- autofs-5.1.6-fix-quoted-string-length-calc-in-expand.patch
  Fix problem with quote handling
- 0005-autofs-5.1.4-fix-incorrect-locking-in-sss-lookup.patch
  Fix locking problem that causes deadlock when sss used.
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
  Suppress portmap calls when port explicitly given
- Add bsc1197674.patch to fix memory leak in array asignment (bsc#1197674)
- Require p11-kit-tools > 0.23.1 as older versions don't support
  pem-directory-hash (bsc#1196443, boo#1196812)
- CVE-2022-27239: mount.cifs: fix length check for ip option
  parsing; (bsc#1197216) (bso#15025); CVE-2022-27239.
  * add 0016-CVE-2022-27239-mount.cifs-fix-length-check-for-ip-op.patch
- Update to version 10.0.3 (bsc#1198389)
  - Descend into the extension tree even if top level module is recommended
  - Cache license state for AHB support to detect type switch
  - Properly clean credentials when switching from SCC to update
  - New log message to indicate base product registration success
- Update to version 4.1.1+git.1647830282.d380378a:
  * medium: utils: update detect_cloud pattern for aws (bsc#1197351)
- (bsc#1196350) fence_gce updates pull from Clusterlabs repo
  - Apply proposed upstream patch
- Fix escaping of malicious filenames (CVE-2022-1271 bsc#1198062)
  * bsc1198062.patch
- bsc#1184757 CVE-2021-3467: Fix NULL pointer deref in jp2_decode()
  Add jasper-CVE-2021-3467.patch
- bsc#1184798 CVE-2021-3443: Fix NULL pointer derefin jp2_decode()
  Add jasper-CVE-2021-3443.patch
- bsc#1182104 CVE-2021-26927: Fix NULL pointer deref in jp2_decode()
  bsc#1182105 CVE-2021-26926: Fix Out of bounds read in jp2_decode()
  Add jasper-CVE-2021-26926-CVE-2021-26927.patch
- Update kdump-add-watchdog-modules.patch
  Fix return code when no watchdog sysfs entry is found (bsc#1197069)
- drm: drm_file struct kABI compatibility workaround
- commit 2eabdd0
- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
- drm: serialize drm_file.master with a new spinlock
- drm: add a locked version of drm_is_current_master
- commit 4b9807b
- xhci: Fresco FL1100 controller should not have BROKEN_MSI
  quirk set (git-fixes).
- commit f63fa75
- blacklist.conf: add unwanted patches
- commit 712ff34
- NFSv4/pNFS: Fix another issue with a list iterator pointing
  to the head (git-fixes).
- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
- NFS: Return valid errors from nfs2/3_decode_dirent()
- commit e694ae1
- netfilter: nf_tables: initialize registers in nft_do_chain()
  (CVE-2022-1016 bsc#1197227).
- commit 4726ea9
- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
- commit caaa7d4
- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
  in error path (CVE-2022-28389 bsc#1198033).
- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28388 bsc#1198032).
- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
  in error path (CVE-2022-28390 bsc#1198031).
- commit 2396928
- USB: storage: ums-realtek: fix error code in rts51x_read_mem()
- commit 2ef8c04
- usb: ftdi-elan: fix memory leak on device disconnect
- commit 94d2b0f
- net: asix: add proper error handling of usb read errors
- commit af5488d
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time
- commit 20b0855
- blacklist.conf: requires USB PD 3.0, which cannot be backported
  without breaking kABI
- commit ba8f1e1
- blacklist.conf: no support for gadget mode in SLE12
- commit 8c19cdb
- USB: chipidea: fix interrupt deadlock (git-fixes).
- commit 1257abd
- blacklist.conf: no support for gadget mode in SLE12
- commit 1e01d6f
- xhci: Enable trust tx length quirk for Fresco FL11 USB
  controller (git-fixes).
- commit add0990
- blacklist.conf: dropped in upstream for causing regressions
- commit 5dddec4
- usb: host: xhci-rcar: Don't reload firmware after the completion
- commit 7040ffb
- RDMA/ib_srp: Fix a deadlock (git-fixes)
- commit 7755b1f
- RDMA/mlx4: Don't continue event handler after memory allocation failure (git-fixes)
- commit fd24776
- RDMA/cxgb4: Set queue pair state when being queried (git-fixes)
- commit 92c7602
- RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes)
- commit 51ac825
- RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes)
- commit ae1d448
- RDMA/hns: Validate the pkey index (git-fixes)
- commit 1e9657a
- RDMA/bnxt_re: Scan the whole bitmap when checking if "/disabling RCFW with pending cmd-bit"/ (git-fixes)
- commit 71c6212
- RDMA/core: Don't infoleak GRH fields (git-fixes)
- commit 196723f
- IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes)
- commit 3c73374
- IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes)
- commit 24be347
- IB/hfi1: Correct guard on eager buffer deallocation (git-fixes)
- commit 499f820
- RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes)
- commit 0d4e0bf
- RDMA/mlx4: Return missed an error if device doesn't support steering (git-fixes)
- commit 5065e25
- RDMA/rxe: Fix wrong port_cap_flags (git-fixes)
- commit 2330d6f
- IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes)
- commit 2759c92
- RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes)
- commit 278e4d8
- RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes)
- commit 5f34a1e
- IB/hfi1: Adjust pkey entry in index 0 (git-fixes)
- commit 94af39e
- IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes)
- commit d416851
- RDMA/rxe: Don't overwrite errno from ib_umem_get() (git-fixes)
- commit 3c295ae
- RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes)
- commit 8740201
- RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes)
- commit e55d18b
- RDMA/rxe: Fix redundant call to ip_send_check (git-fixes)
- commit be2aac9
- RDMA/rxe: Fix failure during driver load (git-fixes)
- commit 9ddaf27
- RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes)
- commit ea675f7
- xprtrdma: fix incorrect header size calculations (CVE-2022-0812
- commit 19d5b1d
- SUNRPC: Fix transport accounting when caller specifies an
  rpc_xprt (bsc#1197531).
- commit 3d20b7c
- RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes)
- refresh: patches.suse/RDMA-rxe-Fix-coding-error-in-rxe_rcv_mcast_pkt.patch
- commit c27a191
- team: protect features update by RCU to avoid deadlock
- commit 273ca16
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- commit fe0fcce
- can: dev: can_restart: fix use after free bug (git-fixes).
- commit 8d5e03e
- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
- commit 3738b7d
- qed: select CONFIG_CRC32 (git-fixes).
- commit 139caca
- net: hdlc_ppp: Fix issues when mod_timer is called while timer
  is running (git-fixes).
- commit 989e97f
- net: hns: fix return value check in __lb_other_process()
- commit 09b093d
- net: ethernet: ti: cpts: fix ethtool output when no ptp_clock
  registered (git-fixes).
- commit 70082f4
- net: ethernet: Fix memleak in ethoc_probe (git-fixes).
- commit f2a5b3d
- virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).
- commit 8d27bf9
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- commit 6f0f27e
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- commit c7c12d2
- RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes)
- commit 5ebe135
- RDMA/rxe: Clear all QP fields if creation failed (git-fixes)
- commit 05011fb
- RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes)
- commit e7c9b71
- RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes)
- commit aad24e1
- RDMA/cxgb4: add missing qpid increment (git-fixes)
- commit ff35c65
- RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes)
- commit c2452c6
- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
- scsi: lpfc: Update lpfc version to (bsc#1197675).
- scsi: lpfc: Fix queue failures when recovering from PCI parity
  error (bsc#1197675 bsc#1196478).
- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
  (bsc#1197675 bsc#1196478).
- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
  (bsc#1197675 bsc#1196478).
- commit 3bf2bb3
- IB/hfi1: Fix error return code in parse_platform_config() (git-fixes)
- commit 8e874b0
- IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes)
- commit 2bfb6d5
- RDMA/addr: Be strict with gid size (git-fixes)
- commit d7c9ddd
- RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes)
- commit dc1337b
- RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes)
- commit 5a0643a
- RDMA/rxe: Correct skb on loopback path (git-fixes)
- commit 419d931
- RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes)
- commit 96de427
- blacklist: add PA Semi network device
- commit f501a2d
- RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes)
- commit 30def20
- RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes)
- commit 8eddda6
- IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes)
- commit 898c3b0
- IB/umad: Return EIO in case of when device disassociated (git-fixes)
- commit 70dbcce
- RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes)
- commit c42eafd
- RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes)
- commit 456446f
- RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes)
- commit 3376669
- RDMA/cxgb4: Validate the number of CQEs (git-fixes)
- commit 560601e
- RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes)
- commit 7514626
- RDMA/rxe: Compute PSN windows correctly (git-fixes)
- commit 2491fe3
- RDMA/bnxt_re: Set queue pair state when being queried (git-fixes)
- commit 26639c3
- RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes)
- commit 9810a14
- IB/hfi1: Fix another case where pq is left on waitlist (git-fixes)
- commit 75af824
- printk: disable optimistic spin during panic (bsc#1197894).
- commit ce52f1e
- printk: Add panic_in_progress helper (bsc#1197894).
- commit d27056a
- blacklist.conf: printk: cosmetic problem
- commit 0450572
- blacklist.conf: Blacklist 480d42dc001bb
- commit 32cb203
- ext4: update i_disksize if direct write past ondisk size
- commit 5f6c0ad
- ext4: check for out-of-order index extents in
  ext4_valid_extent_entries() (bsc#1194163 bsc#1196339).
- commit 2453de4
- ext4: check for inconsistent extents between index and leaf
  block (bsc#1194163 bsc#1196339).
- commit de4a86f
- ext4: prevent partial update of the extent blocks (bsc#1194163
- commit c09bc65
- scsi: lpfc: Copyright updates for patches
- scsi: lpfc: Update lpfc version to (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor misc ELS paths
- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR
  paths (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
- scsi: lpfc: SLI path split: Refactor base ELS paths and the
  FLOGI path (bsc#1197675).
- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe
- scsi: lpfc: SLI path split: Refactor fast and slow paths to
  native SLI4 (bsc#1197675).
- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
- scsi: lpfc: Use kcalloc() (bsc#1197675).
- scsi: lpfc: Fix typos in comments (bsc#1197675).
- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt()
- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
- scsi: lpfc: Remove redundant flush_workqueue() call
- scsi: lpfc: Reduce log messages seen after firmware download
- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
- commit f0a6320
- ext4: make sure quota gets properly shutdown on error
- commit 8ee1d16
- blacklist.conf: Blacklist 86399ea07109
- commit 9143f54
- isofs: Fix out of bound access for corrupted isofs image
- commit 415784e
- quota: correct error number in free_dqentry() (bsc#1194590).
- commit 52c49c9
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered
- commit c769015
- block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2)
- commit abe8d21
- blacklist.conf: Blacklist 35e4c6c1a2fc
- commit d4946a1
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- commit 81d1afe
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- commit b56665a
- ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758).
- commit dc084e8
- ext4: fix error handling in ext4_restore_inline_data()
- commit e94b650
- ext4: don't use the orphan list when migrating an inode
- commit a5f5139
- ext4: fix an use-after-free issue about data=journal writeback
  mode (bsc#1195482).
- commit 6c8da82
- ext4: Fix BUG_ON in ext4_bread when write quota data
- commit 6d6702e
- ext4: fix lazy initialization next schedule time computation
  in more granular unit (bsc#1194580).
- commit 08e8e02
- ext4: add check to prevent attempting to resize an fs with
  sparse_super2 (bsc#1197754).
- commit 1f40962
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
- commit e4d0718
- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
  mmap_lock (CVE-2022-1048 bsc#1197331).
- Refresh
- commit 62bc950
- RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes)
- commit 2be5062
- RDMA/qib: Remove superfluous fallthrough statements (git-fixes)
- commit 5f65d5b
- RDMA/hns: Add a check for current state before modifying QP (git-fixes)
- commit 0cbb5fa
- RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes)
- commit 903fd47
- RDMA/ucma: Fix locking for ctx->events_reported (git-fixes)
- commit a622b5d
- RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes)
- commit cade790
- RDMA/rxe: Remove rxe_link_layer() (git-fixes)
- commit 0f4ef23
- IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes)
- commit fad610b
- RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes)
- commit ab81ef4
- RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes)
- commit 3fe7f63
- IB/hfi1: Ensure pq is not left on waitlist (git-fixes)
- commit db7c85c
- IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes)
- commit 895ac06
- IB/core: Fix ODP get user pages flow (git-fixes)
- commit 77723db
- RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes)
- commit 342fe6e
- RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes)
- commit 51ff5e8
- RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes)
- commit 7dc4fbf
- RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes)
- commit 4ff7384
- Metadata update
- commit 8705efc
- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
- scsi: qla2xxx: Update version to (bsc#1197661).
- scsi: qla2xxx: Increase max limit of ql2xnvme_queues
- scsi: qla2xxx: Use correct feature type field during RFF_ID
  processing (bsc#1197661).
- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
- scsi: qla2xxx: Fix laggy FC remote port session recovery
- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
- scsi: qla2xxx: Fix crash during module load unload test
- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload
  test (bsc#1197661).
- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
- scsi: qla2xxx: Fix incorrect reporting of task management
  failure (bsc#1197661).
- scsi: qla2xxx: Use named initializers for q_dev_state
- scsi: qla2xxx: Use named initializers for port_state_str
- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
- commit 96344da
- series: Resort and update meta data
  Update meta data:
  - patches.suse/net-ibmvnic-Cleanup-workaround-doing-an-EOI-after-pa.patch
  - patches.suse/powerpc-add-link-stack-flush-mitigation-status-in-de.patch
  - patches.suse/powerpc-pseries-read-the-lpar-name-from-the-firmware.patch
  - patches.suse/rpadlpar_io-Add-MODULE_DESCRIPTION-entries-to-kernel.patch
  - patches.suse/scsi-qla2xxx-Add-devids-and-conditionals-for-28xx.patch
  - patches.suse/scsi-qla2xxx-Add-ql2xnvme_queues-module-param-to-con.patch
  - patches.suse/scsi-qla2xxx-Add-qla2x00_async_done-for-async-routin.patch
  - patches.suse/scsi-qla2xxx-Add-retry-for-exec-firmware.patch
  - patches.suse/scsi-qla2xxx-Check-for-firmware-dump-already-collect.patch
  - patches.suse/scsi-qla2xxx-Fix-T10-PI-tag-escape-and-IP-guard-opti.patch
  - patches.suse/scsi-qla2xxx-Fix-device-reconnect-in-loop-topology.patch
  - patches.suse/scsi-qla2xxx-Fix-premature-hw-access-after-PCI-error.patch
  - patches.suse/scsi-qla2xxx-Fix-scheduling-while-atomic.patch
  - patches.suse/scsi-qla2xxx-Fix-stuck-session-in-gpdb.patch
  - patches.suse/scsi-qla2xxx-Fix-warning-for-missing-error-code.patch
  - patches.suse/scsi-qla2xxx-Fix-warning-message-due-to-adisc-being-.patch
  - patches.suse/scsi-qla2xxx-Fix-wrong-FDMI-data-for-64G-adapter.patch
  - patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch
  - patches.suse/scsi-qla2xxx-Refactor-asynchronous-command-initializ.patch
  - patches.suse/scsi-qla2xxx-Remove-unused-qla_sess_op_cmd_list-from.patch
  - patches.suse/scsi-qla2xxx-Suppress-a-kernel-complaint-in-qla_crea.patch
  - patches.suse/scsi-qla2xxx-Update-version-to-
  - patches.suse/scsi-qla2xxx-edif-Fix-clang-warning.patch
- commit 7e552c7
- net: ena: remove extra words from comments (bsc#1197099
- Refresh
- commit b072f83
- net: ena: Extract recurring driver reset code into a function
  (bsc#1197099 jsc#SLE-24125).
- net: ena: Change the name of bad_csum variable (bsc#1197099
- net: ena: Add debug prints for invalid req_id resets
  (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099
- net: ena: Move reset completion print to the reset function
  (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove redundant return code check (bsc#1197099
- net: ena: Change ENI stats support check to use capabilities
  field (bsc#1197099 jsc#SLE-24125).
- net: ena: Add capabilities field with support for ENI stats
  capability (bsc#1197099 jsc#SLE-24125).
- net: ena: Change return value of ena_calc_io_queue_size()
  to void (bsc#1197099 jsc#SLE-24125).
- net: ena: Fix wrong rx request id by resetting device
  (bsc#1197099 jsc#SLE-24125).
- ena: Remove rcu_read_lock() around XDP program invocation
  (bsc#1197099 jsc#SLE-24125).
- net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099
- net: ena: re-organize code to improve readability (bsc#1197099
- net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099
- net: ena: aggregate doorbell common operations into a function
  (bsc#1197099 jsc#SLE-24125).
- net: ena: Remove module param and change message severity
  (bsc#1197099 jsc#SLE-24125).
- net: ena: add jiffies of last napi call to stats (bsc#1197099
- net: ena: use build_skb() in RX path (bsc#1197099
- net: ena: Improve error logging in driver (bsc#1197099
- net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125).
- net: ena: optimize data access in fast-path code (bsc#1197099
- net: ena: fix DMA mapping function issues in XDP (bsc#1197099
- net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125).
- ethernet: amazon: ena: A typo fix in the file ena_com.h
  (bsc#1197099 jsc#SLE-24125).
- net: ena: Update XDP verdict upon failure (bsc#1197099
- net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT
  (bsc#1197099 jsc#SLE-24125).
- net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099
- net: ena: introduce XDP redirect implementation (bsc#1197099
- net: ena: use xdp_frame in XDP TX flow (bsc#1197099
- net: ena: aggregate stats increase into a function (bsc#1197099
- net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125).
- net: ena: store values in their appropriate variables types
  (bsc#1197099 jsc#SLE-24125).
- net: ena: add device distinct log prefix to files (bsc#1197099
- net: ena: use constant value for net_device allocation
  (bsc#1197099 jsc#SLE-24125).
- ena_netdev: use generic power management (bsc#1197099
- commit d3d7690
- net: ena: Use pci_sriov_configure_simple() to enable VFs
  (bsc#1197099 jsc#SLE-24125).
- Refresh
- commit 2f8ef82
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/pseries: Fix use after free in remove_phb_dynamic()
- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
- powerpc/xive: fix return value of __setup handler (bsc#1065729).
- powerpc/sysdev: fix incorrect use to determine if list is empty
- commit 39f1df9
- Update CVE tags in
  (bsc#1189562 bsc#1196761 CVE-2022-0850).
- commit 3b2491d
- Update patches.suse/sr9700-sanity-check-for-packet-length.patch
  (bsc#1196836 CVE-2022-26966).
  fixed typo in References
- commit e04f4f1
- mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207).
- commit 9103b34
- mm: drop NULL return check of pte_offset_map_lock()
- commit 28f5b86
- xen/gntdev: update to new mmu_notifier semantic (bsc#1184207).
- commit 72e8a4d
- mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207).
- Refresh
- commit d9279be
- dax: update to new mmu_notifier semantic (bsc#1184207).
- Refresh
- commit da7fdba
- esp: Fix possible buffer overflow in ESP transformation
  (bsc#1197131 CVE-2022-0886).
- commit d9e58bc
- Refresh patches.suse/xfrm-fix-mtu-regression.patch.
- commit 0ee241b
- series.conf: sort our patches to the sections
- commit 452d7dc
- quota: check block number when reading the block in quota  file
  (bsc#1197366 CVE-2021-45868).
- commit b7d9616
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
- Refresh patches.kabi/ALSA-pcm-oss-rw_ref-kabi-fix.patch.
- commit f284bec
- Fixing a issue for a patch
  The patch: blk-mq-move-_blk_mq_update_nr_hw_queues-synchronize_rcu-call
  was placed at the end of the sorted section by at
  one time, but now is complaining. So move this patch
  to later in series.conf, outside of the sorted section, making happy.
- commit a65cae5
- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
- commit 0e8ef03
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit 6f93797
- ALSA: pcm: Fix races among concurrent prealloc proc writes
  (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent prepare and
  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent read/write and buffer
  changes (CVE-2022-1048 bsc#1197331).
- ALSA: pcm: Fix races among concurrent hw_params and hw_free
  calls (CVE-2022-1048 bsc#1197331).
- commit 0f72275
- blacklist.conf: mark 647d41d3952d
  647d41d3952d ("/crypto: vmx - add missing dependencies"/) is a corner case
  fix needed only if people recompile kernel with CRYPTO_DEV_VMX_ENCRYPT=y
  (we build it as module).
  While useful for SLE15-SP4 (and thus backported there) for old branches
  is not needed.
- commit 8ab3ed6
- powercap: intel_rapl: add support for Sapphire Rapids
  (jsc#SLE-15288, jsc#ECO-2990).
- commit 11d4e14
- Refresh patches.suse/powerpc-64-Interrupts-save-PPR-on-stack-rather-than-.patch.
- commit cf0d212
- NFS: Do not report writeback errors in nfs_getattr()
- NFSD: Clamp WRITE offsets (git-fixes).
- NFS: Fix initialisation of nfs_client cl_flags field
- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
- NFS: Don't skip directory entries when doing uncached readdir
- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
  client (git-fixes).
- commit fa47801
- macros.kernel-source: Fix conditional expansion.
  Fixes: bb95fef3cf19 ("/rpm: Use bash for %() expansion (jsc#SLE-18234)."/)
- commit 7e857f7
- x86/speculation: Warn about Spectre v2 LFENCE mitigation
- Refresh
- commit f6e58c8
- rpm: Use bash for %() expansion (jsc#SLE-18234).
  Since 15.4 alternatives for /bin/sh are provided by packages
  <something>-sh. While the interpreter for the build script can be
  selected the interpreter for %() cannot.
  The kernel spec files use bashisms in %().
  While this could technically be fixed there is more serious underlying
  problem: neither bash nor any of the alternatives are 100% POSIX
  compliant nor bug-free.
  It is not my intent to maintain bug compatibility with any number of
  shells for shell scripts embedded in the kernel spec file. The spec file
  syntax is not documented so embedding the shell script in it causes some
  unspecified transformation to be applied to it. That means that
  ultimately any changes must be tested by building the kernel, n times if
  n shells are supported.
  To reduce maintenance effort require that bash is used for kernel build
- commit bb95fef
- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
  SMT (bsc#1114648).
- commit 660df0a
- Sort in upstreamed BHB patches
- Refresh
- Refresh
- Refresh
- Refresh
- Refresh
- commit 9848ad0
- net: bcmgenet: Fix a resource leak in an error handling path
  in the probe functin (git-fixes).
- commit 1def50c
- gtp: fix an use-before-init in gtp_newlink() (git-fixes).
- commit 2c87118
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after
  calling ether_setup (git-fixes).
- commit c80c336
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
- commit df21fd7
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
- commit 95d7e2c
- net: usb: ax88179_178a: fix packet alignment padding
- commit 065384f
- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
- commit f59903f
- net: marvell: Fix OF_MDIO config check (git-fixes).
- commit 1100da4
- net: dp83867: Fix OF_MDIO config check (git-fixes).
- commit 7fae20e
- net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set
- commit 4b13398
- blacklist.conf: update blacklist
- commit 7d99dbc
- Update patches.suse/sr9700-sanity-check-for-packet-length.patch
  (bac#1196836 CVE-2022-26966).
  added CVE number
- commit 7e940d6
- rpm: Run external scriptlets on uninstall only when available
  (bsc#1196514 bsc#1196114 bsc#1196942).
  When dependency cycles are encountered package dependencies may not be
  fulfilled during zypper transaction at the time scriptlets are run.
  This is a problem for kernel scriptlets provided by suse-module-tools
  when migrating to a SLE release that provides these scriptlets only as
  part of LTSS. The suse-module-tools that provides kernel scriptlets may
  be removed early causing migration to fail.
- commit ab8dd2d
- net: mcs7830: handle usb read errors properly (git-fixes).
- commit 5eb1cb7
- asix: fix wrong return value in asix_check_host_enable()
- commit 2139099
- asix: fix uninit-value in asix_mdio_read() (git-fixes).
- commit 34bb081
- net: asix: fix uninit value bugs (git-fixes).
- commit b735ffe
- net: usb: asix: add error handling for asix_mdio_* functions
- asix: Fix small memory leak in ax88772_unbind() (git-fixes).
- commit 3c90156
- asix: Add rx->ax_skb = NULL after usbnet_skb_return()
- commit b6ab4c2
- asix: Ensure asix_rx_fixup_info members are all reset
- commit fede28c
- rpm: SC2006: Use $(...) notation instead of legacy backticked `...`.
- commit f0d0e90
- blacklist.conf: no gadget mode in SLE12
- commit abfa68a
- blacklist.conf:no gadget mode in SLE12
- commit b3d353a
- blacklist.conf: no gadget mode in SLE12
- commit db43c6c
- blacklist.conf: no gadget mode in SLE12
- commit fa6eb39
- blacklist.conf: no gadget mode in SLE12
- commit 2afa423
- blacklist.conf: no gadget mode in SLE12
- commit 67d7fc0
- blacklist.conf: no gadget mode in SLE12
- commit f043672
- blacklist.conf: mere cleanup
- commit 4e07fa1
- blacklist.conf: no gadget mode in SLE12
- commit a29721c
- blacklist.conf: no gadget mode in SLE12
- commit 2ce0821
- blacklist.conf: no gadget mode in SLE12
- commit d6d1cd7
- s390/bpf: Perform r1 range checking before accessing
  jit->seen_reg (git-fixes).
- s390/disassembler: increase ebpf disasm buffer size (git-fixes).
- commit d545d38
- Refresh
- Refresh
- commit af985c2
- powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999
  ltc#196609S git-fixes).
- commit ec2e873
- rpm/ call fdupes per subpackage
  It is a waste of time to do a global fdupes when we have
- commit 1da8439
- blacklist.conf: documentation
- commit 098451f
- powerpc/64: Interrupts save PPR on stack rather than
  thread_struct (bsc#1196999 ltc#196609).
- commit 916a84f
- net: sched: use Qdisc rcu API instead of relying on rtnl lock
  (bsc#1196973 CVE-2021-39713).
- net: sched: add helper function to take reference to Qdisc
  (bsc#1196973 CVE-2021-39713).
- net: sched: extend Qdisc with rcu (bsc#1196973 CVE-2021-39713).
- net: sched: rename qdisc_destroy() to qdisc_put() (bsc#1196973
- net: core: netlink: add helper refcount dec and lock function
  (bsc#1196973 CVE-2021-39713).
- commit a22ecb0
- powerpc/pseries: new lparcfg key/value pair:
  partition_affinity_score (jec#SLE-23780).
- powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h
- commit 0380630
- EDAC: Fix calculation of returned address and next offset in
  edac_align_ptr() (bsc#1114648).
- commit 1c2d844
- xen/netfront: react properly to failing
  gnttab_end_foreign_access_ref() (bsc#1196488, XSA-396,
- commit 2b38f30
- xen/gnttab: fix gnttab_end_foreign_access() without page
  specified (bsc#1196488, XSA-396, CVE-2022-23041).
- commit 7149843
- xen/9p: use alloc/free_pages_exact() (bsc#1196488, XSA-396,
- commit a920e1c
- xen/usb: don't use gnttab_end_foreign_access() in
  xenhcd_gnttab_done() (bsc#1196488, XSA-396).
- commit e8ca175
- xen/gntalloc: don't use gnttab_query_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23039).
- commit 02e08de
- xen/scsifront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23038).
- commit 78fd62a
- xen/netfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23037).
- commit 335a138
- xen/blkfront: don't use gnttab_query_foreign_access() for
  mapped status (bsc#1196488, XSA-396, CVE-2022-23036).
- commit 69cc608
- xen/grant-table: add gnttab_try_end_foreign_access()
  (bsc#1196488, XSA-396, CVE-2022-23036, CVE-2022-23038).
- commit d8d4a06
- xen/xenbus: don't let xenbus_grant_ring() remove grants in
  error case (bsc#1196488, XSA-396, CVE-2022-23040).
- commit 9eb0e70
- genirq: Use rcu in kstat_irqs_usr() (bsc#1193738).
- commit d69c48c
- rpm/arch-symbols,guards,*driver: Replace Novell with SUSE.
- commit 174a64f
- usb: host: xen-hcd: add missing unlock in error path
- commit af60176
- Refresh
- commit ee8e3fd
- Refresh
- commit 29bb7f5
- rpm/ use %%license for license declarations
  Limited to SLE15+ to avoid compatibility nightmares.
- commit 73d560e
- rpm/* Use https:// urls
- commit 77b5f8e
- blacklist.conf: 279eb8575fda EDAC/altera: Fix deferred probing
- commit 3db1890
- cgroup: Use open-time cgroup namespace for process migration
  perm checks (bsc#1196723).
- commit 131e183
- blacklist.conf: irrelevant in our config
- commit 5ffcec1
- blacklist.conf: not relevant in our gcc release
- commit ac8e2bf
- blacklist.conf: cleanup, not a bug fix
- commit 4b4434c
- blacklist.conf: kABI
- commit 11711a3
- cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv
- commit d139e59
- blacklist.conf: Add 05c7b7a92cc8 cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug
- commit 0579a6b
- USB: serial: option: add Telit LE910R1 compositions (git-fixes).
- commit f41229c
- USB: serial: option: add support for DW5829e (git-fixes).
- commit e61b0c3
- xhci: Prevent futile URB re-submissions due to incorrect return
  value (git-fixes).
- commit c1a4d75
- xhci: re-initialize the HC during resume if HCE was set
- USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes).
- commit 29c9fd0
- USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320
- commit 89dd984
- USB: serial: option: add ZTE MF286D modem (git-fixes).
- commit a4f92c1
- USB: core: Fix hang in usb_kill_urb by adding memory barriers
- commit ed7961f
- usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge
- commit b0172f2
- SUNRPC: avoid race between mod_timer() and del_timer_sync()
- commit a8e4854
- Metadata update
- commit 4d7c2c2
- USB: serial: ch341: add support for GW Instek USB2.0-Serial
  devices (git-fixes).
- commit f982b68
- USB: zaurus: support another broken Zaurus (git-fixes).
- commit 78a0f67
- tracing: Fix return value of __setup handlers (git-fixes).
- commit 298142b
- sr9700: sanity check for packet length (bsc#1196836).
- commit 7ac3395
- nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
  (CVE-2022-26490 bsc#1196830).
- commit 47ae8c5
- Metadata update
- commit c85ca56
- arm64: Use the clearbhb instruction in mitigations (bsc#1191580
  CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: add ID_AA64ISAR2_EL1 sys register (bsc#1191580
  CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered
  and migrated (bsc#1191580 CVE-2022-0001 CVE-2022-000
- commit 48f8f30
- arm64: Mitigate spectre style branch history side channels
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- Update config files.
- commit ab2e377
- KVM: arm64: Add templates for BHB mitigation sequences
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: Add Cortex-X2 CPU part definition (bsc#1191580
  CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: Add part number for Arm Cortex-A77 (bsc#1191580
  CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as
  part of Spectre-v2 (bsc#1191580 CVE-2022-0001 CVE-2022-000
- arm64: Add percpu vectors for EL1 (bsc#1191580 CVE-2022-0001
  CVE-2022-000 CVE-2022-23960).
- arm64: entry: Add macro for reading symbol addresses from
  the trampoline (bsc#1191580 CVE-2022-0001 CVE-2022-000
- arm64: entry: Add vectors that have the bhb mitigation sequences
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for
  mitigations (bsc#1191580 CVE-2022-0001 CVE-2022-000
- arm64: entry: Allow the trampoline text to occupy multiple pages
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Make the kpti trampoline's kpti sequence optional
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Move trampoline macros out of ifdef'd section
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Don't assume tramp_vectors is the start of the
  vectors (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Allow tramp_alias to access symbols after
  the 4K boundary (bsc#1191580 CVE-2022-0001 CVE-2022-000
- arm64: entry: Move the trampoline data page before the text page
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Free up another register on kpti's tramp_exit path
  (bsc#1191580 CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry: Make the trampoline cleanup optional (bsc#1191580
  CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- arm64: entry.S: Add ventry overflow sanity checks (bsc#1191580
  CVE-2022-0001 CVE-2022-000 CVE-2022-23960).
- commit c5f724a
- Update patch reference for iov security fix (CVE-2022-0847 bsc#1196584)
- commit 43f0d0b
- cgroup-v1: Correct privileges check in release_agent writes
- commit f1913e7
- Refresh
- commit 940b1e8
- Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch
  (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985).
- commit 85dfe8e
- net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468).
- commit d80ea6a
- kernel-binary.spec: Also exclude the kernel signing key from devel package.
  There is a check in OBS that fails when it is included. Also the key is
  not reproducible.
  Fixes: bb988d4625a3 ("/kernel-binary: Do not include sourcedir in certificate path."/)
- commit 68fa069
- rpm/check-for-config-changes: Ignore PAHOLE_VERSION.
- commit 88ba5ec
- SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).
- commit 74b1736
- RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes)
- commit c6447b9
- kernel-binary: Do not include sourcedir in certificate path.
  The certs macro runs before build directory is set up so it creates the
  aggregate of supplied certificates in the source directory.
  Using this file directly as the certificate in kernel config works but
  embeds the source directory path in the kernel config.
  To avoid this symlink the certificate to the build directory and use
  relative path to refer to it.
  Also fabricate a certificate in the same location in build directory
  when none is provided.
- commit bb988d4
- constraints: Also adjust disk requirement for x86 and s390.
- commit 9719db0
- constraints: Increase disk space for aarch64
- commit 09c2882
- kernel-obs-build: include 9p (boo#1195353)
  To be able to share files between host and the qemu vm of the build
  script, the 9p and 9p_virtio kernel modules need to be included in
  the initrd of kernel-obs-build.
- commit 0cfe67a
- IB/qib: Use struct_size() helper (git-fixes)
- commit bf41f9c
- Move 20-kernel-default-extra.conf to the correctr
  directory (bsc#1195051).
- commit c80b5de
- kernel-binary.spec: Do not use the default certificate path (bsc#1194943).
  Using the the default path is broken since Linux 5.17
- commit 68b36f0
- tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541).
- commit f9177fa
- commit 1412cd9
- fix rpm build warning
  tumbleweed rpm is adding these warnings to the log:
  It's not recommended to have unversioned Obsoletes: Obsoletes:      microcode_ctl
- commit 3ba8941
- build initrd without systemd
  This reduces the size of the initrd by over 25%, which
  improves startup time of the virtual machine by 0.5-0.6s on
  very fast machines, more on slower ones.
- commit ef4c569
- kernel-obs-build: remove duplicated/unused parameters
  lbs=0 - this parameters is just giving "/unused parameter"/ and it looks
  like I can not find any version that implemented this.
  rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it
  alread loads the kernel module.
  quiet and panic=1 will now be also always added by OBS, so we don't have
  to set it here anymore.
- commit 972c692
- Revert "/- rpm/*build: use buildroot macro instead of env variable"/
  buildroot macro is not being expanded inside a shell script. go
  back to the environment variable usage. This reverts parts of
  commit e2f60269b9330d7225b2547e057ef0859ccec155.
- commit fe85f96
- kernel-obs-build: include the preferred kernel parameters
  Currently the Open Build Service hardcodes the kernel boot parameters
  globally. Recently functionality was added to control the parameters
  by the kernel-obs-build package, so make use of that. parameters here
  will overwrite what is used by OBS otherwise.
- commit a631240
- kernel-obs-build: inform build service about virtio-serial
  Inform the build worker code that this kernel supports virtio-serial,
  which improves performance and relability of logging.
- commit 301a3a7
- rpm/* use buildroot macro instead of env variable
  The RPM_BUILD_ROOT variable is considered deprecated over
  a buildroot macro. future proof the spec files.
- commit e2f6026
- rpm/ move to zstd for the initrd
  Newer distros have capability to decompress zstd, which
  provides a 2-5% better compression ratio at very similar
  cpu overhead. Plus this tests the zstd codepaths now as well.
- commit 3d53a5b
- fix memory leaks in SWIG generated code
- fix misparsing of '&' in attributes with libxml2
- try to keep packages from a cycle close togther in the
  transaction order [bsc#1189622]
- fix split provides not working if the update includes a
  forbidden vendor change [bsc#1195485]
- fix segfault on conflict resolution when using bindings
- do not replace noarch problem rules with arch dependent ones
  in problem reporting
- fix and simplify pool_vendor2mask implementation
- bump version to 0.6.39
- CVE-2022-0897: nwfilter: fix crash when counting number of
  network filters
- libxl: Mark auto-allocated graphics ports to used on reconnect
- libxl: Release all auto-allocated graphics ports
- Security fix: [bsc#1196490, CVE-2022-23308]
  * Use-after-free of ID and IDREF attributes.
- Add libxml2-CVE-2022-23308.patch
- Hint on ptf resolver conflicts (bsc#1194848)
- Fix package signature check (bsc#184501)
  Pay attention that header and payload are secured by a valid
  signature and report more detailed which signature is missing.
- Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output.
- version 16.22.4 (0)
- Add patch uudecode-e5ed080c.patch for bsc#1198518 and CVE-2022-1328
  to fix a buffer overflow in uudecoder
- fsck.ocfs2: do not try locking after replaying journals if -F is given (bsc#1196705)
  + fsck.ocfs2-do-not-try-locking-after-replaying-journa.patch
- call update-ca-certificates in post to make sure certs are regenerated even
  if ca-certificates was installed before p11-kit for whatever reason
- make sure p11-kit components have matching versions (boo#1196812)
- python-2.7.9-sles-disable-verification-by-default.patch: removed,
  was no longer been used (default was "/enabled"/ since a while).
- python-2.7.9-sles-disable-verification-by-default.patch: removed,
  was no longer been used (default was "/enabled"/ since a while).
- Add CVE-2022-24302-race-condition.patch:
  * Fix a race condition between creation and chmod when writing private
    keys. (bsc#1197279)
- Clear network interfaces cache on grains request (bsc#1196050)
- Handle old qemu-img not supporting -U parameter (bsc#1195221)
- Added:
  * clear-network-interface-cache-when-grains-are-reques.patch
  * handle-old-qemu-img-not-supporting-u-parameter-bsc-1.patch
- Renamed:
  * patch_for_cve_bsc1197417.patch -> fix-multiple-security-issues-bsc-1197417.patch
- Restrict "/state.orchestrate_single"/ to pass a pillar value if it exists (bsc#1194632)
- Added:
  * fix-state.orchestrate_single-to-not-pass-pillar-none.patch
- Fix sparse disk errors on Python 2 (virt module)
- Added:
  * python2-adjustments-for-virt-module.patch
- Fix multiple security fixes (bsc#1197417)
  * Sign authentication replies to prevent MiTM (CVE-2020-22935)
  * Sign pillar data to prevent MiTM attacks. (CVE-2022-22934)
  * Prevent job and fileserver replays (CVE-2022-22936)
  * Fixed targeting bug, especially visible when using syndic and user auth. (CVE-2022-22941)
- Import commit d2bcac88a6f3e540774efcd9ab12672da12cf3fe
  7076cc48ad core: make sure we always free the list of changes
  1d69ad935b Install: correctly report symlink creations
  0ea76851fb core: make sure we generate a nicer error when a linked unit is attempted to be enabled
  8c4d1006cc install: unify checking whether operations may be applied to a unit file in a new function
  f072dc87b0 install: fix errno handling
  ca63895cec systemctl: Allow 'edit' and 'cat' on unloaded units
  f535ae8ee3 Don't open /var journals in volatile mode when runtime_journal==NULL
  d6c79be377 udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
  c6274db870 man: tweak description of auto/noauto (bsc#1191502)
- Import commit 81e1235110a58f78e4e7514b45a2897ceddadf88
  8348b7f7ea systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23869 jsc#SLE-23871)
  d827639164 systemctl: exit with 1 if no unit files found (bsc#1193841)
  99d0949499 umount: show correct error message
  16f9b8a5fa core/umount: fix unitialized fields in MountPoint in dm_list_get()
  8f7b39e250 umount: Add more asserts and remove some unused arguments
  6858714b68 umount: Fix memory leak
  4a83c21fb1 mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
  dbf8419fdb busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861)
- Fix ZDI-CAN-16587 Fix escaping of malicious filenames
  (ZDI-CAN-16587 bsc#1198062 CVE-2022-1271)
  * bsc1198062.patch