HANA-Firewall
- Missing SCR Agent for reading and writing /etc/sysconfig/hana-firewall from yast2
  (bsc#1210981)
000release-packages:SLES_SAP-release
n/a
aaa_base
- Add patch git-47-04210f8df15da0ba4d741cfe1693af06f5978a1d.patch
  * respect /etc/update-alternatives/java when setting JAVA_HOME
    (bsc#1215434,bsc#1107342)
apparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
autofs
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
  Fix off-by-one error in recursive map handling. (bsc#1209653)
autoyast2
- Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565)
- 4.4.45

- Properly install the selected products, do not lose them after
  resetting the package manager internally (bsc#1202234)
- 4.4.44
azure-cli-core
- Relax version dependency for python-humanfriendly in Requires
bind
- Update to release 9.16.44
  Security Fixes:
  * Previously, sending a specially crafted message over the
    control channel could cause the packet-parsing code to run out
    of available stack memory, causing named to terminate
    unexpectedly. This has been fixed. (CVE-2023-3341)
  [bsc#1215472]

- Update to release 9.16.43
  Bug Fixes:
  * Processing already-queued queries received over TCP could cause
    an assertion failure, when the server was reconfigured at the
    same time or the cache was being flushed. This has been fixed.

- Add dnstap support
  [jsc#PED-4852]

- Log named-checkconf output [bsc#1213049]

- Update to release 9.16.42
  Security Fixes:
  * The overmem cleaning process has been improved, to prevent the
    cache from significantly exceeding the configured
    max-cache-size limit. (CVE-2023-2828)
  * A query that prioritizes stale data over lookup triggers a
    fetch to refresh the stale data in cache. If the fetch is
    aborted for exceeding the recursion quota, it was possible for
    named to enter an infinite callback loop and crash due to stack
    overflow. This has been fixed. (CVE-2023-2911)
  Bug Fixes:
  * Previously, it was possible for a delegation from cache to be
    returned to the client after the stale-answer-client-timeout
    duration. This has been fixed.
  [bsc#1212544, bsc#1212567, jsc#SLE-24600]

- Update to release 9.16.41
  Bug Fixes:
  * When removing delegations from an opt-out range,
    empty-non-terminal NSEC3 records generated by those delegations
    were not cleaned up. This has been fixed.
  [jsc#SLE-24600]

- Update to release 9.16.40
  Bug Fixes:
  * Logfiles using timestamp-style suffixes were not always
    correctly removed when the number of files exceeded the limit
    set by versions. This has been fixed for configurations which
    do not explicitly specify a directory path as part of the file
    argument in the channel specification.
  * Performance of DNSSEC validation in zones with many DNSKEY
    records has been improved.

- Update to release 9.16.39
  Feature Changes:
  * libuv support for receiving multiple UDP messages in a single
    recvmmsg() system call has been tweaked several times between
    libuv versions 1.35.0 and 1.40.0; the current recommended libuv
    version is 1.40.0 or higher. New rules are now in effect for
    running with a different version of libuv than the one used at
    compilation time. These rules may trigger a fatal error at
    startup:
  - Building against or running with libuv versions 1.35.0 and
    1.36.0 is now a fatal error.
  - Running with libuv version higher than 1.34.2 is now a
    fatal error when named is built against libuv version
    1.34.2 or lower.
  - Running with libuv version higher than 1.39.0 is now a
    fatal error when named is built against libuv version
    1.37.0, 1.38.0, 1.38.1, or 1.39.0.
  * This prevents the use of libuv versions that may trigger an
    assertion failure when receiving multiple UDP messages in a
    single system call.
  Bug Fixes:
  * named could crash with an assertion failure when adding a new
    zone into the configuration file for a name which was already
    configured as a member zone for a catalog zone. This has been
    fixed.
  * When named starts up, it sends a query for the DNSSEC key for
    each configured trust anchor to determine whether the key has
    changed. In some unusual cases, the query might depend on a
    zone for which the server is itself authoritative, and would
    have failed if it were sent before the zone was fully loaded.
    This has now been fixed by delaying the key queries until all
    zones have finished loading.
  [jsc#SLE-24600]
binutils
- Update to version 2.41 [PED-5778]:
  * The MIPS port now supports the Sony Interactive Entertainment Allegrex
  processor, used with the PlayStation Portable, which implements the MIPS
  II ISA along with a single-precision FPU and a few implementation-specific
  integer instructions.
  * Objdump's --private option can now be used on PE format files to display the
  fields in the file header and section headers.
  * New versioned release of libsframe: libsframe.so.1.  This release introduces
  versioned symbols with version node name LIBSFRAME_1.0.  This release also
  updates the ABI in an incompatible way: this includes removal of
  sframe_get_funcdesc_with_addr API, change in the behavior of
  sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
  * SFrame Version 2 is now the default (and only) format version supported by
  gas, ld, readelf and objdump.
  * Add command-line option, --strip-section-headers, to objcopy and strip to
  remove ELF section header from ELF file.
  * The RISC-V port now supports the following new standard extensions:
  - Zicond (conditional zero instructions)
  - Zfa (additional floating-point instructions)
  - Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
    Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
  * The RISC-V port now supports the following vendor-defined extensions:
  - XVentanaCondOps
  * Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
  * A new .insn directive is recognized by x86 gas.
  * Add SME2 support to the AArch64 port.
  * The linker now accepts a command line option of --remap-inputs
  <PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
  <FILE>.  In addition the option --remap-inputs-file=<FILE> can be used to
  specify a file containing any number of these remapping directives.
  * The linker command line option --print-map-locals can be used to include
  local symbols in a linker map.  (ELF targets only).
  * For most ELF based targets, if the --enable-linker-version option is used
  then the version of the linker will be inserted as a string into the .comment
  section.
  * The linker script syntax has a new command for output sections: ASCIZ "string"
  This will insert a zero-terminated string at the current location.
  * Add command-line option, -z nosectionheader, to omit ELF section
  header.
- Removed obsolete patches: binutils-2.40-branch.diff.gz,
  riscv-dynamic-tls-reloc-pie.patch, riscv-pr22263-1.patch,
  extensa-gcc-4_3-fix.diff .
- Add binutils-2.41-branch.diff.gz .
- Add binutils-old-makeinfo.diff for SLE-12 and older.
- Rebased aarch64-common-pagesize.patch and binutils-revert-rela.diff .
- Contains fixes for these non-CVEs (not security bugs per upstreams
  SECURITY.md):
  * bsc#1209642 aka CVE-2023-1579 aka PR29988
  * bsc#1210297 aka CVE-2023-1972 aka PR30285
  * bsc#1210733 aka CVE-2023-2222 aka PR29936
  * bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
  * bsc#1214565 aka CVE-2020-19726 aka PR26240
  * bsc#1214567 aka CVE-2022-35206 aka PR29290
  * bsc#1214579 aka CVE-2022-35205 aka PR29289
  * bsc#1214580 aka CVE-2022-44840 aka PR29732
  * bsc#1214604 aka CVE-2022-45703 aka PR29799
  * bsc#1214611 aka CVE-2022-48065 aka PR29925
  * bsc#1214619 aka CVE-2022-48064 aka PR29922
  * bsc#1214620 aka CVE-2022-48063 aka PR29924
  * bsc#1214623 aka CVE-2022-47696 aka PR29677
  * bsc#1214624 aka CVE-2022-47695 aka PR29846
  * bsc#1214625 aka CVE-2022-47673 aka PR29876

- Add binutils-disable-dt-relr.sh for an compatibility problem
  caused by binutils-revert-rela.diff in SLE codestreams.
  Needed for update of glibc as that would otherwise pick up
  the broken relative relocs support.  [bsc#1213282, PED-1435]
- This only existed only for a very short while in SLE-15, as the main
  variant in devel:gcc subsumed this in binutils-revert-rela.diff.
  Hence:
- Remove binutils-disable-dt-relr.sh as subsumed.

- riscv-dynamic-tls-reloc-pie.patch: Backport for PR ld/22263 and PR
  ld/25694
- riscv-pr22263-1.patch: Backport for PR ld/22263

- Rebase branch patch (includes fix for PR30281).

- Document fixed CVEs:
  * bnc#1208037 aka CVE-2023-25588 aka PR29677
  * bnc#1208038 aka CVE-2023-25587 aka PR29846
  * bnc#1208040 aka CVE-2023-25585 aka PR29892
  * bnc#1208409 aka CVE-2023-0687 aka PR29444

- Enable bpf-none cross target and add bpf-none to the multitarget
  set of supported targets.

- Disable packed-relative-relocs for old codestreams.  They generate
  buggy relocations when binutils-revert-rela.diff is active.
  [bsc#1206556]

- Disable ZSTD debug section compress by default.

- Enable zstd compression algorithm (instead of zlib)
  for debug info sections by default.

- Pack libgprofng only for supported platforms.

- Remove upstreamed patch binutils-maxpagesize.diff.

- Rebase binutils-2.40-branch.diff.gz as it includes fix for PR30043.
- Move libgprofng-related libraries to the proper locations (packages).
- Add --without=bootstrap for skipping of bootstrap (faster testing
  of the package).

- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]

- Update to version 2.40:
  * Objdump has a new command line option --show-all-symbols which will make it
  display all symbols that match a given address when disassembling.  (Normally
  only the first symbol that matches an address is shown).
  * Add --enable-colored-disassembly configure time option to enable colored
  disassembly output by default, if the output device is a terminal.  Note,
  this configure option is disabled by default.
  * DCO signed contributions are now accepted.
  * objcopy --decompress-debug-sections now supports zstd compressed debug
  sections.  The new option --compress-debug-sections=zstd compresses debug
  sections with zstd.
  * addr2line and objdump --dwarf now support zstd compressed debug sections.
  * The dlltool program now accepts --deterministic-libraries and
  - -non-deterministic-libraries as command line options to control whether or
  not it generates deterministic output libraries.  If neither of these options
  are used the default is whatever was set when the binutils were configured.
  * readelf and objdump now have a newly added option --sframe which dumps the
  SFrame section.
  * Add support for Intel RAO-INT instructions.
  * Add support for Intel AVX-NE-CONVERT instructions.
  * Add support for Intel MSRLIST instructions.
  * Add support for Intel WRMSRNS instructions.
  * Add support for Intel CMPccXADD instructions.
  * Add support for Intel AVX-VNNI-INT8 instructions.
  * Add support for Intel AVX-IFMA instructions.
  * Add support for Intel PREFETCHI instructions.
  * Add support for Intel AMX-FP16 instructions.
  * gas now supports --compress-debug-sections=zstd to compress
  debug sections with zstd.
  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
  * Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
  XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
  XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
  ISA manual, which are implemented in the Allwinner D1.
  * Add support for the RISC-V Zawrs extension, version 1.0-rc4.
  * Add support for Cortex-X1C for Arm.
  * New command line option --gsframe to generate SFrame unwind information
  on x86_64 and aarch64 targets.
  * The linker has a new command line option to suppress the generation of any
  warning or error messages.  This can be useful when there is a need to create
  a known non-working binary.  The option is -w or --no-warnings.
  * ld now supports zstd compressed debug sections.  The new option
  - -compress-debug-sections=zstd compresses debug sections with zstd.
  * Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
  that selects the default compression algorithm
  for --enable-compressed-debug-sections.
  * Remove support for -z bndplt (MPX prefix instructions).
- Rebased patches: add-ulp-section.diff, ld-relro.diff, binutils-revert-plt32-in-branches.diff,
  cross-avr-size.patch.
- Removed patch: binutils-pr29482.diff.
- New patch: extensa-gcc-4_3-fix.diff.
- Includes fixes for these CVEs:
  * bnc#1206080 aka CVE-2022-4285 aka PR29699
- Enable by default: --enable-colored-disassembly.

- fix build on x86_64_vX platforms
blog
- Add patch blog.dif
  * Fix big endian cast problems to be able to read commands
    and ansers (blogctl) as well as passphrases (blogd)
ca-certificates-mozilla
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
  Added:
  - Atos TrustedRoot Root CA ECC G2 2020
  - Atos TrustedRoot Root CA ECC TLS 2021
  - Atos TrustedRoot Root CA RSA G2 2020
  - Atos TrustedRoot Root CA RSA TLS 2021
  - BJCA Global Root CA1
  - BJCA Global Root CA2
  - LAWtrust Root CA2 (4096)
  - Sectigo Public Email Protection Root E46
  - Sectigo Public Email Protection Root R46
  - Sectigo Public Server Authentication Root E46
  - Sectigo Public Server Authentication Root R46
  - SSL.com Client ECC Root CA 2022
  - SSL.com Client RSA Root CA 2022
  - SSL.com TLS ECC Root CA 2022
  - SSL.com TLS RSA Root CA 2022
  Removed CAs:
  - Chambers of Commerce Root
  - E-Tugra Certification Authority
  - E-Tugra Global Root CA ECC v3
  - E-Tugra Global Root CA RSA v3
  - Hongkong Post Root CA 1
cloud-init
- Update cloud-init-write-routes.patch (bsc#1212879)
  + Add necessary import statement
- Enable flake8 linting, fix up patches
  + cloud-init-cve-2023-1786-redact-instance-data-json-main.patch
  + cloud-init-power-rhel-only.patch
  + cloud-init-write-routes.patch
  + datasourceLocalDisk.patch

- Add cloud-init-power-rhel-only.patch (bsc#1210273)
  + Config module cc_refresh_rmc_and_interface is implemented such that
    it will only work on RH distros. Set the module availability accordingly.

- Sensitive data exposure (bsc#1210277, CVE-2023-1786)
  + Add hidesensitivedata
  + Add cloud-init-cve-2023-1786-redact-inst-data.patch
  + Do not expose sensitive data gathered from the CSP

- Update to version 23.1
  + Remove patches included upstream:
  - cloud-init-btrfs-queue-resize.patch
  - cloud-init-micro-is-suse.patch
  - cloud-init-suse-afternm.patch
  - cloud-init-prefer-nm.patch
  - cloud-init-transact-up.patch
  + Forward port
  - cloud-init-write-routes.patch
  + Added
  - cloud-init-fix-ca-test.patch
  + Support transactional-updates for SUSE based distros (#1997)
    [Robert Schweikert]
  + Set ownership for new folders in Write Files Module (#1980)
    [Jack] (LP: #1990513)
  + add OpenCloudOS and TencentOS support (#1964) [wynnfeng]
  + lxd: Retry if the server isn't ready (#2025)
  + test: switch pycloudlib source to pypi (#2024)
  + test: Fix integration test deprecation message (#2023)
  + Recognize opensuse-microos, dev tooling fixes [Robert Schweikert]
  + sources/azure: refactor imds handler into own module (#1977)
    [Chris Patterson]
  + docs: deprecation generation support [1/2] (#2013)
  + add function is_virtual to distro/FreeBSD (#1957) [Mina Galić]
  + cc_ssh: support multiple hostcertificates (#2018) (LP: #1999164)
  + Fix minor schema validation regression and fixup typing (#2017)
  + doc: Reword user data debug section (#2019)
  + Overhaul/rewrite of certificate handling as follows: (#1962)
    [dermotbradley] (LP: #1931174)
  + disk_setup: use byte string when purging the partition table (#2012)
    [Stefan Prietl]
  + cli: schema also validate vendordata*.
  + ci: sort and add checks for cla signers file [Stefan Prietl]
  + Add "ederst" as contributor (#2010) [Stefan Prietl]
  + readme: add reference to packages dir (#2001)
  + docs: update downstream package list (#2002)
  + docs: add google search verification (#2000) [s-makin]
  + docs: fix 404 render use default notfound_urls_prefix in RTD conf (#2004)
  + Fix OpenStack datasource detection on bare metal (#1923)
    [Alexander Birkner] (LP: #1815990)
  + docs: add themed RTD 404 page and pointer to readthedocs-hosted (#1993)
  + schema: fix gpt labels, use type string for GUID (#1995)
  + cc_disk_setup: code cleanup (#1996)
  + netplan: keep custom strict perms when 50-cloud-init.yaml exists
  + cloud-id: better handling of change in datasource files
    [d1r3ct0r] (LP: #1998998)
  + tests: Remove restart check from test
  + Ignore duplicate macs from mscc_felix and fsl_enetc (LP: #1997922)
  + Warn on empty network key (#1990)
  + Fix Vultr cloud_interfaces usage (#1986) [eb3095]
  + cc_puppet: Update puppet service name (#1970) [d1r3ct0r] (LP: #2002969)
  + docs: Clarify networking docs (#1987)
  + lint: remove httpretty (#1985) [sxt1001]
  + cc_set_passwords: Prevent traceback when restarting ssh (#1981)
  + tests: fix lp1912844 (#1978)
  + tests: Skip ansible test on bionic (#1984)
  + Wait for NetworkManager (#1983) [Robert Schweikert]
  + docs: minor polishing (#1979) [s-makin]
  + CI: migrate integration-test to GH actions (#1969)
  + Fix permission of SSH host keys (#1971) [Ron Gebauer]
  + Fix default route rendering on v2 ipv6 (#1973) (LP: #2003562)
  + doc: fix path in net_convert command (#1975)
  + docs: update net_convert docs (#1974)
  + doc: fix dead link
  + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
    (#1967) [Emanuele Giuseppe Esposito]
  + distros/rhel.py: _read_hostname() missing strip on "hostname" (#1941)
    [Mark Mielke]
  + integration tests: add  IBM VPC support (SC-1352) (#1915)
  + machine-id: set to uninitialized to trigger regeneration on clones
    (LP: #1999680)
  + sources/azure: retry on connection error when fetching metdata (#1968)
    [Chris Patterson]
  + Ensure ssh state accurately obtained (#1966)
  + bddeb: drop dh-systemd dependency on newer deb-based releases [d1r3ct0r]
  + doc: fix `config formats` link in cloudsigma.rst (#1960)
  + Fix wrong subp syntax in cc_set_passwords.py (#1961)
  + docs: update the PR template link to readthedocs (#1958) [d1r3ct0r]
  + ci: switch unittests to gh actions (#1956)
  + Add mount_default_fields for PhotonOS. (#1952) [Shreenidhi Shedi]
  + sources/azure: minor refactor for metadata source detection logic
    (#1936) [Chris Patterson]
  + add "CalvoM" as contributor (#1955) [d1r3ct0r]
  + ci: doc to gh actions (#1951)
  + lxd: handle 404 from missing devices route for LXD 4.0 (LP: #2001737)
  + docs: Diataxis overhaul (#1933) [s-makin]
  + vultr: Fix issue regarding cache and region codes (#1938) [eb3095]
  + cc_set_passwords: Move ssh status checking later (SC-1368) (#1909)
    (LP: #1998526)
  + Improve Wireguard module idempotency (#1940) [Fabian Lichtenegger-Lukas]
  + network/netplan: add gateways as on-link when necessary (#1931)
    [Louis Sautier] (LP: #2000596)
  + tests: test_lxd assert features.networks.zones when present (#1939)
  + Use btrfs enquque when available (#1926) [Robert Schweikert]
  + sources/azure: drop description for report_failure_to_fabric() (#1934)
    [Chris Patterson]
  + cc_disk_setup.py: fix MBR single partition creation (#1932)
    [dermotbradley] (LP: #1851438)
  + Fix typo with package_update/package_upgrade (#1927) [eb3095]
  + sources/azure: fix device driver matching for net config (#1914)
    [Chris Patterson]
  + BSD: fix duplicate macs in Ifconfig parser (#1917) [Mina Galić]
  + test: mock dns calls (#1922)
  + pycloudlib: add lunar support for integration tests (#1928)
  + nocloud: add support for dmi variable expansion for seedfrom URL
    (LP: #1994980)
  + tools: read-version drop extra call to git describe --long
  + doc: improve cc_write_files doc (#1916)
  + read-version: When insufficient tags, use cloudinit.version.get_version
  + mounts: document weird prefix in schema (#1913)
  + add utility function test cases (#1910) [sxt1001]
  + test: mock file deletion in dhcp tests (#1911)
  + Ensure network ready before cloud-init service runs on RHEL (#1893)
    (LP: #1998655)
  + docs: add copy button to code blocks (#1890) [s-makin]
  + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
  + azure: fix support for systems without az command installed (#1908)
  + Networking Clarification (#1892)
  + Fix the distro.osfamily output problem in the openEuler system. (#1895)
    [sxt1001] (LP: #1999042)
  + pycloudlib: bump commit dropping azure api smoke test
  + net: netplan config root read-only as wifi config can contain creds
  + autoinstall: clarify docs for users
  + sources/azure: encode health report as utf-8 (#1897) [Chris Patterson]
  + Add back gateway4/6 deprecation to docs (#1898)
  + networkd: Add support for multiple [Route] sections (#1868)
    [Nigel Kukard]
  + doc: add qemu tutorial (#1863)
  + lint: fix tip-flake8 and tip-mypy (#1896)
  + Add support for setting uid when creating users on FreeBSD (#1888)
    [einsibjarni]
  + Fix exception in BSD networking code-path (#1894) [Mina Galić]
  + Append derivatives to is_rhel list in cloud.cfg.tmpl (#1887) [Louis Abel]
  + FreeBSD init: use cloudinit_enable as only rcvar (#1875) [Mina Galić]
  + feat: add support aliyun metadata security harden mode (#1865)
    [Manasseh Zhou]
  + docs: uprate analyze to performance page [s-makin]
  + test: fix lxd preseed managed network config (#1881)
  + Add support for static IPv6 addresses for FreeBSD (#1839) [einsibjarni]
  + Make 3.12 failures not fail the build (#1873)
  + Docs: adding relative links [s-makin]
  + Update read-version
  + Fix setup.py to align with PEP 440 versioning replacing trailing
  + travis: promote 3.11-dev to 3.11 (#1866)
  + test_cloud_sigma: delete useless test (#1828) [sxt1001]
  + Add "nkukard" as contributor (#1864) [Nigel Kukard]
  + tests: ds-id mocks for vmware-rpctool as utility may not exist in env
  + doc: add how to render new module doc (#1855)
  + doc: improve module creation explanation (#1851)
  + Add Support for IPv6 metadata to OpenStack (#1805)
    [Marvin Vogt] (LP: #1906849)
  + add xiaoge1001 to .github-cla-signers (#1854) [sxt1001]
  + network: Deprecate gateway{4,6} keys in network config v2 (#1794)
    (LP: #1992512)
  + VMware: Move Guest Customization transport from OVF to VMware (#1573)
    [PengpengSun]
  + doc: home page links added (#1852) [s-makin]
  From 22.4.2
  + status: handle ds not defined in status.json (#1876) (LP: #1997559)
  From 22.4.1
  + net: skip duplicate mac check for netvsc nic and its VF (#1853)
    [Anh Vo] (LP: #1844191)
  + ChangeLog: whitespace cleanup (#1850)
  + changelog: capture 22.3.1-4 releases

- Add cloud-init-transact-up.patch to support transactional-updates

- Add cloud-init-prefer-nm.patch
  + Prefer NetworkManager of sysconfig when available

- Update to version 22.4
  + Remove patches included upstream:
  - cloud-init-vmware-test.patch
  - cloud-init-sysctl-not-in-bin.patch
  + Forward port:
  - cloud-init-write-routes.patch
  - cloud-init-break-resolv-symlink.patch
  - cloud-init-sysconf-path.patch
  - cloud-init-no-tempnet-oci.patch
  + Add cloud-init-btrfs-queue-resize.patch (bsc#1171511)
  + Add cloud-init-micro-is-suse.patch (bsc#1203393) [Martin Petersen]
  + Add cloud-init-suse-afternm.patch
  + test: fix pro integration test [Alberto Contreras]
  + cc_disk_setup: pass options in correct order to utils (#1829)
    [dermotbradley]
  + tests: text_lxd basic_preseed verify_clean_log (#1826)
  + docs: switch sphinx theme to furo (SC-1327) (#1821) [Alberto Contreras]
  + tests: activate Ubuntu Pro tests (only on Jenkins) (#1777)
    [Alberto Contreras]
  + tests: test_lxd assert features.storage.buckets when present (#1827)
  + tests: replace missed ansible install-method with underscore (#1825)
  + tests: replace ansible install-method with underscore
  + ansible: standardize schema keys
  + ci: run json tool on 22.04 rather than 20.04 (#1823)
  + Stop using devices endpoint for LXD network config (#1819)
  + apport: address new curtin log and config locations (#1812)
  + cc_grub: reword docs for clarity (#1818)
  + tests: Fix preseed test (#1820)
  + Auto-format schema (#1810)
  + Ansible Control Module (#1778)
  + Fix last reported event possibly not being sent (#1796) (LP: #1993836)
  + tests: Ignore unsupported lxd project keys (#1817) [Alberto Contreras]
  + udevadm settle should handle non-udev system gracefully (#1806)
    [dermotbradley]
  + add mariner support (#1780) [Minghe Ren]
  + Net: add BSD ifconfig(8) parser and state class (#1779) [Mina Galić]
  + adding itjamie to .github-cla-signers [Jamie (Bear) Murphy]
  + Fix inconsistency between comment and statement (#1809) [Guillaume Gay]
  + Update .github-cla-signers (#1811) [Guillaume Gay]
  + alpine.py: Add Alpine-specific manage_service function and update tests
    (#1804) [dermotbradley]
  + test: add 3.12-dev to Travis CI (#1798) [Alberto Contreras]
  + add NWCS datasource (#1793) [shell-skrimp]
  + Adding myself as CLA signer (#1799) [s-makin]
  + apport: fix some data collection failures due to symlinks (#1797)
    [Dan Bungert]
  + read-version: Make it compatible with bionic (#1795) [Alberto Contreras]
  + lxd: add support for lxd preseed config(#1789)
  + Enable hotplug for LXD datasource (#1787)
  + cli: collect logs and apport subiquity support
  + add support for Container-Optimized OS (#1748) [vteratipally]
  + test: temporarily disable failing integration test (#1792)
  + Fix LXD/nocloud detection on lxd vm tests (#1791)
  + util: Implement __str__ and __iter__ for Version (#1790)
  + cc_ua: consume ua json api for enable commands [Alberto Contreras]
  + Add clarity to cc_final_message docs (#1788)
  + cc_ntp: add support for BSDs (#1759) [Mina Galić] (LP: #1990041)
  + make Makefile make agnostic (#1786) [Mina Galić]
  + Remove hardcoding and unnecessary overrides in Makefile (#1783)
    [Joseph Mingrone]
  + Add my username (Jehops) to .github-cla-signers (#1784) [Joseph Mingrone]
  + Temporarily remove broken test (#1781)
  + Create reference documentation for base config
  + cc_ansible: add support for galaxy install (#1736)
  + distros/manage_services: add support to disable service (#1772)
    [Mina Galić] (LP: #1991024)
  + OpenBSD: remove pkg_cmd_environ function (#1773)
    [Mina Galić] (LP: 1991567)
  + docs: Correct typo in the FAQ (#1774) [Maximilian Wörner]
  + tests: Use LXD metadata to determine NoCloud status (#1776)
  + analyze: use init-local as start of boot record (#1767) [Chris Patterson]
  + docs: use opensuse for distro name in package doc (#1771)
  + doc: clarify packages as dev only (#1769) [Alberto Contreras]
  + Distro manage service: Improve BSD support (#1758)
    [Mina Galić] (LP: #1990070)
  + testing: check logs for critical errors (#1765) [Chris Patterson]
  + cc_ubuntu_advantage: Handle already attached on Pro [Alberto Contreras]
  + doc: Add configuration explanation (SC-1169)
  + Fix Oracle DS primary interface when using IMDS (#1757) (LP: #1989686)
  + style: prefer absolute imports over relative imports [Mina Galić]
  + tests: Fix ip log during instance destruction (#1755) [Alberto Contreras]
  + cc_ubuntu_advantage: add ua_config in auto-attach [Alberto Contreras]
  + apt configure: sources write/append mode (#1738)
    [Fabian Lichtenegger-Lukas]
  + networkd: Add test and improve typing. (#1747) [Alberto Contreras]
  + pycloudlib: bump commit for gce cpu architecture support (#1750)
  + commit ffcb29bc8315d1e1d6244eeb1cbd8095958f7bad (LP: #1307667)
  + testing: workaround LXD vendor data (#1740)
  + support dhcp{4,6}-overrides in networkd renderer (#1710) [Aidan Obley]
  + tests: Drop httpretty in favor of responses (#1720) [Alberto Contreras]
  + cc_ubuntu_advantage: Implement custom auto-attach behaviors (#1583)
    [Alberto Contreras]
  + Fix Oracle DS not setting subnet when using IMDS (#1735) (LP: #1989686)
  + testing: focal lxd datasource discovery (#1734)
  + cc_ubuntu_advantage: Redact token from logs (#1726) [Alberto Contreras]
  + docs: make sure echo properly evaluates the string (#1733) [Mina Galić]
  + net: set dhclient lease and pid files (#1715)
  + cli: status machine-readable output --format yaml/json (#1663)
    (LP: #1883122)
  + tests: Simplify does_not_raise (#1731) [Alberto Contreras]
  + Refactor: Drop inheritance from object (#1728) [Alberto Contreras]
  + testing: LXD datasource now supported on Focal (#1732)
  + Allow jinja templating in /etc/cloud (SC-1170) (#1722) (LP: #1913461)
  + sources/azure: ensure instance id is always correct (#1727)
    [Chris Patterson]
  + azure: define new attribute for pre-22.3 pickles (#1725)
  + doc: main page Diátaxis rewording (SC-967) (#1701)
  + ubuntu advantage: improved idempotency, enable list is now strict
  + [Fabian Lichtenegger-Lukas]
  + test: bump pycloudlib (#1724) [Alberto Contreras]
  + cloud.cfg.tmpl: make sure "centos" settings are identical to "rhel"
    (#1639) [Emanuele Giuseppe Esposito]
  + lxd: fetch 1.0/devices content (#1712) [Alberto Contreras]
  + Update docs according to ad8f406a (#1719)
  + testing: Port unittests/analyze to pytest (#1708) [Alberto Contreras]
  + doc: Fix rtd builds. (#1718) [Alberto Contreras]
  + testing: fully mock noexec calls (#1717) [Alberto Contreras]
  + typing: Add types to cc_<module>.handle (#1700) [Alberto Contreras]
  + Identify 3DS Outscale Datasource as Ec2 (#1686) [Maxime Dufour]
  + config: enable bootstrapping pip in ansible (#1707)
  + Fix cc_chef typing issue (#1716)
  + Refactor instance json files to use Paths (SC-1238) (#1709)
  + tools: read-version check GITHUB_REF and git branch --show-current
    (#1677)
  + net: Ensure a tmp with exec permissions for dhcp (#1690)
    [Alberto Contreras] (LP: #1962343)
  + testing: Fix test regression in test_combined (#1713) [Alberto Contreras]
  + Identify Huawei Cloud as OpenStack (#1689) [huang xinjie]
  + doc: add reporting suggestion to FAQ (SC-1236) (#1698)
  From 22.3
  + sources: obj.pkl cache should be written anyime get_data is run (#1669)
  + schema: drop release number from version file (#1664)
  + pycloudlib: bump to quiet azure HTTP info logs (#1668)
  + test: fix wireguard integration tests (#1666)
  + Github is deprecating the 18.04 runner starting 12.1 (#1665)
  + integration tests: Ensure one setup for all tests (#1661)
  + tests: ansible test fixes (#1660)
  + Prevent concurrency issue in test_webhook_hander.py (#1658)
  + Workaround net_setup_link race with udev (#1655) (LP: #1983516)
  + test: drop erroneous lxd assertion, verify command succeeded (#1657)
  + Fix Chrony usage on Centos Stream (#1648) [Sven Haardiek] (LP: #1885952)
  + sources/azure: handle network unreachable errors for savable PPS (#1642)
    [Chris Patterson]
  + Return cc_set_hostname to PER_INSTANCE frequency (#1651) (LP: #1983811)
  + test: Collect integration test time by default (#1638)
  + test: Drop forced package install hack in lxd integration test (#1649)
  + schema: Resolve user-data if --system given (#1644)
    [Alberto Contreras] (LP: #1983306)
  + test: use fake filesystem to avoid file removal (#1647)
    [Alberto Contreras]
  + tox: Fix tip-flake8 and tip-mypy (#1635) [Alberto Contreras]
  + config: Add wireguard config module (#1570) [Fabian Lichtenegger-Lukas]
  + tests: can run without azure-cli, tests expect inactive ansible (#1643)
  + typing: Type UrlResponse.contents (#1633) [Alberto Contreras]
  + testing: fix references to `DEPRECATED.` (#1641) [Alberto Contreras]
  + ssh_util: Handle sshd_config.d folder [Alberto Contreras] (LP: #1968873)
  + schema: Enable deprecations in cc_update_etc_hosts (#1631)
    [Alberto Contreras]
  + Add Ansible Config Module (#1579)
  + util: Support Idle process state in get_proc_ppid() (#1637)
  + schema: Enable deprecations in cc_growpart (#1628) [Alberto Contreras]
  + schema: Enable deprecations in cc_users_groups (#1627)
    [Alberto Contreras]
  + util: Fix error path and parsing in get_proc_ppid()
  + main: avoid downloading full contents cmdline urls (#1606)
    [Alberto Contreras] (LP: #1937319)
  + schema: Enable deprecations in cc_scripts_vendor (#1629)
    [Alberto Contreras]
  + schema: Enable deprecations in cc_set_passwords (#1630)
    [Alberto Contreras]
  + sources/azure: add experimental support for preprovisioned os disks
    (#1622) [Chris Patterson]
  + Remove configobj a_to_u calls (#1632) [Stefano Rivera]
  + cc_debug: Drop this module (#1614) [Alberto Contreras]
  + schema: add aggregate descriptions in anyOf/oneOf (#1636)
  + testing: migrate test_sshutil to pytest (#1617) [Alberto Contreras]
  + testing: Fix test_ca_certs integration test (#1626) [Alberto Contreras]
  + testing: add support for pycloudlib's pro images (#1604)
    [Alberto Contreras]
  + testing: migrate test_cc_set_passwords to pytest (#1615)
    [Alberto Contreras]
  + network: add system_info network activator cloud.cfg overrides (#1619)
    (LP: #1958377)
  + docs: Align git remotes with uss-tableflip setup (#1624)
    [Alberto Contreras]
  + testing: cover active config module checks (#1609) [Alberto Contreras]
  + lxd: lvm avoid thinpool when kernel module absent
  + lxd: enable MTU configuration in cloud-init
  + doc: pin doc8 to last passing version
  + cc_set_passwords fixes (#1590)
  + Modernise importer.py and type ModuleDetails (#1605) [Alberto Contreras]
  + config: Def activate_by_schema_keys for t-z (#1613) [Alberto Contreras]
  + config: define activate_by_schema_keys for p-r mods (#1611)
    [Alberto Contreras]
  + clean: add param to remove /etc/machine-id for golden image creation
  + config: define `activate_by_schema_keys` for a-f mods (#1608)
    [Alberto Contreras]
  + config: define activate_by_schema_keys for s mods (#1612)
    [Alberto Contreras]
  + sources/azure: reorganize tests for network config (#1586)
  + [Chris Patterson]
  + config: Define activate_by_schema_keys for g-n mods (#1610)
    [Alberto Contreras]
  + meta-schema: add infra to skip inapplicable modules [Alberto Contreras]
  + sources/azure: don't set cfg["password"] for default user pw (#1592)
    [Chris Patterson]
  + schema: activate grub-dpkg deprecations (#1600) [Alberto Contreras]
  + docs: clarify user password purposes (#1593)
  + cc_lxd: Add btrfs and lvm lxd storage options (SC-1026) (#1585)
  + archlinux: Fix distro naming[1] (#1601) [Kristian Klausen]
  + cc_ubuntu_autoinstall: support live-installer autoinstall config
  + clean: allow third party cleanup scripts in /etc/cloud/clean.d (#1581)
  + sources/azure: refactor chassis asset tag handling (#1574)
    [Chris Patterson]
  + Add "netcho" as contributor (#1591) [Kaloyan Kotlarski]
  + testing: drop impish support (#1596) [Alberto Contreras]
  + black: fix missed formatting issue which landed in main (#1594)
  + bsd: Don't assume that root user is in root group (#1587)
  + docs: Fix comment typo regarding use of packages (#1582)
    [Peter Mescalchin]
  + Update govc command in VMWare walkthrough (#1576) [manioo8]
  + Update .github-cla-signers (#1588) [Daniel Mullins]
  + Rename the openmandriva user to omv (#1575) [Bernhard Rosenkraenzer]
  + sources/azure: increase read-timeout to 60 seconds for wireserver
    (#1571) [Chris Patterson]
  + Resource leak cleanup (#1556)
  + testing: remove appereances of FakeCloud (#1584) [Alberto Contreras]
  + Fix expire passwords for hashed passwords (#1577)
    [Sadegh Hayeri] (LP: #1979065)
  + mounts: fix suggested_swapsize for > 64GB hosts (#1569) [Steven Stallion]
  + Update chpasswd schema to deprecate password parsing (#1517)
  + tox: Remove entries from default envlist (#1578) (LP: #1980854)
  + tests: add test for parsing static dns for existing devices (#1557)
    [Jonas Konrad]
  + testing: port cc_ubuntu_advantage test to pytest (#1559)
    [Alberto Contreras]
  + Schema deprecation handling (#1549) [Alberto Contreras]
  + Enable pytest to run in parallel (#1568)
  + sources/azure: refactor ovf-env.xml parsing (#1550) [Chris Patterson]
  + schema: Force stricter validation (#1547)
  + ubuntu advantage config: http_proxy, https_proxy (#1512)
    [Fabian Lichtenegger-Lukas]
  + net: fix interface matching support (#1552) (LP: #1979877)
  + Fuzz testing jsonchema (#1499) [Alberto Contreras]
  + testing: Wait for changed boot-id in test_status.py (#1548)
  + CI: Fix GH pinned-format jobs (#1558) [Alberto Contreras]
  + Typo fix (#1560) [Jaime Hablutzel]
  + tests: mock dns lookup that causes long timeouts (#1555)
  + tox: add unpinned env for do_format and check_format (#1554)
  + cc_ssh_import_id: Substitute deprecated warn (#1553) [Alberto Contreras]
  + Remove schema errors from log (#1551) (LP: #1978422) (CVE-2022-2084)
  + Update WebHookHandler to run as background thread (SC-456) (#1491)
    (LP: #1910552)
  + testing: Don't run custom cloud dir test on Bionic (#1542)
  + bash completion: update schema command (#1543) (LP: #1979547)
  + CI: add non-blocking run against the linters tip versions (#1531)
    [Paride Legovini]
  + Change groups within the users schema to support lists and strings
    (#1545) [RedKrieg]
  + make it clear which username should go in the contributing doc (#1546)
  + Pin setuptools for Travis (SC-1136) (#1540)
  + Fix LXD datasource crawl when BOOT enabled (#1537)
  + testing: Fix wrong path in dual stack test (#1538)
  + cloud-config: honor cloud_dir setting (#1523)
    [Alberto Contreras] (LP: #1976564)
  + Add python3-debconf to pkg-deps.json Build-Depends (#1535)
    [Alberto Contreras]
  + redhat spec: udev/rules.d lives under /usr/lib on rhel-based systems
    (#1536)
  + tests/azure: add test coverage for DisableSshPasswordAuthentication
    (#1534) [Chris Patterson]
  + summary: Add david-caro to the cla signers (#1527) [David Caro]
  + Add support for OpenMandriva (https://openmandriva.org/) (#1520)
    [Bernhard Rosenkraenzer]
  + tests/azure: refactor ovf creation (#1533) [Chris Patterson]
  + Improve DataSourceOVF error reporting when script disabled (#1525) [rong]
  + tox: integration-tests-jenkins: softfail if only some test failed
    (#1528) [Paride Legovini]
  + CI: drop linters from Travis CI (moved to GH Actions) (#1530)
    [Paride Legovini]
  + sources/azure: remove unused encoding support for customdata (#1526)
    [Chris Patterson]
  + sources/azure: remove unused metadata captured when parsing ovf (#1524)
    [Chris Patterson]
  + sources/azure: remove dscfg parsing from ovf-env.xml (#1522)
    [Chris Patterson]
  + Remove extra space from ec2 dual stack crawl message (#1521)
  + tests/azure: use namespaces in generated ovf-env.xml documents (#1519)
    [Chris Patterson]
  + setup.py: adjust udev/rules default path (#1513)
    [Emanuele Giuseppe Esposito]
  + Add python3-deconf dependency (#1506) [Alberto Contreras]
  + Change match macadress param for network v2 config (#1518)
    [Henrique Caricatti Capozzi]
  + sources/azure: remove unused userdata property from ovf (#1516)
    [Chris Patterson]
  + sources/azure: minor refactoring to network config generation (#1497)
    [Chris Patterson]
  + net: Implement link-local ephemeral ipv6
  + Rename function to avoid confusion (#1501)
  + Fix cc_phone_home requiring 'tries' (#1500) (LP: #1977952)
  + datasources: replace networking functions with stdlib and cloudinit.net
  + code
  + Remove xenial references (#1472) [Alberto Contreras]
  + Oracle ds changes (#1474) [Alberto Contreras] (LP: #1967942)
  + improve runcmd docs (#1498)
  + add 3.11-dev to Travis CI (#1493)
  + Only run github actions on pull request (#1496)
  + Fix integration test client creation (#1494) [Alberto Contreras]
  + tox: add link checker environment, fix links (#1480)
  + cc_ubuntu_advantage: Fix doc (#1487) [Alberto Contreras]
  + cc_yum_add_repo: Fix repo id canonicalization (#1489)
    [Alberto Contreras] (LP: #1975818)
  + Add linitio as contributor in the project (#1488) [Kevin Allioli]
  + net-convert: use yaml.dump for debugging python NetworkState obj (#1484)
    (LP: #1975907)
  + test_schema: no relative $ref URLs, replace $ref with local path (#1486)
  + cc_set_hostname: do not write "localhost" when no hostname is given
  + (#1453) [Emanuele Giuseppe Esposito]
  + Update .github-cla-signers (#1478) [rong]
  + schema: write_files defaults, versions $ref full URL and add vscode
    (#1479)
  + docs: fix external links, add one more to the list (#1477)
  + doc: Document how to change module frequency (#1481)
  + tests: bump pycloudlib (#1482)
  + tests: bump pycloudlib pinned commit for kinetic Azure (#1476)
  + testing: fix test_status.py (#1475)
  + integration tests: If KEEP_INSTANCE = True, log IP (#1473)
  + Drop mypy excluded files (#1454) [Alberto Contreras]
  + Docs additions (#1470)
  + Add "formatting tests" to Github Actions
  + Remove unused arguments in function signature (#1471)
  + Changelog: correct errant classification of LP issues as GH (#1464)
  + Use Network-Manager and Netplan as default renderers for RHEL and Fedora
    (#1465) [Emanuele Giuseppe Esposito]
  From 22.2
  + Fix test due to caplog incompatibility (#1461) [Alberto Contreras]
  + Align rhel custom files with upstream (#1431)
    [Emanuele Giuseppe Esposito]
  + cc_write_files: Improve schema. (#1460) [Alberto Contreras]
  + cli: Redact files with permission errors in commands (#1440)
  + [Alberto Contreras] (LP: #1953430)
  + Improve cc_set_passwords. (#1456) [Alberto Contreras]
  + testing: make fake cloud-init wait actually wait (#1459)
  + Scaleway: Fix network configuration for netplan 0.102 and later (#1455)
    [Maxime Corbin]
  + Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka]
  + schema: version schema-cloud-config-v1.json (#1424)
  + cc_modules: set default meta frequency value when no config available
    (#1457)
  + Log generic warning on non-systemd systems. (#1450) [Alberto Contreras]
  + cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448)
    [Alberto Contreras]
  + Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras]
  + testing: Fix console_log tests (#1437)
  + tests: cc_set_passoword update for systemd, non-systemd distros  (#1449)
  + Fix bug in url_helper/dual_stack() logging (#1426)
  + schema: render schema paths from _CustomSafeLoaderWithMarks (#1391)
  + testing: Make integration tests kinetic friendly (#1441)
  + Handle error if SSH service no present. (#1422)
    [Alberto Contreras] (LP: #1969526)
  + Fix network-manager activator availability and order (#1438)
  + sources/azure: remove reprovisioning marker (#1414) [Chris Patterson]
  + upstart: drop vestigial support for upstart (#1421)
  + testing: Ensure NoCloud detected in test (#1439)
  + Update .github-cla-signers kallioli [Kevin Allioli]
  + Consistently strip top-level network key (#1417) (LP: #1906187)
  + testing: Fix LXD VM metadata test (#1430)
  + testing: Add NoCloud setup for NoCloud test (#1425)
  + Update linters and adapt code for compatibility (#1434) [Paride Legovini]
  + run-container: add support for LXD VMs (#1428) [Paride Legovini]
  + integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini]
  + Fix NoCloud docs (#1423)
  + Docs fixes (#1406)
  + docs: Add docs for module creation (#1415)
  + Remove cheetah from templater (#1416)
  + tests: verify_ordered_items fallback to re.escape if needed (#1420)
  + Misc module cleanup (#1418)
  + docs: Fix doc warnings and enable errors (#1419)
    [Alberto Contreras] (LP: #1876341)
  + Refactor cloudinit.sources.NetworkConfigSource to enum (#1413)
    [Alberto Contreras] (LP: #1874875)
  + Don't fail if IB and Ethernet devices 'collide' (#1411)
  + Use cc_* module meta defintion over hardcoded vars (SC-888) (#1385)
  + Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras]
  + Promote cloud-init schema from devel to top level subcommand (#1402)
  + mypy: disable missing imports warning for httpretty (#1412)
    [Chris Patterson]
  + users: error when home should not be created AND ssh keys provided
    [Jeffrey 'jf' Lim]
  + Allow growpart to resize encrypted partitions (#1316)
  + Fix typo in integration_test.rst (#1405) [Alberto Contreras]
  + cloudinit.net refactor: apply_network_config_names (#1388)
    [Alberto Contreras] (LP: #1884602)
  + tests/azure: add fixtures for hardcoded paths (markers and data_dir)
    (#1399) [Chris Patterson]
  + testing: Add responses workaround for focal/impish (#1403)
  + cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False
  + Fix ds-identify not detecting NoCloud seed in config (#1381)
    (LP: #1876375)
  + sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson]
  + Move notes about refactorization out of CONTRIBUTING.rst (#1389)
  + Shave ~8ms off generator runtime (#1387)
  + Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson]
  + schema: module example strict testing fix seed_random
  + cc_set_hostname: examples small typo (perserve vs preserve)
    [Wouter Schoot]
  + sources/azure: refactor http_with_retries to remove **kwargs (#1392)
    [Chris Patterson]
  + declare dependency on ssh-import-id (#1334)
  + drop references to old dependencies and old centos script
  + sources/azure: only wait for primary nic to be attached during restore
    (#1378) [Anh Vo]
  + cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384)
  + Network functions refactor and bugfixes (#1383)
  + schema: add JSON defs for modules cc_users_groups (#1379)
    (LP: #1858930)
  + Fix doc typo (#1382) [Alberto Contreras]
  + Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160)
  + Fix KeyError when rendering sysconfig IPv6 routes (#1380) (LP: #1958506)
  + Return a namedtuple from subp() (#1376)
  + Mypy stubs and other tox maintenance (SC-920) (#1374)
  + Distro Compatibility Fixes (#1375)
  + Pull in Gentoo patches (#1372)
  + schema: add json defs for modules U-Z (#1360)
    (LP: #1858928, #1858929, #1858931, #1858932)
  + util: atomically update sym links to avoid Suppress FileNotFoundError
  + when reading status (#1298) [Adam Collard] (LP: #1962150)
  + schema: add json defs for modules scripts-timezone (SC-801) (#1365)
  + docs: Add first tutorial (SC-900) (#1368)
  + BUG 1473527: module ssh-authkey-fingerprints fails Input/output error…
    (#1340) [Andrew Lee] (LP: #1473527)
  + add arch hosts template (#1371)
  + ds-identify: detect LXD for VMs launched from host with > 5.10 kernel
    (#1370) (LP: #1968085)
  + Support EC2 tags in instance metadata (#1309) [Eduardo Dobay]
  + schema: add json defs for modules e-install (SC-651) (#1366)
  + Improve "(no_create_home|system): true" test (#1367) [Jeffrey 'jf' Lim]
  + Expose https_proxy env variable to ssh-import-id cmd (#1333)
    [Michael Rommel]
  + sources/azure: remove bind/unbind logic for hot attached nic (#1332)
    [Chris Patterson]
  + tox: add types-* packages to check_format env (#1362)
  + tests: python 3.10 is showing up in cloudimages (#1364)
  + testing: add additional mocks to test_net tests (#1356) [yangzz-97]
  + schema: add JSON schema for mcollective, migrator and mounts modules
    (#1358)
  + Honor system locale for RHEL (#1355) [Wei Shi]
  + doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani]
  + ds-identify: also discover LXD by presence from DMI board_name = LXD
    (#1311)
  + black: bump pinned version to 22.3.0 to avoid click dependency issues
    (#1357)
  + Various doc fixes (#1330)
  + testing: Add missing is_FreeBSD mock to networking test (#1353)
  + Add --no-update to add-apt-repostory call (SC-880) (#1337)
  + schema: add json defs for modules K-L (#1321)
    (LP: #1858899, #1858900, #1858901, #1858902)
  + docs: Re-order readthedocs install (#1354)
  + Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343)
    [Jeffrey 'jf' Lim]
  + docs: add jinja2 pin (#1352)
  + Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095]
  + sources/azure: move get_ip_from_lease_value out of shim (#1324)
    [Chris Patterson]
  + Fix cloud-init status --wait when no datasource found (#1349)
    (LP: #1966085)
  + schema: add JSON defs for modules resize-salt (SC-654) (#1341)
  + Add myself as a future contributor (#1345) [Neal Gompa (ニール・ゴンパ)]
  + Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim]
  + add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service
  + file (#1335) [yangzz-97]
  + Fix sysconfig render when set-name is missing (#1327)
    [Andrew Kutz] (LP: #1855945)
  + Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz]
  + url_helper: add tuple support for readurl timeout (#1328)
    [Chris Patterson]
  + Make fs labels match for ds-identify and docs (#1329)
  + Work around bug in LXD VM detection (#1325)
  + Remove redundant generator logs (#1318)
  + tox: set verbose flags for integration tests (#1323) [Chris Patterson]
  + net: introduce find_candidate_nics() (#1313) [Chris Patterson]
  + Revert "Ensure system_cfg read before ds net config on Oracle (#1174)"
    (#1326)
  + Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth]
  + Make VMWare data source test host independent and expand testing (#1308)
    [Robert Schweikert]
  + Add json schemas for modules starting with P
  + sources/azure: remove lease file parsing (#1302) [Chris Patterson]
  + remove flaky test from ci (#1322)
  + ci: Switch to python 3.10 in Travis CI (#1320)
  + Better interface handling for Vultr, expect unexpected DHCP servers
    (#1297) [eb3095]
  + Remove unused init local artifact (#1315)
  + Doc cleanups (#1317)
  + docs improvements (#1312)
  + add support for jinja do statements, add unit test (#1314)
    [Paul Bruno] (LP: #1962759)
  + sources/azure: prevent tight loops for DHCP retries (#1285)
    [Chris Patterson]
  + net/dhcp: surface type of DHCP lease failure to caller (#1276)
    [Chris Patterson]
  + Stop hardcoding systemctl location (#1278) [Robert Schweikert]
  + Remove python2 syntax from docs (#1310)
  + [tools/migrate-lp-user-to-github] Rename master branch to main (#1301)
    [Adam Collard]
  + redhat: Depend on "hostname" package (#1288) [Lubomir Rintel]
  + Add native NetworkManager support (#1224) [Lubomir Rintel]
  + Fix link in CLA check to point to contribution guide. (#1299)
    [Adam Collard]
  + check for existing symlink while force creating symlink (#1281)
    [Shreenidhi Shedi]
  + Do not silently ignore integer uid (#1280) (LP: #1875772)
  + tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291)
  + Integration test fix ppa  (#1296)
  + tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289)
  + test_ppa_source: accept both http and https URLs (#1292)
    [Paride Legovini]
  + Fix apt test on azure
  + add "lkundrak" as contributor [Lubomir Rintel]
  + Holmanb/integration test fix ppa (#1287)
  + Include missing subcommand in manpage (#1279)
  + Clean up artifacts from pytest, packaging, release with make clean
    (#1277)
  + sources/azure: ensure retries on IMDS request failure (#1271)
    [Chris Patterson]
  + sources/azure: removed unused savable PPS paths (#1268) [Chris Patterson]
  + integration tests: fix Azure failures (#1269)
  From 22.1
  + sources/azure: report ready in local phase (#1265) [Chris Patterson]
  + sources/azure: validate IMDS network configuration metadata (#1257)
    [Chris Patterson]
  + docs: Add more details to runcmd docs (#1266)
  + use PEP 589 syntax for TypeDict (#1253)
  + mypy: introduce type checking (#1254) [Chris Patterson]
  + Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095]
  + tests: when generating crypted password, generate in target env (#1252)
  + sources/azure: address mypy/pyright typing complaints (#1245)
    [Chris Patterson]
  + Docs for x-shellscript* userdata (#1260)
  + test_apt_security: azure platform has specific security URL overrides
    (#1263)
  + tests: lsblk --json output changes mountpoint key to mountpoinst []
    (#1261)
  + mounts: fix mount opts string for ephemeral disk (#1250)
    [Chris Patterson]
  + Shell script handlers by freq (#1166) [Chris Lalos]
  + minor improvements to documentation (#1259) [Mark Esler]
  + cloud-id: publish /run/cloud-init/cloud-id-<cloud-type> files (#1244)
  + add "eslerm" as contributor (#1258) [Mark Esler]
  + sources/azure: refactor ssh key handling (#1248) [Chris Patterson]
  + bump pycloudlib (#1256)
  + sources/hetzner: Use EphemeralDHCPv4 instead of static configuration
    (#1251) [Markus Schade]
  + bump pycloudlib version (#1255)
  + Fix IPv6 netmask format for sysconfig (#1215) [Harald] (LP: #1959148)
  + sources/azure: drop debug print (#1249) [Chris Patterson]
  + tests: do not check instance.pull_file().ok() (#1246)
  + sources/azure: consolidate ephemeral DHCP configuration (#1229)
    [Chris Patterson]
  + cc_salt_minion freebsd fix for rc.conf (#1236)
  + sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232)
    [Chris Patterson]
  + Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo]
  + testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237)
  + Integration test changes (#1240)
  + Fix Gentoo Locales (#1205)
  + Add "slingamn" as contributor (#1235) [Shivaram Lingamneni]
  + integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234)
  + Integration testing docs and refactor (#1231)
  + vultr: Return metadata immediately when found (#1233) [eb3095]
  + spell check docs with spellintian (#1223)
  + docs: include upstream python version info (#1230)
  + Schema a d (#1211)
  + Move LXD to end ds-identify DSLIST (#1228) (LP: #1959118)
  + fix parallel tox execution (#1214)
  + sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222)
    [Chris Patterson]
  + Do not support setting up archive.canonical.com as a source (#1219)
    [Steve Langasek] (LP: #1959343)
  + Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095]
  + sources/azure: refactor _should_reprovision[_after_nic_attach]() logic
    (#1206) [Chris Patterson]
  + update ssh logs to show ssh private key gens pub and simplify code
    (#1221) [Steve Weber]
  + Remove mitechie from stale PR github action (#1217)
  + Include POST format in cc_phone_home docs (#1218) (LP: #1959149)
  + Add json parsing of ip addr show (SC-723) (#1210)
  + cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier]
  + Update .github-cla-signers (#1204) [Chris Lalos]
  + sources/azure: drop unused case in _report_failure() (#1200)
    [Chris Patterson]
  + sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199)
    [Chris Patterson]
  + Add support for gentoo templates and cloud.cfg (#1179) [vteratipally]
  + sources/azure: unpack ret tuple in crawl_metadata() (#1194)
    [Chris Patterson]
  + tests: focal caplog has whitespace indentation for multi-line logs
    (#1201)
  + Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095]
  + integration: test against the Ubuntu daily images (#1198)
    [Paride Legovini]
  + cmd: status and cloud-id avoid change in behavior for 'not run' (#1197)
  + tox: pass PYCLOUDLIB_* env vars into integration tests when present
    (#1196)
  + sources/azure: set ovf_is_accessible when OVF is read successfully
    (#1193) [Chris Patterson]
  + Enable OVF environment transport via ISO in example (#1195) [Megian]
  + sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting
    (#1190) [Chris Patterson]
  + Single JSON schema validation in early boot (#1175)
  + Add DatasourceOVF network-config propery to Ubuntu OVF example (#1184)
    [Megian]
  + testing: support pycloudlib config file (#1189)
  + Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174)
    (LP: #1956788)
  + Test Optimization Proposal (SC-736) (#1188)
  + cli: cloud-id report not-run or disabled state as cloud-id (#1162)
  + Remove distutils usage (#1177) [Shreenidhi Shedi]
  + add .python-version to gitignore (#1186)
  + print error if datasource import fails (#1170)
    [Emanuele Giuseppe Esposito]
  + Add new config module to set keyboard layout (#1176)
    [maxnet] (LP: #1951593)
  + sources/azure: rename metadata_type -> MetadataType (#1181)
    [Chris Patterson]
  + Remove 3.5 and xenial support (SC-711) (#1167)
  + tests: mock LXD datasource detection in ds-identify on LXD containers
    (#1178)
  + pylint: silence errors on compat code for old jsonschema (#1172)
    [Paride Legovini]
  + testing: Add 3.10 Test Coverage (#1173)
  + Remove unittests from integration test job in travis (#1141)
  + Don't throw exceptions for empty cloud config (#1130)
  + bsd/resolv.d/ avoid duplicated entries (#1163) [Gonéri Le Bouder]
  + sources/azure: do not persist failed_desired_api_version flag (#1159)
    [Chris Patterson]
  + Update cc_ubuntu_advantage calls to assume-yes (#1158)
    [John Chittum] (LP: #1954842)
  + openbsd: properly restart the network on 7.0 (#1150) [Gonéri Le Bouder]
  + Add .git-blame-ignore-revs (#1161)
  + Adopt Black and isort (SC-700) (#1157)
  + Include dpkg frontend lock in APT_LOCK_FILES (#1153)
  + tests/cmd/query: fix test run as root and add coverage for defaults
    (#1156) [Chris Patterson] (LP: #1825027)
  + Schema processing changes (SC-676) (#1144)
  + Add dependency workaround for impish in bddeb (#1148)
  + netbsd: install new dep packages (#1151) [Gonéri Le Bouder]
  + find_devs_with_openbsd: ensure we return the last entry (#1149)
    [Gonéri Le Bouder]
  + sources/azure: remove unnecessary hostname bounce (#1143)
    [Chris Patterson]
  + find_devs/openbsd: accept ISO on disk (#1132)
    [Gonéri Le Bouder]
  + Improve error log message when mount failed (#1140) [Ksenija Stanojevic]
  + add KsenijaS as a contributor (#1145) [Ksenija Stanojevic]
  + travis - don't run integration tests if no deb (#1139)
  + factor out function for getting top level directory of cloudinit (#1136)
  + testing: Add deterministic test id (#1138)
  + mock sleep() in azure test (#1137)
  + Add miraclelinux support (#1128) [Haruki TSURUMOTO]
  + docs: Make MACs lowercase in network config (#1135) (LP: #1876941)
  + Add Strict Metaschema Validation (#1101)
  + update dead link (#1133)
  + cloudinit/net: handle two different routes for the same ip (#1124)
    [Emanuele Giuseppe Esposito]
  + docs: pin mistune dependency (#1134)
  + Reorganize unit test locations under tests/unittests (#1126)
  + Fix exception when no activator found (#1129) (LP: #1948681)
  + jinja: provide and document jinja-safe key aliases in instance-data
    (SC-622) (#1123)
  + testing: Remove date from final_message test (SC-638) (#1127)
  + Move GCE metadata fetch to init-local (SC-502) (#1122)
  + Fix missing metadata routes for vultr (#1125) [eb3095]
  + cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console
    (#1081) [dermotbradley]
  + sources/azure: remove unused remnants related to agent command (#1119)
    [Chris Patterson]
  + github: update PR template's contributing URL (#1120) [Chris Patterson]
  + docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118)
  + testing: monkeypatch system_info call in unit tests (SC-533) (#1117)
  + Fix Vultr timeout and wait values (#1113) [eb3095]
  + lxd: add preference for LXD cloud-init.* config keys over user keys
    (#1108)
  + VMware: source /etc/network/interfaces.d/* on Debian
    [chengcheng-chcheng] (LP: #1950136)
  + Add cjp256 as contributor (#1109) [Chris Patterson]
  + integration_tests: Ensure log directory exists before symlinking to it
    (#1110)
  + testing: add growpart integration test (#1104)
  + integration_test: Speed up CI run time (#1111)
  + Some miscellaneous integration test fixes (SC-606) (#1103)
  + tests: specialize lxd_discovery test for lxd_vm vendordata (#1106)
  + Add convenience symlink to integration test output (#1105)
  + Fix for set-name bug in networkd renderer (#1100)
    [Andrew Kutz] (LP: #1949407)
  + Wait for apt lock (#1034) (LP: #1944611)
  + testing: stop chef test from running on openstack (#1102)
  + alpine.py: add options to the apk upgrade command (#1089) [dermotbradley]
cloud-netconfig
- Update to version 1.8:
  + Fix Azure metadata check (bsc#1214715)
  + Fix cleanup on ifdown
cloud-regionsrv-client
- Update to version 10.1.4 (bsc#1217451)
  + Fetch cert for new update server during failover

- Update to version 10.1.3 (bsc#1214801)
  + Add a warning if we detect a Python package cert bundle for certifi
    This will help with debugging and point to potential issues when
    using SUSE images in AWS, Azure, and GCE

- Update to version 10.1.2 (bsc#1211282)
  + Properly handle Ipv6 when checking update server responsiveness. If not
    available fall back and use IPv4 information
  + Use systemd_ordered to allow use in a container without pulling systemd
    into the container as a requirement

- Update to version 10.1.1 (bsc#1210020, bsc#1210021)
  + Clean up the system if baseproduct registraion fails to leave the
    system in prestine state
  + Log when the registercloudguest command is invoked with --clean
kernel-default
- powerpc: Don't clobber f0/vs0 during fp|altivec register save
  (bsc#1217780).
- commit 46d31e2

- USB: serial: option: add Luat Air72*U series products
  (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: don't claim interface 4 for ZTE MF290
  (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA
  (git-fixes).
- commit 4c40fde

- firewire: core: fix possible memory leak in create_units()
  (git-fixes).
- commit 0ade49c

- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- commit 57245d3

- xfs: convert quota options flags to unsigned (git-fixes).
- commit 7dfe466

- xfs: convert inode lock flags to unsigned (git-fixes).
- commit 831f7e2

- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- commit 411032a

- xfs: convert dquot flags to unsigned (git-fixes).
- commit 1630213

- xfs: convert da btree operations flags to unsigned (git-fixes).
- commit 41198d9

- xfs: convert buffer log item flags to unsigned (git-fixes).
- commit d4d0c9c

- xfs: convert btree buffer log flags to unsigned (git-fixes).
- commit ced67a9

- xfs: convert AGI log flags to unsigned (git-fixes).
- commit 66d955b

- xfs: convert AGF log flags to unsigned (git-fixes).
- commit 91cefbb

- xfs: convert bmapi flags to unsigned (git-fixes).
- commit 1ec6360

- xfs: convert bmap extent type flags to unsigned (git-fixes).
- commit 30fead3

- xfs: convert scrub type flags to unsigned (git-fixes).
- commit c3c7c82

- xfs: convert attr type flags to unsigned (git-fixes).
- commit c641f4d

- xfs: convert buffer flags to unsigned (git-fixes).
- commit 6147a1c

- xfs: standardize inode generation formatting in ftrace output
  (git-fixes).
- commit 81e4504

- xfs: standardize remaining xfs_buf length tracepoints
  (git-fixes).
- commit 0960978

- xfs: resolve fork names in trace output (git-fixes).
- commit f8059aa

- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- commit 57eae70

- xfs: disambiguate units for ftrace fields tagged "count"
  (git-fixes).
- commit 863210b

- xfs: disambiguate units for ftrace fields tagged "len"
  (git-fixes).
- commit 09c5eba

- xfs: disambiguate units for ftrace fields tagged "offset"
  (git-fixes).
- commit fd948b6

- xfs: disambiguate units for ftrace fields tagged "blkno",
  "block", or "bno" (git-fixes).
- commit 21df855

- xfs: standardize daddr formatting in ftrace output (git-fixes).
- commit 4559eca

- xfs: standardize rmap owner number formatting in ftrace output
  (git-fixes).
- commit 1582a5c

- xfs: standardize AG block number formatting in ftrace output
  (git-fixes).
- commit c4b29ba

- xfs: standardize AG number formatting in ftrace output
  (git-fixes).
- commit a02451d

- xfs: standardize inode number formatting in ftrace output
  (git-fixes).
- commit 3a0db07

- xfs: add attr state machine tracepoints (git-fixes).
- commit b0c0355

- xfs: mark the record passed into xchk_btree functions as const
  (git-fixes).
- commit 3247184

- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- commit 4b79f37

- xfs: constify btree function parameters that are not modified
  (git-fixes).
- commit ca93659

- xfs: make the start pointer passed to btree update_lastrec
  functions const (git-fixes).
- commit 28eb06c

- xfs: make the start pointer passed to btree alloc_block
  functions const (git-fixes).
- commit 481ec89

- xfs: make the pointer passed to btree set_root functions const
  (git-fixes).
- commit 068596a

- xfs: make the keys and records passed to btree inorder functions
  const (git-fixes).
- commit 42fdf3b

- xfs: mark the record passed into btree init_key functions as
  const (git-fixes).
- Refresh
  patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch.
- commit ff2d5e6

- xfs: make the key parameters to all btree query range functions
  const (git-fixes).
- Refresh
  patches.suse/xfs-make-the-record-pointer-passed-to-query_range-functions-const.patch.
- commit 6c6efbb

- xfs: make the key parameters to all btree key comparison
  functions const (git-fixes).
- Refresh
  patches.suse/xfs-fix-rm_offset-flag-handling-in-rmap-keys.patch.
- commit ff17042

- kernel-binary: suse-module-tools is also required when installed
  Requires(pre) adds dependency for the specific sciptlet.
  However, suse-module-tools also ships modprobe.d files which may be
  needed at posttrans time or any time the kernel is on the system for
  generating ramdisk. Add plain Requires as well.
- commit 8c12816

- scsi: lpfc: Copyright updates for 14.2.0.16 patches
  (bsc#1217731).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events
  (bsc#1217731).
- scsi: lpfc: Refactor and clean up mailbox command memory free
  (bsc#1217731).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver
  is unloading (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in
  lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in
  lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating
  firmware (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw
  logging (bsc#1217731).
- commit beb2571

- net/tls: do not free tls_rec on async operation in
  bpf_exec_tx_verdict() (bsc#1217332 CVE-2023-6176).
- commit 4d4ef94

- Update metadata
- commit ca96232

- Revert "tracing: Fix warning in trace_buffered_event_disable()"
  (bsc#1217036)
  Temporarily revert the commit. It exposed a separate issue related to
  trace buffered event synchronization which needs to be fixed first.
- commit 4a725b5

- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery
  (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery
  (git-fixes).
- commit 49c4783

- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- commit 05bfbfe

- Disable Loongson drivers
  Loongson is a mips architecture, it doesn't make sense to build
  Loongson drivers on other architectures.
- commit 23ca0fb

- s390/ap: fix AP bus crash on early config change callback
  invocation (git-fixes bsc#1217687).
- commit 7155857

- pinctrl: avoid reload of p state in list iteration (git-fixes).
- commit 37ee48d

- README.SUSE: fix patches.addon use
  It's series, not series.conf in there.
  And make it more precise on when the patches are applied.
- commit cb8969c

- rxrpc: Fix race between conn bundle lookup and bundle removal
  (CVE-2023-2006 bsc#1210447).
- commit 88c559c

- kabi/severities: ignore kabi in rxrpc (bsc#1210447)
  The rxrpc module is built since SLE15-SP3 but it is not shipped as part of
  any SLE product, only in Leap (in kernel-*-optional).
- commit 10d922d

- Do not store build host name in initrd
  Without this patch, kernel-obs-build stored the build host name
  in its .build.initrd.kvm
  This patch allows for reproducible builds of kernel-obs-build and thus
  avoids re-publishing the kernel-obs-build.rpm when nothing changed.
  Note that this has no influence on the /etc/hosts file
  that is used during other OBS builds.
  https://bugzilla.opensuse.org/show_bug.cgi?id=1084909
- commit fd3a75e

- drm/amd/display: use full update for clip size increase of
  large plane source (git-fixes).
- commit 05445b7

- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- Refresh patches.suse/Input-xpad-add-PXN-V900-support.patch.
- commit a3a5e84

- Revert "i2c: pxa: move to generic GPIO recovery" (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from
  FB to inbox (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get()
  (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of
  AER (git-fixes).
- pwm: Fix double shift bug (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block
  length byte (git-fixes).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- drm/amd/display: Avoid NULL dereference of timing generator
  (git-fixes).
- drm/amdgpu: don't use ATRM for external devices (git-fixes).
- media: imon: fix access to invalid resource for the second
  interface (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width
  (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker
  (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i2c: i801: fix potential race in
  i801_block_transaction_byte_by_byte (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing
  DAT_data (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in
  hci_dma_irq_handler (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind()
  (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying
  workaround (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W
  (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk
  (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width
  fields (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe
  controller (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak
  (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test
  (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM
  L1.2 (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer
  is NULL (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum
  (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and
  Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7
  (git-fixes).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm
  code (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer
  dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens
  (git-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad
  X120e (git-fixes).
- regmap: Ensure range selector registers are updated after
  cache sync (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE
  (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device
  tables (git-fixes).
- wifi: ath10k: Don't touch the CE interrupt registers after
  power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: mac80211: don't return unset power in
  ieee80211_get_tx_power() (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt
  (git-fixes).
- commit 9bb6805

- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings
  (git-fixes).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream
  (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559
  (git-fixes).
- commit 806162c

- netfilter: conntrack: dccp: copy entire header to stack buffer,
  not just basic one (CVE-2023-39197 bsc#1216976).
- commit b489a86

- Update upstream references (add CVE-2023-4244 bsc#1215420)
- patches.kabi/kabi-hide-changes-in-struct-nft_set.patch
- patches.suse/netfilter-nf_tables-GC-transaction-API-to-avoid-race.patch
- patches.suse/netfilter-nf_tables-GC-transaction-race-with-abort-p.patch
- patches.suse/netfilter-nf_tables-GC-transaction-race-with-netns-d.patch
- patches.suse/netfilter-nf_tables-fix-GC-transaction-races-with-ne.patch
- patches.suse/netfilter-nf_tables-fix-kdoc-warnings-after-gc-rewor.patch
- patches.suse/netfilter-nf_tables-use-correct-lock-to-protect-gc_l.patch
- commit fee74b6

- blacklist.conf: non-trivial dependencies (bsc#1216105)
- commit b8ada5d

- s390/dasd: fix hanging device after request requeue (git-fixes
  LTC#203629 bsc#1215124).
- commit 1f9716b

- s390/cio: unregister device when the only path is gone
  (git-fixes bsc#1217609).
- commit 1a12a29

- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes
  bsc#1217599).
- commit c32f016

- s390/dasd: use correct number of retries for ERP requests
  (git-fixes bsc#1217598).
- commit 71adc5d

- Drivers: hv: vmbus: Remove unused extern declaration
  vmbus_ontimer() (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg
  (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array
  member (git-fixes).
- commit be51c3e

- Update
  patches.suse/net-usb-lan78xx-reorder-cleanup-operations-to-avoid-.patch
  (bsc#1217068 CVE-2023-6039).
  Update reference. Bug retroactively declared a security issue.
- commit 867c96b

- hv_netvsc: Mark VF as slave before exposing it to user-mode
  (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF
  register (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice
  (git-fixes).
- commit bbb7bfb

- s390/dasd: protect device queue against concurrent access
  (git-fixes bsc#1217515).
- commit 85f31b8

- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- commit 9a9e0ef

- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors
  (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral
  (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types
  (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget
  (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery
  (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example
  (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP
  full (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags
  (git-fixes).
- ata: pata_isapnp: Add missing error check for devm_ioport_map()
  (git-fixes).
- net: usb: ax88179_178a: fix failed operations during
  ax88179_reset (git-fixes).
- xhci: Enable RPM on controllers that support low-power states
  (git-fixes).
- commit 77def7a

- Ensure ia32_emulation is always enabled for kernel-obs-build
  If ia32_emulation is disabled by default, ensure it is enabled
  back for OBS kernel to allow building 32bit binaries (jsc#PED-3184)
  [ms: Always pass the parameter, no need to grep through the config which
  may not be very reliable]
- commit 56a2c2f

- blk-mq: fix null pointer dereference in
  blk_mq_clear_rq_mapping() (bsc#1217366).
- blk-mq: Don't clear driver tags own mapping (bsc#1217366).
- commit dfa78ac

- kobject: Fix slab-out-of-bounds in fill_kobj_path() (bsc#1216058
  CVE-2023-45863).
- commit 40e4871

- rpm: Define git commit as macro
- commit bcc92c8

- kernel-source: Move provides after sources
- commit dbbf742

- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error
  path (git-fixes).
- commit 04adf1c

- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers
  (git-fixes).
- Refresh
  patches.suse/drm-bridge-lt8912b-Add-hot-plug-detection.patch.
- commit 44c514b

- drm/bridge: tc358768: Disable non-continuous clock mode
  (git-fixes).
- Refresh
  patches.suse/drm-bridge-tc358768-always-enable-HS-video-mode.patch.
- Refresh
  patches.suse/drm-bridge-tc358768-fix-TCLK_TRAILCNT-computation.patch.
- commit 1bb57d4

- platform/x86: wmi: remove unnecessary initializations
  (git-fixes).
- Refresh
  patches.suse/platform-x86-wmi-use-bool-instead-of-int.patch.
- commit 9e3bd62

- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure
  (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure
  (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf()
  (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check
  to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Revert "Don't restart communication if
  not necessary" (git-fixes).
- HID: logitech-hidpp: Don't restart IO, instead defer
  hid_connect() only (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path
  (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free
  of svm code (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled
  (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup()
  (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx
  queues (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk
  (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices
  (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi
  (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name()
  (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use
  ti_dt_clk_name() (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names
  (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at
  probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers
  (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe
  (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- commit ff3b9ac

- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table
  (git-fixes).
- commit fe6b179

- Update
  patches.suse/vringh-don-t-use-vringh_kiov_advance-in-vringh_iov_x.patch
  (git-fixes, bsc#1215710, CVE-2023-5158).
- commit aba4986

- s390/crashdump: fix TOD programmable field size (git-fixes
  bsc#1217205).
- commit 4fa67bc

- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- commit 705073c

- s390/pkey: fix/harmonize internal keyblob headers (git-fixes
  bsc#1217200).
- commit 1330336

- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- commit 797642c

- s390/ipl: add missing secure/has_secure file to ipl type
  'unknown' (bsc#1214976 git-fixes).
- commit 293b1d2

- hv_netvsc: fix netvsc_send_completion to avoid multiple message
  length checks (git-fixes).
- commit e571a42

- blacklist.conf: fix for only partially backported commit
- commit f8344aa

- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- Update config files.
- supported.conf: marked idpf supported
- commit 8518538

- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- PCI: Disable ATS for specific Intel IPU E2000 devices
  (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: piggy back on the memory barrier in bql when waking queues
  (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake
  code (bsc#1215458).
- docs: net: use C syntax highlight in driver.rst (bsc#1215458).
- docs: net: move the probe and open/close sections of driver.rst
  up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections
  (bsc#1215458).
- Documentation: networking: correct possessive "its"
  (bsc#1215458).
- commit 0dd7c0b

- blacklist.conf: Add 2ef269ef1ac0 cgroup/cpuset: Free DL BW in case can_attach() fails
- commit 635fb82

- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag
  (bsc#1217124).
- scsi: lpfc: Validate ELS LS_ACC completion payload
  (bsc#1217124).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role
  for NPIV ports (bsc#1217124).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the
  same as pci offline (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in
  lpfc_sli4_hba_setup (bsc#1217124).
- commit 36a063a

- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields
  (git-fixes).
- scsi: qla2xxx: Fix double free of dsd_list during driver load
  (git-fixes).
- commit 7802965

- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- commit 8a9ffd3

- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- commit ec1fe6f

- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- commit bff85fe

- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- commit 5802265

- arm64: armv8_deprecated move emulation functions (git-fixes)
- commit cb05023

- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- commit 3a9b307

- arm64: rework EL0 MRS emulation (git-fixes)
- commit 9ce6c60

- arm64: factor insn read out of call_undef_hook() (git-fixes)
- commit 6831136

- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- commit c8a644d

- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- commit de48edd

- arm64: allow kprobes on EL0 handlers (git-fixes)
- commit c9ac567

- arm64: rework BTI exception handling (git-fixes)
- commit f21a31f

- arm64: rework FPAC exception handling (git-fixes)
- commit da959d5

- arm64: consistently pass ESR_ELx to die() (git-fixes)
- commit b804637

- arm64: die(): pass 'err' as long (git-fixes)
- commit bac59fc

- arm64: report EL1 UNDEFs better (git-fixes)
- commit 0e93130

- nvme: update firmware version after commit (bsc#1215292).
- commit 1d3b546

- rpm/check-for-config-changes: add HAVE_SHADOW_CALL_STACK to IGNORED_CONFIGS_RE
  Not supported by our compiler.
- commit eb32b5a

- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir
  (LTC#203997 bsc#1217086).
- commit 651d5ec

- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- commit aa2ec99

- s390/mm: add missing arch_set_page_dat() call to gmap
  allocations (LTC#203997 bsc#1217086).
- commit b3d336b

- s390/mm: add missing arch_set_page_dat() call to
  vmem_crst_alloc() (LTC#203997 bsc#1217086).
- commit f15e0fe

- s390/cmma: fix initial kernel address space page table walk
  (LTC#203997 bsc#1217086).
- commit d8f4afa

- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- commit 39cb2fd

- igb: set max size RX buffer when store bad packet is enabled
  (bsc#1216259 CVE-2023-45871).
- commit 15c91c9

- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE
  (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe
  (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies
  (git-fixes).
- Revert "mmc: core: Capture correct oemid-bits for eMMC cards"
  (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing
  (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- Input: synaptics-rmi4 - fix use after free in
  rmi_unregister_function() (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume
  (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of
  chip_data (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait
  behavior (git-fixes).
- commit ba5a839

- perf/core: Fix potential NULL deref (bsc#1216584 CVE-2023-5717).
- commit 90eeaff

- perf: Disallow mis-matched inherited group reads (bsc#1216584 CVE-2023-5717).
  Implement KABI fix for above
- commit 6ca2dbc

- Update patch reference for QXL fix (CVE-2023-39198 bsc#1216965)
- commit d6014b6

- Add tag to
  patches.suse/RDMA-irdma-Prevent-zero-length-STAG-registration.patch
  (git-fixes CVE-2023-25775).
- commit 3c6e962

- can: isotp: fix race between isotp_sendsmg() and isotp_release()
  (git-fixes).
- Refresh
  patches.suse/can-isotp-isotp_sendmsg-fix-return-error-fix-on-TX-p.patch.
- commit b988ee1

- can: isotp: split tx timer into transmission and timeout
  (git-fixes).
- commit 65b452a

- can: isotp: fix tx state handling for echo tx processing
  (git-fixes).
- commit 9db78d6

- can: isotp: add local echo tx processing for consecutive frames
  (git-fixes).
- Refresh
  patches.suse/can-isotp-set-default-value-for-N_As-to-50-micro-sec.patch.
- commit 6c424b2

- usb: storage: set 1.50 as the lower bcdDevice for older "Super
  Top" compatibility (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards
  (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards
  (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection
  (git-fixes).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD
  device (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of
  of_clk_get_parent_name (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en()
  (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus
  trsnsport (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in
  d40_probe (git-fixes).
- irqchip/stm32-exti: add missing DT IRQ flag translation
  (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling
  (git-fixes).
- can: isotp: handle wait_event_interruptible() return values
  (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID
  formatting (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- commit d668003

- regmap: prevent noinc writes from clobbering cache (git-fixes).
- pcmcia: ds: fix possible name leak in error path in
  pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add()
  (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd()
  (git-fixes).
- commit afd2c59

- media: venus: hfi_parser: Add check to keep the number of
  codecs within range (git-fixes).
- media: venus: hfi: add checks to handle capabilities from
  firmware (git-fixes).
- media: venus: hfi: fix the check to handle session buffer
  requirement (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue
  pointers (git-fixes).
- media: siano: Drop unnecessary error check for
  debugfs_create_dir/file() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- media: lirc: drop trailing space from scancode transmit
  (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: ccs: Correctly initialise try compose rectangle
  (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer
  (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls
  (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check
  (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output()
  (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe
  (git-fixes).
- commit b662ba0

- xfs: can't use kmem_zalloc() for attribute buffers
  (bsc#1216909).
- commit 02f7309

- i3c: master: svc: fix SDA keep low when polling IBIWON timeout
  happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler
  (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte
  (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during
  start frame (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread
  (git-fixes).
- i3c: Fix potential refcount leak in
  i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band
  data while checking for ECC failure (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host
  (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running
  (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in
  pxad_free_desc() (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors
  (git-fixes).
- usb: raw-gadget: properly handle interrupted requests
  (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()
  (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1
  (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by
  driver concurrency (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead
  connections (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks
  (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu()
  (git-fixes).
- serial: exar: Revert "serial: exar: Add support for Sealevel
  7xxxC serial cards" (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty()
  (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- commit 9eaffc2

- mm/hmm: fault non-owner device private entries (bsc#1216844,
  jsc#PED-7237, git-fixes).
- commit 32900e8

- ARM: 9321/1: memset: cast the constant byte to unsigned char
  (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated'
  issue for 'cpu' (git-fixes).
- leds: pwm: Don't disable the PWM when the LED should be off
  (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated
  devs (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting
  (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails
  (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe
  (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter
  or member not described (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables
  with name prefix (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time
  (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time
  (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler
  (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space
  (git-fixes).
- PCI: keystone: Don't discard .probe() callback (git-fixes).
- PCI: keystone: Don't discard .remove() callback (git-fixes).
- PCI: exynos: Don't discard .remove() callback (git-fixes).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common()
  (git-fixes).
- commit ee1f9b6

- selftests/resctrl: Reduce failures due to outliers in MBA/MBM
  tests (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its
  array (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption
  (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid
  info are skipped (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map()
  (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands
  (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating
  plane state (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc()
  (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in
  cdn_dp_probe() (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable
  (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call
  (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in
  drm_bridge_state (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc
  funcs (git-fixes).
- commit 811f56a

- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks
  (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from
  PLL clocks (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM
  (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: qcom: mmcc-msm8998: Don't check halt bit on some branch
  clks (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent
  frequencies (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data
  (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data
  (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register
  WMI devices (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name
  (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe()
  (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf()
  (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the
  list (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory
  (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias()
  (git-fixes).
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- thermal: core: prevent potential string overflow (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for
  debugfs_create_file() (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- can: dev: can_put_echo_skb(): don't crash kernel if
  can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): fix race condition between controller
  restart and netif_carrier_on() (git-fixes).
- can: dev: can_restart(): don't crash kernel if carrier is OK
  (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- commit 23d4c08

- rpm/check-for-config-changes: add AS_WRUSS to IGNORED_CONFIGS_RE
  Add AS_WRUSS as an IGNORED_CONFIGS_RE entry in check-for-config-changes
  to fix build on x86_32.
  There was a fix submitted to upstream but it was not accepted:
  https://lore.kernel.org/all/20231031140504.GCZUEJkMPXSrEDh3MA@fat_crate.local/
  So carry this in IGNORED_CONFIGS_RE instead.
- commit 7acca37

- io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
  (bsc#1216693 CVE-2023-46862).
- commit 7e92d76

- blacklist.conf: Add d243b34459ce kernel/fork: beware of __put_task_struct() calling context
- commit 6b082e7

- net-memcg: Fix scope of sockmem pressure indicators
  (bsc#1216759).
- commit adef0b8

- blacklist.conf: Add dc6e0818bc9a sched/cpuacct: Optimize away RCU read lock
- commit 3d40657

- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- commit 589a255

- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- commit 7c87ee0

- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- commit b9734f1

- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- commit 4f89ad9

- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- commit 83c32c0

- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- commit 215ed36

- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- commit 4005ffa

- iio: exynos-adc: request second interupt only when touchscreen
  mode is used (git-fixes).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for
  UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature
  thresholds (git-fixes).
- misc: fastrpc: Clean buffers on remote invocation failures
  (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers
  (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node()
  (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event
  (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels()
  (git-fixes).
- r8152: Release firmware if we have an error in probe
  (git-fixes).
- r8152: Cancel hw_phy_work if we have an error in probe
  (git-fixes).
- r8152: Run the unload routine if we have errors during probe
  (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec
  (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg
  (git-fixes).
- net: ieee802154: adf7242: Fix some potential buffer overflow
  in adf7242_stats_show() (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- commit e69ab42

- netfilter: nf_tables: skip bound chain on rule flush
  (bsc#1215095 CVE-2023-3777).
- commit afb7c25

- Update
  patches.suse/0001-x86-sev-Disable-MMIO-emulation-from-user-mode.patch
  (bsc#1212649 CVE-2023-46813).
- Update
  patches.suse/0002-x86-sev-Check-IOBM-for-IOIO-exceptions-from-user-spa.patch
  (bsc#1212649 CVE-2023-46813).
- Update
  patches.suse/0003-x86-sev-Check-for-user-space-IOIO-pointing-to-kernel.patch
  (bsc#1212649 CVE-2023-46813).
- commit dd6a315

- quota: Fix slow quotaoff (bsc#1216621).
- commit 988e5f4

- x86/sev: Check for user-space IOIO pointing to kernel space
  (bsc#1212649).
- commit 816f817

- x86/sev: Check IOBM for IOIO exceptions from user-space
  (bsc#1212649).
- commit 2b69036

- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- commit 5dae47e

- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins
  (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch
  (git-fixes).
- platform/surface: platform_profile: Propagate error if profile
  registration fails (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c
  events (git-fixes).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from
  0x20 to 0x2e (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL
  (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new
  firmware (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition
  (git-fixes).
- mmc: core: Capture correct oemid-bits for eMMC cards
  (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad
  HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event
  (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: Reject connection with the device which has same
  BD_ADDR (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S
  (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device
  (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in
  holtek_kbd_input_event (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted
  key (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len
  (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- i2c: mux: Avoid potential false error message in
  i2c_mux_add_adapter (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock
  (git-fixes).
- commit b480af6

- nvme-fc: Prevent null pointer dereference in
  nvme_fc_io_getuuid() (bsc#1214842).
- commit 3b513db

- ubi: Refuse attaching if mtd's erasesize is 0 (CVE-2023-31085
  bsc#1210778).
- commit 86e05f1

- Update
  patches.suse/USB-ene_usb6250-Allocate-enough-memory-for-full-obje.patch
  (bsc#1216051 CVE-2023-45862).
  Retroactively recognized as a security issue
- commit 716929e

- KVM: s390: fix gisa destroy operation might lead to cpu stalls
  (git-fixes bsc#1216512).
- commit 3976fa9

- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- commit 2bb6835

- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes
  bsc#1216510).
- commit d475feb

- ACPI: irq: Fix incorrect return value in acpi_register_gsi()
  (git-fixes).
- Revert "pinctrl: avoid unsafe code pattern in find_pinctrl()"
  (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure
  (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are
  successful (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are
  successful (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status
  (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are
  successful (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw
  (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode
  (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe
  errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind
  (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling
  (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers
  (git-fixes).
- commit 766bf5d

- net/sched: fix netdevice reference leaks in
  attach_default_qdiscs() (git-fixes).
- commit 31c27cf

- net: sched: add barrier to fix packet stuck problem for lockless
  qdisc (bsc#1216345).
- commit 508758e

- net: sched: fixed barrier to prevent skbuff sticking in qdisc
  backlog (bsc#1216345).
- commit 839637c

- Fix metadata references
- commit 42e4c9a

- net: rfkill: gpio: prevent value glitch during probe
  (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset()
  (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys
  (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn
  (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in
  send_acknowledge() (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane
  bonding (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with
  Intel Maple Ridge (git-fixes).
- Input: powermate - fix use-after-free in
  powermate_config_complete (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- Input: goodix - ensure int GPIO is in input for gpio_count ==
  1 && gpio_int_idx == 0 case (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA
  (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amd/display: Don't set dpms_off for seamless boot
  (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl()
  (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
  (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset
  (git-fixes).
- commit e8f9edc

- sched/rt: Fix live lock between select_fallback_rq() and RT push
  (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes
  (sched)).
- commit a2350c1

- blacklist.conf: Applies only to RCU tiny configurations
- commit 1d1726b

- blacklist.conf: Cosmetic change for !SMP configurations
- commit c9d6cc0

- blacklist.conf: KABI hazard, only backport in response to a customer bug to justify the complexity
- commit 96bc817

- sched/deadline,rt: Remove unused parameter from
  pick_next_[rt|dl]_entity() (git fixes (sched)).
- Refresh
  patches.suse/sched-rt-pick_next_rt_entity-check-list_entry.patch.
- commit d7f894e

- regmap: fix NULL deref on lookup (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting
  mode (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer
  (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio
  (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap
  call (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback
  (git-fixes).
- usb: musb: Modify the "HWVers" register address (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests
  (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug
  (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK
  logic (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode
  (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer
  (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq()
  (git-fixes).
- dmaengine: idxd: use spin_lock_irqsave before
  wait_event_lock_irq (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid
  overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking
  (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable
  (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link
  training (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe
  (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- commit 7f63276

- netfilter: nf_tables: unbind non-anonymous set if rule
  construction fails (git-fixes).
- commit b7f718b

- KVM: SVM: Don't kill SEV guest if SMAP erratum triggers in
  usermode (git-fixes).
- commit 5316d19

- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs
  is changed (git-fixes).
- commit 1d58a92

- vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
  (git-fixes).
- commit d4a31a2

- 9p: virtio: make sure 'offs' is initialized in zc_request
  (git-fixes).
- commit 66e7266

- Update config files: unset CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B
  for Arm
  Configuration option CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B=y is used
  only in the armv7hl + arm64 configurations and appears to be a relic
  from the update procedure in commit 98da1c5f42d ("SLE15-SP4: Update the
  base kernel version to 5.14.").
  Unset it because the option is intended for debugging, not really useful
  for production and makes the text size of vmlinux unnecessarily bigger
  by ~10%
- commit 4229357

- xen-netback: use default TX queue size for vifs (git-fixes).
- commit 84805af

- netfilter: nf_tables: skip immediate deactivate in
  _PREPARE_ERROR (CVE-2023-39193 bsc#1215860).
- commit 6c937af

- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- commit 0a3d3d4

- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with
  bound set/chain (git-fixes).
- commit 2e62a61

- Update metadata
- commit e780ccd

- net: usb: dm9601: fix uninitialized variable use in
  dm9601_mdio_read (git-fixes).
- commit 236df4a

- crypto: qat - fix crypto capability detection for 4xxx
  (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree()
  (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - set deprecated capabilities as reserved
  (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h
  (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc
  service (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - fix concurrency issue when device state changes
  (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - Include algapi.h for low-level Crypto API
  (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node()
  (PED-6401).
- Documentation: qat: change kernel version (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer'
  (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe
  (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- commit 3c119b1

- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- commit 555c311

- vmbus_testing: fix wrong python syntax for integer value
  comparison (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present
  CPUs (git-fixes).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc()
  fails (git-fixes).
- commit a15e7ae

- nvmet-tcp: Fix a possible UAF in queue intialization setup
  (bsc#1215768 CVE-2023-5178).
- commit b965ee1

- bpf: Fix incorrect verifier pruning due to missing register
  precision taints (bsc#1215518 CVE-2023-2163).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- commit 71da1d6

- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- commit 3666b58

- xen/events: replace evtchn_rwlock with RCU (bsc#1215745,
  xsa-441, cve-2023-34324).
- commit 291fb99

- netfilter: nfnetlink_osf: avoid OOB read (bsc#1216046
  CVE-2023-39189).
- commit 77dc791

- blacklist.conf: the codebase changed too much to backport the patch
- commit 11474a7

- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- commit cf25442

- blk-cgroup: support to track if policy is online (bsc#1216062).
- commit 45c3300

- mm, memcg: reconsider kmem.limit_in_bytes deprecation
  (bsc#1208788 bsc#1213705).
- commit bdf774a

- Revert "Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch."
  This reverts commit 52c1db3eb4e2acbdd91aaaefddc26b7207cd4c90.
  It'll be fixed differently in a following commit.
  Restore the commit with upstream commit already for proper sorting.
- commit 8474b47

- blk-cgroup: Fix NULL deref caused by blkg_policy_data being
  installed before init (bsc#1216062).
- commit c2395af

- blacklist.conf: Add 82b90b6c5b38 cgroup:namespace: Remove unused cgroup_namespaces_init()
- commit 6f5ac45

- HID: sony: remove duplicate NULL check before calling
  usb_free_urb() (git-fixes).
- commit 7cd0962

- i2c: mux: gpio: Replace custom acpi_get_local_address()
  (git-fixes).
- commit ef5fd69

- gpio: aspeed: fix the GPIO number passed to
  pinctrl_gpio_set_config() (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
  (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe()
  (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling
  (git-fixes).
- wifi: mwifiex: Fix oob check condition in
  mwifiex_process_rx_packet (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when
  creating new node (git-fixes).
- nilfs2: fix potential use after free in
  nilfs_gccache_submit_read_data() (git-fixes).
- Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- firmware: arm_ffa: Don't set the memory region attributes for
  MEM_LEND (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading
  registers (git-fixes).
- firmware: imx-dsp: Fix an error handling path in
  imx_dsp_setup_channels() (git-fixes).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in
  sysc_reset() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ata: libata-core: Do not register PM operations for SAS ports
  (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED
  OPERATION CODES (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip
  (git-fixes).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property()
  (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe()
  (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of
  devm_kstrdup() (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path
  (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link
  (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag
  (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo
  ThinkCentre M70q (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl
  (git-fixes).
- drm/amd/display: Don't check registers, if using AUX BL control
  (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and
  RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte
  (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not
  already running (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe
  (git-fixes).
- commit 22d41cc

- net: usb: smsc75xx: Fix uninit-value access in
  __smsc75xx_read_reg (git-fixes).
- commit 38bd5fc

- r8152: check budget for r8152_poll() (git-fixes).
- commit b4330ba

- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- commit 165e98e

- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- commit ad12009

- RDMA/mlx5: Fix NULL string error (git-fixes)
- commit 5556b81

- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- commit 8c4cdf4

- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- commit a7c580d

- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- commit 7e80897

- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- commit 6e18278

- RDMA/siw: Fix connection failure handling (git-fixes)
- commit 107f7c6

- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- commit ecb5c5e

- doc/README.PATCH-POLICY.SUSE: Convert the document to Markdown
  (jsc#PED-5021)
- commit c05cfc9

- doc/README.SUSE: Convert the document to Markdown (jsc#PED-5021)
- commit bff5e3e

- ring-buffer: Do not attempt to read past "commit" (git-fixes).
- commit ee556e0

- ring-buffer: Avoid softlockup in ring_buffer_resize()
  (git-fixes).
- commit bd7050f

- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- commit fda0bf6

- ring-buffer: Update "shortest_full" in polling (git-fixes).
- commit aad1d04

- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- commit 296da6c

- tracing: Have event inject files inc the trace array ref count
  (git-fixes).
- commit 817c093

- tracing: Have option files inc the trace array ref count
  (git-fixes).
- commit 921a48a

- tracing: Have current_trace inc the trace array ref count
  (git-fixes).
- commit 586ee6a

- tracing: Have tracing_max_latency inc the trace array ref count
  (git-fixes).
- commit 322c826

- tracing: Increase trace array ref count on enable and filter
  files (git-fixes).
- commit fa9da0d

- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- commit de7b87f

- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback
  support (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops
  callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops
  callback (bsc#1212423).
- commit b7a7693

- Update
  patches.suse/ipv6-sr-fix-out-of-bounds-read-when-setting-HMAC-dat.patch
  (bsc#1211592 CVE-2023-2860).
- commit 6e15654

- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- commit 7ac0d16

- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- commit 14aa242

- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956
  LTC#203788 bsc#1215957).
- commit a4355b3

- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem
  (bsc#1215955).
- commit 59f5010

- blacklist.conf: Add c0f78fd5edcf cgroup/cpuset: Iterate only if DEADLINE tasks are present
  ... and its prereqs
- commit a4ba12c

- blacklist.conf: Add 98dfdd9ee939 sched/psi: Select KERNFS as needed
- commit d326b7e

- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- commit 48235ff

- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- commit 237820b

- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 8ed20a4

- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes
  bsc#1215941).
- commit a62865f

- x86/cpu, kvm: Add the SMM_CTL MSR not present feature  (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit aed5f36

- x86/cpu, kvm: Add the Null Selector Clears Base feature  (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 8f2a48f

- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf  (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 553f579

- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- Refresh patches.suse/x86-srso-add-ibpb_brtype-support.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit 80fb630

- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit  propagation  code (bsc#1213772).
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
- commit f21e4e4

- KVM: x86: synthesize CPUID leaf 0x80000021h if useful  (bsc#1213772).
- Refresh
  patches.suse/KVM-x86-Mask-off-reserved-bits-in-CPUID.80000001H.patch.
- Refresh
  patches.suse/KVM-x86-Move-lookup-of-indexed-CPUID-leafs-to-helper.
- commit 3d1c8b5

- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- Refresh
  patches.suse/KVM-x86-Mask-off-reserved-bits-in-CPUID.80000001H.patch.
- commit 320f1ae

- net: xfrm: Fix xfrm_address_filter OOB read (CVE-2023-39194
  bsc#1215861).
- commit 55308cb

- netfilter: xt_sctp: validate the flag_info count (CVE-2023-39193
  bsc#1215860).
- commit 5ec24b7

- netfilter: xt_u32: validate user space input (CVE-2023-39192
  bsc#1215858).
- commit 292c059

- ipv4: fix null-deref in ipv4_link_failure (CVE-2023-42754
  bsc#1215467).
- commit ad87dd3

- KVM: s390: pv: fix external interruption loop not always
  detected (git-fixes bsc#1215916).
- commit f1893aa

- btrfs: fix root ref counts in error handling in
  btrfs_get_root_ref (bsc#1214351 CVE-2023-4389).
- commit 3731029

- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes
  (git-fixes bsc#1215915).
- commit fe7fbfc

- KVM: s390/diag: fix racy access of physical cpu number in diag
  9c handler (git-fixes bsc#1215911).
- commit 6454286

- fs/smb/client: Reset password pointer to NULL (bsc#1215899
  CVE-2023-5345).
- commit 679511d

- blacklist.conf: kABi breakage (vmalloc)
- commit 10bad47

- KVM: s390: interrupt: use READ_ONCE() before cmpxchg()
  (git-fixes bsc#1215896).
- commit 8726736

- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes
  bsc#1215895).
- commit 9ff1a1e

- KVM: s390: vsie: Fix the initialization of the epoch extension
  (epdx) field (git-fixes bsc#1215894).
- commit 9c5bbd7

- doc/README.PATCH-POLICY.SUSE: Remove the list of links (jsc#PED-5021)
  All links have been incorporated into the text. Remove now unnecessary
  list at the end of the document.
- commit 43d62b1

- doc/README.SUSE: Adjust heading style (jsc#PED-5021)
  * Underscore all headings as a preparation for Markdown conversion.
  * Use title-style capitalization for the document name and
  sentence-style capitalization for section headings, as recommended in
  the current SUSE Documentation Style Guide.
- commit 11e3267

- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro
  for ip_set_hash_netportnet.c (CVE-2023-42753 bsc#1215150).
- commit 7a6be79

- tcp: Reduce chance of collisions in inet6_hashfn()
  (CVE-2023-1206 bsc#1212703).
- commit e3ebd17

- blacklist.conf: workqueue: compiler warning on 32-bit systems with
  Clang (bsc#1215877)
- commit b7e65aa

- blacklist.conf: workqueue: Code refactoring
- commit e204334

- blacklist.conf: printk: the changes look good but they do not fix
  any serious problem
- commit c560ceb

- printk: ringbuffer: Fix truncating buffer size min_t cast
  (bsc#1215875).
- commit e0d3999

- scsi: storvsc: Handle additional SRB status values (git-fixes).
- commit d1a5f2f

- scsi: qedf: Add synchronization between I/O completions and
  abort (bsc#1210658).
- commit 96a8c32

- gve: fix frag_list chaining (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants
  (bsc#1214479).
- gve: Add AF_XDP zero-copy support for GQI-QPL format
  (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format
  (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- commit 4dd2d8d

- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (CVE-2023-4921
  bsc#1215275).
- commit 9408063

- fs: no need to check source (bsc#1215752).
- commit 1a42abf

- Refresh
  patches.suse/drm-msm-dpu-drop-enum-dpu_core_perf_data_bus_id.patch
  (git-fixes)
  Alt-commit
- commit f8178cd

- Refresh
  patches.suse/drm-amd-display-check-attr-flag-before-set-cursor-de.patch
  (git-fixes)
  Alt-commit
- commit f507792

- Refresh
  patches.suse/drm-amdgpu-Fix-vram-recover-doesn-t-work-after-whole.patch
  (git-fixes)
  Alt-commit
- commit 38e2a92

- Refresh
  patches.suse/drm-amdgpu-add-a-missing-lock-for-AMDGPU_SCHED.patch
  (git-fixes)
  Alt-commit
- commit 2ecd3e8

- Refresh
  patches.suse/drm-amd-display-fix-flickering-caused-by-S-G-mode.patch
  (git-fixes)
  Alt-commit
- commit 33e82b2

- Refresh
  patches.suse/drm-nouveau-kms-nv50-fix-nv50_wndw_new_-prototype.patch
  (git-fixes)
  Alt-commit
- commit 4c21b50

- SUNRPC: Mark the cred for revalidation if the server rejects it
  (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server
  (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed
  MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info
  (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies
  (git-fixes).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return
  (git-fixes).
- commit 087b1c4

- doc/README.PATCH-POLICY.SUSE: Reflow text to 80-column width
  (jsc#PED-5021)
- commit be0158c

- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- commit 68da368

- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- commit bd8b5cf

- usb: ehci: add workaround for chipidea PORTSC.PEC bug
  (git-fixes).
- commit a447793

- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- commit 613dba7

- doc/README.PATCH-POLICY.SUSE: Update information about the tools
  (jsc#PED-5021)
  * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
  * Limit the range of commits in the exportpatch example to prevent it
  from running for too long.
  * Incorporate URLs directly into the text.
  * Fix typos and improve some wording, in particular avoid use of "there
  is/are" and prefer the present tense over the future one.
- commit c0bea0c

- doc/README.PATCH-POLICY.SUSE: Update information about the patch
  format (jsc#PED-5021)
  * Replace bugzilla.novell.com with bugzilla.suse.com and FATE with Jira.
  * Remove references to links to the patchtools and kernel source. They
  are incorporated in other parts of the text.
  * Use sentence-style capitalization for section headings, as recommended
  in the current SUSE Documentation Style Guide.
  * Fix typos and some wording, in particular avoid use of "there is/are".
- commit ce98345

- doc/README.PATCH-POLICY.SUSE: Update the summary and background
  (jsc#PED-5021)
  * Drop information about patches being split into directories per
  a subsystem because that is no longer the case.
  * Remove the mention that the expanded tree is present since SLE11-SP2
  as that is now only a historical detail.
  * Incorporate URLs and additional information in parenthenses directly
  into the text.
  * Fix typos and improve some wording.
- commit 640988f

- kernel-binary: Move build-time definitions together
  Move source list and build architecture to buildrequires to aid in
  future reorganization of the spec template.
- commit 30e2cef

- net: mana: Add page pool for RX buffers (bsc#1214040).
- bnx2x: new flag for track HW resource allocation (bsc#1202845
  bsc#1215322).
- commit 0f79d4d

- blacklist.conf: Ignore redundant patch
- commit 6d0ecfc

- powerpc/fadump: make is_kdump_kernel() return false when fadump
  is active (bsc#1212639 ltc#202582).
- vmcore: remove dependency with is_kdump_kernel() for exporting
  vmcore (bsc#1212639 ltc#202582).
- commit a5cc68e

- x86/srso: Fix srso_show_state() side effect (git-fixes).
- commit 619e525

- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- commit 5e42be0

- x86/srso: Don't probe microcode in a guest (git-fixes).
- commit 74b567d

- x86/srso: Set CPUID feature bits independently of bug or mitigation  status (git-fixes).
- commit c6caed4

- platform/x86: intel_scu_ipc: Fail IPC send if still busy
  (git-fixes).
- platform/x86: intel_scu_ipc: Don't override scu in
  intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in
  ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in
  busy_loop() (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get()
  (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates
  (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol
  (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models
  (git-fixes).
- commit 5e7ab5c

- Update
  patches.suse/net-sched-cbq-dont-intepret-cls-results-when-asked-t.patch.
  (bsc#1207036 CVE-2023-23454)
  Fold downstream fixup of caa4b35b4317d5147b3ab0fbdc9c075c7d2e9c12.
- commit 6635291

- scsi: lpfc: Prevent use-after-free during rmmod with mapped
  NVMe rports (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag
  in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for
  debugfs_create_file() (git-fixes).
- commit 39e6404

- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of
  smp_processor_id() (git-fixes).
- commit 2981c3a

- fuse: nlookup missing decrement in fuse_direntplus_link
  (bsc#1215581).
- commit 7cedbed

- Drop amdgpu patch causing spamming (bsc#1215523)
  Deleted:
  patches.suse/drm-amdgpu-install-stub-fence-into-potential-unused-.patch.
- commit 2cab595

- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- commit cc9aa11

- USB: core: Change usb_get_device_descriptor() API (bsc#1213123
  CVE-2023-37453 bsc#1215553 bsc#1215522 bsc#1215552).
  Refresh patches.suse/USB-core-Fix-race-by-not-overwriting-udev-descriptor.patch (add missing hunk)
  Refresh patches.suse/USB-core-Fix-oversight-in-SuperSpeed-initialization.patch (context)
- commit 6271d90

- virtio-net: set queues after driver_ok (git-fixes).
- commit a8caba5

- vhost: handle error while adding split ranges to iotlb
  (git-fixes).
- commit 059dc93

- vhost: allow batching hint without size (git-fixes).
- commit 8c5d403

- kernel-binary: python3 is needed for build
  At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18
  Other simimlar scripts may exist.
- commit c882efa

- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- commit e049205

- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues
  (git-fixes).
- commit fced801

- blacklist.conf: add b439eb8ab57855, as prereq patch is missing
- commit 7f6a95d

- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- commit 5c68686

- iommu/virtio: Detach domain on endpoint release (git-fixes).
- commit b648ef9

- vhost-scsi: unbreak any layout for response (git-fixes).
- commit 374c9ef

- drm/virtio: Use appropriate atomic state in
  virtio_gpu_plane_cleanup_fb() (git-fixes).
- commit 491eae6

- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling
  (git-fixes).
- commit e8e33de

- virtio-net: fix race between set queues and probe (git-fixes).
- commit 1089568

- virtio_net: Fix probe failed when modprobe virtio_net
  (git-fixes).
- commit 5915735

- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- commit 87c00dd

- virtio_net: separate the logic of checking whether sq is full
  (git-fixes).
- commit 7064a0d

- virtio_net: reorder some funcs (git-fixes).
- commit 4f7fbb1

- nvme-auth: use chap->s2 to indicate bidirectional authentication
  (bsc#1214543).
- commit 41ae88c

- module: Expose module_init_layout_section() (git-fixes)
- commit 54615cb

- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- commit d3da4d8

- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- commit f80791e

- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- commit ec53ad3

- virtio: acknowledge all features before access (git-fixes).
- commit 4e146ad

- hwrng: virtio - Fix race on data_avail and actual data
  (git-fixes).
- commit 6d20bd3

- virtio-rng: make device ready before making request (git-fixes).
- commit c09ce65

- vhost: fix hung thread due to erroneous iotlb entries
  (git-fixes).
- commit cc76cf8

- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- commit 89467e1

- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- commit afca04d

- hwrng: virtio - always add a pending request (git-fixes).
- commit 912363c

- hwrng: virtio - don't waste entropy (git-fixes).
- commit 4771c4e

- hwrng: virtio - don't wait on cleanup (git-fixes).
- commit e9188eb

- af_unix: Fix null-ptr-deref in unix_stream_sendpage()
  (CVE-2023-4622 bsc#1215117).
- commit a6ce336

- hwrng: virtio - add an internal buffer (git-fixes).
- commit 477109e

- net/sched: sch_hfsc: Ensure inner classes have fsc curve
  (CVE-2023-4623 bsc#1215115).
- commit 72e753f

- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed
  (git-fixes).
- commit 60546dd

- net: do not allow gso_size to be set to GSO_BY_FRAGS
  (git-fixes).
- commit b96a7ad

- virtio-mmio: don't break lifecycle of vm_dev (git-fixes).
- commit 45da2ea

- KVM: SEV: remove ghcb variable declarations (CVE-2023-4155
  bsc#1214022).
- KVM: SEV: only access GHCB fields once (CVE-2023-4155
  bsc#1214022).
- KVM: SEV: snapshot the GHCB before accessing it (CVE-2023-4155
  bsc#1214022).
- commit f5b3d4d

- xen: remove a confusing comment on auto-translated guest I/O
  (git-fixes).
- commit 80c5d27

- x86/PVH: avoid 32-bit build warning when obtaining VGA console
  info (git-fixes).
- commit 8d6614d

- doc/README.SUSE: Reflow text to 80-column width (jsc#PED-5021)
- commit e8f2c67

- doc/README.SUSE: Minor content clean up (jsc#PED-5021)
  * Mark the user's build directory as a variable, not a command:
  'make -C $(your_build_dir)' -> 'make -C $YOUR_BUILD_DIR'.
  * Unify how to get the current directory: 'M=$(pwd)' -> 'M=$PWD'.
  * 'GIT' / 'git' -> 'Git'.
- commit 1cb4ec8

- blacklist.conf: Append 'Revert "fbcon: Use kzalloc() in fbcon_prepare_logo()"'
- commit 501bd2e

- blacklist.conf: Append 'video/aperture: Only remove sysfb on the default vga pci device'
- commit bfaaaff

- doc/README.SUSE: Update information about module paths
  (jsc#PED-5021)
  * Use version variables to describe names of the
  /lib/modules/$VERSION-$RELEASE-$FLAVOR/... directories
  instead of using specific example versions which get outdated quickly.
  * Note: Keep the /lib/modules/ prefix instead of using the new
  /usr/lib/modules/ location for now. The updated README is expected to
  be incorporated to various branches that are not yet usrmerged.
- commit 7eba2f0

- doc/README.SUSE: Update information about custom patches
  (jsc#PED-5021)
  * Replace mention of various patches.* directories with only
  patches.suse as the typical location for patches.
  * Replace i386 with x86_64 in the example how to define a config addon.
  * Fix some typos and wording.
- commit 2997d22

- blacklist.conf: Append 'parisc: Flush gatt writes and adjust gatt mask in parisc_agp_mask_memory()'
- commit 30a9db6

- blacklist.conf: Append 'parisc/agp: Annotate parisc agp init functions with __init'
- commit 9eb45cc

- ata: libata: disallow dev-initiated LPM transitions to
  unsupported states (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs
  (git-fixes).
- selftests: tracing: Fix to unmount tracefs for recovering
  environment (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM
  (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg()
  (git-fixes).
- commit 1f4e814

- btrfs: don't hold CPU for too long when defragging a file
  (bsc#1214988).
- commit 9b89645

- 9p/xen : Fix use after free bug in xen_9pfs_front_remove due
  to race condition (bsc#1215206, CVE-2023-1859).
- commit f333aa7

- doc/README.SUSE: Update information about config files
  (jsc#PED-5021)
  * Use version variables to describe a name of the /boot/config-... file
  instead of using specific example versions which get outdated quickly.
  * Replace removed silentoldconfig with oldconfig.
  * Mention that oldconfig can automatically pick a base config from
  "/boot/config-$(uname -r)".
  * Avoid writing additional details in parentheses, incorporate them
  instead properly in the text.
- commit cba5807

- doc/README.SUSE: Update the patch selection section
  (jsc#PED-5021)
  * Make the steps how to obtain expanded kernel source more generic in
  regards to version numbers.
  * Use '#' instead of '$' as the command line indicator to signal that
  the steps need to be run as root.
  * Update the format of linux-$SRCVERSION.tar.bz2 to xz.
  * Improve some wording.
- commit e14852c

- netfilter: nftables: exthdr: fix 4-byte stack OOB write
  (CVE-2023-4881 bsc#1215221).
- commit 0de26c1

- doc/README.SUSE: Update information about (un)supported modules
  (jsc#PED-5021)
  * Update the list of taint flags. Convert it to a table that matches the
  upstream documentation format and describe specifically flags that are
  related to module support status.
  * Fix some typos and wording.
- commit e46f0df

- doc/README.SUSE: Bring information about compiling up to date
  (jsc#PED-5021)
  * When building the kernel, don't mention to initially change the
  current directory to /usr/src/linux because later description
  discourages it and specifies to use 'make -C /usr/src/linux'.
  * Avoid writing additional details in parentheses, incorporate them
  instead properly in the text.
  * Fix the obsolete name of /etc/modprobe.d/unsupported-modules ->
  /etc/modprobe.d/10-unsupported-modules.conf.
  * Drop a note that a newly built kernel should be added to the boot
  manager because that normally happens automatically when running
  'make install'.
  * Update a link to the Kernel Module Packages Manual.
  * When preparing a build for external modules, mention use of the
  upstream recommended 'make modules_prepare' instead of a pair of
  'make prepare' + 'make scripts'.
  * Fix some typos+grammar.
- commit b9b7e79

- sctp: leave the err path free in sctp_stream_init to
  sctp_stream_free (CVE-2023-2177 bsc#1210643).
- commit 337b7d8

- doc/README.SUSE: Bring the overview section up to date
  (jsc#PED-5021)
  * Update information in the overview section that was no longer
  accurate.
  * Improve wording and fix some typos+grammar.
- commit 798c075

- doc/README.SUSE: Update the references list (jsc#PED-5021)
  * Remove the reference to Linux Documentation Project. It has been
  inactive for years and mostly contains old manuals that aren't
  relevant for contemporary systems and hardware.
  * Update the name and link to LWN.net. The original name "Linux Weekly
  News" has been deemphasized over time by its authors.
  * Update the link to Kernel newbies website.
  * Update the reference to The Linux Kernel Module Programming Guide. The
  document has not been updated for over a decade but it looks its
  content is still relevant for today.
  * Point Kernel Module Packages Manual to the current version.
  * Add a reference to SUSE SolidDriver Program.
- commit 0edac75

- doc/README.SUSE: Update title information (jsc#PED-5021)
  * Drop the mention of kernel versions from the readme title.
  * Remove information about the original authors of the document. Rely as
  in case of other readmes on Git metadata to get information about all
  contributions.
  * Strip the table of contents. The document is short and easy to
  navigate just by scrolling through it.
- commit 06f5139

- doc/README.SUSE: Update information about DUD (jsc#PED-5021)
  Remove a dead link to description of Device Update Disks found
  previously on novell.com. Replace it with a short section summarizing
  what DUD is and reference the mkdud + mksusecd tools and their
  documentation for more information.
- commit 7eeba4e

- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events
  (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows
  (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more
  descriptors (git-fixes).
- kselftest/runner.sh: Propagate SIGTERM to runner child
  (git-fixes).
- commit 495d04f

- Delete patches.suse/genksyms-add-override-flag.diff.
  Unncessary after KBUILD_OVERRIDE removed.
- commit 870adc7

- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- commit 834e1c2

- jbd2: restore t_checkpoint_io_list to maintain kABI
  (bsc#1214946).
- commit 1a1980a

- rpm/kernel-binary.spec.in: Drop use of KBUILD_OVERRIDE=1
  Genksyms has functionality to specify an override for each type in
  a symtypes reference file. This override is then used instead of an
  actual type and allows to preserve modversions (CRCs) of symbols that
  reference the type. It is kind of an alternative to doing kABI fix-ups
  with '#ifndef __GENKSYMS__'. The functionality is hidden behind the
  genksyms --preserve option which primarily tells the tool to strictly
  verify modversions against a given reference file or fail.
  Downstream patch patches.suse/genksyms-add-override-flag.diff which is
  present in various kernel-source branches separates the override logic.
  It allows it to be enabled with a new --override flag and used without
  specifying the --preserve option. Setting KBUILD_OVERRIDE=1 in the spec
  file is then a way how the build is told that --override should be
  passed to all invocations of genksyms. This was needed for SUSE kernels
  because their build doesn't use --preserve but instead resulting CRCs
  are later checked by scripts/kabi.pl.
  However, this override functionality was not utilized much in practice
  and the only use currently to be found is in SLE11-SP1-LTSS. It means
  that no one should miss this option and KBUILD_OVERRIDE=1 together with
  patches.suse/genksyms-add-override-flag.diff can be removed.
  Notes for maintainers merging this commit to their branches:
  * Downstream patch patches.suse/genksyms-add-override-flag.diff can be
  dropped after merging this commit.
  * Branch SLE11-SP1-LTSS uses the mentioned override functionality and
  this commit should not be merged to it, or needs to be reverted
  afterwards.
- commit 4aa02b8

- drm/display: Don't assume dual mode adaptors support i2c
  sub-addressing (bsc#1213808).
- commit 9c64306

- blacklist.conf: Add ef73dcaa3121 ("powerpc: xmon: remove unused variables")
- commit 78179fa

- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses
  (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion
  (bsc#1065729).
- word-at-a-time: use the same return type for has_zero regardless
  of endianness (bsc#1065729).
- commit bde8063

- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus
  (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus
  (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus
  (bsc#1187236).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver
  (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback
  (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier
  (bsc#1187236).
- commit 0aba257

- mlx4: Use 'void *' as the event param of mlx4_dispatch_event()
  (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback
  (bsc#1187236).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- kabi/severities: ignore mlx4 internal symbols
- tracing: Fix race issue between cpu buffer write and swap
  (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode
  (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace
  (git-fixes).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- commit 47e9584

- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- commit 74c2613

- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- commit a8877f3

- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- commit 670fb4d

- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- commit 9871c87

- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- commit 3949a2b

- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- commit 4534667

- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- commit ef6d157

- x86/rtc: Remove __init for runtime functions (git-fixes).
- commit 4511d93

- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- commit cb39678

- x86/mce: Retrieve poison range from hardware (git-fixes).
- commit c9f1ddb

- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- commit 96d9365

- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- commit 12a2933

- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- commit 0d855b9

- x86/purgatory: remove PGO flags (git-fixes).
- commit 9d8ada6

- x86/ioapic: Don't return 0 from arch_dynirq_lower_bound() (git-fixes).
- commit ea0772f

- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- commit c1031f1

- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- commit bbfad26

- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- commit bf6d064

- x86/cpu: Add Lunar Lake M (git-fixes).
- commit 7ecc64d

- x86/bugs: Reset speculation control settings on init (git-fixes).
- commit 2a6dd8e

- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- commit ac06968

- x86/alternative: Fix race in try_get_desc() (git-fixes).
- commit d841323

- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- commit 11f0960

- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- commit cae635f

- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- commit 2a03ef8

- Revert "PCI: Mark NVIDIA T4 GPUs to avoid bus reset"
  (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- commit a1c9c68

- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42
  codecs (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative
  lengths (git-fixes).
- commit f43b75b

- patches.suse/ovl-remove-privs-in-ovl_copyfile.patch:(git-fixes).
- commit daa1815

- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (bsc#1214873
  git-fixes).
- commit b0dc76c

- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval
  (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING
  (bsc#1201284).
- commit 96ee377

- s390/zcrypt: don't leak memory if dev_set_name() fails
  (git-fixes bsc#1215148).
- commit 62bce52

- drm/amd/display: prevent potential division by zero errors
  (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid
  use-after-free (git-fixes).
- net: phy: micrel: Correct bit assignments for phy_device flags
  (git-fixes).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist
  (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt()
  (git-fixes).
- commit 3aa0807

- blacklist.conf: kABI
- commit fe6afec

- blacklist.conf: kABI
- commit b1fabe7

- blacklist.conf: kABI
- commit c50e08f

- Input: tca6416-keypad - fix interrupt enable disbalance
  (git-fixes).
- commit de27518

- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE
  (bsc#1214813).
- commit 2c1c38b

- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load
  (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check
  for initial power state (git-fixes).
- USB: serial: option: add FOXCONN T99W368/T99W373 product
  (git-fixes).
- USB: serial: option: add Quectel EM05G variant (0x030e)
  (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status
  (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to race condition (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/
  (git-fixes).
- commit 72d5b0f

- blacklist.conf: add git-fix to ignore
  this one removes unused kABI functions, but
  just leave them in
- commit 8007015

- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- commit 1ed2b1b

- blacklist.conf: 9011e49d54dc ("modules: only allow symbol_get of
  EXPORT_SYMBOL_GPL modules") is not really fixing any existing bug.
- commit 550f5fc

- Move upstreamed pinctrl patch into sorted section
- commit 38f70f2

- Update References tag
  patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_sock_rea.patch
  (git-fixes bsc#1214233 CVE-2023-40283).
- commit 731b49d

- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- kconfig: fix possible buffer overflow (git-fixes).
- commit 4a140a1

- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- commit ac82be8

- Refresh sorted section
- commit a6fbcee

- netfilter: nf_tables: use correct lock to protect gc_list
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: GC transaction race with abort path
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: GC transaction race with netns dismantle
  (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: fix GC transaction races with netns and
  netlink event exit path (CVE-2023-4563 bsc#1214727).
- netfilter: nf_tables: fix kdoc warnings after gc rework
  (CVE-2023-4563 bsc#1214727).
- refresh
  - patches.kabi/kabi-hide-changes-in-struct-nft_set.patch
- kabi: hide changes in struct nft_set (CVE-2023-4563
  bsc#1214727).
- netfilter: nf_tables: GC transaction API to avoid race with
  control plane (CVE-2023-4563 bsc#1214727).
- commit cfed41c

- quota: add new helper dquot_active() (bsc#1214998).
- commit 26cc2da

- quota: rename dquot_active() to inode_quota_active()
  (bsc#1214997).
- commit c4d7e83

- quota: factor out dquot_write_dquot() (bsc#1214995).
- commit 40e5ccd

- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- commit 47ff352

- block/mq-deadline: use correct way to throttling write requests
  (bsc#1214993).
- commit a152c28

- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost
  (bsc#1214992).
- commit 61a6c12

- loop: Fix use-after-free issues (bsc#1214991).
- commit 761b7ce

- loop: loop_set_status_from_info() check before assignment
  (bsc#1214990).
- commit 777c353

- blk-iocost: fix divide by 0 error in calc_lcoefs()
  (bsc#1214986).
- commit bfe49ae

- cpufreq: Fix the race condition while updating the
  transition_task of policy (git-fixes).
- rpmsg: glink: Add check for kstrdup (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use
  led_blink_set_oneshot instead (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always
  false (git-fixes).
- leds: multicolor: Use rounded division when calculating color
  components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode()
  (git-fixes).
- docs: printk-formats: Fix hex printing of signed values
  (git-fixes).
- commit 1c98d58

- scsi: qedf: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume
  (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails
  (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow
  (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts()
  (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: 3w-xxxx: Add error handling for initialization failure
  in tw_probe() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- commit f8c12c2

- cifs: Fix UAF in cifs_demultiplex_thread() (bsc#1208995
  CVE-2023-1192).
- commit 542332a

- blacklist.conf: add git-fix that breaks kabi
- commit 8b9578b

- udf: Fix uninitialized array access for some pathnames
  (bsc#1214967).
- commit 00df6f1

- udf: Fix off-by-one error when discarding preallocation
  (bsc#1214966).
- commit 03b82ad

- udf: Fix file corruption when appending just after end of
  preallocated extent (bsc#1214965).
- commit 4b5134d

- udf: Fix extension of the last extent in the file (bsc#1214964).
- commit ae72675

- quota: fix dqput() to follow the guarantees dquot_srcu should
  provide (bsc#1214963).
- commit e6fd888

- quota: fix warning in dqgrab() (bsc#1214962).
- commit e51a8ce

- quota: Properly disable quotas when add_dquot_ref() fails
  (bsc#1214961).
- commit 4d1d992

- fs: Lock moved directories (bsc#1214959).
- commit cae328c

- fs: Establish locking order for unrelated directories
  (bsc#1214958).
- commit 5f1d5b9

- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- commit 37394c0

- blacklist.conf: Blacklist 69562eb0bd3e
- commit 1f4b3d5

- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git
  fixes).
- commit 4be7d48

- jbd2: correct the end of the journal recovery scan range
  (bsc#1214955).
- commit 11f4a50

- ext4: fix memory leaks in
  ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- commit 4b6c845

- jbd2: check 'jh->b_transaction' before removing it from
  checkpoint (bsc#1214953).
- commit 03f7b6f

- jbd2: fix checkpoint cleanup performance regression
  (bsc#1214952).
- commit 5a6fc81

- ext4: avoid potential data overflow in next_linear_group
  (bsc#1214951).
- commit 3e19652

- ext4: correct inline offset when handling xattrs in inode body
  (bsc#1214950).
- commit 86048c8

- jbd2: fix a race when checking checkpoint buffer busy
  (bsc#1214949).
- commit 003f040

- jbd2: Fix wrongly judgement for buffer head removing while
  doing checkpoint (bsc#1214948).
- commit 4a7cf2e

- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- commit c697d1d

- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- commit fb2b64f

- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- commit bc0367a

- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- commit bf72f09

- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- commit a5e1fe1

- ext4: get block from bh in ext4_free_blocks for fast commit
  replay (bsc#1214942).
- commit f797e3b

- ext4: reflect error codes from ext4_multi_mount_protect()
  to its callers (bsc#1214941).
- commit eadc3e7

- USB: core: Fix oversight in SuperSpeed initialization
  (bsc#1213123 CVE-2023-37453).
- commit 6b6c148

- ext4: set goal start correctly in ext4_mb_normalize_request
  (bsc#1214940).
- commit cc90b6a

- blacklist.conf: Not a fix, relatively high risk of performance regression
- commit fd04425

- USB: core: Fix race by not overwriting udev->descriptor in
  hub_port_init() (bsc#1213123 CVE-2023-37453).
- commit a1f446d

- USB: core: Unite old scheme and new scheme descriptor reads
  (bsc#1213123 CVE-2023-37453).
- commit 9f60ef1

- Refresh
  patches.suse/0002-nvme-tcp-fix-potential-unbalanced-freeze-unfreeze.patch.
- Refresh
  patches.suse/0003-nvme-rdma-fix-potential-unbalanced-freeze-unfreeze.patch.
- commit 452e63f

- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE
  (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery
  mode during RSCN (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- commit 8c191d2

- scsi: qla2xxx: Remove unused variables in
  qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- Revert "scsi: qla2xxx: Fix buffer overrun" (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit()
  (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option
  (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer
  (bsc#1214928).
- scsi: qla2xxx: Add logs for SFP temperature monitoring
  (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset
  (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- commit 1dd6a86

- series: update meta data
  Move qla2xxx, lpcf, powerpc, net anc cpu patches into main section.
- commit b5aafc0

- scsi: RDMA/srp: Fix residual handling (git-fixes)
- commit 429e77b

- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- commit c7f667b

- RDMA/siw: Correct wrong debug message (git-fixes)
- commit 3732fc1

- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- commit 9281d22

- Revert "IB/isert: Fix incorrect release of isert connection" (git-fixes)
- commit 1b277c9

- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- commit e55bab1

- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- commit 0e5f5fb

- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- commit fee7fe7

- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- commit 988bb43

- RDMA/hns: Fix port active speed (git-fixes)
- commit f1ca0f2

- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- commit dd0f3ab

- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- commit e8addea

- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- commit c2623e0

- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- commit c6f50a4

- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- commit 632a598

- RDMA/umem: Set iova in ODP flow (git-fixes)
- commit ec8b3f4

- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- commit 1ff5e5f

- dmaengine: ste_dma40: Add missing IRQ check in d40_probe
  (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute
  pasid_enabled (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on
  reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328
  recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328
  (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in
  fsmc_nand_resume() (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in
  oob write (git-fixes).
- mtd: rawnand: brcmnand: Fix crash during the panic_write
  (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning
  (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HID: logitech-dj: Fix error handling in
  logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput
  input_dev name (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: ov2680: Fix regulators being left enabled on
  ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which ==
  V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function
  (git-fixes).
- media: ov2680: Don't take the lock for try_fmt calls
  (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi()
  (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking
  interrupts (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1
  (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: rkvdec: increase max supported height for H.264
  (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send()
  (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in
  m920x_i2c_xfer() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- drivers: usb: smsusb: fix error handling code in
  smsusb_init_device (git-fixes).
- media: v4l2-core: Fix a potential resource leak in
  v4l2_fwnode_parse_link() (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf()
  (git-fixes).
- media: ad5820: Drop unsupported ad5823 from i2c_ and
  of_device_id tables (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- amba: bus: fix refcount leak (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction
  (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init()
  (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid
  wrong access (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision
  (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after
  resumption (git-fixes).
- USB: gadget: f_mass_storage: Fix unused variable warning
  (git-fixes).
- usb: phy: mxs: fix getting wrong state with
  mxs_phy_is_otg_host() (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter
  is 0 (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- commit 729e789

- target: compare and write backend driver sense handling
  (bsc#1177719 bsc#1213026).
- Refresh patches.suse/target-rbd-support-COMPARE_AND_WRITE.patch.
- commit a2ae103

- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- commit 586e58b

- Add cherry-picked if to fbdev patch
- commit 32815f6

- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360
  15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable
  mute LED (git-fixes).
- commit 2c05a9a

- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- commit 3ba2db1

- PCI: microchip: Remove cast between incompatible function type
  (git-fixes).
- PCI: meson: Remove cast between incompatible function type
  (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets
  (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument
  (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf()
  (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter
  (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer
  dereference (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev
  (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources()
  only for non-root bus (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary
  (git-fixes).
- commit 10e5d93

- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock
  (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false
  (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional
  (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/mdp5: Don't leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards
  (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in
  amdgpu_device_attr_create() (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail
  (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format
  for AUO T215HVN01 (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/armada: Fix off-by-one error in
  armada_overlay_get_property() (git-fixes).
- drm/atomic-helper: Update reference to
  drm_crtc_force_disable_all() (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq
  (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths
  (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- commit a3652b5

- docs: kernel-parameters: Refer to the correct bitmap function
  (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src
  (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock
  (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe
  (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for
  393216000/361267200Hz (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would
  be a no-op (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in
  _of_pll_clk_init() (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl
  (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask
  (git-fixes).
- drm/amdgpu: avoid integer overflow warning in
  amdgpu_device_resize_fb_bar() (git-fixes).
- drm/bridge: anx7625: Drop device lock before
  drm_helper_hpd_irq_event() (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5
  (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device
  (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device
  (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device
  (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order
  (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child()
  (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe
  error (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled
  (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled
  (git-fixes).
- commit 08c4f7b

- Kbuild: add -Wno-shift-negative-value where -Wextra is used
  (bsc#1214756).
- commit 8140064

- rpm/mkspec-dtb: support for nested subdirs
  Commit 724ba6751532 ("ARM: dts: Move .dts files to vendor
  sub-directories") moved the dts to nested subdirs, add a support for
  that. That is, generate a %dir entry in %files for them.
- commit 6484eda

- wifi: mwifiex: Fix missed return in oob checks failed path
  (git-fixes).
- commit 9baf357

- nilfs2: fix WARNING in mark_buffer_dirty due to discarded
  buffer reuse (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER
  (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/
  (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement
  with a lock (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference
  (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color
  attribute (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
  (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys
  (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info()
  (git-fixes).
- Bluetooth: nokia: fix value check in
  nokia_bluetooth_serdev_probe() (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor
  management (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch
  (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH
  (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary
  antenna only (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets
  (git-fixes).
- wifi: rtw89: debug: Fix error handling in
  rtw89_debug_priv_btc_manual_set() (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow
  errors also in case of OOM (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls
  (git-fixes).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing
  (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered
  (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible()
  (git-fixes).
- spi: tegra20-sflash: fix to check return value of
  platform_get_irq() in tegra_sflash_probe() (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations
  (git-fixes).
- commit 243ba95

- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- commit 8393e27

- Kbuild: move to -std=gnu11 (bsc#1214756).
- commit ef844c1

- blacklist.conf: kABI
- commit 382e160

- netfilter: nf_tables: deactivate catchall elements in next
  generation (bsc#1214729 CVE-2023-4569).
- commit 6289fe5

- netfs: fix parameter of cleanup() (bsc#1214743).
- netfs: Fix lockdep warning from taking sb_writers whilst
  holding  mmap_lock (bsc#1214742).
- commit bb32ecc

- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/resctrl: Close perf value read fd on errors
  (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run
  benchmark (git-fixes).
- selftests/resctrl: Don't leak buffer in fill_cache()
  (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints
  table (git-fixes).
- selftests/harness: Actually report SKIP for signal tests
  (git-fixes).
- pstore/ram: Check start of empty przs during init (git-fixes).
- commit ad35b22

- Move upstreamed powerpc patches into sorted section
- commit 3a27181

- Move upstreamed HID patch into sorted section
- commit 85ada69

- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- commit 411ade7

- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- commit 36d3f87

- intel: remove unused macros (jsc#PED-5738).
- commit 8c0592a

- e1000: Fix typos in comments (jsc#PED-5738).
- commit b74464e

- e1000: switch to napi_build_skb() (jsc#PED-5738).
- commit 8f3d353

- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- commit b269f24

- tracing: Fix memleak due to race between current_tracer and
  trace (git-fixes).
- commit cd1e0a8

- tracing: Fix cpu buffers unavailable due to 'record_disabled'
  missed (git-fixes).
- commit 8e87d30

- ring-buffer: Do not swap cpu_buffer during resize process
  (git-fixes).
- commit e5ec19f

- xfs: fix sb write verify for lazysbcount (bsc#1214661).
- commit 29e65a8

- cpufreq: intel_pstate: Adjust balance_performance EPP for
  Sapphire Rapids (bsc#1214659).
- commit c3cfee9

- cpufreq: intel_pstate: Enable HWP IO boost for all servers
  (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- commit bd6042f

- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems
  with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927
  jsc#PED-4929).
- commit 0340dfe

- cpufreq: intel_pstate: hybrid: Use known scaling factor for
  P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 91615ae

- cpufreq: intel_pstate: Read all MSRs on the target CPU
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 639f9f6

- cpufreq: intel_pstate: hybrid: Rework HWP calibration
  (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- Update
  patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch
  (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- commit 689587b

- Use the cherry-picked id for an AMDGPU patch and resort
- commit 07365e7

- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- Refresh
  patches.suse/tty-serial-fsl_lpuart-add-earlycon-for-imx8ulp-platf.patch.
- commit f34a3a2

- selftests: forwarding: tc_actions: Use ncat instead of nc
  (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller
  Hub) (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior
  tb_retimer_set_inbound_sbtx() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting
  (git-fixes).
- usb: chipidea: imx: don't request QoS for imx8ulp (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in
  __gs_console_push (git-fixes).
- pcmcia: rsrc_nonstatic: Fix memory leak in
  nonstatic_release_resource_db() (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access
  (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A
  (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for
  different platforms (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files
  when test is aborted (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- commit 5394953

- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- commit d60a005

- i2c: designware: Handle invalid SMBus block data response
  length value (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy
  (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB
  related warnings (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence
  pointers (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion
  (git-fixes).
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse
  (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech
  G915 TKL Keyboard (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function
  hotplug (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays
  (git-fixes).
- drm/amd/display: save restore hdcp state when display is
  unplugged from mst hub (git-fixes).
- iio: adc: stx104: Implement and utilize register structures
  (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- commit e2faa35

- clk: Fix slab-out-of-bounds error in devm_clk_release()
  (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}'
  (git-fixes).
- pinctrl: renesas: rza2: Add lock around
  pinctrl_generic{{add,remove}_group,{add,remove}_function}
  (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- dma-buf/sw_sync: Avoid recursive lock during fence signal
  (git-fixes).
- commit 7c5f1b7

- batman-adv: Hold rtnl lock during MTU update via netlink
  (git-fixes).
- commit 8468886

- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back
  (git-fixes).
- batman-adv: Do not get eth header before
  batadv_check_management_packet (git-fixes).
- batman-adv: Don't increase MTU when set by user (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- commit d59057e

- smb: client: fix null auth (git-fixes).
- commit f89a725

- powerpc/rtas: block error injection when locked down
  (bsc#1023051).
  Refresh patches.kabi/lockdown-kABI-workaround-for-lockdown_reason-changes.patch
- powerpc/rtas: enture rtas_call is called with MMU enabled
  (bsc#1023051).
- commit e7f7145

- Input: cyttsp4_core - change del_timer_sync() to
  timer_shutdown_sync() (bsc#1213971 CVE-2023-4134).
- commit 2dfd188

- Refresh patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch.
- commit 0cbb740

- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
  It caused mysterious problem wrt NVMe.
  Better to drop and blacklist for now.
- commit 2257ff2

- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- commit af67897

- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (bsc#1213927, CVE-2023-20588).
- commit eb5704d

- x86/CPU/AMD: Do not leak quotient data after a division by 0 (bsc#1213927, CVE-2023-20588).
- commit 8b5290e

- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts
  (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel
  devices (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- commit aace9fd

- old-flavors: Drop 2.6 kernels.
  2.6 based kernels are EOL, upgrading from them is no longer suported.
- commit 7bb5087

- kunit: make kunit_test_timeout compatible with comment
  (git-fixes).
- commit e060c5b

- blacklist.conf: kABI
- commit 2db68b2

- blacklist.conf: kABI
- commit b9b490f

- blacklist.conf: specific to Clang
- commit 0d88df7

- blacklist.conf: not used in our build process
- commit 5705a43

- blacklist.conf: designed to break kABI but relevant only on big endian
- commit 3477f1d

- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk()
  test (git-fixes).
- commit 0595e9f

- blacklist.conf: cleanup
- commit 8d51620

- blacklist.conf: We do not use that tool
- commit f8ec126

- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx
  (git-fixes).
- commit d96f965

- kabi: Allow extra bugsints (bsc#1213927).
- commit fc75ce0

- Refresh patches.suse/x86-srso-add-ibpb.patch.
  CPU_IBPB_ENTRY is always on so adjust code accordingly.
- commit 0ed13bd

- Update
  patches.suse/net-vmxnet3-fix-possible-NULL-pointer-dereference-in.patch
  (bsc#1200431 bsc#1214451 CVE-2023-4459).
  Added CVE reference.
- commit 13a12f4

- net: nfc: Fix use-after-free caused by nfc_llcp_find_local
  (bsc#1213601 CVE-2023-3863).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601
  CVE-2023-3863).
- nfc: llcp: nullify llcp_sock->dev on connect() error paths
  (bsc#1213601 CVE-2023-3863).
- commit 0932a11

- kabi/severities: Ignore newly added SRSO mitigation functions
- commit 4452f05

- tty: fix hang on tty device with no_room set (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- commit 22b52a9

- tty: n_gsm: fix the UAF caused by race condition in
  gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1
  for lpuart32 platforms (git-fixes).
- commit 2bc2940

- x86/static_call: Fix __static_call_fixup() (git-fixes).
- commit 57d4f01

- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- commit c2d3421

- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- commit f62146e

- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- commit 7f39f56

- x86/cpu: Cleanup the untrain mess (git-fixes).
- commit 13632c3

- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- commit 522332f

- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- commit d5ea86a

- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- commit 847a96f

- xfrm: add NULL check in xfrm_update_ae_params (bsc#1213666
  CVE-2023-3772).
- commit 9e44d01

- x86/cpu: Rename original retbleed methods (git-fixes).
- commit 81c5e75

- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- commit fa0b815

- objtool/x86: Fix SRSO mess (git-fixes).
- commit 8bf5635

- x86/alternative: Make custom return thunk unconditional (git-fixes).
- commit a446ea5

- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- commit 06974c4

- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- commit 086adb4

- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with  retpolines and IBT (git-fixes).
- commit 9392b3c

- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- commit 99556d6

- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- commit af52734

- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (git-fixes).
- commit 43e1da9

- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- commit 7af6810

- powerpc/rtas_flash: allow user copy to flash block cache objects
  (bsc#1194869).
- commit 0fccbf5

- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue
  (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer
  (git-fixes).
- i2c: designware: Correct length byte validation logic
  (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- commit 5738f62

- supported.conf: fix typos for -!optional markers
- commit a15b83f

- ALSA: hda/realtek - Remodified 3k pull low procedure
  (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation
  (git-fixes).
- ASoC: lower "no backend DAIs enabled for ... Port" log severity
  (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI
  (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and
  playback interfaces (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init()
  (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict
  (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset
  (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4
  (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match
  (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off
  (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according
  to the docs (git-fixes).
- commit a48515a

- Update config files. Drop the dpt_i2o kernel module.
  For: jsc#PED-4579, CVE-2023-2007
- commit f332a85

- mkspec: Allow unsupported KMPs (bsc#1214386)
- commit 55d8b82

- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- commit 722c601

- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380).
  gcc7 on SLE 15 does not support this while later gcc does.
- commit 5b41c27

- s390/purgatory: disable branch profiling (git-fixes
  bsc#1214372).
- commit 28f91ce

- scsi: zfcp: Defer fc_rport blocking until after ADISC response
  (git-fixes bsc#1214371).
- commit 5ac3747

- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- commit 3711e45

- powerpc/kexec: Fix build failure from uninitialised variable
  (bsc#1212091 ltc#199106).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- Refresh patches.suse/powerpc-Take-in-account-addition-CPU-node-when-build.patch
- Refresh patches.suse/powerpc-kexec_file-fix-implicit-decl-error.patch
- commit c8f4ed0

- Update
  patches.suse/net-vmxnet3-fix-possible-use-after-free-bugs-in-vmxn.patch
  (bsc#1200431 bsc#1214350 CVE-2023-4387).
  Added CVE reference.
- commit 8897012

- module: avoid allocation if module is already present and ready
  (bsc#1213921).
- commit a42ca12

- module: move check_modinfo() early to early_mod_check()
  (bsc#1213921).
- commit b97680b

- module: move early sanity checks into a helper (bsc#1213921).
- commit d4f0452

- Update config files.
  run_oldconfig.sh
- CONFIG_NVME_VERBOSE_ERRORS=y          gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13   gone with 7e152d55123
- commit 7a11d4b

- module: extract patient module check into helper (bsc#1213921).
- commit de545b1

- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- commit 63c2b4e

- net: mana: Fix MANA VF unload when hardware is unresponsive
  (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats
  (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir()
  (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits
  (git-fixes).
- commit 66cd4bc

- powerpc/iommu: Fix iommu_table_in_use for a small default DMA
  window case (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper
  (bsc#1212091 ltc#199106).
- powerpc/iommu: don't set failed sg dma_address to
  DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091
  ltc#199106).
- commit 63fd00c

- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- drm/nouveau/gr: enable memory loads on helper invocation on
  all channels (git-fixes).
- commit 8a7a168

- kernel-binary: Common dependencies cleanup
  Common dependencies are copied to a subpackage, there is no need for
  copying defines or build dependencies there.
- commit 254b03c

- kernel-binary: Drop code for kerntypes support
  Kerntypes was a SUSE-specific feature dropped before SLE 12.
- commit 2c37773

- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
  (git-fixes).
- commit 9c04620

- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR
  add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV
  device (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of
  ibm,dma-window (bsc#1214297 ltc#197503).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters
  (bsc#1212091 ltc#199106).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions
  (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: Do not try direct mapping with persistent
  memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is
  present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use
  before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091
  ltc#199106).
- powerpc/pseries/iommu: Rename "direct window" to "dma window"
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property
  name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept
  property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*()
  with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor
  enable_ddw() (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerps-pseries-dma-Add-support-for-2M-IOMMU-page-si.patch
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper
  (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift
  (bsc#1212091 ltc#199106).
  Refresh patches.suse/powerpc-iommu-Limit-number-of-TCEs-to-512-for-H_STUF.patch
- commit 4f11eef

- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059
  git-fixes).
- commit f722e3b

- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- commit f8a9432

- target_core_rbd: fix leak and reduce kmalloc calls
  (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment
  (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code
  (bsc#1212857).
- file: reinstate f_pos locking optimization for regular files
  (bsc#1213759).
- commit 0469dd9

- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- commit 3d175df

- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- commit d9c79ec

- blacklist.conf: add drivers/net/ethernet/renesas/ drivers
- commit 0c8d3f5

- sfc: fix crash when reading stats while NIC is resetting
  (git-fixes).
- commit 61c7a4c

- ice: Fix crash by keep old cfg when update TCs more than queues
  (git-fixes).
- commit 4e80ce2

- powerpc/pseries: Honour current SMT state when DLPAR onlining
  CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462
  ltc#200161 ltc#200588).
  Update config files.
- powerpc/pseries: Initialise CPU hotplug callbacks earlier
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Allow enabling partial SMT states via sysfs
  (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285
  bsc#1205462 ltc#200161 ltc#200588).
- commit 8bd8972

- sched/psi: use kernfs polling functions for PSI trigger polling
  (bsc#1209799).
- commit 4477665

- md/raid0: Fix performance regression for large sequential writes
  (bsc#1213916).
- md/raid0: Factor out helper for mapping and submitting a bio
  (bsc#1213916).
- commit d85264e

- ceph: don't check for quotas on MDS stray dirs (bsc#1214238).
- commit dcb3418

- iommu/dma: Fix incorrect error return on iommu deferred attach
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit c7a880f

- iommu/dma: return error code from iommu_dma_map_sg()
  (git-fixes).
- Refresh patches.suse/iommu-dma-Fix-arch_sync_dma-for-map.patch.
- Refresh
  patches.suse/iommu-dma-check-config_swiotlb-more-broadly.
- commit 5d989c6

- iommu/amd: Fix pci device refcount leak in ppr_notifier()
  (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and
  ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()
  (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2
  (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in
  dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci()
  (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap
  (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging
  entries (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path
  (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT
  device to identity (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination
  (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU
  (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode
  (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait()
  (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Add PCI segment support for ivrs_ commands
  (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up
  to 35bit (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/arm-smmu-v3: check return value after calling
  platform_get_resource() (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in
  arm_smmu_device_probe() (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling
  (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- commit b73aa3b

- nvme-rdma: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze
  (bsc#1208902).
- commit 2d8bf94

- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- commit 64aa9ec

- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- commit b1259cb

- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- commit edd5557

- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- commit ae6500e

- iio: cros_ec: Fix the allocation size for cros_ec_command
  (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device
  match (git-fixes).
- usb: dwc3: Properly handle processing of pending events
  (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media()
  (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial
  role is none (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring
  pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- commit d86b205

- netfilter: KABI workaround for CVE-2023-3610 bsc#1213580
  (git-fixes).
- commit ecae123

- netfilter: nf_tables: fix chain binding transaction logic
  (bsc#1213580 CVE-2023-3610).
- commit 12da4f7

- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for
  pfe1100 (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes
  via iput (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on
  DCN3+ (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling
  dma_buf_mmap() (git-fixes).
- drm/rockchip: Don't spam logs in atomic check (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside
  nouveau_connector_get_modes (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard
  PHY reset pinmux (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
  (git-fixes).
- selftests/rseq: check if libc rseq support is registered
  (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral
  attachment (git-fixes).
- commit 1f8ce0d

- net/sched: cls_route: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_fw: No longer copy tcf_result on update to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- net/sched: cls_u32: No longer copy tcf_result on update  to
  avoid use-after-free (bsc#1214149 CVE-2023-4128).
- commit 9904c3b

- ceph: never send metrics if disable_send_metrics is set
  (bsc#1214180).
- commit 32f3ae7

- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN
  (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion
  (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using
  veth pairs (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs
  (git-fixes).
- selftests: forwarding: Add a helper to skip test when using
  veth pairs (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: Skip test when no interfaces are
  specified (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032
  (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused
  (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access
  (git-fixes).
- commit b70a6bf

- blacklist.conf: Blacklist useless doc fix
- commit 685dbed

- exfat: check if filename entries exceeds max filename length
  (bsc#1214120 CVE-2023-4273).
- commit b7e68de

- x86/srso: Fix return thunks in generated code (git-fixes).
- commit b4d125e

- Refresh patches.suse/kvm-add-gds_no-support-to-kvm.patch.
- Refresh
  patches.suse/x86-speculation-add-force-option-to-gds-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-gather-data-sampling-mitigation.patch.
- Refresh
  patches.suse/x86-speculation-add-kconfig-option-for-gds.patch.
- Refresh
  patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Sort latest set of security vulnerabilities according to upstream order.
- commit 4a12398

- tracing/histograms: Return an error if we fail to add histogram
  to hist_vars list (git-fixes).
- commit d08da8a

- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
  Deleted:
  patches.suse/wifi-cfg80211-fix-locking-in-regulatory-disconnect.patch
  patches.suse/wifi-cfg80211-fix-locking-in-sched-scan-stop-work.patch
- commit f824698

- netfilter: nf_tables: disallow rule addition to bound chain
  via NFTA_RULE_CHAIN_ID (CVE-2023-4147 bsc#1213968).
- commit c0bb265

- cxgb4: fix use after free bugs caused by circular dependency
  problem (bsc#1213970 CVE-2023-4133).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Add shutdown mechanism to the internal functions
  (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for
  shutdown mode (bsc#1213970).
- timers: Silently ignore timers with a NULL function
  (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync()
  (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- clocksource/drivers/sp804: Do not use timer namespace for
  timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace
  for timer_shutdown() function (bsc#1213970).
- ARM: spear: Do not use timer namespace for timer_shutdown()
  function (bsc#1213970).
- commit 0322b50

- xen/netback: Fix buffer overrun triggered by unusual packet
  (CVE-2023-34319, XSA-432, bsc#1213546).
- commit 6591b03

- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- commit 90a74a8

- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- commit 2837d15

- jffs2: correct logic when creating a hole in jffs2_write_begin
  (git-fixes).
- commit f413344

- mmc: moxart: read scr register without changing byte order
  (git-fixes).
- commit 12e8704

- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit ade2a6e

- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- commit 2f90082

- cifs: add missing return value check for cifs_sb_tlink
  (bsc#1193629).
- commit a08c7b4

- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth
  request (bsc#1193629).
- commit 1b17674

- cifs: allow dumping keys for directories too (bsc#1193629).
- commit e7fda39

- cifs: fix mid leak during reconnection after timeout threshold
  (git-fixes).
- commit 30d4c82

- cifs: is_network_name_deleted should return a bool
  (bsc#1193629).
- commit 85c6bb9

- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- commit 37f3408

- cifs: if deferred close is disabled then close files immediately
  (git-fixes).
- commit 1cd51c4

- SMB3: Do not send lease break acknowledgment if all file
  handles have been closed (git-fixes).
- commit 68ee604

- net: tun_chr_open(): set sk_uid from current_fsuid()
  (CVE-2023-4194 bsc#1214019).
- commit b6c8070

- net: tap_open(): set sk_uid from current_fsuid() (CVE-2023-4194
  bsc#1214019).
- commit d59e993

- tracing/probes: Fix to avoid double count of the string length
  on the array (git-fixes).
- commit 24b5022

- blacklist.conf: add tracing patches implementing new functionality
- commit 1e7f3cf

- tracing/probes: Fix to record 0-length data_loc in
  fetch_store_string*() if fails (git-fixes).
- commit c96ae0e

- Revert "tracing: Add "(fault)" name injection to kernel probes"
  (git-fixes).
- commit 658fc31

- bpf: Disable preemption in bpf_event_output (git-fixes).
- commit 21194b8

- tracing: Fix warning in trace_buffered_event_disable()
  (git-fixes).
- commit 9a84de4

- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- commit 9c2f42a

- tracing/probes: Fix to update dynamic data counter if fetcharg
  uses it (git-fixes).
- commit a5e8186

- tracing/probes: Fix not to count error code to total length
  (git-fixes).
- commit 1fa72f4

- tracing: Fix memory leak of iter->temp when reading trace_pipe
  (git-fixes).
- commit 6f343ba

- tracing/histograms: Add histograms to hist_vars if they have
  referenced variables (git-fixes).
- commit 17940e8

- ftrace: Fix possible warning on checking all pages used in
  ftrace_process_locs() (git-fixes).
- commit 825cbd9

- ring-buffer: Fix deadloop issue on reading trace_pipe
  (git-fixes).
- commit fc2b8fe

- tracing: Fix null pointer dereference in tracing_err_log_open()
  (git-fixes).
- commit 498fa96

- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- commit 3b7c83a

- nfsd: Remove incorrect check in nfsd4_validate_stateid
  (git-fixes).
- commit 2cc1911

- blacklist.conf: add a cleanup
- commit 976e622

- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op()
  (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts
  (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description
  (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment
  (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- drm/ttm: check null pointer before accessing when swapping
  (git-fixes).
- commit 6d64757

- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat_iterate(): don't open-code file_inode(file) (bsc#1214000).
- commit 00dff49

- blacklist.conf: Add 3b8abb323953 mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()
- commit 3ae175c

- blacklist.conf: Add 9ec272c586b0 watchdog/hardlockup: keep kernel.nmi_watchdog sysctl as 0444 if probe fails
- commit ff37424

- Refresh patches.suse/x86-srso-add-srso_no-support.patch.
  Handle the newly added SBPB feature correctly when run in hypervisor
  context and interept an MSR write.
- commit ef9889a

- Update config files.
  We want SRSO mitigation on by default
- commit acc813b

- netfs: Fix missing xas_retry() calls in xarray iteration
  (bsc#1213946).
- commit f25fdaf

- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of
  MT7615D (DBDC) (git-fixes).
- USB: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- firmware: arm_scmi: Drop OF node reference in the transport
  channel setup (git-fixes).
- USB: gadget: Fix the memory leak in raw_gadget driver
  (git-fixes).
- USB: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume
  (git-fixes).
- USB: serial: simple: sort driver entries (git-fixes).
- USB: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- USB: serial: option: add Quectel EC200A module support
  (git-fixes).
- USB: serial: option: support Quectel EM060K_128 (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during
  runtime suspend (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the
  initial value (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap
  (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function
  (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX
  (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: Delete error messages for failed memory allocations
  (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from  pcie_retrain_link()
  (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc
  (git-fixes).
- ACPI: processor: perflib: Avoid updating frequency QoS
  unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the "no limit" frequency QoS
  (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code
  (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking
  (git-fixes).
- commit f6445d7

- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- commit 0eb1518

- Input: iqs269a - do not poll during ATI (git-fixes).
- commit 5bdf465

- Input: iqs269a - do not poll during suspend or resume
  (git-fixes).
- commit 467fdbf

- Input: i8042 - add Clevo PCX0DX to i8042 quirk table
  (git-fixes).
- commit 0922201

- relayfs: fix out-of-bounds access in relay_file_read
  (bsc#1212502 CVE-2023-3268).
- commit 9c2a6e6

- can: af_can: fix NULL pointer dereference in can_rcv_filter
  (bsc#1210627 CVE-2023-2166).
- commit e89fee8

- s390: introduce nospec_uses_trampoline() (git-fixes
  bsc#1213870).
- commit c2ccf75

- s390/ipl: add missing intersection check to ipl_report handling
  (git-fixes bsc#1213871).
- commit 8806556

- Move upstreamed sound patch into sorted sectoin
- commit 8a29738

- blacklist.conf: has non-trivial dependencies
- commit 0c7dbe0

- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- commit 66f8c8e

- KVM: s390: pv: fix index value of replaced ASCE (git-fixes
  bsc#1213867).
- commit e789a10

- s390/decompressor: specify __decompress() buf len to avoid
  overflow (git-fixes bsc#1213863).
- commit 59015c6

- libceph: harden msgr2.1 frame segment length checks
  (bsc#1213857).
- ceph: don't let check_caps skip sending responses for revoke
  msgs (bsc#1213856).
- commit 9052bbe

- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- commit 222f2a2

- Update config files: set CONFIG_GDS_FORCE_MITIGATION=n
- commit f04be94

- bpf: add missing header file include (bsc#1211738
  CVE-2023-0459).
- commit 1ccaaad

- Drop the recent USB gadget fix patches
  The recent USB gadget fix patches look dubious and likely leading to
  locking problem.  Drop them for now until we get the proper backports
  Deleted:
  patches.suse/usb-gadget-core-remove-unbalanced-mutex_unlock-in-us.patch
  patches.suse/usb-gadget-udc-core-Offload-usb_udc_vbus_handler-pro.patch
  patches.suse/usb-gadget-udc-core-Prevent-soft_connect_store-race.patch
- commit d9bbe1b

- block: Fix a source code comment in
  include/uapi/linux/blkzoned.h (git-fixes).
- commit 8349665

- blacklist.conf: cleanup
- commit fb32f77

- blacklist.conf: cleanup
- commit 4a72f90

- scftorture: Count reschedule IPIs (git-fixes).
- commit e88bc8d

- netfilter: nft_set_pipapo: fix improper element removal
  (bsc#1213812 CVE-2023-4004).
- commit 4902a99

- Update
  patches.suse/RDMA-mthca-Fix-crash-when-polling-CQ-for-shared-QPs.patch
  (git-fixes bsc#1212604).
  Added bug reference.
- commit 391a3ba

- igc: Fix Kernel Panic during ndo_tx_timeout callback
  (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove
  (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff
  (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- gve: unify driver name usage (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage
  (git-fixes).
- igc: Handle PPS start time programming for past time values
  (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of
  ethtool_link_ksettings (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier
  (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- commit a695c8c

- s390/dasd: fix hanging device after quiesce/resume (git-fixes
  bsc#1213810).
- commit dfb76f0

- Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)
  Deleted:
  patches.suse/drm-amd-display-Add-wrapper-to-call-planes-and-strea.patch
  patches.suse/drm-amd-display-Use-dc_update_planes_and_stream.patch
  Refreshed:
  patches.suse/drm-amd-display-fix-the-system-hang-while-disable-PS.patch
- commit b04dd6d

- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy
  (git-fixes).
- Revert "usb: gadget: tegra-xudc: Fix error check in
  tegra_xudc_powerdomain_init()" (git-fixes).
- Revert "usb: xhci: tegra: Fix error check" (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in
  usb_gadget_activate (git-fixes).
- Revert "usb: dwc3: core: Enable AutoRetry feature in the
  controller" (git-fixes).
- Revert "xhci: add quirk for host controllers that don't update
  endpoint DCS" (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- usb: dwc3: don't reset device side if dwc3 was configured as
  host-only (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section
  (git-fixes).
- Documentation: devices.txt: reconcile serial/ucc_uart minor
  numers (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- staging: ks7010: potential buffer overflow in
  ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv()
  (git-fixes).
- Revert "debugfs, coccinelle: check for obsolete
  DEFINE_SIMPLE_ATTRIBUTE() usage" (git-fixes).
- commit 68f52c9

- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- commit c2f8329

- RDMA/irdma: Report correct WC error (git-fixes)
- commit bbd2277

- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- commit 9cf2e90

- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- commit 88338bc

- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- commit cea614e

- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- commit 9675e7a

- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- commit 2321b3b

- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- commit ea2e3ca

- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- commit 0780ef4

- RDMA/irdma: Add missing read barriers (git-fixes)
- commit 495eb3b

- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- commit 67b00ed

- ALSA: usb-audio: Update for native DSD support quirks
  (git-fixes).
- commit 43f1612

- ASoC: atmel: Fix the 8K sample parameter in I2SC master
  (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0
  (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register
  (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events
  (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- commit e160036

- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update
  (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative
  temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1
  disabled (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in
  a5xx_submit_in_rb() (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- commit 2f04296

- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- commit 5a72d04

- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- commit 179babc

- x86/srso: Add IBPB (bsc#1213287, CVE-2023-20569).
- commit 2cb8ed9

- x86/srso: Add SRSO_NO support (bsc#1213287, CVE-2023-20569).
- commit 17c6a41

- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- commit ad8acc9

- x86/cpu, kvm: Add support for CPUID_80000021_EAX (bsc#1213287, CVE-2023-20569).
- Refresh patches.suse/x86-cpufeatures-add-kabi-padding.patch.
- commit fe91ad7

- x86/srso: Add IBPB_BRTYPE support (bsc#1213287, CVE-2023-20569).
- commit f111fdf

- KVM: arm64: Don't read a HW interrupt pending state in user context (git-fixes)
- commit ffcb733

- KVM: Don't null dereference ops->destroy (git-fixes)
- commit 3407958

- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- commit f80bc2c

- x86: Sanitize linker script (bsc#1213287, CVE-2023-20569).
- commit 16a308d

- nvme-pci: fix DMA direction of unmapping integrity data
  (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- commit 3d56665

- x86/retbleed: Add __x86_return_thunk alignment checks (bsc#1213287, CVE-2023-20569).
- commit 7bc51ed

- scsi: lpfc: Copyright updates for 14.2.0.14 patches
  (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting
  (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths
  (bsc#1213756).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout
  error is detected (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling
  unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only
  for Target Functions (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk
  and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN
  (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl
  for loop topology (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message
  (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from
  driver's trace buffer (bsc#1213756).
- scsi: lpfc: Fix a possible data race in
  lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI
  and VMID paths (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy()
  (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member
  (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg
  loopback path (bsc#1213756).
- commit 3d33912

- blacklist.conf: add commit 122deabfe142 ("ubifs: dirty_cow_znode: Fix
  memleak in error handling path")
  This is reverted in commit 7d01cb27f6ae ("Revert "ubifs:
  dirty_cow_znode: Fix memleak in error handling path"")
- commit b666937

- ubifs: Fix memory leak in do_rename (git-fixes).
- commit 9147a2c

- x86/srso: Add a Speculative RAS Overflow mitigation (bsc#1213287, CVE-2023-20569).
- commit 3021432

- afs: Fix server->active leak in afs_put_server (git-fixes).
- commit 214e9da

- afs: Fix dynamic root getattr (git-fixes).
- commit edbfecf

- jffs2: GC deadlock reading a page that is used in
  jffs2_write_begin() (git-fixes).
- commit d4f2e0b

- jffs2: reduce stack usage in jffs2_build_xattr_subsystem()
  (git-fixes).
- commit 5f487ee

- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- commit 359ea76

- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- commit 47521cf

- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- commit 3127ba1

- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
  (git-fixes).
- commit 629e159

- ubifs: Free memory for tmpfile name (git-fixes).
- commit b8a1ad9

- ubifs: ubifs_writepage: Mark page dirty after writing inode
  failed (git-fixes).
- commit 840e02c

- ubifs: Re-statistic cleaned znode count if commit failed
  (git-fixes).
- commit 8fb0e1e

- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- commit 8e663ab

- ubifs: Reserve one leb for each journal head while doing budget
  (git-fixes).
- commit cbe6386

- ubifs: do_rename: Fix wrong space budget when target inode's
  nlink > 1 (git-fixes).
- commit b6963c0

- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- commit b3864d7

- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- commit 567a5c8

- ubifs: Rectify space budget for ubifs_symlink() if symlink is
  encrypted (git-fixes).
- commit 3474d4d

- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Adjust IOCB resource on qpair create
  (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp()
  (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue
  (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport()
  (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference
  (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with
  DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode
  (bsc#1213747).
- commit e04dc4d

- ubifs: Fix build errors as symbol undefined (git-fixes).
- commit 003e06c

- series: udpate metadata
  Refresh
- patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
- commit 3672423

- ubifs: Fix AA deadlock when setting xattr for encrypted file
  (git-fixes).
- commit 905856b

- ubifs: rename_whiteout: correct old_dir size computing
  (git-fixes).
- commit 746fc1a

- ubifs: Fix to add refcount once page is set private (git-fixes).
- commit eb16186

- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock()
  (git-fixes).
- commit ec064eb

- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- commit 44d5601

- ubifs: Rectify space amount budget for mkdir/tmpfile operations
  (git-fixes).
- commit 5c3e281

- x86/returnthunk: Allow different return thunks (bsc#1213287, CVE-2023-20569).
- commit 9047ebd

- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback
  work (git-fixes).
- commit f4b451d

- ubifs: Rename whiteout atomically (git-fixes).
- commit eb7797d

- ubifs: Add missing iput if do_tmpfile() failed in rename
  whiteout (git-fixes).
- commit 6d376e9

- ubifs: Fix deadlock in concurrent rename whiteout and inode
  writeback (git-fixes).
- commit fcb2f4b

- ubifs: rename_whiteout: Fix double free for whiteout_ui->data
  (git-fixes).
- commit 289d359

- ubifs: Error path in ubifs_remount_rw() seems to wrongly free
  write buffers (git-fixes).
- commit 90b0b69

- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- commit 6a5ab84

- fs: dlm: move sending fin message into state change handling
  (git-fixes).
- commit dab00d6

- fs: dlm: don't set stop rx flag after node reset (git-fixes).
- commit 4b30eff

- fs: dlm: start midcomms before scand (git-fixes).
- commit a80feb6

- fs: dlm: add midcomms init/start functions (git-fixes).
- commit 1f391d7

- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- commit d7af52c

- fs: dlm: retry accept() until -EAGAIN or error returns
  (git-fixes).
- commit 8d74a84

- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- commit 8503974

- fs: dlm: fix race between test_bit() and queue_work()
  (git-fixes).
- commit a237b08

- fs: dlm: fix race in lowcomms (git-fixes).
- commit 92fc0f8

- dlm: fix missing lkb refcount handling (git-fixes).
- commit 263b40e

- dlm: fix plock invalid read (git-fixes).
- commit 7bcd1e8

- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- commit 38ca134

- afs: Fix vlserver probe RTT handling (git-fixes).
- commit fc1925d

- afs: Fix setting of mtime when creating a file/dir/symlink
  (git-fixes).
- commit 6bbf246

- afs: Fix updating of i_size with dv jump from server
  (git-fixes).
- commit 6731933

- afs: Fix lost servers_outstanding count (git-fixes).
- commit 29cfb62

- afs: Fix fileserver probe RTT handling (git-fixes).
- commit b1a6d0f

- afs: Use the operation issue time instead of the reply time
  for callbacks (git-fixes).
- commit dce7453

- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked
  (git-fixes).
- commit 856031a

- afs: Fix access after dec in put functions (git-fixes).
- commit 7e9acb5

- afs: Use refcount_t rather than atomic_t (git-fixes).
- commit ee87d6d

- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- commit e319694

- afs: Adjust ACK interpretation to try and cope with NAT
  (git-fixes).
- commit 0170794

- rxrpc, afs: Fix selection of abort codes (git-fixes).
- commit 6b22544

- afs: Fix afs_getattr() to refetch file status if callback
  break occurred (git-fixes).
- commit 610ac25

- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- commit a4211ac

- fs: hfsplus: remove WARN_ON() from
  hfsplus_cat_{read,write}_inode() (git-fixes).
- commit e720f69

- FS: JFS: Check for read-only mounted filesystem in txBegin
  (git-fixes).
- commit 74fc884

- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- commit ded2fdb

- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
  (git-fixes).
- commit d3b12be

- jfs: jfs_dmap: Validate db_l2nbperpage while mounting
  (git-fixes).
- commit cb7cfeb

- net: mana: Use the correct WQE count for ringing RQ doorbell
  (bsc#1212901).
- net: mana: Batch ringing RX queue doorbell on receiving packets
  (bsc#1212901).
- commit de409ae

- kernel-binary.spec.in: Remove superfluous %% in Supplements
  Fixes: 02b7735e0caf ("rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs")
- commit 264db74

- pinctrl: amd: Don't show `Invalid config param` errors
  (git-fixes).
- commit 924f82b

- can: gs_usb: gs_can_close(): add missing set of CAN state to
  CAN_STATE_STOPPED (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- phy: hisilicon: Fix an out of bounds check in
  hisi_inno_phy_probe() (git-fixes).
- regmap: Account for register length in SMBus I/O limits
  (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes
  (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31
  (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic
  (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe
  (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options
  (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init
  (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy
  (git-fixes).
- commit a35f25e

- io_uring: ensure IOPOLL locks around deferred work (bsc#1213272
  CVE-2023-21400).
- commit 744cfeb

- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are
  unsupported (git-fixes).
- commit 34f9d1f

- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled
  (CR0.PG==0) (git-fixes).
- commit 6d14c23

- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- commit fe48bf1

- KVM: x86: Account fastpath-only VM-Exits in vCPU stats
  (git-fixes).
- commit c6619e5

- Delete patches.suse/memcg-drop-kmem-limit_in_bytes.patch.
  Drop the patch in order to fix bsc#1213705.
- commit 28a2488

- vhost: support PACKED when setting-getting vring_base
  (git-fixes).
- commit 0bfd988

- vhost_net: revert upend_idx only on retriable error (git-fixes).
- commit 8b2dc73

- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes
  bsc#1213715).
- commit 6879f59

- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- commit 48f331c

- virtio_net: Fix error unwinding of XDP initialization
  (git-fixes).
- commit a90e297

- virtio-net: Maintain reverse cleanup order (git-fixes).
- commit ee47906

- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- commit a5c9518

- xen/pvcalls-back: fix double frees with
  pvcalls_new_active_socket() (git-fixes).
- commit ae3a872

- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- commit 05a3279

- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind
  U100 (git-fixes).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- commit 29a4c8a

- net/sched: cls_fw: Fix improper refcount update leads to
  use-after-free (CVE-2023-3776 bsc#1213588).
- commit 057a69b

- block, bfq: Fix division by zero error on zero wsum
  (bsc#1213653).
- commit da28d59

- Update
  patches.suse/vc_screen-don-t-clobber-return-value-in-vcs_read.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
- Update
  patches.suse/vc_screen-modify-vcs_size-handling-in-vcs_read.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
- Update
  patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
  (git-fixes bsc#1213167 CVE-2023-3567).
  Add references.
- commit 86b316a

- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in
  HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- commit ad56bc8

- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset
  (bsc#1207129).
- commit 6298aeb

- Revert "NFSv4: Retry LOCK on OLD_STATEID during delegation
  return" (git-fixes).
- NFSv4.1: freeze the session table upon receiving
  NFS4ERR_BADSESSION (git-fixes).
- svcrdma: Prevent page release when nothing was received
  (git-fixes).
- NFSD: add encoding of op_recall flag for write delegation
  (git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd()
  (git-fixes).
- NFSD: Remove open coding of string copy (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request
  (git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status
  (git-fixes).
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease
  (git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- NFSD: Fix sparse warning (git-fixes).
- commit 8c604d4

- net/sched: cls_u32: Fix reference counter leak leading to
  overflow (CVE-2023-3609 bsc#1213586).
- commit e129a1f

- net/sched: sch_qfq: account for stab overhead in qfq_enqueue
  (CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU
  (bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters
  (bsc#1213585).
- commit 67a1d0b

- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- commit cb2f513

- pinctrl: amd: Detect internal GPIO0 debounce handling
  (git-fixes).
- commit 2209e7e

- drm/msm/disp/dpu: get timing engine status from intf status
  register (git-fixes).
- Refresh
  patches.suse/drm-msm-dpu-Remove-duplicate-register-defines-from-I.patch.
- commit 01f0700

- usb: dwc2: platform: Improve error reporting for problems
  during .remove() (git-fixes).
- Refresh
  patches.suse/usb-dwc2-Fix-some-error-handling-paths.patch.
- commit c99cdac

- drm/atomic: Fix potential use-after-free in nonblocking commits
  (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0
  (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop
  (git-fixes).
- i2c: xiic: Don't try to handle more interrupt events after error
  (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always
  valid in VM (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform
  (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235
  (git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold
  (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup
  (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK
  (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh "disable"
  (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts()
  implementation (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring
  on ADM1272 (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec
  offload test (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev
  rename (git-fixes).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit
  DMA mode is used (git-fixes).
- kselftest: vDSO: Fix accumulation of uninitialized ret when
  CLOCK_REALTIME is undefined (git-fixes).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error
  (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- wifi: ray_cs: Drop useless status variable in parse_addr()
  (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in
  xiic_process() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- commit 87a543d

- rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
- commit ec82ffc

- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- commit a2d37c4

- xfs: run callbacks before waking waiters in
  xlog_state_shutdown_callbacks (bsc#1211811).
- commit 602a6b0

- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component
  remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove
  (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling
  (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR
  (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race
  (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race
  (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- commit 2c27c0a

- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops
  (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- commit 61a595d

- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp
  (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe
  (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- commit 61676e6

- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- commit b52f8c8

- xfs: async CIL flushes need pending pushes to be made stable
  (bsc#1211811).
- commit a7a8e83

- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- commit bdc017f

- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- commit 41681a2

- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- commit df27a10

- xfs: order CIL checkpoint start records (bsc#1211811).
- commit 1723063

- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state()
  (bsc#1211811).
- commit 7d0f707

- xfs: don't run shutdown callbacks on active iclogs
  (bsc#1211811).
- Refresh patches.suse/xfs-pass-a-CIL-context-to-xlog_write.patch.
- commit bbe5b6f

- xfs: separate out log shutdown callback processing
  (bsc#1211811).
- commit 8739ead

- xfs: rework xlog_state_do_callback() (bsc#1211811).
- commit e073f75

- xfs: factor out log write ordering from xlog_cil_push_work()
  (bsc#1211811).
- commit 9190d3a

- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- Delete
  patches.suse/xfs-drop-async-cache-flushes-from-CIL-commits.patch.
- commit 32853a9

- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- commit 90fa477

- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- commit b415a31

- Update
  patches.suse/net-tun-fix-bugs-for-oversize-packet-when-napi-frags.patch
  (git-fixes CVE-2023-3812 bsc#1213543).
  Added CVE reference.
- commit 98bd6ff

- drm/client: Fix memory leak in drm_client_target_cloned
  (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init()
  (git-fixes).
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- rsi: remove kernel-doc comment marker (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- commit a53eee1

- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
  (CVE-2023-35001 bsc#1213059).
- netfilter: nf_tables: do not ignore genmask when looking up
  chain by id (CVE-2023-31248 bsc#1213061).
- commit 2165cfd

- uaccess: Add speculation barrier to copy_from_user()
  (bsc#1211738 CVE-2023-0459).
- commit 444186d

- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: don't invalidate if interrupted (bsc#1213523).
- commit 6e0bfdd

- netfilter: nf_tables: incorrect error path handling with
  NFT_MSG_NEWRULE (CVE-2023-3390 CVE-2023-3117 bsc#1212846
  bsc#1213245).
- commit fc1ae7b

- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- commit aa4b0be

- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- commit 9f327b6

- x86/speculation: Add force option to GDS mitigation (bsc#1206418, CVE-2022-40982).
- commit a0b814b

- x86/speculation: Add Gather Data Sampling mitigation (bsc#1206418, CVE-2022-40982).
- commit bc512dd

- xfs: don't deplete the reserve pool when trying to shrink the fs
  (git-fixes).
- commit 5a2f80d

- xfs: don't reverse order of items in bulk AIL insertion
  (git-fixes).
- commit d6e35fc

- xfs: fix logdev fsmap query result filtering (git-fixes).
- commit c455cfa

- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- commit 48d04d0

- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- commit c0bf1f4

- xfs: fix integer overflows in the fsmap rtbitmap and logdev
  backends (git-fixes).
- commit 2722715

- xfs: fix interval filtering in multi-step fsmap queries
  (git-fixes).
- commit bdbe0c0

- xfs: fix uninitialized variable access (git-fixes).
- commit 00489cf

- xfs: pass explicit mount pointer to rtalloc query functions
  (git-fixes).
- commit 8dd0d7d

- xfs: make the record pointer passed to query_range functions
  const (git-fixes).
- commit f3907e2

- xfs: make fsmap backend function key parameters const
  (git-fixes).
- commit f2d77e2

- xfs: fix off-by-one error when the last rt extent is in use
  (git-fixes).
- commit 6038622

- ocfs2: Switch to security_inode_init_security() (git-fixes).
- commit a16070d

- ocfs2: check new file size on fallocate call (git-fixes).
- commit 3af0daa

- ocfs2: fix use-after-free when unmounting read-only filesystem
  (git-fixes).
- commit 32172b2

- smb: client: fix missed ses refcounting (git-fixes).
- commit 1464145

- powerpc/security: Fix Speculation_Store_Bypass reporting on
  Power10 (bsc#1188885 ltc#193722 git-fixes).
- commit 298c13e

- Refresh
  patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch.
- commit d8bebeb

- security: keys: Modify mismatched function name (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation
  (git-fixes).
- commit 9b8aa64

- x86/cpu/amd: Add a Zenbleed fix (bsc#1213286, CVE-2023-20593).
- commit e269335

- x86/cpu/amd: Move the errata checking functionality up (bsc#1213286, CVE-2023-20593).
- commit 74df26d

- usb: gadget: udc: core: Prevent soft_connect_store() race
  (git-fixes).
- commit b1dbc3a

- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
  (git-fixes).
- commit bc06187

- rpm: Update dependency to match current kmod.
- commit d687dc3

- usb: dwc2: Fix some error handling paths (git-fixes).
- commit b3ae2f4

- blacklist.conf: optimization
- commit 9e3e296

- blacklist.conf: Blacklist redundant patch
- commit 48411ae

- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- commit 80dd531

- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- commit beb79bd

- Revert "arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- commit d0d71ee

- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- commit ada238c

- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- commit c9bacb3

- spi: bcm63xx: fix max prepend length (git-fixes).
- commit 656db51

- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode
  flags (git-fixes).
- drm/ttm: Don't leak a resource on swapout move error
  (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24
  (git-fixes).
- wifi: rtw89: debug: fix error code in
  rtw89_debug_priv_send_h2c_set() (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate()
  (git-fixes).
- commit d32565b

- net: mana: Add support for vlan tagging (bsc#1212301).
- commit b4b8120

- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU
  ld < 2.36 (git-fixes bsc#1213264).
- commit 02c9941

- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes
  bsc#1213263).
- commit ddf8224

- blacklist.conf: clang warning
- commit e4ffa77

- s390/ap: fix status returned by ap_aqic() (git-fixes
  bsc#1213259).
- commit 5299a79

- s390/ap: fix status returned by ap_qact() (git-fixes
  bsc#1213258).
- commit 43d22ed

- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple()
  (git-fixes bsc#1213252).
- commit c694863

- s390: discard .interp section (git-fixes bsc#1213247).
- commit 227bb94

- smb: client: remove redundant pointer 'server' (bsc#1193629).
- commit 20babff

- cifs: fix session state transition to avoid use-after-free issue
  (bsc#1193629).
- commit a0e7e51

- cifs: new dynamic tracepoint to track ses not found errors
  (bsc#1193629).
- commit 79e9e86

- cifs: log session id when a matching ses is not found
  (bsc#1193629).
- commit 920ccfd

- smb: client: improve DFS mount check (bsc#1193629).
- commit 8dd4bf1

- smb: client: fix shared DFS root mounts with different prefixes
  (bsc#1193629).
- commit 4ae5a6b

- smb: client: fix parsing of source mount option (bsc#1193629).
- commit 2375f35

- smb: client: fix broken file attrs with nodfs mounts
  (bsc#1193629).
- commit cf3707b

- cifs: print client_guid in DebugData (bsc#1193629).
- commit edd7762

- cifs: fix session state check in smb2_find_smb_ses
  (bsc#1193629).
- commit 8dbfb28

- cifs: fix session state check in reconnect to avoid
  use-after-free issue (bsc#1193629).
- commit 6191deb

- cifs: do all necessary checks for credits within or before
  locking (bsc#1193629).
- commit 5bb05f4

- cifs: prevent use-after-free by freeing the cfile later
  (bsc#1193629).
- commit b7bc433

- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- commit f671e4f

- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- commit d1f13ae

- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- commit 01673ee

- smb3: do not reserve too many oplock credits (bsc#1193629).
- commit 73fb9a2

- cifs: print more detail when invalidate_inode_mapping fails
  (bsc#1193629).
- commit a875165

- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- commit 28577bd

- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- commit c6a889a

- cifs: print nosharesock value while dumping mount options
  (bsc#1193629).
- commit 4243019

- Refresh
  patches.suse/x86-xen-fix-secondary-processor-fpu-initialization.patch.
- commit 011270e

- x86: Fix .brk attribute in linker script (git-fixes).
- commit cacd6a8

- blacklist.conf: Blacklist 23ee27dce30e and dc94bb8f271c
- commit aa7880b

- Update patches.suse/fs-hfsplus-fix-UAF-issue-in-hfsplus_put_super.patch (CVE-2023-2985, bsc#1211867).
- commit b8edf00

- kabi/severities: Add VAS symbols changed due to recent fix
  VAS accelerators are directly tied to the architecture, there is no
  reason to have out-of-tree production drivers
- commit a0d0af6

- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- commit d8a2ca6

- blacklist.conf: Unapplicable ppc fixes
- commit 1d050a8

- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo
  (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs
  (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before
  dereferencing iov (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/interrupt: Don't read MSR from
  interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init()
  (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is
  complete (bsc#1194869).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses
  (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in
  vas_rx_win_attr (bsc#1194869).
- powerpc: define get_cycles macro for arch-override
  (bsc#1194869).
- powerpc/secvar: fix refcount leak in format_show()
  (bsc#1194869).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with
  force_fatal_sig(SIGSEGV) (bsc#1194869).
- signal/powerpc: On swapcontext failure force SIGSEGV
  (bsc#1194869).
- commit 42f7ecb

- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME
  They depend on CONFIG_TOOLCHAIN_HAS_*.
- commit 1007103

- powerpc/mm/dax: Fix the condition when checking if altmap
  vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- commit 19eb287

- blacklist.conf: No 32bit signals on ppc64
- commit f2f83b0

- blacklist.conf: d9e5c3e9e751 powerpc: Export mmu_feature_keys[] as
  non-GPL
- commit 5cb5bd5

- blacklist.conf: b74196af372f powerpc/fadump: Fix fadump to work with a
  different endian capture kernel
  This changes the shared data from LE to BE for our kernel.
- commit 9bc7a26

- NTB: ntb_tool: Add check for devm_kcalloc (git-fixes).
- NTB: ntb_transport: fix possible memory leak while
  device_register() fails (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init()
  (git-fixes).
- NTB: amd: Fix error handling in amd_ntb_pci_driver_init()
  (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init()
  (git-fixes).
- commit e2532ad

- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation
  helpers (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data
  race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760
  (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: fireface: make read-only const array for model names
  static (git-fixes).
- ALSA: oxfw: make read-only const array models static
  (git-fixes).
- commit 588fb29

- Fix documentation of panic_on_warn (git-fixes).
- commit d3bc78b

- ALSA: hda/realtek: Whitespace fix (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast
  (git-fixes).
- Revert "drm/amd/display: edp do not add non-edid timings"
  (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast
  wake times (git-fixes).
- commit 5cd5af9

- ubi: Fix failure attaching when vid_hdr offset equals to
  (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc,
  size (bsc#1210584).
- commit d00dadd

- hvcs: Synchronize hotplug remove with port free (bsc#1213134
  ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134
  ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes
  (bsc#1213134 ltc#202861).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- commit bcb2fb0

- fixup ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch
- commit da8cf7d

- Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes,
  bsc#1210853).
- commit c3e9aec

- blacklist.conf: Blacklist b87c7cdf2bed
- commit 6e43578

- add mainline tags to five pci_hyperv patches
- commit 6e402f4

- spi: bcm-qspi: return error if neither hif_mspi nor mspi is
  available (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in
  "compatible" conditional schema (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc()
  (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev
  (git-fixes).
- phy: Revert "phy: Remove SOC_EXYNOS4212 dep. from
  PHY_EXYNOS4X12_USB" (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark
  (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact
  update (git-fixes).
- docs: networking: Update codeaurora references for rmnet
  (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs
  (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend
  (git-fixes).
- soundwire: qcom: fix storing port config out-of-bounds
  (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: atomisp: gmin_platform: fix out_len in
  gmin_get_config_dsm_var() (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two
  (git-fixes).
- media: i2c: Correct format propagation for st-mipid02
  (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function
  pointer (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment
  (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay
  (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical
  (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- commit 50938e1

- udf: Detect system inodes linked into directory hierarchy
  (bsc#1213114).
- commit 94969d9

- udf: Preserve link count of system files (bsc#1213113).
- commit 796148e

- udf: Do not update file length for failed writes to inline files
  (bsc#1213041).
- commit 7c424ea

- udf: Do not bother merging very long extents (bsc#1213040).
- commit 2bbc059

- udf: Truncate added extents on failed expansion (bsc#1213039).
- commit 570559c

- udf: Define EFSCORRUPTED error code (bsc#1213038).
- commit a788ad0

- udf: Fix extending file within last block (bsc#1213037).
- commit 03c1b38

- udf: Discard preallocation before extending file with a hole
  (bsc#1213036).
- commit 1574fab

- udf: Do not bother looking for prealloc extents if i_lenExtents
  matches i_size (bsc#1213035).
- commit 55f8d82

- udf: Fix preallocation discarding at indirect extent boundary
  (bsc#1213034).
- commit dd71a49

- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- commit b7363e8

- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- commit 36daa9d

- writeback: fix call of incorrect macro (bsc#1213024).
- commit 3d9859a

- blacklist.conf: Blacklist e730558adffb
- commit dfc29a7

- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- commit 663980c

- ext4: fix bug_on in __es_tree_search caused by bad quota inode
  (bsc#1213111).
- commit d2402bb

- ext4: fix to check return value of freeze_bdev() in
  ext4_shutdown() (bsc#1213021).
- commit 8a5e5cc

- ext4: turn quotas off if mount failed after enabling quotas
  (bsc#1213110).
- commit 54ce041

- ext4: Fix reusing stale buffer heads from last failed mounting
  (bsc#1213020).
- commit b4e9a35

- ext4: only update i_reserved_data_blocks on successful block
  allocation (bsc#1213019).
- commit 05b1124

- blacklist.conf: Blacklist dea9d8f7643f
- commit 5f3f2c9

- blacklist.conf: Blacklist eb1f822c76be and 1b2924393309
- commit dfea016

- ext4: add lockdep annotations for i_data_sem for ea_inode's
  (bsc#1213109).
- commit bd7e51d

- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- commit 8d79354

- ext4: set lockdep subclass for the ea_inode in
  ext4_xattr_inode_cache_find() (bsc#1213107).
- commit 086e29e

- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- commit 6f2cbde

- ext4: bail out of ext4_xattr_ibody_get() fails for any reason
  (bsc#1213018).
- commit 688805b

- blacklist.conf: Blacklist 2220eaf90992
- commit 646c4d8

- ext4: fix deadlock when converting an inline directory in
  nojournal mode (bsc#1213105).
- commit cce4da1

- ext4: improve error recovery code paths in __ext4_remount()
  (bsc#1213017).
- commit 29aa4fc

- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- commit eb9fd41

- ext4: check iomap type only if ext4_iomap_begin() does not fail
  (bsc#1213103).
- commit 0e400a2

- blacklist.conf: Blacklist 4f04351888a8
- commit 3ec5acd

- ext4: fix data races when using cached status extents
  (bsc#1213102).
- commit 5ba34cb

- ext4: avoid deadlock in fs reclaim with page writeback
  (bsc#1213016).
- commit 1d798af

- blacklist.conf: Blacklist 463808f237cf
- commit 8ab6243

- blacklist.conf: Blacklist 5354b2af3406
- commit af1acbd

- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- commit 12832e4

- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- commit cf6660d

- ext4: fix use-after-free read in ext4_find_extent for bigalloc +
  inline (bsc#1213098).
- commit 4e5840b

- ext4: fix i_disksize exceeding i_size problem in paritally
  written case (bsc#1213015).
- commit 4f1e279

- jdb2: Don't refuse invalidation of already invalidated buffers
  (bsc#1213014).
- commit 02a11f8

- blacklist.conf: Blacklist 93cdf49f6eca
- commit 3fbd00a

- blacklist.conf: Blacklist 01e4ca294517
- commit d9ac63d

- ext4: zero i_disksize when initializing the bootloader inode
  (bsc#1213013).
- commit 659d07a

- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- commit e942503

- ext4: move where set the MAY_INLINE_DATA flag is set
  (bsc#1213011).
- commit 414128b

- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- commit c860105

- jbd2: fix data missing when reusing bh which is ready to be
  checkpointed (bsc#1213095).
- commit fba1499

- ext4: update s_journal_inum if it changes after journal replay
  (bsc#1213094).
- commit 555a671

- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- commit e1a7504

- ext4: refuse to create ea block when umounted (bsc#1213093).
- commit 0a1540e

- blacklist.conf: Blacklist 1e9d62d25281
- commit ec4ee27

- ext4: use ext4_fc_tl_mem in fast-commit replay path
  (bsc#1213092).
- commit 52602e2

- ext4: block range must be validated before use in
  ext4_mb_clear_bb() (bsc#1213090).
- commit 1a54a0f

- ext4: add strict range checks while freeing blocks
  (bsc#1213089).
- commit 48fbaec

- ext4: add ext4_sb_block_valid() refactored out of
  ext4_inode_block_valid() (bsc#1213088).
- commit 29b9d07

- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb()
  (bsc#1213087).
- commit 8815a41

- blacklist.conf: Blacklist 3bbef91bdd21
- commit aca1605

- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- commit 2665c42

- nvme-multipath: support io stats on the mpath device
  (bsc#1210565).
- nvme: introduce nvme_start_request (bsc#1210565).
- commit 3351644

- opp: Fix use-after-free in lazy_opp_tables after probe deferral
  (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks
  (git-fixes).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera
  GDSCs (git-fixes).
- commit aa116bc

- net/sched: tcindex: Do not use perfect hashing (bsc#1210335
  CVE-2023-1829).
- commit 28b65ec

- blacklist.conf: Add 3d2af77e31ad blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats()
- commit 84acea1

- blacklist.conf: Add 6f363f5aa845 cgroup: Do not corrupt task iteration when rebinding subsystem
- commit 71728c0

- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- commit 073b9b6

- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- commit f0ad26b

- extcon: usbc-tusb320: Unregister typec port on driver removal
  (git-fixes).
- commit b2eac46

- usb: dwc3: gadget: Propagate core init errors to UDC during
  pullup (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in
  dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe()
  (git-fixes).
- usb: dwc3: qcom: Release the correct resources in
  dwc3_qcom_remove() (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event
  (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions
  (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe()
  (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend
  (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- serial: atmel: don't enable IRQs prematurely (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system
  suspend (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
  s3c24xx_serial_getclk() when iterating clk (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in
  s3c24xx_serial_getclk() in case of error (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq()
  (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq()
  (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register
  (git-fixes).
- extcon: Fix kernel doc of property capability fields to avoid
  warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings
  (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count
  (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in
  svc_create_memory_pool() (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory
  allocation (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for
  FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type
  (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection
  (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access
  (git-fixes).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled
  (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource
  (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0
  (git-fixes).
- rtc: st-lpc: Release some resources in st_rtc_probe() in case
  of error (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ
  pending (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a
  port is registered (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- commit 5d09f51

- cifs: add a warning when the in-flight count goes negative
  (bsc#1193629).
- commit b5356cb

- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- commit 4a371a3

- cifs: fix max_credits implementation (bsc#1193629).
- commit 54568db

- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- commit f115649

- cifs: print all credit counters in DebugData (bsc#1193629).
- commit cfab0d3

- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- commit db74448

- smb: remove obsolete comment (bsc#1193629).
- commit dbdd811

- cifs: address unused variable warning (bsc#1193629).
- commit 2c0db9f

- smb: delete an unnecessary statement (bsc#1193629).
- commit 8263cc2

- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- commit f544a57

- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603
  ltc#202604).
- commit 9cf4e75

- Move upstreamed x86, scsi and arm patches into sorted section
- commit 68279fe

- x86/xen: fix secondary processor fpu initialization
  (bsc#1212869).
- commit 8ea47f4

- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- commit 4610493

- RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
- commit 3193b97

- RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- commit 4a80233

- RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
- commit c5a9ac4

- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- commit 030725c

- RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- commit 9e18a28

- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- commit 5d11670

- RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
- commit 465a1cc

- RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
- commit a16408a

- RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- commit 5b86f20

- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- commit 5fd5166

- RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
- commit 4d45831

- RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- commit 0f82e06

- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- commit fa23528

- hwrng: st - keep clock enabled while hwrng is registered
  (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check
  (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled
  (git-fixes).
- commit f87750a

- Remove more packaging cruft for SLE < 12 SP3
- commit a16781c

- PCI: endpoint: Add missing documentation about the MSI/MSI-X
  range (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test
  (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device
  (git-fixes).
- PCI: vmd: Reset VMD config register between soft reboots
  (git-fixes).
- PCI: rockchip: Set address alignment for endpoint mode
  (git-fixes).
- PCI: rockchip: Use u32 variable to access 32-bit registers
  (git-fixes).
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe
  endpoint core (git-fixes).
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to
  be locked (git-fixes).
- PCI: rockchip: Assert PCI Configuration Enable bit after probe
  (git-fixes).
- PCI: rockchip: Write PCI Device ID to correct register
  (git-fixes).
- PCI: qcom: Disable write access to read only registers for IP
  v2.3.3 (git-fixes).
- PCI: ftpci100: Release the clock resources (git-fixes).
- PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- PCI: Release resource invalidated by coalescing (git-fixes).
- PCI: pciehp: Cancel bringup sequence if card is not present
  (git-fixes).
- PCI/ASPM: Disable ASPM on MFD function removal to avoid
  use-after-free (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull
  mode (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf()
  (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf()
  (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform
  profiles (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling
  (git-fixes).
- platform/x86: think-lmi: Correct System password interface
  (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI
  calls (git-fixes).
- commit 22e7ca3

- Get module prefix from kmod (bsc#1212835).
- commit f6691b0

- smb: move client and server files to common directory fs/smb
  (bsc#1193629).
- Update config and supported.conf files due to renaming.
- commit ae50c24

- blacklist.conf: gcc 12 issue
- commit 81cb1b7

- s390/gmap: voluntarily schedule during key setting (git-fixes
  bsc#1212892).
- commit 4ccd632

- ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio
  (git-fixes).
- commit 913f7b5

- rpm/check-for-config-changes: ignore also PAHOLE_HAS_*
  We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- commit 86b52c1

- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable
  (git-fixes).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use
  (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain
  (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables
  (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support
  (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not
  available (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dsi: don't allow enabling 14nm VCO with unprogrammed
  rate (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command
  parser (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging
  freesync video mode (git-fixes).
- drm/amd/display: drop redundant memset() in
  get_available_dsc_slices() (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated
  memory (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info
  change (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting
  (git-fixes).
- drm/panel: simple: fix active size for Ampire
  AM-480272H3TMQW-T01H (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in
  `sun4i_tcon_init_clocks` (git-fixes).
- drm/vram-helper: fix function names in vram helper doc
  (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation
  (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh
  (git-fixes).
- ASoC: imx-audmix: check return value of devm_kasprintf()
  (git-fixes).
- ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs
  (git-fixes).
- ASoC: es8316: Increment max value for ALC Capture Target Volume
  control (git-fixes).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer
  (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic
  boost on EliteBook (git-fixes).
- Input: adxl34x - do not hardcode interrupt trigger type
  (git-fixes).
- Input: drv260x - remove unused .reg_defaults (git-fixes).
- Input: drv260x - sleep between polling GO bit (git-fixes).
- Input: drv260x - fix typo in register value define (git-fixes).
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651
  (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in
  mipid_spi_probe() (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf()
  (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf()
  (git-fixes).
- clk: si5341: return error if one synth clock registration fails
  (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clk: Fix memory leak in devm_clk_notifier_register()
  (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in
  imx8mp_clocks_probe() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe
  (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free
  (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver
  (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- commit 7ae139a

- io_uring: hold uring mutex around poll removal (bsc#1212838
  CVE-2023-3389).
- commit e7c3e0b

- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- commit 9e8659c

- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- commit 3c403c0

- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown
  (git-fixes).
- commit b453224

- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
  With the module path adjustment applied as source patch only
  ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to
  non-usrmerged.
- commit dd9a820

- ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842
  CVE-2023-3090).
- commit 7062cce

- signal/s390: Use force_sigsegv in default_trap_handler
  (git-fixes bsc#1212861).
- commit 65a5c57

- blacklist.conf: cleanup commit
- commit 2bf2715

- tracing/timer: Add missing hrtimer modes to
  decode_hrtimer_mode() (git-fixes).
- commit ed0442b

- writeback: fix dereferencing NULL mapping->host on
  writeback_page_template (git-fixes).
- commit 9837e76

- x86/kprobes: Fix arch_check_optimized_kprobe check within
  optimized_kprobe range (git-fixes).
- commit 085878a

- blacklist.conf: gcc warnings for the newer version of the compiler
- commit 1dd8f7f

- btrfs: unset reloc control if transaction commit fails in
  prepare_to_relocate() (bsc#1212051 CVE-2023-3111).
- commit 8d54367

- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- commit cbfecbe

- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on
  (git-fixes).
- nvme-pci: add quirk for missing secondary temperature thresholds
  (git-fixes).
- commit 52de066

- RDMA/rxe: Fix rxe_cq_post (git-fixes)
- commit 00af074

- IB/isert: Fix incorrect release of isert connection (git-fixes)
- commit e38bdbc

- IB/isert: Fix possible list corruption in CMA handler (git-fixes)
- commit 6bacb44

- IB/isert: Fix dead lock in ib_isert (git-fixes)
- commit ffd174a

- RDMA/mlx5: Fix affinity assignment (git-fixes)
- commit 29d122c

- RDMA/mlx5: Don't set tx affinity when lag is in hash mode (git-fixes)
- commit 2b5aac8

- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- commit 8f45747

- RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- commit fe78e01

- RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
- commit 361e585

- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- commit e6d3548

- RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- commit 1b7d9cb

- RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
- commit 7284531

- RDMA/rxe: Fix packet length checks (git-fixes)
- commit ca5d9e2

- RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- commit bdd8fdf

- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key()
  (git-fixes).
- wifi: ath9k: don't allow to overwrite ENDPOINT0 attributes
  (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection
  (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements
  (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in
  iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled
  (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not
  enabled (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe()
  (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe()
  (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe()
  (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in
  ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset
  calculation (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in
  mwifiex_ret_802_11_scan() (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase
  (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling
  (git-fixes).
- Revert "mtd: rawnand: arasan: Prevent an unsupported
  configuration" (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG
  (git-fixes).
- regulator: helper: Document ramp_delay parameter of
  regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: core: Fix more error checking for
  debugfs_create_dir() (git-fixes).
- pstore/ram: Add check for kstrdup (git-fixes).
- integrity: Fix possible multiple allocation in
  integrity_inode_get() (git-fixes).
- Revert "net: phy: dp83867: perform soft reset and retain
  established link" (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916
  (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads
  (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360
  (git-fixes).
- Input: soc_button_array - add invalid acpi_index DMI quirk
  handling (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- media: cec: core: don't set last_initiator if tx in progress
  (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- HID: wacom: Add error check to wacom_parse_and_register()
  (git-fixes).
- commit b21df60

- RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- commit d45f7dc

- RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
- commit e3cca5c

- RDMA/rxe: Remove the unused variable obj (git-fixes)
- commit 0081865

- can: isotp: isotp_sendmsg(): fix return error fix on TX path
  (git-fixes).
- can: kvaser_pciefd: Remove handler for unused
  KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register
  (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: make header self contained (git-fixes).
- elf: correct note name comment (git-fixes).
- drm/amd/display: fix the system hang while disable PSR
  (git-fixes).
- ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
- ASoC: simple-card: Add missing of_node_put() in case of error
  (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl
  (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/radeon: fix race condition UAF in
  radeon_gem_set_domain_ioctl (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update
  (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: Add minimal pipe split transition state
  (git-fixes).
- commit f746d09

- blacklist.conf: add git-fixes for nvme
- commit e4a757c

- x86/build: Avoid relocation information in final vmlinux
  (bsc#1187829).
- commit b248c02

- gfs2: Don't deref jdesc in evict (bsc#1212265 CVE-2023-3212).
- commit 2228e4a

- ice: Fix XDP memory leak when NIC is brought up and down
  (git-fixes).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix invalid check for empty list in
  ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom()
  (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe()
  (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active
  (git-fixes).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not
  sufficient (git-fixes).
- ice: Don't double unplug aux on peer initiated reset
  (git-fixes).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context
  (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: ethtool: Prohibit improper channel config for DCB
  (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice, xsk: Diversify return values from xsk_wakeup call paths
  (git-fixes).
- commit 6a47979

- thermal/drivers/sun8i: Fix some error handling paths in
  sun8i_ths_probe() (git-fixes).
- PM: domains: fix integer overflow issues in genpd_parse_state()
  (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in
  ttc_timer_probe (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors
  (git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function
  (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- commit bc06af3

- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- commit 95a40a6

- scsi: core: Improve warning message in scsi_device_block()
  (bsc#1209284).
- scsi: core: Don't wait for quiesce in scsi_device_block()
  (bsc#1209284).
- scsi: core: Don't wait for quiesce in scsi_stop_queue()
  (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and
  device_block() (bsc#1209284).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: bsg: Increase number of devices (bsc#1210048).
- commit 8f3e780

- Update references in the patch
  patches.suse/HID-intel_ish-hid-Add-check-for-ishtp_dma_tx_map.patch
  (git-fixes bsc#1212606 CVE-2023-3358).
- commit f3ebbc7

- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- commit 26e74c2

- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- commit e8ab3ef

- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- commit d73721e

- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- commit 958e41f

- powerpc/set_memory: Avoid spinlock recursion in
  change_page_attr() (bsc#1194869).
- commit c747d4c

- i2c: imx-lpi2c: fix type char overflow issue when calculating
  the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe()
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- ALSA: hda/realtek: Add "Intel Reference board" and "NUC 13"
  SSID in the ALC256 (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V
  (git-fixes).
- commit 607c980

- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled
  (bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall
  (bsc#1194869 bsc#1212701).
- commit 98497f8

- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from
  irq context (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- commit a8d1547

- HID: amd_sfh: Add missing check for dma_alloc_coherent
  (bsc#1212605 CVE-2023-3357).
- commit 1aef403

- net/mlx5: fix missing mutex_unlock in
  mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- commit f9de2c8

- Refresh
  patches.suse/mm-vmalloc-do-not-output-a-spurious-warning-when-huge-vmalloc-fails.patch.
  Update mainline status and sort the patch.
- commit 9716927

- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- commit 859dd00

- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- commit 3f14de3

- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET
  (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers
  (git-fixes).
- nilfs2: fix incomplete buffer cleanup in
  nilfs_btnode_abort_change_key() (git-fixes).
- test_firmware: prevent race conditions by a correct
  implementation of locking (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path
  (git-fixes).
- power: supply: Fix logic checking if system is running from
  battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of
  cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race
  (git-fixes).
- power: supply: ab8500: Fix external_power_changed race
  (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe()
  (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B,
  0xC0 (git-fixes).
- regulator: Fix error checking for debugfs_create_dir
  (git-fixes).
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool()
  (git-fixes).
- commit 571f9b4

- blacklist.conf: added drbd git-fix
  drbd in kernel no supported/used
- commit d232113

- s390/dasd: Use correct lock while counting channel queue length
  (git-fixes bsc#1212592).
- commit 3416e6e

- blacklist.conf: ("arm64: dts: colibri-imx8x: delete adc1 and dsp")
- commit eb24176

- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- commit 9aba35e

- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- commit ae23b2f

- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- commit 5cee83a

- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- commit bfb5d9b

- cgroup: Use cgroup_attach_{lock,unlock}() from
  cgroup_attach_task_all() (bsc#1212563).
- commit f39cb40

- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- commit 148b744

- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- commit 1e10d7b

- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- commit ae2a42d

- bpf: Fix UAF in task local storage (bsc#1212564).
- commit 26b737d

- cgroup: fix missing cpus_read_{lock,unlock}() in
  cgroup_transfer_tasks() (bsc#1212563).
- commit 2b82ccd

- mm/vmalloc: do not output a spurious warning when huge vmalloc()
  fails (bsc#1211410).
- commit ae4e43c

- cgroup: always put cset in cgroup_css_set_put_fork
  (bsc#1212561).
- commit ae170c0

- mm: vmalloc: avoid warn_alloc noise caused by fatal signal
  (bsc#1211410).
- commit 0352c7c

- Update References tag
  patches.suse/usb-gadget-udc-renesas_usb3-Fix-use-after-free-bug-i.patch
  (git-fixes bsc#1212513 CVE-2023-35828).
- commit 058d07e

- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep()
  (git-fixes).
- commit 7ecdfc8

- x86/mm: Initialize text poking earlier (bsc#1212448).
- Refresh patches.suse/init-provide-arch_cpu_finalize_init.patch.
- Refresh patches.suse/init-remove-check_bugs-leftovers.patch.
- commit fe545d9

- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- commit b8943a6

- Refresh patches.suse/init-invoke-arch_cpu_finalize_init-earlier.patch.
  Move arch_cpu_finalize_init() to the correct place.
- commit 87f94ba

- binfmt_elf: Take the mmap lock when walking the VMA list
  (bsc#1209039 CVE-2023-1249).
- commit bc9a5c4

- ceph: fix use-after-free bug for inodes when flushing capsnaps
  (bsc#1212540).
- commit c22ab50

- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- commit 985593a

- x86/microcode: Print previous version of microcode after reload
  (git-fixes).
- blacklist.conf: remove it
- Refresh
  patches.suse/x86-microcode-add-a-parameter-to-microcode_check-to-store-cpu-capabilities.patch.
- Refresh
  patches.suse/x86-microcode-adjust-late-loading-result-reporting-message.patch.
  Take the blacklisted commit instead of merging it into the second patch.
  Refresh the third one to the upstream version.
- commit b0493cf

- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter
  (git-fixes).
- blacklist.conf: remove it
- Refresh
  patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
  Take the blacklisted commit instead of merging it into the latter patch.
  This solves a bug in the latter patch backport as the patch now applies
  cleanly and no manual changes are needed.
- commit 7d65f32

- Update References tag
  patches.suse/media-rkvdec-fix-use-after-free-bug-in-rkvdec_remove.patch
  (git-fixes bsc#1212495 CVE-2023-35829).
- commit 85c0f24

- Move upstreamed thunderbolt patch into sorted section
- commit 375578f

- Update
  patches.suse/net-sched-flower-fix-possible-OOB-write-in-fl_set_ge.patch
  (CVE-2023-35788 bsc#1212504).
  Added CVE reference.
- commit 48e3971

- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- commit 9d2272d

- Update References tag
  patches.suse/media-saa7134-fix-use-after-free-bug-in-saa7134_fini.patch
  (git-fixes bsc#1212494 CVE-2023-35823).
- commit 6056471

- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks
  (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not
  accessible (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF
  (git-fixes).
- bnxt_en: Don't issue AP reset during ethtool's reset operation
  (git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add()
  (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt()
  (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit
  platforms (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- net/sched: fix initialization order when updating chain 0 head
  (git-fixes).
- commit 357e3aa

- staging: octeon: delete my name from TODO contact (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request
  (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when
  creating paths (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- commit 07ac6ad

- ALSA: usb-audio: Add quirk flag for HEM devices to enable
  native DSD playback (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state
  (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- commit f8fff8d

- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode
  (git-fixes).
- drm/nouveau: don't detect DSM for non-NVIDIA device (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- commit a872fd6

- Drop a buggy dvb-core fix patch (bsc#1205758)
  Also the kabi workaround is dropped, too
- commit 655bd4b

- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- commit 072fd20

- x86/fpu: Mark init functions __init (bsc#1212448).
- commit e8f4a8e

- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- commit 73b8e7c

- x86/init: Initialize signal frame size late (bsc#1212448).
- commit 95c2ee8

- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- commit a0f0e12

- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- commit 0ae852a

- init: Remove check_bugs() leftovers (bsc#1212448).
- commit 4db22bb

- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit fb20d0a

- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- commit 1d74981

- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- commit 54c49f5

- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- commit 07346cf

- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- commit 98e0ea3

- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- commit a8ca534

- blacklist.conf: ("mm: defer kmemleak object creation of module_alloc()")
- commit 98eb467

- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- commit cab9765

- blacklist.conf: ("arm64/bpf: Remove 128MB limit for BPF JIT programs")
- commit a3de279

- kernel-docs: Add buildrequires on python3-base when using python3
  The python3 binary is provided by python3-base.
- commit c5df526

- blacklist.conf: kABI breakage, removed exported symbol
- commit 470424a

- qed/qede: Fix scheduling while atomic (git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout
  (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix output information incomplete for dumping tx
  queue info with debugfs (git-fixes).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync
  packet (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt
  (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context
  (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind
  (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update
  (git-fixes).
- net: ena: Set default value for RX interrupt moderation
  (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection
  (git-fixes).
- net: ena: Account for the number of processed bytes in XDP
  (git-fixes).
- net: ena: Don't register memory info on XDP exchange
  (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR
  (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect
  after driver initialization (git-fixes).
- nfp: only report pause frame configuration for physical device
  (git-fixes).
- commit 099bed1

- drm/i915/selftests: Add some missing error propagation
  (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk
  (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol
  (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge
  length (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch
  (git-fixes).
- commit 120ec14

- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch
  failed (git-fixes).
- commit 2be82b5

- blacklist.conf: ("KVM: arm64: nvhe: Fix build with profile optimization")
- commit f894646

- KVM: arm64: Don't hypercall before EL2 init (git-fixes)
- commit d26dd54

- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- commit 6837f01

- KVM: arm64: Save PSTATE early on exit (git-fixes)
- commit d156653

- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- commit 7097157

- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- commit d5dcfa2

- blacklist.conf: build dependency fix
- commit b9cb9eb

- blacklist.conf: specific to Clang
- commit dbb2d18

- blacklist.conf: kABI
- commit c8b8dbc

- blacklist.conf: irrelevant in our kernel configs
- commit 147680e

- blacklist.conf: for compiler we don't use
- commit 5a08370

- tracing: Have event format check not flag %p* on
  __get_dynamic_array() (git-fixes, bsc#1212350).
- blacklist.conf: Remove the commit
- commit e1130da

- tracing: Update print fmt check to handle new __get_sockaddr()
  macro (git-fixes, bsc#1212350).
- commit 0b13d9e

- blacklist.conf: Drop already backported entry
- commit 21b7697

- dt-bindings: i3c: silvaco,i3c-master: fix missing schema
  restriction (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize
  ioctl (git-fixes).
- commit 9dcda7c

- vhost_vdpa: support PACKED when setting-getting vring_base
  (jsc#SLE-19253).
- net/mlx5: Read embedded cpu after init bit cleared
  (jsc#SLE-19253).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs
  (jsc#SLE-19253).
- net/mlx5e: Don't attach netdev profile while handling internal
  error (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device
  (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device
  (jsc#SLE-19253).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context
  (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device
  memory (jsc#SLE-19253).
- net/mlx5: DR, Check force-loopback RC QP capability
  independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE)
  CPUs (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget
  is 0 (jsc#SLE-19253).
- net/mlx5: E-switch, Don't destroy indirect table in split rule
  (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink
  encap mode (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code
  (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query
  (jsc#SLE-19253).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency
  (jsc#SLE-19253).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward
  to ovs internal port (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code
  (jsc#SLE-19253).
- net/mlx5e: Verify flow_source cap before using it
  (jsc#SLE-19253).
- vdpa/mlx5: Don't clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- net/mlx5: Enhance debug print in page allocation failure
  (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove
  (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the
  tracer (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs
  buffers (jsc#SLE-19253).
- net/mlx5e: IPoIB, Show unknown speed instead of error
  (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries
  (jsc#SLE-19253).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change
  (jsc#SLE-19253).
- net: mlx5: eliminate anonymous module_init & module_exit
  (jsc#SLE-19253).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on
  MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on
  MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even
  more (jsc#SLE-19253).
- net/mlx5e: Don't support encap rules with gbp option
  (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range
  (jsc#SLE-19253).
- net/mlx5: check attr pointer validity before dereferencing it
  (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation
  (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del
  (jsc#SLE-19253).
- net/mlx5e: IPoIB, Don't allow CQE compression to be turned on
  by default (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once()
  error path (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on
  VST (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table
  (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write()
  (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not
  issued to FW (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase
  (jsc#SLE-19253).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance
  (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single
  CPU systems (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge
  (jsc#SLE-19253).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix possible use-after-free in async command interface
  (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ
  (jsc#SLE-19253).
- net/mlx5: Wait for firmware to enable CRS before
  pci_restore_state (jsc#SLE-19253).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state
  (jsc#SLE-19253).
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting
  profile (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
  (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state
  (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding
  lock_class_key (jsc#SLE-19253).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- net/mlx5e: Modify slow path rules to go to slow fdb
  (jsc#SLE-19253).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
  (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters
  (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX
  (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX
  (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event
  (jsc#SLE-19253).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit
  (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: Don't use already freed action pointer
  (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers
  (jsc#SLE-19253).
- net/mlx5: Don't advertise IPsec netdev support for non-IPsec
  device (jsc#SLE-19253).
- net/mlx5: Initialize flow steering during driver probe
  (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating
  multi-destination FW table (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata
  (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
  (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
  (jsc#SLE-19253).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk
  dev (jsc#SLE-19253).
- commit 5fae4a0

- blacklist.conf: add git-fix that breaks kabi
- commit 2df77d4

- blacklist.conf: cleanup, dead reference won't break anything
- commit ea07443

- blacklist.conf: cleanup, dead reference won't break anything
- commit ba4ce58

- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998
  git-fixes).
- commit 7e152d5

- blacklist.conf: Add more powerpc unsupported platform paths
- commit c3b3c8e

- powerpc/purgatory: remove PGO flags (bsc#1194869).
- commit 9bba037

- blacklist.conf: cleanup, not a fix
- commit ae23f77

- blacklist.conf: cleanup, not a fix
- commit 0b74b98

- blacklist.conf: build only
- commit 2de0332

- usb: cdns3: fix NCM gadget RX speed 20x slow than expection
  at iMX8QM (git-fixes).
- commit c52eada

- blacklist.conf: feature, not a fix
- commit 44f5d9b

- blacklist.conf: optimization, not a fix
- commit 02f5051

- bpf: Add extra path pointer check to d_path helper (git-fixes).
- commit ddb86f8

- tracing/probe: trace_probe_primary_from_call(): checked
  list_first_entry (git-fixes).
- commit 150f29b

- tracing/histograms: Allow variables to have some modifiers
  (git-fixes).
- commit 70e4f92

- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check
  (git-fixes).
- commit 192a450

- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic
  (git-fixes).
- commit c98a23e

- kprobes: Fix to handle forcibly unoptimized kprobes on
  freeing_list (git-fixes).
- commit 86488b1

- kprobes: Fix check for probe enabled in kill_kprobe()
  (git-fixes).
- commit 296ebb2

- kprobes: Skip clearing aggrprobe's post_handler in
  kprobe-on-ftrace case (git-fixes).
- commit 998483a

- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- commit 5a80a04

- kprobes: Prohibit probes in gate area (git-fixes).
- commit b68c831

- kprobes: don't call disarm_kprobe() for disabled kprobes
  (git-fixes).
- commit 8dd6622

- kprobes: Forbid probing on trampoline and BPF code areas
  (git-fixes).
- commit 3b3e3e9

- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- commit a8e7886

- tracing: Introduce helpers to safely handle dynamic-sized
  sockaddrs (git-fixes).
- commit eabd7b4

- eeprom: at24: also select REGMAP (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path
  (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode
  (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts
  (git-fixes).
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP
  signals (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor
  (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified
  sc7180-lite boards (git-fixes).
- commit 031042b

- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper
  error handling (git-fixes).
- commit 5599965

- revert "squashfs: harden sanity check in
  squashfs_read_xattr_id_table" (git-fixes).
- commit fd69a9c

- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using
  CS35L41 (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01
  (git-fixes).
- commit 74a4806

- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor
  IDs (git-fixes).
- Refresh
  patches.suse/ALSA-hda-Add-NVIDIA-codec-IDs-a3-through-a7-to-patch.patch.
- commit 588740e

- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP
  platform (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag
  (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware
  buffer (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir
  (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh
  (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp
  (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- mailbox: mailbox-test: fix a locking issue in
  mbox_test_message_write() (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- dmaengine: pl330: rename _start to prevent build error
  (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in
  at_xdmac_prep_interleaved() (git-fixes).
- drm/amdgpu: skip disabling fence driver src_irqs when device
  is unplugged (git-fixes).
- drm/msm: Be more shouty if per-process pgtables aren't working
  (git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions
  (git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect
  RCR value (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr
  from ID table (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end
  of probe (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in
  su3000_read_mac_address (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer()
  (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in
  rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in
  ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer()
  (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in
  az6027_i2c_xfer() (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter
  (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path
  (git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe
  (git-fixes bsc#1211387).
- drm/ast: Fix ARM compatibility (git-fixes).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield
  (git-fixes).
- mailbox: mailbox-test: Fix potential double-free in
  mbox_test_message_write() (git-fixes).
- drm/amdgpu: Use the default reset when loading or reloading
  the driver (git-fixes).
- drm/amdgpu: release gpu full access after
  "amdgpu_device_ip_late_init" (git-fixes).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the
  desc list (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting
  (git-fixes).
- commit 0cb0fbe

- Update patch reference for fbcon fix (CVE-2023-3161 bsc#1212154)
- commit dd50606

- Move setting %%build_html to config.sh
- commit dd39da3

- Update patches.suse/arm64-efi-Execute-runtime-services-from-a-dedicated-.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit 15cbf6b

- Update patches.suse/efi-rt-wrapper-Add-missing-include.patch (git-fixes bsc#1212155 CVE-2023-21102)
- commit d2f0708

- Update patch reference for memstick fix (CVE-2023-3141 bsc#1212129 bsc#1211449)
- commit 089d7db

- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- commit 7ebcbd5

- Refresh
  patches.suse/0042-block-mq-deadline-Fix-dd_finish_request-for-zoned-devices.patch.
  Remove also per_prio from dd_finish_request(). There are no more users
  in 5.4. Silences the compiler warning:
  block/mq-deadline.c:830:22: error: unused variable ‘per_prio’
- commit ed6b28b

- drm/msm: Set max segment size earlier (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context()
  fails (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work
  (git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID
  (git-fixes).
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect
  (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll
  (git-fixes).
- can: j1939: avoid possible use-after-free when
  j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue
  handling in J1939 Socket (git-fixes).
- Input: xpad - delete a Razer DeathAdder mouse VID/PID entry
  (git-fixes).
- Input: fix open count when closing inhibited device (git-fixes).
- commit 0d88720

- Move setting %%split_optional to config.sh
- commit 77f3750

- Move setting %%supported_modules_check to config.sh
- commit 5ada69b

- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- commit 799f050

- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- commit 334fb4d

- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax
  loops (bsc#1209367 ltc#195662).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367
  ltc#195662).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367
  ltc#195662).
- commit 6862b4a

- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- commit 5ad6888

- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- commit da8b9db

- Also include kernel-docs build requirements for ALP
- commit 114d088

- Move the kernel-binary conflicts out of the spec file.
  Thie list of conflicting packages varies per release.
  To reduce merge conflicts move the list out of the spec file.
- commit 4d81125

- Avoid unsuported tar parameter on SLE12
- commit f11765a

- Move obsolete KMP list into a separate file.
  The list of obsoleted KMPs varies per release, move it out of the spec
  file.
- commit 016bc55

- ext4: unconditionally enable the i_version counter
  (bsc#1211299).
- commit 9850f2e

- Trim obsolete KMP list.
  SLE11 is out of support, we do not need to handle upgrading from SLE11
  SP1.
- commit 08819bb

- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- commit 4df8ec9

- Generalize kernel-doc build requirements.
- commit 23b058f

- spi: qup: Request DMA before enabling clocks (git-fixes).
- platform/surface: aggregator: Allow completion work-items to
  be executed in parallel (git-fixes).
- commit 9916d6b

- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- commit f5b50ae

- RDMA/rxe: Fix the error "trying to register non-static key in rxe_cleanup_task" (git-fixes)
- commit a9533db

- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- commit 01fdb10

- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- commit edb8dfd

- blacklist: add RTRS rename patches
  First patch makes codes less confusing but is only used by
  the 2 following ones which break kABI
- commit 9fca67c

- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- commit 8cb567c

- Refresh patches.suse/add-suse-supported-flag.patch.
  Fix table alignment.
- commit ed5f850

- blacklist.conf: add ntfs3
  ntfs3 was introduced in v5.15-rc1, and as such we don't carry it on
  SLE15-SP4.
- commit 9ff2c7c

- kernel-binary: Add back kernel-default-base guarded by option
  Add configsh option for splitting off kernel-default-base, and for
  not signing the kernel on non-efi
- commit 28c22af

- blacklist.conf: Append 'fbdev: Disable sysfb device registration when removing conflicting FBs'
- commit 3f0f464

- blacklist.conf: Append 'fbdev: da8xx-fb: add missing regulator_disable() in fb_probe'
- commit e00fe84

- blacklist.conf: Append 'parisc: fbdev/stifb: Align graphics memory size to 4MB'
- commit 418d50c

- blacklist.conf: Append 'Revert "fbcon: don't lose the console font across generic->chip driver switch"'
- commit addaa82

- blacklist.conf: Append 'Revert "fbdev: Make fb_release() return -ENODEV if fbdev was unregistered"'
- commit 66c01be

- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- commit eb830fc

- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472)
  Backporting changes:
  * replace refcount_read() with atomic_read()
- commit 23a912f

- sfc: disable RXFCS and RXALL features by default (git-fixes).
- commit 3f25e44

- x86/topology: Fix duplicated core ID within a package (git-fixes).
- commit 98adc02

- Update "drm/i915/gem: add missing boundary check in vm_access" (bsc#1211263 CVE-2023-28410)
  Add bug and CVE number to the References tag.
- commit f799efb

- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- commit 70a1ce4

- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- commit 4309e22

- kabi/severities: ignore kABI in bq27xxx_battery module
  Those are local symbols that are used only by child drivers
- commit 8d7e23d

- kABI workaround for btbcm.c (git-fixes).
- commit ab2692b

- nvme: fix passthrough csi check (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks
  (git-fixes).
- commit d03fbdf

- power: supply: bq27xxx: expose battery data when CI=1
  (git-fixes).
- Refresh
  patches.suse/power-supply-bq27xxx-Fix-bq27xxx_battery_update-race.patch.
- commit 3c4cf6c

- KEYS: asymmetric: Copy sig and digest in
  public_key_verify_signature() (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called
  on current sign changes (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down
  (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races
  on remove (git-fixes).
- bluetooth: Add cmd validity checks at the start of
  hci_sock_ioctl() (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if
  not set (git-fixes).
- commit 31ed077

- ASoC: rt5682: Disable jack detection interrupt during suspend
  (git-fixes).
- Refresh patches.kabi/snd-soc-rt5682-kABI-workaround.patch.
- commit ce0cf1d

- misc: fastrpc: reject new invocations during device removal
  (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal
  (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting
  IRQ_DISABLE_UNLAZY flag (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476
  compatible value (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling
  (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio: adc: ad7192: Change "shorted" channels to differential
  (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices
  without ACPI _ONT method (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations
  (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break
  instead of UARTCTRL_SBK (git-fixes).
- serial: 8250_tegra: Fix an error handling path in
  tegra_uart_probe() (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix "snps,hsphy_interface" type
  (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind
  (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- selinux: don't use make's grouped targets feature yet
  (git-fixes).
- mtd: rawnand: marvell: don't set the NAND frequency select
  (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written
  (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions
  (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported
  (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported
  (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818
  (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout()
  (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev()
  (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the
  memory descriptors (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before
  executing (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type
  (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe()
  (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg
  (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s
  for things to stabilize (git-fixes).
- power: supply: bq27xxx: Add cache parameter to
  bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race
  condition (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg
  (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds
  (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend
  period (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries
  (git-fixes).
- net: mdio: mvusb: Fix an error handling path in
  mvusb_mdio_probe() (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting
  (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- commit 2ec09cc

- net: rpl: fix rpl header size calculation (CVE-2023-2156
  bsc#1211131).
- commit c308d83

- thunderbolt: Mask ring interrupt on Intel hardware as well
  (bsc#1210165).
- commit 4a76dd6

- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory
  pressure (bsc#1211564).
- commit 8e0fc37

- blacklist: add nvme bogus nsid check
  We don't not need these quirks as we don't ship the check.
- commit bbebeaf

- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- commit f0be05e

- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- commit 89bdacb

- Update patch-mainline metadata for a lockdown patch
- commit ff4a857

- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- commit b67ebd4

- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- commit 3cd00dd

- nvme-tcp: fix a possible UAF when failing to allocate an io
  queue (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-fc: fix a missing queue put in
  nvmet_fc_ls_create_association (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects
  (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
  (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace
  is enabled (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked
  (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs
  (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors
  (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change()
  (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during
  queue teardown (git-fixes).
- nvme: handle the persistent internal error AER (git-fixes).
  Refresh:
  - patches.suse/nvme-fix-async-event-trace-event.patc
- nvme: fix regression when disconnect a recovering ctrl
  (git-fixes).
  Refresh:
  - patches.suse/nvme-rdma-fix-possible-hang-caused-during-ctrl-delet.patch
  - patches.suse/nvme-tcp-fix-possible-hang-caused-during-ctrl-deleti.patch
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH
  (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs
  (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme-pci: fix a NULL pointer dereference in
  nvme_alloc_admin_tags (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect
  (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of
  nvmet_ns_revalidate (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvmet: use i_size_read() to set size for file-ns (git-fixes).
  Refresh:
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- nvme-tcp: fix bogus request completion when failing to send AER
  (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600
  SSDs (git-fixes).
- commit c657707

- tipc: add an extra conn_get in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit e3a141d

- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- commit 43cdfba

- blacklist.conf: Exclude an irrelevant patch for us.
  We don't have the fp_init.size et al variables so this patch doesn't
  apply to our kernel.
- commit 30f92bf

- tipc: set con sock in tipc_conn_alloc (bsc#1209288
  CVE-2023-1382).
- commit a68b414

- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- commit 244216a

- purgatory: fix disabling debug info (git-fixes).
- commit 1ebc547

- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- commit d380760

- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- commit 44d8ccb

- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- Refresh patches.suse/x86-microcode-amd-fix-mixed-steppings-support.patch.
- commit c6646fc

- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- commit d2f3f53

- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- commit 3a9f080

- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters
  (git-fixes).
- scsi: storvsc: Don't pass unused PFNs to Hyper-V host
  (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential
  VM (git-fixes).
- commit 85569e3

- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not  available (git-fixes).
- commit bf87aed

- scsi: qla2xxx: Replace all non-returning strlcpy() with
  strscpy() (bsc#1211960).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Wait for io return on terminate rport
  (bsc#1211960).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable
  resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template
  (bsc#1211960).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1211960).
- commit 4c4bf74

- lpfc: update metadata
- Refresh
  patches.suse/scsi-lpfc-Add-new-RCQE-status-for-handling-DMA-failu.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-double-free-in-lpfc_cmpl_els_logo_acc-.patch.
- Refresh
  patches.suse/scsi-lpfc-Fix-verbose-logging-for-SCSI-commands-issu.patch.
- Refresh
  patches.suse/scsi-lpfc-Match-lock-ordering-of-lpfc_cmd-buf_lock-a.patch.
- Refresh
  patches.suse/scsi-lpfc-Replace-blk_irq_poll-intr-handler-with-thr.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-congestion-warning-notification-per.patch.
- Refresh
  patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.12.patch.
- commit 497ebb3

- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- commit aaaea1e

- RDMA/irdma: Prevent QP use after free (git-fixes)
- commit 34e3a35

- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- commit 6c40b4b

- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- commit 1c28ea3

- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- commit c5d0c28

- RDMA/hns: Fix base address table allocation (git-fixes)
- commit c15c063

- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- commit c581318

- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- commit f7d5b0b

- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- commit 8102023

- usrmerge: Compatibility with earlier rpm (boo#1211796)
- commit 2191d32

- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: ses: Handle enclosure with just a primary component
  gracefully (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: libsas: Grab the ATA port lock in
  sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- commit 9f00bdd

- Fix usrmerge error (boo#1211796)
- commit da84579

- Update CVE reference to
  patches.suse/arm64-Add-AMPERE1-to-the-Spectre-BHB-affected-list.patch
  (git-fixes bsc#1205153 bsc#1211855 CVE-2023-3006).
- commit 7d0a08a

- media: radio-shark: Add endpoint checks (git-fixes).
- commit fb4ddc1

- USB: sisusbvga: Add endpoint checks (git-fixes).
- commit d88241f

- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- commit d8cfc9c

- blacklist.conf: prerequisites way too intrusive
- commit b6394eb

- blacklist.conf: prerequisites too intrusive
- commit 7aaa267

- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ
  (bsc#1211847).
- scsi: lpfc: Add new RCQE status for handling DMA failures
  (bsc#1211847).
- scsi: lpfc: Update congestion warning notification period
  (bsc#1211847).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and
  hbalock for abort paths (bsc#1211847).
- commit b6545fd

- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused
  by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to
  SES devices (bsc#1211847).
- commit 31cb016

- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- commit 5587605

- lpfc: Enhance congestion statistics collection
  (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling
  (bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead
  of TRACE_EVENT (bsc#1211852).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based
  on nlp_state (bsc#1211852).
- commit 04bc1f2

- lpfc: Account for fabric domain ctlr device loss recovery
  (bsc#1211346, bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery
  (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in
  lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- commit ffe8e83

- usb: dwc3: gadget: Execute gadget stop after halting the
  controller (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Improve-dwc3_gadget_suspend-and-dwc3.patch.
- commit 35f936b

- usb: typec: tcpm: fix multiple times discover svids error
  (git-fixes).
- commit a381d7f

- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize
  (git-fixes).
- commit 6b5ad0e

- blacklist.conf: Add c0f2df49cf24 cgroup: Fix build failure when CONFIG_SHRINKER_DEBUG
- commit 7772962

- cifs: mapchars mount option ignored (bsc#1193629).
- commit 516a6c4

- smb3: display debug information better for encryption
  (bsc#1193629).
- commit 7f16b38

- cifs: fix smb1 mount regression (bsc#1193629).
- commit 565aa62

- SMB3: drop reference to cfile before sending oplock break
  (bsc#1193629).
- commit 714d17f

- SMB3: Close all deferred handles of inode in case of handle
  lease break (bsc#1193629).
- commit 31916b9

- cifs: release leases for deferred close handles when freezing
  (bsc#1193629).
- commit fba9221

- smb3: fix problem remounting a share after shutdown
  (bsc#1193629).
- commit 8678043

- SMB3: force unmount was failing to close deferred close files
  (bsc#1193629).
- commit b75c848

- smb3: improve parallel reads of large files (bsc#1193629).
- commit 739a949

- do not reuse connection if share marked as isolated
  (bsc#1193629).
- commit 50ed2cc

- SMB3: Close deferred file handles in case of handle lease break
  (bsc#1193629).
- commit 79b4858

- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- commit 64fbbd7

- cifs: fix pcchunk length type in smb2_copychunk_range
  (bsc#1193629).
- commit 278a0ed

- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- commit eeed402

- cifs: update internal module version number for cifs.ko
  (bsc#1193629).
- commit 2c9169a

- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- commit 61dd23b

- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 90eaeae

- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit 0f1ffd2

- cifs: Simplify SMB2_open_init() (bsc#1193629).
- commit b2da20f

- dm ioctl: fix nested locking in table_clear() to remove deadlock
  concern (bsc#1210806, CVE-2023-2269).
- commit 2bbfc45

- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size()
  (bsc#1211807).
- commit cfbffb5

- blacklist.conf: Add 659c0ce1cb9e kernel/sys.c: fix and improve control flow in __sys_setres[ug]id()
- commit 93ea3c4

- cgroup: Reorganize css_set_lock and kernfs path processing
  (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Homogenize cgroup_get_from_id() return value
  (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup
  id (bsc#1205650).
- blacklist.conf: Remove 4534dee94 to ease dependant backports
- cgroup: Honor caller's cgroup NS when resolving path
  (bsc#1205650).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup
  duplicated codes (bsc#1203906).
- commit 45f8307

- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- Refresh
  patches.suse/cgroup-cgroup_get_from_id-must-check-the-looked-up-kn-is-a-directory.patch.
- blacklist.conf: Remove patch from blacklist (became prereq)
- commit 249c983

- Remove usrmerge compatibility symlink in buildroot (boo#1211796)
  Besides Makefile depmod.sh needs to be patched to prefix /lib/modules.
  Requires corresponding patch to kmod.
- commit b8e00c5

- ceph: force updating the msg pointer in non-split case
  (bsc#1211804).
- commit a688822

- blacklist.conf: 03cab65a07e0 ("selftests/futex: fix build for clang")
- commit 19afb99

- locking/rwsem: Add __always_inline annotation to
  __down_read_common() and inlined callers (git-fixes).
- commit e0ba102

- rtmutex: Ensure that the top waiter is always woken up
  (git-fixes).
- commit 0184302

- futex: Resend potentially swallowed owner death notification
  (git-fixes).
- commit c8b2fc6

- blacklist.conf: s390/maccess: rework absolute lowcore accessors
- commit 6e763ee

- blacklist.conf: s390/smp: cleanup control register update routines
- commit 869cbe8

- blacklist.conf: s390/smp: cleanup target CPU callback starting
- commit ac0ad39

- blacklist.conf: s390/dump: fix old lowcore virtual vs physical address confusion
- commit f2ccc2e

- blacklist.conf: s390/traps: improve panic message for translation-specification exception
- commit 1cb3dd4

- blacklist.conf: s390/dump: fix os_info virtual vs physical address confusion
- commit 82b75e7

- blacklist.conf: LLVM test case fix
- commit 8a6e662

- s390/vdso: remove -nostdlib compiler flag (git-fixes
  bsc#1211714).
- commit 3aedab5

- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- commit 3a70444

- Update
  patches.suse/HID-asus-use-spinlock-to-protect-concurrent-accesses.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit 1bf4240

- Update
  patches.suse/HID-asus-use-spinlock-to-safely-schedule-workers.patch
  (bsc#1208604 CVE-2023-1079).
  Added bugzilla and CVE
- commit a4b9147

- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems
  (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more
  than once (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value
  (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages
  (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in
  nilfs_evict_inode() (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short
  cables (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices
  (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT
  (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits
  (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE
  (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind
  (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring
  (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write
  backtrace (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in
  iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference
  (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning
  (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex
  (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue
  (git-fixes).
- regmap: cache: Return error in cache sync operations for
  REGCACHE_NONE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- commit 17eb14e

- Input: xpad - add constants for GIP interface numbers
  (git-fixes).
- commit ae95fb0

- mmc: sdhci-esdhc-imx: make "no-mmc-hs400" works (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio
  header (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery
  data (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials
  (git-fixes).
- HID: logitech-hidpp: Don't use the USB serial for USB devices
  (git-fixes).
- Bluetooth: L2CAP: fix "bad unlock balance" in
  l2cap_disconnect_rsp (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- ACPI: EC: Fix oops when removing custom query handlers
  (git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in
  acpi_db_display_objects (git-fixes).
- ACPICA: Avoid undefined behavior: applying zero offset to null
  pointer (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition
  (bsc#1211449).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and
  finish (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare()
  and buffer_finish() (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function
  (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds
  better (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type
  (git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs
  (git-fixes).
- HID: wacom: Force pen out of prox if no events have been
  received in a while (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- commit d814c1f

- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes
  bsc#1211693).
- s390/dasd: fix hanging blockdevice after request requeue
  (git-fixes bsc#1211687).
- s390/kprobes: fix current_kprobe never cleared after kprobes
  reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from
  post_handler (git-fixes bsc#1211689).
- s390/mem_detect: fix detect_memory() error handling (git-fixes
  bsc#1211691).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes
  bsc#1211690).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes
  bsc#1211692).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes
  bsc#1211686).
- commit dcbf1cc

- dmaengine: idxd: Only call idxd_enable_system_pasid() if
  succeeded in enabling SVA feature (git-fixes).
- commit bdaf824

- kABI workaround for mt76_poll_msec() (git-fixes).
- commit 8310024

- wifi: mt76: mt7921e: improve reliability of dma reset
  (git-fixes).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: add flexible polling wait-interval support
  (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without
  Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling
  (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid
  is read (git-fixes).
- commit 5f45933

- Update
  patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
  (git-fixes CVE-2023-2162 bsc#1210647).
- commit ef8f1cf

- configfs: fix possible memory leak in configfs_create_dir()
  (git-fixes).
- debugfs: fix error when writing negative value to atomic_t
  debugfs file (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value
  (git-fixes).
- commit 1a0085a

- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT
  (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf:
  Rename {leaf,usbcan}_cmd_error_event to
  {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device
  (git-fixes).
- commit 686ab31

- can: kvaser_usb_leaf: Fix overread with an invalid command
  (git-fixes).
- commit 9e9ebea

- drivers: base: dd: fix memory leak with using debugfs_lookup()
  (git-fixes).
- drivers: base: component: fix memory leak with using
  debugfs_lookup() (git-fixes).
- commit 537af53

- virtio_net: suppress cpu stall when free_unused_bufs
  (git-fixes).
- commit da7bbcd

- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- commit ab5927c

- virtio_net: bugfix overflow inside xdp_linearize_page()
  (git-fixes).
- commit 7b42c19

- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable
  (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings
  (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after
  removal (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- commit bc3d0e5

- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and
  dwc3_gadget_resume() (git-fixes).
- commit b5c53da

- virtio-net: Keep stop() to follow mirror sequence of open()
  (git-fixes).
- commit 0d2ec00

- virtio-net: execute xdp_do_flush() before napi_complete_done()
  (git-fixes).
- commit 1fe332b

- tools/virtio: fix the vringh test for virtio ring changes
  (git-fixes).
- commit 7846dae

- vhost/net: Clear the pending messages when the backend is
  removed (git-fixes).
- commit ed68aca

- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- commit 5a7e7d8

- virtio_net: split free_unused_bufs() (git-fixes).
- commit 00244a7

- tools/virtio: compile with -pthread (git-fixes).
- commit efe7e12

- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive
  (git-fixes).
- commit 97aa26c

- tools/virtio: fix virtio_test execution (git-fixes).
- commit ab7f233

- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- commit a4fbbfa

- blacklist.conf: add 838d6d3461db ("virtio: unexport virtio_finalize_features")
- commit daac2ad

- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- commit a805982

- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- commit 7af3d10

- blacklist.conf: black list non applicable fix
- commit 0b43409

- power: supply: bq24190_charger: using pm_runtime_resume_and_get
  instead of pm_runtime_get_sync (git-fixes).
- Refresh
  patches.suse/power-supply-bq24190-Fix-use-after-free-bug-in-bq241.patch.
- commit 32112a8

- net: skip virtio_net_hdr_set_proto if protocol already set
  (git-fixes).
- commit 04b2165

- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- commit b034548

- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- commit bc9efec

- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- commit 5d5e37e

- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- commit 5ca599d

- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- commit 711a6c8

- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- commit dc85357

- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- commit f6fa4f5

- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- commit 9b285aa

- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- commit 4de26a7

- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- commit c8c1599

- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/alternative: Support relocations in alternatives
  (bsc#1206578).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- commit 3be7202

- net: virtio_net_hdr_to_skb: count transport header in UFO
  (git-fixes).
- commit 435a431

- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- commit 4efb06a

- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- commit 39f5ae5

- usb: dwc3: Fix ep0 handling when getting reset while doing
  control transfer (git-fixes).
- commit acaaa13

- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- commit 838022e

- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- commit 19b0a32

- usb: dwc3: gadget: Only End Transfer for ep0 data phase
  (git-fixes).
- commit 7e9b934

- usb: dwc3: remove a possible unnecessary 'out of memory'
  message (git-fixes).
- commit 59239b9

- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Wait-for-ep0-xfers-to-complete-durin.patch.
- commit 4a16748

- usb: dwc3: drd: use helper to get role-switch-default-mode
  (git-fixes).
- commit ee299c9

- tracing: Fix permissions for the buffer_percent file
  (git-fixes).
- commit 0318a81

- ring-buffer: Sync IRQ works before buffer destruction
  (git-fixes).
- commit a78e19a

- ring-buffer: Ensure proper resetting of atomic variables in
  ring_buffer_reset_online_cpus (git-fixes).
- commit 2b75346

- ring-buffer: Fix kernel-doc (git-fixes).
- commit 6ecbbdc

- net: qrtr: correct types of trace event parameters (git-fixes).
- commit dbac4e1

- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- commit 6ed4e1b

- usb: dwc3: ep0: Don't prepare beyond Setup stage (git-fixes).
- Refresh
  patches.suse/usb-dwc3-gadget-Avoid-duplicate-requests-to-enable-R.patch.
- commit eccafbc

- ipv6: sr: fix out-of-bounds read when setting HMAC data
  (bsc#1211592).
- commit 5a240f0

- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- commit 9ac2993

- power: supply: bq24190: Fix use after free bug in bq24190_remove
  due to race condition (CVE-2023-33288 bsc#1211590).
- commit 373505c

- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC
  Self-IPI (git-fixes).
- commit 742c6c3

- KVM: x86/vmx: Do not skip segment attributes if unusable bit
  is set (git-fixes).
- commit 9eaecda

- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter()
  (git-fixes).
- commit 30d94a9

- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU doesn't
  support global_ctrl (git-fixes).
- commit aa84341

- KVM: x86: Protect the unused bits in MSR exiting flags
  (git-fixes).
- commit 28b2cff

- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user()
  (git-fixes).
- commit 4df9796

- KVM: x86: do not set st->preempted when going back to user space
  (git-fixes).
- commit 757f49a

- KVM: SVM: Don't rewrite guest ICR on AVIC IPI virtualization
  failure (git-fixes).
- commit f034027

- KVM: x86: Do not change ICR on write to APIC_SELF_IPI
  (git-fixes).
- commit 71266ce

- gve: Handle alternate miss completions (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages()
  (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path
  (bsc#1211519).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Fix spelling mistake "droping" -> "dropping" (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- commit e7ab3d9

- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing
  bugs (git-fixes).
- commit 0592eea

- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt
  is advertised (git-fixes).
- commit b3bd831

- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always
  catchup mode (git-fixes).
- commit 61c19ae

- KVM: x86: Report deprecated x87 features in supported CPUID
  (git-fixes).
- commit f103d79

- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER
  (git-fixes).
- commit 28c6c36

- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when
  eVMCS (git-fixes).
- commit aa258cd

- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking
  shadow (git-fixes).
- commit 10c2c56

- kernel-source: Remove unused macro variant_symbols
- commit 915ac72

- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper
  (git-fixes).
- commit 7736978

- KVM: nVMX: Don't use Enlightened MSR Bitmap for L3 (git-fixes).
- commit a6f9309

- blacklist.conf: add 9dba4d24cbb55 ("86/kvm: remove unused ack_notifier
  callbacks"
- commit 7c642cd

- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid()
  (git-fixes).
- commit 28c590c

- s390/extmem: return correct segment type in __segment_load()
  (bsc#1210450 git-fixes).
- commit 0040ffc

- s390/uaccess: add missing earlyclobber annotations to __clear_user()
  (bsc#1209856 git-fixes).
- commit 66fb793

- xen/netback: use same error messages for same errors
  (git-fixes).
- commit a7eb923

- powerpc/iommu: DMA address offset is incorrectly calculated
  with 2MB TCEs (jsc#SLE-19556 git-fixes).
- commit 893c217

- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- commit 0720e89

- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers
  (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in
  ep93xxfb_probe() (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards
  (git-fixes).
- commit b351847

- vc_screen: reload load of struct vc_data pointer in vcs_write()
  to avoid UAF (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt
  (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe`
  (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't
  in use (bsc#1210165).
- xhci: Fix incorrect tracking of free space on transfer rings
  (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle
  (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show
  (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers
  (git-fixes).
- commit 8584d07

- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table
  (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another
  HP laptop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go
  (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops
  (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- commit 6ddb5bd

- drm/msm/dpu: Remove duplicate register defines from INTF
  (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions
  (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author:
  (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings
  (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static
  (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion
  15 (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free
  (git-fixes).
- commit 473b547

- Move upstreamed media patches into sorted section
- commit 201322a

- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: dvb_frontend: kABI workaround (CVE-2022-45885
  bsc#1205758).
- commit 93a2fd7

- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
  (CVE-2022-45887 bsc#1205762).
- media: dvb-core: Fix use-after-free due to race condition at
  dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free due to race at
  dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due on race condition at
  dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix kernel WARNING for blocking operation in
  wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free on race condition at
  dvb_frontend (CVE-2022-45885 bsc#1205758).
- commit 3c0eba9

- can: kvaser_pciefd: Disable interrupts in probe error path
  (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt
  (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling
  interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly
  requested (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in
  kvaser_pciefd_stop() (git-fixes).
- wifi: iwlwifi: mvm: don't trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list
  (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list
  (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock
  (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- cassini: Fix a memory leak in the error handling path of
  cas_init_one() (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- selftets: seg6: disable rp_filter by default in
  srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for
  srv6_end_dt4_l3vpn_test (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer()
  (git-fixes).
- selftests/sgx: Add "test_encl.elf" to TEST_FILES (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust
  (git-fixes).
- commit 41844ce

- Update References
  patches.suse/bluetooth-Perform-careful-capability-checks-in-hci_s.patch
  (git-fixes bsc#1210533 CVE-2023-2002).
- commit 0d52fb3

- net: sched: sch_qfq: prevent slab-out-of-bounds in
  qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- commit 8a9beae

- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling
  legacy gfx ras (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled
  in suspend (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus
  KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for
  GDIX1002 ts on the Juno Tablet (git-fixes).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- HID: wacom: Set a default resolution for older tablets
  (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and
  319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies
  (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- commit 2af09b7

- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- commit 5df9068

- cifs: fix sharing of DFS connections (bsc#1208758).
- commit eca9f8a

- cifs: avoid potential races when handling multiple dfs tcons
  (bsc#1208758).
- commit 63e23c3

- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath
  (bsc#1208758).
- commit afe04d7

- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- commit e5ca6c5

- cifs: fix potential use-after-free bugs in
  TCP_Server_Info::hostname (bsc#1208758).
- commit c684f06

- cifs: protect session status check in smb2_reconnect()
  (bsc#1208758).
- commit a5777d5

- smb3: move some common open context structs to smbfs_common
  (bsc#1193629).
- commit 584d68d

- smb3: make query_on_disk_id open context consistent and move
  to common code (bsc#1193629).
- commit c9e01f8

- cifs: missing lock when updating session status (bsc#1193629).
- commit 54a1882

- SMB3: Add missing locks to protect deferred close file list
  (git-fixes).
- commit de29309

- cifs: avoid dup prefix path in dfs_get_automount_devname()
  (git-fixes).
- commit ed1670a

- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- commit afc9290

- Refresh
  patches.suse/net-ice-Add-support-for-enable_iwarp-and-enable_roce.patch.
- Delete
  patches.suse/devlink-Add-enable_iwarp-generic-device-param.patch.
  Fixed broken kABI (bsc#1208050 bsc#1211414).
- commit 118de8c

- Refresh
  patches.suse/net-mana-Add-new-MANA-VF-performance-counters-for-ea.patch.
  Fix backport.
- commit 6887ae9

- HID: microsoft: Add rumble support to latest xbox controllers
  (bsc#1211280).
- commit a92cf6c

- affs: initialize fsdata in affs_truncate() (git-fixes).
- commit 556d7fa

- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- commit caf7724

- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- commit e87f79f

- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create
  (git-fixes).
- commit 563e8d3

- hfsplus: fix bug causing custom uid and gid being unable to
  be assigned with mount (git-fixes).
- commit 610a8fb

- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- commit 8b5744b

- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- commit feebcc9

- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- commit 8740f85

- fs: jfs: fix possible NULL pointer dereference in dbFree()
  (git-fixes).
- commit dd91206

- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- commit a58e29a

- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- commit c7328c2

- jfs: Fix fortify moan in symlink (git-fixes).
- commit 11b192f

- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- commit 79e06af

- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- commit 9c4a05e

- net: mana: Check if netdev/napi_alloc_frag returns single page
  (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines
  (bsc#1210551).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Enable RX path to handle various MTU sizes
  (bsc#1210551).
- net: mana: Refactor RX buffer allocation code to prepare for
  various MTU (bsc#1210551).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mana: Add new MANA VF performance counters for easier
  troubleshooting (bsc#1209982).
- commit ac98332

- reiserfs: Add security prefix to xattr name in
  reiserfs_security_write() (git-fixes).
- commit 20d1751

- reiserfs: Add missing calls to reiserfs_security_free()
  (git-fixes).
- commit 680dc2c

- Squashfs: fix handling and sanity checking of xattr_ids count
  (git-fixes).
- commit 3c564fc

- squashfs: harden sanity check in squashfs_read_xattr_id_table
  (git-fixes).
- commit 982f949

- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs
  (git-fixes).
- commit 5814c62

- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest
  (git-fixes)
- commit ef4b42f

- ACPI: tables: Add support for NBFT (bsc#1195921).
- commit 90b0d13

- drm/amdgpu: Fix vram recover doesn't work after whole GPU reset
  (v2) (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order
  (git-fixes).
- gve: Remove the code of clearing PBA bit (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only
  (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling
  (git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND
  if unset (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step
  (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- selftests/resctrl: Check for return value after write_schemata()
  (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific
  branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory()
  did not alloc mem (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed
  (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE
  register (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod
  (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed
  (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One
  7 B1-750 (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County'
  NUC M15 (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init()
  for dpcm (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq()
  and writeq() (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation
  (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000
  (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of
  pm_runtime_get_sync (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments
  (git-fixes).
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500
  (git-fixes).
- serial: stm32: re-introduce an irq flag condition in
  usart_receive_chars (git-fixes).
- media: rcar_fdp1: Make use of the helper function
  devm_platform_ioremap_resource() (git-fixes).
- commit c094bdc

- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted
  (git-fixes).
- commit d64e14c

- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX
  handler (git-fixes).
- commit 56061d9

- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4()
  (git-fixes).
- commit a6ab5bb

- KVM: SVM: Fix benign "bool vs. int" comparison in svm_set_cr0()
  (git-fixes).
- commit f475ade

- KVM: SVM: hyper-v: placate modpost section mismatch error
  (git-fixes).
- commit 816e1bf

- KVM: SVM: Fix potential overflow in SEV's
  send|receive_update_data() (git-fixes).
- commit 16c4f84

- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry
  (git-fixes).
- commit aed233d

- platform/x86: thinkpad_acpi: Fix platform profiles on T490
  (git-fixes).
- commit 1c69e0b

- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
  (git-fixes).
- commit 81f590f

- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1
  (git-fixes).
- commit 77c8954

- KVM: nVMX: Document that ignoring memory failures for VMCLEAR
  is deliberate (git-fixes).
- commit b84688a

- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC
  reconfigure race (git-fixes).
- commit 5d05f90

- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- commit b1c4544

- x86/amd: Use IBPB for firmware calls (git-fixes).
- Refresh patches.suse/x86-speculation-Add-RSB-VM-Exit-protections.patch.
- commit 98a0873

- KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4
  check fails (git-fixes).
- commit 8d3f5e6

- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- commit 55ad85a

- x86/bugs: Add "unknown" reporting for MMIO Stale Data (git-fixes).
- commit c9d308d

- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid
  (git-fixes).
- commit 341c774

- ECO for QAT driver update was approved (PED-3955).
  Allow kABI changes below drivers/crypto/qat and remove
  the corresponding kABI padding patch.
- commit d46b3f1

- x86/speculation/mmio: Print SMT warning (git-fixes).
- commit b61badb

- x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS  parts (git-fixes).
- commit 309477d

- x86/alternative: Report missing return thunk details (git-fixes).
- commit a6de731

- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception
  (git-fixes).
- commit b95c292

- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE
  (git-fixes).
- commit 028e88b

- blacklist.conf: Blacklist already integrated patch
- commit f08adc0

- blacklist.conf: Remove alread-integrated patch
- commit 6038830

- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- commit f34367a

- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag
  (git-fixes).
- commit 4d26615

- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like
  (git-fixes).
- commit 1c41646

- KVM: x86: Mask off unsupported and unknown bits of
  IA32_ARCH_CAPABILITIES (git-fixes).
- commit e7d58ae

- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness
  (git-fixes).
- commit 31729ed

- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- commit e94cf3b

- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- commit 7aef2ca

- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- commit 1e49eb1

- Fix bug reference.
- Update patches.suse/powerpc-64s-Fix-local-irq-disable-when-PMIs-are-disa.patch
  (bsc#1195655 ltc#195733 git-fixes).
- Update patches.suse/powerpc-64s-hash-Make-hash-faults-work-in-NMI-contex.patch
  (bsc#1195655 ltc#195733).
- commit 75b352e

- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest
  (git-fixes).
- commit 8e78e7b

- KVM: arm64: Don't arm a hrtimer for an already pending timer (git-fixes)
- commit 7242bab

- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- commit 24e09a6

- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- commit 94fc8c2

- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- commit a2031d5

- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- commit 57c82ed

- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- commit 4084e39

- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- commit 80e5dc8

- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- commit b34a907

- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- commit 18fdaaf

- powerpc/rtas: use memmove for potentially overlapping buffer
  copy (bsc#1065729).
- powerpc: Don't try to copy PPR for task with NULL pt_regs
  (bsc#1065729).
- commit a0f9fd4

- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- commit 1e56a5b

- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- commit 32b2eb1

- KVM: arm64: Don't return from void function (git-fixes)
- commit 929b4b8

- KVM: Don't set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- commit d5c7f0a

- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- commit c528fa6

- KVM: Don't create VM debugfs files outside of the VM directory (git-fixes)
- commit f35aa14

- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- commit 5c67650

- Revert "KVM: set owner of cpu and vm file operations" (git-fixes)
- commit 641eec4

- KVM: Prevent module exit until all VMs are freed (git-fixes)
- commit d75ff37

- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- commit e7649a0

- KVM: Disallow user memslot with size that exceeds "unsigned long" (git-fixes)
- commit 3d5e854

- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes)
  Enable workaround and fix kABI breakage.
- commit 65ad1d7

- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- commit 66d6673

- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- commit f8b8352

- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter
  (bsc#1210741 jsc#PED-4022).
- Update config files.
- supported.conf: mark mana_ib supported
- commit 1a4c2c7

- net: mana: Move header files to a common location (bsc#1210741
  jsc#PED-4022).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit 5b586a1

- RDMA/mana_ib: Fix a bug when the PF indicates more entries for
  registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw()
  (bsc#1210741 jsc#PED-4022).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741
  jsc#PED-4022).
- commit 34e74c1

- net: mana: Define data structures for protection domain and
  memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page
  from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define and process GDMA response code
  GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741
  jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741
  jsc#PED-4022).
- net: mana: Export Work Queue functions for use by RDMA driver
  (bsc#1210741 jsc#PED-4022).
- net: mana: Set the DMA device max segment size (bsc#1210741
  jsc#PED-4022).
- net: mana: Handle vport sharing between devices (bsc#1210741
  jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region
  (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for auxiliary device (bsc#1210741
  jsc#PED-4022).
- commit f92c525

- KVM: nVMX: add missing consistency checks for CR0 and CR4
  (bsc#1210294 CVE-2023-30456).
- commit ef9d3af

- blacklist.conf: cleanup of a comment
- commit 84e5a2f

- blacklist.conf: dependencies cannot be met
- commit e3d82fb

- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm
  (bsc#1207553).
- commit f66a3d1

- apparmor: add a kernel label to use on kernel objects
  (bsc#1211113).
- commit 51d9c3d

- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- commit 0291fd1

- crypto: acomp - define max size for destination (jsc#PED-3692)
- commit 85592d8

- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- commit e4a787e

- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- commit 0a12d82

- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- commit 84eb593

- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- commit b8f6153

- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- commit 4cc71cc

- crypto: qat - extend buffer list interface (jsc#PED-3692)
- commit add926d

- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- commit 53057db

- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- commit e94a222

- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- commit 6fb4fa4

- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- commit babeef7

- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- commit 8fbb831

- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- commit 57cf8db

- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- commit 191d933

- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- commit 8033e5b

- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- commit 2893932

- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- commit 638d767

- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- commit da7d730

- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- commit 9d2ec7c

- crypto: qat - change behaviour of (jsc#PED-3692)
- commit 88b302a

- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- commit c9aee29

- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- commit b693728

- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- commit e064970

- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- commit f05d9dc

- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- commit 68596ea

- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- commit e4d21be

- crypto: qat - add param check for DH (jsc#PED-3692)
- commit da607b7

- crypto: qat - add param check for RSA (jsc#PED-3692)
- commit 7eefa16

- crypto: qat - add backlog mechanism (jsc#PED-3692)
- commit 624d1d0

- crypto: qat - refactor submission logic (jsc#PED-3692)
- commit b8e53cb

- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- commit bd15683

- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- commit c617c8f

- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- commit b866596

- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- commit e40b5cb

- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- commit 02bc64e

- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- commit 4d65255

- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- commit b225eca

- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- commit 2b6fd0a

- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- commit 1e0a7c3

- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- commit c5057e2

- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- commit 9de3f9b

- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- commit a8dbb60

- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- commit 1848290

- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- commit 1cf3054

- crypto: qat - remove unneeded braces (jsc#PED-3692)
- commit a02a4ee

- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- commit 56dd6e7

- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- commit dd0685f

- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- commit e463f30

- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- commit c63cf22

- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- commit 29cae5c

- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- commit 988ee72

- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- commit d524451

- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- commit 5536852

- crypto: qat - add misc workqueue (jsc#PED-3692)
- commit cb5c3b7

- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- commit 89bd3f8

- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- commit a7f67e3

- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- commit 151593d

- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- commit dfc51e6

- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- commit 8557674

- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- commit 5d143f2

- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- commit 916a77e

- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- commit 6601ff4

- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- commit e8ce44d

- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- commit 986f0e6

- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- commit 7d28fba

- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- commit 6155681

- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- commit 77f298d

- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- commit da2daed

- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- commit a184282

- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- commit e08ef29

- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- commit 77c5d55

- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- commit 22808a8

- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- commit 529c178

- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- commit 2cfdf60

- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- commit 192475a

- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- commit 029b3f8

- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- commit b21ae8f

- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- commit 86b6de1

- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- commit c36c1b5

- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- commit 5a6ccb5

- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- commit 6bc8ecc

- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- commit 69ac24d

- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- commit a09ab7d

- crypto: qat - do not rely on min version (jsc#PED-3692)
- commit 1fbc50a

- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- commit bd91022

- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- commit ce27ee1

- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- commit 07d0530

- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- commit dfcb218

- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- commit ebf7e16

- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- commit 4ac3bf8

- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- commit 3228a9b

- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- commit 7a44395

- crypto: qat - add pfvf_ops (jsc#PED-3692)
- commit 5960736

- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- commit 1aa65a8

- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- commit 53e0309

- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- commit b869385

- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- commit 27aa4db

- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- commit 375be54

- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- commit 253518f

- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- commit b8f6615

- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- commit 2d2c8ab

- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- commit 08b5439

- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- commit 32a2e31

- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- commit b27b05c

- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- commit c5402df

- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- commit ef47805

- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- commit 3c38713

- crypto: qat - extract send and wait from (jsc#PED-3692)
- commit d88c673

- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- commit 688556e

- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- commit 4f0c483

- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- commit 7d933b4

- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- commit f443d35

- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- commit 4276cd3

- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- commit 89e9e5e

- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- commit abcbfac

- crypto: qat - free irq in case of failure (jsc#PED-3692)
- commit 227e146

- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- commit a4d86dd

- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- commit e9e0672

- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- commit 4f29ad0

- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- commit 49708c6

- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- commit dd303d7

- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- commit 167b6ae

- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- commit 0767718

- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- commit 8a91dc4

- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- commit df8b85d

- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- commit dbe426c

- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- commit ac1c697

- sfc: fix TX channel offset when using legacy interrupts
  (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- commit 03bb08f

- workqueue: Print backtraces from CPUs with hung CPU bound
  workqueues (bsc#1211044).
- commit edb7f74

- workqueue: Warn when a rescuer could not be created
  (bsc#1211044).
- commit bbf3c79

- workqueue: Interrupted create_worker() is not a repeated event
  (bsc#1211044).
- commit 86794c5

- workqueue: Warn when a new worker could not be created
  (bsc#1211044).
- commit eb3a726

- workqueue: Fix hung time report of worker pools (bsc#1211044).
- commit 3a59651

- x86/boot: Skip realmode init code when running as Xen PV guest   (git-fixes).
- Refresh    patches.kabi/kABI-Fix-kABI-after-x86-mm-cpa-Generalize-__set_memo.patch.
- commit e90b7a1

- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 4d4fa6d

- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- commit d3c6791

- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- Refresh
  patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-correct-WC-error-for-bind-operatio.patch.
- Refresh
  patches.suse/RDMA-irdma-Return-error-on-MR-deregister-CQP-failure.patch.
- Refresh
  patches.suse/RDMA-irdma-Validate-udata-inlen-and-outlen.patch.
- commit 11ed66b

- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- RDMA/irdma: Do not generate SW completions for NOPs
  (jsc#SLE-18383).
- gve: Secure enough bytes in the first TX desc for all TCP pkts
  (git-fixes).
- sfc: ef10: don't overwrite offload features at NIC reset
  (git-fixes).
- gve: Cache link_speed value from device (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- iavf: Do not restart Tx queues after reset task failure
  (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- net: tun: fix bugs for oversize packet when napi frags enabled
  (git-fixes).
- sfc: include vport_id in filter spec hash and equal()
  (git-fixes).
- sfc: Change VF mac via PF as first preference if available
  (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit
  (git-fixes).
- RDMA/irdma: Fix drain SQ hang with no completion
  (jsc#SLE-18383).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels
  (git-fixes).
- sfc: fix considering that all channels have TX queues
  (git-fixes).
- RDMA/irdma: Add SW mechanism to generate completions on error
  (jsc#SLE-18383).
- commit b8a7c09

- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- commit ca9f52b

- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- commit d9bb4d3

- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- commit 4d91aa8

- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- commit 9499df5

- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- commit 1c1a4cd

- act_mirred: use the backlog for nested calls to mirred ingress
  (CVE-2022-4269 bsc#1206024).
- net/sched: act_mirred: better wording on protection against
  excessive stack growth (CVE-2022-4269 bsc#1206024).
- commit 0660aaf

- netfilter: nf_tables: deactivate anonymous set from preparation
  phase (CVE-2023-32233 bsc#1211043).
- commit a0bdb58

- igc: read before write to SRRCTL register (jsc#SLE-18377).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size()
  (jsc#SLE-19255).
- ixgbe: Enable setting RSS table to default values
  (jsc#SLE-18384).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- i40e: fix i40e_setup_misc_vector() error handling
  (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock
  (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test
  (jsc#SLE-18378).
- i40e: fix flow director packet filter programming
  (jsc#SLE-18378).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- igc: fix the validation logic for taprio's gate list
  (jsc#SLE-18377).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- intel/igbvf: free irq on the error path in igbvf_request_msix()
  (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing
  (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash
  (jsc#SLE-18385).
- i40e: Fix kernel crash during reboot when adapter is in recovery
  mode (jsc#SLE-18378).
- igb: conditionalize I2C bit banging on external thermal sensor
  support (jsc#SLE-18379).
- ixgbe: add double of VLAN header when computing the max MTU
  (jsc#SLE-18384).
- i40e: add double of VLAN header when computing the max MTU
  (jsc#SLE-18378).
- ixgbe: allow to increase MTU to 3K with XDP enabled
  (jsc#SLE-18384).
- i40e: Add checking for null for nlmsg_find_attr()
  (jsc#SLE-18378).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in
  igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iavf/iavf_main: actually log ->src mask when talking about it
  (jsc#SLE-18385).
- igc: Fix PPS delta between two synchronized end-points
  (jsc#SLE-18377).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- igc: Set Qbv start_time and end_time to end_time if not being
  configured in GCL (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time
  (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit
  (jsc#SLE-18377).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- i40e: Fix the inability to attach XDP program on downed
  interface (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove
  (jsc#SLE-18385).
- i40e: Fix flow-type by setting GL_HASH_INSET registers
  (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF
  (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps
  (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- iavf: Fix set max MTU size with port VLAN and jumbo frames
  (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending
  (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules
  (jsc#SLE-18378).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
  (jsc#SLE-18384).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- iavf: Fix 'tc qdisc show' listing too many queues
  (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- i40e: Fix interface init with MSI interrupts (no MSI-X)
  (jsc#SLE-18378).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
  (jsc#SLE-18385).
- i40e: Fix erroneous adapter reinitialization during recovery
  process (jsc#SLE-18378).
- igc: Reinstate IGC_REMOVED logic and implement it properly
  (jsc#SLE-18377).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- ice: Fix interrupt moderation settings getting cleared
  (jsc#SLE-18375).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
  (jsc#SLE-18375).
- commit 80d0092

- ACPI: processor: Fix evaluating _PDC method when running as
  Xen dom0 (git-fixes).
- commit 9762d65

- xen/netback: don't do grant copy across page boundary
  (git-fixes).
- commit f4517dd

- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs()
  (git-fixes).
- commit 46b1fec

- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt
  (bsc#1210775).
- commit 2b91689

- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop
  (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input
  methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- commit 9ac9894

- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- commit bec3ff8

- Update references to patch
  patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
  (git-fixes bsc#1209287 CVE-2023-1380).
- commit 1374551

- Remove obsolete rpm spec constructs
  defattr does not need to be specified anymore
  buildroot does not need to be specified anymore
- commit c963185

- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate
  obsoletes correctly (boo#1172073 bsc#1191731).
  rpm only supports full length release, no provides
- commit c9b5bc4

- bnxt_en: Do not initialize PTP on older P3/P4 chips
  (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping
  (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest
  (jsc#SLE-18978).
- qed/qed_sriov: guard against NULL derefs from
  qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour
  (jsc#SLE-19001).
- qed/qed_dev: guard against a possible division by zero
  (jsc#SLE-19001).
- bnxt_en: Avoid order-5 memory allocation for TPA data
  (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- qede: execute xdp_do_flush() before napi_complete_done()
  (jsc#SLE-19001).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path
  (jsc#SLE-18992).
- bnxt: prevent skb UAF after handing over to PTP worker
  (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on
  57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features
  (jsc#SLE-18978).
- commit aee4a77

- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- commit bb4fcce

- watchdog: dw_wdt: Fix the error handling path of
  dw_wdt_drv_probe() (git-fixes).
- commit 01087d8

- Update tags in
  patches.suse/ext4-fix-use-after-free-in-ext4_xattr_set_entry.patch
  (bsc#1206878 bsc#1211105 CVE-2023-2513).
- commit ce8b695

- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- commit d6c8c20

- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- commit 91bdec8

- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- commit 4cd1b96

- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- commit 01bca28

- x86/crash: Disable virt in core NMI crash handler to avoid double  shootdown (git-fixes).
- commit aa4ba49

- x86/microcode: Adjust late loading result reporting message (git-fixes).
- commit fa7132b

- x86/microcode: Check CPU capabilities after late microcode update  correctly (git-fixes).
- commit a7e591b

- x86/microcode: Add a parameter to microcode_check() to store CPU  capabilities (git-fixes).
- commit 24950dd

- Update
  patches.suse/net-qcom-emac-Fix-use-after-free-bug-in-emac_remove-.patch
  (bsc#1211037 CVE-2023-2483).
- commit b748693

- Refresh
  patches.suse/powerpc-64-Always-build-with-128-bit-long-double.patch.
- commit 0cbc080

- PM: hibernate: Turn snapshot_test into global variable
  (git-fixes).
- Refresh
  patches.suse/0007-PM-hibernate-encrypt-hidden-area.patch.
- commit df2c292

- PM: hibernate: Do not get block device exclusively in
  test_resume mode (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path
  (git-fixes).
- commit 5109b71

- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1
  (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for
  usb2_port and ulpi_port (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels
  (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA
  processing (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer
  (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- commit d0a5bb0

- blacklist.conf: cleanup designed to break kABI
- commit d13ef2b

- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by
  wmm_idx (git-fixes).
- commit 06c84d1

- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup
  (git-fixes).
- commit 2260701

- blacklist.conf: add nvme git-fixes
- commit e6d21df

- nvme: fix discard support without oncs (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency
  (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns
  (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns
  (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvmet: use a private workqueue instead of the system workqueue
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-don-t-defer-passthrough-commands-with-trivial-.patch
  - patches.suse/nvmet-only-allocate-a-single-slab-for-bvecs.patch
- commit d34faf0

- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- commit 4e894db

- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- commit 5998565

- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
  This is a preparation for the next patch
- commit bde7887

- blacklist.conf: Disable already integrated patch
  Despite not having it as a separate commit we already have
  x86_spec_ctrl_current declared via DECLARE_PER_CPU
- commit 3a23dac

- x86: drop bogus "cc" clobber from __try_cmpxchg_user_asm() (git-fixes).
- commit 821679e

- blacklist.conf: Blacklist i386 speculation fix
  We don't care about 32 bit so might as well blacklist this commit
- commit 85cd434

- x86: Fix return value of __setup handlers (git-fixes).
- commit 4af5381

- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- commit 4ec04e5

- blacklist.conf: the commit might cause regression (bsc#1210947)
- commit 373f459

- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- commit b654685

- x86, sched: Fix undefined reference to init_freq_invariance_cppc()  build error (git-fixes).
- commit 2520bfd

- blacklist.conf: add one char git-fixes
- commit 442298b

- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux
  configuration (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling
  output (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base
  (git-fixes).
- leds: tca6507: Fix error handling of using
  fwnode_property_read_string (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it
  (git-fixes).
- commit d6008ec

- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- commit 84b434f

- xfs: verify buffer contents when we skip log replay (bsc#1210498
  CVE-2023-2124).
- commit c6f30c5

- mm: take a page reference when removing device exclusive entries
  (bsc#1211025).
- commit fd0cc4f

- usb: mtu3: fix kernel panic at qmu transfer done irq handler
  (git-fixes).
- commit 7fcf832

- blacklist.conf: prerequisites break kABI
- commit 0cfe9b1

- struct ci_hdrc: hide new member at end (git-fixes).
- commit d06f402

- usb: chipidea: core: fix possible concurrent when switch role
  (git-fixes).
- commit d07905a

- Update
  patches.suse/perf-Fix-check-before-add_event_to_groups-in-perf_group_detach.patch
  (git fixes, bsc#1210986, CVE-2023-2235).
- commit c5399e7

- blacklist.conf: Exclude unrelated kconfig patch
- commit 2595126

- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit f115e36

- locking/rwbase: Mitigate indefinite writer starvation.
  Move out of sorted as the patch has moved within the tip tree.
- commit 0ba915d

- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
  (git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused
  (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current
  time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program
  prototype (git-fixes).
- commit 4f6ef5f

- power: supply: generic-adc-battery: fix unit scaling
  (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if'
  match (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src
  to reparent (git-fixes).
- clk: add missing of_node_put() in "assigned-clocks" property
  parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in
  davinci_timer_register when init fails (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
  (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
  (git-fixes).
- selftests/kselftest/runner/run_one(): allow running
  non-executable files (git-fixes).
- commit fc18250

- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: callback request does not use correct credential for
  AUTH_SYS (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- nfsd: call op_release, even when op_func returns an error
  (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
  (git-fixes).
- commit aa8b700

- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992
  CVE-2022-2196).
- commit 2cab1a4

- nvme: send Identify with CNS 06h only to I/O controllers
  (bsc#1209693).
- commit fe51de7

- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
  (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches
  (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation
  logic (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in
  unrecoverable state (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with
  no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before
  completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if
  aborted (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when
  unloading driver (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their
  list removal (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer
  overflow (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks
  (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to
  fc_host_fpin_rcv() (bsc#1210943).
- commit 7354766

- ACPI: CPPC: Disable FIE if registers in PCC regions
  (bsc#1210953).
- cpufreq: CPPC: Fix build error without
  CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- commit 5d50d5f

- keys: Fix linking a duplicate key to a keyring's assoc_array
  (bsc#1207088).
- commit 52b6749

- virtio_ring: don't update event idx on get_buf (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property
  (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF
  (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- driver core: Don't require dynamic_debug for initcall_debug
  probe timing (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
  (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  rtw_scan_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  _rtw_join_timeout_handler() (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended
  size (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
  (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in
  renesas_usb3_remove due to race condition (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event
  (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling
  (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on
  error path (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations
  (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Don't skip cleanup in remove's error path (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location
  (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config
  (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match
  (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and
  device_lock (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery
  (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device
  (git-fixes).
- commit 30ae662

- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
  The target code is only for testing and there are no external users.
- commit a8c10fa

- blacklist.conf: add nvme git-fixes
- commit be17720

- Update
  patches.suse/net-mlx5-DR-Fix-NULL-vs-IS_ERR-checking-in-dr_domain.patch
  (jsc#SLE-19253 bsc#1208845 CVE-2023-23006).
  Added CVE reference.
- commit 53f1f7b

- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- commit da2e21e

- ext4: use ext4_journal_start/stop for fast commit transactions
  (bsc#1210793).
  Refresh patches.suse/ext4-fast-commit-may-not-fallback-for-ineligible-com.patch
  patches.suse/ext4-fix-fallocate-to-use-file_modified-to-update-pe.patch
  patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
- commit b470a11

- nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W}
  usage" (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller
  (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling
  (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- commit da5f4d4

- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
  (bsc#1210816).
- signal: Don't always set SA_IMMUTABLE for forced signals
  (bsc#1210816).
- commit 1d55fab

- bluetooth: Perform careful capability checks in hci_sock_ioctl()
  (git-fixes).
- Revert "Bluetooth: btsdio: fix use after free bug in
  btsdio_remove due to unfinished work" (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent
  rx/status calls (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
  (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective
  (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error
  (git-fixes).
- wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported
  protocols (git-fixes).
- wifi: iwlwifi: trans: don't trigger d3 interrupt twice
  (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
  (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init
  and napi_enable (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath5k: fix an off by one check in
  ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs
  (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_pwr_seq_parser() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older
  firmware (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode
  (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure
  (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks
  (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
  (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
  (git-fixes).
- commit ce41906

- nvmet: force reconnect when number of queue changes (git-fixes).
- commit 4fecb2d

- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
  (bsc#1194869).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- amdgpu: disable powerpc support for the newer display engine
  (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- commit a05fdb3

- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on
  a HP platform (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle
  and lock (git-fixes).
- commit 94a71e8

- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support
  for HP Laptops (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-2ae147d643d3.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-9fdc1605c504.patch.
- commit d95e43b

- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- commit fa425c8

- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvmet: don't defer passthrough commands with trivial effects
  to the workqueue (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem
  (git-fixes).
- nvme: fix SRCU protection of nvme_ns_head list (git-fixes).
  Refresh:
  - patches.suse/nvme-multipath-skip-not-ready-namespaces-when-revalidating.patch
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a
  controller under memory pressure (git-fixes).
- nvmet: fix invalid memory reference in
  nvmet_subsys_attr_qid_max_show (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
  (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA
  access (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvmet: add helpers to set the result field for connect commands
  (git-fixes).
- nvmet-auth: don't try to cancel a non-initialized work_struct
  (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme
  devices (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time
  out (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again
  (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key()
  (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
  (git-fixes).
- nvme: use command_id instead of req->tag in
  trace_nvme_complete_rq() (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation
  (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: set dma alignment to dword (git-fixes).
- nvme: fix the read-only state for zoned namespaces with
  unsupposed features (git-fixes).
- nvmet: revert "nvmet: make discovery NQN configurable"
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-expose-max-queues-to-configfs.patch
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
  (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvmet: looks at the passthrough controller when initializing
  CAP (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- commit 11db83e

- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- commit 8544568

- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y
  YM-2151E (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring
  polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is
  read-write (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error
  (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for
  data (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two
  (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies
  (git-fixes).
- regulator: core: Consistently set mutex_owner when using
  ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on
  by time since booted (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due
  to race condition (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to
  race condition (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove
  (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder()
  (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
  (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
  (git-fixes).
- commit 28cddd0

- drm/i915: Make intel_get_crtc_new_encoder() less oopsy
  (git-fixes).
- commit 0730fed

- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active
  to release shared resources (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment
  (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
  (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot
  (git-fixes).
- commit f201efd

- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
  (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to
  silence known override-init warnings (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and
  adv7535 (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one
  (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- commit df8d449

- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address
  from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from
  PMI8994 regulator (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
  (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
  (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
  (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
  (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP
  table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP
  table (git-fixes).
- commit 94ce2fb

- nvme: copy firmware_rev on each init (git-fixes).
- commit e5addae

- Update References
  patches.suse/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch
  (git-fixes, bsc#1209871, CVE-2023-1670).
- commit fad389c

- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
  cpuset_cancel_attach() (bsc#1210827).
- commit cd76825

- blacklist.conf:
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- commit 5eafca7

- blacklist.conf: Add adb8213014b2 mm: memcg: fix stale protection of reclaim target memcg
- commit 3fa74a9

- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- commit c871759

- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
  changed (bsc#1210816).
- commit f20434b

- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature
  (git-fixes).
- selinux: ensure av_permissions.h is built when needed
  (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- commit 0854c0e

- powerpc/papr_scm: Update the NUMA distance table for the
  target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
  code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
- commit 7bab4e8

- Update tags
  patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch.
- commit 90e3245

- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit d6c6801

- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 4e476eb

- udf: Support splicing to file (bsc#1210770).
- commit d2cfd5b

- writeback, cgroup: fix null-ptr-deref write in
  bdi_split_work_to_wbs (bsc#1210769).
- commit 036cbcd

- mm/filemap: fix page end in filemap_get_read_batch
  (bsc#1210768).
- commit 48f3bbb

- ext4: fix another off-by-one fsmap error on 1k block filesystems
  (bsc#1210767).
- commit 9bc20af

- ext4: fix RENAME_WHITEOUT handling for inline directories
  (bsc#1210766).
- commit 1ad1269

- ext4: fix cgroup writeback accounting with fs-layer encryption
  (bsc#1210765).
- commit 480dd33

- ext4: fix incorrect options show of original mount_opt and
  extend mount_opt2 (bsc#1210764).
- commit ec7e31c

- ext4: fix possible double unlock when moving a directory
  (bsc#1210763).
- commit 88434ef

- ext4: Fix deadlock during directory rename (bsc#1210763).
- commit 71130aa

- ext4: Fix possible corruption when moving a directory
  (bsc#1210763).
- commit 5d35ccf

- blacklist.conf: Blacklist 118901ad1f25
- commit 4dd3cc9

- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit aebc870

- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- commit 57823aa

- Drivers: vmbus: Check for channel allocation before looking
  up relids (git-fixes).
- commit ab07682

- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- commit 34b9f7a

- iio: light: tsl2772: fix reading proximity-diodes from device
  tree (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in
  at91_adc_allocate_trigger() (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
  (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- commit fa0048a

- Update
  patches.suse/NFSD-fix-problems-with-cleanup-on-errors-in-nfsd4_co.patch
  (git-fixes bsc#1210725).
- commit aab0dd8

- e1000e: Disable TSO on i219-LM card to increase speed
  (git-fixes).
- clk: sprd: set max_register according to mapping range
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in
  l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread
  (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X
  state in D3hot (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
  (git-fixes).
- power: supply: cros_usbpd: reclassify "default case!" as debug
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book
  X90F (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk
  (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
  (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message
  (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
  (git-fixes).
- commit ba21d6e

- regulator: fan53555: Explicitly include bits header (git-fixes).
- commit 9852306

- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler
  functional and performance backports)).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
  initialized (bsc#1155798 (CPU scheduler functional and
  performance backports)).
- sched/fair: Move calculate of avg_load to a better location
  (bsc#1155798 (CPU scheduler functional and performance
  backports)).
- commit 1c631df

- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
  (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk
  (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- commit c742154

- x86/entry: Avoid very early RET (git-fixes).
- commit 7f33ce2

- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit a844601

- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- commit f5a41ba

- x86/entry: Don't call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro
  (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
  (git-fixes).
- x86/entry: Switch the stack after error_entry() returns
  (git-fixes).
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
  fails (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests
  (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
  (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
  (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- Refresh
  patches.suse/0010-KVM-x86-speculation-Disable-Fill-buffer-clear-within.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- stat: fix inconsistency between struct stat and struct
  compat_stat (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- commit fc2d705

- blacklist.conf: add some x86 git-fixes
- commit 67b8a58

- memstick: fix memory leak if card device is never registered
  (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
  (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the
  PHY node (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
  (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range
  (git-fixes).
- commit e50472a

- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
  bsc#1209615).
- commit c351e67

- supported.conf: support u_ether and libcomposite
  (jsc-PED#3750)
  This is necessary for g_ncm
  (for maintainance see jsc-PED#3759)
- commit 93dcc25

- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- commit 96566e9

- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- commit 048d3b4

- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- commit e08b805

- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- commit b64d8ba

- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- commit c3ec287

- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- commit 6a66ca6

- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit b706955

- supported.conf: declaring usb_f_ncm supported as
  requested in (jsc#PED-3750)
  Support for the legacy functionality g_ncm is still
  under discussion
  (see jsc-PED#3200)
  For maintainance see (jsc#PED-3759)
- commit 2970881

- blacklist.conf: vsprintf: just a small code size optimization
- commit 11066c4

- blacklist.conf: fix for a feature which was not backported
- commit 40356f9

- blacklist.conf: needed just for a cleanup
- commit 2ad4085

- x86/speculation: Allow enabling STIBP with legacy IBRS
  (bsc#1210506 CVE-2023-1998).
- commit 43f265f

- Update patch reference for hwmon fix (CVE-2023-1855 bsc#1210202)
- commit 0565559

- cifs: fix negotiate context parsing (bsc#1210301).
- commit 6999463

- blacklist.conf: add perf git-fixes we are not taking
- commit affe5db

- perf/core: Fix the same task check in perf_event_set_output
  (git fixes).
- perf: Fix check before add_event_to_groups() in
  perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly
  invoked in perf_event_bpf_output (git fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling
  (git fixes).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc: declare unmodified attribute_group usages const
  (git-fixes).
- commit c25cc8c

- Update patch reference for power driver fix (CVE-2023-30772 bsc#1210329)
- commit d3db856

- sched/fair: Sanitize vruntime of entity being migrated
  (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed
  (bsc#1203325).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler
  functional and performance backports)).
- sched/numa: Stop an exhastive search if an idle core is found
  (bsc#1189999 (Scheduler functional and performance backports)).
- commit 24ed78f

- mm: page_alloc: skip regions with hugetlbfs pages when
  allocating 1G pages (bsc#1210034).
- commit 421448a

- i2c: ocores: generate stop condition after timeout in polling
  mode (git-fixes).
- commit 95ee80d

- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
  (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
  (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in
  snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: emu10k1: don't create old pass-through playback device
  on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking
  (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
  (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG
  motherboard (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation
  (git-fixes).
- commit 4a758e5

- scsi: iscsi_tcp: Check that sock is valid before
  iscsi_set_param() (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
  (git-fixes).
- scsi: mpt3sas: Don't print sense pool info twice (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
  (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
  (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
  (git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
  (git-fixes).
- scsi: core: Fix a procfs host directory removal regression
  (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during
  revalidate (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240
  (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop
  (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
  (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value
  (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
  (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
  (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
  ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
  (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup()
  (git-fixes).
- scsi: libsas: Remove useless dev_list delete in
  sas_ex_discover_end_dev() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
  ipaddress (git-fixes).
- commit fce4b5b

- k-m-s: Drop Linux 2.6 support
- commit 22b2304

- scsi: iscsi_tcp: Fix UAF during logout when accessing the
  shost ipaddress (git-fixes).
- Refresh
  patches.kabi/kABI-fix-change-of-iscsi_host_remove-arguments.patch.
- commit dfafac0

- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6

- Update
  patches.kabi/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch
  (kabi bsc#1210206).
  Fix kabi breakage.
- commit cf0ac3f

- Update CVE reference to
  patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
  (git-fixes bsc#1210454 CVE-2023-2019).
- commit 4e95d11

- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
  (git-fixes bsc#1210453 CVE-2023-2008).
- commit 62da89a

- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication
  overflow (git-fixes).
- Revert "pinctrl: amd: Disable and mask interrupts on resume"
  (git-fixes).
- drm/armada: Fix a potential double free in an error handling
  path (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S
  (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
  (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in
  nilfs_segctor_thread() (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc
  (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards
  (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O
  cards (git-fixes).
- commit f9cf523

- scsi: hisi_sas: Set a port invalid only if there are no devices
  attached when refreshing port id (git-fixes).
- commit 5cdcc2b

- signal handling: don't use BUG_ON() for debugging (bsc#1210439).
- commit 3f10ae8

- Update
  patches.suse/scsi-core-Add-BLIST_NO_VPD_SIZE-for-some-VDASD.patch
  (git-fixes bsc#1203039), adding back the bug number reference.
- commit 2587a1f

- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes
  bsc#1203039) (renamed now that it's upstgream)
- Refresh
  patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch.
- Refresh
  patches.kabi/kABI-fix-adding-another-field-to-scsi_device.patch.
- Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch.
- commit 14ff6ce

- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
  (bsc#1210158).
- commit 5691022

- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to
  a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into
  a helper (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in
  handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling
  (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time
  (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large
  enough (bsc#1209927).
- commit b35c5f2

- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- commit 2383449

- Update CVE reference to
  patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
  (git-fixes bsc#1210337 CVE-2023-1990).
- commit ddf99ea
containerd
- Update to containerd v1.7.8. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.8> bsc#1200528
- Rebase patches:
  * 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.7. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.7>
- Add patch to fix build on SLE-12:
  + 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch

- Update to containerd v1.7.6 for Docker v24.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.7.6> bsc#1215323

- Add `Provides: cri-runtime` to use containerd as container runtime in Factory
  Kubernetes packages

- Update to containerd v1.6.21 for Docker v23.0.6-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.21> bsc#1211578
- Require a minimum Go version explicitly rather than using golang(API).
  Fixes the change for bsc#1210298.

[ This was only released in SLE. ]
- unversion to golang requires to always use the current default go.
  (bsc#1210298)

- Update to containerd v1.6.20 for Docker v23.0.4-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.20>
crmsh
- Update to version 4.4.2+20231010.03e9316f:
  * Fix: report: Pick up tarball suffix dynamically (bsc#1215438)
  * Fix: report: Pick 'gzip' as the first compress prog for cross-platform compatibility(bsc#1215438)
  * Fix: upgradeutil: reduce ConnectTimeout when checking the availability of ssh access (bsc#1213797)
  * Fix: ui_cluster: 'crm cluster stop' failed to stop services (bsc#1203601)
  * Dev: utils: Change the way to get pacemaker's version (bsc#1208216)

- Update to version 4.4.1+20230706.3503893:
  * Fix: upgradeutil: support the change of path of upgrade_seq in crmsh-4.5 (bsc#1213050)
  * Fix: ui_context: wait4dc should assume a subcommand completes successfully if no exceptions are raised (bsc#1212992)
  * medium: ui_node: fix cib rollback race on node standby

- Update to version 4.4.1+20230424.7f657402:
  * Fix: help: Long time to load and parse crm.8.adoc (bsc#1210198)
  * Fix: cibconfig: use any existing rsc_defaults set rather than create another one (bsc#1210614)
  * Fix: crm report: sustain if there are offline nodes (bsc#1209480)
crypto-policies
- Make the supported versions change in the update-crypto-policies(8)
  man page persistent [bsc#1209998].
  * Add patch crypto-policies-supported.patch
  * Rebase patches:
  - crypto-policies-asciidoc.patch
  - crypto-policies-no-build-manpages.patch

- FIPS: Adapt the fips-mode-setup script to use the pbl command
  from the perl-Bootloader package to replace grubby. Add a note
  for transactional systems. Ship the man 8 pages for
  fips-mode-setup and fips-finish-install [jsc#PED-5041].
  * Rebase crypto-policies-FIPS.patch

- FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
  and fips-finish-install commands, add also the man pages.
  * Adapt the fips-mode-setup script for SLE [jsc#PED-5041]
  * Rebase crypto-policies-FIPS.patch
  * Simplify the man pages creation:
  - Rebase crypto-policies-no-build-manpages.patch
  - Add crypto-policies-asciidoc.patch

- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
cryptsetup
- luksFormat: Handle system with low memory and no swap space [bsc#1211079]
  * Check for physical memory available also in PBKDF benchmark.
  * Try to avoid OOM killer on low-memory systems without swap.
  * Use only half of detected free memory on systems without swap.
  * Add patches:
  - cryptsetup-Check-for-physical-memory-available-also-in-PBKDF-be.patch
  - cryptsetup-Try-to-avoid-OOM-killer-on-low-memory-systems-withou.patch
  - cryptsetup-Use-only-half-of-detected-free-memory-on-systems-wit.patch
samba
- CVE-2023-4091: samba: Client can truncate file with read-only
  permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
  allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
  "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
  (bsc#1215908); (bso#15424).

- Move libcluster-samba4.so from samba-libs to samba-client-libs;
  (bsc#1213940);

- secure channel faulty since Windows 10/11 update 07/2023;
  (bso#15418); (bsc#1213384).

- CVE-2022-2127: lm_resp_len not checked properly in
  winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
  Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
  Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
  (bso#15388); (bsc#1213171).
cups
- cups-2.2.7-CVE-2023-4504.patch fixes CVE-2023-4504
  "CUPS PostScript Parsing Heap Overflow"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-pf5r-86w9-678h
  bsc#1215204

- cups-2.2.7-CVE-2023-32360.patch fixes CVE-2023-32360
  "Information leak through Cups-Get-Document operation"
  by requiring authentication for CUPS-Get-Document in cupsd.conf
  https://github.com/OpenPrinting/cups/commit/a0c8b9c9556882f00c68b9727a95a1b6d1452913
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-7pv4-hx8c-gr4g
  bsc#1214254
- cups-2.2.7-additional_policies.patch is an updated version
  of cups-2.0.3-additional_policies.patch that replaces it
  to add the 'allowallforanybody' policy to cupsd.conf
  after cups-2.2.7-CVE-2023-32360.patch was applied

- cups-2.2.7-CVE-2023-34241.patch fixes CVE-2023-34241
  "use-after-free in cupsdAcceptClient()"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
  bsc#1212230

- cups-2.2.7-CVE-2023-32324.patch fixes CVE-2023-32324
  "Heap buffer overflow in cupsd"
  https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
  bsc#1211643
curl
- Security fixes:
  * [bsc#1217573, CVE-2023-46218] cookie mixed case PSL bypass
  * [bsc#1217574, CVE-2023-46219] HSTS long file name clears contents
  * Add curl-CVE-2023-46218.patch curl-CVE-2023-46219.patch

- Security fixes:
  * [bsc#1215888, CVE-2023-38545] SOCKS5 heap buffer overflow
  * [bsc#1215889, CVE-2023-38546] Cookie injection with none file
  * Add curl-CVE-2023-38545.patch curl-CVE-2023-38546.patch

- Security fix: [bsc#1215026, CVE-2023-38039]
  * http: return error when receiving too large header
  * Add curl-CVE-2023-38039.patch

- Security fix: [bsc#1213237, CVE-2023-32001]
  * fopen race condition: libcurl can be told to save cookie,
    HSTS and/or alt-svc data to files. When doing this, it
    called 'stat()' followed by 'fopen()' in a way that made
    it vulnerable to a TOCTOU race condition problem.
  * Add curl-CVE-2023-32001.patch

- Security fixes:
  * [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
    fingerprint check.
  - Add curl-CVE-2023-28319.patch
  * [bsc#1211231, CVE-2023-28320] siglongjmp race condition
  - Add curl-CVE-2023-28320.patch
  * [bsc#1211232, CVE-2023-28321] IDN wildcard matching
  - Add curl-CVE-2023-28321.patch
  * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
  - Add curl-CVE-2023-28322.patch

- Update to 8.0.1: [jsc#PED-2580]
  * Rebase curl-secure-getenv.patch
  * Remove patches fixed in the update:
  - curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
  - curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
  - curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
  - curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
  - curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
  - curl-CVE-2022-27774.patch curl-CVE-2022-27774-2.patch
  - curl-CVE-2022-27774-disabletest-1568.patch
  - curl-CVE-2022-27775.patch curl-CVE-2022-32205.patch
  - curl-CVE-2022-32207.patch curl-CVE-2022-42916.patch
  - curl-CVE-2022-43551.patch curl-CVE-2023-23914-23915.patch
  - curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
  - curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
  - curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch

- Update to 8.0.1:
  * Bugfixes:
  - fix crash in curl_easy_cleanup

- Update to 8.0.0:
  * Security fixes:
  - TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
  - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
  - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
  - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
  - HSTS double-free [bsc#1209213, CVE-2023-27537]
  - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
  * Changes:
  - build: remove support for curl_off_t < 8 bytes
  * Bugfixes:
  - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
  - BINDINGS: add Fortran binding
  - cf-socket: use port 80 when resolving name for local bind
  - cookie: don't load cookies again when flushing
  - curl_path: create the new path with dynbuf
  - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
  - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
  - ftp: active mode with SSL, add the filter
  - hostip: avoid sscanf and extra buffer copies
  - http2: fix for http2-prior-knowledge when reusing connections
  - http2: fix handling of RST and GOAWAY to recognize partial transfers
  - http: don't send 100-continue for short PUT requests
  - http: fix unix domain socket use in https connects
  - libssh: use dynbuf instead of realloc
  - ngtcp2-gnutls.yml: bump to gnutls 3.8.0
  - sectransp: make read_cert() use a dynbuf when loading
  - telnet: only accept option arguments in ascii
  - telnet: parse telnet options without sscanf
  - url: fix the SSH connection reuse check
  - url: only reuse connections with same GSS delegation
  - urlapi: '%' is illegal in host names
  - ws: keep the socket non-blocking
  * Rebase libcurl-ocloexec.patch
dbus-1
- Sometimes unprivileged users were able to crash dbus-daemon
  (CVE-2023-34969, bsc#1212126)
  * fix-upstream-CVE-2023-34969.patch
lvm2
- blkdeactivate calls wrong mountpoint cmd (bsc#1214071)
  + bug-1214071-blkdeactivate_calls_wrong_mountpoint.patch
docker
- update to Docker 24.0.5-ce. See upstream changelong online at
  <https://docs.docker.com/engine/release-notes/24.0/#2405>. bsc#1213229

- Update to Docker 24.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500

- Update to Docker 24.0.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Recommend docker-rootless-extras instead of Require(ing) it, given
  it's an additional functionality and not inherently required for
  docker to function.

- Add docker-rootless-extras subpackage
  (https://docs.docker.com/engine/security/rootless)

- Update to Docker 24.0.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
  * Includes the upstreamed fix for the mount table pollution issue.
    bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
  being provided by this package.
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to Docker 23.0.6-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2306>. bsc#1211578
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch
- Re-unify packaging for SLE-12 and SLE-15.
- Add patch to fix build on SLE-12 by switching back to libbtrfs-devel headers
  (the uapi headers in SLE-12 are too old).
  + 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- Re-numbered patches:
  - 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  + 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch`

- Update to Docker 23.0.5-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2305>.
- Rebase patches:
  * cli-0001-docs-include-required-tools-in-source-tree.patch

- Update to Docker 23.0.4-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/23.0/#2304>. bsc#1208074
- Fixes:
  * bsc#1214107 - CVE-2023-28840
  * bsc#1214108 - CVE-2023-28841
  * bsc#1214109 - CVE-2023-28842
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Renumbered patches:
  - 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- Remove upstreamed patches:
  - 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  - 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  - 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- Backport <https://github.com/docker/cli/pull/4228> to allow man pages to be
  built without internet access in OBS.
  + cli-0001-docs-include-required-tools-in-source-tree.patch
dracut
- Update to version 055+suse.351.g30f0cda6:
  * fix(dracut.sh): remove microcode check based on CONFIG_MICROCODE_[AMD|INTEL] (bsc#1217031)
  * fix(network): correct network device naming (bsc#1192986)

- Update to version 055+suse.347.gdcb9bdbf:
  * fix(dracut-install): protect against broken links pointing to themselves
  * fix(dracut.sh): exit if resolving executable dependencies fails (bsc#1214081)

- Update to version 055+suse.344.g3d5cd8fb:
  * fix(dracut-install): continue parsing if ldd prints "cannot execute binary file" (bsc#1212662)

- Update to version 055+suse.342.g2e6dce8e:
  fips=1 and separate /boot break s390x (bsc#1204478):
  * fix(fips): move fips-boot script to pre-pivot
  * fix(fips): only unmount /boot if it was mounted by the fips module
  * feat(fips): add progress messages
  * fix(fips): do not blindly remove /boot
  * fix(network-legacy): handle do_dhcp calls without arguments (bsc#1210640)
drbd-utils
- crm-fence-peer incompatible with Pacemaker 2.1 and needs backports (bsc#1209783)
  * 0001-crm-fence-peer-fix-timeout-with-Pacemaker-2.1-milli-.patch
  * 0002-crm-fence-peer-fix-timeout-with-Pacemaker-2.0.5-mill.patch
firewalld
- Fix firewalld does not longer understand IPv4 network masks
  of type `255.255.255.0`
  Added following patch (boo#1212974)
  [+ 0004-fix_rich_source_address_with_netmask.patch]
fonts-config
- get the homedir from getpwuid when no $ENV{"HOME"} set
- added patches
  fix bsc#1210700
  + fonts-config-homedir-getpwuid.patch
gawk
- format-tree-positional-arg.patch: Validate index into argument list
  (CVE-2023-4156, bsc#1214025)
glibc
- dl-map-segment-align-munmap.patch: elf: Align argument of __munmap to
  page size (bsc#1215891, BZ #28676)

- gai-merge-continue-actions.patch: Simplify allocations and fix merge and
  continue actions (CVE-2023-4813, bsc#1215286, BZ #28931)

- gb18030-2022.patch: add GB18030-2022 charmap (jsc#PED-4908, BZ #30243)

- nscd-netlink-cache-invalidation.patch: nscd: Fix netlink cache
  invalidation if epoll is used (bsc#1212910, BZ #29415)

- nss-files-hosts-v4mapped.patch: Restore lookup of IPv4 mapped addresses
  in files database (bsc#1212819, BZ #25457)

- remove-excessive-p-align-check.patch: elf: Remove excessive p_align
  check on PT_LOAD segments (bsc#1211829, BZ #28688)
- segment-align.patch: elf: Properly align PT_LOAD segments (bsc#1211829,
  BZ #28676)
- ld-so-always-use-map-copy.patch: ld.so: Always use MAP_COPY to map the
  first segment (BZ #30452)

- resolv-conf-lock.patch: resolv_conf: release lock on allocation failure
  (bsc#1211828, BZ #30527)

- ulp-prologue-into-asm-functions.patch: Add support for livepatches
  in ASM written functions (bsc#1211726)

- getlogin-no-loginuid.patch: getlogin_r: fix missing fallback if loginuid
  is unset (bsc#1209229, BZ #30235)

- Exclude static archives from preparation for live patching (bnc#1208721)
gpg2
- Suppress error message on trial reading as PEM format when using
  dirmngr to validate broken DER encoded files (bsc#1217212)
  * Add patches:
  - gnupg-dirmngr-Suppress-error-message-on-trial-reading-as-PEM.patch
  - gnupg-dirmngr-Clear-the-error-count-to-try-certificate-as-binary.patch
grub2
- Fix failure to identify recent ext4 filesystem (bsc#1216010)
  * 0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch
  * 0001-fs-ext2-Ignore-the-large_dir-incompat-feature.patch
- Add patch to fix reading files from btrfs with "implicit" holes
  * 0001-fs-btrfs-Zero-file-data-not-backed-by-extents.patch

- Fix fadump not working with 1GB/2GB/4GB LMB[P10] (bsc#1216253)
  * 0001-kern-ieee1275-init-ppc64-Restrict-high-memory-in-pre.patch

- Fix detection of encrypted disk's uuid in powerpc to cope with logical disks
  when signed image installation is specified (bsc#1216075)
  * 0003-grub-install-support-prep-environment-block.patch
- grub2.spec: Add support to unlocking multiple encrypted disks in signed
  grub.elf image for logical disks

- Fix CVE-2023-4692 (bsc#1215935)
- Fix CVE-2023-4693 (bsc#1215936)
  * 0001-fs-ntfs-Fix-an-OOB-write-when-parsing-the-ATTRIBUTE_.patch
  * 0002-fs-ntfs-Fix-an-OOB-read-when-reading-data-from-the-r.patch
  * 0003-fs-ntfs-Fix-an-OOB-read-when-parsing-directory-entri.patch
  * 0004-fs-ntfs-Fix-an-OOB-read-when-parsing-bitmaps-for-ind.patch
  * 0005-fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-label.patch
  * 0006-fs-ntfs-Make-code-more-readable.patch
- Bump upstream SBAT generation to 4

- Fix a boot delay regression in PowerPC PXE boot (bsc#1201300)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch

- grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563)

- Fix PowerVS deployment fails to boot with 90 cores (bsc#1208581)
  * 0001-ieee1275-implement-vec5-for-cas-negotiation.patch
  * 0002-kern-ieee1275-init-Convert-plain-numbers-to-constant.patch
  * 0003-kern-ieee1275-init-Extended-support-in-Vec5.patch
hwinfo
- avoid linking problems with libsamba (bsc#1212756)
- 21.85
ipmitool
- ipmitool duplicates the timestamp (bsc#1213390)
  A    Fix-time-format-for-sel-list-v.patch
issue-generator
- Update to version 1.13
  - SELinux: Do not call agetty --reload [bsc#1186178]

- Update to version 1.12
  - Update manual page
  - Use python3 instead of python 2.x

- Update to version 1.11
  - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
  - Ignore /run/issue.d in issue-generator.path, else issue-generator will
    be called too fast too often [bsc#1177865]
  - Ignore *.bak, *~ and *.rpm* files [bsc#1118862]

- Handle the .path unit in scriptlets as well

- Update to version 1.10
  - Display wlan interfaces [bsc#1169070]

- Update to version 1.9
  - Fix path for systemd files

- Update to version 1.8
  - Handle network interface renames
kbd
- Add 'ara' vc keymap (bsc#1210702)
  'ara' is slightly better than 'arabic' as it matches the name of its x11
  layout counterpart. Keep 'arabic' for backward compatibility sake.
krb5
- Ensure array count consistency in kadm5 RPC; (bsc#1214054);
  (CVE-2023-36054);
- Added patches:
  * 0011-Ensure-array-count-consistency-in-kadm5-RPC.patch
resource-agents
- Fileystem resource fails due to sed command (bsc#1213083)
  Add upstream patch:
  0001-Filesystem-list_mounts-fix-mount-command-output-pars.patch

- azure-events-az errors with newer pacemaker with azure events active
  (bsc#1210433)
  Add upstream patches:
    1854.patch
    1864.patch
libqt5-qtbase
- Add patch from upstream to fix a bug that allows to trigger a
  DoS in the SQL ODBC driver with a specifically crafted string
  (CVE-2023-24607, bsc#1209616):
  * CVE-2023-24607-qtbase-5.15.diff

- Add patch from upstream (backport taken from Qt5PatchCollection)
  to fix certificate validation for TLS which does not always
  consider whether the root of a chain is a configured CA
  certificate (CVE-2023-34410, bsc#1211994):
  * 0001-Ssl-Copy-the-on-demand-cert-loading-bool-from-default-config.patch
- Add patch from upstream to fix a buffer overflow in QDnsLookup
  (CVE-2023-33285, bsc#1211642):
  * CVE-2023-33285-qtbase-5.15.diff
- Add patch from upstream to fix QtNetwork to parse the
  strict-transport-security (HSTS) header case-insensitively
  (CVE-2023-32762, QTBUG-113392, bsc#1211797):
  * 0001-Hsts-match-header-names-case-insensitively.patch
- Add rebased patch from upstream to fix infinite loops in
  QXmlStreamReader and raise error on unexpected tokens
  which is a new behaviour (CVE-2023-38197, QTBUG-92113,
  QTBUG-95188, bsc#1213326):
  * 0001-QXmlStreamReader-Raise-error-on-unexpected-tokens.patch
- Add patch from upstream to fix an overflow in QTextLayout
  (CVE-2023-32763, QTBUG-113337, bsc#1211798):
  * 0001-Fix-specific-overflow-in-qtextlayout-CVE-2023-32763.patch
- Amend patch to fix mouse grabbing as well (bsc#1211024):
  * big-endian-scroll.patch
libqt5-qtsvg
- Add patch from upsteam to fix a missing variable initialization
  of QSvgFont's m_unitsPerEm and remove two unused variable in
  that private class (CVE-2023-32573, bsc#1211298):
  * 0001-QSvgFont-Initialize-used-member-remove-unused.patch
libX11
- U_0001-CVE-2023-43785-out-of-bounds-memory-access-in-_XkbRe.patch
  U_0002-CVE-2023-43786-stack-exhaustion-from-infinite-recurs.patch
  U_0003-XPutImage-clip-images-to-maximum-height-width-allowe.patch
  U_0004-XCreatePixmap-trigger-BadValue-error-for-out-of-rang.patch
  U_0005-CVE-2023-43787-Integer-overflow-in-XCreateImage-lead.patch
  * CVE-2023-43785 libX11: out-of-bounds memory access in
    _XkbReadKeySyms() (boo#1215683)
  * CVE-2023-43786 libX11: stack exhaustion from infinite recursion
  in PutSubImage() (boo#1215684)
  * CVE-2023-43787 libX11: integer overflow in XCreateImage()
    leading to a heap overflow (boo#1215685)

- U_InitExt.c-Add-bounds-checks-for-extension-request-ev.patch
  * Buffer overflows in InitExt.c (boo#1212102, CVE-2023-3138)
libXpm
- U_0000-test-Add-unit-tests-using-glib-framework.patch
  U_0001-Fix-CVE-2023-43788-Out-of-bounds-read-in-XpmCreateXp.patch
  U_0002-test-Add-test-case-for-CVE-2023-43789-corrupt-colorm.patch
  U_0003-Fix-CVE-2023-43789-Out-of-bounds-read-on-XPM-with-co.patch
  * fixes CVE-2023-43788 libXpm: out of bounds read in
    XpmCreateXpmImageFromBuffer() (boo#1215686)
  * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with
    corrupted colormap (boo#1215687)
- U_0004-test-Add-test-case-for-CVE-2023-43786-stack-exhausti.patch
  U_0005-Avoid-CVE-2023-43786-stack-exhaustion-in-XPutImage.patch
  U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch
  U_0007-Avoid-CVE-2023-43787-integer-overflow-in-XCreateImag.patch
  * avoids to trigger CVE-2023-43786,CVE-2023-43787 (boo#1215684,
    boo#1215685); see changelog in libX11 update ...
tigervnc
- Fixes for bsc#1209283
  * Drop chown vnc:vnc calls in with-vnc-key.sh
  * Add TLSNone to -securitytypes to increase security in xvnc@.service
libapparmor
- update zgrep profile to allow egrep helper use (bsc#1214458)
  - zgrep-profile-sync-with-master.diff

- Add pam_apparmor README, referenced from online cha-apparmor-pam.html
  documentation (bsc#1213472)
audit
- Enable livepatching on main library on x86_64.
avahi
- Add avahi-CVE-2023-38470.patch: Ensure each label is at least one
  byte long (bsc#1215947, CVE-2023-38470).

- Add avahi-CVE-2023-38473.patch: derive alternative host name from
  its unescaped version (bsc#1216419 CVE-2023-38473).
util-linux
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
  Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
  Add patch to util-linux-systemd and python3-libmount, as it was
  previously only included in util-linux.

- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9
libcap
- Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create()
  (bsc#1211418 / CVE-2023-2602) CVE-2023-2602.patch
- Fixed integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup()
  (bsc#1211419 / CVE-2023-2603) CVE-2023-2603.patch
c-ares
- Update to version 1.19.1
  Security:
  * CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service
    (bsc#1211604)
  * CVE-2023-31147 Moderate. Insufficient randomness in generation
    of DNS query IDs (bsc#1211605)
  * CVE-2023-31130. Moderate. Buffer Underwrite in
    ares_inet_net_pton() (bsc#1211606)
  * CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE
    during cross compilation (bsc#1211607)
  Bug fixes:
  * Fix uninitialized memory warning in test
  * ares_getaddrinfo() should allow a port of 0
  * Fix memory leak in ares_send() on error
  * Fix comment style in ares_data.h
  * Fix typo in ares_init_options.3
  * Sync ax_pthread.m4 with upstream
  * Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
libeconf
- Additional info for version 0.5.2:
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function. (CVE-2023-30078, CVE-2023-32181, bsc#1211078)
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function. (CVE-2023-30079, CVE-2023-22652, bsc#1211078)

- Update to version 0.5.2:
  * Fixed build for aarch64 and gcc13.
  * Making the output verbose when a test fails.
  * Fixed a stack-buffer-overflow vulnerability in "econf_writeFile"
    function.
  * Fixed a stack-buffer-overflow vulnerability in "read_file"
    function.
  * Added new feature: econf_set_conf_dirs (const char **dir_postfix_list)
    Sets a list of directory structures (with order) which describes
    the directories in which the files have to be parsed.
    E.G. with the given list: {"/conf.d/", ".d/", "/", NULL} files in following
    directories will be parsed:
    "<default_dirs>/<project_name>.<suffix>.d/"
    "<default_dirs>/<project_name>/conf.d/"
    "<default_dirs>/<project_name>.d/"
    "<default_dirs>/<project_name>/"
    The entry "<default_dirs>/<project_name>.<suffix>.d/" will be added
    automatically.
  * General code cleanup.

- Update to version 0.5.1:
  * Reading files in /usr/_vendor_/_example_._suffix_.d/* regardless
    there is a /etc/_example_._suffix_ file. (#175)

- Update to version 0.5.0:
  * API calls econf_read*WithCallback supporting a general (void *)
    argument for user defined data with which the callback function is
    called.
  * Tagged following functions deprecated:
    econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks, econf_reset_security_settings
    Use one of the econf_read*WithCallback functions instead.

- Update to version 0.4.9:
  * libeconf.h: added missing sys/types.h header (#171)
  * new API calls: econf_readFileWithCallback,
    econf_readDirsWithCallback, econf_readDirsHistoryWithCallback (#172)
  * Checking NULL comment parameter in the parsing functions.

- Update to version 0.4.8+git20221114.7ff7704:
  * Parsing files which are containing keys only (#170)
    All delimiters are allowed now : "", " =", " ", "=". But the
    user should use "" in order to be distinct.
  * /usr/etc/shells.d/<file_name> will not be parsed if
    /etc/shells.d/<file_name> is defined too.
  * Lto build fixed (#168)
  * New calls: econf_comment_tag, econf_delimiter_tag, econf_set_comment_tag,
    econf_set_delimiter_tag
  * Checking UID,GroupID, permissions,... of the parsed files (#165)
    New calls: econf_requireOwner, econf_requireGroup, econf_requirePermissions,
    econf_followSymlinks
  * Ignoring Group without brackets; Do not hold brackets in the internal data structure. (#164)
  * Error handling improved for nums and booleans (#163)
libfastjson
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
  large JSON file (bsc#1171479)
  add 0001-Fix-CVE-2020-12762.patch
libfido2
- Use openssl 1.1 still on SLES 15 SP4 to avoid pulling unnecessary
  openssl-3 dependency.  jsc#PED-4521

- Version 1.13.0 (2023-02-20)
  * Support for linking against OpenSSL on Windows; gh#668.
  * New API calls:
    + fido_assert_empty_allow_list;
    + fido_cred_empty_exclude_list.
  * fido2-token: fix issue when listing large blobs.
  * Improved support for different fuzzing engines.

- Version 1.12.0 (2022-09-22)
  * Support for COSE_ES384.
  * Support for hidraw(4) on FreeBSD; gh#597.
  * Improved support for FIDO 2.1 authenticators.
  * New API calls:
    + es384_pk_free;
    + es384_pk_from_EC_KEY;
    + es384_pk_from_EVP_PKEY;
    + es384_pk_from_ptr;
    + es384_pk_new;
    + es384_pk_to_EVP_PKEY;
    + fido_cbor_info_certs_len;
    + fido_cbor_info_certs_name_ptr;
    + fido_cbor_info_certs_value_ptr;
    + fido_cbor_info_maxrpid_minpinlen;
    + fido_cbor_info_minpinlen;
    + fido_cbor_info_new_pin_required;
    + fido_cbor_info_rk_remaining;
    + fido_cbor_info_uv_attempts;
    + fido_cbor_info_uv_modality.
  * Documentation and reliability fixes.
- Version 1.11.0 (2022-05-03)
  * Experimental PCSC support; enable with -DUSE_PCSC.
  * Improved OpenSSL 3.0 compatibility.
  * Use RFC1951 raw deflate to compress CTAP 2.1 largeBlobs.
  * winhello: advertise "uv" instead of "clientPin".
  * winhello: support hmac-secret in fido_dev_get_assert().
  * New API calls:
    + fido_cbor_info_maxlargeblob.
  * Documentation and reliability fixes.
  * Separate build and regress targets.

- Version 1.10.0 (2022-01-17)
  * hid_osx: handle devices with paths > 511 bytes; gh#462.
  * bio: fix CTAP2 canonical CBOR encoding in fido_bio_dev_enroll_*(); gh#480.
  * winhello: fallback to GetTopWindow() if GetForegroundWindow() fails.
  * winhello: fallback to hid_win.c if webauthn.dll isn’t available.
  * New API calls:
  - fido_dev_info_set;
  - fido_dev_io_handle;
  - fido_dev_new_with_info;
  - fido_dev_open_with_info.
  * Cygwin and NetBSD build fixes.
  * Documentation and reliability fixes.
  * Support for TPM 2.0 attestation of COSE_ES256 credentials.

- Use BuildRequires: openssl-devel instead of forcing 1.1 since 3.x
  is now supported.

- Version 1.9.0 (2021-10-27)
  * Enabled NFC support on Linux.
  * Added OpenSSL 3.0 compatibility.
  * Removed OpenSSL 1.0 compatibility.
  * Support for FIDO 2.1 "minPinLength" extension.
  * Support for COSE_EDDSA, COSE_ES256, and COSE_RS1 attestation.
  * Support for TPM 2.0 attestation.
  * Support for device timeouts; see fido_dev_set_timeout().
  * New API calls:
  - es256_pk_from_EVP_PKEY;
  - fido_cred_attstmt_len;
  - fido_cred_attstmt_ptr;
  - fido_cred_pin_minlen;
  - fido_cred_set_attstmt;
  - fido_cred_set_pin_minlen;
  - fido_dev_set_pin_minlen_rpid;
  - fido_dev_set_timeout;
  - rs256_pk_from_EVP_PKEY.
  * Reliability and portability fixes.
  * Better handling of HID devices without identification strings; gh#381.
  * Fixed detection of Windows’s native webauthn API; gh#382.

- Removed fix-cmake-linking.patch because no longer needed

- Update to version 1.8.0:
  * Dropped 'Requires.private' entry from pkg-config file.
  * Better support for FIDO 2.1 authenticators.
  * Support for Windows's native webauthn API.
  * Support for attestation format 'none'.
  * New API calls:
  - fido_assert_set_clientdata;
  - fido_cbor_info_algorithm_cose;
  - fido_cbor_info_algorithm_count;
  - fido_cbor_info_algorithm_type;
  - fido_cbor_info_transports_len;
  - fido_cbor_info_transports_ptr;
  - fido_cred_set_clientdata;
  - fido_cred_set_id;
  - fido_credman_set_dev_rk;
  - fido_dev_is_winhello.
  * fido2-token: new -Sc option to update a resident credential.
  * Documentation and reliability fixes.
  * HID access serialisation on Linux.
- disable fix-cmake-linking.patch, not needed currently

- Update to version 1.7.0:
  * hid_win: detect devices with vendor or product IDs > 0x7fff
  * Support for FIDO 2.1 authenticator configuration.
  * Support for FIDO 2.1 UV token permissions.
  * Support for FIDO 2.1 "credBlobs" and "largeBlobs" extensions.
  * New API calls
  * New fido_init flag to disable fido_dev_open’s U2F fallback
  * Experimental NFC support on Linux.
- Enabled hidapi again, issues related to hidapi are fixed upstream
  * Added fix-cmake-linking.patch to fix linking

- Update to version 1.6.0:
  * Fix OpenSSL 1.0 and Cygwin builds.
  * hid_linux: fix build on 32-bit systems.
  * hid_osx: allow reads from spawned threads.
  * Documentation and reliability fixes.
  * New API calls:
    + fido_cred_authdata_raw_len;
    + fido_cred_authdata_raw_ptr;
    + fido_cred_sigcount;
    + fido_dev_get_uv_retry_count;
    + fido_dev_supports_credman.
  * Hardened Windows build.
  * Native FreeBSD and NetBSD support.
  * Use CTAP2 canonical CBOR when combining hmac-secret and credProtect.
- Drop 7a17a4e9127fb6df6278f19396760e7d60a5862c.patch
- Do not build examples as their build fails
mozilla-nss
- update to NSS 3.90
  * bmo#1623338 - ride along: remove a duplicated doc page
  * bmo#1623338 - remove a reference to IRC
  * bmo#1831983 - clang-format lib/freebl/stubs.c
  * bmo#1831983 - Add a constant time select function
  * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access.
  * bmo#1830973 - output early build errors by default
  * bmo#1804505 - Update the technical constraints for KamuSM
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
  * bmo#1790763 - Enable default UBSan Checks
  * bmo#1786018 - Add explicit handling of zero length records
  * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
  * bmo#1786018 - Refactor zero length record tests
  * bmo#1829112 - Fix compiler warning via correct assert
  * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
  * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator
  * bmo#1784163 - Fix reading raw negative numbers
  * bmo#1748237 - Repairing unreachable code in clang built with gyp
  * bmo#1783647 - Integrate Vale Curve25519
  * bmo#1799468 - Removing unused flags for Hacl*
  * bmo#1748237 - Adding a better error message
  * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
  * bmo#1782980 - Fall back to the softokn when writing certificate trust
  * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
  * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
  * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes
  * bmo#1815796 - Add a CI task for tracking ECCKiila code status, update whitespace in ECCKiila files
  * bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
  * bmo#1822076 - fix rst warnings in nss doc
  * bmo#1821997 - Fix incorrect pygment style
  * bmo#1821292 - Change GYP directive to apply across platforms
  * Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- Add nss-fix-bmo1836925.patch to fix build-errors
- Merge the libfreebl3-hmac and libsoftokn3-hmac packages
  into the respective libraries. (bsc#1185116)
- update to NSS 3.89.1
  * bmo#1804505 - Update the technical constraints for KamuSM.
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates.
- update to NSS 3.89
  * bmo#1820834 - revert freebl/softoken RSA_MIN_MODULUS_BITS increase
  * bmo#1820175 - PR_STATIC_ASSERT is cursed
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1820175 - Fix unreachable code warning in fuzz builds
  * bmo#1820175 - Fix various compiler warnings in NSS
  * bmo#1820175 - Enable various compiler warnings for clang builds
  * bmo#1815136 - set PORT error after sftk_HMACCmp failure
  * bmo#1767883 - Need to add policy control to keys lengths for signatures
  * bmo#1804662 - remove data length assertion in sec_PKCS7Decrypt
  * bmo#1804660 - Make high tag number assertion failure an error
  * bmo#1817513 - CKM_SHA384_KEY_DERIVATION correction maximum key
    length from 284 to 384
  * bmo#1815167 - Tolerate certificate_authorities xtn in ClientHello
  * bmo#1789436 - Fix build failure on Windows
  * bmo#1811337 - migrate Win 2012 tasks to Azure
  * bmo#1810702 - fix title length in doc
  * bmo#1570615 - Add interop tests for HRR and PSK to GREASE suite
  * bmo#1570615 - Add presence/absence tests for TLS GREASE
  * bmo#1804688 - Correct addition of GREASE value to ALPN xtn
  * bmo#1789436 - CH extension permutation
  * bmo#1570615 - TLS GREASE (RFC8701)
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
- update to NSS 3.88.1
  * bmo#1804640 - improve handling of unknown PKCS#12 safe bag types
- update to NSS 3.88
  * bmo#1815870 - use a different treeherder symbol for each docker
    image build task
  * bmo#1815868 - pin an older version of the ubuntu:18.04 and
    20.04 docker images
  * bmo#1810702 - remove nested table in rst doc
  * bmo#1815246 - Export NSS_CMSSignerInfo_GetDigestAlgTag.
  * bmo#1812671 - build failure while implicitly casting SECStatus
    to PRUInt32
  * bmo#1212915 - Add check for ClientHello SID max length
  * bmo#1771100 - Added EarlyData ALPN test support to BoGo shim
  * bmo#1790357 - ECH client - Discard resumption TLS < 1.3
    Session(IDs|Tickets) if ECH configs are setup
  * bmo#1714245 - On HRR skip PSK incompatible with negotiated
    ciphersuites hash algorithm
  * bmo#1789410 - ECH client: Send ech_required alert on server
    negotiating TLS 1.2. Fixed misleading Gtest,
    enabled corresponding BoGo test
  * bmo#1771100 - Added Bogo ECH rejection test support
  * bmo#1771100 - Added ECH 0Rtt support to BoGo shim
  * bmo#1747957 - RSA OAEP Wycheproof JSON
  * bmo#1747957 - RSA decrypt Wycheproof JSON
  * bmo#1747957 - ECDSA Wycheproof JSON
  * bmo#1747957 - ECDH Wycheproof JSON
  * bmo#1747957 - PKCS#1v1.5 wycheproof json
  * bmo#1747957 - Use X25519 wycheproof json
  * bmo#1766767 - Move scripts to python3
  * bmo#1809627 - Properly link FuzzingEngine for oss-fuzz.
  * bmo#1805907 - Extending RSA-PSS bltest test coverage
    (Adding SHA-256 and SHA-384)
  * bmo#1804091 - NSS needs to move off of DSA for integrity checks
  * bmo#1805815 - Add initial testing with ACVP vector sets using
    acvp-rust
  * bmo#1806369 - Don't clone libFuzzer, rely on clang instead
- update to NSS 3.87
  * bmo#1803226 - NULL password encoding incorrect
  * bmo#1804071 - Fix rng stub signature for fuzzing builds
  * bmo#1803595 - Updating the compiler parsing for build
  * bmo#1749030 - Modification of supported compilers
  * bmo#1774654 - tstclnt crashes when accessing gnutls server
    without a user cert in the database.
  * bmo#1751707 - Add configuration option to enable source-based
    coverage sanitizer
  * bmo#1751705 - Update ECCKiila generated files.
  * bmo#1730353 - Add support for the LoongArch 64-bit architecture
  * bmo#1798823 - add checks for zero-length RSA modulus to avoid
    memory errors and failed assertions later
  * bmo#1798823 - Additional zero-length RSA modulus checks
- Remove nss-fix-bmo1774654.patch which is now upstream
- update to NSS 3.86
  * bmo#1803190 - conscious language removal in NSS
  * bmo#1794506 - Set nssckbi version number to 2.60
  * bmo#1803453 - Set CKA_NSS_SERVER_DISTRUST_AFTER and
    CKA_NSS_EMAIL_DISTRUST_AFTER for 3
    TrustCor Root Certificates
  * bmo#1799038 - Remove Staat der Nederlanden EV Root CA from NSS
  * bmo#1797559 - Remove EC-ACC root cert from NSS
  * bmo#1794507 - Remove SwissSign Platinum CA - G2 from NSS
  * bmo#1794495 - Remove Network Solutions Certificate Authority
  * bmo#1802331 - compress docker image artifact with zstd
  * bmo#1799315 - Migrate nss from AWS to GCP
  * bmo#1800989 - Enable static builds in the CI
  * bmo#1765759 - Removing SAW docker from the NSS build system
  * bmo#1783231 - Initialising variables in the rsa blinding code
  * bmo#320582 - Implementation of the double-signing of the message
    for ECDSA
  * bmo#1783231 - Adding exponent blinding for RSA.
- update to NSS 3.85
  * bmo#1792821 - Modification of the primes.c and dhe-params.c in
    order to have better looking tables
  * bmo#1796815 - Update zlib in NSS to 1.2.13
  * bmo#1796504 - Skip building modutil and shlibsign when building
    in Firefox
  * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
  * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
  * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
    and -Wtype-limits warnings
  * bmo#1796281 - Followup: add missing stdint.h include
  * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
  * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
    warnings on Windows
  * bmo#1796079 - Fix -Wstring-conversion warnings
  * bmo#1796075 - Fix -Wempty-body warnings
  * bmo#1795242 - Fix unused-but-set-parameter warning
  * bmo#1795241 - Fix unreachable-code warnings
  * bmo#1795222 - Mark _nss_version_c unused on clang-cl
  * bmo#1795668 - Remove redundant variable definitions in lowhashtest
  * Add note about python executable to build instructions.
- update to NSS 3.84
  * bmo#1791699 - Bump minimum NSPR version to 4.35
  * bmo#1792103 - Add a flag to disable building libnssckbi.
- update to NSS 3.83
  * bmo#1788875 - Remove set-but-unused variables from
    SEC_PKCS12DecoderValidateBags
  * bmo#1563221 - remove older oses that are unused part3/ BeOS
  * bmo#1563221 - remove older unix support in NSS part 3 Irix
  * bmo#1563221 - remove support for older unix in NSS part 2 DGUX
  * bmo#1563221 - remove support for older unix in NSS part 1 OSF
  * bmo#1778413 - Set nssckbi version number to 2.58
  * bmp#1785297 - Add two SECOM root certificates to NSS
  * bmo#1787075 - Add two DigitalSign root certificates to NSS
  * bmo#1778412 - Remove Camerfirma Global Chambersign Root from NSS
  * bmo#1771100 - Added bug reference and description to disabled
    UnsolicitedServerNameAck bogo ECH test
  * bmo#1779361 - Removed skipping of ECH on equality of private and
    public server name
  * bmo#1779357 - Added comment and bug reference to
    ECHRandomHRRExtension bogo test
  * bmo#1779370 - Added Bogo shim client HRR test support. Fixed
    overwriting of CHInner.random on HRR
  * bmo#1779234 - Added check for server only sending ECH extension
    with retry configs in EncryptedExtensions and if not
    accepting ECH. Changed config setting behavior to
    skip configs with unsupported mandatory extensions
    instead of failing
  * bmo# 1771100 - Added ECH client support to BoGo shim. Changed
    CHInner creation to skip TLS 1.2 only extensions to
    comply with BoGo
  * bmo#1771100 - Added ECH server support to BoGo shim. Fixed NSS ECH
    server accept_confirmation bugs
  * bmo#1771100 - Update BoGo tests to recent BoringSSL version
  * bmo#1785846 - Bump minimum NSPR version to 4.34.1
- update to NSS 3.82
  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state
  * bmo#1735925 - QuickDER: Forbid NULL tags with non-zero length
  * bmo#1784724 - Initialize local variables in
    TlsConnectTestBase::ConnectAndCheckCipherSuite
  * bmo#1784191 - Cast the result of GetProcAddress
  * bmo#1681099 - pk11wrap: Tighten certificate lookup based on
    PKCS #11 URI.
- update to NSS 3.81
  * bmo#1762831 - Enable aarch64 hardware crypto support on OpenBSD
  * bmo#1775359 - make NSS_SecureMemcmp 0/1 valued
  * bmo#1779285 - Add no_application_protocol alert handler and
    test client error code is set
  * bmo#1777672 - Gracefully handle null nickname in
    CERT_GetCertNicknameWithValidity
  * required for Firefox 104
- raised NSPR requirement to 4.34.1
- changing some Requires from (pre) to generic as (pre) is not
  sufficient (boo#1202118)
- update to NSS 3.80
  * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h.
  * bmo#1617956 - Add support for asynchronous client auth hooks.
  * bmo#1497537 - nss-policy-check: make unknown keyword check optional.
  * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations
    by allocating it on initialization. Replaced
    redundant code with assert. Debug builds: Added
    buffer freeing/allocation for each record.
  * bmo#1773022 - Mark 3.79 as an ESR release.
  * bmo#1764206 - Bump nssckbi version number for June.
  * bmo#1759815 - Remove Hellenic Academic 2011 Root.
  * bmo#1770267 - Add E-Tugra Roots.
  * bmo#1768970 - Add Certainly Roots.
  * bmo#1764392 - Add DigitCert Roots.
  * bmo#1759794 - Protect SFTKSlot needLogin with slotLock.
  * bmo#1366464 - Compare signature and signatureAlgorithm fields in
    legacy certificate verifier.
  * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld.
  * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg.
  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
  * bmo#1760998 - Avoid data race on primary password change.
  * bmo#1769063 - Replace ppc64 dcbzl intrinisic.
  * bmo#1771036 - Allow LDFLAGS override in makefile builds.
freetype2
- Added patch:
  * CVE-2023-2004.patch
    + fixes bsc#1210419, CVE-2023-2004: Integer overflow
libjansson
- Update to 2.14 (boo#1201817):
  * New Features:
    + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the
    corresponding `nocheck` functions.
    + Add jansson_version_str() and jansson_version_cmp() for runtime
    version checking
    + Add json_object_update_new(), json_object_update_existing_new()
    and json_object_update_missing_new() functions
    + Add json_object_update_recursive()
    + Add `json_pack()` format specifiers s*, o* and O* for values
    that can be omitted if null (#339).
    + Add `json_error_code()` to retrieve numeric error codes
    (#365, #380, #381).
    + Enable thread safety for `json_dump()` on all systems.
    Enable thread safe `json_decref()` and `json_incref()` for
    modern compilers (#389).
    + Add `json_sprintf()` and `json_vsprintf()` (#393).
  * Fixes:
    + Handle `sprintf` corner cases.
    + Add infinite loop check in json_deep_copy()
    + Enhance JANSSON_ATTRS macro to support earlier C standard(C89)
    + Update version detection for sphinx-build
    + Fix error message in `json_pack()` for NULL object (#409).
    + Avoid invalid memory read in `json_pack()` (#421).
    + Call va_end after va_copy in `json_vsprintf()` (#427).
    + Improve handling of formats with '?' and '*' in `json_pack()`
    (#438).
    + Remove inappropriate `jsonp_free()` which caused
    segmentation fault in error handling (#444).
    + Fix incorrect report of success from `json_dump_file()` when
    an error is returned by `fclose()` (#359).
    + Make json_equal() const-correct (#344).
    + Fix incomplete stealing of references by `json_pack()` (#374)
- Use GitHub as source URLs: Release hasn't been uploaded to digip.org.
- Add check section.
openldap2
- bsc#1212260 - crash in libldap when non-ldap data responds
  * 0245-ITS-9803-Drop-connection-when-receiving-non-LDAP-dat.patch

- bsc#1211795 - CVE-2023-2953 - Null pointer deref in ber_memalloc_x
  * 0244-ITS-9904-ldif_open_url-check-for-ber_strdup-failure.patch
liblognorm
- Upgrade to liblognorm v2.0.6 (jsc#PED-4883)
  * 2018-11-02: nitfixes: issues deteced by CodeFactor.com
  * 2018-11-01: more cleanup of shell scripting
  * 2018-10-31: cleanup shell scripting
  * 2018-10-26: implement Checkpoint LEA transfer format
  * 2018-10-31: fix mising shebangs in test scripts
  * 2018-10-30: fix some bash style nits
  * 2018-07-15: fix very theoretic misadressing (gcc-8 warning)
  * 2018-06-26: string parser: add "lazy" matching mode
  * 2018-05-30: Update lognormalizer.c
  * 2018-05-30: Update lognormalizer.c to support case fallthrough
  * 2018-05-30: Update README
  * 2018-05-10: Fix for #229 (cisco-interface-spec at end of line)
  * 2018-03-21: Suppress invalid param error for name to fix #270
- Upgrade to liblognorm v2.0.5
  * 2018-04-25: fix potential NULL pointer addressing
  * 2018-04-07: Add test for nested user types
  * 2018-04-07: Fix use after free with nested user types (#235)
  * 2018-04-25: build system: fix gcc warning
  * 2018-04-25: make "make check" "succeed" on solaris 10
  * 2018-04-16: fix build warnings with some newer compilers
  * 2018-04-16: remove dead code
  * 2018-04-16: fix potential memory leaks during config processing
  * 2018-04-16: fix memory leak during config processing
  * 2018-04-16: csv encoder: fix format error when processing arrays
  * 2018-03-29: Explicitly list supported whitespace characters
  * 2018-03-28: "fix" return type of unused dummy function
  - replaces liblognorm-2.0.4-no-return-in-nonvoid-function.patch
  * 2018-03-21: Suppress invalid param error for name to fix #270
  * 2018-03-19: fix header guard
  * 2018-03-06: Correct CLI options in the docs
  * 2018-01-13: AIX port : added compatibility and modified lognormalizer for AIX.
  * 2017-11-29: codestyle: correct line length to 120
  * 2017-11-29: codestyle: set max line length to 120
  * 2017-11-25: fix some very bad line length violations
  * 2017-11-25: travis: temporarily permit longer line length
  * 2017-10-19: make build with gcc7
  * 2017-10-05: es_str2cstr leak in string-to v1 parse
nftables
- add 0001-evaluate-reject-support-ethernet-as-L2-protocol-for-.patch: this
  fixes a crash in nftables if layer2 reject rules are processed (e.g.
  Ethernet MAC address based reject rich rule in firewalld, bsc#1210773).
nghttp2
- security update
- added patches
  fix CVE-2023-44487 [bsc#1216123], HTTP/2 Rapid Reset Attack
  + nghttp2-CVE-2023-44487.patch

- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
  sent, and nghttp2_on_stream_close_callback fails with a fatal error.
  [CVE-2023-35945 bsc#1215713]
  + nghttp2-CVE-2023-35945.patch
openssl-1_1
- Security fix: [bsc#1216922, CVE-2023-5678]
  * Fix excessive time spent in DH check / generation with large Q
    parameter value.
  * Applications that use the functions DH_generate_key() to generate
    an X9.42 DH key may experience long delays. Likewise,
    applications that use DH_check_pub_key(), DH_check_pub_key_ex
    () or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42
    DH parameters may experience long delays. Where the key or
    parameters that are being checked have been obtained from an
    untrusted source this may lead to a Denial of Service.
  * Add openssl-CVE-2023-5678.patch

- Displays "fips" in the version string (bsc#1215215)
  * Add openssl-1_1-fips-bsc1215215_fips_in_version_string.patch

- Security fix: (bsc#1213853, CVE-2023-3817)
  * Fix excessive time spent checking DH q parameter value
    (bsc#1213853, CVE-2023-3817). The function DH_check() performs
    various checks on DH parameters. After fixing CVE-2023-3446 it
    was discovered that a large q parameter value can also trigger
    an overly long computation during some of these checks. A
    correct q value, if present, cannot be larger than the modulus
    p parameter, thus it is unnecessary to perform these checks if
    q is larger than p. If DH_check() is called with such q parameter
    value, DH_CHECK_INVALID_Q_VALUE return flag is set and the
    computationally intensive checks are skipped.
  * Add openssl-1_1-CVE-2023-3817.patch

- Dont pass zero length input to EVP_Cipher because assembler
  optimized AES cannot handle zero size. [bsc#1213517]
  * Add openssl-dont-pass-zero-length-input-to-EVP_Cipher.patch

- Security fix: [bsc#1213487, CVE-2023-3446]
  * Fix DH_check() excessive time with over sized modulus.
  * The function DH_check() performs various checks on DH parameters.
    One of those checks confirms that the modulus ("p" parameter) is
    not too large. Trying to use a very large modulus is slow and
    OpenSSL will not normally use a modulus which is over 10,000 bits
    in length.
    However the DH_check() function checks numerous aspects of the
    key or parameters that have been supplied. Some of those checks
    use the supplied modulus value even if it has already been found
    to be too large.
    A new limit has been added to DH_check of 32,768 bits. Supplying
    a key/parameters with a modulus over this size will simply cause
    DH_check() to fail.
  * Add openssl-CVE-2023-3446.patch openssl-CVE-2023-3446-test.patch

- Check OCSP RESPONSE in s_client and terminate connection if a
  revoked certificate is found. Add OCSP_RESPONSE_check_status()
  function to do that check. [bsc#1212623]
  * Add openssl-s_client-check-ocsp-status.patch

- Security Fix: [bsc#1207534, CVE-2022-4304]
  * Reworked the Fix for the Timing Oracle in RSA Decryption
    The previous fix for this timing side channel turned out to cause
    a severe 2-3x performance regression in the typical use case
    compared to 1.1.1s.
  * Add openssl-CVE-2022-4304.patch
  * Removed patches:
  - openssl-CVE-2022-4304-1of2.patch
  - openssl-CVE-2022-4304-2of2.patch
  * Refreshed patches:
  - openssl-CVE-2023-0464.patch
  - openssl-CVE-2023-0465.patch

- Update further expiring certificates that affect tests [bsc#1201627]
  * Add openssl-Update-further-expiring-certificates.patch

- Security Fix: [CVE-2023-2650, bsc#1211430]
  * Possible DoS translating ASN.1 object identifiers
  * Add openssl-CVE-2023-2650.patch
pacemaker
- controller: do not check whether watchdog fencing is enabled for the node if `stonith-watchdog-timeout` is not even configured (bsc#1213125)
  * bsc#1213125-0001-Fix-controller-do-not-check-whether-watchdog-fencing.patch

- fencing: don't warn if cluster has no watchdog device (rh#1470834, bsc#1213125)
  * bsc#1213125-0001-Log-fencing-don-t-warn-if-cluster-has-no-watchdog-de.patch

- controller: update node state correctly based on any existing node cache entry (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098)
  * bsc#1198767-0006-Fix-controller-update-node-state-correctly-based-on-.patch
- libcrmcluster: internal functions for getting a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098)
  * bsc#1198767-0005-Refactor-libcrmcluster-internal-functions-for-gettin.patch
- libcrmcluster: ability to search for a node cache entry by uuid instead of id (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098)
  * bsc#1198767-0004-Refactor-libcrmcluster-ability-to-search-for-a-node-.patch
- cts-scheduler: update regression test about not fencing a pending node that doesn't have an uname in node state yet (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098)
  * bsc#1198767-0003-Test-cts-scheduler-update-regression-test-about-not-.patch
- scheduler: Do not fence a pending node that doesn't have an uname in node state yet (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098)
  * bsc#1198767-0002-Fix-scheduler-Do-not-fence-a-pending-node-that-doesn.patch
- cts-scheduler: add regression test about a pending node that doesn't have an uname in node state yet (bsc#1198767, bsc#1202177, bsc#1206268, bsc#1208380, bsc#1211098)
  * bsc#1198767-0001-Test-cts-scheduler-add-regression-test-about-a-pendi.patch

- rpm: build with --with-sbd-sync-default="true" only for sle_version >= 150400 (bsc#1180966)
- rpm: build with --enable-legacy-links only for suse_version < 1600
- rpm: build with --enable-compat-2.0 only for suse_version < 1600
- rpm: build with --with-concurrent-fencing-default=true only for sle_version >= 150400
- rpm: build with --with-resource-stickiness-default=1 only for sle_version >= 150400
- rpm: build with --with-nagios=true only for suse_version < 1600
- agents: create symlink ocf:pacemaker:NodeUtilization only for suse_version < 1600 in favor of ocf:heartbeat:NodeUtilization (bsc#1070347)

- rpm: avoid bare wildcards under shared directories in spec

- daemons: pacemakerd -S should wait for shutdown before returning (bsc#1210857)
  * bsc#1210857-0001-Low-daemons-pacemakerd-S-should-wait-for-shutdown-be.patch

- fencer: fencing timeout sent to peer takes no delay into account (bsc#1210074)
  * bsc#1210074-0011-Fix-fencer-fencing-timeout-sent-to-peer-takes-no-del.patch
- libpacemaker: initial timeout for fencing callback takes any requested fencing delay into account (bsc#1210074)
  * bsc#1210074-0010-Fix-libpacemaker-initial-timeout-for-fencing-callbac.patch
- controller: use "target" terminology consistently (bsc#1210074)
  * bsc#1210074-0009-Log-controller-use-target-terminology-consistently.patch
- controller: log fencing timeout consistently in seconds as priority fencing delay (bsc#1210074)
  * bsc#1210074-0008-Log-controller-log-fencing-timeout-consistently-in-s.patch
- controller: initial timeout for fencing callback takes any priority fencing delay into account (bsc#1210074)
  * bsc#1210074-0007-Fix-controller-initial-timeout-for-fencing-callback-.patch
- fencer: apply requested fencing delay only for the first device (bsc#1210074)
  * bsc#1210074-0006-Fix-fencer-apply-requested-fencing-delay-only-for-th.patch
- fencer: fencing timeouts take any pcmk_delay_base into account (bsc#1210074)
  * bsc#1210074-0005-Fix-fencer-fencing-timeouts-take-any-pcmk_delay_base.patch
- fencer: add correct values of pcmk_delay_base/max to query rely (bsc#1210074)
  * bsc#1210074-0004-Fix-fencer-add-correct-values-of-pcmk_delay_base-max.patch
- fencer: per-operation fencing timeout takes any requested fencing delay into account (bsc#1210074)
  * bsc#1210074-0003-Fix-fencer-per-operation-fencing-timeout-takes-any-r.patch
- fencer: total fencing timeout takes any requested fencing delay into account (bsc#1210074)
  * bsc#1210074-0002-Fix-fencer-total-fencing-timeout-takes-any-requested.patch
- cts-fencing: regression test for fencing timeouts taking fencing delays into account (bsc#1210074)
  * bsc#1210074-0001-Test-cts-fencing-regression-test-for-fencing-timeout.patch

- cts-fencing: update expected total timeouts
  * 0001-Test-cts-fencing-update-expected-total-timeouts.patch
- fenced: Correctly log the total fencing timeout.
  * 0001-Low-fenced-Correctly-log-the-total-fencing-timeout.patch

- controller: avoid use-after-free when disconnecting proxy IPCs during shutdown (bsc#1209640)
  * bsc#1209640-0001-Fix-controller-avoid-use-after-free-when-disconnecti.patch

- controller: Delay join finalization if a transition is in progress
  * 0001-Fix-controller-Delay-join-finalization-if-a-transiti.patch

- extra/resources/SysInfo.in: This calculation of cpu_load returns an incorrect value in Darwin and Linux
  * 0001-Fix-extra-resources-SysInfo.in-This-calculation-of-c.patch

- libcrmcommon: allow crm_attribute to try OCF_RESOURCE_INSTANCE environment variable if -p is specified with an empty string (bsc#1209586)
  * bsc#1209586-0001-Fix-libcrmcommon-allow-crm_attribute-to-try-OCF_RESO.patch

- Revert "Fix: libpacemaker: ensure any pending recurring monitor gets updated if it fails" (bsc#1206263)
  * Drop obsolete bsc#1206263-0004-Fix-libpacemaker-ensure-any-pending-recurring-monito.patch
- tool: update crm_mon synopsis (bsc#1208868)
  * bsc#1208868-0001-Fix-tool-update-crm_mon-synopsis.patch

- libcrmcommon: Don't parse "-INFINITY" as a list of cmdline options (CLBZ#5509)
  * CLBZ#5509-0001-Fix-libcrmcommon-Don-t-parse-INFINITY-as-a-list-of-c.patch
- tools: crm_shadow --commit now works with CIB_file
  * 0001-Fix-tools-crm_shadow-commit-now-works-with-CIB_file.patch
- watchdog-fencing: correctly derive timeout with topology
  * 0003-Fix-watchdog-fencing-correctly-derive-timeout-with-t.patch
  * 0002-Refactor-watchdog-fencing-convenience-function-pcmk_.patch
- watchdog-fencing: terminate dangling timer before watchdog-waiting
  * 0001-Fix-watchdog-fencing-terminate-dangling-timer-before.patch
- libcrmcommon: Fix problems with pcmk__output_and_clear_error.
  * 0001-Low-libcrmcommon-Fix-problems-with-pcmk__output_and_.patch

- libcrmcommon: Fix an IPC-related memory leak. (bsc#1208544)
  * bsc#1208544-0001-Low-libcrmcommon-Fix-an-IPC-related-memory-leak.patch

- fencer: Prevent double g_source_remove of op_timer_one (rh#2166967)
  * rh#2166967-0001-Fix-fencer-Prevent-double-g_source_remove-of-op_time.patch

- libpacemaker: avoid assertion failure if a node_state entry doesn't have an uname yet (bsc#1207319)
  * bsc#1207319-0002-Fix-libpacemaker-avoid-assertion-failure-if-a-node_s.patch
- libpacemaker: unify bailing out in pcmk__inject_node() (bsc#1207319)
  * bsc#1207319-0001-Refactor-libpacemaker-unify-bailing-out-in-pcmk__inj.patch
parted
- fix null pointer dereference (bsc#1193412)
  - add: parted-fix-check-diskp-in-do_name.patch
- update mkpart options in manpage (bsc#1182142)
  - add: parted-mkpart-manpage.patch
pciutils
- Apply "lspci-Fixed-buffer-overflows-in-ls-tree.c.patch" to fix a
  buffer overflow error that would cause lspci to crash on systems
  with complex topologies. [bsc#1215265]
- Add "pciutils.keyring" so that the tarball's signature can be
  verified at build time.
- Use "%license" tag instead of "%doc" to install the package's
  license file.
pcre2
- Security fix: [bsc#1213514, CVE-2022-41409]
  * Integer overflow vulnerability in pcre2test before 10.41
    allows attackers to cause a denial of service or other
    unspecified impacts via negative input.
  * Add pcre2-CVE-2022-41409.patch
procps
- Add patch CVE-2023-4016.patch
  * CVE-2023-4016: ps buffer overflow (bsc#1214290)
python3
- Add CVE-2023-40217-avoid-ssl-pre-close.patch fixing
  gh#python/cpython#108310, backport from upstream patch
  gh#python/cpython#108315
  (bsc#1214692, CVE-2023-40217)

- Add 99366-patch.dict-can-decorate-async.patch fixing
  gh#python/cpython#98086 (backport from Python 3.10 patch in
  gh#python/cpython!99366), fixing bsc#1211158.

- Add CVE-2007-4559-filter-tarfile_extractall.patch to fix
  CVE-2007-4559 (bsc#1203750) by adding the filter for
  tarfile.extractall (PEP 706).

- Use python3 modules to build the documentation.
libqb
- log: fix potential overflow with long log messages (CVE-2023-39976, bsc#1214066)
  * bsc#1214066-0001-fix-potential-overflow-with-long-log-messages.patch
libsigc++2
- Add libsigc++2-remove-unnecessary-executable-flag-from-file.patch:
  cancel executable permission for file
  /usr/share/doc/packages/libsigc-2_0-0/NEWS(bsc#1209094,bsc#1209140).
libsolv
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
  [bsc#1195633]
- bump version to 0.7.24
sqlite3
- Sync version 3.44.0 from Factory
  * Fixes bsc#1210660, CVE-2023-2137: Heap buffer overflow
  * sqlite3-rtree-i686.patch: temporary build fix for 32-bit x86.
  * Obsoletes sqlite-CVE-2022-46908.patch
  * Obsoletes sqlite-src-3390000-func7-pg-181.patch
libssh2_org
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
  * Add the keyring file: libssh2_org.keyring
  * Rebase libssh2-ocloexec.patch
  * Remove libssh2_org-CVE-2020-22218.patch

- Security fix: [bsc#1214527, CVE-2020-22218]
  * The function _libssh2_packet_add() allows to access out of
    bounds memory.
  * Add libssh2_org-CVE-2020-22218.patch

- Update to 1.11.0:
  * Enhancements and bugfixes
  - Adds support for encrypt-then-mac (ETM) MACs
  - Adds support for AES-GCM crypto protocols
  - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
  - Adds support for RSA certificate authentication
  - Adds FIDO support with *_sk() functions
  - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
  - Adds Agent Forwarding and libssh2_agent_sign()
  - Adds support for Channel Signal message libssh2_channel_signal_ex()
  - Adds support to get the user auth banner message libssh2_userauth_banner()
  - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
    AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
  - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
  - Adds wolfSSL support to CMake file
  - Adds mbedTLS 3.x support
  - Adds LibreSSL 3.5 support
  - Adds support for CMake "unity" builds
  - Adds CMake support for building shared and static libs in a single pass
  - Adds symbol hiding support to CMake
  - Adds support for libssh2.rc for all build tools
  - Adds .zip, .tar.xz and .tar.bz2 release tarballs
  - Enables ed25519 key support for LibreSSL 3.7.0 or higher
  - Improves OpenSSL 1.1 and 3 compatibility
  - Now requires OpenSSL 1.0.2 or newer
  - Now requires CMake 3.1 or newer
  - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
  - SFTP: No longer has a packet limit when reading a directory
  - SFTP: now parses attribute extensions if they exist
  - SFTP: no longer will busy loop if SFTP fails to initialize
  - SFTP: now clear various errors as expected
  - SFTP: no longer skips files if the line buffer is too small
  - SCP: add option to not quote paths
  - SCP: Enables 64-bit offset support unconditionally
  - Now skips leading \r and \n characters in banner_receive()
  - Enables secure memory zeroing with all build tools on all platforms
  - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
  - Speed up base64 encoding by 7x
  - Assert if there is an attempt to write a value that is too large
  - WinCNG: fix memory leak in _libssh2_dh_secret()
  - Added protection against possible null pointer dereferences
  - Agent now handles overly large comment lengths
  - Now ensure KEX replies don't include extra bytes
  - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
  - Fixed possible buffer overflow in keyboard interactive code path
  - Fixed overlapping memcpy()
  - Fixed Windows UWP builds
  - Fixed DLL import name
  - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
  - Support for building with gcc versions older than 8
  - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
  - Restores ANSI C89 compliance
  - Enabled new compiler warnings and fixed/silenced them
  - Improved error messages
  - Now uses CIFuzz
  - Numerous minor code improvements
  - Improvements to CI builds
  - Improvements to unit tests
  - Improvements to doc files
  - Improvements to example files
  - Removed "old gex" build option
  - Removed no-encryption/no-mac builds
  - Removed support for NetWare and Watcom wmake build files
  * Rebase libssh2-ocloexec.patch

- Bump to version 1.10.0
    Enhancements and bugfixes:
  * support ECDSA certificate authentication
  * fix detailed _libssh2_error being overwritten by generic errors
  * unified error handling
  * fix _libssh2_random() silently discarding errors
  * don't error if using keys without RSA
  * avoid OpenSSL latent error in FIPS mode
  * fix EVP_Cipher interface change in openssl 3
  * fix potential overwrite of buffer when reading stdout of command
  * use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
  * correct a typo which may lead to stack overflow
  * fix random big number generation to match openssl
  * added key exchange group16-sha512 and group18-sha512.
  * add support for an OSS Fuzzer fuzzing target
  * adds support for ECDSA for both key exchange and host key algorithms
  * clean up curve25519 code
  * update the min, preferred and max DH group values based on RFC 8270.
  * changed type of LIBSSH2_FX_* constants to unsigned long
  * added diffie-hellman-group14-sha256 kex
  * fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
  * fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
  * fixes crash with delayed compression option using Bitvise server.
  * adds support for PKIX key reading
  * use new API to parse data in packet_x11_open() for better bounds checking.
  * double the static buffer size when reading and writing known hosts
  * improved bounds checking in packet_queue_listener
  * improve message parsing (CVE-2019-17498)
  * improve bounds checking in kex_agree_methods()
  * adding SSH agent forwarding.
  * fix agent forwarding message, updated example.
  * added integration test code and cmake target. Added example to cmake list.
  * don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
  * add an EWOULDBLOCK check for better portability
  * fix off by one error when loading public keys with no id
  * fix use-after-free crash on reinitialization of openssl backend
  * preserve error info from agent_list_identities()
  * make sure the error code is set in _libssh2_channel_open()
  * fixed misspellings
  * fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
  * rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
- Rebased patch libssh2-ocloexec.path
- Removed patch libssh2_org-CVE-2019-17498.patch: the security fix
    is already included in the latest version.
libstorage-ng
- add support for MD RAID type LINEAR (bsc#1215022)
  new patch:
  + linear.patch
suseconnect-ng
- Update to version 1.4.0~git0.b0f7c25bfdfa
  * Added EULA display for addons (bsc#1170267)
  * Fix zypper argument for auto-agreeing licenses (bsc#1214781)
  * Enable building on SLE12 SP5 (jsc#PED-3179)

- Update to version 1.3.0
  * Track .changes file in git

- Update to version 1.2.0~git0.abd0fec:
  * enhance docs for package testing
  * Fixed `provides` to work with yast2-registration on SLE15 < SP4 (bsc#1212799)
  * Improve error message if product set more than once

- Update to version 1.1.0~git2.f42b4b2a060e:
  * Keep keepalive timer states when replacing SUSEConnect (bsc#1211588)
systemd
- Import commit b473c02cc08e093e370034425671cbc001c6748e
  02caac7973 units/initrd-parse-etc.service: Conflict with emergency.target
  70b3bff9f8 sd-device-monitor: dynamically allocate receive buffer (bsc#1213873)
  e2e1fbba2b sd-device: change type of properties nulstr from uint8_t* to char*
  c9d3dd5954 udev: set description for device monitor
  3f07f44fde test: use sd_device_monitor_set_description()
  b304a1e1a2 sd-device-monitor: logs description for device monitor
  929d4066c5 sd-device-monitor: introduce sd_device_monitor_{set,get}_description()
  340e523048 sd-device-monitor: fix inversed condition
  02659c7b67 tree-wide: port various places over to new stat_inode_same() helper
  b35a4b042a stat-util: add helper stat_inode_same() for comparing stat's st_dev/st_ino in one
  d25219cbe3 libsystemd: ignore both EINTR and EAGAIN
  648a151313 errno-util: introduce ERRNO_IS_TRANSIENT()

- Import commit 155fe1917157bdeecf7e28ef0ea9f62084f27f14
  3b8c671f90 detach-md: similar to the DM case, also don't try to detach MD device backing /usr/ (bsc#1211576)
  6da5d2d1fc shutdown: don't attempt to detach DM volume backing /usr/ (bsc#1211576)
  37178881c1 udev: decrease devlink priority for iso disks (bsc#1213185)
  02ede28319 shutdown: get only active md arrays. (bsc#1212434 bsc#1213575 bsc#1211576)
  412b8dbb32 umount: /usr/ should never be unmounted regardless of HAVE_SPLIT_USR or not (bsc#1211576)
  16f897570a units: remove the restart limit on the modprobe@.service
  e4e85b08bd tests: add test case for long unit names
  3f84b06f9d core: shorten long unit names that are based on paths and append path hash at the end (bsc#1208194)

- Add 5001-sleep-don-t-init-sys-power-resume-if-resume-option-i.patch (bsc#1186606)

- Make sure to pre-install the groups systemd and udev rely on. This is needed
  when the tmpfiles are run at package installation time (i.e. when
  file-triggers are disabled).

- Move more packaging fixups in the fixlet script.

- Move the persistent net rule fix in udev fixlet script.

- Rather than having one script per fix, use a single script (or "fixlet") per
  (sub) package that contains all the fixups relative to a (sub) package. This
  has the advantage to limit the number of scripts but more importantly it will
  ease the sharing of the spec file between TW and SLE. We should also be able
  to compare the fixlets of two distros even if the spec files have diverged.
  Note that all the fixups are run just once now.

- kbd-model-map.legacy:: add 'ara' which should replace 'arabic' in the long
  term (bsc#1210702)

- kbd-model-map.legacy: drop some entries no longer needed by YaST
  Related to bsc#1194609.

- Include pam_keyinit.so in our systemd-user PAM service (bsc#1209741)
  That way "systemd --user" instances get their own session keyring instead of
  the user default session keyring. For some reasons cifscreds refuses to work
  with the latter. That's what is expected for every PAM session anyway.

- Import commit 6441bb41141aaa8bfb63559917362748a3044c15
  165ca0d018 udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)

- Update 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1203141)
  Optimize when hundred workers claim the same symlink with the same priority.

- Update 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
  Since commit 38f3e20883ff658935aae5c9 (v248), the symlinks /dev/cdrw and
  /dev/dvdrw could have no longer been created. Futhermore the rule added by
  this patch dealing with /dev/cdrom was redundant with the upstream one
tiff
- security update:
  * CVE-2023-38289 [bsc#1213589]
    + tiff-CVE-2023-38289.patch
  * CVE-2023-38288 [bsc#1213590]
    + tiff-CVE-2023-38288.patch
  * CVE-2023-3576 [bsc#1213273]
    + tiff-CVE-2023-3576.patch
  * CVE-2020-18768 [bsc#1214574]
    + tiff-CVE-2020-18768.patch
  * CVE-2023-26966 [bsc#1212881]
    + tiff-CVE-2023-26966.patch
  * CVE-2023-3618 [bsc#1213274]
    + tiff-CVE-2023-3618.patch
  * CVE-2023-2908 [bsc#1212888]
    + tiff-CVE-2023-2908.patch
  * CVE-2023-3316 [bsc#1212535]
    + tiff-CVE-2023-3316.patch

- security update:
  * CVE-2023-0795 [bsc#1208226]
  * CVE-2023-0796 [bsc#1208227]
  * CVE-2023-0797 [bsc#1208228]
  * CVE-2023-0798 [bsc#1208229]
  * CVE-2023-0799 [bsc#1208230]
  * CVE-2023-25433 [bsc#1212883]
    + tiff-CVE-2023-0795,CVE-2023-0796,CVE-2023-0797,CVE-2023-0798,CVE-2023-0799.patch
  * CVE-2023-0800 [bsc#1208231]
  * CVE-2023-0801 [bsc#1208232]
  * CVE-2023-0802 [bsc#1208233]
  * CVE-2023-0803 [bsc#1208234]
  * CVE-2023-0804 [bsc#1208236]
    + tiff-CVE-2023-0800,CVE-2023-0801,CVE-2023-0802,CVE-2023-0803,CVE-2023-0804.patch
libtirpc
- fix sed parsing for libtirpc.pc.in in specfile (boo#1216862)

-  update to 1.3.4 (bsc#1199467)
  * binddynport.c honor ip_local_reserved_ports
  - replaces: binddynport-honor-ip_local_reserved_ports.patch
  * gss-api: expose gss major/minor error in authgss_refresh()
  * rpcb_clnt.c: Eliminate double frees in delete_cache()
  * rpcb_clnt.c: memory leak in destroy_addr
  * portmapper: allow TCP-only portmapper
  * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep
  * clnt_raw.c: fix a possible null pointer dereference
  * bindresvport.c: fix a potential resource leakage
- update to 1.3.3 (bsc#1201680, CVE-2021-46828):
  * Fix DoS vulnerability in libtirpc
  - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch
  * _rpc_dtablesize: use portable system call
  * libtirpc: Fix use-after-free accessing the error number
  * Fix potential memory leak of parms.r_addr
  - replaces 0001-fix-parms.r_addr-memory-leak.patch
  * rpcb_clnt.c add mechanism to try v2 protocol first
  - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  * Eliminate deadlocks in connects with an MT environment
  * clnt_dg_freeres() uncleared set active state may deadlock
  * thread safe clnt destruction
  * SUNRPC: mutexed access blacklist_read state variable
  * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c
- drop 0001-Fix-DoS-vulnerability-in-libtirpc.patch (upstream)
- update to 1.3.2:
  * Replace the final SunRPC licenses with BSD licenses
  * blacklist: Add a few more well known ports
  * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS
- Update to libtirpc 1.3.1
  * Remove AUTH_DES interfaces from auth_des.h
    The unsupported  AUTH_DES authentication has be
    compiled out since commit d918e41d889 (Wed Oct 9 2019)
    replaced by API routines that return errors.
  * svc_dg: Free xp_netid during destroy
  * Fix memory management issues of fd locks
  * libtirpc: replace array with list for per-fd locks
  * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf
  * __rpc_dtbsize: rlim_cur instead of rlim_max
  * pkg-config: use the correct replacements for libdir/includedir
  Patches replaced by update:
  binddynport-honor-ip_local_reserved_ports.patch (bsc#1199467)
  0001-Fix-DoS-vulnerability-in-libtirpc.patch (bsc#1201680)
  0001-fix-parms.r_addr-memory-leak.patch (bsc#1198752)
  0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
  (bsc#1196647), (bsc#1200800), (bsc#1198176)
  * replaces /etc/netconfig-try-2-first by the environment variable
  RPCB_V2FIRST
libvirt
- CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList
  6425a311-virpci-Resolve-leak-in-virPCIVirtualFunctionList.patch
  bsc#1211390

- qemu: Fix potential crash during driver cleanup
  15277033-qemu-Fix-potential-crash-during-driver-cleanup.patch
  bsc#1209861

- Apparmor: Add support for SUSE edk2 firmware paths
  4959490e-support-SUSE-edk2-firmware-paths.patch
  boo#1208567

- Fix lxc container initialization with systemd and hybrid cgroups
  suse-fix-lxc-container-init.patch
  boo#1183247

- qemu: Support specifying the virtual CPU address size in bits
  95c95f1b-virml-Introduce-VIR_XML_PROP_NONNEGATIVE-flag.patch,
  e6c29f09-conf-Add-support-for-specifying-CPU-max-physical-add.patch,
  c647bf29-capabilities-Report-number-of-host-CPU-physical-addr.patch,
  1c1a7cdd-qemu-Add-support-for-max-physical-address-size.patch,
  b5f63691-schema-Remove-optional-nesting-in-hostcpu-rng.patch,
  65e8ac6f-schema-Don-t-enforce-ordering-of-hostcpu-capabilitie.patch,
  231af0a0-schema-Add-maxphysaddr-element-to-hostcpu.patch,
  d81ae1f-docs-Fix-missing-slashes-in-the-maxphysaddr-example.patch,
  85aafea4-qemu-Remove-host-passthrough-validation-check-for-ho.patch
  bsc#1199583
wayland
- Update package to version 1.21
  * (see https://jira.suse.com/browse/PED-2423).
- Drop no longer needed patches (merged upstream):
  U_util-Limit-size-of-wl_map.patch and
  U_util-set-errno-when-hitting-WL_MAP_MAX_OBJECTS.patch.
libwebp
- Add 0001-Fix-OOB-write-in-BuildHuffmanTable.patch
  Add 0001-Fix-invalid-incremental-decoding-check.patch:
  [boo#1215231] [CVE-2023-4863]

- Add libwebp-double-free.patch: Avoid a double free, upstream
  commit a486d800 (bsc#1210212 CVE-2023-1999).
libxml2
- Security update:
  * [CVE-2023-45322, bsc#1216129] use-after-free in xmlUnlinkNode()
    in tree.c
  - Added file libxml2-CVE-2023-45322.patch

- Security update:
  * [CVE-2023-39615, bsc#1214768] Crafted xml can cause global
    buffer overflow
  - Added file libxml2-CVE-2023-39615.patch
libyajl
- add libyajl-CVE-2023-33460.patch (CVE-2023-33460, bsc#1212928)
libyui
- NCurses UI: Prevent buffer overflow when drawing very wide labels
  (bsc#1211354)
- 4.3.7

- Qt UI: Fixed loading icons from an absolute path (bsc#1210591)
  https://github.com/libyui/libyui/pull/94
- 4.3.6

- Backported fix for main window stacking order in YQMainWinDock to avoid
  unintentional transparency when QSS-styling YQDialogs
  (bsc#1199020, bsc#1191112)
- 4.3.5

- Force messages from .ui file through our translation mechanism
  (bsc#1198097)
- 4.3.4
zlib
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
  overflow in zipOpenNewFileInZip4_6, bsc#1216378
  * CVE-2023-45853.patch

- Fix deflateBound() before deflateInit(), bsc#1210593
  bsc1210593.patch

- Add DFLTCC support for using inflate() with a small window,
  fixes bsc#1206513
  * bsc1206513.patch
zchunk
- Fix CVE-2023-46228, bsc#1216268
  * Handle overflow errors in malformed zchunk files.
- Added patch:
  * CVE-2023-46228.patch
libzypp
- Preliminary disable 'rpm --runposttrans' usage for chrooted
  systems (bsc#1216091)
  This limits the %transfiletrigger(postun|in) support in the
  default installer if --root is used (as described in bsc#1041742).
  The chrooted execution of the scripts in 'rpm --runposttrans'
  broke in rpm-4.18. It's expected to be fixed in rpm-4.19.
  Then we'll enable the feature again.
- fix comment typo on zypp.conf (boo#1215979)
- version 17.31.22 (22)

- Attempt to delay %transfiletrigger(postun|in) execution if rpm
  supports it (bsc#1041742)
  Decide during installation whether rpm is capable of delayed
  %posttrans %transfiletrigger(postun|in) execution or whether we
  can just handle the packages %posttrans. On TW a delayed
  %transfiletrigger handling is possible since rpm-4.17.
- Make sure the old target is deleted before a new one is created
  (bsc#1203760)
- version 17.31.21 (22)

- Fixup changes for 17.31.16. Remove faulty reference to a bug
  actually fixed in 2019.
- version 17.31.20 (22)

- Fix zypp-tui/output/Out.h to build with clang.
- Fix zypp/Arch.h for clang (fixes #478)
  Clang seems to have issues with picking the overload in
  std::men_fn if there is a static overload of a member function.
  We need to explicitely specify the correct type of the function
  pointer. To make sure this would not break compiling a
  application with clang that builds against libzypp this patch
  works around the problem.
- version 17.31.19 (22)

- SINGLE_RPMTRANS: Respect ZYPP_READONLY_HACK when checking the
  zypp-rpm lock (fixes openSUSE/openSUSE-repos#29)
- version 17.31.18 (22)

- Fix wrong filesize exceeded dl abort in zyppng::Downloader
  (bsc#1213673)
  In some cases when downloading very small files we can run into
  issues when the URL is protected by credentials.
- version 17.31.17 (22)

- Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231)
- Don't cleanup orphaned dirs if read-only mode was promised
  (bsc#1210740)
- version 17.31.16 (22)

- Fix build against protobuf >= 22 (fixes #465, closes #466)
  Port away from protobuf_generate_cpp. Upstream protobuf does not
  export protobuf_generate_cpp by default anymore.
  Use protobuf_generate instead, which is also available on older
  versions.
- Remove SUSE < SLE11 constructs (fixes #464).
- version 17.31.15 (22)

- build: honor libproxy.pc's includedir (bsc#1212222)
- Curl: trim all custom headers (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. So we make
  sure all custom headers are trimmed. This also includes headers
  returned by URL-Resolver plugins.
- version 17.31.14 (22)

- curl: Trim user agent string (bsc#1212187)
  HTTP/2 RFC 9113 forbids fields ending with a space. Violation
  results in curl error: 92: HTTP/2 PROTOCOL_ERROR.
- version 17.31.13 (22)

- Do not unconditionally release a medium if provideFile failed
  (bsc#1211661)
- libzypp.spec.cmake: remove duplicate file listing.
- version 17.31.12 (22)

- MediaCurl: Fix endless loop if wrong credentials are stored in
  credentials.cat (bsc#1210870)
  Since libzypp-17.31.7 wrong credentials stored in credentials.cat
  may lead to an endless loop. Rather than asking for the right
  credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
  (bsc#1208329)
  Maximum time in seconds that you allow the connection phase to
  the server to take. This only limits the connection phase, it has
  no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)

- fix build with boost 1.82

- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
  support.
- version 17.31.10 (22)

- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
  parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
  (boo#1127591)
  Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
  NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
  [#439])
  Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
  CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
shadow
- bsc#1214806 (CVE-2023-4641):
  Fix potential password leak
- Add shadow-CVE-2023-4641.patch

- bsc#1213189: Change lock mechanism to file locking to prevent
  lock files after power interruptions
- Add shadow-4.8.1-lock-mechanism.patch

- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
  Needed for YaST
- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
man
- Use inverted exit status in exec option of find command to
  avoid refreshing man database (boo#1155879)

- Minor corrections on %ghost /var/cache/man
mlocate
- Set umask 0022 before running /usr/bin/updatedb (boo#1209409)

- Remove ProtectKernelModules from systemd unit as it makes files
  inaccessible that are then not visible for locate (bsc#1207884)
mozilla-nspr
- update to version 4.35
  * fixes for building with clang
  * use the number of online processors for the
    PR_GetNumberOfProcessors() API on some platforms
  * fix build on mips+musl libc
  * Add support for the LoongArch 64-bit architecture
nfs-utils
- Add 0032-exportfs-Ingnore-export-failures-in-nfs-server.seriv.patch
  Inconsistencies in /etc/exports shouldn't be fatal.
  (bsc#1212594)

- Add 0030-systemd-use-correct-modprobe-d-directory
  SLE15-SP5 an earlier don't use /usr/lib/modprobe.d
  (bsc#1200710)
- Add 0031-mountd-don-t-advertise-krb5-for-v4root-when-not-conf.patch
  Avoid unhelpful warning if rpcsec_gss_krb5.ko not installed

- Add 0028-mount.nfs-always-include-mountpoint-or-spec-if-error.patch
  boo#1157881
- Add 0029-nfsd.man-fix-typo-in-section-on-scope.patch
  bsc#1209859
- Allow scope to be set in sysconfig: NFSD_SCOPE
openssh
- Add openssh-CVE-2023-38408-PKCS11-execution.patch, Abort if
  requested to load a PKCS#11 provider that isnt a PKCS#11
  provider (bsc#1213504,CVE-2023-38408)

- openssh-7.7p1-fips_checks.patch: close the right filedescriptor
  to avoid fd leads, and also close fdh in read_hmac (bsc#1209536)

- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
  This caused invalid and irrelevant environment assignments (bsc#1207014).
patterns-server-enterprise
- [aarch64] install system with all patterns, nothing provides 'sapconf' when installing pattern ‘sap_server’
  (bsc#1214811)
  The pattern sap_server is only available for x86_64 and ppc64le
perl-Bootloader
- merge gh#openSUSE/perl-bootloader#157
- bootloader_entry script can have an optional 'force-default'
  argument (bsc#1215064)
- skip warning about unsupported options when in compat mode
- 0.945

- merge gh#openSUSE/perl-bootloader#152
- use signed grub EFI binary when updating grub in default EFI
  location (bsc#1210799)
- check whether grub2-install supports --suse-force-signed option
- 0.944

- merge gh#openSUSE/perl-bootloader#147
- UEFI: update also default location, if it is controlled by SUSE
  (bsc#1210799, bsc#1201399)
- 0.943

- merge gh#openSUSE/perl-bootloader#142
- use fw_platform_size to distinguish between 32 bit and 64 bit
  UEFI platforms (bsc#1208003)
- 0.942

- merge gh#openSUSE/perl-bootloader#141
- systemd-boot: easier initial setup
- 0.941

- merge gh#openSUSE/perl-bootloader#140
- add basic support for systemd-boot
- 0.940
perl
- enable TLS cert verification in CPAN [bnc#1210999] [CVE-2023-31484]
  new patch: perl-cpan_verify_cert.diff
psmisc
- Fix version at configure time as there was no .tarball-version
python-azure-core
- Add patch reqs.patch to update the typing-extensions version
  requirement to match spec file in setup.py. (bsc#1213529)

- Update in SLE-15 (bsc#1202088, CVE-2022-30187)

- Lower python-typing_extensions version to 3.10.0.0 in Requires

- New upstream release
  + Version 1.23.1
  + For detailed information about changes see the
    CHANGELOG.md file provided with this package
- Update Requires from setup.py
python-configobj
- Add CVE-2023-26112.patch (bsc#1210070)
python-humanfriendly
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Update to 10.0
  * *Noteworthy changes:**
  * Merged pull request `#45`_ to resolve the issue caused by the conditional
    :pypi:`pyreadline` requirement on Windows not supporting Python 3.9+.
  * Updated the readme to use Python 3 in the example (reported in issue `#56`_).
    Also added a mention of the ``humanfriendly --demo`` command.
  * Removed the ``humanfriendly.compat.unittest`` alias that presumably no-one is
    using at this point; it had been rendered useless quite a long time ago
    (requested in issue `#53`_).
  * *Internal changes:**
  * Merged pull request `#54`_ which migrates the :pypi:`humanfriendly` project
    from Travis CI to GitHub Actions and from Coveralls.io to Codecov.
  * Fixed a deprecation warning concerning ``setup.cfg`` and some Sphinx
    documentation errors.

- Update to 9.2
  Maintenance release:
  * Merged pull request `#46`_ which fixes several :pypi:`flake8` warnings.
  * Merged pull request `#49`_ which marks Python 3.9 support final.
  * Merged pull request `#51`_ which helps to stabilize the test suite.
  * Merged pull request `#52`_ which updates the :mod:`humanfriendly.sphinx`
    module to include Sphinx extension metadata that has become mandatory in a
    recent Sphinx release. After merging the pull request I added additional
    metadata including the version.
- from version 9.1
  * Added :func:`~humanfriendly.compat.on_macos()` function to detect Apple MacOS
    (I need this in an upcoming :pypi:`coloredlogs` release and don't want to have
    to think about how to detect MacOS again in the future 😇).
- from version 9.0
  The major version number was bumped because the bug fix for
  :func:`~humanfriendly.text.pluralize()` is backwards incompatible
  and (even though this seems like very "cosmetic" functionality)
  version numbers are cheap, so who cares 😉.
  * *Bug fixes:**
  * Changed :func:`~humanfriendly.format_number()` to properly support negative
    numbers (as suggested in `issue #40`_).
  * Changed :func:`~humanfriendly.text.pluralize()` to generate "1.5 seconds"
    instead of "1.5 second" (as suggested in `issue #43`_).
  * *Enhancements:**
  * Enhanced :func:`~humanfriendly.text.concatenate()` to support ``conjunction``
    and ``serial_comma`` keyword arguments (as suggested in `issue #30`_).
  * Added :func:`~humanfriendly.text.pluralize_raw()` to select singular or
    plural form without prefixing the count to the text that is returned.
- from version 8.2
  * Added a simple case insensitive dictionary implementation, for details refer to
    the new :mod:`humanfriendly.case` module.

- Fix build without python2

- Update to 8.1
  * Make it possible to opt out of the output capturing that
    :func:`humanfriendly.testing.run_cli()` sets up by default.
  * Improve feature parity between :class:`humanfriendly.testing.CaptureOutput`
    and my :pypi:`capturer` package to the point where most of the
    :pypi:`humanfriendly` test suite can now run without :pypi:`capturer`.
  * Refactored the test suite to import all names separately instead of referring
    to identifiers via their modules (my preferences have changed since this code
    was written a long time ago).
  * Adopt :func:`functools.wraps()` to make decorator functions more robust.
  * Make the :class:`~humanfriendly.terminal.spinners.Spinner` class more
    customizable. The interval at which spinners are updated and the characters
    used to draw the animation of spinners can now be customized by callers.
    This was triggered by `executor issue #2`_.
  * Improve test skipping based on exception types.
  * The "deprecated imports" feature provided by :mod:`humanfriendly.deprecation`
    has been adopted to clean up the maze of (almost but not quite) cyclic import
    dependencies between modules.
  * HTML to ANSI functionality has been extracted to a new
    :mod:`humanfriendly.terminal.html` module.
  * Support for spinners has been extracted to a new
    :mod:`humanfriendly.terminal.spinners` module.
  * The use of positional arguments to initialize
    :class:`~humanfriendly.terminal.spinners.Spinner` objects has been deprecated
    using the new :func:`humanfriendly.deprecation.deprecated_args()` decorator
    function.
  * Added the :func:`humanfriendly.deprecation.deprecated_args()` decorator function
    which makes it easy to switch from positional arguments to keyword arguments
    without dropping backwards compatibility.
  * Accept pluralized disk size units (`#26`_). I'm not claiming this is a full
    solution to the problem, far from it. It does lessen the pain a bit (IMHO).
  * Make sure the selected pager is available before trying to run it. While
    testing :pypi:`humanfriendly` on Windows 10 I noticed that ``humanfriendly
  * -help`` resulted in nothing but a traceback, because :man:`less` wasn't
    available. That's not human friendly at all 😕 (even if it is Windows 😈).
  * Merge pull request `#24`_: Fix bug in :func:`~humanfriendly.parse_length()` that rounded floats.
  * Merge pull request `#32`_: Update hyperlinks in readme.
  * Merge pull request `#33`_: Drop support for Python 2.6 and 3.0-3.4
  * Merge pull request `#35`_: SVG badge in readme.
  * Merge pull request `#36`_: Add support for nanoseconds and microseconds time units
  * Fixed :func:`~humanfriendly.tables.format_rst_table()` omission from
    ``humanfriendly.tables.__all__``.
  * Start testing on Python 3.8 and 3.9-dev.
  * Emit an ANSI reset code when :func:`humanfriendly.terminal.html.HTMLConverter.close()`
  * Added the :func:`humanfriendly.terminal.html_to_ansi()` function which is a
  * Added ``humanfriendly.testing.TestCase.assertRaises()`` enhancements.
  * Define ``humanfriendly.text.__all__``.

- Update to 6.1:
  - Added a :pypy:`...` role for easy linking to packages on the
    Python Package Index, for details refer to
    :func:`humanfriendly.sphinx.pypi_role()`.
  - Wasted quite a bit of time debugging a MacOS failure on
    Travis CI caused by a broken man`pip` installation, fixed by
    using get-pip.py to bootstrap an installation that actually
    works wink.
  - Enable :class:`~humanfriendly.testing.MockedProgram` to
    customize the shell script code of mocked programs. This was
    added to make it easy to mock a program that is expected to
    generate specific output (I'm planning to use this in the
    :pypi:`linux-utils` test suite).
  - Defined __all__ for all public modules that previously lacked
    "export control" and decided to bump the major version number
    as a precaution:
  - These changes should not have any impact on backwards
    compatibility, unless I forgot entries, in which case
    callers can get :exc:`~exceptions.ImportError`
    exceptions...
  - Imports of public modules were previously exported
    (implicitly) and this pollutes code completion suggestions
    which in turn can encourage bad practices (not importing
    things using their "canonical" name).
  - I started developing the humanfriendly package years before
    I learned about the value of defining __all__ and so some
    modules lacked a definition until now. I decided that now
    was as good a time as any to add those definitions
    innocent.
  - Simplified the headings in docs/api.rst so that only the
    module names remain. This was done because Sphinx doesn't
    support nested links in HTML output and thus generated really
    weird "Table of Contents" listings.
  - Fixed the reStructuredText references in the documentation of
    :func:`~humanfriendly.prompts.prompt_for_choice()`. This
    function is imported from :mod:`humanfriendly.prompts` to
    :mod:`humanfriendly` (for backwards compatibility) where it
    can't use relative references to refer to the other functions
    in the :mod:`humanfriendly.prompts` module.
  - Embedded quite a few Python API references into recent
    changelog entries, just because I could (I heart what
    hyperlinks can do for the usability of technical
    documentation, it gives a lot more context).
  - Added custom :man:`...` role for easy linking to Linux manual
    pages to the :mod:`humanfriendly.sphinx` module.
  - Changed rendering of pretty tables to expand tab characters
    to spaces: Until now pretty tables did not take the variable
    width of tab characters into account which resulted in tables
    whose "line drawing characters" were visually misaligned.
    Tabs are now expanded to spaces using str.expandtabs().
  - Stop testing on Python 2.6 and drop official support. The
    world (including Travis CI) has moved on and preserving
    Python 2.6 compatibility was clearly starting to drag the
    project down...
  - I decided to bump the major version number because each of
    these changes can be considered backwards incompatible in one
    way or another and version numbers are cheap anyway so there
    stuck_out_tongue.

- Require full python stack for sqlite module

- Simplify the multibuild conditioning and name creation

- Update to 4.18:
  * Added humanfriendly.text.generate_slug() function.
  * Fixed "invalid escape sequence" DeprecationWarning (pointed out by Python >= 3.6).

- Update to 4.17:
  * compatibility with python 3.7
python-jsondiff
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Update to version 1.3.0
  * Update README.rst
  * Add license to setup.py
  * Upating travis config to explicitly set ubuntu versions to use
    for each python version.
  * Fix long list diffing bug by converting recursive code to iterative.
  * Add failing test for list-diff recursion error bug
- Refresh patches for new version
  * remove_nose.patch
- Switch Source field to point to Github tarball URL
  * The tarball from PyPi does not contain the tests
python-knack
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Update to version 0.9.0
  * Support Python 3.10 (#250)
  * Only install colorama on Windows (#249)
- Update BuildRequires and Requires from setup.py

- Update to version 0.8.2
  * Always use UTF-8 for log file encoding (#247)
- from version 0.8.1
  * Add error message for invalid argument value (#244)
- Remove temporary version override

- Update to version 0.8.0
  * Make colors customizable (#242)
  * Init colorama only in Windows legacy terminal (#238)
  * Add `raw_result` to `CommandResultItem` (#235)
  * Refine code style to comply with Python 3 (#232, #233)
  * CI: Support Python 3.9 (#229)
  * Logging: `CLILogging.configure` returns as early as possible (#228)
- Override upstream version with 0.8.0.0 to ensure
  proper upgrade from previous version 0.8.0rc2
- Update BuildRequires and Requires from setup.py

- Update to version 0.8.0rc2
  * Support multiple cli loggers by adding more logger names to
    `knack.log.cli_logger_names` list (#227)
- from version 0.8.0rc1
  * Make config item names case-insensitive (#220)
  * `get_logger` uses `module_name` directly and no
    longer adds `cli` prefix (#221)
  * `CLILogging` accepts a custom `cli_logger_name` (#221)
  * Support ppc64le arch in Travis CI (#222)
  * Allow customizing tag message (#223)
  * Add `EVENT_CLI_SUCCESSFUL_EXECUTE` (#224)
python-packaging
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Add patch to fix testsuite on big-endian targets
  + fix-big-endian-build.patch

- Ignore python3.6.2 since the test doesn't support it.

- update to 21.3:
  * Add a pp3-none-any tag (gh#pypa/packaging#311)
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
    (gh#pypa/packaging#481), (gh#pypa/packaging#486)
  * Fix a spelling mistake (gh#pypa/packaging#479)

- update to 21.2:
  * Update documentation entry for 21.1.
  * Update pin to pyparsing to exclude 3.0.0.
  * PEP 656: musllinux support
  * Drop support for Python 2.7, Python 3.4 and Python 3.5.
  * Replace distutils usage with sysconfig
  * Add support for zip files in ``parse_sdist_filename``
  * Use cached ``_hash`` attribute to short-circuit tag equality comparisons
  * Specify the default value for the ``specifier`` argument to ``SpecifierSet``
  * Proper keyword-only "warn" argument in packaging.tags
  * Correctly remove prerelease suffixes from ~= check
  * Fix type hints for ``Version.post`` and ``Version.dev``
  * Use typing alias ``UnparsedVersion``
  * Improve type inference for ``packaging.specifiers.filter()``
  * Tighten the return type of ``canonicalize_version()``

- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch

- add no-legacyversion-warning.patch to restore compatibility with 20.4

- update to 20.9:
  * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
  * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
  * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``

- update to 20.8:
  * Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
  * Do not insert an underscore in wheel tags when the interpreter version number
    is more than 2 digits (:issue:`372`)
  * Fix flit configuration, to include LICENSE files (:issue:`357`)
  * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
  * Add some missing type hints to `packaging.requirements` (issue:`350`)
  * Officially support Python 3.9 (:issue:`343`)
  * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
  * Handle ``OSError`` on non-dynamic executables when attempting to resolve
    the glibc version string.

- update to 20.4:
  * Canonicalize version before comparing specifiers. (:issue:`282`)
  * Change type hint for ``canonicalize_name`` to return
  ``packaging.utils.NormalizedName``.
  This enables the use of static typing tools (like mypy) to detect mixing of
  normalized and un-normalized names.
python-psutil
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Fix tests: setuptools changed the builddir library path and does
  not find the module from it. Use the installed platlib instead
  and exclude psutil.tests only later.
- Refresh skip-obs.patch
python-pyasn1
- To avoid users of this package having to recompile bytecode
  files, change the mtime of any __init__.py. (bsc#1207805)
python-requests
- Add CVE-2023-32681.patch to fix unintended leak of
  Proxy-Authorization header (CVE-2023-32681, bsc#1211674)
  Upstream commit: gh#psf/requests@74ea7cf7a6a2

- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Don't pin idna<3 in the egg-info so that depending packages
  can install the new idna dropping python2

- update to 2.25.1:
  - Requests now treats `application/json` as `utf8` by default. Resolving
  inconsistencies between `r.text` and `r.json` output. (#5673)

- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)

- update to 2.25.0:
  * Added support for NETRC environment variable. (#5643)
  * Requests now supports urllib3 v1.26.
  * Requests v2.25.x will be the last release series with support for Python 3.5.
- refreshed requests-no-hardcoded-version.patch
python-rpm
- build for all python modules (jsc#PED-68, jsc#PED-1988)
salt
- Randomize pre_flight_script path (CVE-2023-34049 bsc#1215157)
- Allow all primitive grain types for autosign_grains (bsc#1214477)
- Added:
  * allow-all-primitive-grain-types-for-autosign_grains-.patch
  * fix-cve-2023-34049-bsc-1215157.patch

- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
  on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Added:
  * improve-salt.utils.json.find_json-bsc-1213293.patch
  * only-call-native_str-on-curl_debug-message-in-tornad.patch
  * fix-optimization_order-opt-to-prevent-test-fails.patch
  * use-salt-call-from-salt-bundle-with-transactional_up.patch
  * implement-the-calling-for-batch-async-from-the-salt-.patch
  * fix-calculation-of-sls-context-vars-when-trailing-do.patch

- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Added:
  * write-salt-version-before-building-when-using-with-s.patch

- Revert usage of long running REQ channel to prevent possible
  missing responses on requests and dublicated responses
  (bsc#1213960, bsc#1213630, bsc#1213257)
- Fix gitfs cachedir basename to avoid hash collisions
  (bsc#1193948, bsc#1214797, CVE-2023-20898)
- Added:
  * fixed-gitfs-cachedir_basename-to-avoid-hash-collisio.patch
  * revert-usage-of-long-running-req-channel-bsc-1213960.patch

- Make sure configured user is properly set by Salt (bsc#1210994)
- Do not fail on bad message pack message (bsc#1213441, CVE-2023-20897)
- Fix broken tests to make them running in the testsuite
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Create minion_id with reproducible mtime
- Fix detection of Salt codename by "salt_version" execution module
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix zypper repositories always being reconfigured
- Fix utf8 handling in 'pass' renderer and make it more robust
- Added:
  * fix-tests-to-make-them-running-with-salt-testsuite.patch
  * zypper-pkgrepo-alreadyconfigured-585.patch
  * fix-regression-multiple-values-for-keyword-argument-.patch
  * mark-salt-3006-as-released-586.patch
  * fix-utf8-handling-in-pass-renderer-and-make-it-more-.patch
  * do-not-fail-on-bad-message-pack-message-bsc-1213441-.patch
  * prevent-possible-exceptions-on-salt.utils.user.get_g.patch
  * make-sure-configured-user-is-properly-set-by-salt-bs.patch
  * fix-the-regression-of-user.present-state-when-group-.patch

- Prevent _pygit2.GitError: error loading known_hosts when $HOME is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
- tornado: Fix an open redirect in StaticFileHandler (CVE-2023-28370, bsc#1211741)
- Added:
  * 3006.0-prevent-_pygit2.giterror-error-loading-known_.patch
  * tornado-fix-an-open-redirect-in-staticfilehandler-cv.patch
  * fix-some-issues-detected-in-salt-support-cli-module-.patch

- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516) (bsc#1212517)
- Added:
  * make-master_tops-compatible-with-salt-3000-and-older.patch

- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Added:
  * define-__virtualname__-for-transactional_update-modu.patch

- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Added:
  * avoid-conflicts-with-dependencies-versions-bsc-12116.patch

- Update to Salt release version 3006.0 (jsc#PED-4360)
  * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for "importlib-metadata>=5.0.0" (bsc#1207071)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Added:
  * 3005.1-implement-zypper-removeptf-573.patch
  * control-the-collection-of-lvm-grains-via-config.patch
  * fix-version-detection-and-avoid-building-and-testing.patch
  * make-sure-the-file-client-is-destroyed-upon-used.patch
  * skip-package-names-without-colon-bsc-1208691-578.patch
  * use-rlock-to-avoid-deadlocks-in-salt-ssh.patch
- Modified:
  * activate-all-beacons-sources-config-pillar-grains.patch
  * add-custom-suse-capabilities-as-grains.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-migrated-state-and-gpg-key-management-functions-.patch
  * add-publish_batch-to-clearfuncs-exposed-methods.patch
  * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch
  * add-sleep-on-exception-handling-on-minion-connection.patch
  * add-standalone-configuration-file-for-enabling-packa.patch
  * add-support-for-gpgautoimport-539.patch
  * allow-vendor-change-option-with-zypper.patch
  * async-batch-implementation.patch
  * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch
  * bsc-1176024-fix-file-directory-user-and-group-owners.patch
  * change-the-delimeters-to-prevent-possible-tracebacks.patch
  * debian-info_installed-compatibility-50453.patch
  * dnfnotify-pkgset-plugin-implementation-3002.2-450.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * don-t-use-shell-sbin-nologin-in-requisites.patch
  * drop-serial-from-event.unpack-in-cli.batch_async.patch
  * early-feature-support-config.patch
  * enable-passing-a-unix_socket-for-mysql-returners-bsc.patch
  * enhance-openscap-module-add-xccdf_eval-call-386.patch
  * fix-bsc-1065792.patch
  * fix-for-suse-expanded-support-detection.patch
  * fix-issue-2068-test.patch
  * fix-missing-minion-returns-in-batch-mode-360.patch
  * fix-ownership-of-salt-thin-directory-when-using-the-.patch
  * fix-regression-with-depending-client.ssh-on-psutil-b.patch
  * fix-salt-ssh-opts-poisoning-bsc-1197637-3004-501.patch
  * fix-salt.utils.stringutils.to_str-calls-to-make-it-w.patch
  * fix-the-regression-for-yumnotify-plugin-456.patch
  * fix-traceback.print_exc-calls-for-test_pip_state-432.patch
  * fixes-for-python-3.10-502.patch
  * include-aliases-in-the-fqdns-grains.patch
  * info_installed-works-without-status-attr-now.patch
  * let-salt-ssh-use-platform-python-binary-in-rhel8-191.patch
  * make-aptpkg.list_repos-compatible-on-enabled-disable.patch
  * make-setup.py-script-to-not-require-setuptools-9.1.patch
  * pass-the-context-to-pillar-ext-modules.patch
  * prevent-affection-of-ssh.opts-with-lazyloader-bsc-11.patch
  * prevent-pkg-plugins-errors-on-missing-cookie-path-bs.patch
  * prevent-shell-injection-via-pre_flight_script_args-4.patch
  * read-repo-info-without-using-interpolation-bsc-11356.patch
  * restore-default-behaviour-of-pkg-list-return.patch
  * return-the-expected-powerpc-os-arch-bsc-1117995.patch
  * revert-fixing-a-use-case-when-multiple-inotify-beaco.patch
  * run-salt-api-as-user-salt-bsc-1064520.patch
  * run-salt-master-as-dedicated-salt-user.patch
  * save-log-to-logfile-with-docker.build.patch
  * switch-firewalld-state-to-use-change_interface.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
  * update-target-fix-for-salt-ssh-to-process-targets-li.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * use-salt-bundle-in-dockermod.patch
  * x509-fixes-111.patch
  * zypperpkg-ignore-retcode-104-for-search-bsc-1176697-.patch
- Removed:
  * 3003.3-do-not-consider-skipped-targets-as-failed-for.patch
  * 3003.3-postgresql-json-support-in-pillar-423.patch
  * add-amazon-ec2-detection-for-virtual-grains-bsc-1195.patch
  * add-missing-ansible-module-functions-to-whitelist-in.patch
  * add-rpm_vercmp-python-library-for-version-comparison.patch
  * add-support-for-name-pkgs-and-diff_attr-parameters-t.patch
  * adds-explicit-type-cast-for-port.patch
  * align-amazon-ec2-nitro-grains-with-upstream-pr-bsc-1.patch
  * backport-syndic-auth-fixes.patch
  * batch.py-avoid-exception-when-minion-does-not-respon.patch
  * check-if-dpkgnotify-is-executable-bsc-1186674-376.patch
  * clarify-pkg.installed-pkg_verify-documentation.patch
  * detect-module.run-syntax.patch
  * do-not-crash-when-unexpected-cmd-output-at-listing-p.patch
  * enhance-logging-when-inotify-beacon-is-missing-pyino.patch
  * fix-62092-catch-zmq.error.zmqerror-to-set-hwm-for-zm.patch
  * fix-crash-when-calling-manage.not_alive-runners.patch
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
  * fix-exception-in-yumpkg.remove-for-not-installed-pac.patch
  * fix-for-cve-2022-22967-bsc-1200566.patch
  * fix-inspector-module-export-function-bsc-1097531-481.patch
  * fix-ip6_interface-grain-to-not-leak-secondary-ipv4-a.patch
  * fix-issues-with-salt-ssh-s-extra-filerefs.patch
  * fix-jinja2-contextfuntion-base-on-version-bsc-119874.patch
  * fix-multiple-security-issues-bsc-1197417.patch
  * fix-salt-call-event.send-call-with-grains-and-pillar.patch
  * fix-salt.states.file.managed-for-follow_symlinks-tru.patch
  * fix-state.apply-in-test-mode-with-file-state-module-.patch
  * fix-test_ipc-unit-tests.patch
  * fix-the-regression-in-schedule-module-releasded-in-3.patch
  * fix-wrong-test_mod_del_repo_multiline_values-test-af.patch
  * fixes-56144-to-enable-hotadd-profile-support.patch
  * fopen-workaround-bad-buffering-for-binary-mode-563.patch
  * force-zyppnotify-to-prefer-packages.db-than-packages.patch
  * ignore-erros-on-reading-license-files-with-dpkg_lowp.patch
  * ignore-extend-declarations-from-excluded-sls-files.patch
  * ignore-non-utf8-characters-while-reading-files-with-.patch
  * implementation-of-held-unheld-functions-for-state-pk.patch
  * implementation-of-suse_ip-execution-module-bsc-10999.patch
  * improvements-on-ansiblegate-module-354.patch
  * include-stdout-in-error-message-for-zypperpkg-559.patch
  * make-pass-renderer-configurable-other-fixes-532.patch
  * make-sure-saltcacheloader-use-correct-fileclient-519.patch
  * mock-ip_addrs-in-utils-minions.py-unit-test-443.patch
  * normalize-package-names-once-with-pkg.installed-remo.patch
  * notify-beacon-for-debian-ubuntu-systems-347.patch
  * refactor-and-improvements-for-transactional-updates-.patch
  * retry-if-rpm-lock-is-temporarily-unavailable-547.patch
  * set-default-target-for-pip-from-venv_pip_target-envi.patch
  * state.apply-don-t-check-for-cached-pillar-errors.patch
  * state.orchestrate_single-does-not-pass-pillar-none-4.patch
  * support-transactional-systems-microos.patch
  * wipe-notify_socket-from-env-in-cmdmod-bsc-1193357-30.patch
python-urllib3
- Add CVE-2023-45803.patch (bsc#1216377, CVE-2023-45803)
  gh#urllib3/urllib3@4e98d57809da

- Add CVE-2023-43804.patch (bsc#1215968, CVE-2023-43804)
  gh#urllib3/urllib3#3139
  * Added the Cookie header to the list of headers to strip from
    requests when redirecting to a different host. As before,
    different headers can be set via Retry.remove_headers_on_redirect.
python-websocket-client
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)

- Remove version requirements for python-Sphinx and python-sphinx_rtd_theme dependencies

- Revert change to use libalternative which does not work on SLE-15
- Revert change to use %pyunittest which does not work on SLE-15

- Update to version 1.3.2
  * Add support for pre-initialized stream socket in new WebSocketApp (#804)
  * Remove rel.saferead() in examples (f0bf03d)
  * Increase scope of linting checks (dca4022)
  * Start adding type hints (a8a4099)
- from version 1.3.1
  * Fix 10 year old bug and improve dispatcher handling
    for run_forever (#795)
  * Fix run_forever to never return None, only
    return True or False, and add two tests (#788)
  * Remove Python 3.6 support, EOL in Dec 2021
- from version 1.3.0
  * BREAKING: Set Origin header to use https:// scheme
    when wss:// WebSocket URL is passed (#787)
  * Replace deprecated/broken WebSocket URLs with working ones (6ad5197)
  * Add documentation referencing rel for automatic
    reconnection with run_forever()
  * Add missing opcodes 1012, 1013 (#771)
  * Add errno.ENETUNREACH to improve error handling (da1b050)
  * Minor documentation improvements and typo fixes
- from version 1.2.3
  * Fix broken run_forever() functionality (#769)
- from version 1.2.2
  * Migrate wsdump script in setup.py from scripts to newer entry_points (#763)
  * Add support for ssl.SSLContext for arbitrary SSL parameters (#762)
  * Remove keep_running variable (#752)
  * Remove HAVE_CONTEXT_CHECK_HOSTNAME variable (dac1692)
  * Replace deprecated ssl.PROTOCOL_TLS with ssl.PROTOCOL_TLS_CLIENT (#760)
  * Simplify code and improve Python 3 support (#751, #750, #746)
  * Fill default license template fields (#748)
  * Update CI tests
  * Improve documentation (#732, #733, #734, #737, #766, #768)
- from version 1.2.1
  * Fix python-socks dependency issue mentioned in #728
  * Replace echo.websocket.org with a local websockets
    echo server for unit tests (4951de2)
- from version 1.2.0
  * Fix #697, #665: Transition from LGPL 2.1 license to Apache 2.0 license
  * Revert #417 and reimplement SOCKS proxy support with
    python-socks instead of PySocks (fbcbd43)
- from version 1.1.1
  * Fix #377: increase exception verbosity in _app.py callback exception
  * Fix #717: race condition during connection close
  * Fix #722: improve handling where credentials include symbols like @
  * Fix #711: improve handling if ssl is None
- from version 1.1.0
  * Set enable_multithread to True by default (beb135a)
  * Performance improvement in _mask() function (287970e, #433)
  * Performance improvement in recv_strict() function (60e4711, #255)
  * Performance improvement by removing numpy-related code (a462d45)
  * Support uppercase no_proxy, http_proxy, https_proxy env vars (150df4f, #700)
  * Add sslopt 'server_hostname' support (#698)
  * Replace deprecated ssl.PROTOCOL_SSLv23 with ssl.PROTOCOL_TLS (494564f)
  * Update documentation, README (7c9d604, #704)
- from version 1.0.1
  * Fix exception handling bug #694
- from version 1.0.0
  * Removed Python 2 code, now only Python 3 compatible (d45343b, b7c5733, ff67af8)
  * Use semver for release versions, unlike breaking release 0.58.0 (#669)
  * Enhance enableTrace output (13e83b4)
  * Improve unit tests to over 80% code coverage (1679ab0, a00dd2d, etc.)
  * Fix old _app.py close status code bug (resulted in on_close() requiring 3 args) (#686)
  * Replace select import with selectors (#568)
- from version 0.59.0
  * Last main release to support Python 2
  * Fix Python 2 urlparse scheme (#332)
  * Add support for headers with multiple values (#627)
  * Add debug support for reserved custom status codes (#639)
  * Allow multiple Set-Cookie: headers (#649)
  * Simplified cookie sorting (#662)
  * Add no_proxy support (#671)
  * Add Host header to HTTP proxy request (#677)
  * Improve PEP8 style compliance (dc3f5c4)
- Drop support for Python2 which was removed upstream
- Rename README.rst to README.md in %files section

- Use libalternatives instead of update-alternatives.

- remove RHEL 7 compatibility from specfile
- update to version 0.58.0:
  - fix callback
  - Capitalize default connection header
  - Fix None.lower() when sec-websocket-protocol response header does notexist
  - Fix for #516
  - Tweak Python 3.4 build settings
  - fix callback
  - Fix None.lower() when sec-websocket-protocol response header doesn't exist
  - Create README.md and fix minor typo (both from existing pull requests)
  - Fix _handshake.py error where subproto is None
  - fix documentation: create_connection, settimeout
  - Capitalize default connection header
  - Edit README.md for clarification and to add missing material from parent repo
  - Fix minor typo - getdefauttimeout to getdefaulttimeout
  - Remove README text copied from fork that is not applicable
  - Add support for Python 3.8 and 3.9 (#596)
  - Fix a few minor typo/misspellings (#659)
  - Add pip command to README for 2nd dependency
  - Improve README code example formatting
  - Use thread.is_alive() to replace deprecated thread.isAlive() (#594)
  - Add first draft of Sphinx documentation
  - Edit README.md to include docs links and badges
  - Replace README.md FAQ with link to documentation FAQ page
  - Add acknowledgements section to README.md
  - Add detail to Autobahn testing README (still needs improvement)
  - Add autobahn test report and additional test instructions
  - Add sample connection code to example docs page
  - Fixes #631
  - Improve documentation, mostly new examples but some code comment upgrades
  - Add suppress origin example to documentation
  - Add FAQ advice to ping server
  - 'ping_interval' should be less than 'ping_timeout' (#611)
  - Allow optional, not mandatory, argument for pong() in WebSocket
  - Add basic ping/pong and HTTP proxy documentation and examples
  - Properly revert _app.py callback to state before PR #442 (previously only partially reverted)
  - Add timeout examples to documentation
  - Edit documentation to clarify timeout can be int or float (#654)
  - Reshuffle and enhance documentation
  - Fix #526 by reverting invalid BSD license migration in commit e94ed9e to return to LGPL2.1
  - Fix #526 by reverting invalid BSD license migration in commit e94ed9e to return to LGPL2.1
  - Fix #546 by removing comments introduced by PR #513
  - Update contribution guidelines
  - Revert PR #611
  - Replace deprecated assertEquals() with assertEqual()
  - The plural 'assertEquals()' is deprecated in Python 3 and triggers a warning
  - during CI:
  - https://docs.python.org/3/library/unittest.html#deprecated-aliases
regionServiceClientConfigAzure
- Update to version 2.0.1 (bsc#1217537)
  + Replacing 104.45.31.195.pem 191.237.254.253.pem certs
    expiring in 8 years and new length of 4096
    These certs will replace the current certs that
    expire soon
release-notes-sles-for-sap
- 15.4.20230818 (tracked in bsc#933411)
- Fixed ESPOS wording (bsc#1208489)
- Added note about silencing killmode=none (jsc#PED-407)
- Fixed kernel version to 5.14 (jsc#DOCTEAM-908)
rsyslog
- fix rsyslog crash in imrelp (bsc#1210286)
  * add: 0001-Avoid-crash-on-restart-in-imrelp-SIGTTIN-handler.patch

-patches replaced by upgrade (see details in upgrade logs below)
  0001-fixing-the-deleteStateOnFileDelete-option.patch
  0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
  0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
  0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
  0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
  CVE-2022-24903.patch
- Upgrade to rsyslog 8.2306.0 (jsc#PED-4883)
  * 2023-06-09: mmnormalize bugfix: if msg cannot be parsed, parser chain is stopped
  * 2023-06-08: Add new global config option "libcapng.default"
  * 2023-06-08: imjournal: Add FileCreateMode module parameter
  * 2023-04-17: core bugfix: potential segfault on busy systems
  * 2023-05-11: GNUTls Driver: Fix memory leaks in gtlsInitCred
  * 2023-05-24: CI: update base ubuntu image for github actions
  * 2023-05-16: OMHIREDIS::ADDED:: New support for 'stream' mode
  * 2023-05-17: OMHIREDIS::ADDED:: new tests for existing functionalities
  * 2023-04-25: OMHIREDIS::FIXED:: Correctly suspend module in case of failure
  * 2023-05-17: OMHIREDIS::FIXED:: Synchronously try to authenticate
  * 2023-04-25: IMHIREDIS::ADDED:: New support for 'stream' mode
  * 2023-04-25: REDIS::ADDED:: Implement tests for imhiredis module
  * 2023-04-12: IMHIREDIS::CLEAN:: various improvements and fixes
    [#]## CHANGED
  - [IMHIREDIS] factorize code for different modes
  - [IMHIREDIS] Clean and improve logging lines
  - [IMHIREDIS] Poll extinction state less frequently for main thread (less aggresive)
  - [IMHIREDIS] Set 'key' action parameter to REQUIRED
  - [IMHIREDIS] Use known message length instead of calculating it when
    enqueuing message
    [#]## ADDED
  - [IMHIREDIS] Missing redis replies' types in enumeration
    [#]## FIXED
  - [IMHIREDIS] Correctly initialize instance object, especially for redisNodesList
  - [IMHIREDIS] Correctly print input mode's value in logs when set incorrectly
  * 2023-05-17: tests: mmexternal-SegFault-empty-jroot-vg.sh: fix typo
  * 2023-03-21: modify testbench test to detect wrong imptcp truncation
  * 2023-03-21: imptcp bugfix: spam log on oversize message
  * 2023-03-23: core/bugfix: using $uuid msg prop can deadlock rsyslog on shutdown
  * 2023-03-13: Remove halted LGTM badges on README
  * 2023-02-16: Do not preserve capabilities when changing credentials
  * 2023-01-23: CI/QA: do compile test both with NDEBUG set/unset
  * 2023-01-23: Fixed wrong type conversion in cstrLen() for debug mode as well
  * 2023-01-18: core/template: implement negative position.to
  * 2023-01-18: CI: fix github CodeQL settings
  * 2023-01-17: Remove CAP_DAC_OVERRIDE if privileges dropped
  * 2023-01-17: Adjust the capability set
  * 2023-01-13: substring function: enhancement and hardening
  * 2023-01-11: omfile: add action parameters "rotation.*"
  * 2023-01-11: CI: use newer version of zookeeper
  * 2023-01-09: ffaup fix : memory corruption with concurrent workers
  * 2023-01-02: openssl: fix undefined reference to CRYPTO_set_id_callback
  * 2022-12-30: testbench: add test for invalid json template generation
  * 2022-12-30: core bugfix: template system may generate invalid json
  * 2022-12-28: Fixed wrong type conversion in cstrLen()
  * 2022-12-08: Add CodeQL workflow for GitHub code scanning
- Upgrade to rsyslog 8.2212.0
  * 2022-12-05: testbench: make python http server based tests more reliable
  * 2022-12-05: omprog bugfix: invalid status handling at called program startup
  * 2022-11-29: testbench bugfix: wrong message injection object of instance 1
  * 2022-11-21: rsyslog.conf man page bugfix: description of selectors
  * 2022-11-18: imtcp bugfix: legacy config directives did no longer work
  - replaces 0002-imtcp-bugfix-legacy-config-directives-did-no-longer-.patch
  * 2022-11-16: ksi bugfix: sending of too many signing requests fixed.
  * 2022-11-14: bugfix: prevent potential segfault when switchung to queue emergency mode
  * 2022-11-02: imjournal: add second fallback to _COMM
  * 2022-10-25: core bugfix: local hostname invalid if no global() config object given
  * 2022-10-25: testbench bugfix: fixed timing issue that sometimes lead to test failure
- Upgrade to rsyslog 8.2208.0
  * 2022-08-09: ksi bugfix: request cache size and send timeout issue fixed.
  * 2022-08-09: imjournal bugfix: segmentation fault in close journal
  * 2022-08-09: net subsystem: support sha256 for StreamDriverAuthMode="x509/fingerprint"
  * 2022-08-05: imfile bugfix: message loss/duplication when monitored file is rotated
  * 2022-08-05: ksi bugfix: optimize processing of signer queue to fix delays.
  * 2022-08-04: ksi bugfix: possible crash fixed when several log files are opened.
  * 2022-08-04: openssl: add support to split tls commands by semicolon
  * 2022-08-04: openssl subsystem bugfix: build issue on Solaris
  * 2022-08-04: openssl: add more details to error messages
  * 2022-08-04: omclickhouse: capture additional exceptions
  * 2022-08-04: mmanon bugfix: Simplified and fixed IPv4 digit detection.
  * 2022-07-21: imptcp: slight tuning
  * 2022-07-20: template procesing/json: performance optimization
  * 2022-07-19: core bugfix: memory leak when free action worker data table
  * 2022-07-13: omfile: support for zstd compression
  * 2022-07-07: stream cleanup: move error message to debug log, only
  * 2022-07-04: mmdblookup bugfix: Don't crash Rsyslog on mmdb file errors
  * 2022-06-28: build error fix: libbson requires out-of-date language constructs
  * 2022-06-27: OpenSSL: fix depreacted API issues for OpenSSL 3.x
- Upgrade to rsyslog 8.2206.0
  * 2022-05-25: omelastisearch: allow omitting _type field
  * 2022-05-18: tcpsrv/imtcp: slight performance improvements
  * 2022-05-12: imptcp bugfix: worker thread starvation on extreme traffic
  * 2022-05-11: omelasticsearch: several support option for ElasticSearch 8
  - config params searchIndex and documentType can be empty
  - support for Data Stream API
  - new config param esVersion.major
  * 2022-05-09: tcp receiver bugfix: delay/potential hang on some error conditions
  * 2022-05-05: net bugfix: potential buffer overrun
  - replaces CVE-2022-24903.patch
    Advisory:
    https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8#advisory-comment-72243
  * 2022-05-05: imptcp: set OS worker thread name
  * 2022-04-26: mmanon bugfix: shortened IPv6 form not always anonymized
  * 2022-04-22: mmdblookup fix: wrong copy of buffer
  * 2022-04-22: mmdblookup: several enhancements
  - support arrays in MMDB entry
  - support escaped quotes '"' in MMDB entry
  - support '<' characters in MMDB entry, when in a field
  - support '}' characters in MMDB entry, when in a field
- Upgrade to rsyslog 8.2204.0
  * 2022-04-18: gnutls bugfix: possibility of infinite loop
  * 2022-04-17: core/bugfix: errorfile could grow over max configures size
  * 2022-04-17: omkafka bugfix: potential misadressing
  * 2022-04-06: added new "FullJSONFmt" standard template (with addtl fields)
  * 2022-04-04: imfile: potential processing delay
  * 2022-04-04: bugfix: cosmetic data races
  * 2022-04-01: add property options to support ISO week/year number
  * 2022-04-01: core bugfix: "action suspended" message was emitted even when turned off
  * 2022-03-31: testbench: add more tests for rscript comparison operations
  * 2022-03-31: core bugfix: make internal logs emitted during HUP procesing appear quicker
  * 2022-03-20: refactor: Move the parser directive to the main config
  * 2022-03-16: refactor: ake the main message queue part of the config
  * regression bugfix: rsyslog may segfault during startup
  * regression fix: script string comparison did not work correctly
- Upgrade to rsyslog 8.2202.0
  * 2022-02-11: Make action counter part of the config
  * 2022-02-09: imfile: Remove inotify watch descriptor on inode change detected
  - replaces 0001-imfile-Remove-inotify-watch-descriptor-on-inode-chan.patch
  * 2022-02-03: omelasticsearch: Fix indexSuccess impstats counter in bulkmode
  * 2022-01-28: rscript: literal numbers were not compared correctly
  * 2022-01-17: ompgsql: PGsslInUse not supported on old distros
  * 2021-12-31: ompgsql: allow connection params via connection string
  * 2022-01-17: CI: remove fedora 33 based testing
  * 2022-01-14: Terminate all tcpsrv threads properly
  * 2022-01-04: Move timezone specific variables to rsconf
  * 2022-01-13: Fixes #4395 by correctly checking for EPIPE.
  * 2022-01-12: Move rsyslog global parameters to rsconf_t struct
  * 2022-01-12: cleanup: remove unused variable
  * 2022-01-07: CI: cleanup journal test environment
  * 2022-01-06: CI: remove unnecessary dependency
  * 2022-01-05: Update omlibdbi.c
  * 2022-01-05: omhttp: Fix memory leak in lokirest batchmode
  * 2021-12-15: Clarify meaning of loadConf and RunConf
- Upgrade to rsyslog 8.2112.0
  * 2021-12-14: refactor:Deallocate outchannel resources in rsconf destructor
  * 2021-12-14: refactor: use runConf instead of loadConf in ratelimiting during runtime
  * 2021-11-22: new contribtion: URL parser module function using libfa
  * 2021-11-18: mmanon: relax IPv6 detection - improve anonymization
  * 2021-11-10: ruleset bugfix: ruleset queue was incorrectly named
  * 2021-11-10: omsnmp: update module to current IP best practices
  * 2021-10-27: ommysql: fix threading bug
  * 2021-10-25: testbench: false positive when impstats was not built
  * 2021-10-25: imtcp: add support for permittedPeers setting at input() level
  * 2021-10-25: testbench: add test for legacy permittedPeer statement
  - replaces 0001-testbench-add-test-for-legacy-permittedPeer-statemen.patch
- Upgrade to rsyslog 8.2110.0:
  * 2021-10-13: PrivDropToUser: fix abortOnIDResolutionFail handling #2
  * 2021-10-12: PrivDropToUser: fix abortOnIDResolutionFail handling
  * 2021-09-17: rscript fix: ruleset called async when ruleset had queue.type="direct"
  * 2021-10-07: tcpsrv: fix compilation without exceptions
  * 2021-09-29: build issue: handle undefined MAXPATHLEN, PATH_MAX
  * 2021-10-06: Fix typo in error message.
  * 2021-09-21: mmkubernetes bugfix: no connection retry to kubernetes APP
  * 2021-09-13: use correct api for es 6 and later
  * 2021-09-20: openssl: Correct gnutlsPriorityString (custom ciphers) behaviour
  * 2021-09-20: ksi bugfix: locking bug fixed in rsksiCtxOpenFile
  * 2021-09-13: Fix ElasticSearch Test broken by ES incompatibility
  * 2020-11-21: imhttp updates - query parameter ingestion & basic auth support
  * 2021-09-08: openssl: extended output information on connection failure
  * 2021-09-02: queue: Add NULL check in qDeqLinkedList
  - replaces 0001-queue-Add-NULL-check-in-qDeqLinkedList.patch
  * 2021-09-06: core bugfix: use of property $wday terminates string
  * 2021-09-02: gnutls: Propagate PrioritizeSAN when accepting a new connection
  * 2021-08-24: ratelimit: fix rate limiting for already parsed messages
  * 2021-08-23: config: implement script-equavalent for $PrivDrop* statements
- Upgrade to rsyslog 8.2108.0:
  * 2021-08-16: openssl tls: Improved error message output on tls failures.
  * 2021-07-01: imfile add `ignoreolderthanoption`
  * 2021-08-10: imklog: fix invalid memory adressing, could cause abort
  * 2021-08-09: omelasticsearch: fix incorrect mutex error handling regression
  * 2021-08-09: imfile bugfix: hash char invalidly added in readmode != 0
  * 2021-08-08: imudp: add socket type (IPv4 vs. 6) to input name
  * 2021-07-13: fixing the deleteStateOnFileDelete option
  - replaces 0001-fixing-the-deleteStateOnFileDelete-option.patch
  * 2021-07-07: CI: add test for imtcp not correctly starting up and a Solaris fix
  * 2021-08-05: omfwd: add capability for action-specific TLS certificate settings
  * 2021-07-01: imtcp: permit to use different certificate files per input/action
  * 2021-08-04: debug support: add indication of "being HUPed" to debug log
  * 2021-08-04: imptcp bugfix: keep alive interval was incorrectly set
  * 2021-07-22: Close file descriptor when freshStartTail is turned on
  * 2021-07-22: [omelasticsearch] Improve errorFile mutex handling
  * 2021-07-08: openssl network driver bugfix: small memory leak
  * 2021-07-07: tcpsrv bugfix: abort if no listener could be started
  * 2021-07-01: tcp subsystem: fix cosmetic memory leak on shutdown
  * 2021-07-01: fix typo in error message
  * 2021-06-30: OMMONGODB :: Fixes
  * 2021-06-29: mmkubernetes fix for apiserver error handling
  * 2021-06-21: omkafka updates
  * 2021-06-22: percentile module to track percentile metrics via impstats
  * 2021-06-17: CI: disable Travis CI for the time being
  * 2021-04-15: omhttp: Fix dynrestpath param in batch mode
  * 2021-06-14: add predefined template RSYSLOG_SyslogRFC5424Format
  * 2021-06-10: bugfix: _sender_stats reports integer counter as string

- fix removal of imfile state files (bsc#1213212)
  * add 0001-fixing-the-deleteStateOnFileDelete-option.patch
rubygem-actionpack-5_1
- security update
- added patches
  fix CVE-2023-28362 [bsc#1213312], Possible XSS via User Supplied Values to redirect_to
  + 0008-CVE-2023-28362.patch
rubygem-actionview-5_1
- security update
- added patches
  fix CVE-2023-23913 [bsc#1209826], DOM Based Cross-site Scripting in rails-ujs
  + rubygem-actionview-5_1-CVE-2023-23913.patch
rubygem-puma
- Add CVE-2023-40175.patch (bsc#1214425, CVE-2023-40175.patch)
  Reject empty string for Content-Length
rubygem-rails-html-sanitizer
- Fixing typos in CVEs corrected by prior submission

- Add patch 0002_CVE-2022-23517_CVE-2022-23518_CVE-2022-23519_CVE-2022-23520.patch
  This patch fixes 4 different CVEs:
  * CVE-2022-23517 (bsc#1206433)
  * CVE-2022-23518 (bsc#1206434)
  * CVE-2022-23519 (bsc#1206435)
  * CVE-2022-23520 (bsc#1206436)
  In order to have the
  0002_CVE-2022-23517_CVE-2022-23518_CVE-2022-23519_CVE-2022-23520.patch
  working smoothly I monkey patched loofah API and crass rubygem code into
  rails-html-sanitizer.
runc
- Update to runc v1.1.10. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.10>.

- Update to runc v1.1.9. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.9>.

- Update to runc v1.1.8. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.8>.

- Update to runc v1.1.7. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.7>.
- Update runc.keyring to upstream version.

- Update to runc v1.1.6. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.6>.
salt-shaptools
- Version 0.3.18
  * Salt no longer vendors six (>=salt-3006.0)
    https://github.com/saltstack/salt/issues/63874
saptune
- update package version of saptune to 3.1.1
  * typo in logfile directory name creates /varlog/saptune instead
    of /var/log/saptune
    (bsc#1215969)
  * SAP Note 2382421
    fix missing handling for Azure systems regarding parameter
    'net.ipv4.tcp_timestamps'. This exclude setting was left out
    during the last SAP Note update by mistake.
  * add parameter IGNORE_RELOAD to /etc/sysconfig/saptune to
    prevent saptune from stopping and starting the system tuning
    during package update
    Related to sapconf bug bsc#1209408.
- create a flag file in preinstall and remove it in posttrans of
  the package installation to inform saptune that currently a
  package installation/update takes place so that some special
  situations can be handled as expected.

- update package version of saptune to 3.1.0
  * machine readable interfaces for saptune
    add json output support
    related json v1 schemas can be found after installation
    on the system at /usr/share/saptune/schemas/1.0/
    (jsc#PED-2194, jsc#PED-2195, jsc#SLE-23696)
  * enhance the identification of the cloud service provider
    (jsc#SLE-23779)
  * add a command line syntax check
  * colorized and filtered output for 'saptune note verify'
    It is now possible to uses a 'color scheme' for the output to
    highlight the non-compliant parameter or to limit the verify
    output to show only non-compliant parameter.
    (jsc#SLE-23727)
  * add action 'saptune solution change' to switch to a new
    solution even that another solution was already applied.
    It's basically a 'revert OLDSOLUTION' && 'apply NEWSOLUTION'.
    This will change the Note order in case of additional applied
    Notes, but this is intended.
    The confirmation for the revert of the old solution can be
    suppressed by '--force'
    (jsc#PED-2196)
  * introduce a Trento naming convention for custom solutions in
    the saptune man page to support trento checks.
    (jsc#PED-4118)
  * deprecate action 'saptune note|solution simulate'.
    The action might get removed in a future saptune version
    (jsc#PED-2199)
  * deprecate support for the v1 vendor or custom specific Note
    definition file format
    (jsc#SLE-23725)
  * detect virtualization environment by 'systemd-detect-virt' and
    add the information to 'saptune status'.
    (jsc#SLE-23885)
  * enhance saptune with the new action 'check' to directly call
    the external check script '/usr/sbin/saptune_check'.
    (jsc#SLE-23726)
  * de-deprecate the MAXDB solution definition. It is still active
    supported by SAP.
    And add solution NETWEAVER+MAXDB
    (jsc#SLE-23724)
  * support inline comments in the Note definition files
    (jsc#SLE-23729)
  * rework Note representation in 'saptune status' output
    (jsc#SLE-24530)
  * fix problem with 'verify' output, if a sysctl parameter is
    empty on the system
    (bsc#1199527)
  * add hint to the manual page of saptune(8) regarding 'missing'
    line feed for 'saptune note applied' and 'saptune note enabled'
    It's intended.
    (bsc#1193714)
  * rework the version section to make it clear, which information
    needs to be provided
    (jsc#SLE-23722)
  * add more information to 'saptune status':
    differ between 'enabled' and 'applied' Solutions and add the
    related Notes.
    differ between Notes and Solutions in the staging area.
    rename 'system state' line to 'systemd system state' to prevent
    misunderstandings.
    add virtualisation information.
  * add tuning state to 'saptune status' output.
    The check of the tuning state (an internal 'verify' operation)
    can be skipped by using the flag '--non-compliance-check'.
    In this case the tuning state will be reported as
    unknown (checking disabled)
    'saptune status' will exit with a return code of '4', if the
    saptune service is enabled, the system is tuned, but the
    tuning state is 'not compliant'.
    (jsc#SLE-24928)
  * add support for the IBM Power architecture to the vendor and
    model section tagging
    (jsc#SLE-23824)
  * add new SAP Note 1868829 to set fs.aio-max-nr and add it to
    the HANADB related solutions for SLE12 and SLE15.
  * SAP Note 3024346 updated to Version 6
    SAP Note 1557506 updated to Version 16
    SAP Note 1656250 updated to Version 46
    SAP Note 1805750 updated to Version 9
    SAP Note 2161991 updated to Version 28
    SAP Note 2205917 updated to Version 63
    SAP Note 2382421 updated to Version 45
    SAP Note 2534844 updated to Version 15
    SAP Note BOBJ updated to Version 1
    but without parameter value changes, only house keeping of the
    version section and comment updates
  * SAP Note 1984787 updated to Version 40
    SAP Note 2578899 updated to Version 46
    SAP Note 2684254 updated to Version 23
    SAP Note 1680803 updated to Version 27
    includes version 3.1 of 'SAP Applications on SAP Adaptive
    Server Enterprise - Best Practices for Migration and Runtime'
  * Solution 'SAP-ASE' changed - remove SAP Note 1410736.
    The best practice document (version 3.1) for ASE was changed
    and the SAP Note 1410736 is no longer referenced. Instead the
    parameter 'net.ipv4.tcp_keepalive_time' is set in
    SAP Note 1680803 (the ASE SAP Note) directly.
  * introduce an additional parameter 'SKIP_SYSCTL_FILES' in the
    /etc/sysconfig/saptune configuration file, which contains a
    comma separated list of sysctl.conf files or directories
    containing sysctl.conf files, which should be excluded from
    the 'additional defined' WARNING messages.
    Default is
    SKIP_SYSCTL_FILES="/boot"
    to skip the WARNINGS for '/boot/sysctl.conf-<kernelversion>'
- check in preinstall and posttrans of the package installation,
  if the active tuned profile is still 'saptune', even that this
  profile no longer exists. If yes, try to remove it.
  (bsc#1194688)
000release-packages:sle-ha-release
n/a
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-sap-applications-release
n/a
000release-packages:sle-module-server-applications-release
n/a
supportutils-plugin-suse-public-cloud
- Update to version 1.0.8 (bsc#1213951)
  + Capture CSP billing adapter config and log (issue#13)
  + Accept upper case Amazon string in DMI table (issue#12)

- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during
    registration
supportutils
- Changes in version 3.1.26
  + powerpc plugin to collect the slots and active memory (bsc#1210950)
  + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
  + supportconfig: collect BPF information (pr#154)
  + Added additional iscsi information (pr#155)

- Added run time detection (bsc#1213127)

- ha_info sle15 uses /var/log/pacemaker/ (pq#153)

- Changes for supportutils version 3.1.25
  + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
  + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
  + powerpc: collect invscout logs (pr#150)
  + powerpc: collect RMC status logs (pr#151)
  + Added missing nvme nbft commands (bsc#1211599)
  + Fixed invalid nvme commands (bsc#1211598)
  + Added missing podman information (PED-1703, bsc#1181477)
  + Removed dependency on sysfstools
  + Check for systool use (bsc#1210015)
  + Added selinux checking (bsc#1209979)
  + Updated SLES_VER matrix

- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)

- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
  that `numactl --hardware` data is provided in supportconfigs

- Changes to supportconfig.rc version 3.1.11-35
  + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)

- Changes to supportconfig version 3.1.11-46.4
  + Added plymouth_info

- Changes to getappcore version 1.53.02
  + The location of chkbin was updated earlier. This documents that
    change (bsc#1205533, bsc#1204942)

- Changes to supportconfig version 3.1.11-46.3
  + Added missed sanitation check on crash.txt (bsc#1203818)
- Changes to supportconfig.rc version 3.1.11-30
  + Added check to _sanitize_file
  + Using variable for replement text in _sanitize_file
suse-build-key
- replace libzypp-post-script based installation with a systemd timer
  and service.
  - suse-build-key-import.service
  - suse-build-key-import.timer

- add and run a import-suse-build-key scripts, this will be ran
  after installation with libzypp based installers. (jsc#PED-2777)
suse-module-tools
- Update to version 15.4.18:
  * blacklist RNDIS modules (bsc#1205767, jsc#PED-5731, CVE-2023-23559)
  * modprobe.d: Blacklist cls_tcindex module (bsc#1210335, CVE-2023-1829)
  (note: this is not a full fix for that CVE)

- Update to version 15.4.17:
  * cert-script: warn only once about non-writable efivarfs
  * cert-script: skip cert handling if efivarfs is not writable
    (bsc#1213428, bsc#1201066)
systemd-rpm-macros
- Bump version to 14

- Switch to `systemd-hwdb` tool when updating the HW database. It's been
  introduced in systemd v219 and replaces the deprecated command `udevadm hwdb`.

- Bump version to 13

- Fix %sysctl_apply() and %binfmt_apply() so they are disabled when called from
  a chroot (bsc#1211272)
sysuser-tools
- Remove all systemd requires, not supported on SLE15 [bsc#1214140]

- Version 3.2
- update sysusers_requires to request sysuser-shadow 3.2
- Use TAB consistently for indention in sysusers2shadow.sh
- This pkg needs to follow behavior which is described in sysusers.d(5).
  Always create a system group of the same name as the system user,
  even if the user already exists. (bsc#1205161, bsc#1207778, bsc#1213240)

- Add "quilt setup" friendly hint to %sysusers_requires usage
  It is not required to have sysuser-tools installed when working
  with a pkg source which uses sysuser-tools at build time.

- Use append so if a pre file already exists it isn't overridden

- invoke bash for bash scripts (bsc#1195391)
util-linux-systemd
- Add util-linux-libblkid-reopen-floppy-without-O_NONBLOCK.patch
  Fixes blkid for floppy drives (bsc#1194900).
- util-linux-fix-tests-when-at-symbol-in-path.patch:
  Add patch to util-linux-systemd and python3-libmount, as it was
  previously only included in util-linux.

- Add upstream patch fix-lib-internal-cache-size.patch
  bsc#1210164, gh#util-linux/util-linux@2fa4168c8bc9

- Fix tests not passing when '@' character is in build path:
  Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- Add util-linux-fix-tests-when-at-symbol-in-path.patch
vim
- Updated to version 9.0 with patch level 2103, fixes the following security problems
  * Fixing bsc#1215940 (CVE-2023-5344) - VUL-0: CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969.
  * Fixing bsc#1216001 (CVE-2023-5441) - VUL-0: CVE-2023-5441: vim: segfault in exmode when redrawing
  * Fixing bsc#1216167 (CVE-2023-5535) - VUL-0: CVE-2023-5535: vim: use-after-free from buf_contents_changed()
  * Fixing bsc#1216696 (CVE-2023-46246) - VUL-0: CVE-2023-46246: vim: Integer Overflow in :history command
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1894...v9.0.2103

- Updated to version 9.0 with patch level 1894, fixes the following security problems
  * Fixing bsc#1214922 (CVE-2023-4738) - VUL-0: CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both
  * Fixing bsc#1214924 (CVE-2023-4735) - VUL-0: CVE-2023-4735: vim: OOB Write ops.c
  * Fixing bsc#1214925 (CVE-2023-4734) - VUL-0: CVE-2023-4734: vim: segmentation fault in function f_fullcommand
  * Fixing bsc#1215004 (CVE-2023-4733) - VUL-0: CVE-2023-4733: vim: use-after-free in function buflist_altfpos
  * Fixing bsc#1215006 (CVE-2023-4752) - VUL-0: CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp
  * Fixing bsc#1215033 (CVE-2023-4781) - VUL-0: CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both
- drop patches: disable-unreliable-tests.patch
    ignore-flaky-test-failure.patch
    vim-8.1.0297-dump3.patch
- dropped %check - most of tests didn't work correctly in OBS
    and maintenance burden of this was getting too big
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1632...v9.0.1894

- Use app icon generated from vimlogo.eps in source tarball; add
  higher res icons of sizes 128, 256, and 512px as png sources.
  Our current icons deviate from upstream flatpaks for example.
- Updated to version 9.0 with patch level 1632
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1632

- Updated to version 9.0 with patch level 1572, fixes the following security problems
  * Fixing bsc#1210996 (CVE-2023-2426) - VUL-0: CVE-2023-2426: vim: Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.
  * Fixing bsc#1211256 (CVE-2023-2609) - VUL-1: CVE-2023-2609: vim: NULL Pointer Dereference prior to 9.0.1531
  * Fixing bsc#1211257 (CVE-2023-2610) - VUL-1: CVE-2023-2610: vim: Integer Overflow or Wraparound prior to 9.0.1532
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1443...v9.0.1572

- Fixing bsc#1211461 - L3: vim "eats" first character from prompt in xterm
  * Add: reorder-exit-raw-mode.patch
  * Swaps out_str_t_TE() and cursor_on() during exit to prevent missing characters in xterm prompt on exit.

- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
  * Revert the creation standalone xxd packages
wicked
- ifconfig: fix arp notify loop (boo#1212806) and burst sending
  [+ 0001-fix_arp_notify_loop_and_burst_sending.patch]

- update to version 0.6.73
- spec: cleanup artefacts and fix some rpmlint warnings
- arp: allow verify/notify counter and interval configuration
- arp: handle ENOBUFS sending errors (bsc#1203300)
- extensions: improve environment variable handling
- firmware: refactor firmware extension definition
- firmware: enable, disable and revert cli commands
- code cleanup: fix memory leaks, add array/list utils
- wireless: Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026)
- cleanup /var/run leftovers in extension scripts (bsc#1194557)
- json: output formatting improvements and Unicode support
- bond: workaround 6.1 kernel enslave regression (boo#1206674)
- update to version 0.6.72
- client: add `wicked firmware extensions|interfaces|enable|disable`
  command to improve `ibft`,`nbft`,`redfish` firmware extension and
  interface handling.
- client: improve error handling in netif firmware discovery
  extension execution and extension definition overrides in
  the wicked-config.
- nanny: fix use-after-free in debug mode (bsc#1206447)
- spec: replace transitional `%usrmerged` macro with regular
  version check (boo#1206798)
- client: improve to show `no-carrier` in ifstatus output
- linux: cleanup inclusions and update uapi header to 6.0
- ethtool: link mode nwords cleanup and new advertise mode names
- update to version 0.6.71
- dhcp: enable raw-ip support for wwan-qmi interfaces (jsc#PED-90)
- schema: fix the ip rule to-selector to handle network prefixes
- spec: Add /etc/sysconfig/network to file list, no longer in the
  default list of a cleaned up filesystem package on tumbleweed
  (https://github.com/openSUSE/wicked/pull/939).
xen
- bsc#1216807 - VUL-0: CVE-2023-46836: xen: x86: BTC/SRSO fixes not
  fully effective (XSA-446)
  xsa446.patch

- bsc#1216654 - VUL-0: CVE-2023-46835: xen: x86/AMD: mismatch in
  IOMMU quarantine page table levels (XSA-445)
  xsa445.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  650abbfe-x86-shadow-defer-PV-top-level-release.patch
- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  64e5b4ac-x86-AMD-extend-Zenbleed-check.patch
  65087000-x86-spec-ctrl-SPEC_CTRL_EXIT_TO_XEN-confusion.patch
  65087001-x86-spec-ctrl-fold-DO_SPEC_CTRL_EXIT_TO_XEN.patch
  65087002-x86-spec-ctrl-SPEC_CTRL-ENTRY-EXIT-asm-macros.patch
  65087003-x86-spec-ctrl-SPEC_CTRL-ENTER-EXIT-comments.patch
  65087004-x86-entry-restore_all_xen-stack_end.patch
  65087005-x86-entry-track-IST-ness-of-entry.patch
  65087006-x86-spec-ctrl-VERW-on-IST-exit-to-Xen.patch
  65087007-x86-AMD-Zen-1-2-predicates.patch
  65087008-x86-spec-ctrl-Zen1-DIV-leakage.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  65263470-AMD-IOMMU-flush-TLB-when-flushing-DTE.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  65263471-libfsimage-xfs-remove-dead-code.patch
  65263472-libfsimage-xfs-amend-mask32lo.patch
  65263473-libfsimage-xfs-sanity-check-superblock.patch
  65263474-libfsimage-xfs-compile-time-check.patch
  65263475-pygrub-remove-unnecessary-hypercall.patch
  65263476-pygrub-small-refactors.patch
  65263477-pygrub-open-output-files-earlier.patch
  65263478-libfsimage-function-to-preload-plugins.patch
  65263479-pygrub-deprivilege.patch
  6526347a-libxl-allow-bootloader-restricted-mode.patch
  6526347b-libxl-limit-bootloader-when-restricted.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  6526347c-SVM-fix-AMD-DR-MASK-context-switch-asymmetry.patch
  6526347d-x86-PV-auditing-of-guest-breakpoints.patch
- Upstream bug fixes (bsc#1027519)
  64e6459b-revert-VMX-sanitize-rIP-before-reentering.patch
  64eef7e9-x86-reporting-spurious-i8259-interrupts.patch
  64f71f50-Arm-handle-cache-flush-at-top.patch
  65084ba5-x86-AMD-dont-expose-TscFreqSel.patch
- Patches dropped / replaced by newer upstream versions
  xsa438.patch
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch
  xsa442.patch
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
  xsa444-1.patch
  xsa444-2.patch

- bsc#1215744 - VUL-0: CVE-2023-34323: xen: xenstored: A
  transaction conflict can crash C Xenstored (XSA-440)
  xsa440.patch
- bsc#1215746 - VUL-0: CVE-2023-34326: xen: x86/AMD: missing IOMMU
  TLB flushing (XSA-442)
  xsa442.patch
- bsc#1215747 - VUL-0: CVE-2023-34325: xen: Multiple
  vulnerabilities in libfsimage disk handling (XSA-443)
  xsa443-01.patch
  xsa443-02.patch
  xsa443-03.patch
  xsa443-04.patch
  xsa443-05.patch
  xsa443-06.patch
  xsa443-07.patch
  xsa443-08.patch
  xsa443-09.patch
  xsa443-10.patch
  xsa443-11.patch
- bsc#1215748 - VUL-0: CVE-2023-34327,CVE-2023-34328: xen: x86/AMD:
  Debug Mask handling (XSA-444)
  xsa444-1.patch
  xsa444-2.patch

- bsc#1215474 - VUL-0: CVE-2023-20588: xen: AMD CPU transitional
  execution leak via division by zero (XSA-439)
  xsa439-00.patch
  xsa439-01.patch
  xsa439-02.patch
  xsa439-03.patch
  xsa439-04.patch
  xsa439-05.patch
  xsa439-06.patch
  xsa439-07.patch
  xsa439-08.patch
  xsa439-09.patch

- bsc#1215145 - VUL-0: CVE-2023-34322: xen: top-level shadow
  reference dropped too early for 64-bit PV guests (XSA-438)
  xsa438.patch

- Handle potential unaligned access to bitmap in
  libxc-sr-restore-hvm-legacy-superpage.patch
  If setting BITS_PER_LONG at once, the initial bit must be aligned

- Update to Xen 4.16.5 bug fix release (bsc#1027519)
  xen-4.16.5-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- bsc#1214082 - VUL-0: CVE-2023-20569: xen: x86/AMD: Speculative
  Return Stack Overflow (XSA-434)
- bsc#1214083 - VUL-0: CVE-2022-40982: xen: x86/Intel: Gather Data
  Sampling (XSA-435)
- Dropped patches contained in new tarball
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch
  64bea1b2-x86-AMD-Zenbleed.patch

- Handle potential off-by-one errors in libxc-sr-xg_sr_bitmap.patch
  A bit is an index in bitmap, while bits is the allocated size
  of the bitmap.

- Add more debug to libxc-sr-track-migration-time.patch
  This is supposed to help with doing the math in case xl restore
  fails with ERANGE as reported in bug#1209311

- bsc#1213616 - VUL-0: CVE-2023-20593: xen: x86/AMD: Zenbleed
  (XSA-433)
  64bea1b2-x86-AMD-Zenbleed.patch

- Upstream bug fixes (bsc#1027519)
  645dec48-AMD-IOMMU-assert-boolean-enum.patch
  646b782b-PCI-pci_get_pdev-respect-segment.patch
  647dfb0e-x86-missing-unlock-in-microcode_update_helper.patch
  648863fc-AMD-IOMMU-Invalidate-All-check.patch

- bsc#1209237 - xen-syms doesn't contain debug-info
  643e3810-CONFIG_DEBUG_INFO-no-EXPERT.patch
  6447a8fd-x86-EFI-permit-crash-dump-analysis.patch

- Update to Xen 4.16.4 bug fix release (bsc#1027519)
  xen-4.16.4-testing-src.tar.bz2
  * No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
  63a03e28-x86-high-freq-TSC-overflow.patch
  63c05478-VMX-calculate-model-specific-LBRs-once.patch
  63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
  63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
  63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
  63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
  63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
  63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
  641041e8-VT-d-constrain-IGD-check.patch
  6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
  64199e0c-x86-shadow-account-for-log-dirty-mode.patch
  64199e0d-x86-HVM-bound-number-of-pca-regions.patch
  64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
  64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
  libxl.fix-guest-kexec-skip-cpuid-policy.patch

- Upstream bug fixes (bsc#1027519)
  63e53ac9-x86-CPUID-leaves-7-1-ecx-edx.patch
  63e53ac9-x86-disable-CET-SS-when-fractured-updates.patch
  63f4d045-x86-ucode-AMD-apply-early-on-all-threads.patch
  63fe06e0-x86-ucode-AMD-apply-late-on-all-threads.patch
  641041e8-VT-d-constrain-IGD-check.patch
  6419697d-AMD-IOMMU-no-XT-x2APIC-phys.patch
- Use "proper" upstream backports:
  64199e0c-x86-shadow-account-for-log-dirty-mode.patch
  64199e0d-x86-HVM-bound-number-of-pca-regions.patch
  64199e0e-x86-HVM-serialize-pca-list-manipulation.patch
  64199e0f-x86-spec-ctrl-defer-CR4_PV32_RESTORE-for-CSTAR.patch
- ... in place of:
  xsa427.patch
  xsa428-1.patch
  xsa428-2.patch
  xsa429.patch

- bsc#1209245 - fix host-assisted kexec/kdump for HVM domUs
  libxl.fix-guest-kexec-skip-cpuid-policy.patch
xrdb
- Downgrade cpp requires to recommends (bsc#1211267)
xterm
- xterm-CVE-2023-40359.patch: Fixed reporting characterset names
  in ReGiS graphics mode (bsc#1214282)
yast2-cluster
- bsc#1209602 bugs in yast2-cluster Write funcion
- Remove sensless call to sysconfig.openais
- Remove sensless sysconfig.openais agent
- Enable csync2.socket
- Add SCR.Write(PATH,nil) to save the configuration inmediately
- Version 4.4.4
yast2-installation
- Don't always enable sshd and open the ssh port (bsc#1211764)
- 4.4.59
yast2-network
- Fix typo when writing the wireless channel (bsc#1212976)
- 4.4.59

- bsc#1211431
  - Do not crash installation when storing vlan configuration into
    NetworkManager
- 4.4.58

- Do not write the EAP auth attribute when writing a wireless
  wicked configuration using the EAP mode as TLS (bsc#1211026)
- 4.4.57
yast2-pkg-bindings
- Pkg.TargetInitializeOptions() - added a new option for
  rebuilding the RPM database (--rebuilddb) (bsc#1209565)
- 4.4.6
yast2-sap-ha
- Set default value for global_alloc_limit to "0"
- Fix evaluation CustOpt settings. (bsc#1209204)
- Remove superfluously BuildRequires: HANA-Firewall
- 4.4.5

- yast2-sap-ha for Cost-Opt scenario is not up-to-date with SR takeover in best practice guide (bsc#1209204)
- New function to get the primary hostname on the master.
- Fix setting secondary and primary hostname for the template
- 4.4.4

- The hook creation is deprecated. This was removed from wizard and from backend.
  This functionality now will be provided by the susCostOpt.py delivered by SAPHanaSR
  Now a key sus_<SID>_costopt must be created.
- 4.4.3

- yast2-sap-ha for Cost-Opt scenario is not up-to-date with SR takeover in best practice guide (bsc#1209204)
- yast2-sap-ha can not configure firewall (bsc#1211027)
- Rework package sturcture to use the yast2 defaults
- 4.4.2

- L3: yast2-sap-ha error - Could not adjust global.ini for the production system
  (bsc#1207740)
- yast2-sap-ha: csync2 configuration not enabled (bsc#1202112)
- 4.4.1
yast2-storage-ng
- New MdLevel value for linear RAIDs (bsc#1215022)
- 4.4.46

- Ensure adding storage support software packages for MicroOS
  which uses its custom partitions_proposal client, not the
  standard inst_disk_proposal client (bsc#1212452)
  https://github.com/yast/yast-storage-ng/pull/1346
- 4.4.45

- Honor encryption settings if they are set into ProductFeatures
  by the Common Critera role (jsc#PED-4166, jsc#PED-4474).
- 4.4.44

- Prevent setting the volume label for a mounted btrfs or swap
  (bsc#1211337)
- 4.4.43
yast2-transfer
- Fixed TFTP download, truncate the target file to avoid garbage
  at the end of the file when saving to an already existing file
  (bsc#1208754)
- 4.4.2
yast2-users
- Allow to edit the NIS master server databases instead of the
  local ones, relying on the --prefix argument added to several
  commands in the "shadow" package (bsc#1206627).
- 4.4.15

- Write the users when using AutoYaST on an installed system
  (bsc#1211753).
- 4.4.14
zypper
- Return 104 also if info suggests near matches (fixes #504)
- Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422)
- Fix typo (fixes #484)
- version 1.14.66

- Fix some typos and spelling errors found by Lintian (fixes #501)
- Prefer unaliased `grep` to avoid unexpected/wrong completions.
  (#503)
- commit: Insert a headline to separate output of different rpm
  scripts (bsc#1041742)
- Fix typo in changes file.
- version 1.14.65

- Fix name of the bash completion script (bsc#1215007)
  In 1.14.63 the location of the bash completion script was changed
  to /usr/share/bash-completion/completions/. But the patch failed
  to also rename the completion script. The original script name
  zypper.sh is not recognized at the new location.
- Update notes about failing signature checks (bsc#1214395)
  It might be a transient issue if the server is in the midst of
  receiving new data. Retry after a few minutes might work.
- Improve the SIGINT handler to be signal safe (bsc#1214292)
  This patch updates the SIGINT handling strategy to be signal
  safe. Meaning the signal handler will do not much more than
  setting a flag, which we are going to check in the normal program
  flow as much as possible.
- version 1.14.64

- Changed location of bash completion script (bsc#1213854).
  This changes the location of zypper.sh bash completion script
  from /usr/share/bash-completion/completions/.
- version 1.14.63

- man: revised explanation of --force-resolution (bsc#1213557)
  Point out that the option not only allows to remove packages but
  may also violate any other active policy if there is no other way
  to resolve the job.
- Print summary hint if policies were violated due to
  - -force-resolution (bsc#1213557)
- BuildRequires:  libzypp-devel >= 17.31.16 (for zypp-tui)
- version 1.14.62

- targetos: Add an error note if XPath:/product/register/target
  is not defined in /etc/products.d/baseproduct (bsc#1211261)
- targetos: Update help and man page (bsc#1211261)
- version 1.14.61

- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60