- Remove upstreamed patches:
  - 0001-cloned_binary-switch-from-error-to-warning-for-SYS_m.patch
    syscalls unusable for glibc.
samba
- CVE-2016-2124: SMB1 client connections can be downgraded to
  plaintext authentication (bsc#1014440); (bso#12444);
- CVE-2020-25717: A user in an AD Domain could become root on
  domain members; (bsc#1192284); (bso#14556);
- CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability;
  (bsc#1192214); (bso#14875);
- Add msDS-AdditionalDnsHostName to the keytab; (bso#14396);
  (bsc#1185420);
- Add net-ads-join dnshostname option; (bso#14396); (bsc#1185420);
- Fix adding msDS-AdditionalDnsHostName to keytab with Windows DC;
  (bso#14406); (bsc#1185420);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
  to replication delay; (bsc#1188727);
sqlite3
- Sync version 3.36.0 from Factory to implement jsc#SLE-16032.
- The following CVEs have been fixed in upstream releases up to
  this point, but were not mentioned in the change log so far:
  * bsc#1173641, CVE-2020-15358: heap-based buffer overflow in
    multiSelectOrderBy due to mishandling of query-flattener
    optimization
  * bsc#1164719, CVE-2020-9327: NULL pointer dereference and
    segmentation fault because of generated column optimizations in
    isAuxiliaryVtabOperator
  * bsc#1160439, CVE-2019-20218: selectExpander in select.c proceeds
    with WITH stack unwinding even after a parsing error
  * bsc#1160438, CVE-2019-19959: memory-management error via
    ext/misc/zipfile.c involving embedded '0' input
  * bsc#1160309, CVE-2019-19923: improper handling  of  certain uses
    of SELECT DISTINCT in flattenSubquery may lead to null pointer
    dereference
  * bsc#1159850, CVE-2019-19924: improper error handling in
    sqlite3WindowRewrite()
  * bsc#1159847, CVE-2019-19925: improper handling of NULL pathname
    during an update of a ZIP archive
  * bsc#1159715, CVE-2019-19926: improper handling  of certain
    errors during parsing  multiSelect in select.c
  * bsc#1159491, CVE-2019-19880: exprListAppendList in window.c
    allows attackers to trigger an invalid pointer dereference
  * bsc#1158960, CVE-2019-19603: during handling of CREATE TABLE
    and CREATE VIEW statements, does not consider confusion with
    a shadow table name
  * bsc#1158959, CVE-2019-19646: pragma.c mishandles NOT NULL in an
    integrity_check PRAGMA command in certain cases of generated
    columns
  * bsc#1158958, CVE-2019-19645: alter.c allows attackers to trigger
    infinite recursion via certain types of self-referential views
    in conjunction with ALTER TABLE statements
  * bsc#1158812, CVE-2019-19317: lookupName in resolve.c omits bits
    from the colUsed bitmask in the case of a generated column,
    which allows attackers to cause a denial of service
  * bsc#1157818, CVE-2019-19244: sqlite3,sqlite2,sqlite: The
    function sqlite3Select in select.c allows a crash if a
    sub-select uses both DISTINCT and window functions, and also
    has certain ORDER BY usage
  * bsc#928701, CVE-2015-3415: sqlite3VdbeExec comparison operator
    vulnerability
  * bsc#928700, CVE-2015-3414: sqlite3,sqlite2: dequoting of
    collation-sequence names
  * CVE-2020-13434 boo#1172115: integer overflow in
    sqlite3_str_vappendf
  * CVE-2020-13630 boo#1172234: use-after-free in fts3EvalNextRow
  * CVE-2020-13631 boo#1172236: virtual table allowed to be renamed
    to one of its shadow tables
  * CVE-2020-13632 boo#1172240: NULL pointer dereference via
    crafted matchinfo() query
  * CVE-2020-13435: Malicious SQL statements could have crashed the
    process that is running SQLite (boo#1172091)
- Remove the following patches from there which are all upstream:
  * sqlite3-CVE-2017-10989.patch
  * sqlite3-CVE-2017-2518.patch,
  * sqlite3-CVE-2018-20346.patch,
  * sqlite3-CVE-2018-8740.patch,
  * sqlite3-CVE-2019-16168.patch,
  * sqlite3-CVE-2019-8457.patch,
  * sqlite3-journal-file.patch,
  * sqlite3-xFetch-null.patch,
  * sqlite3-CVE-2016-6153.patch
suse-module-tools
- Update to version 12.11: Import kernel scriptlets from kernel-source
  * rpm-script: fix bad exit status in OpenQA (bsc#1191922)
  * cert-script: Deal with existing $cert.delete file (bsc#1191804).
  * cert-script: Ignore kernel keyring for kernel certificates (bsc#1191480).
  * cert-script: Only print mokutil output in verbose mode.
  * inkmp-script(postun): don't pass  existing files to weak-modules2
    (boo#1191200)
  * kernel-scriptlets: skip cert scriptlet on non-UEFI systems
    (boo#1191260)
  * rpm-script: link config also into /boot (boo#1189879)
  * Import kernel scriptlets from kernel-source.
    (bsc#1189841, bsc#1190598)
  * Provide "/suse-kernel-rpm-scriptlets"/
systemd
- Import commit 3fad90a5e2a1d0099ba2925793df42e0084cad35
  dbf8419fdb busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21894)
  7a9abad886 sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (#4205) (bsc#1191399)
  7dd902bfa6 manager: reexecute on SIGRTMIN+25, user instances only
  fb9e399bca basic/unit-name: do not use strdupa() on a path (bsc#1188063 CVE-2021-33910)
  e0fde642ec logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018)
  fe106cccdd units: make fsck/grows/makefs/makeswap units conflict against shutdown.target
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480)
- Avoid the error message when udev is updated due to udev being
  already active when the sockets are started again (bsc#1188291)
- Drop 1001-basic-unit-name-do-not-use-strdupa-on-a-path.patch
  It's been merged in branch SUSE/v228.
- Allow systemd sysusers config files to be overriden during system
  installation (bsc#1171962).
- While at it, add a comment to explain why we don't use
  %sysusers_create in %pre and why it should be safe in %post.
timezone
- timezone update 2021e (bsc#1177460):
  * Palestine will fall back 10-29 (not 10-30) at 01:00
- timezone update 2021d:
  * Fiji suspends DST for the 2021/2022 season
  * 'zic -r' marks unspecified timestamps with "/-00"/
- timezone update 2021c:
  * Revert almost all of 2021b's changes to the 'backward' file
  * Fix a bug in 'zic -b fat' that caused old timestamps to be
    mishandled in 32-bit-only readers
- timezone update 2021b:
  * Jordan now starts DST on February's last Thursday.
  * Samoa no longer observes DST.
  * Move some backward-compatibility links to 'backward'.
  * Rename Pacific/Enderbury to Pacific/Kanton.
  * Correct many pre-1993 transitions in Malawi, Portugal, etc.
  * zic now creates each output file or link atomically.
  * zic -L no longer omits the POSIX TZ string in its output.
  * zic fixes for truncation and leap second table expiration.
  * zic now follows POSIX for TZ strings using all-year DST.
  * Fix some localtime crashes and bugs in obscure cases.
  * zdump -v now outputs more-useful boundary cases.
  * tzfile.5 better matches a draft successor to RFC 8536.
- Refresh tzdata-china.patch
util-linux
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
  fix testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
  util-linux-ipcs-shmall-overflow-1.patch,
  util-linux-ipcs-shmall-overflow-2.patch).
util-linux-systemd
- ipcutils: Avoid potential memory allocation overflow
  (bsc#1188921, CVE-2021-37600,
  util-linux-ipcutils-overflow-CVE-2021-37600.patch).
- Add bc to BuildRequires to run more complete testsuite,
  fix testsuite (bsc#1178236#c19,
  util-linux-ipcs-shmall-overflow-ts.patch).
- ipcs: Avoid overflows (bsc#1178236,
  util-linux-ipcs-shmall-overflow-1.patch,
  util-linux-ipcs-shmall-overflow-2.patch).
xfsprogs
- xfs_io: add label command (bsc#1191500)
  - add xfsprogs-xfs_io-add-label-command.patch
- xfs_repair: add flag -e to modify exit code for corrected errors
  (bsc#1190320)
  - add xfsprogs-xfs_repair-add-flag-e-to-modify-exit-code-for-correc.patch
- fsck.xfs: allow forced repairs using xfs_repair (bsc#1190320)
  - add xfsprogs-fsck.xfs-allow-forced-repairs-using-xfs_repair.patch
zlib
- Update 410.patch to include new fixes from upstream,
  fixes bsc#1192688
- Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
  to match upstream commit
- Drop patches which changes have been merged in 410.patch:
  * zlib-compression-switching.patch
  * zlib-390x-z15-fix-hw-compression.patch
  * bsc1174551-fxi-imcomplete-raw-streams.patch
zypper
- Add support for PTFs (jsc#SLE-17974)
- version 1.13.60