apparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff
bind
- Update to release 9.16.44
  Security Fixes:
  * Previously, sending a specially crafted message over the
    control channel could cause the packet-parsing code to run out
    of available stack memory, causing named to terminate
    unexpectedly. This has been fixed. (CVE-2023-3341)
  [bsc#1215472]
crypto-policies
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
cups
- cups-2.2.7-CVE-2023-4504.patch fixes CVE-2023-4504
  "CUPS PostScript Parsing Heap Overflow"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
  bsc#1215204

- cups-2.2.7-CVE-2023-32360.patch fixes CVE-2023-32360
  "Information leak through Cups-Get-Document operation"
  by requiring authentication for CUPS-Get-Document in cupsd.conf
  https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
  bsc#1214254
- cups-2.2.7-additional_policies.patch is an updated version
  of cups-2.0.3-additional_policies.patch that replaces it
  to add the 'allowallforanybody' policy to cupsd.conf
  after cups-2.2.7-CVE-2023-32360.patch was applied
curl
- Security fix: [bsc#1215026, CVE-2023-38039]
  * http: return error when receiving too large header
  * Add curl-CVE-2023-38039.patch
docker
- update to Docker 24.0.5-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch
dracut
- Update to version 055+suse.347.gdcb9bdbf:
  * fix(dracut-install): protect against broken links pointing to themselves
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)
glibc
- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
  invalidation if epoll is used (bsc#1212910, BZ #29415)

- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
  in files database (bsc#1212819, BZ #25457)

- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
  check on PT_LOAD segments (bsc#1211829, BZ #28688)
- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
  BZ #28676)
- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
  first segment (BZ #30452)
kernel-default
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit 47ff352

- cpufreq: Fix the race condition while updating the
  transition_task of policy (git-fixes).
- rpmsg: glink: Add check for kstrdup (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use
  led_blink_set_oneshot instead (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always
  false (git-fixes).
- leds: multicolor: Use rounded division when calculating color
  components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode()
  (git-fixes).
- docs: printk-formats: Fix hex printing of signed values
  (git-fixes).
- commit 1c98d58

- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git
  fixes).
- commit 4be7d48

- USB: core: Fix oversight in SuperSpeed initialization
  (bsc#1213123 CVE-2023-37453).
- commit 6b6c148

- blacklist.conf: Not a fix, relatively high risk of performance regression
- commit fd04425

- USB: core: Fix race by not overwriting udev->descriptor in
  hub_port_init() (bsc#1213123 CVE-2023-37453).
- commit a1f446d

- USB: core: Unite old scheme and new scheme descriptor reads
  (bsc#1213123 CVE-2023-37453).
- commit 9f60ef1

- Refresh
  patches.suse/0002-nvme-tcp-fix-potential-unbalanced-freeze-unfreeze.patch.
- Refresh
  patches.suse/0003-nvme-rdma-fix-potential-unbalanced-freeze-unfreeze.patch.
- commit 452e63f

- scsi: RDMA/srp: Fix residual handling (git-fixes)
- commit 429e77b

- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- commit c7f667b

- RDMA/siw: Correct wrong debug message (git-fixes)
- commit 3732fc1

- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- commit 9281d22

- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- commit 1b277c9

- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- commit e55bab1

- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- commit 0e5f5fb

- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- commit fee7fe7

- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- commit 988bb43

- RDMA/hns: Fix port active speed (git-fixes)
- commit f1ca0f2

- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- commit dd0f3ab

- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- commit e8addea

- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- commit c2623e0

- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- commit c6f50a4

- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- commit 632a598

- RDMA/umem: Set iova in ODP flow (git-fixes)
- commit ec8b3f4

- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- commit 1ff5e5f

- dmaengine: ste_dma40: Add missing IRQ check in d40_probe
  (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute
  pasid_enabled (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on
  reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328
  recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
  (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in
  fsmc_nand_resume() (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in
  oob write (git-fixes).
- mtd: rawnand: brcmnand: Fix crash during the panic_write
  (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning
  (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HID: logitech-dj: Fix error handling in
  logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput
  input_dev name (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: ov2680: Fix regulators being left enabled on
  ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which ==
  V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function
  (git-fixes).
- media: ov2680: Don't take the lock for try_fmt calls
  (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
  (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking
  interrupts (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1
  (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: rkvdec: increase max supported height for H.264
  (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send()
  (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in
  m920x_i2c_xfer() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- drivers: usb: smsusb: fix error handling code in
  smsusb_init_device (git-fixes).
- media: v4l2-core: Fix a potential resource leak in
  v4l2_fwnode_parse_link() (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf()
  (git-fixes).
- media: ad5820: Drop unsupported ad5823 from i2c_ and
  of_device_id tables (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction
  (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init()
  (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid
  wrong access (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision
  (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after
  resumption (git-fixes).
- USB: gadget: f_mass_storage: Fix unused variable warning
  (git-fixes).
- usb: phy: mxs: fix getting wrong state with
  mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter
  is 0 (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- commit 729e789

- target: compare and write backend driver sense handling
  (bsc#1177719 bsc#1213026).
- Refresh patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch.
- commit a2ae103

- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- commit 586e58b

- Add cherry-picked if to fbdev patch
- commit 32815f6

- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360
  15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable
  mute LED (git-fixes).
- commit 2c05a9a

- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- commit 3ba2db1

- PCI: microchip: Remove cast between incompatible function type
  (git-fixes).
- PCI: meson: Remove cast between incompatible function type
  (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets
  (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument
  (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf()
  (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter
  (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer
  dereference (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
  (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources()
  only for non-root bus (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary
  (git-fixes).
- commit 10e5d93

- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock
  (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false
  (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional
  (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: Don't leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards
  (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in
  amdgpu_device_attr_create() (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail
  (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format
  for AUO T215HVN01 (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/armada: Fix off-by-one error in
  armada_overlay_get_property() (git-fixes).
- drm/atomic-helper: Update reference to
  drm_crtc_force_disable_all() (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
  (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths
  (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- commit a3652b5

- docs: kernel-parameters: Refer to the correct bitmap function
  (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
  (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
  (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe
  (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for
  393216000/361267200Hz (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would
  be a no-op (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in
  _of_pll_clk_init() (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
  (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
  (git-fixes).
- drm/amdgpu: avoid integer overflow warning in
  amdgpu_device_resize_fb_bar() (git-fixes).
- drm/bridge: anx7625: Drop device lock before
  drm_helper_hpd_irq_event() (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5
  (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device
  (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device
  (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device
  (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order
  (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child()
  (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe
  error (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled
  (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled
  (git-fixes).
- commit 08c4f7b

- Kbuild: add -Wno-shift-negative-value where -Wextra is used
  (bsc#1214756).
- commit 8140064

- rpm/mkspec-dtb: support for nested subdirs
  Commit 724ba6751532 ("ARM: dts: Move .dts files to vendor
  sub-directories") moved the dts to nested subdirs, add a support for
  that. That is, generate a %dir entry in %files for them.
- commit 6484eda

- wifi: mwifiex: Fix missed return in oob checks failed path
  (git-fixes).
- commit 9baf357

- nilfs2: fix WARNING in mark_buffer_dirty due to discarded
  buffer reuse (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER
  (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/
  (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement
  with a lock (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference
  (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color
  attribute (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
  (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys
  (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info()
  (git-fixes).
- Bluetooth: nokia: fix value check in
  nokia_bluetooth_serdev_probe() (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor
  management (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch
  (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
  (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary
  antenna only (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
  (git-fixes).
- wifi: rtw89: debug: Fix error handling in
  rtw89_debug_priv_btc_manual_set() (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow
  errors also in case of OOM (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls
  (git-fixes).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing
  (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered
  (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
  (git-fixes).
- spi: tegra20-sflash: fix to check return value of
  platform_get_irq() in tegra_sflash_probe() (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations
  (git-fixes).
- commit 243ba95

- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- commit 8393e27

- Kbuild: move to -std=gnu11 (bsc#1214756).
- commit ef844c1

- blacklist.conf: kABI
- commit 382e160

- netfilter: nf_tables: deactivate catchall elements in next
  generation (bsc#1214729 CVE-2023-4569).
- commit 6289fe5

- netfs: fix parameter of cleanup() (bsc#1214743).
- netfs: Fix lockdep warning from taking sb_writers whilst
  holding  mmap_lock (bsc#1214742).
- commit bb32ecc

- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/resctrl: Close perf value read fd on errors
  (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run
  benchmark (git-fixes).
- selftests/resctrl: Don't leak buffer in fill_cache()
  (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints
  table (git-fixes).
- selftests/harness: Actually report SKIP for signal tests
  (git-fixes).
- pstore/ram: Check start of empty przs during init (git-fixes).
- commit ad35b22

- Move upstreamed powerpc patches into sorted section
- commit 3a27181

- Move upstreamed HID patch into sorted section
- commit 85ada69

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit 411ade7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit 36d3f87

- intel: remove unused macros (jsc#PED-5738).
- commit 8c0592a

- e1000: Fix typos in comments (jsc#PED-5738).
- commit b74464e

- e1000: switch to napi_build_skb() (jsc#PED-5738).
- commit 8f3d353

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit b269f24

- tracing: Fix memleak due to race between current_tracer and
  trace (git-fixes).
- commit cd1e0a8

- tracing: Fix cpu buffers unavailable due to 'record_disabled'
  missed (git-fixes).
- commit 8e87d30

- ring-buffer: Do not swap cpu_buffer during resize process
  (git-fixes).
- commit e5ec19f

- xfs: fix sb write verify for lazysbcount (bsc#1214661).
- commit 29e65a8

- cpufreq: intel_pstate: Adjust balance_performance EPP for
  Sapphire Rapids (bsc#1214659).
- commit c3cfee9

- cpufreq: intel_pstate: Enable HWP IO boost for all servers
  (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- commit bd6042f

- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems
  with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927
  jsc#PED-4929).
- commit 0340dfe

- cpufreq: intel_pstate: hybrid: Use known scaling factor for
  P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 91615ae

- cpufreq: intel_pstate: Read all MSRs on the target CPU
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 639f9f6

- cpufreq: intel_pstate: hybrid: Rework HWP calibration
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- Update
  patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch
  (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 689587b

- Use the cherry-picked id for an AMDGPU patch and resort
- commit 07365e7

- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- Refresh
  patches.suse/tty-serial-fsl_lpuart-add-earlycon-for-imx8ulp-platf.patch.
- commit f34a3a2

- selftests: forwarding: tc_actions: Use ncat instead of nc
  (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller
  Hub) (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior
  tb_retimer_set_inbound_sbtx() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
  (git-fixes).
- usb: chipidea: imx: don't request QoS for imx8ulp (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in
  __gs_console_push (git-fixes).
- pcmcia: rsrc_nonstatic: Fix memory leak in
  nonstatic_release_resource_db() (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access
  (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
  (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for
  different platforms (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files
  when test is aborted (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- commit 5394953

- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- commit d60a005

- i2c: designware: Handle invalid SMBus block data response
  length value (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy
  (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB
  related warnings (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence
  pointers (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
  (git-fixes).
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse
  (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech
  G915 TKL Keyboard (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays
  (git-fixes).
- drm/amd/display: save restore hdcp state when display is
  unplugged from mst hub (git-fixes).
- iio: adc: stx104: Implement and utilize register structures
  (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- commit e2faa35

- clk: Fix slab-out-of-bounds error in devm_clk_release()
  (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
  (git-fixes).
- pinctrl: renesas: rza2: Add lock around
  pinctrl_generic{{add,remove}_group,{add,remove}_function}
  (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- dma-buf/sw_sync: Avoid recursive lock during fence signal
  (git-fixes).
- commit 7c5f1b7

- batman-adv: Hold rtnl lock during MTU update via netlink
  (git-fixes).
- commit 8468886

- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back
  (git-fixes).
- batman-adv: Do not get eth header before
  batadv_check_management_packet (git-fixes).
- batman-adv: Don't increase MTU when set by user (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- commit d59057e

- smb: client: fix null auth (git-fixes).
- commit f89a725

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- powerpc/rtas: enture rtas_call is called with MMU enabled
  (bsc#1023051).
- commit e7f7145

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 2dfd188

- Refresh patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch.
- commit 0cbb740

- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
  It caused mysterious problem wrt NVMe.
  Better to drop and blacklist for now.
- commit 2257ff2

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- commit af67897

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit eb5704d

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 8b5290e

- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
  (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel
  devices (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- commit aace9fd

- old-flavors: Drop 2.6 kernels.
  2.6 based kernels are EOL, upgrading from them is no longer suported.
- commit 7bb5087

- kunit: make kunit_test_timeout compatible with comment
  (git-fixes).
- commit e060c5b

- blacklist.conf: kABI
- commit 2db68b2

- blacklist.conf: kABI
- commit b9b490f

- blacklist.conf: specific to Clang
- commit 0d88df7

- blacklist.conf: not used in our build process
- commit 5705a43

- blacklist.conf: designed to break kABI but relevant only on big endian
- commit 3477f1d

- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk()
  test (git-fixes).
- commit 0595e9f

- blacklist.conf: cleanup
- commit 8d51620

- blacklist.conf: We do not use that tool
- commit f8ec126

- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx
  (git-fixes).
- commit d96f965

- kabi: Allow extra bugsints (bsc#1213927).
- commit fc75ce0

- Refresh patches.suse/x86-srso-add-ibpb.patch.
  CPU_IBPB_ENTRY is always on so adjust code accordingly.
- commit 0ed13bd

- Update
  patches.suse/net-vmxnet3-fix-possible-NULL-pointer-dereference-in.patch
  (bsc#1200431 bsc#1214451 CVE-2023-4459).
  Added CVE reference.
- commit 13a12f4

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 0932a11

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 4452f05

- tty: fix hang on tty device with no_room set (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- commit 22b52a9

- tty: n_gsm: fix the UAF caused by race condition in
  gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1
  for lpuart32 platforms (git-fixes).
- commit 2bc2940

- x86/static_call: Fix __static_call_fixup() (git-fixes).
- commit 57d4f01

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit c2d3421

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit f62146e

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 7f39f56

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit 13632c3

- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- commit 522332f

- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- commit d5ea86a

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 847a96f

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit 9e44d01

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 81c5e75

- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- commit fa0b815

- objtool/x86: Fix SRSO mess (git-fixes).
- commit 8bf5635

- x86/alternative: Make custom return thunk unconditional (git-fixes).
- commit a446ea5

- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- commit 06974c4

- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- commit 086adb4

- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with  retpolines and IBT (git-fixes).
- commit 9392b3c

- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- commit 99556d6

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit af52734

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 43e1da9

- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- commit 7af6810

- powerpc/rtas_flash: allow user copy to flash block cache objects
  (bsc#1194869).
- commit 0fccbf5

- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
  (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer
  (git-fixes).
- i2c: designware: Correct length byte validation logic
  (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- commit 5738f62

- supported.conf: fix typos for -!optional markers
- commit a15b83f

- ALSA: hda/realtek - Remodified 3k pull low procedure
  (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation
  (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity
  (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI
  (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and
  playback interfaces (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init()
  (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
  (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset
  (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
  (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match
  (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off
  (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according
  to the docs (git-fixes).
- commit a48515a

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit f332a85

- mkspec: Allow unsupported KMPs (bsc#1214386)
- commit 55d8b82

- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- commit 722c601

- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380).
  gcc7 on SLE 15 does not support this while later gcc does.
- commit 5b41c27

- s390/purgatory: disable branch profiling (git-fixes
  bsc#1214372).
- commit 28f91ce

- scsi: zfcp: Defer fc_rport blocking until after ADISC response
  (git-fixes bsc#1214371).
- commit 5ac3747

- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- commit 3711e45

- powerpc/kexec: Fix build failure from uninitialised variable
  (bsc#1212091 ltc#199106).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- Refresh patches.suse/powerpc-Take-in-account-addition-CPU-node-when-build.patch
- Refresh patches.suse/powerpc-kexec_file-fix-implicit-decl-error.patch
- commit c8f4ed0

- Update
  patches.suse/net-vmxnet3-fix-possible-use-after-free-bugs-in-vmxn.patch
  (bsc#1200431 bsc#1214350 CVE-2023-4387).
  Added CVE reference.
- commit 8897012

- module: avoid allocation if module is already present and ready
  (bsc#1213921).
- commit a42ca12

- module: move check_modinfo() early to early_mod_check()
  (bsc#1213921).
- commit b97680b

- module: move early sanity checks into a helper (bsc#1213921).
- commit d4f0452

- Update config files.
  run_oldconfig.sh
- CONFIG_NVME_VERBOSE_ERRORS=y          gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13   gone with 7e152d55123
- commit 7a11d4b

- module: extract patient module check into helper (bsc#1213921).
- commit de545b1

- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- commit 63c2b4e

- net: mana: Fix MANA VF unload when hardware is unresponsive
  (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats
  (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits
  (git-fixes).
- commit 66cd4bc

- powerpc/iommu: Fix iommu_table_in_use for a small default DMA
  window case (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper
  (bsc#1212091 ltc#199106).
- powerpc/iommu: don't set failed sg dma_address to
  DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
  ltc#199106).
- commit 63fd00c

- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on
  all channels (git-fixes).
- commit 8a7a168

- kernel-binary: Common dependencies cleanup
  Common dependencies are copied to a subpackage, there is no need for
  copying defines or build dependencies there.
- commit 254b03c

- kernel-binary: Drop code for kerntypes support
  Kerntypes was a SUSE-specific feature dropped before SLE 12.
- commit 2c37773

- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
  (git-fixes).
- commit 9c04620

- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR
  add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV
  device (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters
  (bsc#1212091 ltc#199106).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions
  (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: Do not try direct mapping with persistent
  memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is
  present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use
  before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window"
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property
  name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept
  property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*()
  with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor
  enable_ddw() (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerps-pseries-dma-Add-support-for-2M-IOMMU-page-si.patch
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift
  (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerpc-iommu-Limit-number-of-TCEs-to-512-for-H_STUF.patch
- commit 4f11eef

- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059
  git-fixes).
- commit f722e3b

- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- commit f8a9432

- target_core_rbd: fix leak and reduce kmalloc calls
  (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment
  (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code
  (bsc#1212857).
- file: reinstate f_pos locking optimization for regular files
  (bsc#1213759).
- commit 0469dd9

- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 3d175df

- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- commit d9c79ec

- blacklist.conf: add drivers/net/ethernet/renesas/ drivers
- commit 0c8d3f5

- sfc: fix crash when reading stats while NIC is resetting
  (git-fixes).
- commit 61c7a4c

- ice: Fix crash by keep old cfg when update TCs more than queues
  (git-fixes).
- commit 4e80ce2

- powerpc/pseries: Honour current SMT state when DLPAR onlining
  CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462
  ltc#200161 ltc#200588).
  Update config files.
- powerpc/pseries: Initialise CPU hotplug callbacks earlier
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Allow enabling partial SMT states via sysfs
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- commit 8bd8972

- sched/psi: use kernfs polling functions for PSI trigger polling
  (bsc#1209799).
- commit 4477665

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit d85264e

- ceph: don't check for quotas on MDS stray dirs (bsc#1214238).
- commit dcb3418

- iommu/dma: Fix incorrect error return on iommu deferred attach
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit c7a880f

- iommu/dma: return error code from iommu_dma_map_sg()
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit 5d989c6

- iommu/amd: Fix pci device refcount leak in ppr_notifier()
  (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and
  ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
  (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2
  (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in
  dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
  (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap
  (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging
  entries (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path
  (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT
  device to identity (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination
  (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU
  (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode
  (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait()
  (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Add PCI segment support for ivrs_ commands
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up
  to 35bit (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/arm-smmu-v3: check return value after calling
  platform_get_resource() (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in
  arm_smmu_device_probe() (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling
  (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- commit b73aa3b

- nvme-rdma: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- commit 2d8bf94

- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- commit 64aa9ec

- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- commit b1259cb

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit edd5557

- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- commit ae6500e

- iio: cros_ec: Fix the allocation size for cros_ec_command
  (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device
  match (git-fixes).
- usb: dwc3: Properly handle processing of pending events
  (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media()
  (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial
  role is none (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring
  pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- commit d86b205

- netfilter: KABI workaround for CVE-2023-3610 bsc#1213580
  (git-fixes).
- commit ecae123

- netfilter: nf_tables: fix chain binding transaction logic
  (bsc#1213580 CVE-2023-3610).
- commit 12da4f7

- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for
  pfe1100 (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes
  via iput (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on
  DCN3+ (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling
  dma_buf_mmap() (git-fixes).
- drm/rockchip: Don't spam logs in atomic check (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside
  nouveau_connector_get_modes (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard
  PHY reset pinmux (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  (git-fixes).
- selftests/rseq: check if libc rseq support is registered
  (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral
  attachment (git-fixes).
- commit 1f8ce0d

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit 9904c3b

- ceph: never send metrics if disable_send_metrics is set
  (bsc#1214180).
- commit 32f3ae7

- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
  (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion
  (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using
  veth pairs (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs
  (git-fixes).
- selftests: forwarding: Add a helper to skip test when using
  veth pairs (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: Skip test when no interfaces are
  specified (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032
  (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused
  (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access
  (git-fixes).
- commit b70a6bf

- blacklist.conf: Blacklist useless doc fix
- commit 685dbed

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit b7e68de

- x86/srso: Fix return thunks in generated code (git-fixes).
- commit b4d125e

- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Sort latest set of security vulnerabilities according to upstream order.
- commit 4a12398

- tracing/histograms: Return an error if we fail to add histogram
  to hist_vars list (git-fixes).
- commit d08da8a

- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
  Deleted:
  patches.suse/wifi-cfg80211-fix-locking-in-regulatory-disconnect.patch
  patches.suse/wifi-cfg80211-fix-locking-in-sched-scan-stop-work.patch
- commit f824698

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit c0bb265

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 0322b50

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 6591b03
libapparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff
gcc12
- Add gcc12-aarch64-bsc1214052.patch to fix -fstack-protector issues
  with variable length stack allocations on aarch64.
  Fixes CVE-2023-4039.  [bsc#1214052]
protobuf-c
- Add missing Provides/Obsoletes after package merge (bsc#1214006)
python3
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
  gh#python/cpython#108310, backport from upstream patch
  gh#python/cpython#108315
  (bsc#1214692, CVE-2023-40217)
libxml2
- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#157
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
- 0.945
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
supportutils
- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- ha_info sle15 uses /var/log/pacemaker/ (pq#153)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)
suse-build-key
- add and run a import-suse-build-key scripts, this will be ran
  after installation with libzypp based installers. (jsc#PED-2777)
sysuser-tools
- Remove all systemd requires, not supported on SLE15 [bsc#1214140]

- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
  Always create a system group of the same name as the system user,
  even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)

- Add "quilt setup" friendly hint to %sysusers_requires usage
  It is not required to have sysuser-tools installed when working
  with a pkg source which uses sysuser-tools at build time.

- Use append so if a pre file already exists it isn't overridden

- invoke bash for bash scripts (bsc#1195391)