- Add CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Update to 0.9.8: [jsc#PED-7719, bsc#1218126, CVE-2023-48795]
  * Rebase 0001-disable-timeout-test-on-slow-buildsystems.patch
  * Remove patches fixed in the update:
  - CVE-2019-14889.patch
  - 0001-CVE-2020-1730-Fix-a-possible-segfault-when-zeroing-A.patch

- Update to version 0.9.8
  * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209)
  * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126)
  * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186)
  * Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
  * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm
    guessing (bsc#1211188)
  * Fix CVE-2023-2283: a possible authorization bypass in
    pki_verify_data_signature under low-memory conditions (bsc#1211190)
  * Fix several memory leaks in GSSAPI handling code

- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634)

- Add missing BR for openssh needed for tests

- update to 0.9.5 (bsc#1174713, CVE-2020-16135):
  * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
  * Improve handling of library initialization (T222)
  * Fix parsing of subsecond times in SFTP (T219)
  * Make the documentation reproducible
  * Remove deprecated API usage in OpenSSL
  * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
  * Define version in one place (T226)
  * Prevent invalid free when using different C runtimes than OpenSSL (T229)
  * Compatibility improvements to testsuite

- Update to version 0.9.4
  * Fix possible Denial of Service attack when using AES-CTR-ciphers
    CVE-2020-1730 (bsc#1168699)
- Fixed the failure to detect SSL handshake timeout
  [bsc#1217717, wget-add-support-for-timeout-with-ssl.patch,
- Version 5.1.6
  Fix empty list attributes (bsc#1214930)

- Version 5.1.5 (bsc#1194663)
  + Handle lsblk output format change. The json data now contains
    "mountpoints" instead of "mountpoint"
- Update
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
- commit 1a6bd68

- nvmet-tcp: Fix the H2C expected PDU len calculation
  (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535 CVE-2023-6536
- nvmet-tcp: remove boilerplate code (bsc#1217987 bsc#1217988
  bsc#1217989 CVE-2023-6535 CVE-2023-6536 CVE-2023-6356).
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C
  PDU length (bsc#1217987 bsc#1217988 bsc#1217989 CVE-2023-6535
  CVE-2023-6536 CVE-2023-6356).
- commit 3e8a84f

- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
  Simple arithmetic fix.
- commit df1ea97

- vhost: use kzalloc() instead of kmalloc() followed by memset()
  (CVE-2024-0340, bsc#1218689).
- commit 265772f

- blacklist.conf: add Korina ethernet controleer
- commit 754d7b6

- blacklist.conf: update blacklist
- commit 65ec0f0

- mlx4: handle non-napi callers to napi_poll (git-fixes).
- commit 13aca9d

- bnxt_en: Log unknown link speed appropriately (git-fixes).
- commit cab91f3

- net/mlx5: Don't call timecounter cyc2time directly from 1PPS flow (git-fixes).
- commit 30b8d5c

- net: mvneta: fix double free of txq->buf (git-fixes).
- commit abfb85a

- r8169: fix data corruption issue on RTL8402 (git-fixes).
- commit a389731

- net: stmmac: dwmac1000: fix out-of-bounds mac address reg
  setting (git-fixes).
- commit 51f13e8

- net: fec: Do not use netdev messages too early (git-fixes).
- commit 24b07f8

- net: stmmac: dwmac4/5: Clear unused address entries (git-fixes).
- commit 156e8fc

- net: stmmac: dwmac1000: Clear unused address entries
- commit b89c3f6

- blacklist.conf: add mediatek ethernet
- commit ed969c9

- net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0
- commit 63f7ed7

- blacklist.conf: update blacklist
- commit ba8fcb7

- net: xilinx: fix possible object reference leak (git-fixed).
- commit 0884dff

- net: macb: Add null check for PCLK and HCLK (git-fixed).
- Refresh
- commit 1fdfc75

- netfilter: nf_tables: reject QUEUE/DROP verdict parameters
  (CVE-2024-1086 bsc#1219434).
- commit 1f42903

- configfs: fix a use-after-free in __configfs_open_file
- commit 839bbef

- chardev: fix error handling in cdev_device_add() (git-fixes).
- commit 76071ad

- fs: don't audit the capability check in simple_xattr_list()
- commit 32c621d

- pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP
- commit 165619a

- pstore/ram: Fix error return code in ramoops_probe()
- commit 6c26e9c

- kernfs: fix use-after-free in __kernfs_remove (git-fixes).
- commit 1e4394d

- kernfs: Separate kernfs_pr_cont_buf and rename_lock (git-fixes).
- commit 302cbf3

- configfs: fix a race in configfs_{,un}register_subsystem()
- commit ff1ac8a

- vfs: make freeze_super abort when sync_filesystem returns error
- commit a0e15ea

- fs: orangefs: fix error return code of
  orangefs_revalidate_lookup() (git-fixes).
- commit 05692b2

- fs: warn about impending deprecation of mandatory locks
- commit d313c61

- configfs: fix memleak in configfs_release_bin_file (git-fixes).
- commit e182771

- 9p: missing chunk of "fs/9p: Don't update file type when
  updating file attributes" (git-fixes).
- commit d7f7957

- kernfs: bring names in comments in line with code (git-fixes).
- commit b2412a4

- configfs: fix config_item refcnt leak in configfs_rmdir()
- commit a4e6173

- help_next should increase position index (git-fixes).
- commit a734d52

- configfs: fix a deadlock in configfs_symlink() (git-fixes).
- commit 31f30f9

- locks: print a warning when mount fails due to lack of "mand"
  support (git-fixes).
- commit 4a54942

- configfs: provide exclusion between IO and removals (git-fixes).
- commit be9e3af

- configfs: new object reprsenting tree fragments (git-fixes).
- commit 727fecd

- configfs: stash the data we need into configfs_buffer at open
  time (git-fixes).
- commit 57d5998

- pstore/ram: Run without kernel crash dump region (git-fixes).
- Refresh patches.suse/pstore-backend-autoaction.
- commit 27a20a7

- fs/file.c: initialize init_files.resize_wait (git-fixes).
- commit 4e99111

- fs: ratelimit __find_get_block_slow() failure message
- commit 066abb3

- iomap: sub-block dio needs to zeroout beyond EOF (git-fixes).
- commit c176969

- fs/fat/fatent.c: add cond_resched() to fat_count_free_clusters()
- commit 97bf06c

- proc: fix /proc/*/map_files lookup (git-fixes).
- commit 66524a9

- pstore: ram_core: fix possible overflow in
  persistent_ram_init_ecc() (git-fixes).
- commit 3b8a874

- pstore/ram: Check start of empty przs during init (git-fixes).
- commit 86b8610

- statfs: enforce statfs[64] structure initialization (git-fixes).
- commit e9ab62b

- aio: fix mremap after fork null-deref (git-fixes).
- commit f633071

- drm/amdgpu: Fix potential fence use-after-free v2 (bsc#1219128
- commit 78c123f

- nvmet-tcp: fix a crash in nvmet_req_complete() (git-fixes).
- commit 45b3590

- scsi: qla0xxx: Fix system crash due to bad pointer access
- commit 9c33792

- atm: Fix Use-After-Free in do_vcc_ioctl (CVE-2023-51780
- commit 42f1cd3

- mm,mremap: bail out earlier in mremap_to under map pressure
- commit d63623c

- xen-netback: don't produce zero-size SKB frags (CVE-2023-46838,
  XSA-448, bsc#1218836).
- commit 6d25bad

- USB: serial: option: fix FM101R-GL defines (git-fixes).
- commit c34221c

- blacklist.conf: Add baa9be4ffb55 sched/fair: Fix throttle_list starvation with low CFS quota
- commit f2444c0

- libceph: use kernel_connect() (bsc#1219446).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size()
- commit 92ba85d

- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
- commit 9c63fba

- USB: serial: option: add entry for Sierra EM9191 with new
  firmware (git-fixes).
- commit e18b083

- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
- commit 3c25206

- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
  (CVE-2021-33631 bsc#1219412).
- commit 019d3a9

- blacklist.conf: remove a merge relic
  Remove a merge relic introduced in 44aaf966aab ("Merge remote-tracking
  branch 'origin/SLE12-SP4' into SLE12-SP5-UPDATE").
- commit 78c957f

- blacklist.conf: add a not-relevant jump_label commit
- commit 7bff5db

- tracing/trigger: Fix to return error if failed to alloc snapshot
- commit 57e8982

- blacklist.conf: Blacklist 447ae316670230d7d29430e2cbf1f5db4f49d14c
  It reworks header inclusion to no real benefit for out kernel and
  results in massive kABI breakage. Just blacklist it.
- commit 879fd91

- wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
  (CVE-2023-47233 bsc#1216702).
- commit d2e0155

- net: stmmac: don't overwrite discard_frame status (git-fixes).
- commit af86f48

- net: ethernet: ti: fix possible object reference leak
- commit 8292c78

- blacklist.conf: update blacklist
- commit 3ec6d28

- blacklist.conf: update blacklist
- commit b305f8c

- net: ks8851: Set initial carrier state to down (git-fixes).
- commit 667be0a

- net: ks8851: Delay requesting IRQ until opened (git-fixes).
- commit 605f94a

- net: ks8851: Reassert reset pin if chip ID check fails
- commit 93e9e83

- net: dsa: qca8k: Enable delay for RGMII_ID mode (git-fixes).
- commit 94c1dc4

- net: dsa: mv88e6xxx: Work around mv886e6161 SERDES missing
  MII_PHYSID2 (git-fixes).
- commit d97991c

- blacklist.conf: update blacklist
- commit 23ba946

- blacklist.conf: Black  unapplicable patch
  This one requires 45b575c00d8e72d69d75dd8c112f044b7b01b069 which is
  blacklisted. So black list this one as well.
- commit 8ad7e95

- x86/unwind/orc: Fix unreliable stack dump with gcov (git-fixes).
- commit db29225

- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 0b71917

- x86/kvm/lapic: always disable MMIO interface in x2APIC mode (git-fixes).
- commit 42aa4b1

- x86/purgatory: Don't generate debug info for (git-fixes).
- commit ad7d236

- x86/cpu: Add another Alder Lake CPU to the Intel family (git-fixes).
- commit 5e43536

- x86/build: Turn off -fcf-protection for realmode targets (git-fixes).
- commit 06f5589

- x86/build: Treat R_386_PLT32 relocation as R_386_PC32 (git-fixes).
- commit c5cf689

- x86/lib: Fix overflow when counting digits (git-fixes).
- commit 0070bad

- x86/asm: Ensure asm/proto.h can be included stand-alone (git-fixes).
- commit b6c5df9

- x86: __always_inline __{rd,wr}msr() (git-fixes).
- commit 8507f62

- x86: Mark stop_this_cpu() __noreturn (git-fixes).
- commit 47a8413

- x86: Clear .brk area at early boot (git-fixes).
- commit 63c0fc3

- rpm/ add static multibuild packages
  Commit 841012b049a5 (rpm/mkspec: use kernel-source: prefix for
  constraints on multibuild) added "kernel-source:" prefix to the
  dynamically generated kernels. But there are also static ones like
  kernel-docs. Those fail to build as the constraints are still not
  So add the prefix also to the static ones.
  Note kernel-docs-rt is given kernel-source-rt prefix. I am not sure it
  will ever be multibuilt...
- commit c2e0681

- drm/atomic: Fix potential use-after-free in nonblocking commits
  (bsc#1219120 CVE-2023-51043).
- commit a69e3d8

- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
  Adjust the cpuid check when applying alternatives. Fixes false BUG_ON
  in the presence of extra bugints/capints.
- commit 48af78f

- Revert "Limit kernel-source build to architectures for which the kernel binary"
  This reverts commit 08a9e44c00758b5f3f3b641830ab6affff041132.
  The fix for bsc#1108281 directly causes bsc#1218768, revert.
- commit 2943b8a

- mkspec: Include constraints for both multibuild and plain package always
  There is no need to check for multibuild flag, the constraints can be
  always generated for both cases.
- commit 308ea09

- rpm/mkspec: use kernel-source: prefix for constraints on multibuild
  Otherwise the constraints are not applied with multibuild enabled.
- commit 841012b

- Use pixz for xz compresion when available.
  This makes xz compression highly non-deterministic but deterministic
  results were not provided by xz in the first place.
- commit 1524b56

- rpm/kernel-source.rpmlintrc: add action-ebpf
  Upstream commit a79d8ba734bd (selftests: tc-testing: remove buildebpf
  plugin) added this precompiled binary blob. Adapt rpmlintrc for
- commit b5ccb33

- Refresh patches.suse/mce-fix-set_mce_nospec-to-always-unmap-the-whole-page.patch.
- commit 97df026

- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
- commit f9ab50f

- blacklist.conf: not a bug fix
- commit 89a46f3

- blacklist.conf: driver not compiled
- commit e4d38bb

- blacklist.conf: false positive
- commit be0a82f

- blacklist.conf: not a bug fix
- commit 3adfd09

- blacklist.conf: false positive
- commit 9076062

- scsi: qedf: fc_rport_priv reference counting fixes
  - patches.suse/scsi-qedf-correctly-handle-refcounting-of-rdata
  - patches.suse/scsi-qedf-print-message-during-bailout-conditions
  - patches.suse/scsi-qedf-print-scsi_cmd-backpointer-in-good-completion-path-if-the-command-is-still-being-used
- commit e171158

- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit 3433e7a

- writeback: Export inode_io_list_del() (bsc#1216989).
- commit c969261

- ext4: improve error recovery code paths in __ext4_remount()
  (bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit 3bb0d48

- Update
  (bsc#1213017 bsc#1219053 CVE-2024-0775).
- commit a5b396b

- scripts/ don't add spurious entry from kernel-sources.changes.old
  The previous change added the manual entry from kernel-sources.change.old
  to old_changelog.txt unnecessarily.  Let's fix it.
- commit fb033e8

- Refresh
  Alt-commit added
- commit 5093b56

- x86: Pin task-stack in __get_wchan() (git-fixes).
- commit 96f1d7b

- rpm/ fix build with 6.8
  Since upstream commit f061c9f7d058 (Documentation: Document each netlink
  family), the build needs python yaml.
- commit 6a7ece3

- x86: Fix __get_wchan() for !STACKTRACE (git-fixes).
- commit 23a1a0e

- asix: Add check for usbnet_get_endpoints (git-fixes).
- commit d1fcea8

- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
- commit d9f49bd

- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- commit 79b1f36

- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 2dcf8c9

- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- commit d500914

- x86/cpu/hygon: Fix the CPU topology evaluation for real (git-fixes).
- commit 01e7093

- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- commit 293b127

- x86: Fix get_wchan() to support the ORC unwinder (git-fixes).
- commit 1693c4c

- x86/pat: Pass valid address to sanitize_phys() (git-fixes).
- commit 9776480

- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- blacklist.conf:
- commit 0a8ce61

- x86/mm: Add a x86_has_pat_wp() helper (git-fixes).
- commit 794f377

- veth: Fixing transmit return status for dropped packets
- commit c39655b

- preserve KABI for struct sfp_socket_ops (git-fixes).
- commit 58a9bc4

- blacklist.conf:
- Delete
  This patch is harmful on all kernels, and irrelevant on kernels before
- commit 5365a0a

- KVM: s390: vsie: Fix STFLE interpretive execution identification
  (git-fixes bsc#1219022).
- commit 16098a4

- net: phylink: avoid resolving link state too early (git-fixes).
- commit 67b00b5

- gtp: change NET_UDP_TUNNEL dependency to select (git-fixes).
- commit dd6be0d

- mlxsw: spectrum: Avoid -Wformat-truncation warnings (git-fixes).
- commit bd062d1

- mlxsw: spectrum: Set LAG port collector only when active (git-fixes).
- commit 42cb04e

- net: mv643xx_eth: disable clk on error path in mv643xx_eth_shared_probe() (git-fixes).
- commit 5db0cbe

- net: systemport: Fix reception of BPDUs (git-fixes).
- commit 54f0189

- sfc: initialise found bitmap in efx_ef10_mtd_probe (git-fixes).
- commit 36c912f

- net: sfp: do not probe SFP module before we're attached (git-fixes).
- commit b335b5c

- net: phy: sfp: warn the user when no tx_disable pin is available (git-fixes).
- commit 921c51c

- blacklist.conf: update blacklist
- commit 0fefc1a

- net: stmmac: Disable EEE mode earlier in XMIT callback
- commit 42ea2f4

- blacklist.conf: update blacklist
- commit 16074da

- preserve KABI for struct plat_stmmacenet_data (git-fixes).
- commit be0b5cc

- net: stmmac: Fallback to Platform Data clock in Watchdog
  conversion (git-fixes).
- commit c0e8ae4

- net: stmmac: dwmac-rk: fix error handling in rk_gmac_powerup()
- commit 1f97aba

- blacklist.conf: update blacklist
- commit 160c442

- net: dsa: bcm_sf2: Propagate error value from mdio_write
- commit 042ff8c

- net: (cpts) fix a missing check of clk_prepare (git-fixes).
- commit a0511a4

- blacklist.conf: update blacklist
- commit 778d638

- mlxsw: spectrum: Properly cleanup LAG uppers when removing
  port from LAG (git-fixes).
- commit 65b3a7e

- blacklist.conf: update blacklist
- commit 72f91b3

- nfsd: drop st_mutex and rp_mutex before calling
  move_to_close_lru() (bsc#1217525).
- commit d08e536

- blacklist.conf: add wont-backport commit
- commit 65861c5

- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and
  check its return value (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms
- nvdimm/btt: do not call del_gendisk() if not needed (git-fixes).
- libnvdimm/region: Fix label activation vs errors (git-fixes).
- commit dc5bee2

- libnvdimm: cover up changes in struct nvdimm_bus_descriptor
- libnvdimm: Validate command family indices (git-fixes).
- commit 27f581b

- libnvdimm: Out of bounds read in __nd_ioctl() (git-fixes).
- acpi/nfit: improve bounds checking for 'func' (git-fixes).
- libnvdimm/btt: fix variable 'rc' set but not used (git-fixes).
- libnvdimm/pmem: Delete include of nd-core.h (git-fixes).
- =?UTF-8?q?libnvdimm:=20Fix=20endian=20conversion=20issues?=
  =?UTF-8?q?=C2=A0?= (git-fixes).
- libnvdimm: Fix compilation warnings with W=1 (git-fixes).
- libnvdimm/pmem: fix a possible OOB access when read and write
  pmem (git-fixes).
- libnvdimm/btt: Fix a kmemdup failure check (git-fixes).
- libnvdimm/namespace: Fix a potential NULL pointer dereference
- libnvdimm/btt: Fix LBA masking during 'free list' population
- libnvdimm/btt: Remove unnecessary code in btt_freelist_init
- acpi/nfit: Require opt-in for read-only label configurations
- UAPI: ndctl: Fix g++-unsupported initialisation in headers
- commit e6b26fa

- blacklist.conf: false positive
- commit de6f57b

- blacklist.conf: blacklist Huawei HiNIC
- commit d68e629

- s390/dasd: fix double module refcount decrement (bsc#1141539).
- commit 1d573b9

- scripts/git_sort/  Add 'perf-tools' branch
- commit 7ef21eb

- netfilter: nf_tables: Reject tables of unsupported family
  (CVE-2023-6040 bsc#1218752).
- commit 9e6d9d4

- net/rose: Fix Use-After-Free in rose_ioctl (CVE-2023-51782
- commit 5e6770d

- powerpc/pseries/memhotplug: Quieten some DLPAR operations
- commit 4d451a9

- powerpc/powernv: Add a null pointer check in
  opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check in opal_event_init()
- powerpc/pseries/memhp: Fix access beyond end of drmem array
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
- commit d5de04b

- Store the old kernel changelog entries in kernel-docs package (bsc#1218713)
  The old entries are found in kernel-docs/old_changelog.txt in docdir.
  rpm/old_changelog.txt can be an optional file that stores the similar
  info like rpm/kernel-sources.changes.old.  It can specify the commit
  range that have been truncated.  scripts/ expands from the
  git log accordingly.
- commit c9a2566

- fs: ocfs2: namei: check return value of ocfs2_add_entry()
- commit 37053b5

- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string()
- commit 22c7474

- orangefs: Fix sysfs not cleanup when dev init failed
- commit 3dc6f72

- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- commit 2e4dd8d

- orangefs: fix orangefs df output (git-fixes).
- commit 14af1e9

- fs/fat/file.c: issue flush after the writeback of FAT
- commit 4b5cf8c

- fs/exofs: fix potential memory leak in mount option parsing
- commit c3e2f19

- orangefs: rate limit the client not running info message
- commit 9ffd7ce

- gfs2: ignore negated quota changes (git-fixes).
- commit 65c2047

- gfs2: Fix possible data races in gfs2_show_options()
- commit 57d66df

- gfs2: Fix inode height consistency check (git-fixes).
- commit d7ee5ae

- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- commit 381ce29

- gfs2: Make sure FITRIM minlen is rounded up to fs block size
- commit 59f59dc

- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- commit 8e79a5c

- gfs2: Don't call dlm after protocol is unmounted (git-fixes).
- commit 0e0a651

- gfs2: Fix use-after-free in gfs2_glock_shrink_scan (git-fixes).
- commit 4dff329

- gfs2: report "already frozen/thawed" errors (git-fixes).
- commit e5108bb

- gfs2: Don't skip dlm unlock if glock has an lvb (git-fixes).
- commit 38230f9

- gfs2: check for empty rgrp tree in gfs2_ri_update (git-fixes).
- commit 3484422

- gfs2: Wake up when sd_glock_disposal becomes zero (git-fixes).
- commit 6e96bc8

- gfs2: check for live vs. read-only file system in gfs2_fitrim
- commit dece8b9

- gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix
  use-after-free (git-fixes).
- commit 5f11647

- gfs2: add validation checks for size of superblock (git-fixes).
- commit 4bfdec0

- gfs2: fix use-after-free on transaction ail lists (git-fixes).
- commit 3c0934a

- gfs2: initialize transaction tr_ailX_lists earlier (git-fixes).
- commit a3dcb8b

- gfs2: Allow lock_nolock mount to specify jid=X (git-fixes).
- commit c3d10eb

- gfs2_atomic_open(): fix O_EXCL|O_CREAT handling on cold dcache
- commit 50b2782

- gfs2: clear buf_in_tr when ending a transaction in
  sweep_bh_for_rgrps (git-fixes).
- commit 0638ce6

- gfs2: Fix sign extension bug in gfs2_update_stats (git-fixes).
- commit 6905d0e

- gfs2: Fix lru_count going negative (git-fixes).
- commit 22c6d6f

- gfs2: take jdata unstuff into account in do_grow (git-fixes).
- commit f6cafad

- gfs2: Fix marking bitmaps non-full (git-fixes).
- commit 27f21b4

- GFS2: Flush the GFS2 delete workqueue before stopping the
  kernel threads (git-fixes).
- commit c0d61c2

- gfs2: Don't set GFS2_RDF_UPTODATE when the lvb is updated
- commit ca05c1f

- gfs2: Special-case rindex for gfs2_grow (git-fixes).
- commit 77ffe3d

- reiserfs: Replace 1-element array with C99 style flex-array
- commit ed361ae

- reiserfs: Check the return value from __getblk() (git-fixes).
- commit c984c17

- affs: fix basic permission bits to actually work (git-fixes).
- commit 6abe668

- PCI: Disable ATS for specific Intel IPU E2000 devices
- commit 6c47e22

- Fix build error in debug config
- commit f49e139

- smb: client: fix potential OOB in smb2_dump_detail()
  (bsc#1217946 CVE-2023-6610).
- commit 04b527b

- smb: client: fix potential OOB in smb2_dump_detail()
  (bsc#1217946 CVE-2023-6610).
- commit 74aafd7

- Revert "MyBS: Workaround for kernel-obs-build build failure"
  This reverts commit 71a32afaad64088d3426f504905953ff13021f17.
  OBS configuration should be updated now.
- commit 7697d64

- Limit kernel-source build to architectures for which the kernel binary
  is built (bsc#1108281).
- commit 08a9e44

- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (bsc#1202095 CVE-2022-2586).
- commit 32951b9

- netfilter: nf_tables: do not allow SET_ID to refer to another table (bsc#1202095 CVE-2022-2586).
- commit d107d27

- netfilter: preserve KABI for struct nft_set (bsc#1202095 CVE-2022-2586).
- commit b3d22c5

- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (bsc#1202095 CVE-2022-2586).
- commit 61a0caa

- Resolve build warnings from previous series due to missing commit for
  Ice Lake freerunning counters
  perf/x86/intel/uncore: Add box_offsets for free-running counters
  (jsc#PED-5023 bsc#1211439).
- commit 8524ea3

- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
  (CVE-2023-51779 bsc#1218559).
- commit f63e944

- blacklist.conf: update blacklist
- commit 6de7142

- xhci: Clear EHB bit only at end of interrupt handler
- commit 21f5e35

- usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
- commit d5b5186

- MyBS: Workaround for kernel-obs-build build failure
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  kernel-obs-build needs root for build. This is in some way enabled for
  the package link case but not for multibuild case. As a workaround add
  the allowrootforbuild flag to prjconf for multibuild.
- commit 71a32af

- md/raid1: fix error: ISO C90 forbids mixed declarations
- commit c63e55d

- dm-integrity: don't modify bio's immutable bio_vec in
  integrity_metadata() (git-fixes).
- md: don't leave 'MD_RECOVERY_FROZEN' in error path of
  md_set_readonly() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm verity: don't perform FEC for failed readahead IO
- bcache: add code comments for bch_btree_node_get() and
  __bch_btree_node_alloc() (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in
  btree_gc_coalesce() (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: check return value from btree_node_alloc_replacement()
- md/raid1: hold the barrier until handle_read_error() finishes
- md/raid1: free the r1bio before waiting for blocked rdev
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- dm cache policy smq: ensure IO doesn't prevent cleaner policy
  progress (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr()
  error paths (git-fixes).
- md/raid0: add discard support for the 'original' layout
- bcache: Fix __bch_btree_node_alloc to make the failure behavior
  consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations
- nbd: Add the maximum limit of allocated index in nbd_dev_add
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init()
  error path (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC
- dm stats: check for and propagate alloc_percpu failure
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create()
  fails (git-fixes).
- dm cache: add cond_resched() to various workqueue loops
- dm thin: add cond_resched() to various workqueue loops
- dm: remove flush_scheduled_work() during local_exit()
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm flakey: don't corrupt the zero page (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors
- commit 640b528

- Previous perf cve-4.12->SLE12-SP5 manual merge was incorrect. Fix.
- Refresh
- Refresh patches.suse/perf-Fix-perf_event_validate_size.patch.
- commit 3382aa6

- MyBS: Fix the logic of the wipe conditional.
  - with no_init specified leave the built packages
  - with multibuild the package may be present even if build is not
  enabled, delete anyway
- commit 9c2f303

- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184)
  When MULTIBUILD option in is enabled generate a _multibuild
  file listing all spec files.
- commit f734347

- Build in the correct KOTD repository with multibuild
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  With multibuild setting repository flags is no longer supported for
  individual spec files - see
  Add ExclusiveArch conditional that depends on a macro set up by
  bs-upload-kernel instead. With that each package should build only in
  one repository - either standard or QA.
  Note: bs-upload-kernel does not interpret rpm conditionals, and only
  uses the first ExclusiveArch line to determine the architectures to
- commit aa5424d

- bs-upload-kernel, MyBS, Buildresults: Support multibuild
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
- strip package name prefix when recording results
- add package prefix to linked packages
- when _multibuild file is present do not link packages
- use onlybuild BuildFlag for limiting build to specific packages
- generate is_kotd_qa macro in project config that can be used to
  determine if the package is built in the QA repository
  This is _very_ convoluted. No shell or lua tools can be used because
  this information needs to be available to the OBS to schedule the
  package in the correct repository, and it does not run scripts. The
  builtin sub macro for slicing strings causes a build error - it
  expanded correctly by the scheduler but not available at package build
  time. If conditional cannot be used because rpm macros from project
  config are added to a macro include file, and those do not support
  conditionals. That leaves the option to use an expression that
  explicitly enumerates all QA repository names. This requires unusal
  and convoluted check in the spec file to make use of.
- commit 747f601

- MyBS: create_package: Specify package should build in QA repository
  by argument (JSC-SLE#5501, boo#1211226, bsc#1218184)
  Drop the unused title and description arguments, move the package name
  match to upload_package and pass teh result, add additional argument for
- commit a355e71

- bs-upload-kernel: Wipe kernel-obs-build before upload
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  The kernel upload takes long enough for packages to start building
  during the upload. If the project contains kernel-obs-build binary that
  crashes on boot builds fail as a result. Wipe kernel-obs-build before
  the upload. Handle the case when the package does not exist yet by
  ignoring the error.
- commit cdac4cc

- bs-upload-kernel: Use one package list (JSC-SLE#5501, boo#1211226, bsc#1218184)
  There were ultiple package lists passed to upload_package supporting the
  distinction between package names starting with kernel- which can be
  individually selected for build, and other packages. Pass only one
  package list to simplify the logic and make it possible to know the full
  package list before doing the upload.
- commit ec941eb

- bs-upload-kernel: Support package limit for non-kernel packages
  (JSC-SLE#5501, boo#1211226, bsc#1218184)
  The -f option of the bs-upload-kernel script adds kernel- prefix
  unconditionally the package name.
  List all spec files in the uploaded directory, and check if the package
  exists with or without the kernel- prefix.
- commit 354b77b

- bs-upload-kernel: Drop BS_SUFFIX (JSC-SLE#5501, boo#1211226, bsc#1218184)
  BS_SUFFIX was used by SLE12 SP1 for Arm. This release is no longer
  maintained, and this feature gets no testing.
  Substantial changes to this script are required, and it's unlikely this
  feture would keep working after that.
- commit e27b306

- blacklist.conf: Add 1ca0b6051505 cgroup: Remove duplicates in cgroup v1 tasks file
- commit a77e914

- blacklist.conf: add non-backport commits of git-fixes
- commit 4d91f49

- blacklist.conf: change to logging only
- commit a144be1

- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- commit 0feae40

- Fix termination state for idr_for_each_entry_ul() (bsc#1109837).
- commit d343735

- Bluetooth: avoid memcmp() out of bounds warning (bsc#1215237
- Bluetooth: hci_event: Fix coding style (bsc#1215237
- Bluetooth: hci_event: Fix using memcmp when comparing keys
  (bsc#1215237 CVE-2020-26555).
- commit eb3189f

- Bluetooth: Reject connection with the device which has same
  BD_ADDR (bsc#1215237 CVE-2020-26555).
- commit fea8835

- Bluetooth: hci_event: Ignore NULL link key (bsc#1215237
- commit c0e1033

- perf/x86/intel/uncore: Fix reference count leak in
  __uncore_imc_init_box() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix reference count leak in
  snr_uncore_mmio_map() (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
  PMU (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix CAS_COUNT_WRITE issue for ICX
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix IIO event constraints for Snowridge
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix Intel ICX IIO event constraints
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Support extra IMC channel on Ice Lake
  server (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix integer overflow on 23 bit left
  shift of a u32 (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server
  (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix the scale of the IMC free-running
  events (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix oops when counting IMC uncore events
  on some TGL (jsc#PED-5023 bsc#1211439 (git-fixes)).
- perf/x86/intel/uncore: Fix missing marker for
  snr_uncore_imc_freerunning_events (jsc#PED-5023 bsc#1211439
- commit 1cc4e6d

- perf: Fix perf_event_validate_size() lockdep splat
  (CVE-2023-6931 bsc#1218258).
- perf: Fix perf_event_validate_size() (CVE-2023-6931
- commit 6cfe60a

- smb: client: fix OOB in smbCalcSize() (bsc#1217947
- commit d398d5f

- smb: client: fix OOB in smbCalcSize() (bsc#1217947
- commit 6765acb

- perf/x86/intel/uncore: Add Rocket Lake support (jsc#PED-5023
- commit 60ab65b

- perf/x86/msr: Add Rocket Lake CPU support (jsc#PED-5023
- commit fac3f56

- perf/x86/msr: Add Tiger Lake CPU support (jsc#PED-5023
- commit 7c0409f

- perf/x86/cstate: Add Rocket Lake CPU support (jsc#PED-5023
- commit f918ead

- perf/x86/cstate: Add Tiger Lake CPU support (jsc#PED-5023
- Refresh
- commit c544da1

- perf/x86/intel: Add Rocket Lake CPU support (jsc#PED-5023
- commit 5b98b63

- perf/x86/intel: Add Tiger Lake CPU support (jsc#PED-5023
- commit 0e12a3f

- perf/x86/intel: Fix Ice Lake event constraint table
  (jsc#PED-5023 bsc#1211439).
- commit cd283d5

- perf/x86/intel/uncore: Update Ice Lake uncore units
  (jsc#PED-5023 bsc#1211439).
- commit 0e10240

- perf/x86/intel/uncore: Split the Ice Lake and Tiger Lake MSR
  uncore support (jsc#PED-5023 bsc#1211439).
- commit 9c5fb1a

- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to
  the to Intel CPU family (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit 2561a0a

- perf/x86/intel/uncore: Add Comet Lake support (jsc#PED-5023
- Refresh
- commit 2e1087f

- x86/cpu: Add Sapphire Rapids CPU model number (jsc#PED-5023
- commit 5b5d85f

- perf/x86/rapl: Add Ice Lake RAPL support (jsc#PED-5023
- commit c6183ea

- perf/x86/intel/uncore: Add Ice Lake server uncore support
  (jsc#PED-5023 bsc#1211439).
- commit 4150606

- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box
  (jsc#PED-5023 bsc#1211439).
- commit c73e167

- perf/x86: Add Intel Tiger Lake uncore support (jsc#PED-5023
- Refresh
- Refresh
- Refresh
- commit f5492f0

- perf/x86/cstate: Update C-state counters for Ice Lake
  (jsc#PED-5023 bsc#1211439).
- Refresh
- commit fef0544

- perf/x86/msr: Add new CPU model numbers for Ice Lake
  (jsc#PED-5023 bsc#1211439).
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- commit 68588a6

- perf/x86/msr: Add Comet Lake CPU support (jsc#PED-5023
- commit 2ec338b

- x86/cpu: Add Comet Lake to the Intel CPU models header
  (jsc#PED-5023 bsc#1211439).
- blacklist.conf:
- commit bd3eac7

- x86/cpu: Add Tiger Lake to Intel family (jsc#PED-5023
- blacklist.conf:
- Refresh patches.suse/x86-CPU-Add-Icelake-model-number.patch.
- Refresh patches.suse/x86-cpu-sanitize-fam6_atom-naming.patch.
- commit 45e2da6

- perf/x86/intel: Mark expected switch fall-throughs (jsc#PED-5023
- Refresh
- Refresh
- commit ebba1f6

- perf/x86/intel: Fix invalid Bit 13 for Icelake MSR_OFFCORE_RSP_x
  register (jsc#PED-5023 bsc#1211439).
- commit b357e8f

- perf/x86/intel/uncore: Add IMC uncore support for Snow Ridge
  (jsc#PED-5023 bsc#1211439).
- commit 1e6f0c4

- perf/x86/intel/uncore: Clean up client IMC (jsc#PED-5023
- commit b9f2803

- perf/x86/intel/uncore: Support MMIO type uncore blocks
  (jsc#PED-5023 bsc#1211439).
- Refresh
- commit 2ed2c09

- perf/x86/intel/uncore: Factor out box ref/unref functions
  (jsc#PED-5023 bsc#1211439).
- commit 9298d3b

- perf/x86/intel/uncore: Add uncore support for Snow Ridge server
  (jsc#PED-5023 bsc#1211439).
- Refresh
- Refresh
- Refresh
- Refresh
- commit 6e7af12

- perf/x86/intel: Add more Icelake CPUIDs (jsc#PED-5023
- Refresh
- Refresh
- commit ba0eb7e

- perf/x86/intel: Add Icelake desktop CPUID (jsc#PED-5023
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- commit 7786ce1

- perf/x86/intel/uncore: Add new IMC PCI IDs for KabyLake,
  AmberLake and WhiskeyLake CPUs (jsc#PED-5023 bsc#1211439).
- commit 4d459ae

- perf/x86/intel/uncore: Add tabs to Uncore IMC PCI IDs
  (jsc#PED-5023 bsc#1211439).
- commit 1e8abbc

- perf/x86: Add Intel Ice Lake NNPI uncore support (jsc#PED-5023
- Refresh
- Refresh
- Refresh
- commit 55befa5

- x86/cpu: Add Ice Lake NNPI to Intel family (jsc#PED-5023
- Refresh
- commit 34f99e6

- s390/vx: fix save/restore of fpu kernel context (git-fixes
- commit 657e47b

- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- commit 6f2b20c

- Input: powermate - fix use-after-free in
  powermate_config_complete (git-fixes).
- commit 6690cf9

- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- commit 64cb7dc

- ipv4: igmp: fix refcnt uaf issue when receiving igmp query
  packet (bsc#1218253 CVE-2023-6932).
- commit ebe786a

- gve: Fixes for napi_poll when budget is 0 (bsc#1214479).
- gve: Do not fully free QPL pages on prefill errors
- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: unify driver name usage (bsc#1214479).
- gve: Set default duplex configuration to full (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 9108d42

- tracing: Update snapshot buffer on resize if it is allocated
- commit 30f36d0

- ring-buffer: Fix memory leak of free page (git-fixes).
- commit 7dfbb97

- blacklist.conf: add a not-relevant ftrace fix
- commit 09bf0c1

- blacklist.conf: false positive
- commit 71ff422

- r8152: Add RTL8152_INACCESSIBLE checks to more loops
- commit 6e72146

- net: dsa: mv88e6xxx: Fix 88E6141/6341 2500mbps SERDES speed
- commit ce068ed

- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE
- commit 715a8e7

- blacklist.conf: update blacklist
- commit 9a12072

- blacklist.conf: update blacklist
- commit cc9998b

- net: stmmac: Move debugfs init/exit to ->probe()/->remove() (git-fixes).
- commit e003b9a

- net: ethernet: ti: cpsw: unsync mcast entries while switch promisc mode (git-fixes).
- commit 39aa8c8

- net: macb: disable scatter-gather for macb on sama5d3 (git-fixes).
- commit a5f5aa8

- netfilter: nft_compat: use-after-free when deleting targets
- commit 2ea1f0c

- netfilter: nf_tables: fix use-after-free when deleting compat
  expressions (git-fixes).
- commit b4fa1c0

- tcp: fix under-evaluated ssthresh in TCP Vegas (git-fixes).
- commit b480783

- blacklist.conf: update blacklist
- commit 14f35e3

- netfilter: ebtables: also count base chain policies (git-fixes).
- Refresh
- commit 051bd2a

- netfilter: ebtables: compat: un-break 32bit setsockopt when
  no rules are present (git-fixes).
- Refresh
- commit 332123a

- netfilter: ebtables: don't attempt to allocate 0-sized compat
  array (git-fixes).
- Refresh
- commit 39f9e26

- netfilter: preserve KABI for xt_compat_init_offsets (git-fixes).
- commit 71e46a5

- netfilter: compat: reject huge allocation requests (git-fixes).
- commit f398964

- netfilter: compat: prepare xt_compat_init_offsets to return
  errors (git-fixes).
- commit a1a8d4f

- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218057).
- commit d3f8ccb

- tracing: Disable snapshot buffer when stopping instance tracers
- commit b07eab3

- tracing: Stop current tracer when resizing buffer (git-fixes).
- commit 5c0c11a

- tracing: Always update snapshot buffer size (git-fixes).
- commit c831a81

- tracing: relax trace_event_eval_update() execution with
  cond_resched() (git-fixes).
- commit f1e2f19

- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
- commit 50692e8

- README.BRANCH: update maintainers list
- commit 4795fb8

- ipv6/addrconf: fix a potential refcount underflow for idev
- commit 0afb0f6

- ipv6: remove extra dev_hold() for fallback tunnels (git-fixes).
- commit a02e296

- ip6_tunnel: sit: proper dev_{hold|put} in ndo_[un]init methods
- commit 934530e

- sit: proper dev_{hold|put} in ndo_[un]init methods (git-fixes).
- commit 96165ef

- ip6_vti: proper dev_{hold|put} in ndo_[un]init methods
- commit 42264ea

- ip6_gre: proper dev_{hold|put} in ndo_[un]init methods
- commit 8fe5105

- xsk: Fix incorrect netdev reference count (git-fixes).
- commit 2ed0c59

- xfrm: reuse uncached_list to track xdsts (git-fixes).
- blacklist.conf: remove from the blacklist
- Refresh
- Refresh
- commit 38edc03

- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH
- commit b55327d

- tracing: Fix a possible race when disabling buffered events
- commit 5f21a8d

- net: usb: ax88179_178a: fix failed operations during
  ax88179_reset (git-fixes).
- commit 9041dc6

- r8152: Cancel hw_phy_work if we have an error in probe
- commit 6ae718a

- r8152: Run the unload routine if we have errors during probe
- commit d668b36

- r8152: Increase USB control msg timeout to 5000ms as per spec
- commit 3e20995

- tracing: Fix a warning when allocating buffered events fails
- commit 80b9661

- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
- commit 9c4175d

- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes
- commit 4da118c

- nvmet: nul-terminate the NQNs passed in the connect command
  (bsc#1217250 CVE-2023-6121).
- commit 2021a67

- tracing: Fix incomplete locking when disabling buffered events
- commit 9d8e191

- tracing: Fix warning in trace_buffered_event_disable()
  (git-fixes, bsc#1217036).
- commit 693b5e0

- kernel-source: Remove config-options.changes (jsc#PED-5021)
  The file doc/config-options.changes was used in the past to document
  kernel config changes. It was introduced in 2010 but haven't received
  any updates on any branch since 2015. The file is renamed by
  to config-options.changes.txt and shipped in the kernel-source RPM
  package under /usr/share/doc. As its content now only contains outdated
  information, retaining it can lead to confusion for users encountering
  this file.
  Config changes are nowadays described in associated Git commit messages,
  which get automatically collected and are incorporated into changelogs
  of kernel RPM packages.
  Drop then this obsolete file, starting with its packaging logic.
  For branch maintainers: Upon merging this commit on your branch, please
  correspondingly delete the file doc/config-options.changes.
- commit adedbd2

- Make a few polishing changes (jsc#PED-5021)
  * Move address at the front of SUSE email domains, as that is
  the one that should be normally used for contributions, according to
  the current SUSE Open Source Policy.
  * Avoid repeatedly using "please" in two consecutive sentences.
  * Fix a typo in section "Patch sorting": "commit" -> "commits".
  * Prefix relative commands in section "Config option changes" with "./"
  even if they are from a subdirectory, for consistency with the rest of
  the document.
  * Turn "Related information" into a proper list.
- commit 7c8a1e3

- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
  Reduce indentation in the list of references, make the style consistent
- commit 70e3c33

- doc/README.SUSE: Add how to update the config for module signing
  Configuration files for SUSE kernels include settings to integrate with
  signing support provided by the Open Build Service. This creates
  problems if someone tries to use such a configuration file to build
  a "standalone" kernel as described in doc/README.SUSE:
  * Default configuration files available in the kernel-source repository
  unset CONFIG_MODULE_SIG_ALL to leave module signing to
  pesign-obs-integration. In case of a "standalone" build, this
  integration is not available and the modules don't get signed.
  * The kernel spec file overrides CONFIG_MODULE_SIG_KEY to
  ".kernel_signing_key.pem" which is a file populated by certificates
  provided by OBS but otherwise not available. The value ends up in
  /boot/config-$VERSION-$RELEASE-$FLAVOR and /proc/config.gz. If someone
  decides to use one of these files as their base configuration then the
  build fails with an error because the specified module signing key is
  Add information on how to enable module signing and where to find the
  relevant upstream documentation.
- commit a699dc3
- Add 0207-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
  Inconsistencies in /etc/exports shouldn't be fatal.
- remember the enabled state of sshd state, so openssh8,4 can pick it
  up. bsc#1220110

- Added openssh-cve-2023-51385.patch (bsc#1218215, CVE-2023-51385).
  This limits the use of shell metacharacters in host- and
  user names.
- Add CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Switch to the new SUSEConnect-ng (bsc#1212799), includes
  additional fixes:
  - SSL reload fix (bsc#1195220)
  - Detection of base products coming from SCC
    (bsc#1194989, bsc#1217317)
- 3.3.2
- Changes in version 3.0.12
  + Optimize lsof usage (bsc#1183663)
  + Collects ntp or chrony as needed (bsc#1196293)

- Added email.txt based on OPTION_EMAIL

- Added run time detection (bsc#1213127)
- Add patch bsc1216825.patch
  Avoid SIGSEGV in case of sending SIGTERM to a top command
  running in batch mode (bsc#1216825)
- Add CVE-2023-5752-r-param-hg.patch to fix bsc#1217353
  (CVE-2023-5752) avoiding injection of arbitrary configuration
  through Mercurial parameter.
- Add new idmap_nss option 'use_upn' for those NSS modules able to
  handle UPNs or DOMAIN/user name format; (bsc#1215369);
- Avoid unnecessary locking in idmap parent setup; (bsc#1215369);
- Do not try to set domain online in the idmap child;
  (bsc#1215369); (bso#15317).
- Make consistent check to enable relative path on btrfs (bsc#1174567) (bsc#1216912)
  * 0001-Unify-the-check-to-enable-btrfs-relative-path.patch
- Update EC2 plugin to 1.0.4 (bsc#1219156, bsc#1219159)
  + Fix the algorithm to determine the region from the availability zone
    information retrieved from IMDS.
- Update to version 10.1.6
  + Support specifying an IPv6 address for a manually configured target
    update server.
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
  + Remove duplicate data collection for the plugin itself
  + Collect archive metering data when available
  + Query billing flavor status
- Refresh CVE-2023-27043-email-parsing-errors.patch from
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Update to version 2.0.1 (bsc#1217537)
  + Replacing certs
    expiring in 8 years and new length of 4096
    These certs will replace the current certs that
    expire soon
- Touch /run/reboot-needed if a patch suggesting a reboot was
  installed (bsc#1217948)
  It is expected that /run is cleaned at boot time, so the presence
  of the file is one way to indicate that the system needs a reboot.
  The recommended way for scripts to test whether a system reboot
  is suggested will be calling `zypper needs-rebooting`.
- version 16.22.11 (0)
- Fix CVE-2023-7207, path traversal vulnerability (bsc#1218571)
  * fix-CVE-2023-7207.patch
- Import commit cdbaab11e02eb29810963d9248677cf5ce84dc7f
  bf57bec240 man: document that PAMName= and NotifyAccess=all don't mix well.
  823ec43d38 man: add brief documentation for the (sd-pam) processes created due to PAMName= (#4967)
  256f8e70d2 service: accept the fact that the three xyz_good() functions return ints
  2a62219d4d service: drop _pure_ decorator on static function
  14e71b9180 service: a cgroup empty notification isn't reason enough to go down (bsc#1212207)
  943f812b3d service: add explanatory comments to control_pid_good() and cgroup_good()
  87a54d3060 service: fix main_pid_good() comment

- Import commit 17837e912c887402ff309215056d441b2881f9b6
  27e9161566 utmp-wtmp: handle EINTR gracefully when waiting to write to tty
  557ac78b1c utmp-wtmp: fix error in case isatty() fails
  3e0bde3ade sd-netlink: handle EINTR from poll() gracefully, as success
  61d939f79a stdio-bridge: don't be bothered with EINTR
  367ee82375 sd-bus: handle -EINTR return from bus_poll() (bsc#1215241)
  acca59ec26 libsystemd: ignore both EINTR and EAGAIN
  0ae5743060 errno-util: introduce ERRNO_IS_TRANSIENT()

- Import commit f4af8cbfb8ddc2baddfd992ebff0fb4858e4f651
  02dde27b0e man/systemd-fsck@.service: clarify passno and noauto combination in /etc/fstab (bsc#1211725)
  9f0a3ab847 units/initrd-parse-etc.service: Conflict with
  98035f2aa8 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
  0a8225faea core/mount: Don't unmount initramfs mounts
  9eaf1537b4 man: describe that changing Storage= does not move existing data
- Security fix (CVE-2024-25062, bsc#1219576) use-after-free in XMLReader
  * Added libxml2-CVE-2024-25062.patch
- update to NSS 3.90.2
  * bmo#1780432 - (CVE-2023-5388) Timing attack against RSA
    decryption in TLS. (bsc#1216198)
  * bmo#1867408 - add a defensive check for large ssl_DefSend
    return values.

- update to NSS 3.90.1
  * bmo#1813401 - regenerate NameConstraints test certificates.
  * bmo#1854795 - add OSXSAVE and XCR0 tests to AVX2 detection.
- Remove nss-fix-bmo1813401.patch which is now upstream.

- Add nss-fix-bmo1813401.patch to fix bsc#1214980
- Backport needs-rebooting command from Code15 (bsc#1217948)
- BuildRequires:  libzypp-devel >= 16.22.11.
- version 1.13.65
- Use --overwrite option (bsc#1216685, ca-certificates-overwrite.diff)
- bsc#1215801: Use system-supplied libevent instead of local copy.
- Refresh CVE-2023-27043-email-parsing-errors.patch from
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Fix CVE-2023-39804, Incorrectly handled extension attributes in
  PAX archives can lead to a crash, bsc#1217969
  * fix-CVE-2023-39804.patch
- Refresh CVE-2023-27043-email-parsing-errors.patch to
  gh#python/cpython!111116, fixing bsc#1210638 (CVE-2023-27043).
- Add missing O_DIRECTORY flag in `protect_dir()` for pam_namespace module.
  [bsc#1218475, pam-bsc1218475-pam_namespace-O_DIRECTORY-flag.patch]
- Fix update-alternative in %postun, bsc#1218765