Removed rpms
============

 - Mesa-libGL-devel-32bit
 - Mesa-libglapi0-32bit
 - Mesa-vulkan-overlay-32bit
 - gtk2-engine-oxygen-32bit
 - Mesa-dri-nouveau-32bit
 - Mesa-libEGL1-32bit
 - Mesa-libGLESv1_CM-devel-32bit
 - Mesa-libglapi-devel-32bit
 - Mesa-vulkan-device-select-32bit
 - libOSMesa8-32bit
 - libSDL2_net-2_0-0-32bit
 - libSDL2_net-devel-32bit
 - libSDL2_ttf-devel-32bit
 - libSDL_net-1_2-0-32bit
 - libSDLmm-0_1-8-32bit
 - libdbusmenu-qt5-2-32bit
 - libdbusmenu-qt5-devel-32bit
 - libfdisk1-32bit
 - libfreebl3-32bit
 - libmount-devel-32bit
 - libnettle8-32bit
 - libpostproc55_9-32bit
 - libraptor2-0-32bit
 - libswresample3_9-32bit
 - libudev1-32bit
 - libuuid-devel-32bit
 - libvdpau_nouveau-32bit
 - libvdpau_r300-32bit
 - libxapian30-32bit
 - libxcb-cursor0-32bit
 - libz1-32bit
 - mozilla-nss-32bit
 - systemd-32bit
 - libSDL2_gfx-devel-32bit
 - libSDL_gfx-devel-32bit
 - libSDL_image-1_2-0-32bit
 - libSDL_ttf-devel-32bit
 - libSDLmm-devel-32bit
 - libabsl2206_0_0
 - libavformat58_76-32bit
 - libavutil56_70-32bit
 - libblkid-devel-32bit
 - libblkid1-32bit
 - libclang-cpp13-32bit
 - libdw1-32bit
 - libfreebl3-hmac-32bit
 - libgbm-devel-32bit
 - libgnutls30-hmac-32bit
 - libhogweed6-32bit
 - libmediainfo0-32bit
 - libopenh264-6
 - libopenh264-devel
 - libswscale5_9-32bit
 - libsystemd0-32bit
 - libvdpau_radeonsi-32bit
 - mozilla-openh264
 - openldap2-devel-32bit
 - wine-staging-devel-32bit
 - xcb-util-cursor-devel-32bit
 - zlib-devel-static-32bit

Added rpms
==========

 - Mesa-dri-nouveau-32bit
 - Mesa-libEGL1-32bit
 - Mesa-libGLESv1_CM-devel-32bit
 - Mesa-libglapi-devel-32bit
 - Mesa-vulkan-device-select-32bit
 - abseil-cpp
 - gcc10-PIE
 - Mesa-libGL-devel-32bit
 - Mesa-libglapi0-32bit
 - Mesa-vulkan-overlay-32bit
 - gtk2-engine-oxygen-32bit
 - libSDL2_gfx-devel-32bit
 - libSDL_gfx-devel-32bit
 - libSDL_image-1_2-0-32bit
 - libSDL_ttf-devel-32bit
 - libSDLmm-devel-32bit
 - libavformat58_76-32bit
 - libavutil56_70-32bit
 - libblkid-devel-32bit
 - libblkid1-32bit
 - libclang-cpp13-32bit
 - libdw1-32bit
 - libfreebl3-hmac-32bit
 - libgbm-devel-32bit
 - libgnutls30-hmac-32bit
 - libhogweed6-32bit
 - libiniparser1-32bit
 - libmediainfo0-32bit
 - libswscale5_9-32bit
 - libsystemd0-32bit
 - libvdpau_radeonsi-32bit
 - openldap2-devel-32bit
 - wine-staging-devel-32bit
 - xcb-util-cursor-devel-32bit
 - zlib-devel-static-32bit
 - libOSMesa8-32bit
 - libSDL2_net-2_0-0-32bit
 - libSDL2_net-devel-32bit
 - libSDL2_ttf-devel-32bit
 - libSDL_net-1_2-0-32bit
 - libSDLmm-0_1-8-32bit
 - libasan6-gcc10
 - libasan6-gcc10-32bit
 - libatomic1-gcc10
 - libatomic1-gcc10-32bit
 - libdbusmenu-qt5-2-32bit
 - libdbusmenu-qt5-devel-32bit
 - libfdisk1-32bit
 - libfreebl3-32bit
 - libgcc_s1-gcc10
 - libgcc_s1-gcc10-32bit
 - libgfortran5-gcc10
 - libgfortran5-gcc10-32bit
 - libgomp1-gcc10
 - libgomp1-gcc10-32bit
 - libitm1-gcc10
 - libitm1-gcc10-32bit
 - libixion-0_17-0
 - liblsan0-gcc10
 - libmount-devel-32bit
 - libnettle8-32bit
 - libobjc4-gcc10
 - libobjc4-gcc10-32bit
 - liborcus-0_17-0
 - libpostproc55_9-32bit
 - libquadmath0-gcc10
 - libquadmath0-gcc10-32bit
 - libraptor2-0-32bit
 - libstdc++6-gcc10
 - libstdc++6-gcc10-32bit
 - libstdc++6-gcc10-locale
 - libswresample3_9-32bit
 - libtsan0-gcc10
 - libubsan1-gcc10
 - libubsan1-gcc10-32bit
 - libudev1-32bit
 - libuuid-devel-32bit
 - libvdpau_nouveau-32bit
 - libvdpau_r300-32bit
 - libxapian30-32bit
 - libxcb-cursor0-32bit
 - libz1-32bit
 - mdds-2_0-devel
 - mozilla-nss-32bit
 - systemd-32bit

Package Source Changes
======================

Mesa
+- revert previous change, since it resulted in Xorg and Mesa no
+  longer being able to load "i965" driver at all! This affects many
+  if not almost all Intel GPU users. I can't tell why this happens,
+  but I'm afraid we need to act immediately (boo#1202850); reopened
+  boo#1200965 for now ...
+
+- change default driver from 'iris' back to 'i965' for Intel
+  Gen8-11 hardware; that way we also use the same driver used by X
+  and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
+
Mesa-drivers
+- revert previous change, since it resulted in Xorg and Mesa no
+  longer being able to load "i965" driver at all! This affects many
+  if not almost all Intel GPU users. I can't tell why this happens,
+  but I'm afraid we need to act immediately (boo#1202850); reopened
+  boo#1200965 for now ...
+
+- change default driver from 'iris' back to 'i965' for Intel
+  Gen8-11 hardware; that way we also use the same driver used by X
+  and Mesa (boo#1200965); related bugs: boo#1197045, boo#1197046
+
abseil-cpp
-- Add Fix-maes-msse41-leaking-into-pkgconfig.patch
-  * Do not make programs compiled with abseil require new-ish CPUs.
-
-- Update to version 20220623.0
-  What's New:
-  * Added absl::AnyInvocable, a move-only function type.
-  * Added absl::CordBuffer, a type for buffering data for eventual inclusion an
-    absl::Cord, which is useful for writing zero-copy code.
-  * Added support for command-line flags of type absl::optional<T>.
-  Breaking Changes:
-  * CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
-    whether or not unit tests are built.
-  * The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
-    are experiencing new warnings can use -Wno-deprecated-declatations silence
-  the warnings or use -Wno-error=deprecated-declarations to see warnings but
-  not fail the build.
-  * ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
-    compilers are more strict about where this keyword must appear compared to
-  the pre-C++20 implementation.
-  * Bazel builds now depend on the bazelbuild/bazel-skylib repository.
-    See Abseil's WORKSPACE file for an example of how to add this dependency.
-  Other:
-  * This will be the last release to support C++11. Future releases will require at least C++14.
-- run spec-cleaner
-
-- Remove obsolete 0%{suse_version} < 1500 conditions
-
-- Add options-old.patch, options-cxx17.patch
-  * Ensure ABI stability regardless of compiler settings per instruction in the header.
-
-- Implement shlib packaging policy
-
audit-secondary
+- Update audit-secondary.spec: create symbolic link from
+  /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519).
+
bpftrace
+- do not link against the shared BFD libraries [bsc#1200630]
+
btrfsprogs
+- Upstream behavior of btrfs compression=none (JSC#PED-1711)
+  * btrfs-progs_props_dont_translate_value_of_compression_none.patch
+
clamav-database
+- database refresh on 2022-08-29 (bsc#1084929)
+
+- database refresh on 2022-08-22 (bsc#1084929)
+
clamsap
+- Fix XML MIME type detection using libmagic
+- 0.104.3 (jsc#PED-805)
+
cloud-regionsrv-client
+- Follow up fix to 10.0.4 (bsc#1202706)
+  - While the source code was updated to support SLE Micro the spec file
+    was not updated for the new locations of the cache and the certs.
+    Update the spec file to be consistent with the code implementation.
+
+- Update to version 10.0.5 (bsc#1201612)
+  - Handle exception when trying to deregister a system form the server
+
cosign
+- updated to 1.10.1 (jsc#SLE-23879)
+  - CVE-2022-35929: Fixed that cosign verify-attestaton --type can
+    report a false positive if any attestation exists (GHSA-vjxv-45g9-9296
+    (bsc#1202157)
+- What else changed:
+  - add flag to allow skipping upload to transparency log by @k4leung4 in #2089
+  - Improve error message when no sigs/atts are found for an image by @imjasonh in #2101
+  - Change Result in Vulnerability Attestation to interface{} by @knqyf263 in #2096
+  - Fix field names in the vulnerability attestation by @otms61 in #2099
+  - remove style jobs and cleanup makefile gofmt and goimports are running already with golangci-lint by @cpanato in #2105
+  - sparkles Enable Scorecard badge by @azeemshaikh38 in #2109
+  - Resolves #522 set Created date to time of execution by @Lerentis in #2108
+  - Introduce a custom error type to classify errors. by @mattmoor in #2114
+  - feat: attach: attestation: allow passing multiple payloads by @Dentrax in #2085
+  - update cross-builder to go1.18.5 and cosign image to 1.10.0 by @cpanato in #2119
+  - chore: fix documentation and warning on using untrusted rekor key by @asraa in #2124
+  - Correct the type used for attest by @mattmoor in #2128
+
+- updated to 1.10.0
+  - replace gcr.io/distroless/ to use ghcr.io/distroless/ by @cpanato in #1961
+  - Separate RegExp matching of issuer/subject from strict by @vaikas in #1956
+  - tuf: improve TUF client concurrency and caching by @asraa in #1953
+  - Add Cloudsmith Container Registry to tested registry list by @ciaracarey in #1966
+  - feat(fulcioroots): singleton error pattern by @developer-guy in #1965
+  - Drop tuf client dependency on GCS client library by @imjasonh in #1967
+  - Add spdxjson predicate type for attestations by @jdolitsky in #1974
+  - Remove policy-controller now that it lives in sigstore/policy-controller by @vaikas in #1976
+  - cleanup: unexport kubernetes.Client method by @imjasonh in #1973
+  - cleanup ci job and remove policy-controller references by @cpanato in #1981
+  - fix/update post build job by @cpanato in #1983
+  - docs: updated Azure kms commands. by @JBrejnholt in #1972
+  - Add cyclonedx predicate type for attestations by @jdolitsky in #1977
+  - Route deprecated -version to version subcommand by @puerco in #1854
+  - docs(readme): add installation steps for container image for cosign binary by @developer-guy in #1986
+  - Add --platform flag to cosign sbom download by @puerco in #1975
+  - Use pkg/fulcioroots and pkg/tuf from sigstore/sigstore by @imjasonh in #1866
+  - Add --oidc-provider flag to specify which provider to use for ambient credentials by @priyawadhwa in #1998
+  - encrypt values to create the github action secret by @cpanato in #1990
+  - sign-blob: bundle should work independently and respect --output-certificate and --output-signature by @Dentrax in #2016
+  - Attempt to clean up pkg/cosign by @imjasonh in #2018
+  - public-key: fix command description by @Dentrax in #2024
+  - [NFC] specs: fix list formatting on SIGNATURE_SPEC by @woodruffw in #2030
+  - feat: cert-extensions verify by @developer-guy in #1626
+  - Fix #1378 create new attestation signature in replace mode if not existent by @Syquel in #2014
+  - Use cosign.ConfirmPrompt more consistently by @imjasonh in #2039
+  - chore: add a note about SIGSTORE_REKOR_PUBLIC_KEY var by @hectorj2f in #2040
+  - Fix OIDC test by @cpanato in #2050
+  - Add env subcommand. by @wlynch in #2051
+  - remove tests with 1.21 k8s cluster because it is deprecated and add v1.23/24 by @cpanato in #2055
+  - update ct/otel and etcd by @cpanato in #2054
+  - chore(deps): CycloneDX PredicateType changed to use in-toto-golang by @masahiro331 in #2067
+  - Remove replace directives in go.mod. by @wlynch in #2070
+  - update design doc link by @bobcallaway in #2077
+  - Remove hack/tools.go by @imjasonh in #2080
+  - fix missing quote by @cpanato in #2090
+- removed cosigned and webhook
+
+- updated to 1.9.0
+  - Check failure message of policy that fails with issuer mismatch by @vaikas in #1815
+  - [Cosigned] Add signature pull secrets by @DennyHoang in #1805
+  - feat: add rego policy support by @hectorj2f in #1817
+  - Refactor fulcio signer to take in KeyOpts (take 2) by @wlynch in #1818
+  - cosigned: Test unsupported KMS providers by @imjasonh in #1820
+  - chore(deps): Included dependency review by @naveensrinivasan in #1792
+  - Add auth flow option to KeyOpts. by @wlynch in #1827
+  - Document Staging instance usage with Keyless by @k4leung4 in #1824
+  - New flag --oidc-providers-disable to disable OIDC providers by @puerco in #1832
+  - Validate tlog entry when verifying signature via public key. by @wlynch in #1833
+  - Add function to explicitly request a certain provider by @priyawadhwa in #1837
+  - cosigned: Fix podAntiAffinity labels by @elfotografo007 in #1841
+  - remove exclude from go.mod by @cpanato in #1846
+  - [Cosigned] Glob matching improvement by @DennyHoang in #1842
+  - sget: Enable KMS providers for sget by @imjasonh in #1852
+  - Fix piv-tool generate-key command in TOKENS doc by @nealmcb in #1850
+  - Add IBM Cloud Container Registry to tested registry list by @bainsy88 in #1856
+  - If SBOM ref has .json suffix, assume JSON mediatype by @jdolitsky in #1859
+  - Add rekor.0.pub TUF target to unit tests by @priyawadhwa in #1860
+  - Normalize certificate flag names by @haydentherapper in #1868
+  - Check certificate policy flags with only a certificate by @haydentherapper in #1869
+  - Update go to 1.17.10 / cosign image to 1.18.0 and actions setup go by @cpanato in #1861
+  - Point git commmit FUN.md to gitsign! by @wlynch in #1874
+  - [cosigned] remove regex from the image pattern fields by @hectorj2f in #1873
+  - go.mod: format go.mod by @zchee in #1879
+  - Remove dependency on deprecated github.com/pkg/errors by @zchee in #1887
+  - tree: only report artifacts that are present by @ribbybibby in #1872
+  - update README with ebpf modules by @EItanya in #1888
+  - Update github.com/google/go-containerregistry/pkg/authn/k8schain module to f1b065c6cb3d by @vpnachev in #1889
+  - v1beta1 API for cosigned by @vaikas in #1890
+  - tree: support --attachment-tag-prefix by @ribbybibby in #1900
+  - [cosigned] Remove undefined apiGroups from policy clusterrole by @vpnachev in #1896
+  - GHSA-66x3-6cw3-v5gj: Update go-tuf to v0.3.0 by @janisz in #1894
+  - The timeout arg in golangci-lint has been moved to the generic args p… by @dlorenc in #1901
+  - [cosigned] Rename cosigned references to policy-controller by @hectorj2f in #1893
+  - Move deprecated dependency: google/trillian/merkle to transparency-dev by @cpanato in #1910
+  - Add support for "**" in image glob matching by @imjasonh in #1914
+  - Add privacy statement for PII storage by @haydentherapper in #1909
+  - Do not push to public rekor. by @vaikas in #1931
+  - fix: fix fetching updated targets from TUF root by @asraa in #1921
+  - fix: fix #1930 for AWS KMS formats by @vaikas in #1946
+  - update cross-builder image to use go1.17.11 by @cpanato in #1950
+  - remove deprecation from goreleaser, go-fish is not supported anymore by @cpanato in #1952
+  - add changelog for v1.9.0 by @cpanato in #1955
+  - add parallelism for goreleaser by @cpanato in #1957
+
+- updated to 1.8.0
+  - Move the KMS integration imports into the binary entrypoints by @mattmoor in #1744
+  - [Cosigned] Convert functions for webhookCIP from v1alpha1 by @DennyHoang in #1736
+  - Refactor policy related code, add support for vuln verify by @vaikas in #1747
+  - Use bundle log ID to find verification key by @haydentherapper in #1748
+  - [cosigned] The webhook name is now configurable via --webhook-name flag by @vpnachev in #1726
+  - Add intermediate CA certificate pool for Fulcio by @haydentherapper in #1749
+  - test: create fake TUF test root and create test SETs for verification by @asraa in #1750
+  - Implement identities, fix bug in webhook validation. by @vaikas in #1759
+  - Validate issuer/subject regexp in validate webhook. by @vaikas in #1761
+  - chore: add warning when attaching sBOMs by @hectorj2f in #1756
+  - Verify embedded SCTs by @haydentherapper in #1731
+  - chore: add warning when downloading a sBOM by @hectorj2f in #1763
+  - [policy-webhook] The webhooks name is now configurable via --(validating|mutating)-webhook-name flags by @vpnachev in #1757
+  - Break the CIP action tests into a sh script. by @vaikas in #1767
+  - tuf: add debug info if tuf update fails by @asraa in #1766
+  - cosigned: add support for rsa keys by @hectorj2f in #1768
+  - Cosigned validate against remote sig src by @DennyHoang in #1754
+  - Add Fulcio intermediate CA certificate to intermediate pool by @haydentherapper in #1774
+  - fix: more informative error by @ybelMekk in #1778
+  - Run update-codegen. by @wlynch in #1789
+  - Remove the dependency on v1alpha1.Identity which brings in unnecessary k8s deps. by @vaikas in #1790
+  - Refactor fulcio signer to take in KeyOpts. by @wlynch in #1788
+  - test: add cue unit tests by @hectorj2f in #1791
+  - Attestations + policy in cip. by @vaikas in #1772
+  - chore: add rego function to consume modules and evaluate them by @hectorj2f in #1787
+  - Add parallelization for processing policies / authorities. by @vaikas in #1795
+  - Allow passing keys via environment variables (env:// refs) by @znewman01 in #1794
+  - Handle context cancelled properly + tests. by @vaikas in #1796
+  - Fix a bug where an error would send duplicate results. by @vaikas in #1797
+  - Revert "Refactor fulcio signer to take in KeyOpts. (#1788)" by @wlynch in #1798
+  - cosigned: Unify cue data and policy before evaluating it by @hectorj2f in #1793
+  - Don't fail open in VerifyBundle by @mtrmac in #1648
+  - Load in intermediate cert pool from TUF by @haydentherapper in #1804
+  - Support PKCS1 encoded and non-ECDSA CT log public keys by @haydentherapper in #1806
+
+- updated to 1.7.2
+  - [Cosigned] Fix publicKey unmarshal by @DennyHoang in #1719
+  - fix: add permissions to patch events by @hectorj2f in #1722
+  - Make public all types required to use ValidatePolicy by @jdolitsky in #1727
+  - Add unit tests for IntotoAttestation verifier. by @vaikas in #1728
+  - Remove newline from download sbom output by @ribbybibby in #1732
+  - Fix packages name and binary in the packages by @cpanato in #1734
+  - Fix fulcioroots test and linter error by @haydentherapper in #1741
+  - Support non-ECDSA public keys in certificates by @haydentherapper in #1740
+  - bug: remove old fulcio root and fix fallback target code by @asraa in #1738
+- updated to 1.7.1
+  - pkcs11: fix build instructions by @rgerganov in #1550
+  - add definition for artifact hub to verify the ownership by @cpanato in #1563
+  - Add example using AWS Key Management Service (KMS) by @davivcgarcia in #1564
+  - Start of the necessary pieces to get #1418 and #1419 implemented by @vaikas in #1562
+  - Support deletion of ClusterImagePolicy by @vaikas in #1580
+  - 1417 policy validations by @kkavitha in #1548
+  - Don't lowercase input image refs, just fail by @imjasonh in #1586
+  - Fix #1583 #1582. Disallow regex now until implemented. by @vaikas in #1584
+  - Fix piping 'cosign verify' using fulcio/rekor by @marcofranssen in #1590
+  - Fix #1592 move authorities as siblings of images. by @vaikas in #1593
+  - Add ability to inline secrets from SecretRef to configmap. by @vaikas in #1595
+  - Fix copy/paste mistake in repo name. by @k4leung4 in #1600
+  - Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #1599
+  - Add public key validation by @kkavitha in #1598
+  - Validate a public key in a secret is valid. by @vaikas in #1602
+  - Ensure entry is removed from CM on secret error. by @vaikas in #1605
+  - Add two env variables. One for using Rekor public key from OOB and one for fetching it from Rekor server by @vaikas in #1610
+  - Init entity from ociremote when signing a digest ref by @puerco in #1616
+  - rename ca-key to ca-cert. Fix 1608, 1613 by @vaikas in #1617
+  - improve cosigned validation error messages by @cpanato in #1618
+  - Use latest knative/pkg's configmap informer by @tcnghia in #1615
+  - Included OpenSSF Best Practices Badge by @naveensrinivasan in #1628
+  - FUN.md broke when RecordObj changed to HashedRecordObj by @MitchellJThomas in #1633
+  - update crane to v0.8.0 release by @cpanato in #1635
+  - push latest tag when building a release by @cpanato in #1636
+  - Add extra label and change the latest tag to unstable for non tagged releases by @cpanato in #1637
+  - Document Elastic container registry support by @mgreau in #1641
+  - Validate authority keys by @coyote240 in #1623
+  - feat: tree command utility by @developer-guy in #1603
+  - fix build date format for version command by @cpanato in #1644
+  - Add support for intermediate certificates when verifiying by @haydentherapper in #1631
+  - Prompt user before running cosign clean by @priyawadhwa in #1649
+  - Use ClusterImagePolicy with Keyless + e2e tests for CIP with kind by @vaikas in #1650
+  - KEYLESS.md: Shorten example OAuth URL by @tstromberg in #1661
+  - Use syscall.Stdin for input handle. Fixes #1153 by @mdp in #1657
+  - Add support for certificate chain to verify certificate by @haydentherapper in #1659
+  - First batch of followups to #1650 by @vaikas in #1664
+  - Add certificate chain flag for signing by @haydentherapper in #1656
+  - [attach]: Add specific suffixes mediaTypes to sboms by @hectorj2f in #1663
+  - update font when output the cosign version by @cpanato in #1668
+  - feat: add ability to override registry keychain by @noamichael in #1666
+  - remove replace directive by @cpanato in #1669
+  - Refactor based on discussions in #1650 by @vaikas in #1674
+  - Find all valid entries in verify-blob by @priyawadhwa in #1673
+  - Fix relative paths in Gitub OIDC blob test by @priyawadhwa in #1677
+  - Add support for cert and cert chain flags with PKCS11 tokens by @haydentherapper in #1671
+  - Use cosign @ HEAD for Github OIDC sign blob test by @priyawadhwa in #1678
+  - Make cosign copy copy metadata attached to child images. by @mattmoor in #1682
+  - change file_name_template to PackageName by @strongjz in #1683
+  - Update error message for verify/verify attestation by @haydentherapper in #1686
+  - cosign clean: Don't log failure if the registry responds with 404 by @imjasonh in #1687
+  - verify: add leaf hash verification for tlog entries by @asraa in #1688
+  - Fix handling of policy in verify-attestation by @lcarva in #1672
+  - Add e2e test for attest / verify-attestation by @vaikas in #1685
+  - verify: remove extra calls to rekor for verify and verify-blob by @asraa in #1694
+  - Remove the hardcoded sigstore audience by @mattmoor in #1698
+  - Use ValidatePubKey from sigstore/sigstore by @haydentherapper in #1676
+  - Use the github actions from sigstore/scaffolding. by @vaikas in #1699
+  - sign: set the oidc redirect uri by @hectorj2f in #1675
+  - add back the go mod proxy by @cpanato in #1701
+  - enable 1.23 tests (Test cosigned with ClusterImagePolicy) by @cpanato in #1702
+  - Fix incorrect unmarshalling of SCT response by @haydentherapper in #1704
+  - Make CLI flag for OIDC client secret take a path by @znewman01 in #1705
+  - cosigned: read the public key from the kms authority by @hectorj2f in #1706
+  - fix latest tag when running a release job by @cpanato in #1707
+  - [Cosigned] Parse and store publicKey data earlier by @DennyHoang in #1681
+  - Dont overwrite token set in keyOpts by @puerco in #1709
+  - refactor release job by @cpanato in #1710
+
+- updated to 1.6.0
+  - Fix double time import in e2e tests by @saschagrunert in #1388
+  - Add --timeout support to sign command by @saschagrunert in #1379
+  - Fix comparison in replace option for attestation by @bburky in #1366
+  - Add Cosign logo to README by @nsmith5 in #1395
+  - Minor refactor to verify SCT and Rekor entry with multiple keys by @haydentherapper in #1396
+  - Fix a link of SECURITY.md by @knqyf263 in #1399
+  - update cosign and cross-build image for the release job by @cpanato in #1400
+  - feat: login command by @developer-guy in #1398
+  - TUF: Add root status output by @asraa in #1404
+  - Add a newline after password input by @knqyf263 in #1407
+  - make imageRef lowercase before parsing by @bobcallaway in #1409
+  - Improve error message when image is not found in registry by @imjasonh in #1410
+  - Add ability to override the Spiffe socket via environmental variable: by @vaikas in #1421
+  - Fix incorrect error check when verifying SCT by @haydentherapper in #1422
+  - Skip the ReadWrite test that flakes on Windows. by @dlorenc in #1415
+  - Allow PassFunc to be nil by @saschagrunert in #1426
+  - Update the cosign keyless documentation to point to the GA release. by @dlorenc in #1427
+  - Remove TUF timestamp from OCI signature bundle by @haydentherapper in #1428
+  - Add docs on API stability and deprecation table by @priyawadhwa in #1429
+  - update cross-build image which adds goimports by @cpanato in #1435
+  - feat: enhance clean cmd capability by @developer-guy in #1430
+  - use the upstream kubernetes version lib and ldflags by @n3wscott in #1413
+  - Improve log lines to match with implementation by @marcofranssen in #1432
+  - feat: fig autocomplete feature by @developer-guy in #1360
+  - update cross-build to use go 1.17.7 by @cpanato in #1446
+  - Fetch verification targets by TUF custom metadata by @haydentherapper in #1423
+  - feat: add -buildid= to ldflags by @developer-guy in #1451
+  - Streamline SignBlobCmd API with SignCmd by @saschagrunert in #1454
+  - convert release cosigned to also generate yaml artifact. by @k4leung4 in #1453
+  - Fix tkn link in readme by @Yongxuanzhang in #1459
+  - Print message when verifying with old TUF targets by @haydentherapper in #1468
+  - fix(sign): refactor unsupported provider log by @Dentrax in #1464
+  - tests: /bin/bash -> /usr/bin/env bash by @znewman01 in #1470
+  - Double goreleaser timeout by @znewman01 in #1472
+  - increase timeout for goreleaser snapshot by @cpanato in #1473
+  - fix(sign): kms unspported message by @Dentrax in #1475
+  - refactor release cloudbuild job by @cpanato in #1476
+  - Fix wording on attach attestation help by @luhring in #1480
+  - update go-tuf and simplify TUF client code by @asraa in #1455
+  - add initial changelog for 1.5.2 by @cpanato in #1483
+  - Fix linter error on main by @priyawadhwa in #1484
+  - Update Changelog for Security Advisory by @cpanato in #1485
+  - chore(makefile): use kocache, convert publish to build by @developer-guy in #1488
+  - Pick up a change to quiet ECR-login logging. by @mattmoor in #1491
+  - feat: support other types in copy cmd by @developer-guy in #1493
+  - Pick up some of the shared workflows by @mattmoor in #1490
+  - feat: nominate Dentrax as codeowner by @developer-guy in #1492
+  - add correct layer media type to cosign attach attestation by @spiffcs in #1503
+  - This sets up the scaffolding for the cosigned CRD types. by @mattmoor in #1504
+  - use v6 api calls in GH action for updating release milestones by @bobcallaway in #1511
+  - Add skeleton reconciler for cosigned API CRD. by @mattmoor in #1513
+  - bug fix: import ed25519 keys and fix error handling by @asraa in #1518
+  - optimize codeql speed by using caching and tracing by @bobcallaway in #1519
+  - Add a dummy.go file to allow vendoring config by @jdolitsky in #1520
+  - Add CertExtensions func to extract all extensions by @ckotzbauer in #1515
+  - chore(ci): add artifact hub support by @Dentrax in #1522
+  - Change Fulcio URL default to be fulcio.sigstore.dev by @haydentherapper in #1529
+  - Add codecov as github action, set permissions to read content only by @k4leung4 in #1530
+  - images: remove --bare flags that conflict with --base-import-paths by @cpanato in #1533
+  - Quay OCI Support in README by @sabre1041 in #1539
+  - add rpm,deb and apks for cosign packages by @strongjz in #1537
+  - Consistent parenthesis use in Makefile by @k4leung4 in #1541
+  - add changelog for 1.6.0 by @cpanato in #1535
+  - update golang cross image by @cpanato in #1543
+  - Add fields in policy CRD by @kkavitha in #1540
+  - Disable for now due some issues when downloading the knative module by @cpanato in #1546
+
cross-aarch64-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-arm-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-hppa-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-i386-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-m68k-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-mips-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-nvptx-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-ppc64-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-ppc64le-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-riscv64-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-s390x-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-sparc-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-sparc64-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
cross-x86_64-gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
dpdk
+- aabdallah@suse.com:
+  Fix for SG#63176, bsc#1198873: Read PCI device name as UTF strings.
+- tabraham@suse.com:
+  kni: allow configuring thread granularity (bsc#1195172)
+- added patches
+  + 0001-kni-allow-configuring-thread-granularity.patch
+  + 0001-usertools-read-PCI-device-name-as-UTF-8.patch
+
dracut
+- Update to version 055+suse.294.gc5bc4bb5:
+  Missing network-manager module fixes (bsc#1201975):
+  * fix(network-manager): avoid calling unavailable dracut-logger functions
+  * fix(network-manager): skip non-directories in /sys/class/net
+  * fix(network-manager): disable tty output if the console is not usable
+  * fix(network-manager): show output on console only with rd.debug enabled
+  * fix(network-manager): write DHCP filename option to dhcpopts file
+  * fix(network-manager): ensure safe content of /tmp/dhclient."$ifname".dhcpopts
+  * fix(network-manager): include nm-daemon-helper binary
+  * fix(network-manager): don't pull in systemd-udev-settle
+  * fix(network-manager): support teaming under NM+systemd
+  * fix(network-manager): pull in network.target in nm-initrd.service
+
+- Update to version 055+suse.283.ge98ece25:
+  * fix(network-manager): check for nm-initrd-generator in both /usr/{libexec,lib} (bsc#1201975)
+  * fix(network-legacy): add auto timeout to wicked DHCP test (bsc#1198709)
+
elfutils-debuginfod
+- Set --enable-debuginfod-urls only for TW.
+
+- Add missing Requires for devel package.
+
emacs-apel
+- Add emacs-apel-fix-build-error.patch: fix emacs-apel build error
+  on SLE-15-SP4 (bsc#1197714).
+
-- Add suse-start-apel.el.
-
gcc10
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
gcc10-testresults
+- Update to GCC 10.4 release (80c8c5b8f69bcd2dd168933fe6a), git2794
+  * includes remaining regression fixes from the branch
+
+- Update to gcc-10 branch head (f9982b5a81a151663c76ba0a3), git2389
+- Add gcc10-PIE, similar to gcc-PIE but affecting gcc10 [bsc#1195628]
+- Remove sys/rseq.h from include-fixed
+
+- Put libstdc++6-pp Requires on the shared library and drop
+  to Recoomends.
+
+- Properly adjust GPL-3.0 WITH GCC-exception-3.1 to
+  GPL-3.0-or-later WITH GCC-exception-3.1
+
+- Remove bits/unistd_ext.h from include-fixed
+
+- Update to gcc-10 branch head (048117e16c77f82598fca9af5), git1893
+  * Removes cyclades header use from libsanitizer.  [boo#1188076]
+
+- Force using llvm11 for amdgcn offloading since llvm12 doesn't
+  yet work.
+
+- Fix value of %slibdir64 for usrmerge
+
gnutls
+- Security fix: [bsc#1202020, CVE-2022-2509]
+  * Fixed double free during verification of pkcs7 signatures
+  * Add gnutls-CVE-2022-2509.patch
+
+- FIPS:
+  * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979]
+  - gnutls_fips140_run_self_tests now properly releases fips_context
+
+- FIPS:
+  * Add gnutls_ECDSA_signing.patch [bsc#1190698]
+  - Check minimum keylength for symmetric key generation
+  - Only allows ECDSA signature with valid set of hashes
+    (SHA2 and SHA3)
+  * Add gnutls-FIPS-force-self-test.patch [bsc#1198979]
+  - Provides interface for running library self tests on-demand
+  - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598
+
kernel-preempt
+- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
+- commit ec6a677
+
+- blacklist.conf: update blacklist
+- commit 63fa2f9
+
+- blacklist.conf: update blacklist
+- commit cc1d04f
+
+- mmc: cavium-thunderx: Add of_node_put() when breaking out of
+  loop (git-fixes).
+- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
+  (git-fixes).
+- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R
+  (git-fixes).
+- memstick/ms_block: Fix a memory leak (git-fixes).
+- memstick/ms_block: Fix some incorrect memory allocation
+  (git-fixes).
+- mmc: sdhci-of-esdhc: Fix refcount leak in
+  esdhc_signal_voltage_switch (git-fixes).
+- PCI: tegra194: Fix link up retry sequence (git-fixes).
+- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
+- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
+  (git-fixes).
+- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses
+  (git-fixes).
+- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks
+  (git-fixes).
+- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check"
+  exists (git-fixes).
+- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors
+  (git-fixes).
+- PCI: dwc: Disable outbound windows only for controllers using
+  iATU (git-fixes).
+- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
+  (git-fixes).
+- PCI: dwc: Stop link on host_init errors and de-initialization
+  (git-fixes).
+- PCI/portdrv: Don't disable AER reporting in
+  get_port_device_capability() (git-fixes).
+- platform/olpc: Fix uninitialized data in debugfs write
+  (git-fixes).
+- USB: Follow-up to SPDX identifiers addition - remove now
+  useless comments (git-fixes).
+- staging: rtl8192u: Fix sleep in atomic context bug in
+  dm_fsync_timer_callback (git-fixes).
+- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command
+  completion (git-fixes).
+- USB: serial: fix tty-port initialized comments (git-fixes).
+- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
+- usb: host: xhci: use snprintf() in xhci_decode_trb()
+  (git-fixes).
+- usb: xhci: tegra: Fix error check (git-fixes).
+- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe
+  (git-fixes).
+- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe
+  (git-fixes).
+- iio: light: isl29028: Fix the warning in isl29028_remove()
+  (git-fixes).
+- soundwire: bus_type: fix remove and shutdown support
+  (git-fixes).
+- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
+- iio: resolver: ad2s1200: Fix alignment for DMA safety
+  (git-fixes).
+- iio: proximity: as3935: Fix alignment for DMA safety
+  (git-fixes).
+- intel_th: msu: Fix vmalloced buffers (git-fixes).
+- intel_th: msu-sink: Potential dereference of null pointer
+  (git-fixes).
+- intel_th: Fix a resource leak in an error handling path
+  (git-fixes).
+- misc: rtsx: Fix an error handling path in rtsx_pci_probe()
+  (git-fixes).
+- commit 2bc728a
+
+- iio: potentiometer: mcp4131: Fix alignment for DMA safety
+  (git-fixes).
+- iio: potentiometer: mcp41010: Fix alignment for DMA safety
+  (git-fixes).
+- iio: potentiometer: max5481: Fix alignment for DMA safety
+  (git-fixes).
+- iio: potentiometer: ad5272: Fix alignment for DMA safety
+  (git-fixes).
+- iio: gyro: fxas210002c: Fix alignment for DMA safety
+  (git-fixes).
+- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
+- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
+- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
+- iio: frequency: adf4371: Fix alignment for DMA safety
+  (git-fixes).
+- iio: frequency: adf4350: Fix alignment for DMA safety
+  (git-fixes).
+- iio: frequency: ad9523: Fix alignment for DMA safety
+  (git-fixes).
+- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ti-dac082s085: Fix alignment for DMA safety
+  (git-fixes).
+- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
+- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
+- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
+- commit 7981ef6
+
+- clk: qcom: camcc-sdm845: Fix topology around titan_top power
+  domain (git-fixes).
+- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
+  (git-fixes).
+- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
+- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock
+  (git-fixes).
+- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
+- clk: qcom: clk-krait: unlock spin after mux completion
+  (git-fixes).
+- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
+- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
+  (git-fixes).
+- HID: cp2112: prevent a buffer overflow in cp2112_xfer()
+  (git-fixes).
+- driver core: fix potential deadlock in __driver_attach
+  (git-fixes).
+- iio: amplifiers: ad8366: Fix alignment for DMA safety
+  (git-fixes).
+- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ti-ads124s08: Fix alignment for DMA safety
+  (git-fixes).
+- iio: adc: ti-adc161s626: Fix alignment for DMA safety
+  (git-fixes).
+- iio: adc: ti-adc128s052: Fix alignment for DMA safety
+  (git-fixes).
+- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ti-adc084s021: Fix alignment for DMA safety
+  (git-fixes).
+- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
+- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
+- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
+- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
+- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
+- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
+- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
+- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
+- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
+- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently
+  large (git-fixes).
+- fpga: altera-pr-ip: fix unsigned comparison with less than zero
+  (git-fixes).
+- commit 9bda156
+
+- openvswitch: fix OOB access in reserve_sfa_size() (CVE-2022-2639
+  bsc#1202154).
+- commit bfc6551
+
+- blacklist.conf: update blacklist
+- commit 847721e
+
+- virtio-gpu: fix a missing check to avoid NULL dereference
+  (git-fixes).
+- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
+- media: tw686x: Register the irq at the end of probe (git-fixes).
+- wifi: wil6210: debugfs: fix uninitialized variable use in
+  `wil_write_file_wmi()` (git-fixes).
+- wifi: libertas: Fix possible refcount leak in if_usb_probe()
+  (git-fixes).
+- wifi: iwlwifi: mvm: fix double list_add at
+  iwl_mvm_mac_wake_tx_queue (git-fixes).
+- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
+  (git-fixes).
+- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
+- wifi: p54: Fix an error handling path in p54spi_probe()
+  (git-fixes).
+- mediatek: mt76: mac80211: Fix missing of_node_put() in
+  mt76_led_init() (git-fixes).
+- mt76: mt76x02u: fix possible memory leak in
+  __mt76x02u_mcu_send_msg (git-fixes).
+- can: pch_can: pch_can_error(): initialize errc before using it
+  (git-fixes).
+- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
+  il4965_rs_fill_link_cmd() (git-fixes).
+- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
+  (git-fixes).
+- thermal/tools/tmon: Include pthread and time headers in tmon.h
+  (git-fixes).
+- regulator: of: Fix refcount leak bug in
+  of_get_regulation_constraints() (git-fixes).
+- soc: fsl: guts: machine variable might be unset (git-fixes).
+- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init
+  (git-fixes).
+- virtio-net: fix the race between refill work and close
+  (git-fixes).
+- mt7601u: add USB device ID for some versions of XiaoDu WiFi
+  Dongle (git-fixes).
+- commit 347666b
+
+- drm/amd/display: Enable building new display engine with KCOV
+  enabled (git-fixes).
+- drm/exynos/exynos7_drm_decon: free resources when
+  clk_set_parent() failed (git-fixes).
+- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
+- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
+  (git-fixes).
+- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
+  (git-fixes).
+- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
+- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff
+  function (git-fixes).
+- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
+- drm/rockchip: Fix an error handling path rockchip_dp_probe()
+  (git-fixes).
+- drm/rockchip: vop: Don't crash for invalid duplicate_state()
+  (git-fixes).
+- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
+- drm/radeon: fix potential buffer overflow in
+  ni_set_mc_special_registers() (git-fixes).
+- drm/vc4: hdmi: Correct HDMI timing registers for interlaced
+  modes (git-fixes).
+- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
+- drm/vc4: dsi: Add correct stop condition to
+  vc4_dsi_encoder_disable iteration (git-fixes).
+- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
+- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
+- drm/vc4: plane: Fix margin calculations for the right/bottom
+  edges (git-fixes).
+- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
+- drm/doc: Fix comment typo (git-fixes).
+- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
+- drm: bridge: adv7511: Add check for mipi_dsi_driver_register
+  (git-fixes).
+- drm: adv7511: override i2c address of cec before accessing it
+  (git-fixes).
+- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
+- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
+- drm/st7735r: Fix module autoloading for Okaya RH128128T
+  (git-fixes).
+- i2c: mux-gpmux: Add of_node_put() when breaking out of loop
+  (git-fixes).
+- i2c: cadence: Support PEC for SMBus block read (git-fixes).
+- i2c: Fix a potential use after free (git-fixes).
+- commit cce0615
+
+- drm/bridge: tc358767: Make sure Refclk clock are enabled
+  (git-fixes).
+- Bluetooth: hci_intel: Add check for platform_driver_register
+  (git-fixes).
+- can: error: specify the values of data[5..7] of CAN error frames
+  (git-fixes).
+- can: usb_8dev: do not report txerr and rxerr during bus-off
+  (git-fixes).
+- can: kvaser_usb_leaf: do not report txerr and rxerr during
+  bus-off (git-fixes).
+- can: kvaser_usb_hydra: do not report txerr and rxerr during
+  bus-off (git-fixes).
+- can: sun4i_can: do not report txerr and rxerr during bus-off
+  (git-fixes).
+- can: hi311x: do not report txerr and rxerr during bus-off
+  (git-fixes).
+- can: sja1000: do not report txerr and rxerr during bus-off
+  (git-fixes).
+- can: rcar_can: do not report txerr and rxerr during bus-off
+  (git-fixes).
+- can: pch_can: do not report txerr and rxerr during bus-off
+  (git-fixes).
+- ath10k: do not enforce interrupt trigger type (git-fixes).
+- can: Break loopback loop on loopback documentation (git-fixes).
+- ACPI: video: Shortening quirk list by identifying Clevo by
+  board_name only (git-fixes).
+- ACPI: APEI: Better fix to avoid spamming the console with old
+  error logs (git-fixes).
+- bus: hisi_lpc: fix missing platform_device_put() in
+  hisi_lpc_acpi_probe() (git-fixes).
+- ACPI: CPPC: Do not prevent CPPC from working in the future
+  (git-fixes).
+- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
+  (git-fixes).
+- ath10k: Fix error handling in ath10k_setup_msa_resources
+  (git-fixes).
+- commit 6ee2d65
+
+- ipv4: avoid using shared IP generator for connected sockets
+  (CVE-2020-36516 bsc#1196616).
+- ipv4: tcp: send zero IPID in SYNACK messages (CVE-2020-36516
+  bsc#1196616).
+- commit 6c53c05
+
+- blacklist.conf: add "sched: Reenable interrupts in do_sched_yield()"
+  This patch caused unexplained regressions and it's not fixing any
+  important issue.
+- commit 7b4ecae
+
+- Revert "Refresh patches.suse/random-fix-crash-on-multiple-early-calls..." (bsc#1201645)
+  This reverts commit f01d1a85f6c5334e324db629b3d43a8be5461b46.
+- commit ef555c8
+
+- media: smipcie: fix interrupt handling and IR timeout
+  (git-fixes).
+- commit 72251a4
+
+- sched/fair: Revise comment about lb decision matrix (git fixes
+  (sched/fair)).
+- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation
+  (git fixes (kernel/time)).
+- random: remove useless header comment (git fixes).
+- profiling: fix shift-out-of-bounds bugs (git fixes).
+- sched/membarrier: fix missing local execution of
+  ipi_sync_rq_state() (git fixes (sched/membarrier)).
+- mm: fix page reference leak in soft_offline_page() (git fixes
+  (mm/memory-failure)).
+- commit b0029fe
+
+- blacklist.conf: xtensa not used
+- commit c7e553d
+
+- blacklist.conf: UML not used
+- commit d38c3c3
+
+- blacklist.conf: Cosmetic patch
+- commit 137482b
+
+- blacklist.conf: GCC-12 not used
+- commit b35581e
+
+- blacklist.conf: KASAN not configured
+- commit ddca4d2
+
+- blacklist.conf: Clang not used for build
+- commit f6cb05a
+
+- blacklist.conf: KASAN not configured
+- commit db5c6ef
+
+- blacklist.conf: 6ffbb45826f5d9ae09aa60cd88594b7816c96190
+- commit ae569d4
+
+- blacklist.conf: Build time micro-optimisation
+- commit 091232d
+
+- blacklist.conf: Build time micro-optimisation
+- commit 06fea81
+
+- blacklist.conf: Build time micro-optimisation
+- commit c5a48f8
+
+- blacklist.conf: Build fix that assumes bash does not exist
+- commit a35739b
+
+- blacklist.conf: Comment fix only
+- commit 1f940f0
+
+- blacklist.conf: Fixes pointing to misleading commit
+- commit b94c0dc
+
+- blacklist.conf: Patch has a number of high risk dependencies
+- commit 58c61ac
+
+- media: rtl28xxu: add missing sleep before probing slave demod
+  (git-fixes).
+- commit ac926ca
+
+- media: usb: dvb-usb-v2: rtl28xxu: convert to use
+  i2c_new_client_device() (git-fixes).
+- commit 47f6029
+
+- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T
+  dongle (git-fixes).
+- commit cf3cc2d
+
+- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
+- commit 27a23c1
+
+- media: rc: increase rc-mm tolerance and add debug message
+  (git-fixes).
+- commit 532733e
+
+- media: v4l2-mem2mem: always consider OUTPUT queue during poll
+  (git-fixes).
+- commit 981dce5
+
+- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll()
+  (git-fixes).
+- commit 691e7d8
+
+- PM: runtime: Remove link state checks in rpm_get/put_supplier()
+  (git-fixes).
+- commit 2786445
+
+- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
+- Refresh
+  patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch.
+- Refresh
+  patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch.
+- commit de6720f
+
+- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
+- commit bafbca0
+
+- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
+- commit a77b059
+
+- KVM: x86: Update vCPU's hv_clock before back to guest when
+  tsc_offset is adjusted (git-fixes).
+- commit 143ba5a
+
+- Updated commit IDs from a rebased upstream branch:
+- patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch.
+- patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch.
+- patches.suse/watchdog-export-lockup_detector_reconfigure.patch.
+- commit a3cdcd5
+
+- KVM: x86: Fix split-irqchip vs interrupt injection window
+  request (git-fixes).
+- commit 69e8da6
+
+- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint
+  (git-fixes).
+- commit 156ec3b
+
+- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
+- commit 2fe0bb0
+
+- net: usb: use eth_hw_addr_set() (git-fixes).
+- commit cd08705
+
+- KVM: VMX: Don't freeze guest when event delivery causes an
+  APIC-access exit (git-fixes).
+- commit 13e27e5
+
+- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
+- commit 5a414a0
+
+- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
+- commit 65c08ec
+
+- net: usb: ax88179_178a: remove redundant assignment to variable
+  ret (git-fixes).
+- commit 75d1e2c
+
+- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
+- commit 8bcd286
+
+- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
+  (git-fixes).
+- commit 18afbc0
+
+- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
+  (git-fixes).
+- commit ad2b012
+
+- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
+- commit 564965b
+
+- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
+- commit 8fc5407
+
+- netfilter: nf_queue: do not allow packet truncation below
+  transport header offset (bsc#1201940 CVE-2022-36946).
+- commit f4f33cd
+
+- kvm/emulate: Fix SETcc emulation function offsets with SLS
+  (bsc#1201930).
+- commit 0a6851d
+
+- nvme: consider also host_iface when checking ip options
+  (bsc#1199670).
+- commit edd56ec
+
+- drivers/net: Fix kABI in tun.c (git-fixes).
+- commit 3adafd5
+
+- FDDI: defxx: Make MMIO the configuration default except for EISA
+  (git-fixes).
+- commit 49c7c8d
+
+- FDDI: defxx: Bail out gracefully with unassigned PCI resource
+  for CSR (git-fixes).
+- commit 87b1bf0
+
+- net: tun: set tun->dev->addr_len during TUNSETLINK processing
+  (git-fixes).
+- commit 11d0ba1
+
+- net: macb: restore cmp registers on resume path (git-fixes).
+- commit 73e4cc3
+
+- drivers: net: fix memory leak in peak_usb_create_dev
+  (git-fixes).
+- commit bf7b83d
+
+- drivers: net: fix memory leak in atusb_probe (git-fixes).
+- commit 1811ff5
+
+- amd-xgbe: Update DMA coherency values (git-fixes).
+- commit 58be63e
+
+- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII
+  clock (git-fixes).
+- commit 5683f5d
+
+- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
+  (git-fixes).
+- commit a1e8450
+
+- ftgmac100: Restart MAC HW once (git-fixes).
+- commit 9b2ea44
+
+- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
+  (git-fixes).
+- commit 74dff8e
+
+- net/mlx5e: When changing XDP program without reset, take refs
+  for XSK RQs (git-fixes).
+- commit 4584eb8
+
+- net: lapbether: Remove netif_start_queue / netif_stop_queue
+  (git-fixes).
+- commit 9195d10
+
+- net: stmmac: fix incorrect DMA channel intr enable setting of
+  EQoS v4.10 (git-fixes).
+- commit 3eac36a
+
+- net: enetc: keep RX ring consumer index in sync with hardware
+  (git-fixes).
+- commit 5b9c123
+
+- net: enetc: fix incorrect TPID when receiving 802.1ad tagged
+  packets (git-fixes).
+- commit d2c7696
+
+- net: hns3: fix error mask definition of flow director
+  (git-fixes).
+- commit e86b116
+
+- blacklist.conf: update blacklist
+- commit 545a342
+
+- scsi: lpfc: Copyright updates for 14.2.0.5 patches
+  (bsc#1201956).
+- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
+- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
+- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
+  lpfc_sli_prep_abort_xri() (bsc#1201956).
+- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved
+  configuration (bsc#1201956).
+- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
+  (bsc#1201956 bsc#1200521).
+- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
+  (bsc#1201956).
+- scsi: lpfc: Fix possible memory leak when failing to issue
+  CMF WQE (bsc#1201956).
+- scsi: lpfc: Remove extra atomic_inc on cmd_pending in
+  queuecommand after VMID (bsc#1201956).
+- scsi: lpfc: Set PU field when providing D_ID in
+  XMIT_ELS_RSP64_CX iocb (bsc#1201956).
+- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
+  malformed user input (bsc#1201956).
+- scsi: lpfc: Fix uninitialized cqe field in
+  lpfc_nvme_cancel_iocb() (bsc#1201956).
+- commit 6e7b732
+
+- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
+- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
+- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
+- scsi: qla2xxx: Fix discovery issues in FC-AL topology
+  (bsc#1201958).
+- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
+- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
+- scsi: qla2xxx: Fix response queue handler reading stale packets
+  (bsc#1201958).
+- scsi: qla2xxx: Zero undefined mailbox IN registers
+  (bsc#1201958).
+- scsi: qla2xxx: Fix incorrect display of max frame size
+  (bsc#1201958).
+- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
+  (bsc#1201958).
+- commit d5c3642
+
+- Drop qla2xxx patch which prevented nvme port discovery
+  (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958)
+  Upstream fixed the problem by reverting the offending commit.
+  Delete:
+  - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch.
+- commit 1cb16fb
+
+- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
+- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
+- hv_netvsc: Fix validation in netvsc_linkstatus_callback()
+  (bsc#1199364).
+- net, xdp: Introduce xdp_build_skb_from_frame utility routine
+  (bsc#1199364).
+- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
+  (bsc#1199364).
+- hv_netvsc: Copy packets sent by Hyper-V out of the receive
+  buffer (bsc#1199364).
+- hv_netvsc: Add (more) validation for untrusted Hyper-V values
+  (bsc#1199364).
+- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb
+  signature (bsc#1199364).
+- commit cffae99
+
+- KVM: emulate: do not adjust size of fastop and setcc subroutines
+  (bsc#1201930).
+- commit 317f350
+
+- Refresh
+  patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch.
+- commit c513474
+
+- Update
+  patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch
+  references (add CVE-2022-32250).
+- commit 8871b3f
+
+- net/sched: cls_u32: fix netns refcount changes in u32_change()
+  (CVE-2022-29581 bsc#1199665).
+- commit e1d6992
+
+- random: fix typo in comments (git-fixes).
+- commit 49bfcbe
+
+- blacklist.conf: a cleanup that breaks kABI
+- commit f8d13cb
+
+- random: document add_hwgenerator_randomness() with other input
+  functions (git-fixes).
+- commit 9a03f2f
+
+- drbd: fix potential silent data corruption (git-fixes).
+- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code'
+  explicit (git-fixes).
+- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
+  (git-fixes).
+- linux/random.h: Use false with bool (git-fixes).
+- linux/random.h: Remove arch_has_random, arch_has_random_seed
+  (git-fixes).
+- commit a9f5081
+
+- kABI workaround for including mm.h in fs/sysfs/file.c
+  (bsc#1200598 cve-2022-20166).
+- commit 29d7d8a
+
+- net: stmmac: fix watchdog timeout during suspend/resume stress
+  test (git-fixes).
+- commit b651717
+
+- net: stmmac: stop each tx channel independently (git-fixes).
+- commit 3ba5a53
+
+- net: stmmac: fix CBS idleslope and sendslope calculation
+  (git-fixes).
+- commit e0b11c6
+
+- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
+- commit 6020ebf
+
+- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE
+  SFP (git-fixes).
+- commit 858de54
+
+- net: amd-xgbe: Reset link when the link never comes back
+  (git-fixes).
+- commit 75c3dff
+
+- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout
+  warning (git-fixes).
+- commit 2d480f1
+
+- net: amd-xgbe: Reset the PHY rx data path when mailbox command
+  timeout (git-fixes).
+- commit 5734e3e
+
+- net: axienet: Handle deferred probe on clock properly
+  (git-fixes).
+- commit c2493d6
+
+- net: mvneta: Remove per-cpu queue mapping for Armada 3700
+  (git-fixes).
+- commit 421a813
+
+- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
+- commit f6ff8de
+
+- macvlan: remove redundant null check on data (git-fixes).
+- commit 37296a9
+
+- net: dsa: bcm_sf2: put device node before return (git-fixes).
+- commit d83cfd7
+
+- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
+  (bsc#1201846 ltc#198761).
+- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
+  ltc#198761).
+- watchdog: export lockup_detector_reconfigure (bsc#1201846
+  ltc#198761).
+- powerpc/mobility: wait for memory transfer to complete
+  (bsc#1201846 ltc#198761).
+- commit 4aa9f78
+
+- net: macb: unprepare clocks in case of failure (git-fixes).
+- commit 9b3aefc
+
+- net: macb: add function to disable all macb clocks (git-fixes).
+- commit e67caf5
+
+- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
+- commit 2629e74
+
+- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
+- commit 12700d6
+
+- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
+- commit 823b92f
+
+- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
+- commit 3311dc2
+
+- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
+- commit 0e7bc32
+
+- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown
+  (git-fixes).
+- commit 0b9accc
+
+- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
+- commit 96affe9
+
+- net: ll_temac: Fix potential NULL dereference in temac_probe()
+  (git-fixes).
+- commit 9f3a68c
+
+- net: stmmac: dwmac1000: provide multicast filter fallback
+  (git-fixes).
+- commit 173655e
+
+- net: ll_temac: Use devm_platform_ioremap_resource_byname()
+  (git-fixes).
+- commit bd77f60
+
+- net: mscc: Fix OF_MDIO config check (git-fixes).
+- commit 6a2a9df
+
+- blacklist.conf: update blacklist
+- commit 5495889
+
+- blacklist.conf: update blacklist
+- commit ccb0438
+
+- i2c: cadence: Change large transfer count reset logic to be
+  unconditional (git-fixes).
+- gpio: pca953x: use the correct register address when regcache
+  sync during init (git-fixes).
+- gpio: pca953x: use the correct range when do regmap sync
+  (git-fixes).
+- gpio: pca953x: only use single read/write for No AI mode
+  (git-fixes).
+- commit 20d420c
+
+- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
+- serial: 8250: fix return error code in
+  serial8250_request_std_resource() (git-fixes).
+- wifi: mac80211: fix queue selection for mesh/OCB interfaces
+  (git-fixes).
+- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
+  (git-fixes).
+- ALSA: hda/realtek - Fix headset mic problem for a HP machine
+  with alc221 (git-fixes).
+- ALSA: hda/realtek - Fix headset mic problem for a HP machine
+  with alc671 (git-fixes).
+- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
+- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3
+  model (git-fixes).
+- ASoC: madera: Fix event generation for rate controls
+  (git-fixes).
+- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
+- ASoC: cs47l15: Fix event generation for low power mux control
+  (git-fixes).
+- ASoC: wm5110: Fix DRE control (git-fixes).
+- ASoC: ops: Fix off by one in range control validation
+  (git-fixes).
+- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
+- NFC: nxp-nci: don't print header length mismatch on i2c error
+  (git-fixes).
+- platform/x86: hp-wmi: Ignore Sanitization Mode event
+  (git-fixes).
+- virtio_mmio: Restore guest page size on resume (git-fixes).
+- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
+- commit 7b686cc
+
+- Update patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch
+  (git-fixes bsc#1200910 CVE-2020-36558).
+  Add references.
+- commit d84e9d7
+
+- Update
+  patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch
+  (git-fixes bsc#1201429 CVE-2020-36557).
+  Add references.
+- commit 76ab189
+
+- lockdown: Fix kexec lockdown bypass with ima policy
+  (CVE-2022-21505 bsc#1201458).
+- commit 5806b46
+
+- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
+- commit b51a741
+
+- Fix 1201644, 1201664, 1201672, 1201673, 1201676
+  All are reports of the same problem - the IBRS_* regs push/popping was
+  wrong but it needs
+  1b331eeea7b8 ("x86/entry: Remove skip_r11rcx")
+  too.
+- commit 7226005
+
+- blacklist.conf: updated blacklist for new issue
+- commit 93feb45
+
+- mm: and drivers core: Convert hugetlb_report_node_meminfo to
+  sysfs_emit (bsc#1200598 cve-2022-20166).
+- commit 6f05f26
+
+- drivers core: Miscellaneous changes for sysfs_emit (bsc#1200598
+  cve-2022-20166).
+- commit 6ff7ebb
+
+- drivers core: Remove strcat uses around sysfs_emit and neaten
+  (bsc#1200598 cve-2022-20166).
+- commit 4cafd1f
+
+- vt: drop old FONT ioctls (bsc#1201636 CVE-2021-33656).
+- commit bcf7213
+
+- drivers core: Use sysfs_emit and sysfs_emit_at for show(device
+  * ...) functions (bsc#1200598 cve-2022-20166).
+- commit 747b6a7
+
+- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output
+  (bsc#1200598 cve-2022-20166).
+- commit 4aaf7f0
+
+- fbmem: Check virtual screen sizes in fb_set_var()
+  (CVE-2021-33655 bsc#1201635).
+- fbcon: Prevent that screen size is smaller than font size
+  (CVE-2021-33655 bsc#1201635).
+- fbcon: Disallow setting font bigger than screen size
+  (CVE-2021-33655 bsc#1201635).
+- commit a7693d8
+
+- Delete patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch (bsc#1201206)
+  The patch seems causing a regression on Mac.
+- commit f885f68
+
+- arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
+- commit 036b703
+
+- arm64: stackleak: fix current_top_of_stack() (git-fixes)
+- commit 9d510a3
+
+- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
+- commit e7722fa
+
+- arm64: module: remove (NOLOAD) from linker script (git-fixes)
+- commit 2f78693
+
+- arm64 module: set plt* section addresses to 0x0 (git-fixes)
+- commit 5213f10
+
+- kABI workaround for rtsx_usb (git-fixes).
+- commit 4ee0d92
+
+- x86/bugs: Remove apostrophe typo (bsc#1178134).
+- commit 0dca060
+
+- power/reset: arm-versatile: Fix refcount leak in
+  versatile_reboot_probe (git-fixes).
+- serial: stm32: Clear prev values before setting RTS delays
+  (git-fixes).
+- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle
+  (git-fixes).
+- spi: amd: Limit max transfer and message size (git-fixes).
+- drm/i915/gt: Serialize TLB invalidates with GT resets
+  (git-fixes).
+- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests
+  (git-fixes).
+- raw: Fix a data-race around sysctl_raw_l3mdev_accept
+  (git-fixes).
+- sysctl: Fix data-races in proc_dointvec_ms_jiffies()
+  (git-fixes).
+- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
+- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
+- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
+- sysctl: Fix data races in proc_douintvec() (git-fixes).
+- sysctl: Fix data races in proc_dointvec() (git-fixes).
+- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
+- ima: Fix a potential integer overflow in
+  ima_appraise_measurement (git-fixes).
+- drm/panfrost: Fix shrinker list corruption by madvise IOCTL
+  (git-fixes).
+- drm/panfrost: Put mapping instead of shmem obj on
+  panfrost_mmu_map_fault_addr() error (git-fixes).
+- drm/i915: fix a possible refcount leak in
+  intel_dp_add_mst_connector() (git-fixes).
+- ida: don't use BUG_ON() for debugging (git-fixes).
+- dmaengine: pl330: Fix lockdep warning about non-static key
+  (git-fixes).
+- misc: rtsx_usb: set return value in rsp_buf alloc err path
+  (git-fixes).
+- misc: rtsx_usb: use separate command and response buffers
+  (git-fixes).
+- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
+  transfer (git-fixes).
+- i2c: cadence: Unregister the clk notifier in error path
+  (git-fixes).
+- memregion: Fix memregion_free() fallback definition (git-fixes).
+- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
+- fbcon: Prevent that screen size is smaller than font size
+  (git-fixes).
+- fbcon: Disallow setting font bigger than screen size
+  (git-fixes).
+- video: of_display_timing.h: include errno.h (git-fixes).
+- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
+- r8169: fix accessing unset transport header (git-fixes).
+- net: rose: fix UAF bug caused by rose_t0timer_expiry
+  (git-fixes).
+- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
+- pinctrl: sunxi: a83t: Fix NAND function name for some pins
+  (git-fixes).
+- commit aa669e5
+
+- ASoC: Intel: Skylake: Correct the handling of fmt_config
+  flexible array (git-fixes).
+- ASoC: Intel: Skylake: Correct the ssp rate discovery in
+  skl_get_ssp_clks() (git-fixes).
+- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
+- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
+  correctly (git-fixes).
+- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
+- dmaengine: ti: Add missing put_device in
+  ti_dra7_xbar_route_allocate (git-fixes).
+- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
+  (git-fixes).
+- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
+- ASoC: Remove unused hw_write_t type (git-fixes).
+- commit 2be6c70
+
+- arm64: fix compat syscall return truncation (git-fixes)
+- commit 24bf105
+
+- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
+- commit 992de8b
+
+- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
+- commit 867aa84
+
+- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
+- commit ad8af15
+
+- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
+- commit 02d9d74
+
+- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
+- commit 4265617
+
+- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
+- commit 080c096
+
+- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
+- commit ddc1d85
+
+- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
+- commit aff711b
+
+- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
+- commit d286e63
+
+- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
+- commit 437cb00
+
+- usb: typec: add missing uevent when partner support PD
+  (git-fixes).
+- commit 8f7dacd
+
+- usb: dwc3: gadget: Fix event pending check (git-fixes).
+- commit 052f747
+
+- blacklist.conf: will speed up booting in exchange for breaking charging
+  from a switched off laptop with some firmwares
+- commit bd8e45d
+
+- blacklist.conf: build fix that does not matter on a released kernel
+- commit 3296a39
+
+- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
+- commit a69d674
+
+- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
+- commit 1caf14d
+
+- Sort in RETbleed backport into the sorted section
+  Now that it is upstream..
+- Refresh
+  patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch.
+- Refresh
+  patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch.
+- Refresh patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch.
+- Refresh
+  patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch.
+- Refresh
+  patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch.
+- Refresh
+  patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch.
+- Refresh
+  patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch.
+- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
+- Refresh patches.suse/x86-Undo-return-thunk-damage.patch.
+- Refresh patches.suse/x86-Use-return-thunk-in-asm-code.patch.
+- Refresh patches.suse/x86-bpf-Use-alternative-RET-encoding.patch.
+- Refresh
+  patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch.
+- Refresh
+  patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch.
+- Refresh patches.suse/x86-bugs-Add-retbleed-ibpb.patch.
+- Refresh
+  patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch.
+- Refresh
+  patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch.
+- Refresh patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch.
+- Refresh
+  patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch.
+- Refresh
+  patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch.
+- Refresh
+  patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch.
+- Refresh
+  patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch.
+- Refresh
+  patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch.
+- Refresh
+  patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch.
+- Refresh
+  patches.suse/x86-common-Stamp-out-the-stepping-madness.patch.
+- Refresh patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch.
+- Refresh patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch.
+- Refresh
+  patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch.
+- Refresh
+  patches.suse/x86-entry-Add-kernel-IBRS-implementation.patch.
+- Refresh
+  patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch.
+- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
+- Refresh
+  patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch.
+- Refresh
+  patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch.
+- Refresh
+  patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch.
+- Refresh
+  patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch.
+- Refresh
+  patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch.
+- Refresh
+  patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch.
+- Refresh
+  patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch.
+- Refresh
+  patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch.
+- Refresh
+  patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch.
+- Refresh
+  patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch.
+- Refresh
+  patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch.
+- Refresh
+  patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch.
+- Refresh
+  patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch.
+- Refresh
+  patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch.
+- Refresh
+  patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch.
+- Refresh patches.suse/x86-xen-Rename-SYS-entry-points.patch.
+- commit 94dfede
+
+- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
+- commit ed82a39
+
+- blacklist.conf: blocks a driver from building
+- commit 2f8d19f
+
+- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
+- commit 1950671
+
+- arm64: lib: Use modern annotations for assembly functions (git-fixes)
+  Refresh patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch.
+- commit fb5a868
+
+- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
+  (git-fixes).
+- Refresh
+  patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch.
+- commit 8e36894
+
+- arm64: asm: Add new-style position independent function annotations (git-fixes)
+- commit a5d53f5
+
+- usbnet: fix memory leak in error case (git-fixes).
+- commit 988ba16
+
+- arm64: module: rework special section handling (git-fixes)
+- commit 7d368bc
+
+- Rename colliding patches before the next origin/cve/linux-5.3 -> SLE15-SP3 merge
+- commit fb0447a
+
+- dm mirror log: round up region bitmap size to BITS_PER_LONG
+  (git-fixes).
+- md: bcache: check the return value of kzalloc() in
+  detached_dev_do_request() (git-fixes).
+- dm crypt: make printing of the key constant-time (git-fixes).
+- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
+- dm stats: add cond_resched when looping over entries
+  (git-fixes).
+- md/raid0: Ignore RAID0 layout if the second zone has only one
+  device (git-fixes).
+- hex2bin: make the function hex_to_bin constant-time (git-fixes).
+- dm integrity: fix memory corruption when tag_size is less than
+  digest size (git-fixes).
+- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
+- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS
+  (git-fixes).
+- block: don't delete queue kobject before its children
+  (git-fixes).
+- block: bio-integrity: Advance seed correctly for larger interval
+  sizes (git-fixes).
+- block: Fix wrong offset in bio_truncate() (git-fixes).
+- block: Fix fsync always failed if once failed (git-fixes).
+- dm btree remove: fix use after free in rebalance_children()
+  (git-fixes).
+- dm: fix mempool NULL pointer race when completing IO
+  (git-fixes).
+- dm crypt: Avoid percpu_counter spinlock contention in
+  crypt_page_alloc() (git-fixes).
+- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
+  (git-fixes).
+- blk-zoned: allow zone management send operations without
+  CAP_SYS_ADMIN (git-fixes).
+- dm btree remove: assign new_root only when removal succeeds
+  (git-fixes).
+- dm snapshot: properly fix a crash when an origin has no
+  snapshots (git-fixes).
+- dm snapshot: fix crash with transient storage and zero chunk
+  size (git-fixes).
+- dm raid: fix inconclusive reshape layout on fast raid4/5/6
+  table reload sequences (git-fixes).
+- dm space map common: fix division bug in sm_ll_find_free_block()
+  (git-fixes).
+- dm persistent data: packed struct should have an aligned()
+  attribute too (git-fixes).
+- md/bitmap: wait for external bitmap writes to complete during
+  tear down (git-fixes).
+- dm verity: fix FEC for RS roots unaligned to block size
+  (git-fixes).
+- dm bufio: subtract the number of initial sectors in
+  dm_bufio_get_device_size (git-fixes).
+- md: Set prev_flush_start and flush_bio in an atomic way
+  (git-fixes).
+- dm integrity: conditionally disable "recalculate" feature
+  (git-fixes).
+- dm integrity: fix a crash if "recalculate" used without
+  "internal_hash" (git-fixes).
+- dm integrity: fix the maximum number of arguments (git-fixes).
+- dm snapshot: flush merged data before committing metadata
+  (git-fixes).
+- lib/string.c: implement stpcpy (git-fixes).
+- commit ab41893
+
+- xen/netback: avoid entering xenvif_rx_next_skb() with an empty
+  rx queue (bsc#1201381).
+- commit ae4d431
+
+- Refresh
+  patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch.
+  revert the effect of mainline 453431a54934d917153 on patch.
+- Refresh
+  patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch.
+  revert the effect of mainline 453431a54934d917153 on patch.
+- commit 5e710e7
+
+- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
+- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
+- crypto: qat - fix memory leak in RSA (git-fixes).
+- crypto: qat - set to zero DH parameters before free (git-fixes).
+- crypto: qat - disable registration of algorithms (git-fixes).
+- commit 8d18bba
+
+- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
+  Dwarves 1.22 or newer is required to build kernels with BTF information
+  embedded in modules.
+- commit 2dbbe9d
+
+- scripts: dummy-tools, add pahole (jsc#SLE-24559).
+- commit 6a3fc85
+
+- pty: do tty_flip_buffer_push without port->lock in pty_write
+  (bsc#1198829 CVE-2022-1462).
+- commit ce8f318
+
+- tty: use new tty_insert_flip_string_and_push_buffer() in
+  pty_write() (bsc#1198829 CVE-2022-1462).
+- tty: extract tty_flip_buffer_commit() from
+  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
+- commit cbf8ad3
+
+- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
+- Update config files:
+  - MODULE_ALLOW_BTF_MISMATCH=y
+- commit 0660602
+
+- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
+- Refresh
+  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
+- commit 6a4211c
+
+- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
+- Refresh
+  patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch.
+- commit ec84a18
+
+- kbuild: Skip module BTF generation for out-of-tree external
+  modules (jsc#SLE-24559).
+- commit b411a90
+
+- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
+- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
+- commit dd48d54
+
+- kbuild: Build kernel module BTFs if BTF is enabled and pahole
+  supports it (jsc#SLE-24559).
+- Update config files:
+  - PAHOLE_HAS_SPLIT_BTF=y
+  - DEBUG_INFO_BTF_MODULES=y
+- commit 00469b9
+
+- bpf: Assign ID to vmlinux BTF and return extra info for BTF
+  in GET_OBJ_INFO (jsc#SLE-24559).
+- commit bf525c4
+
+- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
+- commit de75fe3
+
+- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
+- Refresh
+  patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch.
+- commit 97960b8
+
+- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
+- commit d74c2bd
+
+- kbuild: drop $(wildcard $^) check in if_changed* for faster
+  rebuild (jsc#SLE-24559).
+- commit 2b23691
+
+- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
+- Refresh
+  patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch.
+- Refresh
+  patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch.
+- Refresh
+  patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch.
+- Refresh
+  patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch.
+- commit 860eb7e
+
+- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
+- Refresh
+  patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch.
+- commit e48ca3e
+
+- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
+- commit 089d37f
+
+- io_uring: fix fs->users overflow  (CVE-2022-1116, bsc#1199647).
+- commit e8dfed6
+
+- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
+- scsi: scsi_debug: Sanity check block descriptor length in
+  resp_mode_select() (git-fixes).
+- scsi: core: Put LLD module refcnt after SCSI device is released
+  (git-fixes).
+- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
+  (git-fixes).
+- scsi: core: Only put parent device if host state differs from
+  SHOST_CREATED (git-fixes).
+- scsi: core: Put .shost_dev in failure path if host state
+  changes to RUNNING (git-fixes).
+- scsi: core: Fix failure handling of scsi_add_host_with_dma()
+  (git-fixes).
+- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
+- scsi: ufs: handle cleanup correctly on devm_reset_control_get
+  error (git-fixes).
+- scsi: ufs: Release clock if DMA map fails (git-fixes).
+- commit cad0d5f
+
+- don't call utsname() after ->nsproxy is NULL (bsc#1201196).
+- commit 12197a1
+
+- mm/slub: add missing TID updates on slab deactivation
+  (git-fixes).
+- commit af73675
+
+- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
+- commit 89b5cfc
+
+- xen: don't continue xenstore initialization in case of errors
+  (git-fixes).
+- commit a397042
+
+- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
+- commit 223f7ba
+
+- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
+  intel_pmu_refresh() (git-fixes).
+- commit 2a600a1
+
+- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS
+  GPAs (git-fixes).
+- commit a048eb5
+
+- KVM: apic: avoid calculating pending eoi from an uninitialized
+  val (git-fixes).
+- commit bd607c6
+
+- KVM: nVMX: handle nested posted interrupts when apicv is
+  disabled for L1 (git-fixes).
+- commit a486b7a
+
+- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF
+  attacks (git-fixes).
+- commit eb73c2f
+
+- KVM: x86: Don't let userspace set host-reserved cr4 bits
+  (git-fixes).
+- commit 404b24a
+
+- net: hso: bail out on interrupt URB allocation failure
+  (git-fixes).
+- commit f562212
+
+- blacklist.conf: misattributed in upstream
+- commit 202e210
+
+- net: rose: fix UAF bugs caused by timer handler (CVE-2022-2318
+  bsc#1201251).
+- commit 84c7e09
+
+- Update patch reference for rose fix (CVE-2022-2318 bsc#1201251)
+- commit 4566057
+
+- xen/netfront: force data bouncing when backend is untrusted
+  (bsc#1200762, CVE-2022-33741, XSA-403).
+- commit 7daee4f
+
+- xen/netfront: fix leaking data in shared pages (bsc#1200762,
+  CVE-2022-33740, XSA-403).
+- commit bfb8cc2
+
+- xen/blkfront: force data bouncing when backend is untrusted
+  (bsc#1200762, CVE-2022-33742, XSA-403).
+- commit 9c6c1df
+
+- xen/blkfront: fix leaking data in shared pages (bsc#1200762,
+  CVE-2022-26365, XSA-403).
+- commit 7095954
+
+- blacklist.conf: Add 6a2d90ba027a ptrace: Reimplement PTRACE_KILL by always sending SIGKILL
+- commit 272b7b1
+
+- config: enable DEBUG_INFO_BTF
+  This option allows users to access the btf type information for vmlinux
+  but not kernel modules.
+- commit fb07e10
+
+- blacklist.conf: Add b4e00444cab4 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
+- commit b1b6d4b
+
libdmtx
-- Update RPM group and use a source URL
-
-- Add few patches to improve funcitonality bnc#881387:
-  * libdmtx-DmtxPropRowPadBytes.patch
-  * libdmtx-explicit-cast.patch
-  * libdmtx-mosaic.patch
-
-- Add baselibs.conf, needed for kdebase4-workspace-libs-32bit
-
-- Fix the SLES build (%make_install not expanded)
-- Fix a couple rpmlint warnings
-
-- change license to be in spdx.org format
-
-- make snprintf available to the sources
-
-- Update to 0.7.4
-  library: Relicensed to use Simplified BSD with waiver option
-  library: Added new error codes and messages in dmtxencode.c
-  library: Added DmtxByteList struct and supporting functions
-  library: Changed file header with updated text
-  library: Fixed ECC bug for 144x144 case (thanks Huver!)
-  library: New Reed Solomon implementation
-  library: New repository structure: libdmtx, dmtx-utils, and dmtx-wrappers
-
-- Add dmtx.
-
libixion
+- Fix build on SLE-12-SP5
+- Remove unneeded vulkan dependency
+
+- Added patch:
+  * libixion-boost-system.patch
+    + fix missing symbols from boost_system library
+
+- update to 0.17.0:
+  * set the baseline C++ version to 17.
+  * mdds has been internalized so that the public header no longer contains
+    references to mdds.  With this change, the users can use different API
+    versions of mdds between the ixion build and run-time use.
+  * cleaned up public API to make use of std::string_view and std::variant
+    where appropriate.
+  * implemented built-in LEFT() function in the formula interpreter.
+  * it is no longer required to set the size of void* at build time to ensure
+    the binaries to be fully functional.
+  * fixed a bug where named expressions with names containing invalid
+    characters were still allowed in.
+
+- Define conditionally make_build to fix build on systems that do
+  not have that macro
+
libnettle
+- update to 3.8.1:
+  * Avoid non-posix m4 argument references in the chacha
+    implementation for arm64, powerpc64 and s390x. Reported by
+    Christian Weisgerber, fix contributed by Mamone Tarsha.
+  * Use explicit .machine pseudo-ops where needed in s390x
+    assembly files. Bug report by Andreas K. Huettel, fix
+    contributed by Mamone Tarsha.
+
+- update to 3.8:
+  This release includes a couple of new features, and many
+  performance improvements. It adds assembly code for two more
+  architectures: ARM64 and S390x.
+  The new version is intended to be fully source and binary
+  compatible with Nettle-3.6. The shared library names are
+  libnettle.so.8.5 and libhogweed.so.6.5, with sonames
+  libnettle.so.8 and libhogweed.so.6.
+  New features:
+  * AES keywrap (RFC 3394), contributed by Nicolas Mora.
+  * SM3 hash function, contributed by Tianjia Zhang.
+  * New functions cbc_aes128_encrypt, cbc_aes192_encrypt,
+    cbc_aes256_encrypt.
+    On processors where AES is fast enough, e.g., x86_64 with
+    aesni instructions, the overhead of using Nettle's general
+    cbc_encrypt can be significant. The new functions can be
+    implemented in assembly, to do multiple blocks with reduced
+    per-block overhead.
+    Note that there's no corresponding new decrypt functions,
+    since the general cbc_decrypt doesn't suffer from the same
+    performance problem.
+  Bug fixes:
+  * Fix fat builds for x86_64 windows, these appear to never
+    have worked.
+  Optimizations:
+  * New ARM64 implementation of AES, GCM, Chacha, SHA1 and
+    SHA256, for processors supporting crypto extensions. Great
+    speedups, and fat builds are supported. Contributed by
+    Mamone Tarsha.
+  * New s390x implementation of AES, GCM, Chacha, memxor, SHA1,
+    SHA256, SHA512 and SHA3. Great speedups, and fat builds are
+    supported. Contributed by Mamone Tarsha.
+  * New PPC64 assembly for ecc modulo/redc operations,
+    contributed by Amitay Isaacs, Martin Schwenke and Alastair
+    D´Silva.
+  * The x86_64 AES implementation using aesni instructions has
+    been reorganized with one separate function per key size,
+    each interleaving the processing of two blocks at a time
+    (when the caller processes multiple blocks with each call).
+    This gives a modest performance improvement on some
+    processors.
+  * Rewritten and faster x86_64 poly1305 assembly.
+- drop libnettle-s390x-CPACF-SHA-AES-support.patch (included in 3.8)
+
+- Make shared libraries executable
+
liborcus
+- Added patch:
+  * no-std-filesystem.patch
+    + use boost::filesystem instead of std::filesystem, in order to
+    allow building with older compilers
+
+- Update to 0.17.2:
+  * fixed a bug where the state of style:cell-protect="none" was not
+    explicitly pushed, thereby having had the same effect as not having this
+    attribute.  After the fix, style:cell-protect="none" will explicitly push
+    the hidden state to false, locked state to false, and the formula-hidden
+    state to false.
+- Update to 0.17.1:
+  * addressed a number of coverity issues.
+  * removed a variety of compiler warnings.
+  * re-generated sax parser tokens from ODF v1.3.
+  * revised the style import code to only push style attributes that are
+    actually specified in the XML.
+  * revised the XML structure validation strategy to ignore any mis-placed
+    elements and their sub structures rather than aborting the import.
+
+- Update to 0.17.0:
+  * set the baseline C++ version to 17.
+  * cleaned up the public API to replace pstring with std::string_view, union
+    with std::variant, and boost::optional with std::optional.  With this
+    change, the public API no longer has dependency on boost.
+  * switched to using ixion::model_iterator for horizontal iteration of cells
+    instead of using mdds::mtv::collection.
+  * fixed a bug where exporting a spreadsheet document containing adjacent
+    merged cells regions to html incorrectly exported the merged cell areas.
+  * cached cell values are now correctly loaded from the xlsx file.
+  * utf-8 names are now allowed as element and attribute names in the sax parser.
+  * unquoted utf-8 property values are now allowed in the css parser.
+  * added yaml output option in orcus-json.
+  * fixed a bug where mapping of an XML document with namespace aliases
+    sometimes corrupts the alias values.
+  * added orcus.FormulaTokenOp enum type in python which describes type formula token
+    operator types in a more finer grained manner.
+  * added notes to how to use orcus-xml and orcus-json to map XML and JSON
+    documents to spreadsheet documents.
+- Drop GCC11_build_fixes.patch
+
+- Define conditionally make_build to fix build on systems that do
+  not have that macro
+
libreoffice
+- Update to 7.3.3.1 (jsc#SLE-23447):
+  You can read the release notes for major version 7.3 here:
+  https://wiki.documentfoundation.org/ReleaseNotes/7.3
+  Release notes for minor releases:
+  https://wiki.documentfoundation.org/Releases/7.3.3/RC1
+  https://wiki.documentfoundation.org/Releases/7.3.2/RC2
+  https://wiki.documentfoundation.org/Releases/7.3.2/RC1
+  https://wiki.documentfoundation.org/Releases/7.3.1/RC3
+  https://wiki.documentfoundation.org/Releases/7.3.1/RC2
+  https://wiki.documentfoundation.org/Releases/7.3.1/RC1
+  https://wiki.documentfoundation.org/Releases/7.3.0/RC3
+  https://wiki.documentfoundation.org/Releases/7.3.0/RC2
+  https://wiki.documentfoundation.org/Releases/7.3.0/RC1
+  https://wiki.documentfoundation.org/Releases/7.3.0/Beta1
+- Update bundled dependencies:
+  * boost_1_75_0.tar.xz -> boost_1_77_0.tar.xz
+  * curl-7.79.1.tar.xz
+  * gpgme-1.13.1.tar.bz2 -> gpgme-1.16.0.tar.bz2
+  * icu4c-69_1-data.zip -> icu4c-70_1-data.zip
+  * icu4c-69_1-src.tgz -> icu4c-70_1-src.tgz
+  * libassuan-2.5.3.tar.bz2 -> libassuan-2.5.5.tar.bz2
+  * libgpg-error-1.37.tar.bz2 -> libgpg-error-1.43.tar.bz2
+  * pdfium-4500.tar.bz2 -> pdfium-4699.tar.bz2
+  * skia-m90-45c57e116ee0ce214bdf78405a4762722e4507d9.tar.xz ->
+    skia-m97-a7230803d64ae9d44f4e1282444801119a3ae967.tar.xz
+- Added patches:
+  * bsc1192616.patch
+- Refreshed patches:
+  * 0001-Revert-java-9-changes.patch
+  * fix_gtk_popover_on_3.20.patch
+  * fix-wayland-scaling-in-plasma.patch
+- Deleted patches:
+  * bsc1183308.patch
+- This package contain the fixes for the following bugs:
+  * bsc#1196212
+  * bsc#1195881
+- This package is not affected by the following bugs:
+  * bsc#1196017
+  * bsc#1196499
+- Enable gtk3_kde5. The gtk3 interface is more stable than the
+  qt5/kf5 one, this option makes it possible to use gtk3 in kde
+  with the kde filepicker (bsc#1197017)
+- Add system_curl build condition
+
libslirp
+- security update
+- added patches
+  fix CVE-2021-3593 [bsc#1187365], invalid pointer initialization may lead to information disclosure (udp6)
+  + libslirp-CVE-2021-3593.patch
+
+- Add patch to fix the version header (bsc#1201551):
+  * 0001-meson-remove-meson-dist-script.patch
+
libyang
+- security update
+- added patches
+  fix CVE-2021-28905 [bsc#1186377], In function lys_node_free() in libyang v1.0.225, it asserts that the value of node-module can't be NULL, which could lead to a DoS
+  + libyang-CVE-2021-28905.patch
+
mozilla-nss
+- update to NSS 3.79.1 (bsc#1202645)
+  * bmo#1366464 - compare signature and signatureAlgorithm fields in legacy certificate verifier.
+  * bmo#1771498 - Uninitialized value in cert_ComputeCertType.
+  * bmo#1759794 - protect SFTKSlot needLogin with slotLock.
+  * bmo#1760998 - avoid data race on primary password change.
+  * bmo#1330271 - check for null template in sec_asn1{d,e}_push_state.
+
+- Update nss-fips-approved-crypto-non-ec.patch to unapprove the
+  rest of the DSA ciphers, keeping signature verification only
+  (bsc#1201298).
+- Update nss-fips-constructor-self-tests.patch to fix compiler
+  warning.
+
nasm
+- Update to version 2.15.05:
+  + Fix {%ifid $} and {%ifid $$} incorrectly being treated as true.
+  + Add {--reproducible} option to suppress NASM version numbers
+    and timestamps in output files. See {opt-reproducible}.
+
+- update to 2.15.4:
+  * More sensible handling of the case where one single-line macro
+  definition will shadow another.
+  * Add special preprocessor tokens \c{%*?} and \c{%*??} that expand
+  like \c{%?} and \c{%??} in single-line macros only. See
+  \k{selfref%*?}.
+  * Fix SSE instructions not being recognized with an explicit memory
+  operation size (e.g. \c{movsd qword [eax],xmm0}).
+  * The \c{-L+} option no longer enables \c{-Lw}, which is mainly
+  useful to debug NASM crashes. See \k{opt-L}.
+  * The NASM-only RDOFF output format backend, which has been broken
+  since at least NASM 2.14, has been disabled. The RDOFF tools are
+  scheduled to be removed from the NASM distribution in NASM 2.16. If
+  you have a concrete use case for RDOFF, please file a NASM bug report
+  at \W{https://bugs.nasm.us/}\c{https://bugs.nasm.us/} as soon as
+  possible. See \k{rdffmt}.
+
+- nasm 2.15.3:
+  * Add instructions from the Intel Instruction Set Extensions and
+    Future Features Programming Reference, June 2020. This includes
+    AVX5512 bfloat16, AVX512 mask intersect, and Intel Advanced
+    Matrix Extensions (AMX).
+  * Support for bfloat16 floating-point constants
+  * various bug fixes
+
+- update to 2.15.2:
+  * Fix the handling of macro parameter ranges (%{:}), including
+    with brace-enclosed original arguments
+- includes changes from 2.15.01:
+  * Add instructions for Intel Control Flow Enforcement Technology
+- includes changes from 2.15:
+  * The comparison and booleanizing operators can now be used in
+    any expression context, not just %if
+  * New operator ? ... :.
+  * Signed shift operators <<< and >>>
+  * The MASM DUP syntax for data definitions is now supported,
+    in a somewhat enhanced form
+  * Warn for strange legacy behavior regarding empty arguments in
+    multi-line macro expansion, but try to match legacy behavior in
+    most cases. Legacy behavior can be disabled with the directive
+    %pragma preproc sane_empty_expansion
+  * A much more sensible limit to expression evaluation depth.
+    The previously defined limit would rarely trigger before NASM
+    died with a stack overrun error on most systems
+  * The state of warnings can now be saved and restored via the
+    [WARNING PUSH] and [WARNING POP] directives
+  * The sectalign on|off switch does not affect an explicit directive
+  * Fixed 'mismatch in operand sizes' error in the MOVDDUP,
+    CMPXCHG8B and CMPXCHG16B instructions.
+  * Removed obsolete gnu-elf-extensions warning about 8- and 16-bit
+    relocation generation
+  * Added group aliases for all prefixed warnings
+  * Added implicitly sized versions of the K... instructions,
+    which allows the K... instructions to be specified without a
+    size suffix as long as the operands are sized
+  * Added -L option for additional listing information
+  * Added some warnings for obsolete instructions for a specified CPU.
+  * Deprecated -hf and -y options. Use -h instead
+  * Made DWARF as the default debug format for ELF
+  * Added %pragma list options... to set or clear listing options
+  * Allowed immediate syntax for LEA instruction (ignore operand
+    size completely)
+  * Added limited functionality MASM compatibility package
+  * Add single-line macros aliases using %defalias or %idefalias.
+    These behave like a kind of "symbolic links" for single-line
+    macros
+  * Added support for stringify, nostrip, evaluating, and greedy
+    single-line macro arguments
+  * Unused single-line macro arguments no longer need to have a
+    specified name
+  * Added conditional comma operator %,
+  * Changed private namespace from __foo__ to __?foo?__, so a user
+    namespace starting from underscore is now clean from symbols.
+    For backwards compatibility, the previous names are defined as
+    aliases
+  * Added support of ELF weak symbols and external references
+  * Changed the behavior of the EXTERN keyword and introduced
+    REQUIRED keyword
+  * Added %ifusable and %ifusing directives
+  * Made various performance improvements and stability fixes in
+    macro preprocessor engine
+  * Improved NASM error handling and cleaned up error messages
+- includes changes from 2.14.03:
+  * Suppress nuisance "label changed during code generation"
+    messages after a real error
+  * Add support for the merge and strings attributes on ELF sections
+  * Add support for the note, preinit_array, init_array, and
+    fini_array sections type in ELF
+  * Handle more than 32,633 sections in ELF
+
ndctl
+- Update to version 74 (jsc#PED-1080):
+  * Many CXL fixes
+  * Some build system fixes
+  * monitor: Fix the monitor config file parsing
+  * ndctl/bus: Handle missing scrub commands more gracefully
+  * ndctl/dimm: Flush invalidated labels after overwrite
+  - Remove upstreamed patch
+  - ndctl-build-Fix-systemd-unit-directory-detection.patch
+  - ndctl-meson-make-modprobedatadir-an-option.patch
+
+- Provide compatibility symlink for libdaxctl.h in the old location
+
+- Update to version 73:
+  * Many CXL fixes
+  * Fix shipped monitor.conf (bsc#1194696 https://github.com/pmem/ndctl/pull/189)
+  * inject-smart: Add support for papr
+  * Switch to meson build system
+    + ndctl-build-Fix-systemd-unit-directory-detection.patch
+    + ndctl-meson-make-modprobedatadir-an-option.patch
+- Add monitor.conf migration as upstream has (bsc#1194696)
+- Use %%config(noreplace) for files in /etc as upstream does.
+- Update to version 72.1
+  * Add support for CXL interface
+  * Configuration file rework
+  * Add service for automatic reconfiguration
+  * Drop upstreamed patches
+  - ndctl-namespace-skip-zero-namespaces-when-processing.patch
+  - ndctl-namespace-Suppress-ENXIO-when-processing-all-n.patch
+  - 0001-ndctl-namespace-Fix-disable-namespace-accounting-rel.patch
+  - 0002-Expose-ndctl_bus_nfit_translate_spa-as-a-public-func.patch
+  - 0003-libndctl-Unify-adding-dimms-for-papr-and-nfit-famili.patch
+  - 0004-daxctl-fail-reconfigure-device-based-on-kernel-onlin.patch
+  - 0005-libdaxctl-add-an-API-to-check-if-a-device-is-active.patch
+  - 0006-libndctl-check-for-active-system-ram-before-disablin.patch
+  - 0007-daxctl-emit-counts-of-total-and-online-memblocks.patch
+  - 0008-ndctl-Update-nvdimm-mailing-list-address.patch
+  - 0009-libndctl-papr-Fix-probe-for-papr-scm-compatible-nvdi.patch
+  - 0010-ndctl-scrub-Stop-translating-return-values.patch
+  - 0011-ndctl-scrub-Reread-scrub-engine-status-at-start.patch
+  - 0012-ndctl-dimm-Fix-label-index-block-calculations.patch
+  - 0013-daxctl-Add-Soft-Reservation-theory-of-operation.patch
+  - 0014-Documentation-ndctl-fix-self-reference-of-ndctl-disa.patch
+  - 0015-ndctl-docs-Clarify-update-firwmware-activation-overf.patch
+  - 0016-libndctl-papr-Add-support-for-reporting-shutdown-cou.patch
+- Add rpmlinrc filter for libcxl and libdaxctl (boo#1191773).
+- Fix asciidoctor conditional
+
open-vm-tools
+- Update to 12.1.0 (build 20219665) (boo#1202733)
+  + New/Updated features:
+  - Contains security update fix for (bsc#1202657) - (CVE-2022-31676)
+    VUL-0: CVE-2022-31676: open-vm-tools:
+    local privilege escalation vulnerability
+  + A number of Coverity reported issues have been addressed.
+  + [FTBFS] Fix the build of the ContainerInfo plugin for a 32-bit Linux
+    release:
+    https://github.com/vmware/open-vm-tools/pull/588
+  + Make HgfsConvertFromNtTimeNsec aware of 64-bit time_t on i386 (32-bit)
+    This change incorporates the support of 64 bit time epoch conversion
+    from Windows NT time to Unix Epoch time on i386.
+    https://github.com/vmware/open-vm-tools/pull/387
+- Drop patch now contained in 12.1.0:
+  + gcc_size_t.patch
+
openldap2
+- bsc#1198341 - Prevent memory reuse which may lead to instability
+  * 0243-Change-malloc-to-use-calloc-to-prevent-memory-reuse-.patch
+
osinfo-db
+- bsc#1197958 - request support for SLE15-SP4 in the osinfo database
+- Add support for SUSE linux Enterprise Micro 5.2
+  add-slem5.2-support.patch
+
+- bsc#1196965 - openSUSE Tumbleweed unattended installation with
+  libvirt fails
+  opensuse-autoyast-desktop.patch
+
+- Update to database version 20220214
+  osinfo-db-20220214.tar.xz
+
perl-HTTP-Daemon
+- Fix request smuggling in HTTP::Daemon
+  (CVE-2022-31081, bsc#1201157)
+  * CVE-2022-31081.patch
+  * CVE-2022-31081-2.patch
+  * CVE-2022-31081-Add-new-test-for-Content-Length-issues.patch
+
post-build-checks
+- Update to version 84.87+git20220325.f46ef3c:
+  * enable -z now linking by default
+
+- Update to version 84.87+git20220322.48f07a0:
+  * Remove errneous whitespaces
+  * fix comparison name
+
+- Update to version 84.87+git20220321.9651edb:
+  * Restore secure permissions in build environment (bsc#1159963)
+  * Handle default being easy
+  * Various speedups around invoking rpm
+- change service file from disabled to manual
+
+- Update to version 84.87+git20220128.77a97b9:
+  * change cross build detection logic to be more robust
+  * kill useless use of cat awards
+
+- Update to version 84.87+git20220128.2a04ecb:
+  * keep package that provides /usr/bin/sh
+
+- Update to version 84.87+git20210517.d960568:
+  * support cross builds
+
postgresql10
+- Update to 10.22:
+  * bsc#1202368, CVE-2022-2625: Extension scripts replace objects
+    not belonging to the extension.
+  * https://www.postgresql.org/docs/release/10.22/
+
procps
+- Add the patches
+  * procps-3.3.17-library-bsc1181475.patch
+  * procps-3.3.17-top-bsc1181475.patch
+  which are backports of current newlib tree to solve bug bsc#1181475
+  * 'free' command reports misleading "used" value
+
python-lxml
+- add CVE-2022-2309.patch (bsc#1201253, CVE-2022-2309)
+
python3-libmount
+- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
+  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
+- libmount: When moving a mount point, update all sub mount entries
+  in utab (bsc#1198731,
+  util-linux-libmount-moving-mount-point-sub-mounts.patch,
+  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
+
raptor
+- add CVE-2020-25713-raptor2-malformed-input-file-can-lead.patch (bsc#1178903, CVE-2020-25713)
+
-- Update to v2.0.7
-  * CVE-2012-0037 fixed (bnc#745298)
-  * Removed Expat support
-  * Removed internal Unicode NFC code for better and optional ICU
-  * Added options for denying file requests and XML entity loading
-  * Added options for SSL certificate verifying
-
rubygem-rails-html-sanitizer
+- Add patch 0001_CVE-2022-32209.patch
+  This patch fixes CVE-2022-32209 (bsc#1201183)
+
scap-security-guide
+- updated to 0.1.63 (jsc#ECO-3319)
+  - multiple bugfixes in SUSE profiles
+  - Expand project guidelines
+  - Add Draft OCP4 STIG profile
+  - Add anssi_bp28_intermediary profile
+  - add products/uos20 to support UnionTech OS Server 20
+  - products/alinux3: Add CIS Alibaba Cloud Linux 3 profiles
+  - Remove WRLinux Products
+  - Update CIS RHEL8 Benchmark for v2.0.0
+- removed fix-bash-template.patch: fixed upstream
+- Fixed: stig: /etc/shadow group owner should not be root but shadow (bsc#1200149)
+- Fixed: sles15_script-stig.sh: remediation_functions: No such file or directory (bsc#1200163)
+- Fixed: SLES-15-010130 - The SUSE operating system must initiate a session lock after a 15-minute period of inactivity (bsc#1200122)
+
systemd
+- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one
+  pointing to /usr/lib/systemd/ (bsc#1201795)
+
+- Update 1009-Drop-or-soften-some-of-the-deprecation-warnings.patch (jsc#PED-944)
+  To decrease log level of messages about use of KillMode=none from warning to
+  debug. SAP still uses this deprecated option and the warnings emitted by PID1
+  confuse both SAP customers and support.
+
+- Import commit 7b70d88264a588fdba36c6e7655d1feea2b0e0a0 (merge of v249.12)
+  For a complete list of changes, visit:
+  https://github.com/openSUSE/systemd/compare/4949659dd6ce81845e13034504fe06b85a02f08b...7b70d88264a588fdba36c6e7655d1feea2b0e0a0
+
+- Import commit 4949659dd6ce81845e13034504fe06b85a02f08b
+  0f096f16ba tmpfiles: check the directory we were supposed to create, not its parent
+  82c3793e43 stat-util: replace is_dir() + is_dir_fd() by single is_dir_full() call
+  2191a9ae95 logind: don't delay login for root even if systemd-user-sessions.service is not activated yet (bsc#1195059)
+
systemd-presets-common-SUSE
+- enable ignition-delete-config by default (bsc#1199524)
+
+- Modify branding-preset-states to fix systemd-presets-common-SUSE
+  not enabling new user systemd service preset configuration just
+  as it handles system service presets. By passing an (optional)
+  second parameter "user", the save/apply-changes commands now
+  work with user services instead of system ones (boo#1200485)
+
+- Add the wireplumber user service preset to enable it by default
+  in SLE15-SP4 where it replaced pipewire-media-session, but keep
+  pipewire-media-session preset so we don't have to branch the
+  systemd-presets-common-SUSE package for SP4 (boo#1200485)
+
timezone
+- Update to reflect new Chile DST change, bsc#1202310
+  * bsc1202310.patch
+
timezone-java
+- Update to reflect new Chile DST change, bsc#1202310
+  * bsc1202310.patch
+
transactional-update
+- Version 4.0.1
+  - create_dirs_from_rpmdb: Just warn if no default SELinux context found
+    [gh#openSUSE/transactional-update#88], [bsc#1188215]
+  - create_dirs_from_rpmdb: Don't update the rpmdb cookie on failure
+    [gh#openSUSE/transactional-update#88]
+  - Handle directories owned by multiple packages
+    [gh#openSUSE/transactional-update#90], [bsc#1188215]
+
u-boot
+Fix out-of-bounds write in sqfs_readdir() may lead to arbitrary code execution CVE-2022-33103 (bsc#1201213)
+  Patch queue updated from https://github.com/openSUSE/u-boot.git sle15-sp4
+  * Patches added:
+  0022-fs-squashfs-sqfs_read-Prevent-arbit.patch
+
ucode-intel
+- Updated to Intel CPU Microcode 20220809 release. (bsc#1201727)
+  - CVE-2022-21233: Security updates for [INTEL-SA-00657](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html).
+  - Update for functional issues. Refer to [Intel® Xeon® Processor Scalable Family Specification
+  +Update](https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scalable-spec-update.html?wapkw=processor+specification+update) for details.  - Updated Platforms:
+  | Processor      | Stepping | F-M-S/PI    | Old Ver  | New Ver  | Products
+  |:---------------|:---------|:------------|:---------|:---------|:---------
+  | SKX-SP         | B1       | 06-55-03/97 | 0100015d | 0100015e | Xeon Scalable
+  | SKX-SP         | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon Scalable
+  | SKX-D          | M1       | 06-55-04/b7 | 02006d05 | 02006e05 | Xeon D-21xx
+  | ICX-SP         | D0       | 06-6a-06/87 | 0d000363 | 0d000375 | Xeon Scalable Gen3
+  | GLK            | B0       | 06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron N/J4xxx
+  | GLK-R          | R0       | 06-7a-08/01 | 0000001e | 00000020 | Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120
+  | ICL-U/Y        | D1       | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile
+  | TGL-R          | C0       | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11 Mobile
+  | TGL-H          | R0       | 06-8d-01/c2 | 0000003e | 00000040 | Core Gen11 Mobile
+  | RKL-S          | B0       | 06-a7-01/02 | 00000053 | 00000054 | Core Gen11
+  | ADL            | C0       | 06-97-02/03 | 0000001f | 00000022 | Core Gen12
+  | ADL            | C0       | 06-97-05/03 | 0000001f | 00000022 | Core Gen12
+  | ADL            | L0       | 06-9a-03/80 | 0000041c | 00000421 | Core Gen12
+  | ADL            | L0       | 06-9a-04/80 | 0000041c | 00000421 | Core Gen12
+  | ADL            | C0       | 06-bf-02/03 | 0000001f | 00000022 | Core Gen12
+  | ADL            | C0       | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
+
util-linux
+- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
+  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
+- libmount: When moving a mount point, update all sub mount entries
+  in utab (bsc#1198731,
+  util-linux-libmount-moving-mount-point-sub-mounts.patch,
+  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
+
util-linux-systemd
+- agetty: Resolve tty name even if stdin is specified (bsc#1197178,
+  util-linux-agetty-resolve-tty-if-stdin-is-specified.patch).
+- libmount: When moving a mount point, update all sub mount entries
+  in utab (bsc#1198731,
+  util-linux-libmount-moving-mount-point-sub-mounts.patch,
+  util-linux-libmount-fix-and-improve-utab-on-ms_move.patch).
+
xcb-util-cursor
-- Clean up with spec-cleaner
-- Make building more verbose
-
-- Update to version 0.1.3:
-  * Add a --with-cursorpath option to configure
-
-- removed u_fix-issue-with-gcc.patch
-  * patch was only necessary with gcc in 2013, when building
-    'awesome' against the static library; we do not ship the static
-    libary (did we ever?)
-    https://lists.freedesktop.org/archives/xcb/2016-April/010737.html
-
-- added baselibs.conf as source to specfile
-
-- Update to version 0.1.2:
-  + Use CFSwapInt32LittleToHost from CoreFoundation.h on Mac OS X
-    to implement le32toh.
-  + Check submodules before running autoconf.
-  + darwin: Use OSByteOrder.h rather than CF.
-  + Perform safety check before trying to load glyph cursor
-
-- Update to version 0.1.1:
-  + Fix memleak with broken resource databases
-  + Check exact RENDER version that the server supports
-  + Use LE_32 macro from <sys/byteorder.h> on Solaris versions without le32toh()
-  + Use $(AM_V_GEN) when calling gperf
-  + Fail the build if gperf is needed, but not found
-  + handle read() errors
-  + Bugfix: Properly load cursor files where not all cursors are suitable
-
-- renamed patch according to the X11:XOrg patch guidelines
-
-- Fix issue with GCC
-
-- Initial package, version 0.1.0+2
-
yast2
+- On transactional systems, inform the user that packages are
+  required to be installed manually (related to bsc#1199840)
+- 4.5.11
+
yast2-security
+- Do not crash when reading active LSM modules returns nil
+  (related to jsc#SLE-22069)
+- 4.5.1
+
yast2-tune
+- Added runtime dependency on hwinfo (bsc#1202651)
+- 4.5.1
+
yast2-users
+- AY: Fix writing ssh keys for user without specified home
+  (bsc#1201185)
+- 4.5.2
+
zlib
-- CVE-2018-25032: Fix memory corruption on deflate, bsc#1197459
-  * bsc1197459.patch
-
-- Update 410.patch to include new fixes from upstream,
-  fixes bsc#1192688
-- Refresh bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
-  to match upstream commit
-- Drop patches which changes have been merged in 410.patch:
-  * zlib-compression-switching.patch
-  * zlib-390x-z15-fix-hw-compression.patch
-  * bsc1174551-fxi-imcomplete-raw-streams.patch
-
-- Fix hw compression on z15 bsc#1176201
-- Add zlib-s390x-z15-fix-hw-compression.patch
-
-- Add patch to fix compression level switching
-  bsc#1175811 bsc#1175830 bsc#1175831
-  * zlib-compression-switching.patch
-
-- Set -DDFLTCC_LEVEL_MASK=0x7e on s390/s390x jsc#13776
-
-- Permit a deflateParams() parameter change as soon as possible(bsc#1174736)
-  * bsc1174736-DFLTCC_LEVEL_MASK-set-to-0x1ff.patch
-  Fix DFLTCC not flushing EOBS when creating raw streams(bsc#1174551)
-  * bsc1174551-fxi-imcomplete-raw-streams.patch
-
-- Update 410.patch to contain latest fixes from IBM bsc#1166260
-  * The build behaviour changed
-
-- Update the zlib-no-version-check.patch to be even more forgiving
-  with the versions on the zlib to allow updates without rebuilds
-
-- Add SUSE specific patch to fix bsc#1138793, we simply don't want
-  to test if the app was linked with exactly same version of zlib
-  like the one that is present on the runtime:
-  * zlib-no-version-check.patch
-
-- Update the s390 patchset bsc#1137624:
-  * 410.patch
-
-- Tweak zlib-power8-fate325307.patch to have type of crc32_vpmsum
-  conform to usage
-  bsc#1141059
-
-- Use FAT LTO objects in order to provide proper static library.
-
-- Do not enable the previous patchset on s390 but just s390x
-  bsc#1137624
-
-- Add patchset for s390 improvements jsc#SLE-5807 bsc#1136717:
-  * 410.patch
-
-- Try to safely abort if we get NULL ptr bsc#1110304 bsc#1129576:
-  * zlib-power8-fate325307.patch
-
-- Add patch for fate#325307 zlib speedup on power8:
-  * zlib-power8-fate325307.patch
-
-- Add patch to safeguard against negative values in uInt bsc#1071321:
-  * 0001-Do-not-try-to-store-negative-values-in-unsigned-int.patch
-
-- Added 32bit minizip support
-
-- Add gpg signature
-- Re-enable profiling
-
-- Add s390 performance patch (fate#314093):
-  * zlib-1.2.11-optimized-s390.patch
-
-- baselibs.conf: add missing dependencies
-
-- Update to version 1.2.11:
-  * Fix deflate stored bug when pulling last block from window
-  * Permit immediate deflateParams changes before any deflate input
-
-- Update to version 1.2.10:
-  * Avoid warnings on snprintf() return value
-  * Fix bug in deflate_stored() for zero-length input
-  * Fix bug in gzwrite.c that produced corrupt gzip files
-  * Remove files to be installed before copying them in Makefile.in
-  * Add warnings when compiling with assembler code
-
-- Update to version 1.2.9:
-  * Improve compress() and uncompress() to support large lengths
-  * Allow building zlib outside of the source directory
-  * Fix bug when level 0 used with Z_HUFFMAN or Z_RLE
-  * Fix bugs in creating a very large gzip header
-  * Add uncompress2() function, which returns the input size used
-  * Dramatically speed up deflation for level 0 (storing)
-  * Add gzfread() and gzfwrite(), duplicating the interfaces of fread() and fwrite()
-  * Add crc32_z() and adler32_z() functions with size_t lengths
-  * Many portability improvements
-- Drop patches included in upstream:
-  * zlib-bnc1003577.patch
-  * zlib-bnc1003579-part2.patch
-  * zlib-bnc1003579.patch
-  * zlib-bnc1003580.patch
-  * zlib-bnc1013882.patch
-- Drop zlib-1.2.7-improve-longest_match-performance.patch
-  * not accepted by upstream for two releases
-  * rebasing no longer possible
-
-- Include fixes for bnc#1003580 bnc#1003579 bnc#1003577 bnc#1013882:
-  * zlib-bnc1003577.patch
-  * zlib-bnc1003579-part2.patch
-  * zlib-bnc1003579.patch
-  * zlib-bnc1003580.patch refreshed
-  * zlib-bnc1013882.patch CVE-2016-9843
-
-- Trim descriptions to fit target audience. Update RPM group
-  classification.
-
-- Require zlib-devel in zlib-devel-static to fix previous change
-
-- Bring back zlib-devel-static. Needed by binutils
-
-- Remove zlib-devel-static, nothing should use libz.a anyway.
-- Package minizip library, everything using it should now pull
-  minizip-devel and unbundle it bnc#935864
-