HANA-Firewall
- Missing SCR Agent for reading and writing /etc/sysconfig/hana-firewall from yast2
  (bsc#1210981)
Mesa
- U_ReturnME.patch
  * fixes blackscreen in Return To Monkey Island on Intel graphics
    (boo#1208145)
autofs
- autofs-5.1.3-revert-fix-argc-off-by-one-in-mount_aut.patch
  Fix off-by-one error in recursive map handling. (bsc#1209653)
avahi
- Add avahi-CVE-2023-1981.patch: emit error if requested service
  is not found (boo#1210328 CVE-2023-1981).
- switch to use _multibuild
- delete _avahi_spec-prepare.sh, pre_checkin.sh: obsolete
- use https urls
bind
- Update to release 9.16.38
  Bug Fixes:
  * A constant stream of zone additions and deletions via rndc
    reconfig could cause increased memory consumption due to
    delayed cleaning of view memory. This has been fixed.
  * The speed of the message digest algorithms (MD5, SHA-1, SHA-2),
    and of NSEC3 hashing, has been improved.
  * Building BIND 9 failed when the --enable-dnsrps switch for
    ./configure was used. This has been fixed.
  [jsc#SLE-24600]
- Updated keyring and signature
c-ares
- Update to version 1.19.0
  Security:
  * Low. Stack overflow in ares_set_sortlist() which is used
    during c-ares initialization and typically provided by an
    administrator and not an end user.
    (bsc#1208067, CVE-2022-4904)
  Changes:
  * Add ARES_OPT_HOSTS_FILE similar to ARES_OPT_RESOLVCONF for
    specifying a custom hosts file location.
  Bug fixes:
  * Fix memory leak in reading /etc/hosts when using localhost
    fallback.
  * Fix chain building c-ares when libresolv is already included by
    another project.
  * File lookup should not immediately abort as there may be other
    tries due to search criteria.
  * Asterisks should be allowed in host validation as CNAMEs may
    reference wildcard domains.
  * AutoTools build system referenced bad STDC_HEADERS macro.
  * Even if one address class returns a failure for
    ares_getaddrinfo() we should still return the results we have.
  * Fix ares_getaddrinfo() numerical address resolution with
    AF_UNSPEC
  * Fix tools and help information.
  * Various documentation fixes and cleanups.
  * Add include guards to ares_data.h
  * c-ares could try to exceed maximum number of iovec entries
    supported by system.
  * The RFC6761 6.3 states localhost subdomains must be offline too
- update to 1.18.1. Changes since 1.17.2:
  * Allow '/' as a valid character for a returned name for
    CNAME in-addr.arpa delegation
  * no longer forwards requests for localhost resolution per RFC6761
  * During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so
    that the search process will continue to the next domain
    in the search.
  * Provide ares_nameser.h as a public interface as needed by NodeJS
  * Add support for URI(Uniform Resource Identifier) records via
    ares_parse_uri_reply()
- disable unit tests for SLE12 since GCC compiler too old to build
  unit tests
- 5c995d5.patch: upstreamed
- disable-live-tests.patch: refreshed
- new upstream website
- drop multibuild - tests do not require static library anymore
- spec file cleanup
- drop sources that were re-added to upstream distibution
  (c-ares-config.cmake.in ares_dns.h libcares.pc.cmake)
- update to 1.17.2:
  Security:
  * When building c-ares with CMake, the RANDOM_FILE would not be set
    and therefore downgrade to the less secure random number generator
    it would cause a crash
  * Expand number of escaped characters in DNS replies as per
    RFC1035 5.1 to prevent spoofing follow-up
    (bsc#1188881, CVE-2021-3672)
  * Perform validation on hostnames to prevent possible XSS
    due to applications not performing valiation themselves
  Changes:
  * ares_malloc(0) is now defined behavior (returns NULL) rather than system-specific to catch edge cases
  Bug fixes:
  * Building tests should not force building of static libraries except on Windows
  * Relative headers must use double quotes to prevent pulling in a system library
  for details see,
  https://c-ares.haxx.se/changelog.html#1_17_2
- update to 1.17.1:
    Travis: add iOS target built with CMake (#378)
    Issue #377 suggested that CMake builds for iOS with c-ares were broken. This PR adds an automatic Travis build for iOS CMake.
  - fix build
    External projects were using non-public header ares_dns.h, make public again (#376)
    It appears some outside projects were relying on macros in ares_dns.h, even
    though it doesn't appear that header was ever meant to be public.  That said,
    we don't want to break external integrators so we should distribute this header
    again.
  - note that so versioning has moved to configure.ac
  - note about 1.17.1
  - fix sed gone wrong
    autotools cleanup (#372)
  * buildconf: remove custom logic with autoreconf
- remove missing_header.patch (upstream)
cloud-netconfig
- Update to version 1.7:
  + Overhaul policy routing setup (issue #19)
  + Support alias IPv4 ranges (issue #14)
  + Add support for NetworkManager (bsc#1204549)
  + Remove dependency on netconfig
  + Install into libexec directory
  + Clear stale ifcfg files for accelerated NICs (bsc#1199853)
  + More debug messages
  + Documentation update
- /etc/netconfig.d/ moved to /usr/libexec/netconfig/netconfig.d/ in
  Tumbleweed, update path (poo#116221)
cloud-regionsrv-client
- Update to version 10.1.0 (bsc#1207133, bsc#1208097, bsc#1208099 )
  - Removes a warning about system_token entry present in the credentials
  file.
  - Adds logrotate configuration for log rotation.
cluster-glue
- ibmhmc stonith needs to be aware of HMC version - ref:_00D1igLOd._5005qAMc5b:ref
  (bsc#1203635)
  * Add upstream patch:
    38.patch
containerd
- unversion to golang requires to always use the current default go. (bsc#1210298)
- Update to containerd v1.6.19 for Docker v23.0.2-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.19>
  Includes fixes for:
  - CVE-2023-25153 bsc#1208423
  - CVE-2023-25173 bsc#1208426
- Re-build containerd to use updated golang-packaging. jsc#1342
- Update to containerd v1.6.16 for Docker v23.0.1-ce. Upstream release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.16>
- Update to containerd v1.6.12 to fix CVE-2022-23471 bsc#1206235. Upstream
  release notes:
  <https://github.com/containerd/containerd/releases/tag/v1.6.12>
cpupower
- Originally by aabdallah@suse.com:
  Don't exist if perf is unavailable.
  * Fix for SG#64023, bsc#1202890:
  A turbostat-Dont-exist-if-perf-is-unavailable.patch:
crash
- crash-devel requires zlib-devel (bsc#1205681)
crmsh
- Update to version 4.4.1+20230424.7f657402:
  * Fix: help: Long time to load and parse crm.8.adoc (bsc#1210198)
  * Fix: cibconfig: use any existing rsc_defaults set rather than create another one (bsc#1210614)
  * Fix: crm report: sustain if there are offline nodes (bsc#1209480)
- Update to version 4.4.1+20230329.13f2537f:
  * Dev: utils: Check passwordless between cluster nodes (bsc#1209986)
- Update to version 4.4.1+20230306.302812a1:
  * Dev: upgradeutil: do upgrade silently (bsc#1208327, bsc#1208934)
  * Fix: healthcheck: do not run automatic upgrade when crmsh is called by a non-root user (bsc#1208936)
  * Fix: bootstrap: Unset SBD_DELAY_START when running 'crm cluster start' (bsc#1202177)
  * Fix: report: Catch read exception (bsc#1206606)
cronie
- Allow to define the logger info and warning priority, fixes
  jsc#PED-2551
  * run-crons
  * sysconfig.cron
cups
- 0001-cups-dests.c-cupsGetNamedDest-set-IPP_STATUS_ERROR_N.patch
  improves logging on 'IPP_STATUS_ERROR_NOT_FOUND' error
  that fixes bsc#1191467, bsc#1198932:
  "/lpr reports 'No such file or directory' for missing catalogue files"/
  "//usr/bin/lpr: No such file or directory"/
- after-network_target-sssd_service.patch
  is derived from https://github.com/apple/cups/issues/5550 with its
  https://github.com/apple/cups/commit/aaebca5660fdd7f7b6f30461f0788d91ef6e2fee
  and SUSE PTF:24471 cups.SUSE_SLE-15_Update cups-2.2.7-wait-for-network.patch
  to add "/After=network.target sssd.service"/ to the systemd unit
  source files cupsd.service.in and cups.cups-lpdAT.service.in
  to fix bsc#1201234, bsc#1200321:
  "/Missing network dependency in systemd unit for cups-2.2.7"/
  "/CUPS may not always start if sssd is in use"/
- cups-branch-2.2-commit-876fdc1c90a885a58644c8757bc1283c9fd5bcb7.diff
  is https://github.com/OpenPrinting/cups/commit/876fdc1c90a885a58644c8757bc1283c9fd5bcb7
  which belongs to https://github.com/OpenPrinting/cups/issues/308
  that fixes bsc#1191525, bsc#1203446:
  "/Print jobs on cups.sock return with EAGAIN (Resource temporarily unavailable)"/
  "//usr/bin/lpr: Error - The printer or class does not exist."/
curl
- Security fixes:
  * [bsc#1211230, CVE-2023-28319] use-after-free in SSH sha256
    fingerprint check.
  - Add curl-CVE-2023-28319.patch
  * [bsc#1211231, CVE-2023-28320] siglongjmp race condition
  - Add curl-CVE-2023-28320.patch
  * [bsc#1211232, CVE-2023-28321] IDN wildcard matching
  - Add curl-CVE-2023-28321.patch
  * [bsc#1211233, CVE-2023-28322] POST-after-PUT confusion
  - Add curl-CVE-2023-28322.patch
- Update to 8.0.1: [jsc#PED-2580]
  * Rebase curl-secure-getenv.patch
  * Remove patches fixed in the update:
  - curl-CVE-2022-22576.patch curl-CVE-2022-27776.patch
  - curl-CVE-2022-27781.patch curl-CVE-2022-27782.patch
  - curl-CVE-2022-32206.patch curl-CVE-2022-32208.patch
  - curl-CVE-2022-32221.patch curl-CVE-2022-35252.patch
  - curl-CVE-2022-43552.patch curl-CVE-2023-23916.patch
  - curl-CVE-2022-27774.patch curl-CVE-2022-27774-2.patch
  - curl-CVE-2022-27774-disabletest-1568.patch
  - curl-CVE-2022-27775.patch curl-CVE-2022-32205.patch
  - curl-CVE-2022-32207.patch curl-CVE-2022-42916.patch
  - curl-CVE-2022-43551.patch curl-CVE-2023-23914-23915.patch
  - curl-CVE-2023-27533.patch curl-CVE-2023-27533-no-sscanf.patch
  - curl-CVE-2023-27534.patch curl-CVE-2023-27535.patch
  - curl-CVE-2023-27536.patch curl-CVE-2023-27538.patch
- Update to 8.0.1:
  * Bugfixes:
  - fix crash in curl_easy_cleanup
- Update to 8.0.0:
  * Security fixes:
  - TELNET option IAC injection [bsc#1209209, CVE-2023-27533]
  - SFTP path ~ resolving discrepancy [bsc#1209210, CVE-2023-27534]
  - FTP too eager connection reuse [bsc#1209211, CVE-2023-27535]
  - GSS delegation too eager connection re-use [bsc#1209212, CVE-2023-27536]
  - HSTS double-free [bsc#1209213, CVE-2023-27537]
  - SSH connection too eager reuse still [bsc#1209214, CVE-2023-27538]
  * Changes:
  - build: remove support for curl_off_t < 8 bytes
  * Bugfixes:
  - aws_sigv4: fall back to UNSIGNED-PAYLOAD for sign_as_s3
  - BINDINGS: add Fortran binding
  - cf-socket: use port 80 when resolving name for local bind
  - cookie: don't load cookies again when flushing
  - curl_path: create the new path with dynbuf
  - CURLSHOPT_SHARE.3: HSTS sharing is not thread-safe
  - DYNBUF.md: note Curl_dyn_add* calls Curl_dyn_free on failure
  - ftp: active mode with SSL, add the filter
  - hostip: avoid sscanf and extra buffer copies
  - http2: fix for http2-prior-knowledge when reusing connections
  - http2: fix handling of RST and GOAWAY to recognize partial transfers
  - http: don't send 100-continue for short PUT requests
  - http: fix unix domain socket use in https connects
  - libssh: use dynbuf instead of realloc
  - ngtcp2-gnutls.yml: bump to gnutls 3.8.0
  - sectransp: make read_cert() use a dynbuf when loading
  - telnet: only accept option arguments in ascii
  - telnet: parse telnet options without sscanf
  - url: fix the SSH connection reuse check
  - url: only reuse connections with same GSS delegation
  - urlapi: '%' is illegal in host names
  - ws: keep the socket non-blocking
  * Rebase libcurl-ocloexec.patch
- Security fixes:
  * [bsc#1209209, CVE-2023-27533] TELNET option IAC injection
    Add curl-CVE-2023-27533-no-sscanf.patch curl-CVE-2023-27533.patch
  * [bsc#1209210, CVE-2023-27534] SFTP path ~ resolving discrepancy
    Add curl-CVE-2023-27534.patch
  * [bsc#1209211, CVE-2023-27535] FTP too eager connection reuse
    Add curl-CVE-2023-27535.patch
  * [bsc#1209212, CVE-2023-27536] GSS delegation too eager connection re-use
    Add curl-CVE-2023-27536.patch
  * [bsc#1209214, CVE-2023-27538] SSH connection too eager reuse still
    Add curl-CVE-2023-27538.patch
- Update to 7.88.1:
  * Bugfix release
- Drop upstreamed patch:
  * curl-fix-uninitialized-value-in-tests.patch
- Update to 7.88.0: [bsc#1207990, CVE-2023-23914]
  [bsc#1207991, CVE-2023-23915] [bsc#1207992, CVE-2023-23916]
  * Security fixes:
  - CVE-2023-23914: HSTS ignored on multiple requests
  - CVE-2023-23915: HSTS amnesia with --parallel
  - CVE-2023-23916: HTTP multi-header compression denial of service
  * Changes:
  - curl.h: add CURL_HTTP_VERSION_3ONLY
  - share: add sharing of HSTS cache among handles
  - src: add --http3-only
  - tool_operate: share HSTS between handles
  - urlapi: add CURLU_PUNYCODE
  - writeout: add %{certs} and %{num_certs}
  * Bugfixes:
  - cf-socket: keep sockaddr local in the socket filters
  - cfilters:Curl_conn_get_select_socks: use the first non-connected filter
  - curl.h: allow up to 10M buffer size
  - curl.h: mark CURLSSLBACKEND_MESALINK as deprecated
  - curl/websockets.h: extend the websocket frame struct
  - curl: output warning at --verbose output for debug-enabled version
  - curl_free.3: fix return type of `curl_free`
  - curl_log: for failf/infof and debug logging implementations
  - dict: URL decode the entire path always
  - docs/DEPRECATE.md: deprecate gskit
  - easyoptions: fix header printing in generation script
  - haxproxy: send before TLS handhshake
  - hsts.d: explain hsts more
  - hsts: handle adding the same host name again
  - HTTP/[23]: continue upload when state.drain is set
  - http: decode transfer encoding first
  - http_aws_sigv4: remove typecasts from HMAC_SHA256 macro
  - http_proxy: do not assign data->req.p.http use local copy
  - lib: connect/h2/h3 refactor
  - libssh2: try sha2 algos for hostkey methods
  - md4: fix build with GnuTLS + OpenSSL v1
  - ngtcp2: replace removed define and stop using removed function
  - noproxy: support for space-separated names is deprecated
  - nss: implement data_pending method
  - openldap: fix missing sasl symbols at build in specific configs
  - openssl: adapt to boringssl's error code type
  - openssl: don't ignore CA paths when using Windows CA store (redux)
  - openssl: don't log raw record headers
  - openssl: make the BIO_METHOD a local variable in the connection filter
  - openssl: only use CA_BLOB if verifying peer
  - openssl: remove attached easy handles from SSL instances
  - openssl: store the CA after first send (ClientHello)
  - setopt: use >, not >=, when checking if uarg is larger than uint-max
  - smb: return error on upload without size
  - socketpair: allow localhost MITM sniffers
  - strdup: name it Curl_strdup
  - tool_getparam: fix hiding of command line secrets
  - tool_operate: fix error codes on bad URL & OOM
  - tool_operate: repair --rate
  - transfer: break the read loop when RECV is cleared
  - typecheck: accept expressions for option/info parameters
  - urlapi: avoid Curl_dyn_addf() for hex outputs
  - urlapi: skip path checks if path is just "//"/
  - urlapi: skip the extra dedotdot alloc if no dot in path
  - urldata: cease storing TLS auth type
  - urldata: make 'ftp_create_missing_dirs' depend on FTP || SFTP
  - urldata: make set.http200aliases conditional on HTTP being present
  - urldata: move the cookefilelist to the 'set' struct
  - urldata: remove unused struct fields, made more conditional
  - vquic: stabilization and improvements
  - vtls: fix hostname handling in filters
  - vtls: manage current easy handle in nested cfilter calls
  - vtls: use ALPN HTTP/1.0 when HTTP/1.0 is used
  * Rebase libcurl-ocloexec.patch
  * Fix regression tests: f1d09231adfc695d15995b9ef2c8c6e568c28091
  - runtests: fix "/uninitialized value $port"/
  - Add curl-fix-uninitialized-value-in-tests.patch
- Update to 7.87.0:
  * Security fixes:
  - CVE-2022-43551, bsc#1206308: another HSTS bypass via IDN
  - CVE-2022-43552, bsc#1206309: HTTP Proxy deny use-after-free
  * Changes
  - curl: add --url-query
  - CURLOPT_QUICK_EXIT: don't wait for DNS thread on exit
  - lib: add CURL_WRITEFUNC_ERROR to signal write callback error
  - openssl: reduce CA certificate bundle reparsing by caching
  - version: add a feature names array to curl_version_info_data
  * Bugfixes
  - altsvc: fix rejection of negative port numbers
  - aws_sigv4: consult x-%s-content-sha256 for payload hash
  - aws_sigv4: fix typos in aws_sigv4.c
  - base64: better alloc size
  - base64: encode without using snprintf
  - base64: faster base64 decoding
  - build: assume assert.h is always available
  - build: assume errno.h is always available
  - c-hyper: CONNECT respones are not server responses
  - c-hyper: fix multi-request mechanism
  - CI: Change FreeBSD image from 12.3 to 12.4
  - CI: LGTM.com will be shut down in December 2022
  - ci: Remove zuul fuzzing job as it's superseded by CIFuzz
  - cmake: check for cross-compile, not for toolchain
  - CMake: fix build with `CURL_USE_GSSAPI`
  - cmake: really enable warnings with clang
  - cmake: set the soname on the shared library
  - cmdline-opts/gen.pl: fix the linkifier
  - cmdline-opts/page-footer: remove long option nroff formatting
  - config-mac: define HAVE_SYS_IOCTL_H
  - config-mac: fix typo: size_T -> size_t
  - config-mac: remove HAVE_SYS_SELECT_H
  - config-win32: fix SIZEOF_OFF_T for MSVC and old MinGW
  - configure: require fork for NTLM-WB
  - contributors.sh: actually use $CURLWWW instead of just setting it
  - cookie: compare cookie prefixes case insensitively
  - cookie: expire cookies at once when max-age is negative
  - cookie: open cookie jar as a binary file
  - curl-openssl.m4: do not add $prefix/include/openssl to CPPFLAGS
  - curl-rustls.m4: on macOS, rustls also needs the Security framework
  - curl.h: include <sys/select.h> on SerenityOS
  - curl.h: name all public function parameters
  - curl.h: reword comment to not use deprecated option
  - curl: override the numeric locale and set "/C"/ by force
  - curl: timeout in the read callback
  - curl_endian: remove Curl_write64_le from header
  - curl_get_line: allow last line without newline char
  - curl_path: do not add '/' if homedir ends with one
  - curl_url_get.3: remove spurious backtick
  - curl_url_set.3: document CURLU_DISALLOW_USER
  - curl_url_set.3: fix typo
  - CURLMOPT_SOCKETFUNCTION.3: clarify CURL_POLL_REMOVE
  - CURLOPT_COOKIEFILE.3: advice => advise
  - CURLOPT_DEBUGFUNCTION.3: do not assume nul-termination in example
  - CURLOPT_DEBUGFUNCTION.3: emphasize that incoming data is "/raw"/
  - CURLOPT_POST.3: Explain setting to 0 changes request type
  - docs/curl_ws_send: Fixed typo in websocket docs
  - docs/EARLY-RELEASE.md: how to determine an early release
  - docs/examples: spell correction ('Retrieve')
  - docs/INSTALL.md: expand on static builds
  - docs/WEBSOCKET.md: explain the URL use
  - docs: add missing parameters for --retry flag
  - docs: add more "/SEE ALSO"/ links to CA related pages
  - docs: explain the noproxy CIDR notation support
  - docs: extend the dump-header documentation
  - docs: remove performance note in CURLOPT_SSL_VERIFYPEER
  - examples/10-at-a-time: fix possible skipped final transfers
  - examples: update descriptions
  - ftp: support growing files with CURLOPT_IGNORE_CONTENT_LENGTH
  - gen.pl: do not generate CURLHELP bitmask lines > 79 characters
  - GHA: clarify workflows permissions, set least possible privilege
  - GHA: NSS use clang instead of clang-9
  - gnutls: use common gnutls init and verify code for ngtcp2
  - headers: add endif comments
  - HTTP-COOKIES.md: mention that http://localhost is a secure context
  - HTTP-COOKIES.md: update the 6265bis link to draft-11
  - http: do not send PROXY more than once
  - http: fix the ::1 comparison for IPv6 localhost for cookies
  - http: set 'this_is_a_follow' in the Location: logic
  - http: use the IDN decoded name in HSTS checks
  - hyper: classify headers as CONNECT and 1XX
  - hyper: fix handling of hyper_task's when reusing the same address
  - idn: remove Curl_win32_ascii_to_idn
  - INSTALL: update operating systems and CPU archs
  - KNOWN_BUGS: remove eight entries
  - lib1560: add some basic IDN host name tests
  - lib: connection filters (cfilter) addition to curl:
  - lib: feature deprecation warnings in gcc >= 4.3
  - lib: fix some type mismatches and remove unneeded typecasts
  - lib: parse numbers with fixed known base 10
  - lib: remove bad set.opt_no_body assignments
  - lib: rewind BEFORE request instead of AFTER previous
  - lib: sync guard for Curl_getaddrinfo_ex() definition and use
  - lib: use size_t or int etc instead of longs
  - libcurl-errors.3: remove duplicate word
  - libssh2: return error when ssh_hostkeyfunc returns error
  - limit-rate.d: see also --rate
  - log2changes.pl: wrap long lines at 80 columns
  - Makefile.mk: address minor issues
  - Makefile.mk: improve a GNU Make hack
  - Makefile.mk: portable Makefile.m32
  - maketgz: set the right version in lib/libcurl.plist
  - mime: relax easy/mime structures binding
  - misc: Fix incorrect spelling
  - misc: remove duplicated include files
  - misc: typo and grammar fixes
  - negtelnetserver.py: have it call its close() method
  - netrc.d: provide mutext info
  - netware: remove leftover traces
  - noproxy: also match with adjacent comma
  - noproxy: guard against empty hostnames in noproxy check
  - noproxy: tailmatch like in 7.85.0 and earlier
  - nroff-scan.pl: detect double highlights
  - ntlm: improve comment for encrypt_des
  - ntlm: silence ubsan warning about copying from null target_info pointer
  - openssl/mbedtls: use %d for outputing port with failf (int)
  - openssl: prefix errors with '[lib]/[version]: '
  - os400: use platform socklen_t in Curl_getnameinfo_a
  - page-header: grammar improvement (display transfer rate)
  - proxy: refactor haproxy protocol handling as connection filter
  - README.md: remove badges and xmas-tree garnish
  - rtsp: fix RTSP auth
  - runtests: --no-debuginfod now disables DEBUGINFOD_URLS
  - runtests: do CRLF replacements per section only
  - scripts/checksrc.pl: detect duplicated include files
  - sendf: change Curl_read_plain to wrap Curl_recv_plain
  - sendf: remove unnecessary if condition
  - setup: do not require __MRC__ defined for Mac OS 9 builds
  - smb/telnet: do not free the protocol struct in *_done()
  - socks: fix username max size is 255 (0xFF)
  - spellcheck.words: remove 'github' as an accepted word
  - ssl-reqd.d: clarify that this is for upgrading connections only
  - strcase: use curl_str(n)equal for case insensitive matches
  - styled-output.d: this option does not work on Windows
  - system.h: fix socklen_t, curl_off_t, long long for Classic Mac OS
  - system.h: support 64-bit curl_off_t for NonStop 32-bit
  - test1421: fix typo
  - test3026: reduce runtime in legacy mingw builds
  - tests/sshserver.pl: re-enable ssh-rsa while using openssh 8.8+
  - tests: add authorityInfoAccess to generated certs
  - tests: add HTTP/3 test case, custom location for proper nghttpx
  - tls: backends use connection filters for IO, enabling HTTPS-proxy
  - tool: determine the correct fopen option for -D
  - tool_cfgable: free the ssl_ec_curves on exit
  - tool_cfgable: make socks5_gssapi_nec a boolean
  - tool_formparse: avoid clobbering on function params
  - tool_getparam: make --no-get work as the opposite of --get
  - tool_operate: provide better errmsg for -G with bad URL
  - tool_operate: when aborting, make sure there is a non-NULL error buffer
  - tool_paramhlp: free the proto strings on exit
  - url: move back the IDN conversion of proxy names
  - urlapi: reject more bad letters from the host name: &+()
  - urldata: change port num storage to int and unsigned short
  - vms: remove SIZEOF_SHORT
  - vtls: fix build without proxy support
  - vtls: localization of state data in filters
  - WEBSOCKET.md: fix broken link
  - Websocket: fixes for partial frames and buffer updates
  - websockets: fix handling of partial frames
  - windows: fail early with a missing windres in autotools
  - windows: fix linking .rc to shared curl with autotools
  - winidn: drop WANT_IDN_PROTOTYPES
  - ws: if no connection is around, return error
  - ws: return CURLE_NOT_BUILT_IN when websockets not built in
  - x509asn1: avoid freeing unallocated pointers
- Add 1.50.0 as the minimum libnghttp2 build requirement version as
  a bandaid. Curl's 7.86.0 release introduces the use of
  nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation,
  introduced by nghttp2 1.50.0 release, without introducing a check
  for the function/right version in their build scripts. This will
  make Zypper/cURL unusable in some corner cases where users
  installing something that requires libcurl4 before doing full
  system upgrade, thus updating the cURL stack, but not
  libnghttp2's. Background: boo#1204983, Factory mailing list
  threadd:
  "/? broken dependency in curl and/or *zyp* ?"/, and forums thread:
  Curl-is-broken-after-an-update-which-subsequently-breaks-zypper.
- Update to 7.86.0:
  * Security fixes:
  - POST following PUT confusion [bsc#1204383, CVE-2022-32221]
  - .netrc parser out-of-bounds access [bsc#1204384, CVE-2022-35260]
  - HTTP proxy double-free [bsc#1204385, CVE-2022-42915]
  - HSTS bypass via IDN [bsc#1204386, CVE-2022-42916]
  * Changes:
  - NPN: remove support for and use of
  - Websockets: initial support
  * Bugfixes:
  - altsvc: reject bad port numbers
  - autotools: reduce brute-force when detecting recv/send arg list
  - aws_sigv4: fix header computation
  - cli tool: do not use disabled protocols
  - connect: change verbose IPv6 address:port to [address]:port
  - connect: fix builds without AF_INET6
  - connect: fix Curl_updateconninfo for TRNSPRT_UNIX
  - connect: fix the wrong error message on connect failures
  - content_encoding: use writer struct subclasses for different encodings
  - cookie: reject cookie names or content with TAB characters
  - curl/add_file_name_to_url: use the libcurl URL parser
  - curl/get_url_file_name: use libcurl URL parser
  - curl: warn for --ssl use, considered insecure
  - docs/libcurl/symbols-in-versions: add several missing symbols
  - ftp: ignore a 550 response to MDTM
  - functypes: provide the recv and send arg and return types
  - getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
  - header: define public API functions as extern c
  - headers: reset the requests counter at transfer start
  - hostip: guard PF_INET6 use
  - hostip: lazily wait to figure out if IPv6 works until needed
  - http, vauth: always provide Curl_allow_auth_to_host() functionality
  - http2: make nghttp2 less picky about field whitespace
  - http: try parsing Retry-After: as a number first
  - http_proxy: restore the protocol pointer on error
  - lib: add missing limits.h includes
  - lib: prepare the incoming of additional protocols
  - lib: sanitize conditional exclusion around MIME
  - libssh: if sftp_init fails, don't get the sftp error code
  - mprintf: reject two kinds of precision for the same argument
  - mqtt: return error for too long topic
  - netrc: compare user name case sensitively
  - netrc: replace fgets with Curl_get_line
  - netrc: use the URL-decoded user
  - ngtcp2: fix build errors due to changes in ngtcp2 library
  - noproxy: support proxies specified using cidr notation
  - openssl: make certinfo available for QUIC
  - resolve: make forced IPv4 resolve only use A queries
  - schannel: ban server ALPN change during recv renegotiation
  - schannel: don't reset recv/send function pointers on renegotiation
  - schannel: when importing PFX, disable key persistence
  - setopt: use the handler table for protocol name to number conversions
  - setopt: when POST is set, reset the 'upload' field
  - single_transfer: use the libcurl URL parser when appending query parts
  - smb: replace CURL_WIN32 with WIN32
  - tool: avoid generating ambiguous escaped characters in --libcurl
  - tool_main: exit at once if out of file descriptors
  - tool_operate: more transfer cleanup after parallel transfer fail
  - tool_operate: prevent over-queuing in parallel mode
  - tool_paramhelp: asserts verify maximum sizes for string loading
  - tool_xattr: save the original URL, not the final redirected one
  - url: a zero-length userinfo part in the URL is still a (blank) user
  - url: allow non-HTTPS HSTS-matching for debug builds
  - url: rename function due to name-clash in Watt-32
  - url: use IDN decoded names for HSTS checks
  - urlapi: detect scheme better when not guessing
  - urlapi: fix parsing URL without slash with CURLU_URLENCODE
  - urlapi: reject more bad characters from the host name field
  * Remove patch upstream:
  - connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Update connection info when using UNIX socket as endpoint
  connect-fix-Curl_updateconninfo-for-TRNSPRT_UNIX.patch
- Change the deprecated configure option --enable-hidden-symbols
  to the new --enable-symbol-hiding.
- Update to 7.85.0:
  * Security fixes: [bsc#1202593, CVE-2022-35252]
  - control code in cookie denial of service
  * Changes:
  - quic: add support via wolfSSL
  - schannel: Add TLS 1.3 support
  - setopt: add CURLOPT_PROTOCOLS_STR and CURLOPT_REDIR_PROTOCOLS_STR
  * Bugfixes:
  - asyn-thread: fix socket leak on OOM
  - asyn-thread: make getaddrinfo_complete return CURLcode
  - base64: base64url encoding has no padding
  - configure: fix broken m4 syntax in TLS options
  - configure: if asked to use TLS, fail if no TLS lib was detected
  - connect: add quic connection information
  - connect: set socktype/protocol correctly
  - cookie: reject cookies with "/control bytes"/
  - cookie: treat a blank domain in Set-Cookie: as non-existing
  - curl: output warning when a cookie is dropped due to size
  - Curl_close: call Curl_resolver_cancel to avoid memory-leak
  - digest: fix memory leak, fix not quoted 'opaque'
  - digest: fix missing increment of 'nc' value for auth-int
  - digest: pass over leading spaces in qop values
  - digest: reject broken header with session protocol but without qop
  - doh: use https protocol by default
  - easy_lock.h: include sched.h if available to fix build
  - easy_lock.h: use __asm__ instead of asm to fix build
  - easy_lock: switch to using atomic_int instead of bool
  - ftp: use a correct expire ID for timer expiry
  - h2h3: fix overriding the 'TE: Trailers' header
  - hostip: resolve *.localhost to 127.0.0.1/::1
  - HTTP3.md: update to msh3 v0.4.0
  - hyper: use wakers for curl pause/resume
  - lib3026: reduce the number of threads to 100
  - libssh2: make atime/mtime date overflow return error
  - libssh2: provide symlink name in SFTP dir listing
  - multi: have curl_multi_remove_handle close CONNECT_ONLY transfer
  - multi: use larger dns hash table for multi interface
  - multi_wait: fix skipping to populate revents for extra_fds
  - netrc: Use the password from lines without login
  - ngtcp2: Fix build error due to change in nghttp3 prototypes
  - ngtcp2: fix stall or busy loop on STOP_SENDING with upload data
  - ngtcp2: implement cb_h3_stop_sending and cb_h3_reset_stream callbacks
  - openssl: add 'CURL_BORINGSSL_VERSION' to identify BoringSSL
  - openssl: add cert path in error message
  - openssl: add details to "/unable to set client certificate"/ error
  - openssl: fix BoringSSL symbol conflicts with LDAP and Schannel
  - select: do not return fatal error on EINTR from poll()
  - sendf: fix paused header writes since after the header API
  - sendf: skip storing HTTP headers if HTTP disabled
  - url: really use the user provided in the url when netrc entry exists
  - url: reject URLs with hostnames longer than 65535 bytes
  - url: treat missing usernames in netrc as empty
  - urldata: reduce size of several struct fields
  - vtls: make Curl_ssl_backend() return the enum type curl_sslbackend
  * Remove tests-for-32bit.patch fixed in the update
  * Rebase libcurl-ocloexec.patch
- add tests-for-32bit.patch to fix testsuite on 32bit platforms
- Update to 7.84.0:
  * Security fixes:
  - (bsc#1200737, CVE-2022-32208): FTP-KRB bad message verification
  - (bsc#1200736, CVE-2022-32207): Unpreserved file permissions
  - (bsc#1200735, CVE-2022-32206): HTTP compression denial of service
  - (bsc#1200734, CVE-2022-32205): Set-Cookie denial of service
  * Changes:
  - curl: add --rate to set max request rate per time unit
  - curl: deprecate --random-file and --egd-file
  - curl_version_info: add CURL_VERSION_THREADSAFE
  - CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl
  - lib: make curl_global_init() threadsafe when possible
  - libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION
  - opts: deprecate RANDOM_FILE and EGDSOCKET
  - socks: support unix sockets for socks proxy
  * Bugfixes:
  - aws-sigv4: fix potentional NULL pointer arithmetic
  - bindlocal: don't use a random port if port number would wrap
  - c-hyper: mark status line as status for Curl_client_write()
  - ci: avoid `cmake -Hpath`
  - CI: bump FreeBSD 13.0 to 13.1
  - ci: update github actions
  - cmake: add libpsl support
  - cmake: do not add libcurl.rc to the static libcurl library
  - cmake: enable curl.rc for all Windows targets
  - cmake: fix detecting libidn2
  - cmake: support adding a suffix to the OS value
  - configure: skip libidn2 detection when winidn is used
  - configure: use the SED value to invoke sed
  - configure: warn about rustls being experimental
  - content_encoding: return error on too many compression steps
  - cookie: address secure domain overlay
  - cookie: apply limits
  - copyright.pl: parse and use .reuse/dep5 for skips
  - copyright: make repository REUSE compliant
  - curl.1: add a few see also --tls-max
  - curl.1: mention exit code zero too
  - curl: re-enable --no-remote-name
  - curl_easy_pause.3: remove explanation of progress function
  - curl_getdate.3: document that some illegal dates pass through
  - Curl_parsenetrc: don't access local pwbuf outside of scope
  - curl_url_set.3: clarify by default using known schemes only
  - CURLOPT_ALTSVC.3: document the file format
  - CURLOPT_FILETIME.3: fix the protocols this works with
  - CURLOPT_HTTPHEADER.3: improve comment in example
  - CURLOPT_NETRC.3: document the .netrc file format
  - CURLOPT_PORT.3: We discourage using this option
  - CURLOPT_RANGE.3: remove ranged upload advice
  - digest: added detection of more syntax error in server headers
  - digest: tolerate missing "/realm"/
  - digest: unquote realm and nonce before processing
  - DISABLED: disable 1021 for hyper again
  - docs/cmdline-opts: add copyright and license identifier to each file
  - docs/CONTRIBUTE.md: document the 'needs-votes' concept
  - docs: clarify data replacement policy for MIME API
  - doh: remove UNITTEST macro definition
  - examples/crawler.c: use the curl license
  - examples: remove fopen.c and rtsp.c
  - FAQ: Clarify Windows double quote usage
  - fopen: add Curl_fopen() for better overwriting of files
  - ftp: restore protocol state after http proxy CONNECT
  - ftp: when failing to do a secure GSSAPI login, fail hard
  - GHA/hyper: enable debug in the build
  - gssapi: improve handling of errors from gss_display_status
  - gssapi: initialize gss_buffer_desc strings
  - headers api: remove EXPERIMENTAL tag
  - http2: always debug print stream id in decimal with %u
  - http2: reject overly many push-promise headers
  - http: restore header folding behavior
  - hyper: use 'alt-used'
  - krb5: return error properly on decode errors
  - lib: make more protocol specific struct fields #ifdefed
  - libcurl-security.3: add "/Secrets in memory"/
  - libcurl-security.3: document CRLF header injection
  - libssh: skip the fake-close when libssh does the right thing
  - links: update dead links to the curl-wiki
  - log2changes: do not indent empty lines [ci skip]
  - macos9: remove partial support
  - Makefile.am: fix portability issues
  - Makefile.m32: delete obsolete options, improve -On [ci skip]
  - Makefile.m32: delete two obsolete OpenSSL options [ci skip]
  - Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip]
  - max-time.d: clarify max-time sets max transfer time
  - mprintf: ignore clang non-literal format string
  - netrc: check %USERPROFILE% as well on Windows
  - netrc: support quoted strings
  - ngtcp2: allow curl to send larger UDP datagrams
  - ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types
  - ngtcp2: enable Linux GSO
  - ngtcp2: extend QUIC transport parameters buffer
  - ngtcp2: fix alert_read_func return value
  - ngtcp2: fix typo in preprocessor condition
  - ngtcp2: handle error from ngtcp2_conn_submit_crypto_data
  - ngtcp2: send appropriate connection close error code
  - ngtcp2: support boringssl crypto backend
  - ngtcp2: use helper funcs to simplify TLS handshake integration
  - ntlm: provide a fixed fake host name
  - projects: fix third-party SSL library build paths for Visual Studio
  - quic: add Curl_quic_idle
  - quiche: support ca-fallback
  - rand: stop detecting /dev/urandom in cross-builds
  - remote-name.d: mention --output-dir
  - runtests.pl: add the --repeat parameter to the --help output
  - runtests: fix skipping tests not done event-based
  - runtests: skip starting the ssh server if user name is lacking
  - scripts/copyright.pl: fix the exclusion to not ignore man pages
  - sectransp: check for a function defined when __BLOCKS__ is undefined
  - select: return error from "/lethal"/ poll/select errors
  - server/sws: support spaces in the HTTP request path
  - speed-limit/time.d: mention these affect transfers in either direction
  - strcase: some optimisations
  - test 2081: add a valid reply for the second request
  - test 675: add missing CR so the test passes when run through Privoxy
  - test414: add the '--resolve' keyword
  - test681: verify --no-remote-name
  - tests 266, 116 and 1540: add a small write delay
  - tests/data/test1501: kill ftp server after slow LIST response
  - tests/getpart: fix getpartattr to work with "/data"/ and "/data2"/
  - tests/server/sws.c: change the HTTP writedelay unit to milliseconds
  - test{440,441,493,977}: add "/HTTP proxy"/ keywords
  - tool_getparam: fix --parallel-max maximum value constraint
  - tool_operate: make sure --fail-with-body works with --retry
  - transfer: fix potential NULL pointer dereference
  - transfer: maintain --path-as-is after redirects
  - transfer: upload performance; avoid tiny send
  - url: free old conn better on reuse
  - url: remove redundant #ifdefs in allocate_conn()
  - url: URL encode the path when extracted, if spaces were set
  - urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts
  - urlapi: support CURLU_URLENCODE for curl_url_get()
  - urldata: reduce size of a few struct fields
  - urldata: remove three unused booleans from struct UserDefined
  - urldata: store tcp_keepidle and tcp_keepintvl as ints
  - version: allow stricmp() for sorting the feature list
  - vtls: make curl_global_sslset thread-safe
  - wolfssh.h: removed
  - wolfssl: correct the failf() message when a handle can't be made
  - wolfSSL: explicitly use compatibility layer
  - x509asn1: mark msnprintf return as unchecked
- Update to 7.83.1:
  * Security fixes:
  - (bsc#1199225, CVE-2022-30115) HSTS bypass via trailing dot
  - (bsc#1199224, CVE-2022-27782) TLS and SSH connection too eager reuse
  - (bsc#1199223, CVE-2022-27781) CERTINFO never-ending busy-loop
  - (bsc#1199222, CVE-2022-27780) percent-encoded path separator in URL host
  - (bsc#1199221, CVE-2022-27779) cookie for trailing dot TLD
  - (bsc#1199220, CVE-2022-27778) removes wrong file on error
  * Bugfixes:
  - altsvc: fix host name matching for trailing dots
  - cirrus: Update to FreeBSD 12.3
  - cirrus: Use pip for Python packages on FreeBSD
  - conn: fix typo 'connnection' -> 'connection' in two function names
  - cookies: make bad_domain() not consider a trailing dot fine
  - curl: free resource in error path
  - curl: guard against size_t wraparound in no-clobber code
  - CURLOPT_DOH_URL.3: mention the known bug
  - CURLOPT_HSTS*FUNCTION.3: document the involved structs as well
  - CURLOPT_SSH_AUTH_TYPES.3: fix the default
  - data/test376: set a proper name
  - GHA/mbedtls: enabled nghttp2 in the build
  - gha: build msh3
  - gskit: fixed bogus setsockopt calls
  - gskit: remove unused function set_callback
  - hsts: ignore trailing dots when comparing hosts names
  - HTTP-COOKIES: add missing CURLOPT_COOKIESESSION
  - http: move Curl_allow_auth_to_host()
  - http_proxy/hyper: handle closed connections
  - hyper: fix test 357
  - Makefile: fix "/make ca-firefox"/
  - mbedtls: bail out if rng init fails
  - mbedtls: fix compile when h2-enabled
  - mbedtls: fix some error messages
  - misc: use "/autoreconf -fi"/ instead buildconf
  - msh3: get msh3 version from MsH3Version
  - msh3: print boolean value as text representation
  - msh3: psss remote_port to MsH3ConnectionOpen
  - ngtcp2: add ca-fallback support for OpenSSL backend
  - nss: return error if seemingly stuck in a cert loop
  - openssl: define HAVE_SSL_CTX_SET_EC_CURVES for libressl
  - post_per_transfer: remove the updated file name
  - sectransp: bail out if SSLSetPeerDomainName fails
  - tests/server: declare variable 'reqlogfile' static
  - tests: fix markdown formatting in README
  - test{898,974,976}: add 'HTTP proxy' keywords
  - tls: check more TLS details for connection reuse
  - url: check SSH config match on connection reuse
  - urlapi: address (harmless) UndefinedBehavior sanitizer warning
  - urlapi: reject percent-decoding host name into separator bytes
  - x509asn1: make do_pubkey handle EC public keys
- Patches rework:
  * Refreshed all patches as -p1.
  * Use autopatch macro.
  * Renamed:
  - dont-mess-with-rpmoptflags.diff -> dont-mess-with-rpmoptflags.patch
  * Removed (already upstream):
  - curl-fix-verifyhost.patch
- Update to 7.83.0:
  * Security fixes:
  - (bsc#1198766, CVE-2022-27776) Auth/cookie leak on redirect
  - (bsc#1198723, CVE-2022-27775) Bad local IPv6 connection reuse
  - (bsc#1198608, CVE-2022-27774) Credential leak on redirect
  - (bsc#1198614, CVE-2022-22576) OAUTH2 bearer bypass in connection re-use
  * Changes:
  - curl: add %header{name} experimental support in -w handling
  - curl: add %{header_json} experimental support in -w handling
  - curl: add --no-clobber
  - curl: add --remove-on-error
  - header api: add curl_easy_header and curl_easy_nextheader
  - msh3: add support for QUIC and HTTP/3 using msh3
  * Bugfixes:
  - appveyor: add Cygwin build
  - appveyor: only add MSYS2 to PATH where required
  - BearSSL: add CURLOPT_SSL_CIPHER_LIST support
  - BearSSL: add CURLOPT_SSL_CTX_FUNCTION support
  - BINDINGS.md: add Hollywood binding
  - CI: Do not use buildconf. Instead, just use: autoreconf -fi
  - CI: install Python package impacket to run SMB test 1451
  - configure.ac: move -pthread CFLAGS setting back where it used to be
  - configure: bump the copyright year range int the generated output
  - conncache: include the zone id in the "/bundle"/ hashkey
  - connecache: remove duplicate connc->closure_handle check
  - connect: make Curl_getconnectinfo work with conn cache from share handle
  - connect: use TCP_KEEPALIVE only if TCP_KEEPIDLE is not defined
  - cookie.d: clarify when cookies are sent
  - cookies: improve errorhandling for reading cookiefile
  - curl/system.h: update ifdef condition for MCST-LCC compiler
  - curl: error out if -T and -d are used for the same URL
  - curl: error out when options need features not present in libcurl
  - curl: escape '?' in generated --libcurl code
  - curl: fix segmentation fault for empty output file names.
  - curl_easy_header: fix typos in documentation
  - CURLINFO_PRIMARY_PORT.3: clarify which port this is
  - CURLOPT*TLSAUTH.3: they only work with OpenSSL or GnuTLS
  - CURLOPT_DISALLOW_USERNAME_IN_URL.3: use uppercase URL
  - CURLOPT_PREQUOTE.3: only works for FTP file transfers, not dirs
  - CURLOPT_PROGRESSFUNCTION.3: fix typo in example
  - CURLOPT_UNRESTRICTED_AUTH.3: extended explanation
  - CURLSHOPT_UNLOCKFUNC.3: fix the callback prototype
  - docs/HYPER.md: updated to reflect current hyper build needs
  - docs/opts: Mention Schannel client cert type is P12
  - docs: Fix missing semicolon in example code
  - docs: lots of minor language polish
  - English: use American spelling consistently
  - fail.d: tweak the description
  - firefox-db2pem.sh: make the shell script safer
  - ftp: fix error message for partial file upload
  - gen.pl: change wording for mutexed options
  - GHA: add openssl3 jobs moved over from zuul
  - GHA: build hyper with nightly rustc
  - GHA: move bearssl jobs over from zuul
  - gha: move the event-based test over from Zuul
  - gtls: fix build for disabled TLS-SRP
  - http2: handle DONE called for the paused stream
  - http2: RST the stream if we stop it on our own will
  - http: avoid auth/cookie on redirects same host diff port
  - http: close the stream (not connection) on time condition abort
  - http: reject header contents with nul bytes
  - http: return error on colon-less HTTP headers
  - http: streamclose "/already downloaded"/
  - hyper: fix status_line() return code
  - hyper: fix tests 580 and 581 for hyper
  - hyper: no h2c support
  - infof: consistent capitalization of warning messages
  - ipv4/6.d: clarify that they are about using IP addresses
  - json.d: fix typo (overriden -> overridden)
  - keepalive-time.d: It takes many probes to detect brokenness
  - lib/warnless.[ch]: only check for WIN32 and ignore _WIN32
  - lib670: avoid double check result
  - lib: #ifdef on USE_HTTP2 better
  - lib: fix some misuse of curlx_convert_wchar_to_UTF8
  - lib: remove exclamation marks
  - libssh2: compare sha256 strings case sensitively
  - libssh2: make the md5 comparison fail if wrong length
  - libssh: fix build with old libssh versions
  - libssh: fix double close
  - libssh: Improve fix for missing SSH_S_ stat macros
  - libssh: unstick SFTP transfers when done event-based
  - macos: set .plist version in autoconf
  - mbedtls: remove 'protocols' array from backend when ALPN is not used
  - mbedtls: remove server_fd from backend
  - mk-ca-bundle.pl: Use stricter logic to process the certificates
  - mk-ca-bundle.vbs: delete this script in favor of mk-ca-bundle.pl
  - mlc_config.json: add file to ignore known troublesome URLs
  - mqtt: better handling of TCP disconnect mid-message
  - ngtcp2: add client certificate authentication for OpenSSL
  - ngtcp2: avoid busy loop in low CWND situation
  - ngtcp2: deal with sub-millisecond timeout
  - ngtcp2: disconnect the QUIC connection proper
  - ngtcp2: enlarge H3_SEND_SIZE
  - ngtcp2: fix HTTP/3 upload stall and avoid busy loop
  - ngtcp2: fix memory leak
  - ngtcp2: fix QUIC_IDLE_TIMEOUT
  - ngtcp2: make curl 1ms faster
  - ngtcp2: remove remote_addr which is not used in a meaningful way
  - ngtcp2: update to work after recent ngtcp2 updates
  - ngtcp2: use token when detecting :status header field
  - nonblock: restore setsockopt method to curlx_nonblock
  - openssl: check SSL_get_peer_cert_chain return value
  - openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
  - openssl: fix CN check error code
  - options: remove mistaken space before paren in prototype
  - perl: removed a double semicolon at end of line
  - pop3/smtp: return *WEIRD_SERVER_REPLY when not understood
  - projects/README: converted to markdown
  - projects: Update VC version names for VS2017, VS2022
  - rtsp: don't let CSeq error override earlier errors
  - runtests: add 'bearssl' as testable feature
  - runtests: make 'oldlibssh' be before 0.9.4
  - schannel: remove dead code that will never run
  - scripts/copyright.pl: ignore the new mlc_config.json file
  - scripts: move three scripts from lib/ to scripts/
  - test1135: sync with recent API updates
  - test1459: disable for oldlibssh
  - test375: fix line endings on Windows
  - test386: Fix an incorrect test markup tag
  - test718: edited slightly to return better HTTP
  - tests/server/util.h: align WIN32 condition with util.c
  - tests: refactor server/socksd.c to support --unix-socket
  - timediff.[ch]: add curlx helper functions for timeval conversions
  - tls: make mbedtls and NSS check for h2, not nghttp2
  - tool and tests: force flush of all buffers at end of program
  - tool_cb_hdr: Turn the Location: into a terminal hyperlink
  - tool_getparam: error out on missing -K file
  - tool_listhelp.c: uppercase URL
  - tool_operate: fix a scan-build warning
  - tool_paramhlp: use feof(3) to identify EOF correctly when using fread(3)
  - transfer: redirects to other protocols or ports clear auth
  - unit1620: call global_init before calling Curl_open
  - url: check sasl additional parameters for connection reuse.
  - vtls: provide a unified APLN-disagree string for all backends
  - vtls: use a backend standard message for "/ALPN: offers %s"/
  - vtls: use a generic "/ALPN, server accepted"/ message
  - winbuild/README.md: fixup dead link
  - winbuild: Add a Visual Studio example to the README
  - wolfssl: fix compiler error without IPv6
- Fix: openssl: fix CN check error code
  * Add curl-fix-verifyhost.patch
- Update to 7.82.0:
  * curl: add --json command line option
  * curl: make it so that sensitive command line arguments do not
    show as easily in the output of ps(1)
  * curl_multi_socket.3: remove callback and typical usage descriptions
  * ftp: provide error message for control bytes in path
  * ldap: return CURLE_URL_MALFORMAT for bad URL
  * lib: remove support for CURL_DOES_CONVERSIONS
  * mqtt: plug some memory leaks
  * multi: allow user callbacks to call curl_multi_assign
  * multi: remember connection_id before returning connection to pool
  * multi: set in_callback for multi interface callbacks
  * netware: remove support
  * ngtcp2: adapt to changed end of headers callback proto
  * openldap: implement SASL authentication
  * openssl: return error if TLS 1.3 is requested when not supported
  * sectransp: mark a 3DES cipher as weak
  * smb: pass socket for writing and reading data instead of FIRSTSOCKET
  * tool_getparam: DNS options that need c-ares now fail without it
  * TPF: drop support
  * url: given a user in the URL, find pwd for that user in netrc
  * url: keep trailing dot in host name
  * urlapi: handle "/redirects"/ smarter
  * urldata: CONN_IS_PROXIED replaces bits.proxy when proxy can be disabled
  * urldata: remove conn->bits.user_passwd
- update to 7.81.0:
  * mime: use percent-escaping for multipart form field and file names
  * asyn-ares: ares_getaddrinfo needs no happy eyeballs timer
  * azure: make the "/w/o HTTP/SMTP/IMAP"/ build disable SSL proper
  * BINDINGS: add cURL client for PostgreSQL
  * BINDINGS: add one from Everything curl and update a link
  * checksrc: detect more kinds of NULL comparisons we avoid
  * CI: build examples for additional code verification
  * CI: bump job to use mbedtls 3.1.0
  * cmake: don't set _USRDLL on a static Windows build
  * cmake: prevent dev warning due to mismatched arg
  * cmake: private identifiers use CURL_ instead of CMAKE_ prefix
  * config.d: update documentation to match the path search
  * configure: add -lm to configure for rustls build.
  * configure: better diagnostics if hyper is built wrong
  * configure: don't enable TLS when --without-* flags are used
  * configure: fix runtime-lib detection on macOS
  * curl.1: require "/see also"/ for every documented option
  * curl: improve error message for --head with -J
  * curl_easy_cleanup.3: remove from multi handle first
  * curl_easy_escape.3: call curl_easy_cleanup in example
  * curl_easy_unescape.3: call curl_easy_cleanup in example
  * curl_multi_init.3: fix EXAMPLE formatting
  * curl_multi_perform/socket_action.3: clarify what errors mean
  * curl_share_setopt.3: split out options into their own manpages
  * CURLOPT_STDERR.3: does not work with libcurl as a win32 DLL
  * digest: compute user:realm:pass digest w/o userhash
  * docs/checksrc: Add documentation for STRERROR
  * docs/cmdline-opts: do not say "/protocols: all"/
  * docs/examples: workaround broken -Wno-pedantic-ms-format
  * docs/HTTP3: describe how to setup a h3 reverse-proxy for testing
  * docs/INSTALL.md: typo fix : added missing "/get"/ verb
  * docs/URL-SYNTAX.md: space is not fine in a given URL
  * docs: add known bugs list to HTTP3.md
  * docs: address proselint nits
  * docs: consistent manpage SYNOPSIS
  * docs: fix dead links, remove ECH.md
  * docs: fix typo in OpenSSL 3 build instructions
  * docs: Update the Reducing Size section
  * example/progressfunc: remove code for old libcurls
  * examples/multi-single.c: remove WAITMS()
  * FAQ: typo fix : "/yout"/ ➤ "/your"/
  * ftp: disable warning 4706 in MSVC
  * gen.pl: improve example output format
  * github workflow: add wolfssl (removed from zuul)
  * github/workflows: add mbedtls and mbedtls-clang (removed from zuul)
  * gtls: check return code for gnutls_alpn_set_protocols
  * hash: lazy-alloc the table in Curl_hash_add()
  * http2:set_transfer_url() return early on OOM
  * HTTP3: update quiche build instructions
  * http: enable haproxy support for hyper backend
  * http: Fix CURLOPT_HTTP200ALIASES
  * http_proxy: don't close the socket (too early)
  * insecure.d: detail its use for SFTP and SCP as well
  * insecure.d: expand and clarify
  * libcurl-multi.3: "/SOCKS proxy handshakes"/ are not blocking
  * libcurl-security.3: mention address and URL mitigations
  * libssh2: fix error message for sha256 mismatch
  * libtest: avoid "/assignment within conditional expression"/
  * lift: ignore is a deprecated config option, use ignoreRules
  * linkcheck.yml: add CI job that checks markdown links
  * m4/curl-compilers: tell clang -Wno-pointer-bool-conversion
  * Makefile.m32: rename -winssl option to -schannel and tidy up
  * mbedTLS: add support for CURLOPT_CAINFO_BLOB
  * mbedtls: fix CURLOPT_SSLCERT_BLOB
  * mbedtls: fix private member designations for v3.1.0
  * misc: remove unused doh flags when CURL_DISABLE_DOH is defined
  * misc: s/e-mail/email
  * multi: cleanup the socket hash when destroying it
  * multi: handle errors returned from socket/timer callbacks
  * multi: shut down CONNECT in Curl_detach_connnection
  * netrc.d: edit the .netrc example to look nicer
  * ngtcp2: verify the server cert on connect (quictls)
  * ngtcp2: verify the server certificate for the gnutls case
  * nss:set_cipher don't clobber the cipher list
  * openldap: implement STARTTLS
  * openldap: process search query response messages one by one
  * openldap: several minor improvements
  * openldap: simplify ldif generation code
  * openssl: check the return value of BIO_new()
  * openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+
  * openssl: remove `RSA_METHOD_FLAG_NO_CHECK` handling if unavailable
  * openssl: remove usage of deprecated `SSL_get_peer_certificate`
  * openssl: use non-deprecated API to read key parameters
  * page-footer: add a mention of how to report bugs to the man page
  * page-footer: document more environment variables
  * request.d: refer to 'method' rather than 'command'
  * retry-all-errors.d: make the example complete
  * runtests: make the SSH library a testable feature
  * rustls: read of zero bytes might be okay
  * rustls: remove comment about checking handshaking
  * rustls: remove incorrect EOF check
  * sha256/md5: return errors when init fails
  * socks5: use appropriate ATYP for numerical IP address host names
  * test1156: enable for hyper
  * test1156: fixup the stdout check for Windows
  * test1525: tweaked for hyper
  * test1526: enable for hyper
  * test1527: enable for hyper
  * test1528: enable for hyper
  * test1554: adjust for hyper
  * test1556: adjust for hyper
  * test302[12]: run only with the libssh2 backend
  * test661: enable for hyper
  * tests/CI.md: add more information on CI environments
  * tests/data/test302[12]: fix MSYS2 path conversion of hostpubsha256
  * tftp: mark protocol as not possible to do over CONNECT
  * tool_findfile: updated search for a file in the homedir
  * tool_operate: only set SSH related libcurl options for SSH URLs
  * tool_operate: warn if too many output arguments were found
  * url.c: fix the SIGPIPE comment for Curl_close
  * url: check ssl_config when re-use proxy connection
  * url: reduce ssl backend count for CURL_DISABLE_PROXY builds
  * urlapi: accept port number zero
  * urlapi: if possible, shorten given numerical IPv6 addresses
  * urlapi: provide more detailed return codes
  * urlapi: reject short file URLs
  * version_win32: Check build number and platform id
  * vtls/rustls: adapt to the updated rustls_version proto
  * writeout: fix %{http_version} for HTTP/3
  * x509asn1: return early on errors
  * zuul.d: update rustls-ffi to version 0.8.2
  * zuul: fix quiche build pointing to wrong Cargo
- Update to 7.80.0:
  * Changes:
  - CURLOPT_MAXLIFETIME_CONN: maximum allowed lifetime for conn reuse
  - CURLOPT_PREREQFUNCTION: add new callback
  - libssh2: add SHA256 fingerprint support
  - urlapi: add curl_url_strerror()
  * Bugfixes:
  - aws-sigv4: make signature work when post data is binary
  - c-hyper: don't abort CONNECT responses early when auth-in-progress
  - c-hyper: make CURLOPT_SUPPRESS_CONNECT_HEADERS work
  - cmake: add CURL_ENABLE_SSL option
  - cmake: with OpenSSL, define OPENSSL_SUPPRESS_DEPRECATED
  - configure.ac: replace krb5-config with pkg-config
  - configure: when hyper is selected, deselect nghttp2
  - curl-confopts.m4: remove --enable/disable-hidden-symbols
  - curl-openssl.m4: modify library order for openssl linking
  - curl_ntlm_core: use OpenSSL only if DES is available
  - Curl_updateconninfo: store addresses for QUIC connections too
  - ftp: make the MKD retry to retry once per directory
  - http: fix Basic auth with empty name field in URL
  - http: reject HTTP response codes < 100
  - http: remove assert that breaks hyper
  - http: set content length earlier
  - imap: display quota information
  - libssh2: Get the version at runtime if possible
  - md5: fix compilation with OpenSSL 3.0 API
  - ngtcp2: advertise h3 as well as h3-29
  - ngtcp2: compile with the latest nghttp3
  - ngtcp2: use latest QUIC TLS RFC9001
  - NTLM: use DES_set_key_unchecked with OpenSSL
  - openssl: if verifypeer is not requested, skip the CA loading
  - openssl: with OpenSSL 1.1.0+ a failed RAND_status means goaway
  - schannel: fix memory leak due to failed SSL connection
  - sendf: accept zero-length data in Curl_client_write()
  - sha256: use high-level EVP interface for OpenSSL
  - sws: fix memory leak on exit
  - tool_operate: a failed etag save now only fails that transfer
  - url: check the return value of curl_url()
  - url: set "/k->size"/ -1 at start of request
  - urlapi: skip a strlen(), pass in zero
  - urlapi: URL decode percent-encoded host names
  - vtls: Fix a memory leak if an SSL session cannot be added to the cache
  - wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
  * Use --with-openssl configure option, --with-ssl is now deprecated
dmidecode
- use-read_file-to-read-from-dump.patch: Fix an old harmless bug
  which would prevent root from using the --from-dump option since
  the latest security fixes (bsc#1210418).
Security fixes (CVE-2023-30630)
- dmidecode-split-table-fetching-from-decoding.patch: dmidecode:
  Clean up function dmi_table so that it does only one thing
  (bsc#1210418).
- dmidecode-write-the-whole-dump-file-at-once.patch: When option
  - -dump-bin is used, write the whole dump file at once, instead of
  opening and closing the file separately for the table and then
  for the entry point (bsc#1210418).
- dmidecode-do-not-let-dump-bin-overwrite-an-existing-file.patch:
  Make sure that the file passed to option --dump-bin does not
  already exist (bsc#1210418).
- ensure-dev-mem-is-a-character-device-file.patch: Add a safety
  check on the type of the mem device file we are asked to read
  from, if we are root (bsc#1210418).
  3 recommended fixes from upstream:
- dmioem-typo-fix-virutal-virtual.patch: Simple typo fix in a
  user-visible string.
- dmidecode-fortify-entry-point-length-checks.patch: Ensure that
  the SMBIOS entry point is long enough to include all the fields
  we need.
- dmioem-hpe-oem-record-237-firmware-change.patch: Properly decode
  the last field of HPE OEM record type 237.
docker
- update to 20.10.23-ce.
  * see upstream changelog at https://docs.docker.com/engine/release-notes/#201023
- drop kubic flavor as kubic is EOL. this removes:
  kubelet.env docker-kubic-service.conf 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
- Update to Docker 20.10.21-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/#201021>. bsc#1206065
  bsc#1205375 CVE-2022-36109
- Rebase patches:
  * 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0003-PRIVATE-REGISTRY-add-private-registry-mirror-support.patch
  * 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0005-bsc1183855-btrfs-Do-not-disable-quota-on-cleanup.patch
  * 0006-bsc1193930-vendor-update-golang.org-x-crypto.patch
  * 0007-bsc1200022-fifo.Close-prevent-possible-panic-if-fifo.patch
- The PRIVATE-REGISTRY patch will now output a warning if it is being used (in
  preparation for removing the feature). This feature was never meant to be
  used by users directly (and is only available in the -kubic/CaaSP version of
  the package anyway) and thus should not affect any users.
- Fix wrong After: in docker.service, fixes bsc#1188447
- Add apparmor-parser as a Recommends to make sure that most users will end up
  with it installed even if they are primarily running SELinux.
- Fix syntax of boolean dependency
- Allow to install container-selinux instead of apparmor-parser.
- Change to using systemd-sysusers
dracut
- Update to version 055+suse.335.gccf7fbc6:
  * feat(lvm): always include all drivers that LVM can use (bsc#1206195)
  * fix(dracut.spec): require libopenssl1_1-hmac for dracut-fips (bsc#1206439)
drbd-utils
- bsc#1208922: fails to replace directory /lib/drbd with symlink
  * modify drbd-utils.spec to manipulate the symlink in %postun and %posttrans script
- bsc#1208922: fails to replace directory /lib/drbd with symlink
  * modify drbd-utils.spec to rename it in pretrans script
- drbd.service fails to load - incorrect path to executable (bsc#1206754)
  * use %suse_version to replace %UsrMerge
  * modify drbd-utils.spec for create symbolic folder "//lib/drbd"/
firewalld
- Fix firewall-offline-cmd fails with ERROR: Calling pre func
  Added following patch (bsc#1206928)
  [+ 0003-firewall-offline-cmd-fail-fix.patch]
glib2
- Update glib2-fix-normal-form-handling-in-gvariant.patch:
  Backported from upstream to fix regression on s390x.
  (bsc#1210135, glgo#GNOME/glib!2978)
- Add glib2-fix-normal-form-handling-in-gvariant.patch: Backported
  from upstream to fix normal form handling in GVariant.
  (CVE-2023-24593, CVE-2023-25180, bsc#1209714, bsc#1209713,
  glgo#GNOME/glib!3125)
glibc
- amd-cacheinfo.patch: x86: Cache computation for AMD architecture
  (bsc#1207957)
- gmon-hash-table-size.patch: gmon: Fix allocated buffer overflow
  (CVE-2023-0687, bsc#1207975, BZ #29444)
- strncmp-avx2-boundary.patch: Fix avx2 strncmp offset compare condition
  check (bsc#1208358, BZ #25933)
- dlopen-filter-object.patch: elf: Allow dlopen of filter object to work
  (bsc#1207571, BZ #16272)
- powerpc-tst-ucontext.patch: powerpc: Fix unrecognized instruction errors
  with recent GCC
gnutls
- FIPS: PBKDF2 additional requirements [bsc#1209001]
  * Set the minimum output key length to 112 bits (FIPS 140-3 IG D.N)
  * Set the minimum salt length to 128 bits (SP 800-132 sec. 5.1)
  * Set the minimum iterations count to 1000 (SP 800-132 sec 5.2)
  * Set the minimum passlen of 20 characters (SP SP800-132 sec 5)
  * Add regression tests for the new PBKDF2 requirements.
  * Add gnutls-FIPS-pbkdf2-additional-requirements.patch
- libgnutls: Increase the limit of TLS PSK usernames from 128 to
  65535 characters. [bsc#1208237, jsc#PED-1562]
  * Upstream: https://gitlab.com/gnutls/gnutls/commit/f032324a
  * Add gnutls-increase-TLS-PSK-username-limit.patch
- FIPS: Fix pct_test() return code in case of error [bsc#1207183]
  * Rebase with the upstream version: gnutls-FIPS-PCT-DH.patch
- FIPS: Make the jitterentropy calls thread-safe [bsc#1208146]
  * Add gnutls-FIPS-jitterentropy-threadsafe.patch
- FIPS: GnuTLS DH/ECDH PCT public key regeneration [bsc#1207183]
  * Rebase patches with the version submitted upstream.
  * Avoid copying the key material: gnutls-FIPS-PCT-DH.patch
  * Improve logic around memory release: gnutls-FIPS-PCT-ECDH.patch
- Security Fix: [bsc#1208143, CVE-2023-0361]
  * Bleichenbacher oracle in TLS RSA key exchange
  * Add gnutls-CVE-2023-0361.patch
grub2
- Fix unknown filesystem error on disks with 4096 sector size (bsc#1207064)
  (bsc#1209234)
  * 0001-grub-core-modify-sector-by-sysfs-as-disk-sector.patch
- Fix installation over serial console ends up in infinite boot loop
  (bsc#1187810) (bsc#1209667) (bsc#1209372)
  * 0001-Fix-infinite-boot-loop-on-headless-system-in-qemu.patch
- Fix aarch64 kiwi image's file not found due to '/@' prepended to path in
  btrfs filesystem. (bsc#1209165)
  * grub2-btrfs-05-grub2-mkconfig.patch
- Make grub more robust against storage race condition causing system boot
  failures (bsc#1189036)
  * 0001-ieee1275-ofdisk-retry-on-open-and-read-failure.patch
- Make grub.cfg invariant to efi and legacy platforms (bsc#1205200)
- Removed patch linuxefi
  * grub2-secureboot-provide-linuxefi-config.patch
  * grub2-secureboot-use-linuxefi-on-uefi-in-os-prober.patch
  * grub2-secureboot-use-linuxefi-on-uefi.patch
- Rediff
  * grub2-btrfs-05-grub2-mkconfig.patch
  * grub2-efi-xen-cmdline.patch
  * grub2-s390x-05-grub2-mkconfig.patch
  * grub2-suse-remove-linux-root-param.patch
- Move unsupported zfs modules into 'extras' packages
  (bsc#1205554) (PED-2947)
harfbuzz
- Add CVE-2023-25193.patch: limit how far we skip when looking
  back (bsc#1207922 CVE-2023-25193).
haveged
- Synchronize haveged instances during switching root (bsc#1203079)
  * Add haveged-switch-root.patch
hawk2
- Update sass-ansible dependency in the hawk2.spec:
  * Unable to activate sass-rails-5.1.0 (bsc#1208533)
issue-generator
- Update to version 1.13
  - SELinux: Do not call agetty --reload [bsc#1186178]
- Update to version 1.12
  - Update manual page
  - Use python3 instead of python 2.x
- Update to version 1.11
  - Don't display issue.d/*.issue files, agetty will do that [bsc#1177891]
  - Ignore /run/issue.d in issue-generator.path, else issue-generator will
    be called too fast too often [bsc#1177865]
  - Ignore *.bak, *~ and *.rpm* files [bsc#1118862]
- Handle the .path unit in scriptlets as well
- Update to version 1.10
  - Display wlan interfaces [bsc#1169070]
- Update to version 1.9
  - Fix path for systemd files
- Update to version 1.8
  - Handle network interface renames
jitterentropy
- jitterentropy-with-debug.patch: build with debuginfo (bsc#1207789)
kdump
- run kdump.service only after kdump-early.service (bsc#1196335)
- don't skip infiniband interfaces (bsc#1186745)
  (not a complete fix, requires a patch in dracut as well)
kernel-default
- mm: take a page reference when removing device exclusive entries
  (bsc#1211025).
- commit fd0cc4f
- Update
  patches.suse/perf-Fix-check-before-add_event_to_groups-in-perf_group_detach.patch
  (git fixes, bsc#1210986, CVE-2023-2235).
- commit c5399e7
- blacklist.conf: Exclude unrelated kconfig patch
- commit 2595126
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- commit f115e36
- locking/rwbase: Mitigate indefinite writer starvation.
  Move out of sorted as the patch has moved within the tip tree.
- commit 0ba915d
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe
  (git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused
  (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current
  time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program
  prototype (git-fixes).
- commit 4f6ef5f
- power: supply: generic-adc-battery: fix unit scaling
  (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if'
  match (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src
  to reparent (git-fixes).
- clk: add missing of_node_put() in "/assigned-clocks"/ property
  parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in
  davinci_timer_register when init fails (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product
  (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
  (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var
  (git-fixes).
- selftests/kselftest/runner/run_one(): allow running
  non-executable files (git-fixes).
- commit fc18250
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFSD: callback request does not use correct credential for
  AUTH_SYS (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- nfsd: call op_release, even when op_func returns an error
  (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL
  (git-fixes).
- commit aa8b700
- KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992
  CVE-2022-2196).
- commit 2cab1a4
- nvme: send Identify with CNS 06h only to I/O controllers
  (bsc#1209693).
- commit fe51de7
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup()
  (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting()
  (bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches
  (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation
  logic (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in
  unrecoverable state (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with
  no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before
  completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if
  aborted (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when
  unloading driver (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their
  list removal (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer
  overflow (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks
  (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to
  fc_host_fpin_rcv() (bsc#1210943).
- commit 7354766
- ACPI: CPPC: Disable FIE if registers in PCC regions
  (bsc#1210953).
- cpufreq: CPPC: Fix build error without
  CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- commit 5d50d5f
- keys: Fix linking a duplicate key to a keyring's assoc_array
  (bsc#1207088).
- commit 52b6749
- virtio_ring: don't update event idx on get_buf (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe
  (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property
  (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF
  (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- driver core: Don't require dynamic_debug for initcall_debug
  probe timing (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start
  (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  rtw_scan_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in
  _rtw_join_timeout_handler() (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended
  size (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH
  (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in
  renesas_usb3_remove due to race condition (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event
  (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling
  (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on
  error path (git-fixes).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add send_retries increment (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations
  (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Don't skip cleanup in remove's error path (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location
  (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config
  (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match
  (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and
  device_lock (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery
  (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device
  (git-fixes).
- commit 30ae662
- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
  The target code is only for testing and there are no external users.
- commit a8c10fa
- blacklist.conf: add nvme git-fixes
- commit be17720
- Update
  patches.suse/net-mlx5-DR-Fix-NULL-vs-IS_ERR-checking-in-dr_domain.patch
  (jsc#SLE-19253 bsc#1208845 CVE-2023-23006).
  Added CVE reference.
- commit 53f1f7b
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- commit da2e21e
- ext4: use ext4_journal_start/stop for fast commit transactions
  (bsc#1210793).
  Refresh patches.suse/ext4-fast-commit-may-not-fallback-for-ineligible-com.patch
  patches.suse/ext4-fix-fallocate-to-use-file_modified-to-update-pe.patch
  patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
- commit b470a11
- nvme-fcloop: fix "/inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W}
  usage"/ (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller
  (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling
  (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- commit da5f4d4
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE
  (bsc#1210816).
- signal: Don't always set SA_IMMUTABLE for forced signals
  (bsc#1210816).
- commit 1d55fab
- bluetooth: Perform careful capability checks in hci_sock_ioctl()
  (git-fixes).
- Revert "/Bluetooth: btsdio: fix use after free bug in
  btsdio_remove due to unfinished work"/ (git-fixes).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: add missing locking to protect against concurrent
  rx/status calls (git-fixes).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work
  (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective
  (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error
  (git-fixes).
- wifi: iwlwifi: mvm: don't set CHECKSUM_COMPLETE for unsupported
  protocols (git-fixes).
- wifi: iwlwifi: trans: don't trigger d3 interrupt twice
  (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table
  (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init
  and napi_enable (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in
  rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath5k: fix an off by one check in
  ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs
  (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from
  rtw_pwr_seq_parser() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older
  firmware (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode
  (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure
  (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks
  (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE
  (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2
  (git-fixes).
- commit ce41906
- nvmet: force reconnect when number of queue changes (git-fixes).
- commit 4fecb2d
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec
  (bsc#1194869).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- amdgpu: disable powerpc support for the newer display engine
  (bsc#1194869).
- Refresh patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch
- commit a05fdb3
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on
  a HP platform (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle
  and lock (git-fixes).
- commit 94a71e8
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support
  for HP Laptops (git-fixes).
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-2ae147d643d3.patch.
- Refresh
  patches.suse/ALSA-hda-realtek-fix-mute-micmute-LEDs-for-a-HP-ProB-9fdc1605c504.patch.
- commit d95e43b
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- commit fa425c8
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvmet: don't defer passthrough commands with trivial effects
  to the workqueue (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvme initialize core quirks before calling nvme_init_subsystem
  (git-fixes).
- nvme: fix SRCU protection of nvme_ns_head list (git-fixes).
  Refresh:
  - patches.suse/nvme-multipath-skip-not-ready-namespaces-when-revalidating.patch
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a
  controller under memory pressure (git-fixes).
- nvmet: fix invalid memory reference in
  nvmet_subsys_attr_qid_max_show (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init
  (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA
  access (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion
  (git-fixes).
- nvmet: add helpers to set the result field for connect commands
  (git-fixes).
- nvmet-auth: don't try to cancel a non-initialized work_struct
  (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme
  devices (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time
  out (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again
  (git-fixes).
- nvme-auth: uninitialized variable in nvme_auth_transform_key()
  (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace
  (git-fixes).
- nvme: use command_id instead of req->tag in
  trace_nvme_complete_rq() (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation
  (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: set dma alignment to dword (git-fixes).
- nvme: fix the read-only state for zoned namespaces with
  unsupposed features (git-fixes).
- nvmet: revert "/nvmet: make discovery NQN configurable"/
  (git-fixes).
  Refresh:
  - patches.suse/nvmet-expose-max-queues-to-configfs.patch
- nvmet: use IOCB_NOWAIT only if the filesystem supports it
  (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvmet: looks at the passthrough controller when initializing
  CAP (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- commit 11db83e
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- commit 8544568
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y
  YM-2151E (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring
  polarity (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is
  read-write (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error
  (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error
  (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for
  data (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two
  (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies
  (git-fixes).
- regulator: core: Consistently set mutex_owner when using
  ww_mutex_lock_slow() (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on
  by time since booted (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due
  to race condition (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to
  race condition (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove
  (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder()
  (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe
  (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow
  (git-fixes).
- commit 28cddd0
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy
  (git-fixes).
- commit 0730fed
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active
  to release shared resources (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment
  (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994
  (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot
  (git-fixes).
- commit f201efd
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe()
  (git-fixes).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to
  silence known override-init warnings (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and
  adv7535 (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one
  (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- commit df8d449
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address
  from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from
  PMI8994 regulator (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply
  (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range
  (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name
  (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property
  (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite
  (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP
  table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP
  table (git-fixes).
- commit 94ce2fb
- nvme: copy firmware_rev on each init (git-fixes).
- commit e5addae
- Update References
  patches.suse/xirc2ps_cs-Fix-use-after-free-bug-in-xirc2ps_detach.patch
  (git-fixes, bsc#1209871, CVE-2023-1670).
- commit fad389c
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in
  cpuset_cancel_attach() (bsc#1210827).
- commit cd76825
- blacklist.conf:
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- commit 5eafca7
- blacklist.conf: Add adb8213014b2 mm: memcg: fix stale protection of reclaim target memcg
- commit 3fa74a9
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- commit c871759
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get
  changed (bsc#1210816).
- commit f20434b
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature
  (git-fixes).
- selinux: ensure av_permissions.h is built when needed
  (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- commit 0854c0e
- powerpc/papr_scm: Update the NUMA distance table for the
  target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- powerpc/pseries: Consolidate different NUMA distance update
  code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509
  FATE#327775 git-fixes).
- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
- commit 7bab4e8
- Update tags
  patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch.
- commit 90e3245
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- commit d6c6801
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
  (bsc#1206649).
- commit 4e476eb
- udf: Support splicing to file (bsc#1210770).
- commit d2cfd5b
- writeback, cgroup: fix null-ptr-deref write in
  bdi_split_work_to_wbs (bsc#1210769).
- commit 036cbcd
- mm/filemap: fix page end in filemap_get_read_batch
  (bsc#1210768).
- commit 48f3bbb
- ext4: fix another off-by-one fsmap error on 1k block filesystems
  (bsc#1210767).
- commit 9bc20af
- ext4: fix RENAME_WHITEOUT handling for inline directories
  (bsc#1210766).
- commit 1ad1269
- ext4: fix cgroup writeback accounting with fs-layer encryption
  (bsc#1210765).
- commit 480dd33
- ext4: fix incorrect options show of original mount_opt and
  extend mount_opt2 (bsc#1210764).
- commit ec7e31c
- ext4: fix possible double unlock when moving a directory
  (bsc#1210763).
- commit 88434ef
- ext4: Fix deadlock during directory rename (bsc#1210763).
- commit 71130aa
- ext4: Fix possible corruption when moving a directory
  (bsc#1210763).
- commit 5d35ccf
- blacklist.conf: Blacklist 118901ad1f25
- commit 4dd3cc9
- ext4: fix corruption when online resizing a 1K bigalloc fs
  (bsc#1206891).
- commit aebc870
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- commit 57823aa
- Drivers: vmbus: Check for channel allocation before looking
  up relids (git-fixes).
- commit ab07682
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- commit 34b9f7a
- iio: light: tsl2772: fix reading proximity-diodes from device
  tree (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in
  at91_adc_allocate_trigger() (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260
  (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- commit fa0048a
- Update
  patches.suse/NFSD-fix-problems-with-cleanup-on-errors-in-nfsd4_co.patch
  (git-fixes bsc#1210725).
- commit aab0dd8
- e1000e: Disable TSO on i219-LM card to increase speed
  (git-fixes).
- clk: sprd: set max_register according to mapping range
  (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in
  l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread
  (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X
  state in D3hot (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl
  (git-fixes).
- power: supply: cros_usbpd: reclassify "/default case!"/ as debug
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book
  X90F (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk
  (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L
  (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message
  (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call
  (git-fixes).
- commit ba21d6e
- regulator: fan53555: Explicitly include bits header (git-fixes).
- commit 9852306
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler
  functional and performance backports)).
- sched_getaffinity: don't assume 'cpumask_size()' is fully
  initialized (bsc#1155798 (CPU scheduler functional and
  performance backports)).
- sched/fair: Move calculate of avg_load to a better location
  (bsc#1155798 (CPU scheduler functional and performance
  backports)).
- commit 1c631df
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled
  (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk
  (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- commit c742154
- x86/entry: Avoid very early RET (git-fixes).
- commit 7f33ce2
- RDMA/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- commit a844601
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- commit f5a41ba
- x86/entry: Don't call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro
  (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
  (git-fixes).
- x86/entry: Switch the stack after error_entry() returns
  (git-fixes).
- Refresh patches.suse/objtool-Add-entry-UNRET-validation.patch.
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank()
  fails (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests
  (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume
  (git-fixes).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32
  (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- Refresh
  patches.suse/0010-KVM-x86-speculation-Disable-Fill-buffer-clear-within.patch.
- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
- stat: fix inconsistency between struct stat and struct
  compat_stat (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- commit fc2d705
- blacklist.conf: add some x86 git-fixes
- commit 67b8a58
- memstick: fix memory leak if card device is never registered
  (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25
  (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the
  PHY node (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node
  (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range
  (git-fixes).
- commit e50472a
- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386
  bsc#1209615).
- commit c351e67
- supported.conf: support u_ether and libcomposite
  (jsc-PED#3750)
  This is necessary for g_ncm
  (for maintainance see jsc-PED#3759)
- commit 93dcc25
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- commit 96566e9
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- commit 048d3b4
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- commit e08b805
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- commit b64d8ba
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- commit c3ec287
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- commit 6a66ca6
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- commit b706955
- supported.conf: declaring usb_f_ncm supported as
  requested in (jsc#PED-3750)
  Support for the legacy functionality g_ncm is still
  under discussion
  (see jsc-PED#3200)
  For maintainance see (jsc#PED-3759)
- commit 2970881
- blacklist.conf: vsprintf: just a small code size optimization
- commit 11066c4
- blacklist.conf: fix for a feature which was not backported
- commit 40356f9
- blacklist.conf: needed just for a cleanup
- commit 2ad4085
- x86/speculation: Allow enabling STIBP with legacy IBRS
  (bsc#1210506 CVE-2023-1998).
- commit 43f265f
- Update patch reference for hwmon fix (CVE-2023-1855 bsc#1210202)
- commit 0565559
- cifs: fix negotiate context parsing (bsc#1210301).
- commit 6999463
- blacklist.conf: add perf git-fixes we are not taking
- commit affe5db
- perf/core: Fix the same task check in perf_event_set_output
  (git fixes).
- perf: Fix check before add_event_to_groups() in
  perf_group_detach() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly
  invoked in perf_event_bpf_output (git fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling
  (git fixes).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc: declare unmodified attribute_group usages const
  (git-fixes).
- commit c25cc8c
- Update patch reference for power driver fix (CVE-2023-30772 bsc#1210329)
- commit d3db856
- sched/fair: Sanitize vruntime of entity being migrated
  (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed
  (bsc#1203325).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler
  functional and performance backports)).
- sched/numa: Stop an exhastive search if an idle core is found
  (bsc#1189999 (Scheduler functional and performance backports)).
- commit 24ed78f
- mm: page_alloc: skip regions with hugetlbfs pages when
  allocating 1G pages (bsc#1210034).
- commit 421448a
- i2c: ocores: generate stop condition after timeout in polling
  mode (git-fixes).
- commit 95ee80d
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2
  (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM
  (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in
  snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: emu10k1: don't create old pass-through playback device
  on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking
  (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards
  (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG
  motherboard (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation
  (git-fixes).
- commit 4a758e5
- scsi: iscsi_tcp: Check that sock is valid before
  iscsi_set_param() (git-fixes).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one()
  (git-fixes).
- scsi: mpt3sas: Don't print sense pool info twice (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion
  (git-fixes).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate()
  (git-fixes).
- scsi: qla2xxx: Perform lockless command completion in abort path
  (git-fixes).
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR
  (git-fixes).
- scsi: core: Fix a procfs host directory removal regression
  (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in
  mpt3sas_transport_port_add() (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during
  revalidate (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240
  (git-fixes).
- scsi: lpfc: Avoid usage of list iterator variable after loop
  (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read()
  (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value
  (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
  (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: ses: Don't attach if enclosure has no components
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove()
  (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses
  (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in
  ses_enclosure_data_process() (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single()
  (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: snic: Fix memory leak with using debugfs_lookup()
  (git-fixes).
- scsi: libsas: Remove useless dev_list delete in
  sas_ex_discover_end_dev() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost
  ipaddress (git-fixes).
- commit fce4b5b
- k-m-s: Drop Linux 2.6 support
- commit 22b2304
- scsi: iscsi_tcp: Fix UAF during logout when accessing the
  shost ipaddress (git-fixes).
- Refresh
  patches.kabi/kABI-fix-change-of-iscsi_host_remove-arguments.patch.
- commit dfafac0
- Remove obsolete KMP obsoletes (bsc#1210469).
- commit 7f325c6
- Update
  patches.kabi/PCI-dwc-Add-dw_pcie_ops.host_deinit-callback.patch
  (kabi bsc#1210206).
  Fix kabi breakage.
- commit cf0ac3f
- Update CVE reference to
  patches.suse/netdevsim-fib-Fix-reference-count-leak-on-route-dele.patch
  (git-fixes bsc#1210454 CVE-2023-2019).
- commit 4e95d11
- Update CVE reference to patches.suse/udmabuf-add-back-sanity-check.patch
  (git-fixes bsc#1210453 CVE-2023-2008).
- commit 62da89a
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication
  overflow (git-fixes).
- Revert "/pinctrl: amd: Disable and mask interrupts on resume"/
  (git-fixes).
- drm/armada: Fix a potential double free in an error handling
  path (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S
  (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs
  (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in
  nilfs_segctor_thread() (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc
  (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards
  (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O
  cards (git-fixes).
- commit f9cf523
- scsi: hisi_sas: Set a port invalid only if there are no devices
  attached when refreshing port id (git-fixes).
- commit 5cdcc2b
- signal handling: don't use BUG_ON() for debugging (bsc#1210439).
- commit 3f10ae8
- Update
  patches.suse/scsi-core-Add-BLIST_NO_VPD_SIZE-for-some-VDASD.patch
  (git-fixes bsc#1203039), adding back the bug number reference.
- commit 2587a1f
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes
  bsc#1203039) (renamed now that it's upstgream)
- Refresh
  patches.kabi/blk-mq-fix-kabi-support-concurrent-queue-quiesce-unquiesce.patch.
- Refresh
  patches.kabi/kABI-fix-adding-another-field-to-scsi_device.patch.
- Refresh patches.kabi/kABI-fix-adding-field-to-scsi_device.patch.
- commit 14ff6ce
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock
  (bsc#1210158).
- commit 5691022
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to
  a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into
  a helper (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in
  handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling
  (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time
  (bsc#1209927).
- virt/sev-guest: Return -EIO if certificate buffer is not large
  enough (bsc#1209927).
- commit b35c5f2
- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- commit 2383449
- Update CVE reference to
  patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
  (git-fixes bsc#1210337 CVE-2023-1990).
- commit ddf99ea
- mtd: rawnand: meson: fix bitmask for length in command word
  (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking
  tRC_min (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode
  (git-fixes).
- commit 6504d96
- tracing: Add trace_array_puts() to write into instance
  (git-fixes).
- commit 059865f
- blacklist.conf: add a not-relevant ftrace commit
- commit 2220417
- ftrace: Fix issue that 'direct->addr' not restored in
  modify_ftrace_direct() (git-fixes).
- commit 03fd814
- tracing: Free error logs of tracing instances (git-fixes).
- commit b4f001c
- tracing: Have tracing_snapshot_instance_cond() write errors
  to the appropriate instance (git-fixes).
- commit b3421ec
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- commit 46954c5
- ring-buffer: Fix race while reader and writer are on the same
  page (git-fixes).
- commit c740036
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- commit cb9e9b0
- mm: mmap: remove newline at the end of the trace (git-fixes).
- commit 01340e1
- tracing: Fix wrong return in kprobe_event_gen_test.c
  (git-fixes).
- commit f76dcf0
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- commit cdf6666
- kABI workaround for xhci (git-fixes).
- commit cbab93c
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip
  (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit
  (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present
  (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete
  when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs
  (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler
  (git-fixes).
- usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin
  assignment (git-fixes).
- xhci: Free the command allocated for setting LPM if we return
  early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough
  iommu (git-fixes).
- usb: xhci: tegra: fix sleep in atomic call (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- commit 3aae146
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it
  (git-fixes).
- commit b56644c
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook
  (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- commit f336cd9
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT
  events (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory
  access (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for
  non-uploaded sta (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: cros-ec: Explicitly set .polarity in .get_state()
  (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path
  (git-fixes).
- platform/x86: think-lmi: Clean up display of current_value on
  Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing
  ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current
  settings (git-fixes).
- commit a8eaaa9
- btrfs: fix race between quota disable and quota assign ioctls
  (CVE-2023-1611 bsc#1209687).
- commit dcf095c
- Update
  patches.suse/Fix-double-fget-in-vhost_net_set_backend.patch
  (git-fixes bsc#1210203 CVE-2023-1838).
  Added CVE reference.
- commit 39f99de
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report
  DMI table (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer
  (git-fixes).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub
  (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
  (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds
  (git-fixes).
- commit 83ef835
- blacklist.conf: b8ac29b40183 timekeeping: contribute wall clock to rng on time change
  Breaks kABI and not critical
- commit 3ea8922
- timers: Prevent union confusion from unexpected (git-fixes)
- commit 80b3ef6
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- commit 67d84fc
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- commit b77ea41
- ipv6: raw: Deduct extension header length in
  rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394).
- commit cab54ec
- Refresh
  patches.suse/scsi-qla2xxx-Add-option-to-disable-FC2-Target-suppor.patch.
- commit c7b89ec
- blacklist.conf: cosmetic, not a fix
- commit 524a401
- Refresh
  patches.suse/HID-u2fzero-ignore-incomplete-packets-without-data.patch.
  added alternate commit ID
- commit d8e619b
- clocksource/drivers/mediatek: Optimize systimer irq clear flow
  on shutdown (git-fixes).
- commit 5ced514
- usb: ucsi: Fix ucsi->connector race (git-fixes).
- commit 513d457
- Define kernel-vanilla as source variant
  The vanilla_only macro is overloaded. It is used for determining if
  there should be two kernel sources built as well as for the purpose of
  determmioning if vanilla kernel should be used for kernel-obs-build.
  While the former can be determined at build time the latter needs to be
  baked into the spec file template. Separate the two while also making
  the latter more generic.
  $build_dtbs is enabled on every single rt and azure branch since 15.3
  when the setting was introduced, gate on the new $obs_build_variant
  setting as well.
- commit 36ba909
- USB: fotg210: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 632f169
- Refresh
  patches.suse/drm-amd-display-Fail-atomic_check-early-on-normalize.patch
  (git-fixes)
  Alt-commit
- commit ceb3eab
- Refresh
  patches.suse/drm-amdgpu-fence-Fix-oops-due-to-non-matching-drm_sc.patch
  (git-fixes)
  Alt-commit
- commit c85372d
- Refresh
  patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch
  (git-fixes)
  Alt-commit
- commit e974612
- Refresh
  patches.suse/drm-amd-display-Fix-COLOR_SPACE_YCBCR2020_TYPE-matri.patch
  (git-fixes)
  Alt-commit
- commit 7941903
- Refresh
  patches.suse/drm-amd-display-Calculate-output_color_space-after-p.patch
  (git-fixes)
  Alt-commit
- commit 107d5d6
- scsi: qla2xxx: Synchronize the IOCB count to be in order
  (bsc#1209292 bsc#1209684 bsc#1209556).
- nvme-tcp: always fail a request when sending it failed
  (bsc#1208902).
- commit 8d76faa
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- commit edea1ec
- cifs: prevent infinite recursion in CIFSGetDFSRefer()
  (bsc#1193629).
- commit dd2e168
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- commit e5fbb85
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL
  (bsc#1193629).
- commit 435fcff
- platform/x86: think-lmi: Use min_t() for comparison and
  assignment (bsc#1210050).
- platform/x86: think-lmi: certificate support clean ups
  (bsc#1210050).
- platform/x86: think-lmi: Certificate authentication support
  (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store()
  (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling
  a bit (bsc#1210050).
- platform/x86: think-lmi: Move kobject_init() call into
  tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- commit 49b6cc8
- rpm/constraints.in: increase the disk size for armv6/7 to 24GB
  It grows and the build fails recently on SLE15-SP4/5.
- commit 41ac816
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness
  returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel
  platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT
  mode (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1
  machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second
  fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode
  on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported
  systems (bsc#1210050).
- platform/x86: thinkpad-acpi: Add support for automatic mode
  transitions (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel
  platforms (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
  resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a
  number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks
  (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status
  return (bsc#1210050).
- platform/x86: thinkpad_acpi: Don't use test_bit on an integer
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about
  uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g
  (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform
  profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without
  a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to
  led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused
  sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing
  up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver
  attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after
  subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove "/goto err_exit"/ from
  hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in
  tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return
  - ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init()
  returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use
  dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow
  ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey()
  helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of
  safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode
  and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings
  (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes
  (bsc#1210050).
- commit 9704026
- NFSv4: Fix hangs when recovering open state after a server
  reboot (git-fixes).
- commit bb218a4
- Input: alps - fix compatibility with -funsigned-char
  (bsc#1209805).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- commit 4704fd1
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix
  (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- commit b056d1f
- ca8210: Fix unsigned mac_len comparison with zero in
  ca8210_skb_tx() (git-fixes).
- commit 1abdd92
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z
  (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260
  (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops
  (git-fixes).
- commit 5254cf5
- remove "/PCI: hv: Use async probing to reduce boot time"/ (bsc#1207185).
- commit 9e80db8
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write
  (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay
  (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state
  (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100
  (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing
  (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo
  (git-fixes).
- thunderbolt: Rename shadowed variables bit to interrupt_bit
  and auto_clear_bit (git-fixes).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index`
  (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth
  (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters
  (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access
  (git-fixes).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2
  (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy()
  (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing
  (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm
  (git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending
  on it (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990
  (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work
  function (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as
  threaded (git-fixes).
- ACPI: x86: utils: Add Cezanne to the list for forcing
  StorageD3Enable (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on
  ARCH_ASPEED (git-fixes).
- commit 182d88d
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- commit 2ca3471
- Fix error path in pci-hyperv to unlock the mutex state_lock
- commit 3898057
- lockd: set file_lock start and end when decoding nlm4 testargs
  (git-fixes).
- commit b3df611
- Delete
  patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch.
- Delete
  patches.suse/x86-link-vdso-and-boot-with-z-noexecstack-no-warn-rw.patch.
  Again, delete patches causing bsc#1209798, which were restored by accident.
- commit bbfb5d1
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive
  instrumentation (bsc#1194869).
- powerpc/iommu: fix memory leak with using debugfs_lookup()
  (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security
  mitigation switch (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/vmlinux.lds: Don't discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Don't discard .rela* for relocatable builds
  (bsc#1194869).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds
  (bsc#1194869).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries
  (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
  (bsc#1194869).
- powerpc/powernv: fix missing of_node_put in uv_init()
  (bsc#1194869).
- commit 3d61390
- blacklist.conf: Add fix not needed in 5.14
  d80f6de9d601 powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case
- commit 8fa612c
- powerpc/btext: add missing of_node_put (bsc#1065729).
- commit 986d3dc
- net: asix: fix modprobe "/sysfs: cannot create duplicate
  filename"/ (git-fixes).
- commit f535630
- net: usb: asix: remove redundant assignment to variable reg
  (git-fixes).
- commit c20b71b
- net: usb: use eth_hw_addr_set() (git-fixes).
- commit f6de603
- kvm: initialize all of the kvm_debugregs structure before
  sending it to userspace (bsc#1209532 CVE-2023-1513).
- commit 0b16baa
- powerpc/powernv/ioda: Skip unallocated resources when mapping
  to PE (bsc#1065729).
- commit 8723ead
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf
  (bsc#1065729).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling
  (bsc#1065729).
- powerpc/pseries/lpar: add missing RTAS retry status handling
  (bsc#1109158 ltc#169177 git-fixes).
- commit 6122a0b
- Update
  patches.suse/prlimit-do_prlimit-needs-to-have-a-speculation-check.patch
  (bsc#1209256 CVE-2017-5753).
- commit e09128d
- sbitmap: Avoid lockups when waker gets preempted (bsc#1209118).
- commit 448e27d
- blacklist.conf: cleanup, not a fix
- commit 29c7dbf
- blacklist.conf: cleanup, not fix
- commit e3722ae
- blacklist.conf: documentation update of a little used driver only
- commit 9deed66
- blacklist.conf: documentation only
- commit de3860f
- s390/vfio-ap: fix memory leak in vfio_ap device driver
  (git-fixes).
- commit 8168fab
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- Revert "/PCI: hv: Fix a timing issue which causes kdump to fail
  occasionally"/ (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct
  hv_pci_dev (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can
  cause panic (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations()
  (bsc#1207185).
- commit b4eeab5
- Bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052
  CVE-2023-28464).
- commit 8b25016
- smb3: fix unusable share after force unmount failure
  (bsc#1193629).
- commit 1091b58
- cifs: fix dentry lookups in directory handle cache
  (bsc#1193629).
- commit 663c78d
- smb3: lower default deferred close timeout to address perf
  regression (bsc#1193629).
- commit bb31b2c
- cifs: fix missing unload_nls() in smb2_reconnect()
  (bsc#1193629).
- commit 7a7c9a9
- cifs: avoid race conditions with parallel reconnects
  (bsc#1193629).
- commit e64476f
- cifs: append path to open_enter trace event (bsc#1193629).
- commit 2eff580
- cifs: print session id while listing open files (bsc#1193629).
- commit 851a108
- cifs: dump pending mids for all channels in DebugData
  (bsc#1193629).
- commit 6d11c27
- cifs: empty interface list when server doesn't support query
  interfaces (bsc#1193629).
- commit 9a0c2a5
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- commit 7762f86
- cifs: lock chan_lock outside match_session (bsc#1193629).
- commit 4cfd2c2
- cifs: check only tcon status on tcon related functions
  (bsc#1193629).
- commit 6e30684
- net: tls: fix possible race condition between
  do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  (bsc#1209366 CVE-2023-28466).
- commit 3dab1fe
- s390/boot: simplify and fix kernel memory layout setup
  (bsc#1209600).
- blacklist.conf: remove 9a39abb7c9aa
- commit bbd2ed5
- s390/dasd: fix no record found for raw_track_access
  (bsc#1207574).
- commit f363675
- Update references in
  patches.suse/x86-speculation-restore-speculation-related-msrs-during-s3-resume.patch
  (bsc#1198400 bsc#1209779 CVE-2023-1637).
- commit 87fc4f6
- Update references in
  patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
  (git-fixes bsc#1209788 CVE-2023-1652).
- commit f81ee89
- platform/x86: think-lmi: Add possible_values for ThinkStation
  (git-fixes).
- platform/x86: think-lmi: only display possible_values if
  available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters
  (git-fixes).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit
  (git-fixes).
- commit 0563887
- Revert "/Revert "/x86: link vdso and boot with -z noexecstack"/ (bsc#1209798)"/
  This reverts commit 26c6d5069004c3a470d53c3a53228ad5d44aa2a5.
- commit 4af196c
- Revert "/Revert "/Makefile: link with -z noexecstack --no-warn-rwx-segments"/ (bsc#1209798)"/
  This reverts commit 7db37fcbd312a083337d722b2c5543e6bf3a5c70.
- commit e9292ed
- Revert "/Makefile: link with -z noexecstack --no-warn-rwx-segments"/ (bsc#1209798)
  This reverts commit 34f9acb95470d2d2543e314cadd40a0e1c0ee6e1.
  It causes problems on aarch64:
  ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- commit 7db37fc
- Revert "/x86: link vdso and boot with -z noexecstack"/ (bsc#1209798)
  This reverts commit dc30142edffcbb9537e3cc47b176cb97109792c7.
  It causes problems on aarch64:
  ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- commit 26c6d50
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- commit 8f8bc2f
- xfs: pass the correct cursor to xfs_iomap_prealloc_size
  (git-fixes).
- commit 6692117
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- commit aa31e13
- blacklist.conf: Add da34a8484d16 mm: memcontrol: deprecate charge moving
- commit 6635ae8
- blacklist.conf: Add c91bdc935899 mm: memcontrol: don't allocate cgroup swap arrays when memcg is disabled
- commit 61fff14
- blacklist.conf: Add dbb16df6443c Revert "/memcg: cleanup racy sum avoidance code"/
- commit 6069ccd
- blacklist.conf: Add 9b3016154c91 memcg: sync flush only if periodic flush is delayed
- commit b4b0020
- sched/psi: Fix use-after-free in ep_remove_wait_queue()
  (bsc#1209799).
- commit 40303b2
- Drop build fix patch causing a regression on aarch64 (bsc#1209798)
  Delete patches.suse/Makefile-link-with-z-noexecstack-no-warn-rwx-segment.patch
- commit cc75cf8
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- commit 53c4e74
- lan78xx: Fix memory allocation bug (git-fixes).
- commit 8d1f2f9
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- commit 5612173
- lan78xx: Fix race conditions in suspend/resume handling
  (git-fixes).
- commit 27662e3
- lan78xx: Fix partial packet errors on suspend/resume
  (git-fixes).
- commit 6979f29
- lan78xx: Fix exception on link speed change (git-fixes).
- commit f7c495b
- lan78xx: Add missing return code checks (git-fixes).
- Refresh
  patches.suse/lan78xx-Enable-LEDs-and-auto-negotiation.patch.
- commit adb9750
- lan78xx: Remove unused pause frame queue (git-fixes).
- commit f843fdb
- lan78xx: Set flow control threshold to prevent packet loss
  (git-fixes).
- commit 6bbd43a
- lan78xx: Remove unused timer (git-fixes).
- commit 685aa9a
- lan78xx: Fix white space and style issues (git-fixes).
- commit 7f22f3d
- usb: dwc2: fix a devres leak in hw_enable upon suspend resume
  (git-fixes).
- usb: chipdea: core: fix return -EINVAL if request role is the
  same with current role (git-fixes).
- usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3
  driver (git-fixes).
- usb: cdns3: Fix issue with using incorrect PCI device function
  (git-fixes).
- usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- usb: typec: tcpm: fix warning when handle discover_identity
  message (git-fixes).
- usb: gadget: u_audio: don't let userspace block driver unbind
  (git-fixes).
- usb: dwc3: gadget: Add 1ms delay after end transfer command
  without IOC (git-fixes).
- usb: dwc3: Fix a typo in field name (git-fixes).
- usb: ucsi: Fix NULL pointer deref in ucsi_connector_change()
  (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using
  debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup()
  (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 7d86b44
- hwmon: fix potential sensor registration fail if of_node is
  missing (git-fixes).
- commit 07bdfd9
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent
  (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox
  transport (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes
  (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl
  (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name
  (git-fixes).
- power: supply: da9150: Fix use after free bug in
  da9150_charger_remove due to race condition (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection
  (git-fixes).
- drm/i915/active: Fix missing debug object activation
  (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found
  (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from
  ioctl (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in
  xgene_slimpro_i2c_xfer() (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the
  transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags
  (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove
  due to unfinished work (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type
  (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD
  address (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to
  race condition (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop()
  (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach
  (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- commit d23fee6
- Refresh
  patches.suse/arm64-Avoid-repeated-AA64MMFR1_EL1-register-read-on-.patch.
  Patch is merged upstream. Update headers.
- commit 1a36cd0
- Delete patches.suse/iwlwifi-module-firmware-ucode-fix.patch (bsc#1209681)
  linux-firmware tree finally provides iwlwifi-*-72.ucode, and more badly,
  they dropped *-71.ucode, hence the workaround leads to the firmware load
  failure.  Drop the old workaround now.
- commit 7a74f9a
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- commit 7b4b228
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- commit 33ca96b
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- commit 6f82a6d
- blacklist.conf: ("/lockdep: Fix -Wunused-parameter for _THIS_IP_"/)
- commit a81781d
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- commit 3fb6c9b
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- commit 6bf0b7f
- Update
  patches.suse/tun-avoid-double-free-in-tun_free_netdev.patch
  (bsc#1209635 CVE-2022-4744 git-fixes).
  Added CVE reference.
- commit 730f781
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- commit d75fe48
- net/sched: tcindex: update imperfect hash filters respecting
  rcu (CVE-2023-1281 bsc#1209634).
- commit aced962
- Delete patches.suse/trace-hwlat-make-use-of-the-helper-function-kthread_run_on_cpu.patch
  Cleanup commit ff78f6679d2e ("/trace/hwlat: make use of the helper
  function kthread_run_on_cpu()"/) was added to SLE15-SP4 to avoid
  a conflict when backporting 08697bca9bbb ("/trace/hwlat: Do not start
  per-cpu thread if it is already running"/). However, the needed helper
  function kthread_run_on_cpu() is missing in this codestream. The
  rt_debug config enables hwlat and then failed to build.
  Revert adding the cleanup patch and instead adjust context of
  patches.suse/trace-hwlat-Do-not-start-per-cpu-thread-if-it-is-already-running.patch.
- commit 86cbb00
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- commit 67abae4
- cifs: return DFS root session id in DebugData (bsc#1193629).
- commit cadd823
- cifs: fix use-after-free bug in refresh_cache_worker()
  (bsc#1193629).
- commit 596d51f
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- commit 8d91ba8
- cifs: generate signkey for the channel that's reconnecting
  (bsc#1193629).
- commit a188b7e
- cifs: Fix smb2_set_path_size() (git-fixes).
- commit 969e280
- cifs: Move the in_send statistic to __smb_send_rqst()
  (git-fixes).
- commit 9c6865d
- Refresh
  patches.suse/locking-rwbase-Mitigate-indefinite-writer-starvation.patch.
  Update patch metadata and move to sorted section.
- commit b2600c8
- fs/proc: task_mmu.c: don't read mapcount for migration entry
  (CVE-2023-1582, bsc#1209636).
- commit 7b0d6b1
- drm/i915/active: Fix misuse of non-idle barriers as fence
  trackers (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- commit d37a1a8
- Add the already cherry-picked id to a driver base patch
- commit c16d60a
- Add i915 revert on stable 5.15.y to blacklist
  It's fixed by the proper patch instead
- commit 23d11f5
- tty: serial: fsl_lpuart: skip waiting for transmission complete
  when UARTCTRL_SBK is asserted (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var()
  checks (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if
  genphy_read_status fails (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit
  (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book2 Pro (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in
  vdpasim_queue_ready (git-fixes).
- drm/amd/display: fix shift-out-of-bounds in
  CalculateVMAndRowBytes (git-fixes).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- mmc: atmel-mci: fix race between stop command and start of
  next command (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset
  (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at
  every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate
  plane damaged area (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2
  selective fetch enabled (git-fixes).
- commit f8f59a8
- drm/i915: Don't use BAR mappings for ring buffers with LLC
  (git-fixes).
- drm/i915: Don't use stolen memory for ring buffers with LLC
  (git-fixes).
- commit 60b6f88
- locking/rwbase: Mitigate indefinite writer starvation
  (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- commit ec97cf5
- blacklist.conf: kABI
- commit d693a6f
- blacklist.conf: changes exports to user space in a way that is not a bug
  fix
- commit f047586
- kconfig: Update config changed flag before calling callback
  (git-fixes).
- commit 4822afa
- drivers/base: Fix unsigned comparison to -1 in
  CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- commit 263387d
- af_unix: Get user_ns from in_skb in unix_diag_get_exact()
  (bsc#1209290 CVE-2023-28327).
- commit dee84d8
- netlink: prevent potential spectre v1 gadgets (bsc#1209547
  CVE-2017-5753).
- commit 35271d8
- drivers/base: fix userspace break from using bin_attributes
  for cpumap and cpulist (bsc#1208815).
- commit d8ec347
- keys: Do not cache key in task struct if key is requested from
  kernel thread (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel
  panic in skb_pull (git-fixes).
- commit 2977668
- KABI FIX FOR: NFSv4: keep state manager thread active if swap
  is enabled (Never, kabi).
- commit b299bd6
- SUNRPC: Fix a server shutdown leak (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFS: fix disabling of swap (git-fixes).
- nfs4trace: fix state manager flag printing (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy
  (git-fixes).
- nfsd: fix race to check ls_layouts (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item
  (git-fixes).
- nfsd: zero out pointers after putting nfsd_files on COPY setup
  error (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall
  (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout
  (git-fixes).
- nfsd: shut down the NFSv4 state objects before the filecache
  (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create
  failure (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread
  can't run (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname()
  (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create()
  (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper()
  and delegreturn (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking()
  (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery
  (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled
  (git-fixes).
- commit 4ee2a42
- ppc64le: HWPOISON_INJECT=m (bsc#1209572).
- commit 757cf27
- struct dwc3: mask new member (git-fixes).
- commit 29d28eb
- USB: dwc3: fix memory leak with using debugfs_lookup()
  (git-fixes).
- commit 5d4bb23
- blacklist.conf: kABI
- commit 1170e89
- blacklist.conf: kABI
- commit fb6be59
- tracing/hwlat: Replace sched_setaffinity with
  set_cpus_allowed_ptr (git-fixes).
- commit 5dae012
- ring-buffer: remove obsolete comment for free_buffer_page()
  (git-fixes).
- commit e7730cf
- tracing: Make splice_read available again (git-fixes).
- commit 83c2809
- trace/hwlat: Do not start per-cpu thread if it is already
  running (git-fixes).
- commit b67192b
- trace/hwlat: make use of the helper function
  kthread_run_on_cpu() (git-fixes).
- commit 091a305
- trace/hwlat: Do not wipe the contents of per-cpu thread data
  (git-fixes).
- commit 907b256
- tracing: Make tracepoint lockdep check actually test something
  (git-fixes).
- commit b2e4082
- blacklist.conf: kABI
- commit 6922af5
- ftrace: Fix invalid address access in lookup_rec() when index
  is 0 (git-fixes).
- commit 59f3693
- tracing: Check field value in hist_field_name() (git-fixes).
- commit a92eb30
- tracing: Do not let histogram values have some modifiers
  (git-fixes).
- commit 2761bfa
- tracing: Add NULL checks for buffer in
  ring_buffer_free_read_page() (git-fixes).
- commit 1bf9381
- ring-buffer: Handle race between rb_move_tail and rb_check_pages
  (git-fixes).
- commit 94bd9c6
- blacklist.conf: add a not-relevant ftrace cleanup
- commit 57cd4dc
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- commit 6f9f252
- Update
  patches.suse/scsi-ufs-ufs-mediatek-Fix-error-checking-in-ufs_mtk_init_va09_pwr_ctrl
  Adding CVE and bsc reference (git-fixes CVE-2023-23001 bsc#1208829).
- commit 2128b6e
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr
  (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int
  (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in
  sad_cfg_iio_topology() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- bpf, perf: Use subprog name when reporting subprog ksymbol
  (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output
  (git fixes).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes
  (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain
  (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of
  clear_cpu_cap() (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC
  PMU (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git
  fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default
  (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git
  fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL
  (git fixes).
- perf/core: Fix data race between perf_event_set_output()
  and perf_mmap_close() (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support
  (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding
  (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
  (git fixes).
- perf/x86/intel: Don't extend the pseudo-encoding to GP counters
  (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- perf: Always wake the parent event (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
  (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- commit 74e398e
- Refresh patches.suse/NFSv3-handle-out-of-order-write-replies.patch.
  Careless typo - might cause bsc#1209457
- commit 1d76618
- fotg210-udc: Add missing completion handler (git-fixes).
- commit 6b598ac
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- commit 4c4d5c0
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- commit 146b5ac
- ceph: update the time stamps and try to drop the suid/sgid
  (bsc#1209504).
- commit e7df378
- supported.conf: Remove duplicate entry.
- commit 2c93f73
- IB/hfi1: Update RMT size calculation (git-fixes)
- commit 46a7a1c
- IB/hfi1: Assign npages earlier (git-fixes)
- commit b6b4a13
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- interconnect: exynos: fix node leak in probe PM QoS error path
  (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation
  (git-fixes).
- firmware: xilinx: don't make a sleepable memory allocation
  from an atomic context (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses
  (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove
  due to race condition (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers
  (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order
  (git-fixes).
- media: m5mols: fix off-by-one loop termination error
  (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race
  condition (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly
  (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity
  (git-fixes).
- ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU()
  (git-fixes).
- drm/bridge: Fix returned array size name for
  atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors
  (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay
  (git-fixes).
- drm/panfrost: Don't sync rpm suspension after mmu flushing
  (git-fixes).
- drm/shmem-helper: Remove another errant put in error path
  (git-fixes).
- clk: HI655X: select REGMAP instead of depending on it
  (git-fixes).
- docs: Correct missing "/d_"/ prefix for dentry_operations member
  d_weak_revalidate (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers
  for soc15 (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs
  (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how
  long a regulator was off (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- PCI: Add SolidRun vendor ID (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on
  regulators (git-fixes).
- regulator: Flag uncontrollable regulators as always_on
  (git-fixes).
- commit fc61e5c
- Delete patches.suse/drm-i915-Don-t-use-BAR-mappings-for-ring-buffers-wit.patch
  Resulted in an Oops / hang at boot (bsc#1209436)
- commit 0da96b0
- hwmon: (k10temp): Add support for new family 17h and 19h models
  (bsc#1208848).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- commit c3dd9ac
- Update references in
  patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
  (git-fixes bsc#1209291 CVE-2023-28328).
- commit dc99e31
- Refresh
  patches.suse/drm-amd-display-fix-issues-with-driver-unload.patch.
  Fix build warning:
  .../amdgpu_dm/amdgpu_dm.c: In function 'amdgpu_dm_fini':
  .../amdgpu_dm/amdgpu_dm.c:1417:6: warning: unused variable 'i' [-Wunused-variable]
  int i;
    ^
- commit 25c8b43
- x86/msr: Remove .fixup usage (git-fixes).
- kABI: x86/msr: Remove .fixup usage (kabi).
- Refresh patches.suse/x86-futex-Remove-.fixup-usage.patch.
- commit c013cdd
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- commit b735f37
- x86/fpu/xsave: Handle compacted offsets correctly with
  supervisor states (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
  (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page
  (git-fixes).
- Refresh
  patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch.
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
  (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
  (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large
  enclaves (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
  (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Allow instrumentation during task work queueing
  (git-fixes).
- x86/uaccess: Move variable into switch case statement
  (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table
  (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with
  supervisor states (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation
  (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page
  (git-fixes).
- Refresh
  patches.suse/x86-sgx-set-active-memcg-prior-to-shmem-allocation.patch.
- x86/kvm: Don't use pv tlb/ipi/sched_yield if on 1 vCPU
  (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm
  (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large
  enclaves (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags
  (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Allow instrumentation during task work queueing
  (git-fixes).
- x86/uaccess: Move variable into switch case statement
  (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table
  (git-fixes).
- commit cd115f3
- rpm/group-source-files.pl: Fix output difference when / is in location
  While previous attempt to fix group-source-files.pl in 6d651362c38
  "/rpm/group-source-files.pl: Deal with {pre,post}fixed / in location"/
  breaks the infinite loop, it does not properly address the issue. Having
  prefixed and/or postfixed forward slash still result in different
  output.
  This commit changes the script to use the Perl core module File::Spec
  for proper path manipulation to give consistent output.
- commit 4161bf9
- perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery
  table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in
  uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for
  Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs
  (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on
  ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824,
  bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize IIO topology support
  (bsc#1206824, bsc#1206493, bsc#1206492).
- commit 23fd14b
- Require suse-kernel-rpm-scriptlets at all times.
  The kernel packages call scriptlets for each stage, add the dependency
  to make it clear to libzypp that the scriptlets are required.
  There is no special dependency for posttrans, these scriptlets run when
  transactions are resolved. The plain dependency has to be used to
  support posttrans.
- commit 56c4dbe
- Replace mkinitrd dependency with dracut (bsc#1202353).
  Also update mkinitrd refrences in documentation and comments.
- commit e356c9b
- mm: memcg: fix NULL pointer in
  mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- commit ca9be2b
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths
  (bsc#1197617).
- commit 34bfa16
- blacklist.conf: Add cgroup locking optimizations
  be288169712f cgroup: reduce dependency on cgroup_mutex
  671c11f0619e cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree
- commit a274f6f
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- commit 49f82de
- blacklist.conf: Add 9360d035a579 panic: Separate sysctl logic from CONFIG_SMP
- commit 70188a8
- blacklist.conf: Add 9df918698408 kernel/panic: move panic sysctls to its own file
- commit 7099ede
- prlimit: do_prlimit needs to have a speculation check
  (bsc#1209256).
- commit 90a3f2f
- blacklist.conf: this is very hard to explain. This patch stops a staging
  driver from doing something extremely stupid, but it is visible and not
  technically a fix
- commit 55006f0
- blacklist.conf: Add c16bdeb5a39f rlimit: Fix RLIMIT_NPROC enforcement failure caused by capability calls in set_user
  And also reasoning dependency/guard 2863643fb8b9 ("/set_user: add capability check when rlimit(RLIMIT_NPROC) exceeds"/)
- commit 2a2c4f0
- blacklist.conf: this is very hard to explain. This patch stops a staging
  driver from doing something extremely stupid, but it is visible and not
  technically a fix
- commit a35c342
- s390/kexec: fix ipl report address for kdump (bsc#1207529).
- commit b51985a
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- commit 871eeb4
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- commit d31c746
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty
  list (bsc#1208602, git-fixes).
- commit 4b74bf5
- rds: rds_rm_zerocopy_callback() correct order for
  list_add_tail() (CVE-2023-1078 bsc#1208601).
- rds: rds_rm_zerocopy_callback() use list_first_entry()
  (CVE-2023-1078 bsc#1208601).
- commit b467b16
- blacklist.conf: add some X86 ARCHITECTURE git-fixes
- commit 6e9c445
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075
  bsc#1208598).
- commit 04f7ce9
- blacklist.conf: feature, not fix
- commit 3b9cbfd
- blacklist.conf: duplicate
- commit 082c8b7
- Update patches.suse/hid-bigben_probe-validate-report-count.patch
  (bsc#1208605).
  Added bugzilla reference to fix already applied
- commit 784a3b2
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file
  (git-fixes).
- commit 1bde01c
- signal: Implement force_fatal_sig (git-fixes).
- blacklist.conf: remove it
- commit fc01034
- bpf, x64: Factor out emission of REX byte in more cases
  (git-fixes).
- blacklist.conf: remove it
- commit 3ad465f
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd
  (git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of
  calling do_exit (git-fixes).
- signal/seccomp: Refactor seccomp signal and coredump generation
  (git-fixes).
- commit 128d44a
- wifi: cfg80211: Partial revert "/wifi: cfg80211: Fix use after
  free for wext"/ (git-fixes).
- tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address
  (git-fixes).
- commit c121561
- NFS: nfsiod should not block forever in mempool_alloc()
  (git-fixes).
- commit 3938521
- KABI FIX FOR NFSv4: Fix free of uninitialized nfs4_label on
  referral lookup (git-fixes).
- commit 3fe030b
- ASoC: zl38060 add gpiolib dependency (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update
  (git-fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero
  (git-fixes).
- PCI: Add ACS quirk for Wangxun NICs (git-fixes).
- PCI: Take other bus devices into account when distributing
  resources (git-fixes).
- PCI: Align extra resources for hotplug bridges properly
  (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
  mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in
  mma9551_read_status_word() (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- mei: bus-fixup:upon error print return values of send and
  receive (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent()
  (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe
  (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal
  (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty()
  (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- USB: ene_usb6250: Allocate enough memory for full object
  (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of
  using pointer math (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive
  warnings (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910
  (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string
  (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors
  (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt
  leak (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3
  (git-fixes).
- ASoC: zl38060: Remove spurious gpiolib select (git-fixes).
- Bluetooth: hci_sock: purge socket queues in the destruct()
  callback (git-fixes).
- commit 1135294
- kABI workaround for hid quirks (git-fixes).
- commit 2ce6cac
- HID: retain initial quirks set up when creating HID devices
  (git-fixes).
- commit 0d98469
- PCI: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- commit ccb0b3a
- thermal/drivers/tsens: Add compat string for the qcom,msm8960
  (git-fixes).
- Refresh
  patches.suse/thermal-drivers-tsens-Sort-out-msm8976-vs-msm8956-da.patch.
- commit 0c14aac
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code
  (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL
  register (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec()
  (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq
  (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already
  binded (git-fixes).
- usb: typec: intel_pmc_mux: Don't leak the ACPI device reference
  count (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream()
  fails (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect()
  (git-fixes).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup
  (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to
  prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in
  brcmf_c_preinit_dcmds() (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu
  (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH
  (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero
  (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high
  (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper
  acpi_dev_get_memory_resources() (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop
  body as a ptr (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg
  (un)link func (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link()
  (git-fixes).
- commit 31f8312
- nfc: fdp: add null check of devm_kmalloc_array in
  fdp_nci_i2c_read_device_properties (git-fixes).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv
  (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables
  (git-fixes).
- PCI: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color
  bits (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible()
  (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad
  Duet 3 10IGL5 (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown
  (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume
  (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers
  (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- HID: multitouch: Add quirks for flipped axes (git-fixes).
- HID: logitech-hidpp: Don't restart communication if not
  necessary (git-fixes).
- HID: Add Mapping for System Microphone Mute (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks
  (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays
  (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode
  (git-fixes).
- KEYS: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output
  enable (git-fixes).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit
  path (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- media: uvcvideo: Check controls flags before accessing them
  (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS
  (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL
  (git-fixes).
- commit af57661
- Documentation/hw-vuln: Document the interaction between IBRS
  and STIBP (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC
  (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- docs/scripts/gdb: add necessary make scripts_gdb step
  (git-fixes).
- ASoC: codecs: lpass: fix incorrect mclk rate (git-fixes).
- ASoC: kirkwood: Iterate over array indexes instead of using
  pointer math (git-fixes).
- ASoC: soc-compress: Reposition and add pcm_mutex (git-fixes).
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE
  (git-fixes).
- ACPI: Don't build ACPICA with '-Os' (git-fixes).
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read
  latency detected (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible
  (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name
  (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node
  name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node
  names (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button
  name (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to
  eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to
  rng node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid
  clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors
  compatible (git-fixes).
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name
  (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name
  (git-fixes).
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video
  phy (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock
  names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON
  (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- ACPI: resource: Add helper function
  acpi_dev_get_memory_resources() (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ASoC: codecs: tx-macro: move to individual clks from bulk
  (git-fixes).
- ASoC: codecs: rx-macro: move to individual clks from bulk
  (git-fixes).
- ASoC: codecs: tx-macro: move clk provider to managed variants
  (git-fixes).
- ASoC: codecs: rx-macro: move clk provider to managed variants
  (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- ASoC: codecs: Change bulk clock voting to optional voting in
  digital codecs (git-fixes).
- ASoC: fsl_sai: Update to modern clocking terminology
  (git-fixes).
- commit 8491e1c
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076
  bsc#1208599).
- tun: tun_chr_open(): correctly initialize socket uid
  (CVE-2023-1076 bsc#1208599).
- net: add sock_init_data_uid() (CVE-2023-1076 bsc#1208599).
- netfilter: nf_tables: fix null deref due to zeroed list head
  (CVE-2023-1095 bsc#1208777).
- commit 1969911
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- commit 17b413e
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- commit bedb569
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- commit 04f9814
- arm64: mm: kfence: only handle translation faults (git-fixes)
- commit 53720ca
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- commit abb3814
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- commit 8ba9b76
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- commit 830c0c2
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- commit bf5800f
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- commit 2dadb72
- blacklist.conf: add some X86 git-fixes
- commit 05ac891
- blacklist.conf: ("/arm64: dts: ten64: remove redundant interrupt declaration for"/)
- commit b0f32f5
- Update patch reference for HID fixes (CVE-2023-25012 bsc#1207560)
- commit ac09f05
- qede: avoid uninitialized entries in coal_entry array
  (bsc#1205846).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- commit bcd42d6
- PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- commit da09379
- PCI: qcom: Fix host-init error handling (git-fixes).
- PCI: Unify delay handling for reset and resume (git-fixes).
- PCI/PM: Always disable PTM for all devices during suspend
  (git-fixes).
- PCI: mediatek-gen3: Fix refcount leak in
  mtk_pcie_init_irq_domains() (git-fixes).
- PCI/PM: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte
  X299 (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- PCI: mediatek-gen3: Assert resets to ensure expected init state
  (git-fixes).
- PCI: Avoid pci_dev_lock() AB/BA deadlock with
  sriov_numvfs_store() (git-fixes).
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- PCI: xgene: Revert "/PCI: xgene: Use inbound resources for setup"/
  (git-fixes).
- PCI: aardvark: Check return value of generic_handle_domain_irq()
  when processing INTx IRQ (git-fixes).
- PCI: Reduce warnings on possible RW1C corruption (git-fixes).
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- Refresh patches.suse/0001-kABI-more-hooks-for-PCI-changes.patch.
- PCI: aardvark: Fix link training (git-fixes).
- Refresh
  patches.suse/PCI-aardvark-Fix-checking-for-link-up-via-LTSSM-stat.patch.
- commit 3cab0bb
- blacklist.conf: add some PCI git-fixes
- commit 259b001
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending
  on it (git-fixes).
- commit b403668
- NFSv4.2: Fix a memory stomp in decode_attr_security_label
  (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding
  (git-fixes).
- SUNRPC: Don't leak netobj memory when gss_read_proxy_verf()
  fails (git-fixes).
- NFSD: pass range end to vfs_fsync_range() instead of count
  (git-fixes).
- nfsd: don't call nfsd_file_put from client states seqfile
  display (git-fixes).
- NFSD: Finish converting the NFSv3 GETACL result encoder
  (git-fixes).
- NFSD: Finish converting the NFSv2 GETACL result encoder
  (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count
  (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return
  (git-fixes).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed
  (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot
  (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4: Fix a potential state reclaim deadlock (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for
  flexfiles (git-fixes).
- NFSD: fix use-after-free on source server when doing
  inter-server copy (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages
  have data (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests
  (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
  (git-fixes).
- NFSv4: Fix free of uninitialized nfs4_label on referral lookup
  (git-fixes).
- NFSv4: Don't hold the layoutget locks across multiple RPC calls
  (git-fixes).
- SUNRPC: Return true/false (not 1/0) from bool functions
  (git-fixes).
- NFS: Avoid writeback threads getting stuck in mempool_alloc()
  (git-fixes).
- NFS: nfsiod should not block forever in mempool_alloc()
  (git-fixes).
- commit 4c29b9b
- blacklist.conf: fixes for bugs we don't have
- commit afbbfc5
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843
  CVE-2023-23004).
- commit 87efba8
- Delete
  patches.suse/livepatch-define-a-macro-for-new-api-identification.patch.
  This definition was used by kgraft codestreams (SLE12-SP3), but the
  livepatch support for such codestreams has ended.
- commit f5aeaad
- Do not sign the vanilla kernel (bsc#1209008).
- commit cee4d89
- blacklist.conf: false positive
- commit 086f5da
- nvme-auth: fix an error code in
  nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: don't use NVMe status codes (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication
  (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to
  complete (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication
  (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication
  completes (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure
  (bsc#1202633).
- nvme-auth: don't keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: don't override ctrl keys before validation
  (bsc#1202633).
- nvme-auth: don't ignore key generation failures when
  initializing ctrl keys (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: don't re-authenticate if the controller is not LIVE
  (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset
  (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to
  nvme_auth[reset|free]_dhchap (bsc#1202633).
- commit 67a47c5
- blacklist.conf: kABI, cosmetic
- commit f03aa8f
- Add cherry-picked id for nouveau patch
- commit d18ab1d
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- commit a961e32
- KABI FIX FOR: NFSv4.1 query for fs_location attr on a new file
  system (Never, kabi).
- commit f615f65
- update internal module version number for cifs.ko (bsc#1193629).
- commit c325c43
- drm/virtio: Fix NULL vs IS_ERR checking in
  virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- commit cd9c832
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location
  When the source file location provided with -L is either prefixed or
  postfixed with forward slash, the script get stuck in a infinite loop
  inside calc_dirs() where $path is an empty string.
  user@localhost:/tmp> perl "/$HOME/group-source-files.pl"/ -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/
  ...
  path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig
  path = /usr/src/linux-5.14.21-150500.41/Documentation
  path = /usr/src/linux-5.14.21-150500.41
  path = /usr/src
  path = /usr
  path =
  path =
  path =
  ... # Stuck in an infinite loop
  This workarounds the issue by breaking out the loop once path is an
  empty string. For a proper fix we'd want something that
  filesystem-aware, but this workaround should be enough for the rare
  occation that this script is ran manually.
  Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- commit 6d65136
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare()
  in imx7_csi_init() (git-fixes).
- commit e70e8d4
- media: platform: ti: Add missing check for devm_regulator_get
  (git-fixes).
- commit 08661ee
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node
  function (CVE-2023-23000 bsc#1208816).
- commit 4632142
- Update patch reference for media fix (CVE-2023-1118 bsc#1208837)
- commit 778b9f2
- media: ti: cal: fix possible memory leak in cal_ctx_create()
  (git-fixes).
- commit 2ff7792
- struct uvc_device move flush_status  new member to end
  (git-fixes).
- commit 8ba3f50
- media: uvcvideo: Fix race condition with usb_kill_urb
  (git-fixes).
- commit 9dd8ca0
- media: coda: Add check for kmalloc (git-fixes).
- commit 8c98f78
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- commit 705609f
- scsi: qla2xxx: Add option to disable FC2 Target support
  (bsc#1198438 bsc#1206103).
- Delete
  patches.suse/revert-scsi-qla2xxx-Changes-to-support-FCP2-Target.patch.
- commit 9b1b9b9
- blacklist.conf: cosmetic, not a bug fix
- commit a1eb9b6
- net/ulp: use consistent error code when blocking ULP
  (CVE-2023-0461 bsc#1208787).
- net/ulp: prevent ULP without clone op from entering the LISTEN
  status (CVE-2023-0461 bsc#1208787).
- commit bad820e
- KABI FIX FOR: NFSD: Have legacy NFSD WRITE decoders use
  xdr_stream_subsegment() (git-fixes).
- commit bd901a6
- KABI FIX FOR: NFS: Further optimisations for 'ls -l'
  (git-fixes).
- commit 894aa13
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim
  (git-fixes).
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
  (git-fixes).
- NFSD: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- NFSD: COMMIT operations must not return NFS?ERR_INVAL
  (git-fixes).
- sunrpc: Fix potential race conditions in
  rpc_sysfs_xprt_state_change() (git-fixes).
- net/sunrpc: fix reference count leaks in
  rpc_sysfs_xprt_state_change (git-fixes).
- SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt
  (git-fixes).
- NFSv4 handle port presence in fs_location server string
  (git-fixes).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4.1 query for fs_location attr on a new file system
  (git-fixes).
- NFSv4 store server support for fs_location attribute
  (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check
  (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup()
  (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id)
  (git-fixes).
- NFSD: Have legacy NFSD WRITE decoders use
  xdr_stream_subsegment() (git-fixes).
- NFS: Create a new nfs_alloc_fattr_with_label() function
  (git-fixes).
- NFS: Always initialise fattr->label in nfs_fattr_alloc()
  (git-fixes).
- NFS: Don't allocate nfs_fattr on the stack in __nfs42_ssc_open()
  (git-fixes).
- NFS: Further optimisations for 'ls -l' (git-fixes).
- commit fc8bee1
- blacklist.conf: NFS updates
- commit 424a052
- selftests/powerpc: Account for offline cpus in perf-hwbreak test
  (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test
  (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- commit cc3db6d
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- commit 6b88ff8
- cifs: improve checking of DFS links over
  STATUS_OBJECT_NAME_INVALID (git-fixes).
- commit 2d97db4
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too
  (bsc#1193629).
- commit aef7d88
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- commit a3d06fc
- cifs: update ip_addr for ses only for primary chan setup
  (bsc#1193629).
- commit 9b0633d
- cifs: use tcon allocation functions even for dummy tcon
  (git-fixes).
- commit 4cb2b33
- cifs: use the least loaded channel for sending requests
  (bsc#1193629).
- commit cfdb032
- smb3: Replace smb2pdu 1-element arrays with flex-arrays
  (bsc#1193629).
- commit 8183847
- selftests/ftrace: Convert tracer tests to use 'requires'
  to specify program dependency (bsc#1204993 ltc#200103).
- selftests/ftrace: Add check for ping command for trigger tests
  (bsc#1204993 ltc#200103).
- commit 11e08ba
- cifs: get rid of dns resolve worker (bsc#1193629).
- commit 2cb37b3
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- commit 5fa5f21
- cifs: Fix lost destroy smbd connection when MR allocate failed
  (git-fixes).
- commit f517a17
- cifs: return a single-use cfid if we did not get a lease
  (bsc#1193629).
- commit 90e06b0
- cifs: Check the lease context if we actually got a lease
  (bsc#1193629).
- commit 8e90bef
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- commit a459269
- cifs: Convert struct fealist away from 1-element array
  (bsc#1193629).
- commit da04015
- cifs: fix mount on old smb servers (boo#1206935).
- commit 1f96ba2
- cifs: Fix uninitialized memory reads for oparms.mode
  (bsc#1193629).
- commit 54e33cf
- cifs: remove unneeded 2bytes of padding from smb2 tree connect
  (bsc#1193629).
- commit be0bd63
- cifs: Fix uninitialized memory read in smb3_qfs_tcon()
  (bsc#1193629).
- commit 0882d15
- cifs: don't try to use rdma offload on encrypted connections
  (bsc#1193629).
- commit e4e0061
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- commit 04a4e24
- cifs: introduce cifs_io_parms in smb2_async_writev()
  (bsc#1193629).
- commit 3e469a4
- cifs: get rid of unneeded conditional in cifs_get_num_sgs()
  (bsc#1193629).
- commit 406d57e
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- commit 57b5cfd
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req()
  (bsc#1193629).
- commit 1affc8c
- cifs: print last update time for interface list (bsc#1193629).
- commit 77e9288
- cifs: Replace zero-length arrays with flexible-array members
  (bsc#1193629).
- commit ccb5ba6
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- commit 782ea60
- cifs: Fix use-after-free in rdata->read_into_pages()
  (git-fixes).
- commit 107b2e5
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect
  (git-fixes).
- commit fe84ac1
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179).
  When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1
  which sets the variable for a simple command.
  However, the script is no longer a simple command. Export the variable
  instead.
- commit 152a069
- Refresh
  patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
- Refresh
  patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
  Fix bug introduced by broken backport (bsc#1208628).
- commit d902e3e
- Move upstreamed i915 and media fixes into sorted section
- commit f79acc7
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- commit 92f0180
- nvme-fabrics: show well known discovery name (bsc#1200054).
- commit 0dc6ff3
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message
  (git-fixes).
- commit cf78232
- ASoC: mchp-spdifrx: Fix uninitialized use of mr in
  mchp_spdifrx_hw_params() (git-fixes).
- commit ef46bcf
- ALSA: ice1712: Delete unreachable code in aureon_add_controls()
  (git-fixes).
- ALSA: ice1712: Do not left ice->gpio_mutex locked in
  aureon_add_controls() (git-fixes).
- ASoC: adau7118: don't disable regulators on device unbind
  (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is
  within the limits (git-fixes).
- watchdog: pcwd_usb: Fix attempting to access uninitialized
  memory (git-fixes).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing
  free_irq() in error path (git-fixes).
- vc_screen: don't clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k
  (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- VMCI: check context->notify_page after call to
  get_user_pages_fast() to avoid GPF (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx
  dma case (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at
  shutdown (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in
  lpuart32_shutdown() (git-fixes).
- USB: serial: option: add support for VW/Skoda "/Carstick LTE"/
  (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M
  (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: musb: mediatek: don't unregister something that wasn't
  registered (git-fixes).
- USB: core: Don't hold device lock while reading the
  "/descriptors"/ sysfs file (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access
  (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in
  fusb300_probe() (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx()
  (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup
  (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
  is no callback function (git-fixes).
- wifi: mwifiex: fix loop iterator in
  mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: Add missing compatible string for SD8787
  (git-fixes).
- wifi: iwl4965: Add missing check for
  create_singlethread_workqueue() (git-fixes).
- wifi: iwl3945: Add missing check for
  create_singlethread_workqueue (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in
  nl80211_set_rekey_data() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec()
  (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU
  (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: wl3501_cs: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: cmdresp: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: if_usb: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid()
  (git-fixes).
- wifi: brcmfmac: fix potential memory leak in
  brcmf_netdev_start_xmit() (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit()
  (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in
  _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtl8xxxu: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter()
  (git-fixes).
- wifi: iwlegacy: common: don't call dev_kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8188ee: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: don't call kfree_skb() under
  spin_lock_irqsave() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- commit 795b424
- thermal: intel: BXT_PMIC: select REGMAP instead of depending
  on it (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference
  (git-fixes).
- rtc: allow rtc_read_alarm without read_alarm callback
  (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io
  (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate
  modem headers (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW
  (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region
  (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init
  (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type
  (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register
  (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning
  (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- soundwire: cadence: Don't overflow the command FIFOs
  (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- PCI: switchtec: Return -EFAULT for copy_to_user() errors
  (git-fixes).
- PCI: Fix dropping valid root bus resources with .end = zero
  (git-fixes).
- PCI/PM: Observe reset delay irrespective of bridge_d3
  (git-fixes).
- PCI/IOV: Enlarge virtfn sysfs name buffer (git-fixes).
- PCI: hotplug: Allow marking devices as disconnected during
  bind/unbind (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue
  (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in
  tegra_uart_hw_init() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in
  lpuart32_shutdown() (git-fixes).
- printf: fix errname.c list (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: rockchip: Fix refcount leak in
  rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain
  (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for
  wcss pins (git-fixes).
- spi: synquacer: Fix timeout handling in
  synquacer_spi_transfer_one() (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC
  (git-fixes).
- sefltests: netdevsim: wait for devlink instance after netns
  removal (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package
  system (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939
  (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data
  (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines
  (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match
  (git-fixes).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not
  available (git-fixes).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is
  disabled (git-fixes).
- platform/x86: amd-pmc: Export Idlemask values based on the APU
  (git-fixes).
- commit 14a6c6a
- media: saa7134: Use video_unregister_device for radio_dev
  (git-fixes).
- media: usb: siano: Fix use after free bugs caused by
  do_submit_urb (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned
  (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
  (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: v4l2-jpeg: correct the skip count in
  jpeg_parse_app14_data (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind
  (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls()
  (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls()
  (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register()
  (git-fixes).
- Input: iqs626a - drop unused device node references (git-fixes).
- Input: ads7846 - don't check penirq immediately for 7845
  (git-fixes).
- Input: ads7846 - always set last command to PWRDOWN (git-fixes).
- Input: ads7846 - don't report pressure for ads7845 (git-fixes).
- Input: iqs269a - configure device with a single block write
  (git-fixes).
- Input: iqs269a - increase interrupt handler return delay
  (git-fixes).
- Input: iqs269a - drop unused device node references (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32
  (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type
  (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le
  (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in
  dfltcc_gdht() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in
  pcf50633_adc_async_read() (git-fixes).
- mfd: cs5535: Don't build on UML (git-fixes).
- gpu: host1x: Don't skip assigning syncpoints to channels
  (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned
  by of_graph_get_port_by_id() (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan
  (git-fixes).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store
  (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- Revert "/HID: logitech-hidpp: add a module parameter to keep
  firmware gestures"/ (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- HID: bigben: use spinlock to safely schedule workers
  (git-fixes).
- HID: bigben_worker() remove unneeded check on report_field
  (git-fixes).
- HID: bigben: use spinlock to protect concurrent accesses
  (git-fixes).
- HID: asus: use spinlock to safely schedule workers (git-fixes).
- HID: asus: use spinlock to protect concurrent accesses
  (git-fixes).
- gpio: tegra186: remove unneeded loop in
  tegra186_gpio_init_route_mapping() (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- leds: led-class: Add missing put_device() to led_put()
  (git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths
  (git-fixes).
- HID: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- HID: elecom: add support for TrackBall 056E:011C (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case
  (git-fixes).
- commit ed4a4d9
- drm/i915: Don't use BAR mappings for ring buffers with LLC
  (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells
  (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types
  (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Don't require
  charging properties (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF
  Kconfig entries (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in
  dmi_sysfs_register_handle (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in
  stratix10_svc_drv_probe() (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init()
  (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A
  usb3-phy0 optional (git-fixes).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amd/display: reduce else-if to else in
  dcn10_blank_pixel_data() (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in
  dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc
  (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue
  (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions
  back in (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned
  (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm: clean event_thread->worker in case of an error
  (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup()
  (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path
  (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc
  (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer
  (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending
  cmd (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness
  (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/bridge: megachips: Fix error handling in
  i2c_register_driver() (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in
  vc4_vec_encoder_enable() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us
  dependency (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board
  (git-fixes).
- commit 3467b1b
- auxdisplay: hd44780: Fix potential memory leak in
  hd44780_remove() (git-fixes).
- Documentation: simplify and clarify DCO contribution example
  language (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as
  parents (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents
  (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled()
  (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code
  (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if
  cpg_mssr_common_init() failed (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function
  (git-fixes).
- dmaengine: ptdma: check for null desc before calling
  pt_cmd_callback (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure
  (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0
  (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation
  (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics
  (git-fixes).
- dmaengine: dw-edma: Don't permit non-inc interleaved xfers
  (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved
  xfers (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device
  links (git-fixes).
- drivers: base: transport_class: fix resource leak when
  transport_add_device() fails (git-fixes).
- drivers: base: transport_class: fix possible memory leak
  (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fix potential null-ptr-deref in device_add()
  (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- Revert "/char: pcmcia: cm4000_cs: Replace mdelay with
  usleep_range in set_protocol"/ (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name
  (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC
  (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats
  (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init()
  (git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number
  (git-fixes).
- ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not
  declared (git-fixes).
- ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init
  (git-fixes).
- ASoC: dt-bindings: meson: fix gx-card codec node regex
  (git-fixes).
- ASoC: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- ASoC: rsnd: fixup #endif position (git-fixes).
- Bluetooth: hci_qca: get wakeup status from serdev device handle
  (git-fixes).
- Bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: rsa-pkcs1pad - Use akcipher_request_complete
  (git-fixes).
- crypto: qat - fix out-of-bounds read (git-fixes).
- Revert "/crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with
  GFP_KERNEL in pkcs1pad_encrypt_sign_complete"/ (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate
  sysfs filename (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for
  SEV_GET_ID2 (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey()
  (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list
  (git-fixes).
- drm/amd/display: Properly handle additional cases where DCN
  is not supported (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS ==
  COMPLETED (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers
  (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap
  based IO (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init()
  (git-fixes).
- commit d5e5686
- ARM: dts: exynos: correct TMU phandle in Odroid XU3 family
  (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible
  (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init()
  (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- ASoC: mchp-spdifrx: disable all interrupts in
  mchp_spdifrx_dai_remove() (git-fixes).
- ASoC: mchp-spdifrx: fix controls which rely on rsr register
  (git-fixes).
- ASoC: soc-compress.c: fixup private_data on
  snd_soc_new_compress() (git-fixes).
- ALSA: hda/ca0132: minor fix for allocation size (git-fixes).
- ACPI: battery: Fix missing NUL-termination with large strings
  (git-fixes).
- ACPICA: nsrepair: handle cases without a return value correctly
  (git-fixes).
- ACPICA: Drop port I/O validation for some regions (git-fixes).
- ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for
  IOMMU node (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node
  (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC
  (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock
  description (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN
  (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan
  thermal trip (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards
  (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit
  address (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name
  (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name
  (git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address
  (git-fixes).
- ARM: dts: imx7s: correct iomuxc gpr mux controller cells
  (git-fixes).
- ARM: dts: exynos: correct HDMI phy compatible in Exynos4
  (git-fixes).
- ARM: dts: exynos: correct wr-active property in Exynos3250
  Rinato (git-fixes).
- ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference
  (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference
  (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output
  names (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells
  (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells
  (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt
  pin name (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k
  instead of 4k (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets
  (git-fixes).
- ARM: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init
  (git-fixes).
- ARM: imx: Call ida_simple_remove() for ida_simple_get
  (git-fixes).
- ARM: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- ARM: OMAP1: call platform_device_put() in error case in
  omap1_dm_timer_init() (git-fixes).
- ARM: OMAP2+: Fix memory leak in realtime_counter_init()
  (git-fixes).
- ALSA: hda/realtek - fixed wrong gpio assigned (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6180 (git-fixes).
- ACPI: NFIT: fix a potential deadlock during NFIT teardown
  (git-fixes).
- ARM: dts: rockchip: add power-domains property to dp node on
  rk3288 (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from
  rk3328-roc-cc (git-fixes).
- ASoC: rt715-sdca: fix clock stop prepare timeout issue
  (git-fixes).
- ASoC: cs42l56: fix DT probe (git-fixes).
- ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers
  (git-fixes).
- ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers
  (git-fixes).
- ALSA: hda: Do not unset preset when cleaning up codec
  (git-fixes).
- ACPI / x86: Add support for LPS0 callback handler (git-fixes).
- commit b514cae
- Refresh
  patches.suse/ipmi-ssif-Add-a-timer-between-request-retries.patch.
- Refresh patches.suse/ipmi-ssif-Remove-rtc_us_timer.patch.
- Refresh patches.suse/ipmi-ssif-resend_msg-cannot-fail.patch.
- Refresh
  patches.suse/ipmi_ssif-Rename-idle-state-and-check.patch.
- commit 39421c5
- KABI fix for:  NFSv3: handle out-of-order write replies
  (bsc#1205544).
- commit 931f6bd
- NFSv3: handle out-of-order write replies (bsc#1205544).
- commit 96398e7
- locking/rwsem: Disable preemption in all down_write*() and
  up_write() code paths (bsc#1207270).
- commit 87b3e0b
- locking/rwsem: Disable preemption in all down_read*() and
  up_read() code paths (bsc#1207270).
- commit c4762ff
- locking/rwsem: Prevent non-first waiter from spinning in
  down_write() slowpath (bsc#1207270).
- commit 61aa9bc
- locking/rwsem: Disable preemption while trying for rwsem lock
  (bsc#1207270).
- commit 164c146
- locking/rwsem: Allow slowpath writer to ignore handoff bit if
  not set by first waiter (bsc#1207270).
- commit 05a6130
- locking/rwsem: Always try to wake waiters in out_nolock path
  (bsc#1207270).
- commit 2d3049a
- locking/rwsem: Conditionally wake waiters in reader/writer
  slowpaths (bsc#1207270).
- commit 6c03884
- locking/rwsem: No need to check for handoff bit if wait queue
  empty (bsc#1207270).
- commit 7ef94ea
- locking: Add missing __sched attributes (bsc#1207270).
- commit 241a50d
- locking/rwsem: Make handoff bit handling more consistent
  (bsc#1207270).
- commit 68640da
- wifi: ath9k: Fix potential stack-out-of-bounds write in
  ath9k_wmi_rsp_callback() (git-fixes).
- commit 4c1ac5d
- blacklist.conf: Add oops_limit accretion disk
- commit b22c6d0
- powerpc/eeh: Set channel state after notifying the drivers
  (bsc#1208784 ltc#201612).
- commit c4cafd6
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA
  clustering (bsc#1208420).
- commit 30beac0
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- commit adff7f2
- IB/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- commit 3bdf9ca
- RDMA/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- commit 878e0eb
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- commit d90e67e
- RDMA/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- commit 05d982b
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- commit 7eb2c03
- RDMA/siw: Fix user page pinning accounting (git-fixes)
- commit d72f1f4
- fuse: add inode/permission checks to fileattr_get/fileattr_set
  (bsc#1208759).
- commit 91990ec
- usb: gadget: u_serial: Add null pointer check in gserial_resume
  (git-fixes).
- commit 4549b2e
- Update
  patches.suse/usb-dwc3-dwc3-qcom-Add-missing-platform_device_put-i.patch
  (bsc#1208741 CVE-2023-22995).
  Added CVE reference for fix already present
- commit 3d3f080
- net: mpls: fix stale pointer if allocation fails during device
  rename (bsc#1208700 CVE-2023-26545).
- commit 7ee1e3a
- RDMA/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- commit 364a0c0
- RDMA/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- commit 4c3dcae
- iommu/hyper-v: Allow hyperv irq remapping without x2apic
  (git-fixes).
- commit 944a8e8
- Avoid deadlock for recursive I/O on dm-thin when used as swap
  (bsc#1177529).
- commit 9236175
- x86/mm: Randomize per-cpu entry area (bsc#1207845
  CVE-2023-0597).
- commit 3959431
- [xen] fix "/direction"/ argument of iov_iter_kvec() (git-fixes).
- commit defee4c
- xen/privcmd: Fix a possible warning in
  privcmd_ioctl_mmap_resource() (git-fixes).
- commit fca2519
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- commit d392a17
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()
  (git-fixes).
- commit cd8f1e2
- blacklist.conf: add "/xen/netback: don't call kfree_skb() under
  spin_lock_irqsave()"/
- commit 49e8a38
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- commit 81410eb
- xen/netback: fix build warning (git-fixes).
- Refresh
  patches.suse/xen-netback-Ensure-protocol-headers-don-t-fall-in-th.patch.
- commit 18cf292
- xen/platform-pci: add missing free_irq() in error path
  (git-fixes).
- commit 1274346
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too
  (git-fixes).
- commit e6b17f1
- xen/netback: do some code cleanup (git-fixes).
- Refresh
  patches.suse/xen-netback-don-t-call-kfree_skb-with-interrupts-dis.patch.
- commit ea1b704
- xen/netfront: destroy queues before real_num_tx_queues is zeroed
  (git-fixes).
- commit 264c043
- xfs: convert ptag flags to unsigned (git-fixes).
- commit a339957
- xfs: don't leak btree cursor when insrec fails after a split
  (git-fixes).
- commit fb35824
- xfs: don't assert fail on perag references on teardown
  (git-fixes).
- commit d42b263
- xfs: zero inode fork buffer at allocation (git-fixes).
- commit e8b3335
- block: bio-integrity: Copy flags when bio_integrity_payload
  is cloned (bsc#1208541).
- commit 9308710
- scsi: lpfc: Copyright updates for 14.2.0.10 patches
  (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Introduce new attention types for
  lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after
  FLOGI completion (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs
  firmware write (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not
  in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in
  lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport()
  (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length
  (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used
  compiler warnings (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy()
  (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show()
  (bsc#1208607).
- commit eecdcbc
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation
  (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf()
  static (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd()
  gets called (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start
  (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention
  (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt
  (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management
  commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests
  (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment
  (bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS
  (bsc#1208570).
- commit e9e64c0
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC
  (git-fixes).
- x86/hyperv: Introduce
  HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants
  (git-fixes).
- PCI: hv: update comment in x86 specific hv_arch_irq_unmask
  (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- commit e18f1a9
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- commit 43b143c
- drm/hyperv : Removing the restruction of VRAM allocation with
  PCI bar size (git-fixes).
- commit 6cc703f
- powercap: fix possible name leak in powercap_register_zone()
  (git-fixes).
- commit d3806fa
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- commit f901e29
- blacklist.conf: false positive
- commit b59e5d1
- usb: musb: Add and use inline function musb_otg_state_string
  (git-fixes).
- commit cd1604d
- usb: musb: Add and use inline functions musb_{get,set}_state
  (git-fixes).
- commit 4523590
- usb: musb: remove schedule work called after flush (git-fixes).
- commit f3d8faf
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init
  (git-fixes).
- commit b3d3528
- usb: dwc3: qcom: clean up icc init (git-fixes).
- commit 88d9416
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- commit b64ea4c
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- commit 2e3d004
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- Refresh
  patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit 9b6a3e2
- Revert "/usb: dwc3: qcom: Keep power domain on to retain
  controller status"/ (git-fixes).
- commit 2174f55
- usb: dwc3: core: Host wake up support from system suspend
  (git-fixes).
- Refresh
  patches.suse/usb-dwc3-core-leave-default-DMA-if-the-controller-do.patch.
- commit f82f88f
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- commit dc0c872
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- commit d9b764b
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- commit 4cd8f2e
- usb: dwc3: qcom: Keep power domain on to retain controller
  status (git-fixes).
- commit f6409bd
- usb: dwc3: qcom: Configure wakeup interrupts during suspend
  (git-fixes).
- Refresh patches.suse/usb-dwc3-qcom-fix-runtime-PM-wakeup.patch.
- Refresh
  patches.suse/usb-dwc3-qcom-fix-use-after-free-on-runtime-PM-wakeu.patch.
- commit a8bd7ad
- blacklist.conf: kABI
- commit b99a3c8
- s390/dasd: Fix potential memleak in dasd_eckd_init()
  (git-fixes).
- commit 4a4e22d
- blacklist.conf: ("/ARM: 9280/1: mm: fix warning on phys_addr_t to void pointer"/)
- commit 5089b86
- ARM: renumber bits related to _TIF_WORK_MASK (git-fixes)
- commit c91243e
- blacklist.conf: ("/ARM: 9266/1: mm: fix no-MMU ZERO_PAGE() implementation"/)
- commit 400cab3
- blacklist.conf: ("/ARM: at91: pm: avoid soft resetting AC DLL"/)
- commit 6bcebc9
- blacklist.conf: ("/ARM: dts: at91: sama7g5: fix signal name of pin PB2"/)
- commit 919e157
- ARM: dts: am5748: keep usb4_tm disabled (git-fixes)
- commit b8d72b7
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: specify proper regulator output ranges"/)
- commit 3ab614b
- blacklist.conf: ("/ARM: at91: pm: fix DDR recalibration when resuming from backup and"/)
- commit 0f7a39d
- blacklist.conf: ("/ARM: at91: pm: fix self-refresh for sama7g5"/)
- commit be8848f
- Update
  patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
  (CVE-2023-23559 bsc#1207051).
  Added CVE reference to patch already merged through git-fixes
- commit a3e1190
- ARM: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- commit 91b832e
- ARM: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- commit 1de40c0
- blacklist.conf: ("/ARM: dts: qcom-msm8974: fix irq type on blsp2_uart1"/)
- commit fa5a88a
- blacklist.conf: ("/ARM: dts: ux500: Fix Gavini accelerometer mounting matrix"/)
- commit 2b7186a
- blacklist.conf: ("/ARM: dts: ux500: Fix Codina accelerometer mounting matrix"/)
- commit aaa59d4
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- commit 6cae44e
- ARM: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- commit 34357fd
- blacklist.conf: ("/ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt"/)
- commit c94ffa5
- virt: sevguest: Rename the sevguest dir and files to sev-guest
  (bsc#1208449).
- Refresh
  patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit efc1984
- virt: sevguest: Change driver name to reflect generic SEV
  support (bsc#1208449).
- Refresh
  patches.suse/x86-sev-Get-the-AP-jump-table-address-from-secrets-page.
- commit 9995360
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto()
  (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver
  (bsc#1208449).
- virt: sev-guest: Pass the appropriate argument type to iounmap()
  (bsc#1208449).
- commit 61ff2a0
- blacklist.conf: ("/ARM: versatile: Add missing of_node_put in dcscb_init"/)
- commit 346b599
- ARM: omap: remove debug-leds driver (git-fixes)
- commit 8b7f9eb
- blacklist.conf: ("/ARM: dts: at91: sama7g5: remove interrupt-parent from gic node"/)
- commit 7886324
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- commit 7eff197
- blacklist.conf: ("/ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines"/)
- commit 5fe218b
- blacklist.conf: ("/arm/xen: Fix some refcount leaks"/)
- commit e7dd5e5
- blacklist.conf: ("/ARM: dts: at91: sama7g5: Remove unused properties in i2c nodes"/)
- commit 8a32969
- blacklist.conf: ("/ARM: dts: at91: fix low limit for CPU regulator"/)
- commit 51d5738
- ARM: remove some dead code (git-fixes)
- commit f7ced4a
- blacklist.conf: ("/ARM: 9179/1: uaccess: avoid alignment faults in"/)
- commit ac48f9d
- blacklist.conf: ("/ARM: dts: gpio-ranges property is now required"/)
- commit 8e50da0
- blacklist.conf: ("/Revert "/ARM: 9070/1: Make UNWINDER_ARM depend on ld.bfd or ld.lld"/)
- commit 6e45b56
- blacklist.conf: ("/Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH"/)
- commit db21aa5
- blacklist.conf: ("/ARM: dts: at91: update alternate function of signal PD20"/)
- commit 638e70e
- ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- commit b3c9eb5
- ARM: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- commit 255b829
- kmap_local: don't assume kmap PTEs are linear arrays in memory (git-fixes)
  Update config/armv7hl/default too.
- commit 4f3ffba
- ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- commit 9fe9f3d
- blacklist.conf: ("/ARM: 9131/1: mm: Fix PXN process with LPAE feature"/)
- commit 401f82c
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- commit 1c4885c
- blacklist: add commit 752f59637128 ("/docs: filesystems: update netfs-api.rst reference"/)
- commit b636a21
- fscache_cookie_enabled: check cookie is valid before accessing
  it (bsc#1208429).
- commit eb9d928
- ceph: flush cap releases when the session is flushed
  (bsc#1208428).
- commit 6cc818b
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- blk-cgroup: fix missing pd_online_fn() while activating policy
  (git-fixes).
- block: don't allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed
  (git-fixes).
- block: mq-deadline: Do not break sequential write streams to
  zoned HDDs (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir
  reference (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed
  (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- drivers/md/md-bitmap: check the return value of
  md_bitmap_get_counter() (git-fixes).
- block/bfq-iosched.c: use "/false"/ rather than "/BLK_RW_ASYNC"/
  (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- commit 1404ba9
- blacklist.conf: add git-fixes commit which won't be backported
- commit 9c78c8a
- net: mana: Assign interrupts to CPUs based on NUMA nodes
  (bsc#1208153).
- Refresh
  patches.suse/net-mana-Fix-IRQ-name-add-PCI-and-queue-number.patch.
- commit e0863ac
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- commit b973d25
- drm/amd/display: Fail atomic_check early on normalize_zpos error
  (git-fixes).
- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path
  (git-fixes).
- net: openvswitch: fix possible memory leak in
  ovs_meter_cmd_set() (git-fixes).
- commit 305b479
- Set references for "/drm/vmwgfx: Validate the box size for the snooped cursor"/ (bsc#1203332 CVE-2022-36280)
- commit 9d6fa3b
- exit: Use READ_ONCE() for all oops/warn limit reads
  (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- commit 75afc24
- panic: Introduce warn_limit (bsc#1207328).
- panic: Consolidate open-coded panic_on_warn checks
  (bsc#1207328).
- kasan: no need to unset panic_on_warn in end_report()
  (bsc#1207328).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue()
  (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- commit 2d71785
- Update
  patches.suse/0001-exit-Put-an-upper-limit-on-how-often-we-can-oops.patch
  (bsc#1207328, bsc#1208290).
- commit d66a2b6
- usb: core: add quirk for Alcor Link AK9563 smartcard reader
  (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- commit d08ee1f
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- blacklist.conf: blacklist fixups for unsupported arches
- exit: Guarantee make_task_dead leaks the tsk when calling
  do_task_exit (bsc#1207328).
- objtool: Add a missing comma to avoid string concatenation
  (bsc#1207328).
- commit a5e521f
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- sysctl: add a new register_sysctl_init() interface
  (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead
  (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead
  (bsc#1207328).
- exit: Add and use make_task_dead (bsc#1207328).
- commit b158add
- blacklist.conf: Add 4a7ba45b1a43 memcg: fix possible use-after-free in memcg_write_event_control()
- commit 6452dee
- net: mana: Fix IRQ name - add PCI and queue number
  (bsc#1207875).
- commit da88ecc
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm
  (git-fixes).
- x86/asm: Fix an assembler warning with current binutils
  (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK
  (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with
  CONFIG_RETHUNK (git-fixes).
- x86/kvm: Remove unused virt to phys translation in
  kvm_guest_cpu_init() (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the
  APs (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state
  cannot be saved (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- commit e419e31
- blacklist.conf: add some x86 entries
- commit a9b7553
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773
  CVE-2023-0045).
- commit e08d6f4
- Fix page corruption caused by racy check in __free_pages
  (bsc#1208149).
- commit 28d64fc
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- commit a36b0e7
- Delete
  patches.suse/ipmi-ssif-Add-60ms-time-internal-between-write-retri.patch.
- commit 2fa3c94
- RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- commit af04c13
- RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- commit c54f45a
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- commit 16b662e
- IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
- commit ccc63fc
- [infiniband] READ is "/data destination"/, not source... (git-fixes)
- commit e72e699
- bpf: Fix a possible task gone issue with
  bpf_send_signal[_thread]() helpers (git-fixes).
- commit 6dd7272
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- commit e9da05e
- tracing: Fix poll() and select() do not work on per_cpu
  trace_pipe and trace_pipe_raw (git-fixes).
- commit 6d2cfdd
- trace_events_hist: add check for return value of
  'create_hist_field' (git-fixes).
- commit 6dd7173
- tracing: Make sure trace_printk() can output as soon as it
  can be used (git-fixes).
- commit cac7b63
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- commit 5ea2f7f
- xfs: hoist refcount record merge predicates (bsc#1208183).
- commit 295092d
- usb: typec: altmodes/displayport: Fix probe pin assign check
  (git-fixes).
- commit 26849f9
- nvdimm: disable namespace on error (bsc#1166486).
- commit 195740e
- spi: dw: Fix wrong FIFO level setting for long xfers
  (git-fixes).
- commit 81770af
- ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs don't work for a HP
  platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41
  (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook,
  645 G9 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy
  Book2 Pro 360 (git-fixes).
- commit 58ec4c2
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm
  (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct
  IRQ mode (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value
  (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some
  Pins (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts
  level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller
  interrupts level-sensitive (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts
  level-sensitive (git-fixes).
- ASoC: topology: Return -ENOMEM on memory allocation failure
  (git-fixes).
- ALSA: emux: Avoid potential array out-of-bound in
  snd_emux_xg_control() (git-fixes).
- ALSA: pci: lx6464es: fix a debug loop (git-fixes).
- commit 1f306c4
- drm/i915: Initialize the obj flags for shmem objects
  (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait
  (git-fixes).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched
  init/fini (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already
  claimed (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL,
  internal PHY (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams
  zerocopy benchmarking (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx
  programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args
  are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized'
  compiler warning (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device
  after use (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU
  (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video
  is enabled (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF
  (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type
  0x0010 table (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe
  (git-fixes).
- ASoC: Intel: bytcht_es8316: move comment to the right place
  (git-fixes).
- ASoC: Intel: boards: fix spelling in comments (git-fixes).
- commit 3e5740a
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210)
  Also enable module in aarch64 default configuration.
- commit 75d6ed8
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- commit fa7eb4a
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- commit 6fe03db
- blacklist.conf: Add inapplicable ppc fixes
- commit 27b4e1f
- blacklist.conf: Add more unsupported ppc architecture paths
- commit 7ff8dae
- ACPI: x86: s2idle: Stop using AMD specific codepath for
  Rembrandt+ (bsc#1206224).
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865
  (bsc#1206224).
- ACPI: x86: s2idle: Add another ID to s2idle_dmi_table
  (bsc#1206224).
- ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG
  Flow X13 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7
  (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14
  (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE
  (bsc#1206224).
- ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID
  (bsc#1206224).
- ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt
  (bsc#1206224).
- ACPI: x86: s2idle: Move _HID handling for AMD systems into
  structures (bsc#1206224).
- ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is
  unset (bsc#1206224).
- ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008
  (bsc#1206224).
- commit 35655fa
- Update tags
  patches.suse/ext4-Fix-check-for-block-being-out-of-directory-size.patch.
- commit 7dd4cb0
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- commit 117a059
- ocfs2: ocfs2_mount_volume does cleanup job before return error
  (bsc#1207770).
- commit dfd7632
- ocfs2: quota_local: fix possible uninitialized-variable access
  in ocfs2_local_read_info() (bsc#1207768).
- commit 4b2997d
- ext4: fix deadlock due to mbcache entry corruption
  (bsc#1207653).
- commit ea7e0f8
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- commit 5549473
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- commit c18a79b
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- commit a2d0061
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- commit 29f0a1d
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- commit ed4271e
- mbcache: Avoid nesting of cache->c_list_lock under bit locks
  (bsc#1207647).
- commit 947b83a
- jbd2: add miss release buffer head in fc_do_one_pass()
  (bsc#1207646).
- commit c61f342
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs
  (bsc#1207645).
- commit d4e2227
- jbd2: fix potential buffer head reference count leak
  (bsc#1207644).
- commit 45a2852
- jbd2: wake up journal waiters in FIFO order, not LIFO
  (bsc#1207643).
- commit 8fd722e
- vfs: Check the truncate maximum size in inode_newsize_ok()
  (bsc#1207642).
- commit 4685fa4
- jbd2: fix a potential race while discarding reserved buffers
  after an abort (bsc#1207641).
- commit b0b81dd
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- commit 5afbf05
- quota: Check next/prev free block number after reading from
  quota file (bsc#1206640).
- commit 1e65abd
- quota: Prevent memory allocation recursion while holding dq_lock
  (bsc#1207639).
- commit a7495d2
- blacklist.conf: Blacklist dd5532a4994b
- commit 4bd9a40
- writeback: avoid use-after-free after removing device
  (bsc#1207638).
- commit 1776642
- ext4: fix reserved cluster accounting in __es_remove_extent()
  (bsc#1207637).
- commit 17f75d7
- ext4: fix inode leak in ext4_xattr_inode_create() on an error
  path (bsc#1207636).
- commit 86dbaea
- ext4: allocate extended attribute value in vmalloc area
  (bsc#1207635).
- commit 3278f6d
- ext4: avoid unaccounted block allocation when expanding inode
  (bsc#1207634).
- commit 587e0b3
- ext4: initialize quota before expanding inode in setproject
  ioctl (bsc#1207633).
- commit 09b6e51
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
  (bsc#1206894).
- commit e824a9a
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- commit 59e5f40
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc
  + inline (bsc#1207631).
- commit fcf7010
- ext4: fix uninititialized value in 'ext4_evict_inode'
  (bsc#1206893).
- commit a4ce862
- ext4: fix error code return to user-space in ext4_get_branch()
  (bsc#1207630).
- commit 3052920
- blacklist.conf: Blacklist 89481b5fa8c0
- commit aafc810
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- commit 9d7a800
- ext4: fix off-by-one errors in fast-commit block filling
  (bsc#1207628).
- commit b215d68
- ext4: fix unaligned memory access in ext4_fc_reserve_space()
  (bsc#1207627).
- commit 5e2318b
- ext4: add missing validation of fast-commit record lengths
  (bsc#1207626).
- commit 9374e7a
- ext4: fix leaking uninitialized memory in fast-commit journal
  (bsc#1207625).
- commit bea0a27
- ext4: don't set up encryption key during jbd2 transaction
  (bsc#1207624).
- commit 94c26c2
- ext4: disable fast-commit of encrypted dir operations
  (bsc#1207623).
- commit 8b84b5f
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- commit 868c482
- ext4: don't allow journal inode to have encrypt flag
  (bsc#1207621).
- commit fa42934
- ext4: fix undefined behavior in bit shift for
  ext4_check_flag_values (bsc#1206890).
- commit fe391f3
- ext4: fix bug_on in __es_tree_search caused by bad boot loader
  inode (bsc#1207620).
- commit b0bf8bc
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode
  (bsc#1207619).
- commit 0e8c6a3
- ext4: add helper to check quota inums (bsc#1207618).
- commit 710d5f0
- blacklist.conf: Blacklist 78742d4d056d
- commit 510a3a2
- ext4: add inode table check in __ext4_get_inode_loc to aovid
  possible infinite loop (bsc#1207617).
- commit 4fac5ac
- blacklist.conf: Blacklist 318cdc822c63
- commit efccaca
- ext4: silence the warning when evicting inode with
  dioread_nolock (bsc#1206889).
- commit a2ec490
- ext4: fix use-after-free in ext4_ext_shift_extents
  (bsc#1206888).
- commit 786ae72
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- commit 0e67070
- ext4: fix BUG_ON() when directory entry has invalid rec_len
  (bsc#1206886).
- commit b11568d
- ext4: fix potential out of bound read in ext4_fc_replay_scan()
  (bsc#1207616).
- commit 191b92e
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- commit 4278623
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- commit 54601c7
- ext4: update 'state->fc_regions_size' after successful memory
  allocation (bsc#1207613).
- commit dca6962
- ext4: fix potential memory leak in ext4_fc_record_regions()
  (bsc#1207612).
- commit 65b0d99
- ext4: fix potential memory leak in
  ext4_fc_record_modified_inode() (bsc#1207611).
- commit 313959b
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- commit 73881e2
- ext4: fix miss release buffer head in ext4_fc_write_inode
  (bsc#1207609).
- commit 60277f8
- ext4: fix dir corruption when ext4_dx_add_entry() fails
  (bsc#1207608).
- commit d8d3c16
- ext4: place buffer head allocation before handle start
  (bsc#1207607).
- commit 767ca31
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't
  uptodate (bsc#1207606).
- commit 7864371
- ext4: don't increase iversion counter for ea_inodes
  (bsc#1207605).
- commit 15b3923
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- commit 0a2f6bf
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- commit a8218a0
- ext4: don't run ext4lazyinit for read-only filesystems
  (bsc#1207603).
- commit d920748
- ext4: avoid crash when inline data creation follows DIO write
  (bsc#1206883).
- commit efade7c
- ext4: continue to expand file system when the target size
  doesn't reach (bsc#1206882).
- commit caafbe8
- ext4: limit the number of retries after discarding
  preallocations blocks (bsc#1207602).
- commit 550c1e6
- ext4: fix bug in extents parsing when eh_entries == 0 and
  eh_depth > 0 (bsc#1206881).
- commit 846b339
- blacklist.conf: Blacklist mballoc opimization fixes
- commit 2ee70c1
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- commit cee3b5d
- blacklist.conf: Blacklist b24e77ef1c6d
- commit 5f27096
- blacklist.conf: Blacklist 51ae846cff56
- commit 8cb8660
- ext4: correct the misjudgment in ext4_iget_extra_inode
  (bsc#1206878).
- commit 7565182
- ext4: correct max_inline_xattr_value_size computing
  (bsc#1206878).
- commit 5344160
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- commit 51cff2a
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h
  (bsc#1206878).
- commit 0336ab6
- ext4: fix extent status tree race in writeback error recovery
  path (bsc#1206877).
- commit b84af9c
- blacklist.conf: Blacklist 4978c659e7b5
- commit a7e7239
- ext4: update s_overhead_clusters in the superblock during an
  on-line resize (bsc#1206876).
- commit e6b6979
- blacklist.conf: Blacklist fs/ext2
- commit 1e7297b
- blacklist.conf: Blacklist 4efd9f0d120c
- commit 3b5e25a
- ext4: fix bug_on in start_this_handle during umount filesystem
  (bsc#1207594).
- commit 90713b0
- blacklist.conf: Blacklist c864ccd182d6
- commit bc0a035
- blacklist.conf: Blacklist cc5095747edf
- commit 60d47ef
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
  (bsc#1207593).
- commit 2407741
- ext4: correct cluster len and clusters changed accounting in
  ext4_mb_mark_bb (bsc#1207592).
- commit b2577a3
- ext4: fast commit may miss file actions (bsc#1207591).
- commit ea4e204
- ext4: fast commit may not fallback for ineligible commit
  (bsc#1207590).
- commit 5e4d8de
- ext4: simplify updating of fast commit stats (bsc#1207589).
- commit 85414f9
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- commit 62a4d65
- mm/memory.c: fix race when faulting a device private page
  (CVE-2022-3523, bsc#1204363).
  nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523,
  bsc#1204363).
  mm/memory: return vm_fault_t result from migrate_to_ram()
  callback (CVE-2022-3523, bsc#1204363).
  kabi: workaround for migrate_vma.fault_page (CVE-2022-3523,
  bsc#1204363).
- commit 14f6a2f
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- x86: link vdso and boot with -z noexecstack
  - -no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments
  (bsc#1203200).
- commit 7e1512f
kexec-tools
- kexec-tools-ppc64-remove-rma_top-limit.patch: remove ram_top
  restriction (bsc#1203410)
- kexec-bootloader: Add -a argument to load using kexec_load_file() when available (boo#1202820).
ldb
- Remove no longer needed ldb-memory-bug-15096-4.15-ldbonly.patch
- Add cve-2023-0614.patch: Address CVE-2023-0614
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can be
  discovered; (bsc#1209485); (bso#15270);
- Update to version 2.4.4
  + CVE-2022-32746 ldb: db: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
  + CVE-2022-32746: samba: ldb: Use-after-free occurring in
    database audit logging module; (bso#15009); (bsc#1201490).
libX11
- U_Don-t-try-to-destroy-NULL-condition-variables.patch
  * fixes regression introduced with security update for
    CVE-2022-3555 (bsc#1204425, bsc#1208881)
libfastjson
- fix CVE-2020-12762 integer overflow and out-of-bounds write via a
  large JSON file (bsc#1171479)
  add 0001-Fix-CVE-2020-12762.patch
libgcrypt
- FIPS: ECC: Transition to error-state if PCT fail [bsc#1208925]
  * Add libgcrypt-FIPS-ECC-PCT-Add-transition-to-error.patch
- FIPS: ECDSA: Avoid no-keytest in ECDSA keygen [bsc#1208924]
  * Add libgcrypt-FIPS-ECC-disallow-skip-test.patch
- FIPS: PBKDF2: Add additional checks for the minimum key length,
  salt length, iteration count and passphrase length to the kdf
  fips indicator in _gcry_fips_indicator_kdf() [bsc#1208926]
  * Add libgcrypt-FIPS-pkdf2-Additional-checks.patch
libsolv
- handle learnt rules in solver_alternativeinfo()
- support x86_64_v[234] architecture levels
- implement decision sorting for package decisionlists
- add back findutils requires for the libsolv-tools packagse
  [bsc#1195633]
- bump version to 0.7.24
- fix "/keep installed"/ jobs not disabling "/best update"/ rules
- do not autouninstall suse ptf packages
- ensure duplinvolvedmap_all is reset when a solver is reused
- special case file dependencies in the testcase writer
- support stringification of multiple solvables
- new weakdep introspection interface similar to ruleinfos
- support decision reason queries
- support merging of related decissions
- support stringification of ruleinfo, decisioninfo and decision reasons
- support better info about alternatives
- new '-P' and '-W' options for testsolv
- bump version to 0.7.23
libxml2
- Security update:
  * [CVE-2023-29469, bsc#1210412] Hashing of empty dict strings
    isn't deterministic
  - Added patch libxml2-CVE-2023-29469.patch
  * [CVE-CVE-2023-28484, bsc#1210411] NULL dereference in
    xmlSchemaFixupComplexType
  - Added patch libxml2-CVE-2023-28484-1.patch
  - Added patch libxml2-CVE-2023-28484-2.patch
- Remove unneeded dependency (bsc#1209918).
libxslt
- Security Fix: [bsc#1208574, CVE-2021-30560]
  * Use after free in Blink XSLT
  * Add libxslt-CVE-2021-30560.patch
libzypp
- MediaCurl: Fix endless loop if wrong credentials are stored in
  credentials.cat (bsc#1210870)
  Since libzypp-17.31.7 wrong credentials stored in credentials.cat
  may lead to an endless loop. Rather than asking for the right
  credentials, the stored ones are used again and again.
- zypp.conf: Introduce 'download.connect_timeout' [60 sec.]
  (bsc#1208329)
  Maximum time in seconds that you allow the connection phase to
  the server to take. This only limits the connection phase, it has
  no impact once it has connected. (see also CURLOPT_CONNECTTIMEOUT)
- commit: Try to provide /dev fs if not present (fixes #444)
- fix build with boost 1.82.
- version 17.31.11 (22)
- fix build with boost 1.82
- BuildRequires: libsolv-devel >= 0.7.24 for x86_64_v[234]
  support.
- version 17.31.10 (22)
- Workround bsc#1195633 while libsolv <= 0.7.23 is used.
- Fix potential endless loop in new ZYPP_MEDIANETWORK.
- ZYPP_METALINK_DEBUG=1: Log URL and priority of the mirrors
  parsed from a metalink file.
- multicurl: propagate ssl settings stored in repo url
  (boo#1127591)
  Closes #335.
- Teach MediaNetwork to retry on HTTP2 errors.
- fix CapDetail to return Rel::NONE if an EXPRESSION is used as a
  NAMED cap.
- Capability: support parsing richdeps from string.
- defaultLoadSystem: default to LS_NOREFRESH if not root.
- Detect x86_64_v[234]: Fix LZCNT bit used in detection (fixes
  [#439])
  Merges rpm-software-management/rpm#2412: The bit for LZCNT is in
  CPUID 0x80000001, not 1.
- Detect x86_64_v[234] architecture levels (fixes #439)
- Support x86_64_v[234] architecture levels (for #439)
- version 17.31.9 (22)
- ProgressData: enforce reporting the INIT||END state
  (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems
  (bsc#1205636)
- version 17.31.8 (22)
- Hint to "/zypper removeptf"/ to remove PTFs.
- Removing a PTF without enabled repos should always fail
  (bsc#1203248)
  Without enabled repos, the dependent PTF-packages would be
  removed (not replaced!) as well. To remove a PTF "/zypper install
  - - -PTF"/ or a dedicated "/zypper removeptf PTF"/ should be used.
  This will update the installed PTF packages to theit latest
  version.
- version 17.31.7 (22)
- Avoid calling getsockopt when we know the info already.
  This patch hopefully fixes logging on WSL, getsockopt seems to
  not be fully supported but the code required it when accepting
  new socket connections. (for bsc#1178233)
- Enhance yaml-cpp detection (fixes #428)
- No need to redirect 'history.logfile=/dev/null' into the target.
- MultiCurl: Make sure to reset the progress function when
  falling back.
- version 17.31.6 (22)
- Create '.no_auto_prune' in the package cache dir to prevent auto
  cleanup of orphaned repositories (bsc#1204956)
- properly reset range requests (bsc#1204548)
- version 17.31.5 (22)
- Do not clean up MediaSetAccess before using the geoip file
  (fixes #424)
- version 17.31.4 (22)
- Improve download of optional files (fixes #416)
- Do not use geoip rewrites if the repo has explicit country
  settings.
- Implement geoIP feature for zypp.
  This patch adds a feature to rewrite request URLs to the repo
  servers by querying a geoIP file from download.opensuse.org. This
  file can return a redirection target depending on the clients IP
  adress, this way we can directly contact a local mirror of d.o.o
  instead. The redir target stays valid for 24hrs.
  This feature can be disabled in zypp.conf by setting
  'download.use_geoip_mirror = false'.
- Use a dynamic fallback for BLKSIZE in downloads.
  When not receiving a blocklist via metalink file from the server
  MediaMultiCurl used to fallback to a fixed, relatively small
  BLKSIZE. This patch changes the fallback into a dynamic value
  based on the filesize using a similar metric as the MirrorCache
  implementation on the server side.
- Skip media.1/media download for http repo status calc.
  This patch allows zypp to skip a extra media.1/media download to
  calculate if a repository needs to be refreshed. This
  optimisation only takes place if the repo does specify only
  downloading base urls.
- version 17.31.3 (22)
makedumpfile
- fix wrong free issue in init_xen_crash_info (bsc#1201209)
mozilla-nss
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) with
  fixes to PBKDF2 parameter validation.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1208999) to
  validate extra PBKDF2 parameters according to FIPS 140-3.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546) to
  update session->lastOpWasFIPS before destroying the key after
  derivation in the CKM_TLS12_KEY_AND_MAC_DERIVE,
  CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
  CKM_TLS_KEY_AND_MAC_DERIVE and CKM_SSL3_KEY_AND_MAC_DERIVE cases.
- Update nss-fips-pct-pubkeys.patch (bsc#1207209) to remove some
  excess code.
- Update nss-fips-approved-crypto-non-ec.patch (bsc#1191546).
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
  checks. Thanks to Martin for the DHKey parts.
- Add manpages to mozilla-nss-tools (bsc#1208242)
ncurses
- Modify patch ncurses-6.1.dif
  * Secure writing terminfo entries by setfs[gu]id in s[gu]id
    (boo#1210434, CVE-2023-29491)
  * Reading is done since 2000/01/17
nfs-utils
- Rename all drop-in options.conf files as 10-options.conf
  This makes it easier for other packages to over-ride
  with a drop-in with a later sequence number.
  resource-agents does this.
  (bsc#1207843)
- 0026-modprobe-avoid-error-messages-if-sbin-sysctl-fail.patch
  Avoid modprobe errors when sysctl is not installed.
  (bsc#1200710 bsc#1207022 bsc#1206781)
- 0027-nfsd-allow-server-scope-to-be-set-with-config-or-com.patch
  Add "/-S scope"/ option to rpc.nfsd to simplify fail-over cluster
  config.
  (bsc#1203746)
openssh
- Revert addition of openssh-dbus.sh, openssh-dbus.csh, openssh-dbus.fish:
  This caused invalid and irrelevant environment assignments (bsc#1207014).
openssl-1_1
- Security Fix: [CVE-2023-0465, bsc#1209878]
  * Invalid certificate policies in leaf certificates are silently ignored
  * Add openssl-CVE-2023-0465.patch
- Security Fix: [CVE-2023-0466, bsc#1209873]
  * Certificate policy check not enabled
  * Add openssl-CVE-2023-0466.patch
- Security Fix: [CVE-2023-0464, bsc#1209624]
  * Excessive Resource Usage Verifying X.509 Policy Constraints
  * Add openssl-CVE-2023-0464.patch
FIPS: Service-level indicator [bsc#1208998]
  * Add additional check required by FIPS 140-3. Minimum values for
    PBKDF2 are: 112 bits for key, 128 bits for salt, 1000 for
    iteration count and 20 characters for password.
  * Add openssl-1_1-ossl-sli-008-pbkdf2-salt_pass_iteration.patch
- FIPS: Serialize jitterentropy calls [bsc#1207994]
  * Add openssl-1_1-serialize-jitterentropy-calls.patch
patterns-base
- removed openssl1_0_0, it is not certifed in SLES 15 (bsc#1209108)
- change FIPS 140-2 to 140-3 to reflect our current certifications (bsc#1203537)
polkit-default-privs
- Update to version 13.2+20230317.d2bceab:
  * backport of kinfocenter5 (bsc#1209378)
procps
- Add patch bsc1209122-a6c0795d.patch
  * Fix for bsc#1209122 to allow `-´ as leading character to ignore
    possible errors on systctl entries
purge-kernels-service
- Change service type to exec (boo#1198668).
python-PyJWT
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Drop CVE-2022-29217-non-blocked-pubkeys.patch since the issue
  was fixed upstream in version 2.4.0
- Update to 2.4.0 (CVE-2022-29217 boo#1199756)
  - Security
  - [CVE-2022-29217] Prevent key confusion through
    non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24
  - Other changes:
  - Explicit check the key for ECAlgorithm by @estin in
    https://github.com/jpadilla/pyjwt/pull/713
  - Raise DeprecationWarning for jwt.decode(verify=...) by @akx
    in https://github.com/jpadilla/pyjwt/pull/742
  - Don't use implicit optionals by @rekyungmin in
    https://github.com/jpadilla/pyjwt/pull/705
  - documentation fix: show correct scope for decode_complete()
    by @sseering in https://github.com/jpadilla/pyjwt/pull/661
  - fix: Update copyright information by @kkirsche in
    https://github.com/jpadilla/pyjwt/pull/729
  - Don't mutate options dictionary in .decode_complete() by @akx
    in https://github.com/jpadilla/pyjwt/pull/743
  - Add support for Python 3.10 by @hugovk in
    https://github.com/jpadilla/pyjwt/pull/699
  - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in
    https://github.com/jpadilla/pyjwt/pull/725
  - Update usage.rst by @guneybilen in
    https://github.com/jpadilla/pyjwt/pull/727
  - Docs: mention performance reasons for reusing RSAPrivateKey
    when encoding by @dmahr1 in
    https://github.com/jpadilla/pyjwt/pull/734
  - Fixed typo in usage.rst by @israelabraham in
    https://github.com/jpadilla/pyjwt/pull/738
  - Add detached payload support for JWS encoding and decoding by
    @fviard in https://github.com/jpadilla/pyjwt/pull/723
  - Replace various string interpolations with f-strings by @akx
    in https://github.com/jpadilla/pyjwt/pull/744
- Update to 2.3.0
  * Revert "/Remove arbitrary kwargs."/ (#701)
  * Add exception chaining (#702)
- from version 2.2.0
  * Remove arbitrary kwargs. (#657)
  * Use timezone package as Python 3.5+ is required. (#694)
  * Assume JWK without the "/use"/ claim is valid for signing
    as per RFC7517 (#668)
  * Prefer `headers["/alg"/]` to `algorithm` in `jwt.encode()`. (#673)
  * Fix aud validation to support {'aud': null} case. (#670)
  * Make `typ` optional in JWT to be compliant with RFC7519. (#644)
  * Remove upper bound on cryptography version. (#693)
  * Add support for Ed448/EdDSA. (#675)
- update to 2.1.0:
  - Allow claims validation without making JWT signature validation mandatory. `
  - Remove padding from JWK test data. `
  - Make `kty` mandatory in JWK to be compliant with RFC7517. `
  - Allow JWK without `alg` to be compliant with RFC7517. `
  - Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `
  - Add caching by default to PyJWKClient `
  - Add missing exceptions.InvalidKeyError to jwt module __init__ imports `
  - Add support for ES256K algorithm `
  - Add `from_jwk()` to Ed25519Algorithm `
  - Add `to_jwk()` to Ed25519Algorithm `
  - Export `PyJWK` and `PyJWKSet`
- Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352)
- update to 2.0.1:
  * Drop support for Python 2 and Python 3.0-3.5
  * Require cryptography >= 3
  * Drop support for PyCrypto and ECDSA
  * Drop CLI
  * Improve typings
  * Dropped deprecated errors
  * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
  * Dropped deprecated ``verify`` param in ``jwt.decode(...)``
  * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
  * Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
  * Introduce better experience for JWKs
  * further details see included CHANGELOG.rst
- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)
python-cryptography
- Add patch CVE-2023-23931-dont-allow-update-into.patch (bsc#1208036, CVE-2023-23931)
  * Don't allow update_into to mutate immutable objects
python-packaging
- Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629)
- Add patch to fix testsuite on big-endian targets
  + fix-big-endian-build.patch
- Ignore python3.6.2 since the test doesn't support it.
- update to 21.3:
  * Add a pp3-none-any tag (gh#pypa/packaging#311)
  * Replace the blank pyparsing 3 exclusion with a 3.0.5 exclusion
    (gh#pypa/packaging#481), (gh#pypa/packaging#486)
  * Fix a spelling mistake (gh#pypa/packaging#479)
- update to 21.2:
  * Update documentation entry for 21.1.
  * Update pin to pyparsing to exclude 3.0.0.
  * PEP 656: musllinux support
  * Drop support for Python 2.7, Python 3.4 and Python 3.5.
  * Replace distutils usage with sysconfig
  * Add support for zip files in ``parse_sdist_filename``
  * Use cached ``_hash`` attribute to short-circuit tag equality comparisons
  * Specify the default value for the ``specifier`` argument to ``SpecifierSet``
  * Proper keyword-only "/warn"/ argument in packaging.tags
  * Correctly remove prerelease suffixes from ~= check
  * Fix type hints for ``Version.post`` and ``Version.dev``
  * Use typing alias ``UnparsedVersion``
  * Improve type inference for ``packaging.specifiers.filter()``
  * Tighten the return type of ``canonicalize_version()``
- Add Provides: for python*dist(packaging): work around boo#1186870
- skip tests failing because of no-legacyversion-warning.patch
- add no-legacyversion-warning.patch to restore compatibility with 20.4
- update to 20.9:
  * Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
  * Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
  * Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
- update to 20.8:
  * Revert back to setuptools for compatibility purposes for some Linux distros (:issue:`363`)
  * Do not insert an underscore in wheel tags when the interpreter version number
    is more than 2 digits (:issue:`372`)
  * Fix flit configuration, to include LICENSE files (:issue:`357`)
  * Make `intel` a recognized CPU architecture for the `universal` macOS platform tag (:issue:`361`)
  * Add some missing type hints to `packaging.requirements` (issue:`350`)
  * Officially support Python 3.9 (:issue:`343`)
  * Deprecate the ``LegacyVersion`` and ``LegacySpecifier`` classes (:issue:`321`)
  * Handle ``OSError`` on non-dynamic executables when attempting to resolve
    the glibc version string.
- update to 20.4:
  * Canonicalize version before comparing specifiers. (:issue:`282`)
  * Change type hint for ``canonicalize_name`` to return
  ``packaging.utils.NormalizedName``.
  This enables the use of static typing tools (like mypy) to detect mixing of
  normalized and un-normalized names.
python-parallax
- Fix: manager: writer thread can only be started once (bsc#1208817)
  Add patch 0001-Fix-manager-writer-thread-can-only-be-started-once-b.patch
python-shaptools
- Correct macro usage, %ifpython2 is only suitable for Requires.
- Only BuildRequire python-mock under Python 2.
- Create version 0.3.13
- add HANA add_hosts feature
- Forces Instance nr always with 2 positions filled with 0
- Forces right formatting on HANA OS admin user.
python3
- Add bpo-44434-libgcc_s-for-pthread_cancel.patch
  which eliminates unnecessary and dangerous calls to
  PyThread_exit_thread() (bsc#1203355).
- Add CVE-2023-24329-blank-URL-bypass.patch (CVE-2023-24329,
  bsc#1208471) blocklists bypass via the urllib.parse component
  when supplying a URL that starts with blank characters
- Add bpo27321-email-no-replace-header.patch to stop
  email.generator.py from replacing a non-existent header
  (bsc#1208443, gh#python/cpython#71508).
- Add CVE-2022-45061-DoS-by-IDNA-decode.patch to avoid
  CVE-2022-45061 (bsc#1205244) allowing DoS by IDNA decoding
  extremely long domain names.
resource-agents
- ECO: Maint: Remove ocf_heartbeat_ZFS (jsc#PED-2841)
  Add patch:
    remove-zfs-support.patch
- SAPInstance can break if kill.sap includes unexpected content.
  (bsc#1206100)
  Include upstream patch:
    1825.patch
- ECO: Maint: AWS EFS Support in Filesystem OCF required
  (jsc#PED-2794)
  Include upstream patch:
    0001-Filesystem-Add-support-for-Amazon-EFS-mount-helper.patch
rubygem-actionview-5_1
- Add patch to fix CVE-2022-27777 (bsc#1199060)
  0004-CVE-2022-27777.patch
- Add patch to fix CVE-2020-15169 (bsc#1176421)
  0003-CVE-2020-15169.patch
- Add patch to fix CVE-2020-8167 (bsc#1172184)
  0002-CVE-2020-8167.patch
rubygem-activerecord-5_1
- Add patch to fix CVE-2022-44566 (bsc#1207450)
  CVE-2022-44566.patch
rubygem-loofah
- Added patch CVE-2022-23516.patch to fix CVE-2022-23516 (bsc#1206416)
- Added patch CVE-2022-23514.patch to fix CVE-2022-23514 (bsc#1206415)
- Added patch CVE-2022-23515.patch to fix CVE-2022-23515 (bsc#1206417)
rubygem-rack
  fix CVE-2023-27539 [bsc#1209503], denial of service in header parsing
  + rubygem-rack-CVE-2023-27539.patch
- security update
- added patches
  fix CVE-2023-27530 [bsc#1209095], Denial of service in Multipart MIME parsing
  + rubygem-rack-CVE-2023-27530.patch
- security update
- added patches
runc
- Update to runc v1.1.5. Upstream changelog is available from
  <https://github.com/opencontainers/runc/releases/tag/v1.1.5>.
  Includes fixes for the following CVEs:
  - CVE-2023-25809 bsc#1209884
  - CVE-2023-27561 bsc#1208962
  - CVE-2023-28642 bsc#1209888
  * Fix the inability to use `/dev/null` when inside a container.
  * Fix changing the ownership of host's `/dev/null` caused by fd redirection
    (a regression in 1.1.1). bsc#1168481
  * Fix rare runc exec/enter unshare error on older kernels.
  * nsexec: Check for errors in `write_log()`.
- Drop version-specific Go requirement.
salt
- Fix problem with detecting PTF packages (bsc#1208691)
- Added:
  * skip-package-names-without-colon-bsc-1208691-578.patch
- Fixes pkg.version_cmp on openEuler systems and a few other OS flavors
- Make pkg.remove function from zypperpkg module to handle also PTF packages
- Added:
  * 3004-implement-zypper-removeptf-574.patch
  * fixes-pkg.version_cmp-on-openeuler-systems-and-a-few.patch
salt-shaptools
- Version 0.3.17
  * add HANA add_hosts feature
- Version 0.3.16
  * store crm state in __context__ instead of __salt__
- Version 0.3.15
  * workaround to detect aws cloud_provider
    details https://github.com/SUSE/ha-sap-terraform-deployments/issues/832
    until https://github.com/ClusterLabs/crmsh/pull/952 is available
- Version 0.3.14
  * do not raise exception on empty HANA query results
- Version 0.3.13
  * Add module query to HANA
- Version 0.3.12
  * Fix typo to fix uninstalled state
- add cluster init support for OCFS2 device
- qdevice support: it can be created when initializing a cluster
samba
- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
  in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "/dnsHostname"/ attribute can be
  deleted by unprivileged authenticated users; (bso#15276);
  (bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
  be discovered; (bso#15270); (bsc#1209485).
- Prevent use after free of messaging_ctdb_fde_ev structs;
  (bso#15293); (bsc#1207416).
sapconf
- version update from 5.0.5 to 5.0.6
- add parameter IGNORE_RELOAD to /etc/sysconfig/sapconf to prevent
  sapconf from changing any system tunables during package update
  (bsc#1209408)
- fix for a race condition which leads to a missing start/restart
  of sapconf, which ends up with restored kernel parameters to
  defaults
  (bsc#1207899)
scap-security-guide
- updated to 0.1.66 (jsc#ECO-3319)
   - Ubuntu 22.04 CIS
   - OL7 stig v2r9 update
   - Bump OL8 STIG version to V1R4
   - Update RHEL7 STIG to V3R10
   - Update RHEL8 STIG to V1R9
   - Introduce CIS RHEL9 profiles
- also various SUSE profile fixes were done
sg3_utils
- Update to version 1.47+13.75d23ac:
  * rescan-scsi-bus: speed large multipath scans (bsc#1207706)
  * rescan-scsi-bus.sh speed testonline()
  * rescan-scsi-bus.sh: add option --no-lip-scan
  * rescan-scsi-bus: sgdevice26: do not traverse sg class if scsi_device isnot added
  * rescan-scsi-bus.sh: fix handling of '-I <secs>' option
shadow
- bsc#1210507 (CVE-2023-29383):
  Check for control characters
- Add shadow-CVE-2023-29383.patch
shim
- Updated shim.changes to add CVE-2022-28737 number for bsc#1198458.
  The issue be fixed by upgrade to shim 15.7. (bsc#1198458, CVE-2022-28737)
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
  signature. When submit request on IBS for updating SLE shim, the submitreq
  project be generated, but it always be blocked by checking the signature
  of openSUSE shim.
  It doesn't make sense checking openSUSE shim signature when building
  SLE shim on SLE platform, and vice versa. So the following change adds the
  logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
  When and only when hash mismatch and distro_id match with suffix, stop
  building.
    [#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
    [#] when hash mismatch and distro_id match with suffix, stop building
- Upgrade shim-install for bsc#1210382
  After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
  uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
  CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
  so all files in /boot/efi/EFI/boot are not updated.
  The 86b73d1 patch added the logic that using ID field in os-release for
  checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
  Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
  86b73d1 Fix that bootx64.efi is not updated on Leap
  f2e8143 Use the long name to specify the grub2 key protector
  7283012 cryptodisk: support TPM authorized policies
  49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
  26c6bd5 Have grub take a snapshot of "/relevant"/ TPM PCRs
  5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
  a5c5734 Introduce --no-grub-install option
- Updated shim signature after shim 15.7 be signed back:
  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
  disable the NX compatibility flag when using post-process-pe because
  grub2 is not ready. (bsc#1205588)
  - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
    be merged to v5.19. On the other hand, upstream is working on
    improve compressed kernel stage for NX:
    [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
    https://www.spinics.net/lists/kernel/msg4599636.html
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
  enable the NX compatibility flag by default. (jsc#PED-127)
- Drop upstreamed patch:
  - shim-Enable-TDX-measurement-to-RTMR-register.patch
  - Enable TDX measurement to RTMR register (jsc#PED-1273)
  - 4fd484e4c2	15.7
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
  - Patches (git log --oneline --reverse 15.6..15.7)
  0eb07e1 Make SBAT variable payload introspectable
  092c2b2 Reference MokListRT instead of MokList
  8b59b69 Add a link to the test plan in the readme.
  4fd484e Enable TDX measurement to RTMR register
  14d6339 Discard load-options that start with a NUL
  5c537b3 shim: Flush the memory region from i-cache before execution
  2d4ebb5 load_cert_file: Fix stack issue
  ea4911c load_cert_file: Use EFI RT memory function
  0cf43ac Add -malign-double to IA32 compiler flags
  17f0233 pe: Fix image section entry-point validation
  5169769 make-archive: Build reproducible tarball
  aa1b289 mok: remove MokListTrusted from PCR 7
  53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
  616c566 More coverity modeling
  ea0d0a5 Update shim's .sbat to sbat,3
  dd8be98 Bump grub's sbat requirement to grub,3
  1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
  - 15.7 release note https://github.com/rhboot/shim/releases
  Make SBAT variable payload introspectable by @chrisccoulson in #483
  Reference MokListRT instead of MokList by @esnowberg in #488
  Add a link to the test plan in the readme. by @vathpela in #494
  [V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
  Discard load-options that start with a NUL by @frozencemetery in #505
  load_cert_file bugs by @esnowberg in #523
  Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
  pe: Fix image section entry-point validation by @iokomin in #518
  make-archive: Build reproducible tarball by @julian-klode in #527
  mok: remove MokListTrusted from PCR 7 by @baloo in #519
  - Drop upstreamed patch:
  - shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in  AuthenticodeVerify()
  - 53509eaf22	15.7
  - shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
  - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
  - The following patches are merged to 15.7
  aa1b289a1a mok: remove MokListTrusted from PCR 7
  0cf43ac6d7 Add -malign-double to IA32 compiler flags
  ea4911c2f3 load_cert_file: Use EFI RT memory function
  2d4ebb5a79 load_cert_file: Fix stack issue
  5c537b3d0c shim: Flush the memory region from i-cache before execution
  14d6339829 Discard load-options that start with a NUL
  092c2b2bbe Reference MokListRT instead of MokList
  0eb07e11b2 Make SBAT variable payload introspectable
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
  the item in Update to 15.6. (bsc#1198458)
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
  patches between 15.6 with aa1b289a1a (jsc#PED-127):
    aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
    0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
    ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
    2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
    5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
    14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
    092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
    0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
  enhance shim measurement to TD RTMR. (jsc#PED-1273)
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
  and shim.changes: (jsc#PED-127)
  - Add some change log from SLE shim.changes to Factory shim.changes
    Those messages are added "/(sync shim.changes from SLE)"/ tag.
  - Add the following changes to shim.spec
  - only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
    on openSUSE.
  - Enable the AArch64 signature check for SLE:
  [#] AArch64 signature
  signature=%{SOURCE13}
- shim-install: ensure grub.cfg created is not overwritten after
  installing grub related files
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
  (bsc#1201066)
- Add logic to shim.spec for detecting --set-sbat-policy option before
  using mokutil to set sbat policy. (bsc#1202120)
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
- Revoked the change in shim.spec for "/use common SBAT values (boo#1193282)"/
  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
    is unstable for building out a stable shim binary for signing. (bsc#1198458)
  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
    not for openSUSE. (bsc#1198458)
- Update to 15.6 (bsc#1198458)
  - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
    which is from upstream grub2.cve_2021_3695.ms keybase channel.
  - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
    support efi-app-aarch64 target. So we need the following patches in bintuils:
  - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
    b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
  - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
    32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
  - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
    d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
  - Patches (git log --oneline --reverse 15.5~..77144e5a4)
    448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
    a2da05f shim: implement SBAT verification for the shim_lock protocol
    bda03b8 post-process-pe: Fix a missing return code check
    af18810 CI: don't cancel testing when one fails
    ba580f9 CI: remove EOL Fedoras from github actions
    bfeb4b3 Remove aarch64 build tests before f35
    38cc646 CI: Add f36 and centos9 CI build tests.
    b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
    31094e5 tests: also look for system headers in multi-arch directories
    4df989a mock-variables.c: fix gcc warning
    6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
    2670c6a Allow MokListTrusted to be enabled by default
    5c44aaf Add code of conduct
    d6eb9c6 Modernize aarch64
    9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
    de87985 make: don't treat cert.S specially
    803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
    6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
    bb4b60e Add verify_image
    acfd48f Abstract out image reading
    35d7378 Load additional certs from a signed binary
    8ce2832 post-process-pe: there is no 's' argument.
    465663e Add some missing PE image flag definitions
    226fee2 PE Loader: support and require NX
    df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
    b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
    f81a7cc SBAT revocation management
    abe41ab make: unbreak scan-build again for gnu-efi
    610a1ac sbat.h: minor reformatting for legibility
    f28833f peimage.h: make our signature macros force the type
    5d789ca Always initialize data/datasize before calling read_image()
    a50d364 sbat policy: make our policy change actions symbolic
    5868789 load_certs: trust dir->Read() slightly less.
    a78673b mok.c: fix a trivial dead assignment
    759f061 Fix preserve_sbat_uefi_variable() logic
    aa61fdf Give the Coverity scanner some more GCC blinders...
    0214cd9 load_cert_file(): don't defererence NULL
    1eca363 mok import: handle OOM case
    75449bc sbat: Make nth_sbat_field() honor the size limit
    c0bcd04 shim-15.6~rc1
    77144e5 SBAT Policy latest should be a one-shot
  - 15.5 release note https://github.com/rhboot/shim/releases
  Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
  mok: allocate MOK config table as BootServicesData by @lcp in #361
  Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
  Relax the check for import_mok_state() by @lcp in #372
  SBAT.md: trivial changes by @hallyn in #389
  shim: another attempt to fix load options handling by @chrisccoulson in #379
  Add tests for our load options parsing. by @vathpela in #390
  arm/aa64: fix the size of .rela* sections by @lcp in #383
  mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
  mok: relax the maximum variable size check by @lcp in #369
  Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
  fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
  httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
  Fallback allocation errors by @vathpela in #402
  shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
  str: remove duplicate parameter check by @xypron in #408
  fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
  Test mok mirror by @vathpela in #394
  Modify sbat.md to help with readability. by @eshiman in #398
  csv: detect end of csv file correctly by @xypron in #404
  Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
  tests: add "/include-fixed"/ GCC directory to include directories by @diabonas in #415
  pe: simplify generate_hash() by @xypron in #411
  Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
  Fallback to default loader if parsed one does not exist by @julian-klode in #393
  fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
  Better console checks by @vathpela in #416
  docs: update SBAT UEFI variable name by @nicholasbishop in #421
  Don't parse load options if invoked from removable media path by @julian-klode in #399
  fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
  shim: Don't stop forever at "/Secure Boot not enabled"/ notification by @rmetrich in #438
  Shim 15.5 coverity by @vathpela in #439
  Allocate mokvar table in runtime memory. by @vathpela in #447
  Remove post-process-pe on 'make clean' by @vathpela in #448
  pe: missing perror argument by @xypron in #443
  - 15.6-rc1 release note https://github.com/rhboot/shim/releases
  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
  post-process-pe: Fix a missing return code check by @vathpela in #462
  Update github actions matrix to be more useful by @frozencemetery in #469
  Add f36 and centos9 CI builds by @vathpela in #470
  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
  tests: fix gcc warnings by @akodanev in #463
  Allow MokListTrusted to be enabled by default by @esnowberg in #455
  Add code of conduct by @frozencemetery in #427
  Re-add ARM AArch64 support by @vathpela in #468
  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
  make: don't treat cert.S specially by @vathpela in #475
  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
  Support loading additional certificates by @esnowberg in #446
  Add support for NX (W^X) mitigations. by @vathpela in #459
  Misc fixups from scan-build. by @vathpela in #477
  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
  - 15.6 release note https://github.com/rhboot/shim/releases
  MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
  shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
  post-process-pe: Fix a missing return code check by @vathpela in #462
  Update github actions matrix to be more useful by @frozencemetery in #469
  Add f36 and centos9 CI builds by @vathpela in #470
  post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
  tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
  tests: fix gcc warnings by @akodanev in #463
  Allow MokListTrusted to be enabled by default by @esnowberg in #455
  Add code of conduct by @frozencemetery in #427
  Re-add ARM AArch64 support by @vathpela in #468
  Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
  make: don't treat cert.S specially by @vathpela in #475
  shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
  Break out of the inner sbat loop if we find the entry. by @vathpela in #476
  Support loading additional certificates by @esnowberg in #446
  Add support for NX (W^X) mitigations. by @vathpela in #459
  Misc fixups from scan-build. by @vathpela in #477
  Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
  SBAT Policy latest should be a one-shot by @jsetje in #481
  pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
  pe: Perform image verification earlier when loading grub by @chriscoulson
  Update advertised sbat generation number for shim by @jsetje
  Update SBAT generation requirements for 05/24/22 by @jsetje
  Also avoid CVE-2022-28737 in verify_image() by @vathpela
  - Drop upstreamed patch:
  - shim-bsc1184454-allocate-mok-config-table-BS.patch
  - Allocate MOK config table as BootServicesData to avoid the error message
  from linux kernel
  - 4068fd42c8		15.5-rc1~70
  - shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  - Handle ignore_db and user_insecure_mode correctly
  - 822d07ad4f07		15.5-rc1~73
  - shim-bsc1185621-relax-max-var-sz-check.patch
  - Relax the maximum variable size check for u-boot
  - 3f327f546c219634b2	15.5-rc1~49
  - shim-bsc1185261-relax-import_mok_state-check.patch
  - Relax the check for import_mok_state() when Secure Boot is off
  - 9f973e4e95b113	15.5-rc1~67
  - shim-bsc1185232-relax-loadoptions-length-check.patch
  - Relax the check for the LoadOptions length
  - ada7ff69bd8a95	15.5-rc1~52
  - shim-fix-aa64-relsz.patch
  - Fix the size of rela* sections for AArch64
  - 34e3ef205c5d65	15.5-rc1~51
  - shim-bsc1187260-fix-efi-1.10-machines.patch
  - Don't call QueryVariableInfo() on EFI 1.10 machines
  - 493bd940e5		15.5-rc1~69
  - shim-bsc1185232-fix-config-table-copying.patch
  - Avoid buffer overflow when copying the MOK config table
  - 7501b6bb44		15.5-rc1~50
  - shim-bsc1187696-avoid-deleting-rt-variables.patch
  - Avoid deleting the mirrored RT variables
  - b1fead0f7c9		15.5-rc1~37
  - Add "/rm -f *.o"/ after building MokManager/fallback in shim.spec
    to make sure all object files gets rebuilt
  - reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
  in shim-15.6.tar.bz2
  - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
    pe: Fix a buffer overflow when SizeOfRawData VirtualSize
  - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
    pe: Perform image verification earlier when loading grub
  - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
    Update advertised sbat generation number for shim
  - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
    Update SBAT generation requirements for 05/24/22
  - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
    Also avoid CVE-2022-28737 in verify_image()
  - 0006-shim-15.6-rc2.patch
  - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
    sbat: add the parsed SBAT variable entries to the debug log
  - 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
  when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
  (bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
  show the prompt to ask whether the user trusts openSUSE certificate or not
  (bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
  - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
    SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
    openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
  - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
    and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
  - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
    file which includes all .der for testing environment.
- use common SBAT values (boo#1193282)
- Update the SLE signatures (sync shim.changes from SLE)
(sync shim.changes from SLE)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
  buffer overflow when copying data to the MOK config table
  (bsc#1185232)
- Add shim-disable-export-vendor-dbx.patch to disable exporting
  vendor-dbx to MokListXRT since writing a large RT variable
  could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
  potential crash when calling QueryVariableInfo in EFI 1.10
  machines (bsc#1187260)
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
  for AArch64
  Fix: https://github.com/rhboot/shim/issues/371
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
  ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "/shim.efi"/ if the given
  file doesn't exist
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)
  (sync shim.changes from SLE)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
  maximum variable size check for u-boot (bsc#1185621)
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  to handle ignore_db and user_insecure_mode correctly
  (bsc#1185441, bsc#1187071)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261)
  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
- Update the SLE signatures (sync shim.changes from SLE)
sudo
- Fix CVE-2023-28486, sudo does not escape control characters in
  log messages, (CVE-2023-28486, bsc#1209362)
  * sudo-CVE-2023-28486.patch
- Fix CVE-2023-28487, sudo does not escape control characters in
  sudoreplay output (CVE-2023-28487, bsc#1209361)
- sudo-dont-enable-read-after-pty_finish.patch
  * bsc#1203201
  * Do not re-enable the reader when flushing the buffers as part
    of pty_finish().
  * While sudo-observe-SIGCHLD patch applied earlier prevents a
    race condition from happening, this fixes a related buffer hang.
- Added sudo-no-double-free.patch
  * bsc#1208595, CVE-2023-27320
  * Fix a situation where per-command chroot sudoers rules can cause
    a double-free.
- Added sudo-no-passwd-for-nonexisting-cmd.patch
  * bsc#1206772
  * If NOPASSWD is specified, don't ask for password if command is
    not found.
- Added sudo-fix_NULL_deref_RunAs.patch
  * bsc#1206483
  * Fix a situation where "/sudo -U otheruser -l"/ would dereference
    a NULL pointer.
supportutils-plugin-suse-public-cloud
- Update to version 1.0.7 (bsc#1209026)
  + Include information about the cached registration data
  + Collect the data that is sent to the update infrastructure during
    registration
suse-build-key
- Establish multiple new 4096 RSA keys that we will switch
  to mid of 2023. (jsc#PED-2777)
  - gpg-pubkey-3fa1d6ce-63c9481c.asc: new 4096 RSA signing key for SLE (RPM+repos).
  - gpg-pubkey-d588dc46-63c939db.asc: new 4096 RSA reserver key for SLE (RPM+repos).
  - suse_ptf_key_4096.asc: new 4096 RSA signing key for PTF RPMs.
  - build-container-8fd6c337-63c94b45.asc/build-container-8fd6c337-63c94b45.pem:
    new RSA 4096 key for the SUSE registry registry.suse.com, installed as
    suse-container-key-2023.pem and suse-container-key-2023.asc
  - suse_ptf_containerkey_2023.asc suse_ptf_containerkey_2023.pem:
    New PTF container signing key for registry.suse.com/ptf/ space.
suse-module-tools
- Update to version 15.4.16:
  * modprobe.conf: s390x: remove softdep on fbcon (boo#1207853)
suseconnect-ng
- Update to version 1.1.0~git0.e3c41e60892e:
  * Bump to v1.1.0
- Update to version 1.0.0~git23.406b219ccc9e:
  * Added MemTotal detection for HwInfo
  * move 'ExcludeArch' out of the if block
- Update to version 1.0.0~git19.b225bc3:
  * Make keepalive on SUMA systems exit without error (bsc#1207876)
  * Update README.md
  * Add deactivate API to ruby bindings (bsc#1202705)
- Update to version 1.0.0~git14.17a7901:
  * Don't write system_token to service credentials files
  * Allow non-root users to use --version
  * Add: ExcludeArch: %ix86 s390 ppc64 to the .spec file, so we skip builds for unsupported architectures.
  * Update Dockerfile.yast
  * Use openssl go for SLE and Leap 15.5+ builds
  * Fix keepalive feature notice during installation
  * Fix requires for all rhel clone distributions like alma, rocky...
systemd
- Import commit 6441bb41141aaa8bfb63559917362748a3044c15
  165ca0d018 udev-rules: fix nvme symlink creation on namespace changes (bsc#1207410)
- Update 1001-udev-use-lock-when-selecting-the-highest-priority-de.patch (bsc#1203141)
  Optimize when hundred workers claim the same symlink with the same priority.
- Update 0005-udev-create-default-symlinks-for-primary-cd_dvd-driv.patch
  Since commit 38f3e20883ff658935aae5c9 (v248), the symlinks /dev/cdrw and
  /dev/dvdrw could have no longer been created. Futhermore the rule added by
  this patch dealing with /dev/cdrom was redundant with the upstream one
- Import commit dad0071f15341be2b24c2c9d073e62617e0b4673 (merge of v249.16)
- Fix return non-zero value when disabling SysVinit service (bsc#1208432)
- Drop build requirement on libpci, it's not more needed since udev hwdb was
  introduced 11 years ago.
- Move systemd-boot and all components managing (secure) UEFI boot into udev
  sub-package: they may deserve a dedicated sub-package in the future but for
  now move them to udev so they aren't installed in systemd based containers.
- Drop a workaround related to systemd-timesyncd that addressed a Factory issue.
- Conditionalize the use of /lib/modprobe.d only on systems with split usr
  support enabled (i.e. SLE).
- Import commit 119740915155d473de087bd633ba62c1c3e47d36 (merge of v249.15)
  For a complete list of changes, visit:
  https://github.com/openSUSE/systemd/compare/1bfa716e7fb6d7169cece864e75dfe9e52914c99...119740915155d473de087bd633ba62c1c3e47d36
- Make use of the %systemd_* rpm macros consistently. Using the upstream
  variants will ease the backports of Factory changes to SLE since Factory
  systemd uses the upstream variants exclusively.
- machines.target belongs to systemd-container, do its init/cleanup steps from
  the scriptlets of this sub-package.
- Make sure we apply the presets on units shipped by systemd package
- systemd-testsuite: move the integration tests in a dedicated sub directory.
- Move systemd-cryptenroll into udev package.
systemd-presets-common-SUSE
- Enable systemd-pstore.service by default (jsc#PED-2663)
systemd-rpm-macros
- Bump version to 12
- Don't emit a warning when the flag file in /var/lib/systemd/migrated/ is not
  present as it's expected (bsc#1208079).
tar
- Fix CVE-2022-48303, tar has a one-byte out-of-bounds read that
  results in use of uninitialized memory for a conditional jump
  (CVE-2022-48303, bsc#1207753)
  * fix-CVE-2022-48303.patch
- Fix hang when unpacking test tarball, bsc#1202436
  * remove bsc1202436.patch
  * bsc1202436-1.patch
  * bsc1202436-1.patch
tcl
- [bsc#1206623], tcl-string-compare.patch:
  Fix [string compare -length] on big endian and improve
  [string equal] on little endian.
tigervnc
- Fixes for bsc#1209283
  * Drop chown vnc:vnc calls in with-vnc-key.sh
  * Add TLSNone to -securitytypes to increase security in xvnc@.service
timezone
- timezone update 2023c:
  * Revert changes made in 2023b
- timezone update 2023b:
  * Lebanon delays the start of DST this year.
- timezone update 2023a:
  * Egypt now uses DST again, from April through October.
  * This year Morocco springs forward April 23, not April 30.
  * Palestine delays the start of DST this year.
  * Much of Greenland still uses DST from 2024 on.
  * America/Yellowknife now links to America/Edmonton.
  * tzselect can now use current time to help infer timezone.
  * The code now defaults to C99 or later.
- Refresh tzdata-china.diff
vim
- Fixing bsc#1211144 - [Build 96.1] openQA test fails in zypper_migration - conflict between xxd and vim
  * Make xxd conflicting the previous vim packages
- Updated to version 9.0 with patch level 1443, fixes the following security problems
  * Fixing bsc#1209042 (CVE-2023-1264) - VUL-0: CVE-2023-1264: vim: NULL Pointer Dereference vim prior to 9.0.1392
  * Fixing bsc#1209187 (CVE-2023-1355) - VUL-0: CVE-2023-1355: vim: NULL Pointer Dereference prior to 9.0.1402.
  * Fixing bsc#1208828 (CVE-2023-1127) - VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- drop vim-8.0-ttytype-test.patch as it changes test_options.vim which we
  remove during %prep anyway. And this breaks quilt setup.
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1386...v9.0.1443
- Updated to version 9.0 with patch level 1386, fixes the following security problems
  * Fixing bsc#1207780 - (CVE-2023-0512) VUL-0: CVE-2023-0512: vim: Divide By Zero in GitHub repository vim/vim prior to 9.0.1247
  * Fixing bsc#1208957 - (CVE-2023-1175) VUL-0: CVE-2023-1175: vim: Incorrect Calculation of Buffer Size
  * Fixing bsc#1208959 - (CVE-2023-1170) VUL-0: CVE-2023-1170: vim: Heap-based Buffer Overflow in vim prior to 9.0.1376
  * Fixing bsc#1208828 - (CVE-2023-1127) VUL-1: CVE-2023-1127: vim: divide by zero in scrolldown()
- for the complete list of changes see
  https://github.com/vim/vim/compare/v9.0.1234...v9.0.1386
wayland
- U_util-Limit-size-of-wl_map.patch
  U_util-set-errno-when-hitting-WL_MAP_MAX_OBJECTS.patch
  * fixes Reference-count overflow in libwayland-server SHM
    handling (CVE-2021-3782, bsc#1190486)
xen
- bsc#1209017 - VUL-0: CVE-2022-42332: xen: x86 shadow plus
  log-dirty mode use-after-free (XSA-427)
  xsa427.patch
- bsc#1209018 - VUL-0: CVE-2022-42333,CVE-2022-42334: xen: x86/HVM
  pinned cache attributes mis-handling (XSA-428)
  xsa428-1.patch
  xsa428-2.patch
- bsc#1209019 - VUL-0: CVE-2022-42331: xen: x86: speculative
  vulnerability in 32bit SYSCALL path (XSA-429)
  xsa429.patch
- bsc#1208286 - VUL-0: CVE-2022-27672: xen: Cross-Thread Return
  Address Predictions (XSA-426)
  63ebca9c-x86-spec-ctrl-Mitigate-Cross-Thread-Return-Address-Predictions.patch
- bsc#1205792 - Partner-L3: launch-xenstore error messages show in
  SLES15 SP4 xen kernel.
  63e4da00-dont-log-errors-when-trying-to-load-PVH-xenstore-stubdom.patch
- Upstream bug fixes (bsc#1027519)
  63c05478-VMX-calculate-model-specific-LBRs-once.patch
  63c05478-VMX-support-CPUs-without-model-specific-LBR.patch
yast2-add-on
- Fixed failure with the "/media_url"/ element in AutoYaST profile
  containing CDATA block with spaces (bsc#1205928)
- 4.4.8
yast2-bootloader
- make secure boot for ppc64 consistent with how secure boot works
  on other architectures (bsc#1206295)
- 4.4.19
yast2-drbd
- Validate DRBD Device name (bsc#1207952)
- 4.4.3
yast2-network
- Fixed a random build failure (introduced by the previous fix for
  bsc#1207221) (bsc#1208796).
- 4.4.56
- Fix the return of packages needed by the selected backend when
  running an autoinstallation (bsc#1207221)
- 4.4.55
- Do not crash when the NETMASK or PREFIXLEN are invalid
  (bsc#1206551).
- 4.4.54
yast2-online-update
- Fix showing of release notes when we update a rubygem
  (bsc#1205913)
- 4.4.5
yast2-sap-ha
- Clean up Rakefile
- 1.0.18
- Use ruby base64 to replace uuencode/uudecode
  (bsc#1206601)
- 1.0.17
- YaST2 HA Setup for SAP Products - cannot input several instance numbers
  (bsc#1202979)
- 1.0.16
yast2-storage-ng
- Extended regexp to identify Dell BOSS storage devices (bsc#1200975)
- 4.4.42
yast2-users
- Stop mangling the value of "/Create as Btrfs Subvolume"/ for new
  users when clicking on "/Edit -> Details"/ (bsc#1209377).
- 4.4.13
zlib
- Add DFLTCC support for using inflate() with a small window,
  fixes bsc#1206513
  * bsc1206513.patch
zstd
- Fix CVE-2022-4899, bsc#1209533
  * Fix buffer underflow when dir1 == "/"/
  * Disallow empty string as an argument for --output-dir-flat="/"/
  and --output-dir-mirror="/"/.
- Added patches:
  * Disallow-empty-output-directory.patch
  * Fix-buffer-underflow-for-null-dir1.patch
zypper
- Fix selecting installed patterns from picklist (bsc#1209406)
- man: better explanation of --priority (fixes #480)
- version 1.14.60
- BuildRequires:  libzypp-devel >= 17.31.7.
- Provide "/removeptf"/ command (bsc#1203249)
  A remove command which prefers replacing dependant packages to
  removing them as well.
  A PTF is typically removed as soon as the fix it provides is
  applied to the latest official update of the dependant packages.
  But you don't want the dependant packages to be removed together
  with the PTF, which is what the remove command would do. The
  removeptf command however will aim to replace the dependant
  packages by their official update versions.
- patterns: Avoid dispylaing superfluous @System entries
  (bsc#1205570)
- version 1.14.59
- Update man page and explain '.no_auto_prune' (bsc#1204956)
- Allow to (re)add a service with the same URL (bsc#1203715)
- Explain outdatedness of repos (fixes #463)
- BuildRequires:  libzypp-devel >= 17.31.5
- version 1.14.58