Removed rpms
============

 - libavahi-client3-32bit
 - libgcrypt20-32bit
 - libhogweed6-32bit
 - libopenssl1_1-32bit
 - libselinux1-32bit
 - libtirpc3-32bit
 - libxml2-2-32bit
 - libaudit1-32bit
 - libcom_err2-32bit
 - libdbus-1-3-32bit
 - libpmemobj1
 - libzstd1-32bit
 - p11-kit-nss-trust
 - qemu-ipxe
 - qemu-microvm
 - qemu-seabios
 - samba-winbind-libs-32bit

Added rpms
==========

 - libaudit1-32bit
 - libcom_err2-32bit
 - libdbus-1-3-32bit
 - libzstd1-32bit
 - samba-winbind-libs-32bit
 - qemu-ipxe
 - qemu-microvm
 - qemu-seabios
 - libavahi-client3-32bit
 - libgcrypt20-32bit
 - libgfortran5
 - libhogweed6-32bit
 - libopenssl1_1-32bit
 - libselinux1-32bit
 - libtirpc3-32bit
 - libxml2-2-32bit
 - mozilla-nss-certs

Package Source Changes
======================

MozillaThunderbird
+- Mozilla Thunderbird 91.8
+  * changed: Google accounts using password authentication will
+    be migrated to OAuth2. See KB Article.
+  * fixed: OpenPGP ECC keys created by Thunderbird could not be
+    imported into GnuPG
+  * fixed: Exporting multiple public PGP keys from Thunderbird
+    was not possible
+  * fixed: Replying to a newsgroup message erroneously displayed
+    a "No-reply" popup warning
+  * fixed: Opening `mid:` URLs on macOS failed
+  * fixed: Address books stored in older formats were loaded as
+    SQLite files, causing a crash
+  * fixed: Replicated LDAP directories were lost after switching
+    Thunderbird to "Offline"`mode
+  * fixed: Importing webcals from the commandline failed if the
+    URI ended with an `.ics` file extension
+  * fixed: Various security fixes
+  MFSA 2022-15 (bsc#1197903)
+  * CVE-2022-1097 (bmo#1745667)
+    Use-after-free in NSSToken objects
+  * CVE-2022-28281 (bmo#1755621)
+    Out of bounds write due to unexpected WebAuthN Extensions
+  * CVE-2022-1197 (bmo#1754985)
+    OpenPGP revocation information was ignored
+  * CVE-2022-1196 (bmo#1750679)
+    Use-after-free after VR Process destruction
+  * CVE-2022-28282 (bmo#1751609)
+    Use-after-free in DocumentL10n::TranslateDocument
+  * CVE-2022-28285 (bmo#1756957)
+    Incorrect AliasSet used in JIT Codegen
+  * CVE-2022-28286 (bmo#1735265)
+    iframe contents could be rendered outside the border
+  * CVE-2022-24713 (bmo#1758509)
+    Denial of Service via complex regular expressions
+  * CVE-2022-28289 (bmo#1663508, bmo#1744525, bmo#1753508,
+    bmo#1757476, bmo#1757805, bmo#1758549, bmo#1758776)
+    Memory safety bugs fixed in Thunderbird 91.8
+
+- Add cpu-flag `asimdrdm` to aarch64 constraints, to select newer,
+  faster buildhosts, as the others struggle to build TB.
+
SDL
+- Add CVE-2021-33657.patch: always create a full 256-entry color
+  map in case color values are out of range (boo#1198001
+  CVE-2021-33657).
+
-  issue (CVE-2019-7637, boo#1124825).
+  issue (CVE-2019-7637, CVE-2020-14409, CVE-2020-14410, boo#1124825,
+  boo#1181201, boo#1181202).
SDL2
+- Add CVE-2021-33657.patch: always create a full 256-entry color
+  map in case color values are out of range (boo#1198001
+  CVE-2021-33657).
+
branding-openSUSE
+- Skip *.tr files in /etc/bootsplash/themes/openSUSE/bootloader
+
ceph
-- Adjusting _constraints for SLE 15 SP4 to fix build issues with
-  aarch64 and ppc64le (bsc#1196733)
+- Update to v16.2.7-654-gd5a90ff46f0
+  + (bsc#1196733) remove build directory during %clean
+
+- Update to v16.2.7-652-gf5dc462fdb5
+  + (bsc#1194875) [SES7P] include/buffer: include <memory>
+
+- Update to 16.2.7-650-gd083eaa3886
+  + (pr#469) cephadm: update image paths to registry.suse.com
+  + (pr#468) cephadm: use snmp-notifier image from registry.suse.de
+  + (pr#467) cephadm: infer the default container image during pull
+  + (pr#465) mgr/cephadm: try to get FQDN for inventory address
+  + Sync _constaints file for IBS and OBS
+
+- Update to 16.2.7-640-gceb23c7491b
+  + (bsc#1194875) common: fix FTBFS due to dout & need_dynamic on GCC-12
+  + (bsc#1196938) cephadm: preserve authorized_keys file during upgrade
+
+- Update to 16.2.7-596-g7d574789716
+  + Update Prometheus Container image paths (pr #459)
+  + mgr/dashboard: Fix documentation URL (pr #456)
+  + mgr/dashboard: Adapt downstream branded navigation page (pr #454)
+
+- Update to 16.2.7-577-g3e3603b5dd1
+  + Update prometheus-server version
+
+- Update to 16.2.7-37-gb3be69440db:
+  + (bsc#1194353) Downstream branding breaks dashboard npm build
chromium
+- Chromium 100.0.4896.127 (boo#1198509)
+  * CVE-2022-1364: Type Confusion in V8
+  * Various fixes from internal audits, fuzzing and other initiatives
+
dnsmasq
+- bsc#1197872, CVE-2022-0934, dnsmasq-CVE-2022-0934.patch:
+  Heap use after free in dhcp6_no_relay
+
gstreamer-plugins-libav
+- Change the license to LGPL-2.1-or-later as specified in
+  the COPYING file
+
+- Update to version 1.20.1:
+  + No changes
+
+- Update to version 1.20.0:
+  + Development in GitLab was switched to a single git repository
+    containing all the modules
+  + GstPlay: new high-level playback library, replaces GstPlayer
+  + WebM Alpha decoding support
+  + Encoding profiles can now be tweaked with additional
+    application-specified element properties
+  + Compositor: multi-threaded video conversion and mixing
+  + RTP header extensions: unified support in RTP depayloader and
+    payloader base classes
+  + SMPTE 2022-1 2-D Forward Error Correction support
+  + Smart encoding (pass through) support for VP8, VP9, H.265 in
+    encodebin and transcodebin
+  + Runtime compatibility support for libsoup2 and libsoup3
+    (libsoup3 support experimental)
+  + Video decoder subframe support
+  + Video decoder automatic packet-loss, data corruption, and
+    keyframe request handling for RTP / WebRTC / RTSP
+  + mp4 and Matroska muxers now support profile/level/resolution
+    changes for H.264/H.265 input streams (i.e. codec data changing
+    on the fly)
+  + mp4 muxing mode that initially creates a fragmented mp4 which
+    is converted to a regular mp4 on EOS
+  + Audio support for the WebKit Port for Embedded (WPE) web page
+    source element
+  + CUDA based video color space convert and rescale elements and
+    upload/download elements
+  + NVIDIA memory:NVMM support for OpenGL glupload and gldownload
+    elements
+  + Many WebRTC improvements
+  + The new VA-API plugin implementation fleshed out with more
+    decoders and new postproc elements
+  + AppSink API to retrieve events in addition to buffers and
+    buffer lists
+  + AppSrc gained more configuration options for the internal queue
+    (leakiness, limits in buffers and time, getters to read current
+    levels)
+  + Updated Rust bindings and many new Rust plugins
+  + Improved support for custom minimal GStreamer builds
+  + Support build against FFmpeg 5.0
+  + Linux Stateless CODEC support gained MPEG-2 and VP9
+  + Windows Direct3D11/DXVA decoder gained AV1 and MPEG-2 support
+  + Lots of new plugins, features, performance improvements and bug
+    fixes
+- Drop add-gpl-option.patch: It no longer applies, but what is more
+  important is that it does not make sense. Adding the gpl option
+  only mattered when building the included ffmpeg sources gst-libav
+  had when it still supported autotools. We can not change how the
+  external ffmpeg we depend on is built, we take what we are given
+  in this case. Our ffmpeg is built with GPL-3.0-or-later as
+  license, hence change the license for this package to
+  GPL-3.0-or-later in order to reflect that fact.
+- Drop Supplements and Requires. No longer autoinstall this package
+  as when gst-libav is not available, the hardwaresupported codecs
+  in gst-bad finaly get to shine and strutt their wings.
+  Upstream sets basicly all decoders from gst-libav to a higher
+  preferance score, as they assume if you have gst-libav installed,
+  you want to use it for almost everything.
+
gutenprint
-- Version upgrade to 5.2.10:
-  * Added a unified CUPS backend 'gutenprint52+usb' that requires
-    libusb 1.0 (or newer) to support selected dye sublimation
-    printers. Support for all Canon SELPHY CP- and ES- printers
-    has been improved considerably through that CUPS backend.
-  * Added duplex support for the EPSON WorkForce 630, 635,
-    and 645, and NX635.
-  * Many new printers supported in this release.
-  * Very many new printers supported experimentally.
-  For details see the NEWS file.
-- For openSUSE 11.4 or newer BuildRequires libusb-1_0-devel
-  to build the 'gutenprint52+usb' backend. When libusb-1.0 is
-  not installed, the configure magic does not build that backend.
-  The installed /usr/share/cups/usb/net.sf.gimp-print.usb-quirks
-  needs a current CUPS version (that supports usb quirks).
-  Older CUPS versions would ignore gutenprint's usb quirks
-  which means that the generic CUPS backend 'usb' reports
-  in particular the dye sublimation printers that do not work
-  with it but require the special 'gutenprint52+usb' backend.
-
-- Do no longer send SIGHUP to cupsd in RPM post install script
-  (which would let the cupsd recognize new and updated PPD files
-  see the entry dated "Fri Sep 24 10:45:28 CEST 2010" below)
-  because SIGHUP to cupsd makes active print jobs fail
-  (see bnc#637455 starting at comment#3).
-- Added explicit "Requires: ghostscript" if suse_version > 1210
-  because since openSUSE 12.2 cups only "Recommends: ghostscript"
-  (to avoid a build dependency cycle) so that gutenprint needs
-  an explicit "Requires: ghostscript" for the "cups" device in
-  Ghostscript that is required by "rastertogutenprint" (compare
-  the entry dated "Thu Apr 28 17:20:03 CEST 2011" below).
-
-- Version upgrade to 5.2.9:
-  Revert an inappropriate change to the internal library version
-  number that was introduced in the 5.2.8 release.
-- Version upgrade to 5.2.8:
-  The Canon driver has been significantly overhauled. Its output
-  and functionality may be significantly different from previous
-  releases. Further work in future releases is expected.
-  Several Canon PIXMA and SELPHY printers were removed, as they
-  are not supported.
-  Several Canon printers do not offer a grayscale printing mode.
-  CD printing support for some Canon PIXMA printers was added.
-  Added borderless functionality to most Canon printers
-  (except S series and BJC series).
-  Many new Canon printers are now EXPERIMENTAL supported.
-  A few new Epson printers are now supported.
-  For details see the NEWS file.
-- escputil-send_nulls-void.patch is obsolete because its fixed
-  in the sources.
-- compile-fix.patch is obsolete because its fixed in the sources.
-
-- compile-fix.patch adds missing includes.
-
-- Add python-cups BuildRequires to have postscriptdriver() Provides
-  for the drivers in gutenprint.
-
-- Upgraded to version 5.2.7:
-  This release features support for many additional Canon inkjets,
-  some Epson inkjets, and some dye sublimation printers,
-  greatly upgraded support for many Epson Stylus Pro printers,
-  and numerous bug fixes.
-  For details see the NEWS file.
-- escputil-send_nulls-void.patch makes send_nulls a void function
-  because nowhere is a return value of send_nulls used
-  to fix a "no-return-in-nonvoid-function escputil.c:683" error.
-
-- Removed the needless RPM requirement for pstoraster.
-- Removed the duplicate RPM requirement for ghostscript-library
-  because there is a RPM requirement for cups
-  and cups requires ghostscript.
-
-- Added missing directories for /usr/lib/gimp/2.0/plug-ins/*
-  to the "gimpplugin" files section in the RPM spec file.
-- Marked /usr/share/gutenprint/doc/* as "doc" in the RPM
-  spec file (see Novell/openSUSE Bugzilla bnc#661350).
-
-- Removed gutenprint-5.2.6-make_A4_DefaultPageSize.patch
-  because it is useless because the DefaultPageSize in the PPD
-  templates in /usr/share/cups/model/ does not matter because
-  the cupsd sets the DefaultPageSize for PPDs in /etc/cups/ppd/
-  by default according to the locale that the cupsd runs in or
-  according to a DefaultPaperSize entry in /etc/cups/cupsd.conf.
-- Run cups-genppdupdate in the RPM post install script to update
-  Gutenprint PPD files in /etc/cups/ppd/ if such PPDs exist
-  (see Novell/openSUSE Bugzilla bnc#637455).
-
-- Disable the PPD generator /usr/lib/cups/driver/gutenprint.5.2
-  to avoid duplicated PPDs because we provide ready-made PPDs
-  in /usr/share/cups/model/gutenprint/... in the RPM package
-  (see Novell/openSUSE Bugzilla bnc#514994 comment#9
-  the section "Regarding CUPS PPD files").
-
-- gutenprint-5.2.6-make_A4_DefaultPageSize.patch
-  moves the paper definition for "A4" to the top of the list
-  to make A4 the DefaultPageSize in the Gutenprint PPDs.
-- Upgraded to version 5.2.6:
-  This release offers additional support for Epson Stylus Pro
-  printers, along with some changes for other Epson printers
-  and support for additional Canon inkjets and PCL laser
-  printers over 5.2.5. For details see the NEWS file.
-- Upgraded to version 5.2.5:
-  This release offers several fixes, new features, and support
-  for new printers over 5.2.4. For details see the NEWS file.
-
-- Split gutenprint from the cups-drivers package to have it as a
-  stand-alone package (see Novell/openSUSE Bugzilla bnc#514994).
-  The IJS driver /usr/bin/ijsgutenprint is no longer provided
-  because it is not recommend if CUPS is used. Only the native
-  CUPS driver is provided as recommend, see the README file.
-
hwdata
+- Update to version 0.357 (bsc#1196332):
+  + Updated pci, usb and vendor ids.
+
+- Update to version 0.356:
+  + Updated pci, usb and vendor ids.
+
hwinfo
+- merge gh#openSUSE/hwinfo#112
+- fix bug in determining serial console device name (bsc#1198043)
+- 21.81
+
+- merge gh#openSUSE/hwinfo#109
+- fix logic around cdrom detection
+- 21.80
+
+- merge gh#openSUSE/hwinfo#108
+- Donot close the open tray after read_cdrom_info.
+- Donot close the open tray after read.
+- 21.79
+
+- merge gh#openSUSE/hwinfo#106
+- Always read numerical 32bit serial number from EDID header.
+  Override this with ASCII serial number from display descriptor,
+  if available.
+- Display numerical 32bit serial number for monitors without serial
+  number display descriptor
+- 21.78
+
+- merge gh#openSUSE/hwinfo#105
+- Use license file from gnu.org
+- Fix spelling
+- Add missing final newline
+- Trim excess whitespace
+- Simple maintenance improvements
+- 21.77
+
+- merge gh#openSUSE/hwinfo#104
+- Fix timezone issue in SOURCE_DATE_EPOCH code
+- 21.76
+
+- merge gh#openSUSE/hwinfo#100
+- recognize loongarch64 architecture
+- 21.75
+
+- merge gh#openSUSE/hwinfo#98
+- update pci and usb ids
+- 21.74
+
+- merge gh#openSUSE/hwinfo#95
+- don't rely on select() updating its timeout arg (bsc#1184339)
+- 21.73
+
kernel-default
+- intel_idle: add core C6 optimization for SPR (bsc#1198602).
+- commit d6fb753
+
+- intel_idle: add 'preferred_cstates' module argument
+  (bsc#1198602).
+- commit 0bc7d2b
+
+- intel_idle: add SPR support (bsc#1198602).
+- commit 2bc31de
+
+- Move upstreamed patches into sorted section
+- commit e93d073
+
+- SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685).
+- SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685).
+- scsi: qedi: Fix failed disconnect handling (bsc#1197685).
+- scsi: iscsi: Fix NOP handling during conn recovery
+  (bsc#1197685).
+- scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685).
+- scsi: iscsi: Fix conn cleanup and stop race during iscsid
+  restart (bsc#1197685).
+- scsi: iscsi: Fix endpoint reuse regression (bsc#1197685).
+- scsi: iscsi: Release endpoint ID when its freed (bsc#1197685).
+- scsi: iscsi: Fix offload conn cleanup when iscsid restarts
+  (bsc#1197685).
+- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685).
+- commit d5cdaca
+
+- Sorted using series_sort.py
+  Since sequence_patch required it.
+- commit 6bf7976
+
+- PCI: hv: Remove unused hv_set_msi_entry_from_desc()
+  (bsc#1198228).
+- commit b61cd71
+
+- x86/platform/uv: Log gap hole end size (bsc#1198417).
+- commit 8618bf4
+
+- x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417).
+- commit 3d0fd26
+
+- x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417).
+- commit 76ba15c
+
+- powerpc/numa: Handle partially initialized numa nodes
+  (bsc#1197658).
+- commit 061e1c6
+
+- SUNRPC: Ensure we flush any closed sockets before
+  xs_xprt_free() (bsc#1198330 CVE-2022-28893).
+- commit d2a1b78
+
+- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
+  (bsc#1198228).
+- Drivers: hv: balloon: Disable balloon and hot-add accordingly
+  (bsc#1198228).
+- Drivers: hv: balloon: Support status report for larger page
+  sizes (bsc#1198228).
+- Drivers: hv: vmbus: Prevent load re-ordering when reading ring
+  buffer (bsc#1198228).
+- PCI: hv: Propagate coherence from VMbus device to PCI device
+  (bsc#1198228).
+- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus
+  device (bsc#1198228).
+- Drivers: hv: vmbus: Fix initialization of device object in
+  vmbus_device_register() (git-fixes).
+- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by
+  default in isolated guests (bsc#1183682).
+- PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask()
+  on ARM64 (bsc#1198228).
+- x86/hyperv: Output host build info as normal Windows version
+  number (git-fixes).
+- commit 0c3a755
+
+- additional reference for arm64 erratum 1418040 (bsc#1198228).
+- commit 7a1dfd5
+
+- supported.conf: move kmem and dax_hmem to support list
+  Moved kmem and dax_hmem to support list. (bsc#1195953)
+- commit fdf232f
+
+- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from lzo"
+  (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from zlib"
+  (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from zstd"
+  (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from generic
+  helpers" (bsc#1193852).
+- commit c24af5b
+
kernel-kvmsmall
+- intel_idle: add core C6 optimization for SPR (bsc#1198602).
+- commit d6fb753
+
+- intel_idle: add 'preferred_cstates' module argument
+  (bsc#1198602).
+- commit 0bc7d2b
+
+- intel_idle: add SPR support (bsc#1198602).
+- commit 2bc31de
+
+- Move upstreamed patches into sorted section
+- commit e93d073
+
+- SCSI: iscsi: fix iscsi_endpoint changes (bsc#1197685).
+- SCSI: iscsi: fix iscsi_cls_conn changes (bsc#1197685).
+- scsi: qedi: Fix failed disconnect handling (bsc#1197685).
+- scsi: iscsi: Fix NOP handling during conn recovery
+  (bsc#1197685).
+- scsi: iscsi: Fix unbound endpoint error handling (bsc#1197685).
+- scsi: iscsi: Fix conn cleanup and stop race during iscsid
+  restart (bsc#1197685).
+- scsi: iscsi: Fix endpoint reuse regression (bsc#1197685).
+- scsi: iscsi: Release endpoint ID when its freed (bsc#1197685).
+- scsi: iscsi: Fix offload conn cleanup when iscsid restarts
+  (bsc#1197685).
+- scsi: iscsi: Move iscsi_ep_disconnect() (bsc#1197685).
+- commit d5cdaca
+
+- Sorted using series_sort.py
+  Since sequence_patch required it.
+- commit 6bf7976
+
+- PCI: hv: Remove unused hv_set_msi_entry_from_desc()
+  (bsc#1198228).
+- commit b61cd71
+
+- x86/platform/uv: Log gap hole end size (bsc#1198417).
+- commit 8618bf4
+
+- x86/platform/uv: Update TSC sync state for UV5 (bsc#1198417).
+- commit 3d0fd26
+
+- x86/platform/uv: Update NMI Handler for UV5 (bsc#1198417).
+- commit 76ba15c
+
+- powerpc/numa: Handle partially initialized numa nodes
+  (bsc#1197658).
+- commit 061e1c6
+
+- SUNRPC: Ensure we flush any closed sockets before
+  xs_xprt_free() (bsc#1198330 CVE-2022-28893).
+- commit d2a1b78
+
+- Drivers: hv: vmbus: Replace smp_store_mb() with virt_store_mb()
+  (bsc#1198228).
+- Drivers: hv: balloon: Disable balloon and hot-add accordingly
+  (bsc#1198228).
+- Drivers: hv: balloon: Support status report for larger page
+  sizes (bsc#1198228).
+- Drivers: hv: vmbus: Prevent load re-ordering when reading ring
+  buffer (bsc#1198228).
+- PCI: hv: Propagate coherence from VMbus device to PCI device
+  (bsc#1198228).
+- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus
+  device (bsc#1198228).
+- Drivers: hv: vmbus: Fix initialization of device object in
+  vmbus_device_register() (git-fixes).
+- Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by
+  default in isolated guests (bsc#1183682).
+- PCI: hv: Avoid the retarget interrupt hypercall in irq_unmask()
+  on ARM64 (bsc#1198228).
+- x86/hyperv: Output host build info as normal Windows version
+  number (git-fixes).
+- commit 0c3a755
+
+- additional reference for arm64 erratum 1418040 (bsc#1198228).
+- commit 7a1dfd5
+
+- supported.conf: move kmem and dax_hmem to support list
+  Moved kmem and dax_hmem to support list. (bsc#1195953)
+- commit fdf232f
+
+- btrfs: fix lzo_decompress_bio() kmap leakage (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from lzo"
+  (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from zlib"
+  (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from zstd"
+  (bsc#1193852).
+- Revert "btrfs: compression: drop kmap/kunmap from generic
+  helpers" (bsc#1193852).
+- commit c24af5b
+
kernel-preempt
+- drm: drm_file struct kABI compatibility workaround
+  (bsc#1197914).
+- commit 7d8a3b5
+
+- drm: use the lookup lock in drm_is_current_master (bsc#1197914).
+- drm: protect drm_master pointers in drm_lease.c (bsc#1197914).
+- drm: serialize drm_file.master with a new spinlock
+  (bsc#1197914).
+- drm: add a locked version of drm_is_current_master
+  (bsc#1197914).
+- commit 05fda16
+
+- blacklist.conf: Add reverted/reverting swiotlb change (CVE-2022-0854 bsc#1196823 bsc#1197460)
+- commit 8d52c36
+
+- Reinstate some of "swiotlb: rework "fix info leak with
+  DMA_FROM_DEVICE"" (CVE-2022-0854 bsc#1196823).
+- swiotlb: fix info leak with DMA_FROM_DEVICE (CVE-2022-0854
+  bsc#1196823).
+- commit ff554b5
+
+- blacklist.conf: list unneeded commit
+- commit 27adcc4
+
+- NFSv4/pNFS: Fix another issue with a list iterator pointing
+  to the head (git-fixes).
+- NFSv4.1: don't retry BIND_CONN_TO_SESSION on session error
+  (git-fixes).
+- NFS: Return valid errors from nfs2/3_decode_dirent()
+  (git-fixes).
+- NFS: Use of mapping_set_error() results in spurious errors
+  (git-fixes).
+- commit 0460a48
+
+- netfilter: nf_tables: initialize registers in nft_do_chain()
+  (CVE-2022-1016 bsc#1197227).
+- commit 7111961
+
+- Delete
+  patches.suse/net-tipc-validate-domain-record-count-on-input.patch.
+  This was the original work-in-progress patch for CVE-2022-0435 /
+  bsc#1195254. Later, a proper backport of mainline commit 9aa422ad3266
+  ("tipc: improve size validations for received domain records") was added as
+  patches.suse/tipc-improve-size-validations-for-received-domain-re.patch but
+  this patch was left in place. As it adds the check a bit later than
+  upstream fix, it did not cause a conflict so nobody noticed the duplicity.
+- commit ef08708
+
+- llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes).
+- commit 2237578
+
+- net: kABI workaround for ax25_dev (CVE-2022-1199 bsc#1198028).
+- commit 49e69cc
+
+- ax25: Fix UAF bugs in ax25 timers (CVE-2022-1205 bsc#1198027).
+- ax25: fix UAF bug in ax25_send_control() (CVE-2022-1205
+  bsc#1198027).
+- ax25: Fix NULL pointer dereferences in ax25 timers
+  (CVE-2022-1205 bsc#1198027).
+- ax25: Fix refcount leaks caused by ax25_cb_del() (CVE-2022-1205
+  bsc#1198027).
+- ax25: fix UAF bugs of net_device caused by rebinding operation
+  (CVE-2022-1205 bsc#1198027).
+- ax25: fix reference count leaks of ax25_dev (CVE-2022-1205
+  bsc#1198027).
+- commit cfa1c37
+
+- Update patch reference for ax25 fixes (CVE-2022-1199 bsc#1198028)
+- commit 1b5a483
+
+- ax25: fix NPD bug in ax25_disconnect (CVE-2022-1199
+  bsc#1198028).
+- ax25: add refcount in ax25_dev to avoid UAF bugs (CVE-2022-1199
+  bsc#1198028).
+- commit f30e94a
+
+- drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
+  (CVE-2022-1198 bsc#1198030).
+- commit 6da2b7d
+
+- hamradio: remove needs_free_netdev to avoid UAF (CVE-2022-1195
+  bsc#1198029).
+- commit fcd70e2
+
+- hamradio: improve the incomplete fix to avoid NPD (CVE-2022-1195
+  bsc#1198029).
+- hamradio: defer 6pack kfree after unregister_netdev
+  (CVE-2022-1195 bsc#1198029).
+- hamradio: defer ax25 kfree after unregister_netdev
+  (CVE-2022-1195 bsc#1198029).
+- net: hamradio: fix memory leak in mkiss_close (CVE-2022-1195
+  bsc#1198029).
+- commit d30e348
+
+- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
+  in error path (CVE-2022-28389 bsc#1198033).
+- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb()
+  in error path (CVE-2022-28388 bsc#1198032).
+- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
+  in error path (CVE-2022-28390 bsc#1198031).
+- commit d6e6523
+
+- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
+- tcp: change source port randomizarion at connect() time
+  (bsc#1180153).
+- commit 96da58a
+
+- VFS: filename_create(): fix incorrect intent (bsc#1197534).
+- commit bd0a18b
+
+- KVM: SVM: Don't flush cache if hardware enforces cache coherency
+  across encryption domains (bsc#1178134).
+- commit 706a179
+
+- i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes).
+- commit e2095ad
+
+- powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395).
+- powerpc/perf: Don't use perf_hw_context for trace IMC PMU
+  (bsc#1156395).
+- commit 130da3b
+
+- mm/page_alloc.c: do not warn allocation failure on zone DMA
+  if no managed pages (bsc#1197501).
+- dma/pool: create dma atomic pool only if dma zone has managed
+  pages (bsc#1197501).
+- mm_zone: add function to check if managed dma zone exists
+  (bsc#1197501).
+- commit c0f79a1
+
+- wireguard: socket: ignore v6 endpoints when ipv6 is disabled
+  (git-fixes).
+- wireguard: socket: free skb in send6 when ipv6 is disabled
+  (git-fixes).
+- wireguard: queueing: use CFI-safe ptr_ring cleanup function
+  (git-fixes).
+- wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST
+  (git-fixes).
+- commit 972eb7f
+
+- scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup()
+  (bsc#1197675).
+- scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675).
+- scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675).
+- scsi: lpfc: Fix queue failures when recovering from PCI parity
+  error (bsc#1197675 bsc#1196478).
+- scsi: lpfc: Fix unload hang after back to back PCI EEH faults
+  (bsc#1197675 bsc#1196478).
+- scsi: lpfc: Improve PCI EEH Error and Recovery Handling
+  (bsc#1197675 bsc#1196478).
+- commit 6fc0429
+
+- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
+  (git-fixes).
+- can: mcba_usb: properly check endpoint type (git-fixes).
+- can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb
+  in error path (git-fixes).
+- can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()
+  in error path (git-fixes).
+- pwm: lpc18xx-sct: Initialize driver data and hardware before
+  pwmchip_add() (git-fixes).
+- remoteproc: qcom_wcnss: Add missing of_node_put() in
+  wcnss_alloc_memory_region (git-fixes).
+- remoteproc: qcom: Fix missing of_node_put in
+  adsp_alloc_memory_region (git-fixes).
+- clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes).
+- clk: qcom: clk-rcg2: Update the frac table for pixel clock
+  (git-fixes).
+- clk: qcom: clk-rcg2: Update logic to calculate D value for RCG
+  (git-fixes).
+- clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes).
+- clk: uniphier: Fix fixed-rate initialization (git-fixes).
+- clk: Initialize orphan req_rate (git-fixes).
+- clk: bcm2835: Remove unused variable (git-fixes).
+- clk: tegra: tegra124-emc: Fix missing put_device() call in
+  emc_ensure_emc_driver (git-fixes).
+- clk: clps711x: Terminate clk_div_table with sentinel element
+  (git-fixes).
+- clk: loongson1: Terminate clk_div_table with sentinel element
+  (git-fixes).
+- clk: actions: Terminate clk_div_table with sentinel element
+  (git-fixes).
+- clk: imx7d: Remove audio_mclk_root_clk (git-fixes).
+- clk: nxp: Remove unused variable (git-fixes).
+- commit 01f6f64
+
+- printk: disable optimistic spin during panic (bsc#1197894).
+- commit 0716386
+
+- printk: Add panic_in_progress helper (bsc#1197894).
+- commit f29520c
+
+- blacklist.conf: printk: cosmetic problem
+- commit eabafef
+
+- vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889).
+- commit dcd324e
+
+- btrfs: Remove unnecessary check from join_running_log_trans
+  (bsc#1194649).
+- commit dc4697b
+
+- btrfs: do not commit delayed inode when logging a file in full
+  sync mode (bsc#1194649).
+- btrfs: do not log new dentries when logging that a new name
+  exists (bsc#1194649).
+- commit b03bb01
+
+- Revert "module, async: async_synchronize_full() on module init
+  iff async is used" (bsc#1197888).
+- commit 2252be2
+
+- btrfs: avoid unnecessary lock and leaf splits when updating
+  inode in the log (bsc#1194649).
+- btrfs: remove unnecessary list head initialization when syncing
+  log (bsc#1194649).
+- btrfs: avoid unnecessary log mutex contention when syncing log
+  (bsc#1194649).
+- commit c49b58c
+
+- btrfs: avoid unnecessary logging of xattrs during fast fsyncs
+  (bsc#1194649).
+- commit bcb58d4
+
+- btrfs: check error value from btrfs_update_inode in tree log
+  (bsc#1194649).
+- btrfs: fixup error handling in fixup_inode_link_counts
+  (bsc#1194649).
+- commit 215b0a5
+
+- btrfs: remove unnecessary directory inode item update when
+  deleting dir entry (bsc#1194649).
+- commit ebbb134
+
+- x86/mm/pat: Don't flush cache if hardware enforces cache
+  coherency across encryption domnains (bsc#1178134).
+- commit ed78280
+
+- btrfs: fix race leading to unnecessary transaction commit when
+  logging inode (bsc#1194649).
+- btrfs: fix race that makes inode logging fallback to transaction
+  commit (bsc#1194649).
+- btrfs: fix race that causes unnecessary logging of ancestor
+  inodes (bsc#1194649).
+- btrfs: fix race that results in logging old extents during a
+  fast fsync (bsc#1194649).
+- commit 54994e0
+
+- scsi: lpfc: Copyright updates for 14.2.0.0 patches
+  (bsc#1197675).
+- scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor misc ELS paths
+  (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR
+  paths (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths
+  (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor base ELS paths and the
+  FLOGI path (bsc#1197675).
+- scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe
+  (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor fast and slow paths to
+  native SLI4 (bsc#1197675).
+- scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675).
+- scsi: lpfc: Use kcalloc() (bsc#1197675).
+- scsi: lpfc: Fix typos in comments (bsc#1197675).
+- scsi: lpfc: Remove failing soft_wwn support (bsc#1197675).
+- scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped()
+  (bsc#1197675).
+- scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt()
+  (bsc#1197675).
+- scsi: lpfc: Use fc_block_rport() (bsc#1197675).
+- scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675).
+- scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675).
+- scsi: lpfc: Remove redundant flush_workqueue() call
+  (bsc#1197675).
+- scsi: lpfc: Reduce log messages seen after firmware download
+  (bsc#1197675).
+- scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled
+  (bsc#1197675).
+- commit e642242
+
+- btrfs: check if a log tree exists at inode_logged()
+  (bsc#1194649).
+- commit 1fd0acd
+
+- btrfs: remove no longer needed full sync flag check at
+  inode_logged() (bsc#1194649).
+- btrfs: eliminate some false positives when checking if inode
+  was logged (bsc#1194649).
+- commit df30719
+
+- btrfs: skip unnecessary searches for xattrs when logging an
+  inode (bsc#1194649).
+- commit e2ffdf0
+
+- btrfs: check if a log root exists before locking the log_mutex
+  on unlink (bsc#1194649).
+- Refresh
+  patches.suse/0002-btrfs-qgroup-try-to-flush-qgroup-space-when-we-get-E.patch.
+- commit 2097b4a
+
+- ext2: correct max file size computing (bsc#1197820).
+- commit f1d2053
+
+- block/wbt: fix negative inflight counter when remove scsi device
+  (bsc#1197819).
+- commit 6f18f30
+
+- block: update io_ticks when io hang (bsc#1197817).
+- commit 4ee5ce6
+
+- fscrypt: don't ignore minor_hash when hash is 0 (bsc#1197815).
+- commit 0c58e0d
+
+- ecryptfs: fix kernel panic with null dev_name (bsc#1197812).
+- commit 18f264d
+
+- ecryptfs: Fix typo in message (bsc#1197811).
+- commit 9a64b6f
+
+- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
+  mmap_lock (CVE-2022-1048 bsc#1197331).
+- Refresh
+  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
+- commit 2d63590
+
+- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and
+  mmap_lock (CVE-2022-1048 bsc#1197331).
+- Refresh
+  patches.kabi/ALSA-kABI-workaround-for-snd_pcm_runtime-changes.patch.
+- commit db7647d
+
+- bpf: Remove config check to enable bpf support for branch
+  records (git-fixes bsc#1177028).
+- commit 5fff22c
+
+- net: sched: fix use-after-free in tc_new_tfilter()
+  (CVE-2022-1055 bsc#1197702).
+- commit 4c7dc78
+
+- blacklist.conf: kABI
+- commit 79d1df3
+
+- blacklist.conf: cleanup, not a bugfix
+- commit 3a5b1ab
+
+- blacklist.conf: cleanup, not a bugfix
+- commit a1c1b85
+
+- Revert "usb: dwc3: gadget: Use list_replace_init() before
+  traversing lists" (git-fixes).
+- commit 978c488
+
+- scsi: qla2xxx: Fix typos in comments (bsc#1197661).
+- scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661).
+- scsi: qla2xxx: Increase max limit of ql2xnvme_queues
+  (bsc#1197661).
+- scsi: qla2xxx: Use correct feature type field during RFF_ID
+  processing (bsc#1197661).
+- scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661).
+- scsi: qla2xxx: Reduce false trigger to login (bsc#1197661).
+- scsi: qla2xxx: Fix laggy FC remote port session recovery
+  (bsc#1197661).
+- scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661).
+- scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661).
+- scsi: qla2xxx: Fix crash during module load unload test
+  (bsc#1197661).
+- scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests
+  (bsc#1197661).
+- scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload
+  test (bsc#1197661).
+- scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661).
+- scsi: qla2xxx: Fix incorrect reporting of task management
+  failure (bsc#1197661).
+- scsi: qla2xxx: Use named initializers for q_dev_state
+  (bsc#1197661).
+- scsi: qla2xxx: Use named initializers for port_state_str
+  (bsc#1197661).
+- scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661).
+- commit d7f7c48
+
+- powerpc/pseries: Fix use after free in remove_phb_dynamic()
+  (bsc#1065729).
+- powerpc/tm: Fix more userspace r13 corruption (bsc#1065729).
+- powerpc/xive: fix return value of __setup handler (bsc#1065729).
+- powerpc/sysdev: fix incorrect use to determine if list is empty
+  (bsc#1065729).
+- commit 14ca561
+
+- usb: bdc: Fix a resource leak in the error handling path of
+  'bdc_probe()' (git-fixes).
+- commit b8afee8
+
+- usb: bdc: remove duplicated error message (git-fixes).
+- commit 3971aef
+
+- usb: bdc: Fix unused assignment in bdc_probe() (git-fixes).
+- commit 0a2966f
+
+- usb: bdc: Use devm_clk_get_optional() (git-fixes).
+- commit f4c7fea
+
+- usb: bdc: Adb shows offline after resuming from S2 (git-fixes).
+- commit 3293f5c
+
+- usb: gadget: bdc: use readl_poll_timeout() to simplify code
+  (git-fixes).
+- commit 686f431
+
+- net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes).
+- serial: 8250: Fix race condition in RTS-after-send handling
+  (git-fixes).
+- serial: 8250_lpss: Balance reference count for PCI DMA device
+  (git-fixes).
+- serial: 8250_mid: Balance reference count for PCI DMA device
+  (git-fixes).
+- serial: core: Fix the definition name in the comment of UPF_*
+  flags (git-fixes).
+- soundwire: intel: fix wrong register name in intel_shim_wake
+  (git-fixes).
+- misc: sgi-gru: Don't cast parameter in bit operations
+  (git-fixes).
+- VMCI: Fix the description of vmci_check_host_caps() (git-fixes).
+- misc: alcor_pci: Fix an error handling path (git-fixes).
+- pinctrl/rockchip: Add missing of_node_put() in
+  rockchip_pinctrl_probe (git-fixes).
+- pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe
+  (git-fixes).
+- pinctrl: mediatek: paris: Fix pingroup pin config state readback
+  (git-fixes).
+- pinctrl: mediatek: paris: Fix "argument" argument type for
+  mtk_pinconf_get() (git-fixes).
+- pinctrl: pinconf-generic: Print arguments for bias-pull-*
+  (git-fixes).
+- pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init
+  (git-fixes).
+- pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR()
+  (git-fixes).
+- pinctrl: nuvoton: npcm7xx: Use %zu printk format for
+  ARRAY_SIZE() (git-fixes).
+- mac80211: fix potential double free on mesh join (git-fixes).
+- commit ed99607
+
+- usb: bdc: use devm_platform_ioremap_resource() to simplify code
+  (git-fixes).
+- commit d8de3ca
+
+- driver core: dd: fix return value of __setup handler
+  (git-fixes).
+- firmware: google: Properly state IOMEM dependency (git-fixes).
+- iio: accel: mma8452: use the correct logic to get mma8452_data
+  (git-fixes).
+- iio: adc: Add check for devm_request_threaded_irq (git-fixes).
+- staging:iio:adc:ad7280a: Fix handing of device address bit
+  reversing (git-fixes).
+- iio: afe: rescale: use s64 for temporary scale calculations
+  (git-fixes).
+- iio: inkern: make a best effort on offset calculation
+  (git-fixes).
+- iio: inkern: apply consumer scale when no channel scale is
+  available (git-fixes).
+- iio: inkern: apply consumer scale on IIO_VAL_INT cases
+  (git-fixes).
+- ALSA: pci: fix reading of swapped values from pcmreg in AC97
+  codec (git-fixes).
+- ALSA: pcm: Add stream lock during PCM reset ioctl operations
+  (git-fixes).
+- ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes).
+- ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes).
+- ALSA: usb-audio: Add mute TLV for playback volumes on RODE
+  NT-USB (git-fixes).
+- ALSA: hda/realtek - Fix headset mic problem for a HP machine
+  with alc671 (git-fixes).
+- ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU
+  (git-fixes).
+- ACPI: battery: Add device HID and quirk for Microsoft Surface
+  Go 3 (git-fixes).
+- ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board
+  (git-fixes).
+- drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes).
+- commit 34d0dc9
+
+- blacklist.conf: Add 1e9d74660d4d "bpf: Fix mount source show for bpffs"
+  Missing required dependency
+- commit 5a8e47e
+
+- udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister()
+  (git-fixes).
+- commit 36f2c3d
+
+- bpf: Fix comment for helper bpf_current_task_under_cgroup()
+  (git-fixes).
+- commit b94b06c
+
+- x86/cpu: Add hardware-enforced cache coherency as a CPUID
+  feature (bsc#1178134).
+- Refresh patches.suse/x86-cpufeatures-add-sev-es-cpu-feature.
+- commit 9b8fd9f
+
+- Metadata update
+- commit 20a72ea
+
+- Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads"
+  (bsc#1197243).
+- commit 1e324a1
+
+- Drop HID multitouch fix patch (bsc#1197243)
+  Delete patches.suse/HID-multitouch-fix-Dell-Precision-7550-and-7750-butt.patch.
+  Replaced with another revert patch.
+- commit 169cf98
+
+- usb: dwc3: qcom: add IRQ check (git-fixes).
+- commit 0f04f35
+
+- usb: dwc3: gadget: Use list_replace_init() before traversing
+  lists (git-fixes).
+- commit fa45b43
+
+- xhci: fix garbage USBSTS being logged in some cases (git-fixes).
+- commit 6c80c92
+
+- Add CVE tags to
+  patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch
+  (bsc#1189562 bsc#1196761 CVE-2022-0850).
+- commit f3cb08f
+
+- blacklist.conf: 3a84fd1ed535 drm/i915/display: Fix HPD short pulse handling for eDP
+- commit ae70ffd
+
+- drm/i915/gem: add missing boundary check in vm_access
+  (git-fixes).
+- commit 99cd925
+
+- drm/msm/dpu: add DSPP blocks teardown (git-fixes).
+- commit 9c986de
+
+- drm/bridge: dw-hdmi: use safe format when first in bridge chain
+  (git-fixes).
+- commit 38ac9a8
+
+- Refresh
+  patches.suse/drm-i915-Fix-bw-atomic-check-when-switching-between-.patch.
+  Alt-commit
+- commit 81cf826
+
+- Refresh
+  patches.suse/drm-i915-Correctly-populate-use_sagv_wm-for-all-pipe.patch.
+  Alt-commit
+- commit 9f55faf
+
+- Refresh
+  patches.suse/drm-i915-Fix-dbuf-slice-config-lookup.patch.
+  Alt-commit
+- commit eb12d1f
+
+- drm/amd/display: Add affected crtcs to atomic state for dsc
+  mst unplug (git-fixes).
+- commit 1b3e76b
+
+- blacklist.conf: 3f3a24a0a3a5 drm/amdgpu: Don\'t offset by 2 in FRU EEPROM
+- commit 6877985
+
+- drm/amd/pm: return -ENOTSUPP if there is no
+  get_dpm_ultimate_freq function (git-fixes).
+- commit fb7d1f2
+
+- drm/nouveau/acr: Fix undefined behavior in
+  nvkm_acr_hsfw_load_bl() (git-fixes).
+- commit 4a1a717
+
+- drm/doc: overview before functions for drm_writeback.c
+  (git-fixes).
+- commit 6d05b7f
+
+- drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes).
+- commit 8027fb9
+
+- drm/bridge: nwl-dsi: Fix PM disable depth imbalance in
+  nwl_dsi_probe (git-fixes).
+- commit c253ca8
+
+- drm/meson: Fix error handling when afbcd.ops->init fails
+  (git-fixes).
+- commit 42a3562
+
+- drm/meson: osd_afbcd: Add an exit callback to struct
+  meson_afbcd_ops (git-fixes).
+- commit f2138e4
+
+- powerpc/mm/numa: skip NUMA_NO_NODE onlining in
+  parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes).
+- commit 4765cfb
+
+- video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes).
+- commit 047d2b7
+
+- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
+  as vbG200 to avoid black screen (git-fixes).
+- commit 3094fd1
+
+- drm/vc4: crtc: Make sure the HDMI controller is powered when
+  disabling (git-fixes).
+- commit 0e082ec
+
+- esp: Fix possible buffer overflow in ESP transformation
+  (bsc#1197131 CVE-2022-0886 CVE-2022-27666).
+- commit 39a5891
+
+- Update
+  patches.suse/quota-check-block-number-when-reading-the-block-in-q.patch
+  (bsc#1194589 bsc#1197366 CVE-2021-45868).
+- commit 1a6f8a7
+
+- pinctrl: samsung: drop pin banks references on error paths
+  (git-fixes).
+- memory: emif: check the pointer temp in get_device_details()
+  (git-fixes).
+- memory: emif: Add check for setup_interrupts (git-fixes).
+- soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes).
+- soc: qcom: rpmpd: Check for null return of devm_kcalloc
+  (git-fixes).
+- soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe
+  (git-fixes).
+- media: usb: go7007: s2250-board: fix leak in probe()
+  (git-fixes).
+- media: em28xx: initialize refcount before kref_get (git-fixes).
+- media: stk1160: If start stream fails, return buffers with
+  VB2_BUF_STATE_QUEUED (git-fixes).
+- media: Revert "media: em28xx: add missing
+  em28xx_close_extension" (git-fixes).
+- media: video/hdmi: handle short reads of hdmi info frame
+  (git-fixes).
+- media: aspeed: Correct value for h-total-pixels (git-fixes).
+- media: hantro: Fix overfill bottom register field name
+  (git-fixes).
+- media: coda: Fix missing put_device() call in coda_get_vdoa_data
+  (git-fixes).
+- media: bttv: fix WARNING regression on tunerless devices
+  (git-fixes).
+- video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of
+  (git-fixes).
+- video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name()
+  (git-fixes).
+- video: fbdev: atmel_lcdfb: fix an error code in
+  atmel_lcdfb_probe() (git-fixes).
+- video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe()
+  (git-fixes).
+- video: fbdev: matroxfb: set maxvram of vbG200eW to the same
+  as vbG200 to avoid black screen (git-fixes).
+- mmc: davinci_mmc: Handle error for clk_enable (git-fixes).
+- usb: usbtmc: Fix bug in pipe direction for control transfers
+  (git-fixes).
+- net: phy: marvell: Fix invalid comparison in the resume and
+  suspend functions (git-fixes).
+- commit 33bac97
+
+- firmware: qcom: scm: Remove reassignment to desc following
+  initializer (git-fixes).
+- ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call
+  (git-fixes).
+- ASoC: codecs: wcd934x: Add missing of_node_put() in
+  wcd934x_codec_parse_data (git-fixes).
+- ASoC: msm8916-wcd-analog: Fix error handling in
+  pm8916_wcd_analog_spmi_probe (git-fixes).
+- ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare()
+  in msm8916_wcd_digital_probe (git-fixes).
+- ASoC: imx-es8328: Fix error return code in imx_es8328_probe()
+  (git-fixes).
+- ASoC: fsl_spdif: Disable TX clock when stop (git-fixes).
+- ASoC: SOF: topology: remove redundant code (git-fixes).
+- ASoC: dmaengine: do not use a NULL prepare_slave_config()
+  callback (git-fixes).
+- ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes).
+- ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes).
+- ASoC: fsi: Add check for clk_enable (git-fixes).
+- ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes).
+- ASoC: atmel: Add missing of_node_put() in
+  at91sam9g20ek_audio_probe (git-fixes).
+- ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes).
+- ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes).
+- ASoC: mxs-saif: Handle errors for clk_enable (git-fixes).
+- ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes).
+- ASoC: rt5663: check the return value of devm_kzalloc() in
+  rt5663_parse_dp() (git-fixes).
+- ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting
+  (git-fixes).
+- ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior
+  (git-fixes).
+- ASoC: topology: Allow TLV control to be either read or write
+  (git-fixes).
+- ALSA: spi: Add check for clk_enable() (git-fixes).
+- ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes).
+- ASoC: codecs: wcd934x: fix return value of
+  wcd934x_rx_hph_mode_put (git-fixes).
+- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred
+  transaction (git-fixes).
+- media: davinci: vpif: fix unbalanced runtime PM get (git-fixes).
+- drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings
+  (git-fixes).
+- commit 364280e
+
+- ALSA: pcm: Fix races among concurrent prealloc proc writes
+  (CVE-2022-1048 bsc#1197331).
+- ALSA: pcm: Fix races among concurrent prepare and
+  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
+- ALSA: pcm: Fix races among concurrent read/write and buffer
+  changes (CVE-2022-1048 bsc#1197331).
+- ALSA: pcm: Fix races among concurrent hw_params and hw_free
+  calls (CVE-2022-1048 bsc#1197331).
+- commit 0f1f53e
+
+- cifs: use the correct max-length for dentry_path_raw()
+  (bsc1196196).
+- commit d014f56
+
+- blacklist.conf: a5ce9f2bb665 x86/speculation: Merge one test in spectre_v2_user_select_mitigation()
+- commit 2d7347b
+
+- quota: check block number when reading the block in quota file
+  (bsc#1197366 CVE-2021-45868).
+- commit a7d4915
+
+- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
+  bsc#1197331).
+- commit 8a9b87d
+
+- ALSA: kABI workaround for snd_pcm_runtime changes (CVE-2022-1048
+  bsc#1197331).
+- commit 12628f8
+
+- ALSA: pcm: Fix races among concurrent prealloc proc writes
+  (CVE-2022-1048 bsc#1197331).
+- ALSA: pcm: Fix races among concurrent prepare and
+  hw_params/hw_free calls (CVE-2022-1048 bsc#1197331).
+- ALSA: pcm: Fix races among concurrent read/write and buffer
+  changes (CVE-2022-1048 bsc#1197331).
+- ALSA: pcm: Fix races among concurrent hw_params and hw_free
+  calls (CVE-2022-1048 bsc#1197331).
+- commit aee063f
+
+- membarrier: Execute SYNC_CORE on the calling thread (git-fixes)
+- commit 8c138d0
+
+- fuse: handle kABI change in struct fuse_args (bsc#1197343
+  CVE-2022-1011).
+- fuse: fix pipe buffer lifetime for direct_io (bsc#1197343
+  CVE-2022-1011).
+- commit 112493c
+
+- spi: pxa2xx-pci: Balance reference count for PCI DMA device
+  (git-fixes).
+- spi: tegra114: Add missing IRQ check in tegra_spi_probe
+  (git-fixes).
+- regulator: qcom_smd: fix for_each_child.cocci warnings
+  (git-fixes).
+- hwmon: (pmbus) Add Vin unit off handling (git-fixes).
+- hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING
+  (git-fixes).
+- hwmon: (pmbus) Add mutex to regulator ops (git-fixes).
+- crypto: ccp - ccp_dmaengine_unregister release dma channels
+  (git-fixes).
+- crypto: cavium/nitrox - don't cast parameter in bit operations
+  (git-fixes).
+- crypto: vmx - add missing dependencies (git-fixes).
+- hwrng: atmel - disable trng on failure path (git-fixes).
+- crypto: ccree - don't attempt 0 len DMA mappings (git-fixes).
+- crypto: qat - don't cast parameter in bit operations
+  (git-fixes).
+- crypto: mxs-dcp - Fix scatterlist processing (git-fixes).
+- crypto: authenc - Fix sleep in atomic context in decrypt_tail
+  (git-fixes).
+- crypto: rsa-pkcs1pad - fix buffer overread in
+  pkcs1pad_verify_complete() (git-fixes).
+- crypto: rsa-pkcs1pad - restore signature length check
+  (git-fixes).
+- crypto: rsa-pkcs1pad - correctly get hash from source
+  scatterlist (git-fixes).
+- thermal: int340x: Increase bitmap size (git-fixes).
+- thermal: int340x: Check for NULL after calling kmemdup()
+  (git-fixes).
+- PM: suspend: fix return value of __setup handler (git-fixes).
+- PM: hibernate: fix __setup handler error handling (git-fixes).
+- ACPI: docs: enumeration: Remove redundant .owner assignment
+  (git-fixes).
+- ACPI: docs: enumeration: Update UART serial bus resource
+  documentation (git-fixes).
+- ACPI: docs: enumeration: Discourage to use custom _DSM methods
+  (git-fixes).
+- ACPI: APEI: fix return value of __setup handlers (git-fixes).
+- clocksource: acpi_pm: fix return value of __setup handler
+  (git-fixes).
+- ACPI: properties: Consistently return -ENOENT if there are no
+  more references (git-fixes).
+- clocksource/drivers/timer-of: Check return value of of_iomap
+  in timer_of_base_init() (git-fixes).
+- Input: aiptek - properly check endpoint type (git-fixes).
+- usb: gadget: Fix use-after-free bug by not setting
+  udc->dev.driver (git-fixes).
+- usb: gadget: rndis: prevent integer overflow in
+  rndis_set_response() (git-fixes).
+- drm/vrr: Set VRR capable prop only if it is attached to
+  connector (git-fixes).
+- nl80211: Update bss channel on channel switch for P2P_CLIENT
+  (git-fixes).
+- iwlwifi: don't advertise TWT support (git-fixes).
+- mac80211: refuse aggregations sessions before authorized
+  (git-fixes).
+- can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN
+  device when fully ready (git-fixes).
+- commit 240077f
+
+- membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes)
+- commit 4fc5228
+
+- blacklist.conf: Add 2ecedd756908 ("membarrier: Add an actual barrier before rseq_preempt()")
+- commit e7a5059
+
+- cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes)
+- commit 3a3c855
+
+- netfilter: conntrack: don't refresh sctp entries in closed state
+  (bsc#1197389).
+- commit d30cf2f
+
+- NFS: Do not report writeback errors in nfs_getattr()
+  (git-fixes).
+- NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes).
+- NFS: Fix initialisation of nfs_client cl_flags field
+  (git-fixes).
+- NFS: Avoid duplicate uncached readdir calls on eof (git-fixes).
+- NFS: Don't skip directory entries when doing uncached readdir
+  (git-fixes).
+- nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed
+  client (git-fixes).
+- NFS: Ensure the server has an up to date ctime before
+  hardlinking (git-fixes).
+- commit 0dffa33
+
+- blacklist.conf: fbd5969d1ff2 x86/cpufeatures: Mark two free bits in word 3
+- commit 7de8046
+
+- net: hns3: add a check for tqp_index in
+  hclge_get_ring_chain_from_mbx() (git-fixes).
+- commit 197c612
+
+- net: watchdog: hold device global xmit lock during tx disable
+  (git-fixes).
+- commit 5f626af
+
+- net: stmmac: set TxQ mode back to DCB after disabling CBS
+  (git-fixes).
+- commit 64e0e15
+
+- net: enetc: initialize the RFS and RSS memories (git-fixes).
+- commit 48628ab
+
+- net: dsa: mv88e6xxx: override existent unicast portvec in
+  port_fdb_add (git-fixes).
+- commit d733e4e
+
+- team: protect features update by RCU to avoid deadlock
+  (git-fixes).
+- commit 0917ada
+
+- netxen_nic: fix MSI/MSI-x interrupts (git-fixes).
+- commit e20b4bd
+
+- Update config files.
+- commit 5e3d4fd
+
+- drm/i915: Fix dbuf slice config lookup (git-fixes).
+- commit 2e1e919
+
+- drm/imx: parallel-display: Remove bus flags check in
+  imx_pd_bridge_atomic_check() (git-fixes).
+- commit 37de9a5
+
+- ibmvnic: fix race between xmit and reset (bsc#1197302
+  ltc#197259).
+- commit 1372669
+
+- Revert "Revert "build initrd without systemd" (bsc#1197300)"
+  This reverts commit ff2b28e76a7040ae5ce82c0145965d62159216fd.
+- commit 72ed14f
+
+- Update config files (bsc#1195926 bsc#1175667).
+  VIRTIO_PCI=m -> VIRTIO_PCI=y
+- commit 3edad5c
+
+- Revert "Revert "rpm/kernel-source.spec.in: call fdupes per subpackage""
+  This reverts commit f349b8133b949dee1721081d9fbc80cc43327d15.
+  Which was propagated from my local local tree. Restore the commit
+- commit ee9cedc
+
+- x86/speculation: Warn about Spectre v2 LFENCE mitigation
+  (bsc#1178134).
+- Refresh
+  patches.suse/x86-speculation-warn-about-eibrs-lfence-unprivileged-ebpf-smt.patch.
+- commit 8588aa6
+
+- powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395).
+- commit 5c5db21
+
+- x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF +
+  SMT (bsc#1178134).
+- commit a719566
+
+- HID: multitouch: fix Dell Precision 7550 and 7750 button type
+  (bsc#1197243).
+- commit 53c2db3
+
+- Sort in upstreamed BHB patches
+- Refresh
+  patches.suse/documentation-hw-vuln-update-spectre-doc.patch.
+- Refresh
+  patches.suse/x86-speculation-add-eibrs-retpoline-options.patch.
+- Refresh
+  patches.suse/x86-speculation-include-unprivileged-ebpf-status-in-spectre-v2-mitigation-reporting.patch.
+- Refresh
+  patches.suse/x86-speculation-rename-retpoline_amd-to-retpoline_lfence.patch.
+- Refresh
+  patches.suse/x86-speculation-use-generic-retpoline-by-default-on-amd.patch.
+- commit 4062a7a
+
+- s390/mm: fix VMA and page table handling code in storage key
+  handling functions (git-fixes).
+- s390/mm: validate VMA in PGSTE manipulation functions
+  (git-fixes).
+- s390/gmap: don't unconditionally call pte_unmap_unlock()
+  in __gmap_zap() (git-fixes).
+- s390/gmap: validate VMA in __gmap_zap() (git-fixes).
+- s390/pci_mmio: fully validate the VMA before calling
+  follow_pte() (git-fixes).
+- mm: add vma_lookup(), update find_vma_intersection() comments
+  (git-fixes).
+- commit 808c094
+
+- net/smc: Reset conn->lgr when link group registration fails
+  (git-fixes).
+- net/smc: fix using of uninitialized completions (git-fixes).
+- net/smc: fix wrong list_del in smc_lgr_cleanup_early
+  (git-fixes).
+- net/smc: Fix loop in smc_listen (git-fixes).
+- net/smc: Make sure the link_id is unique (git-fixes).
+- commit 759dc2b
+
+- blacklist.conf: net/smc cleanup with no functional change
+- commit 5a33cbb
+
+- s390/hypfs: include z/VM guests with access control group set
+  (bsc#1195640 LTC#196352).
+- commit 598f26f
+
+- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
+  (bsc#1196018).
+- commit 1580ab2
+
+- ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32
+  (bsc#1196018).
+- commit 1cdc779
+
+- s390/module: fix loading modules with a lot of relocations
+  (git-fixes).
+- commit bc1865f
+
+- s390/kexec_file: fix error handling when applying relocations
+  (git-fixes).
+- s390/kexec: fix memory leak of ipl report buffer (git-fixes).
+- s390/kexec: fix return code handling (git-fixes).
+- commit 2f0dd10
+
+- s390/bpf: Perform r1 range checking before accessing
+  jit->seen_reg (git-fixes).
+- commit 1cc7c78
+
kexec-tools
+- kexec-tools-print-error-if-kexec_file_load-fails.patch: print
+  error if kexec_file_load fails (bsc#1197176).
+
libgcrypt
+- FIPS: extend the service indicator [bsc#1190700]
+  * introduced a pk indicator function
+  * adapted the approved and non approved ciphersuites
+  * Add libgcrypt_indicators_changes.patch
+  * Add libgcrypt-indicate-shake.patch
+
libglvnd
+- provide/obsolete Mesa-libGLESv1_CM1 and Mesa-libGLESv2-2 packages
+  (bsc#1196576)
+
libslirp
+- security update
+- added patches
+  fix CVE-2021-3592 [bsc#1187364], invalid pointer initialization may lead to information disclosure (bootp)
+  + libslirp-CVE-2021-3592.patch
+  fix CVE-2021-3594 [bsc#1187367], invalid pointer initialization may lead to information disclosure (udp)
+  + libslirp-CVE-2021-3594.patch
+  fix CVE-2021-3595 [bsc#1187366], invalid pointer initialization may lead to information disclosure (tftp)
+  + libslirp-CVE-2021-3595.patch
+
libtirpc
+- add option to enforce connection via protocol version 2 first
+  (bsc#1196647)
+  add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
+
libxml2
+- Security fix: [bsc#1196490, CVE-2022-23308]
+  * Use-after-free of ID and IDREF attributes.
+- Add libxml2-CVE-2022-23308.patch
+
mozilla-nss
+- Add nss-fips-pbkdf-kat-compliance.patch (bsc#1192079). This
+  makes the PBKDF known answer test compliant with NIST SP800-132.
+
+- Mozilla NSS 3.68.3 (bsc#1197903)
+  This release improves the stability of NSS when used in a multi-threaded
+  environment. In particular, it fixes memory safety violations that
+  can occur when PKCS#11 tokens are removed while in use (CVE-2022-1097).
+  We presume that with enough effort these memory safety violations are exploitable.
+  * Remove token member from NSSSlot struct (bmo#1756271).
+  * Hold tokensLock through nssToken_GetSlot calls in nssTrustDomain_GetActiveSlots
+    (bmo#1755555).
+  * Check return value of PK11Slot_GetNSSToken (bmo#1370866).
+
net-snmp
+- Decouple snmp-mibs from net-snmp version to allow major version
+  upgrade (bsc#1196955).
+
open-iscsi
+- Updated to latest upstream, including bug fixes and cleanups.
+  Changes included:
+  * add handling name/value pairs for firmware login (bsc#1196113),
+    including man page update for same
+  * Fix bug where some package parts were installed using
+    DESTDIR twice
+  * general build cleanup (in prep for removing DB files from
+    /etc/iscsi some day soon)
+  Also, now delivering a "package config" file for libopeniscsiusr.
+
openblas:pthreads
+- Fix issues in update paths from earlier versions introduced by
+  recent structural changes (bsc#1198264):
+  - Add Obsoletes for old package names
+  - Handle the change from directories to soft links properly
+
+- Also build for s390x using latest gcc as requested by IBM
+  (jsc#SLE-18143, bsc#1197721).
+
+- Build HPC packages with gcc-<n> <n> >= 10 on Leap/SLE.
+
+- Do the same for x86_64 on SLE to make sure Cooperlake support
+  is built properly.
+- Remove:
+  * Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch
+  * Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch
+  * For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch
+  Instead, add from upstream:
+  * Define-sbgemm_r-to-fix-DYNAMIC_ARCH-builds.patch
+  * Remove-extraneous-and-wrong-definition-of-sbgemm_r-on-x86_64.patch
+  * Fix-checks-for-AVX512-and-atomics.patch
+  * Revert-AVX512-capability-check-from-PR-1980-moved-to-build.patch
+  * Use-CC-and-full-command-line-instead-of-hard-coding-gcc-for-AVX512-checking.patch
+  * Utilize-compiler-AVX512-capability-info-from-c_check-when-building-getarch.patch
+
+- Update to v0.3.20:
+  * general:
+    some code cleanup, with added casts etc.
+    fixed obtaining the cpu count with OpenMP and OMP_PROC_BIND unset
+    fixed pivot index calculation by ?LASWP for negative increments other
+    than one
+    fixed input argument check in LAPACK ? GEQRT2
+    improved the check for a Fortran compiler in CMAKE builds
+    disabled building OpenBLAS' optimized versions of LAPACK complex SPMV,
+    SPR,SYMV,SYR with NO_LAPACK=1
+    fixed building of LAPACK on certain distributed filesystems with parallel
+    gmake
+    fixed building the shared library on MacOS with classic flang
+    (v0.3.19)
+    reverted unsafe TRSV/ZRSV optimizations introduced in 0.3.16
+    fixed a potential thread race in the thread buffer reallocation routines
+    that were introduced in 0.3.18
+    fixed miscounting of thread pool size on Linux with OMP_PROC_BIND=TRUE
+    fixed CBLAS interfaces for CSROT/ZSROT and CROTG/ZROTG
+    made automatic library suffix for CMAKE builds with INTERFACE64 available
+    to CBLAS-only builds
+    (v0.3.18)
+    when the build-time number of preconfigured threads is exceeded
+    at runtime (by an external program calling BLAS functions from
+    a larger number of threads), OpenBLAS will now allocate an
+    auxiliary control structure for up to 512 additional threads
+    instead of aborting
+    added support for Loongson's LoongArch64 cpu architecture
+    fixed building OpenBLAS with CMAKE and -DBUILD_BFLOAT16=ON
+    added support for building OpenBLAS as a CMAKE subproject
+    added support for building for Windows/ARM64 targets with clang
+    improved support for building with the IBM xlf compiler
+    imported Reference-LAPACK PR 625 (out-of-bounds access in ?LARRV)
+    imported Reference-LAPACK PR 597 for testsuite compatibility with
+    LLVM's libomp
+  * x86_64:
+    fixed cross-compilation with CMAKE for CORE2 target
+    fixed miscompilation of AVX512 code in DYNAMIC_ARCH builds
+    added support for the "incidental" AVX512 hardware in Alder Lake when
+    enabled in BIOS
+    (v0.3.19)
+    DYNAMIC_ARCH builds now fall back to the cpu with most similar capabilities
+    when an unknown CPUID is encountered, instead of defaulting to Prescott
+    added cpu detection for Intel Alder Lake
+    added cpu detection for Intel Sapphire Rapids
+    added an optimized SBGEMM kernel for Sapphire Rapids
+    fixed DYNAMIC_ARCH builds on OSX with CMAKE
+    worked around DYNAMIC_ARCH builds made on Sandybridge failing on SkylakeX
+    fixed missing thread initialization for static builds on Windows/MSVC
+    fixed an excessive read in ZSYMV
+    (v0.3.18)
+    added SkylakeX S/DGEMM kernels for small problem sizes (MNK<=1000000)
+    added optimized SBGEMM for Intel Cooper Lake
+    reinstated the performance patch for AVX512 SGEMV_T with a proper fix
+    added a workaround for a gcc11 tree-vectorizer bug that caused spurious
+    failures in the test programs for complex BLAS3 when compiling at -O3
+    (the default for cmake "release" builds)
+    added support for runtime cpu count detection under Haiku OS
+    worked around a long-standing miscompilation issue of the Haswell DGEMV_T
+    kernel with gcc that could produce NaN output in some corner cases
+  * Power:
+    added support for POWER10 in big-endian mode
+    added support for building with CMAKE
+    added optimized SGEMM and DGEMM kernels for small matrix sizes
+    (v0.3.18)
+    improved performance of DASUM on POWER10
+  * ARMV8:
+    added SVE-enabled CGEMM and ZGEMM kernels for ARMV8SVE and A64FX
+    added support for Neoverse N2 and V1 cpus
+    (v0.3.19)
+    added basic support and cputype detection for Fujitsu A64FX
+    added a generic ARMV8SVE target
+    added SVE-enabled SGEMM and DGEMM kernels for ARMV8SVE and A64FX
+    added optimized CGEMM and ZGEMM kernels for Cortex A53 and A55 cpus
+    fixed cpuid detection for Apple M1 and improved performance
+    improved compiler flag setting in CMAKE builds
+    (v0.3.18)
+    fixed crashes (use of reserved register x18) on Apple M1 under OSX
+    fixed building with gcc releases earlier than 5.1
+- Fix out of bounds read in ?llarv
+  LAPACK Reference: PR 625
+  CVE-2021-4048, bsc#1196513
+- Limit parallel builds according to available memory.
+  Do NOT use %%_smp_mflags with top level 'make', set MAKE_NB_JOBS
+  instead and let the build do the work.
+  Also change -flto=auto to -flto=1: spawning even more parallel builds
+  on top of parallel build treads will wreak havok.
+- Move calls to 'update-alternatives --remove' to %%postun instead
+  of %%preun as suggested by rpmlint.
+- Since we build with DYNAMIC_ARCH, create separate config files for
+  the different target kernels to help debugging
+  Add Create-independent-kernel-Makfile-configuration-when-building-DYNAMIC_ARCH.patch
+- Remove compiler feature detection when not using auto-detection.
+  Add Do-not-attempt-to-check-host-CPU-if-TARGET-is-set.patch
+- Do not depend in variables which are not available when building
+  DYNAMIC_ARCH.
+  Add For-DYNAMIC_ARCH-don-t-use-sbgemm_r-as-parameter.c-doesn-t-get-build.patch
+- Do not include symbols defined in driver/others/parameter.c in
+  DYNAMIC_BUILD to generate more conclusive error messages earlier.
+  Add Do-not-include-symbols-defined-in-driver-others-parameter.c-in-DYNAMIC_BUILD.patch
+- Install lapack and blas libraries to an openblas-flavor
+  specific subdirectory of %%_libdir and set up the alternatives
+  to point to this directory. Set the system-wide BLAS/LAPACK
+  default directory to %%_libdir/openblas-default.
+  This way, the blas/lapack libraries will remain consistent
+  and from the same source. The user is able to override this
+  easily by setting the LD_LIBRARY_PATH to include the preferred
+  BLAS/LAPACK implementation (boo#1177260).
+- Consolidate packages 'openblas-devel' and 'openblas-devel-headers'
+  into 'openblas-common-devel' (these are built for the serial
+  flavor only).
+  'openblas-common-devel' will provide the removed 'openblas-devel-headers'
+  while the arch specific 'preferred' flavor will provide the removed
+  'openblas-devel'.
+- Fix the openblas default flavor selection:
+    [#] /usr/sbin/update-alternatives --config libopenblas.so.0
+- Add cmake and pkgconfig files.
openjpeg
+- Add security fixes:
+  openjpeg-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016),
+  openjpeg-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881),
+  openjpeg-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090),
+  openjpeg-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578),
+  openjpeg-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457),
+  openjpeg-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774).
+
-- Added a patch (heap_buffer_overflow_2_fix.patch) to fix heap-based buffer
-  overflow when processing JPEG2000 images - (CVE-2012-3535), (bnc#777445).
-
-- Add baselibs.conf
-
-- Added a patch (heap_buffer_overflow_fix.patch) to fix heap-based buffer
-  overflow when processing JPEG2000 images - (CVE-2012-3358), (bnc#770649).
-
-- Added a patch (heap_corruption_fix.patch) to fix heap corruption when
-  processing certain Gray16 TIFF images - (CVE-2009-5030), (bnc#757260).
-
-- Update to version 1.5.0:
-  New Features:
-  * openjpip:
-    + complete client-server architecture for remote browsing of jpeg 2000
-    images.
-    + see corresponding README for more details.
-  API modifications:
-  * 'bool' type has been replaced by 'opj_bool' type. 'stdbool.h' is no more
-    required.
-  Misc:
-  * improved cmake and autotools build methods.
-  * removed manual makefiles, VS project files and XCode project files.
-  * added a 'thirdparty' directory to contain all dependencies.
-    + These libraries will be build only if there are not found on the system.
-    + Note that libopenjpeg itself does not have any dependency.
-  * changed the directory hierarchy of the whole project. See README files for
-    details.
-  * tests : a complete test suite has been setup.
-    + both JPEG 2000 conformance tests and non-regressions tests are
-    configured.
-    + results are submitted to the OpenJPEG dashboard
-    (http://my.cdash.org/index.php?project=OPENJPEG)
-    + images are located in 'http://openjpeg.googlecode.com/svn/data' folder.
-    + configuration files and utilities are located in 'tests' folder.
-  * OPJViewer re-activated (need wxWidgets)
-  * Huge amount of bug fixes. See CHANGES for details.
-- Removed the following patches (fixed upstream):
-  * fix_no_undefined.patch
-  * fix_soversion.patch
-  * install_pkgconfig_file.patch
-- Replaced openjpeg-1.4-OpenJPEGConfig.patch with
-  openjpeg-1.5.0-cmake_Config.patch (taken from Fedora)
-- Replaced openjpeg-1.4-cmake_symlink_fix.patch with
-  openjpeg-1.5.0-cmake_header_symlink.patch (taken from Fedora)
-- Added 2 patches (taken from Fedora):
-  * openjpeg-1.5.0-cmake_libdir.patch -- Fix installation directories
-  * openjpeg-1.5.0-pkgconfig_includedir.patch -- Fix includedir in pkgconfig
-    file
-- Spec file updates:
-  * Added doxygen in BuildRequires: to enable compilation of devel docs.
-  * Updated BuildRequires: to include also liblcms2-devel and zlib-devel.
-  * Fixed rpmlint warning "file-contains-date-and-time"
-- No need to remove the JavaOpenJPEG/ directory from the package source anymore
-  (the Sun proprietary code was removed from the package).
-
-- license update: BSD-2-Clause
-  SPDX format
-
-- Removed the JavaOpenJPEG/ directory from the package source (fix for
-  bnc#733009 - openjpg contains Sun proprietary code).
-
-- Initial release (version 1.4).
-- Added 5 patches (taken from upstream and Fedora):
-  * openjpeg-1.4-OpenJPEGConfig.patch -- Fix OpenJPEGConfig.cmake
-  * openjpeg-1.4-cmake_symlink_fix.patch -- Fix cmake create_symlink usage for
-    header file
-  * fix_no_undefined.patch -- Fix libopenjpeg undefined references
-  * fix_soversion.patch -- Fix so version to 1 instead of 1.4
-  * install_pkgconfig_file.patch -- Fix cmake to install pkgconfig file(s)
-
openjpeg2
+- Add security fixes:
+  openjpeg2-CVE-2018-5727.patch (CVE-2018-5727, bsc#1076314),
+  openjpeg2-CVE-2018-5785.patch (CVE-2018-5785, bsc#1076967),
+  openjpeg2-CVE-2018-6616.patch (CVE-2018-6616, bsc#1079845),
+  openjpeg2-CVE-2018-14423.patch (CVE-2018-14423, bsc#1102016),
+  openjpeg2-CVE-2018-16375.patch (CVE-2018-16375, bsc#1106882),
+  openjpeg2-CVE-2018-16376.patch (CVE-2018-16376, bsc#1106881),
+  openjpeg2-CVE-2018-20845.patch (CVE-2018-20845, bsc#1140130),
+  openjpeg2-CVE-2020-6851.patch (CVE-2020-6851, bsc#1160782),
+  openjpeg2-CVE-2020-8112.patch (CVE-2020-8112, bsc#1162090),
+  openjpeg2-CVE-2020-15389.patch (CVE-2020-15389, bsc#1173578),
+  openjpeg2-CVE-2020-27823.patch (CVE-2020-27823, bsc#1180457),
+  openjpeg2-CVE-2021-29338.patch (CVE-2021-29338, bsc#1184774),
+  openjpeg2-CVE-2022-1122.patch (CVE-2022-1122, bsc#1197738).
+
-- add libopenjp2.pc (demand introduced by ImageMagick 6.8.8-5)
-
patterns-base
+- Backports fips pattern from SLE15 SP4
+  * Since patterns_base has huge different compared to SLE ones,
+    backport fips pattern from SLE then fips pattern is not missing
+
swtpm
+- Update to version 0.5.3
+  - swtpm:
+  - Check header size indicator against expected size (CVE-2022-23645 bsc#1196240)
+  - Fix --print-capabilities for 'swtpm chardev'
+  - swtpm_localca:
+  - Test for available issuercert before creating CA
+  - swtpm_cert:
+  - Rename deprecated libtasn1 types
+  - man pages:
+  - Update the doc of the flag to connect to TPM via UnixIO socket
+
systemd
+- Import commit 2bc0b2c447319a9156e7c5a18fe971f946554a6b
+  6256b14446 test: adapt install_pam() for openSUSE
+  3ea5b7e295 test: add test checking tmpfiles conf file precedence
+  e63e641ee8 test tmpfiles: add a test for 'w+'
+  b531758614 tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
+  ea98492c53 cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
+- Move coredumpctl completion files into systemd-coredump sub-package.
+
webkit2gtk3:gtk3
-- Update to version 2.34.6:
+- Update to version 2.36.0 (boo#1198290):
+  + Add new accessibility implementation using ATSPI DBus
+    interfaces instead of ATK.
+  + Add support for requestVideoFrameCallback.
+  + Change hardware-acceleration-policy setting default value to
+    always.
+  + Add support for media session.
+  + Add new API to set HTTP response information to custom uri
+    schemes.
+  + Make user interactive threads (event handler, scrolling, …)
+    real time in linux.
+  + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629.
+- Rebase no-forced-sse.patch.
+- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream.
+- Add webkit2gtk3-old-ruby.patch: fix a build failure.
+
+- Update to version 2.34.6 (boo#1196133):
+  + Security fixes: CVE-2022-22620.
-    CVE-2022-22594.
+    CVE-2022-22594, CVE-2022-22637.
webkit2gtk3:gtk3-soup2
-- Update to version 2.34.6:
+- Update to version 2.36.0 (boo#1198290):
+  + Add new accessibility implementation using ATSPI DBus
+    interfaces instead of ATK.
+  + Add support for requestVideoFrameCallback.
+  + Change hardware-acceleration-policy setting default value to
+    always.
+  + Add support for media session.
+  + Add new API to set HTTP response information to custom uri
+    schemes.
+  + Make user interactive threads (event handler, scrolling, …)
+    real time in linux.
+  + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629.
+- Rebase no-forced-sse.patch.
+- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream.
+- Add webkit2gtk3-old-ruby.patch: fix a build failure.
+
+- Update to version 2.34.6 (boo#1196133):
+  + Security fixes: CVE-2022-22620.
-    CVE-2022-22594.
+    CVE-2022-22594, CVE-2022-22637.
webkit2gtk3:gtk4
-- Update to version 2.34.6:
+- Update to version 2.36.0 (boo#1198290):
+  + Add new accessibility implementation using ATSPI DBus
+    interfaces instead of ATK.
+  + Add support for requestVideoFrameCallback.
+  + Change hardware-acceleration-policy setting default value to
+    always.
+  + Add support for media session.
+  + Add new API to set HTTP response information to custom uri
+    schemes.
+  + Make user interactive threads (event handler, scrolling, …)
+    real time in linux.
+  + Security fixes: CVE-2022-22624, CVE-2022-22628, CVE-2022-22629.
+- Rebase no-forced-sse.patch.
+- Drop fix-warnings.patch and webkit2gtk3-link-fix.patch: fixed upstream.
+- Add webkit2gtk3-old-ruby.patch: fix a build failure.
+
+- Update to version 2.34.6 (boo#1196133):
+  + Security fixes: CVE-2022-22620.
-    CVE-2022-22594.
+    CVE-2022-22594, CVE-2022-22637.
wicked
+- version 0.6.69
+- redfish: decode smbios and setup host interface
+  Add initial support to decode the SMBIOS Management Controller Host
+  Interface (Type 42) structure and expose it as wicked `firmware:redfish`
+  configuration to setup a Host Network Interface (to the BMC) using the
+  `Redfish over IP` protocol allowing access to the Redfish Service (via
+  redfish-localhost in /etc/hosts) used to manage the computer system.
+  Tech Preview (jsc#SLE-17762).
+- buffer: fix size_t length downcast to uint, add guards to init functions
+- wireless: fix to not expect colons in 64byte long wpa-psk hex hash string
+- xml-schema: reference counting fix to not crash at exit on schema errors
+- compat-suse: match sysctl.d /etc vs. /run read order with systemd-sysctl,
+  remove obsolete (sle11/sysconfig) lines about ifup-sysctl from ifsysctl.5.
+- compat-suse: fix reading of sysctl addr_gen_mode to wrong variable
+- auto6: fix to apply DNS from RA rdnss after ifdown/ifup (bsc#1181429)
+- removed obsolete patch included in the master sources (bsc#1194392)
+  [- 0001-fsm-fix-device-rename-via-yast-bsc-1194392.patch]
+