Image summary for suse-sles-15-sp2-chost-byos-v20220126-hvm-ssd-x86_64

SUSE-IU-2022:29-1

This update ships librdkafka 0.11.6 to SUSE Linux Enterprise Server 15.
librdkafka is a C library implementation of the Apache Kafka protocol, containing both Producer and Consumer support.

This update for shim fixes the following issues:

• Fixes an issue where shim-install crashed (bsc#1145802, bsc#1145676)

This update for shim fixes the following issues:
This update addresses the 'BootHole' security issue (master CVE CVE-2020-10713), by disallowing binaries signed by the previous SUSE UEFI signing key from booting.
This update should only be installed after updates of grub2, the Linux kernel and (if used) Xen from July / August 2020 are applied.

Changes:
Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994)

• Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin
• Add vendor-dbx.bin as the vendor dbx to block unwanted keys

• Update the path to grub-tpm.efi in shim-install (bsc#1174320)
• Only check EFI variable copying when Secure Boot is enabled (bsc#1173411)
• Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104)
• shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. (bsc#1153953)
• shim-install: install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)

This update contains changes needed for Common criteria certification.
shim:

• add a temporary shim loader EFI signed by SUSE that contains additional checks of Extended Key Usage for Codesigning (bsc#1177315)

• Configure alternative shim (bsc#1177315)
• Remove curve25519-sha256@libssh.org as it doesn't work in fips mode
• doc: logrotate is started via timer

This update for shim-susesigned fixes the following issues:

• Fix a buffer use-after-free at the end of the EKU verification in shim-susesigned (bsc#1177315)

This update for shim fixes the following issues:

• Update to the unified shim binary for SBAT support (bsc#1182057) + Merged EKU codesign check (bsc#1177315)
• shim-install: Always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464).

This update for shim fixes the following issues:

• shim-install: instead of assuming 'removable' for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)

This update for shim fixes the following issues:

• shim-install: remove the unexpected residual 'removable' label for Azure (bsc#1185464, bsc#1185961)

This update for shim fixes the following issues:
Update to shim to 15.4-4.7.1, Version: 15.4, 'Thu Jul 15 2021' Update the SLE signatures
Includes fixes for various bugs in MOK handling and booting (bsc#1187696, bsc#1185261, bsc#1185441, bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261, bsc#1187260, bsc#1185232)
Remove shim-install because the shim-install is updated in the RPM.

This update for librdkafka fixes the following issue:

• Fixed thread creation on SUSE Linux Enterprise Server 15 SP3. (bsc#1189792)

This update for shim-susesigned fixes the following issues:
Sync with Microsoft signed shim to Thu Jul 15 08:13:26 UTC 2021.
This update addresses the 'susesigned' shim component.
shim was updated to 15.4 (bsc#1182057)

• console: Move the countdown function to console.c
• fallback: show a countdown menu before reset
• MOK: Fix the missing vendor cert in MokListRT
• mok: fix the mirroring of RT variables
• Add the license change statement for errlog.c and mok.c
• Remove a couple of incorrect license claims.
• MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid
• Make EFI variable copying fatal only on secureboot enabled systems
• Remove call to TPM2 get_event_log
• tpm: Fix off-by-one error when calculating event size
• tpm: Define EFI_VARIABLE_DATA_TREE as packed
• tpm: Don't log duplicate identical events
• VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls
• OpenSSL: always provide OBJ_create() with name strings.
• translate_slashes(): don't write to string literals
• Fix a use of strlen() instead of Strlen()
• shim: Update EFI_LOADED_IMAGE with the second stage loader file path
• tpm: Include information about PE/COFF images in the TPM Event Log
• Fix a broken tpm type
• All newly released openSUSE kernels enable kernel lockdown and signature verification, so there is no need to add the prompt anymore.
• Fix the NULL pointer dereference in AuthenticodeVerify()
• Remove the build ID to make the binary reproducible when building with AArch64 container
• Prevent the build id being added to the binary. That can cause issues with the signature
• Allocate MOK config table as BootServicesData to avoid the error message from linux kernel
• Handle ignore_db and user_insecure_mode correctly (bsc#1185441)
• Relax the maximum variable size check for u-boot
• Relax the check for import_mok_state() when Secure Boot is off
• Relax the check for the LoadOptions length
• Fix the size of rela* sections for AArch64
• Disable exporting vendor-dbx to MokListXRT
• Don't call QueryVariableInfo() on EFI 1.10 machines
• Avoid buffer overflow when copying the MOK config table
• Avoid deleting the mirrored RT variables
• Update to 15.3 for SBAT support (bsc#1182057)
• Generate vender-specific SBAT metadata
• Rename the SBAT variable and fix the self-check of SBAT
• Split the keys in vendor-dbx.bin to vendor-dbx-sles and vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce the size of MokListXRT (bsc#1185261)
• shim-install: reset def_shim_efi to 'shim.efi' if the given file doesn't exist
• shim-install: instead of assuming 'removable' for Azure, remove fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot to make \EFI\Boot bootable and keep the boot option created by efibootmgr (bsc#1185464, bsc#1185961)
• shim-install: always assume 'removable' for Azure to avoid the endless reset loop (bsc#1185464)
• shim-install: Support changing default shim efi binary in /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
• Update dbx-cert.tar.xz and vendor-dbx.bin to block the following sign keys: + SLES-UEFI-SIGN-Certificate-2020-07.crt + openSUSE-UEFI-SIGN-Certificate-2020-07.crt

This update for pam fixes the following issues:

• Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987)

This update for suse-module-tools fixes the following issues:

Update to version 15.2.15:

• Fix bad exit status in openQA. (bsc#1191922)
• Deal with existing certificates that should be de-enrolled. (bsc#1191804)
• Ignore kernel keyring for kernel certificates. (bsc#1191480)
• Print 'mokutil' output in verbose mode.
• Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)
• Don't pass existing files to weak-modules2. (bsc#1191200)

This update for util-linux fixes the following issues:
Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

• CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
• agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
• mount: Fix 'mount' output for net file systems (bsc#1122417).
• ipcs: Avoid overflows (bsc#1178236)

This update for pcre fixes the following issues:
Update pcre to version 8.45:

• CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
• CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

This update for iproute2 fixes the following issues:

• Follow-up fixes backported from upstream. (bsc#1160242)

This update for less fixes the following issues:

• Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552)

This update for apparmor fixes the following issues:

• Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

This update for SUSEConnect contains the following fix:

• Update to 0.3.32: - Allow --regcode and --instance-data attributes at the same time. (jsc#PCT-164) - Document that 'debug' can also get set in the config file - --status will also print the subscription name

This update for samba fixes the following issues:

• Fix wrong 'kvno' exported to keytab after 'net ads changetrustpw' due to replication delay. (bsc#1188727)

This update for samba fixes the following issues:

• CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440).
• CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284).
• CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214).

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
• CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563).
• CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107).
• CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958).
• CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067).
• CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673).
• CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063).
• CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349).
• CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479).
• CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317).
• CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315).

• ACPI: bgrt: Fix CFI violation (git-fixes).
• ACPI: fix NULL pointer dereference (git-fixes).
• ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
• ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
• ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
• ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes).
• ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes).
• ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
• ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes).
• ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
• ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
• ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
• ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
• Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
• HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes).
• HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
• HID: u2fzero: ignore incomplete packets without data (git-fixes).
• HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
• HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes).
• ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
• IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241).
• Input: snvs_pwrkey - add clk handling (git-fixes).
• Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
• KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395).
• KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395).
• KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
• KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395).
• KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
• KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
• NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes).
• NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes).
• NFS: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself (bsc#1191628 bsc#1192549).
• NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628).
• PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
• USB: cdc-acm: clean up probe error labels (git-fixes).
• USB: cdc-acm: fix minor-number release (git-fixes).
• USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
• USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
• USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
• USB: serial: qcserial: add EM9191 QDL support (git-fixes).
• USB: xhci: dbc: fix tty registration race (git-fixes).
• acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
• ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes).
• ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes).
• audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes).
• bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456).
• blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
• blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452).
• block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
• bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes).
• bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes).
• bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
• bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
• can: dev: can_restart: fix use after free bug (git-fixes).
• can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
• can: peak_usb: fix use after free bugs (git-fixes).
• can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes).
• can: rcar_can: fix suspend/resume (git-fixes).
• can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes).
• can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
• cb710: avoid NULL pointer subtraction (git-fixes).
• ceph: fix handling of 'meta' errors (bsc#1192041).
• ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040).
• cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
• drm/amd/display: Pass PCI deviceid into DC (git-fixes).
• drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
• drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
• drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes).
• drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
• drm/nouveau/debugfs: fix file release memory leak (git-fixes).
• drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
• e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
• e100: fix buffer overrun in e100_get_regs (git-fixes).
• e100: fix length calculation in e100_get_regs_len (git-fixes).
• e100: handle eeprom as little endian (git-fixes).
• ext4: fix reserved space counter leakage (bsc#1191450).
• ext4: report correct st_size for encrypted symlinks (bsc#1191449).
• fs, mm: fix race in unlinking swapfile (bsc#1191455).
• fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449).
• ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267).
• gpio: pca953x: Improve bias setting (git-fixes).
• gve: Avoid freeing NULL pointer (git-fixes).
• gve: Correct available tx qpl check (git-fixes).
• gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
• gve: fix gve_get_stats() (git-fixes).
• gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940).
• hso: fix bailout in error case of probe (git-fixes).
• i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes).
• i40e: Fix ATR queue selection (git-fixes).
• i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
• i40e: fix endless loop under rtnl (git-fixes).
• iavf: fix double unlock of crit_lock (git-fixes).
• ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
• iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes).
• iio: adc: aspeed: set driver data when adc probe (git-fixes).
• iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
• iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
• iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
• iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes).
• iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
• ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
• ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241).
• isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
• isdn: mISDN: Fix sleeping function called from invalid context (git-fixes).
• ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
• kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
• kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167).
• kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).')
• kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
• lan78xx: select CRC32 (git-fixes).
• libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes).
• mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes).
• mac80211: check return value of rhashtable_init (git-fixes).
• mei: me: add Ice Lake-N device id (git-fixes).
• mlx5: count all link events (git-fixes).
• mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
• mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
• mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes).
• mmc: vub300: fix control-message timeouts (git-fixes).
• net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
• net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
• net/mlx4_en: Resolve bad operstate value (git-fixes).
• net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
• net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
• net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
• net: batman-adv: fix error handling (git-fixes).
• net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes).
• net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes).
• net: cdc_eem: fix tx fixup skb leak (git-fixes).
• net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
• net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
• net: hso: add failure handler for add_net_device (git-fixes).
• net: hso: fix NULL-deref on disconnect regression (git-fixes).
• net: hso: fix null-ptr-deref during tty device unregistration (git-fixes).
• net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
• net: lan78xx: fix division by zero in send path (git-fixes).
• net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800).
• net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes).
• netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
• nfc: fix error handling of nfc_proto_register() (git-fixes).
• nfc: port100: fix using -ERRNO as command type mask (git-fixes).
• nvme-fc: avoid race between time out and tear down (bsc#1185762).
• nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
• nvme-fc: update hardware queues before using them (bsc#1185762).
• nvme-pci: Fix abort command id (git-fixes).
• nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
• nvme-pci: refactor nvme_unmap_data (bsc#1191934).
• nvme: add command id quirk for apple controllers (git-fixes).
• ocfs2: fix data corruption after conversion from inline format (bsc#1190795).
• pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
• phy: mdio: fix memory leak (git-fixes).
• platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes).
• platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes).
• powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
• powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
• powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
• powerpc/lib: Fix emulate_step() std test (bsc#1065729).
• powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes).
• powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes).
• pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes).
• ptp_pch: Load module automatically if ID matches (git-fixes).
• ptp_pch: Restore dependency on PCI (git-fixes).
• qed: Fix missing error code in qed_slowpath_start() (git-fixes).
• qed: Handle management FW error (git-fixes).
• qed: rdma - do not wait for resources under hw error recovery flow (git-fixes).
• regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
• rpm: fix kmp install path
• rpm: use _rpmmacrodir (boo#1191384)
• scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145).
• scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145).
• scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145).
• scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145).
• scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349).
• scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
• scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145).
• scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
• scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145).
• scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
• scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
• scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
• scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
• scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
• scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
• scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
• scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941).
• scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941).
• scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941).
• scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941).
• scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
• scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
• scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
• scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
• scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
• scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
• scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
• scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
• scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941).
• scsi: qla2xxx: Fix port type info (bsc#1190941).
• scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
• scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
• scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941).
• scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
• scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
• scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941).
• scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
• scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
• scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941).
• scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
• scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
• scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
• scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
• scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941).
• scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
• scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941).
• scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
• scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
• scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
• scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
• scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
• sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351).
• soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
• spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes).
• tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729).
• usb: hso: fix error handling code of hso_create_net_device (git-fixes).
• usb: hso: remove the bailout parameter (git-fixes).
• usb: musb: dsps: Fix the probe error path (git-fixes).
• video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes).
• virtio: write back F_VERSION_1 before validate (git-fixes).
• watchdog: orion: use 0 for unset heartbeat (git-fixes).
• x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
• x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489).
• x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489).
• xen: fix setting of max_pfn in shared_info (git-fixes).
• xen: reset legacy rtc flag for PV domU (git-fixes).
• xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006).
• xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006).
• xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642).
• xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
• xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
• xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes).
• xhci: Fix command ring pointer corruption while aborting a command (git-fixes).
• xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
• xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).

This update for bind fixes the following issues:

• CVE-2021-25219: Fixed lame cache that could have been abused to severely degrade resolver performance (bsc#1192146).

This update for dracut fixes the following issues:

• Fixed multipath devices that always default to bfq scheduler (bsc#1188713)
• Fixed unbootable system when testing kernel 5.14 (bsc#1190326)
• Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190)
• Add iscsid.service requirements (bsc#1187190)

This update for xfsprogs fixes the following issues:

• Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566)
• Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675)
• xfs_io: include support for label command (bsc#1191500)
• xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983)
• xfs_admin: add support for external log devices (bsc#1189984)

This update for gcc11 fixes the following issues:
The additional GNU compiler collection GCC 11 is provided:
To select these compilers install the packages:

• gcc11
• gcc-c++11
• and others with 11 prefix.

• CC='gcc-11'
• CXX='g++-11'

This update for systemd fixes the following issues:

• Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103)
• Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161)
• shutdown: Reduce log level of unmounts (bsc#1191252)
• pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803)
• core: rework how we connect to the bus (bsc#1190325)
• mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984)
• virt: detect Amazon EC2 Nitro instance (bsc#1190440)
• Several fixes for umount
• busctl: use usec granularity for the timestamp printed by the busctl monitor command
• fix unitialized fields in MountPoint in dm_list_get()
• shutdown: explicitly set a log target
• mount-util: add mount_option_mangle()
• dissect: automatically mark partitions read-only that have a read-only file system
• build-sys: require proper libmount version
• systemd-shutdown: use log_set_prohibit_ipc(true)
• rationalize interface for opening/closing logging
• pid1: when we can't log to journal, remember our fallback log target
• log: remove LOG_TARGET_SAFE pseudo log target
• log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console()
• log: add new 'prohibit_ipc' flag to logging system
• log: make log_set_upgrade_syslog_to_journal() take effect immediately
• dbus: split up bus_done() into seperate functions
• machine-id-setup: generate machine-id from DMI product ID on Amazon EC2
• virt: if we detect Xen by DMI, trust that over CPUID

This update for glibc fixes the following issues:

• libio: do not attempt to free wide buffers of legacy streams (bsc#1183085)
• CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496)

This update for ruby2.5 fixes the following issues:

• CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375).
• CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161).
• CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160).

This update for libzypp, zypper fixes the following issues:
libzypp:

• Check log writer before accessing it (bsc#1192337)
• Zypper should keep cached files if transaction is aborted (bsc#1190356)
• Require a minimum number of mirrors for multicurl (bsc#1191609)
• Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324)
• Fixed zypper incomplete messages when using non English localization (bsc#1191370)
• RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286)
• Disable logger in the child process after fork (bsc#1192436)

• Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418)

This update for cracklib fixes the following issues:

• Enable build time tests (bsc#1191736)

This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)

• Palestine will fall back 10-29 (not 10-30) at 01:00
• Fiji suspends DST for the 2021/2022 season
• 'zic -r' marks unspecified timestamps with '-00'
• Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
• Refresh timezone info for china

This update for xen fixes the following issues:

• CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363).
• CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557).
• CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559).
• CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554).

• Update to Xen 4.13.4 bug fix release (bsc#1027519).

This update for keyutils fixes the following issues:

• Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

• Revert the change notifications that were using /dev/watch_queue.
• Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
• Allow 'keyctl supports' to retrieve raw capability data.
• Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
• Allow 'keyctl new_session' to name the keyring.
• Allow 'keyctl add/padd/etc.' to take hex-encoded data.
• Add 'keyctl watch*' to expose kernel change notifications on keys.
• Add caps for namespacing and notifications.
• Set a default TTL on keys that upcall for name resolution.
• Explicitly clear memory after it's held sensitive information.
• Various manual page fixes.
• Fix C++-related errors.
• Add support for keyctl_move().
• Add support for keyctl_capabilities().
• Make key=val list optional for various public-key ops.
• Fix system call signature for KEYCTL_PKEY_QUERY.
• Fix 'keyctl pkey_query' argument passing.
• Use keyctl_read_alloc() in dump_key_tree_aux().
• Various manual page fixes.

• Apply various specfile cleanups from Fedora.
• request-key: Provide a command line option to suppress helper execution.
• request-key: Find least-wildcard match rather than first match.
• Remove the dependency on MIT Kerberos.
• Fix some error messages
• keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
• Fix doc and comment typos.
• Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
• Add pkg-config support for finding libkeyutils.
• upstream isn't offering PGP signatures for the source tarballs anymore

• Add keyring restriction support.
• Add KDF support to the Diffie-Helman function.
• DNS: Add support for AFS config files and SRV records

This update for aaa_base fixes the following issues:

• Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504).
• Add $HOME/.local/bin to PATH, if it exists (bsc#1192248).
• Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563).
• Support xz compressed kernel (bsc#1162581)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573)

• CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045).
• CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781).
• CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790)
• CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961).
• CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958).
• CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601).

• ABI: sysfs-kernel-slab: Document some stats (git-fixes).
• ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes).
• ALSA: ua101: fix division by zero at probe (git-fixes).
• ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes).
• ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes).
• ASoC: cs42l42: Correct some register default values (git-fixes).
• ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes).
• ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes).
• ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes).
• ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes).
• ASoC: rockchip: Use generic dmaengine code (git-fixes).
• ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes).
• ath10k: fix control-message timeout (git-fixes).
• ath10k: fix division by zero in send path (git-fixes).
• ath10k: fix max antenna gain unit (git-fixes).
• ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes).
• ath6kl: fix control-message timeout (git-fixes).
• ath6kl: fix division by zero in send path (git-fixes).
• ath9k: Fix potential interrupt storm on queue reset (git-fixes).
• auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes).
• auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes).
• auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes).
• b43: fix a lower bounds test (git-fixes).
• b43legacy: fix a lower bounds test (git-fixes).
• Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes).
• Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes).
• bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573)
• bpf: Disallow unprivileged bpf by default (jsc#SLE-22573).
• bpf: Fix potential race in tail call compatibility check (git-fixes).
• btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896).
• btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896).
• btrfs: fix memory ordering between normal and ordered work functions (git-fixes).
• btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896).
• cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes).
• config: disable unprivileged BPF by default (jsc#SLE-22573)
• crypto: caam - disable pkc for non-E SoCs (git-fixes).
• crypto: qat - detect PFVF collision after ACK (git-fixes).
• crypto: qat - disregard spurious PFVF interrupts (git-fixes).
• driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851).
• drm/amdgpu: fix warning for overflow check (git-fixes).
• drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes).
• drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802).
• drm/sun4i: Fix macros in sun8i_csc.h (git-fixes).
• drm/v3d: fix wait for TMU write combiner flush (git-fixes).
• EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489).
• exfat: fix erroneous discard when clear cluster bit (git-fixes).
• exfat: handle wrong stream entry size in exfat_readdir() (git-fixes).
• exfat: properly set s_time_gran (bsc#1192328).
• exfat: truncate atimes to 2s granularity (bsc#1192328).
• firmware/psci: fix application of sizeof to pointer (git-fixes).
• fuse: fix page stealing (bsc#1192718).
• genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489).
• gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes).
• HID: u2fzero: clarify error check and length calculations (git-fixes).
• HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes).
• hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes).
• hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes).
• hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes).
• hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes).
• ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
• ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes).
• ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629).
• ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629).
• iio: dac: ad5446: Fix ad5622_write() return value (git-fixes).
• Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918).
• Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980).
• kABI: Fix kABI after 36950f2da1ea (bsc#1191851).
• kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740).
• KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021).
• KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021).
• KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021).
• KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021).
• libertas: Fix possible memory leak in probe and disconnect (git-fixes).
• libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes).
• media: cedrus: Fix SUNXI tile size calculation (git-fixes).
• media: cx23885: Fix snd_card_free call on null card pointer (git-fixes).
• media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes).
• media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes).
• media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes).
• media: em28xx: add missing em28xx_close_extension (git-fixes).
• media: em28xx: Do not use ops->suspend if it is NULL (git-fixes).
• media: i2c: ths8200 needs V4L2_ASYNC (git-fixes).
• media: ite-cir: IR receiver stop working after receive overflow (git-fixes).
• media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes).
• media: mxl111sf: change mutex_init() location (git-fixes).
• media: radio-wl1273: Avoid card name truncation (git-fixes).
• media: si470x: Avoid card name truncation (git-fixes).
• media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes).
• media: TDA1997x: handle short reads of hdmi info frame (git-fixes).
• media: tm6000: Avoid card name truncation (git-fixes).
• media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes).
• media: v4l2-ioctl: S_CTRL output the right value (git-fixes).
• memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes).
• memstick: avoid out-of-range warning (git-fixes).
• memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes).
• mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes).
• mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes).
• mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes).
• mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906).
• mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes).
• mwifiex: fix division by zero in fw download path (git-fixes).
• mwifiex: Send DELBA requests according to spec (git-fixes).
• net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes).
• net: mscc: ocelot: fix hardware timestamp dequeue logic.
• net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes).
• nvme-pci: set min_align_mask (bsc#1191851).
• ocfs2: do not zero pages beyond i_size (bsc#1190795).
• ocfs2: fix data corruption on truncate (bsc#1190795).
• PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes).
• PCI: aardvark: Do not spam about PIO Response Status (git-fixes).
• PCI: aardvark: Do not unmask unused interrupts (git-fixes).
• PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes).
• PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes).
• PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes).
• PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes).
• PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263).
• PCI/ACPI: Clarify message about _OSC failure (bsc#1169263).
• PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263).
• PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263).
• PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263).
• PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263).
• PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes).
• PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes).
• pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes).
• platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes).
• power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes).
• power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes).
• power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes).
• power: supply: rt5033 battery: Change voltage values to ca 5V (git-fixes).
• printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753).
• printk: handle blank console arguments passed in (bsc#1192753).
• qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802).
• r8152: add a helper function about setting EEE (git-fixes).
• r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes).
• r8152: Disable PLA MCU clock speed down (git-fixes).
• r8152: disable U2P3 for RTL8153B (git-fixes).
• r8152: divide the tx and rx bottom functions (git-fixes).
• r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes).
• r8152: fix runtime resume for linking change (git-fixes).
• r8152: replace array with linking list for rx information (git-fixes).
• r8152: reset flow control patch when linking on for RTL8153B (git-fixes).
• r8152: saving the settings of EEE (git-fixes).
• r8152: separate the rx buffer size (git-fixes).
• r8152: use alloc_pages for rx buffer (git-fixes).
• regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes).
• regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes).
• Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510).
• Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes).
• Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes).
• Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes).
• Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes).
• rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes).
• rsi: fix control-message timeout (git-fixes).
• rsi: Fix module dev_oper_mode parameter description (git-fixes).
• rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes).
• rtl8187: fix control-message timeouts (git-fixes).
• s390/qeth: fix deadlock during failing recovery (git-fixes).
• s390/qeth: Fix deadlock in remove_discipline (git-fixes).
• s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes).
• scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes).
• scsi: BusLogic: Fix missing pr_cont() use (git-fixes).
• scsi: core: Fix spelling in a source code comment (git-fixes).
• scsi: csiostor: Add module softdep on cxgb4 (git-fixes).
• scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes).
• scsi: dc395: Fix error case unwinding (git-fixes).
• scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes).
• scsi: FlashPoint: Rename si_flags field (git-fixes).
• scsi: iscsi: Fix iface sysfs attr detection (git-fixes).
• scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes).
• scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes).
• scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes).
• scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes).
• scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes).
• scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes).
• scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes).
• scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes).
• scsi: snic: Fix an error message (git-fixes).
• scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes).
• scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes).
• serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes).
• serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes).
• staging: r8712u: fix control-message timeout (git-fixes).
• staging: rtl8192u: fix control-message timeouts (git-fixes).
• stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes).
• swiotlb: add a IO_TLB_SIZE define (bsc#1191851).
• swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851).
• swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851).
• swiotlb: factor out an io_tlb_offset helper (bsc#1191851).
• swiotlb: factor out a nr_slots helper (bsc#1191851).
• swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851).
• swiotlb: respect min_align_mask (bsc#1191851).
• swiotlb: Split size parameter to map/unmap APIs (bsc#1191851).
• tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes).
• tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745).
• Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set
• usb: gadget: hid: fix error code in do_config() (git-fixes).
• usb: iowarrior: fix control-message timeouts (git-fixes).
• usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes).
• usb: musb: Balance list entry in musb_gadget_queue (git-fixes).
• usbnet: fix error return code in usbnet_probe() (git-fixes).
• usbnet: sanity check for maxpacket (git-fixes).
• usb: serial: keyspan: fix memleak on probe errors (git-fixes).
• video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes).
• virtio-gpu: fix possible memory allocation failure (git-fixes).
• wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes).
• wcn36xx: add proper DMA memory barriers in rx path (git-fixes).
• wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes).
• x86/ioapic: Force affinity setup before startup (bsc#1152489).
• x86/msi: Force affinity setup before startup (bsc#1152489).
• x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489).
• x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes).
• xen: Fix implicit type conversion (git-fixes).
• xen-pciback: Fix return in pm_ctrl_init() (git-fixes).
• xfs: do not allow log writes if the data device is readonly (bsc#1192229).
• zram-avoid-race-between-zram_remove-and-disksize_sto.patch: (bsc#1170269).
• zram-don-t-fail-to-remove-zram-during-unloading-modu.patch: (bsc#1170269).
• zram-fix-race-between-zram_reset_device-and-disksize.patch: (bsc#1170269).
• zram-replace-fsync_bdev-with-sync_blockdev.patch: (bsc#1170269).

This update for mozilla-nss fixes the following issues:
Update to version 3.68.1:

• CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170).

This update for python-Babel fixes the following issues:

• CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768).

This update for gmp fixes the following issues:

• CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717).

This update for suse-module-tools fixes the following issues:

• Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196)

This update for apparmor fixes the following issue:

• Fix 'Requires' of python3 module. (bsc#1191690)

This update for python3 fixes the following issues:

• CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241)
• CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287)
• CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374)

• Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338).

This update for systemd fixes the following issues:

• Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates

This update for dracut fixes the following issues:

• Add iscsi-init.service requirements (bsc#1193512)

This update for openssl-1_1 fixes the following issues:

• Remove previously applied patch because it interferes with FIPS validation (bsc#1161276)

This update for p11-kit fixes the following issues:

• CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064)
• Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993).

This update for runc fixes the following issues:
Update to runc v1.0.3.

• CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436)
• Fixed inability to start a container with read-write bind mount of a read-only fuse host mount.
• Fixed inability to start when read-only /dev in set in spec.
• Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd.
• Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes).

This update for samba fixes the following issues:
The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849).

This update for zlib fixes the following issues:

• Fix hardware compression incorrect result on z15 hardware (bsc#1192688)

This update for permissions fixes the following issues:

• Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504)

This update for lvm2 fixes the following issues:

• Fix lvconvert not taking `--stripes` option (bsc#1183905)
• Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181)

This update for libgcrypt fixes the following issues:

• Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480)

This update for grub2 fixes the following issues:

• Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559)
• Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769)
• Fix unknown TPM error on buggy uefi firmware. (bsc#1191504)
• Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of nvme namespace (bsc#1177751)

This update for rsyslog fixes the following issues:

• Upgrade to rsyslog 8.2106.0: * The prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * New global option 'parser.supportCompressionExtension' This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598 * imtcp: add more override config params to input() It is now possible to override all module parameters at the input() level. Module parameters serve as defaults. Existing configs need no modification. * imtcp: add stream driver parameter to input() configuration This permits to have different inputs use different stream drivers and stream driver parameters. * imtcp: permit to run multiple inputs in parallel Previously, a single server was used to run all imtcp inputs. This had a couple of drawsbacks. First and foremost, we could not use different stream drivers in the varios inputs. This patch now provides a baseline to do that, but does still not implement the capability (in this sense it is a staging patch). Secondly, we now ensure that each input has at least one exclusive thread for processing, untangling the performance of multiple inputs from each other. * tcpsrv bugfix: potential sluggishnes and hang on shutdown tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, in theory, also others - even ones we do not know about). However, the internal synchornization did not properly take multiple tcpsrv users in consideration. As such, a single user could hang under some circumstances. This was caused by improperly awaking all users from a pthread condition wait. That in turn could lead to some sluggish behaviour and, in rare cases, a hang at shutdown. Note: it was highly unlikely to experience real problems with the officially provided modules. * refactoring of syslog/tcp driver parameter passing This has now been generalized to a parameter block, which makes it much cleaner and also easier to add new parameters in the future. * config script: add re_match_i() and re_extract_i() functions This provides case-insensitive regex functionality.
• Upgrade to rsyslog 8.2104.0: * rainerscript: call getgrnam_r repeatedly to get all group members (bsc#1178490) * new built-in function get_property() to access property vars * mmdblookup: add support for mmdb DB reload on HUP * new contributed function module fmunflatten * test bugfix: some tests did not work with newer TLS library versions

• Update 'remote.conf' example file to new 'Address' and 'Port' notation. (bsc#1182653)

• Upgrade to rsyslog 8.2102.0: * omfwd: add stats counter for sent bytes * omfwd: add error reporting configuration option * action stats counter bugfix: failure count was not properly incremented * action stats counter bugfix: resume count was not incremented * omfwd bugfix: segfault or error if port not given * lookup table bugfix: data race on lookup table reload * testbench modernization * testbench: fix invalid sequence of kafka tests runs * testbench: fix kafkacat issues * testbench: fix year-dependendt clickhouse test

• Upgrade to rsyslog 8.2012.0: * testbench bugfix: some tests did not work in make distcheck * immark: rewrite with many improvements * usability: re-phrase error message to help users better understand cause * add new system property $now-unixtimestamp * omfwd: add new rate limit option * omfwd bug: param 'StreamDriver.PermitExpiredCerts' is not 'off' by default

• prepare usrmerge (bsc#1029961)

• remove legacy stuff from specfile * sysvinit is not supported anymore, so remove all tests related to systemv in the specfile

• Upgrade to rsyslog 8.2010.0: * gnutls TLS subsystem bugfix: handshake error handling * core/msg bugfix: memory leak * core/msg bugfix: segfault in jsonPathFindNext() when not an object * openssl TLS subsystem: improvments of error and status messages * core bugfix: do not create empty JSON objects on non-existent key access * gnutls subsysem bugfix: potential hang on session closure * core/network bugfix: obey net.enableDNS=off when querying local hostname * core bugfix: potential segfault on query of PROGRAMNAME property * imtcp bugfix: broken connection not necessariy detected * new module: imhttp - http input * mmdarwin bugfix: potential zero uuid when reusing existing one * imdocker bugfix: build issue on some platforms * omudpspoof bugfix: make compatbile with Solaris build * testbench fix: python 3 incompatibility * core bugfix: segfault if disk-queue file cannot be created * cosmetic: fix dummy module name in debug output * config bugfix: intended warning emitted as error

• Upgrade to rsyslog 8.2008.0
• Added custom unit file rsyslog.service because systemd service file was removed from upstream project
• Use systemd_ordering instead of requiring to make rsyslog useable in containers.
• Fix the URL for bug reporting, should not point to 'novell.com'. (bsc#1173433)
• Add support for 'omkafka'.
• Avoid build error with gcc flag '-fno-common'. (bsc#1160414)

This update for mozilla-nss and MozillaFirefox fix the following issues:
mozilla-nss:

• Update from version 3.68.1 to 3.68.2 (bsc#1193845)
• Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation

• Firefox Extended Support Release 91.4.1 ESR (bsc#1193845)
• Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains

This update for dosfstools fixes the following issues:

• To be able to create filesystems compatible with previous version, add -g command line option to mkfs (bsc#1188401)
• BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use '-a' command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use 'file -s $IMAGE', check its 'sectors/track' and 'heads', and use them in the newly introduced '-g' command line argument.

This update for rsyslog fixes the following issues:

• Fix config parameters in specfile (bsc#1194593)

This update for openssl-1_1 fixes the following issues:

• Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489)

This update for rpm fixes the following issues:

• Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711)

This update for dracut fixes the following issues:

• Update dependency and requirement of util-linux-systemd (bsc#1194162)
• Improve SSL CA certificate bundle detection (bsc#1175892)

This update for permissions fixes the following issues:

• Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614).

This update for expat fixes the following issues:

• CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251).
• CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362).
• CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474).
• CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476).
• CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477).
• CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478).
• CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479).
• CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480).

This update for json-c fixes the following issues:

• CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479)

The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

• CVE-2022-0185: Incorrect param length parsing in legacy_parse_param which could have led to a local privilege escalation (bsc#1194517).
• CVE-2022-0322: Fixed a denial of service in SCTP sctp_addto_chunk (bsc#1194985).
• CVE-2021-44733: Fixed a use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel that occured because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object (bnc#1193767).
• CVE-2021-4197: Fixed a cgroup issue where lower privileged processes could write to fds of lower privileged ones that could lead to privilege escalation (bsc#1194302).
• CVE-2021-4135: Fixed an information leak in the nsim_bpf_map_alloc function (bsc#1193927).
• CVE-2021-4202: Fixed a race condition during NFC device remove which could lead to a use-after-free memory corruption (bsc#1194529)
• CVE-2021-4083: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allowed a local user to crash the system or escalate their privileges on the system. (bnc#1193727).
• CVE-2021-4149: Fixed a locking condition in btrfs which could lead to system deadlocks (bsc#1194001).
• CVE-2021-45485: The IPv6 implementation in net/ipv6/output_core.c had an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses (bnc#1194094).
• CVE-2021-45486: The IPv4 implementation in net/ipv4/route.c had an information leak because the hash table is very small (bnc#1194087).
• CVE-2021-4001: A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. (bnc#1192990).
• CVE-2021-28715: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. ()
• CVE-2021-28714: Guest can force Linux netback driver to hog large amounts of kernel memory. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There was a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing (bnc#1193442).
• CVE-2021-28713: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
• CVE-2021-28712: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. (bsc#1193440)
• CVE-2021-28711: Rogue backends can cause DoS of guests via high frequency events. Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'. Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time (bnc#1193440).
• CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).
• CVE-2021-43975: hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allowed an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value (bnc#1192845).
• CVE-2021-33098: Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1192877).
• CVE-2021-43976: mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allowed an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic) (bnc#1192847).
• CVE-2021-4002: Incorrect TLBs flushing after huge_pmd_unshare could lead to exposing hugepages to other users (bsc#1192946).
• CVE-2020-27820: A use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver) (bnc#1179599).

• smb3: print warning once if posix context returned on open (bsc#1164565).
• ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes).
• ACPI: battery: Accept charges over the design capacity as full (git-fixes).
• ACPICA: Avoid evaluating methods too early during system resume (git-fixes).
• ALSA: ISA: not for M68K (git-fixes).
• ALSA: ctxfi: Fix out-of-range access (git-fixes).
• ALSA: gus: fix null pointer dereference on pointer block (git-fixes).
• ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes).
• ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes).
• ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes).
• ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes).
• ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes).
• ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes).
• ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes).
• ALSA: timer: Fix use-after-free problem (git-fixes).
• ALSA: timer: Unconditionally unlink slave instances, too (git-fixes).
• ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes).
• ARM: 8970/1: decompressor: increase tag size (git-fixes).
• ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes)
• ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes)
• ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes)
• ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes)
• ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes)
• ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes)
• ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes)
• ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes)
• ARM: 9091/1: Revert 'mm: qsd8x50: Fix incorrect permission faults' (git-fixes)
• ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes)
• ARM: 9134/1: remove duplicate memcpy() definition (git-fixes)
• ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes)
• ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes)
• ARM: 9155/1: fix early early_iounmap() (git-fixes)
• ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes)
• ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes)
• ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes)
• ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes)
• ARM: at91: pm: of_node_put() after its usage (git-fixes)
• ARM: at91: pm: use proper master clock register offset (git-fixes)
• ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes)
• ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes)
• ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes)
• ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes)
• ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes)
• ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes)
• ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes)
• ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes)
• ARM: dts: N900: fix onenand timings (git-fixes).
• ARM: dts: NSP: Correct FA2 mailbox node (git-fixes)
• ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes)
• ARM: dts: NSP: Fixed QSPI compatible string (git-fixes)
• ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes)
• ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes)
• ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes)
• ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes)
• ARM: dts: am437x-l4: fix typo in can@0 node (git-fixes)
• ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes)
• ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes)
• ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes)
• ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes)
• ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes)
• ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes)
• ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes)
• ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes)
• ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes)
• ARM: dts: at91: sama5d2: map securam as device (git-fixes)
• ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes)
• ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes)
• ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes)
• ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes)
• ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes)
• ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes)
• ARM: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes)
• ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes)
• ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes)
• ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes)
• ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes)
• ARM: dts: dra76x: m_can: fix order of clocks (git-fixes)
• ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes)
• ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes)
• ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes)
• ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes)
• ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes)
• ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes)
• ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes)
• ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes)
• ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes)
• ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes)
• ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes)
• ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes)
• ARM: dts: gose: Fix ports node name for adv7180 (git-fixes)
• ARM: dts: gose: Fix ports node name for adv7612 (git-fixes)
• ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes)
• ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes)
• ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes)
• ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes)
• ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes)
• ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes)
• ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes).
• ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes)
• ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes)
• ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes)
• ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes)
• ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes)
• ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes)
• ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes)
• ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes)
• ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes)
• ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes)
• ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes)
• ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes)
• ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes)
• ARM: dts: imx6sl: fix rng node (git-fixes)
• ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes)
• ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes)
• ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes)
• ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes)
• ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes)
• ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes)
• ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes)
• ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes)
• ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes)
• ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes)
• ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes)
• ARM: dts: imx7d: fix opp-supported-hw (git-fixes)
• ARM: dts: imx7ulp: Correct gpio ranges (git-fixes)
• ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes)
• ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes)
• ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes)
• ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes)
• ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes)
• ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes)
• ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes)
• ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes)
• ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes)
• ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes)
• ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes)
• ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes)
• ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes)
• ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes)
• ARM: dts: meson: fix PHY deassert timing requirements (git-fixes)
• ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes)
• ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes)
• ARM: dts: oxnas: Fix clear-mask property (git-fixes)
• ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes)
• ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes)
• ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes)
• ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes)
• ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes)
• ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes)
• ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes)
• ARM: dts: renesas: Fix IOMMU device node names (git-fixes)
• ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes)
• ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes)
• ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes)
• ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes)
• ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes)
• ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes)
• ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes)
• ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes)
• ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes)
• ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes)
• ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes)
• ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes)
• ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes)
• ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes)
• ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes)
• ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes)
• ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes)
• ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes)
• ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes)
• ARM: dts: turris-omnia: add SFP node (git-fixes)
• ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes)
• ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes)
• ARM: dts: turris-omnia: describe switch interrupt (git-fixes)
• ARM: dts: turris-omnia: enable HW buffer management (git-fixes)
• ARM: dts: turris-omnia: fix hardware buffer management (git-fixes)
• ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes)
• ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes).
• ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes)
• ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes)
• ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes)
• ARM: exynos: add missing of_node_put for loop iteration (git-fixes)
• ARM: footbridge: fix PCI interrupt mapping (git-fixes)
• ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes)
• ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes)
• ARM: imx: add missing clk_disable_unprepare() (git-fixes)
• ARM: imx: add missing iounmap() (git-fixes)
• ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes)
• ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes)
• ARM: mvebu: drop pointless check for coherency_base (git-fixes)
• ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes)
• ARM: s3c24xx: fix missing system reset (git-fixes)
• ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes)
• ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes)
• ARM: samsung: do not build plat/pm-common for Exynos (git-fixes)
• ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes)
• ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes)
• ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes).
• ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes).
• ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes).
• ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes).
• ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes).
• Add SMB 2 support for getting and setting SACLs (bsc#1192606).
• Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4
• Blacklist SCSI commit that breaks kABI (git-fixes)
• Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes).
• CIFS: Add support for setting owner info, dos attributes, and create time (bsc#1164565).
• CIFS: Clarify SMB1 code for POSIX Create (bsc#1192606).
• CIFS: Clarify SMB1 code for POSIX Lock (bsc#1192606).
• CIFS: Clarify SMB1 code for POSIX delete file (bsc#1192606).
• CIFS: Clarify SMB1 code for SetFileSize (bsc#1192606).
• CIFS: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606).
• CIFS: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606).
• CIFS: Clarify SMB1 code for delete (bsc#1192606).
• CIFS: Clarify SMB1 code for rename open file (bsc#1192606).
• CIFS: Close cached root handle only if it had a lease (bsc#1164565).
• CIFS: Close open handle after interrupted close (bsc#1164565).
• CIFS: Do not miss cancelled OPEN responses (bsc#1164565).
• CIFS: Fix NULL pointer dereference in mid callback (bsc#1164565).
• CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16).
• CIFS: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16).
• CIFS: Fix bug which the return value by asynchronous read is error (bsc#1192606).
• CIFS: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4).
• CIFS: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10).
• CIFS: Fix task struct use-after-free on reconnect (bsc#1164565).
• CIFS: Fix use after free of file info structures (bnc#1151927 5.3.8).
• CIFS: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7).
• CIFS: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7).
• CIFS: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7).
• CIFS: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606).
• CIFS: Properly process SMB3 lease breaks (bsc#1164565).
• CIFS: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565).
• CIFS: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565).
• CIFS: Spelling s/EACCESS/EACCES/ (bsc#1192606).
• CIFS: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565).
• CIFS: Use memdup_user() rather than duplicating its implementation (bsc#1164565).
• CIFS: Warn less noisily on default mount (bsc#1192606).
• CIFS: avoid using MID 0xFFFF (bnc#1151927 5.3.8).
• CIFS: check new file size when extending file by fallocate (bsc#1192606).
• CIFS: fiemap: do not return EINVAL if get nothing (bsc#1192606).
• CIFS: fix a white space issue in cifs_get_inode_info() (bsc#1164565).
• CIFS: fix max ea value size (bnc#1151927 5.3.4).
• CIFS: refactor cifs_get_inode_info() (bsc#1164565).
• CIFS: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565).
• Convert trailing spaces and periods in path components (bsc#1179424).
• EDAC/amd64: Handle three rank interleaving mode (bsc#1152489).
• Handle STATUS_IO_TIMEOUT gracefully (bsc#1192606).
• Input: iforce - fix control-message timeout (git-fixes).
• MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876).
• Mark commit as not needed (git-fixes)
• Move upstreamed i8042 patch into sorted section
• NFC: add NCI_UNREG flag to eliminate the race (git-fixes).
• NFC: reorder the logic in nfc_{un,}register_device (git-fixes).
• NFC: reorganize the functions in nci_request (git-fixes).
• NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes).
• NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes).
• NFS: Fix up commit deadlocks (git-fixes).
• NFS: do not take i_rwsem for swap IO (bsc#1191876).
• NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876).
• NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes).
• PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes).
• PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes).
• PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes).
• PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes).
• PM: hibernate: use correct mode for swsusp_close() (git-fixes).
• Pass consistent param->type to fs_parse() (bsc#1192606).
• Replace HTTP links with HTTPS ones: CIFS (bsc#1192606).
• Revert 'ARM: sti: Implement dummy L2 cache's write_sec' (git-fixes)
• Revert 'arm: sun8i: orangepi-pc-plus: Set EMAC activity LEDs to (git-fixes)
• Revert 'cifs: Fix the target file was deleted when rename failed.' (bsc#1192606).
• SMB3.1.1: Add support for negotiating signing algorithm (bsc#1192606).
• SMB3.1.1: Fix ids returned in POSIX query dir (bsc#1192606).
• SMB3.1.1: add defines for new signing negotiate context (bsc#1192606).
• SMB3.1.1: do not log warning message if server does not populate salt (bsc#1192606).
• SMB3.1.1: fix mount failure to some servers when compression enabled (bsc#1192606).
• SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606).
• SMB3.1.1: update comments clarifying SPNEGO info in negprot response (bsc#1192606).
• SMB311: Add support for query info using posix extensions (level 100) (bsc#1192606).
• SMB3: Add new compression flags (bsc#1192606).
• SMB3: Add new info level for query directory (bsc#1192606).
• SMB3: Add support for getting and setting SACLs (bsc#1192606).
• SMB3: Additional compression structures (bsc#1192606).
• SMB3: Backup intent flag missing from some more ops (bsc#1164565).
• SMB3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565).
• SMB3: Fix mkdir when idsfromsid configured on mount (bsc#1192606).
• SMB3: Fix persistent handles reconnect (bnc#1151927 5.3.11).
• SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).
• SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).
• SMB3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
• SMB3: Honor lease disabling for multiuser mounts (git-fixes).
• SMB3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546).
• SMB3: Minor cleanup of protocol definitions (bsc#1192606).
• SMB3: Resolve data corruption of TCP server info fields (bsc#1192606).
• SMB3: add support for recognizing WSL reparse tags (bsc#1192606).
• SMB3: avoid confusing warning message on mount to Azure (bsc#1192606).
• SMB3: fix readpage for large swap cache (bsc#1192606).
• SMB3: incorrect file id in requests compounded with open (bsc#1192606).
• SMB3: update structures for new compression protocol definitions (bsc#1192606).
• SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876).
• SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876).
• SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876).
• SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876).
• SUNRPC: remove scheduling boost for 'SWAPPER' tasks (bsc#1191876).
• TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606).
• USB: serial: option: add Fibocom FM101-GL variants (git-fixes).
• USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes).
• Update configs to add CONFIG_SMBFS_COMMON=m.
• Update patches.suse/qla2xxx-synchronize-rport-dev_loss_tmo-setting.patch (bsc#1189158)
• arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes)
• arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes)
• arm: dts: mt7623: add missing pause for switchport (git-fixes)
• arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes)
• ath10k: fix invalid dma_addr_t token assignment (git-fixes).
• ath10k: high latency fixes for beacon buffer (git-fixes).
• ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes).
• block: Fix use-after-free issue accessing struct io_cq (bsc#1193042).
• bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275).
• bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes).
• bpf, arm: Fix register clobbering in div/mod implementation (git-fixes)
• brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes).
• btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002).
• btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002).
• btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998).
• btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998).
• btrfs: make checksum item extension more efficient (bsc#1193002).
• cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes).
• cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
• cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
• cifs: Add get_security_type_str function to return sec type (bsc#1192606).
• cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606).
• cifs: Add new mount parameter 'acdirmax' to allow caching directory metadata (bsc#1192606).
• cifs: Add new parameter 'acregmax' for distinct file and directory metadata timeout (bsc#1192606).
• cifs: Add tracepoints for errors on flush or fsync (bsc#1164565).
• cifs: Add witness information to debug data dump (bsc#1192606).
• cifs: Adjust indentation in smb2_open_file (bsc#1164565).
• cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606).
• cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606).
• cifs: Allocate encryption header through kmalloc (bsc#1192606).
• cifs: Always update signing key of first channel (bsc#1192606).
• cifs: Avoid doing network I/O while holding cache lock (bsc#1164565).
• cifs: Avoid error pointer dereference (bsc#1192606).
• cifs: Avoid field over-reading memcpy() (bsc#1192606).
• cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606).
• cifs: Clean up DFS referral cache (bsc#1164565).
• cifs: Constify static struct genl_ops (bsc#1192606).
• cifs: Convert to use the fallthrough macro (bsc#1192606).
• cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606).
• cifs: Deal with some warnings from W=1 (bsc#1192606).
• cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606).
• cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606).
• cifs: Do not display RDMA transport on reconnect (bsc#1164565).
• cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606).
• cifs: Do not use iov_iter::type directly (bsc#1192606).
• cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606).
• cifs: Enable sticky bit with cifsacl mount option (bsc#1192606).
• cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270).
• cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606).
• cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606).
• cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10).
• cifs: Fix cifsacl ACE mask for group and others (bsc#1192606).
• cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606).
• cifs: Fix fall-through warnings for Clang (bsc#1192606).
• cifs: Fix in error types returned for out-of-credit situations (bsc#1192606).
• cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211).
• cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606).
• cifs: Fix inconsistent indenting (bsc#1192606).
• cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
• cifs: Fix lookup of SMB connections on multichannel (bsc#1192606).
• cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565).
• cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565).
• cifs: Fix missed free operations (bnc#1151927 5.3.8).
• cifs: Fix mode output in debugging statements (bsc#1164565).
• cifs: Fix mount options set in automount (bsc#1164565).
• cifs: Fix null pointer check in cifs_read (bsc#1192606).
• cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565).
• cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565).
• cifs: Fix preauth hash corruption (git-fixes).
• cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565).
• cifs: Fix return value in __update_cache_entry (bsc#1164565).
• cifs: Fix some error pointers handling detected by static checker (bsc#1192606).
• cifs: Fix spelling of 'security' (bsc#1192606).
• cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606).
• cifs: Fix the target file was deleted when rename failed (bsc#1192606).
• cifs: Fix unix perm bits to cifsacl conversion for 'other' bits (bsc#1192606).
• cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565).
• cifs: Get rid of kstrdup_const()'d paths (bsc#1164565).
• cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606).
• cifs: Handle witness client move notification (bsc#1192606).
• cifs: Identify a connection by a conn_id (bsc#1192606).
• cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606).
• cifs: In the new mount api we get the full devname as source= (bsc#1192606).
• cifs: Introduce helpers for finding TCP connection (bsc#1164565).
• cifs: Make extract_hostname function public (bsc#1192606).
• cifs: Make extract_sharename function public (bsc#1192606).
• cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565).
• cifs: Move SMB2_Create definitions to the shared area (bsc#1192606).
• cifs: Move more definitions into the shared area (bsc#1192606).
• cifs: New optype for session operations (bsc#1181507).
• cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606).
• cifs: Optimize readdir on reparse points (bsc#1164565).
• cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606).
• cifs: Re-indent cifs_swn_reconnect() (bsc#1192606).
• cifs: Reformat DebugData and index connections by conn_id (bsc#1192606).
• cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset.
• cifs: Remove the superfluous break (bsc#1192606).
• cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
• cifs: Remove useless variable (bsc#1192606).
• cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606).
• cifs: Return correct error code from smb2_get_enc_key (git-fixes).
• cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426).
• cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606).
• cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606).
• cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606).
• cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606).
• cifs: Silently ignore unknown oplock break handle (bsc#1192606).
• cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606).
• cifs: Standardize logging output (bsc#1192606).
• cifs: To match file servers, make sure the server hostname matches (bsc#1192606).
• cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
• cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606).
• cifs: Use #define in cifs_dbg (bsc#1164565).
• cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606).
• cifs: add NULL check for ses->tcon_ipc (bsc#1178270).
• cifs: add SMB2_open() arg to return POSIX data (bsc#1164565).
• cifs: add SMB3 change notification support (bsc#1164565).
• cifs: add a debug macro that prints \\server\share for errors (bsc#1164565).
• cifs: add a function to get a cached dir based on its dentry (bsc#1192606).
• cifs: add a helper to find an existing readable handle to a file (bsc#1154355).
• cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606).
• cifs: add an smb3_fs_context to cifs_sb (bsc#1192606).
• cifs: add files to host new mount api (bsc#1192606).
• cifs: add fs_context param to parsing helpers (bsc#1192606).
• cifs: add initial reconfigure support (bsc#1192606).
• cifs: add missing mount option to /proc/mounts (bsc#1164565).
• cifs: add missing parsing of backupuid (bsc#1192606).
• cifs: add mount parameter tcpnodelay (bsc#1192606).
• cifs: add multichannel mount options and data structs (bsc#1192606).
• cifs: add new debugging macro cifs_server_dbg (bsc#1164565).
• cifs: add passthrough for smb2 setinfo (bsc#1164565).
• cifs: add server param (bsc#1192606).
• cifs: add shutdown support (bsc#1192606).
• cifs: add smb2 POSIX info level (bsc#1164565).
• cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606).
• cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565).
• cifs: add support for flock (bsc#1164565).
• cifs: add witness mount option and data structs (bsc#1192606).
• cifs: added WARN_ON for all the count decrements (bsc#1192606).
• cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606).
• cifs: allow chmod to set mode bits using special sid (bsc#1164565).
• cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).
• cifs: allow unlock flock and OFD lock across fork (bsc#1192606).
• cifs: ask for more credit on async read/write code paths (bsc#1192606).
• cifs: avoid extra calls in posix_info_parse (bsc#1192606).
• cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
• cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565).
• cifs: change confusing field serverName (to ip_addr) (bsc#1192606).
• cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606).
• cifs: change noisy error message to FYI (bsc#1181507).
• cifs: check all path components in resolved dfs target (bsc#1181710).
• cifs: check pointer before freeing (bsc#1183534).
• cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606).
• cifs: cifs_md4 convert to SPDX identifier (bsc#1192606).
• cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606).
• cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
• cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606).
• cifs: clarify comment about timestamp granularity for old servers (bsc#1192606).
• cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606).
• cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606).
• cifs: cleanup misc.c (bsc#1192606).
• cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606).
• cifs: close the shared root handle on tree disconnect (bsc#1164565).
• cifs: compute full_path already in cifs_readdir() (bsc#1192606).
• cifs: connect individual channel servers to primary channel server (bsc#1192606).
• cifs: connect: style: Simplify bool comparison (bsc#1192606).
• cifs: constify get_normalized_path() properly (bsc#1185902).
• cifs: constify path argument of ->make_node() (bsc#1192606).
• cifs: constify pathname arguments in a bunch of helpers (bsc#1192606).
• cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042).
• cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606).
• cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606).
• cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606).
• cifs: convert to use be32_add_cpu() (bsc#1192606).
• cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606).
• cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606).
• cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606).
• cifs: create a helper function to parse the query-directory response buffer (bsc#1164565).
• cifs: create a helper to find a writeable handle by path name (bsc#1154355).
• cifs: create sd context must be a multiple of 8 (bsc#1192606).
• cifs: delete duplicated words in header files (bsc#1192606).
• cifs: detect dead connections only when echoes are enabled (bsc#1192606).
• cifs: do d_move in rename (bsc#1164565).
• cifs: do not allow changing posix_paths during remount (bsc#1192606).
• cifs: do not cargo-cult strndup() (bsc#1185902).
• cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606).
• cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606).
• cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606).
• cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
• cifs: do not ignore the SYNC flags in getattr (bsc#1164565).
• cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565).
• cifs: do not negotiate session if session already exists (bsc#1192606).
• cifs: do not send close in compound create+close requests (bsc#1181507).
• cifs: do not send tree disconnect to ipc shares (bsc#1185902).
• cifs: do not share tcons with DFS (bsc#1178270).
• cifs: do not share tcp servers with dfs mounts (bsc#1185902).
• cifs: do not share tcp sessions of dfs connections (bsc#1185902).
• cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565).
• cifs: document and cleanup dfs mount (bsc#1178270).
• cifs: dump Security Type info in DebugData (bsc#1192606).
• cifs: dump channel info in DebugData (bsc#1192606).
• cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606).
• cifs: enable change notification for SMB2.1 dialect (bsc#1164565).
• cifs: enable extended stats by default (bsc#1192606).
• cifs: ensure correct super block for DFS reconnect (bsc#1178270).
• cifs: escape spaces in share names (bsc#1192606).
• cifs: export supported mount options via new mount_params /proc file (bsc#1192606).
• cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565).
• cifs: fix DFS failover (bsc#1192606).
• cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270).
• cifs: fix NULL dereference in match_prepath (bsc#1164565).
• cifs: fix NULL dereference in smb2_check_message() (bsc#1192606).
• cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606).
• cifs: fix a comment for the timeouts when sending echos (bsc#1164565).
• cifs: fix a memleak with modefromsid (bsc#1192606).
• cifs: fix a sign extension bug (bsc#1192606).
• cifs: fix allocation size on newly created files (bsc#1192606).
• cifs: fix channel signing (bsc#1192606).
• cifs: fix check of dfs interlinks (bsc#1185902).
• cifs: fix check of tcon dfs in smb1 (bsc#1178270).
• cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606).
• cifs: fix credit accounting for extra channel (bsc#1192606).
• cifs: fix dereference on ses before it is null checked (bsc#1164565).
• cifs: fix dfs domain referrals (bsc#1192606).
• cifs: fix dfs-links (bsc#1192606).
• cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606).
• cifs: fix double free error on share and prefix (bsc#1178270).
• cifs: fix fallocate when trying to allocate a hole (bsc#1192606).
• cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606).
• cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606).
• cifs: fix incorrect kernel doc comments (bsc#1192606).
• cifs: fix interrupted close commands (git-fixes).
• cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606).
• cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606).
• cifs: fix leaked reference on requeued write (bsc#1178270).
• cifs: fix memory leak in smb2_copychunk_range (git-fixes).
• cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606).
• cifs: fix minor typos in comments and log messages (bsc#1192606).
• cifs: fix missing null session check in mount (bsc#1192606).
• cifs: fix missing spinlock around update to ses->status (bsc#1192606).
• cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565).
• cifs: fix mount option display for sec=krb5i (bsc#1161907).
• cifs: fix mounts to subdirectories of target (bsc#1192606).
• cifs: fix nodfs mount option (bsc#1181710).
• cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606).
• cifs: fix path comparison and hash calc (bsc#1185902).
• cifs: fix possible uninitialized access and race on iface_list (bsc#1192606).
• cifs: fix potential mismatch of UNC paths (bsc#1164565).
• cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042).
• cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).
• cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042).
• cifs: fix reference leak for tlink (bsc#1192606).
• cifs: fix regression when mounting shares with prefix paths (bsc#1192606).
• cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565).
• cifs: fix rsize/wsize to be negotiated values (bsc#1192606).
• cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
• cifs: fix soft mounts hanging in the reconnect code (bsc#1164565).
• cifs: fix string declarations and assignments in tracepoints (bsc#1192606).
• cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606).
• cifs: fix trivial typo (bsc#1192606).
• cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270).
• cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606).
• cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565).
• cifs: fix unneeded null check (bsc#1192606).
• cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606).
• cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606).
• cifs: for compound requests, use open handle if possible (bsc#1192606).
• cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606).
• cifs: get mode bits from special sid on stat (bsc#1164565).
• cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
• cifs: get rid of cifs_sb->mountdata (bsc#1192606).
• cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270).
• cifs: handle 'guest' mount parameter (bsc#1192606).
• cifs: handle 'nolease' option for vers=1.0 (bsc#1192606).
• cifs: handle -EINTR in cifs_setattr (bsc#1192606).
• cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270).
• cifs: handle different charsets in dfs cache (bsc#1185902).
• cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270).
• cifs: handle hostnames that resolve to same ip in failover (bsc#1178270).
• cifs: handle prefix paths in reconnect (bsc#1164565).
• cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606).
• cifs: have ->mkdir() handle race with another client sanely (bsc#1192606).
• cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606).
• cifs: ignore auto and noauto options if given (bsc#1192606).
• cifs: ignore cached share root handle closing errors (bsc#1166780).
• cifs: improve fallocate emulation (bsc#1192606).
• cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606).
• cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606).
• cifs: introduce helper for finding referral server (bsc#1181710).
• cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
• cifs: keep referral server sessions alive (bsc#1185902).
• cifs: log mount errors using cifs_errorf() (bsc#1192606).
• cifs: log warning message (once) if out of disk space (bsc#1164565).
• cifs: make build_path_from_dentry() return const char * (bsc#1192606).
• cifs: make const array static, makes object smaller (bsc#1192606).
• cifs: make fs_context error logging wrapper (bsc#1192606).
• cifs: make locking consistent around the server session status (bsc#1192606).
• cifs: make multichannel warning more visible (bsc#1192606).
• cifs: make sure we do not overflow the max EA buffer size (bsc#1164565).
• cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565).
• cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606).
• cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270).
• cifs: minor fix to two debug messages (bsc#1192606).
• cifs: minor kernel style fixes for comments (bsc#1192606).
• cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606).
• cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606).
• cifs: minor updates to Kconfig (bsc#1192606).
• cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606).
• cifs: missed ref-counting smb session in find (bsc#1192606).
• cifs: missing null check for newinode pointer (bsc#1192606).
• cifs: missing null pointer check in cifs_mount (bsc#1185902).
• cifs: modefromsid: make room for 4 ACE (bsc#1164565).
• cifs: modefromsid: write mode ACE first (bsc#1164565).
• cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606).
• cifs: move SMB FSCTL definitions to common code (bsc#1192606).
• cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606).
• cifs: move cache mount options to fs_context.ch (bsc#1192606).
• cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355).
• cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606).
• cifs: move cifs_parse_devname to fs_context.c (bsc#1192606).
• cifs: move debug print out of spinlock (bsc#1192606).
• cifs: move security mount options into fs_context.ch (bsc#1192606).
• cifs: move smb version mount options into fs_context.c (bsc#1192606).
• cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606).
• cifs: move the check for nohandlecache into open_shroot (bsc#1192606).
• cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606).
• cifs: move update of flags into a separate function (bsc#1192606).
• cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606).
• cifs: multichannel: move channel selection above transport layer (bsc#1192606).
• cifs: multichannel: move channel selection in function (bsc#1192606).
• cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606).
• cifs: multichannel: use pointer for binding channel (bsc#1192606).
• cifs: nosharesock should be set on new server (bsc#1192606).
• cifs: nosharesock should not share socket with future sessions (bsc#1192606).
• cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270).
• cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606).
• cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606).
• cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606).
• cifs: plumb smb2 POSIX dir enumeration (bsc#1164565).
• cifs: populate server_hostname for extra channels (bsc#1192606).
• cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565).
• cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355).
• cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565).
• cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
• cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606).
• cifs: print MIDs in decimal notation (bsc#1181507).
• cifs: print warning mounting with vers=1.0 (bsc#1164565).
• cifs: properly invalidate cached root handle when closing it (bsc#1192606).
• cifs: protect session channel fields with chan_lock (bsc#1192606).
• cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606).
• cifs: protect updating server->dstaddr with a spinlock (bsc#1192606).
• cifs: reduce number of referral requests in DFS link lookups (bsc#1178270).
• cifs: reduce stack use in smb2_compound_op (bsc#1192606).
• cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606).
• cifs: release lock earlier in dequeue_mid error case (bsc#1192606).
• cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606).
• cifs: remove actimeo from cifs_sb (bsc#1192606).
• cifs: remove bogus debug code (bsc#1179427).
• cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606).
• cifs: remove duplicated prototype (bsc#1192606).
• cifs: remove old dead code (bsc#1192606).
• cifs: remove pathname for file from SPDX header (bsc#1192606).
• cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565).
• cifs: remove redundant assignment to variable rc (bsc#1164565).
• cifs: remove redundant initialization of variable rc (bsc#1192606).
• cifs: remove redundant initialization of variable rc (bsc#1192606).
• cifs: remove set but not used variable 'server' (bsc#1164565).
• cifs: remove set but not used variables (bsc#1164565).
• cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606).
• cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606).
• cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606).
• cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606).
• cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606).
• cifs: remove unused variable 'server' (bsc#1192606).
• cifs: remove unused variable 'sid_user' (bsc#1164565).
• cifs: remove unused variable (bsc#1164565).
• cifs: remove various function description warnings (bsc#1192606).
• cifs: rename a variable in SendReceive() (bsc#1164565).
• cifs: rename cifs_common to smbfs_common (bsc#1192606).
• cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606).
• cifs: rename posix create rsp (bsc#1164565).
• cifs: rename reconn_inval_dfs_target() (bsc#1178270).
• cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606).
• cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606).
• cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).
• cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606).
• cifs: return cached_fid from open_shroot (bsc#1192606).
• cifs: return proper error code in statfs(2) (bsc#1181507).
• cifs: returning mount parm processing errors correctly (bsc#1192606).
• cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606).
• cifs: send workstation name during ntlmssp session setup (bsc#1192606).
• cifs: set a minimum of 120s for next dns resolution (bsc#1192606).
• cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
• cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565).
• cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606).
• cifs: set up next DFS target before generic_ip_connect() (bsc#1178270).
• cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606).
• cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606).
• cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606).
• cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606).
• cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565).
• cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606).
• cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606).
• cifs: smbd: Check send queue size before posting a send (bsc#1192606).
• cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606).
• cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565).
• cifs: smbd: Merge code to track pending packets (bsc#1192606).
• cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565).
• cifs: smbd: Properly process errors on ib_post_send (bsc#1192606).
• cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565).
• cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565).
• cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565).
• cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606).
• cifs: sort interface list by speed (bsc#1192606).
• cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042).
• cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606).
• cifs: style: replace one-element array with flexible-array (bsc#1192606).
• cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042).
• cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042).
• cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606).
• cifs: switch servers depending on binding state (bsc#1192606).
• cifs: switch to new mount api (bsc#1192606).
• cifs: try harder to open new channels (bsc#1192606).
• cifs: try opening channels after mounting (bsc#1192606).
• cifs: uncomplicate printing the iocharset parameter (bsc#1192606).
• cifs: update FSCTL definitions (bsc#1192606).
• cifs: update ctime and mtime during truncate (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal module version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update internal version number (bsc#1192606).
• cifs: update mnt_cifs_flags during reconfigure (bsc#1192606).
• cifs: update new ACE pointer after populate_new_aces (bsc#1192606).
• cifs: update super_operations to show_devname (bsc#1192606).
• cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565).
• cifs: use SPDX-Licence-Identifier (bsc#1192606).
• cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7).
• cifs: use compounding for open and first query-dir for readdir() (bsc#1164565).
• cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606).
• cifs: use echo_interval even when connection not ready (bsc#1192606).
• cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355).
• cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606).
• cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565).
• cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606).
• cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606).
• cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606).
• cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606).
• cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606).
• cifs`: handle ERRBaduid for SMB1 (bsc#1192606).
• clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes).
• clk: ingenic: Fix bugs with divided dividers (git-fixes).
• crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes).
• crypto: pcrypt - Delay write to padata->info (git-fixes).
• crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes).
• cxgb4: fix eeprom len when diagnostics not implemented (git-fixes).
• dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes).
• dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes).
• do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606).
• drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes).
• drm/msm: Do hw_init() before capturing GPU state (git-fixes).
• drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes).
• drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes).
• drm/plane-helper: fix uninitialized variable reference (git-fixes).
• drm/vc4: fix error code in vc4_create_object() (git-fixes).
• drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes).
• drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes).
• drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes).
• drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes).
• drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes).
• elfcore: correct reference to CONFIG_UML (git-fixes).
• elfcore: fix building with clang (bsc#1169514).
• ext4: Avoid trim error on fs with small groups (bsc#1191271).
• fget: clarify and improve __fget_files() implementation (bsc#1193727).
• fix memory leak in large read decrypt offload (bsc#1164565).
• fs/cifs/: fix misspellings using codespell tool (bsc#1192606).
• fs/cifs/cifssmb.c: use true,false for bool variable (bsc#1164565).
• fs/cifs/sess.c: Remove set but not used variable 'capabilities' (bsc#1164565).
• fs/cifs/smb2ops.c: use true,false for bool variable (bsc#1164565).
• fs/cifs/smb2pdu.c: Make SMB2_notify_init static (bsc#1164565).
• fs/cifs: Assign boolean values to a bool variable (bsc#1192606).
• fs/cifs: Fix resource leak (bsc#1192606).
• fs/cifs: Simplify bool comparison (bsc#1192606).
• fs/cifs: fix gcc warning in sid_to_id (bsc#1192606).
• fs: cifs: Fix atime update check vs mtime (bsc#1164565).
• fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565).
• fs: cifs: Remove repeated struct declaration (bsc#1192606).
• fs: cifs: Remove unnecessary struct declaration (bsc#1192606).
• fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565).
• fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9).
• fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606).
• fuse: release pipe buf after last use (bsc#1193318).
• gve: Add netif_set_xps_queue call (bsc#1176940).
• gve: Add rx buffer pagecnt bias (bsc#1176940).
• gve: Allow pageflips on larger pages (bsc#1176940).
• gve: DQO: avoid unused variable warnings (bsc#1176940).
• gve: Do lazy cleanup in TX path (git-fixes).
• gve: Switch to use napi_complete_done (git-fixes).
• gve: Track RX buffer allocation failures (bsc#1176940).
• i2c: cbus-gpio: set atomic transfer callback (git-fixes).
• i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes).
• i2c: stm32f7: recover the bus on access timeout (git-fixes).
• i2c: stm32f7: stop dma transfer in case of NACK (git-fixes).
• i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes).
• i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes).
• i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes).
• i40e: Fix correct max_pkt_size on VF RX queue (git-fixes).
• i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes).
• i40e: Fix display error code in dmesg (git-fixes).
• i40e: Fix failed opcode appearing if handling messages from VF (git-fixes).
• i40e: Fix ping is lost after configuring ADq on VF (git-fixes).
• i40e: Fix pre-set max number of queues for VF (git-fixes).
• i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes).
• iavf: Fix failure to exit out from last all-multicast mode (git-fixes).
• iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes).
• iavf: Fix reporting when setting descriptor count (git-fixes).
• iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes).
• iavf: Restore VLAN filters after link down (git-fixes).
• iavf: check for null in iavf_fix_features (git-fixes).
• iavf: do not clear a lock we do not hold (git-fixes).
• iavf: free q_vectors before queues in iavf_disable_vf (git-fixes).
• iavf: prevent accidental free of filter structure (git-fixes).
• iavf: validate pointers (git-fixes).
• ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568).
• ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568).
• ice: Delete always true check of PF pointer (git-fixes).
• ice: avoid bpf_prog refcount underflow (jsc#SLE-7926).
• ice: fix vsi->txq_map sizing (jsc#SLE-7926).
• ice: ignore dropped packets during init (git-fixes).
• igb: fix netpoll exit with traffic (git-fixes).
• igc: Remove _I_PHY_ID checking (bsc#1193169).
• igc: Remove phy->type checking (bsc#1193169).
• iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes).
• iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes).
• iommu/amd: Remove iommu_init_ga() (git-fixes).
• iommu: Check if group is NULL before remove device (git-fixes).
• ipmi: Disable some operations during a panic (git-fixes).
• kernel-source.spec: install-kernel-tools also required on 15.4
• kprobes: Limit max data_size of the kretprobe instances (bsc#1193669).
• lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes).
• lib/xz: Validate the value before assigning it to an enum variable (git-fixes).
• libata: fix checking of DMA state (git-fixes).
• linux/parser.h: add include guards (bsc#1192606).
• livepatch: Avoid CPU hogging with cond_resched (bsc#1071995).
• lpfc: Reintroduce old IRQ probe logic (bsc#1183897).
• md: fix a lock order reversal in md_alloc (git-fixes).
• media: Revert 'media: uvcvideo: Set unique vdev name based in type' (bsc#1193255).
• media: imx: set a media_device bus_info string (git-fixes).
• media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes).
• media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes).
• media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes).
• media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes).
• media: mt9p031: Fix corrupted frame after restarting stream (git-fixes).
• media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes).
• media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes).
• media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes).
• media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes).
• media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes).
• media: uvcvideo: Return -EIO for control errors (git-fixes).
• media: uvcvideo: Set capability in s_param (git-fixes).
• media: uvcvideo: Set unique vdev name based in type (git-fixes).
• memstick: r592: Fix a UAF bug when removing the driver (git-fixes).
• mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes).
• mmc: winbond: do not build on M68K (git-fixes).
• moxart: fix potential use-after-free on remove path (bsc#1194516).
• mtd: core: do not remove debugfs directory if device is in use (git-fixes).
• mwifiex: Properly initialize private structure on interface type changes (git-fixes).
• mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes).
• mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes).
• mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes).
• net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes).
• net/mlx5: Update error handler for UCTX and UMEM (git-fixes).
• net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes).
• net: asix: fix uninit value bugs (git-fixes).
• net: bnx2x: fix variable dereferenced before check (git-fixes).
• net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes).
• net: delete redundant function declaration (git-fixes).
• net: hso: fix control-request directions (git-fixes).
• net: hso: fix muxed tty registration (git-fixes).
• net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511).
• net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix spelling mistake 'calledd' -> 'called' (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726).
• net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726).
• net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726).
• net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726).
• net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes).
• net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes).
• net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes).
• net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
• net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of '0' if no IRQ is available (git-fixes).
• nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes).
• nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes).
• nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes).
• nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes).
• nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes).
• nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes).
• nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969).
• nvme-pci: add NO APST quirk for Kioxia device (git-fixes).
• objtool: Support Clang non-section symbols in ORC generation (bsc#1169514).
• perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes).
• perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes).
• perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes).
• perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes).
• perf: Correctly handle failed perf_get_aux_event() (git-fixes).
• platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes).
• platform/x86: wmi: do not fail if disabling fails (git-fixes).
• pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes).
• powerpc/fadump: Fix inaccurate CPU state info in vmcore generated with panic (bsc#1193901 ltc#194976).
• powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes).
• powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes).
• powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes).
• powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129).
• powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129).
• powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129).
• powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129).
• powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129).
• powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes).
• powerpc: handle kdump appropriately with crash_kexec_post_notifiers option (bsc#1193901 ltc#194976).
• printk: Remove printk.h inclusion in percpu.h (bsc#1192987).
• qede: validate non LSO skb length (git-fixes).
• r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes).
• r8169: Add device 10ec:8162 to driver r8169 (git-fixes).
• recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267).
• recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267).
• reset: socfpga: add empty driver allowing consumers to probe (git-fixes).
• ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960).
• rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306)
• rpm/kernel-obs-build.spec.in: move to zstd for the initrd
• rt2x00: do not mark device gone on EPROTO errors during start (git-fixes).
• rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9).
• s390/uv: fully validate the VMA before calling follow_page() (git-fixes).
• s390: mm: Fix secure storage access exception handling (git-fixes).
• scsi: iscsi: Adjust iface sysfs attr detection (git-fixes).
• scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126).
• scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes).
• scsi: mpt3sas: Fix system going into read-only mode (git-fixes).
• scsi: qla2xxx: Fix gnl list corruption (git-fixes).
• scsi: qla2xxx: Relogin during fabric disturbance (git-fixes).
• scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes).
• serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes).
• serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes).
• serial: core: fix transmit-buffer reset and memleak (git-fixes).
• series.conf: whitespace and comment cleanup No effect on expanded tree.
• smb2: clarify rc initialization in smb2_reconnect (bsc#1192606).
• smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606).
• smb3.1.1: add new module load parm enable_gcm_256 (bsc#1192606).
• smb3.1.1: add new module load parm require_gcm_256 (bsc#1192606).
• smb3.1.1: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606).
• smb3.1.1: allow dumping keys for multiuser mounts (bsc#1192606).
• smb3.1.1: do not fail if no encryption required but server does not support it (bsc#1192606).
• smb3.1.1: enable negotiating stronger encryption by default (bsc#1192606).
• smb3.1.1: fix typo in compression flag (bsc#1192606).
• smb3.1.1: print warning if server does not support requested encryption type (bsc#1192606).
• smb3.1.1: rename nonces used for GCM and CCM encryption (bsc#1192606).
• smb3.1.1: set gcm256 when requested (bsc#1192606).
• smb311: Add support for SMB311 query info (non-compounded) (bsc#1192606).
• smb311: Add support for lookup with posix extensions query info (bsc#1192606).
• smb311: Add tracepoints for new compound posix query info (bsc#1192606).
• smb311: add support for using info level for posix extensions query (bsc#1192606).
• smb311: remove dead code for non compounded posix query info (bsc#1192606).
• smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606).
• smb3: Add defines for new information level, FileIdInformation (bsc#1164565).
• smb3: Add missing reparse tags (bsc#1164565).
• smb3: Add new parm 'nodelete' (bsc#1192606).
• smb3: Avoid Mid pending list corruption (bsc#1192606).
• smb3: Call cifs reconnect from demultiplex thread (bsc#1192606).
• smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
• smb3: Fix regression in time handling (bsc#1164565).
• smb3: Handle error case during offload read path (bsc#1192606).
• smb3: Incorrect size for netname negotiate context (bsc#1154355).
• smb3: add additional null check in SMB2_ioctl (bsc#1192606).
• smb3: add additional null check in SMB2_open (bsc#1192606).
• smb3: add additional null check in SMB2_tcon (bsc#1192606).
• smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606).
• smb3: add debug messages for closing unmatched open (bsc#1164565).
• smb3: add defines for new crypto algorithms (bsc#1192606).
• smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).
• smb3: add dynamic trace points for socket connection (bsc#1192606).
• smb3: add dynamic tracepoints for flush and close (bsc#1164565).
• smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606).
• smb3: add missing flag definitions (bsc#1164565).
• smb3: add missing worker function for SMB3 change notify (bsc#1164565).
• smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565).
• smb3: add mount option to allow forced caching of read only share (bsc#1164565).
• smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565).
• smb3: add rasize mount parameter to improve readahead performance (bsc#1192606).
• smb3: add some missing definitions from MS-FSCC (bsc#1192606).
• smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565).
• smb3: add support for stat of WSL reparse points for special file types (bsc#1192606).
• smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565).
• smb3: allow disabling requesting leases (bnc#1151927 5.3.4).
• smb3: allow parallelizing decryption of reads (bsc#1164565).
• smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565).
• smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606).
• smb3: change noisy error message to FYI (bsc#1192606).
• smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565).
• smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606).
• smb3: correct smb3 ACL security descriptor (bsc#1192606).
• smb3: default to minimum of two channels when multichannel specified (bsc#1192606).
• smb3: display max smb3 requests in flight at any one time (bsc#1164565).
• smb3: do not attempt multichannel to server which does not support it (bsc#1192606).
• smb3: do not error on fsync when readonly (bsc#1192606).
• smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606).
• smb3: do not try to cache root directory if dir leases not supported (bsc#1192606).
• smb3: dump in_send and num_waiters stats counters by default (bsc#1164565).
• smb3: enable offload of decryption of large reads via mount option (bsc#1164565).
• smb3: enable swap on SMB3 mounts (bsc#1192606).
• smb3: extend fscache mount volume coherency check (bsc#1192606).
• smb3: fix access denied on change notify request to some servers (bsc#1192606).
• smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606).
• smb3: fix crediting for compounding when only one request in flight (bsc#1181507).
• smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565).
• smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606).
• smb3: fix leak in 'open on server' perf counter (bnc#1151927 5.3.4).
• smb3: fix mode passed in on create for modetosid mount option (bsc#1164565).
• smb3: fix performance regression with setting mtime (bsc#1164565).
• smb3: fix posix extensions mount option (bsc#1192606).
• smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606).
• smb3: fix potential null dereference in decrypt offload (bsc#1164565).
• smb3: fix problem with null cifs super block with previous patch (bsc#1164565).
• smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565).
• smb3: fix signing verification of large reads (bsc#1154355).
• smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606).
• smb3: fix typo in header file (bsc#1192606).
• smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606).
• smb3: fix uninitialized value for port in witness protocol move (bsc#1192606).
• smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4).
• smb3: fix unneeded error message on change notify (bsc#1192606).
• smb3: if max_channels set to more than one channel request multichannel (bsc#1192606).
• smb3: improve check for when we send the security descriptor context on create (bsc#1164565).
• smb3: improve handling of share deleted (and share recreated) (bsc#1154355).
• smb3: limit noisy error (bsc#1192606).
• smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565).
• smb3: minor update to compression header definitions (bsc#1192606).
• smb3: missing ACL related flags (bsc#1164565).
• smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606).
• smb3: only offload decryption of read responses if multiple requests (bsc#1164565).
• smb3: pass mode bits into create calls (bsc#1164565).
• smb3: prevent races updating CurrentMid (bsc#1192606).
• smb3: query attributes on file close (bsc#1164565).
• smb3: rc uninitialized in one fallocate path (bsc#1192606).
• smb3: remind users that witness protocol is experimental (bsc#1192606).
• smb3: remove confusing dmesg when mounting with encryption ('seal') (bsc#1164565).
• smb3: remove noisy debug message and minor cleanup (bsc#1164565).
• smb3: remove overly noisy debug line in signing errors (bsc#1192606).
• smb3: remove static checker warning (bsc#1192606).
• smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042).
• smb3: remove two unused variables (bsc#1192606).
• smb3: remove unused flag passed into close functions (bsc#1164565).
• smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606).
• smb3: smbdirect support can be configured by default (bsc#1192606).
• smb3: update protocol header definitions based to include new flags (bsc#1192606).
• smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606).
• smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
• smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606).
• smbdirect: missing rc checks while waiting for rdma events (bsc#1192606).
• soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes).
• soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes).
• spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes).
• spi: spl022: fix Microwire full duplex mode (git-fixes).
• swiotlb-xen: avoid double free (git-fixes).
• swiotlb: Fix the type of index (git-fixes).
• tlb: mmu_gather: add tlb_flush_*_range APIs
• tpm: fix potential NULL pointer access in tpm_del_char_device (bsc#1184209 ltc#190917 git-fixes bsc#1193660 ltc#195634).
• tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes).
• tracing: Add length protection to histogram string copies (git-fixes).
• tracing: Change STR_VAR_MAX_LEN (git-fixes).
• tracing: Check pid filtering when creating events (git-fixes).
• tracing: Fix pid filtering when triggers are attached (git-fixes).
• tracing: use %ps format string to print symbols (git-fixes).
• tty: hvc: replace BUG_ON() with negative return value (git-fixes).
• tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes).
• tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes).
• update structure definitions from updated protocol documentation (bsc#1192606).
• usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes).
• usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes).
• usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes).
• usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes).
• usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes).
• usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes).
• usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
• usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes).
• usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes).
• vfs: check fd has read access in kernel_read_file_from_fd() (bsc#1194888).
• vfs: do not parse forbidden flags (bsc#1192606).
• x86/Xen: swap NX determination and GDT setup on BSP (git-fixes).
• x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489).
• x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489).
• x86/pvh: add prototype for xen_pvh_init() (git-fixes).
• x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489).
• xen/blkfront: do not take local copy of a request from the ring page (git-fixes).
• xen/blkfront: do not trust the backend response data blindly (git-fixes).
• xen/blkfront: read response from backend only once (git-fixes).
• xen/netfront: disentangle tx_skb_freelist (git-fixes).
• xen/netfront: do not read data from request on the ring page (git-fixes).
• xen/netfront: do not trust the backend response data blindly (git-fixes).
• xen/netfront: read response from backend only once (git-fixes).
• xen/privcmd: fix error handling in mmap-resource processing (git-fixes).
• xen/pvh: add missing prototype to header (git-fixes).
• xen/x86: fix PV trap handling on secondary processors (git-fixes).
• xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes).
• xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes).
• xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569).
• xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes).
• zram: fix return value on writeback_store (git-fixes).
• zram: off by one in read_block_state() (git-fixes).

This update for cloud-init fixes the following issues:

• Update to version 21.2 (bsc#1186004) + Add \r\n check for SSH keys in Azure (#889) + Revert 'Add support to resize rootfs if using LVM (#721)' (#887) (LP: #1922742) + Add Vultaire as contributor (#881) [Paul Goins] + Azure: adding support for consuming userdata from IMDS (#884) [Anh Vo] + test_upgrade: modify test_upgrade_package to run for more sources (#883) + Fix chef module run failure when chef_license is set (#868) [Ben Hughes] + Azure: Retry net metadata during nic attach for non-timeout errs (#878) [aswinrajamannar] + Azure: Retrieve username and hostname from IMDS (#865) [Thomas Stringer] + Azure: eject the provisioning iso before reporting ready (#861) [Anh Vo] + Use `partprobe` to re-read partition table if available (#856) [Nicolas Bock] (LP: #1920939) + fix error on upgrade caused by new vendordata2 attributes (#869) (LP: #1922739) + add prefer_fqdn_over_hostname config option (#859) [hamalq] (LP: #1921004) + Emit dots on travis to avoid timeout (#867) + doc: Replace remaining references to user-scripts as a config module (#866) [Ryan Harper] + azure: Removing ability to invoke walinuxagent (#799) [Anh Vo] + Add Vultr support (#827) [David Dymko] + Fix unpickle for source paths missing run_dir (#863) [lucasmoura] (LP: #1899299) + sysconfig: use BONDING_MODULE_OPTS on SUSE (#831) [Jens Sandmann] + bringup_static_routes: fix gateway check (#850) [Petr Fedchenkov] + add hamalq user (#860) [hamalq] + Add support to resize rootfs if using LVM (#721) [Eduardo Otubo] (LP: #1799953) + Fix mis-detecting network configuration in initramfs cmdline (#844) (LP: #1919188) + tools/write-ssh-key-fingerprints: do not display empty header/footer (#817) [dermotbradley] + Azure helper: Ensure Azure http handler sleeps between retries (#842) [Johnson Shi] + Fix chef apt source example (#826) [timothegenzmer] + .travis.yml: generate an SSH key before running tests (#848) + write passwords only to serial console, lock down cloud-init-output.log (#847) (LP: #1918303) + Fix apt default integration test (#845) + integration_tests: bump pycloudlib dependency (#846) + Fix stack trace if vendordata_raw contained an array (#837) [eb3095] + archlinux: Fix broken locale logic (#841) [Kristian Klausen] (LP: #1402406) + Integration test for #783 (#832) + integration_tests: mount more paths IN_PLACE (#838) + Fix requiring device-number on EC2 derivatives (#836) (LP: #1917875) + Remove the vi comment from the part-handler example (#835) + net: exclude OVS internal interfaces in get_interfaces (#829) (LP: #1912844) + tox.ini: pass OS_* environment variables to integration tests (#830) + integration_tests: add OpenStack as a platform (#804) + Add flexibility to IMDS api-version (#793) [Thomas Stringer] + Fix the TestApt tests using apt-key on Xenial and Hirsute (#823) [Paride Legovini] (LP: #1916629) + doc: remove duplicate 'it' from nocloud.rst (#825) [V.I. Wood] + archlinux: Use hostnamectl to set the transient hostname (#797) [Kristian Klausen] + cc_keys_to_console.py: Add documentation for recently added config key (#824) [dermotbradley] + Update cc_set_hostname documentation (#818) [Toshi Aoyama]

• Fix unit test fail in TestGetPackageMirrorInfo::test_substitution.

• Add patch from upstream to remove python2 compatibility so cloud-init builds fine in Tumbleweed with a recent Jinja2 version. This patch is only applied in TW.

SUSE-IU-2021:747-1

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included:

• python3-grpcio
• python3-protobuf
• python3-google-api-core
• python3-google-cloud-core
• python3-google-cloud-storage
• python3-google-resumable-media
• python3-googleapis-common-protos
• python3-grpcio-gcp
• python3-mock (updated to version 3.0.5)

libprotobuf was updated to fix:

• ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)

This update for python-pytz fixes the following issues:

• Add %pyunittest shim for platforms where it is missing.
• Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

• update to 2021.1: * update to IANA 2021a timezone release

• update to 2020.5: * update to IANA 2020e timezone release
• update to 2020.4: * update to IANA 2020d timezone release

• update to version 2020.1: * Test against Python 3.8 and Python 3.9 * Bump version numbers to 2020.1/2020a * use .rst extension name * Make FixedOffset part of public API

• Update to 2019.3 * IANA 2019c

• Add versioned dependency on timezone database to ensure the correct data is installed
• Add a symlink to the system timezone database

• update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups

This update for mozilla-nspr fixes the following issues:
mozilla-nspr was updated to version 4.32:

• implement new socket option PR_SockOpt_DontFrag
• support larger DNS records by increasing the default buffer size for DNS queries
• Lock access to PRCallOnceType members in PR_CallOnce* for thread safety bmo#1686138
• PR_GetSystemInfo supports a new flag PR_SI_RELEASE_BUILD to get information about the operating system build version.

• bmo#1713562 - Fix test leak.
• bmo#1717452 - NSS 3.68 should depend on NSPR 4.32.
• bmo#1693206 - Implement PKCS8 export of ECDSA keys.
• bmo#1712883 - DTLS 1.3 draft-43.
• bmo#1655493 - Support SHA2 HW acceleration using Intel SHA Extension.
• bmo#1713562 - Validate ECH public names.
• bmo#1717610 - Add function to get seconds from epoch from pkix::Time.

• bmo#1683710 - Add a means to disable ALPN.
• bmo#1715720 - Fix nssckbi version number in NSS 3.67 (was supposed to be incremented in 3.66).
• bmo#1714719 - Set NSS_USE_64 on riscv64 target when using GYP/Ninja.
• bmo#1566124 - Fix counter increase in ppc-gcm-wrap.c.
• bmo#1566124 - Fix AES_GCM mode on ppc64le for messages of length more than 255-byte.

• bmo#1710716 - Remove Expired Sonera Class2 CA from NSS.
• bmo#1710716 - Remove Expired Root Certificates from NSS - QuoVadis Root Certification Authority.
• bmo#1708307 - Remove Trustis FPS Root CA from NSS.
• bmo#1707097 - Add Certum Trusted Root CA to NSS.
• bmo#1707097 - Add Certum EC-384 CA to NSS.
• bmo#1703942 - Add ANF Secure Server Root CA to NSS.
• bmo#1697071 - Add GLOBALTRUST 2020 root cert to NSS.
• bmo#1712184 - NSS tools manpages need to be updated to reflect that sqlite is the default database.
• bmo#1712230 - Don't build ppc-gcm.s with clang integrated assembler.
• bmo#1712211 - Strict prototype error when trying to compile nss code that includes blapi.h.
• bmo#1710773 - NSS needs FIPS 180-3 FIPS indicators.
• bmo#1709291 - Add VerifyCodeSigningCertificateChain.

• bmo#1709654 - Update for NetBSD configuration.
• bmo#1709750 - Disable HPKE test when fuzzing.
• bmo#1566124 - Optimize AES-GCM for ppc64le.
• bmo#1699021 - Add AES-256-GCM to HPKE.
• bmo#1698419 - ECH -10 updates.
• bmo#1692930 - Update HPKE to final version.
• bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
• bmo#1703936 - New coverity/cpp scanner errors.
• bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
• bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
• bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.

• bmo#1705286 - Properly detect mips64.
• bmo#1687164 - Introduce NSS_DISABLE_CRYPTO_VSX and

• bmo#1697380 - Make a clang-format run on top of helpful contributions.
• bmo#1683520 - ECCKiila P384, change syntax of nested structs

• bmo#1688374 - Fix parallel build NSS-3.61 with make
• bmo#1682044 - pkix_Build_GatherCerts() + pkix_CacheCert_Add()

• bmo#1682071 - Fix issue with IKE Quick mode deriving incorrect key

• TLS 1.3 Encrypted Client Hello (draft-ietf-tls-esni-08) support has been added, replacing the previous ESNI (draft-ietf-tls-esni-01) implementation. See bmo#1654332 for more information.
• December 2020 batch of Root CA changes, builtins library updated to version 2.46. See bmo#1678189, bmo#1678166, and bmo#1670769 for more information.

• bmo#1679290 - Fix potential deadlock with certain third-party

• Exported two existing functions from libnss: CERT_AddCertToListHeadWithData and CERT_AddCertToListTailWithData

• bmo#1607449 - Lock cert->nssCertificate to prevent a potential data race
• bmo#1672823 - Add Wycheproof test cases for HMAC, HKDF, and DSA
• bmo#1663661 - Guard against NULL token in nssSlot_IsTokenPresent
• bmo#1670835 - Support enabling and disabling signatures via Crypto Policy
• bmo#1672291 - Resolve libpkix OCSP failures on SHA1 self-signed

• bmo#1641480 (CVE-2020-25648) Tighten CCS handling for middlebox compatibility mode.
• bmo#1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke) support for TLS Encrypted Client Hello (draft-ietf-tls-esni).
• bmo#1657255 - Add CI tests that disable SHA1/SHA2 ARM crypto extensions.
• bmo#1668328 - Handle spaces in the Python path name when using gyp on Windows.
• bmo#1667153 - Add PK11_ImportDataKey for data object import.
• bmo#1665715 - Pass the embedded SCT list extension (if present) to TrustDomain::CheckRevocation instead of the notBefore value.

• The following CA certificates were Added: bmo#1663049 - CN=Trustwave Global Certification Authority SHA-256 Fingerprint: 97552015F5DDFC3C8788C006944555408894450084F100867086BC1A2BB58DC8 bmo#1663049 - CN=Trustwave Global ECC P256 Certification Authority SHA-256 Fingerprint: 945BBC825EA554F489D1FD51A73DDF2EA624AC7019A05205225C22A78CCFA8B4 bmo#1663049 - CN=Trustwave Global ECC P384 Certification Authority SHA-256 Fingerprint: 55903859C8C0C3EBB8759ECE4E2557225FF5758BBD38EBD48276601E1BD58097
• The following CA certificates were Removed: bmo#1651211 - CN=EE Certification Centre Root CA SHA-256 Fingerprint: 3E84BA4342908516E77573C0992F0979CA084E4685681FF195CCBA8A229B8A76 bmo#1656077 - O=Government Root Certification Authority; C=TW SHA-256 Fingerprint: 7600295EEFE85B9E1FD624DB76062AAAAE59818A54D2774CD4C0B2C01131E1B3
• Trust settings for the following CA certificates were Modified: bmo#1653092 - CN=OISTE WISeKey Global Root GA CA Websites (server authentication) trust bit removed.
• https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.57_release_notes

• bmo#1650702 - Support SHA-1 HW acceleration on ARMv8
• bmo#1656981 - Use MPI comba and mulq optimizations on x86-64 MacOS.
• bmo#1654142 - Add CPU feature detection for Intel SHA extension.
• bmo#1648822 - Add stricter validation of DH keys in FIPS mode.
• bmo#1656986 - Properly detect arm64 during GYP build architecture

• P384 and P521 elliptic curve implementations are replaced with verifiable implementations from Fiat-Crypto [0] and ECCKiila [1].
• PK11_FindCertInSlot is added. With this function, a given slot can be queried with a DER-Encoded certificate, providing performance and usability improvements over other mechanisms. (bmo#1649633)
• DTLS 1.3 implementation is updated to draft-38. (bmo#1647752)

• bmo#1631583 (CVE-2020-6829, CVE-2020-12400) - Replace P384 and P521 with new, verifiable implementations from Fiat-Crypto and ECCKiila.
• bmo#1649487 - Move overzealous assertion in VFY_EndWithSignature.
• bmo#1631573 (CVE-2020-12401) - Remove unnecessary scalar padding.
• bmo#1636771 (CVE-2020-12403) - Explicitly disable multi-part ChaCha20 (which was not functioning correctly) and more strictly enforce tag length.
• bmo#1649648 - Don't memcpy zero bytes (sanitizer fix).
• bmo#1649316 - Don't memcpy zero bytes (sanitizer fix).
• bmo#1649322 - Don't memcpy zero bytes (sanitizer fix).
• bmo#1653202 - Fix initialization bug in blapitest when compiled with NSS_DISABLE_DEPRECATED_SEED.
• bmo#1646594 - Fix AVX2 detection in makefile builds.
• bmo#1649633 - Add PK11_FindCertInSlot to search a given slot for a DER-encoded certificate.
• bmo#1651520 - Fix slotLock race in NSC_GetTokenInfo.
• bmo#1647752 - Update DTLS 1.3 implementation to draft-38.
• bmo#1649190 - Run cipher, sdr, and ocsp tests under standard test cycle in CI.
• bmo#1649226 - Add Wycheproof ECDSA tests.
• bmo#1637222 - Consistently enforce IV requirements for DES and 3DES.
• bmo#1067214 - Enforce minimum PKCS#1 v1.5 padding length in RSA_CheckSignRecover.
• bmo#1646324 - Advertise PKCS#1 schemes for certificates in the signature_algorithms extension.

• Support for TLS 1.3 external pre-shared keys (bmo#1603042).
• Use ARM Cryptography Extension for SHA256, when available (bmo#1528113)
• The following CA certificates were Added: bmo#1645186 - certSIGN Root CA G2. bmo#1645174 - e-Szigno Root CA 2017. bmo#1641716 - Microsoft ECC Root Certificate Authority 2017. bmo#1641716 - Microsoft RSA Root Certificate Authority 2017.
• The following CA certificates were Removed: bmo#1645199 - AddTrust Class 1 CA Root. bmo#1645199 - AddTrust External CA Root. bmo#1641718 - LuxTrust Global Root 2. bmo#1639987 - Staat der Nederlanden Root CA - G2. bmo#1618402 - Symantec Class 2 Public Primary Certification Authority - G4. bmo#1618402 - Symantec Class 1 Public Primary Certification Authority - G4. bmo#1618402 - VeriSign Class 3 Public Primary Certification Authority - G3.

• A number of certificates had their Email trust bit disabled. See bmo#1618402 for a complete list.

• bmo#1528113 - Use ARM Cryptography Extension for SHA256.
• bmo#1603042 - Add TLS 1.3 external PSK support.
• bmo#1642802 - Add uint128 support for HACL* curve25519 on Windows.
• bmo#1645186 - Add 'certSIGN Root CA G2' root certificate.
• bmo#1645174 - Add Microsec's 'e-Szigno Root CA 2017' root certificate.
• bmo#1641716 - Add Microsoft's non-EV root certificates.
• bmo1621151 - Disable email trust bit for 'O=Government

This update for libcroco fixes the following issues:

• CVE-2020-12825: Fixed recursion issue in block and any productions (bsc#1171685).

This update for grub2, efibootmgr provides the following fixes:

• Ship package grub2-arm64-efi and the required efibootmgr also to ppc64le, s390x and x86_64 (bsc#1186565)
• Fix error gfxterm isn't found with multiple terminals (bsc#1187565)
• Fix ocasional boot failure after kdump procedure when using XFS (bsc#1186975)

This update for SUSEConnect fixes the following issues:

• Disallow registering via SUSEConnect if the system is managed by SUSE Manager.
• Add subscription name to output of 'SUSEConnect --status'.
• Send payload of GET requests as part of the url, not in the body. (bsc#1185611)

This update for xen fixes the following issues:

• CVE-2021-28701: Fixed race condition in XENMAPSPACE_grant_table handling (XSA-384) (bsc#1189632).

• Upstream bug fixes (bsc#1027519)

This update for file fixes the following issues:

• Fixes exception thrown by memory allocation problem (bsc#1189996)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:

• CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115).
• CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117)
• CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172).
• CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025).
• CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883).
• CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ).
• CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706).
• CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399).
• CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400).
• CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262).
• CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298).
• CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292).
• CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291).
• CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057).
• CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983).
• CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985).

• ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes).
• ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543)
• ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543)
• ACPI: processor: Export function to claim _CST control (bsc#1175543)
• ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543)
• ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543)
• ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes).
• ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes).
• ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes).
• ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes).
• ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes).
• ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes).
• ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes).
• ALSA: seq: Fix racy deletion of subscriber (git-fixes).
• ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes).
• ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes).
• ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes).
• ALSA: usb-audio: fix incorrect clock source setting (git-fixes).
• ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes).
• ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes).
• ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes).
• ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes).
• ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes).
• ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes).
• ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes).
• ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes).
• ASoC: ti: delete some dead code in omap_abe_probe() (git-fixes).
• ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes).
• ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes).
• ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes).
• ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes).
• ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes).
• ASoC: xilinx: Fix reference to PCM buffer address (git-fixes).
• Bluetooth: add timeout sanity check to hci_inquiry (git-fixes).
• Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes).
• Bluetooth: fix repeated calls to sco_sock_kill (git-fixes).
• Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes).
• Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes).
• Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes).
• Documentation: admin-guide: PM: Add intel_idle document (bsc#1175543)
• Drop watchdog iTCO_wdt patch that causes incompatible behavior (bsc#1189449) Also blacklisted
• Fix breakage of swap over NFS (bsc#1188924).
• Fix kabi of prepare_to_wait_exclusive() (bsc#1189575).
• HID: i2c-hid: Fix Elan touchpad regression (git-fixes).
• HID: input: do not report stylus battery state as 'full' (git-fixes).
• KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786).
• KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787).
• KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788).
• KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780).
• KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781).
• KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782).
• KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783).
• KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784).
• KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790).
• Move upstreamed BT fixes into sorted section
• NFS: Correct size calculation for create reply length (bsc#1189870).
• NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021)
• NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes).
• NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364).
• PCI/MSI: Correct misleading comments (git-fixes).
• PCI/MSI: Do not set invalid bits in MSI mask (git-fixes).
• PCI/MSI: Enable and mask MSI-X early (git-fixes).
• PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes).
• PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes).
• PCI/MSI: Mask all unused MSI-X entries (git-fixes).
• PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes).
• PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes).
• PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes).
• PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes).
• PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes).
• README: Modernize build instructions.
• Revert 'ACPICA: Fix memory leak caused by _CID repair function' (git-fixes).
• Revert 'USB: serial: ch341: fix character loss at high transfer rates' (git-fixes).
• Revert 'dmaengine: imx-sdma: refine to load context only once' (git-fixes).
• Revert 'gpio: eic-sprd: Use devm_platform_ioremap_resource()' (git-fixes).
• Revert 'mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711' (git-fixes).
• SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924).
• SUNRPC: Fix the batch tasks count wraparound (git-fixes).
• SUNRPC: Should wake up the privileged task firstly (git-fixes).
• SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
• SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924).
• SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021).
• USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes).
• USB: serial: ch341: fix character loss at high transfer rates (git-fixes).
• USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes).
• USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes).
• USB: serial: option: add new VID/PID to support Fibocom FG150 (git-fixes).
• USB: usbtmc: Fix RCU stall warning (git-fixes).
• USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes).
• Update patches.suse/ibmvnic-Allow-device-probe-if-the-device-is-not-read.patch (bsc#1167032 ltc#184087 bsc#1184114 ltc#192237).
• VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes).
• ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes).
• ath9k: Clear key cache explicitly on disabling hardware (git-fixes).
• ath: Use safer key clearing with key cache entries (git-fixes).
• bcma: Fix memory leak for internally-handled cores (git-fixes).
• bdi: Do not use freezable workqueue (bsc#1189573).
• blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507).
• blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506).
• blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503).
• blk-wbt: make sure throttle is enabled properly (bsc#1189504).
• block: fix trace completion for chained bio (bsc#1189505).
• brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes).
• btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077).
• btrfs: account for new extents being deleted in total_bytes_pinned (bsc#1135481).
• btrfs: add a comment explaining the data flush steps (bsc#1135481).
• btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
• btrfs: add flushing states for handling data reservations (bsc#1135481).
• btrfs: add the data transaction commit logic into may_commit_transaction (bsc#1135481).
• btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#1135481).
• btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
• btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#1135481).
• btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
• btrfs: check tickets after waiting on ordered extents (bsc#1135481).
• btrfs: do async reclaim for data reservations (bsc#1135481).
• btrfs: don't force commit if we are data (bsc#1135481).
• btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
• btrfs: factor out create_chunk() (bsc#1189077).
• btrfs: factor out decide_stripe_size() (bsc#1189077).
• btrfs: factor out gather_device_info() (bsc#1189077).
• btrfs: factor out init_alloc_chunk_ctl (bsc#1189077).
• btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077).
• btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
• btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
• btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
• btrfs: handle invalid profile in chunk allocation (bsc#1189077).
• btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself (bsc#1135481).
• btrfs: introduce alloc_chunk_ctl (bsc#1189077).
• btrfs: introduce chunk allocation policy (bsc#1189077).
• btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
• btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
• btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077).
• btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077).
• btrfs: refactor find_free_dev_extent_start() (bsc#1189077).
• btrfs: remove orig from shrink_delalloc (bsc#1135481).
• btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077).
• btrfs: run delayed iputs before committing the transaction for data (bsc#1135481).
• btrfs: serialize data reservations if we are flushing (bsc#1135481).
• btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
• btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
• btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
• btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc#1135481).
• btrfs: use the same helper for data and metadata reservations (bsc#1135481).
• btrfs: use ticketing for data space reservations (bsc#1135481).
• can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes).
• can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes).
• ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468).
• ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468).
• ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427).
• cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes).
• cgroup1: fix leaked context root causing sporadic NULL deref in LTP (bsc#1190181).
• cgroup: verify that source is a string (bsc#1190131).
• cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902).
• cifs: avoid starvation when refreshing dfs cache (bsc#1185902).
• cifs: constify get_normalized_path() properly (bsc#1185902).
• cifs: do not cargo-cult strndup() (bsc#1185902).
• cifs: do not send tree disconnect to ipc shares (bsc#1185902).
• cifs: do not share tcp servers with dfs mounts (bsc#1185902).
• cifs: do not share tcp sessions of dfs connections (bsc#1185902).
• cifs: fix check of dfs interlinks (bsc#1185902).
• cifs: fix path comparison and hash calc (bsc#1185902).
• cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902).
• cifs: handle different charsets in dfs cache (bsc#1185902).
• cifs: keep referral server sessions alive (bsc#1185902).
• cifs: missing null pointer check in cifs_mount (bsc#1185902).
• cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902).
• cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902).
• clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes).
• clk: kirkwood: Fix a clocking boot regression (git-fixes).
• clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes).
• cpuidle: Allow idle states to be disabled by default (bsc#1175543)
• cpuidle: Consolidate disabled state checks (bsc#1175543)
• cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543)
• cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543)
• cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543)
• cpuidle: cpuidle_state kABI fix (bsc#1175543)
• crypto: ccp - Annotate SEV Firmware file names (bsc#1189212).
• crypto: qat - use proper type for vf_mask (git-fixes).
• crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes).
• dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes).
• dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes).
• dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes).
• dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes).
• dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes).
• dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes).
• dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes).
• dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes).
• drivers/block/null_blk/main: Fix a double free in null_init (git-fixes).
• drm/amdgpu/acp: Make PM domain really work (git-fixes).
• drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes).
• drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes).
• drm/msm/dsi: Fix some reference counted resource leaks (git-fixes).
• drm/nouveau/disp: power down unused DP links during init (git-fixes).
• drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes).
• drm: Copy drm_wait_vblank to user before returning (git-fixes).
• ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568).
• ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564).
• ext4: fix avefreec in find_group_orlov (bsc#1189566).
• ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562).
• ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576).
• ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565).
• ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563).
• ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567).
• fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574).
• firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes).
• firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes).
• fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes).
• fpga: xiilnx-spi: Address warning about unused variable (git-fixes).
• fpga: zynqmp-fpga: Address warning about unused variable (git-fixes).
• gpio: eic-sprd: break loop when getting NULL device resource (git-fixes).
• gpio: tqmx86: really make IRQ optional (git-fixes).
• i2c: dev: zero out array used for i2c reads from userspace (git-fixes).
• i2c: highlander: add IRQ check (git-fixes).
• i2c: iop3xx: fix deferred probing (git-fixes).
• i2c: mt65xx: fix IRQ check (git-fixes).
• i2c: s3c2410: fix IRQ check (git-fixes).
• iio: adc: Fix incorrect exit of for-loop (git-fixes).
• iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes).
• iio: humidity: hdc100x: Add margin to the conversion time (git-fixes).
• intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543)
• intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543)
• intel_idle: Annotate init time data structures (bsc#1175543)
• intel_idle: Customize IceLake server support (bsc#1175543)
• intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141)
• intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543)
• intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543)
• intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543)
• intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543)
• intel_idle: Use ACPI _CST on server systems (bsc#1175543)
• iommu/amd: Fix extended features logging (bsc#1189213).
• iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210).
• iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209).
• iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214).
• iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229).
• iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215).
• iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216).
• iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217).
• iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218).
• iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219).
• iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220).
• iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221).
• iommu/vt-d: Reject unsupported page request modes (bsc#1189222).
• iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes).
• kABI fix of usb_dcd_config_params (git-fixes).
• kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes).
• kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021)
• kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924).
• kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153).
• lib/mpi: use kcalloc in mpi_resize (git-fixes).
• libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes).
• mac80211: Fix insufficient headroom issue for AMSDU (git-fixes).
• mailbox: sti: quieten kernel-doc warnings (git-fixes).
• md/raid10: properly indicate failure when ending a failed write request (git-fixes).
• media: TDA1997x: enable EDID support (git-fixes).
• media: cxd2880-spi: Fix an error handling path (git-fixes).
• media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes).
• media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes).
• media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes).
• media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes).
• media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes).
• media: go7007: fix memory leak in go7007_usb_probe (git-fixes).
• media: go7007: remove redundant initialization (git-fixes).
• media: rtl28xxu: fix zero-length control request (git-fixes).
• media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes).
• media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes).
• media: videobuf2-core: dequeue if start_streaming fails (git-fixes).
• media: zr364xx: fix memory leaks in probe() (git-fixes).
• media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes).
• memcg: enable accounting for file lock caches (bsc#1190115).
• misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes).
• misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes).
• mm, vmscan: guarantee drop_slab_node() termination (VM Functionality, bsc#1189301).
• mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569).
• mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619).
• mmc: dw_mmc: Fix hang on data CRC error (git-fixes).
• mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes).
• mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes).
• mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes).
• mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes).
• mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes).
• mtd: rawnand: cafe: Fix a resource leak in the error handling path of 'cafe_nand_probe()' (git-fixes).
• nbd: Aovid double completion of a request (git-fixes).
• nbd: Fix NULL pointer in flush_workqueue (git-fixes).
• nbd: do not update block size after device is started (git-fixes).
• net/mlx5: Properly convey driver version to firmware (git-fixes).
• net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes).
• net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes).
• net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes).
• nfs: fix acl memory leak of posix_acl_create() (git-fixes).
• nvme-multipath: revalidate paths during rescan (bsc#1187211)
• nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972).
• nvme-pci: fix NULL req in completion handler (bsc#1181972).
• nvme-pci: limit maximum queue depth to 4095 (bsc#1181972).
• nvme-pci: use unsigned for io queue depth (bsc#1181972).
• nvme-tcp: Do not reset transport on data digest errors (bsc#1188418).
• nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972).
• nvme: avoid possible double fetch in handling CQE (bsc#1181972).
• nvme: code command_id with a genctr for use-after-free validation (bsc#1181972).
• nvme: only call synchronize_srcu when clearing current path (bsc#1188067).
• nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384).
• ocfs2: fix snprintf() checking (bsc#1189581).
• ocfs2: fix zero out valid data (bsc#1189579).
• ocfs2: initialize ip_next_orphan (bsc#1186731).
• ocfs2: issue zeroout to EOF blocks (bsc#1189582).
• ocfs2: ocfs2_downconvert_lock failure results in deadlock (bsc#1188439).
• overflow: Correct check_shl_overflow() comment (git-fixes).
• ovl: allow upperdir inside lowerdir (bsc#1189323).
• ovl: expand warning in ovl_d_real() (bsc#1189323).
• ovl: fix missing revert_creds() on error path (bsc#1189323).
• ovl: perform vfs_getxattr() with mounter creds (bsc#1189323).
• ovl: skip getxattr of security labels (bsc#1189323).
• params: lift param_set_uint_minmax to common code (bsc#1181972).
• pcmcia: i82092: fix a null pointer dereference bug (git-fixes).
• pinctrl: samsung: Fix pinctrl bank pin count (git-fixes).
• pinctrl: single: Fix error return code in pcs_parse_bits_in_pinctrl_entry() (git-fixes).
• pinctrl: stmfx: Fix hazardous u8[] to unsigned long cast (git-fixes).
• platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes).
• power: supply: max17042: handle fails of reading status register (git-fixes).
• powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes).
• powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906).
• powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes).
• powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes)
• powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes).
• regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes).
• regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes).
• regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes).
• rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305)
• rpm: Abolish image suffix (bsc#1189841).
• rpm: Define $certs as rpm macro (bsc#1189841).
• rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841).
• rpm: kernel-binary.spec: Define $image as rpm macro (bsc#1189841).
• rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ('rpm: support compressed modules') for compression methods other than xz.
• rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575).
• rsi: fix an error code in rsi_probe() (git-fixes).
• rsi: fix error code in rsi_load_9116_firmware() (git-fixes).
• s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817).
• s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771).
• sched/fair: Correctly insert cfs_rq's to list on unthrottle (git-fixes)
• sched/rt: Fix RT utilization tracking during policy change (git-fixes)
• scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970).
• scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970).
• scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970).
• scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392).
• scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650).
• scsi: libfc: Fix array index out of bound exception (bsc#1188616).
• scsi: lpfc: Add 256 Gb link speed support (bsc#1189385).
• scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385).
• scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385).
• scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385).
• scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385).
• scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385).
• scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385).
• scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385).
• scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385).
• scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385).
• scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385).
• scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385).
• scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385).
• scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385).
• scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385).
• scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385).
• scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385).
• scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385).
• scsi: lpfc: Improve firmware download logging (bsc#1189385).
• scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385).
• scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes).
• scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385).
• scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385).
• scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385).
• scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385).
• scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385).
• scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385).
• scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385).
• scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385).
• scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385).
• scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385).
• scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385).
• scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970).
• scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970).
• scsi: qla2xxx: Add heartbeat check (bsc#1189392).
• scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392).
• scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392).
• scsi: qla2xxx: Fix use after free in debug code (bsc#1189392).
• scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392).
• scsi: qla2xxx: Remove duplicate declarations (bsc#1189392).
• scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392).
• scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392).
• scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392).
• scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392).
• scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392).
• scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392).
• scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392).
• scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392).
• scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392).
• scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392).
• scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392).
• scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392).
• scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392).
• scsi: qla2xxx: edif: Add key update (bsc#1189392).
• scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392).
• scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392).
• scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392).
• scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180).
• scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392).
• scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes).
• serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes).
• serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes).
• serial: tegra: Only print FIFO error message when an error occurs (git-fixes).
• slimbus: messaging: check for valid transaction id (git-fixes).
• slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes).
• slimbus: ngd: reset dma setup during runtime pm (git-fixes).
• soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes).
• soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes).
• soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes).
• soc: ixp4xx: fix printing resources (git-fixes).
• soc: qcom: rpmhpd: Use corner in power_off (git-fixes).
• soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes).
• spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes).
• spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes).
• spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes).
• spi: mediatek: Fix fifo transfer (git-fixes).
• spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes).
• spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes).
• spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes).
• spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes).
• spi: stm32h7: fix full duplex irq handler handling (git-fixes).
• staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes).
• staging: rtl8712: get rid of flush_scheduled_work (git-fixes).
• staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes).
• tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes).
• tracing / histogram: Give calculation hist_fields a size (git-fixes).
• tracing: Reject string operand in the histogram expression (git-fixes).
• tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes).
• ubifs: Fix error return code in alloc_wbufs() (bsc#1189585).
• ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583).
• ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455).
• ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587).
• ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586).
• usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes).
• usb: dwc2: Postponed gadget registration to the udc class driver (git-fixes).
• usb: dwc3: Add support for DWC_usb32 IP (git-fixes).
• usb: dwc3: Disable phy suspend after power-on reset (git-fixes).
• usb: dwc3: Separate field holding multiple properties (git-fixes).
• usb: dwc3: Stop active transfers before halting the controller (git-fixes).
• usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes).
• usb: dwc3: Use devres to get clocks (git-fixes).
• usb: dwc3: core: Properly default unspecified speed (git-fixes).
• usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes).
• usb: dwc3: debug: Remove newline printout (git-fixes).
• usb: dwc3: gadget: Check MPS of the request length (git-fixes).
• usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes).
• usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes).
• usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes).
• usb: dwc3: gadget: Do not send unintended link state change (git-fixes).
• usb: dwc3: gadget: Do not setup more than requested (git-fixes).
• usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes).
• usb: dwc3: gadget: Fix handling ZLP (git-fixes).
• usb: dwc3: gadget: Give back staled requests (git-fixes).
• usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes).
• usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes).
• usb: dwc3: gadget: Properly track pending and queued SG (git-fixes).
• usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes).
• usb: dwc3: gadget: Set BESL config parameter (git-fixes).
• usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes).
• usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes).
• usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes).
• usb: dwc3: meson-g12a: add IRQ check (git-fixes).
• usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes).
• usb: dwc3: of-simple: add a shutdown (git-fixes).
• usb: dwc3: st: Add of_dev_put() in probe function (git-fixes).
• usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes).
• usb: dwc3: support continuous runtime PM with dual role (git-fixes).
• usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes).
• usb: gadget: Export recommended BESL values (git-fixes).
• usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes).
• usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes).
• usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes).
• usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes).
• usb: gadget: udc: at91: add IRQ check (git-fixes).
• usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes).
• usb: host: ohci-tmio: add IRQ check (git-fixes).
• usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes).
• usb: mtu3: fix the wrong HS mult value (git-fixes).
• usb: mtu3: use @mult for HS isoc or intr (git-fixes).
• usb: phy: fsl-usb: add IRQ check (git-fixes).
• usb: phy: tahvo: add IRQ check (git-fixes).
• usb: phy: twl6030: add IRQ checks (git-fixes).
• virt_wifi: fix error on connect (git-fixes).
• virtio_pci: Support surprise removal of virtio pci device (git-fixes).
• wireguard: allowedips: allocate nodes in kmem_cache (git-fixes).
• wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes).
• wireguard: allowedips: remove nodes in O(1) (git-fixes).
• writeback: fix obtain a reference to a freeing memcg css (bsc#1189577).
• x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489).
• x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489).
• x86/fpu: Reset state for all signal restore failures (bsc#1152489).
• x86/kvm: fix vcpu-id indexed array sizes (git-fixes).
• x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489).
• xen/events: Fix race in set_evtchn_to_irq (git-fixes).
• xprtrdma: Pad optimization, revisited (bsc#1189760).

This update for xfsprogs fixes the following issues:

• Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299)
• xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency.
• mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536)
• mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535)
• xfs_growfs: Refactor geometry reporting. (bsc#1181306)
• xfs_growfs: Allow mounted device node as argument. (bsc#1181299)
• xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309)
• xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651)
• xfs_bmap: Remove '-c' from manpage. (bsc#1189552)
• xfs_bmap: Do not reject '-e'. (bsc#1189552)
• Implement 'libhandle1' through ECO. (jsc#SLE-20360)

This update for docker fixes the following issues:

• Return ENOSYS for clone3 in the seccomp profile to avoid breaking containers using glibc 2.34.
• Add shell requires for the *-completion subpackages.

This update for ca-certificates-mozilla fixes the following issues:

• remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858)

This update for curl fixes the following issues:

• CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
• CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

This update for kdump fixes the following issues:

• Do not iterate past end of string (bsc#1186037).
• Query systemd network.service to find out if wicked is used (bsc#1182309).
• Add 'bootdev=' to dracut command line (bsc#1182309).
• Fix incorrect exit code checking after 'local' with assignment (bsc#1184616).
• Do not add network-related dracut options if ip= is set explicitly (bsc#1182309, bsc#1188090).
• Make sure that initrd.target.wants directory exists (bsc#1172670).
• Install /etc/resolv.conf using its resolved path (bsc#1183070).
• Avoid an endless loop when resolving a hostname fails with EAI_AGAIN (bsc#1183070).

This update for sudo fixes the following issues:

• Update to sudo 1.8.27 (jsc#SLE-17083).
• Fixed special handling of ipa_hostname (bsc#1181371).
• Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473).

This update for systemd fixes the following issues:

• CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

• logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
• Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
• Rules weren't applied to dm devices (multipath) (bsc#1188713).
• Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
• Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
• Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
• Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

This update for ca-certificates-mozilla fixes the following issues:

• A new sub-package for minimal base containers (jsc#SLE-22162)

This update for glibc fixes the following issues:

• CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
• CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

This update for lvm2 fixes the following issues:

• Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

This update for suse-module-tools fixes the following issues:

• Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)

This update for rpm fixes the following issues:
Security issues fixed:

• CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)
• PGP hardening changes (bsc#1185299)
• Fixed potential access of freed mem in ndb's glue code (bsc#1179416)

• Fixed zstd detection (bsc#1187670)
• Added ndb rofs support (bsc#1188548)
• Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

The SUSE Linux Enterprise 15 SP2 kernel was updated.

The following security bugs were fixed:

• CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
• CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
• CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
• CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
• CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
• CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)

• ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
• apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
• ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
• ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
• ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
• ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
• ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
• ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
• ath9k: fix sleeping in atomic context (git-fixes).
• blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
• blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
• blk-mq: mark if one queue map uses managed irq (bsc#1185762).
• Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
• bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
• bnxt_en: Add missing DMA memory barriers (git-fixes).
• bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
• bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
• bnxt_en: Store the running firmware version code (git-fixes).
• bnxt: count Tx drops (git-fixes).
• bnxt: disable napi before canceling DIM (git-fixes).
• bnxt: do not lock the tx queue from napi poll (git-fixes).
• bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
• btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
• clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
• clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
• console: consume APC, DM, DCS (git-fixes).
• cuse: fix broken release (bsc#1190596).
• cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
• debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
• devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
• dmaengine: ioat: depends on !UML (git-fixes).
• dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
• dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
• docs: Fix infiniband uverbs minor number (git-fixes).
• drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
• drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
• drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
• drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
• drm/amdgpu: Fix BUG_ON assert (git-fixes).
• drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
• drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
• drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
• e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
• e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
• EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
• EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
• erofs: fix up erofs_lookup tracepoint (git-fixes).
• fbmem: do not allow too huge resolutions (git-fixes).
• fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
• fpga: machxo2-spi: Return an error on failure (git-fixes).
• fuse: flush extending writes (bsc#1190595).
• fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
• genirq: add device_has_managed_msi_irq (bsc#1185762).
• gpio: uniphier: Fix void functions to remove return value (git-fixes).
• gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
• gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
• hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
• hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
• hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
• hwmon: (tmp421) fix rounding for negative values (git-fixes).
• hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
• i40e: Add additional info to PHY type error (git-fixes).
• i40e: Fix firmware LLDP agent related warning (git-fixes).
• i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
• i40e: Fix logic of disabling queues (git-fixes).
• i40e: Fix queue-to-TC mapping on Tx (git-fixes).
• iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
• iavf: Set RSS LUT and key in reset handle path (git-fixes).
• ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
• ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
• ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
• ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
• ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
• ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
• ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
• ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
• ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
• ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
• ice: Prevent probing virtual functions (git-fixes).
• iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
• include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
• iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
• ionic: cleanly release devlink instance (bsc#1167773).
• ionic: count csum_none when offload enabled (bsc#1167773).
• ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
• ipc/util.c: use binary search for max_idx (bsc#1159886).
• ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
• ipvs: avoid expiring many connections from timer (bsc#1190467).
• ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
• ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
• iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
• kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
• kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
• kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
• kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
• libata: fix ata_host_start() (git-fixes).
• mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
• mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
• mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
• mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
• mac80211: mesh: fix potentially unaligned access (git-fixes).
• media: cedrus: Fix SUNXI tile size calculation (git-fixes).
• media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
• media: dib8000: rewrite the init prbs logic (git-fixes).
• media: imx258: Limit the max analogue gain to 480 (git-fixes).
• media: imx258: Rectify mismatch of VTS value (git-fixes).
• media: rc-loopback: return number of emitters rather than error (git-fixes).
• media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
• media: uvc: do not do DMA on stack (git-fixes).
• media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
• mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
• mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
• mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
• mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
• mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
• mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
• mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
• net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
• net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
• net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
• net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
• net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
• net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
• net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
• net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
• net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
• net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
• net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
• net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
• net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
• net/mlx5: Fix flow table chaining (git-fixes).
• net/mlx5: Fix return value from tracer initialization (git-fixes).
• net/mlx5: Unload device upon firmware fatal error (git-fixes).
• net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
• net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
• net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
• netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
• nfp: update ethtool reporting of pauseframe control (git-fixes).
• NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
• NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
• NFS: pass cred explicitly for access tests (bsc#1190746).
• nvme: avoid race in shutdown namespace removal (bsc#1188067).
• nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
• parport: remove non-zero check on count (git-fixes).
• PCI: aardvark: Fix checking for PIO status (git-fixes).
• PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
• PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
• PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
• PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
• PCI: Add AMD GPU multi-function power dependencies (git-fixes).
• PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
• PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
• PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
• PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
• PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
• PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
• PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
• PM: EM: Increase energy calculation precision (git-fixes).
• power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
• power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
• powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
• powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
• powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
• powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
• powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
• powerpc/perf: Fix the check for SIAR value (bsc#1065729).
• powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
• powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
• powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
• powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
• powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
• powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
• powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
• pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
• pwm: img: Do not modify HW state in .remove() callback (git-fixes).
• pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
• pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
• qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
• RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
• Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
• regmap: fix page selection for noinc reads (git-fixes).
• regmap: fix page selection for noinc writes (git-fixes).
• regmap: fix the offset of register error log (git-fixes).
• Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
• rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
• rpm/kernel-binary.spec: Use only non-empty certificates.
• rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
• rtc: rx8010: select REGMAP_I2C (git-fixes).
• rtc: tps65910: Correct driver module alias (git-fixes).
• s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
• sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
• scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
• scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
• scsi: fc: Add EDC ELS definition (bsc#1190576).
• scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
• scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
• scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
• scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
• scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
• scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
• scsi: lpfc: Add EDC ELS support (bsc#1190576).
• scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
• scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
• scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
• scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
• scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
• scsi: lpfc: Add support for the CM framework (bsc#1190576).
• scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
• scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
• scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
• scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
• scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
• scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
• scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
• scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
• scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
• scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
• scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
• scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
• scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
• scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
• scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
• scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
• scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
• scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
• scsi: lpfc: Remove unneeded variable (bsc#1190576).
• scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
• scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
• scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
• scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
• scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
• scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
• scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
• serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
• serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
• serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
• serial: sh-sci: fix break handling for sysrq (git-fixes).
• spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
• staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
• staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
• staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
• thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
• time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
• tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
• tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
• tty: synclink_gt, drop unneeded forward declarations (git-fixes).
• usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
• usb: core: hcd: Add support for deferring roothub registration (git-fixes).
• usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
• usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
• usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
• usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
• usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
• usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
• usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
• usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
• usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
• usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
• usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
• usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
• usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
• usb: serial: option: add Telit LN920 compositions (git-fixes).
• usb: serial: option: remove duplicate USB device ID (git-fixes).
• usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
• usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
• video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
• video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
• video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
• video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
• vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
• vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
• vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
• vmxnet3: prepare for version 6 changes (bsc#1190406).
• vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
• vmxnet3: set correct hash type based on rss information (bsc#1190406).
• vmxnet3: update to version 6 (bsc#1190406).
• watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
• x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
• x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
• x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
• x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
• x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
• x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
• xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
• xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
• xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
• xhci: Set HCD flag to defer primary roothub registration (git-fixes).

This update for krb5 fixes the following issues:

• CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

This update for dracut fixes the following issues:

• Fix usage information for -f parameter. (bsc#1187470)
• Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774)
• Remove references to INITRD_MODULES. (bsc#1187115)
• Multipath FCoE configurations may not boot when using only one path. (bsc#1186260)
• Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm. (bsc#1184970)
• Systemd coredump unit files are missing in initrd. (1190845)
• Use $kernel rather than $(uname -r).
• Exclude modules that are built-in.
• Restore INITRD_MODULES in mkinitrd script.
• Call dracut_instmods with hostonly.

This update for yast2-network fixes the following issues:

• Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
• Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
• Consider aliases sections as case insensitive (bsc#1190739).
• Display user defined device name in the devices overview (bnc#1190645).
• Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
• Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
• Fix desktop file so the control center tooltip is translated (bsc#1187270).
• Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
• Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

This update for ncurses fixes the following issues:

• CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

This update for pam fixes the following issues:

• Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
• Added new file macros.pam on request of systemd. (bsc#1190052)

This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

• Choice rules: treat orphaned packages as newest (bsc#1190465)
• Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
• Do not check of signatures and keys two times(redundant) (bsc#1190059)
• Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
• Show key fpr from signature when signature check fails (bsc#1187224)
• Fix solver jobs for PTFs (bsc#1186503)
• Fix purge-kernels fails (bsc#1187738)
• Fix obs:// platform guessing for Leap (bsc#1187425)
• Make sure to keep states alives while transitioning. (bsc#1190199)
• Manpage: Improve description about patch updates(bsc#1187466)
• Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
• Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
• Fix crashes in logging code when shutting down (bsc#1189031)
• Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
• Add need reboot/restart hint to XML install summary (bsc#1188435)
• Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
• Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.9-ce. (bsc#1191355)
See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.
CVE-2021-41092 CVE-2021-41089 CVE-2021-41091 CVE-2021-41103
container was updated to v1.4.11, to fix CVE-2021-41103. bsc#1191355

• CVE-2021-32760: Fixed that a archive package allows chmod of file outside of unpack target directory (bsc#1188282)

• Install systemd service file as well (bsc#1190826)

• Fixed a failure to set CPU quota period in some cases on cgroup v1.
• Fixed the inability to start a container with the 'adding seccomp filter rule for syscall ...' error, caused by redundant seccomp rules (i.e. those that has action equal to the default one). Such redundant rules are now skipped.
• Made release builds reproducible from now on.
• Fixed a rare debug log race in runc init, which can result in occasional harmful 'failed to decode ...' errors from runc run or exec.
• Fixed the check in cgroup v1 systemd manager if a container needs to be frozen before Set, and add a setting to skip such freeze unconditionally. The previous fix for that issue, done in runc 1.0.1, was not working.

• Fixed occasional runc exec/run failure ('interrupted system call') on an Azure volume.
• Fixed 'unable to find groups ... token too long' error with /etc/group containing lines longer than 64K characters.
• cgroup/systemd/v1: fix leaving cgroup frozen after Set if a parent cgroup is frozen. This is a regression in 1.0.0, not affecting runc itself but some of libcontainer users (e.g Kubernetes).
• cgroupv2: bpf: Ignore inaccessible existing programs in case of permission error when handling replacement of existing bpf cgroup programs. This fixes a regression in 1.0.0, where some SELinux policies would block runc from being able to run entirely.
• cgroup/systemd/v2: don't freeze cgroup on Set.
• cgroup/systemd/v1: avoid unnecessary freeze on Set.
• fix issues with runc under openSUSE MicroOS's SELinux policy. bsc#1187704

• cgroupv2: devices: rework the filter generation to produce consistent results with cgroupv1, and always clobber any existing eBPF program(s) to fix runc update and avoid leaking eBPF programs (resulting in errors when managing containers).
• cgroupv2: correctly convert 'number of IOs' statistics in a cgroupv1-compatible way.
• cgroupv2: support larger than 32-bit IO statistics on 32-bit architectures.
• cgroupv2: wait for freeze to finish before returning from the freezing code, optimize the method for checking whether a cgroup is frozen.
• cgroups/systemd: fixed 'retry on dbus disconnect' logic introduced in rc94
• cgroups/systemd: fixed returning 'unit already exists' error from a systemd cgroup manager (regression in rc94)
• cgroupv2: support SkipDevices with systemd driver
• cgroup/systemd: return, not ignore, stop unit error from Destroy
• Make 'runc --version' output sane even when built with go get or otherwise outside of our build scripts.
• cgroups: set SkipDevices during runc update (so we don't modify cgroups at all during runc update).
• cgroup1: blkio: support BFQ weights.
• cgroupv2: set per-device io weights if BFQ IO scheduler is available.

• cgroupv1: kernel memory limits are now always ignored, as kmemcg has been effectively deprecated by the kernel. Users should make use of regular memory cgroup controls.

• seccomp: fix 32-bit compilation errors
• runc init: fix a hang caused by deadlock in seccomp/ebpf loading code
• runc start: fix 'chdir to cwd: permission denied' for some setups

SUSE-IU-2021:659-1

This update for sysconfig fixes the following issues:

• Link as Position Independent Executable (bsc#1184124).

This update for timezone fixes the following issue:

• From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by

This update for suse-module-tools provides the following fix:

• modprobe.d: Remove dma=none setting for parport_pc. (bsc#1177695)

This update for sca-appliance-common, supportutils fixes the following issues:

• Adding ethtool options to the supportconfigt. (jsc#SLE-18239, jsc#SLE-18344)
• Fixed and issue when 'lsof' causes performance problems. (bsc#1186687)
• Exclude 'rhn.conf' from 'etc.txt' to prevent supportconfig capturing passwords in clear text. (bsc#1186347)
• Fix 'analyzevmcore' to supports local directories. (bsc#1186397)
• Fix for 'getappcore' checking for valid compression binary. (bsc#1185991)
• Fixed 'getappcore' to prevent triggering errors with help message. (bsc#1185993)

This update for samba fixes the following issues:

• Add 'msDS-AdditionalDnsHostName' to the keytab. (bsc#1185420)
• Add 'net-ads-join dnshostname' option. (bsc#1185420)
• Fix adding 'msDS-AdditionalDnsHostName' to keytab with Windows DC. (bsc#1185420)

This update for cpio fixes the following issues:
It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-3659: Fixed a NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (bsc#1188876).
• CVE-2021-21781: Fixed a information disclosure vulnerability in the ARM SIGPAGE (bsc#1188445).
• CVE-2021-22543: Fixed improper handling of VM_IO|VM_PFNMAP vmas in KVM, which could bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allowed users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation (bsc#1186482).
• CVE-2021-37576: Fixed an issue on the powerpc platform, where a KVM guest OS user could cause host OS memory corruption via rtas_args.nargs (bsc#1188838).

• ACPI: AMBA: Fix resource name in /proc/iomem (git-fixes).
• ACPI: video: Add quirk for the Dell Vostro 3350 (git-fixes).
• ALSA: ac97: fix PM reference leak in ac97_bus_remove() (git-fixes).
• ALSA: bebob: add support for ToneWeal FW66 (git-fixes).
• ALSA: hda: Add IRQ check for platform_get_irq() (git-fixes).
• ALSA: hdmi: Expose all pins on MSI MS-7C94 board (git-fixes).
• ALSA: ppc: fix error return code in snd_pmac_probe() (git-fixes).
• ALSA: sb: Fix potential ABBA deadlock in CSP driver (git-fixes).
• ALSA: sb: Fix potential double-free of CSP mixer elements (git-fixes).
• ALSA: usb-audio: Add registration quirk for JBL Quantum headsets (git-fixes).
• ALSA: usb-audio: scarlett2: Fix 18i8 Gen 2 PCM Input count (git-fixes).
• ALSA: usb-audio: scarlett2: Fix 6i6 Gen 2 line out descriptions (git-fixes).
• ALSA: usb-audio: scarlett2: Fix data_mutex lock (git-fixes).
• ALSA: usb-audio: scarlett2: Fix scarlett2_*_ctl_put() return values (git-fixes).
• ALSA: usx2y: Do not call free_pages_exact() with NULL address (git-fixes).
• ARM: ensure the signal page contains defined contents (bsc#1188445).
• ASoC: Intel: kbl_da7219_max98357a: shrink platform_id below 20 characters (git-fixes).
• ASoC: img: Fix PM reference leak in img_i2s_in_probe() (git-fixes).
• ASoC: rt5631: Fix regcache sync errors on resume (git-fixes).
• ASoC: soc-core: Fix the error return code in snd_soc_of_parse_audio_routing() (git-fixes).
• ASoC: tegra: Set driver_name=tegra for all machine drivers (git-fixes).
• Bluetooth: Fix the HCI to MGMT status conversion table (git-fixes).
• Bluetooth: Shutdown controller after workqueues are flushed or cancelled (git-fixes).
• Bluetooth: btusb: Fixed too many in-token issue for Mediatek Chip (git-fixes).
• Bluetooth: btusb: fix bt fiwmare downloading failure issue for qca btsoc (git-fixes).
• Input: hideep - fix the uninitialized use in hideep_nvm_unlock() (git-fixes).
• Input: ili210x - add missing negation for touch indication on ili210x (git-fixes).
• KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled (bsc#1188771).
• KVM: nVMX: Consult only the 'basic' exit reason when routing nested exit (bsc#1188773).
• KVM: nVMX: Ensure 64-bit shift when checking VMFUNC bitmap (bsc#1188774).
• KVM: nVMX: Preserve exception priority irrespective of exiting behavior (bsc#1188777).
• PCI/sysfs: Fix dsm_label_utf16s_to_utf8s() buffer overrun (git-fixes).
• PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes).
• PCI: Leave Apple Thunderbolt controllers on for s2idle or standby (git-fixes).
• PCI: aardvark: Fix checking for PIO Non-posted Request (git-fixes).
• PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes).
• PCI: aardvark: Implement workaround for the readback value of VEND_ID (git-fixes).
• PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
• PCI: iproc: Fix multi-MSI base vector number allocation (git-fixes).
• PCI: iproc: Support multi-MSI only on uniprocessor kernel (git-fixes).
• PCI: quirks: fix false kABI positive (git-fixes).
• PCI: tegra: Add missing MODULE_DEVICE_TABLE (git-fixes).
• RDMA/cma: Fix incorrect Packet Lifetime calculation (jsc#SLE-8449).
• RDMA/cma: Protect RMW with qp_mutex (git-fixes).
• Revert 'ACPI: resources: Add checks for ACPI IRQ override' (git-fixes).
• Revert 'USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem' (git-fixes).
• Revert 'be2net: disable bh with spin_lock in be_process_mcc' (git-fixes).
• USB: serial: cp210x: add ID for CEL EM3588 USB ZigBee stick (git-fixes).
• USB: serial: cp210x: fix comments for GE CS1000 (git-fixes).
• USB: serial: option: add support for u-blox LARA-R6 family (git-fixes).
• USB: usb-storage: Add LaCie Rugged USB3-FW to IGNORE_UAS (git-fixes).
• backlight: lm3630a: Fix return code of .update_status() callback (git-fixes).
• bcache: avoid oversized read request in cache missing code path (bsc#1184631).
• bcache: remove bcache device self-defined readahead (bsc#1184631).
• blk-mq: Add blk_mq_delay_run_hw_queues() API call (bsc#1180092).
• blk-mq: In blk_mq_dispatch_rq_list() 'no budget' is a reason to kick (bsc#1180092).
• blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (bsc#1180092).
• blk-mq: Rerun dispatching in the case of budget contention (bsc#1180092).
• blk-mq: insert flush request to the front of dispatch queue (bsc#1180092).
• blk-mq: insert passthrough request into hctx->dispatch directly (bsc#1180092).
• bnxt_en: Add missing check for BNXT_STATE_ABORT_ERR in bnxt_fw_rset_task() (jsc#SLE-8371 bsc#1153274).
• bnxt_en: Check abort error state in bnxt_half_open_nic() (jsc#SLE-8371 bsc#1153274).
• bnxt_en: Refresh RoCE capabilities in bnxt_ulp_probe() (jsc#SLE-8371 bsc#1153274).
• bnxt_en: do not disable an already disabled PCI device (git-fixes).
• bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc (bsc#1154353).
• bpftool: Properly close va_list 'ap' by va_end() on error (bsc#1155518).
• cadence: force nonlinear buffers to be cloned (git-fixes).
• can: ems_usb: fix memory leak (git-fixes).
• can: esd_usb2: fix memory leak (git-fixes).
• can: hi311x: fix a signedness bug in hi3110_cmd() (git-fixes).
• can: mcba_usb_start(): add missing urb->transfer_dma initialization (git-fixes).
• can: raw: raw_setsockopt(): fix raw_rcv panic for sock UAF (git-fixes).
• can: usb_8dev: fix memory leak (git-fixes).
• ceph: do not WARN if we're still opening a session to an MDS (bsc#1188748).
• cifs: Fix preauth hash corruption (git-fixes).
• cifs: Return correct error code from smb2_get_enc_key (git-fixes).
• cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes).
• cifs: fix interrupted close commands (git-fixes).
• cifs: fix memory leak in smb2_copychunk_range (git-fixes).
• clk: renesas: r8a77995: Add ZA2 clock (git-fixes).
• clk: tegra: Ensure that PLLU configuration is applied properly (git-fixes).
• clocksource/arm_arch_timer: Improve Allwinner A64 timer workaround (git-fixes).
• cpu/hotplug: Cure the cpusets trainwreck (git fixes (sched/hotplug)).
• crypto: sun4i-ss - IV register does not work on A10 and A13 (git-fixes).
• crypto: sun4i-ss - checking sg length is not sufficient (git-fixes).
• crypto: sun4i-ss - initialize need_fallback (git-fixes).
• crypto: virtio: Fix dest length calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
• crypto: virtio: Fix src/dst scatterlist calculation in __virtio_crypto_skcipher_do_req() (git-fixes).
• cw1200: add missing MODULE_DEVICE_TABLE (git-fixes).
• cxgb4: fix IRQ free race during driver unload (git-fixes).
• dma-buf/sync_file: Do not leak fences on merge failure (git-fixes).
• dmaengine: fsl-qdma: check dma_set_mask return value (git-fixes).
• drm/amd/amdgpu/sriov disable all ip hw status by default (git-fixes).
• drm/amd/display: Set DISPCLK_MAX_ERRDET_CYCLES to 7 (git-fixes).
• drm/amd/display: Update scaling settings on modeset (git-fixes).
• drm/amd/display: Verify Gamma & Degamma LUT sizes in amdgpu_dm_atomic_check (git-fixes).
• drm/amd/display: fix incorrrect valid irq check (git-fixes).
• drm/amd/display: fix use_max_lb flag for 420 pixel formats (git-fixes).
• drm/amdgpu: Update NV SIMD-per-CU to 2 (git-fixes).
• drm/amdkfd: Walk through list with dqm lock hold (git-fixes).
• drm/arm/malidp: Always list modifiers (git-fixes).
• drm/bridge: cdns: Fix PM reference leak in cdns_dsi_transfer() (git-fixes).
• drm/mediatek: Fix PM reference leak in mtk_crtc_ddp_hw_init() (git-fixes).
• drm/msm/mdp4: Fix modifier support enabling (git-fixes).
• drm/mxsfb: Do not select DRM_KMS_FB_HELPER (git-fixes).
• drm/panel: raspberrypi-touchscreen: Prevent double-free (git-fixes).
• drm/radeon: Add the missed drm_gem_object_put() in radeon_user_framebuffer_create() (git-fixes).
• drm/sched: Avoid data corruptions (git-fixes).
• drm/tegra: Do not set allow_fb_modifiers explicitly (git-fixes).
• drm/vc4: fix argument ordering in vc4_crtc_get_margins() (git-fixes).
• drm/virtio: Fix double free on probe failure (git-fixes).
• drm/zte: Do not select DRM_KMS_FB_HELPER (git-fixes).
• drm: Return -ENOTTY for non-drm ioctls (git-fixes).
• e1000e: Check the PCIm state (git-fixes).
• e1000e: Fix an error handling path in 'e1000_probe()' (git-fixes).
• fbmem: Do not delete the mode that is still in use (git-fixes).
• fbmem: add margin check to fb_check_caps() (git-fixes).
• firmware/efi: Tell memblock about EFI iomem reservations (git-fixes).
• firmware: arm_scmi: Fix possible scmi_linux_errmap buffer overflow (git-fixes).
• firmware: arm_scmi: Fix range check for the maximum number of pending messages (git-fixes).
• gpio: pca953x: Add support for the On Semi pca9655 (git-fixes).
• gpio: zynq: Check return value of pm_runtime_get_sync (git-fixes).
• gtp: fix an use-before-init in gtp_newlink() (git-fixes).
• gve: Add DQO fields for core data structures (bsc#1176940).
• gve: Add Gvnic stats AQ command and ethtool show/set-priv-flags (bsc#1176940).
• gve: Add dqo descriptors (bsc#1176940).
• gve: Add stats for gve (bsc#1176940).
• gve: Add support for DQO RX PTYPE map (bsc#1176940).
• gve: Add support for raw addressing device option (bsc#1176940).
• gve: Add support for raw addressing in the tx path (bsc#1176940).
• gve: Add support for raw addressing to the rx path (bsc#1176940).
• gve: Batch AQ commands for creating and destroying queues (bsc#1176940).
• gve: Check TX QPL was actually assigned (bsc#1176940).
• gve: DQO: Add RX path (bsc#1176940).
• gve: DQO: Add TX path (bsc#1176940).
• gve: DQO: Add core netdev features (bsc#1176940).
• gve: DQO: Add ring allocation and initialization (bsc#1176940).
• gve: DQO: Configure interrupts on device up (bsc#1176940).
• gve: DQO: Fix off by one in gve_rx_dqo() (bsc#1176940).
• gve: DQO: Remove incorrect prefetch (bsc#1176940).
• gve: Enable Link Speed Reporting in the driver (bsc#1176940).
• gve: Fix warnings reported for DQO patchset (bsc#1176940).
• gve: Get and set Rx copybreak via ethtool (bsc#1176940).
• gve: Introduce a new model for device options (bsc#1176940).
• gve: Introduce per netdev `enum gve_queue_format` (bsc#1176940).
• gve: Make gve_rx_slot_page_info.page_offset an absolute offset (bsc#1176940).
• gve: Move some static functions to a common file (bsc#1176940).
• gve: NIC stats for report-stats and for ethtool (bsc#1176940).
• gve: Propagate error codes to caller (bsc#1176940).
• gve: Replace zero-length array with flexible-array member (bsc#1176940).
• gve: Rx Buffer Recycling (bsc#1176940).
• gve: Simplify code and axe the use of a deprecated API (bsc#1176940).
• gve: Update adminq commands to support DQO queues (bsc#1176940).
• gve: Use dev_info/err instead of netif_info/err (bsc#1176940).
• gve: Use link status register to report link status (bsc#1176940).
• gve: adminq: DQO specific device descriptor logic (bsc#1176940).
• gve: gve_rx_copy: Move padding to an argument (bsc#1176940).
• i2c: core: Disable client irq on reboot/shutdown (git-fixes).
• i40e: Fix autoneg disabling for non-10GBaseT links (git-fixes).
• i40e: Fix error handling in i40e_vsi_open (git-fixes).
• iavf: Fix an error handling path in 'iavf_probe()' (git-fixes).
• ibmvnic: Remove the proper scrq flush (bsc#1188504 ltc#192075).
• ibmvnic: retry reset if there are no other resets (bsc#1184350 ltc#191533).
• ice: Re-organizes reqstd/avail {R, T}XQ check/code for efficiency (jsc#SLE-7926).
• igb: Check if num of q_vectors is smaller than max before array access (git-fixes).
• igb: Fix an error handling path in 'igb_probe()' (git-fixes).
• igb: Fix position of assignment to *ring (git-fixes).
• igb: Fix use-after-free error during reset (git-fixes).
• igc: Fix an error handling path in 'igc_probe()' (git-fixes).
• igc: Fix use-after-free error during reset (git-fixes).
• igc: change default return of igc_read_phy_reg() (git-fixes).
• iio: accel: bma180: Use explicit member assignment (git-fixes).
• iio: gyro: fxa21002c: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes).
• iio: magn: bmc150: Balance runtime pm + use pm_runtime_resume_and_get() (git-fixes).
• iwlwifi: mvm: do not change band on bound PHY contexts (git-fixes).
• iwlwifi: pcie: free IML DMA memory allocation (git-fixes).
• ixgbe: Fix an error handling path in 'ixgbe_probe()' (git-fixes).
• ixgbe: Fix packet corruption due to missing DMA sync (git-fixes).
• kABI workaround for pci/quirks.c (git-fixes).
• kprobes: Do not expose probe addresses to non-CAP_SYSLOG (git-fixes).
• kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler (git-fixes).
• kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (git-fixes).
• kprobes: Fix to check probe enabled before disarm_kprobe_ftrace() (git-fixes).
• kprobes: fix kill kprobe which has been marked as gone (git-fixes).
• kvm: LAPIC: Restore guard to prevent illegal APIC register access (bsc#1188772).
• kvm: i8254: remove redundant assignment to pointer s (bsc#1188770).
• lib/decompress_unlz4.c: correctly handle zero-padding around initrds (git-fixes).
• libbpf: Fixes incorrect rx_ring_setup_done (bsc#1155518).
• liquidio: Fix unintentional sign extension issue on left shift of u16 (git-fixes).
• mISDN: fix possible use-after-free in HFC_cleanup() (git-fixes).
• media, bpf: Do not copy more entries than user space requested (git-fixes).
• media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() (git-fixes).
• media: uvcvideo: Fix pixel format change for Elgato Cam Link 4K (git-fixes).
• mfd: cpcap: Fix cpcap dmamask not set warnings (git-fixes).
• mfd: da9052/stmpe: Add and modify MODULE_DEVICE_TABLE (git-fixes).
• misc/libmasm/module: Fix two use after free in ibmasm_init_one (git-fixes).
• misc: alcor_pci: fix inverted branch condition (git-fixes).
• misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge (git-fixes).
• mmc: core: Allow UHS-I voltage switch for SDSC cards if supported (git-fixes).
• mt76: mt7603: set 0 as min coverage_class value (git-fixes).
• mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom (git-fixes).
• mt76: mt7615: increase MCU command timeout (git-fixes).
• mt76: set dma-done flag for flushed descriptors (git-fixes).
• mvpp2: suppress warning (git-fixes).
• net/mlx5: Do not fail driver on failure to create debugfs (git-fixes).
• net/mlx5e: Block offload of outer header csum for GRE tunnel (git-fixes).
• net: Make PTP-specific drivers depend on PTP_1588_CLOCK (git-fixes).
• net: atlantic: fix ip dst and ipv6 address filters (git-fixes).
• net: dp83867: Fix OF_MDIO config check (git-fixes).
• net: ethernet: ti: Remove TI_CPTS_MOD workaround (git-fixes).
• net: gve: convert strlcpy to strscpy (bsc#1176940).
• net: gve: remove duplicated allowed (bsc#1176940).
• net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes).
• net: marvell: Fix OF_MDIO config check (git-fixes).
• net: mvpp2: Put fwnode in error case during ->probe() (git-fixes).
• net: phy: microchip_t1: add lan87xx_phy_init to initialize the lan87xx phy (git-fixes).
• net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
• net: wilc1000: clean up resource in error path of init mon interface (git-fixes).
• nfc: nfcsim: fix use after free during module unload (git-fixes).
• pinctrl/amd: Add device HID for new AMD GPIO controller (git-fixes).
• pinctrl: mcp23s08: Fix missing unlock on error in mcp23s08_irq() (git-fixes).
• pinctrl: mcp23s08: fix race condition in irq handler (git-fixes).
• platform/chrome: cros_ec_lightbar: Reduce ligthbar get version command (git-fixes).
• platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios (git-fixes).
• platform/x86: intel_int0002_vgpio: Only call enable_irq_wake() when using s2idle (git-fixes).
• platform/x86: intel_int0002_vgpio: Pass irqchip when adding gpiochip (git-fixes).
• platform/x86: intel_int0002_vgpio: Remove dev_err() usage after platform_get_irq() (git-fixes).
• platform/x86: intel_int0002_vgpio: Use device_init_wakeup (git-fixes).
• power: reset: gpio-poweroff: add missing MODULE_DEVICE_TABLE (git-fixes).
• power: supply: ab8500: Avoid NULL pointers (git-fixes).
• power: supply: ab8500: add missing MODULE_DEVICE_TABLE (git-fixes).
• power: supply: charger-manager: add missing MODULE_DEVICE_TABLE (git-fixes).
• power: supply: max17042: Do not enforce (incorrect) interrupt trigger type (git-fixes).
• power: supply: sc2731_charger: Add missing MODULE_DEVICE_TABLE (git-fixes).
• power: supply: sc27xx: Add missing MODULE_DEVICE_TABLE (git-fixes).
• powerpc/64s: Move branch cache flushing bcctr variant to ppc-ops.h (bsc#1188885 ltc#193722).
• powerpc/64s: rename pnv|pseries_setup_rfi_flush to _setup_security_mitigations (bsc#1188885 ltc#193722).
• powerpc/mm: Fix lockup on kernel exec fault (bsc#1156395).
• powerpc/papr_scm: Properly handle UUID types and API (bsc#1113295, git-fixes).
• powerpc/pesries: Get STF barrier requirement from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
• powerpc/pseries: Get entry and uaccess flush required bits from H_GET_CPU_CHARACTERISTICS (bsc#1188885 ltc#193722).
• powerpc/pseries: add new branch prediction security bits for link stack (bsc#1188885 ltc#193722).
• powerpc/pseries: export LPAR security flavor in lparcfg (bsc#1188885 ltc#193722).
• powerpc/security: Add a security feature for STF barrier (bsc#1188885 ltc#193722).
• powerpc/security: Allow for processors that flush the link stack using the special bcctr (bsc#1188885 ltc#193722).
• powerpc/security: Fix link stack flush instruction (bsc#1188885 ltc#193722).
• powerpc/security: change link stack flush state to the flush type enum (bsc#1188885 ltc#193722).
• powerpc/security: make display of branch cache flush more consistent (bsc#1188885 ltc#193722).
• powerpc/security: re-name count cache flush to branch cache flush (bsc#1188885 ltc#193722).
• powerpc/security: split branch cache flush toggle from code patching (bsc#1188885 ltc#193722).
• powerpc/stacktrace: Fix spurious 'stale' traces in raise_backtrace_ipi() (bsc#1156395).
• powerpc/stacktrace: Include linux/delay.h (bsc#1156395).
• powerpc: Offline CPU in stop_this_cpu() (bsc#1156395).
• pwm: img: Fix PM reference leak in img_pwm_enable() (git-fixes).
• pwm: imx1: Do not disable clocks at device remove time (git-fixes).
• pwm: spear: Do not modify HW state in .remove callback (git-fixes).
• qemu_fw_cfg: Make fw_cfg_rev_attr a proper kobj_attribute (git-fixes).
• r8152: Fix a deadlock by doubly PM resume (bsc#1186194).
• r8152: Fix potential PM refcount imbalance (bsc#1186194).
• r8169: avoid link-up interrupt issue on RTL8106e if user enables ASPM (git-fixes).
• ravb: Fix bit fields checking in ravb_hwtstamp_get() (git-fixes).
• rbd: always kick acquire on 'acquired' and 'released' notifications (bsc#1188746).
• rbd: do not hold lock_rwsem while running_list is being drained (bsc#1188747).
• regulator: hi6421: Fix getting wrong drvdata (git-fixes).
• regulator: hi6421: Use correct variable type for regmap api val argument (git-fixes).
• replaced with upstream security mitigation cleanup
• reset: ti-syscon: fix to_ti_syscon_reset_data macro (git-fixes).
• rpm/kernel-binary.spec.in: Do not install usrmerged kernel on Leap (boo#1184804).
• rtc: max77686: Do not enforce (incorrect) interrupt trigger type (git-fixes).
• rtc: mxc_v2: add missing MODULE_DEVICE_TABLE (git-fixes).
• rtl8xxxu: Fix device info for RTL8192EU devices (git-fixes).
• scsi: fc: Add 256GBit speed setting to SCSI FC transport (bsc#1188101).
• sfp: Fix error handing in sfp_probe() (git-fixes).
• soc/tegra: fuse: Fix Tegra234-only builds (git-fixes).
• spi: cadence: Correct initialisation of runtime PM again (git-fixes).
• spi: imx: add a check for speed_hz before calculating the clock (git-fixes).
• spi: mediatek: fix fifo rx mode (git-fixes).
• staging: rtl8723bs: fix macro value for 2.4Ghz only device (git-fixes).
• thermal/core: Correct function name thermal_zone_device_unregister() (git-fixes).
• tpm: efi: Use local variable for calculating final log size (git-fixes).
• tracing: Do not reference char * as a string in histograms (git-fixes).
• tty: serial: 8250: serial_cs: Fix a memory leak in error handling path (git-fixes).
• tty: serial: fsl_lpuart: fix the potential risk of division or modulo by zero (git-fixes).
• usb: dwc2: gadget: Fix sending zero length packet in DDMA mode (git-fixes).
• usb: gadget: f_hid: fix endianness issue with descriptors (git-fixes).
• usb: gadget: hid: fix error return code in hid_bind() (git-fixes).
• usb: hub: Disable USB 3 device initiated lpm if exit latency is too high (git-fixes).
• usb: hub: Fix link power management max exit latency (MEL) calculations (git-fixes).
• usb: max-3421: Prevent corruption of freed memory (git-fixes).
• usb: renesas_usbhs: Fix superfluous irqs happen after usb_pkt_pop() (git-fixes).
• uuid: Add inline helpers to import / export UUIDs (bsc#1113295, git-fixes).
• virtio_console: Assure used length from device is limited (git-fixes).
• virtio_net: move tx vq operation under tx queue lock (git-fixes).
• vxlan: add missing rcu_read_lock() in neigh_reduce() (git-fixes).
• w1: ds2438: fixing bug that would always get page0 (git-fixes).
• watchdog: Fix possible use-after-free by calling del_timer_sync() (git-fixes).
• watchdog: Fix possible use-after-free in wdt_startup() (git-fixes).
• watchdog: iTCO_wdt: Account for rebooting on second timeout (git-fixes).
• watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() (git-fixes).
• wilc1000: write value to WILC_INTR2_ENABLE register (git-fixes).
• wireless: wext-spy: Fix out-of-bounds warning (git-fixes).
• wl1251: Fix possible buffer overflow in wl1251_cmd_scan (git-fixes).
• wlcore/wl12xx: Fix wl12xx get_mac error if device is in ELP (git-fixes).
• workqueue: fix UAF in pwq_unbound_release_workfn() (bsc#1188973).
• xen/events: reset active flag for lateeoi events later (git-fixes).
• xfrm: xfrm_state_mtu should return at least 1280 for ipv6 (bsc#1185377).
• xhci: Fix lost USB 2 remote wake (git-fixes).

This update for c-ares fixes the following issues:
Version update to git snapshot 1.17.1+20200724:

• CVE-2021-3672: fixed missing input validation on hostnames returned by DNS servers (bsc#1188881)
• If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause crash
• Crash in sortaddrinfo() if the list size equals 0 due to an unexpected DNS response
• Expand number of escaped characters in DNS replies as per RFC1035 5.1 to prevent spoofing
• Use unbuffered /dev/urandom for random data to prevent early startup performance issues

This update for cpio fixes the following issues:

• A regression in last update would cause builds to hang on various architectures(bsc#1189465)

This update for cpio fixes the following issues:

• A regression in the previous update could lead to crashes (bsc#1189465)

This update for krb5 fixes the following issues:

• CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

This update for dracut fixes the following issues:

• Correct man pages regarding the 'INITRD_MODULES' as some parts already invalid. (bsc#1187115)
• Fixed an issue when running mkinitrd inproper arch is being expanded. (bsc#1185615)
• Fix for 'suse-initrd' exclude modules that are built-in to prevent failing modules to be installed. (bsc#1185646)
• Fix informing on usage of obsolete -f parameter. (bsc#1187470)
• Fix reference to 'insmodpost module' in the documentation. (bsc#1187774)

This update for dbus-1 fixes the following issues:

• CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

This update for openssl-1_1 fixes the following security issues:

• CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520]

• CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521]

This update for bind fixes the following issues:

• Fix an assertion failure in the 'rehash()' function (bsc#1188763) When calculating the new hashtable bitsize, there was an off-by-one error that would allow the new bitsize to be larger than maximum allowed.
• tsig-keygen is now used to generate DDNS keys (bsc#1187921)

This update for cloud-init contains the following:

• Change log file creation mode to 640. (bsc#1183939)
• Do not write the generated password to the log file. (bsc#1184758)
• Allow purging cache when Python when version change detected.

This update for xen fixes the following issues:
Update to Xen 4.13.3 general bug fix release (bsc#1027519).
Security issues fixed:

• CVE-2021-28693: xen/arm: Boot modules are not scrubbed (bsc#1186428)
• CVE-2021-28692: xen: inappropriate x86 IOMMU timeout detection / handling (bsc#1186429)
• CVE-2021-0089: xen: Speculative Code Store Bypass (bsc#1186433)
• CVE-2021-28690: xen: x86: TSX Async Abort protections not restored after S3 (bsc#1186434)
• CVE-2021-28694,CVE-2021-28695,CVE-2021-28696: IOMMU page mapping issues on x86 (XSA-378)(bsc#1189373).
• CVE-2021-28697: grant table v2 status pages may remain accessible after de-allocation (XSA-379)(bsc#1189376).
• CVE-2021-28698: long running loops in grant table handling (XSA-380)(bsc#1189378).
• CVE-2021-28699: inadequate grant-v2 status frames array bounds check (XSA-382)(bsc#1189380).
• CVE-2021-28700: No memory limit for dom0less domUs (XSA-383)(bsc#1189381).

• Fixed 'Panic on CPU 0: IO-APIC + timer doesn't work!' (bsc#1180491)
• Fixed an issue with xencommons, where file format expecations by fillup did not allign (bsc#1185682)
• Fixed shell macro expansion in the spec file, so that ExecStart= in xendomains-wait-disks.service is created correctly (bsc#1183877)
• Upstream bug fixes (bsc#1027519)
• Fixed Xen SLES11SP4 guest hangs on cluster (bsc#1188050).
• xl monitoring process exits during xl save -p|-c keep the monitoring process running to cleanup the domU during shutdown (bsc#1176189).
• Dom0 hangs when pinning CPUs for dom0 with HVM guest (bsc#1179246).
• Prevent superpage allocation in the LAPIC and ACPI_INFO range (bsc#1189882).

This update for libesmtp fixes the following issues:

• CVE-2019-19977: Fixed stack-based buffer over-read in ntlm/ntlmstruct.c (bsc#1160462).

This update for openldap2 fixes the following issue:

• openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

This update for pcre2 fixes the following issue:

• Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937)

This update for runc fixes the following issues:

• Fixed an issue when toolbox container fails to start. (bsc#1189743)

This update for openssl-1_1 fixes the following issues:

• CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521).

This update for netcfg fixes the following issues:

• add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

This update for c-ares fixes the following issue:

• Allow '_' as part of DNS response. (bsc#1190225) - 'c-ares' 1.17.2 introduced response validation to prevent a security issue, however it was not listing '_' as a valid character for domain name responses which caused issues when a 'CNAME' referenced a 'SRV' record which contained underscores.

SUSE-IU-2021:598-1

This update for runc fixes the following issues:
Security issue fixed:

• CVE-2019-16884: Fixed an LSM bypass via malicious Docker images that mount over a /proc directory. (bsc#1152308)

• Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553).

This update for runc fixes the following issues:
runc was updated to v1.0.0~rc10

• CVE-2019-19921: Fixed a mount race condition with shared mounts (bsc#1160452).
• Fixed an issue where podman run hangs when spawned by salt-minion process (bsc#1149954).

This update for gzip fixes the following issue:

• gzip had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

This update for nghttp2 fixes the following issue:

• The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

This update for sysconfig fixes the following issue:

• sysconfig had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

This update for SUSEConnect fixes the following issue:

• SUSEConnect had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

This update for gpg2 fixes the following issues:

• Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308).

This update for containerd, docker, runc fixes the following issues:
Docker was updated to 20.10.6-ce (bsc#1184768, bsc#1182947, bsc#1181594)

• Switch version to use -ce suffix rather than _ce to avoid confusing other tools (bsc#1182476).
• CVE-2021-21284: Fixed a potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)
• CVE-2021-21285: Fixed an issue where pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730).
• btrfs quotas being removed by Docker regularly (bsc#1183855, bsc#1175081)

• Use the upstream runc package (bsc#1181641, bsc#1181677, bsc#1175821).
• Fixed /dev/null is not available (bsc#1168481).
• CVE-2021-30465: Fixed a symlink-exchange attack vulnarability (bsc#1185405).

• CVE-2021-21334: Fixed a potential information leak through environment variables (bsc#1183397).
• Handle a requirement from docker (bsc#1181594).

This update for wget fixes the following issue:

• When running recursively, wget will verify the length of the whole URL when saving the files. This will make it overwrite files with truncated names, throwing the following message: 'The name is too long,... trying to shorten'. (bsc#1181173)

This update for python-six fixes the following issue:

• python-six had a lower release number in 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642)

This update for libnettle fixes the following issues:

• CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060).

This update for libgcrypt fixes the following issues:

• CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212).

This update for automake fixes the following issues:

• Implement generated autoconf makefiles reproducible (bsc#1182604)
• Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848)
• Avoid bashisms in test-driver script. (bsc#1185540)

• Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589)

• Add fixes to support reproducible builds. (bsc#1186049)

This update for systemd-presets-common-SUSE fixes the following issues:
When installing the systemd-presets-common-SUSE package for the first time in a new system, it might happen that some services are installed before systemd so the %systemd_pre/post macros would not work. This is handled by enabling all preset services in this package's %posttrans section but it wasn't enabling user services, just system services. Now it enables also the user services installed before this package (bsc#1186561)

This update for patterns-microos provides the following fix:

• Add zypper-migration-plugin to the default pattern. (bsc#1186791)

This update for tar fixes the following issues:

• Link '/var/lib/tests/tar/bin/genfile' as Position-Independent Executable (bsc#1184124)

This update for lua53 fixes the following issues:
Update to version 5.3.6:

• CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449)
• CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448)
• Long brackets with a huge number of '=' overflow some internal buffer arithmetic.

This update for openldap2 fixes the following issues:

• Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210)

This update for lvm2 fixes the following issues:

• Link test as position independent executable and update packages with non-PIE binaries. (bsc#1184124)

This update for chrony fixes the following issues:

• Fixed an issue when chrony aborts in FIPS mode due to MD5. (bsc#1173760)

This update for the release packages provides the following fix:

• Fix grub menu entries after migration from SLE-12*. (bsc#1099521)
• Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221)

This update for systemd fixes the following issues:
cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807)

This update for gnutls does not fix any user visible issues. It is therefore optional to install.

This update for libzypp, zypper fixes the following issues:

• Enhance XML output of repo GPG options
• Add optional attributes showing the raw values actually present in the '.repo' file.
• Link all executables with -PIE (bsc#1186447)
• Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645)
• Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503)
• Fix segv if 'ZYPP_FULLOG' is set.

This update for dosfstools fixes the following issue:

• Fixed a bug that was causing an installation issue when trying to create an EFI partition on an NVMe-over-Fabrics device (bsc#1172863)

This update for dbus-1 fixes the following issues:

• CVE-2020-35512: Fixed a use-after-free or potential undefined behaviour caused by shared UID's (bsc#1187105)

This update for sqlite3 fixes the following issues:

• Update to version 3.36.0
• CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641)
• CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719)
• CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439)
• CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438)
• CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309)
• CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850)
• CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847)
• CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715)
• CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491)
• CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960)
• CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959)
• CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958)
• CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812)
• CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818)
• CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701)
• CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700)
• CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
• CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
• CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236)
• CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240)
• CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091)

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2021-3573: Fixed an UAF vulnerability in function that can allow attackers to corrupt kernel heaps and adopt further exploitations. (bsc#1186666)
• CVE-2021-0605: Fixed an out-of-bounds read which could lead to local information disclosure in the kernel with System execution privileges needed. (bsc#1187601)
• CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1187595)
• CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel. (bsc#1187554)
• CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (bsc#1187452)
• CVE-2021-0129: Fixed improper access control in BlueZ that may have allowed an authenticated user to potentially enable information disclosure via adjacent access (bnc#1186463).
• CVE-2020-36385: Fixed a use-after-free via the ctx_list in some ucma_migrate_id situations where ucma_close is called (bnc#1187050).
• CVE-2020-26558: Fixed Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 (bnc#1179610, bnc#1186463).
• CVE-2020-36386: Fixed an out-of-bounds read issue in hci_extended_inquiry_result_evt (bnc#1187038).

• acpica: Clean up context mutex during object deletion (git-fixes).
• alsa: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes).
• alsa: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
• alsa: timer: Fix master timer notification (git-fixes).
• alx: Fix an error handling path in 'alx_probe()' (git-fixes).
• arch: Add arch-dependent support markers in supported.conf (bsc#1186672)
• arch: Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
• ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet (git-fixes).
• ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet (git-fixes).
• ASoC: max98088: fix ni clock divider calculation (git-fixes).
• ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
• ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
• ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes).
• batman-adv: Avoid WARN_ON timing related checks (git-fixes).
• be2net: Fix an error handling path in 'be_probe()' (git-fixes).
• blk-settings: align max_sectors on 'logical_block_size' boundary (bsc#1185195).
• block: Discard page cache of zone reset target range (bsc#1187402).
• block: return the correct bvec when checking for gaps (bsc#1187143).
• block: return the correct bvec when checking for gaps (bsc#1187144).
• bluetooth: fix the erroneous flush_work() order (git-fixes).
• bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
• bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#SLE-8371 bsc#1153274).
• bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#1153274).
• bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc#1153274).
• bpfilter: Specify the log level for the kmsg message (bsc#1155518).
• brcmfmac: properly check for bus register errors (git-fixes).
• btrfs: open device without device_list_mutex (bsc#1176771).
• bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act (git-fixes).
• can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
• ceph: must hold snap_rwsem when filling inode for async create (bsc#1187927).
• cfg80211: avoid double free of PMSR request (git-fixes).
• cfg80211: make certificate generation more robust (git-fixes).
• cgroup1: do not allow '\n' in renaming (bsc#1187972).
• char: hpet: add checks after calling ioremap (git-fixes).
• CPU: Startup failed when SNC (sub-numa cluster) is enabled with 3 NIC add-on cards installed (bsc#1187263).
• cxgb4: avoid accessing registers when clearing filters (git-fixes).
• cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389).
• cxgb4: fix wrong shift (git-fixes).
• dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
• dax: Add an enum for specifying dax wakup mode (bsc#1187411).
• dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
• dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
• dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
• dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (git-fixes).
• dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
• dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
• dmaengine: stedma40: add missing iounmap() on error in d40_probe() (git-fixes).
• drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes).
• drm/amd/amdgpu: fix refcount leak (git-fixes).
• drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
• drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
• drm/amdgpu: Fix a use-after-free (git-fixes).
• drm/amdgpu: make sure we unpin the UVD BO (git-fixes).
• drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
• drm: Fix use-after-free read in drm_getunique() (git-fixes).
• drm: Lock pointer access in drm_master_release() (git-fixes).
• dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
• efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
• efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
• ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (bsc#1187408).
• ext4: fix check to prevent false positive report of incorrect used inodes (bsc#1187404).
• ext4: fix error code in ext4_commit_super (bsc#1187407).
• ext4: fix memory leak in ext4_fill_super (bsc#1187409).
• FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
• fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
• fs: fix reporting supported extra file attributes for statx() (bsc#1187410).
• ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
• ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
• fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
• gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes).
• gpu: Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882 jsc#ECO-3691)
• gve: Add NULL pointer checks when freeing irqs (git-fixes).
• gve: Correct SKB queue index validation (git-fixes).
• gve: Upgrade memory barrier in poll routine (git-fixes).
• HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
• HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
• HID: hid-input: add mapping for emoji picker key (git-fixes).
• HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).
• HID: i2c-hid: fix format string mismatch (git-fixes).
• HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes).
• HID: magicmouse: fix NULL-deref on disconnect (git-fixes).
• HID: multitouch: require Finger field to mark Win8 reports as MT (git-fixes).
• HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
• HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
• HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
• HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).
• hwmon: (dell-smm-hwmon) Fix index values (git-fixes).
• hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
• i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
• i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops (git-fixes).
• ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
• ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926).
• ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes).
• isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info (git-fixes).
• isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
• isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (git-fixes).
• ixgbe: fix large MTU request from VF (git-fixes).
• kABI workaround for struct lis3lv02d change (git-fixes).
• kernel-binary.spec.in: Add Supplements: for -extra package on Leap kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does on SLED, and like the kernel-$flavor-optional package does.
• kernel-binary.spec.in: build-id check requires elfutils.
• kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
• kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer had a mkmakefile script
• kernel: kexec_file: fix error return code of kexec_calculate_store_digests() (git-fixes).
• kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (bsc#1187867).
• kthread_worker: split code for canceling the delayed work timer (bsc#1187867).
• kyber: fix out of bounds access when preempted (bsc#1187403).
• lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
• libertas: register sysfs groups properly (git-fixes).
• locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal (git-fixes).
• md: Fix missing unused status line of /proc/mdstat (git-fixes).
• media: dvb: Add check on sp8870_readreg return (git-fixes).
• media: dvb: Add check on sp8870_readreg return (git-fixes).
• media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
• media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
• media: gspca: properly check for errors in po1030_probe() (git-fixes).
• media: gspca: properly check for errors in po1030_probe() (git-fixes).
• media: mtk-mdp: Check return value of of_clk_get (git-fixes).
• media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
• media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).
• mei: request autosuspend after sending rx flow control (git-fixes).
• mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
• module: limit enabling module.sig_enforce (git-fixes).
• net/mlx4: Fix EEPROM dump support (git-fixes).
• net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
• net/mlx5: DR, Create multi-destination flow table with level less than 64 (jsc#SLE-8464).
• net/mlx5: Fix PBMC register mapping (git-fixes).
• net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
• net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
• net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).
• net/mlx5e: Fix multipath lag activation (git-fixes).
• net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes).
• net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
• net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
• net/nfc/rawsock.c: fix a permission check bug (git-fixes).
• net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
• net/x25: Return the correct errno code (git-fixes).
• net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
• net: fix iteration for sctp transport seq_files (git-fixes).
• net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes).
• net: hns3: put off calling register_netdev() until client initialize complete (bsc#1154353).
• net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
• netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).
• nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (git-fixes).
• NFC: SUSE specific brutal fix for runtime PM (bsc#1185589).
• NFS: Deal correctly with attribute generation counter overflow (git-fixes).
• NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce() (git-fixes).
• NFS: Do not discard pNFS layout segments that are marked for return (git-fixes).
• NFS: Do not gratuitously clear the inode cache when lookup failed (git-fixes).
• NFS: Do not revalidate the directory permissions on a lookup failure (git-fixes).
• NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
• NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
• NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
• NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
• nfsd: register pernet ops last, unregister first (git-fixes).
• NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
• NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
• NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
• NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes).
• NFSv4: Do not discard segments marked for return in _pnfs_return_layout() (git-fixes).
• NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (git-fixes).
• NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode() (git-fixes).
• NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (git-fixes).
• ocfs2: fix data corruption by fallocate (bsc#1187412).
• PCI/LINK: Remove bandwidth notification (bsc#1183712).
• PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
• PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
• PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
• PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
• PCI: Mark TI C667X to avoid bus reset (git-fixes).
• PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
• perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#1184685).
• pid: take a reference when initializing `cad_pid` (bsc#1152489).
• platform/x86: hp-wireless: add AMD's hardware id to the supported list (git-fixes).
• platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes).
• platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (git-fixes).
• platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700 tablet (git-fixes).
• PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752).
• pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
• pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
• qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
• qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
• radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
• regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting (git-fixes).
• regulator: core: resolve supply for boot-on/always-on regulators (git-fixes).
• regulator: max77620: Use device_set_of_node_from_dev() (git-fixes).
• Revert 'ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()' (git-fixes).
• Revert 'brcmfmac: add a check for the status of usb_register' (git-fixes).
• Revert 'char: hpet: fix a missing check of ioremap' (git-fixes).
• Revert 'char: hpet: fix a missing check of ioremap' (git-fixes).
• Revert 'dmaengine: qcom_hidma: Check for driver register failure' (git-fixes).
• Revert 'ecryptfs: replace BUG_ON with error handling code' (bsc#1187413).
• Revert 'ibmvnic: simplify reset_long_term_buff function' (bsc#1186206 ltc#191041).
• Revert 'isdn: mISDN: Fix potential NULL pointer dereference of kzalloc' (git-fixes).
• Revert 'isdn: mISDNinfineon: fix potential NULL pointer dereference' (git-fixes).
• Revert 'libertas: add checks for the return value of sysfs_create_group' (git-fixes).
• Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes).
• Revert 'media: dvb: Add check on sp8870_readreg' (git-fixes).
• Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes).
• Revert 'media: gspca: Check the return value of write_bridge for timeout' (git-fixes).
• Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes).
• Revert 'media: gspca: mt9m111: Check write_bridge for timeout' (git-fixes).
• Revert 'media: usb: gspca: add a missed check for goto_low_power' (git-fixes).
• Revert 'net: liquidio: fix a NULL pointer dereference' (git-fixes).
• Revert 'PCI: PM: Do not read power state in pci_enable_device_flags()' (git-fixes).
• Revert 'qlcnic: Avoid potential NULL pointer dereference' (git-fixes).
• Revert 'scsi: core: run queue if SCSI device queue isn't ready and queue is idle' (bsc#1186949).
• Revert 'serial: max310x: pass return value of spi_register_driver' (git-fixes).
• Revert 'video: hgafb: fix potential NULL pointer dereference' (git-fixes).
• Revert 'video: imsttfb: fix potential NULL pointer dereferences' (bsc#1152489)
• rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#SLE-11796)
• rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
• rpm/split-modules: Avoid errors even if Module.* are not present
• s390/stack: fix possible register corruption with stack switch helper (bsc#1185677).
• sched/debug: Fix cgroup_path[] serialization (git-fixes)
• sched/fair: Keep load_avg and load_sum synced (git-fixes)
• scsi: aacraid: Fix an oops in error handling (bsc#1187072).
• scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950).
• scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951).
• scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#1186952).
• scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#1186953).
• scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (bsc#1187067).
• scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954).
• scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186955).
• scsi: bnx2i: Requires MMU (bsc#1186956).
• scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#1187883).
• scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957).
• scsi: cumana_2: Fix different dev_id between request_irq() and free_irq() (bsc#1186958).
• scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959).
• scsi: cxgb4i: Fix TLS dependency (bsc#1186960).
• scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc#1186961).
• scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
• scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962).
• scsi: hisi_sas: Fix IRQ checks (bsc#1186963).
• scsi: hisi_sas: Remove preemptible() (bsc#1186964).
• scsi: jazz_esp: Add IRQ check (bsc#1186965).
• scsi: libfc: Fix enum-conversion warning (bsc#1186966).
• scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967).
• scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068).
• scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#1186968).
• scsi: lpfc: Fix ancient double free (bsc#1186969).
• scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
• scsi: megaraid_sas: Check user-provided offsets (bsc#1186970).
• scsi: megaraid_sas: Clear affinity hint (bsc#1186971).
• scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#1186972).
• scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973).
• scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974).
• scsi: mesh: Fix panic after host or bus reset (bsc#1186976).
• scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977).
• scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#1186978).
• scsi: mpt3sas: Fix ioctl timeout (bsc#1186979).
• scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980).
• scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981).
• scsi: powertec: Fix different dev_id between request_irq() and free_irq() (bsc#1186982).
• scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983).
• scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#1186984).
• scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#1186985).
• scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
• scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()' (bsc#1186986).
• scsi: qla4xxx: Remove in_interrupt() (bsc#1186987).
• scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#1186988).
• scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#1174978 bsc#1185701).
• scsi: sd: Fix Opal support (bsc#1186989).
• scsi: sni_53c710: Add IRQ check (bsc#1186990).
• scsi: sun3x_esp: Add IRQ check (bsc#1186991).
• scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002).
• scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#1186992).
• scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993).
• scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994).
• scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995).
• scsi: ufs: core: Narrow down fast path in system suspend path (bsc#1186996).
• scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#1186997).
• scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).
• SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
• scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998).
• scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000).
• scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN (bsc#1187069).
• scsi: ufs: Properly release resources if a task is aborted successfully (bsc#1187001).
• scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
• scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003).
• scsi: ufshcd: use an enum for quirks (bsc#1186999).
• serial: max310x: unregister uart driver in case of failure and abort (git-fixes).
• serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' (git-fixes).
• spi: spi-nxp-fspi: move the register operation after the clock enable (git-fixes).
• spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
• spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd() (git-fixes).
• staging: rtl8723bs: Fix uninitialized variables (git-fixes).
• sunrpc: fix refcount leak for rpc auth modules (git-fixes).
• SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
• SUNRPC: Move fault injection call sites (git-fixes).
• SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes).
• svcrdma: disable timeouts on rdma backchannel (git-fixes).
• thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID (git-fixes).
• tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
• tracing: Correct the length check which causes memory corruption (git-fixes).
• tracing: Do no increment trace_clock_global() by one (git-fixes).
• tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
• tracing: Do not stop recording comms if the trace file is being read (git-fixes).
• tracing: Restructure trace_clock_global() to never block (git-fixes).
• ttyprintk: Add TTY hangup callback (git-fixes).
• usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
• usb: core: reduce power-on-good delay time of root hub (git-fixes).
• usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
• usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
• usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
• usb: dwc3: ep0: fix NULL pointer exception (git-fixes).
• USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes).
• usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
• usb: f_ncm: only first packet of aggregate needs to start timer (git-fixes).
• usb: fix various gadget panics on 10gbps cabling (git-fixes).
• usb: fix various gadget panics on 10gbps cabling (git-fixes).
• usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes).
• usb: gadget: eem: fix wrong eem header operation (git-fixes).
• usb: gadget: eem: fix wrong eem header operation (git-fixes).
• usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).
• usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (git-fixes).
• usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
• usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
• USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes).
• USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
• USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
• USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
• USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
• USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
• USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (git-fixes).
• USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
• USB: serial: quatech2: fix control-request directions (git-fixes).
• USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
• usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes).
• usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes).
• usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header (git-fixes).
• usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (git-fixes).
• usb: typec: wcove: Use LE to CPU conversion when accessing msg->header (git-fixes).
• USB: usbfs: Do not WARN about excessively large memory allocations (git-fixes).
• vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
• vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
• vfio/platform: fix module_put call in error flow (git-fixes).
• video: hgafb: correctly handle card detect failure during probe (git-fixes).
• video: hgafb: fix potential NULL pointer dereference (git-fixes).
• vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes).
• vrf: fix maximum MTU (git-fixes).
• vsock/vmci: log once the failed queue pair allocation (git-fixes).
• wireguard: allowedips: initialize list head in selftest (git-fixes).
• wireguard: do not use -O3 (git-fixes).
• wireguard: peer: allocate in kmem_cache (git-fixes).
• wireguard: peer: put frequently used members above cache lines (git-fixes).
• wireguard: queueing: get rid of per-peer ring buffers (git-fixes).
• wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes).
• wireguard: selftests: remove old conntrack kconfig value (git-fixes).
• wireguard: use synchronize_net rather than synchronize_rcu (git-fixes).
• x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#1152489).
• x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489).
• x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#1152489).
• x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#1152489).
• x86: fix seq_file iteration for pat.c (git-fixes).
• xen-blkback: fix compatibility bug with single page rings (git-fixes).
• xen-pciback: reconfigure also from backend watch handler (git-fixes).
• xen-pciback: redo VF placement in the virtual topology (git-fixes).
• xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
• xfrm: policy: Read seqcount outside of rcu-read side in xfrm_policy_lookup_bytype (bsc#1185675).
• xprtrdma: Avoid Receive Queue wrapping (git-fixes).
• xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes).

This update for efivar provides the following fix:

• Fix the eMMC sysfs parsing. (bsc#1187386)

This update for systemd fixes the following issues:

• CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063)
• Skip udev rules if 'elevator=' is used (bsc#1184994)