bind
- Update to release 9.16.42
  Security Fixes:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit. (CVE-2023-2828)
  * A query that prioritizes stale data over lookup triggers a
    fetch to refresh the stale data in cache. If the fetch is
    aborted for exceeding the recursion quota, it was possible for
    named to enter an infinite callback loop and crash due to stack
    overflow. This has been fixed. (CVE-2023-2911)
  Bug Fixes:
  * Previously, it was possible for a delegation from cache to be
    returned to the client after the stale-answer-client-timeout
    duration. This has been fixed.
  [bsc#1212544, bsc#1212567, jsc#SLE-24600]
- Update to release 9.16.41
  Bug Fixes:
  * When removing delegations from an opt-out range,
    empty-non-terminal NSEC3 records generated by those delegations
    were not cleaned up. This has been fixed.
  [jsc#SLE-24600]
- Update to release 9.16.40
  Bug Fixes:
  * Logfiles using timestamp-style suffixes were not always
    correctly removed when the number of files exceeded the limit
    set by versions. This has been fixed for configurations which
    do not explicitly specify a directory path as part of the file
    argument in the channel specification.
  * Performance of DNSSEC validation in zones with many DNSKEY
    records has been improved.
- Update to release 9.16.39
  Feature Changes:
  * libuv support for receiving multiple UDP messages in a single
    recvmmsg() system call has been tweaked several times between
    libuv versions 1.35.0 and 1.40.0; the current recommended libuv
    version is 1.40.0 or higher. New rules are now in effect for
    running with a different version of libuv than the one used at
    compilation time. These rules may trigger a fatal error at
    startup:
  - Building against or running with libuv versions 1.35.0 and
    1.36.0 is now a fatal error.
  - Running with libuv version higher than 1.34.2 is now a
    fatal error when named is built against libuv version
    1.34.2 or lower.
  - Running with libuv version higher than 1.39.0 is now a
    fatal error when named is built against libuv version
    1.37.0, 1.38.0, 1.38.1, or 1.39.0.
  * This prevents the use of libuv versions that may trigger an
    assertion failure when receiving multiple UDP messages in a
    single system call.
  Bug Fixes:
  * named could crash with an assertion failure when adding a new
    zone into the configuration file for a name which was already
    configured as a member zone for a catalog zone. This has been
    fixed.
  * When named starts up, it sends a query for the DNSSEC key for
    each configured trust anchor to determine whether the key has
    changed. In some unusual cases, the query might depend on a
    zone for which the server is itself authoritative, and would
    have failed if it were sent before the zone was fully loaded.
    This has now been fixed by delaying the key queries until all
    zones have finished loading.
  [jsc#SLE-24600]
cloud-init
- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
  + Add hidesensitivedata
  + Add cloud-init-cve-2023-1786-redact-inst-data.patch
  + Do not expose sensitive data gathered from the CSP
- Update to version 23.1
  + Remove patches included upstream:
  - cloud-init-btrfs-queue-resize.patch
  - cloud-init-micro-is-suse.patch
  - cloud-init-suse-afternm.patch
  - cloud-init-prefer-nm.patch
  - cloud-init-transact-up.patch
  + Forward port
  - cloud-init-write-routes.patch
  + Added
  - cloud-init-fix-ca-test.patch
  + Support transactional-updates for SUSE based distros (#1997)
    [Robert Schweikert]
  + Set ownership for new folders in Write Files Module (#1980)
    [Jack] (LP: #1990513)
  + add OpenCloudOS and TencentOS support (#1964) [wynnfeng]
  + lxd: Retry if the server isn't ready (#2025)
  + test: switch pycloudlib source to pypi (#2024)
  + test: Fix integration test deprecation message (#2023)
  + Recognize opensuse-microos, dev tooling fixes [Robert Schweikert]
  + sources/azure: refactor imds handler into own module (#1977)
    [Chris Patterson]
  + docs: deprecation generation support [1/2] (#2013)
  + add function is_virtual to distro/FreeBSD (#1957) [Mina Galić]
  + cc_ssh: support multiple hostcertificates (#2018) (LP: #1999164)
  + Fix minor schema validation regression and fixup typing (#2017)
  + doc: Reword user data debug section (#2019)
  + Overhaul/rewrite of certificate handling as follows: (#1962)
    [dermotbradley] (LP: #1931174)
  + disk_setup: use byte string when purging the partition table (#2012)
    [Stefan Prietl]
  + cli: schema also validate vendordata*.
  + ci: sort and add checks for cla signers file [Stefan Prietl]
  + Add "/ederst"/ as contributor (#2010) [Stefan Prietl]
  + readme: add reference to packages dir (#2001)
  + docs: update downstream package list (#2002)
  + docs: add google search verification (#2000) [s-makin]
  + docs: fix 404 render use default notfound_urls_prefix in RTD conf (#2004)
  + Fix OpenStack datasource detection on bare metal (#1923)
    [Alexander Birkner] (LP: #1815990)
  + docs: add themed RTD 404 page and pointer to readthedocs-hosted (#1993)
  + schema: fix gpt labels, use type string for GUID (#1995)
  + cc_disk_setup: code cleanup (#1996)
  + netplan: keep custom strict perms when 50-cloud-init.yaml exists
  + cloud-id: better handling of change in datasource files
    [d1r3ct0r] (LP: #1998998)
  + tests: Remove restart check from test
  + Ignore duplicate macs from mscc_felix and fsl_enetc (LP: #1997922)
  + Warn on empty network key (#1990)
  + Fix Vultr cloud_interfaces usage (#1986) [eb3095]
  + cc_puppet: Update puppet service name (#1970) [d1r3ct0r] (LP: #2002969)
  + docs: Clarify networking docs (#1987)
  + lint: remove httpretty (#1985) [sxt1001]
  + cc_set_passwords: Prevent traceback when restarting ssh (#1981)
  + tests: fix lp1912844 (#1978)
  + tests: Skip ansible test on bionic (#1984)
  + Wait for NetworkManager (#1983) [Robert Schweikert]
  + docs: minor polishing (#1979) [s-makin]
  + CI: migrate integration-test to GH actions (#1969)
  + Fix permission of SSH host keys (#1971) [Ron Gebauer]
  + Fix default route rendering on v2 ipv6 (#1973) (LP: #2003562)
  + doc: fix path in net_convert command (#1975)
  + docs: update net_convert docs (#1974)
  + doc: fix dead link
  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
    (#1967) [Emanuele Giuseppe Esposito]
  + distros/rhel.py: _read_hostname() missing strip on "/hostname"/ (#1941)
    [Mark Mielke]
  + integration tests: add  IBM VPC support (SC-1352) (#1915)
  + machine-id: set to uninitialized to trigger regeneration on clones
    (LP: #1999680)
  + sources/azure: retry on connection error when fetching metdata (#1968)
    [Chris Patterson]
  + Ensure ssh state accurately obtained (#1966)
  + bddeb: drop dh-systemd dependency on newer deb-based releases [d1r3ct0r]
  + doc: fix `config formats` link in cloudsigma.rst (#1960)
  + Fix wrong subp syntax in cc_set_passwords.py (#1961)
  + docs: update the PR template link to readthedocs (#1958) [d1r3ct0r]
  + ci: switch unittests to gh actions (#1956)
  + Add mount_default_fields for PhotonOS. (#1952) [Shreenidhi Shedi]
  + sources/azure: minor refactor for metadata source detection logic
    (#1936) [Chris Patterson]
  + add "/CalvoM"/ as contributor (#1955) [d1r3ct0r]
  + ci: doc to gh actions (#1951)
  + lxd: handle 404 from missing devices route for LXD 4.0 (LP: #2001737)
  + docs: Diataxis overhaul (#1933) [s-makin]
  + vultr: Fix issue regarding cache and region codes (#1938) [eb3095]
  + cc_set_passwords: Move ssh status checking later (SC-1368) (#1909)
    (LP: #1998526)
  + Improve Wireguard module idempotency (#1940) [Fabian Lichtenegger-Lukas]
  + network/netplan: add gateways as on-link when necessary (#1931)
    [Louis Sautier] (LP: #2000596)
  + tests: test_lxd assert features.networks.zones when present (#1939)
  + Use btrfs enquque when available (#1926) [Robert Schweikert]
  + sources/azure: drop description for report_failure_to_fabric() (#1934)
    [Chris Patterson]
  + cc_disk_setup.py: fix MBR single partition creation (#1932)
    [dermotbradley] (LP: #1851438)
  + Fix typo with package_update/package_upgrade (#1927) [eb3095]
  + sources/azure: fix device driver matching for net config (#1914)
    [Chris Patterson]
  + BSD: fix duplicate macs in Ifconfig parser (#1917) [Mina Galić]
  + test: mock dns calls (#1922)
  + pycloudlib: add lunar support for integration tests (#1928)
  + nocloud: add support for dmi variable expansion for seedfrom URL
    (LP: #1994980)
  + tools: read-version drop extra call to git describe --long
  + doc: improve cc_write_files doc (#1916)
  + read-version: When insufficient tags, use cloudinit.version.get_version
  + mounts: document weird prefix in schema (#1913)
  + add utility function test cases (#1910) [sxt1001]
  + test: mock file deletion in dhcp tests (#1911)
  + Ensure network ready before cloud-init service runs on RHEL (#1893)
    (LP: #1998655)
  + docs: add copy button to code blocks (#1890) [s-makin]
  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
  + azure: fix support for systems without az command installed (#1908)
  + Networking Clarification (#1892)
  + Fix the distro.osfamily output problem in the openEuler system. (#1895)
    [sxt1001] (LP: #1999042)
  + pycloudlib: bump commit dropping azure api smoke test
  + net: netplan config root read-only as wifi config can contain creds
  + autoinstall: clarify docs for users
  + sources/azure: encode health report as utf-8 (#1897) [Chris Patterson]
  + Add back gateway4/6 deprecation to docs (#1898)
  + networkd: Add support for multiple [Route] sections (#1868)
    [Nigel Kukard]
  + doc: add qemu tutorial (#1863)
  + lint: fix tip-flake8 and tip-mypy (#1896)
  + Add support for setting uid when creating users on FreeBSD (#1888)
    [einsibjarni]
  + Fix exception in BSD networking code-path (#1894) [Mina Galić]
  + Append derivatives to is_rhel list in cloud.cfg.tmpl (#1887) [Louis Abel]
  + FreeBSD init: use cloudinit_enable as only rcvar (#1875) [Mina Galić]
  + feat: add support aliyun metadata security harden mode (#1865)
    [Manasseh Zhou]
  + docs: uprate analyze to performance page [s-makin]
  + test: fix lxd preseed managed network config (#1881)
  + Add support for static IPv6 addresses for FreeBSD (#1839) [einsibjarni]
  + Make 3.12 failures not fail the build (#1873)
  + Docs: adding relative links [s-makin]
  + Update read-version
  + Fix setup.py to align with PEP 440 versioning replacing trailing
  + travis: promote 3.11-dev to 3.11 (#1866)
  + test_cloud_sigma: delete useless test (#1828) [sxt1001]
  + Add "/nkukard"/ as contributor (#1864) [Nigel Kukard]
  + tests: ds-id mocks for vmware-rpctool as utility may not exist in env
  + doc: add how to render new module doc (#1855)
  + doc: improve module creation explanation (#1851)
  + Add Support for IPv6 metadata to OpenStack (#1805)
    [Marvin Vogt] (LP: #1906849)
  + add xiaoge1001 to .github-cla-signers (#1854) [sxt1001]
  + network: Deprecate gateway{4,6} keys in network config v2 (#1794)
    (LP: #1992512)
  + VMware: Move Guest Customization transport from OVF to VMware (#1573)
    [PengpengSun]
  + doc: home page links added (#1852) [s-makin]
  From 22.4.2
  + status: handle ds not defined in status.json (#1876) (LP: #1997559)
  From 22.4.1
  + net: skip duplicate mac check for netvsc nic and its VF (#1853)
    [Anh Vo] (LP: #1844191)
  + ChangeLog: whitespace cleanup (#1850)
  + changelog: capture 22.3.1-4 releases
- Add cloud-init-transact-up.patch to support transactional-updates
- Add cloud-init-prefer-nm.patch
  + Prefer NetworkManager of sysconfig when available
- Update to version 22.4
  + Remove patches included upstream:
  - cloud-init-vmware-test.patch
  - cloud-init-sysctl-not-in-bin.patch
  + Forward port:
  - cloud-init-write-routes.patch
  - cloud-init-break-resolv-symlink.patch
  - cloud-init-sysconf-path.patch
  - cloud-init-no-tempnet-oci.patch
  + Add cloud-init-btrfs-queue-resize.patch (bsc#1171511)
  + Add cloud-init-micro-is-suse.patch (bsc#1203393) [Martin Petersen]
  + Add cloud-init-suse-afternm.patch
  + test: fix pro integration test [Alberto Contreras]
  + cc_disk_setup: pass options in correct order to utils (#1829)
    [dermotbradley]
  + tests: text_lxd basic_preseed verify_clean_log (#1826)
  + docs: switch sphinx theme to furo (SC-1327) (#1821) [Alberto Contreras]
  + tests: activate Ubuntu Pro tests (only on Jenkins) (#1777)
    [Alberto Contreras]
  + tests: test_lxd assert features.storage.buckets when present (#1827)
  + tests: replace missed ansible install-method with underscore (#1825)
  + tests: replace ansible install-method with underscore
  + ansible: standardize schema keys
  + ci: run json tool on 22.04 rather than 20.04 (#1823)
  + Stop using devices endpoint for LXD network config (#1819)
  + apport: address new curtin log and config locations (#1812)
  + cc_grub: reword docs for clarity (#1818)
  + tests: Fix preseed test (#1820)
  + Auto-format schema (#1810)
  + Ansible Control Module (#1778)
  + Fix last reported event possibly not being sent (#1796) (LP: #1993836)
  + tests: Ignore unsupported lxd project keys (#1817) [Alberto Contreras]
  + udevadm settle should handle non-udev system gracefully (#1806)
    [dermotbradley]
  + add mariner support (#1780) [Minghe Ren]
  + Net: add BSD ifconfig(8) parser and state class (#1779) [Mina Galić]
  + adding itjamie to .github-cla-signers [Jamie (Bear) Murphy]
  + Fix inconsistency between comment and statement (#1809) [Guillaume Gay]
  + Update .github-cla-signers (#1811) [Guillaume Gay]
  + alpine.py: Add Alpine-specific manage_service function and update tests
    (#1804) [dermotbradley]
  + test: add 3.12-dev to Travis CI (#1798) [Alberto Contreras]
  + add NWCS datasource (#1793) [shell-skrimp]
  + Adding myself as CLA signer (#1799) [s-makin]
  + apport: fix some data collection failures due to symlinks (#1797)
    [Dan Bungert]
  + read-version: Make it compatible with bionic (#1795) [Alberto Contreras]
  + lxd: add support for lxd preseed config(#1789)
  + Enable hotplug for LXD datasource (#1787)
  + cli: collect logs and apport subiquity support
  + add support for Container-Optimized OS (#1748) [vteratipally]
  + test: temporarily disable failing integration test (#1792)
  + Fix LXD/nocloud detection on lxd vm tests (#1791)
  + util: Implement __str__ and __iter__ for Version (#1790)
  + cc_ua: consume ua json api for enable commands [Alberto Contreras]
  + Add clarity to cc_final_message docs (#1788)
  + cc_ntp: add support for BSDs (#1759) [Mina Galić] (LP: #1990041)
  + make Makefile make agnostic (#1786) [Mina Galić]
  + Remove hardcoding and unnecessary overrides in Makefile (#1783)
    [Joseph Mingrone]
  + Add my username (Jehops) to .github-cla-signers (#1784) [Joseph Mingrone]
  + Temporarily remove broken test (#1781)
  + Create reference documentation for base config
  + cc_ansible: add support for galaxy install (#1736)
  + distros/manage_services: add support to disable service (#1772)
    [Mina Galić] (LP: #1991024)
  + OpenBSD: remove pkg_cmd_environ function (#1773)
    [Mina Galić] (LP: 1991567)
  + docs: Correct typo in the FAQ (#1774) [Maximilian Wörner]
  + tests: Use LXD metadata to determine NoCloud status (#1776)
  + analyze: use init-local as start of boot record (#1767) [Chris Patterson]
  + docs: use opensuse for distro name in package doc (#1771)
  + doc: clarify packages as dev only (#1769) [Alberto Contreras]
  + Distro manage service: Improve BSD support (#1758)
    [Mina Galić] (LP: #1990070)
  + testing: check logs for critical errors (#1765) [Chris Patterson]
  + cc_ubuntu_advantage: Handle already attached on Pro [Alberto Contreras]
  + doc: Add configuration explanation (SC-1169)
  + Fix Oracle DS primary interface when using IMDS (#1757) (LP: #1989686)
  + style: prefer absolute imports over relative imports [Mina Galić]
  + tests: Fix ip log during instance destruction (#1755) [Alberto Contreras]
  + cc_ubuntu_advantage: add ua_config in auto-attach [Alberto Contreras]
  + apt configure: sources write/append mode (#1738)
    [Fabian Lichtenegger-Lukas]
  + networkd: Add test and improve typing. (#1747) [Alberto Contreras]
  + pycloudlib: bump commit for gce cpu architecture support (#1750)
  + commit ffcb29bc8315d1e1d6244eeb1cbd8095958f7bad (LP: #1307667)
  + testing: workaround LXD vendor data (#1740)
  + support dhcp{4,6}-overrides in networkd renderer (#1710) [Aidan Obley]
  + tests: Drop httpretty in favor of responses (#1720) [Alberto Contreras]
  + cc_ubuntu_advantage: Implement custom auto-attach behaviors (#1583)
    [Alberto Contreras]
  + Fix Oracle DS not setting subnet when using IMDS (#1735) (LP: #1989686)
  + testing: focal lxd datasource discovery (#1734)
  + cc_ubuntu_advantage: Redact token from logs (#1726) [Alberto Contreras]
  + docs: make sure echo properly evaluates the string (#1733) [Mina Galić]
  + net: set dhclient lease and pid files (#1715)
  + cli: status machine-readable output --format yaml/json (#1663)
    (LP: #1883122)
  + tests: Simplify does_not_raise (#1731) [Alberto Contreras]
  + Refactor: Drop inheritance from object (#1728) [Alberto Contreras]
  + testing: LXD datasource now supported on Focal (#1732)
  + Allow jinja templating in /etc/cloud (SC-1170) (#1722) (LP: #1913461)
  + sources/azure: ensure instance id is always correct (#1727)
    [Chris Patterson]
  + azure: define new attribute for pre-22.3 pickles (#1725)
  + doc: main page Diátaxis rewording (SC-967) (#1701)
  + ubuntu advantage: improved idempotency, enable list is now strict
  + [Fabian Lichtenegger-Lukas]
  + test: bump pycloudlib (#1724) [Alberto Contreras]
  + cloud.cfg.tmpl: make sure "/centos"/ settings are identical to "/rhel"/
    (#1639) [Emanuele Giuseppe Esposito]
  + lxd: fetch 1.0/devices content (#1712) [Alberto Contreras]
  + Update docs according to ad8f406a (#1719)
  + testing: Port unittests/analyze to pytest (#1708) [Alberto Contreras]
  + doc: Fix rtd builds. (#1718) [Alberto Contreras]
  + testing: fully mock noexec calls (#1717) [Alberto Contreras]
  + typing: Add types to cc_<module>.handle (#1700) [Alberto Contreras]
  + Identify 3DS Outscale Datasource as Ec2 (#1686) [Maxime Dufour]
  + config: enable bootstrapping pip in ansible (#1707)
  + Fix cc_chef typing issue (#1716)
  + Refactor instance json files to use Paths (SC-1238) (#1709)
  + tools: read-version check GITHUB_REF and git branch --show-current
    (#1677)
  + net: Ensure a tmp with exec permissions for dhcp (#1690)
    [Alberto Contreras] (LP: #1962343)
  + testing: Fix test regression in test_combined (#1713) [Alberto Contreras]
  + Identify Huawei Cloud as OpenStack (#1689) [huang xinjie]
  + doc: add reporting suggestion to FAQ (SC-1236) (#1698)
  From 22.3
  + sources: obj.pkl cache should be written anyime get_data is run (#1669)
  + schema: drop release number from version file (#1664)
  + pycloudlib: bump to quiet azure HTTP info logs (#1668)
  + test: fix wireguard integration tests (#1666)
  + Github is deprecating the 18.04 runner starting 12.1 (#1665)
  + integration tests: Ensure one setup for all tests (#1661)
  + tests: ansible test fixes (#1660)
  + Prevent concurrency issue in test_webhook_hander.py (#1658)
  + Workaround net_setup_link race with udev (#1655) (LP: #1983516)
  + test: drop erroneous lxd assertion, verify command succeeded (#1657)
  + Fix Chrony usage on Centos Stream (#1648) [Sven Haardiek] (LP: #1885952)
  + sources/azure: handle network unreachable errors for savable PPS (#1642)
    [Chris Patterson]
  + Return cc_set_hostname to PER_INSTANCE frequency (#1651) (LP: #1983811)
  + test: Collect integration test time by default (#1638)
  + test: Drop forced package install hack in lxd integration test (#1649)
  + schema: Resolve user-data if --system given (#1644)
    [Alberto Contreras] (LP: #1983306)
  + test: use fake filesystem to avoid file removal (#1647)
    [Alberto Contreras]
  + tox: Fix tip-flake8 and tip-mypy (#1635) [Alberto Contreras]
  + config: Add wireguard config module (#1570) [Fabian Lichtenegger-Lukas]
  + tests: can run without azure-cli, tests expect inactive ansible (#1643)
  + typing: Type UrlResponse.contents (#1633) [Alberto Contreras]
  + testing: fix references to `DEPRECATED.` (#1641) [Alberto Contreras]
  + ssh_util: Handle sshd_config.d folder [Alberto Contreras] (LP: #1968873)
  + schema: Enable deprecations in cc_update_etc_hosts (#1631)
    [Alberto Contreras]
  + Add Ansible Config Module (#1579)
  + util: Support Idle process state in get_proc_ppid() (#1637)
  + schema: Enable deprecations in cc_growpart (#1628) [Alberto Contreras]
  + schema: Enable deprecations in cc_users_groups (#1627)
    [Alberto Contreras]
  + util: Fix error path and parsing in get_proc_ppid()
  + main: avoid downloading full contents cmdline urls (#1606)
    [Alberto Contreras] (LP: #1937319)
  + schema: Enable deprecations in cc_scripts_vendor (#1629)
    [Alberto Contreras]
  + schema: Enable deprecations in cc_set_passwords (#1630)
    [Alberto Contreras]
  + sources/azure: add experimental support for preprovisioned os disks
    (#1622) [Chris Patterson]
  + Remove configobj a_to_u calls (#1632) [Stefano Rivera]
  + cc_debug: Drop this module (#1614) [Alberto Contreras]
  + schema: add aggregate descriptions in anyOf/oneOf (#1636)
  + testing: migrate test_sshutil to pytest (#1617) [Alberto Contreras]
  + testing: Fix test_ca_certs integration test (#1626) [Alberto Contreras]
  + testing: add support for pycloudlib's pro images (#1604)
    [Alberto Contreras]
  + testing: migrate test_cc_set_passwords to pytest (#1615)
    [Alberto Contreras]
  + network: add system_info network activator cloud.cfg overrides (#1619)
    (LP: #1958377)
  + docs: Align git remotes with uss-tableflip setup (#1624)
    [Alberto Contreras]
  + testing: cover active config module checks (#1609) [Alberto Contreras]
  + lxd: lvm avoid thinpool when kernel module absent
  + lxd: enable MTU configuration in cloud-init
  + doc: pin doc8 to last passing version
  + cc_set_passwords fixes (#1590)
  + Modernise importer.py and type ModuleDetails (#1605) [Alberto Contreras]
  + config: Def activate_by_schema_keys for t-z (#1613) [Alberto Contreras]
  + config: define activate_by_schema_keys for p-r mods (#1611)
    [Alberto Contreras]
  + clean: add param to remove /etc/machine-id for golden image creation
  + config: define `activate_by_schema_keys` for a-f mods (#1608)
    [Alberto Contreras]
  + config: define activate_by_schema_keys for s mods (#1612)
    [Alberto Contreras]
  + sources/azure: reorganize tests for network config (#1586)
  + [Chris Patterson]
  + config: Define activate_by_schema_keys for g-n mods (#1610)
    [Alberto Contreras]
  + meta-schema: add infra to skip inapplicable modules [Alberto Contreras]
  + sources/azure: don't set cfg["/password"/] for default user pw (#1592)
    [Chris Patterson]
  + schema: activate grub-dpkg deprecations (#1600) [Alberto Contreras]
  + docs: clarify user password purposes (#1593)
  + cc_lxd: Add btrfs and lvm lxd storage options (SC-1026) (#1585)
  + archlinux: Fix distro naming[1] (#1601) [Kristian Klausen]
  + cc_ubuntu_autoinstall: support live-installer autoinstall config
  + clean: allow third party cleanup scripts in /etc/cloud/clean.d (#1581)
  + sources/azure: refactor chassis asset tag handling (#1574)
    [Chris Patterson]
  + Add "/netcho"/ as contributor (#1591) [Kaloyan Kotlarski]
  + testing: drop impish support (#1596) [Alberto Contreras]
  + black: fix missed formatting issue which landed in main (#1594)
  + bsd: Don't assume that root user is in root group (#1587)
  + docs: Fix comment typo regarding use of packages (#1582)
    [Peter Mescalchin]
  + Update govc command in VMWare walkthrough (#1576) [manioo8]
  + Update .github-cla-signers (#1588) [Daniel Mullins]
  + Rename the openmandriva user to omv (#1575) [Bernhard Rosenkraenzer]
  + sources/azure: increase read-timeout to 60 seconds for wireserver
    (#1571) [Chris Patterson]
  + Resource leak cleanup (#1556)
  + testing: remove appereances of FakeCloud (#1584) [Alberto Contreras]
  + Fix expire passwords for hashed passwords (#1577)
    [Sadegh Hayeri] (LP: #1979065)
  + mounts: fix suggested_swapsize for > 64GB hosts (#1569) [Steven Stallion]
  + Update chpasswd schema to deprecate password parsing (#1517)
  + tox: Remove entries from default envlist (#1578) (LP: #1980854)
  + tests: add test for parsing static dns for existing devices (#1557)
    [Jonas Konrad]
  + testing: port cc_ubuntu_advantage test to pytest (#1559)
    [Alberto Contreras]
  + Schema deprecation handling (#1549) [Alberto Contreras]
  + Enable pytest to run in parallel (#1568)
  + sources/azure: refactor ovf-env.xml parsing (#1550) [Chris Patterson]
  + schema: Force stricter validation (#1547)
  + ubuntu advantage config: http_proxy, https_proxy (#1512)
    [Fabian Lichtenegger-Lukas]
  + net: fix interface matching support (#1552) (LP: #1979877)
  + Fuzz testing jsonchema (#1499) [Alberto Contreras]
  + testing: Wait for changed boot-id in test_status.py (#1548)
  + CI: Fix GH pinned-format jobs (#1558) [Alberto Contreras]
  + Typo fix (#1560) [Jaime Hablutzel]
  + tests: mock dns lookup that causes long timeouts (#1555)
  + tox: add unpinned env for do_format and check_format (#1554)
  + cc_ssh_import_id: Substitute deprecated warn (#1553) [Alberto Contreras]
  + Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
  + Update WebHookHandler to run as background thread (SC-456) (#1491)
    (LP: #1910552)
  + testing: Don't run custom cloud dir test on Bionic (#1542)
  + bash completion: update schema command (#1543) (LP: #1979547)
  + CI: add non-blocking run against the linters tip versions (#1531)
    [Paride Legovini]
  + Change groups within the users schema to support lists and strings
    (#1545) [RedKrieg]
  + make it clear which username should go in the contributing doc (#1546)
  + Pin setuptools for Travis (SC-1136) (#1540)
  + Fix LXD datasource crawl when BOOT enabled (#1537)
  + testing: Fix wrong path in dual stack test (#1538)
  + cloud-config: honor cloud_dir setting (#1523)
    [Alberto Contreras] (LP: #1976564)
  + Add python3-debconf to pkg-deps.json Build-Depends (#1535)
    [Alberto Contreras]
  + redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
    (#1536)
  + tests/azure: add test coverage for DisableSshPasswordAuthentication
    (#1534) [Chris Patterson]
  + summary: Add david-caro to the cla signers (#1527) [David Caro]
  + Add support for OpenMandriva (https://openmandriva.org/) (#1520)
    [Bernhard Rosenkraenzer]
  + tests/azure: refactor ovf creation (#1533) [Chris Patterson]
  + Improve DataSourceOVF error reporting when script disabled (#1525) [rong]
  + tox: integration-tests-jenkins: softfail if only some test failed
    (#1528) [Paride Legovini]
  + CI: drop linters from Travis CI (moved to GH Actions) (#1530)
    [Paride Legovini]
  + sources/azure: remove unused encoding support for customdata (#1526)
    [Chris Patterson]
  + sources/azure: remove unused metadata captured when parsing ovf (#1524)
    [Chris Patterson]
  + sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
    [Chris Patterson]
  + Remove extra space from ec2 dual stack crawl message (#1521)
  + tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
    [Chris Patterson]
  + setup.py: adjust udev/rules default path (#1513)
    [Emanuele Giuseppe Esposito]
  + Add python3-deconf dependency (#1506) [Alberto Contreras]
  + Change match macadress param for network v2 config (#1518)
    [Henrique Caricatti Capozzi]
  + sources/azure: remove unused userdata property from ovf (#1516)
    [Chris Patterson]
  + sources/azure: minor refactoring to network config generation (#1497)
    [Chris Patterson]
  + net: Implement link-local ephemeral ipv6
  + Rename function to avoid confusion (#1501)
  + Fix cc_phone_home requiring 'tries' (#1500) (LP: #1977952)
  + datasources: replace networking functions with stdlib and cloudinit.net
  + code
  + Remove xenial references (#1472) [Alberto Contreras]
  + Oracle ds changes (#1474) [Alberto Contreras] (LP: #1967942)
  + improve runcmd docs (#1498)
  + add 3.11-dev to Travis CI (#1493)
  + Only run github actions on pull request (#1496)
  + Fix integration test client creation (#1494) [Alberto Contreras]
  + tox: add link checker environment, fix links (#1480)
  + cc_ubuntu_advantage: Fix doc (#1487) [Alberto Contreras]
  + cc_yum_add_repo: Fix repo id canonicalization (#1489)
    [Alberto Contreras] (LP: #1975818)
  + Add linitio as contributor in the project (#1488) [Kevin Allioli]
  + net-convert: use yaml.dump for debugging python NetworkState obj (#1484)
    (LP: #1975907)
  + test_schema: no relative $ref URLs, replace $ref with local path (#1486)
  + cc_set_hostname: do not write "/localhost"/ when no hostname is given
  + (#1453) [Emanuele Giuseppe Esposito]
  + Update .github-cla-signers (#1478) [rong]
  + schema: write_files defaults, versions $ref full URL and add vscode
    (#1479)
  + docs: fix external links, add one more to the list (#1477)
  + doc: Document how to change module frequency (#1481)
  + tests: bump pycloudlib (#1482)
  + tests: bump pycloudlib pinned commit for kinetic Azure (#1476)
  + testing: fix test_status.py (#1475)
  + integration tests: If KEEP_INSTANCE = True, log IP (#1473)
  + Drop mypy excluded files (#1454) [Alberto Contreras]
  + Docs additions (#1470)
  + Add "/formatting tests"/ to Github Actions
  + Remove unused arguments in function signature (#1471)
  + Changelog: correct errant classification of LP issues as GH (#1464)
  + Use Network-Manager and Netplan as default renderers for RHEL and Fedora
    (#1465) [Emanuele Giuseppe Esposito]
  From 22.2
  + Fix test due to caplog incompatibility (#1461) [Alberto Contreras]
  + Align rhel custom files with upstream (#1431)
    [Emanuele Giuseppe Esposito]
  + cc_write_files: Improve schema. (#1460) [Alberto Contreras]
  + cli: Redact files with permission errors in commands (#1440)
  + [Alberto Contreras] (LP: #1953430)
  + Improve cc_set_passwords. (#1456) [Alberto Contreras]
  + testing: make fake cloud-init wait actually wait (#1459)
  + Scaleway: Fix network configuration for netplan 0.102 and later (#1455)
    [Maxime Corbin]
  + Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka]
  + schema: version schema-cloud-config-v1.json (#1424)
  + cc_modules: set default meta frequency value when no config available
    (#1457)
  + Log generic warning on non-systemd systems. (#1450) [Alberto Contreras]
  + cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448)
    [Alberto Contreras]
  + Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras]
  + testing: Fix console_log tests (#1437)
  + tests: cc_set_passoword update for systemd, non-systemd distros  (#1449)
  + Fix bug in url_helper/dual_stack() logging (#1426)
  + schema: render schema paths from _CustomSafeLoaderWithMarks (#1391)
  + testing: Make integration tests kinetic friendly (#1441)
  + Handle error if SSH service no present. (#1422)
    [Alberto Contreras] (LP: #1969526)
  + Fix network-manager activator availability and order (#1438)
  + sources/azure: remove reprovisioning marker (#1414) [Chris Patterson]
  + upstart: drop vestigial support for upstart (#1421)
  + testing: Ensure NoCloud detected in test (#1439)
  + Update .github-cla-signers kallioli [Kevin Allioli]
  + Consistently strip top-level network key (#1417) (LP: #1906187)
  + testing: Fix LXD VM metadata test (#1430)
  + testing: Add NoCloud setup for NoCloud test (#1425)
  + Update linters and adapt code for compatibility (#1434) [Paride Legovini]
  + run-container: add support for LXD VMs (#1428) [Paride Legovini]
  + integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini]
  + Fix NoCloud docs (#1423)
  + Docs fixes (#1406)
  + docs: Add docs for module creation (#1415)
  + Remove cheetah from templater (#1416)
  + tests: verify_ordered_items fallback to re.escape if needed (#1420)
  + Misc module cleanup (#1418)
  + docs: Fix doc warnings and enable errors (#1419)
    [Alberto Contreras] (LP: #1876341)
  + Refactor cloudinit.sources.NetworkConfigSource to enum (#1413)
    [Alberto Contreras] (LP: #1874875)
  + Don't fail if IB and Ethernet devices 'collide' (#1411)
  + Use cc_* module meta defintion over hardcoded vars (SC-888) (#1385)
  + Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras]
  + Promote cloud-init schema from devel to top level subcommand (#1402)
  + mypy: disable missing imports warning for httpretty (#1412)
    [Chris Patterson]
  + users: error when home should not be created AND ssh keys provided
    [Jeffrey 'jf' Lim]
  + Allow growpart to resize encrypted partitions (#1316)
  + Fix typo in integration_test.rst (#1405) [Alberto Contreras]
  + cloudinit.net refactor: apply_network_config_names (#1388)
    [Alberto Contreras] (LP: #1884602)
  + tests/azure: add fixtures for hardcoded paths (markers and data_dir)
    (#1399) [Chris Patterson]
  + testing: Add responses workaround for focal/impish (#1403)
  + cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False
  + Fix ds-identify not detecting NoCloud seed in config (#1381)
    (LP: #1876375)
  + sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson]
  + Move notes about refactorization out of CONTRIBUTING.rst (#1389)
  + Shave ~8ms off generator runtime (#1387)
  + Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson]
  + schema: module example strict testing fix seed_random
  + cc_set_hostname: examples small typo (perserve vs preserve)
    [Wouter Schoot]
  + sources/azure: refactor http_with_retries to remove **kwargs (#1392)
    [Chris Patterson]
  + declare dependency on ssh-import-id (#1334)
  + drop references to old dependencies and old centos script
  + sources/azure: only wait for primary nic to be attached during restore
    (#1378) [Anh Vo]
  + cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384)
  + Network functions refactor and bugfixes (#1383)
  + schema: add JSON defs for modules cc_users_groups (#1379)
    (LP: #1858930)
  + Fix doc typo (#1382) [Alberto Contreras]
  + Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160)
  + Fix KeyError when rendering sysconfig IPv6 routes (#1380) (LP: #1958506)
  + Return a namedtuple from subp() (#1376)
  + Mypy stubs and other tox maintenance (SC-920) (#1374)
  + Distro Compatibility Fixes (#1375)
  + Pull in Gentoo patches (#1372)
  + schema: add json defs for modules U-Z (#1360)
    (LP: #1858928, #1858929, #1858931, #1858932)
  + util: atomically update sym links to avoid Suppress FileNotFoundError
  + when reading status (#1298) [Adam Collard] (LP: #1962150)
  + schema: add json defs for modules scripts-timezone (SC-801) (#1365)
  + docs: Add first tutorial (SC-900) (#1368)
  + BUG 1473527: module ssh-authkey-fingerprints fails Input/output error…
    (#1340) [Andrew Lee] (LP: #1473527)
  + add arch hosts template (#1371)
  + ds-identify: detect LXD for VMs launched from host with > 5.10 kernel
    (#1370) (LP: #1968085)
  + Support EC2 tags in instance metadata (#1309) [Eduardo Dobay]
  + schema: add json defs for modules e-install (SC-651) (#1366)
  + Improve "/(no_create_home|system): true"/ test (#1367) [Jeffrey 'jf' Lim]
  + Expose https_proxy env variable to ssh-import-id cmd (#1333)
    [Michael Rommel]
  + sources/azure: remove bind/unbind logic for hot attached nic (#1332)
    [Chris Patterson]
  + tox: add types-* packages to check_format env (#1362)
  + tests: python 3.10 is showing up in cloudimages (#1364)
  + testing: add additional mocks to test_net tests (#1356) [yangzz-97]
  + schema: add JSON schema for mcollective, migrator and mounts modules
    (#1358)
  + Honor system locale for RHEL (#1355) [Wei Shi]
  + doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani]
  + ds-identify: also discover LXD by presence from DMI board_name = LXD
    (#1311)
  + black: bump pinned version to 22.3.0 to avoid click dependency issues
    (#1357)
  + Various doc fixes (#1330)
  + testing: Add missing is_FreeBSD mock to networking test (#1353)
  + Add --no-update to add-apt-repostory call (SC-880) (#1337)
  + schema: add json defs for modules K-L (#1321)
    (LP: #1858899, #1858900, #1858901, #1858902)
  + docs: Re-order readthedocs install (#1354)
  + Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343)
    [Jeffrey 'jf' Lim]
  + docs: add jinja2 pin (#1352)
  + Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095]
  + sources/azure: move get_ip_from_lease_value out of shim (#1324)
    [Chris Patterson]
  + Fix cloud-init status --wait when no datasource found (#1349)
    (LP: #1966085)
  + schema: add JSON defs for modules resize-salt (SC-654) (#1341)
  + Add myself as a future contributor (#1345) [Neal Gompa (ニール・ゴンパ)]
  + Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim]
  + add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service
  + file (#1335) [yangzz-97]
  + Fix sysconfig render when set-name is missing (#1327)
    [Andrew Kutz] (LP: #1855945)
  + Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz]
  + url_helper: add tuple support for readurl timeout (#1328)
    [Chris Patterson]
  + Make fs labels match for ds-identify and docs (#1329)
  + Work around bug in LXD VM detection (#1325)
  + Remove redundant generator logs (#1318)
  + tox: set verbose flags for integration tests (#1323) [Chris Patterson]
  + net: introduce find_candidate_nics() (#1313) [Chris Patterson]
  + Revert "/Ensure system_cfg read before ds net config on Oracle (#1174)"/
    (#1326)
  + Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth]
  + Make VMWare data source test host independent and expand testing (#1308)
    [Robert Schweikert]
  + Add json schemas for modules starting with P
  + sources/azure: remove lease file parsing (#1302) [Chris Patterson]
  + remove flaky test from ci (#1322)
  + ci: Switch to python 3.10 in Travis CI (#1320)
  + Better interface handling for Vultr, expect unexpected DHCP servers
    (#1297) [eb3095]
  + Remove unused init local artifact (#1315)
  + Doc cleanups (#1317)
  + docs improvements (#1312)
  + add support for jinja do statements, add unit test (#1314)
    [Paul Bruno] (LP: #1962759)
  + sources/azure: prevent tight loops for DHCP retries (#1285)
    [Chris Patterson]
  + net/dhcp: surface type of DHCP lease failure to caller (#1276)
    [Chris Patterson]
  + Stop hardcoding systemctl location (#1278) [Robert Schweikert]
  + Remove python2 syntax from docs (#1310)
  + [tools/migrate-lp-user-to-github] Rename master branch to main (#1301)
    [Adam Collard]
  + redhat: Depend on "/hostname"/ package (#1288) [Lubomir Rintel]
  + Add native NetworkManager support (#1224) [Lubomir Rintel]
  + Fix link in CLA check to point to contribution guide. (#1299)
    [Adam Collard]
  + check for existing symlink while force creating symlink (#1281)
    [Shreenidhi Shedi]
  + Do not silently ignore integer uid (#1280) (LP: #1875772)
  + tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291)
  + Integration test fix ppa  (#1296)
  + tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289)
  + test_ppa_source: accept both http and https URLs (#1292)
    [Paride Legovini]
  + Fix apt test on azure
  + add "/lkundrak"/ as contributor [Lubomir Rintel]
  + Holmanb/integration test fix ppa (#1287)
  + Include missing subcommand in manpage (#1279)
  + Clean up artifacts from pytest, packaging, release with make clean
    (#1277)
  + sources/azure: ensure retries on IMDS request failure (#1271)
    [Chris Patterson]
  + sources/azure: removed unused savable PPS paths (#1268) [Chris Patterson]
  + integration tests: fix Azure failures (#1269)
  From 22.1
  + sources/azure: report ready in local phase (#1265) [Chris Patterson]
  + sources/azure: validate IMDS network configuration metadata (#1257)
    [Chris Patterson]
  + docs: Add more details to runcmd docs (#1266)
  + use PEP 589 syntax for TypeDict (#1253)
  + mypy: introduce type checking (#1254) [Chris Patterson]
  + Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095]
  + tests: when generating crypted password, generate in target env (#1252)
  + sources/azure: address mypy/pyright typing complaints (#1245)
    [Chris Patterson]
  + Docs for x-shellscript* userdata (#1260)
  + test_apt_security: azure platform has specific security URL overrides
    (#1263)
  + tests: lsblk --json output changes mountpoint key to mountpoinst []
    (#1261)
  + mounts: fix mount opts string for ephemeral disk (#1250)
    [Chris Patterson]
  + Shell script handlers by freq (#1166) [Chris Lalos]
  + minor improvements to documentation (#1259) [Mark Esler]
  + cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)
  + add "/eslerm"/ as contributor (#1258) [Mark Esler]
  + sources/azure: refactor ssh key handling (#1248) [Chris Patterson]
  + bump pycloudlib (#1256)
  + sources/hetzner: Use EphemeralDHCPv4 instead of static configuration
    (#1251) [Markus Schade]
  + bump pycloudlib version (#1255)
  + Fix IPv6 netmask format for sysconfig (#1215) [Harald] (LP: #1959148)
  + sources/azure: drop debug print (#1249) [Chris Patterson]
  + tests: do not check instance.pull_file().ok() (#1246)
  + sources/azure: consolidate ephemeral DHCP configuration (#1229)
    [Chris Patterson]
  + cc_salt_minion freebsd fix for rc.conf (#1236)
  + sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)
    [Chris Patterson]
  + Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo]
  + testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237)
  + Integration test changes (#1240)
  + Fix Gentoo Locales (#1205)
  + Add "/slingamn"/ as contributor (#1235) [Shivaram Lingamneni]
  + integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234)
  + Integration testing docs and refactor (#1231)
  + vultr: Return metadata immediately when found (#1233) [eb3095]
  + spell check docs with spellintian (#1223)
  + docs: include upstream python version info (#1230)
  + Schema a d (#1211)
  + Move LXD to end ds-identify DSLIST (#1228) (LP: #1959118)
  + fix parallel tox execution (#1214)
  + sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)
    [Chris Patterson]
  + Do not support setting up archive.canonical.com as a source (#1219)
    [Steve Langasek] (LP: #1959343)
  + Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095]
  + sources/azure: refactor _should_reprovision[_after_nic_attach]() logic
    (#1206) [Chris Patterson]
  + update ssh logs to show ssh private key gens pub and simplify code
    (#1221) [Steve Weber]
  + Remove mitechie from stale PR github action (#1217)
  + Include POST format in cc_phone_home docs (#1218) (LP: #1959149)
  + Add json parsing of ip addr show (SC-723) (#1210)
  + cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier]
  + Update .github-cla-signers (#1204) [Chris Lalos]
  + sources/azure: drop unused case in _report_failure() (#1200)
    [Chris Patterson]
  + sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)
    [Chris Patterson]
  + Add support for gentoo templates and cloud.cfg (#1179) [vteratipally]
  + sources/azure: unpack ret tuple in crawl_metadata() (#1194)
    [Chris Patterson]
  + tests: focal caplog has whitespace indentation for multi-line logs
    (#1201)
  + Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095]
  + integration: test against the Ubuntu daily images (#1198)
    [Paride Legovini]
  + cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)
  + tox: pass PYCLOUDLIB_* env vars into integration tests when present
    (#1196)
  + sources/azure: set ovf_is_accessible when OVF is read successfully
    (#1193) [Chris Patterson]
  + Enable OVF environment transport via ISO in example (#1195) [Megian]
  + sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting
    (#1190) [Chris Patterson]
  + Single JSON schema validation in early boot (#1175)
  + Add DatasourceOVF network-config propery to Ubuntu OVF example (#1184)
    [Megian]
  + testing: support pycloudlib config file (#1189)
  + Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174)
    (LP: #1956788)
  + Test Optimization Proposal (SC-736) (#1188)
  + cli: cloud-id report not-run or disabled state as cloud-id (#1162)
  + Remove distutils usage (#1177) [Shreenidhi Shedi]
  + add .python-version to gitignore (#1186)
  + print error if datasource import fails (#1170)
    [Emanuele Giuseppe Esposito]
  + Add new config module to set keyboard layout (#1176)
    [maxnet] (LP: #1951593)
  + sources/azure: rename metadata_type -> MetadataType (#1181)
    [Chris Patterson]
  + Remove 3.5 and xenial support (SC-711) (#1167)
  + tests: mock LXD datasource detection in ds-identify on LXD containers
    (#1178)
  + pylint: silence errors on compat code for old jsonschema (#1172)
    [Paride Legovini]
  + testing: Add 3.10 Test Coverage (#1173)
  + Remove unittests from integration test job in travis (#1141)
  + Don't throw exceptions for empty cloud config (#1130)
  + bsd/resolv.d/ avoid duplicated entries (#1163) [Gonéri Le Bouder]
  + sources/azure: do not persist failed_desired_api_version flag (#1159)
    [Chris Patterson]
  + Update cc_ubuntu_advantage calls to assume-yes (#1158)
    [John Chittum] (LP: #1954842)
  + openbsd: properly restart the network on 7.0 (#1150) [Gonéri Le Bouder]
  + Add .git-blame-ignore-revs (#1161)
  + Adopt Black and isort (SC-700) (#1157)
  + Include dpkg frontend lock in APT_LOCK_FILES (#1153)
  + tests/cmd/query: fix test run as root and add coverage for defaults
    (#1156) [Chris Patterson] (LP: #1825027)
  + Schema processing changes (SC-676) (#1144)
  + Add dependency workaround for impish in bddeb (#1148)
  + netbsd: install new dep packages (#1151) [Gonéri Le Bouder]
  + find_devs_with_openbsd: ensure we return the last entry (#1149)
    [Gonéri Le Bouder]
  + sources/azure: remove unnecessary hostname bounce (#1143)
    [Chris Patterson]
  + find_devs/openbsd: accept ISO on disk (#1132)
    [Gonéri Le Bouder]
  + Improve error log message when mount failed (#1140) [Ksenija Stanojevic]
  + add KsenijaS as a contributor (#1145) [Ksenija Stanojevic]
  + travis - don't run integration tests if no deb (#1139)
  + factor out function for getting top level directory of cloudinit (#1136)
  + testing: Add deterministic test id (#1138)
  + mock sleep() in azure test (#1137)
  + Add miraclelinux support (#1128) [Haruki TSURUMOTO]
  + docs: Make MACs lowercase in network config (#1135) (LP: #1876941)
  + Add Strict Metaschema Validation (#1101)
  + update dead link (#1133)
  + cloudinit/net: handle two different routes for the same ip (#1124)
    [Emanuele Giuseppe Esposito]
  + docs: pin mistune dependency (#1134)
  + Reorganize unit test locations under tests/unittests (#1126)
  + Fix exception when no activator found (#1129) (LP: #1948681)
  + jinja: provide and document jinja-safe key aliases in instance-data
    (SC-622) (#1123)
  + testing: Remove date from final_message test (SC-638) (#1127)
  + Move GCE metadata fetch to init-local (SC-502) (#1122)
  + Fix missing metadata routes for vultr (#1125) [eb3095]
  + cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console
    (#1081) [dermotbradley]
  + sources/azure: remove unused remnants related to agent command (#1119)
    [Chris Patterson]
  + github: update PR template's contributing URL (#1120) [Chris Patterson]
  + docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118)
  + testing: monkeypatch system_info call in unit tests (SC-533) (#1117)
  + Fix Vultr timeout and wait values (#1113) [eb3095]
  + lxd: add preference for LXD cloud-init.* config keys over user keys
    (#1108)
  + VMware: source /etc/network/interfaces.d/* on Debian
    [chengcheng-chcheng] (LP: #1950136)
  + Add cjp256 as contributor (#1109) [Chris Patterson]
  + integration_tests: Ensure log directory exists before symlinking to it
    (#1110)
  + testing: add growpart integration test (#1104)
  + integration_test: Speed up CI run time (#1111)
  + Some miscellaneous integration test fixes (SC-606) (#1103)
  + tests: specialize lxd_discovery test for lxd_vm vendordata (#1106)
  + Add convenience symlink to integration test output (#1105)
  + Fix for set-name bug in networkd renderer (#1100)
    [Andrew Kutz] (LP: #1949407)
  + Wait for apt lock (#1034) (LP: #1944611)
  + testing: stop chef test from running on openstack (#1102)
  + alpine.py: add options to the apk upgrade command (#1089) [dermotbradley]
containerd
- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
  Fixes the change for bsc#1210298.
[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
  (bsc#1210298)
- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.20>
cups
- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
  "/use-after-free in cupsdAcceptClient()"/
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230
docker
- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`
- Update to Docker 23.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to Docker 23.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
  - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
  - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
  built without internet access in OBS.
  + cli-0001-docs-include-required-tools-in-source-tree.patch
dracut
- Update to version 055+suse.344.g3d5cd8fb:
  * fix(dracut-install): continue parsing if ldd prints "/cannot execute binary file"/ (bsc#1212662)
gcc12
- Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204
  * includes regression bug fixes
- Add gcc12-testsuite-fixes.patch to pick testsuite related fixes
  from the branch after the release.
- Speed up builds with --enable-link-serialization.
- Update to gcc-12 branch head, 193f7e62815b4089dfaed4c2bd3, git749
- Don't rely on %usrmerged, set it based on standard %suse_version
- Update to gcc-12 branch head, e4b5fec75aa8d0d01f6e042ec28, git696
  * remove gcc12-fifo-jobserver-support.patch which is now
    included upstream
- avoid trailing backslashes at the end of post install scripts
- Update to gcc-12 branch head, 0aaef83351473e8f4eb774f8f99, git537
- Update embedded newlib to version 4.2.0
  * includes newlib-4.1.0-aligned_alloc.patch
- add gcc12-riscv-inline-atomics.patch,
  gcc12-riscv-pthread.patch: handle subword size inline atomics
  (needed by several openSUSE packages)
hwdata
- update to 0.371:
  * Update pci, usb and vendor ids
- update to 0.370:
  * Update pci, usb and vendor ids
- update to 0.369:
  * Update pci, usb and vendor ids
kernel-default
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- commit 98adc02
- Update "/drm/i915/gem: add missing boundary check in vm_access"/ (bsc#1211263 CVE-2023-28410)
  Add bug and CVE number to the References tag.
- commit f799efb
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- commit 70a1ce4
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- commit 4309e22
- kabi/severities: ignore kABI in bq27xxx_battery module
  Those are local symbols that are used only by child drivers
- commit 8d7e23d
- kABI workaround for btbcm.c (git-fixes).
- commit ab2692b
- nvme: fix passthrough csi check (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks
  (git-fixes).
- commit d03fbdf
- power: supply: bq27xxx: expose battery data when CI=1
  (git-fixes).
- Refresh
  patches.suse/power-supply-bq27xxx-Fix-bq27xxx_battery_update-race.patch.
- commit 3c4cf6c
- KEYS: asymmetric: Copy sig and digest in
  public_key_verify_signature() (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called
  on current sign changes (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
  (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races
  on remove (git-fixes).
- bluetooth: Add cmd validity checks at the start of
  hci_sock_ioctl() (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if
  not set (git-fixes).
- commit 31ed077
- ASoC: rt5682: Disable jack detection interrupt during suspend
  (git-fixes).
- Refresh patches.kabi/snd-soc-rt5682-kABI-workaround.patch.
- commit ce0cf1d
- misc: fastrpc: reject new invocations during device removal
  (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal
  (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting
  IRQ_DISABLE_UNLAZY flag (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476
  compatible value (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
  (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio: adc: ad7192: Change "/shorted"/ channels to differential
  (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices
  without ACPI _ONT method (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations
  (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break
  instead of UARTCTRL_SBK (git-fixes).
- serial: 8250_tegra: Fix an error handling path in
  tegra_uart_probe() (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix "/snps,hsphy_interface"/ type
  (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
  (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- selinux: don't use make's grouped targets feature yet
  (git-fixes).
- mtd: rawnand: marvell: don't set the NAND frequency select
  (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written
  (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions
  (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported
  (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
  (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
  (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev()
  (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the
  memory descriptors (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before
  executing (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
  (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe()
  (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
  (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s
  for things to stabilize (git-fixes).
- power: supply: bq27xxx: Add cache parameter to
  bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race
  condition (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
  (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
  (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend
  period (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
  (git-fixes).
- net: mdio: mvusb: Fix an error handling path in
  mvusb_mdio_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting
  (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- commit 2ec09cc
- net: rpl: fix rpl header size calculation (CVE-2023-2156
  bsc#1211131).
- commit c308d83
- thunderbolt: Mask ring interrupt on Intel hardware as well
  (bsc#1210165).
- commit 4a76dd6
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory
  pressure (bsc#1211564).
- commit 8e0fc37
- blacklist: add nvme bogus nsid check
  We don't not need these quirks as we don't ship the check.
- commit bbebeaf
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- commit f0be05e
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 89bdacb
- Update patch-mainline metadata for a lockdown patch
- commit ff4a857
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- commit b67ebd4
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- commit 3cd00dd
- nvme-tcp: fix a possible UAF when failing to allocate an io
  queue (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-fc: fix a missing queue put in
  nvmet_fc_ls_create_association (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects
  (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
  (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace
  is enabled (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
  (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
  (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
  (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
  queue teardown (git-fixes).
- nvme: handle the persistent internal error AER (git-fixes).
  Refresh:
  - patches.suse/nvme-fix-async-event-trace-event.patc
- nvme: fix regression when disconnect a recovering ctrl
  (git-fixes).
  Refresh:
  - patches.suse/nvme-rdma-fix-possible-hang-caused-during-ctrl-delet.patch
  - patches.suse/nvme-tcp-fix-possible-hang-caused-during-ctrl-deleti.patch
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
  (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme-pci: fix a NULL pointer dereference in
  nvme_alloc_admin_tags (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect
  (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of
  nvmet_ns_revalidate (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvmet: use i_size_read() to set size for file-ns (git-fixes).
  Refresh:
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- nvme-tcp: fix bogus request completion when failing to send AER
  (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
  SSDs (git-fixes).
- commit c657707
- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit e3a141d
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- commit 43cdfba
- blacklist.conf: Exclude an irrelevant patch for us.
  We don't have the fp_init.size et al variables so this patch doesn't
  apply to our kernel.
- commit 30f92bf
- tipc: set con sock in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit a68b414
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- commit 244216a
- purgatory: fix disabling debug info (git-fixes).
- commit 1ebc547
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- commit d380760
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- commit 44d8ccb
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- Refresh patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
- commit c6646fc
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- commit d2f3f53
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- commit 3a9f080
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters
  (git-fixes).
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
  (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential
  VM (git-fixes).
- commit 85569e3
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not  available (git-fixes).
- commit bf87aed
- scsi: qla2xxx: Replace all non-returning strlcpy() with
  strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
  (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
  resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
  (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1211960).
- commit 4c4bf74
- lpfc: update metadata
- Refresh
  patches.suse/scsi-lpfc-Add-new-RCQE-status-for-handling-DMA-failu.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-double-free-in-lpfc_cmpl_els_logo_acc-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-verbose-logging-for-SCSI-commands-issu.patch.
- Refresh
  patches.suse/scsi-lpfc-Match-lock-ordering-of-lpfc_cmd-buf_lock-a.patch.
- Refresh
  patches.suse/scsi-lpfc-Replace-blk_irq_poll-intr-handler-with-thr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-congestion-warning-notification-per.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.12.patch.
- commit 497ebb3
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- commit aaaea1e
- RDMA/irdma: Prevent QP use after free (git-fixes)
- commit 34e3a35
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- commit 6c40b4b
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- commit 1c28ea3
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- commit c5d0c28
- RDMA/hns: Fix base address table allocation (git-fixes)
- commit c15c063
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- commit c581318
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- commit f7d5b0b
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- commit 8102023
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: ses: Handle enclosure with just a primary component
  gracefully (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: libsas: Grab the ATA port lock in
  sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- commit 9f00bdd
- Update CVE reference to
  patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch
  (git-fixes bsc#1205153 bsc#1211855 CVE-2023-3006).
- commit 7d0a08a
- media: radio-shark: Add endpoint checks (git-fixes).
- commit fb4ddc1
- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit d88241f
- blacklist.conf: prerequisites way too intrusive
- commit b6394eb
- blacklist.conf: prerequisites too intrusive
- commit 7aaa267
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ
  (bsc#1211847).
- scsi: lpfc: Add new RCQE status for handling DMA failures
  (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period
  (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and
  hbalock for abort paths (bsc#1211847).
- commit b6545fd
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused
  by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to
  SES devices (bsc#1211847).
- commit 31cb016
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- commit 5587605
- usb: dwc3: gadget: Execute gadget stop after halting the
  controller (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 35f936b
- usb: typec: tcpm: fix multiple times discover svids error
  (git-fixes).
- commit a381d7f
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
  (git-fixes).
- commit 6b5ad0e
- blacklist.conf: Add c0f2df49cf24 cgroup: Fix build failure when CONFIG_SHRINKER_DEBUG
- commit 7772962
- cifs: mapchars mount option ignored (bsc#1193629).
- commit 516a6c4
- smb3: display debug information better for encryption
  (bsc#1193629).
- commit 7f16b38
- cifs: fix smb1 mount regression (bsc#1193629).
- commit 565aa62
- SMB3: drop reference to cfile before sending oplock break
  (bsc#1193629).
- commit 714d17f
- SMB3: Close all deferred handles of inode in case of handle
  lease break (bsc#1193629).
- commit 31916b9
- cifs: release leases for deferred close handles when freezing
  (bsc#1193629).
- commit fba9221
- smb3: fix problem remounting a share after shutdown
  (bsc#1193629).
- commit 8678043
- SMB3: force unmount was failing to close deferred close files
  (bsc#1193629).
- commit b75c848
- smb3: improve parallel reads of large files (bsc#1193629).
- commit 739a949
- do not reuse connection if share marked as isolated
  (bsc#1193629).
- commit 50ed2cc
- SMB3: Close deferred file handles in case of handle lease break
  (bsc#1193629).
- commit 79b4858
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- commit 64fbbd7
- cifs: fix pcchunk length type in smb2_copychunk_range
  (bsc#1193629).
- commit 278a0ed
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- commit eeed402
- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit 2c9169a
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- commit 61dd23b
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 90eaeae
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 0f1ffd2
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit b2da20f
- dm ioctl: fix nested locking in table_clear() to remove deadlock
  concern (bsc#1210806, CVE-2023-2269).
- commit 2bbfc45
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size()
  (bsc#1211807).
- commit cfbffb5
- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 93ea3c4
- cgroup: Reorganize css_set_lock and kernfs path processing
  (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Homogenize cgroup_get_from_id() return value
  (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup
  id (bsc#1205650).
- blacklist.conf: Remove 4534dee94 to ease dependant backports
- cgroup: Honor caller's cgroup NS when resolving path
  (bsc#1205650).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup
  duplicated codes (bsc#1203906).
- commit 45f8307
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- Refresh
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch.
- blacklist.conf: Remove patch from blacklist (became prereq)
- commit 249c983
- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
  Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
  Requires corresponding patch to kmod.
- commit b8e00c5
- ceph: force updating the msg pointer in non-split case
  (bsc#1211804).
- commit a688822
- blacklist.conf: 03cab65a07e0 ("/selftests/futex: fix build for clang"/)
- commit 19afb99
- locking/rwsem: Add __always_inline annotation to
  __down_read_common() and inlined callers (git-fixes).
- commit e0ba102
- rtmutex: Ensure that the top waiter is always woken up
  (git-fixes).
- commit 0184302
- futex: Resend potentially swallowed owner death notification
  (git-fixes).
- commit c8b2fc6
- blacklist.conf: s390/maccess: rework absolute lowcore accessors
- commit 6e763ee
- blacklist.conf: s390/smp: cleanup control register update routines
- commit 869cbe8
- blacklist.conf: s390/smp: cleanup target CPU callback starting
- commit ac0ad39
- blacklist.conf: s390/dump: fix old lowcore virtual vs physical address confusion
- commit f2ccc2e
- blacklist.conf: s390/traps: improve panic message for translation-specification exception
- commit 1cb3dd4
- blacklist.conf: s390/dump: fix os_info virtual vs physical address confusion
- commit 82b75e7
- blacklist.conf: LLVM test case fix
- commit 8a6e662
- s390/vdso: remove -nostdlib compiler flag (git-fixes
  bsc#1211714).
- commit 3aedab5
- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- commit 3a70444
- Update
  patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit 1bf4240
- Update
  patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit a4b9147
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems
  (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more
  than once (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
  (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages
  (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in
  nilfs_evict_inode() (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short
  cables (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
  (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT
  (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits
  (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
  (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind
  (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring
  (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
  backtrace (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in
  iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
  (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning
  (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
  (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue
  (git-fixes).
- regmap: cache: Return error in cache sync operations for
  REGCACHE_NONE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- commit 17eb14e
- Input: xpad - add constants for GIP interface numbers
  (git-fixes).
- commit ae95fb0
- mmc: sdhci-esdhc-imx: make "/no-mmc-hs400"/ works (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio
  header (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery
  data (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials
  (git-fixes).
- HID: logitech-hidpp: Don't use the USB serial for USB devices
  (git-fixes).
- Bluetooth: L2CAP: fix "/bad unlock balance"/ in
  l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers
  (git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
  acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null
  pointer (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition
  (bsc#1211449).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and
  finish (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare()
  and buffer_finish() (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
  (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds
  better (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type
  (git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
  (git-fixes).
- HID: wacom: Force pen out of prox if no events have been
  received in a while (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- commit d814c1f
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
  bsc#1211693).
- s390/dasd: fix hanging blockdevice after request requeue
  (git-fixes bsc#1211687).
- s390/kprobes: fix current_kprobe never cleared after kprobes
  reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
  post_handler (git-fixes bsc#1211689).
- s390/mem_detect: fix detect_memory() error handling (git-fixes
  bsc#1211691).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
  bsc#1211690).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
  bsc#1211692).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
  bsc#1211686).
- commit dcbf1cc
- dmaengine: idxd: Only call idxd_enable_system_pasid() if
  succeeded in enabling SVA feature (git-fixes).
- commit bdaf824
- kABI workaround for mt76_poll_msec() (git-fixes).
- commit 8310024
- wifi: mt76: mt7921e: improve reliability of dma reset
  (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: add flexible polling wait-interval support
  (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without
  Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling
  (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid
  is read (git-fixes).
- commit 5f45933
- Update
  patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
  (git-fixes CVE-2023-2162 bsc#1210647).
- commit ef8f1cf
- configfs: fix possible memory leak in configfs_create_dir()
  (git-fixes).
- debugfs: fix error when writing negative value to atomic_t
  debugfs file (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (git-fixes).
- commit 1a0085a
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
  (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf:
  Rename {leaf,usbcan}_cmd_error_event to
  {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
  (git-fixes).
- commit 686ab31
- can: kvaser_usb_leaf: Fix overread with an invalid command
  (git-fixes).
- commit 9e9ebea
- drivers: base: dd: fix memory leak with using debugfs_lookup()
  (git-fixes).
- drivers: base: component: fix memory leak with using
  debugfs_lookup() (git-fixes).
- commit 537af53
- virtio_net: suppress cpu stall when free_unused_bufs
  (git-fixes).
- commit da7bbcd
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- commit ab5927c
- virtio_net: bugfix overflow inside xdp_linearize_page()
  (git-fixes).
- commit 7b42c19
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
  (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
  (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after
  removal (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- commit bc3d0e5
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and
  dwc3_gadget_resume() (git-fixes).
- commit b5c53da
- virtio-net: Keep stop() to follow mirror sequence of open()
  (git-fixes).
- commit 0d2ec00
- virtio-net: execute xdp_do_flush() before napi_complete_done()
  (git-fixes).
- commit 1fe332b
- tools/virtio: fix the vringh test for virtio ring changes
  (git-fixes).
- commit 7846dae
- vhost/net: Clear the pending messages when the backend is
  removed (git-fixes).
- commit ed68aca
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- commit 5a7e7d8
- virtio_net: split free_unused_bufs() (git-fixes).
- commit 00244a7
- tools/virtio: compile with -pthread (git-fixes).
- commit efe7e12
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
  (git-fixes).
- commit 97aa26c
- tools/virtio: fix virtio_test execution (git-fixes).
- commit ab7f233
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- commit a4fbbfa
- blacklist.conf: add 838d6d3461db ("/virtio: unexport virtio_finalize_features"/)
- commit daac2ad
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- commit a805982
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- commit 7af3d10
- blacklist.conf: black list non applicable fix
- commit 0b43409
- power: supply: bq24190_charger: using pm_runtime_resume_and_get
  instead of pm_runtime_get_sync (git-fixes).
- Refresh
  patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch.
- commit 32112a8
- net: skip virtio_net_hdr_set_proto if protocol already set
  (git-fixes).
- commit 04b2165
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- commit b034548
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- commit bc9efec
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- commit 5d5e37e
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- commit 5ca599d
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- commit 711a6c8
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- commit dc85357
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- commit f6fa4f5
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- commit 9b285aa
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- commit 4de26a7
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit c8c1599
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/alternative: Support relocations in alternatives
  (bsc#1206578).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- commit 3be7202
- net: virtio_net_hdr_to_skb: count transport header in UFO
  (git-fixes).
- commit 435a431
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- commit 4efb06a
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- commit 39f5ae5
- usb: dwc3: Fix ep0 handling when getting reset while doing
  control transfer (git-fixes).
- commit acaaa13
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- commit 838022e
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- commit 19b0a32
- usb: dwc3: gadget: Only End Transfer for ep0 data phase
  (git-fixes).
- commit 7e9b934
- usb: dwc3: remove a possible unnecessary 'out of memory'
  message (git-fixes).
- commit 59239b9
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Wait-for-ep0-xfers-to-complete-durin.patch.
- commit 4a16748
- usb: dwc3: drd: use helper to get role-switch-default-mode
  (git-fixes).
- commit ee299c9
- tracing: Fix permissions for the buffer_percent file
  (git-fixes).
- commit 0318a81
- ring-buffer: Sync IRQ works before buffer destruction
  (git-fixes).
- commit a78e19a
- ring-buffer: Ensure proper resetting of atomic variables in
  ring_buffer_reset_online_cpus (git-fixes).
- commit 2b75346
- ring-buffer: Fix kernel-doc (git-fixes).
- commit 6ecbbdc
- net: qrtr: correct types of trace event parameters (git-fixes).
- commit dbac4e1
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit 6ed4e1b
- usb: dwc3: ep0: Don't prepare beyond Setup stage (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch.
- commit eccafbc
- ipv6: sr: fix out-of-bounds read when setting HMAC data
  (bsc#1211592).
- commit 5a240f0
- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- commit 9ac2993
- power: supply: bq24190: Fix use after free bug in bq24190_remove
  due to race condition (CVE-2023-33288 bsc#1211590).
- commit 373505c
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC
  Self-IPI (git-fixes).
- commit 742c6c3
- KVM: x86/vmx: Do not skip segment attributes if unusable bit
  is set (git-fixes).
- commit 9eaecda
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
  (git-fixes).
- commit 30d94a9
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
  support global_ctrl (git-fixes).
- commit aa84341
- KVM: x86: Protect the unused bits in MSR exiting flags
  (git-fixes).
- commit 28b2cff
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
  (git-fixes).
- commit 4df9796
- KVM: x86: do not set st->preempted when going back to user space
  (git-fixes).
- commit 757f49a
- KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization
  failure (git-fixes).
- commit f034027
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
  (git-fixes).
- commit 71266ce
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
  (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
  (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "/droping"/ -> "/dropping"/ (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit e7ab3d9
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
  bugs (git-fixes).
- commit 0592eea
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
  is advertised (git-fixes).
- commit b3bd831
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
  catchup mode (git-fixes).
- commit 61c19ae
- KVM: x86: Report deprecated x87 features in supported CPUID
  (git-fixes).
- commit f103d79
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
  (git-fixes).
- commit 28c6c36
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
  eVMCS (git-fixes).
- commit aa258cd
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
  shadow (git-fixes).
- commit 10c2c56
- kernel-source: Remove unused macro variant_symbols
- commit 915ac72
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
  (git-fixes).
- commit 7736978
- KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (git-fixes).
- commit a6f9309
- blacklist.conf: add 9dba4d24cbb55 ("/86/kvm: remove unused ack_notifier
  callbacks"/
- commit 7c642cd
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
  (git-fixes).
- commit 28c590c
- s390/extmem: return correct segment type in __segment_load()
  (bsc#1210450 git-fixes).
- commit 0040ffc
- s390/uaccess: add missing earlyclobber annotations to __clear_user()
  (bsc#1209856 git-fixes).
- commit 66fb793
- xen/netback: use same error messages for same errors
  (git-fixes).
- commit a7eb923
- powerpc/iommu: DMA address offset is incorrectly calculated
  with 2MB TCEs (jsc#SLE-19556 git-fixes).
- commit 893c217
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- commit 0720e89
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers
  (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in
  ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
  (git-fixes).
- commit b351847
- vc_screen: reload load of struct vc_data pointer in vcs_write()
  to avoid UAF (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt
  (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
  (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't
  in use (bsc#1210165).
- xhci: Fix incorrect tracking of free space on transfer rings
  (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle
  (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show
  (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
  (git-fixes).
- commit 8584d07
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
  (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another
  HP laptop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
  (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- commit 6ddb5bd
- drm/msm/dpu: Remove duplicate register defines from INTF
  (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions
  (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
  (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings
  (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static
  (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion
  15 (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free
  (git-fixes).
- commit 473b547
- Move upstreamed media patches into sorted section
- commit 201322a
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
  bsc#1205758).
- commit 93a2fd7
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
  (CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
  dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
  dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
  dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
  wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
  dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit 3c0eba9
- can: kvaser_pciefd: Disable interrupts in probe error path
  (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
  (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling
  interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly
  requested (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in
  kvaser_pciefd_stop() (git-fixes).
- wifi: iwlwifi: mvm: don't trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
  (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list
  (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
  (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- cassini: Fix a memory leak in the error handling path of
  cas_init_one() (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- selftets: seg6: disable rp_filter by default in
  srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for
  srv6_end_dt4_l3vpn_test (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer()
  (git-fixes).
- selftests/sgx: Add "/test_encl.elf"/ to TEST_FILES (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
  (git-fixes).
- commit 41844ce
- Update References
  patches.suse/bluetooth-Perform-careful-capability-checks-in-hci_s.patch
  (git-fixes bsc#1210533 CVE-2023-2002).
- commit 0d52fb3
- net: sched: sch_qfq: prevent slab-out-of-bounds in
  qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit 8a9beae
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling
  legacy gfx ras (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled
  in suspend (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus
  KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for
  GDIX1002 ts on the Juno Tablet (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- HID: wacom: Set a default resolution for older tablets
  (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and
  319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
  (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- commit 2af09b7
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- commit 5df9068
- cifs: fix sharing of DFS connections (bsc#1208758).
- commit eca9f8a
- cifs: avoid potential races when handling multiple dfs tcons
  (bsc#1208758).
- commit 63e23c3
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
  (bsc#1208758).
- commit afe04d7
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- commit e5ca6c5
- cifs: fix potential use-after-free bugs in
  TCP_Server_Info::hostname (bsc#1208758).
- commit c684f06
- cifs: protect session status check in smb2_reconnect()
  (bsc#1208758).
- commit a5777d5
- smb3: move some common open context structs to smbfs_common
  (bsc#1193629).
- commit 584d68d
- smb3: make query_on_disk_id open context consistent and move
  to common code (bsc#1193629).
- commit c9e01f8
- cifs: missing lock when updating session status (bsc#1193629).
- commit 54a1882
- SMB3: Add missing locks to protect deferred close file list
  (git-fixes).
- commit de29309
- cifs: avoid dup prefix path in dfs_get_automount_devname()
  (git-fixes).
- commit ed1670a
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- commit afc9290
- Refresh
  patches.suse/net-ice-Add-support-for-enable_iwarp-and-enable_roce.patch.
- Delete
  patches.suse/devlink-Add-enable_iwarp-generic-device-param.patch.
  Fixed broken kABI (bsc#1208050 bsc#1211414).
- commit 118de8c
- Refresh
  patches.suse/net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch.
  Fix backport.
- commit 6887ae9
- HID: microsoft: Add rumble support to latest xbox controllers
  (bsc#1211280).
- commit a92cf6c
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- commit 9c4a05e
- net: mana: Check if netdev/napi_alloc_frag returns single page
  (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines
  (bsc#1210551).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Enable RX path to handle various MTU sizes
  (bsc#1210551).
- net: mana: Refactor RX buffer allocation code to prepare for
  various MTU (bsc#1210551).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mana: Add new MANA VF performance counters for easier
  troubleshooting (bsc#1209982).
- commit ac98332
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest
  (git-fixes)
- commit ef4b42f
- ACPI: tables: Add support for NBFT (bsc#1195921).
- commit 90b0d13
- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset
  (v2) (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order
  (git-fixes).
- gve: Remove the code of clearing PBA bit (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only
  (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
  (git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND
  if unset (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
  (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- selftests/resctrl: Check for return value after write_schemata()
  (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific
  branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory()
  did not alloc mem (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
  (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
  register (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod
  (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One
  7 B1-750 (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County'
  NUC M15 (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init()
  for dpcm (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq()
  and writeq() (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation
  (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
  (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of
  pm_runtime_get_sync (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments
  (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
  (git-fixes).
- serial: stm32: re-introduce an irq flag condition in
  usart_receive_chars (git-fixes).
- media: rcar_fdp1: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- commit c094bdc
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
  (git-fixes).
- commit d64e14c
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX
  handler (git-fixes).
- commit 56061d9
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
  (git-fixes).
- commit a6ab5bb
- KVM: SVM: Fix benign "/bool vs. int"/ comparison in svm_set_cr0()
  (git-fixes).
- commit f475ade
- KVM: SVM: hyper-v: placate modpost section mismatch error
  (git-fixes).
- commit 816e1bf
- KVM: SVM: Fix potential overflow in SEV's
  send|receive_update_data() (git-fixes).
- commit 16c4f84
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry
  (git-fixes).
- commit aed233d
- platform/x86: thinkpad_acpi: Fix platform profiles on T490
  (git-fixes).
- commit 1c69e0b
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
  (git-fixes).
- commit 81f590f
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
  (git-fixes).
- commit 77c8954
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR
  is deliberate (git-fixes).
- commit b84688a
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC
  reconfigure race (git-fixes).
- commit 5d05f90
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- commit b1c4544
- x86/amd: Use IBPB for firmware calls (git-fixes).
- Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- commit 98a0873
- KVM: nVMX: Inject #GP, not #UD, if "/generic"/ VMXON CR0/CR4
  check fails (git-fixes).
- commit 8d3f5e6
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- commit 55ad85a
- x86/bugs: Add "/unknown"/ reporting for MMIO Stale Data (git-fixes).
- commit c9d308d
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
  (git-fixes).
- commit 341c774
- ECO for QAT driver update was approved (PED-3955).
  Allow kABI changes below drivers/crypto/qat and remove
  the corresponding kABI padding patch.
- commit d46b3f1
- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit b61badb
- x86/bugs: Warn when "/ibrs"/ mitigation is selected on Enhanced IBRS  parts (git-fixes).
- commit 309477d
- x86/alternative: Report missing return thunk details (git-fixes).
- commit a6de731
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
  (git-fixes).
- commit b95c292
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
  (git-fixes).
- commit 028e88b
- blacklist.conf: Blacklist already integrated patch
- commit f08adc0
- blacklist.conf: Remove alread-integrated patch
- commit 6038830
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- commit f34367a
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag
  (git-fixes).
- commit 4d26615
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like
  (git-fixes).
- commit 1c41646
- KVM: x86: Mask off unsupported and unknown bits of
  IA32_ARCH_CAPABILITIES (git-fixes).
- commit e7d58ae
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
  (git-fixes).
- commit 31729ed
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- commit e94cf3b
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- commit 7aef2ca
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- commit 1e49eb1
- Fix bug reference.
- Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch
  (bsc#1195655 ltc#195733 git-fixes).
- Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch
  (bsc#1195655 ltc#195733).
- commit 75b352e
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
  (git-fixes).
- commit 8e78e7b
- KVM: arm64: Don't arm a hrtimer for an already pending timer (git-fixes)
- commit 7242bab
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- commit 24e09a6
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- commit 94fc8c2
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- commit a2031d5
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- commit 57c82ed
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- commit 4084e39
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- commit 80e5dc8
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- commit b34a907
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- commit 18fdaaf
- powerpc/rtas: use memmove for potentially overlapping buffer
  copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
  (bsc#1065729).
- commit a0f9fd4
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- commit 1e56a5b
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- commit 32b2eb1
- KVM: arm64: Don't return from void function (git-fixes)
- commit 929b4b8
- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- commit d5c7f0a
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- commit c528fa6
- KVM: Don't create VM debugfs files outside of the VM directory (git-fixes)
- commit f35aa14
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- commit 5c67650
- Revert "/KVM: set owner of cpu and vm file operations"/ (git-fixes)
- commit 641eec4
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- commit d75ff37
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- commit e7649a0
- KVM: Disallow user memslot with size that exceeds "/unsigned long"/ (git-fixes)
- commit 3d5e854
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes)
  Enable workaround and fix kABI breakage.
- commit 65ad1d7
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 66d6673
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- commit f8b8352
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter
  (bsc#1210741 jsc#PED-4022).
- Update config files.
- supported.conf: mark mana_ib supported
- commit 1a4c2c7
- net: mana: Move header files to a common location (bsc#1210741
  jsc#PED-4022).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 5b586a1
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for
  registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
  (bsc#1210741 jsc#PED-4022).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741
  jsc#PED-4022).
- commit 34e74c1
- net: mana: Define data structures for protection domain and
  memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page
  from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define and process GDMA response code
  GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741
  jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741
  jsc#PED-4022).
- net: mana: Export Work Queue functions for use by RDMA driver
  (bsc#1210741 jsc#PED-4022).
- net: mana: Set the DMA device max segment size (bsc#1210741
  jsc#PED-4022).
- net: mana: Handle vport sharing between devices (bsc#1210741
  jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region
  (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for auxiliary device (bsc#1210741
  jsc#PED-4022).
- commit f92c525
- KVM: nVMX: add missing consistency checks for CR0 and CR4
  (bsc#1210294 CVE-2023-30456).
- commit ef9d3af
- blacklist.conf: cleanup of a comment
- commit 84e5a2f
- blacklist.conf: dependencies cannot be met
- commit e3d82fb
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm
  (bsc#1207553).
- commit f66a3d1
- apparmor: add a kernel label to use on kernel objects
  (bsc#1211113).
- commit 51d9c3d
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- commit 0291fd1
- crypto: acomp - define max size for destination (jsc#PED-3692)
- commit 85592d8
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- commit e4a787e
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- commit 0a12d82
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- commit 84eb593
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- commit b8f6153
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- commit 4cc71cc
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- commit add926d
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- commit 53057db
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- commit e94a222
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- commit 6fb4fa4
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- commit babeef7
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- commit 8fbb831
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- commit 57cf8db
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- commit 191d933
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- commit 8033e5b
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- commit 2893932
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- commit 638d767
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- commit da7d730
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- commit 9d2ec7c
- crypto: qat - change behaviour of (jsc#PED-3692)
- commit 88b302a
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- commit c9aee29
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- commit b693728
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- commit e064970
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- commit f05d9dc
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- commit 68596ea
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- commit e4d21be
- crypto: qat - add param check for DH (jsc#PED-3692)
- commit da607b7
- crypto: qat - add param check for RSA (jsc#PED-3692)
- commit 7eefa16
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- commit 624d1d0
- crypto: qat - refactor submission logic (jsc#PED-3692)
- commit b8e53cb
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- commit bd15683
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- commit c617c8f
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- commit b866596
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- commit e40b5cb
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- commit 02bc64e
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- commit 4d65255
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- commit b225eca
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- commit 2b6fd0a
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- commit 1e0a7c3
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- commit c5057e2
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- commit 9de3f9b
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- commit a8dbb60
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- commit 1848290
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- commit 1cf3054
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- commit a02a4ee
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- commit 56dd6e7
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- commit dd0685f
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- commit e463f30
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- commit c63cf22
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- commit 29cae5c
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- commit 988ee72
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- commit d524451
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- commit 5536852
- crypto: qat - add misc workqueue (jsc#PED-3692)
- commit cb5c3b7
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- commit 89bd3f8
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- commit a7f67e3
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- commit 151593d
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- commit dfc51e6
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- commit 8557674
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- commit 5d143f2
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- commit 916a77e
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- commit 6601ff4
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- commit e8ce44d
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- commit 986f0e6
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- commit 7d28fba
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- commit 6155681
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- commit 77f298d
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- commit da2daed
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- commit a184282
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- commit e08ef29
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- commit 77c5d55
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- commit 22808a8
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- commit 529c178
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- commit 2cfdf60
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- commit 192475a
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- commit 029b3f8
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- commit b21ae8f
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- commit 86b6de1
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- commit c36c1b5
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- commit 5a6ccb5
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- commit 6bc8ecc
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- commit 69ac24d
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- commit a09ab7d
- crypto: qat - do not rely on min version (jsc#PED-3692)
- commit 1fbc50a
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- commit bd91022
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- commit ce27ee1
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- commit 07d0530
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- commit dfcb218
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- commit ebf7e16
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- commit 4ac3bf8
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- commit 3228a9b
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- commit 7a44395
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- commit 5960736
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- commit 1aa65a8
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- commit 53e0309
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- commit b869385
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- commit 27aa4db
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- commit 375be54
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- commit 253518f
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- commit b8f6615
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- commit 2d2c8ab
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- commit 08b5439
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- commit 32a2e31
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- commit b27b05c
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- commit c5402df
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- commit ef47805
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- commit 3c38713
- crypto: qat - extract send and wait from (jsc#PED-3692)
- commit d88c673
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- commit 688556e
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- commit 4f0c483
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- commit 7d933b4
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- commit f443d35
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- commit 4276cd3
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- commit 89e9e5e
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- commit abcbfac
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- commit 227e146
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- commit a4d86dd
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- commit e9e0672
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- commit 4f29ad0
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- commit 49708c6
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- commit dd303d7
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- commit 167b6ae
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- commit 0767718
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- commit 8a91dc4
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- commit df8b85d
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- commit dbe426c
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- commit ac1c697
- sfc: fix TX channel offset when using legacy interrupts
  (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- commit 03bb08f
- workqueue: Print backtraces from CPUs with hung CPU bound
  workqueues (bsc#1211044).
- commit edb7f74
- workqueue: Warn when a rescuer could not be created
  (bsc#1211044).
- commit bbf3c79
- workqueue: Interrupted create_worker() is not a repeated event
  (bsc#1211044).
- commit 86794c5
- workqueue: Warn when a new worker could not be created
  (bsc#1211044).
- commit eb3a726
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 3a59651
- x86/boot: Skip realmode init code when running as Xen PV guest   (git-fixes).
- Refresh    patches.kabi/kABI-Fix-kABI-after-x86-mm-cpa-Generalize-__set_memo.patch.
- commit e90b7a1
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 4d4fa6d
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- commit d3c6791
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-correct-WC-error-for-bind-operatio.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-error-on-MR-deregister-CQP-failure.patch.
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 11ed66b
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- RDMA/irdma: Do not generate SW completions for NOPs
  (jsc#SLE-18383).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
  (git-fixes).
- sfc: ef10: don't overwrite offload features at NIC reset
  (git-fixes).
- gve: Cache link_speed value from device (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- iavf: Do not restart Tx queues after reset task failure
  (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- net: tun: fix bugs for oversize packet when napi frags enabled
  (git-fixes).
- sfc: include vport_id in filter spec hash and equal()
  (git-fixes).
- sfc: Change VF mac via PF as first preference if available
  (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit
  (git-fixes).
- RDMA/irdma: Fix drain SQ hang with no completion
  (jsc#SLE-18383).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
  (git-fixes).
- sfc: fix considering that all channels have TX queues
  (git-fixes).
- RDMA/irdma: Add SW mechanism to generate completions on error
  (jsc#SLE-18383).
- commit b8a7c09
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit ca9f52b
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- commit d9bb4d3
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- commit 4d91aa8
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- commit 9499df5
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd
- act_mirred: use the backlog for nested calls to mirred ingress
  (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
  excessive stack growth (CVE-2022-4269 bsc#1206024).
- commit 0660aaf
- netfilter: nf_tables: deactivate anonymous set from preparation
  phase (CVE-2023-32233 bsc#1211043).
- commit a0bdb58
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
  (jsc#SLE-19255).
- ixgbe: Enable setting RSS table to default values
  (jsc#SLE-18384).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- i40e: fix i40e_setup_misc_vector() error handling
  (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock
  (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test
  (jsc#SLE-18378).
- i40e: fix flow director packet filter programming
  (jsc#SLE-18378).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- igc: fix the validation logic for taprio's gate list
  (jsc#SLE-18377).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
  (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing
  (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash
  (jsc#SLE-18385).
- i40e: Fix kernel crash during reboot when adapter is in recovery
  mode (jsc#SLE-18378).
- igb: conditionalize I2C bit banging on external thermal sensor
  support (jsc#SLE-18379).
- ixgbe: add double of VLAN header when computing the max MTU
  (jsc#SLE-18384).
- i40e: add double of VLAN header when computing the max MTU
  (jsc#SLE-18378).
- ixgbe: allow to increase MTU to 3K with XDP enabled
  (jsc#SLE-18384).
- i40e: Add checking for null for nlmsg_find_attr()
  (jsc#SLE-18378).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in
  igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iavf/iavf_main: actually log ->src mask when talking about it
  (jsc#SLE-18385).
- igc: Fix PPS delta between two synchronized end-points
  (jsc#SLE-18377).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- igc: Set Qbv start_time and end_time to end_time if not being
  configured in GCL (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time
  (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit
  (jsc#SLE-18377).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- i40e: Fix the inability to attach XDP program on downed
  interface (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove
  (jsc#SLE-18385).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
  (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF
  (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
  (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
  (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
  (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules
  (jsc#SLE-18378).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
  (jsc#SLE-18384).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- iavf: Fix 'tc qdisc show' listing too many queues
  (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- i40e: Fix interface init with MSI interrupts (no MSI-X)
  (jsc#SLE-18378).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
  (jsc#SLE-18385).
- i40e: Fix erroneous adapter reinitialization during recovery
  process (jsc#SLE-18378).
- igc: Reinstate IGC_REMOVED logic and implement it properly
  (jsc#SLE-18377).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- ice: Fix interrupt moderation settings getting cleared
  (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
  (jsc#SLE-18375).
- commit 80d0092
- ACPI: processor: Fix evaluating _PDC method when running as
  Xen dom0 (git-fixes).
- commit 9762d65
- xen/netback: don't do grant copy across page boundary
  (git-fixes).
- commit f4517dd
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
  (git-fixes).
- commit 46b1fec
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt
  (bsc#1210775).
- commit 2b91689
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
  (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input
  methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- commit 9ac9894
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- commit bec3ff8
- Update references to patch
  patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
  (git-fixes bsc#1209287 CVE-2023-1380).
- commit 1374551
- Remove obsolete rpm spec constructs
  defattr does not need to be specified anymore
  buildroot does not need to be specified anymore
- commit c963185
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
  obsoletes correctly (boo#1172073 bsc#1191731).
  rpm only supports full length release, no provides
- commit c9b5bc4
- bnxt_en: Do not initialize PTP on older P3/P4 chips
  (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping
  (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest
  (jsc#SLE-18978).
- qed/qed_sriov: guard against NULL derefs from
  qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
  (jsc#SLE-19001).
- qed/qed_dev: guard against a possible division by zero
  (jsc#SLE-19001).
- bnxt_en: Avoid order-5 memory allocation for TPA data
  (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- qede: execute xdp_do_flush() before napi_complete_done()
  (jsc#SLE-19001).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
  (jsc#SLE-18992).
- bnxt: prevent skb UAF after handing over to PTP worker
  (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on
  57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features
  (jsc#SLE-18978).
- commit aee4a77
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- commit bb4fcce
- watchdog: dw_wdt: Fix the error handling path of
  dw_wdt_drv_probe() (git-fixes).
- commit 01087d8
- Update tags in
  patches.suse/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
  (bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit ce8b695
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- commit 91bdec8
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- commit 4cd1b96
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit 01bca28
- x86/crash: Disable virt in core NMI crash handler to avoid double  shootdown (git-fixes).
- commit aa4ba49
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- commit fa7132b
- x86/microcode: Check CPU capabilities after late microcode update  correctly (git-fixes).
- commit a7e591b
- x86/microcode: Add a parameter to microcode_check() to store CPU  capabilities (git-fixes).
- commit 24950dd
- Update
  patches.suse/net-qcom-emac-Fix-use-after-free-bug-in-emac_remove-.patch
  (bsc#1211037 CVE-2023-2483).
- commit b748693
- Refresh
  patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch.
- commit 0cbc080
- PM: hibernate: Turn snapshot_test into global variable
  (git-fixes).
- Refresh
  patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch.
- commit df2c292
- PM: hibernate: Do not get block device exclusively in
  test_resume mode (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path
  (git-fixes).
- commit 5109b71
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1
  (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for
  usb2_port and ulpi_port (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels
  (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA
  processing (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer
  (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- commit d0a5bb0
- blacklist.conf: cleanup designed to break kABI
- commit d13ef2b
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
  wmm_idx (git-fixes).
- commit 06c84d1
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
  (git-fixes).
- commit 2260701
- blacklist.conf: add nvme git-fixes
- commit e6d21df
- nvme: fix discard support without oncs (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
  (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns
  (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns
  (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvmet: use a private workqueue instead of the system workqueue
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-don-t-defer-passthrough-commands-with-trivial-.patch
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- commit d34faf0
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- commit 4e894db
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 5998565
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
  This is a preparation for the next patch
- commit bde7887
- blacklist.conf: Disable already integrated patch
  Despite not having it as a separate commit we already have
  x86_spec_ctrl_current declared via DECLARE_PER_CPU
- commit 3a23dac
- x86: drop bogus "/cc"/ clobber from __try_cmpxchg_user_asm() (git-fixes).
- commit 821679e
- blacklist.conf: Blacklist i386 speculation fix
  We don't care about 32 bit so might as well blacklist this commit
- commit 85cd434
- x86: Fix return value of __setup handlers (git-fixes).
- commit 4af5381
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 4ec04e5
- blacklist.conf: the commit might cause regression (bsc#1210947)
- commit 373f459
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- commit b654685
- x86, sched: Fix undefined reference to init_freq_invariance_cppc()  build error (git-fixes).
- commit 2520bfd
- blacklist.conf: add one char git-fixes
- commit 442298b
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux
  configuration (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling
  output (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base
  (git-fixes).
- leds: tca6507: Fix error handling of using
  fwnode_property_read_string (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it
  (git-fixes).
- commit d6008ec
- xfs: verify buffer contents when we skip log replay (bsc#1210498
  CVE-2023-2124).
- commit c6f30c5
- usb: mtu3: fix kernel panic at qmu transfer done irq handler
  (git-fixes).
- commit 7fcf832
- blacklist.conf: prerequisites break kABI
- commit 0cfe9b1
- struct ci_hdrc: hide new member at end (git-fixes).
- commit d06f402
- usb: chipidea: core: fix possible concurrent when switch role
  (git-fixes).
- commit d07905a
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE
  This new form was added in commit e89c2e815e76 ("/riscv: Handle
  zicsr/zifencei issues between clang and binutils"/).
- commit 234baea
- commit 84d7ba8
- commit d292a81
libcap
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
  (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
  (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
libjansson
- Update to 2.14 (boo#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
    corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime
    version checking
    + Add json_object_update_new(), json_object_update_existing_new()
    and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
    that can be omitted if null (#339).
    + Add `json_error_code()` to retrieve numeric error codes
    (#365, #380, #381).
    + Enable thread safety for `json_dump()` on all systems.
    Enable thread safe `json_decref()` and `json_incref()` for
    modern compilers (#389).
    + Add `json_sprintf()` and `json_vsprintf()` (#393).
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object (#409).
    + Avoid invalid memory read in `json_pack()` (#421).
    + Call va_end after va_copy in `json_vsprintf()` (#427).
    + Improve handling of formats with '?' and '*' in `json_pack()`
    (#438).
    + Remove inappropriate `jsonp_free()` which caused
    segmentation fault in error handling (#444).
    + Fix incorrect report of success from `json_dump_file()` when
    an error is returned by `fclose()` (#359).
    + Make json_equal() const-correct (#344).
    + Fix incomplete stealing of references by `json_pack()` (#374)
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
libzypp
- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- version 17.31.14 (22)
- curl: Trim user agent string (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. Violation
  results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)
- Do not unconditionally release a medium if provideFile failed
  (bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)
openldap2
- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
  * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
openssl-1_1
- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Add openssl-CVE-2022-4304.patch
  * Removed patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
  * Refreshed patches:
  - openssl-CVE-2023-0464.patch
  - openssl-CVE-2023-0465.patch
- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch
python-ply

      
python3
- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.
- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).
- Use python3 modules to build the documentation.
runc
- Update to runc v1.1.7. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.
- Update to runc v1.1.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
  * Fix the inability to use `/dev/null` when inside a container. bsc#1168481
    (a regression in 1.1.1). bsc#1207004
supportutils
- Changes to supportconfig version 3.1.11-46.3
  + Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
  + Added check to _sanitize_file
  + Using variable for replement text in _sanitize_file
suseconnect-ng
- Update to version 1.1.0~git2.f42b4b2a060e:
  * Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)
systemd-rpm-macros
- Bump version to 13
- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
  a chroot (bsc#1211272)
vim
- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572
  * Revert the creation standalone xxd packages
zypper
- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61