Removed rpms ============ - glibc-32bit - glibc-locale-base-32bit - libblkid1-32bit - libdevmapper1_03-32bit - libexpat1-32bit - libgcrypt20-32bit - libtirpc3-32bit - qemu-ipxe - qemu-seabios - iscsiuio - libgnutls30-32bit - libmount1-32bit - libnettle8-32bit - perl-TermReadLine-Gnu - qemu-microvm - qemu-vgabios Added rpms ========== - glibc-32bit - glibc-locale-base-32bit - libgnutls30-32bit - libjitterentropy3-32bit - libmount1-32bit - libnettle8-32bit - qemu-microvm - qemu-vgabios - libblkid1-32bit - libbpf0 - libcapstone4 - libdevmapper1_03-32bit - libexpat1-32bit - libgcrypt20-32bit - libjitterentropy3 - libtirpc3-32bit - perl-Term-ReadLine-Gnu - qemu-ipxe - qemu-seabios Package Source Changes ====================== ImageMagick + fix CVE-2022-3213 [bsc#1203450], heap buffer overflow while processing a malformed TIFF file + + ImageMagick-CVE-2022-3213.patch + +- security update +- added patches LibVNCServer +- security update +- added patches + fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup() + + LibVNCServer-CVE-2020-29260.patch + MozillaFirefox +- Firefox 102.3.0esr ESR + Placeholder changelog-entry (bsc#1203477) +- Rebase mozilla-silence-no-return-type.patch to apply with fuzz=0 + +- Firefox 102.2.0esr ESR + * Fixed: Various stability, functionality, and security fixes. + MFSA 2022-34 (bsc#1202645) + * CVE-2022-38472 (bmo#1769155) + Address bar spoofing via XSLT error handling + * CVE-2022-38473 (bmo#1771685) + Cross-origin XSLT Documents would have inherited the parent's + permissions + * CVE-2022-38476 (bmo#1760998) + Data race and potential use-after-free in PK11_ChangePW + * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, + bmo#1773363) + Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 + * CVE-2022-38478 (bmo#1770630, bmo#1776658) + Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, + and Firefox ESR 91.13 +- Add mozilla-bmo1775202.patch to fix build on ppc64le +- Firefox Extended Support Release 102.1 ESR + * Fixed: Various stability, functionality, and security fixes. + MFSA 2022-30 (bsc#1201758) + * CVE-2022-36319 (bmo#1737722) + Mouse Position spoofing with CSS transforms + * CVE-2022-36318 (bmo#1771774) + Directory indexes for bundled resources reflected URL + parameters + * CVE-2022-36314 (bmo#1773894) + Opening local .lnk files could cause unexpected + network loads + * CVE-2022-2505 (bmo#1769739, bmo#1772824) + Memory safety bugs fixed in Firefox 103 and 102.1 +- Firefox Extended Support Release 102.0.1 ESR + * Fixed: Fixed bookmark shortcut creation by dragging to + Windows File Explorer and dropping partially broken + (bmo#1774683) + * Fixed: Fixed bookmarks sidebar flashing white when opened in + dark mode (bmo#1776157) + * Fixed: Fixed multilingual spell checking not working with + content in both English and a non-Latin alphabet + (bmo#1773802) + * Fixed: Developer tools: Fixed an issue where the console + output keep getting scrolled to the bottom when the last + visible message is an evaluation result (bmo#1776262) + * Fixed: Fixed *Delete cookies and site data when Firefox is + closed* checkbox getting disabled on startup (bmo#1777419) + * Fixed: Various stability fixes +- Firefox 102.0 ESR + * New: + - We now provide more secure connections: Firefox can + now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc + headers. + - For added viewing pleasure, full-range color levels are now + supported for video playback on many systems. + - Find it easier now! Mac users can now access the macOS + share options from the Firefox File menu. + - Voilà! Support for images containing ICC v4 profiles is + enabled on macOS. + - Firefox now supports the new AVIF image format, which is + based on the modern and royalty-free AV1 video codec. It + offers significant bandwidth savings for sites compared to + existing image formats. It also supports transparency and + other advanced features. + - Firefox PDF viewer now supports filling more forms (e.g., + XFA-based forms, used by multiple governments and banks). + Learn more. + - When available system memory is critically low, Firefox on + Windows will automatically unload tabs based on their last + access time, memory usage, and other attributes. This helps + to reduce Firefox out-of-memory crashes. Forgot something? + Switching to an unloaded tab automatically reloads it. + - To prevent session loss for macOS users who are running + Firefox from a mounted .dmg file, they’ll now be prompted to + finish installation. Bear in mind, this permission prompt + only appears the first time these users run Firefox on their + computer. + - For your safety, Firefox now blocks downloads that rely on + insecure connections, protecting against potentially + malicious or unsafe downloads. Learn more and see where to + find downloads in Firefox. + - Improved web compatibility for privacy protections with + SmartBlock 3.0: In Private Browsing and Strict Tracking + Protection, Firefox goes to great lengths to protect your web + browsing activity from trackers. As part of this, the built- + in content blocking will automatically block third-party + scripts, images, and other content from being loaded from + cross-site tracking companies reported by Disconnect. Learn + more. + - Introducing a new referrer tracking protection in Strict + Tracking Protection and Private Browsing. This feature + prevents sites from unknowingly leaking private information + to trackers. Learn more. + - Introducing Firefox Suggest, a feature that provides + website suggestions as you type into the address bar. Learn + more about this faster way to navigate the web and locale- + specific features. + - Firefox macOS now uses Apple's low-power mode for + fullscreen video on sites such as YouTube and Twitch. This + meaningfully extends battery life in long viewing sessions. + Now your kids can find out what the fox says on a loop + without you ever missing a beat… + - With this release, power users can use about:unloads to + release system resources by manually unloading tabs without + closing them. + - On Windows, there will now be fewer interruptions because + Firefox won’t prompt you for updates. Instead, a background + agent will download and install updates even if Firefox is + closed. + - On Linux, we’ve improved WebGL performance and reduced + power consumption for many users. + - To better protect all Firefox users against side-channel + attacks, such as Spectre, we introduced Site Isolation. + - Firefox no longer warns you by default when you exit the + browser or close a window using a menu, button, or three-key + command. This should cut back on unwelcome notifications, + which is always nice—however, if you prefer a bit of notice, + you’ll still have full control over the quit/close modal + behavior. All warnings can be managed within Firefox + Settings. No worries! More details here. + - Firefox supports the new Snap Layouts menus when running on + Windows 11. + - RLBox—a new technology that hardens Firefox against + potential security vulnerabilities in third-party + libraries—is now enabled on all platforms. + - We’ve reduced CPU usage on macOS in Firefox and + WindowServer during event processing. + - We’ve also reduced the power usage of software decoded + video on macOS, especially in fullscreen. This includes + streaming sites such as Netflix and Amazon Prime Video. + - You can now move the Picture-in-Picture toggle button to + the opposite side of the video. Simply look for the new + context menu option Move Picture-in-Picture Toggle to Left + (Right) Side. + - We’ve made significant improvements in noise suppression + and auto-gain-control, as well as slight improvements in + echo-cancellation to provide you with a better overall + experience. + - We’ve also significantly reduced main-thread load. + - When printing, you can now choose to print only the + odd/even pages. + - Firefox now supports and displays the new style of + scrollbars on Windows 11. + - Firefox has a new optimized download flow. Instead of + prompting every time, files will download automatically. + However, they can still be opened from the downloads panel + with just one click. Easy! More information + - Firefox no longer asks what to do for each file by default. + You won’t be prompted to choose a helper application or save + to disk before downloading a file unless you have changed + your download action setting for that type of file. + - Any files you download will be immediately saved on your + disk. Depending on the current configuration, they’ll be + saved in your preferred download folder, or you’ll be asked + to select a location for each download. Windows and Linux + users will find their downloaded files in the destination + folder. They’ll no longer be put in the Temp folder. + - Firefox allows users to choose from a number of built-in + search engines to set as their default. In this release, some + users who had previously configured a default engine might + notice their default search engine has changed since Mozilla + was unable to secure formal permission to continue including + certain search engines in Firefox. + - You can now toggle Narrate in ReaderMode with the keyboard + shortcut "n." + - You can find added support for search—with or without + diacritics—in the PDF viewer. + - The Linux sandbox has been strengthened: processes exposed + to web content no longer have access to the X Window system + (X11). + - Firefox now supports credit card autofill and capture in + Germany, France, and the United Kingdom. + - We now support captions/subtitles display on YouTube, Prime + Video, and Netflix videos you watch in Picture-in-Picture. + Just turn on the subtitles on the in-page video player, and + they will appear in PiP. + - Picture-in-Picture now also supports video captions on + websites that use Web Video Text Track (WebVTT) format (e.g., + Coursera.org, Canadian Broadcasting Corporation, and many + more). + - On the first run after install, Firefox detects when its + language does not match the operating system language and + offers the user a choice between the two languages. + - Firefox spell checking now checks spelling in multiple + languages. To enable additional languages, select them in the + text field’s context menu. + - HDR video is now supported in Firefox on Mac—starting with + YouTube! Firefox users on macOS 11+ (with HDR-compatible + screens) can enjoy higher-fidelity video content. No need to + manually flip any preferences to turn HDR video support + on—just make sure battery preferences are NOT set to + “optimize video streaming while on battery”. + - Hardware-accelerated AV1 video decoding is enabled on + Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2 + Excluding Navi 24, GeForce 30). Installing the AV1 Video + Extension from the Microsoft Store may also be required. + - Video overlay is enabled on Windows for Intel GPUs, + reducing power usage during video playback. + - Improved fairness between painting and handling other + events. This noticeably improves the performance of the + volume slider on Twitch. + - Scrollbars on Linux and Windows 11 won't take space by + default. On Linux, users can change this in Settings. On + Windows, Firefox follows the system setting (System Settings + > Accessibility > Visual Effects > Always show scrollbars). + - Firefox now ignores less restricted referrer + policies—including unsafe-url, no-referrer-when-downgrade, + and origin-when-cross-origin—for cross-site + subresource/iframe requests to prevent privacy leaks from the + referrer. + - Reading is now easier with the prefers-contrast media + query, which allows sites to detect if the user has requested + that web content is presented with a higher (or lower) + contrast. + - All non-configured MIME types can now be assigned a custom + action upon download completion. + - Firefox now allows users to use as many microphones as they + want, at the same time, during video conferencing. The most + exciting benefit is that you can easily switch your + microphones at any time (if your conferencing service + provider enables this flexibility). + - Print preview has been updated. + * Fixed: Various security fixes. + MFSA 2022-24 (bsc#1200793) + * CVE-2022-34479 (bmo#1745595) + A popup window could be resized in a way to overlay the + address bar with web content + * CVE-2022-34470 (bmo#1765951) + Use-after-free in nsSHistory + * CVE-2022-34468 (bmo#1768537) + CSP sandbox header without `allow-scripts` can be bypassed + via retargeted javascript: URI + * CVE-2022-34482 (bmo#845880) + Drag and drop of malicious image could have led to malicious + executable and potential code execution + * CVE-2022-34483 (bmo#1335845) + Drag and drop of malicious image could have led to malicious + executable and potential code execution + * CVE-2022-34476 (bmo#1387919) + ASN.1 parser could have been tricked into accepting malformed + ASN.1 + * CVE-2022-34481 (bmo#1483699, bmo#1497246) + Potential integer overflow in ReplaceElementsAt + * CVE-2022-34474 (bmo#1677138) + Sandboxed iframes could redirect to external schemes + * CVE-2022-34469 (bmo#1721220) + TLS certificate errors on HSTS-protected domains could be + bypassed by the user on Firefox for Android + * CVE-2022-34471 (bmo#1766047) + Compromised server could trick a browser into an addon + downgrade + * CVE-2022-34472 (bmo#1770123) + Unavailable PAC file resulted in OCSP requests being blocked + * CVE-2022-34478 (bmo#1773717) + Microsoft protocols can be attacked if a user accepts a + prompt + * CVE-2022-2200 (bmo#1771381) + Undesired attributes could be set as part of prototype + pollution + * CVE-2022-34480 (bmo#1454072) + Free of uninitialized pointer in lg_init + * CVE-2022-34477 (bmo#1731614) + MediaError message property leaked information on cross- + origin same-site pages + * CVE-2022-34475 (bmo#1757210) + HTML Sanitizer could have been bypassed via same-origin + script via use tags + * CVE-2022-34473 (bmo#1770888) + HTML Sanitizer could have been bypassed via use tags + * CVE-2022-34484 (bmo#1763634, bmo#1772651) + Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11 + * CVE-2022-34485 (bmo#1768409, bmo#1768578) + Memory safety bugs fixed in Firefox 102 +- Add patch one_swizzle_to_rule_them_all.patch to fix big endian + platforms and remove old patches for this: + mozilla-bmo1626236.patch and mozilla-bmo1602730.patch +- Rename and rebase firefox-i586-conflict-typedef-error.patch + to mozilla-bmo531915.patch +- Remove upstreamed mozilla-sandbox-fips.patch + aaa_base +- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch + * The wrapper rootsh is not a restricted shell (bsc#1199492) + ca-certificates-mozilla +- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868) + Added: + - Certainly Root E1 + - Certainly Root R1 + - DigiCert SMIME ECC P384 Root G5 + - DigiCert SMIME RSA4096 Root G5 + - DigiCert TLS ECC P384 Root G5 + - DigiCert TLS RSA4096 Root G5 + - E-Tugra Global Root CA ECC v3 + - E-Tugra Global Root CA RSA v3 + Removed: + - Hellenic Academic and Research Institutions RootCA 2011 + +- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079) + Added: + - Autoridad de Certificacion Firmaprofesional CIF A62634068 + - D-TRUST BR Root CA 1 2020 + - D-TRUST EV Root CA 1 2020 + - GlobalSign ECC Root CA R4 + - GTS Root R1 + - GTS Root R2 + - GTS Root R3 + - GTS Root R4 + - HiPKI Root CA - G1 + - ISRG Root X2 + - Telia Root CA v2 + - vTrus ECC Root CA + - vTrus Root CA + Removed: + - Cybertrust Global Root + - DST Root CA X3 + - DigiNotar PKIoverheid CA Organisatie - G2 + - GlobalSign ECC Root CA R4 + - GlobalSign Root CA R2 + - GTS Root R1 + - GTS Root R2 + - GTS Root R3 + - GTS Root R4 + +- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006) +- Added CAs: + + HARICA Client ECC Root CA 2021 + + HARICA Client RSA Root CA 2021 + + HARICA TLS ECC Root CA 2021 + + HARICA TLS RSA Root CA 2021 + + TunTrust Root CA + +- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) +- Added new root CAs: + - NAVER Global Root Certification Authority +- Removed old root CA: + - GeoTrust Global CA + - GeoTrust Primary Certification Authority + - GeoTrust Primary Certification Authority - G3 + - GeoTrust Universal CA + - GeoTrust Universal CA 2 + - thawte Primary Root CA + - thawte Primary Root CA - G2 + - thawte Primary Root CA - G3 + - VeriSign Class 3 Public Primary Certification Authority - G4 + - VeriSign Class 3 Public Primary Certification Authority - G5 + cifs-utils - * mount.cifs: fix verbose messages on option parsing + * mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869) colord +- Add colord-CVE-2021-42523.patch: fix a small memory leak in + sqlite3_exec (boo#1202802 CVE-2021-42523). + dmidecode +2 recommended fixes from upstream: +- news-fix-typo.patch: We ship the NEWS file so avoid including a + typo in it. +- dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing + NULL to a %s printf conversion specifier is illegal, and can + result in a segmentation fault. Current version of glibc doesn't + mind, but alternative, past or future libc implementations could + crash, so let's fix it. + +- Update to upstream version 3.4: + * This update implements jsc#SLE-24502 and jsc#PED-1466. + * [COMPATIBILITY] Document how the UUID fields are interpreted. + * [PORTABILITY] Don't use memcpy on /dev/mem on arm64. + * Support for SMBIOS 3.4.0. This includes new memory device types, new + processor upgrades, new slot types and characteristics, decoding of memory + module extended speed, new system slot types, new processor characteristics + and new format of Processor ID. + * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS + characteristics, new slot characteristics, new on-board device types, new + pointing device interface types, and a new record type (type 45 - + Firmware Inventory Information). + * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240. + * Bug fixes: + Fix OEM vendor name matching + * Minor improvements: + Add bios-revision, firmware-revision and system-sku-number to -s option + Use the most appropriate unit for cache size + Decode system slot base bus width and peers + Skip details of uninstalled memory modules + Don't display the raw CPU ID in quiet mode + Improve the formatting of the manual pages + * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch, + dmidecode-add-logical-non-volatile-device.patch, + dmidecode-add-memory-device-types-from-smbios-3.4.0.patch, + dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch, + dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch, + dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch, + dmidecode-add-system-slot-types-from-smbios-3.4.0.patch, + dmidecode-fix-formatting-of-tpm-table-output.patch, + dmidecode-fix-redfish-hostname-print-length.patch, + dmidecode-fix-system-slot-information-for-pcie-ssd.patch, + dmidecode-missing-commas.patch, + dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch and + dmidecode-skip-details-of-uninstalled-memory-modules.patch. + dracut +- Update to version 055+suse.300.ge878982d: + * chore(suse): change default persistent policy (jsc#PED-1885) + * fix(systemd): add missing modprobe@.service (bsc#1203749) + * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267) + expat +- Security fix: + * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent + function in xmlparse.c + - Added patch expat-CVE-2022-40674.patch + +- Security fixes: + * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236 + breaks biboumi, ClairMeta, jxmlease, libwbxml, + openleadr-python, rnv, xmltodict + - Added expat-CVE-2022-25236-relax-fix.patch + +- Security fixes: + * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows + attackers to insert namespace-separator characters into + namespace URIs + - Added expat-CVE-2022-25236.patch + * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before + 2.4.5 does not check whether a UTF-8 character is valid in a + certain context. + - Added expat-CVE-2022-25235.patch + * (CVE-2022-25313, bsc#1196168) Stack exhaustion in + build_model() via uncontrolled recursion + - Added expat-CVE-2022-25313.patch + - The fix upstream introduced a regression that was later + amended in 2.4.6 version + + Added expat-CVE-2022-25313-fix-regression.patch + * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString + - Added expat-CVE-2022-25314.patch + * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames + - Added expat-CVE-2022-25315.patch + +- Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253] + +- update to 2.4.4 (bsc#1195217, bsc#1195054): + * Security fixes: + - CVE-2022-23852 -- Fix signed integer overflow + (undefined behavior) in function XML_GetBuffer + that is also called by function XML_Parse internally) + for when XML_CONTEXT_BYTES is defined to >0 (which is both + common and default). + Impact is denial of service or more. + - CVE-2022-23990 -- Fix unsigned integer overflow in function + doProlog triggered by large content in element type + declarations when there is an element declaration handler + present (from a prior call to XML_SetElementDeclHandler). + Impact is denial of service or more. + * Bug fixes: + - xmlwf: Fix a memory leak on output file opening error + * Other changes: + - Version info bumped from 9:3:8 to 9:4:8; + see https://verbump.de/ for what these numbers do + * Drop unused file valid-xhtml10.png + +- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474, + bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480): + * CVE-2021-45960 -- Fix issues with left shifts by >=29 places + resulting in + a) realloc acting as free + b) realloc allocating too few bytes + c) undefined behavior + depending on architecture and precise value + for XML documents with >=2^27+1 prefixed attributes + on a single XML tag a la + "" + where XML_ParserCreateNS is used to create the parser + (which needs argument "-n" when running xmlwf). + Impact is denial of service, or more. + * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow + on variable m_groupSize in function doProlog leading + to realloc acting as free. + Impact is denial of service or more. + * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows + near memory allocation at multiple places. Mitre assigned + a dedicated CVE for each involved internal C function: + - CVE-2022-22822 for function addBinding + - CVE-2022-22823 for function build_model + - CVE-2022-22824 for function defineAttribute + - CVE-2022-22825 for function lookup + - CVE-2022-22826 for function nextScaffoldPart + - CVE-2022-22827 for function storeAtts + Impact is denial of service or more. + +- update to 2.4.2: + * Link againgst libm for function "isnan" + * Include expat_config.h as early as possible + * Autotools: Include files with release archives: + - buildconf.sh + - fuzz/*.c + * Autotools: Sync CMake templates + * docs: Document that function XML_GetBuffer may return NULL + when asking for a buffer of 0 (zero) bytes size + * docs: Fix return value docs for both + XML_SetBillionLaughsAttackProtection* functions + * Version info bumped from 9:1:8 to 9:2:8 + +- Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253] + * Remove expat-CVE-2018-20843.patch upstream + +- Update to 2.4.1: + * Bug fixes: + - Autotools: Fix installed header expat_config.h for multilib + systems; regression introduced in 2.4.0 by pull request #486 + * Other changes: + - Version info bumped from 9:0:8 to 9:1:8; see + https://verbump.de/ for what these numbers do + +- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"] + * Security fixes: + - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks + (denial-of-service; flavors targeting CPU time or RAM or both, + leveraging general entities or parameter entities or both) + by tracking and limiting the input amplification factor + ( := ( + ) / ). + By conservative default, amplification up to a factor of 100.0 + is tolerated and rejection only starts after 8 MiB of output bytes + (= + ) have been processed. + The fix adds the following to the API: + - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to + signals this specific condition. + - Two new API functions .. + - XML_SetBillionLaughsAttackProtectionMaximumAmplification and + - XML_SetBillionLaughsAttackProtectionActivationThreshold + .. to further tighten billion laughs protection parameters + when desired. Please see file "doc/reference.html" for details. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + - Two new XML_FEATURE_* constants .. + - that can be queried using the XML_GetFeatureList function, and + - that are shown in "xmlwf -v" output. + - Two new environment variable switches .. + - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and + - EXPAT_ENTITY_DEBUG=(0|1) + .. for runtime debugging of accounting and entity processing. + Specific behavior of these values may change in the future. + - Two new command line arguments "-a FACTOR" and "-b BYTES" + for xmlwf to further tighten billion laughs protection + parameters when desired. + If you ever need to increase the defaults for non-attack XML + payload, please file a bug report with libexpat. + * Bug fixes: + - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake) + or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault + for UTF-16 payloads containing CDATA sections. + - Autotools: Fix generated CMake files for non-64bit and + non-Linux platforms (e.g. macOS and MinGW in particular) + that were introduced with release 2.3.0 + * Other changes: + - xmlwf: Improve help output and the xmlwf man page + - xmlwf: Improve maintainability through some refactoring + - xmlwf: Fix man page DocBook validity + - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR + and CMAKE_INSTALL_INCLUDEDIR + - CMake: Add support for standard variable BUILD_SHARED_LIBS + - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters + - Resolve macro HAVE_EXPAT_CONFIG_H + - Delete unused legacy helper file "conftools/PrintPath" + - doc/reference.html: Fix XHTML validity + - doc/reference.html: Replace the 90s look by OK.css + - Version info bumped from 8:0:7 to 9:0:8 due to addition of + new symbols and error codes; see https://verbump.de/ for + what these numbers do + +- Do not BuildRequire cmake: expat is part of the distro bootstrap + cycle and any additional dependency makes the ring larger. In + this case here, cmake was even only used to own a directory. + +- update to 2.3.0: + * When calling XML_ParseBuffer without a prior successful call to + XML_GetBuffer as a user, no longer trigger undefined behavior + (by adding an integer to a NULL pointer) but rather return + XML_STATUS_ERROR and set the error code to (new) code + XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer) + of Clang 11 (but not Clang 9). + * xmlwf: Exit status 2 was used for both: + - malformed input files (documented) and + - invalid command-line arguments (undocumented). + case of invalid command-line arguments now + has its own exit status 4, resolving the ambiguity. + * Other changes + +- Update to 2.2.10: + * Bug fixes: + - Fix undefined behavior during parsing caused by pointer + arithmetic with NULL pointers + - Fix reading uninitialized variable during parsing + - xmlwf: Add missing check for malloc NULL return + * Other changes: + - xmlwf: Document exit codes in xmlwf manpage and exit with code 3 + (rather than code 1) for output errors when used with "-d DIRECTORY" + - Autotools: Use -Werror while configure tests the compiler for + supported compile flags to avoid false positives + - Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, e.g. + ensure that they have the last word over flags added while + running ./configure + - CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis + on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t) + - CMake: Detect and deny unsupported build combinations + involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t) + - CMake: Install pre-compiled shipped xmlwf.1 manpage in case + of -DEXPAT_BUILD_DOCS=OFF + - CMake: Fix use of Expat by means of add_subdirectory + - CMake: Keep expat target name constant at "expat" (i.e. refrain + from using the target name to control build artifact filenames) + - CMake: Expose man page compilation as target "xmlwf-manpage" + - CMake: Introduce option EXPAT_BUILD_PKGCONFIG to control + generation of pkg-config file "expat.pc" + - CMake: Add minimalistic support for building binary packages + with CMake target "package"; based on CPack + - CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with default + OFF to build fuzzer code against OSS-Fuzz and related + environment variable LIB_FUZZING_ENGINE + - Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF + - Address compiler warnings + - Address pngcheck warnings with doc/*.png images: Version info + bumped from 7:11:6 to 7:12:6 + +- Version update to 2.2.9 + * Other changes: + - examples: Drop executable bits from elements.c + [#349] Windows: Change the name of the Windows DLLs from expat*.dll + to libexpat*.dll once more (regression from 2.2.8, first + fixed in 1.95.3, issue #61 on SourceForge today, + was issue #432456 back then); needs a fix due + case-insensitive file systems on Windows and the fact that + Perl's XML::Parser::Expat compiles into Expat.dll. + [#347] Windows: Only define _CRT_RAND_S if not defined + Version info bumped from 7:10:6 to 7:11:6 + +- Version update to 2.2.8 + * Security fixes: (CVE-2019-15903, bsc#1149429) + - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber + (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype; + * Bug fixes: + - Fix cases where XML_StopParser did not have any effect + when called from inside of an end element handler + - xmlwf: Fix exit code for operation without "-d DIRECTORY"; + previously, only "-d DIRECTORY" would give you a proper exit code: + Now both cases return exit code 2. + * Other changes: + - examples: Improve elements.c + - Autotools: Add argument --enable-xml-attr-info + - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom + - Autotools: Fix linking issues with "./configure LD=clang" + - Autotools: Fix "make run-xmltest" for out-of-source builds + - CMake: Pull all options from Expat <=2.2.7 into namespace + - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF + - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF + - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF + - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO + - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO + - CMake: Install expat_config.h to include directory + - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..]) + - CMake: Now produces a summary of applied configuration + - CMake: Require C++ compiler only when tests are enabled + - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON) + - CMake: Port "make run-xmltest" from GNU Autotools to CMake + - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF +- Removed patches fixed in the update: + * expat-CVE-2019-15903.patch + * expat-CVE-2019-15903-tests.patch + +- Security fix (CVE-2019-15903, bsc#1149429) + * Crafted XML input results in heap-based buffer over-read by fooling + the parser into changing from DTD parsing to document parsing + * Added patches: + - expat-CVE-2019-15903.patch + - expat-CVE-2019-15903-tests.patch + +- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937) + * Security fixes: + - CVE-2018-20843 - Fix extraction of namespace prefixes from + XML names; XML names with multiple colons could end up in + the wrong namespace, and take a high amount of RAM and CPU + resources while processing, opening the door to use for + denial-of-service attacks + * Other changes: + - Autotools/CMake: Utilize -fvisibility=hidden to stop + exporting non-API symbols + - Autotools: Add --without-examples and --without-tests + - Autotools: Modernize configure.ac + - Autotools: Fix check for -fvisibility=hidden for Clang + - Autotools: Fix compilation for lack of docbook2x-man + - CMake: Make libdir of pkgconfig expat.pc support multilib + - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR + - Remove fallback to bcopy, assume that memmove(3) exists +- Removed expat-2.2.6-fix-make-clean.patch + +- Add expat-2.2.6-fix-make-clean.patch +- Allow profile guided optimization again + +- Drop docbook2x dependency, the manpages are generated in + the upstream archive and this way we break buildcycle + +- Version update to 2.2.6 Sun August 12 2018 + * Bug fixes: + - Avoid doing arithmetic with NULL pointers in XML_GetBuffer + - Fix 2.2.5 regression with suspend-resume while parsing + a document like '' + * Other changes: + - Autotools: Fix docbook-related configure syntax error + - Autotools: Avoid grep option `-q` for Solaris + - Autotools: Support + ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation" + - Autotools: Support DOCBOOK_TO_MAN command which produces + xmlwf.1 rather than XMLWF.1; also covers case insensitive + file systems + - Autotools: Drop -rpath option passed to libtool + - Autotools: Detect and deny SGML docbook2man as ours is XML + - Autotools/CMake: Support command db2x_docbook2man as well + - CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF + - CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF + - CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T, + both defaulting to OFF + - CMake: Prefer check_symbol_exists over check_function_exists + - CMake: Create the same pkg-config file as with GNU Autotools + - CMake: Use GNUInstallDirs module to set proper defaults for + install directories + - CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM + - Address compiler warnings + - Fix miscellaneous typos + +- Expand description of expat-devel. + +- Do not generate manpages from docbook +- Temporarily disable profiling due to bug in build system + +- Version update to 2.2.5 Tue October 31 2017 + * Bug fixes: + - If the parser runs out of memory, make sure its internal + state reflects the memory it actually has, not the memory + it wanted to have. + - The default handler wasn't being called when it should for + a SYSTEM or PUBLIC doctype if an entity declaration handler + was registered. + - Fix a case of mistakenly reported parsing success where + XML_StopParser was called from an element handler + - Function XML_ErrorString was returning NULL rather than + a message for code XML_ERROR_INVALID_ARGUMENT + introduced with release 2.2.1 + * Other changes: + - Add argument -N adding notation declarations + - various compiler-specific fixes + - Improve docbook2x-man detection +- drop expat-docbook.patch + * fixed in 0f5186c7b8e503c669e332d944712de010b265f3 +- switch to github for release tarballs and website + +- Version update to 2.2.4 Sat August 19 2017 + * Bug fixes: + [#115] Fix copying of partial characters for UTF-8 input + * Other changes: + [#109] Fix "make check" for non-x86 architectures that default + to unsigned type char (-128..127 rather than 0..255) + [#109] coverage.sh: Cover -funsigned-char + Autotools: Introduce --without-xmlwf argument + [#65] Autotools: Replace handwritten Makefile with GNU Automake + [#43] CMake: Auto-detect high quality entropy extractors, add new + option USE_libbsd=ON to use arc4random_buf of libbsd + [#74] CMake: Add -fno-strict-aliasing only where supported + [#114] CMake: Always honor manually set BUILD_* options + [#114] CMake: Compile man page if docbook2x-man is available, only + [#117] Include file tests/xmltest.log.expected in source tarball + (required for "make run-xmltest") + [#111] Fix some typos in documentation + Version info bumped from 7:5:6 to 7:6:6 +- Release 2.2.3 Wed August 2 2017 + * Bug fixes: + [#85] Fix a dangling pointer issue related to realloc + * Other changes: + [#91] Linux: Allow getrandom to fail if nonblocking pool has not + yet been initialized and read /dev/urandom then, instead. + This is in line with what recent Python does. + [#86] Check that a UTF-16 encoding in an XML declaration has the + right endianness + [#4] #5 #7 Recover correctly when some reallocations fail + Repair "./configure && make" for systems without any + provider of high quality entropy + and try reading /dev/urandom on those + Ensure that user-defined character encodings have converter + functions when they are needed + Fix mis-leading description of argument -c in xmlwf.1 + Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__) + for CloudABI + [#100] Fix use of SIPHASH_MAIN in siphash.h + [#23] Test suite: Fix memory leaks + Version info bumped from 7:4:6 to 7:5:6 +- Release 2.2.2 Wed July 12 2017 + * Security fixes: + [#43] Protect against compilation without any source of high + quality entropy enabled, e.g. with CMake build system; + * [MOX-006] Fix non-NULL parser parameter validation in XML_Parse; + resulted in NULL dereference, previously; + * Bug fixes: + [#69] Fix improper use of unsigned long long integer literals + * Other changes: + [#73] Start requiring a C99 compiler + [#49] Fix "==" Bashism in configure script + [#58] Address compile warnings + [#68] Fix "./buildconf.sh && ./configure" for some versions + of Dash for /bin/sh + [#72] CMake: Ease use of Expat in context of a parent project + with multiple CMakeLists.txt files + [#72] CMake: Resolve mistaken executable permissions + [#76] Address compile warning with -DNDEBUG (not recommended!) + [#77] Address compile warning about macro redefinition + * Added patch expat-docbook.patch to compile the man pages with + docbook-to-man + * Cleaned spec file with spec-cleaner + +- Allow building when do_profiling is undefined + +- Build with profiling when possible + +- Version update to 2.2.1 Sat June 17 2017 + - Security fixes: + CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS + Details: https://libexpat.github.io/doc/cve-2017-9233/ + Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f + - [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow; + (Fixed version of existing downstream patches!) + - (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off + longer tag names; + [#25] More integer overflow detection (function poolGrow); + - [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; + - [MOX-005] #30 Use high quality entropy for hash initialization: + * arc4random_buf on BSD, systems with libbsd + (when configured with --with-libbsd), CloudABI + * RtlGenRandom on Windows XP / Server 2003 and later + * getrandom on Linux 3.17+ + In a way, that's still part of CVE-2016-5300. + https://github.com/libexpat/libexpat/pull/30/commits + - [MOX-005] For the low quality entropy extraction fallback code, + the parser instance address can no longer leak, + - [MOX-003] Prevent use of uninitialised variable; commit + - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b + Add missing parameter validation to public API functions + and dedicated error code XML_ERROR_INVALID_ARGUMENT: + - [MOX-006] * NULL checks; commits + * Negative length (XML_Parse); commit + - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f + - [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash + to go further with fixing CVE-2012-0876. + https://github.com/libexpat/libexpat/pull/39/commits + - Bug fixes: + [#32] Fix sharing of hash salt across parsers; + relevant where XML_ExternalEntityParserCreate is called + prior to XML_Parse, in particular (e.g. FBReader) + [#28] xmlwf: Auto-disable use of memory-mapping (and parsing + as a single chunk) for files larger than ~1 GB (2^30 bytes) + rather than failing with error "out of memory" + [#3] Fix double free after malloc failure in DTD code; commit + 7ae9c3d3af433cd4defe95234eae7dc8ed15637f + [#17] Fix memory leak on parser error for unbound XML attribute + prefix with new namespaces defined in the same tag; + found by Google's OSS-Fuzz; commits + xmlwf on Windows: Add missing calls to CloseHandle + - New features: + [#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1 + for runtime debugging of entropy extraction + Bump version info from 7:2:6 to 7:3:6 + +- Remove pointless --with-pic (for static only) + +- Version update to 2.2.0: + * Fixes bnc#983215 CVE-2012-6702 + * Fixes bnc#983216 CVE-2016-5300 + * Various cmake and autotools script updates + * Fix detection of utf8 character boundaries +- Remove all patches merged upstream: + * expat-2.1.1-avoid_relying_on_undef_behaviour.patch + * expat-2.1.1-parser_crashes_on_malformed_input.patch + * expat-alloc-size.patch + * expat-visibility.patch + +- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid + relying on undefined behavior in the original CVE-2015-1283 fix + [bnc#980391], [bnc#983985], [CVE-2016-4472] +- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix + Expat XML parser that mishandles certain kinds of malformed input + documents [bnc#979441], [CVE-2016-0718] +- use spec-cleaner to clean specfile + +- After simplification of expat-visibility.patch, it became + uneffective as no symbols are getting hidden. add + - fvisibility=hidden to CFLAGS again. +- expat-alloc-size.patch: fix braino, realloc()-like functions + should not take __attribute__(malloc) + +- Update to version 2.1.1 + * Fixes CVE-2015-1283 — Multiple integer overflows in the + XML_GetBuffer function + * Fix potential null pointer dereference + * Symbol XML_SetHashSalt was not exported + * Output of xmlwf -h was incomplete + * Document behavior of calling XML_SetHashSalt with salt 0 + * Minor improvements to man page xmlwf(1) +- Simplify expat-visibility.patch, refresh expat-alloc-size.patch +- Drop config-guess-sub-update.patch, fixed upstream. + +- Cleanup spec file with spec-cleaner +- Remove old ppc obsoletes/provides + glibc +- x86-shared-non-temporal-threshold.patch: Reversing calculation of + __x86_shared_non_temporal_threshold (bsc#1201942) + +- memcmp-power10.patch: powerpc: Optimized memcmp for power10 + (jsc#PED-987) + gnutls -- Security fix: [bsc#1202020, CVE-2022-2509] - * Fixed double free during verification of pkcs7 signatures - * Add gnutls-CVE-2022-2509.patch - -- FIPS: - * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979] - - gnutls_fips140_run_self_tests now properly releases fips_context - -- FIPS: - * Add gnutls_ECDSA_signing.patch [bsc#1190698] - - Check minimum keylength for symmetric key generation - - Only allows ECDSA signature with valid set of hashes - (SHA2 and SHA3) - * Add gnutls-FIPS-force-self-test.patch [bsc#1198979] - - Provides interface for running library self tests on-demand - - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598 - -- FIPS: Make sure zeroization is performed in all API functions - * Add gnutls-zeroization-API-functions.patch [bsc#1191021] - * Upsream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1573 - -- FIPS: Add missing requirements for the SLI [bsc#1190698] - * Remove 3DES from FIPS approved algorithms: - - gnutls-Remove-3DES-from-FIPS-approved-algos.patch - - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1570 - * DRBG service (gnutls_rnd) should be considered approved: - - gnutls-Add-missing-FIPS-service-indicator-transitions.patch - - gnutls-Add-missing-FIPS-service-indicator-transitions-tests.patch - - gnutls-pkcs12-tighten-algorithm-checks-under-FIPS.patch - - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569 - -- FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907] - * Add gnutls-FIPS-Mark-HKDF-and-AES-GCM-as-approved-when-used-in-TLS.patch - * Upstream issue: https://gitlab.com/gnutls/gnutls/issues/1311 - -- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669] - * The IG 10.3.A and SP800-132 require some minimum parameters for - the salt length, password length and iteration count. These - parameters should be also used in the KAT. - * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch - * Upstream: https://gitlab.com/gnutls/gnutls/merge_requests/1561 -- Enable to run the regression tests also in FIPS mode. - -- Update to 3.7.3: [bsc#1190698, bsc#1190796] - * libgnutls: The allowlisting configuration mode has been added - to the system-wide settings. In this mode, all the algorithms - are initially marked as insecure or disabled, while the - applications can re-enable them either through the [overrides] - section of the configuration file or the new API (#1172). - * The build infrastructure no longer depends on GNU AutoGen for - generating command-line option handling, template file parsing - in certtool, and documentation generation (#773, #774). This - change also removes run-time or bundled dependency on the - libopts library, and requires Python 3.6 or later to regenerate - the distribution tarball. Note that this brings in known backward - incompatibility in command-line tools, such as long options are - now case sensitive, while previously they were treated in a case - insensitive manner: for example --RSA is no longer a valid option - of certtool. The existing scripts using GnuTLS tools may need - adjustment for this change. - * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded - and used as a gnutls_privkey_t (#594). The code was originally written - for the OpenConnect VPN project by David Woodhouse. To generate such - blobs, use the tpm2tss-genkey tool from tpm2-tss-engine: - https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations - or the tpm2_encodeobject tool from unreleased tpm2-tools. - * libgnutls: The library now transparently enables Linux KTLS (kernel - TLS) when the feature is compiled in with --enable-ktls configuration - option (#1113). If the KTLS initialization fails it automatically falls - back to the user space implementation. - * certtool: The certtool command can now read the Certificate Transparency - (RFC 6962) SCT extension (#232). New API functions are also provided to - access and manipulate the extension values. - * certtool: The certtool command can now generate, manipulate, and evaluate - x25519 and x448 public keys, private keys, and certificates. - * libgnutls: Disabling a hashing algorithm through "insecure-hash" - configuration directive now also disables TLS ciphersuites that use it - as a PRF algorithm. - * libgnutls: PKCS#12 files are now created with modern algorithms by default - (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and - HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with - PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the - default PBKDF2 iteration count has been increased to 600000. - * libgnutls: PKCS#12 keys derived using GOST algorithm now uses - HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, - to conform with the latest TC-26 requirements (#1225). - * libgnutls: The library now provides a means to report the status - of approved cryptographic operations (!1465). To adhere to the - FIPS140-3 IG 2.4.C., this complements the existing mechanism to - prohibit the use of unapproved algorithms by making the library - unusable state. - * gnutls-cli: The gnutls-cli command now provides a --list-config - option to print the library configuration (!1508). - * libgnutls: Fixed possible race condition in - gnutls_x509_trust_list_verify_crt2 when a single trust list object - is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17, - CVSS: low] - * API and ABI modifications: - GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in - gnutls_privkey_flags_t - GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in - gnutls_certificate_verify_flags - gnutls_ecc_curve_set_enabled: Added. - gnutls_sign_set_secure: Added. - gnutls_sign_set_secure_for_certs: Added. - gnutls_digest_set_secure: Added. - gnutls_protocol_set_enabled: Added. - gnutls_fips140_context_init: New function - gnutls_fips140_context_deinit: New function - gnutls_fips140_push_context: New function - gnutls_fips140_pop_context: New function - gnutls_fips140_get_operation_state: New function - gnutls_fips140_operation_state_t: New enum - gnutls_transport_is_ktls_enabled: New function - gnutls_get_library_configuration: New function - * Remove patches fixed in the update: - - gnutls-FIPS-module-version.patch - - gnutls-FIPS-service-indicator.patch - - gnutls-FIPS-service-indicator-public-key.patch - - gnutls-FIPS-service-indicator-symmetric-key.patch - - gnutls-FIPS-RSA-PSS-flags.patch - - gnutls-FIPS-RSA-mod-sizes.patch - -- FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468] - * Add gnutls-FIPS-disable-failing-tests.patch - * Remove patches: - - gnutls-temporarily_disable_broken_guile_reauth_test.patch - - gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - - disable-psk-file-test.patch - -- FIPS: Provide module identifier and version [bsc#1190796] - * Add configurable options to output the module name/identifier - (--with-fips140-module-name) and the module version - (--with-fips140-module-version). - * Add the CLI option list-config that reports the configuration - of the library. - * Add gnutls-FIPS-module-version.patch - -- FIPS: Provide a service-level indicator [bsc#1190698] - * Add support for a "service indicator" as required in - the FIPS140-3 Implementation Guidance in section 2.4.C - * Add patches: - - gnutls-FIPS-service-indicator.patch - - gnutls-FIPS-service-indicator-public-key.patch - - gnutls-FIPS-service-indicator-symmetric-key.patch - - gnutls-FIPS-RSA-PSS-flags.patch - -- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008] - * fips: allow more RSA modulus sizes - * Add gnutls-FIPS-RSA-mod-sizes.patch - * Delete gnutls-3.6.7-fips-rsa-4096.patch - -- Drop bogus condition "> 1550": that would mean 'more recent than - Tumbleweed' which is technically impossible, as Tumbleweed is the - leading project (and the condition causes issues as Tumbleweed - needs to move away from 1550 due to CODE 15 SP5 plans). - -- Add crypto-policies support in SLE-15-SP4 [jsc#SLE-20287] - -- Account for the libnettle soname bump [jsc#SLE-19765] - -- Update to 3.7.2 in SLE-15-SP4: [jsc#SLE-19765, jsc#SLE-18139] - - Add gnutls-temporarily_disable_broken_guile_reauth_test.patch - - Rebased patches: - * disable-psk-file-test.patch - * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - * gnutls-fips_mode_enabled.patch - - Remove patches merged upstream: - * gnutls-CVE-2020-11501.patch - * gnutls-CVE-2020-13777.patch - * gnutls-CVE-2020-24659.patch - * gnutls-CVE-2021-20231.patch - * gnutls-CVE-2021-20232.patch - * gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch - * gnutls-fips_XTS_key_check.patch - * 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch - * 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch - * 0003-x509-trigger-fallback-verification-path-when-cert-is.patch - * 0004-tests-add-test-case-for-certificate-chain-supersedin.patch - * 0001-Add-Full-Public-Key-Check-for-DH.patch - * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch - * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch - * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch - * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch - * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch - * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch - * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch - * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch - * 0001-dh-check-validity-of-Z-before-export.patch - * 0002-ecdh-check-validity-of-P-before-export.patch - * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch - * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch - * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch - * 0001-Vendor-in-XTS-functionality-from-Nettle.patch - * 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch - * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - * gnutls-3.6.7-fix-FTBFS-2024.patch - * gnutls-3.6.7-reproducible-date.patch - -- Update to version 3.7.2 - * Added Linux kernel AF_ALG based acceleration - * Fixed timing of early data exchange - * The priority string option DISABLE_TLS13_COMPAT_MODE was added - to disable TLS 1.3 middlebox compatibility mode - * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to - GNUTLS_NO_IMPLICIT_INIT to reflect the purpose - * certtool: - * When signing a CSR, CRL distribution point (CDP) is no - longer copied from the signing CA by default - * When producing certificates and certificate requests, subject - DN components that are provided individually will now be - ordered by assumed scale - -- Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579) -- Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218) - -- Security fix: [bsc#1183456, CVE-2021-20232] - * A use after free issue in client_send_params - in lib/ext/pre_shared_key.c may lead to memory - corruption and other potential consequences. -- Add gnutls-CVE-2021-20232.patch - -- Security fix: [bsc#1183457, CVE-2021-20231] - * A use after free issue in client sending key_share extension - may lead to memory corruption and other consequences. -- Add gnutls-CVE-2021-20231.patch - -- Update to 3.7.1: - [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231] - * Fixed potential use-after-free in sending "key_share" and - "pre_shared_key" extensions. - * Fixed a regression in handling duplicated certs in a chain. - * Fixed sending of session ID in TLS 1.3 middlebox compatibility - mode. In that mode the client shall always send a non-zero - session ID to make the handshake resemble the TLS 1.2 - resumption; this was not true in the previous versions. - * Removed dependency on the external 'fipscheck' package, - when compiled with --enable-fips140-mode. - * Added padlock acceleration for AES-192-CBC. -- Remove patches upstream: - * gnutls-gnutls-cli-debug.patch - * gnutls-ignore-duplicate-certificates.patch - * gnutls-test-fixes.patch - -- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565] - * Don't unset system priority settings in gnutls-cli-debug.sh - * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387 -- Add gnutls-gnutls-cli-debug.patch - -- Fix: Test certificates in tests/testpkcs11-certs have expired - * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135 -- Add gnutls-test-fixes.patch - -- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates - * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131 -- Add gnutls-ignore-duplicate-certificates.patch - -- Update to 3.7.0 - * Depend on nettle 3.6 - * Added a new API that provides a callback function to retrieve - missing certificates from incomplete certificate chains - * Added a new API that provides a callback function to output the - complete path to the trusted root during certificate chain - verification - * OIDs exposed as gnutls_datum_t no longer account for the - terminating null bytes, while the data field is null terminated. - The affected API functions are: gnutls_ocsp_req_get_extension, - gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension - * Added a new set of API to enable QUIC implementation - * The crypto implementation override APIs deprecated in 3.6.9 are - now no-op - * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support - * Support for padlock has been fixed to make it work with Zhaoxin CPU - * The maximum PIN length for PKCS #11 has been increased from 31 - bytes to 255 bytes -- Remove patch fixed upstream: - * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch -- Fix threading bug in libgnutls [bsc#1173434] - * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044 - -- Avoid spurious audit messages about incompatible signature algorithms - (bsc#1172695) - * add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch - -- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch -- FIPS: Add TLS KDF selftest (bsc#1176671) - * add gnutls-FIPS-TLS_KDF_selftest.patch - -- Escape rpm command %%expand when used in comment. - -- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch - -- FIPS: Add TLS KDF selftest (bsc#1176671) - * add gnutls-FIPS-TLS_KDF_selftest.patch - -- Fix heap buffer overflow in handshake with no_renegotiation alert sent - * CVE-2020-24659 (bsc#1176181) -- add gnutls-CVE-2020-24659.patch - -- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) -- add patches - * 0001-Add-Full-Public-Key-Check-for-DH.patch - * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch - * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch - * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch - * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch - * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch - * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch - * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch - * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch - * 0001-dh-check-validity-of-Z-before-export.patch - * 0002-ecdh-check-validity-of-P-before-export.patch - * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch - * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch - * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch -- drop obsolete gnutls-3.6.7-fips_DH_ECDH_key_tests.patch - -- Update to 3.6.15 - * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing. - [GNUTLS-SA-2020-09-04, CVSS: medium] - * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now - indicates that with a false return value (!1306). - * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked - accordingly to SP800-56A rev 3 (!1295, !1299). - * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than - the size of the internal base64 blob (#1025). - * libgnutls: Certificate verification failue due to OCSP must-stapling is not - honered is now correctly marked with the GNUTLS_CERT_INVALID flag - * libgnutls: The audit log message for weak hashes is no longer printed twice - * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is - disabled in the priority string. Previously, even when TLS 1.2 is explicitly - disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is - enabled (#1054). -- drop upstreamed patches: - * gnutls-detect_nettle_so.patch - * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch - -- Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666) - * add gnutls-detect_nettle_so.patch - -- Fix a memory leak that could lead to a DoS attack against Samba - servers (bsc#1172663) - * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch -- Temporarily disable broken guile reauth test (bsc#1171565) - * add gnutls-temporarily_disable_broken_guile_reauth_test.patch - -- GNUTLS-SA-2020-06-03 (Fixed insecure session ticket key construction) - The TLS server would not bind the session ticket encryption key with a - value supplied by the application until the initial key rotation, allowing - attacker to bypass authentication in TLS 1.3 and recover previous - conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) - * add patches: - + gnutls-CVE-2020-13777.patch -- Fixed handling of certificate chain with cross-signed intermediate - CA certificates (#1008). (bsc#1172461) - * add patches: - + 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch - + 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch - + 0003-x509-trigger-fallback-verification-path-when-cert-is.patch - + 0004-tests-add-test-case-for-certificate-chain-supersedin.patch - -- Update to 3.6.14 - * libgnutls: Fixed insecure session ticket key construction, since 3.6.4. - The TLS server would not bind the session ticket encryption key with a - value supplied by the application until the initial key rotation, allowing - attacker to bypass authentication in TLS 1.3 and recover previous - conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777) - [GNUTLS-SA-2020-06-03, CVSS: high] - * libgnutls: Fixed handling of certificate chain with cross-signed - intermediate CA certificates (#1008). (bsc#1172461) - * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997). - * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName - (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority - Key Identifier (AKI) properly (#989, #991). - * certtool: PKCS #7 attributes are now printed with symbolic names (!1246). - * libgnutls: Use accelerated AES-XTS implementation if possible (!1244). - Also both accelerated and non-accelerated implementations check key block - according to FIPS-140-2 IG A.9 (!1233). - * libgnutls: Added support for AES-SIV ciphers (#463). - * libgnutls: Added support for 192-bit AES-GCM cipher (!1267). - * libgnutls: No longer use internal symbols exported from Nettle (!1235) - * API and ABI modifications: - GNUTLS_CIPHER_AES_128_SIV: Added - GNUTLS_CIPHER_AES_256_SIV: Added - GNUTLS_CIPHER_AES_192_GCM: Added - gnutls_pkcs7_print_signature_info: Added -- Add key D605848ED7E69871: public key "Daiki Ueno " to - the keyring -- Drop gnutls-fips_correct_nettle_soversion.patch (upstream) - -- Add RSA 4096 key generation support in FIPS mode (bsc#1171422) - * add gnutls-3.6.7-fips-rsa-4096.patch - -- Don't check for /etc/system-fips which we don't have (bsc#1169992) - * add gnutls-fips_mode_enabled.patch - -- Backport AES XTS support (bsc#1168835) - * add 0001-Vendor-in-XTS-functionality-from-Nettle.patch - * add gnutls-fips_XTS_key_check.patch - -- Use correct nettle .so version when looking for a FIPS checksum - (bsc#1166635) - * add gnutls-fips_correct_nettle_soversion.patch - -- Update to 3.6.13 - * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support) - The DTLS client would not contribute any randomness to the DTLS negotiation, - breaking the security guarantees of the DTLS protocol (#960) - [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345) - * libgnutls: Added new APIs to access KDF algorithms (#813). - * libgnutls: Added new callback gnutls_keylog_func that enables a custom - logging functionality. - * libgnutls: Added support for non-null terminated usernames in PSK - negotiation (#586). - * gnutls-cli-debug: Improved support for old servers that only support - SSL 3.0. - -- Fix zero random value in DTLS client hello - (CVE-2020-11501, bsc#1168345) - * add gnutls-CVE-2020-11501.patch - -- Split off FIPS checksums into a separate libgnutls30-hmac - subpackage (bsc#1152692) - * update baselibs.conf - -- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue - * No longer truncate output IV if input is shorter than block size. - * Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch - -- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test - * Added Diffie Hellman public key verification test. - * gnutls-3.6.7-fips_DH_ECDH_key_tests.patch - -- gnutls 3.6.12 - * libgnutls: Introduced TLS session flag (gnutls_session_get_flags()) - to identify sessions that client request OCSP status request (#829). - * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448 - signature algorithm (RFC 8032) under TLS (#86). - * libgnutls: Added the default-priority-string option to system configuration; - it allows overriding the compiled-in default-priority-string. - * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by - draft-smyshlyaev-tls12-gost-suites-07). - By default this ciphersuite is disabled. It can be enabled by adding - +GOST to priority string. In the future this priority string may enable - other GOST ciphersuites as well. Note, that server will fail to negotiate - GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It - is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites - are enabled on GnuTLS-based servers. - * libgnutls: added priority shortcuts for different GOST categories like - CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. - * libgnutls: Reject certificates with invalid time fields. That is we reject - certificates with invalid characters in Time fields, or invalid time formatting - To continue accepting the invalid form compile with --disable-strict-der-time - * libgnutls: Reject certificates which contain duplicate extensions. We were - previously printing warnings when printing such a certificate, but that is - not always sufficient to flag such certificates as invalid. Instead we now - refuse to import them (#887). - * libgnutls: If a CA is found in the trusted list, check in addition to - time validity, whether the algorithms comply to the expected level prior - to accepting it. This addresses the problem of accepting CAs which would - have been marked as insecure otherwise (#877). - * libgnutls: The min-verification-profile from system configuration applies - for all certificate verifications, not only under TLS. The configuration can - be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable. - * libgnutls: The stapled OCSP certificate verification adheres to the convention - used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag. - * libgnutls: On client side only send OCSP staples if they have been requested - by the server, and on server side always advertise that we support OCSP stapling - * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible - with gnutls_ocsp_req_t but const. - * certtool: Added the --verify-profile option to set a certificate - verification profile. Use '--verify-profile low' for certificate verification - to apply the 'NORMAL' verification profile. - * certtool: The add_extension template option is considered even when generating - a certificate from a certificate request. - -- gnutls 3.6.11.1: - * libgnutls: Corrected issue with TLS 1.2 session ticket - handling as client during resumption - * libgnutls: gnutls_base64_decode2() succeeds decoding the empty - string to the empty string. This is a behavioral change of the - API but it conforms to the RFC4648 expectations - * libgnutls: Fixed AES-CFB8 implementation, when input is shorter - than the block size. Fix backported from nettle. - * certtool: CRL distribution points will be set in CA - certificates even when non self-signed - * gnutls-cli/serv: added raw public-key handling capabilities - (RFC7250). Key material can be set via the --rawpkkeyfile and - - -rawpkfile flags. - -- gnutls 3.6.10: - * Add support for deterministic ECDSA/DSA (RFC6979) - * Add functions for in-place encryption/decryption of data buffers - * server now selects the highest TLS protocol version, if TLS 1.3 - is enabled and the client advertises an older protocol version - first - * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode - and MAC generation based on GOST 28147-89 (IMIT) - * certtool: when outputting an encrypted private key do not - insert the textual description of it - -- Install checksums for binary integrity verification which are - required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - -- gnutls 3.6.9: - * add support for copying digest or MAC contexts - * Mark the crypto implementation override APIs as deprecated - * Add support for AES-GMAC, as a separate to GCM, MAC algorithm - * Add support for Generalname registeredID - * The priority configuration was enhanced to allow more elaborate - system-wide configuration of the library -- includes changes from 3.6.8: - * Add support for AES-XTS cipher - * Fix calculation of Streebog digests - * During Diffie-Hellman operations in TLS, verify that the peer's - public key is on the right subgroup (y^q=1 mod p), when q is - available (under TLS 1.3 and under earlier versions when RFC7919 - parameters are used). - * Apply STD3 ASCII rules in gnutls_idna_map() to prevent - hostname/domain crafting via IDNA conversion - * certtool: allow the digital signature key usage flag in CA - certificates - * gnutls-cli/serv: add the --keymatexport and --keymatexportsize - options. These allow testing the RFC5705 using these tools -- drop patches to re-enable tests: - * disable-psk-file-test.patch - * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - -- Explicitly require libnettle 3.4.1 (bsc#1134856) - * The RSA decryption code was rewritten in GnuTLS 3.6.5 in order - to fix CVE-2018-16868, the new implementation makes use of a new - rsa_sec_decrypt() function introduced in libnettle 3.4.1 - * libnettle was recently updated to the 3.4.1 version but we need - to add explicit dependency on it to prevent missing symbol errors - with the older versions - -- Restored autoreconf in build. -- Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch - since the version requirements of required libraries are once again - automatically determined. -- Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a - better patch name for handling the '--with-guile-site-dir=' problem in - 3.6.7. - -- Trim useless %if..%endif guards that do not affect the build. -- Fix language errors in description again. - -- Update gnutls to 3.6.7 - * * libgnutls, gnutls tools: Every gnutls_free() will automatically set - the free'd pointer to NULL. This prevents possible use-after-free and - double free issues. Use-after-free will be turned into NULL dereference. - The counter-measure does not extend to applications using gnutls_free(). - * * libgnutls: Fixed a memory corruption (double free) vulnerability in the - certificate verification API. Reported by Tavis Ormandy; addressed with - the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829) - * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; - Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836) - * * libgnutls: enforce key usage limitations on certificates more actively. - Previously we would enforce it for TLS1.2 protocol, now we enforce it - even when TLS1.3 is negotiated, or on client certificates as well. When - an inappropriate for TLS1.3 certificate is seen on the credentials structure - GnuTLS will disable TLS1.3 support for that session (#690). - * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to - two. This makes it easier for clients which perform multiple connections - to the server to use the tickets sent by a default server. - * * libgnutls: enforce the equality of the two signature parameters fields in - a certificate. We were already enforcing the signature algorithm, but there - was a bug in parameter checking code. - * * libgnutls: fixed issue preventing sending and receiving from different - threads when false start was enabled (#713). - * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable - session, as non-writeable security officer sessions are undefined in PKCS#11 - (#721). - * * libgnutls: no longer send downgrade sentinel in TLS 1.3. - Previously the sentinel value was embedded to early in version - negotiation and was sent even on TLS 1.3. It is now sent only when - TLS 1.2 or earlier is negotiated (#689). - * * gnutls-cli: Added option --logfile to redirect informational messages output. -- Disabled dane support since dane is not shipped with SLE-15 -- Changed configure script to hardware guile site directory since command-line - option '--with-guile-site-dir=' was removed from the configure script in 3.6.7. - * * Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch -- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix - compilation issues on PPC -- Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification - and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868) - -- FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3 - * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits - on the public key (#640). - * * libgnutls: Added support for raw public-key authentication as defined in RFC7250. - Raw public-keys can be negotiated by enabling the corresponding certificate - types via the priority strings. The raw public-key mechanism must be explicitly - enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). - * * libgnutls: When on server or client side we are sending no extensions we do - not set an empty extensions field but we rather remove that field competely. - This solves a regression since 3.5.x and improves compatibility of the server - side with certain clients. - * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if - the CKA_SIGN is not set (#667). - * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely - disable extensions at all cases, while providing a functional session. This - also implies that when specified, TLS1.3 is disabled. - * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. - The previous definition was non-functional (#609). - * Removed patches: - 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch - 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch - 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch - 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch - * Added Patches: - * * disable failing psk-file test (race condition): - disable-psk-file-test.patch - * * Patch configure script to accept specific versions of autotools and guile - that are present in SUSE-SLE15. (A bug prevents configure from accepting - a range of compatible versions. Upstream's solution is to hardwire for - the most current versions.) - gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch - * Modified: - * * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch -- drop no longer needed gnutls-enbale-guile-2.2.patch -- refresh disable-psk-file-test.patch - -- Update to 3.6.5 - * * libgnutls: Provide the option of transparent re-handshake/reauthentication - when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). - * * libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) - * * libgnutls: The priority functions will ignore and not enable TLS1.3 if - requested with legacy TLS versions enabled but not TLS1.2. That is because - if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) - servers which do not support TLS1.3 will negotiate TLS1.2 which will be - rejected by the client as disabled (#621). - * * libgnutls: Change RSA decryption to use a new side-channel silent function. - This addresses a security issue where memory access patterns as well as timing - on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher - attacks. Side-channel resistant code is slower due to the need to mask - access and timings. When used in TLS the new functions cause RSA based - handshakes to be between 13% and 28% slower on average (Numbers are indicative, - the tests where performed on a relatively modern Intel CPU, results vary - depending on the CPU and architecture used). This change makes nettle 3.4.1 - the minimum requirement of gnutls (#630). [CVSS: medium] - * * libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword - in the priority string. It is only accepted as legacy option and is ignored. - * * libgnutls: Added support for EdDSA under PKCS#11 (#417) - * * libgnutls: Added support for AES-CFB8 cipher (#357) - * * libgnutls: Added support for AES-CMAC MAC (#351) - * * libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers - have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D - S-BOXes). They are fixed now. - * * libgnutls: Added support for GOST key unmasking and unwrapped GOST private - keys parsing, as specified in R 50.1.112-2016. - * * gnutls-serv: It applies the default settings when no --priority option is given, - using gnutls_set_default_priority(). - * * p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin - option (#561) - * * certtool: Add parameter --no-text that prevents certtool from outputting - text before PEM-encoded private key, public key, certificate, CRL or CSR. -- minimum required libnettle is now 3.4.1 -- refresh - * disable-psk-file-test.patch - * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - -- search for guile-2.2 during configure, part of boo#1117121 - add patches: - * gnutls-enbale-guile-2.2.patch: search for guile-2.2 - refresh patches: - * disable-psk-file-test.patch: disable psk-file in Makefile.am - -- Temporarily disable failing psk-file test (race condition) - * add disable-psk-file-test.patch - -- Version update to 3.6.4 (bsc#1111757): - * * libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. - * * libgnutls: Corrected regression since 3.6.3 in the callbacks set with - gnutls_certificate_set_retrieve_function() which could not handle the case where - no certificates were returned, or the callbacks were set to NULL (see #528). - * * libgnutls: gnutls_handshake() on server returns early on handshake when no - certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START - is specified. - * * libgnutls: Added session ticket key rotation on server side with TOTP. - The key set with gnutls_session_ticket_enable_server() is used as a - master key to generate time-based keys for tickets. The rotation - relates to the gnutls_db_set_cache_expiration() period. - * * libgnutls: The 'record size limit' extension is added and preferred to the - 'max record size' extension when possible. - * * libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. - This addresses the problem where the CA certificate doesn't have a subject key - identifier whereas the end certificates have an authority key identifier (#569) - * * libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), - gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import - and export GOST parameters in the "native" little endian format used for these - curves. This is an intentional incompatible change with 3.6.3. - * * libgnutls: Added support for seperately negotiating client and server certificate types - as defined in RFC7250. This mechanism must be explicitly enabled via the - GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). -- Drop upstreamed patch: - * gnutls-3.6.3-backport-upstream-fixes.patch - -- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch - test/Makefile.in as autoreconf does not work - -- Backport of upstream fixes (boo#1108450) - * gnutls-3.6.3-backport-upstream-fixes.patch - Fixes taken from upstream commits: - * * 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function") - * * 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks") - * * 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello") - The patch was taken from https://github.com/weechat/weechat/issues/1231 - -- Security update - Improve mitigations against Lucky 13 class of attacks - * "Just in Time" PRIME + PROBE cache-based side channel attack - can lead to plaintext recovery (CVE-2018-10846, bsc#1105460) - * HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of - wrong constant (CVE-2018-10845, bsc#1105459) - * HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not - enough dummy function calls (CVE-2018-10844, bsc#1105437) - * add patches: - 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch - 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch - 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch - 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch - -- Update to 3.6.3 - Fixes security issues: - CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, CVE-2017-10790 - (bsc#1105437, bsc#1105460, bsc#1105459, bsc#1047002) - Other Changes: - * * libgnutls: Introduced support for draft-ietf-tls-tls13-28 - * * libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or - earlier and TLS 1.3. - * * Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. - * * Provide a uniform cipher list across supported TLS protocols - * * The SSL 3.0 protocol is disabled on compile-time by default. - * * libgnutls: Introduced function to switch the current FIPS140-2 operational - mode - * * libgnutls: Introduced low-level function to assist applications attempting client - hello extension parsing, prior to GnuTLS' parsing of the message. - * * libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no - modifications to the certificate. - * * libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups - which are preferred by the server. - * * Improved counter-measures for TLS CBC record padding. - * * Introduced the %FORCE_ETM priority string option. This option prevents the negotiation - of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. - * * libgnutls: gnutls_privkey_import_ext4() was enhanced with the - GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. - * * libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, - gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default - unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API - change for these functions which make them err towards safety. - * * libgnutls: improved aarch64 cpu features detection by using getauxval(). - * * certtool: It is now possible to specify certificate and serial CRL numbers greater - than 2**63-2 as a hex-encoded string both when prompted and in a template file. - Default certificate serial numbers are now fully random. -- don't run autoreconf to avoid pulling in gtk-doc - -- Require pkgconfig(autoopts) for building - -- Simplify the DANE support %ifdef condition - * build with DANE on openSUSE only - -- Adjust RPM groups. Drop %if..%endif guards that are idempotent. - -- build without DANE support on SLE-15, as it doesn't have unbound - (bsc#1086428) - -- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - the dtls-resume test still keeps randomly failing on PPC - -- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - patch does not apply any more and apparently the build - suceeds even if the formerly flaky testcase is run (bsc#1086579) - -- gnutls.keyring: Nikos key refreshed to be unexpired - -- GnuTLS 3.6.2: - * libgnutls: When verifying against a self signed certificate ignore issuer. - That is, ignore issuer when checking the issuer's parameters strength, - resolving issue #347 which caused self signed certificates to be - additionally marked as of insufficient security level. - * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data - MTU calculation now, it correctly accounts for the fixed overhead due to - padding (as 1 byte), while at the same time considers the rest of the - padding as part of data MTU. - * libgnutls: Address issue of loading of all PKCS#11 modules on startup - on systems with a PKCS#11 trust store (as opposed to a file trust store). - Introduced a multi-stage initialization which loads the trust modules, and - other modules are deferred for the first pure PKCS#11 request. - * libgnutls: The SRP authentication will reject any parameters outside - RFC5054. This protects any client from potential MitM due to insecure - parameters. That also brings SRP in par with the RFC7919 changes to - Diffie-Hellman. - * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters - for SRP authentication. - * libgnutls: Addressed issue in the accelerated code affecting - interoperability with versions of nettle >= 3.4. - * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. - * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by - Vitezslav Cizek). - * srptool: the --create-conf option no longer includes 1024-bit parameters. - * p11tool: Fixed the deletion of objects in batch mode. -- Dropped gnutls-check_aes_keysize.patch as it is included upstream now. - -- Use %license (boo#1082318) - -- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303) - * add gnutls-check_aes_keysize.patch - -- GnuTLS 3.6.1: - * Fix interoperability issue with openssl when safe renegotiation - was used - * gnutls_x509_crl_sign, gnutls_x509_crt_sign, - gnutls_x509_crq_sign, were modified to sign with a better - algorithm than SHA1. They will now sign with an algorithm that - corresponds to the security level of the signer's key. - * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() - accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That - will signal the function to auto-detect an appropriate hash - algorithm to use. - * Remove support for signature algorithms using SHA2-224 in TLS. - TLS 1.3 no longer uses SHA2-224 and it was never a widespread - algorithm in TLS 1.2 - * Refuse to use client certificates containing disallowed - algorithms for a session, reverting a change on 3.5.5 - * Refuse to resume a session which had a different SNI advertised - That improves RFC6066 support in server side. - * p11tool: Mark all generated objects as sensitive by default. - * p11tool: added options --sign-params and --hash. This allows - testing signature with multiple algorithms, including RSA-PSS. - -- Disable flaky dtls_resume test on Power - * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch - -- GnuTLS 3.6.0: - * Introduce a lock-free random generator which operates per- - thread and eliminates random-generator related bottlenecks in - multi-threaded operation. - * Replace the Salsa20 random generator with one based on CHACHA. - The goal is to reduce code needed in cache (CHACHA is also - used for TLS), and the number of primitives used by the - library. That does not affect the AES-DRBG random generator - used in FIPS140-2 mode. - * Add support for RSA-PSS key type as well as signatures in - certificates, and TLS key exchange - * Add support for Ed25519 signing in certificates and TLS key - exchange following draft-ietf-tls-rfc4492bis-17 - * Enable X25519 key exchange by default, following - draft-ietf-tls-rfc4492bis-17. - * Add support for Diffie-Hellman group negotiation following - RFC7919. - * Introduce various sanity checks on certificate import - * Introduce gnutls_x509_crt_set_flags(). This function can set - flags in the crt structure. The only flag supported at the - moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the - certificate sanity checks on import. - * PKIX certificates with unknown critical extensions are rejected - on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS - * Refuse to generate a certificate with an illegal version, or an - illegal serial number. That is, gnutls_x509_crt_set_version() - and gnutls_x509_crt_set_serial(), will fail on input considered - to be invalid in RFC5280. - * Call to gnutls_record_send() and gnutls_record_recv() prior to - handshake being complete are now refused - * Add support for PKCS#12 files with no salt (zero length) in - their password encoding, and PKCS#12 files using SHA384 and - SHA512 as MAC. - * libgnutls: Exported functions to encode and decode DSA and ECDSA - r,s values. - * Add new callback setting function to gnutls_privkey_t for - external keys. The new function (gnutls_privkey_import_ext4), - allows signing in addition to previous algorithms (RSA PKCS#1 - 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys. - * Introduce the %VERIFY_ALLOW_BROKEN and - %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These - allows enabling all broken and SHA1-based signature algorithms - in certificate verification, respectively. - * 3DES-CBC is no longer included in the default priorities list. - It has to be explicitly enabled, e.g., with a string like - "NORMAL:+3DES-CBC". - * SHA1 was marked as insecure for signing certificates. - Verification of certificates signed with SHA1 is now considered - insecure and will fail, unless flags intended to enable broken - algorithms are set. Other uses of SHA1 are still allowed. - * RIPEMD160 was marked as insecure for certificate signatures. - Verification of certificates signed with RIPEMD160 hash - algorithm is now considered insecure and will fail, unless - flags intended to enable broken algorithms are set. - * No longer enable SECP192R1 and SECP224R1 by default on TLS - handshakes. These curves were rarely used for that purpose, - provide no advantage over x25519 and were deprecated by TLS 1.3. - * Remove support for DEFLATE, or any other compression method. - * OpenPGP authentication was removed; the resulting library is ABI - compatible, with the openpgp related functions being stubs that - fail on invocation. - Drop gnutls-broken-openpgp-tests.patch, no longer required. - * Remove support for libidn (i.e., IDNA2003); gnutls can now be - compiled only with libidn2 which provides IDNA2008. - * certtool: The option '--load-ca-certificate' can now accept - PKCS#11 URLs in addition to files. - * certtool: The option '--load-crl' can now be used when - generating PKCS#12 files (i.e., in conjunction with '--to-p12' option). - * certtool: Keys with provable RSA and DSA parameters are now - only read and exported from PKCS#8 form, following - draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. - This removes support for the previous a non-standard key format. - * certtool: Added support for generating, printing and handling - RSA-PSS and Ed25519 keys and certificates. - * certtool: the parameters --rsa, --dsa and --ecdsa to - - -generate-privkey are now deprecated, replaced by the - - -key-type option. - * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa - options were replaced by the --generate-privkey option. - * psktool: Generate 256-bit keys by default. - * gnutls-server: Increase request buffer size to 16kb, and added - the --alpn and --alpn-fatal options, allowing testing of ALPN - negotiation. - * Enables FIPS 140-2 mode during build - -- Buildrequire iproute2: the test suite calls /usr/bin/ss and as - such we have to ensure to pull it in. - -- GnuTLS 3.5.15: - * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode - * certtool: Keys with provable RSA and DSA parameters are now - only exported in PKCS#8 form - -- RPM group fix. Diversification of summaries. -- Avoid aims and future plans in description. Say what it does now. - -- Drop the deprecated openssl compat ; discussed and suggested by - vcizek -- Cleanup a bit with spec-cleaner - -- GnuTLS 3.5.14: - * Handle specially HSMs which request explicit authentication - * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs - * do not set leading zeros when copying integers on HSMs - * Fix issue discovering certain OCSP signers, and improved the - discovery of OCSP signer in the case where the Subject Public - Key identifier field matches - * ensure OCSP responses are saved with --save-ocsp even if - certificate verification fails. - -- GnuTLS 3.5.13: - * libgnutls: fixed issue with AES-GCM in-place encryption and - decryption in aarch64 - * libgnutls: no longer parse the ResponseID field of the status - response TLS extension. The field is not used by GnuTLS nor is - made available to calling applications. That addresses a null - pointer dereference on server side caused by packets containing - the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398 - * libgnutls: tolerate certificates which do not have strict DER - time encoding. It is possible using 3rd party tools to generate - certificates with time fields that do not conform to DER - requirements. Since 3.4.x these certificates were rejected and - cannot be used with GnuTLS, however that caused problems with - existing private certificate infrastructures, which were - relying on such certificates. Tolerate reading and using these - certificates. - * minitasn1: updated to libtasn1 4.11. - * certtool: allow multiple certificates to be used in --p7-sign - with the --load-certificate option - -- GnuTLS 3.5.12: - * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches - IP addresses against DNS fields of certificate (CN or DNSname). - The previous behavior was to tolerate some misconfigured - servers, but that was non-standard and skipped any IP - constraints present in higher level certificates. - * libgnutls: when converting to IDNA2008, fallback to IDNA2003 - (i.e., transitional encoding) if the domain cannot be converted. - That provides maximum compatibility with browsers like firefox - that perform the same conversion. - * libgnutls: fix issue in RSA-PSK client callback which resulted - in no username being sent to the peer - * libgnutls: fix regression causing stapled extensions in trust - modules not to be considered. - * certtool: introduced the email_protection_key option. This - option was introduced in documentation for certtool without an - implementation of it. It is a shortcut for option - 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'. - * certtool: made printing of key ID and key PIN consistent - between certificates, public keys, and private keys. That is - the private key printing now uses the same format as the rest. - * gnutls-cli: introduced the --sni-hostname option. This allows - overriding the hostname advertised to the peer. - -- skip trust-store tests to avoid build cycle with - ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch - -- GnuTLS 3.5.11: - * gnutls.pc: do not include libtool options into Libs.private. - * libgnutls: Fixed issue when rehandshaking without a client certificate in - a session which initially used one - * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP - certificate parsing (bsc#1038337) - * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access. - That allows PKCS#11 operations such as signing to be performed with the - same object from multiple threads. - * libgnutls: when disabling OpenPGP authentication, the resulting library - is ABI compatible (will openpgp related functions being stubs that fail - on invocation). - -- call gzip -n to make build fully reproducible - -- update to 3.5.10 - * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173 - * gnutls.pc: do not include libidn2 in Requires.private - * libgnutls: optimized access to subject alternative names (SANs) in parsed - certificates - * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469 - when printing certificate information. - * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify() - flags can be set from the gnutls_certificate_verify_flags enumeration. - This allows the functions to pass the same flags available for certificates - to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or - GNUTLS_VERIFY_ALLOW_BROKEN). - * libgnutls: gnutls_store_commitment() can accept flag - GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate - in applications which use SHA1 for example, after SHA1 is deprecated. - * certtool: No longer ignore the 'add_critical_extension' template option if - the 'add_extension' option is not present. - * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the - starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream) -- drop gnutls-3.5.9-pkgconfig.patch (upstream) -- remove unknown --disable-srp flag (bsc#901857) - -- disable the deprecated OpenPGP authentication support - * see https://gitlab.com/gnutls/gnutls/issues/102 -- add gnutls-broken-openpgp-tests.patch - -- GnuTLS 3.5.9: - * libgnutls: OpenPGP references removed, functionality deprecated - * libgnutls: Improve detection of AVX support - * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897 - * p11tool: re-use ID from corresponding objects when writing - certificates. - * API and ABI modifications: - gnutls_idna_map: Added - gnutls_idna_reverse_map: Added -- prevent pkgconfig issues due to libidn2 when building with GnuTLS - add gnutls-3.5.9-pkgconfig.patch - -- Version 3.5.8 (released 2016-01-09) - * libgnutls: Ensure that multiple calls to the gnutls_set_priority_* - functions will not leave the verification profiles field to an - undefined state. The last call will take precedence. - * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned - by PKCS#8 decryption functions when an invalid key is provided. This - addresses regression on decrypting certain PKCS#8 keys. - * libgnutls: Introduced option to override the default priority string - used by the library. The intention is to allow support of system-wide - priority strings (as set with --with-system-priority-file). The - configure option is --with-default-priority-string. - * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption. - This prevents crashes when decrypting malformed PKCS#8 keys. - * libgnutls: Fix crash on the loading of malformed private keys with certain - parameters set to zero. - * libgnutls: Fix double free in certificate information printing. If the PKIX - extension proxy was set with a policy language set but no policy specified, - that could lead to a double free. - * libgnutls: Addressed memory leaks in client and server side error paths - (issues found using oss-fuzz project) - * libgnutls: Addressed memory leaks in X.509 certificate printing error paths - (issues found using oss-fuzz project) - * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate - parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project) - * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing. - (issues found using oss-fuzz project) -- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2 - -- GnuTLS 3.5.7, the next stable branch, with the following - highlights: - * SHA3 as a certificate signature algorithm - * X25519 (formerly curve25519) for ephemeral EC diffie-hellman - key exchange - * TLS false start - * New APIs to access the Shawe-Taylor-based provable RSA and DSA - parameter generation - * Prevent the change of identity on rehandshakes by default - -- GnuTLS 3.4.17: - * libgnutls: Introduced time and constraints checks in the end - certificate in the gnutls_x509_crt_verify_data2() and - gnutls_pkcs7_verify_direct() functions. - * libgnutls: Set limits on the maximum number of alerts handled. - That is, applications using gnutls could be tricked into an - busy loop if the peer sends continuously alert messages. - Applications which set a maximum handshake time (via - gnutls_handshake_set_timeout) will eventually recover but - others may remain in a busy loops indefinitely. This is related - but not identical to CVE-2016-8610, due to the difference in - alert handling of the libraries (gnutls delegates that handling - to applications). boo#1005879 - * libgnutls: Enhanced the PKCS#7 parser to allow decoding old - (pre-rfc5652) structures with arbitrary encapsulated content. - * libgnutls: Backported cipher priorities order from 3.5.x branch - That adds CHACHA20-POLY1305 ciphersuite to SECURE priority - strings. - * certtool: When exporting a CRQ in DER format ensure no text data - are intermixed. - * API and ABI modifications: - gnutls_pkcs7_get_embedded_data_oid: Added -- includes changes from 3.4.16: - * libgnutls: Ensure proper cleanups on - gnutls_certificate_set_*key() failures due to key mismatch. - This prevents leaks or double freeing on such failures. - * libgnutls: Increased the maximum size of the handshake message - hash. This will allow the library to cope better with larger - packets, as the ones offered by current TLS 1.3 drafts. - * libgnutls: Allow to use client certificates despite them - containing disallowed algorithms for a session. That allows for - example a client to use DSA-SHA1 due to his old DSA - certificate, without requiring him to enable DSA-SHA1 (and thus - make it acceptable for the server's certificate). - * guile: Backported all improvements from 3.5.x branch. - * guile: Update code to the I/O port API of Guile >= 2.1.4 - This makes sure the GnuTLS bindings will work with the - forthcoming 2.2 stable series of Guile, of which 2.1 is a - preview. - -- GnuTLS 3.4.15: - * libgnutls: Corrected the comparison of the serial size in OCSP - response. Previously the OCSP certificate check wouldn't verify - the serial length and could succeed in cases it shouldn't - (GNUTLS-SA-2016-3). - * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was - ignoring flags if all certificates in the list fit within the - initially allocated memory. - * libgnutls: Corrected issue which made - gnutls_certificate_get_x509_crt() to return invalid pointers - when returned more than a single certificate. - * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the - complete chain. - * libgnutls: Added support for decrypting PKCS#8 files which use - the HMAC-SHA256 as PRF. - * libgnutls: Addressed issue with PKCS#11 signature generation on - ECDSA keys. The signature is now written as unsigned integers - into the DSASignatureValue structure. Previously signed - integers could be written depending on what the underlying - module would produce. Addresses #122. -- fix build error for 13.2, 42.1 and 42.2 - -- GnuTLS 3.4.14: - * libgnutls: Address issue when utilizing the p11-kit trust store - for certificate verification (GNUTLS-SA-2016-2, boo#988276) - * libgnutls: Fixed DTLS handshake packet reconstruction. - * libgnutls: Fixed issues with PKCS#11 reading of sensitive - objects from SafeNet Network HSM - * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER -- drop upstreamed - 0001-tests-use-datefudge-in-name-constraints-test.patch - -- Fix a problem with expired test certificate by using datefudge - (boo#987139) - * add 0001-tests-use-datefudge-in-name-constraints-test.patch - -- Version 3.4.13 (released 2016-06-06) - * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with - NSS instead of using a separate variable; in addition append any keys to - the file instead of overwriting it. - * libgnutls: use secure_getenv() where available to obtain environment - variables. Addresses GNUTLS-SA-2016-1. -- Version 3.4.12 (released 2016-05-20) - * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This - cipher is prioritized after AES-GCM. - * libgnutls: Fixes in gnutls_privkey_import_ecc_raw(). - * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the - GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that - operation could fail on certain PKCS#11 modules. - * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url() - can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. - * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS - name of the certificates if the provided names are NULL. - * libgnutls: when receiving SNI names, only save and expose to application - the supported DNS names. - * libgnutls: when importing the certificate names at the - gnutls_certificate_set* functions, only consider the CN as a fallback - if DNS names are provided via the alternative name extension. - * gnutls-cli: on OCSP verification do not fail if we have a single valid - reply. Report and reproducer by Thomas Klute. - * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to - log session keys in client side. These session keys are compatible with - the NSS Key Log Format and can be used to decrypt the session for - debugging using wireshark. - -- enabled guile support -- removed duplicates - -- Updated to 3.4.11 - * Version 3.4.11 (released 2016-04-11) - * * libgnutls: Fixes in gnutls_record_get/set_state() with DTLS. - Reported by Fridolin Pokorny. - * * libgnutls: Fixes in DSA key generation under PKCS #11. Report and - patches by Jan Vcelak. - * * libgnutls: Corrected behavior of ALPN extension parsing during - session resumption. Report and patches by Yuriy M. Kaminskiy. - * * libgnutls: Corrected regression (since 3.4.0) in - gnutls_server_name_set() which caused it not to accept non-null- - terminated hostnames. Reported by Tim Ruehsen. - * * libgnutls: Corrected printing of the IP Adress name constraints. - * * ocsptool: use HTTP/1.0 for requests. This avoids issue with servers - serving chunk encoding which ocsptool doesn't support. Reported by - Thomas Klute. - * * certtool: do not require a CA for OCSP signing tag. This follows the - recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate - OCSP signing to another certificate without requiring it to be a CA. - Reported by Thomas Klute. - * Version 3.4.10 (released 2016-03-03) - * * libgnutls: Eliminated issues preventing buffers more than 2^32 bytes - to be used with hashing functions. - * * libgnutls: Corrected leaks and other issues in - gnutls_x509_crt_list_import(). - * * libgnutls: Fixes in DSA key handling for PKCS #11. Report and - patches by Jan Vcelak. - * * libgnutls: Several fixes to prevent relying on undefined behavior - of C (found with libubsan). - * Version 3.4.9 (released 2016-02-03) - * * libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would - negotiate the last commonly supported protocol, rather than the - first. Reported by Remi Denis-Courmont (#63). - * * libgnutls: Tolerate empty DN fields in informational output - functions. - * * libgnutls: Corrected regression causes by incorrect fix in - gnutls_x509_ext_export_key_usage() at 3.4.8 release. - -- follow the work in the unbound package and use the - libunbound-devel symbol for the buildrequires. we override it for - the distro build with libunbound-devel-mini to avoid build loops. - -- reenable dane support, require unbound-devel bsc#964346 -- split out libgnutls-dane-devel to try to avoid build cycle. - -- Update to 3.4.8 - All changes since 3.4.4: - * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey() - when used with PKCS #11 keys. - * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import - their public keys from either a public key object or a certificate. - That is, because private keys do not contain all the required - parameters for a direct import. - * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11 - tokens. - * libgnutls: Fixed out-of-bounds read in - gnutls_x509_ext_export_key_usage() - * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to - conform to draft-ietf-tls-chacha20-poly1305-02. - * libgnutls: Several fixes in PKCS #7 signing which improve - compatibility with the MacOSX tools. - * libgnutls: The max-record extension not negotiated on DTLS. This - resolves issue with the max-record being negotiated but ignored. - * certtool: Added the --p7-include-cert and --p7-show-data options. - * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384 - ciphersuites. This solves an interoperability issue with openssl. - * libgnutls: Corrected the setting of salt size in - gnutls_pkcs12_mac_info(). - * libgnutls: On a rehandshake allow switching from anonymous to ECDHE - and DHE ciphersuites. - * libgnutls: Corrected regression from 3.3.x which prevented - ARCFOUR128 from using arbitrary key sizes. - * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs - skipping the implicit global initialization. - * gnutls.pc: Don't include libtool specific options to link flags. - * tools: Better support for FTP AUTH TLS negotiation - * libgnutls: Added new simple verification functions. That avoids the - need to install a callback to perform certificate verification. See - doc/examples/ex-client-x509.c for usage. - * libgnutls: Introduced the security parameter 'future' which is at - the 256-bit level of security, and 'ultra' was aligned to its - documented size at 192-bits. - * libgnutls: When writing a certificate into a PKCS #11 token, ensure - that CKA_SERIAL_NUMBER and CKA_ISSUER are written. - * libgnutls: Allow the presence of legacy ciphers and key exchanges in - priority strings and consider them a no-op. - * libgnutls: Handle the extended master secret as a mandatory - extension. That fixes incompatibility issues with Chromium (#45). - * libgnutls: Added the ability to copy a public key into a PKCS #11 - token. - * tools: Added support for LDAP and XMPP negotiation for STARTTLS. - * p11tool: Allow writing a public key into a PKCS #11 token. - * certtool: Key generation security level was switched to HIGH. That - is, by default the tool generates 3072 bit keys for RSA and DSA. - * libgnutls: When re-importing CRLs to a trust list ensure that there - no duplicate entries. - * certtool: Removed any arbitrary limits imposed on input file sizes - and maximum number of certificates imported. - * certtool: Allow specifying fixed dates on CRL generation. - * gnutls-cli-debug: Added check for inappropriate fallback support - (RFC7507). - -- Update to 3.4.4 - This update contains a fix for a denial of service vulnerability: - * Allow the parsing of very long DNs. Also fixes double free - in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251 - Other changes: - * Add high level API (gnutls_prf_rfc5705) to access the PRF as - specified by RFC5705. - * Link to trousers (TPM library) dynamically when this - functionality is requested. (disabled in SUSE package) - * Fix issue with server side sending the status request extension - even when not requested. - * Add support for RFC7507 by introducing the %FALLBACK_SCSV - priority string option. - * gnutls_pkcs11_privkey_generate2() will store the generated - public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY - flag is specified. - * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback. - * API and ABI modifications: - gnutls_prf_rfc5705: Added - gnutls_hex_encode2: Added - gnutls_hex_decode2: Added -- build with autogen for libopts compatibility -- fix failures in test suite, add upstream commits - 0001-certtool-lifted-limits-on-file-size-to-load.patch - 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch - -- update to 3.4.3 - * * libgnutls: Follow closely RFC5280 recommendations and use UTCTime for - dates prior to 2050. - * * libgnutls: Force 16-byte alignment to all input to ciphers (previously it - was done only when cryptodev was enabled). - * * libgnutls: Removed support for pthread_atfork() as it has undefined - semantics when used with dlopen(), and may lead to a crash. - * * libgnutls: corrected failure when importing plain files - with gnutls_x509_privkey_import2(), and a password was provided. - * * libgnutls: Don't reject certificates if a CA has the URI or IP address - name constraints, and the end certificate doesn't have an IP address - name or a URI set. - * * libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. - * * p11tool: Added --list-token-urls option, and print the token module name - in list-tokens. - * * libgnutls: DTLS blocking API is more robust against infinite blocking, - and will notify of more possible timeouts. - * * libgnutls: corrected regression with Camellia-256-GCM cipher. Reported - by Manuel Pegourie-Gonnard. - * * libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That - allows to disable SIGPIPE for writes done within gnutls. - * * libgnutls: Enhanced the PKCS #7 API to allow signing and verification - of structures. API moved to gnutls/pkcs7.h header. - * * certtool: Added options to generate PKCS #7 bundles and signed - structures. -- includes changes from 3.4.2: - * DTLS blocking API is more robust against infinite blocking, - and will notify of more possible timeouts. - * Correct regression with Camellia-256-GCM cipher. - * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That - allows to disable SIGPIPE for writes done within gnutls. - * Enhance the PKCS #7 API to allow signing and verification - of structures. Move API to gnutls/pkcs7.h header. - * certtool: Added options to generate PKCS #7 bundles and signed - structures. - -- disable testsuite run against valgrind on aarch64 - -- Updated to 3.4.1 (released 2015-05-03) - * * libgnutls: gnutls_certificate_get_ours: will return the certificate even - if a callback was used to send it. - * * libgnutls: Check for invalid length in the X.509 version field. Without - the check certificates with invalid length would be detected as having an - arbitrary version. Reported by Hanno Böck. - * * libgnutls: Handle DNS name constraints with a leading dot. Patch by - Fotis Loukos. - * * libgnutls: Updated system-keys support for windows to compile in more - versions of mingw. Patch by Tim Kosse. - * * libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by - Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690 - * * libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout - by default. That caused issues with non-blocking programs. - * * certtool: It can generate SHA256 key IDs. - * * gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. - * * API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added -- gnutls-fix-double-mans.patch: fixed upstream - -- Disable buggy valgrind on armv7l - -- updated to 3.4.0 (released 2015-04-08) - * * libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) - ciphersuites. The former are enabled by default, the latter need to be - explicitly enabled, since they reduce the overall security level. - * * libgnutls: Added support for Chacha20-Poly1305 ciphersuites following - draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. - That is currently provided as technology preview and is not enabled by - default, since there are no assigned ciphersuite points by IETF and there - is no guarrantee of compatibility between draft versions. The ciphersuite - priority string to enable it is "+CHACHA20-POLY1305". - * * libgnutls: Added support for encrypt-then-authenticate in CBC - ciphersuites (RFC7366 -taking into account its errata text). This is - enabled by default and can be disabled using the %NO_ETM priority - string. - * * libgnutls: Added support for the extended master secret - (triple-handshake fix) following draft-ietf-tls-session-hash-02. - * * libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). - * * libgnutls: SSL 3.0 is no longer included in the default priorities - list. It has to be explicitly enabled, e.g., with a string like - "NORMAL:+VERS-SSL3.0". - * * libgnutls: ARCFOUR (RC4) is no longer included in the default priorities - list. It has to be explicitly enabled, e.g., with a string like - "NORMAL:+ARCFOUR-128". - * * libgnutls: DSA signatures and DHE-DSS are no longer included in the - default priorities list. They have to be explicitly enabled, e.g., with - a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The - DSA ciphersuites were dropped because they had no deployment at all - on the internet, to justify their inclusion. - * * libgnutls: The priority string EXPORT was completely removed. The string - was already defunc as support for the EXPORT ciphersuites was removed in - GnuTLS 3.2.0. - * * libgnutls: Added API to utilize system specific private keys in - "gnutls/system-keys.h". It is currently provided as technology preview - and is restricted to windows CNG keys. - * * libgnutls: gnutls_x509_crt_check_hostname() and friends will use - RFC6125 comparison of hostnames. That introduces a dependency on libidn. - * * libgnutls: Depend on p11-kit 0.23.1 to comply with the final - PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). - * * libgnutls: Depend on nettle 3.1. - * * libgnutls: Use getrandom() or getentropy() when available. That - avoids the complexity of file descriptor handling and issues with - applications closing all open file descriptors on startup. - * * libgnutls: Use pthread_atfork() to detect fork when available. - * * libgnutls: The gnutls_handshake() process will enforce a timeout by - default. - * * libgnutls: If a key purpose (extended key usage) is specified for verification, - it is applied into intermediate certificates. The verification result - GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. - * * libgnutls: When gnutls_certificate_set_x509_key_file2() is used in - combination with PKCS #11, or TPM URLs, it will utilize the provided - password as PIN if required. That removes the requirement for the - application to set a callback for PINs in that case. - * * libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are - restricted to the corresponding protocols only, and the VERS-ALL - string is introduced to catch all possible protocols. - * * libgnutls: Added helper functions to obtain information on PKCS #8 - structures. - * * libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t - will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. - * * libgnutls: Added functions to export and set the record state. That - allows for gnutls_record_send() and recv() to be offloaded (to kernel, - hardware or any other subsystem). - * * libgnutls: Added the ability to register application specific URL - types, which express certificates and keys using gnutls_register_custom_url(). - * * libgnutls: Added API to override existing ciphers, digests and MACs, e.g., - to override AES-GCM using a system-specific accelerator. That is, (crypto.h) - gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), - gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). - * * libgnutls: Added gnutls_ext_register() to register custom extensions. - Contributed by Thierry Quemerais. - * * libgnutls: Added gnutls_supplemental_register() to register custom - supplemental data handshake messages. Contributed by Thierry Quemerais. - * * libgnutls-openssl: it is no longer built by default. - * * certtool: Added --p8-info option, which will print PKCS #8 information - even if the password is not available. - * * certtool: --key-info option will print PKCS #8 encryption information - when available. - * * certtool: Added the --key-id and --fingerprint options. - * * certtool: Added the --verify-hostname, --verify-email and --verify-purpose - options to be used in certificate chain verification, to simulate verification - for specific hostname and key purpose (extended key usage). - * * certtool: --p12-info option will print PKCS #12 MAC and cipher information - when available. - * * certtool: it will print the A-label (ACE) names in addition to UTF-8. - * * p11tool: added options --set-id and --set-label. - * * gnutls-cli: added options --priority-list and --save-cert. - * * guile: Deprecated priority API has been removed. The old priority API, - which had been deprecated for some time, is now gone; use 'set-session-priorities!' - instead. - * * guile: Remove RSA parameters and related procedures. This API had been - deprecated. - * * guile: Fix compilation on MinGW. Previously only the static version of the - 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. - -- updated to 3.3.13 (released 2015-03-30) - * * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo - structures use BER to decode them (requires libtasn1 4.3). That allows - to decode some more complex structures. - * * libgnutls: When an end-certificate with no name is present and there - are CA name constraints, don't reject the certificate. This follows RFC5280 - advice closely. Reported by Fotis Loukos. - * * libgnutls: Fixed handling of supplemental data with types > 255. - Patch by Thierry Quemerais. - * * libgnutls: Fixed double free in the parsing of CRL distribution points certificate - extension. Reported by Robert Święcki. - * * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That - protocol is not enabled by default (used by openconnect VPN). - * * libgnutls: The maximum user data send size is set to be the same for - block and non-block ciphersuites. This addresses a regression with wine: - https://bugs.winehq.org/show_bug.cgi?id=37500 - * * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN, - and CKA_DECRYPT when needed. - * * libgnutls: Allow names with zero size to be set using - gnutls_server_name_set(). That will disable the Server Name Indication. - Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2 -- new main library major version .so.30 -- requires new libnettle >= 3.1, p11-kit-devel >= 0.23.1 -- Now need to configure --enable-openssl-compatibility (might go away) -- added gnutls-fix-double-mans.patch: avoid double installing manpages -- dropped gnutls-3.0.26-skip-test-fwrite.patch: does not seem to be needed - anymore -- install_info_delete moved from %postun to %preun - -- for DANE support, use bcond_with -- for tpm support, same -- note p11-kit >= 0.20.7 requirement -- note libtasn1 3.9 requirement (built-in lib used otherwise) - -- disable trousers and unbound again for now, as it causes too long - build cycles. - -- added unbound-devel (for DANE) and trousers-devel (for TPM support) -- removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff -- libgnutls-dane0 new library added -- updated to 3.3.13 (released 2015-02-25) - * * libgnutls: Enable AESNI in GCM on x86 - * * libgnutls: Fixes in DTLS message handling - * * libgnutls: Check certificate algorithm consistency, i.e., - check whether the signatureAlgorithm field matches the signature - field inside TBSCertificate. - * * gnutls-cli: Fixes in OCSP verification. -- Version 3.3.12 (released 2015-01-17) - * * libgnutls: When negotiating TLS use the lowest enabled version in - the client hello, rather than the lowest supported. In addition, do - not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0 - is the only protocol supported. That addresses issues with servers that - immediately drop the connection when the encounter SSL 3.0 as the record - version number. See: - http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html - * * libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters. - * * libgnutls: Handle zero length plaintext for VIA PadLock functions. - This solves a potential crash on AES encryption for small size plaintext. - Patch by Matthias-Christian Ott. - * * libgnutls: In DTLS don't combine multiple packets which exceed MTU. - Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715 - * * libgnutls: In DTLS decode all handshake packets present in a record - packet, in a single pass. Reported by Andreas Schultz. - https://savannah.gnu.org/support/?108712 - * * libgnutls: When importing a CA file with a PKCS #11 URL, simply - import the certificates, if the URL specifies objects, rather than - treating it as trust module. - * * libgnutls: When importing a PKCS #11 URL and we know the type of - object we are importing, don't require the object type in the URL. - * * libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2 - was used by the server. - * * certtool: --pubkey-info will also attempt to load a public key from stdin. - * * gnutls-cli: Added --starttls-proto option. That allows to specify a - protocol for starttls negotiation. -- Version 3.3.11 (released 2014-12-11) - * * libgnutls: Corrected regression introduced in 3.3.9 related to - session renegotiation. Reported by Dan Winship. - * * libgnutls: Corrected parsing issue with OCSP responses. -- Version 3.3.10 (released 2014-11-10) - * * libgnutls: Refuse to import v1 or v2 certificates that contain - extensions. - * * libgnutls: Fixes in usage of PKCS #11 token callback - * * libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used - with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag. - Reported by David Woodhouse. - * * libgnutls: Removed superfluous random generator refresh on every call - of gnutls_deinit(). That reduces load and usage of /dev/urandom. - * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format. - Reported by Sean Burford [GNUTLS-SA-2014-5]. - * * libgnutls: When gnutls_global_init() is called for a second time, it - will check whether the /dev/urandom fd kept is still open and matches - the original one. That behavior works around issues with servers that - close all file descriptors. - * * libgnutls: Corrected behavior with PKCS #11 objects that are marked - as CKA_ALWAYS_AUTHENTICATE. - * * certtool: The default cipher for PKCS #12 structures is 3des-pkcs12. - That option is more compatible than AES or RC4. -- Version 3.3.9 (released 2014-10-13) - * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. - Reported by Joseph Peruski. - * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the - handshake's hash buffer, in applications using the heartbeat extension - or DTLS. Reported by Joeri de Ruiter. - * * libgnutls: When both a trust module and additional CAs are present - account the latter as well; reported by David Woodhouse. - * * libgnutls: added GNUTLS_TL_GET_COPY flag for - gnutls_x509_trust_list_get_issuer(). That allows the function to be used - in a thread safe way when PKCS #11 trust modules are in use. - * * libgnutls: fix issue in DTLS retransmission when session tickets - were in use; reported by Manuel Pégourié-Gonnard. - * * libgnutls-dane: Do not require the CA on a ca match to be direct CA. - * * libgnutls: Prevent abort() in library if getrusage() fails. Try to - detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. - * * guile: new 'set-session-server-name!' procedure; see the manual for - details. - * * certtool: The authority key identifier will be set in a certificate only - if the CA's subject key identifier is set. -- Version 3.3.8 (released 2014-09-18) - * * libgnutls: Updates in the name constraints checks. No name constraints - will be checked for intermediate certificates. As our support for name - constraints is limited to e-mail addresses in DNS names, it is pointless - to check them on intermediate certificates. - * * libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple - object listing would fail completely if a single object could not be exported. - * * libgnutls: Improved the performance of PKCS #11 object listing/retrieving, - by retrieving them in large batches. Report and suggestion by David - Woodhouse. - * * libgnutls: Fixed issue with certificates being sanitized by gnutls prior - to signature verification. That resulted to certain non-DER compliant modifications - of valid certificates, being corrected by libtasn1's parser and restructured as - the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from - Codenomicon. - * * libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle - strings with embedded spaces and escaped commas. - * * libgnutls: when comparing a CA certificate with the trusted list compare - the name and key only instead of the whole certificate. That is to handle - cases where a CA certificate was superceded by a different one with the same - name and the same key. - * * libgnutls: when verifying a certificate against a p11-kit trusted - module, use the attached extensions in the module to override the CA's - extensions (that requires p11-kit 0.20.7). - * * libgnutls: In DTLS prevent sending zero-size fragments in certain cases - of MTU split. Reported by Manuel Pégourié-Gonnard. - * * libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows - verifying using a hostname and a purpose (extended key usage). That - enhances PKCS #11 trust module verification, as it can now check the purpose - when this function is used. - * * libgnutls: Corrected gnutls_x509_crl_verify() which would always report - a CRL signature as invalid. Reported by Armin Burgmeier. - * * libgnutls: added option --disable-padlock to allow disabling the padlock - CPU acceleration. - * * p11tool: when listing tokens, list their type as well. - * * p11tool: when listing objects from a trust module print any attached - extensions on certificates. -- Version 3.3.7 (released 2014-08-24) - * * libgnutls: Added function to export the public key of a PKCS #11 - private key. Contributed by Wolfgang Meyer zu Bergsten. - * * libgnutls: Explicitly set the exponent in PKCS #11 key generation. - That improves compatibility with certain PKCS #11 modules. Contributed by - Wolfgang Meyer zu Bergsten. - * * libgnutls: When generating a PKCS #11 private key allow setting - the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten. - * * libgnutls: gnutls_pkcs11_privkey_t will always hold an open session - to the key. - * * libgnutls: bundle replacements of inet_pton and inet_aton if not - available. - * * libgnutls: initialize parameters variable on PKCS #8 decryption. - * * libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1 - algorithms. - * * libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125 - requirement of checking the Common Name (CN) part of DN only if there is - a single CN present in the certificate. - * * libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used - to force the FIPS mode, when set to 1. - * * libgnutls: In DTLS ignore only errors that relate to unexpected packets - and decryption failures. - * * p11tool: Added --info parameter. - * * certtool: Added --mark-wrap parameter. - * * danetool: --check will attempt to retrieve the server's certificate - chain and verify against it. - * * danetool/gnutls-cli-debug: Added --app-proto parameters which can - be used to enforce starttls (currently only SMTP and IMAP) on the connection. - * * danetool: Added openssl linking exception, to allow linking - with libunbound. -- Version 3.3.6 (released 2014-07-23) - * * libgnutls: Use inet_ntop to print IP addresses when available - * * libgnutls: gnutls_x509_crt_check_hostname and friends will also check - IP addresses, and match documented behavior. Reported by David Woodhouse. - * * libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 - bit parameters. - * * libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens - being usable after a reinitialization. - * * libgnutls: fixed PKCS #11 private key operations after a fork. - * * libgnutls: fixed PKCS #11 ECDSA key generation. - * * libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to - explicitly enable/disable the use of certain CPU capabilities. Note that CPU - detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel - CPU. The currently available options are: - 0x1: Disable all run-time detected optimizations - 0x2: Enable AES-NI - 0x4: Enable SSSE3 - 0x8: Enable PCLMUL - 0x100000: Enable VIA padlock - 0x200000: Enable VIA PHE - 0x400000: Enable VIA PHE SHA512 - * * libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. - * * p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. - * * p11tool: ask for label when one isn't provided. - * * p11tool: added --batch parameter to disable any interactivity. - * * p11tool: will not implicitly enable so-login for certain types of - objects. That avoids issues with tokens that require different login - types. - * * certtool/p11tool: Added the --curve parameter which allows to explicitly - specify the curve to use. -- Version 3.3.5 (released 2014-06-26) - * * libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). - These functions provide a variant of gnutls_record_recv() that avoids - the final memcpy of data. - * * libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a - faster variant of gnutls_x509_crl_get_crt_serial() when coping with - very large structures. - * * libgnutls: When the decoding of a printable DN element fails, then treat - it as unknown and print its hex value rather than failing. That works around - an issue in a TURKTRST root certificate which improperly encodes the - X520countryName element. - * * libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number - of certificates present in a PKCS #11 token when loading it. - * * libgnutls: Allow the post client hello callback to put the handshake on - hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. - * * certtool: option --to-p12 will now consider --load-ca-certificate - * * certtol: Added option to specify the PKCS #12 friendly name on command line. - * * p11tool: Allow marking a certificate copied to a token as a CA. -- Version 3.3.4 (released 2014-05-31) - * * libgnutls: Updated Andy Polyakov's assembly code. That prevents a - crash on certain CPUs. -- Version 3.3.3 (released 2014-05-30) - * * libgnutls: Eliminated memory corruption issue in Server Hello parsing. - Issue reported by Joonas Kuorilehto of Codenomicon. - * * libgnutls: gnutls_global_set_mutex() was modified to operate with the - new initialization process. - * * libgnutls: Increased the maximum certificate size buffer - in the PKCS #11 subsystem. - * * libgnutls: Check the return code of getpwuid_r() instead of relying - on the result value. That avoids issue in certain systems, when using - tofu authentication and the home path cannot be determined. Issue reported - by Viktor Dukhovni. - * * libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to - create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 - * * gnutls-cli: --dane will only check the end certificate if PKIX validation - has been disabled. - * * gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot - be emulated with the implicit initialization of gnutls. - * * certtool: Allow multiple organizations and organizational unit names to - be specified in a template. - * * certtool: Warn when invalid configuration options are set to a template. - * * ocsptool: Include path in ocsp request. This resolves #108582 - (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. -- Version 3.3.2 (released 2014-05-06) - * * libgnutls: Added the 'very weak' certificate verification profile - that corresponds to 64-bit security level. - * * libgnutls: Corrected file descriptor leak on random generator - initialization. - * * libgnutls: Corrected file descriptor leak on PSK password file - reading. Issue identified using the Codenomicon TLS test suite. - * * libgnutls: Avoid deinitialization if initialization has failed. - * * libgnutls: null-terminate othername alternative names. - * * libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly - on a PKCS #11 trust list. - * * libgnutls: Several small bug fixes identified using valgrind and - the Codenomicon TLS test suite. - * * libgnutls-dane: Accept a certificate using DANE if there is at least one - entry that matches the certificate. Patch by simon [at] arlott.org. - * * libgnutls-guile: Fixed compilation issue. - * * certtool: Allow exporting a CRL on DER format. - * * certtool: The ECDSA keys generated by default use the SECP256R1 curve - which is supported more widely than the previously used SECP224R1. -- Version 3.3.1 (released 2014-04-19) - * * libgnutls: Enforce more strict checks to heartbeat messages - concerning padding and payload. Suggested by Peter Dettman. - * * libgnutls: Allow decoding PKCS #8 files with ECC parameters - from openssl. - * * libgnutls: Several small bug fixes found by coverity. - * * libgnutls: The conditionally available self-test functions - were moved to self-test.h. - * * libgnutls: Fixed issue with the check of incoming data when two - different recv and send pointers have been specified. Reported and - investigated by JMRecio. - * * libgnutls: Fixed issue in the RSA-PSK key exchange, which would - result to illegal memory access if a server hint was provided. Reported - by André Klitzing. - * * libgnutls: Fixed client memory leak in the PSK key exchange, if a - server hint was provided. - * * libgnutls: Corrected the *get_*_othername_oid() functions. -- Version 3.3.0 (released 2014-04-10) - * * libgnutls: The initialization of the library was moved to a - constructor. That is, gnutls_global_init() is no longer required - unless linking with a static library or a system that does not - support library constructors. - * * libgnutls: static libraries are not built by default. - * * libgnutls: PKCS #11 initialization is delayed to first usage. - That avoids long delays in gnutls initialization due to broken PKCS #11 - modules. - * * libgnutls: The PKCS #11 subsystem is re-initialized "automatically" - on the first PKCS #11 API call after a fork. - * * libgnutls: certificate verification profiles were introduced - that can be specified as flags to verification functions. They - are enumerations in gnutls_certificate_verification_profiles_t - and can be converted to flags for use in a verification function - using GNUTLS_PROFILE_TO_VFLAGS(). - * * libgnutls: Added the ability to read system-specific initial - keywords, if they are prefixed with '@'. That allows a compile-time - specified configuration file to be used to read pre-configured priority - strings from. That can be used to impose system specific policies. - * * libgnutls: Increased the default security level of priority - strings (NORMAL and PFS strings require at minimum a 1008 DH prime), - and set a verification profile by default. The LEGACY keyword is - introduced to set the old defaults. - * * libgnutls: Added support for the name constraints PKIX extension. - Currently only DNS names and e-mails are supported (no URIs, IPs - or DNs). - * * libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to - SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. - * * libgnutls: Added new API in x509-ext.h to handle X.509 extensions. - This API handles the X.509 extensions in isolation, allowing to parse - similarly formatted extensions stored in other structures. - * * libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS - can be used to specify a particular subgroup as the number of bits in - gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). - * * libgnutls: DH parameter generation is now delegated to nettle. - That unfortunately has the side-effect that DH parameters longer than - 3072 bits, cannot be generated (not without a nettle update). - * * libgnutls: Separated nonce RNG from the main RNG. The nonce - random number generator is based on salsa20/12. - * * libgnutls: The buffer alignment provided to crypto backend is - enforced to be 16-byte aligned, when compiled with cryptodev - support. That allows certain cryptodev drivers to operate more - efficiently. - * * libgnutls: Return error when a public/private key pair that doesn't - match is set into a credentials structure. - * * libgnutls: Depend on p11-kit 0.20.0 or later. - * * libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has - been removed. It was not approved by IETF. - * * libgnutls: The experimental xssl library is removed from the gnutls - distribution. - * * libgnutls: Reduced the number of gnulib modules used in the main library. - * * libgnutls: Added priority string %DISABLE_WILDCARDS. - * * libgnutls: Added the more extensible verification function - gnutls_certificate_verify_peers(), that allows checking, in addition - to a peer's DNS hostname, for the key purpose of the end certificate - (via PKIX extended key usage). - * * certtool: Timestamps for serial numbers were increased to 8 bytes, - and in batch mode to 12 (appended with 4 random bytes). - * * certtool: When no CRL number is provided (or value set to -1), then - a time-based number will be used, similarly to the serial generation - number in certificates. - * * certtool: Print the SHA256 fingerprint of a certificate in addition - to SHA1. - * * libgnutls: Added --enable-fips140-mode configuration option (unsupported). - That option enables (when running on FIPS140-enabled system): - o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) - o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. - o Self-tests on initialization on ciphers/MACs, public key algorithms - and the random generator. - o HMAC-SHA256 verification of the library on load. - o MD5 is included for TLS purposes but cannot be used by the high level - hashing functions. - o All ciphers except AES are disabled. - o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). - o All keys (temporal and long term) are zeroized after use. - o Security levels are adjusted to the FIPS140-2 recommendations (rather - than ECRYPT). - -- build with PIE for commandline tools - -- Updated to 3.2.21 (released 2014-12-11) - - libgnutls: Corrected regression introduced in 3.2.19 related to - session renegotiation. Reported by Dan Winship. - - libgnutls: Corrected parsing issue with OCSP responses. - -- Updated to 3.2.20 (released 2014-11-10) - * * libgnutls: Removed superfluous random generator refresh on every - call of gnutls_deinit(). That reduces load and usage of /dev/urandom. - * * libgnutls: Corrected issue in export of ECC parameters to X9.63 - format. Reported by Sean Burford [GNUTLS-SA-2014-5]. - (CVE-2014-8564 bnc#904603) -- Updated to 3.2.19 (released 2014-10-13) - * * libgnutls: Fixes in the transparent import of PKCS #11 certificates. - Reported by Joseph Peruski. - * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the - handshake's hash buffer, in applications using the heartbeat extension - or DTLS. Reported by Joeri de Ruiter. - * * libgnutls: fix issue in DTLS retransmission when session tickets were - in use; reported by Manuel Pégourié-Gonnard. - * * libgnutls: Prevent abort() in library if getrusage() fails. Try to - detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work. - * * guile: new 'set-session-server-name!' procedure; see the manual - for details. - kdump +- pull from new upstream SLE-15-SP5 branch +- copy SLE-15-SP4 calibration data for SLE-15-SP5 + kernel-default +- arm64: Discard .note.GNU-stack section (bsc#1203693). +- commit a5e7cb4 + +- media: i2c: ov2640: Depend on V4L2_ASYNC (git-fixes). +- commit 91b3b5b + +- Update + patches.suse/usb-typec-intel_pmc_mux-Add-new-ACPI-ID-for-Meteor-L.patch + (jsc#PED-1211). + Adding Jira +- commit 5026c96 + +- Update + patches.suse/usb-dwc3-pci-Add-support-for-Intel-Raptor-Lake.patch + (jsc#PED-1715). + Only adding Jira +- commit af0fb94 + +- xhci: Don't defer primary roothub registration if there is + only one roothub (jsc#PED-531). +- commit bb0af18 + +- xhci: prevent U2 link power state if Intel tier policy prevented + U1 (jsc#PED-531). +- commit 4580e55 + +- xhci: use generic command timer for stop endpoint commands + (jsc#PED-531). +- commit 0f31a26 + +- usb: host: xhci-plat: omit shared hcd if either root hub has + no ports (jsc#PED-531). +- commit 2387fca + +- usb: host: xhci-plat: prepare operation w/o shared hcd + (jsc#PED-531). +- commit 47afbac + +- usb: host: xhci-plat: create shared hcd after having added + main hcd (jsc#PED-531). +- commit f9fd004 + +- xhci: prepare for operation w/o shared hcd (jsc#PED-531). +- commit 09ce63b + +- xhci: factor out parts of xhci_gen_setup() (jsc#PED-531). +- commit 783aae7 + +- usb: xhci-mtk: add support optional controller reset + (jsc#PED-531). +- commit b567962 + +- usb/core: fix repeated words in comments (git-fixes). +- commit 5f46c47 + +- usb: core: sysfs: convert sysfs snprintf to sysfs_emit + (git-fixes). +- commit 40a09c7 + +- usb: Avoid extra usb SET_SEL requests when enabling link power + management (jsc#PED-531). +- commit 3988270 + +- usb: hub: port: add sysfs entry to switch port power + (jsc#PED-531). +- commit 9c3549e + +- powerpc/papr_scm: Ensure rc is always initialized in + papr_scm_pmu_register() (jsc#PED-1925). +- tools/testing/nvdimm: Fix security_init() symbol collision + (jsc#PED-1925). +- commit a333f5d + +- powerpc/papr_scm: don't requests stats with '0' sized stats + buffer (jsc#PED-1925). +- commit 3918fb0 + +- powerpc/papr_scm: Fix nvdimm event mappings (jsc#PED-557). +- powerpc/papr_scm: Fix leaking nvdimm_events_map elements + (jsc#PED-557). +- drivers/nvdimm: Fix build failure when CONFIG_PERF_EVENTS is + not set (jsc#PED-1925). +- commit 8ecc2ba + +- x86: clk: clk-fch: Add support for newer family of AMD's SOC + (jsc#PED-1408). +- commit c6a96ee + +- ACPI: tools: Introduce utility for firmware updates/telemetry + (jsc#PED-1408). +- efi: Introduce EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER and + corresponding structures (jsc#PED-1408). +- commit a7f95e0 + +- powerpc/papr_scm: Fix buffer overflow issue with + CONFIG_FORTIFY_SOURCE (jsc#PED-1925). +- powerpc/papr_scm: Fix build failure when (jsc#PED-1925). +- powerpc/papr_scm: Add perf interface support (jsc#PED-1925). +- drivers/nvdimm: Add perf interface to expose nvdimm performance + stats (jsc#PED-1925). +- drivers/nvdimm: Add nvdimm pmu structure (jsc#PED-1925). +- commit 61ab009 + +- Revert "ACPI: processor: idle: Only flush cache on entering C3" + (jsc#PED-1408). +- Revert "ACPI: scan: Do not add device IDs from _CID if _HID + is not valid" (jsc#PED-1408). +- ACPI: tables: Quiet ACPI table not found warning (jsc#PED-1408). +- ACPI: require CRC32 to build (jsc#PED-1408). +- ACPI: DPTF: Support Raptor Lake (jsc#PED-1408). +- ACPI: CPPC: Drop redundant local variable from cpc_read() + (jsc#PED-1408). +- ACPI: CPPC: Fix up I/O port access in cpc_read() (jsc#PED-1408). +- ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl() + (jsc#PED-1408). +- ACPI: pfr_update: Fix return value check in pfru_write() + (jsc#PED-1408). +- ACPI: Introduce Platform Firmware Runtime Telemetry driver + (jsc#PED-1408). +- Update supported.conf + - add drivers/acpi/pfr_telemetry.ko + ACPI Platform Firmware Runtime Telemetry driver +- ACPI: Introduce Platform Firmware Runtime Update device driver + (jsc#PED-1408). +- Update config files. +- Update supported.conf + - add drivers/acpi/pfr_update.ko + ACPI Platform Firmware Runtime Update Device driver +- ACPI: SPCR: check if table->serial_port.access_width is too wide + (jsc#PED-1408). +- ACPI: scan: Rename label in acpi_scan_init() (jsc#PED-1408). +- ACPI: scan: Simplify initialization of power and sleep buttons + (jsc#PED-1408). +- ACPI: scan: Change acpi_scan_init() return value type to void + (jsc#PED-1408). +- x86/PCI: Remove initialization of static variables to false + (jsc#PED-1408). +- ACPI: APD: Add a fmw property clk-name (jsc#PED-1408). +- drivers: acpi: acpi_apd: Remove unused device property "is-rv" + (jsc#PED-1408). +- ACPI: Add a context argument for table parsing handlers + (jsc#PED-1408). +- ACPI: Teach ACPI table parsing about the CEDT header format + (jsc#PED-1408). +- ACPI: Keep sub-table parsing infrastructure available for + modules (jsc#PED-1408). +- ACPI: NFIT: Import GUID before use (jsc#PED-1408). +- PM: hibernate: Allow ACPI hardware signature to be honoured + (jsc#PED-1408). +- ACPI: CPPC: Add CPPC enable register function (jsc#PED-1408). +- ACPI: CPPC: Implement support for SystemIO registers + (jsc#PED-1408). +- ACPI: CPPC: Amend documentation in the comments (jsc#PED-1408). +- ACPI: sysfs: use default_groups in kobj_type (jsc#PED-1408). +- ACPI: NUMA: Process hotpluggable memblocks when + !CONFIG_MEMORY_HOTPLUG (jsc#PED-1408). +- ACPI: tables: Add AEST to the list of known table signatures + (jsc#PED-1408). +- ACPI: DPTF: Update device ID in a comment (jsc#PED-1408). +- ACPI: PMIC: xpower: Fix _TMP ACPI errors (jsc#PED-1408). +- ACPI: PMIC: allow drivers to provide a custom lpat_raw_to_temp() + function (jsc#PED-1408). +- ACPI: PMIC: constify all struct intel_pmic_opregion_data + declarations (jsc#PED-1408). +- ACPI / x86: Skip AC and battery devices on x86 Android tablets + with broken DSDTs (jsc#PED-1408). +- ACPI / x86: Introduce an acpi_quirk_skip_acpi_ac_and_battery() + helper (jsc#PED-1408). + Refresh + patches.suse/ACPI-battery-Add-the-ThinkPad-Not-Charging-quirk.patch. +- ACPI / x86: Add PWM2 on the Xiaomi Mi Pad 2 to the + always_present list (jsc#PED-1408). +- ACPI: processor: thermal: avoid cpufreq_get_policy() + (jsc#PED-1408). +- ACPI: processor: idle: Only flush cache on entering C3 + (jsc#PED-1408). +- ACPI: processor idle: Use swap() instead of open coding it + (jsc#PED-1408). +- ACPI: processor: Replace kernel.h with the necessary inclusions + (jsc#PED-1408). +- ACPI: EC: Mark the ec_sys write_support param as + module_param_hw() (jsc#PED-1408). +- ACPI: EC: Relocate acpi_ec_create_query() and drop + acpi_ec_delete_query() (jsc#PED-1408). +- ACPI: EC: Make the event work state machine visible + (jsc#PED-1408). +- ACPI: EC: Avoid queuing unnecessary work in + acpi_ec_submit_event() (jsc#PED-1408). +- ACPI: EC: Rename three functions (jsc#PED-1408). +- ACPI: EC: Simplify locking in acpi_ec_event_handler() + (jsc#PED-1408). +- ACPI: EC: Rearrange the loop in acpi_ec_event_handler() + (jsc#PED-1408). +- ACPI: EC: Fold acpi_ec_check_event() into + acpi_ec_event_handler() (jsc#PED-1408). +- ACPI: EC: Pass one argument to acpi_ec_query() (jsc#PED-1408). +- ACPI: EC: Call advance_transaction() from acpi_ec_dispatch_gpe() + (jsc#PED-1408). +- ACPI: EC: Rework flushing of EC work while suspended to idle + (jsc#PED-1408). +- ACPI: PM: Emit debug messages when enabling/disabling wakeup + power (jsc#PED-1408). +- ACPI: PM: Remove redundant cache flushing (jsc#PED-1408). +- ACPI: PM: Avoid CPU cache flush when entering S4 (jsc#PED-1408). +- ACPI / x86: Add + acpi_quirk_skip_[i2c_client|serdev]_enumeration() helpers + (jsc#PED-1408). +- ACPI: Use acpi_fetch_acpi_dev() instead of acpi_bus_get_device() + (jsc#PED-1408). + Refresh + patches.suse/ACPI-properties-Consistently-return-ENOENT-if-there-.patch. +- ACPI: scan: Do not add device IDs from _CID if _HID is not valid + (jsc#PED-1408). +- ACPICA: Update version to 20211217 (jsc#PED-1408). +- ACPICA: iASL/NHLT table: "Specific Data" field support + (jsc#PED-1408). +- ACPICA: iASL: Add suppport for AGDI table (jsc#PED-1408). +- ACPICA: iASL: Add TDEL table to both compiler/disassembler + (jsc#PED-1408). +- ACPICA: Fixed a couple of warnings under MSVC (jsc#PED-1408). +- ACPICA: Change a return_ACPI_STATUS (AE_BAD_PARAMETER) + (jsc#PED-1408). +- ACPICA: Add support for PCC Opregion special context data + (jsc#PED-1408). +- ACPICA: Fix AEST Processor generic resource substructure data + field byte length (jsc#PED-1408). +- ACPICA: iASL/Disassembler: Additional support for NHLT table + (jsc#PED-1408). +- ACPICA: Avoid subobject buffer overflow when validating RSDP + signature (jsc#PED-1408). +- ACPICA: Macros: Remove ACPI_PHYSADDR_TO_PTR (jsc#PED-1408). +- ACPICA: Use original pointer for virtual origin tables + (jsc#PED-1408). +- ACPICA: Use original data_table_region pointer for accesses + (jsc#PED-1408). +- ACPI: delay enumeration of devices with a _DEP pointing to an + INT3472 device (jsc#PED-1408). +- commit a883e60 + +- ice: support crosstimestamping on E822 devices if supported + (jsc#PED-376). +- Update config files. +- commit 52d22d8 + +- net: phy: add Maxlinear GPY115/21x/24x driver (jsc#PED-829). +- Update config files. +- supported.conf: mark mxl-gpy supported +- commit 038e0dc + +- ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id + (jsc#PED-376). +- blacklist.conf: removed broken blacklist +- commit 4dd2967 + +- RDMA/irdma: Remove enum irdma_status_code (jsc#PED-377). +- Refresh + patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch. +- commit 0e1b54d + +- ice: introduce ice_virtchnl.c and ice_virtchnl.h (jsc#PED-376). +- Refresh + patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. +- Refresh + patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch. +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- Refresh + patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. +- commit b1a640b + +- ice: rename ice_virtchnl_pf.c to ice_sriov.c (jsc#PED-376). +- Refresh + patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. +- Refresh + patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch. +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- Refresh + patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. +- Refresh + patches.suse/ice-fix-use-after-free-when-deinitializing-mailbox-s.patch. +- commit a6dcbb6 + +- ice: convert VF storage to hash table with krefs and RCU + (jsc#PED-376). +- Refresh + patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch. +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- commit bb85cb8 + +- ice: introduce VF accessor functions (jsc#PED-376). +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- commit 567361b + +- ice: factor VF variables to separate structure (jsc#PED-376). +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- commit 3f8b512 + +- ice: add TTY for GNSS module for E810T device (jsc#PED-376). +- Refresh + patches.suse/ice-Fix-race-during-aux-device-un-plugging.patch. +- commit 8bbff5a + +- ice: Simplify tracking status of RDMA support (jsc#PED-376). +- Refresh + patches.suse/ice-Allow-operation-with-reduced-device-MSI-X.patch. +- commit 679eb4d + +- ice: implement basic E822 PTP support (jsc#PED-376). +- Refresh + patches.suse/ice-fix-possible-under-reporting-of-ethtool-Tx-and-R.patch. +- commit ef8d58e + +- ice: Propagate error codes (jsc#PED-376). +- Refresh + patches.suse/ice-Fix-curr_link_speed-advertised-speed.patch. +- commit 80453bf + +- ice: Remove string printing for ice_status (jsc#PED-376). +- Refresh + patches.suse/ice-enable-parsing-IPSEC-SPI-headers-for-RSS.patch. +- commit e71a23c + +- ice: xsk: use Rx ring's XDP ring when picking NAPI context + (jsc#PED-376). +- commit d811ddb + +- ice: xsk: prohibit usage of non-balanced queue id (jsc#PED-376). +- ice: Fix VF not able to send tagged traffic with no VLAN filters + (jsc#PED-376). +- ice: Ignore error message when setting same promiscuous mode + (jsc#PED-376). +- ice: Fix clearing of promisc mode with bridge over bond + (jsc#PED-376). +- ice: Ignore EEXIST when setting promisc mode (jsc#PED-376). +- ice: Fix double VLAN error when entering promisc mode + (jsc#PED-376). +- ice: Fix call trace with null VSI during VF reset (jsc#PED-376). +- ice: Fix VSI rebuild WARN_ON check for VF (jsc#PED-376). +- net/ice: fix initializing the bitmap in the switch code + (jsc#PED-376). +- RDMA/irdma: Use the bitmap API to allocate bitmaps + (jsc#PED-377). +- RDMA/irdma: Fix setting of QP context err_rq_idx_valid field + (jsc#PED-377). +- RDMA/irdma: Fix VLAN connection with wildcard address + (jsc#PED-377). +- RDMA/irdma: Fix a window for use-after-free (jsc#PED-377). +- RDMA/irdma: Make resource distribution algorithm more QP + oriented (jsc#PED-377). +- RDMA/irdma: Make CQP invalid state error non-critical + (jsc#PED-377). +- RDMA/irdma: Add AE source to error log (jsc#PED-377). +- RDMA/irdma: Add 2 level PBLE support for FMR (jsc#PED-377). +- net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in + ice_vsi_sync_fltr() (jsc#PED-376). +- ice: implement adjfine with mul_u64_u64_div_u64 (jsc#PED-376). +- ice: allow toggling loopback mode via ndo_set_features callback + (jsc#PED-376). +- ice: compress branches in ice_set_features() (jsc#PED-376). +- ice: Fix promiscuous mode not turning off (jsc#PED-376). +- ice: Introduce enabling promiscuous mode on multiple VF's + (jsc#PED-376). +- ice: Add support for PPPoE hardware offload (jsc#PED-376). +- flow_offload: Introduce flow_match_pppoe (jsc#PED-376). +- flow_dissector: Add PPPoE dissectors (jsc#PED-376). +- ice: add write functionality for GNSS TTY (jsc#PED-376). +- ice: add i2c write command (jsc#PED-376). +- ice: Remove pci_aer_clear_nonfatal_status() call (jsc#PED-376). +- ice: Add EXTTS feature to the feature bitmap (jsc#PED-376). +- net: extract port range fields from fl_flow_key (jsc#PED-376). +- ice: Remove unnecessary NULL check before dev_put (jsc#PED-376). +- ice: use eth_broadcast_addr() to set broadcast address + (jsc#PED-376). +- ice: switch: dynamically add VLAN headers to dummy packets + (jsc#PED-376). +- ice: Add support for VLAN TPID filters in switchdev + (jsc#PED-376). +- ice: Add support for double VLAN in switchdev (jsc#PED-376). +- intel/ice:fix repeated words in comments (jsc#PED-376). +- ice: Use correct order for the parameters of devm_kcalloc() + (jsc#PED-376). +- ice: remove u16 arithmetic in ice_gnss (jsc#PED-376). +- ice: remove VLAN representor specific ops (jsc#PED-376). +- ice: don't set VF VLAN caps in switchdev (jsc#PED-376). +- ice: do not setup vlan for loopback VSI (jsc#PED-376). +- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | + RS) (jsc#PED-376). +- ice: Fix VSIs unable to share unicast MAC (jsc#PED-376). +- ice: Fix tunnel checksum offload with fragmented traffic + (jsc#PED-376). +- ice: Fix max VLANs available for VF (jsc#PED-376). +- RDMA/irdma: Fix sleep from invalid context BUG (jsc#PED-377). +- RDMA/irdma: Do not advertise 1GB page size for x722 + (jsc#PED-377). +- ice: change devlink code to read NVM in blocks (jsc#PED-376). +- ice: handle E822 generic device ID in PLDM header (jsc#PED-376). +- ice: ethtool: Prohibit improper channel config for DCB + (jsc#PED-376). +- ice: ethtool: advertise 1000M speeds properly (jsc#PED-376). +- ice: Fix switchdev rules book keeping (jsc#PED-376). +- ice: ignore protocol field in GTP offload (jsc#PED-376). +- ice: Fix memory corruption in VF driver (jsc#PED-376). +- ice: Fix queue config fail handling (jsc#PED-376). +- ice: Sync VLAN filtering features for DVM (jsc#PED-376). +- ice: Fix PTP TX timestamp offset calculation (jsc#PED-376). +- ice: fix access-beyond-end in the switch code (jsc#PED-376). +- RDMA/irdma: Add SW mechanism to generate completions on error + (jsc#PED-377). +- RDMA/irdma: Remove the redundant variable (jsc#PED-377). +- eth: ice: silence the GCC 12 array-bounds warning (jsc#PED-376). +- ice: Expose RSS indirection tables for queue groups via ethtool + (jsc#PED-376). +- Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode" + (jsc#PED-376). +- ice: link representors to PCI device (jsc#PED-376). +- ice: remove period on argument description in ice_for_each_vf + (jsc#PED-376). +- ice: add a function comment for ice_cfg_mac_antispoof + (jsc#PED-376). +- ice: fix wording in comment for ice_reset_vf (jsc#PED-376). +- ice: remove return value comment for ice_reset_all_vfs + (jsc#PED-376). +- ice: always check VF VSI pointer values (jsc#PED-376). +- ice: add newline to dev_dbg in ice_vf_fdir_dump_info + (jsc#PED-376). +- ice: get switch id on switchdev devices (jsc#PED-376). +- ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS + (jsc#PED-376). +- ice: introduce common helper for retrieving VSI by vsi_num + (jsc#PED-376). +- ice: use min_t() to make code cleaner in ice_gnss (jsc#PED-376). +- ice, xsk: Avoid refilling single Rx descriptors (jsc#PED-376). +- ice, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-376). +- ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full + (jsc#PED-376). +- ice, xsk: Decorate ICE_XDP_REDIR with likely() (jsc#PED-376). +- flow_dissector: Add number of vlan tags dissector (jsc#PED-376). +- ice: Add mpls+tso support (jsc#PED-376). +- ice: switch: convert packet template match code to rodata + (jsc#PED-376). +- ice: switch: use convenience macros to declare dummy pkt + templates (jsc#PED-376). +- ice: switch: use a struct to pass packet template params + (jsc#PED-376). +- ice: switch: unobscurify bitops loop in + ice_fill_adv_dummy_packet() (jsc#PED-376). +- ice: switch: add and use u16 aliases to ice_adv_lkup_elem::{h, + m}_u (jsc#PED-376). +- ice: Fix interrupt moderation settings getting cleared + (jsc#PED-376). +- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() + (jsc#PED-377). +- ice: wait 5 s for EMP reset after firmware flash (jsc#PED-376). +- ice: Fix memory leak in ice_get_orom_civd_data() (jsc#PED-376). +- ice: xsk: check if Rx ring was filled up to the end + (jsc#PED-376). +- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap + (jsc#PED-376). +- flow_dissector: fix false-positive __read_overflow2_field() + warning (jsc#PED-376). +- ice: Set txq_teid to ICE_INVAL_TEID on ring creation + (jsc#PED-376). +- ice: Fix broken IFF_ALLMULTI handling (jsc#PED-376). +- ice: Fix MAC address setting (jsc#PED-376). +- ice: xsk: Stop Rx processing when ntc catches ntu (jsc#PED-376). +- ice: xsk: Eliminate unnecessary loop iteration (jsc#PED-376). +- RDMA/irdma: Add support for address handle re-use (jsc#PED-377). +- RDMA/irdma: Make irdma_create_mg_ctx return a void + (jsc#PED-377). +- RDMA/irdma: Move union irdma_sockaddr to header file + (jsc#PED-377). +- RDMA/irdma: Remove the unnecessary variable saddr (jsc#PED-377). +- RDMA/irdma: Use net_type to check network type (jsc#PED-377). +- RDMA/irdma: Remove excess error variables (jsc#PED-377). +- RDMA/irdma: Propagate error codes (jsc#PED-377). +- RDMA/irdma: Add support for DSCP (jsc#PED-377). +- RDMA/irdma: Refactor DCB bits in prep for DSCP support + (jsc#PED-377). +- ice: add trace events for tx timestamps (jsc#PED-376). +- ice: fix return value check in ice_gnss.c (jsc#PED-376). +- ice: Fix inconsistent indenting in ice_switch (jsc#PED-376). +- gtp: Fix inconsistent indenting (jsc#PED-376). +- ice: remove PF pointer from ice_check_vf_init (jsc#PED-376). +- ice: cleanup long lines in ice_sriov.c (jsc#PED-376). +- ice: introduce ICE_VF_RESET_LOCK flag (jsc#PED-376). +- ice: introduce ICE_VF_RESET_NOTIFY flag (jsc#PED-376). +- ice: convert ice_reset_vf to take flags (jsc#PED-376). +- ice: convert ice_reset_vf to standard error codes (jsc#PED-376). +- ice: make ice_reset_all_vfs void (jsc#PED-376). +- ice: drop is_vflr parameter from ice_reset_all_vfs + (jsc#PED-376). +- ice: move reset functionality into ice_vf_lib.c (jsc#PED-376). +- ice: fix a long line warning in ice_reset_vf (jsc#PED-376). +- ice: introduce VF operations structure for reset flows + (jsc#PED-376). +- ice: introduce ice_vf_lib.c, ice_vf_lib.h, and + ice_vf_lib_private.h (jsc#PED-376). +- ice: use ice_is_vf_trusted helper function (jsc#PED-376). +- ice: log an error message when eswitch fails to configure + (jsc#PED-376). +- ice: cleanup error logging for ice_ena_vfs (jsc#PED-376). +- ice: move ice_set_vf_port_vlan near other .ndo ops + (jsc#PED-376). +- ice: refactor spoofchk control code in ice_sriov.c + (jsc#PED-376). +- ice: rename ICE_MAX_VF_COUNT to avoid confusion (jsc#PED-376). +- ice: remove unused definitions from ice_sriov.h (jsc#PED-376). +- ice: convert vf->vc_ops to a const pointer (jsc#PED-376). +- ice: remove circular header dependencies on ice.h (jsc#PED-376). +- ice: rename ice_sriov.c to ice_vf_mbx.c (jsc#PED-376). +- ice: Support GTP-U and GTP-C offload in switchdev (jsc#PED-376). +- ice: Fix FV offset searching (jsc#PED-376). +- gtp: Add support for checking GTP device type (jsc#PED-376). +- net/sched: Allow flower to match on GTP options (jsc#PED-376). +- gtp: Implement GTP echo request (jsc#PED-376). +- gtp: Implement GTP echo response (jsc#PED-376). +- gtp: Allow to create GTP device without FDs (jsc#PED-376). +- flow_dissector: Add support for HSRv0 (jsc#PED-376). +- ice: Add support for outer dest MAC for ADQ tunnels + (jsc#PED-376). +- ice: avoid XDP checks in ice_clean_tx_irq() (jsc#PED-376). +- ice: change "can't set link" message to dbg level (jsc#PED-376). +- ice: Add slow path offload stats on port representor in + switchdev (jsc#PED-376). +- ice: Add support for inner etype in switchdev (jsc#PED-376). +- ice: xsk: fix GCC version checking against pragma unroll + presence (jsc#PED-376). +- ice: convert ice_for_each_vf to include VF entry iterator + (jsc#PED-376). +- ice: use ice_for_each_vf for iteration during removal + (jsc#PED-376). +- ice: remove checks in ice_vc_send_msg_to_vf (jsc#PED-376). +- ice: move VFLR acknowledge during ice_free_vfs (jsc#PED-376). +- ice: move clear_malvf call in ice_free_vfs (jsc#PED-376). +- ice: pass num_vfs to ice_set_per_vf_res() (jsc#PED-376). +- ice: store VF pointer instead of VF ID (jsc#PED-376). +- ice: refactor unwind cleanup in eswitch mode (jsc#PED-376). +- flow_dissector: Add support for HSR (jsc#PED-376). +- ice: Add ability for PF admin to enable VF VLAN pruning + (jsc#PED-376). +- ice: Add support for 802.1ad port VLANs VF (jsc#PED-376). +- ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev + (jsc#PED-376). +- ice: Support configuring the device to Double VLAN Mode + (jsc#PED-376). +- ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-376). +- ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads + (jsc#PED-376). +- ice: Add outer_vlan_ops and VSI specific VLAN ops + implementations (jsc#PED-376). +- ice: Adjust naming for inner VLAN operations (jsc#PED-376). +- ice: Use the proto argument for VLAN ops (jsc#PED-376). +- ice: Refactor vf->port_vlan_info to use ice_vlan (jsc#PED-376). +- ice: Introduce ice_vlan struct (jsc#PED-376). +- ice: Add new VSI VLAN ops (jsc#PED-376). +- ice: Add helper function for adding VLAN 0 (jsc#PED-376). +- ice: Refactor spoofcheck configuration functions (jsc#PED-376). +- ice: xsk: Borrow xdp_tx_active logic from i40e (jsc#PED-376). +- ice: xsk: Improve AF_XDP ZC Tx and use batching API + (jsc#PED-376). +- ice: xsk: Avoid potential dead AF_XDP Tx processing + (jsc#PED-376). +- ice: Make Tx threshold dependent on ring length (jsc#PED-376). +- ice: xsk: Handle SW XDP ring wrap and bump tail more often + (jsc#PED-376). +- ice: xsk: Force rings to be sized to power of 2 (jsc#PED-376). +- ice: Remove likely for napi_complete_done (jsc#PED-376). +- ice: add support for DSCP QoS for IDC (jsc#PED-376). +- ice: respect metadata in legacy-rx/ice_construct_skb() + (jsc#PED-376). +- ice: Remove useless DMA-32 fallback configuration (jsc#PED-376). +- ice: destroy flow director filter mutex after releasing VSIs + (jsc#PED-376). +- ice: Match on all profiles in slow-path (jsc#PED-376). +- RDMA/irdma: Remove the redundant return (jsc#PED-377). +- RDMA/irdma: Make the source udp port vary (jsc#PED-377). +- RDMA/core: Calculate UDP source port based on flow label or + lqpn/rqpn (jsc#PED-377). +- RDMA/irdma: Fix the type used to declare a bitmap (jsc#PED-377). +- RDMA/irdma: Use helper function to set GUIDs (jsc#PED-377). +- RDMA/irdma: Use irq_update_affinity_hint() (jsc#PED-377). +- ice: Use bitmap_free() to free bitmap (jsc#PED-376). +- ice: Optimize a few bitmap operations (jsc#PED-376). +- ice: Slightly simply ice_find_free_recp_res_idx (jsc#PED-376). +- ice: improve switchdev's slow-path (jsc#PED-376). +- ice: replay advanced rules after reset (jsc#PED-376). +- ice: Add flow director support for channel mode (jsc#PED-376). +- skbuff: introduce skb_pull_data (jsc#PED-376). +- ice: switch to napi_build_skb() (jsc#PED-376). +- ice: trivial: fix odd indenting (jsc#PED-376). +- ice: exit bypass mode once hardware finishes timestamp + calibration (jsc#PED-376). +- ice: ensure the hardware Clock Generation Unit is configured + (jsc#PED-376). +- ice: convert clk_freq capability into time_ref (jsc#PED-376). +- ice: introduce ice_ptp_init_phc function (jsc#PED-376). +- ice: use 'int err' instead of 'int status' in ice_ptp_hw.c + (jsc#PED-376). +- ice: PTP: move setting of tstamp_config (jsc#PED-376). +- ice: introduce ice_base_incval function (jsc#PED-376). +- ice: Fix E810 PTP reset flow (jsc#PED-376). +- ice: use modern kernel API for kick (jsc#PED-376). +- ice: tighter control over VSI_DOWN state (jsc#PED-376). +- ice: use prefetch methods (jsc#PED-376). +- ice: update to newer kernel API (jsc#PED-376). +- ice: support immediate firmware activation via devlink reload + (jsc#PED-376). +- ice: reduce time to read Option ROM CIVD data (jsc#PED-376). +- ice: move ice_devlink_flash_update and merge with + ice_flash_pldm_image (jsc#PED-376). +- ice: move and rename ice_check_for_pending_update (jsc#PED-376). +- ice: devlink: add shadow-ram region to snapshot Shadow RAM + (jsc#PED-376). +- ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (jsc#PED-376). +- ice: Remove unnecessary casts (jsc#PED-376). +- ice: Remove excess error variables (jsc#PED-376). +- ice: Cleanup after ice_status removal (jsc#PED-376). +- ice: Remove enum ice_status (jsc#PED-376). +- ice: Use int for ice_status (jsc#PED-376). +- ice: Refactor status flow for DDP load (jsc#PED-376). +- ice: Refactor promiscuous functions (jsc#PED-376). +- ice: refactor PTYPE validating (jsc#PED-376). +- ice: Add package PTYPE enable information (jsc#PED-376). +- gtp: use skb_dst_update_pmtu_no_confirm() instead of direct call + (jsc#PED-376). +- dissector: do not set invalid PPP protocol (jsc#PED-376). +- net: phy: enhance GPY115 loopback disable function + (jsc#PED-829). +- net: phy: add API to read 802.3-c45 IDs (jsc#PED-829). +- commit 172341e + +- usb: core: devices: remove dead code under #ifdef PROC_EXTRA + (jsc#PED-531). +- commit ffed5f4 + +- arm64: numa: Don't check node against MAX_NUMNODES + (jsc#PED-1408). +- arm64: Simplify checking for populated DT (jsc#PED-1408). +- commit 87c5b07 + +- Revert "usb: host: xhci: mvebu: make USB 3.0 PHY optional for + Armada 3720" (jsc#PED-531). +- commit a68eb3d + +- xhci: omit mem read just after allocation of trb (jsc#PED-531). +- commit 9657cdf + +- usb: xhci: fix minmax.cocci warnings (jsc#PED-531). +- commit 31c9b81 + +- usb: host: xhci: drop redundant checks (jsc#PED-531). +- commit 8545650 + +- xhci: Allocate separate command structures for each LPM command + (git-fixes). +- commit 3b8bc54 + +- xhci: dbgtty: use IDR to support several dbc instances + (jsc#PED-531). +- commit 7b43f4d + +- xhci: dbc: Don't call dbc_tty_init() on every dbc tty probe + (jsc#PED-531). +- commit c0f4051 + +- net: mscc: ocelot: add MAC table stream learn and lookup + operations (jsc#PED-1549). +- Refresh + patches.suse/net-mscc-ocelot-use-index-to-set-vcap-policer.patch. +- commit 210cb02 + +- usb: host: xhci-mtk: Simplify supplies handling with + regulator_bulk (jsc#PED-531). +- commit bc712ac + +- net: mscc: ocelot: serialize access to the MAC table + (jsc#PED-1549). +- commit fb07363 + +- ACPI: Make acpi_node_get_parent() local (jsc#PED-1408). +- ACPI: video: use platform backlight driver on Xiaomi Mi Pad 2 + (jsc#PED-1408). +- ACPI: video: Drop dmi_system_id.ident settings from + video_detect_dmi_table (jsc#PED-1408). +- ACPI: EC: Remove initialization of static variables to false + (jsc#PED-1408). +- ACPI: EC: Use ec_no_wakeup on HP ZHAN 66 Pro (jsc#PED-1408). +- ACPI: Drop ACPI_USE_BUILTIN_STDARG ifdef from acgcc.h + (jsc#PED-1408). +- ACPI: Add a convenience function to tell a device is in D0 state + (jsc#PED-1408). +- ACPI: scan: Obtain device's desired enumeration power state + (jsc#PED-1408). +- ACPI: PRM: Handle memory allocation and memory remap failure + (jsc#PED-1408). +- ACPI: PRM: Remove unnecessary blank lines (jsc#PED-1408). +- ACPI: APEI: mark apei_hest_parse() static (jsc#PED-1408). +- ACPI: APEI: EINJ: Relax platform response timeout to 1 second + (jsc#PED-1408). +- ACPI: PM: sleep: Do not set suspend_ops unnecessarily + (jsc#PED-1408). +- ACPI: PM: Turn off wakeup power resources on _DSW/_PSW errors + (jsc#PED-1408). +- ACPI: PM: Check states of power resources during initialization + (jsc#PED-1408). +- ACPI: LPSS: Use ACPI_COMPANION() directly (jsc#PED-1408). +- ACPI: PNP: remove duplicated BRI0A49 and BDP3336 entries + (jsc#PED-1408). +- ACPI: glue: Use acpi_device_adr() in acpi_find_child_device() + (jsc#PED-1408). +- ACPI: glue: Look for ACPI bus type only if ACPI companion is + not known (jsc#PED-1408). +- ACPI: glue: Drop cleanup callback from struct acpi_bus_type + (jsc#PED-1408). +- ACPI: replace snprintf() in "show" functions with sysfs_emit() + (jsc#PED-1408). +- ACPI: Kconfig: Fix a typo in Kconfig (jsc#PED-1408). +- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (jsc#PED-1408). +- x86/ACPI: Don't add CPUs that are not online capable + (jsc#PED-1408). +- ACPICA: Add support for MADT online enabled bit (jsc#PED-1408). +- ACPICA: Update version to 20210930 (jsc#PED-1408). +- ACPICA: iASL table disassembler: Added disassembly support + for the NHLT ACPI table (jsc#PED-1408). +- ACPICA: ACPI 6.4 SRAT: add Generic Port Affinity type + (jsc#PED-1408). +- ACPICA: Add support for Windows 2020 _OSI string (jsc#PED-1408). +- hwmon: (acpi_power_meter) Use acpi_bus_get_acpi_device() + (jsc#PED-1408). +- commit f5b4569 + +- net/mlx5: Reduce kconfig complexity while building crypto + support (jsc#PED-1549). +- Update config files. +- commit 855cd57 + +- net/mlx5_fpga: Drop INNOVA IPsec support (jsc#PED-1549). +- Update config files. +- commit 578a0d4 + +- net/mlx5_fpga: Drop INNOVA TLS support (jsc#PED-1549). +- Update config files. +- commit 795dab1 + +- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state + (jsc#PED-1549). +- Refresh + patches.suse/net-mlx5e-Fix-trust-state-reset-in-reload.patch. +- commit 471621b + +- ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly + (jsc#PED-373). +- Refresh + patches.suse/ixgbe-don-t-reserve-excessive-XDP_PACKET_HEADROOM-on.patch. +- Refresh + patches.suse/ixgbe-respect-metadata-on-XSK-Rx-to-skb.patch. +- commit 7177fc1 + +- net/mlx5: Disable SRIOV before PF removal (jsc#PED-1549). +- Refresh + patches.suse/net-mlx5-Drain-fw_reset-when-removing-device.patch. +- commit f8869cb + +- i40e: Add ensurance of MacVlan resources for every trusted VF + (jsc#PED-372). +- Refresh + patches.suse/i40e-stop-disabling-VFs-due-to-PF-error-responses.patch. +- commit 820414c + +- flow_offload: validate flags of filter and actions + (jsc#PED-1549). +- Refresh + patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch. +- commit 45cd6c8 + +- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload + enable/disable (jsc#PED-835). +- Refresh + patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch. +- commit 9e30247 + +- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath + (jsc#PED-835). +- Refresh + patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch. +- commit 8b35988 + +- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation + (jsc#PED-835). +- Refresh + patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch. +- commit c795d27 + +- iavf: Add trace while removing device (jsc#PED-835). +- Refresh + patches.suse/iavf-Rework-mutexes-for-better-synchronisation.patch. +- commit 5cee973 + +- net/sched: Extend qdisc control block with tc control block + (jsc#PED-1549). +- Refresh + patches.suse/net-Don-t-include-filter.h-from-net-sock.h.patch. +- commit f04ca77 + +- mlxsw: spectrum: Use PLLP to get front panel number and split + number (jsc#PED-1549). +- Refresh + patches.suse/mlxsw-spectrum-Use-PMTDB-register-to-obtain-split-in.patch. +- commit 4d99513 + +- mlxsw: reg: Add Port Local port to Label Port mapping Register + (jsc#PED-1549). +- Refresh + patches.suse/mlxsw-reg-Add-Port-Module-To-local-DataBase-Register.patch. +- commit a1f7333 + +- vduse: Introduce VDUSE - vDPA Device in Userspace + (jsc#PED-1549). +- Update config files. +- commit 0310e1b + +- vdpa/mlx5: Add support for control VQ and MAC setting + (jsc#PED-1549). +- Refresh + patches.suse/RDMA-mlx5-Replace-struct-mlx5_core_mkey-by-u32-key.patch. +- commit df0ceb2 + +- i40e: Fix incorrect address type for IPv6 flow rules + (jsc#PED-372). +- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter + (jsc#PED-373). +- net/mlx5: Unlock on error in mlx5_sriov_enable() (jsc#PED-1549). +- net/mlx5e: Fix use after free in mlx5e_fs_init() (jsc#PED-1549). +- net/mlx5e: kTLS, Use _safe() iterator in + mlx5e_tls_priv_tx_list_cleanup() (jsc#PED-1549). +- net/mlx5: unlock on error path in + esw_vfs_changed_event_handler() (jsc#PED-1549). +- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off + (jsc#PED-1549). +- net/mlx5e: TC, Add missing policer validation (jsc#PED-1549). +- net/mlx5e: Fix wrong application of the LRO state + (jsc#PED-1549). +- net/mlx5: Avoid false positive lockdep warning by adding + lock_class_key (jsc#PED-1549). +- net/mlx5: Fix cmd error logging for manage pages cmd + (jsc#PED-1549). +- net/mlx5: Disable irq when locking lag_lock (jsc#PED-1549). +- net/mlx5: Eswitch, Fix forwarding decision to uplink + (jsc#PED-1549). +- net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY + (jsc#PED-1549). +- net/mlx5e: Properly disable vlan strip on non-UL reps + (jsc#PED-1549). +- RDMA/mlx5: Use the proper number of ports (jsc#PED-1552). +- igb: Add lock to avoid data race (jsc#PED-370). +- net/mlx5e: Allocate flow steering storage during uplink + initialization (jsc#PED-1549). +- i40e: Fix to stop tx_timeout recovery if GLOBR fails + (jsc#PED-372). +- i40e: Fix tunnel checksum offload with fragmented traffic + (jsc#PED-372). +- iavf: Fix deadlock in initialization (jsc#PED-835). +- iavf: Fix reset error handling (jsc#PED-835). +- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings + (jsc#PED-835). +- iavf: Fix adminq error handling (jsc#PED-835). +- vdpa/mlx5: Fix possible uninitialized return value + (jsc#PED-1549). +- vhost-vdpa: uAPI to suspend the device (jsc#PED-1549). +- vhost-vdpa: introduce SUSPEND backend feature bit + (jsc#PED-1549). +- vdpa: Add suspend operation (jsc#PED-1549). +- vhost-vdpa: Call ida_simple_remove() when failed (jsc#PED-1549). +- vDPA/ifcvf: support userspace to query features and MQ of a + management device (jsc#PED-1549). +- vdpa/mlx5: Support different address spaces for control and data + (jsc#PED-1549). +- vdpa/mlx5: Implement susupend virtqueue callback (jsc#PED-1549). +- vdpa: ifcvf: Fix spelling mistake in comments (jsc#PED-1549). +- vdpa/mlx5: Use eth_broadcast_addr() to assign broadcast address + (jsc#PED-1549). +- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#PED-1549). +- bnxt_en: Remove duplicated include bnxt_devlink.c + (jsc#PED-1495). +- RDMA/mlx5: Add missing check for return value in get namespace + flow (jsc#PED-1552). +- RDMA/mlx5: Rename the mkey cache variables and functions + (jsc#PED-1552). +- RDMA/mlx5: Store in the cache mkeys instead of mrs + (jsc#PED-1552). +- RDMA/mlx5: Store the number of in_use cache mkeys instead of + total_mrs (jsc#PED-1552). +- RDMA/mlx5: Replace cache list with Xarray (jsc#PED-1552). +- RDMA/mlx5: Replace ent->lock with xa_lock (jsc#PED-1552). +- RDMA/mlx5: Expose steering anchor to userspace (jsc#PED-1552). +- RDMA/mlx5: Refactor get flow table function (jsc#PED-1552). +- net/mlx5: fs, allow flow table creation with a UID + (jsc#PED-1549). +- net/mlx5: fs, expose flow table ID to users (jsc#PED-1549). +- net/mlx5: Expose the ability to point to any UID from shared + UID (jsc#PED-1549). +- RDMA/mlx5: Add a umr recovery flow (jsc#PED-1552). +- net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ + (jsc#PED-1549). +- iavf: Fix 'tc qdisc show' listing too many queues (jsc#PED-835). +- iavf: Fix max_rate limiting (jsc#PED-835). +- net/mlx5: Fix driver use of uninitialized timeout + (jsc#PED-1549). +- net/mlx5: DR, Fix SMFS steering info dump format (jsc#PED-1549). +- net/mlx5: Adjust log_max_qp to be 18 at most (jsc#PED-1549). +- net/mlx5e: Modify slow path rules to go to slow fdb + (jsc#PED-1549). +- net/mlx5e: Fix calculations related to max MPWQE size + (jsc#PED-1549). +- net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ + size (jsc#PED-1549). +- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS + (jsc#PED-1549). +- net/mlx5e: TC, Fix post_act to not match on in_port metadata + (jsc#PED-1549). +- net/mlx5e: Remove WARN_ON when trying to offload an unsupported + TLS cipher/version (jsc#PED-1549). +- igb: convert .adjfreq to .adjfine (jsc#PED-370). +- ixgbe: convert .adjfreq to .adjfine (jsc#PED-373). +- i40e: convert .adjfreq to .adjfine (jsc#PED-372). +- i40e: use mul_u64_u64_div_u64 for PTP frequency calculation + (jsc#PED-372). +- net: devlink: convert reload command to take implicit + devlink->lock (jsc#PED-1549). +- net/mlx5e: Move mlx5e_init_l2_addr to en_main (jsc#PED-1549). +- net/mlx5e: Split en_fs ndo's and move to en_main (jsc#PED-1549). +- net/mlx5e: Separate mlx5e_set_rx_mode_work and move caller to + en_main (jsc#PED-1549). +- net/mlx5e: Add mdev to flow_steering struct (jsc#PED-1549). +- net/mlx5e: Report flow steering errors with mdev err report API + (jsc#PED-1549). +- net/mlx5e: Convert mlx5e_flow_steering member of mlx5e_priv + to pointer (jsc#PED-1549). +- net/mlx5e: Allocate VLAN and TC for featured profiles only + (jsc#PED-1549). +- net/mlx5e: Make mlx5e_tc_table private (jsc#PED-1549). +- net/mlx5e: Convert mlx5e_tc_table member of mlx5e_flow_steering + to pointer (jsc#PED-1549). +- net/mlx5e: TC, Support tc action api for police (jsc#PED-1549). +- net/mlx5e: TC, Separate get/update/replace meter functions + (jsc#PED-1549). +- net/mlx5e: Add red and green counters for metering + (jsc#PED-1549). +- net/mlx5e: TC, Allocate post meter ft per rule (jsc#PED-1549). +- net/mlx5: DR, Add support for flow metering ASO (jsc#PED-1549). +- devlink: Hold the instance lock in health callbacks + (jsc#PED-1549). +- net/mlx5: Lock mlx5 devlink health recovery callback + (jsc#PED-1549). +- net/mlx4: Lock mlx4 devlink reload callback (jsc#PED-1548). +- net/mlx4: Use devl_ API for devlink region create / destroy + (jsc#PED-1548). +- net/mlx5: Lock mlx5 devlink reload callbacks (jsc#PED-1549). +- net/mlx5: Move fw reset unload to mlx5_fw_reset_complete_reload + (jsc#PED-1549). +- net: devlink: remove region snapshots list dependency on + devlink->lock (jsc#PED-1549). +- net: devlink: remove region snapshot ID tracking dependency + on devlink->lock (jsc#PED-1549). +- bnxt_en: implement callbacks for devlink selftests + (jsc#PED-1495). +- devlink: introduce framework for selftests (jsc#PED-1549). +- net/mlx5e: kTLS, Dynamically re-size TX recycling pool + (jsc#PED-1549). +- net/mlx5e: kTLS, Recycle objects of device-offloaded TLS TX + connections (jsc#PED-1549). +- net/mlx5e: kTLS, Take stats out of OOO handler (jsc#PED-1549). +- net/mlx5e: kTLS, Introduce TLS-specific create TIS + (jsc#PED-1549). +- net: devlink: remove redundant net_eq() check from + sb_pool_get_dumpit() (jsc#PED-1549). +- net: devlink: introduce nested devlink entity for line card + (jsc#PED-1549). +- net: devlink: move net check into + devlinks_xa_for_each_registered_get() (jsc#PED-1549). +- net: devlink: make sure that devlink_try_get() works with + valid pointer during xarray iteration (jsc#PED-1549). +- iavf: Check for duplicate TC flower filter before parsing + (jsc#PED-835). +- i40e: Refactor tc mqprio checks (jsc#PED-372). +- mlxsw: core: Fix use-after-free calling devl_unlock() in + mlxsw_core_bus_device_unregister() (jsc#PED-1549). +- net/mlx5: CT: Remove warning of ignore_flow_level support for + non PF (jsc#PED-1549). +- net/mlx5e: Add resiliency for PTP TX port timestamp + (jsc#PED-1549). +- net/mlx5: Expose ts_cqe_metadata_size2wqe_counter + (jsc#PED-1549). +- net/mlx5e: HTB, move htb functions to a new file (jsc#PED-1549). +- net/mlx5e: HTB, change functions name to follow convention + (jsc#PED-1549). +- net/mlx5e: HTB, remove priv from htb function calls + (jsc#PED-1549). +- net/mlx5e: HTB, hide and dynamically allocate mlx5e_htb + structure (jsc#PED-1549). +- net/mlx5e: HTB, move stats and max_sqs to priv (jsc#PED-1549). +- net/mlx5e: HTB, move section comment to the right place + (jsc#PED-1549). +- net/mlx5e: HTB, move ids to selq_params struct (jsc#PED-1549). +- net/mlx5e: HTB, reduce visibility of htb functions + (jsc#PED-1549). +- net/mlx5e: Fix mqprio_rl handling on devlink reload + (jsc#PED-1549). +- net/mlx5e: Report header-data split state through ethtool + (jsc#PED-1549). +- igc: Remove forced_speed_duplex value (jsc#PED-375). +- igc: Remove MSI-X PBA Clear register (jsc#PED-375). +- igc: Lift TAPRIO schedule restriction (jsc#PED-375). +- net: devlink: remove unused locked functions (jsc#PED-1549). +- netdevsim: convert driver to use unlocked devlink API during + init/fini (jsc#PED-1549). +- net: devlink: add unlocked variants of + devlink_region_create/destroy() functions (jsc#PED-1549). +- mlxsw: convert driver to use unlocked devlink API during + init/fini (jsc#PED-1549). +- net: devlink: add unlocked variants of devlink_dpipe*() + functions (jsc#PED-1549). +- net: devlink: add unlocked variants of devlink_sb*() functions + (jsc#PED-1549). +- net: devlink: add unlocked variants of devlink_resource*() + functions (jsc#PED-1549). +- net: devlink: add unlocked variants of devling_trap*() functions + (jsc#PED-1549). +- net: devlink: avoid false DEADLOCK warning reported by lockdep + (jsc#PED-1549). +- net/mlx5e: Remove the duplicating check for striding RQ when + enabling LRO (jsc#PED-1549). +- net/mlx5e: Move the LRO-XSK check to mlx5e_fix_features + (jsc#PED-1549). +- net/mlx5e: Extend flower police validation (jsc#PED-1549). +- net/mlx5e: configure meter in flow action (jsc#PED-1549). +- net/mlx5e: Removed useless code in function (jsc#PED-1549). +- net/mlx5: Bridge, implement QinQ support (jsc#PED-1549). +- net/mlx5: Bridge, implement infrastructure for VLAN protocol + change (jsc#PED-1549). +- net/mlx5: Bridge, extract VLAN push/pop actions creation + (jsc#PED-1549). +- net/mlx5: Bridge, rename filter fg to vlan_filter + (jsc#PED-1549). +- net/mlx5: Bridge, refactor groups sizes and indices + (jsc#PED-1549). +- net/mlx5: debugfs, Add num of in-use FW command interface slots + (jsc#PED-1549). +- net/mlx5: Expose vnic diagnostic counters for eswitch managed + vports (jsc#PED-1549). +- net/mlx5: Use software VHCA id when it's supported + (jsc#PED-1549). +- net/mlx5: Introduce ifc bits for using software vhca id + (jsc#PED-1549). +- net/mlx5: Use the bitmap API to allocate bitmaps (jsc#PED-1549). +- net: devlink: fix return statement in devlink_port_new_notify() + (jsc#PED-1549). +- net: devlink: fix a typo in function name + devlink_port_new_notifiy() (jsc#PED-1549). +- net: devlink: make devlink_dpipe_headers_register() return void + (jsc#PED-1549). +- net: devlink: use helpers to work with devlink->lock mutex + (jsc#PED-1549). +- net: devlink: fix unlocked vs locked functions descriptions + (jsc#PED-1549). +- igb: add xdp frags support to ndo_xdp_xmit (jsc#PED-370). +- devlink: Hold the instance lock in port_new / port_del callbacks + (jsc#PED-1549). +- net/mlx5: Remove devl_unlock from mlx5_devlink_eswitch_mode_set + (jsc#PED-1549). +- net/mlx5: Use devl_ API in mlx5e_devlink_port_register + (jsc#PED-1549). +- devlink: Remove unused functions + devlink_rate_leaf_create/destroy (jsc#PED-1549). +- net/mlx5: Use devl_ API in mlx5_esw_devlink_sf_port_register + (jsc#PED-1549). +- net/mlx5: Use devl_ API in + mlx5_esw_offloads_devlink_port_register (jsc#PED-1549). +- devlink: Remove unused function devlink_rate_nodes_destroy + (jsc#PED-1549). +- net/mlx5: Use devl_ API for rate nodes destroy (jsc#PED-1549). +- net/mlx5: Remove devl_unlock from + mlx5_eswtich_mode_callback_enter (jsc#PED-1549). +- net/mlx5: fix 32bit build (jsc#PED-1549). +- net/mlx5e: TC, Support offloading police action (jsc#PED-1549). +- net/mlx5e: Add flow_action to parse state (jsc#PED-1549). +- net/mlx5e: Add post meter table for flow metering + (jsc#PED-1549). +- net/mlx5e: Add generic macros to use metadata register mapping + (jsc#PED-1549). +- net/mlx5e: Get or put meter by the index of tc police action + (jsc#PED-1549). +- net/mlx5e: Add support to modify hardware flow meter parameters + (jsc#PED-1549). +- net/mlx5e: Prepare for flow meter offload if hardware supports + it (jsc#PED-1549). +- net/mlx5: Implement interfaces to control ASO SQ and CQ + (jsc#PED-1549). +- net/mlx5: Add support to create SQ and CQ for ASO + (jsc#PED-1549). +- net/mlx5: E-switch: Change eswitch mode only via devlink command + (jsc#PED-1549). +- net/mlx5: E-switch, Remove dependency between sriov and eswitch + mode (jsc#PED-1549). +- net/mlx5: E-switch, Introduce flag to indicate if fdb table + is created (jsc#PED-1549). +- net/mlx5: E-switch, Introduce flag to indicate if vport acl + namespace is created (jsc#PED-1549). +- net/mlx5: delete dead code in mlx5_esw_unlock() (jsc#PED-1549). +- net/mlx5: Delete ipsec_fs header file as not used + (jsc#PED-1549). +- intel/ixgbevf:fix repeated words in comments (jsc#PED-373). +- intel/igc:fix repeated words in comments (jsc#PED-375). +- intel/igbvf:fix repeated words in comments (jsc#PED-370). +- intel/igb:fix repeated words in comments (jsc#PED-370). +- intel/iavf:fix repeated words in comments (jsc#PED-835). +- intel/i40e:fix repeated words in comments (jsc#PED-372). +- ixgbe: drop unexpected word 'for' in comments (jsc#PED-373). +- igb: remove unexpected word "the" (jsc#PED-370). +- ixgbe: remove unexpected word "the" (jsc#PED-373). +- i40e: read the XDP program once per NAPI (jsc#PED-372). +- intel/i40e: delete if NULL check before dev_kfree_skb + (jsc#PED-372). +- i40e: Remove unnecessary synchronize_irq() before free_irq() + (jsc#PED-372). +- i40e: Add support for ethtool -s speed + (jsc#PED-372). +- mlxsw: Add a resource describing number of RIFs (jsc#PED-1549). +- mlxsw: Keep track of number of allocated RIFs (jsc#PED-1549). +- i40e: add xdp frags support to ndo_xdp_xmit (jsc#PED-372). +- net/mlx5: Add bits and fields to support enhanced CQE + compression (jsc#PED-1549). +- net/mlx5: Remove not used MLX5_CAP_BITS_RW_MASK (jsc#PED-1549). +- net/mlx5: group fdb cleanup to single function (jsc#PED-1549). +- net/mlx5: Add support EXECUTE_ASO action for flow entry + (jsc#PED-1549). +- net/mlx5: Add HW definitions of vport debug counters + (jsc#PED-1549). +- net/mlx5: Add IFC bits and enums for flow meter (jsc#PED-1549). +- RDMA/mlx5: Support handling of modify-header pattern ICM area + (jsc#PED-1552). +- net/mlx5: Manage ICM of type modify-header pattern + (jsc#PED-1549). +- net/mlx5: Introduce header-modify-pattern ICM properties + (jsc#PED-1549). +- drivers/net/ethernet/intel: fix typos in comments (jsc#PED-373). +- ixgbe: Fix typos in comments (jsc#PED-373). +- igb: Remove duplicate defines (jsc#PED-370). +- drivers, ixgbe: export vf statistics (jsc#PED-373). +- devlink: adopt u64_stats_t (jsc#PED-1549). +- iavf: Add waiting for response from PF in set mac (jsc#PED-835). +- i40e: Add VF VLAN pruning (jsc#PED-372). +- i40e: Fix interface init with MSI interrupts (no MSI-X) + (jsc#PED-372). +- iavf: Fix missing state logs (jsc#PED-835). +- iavf: Fix handling of dummy receive descriptors (jsc#PED-835). +- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq + (jsc#PED-835). +- iavf: Fix VLAN_V2 addition/rejection (jsc#PED-835). +- ixgbe: Add locking to prevent panic when setting sriov_numvfs + to zero (jsc#PED-373). +- i40e: Fix erroneous adapter reinitialization during recovery + process (jsc#PED-372). +- igc: Reinstate IGC_REMOVED logic and implement it properly + (jsc#PED-375). +- net/mlx5e: Ring the TX doorbell on DMA errors (jsc#PED-1549). +- net/mlx5e: Fix capability check for updating vnic env counters + (jsc#PED-1549). +- net/mlx5e: CT: Use own workqueue instead of mlx5e priv + (jsc#PED-1549). +- net/mlx5: Lag, correct get the port select mode str + (jsc#PED-1549). +- net/mlx5e: Fix enabling sriov while tc nic rules are offloaded + (jsc#PED-1549). +- net/mlx5e: kTLS, Fix build time constant test in RX + (jsc#PED-1549). +- net/mlx5e: kTLS, Fix build time constant test in TX + (jsc#PED-1549). +- net/mlx5: Lag, decouple FDB selection and shared FDB + (jsc#PED-1549). +- net/mlx5: TC, allow offload from uplink to other PF's VF + (jsc#PED-1549). +- i40e: Fix VF's MAC Address change on VM (jsc#PED-372). +- i40e: Fix dropped jumbo frames statistics (jsc#PED-372). +- vhost-vdpa: call vhost_vdpa_cleanup during the release + (jsc#PED-1549). +- vdpa/mlx5: Initialize CVQ vringh only once (jsc#PED-1549). +- vdpa/mlx5: Update Control VQ callback information + (jsc#PED-1549). +- igb: Make DMA faster when CPU is active on the PCIe link + (jsc#PED-370). +- igb: fix a use-after-free issue in igb_clean_tx_ring + (jsc#PED-370). +- iavf: Fix issue with MAC address of VF shown as zero + (jsc#PED-835). +- i40e: Fix call trace in setup_tx_descriptors (jsc#PED-372). +- i40e: Fix calculating the number of queue pairs (jsc#PED-372). +- i40e: Fix adding ADQ filter to TC0 (jsc#PED-372). +- vdpa: make get_vq_group and set_group_asid optional + (jsc#PED-1549). +- vdpa/mlx5: clean up indenting in handle_ctrl_vlan() + (jsc#PED-1549). +- vdpa/mlx5: fix error code for deleting vlan (jsc#PED-1549). +- vdpa/mlx5: Fix syntax errors in comments (jsc#PED-1549). +- net/mlx5: fs, fail conflicting actions (jsc#PED-1549). +- net/mlx5: Rearm the FW tracer after each tracer event + (jsc#PED-1549). +- net/mlx5: E-Switch, pair only capable devices (jsc#PED-1549). +- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules + (jsc#PED-1549). +- Revert "net/mlx5e: Allow relaxed ordering over VFs" + (jsc#PED-1549). +- ixgbe: fix unexpected VLAN Rx in promisc mode on VF + (jsc#PED-373). +- ixgbe: fix bcast packets Rx on VF after promisc removal + (jsc#PED-373). +- mellanox: mlx5: avoid uninitialized variable warning with gcc-12 + (jsc#PED-1549). +- vdpa: Use helper for safer setting of driver_override + (jsc#PED-1549). +- driver: platform: Add helper for safer setting of + driver_override (jsc#PED-1549). +- vdpa: ifcvf: set pci driver data in probe (jsc#PED-1549). +- vdpa/mlx5: Add RX MAC VLAN filter support (jsc#PED-1549). +- vdpa/mlx5: Remove flow counter from steering (jsc#PED-1549). +- vhost-vdpa: return -EFAULT on copy_to_user() failure + (jsc#PED-1549). +- vDPA/ifcvf: fix uninitialized config_vector warning + (jsc#PED-1549). +- vdpa/vp_vdpa : add vdpa tool support in vp_vdpa (jsc#PED-1549). +- vhost-vdpa: support ASID based IOTLB API (jsc#PED-1549). +- vhost-vdpa: introduce uAPI to set group ASID (jsc#PED-1549). +- vhost-vdpa: uAPI to get virtqueue group id (jsc#PED-1549). +- vhost-vdpa: introduce uAPI to get the number of address spaces + (jsc#PED-1549). +- vhost-vdpa: introduce uAPI to get the number of virtqueue groups + (jsc#PED-1549). +- vhost-vdpa: introduce asid based IOTLB (jsc#PED-1549). +- vhost: support ASID in IOTLB API (jsc#PED-1549). +- vhost_iotlb: split out IOTLB initialization (jsc#PED-1549). +- vdpa: introduce config operations for associating ASID to a + virtqueue group (jsc#PED-1549). +- vdpa: multiple address spaces support (jsc#PED-1549). +- vdpa: introduce virtqueue groups (jsc#PED-1549). +- vhost-vdpa: switch to use vhost-vdpa specific IOTLB + (jsc#PED-1549). +- vhost-vdpa: passing iotlb to IOMMU mapping helpers + (jsc#PED-1549). +- vhost: move the backend feature bits to vhost_types.h + (jsc#PED-1549). +- vdpa/mlx5: Use readers/writers semaphore instead of mutex + (jsc#PED-1549). +- vdpa/mlx5: Add support for reading descriptor statistics + (jsc#PED-1549). +- net/vdpa: Use readers/writers semaphore instead of cf_mutex + (jsc#PED-1549). +- vdpa: Add support for querying vendor statistics (jsc#PED-1549). +- net/mlx5: Fix mlx5_get_next_dev() peer device matching + (jsc#PED-1549). +- net/mlx5e: Update netdev features after changing XDP state + (jsc#PED-1549). +- net/mlx5: correct ECE offset in query qp output (jsc#PED-1549). +- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race + condition (jsc#PED-1549). +- net/mlx5: CT: Fix header-rewrite re-use for tupels + (jsc#PED-1549). +- net/mlx5e: TC NIC mode, fix tc chains miss table (jsc#PED-1549). +- net/mlx5: Don't use already freed action pointer (jsc#PED-1549). +- net/mlx5: Expose mlx5_sriov_blocking_notifier_register / + unregister APIs (jsc#PED-1549). +- RDMA/mlx5: Remove duplicate pointer assignment in + mlx5_ib_alloc_implicit_mr() (jsc#PED-1552). +- RDMA/mlx5: Clean UMR QP type flow from mlx5_ib_post_send() + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update xlt + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update MR pas + (jsc#PED-1552). +- RDMA/mlx5: Move creation and free of translation tables to umr.c + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to rereg pd access + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to revoke MRs + (jsc#PED-1552). +- RDMA/mlx5: Introduce mlx5_umr_post_send_wait() (jsc#PED-1552). +- RDMA/mlx5: Expose wqe posting helpers outside of wr.c + (jsc#PED-1552). +- RDMA/mlx5: Simplify get_umr_update_access_mask() (jsc#PED-1552). +- RDMA/mlx5: Move mkey ctrl segment logic to umr.c (jsc#PED-1552). +- RDMA/mlx5: Move umr checks to umr.h (jsc#PED-1552). +- RDMA/mlx5: Move init and cleanup of UMR to umr.c (jsc#PED-1552). +- RDMA/mlx5: Fix flow steering egress flow (jsc#PED-1552). +- net/mlx5: fix typo in comment (jsc#PED-1549). +- net/mlx5: fix multiple definitions of mlx5_lag_mpesw_init / + mlx5_lag_mpesw_cleanup (jsc#PED-1549). +- net/mlx5: Support multiport eswitch mode (jsc#PED-1549). +- net/mlx5: Remove unused argument (jsc#PED-1549). +- net/mlx5: Lag, refactor lag state machine (jsc#PED-1549). +- net/mlx5e: Add XDP SQs to uplink representors steering tables + (jsc#PED-1549). +- net/mlx5e: Correct the calculation of max channels for rep + (jsc#PED-1549). +- net/mlx5e: CT: Add ct driver counters (jsc#PED-1549). +- net/mlx5e: Allow relaxed ordering over VFs (jsc#PED-1549). +- net/mlx5e: Support partial GSO for tunnels over vlans + (jsc#PED-1549). +- net/mlx5e: IPoIB, Improve ethtool rxnfc callback structure in + IPoIB (jsc#PED-1549). +- net/mlx5e: Allocate virtually contiguous memory for reps + structures (jsc#PED-1549). +- net/mlx5e: Allocate virtually contiguous memory for VLANs list + (jsc#PED-1549). +- net/mlx5: Allocate virtually contiguous memory in pci_irq.c + (jsc#PED-1549). +- net/mlx5: Allocate virtually contiguous memory in vport.c + (jsc#PED-1549). +- net/mlx5: Inline db alloc API function (jsc#PED-1549). +- net/mlx5: Add last command failure syndrome to debugfs + (jsc#PED-1549). +- net/mlx5: sparse: error: context imbalance in + 'mlx5_vf_get_core_dev' (jsc#PED-1549). +- ixgbe: add xdp frags support to ndo_xdp_xmit (jsc#PED-373). +- net/mlx5e: Use XFRM state direction instead of flags + (jsc#PED-1549). +- ixgbe: propagate XFRM offload state direction instead of flags + (jsc#PED-373). +- xfrm: store and rely on direction to construct offload flags + (jsc#PED-373). +- xfrm: rename xfrm_state_offload struct to allow reuse + (jsc#PED-373). +- xfrm: delete not used number of external headers (jsc#PED-373). +- xfrm: free not used XFRM_ESP_NO_TRAILER flag (jsc#PED-373). +- igc: Change type of the 'igc_check_downshift' method + (jsc#PED-375). +- igc: Remove unused phy_type enum (jsc#PED-375). +- igc: Remove igc_set_spd_dplx method (jsc#PED-375). +- net/mlx5: Lag, add debugfs to query hardware lag state + (jsc#PED-1549). +- net/mlx5: Lag, use buckets in hash mode (jsc#PED-1549). +- net/mlx5: Lag, refactor dmesg print (jsc#PED-1549). +- net/mlx5: Support devices with more than 2 ports (jsc#PED-1549). +- net/mlx5: Lag, use actual number of lag ports (jsc#PED-1549). +- net/mlx5: Lag, use hash when in roce lag on 4 ports + (jsc#PED-1549). +- net/mlx5: Lag, support single FDB only on 2 ports + (jsc#PED-1549). +- net/mlx5: Lag, store number of ports inside lag object + (jsc#PED-1549). +- net/mlx5: Lag, filter non compatible devices (jsc#PED-1549). +- net/mlx5: Lag, use lag lock (jsc#PED-1549). +- net/mlx5: Lag, move E-Switch prerequisite check into lag code + (jsc#PED-1549). +- net/mlx5: devcom only supports 2 ports (jsc#PED-1549). +- net/mlx5: Lag, expose number of lag ports (jsc#PED-1552). +- net/mlx5: Increase FW pre-init timeout for health recovery + (jsc#PED-1549). +- net/mlx5: Add exit route when waiting for FW (jsc#PED-1549). +- igb: Convert kmap() to kmap_local_page() (jsc#PED-370). +- ixgbe: Fix module_param allow_unsupported_sfp type + (jsc#PED-373). +- net/mlx5: Allow future addition of IPsec object modifiers + (jsc#PED-1549). +- net/mlx5: Don't perform lookup after already known sec_path + (jsc#PED-1549). +- net/mlx5: Cleanup XFRM attributes struct (jsc#PED-1549). +- net/mlx5: Remove not-supported ICV length (jsc#PED-1549). +- net/mlx5: Simplify IPsec capabilities logic (jsc#PED-1549). +- net/mlx5: Don't advertise IPsec netdev support for non-IPsec + device (jsc#PED-1549). +- net/mlx5: Make sure that no dangling IPsec FS pointers exist + (jsc#PED-1549). +- net/mlx5: Clean IPsec FS add/delete rules (jsc#PED-1549). +- net/mlx5: Simplify HW context interfaces by using SA entry + (jsc#PED-1549). +- net/mlx5: Remove indirections from esp functions (jsc#PED-1549). +- net/mlx5: Merge various control path IPsec headers into one file + (jsc#PED-1549). +- net/mlx5: Remove useless validity check (jsc#PED-1549). +- net/mlx5: Store IPsec ESN update work in XFRM state + (jsc#PED-1549). +- net/mlx5: Reduce useless indirection in IPsec FS add/delete + flows (jsc#PED-1549). +- net/mlx5: Don't hide fallback to software IPsec in FS code + (jsc#PED-1549). +- net/mlx5: Check IPsec TX flow steering namespace in advance + (jsc#PED-1549). +- net/mlx5: Simplify IPsec flow steering init/cleanup functions + (jsc#PED-1549). +- net/mlx5: fs, an FTE should have no dests when deleted + (jsc#PED-1549). +- net/mlx5: fs, call the deletion function of the node + (jsc#PED-1549). +- net/mlx5: fs, delete the FTE when there are no rules attached + to it (jsc#PED-1549). +- net/mlx5: fs, do proper bookkeeping for forward destinations + (jsc#PED-1549). +- net/mlx5: fs, add unused destination type (jsc#PED-1549). +- net/mlx5: fs, jump to exit point and don't fall through + (jsc#PED-1549). +- net/mlx5: fs, refactor software deletion rule (jsc#PED-1549). +- net/mlx5: fs, split software and IFC flow destination + definitions (jsc#PED-1549). +- net/mlx5e: TC, set proper dest type (jsc#PED-1549). +- net/mlx5e: Remove unused mlx5e_dcbnl_build_rep_netdev function + (jsc#PED-1549). +- net/mlx5e: Drop error CQE handling from the XSK RX handler + (jsc#PED-1549). +- net/mlx5: Print initializing field in case of timeout + (jsc#PED-1549). +- net/mlx5: Delete redundant default assignment of runtime + devlink params (jsc#PED-1549). +- net/mlx5: Remove useless kfree (jsc#PED-1549). +- net/mlx5: use kvfree() for kvzalloc() in + mlx5_ct_fs_smfs_matcher_create (jsc#PED-1549). +- i40e, xsk: Get rid of redundant 'fallthrough' (jsc#PED-372). +- ixgbe, xsk: Get rid of redundant 'fallthrough' (jsc#PED-373). +- mlx5, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-1549). +- ixgbe, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-373). +- i40e, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-372). +- ixgbe, xsk: Terminate Rx side of NAPI when XSK Rx queue gets + full (jsc#PED-373). +- i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full + (jsc#PED-372). +- ixgbe, xsk: Decorate IXGBE_XDP_REDIR with likely() + (jsc#PED-373). +- ipv6: Use ipv6_only_sock() helper in condition (jsc#PED-1549). +- mlxsw: spectrum: Introduce port mapping change event processing + (jsc#PED-1549). +- mlxsw: Narrow the critical section of devl_lock during ports + creation/removal (jsc#PED-1549). +- mlxsw: reg: Add Ports Mapping Event Configuration Register + (jsc#PED-1549). +- mlxsw: spectrum: Allocate port mapping array of structs instead + of pointers (jsc#PED-1549). +- devlink: add port to line card relationship set (jsc#PED-1549). +- devlink: implement line card active state (jsc#PED-1549). +- devlink: implement line card provisioning (jsc#PED-1549). +- devlink: add support to create line card and expose to user + (jsc#PED-1549). +- i40e: Add Ethernet Connection X722 for 10GbE SFP+ support + (jsc#PED-372). +- i40e: Add vsi.tx_restart to i40e ethtool stats (jsc#PED-372). +- i40e: Add tx_stopped stat (jsc#PED-372). +- i40e: Add support for MPLS + TSO (jsc#PED-372). +- net/mlx5: Remove not-implemented IPsec capabilities + (jsc#PED-1549). +- net/mlx5: Remove ipsec_ops function table (jsc#PED-1549). +- net/mlx5: Move IPsec file to relevant directory (jsc#PED-1549). +- net/mlx5: Remove not-needed IPsec config (jsc#PED-1549). +- net/mlx5: Align flow steering allocation namespace to common + style (jsc#PED-1549). +- net/mlx5: Unify device IPsec capabilities check (jsc#PED-1549). +- net/mlx5: Remove useless IPsec device checks (jsc#PED-1549). +- net/mlx5: Remove ipsec vs. ipsec offload file separation + (jsc#PED-1549). +- RDMA/mlx5: Drop crypto flow steering API (jsc#PED-1549). +- RDMA/mlx5: Delete never supported IPsec flow action + (jsc#PED-1552). +- net/mlx5: Remove FPGA ipsec specific statistics (jsc#PED-1549). +- net/mlx5: Remove XFRM no_trailer flag (jsc#PED-1549). +- net/mlx5: Remove not-used IDA field from IPsec struct + (jsc#PED-1549). +- net/mlx5: Delete metadata handling logic (jsc#PED-1549). +- IB/mlx5: Fix undefined behavior due to shift overflowing the + constant (jsc#PED-1549). +- net/mlx5: Cleanup kTLS function names and their exposure + (jsc#PED-1549). +- net/mlx5: Remove tls vs. ktls separation as it is the same + (jsc#PED-1549). +- net/mlx5: Remove indirection in TLS build (jsc#PED-1549). +- net/mlx5: Reliably return TLS device capabilities + (jsc#PED-1549). +- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples + (jsc#PED-1549). +- net/mlx5e: CT: Fix support for GRE tuples (jsc#PED-1549). +- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock + (jsc#PED-1549). +- net/mlx5: DR, Ignore modify TTL on RX if device doesn't support + it (jsc#PED-1549). +- net/mlx5: Initialize flow steering during driver probe + (jsc#PED-1549). +- net/mlx5: DR, Fix missing flow_source when creating + multi-destination FW table (jsc#PED-1549). +- vdpa/mlx5: Use consistent RQT size (jsc#PED-1549). +- net/mlx5e: Avoid checking offload capability in post_parse + action (jsc#PED-1549). +- net/mlx5e: TC, fix decap fallback to uplink when int port not + supported (jsc#PED-1549). +- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata + (jsc#PED-1549). +- net/mlx5e: Don't match double-vlan packets if cvlan is not set + (jsc#PED-1549). +- net/sched: flower: fix parsing of ethertype following VLAN + header (jsc#PED-1549). +- vdpa: mlx5: synchronize driver status with CVQ (jsc#PED-1549). +- vdpa: mlx5: prevent cvq work from hogging CPU (jsc#PED-1549). +- vdpa/mlx5: Avoid processing works if workqueue was destroyed + (jsc#PED-1549). +- vhost: handle error while adding split ranges to iotlb + (jsc#PED-1549). +- vdpa: support exposing the count of vqs to userspace + (jsc#PED-1549). +- vdpa: change the type of nvqs to u32 (jsc#PED-1549). +- vdpa: support exposing the config size to userspace + (jsc#PED-1549). +- vdpa/mlx5: re-create forwarding rules after mac modified + (jsc#PED-1549). +- net/mlx5: Add support for configuring max device MTU + (jsc#PED-1549). +- vDPA/ifcvf: implement shared IRQ feature (jsc#PED-1549). +- vDPA/ifcvf: implement device MSIX vector allocator + (jsc#PED-1549). +- vDPA/ifcvf: make use of virtio pci modern IO helpers in ifcvf + (jsc#PED-1549). +- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() + (jsc#PED-1552). +- RDMA/mlx5: Store ndescs instead of the translation table size + (jsc#PED-1552). +- RDMA/mlx5: Merge similar flows of allocating MR from the cache + (jsc#PED-1552). +- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent + (jsc#PED-1552). +- RDMA/mlx5: Delete useless module.h include (jsc#PED-1552). +- RDMA/mlx5: Delete get_num_static_uars function (jsc#PED-1552). +- net/mlx5e: Fix build warning, detected write beyond size of + field (jsc#PED-1549). +- net: veth: Account total xdp_frame len running ndo_xdp_xmit + (jsc#PED-373). +- devlink: hold the instance lock during eswitch_mode callbacks + (jsc#PED-1549). +- netdevsim: replace vfs_lock with devlink instance lock + (jsc#PED-1549). +- netdevsim: replace port_list_lock with devlink instance lock + (jsc#PED-1549). +- net/mlx5e: HTB, remove unused function declaration + (jsc#PED-1549). +- net/mlx5e: Statify function mlx5_cmd_trigger_completions + (jsc#PED-1549). +- net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (jsc#PED-1549). +- net/mlx5e: Permit XDP with non-linear legacy RQ (jsc#PED-1549). +- net/mlx5e: Support multi buffer XDP_TX (jsc#PED-1549). +- net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff + (jsc#PED-1549). +- net/mlx5e: Implement sending multi buffer XDP frames + (jsc#PED-1549). +- net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode + (jsc#PED-1549). +- net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX + (jsc#PED-1549). +- net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame + (jsc#PED-1549). +- net/mlx5e: Store DMA address inside struct page (jsc#PED-1549). +- net/mlx5e: Add XDP multi buffer support to the non-linear + legacy RQ (jsc#PED-1549). +- net/mlx5e: Use page-sized fragments with XDP multi buffer + (jsc#PED-1549). +- net/mlx5e: Use fragments of the same size in non-linear legacy + RQ with XDP (jsc#PED-1549). +- net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer + support (jsc#PED-1549). +- xfrm: delete duplicated functions that calls same + xfrm_api_check() (jsc#PED-373). +- igb: zero hwtstamp by default (jsc#PED-370). +- i40e: little endian only valid checksums (jsc#PED-372). +- net/mlx5: Remove unused fill page array API function + (jsc#PED-1549). +- net/mlx5: Remove unused exported contiguous coherent buffer + allocation API (jsc#PED-1549). +- net/mlx5: CT: Remove extra rhashtable remove on tuple entries + (jsc#PED-1549). +- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory + (jsc#PED-1549). +- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce + memory (jsc#PED-1549). +- net/mlx5: DR, Remove num_of_entries byte_size from struct + mlx5_dr_icm_chunk (jsc#PED-1549). +- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce + memory (jsc#PED-1549). +- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk + (jsc#PED-1549). +- net/mlx5: DR, Adjust structure member to reduce memory hole + (jsc#PED-1549). +- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear + (jsc#PED-1549). +- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle + (jsc#PED-1549). +- net/mlx5e: RX, Test the XDP program existence out of the handler + (jsc#PED-1549). +- net/mlx5e: Build SKB in place over the first fragment in + non-linear legacy RQ (jsc#PED-1549). +- net/mlx5e: Add headroom only to the first fragment in legacy RQ + (jsc#PED-1549). +- net/mlx5e: Validate MTU when building non-linear legacy RQ + fragments info (jsc#PED-1549). +- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth + explicitly (jsc#PED-1549). +- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit + (jsc#PED-1549). +- net/sched: add vlan push_eth and pop_eth action to the hardware + IR (jsc#PED-1549). +- devlink: pass devlink_port to port_split / port_unsplit + callbacks (jsc#PED-1549). +- devlink: hold the instance lock in port_split / port_unsplit + callbacks (jsc#PED-1549). +- eth: mlxsw: switch to explicit locking for port registration + (jsc#PED-1549). +- eth: nfp: replace driver's "pf" lock with devlink instance lock + (jsc#PED-1549). +- eth: nfp: wrap locking assertions in helpers (jsc#PED-1549). +- net/mlx5: Support GRE conntrack offload (jsc#PED-1549). +- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats + (jsc#PED-1549). +- net/mlx5e: Remove overzealous validations in netlink EEPROM + query (jsc#PED-1549). +- net/mlx5: Parse module mapping using mlx5_ifc (jsc#PED-1549). +- net/mlx5: Query the maximum MCIA register read size from + firmware (jsc#PED-1549). +- net/mlx5: CT: Create smfs dr matchers dynamically + (jsc#PED-1549). +- net/mlx5: CT: Add software steering ct flow steering provider + (jsc#PED-1549). +- net/mlx5: Add smfs lib to export direct steering API to CT + (jsc#PED-1549). +- net/mlx5: DR, Add helper to get backing dr table from a mlx5 + flow table (jsc#PED-1549). +- net/mlx5: CT: Introduce a platform for multiple flow steering + providers (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the doorbell pgdir + (jsc#PED-1549). +- net/mlx5: Node-aware allocation for UAR (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the EQs (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the EQ table (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the IRQ table + (jsc#PED-1549). +- net/mlx5: Delete useless module.h include (jsc#PED-1549). +- net/mlx5: DR, Add support for ConnectX-7 steering + (jsc#PED-1549). +- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 + (jsc#PED-1549). +- net/mlx5: DR, Rename action modify fields to reflect naming + in HW spec (jsc#PED-1549). +- net/mlx5: DR, Fix handling of different actions on the same + STE in STEv1 (jsc#PED-1549). +- net/mlx5: DR, Remove unneeded comments (jsc#PED-1549). +- net/mlx5: DR, Add support for matching on Internet Header Length + (IHL) (jsc#PED-1549). +- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior + (jsc#PED-1549). +- net/mlx5: Add debugfs counters for page commands failures + (jsc#PED-1549). +- net/mlx5: Add pages debugfs (jsc#PED-1549). +- net/mlx5: Move debugfs entries to separate struct + (jsc#PED-1549). +- net/mlx5: Change release_all_pages cap bit location + (jsc#PED-1549). +- net/mlx5: Remove redundant error on reclaim pages + (jsc#PED-1549). +- net/mlx5: Remove redundant error on give pages (jsc#PED-1549). +- net/mlx5: Remove redundant notify fail on give pages + (jsc#PED-1549). +- net/mlx5: Add command failures data to debugfs (jsc#PED-1549). +- net/mlx5e: TC, Fix use after free in + mlx5e_clone_flow_attr_for_post_act() (jsc#PED-1549). +- mlx5: add support for page_pool_get_stats (jsc#PED-1549). +- iavf: Remove non-inclusive language (jsc#PED-835). +- iavf: Fix incorrect use of assigning iavf_status to int + (jsc#PED-835). +- iavf: stop leaking iavf_status as "errno" values (jsc#PED-835). +- iavf: remove redundant ret variable (jsc#PED-835). +- iavf: Add usage of new virtchnl format to set default MAC + (jsc#PED-835). +- iavf: refactor processing of VLAN V2 capability message + (jsc#PED-835). +- iavf: Add support for 50G/100G in AIM algorithm (jsc#PED-835). +- net/mlx5: Add clarification on sync reset failure + (jsc#PED-1549). +- net/mlx5: Add reset_state field to MFRL register (jsc#PED-1549). +- RDMA/mlx5: Use new command interface API (jsc#PED-1552). +- net/mlx5: cmdif, Refactor error handling and reporting of + async commands (jsc#PED-1549). +- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} + (jsc#PED-1549). +- net/mlx5: cmdif, Add new api for command execution + (jsc#PED-1549). +- net/mlx5: cmdif, cmd_check refactoring (jsc#PED-1549). +- net/mlx5: cmdif, Return value improvements (jsc#PED-1549). +- net/mlx5: Lag, offload active-backup drops to hardware + (jsc#PED-1549). +- net/mlx5: Lag, record inactive state of bond device + (jsc#PED-1549). +- net/mlx5: Lag, don't use magic numbers for ports (jsc#PED-1549). +- net/mlx5: Lag, use local variable already defined to access + E-Switch (jsc#PED-1549). +- net/mlx5: E-switch, add drop rule support to ingress ACL + (jsc#PED-1549). +- net/mlx5: E-switch, remove special uplink ingress ACL handling + (jsc#PED-1549). +- net/mlx5: E-Switch, reserve and use same uplink metadata across + ports (jsc#PED-1549). +- net/mlx5: Add ability to insert to specific flow group + (jsc#PED-1549). +- mlx5: remove unused static inlines (jsc#PED-1549). +- flow_offload: reject offload for all drivers with invalid + police parameters (jsc#PED-1549). +- net: flow_offload: add tc police action parameters + (jsc#PED-1549). +- nfp: add support to offload police action from flower table + (jsc#PED-1549). +- nfp: add process to get action stats from hardware + (jsc#PED-1549). +- nfp: add hash table to store meter table (jsc#PED-1549). +- nfp: add support to offload tc action to hardware + (jsc#PED-1549). +- nfp: refactor policer config to support ingress/egress meter + (jsc#PED-1549). +- ixgbe: Remove non-inclusive language (jsc#PED-373). +- ixgbevf: clean up some inconsistent indenting (jsc#PED-373). +- net/mlx5e: TC, Allow sample action with CT (jsc#PED-1549). +- net/mlx5e: TC, Make post_act parse CT and sample actions + (jsc#PED-1549). +- net/mlx5e: TC, Clean redundant counter flag from tc action + parsers (jsc#PED-1549). +- net/mlx5e: Use multi table support for CT and sample actions + (jsc#PED-1549). +- net/mlx5e: Create new flow attr for multi table actions + (jsc#PED-1549). +- net/mlx5e: Add post act offload/unoffload API (jsc#PED-1549). +- net/mlx5e: Pass actions param to actions_match_supported() + (jsc#PED-1549). +- net/mlx5e: TC, Move flow hashtable to be per rep (jsc#PED-1549). +- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev + mode (jsc#PED-1549). +- net/mlx5e: E-Switch, Add PTP counters for uplink representor + (jsc#PED-1549). +- net/mlx5e: RX, Restrict bulk size for small Striding RQs + (jsc#PED-1549). +- net/mlx5e: Default to Striding RQ when not conflicting with + CQE compression (jsc#PED-1549). +- net/mlx5e: Generalize packet merge error message (jsc#PED-1549). +- net/mlx5e: Add support for using xdp->data_meta (jsc#PED-1549). +- net/mlx5e: Fix spelling mistake "supoported" -> "supported" + (jsc#PED-1549). +- net/mlx5e: Optimize the common case condition in + mlx5e_select_queue (jsc#PED-1549). +- net/mlx5e: Optimize modulo in mlx5e_select_queue (jsc#PED-1549). +- net/mlx5e: Optimize mlx5e_select_queue (jsc#PED-1549). +- net/mlx5e: Move repeating code that gets TC prio into a function + (jsc#PED-1549). +- net/mlx5e: Use select queue parameters to sync with control flow + (jsc#PED-1549). +- net/mlx5e: Move mlx5e_select_queue to en/selq.c (jsc#PED-1549). +- net/mlx5e: Introduce select queue parameters (jsc#PED-1549). +- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues + (jsc#PED-1549). +- net/mlx5e: Use a barrier after updating txq2sq (jsc#PED-1549). +- net/mlx5e: Disable TX queues before registering the netdev + (jsc#PED-1549). +- net/mlx5e: Cleanup of start/stop all queues (jsc#PED-1549). +- net/mlx5e: Use FW limitation for max MPW WQEBBs (jsc#PED-1549). +- net/mlx5e: Read max WQEBBs on the SQ from firmware + (jsc#PED-1549). +- net/mlx5e: Remove unused tstamp SQ field (jsc#PED-1549). +- i40e: xsk: Move tmp desc array from driver to pool + (jsc#PED-372). +- i40e: Add a stat for tracking busy rx pages (jsc#PED-372). +- i40e: Add a stat for tracking pages waived (jsc#PED-372). +- i40e: Add a stat tracking new RX page allocations (jsc#PED-372). +- i40e: Aggregate and export RX page reuse stat (jsc#PED-372). +- i40e: Remove rx page reuse double count (jsc#PED-372). +- i40e: Fix race condition while adding/deleting MAC/VLAN filters + (jsc#PED-372). +- i40e: Add new version of i40e_aq_add_macvlan function + (jsc#PED-372). +- i40e: Add new versions of send ASQ command functions + (jsc#PED-372). +- i40e: Add sending commands in atomic context (jsc#PED-372). +- i40e: Remove unused RX realloc stat (jsc#PED-372). +- i40e: Disable hw-tc-offload feature on driver load + (jsc#PED-372). +- mlxsw: spectrum: Guard against invalid local ports + (jsc#PED-1549). +- net/mlx5: VLAN push on RX, pop on TX (jsc#PED-1549). +- net/mlx5: Introduce software defined steering capabilities + (jsc#PED-1549). +- net/mlx5: Remove unused TIR modify bitmask enums (jsc#PED-1549). +- net/mlx5e: CT, Remove redundant flow args from tc ct calls + (jsc#PED-1549). +- net/mlx5e: TC, Store mapped tunnel id on flow attr + (jsc#PED-1549). +- net/mlx5e: Test CT and SAMPLE on flow attr (jsc#PED-1549). +- net/mlx5e: Refactor eswitch attr flags to just attr flags + (jsc#PED-1549). +- net/mlx5e: CT, Don't set flow flag CT for ct clear flow + (jsc#PED-1549). +- net/mlx5e: TC, Hold sample_attr on stack instead of pointer + (jsc#PED-1549). +- net/mlx5e: TC, Reject rules with multiple CT actions + (jsc#PED-1549). +- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get + flow attr (jsc#PED-1549). +- net/mlx5e: TC, Pass attr to tc_act can_offload() (jsc#PED-1549). +- net/mlx5e: TC, Split pedit offloads verify from + alloc_tc_pedit_action() (jsc#PED-1549). +- net/mlx5e: TC, Move pedit_headers_action to parse_attr + (jsc#PED-1549). +- net/mlx5e: Move counter creation call to + alloc_flow_attr_counter() (jsc#PED-1549). +- net/mlx5e: Pass attr arg for attaching/detaching encaps + (jsc#PED-1549). +- net/mlx5e: Move code chunk setting encap dests into its own + function (jsc#PED-1549). +- igbvf: Remove useless DMA-32 fallback configuration + (jsc#PED-370). +- igb: Remove useless DMA-32 fallback configuration (jsc#PED-370). +- igc: Remove useless DMA-32 fallback configuration (jsc#PED-375). +- iavf: Remove useless DMA-32 fallback configuration + (jsc#PED-835). +- i40e: Remove useless DMA-32 fallback configuration + (jsc#PED-372). +- ixgbevf: Remove useless DMA-32 fallback configuration + (jsc#PED-373). +- ixgbe: Remove useless DMA-32 fallback configuration + (jsc#PED-373). +- bpf: add frags support to the bpf_xdp_adjust_tail() API + (jsc#PED-373). +- bpf: introduce bpf_xdp_get_buff_len helper (jsc#PED-373). +- xdp: add frags support to xdp_return_{buff/frame} (jsc#PED-373). +- net/mlx5: Add migration commands definitions (jsc#PED-1549). +- net/mlx5: Introduce migration bits and structures + (jsc#PED-1549). +- net/mlx5: Expose APIs to get/put the mlx5 core device + (jsc#PED-1549). +- PCI/IOV: Add pci_iov_get_pf_drvdata() to allow VF reaching + the drvdata of a PF (jsc#PED-1549). +- net/mlx5: Reuse exported virtfn index function call + (jsc#PED-1549). +- PCI/IOV: Add pci_iov_vf_id() to get VF index (jsc#PED-1549). +- iavf: Fix adopting new combined setting (jsc#PED-835). +- vdpa: fix use-after-free on vp_vdpa_remove (jsc#PED-1549). +- vhost: fix hung thread due to erroneous iotlb entries + (jsc#PED-1549). +- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET + command (jsc#PED-1549). +- vdpa/mlx5: should verify CTRL_VQ feature exists for MQ + (jsc#PED-1549). +- vdpa: factor out vdpa_set_features_unlocked for vdpa internal + use (jsc#PED-1549). +- xfrm: enforce validity of offload input flags (jsc#PED-373). +- net/mlx5e: Fix VF min/max rate parameters interchange mistake + (jsc#PED-1549). +- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information + (jsc#PED-1549). +- net/mlx5e: Add feature check for set fec counters + (jsc#PED-1549). +- net/mlx5e: TC, Skip redundant ct clear actions (jsc#PED-1549). +- net/mlx5: Update log_max_qp value to be 17 at most + (jsc#PED-1549). +- net_sched: add __rcu annotation to netdev->qdisc (jsc#PED-1549). +- vdpa/mlx5: Fix tracking of current number of VQs (jsc#PED-1549). +- vdpa/mlx5: Fix is_index_valid() to refer to features + (jsc#PED-1549). +- vdpa: Protect vdpa reset with cf_mutex (jsc#PED-1549). +- vdpa: Avoid taking cf_mutex lock on get status (jsc#PED-1549). +- vdpa/mlx5: Report max device capabilities (jsc#PED-1549). +- vdpa: Support reporting max device capabilities (jsc#PED-1549). +- vdpa/mlx5: Restore cur_num_vqs in case of failure in + change_num_qps() (jsc#PED-1549). +- vdpa: Add support for returning device configuration information + (jsc#PED-1549). +- vdpa/mlx5: Support configuring max data virtqueue + (jsc#PED-1549). +- vdpa/mlx5: Fix config_attr_mask assignment (jsc#PED-1549). +- vdpa: Allow to configure max data virtqueues (jsc#PED-1549). +- vdpa: Read device configuration only if FEATURES_OK + (jsc#PED-1549). +- vdpa: Sync calls set/get config/status with cf_mutex + (jsc#PED-1549). +- vdpa/mlx5: Distribute RX virtqueues in RQT object + (jsc#PED-1549). +- vdpa: Provide interface to read driver features (jsc#PED-1549). +- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 + (jsc#PED-1549). +- vdpa: Mark vdpa_config_ops.get_vq_notification as optional + (jsc#PED-1549). +- vdpa: Avoid duplicate call to vp_vdpa get_status (jsc#PED-1549). +- net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU + (jsc#PED-1549). +- vdpa: add driver_override support (jsc#PED-1549). +- docs: document sysfs ABI for vDPA bus (jsc#PED-1549). +- ifcvf/vDPA: fix misuse virtio-net device config size for blk + dev (jsc#PED-1549). +- RDMA/mlx5: Print wc status on CQE error and dump needed + (jsc#PED-1552). +- RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr + (jsc#PED-1552). +- net/mlx5: Use irq_set_affinity_and_hint() (jsc#PED-1549). +- ixgbe: Use irq_update_affinity_hint() (jsc#PED-373). +- i40e: Use irq_update_affinity_hint() (jsc#PED-372). +- iavf: Use irq_update_affinity_hint() (jsc#PED-835). +- vdpa/mlx5: Use auxiliary_device driver data helpers + (jsc#PED-1549). +- net/mlx5e: Use auxiliary_device driver data helpers + (jsc#PED-1549). +- RDMA/irdma: Use auxiliary_device driver data helpers + (jsc#PED-1552). +- net: openvswitch: Fix ct_state nat flags for conns arriving + from tc (jsc#PED-1549). +- net/mlx5e: Fix build error in fec_set_block_stats() + (jsc#PED-1549). +- iavf: remove an unneeded variable (jsc#PED-835). +- i40e: remove variables set but not used (jsc#PED-372). +- i40e: Remove non-inclusive language (jsc#PED-372). +- i40e: Update FW API version (jsc#PED-372). +- i40e: Minimize amount of busy-waiting during AQ send + (jsc#PED-372). +- net/mlx5e: Add recovery flow in case of error CQE + (jsc#PED-1549). +- net/mlx5e: TC, Remove redundant error logging (jsc#PED-1549). +- net/mlx5e: Refactor set_pflag_cqe_based_moder (jsc#PED-1549). +- net/mlx5e: Move HW-GRO and CQE compression check to fix features + flow (jsc#PED-1549). +- net/mlx5e: Fix feature check per profile (jsc#PED-1549). +- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't + eswitch manager (jsc#PED-1549). +- net/mlx5e: Expose FEC counters via ethtool (jsc#PED-1549). +- net/mlx5: Update log_max_qp value to FW max capability + (jsc#PED-1549). +- net/mlx5: SF, Use all available cpu for setting cpu affinity + (jsc#PED-1549). +- net/mlx5: Introduce API for bulk request and release of IRQs + (jsc#PED-1549). +- net/mlx5: Split irq_pool_affinity logic to new file + (jsc#PED-1549). +- net/mlx5: Move affinity assignment into irq_request + (jsc#PED-1549). +- net/mlx5: Introduce control IRQ request API (jsc#PED-1549). +- net/mlx5: mlx5e_hv_vhca_stats_create return type to void + (jsc#PED-1549). +- mlxsw: spectrum: Extend to support Spectrum-4 ASIC + (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Add support for Spectrum-4 + calculation (jsc#PED-1549). +- mlxsw: Add operations structure for bloom filter calculation + (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Rename Spectrum-2 specific + objects for future use (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Make + mlxsw_sp_acl_bf_key_encode() more flexible (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Reorder functions to make + the code more aesthetic (jsc#PED-1549). +- mlxsw: Introduce flex key elements for Spectrum-4 + (jsc#PED-1549). +- mlxsw: Rename virtual router flex key element (jsc#PED-1549). +- net: fixup build after bpf header changes (jsc#PED-1549). +- net/mlx5: CT: Set flow source hint from provided tuple device + (jsc#PED-1549). +- xsk: Wipe out dead zero_copy_allocator declarations + (jsc#PED-373). +- net/mlx5: Set SMFS as a default steering mode if device supports + it (jsc#PED-1549). +- net/mlx5: DR, Ignore modify TTL if device doesn't support it + (jsc#PED-1549). +- net/mlx5: DR, Improve steering for empty or RX/TX-only matchers + (jsc#PED-1549). +- net/mlx5: DR, Add support for matching on + geneve_tlv_option_0_exist field (jsc#PED-1549). +- net/mlx5: DR, Support matching on tunnel headers 0 and 1 + (jsc#PED-1549). +- net/mlx5: DR, Add misc5 to match_param structs (jsc#PED-1549). +- net/mlx5: Add misc5 flow table match parameters (jsc#PED-1549). +- net/mlx5: DR, Warn on failure to destroy objects due to refcount + (jsc#PED-1549). +- net/mlx5: DR, Add support for UPLINK destination type + (jsc#PED-1549). +- net/mlx5: DR, Add support for dumping steering info + (jsc#PED-1549). +- net/mlx5: DR, Add missing reserved fields to dr_match_param + (jsc#PED-1549). +- net/mlx5: DR, Add check for flex parser ID value (jsc#PED-1549). +- net/mlx5: DR, Rename list field in matcher struct to list_node + (jsc#PED-1549). +- net/mlx5: DR, Remove unused struct member in matcher + (jsc#PED-1549). +- net/mlx5: DR, Fix lower case macro prefix "mlx5_" to "MLX5_" + (jsc#PED-1549). +- net/mlx5: DR, Fix error flow in creating matcher (jsc#PED-1549). +- igb: support EXTTS on 82580/i354/i350 (jsc#PED-370). +- igb: support PEROUT on 82580/i354/i350 (jsc#PED-370). +- igb: move PEROUT and EXTTS isr logic to separate functions + (jsc#PED-370). +- igb: move SDP config initialization to separate function + (jsc#PED-370). +- ixgbevf: switch to napi_build_skb() (jsc#PED-373). +- ixgbe: switch to napi_build_skb() (jsc#PED-373). +- igc: switch to napi_build_skb() (jsc#PED-375). +- igb: switch to napi_build_skb() (jsc#PED-370). +- iavf: switch to napi_build_skb() (jsc#PED-835). +- i40e: switch to napi_build_skb() (jsc#PED-372). +- net/mlx5e: Take packet_merge params directly from the RX res + struct (jsc#PED-1549). +- net/mlx5e: Allocate per-channel stats dynamically at first usage + (jsc#PED-1549). +- net/mlx5e: Use dynamic per-channel allocations in stats + (jsc#PED-1549). +- net/mlx5e: Allow profile-specific limitation on max num of + channels (jsc#PED-1549). +- net/mlx5e: Save memory by using dynamic allocation in netdev + priv (jsc#PED-1549). +- net/mlx5e: Add profile indications for PTP and QOS HTB features + (jsc#PED-1549). +- net/mlx5e: Use bitmap field for profile features (jsc#PED-1549). +- net/mlx5: Remove the repeated declaration (jsc#PED-1549). +- net/mlx5: Let user configure max_macs generic param + (jsc#PED-1549). +- net/mlx5: Let user configure event_eq_size param (jsc#PED-1549). +- net/mlx5: Let user configure io_eq_size param (jsc#PED-1549). +- igbvf: Refactor trace (jsc#PED-370). +- igb: remove never changed variable `ret_val' (jsc#PED-370). +- igc: Remove obsolete define (jsc#PED-375). +- igc: Remove obsolete mask (jsc#PED-375). +- igc: Remove obsolete nvm type (jsc#PED-375). +- igc: Remove unused phy type (jsc#PED-375). +- igc: Remove unused _I_PHY_ID define (jsc#PED-375). +- net/sched: use min() macro instead of doing it manually + (jsc#PED-1549). +- flow_offload: add reoffload process to update hw_count + (jsc#PED-1549). +- net: sched: save full flags for tc action (jsc#PED-1549). +- flow_offload: add process to update action stats from hardware + (jsc#PED-1549). +- flow_offload: add skip_hw and skip_sw to control if offload + the action (jsc#PED-1549). +- flow_offload: allow user to offload tc action to net device + (jsc#PED-1549). +- flow_offload: add ops to tc_action_ops for flow action setup + (jsc#PED-1549). +- flow_offload: rename offload functions with offload instead + of flow (jsc#PED-1549). +- flow_offload: add index to flow_action_entry structure + (jsc#PED-1549). +- iavf: Restrict maximum VLAN filters for + VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-835). +- iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev + config (jsc#PED-835). +- virtchnl: Add support for new VLAN capabilities (jsc#PED-835). +- net/mlx5: Introduce log_max_current_uc_list_wr_supported bit + (jsc#PED-1549). +- RDMA/mlx5: Add support to multiple priorities for FDB rules + (jsc#PED-1552). +- net/mlx5: Create more priorities for FDB bypass namespace + (jsc#PED-1549). +- net/mlx5: Refactor mlx5_get_flow_namespace (jsc#PED-1549). +- net/mlx5: Separate FDB namespace (jsc#PED-1549). +- net/mlx5e: Move goto action checks into tc_action goto post + parse op (jsc#PED-1549). +- net/mlx5e: Move vlan action chunk into tc action vlan post + parse op (jsc#PED-1549). +- net/mlx5e: Add post_parse() op to tc action infrastructure + (jsc#PED-1549). +- net/mlx5e: Move sample attr allocation to tc_action sample + parse op (jsc#PED-1549). +- net/mlx5e: TC action parsing loop (jsc#PED-1549). +- net/mlx5e: Add redirect ingress to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add sample and ptype to tc_action infra + (jsc#PED-1549). +- net/mlx5e: Add ct to tc action infra (jsc#PED-1549). +- net/mlx5e: Add mirred/redirect to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add mpls push/pop to tc action infra (jsc#PED-1549). +- net/mlx5e: Add vlan push/pop/mangle to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add pedit to tc action infra (jsc#PED-1549). +- net/mlx5e: Add csum to tc action infra (jsc#PED-1549). +- net/mlx5e: Add tunnel encap/decap to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add goto to tc action infra (jsc#PED-1549). +- net/mlx5e: Add tc action infrastructure (jsc#PED-1549). +- xfrm: add net device refcount tracker to struct + xfrm_state_offload (jsc#PED-373). +- net/mlx5: Dynamically resize flow counters query buffer + (jsc#PED-1549). +- net/mlx5e: TC, Set flow attr ip_version earlier (jsc#PED-1549). +- net/mlx5e: TC, Move common flow_action checks into function + (jsc#PED-1549). +- net/mlx5e: Remove redundant actions arg from vlan push/pop funcs + (jsc#PED-1549). +- net/mlx5e: Remove redundant actions arg from + validate_goto_chain() (jsc#PED-1549). +- net/mlx5e: TC, Remove redundant action stack var (jsc#PED-1549). +- net/mlx5e: Hide function mlx5e_num_channels_changed + (jsc#PED-1549). +- net/mlx5e: SHAMPO, clean MLX5E_MAX_KLM_PER_WQE macro + (jsc#PED-1549). +- net/mlx5: Print more info on pci error handlers (jsc#PED-1549). +- net/mlx5: SF, silence an uninitialized variable warning + (jsc#PED-1549). +- net/mlx5: Fix error return code in esw_qos_create() + (jsc#PED-1549). +- mlx5: fix mlx5i_grp_sw_update_stats() stack usage + (jsc#PED-1549). +- mlx5: fix psample_sample_packet link error (jsc#PED-1549). +- mlxsw: Use u16 for local_port field instead of u8 + (jsc#PED-1549). +- mlxsw: reg: Adjust PPCNT register to support local port 255 + (jsc#PED-1549). +- mlxsw: reg: Increase 'port_num' field in PMTDB register + (jsc#PED-1549). +- mlxsw: reg: Align existing registers to use extended local_port + field (jsc#PED-1549). +- mlxsw: item: Add support for local_port field in a split form + (jsc#PED-1549). +- iavf: Fix displaying queue statistics shown by ethtool + (jsc#PED-835). +- iavf: Refactor string format to avoid static analysis warnings + (jsc#PED-835). +- iavf: Refactor text of informational message (jsc#PED-835). +- iavf: Fix static code analysis warning (jsc#PED-835). +- iavf: Refactor iavf_mac_filter struct memory usage + (jsc#PED-835). +- iavf: Enable setting RSS hash key (jsc#PED-835). +- iavf: return errno code instead of status code (jsc#PED-835). +- iavf: Log info when VF is entering and leaving Allmulti mode + (jsc#PED-835). +- iavf: Add change MTU message (jsc#PED-835). +- igc: enable XDP metadata in driver (jsc#PED-375). +- devlink: Simplify devlink resources unregister call + (jsc#PED-1549). +- mlxsw: spectrum_router: Remove deadcode in + mlxsw_sp_rif_mac_profile_find (jsc#PED-1549). +- net: dsa: felix: restrict psfp rules on ingress port + (jsc#PED-1549). +- net: dsa: felix: use vcap policer to set flow meter for psfp + (jsc#PED-1549). +- net: mscc: ocelot: use index to set vcap policer (jsc#PED-1549). +- net: dsa: felix: add stream gate settings for psfp + (jsc#PED-1549). +- net: dsa: felix: support psfp filter on vsc9959 (jsc#PED-1549). +- net: mscc: ocelot: add gate and police action offload to PSFP + (jsc#PED-1549). +- net: mscc: ocelot: set vcap IS2 chain to goto PSFP chain + (jsc#PED-1549). +- ixgbevf: Add support for new mailbox communication between PF + and VF (jsc#PED-373). +- ixgbevf: Mailbox improvements (jsc#PED-373). +- ixgbevf: Add legacy suffix to old API mailbox functions + (jsc#PED-373). +- ixgbevf: Improve error handling in mailbox (jsc#PED-373). +- stmmac: fix build due to brainos in trans_start changes + (jsc#PED-370). +- net: annotate accesses to queue->trans_start (jsc#PED-370). +- net/mlx5: E-switch, Create QoS on demand (jsc#PED-1549). +- net/mlx5: E-switch, Enable vport QoS on demand (jsc#PED-1549). +- net/mlx5: E-switch, move offloads mode callbacks to offloads + file (jsc#PED-1549). +- net/mlx5: E-switch, Reuse mlx5_eswitch_set_vport_mac + (jsc#PED-1549). +- net/mlx5: E-switch, Remove vport enabled check (jsc#PED-1549). +- net/mlx5e: Specify out ifindex when looking up decap route + (jsc#PED-1549). +- net/mlx5e: TC, Move comment about mod header flag to correct + place (jsc#PED-1549). +- net/mlx5e: TC, Move kfree() calls after destroying all resources + (jsc#PED-1549). +- net/mlx5e: TC, Destroy nic flow counter if exists + (jsc#PED-1549). +- net/mlx5: TC, using swap() instead of tmp variable + (jsc#PED-1549). +- net/mlx5: CT: Allow static allocation of mod headers + (jsc#PED-1549). +- net/mlx5e: Refactor mod header management API (jsc#PED-1549). +- net/mlx5: Avoid printing health buffer when firmware is + unavailable (jsc#PED-1549). +- net/mlx5: Fix format-security build warnings (jsc#PED-1549). +- net/mlx5e: Support ethtool cq mode (jsc#PED-1549). +- net: openvswitch: Fix matching zone id for invalid conns + arriving from tc (jsc#PED-1549). +- net/sched: flow_dissector: Fix matching on zone id for invalid + conns (jsc#PED-1549). +- mlxsw: spectrum_router: Consolidate MAC profiles when possible + (jsc#PED-1549). +- vhost-vdpa: clean irqs before reseting vdpa device + (jsc#PED-1549). +- vdpa/mlx5: Forward only packets with allowed MAC address + (jsc#PED-1549). +- vdpa/mlx5: Support configuration of MAC (jsc#PED-1549). +- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit + (jsc#PED-1549). +- vdpa: Enable user to set mac and mtu of vdpa device + (jsc#PED-1549). +- vdpa: Use kernel coding style for structure comments + (jsc#PED-1549). +- vdpa: Introduce query of device config layout (jsc#PED-1549). +- vdpa: Introduce and use vdpa device get, set config helpers + (jsc#PED-1549). +- vdpa/mlx5: Propagate link status from device to vdpa driver + (jsc#PED-1549). +- vdpa/mlx5: Rename control VQ workqueue to vdpa wq + (jsc#PED-1549). +- vdpa/mlx5: Remove mtu field from vdpa net device (jsc#PED-1549). +- vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE + (jsc#PED-1549). +- vdpa: min vq num of vdpa device cannot be greater than max vq + num (jsc#PED-1549). +- vdpa: add new callback get_vq_num_min in vdpa_config_ops + (jsc#PED-1549). +- vp_vdpa: add vq irq offloading support (jsc#PED-1549). +- vdpa: fix typo (jsc#PED-1549). +- cls_flower: Fix inability to match GRE/IPIP packets + (jsc#PED-1549). +- netdevsim: fix uninit value in nsim_drv_configure_vfs() + (jsc#PED-1549). +- netdevsim: rename 'driver' entry points (jsc#PED-1549). +- netdevsim: move max vf config to dev (jsc#PED-1549). +- netdevsim: move details of vf config to dev (jsc#PED-1549). +- netdevsim: move vfconfig to nsim_dev (jsc#PED-1549). +- netdevsim: take rtnl_lock when assigning num_vfs (jsc#PED-1549). +- virtchnl: Use the BIT() macro for capability/offload flags + (jsc#PED-835). +- virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define + (jsc#PED-835). +- netdevsim: remove max_vfs dentry (jsc#PED-1549). +- mlxsw: spectrum_router: Expose RIF MAC profiles to devlink + resource (jsc#PED-1549). +- mlxsw: spectrum_router: Add RIF MAC profiles support + (jsc#PED-1549). +- mlxsw: spectrum_router: Propagate extack further (jsc#PED-1549). +- mlxsw: resources: Add resource identifier for RIF MAC profiles + (jsc#PED-1549). +- mlxsw: reg: Add MAC profile ID field to RITR register + (jsc#PED-1549). +- mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable + (jsc#PED-1549). +- net: mscc: ocelot: support egress VLAN rewriting via VCAP ES0 + (jsc#PED-1549). +- xsk: Optimize for aligned case (jsc#PED-1549). +- virtio_net: introduce TX timeout watchdog (jsc#PED-370). +- mlxsw: Make PMAOS pack function more generic (jsc#PED-1549). +- mlxsw: reg: Add fields to PMAOS register (jsc#PED-1549). +- mlxsw: Track per-module port status (jsc#PED-1549). +- mlxsw: spectrum: Do not return an error in + mlxsw_sp_port_module_unmap() (jsc#PED-1549). +- mlxsw: spectrum: Do not return an error in ndo_stop() + (jsc#PED-1549). +- mlxsw: core_env: Convert 'module_info_lock' to a mutex + (jsc#PED-1549). +- mlxsw: core_env: Defer handling of module temperature warning + events (jsc#PED-1549). +- mlxsw: reg: Remove PMTM register (jsc#PED-1549). +- mlxsw: spectrum: Move port SWID set before core port init + (jsc#PED-1549). +- mlxsw: spectrum: Move port module mapping before core port init + (jsc#PED-1549). +- mlxsw: spectrum: Bump minimum FW version to xx.2008.3326 + (jsc#PED-1549). +- vduse: Fix race condition between resetting and irq injecting + (jsc#PED-1549). +- vduse: Disallow injecting interrupt before DRIVER_OK is set + (jsc#PED-1549). +- vhost_vdpa: unset vq irq before freeing irq (jsc#PED-1549). +- vdpa: potential uninitialized return in vhost_vdpa_va_map() + (jsc#PED-1549). +- vdpa/mlx5: Avoid executing set_vq_ready() if device is reset + (jsc#PED-1549). +- vdpa/mlx5: Clear ready indication for control VQ (jsc#PED-1549). +- vduse: Cleanup the old kernel states after reset failure + (jsc#PED-1549). +- vduse: missing error code in vduse_init() (jsc#PED-1549). +- Documentation: Add documentation for VDUSE (jsc#PED-1549). +- vduse: Implement an MMU-based software IOTLB (jsc#PED-1549). +- vdpa: Support transferring virtual addressing during DMA mapping + (jsc#PED-1549). +- vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() + (jsc#PED-1549). +- vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() + (jsc#PED-1549). +- vhost-iotlb: Add an opaque pointer for vhost IOTLB + (jsc#PED-1549). +- vhost-vdpa: Handle the failure of vdpa_reset() (jsc#PED-1549). +- vdpa: Add reset callback in vdpa_config_ops (jsc#PED-1549). +- vdpa: Fix some coding style issues (jsc#PED-1549). +- file: Export receive_fd() to modules (jsc#PED-1549). +- vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro + (jsc#PED-1549). +- vdpa/mlx5: Add multiqueue support (jsc#PED-1549). +- vdpa/mlx5: Ensure valid indices are provided (jsc#PED-1549). +- vdpa/mlx5: Decouple virtqueue callback from struct + mlx5_vdpa_virtqueue (jsc#PED-1549). +- vdpa/mlx5: function prototype modifications in preparation to + control VQ (jsc#PED-1549). +- vdpa/mlx5: Remove redundant header file inclusion + (jsc#PED-1549). +- vDPA/ifcvf: enable multiqueue and control vq (jsc#PED-1549). +- vDPA/ifcvf: detect and use the onboard number of queues directly + (jsc#PED-1549). +- vDPA/ifcvf: implement management netlink framework for ifcvf + (jsc#PED-1549). +- vDPA/ifcvf: introduce get_dev_type() which returns virtio dev id + (jsc#PED-1549). +- mlxsw: spectrum: Add infrastructure for parsing configuration + (jsc#PED-1549). +- net/sched: store the last executed chain also for clsact egress + (jsc#PED-1549). +- nfp: flower-tc: add flow stats updates for ct (jsc#PED-1549). +- nfp: flower-ct: add offload calls to the nfp (jsc#PED-1549). +- nfp: flower-ct: add flow_pay to the offload table + (jsc#PED-1549). +- nfp: flower-ct: add actions into flow_pay for offload + (jsc#PED-1549). +- nfp: flower-ct: compile match sections of flow_payload + (jsc#PED-1549). +- nfp: flower-ct: calculate required key_layers (jsc#PED-1549). +- nfp: flower: refactor action offload code slightly + (jsc#PED-1549). +- nfp: flower: refactor match functions to take flow_rule as input + (jsc#PED-1549). +- nfp: flower: make the match compilation functions reusable + (jsc#PED-1549). +- netdevsim: Add multi-queue support (jsc#PED-1549). +- net/sched: Remove unnecessary if statement (jsc#PED-1549). +- bpf: Add function for XDP meta data length check (jsc#PED-373). +- commit 820516d + +- ethernet: sparx5: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: sxgbe: use eth_hw_addr_set() (jsc#PED-1565). +- commit efcaf78 + +- ethernet: ibmveth: use ether_addr_to_u64() (jsc#PED-1565). +- commit 62557e1 + +- intersil: remove obsolete prism54 wireless driver + (jsc#PED-1565). +- Update config files. +- supported.conf: removed prism64 +- commit 2e3787e + +- staging: rtl8188eu fix fallout of constifying dev_addr + (jsc#PED-1565). +- commit 388ba9a + +- sfc: siena: Fix Kconfig dependencies (jsc#PED-1565). +- Update config files. +- supported.conf: Addedd sfc-siena +- commit d576f42 + +- net: add net device refcount tracker infrastructure + (jsc#PED-1565). +- Update config files. +- commit 62b348b + +- of: net: move of_net under net/ (jsc#PED-1565). +- Update config files. +- commit 04e77fb + +- net: annotate accesses to dev->gso_max_segs (jsc#PED-1565). +- Refresh patches.suse/octeontx2-pf-Add-TC-feature-for-VFs.patch. +- commit 37035f5 + +- usb: gadget: u_ether: use eth_hw_addr_set() (jsc#PED-1565). +- Refresh + patches.suse/usb-gadget-u_ether-fix-regression-in-setting-fixed-M.patch. +- commit 219037e + +- device property: move mac addr helpers to eth.c (jsc#PED-1565). +- Refresh + patches.suse/device-property-Add-fwnode_irq_get_byname.patch. +- commit c05663b + +- sfc: implement ethtool get/set RX ring size for EF100 reps + (jsc#PED-1565). +- sfc: use a dynamic m-port for representor RX and set it promisc + (jsc#PED-1565). +- sfc: move table locking into filter_table_{probe,remove} + methods (jsc#PED-1565). +- sfc: insert default MAE rules to connect VFs to representors + (jsc#PED-1565). +- sfc: receive packets from EF100 VFs into representors + (jsc#PED-1565). +- sfc: check ef100 RX packets are from the wire (jsc#PED-1565). +- sfc: determine wire m-port at EF100 PF probe time + (jsc#PED-1565). +- sfc: ef100 representor RX top half (jsc#PED-1565). +- sfc: ef100 representor RX NAPI poll (jsc#PED-1565). +- sfc: plumb ef100 representor stats (jsc#PED-1565). +- sfc/siena: fix repeated words in comments (jsc#PED-1565). +- sfc/falcon: fix repeated words in comments (jsc#PED-1565). +- sfc: attach/detach EF100 representors along with their owning PF + (jsc#PED-1565). +- sfc: hook up ef100 representor TX (jsc#PED-1565). +- sfc: support passing a representor to the EF100 TX path + (jsc#PED-1565). +- sfc: determine representee m-port for EF100 representors + (jsc#PED-1565). +- sfc: phys port/switch identification for ef100 reps + (jsc#PED-1565). +- sfc: add basic ethtool ops to ef100 reps (jsc#PED-1565). +- sfc: add skeleton ef100 VF representors (jsc#PED-1565). +- sfc: detect ef100 MAE admin privilege/capability at probe time + (jsc#PED-1565). +- sfc: update EF100 register descriptions (jsc#PED-1565). +- sfc: update MCDI protocol headers (jsc#PED-1565). +- sfc: falcon: Use the bitmap API to allocate bitmaps + (jsc#PED-1565). +- sfc/siena: Use the bitmap API to allocate bitmaps + (jsc#PED-1565). +- sfc: Separate netdev probe/remove from PCI probe/remove + (jsc#PED-1565). +- sfc: disable softirqs for ptp TX (jsc#PED-1565). +- sfc: fix kernel panic when creating VF (jsc#PED-1565). +- sfc: fix use after free when disabling sriov (jsc#PED-1565). +- net: make drivers set the TSO limit not the GSO limit + (jsc#PED-1565). +- bpf: Let bpf_warn_invalid_xdp_action() report more info + (jsc#PED-1565). +- bpf: Do not WARN in bpf_warn_invalid_xdp_action() + (jsc#PED-1565). +- net: usb: ax88179_178a: add TSO feature (jsc#PED-1565). +- bpf, devmap: Exclude XDP broadcast to master device + (jsc#PED-1565). +- bpf: devmap: Implement devmap prog execution for generic XDP + (jsc#PED-1565). +- bpf: cpumap: Implement generic cpumap (jsc#PED-1565). +- bitops: Add non-atomic bitops for pointers (jsc#PED-1565). +- net: core: Split out code to run generic XDP prog + (jsc#PED-1565). +- commit 86a0101 + +- ethernet: netsec: use eth_hw_addr_set() (jsc#PED-1565). +- commit de114d2 + +- net: fec_mpc52xx: don't discard const from netdev->dev_addr + (jsc#PED-1565). +- ethernet: fec: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: ocelot: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: enetc: use eth_hw_addr_set() (jsc#PED-1565). +- commit 7d923f4 + +- ethernet: via-velocity: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: via-rhine: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: ec_bhf: use eth_hw_addr_set() (jsc#PED-1565). +- commit fba8780 + +- RDMA/cxgb4: fix accept failure due to increased + cpl_t5_pass_accept_rpl size (jsc#PED-1508). +- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY + event (jsc#PED-1503). +- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() + (jsc#PED-1529). +- RDMA: remove useless condition in siw_create_cq() + (jsc#PED-1503). +- e1000e: convert .adjfreq to .adjfine (jsc#PED-837). +- e1000e: remove unnecessary range check in e1000e_phc_adjfreq + (jsc#PED-837). +- net/mlx4: Use devl_ API for devlink port register / unregister + (jsc#PED-1548). +- qlogic: qed: fix clang -Wformat warnings (jsc#PED-1526). +- qed: Use bitmap_empty() (jsc#PED-1526). +- qed: Use the bitmap API to allocate bitmaps (jsc#PED-1526). +- cxgb4: Use the bitmap API to allocate bitmaps (jsc#PED-1506). +- qlogic/qed: fix repeated words in comments (jsc#PED-1526). +- cxgb4: Fix typo in string (jsc#PED-1506). +- intel/e1000e:fix repeated words in comments (jsc#PED-837). +- intel: remove unused macros (jsc#PED-837). +- sfc: replace function name in string with __func__ + (jsc#PED-1565). +- sfc: Unsplit literal string (jsc#PED-1565). +- sfc: Move EF100 efx_nic_type structs to the end of the file + (jsc#PED-1565). +- sfc: Separate efx_nic memory from net_device memory + (jsc#PED-1565). +- sfc: Encapsulate access to netdev_priv() (jsc#PED-1565). +- sfc: Change BUG_ON to WARN_ON and recovery code (jsc#PED-1565). +- sfc: Remove netdev init from efx_init_struct (jsc#PED-1565). +- sfc: Add a PROBED state for EF100 VDPA use (jsc#PED-1565). +- sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP + (jsc#PED-1565). +- sfc:falcon: fix repeated words in comments (jsc#PED-1565). +- sfc: fix repeated words in comments (jsc#PED-1565). +- sfc: siena: fix repeated words in comments (jsc#PED-1565). +- cxgb4/cxgb4vf: Fix typo in comments (jsc#PED-1506). +- cxgb4vf: remove unexpected word "the" (jsc#PED-1506). +- sfc/siena: Fix typo in comment (jsc#PED-1565). +- sfc: Fix typo in comment (jsc#PED-1565). +- tcp: Fix data-races around sysctl knobs related to SYN option + (jsc#PED-1506). +- tcp: Fix data-races around sysctl_tcp_ecn (jsc#PED-1506). +- RDMA/qedr: Fix reporting QP timeout attribute (jsc#PED-1529). +- net/mlx4_en: Fix wrong return value on ioctl EEPROM query + failure (jsc#PED-1548). +- qed: replace bitmap_weight with bitmap_empty in qed_roce_stop() + (jsc#PED-1526). +- qed: rework qed_rdma_bmap_free() (jsc#PED-1526). +- net: mellanox: fix open-coded for_each_set_bit() (jsc#PED-1548). +- sfc/siena: fix wrong tx channel offset with + efx_separate_tx_channels (jsc#PED-1565). +- sfc/siena: fix considering that all channels have TX queues + (jsc#PED-1565). +- sfc: fix wrong tx channel offset with efx_separate_tx_channels + (jsc#PED-1565). +- sfc: fix considering that all channels have TX queues + (jsc#PED-1565). +- RDMA/mlx4: Avoid flush_scheduled_work() usage (jsc#PED-1547). +- RDMA/qedr: Remove unnecessary synchronize_irq() before + free_irq() (jsc#PED-1529). +- RDMA/siw: Enable siw on tunnel devices (jsc#PED-1503). +- qed: fix typos in comments (jsc#PED-1526). +- net: qed: fix typos in comments (jsc#PED-1526). +- sfc/siena: Remove duplicate check on segments (jsc#PED-1565). +- sfc: siena: Have a unique wrapper ifndef for efx channels header + (jsc#PED-1565). +- net: qede: Remove unnecessary synchronize_irq() before + free_irq() (jsc#PED-1526). +- qed: Remove unnecessary synchronize_irq() before free_irq() + (jsc#PED-1526). +- sfc/siena: Reinstate SRIOV init/fini function calls + (jsc#PED-1565). +- sfc/siena: Make PTP and reset support specific for Siena + (jsc#PED-1565). +- sfc/siena: Make MCDI logging support specific for Siena + (jsc#PED-1565). +- siena: Make HWMON support specific for Siena (jsc#PED-1565). +- siena: Make SRIOV support specific for Siena (jsc#PED-1565). +- siena: Make MTD support specific for Siena (jsc#PED-1565). +- sfc: Add a basic Siena module (jsc#PED-1565). +- sfc/siena: Inline functions in sriov.h to avoid conflicts with + sfc (jsc#PED-1565). +- sfc/siena: Rename functions in nic_common.h to avoid conflicts + with sfc (jsc#PED-1565). +- sfc/siena: Rename functions in mcdi headers to avoid conflicts + with sfc (jsc#PED-1565). +- sfc/siena: Rename peripheral functions to avoid conflicts with + sfc (jsc#PED-1565). +- sfc/siena: Rename RX/TX functions to avoid conflicts with sfc + (jsc#PED-1565). +- sfc/siena: Rename functions in efx headers to avoid conflicts + with sfc (jsc#PED-1565). +- sfc/siena: Remove build references to missing functionality + (jsc#PED-1565). +- sfc: Copy shared files needed for Siena (part 2) (jsc#PED-1565). +- sfc: Copy shared files needed for Siena (part 1) (jsc#PED-1565). +- sfc: Move Siena specific files (jsc#PED-1565). +- net: don't allow user space to lift the device limits + (jsc#PED-1565). +- net: add netif_inherit_tso_max() (jsc#PED-1565). +- sfc: Copy a subset of mcdi_pcol.h to siena (jsc#PED-1565). +- sfc: Disable Siena support (jsc#PED-1565). +- netdev: reshuffle netif_napi_add() APIs to allow dropping weight + (jsc#PED-1565). +- qede: Reduce verbosity of ptp tx timestamp (jsc#PED-1526). +- sfc: add EF100 VF support via a write to sriov_numvfs + (jsc#PED-1565). +- qed: Remove IP services API (jsc#PED-1526). +- sfc: Remove global definition of efx_reset_type_names + (jsc#PED-1565). +- sfc: Remove duplicate definition of efx_xmit_done + (jsc#PED-1565). +- sfc: efx_default_channel_type APIs can be static (jsc#PED-1565). +- sfc: Fix spelling mistake "writting" -> "writing" + (jsc#PED-1565). +- sfc: ef10: Fix assigning negative value to unsigned variable + (jsc#PED-1565). +- sfc: use hardware tx timestamps for more than PTP + (jsc#PED-1565). +- qed: remove an unneed NULL check on list iterator + (jsc#PED-1526). +- sfc: Stop using iommu_present() (jsc#PED-1565). +- net: chelsio: cxgb4: Avoid potential negative array offset + (jsc#PED-1506). +- sfc: Avoid NULL pointer dereference on systems without numa + awareness (jsc#PED-1565). +- RDMA/mlx4: remove redundant assignment to variable nreq + (jsc#PED-1547). +- RDMA/mlx4: Delete useless module.h include (jsc#PED-1547). +- qed: remove unnecessary memset in qed_init_fw_funcs + (jsc#PED-1526). +- net/mlx4_en: use kzalloc (jsc#PED-1548). +- net/mlx4: Delete useless moduleparam include (jsc#PED-1548). +- e1000e: Print PHY register address when MDI read/write fails + (jsc#PED-837). +- sfc: set affinity hints in local NUMA node only (jsc#PED-1565). +- sfc: default config to 1 channel/core in local NUMA node only + (jsc#PED-1565). +- qed: prevent a fw assert during device shutdown (jsc#PED-1526). +- sfc: The size of the RX recycle ring should be more flexible + (jsc#PED-1565). +- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() + for udelay (jsc#PED-1526). +- e1000e: Remove useless DMA-32 fallback configuration + (jsc#PED-837). +- sfc: extend the locking on mcdi->seqno (jsc#PED-1565). +- ethernet: broadcom/sb1250-mac: don't write directly to + netdev->dev_addr (jsc#PED-1565). +- amd: declance: use eth_hw_addr_set() (jsc#PED-1565). +- sysctl: move some boundary constants from sysctl.c to + sysctl_vals (jsc#PED-1506). +- RDMA/siw: make use of the helper function kthread_run_on_cpu() + (jsc#PED-1503). +- kthread: add the helper function kthread_run_on_cpu() + (jsc#PED-1503). +- RDMA/mad: Delete duplicated init_query_mad functions + (jsc#PED-1547). +- iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl + (jsc#PED-1508). +- RDMA/siw: Use max() instead of doing it manually (jsc#PED-1503). +- RDMA/mlx4: Use bitmap_alloc() when applicable (jsc#PED-1547). +- RDMA/siw: Use helper function to set sys_image_guid + (jsc#PED-1503). +- RDMA/cxgb4: Use non-atomic bitmap functions when possible + (jsc#PED-1508). +- RDMA/cxgb4: Use bitmap_set() when applicable (jsc#PED-1508). +- RDMA/cxgb4: Use bitmap_zalloc() when applicable (jsc#PED-1508). +- RDMA/cxgb4: Use helper function to set GUIDs (jsc#PED-1508). +- net/mlx4: Use irq_update_affinity_hint() (jsc#PED-1548). +- cxgb4vf: Remove useless DMA-32 fallback configuration + (jsc#PED-1506). +- cxgb4: Remove useless DMA-32 fallback configuration + (jsc#PED-1506). +- gro: add ability to control gro max packet size (jsc#PED-1565). +- qed: Use dma_set_mask_and_coherent() and simplify code + (jsc#PED-1526). +- net: Don't include filter.h from net/sock.h (jsc#PED-1548). +- net: linkwatch: add net device refcount tracker (jsc#PED-1565). +- lib: add reference counting tracking infrastructure + (jsc#PED-1565). +- qed*: esl priv flag support through ethtool (jsc#PED-1526). +- qed*: enhance tx timeout debug info (jsc#PED-1526). +- qed: Enhance rammod debug prints to provide pretty details + (jsc#PED-1526). +- cxgb4: allow reading unrecognized port module eeprom + (jsc#PED-1506). +- qed: Use the bitmap API to simplify some functions + (jsc#PED-1526). +- net: annotate accesses to dev->gso_max_size (jsc#PED-1565). +- dev_addr: add a modification check (jsc#PED-1565). +- net: unexport dev_addr_init() & dev_addr_flush() (jsc#PED-1565). +- net: constify netdev->dev_addr (jsc#PED-1565). +- cxgb4: Use struct_group() for memcpy() region (jsc#PED-1506). +- smc9194: use eth_hw_addr_set() (jsc#PED-1565). +- amd: a2065/ariadne: use eth_hw_addr_set() (jsc#PED-1565). +- amd: ni65: use eth_hw_addr_set() (jsc#PED-1565). +- amd: lance: use eth_hw_addr_set() (jsc#PED-1565). +- ipw2200: constify address in ipw_send_adapter_address + (jsc#PED-1565). +- mlxsw: constify address in mlxsw_sp_port_dev_addr_set + (jsc#PED-1565). +- net: gro: populate net/core/gro.c (jsc#PED-1565). +- net: gro: move skb_gro_receive into net/core/gro.c + (jsc#PED-1565). +- net: gro: move skb_gro_receive_list to udp_offload.c + (jsc#PED-1565). +- tools: sync uapi/linux/if_link.h header (jsc#PED-1565). +- r8169: fix incorrect mac address assignment (jsc#PED-1565). +- staging: use eth_hw_addr_set() in orphan drivers (jsc#PED-1565). +- staging: rtl: use eth_hw_addr_set() (jsc#PED-1565). +- staging: unisys: use eth_hw_addr_set() (jsc#PED-1565). +- staging: rtl8712: prepare for const netdev->dev_addr + (jsc#PED-1565). +- staging: qlge: use eth_hw_addr_set() (jsc#PED-1565). +- staging: use eth_hw_addr_set() for dev->addr_len cases + (jsc#PED-1565). +- staging: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- staging: use eth_hw_addr_set() (jsc#PED-1565). +- RDMA/qed: Use helper function to set GUIDs (jsc#PED-1526). +- net: sgi-xp: use eth_hw_addr_set() (jsc#PED-1565). +- net: virtio: use eth_hw_addr_set() (jsc#PED-1565). +- mpt fusion: use dev_addr_set() (jsc#PED-1565). +- media: use eth_hw_addr_set() (jsc#PED-1565). +- net: thunderbolt: use eth_hw_addr_set() (jsc#PED-1565). +- staging: use of_get_ethdev_address() (jsc#PED-1565). +- net/mlx5e: don't write directly to netdev->dev_addr + (jsc#PED-1565). +- bluetooth: use dev_addr_set() (jsc#PED-1565). +- bluetooth: use eth_hw_addr_set() (jsc#PED-1565). +- fddi: defza: add missing pointer type cast (jsc#PED-1565). +- usbb: catc: use correct API for MAC addresses (jsc#PED-1565). +- net: atm: use address setting helpers (jsc#PED-1565). +- net: drivers: get ready for const netdev->dev_addr + (jsc#PED-1565). +- net: caif: get ready for const netdev->dev_addr (jsc#PED-1565). +- net: hsr: get ready for const netdev->dev_addr (jsc#PED-1565). +- net: bonding: constify and use dev_addr_set() (jsc#PED-1565). +- net: rtnetlink: use __dev_addr_set() (jsc#PED-1565). +- net: core: constify mac addrs in selftests (jsc#PED-1565). +- zd1201: use eth_hw_addr_set() (jsc#PED-1565). +- wl3501_cs: use eth_hw_addr_set() (jsc#PED-1565). +- ray_cs: use eth_hw_addr_set() (jsc#PED-1565). +- wilc1000: use eth_hw_addr_set() (jsc#PED-1565). +- hostap: use eth_hw_addr_set() (jsc#PED-1565). +- ipw2200: prepare for const netdev->dev_addr (jsc#PED-1565). +- airo: use eth_hw_addr_set() (jsc#PED-1565). +- brcmfmac: prepare for const netdev->dev_addr (jsc#PED-1565). +- atmel: use eth_hw_addr_set() (jsc#PED-1565). +- wil6210: use eth_hw_addr_set() (jsc#PED-1565). +- ath6kl: use eth_hw_addr_set() (jsc#PED-1565). +- wireless: use eth_hw_addr_set() for dev->addr_len cases + (jsc#PED-1565). +- wireless: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- wireless: use eth_hw_addr_set() (jsc#PED-1565). +- cfg80211: prepare for const netdev->dev_addr (jsc#PED-1565). +- mac80211: use eth_hw_addr_set() (jsc#PED-1565). +- wireless: mac80211_hwsim: use eth_hw_addr_set() (jsc#PED-1565). +- net: sb1000,rionet: use eth_hw_addr_set() (jsc#PED-1565). +- net: plip: use eth_hw_addr_set() (jsc#PED-1565). +- net: fjes: constify and use eth_hw_addr_set() (jsc#PED-1565). +- fddi: skfp: constify and use dev_addr_set() (jsc#PED-1565). +- fddi: defxx,defza: use dev_addr_set() (jsc#PED-1565). +- net: usb: don't write directly to netdev->dev_addr + (jsc#PED-1565). +- net: qmi_wwan: use dev_addr_mod() (jsc#PED-1565). +- usb: smsc: use eth_hw_addr_set() (jsc#PED-1565). +- net: xen: use eth_hw_addr_set() (jsc#PED-1565). +- batman-adv: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- mac802154: use dev_addr_set() - manual (jsc#PED-1565). +- mac802154: use dev_addr_set() (jsc#PED-1565). +- batman-adv: prepare for const netdev->dev_addr (jsc#PED-1565). +- ethernet: tlan: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: tehuti: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: stmmac: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: mlxsw: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: prestera: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: add a helper for assigning port addresses + (jsc#PED-1565). +- ethernet: smsc: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: smc91x: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: sis190: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: rocker: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: r8169: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: netxen: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: sky2/skge: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: mv643xx: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: use eth_hw_addr_set() in unmaintained drivers + (jsc#PED-1565). +- ethernet: ixgb: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: enic: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: bcmgenet: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: aquantia: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: amd: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: alteon: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: adaptec: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: remove random_ether_addr() (jsc#PED-1565). +- ethernet: replace netdev->dev_addr 16bit writes (jsc#PED-1565). +- ethernet: replace netdev->dev_addr assignment loops + (jsc#PED-1565). +- ethernet: manually convert memcpy(dev_addr,..., sizeof(addr)) + (jsc#PED-1565). +- ethernet: make use of eth_hw_addr_random() where appropriate + (jsc#PED-1565). +- ethernet: make eth_hw_addr_random() use dev_addr_set() + (jsc#PED-1565). +- net: remove single-byte netdev->dev_addr writes (jsc#PED-1565). +- ip: use dev_addr_set() in tunnels (jsc#PED-1565). +- hamradio: use dev_addr_set() for setting device address + (jsc#PED-1565). +- netdevice: demote the type of some dev_addr_set() helpers + (jsc#PED-1565). +- ipv6: constify dev_addr passing (jsc#PED-1565). +- llc/snap: constify dev_addr passing (jsc#PED-1565). +- ethernet: tulip: avoid duplicate variable name on sparc + (jsc#PED-1565). +- tulip: fix setting device address from rom (jsc#PED-1565). +- ethernet: sun: add missing semicolon, fix build (jsc#PED-1565). +- net: use dev_addr_set() (jsc#PED-1565). +- ethernet: sun: remove direct netdev->dev_addr writes + (jsc#PED-1565). +- ethernet: tulip: remove direct netdev->dev_addr writes + (jsc#PED-1565). +- ethernet: forcedeth: remove direct netdev->dev_addr writes + (jsc#PED-1565). +- ethernet: use platform_get_ethdev_address() (jsc#PED-1565). +- eth: platform: add a helper for loading netdev->dev_addr + (jsc#PED-1565). +- ethernet: use device_get_ethdev_address() (jsc#PED-1565). +- eth: fwnode: add a helper for loading netdev->dev_addr + (jsc#PED-1565). +- eth: fwnode: remove the addr len from mac helpers + (jsc#PED-1565). +- eth: fwnode: change the return type of mac address helpers + (jsc#PED-1565). +- ethernet: use of_get_ethdev_address() (jsc#PED-1565). +- of: net: add a helper for loading netdev->dev_addr + (jsc#PED-1565). +- net: usb: use eth_hw_addr_set() for dev->addr_len cases + (jsc#PED-1565). +- ethernet: use eth_hw_addr_set() - casts (jsc#PED-1565). +- fddi: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: s2io: use eth_hw_addr_set() (jsc#PED-1565). +- net: usb: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- net: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- net: usb: use eth_hw_addr_set() (jsc#PED-1565). +- net:dev: Change napi_gro_complete return type to void + (jsc#PED-1565). +- string.h: Introduce memset_startat() for wiping trailing + members and padding (jsc#PED-1508). +- string.h: Introduce memset_after() for wiping trailing + members/padding (jsc#PED-1508). +- lib: Introduce CONFIG_MEMCPY_KUNIT_TEST (jsc#PED-1508). +- skb_expand_head() adjust skb->truesize incorrectly + (jsc#PED-1565). +- etherdevice: use __dev_addr_set() (jsc#PED-1565). +- net: dev_addr_list: handle first address in __hw_addr_add_ex + (jsc#PED-1565). +- cxgb4: Use pci_vpd_find_id_string() to find VPD ID string + (jsc#PED-1506). +- PCI/VPD: Add pci_vpd_find_id_string() (jsc#PED-1506). +- PCI/VPD: Include post-processing in pci_vpd_find_tag() + (jsc#PED-1506). +- PCI/VPD: Stop exporting pci_vpd_find_info_keyword() + (jsc#PED-1506). +- PCI/VPD: Stop exporting pci_vpd_find_tag() (jsc#PED-1506). +- scsi: cxlflash: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1506). +- sfc: falcon: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1565). +- sfc: falcon: Read VPD with pci_vpd_alloc() (jsc#PED-1565). +- sfc: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1565). +- sfc: Read VPD with pci_vpd_alloc() (jsc#PED-1565). +- net-next: When a bond have a massive amount of VLANs with + IPv6 addresses, performance of changing link state, attaching + a VRF, changing an IPv6 address, etc. go down dramtically + (jsc#PED-1565). +- net: fix GRO skb truesize update (jsc#PED-1565). +- net: add netif_set_real_num_queues() for device reconfig + (jsc#PED-1565). +- net: add extack arg for link ops (jsc#PED-1565). +- move netdev_boot_setup into Space.c (jsc#PED-1565). +- drivers/net/usb: Remove all strcpy() uses (jsc#PED-1565). +- skbuff: introduce skb_expand_head() (jsc#PED-1565). +- sk_buff: avoid potentially clearing 'slow_gro' field + (jsc#PED-1565). +- skbuff: allow 'slow_gro' for skb carring sock reference + (jsc#PED-1565). +- net: optimize GRO for the common case (jsc#PED-1565). +- sk_buff: track extension status in slow_gro (jsc#PED-1565). +- sk_buff: track dst status in slow_gro (jsc#PED-1565). +- sk_buff: introduce 'slow_gro' flags (jsc#PED-1565). +- commit 407836b + +- ACPI: scan: Introduce acpi_fetch_acpi_dev() (jsc#PED-531). +- commit b412683 + +- usb: xhci-mtk: Use struct_size() helper in create_sch_ep() + (jsc#PED-531). +- commit 9da5b62 + +- usb: host: xhci-plat: Remove useless DMA-32 fallback + configuration (jsc#PED-531). +- commit ece14b2 + +- PM: sleep: Add device name to suspend_report_result() + (jsc#PED-531). +- commit 7dc852b + +- USB: core: Update kerneldoc for usb_get_dev() and usb_get_intf() + (jsc#PED-531). +- commit fb5f494 + +- usb: remove Link Powermanagement (LPM) disable before port reset + (jsc#PED-531). +- commit 4ce8161 + +- USB: usbfs: Use a spinlock instead of atomic accesses to tally + used memory (jsc#PED-531). +- commit a94fca8 + +- USB: ACPI: Replace acpi_bus_get_device() (jsc#PED-531). +- commit 37182c2 + +- usb: core: Bail out when port is stuck in reset loop + (jsc#PED-531). +- commit 656550a + +- usb: common: usb-conn-gpio: Make VBUS supply completely optional + (jsc#PED-531). +- commit fa1ce11 + +- usb: ulpi: Add debugfs support (jsc#PED-531). +- commit d397b49 + +- component: Add common helper for compare/release functions + (jsc#PED-531). +- commit 2986bd9 + +- acpi: Export acpi_bus_type (jsc#PED-531). +- commit 7c22384 + +- component: Replace most references to 'master' with 'aggregate + device' (jsc#PED-531). +- commit 9131eb9 + +- drivers/base/component.c: remove superfluous header files from + component.c (jsc#PED-531). +- commit ab1424f + +- blacklist.conf: remove kABI entries for SP5 + SP5 may break the kABI. Hence the patches that did not go + into SP4 for kABI reasons should go into SP5, unless other reasons + for blocking them exist. Removing the entries to trigger + a reevaluation +- commit 8607b86 + +- acpi: Store CRC-32 hash of the _PLD in struct acpi_device + (jsc#PED-531). +- commit 817d17e + +- usb: typec: port-mapper: Convert to the component framework + (jsc#PED-531). +- Refresh patches.suse/typeC-Add-kABI-placeholders.patch. +- commit ee7ecd6 + +- usb: typec: ucsi: Expose number of alternate modes in partner + (jsc#PED-531). +- commit 2bab2dd + +- usb: typec: tipd: Fix initialization sequence for cd321x + (jsc#PED-531). +- commit c7460c1 + +- usb: typec: tipd: Fix typo in cd321x_switch_power_state + (jsc#PED-531). +- commit 11f03ee + +- usb: typec: tipd: Enable event interrupts by default + (jsc#PED-531). +- commit cba4c03 + +- usb: typec: tipd: Remove FIXME about testing with I2C_FUNC_I2C + (jsc#PED-531). +- commit a81811f + +- usb: typec: tipd: Switch CD321X power state to S0 (jsc#PED-531). +- commit 2cbb386 + +- usb: typec: tipd: Add support for Apple CD321X (jsc#PED-531). +- commit 31d2bf2 + +- usb: typec: tipd: Add short-circuit for no irqs (jsc#PED-531). +- commit e9cc528 + +- usb: typec: tipd: Split interrupt handler (jsc#PED-531). +- commit 5143aea + +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. + Added missing chenge from merge commit (bsc#1203479) +- commit 2a4b363 + +- powerpc/doc: Fix htmldocs errors (git-fixes). +- commit c32a50b + +- efi: do not automatically generate secret key (jsc#PED-1444). +- commit 4a26ca3 + +- dmaengine: idxd: fix retry value to be constant for duration + of function call (git-fixes). +- dmaengine: idxd: match type for retries var in idxd_enqcmds() + (git-fixes). +- commit ad373ba + +- dmaengine: idxd: change MSIX allocation based on per wq + activation (jsc#PED-664). +- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). +- dmaengine: idxd: embed irq_entry in idxd_wq struct + (jsc#PED-664). +- commit d9570b4 + +- Update patch referece for IDXD fix (jsc#PED-729) +- commit 0666616 + +- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). +- commit b9e7fd2 + +- dmaengine: idxd: update IAA definitions for user header + (jsc#PED-763). +- commit 966fd07 + +- dmaengine: idxd: handle interrupt handle revoked event + (jsc#PED-682). +- Refresh + patches.suse/dmaengine-idxd-set-defaults-for-wq-configs.patch. +- commit b8b62ed + +- dmaengine: idxd: handle invalid interrupt handle descriptors + (jsc#PED-682). +- commit 4d43b5f + +- dmaengine: idxd: create locked version of idxd_quiesce() call + (jsc#PED-682). +- commit 84c33cd + +- dmaengine: idxd: add helper for per interrupt handle drain + (jsc#PED-682). +- commit 7f570d2 + +- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). +- commit c11ff86 + +- dmaengine: idxd: int handle management refactoring + (jsc#PED-682). +- commit a2ea081 + +- dmaengine: idxd: rework descriptor free path on failure + (jsc#PED-682). +- commit 10afe67 + +- dmaengine: idxd: set defaults for wq configs (jsc#PED-688). +- Refresh + patches.suse/dmaengine-idxd-fix-wq-settings-post-wq-disable.patch. +- commit d90c3a3 + +- PCI: Disable MSI for Tegra234 Root Ports (git-fixes). +- PCI: Correct misspelled words (git-fixes). +- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). +- commit 2fdd511 + +- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited + (jsc#PED-387). +- commit 7d30fcd + +- net: dsa: mt7530: 1G can also support 1000BASE-X link mode + (git-fixes). +- commit cdb75aa + +- igb: skip phy status check where unavailable (git-fixes). +- commit a3b27da + +- ice: fix possible under reporting of ethtool Tx and Rx + statistics (git-fixes). +- commit c2f52c2 + +- ice: fix crash when writing timestamp on RX rings (git-fixes). +- commit fb0a1aa + +- net/mlx5: Drain fw_reset when removing device (git-fixes). +- commit 97a86a6 + +- net/mlx5e: Remove HW-GRO from reported features (git-fixes). +- commit 4a77968 + +- net/mlx5e: Properly block HW GRO when XDP is enabled + (git-fixes). +- commit f953f8f + +- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). +- commit 6b1fa7c + +- net/mlx5e: Block rx-gro-hw feature in switchdev mode + (git-fixes). +- commit a1cfc32 + +- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). +- commit 52c2fa5 + +- net: systemport: Fix an error handling path in + bcm_sysport_probe() (git-fixes). +- commit b45f6dc + +- net: macb: Increment rx bd head after allocating skb and buffer + (git-fixes). +- commit 41b13b2 + +- net: ipa: get rid of a duplicate initialization (git-fixes). +- commit a69d7cd + +- net: ipa: record proper RX transaction count (git-fixes). +- commit 0de4988 + +- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() + (git-fixes). +- commit cf3c3f2 + +- net: ethernet: mediatek: ppe: fix wrong size passed to memset() + (git-fixes). +- commit f134be1 + +- ice: Fix race during aux device (un)plugging (git-fixes). +- commit 4278261 + +- net: mscc: ocelot: avoid corrupting hardware counters when + moving VCAP filters (git-fixes). +- commit ca8eb08 + +- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 + (git-fixes). +- commit d224ca3 + +- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups + (git-fixes). +- commit 95340f0 + +- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in + hardware when deleted (git-fixes). +- commit bda7960 + +- net: emaclite: Add error handling for of_address_to_resource() + (git-fixes). +- commit a361614 + +- net: cpsw: add missing of_node_put() in cpsw_probe_dt() + (git-fixes). +- commit 014fc77 + +- net: stmmac: dwmac-sun8i: add missing of_node_put() in + sun8i_dwmac_register_mdio_mux() (git-fixes). +- commit 72dc370 + +- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() + (git-fixes). +- commit 1fa6443 + +- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller + (git-fixes). +- commit f4b10fd + +- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() + (git-fixes). +- commit 6d689b8 + +- net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK + (git-fixes). +- commit cda6d8f + +- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for + port_base_addr (git-fixes). +- commit fc0f29e + +- net: bcmgenet: hide status block before TX timestamping + (git-fixes). +- commit 7471b10 + +- net: stmmac: Use readl_poll_timeout_atomic() in atomic state + (git-fixes). +- commit 77bb15d + +- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). +- commit 9360c59 + +- net: bcmgenet: Revert "Use stronger register read/writes to + assure ordering" (git-fixes). +- commit 2e1c776 + +- net: ftgmac100: access hardware register after clock ready + (git-fixes). +- commit 6f339f4 + +- s390/boot: fix absolute zero lowcore corruption on boot + (git-fixes). +- commit 673e9bc + +- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). +- commit 04343f5 + +- Update patches.suse/SUNRPC-Prevent-immediate-close-reconnect.patch + (git-fixes, bsc#1203338). +- commit 1a26f26 + +- net: ethernet: stmmac: fix altr_tse_pcs function when using + a fixed-link (git-fixes). +- commit 6e948de + +- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). +- commit 6052c6d + +- mlxsw: i2c: Fix initialization error flow (git-fixes). +- commit b1671b5 + +- net: ethernet: mv643xx: Fix over zealous checking + of_get_mac_address() (git-fixes). +- commit d6232d0 + +- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg + (git-fixes). +- commit 5811714 + +- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). +- commit 20972b2 + +- net: stmmac: Fix unset max_speed difference between DT and + non-DT platforms (git-fixes). +- commit 21d6298 + +- vrf: fix packet sniffing for traffic originating from ip tunnels + (git-fixes). +- commit 656f34a + +- net: hns3: fix the concurrency between functions reading debugfs + (git-fixes). +- commit b62a96b + +- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). +- commit 91c7940 + +- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list + iterator (git-fixes). +- commit 587d5e0 + +- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). +- commit e5cbf9e + +- blacklist.conf: update blacklist +- commit b64ff66 + +- usb: typec: ucsi: Better fix for missing unplug events issue + (jsc#PED-531). +- commit 23c30d4 + +- usb: typec: ucsi: Read the PDOs in separate work (jsc#PED-531). +- commit 120360c + +- usb: typec: ucsi: Check the partner alt modes always if there + is PD contract (jsc#PED-531). +- commit 109aef2 + +- usb: typec: ucsi: acpi: Reduce the command completion timeout + (jsc#PED-531). +- commit 6c0912c + +- usb: typec: ucsi: Add polling mechanism for partner tasks like + alt mode checking (jsc#PED-531). +- commit 9e46ec7 + +- usb: typec: tcpci: Fix spelling mistake "resolbed" -> "resolved" + (jsc#PED-531). +- commit fbac539 + +- usb: typec: tipd: Add an additional overflow check (git-fixes). +- commit b1f97fa + +- usb: typec: tipd: Don't read/write more bytes than required + (git-fixes). +- commit e669366 + +- Update patch references for ALSA fixes (jsc#PED-652 jsc#PED-720) +- commit 3c5b516 + +- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). +- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). +- commit 012fcdf + +- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs + (jsc#PED-720). +- commit ae48fdf + +- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). +- commit c23d1e1 + +- ALSA: control: Use deferred fasync helper (git-fixes). +- ALSA: timer: Use deferred fasync helper (git-fixes). +- ALSA: core: Add async signal helpers (git-fixes). +- ALSA: jack: Access input_dev under mutex (git-fixes). +- commit d1a09af + +- Enable the build of nvidia-wmi-ec-backlight module (jsc#PED-1164) +- commit f9ebde3 + +- platform/x86: Rename wmaa-backlight-wmi to + nvidia-wmi-ec-backlight (jsc#PED-1164). +- platform/x86: Remove "WMAA" from identifier names in + wmaa-backlight-wmi.c (jsc#PED-1164). +- platform/x86: Add driver for ACPI WMAA EC-based backlight + control (jsc#PED-1164). +- commit 1975b25 + +- blacklist.conf: Drop kABI-related ALSA entries from SP4 +- commit cb39f3b + +- usb: Link the ports to the connectors they are attached to + (jsc#PED-531). +- commit fe04d18 + +- usb: core: Export usb_device_match_id (jsc#PED-531). +- commit aa72be2 + +- usb: hub: make wait_for_connected() take an int instead of a + pointer to int (jsc#PED-531). +- commit d7280d6 + +- usb: chipidea: tegra: Add runtime PM and OPP support + (jsc#PED-531). +- commit 3f3ba93 + +- soc/tegra: Add devm_tegra_core_dev_init_opp_table_common() + (jsc#PED-531). +- commit 7ad426c + +- Update DRM UDL patches from upstreamed patches (bsc#1195917) + Dropped: + patches.suse/0001-drm-udl-Restore-display-mode-on-resume.patch +- commit eab8d35 + +- ice: Allow operation with reduced device MSI-X (bsc#1201987). +- commit adb8f10 + +- powerpc/pseries/vas: Use QoS credits from the userspace + (jsc#PED-542). +- powerpc/pseries/vas: Add VAS migration handler (jsc#PED-542). +- Refresh patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch +- Refresh patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch +- powerpc/pseries/vas: Modify reconfig open/close functions for + migration (jsc#PED-542). +- powerpc/pseries/vas: Define global hv_cop_caps struct + (jsc#PED-542). +- powerpc/pseries/vas: Add 'update_total_credits' entry for QoS + capabilities (jsc#PED-542). +- powerpc/pseries/vas: sysfs interface to export capabilities + (jsc#PED-542). +- powerpc/pseries/vas: Reopen windows with DLPAR core add + (jsc#PED-542). +- powerpc/pseries/vas: Close windows with DLPAR core removal + (jsc#PED-542). +- powerpc/vas: Map paste address only if window is active + (jsc#PED-542). +- powerpc/vas: Return paste instruction failure if no active + window (jsc#PED-542). +- powerpc/vas: Add paste address mmap fault handler (jsc#PED-542). +- powerpc/pseries/vas: Save PID in pseries_vas_window struct + (jsc#PED-542). +- powerpc/pseries/vas: Use common names in VAS capability + structure (jsc#PED-542). +- commit b24c3ed + +- watchdog/pseries-wdt: initial support for H_WATCHDOG-based + watchdog timers (jsc#PED-549). +- Update config files. +- supported.conf: Add pseries-wdt +- powerpc/pseries: register pseries-wdt device with platform bus + (jsc#PED-549). +- powerpc/pseries: add FW_FEATURE_WATCHDOG flag (jsc#PED-549). +- powerpc/pseries: hvcall.h: add H_WATCHDOG opcode, H_NOOP return + code (jsc#PED-549). +- powerpc/pseries: Fix numa FORM2 parsing fallback code + (jsc#PED-551). +- powerpc/pseries: rename numa_dist_table to form2_distances + (jsc#PED-551). +- powerpc/pseries: Add support for FORM2 associativity + (jsc#PED-551). +- Refresh patches.suse/powerpc-pseries-Interface-to-represent-PAPR-firmware.patch +- powerpc/pseries: Add a helper for form1 cpu distance + (jsc#PED-551). +- powerpc/pseries: Consolidate different NUMA distance update + code paths (jsc#PED-551). +- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch +- commit 1708bfe + +- usb: hub: avoid warm port reset during USB3 disconnect + (git-fixes). +- commit 8af7b8e + +- usb: core: hcd: change sizeof(vaddr) to sizeof(unsigned long) + (jsc#PED-531). +- commit 1523b0b + +- scsi: ipr: Fix missing/incorrect resource cleanup in error case + (jsc#PED-548). +- scsi: ipr: Use kobj_to_dev() (jsc#PED-548). +- scsi: ipr: Directly return instead of using local ret variable + (jsc#PED-548). +- commit 1d92f11 + +- usb: core: Fix file path that does not exist (jsc#PED-531). +- commit f9f0a5e + +- USB: common: debug: add needed kernel.h include (jsc#PED-531). +- commit 944eff7 + +- xhci: use max() to make code cleaner (jsc#PED-531). +- commit a9fbbb5 + +- usb: xhci-mtk: fix random remote wakeup (jsc#PED-531). +- commit 6629649 + +- usb: xhci-mtk: remove unnecessary error check (jsc#PED-531). +- commit b17a19c + +- usb: xhci-mtk: fix list_del warning when enable list debug + (jsc#PED-531). +- commit 90a533c + +- usb: xhci-mtk: enable wake-up interrupt after runtime_suspend + called (jsc#PED-531). +- commit 293016f + +- PM / wakeirq: support enabling wake-up irq after runtime_suspend + called (jsc#PED-531). +- commit c727a40 + +- usb: xhci: Use to_pci_driver() instead of pci_dev->driver + (jsc#PED-531). +- commit 541116e + +- usb: core: config: Change sizeof(struct ...) to + sizeof(*...) (jsc#PED-531). +- commit 249a144 + +- usb: core: hcd: fix messages in usb_hcd_request_irqs() + (jsc#PED-531). +- commit 6d29347 + +- usb: core: hcd: Modularize HCD stop configuration in + usb_stop_hcd() (jsc#PED-531). +- commit dfccab2 + +- usb: xhci-mtk: use xhci_dbg() to print log (jsc#PED-531). +- commit e7dd0f8 + +- usb: xhci-mtk: allow bandwidth table rollover (jsc#PED-531). +- commit 11e08d1 + +- usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint + (jsc#PED-531). +- commit 8d6c90e + +- usb: xhci-mtk: modify the SOF/ITP interval for mt8195 + (jsc#PED-531). +- commit da8bc69 + +- usb: xhci-mtk: add a member of num_esit (jsc#PED-531). +- commit 4745d08 + +- usb: xhci-mtk: check boundary before check tt (jsc#PED-531). +- commit 5bf9b17 + +- usb: xhci-mtk: update fs bus bandwidth by bw_budget_table + (jsc#PED-531). +- commit 2035273 + +- usb: xhci-mtk: support option to disable usb2 ports + (jsc#PED-531). +- commit 21ff31f + +- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) +- commit 49a8536 + +- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) +- commit 8e1f358 + +- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) + Enable this errata fix configuration option to arm64/default. +- commit c8ec028 + +- Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes) +- commit 3916261 + +- arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) +- commit 0ad904d + +- tty: drop put_tty_driver (jsc#PED-531). +- Refresh + patches.suse/ipack-ipoctal-fix-stack-information-leak.patch. +- commit 512f7d8 + +- tracing: hold caller_addr to hardirq_{enable,disable}_ip + (git-fixes). +- commit ec23c84 + +- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline + when ftrace is dead (git-fixes). +- commit 4b6dc41 + +- usb: renesas-xhci: Remove renesas_xhci_pci_exit() (jsc#PED-531). +- commit 5a90fd4 + +- btrfs: fix space cache corruption and potential double + allocations (bsc#1203361). +- commit 0479f45 + +- btrfs: fix relocation crash due to premature return from + btrfs_commit_transaction() (bsc#1203360). +- commit 5ceb88f + +- usb: xhci-renesas: Minor coding style cleanup (jsc#PED-531). +- commit 229132e + +- KVM: x86: do not report a vCPU as preempted outside instruction + boundaries (bsc#1203066 CVE-2022-39189). +- commit c89b7e4 + +- blacklist.conf: add 3 commits for git-fixes not needed +- commit 6f1ca85 + +- netfilter: nf_tables: do not allow RULE_ID to refer to another + chain (CVE-2022-2586 bsc#1202095). +- netfilter: nf_tables: do not allow CHAIN_ID to refer to another + table (CVE-2022-2586 bsc#1202095). +- netfilter: nf_tables: do not allow SET_ID to refer to another + table (CVE-2022-2586 bsc#1202095). +- commit 42bb8dc + +- Update + patches.suse/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch + references (add CVE-2020-16119 bsc#1177471). +- commit 7d3c30f + +- Update message from free_area_init (bsc#1203101) + Refreshed: + patches.suse/0002-mm-handle-uninitialized-numa-nodes-gracefully.patch +- commit 58d8d59 + +- blacklist.conf: unwanted s390 commits +- commit 7773032 + +- watchdog: wdat_wdt: Set the min and max timeout values properly + (bsc#1194023). +- commit d609cb4 + +- kbuild: disable header exports for UML in a straightforward way + (git-fixes). +- docs: i2c: i2c-topology: fix incorrect heading (git-fixes). +- commit 96f4a7a + +- hwmon: (mr75203) enable polling for all VM channels (git-fixes). +- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). +- hwmon: (mr75203) fix voltage equation for negative source input + (git-fixes). +- hwmon: (mr75203) update pvt->v_num and vm_num to the actual + number of used sensors (git-fixes). +- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" + not defined (git-fixes). +- dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to + be optional (git-fixes). +- hwmon: (tps23861) fix byte order in resistance register + (git-fixes). +- commit 4be15df + +- ALSA: emu10k1: Fix out of bounds access in + snd_emu10k1_pcm_channel_alloc() (git-fixes). +- ALSA: usb-audio: Fix an out-of-bounds bug in + __snd_usb_parse_audio_interface() (git-fixes). +- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). +- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). +- ALSA: aloop: Fix random zeros in capture data when using + jiffies timer (git-fixes). +- commit e787e77 + +- ASoC: qcom: sm8250: add missing module owner (git-fixes). +- ALSA: hda/sigmatel: Fix unused variable warning for beep power + change (git-fixes). +- ALSA: usb-audio: Split endpoint setups for hw_params and prepare + (git-fixes). +- ALSA: usb-audio: Register card again for iface over + delayed_register option (git-fixes). +- ALSA: usb-audio: Inform the delayed registration more properly + (git-fixes). +- commit fdc009b + +- Move upstreamed patches into sorted section +- commit 9769cb9 + +- bnxt_en: add dynamic debug support for HWRM messages + (jsc#PED-1495). +- Refresh + patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch. +- commit 9044955 + +- RDMA: Constify netdev->dev_addr accesses (jsc#PED-1494). +- Refresh + patches.suse/RDMA-bnxt_re-Use-helper-function-to-set-GUIDs.patch. +- commit d62d7be + +- bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback + (jsc#PED-1495). +- bnxt_en: fix NQ resource accounting during vf creation on + 57500 chips (jsc#PED-1495). +- bnxt_en: set missing reload flag in devlink features + (jsc#PED-1495). +- bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP + is not in use (jsc#PED-1495). +- bnxt: Use the bitmap API to allocate bitmaps (jsc#PED-1495). +- bnxt: Fix typo in comments (jsc#PED-1495). +- bnxt_en: Fix bnxt_refclk_read() (jsc#PED-1495). +- bnxt_en: Fix and simplify XDP transmit path (jsc#PED-1495). +- bnxt_en: fix livepatch query (jsc#PED-1495). +- bnxt_en: Fix bnxt_reinit_after_abort() code path (jsc#PED-1495). +- bnxt_en: reclaim max resources if sriov enable fails + (jsc#PED-1495). +- eth: bnxt: make ulp_id unsigned to make GCC 12 happy + (jsc#PED-1495). +- bnxt_en: parse and report result field when NVRAM package + install fails (jsc#PED-1495). +- bnxt_en: Enable packet timestamping for all RX packets + (jsc#PED-1495). +- bnxt_en: Configure ptp filters during bnxt open (jsc#PED-1495). +- bnxt_en: Update firmware interface to 1.10.2.95 (jsc#PED-1495). +- bnxt: XDP multibuffer enablement (jsc#PED-1495). +- bnxt: support transmit and free of aggregation buffers + (jsc#PED-1495). +- bnxt: adding bnxt_xdp_build_skb to build skb from multibuffer + xdp_buff (jsc#PED-1495). +- bnxt: add page_pool support for aggregation ring when using xdp + (jsc#PED-1495). +- bnxt: change receive ring space parameters (jsc#PED-1495). +- bnxt: set xdp_buff pfmemalloc flag if needed (jsc#PED-1495). +- bnxt: adding bnxt_rx_agg_pages_xdp for aggregated xdp + (jsc#PED-1495). +- bnxt: rename bnxt_rx_pages to bnxt_rx_agg_pages_skb + (jsc#PED-1495). +- bnxt: refactor bnxt_rx_pages operate on skb_shared_info + (jsc#PED-1495). +- bnxt: add flag to denote that an xdp program is currently + attached (jsc#PED-1495). +- bnxt: refactor bnxt_rx_xdp to separate + xdp_init_buff/xdp_prepare_buff (jsc#PED-1495). +- bnxt_en: Initiallize bp->ptp_lock first before using it + (jsc#PED-1495). +- devlink: add explicitly locked flavor of the rate node APIs + (jsc#PED-1495). +- bnxt: use the devlink instance lock to protect sriov + (jsc#PED-1495). +- devlink: expose instance locking and add locked port registering + (jsc#PED-1495). +- bnxt: revert hastily merged uAPI aberrations (jsc#PED-1495). +- bnxt_en: add an nvm test for hw diagnose (jsc#PED-1495). +- bnxt_en: implement hw health reporter (jsc#PED-1495). +- bnxt_en: Properly report no pause support on some cards + (jsc#PED-1495). +- bnxt_en: introduce initial link state of unknown (jsc#PED-1495). +- bnxt_en: parse result field when NVRAM package install fails + (jsc#PED-1495). +- bnxt_en: add more error checks to HWRM_NVM_INSTALL_UPDATE + (jsc#PED-1495). +- bnxt_en: refactor error handling of HWRM_NVM_INSTALL_UPDATE + (jsc#PED-1495). +- bnxt: report header-data split state (jsc#PED-1495). +- ethtool: add header/data split indication (jsc#PED-1495). +- bnxt_en: Handle async event when the PHC is updated in RTC mode + (jsc#PED-1495). +- bnxt_en: Implement .adjtime() for PTP RTC mode (jsc#PED-1495). +- bnxt_en: Add driver support to use Real Time Counter for PTP + (jsc#PED-1495). +- bnxt_en: PTP: Refactor PTP initialization functions + (jsc#PED-1495). +- bnxt_en: Update firmware interface to 1.10.2.73 (jsc#PED-1495). +- bpf: introduce BPF_F_XDP_HAS_FRAGS flag in prog_flags loading + the ebpf program (jsc#PED-1495). +- net: xdp: add xdp_update_skb_shared_info utility routine + (jsc#PED-1495). +- xdp: introduce flags field in xdp_buff/xdp_frame (jsc#PED-1495). +- net: skbuff: add size metadata to skb_shared_info for xdp + (jsc#PED-1495). +- RDMA/bnxt_re: Fix endianness warning for req.pkey + (jsc#PED-1494). +- RDMA/bnxt_re: Use bitmap_zalloc() when applicable + (jsc#PED-1494). +- RDMA/bnxt_re: Remove dynamic pkey table (jsc#PED-1494). +- RDMA/bnxt_re: Remove unneeded variable (jsc#PED-1494). +- bnxt_en: improve firmware timeout messaging (jsc#PED-1495). +- bnxt_en: improve VF error messages when PF is unavailable + (jsc#PED-1495). +- bnxt_en: Use page frag RX buffers for better software GRO + performance (jsc#PED-1495). +- bnxt_en: convert to xdp_do_flush (jsc#PED-1495). +- bnxt_en: Support CQE coalescing mode in ethtool (jsc#PED-1495). +- bnxt_en: Support configurable CQE coalescing mode + (jsc#PED-1495). +- bnxt_en: enable interrupt sampling on 5750X for DIM + (jsc#PED-1495). +- bnxt_en: Log error report for dropped doorbell (jsc#PED-1495). +- bnxt_en: Add event handler for PAUSE Storm event (jsc#PED-1495). +- devlink: Add new "event_eq_size" generic device param + (jsc#PED-1495). +- devlink: Add new "io_eq_size" generic device param + (jsc#PED-1495). +- flow_offload: reject to offload tc actions in offload drivers + (jsc#PED-1495). +- devlink: Remove misleading internal_flags from health reporter + dump (jsc#PED-1495). +- devlink: fix flexible_array.cocci warning (jsc#PED-1495). +- ethtool: don't drop the rtnl_lock half way thru the ioctl + (jsc#PED-1495). +- devlink: expose get/put functions (jsc#PED-1495). +- ethtool: handle info/flash data copying outside rtnl_lock + (jsc#PED-1495). +- ethtool: push the rtnl_lock into dev_ethtool() (jsc#PED-1495). +- devlink: make all symbols GPL-only (jsc#PED-1495). +- devlink: Simplify internal devlink params implementation + (jsc#PED-1495). +- devlink: Clean not-executed param notifications (jsc#PED-1495). +- ethtool: ioctl: Use array_size() helper in copy_{from,to}_user() + (jsc#PED-1495). +- ethtool: prevent endless loop if eeprom size is smaller than + announced (jsc#PED-1495). +- ethtool: runtime-resume netdev parent before ethtool ioctl ops + (jsc#PED-1495). +- commit 5128686 + +- s390: fix double free of GS and RI CBs on fork() failure + (bsc#1203197 LTC#199895). +- commit a3c49e0 + +- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock + on resume (git-fixes). +- commit 196b9a7 + +- net: stmmac: dwmac-qcom-ethqos: add platform level clocks + management (git-fixes). +- commit 9419c89 + +- net: axienet: fix RX ring refill allocation failure handling + (git-fixes). +- commit 4644276 + +- bnx2x: fix built-in kernel driver load failure (git-fixes). +- commit 4c90c2b + +- net: stmmac: only enable DMA interrupts when ready (git-fixes). +- commit 8b7732b + +- net: stmmac: perserve TX and RX coalesce value during XDP setup + (git-fixes). +- commit 7ef4525 + +- net: stmmac: enhance XDP ZC driver level switching performance + (git-fixes). +- commit 0b61dc1 + +- bnx2x: fix driver load from initrd (git-fixes). +- commit 922bb4e + +- Update metadata references +- commit b8d9524 + +- regulator: core: Clean up on enable failure (git-fixes). +- wifi: iwlegacy: 4965: corrected fix for potential off-by-one + overflow in il4965_rs_fill_link_cmd() (git-fixes). +- vt: Clear selection before changing the font (git-fixes). +- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). +- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage + switch failure (git-fixes). +- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). +- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk + (git-fixes). +- USB: serial: cp210x: add Decagon UCA device id (git-fixes). +- USB: serial: option: add support for Cinterion MV32-WA/WB + RmNet mode (git-fixes). +- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id + (git-fixes). +- USB: serial: option: add Quectel EM060K modem (git-fixes). +- USB: serial: option: add support for OPPO R11 diag port + (git-fixes). +- media: mceusb: Use new usb_control_msg_*() routines (git-fixes). +- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) + (git-fixes). +- usb: xhci-mtk: relax TT periodic bandwidth allocation + (git-fixes). +- usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). +- usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake + IOM device (git-fixes). +- usb-storage: Add ignore-residue quirk for NXP PN7462AU + (git-fixes). +- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). +- clk: bcm: rpi: Use correct order for the parameters of + devm_kcalloc() (git-fixes). +- commit 8d6d69c + +- bnx2x: Fix comment typo (jsc#PED-535). +- cnic: Use the bitmap API to allocate bitmaps (jsc#PED-1516). +- bnx2x: Fix spelling mistake "regiser" -> "register" + (jsc#PED-535). +- bnx2x: Fix undefined behavior due to shift overflowing the + constant (jsc#PED-535). +- bnx2x: truncate value to original sizing (jsc#PED-535). +- bnx2x: use correct format characters (jsc#PED-535). +- bnx2x: Replace one-element array with flexible-array member + (jsc#PED-535). +- bnx2x: fix built-in kernel driver load failure (jsc#PED-535). +- bnx2: Fix an error message (jsc#PED-1187). +- bnx2x: fix driver load from initrd (jsc#PED-535). +- bnx2x: Remove useless DMA-32 fallback configuration + (jsc#PED-535). +- bna: Simplify DMA setting (jsc#PED-1521). +- net: bna: Update supported link modes (jsc#PED-1521). +- bnx2x: constify static inline stub for dev_addr (jsc#PED-535). +- bnx2x: Use struct_group() for memcpy() region (jsc#PED-535). +- net: move gro definitions to include/net/gro.h (jsc#PED-535). +- bnx2: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1187). +- bnx2: Replace open-coded version with swab32s() (jsc#PED-1187). +- commit 9e44625 + +- tty: remove CMSPAR ifdefs (jsc#PED-531). +- commit 8886a3f + +- net: dsa: microchip: fix bridging with more than two member + ports (git-fixes). +- commit f2a5e08 + +- net: dsa: lantiq_gswip: fix use after free in gswip_remove() + (git-fixes). +- commit 577992b + +- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler + (git-fixes). +- commit f16c949 + +- net: mscc: ocelot: fix all IP traffic getting trapped to CPU + with PTP over IP (git-fixes). +- commit 391f1b3 + +- net: axienet: reset core on initialization prior to MDIO access + (git-fixes). +- Refresh + patches.suse/net-axienet-setup-mdio-unconditionally.patch. +- commit afb1beb + +- usb: Prepare cleanup of powerpc's asm/prom.h (jsc#PED-531). +- commit b5dac6b + +- net: mscc: ocelot: fix missing unlock on error in + ocelot_hwstamp_set() (git-fixes). +- commit c38c182 + +- blacklist.conf: update blacklist +- commit 9d146c4 + +- Update + patches.suse/watchqueue-make-sure-to-serialize-wqueue-defunct-pro.patch + (git-fixes, CVE-2022-1882, bsc#1199904). +- add references to CVE-2022-1882, bsc#1199904 +- commit b499e0d + +- PCI: VMD: ACPI: Make ACPI companion lookup work for VMD bus + (jsc#PED-633). +- Refresh + patches.suse/PCI-ACPI-Check-parent-pointer-in-acpi_pci_find_compa.patch. +- Refresh + patches.suse/PCI-vmd-Assign-VMD-IRQ-domain-before-enumeration.patch. +- x86: link vdso and boot with -z noexecstack + - -no-warn-rwx-segments (bsc#1203200). +- Makefile: link with -z noexecstack --no-warn-rwx-segments + (bsc#1203200). +- commit ee065ad + +- Update config files (change CONFIG_SUSE_PATCHLEVEL to 5). +- commit f931313 + +- intel_idle: Add a new flag to initialize the AMX state + (jsc#PED-681). +- x86/fpu: Add a helper to prepare AMX state for low-power CPU + idle (jsc#PED-681). +- platform/x86: intel/pmc: Add Alder Lake N support to PMC core + driver (jsc#PED-692). +- platform/x86/intel: pmc: Support Intel Raptorlake P + (jsc#PED-667). +- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers + (jsc#PED-743). +- PCI: vmd: Add DID 8086:A77F for all Intel Raptor Lake SKU's + (jsc#PED-633). +- PCI: vmd: Honor ACPI _OSC on PCIe features (jsc#PED-633). +- PCI: vmd: Clean up domain before enumeration (jsc#PED-633). +- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define + (jsc#PED-690). +- x86/cpu: Add Raptor Lake to Intel family (jsc#PED-690). +- commit 2f2c9c2 + +- compat: make linux/compat.h available everywhere (jsc#PED-1492). +- commit 82594a3 + +- dev_ioctl: pass SIOCDEVPRIVATE data separately (jsc#PED-1492). +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. +- commit 220a22b + +- net: socket: rework compat_ifreq_ioctl() (jsc#PED-1492). +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. +- commit 9e52d0a + +- net: socket: simplify dev_ifconf handling (jsc#PED-1492). +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. +- commit 7ce1665 + +- tg3: Disable tg3 device on system reboot to avoid triggering + AER (jsc#PED-1492). +- tg3: Remove redundant assignments (jsc#PED-1492). +- ethernet: Remove redundant statement (jsc#PED-1492). +- ethernet: tg3: remove direct netdev->dev_addr writes + (jsc#PED-1492). +- net: tg3: fix redundant check of true expression (jsc#PED-1492). +- net: tg3: fix obsolete check of !err (jsc#PED-1492). +- tg3: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1492). +- tg3: Validate VPD checksum with pci_vpd_check_csum() + (jsc#PED-1492). +- tg3: Read VPD with pci_vpd_alloc() (jsc#PED-1492). +- dev_ioctl: split out ndo_eth_ioctl (jsc#PED-1492). +- cxgb3: use ndo_siocdevprivate (jsc#PED-1492). +- qeth: use ndo_siocdevprivate (jsc#PED-1492). +- hamachi: use ndo_siocdevprivate (jsc#PED-1492). +- bonding: use siocdevprivate (jsc#PED-1492). +- net: split out SIOCDEVPRIVATE handling from dev_ioctl + (jsc#PED-1492). +- net: socket: remove register_gifconf (jsc#PED-1492). +- net: socket: rework SIOC?IFMAP ioctls (jsc#PED-1492). +- commit 9963a02 + +- sched/core: Use try_cmpxchg in set_nr_{and_not,if}_polling + (bnc#1202494 (Scheduler functional and performance backports)). +- sched/fair: Decay task PELT values during wakeup migration + (bnc#1202494 (Scheduler functional and performance backports)). +- sched/fair: Provide u64 read for 32-bits arch helper + (bnc#1202494 (Scheduler functional and performance backports)). +- sched/fair: Introduce SIS_UTIL to search idle CPU based on + sum of util_avg (jsc#PED-1213). +- sched/numa: Fix boot crash on arm64 systems (jsc#PED-827). +- sched/numa: Avoid migrating task to CPU-less node (jsc#PED-827). +- sched/numa: Fix NUMA topology for systems with CPU-less nodes + (jsc#PED-827). +- commit 2f3bfae + +- USB: HCD: Fix URB giveback issue in tasklet function + (git-fixes). +- commit 12ef886 + +- ethtool: extend ringparam setting/getting API with rx_buf_len + (jsc#PED-1497). +- Refresh + patches.suse/Revert-ibmvnic-Add-ethtool-private-flag-for-driver-d.patch. +- commit ee8f1a8 + +- ethernet/emulex:fix repeated words in comments (jsc#PED-1497). +- eth: benet: remove a copy of the NAPI_POLL_WEIGHT define + (jsc#PED-1497). +- be2net: Use irq_update_affinity_hint() (jsc#PED-1497). +- genirq: Provide new interfaces for affinity hints + (jsc#PED-1497). +- be2net: Remove useless DMA-32 fallback configuration + (jsc#PED-1497). +- ethtool: add support to set/get rx buf len via ethtool + (jsc#PED-1497). +- ethernet: constify references to netdev->dev_addr in drivers + (jsc#PED-1497). +- commit bb6401d + +- Update Yousaf's e-mail +- commit bde91a1 + +- rpm/config.sh: 15.4 -> 15.5 +- commit 11c86df + +- README.BRANCH: Update it with new co-maintainer and fix typo + Replace SLE15-SP4 for SLE15-SP5 and add Yousaf Kaukab as a + co-maintainer. +- commit 2f7c5b6 + +- Delete patches.kabi/* workarounds +- commit 6b96c7b + +- Delete patches.suse/revert-btrfs-props-change-how-empty-value-is-interpr.patch. + Align btrfs property compression to upstream behaviour (JSC#PED-1711) +- commit 2670de5 + +- README.BRANCH: Switch SLE15-SP5 maintainer to Oscar Salvador +- commit ad4c348 + +- Drop SLE15-SP4 kABI workaround patches + patches.kabi/kABI-fix-removal-of-iscsi_destroy_conn.patch is still kept as + the build breaks otherwise +- commit 492e2dd + +- Drop SLE15-SP4 kernel symbols +- commit 0837ac5 + +- supported.conf Add TDA4VM-SK modules (jsc#PED-1379) +- commit 890c2be + +- config/arm64: Add support for TDA4VM-SK machine (jsc#PED-1379) +- commit e6bb890 + kernel-kvmsmall +- arm64: Discard .note.GNU-stack section (bsc#1203693). +- commit a5e7cb4 + +- media: i2c: ov2640: Depend on V4L2_ASYNC (git-fixes). +- commit 91b3b5b + +- Update + patches.suse/usb-typec-intel_pmc_mux-Add-new-ACPI-ID-for-Meteor-L.patch + (jsc#PED-1211). + Adding Jira +- commit 5026c96 + +- Update + patches.suse/usb-dwc3-pci-Add-support-for-Intel-Raptor-Lake.patch + (jsc#PED-1715). + Only adding Jira +- commit af0fb94 + +- xhci: Don't defer primary roothub registration if there is + only one roothub (jsc#PED-531). +- commit bb0af18 + +- xhci: prevent U2 link power state if Intel tier policy prevented + U1 (jsc#PED-531). +- commit 4580e55 + +- xhci: use generic command timer for stop endpoint commands + (jsc#PED-531). +- commit 0f31a26 + +- usb: host: xhci-plat: omit shared hcd if either root hub has + no ports (jsc#PED-531). +- commit 2387fca + +- usb: host: xhci-plat: prepare operation w/o shared hcd + (jsc#PED-531). +- commit 47afbac + +- usb: host: xhci-plat: create shared hcd after having added + main hcd (jsc#PED-531). +- commit f9fd004 + +- xhci: prepare for operation w/o shared hcd (jsc#PED-531). +- commit 09ce63b + +- xhci: factor out parts of xhci_gen_setup() (jsc#PED-531). +- commit 783aae7 + +- usb: xhci-mtk: add support optional controller reset + (jsc#PED-531). +- commit b567962 + +- usb/core: fix repeated words in comments (git-fixes). +- commit 5f46c47 + +- usb: core: sysfs: convert sysfs snprintf to sysfs_emit + (git-fixes). +- commit 40a09c7 + +- usb: Avoid extra usb SET_SEL requests when enabling link power + management (jsc#PED-531). +- commit 3988270 + +- usb: hub: port: add sysfs entry to switch port power + (jsc#PED-531). +- commit 9c3549e + +- powerpc/papr_scm: Ensure rc is always initialized in + papr_scm_pmu_register() (jsc#PED-1925). +- tools/testing/nvdimm: Fix security_init() symbol collision + (jsc#PED-1925). +- commit a333f5d + +- powerpc/papr_scm: don't requests stats with '0' sized stats + buffer (jsc#PED-1925). +- commit 3918fb0 + +- powerpc/papr_scm: Fix nvdimm event mappings (jsc#PED-557). +- powerpc/papr_scm: Fix leaking nvdimm_events_map elements + (jsc#PED-557). +- drivers/nvdimm: Fix build failure when CONFIG_PERF_EVENTS is + not set (jsc#PED-1925). +- commit 8ecc2ba + +- x86: clk: clk-fch: Add support for newer family of AMD's SOC + (jsc#PED-1408). +- commit c6a96ee + +- ACPI: tools: Introduce utility for firmware updates/telemetry + (jsc#PED-1408). +- efi: Introduce EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER and + corresponding structures (jsc#PED-1408). +- commit a7f95e0 + +- powerpc/papr_scm: Fix buffer overflow issue with + CONFIG_FORTIFY_SOURCE (jsc#PED-1925). +- powerpc/papr_scm: Fix build failure when (jsc#PED-1925). +- powerpc/papr_scm: Add perf interface support (jsc#PED-1925). +- drivers/nvdimm: Add perf interface to expose nvdimm performance + stats (jsc#PED-1925). +- drivers/nvdimm: Add nvdimm pmu structure (jsc#PED-1925). +- commit 61ab009 + +- Revert "ACPI: processor: idle: Only flush cache on entering C3" + (jsc#PED-1408). +- Revert "ACPI: scan: Do not add device IDs from _CID if _HID + is not valid" (jsc#PED-1408). +- ACPI: tables: Quiet ACPI table not found warning (jsc#PED-1408). +- ACPI: require CRC32 to build (jsc#PED-1408). +- ACPI: DPTF: Support Raptor Lake (jsc#PED-1408). +- ACPI: CPPC: Drop redundant local variable from cpc_read() + (jsc#PED-1408). +- ACPI: CPPC: Fix up I/O port access in cpc_read() (jsc#PED-1408). +- ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl() + (jsc#PED-1408). +- ACPI: pfr_update: Fix return value check in pfru_write() + (jsc#PED-1408). +- ACPI: Introduce Platform Firmware Runtime Telemetry driver + (jsc#PED-1408). +- Update supported.conf + - add drivers/acpi/pfr_telemetry.ko + ACPI Platform Firmware Runtime Telemetry driver +- ACPI: Introduce Platform Firmware Runtime Update device driver + (jsc#PED-1408). +- Update config files. +- Update supported.conf + - add drivers/acpi/pfr_update.ko + ACPI Platform Firmware Runtime Update Device driver +- ACPI: SPCR: check if table->serial_port.access_width is too wide + (jsc#PED-1408). +- ACPI: scan: Rename label in acpi_scan_init() (jsc#PED-1408). +- ACPI: scan: Simplify initialization of power and sleep buttons + (jsc#PED-1408). +- ACPI: scan: Change acpi_scan_init() return value type to void + (jsc#PED-1408). +- x86/PCI: Remove initialization of static variables to false + (jsc#PED-1408). +- ACPI: APD: Add a fmw property clk-name (jsc#PED-1408). +- drivers: acpi: acpi_apd: Remove unused device property "is-rv" + (jsc#PED-1408). +- ACPI: Add a context argument for table parsing handlers + (jsc#PED-1408). +- ACPI: Teach ACPI table parsing about the CEDT header format + (jsc#PED-1408). +- ACPI: Keep sub-table parsing infrastructure available for + modules (jsc#PED-1408). +- ACPI: NFIT: Import GUID before use (jsc#PED-1408). +- PM: hibernate: Allow ACPI hardware signature to be honoured + (jsc#PED-1408). +- ACPI: CPPC: Add CPPC enable register function (jsc#PED-1408). +- ACPI: CPPC: Implement support for SystemIO registers + (jsc#PED-1408). +- ACPI: CPPC: Amend documentation in the comments (jsc#PED-1408). +- ACPI: sysfs: use default_groups in kobj_type (jsc#PED-1408). +- ACPI: NUMA: Process hotpluggable memblocks when + !CONFIG_MEMORY_HOTPLUG (jsc#PED-1408). +- ACPI: tables: Add AEST to the list of known table signatures + (jsc#PED-1408). +- ACPI: DPTF: Update device ID in a comment (jsc#PED-1408). +- ACPI: PMIC: xpower: Fix _TMP ACPI errors (jsc#PED-1408). +- ACPI: PMIC: allow drivers to provide a custom lpat_raw_to_temp() + function (jsc#PED-1408). +- ACPI: PMIC: constify all struct intel_pmic_opregion_data + declarations (jsc#PED-1408). +- ACPI / x86: Skip AC and battery devices on x86 Android tablets + with broken DSDTs (jsc#PED-1408). +- ACPI / x86: Introduce an acpi_quirk_skip_acpi_ac_and_battery() + helper (jsc#PED-1408). + Refresh + patches.suse/ACPI-battery-Add-the-ThinkPad-Not-Charging-quirk.patch. +- ACPI / x86: Add PWM2 on the Xiaomi Mi Pad 2 to the + always_present list (jsc#PED-1408). +- ACPI: processor: thermal: avoid cpufreq_get_policy() + (jsc#PED-1408). +- ACPI: processor: idle: Only flush cache on entering C3 + (jsc#PED-1408). +- ACPI: processor idle: Use swap() instead of open coding it + (jsc#PED-1408). +- ACPI: processor: Replace kernel.h with the necessary inclusions + (jsc#PED-1408). +- ACPI: EC: Mark the ec_sys write_support param as + module_param_hw() (jsc#PED-1408). +- ACPI: EC: Relocate acpi_ec_create_query() and drop + acpi_ec_delete_query() (jsc#PED-1408). +- ACPI: EC: Make the event work state machine visible + (jsc#PED-1408). +- ACPI: EC: Avoid queuing unnecessary work in + acpi_ec_submit_event() (jsc#PED-1408). +- ACPI: EC: Rename three functions (jsc#PED-1408). +- ACPI: EC: Simplify locking in acpi_ec_event_handler() + (jsc#PED-1408). +- ACPI: EC: Rearrange the loop in acpi_ec_event_handler() + (jsc#PED-1408). +- ACPI: EC: Fold acpi_ec_check_event() into + acpi_ec_event_handler() (jsc#PED-1408). +- ACPI: EC: Pass one argument to acpi_ec_query() (jsc#PED-1408). +- ACPI: EC: Call advance_transaction() from acpi_ec_dispatch_gpe() + (jsc#PED-1408). +- ACPI: EC: Rework flushing of EC work while suspended to idle + (jsc#PED-1408). +- ACPI: PM: Emit debug messages when enabling/disabling wakeup + power (jsc#PED-1408). +- ACPI: PM: Remove redundant cache flushing (jsc#PED-1408). +- ACPI: PM: Avoid CPU cache flush when entering S4 (jsc#PED-1408). +- ACPI / x86: Add + acpi_quirk_skip_[i2c_client|serdev]_enumeration() helpers + (jsc#PED-1408). +- ACPI: Use acpi_fetch_acpi_dev() instead of acpi_bus_get_device() + (jsc#PED-1408). + Refresh + patches.suse/ACPI-properties-Consistently-return-ENOENT-if-there-.patch. +- ACPI: scan: Do not add device IDs from _CID if _HID is not valid + (jsc#PED-1408). +- ACPICA: Update version to 20211217 (jsc#PED-1408). +- ACPICA: iASL/NHLT table: "Specific Data" field support + (jsc#PED-1408). +- ACPICA: iASL: Add suppport for AGDI table (jsc#PED-1408). +- ACPICA: iASL: Add TDEL table to both compiler/disassembler + (jsc#PED-1408). +- ACPICA: Fixed a couple of warnings under MSVC (jsc#PED-1408). +- ACPICA: Change a return_ACPI_STATUS (AE_BAD_PARAMETER) + (jsc#PED-1408). +- ACPICA: Add support for PCC Opregion special context data + (jsc#PED-1408). +- ACPICA: Fix AEST Processor generic resource substructure data + field byte length (jsc#PED-1408). +- ACPICA: iASL/Disassembler: Additional support for NHLT table + (jsc#PED-1408). +- ACPICA: Avoid subobject buffer overflow when validating RSDP + signature (jsc#PED-1408). +- ACPICA: Macros: Remove ACPI_PHYSADDR_TO_PTR (jsc#PED-1408). +- ACPICA: Use original pointer for virtual origin tables + (jsc#PED-1408). +- ACPICA: Use original data_table_region pointer for accesses + (jsc#PED-1408). +- ACPI: delay enumeration of devices with a _DEP pointing to an + INT3472 device (jsc#PED-1408). +- commit a883e60 + +- ice: support crosstimestamping on E822 devices if supported + (jsc#PED-376). +- Update config files. +- commit 52d22d8 + +- net: phy: add Maxlinear GPY115/21x/24x driver (jsc#PED-829). +- Update config files. +- supported.conf: mark mxl-gpy supported +- commit 038e0dc + +- ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id + (jsc#PED-376). +- blacklist.conf: removed broken blacklist +- commit 4dd2967 + +- RDMA/irdma: Remove enum irdma_status_code (jsc#PED-377). +- Refresh + patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch. +- commit 0e1b54d + +- ice: introduce ice_virtchnl.c and ice_virtchnl.h (jsc#PED-376). +- Refresh + patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. +- Refresh + patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch. +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- Refresh + patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. +- commit b1a640b + +- ice: rename ice_virtchnl_pf.c to ice_sriov.c (jsc#PED-376). +- Refresh + patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch. +- Refresh + patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch. +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- Refresh + patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch. +- Refresh + patches.suse/ice-fix-use-after-free-when-deinitializing-mailbox-s.patch. +- commit a6dcbb6 + +- ice: convert VF storage to hash table with krefs and RCU + (jsc#PED-376). +- Refresh + patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch. +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- commit bb85cb8 + +- ice: introduce VF accessor functions (jsc#PED-376). +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- commit 567361b + +- ice: factor VF variables to separate structure (jsc#PED-376). +- Refresh + patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch. +- commit 3f8b512 + +- ice: add TTY for GNSS module for E810T device (jsc#PED-376). +- Refresh + patches.suse/ice-Fix-race-during-aux-device-un-plugging.patch. +- commit 8bbff5a + +- ice: Simplify tracking status of RDMA support (jsc#PED-376). +- Refresh + patches.suse/ice-Allow-operation-with-reduced-device-MSI-X.patch. +- commit 679eb4d + +- ice: implement basic E822 PTP support (jsc#PED-376). +- Refresh + patches.suse/ice-fix-possible-under-reporting-of-ethtool-Tx-and-R.patch. +- commit ef8d58e + +- ice: Propagate error codes (jsc#PED-376). +- Refresh + patches.suse/ice-Fix-curr_link_speed-advertised-speed.patch. +- commit 80453bf + +- ice: Remove string printing for ice_status (jsc#PED-376). +- Refresh + patches.suse/ice-enable-parsing-IPSEC-SPI-headers-for-RSS.patch. +- commit e71a23c + +- ice: xsk: use Rx ring's XDP ring when picking NAPI context + (jsc#PED-376). +- commit d811ddb + +- ice: xsk: prohibit usage of non-balanced queue id (jsc#PED-376). +- ice: Fix VF not able to send tagged traffic with no VLAN filters + (jsc#PED-376). +- ice: Ignore error message when setting same promiscuous mode + (jsc#PED-376). +- ice: Fix clearing of promisc mode with bridge over bond + (jsc#PED-376). +- ice: Ignore EEXIST when setting promisc mode (jsc#PED-376). +- ice: Fix double VLAN error when entering promisc mode + (jsc#PED-376). +- ice: Fix call trace with null VSI during VF reset (jsc#PED-376). +- ice: Fix VSI rebuild WARN_ON check for VF (jsc#PED-376). +- net/ice: fix initializing the bitmap in the switch code + (jsc#PED-376). +- RDMA/irdma: Use the bitmap API to allocate bitmaps + (jsc#PED-377). +- RDMA/irdma: Fix setting of QP context err_rq_idx_valid field + (jsc#PED-377). +- RDMA/irdma: Fix VLAN connection with wildcard address + (jsc#PED-377). +- RDMA/irdma: Fix a window for use-after-free (jsc#PED-377). +- RDMA/irdma: Make resource distribution algorithm more QP + oriented (jsc#PED-377). +- RDMA/irdma: Make CQP invalid state error non-critical + (jsc#PED-377). +- RDMA/irdma: Add AE source to error log (jsc#PED-377). +- RDMA/irdma: Add 2 level PBLE support for FMR (jsc#PED-377). +- net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in + ice_vsi_sync_fltr() (jsc#PED-376). +- ice: implement adjfine with mul_u64_u64_div_u64 (jsc#PED-376). +- ice: allow toggling loopback mode via ndo_set_features callback + (jsc#PED-376). +- ice: compress branches in ice_set_features() (jsc#PED-376). +- ice: Fix promiscuous mode not turning off (jsc#PED-376). +- ice: Introduce enabling promiscuous mode on multiple VF's + (jsc#PED-376). +- ice: Add support for PPPoE hardware offload (jsc#PED-376). +- flow_offload: Introduce flow_match_pppoe (jsc#PED-376). +- flow_dissector: Add PPPoE dissectors (jsc#PED-376). +- ice: add write functionality for GNSS TTY (jsc#PED-376). +- ice: add i2c write command (jsc#PED-376). +- ice: Remove pci_aer_clear_nonfatal_status() call (jsc#PED-376). +- ice: Add EXTTS feature to the feature bitmap (jsc#PED-376). +- net: extract port range fields from fl_flow_key (jsc#PED-376). +- ice: Remove unnecessary NULL check before dev_put (jsc#PED-376). +- ice: use eth_broadcast_addr() to set broadcast address + (jsc#PED-376). +- ice: switch: dynamically add VLAN headers to dummy packets + (jsc#PED-376). +- ice: Add support for VLAN TPID filters in switchdev + (jsc#PED-376). +- ice: Add support for double VLAN in switchdev (jsc#PED-376). +- intel/ice:fix repeated words in comments (jsc#PED-376). +- ice: Use correct order for the parameters of devm_kcalloc() + (jsc#PED-376). +- ice: remove u16 arithmetic in ice_gnss (jsc#PED-376). +- ice: remove VLAN representor specific ops (jsc#PED-376). +- ice: don't set VF VLAN caps in switchdev (jsc#PED-376). +- ice: do not setup vlan for loopback VSI (jsc#PED-376). +- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | + RS) (jsc#PED-376). +- ice: Fix VSIs unable to share unicast MAC (jsc#PED-376). +- ice: Fix tunnel checksum offload with fragmented traffic + (jsc#PED-376). +- ice: Fix max VLANs available for VF (jsc#PED-376). +- RDMA/irdma: Fix sleep from invalid context BUG (jsc#PED-377). +- RDMA/irdma: Do not advertise 1GB page size for x722 + (jsc#PED-377). +- ice: change devlink code to read NVM in blocks (jsc#PED-376). +- ice: handle E822 generic device ID in PLDM header (jsc#PED-376). +- ice: ethtool: Prohibit improper channel config for DCB + (jsc#PED-376). +- ice: ethtool: advertise 1000M speeds properly (jsc#PED-376). +- ice: Fix switchdev rules book keeping (jsc#PED-376). +- ice: ignore protocol field in GTP offload (jsc#PED-376). +- ice: Fix memory corruption in VF driver (jsc#PED-376). +- ice: Fix queue config fail handling (jsc#PED-376). +- ice: Sync VLAN filtering features for DVM (jsc#PED-376). +- ice: Fix PTP TX timestamp offset calculation (jsc#PED-376). +- ice: fix access-beyond-end in the switch code (jsc#PED-376). +- RDMA/irdma: Add SW mechanism to generate completions on error + (jsc#PED-377). +- RDMA/irdma: Remove the redundant variable (jsc#PED-377). +- eth: ice: silence the GCC 12 array-bounds warning (jsc#PED-376). +- ice: Expose RSS indirection tables for queue groups via ethtool + (jsc#PED-376). +- Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode" + (jsc#PED-376). +- ice: link representors to PCI device (jsc#PED-376). +- ice: remove period on argument description in ice_for_each_vf + (jsc#PED-376). +- ice: add a function comment for ice_cfg_mac_antispoof + (jsc#PED-376). +- ice: fix wording in comment for ice_reset_vf (jsc#PED-376). +- ice: remove return value comment for ice_reset_all_vfs + (jsc#PED-376). +- ice: always check VF VSI pointer values (jsc#PED-376). +- ice: add newline to dev_dbg in ice_vf_fdir_dump_info + (jsc#PED-376). +- ice: get switch id on switchdev devices (jsc#PED-376). +- ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS + (jsc#PED-376). +- ice: introduce common helper for retrieving VSI by vsi_num + (jsc#PED-376). +- ice: use min_t() to make code cleaner in ice_gnss (jsc#PED-376). +- ice, xsk: Avoid refilling single Rx descriptors (jsc#PED-376). +- ice, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-376). +- ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full + (jsc#PED-376). +- ice, xsk: Decorate ICE_XDP_REDIR with likely() (jsc#PED-376). +- flow_dissector: Add number of vlan tags dissector (jsc#PED-376). +- ice: Add mpls+tso support (jsc#PED-376). +- ice: switch: convert packet template match code to rodata + (jsc#PED-376). +- ice: switch: use convenience macros to declare dummy pkt + templates (jsc#PED-376). +- ice: switch: use a struct to pass packet template params + (jsc#PED-376). +- ice: switch: unobscurify bitops loop in + ice_fill_adv_dummy_packet() (jsc#PED-376). +- ice: switch: add and use u16 aliases to ice_adv_lkup_elem::{h, + m}_u (jsc#PED-376). +- ice: Fix interrupt moderation settings getting cleared + (jsc#PED-376). +- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() + (jsc#PED-377). +- ice: wait 5 s for EMP reset after firmware flash (jsc#PED-376). +- ice: Fix memory leak in ice_get_orom_civd_data() (jsc#PED-376). +- ice: xsk: check if Rx ring was filled up to the end + (jsc#PED-376). +- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap + (jsc#PED-376). +- flow_dissector: fix false-positive __read_overflow2_field() + warning (jsc#PED-376). +- ice: Set txq_teid to ICE_INVAL_TEID on ring creation + (jsc#PED-376). +- ice: Fix broken IFF_ALLMULTI handling (jsc#PED-376). +- ice: Fix MAC address setting (jsc#PED-376). +- ice: xsk: Stop Rx processing when ntc catches ntu (jsc#PED-376). +- ice: xsk: Eliminate unnecessary loop iteration (jsc#PED-376). +- RDMA/irdma: Add support for address handle re-use (jsc#PED-377). +- RDMA/irdma: Make irdma_create_mg_ctx return a void + (jsc#PED-377). +- RDMA/irdma: Move union irdma_sockaddr to header file + (jsc#PED-377). +- RDMA/irdma: Remove the unnecessary variable saddr (jsc#PED-377). +- RDMA/irdma: Use net_type to check network type (jsc#PED-377). +- RDMA/irdma: Remove excess error variables (jsc#PED-377). +- RDMA/irdma: Propagate error codes (jsc#PED-377). +- RDMA/irdma: Add support for DSCP (jsc#PED-377). +- RDMA/irdma: Refactor DCB bits in prep for DSCP support + (jsc#PED-377). +- ice: add trace events for tx timestamps (jsc#PED-376). +- ice: fix return value check in ice_gnss.c (jsc#PED-376). +- ice: Fix inconsistent indenting in ice_switch (jsc#PED-376). +- gtp: Fix inconsistent indenting (jsc#PED-376). +- ice: remove PF pointer from ice_check_vf_init (jsc#PED-376). +- ice: cleanup long lines in ice_sriov.c (jsc#PED-376). +- ice: introduce ICE_VF_RESET_LOCK flag (jsc#PED-376). +- ice: introduce ICE_VF_RESET_NOTIFY flag (jsc#PED-376). +- ice: convert ice_reset_vf to take flags (jsc#PED-376). +- ice: convert ice_reset_vf to standard error codes (jsc#PED-376). +- ice: make ice_reset_all_vfs void (jsc#PED-376). +- ice: drop is_vflr parameter from ice_reset_all_vfs + (jsc#PED-376). +- ice: move reset functionality into ice_vf_lib.c (jsc#PED-376). +- ice: fix a long line warning in ice_reset_vf (jsc#PED-376). +- ice: introduce VF operations structure for reset flows + (jsc#PED-376). +- ice: introduce ice_vf_lib.c, ice_vf_lib.h, and + ice_vf_lib_private.h (jsc#PED-376). +- ice: use ice_is_vf_trusted helper function (jsc#PED-376). +- ice: log an error message when eswitch fails to configure + (jsc#PED-376). +- ice: cleanup error logging for ice_ena_vfs (jsc#PED-376). +- ice: move ice_set_vf_port_vlan near other .ndo ops + (jsc#PED-376). +- ice: refactor spoofchk control code in ice_sriov.c + (jsc#PED-376). +- ice: rename ICE_MAX_VF_COUNT to avoid confusion (jsc#PED-376). +- ice: remove unused definitions from ice_sriov.h (jsc#PED-376). +- ice: convert vf->vc_ops to a const pointer (jsc#PED-376). +- ice: remove circular header dependencies on ice.h (jsc#PED-376). +- ice: rename ice_sriov.c to ice_vf_mbx.c (jsc#PED-376). +- ice: Support GTP-U and GTP-C offload in switchdev (jsc#PED-376). +- ice: Fix FV offset searching (jsc#PED-376). +- gtp: Add support for checking GTP device type (jsc#PED-376). +- net/sched: Allow flower to match on GTP options (jsc#PED-376). +- gtp: Implement GTP echo request (jsc#PED-376). +- gtp: Implement GTP echo response (jsc#PED-376). +- gtp: Allow to create GTP device without FDs (jsc#PED-376). +- flow_dissector: Add support for HSRv0 (jsc#PED-376). +- ice: Add support for outer dest MAC for ADQ tunnels + (jsc#PED-376). +- ice: avoid XDP checks in ice_clean_tx_irq() (jsc#PED-376). +- ice: change "can't set link" message to dbg level (jsc#PED-376). +- ice: Add slow path offload stats on port representor in + switchdev (jsc#PED-376). +- ice: Add support for inner etype in switchdev (jsc#PED-376). +- ice: xsk: fix GCC version checking against pragma unroll + presence (jsc#PED-376). +- ice: convert ice_for_each_vf to include VF entry iterator + (jsc#PED-376). +- ice: use ice_for_each_vf for iteration during removal + (jsc#PED-376). +- ice: remove checks in ice_vc_send_msg_to_vf (jsc#PED-376). +- ice: move VFLR acknowledge during ice_free_vfs (jsc#PED-376). +- ice: move clear_malvf call in ice_free_vfs (jsc#PED-376). +- ice: pass num_vfs to ice_set_per_vf_res() (jsc#PED-376). +- ice: store VF pointer instead of VF ID (jsc#PED-376). +- ice: refactor unwind cleanup in eswitch mode (jsc#PED-376). +- flow_dissector: Add support for HSR (jsc#PED-376). +- ice: Add ability for PF admin to enable VF VLAN pruning + (jsc#PED-376). +- ice: Add support for 802.1ad port VLANs VF (jsc#PED-376). +- ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev + (jsc#PED-376). +- ice: Support configuring the device to Double VLAN Mode + (jsc#PED-376). +- ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-376). +- ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads + (jsc#PED-376). +- ice: Add outer_vlan_ops and VSI specific VLAN ops + implementations (jsc#PED-376). +- ice: Adjust naming for inner VLAN operations (jsc#PED-376). +- ice: Use the proto argument for VLAN ops (jsc#PED-376). +- ice: Refactor vf->port_vlan_info to use ice_vlan (jsc#PED-376). +- ice: Introduce ice_vlan struct (jsc#PED-376). +- ice: Add new VSI VLAN ops (jsc#PED-376). +- ice: Add helper function for adding VLAN 0 (jsc#PED-376). +- ice: Refactor spoofcheck configuration functions (jsc#PED-376). +- ice: xsk: Borrow xdp_tx_active logic from i40e (jsc#PED-376). +- ice: xsk: Improve AF_XDP ZC Tx and use batching API + (jsc#PED-376). +- ice: xsk: Avoid potential dead AF_XDP Tx processing + (jsc#PED-376). +- ice: Make Tx threshold dependent on ring length (jsc#PED-376). +- ice: xsk: Handle SW XDP ring wrap and bump tail more often + (jsc#PED-376). +- ice: xsk: Force rings to be sized to power of 2 (jsc#PED-376). +- ice: Remove likely for napi_complete_done (jsc#PED-376). +- ice: add support for DSCP QoS for IDC (jsc#PED-376). +- ice: respect metadata in legacy-rx/ice_construct_skb() + (jsc#PED-376). +- ice: Remove useless DMA-32 fallback configuration (jsc#PED-376). +- ice: destroy flow director filter mutex after releasing VSIs + (jsc#PED-376). +- ice: Match on all profiles in slow-path (jsc#PED-376). +- RDMA/irdma: Remove the redundant return (jsc#PED-377). +- RDMA/irdma: Make the source udp port vary (jsc#PED-377). +- RDMA/core: Calculate UDP source port based on flow label or + lqpn/rqpn (jsc#PED-377). +- RDMA/irdma: Fix the type used to declare a bitmap (jsc#PED-377). +- RDMA/irdma: Use helper function to set GUIDs (jsc#PED-377). +- RDMA/irdma: Use irq_update_affinity_hint() (jsc#PED-377). +- ice: Use bitmap_free() to free bitmap (jsc#PED-376). +- ice: Optimize a few bitmap operations (jsc#PED-376). +- ice: Slightly simply ice_find_free_recp_res_idx (jsc#PED-376). +- ice: improve switchdev's slow-path (jsc#PED-376). +- ice: replay advanced rules after reset (jsc#PED-376). +- ice: Add flow director support for channel mode (jsc#PED-376). +- skbuff: introduce skb_pull_data (jsc#PED-376). +- ice: switch to napi_build_skb() (jsc#PED-376). +- ice: trivial: fix odd indenting (jsc#PED-376). +- ice: exit bypass mode once hardware finishes timestamp + calibration (jsc#PED-376). +- ice: ensure the hardware Clock Generation Unit is configured + (jsc#PED-376). +- ice: convert clk_freq capability into time_ref (jsc#PED-376). +- ice: introduce ice_ptp_init_phc function (jsc#PED-376). +- ice: use 'int err' instead of 'int status' in ice_ptp_hw.c + (jsc#PED-376). +- ice: PTP: move setting of tstamp_config (jsc#PED-376). +- ice: introduce ice_base_incval function (jsc#PED-376). +- ice: Fix E810 PTP reset flow (jsc#PED-376). +- ice: use modern kernel API for kick (jsc#PED-376). +- ice: tighter control over VSI_DOWN state (jsc#PED-376). +- ice: use prefetch methods (jsc#PED-376). +- ice: update to newer kernel API (jsc#PED-376). +- ice: support immediate firmware activation via devlink reload + (jsc#PED-376). +- ice: reduce time to read Option ROM CIVD data (jsc#PED-376). +- ice: move ice_devlink_flash_update and merge with + ice_flash_pldm_image (jsc#PED-376). +- ice: move and rename ice_check_for_pending_update (jsc#PED-376). +- ice: devlink: add shadow-ram region to snapshot Shadow RAM + (jsc#PED-376). +- ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (jsc#PED-376). +- ice: Remove unnecessary casts (jsc#PED-376). +- ice: Remove excess error variables (jsc#PED-376). +- ice: Cleanup after ice_status removal (jsc#PED-376). +- ice: Remove enum ice_status (jsc#PED-376). +- ice: Use int for ice_status (jsc#PED-376). +- ice: Refactor status flow for DDP load (jsc#PED-376). +- ice: Refactor promiscuous functions (jsc#PED-376). +- ice: refactor PTYPE validating (jsc#PED-376). +- ice: Add package PTYPE enable information (jsc#PED-376). +- gtp: use skb_dst_update_pmtu_no_confirm() instead of direct call + (jsc#PED-376). +- dissector: do not set invalid PPP protocol (jsc#PED-376). +- net: phy: enhance GPY115 loopback disable function + (jsc#PED-829). +- net: phy: add API to read 802.3-c45 IDs (jsc#PED-829). +- commit 172341e + +- usb: core: devices: remove dead code under #ifdef PROC_EXTRA + (jsc#PED-531). +- commit ffed5f4 + +- arm64: numa: Don't check node against MAX_NUMNODES + (jsc#PED-1408). +- arm64: Simplify checking for populated DT (jsc#PED-1408). +- commit 87c5b07 + +- Revert "usb: host: xhci: mvebu: make USB 3.0 PHY optional for + Armada 3720" (jsc#PED-531). +- commit a68eb3d + +- xhci: omit mem read just after allocation of trb (jsc#PED-531). +- commit 9657cdf + +- usb: xhci: fix minmax.cocci warnings (jsc#PED-531). +- commit 31c9b81 + +- usb: host: xhci: drop redundant checks (jsc#PED-531). +- commit 8545650 + +- xhci: Allocate separate command structures for each LPM command + (git-fixes). +- commit 3b8bc54 + +- xhci: dbgtty: use IDR to support several dbc instances + (jsc#PED-531). +- commit 7b43f4d + +- xhci: dbc: Don't call dbc_tty_init() on every dbc tty probe + (jsc#PED-531). +- commit c0f4051 + +- net: mscc: ocelot: add MAC table stream learn and lookup + operations (jsc#PED-1549). +- Refresh + patches.suse/net-mscc-ocelot-use-index-to-set-vcap-policer.patch. +- commit 210cb02 + +- usb: host: xhci-mtk: Simplify supplies handling with + regulator_bulk (jsc#PED-531). +- commit bc712ac + +- net: mscc: ocelot: serialize access to the MAC table + (jsc#PED-1549). +- commit fb07363 + +- ACPI: Make acpi_node_get_parent() local (jsc#PED-1408). +- ACPI: video: use platform backlight driver on Xiaomi Mi Pad 2 + (jsc#PED-1408). +- ACPI: video: Drop dmi_system_id.ident settings from + video_detect_dmi_table (jsc#PED-1408). +- ACPI: EC: Remove initialization of static variables to false + (jsc#PED-1408). +- ACPI: EC: Use ec_no_wakeup on HP ZHAN 66 Pro (jsc#PED-1408). +- ACPI: Drop ACPI_USE_BUILTIN_STDARG ifdef from acgcc.h + (jsc#PED-1408). +- ACPI: Add a convenience function to tell a device is in D0 state + (jsc#PED-1408). +- ACPI: scan: Obtain device's desired enumeration power state + (jsc#PED-1408). +- ACPI: PRM: Handle memory allocation and memory remap failure + (jsc#PED-1408). +- ACPI: PRM: Remove unnecessary blank lines (jsc#PED-1408). +- ACPI: APEI: mark apei_hest_parse() static (jsc#PED-1408). +- ACPI: APEI: EINJ: Relax platform response timeout to 1 second + (jsc#PED-1408). +- ACPI: PM: sleep: Do not set suspend_ops unnecessarily + (jsc#PED-1408). +- ACPI: PM: Turn off wakeup power resources on _DSW/_PSW errors + (jsc#PED-1408). +- ACPI: PM: Check states of power resources during initialization + (jsc#PED-1408). +- ACPI: LPSS: Use ACPI_COMPANION() directly (jsc#PED-1408). +- ACPI: PNP: remove duplicated BRI0A49 and BDP3336 entries + (jsc#PED-1408). +- ACPI: glue: Use acpi_device_adr() in acpi_find_child_device() + (jsc#PED-1408). +- ACPI: glue: Look for ACPI bus type only if ACPI companion is + not known (jsc#PED-1408). +- ACPI: glue: Drop cleanup callback from struct acpi_bus_type + (jsc#PED-1408). +- ACPI: replace snprintf() in "show" functions with sysfs_emit() + (jsc#PED-1408). +- ACPI: Kconfig: Fix a typo in Kconfig (jsc#PED-1408). +- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (jsc#PED-1408). +- x86/ACPI: Don't add CPUs that are not online capable + (jsc#PED-1408). +- ACPICA: Add support for MADT online enabled bit (jsc#PED-1408). +- ACPICA: Update version to 20210930 (jsc#PED-1408). +- ACPICA: iASL table disassembler: Added disassembly support + for the NHLT ACPI table (jsc#PED-1408). +- ACPICA: ACPI 6.4 SRAT: add Generic Port Affinity type + (jsc#PED-1408). +- ACPICA: Add support for Windows 2020 _OSI string (jsc#PED-1408). +- hwmon: (acpi_power_meter) Use acpi_bus_get_acpi_device() + (jsc#PED-1408). +- commit f5b4569 + +- net/mlx5: Reduce kconfig complexity while building crypto + support (jsc#PED-1549). +- Update config files. +- commit 855cd57 + +- net/mlx5_fpga: Drop INNOVA IPsec support (jsc#PED-1549). +- Update config files. +- commit 578a0d4 + +- net/mlx5_fpga: Drop INNOVA TLS support (jsc#PED-1549). +- Update config files. +- commit 795dab1 + +- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state + (jsc#PED-1549). +- Refresh + patches.suse/net-mlx5e-Fix-trust-state-reset-in-reload.patch. +- commit 471621b + +- ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly + (jsc#PED-373). +- Refresh + patches.suse/ixgbe-don-t-reserve-excessive-XDP_PACKET_HEADROOM-on.patch. +- Refresh + patches.suse/ixgbe-respect-metadata-on-XSK-Rx-to-skb.patch. +- commit 7177fc1 + +- net/mlx5: Disable SRIOV before PF removal (jsc#PED-1549). +- Refresh + patches.suse/net-mlx5-Drain-fw_reset-when-removing-device.patch. +- commit f8869cb + +- i40e: Add ensurance of MacVlan resources for every trusted VF + (jsc#PED-372). +- Refresh + patches.suse/i40e-stop-disabling-VFs-due-to-PF-error-responses.patch. +- commit 820414c + +- flow_offload: validate flags of filter and actions + (jsc#PED-1549). +- Refresh + patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch. +- commit 45cd6c8 + +- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload + enable/disable (jsc#PED-835). +- Refresh + patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch. +- commit 9e30247 + +- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath + (jsc#PED-835). +- Refresh + patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch. +- commit 8b35988 + +- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation + (jsc#PED-835). +- Refresh + patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch. +- commit c795d27 + +- iavf: Add trace while removing device (jsc#PED-835). +- Refresh + patches.suse/iavf-Rework-mutexes-for-better-synchronisation.patch. +- commit 5cee973 + +- net/sched: Extend qdisc control block with tc control block + (jsc#PED-1549). +- Refresh + patches.suse/net-Don-t-include-filter.h-from-net-sock.h.patch. +- commit f04ca77 + +- mlxsw: spectrum: Use PLLP to get front panel number and split + number (jsc#PED-1549). +- Refresh + patches.suse/mlxsw-spectrum-Use-PMTDB-register-to-obtain-split-in.patch. +- commit 4d99513 + +- mlxsw: reg: Add Port Local port to Label Port mapping Register + (jsc#PED-1549). +- Refresh + patches.suse/mlxsw-reg-Add-Port-Module-To-local-DataBase-Register.patch. +- commit a1f7333 + +- vduse: Introduce VDUSE - vDPA Device in Userspace + (jsc#PED-1549). +- Update config files. +- commit 0310e1b + +- vdpa/mlx5: Add support for control VQ and MAC setting + (jsc#PED-1549). +- Refresh + patches.suse/RDMA-mlx5-Replace-struct-mlx5_core_mkey-by-u32-key.patch. +- commit df0ceb2 + +- i40e: Fix incorrect address type for IPv6 flow rules + (jsc#PED-372). +- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter + (jsc#PED-373). +- net/mlx5: Unlock on error in mlx5_sriov_enable() (jsc#PED-1549). +- net/mlx5e: Fix use after free in mlx5e_fs_init() (jsc#PED-1549). +- net/mlx5e: kTLS, Use _safe() iterator in + mlx5e_tls_priv_tx_list_cleanup() (jsc#PED-1549). +- net/mlx5: unlock on error path in + esw_vfs_changed_event_handler() (jsc#PED-1549). +- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off + (jsc#PED-1549). +- net/mlx5e: TC, Add missing policer validation (jsc#PED-1549). +- net/mlx5e: Fix wrong application of the LRO state + (jsc#PED-1549). +- net/mlx5: Avoid false positive lockdep warning by adding + lock_class_key (jsc#PED-1549). +- net/mlx5: Fix cmd error logging for manage pages cmd + (jsc#PED-1549). +- net/mlx5: Disable irq when locking lag_lock (jsc#PED-1549). +- net/mlx5: Eswitch, Fix forwarding decision to uplink + (jsc#PED-1549). +- net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY + (jsc#PED-1549). +- net/mlx5e: Properly disable vlan strip on non-UL reps + (jsc#PED-1549). +- RDMA/mlx5: Use the proper number of ports (jsc#PED-1552). +- igb: Add lock to avoid data race (jsc#PED-370). +- net/mlx5e: Allocate flow steering storage during uplink + initialization (jsc#PED-1549). +- i40e: Fix to stop tx_timeout recovery if GLOBR fails + (jsc#PED-372). +- i40e: Fix tunnel checksum offload with fragmented traffic + (jsc#PED-372). +- iavf: Fix deadlock in initialization (jsc#PED-835). +- iavf: Fix reset error handling (jsc#PED-835). +- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings + (jsc#PED-835). +- iavf: Fix adminq error handling (jsc#PED-835). +- vdpa/mlx5: Fix possible uninitialized return value + (jsc#PED-1549). +- vhost-vdpa: uAPI to suspend the device (jsc#PED-1549). +- vhost-vdpa: introduce SUSPEND backend feature bit + (jsc#PED-1549). +- vdpa: Add suspend operation (jsc#PED-1549). +- vhost-vdpa: Call ida_simple_remove() when failed (jsc#PED-1549). +- vDPA/ifcvf: support userspace to query features and MQ of a + management device (jsc#PED-1549). +- vdpa/mlx5: Support different address spaces for control and data + (jsc#PED-1549). +- vdpa/mlx5: Implement susupend virtqueue callback (jsc#PED-1549). +- vdpa: ifcvf: Fix spelling mistake in comments (jsc#PED-1549). +- vdpa/mlx5: Use eth_broadcast_addr() to assign broadcast address + (jsc#PED-1549). +- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#PED-1549). +- bnxt_en: Remove duplicated include bnxt_devlink.c + (jsc#PED-1495). +- RDMA/mlx5: Add missing check for return value in get namespace + flow (jsc#PED-1552). +- RDMA/mlx5: Rename the mkey cache variables and functions + (jsc#PED-1552). +- RDMA/mlx5: Store in the cache mkeys instead of mrs + (jsc#PED-1552). +- RDMA/mlx5: Store the number of in_use cache mkeys instead of + total_mrs (jsc#PED-1552). +- RDMA/mlx5: Replace cache list with Xarray (jsc#PED-1552). +- RDMA/mlx5: Replace ent->lock with xa_lock (jsc#PED-1552). +- RDMA/mlx5: Expose steering anchor to userspace (jsc#PED-1552). +- RDMA/mlx5: Refactor get flow table function (jsc#PED-1552). +- net/mlx5: fs, allow flow table creation with a UID + (jsc#PED-1549). +- net/mlx5: fs, expose flow table ID to users (jsc#PED-1549). +- net/mlx5: Expose the ability to point to any UID from shared + UID (jsc#PED-1549). +- RDMA/mlx5: Add a umr recovery flow (jsc#PED-1552). +- net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ + (jsc#PED-1549). +- iavf: Fix 'tc qdisc show' listing too many queues (jsc#PED-835). +- iavf: Fix max_rate limiting (jsc#PED-835). +- net/mlx5: Fix driver use of uninitialized timeout + (jsc#PED-1549). +- net/mlx5: DR, Fix SMFS steering info dump format (jsc#PED-1549). +- net/mlx5: Adjust log_max_qp to be 18 at most (jsc#PED-1549). +- net/mlx5e: Modify slow path rules to go to slow fdb + (jsc#PED-1549). +- net/mlx5e: Fix calculations related to max MPWQE size + (jsc#PED-1549). +- net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ + size (jsc#PED-1549). +- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS + (jsc#PED-1549). +- net/mlx5e: TC, Fix post_act to not match on in_port metadata + (jsc#PED-1549). +- net/mlx5e: Remove WARN_ON when trying to offload an unsupported + TLS cipher/version (jsc#PED-1549). +- igb: convert .adjfreq to .adjfine (jsc#PED-370). +- ixgbe: convert .adjfreq to .adjfine (jsc#PED-373). +- i40e: convert .adjfreq to .adjfine (jsc#PED-372). +- i40e: use mul_u64_u64_div_u64 for PTP frequency calculation + (jsc#PED-372). +- net: devlink: convert reload command to take implicit + devlink->lock (jsc#PED-1549). +- net/mlx5e: Move mlx5e_init_l2_addr to en_main (jsc#PED-1549). +- net/mlx5e: Split en_fs ndo's and move to en_main (jsc#PED-1549). +- net/mlx5e: Separate mlx5e_set_rx_mode_work and move caller to + en_main (jsc#PED-1549). +- net/mlx5e: Add mdev to flow_steering struct (jsc#PED-1549). +- net/mlx5e: Report flow steering errors with mdev err report API + (jsc#PED-1549). +- net/mlx5e: Convert mlx5e_flow_steering member of mlx5e_priv + to pointer (jsc#PED-1549). +- net/mlx5e: Allocate VLAN and TC for featured profiles only + (jsc#PED-1549). +- net/mlx5e: Make mlx5e_tc_table private (jsc#PED-1549). +- net/mlx5e: Convert mlx5e_tc_table member of mlx5e_flow_steering + to pointer (jsc#PED-1549). +- net/mlx5e: TC, Support tc action api for police (jsc#PED-1549). +- net/mlx5e: TC, Separate get/update/replace meter functions + (jsc#PED-1549). +- net/mlx5e: Add red and green counters for metering + (jsc#PED-1549). +- net/mlx5e: TC, Allocate post meter ft per rule (jsc#PED-1549). +- net/mlx5: DR, Add support for flow metering ASO (jsc#PED-1549). +- devlink: Hold the instance lock in health callbacks + (jsc#PED-1549). +- net/mlx5: Lock mlx5 devlink health recovery callback + (jsc#PED-1549). +- net/mlx4: Lock mlx4 devlink reload callback (jsc#PED-1548). +- net/mlx4: Use devl_ API for devlink region create / destroy + (jsc#PED-1548). +- net/mlx5: Lock mlx5 devlink reload callbacks (jsc#PED-1549). +- net/mlx5: Move fw reset unload to mlx5_fw_reset_complete_reload + (jsc#PED-1549). +- net: devlink: remove region snapshots list dependency on + devlink->lock (jsc#PED-1549). +- net: devlink: remove region snapshot ID tracking dependency + on devlink->lock (jsc#PED-1549). +- bnxt_en: implement callbacks for devlink selftests + (jsc#PED-1495). +- devlink: introduce framework for selftests (jsc#PED-1549). +- net/mlx5e: kTLS, Dynamically re-size TX recycling pool + (jsc#PED-1549). +- net/mlx5e: kTLS, Recycle objects of device-offloaded TLS TX + connections (jsc#PED-1549). +- net/mlx5e: kTLS, Take stats out of OOO handler (jsc#PED-1549). +- net/mlx5e: kTLS, Introduce TLS-specific create TIS + (jsc#PED-1549). +- net: devlink: remove redundant net_eq() check from + sb_pool_get_dumpit() (jsc#PED-1549). +- net: devlink: introduce nested devlink entity for line card + (jsc#PED-1549). +- net: devlink: move net check into + devlinks_xa_for_each_registered_get() (jsc#PED-1549). +- net: devlink: make sure that devlink_try_get() works with + valid pointer during xarray iteration (jsc#PED-1549). +- iavf: Check for duplicate TC flower filter before parsing + (jsc#PED-835). +- i40e: Refactor tc mqprio checks (jsc#PED-372). +- mlxsw: core: Fix use-after-free calling devl_unlock() in + mlxsw_core_bus_device_unregister() (jsc#PED-1549). +- net/mlx5: CT: Remove warning of ignore_flow_level support for + non PF (jsc#PED-1549). +- net/mlx5e: Add resiliency for PTP TX port timestamp + (jsc#PED-1549). +- net/mlx5: Expose ts_cqe_metadata_size2wqe_counter + (jsc#PED-1549). +- net/mlx5e: HTB, move htb functions to a new file (jsc#PED-1549). +- net/mlx5e: HTB, change functions name to follow convention + (jsc#PED-1549). +- net/mlx5e: HTB, remove priv from htb function calls + (jsc#PED-1549). +- net/mlx5e: HTB, hide and dynamically allocate mlx5e_htb + structure (jsc#PED-1549). +- net/mlx5e: HTB, move stats and max_sqs to priv (jsc#PED-1549). +- net/mlx5e: HTB, move section comment to the right place + (jsc#PED-1549). +- net/mlx5e: HTB, move ids to selq_params struct (jsc#PED-1549). +- net/mlx5e: HTB, reduce visibility of htb functions + (jsc#PED-1549). +- net/mlx5e: Fix mqprio_rl handling on devlink reload + (jsc#PED-1549). +- net/mlx5e: Report header-data split state through ethtool + (jsc#PED-1549). +- igc: Remove forced_speed_duplex value (jsc#PED-375). +- igc: Remove MSI-X PBA Clear register (jsc#PED-375). +- igc: Lift TAPRIO schedule restriction (jsc#PED-375). +- net: devlink: remove unused locked functions (jsc#PED-1549). +- netdevsim: convert driver to use unlocked devlink API during + init/fini (jsc#PED-1549). +- net: devlink: add unlocked variants of + devlink_region_create/destroy() functions (jsc#PED-1549). +- mlxsw: convert driver to use unlocked devlink API during + init/fini (jsc#PED-1549). +- net: devlink: add unlocked variants of devlink_dpipe*() + functions (jsc#PED-1549). +- net: devlink: add unlocked variants of devlink_sb*() functions + (jsc#PED-1549). +- net: devlink: add unlocked variants of devlink_resource*() + functions (jsc#PED-1549). +- net: devlink: add unlocked variants of devling_trap*() functions + (jsc#PED-1549). +- net: devlink: avoid false DEADLOCK warning reported by lockdep + (jsc#PED-1549). +- net/mlx5e: Remove the duplicating check for striding RQ when + enabling LRO (jsc#PED-1549). +- net/mlx5e: Move the LRO-XSK check to mlx5e_fix_features + (jsc#PED-1549). +- net/mlx5e: Extend flower police validation (jsc#PED-1549). +- net/mlx5e: configure meter in flow action (jsc#PED-1549). +- net/mlx5e: Removed useless code in function (jsc#PED-1549). +- net/mlx5: Bridge, implement QinQ support (jsc#PED-1549). +- net/mlx5: Bridge, implement infrastructure for VLAN protocol + change (jsc#PED-1549). +- net/mlx5: Bridge, extract VLAN push/pop actions creation + (jsc#PED-1549). +- net/mlx5: Bridge, rename filter fg to vlan_filter + (jsc#PED-1549). +- net/mlx5: Bridge, refactor groups sizes and indices + (jsc#PED-1549). +- net/mlx5: debugfs, Add num of in-use FW command interface slots + (jsc#PED-1549). +- net/mlx5: Expose vnic diagnostic counters for eswitch managed + vports (jsc#PED-1549). +- net/mlx5: Use software VHCA id when it's supported + (jsc#PED-1549). +- net/mlx5: Introduce ifc bits for using software vhca id + (jsc#PED-1549). +- net/mlx5: Use the bitmap API to allocate bitmaps (jsc#PED-1549). +- net: devlink: fix return statement in devlink_port_new_notify() + (jsc#PED-1549). +- net: devlink: fix a typo in function name + devlink_port_new_notifiy() (jsc#PED-1549). +- net: devlink: make devlink_dpipe_headers_register() return void + (jsc#PED-1549). +- net: devlink: use helpers to work with devlink->lock mutex + (jsc#PED-1549). +- net: devlink: fix unlocked vs locked functions descriptions + (jsc#PED-1549). +- igb: add xdp frags support to ndo_xdp_xmit (jsc#PED-370). +- devlink: Hold the instance lock in port_new / port_del callbacks + (jsc#PED-1549). +- net/mlx5: Remove devl_unlock from mlx5_devlink_eswitch_mode_set + (jsc#PED-1549). +- net/mlx5: Use devl_ API in mlx5e_devlink_port_register + (jsc#PED-1549). +- devlink: Remove unused functions + devlink_rate_leaf_create/destroy (jsc#PED-1549). +- net/mlx5: Use devl_ API in mlx5_esw_devlink_sf_port_register + (jsc#PED-1549). +- net/mlx5: Use devl_ API in + mlx5_esw_offloads_devlink_port_register (jsc#PED-1549). +- devlink: Remove unused function devlink_rate_nodes_destroy + (jsc#PED-1549). +- net/mlx5: Use devl_ API for rate nodes destroy (jsc#PED-1549). +- net/mlx5: Remove devl_unlock from + mlx5_eswtich_mode_callback_enter (jsc#PED-1549). +- net/mlx5: fix 32bit build (jsc#PED-1549). +- net/mlx5e: TC, Support offloading police action (jsc#PED-1549). +- net/mlx5e: Add flow_action to parse state (jsc#PED-1549). +- net/mlx5e: Add post meter table for flow metering + (jsc#PED-1549). +- net/mlx5e: Add generic macros to use metadata register mapping + (jsc#PED-1549). +- net/mlx5e: Get or put meter by the index of tc police action + (jsc#PED-1549). +- net/mlx5e: Add support to modify hardware flow meter parameters + (jsc#PED-1549). +- net/mlx5e: Prepare for flow meter offload if hardware supports + it (jsc#PED-1549). +- net/mlx5: Implement interfaces to control ASO SQ and CQ + (jsc#PED-1549). +- net/mlx5: Add support to create SQ and CQ for ASO + (jsc#PED-1549). +- net/mlx5: E-switch: Change eswitch mode only via devlink command + (jsc#PED-1549). +- net/mlx5: E-switch, Remove dependency between sriov and eswitch + mode (jsc#PED-1549). +- net/mlx5: E-switch, Introduce flag to indicate if fdb table + is created (jsc#PED-1549). +- net/mlx5: E-switch, Introduce flag to indicate if vport acl + namespace is created (jsc#PED-1549). +- net/mlx5: delete dead code in mlx5_esw_unlock() (jsc#PED-1549). +- net/mlx5: Delete ipsec_fs header file as not used + (jsc#PED-1549). +- intel/ixgbevf:fix repeated words in comments (jsc#PED-373). +- intel/igc:fix repeated words in comments (jsc#PED-375). +- intel/igbvf:fix repeated words in comments (jsc#PED-370). +- intel/igb:fix repeated words in comments (jsc#PED-370). +- intel/iavf:fix repeated words in comments (jsc#PED-835). +- intel/i40e:fix repeated words in comments (jsc#PED-372). +- ixgbe: drop unexpected word 'for' in comments (jsc#PED-373). +- igb: remove unexpected word "the" (jsc#PED-370). +- ixgbe: remove unexpected word "the" (jsc#PED-373). +- i40e: read the XDP program once per NAPI (jsc#PED-372). +- intel/i40e: delete if NULL check before dev_kfree_skb + (jsc#PED-372). +- i40e: Remove unnecessary synchronize_irq() before free_irq() + (jsc#PED-372). +- i40e: Add support for ethtool -s speed + (jsc#PED-372). +- mlxsw: Add a resource describing number of RIFs (jsc#PED-1549). +- mlxsw: Keep track of number of allocated RIFs (jsc#PED-1549). +- i40e: add xdp frags support to ndo_xdp_xmit (jsc#PED-372). +- net/mlx5: Add bits and fields to support enhanced CQE + compression (jsc#PED-1549). +- net/mlx5: Remove not used MLX5_CAP_BITS_RW_MASK (jsc#PED-1549). +- net/mlx5: group fdb cleanup to single function (jsc#PED-1549). +- net/mlx5: Add support EXECUTE_ASO action for flow entry + (jsc#PED-1549). +- net/mlx5: Add HW definitions of vport debug counters + (jsc#PED-1549). +- net/mlx5: Add IFC bits and enums for flow meter (jsc#PED-1549). +- RDMA/mlx5: Support handling of modify-header pattern ICM area + (jsc#PED-1552). +- net/mlx5: Manage ICM of type modify-header pattern + (jsc#PED-1549). +- net/mlx5: Introduce header-modify-pattern ICM properties + (jsc#PED-1549). +- drivers/net/ethernet/intel: fix typos in comments (jsc#PED-373). +- ixgbe: Fix typos in comments (jsc#PED-373). +- igb: Remove duplicate defines (jsc#PED-370). +- drivers, ixgbe: export vf statistics (jsc#PED-373). +- devlink: adopt u64_stats_t (jsc#PED-1549). +- iavf: Add waiting for response from PF in set mac (jsc#PED-835). +- i40e: Add VF VLAN pruning (jsc#PED-372). +- i40e: Fix interface init with MSI interrupts (no MSI-X) + (jsc#PED-372). +- iavf: Fix missing state logs (jsc#PED-835). +- iavf: Fix handling of dummy receive descriptors (jsc#PED-835). +- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq + (jsc#PED-835). +- iavf: Fix VLAN_V2 addition/rejection (jsc#PED-835). +- ixgbe: Add locking to prevent panic when setting sriov_numvfs + to zero (jsc#PED-373). +- i40e: Fix erroneous adapter reinitialization during recovery + process (jsc#PED-372). +- igc: Reinstate IGC_REMOVED logic and implement it properly + (jsc#PED-375). +- net/mlx5e: Ring the TX doorbell on DMA errors (jsc#PED-1549). +- net/mlx5e: Fix capability check for updating vnic env counters + (jsc#PED-1549). +- net/mlx5e: CT: Use own workqueue instead of mlx5e priv + (jsc#PED-1549). +- net/mlx5: Lag, correct get the port select mode str + (jsc#PED-1549). +- net/mlx5e: Fix enabling sriov while tc nic rules are offloaded + (jsc#PED-1549). +- net/mlx5e: kTLS, Fix build time constant test in RX + (jsc#PED-1549). +- net/mlx5e: kTLS, Fix build time constant test in TX + (jsc#PED-1549). +- net/mlx5: Lag, decouple FDB selection and shared FDB + (jsc#PED-1549). +- net/mlx5: TC, allow offload from uplink to other PF's VF + (jsc#PED-1549). +- i40e: Fix VF's MAC Address change on VM (jsc#PED-372). +- i40e: Fix dropped jumbo frames statistics (jsc#PED-372). +- vhost-vdpa: call vhost_vdpa_cleanup during the release + (jsc#PED-1549). +- vdpa/mlx5: Initialize CVQ vringh only once (jsc#PED-1549). +- vdpa/mlx5: Update Control VQ callback information + (jsc#PED-1549). +- igb: Make DMA faster when CPU is active on the PCIe link + (jsc#PED-370). +- igb: fix a use-after-free issue in igb_clean_tx_ring + (jsc#PED-370). +- iavf: Fix issue with MAC address of VF shown as zero + (jsc#PED-835). +- i40e: Fix call trace in setup_tx_descriptors (jsc#PED-372). +- i40e: Fix calculating the number of queue pairs (jsc#PED-372). +- i40e: Fix adding ADQ filter to TC0 (jsc#PED-372). +- vdpa: make get_vq_group and set_group_asid optional + (jsc#PED-1549). +- vdpa/mlx5: clean up indenting in handle_ctrl_vlan() + (jsc#PED-1549). +- vdpa/mlx5: fix error code for deleting vlan (jsc#PED-1549). +- vdpa/mlx5: Fix syntax errors in comments (jsc#PED-1549). +- net/mlx5: fs, fail conflicting actions (jsc#PED-1549). +- net/mlx5: Rearm the FW tracer after each tracer event + (jsc#PED-1549). +- net/mlx5: E-Switch, pair only capable devices (jsc#PED-1549). +- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules + (jsc#PED-1549). +- Revert "net/mlx5e: Allow relaxed ordering over VFs" + (jsc#PED-1549). +- ixgbe: fix unexpected VLAN Rx in promisc mode on VF + (jsc#PED-373). +- ixgbe: fix bcast packets Rx on VF after promisc removal + (jsc#PED-373). +- mellanox: mlx5: avoid uninitialized variable warning with gcc-12 + (jsc#PED-1549). +- vdpa: Use helper for safer setting of driver_override + (jsc#PED-1549). +- driver: platform: Add helper for safer setting of + driver_override (jsc#PED-1549). +- vdpa: ifcvf: set pci driver data in probe (jsc#PED-1549). +- vdpa/mlx5: Add RX MAC VLAN filter support (jsc#PED-1549). +- vdpa/mlx5: Remove flow counter from steering (jsc#PED-1549). +- vhost-vdpa: return -EFAULT on copy_to_user() failure + (jsc#PED-1549). +- vDPA/ifcvf: fix uninitialized config_vector warning + (jsc#PED-1549). +- vdpa/vp_vdpa : add vdpa tool support in vp_vdpa (jsc#PED-1549). +- vhost-vdpa: support ASID based IOTLB API (jsc#PED-1549). +- vhost-vdpa: introduce uAPI to set group ASID (jsc#PED-1549). +- vhost-vdpa: uAPI to get virtqueue group id (jsc#PED-1549). +- vhost-vdpa: introduce uAPI to get the number of address spaces + (jsc#PED-1549). +- vhost-vdpa: introduce uAPI to get the number of virtqueue groups + (jsc#PED-1549). +- vhost-vdpa: introduce asid based IOTLB (jsc#PED-1549). +- vhost: support ASID in IOTLB API (jsc#PED-1549). +- vhost_iotlb: split out IOTLB initialization (jsc#PED-1549). +- vdpa: introduce config operations for associating ASID to a + virtqueue group (jsc#PED-1549). +- vdpa: multiple address spaces support (jsc#PED-1549). +- vdpa: introduce virtqueue groups (jsc#PED-1549). +- vhost-vdpa: switch to use vhost-vdpa specific IOTLB + (jsc#PED-1549). +- vhost-vdpa: passing iotlb to IOMMU mapping helpers + (jsc#PED-1549). +- vhost: move the backend feature bits to vhost_types.h + (jsc#PED-1549). +- vdpa/mlx5: Use readers/writers semaphore instead of mutex + (jsc#PED-1549). +- vdpa/mlx5: Add support for reading descriptor statistics + (jsc#PED-1549). +- net/vdpa: Use readers/writers semaphore instead of cf_mutex + (jsc#PED-1549). +- vdpa: Add support for querying vendor statistics (jsc#PED-1549). +- net/mlx5: Fix mlx5_get_next_dev() peer device matching + (jsc#PED-1549). +- net/mlx5e: Update netdev features after changing XDP state + (jsc#PED-1549). +- net/mlx5: correct ECE offset in query qp output (jsc#PED-1549). +- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race + condition (jsc#PED-1549). +- net/mlx5: CT: Fix header-rewrite re-use for tupels + (jsc#PED-1549). +- net/mlx5e: TC NIC mode, fix tc chains miss table (jsc#PED-1549). +- net/mlx5: Don't use already freed action pointer (jsc#PED-1549). +- net/mlx5: Expose mlx5_sriov_blocking_notifier_register / + unregister APIs (jsc#PED-1549). +- RDMA/mlx5: Remove duplicate pointer assignment in + mlx5_ib_alloc_implicit_mr() (jsc#PED-1552). +- RDMA/mlx5: Clean UMR QP type flow from mlx5_ib_post_send() + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update xlt + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update MR pas + (jsc#PED-1552). +- RDMA/mlx5: Move creation and free of translation tables to umr.c + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to rereg pd access + (jsc#PED-1552). +- RDMA/mlx5: Use mlx5_umr_post_send_wait() to revoke MRs + (jsc#PED-1552). +- RDMA/mlx5: Introduce mlx5_umr_post_send_wait() (jsc#PED-1552). +- RDMA/mlx5: Expose wqe posting helpers outside of wr.c + (jsc#PED-1552). +- RDMA/mlx5: Simplify get_umr_update_access_mask() (jsc#PED-1552). +- RDMA/mlx5: Move mkey ctrl segment logic to umr.c (jsc#PED-1552). +- RDMA/mlx5: Move umr checks to umr.h (jsc#PED-1552). +- RDMA/mlx5: Move init and cleanup of UMR to umr.c (jsc#PED-1552). +- RDMA/mlx5: Fix flow steering egress flow (jsc#PED-1552). +- net/mlx5: fix typo in comment (jsc#PED-1549). +- net/mlx5: fix multiple definitions of mlx5_lag_mpesw_init / + mlx5_lag_mpesw_cleanup (jsc#PED-1549). +- net/mlx5: Support multiport eswitch mode (jsc#PED-1549). +- net/mlx5: Remove unused argument (jsc#PED-1549). +- net/mlx5: Lag, refactor lag state machine (jsc#PED-1549). +- net/mlx5e: Add XDP SQs to uplink representors steering tables + (jsc#PED-1549). +- net/mlx5e: Correct the calculation of max channels for rep + (jsc#PED-1549). +- net/mlx5e: CT: Add ct driver counters (jsc#PED-1549). +- net/mlx5e: Allow relaxed ordering over VFs (jsc#PED-1549). +- net/mlx5e: Support partial GSO for tunnels over vlans + (jsc#PED-1549). +- net/mlx5e: IPoIB, Improve ethtool rxnfc callback structure in + IPoIB (jsc#PED-1549). +- net/mlx5e: Allocate virtually contiguous memory for reps + structures (jsc#PED-1549). +- net/mlx5e: Allocate virtually contiguous memory for VLANs list + (jsc#PED-1549). +- net/mlx5: Allocate virtually contiguous memory in pci_irq.c + (jsc#PED-1549). +- net/mlx5: Allocate virtually contiguous memory in vport.c + (jsc#PED-1549). +- net/mlx5: Inline db alloc API function (jsc#PED-1549). +- net/mlx5: Add last command failure syndrome to debugfs + (jsc#PED-1549). +- net/mlx5: sparse: error: context imbalance in + 'mlx5_vf_get_core_dev' (jsc#PED-1549). +- ixgbe: add xdp frags support to ndo_xdp_xmit (jsc#PED-373). +- net/mlx5e: Use XFRM state direction instead of flags + (jsc#PED-1549). +- ixgbe: propagate XFRM offload state direction instead of flags + (jsc#PED-373). +- xfrm: store and rely on direction to construct offload flags + (jsc#PED-373). +- xfrm: rename xfrm_state_offload struct to allow reuse + (jsc#PED-373). +- xfrm: delete not used number of external headers (jsc#PED-373). +- xfrm: free not used XFRM_ESP_NO_TRAILER flag (jsc#PED-373). +- igc: Change type of the 'igc_check_downshift' method + (jsc#PED-375). +- igc: Remove unused phy_type enum (jsc#PED-375). +- igc: Remove igc_set_spd_dplx method (jsc#PED-375). +- net/mlx5: Lag, add debugfs to query hardware lag state + (jsc#PED-1549). +- net/mlx5: Lag, use buckets in hash mode (jsc#PED-1549). +- net/mlx5: Lag, refactor dmesg print (jsc#PED-1549). +- net/mlx5: Support devices with more than 2 ports (jsc#PED-1549). +- net/mlx5: Lag, use actual number of lag ports (jsc#PED-1549). +- net/mlx5: Lag, use hash when in roce lag on 4 ports + (jsc#PED-1549). +- net/mlx5: Lag, support single FDB only on 2 ports + (jsc#PED-1549). +- net/mlx5: Lag, store number of ports inside lag object + (jsc#PED-1549). +- net/mlx5: Lag, filter non compatible devices (jsc#PED-1549). +- net/mlx5: Lag, use lag lock (jsc#PED-1549). +- net/mlx5: Lag, move E-Switch prerequisite check into lag code + (jsc#PED-1549). +- net/mlx5: devcom only supports 2 ports (jsc#PED-1549). +- net/mlx5: Lag, expose number of lag ports (jsc#PED-1552). +- net/mlx5: Increase FW pre-init timeout for health recovery + (jsc#PED-1549). +- net/mlx5: Add exit route when waiting for FW (jsc#PED-1549). +- igb: Convert kmap() to kmap_local_page() (jsc#PED-370). +- ixgbe: Fix module_param allow_unsupported_sfp type + (jsc#PED-373). +- net/mlx5: Allow future addition of IPsec object modifiers + (jsc#PED-1549). +- net/mlx5: Don't perform lookup after already known sec_path + (jsc#PED-1549). +- net/mlx5: Cleanup XFRM attributes struct (jsc#PED-1549). +- net/mlx5: Remove not-supported ICV length (jsc#PED-1549). +- net/mlx5: Simplify IPsec capabilities logic (jsc#PED-1549). +- net/mlx5: Don't advertise IPsec netdev support for non-IPsec + device (jsc#PED-1549). +- net/mlx5: Make sure that no dangling IPsec FS pointers exist + (jsc#PED-1549). +- net/mlx5: Clean IPsec FS add/delete rules (jsc#PED-1549). +- net/mlx5: Simplify HW context interfaces by using SA entry + (jsc#PED-1549). +- net/mlx5: Remove indirections from esp functions (jsc#PED-1549). +- net/mlx5: Merge various control path IPsec headers into one file + (jsc#PED-1549). +- net/mlx5: Remove useless validity check (jsc#PED-1549). +- net/mlx5: Store IPsec ESN update work in XFRM state + (jsc#PED-1549). +- net/mlx5: Reduce useless indirection in IPsec FS add/delete + flows (jsc#PED-1549). +- net/mlx5: Don't hide fallback to software IPsec in FS code + (jsc#PED-1549). +- net/mlx5: Check IPsec TX flow steering namespace in advance + (jsc#PED-1549). +- net/mlx5: Simplify IPsec flow steering init/cleanup functions + (jsc#PED-1549). +- net/mlx5: fs, an FTE should have no dests when deleted + (jsc#PED-1549). +- net/mlx5: fs, call the deletion function of the node + (jsc#PED-1549). +- net/mlx5: fs, delete the FTE when there are no rules attached + to it (jsc#PED-1549). +- net/mlx5: fs, do proper bookkeeping for forward destinations + (jsc#PED-1549). +- net/mlx5: fs, add unused destination type (jsc#PED-1549). +- net/mlx5: fs, jump to exit point and don't fall through + (jsc#PED-1549). +- net/mlx5: fs, refactor software deletion rule (jsc#PED-1549). +- net/mlx5: fs, split software and IFC flow destination + definitions (jsc#PED-1549). +- net/mlx5e: TC, set proper dest type (jsc#PED-1549). +- net/mlx5e: Remove unused mlx5e_dcbnl_build_rep_netdev function + (jsc#PED-1549). +- net/mlx5e: Drop error CQE handling from the XSK RX handler + (jsc#PED-1549). +- net/mlx5: Print initializing field in case of timeout + (jsc#PED-1549). +- net/mlx5: Delete redundant default assignment of runtime + devlink params (jsc#PED-1549). +- net/mlx5: Remove useless kfree (jsc#PED-1549). +- net/mlx5: use kvfree() for kvzalloc() in + mlx5_ct_fs_smfs_matcher_create (jsc#PED-1549). +- i40e, xsk: Get rid of redundant 'fallthrough' (jsc#PED-372). +- ixgbe, xsk: Get rid of redundant 'fallthrough' (jsc#PED-373). +- mlx5, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-1549). +- ixgbe, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-373). +- i40e, xsk: Diversify return values from xsk_wakeup call paths + (jsc#PED-372). +- ixgbe, xsk: Terminate Rx side of NAPI when XSK Rx queue gets + full (jsc#PED-373). +- i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full + (jsc#PED-372). +- ixgbe, xsk: Decorate IXGBE_XDP_REDIR with likely() + (jsc#PED-373). +- ipv6: Use ipv6_only_sock() helper in condition (jsc#PED-1549). +- mlxsw: spectrum: Introduce port mapping change event processing + (jsc#PED-1549). +- mlxsw: Narrow the critical section of devl_lock during ports + creation/removal (jsc#PED-1549). +- mlxsw: reg: Add Ports Mapping Event Configuration Register + (jsc#PED-1549). +- mlxsw: spectrum: Allocate port mapping array of structs instead + of pointers (jsc#PED-1549). +- devlink: add port to line card relationship set (jsc#PED-1549). +- devlink: implement line card active state (jsc#PED-1549). +- devlink: implement line card provisioning (jsc#PED-1549). +- devlink: add support to create line card and expose to user + (jsc#PED-1549). +- i40e: Add Ethernet Connection X722 for 10GbE SFP+ support + (jsc#PED-372). +- i40e: Add vsi.tx_restart to i40e ethtool stats (jsc#PED-372). +- i40e: Add tx_stopped stat (jsc#PED-372). +- i40e: Add support for MPLS + TSO (jsc#PED-372). +- net/mlx5: Remove not-implemented IPsec capabilities + (jsc#PED-1549). +- net/mlx5: Remove ipsec_ops function table (jsc#PED-1549). +- net/mlx5: Move IPsec file to relevant directory (jsc#PED-1549). +- net/mlx5: Remove not-needed IPsec config (jsc#PED-1549). +- net/mlx5: Align flow steering allocation namespace to common + style (jsc#PED-1549). +- net/mlx5: Unify device IPsec capabilities check (jsc#PED-1549). +- net/mlx5: Remove useless IPsec device checks (jsc#PED-1549). +- net/mlx5: Remove ipsec vs. ipsec offload file separation + (jsc#PED-1549). +- RDMA/mlx5: Drop crypto flow steering API (jsc#PED-1549). +- RDMA/mlx5: Delete never supported IPsec flow action + (jsc#PED-1552). +- net/mlx5: Remove FPGA ipsec specific statistics (jsc#PED-1549). +- net/mlx5: Remove XFRM no_trailer flag (jsc#PED-1549). +- net/mlx5: Remove not-used IDA field from IPsec struct + (jsc#PED-1549). +- net/mlx5: Delete metadata handling logic (jsc#PED-1549). +- IB/mlx5: Fix undefined behavior due to shift overflowing the + constant (jsc#PED-1549). +- net/mlx5: Cleanup kTLS function names and their exposure + (jsc#PED-1549). +- net/mlx5: Remove tls vs. ktls separation as it is the same + (jsc#PED-1549). +- net/mlx5: Remove indirection in TLS build (jsc#PED-1549). +- net/mlx5: Reliably return TLS device capabilities + (jsc#PED-1549). +- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples + (jsc#PED-1549). +- net/mlx5e: CT: Fix support for GRE tuples (jsc#PED-1549). +- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock + (jsc#PED-1549). +- net/mlx5: DR, Ignore modify TTL on RX if device doesn't support + it (jsc#PED-1549). +- net/mlx5: Initialize flow steering during driver probe + (jsc#PED-1549). +- net/mlx5: DR, Fix missing flow_source when creating + multi-destination FW table (jsc#PED-1549). +- vdpa/mlx5: Use consistent RQT size (jsc#PED-1549). +- net/mlx5e: Avoid checking offload capability in post_parse + action (jsc#PED-1549). +- net/mlx5e: TC, fix decap fallback to uplink when int port not + supported (jsc#PED-1549). +- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata + (jsc#PED-1549). +- net/mlx5e: Don't match double-vlan packets if cvlan is not set + (jsc#PED-1549). +- net/sched: flower: fix parsing of ethertype following VLAN + header (jsc#PED-1549). +- vdpa: mlx5: synchronize driver status with CVQ (jsc#PED-1549). +- vdpa: mlx5: prevent cvq work from hogging CPU (jsc#PED-1549). +- vdpa/mlx5: Avoid processing works if workqueue was destroyed + (jsc#PED-1549). +- vhost: handle error while adding split ranges to iotlb + (jsc#PED-1549). +- vdpa: support exposing the count of vqs to userspace + (jsc#PED-1549). +- vdpa: change the type of nvqs to u32 (jsc#PED-1549). +- vdpa: support exposing the config size to userspace + (jsc#PED-1549). +- vdpa/mlx5: re-create forwarding rules after mac modified + (jsc#PED-1549). +- net/mlx5: Add support for configuring max device MTU + (jsc#PED-1549). +- vDPA/ifcvf: implement shared IRQ feature (jsc#PED-1549). +- vDPA/ifcvf: implement device MSIX vector allocator + (jsc#PED-1549). +- vDPA/ifcvf: make use of virtio pci modern IO helpers in ifcvf + (jsc#PED-1549). +- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() + (jsc#PED-1552). +- RDMA/mlx5: Store ndescs instead of the translation table size + (jsc#PED-1552). +- RDMA/mlx5: Merge similar flows of allocating MR from the cache + (jsc#PED-1552). +- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent + (jsc#PED-1552). +- RDMA/mlx5: Delete useless module.h include (jsc#PED-1552). +- RDMA/mlx5: Delete get_num_static_uars function (jsc#PED-1552). +- net/mlx5e: Fix build warning, detected write beyond size of + field (jsc#PED-1549). +- net: veth: Account total xdp_frame len running ndo_xdp_xmit + (jsc#PED-373). +- devlink: hold the instance lock during eswitch_mode callbacks + (jsc#PED-1549). +- netdevsim: replace vfs_lock with devlink instance lock + (jsc#PED-1549). +- netdevsim: replace port_list_lock with devlink instance lock + (jsc#PED-1549). +- net/mlx5e: HTB, remove unused function declaration + (jsc#PED-1549). +- net/mlx5e: Statify function mlx5_cmd_trigger_completions + (jsc#PED-1549). +- net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (jsc#PED-1549). +- net/mlx5e: Permit XDP with non-linear legacy RQ (jsc#PED-1549). +- net/mlx5e: Support multi buffer XDP_TX (jsc#PED-1549). +- net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff + (jsc#PED-1549). +- net/mlx5e: Implement sending multi buffer XDP frames + (jsc#PED-1549). +- net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode + (jsc#PED-1549). +- net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX + (jsc#PED-1549). +- net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame + (jsc#PED-1549). +- net/mlx5e: Store DMA address inside struct page (jsc#PED-1549). +- net/mlx5e: Add XDP multi buffer support to the non-linear + legacy RQ (jsc#PED-1549). +- net/mlx5e: Use page-sized fragments with XDP multi buffer + (jsc#PED-1549). +- net/mlx5e: Use fragments of the same size in non-linear legacy + RQ with XDP (jsc#PED-1549). +- net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer + support (jsc#PED-1549). +- xfrm: delete duplicated functions that calls same + xfrm_api_check() (jsc#PED-373). +- igb: zero hwtstamp by default (jsc#PED-370). +- i40e: little endian only valid checksums (jsc#PED-372). +- net/mlx5: Remove unused fill page array API function + (jsc#PED-1549). +- net/mlx5: Remove unused exported contiguous coherent buffer + allocation API (jsc#PED-1549). +- net/mlx5: CT: Remove extra rhashtable remove on tuple entries + (jsc#PED-1549). +- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory + (jsc#PED-1549). +- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce + memory (jsc#PED-1549). +- net/mlx5: DR, Remove num_of_entries byte_size from struct + mlx5_dr_icm_chunk (jsc#PED-1549). +- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce + memory (jsc#PED-1549). +- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk + (jsc#PED-1549). +- net/mlx5: DR, Adjust structure member to reduce memory hole + (jsc#PED-1549). +- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear + (jsc#PED-1549). +- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle + (jsc#PED-1549). +- net/mlx5e: RX, Test the XDP program existence out of the handler + (jsc#PED-1549). +- net/mlx5e: Build SKB in place over the first fragment in + non-linear legacy RQ (jsc#PED-1549). +- net/mlx5e: Add headroom only to the first fragment in legacy RQ + (jsc#PED-1549). +- net/mlx5e: Validate MTU when building non-linear legacy RQ + fragments info (jsc#PED-1549). +- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth + explicitly (jsc#PED-1549). +- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit + (jsc#PED-1549). +- net/sched: add vlan push_eth and pop_eth action to the hardware + IR (jsc#PED-1549). +- devlink: pass devlink_port to port_split / port_unsplit + callbacks (jsc#PED-1549). +- devlink: hold the instance lock in port_split / port_unsplit + callbacks (jsc#PED-1549). +- eth: mlxsw: switch to explicit locking for port registration + (jsc#PED-1549). +- eth: nfp: replace driver's "pf" lock with devlink instance lock + (jsc#PED-1549). +- eth: nfp: wrap locking assertions in helpers (jsc#PED-1549). +- net/mlx5: Support GRE conntrack offload (jsc#PED-1549). +- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats + (jsc#PED-1549). +- net/mlx5e: Remove overzealous validations in netlink EEPROM + query (jsc#PED-1549). +- net/mlx5: Parse module mapping using mlx5_ifc (jsc#PED-1549). +- net/mlx5: Query the maximum MCIA register read size from + firmware (jsc#PED-1549). +- net/mlx5: CT: Create smfs dr matchers dynamically + (jsc#PED-1549). +- net/mlx5: CT: Add software steering ct flow steering provider + (jsc#PED-1549). +- net/mlx5: Add smfs lib to export direct steering API to CT + (jsc#PED-1549). +- net/mlx5: DR, Add helper to get backing dr table from a mlx5 + flow table (jsc#PED-1549). +- net/mlx5: CT: Introduce a platform for multiple flow steering + providers (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the doorbell pgdir + (jsc#PED-1549). +- net/mlx5: Node-aware allocation for UAR (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the EQs (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the EQ table (jsc#PED-1549). +- net/mlx5: Node-aware allocation for the IRQ table + (jsc#PED-1549). +- net/mlx5: Delete useless module.h include (jsc#PED-1549). +- net/mlx5: DR, Add support for ConnectX-7 steering + (jsc#PED-1549). +- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 + (jsc#PED-1549). +- net/mlx5: DR, Rename action modify fields to reflect naming + in HW spec (jsc#PED-1549). +- net/mlx5: DR, Fix handling of different actions on the same + STE in STEv1 (jsc#PED-1549). +- net/mlx5: DR, Remove unneeded comments (jsc#PED-1549). +- net/mlx5: DR, Add support for matching on Internet Header Length + (IHL) (jsc#PED-1549). +- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior + (jsc#PED-1549). +- net/mlx5: Add debugfs counters for page commands failures + (jsc#PED-1549). +- net/mlx5: Add pages debugfs (jsc#PED-1549). +- net/mlx5: Move debugfs entries to separate struct + (jsc#PED-1549). +- net/mlx5: Change release_all_pages cap bit location + (jsc#PED-1549). +- net/mlx5: Remove redundant error on reclaim pages + (jsc#PED-1549). +- net/mlx5: Remove redundant error on give pages (jsc#PED-1549). +- net/mlx5: Remove redundant notify fail on give pages + (jsc#PED-1549). +- net/mlx5: Add command failures data to debugfs (jsc#PED-1549). +- net/mlx5e: TC, Fix use after free in + mlx5e_clone_flow_attr_for_post_act() (jsc#PED-1549). +- mlx5: add support for page_pool_get_stats (jsc#PED-1549). +- iavf: Remove non-inclusive language (jsc#PED-835). +- iavf: Fix incorrect use of assigning iavf_status to int + (jsc#PED-835). +- iavf: stop leaking iavf_status as "errno" values (jsc#PED-835). +- iavf: remove redundant ret variable (jsc#PED-835). +- iavf: Add usage of new virtchnl format to set default MAC + (jsc#PED-835). +- iavf: refactor processing of VLAN V2 capability message + (jsc#PED-835). +- iavf: Add support for 50G/100G in AIM algorithm (jsc#PED-835). +- net/mlx5: Add clarification on sync reset failure + (jsc#PED-1549). +- net/mlx5: Add reset_state field to MFRL register (jsc#PED-1549). +- RDMA/mlx5: Use new command interface API (jsc#PED-1552). +- net/mlx5: cmdif, Refactor error handling and reporting of + async commands (jsc#PED-1549). +- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} + (jsc#PED-1549). +- net/mlx5: cmdif, Add new api for command execution + (jsc#PED-1549). +- net/mlx5: cmdif, cmd_check refactoring (jsc#PED-1549). +- net/mlx5: cmdif, Return value improvements (jsc#PED-1549). +- net/mlx5: Lag, offload active-backup drops to hardware + (jsc#PED-1549). +- net/mlx5: Lag, record inactive state of bond device + (jsc#PED-1549). +- net/mlx5: Lag, don't use magic numbers for ports (jsc#PED-1549). +- net/mlx5: Lag, use local variable already defined to access + E-Switch (jsc#PED-1549). +- net/mlx5: E-switch, add drop rule support to ingress ACL + (jsc#PED-1549). +- net/mlx5: E-switch, remove special uplink ingress ACL handling + (jsc#PED-1549). +- net/mlx5: E-Switch, reserve and use same uplink metadata across + ports (jsc#PED-1549). +- net/mlx5: Add ability to insert to specific flow group + (jsc#PED-1549). +- mlx5: remove unused static inlines (jsc#PED-1549). +- flow_offload: reject offload for all drivers with invalid + police parameters (jsc#PED-1549). +- net: flow_offload: add tc police action parameters + (jsc#PED-1549). +- nfp: add support to offload police action from flower table + (jsc#PED-1549). +- nfp: add process to get action stats from hardware + (jsc#PED-1549). +- nfp: add hash table to store meter table (jsc#PED-1549). +- nfp: add support to offload tc action to hardware + (jsc#PED-1549). +- nfp: refactor policer config to support ingress/egress meter + (jsc#PED-1549). +- ixgbe: Remove non-inclusive language (jsc#PED-373). +- ixgbevf: clean up some inconsistent indenting (jsc#PED-373). +- net/mlx5e: TC, Allow sample action with CT (jsc#PED-1549). +- net/mlx5e: TC, Make post_act parse CT and sample actions + (jsc#PED-1549). +- net/mlx5e: TC, Clean redundant counter flag from tc action + parsers (jsc#PED-1549). +- net/mlx5e: Use multi table support for CT and sample actions + (jsc#PED-1549). +- net/mlx5e: Create new flow attr for multi table actions + (jsc#PED-1549). +- net/mlx5e: Add post act offload/unoffload API (jsc#PED-1549). +- net/mlx5e: Pass actions param to actions_match_supported() + (jsc#PED-1549). +- net/mlx5e: TC, Move flow hashtable to be per rep (jsc#PED-1549). +- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev + mode (jsc#PED-1549). +- net/mlx5e: E-Switch, Add PTP counters for uplink representor + (jsc#PED-1549). +- net/mlx5e: RX, Restrict bulk size for small Striding RQs + (jsc#PED-1549). +- net/mlx5e: Default to Striding RQ when not conflicting with + CQE compression (jsc#PED-1549). +- net/mlx5e: Generalize packet merge error message (jsc#PED-1549). +- net/mlx5e: Add support for using xdp->data_meta (jsc#PED-1549). +- net/mlx5e: Fix spelling mistake "supoported" -> "supported" + (jsc#PED-1549). +- net/mlx5e: Optimize the common case condition in + mlx5e_select_queue (jsc#PED-1549). +- net/mlx5e: Optimize modulo in mlx5e_select_queue (jsc#PED-1549). +- net/mlx5e: Optimize mlx5e_select_queue (jsc#PED-1549). +- net/mlx5e: Move repeating code that gets TC prio into a function + (jsc#PED-1549). +- net/mlx5e: Use select queue parameters to sync with control flow + (jsc#PED-1549). +- net/mlx5e: Move mlx5e_select_queue to en/selq.c (jsc#PED-1549). +- net/mlx5e: Introduce select queue parameters (jsc#PED-1549). +- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues + (jsc#PED-1549). +- net/mlx5e: Use a barrier after updating txq2sq (jsc#PED-1549). +- net/mlx5e: Disable TX queues before registering the netdev + (jsc#PED-1549). +- net/mlx5e: Cleanup of start/stop all queues (jsc#PED-1549). +- net/mlx5e: Use FW limitation for max MPW WQEBBs (jsc#PED-1549). +- net/mlx5e: Read max WQEBBs on the SQ from firmware + (jsc#PED-1549). +- net/mlx5e: Remove unused tstamp SQ field (jsc#PED-1549). +- i40e: xsk: Move tmp desc array from driver to pool + (jsc#PED-372). +- i40e: Add a stat for tracking busy rx pages (jsc#PED-372). +- i40e: Add a stat for tracking pages waived (jsc#PED-372). +- i40e: Add a stat tracking new RX page allocations (jsc#PED-372). +- i40e: Aggregate and export RX page reuse stat (jsc#PED-372). +- i40e: Remove rx page reuse double count (jsc#PED-372). +- i40e: Fix race condition while adding/deleting MAC/VLAN filters + (jsc#PED-372). +- i40e: Add new version of i40e_aq_add_macvlan function + (jsc#PED-372). +- i40e: Add new versions of send ASQ command functions + (jsc#PED-372). +- i40e: Add sending commands in atomic context (jsc#PED-372). +- i40e: Remove unused RX realloc stat (jsc#PED-372). +- i40e: Disable hw-tc-offload feature on driver load + (jsc#PED-372). +- mlxsw: spectrum: Guard against invalid local ports + (jsc#PED-1549). +- net/mlx5: VLAN push on RX, pop on TX (jsc#PED-1549). +- net/mlx5: Introduce software defined steering capabilities + (jsc#PED-1549). +- net/mlx5: Remove unused TIR modify bitmask enums (jsc#PED-1549). +- net/mlx5e: CT, Remove redundant flow args from tc ct calls + (jsc#PED-1549). +- net/mlx5e: TC, Store mapped tunnel id on flow attr + (jsc#PED-1549). +- net/mlx5e: Test CT and SAMPLE on flow attr (jsc#PED-1549). +- net/mlx5e: Refactor eswitch attr flags to just attr flags + (jsc#PED-1549). +- net/mlx5e: CT, Don't set flow flag CT for ct clear flow + (jsc#PED-1549). +- net/mlx5e: TC, Hold sample_attr on stack instead of pointer + (jsc#PED-1549). +- net/mlx5e: TC, Reject rules with multiple CT actions + (jsc#PED-1549). +- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get + flow attr (jsc#PED-1549). +- net/mlx5e: TC, Pass attr to tc_act can_offload() (jsc#PED-1549). +- net/mlx5e: TC, Split pedit offloads verify from + alloc_tc_pedit_action() (jsc#PED-1549). +- net/mlx5e: TC, Move pedit_headers_action to parse_attr + (jsc#PED-1549). +- net/mlx5e: Move counter creation call to + alloc_flow_attr_counter() (jsc#PED-1549). +- net/mlx5e: Pass attr arg for attaching/detaching encaps + (jsc#PED-1549). +- net/mlx5e: Move code chunk setting encap dests into its own + function (jsc#PED-1549). +- igbvf: Remove useless DMA-32 fallback configuration + (jsc#PED-370). +- igb: Remove useless DMA-32 fallback configuration (jsc#PED-370). +- igc: Remove useless DMA-32 fallback configuration (jsc#PED-375). +- iavf: Remove useless DMA-32 fallback configuration + (jsc#PED-835). +- i40e: Remove useless DMA-32 fallback configuration + (jsc#PED-372). +- ixgbevf: Remove useless DMA-32 fallback configuration + (jsc#PED-373). +- ixgbe: Remove useless DMA-32 fallback configuration + (jsc#PED-373). +- bpf: add frags support to the bpf_xdp_adjust_tail() API + (jsc#PED-373). +- bpf: introduce bpf_xdp_get_buff_len helper (jsc#PED-373). +- xdp: add frags support to xdp_return_{buff/frame} (jsc#PED-373). +- net/mlx5: Add migration commands definitions (jsc#PED-1549). +- net/mlx5: Introduce migration bits and structures + (jsc#PED-1549). +- net/mlx5: Expose APIs to get/put the mlx5 core device + (jsc#PED-1549). +- PCI/IOV: Add pci_iov_get_pf_drvdata() to allow VF reaching + the drvdata of a PF (jsc#PED-1549). +- net/mlx5: Reuse exported virtfn index function call + (jsc#PED-1549). +- PCI/IOV: Add pci_iov_vf_id() to get VF index (jsc#PED-1549). +- iavf: Fix adopting new combined setting (jsc#PED-835). +- vdpa: fix use-after-free on vp_vdpa_remove (jsc#PED-1549). +- vhost: fix hung thread due to erroneous iotlb entries + (jsc#PED-1549). +- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET + command (jsc#PED-1549). +- vdpa/mlx5: should verify CTRL_VQ feature exists for MQ + (jsc#PED-1549). +- vdpa: factor out vdpa_set_features_unlocked for vdpa internal + use (jsc#PED-1549). +- xfrm: enforce validity of offload input flags (jsc#PED-373). +- net/mlx5e: Fix VF min/max rate parameters interchange mistake + (jsc#PED-1549). +- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information + (jsc#PED-1549). +- net/mlx5e: Add feature check for set fec counters + (jsc#PED-1549). +- net/mlx5e: TC, Skip redundant ct clear actions (jsc#PED-1549). +- net/mlx5: Update log_max_qp value to be 17 at most + (jsc#PED-1549). +- net_sched: add __rcu annotation to netdev->qdisc (jsc#PED-1549). +- vdpa/mlx5: Fix tracking of current number of VQs (jsc#PED-1549). +- vdpa/mlx5: Fix is_index_valid() to refer to features + (jsc#PED-1549). +- vdpa: Protect vdpa reset with cf_mutex (jsc#PED-1549). +- vdpa: Avoid taking cf_mutex lock on get status (jsc#PED-1549). +- vdpa/mlx5: Report max device capabilities (jsc#PED-1549). +- vdpa: Support reporting max device capabilities (jsc#PED-1549). +- vdpa/mlx5: Restore cur_num_vqs in case of failure in + change_num_qps() (jsc#PED-1549). +- vdpa: Add support for returning device configuration information + (jsc#PED-1549). +- vdpa/mlx5: Support configuring max data virtqueue + (jsc#PED-1549). +- vdpa/mlx5: Fix config_attr_mask assignment (jsc#PED-1549). +- vdpa: Allow to configure max data virtqueues (jsc#PED-1549). +- vdpa: Read device configuration only if FEATURES_OK + (jsc#PED-1549). +- vdpa: Sync calls set/get config/status with cf_mutex + (jsc#PED-1549). +- vdpa/mlx5: Distribute RX virtqueues in RQT object + (jsc#PED-1549). +- vdpa: Provide interface to read driver features (jsc#PED-1549). +- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 + (jsc#PED-1549). +- vdpa: Mark vdpa_config_ops.get_vq_notification as optional + (jsc#PED-1549). +- vdpa: Avoid duplicate call to vp_vdpa get_status (jsc#PED-1549). +- net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU + (jsc#PED-1549). +- vdpa: add driver_override support (jsc#PED-1549). +- docs: document sysfs ABI for vDPA bus (jsc#PED-1549). +- ifcvf/vDPA: fix misuse virtio-net device config size for blk + dev (jsc#PED-1549). +- RDMA/mlx5: Print wc status on CQE error and dump needed + (jsc#PED-1552). +- RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr + (jsc#PED-1552). +- net/mlx5: Use irq_set_affinity_and_hint() (jsc#PED-1549). +- ixgbe: Use irq_update_affinity_hint() (jsc#PED-373). +- i40e: Use irq_update_affinity_hint() (jsc#PED-372). +- iavf: Use irq_update_affinity_hint() (jsc#PED-835). +- vdpa/mlx5: Use auxiliary_device driver data helpers + (jsc#PED-1549). +- net/mlx5e: Use auxiliary_device driver data helpers + (jsc#PED-1549). +- RDMA/irdma: Use auxiliary_device driver data helpers + (jsc#PED-1552). +- net: openvswitch: Fix ct_state nat flags for conns arriving + from tc (jsc#PED-1549). +- net/mlx5e: Fix build error in fec_set_block_stats() + (jsc#PED-1549). +- iavf: remove an unneeded variable (jsc#PED-835). +- i40e: remove variables set but not used (jsc#PED-372). +- i40e: Remove non-inclusive language (jsc#PED-372). +- i40e: Update FW API version (jsc#PED-372). +- i40e: Minimize amount of busy-waiting during AQ send + (jsc#PED-372). +- net/mlx5e: Add recovery flow in case of error CQE + (jsc#PED-1549). +- net/mlx5e: TC, Remove redundant error logging (jsc#PED-1549). +- net/mlx5e: Refactor set_pflag_cqe_based_moder (jsc#PED-1549). +- net/mlx5e: Move HW-GRO and CQE compression check to fix features + flow (jsc#PED-1549). +- net/mlx5e: Fix feature check per profile (jsc#PED-1549). +- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't + eswitch manager (jsc#PED-1549). +- net/mlx5e: Expose FEC counters via ethtool (jsc#PED-1549). +- net/mlx5: Update log_max_qp value to FW max capability + (jsc#PED-1549). +- net/mlx5: SF, Use all available cpu for setting cpu affinity + (jsc#PED-1549). +- net/mlx5: Introduce API for bulk request and release of IRQs + (jsc#PED-1549). +- net/mlx5: Split irq_pool_affinity logic to new file + (jsc#PED-1549). +- net/mlx5: Move affinity assignment into irq_request + (jsc#PED-1549). +- net/mlx5: Introduce control IRQ request API (jsc#PED-1549). +- net/mlx5: mlx5e_hv_vhca_stats_create return type to void + (jsc#PED-1549). +- mlxsw: spectrum: Extend to support Spectrum-4 ASIC + (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Add support for Spectrum-4 + calculation (jsc#PED-1549). +- mlxsw: Add operations structure for bloom filter calculation + (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Rename Spectrum-2 specific + objects for future use (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Make + mlxsw_sp_acl_bf_key_encode() more flexible (jsc#PED-1549). +- mlxsw: spectrum_acl_bloom_filter: Reorder functions to make + the code more aesthetic (jsc#PED-1549). +- mlxsw: Introduce flex key elements for Spectrum-4 + (jsc#PED-1549). +- mlxsw: Rename virtual router flex key element (jsc#PED-1549). +- net: fixup build after bpf header changes (jsc#PED-1549). +- net/mlx5: CT: Set flow source hint from provided tuple device + (jsc#PED-1549). +- xsk: Wipe out dead zero_copy_allocator declarations + (jsc#PED-373). +- net/mlx5: Set SMFS as a default steering mode if device supports + it (jsc#PED-1549). +- net/mlx5: DR, Ignore modify TTL if device doesn't support it + (jsc#PED-1549). +- net/mlx5: DR, Improve steering for empty or RX/TX-only matchers + (jsc#PED-1549). +- net/mlx5: DR, Add support for matching on + geneve_tlv_option_0_exist field (jsc#PED-1549). +- net/mlx5: DR, Support matching on tunnel headers 0 and 1 + (jsc#PED-1549). +- net/mlx5: DR, Add misc5 to match_param structs (jsc#PED-1549). +- net/mlx5: Add misc5 flow table match parameters (jsc#PED-1549). +- net/mlx5: DR, Warn on failure to destroy objects due to refcount + (jsc#PED-1549). +- net/mlx5: DR, Add support for UPLINK destination type + (jsc#PED-1549). +- net/mlx5: DR, Add support for dumping steering info + (jsc#PED-1549). +- net/mlx5: DR, Add missing reserved fields to dr_match_param + (jsc#PED-1549). +- net/mlx5: DR, Add check for flex parser ID value (jsc#PED-1549). +- net/mlx5: DR, Rename list field in matcher struct to list_node + (jsc#PED-1549). +- net/mlx5: DR, Remove unused struct member in matcher + (jsc#PED-1549). +- net/mlx5: DR, Fix lower case macro prefix "mlx5_" to "MLX5_" + (jsc#PED-1549). +- net/mlx5: DR, Fix error flow in creating matcher (jsc#PED-1549). +- igb: support EXTTS on 82580/i354/i350 (jsc#PED-370). +- igb: support PEROUT on 82580/i354/i350 (jsc#PED-370). +- igb: move PEROUT and EXTTS isr logic to separate functions + (jsc#PED-370). +- igb: move SDP config initialization to separate function + (jsc#PED-370). +- ixgbevf: switch to napi_build_skb() (jsc#PED-373). +- ixgbe: switch to napi_build_skb() (jsc#PED-373). +- igc: switch to napi_build_skb() (jsc#PED-375). +- igb: switch to napi_build_skb() (jsc#PED-370). +- iavf: switch to napi_build_skb() (jsc#PED-835). +- i40e: switch to napi_build_skb() (jsc#PED-372). +- net/mlx5e: Take packet_merge params directly from the RX res + struct (jsc#PED-1549). +- net/mlx5e: Allocate per-channel stats dynamically at first usage + (jsc#PED-1549). +- net/mlx5e: Use dynamic per-channel allocations in stats + (jsc#PED-1549). +- net/mlx5e: Allow profile-specific limitation on max num of + channels (jsc#PED-1549). +- net/mlx5e: Save memory by using dynamic allocation in netdev + priv (jsc#PED-1549). +- net/mlx5e: Add profile indications for PTP and QOS HTB features + (jsc#PED-1549). +- net/mlx5e: Use bitmap field for profile features (jsc#PED-1549). +- net/mlx5: Remove the repeated declaration (jsc#PED-1549). +- net/mlx5: Let user configure max_macs generic param + (jsc#PED-1549). +- net/mlx5: Let user configure event_eq_size param (jsc#PED-1549). +- net/mlx5: Let user configure io_eq_size param (jsc#PED-1549). +- igbvf: Refactor trace (jsc#PED-370). +- igb: remove never changed variable `ret_val' (jsc#PED-370). +- igc: Remove obsolete define (jsc#PED-375). +- igc: Remove obsolete mask (jsc#PED-375). +- igc: Remove obsolete nvm type (jsc#PED-375). +- igc: Remove unused phy type (jsc#PED-375). +- igc: Remove unused _I_PHY_ID define (jsc#PED-375). +- net/sched: use min() macro instead of doing it manually + (jsc#PED-1549). +- flow_offload: add reoffload process to update hw_count + (jsc#PED-1549). +- net: sched: save full flags for tc action (jsc#PED-1549). +- flow_offload: add process to update action stats from hardware + (jsc#PED-1549). +- flow_offload: add skip_hw and skip_sw to control if offload + the action (jsc#PED-1549). +- flow_offload: allow user to offload tc action to net device + (jsc#PED-1549). +- flow_offload: add ops to tc_action_ops for flow action setup + (jsc#PED-1549). +- flow_offload: rename offload functions with offload instead + of flow (jsc#PED-1549). +- flow_offload: add index to flow_action_entry structure + (jsc#PED-1549). +- iavf: Restrict maximum VLAN filters for + VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-835). +- iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev + config (jsc#PED-835). +- virtchnl: Add support for new VLAN capabilities (jsc#PED-835). +- net/mlx5: Introduce log_max_current_uc_list_wr_supported bit + (jsc#PED-1549). +- RDMA/mlx5: Add support to multiple priorities for FDB rules + (jsc#PED-1552). +- net/mlx5: Create more priorities for FDB bypass namespace + (jsc#PED-1549). +- net/mlx5: Refactor mlx5_get_flow_namespace (jsc#PED-1549). +- net/mlx5: Separate FDB namespace (jsc#PED-1549). +- net/mlx5e: Move goto action checks into tc_action goto post + parse op (jsc#PED-1549). +- net/mlx5e: Move vlan action chunk into tc action vlan post + parse op (jsc#PED-1549). +- net/mlx5e: Add post_parse() op to tc action infrastructure + (jsc#PED-1549). +- net/mlx5e: Move sample attr allocation to tc_action sample + parse op (jsc#PED-1549). +- net/mlx5e: TC action parsing loop (jsc#PED-1549). +- net/mlx5e: Add redirect ingress to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add sample and ptype to tc_action infra + (jsc#PED-1549). +- net/mlx5e: Add ct to tc action infra (jsc#PED-1549). +- net/mlx5e: Add mirred/redirect to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add mpls push/pop to tc action infra (jsc#PED-1549). +- net/mlx5e: Add vlan push/pop/mangle to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add pedit to tc action infra (jsc#PED-1549). +- net/mlx5e: Add csum to tc action infra (jsc#PED-1549). +- net/mlx5e: Add tunnel encap/decap to tc action infra + (jsc#PED-1549). +- net/mlx5e: Add goto to tc action infra (jsc#PED-1549). +- net/mlx5e: Add tc action infrastructure (jsc#PED-1549). +- xfrm: add net device refcount tracker to struct + xfrm_state_offload (jsc#PED-373). +- net/mlx5: Dynamically resize flow counters query buffer + (jsc#PED-1549). +- net/mlx5e: TC, Set flow attr ip_version earlier (jsc#PED-1549). +- net/mlx5e: TC, Move common flow_action checks into function + (jsc#PED-1549). +- net/mlx5e: Remove redundant actions arg from vlan push/pop funcs + (jsc#PED-1549). +- net/mlx5e: Remove redundant actions arg from + validate_goto_chain() (jsc#PED-1549). +- net/mlx5e: TC, Remove redundant action stack var (jsc#PED-1549). +- net/mlx5e: Hide function mlx5e_num_channels_changed + (jsc#PED-1549). +- net/mlx5e: SHAMPO, clean MLX5E_MAX_KLM_PER_WQE macro + (jsc#PED-1549). +- net/mlx5: Print more info on pci error handlers (jsc#PED-1549). +- net/mlx5: SF, silence an uninitialized variable warning + (jsc#PED-1549). +- net/mlx5: Fix error return code in esw_qos_create() + (jsc#PED-1549). +- mlx5: fix mlx5i_grp_sw_update_stats() stack usage + (jsc#PED-1549). +- mlx5: fix psample_sample_packet link error (jsc#PED-1549). +- mlxsw: Use u16 for local_port field instead of u8 + (jsc#PED-1549). +- mlxsw: reg: Adjust PPCNT register to support local port 255 + (jsc#PED-1549). +- mlxsw: reg: Increase 'port_num' field in PMTDB register + (jsc#PED-1549). +- mlxsw: reg: Align existing registers to use extended local_port + field (jsc#PED-1549). +- mlxsw: item: Add support for local_port field in a split form + (jsc#PED-1549). +- iavf: Fix displaying queue statistics shown by ethtool + (jsc#PED-835). +- iavf: Refactor string format to avoid static analysis warnings + (jsc#PED-835). +- iavf: Refactor text of informational message (jsc#PED-835). +- iavf: Fix static code analysis warning (jsc#PED-835). +- iavf: Refactor iavf_mac_filter struct memory usage + (jsc#PED-835). +- iavf: Enable setting RSS hash key (jsc#PED-835). +- iavf: return errno code instead of status code (jsc#PED-835). +- iavf: Log info when VF is entering and leaving Allmulti mode + (jsc#PED-835). +- iavf: Add change MTU message (jsc#PED-835). +- igc: enable XDP metadata in driver (jsc#PED-375). +- devlink: Simplify devlink resources unregister call + (jsc#PED-1549). +- mlxsw: spectrum_router: Remove deadcode in + mlxsw_sp_rif_mac_profile_find (jsc#PED-1549). +- net: dsa: felix: restrict psfp rules on ingress port + (jsc#PED-1549). +- net: dsa: felix: use vcap policer to set flow meter for psfp + (jsc#PED-1549). +- net: mscc: ocelot: use index to set vcap policer (jsc#PED-1549). +- net: dsa: felix: add stream gate settings for psfp + (jsc#PED-1549). +- net: dsa: felix: support psfp filter on vsc9959 (jsc#PED-1549). +- net: mscc: ocelot: add gate and police action offload to PSFP + (jsc#PED-1549). +- net: mscc: ocelot: set vcap IS2 chain to goto PSFP chain + (jsc#PED-1549). +- ixgbevf: Add support for new mailbox communication between PF + and VF (jsc#PED-373). +- ixgbevf: Mailbox improvements (jsc#PED-373). +- ixgbevf: Add legacy suffix to old API mailbox functions + (jsc#PED-373). +- ixgbevf: Improve error handling in mailbox (jsc#PED-373). +- stmmac: fix build due to brainos in trans_start changes + (jsc#PED-370). +- net: annotate accesses to queue->trans_start (jsc#PED-370). +- net/mlx5: E-switch, Create QoS on demand (jsc#PED-1549). +- net/mlx5: E-switch, Enable vport QoS on demand (jsc#PED-1549). +- net/mlx5: E-switch, move offloads mode callbacks to offloads + file (jsc#PED-1549). +- net/mlx5: E-switch, Reuse mlx5_eswitch_set_vport_mac + (jsc#PED-1549). +- net/mlx5: E-switch, Remove vport enabled check (jsc#PED-1549). +- net/mlx5e: Specify out ifindex when looking up decap route + (jsc#PED-1549). +- net/mlx5e: TC, Move comment about mod header flag to correct + place (jsc#PED-1549). +- net/mlx5e: TC, Move kfree() calls after destroying all resources + (jsc#PED-1549). +- net/mlx5e: TC, Destroy nic flow counter if exists + (jsc#PED-1549). +- net/mlx5: TC, using swap() instead of tmp variable + (jsc#PED-1549). +- net/mlx5: CT: Allow static allocation of mod headers + (jsc#PED-1549). +- net/mlx5e: Refactor mod header management API (jsc#PED-1549). +- net/mlx5: Avoid printing health buffer when firmware is + unavailable (jsc#PED-1549). +- net/mlx5: Fix format-security build warnings (jsc#PED-1549). +- net/mlx5e: Support ethtool cq mode (jsc#PED-1549). +- net: openvswitch: Fix matching zone id for invalid conns + arriving from tc (jsc#PED-1549). +- net/sched: flow_dissector: Fix matching on zone id for invalid + conns (jsc#PED-1549). +- mlxsw: spectrum_router: Consolidate MAC profiles when possible + (jsc#PED-1549). +- vhost-vdpa: clean irqs before reseting vdpa device + (jsc#PED-1549). +- vdpa/mlx5: Forward only packets with allowed MAC address + (jsc#PED-1549). +- vdpa/mlx5: Support configuration of MAC (jsc#PED-1549). +- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit + (jsc#PED-1549). +- vdpa: Enable user to set mac and mtu of vdpa device + (jsc#PED-1549). +- vdpa: Use kernel coding style for structure comments + (jsc#PED-1549). +- vdpa: Introduce query of device config layout (jsc#PED-1549). +- vdpa: Introduce and use vdpa device get, set config helpers + (jsc#PED-1549). +- vdpa/mlx5: Propagate link status from device to vdpa driver + (jsc#PED-1549). +- vdpa/mlx5: Rename control VQ workqueue to vdpa wq + (jsc#PED-1549). +- vdpa/mlx5: Remove mtu field from vdpa net device (jsc#PED-1549). +- vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE + (jsc#PED-1549). +- vdpa: min vq num of vdpa device cannot be greater than max vq + num (jsc#PED-1549). +- vdpa: add new callback get_vq_num_min in vdpa_config_ops + (jsc#PED-1549). +- vp_vdpa: add vq irq offloading support (jsc#PED-1549). +- vdpa: fix typo (jsc#PED-1549). +- cls_flower: Fix inability to match GRE/IPIP packets + (jsc#PED-1549). +- netdevsim: fix uninit value in nsim_drv_configure_vfs() + (jsc#PED-1549). +- netdevsim: rename 'driver' entry points (jsc#PED-1549). +- netdevsim: move max vf config to dev (jsc#PED-1549). +- netdevsim: move details of vf config to dev (jsc#PED-1549). +- netdevsim: move vfconfig to nsim_dev (jsc#PED-1549). +- netdevsim: take rtnl_lock when assigning num_vfs (jsc#PED-1549). +- virtchnl: Use the BIT() macro for capability/offload flags + (jsc#PED-835). +- virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define + (jsc#PED-835). +- netdevsim: remove max_vfs dentry (jsc#PED-1549). +- mlxsw: spectrum_router: Expose RIF MAC profiles to devlink + resource (jsc#PED-1549). +- mlxsw: spectrum_router: Add RIF MAC profiles support + (jsc#PED-1549). +- mlxsw: spectrum_router: Propagate extack further (jsc#PED-1549). +- mlxsw: resources: Add resource identifier for RIF MAC profiles + (jsc#PED-1549). +- mlxsw: reg: Add MAC profile ID field to RITR register + (jsc#PED-1549). +- mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable + (jsc#PED-1549). +- net: mscc: ocelot: support egress VLAN rewriting via VCAP ES0 + (jsc#PED-1549). +- xsk: Optimize for aligned case (jsc#PED-1549). +- virtio_net: introduce TX timeout watchdog (jsc#PED-370). +- mlxsw: Make PMAOS pack function more generic (jsc#PED-1549). +- mlxsw: reg: Add fields to PMAOS register (jsc#PED-1549). +- mlxsw: Track per-module port status (jsc#PED-1549). +- mlxsw: spectrum: Do not return an error in + mlxsw_sp_port_module_unmap() (jsc#PED-1549). +- mlxsw: spectrum: Do not return an error in ndo_stop() + (jsc#PED-1549). +- mlxsw: core_env: Convert 'module_info_lock' to a mutex + (jsc#PED-1549). +- mlxsw: core_env: Defer handling of module temperature warning + events (jsc#PED-1549). +- mlxsw: reg: Remove PMTM register (jsc#PED-1549). +- mlxsw: spectrum: Move port SWID set before core port init + (jsc#PED-1549). +- mlxsw: spectrum: Move port module mapping before core port init + (jsc#PED-1549). +- mlxsw: spectrum: Bump minimum FW version to xx.2008.3326 + (jsc#PED-1549). +- vduse: Fix race condition between resetting and irq injecting + (jsc#PED-1549). +- vduse: Disallow injecting interrupt before DRIVER_OK is set + (jsc#PED-1549). +- vhost_vdpa: unset vq irq before freeing irq (jsc#PED-1549). +- vdpa: potential uninitialized return in vhost_vdpa_va_map() + (jsc#PED-1549). +- vdpa/mlx5: Avoid executing set_vq_ready() if device is reset + (jsc#PED-1549). +- vdpa/mlx5: Clear ready indication for control VQ (jsc#PED-1549). +- vduse: Cleanup the old kernel states after reset failure + (jsc#PED-1549). +- vduse: missing error code in vduse_init() (jsc#PED-1549). +- Documentation: Add documentation for VDUSE (jsc#PED-1549). +- vduse: Implement an MMU-based software IOTLB (jsc#PED-1549). +- vdpa: Support transferring virtual addressing during DMA mapping + (jsc#PED-1549). +- vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap() + (jsc#PED-1549). +- vdpa: Add an opaque pointer for vdpa_config_ops.dma_map() + (jsc#PED-1549). +- vhost-iotlb: Add an opaque pointer for vhost IOTLB + (jsc#PED-1549). +- vhost-vdpa: Handle the failure of vdpa_reset() (jsc#PED-1549). +- vdpa: Add reset callback in vdpa_config_ops (jsc#PED-1549). +- vdpa: Fix some coding style issues (jsc#PED-1549). +- file: Export receive_fd() to modules (jsc#PED-1549). +- vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro + (jsc#PED-1549). +- vdpa/mlx5: Add multiqueue support (jsc#PED-1549). +- vdpa/mlx5: Ensure valid indices are provided (jsc#PED-1549). +- vdpa/mlx5: Decouple virtqueue callback from struct + mlx5_vdpa_virtqueue (jsc#PED-1549). +- vdpa/mlx5: function prototype modifications in preparation to + control VQ (jsc#PED-1549). +- vdpa/mlx5: Remove redundant header file inclusion + (jsc#PED-1549). +- vDPA/ifcvf: enable multiqueue and control vq (jsc#PED-1549). +- vDPA/ifcvf: detect and use the onboard number of queues directly + (jsc#PED-1549). +- vDPA/ifcvf: implement management netlink framework for ifcvf + (jsc#PED-1549). +- vDPA/ifcvf: introduce get_dev_type() which returns virtio dev id + (jsc#PED-1549). +- mlxsw: spectrum: Add infrastructure for parsing configuration + (jsc#PED-1549). +- net/sched: store the last executed chain also for clsact egress + (jsc#PED-1549). +- nfp: flower-tc: add flow stats updates for ct (jsc#PED-1549). +- nfp: flower-ct: add offload calls to the nfp (jsc#PED-1549). +- nfp: flower-ct: add flow_pay to the offload table + (jsc#PED-1549). +- nfp: flower-ct: add actions into flow_pay for offload + (jsc#PED-1549). +- nfp: flower-ct: compile match sections of flow_payload + (jsc#PED-1549). +- nfp: flower-ct: calculate required key_layers (jsc#PED-1549). +- nfp: flower: refactor action offload code slightly + (jsc#PED-1549). +- nfp: flower: refactor match functions to take flow_rule as input + (jsc#PED-1549). +- nfp: flower: make the match compilation functions reusable + (jsc#PED-1549). +- netdevsim: Add multi-queue support (jsc#PED-1549). +- net/sched: Remove unnecessary if statement (jsc#PED-1549). +- bpf: Add function for XDP meta data length check (jsc#PED-373). +- commit 820516d + +- ethernet: sparx5: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: sxgbe: use eth_hw_addr_set() (jsc#PED-1565). +- commit efcaf78 + +- ethernet: ibmveth: use ether_addr_to_u64() (jsc#PED-1565). +- commit 62557e1 + +- intersil: remove obsolete prism54 wireless driver + (jsc#PED-1565). +- Update config files. +- supported.conf: removed prism64 +- commit 2e3787e + +- staging: rtl8188eu fix fallout of constifying dev_addr + (jsc#PED-1565). +- commit 388ba9a + +- sfc: siena: Fix Kconfig dependencies (jsc#PED-1565). +- Update config files. +- supported.conf: Addedd sfc-siena +- commit d576f42 + +- net: add net device refcount tracker infrastructure + (jsc#PED-1565). +- Update config files. +- commit 62b348b + +- of: net: move of_net under net/ (jsc#PED-1565). +- Update config files. +- commit 04e77fb + +- net: annotate accesses to dev->gso_max_segs (jsc#PED-1565). +- Refresh patches.suse/octeontx2-pf-Add-TC-feature-for-VFs.patch. +- commit 37035f5 + +- usb: gadget: u_ether: use eth_hw_addr_set() (jsc#PED-1565). +- Refresh + patches.suse/usb-gadget-u_ether-fix-regression-in-setting-fixed-M.patch. +- commit 219037e + +- device property: move mac addr helpers to eth.c (jsc#PED-1565). +- Refresh + patches.suse/device-property-Add-fwnode_irq_get_byname.patch. +- commit c05663b + +- sfc: implement ethtool get/set RX ring size for EF100 reps + (jsc#PED-1565). +- sfc: use a dynamic m-port for representor RX and set it promisc + (jsc#PED-1565). +- sfc: move table locking into filter_table_{probe,remove} + methods (jsc#PED-1565). +- sfc: insert default MAE rules to connect VFs to representors + (jsc#PED-1565). +- sfc: receive packets from EF100 VFs into representors + (jsc#PED-1565). +- sfc: check ef100 RX packets are from the wire (jsc#PED-1565). +- sfc: determine wire m-port at EF100 PF probe time + (jsc#PED-1565). +- sfc: ef100 representor RX top half (jsc#PED-1565). +- sfc: ef100 representor RX NAPI poll (jsc#PED-1565). +- sfc: plumb ef100 representor stats (jsc#PED-1565). +- sfc/siena: fix repeated words in comments (jsc#PED-1565). +- sfc/falcon: fix repeated words in comments (jsc#PED-1565). +- sfc: attach/detach EF100 representors along with their owning PF + (jsc#PED-1565). +- sfc: hook up ef100 representor TX (jsc#PED-1565). +- sfc: support passing a representor to the EF100 TX path + (jsc#PED-1565). +- sfc: determine representee m-port for EF100 representors + (jsc#PED-1565). +- sfc: phys port/switch identification for ef100 reps + (jsc#PED-1565). +- sfc: add basic ethtool ops to ef100 reps (jsc#PED-1565). +- sfc: add skeleton ef100 VF representors (jsc#PED-1565). +- sfc: detect ef100 MAE admin privilege/capability at probe time + (jsc#PED-1565). +- sfc: update EF100 register descriptions (jsc#PED-1565). +- sfc: update MCDI protocol headers (jsc#PED-1565). +- sfc: falcon: Use the bitmap API to allocate bitmaps + (jsc#PED-1565). +- sfc/siena: Use the bitmap API to allocate bitmaps + (jsc#PED-1565). +- sfc: Separate netdev probe/remove from PCI probe/remove + (jsc#PED-1565). +- sfc: disable softirqs for ptp TX (jsc#PED-1565). +- sfc: fix kernel panic when creating VF (jsc#PED-1565). +- sfc: fix use after free when disabling sriov (jsc#PED-1565). +- net: make drivers set the TSO limit not the GSO limit + (jsc#PED-1565). +- bpf: Let bpf_warn_invalid_xdp_action() report more info + (jsc#PED-1565). +- bpf: Do not WARN in bpf_warn_invalid_xdp_action() + (jsc#PED-1565). +- net: usb: ax88179_178a: add TSO feature (jsc#PED-1565). +- bpf, devmap: Exclude XDP broadcast to master device + (jsc#PED-1565). +- bpf: devmap: Implement devmap prog execution for generic XDP + (jsc#PED-1565). +- bpf: cpumap: Implement generic cpumap (jsc#PED-1565). +- bitops: Add non-atomic bitops for pointers (jsc#PED-1565). +- net: core: Split out code to run generic XDP prog + (jsc#PED-1565). +- commit 86a0101 + +- ethernet: netsec: use eth_hw_addr_set() (jsc#PED-1565). +- commit de114d2 + +- net: fec_mpc52xx: don't discard const from netdev->dev_addr + (jsc#PED-1565). +- ethernet: fec: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: ocelot: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: enetc: use eth_hw_addr_set() (jsc#PED-1565). +- commit 7d923f4 + +- ethernet: via-velocity: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: via-rhine: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: ec_bhf: use eth_hw_addr_set() (jsc#PED-1565). +- commit fba8780 + +- RDMA/cxgb4: fix accept failure due to increased + cpl_t5_pass_accept_rpl size (jsc#PED-1508). +- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY + event (jsc#PED-1503). +- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() + (jsc#PED-1529). +- RDMA: remove useless condition in siw_create_cq() + (jsc#PED-1503). +- e1000e: convert .adjfreq to .adjfine (jsc#PED-837). +- e1000e: remove unnecessary range check in e1000e_phc_adjfreq + (jsc#PED-837). +- net/mlx4: Use devl_ API for devlink port register / unregister + (jsc#PED-1548). +- qlogic: qed: fix clang -Wformat warnings (jsc#PED-1526). +- qed: Use bitmap_empty() (jsc#PED-1526). +- qed: Use the bitmap API to allocate bitmaps (jsc#PED-1526). +- cxgb4: Use the bitmap API to allocate bitmaps (jsc#PED-1506). +- qlogic/qed: fix repeated words in comments (jsc#PED-1526). +- cxgb4: Fix typo in string (jsc#PED-1506). +- intel/e1000e:fix repeated words in comments (jsc#PED-837). +- intel: remove unused macros (jsc#PED-837). +- sfc: replace function name in string with __func__ + (jsc#PED-1565). +- sfc: Unsplit literal string (jsc#PED-1565). +- sfc: Move EF100 efx_nic_type structs to the end of the file + (jsc#PED-1565). +- sfc: Separate efx_nic memory from net_device memory + (jsc#PED-1565). +- sfc: Encapsulate access to netdev_priv() (jsc#PED-1565). +- sfc: Change BUG_ON to WARN_ON and recovery code (jsc#PED-1565). +- sfc: Remove netdev init from efx_init_struct (jsc#PED-1565). +- sfc: Add a PROBED state for EF100 VDPA use (jsc#PED-1565). +- sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP + (jsc#PED-1565). +- sfc:falcon: fix repeated words in comments (jsc#PED-1565). +- sfc: fix repeated words in comments (jsc#PED-1565). +- sfc: siena: fix repeated words in comments (jsc#PED-1565). +- cxgb4/cxgb4vf: Fix typo in comments (jsc#PED-1506). +- cxgb4vf: remove unexpected word "the" (jsc#PED-1506). +- sfc/siena: Fix typo in comment (jsc#PED-1565). +- sfc: Fix typo in comment (jsc#PED-1565). +- tcp: Fix data-races around sysctl knobs related to SYN option + (jsc#PED-1506). +- tcp: Fix data-races around sysctl_tcp_ecn (jsc#PED-1506). +- RDMA/qedr: Fix reporting QP timeout attribute (jsc#PED-1529). +- net/mlx4_en: Fix wrong return value on ioctl EEPROM query + failure (jsc#PED-1548). +- qed: replace bitmap_weight with bitmap_empty in qed_roce_stop() + (jsc#PED-1526). +- qed: rework qed_rdma_bmap_free() (jsc#PED-1526). +- net: mellanox: fix open-coded for_each_set_bit() (jsc#PED-1548). +- sfc/siena: fix wrong tx channel offset with + efx_separate_tx_channels (jsc#PED-1565). +- sfc/siena: fix considering that all channels have TX queues + (jsc#PED-1565). +- sfc: fix wrong tx channel offset with efx_separate_tx_channels + (jsc#PED-1565). +- sfc: fix considering that all channels have TX queues + (jsc#PED-1565). +- RDMA/mlx4: Avoid flush_scheduled_work() usage (jsc#PED-1547). +- RDMA/qedr: Remove unnecessary synchronize_irq() before + free_irq() (jsc#PED-1529). +- RDMA/siw: Enable siw on tunnel devices (jsc#PED-1503). +- qed: fix typos in comments (jsc#PED-1526). +- net: qed: fix typos in comments (jsc#PED-1526). +- sfc/siena: Remove duplicate check on segments (jsc#PED-1565). +- sfc: siena: Have a unique wrapper ifndef for efx channels header + (jsc#PED-1565). +- net: qede: Remove unnecessary synchronize_irq() before + free_irq() (jsc#PED-1526). +- qed: Remove unnecessary synchronize_irq() before free_irq() + (jsc#PED-1526). +- sfc/siena: Reinstate SRIOV init/fini function calls + (jsc#PED-1565). +- sfc/siena: Make PTP and reset support specific for Siena + (jsc#PED-1565). +- sfc/siena: Make MCDI logging support specific for Siena + (jsc#PED-1565). +- siena: Make HWMON support specific for Siena (jsc#PED-1565). +- siena: Make SRIOV support specific for Siena (jsc#PED-1565). +- siena: Make MTD support specific for Siena (jsc#PED-1565). +- sfc: Add a basic Siena module (jsc#PED-1565). +- sfc/siena: Inline functions in sriov.h to avoid conflicts with + sfc (jsc#PED-1565). +- sfc/siena: Rename functions in nic_common.h to avoid conflicts + with sfc (jsc#PED-1565). +- sfc/siena: Rename functions in mcdi headers to avoid conflicts + with sfc (jsc#PED-1565). +- sfc/siena: Rename peripheral functions to avoid conflicts with + sfc (jsc#PED-1565). +- sfc/siena: Rename RX/TX functions to avoid conflicts with sfc + (jsc#PED-1565). +- sfc/siena: Rename functions in efx headers to avoid conflicts + with sfc (jsc#PED-1565). +- sfc/siena: Remove build references to missing functionality + (jsc#PED-1565). +- sfc: Copy shared files needed for Siena (part 2) (jsc#PED-1565). +- sfc: Copy shared files needed for Siena (part 1) (jsc#PED-1565). +- sfc: Move Siena specific files (jsc#PED-1565). +- net: don't allow user space to lift the device limits + (jsc#PED-1565). +- net: add netif_inherit_tso_max() (jsc#PED-1565). +- sfc: Copy a subset of mcdi_pcol.h to siena (jsc#PED-1565). +- sfc: Disable Siena support (jsc#PED-1565). +- netdev: reshuffle netif_napi_add() APIs to allow dropping weight + (jsc#PED-1565). +- qede: Reduce verbosity of ptp tx timestamp (jsc#PED-1526). +- sfc: add EF100 VF support via a write to sriov_numvfs + (jsc#PED-1565). +- qed: Remove IP services API (jsc#PED-1526). +- sfc: Remove global definition of efx_reset_type_names + (jsc#PED-1565). +- sfc: Remove duplicate definition of efx_xmit_done + (jsc#PED-1565). +- sfc: efx_default_channel_type APIs can be static (jsc#PED-1565). +- sfc: Fix spelling mistake "writting" -> "writing" + (jsc#PED-1565). +- sfc: ef10: Fix assigning negative value to unsigned variable + (jsc#PED-1565). +- sfc: use hardware tx timestamps for more than PTP + (jsc#PED-1565). +- qed: remove an unneed NULL check on list iterator + (jsc#PED-1526). +- sfc: Stop using iommu_present() (jsc#PED-1565). +- net: chelsio: cxgb4: Avoid potential negative array offset + (jsc#PED-1506). +- sfc: Avoid NULL pointer dereference on systems without numa + awareness (jsc#PED-1565). +- RDMA/mlx4: remove redundant assignment to variable nreq + (jsc#PED-1547). +- RDMA/mlx4: Delete useless module.h include (jsc#PED-1547). +- qed: remove unnecessary memset in qed_init_fw_funcs + (jsc#PED-1526). +- net/mlx4_en: use kzalloc (jsc#PED-1548). +- net/mlx4: Delete useless moduleparam include (jsc#PED-1548). +- e1000e: Print PHY register address when MDI read/write fails + (jsc#PED-837). +- sfc: set affinity hints in local NUMA node only (jsc#PED-1565). +- sfc: default config to 1 channel/core in local NUMA node only + (jsc#PED-1565). +- qed: prevent a fw assert during device shutdown (jsc#PED-1526). +- sfc: The size of the RX recycle ring should be more flexible + (jsc#PED-1565). +- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() + for udelay (jsc#PED-1526). +- e1000e: Remove useless DMA-32 fallback configuration + (jsc#PED-837). +- sfc: extend the locking on mcdi->seqno (jsc#PED-1565). +- ethernet: broadcom/sb1250-mac: don't write directly to + netdev->dev_addr (jsc#PED-1565). +- amd: declance: use eth_hw_addr_set() (jsc#PED-1565). +- sysctl: move some boundary constants from sysctl.c to + sysctl_vals (jsc#PED-1506). +- RDMA/siw: make use of the helper function kthread_run_on_cpu() + (jsc#PED-1503). +- kthread: add the helper function kthread_run_on_cpu() + (jsc#PED-1503). +- RDMA/mad: Delete duplicated init_query_mad functions + (jsc#PED-1547). +- iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl + (jsc#PED-1508). +- RDMA/siw: Use max() instead of doing it manually (jsc#PED-1503). +- RDMA/mlx4: Use bitmap_alloc() when applicable (jsc#PED-1547). +- RDMA/siw: Use helper function to set sys_image_guid + (jsc#PED-1503). +- RDMA/cxgb4: Use non-atomic bitmap functions when possible + (jsc#PED-1508). +- RDMA/cxgb4: Use bitmap_set() when applicable (jsc#PED-1508). +- RDMA/cxgb4: Use bitmap_zalloc() when applicable (jsc#PED-1508). +- RDMA/cxgb4: Use helper function to set GUIDs (jsc#PED-1508). +- net/mlx4: Use irq_update_affinity_hint() (jsc#PED-1548). +- cxgb4vf: Remove useless DMA-32 fallback configuration + (jsc#PED-1506). +- cxgb4: Remove useless DMA-32 fallback configuration + (jsc#PED-1506). +- gro: add ability to control gro max packet size (jsc#PED-1565). +- qed: Use dma_set_mask_and_coherent() and simplify code + (jsc#PED-1526). +- net: Don't include filter.h from net/sock.h (jsc#PED-1548). +- net: linkwatch: add net device refcount tracker (jsc#PED-1565). +- lib: add reference counting tracking infrastructure + (jsc#PED-1565). +- qed*: esl priv flag support through ethtool (jsc#PED-1526). +- qed*: enhance tx timeout debug info (jsc#PED-1526). +- qed: Enhance rammod debug prints to provide pretty details + (jsc#PED-1526). +- cxgb4: allow reading unrecognized port module eeprom + (jsc#PED-1506). +- qed: Use the bitmap API to simplify some functions + (jsc#PED-1526). +- net: annotate accesses to dev->gso_max_size (jsc#PED-1565). +- dev_addr: add a modification check (jsc#PED-1565). +- net: unexport dev_addr_init() & dev_addr_flush() (jsc#PED-1565). +- net: constify netdev->dev_addr (jsc#PED-1565). +- cxgb4: Use struct_group() for memcpy() region (jsc#PED-1506). +- smc9194: use eth_hw_addr_set() (jsc#PED-1565). +- amd: a2065/ariadne: use eth_hw_addr_set() (jsc#PED-1565). +- amd: ni65: use eth_hw_addr_set() (jsc#PED-1565). +- amd: lance: use eth_hw_addr_set() (jsc#PED-1565). +- ipw2200: constify address in ipw_send_adapter_address + (jsc#PED-1565). +- mlxsw: constify address in mlxsw_sp_port_dev_addr_set + (jsc#PED-1565). +- net: gro: populate net/core/gro.c (jsc#PED-1565). +- net: gro: move skb_gro_receive into net/core/gro.c + (jsc#PED-1565). +- net: gro: move skb_gro_receive_list to udp_offload.c + (jsc#PED-1565). +- tools: sync uapi/linux/if_link.h header (jsc#PED-1565). +- r8169: fix incorrect mac address assignment (jsc#PED-1565). +- staging: use eth_hw_addr_set() in orphan drivers (jsc#PED-1565). +- staging: rtl: use eth_hw_addr_set() (jsc#PED-1565). +- staging: unisys: use eth_hw_addr_set() (jsc#PED-1565). +- staging: rtl8712: prepare for const netdev->dev_addr + (jsc#PED-1565). +- staging: qlge: use eth_hw_addr_set() (jsc#PED-1565). +- staging: use eth_hw_addr_set() for dev->addr_len cases + (jsc#PED-1565). +- staging: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- staging: use eth_hw_addr_set() (jsc#PED-1565). +- RDMA/qed: Use helper function to set GUIDs (jsc#PED-1526). +- net: sgi-xp: use eth_hw_addr_set() (jsc#PED-1565). +- net: virtio: use eth_hw_addr_set() (jsc#PED-1565). +- mpt fusion: use dev_addr_set() (jsc#PED-1565). +- media: use eth_hw_addr_set() (jsc#PED-1565). +- net: thunderbolt: use eth_hw_addr_set() (jsc#PED-1565). +- staging: use of_get_ethdev_address() (jsc#PED-1565). +- net/mlx5e: don't write directly to netdev->dev_addr + (jsc#PED-1565). +- bluetooth: use dev_addr_set() (jsc#PED-1565). +- bluetooth: use eth_hw_addr_set() (jsc#PED-1565). +- fddi: defza: add missing pointer type cast (jsc#PED-1565). +- usbb: catc: use correct API for MAC addresses (jsc#PED-1565). +- net: atm: use address setting helpers (jsc#PED-1565). +- net: drivers: get ready for const netdev->dev_addr + (jsc#PED-1565). +- net: caif: get ready for const netdev->dev_addr (jsc#PED-1565). +- net: hsr: get ready for const netdev->dev_addr (jsc#PED-1565). +- net: bonding: constify and use dev_addr_set() (jsc#PED-1565). +- net: rtnetlink: use __dev_addr_set() (jsc#PED-1565). +- net: core: constify mac addrs in selftests (jsc#PED-1565). +- zd1201: use eth_hw_addr_set() (jsc#PED-1565). +- wl3501_cs: use eth_hw_addr_set() (jsc#PED-1565). +- ray_cs: use eth_hw_addr_set() (jsc#PED-1565). +- wilc1000: use eth_hw_addr_set() (jsc#PED-1565). +- hostap: use eth_hw_addr_set() (jsc#PED-1565). +- ipw2200: prepare for const netdev->dev_addr (jsc#PED-1565). +- airo: use eth_hw_addr_set() (jsc#PED-1565). +- brcmfmac: prepare for const netdev->dev_addr (jsc#PED-1565). +- atmel: use eth_hw_addr_set() (jsc#PED-1565). +- wil6210: use eth_hw_addr_set() (jsc#PED-1565). +- ath6kl: use eth_hw_addr_set() (jsc#PED-1565). +- wireless: use eth_hw_addr_set() for dev->addr_len cases + (jsc#PED-1565). +- wireless: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- wireless: use eth_hw_addr_set() (jsc#PED-1565). +- cfg80211: prepare for const netdev->dev_addr (jsc#PED-1565). +- mac80211: use eth_hw_addr_set() (jsc#PED-1565). +- wireless: mac80211_hwsim: use eth_hw_addr_set() (jsc#PED-1565). +- net: sb1000,rionet: use eth_hw_addr_set() (jsc#PED-1565). +- net: plip: use eth_hw_addr_set() (jsc#PED-1565). +- net: fjes: constify and use eth_hw_addr_set() (jsc#PED-1565). +- fddi: skfp: constify and use dev_addr_set() (jsc#PED-1565). +- fddi: defxx,defza: use dev_addr_set() (jsc#PED-1565). +- net: usb: don't write directly to netdev->dev_addr + (jsc#PED-1565). +- net: qmi_wwan: use dev_addr_mod() (jsc#PED-1565). +- usb: smsc: use eth_hw_addr_set() (jsc#PED-1565). +- net: xen: use eth_hw_addr_set() (jsc#PED-1565). +- batman-adv: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- mac802154: use dev_addr_set() - manual (jsc#PED-1565). +- mac802154: use dev_addr_set() (jsc#PED-1565). +- batman-adv: prepare for const netdev->dev_addr (jsc#PED-1565). +- ethernet: tlan: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: tehuti: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: stmmac: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: mlxsw: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: prestera: use eth_hw_addr_gen() (jsc#PED-1565). +- ethernet: add a helper for assigning port addresses + (jsc#PED-1565). +- ethernet: smsc: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: smc91x: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: sis190: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: rocker: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: r8169: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: netxen: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: sky2/skge: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: mv643xx: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: use eth_hw_addr_set() in unmaintained drivers + (jsc#PED-1565). +- ethernet: ixgb: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: enic: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: bcmgenet: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: aquantia: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: amd: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: alteon: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: adaptec: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: remove random_ether_addr() (jsc#PED-1565). +- ethernet: replace netdev->dev_addr 16bit writes (jsc#PED-1565). +- ethernet: replace netdev->dev_addr assignment loops + (jsc#PED-1565). +- ethernet: manually convert memcpy(dev_addr,..., sizeof(addr)) + (jsc#PED-1565). +- ethernet: make use of eth_hw_addr_random() where appropriate + (jsc#PED-1565). +- ethernet: make eth_hw_addr_random() use dev_addr_set() + (jsc#PED-1565). +- net: remove single-byte netdev->dev_addr writes (jsc#PED-1565). +- ip: use dev_addr_set() in tunnels (jsc#PED-1565). +- hamradio: use dev_addr_set() for setting device address + (jsc#PED-1565). +- netdevice: demote the type of some dev_addr_set() helpers + (jsc#PED-1565). +- ipv6: constify dev_addr passing (jsc#PED-1565). +- llc/snap: constify dev_addr passing (jsc#PED-1565). +- ethernet: tulip: avoid duplicate variable name on sparc + (jsc#PED-1565). +- tulip: fix setting device address from rom (jsc#PED-1565). +- ethernet: sun: add missing semicolon, fix build (jsc#PED-1565). +- net: use dev_addr_set() (jsc#PED-1565). +- ethernet: sun: remove direct netdev->dev_addr writes + (jsc#PED-1565). +- ethernet: tulip: remove direct netdev->dev_addr writes + (jsc#PED-1565). +- ethernet: forcedeth: remove direct netdev->dev_addr writes + (jsc#PED-1565). +- ethernet: use platform_get_ethdev_address() (jsc#PED-1565). +- eth: platform: add a helper for loading netdev->dev_addr + (jsc#PED-1565). +- ethernet: use device_get_ethdev_address() (jsc#PED-1565). +- eth: fwnode: add a helper for loading netdev->dev_addr + (jsc#PED-1565). +- eth: fwnode: remove the addr len from mac helpers + (jsc#PED-1565). +- eth: fwnode: change the return type of mac address helpers + (jsc#PED-1565). +- ethernet: use of_get_ethdev_address() (jsc#PED-1565). +- of: net: add a helper for loading netdev->dev_addr + (jsc#PED-1565). +- net: usb: use eth_hw_addr_set() for dev->addr_len cases + (jsc#PED-1565). +- ethernet: use eth_hw_addr_set() - casts (jsc#PED-1565). +- fddi: use eth_hw_addr_set() (jsc#PED-1565). +- ethernet: s2io: use eth_hw_addr_set() (jsc#PED-1565). +- net: usb: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- net: use eth_hw_addr_set() instead of ether_addr_copy() + (jsc#PED-1565). +- net: usb: use eth_hw_addr_set() (jsc#PED-1565). +- net:dev: Change napi_gro_complete return type to void + (jsc#PED-1565). +- string.h: Introduce memset_startat() for wiping trailing + members and padding (jsc#PED-1508). +- string.h: Introduce memset_after() for wiping trailing + members/padding (jsc#PED-1508). +- lib: Introduce CONFIG_MEMCPY_KUNIT_TEST (jsc#PED-1508). +- skb_expand_head() adjust skb->truesize incorrectly + (jsc#PED-1565). +- etherdevice: use __dev_addr_set() (jsc#PED-1565). +- net: dev_addr_list: handle first address in __hw_addr_add_ex + (jsc#PED-1565). +- cxgb4: Use pci_vpd_find_id_string() to find VPD ID string + (jsc#PED-1506). +- PCI/VPD: Add pci_vpd_find_id_string() (jsc#PED-1506). +- PCI/VPD: Include post-processing in pci_vpd_find_tag() + (jsc#PED-1506). +- PCI/VPD: Stop exporting pci_vpd_find_info_keyword() + (jsc#PED-1506). +- PCI/VPD: Stop exporting pci_vpd_find_tag() (jsc#PED-1506). +- scsi: cxlflash: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1506). +- sfc: falcon: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1565). +- sfc: falcon: Read VPD with pci_vpd_alloc() (jsc#PED-1565). +- sfc: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1565). +- sfc: Read VPD with pci_vpd_alloc() (jsc#PED-1565). +- net-next: When a bond have a massive amount of VLANs with + IPv6 addresses, performance of changing link state, attaching + a VRF, changing an IPv6 address, etc. go down dramtically + (jsc#PED-1565). +- net: fix GRO skb truesize update (jsc#PED-1565). +- net: add netif_set_real_num_queues() for device reconfig + (jsc#PED-1565). +- net: add extack arg for link ops (jsc#PED-1565). +- move netdev_boot_setup into Space.c (jsc#PED-1565). +- drivers/net/usb: Remove all strcpy() uses (jsc#PED-1565). +- skbuff: introduce skb_expand_head() (jsc#PED-1565). +- sk_buff: avoid potentially clearing 'slow_gro' field + (jsc#PED-1565). +- skbuff: allow 'slow_gro' for skb carring sock reference + (jsc#PED-1565). +- net: optimize GRO for the common case (jsc#PED-1565). +- sk_buff: track extension status in slow_gro (jsc#PED-1565). +- sk_buff: track dst status in slow_gro (jsc#PED-1565). +- sk_buff: introduce 'slow_gro' flags (jsc#PED-1565). +- commit 407836b + +- ACPI: scan: Introduce acpi_fetch_acpi_dev() (jsc#PED-531). +- commit b412683 + +- usb: xhci-mtk: Use struct_size() helper in create_sch_ep() + (jsc#PED-531). +- commit 9da5b62 + +- usb: host: xhci-plat: Remove useless DMA-32 fallback + configuration (jsc#PED-531). +- commit ece14b2 + +- PM: sleep: Add device name to suspend_report_result() + (jsc#PED-531). +- commit 7dc852b + +- USB: core: Update kerneldoc for usb_get_dev() and usb_get_intf() + (jsc#PED-531). +- commit fb5f494 + +- usb: remove Link Powermanagement (LPM) disable before port reset + (jsc#PED-531). +- commit 4ce8161 + +- USB: usbfs: Use a spinlock instead of atomic accesses to tally + used memory (jsc#PED-531). +- commit a94fca8 + +- USB: ACPI: Replace acpi_bus_get_device() (jsc#PED-531). +- commit 37182c2 + +- usb: core: Bail out when port is stuck in reset loop + (jsc#PED-531). +- commit 656550a + +- usb: common: usb-conn-gpio: Make VBUS supply completely optional + (jsc#PED-531). +- commit fa1ce11 + +- usb: ulpi: Add debugfs support (jsc#PED-531). +- commit d397b49 + +- component: Add common helper for compare/release functions + (jsc#PED-531). +- commit 2986bd9 + +- acpi: Export acpi_bus_type (jsc#PED-531). +- commit 7c22384 + +- component: Replace most references to 'master' with 'aggregate + device' (jsc#PED-531). +- commit 9131eb9 + +- drivers/base/component.c: remove superfluous header files from + component.c (jsc#PED-531). +- commit ab1424f + +- blacklist.conf: remove kABI entries for SP5 + SP5 may break the kABI. Hence the patches that did not go + into SP4 for kABI reasons should go into SP5, unless other reasons + for blocking them exist. Removing the entries to trigger + a reevaluation +- commit 8607b86 + +- acpi: Store CRC-32 hash of the _PLD in struct acpi_device + (jsc#PED-531). +- commit 817d17e + +- usb: typec: port-mapper: Convert to the component framework + (jsc#PED-531). +- Refresh patches.suse/typeC-Add-kABI-placeholders.patch. +- commit ee7ecd6 + +- usb: typec: ucsi: Expose number of alternate modes in partner + (jsc#PED-531). +- commit 2bab2dd + +- usb: typec: tipd: Fix initialization sequence for cd321x + (jsc#PED-531). +- commit c7460c1 + +- usb: typec: tipd: Fix typo in cd321x_switch_power_state + (jsc#PED-531). +- commit 11f03ee + +- usb: typec: tipd: Enable event interrupts by default + (jsc#PED-531). +- commit cba4c03 + +- usb: typec: tipd: Remove FIXME about testing with I2C_FUNC_I2C + (jsc#PED-531). +- commit a81811f + +- usb: typec: tipd: Switch CD321X power state to S0 (jsc#PED-531). +- commit 2cbb386 + +- usb: typec: tipd: Add support for Apple CD321X (jsc#PED-531). +- commit 31d2bf2 + +- usb: typec: tipd: Add short-circuit for no irqs (jsc#PED-531). +- commit e9cc528 + +- usb: typec: tipd: Split interrupt handler (jsc#PED-531). +- commit 5143aea + +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. + Added missing chenge from merge commit (bsc#1203479) +- commit 2a4b363 + +- powerpc/doc: Fix htmldocs errors (git-fixes). +- commit c32a50b + +- efi: do not automatically generate secret key (jsc#PED-1444). +- commit 4a26ca3 + +- dmaengine: idxd: fix retry value to be constant for duration + of function call (git-fixes). +- dmaengine: idxd: match type for retries var in idxd_enqcmds() + (git-fixes). +- commit ad373ba + +- dmaengine: idxd: change MSIX allocation based on per wq + activation (jsc#PED-664). +- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664). +- dmaengine: idxd: embed irq_entry in idxd_wq struct + (jsc#PED-664). +- commit d9570b4 + +- Update patch referece for IDXD fix (jsc#PED-729) +- commit 0666616 + +- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755). +- commit b9e7fd2 + +- dmaengine: idxd: update IAA definitions for user header + (jsc#PED-763). +- commit 966fd07 + +- dmaengine: idxd: handle interrupt handle revoked event + (jsc#PED-682). +- Refresh + patches.suse/dmaengine-idxd-set-defaults-for-wq-configs.patch. +- commit b8b62ed + +- dmaengine: idxd: handle invalid interrupt handle descriptors + (jsc#PED-682). +- commit 4d43b5f + +- dmaengine: idxd: create locked version of idxd_quiesce() call + (jsc#PED-682). +- commit 84c33cd + +- dmaengine: idxd: add helper for per interrupt handle drain + (jsc#PED-682). +- commit 7f570d2 + +- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682). +- commit c11ff86 + +- dmaengine: idxd: int handle management refactoring + (jsc#PED-682). +- commit a2ea081 + +- dmaengine: idxd: rework descriptor free path on failure + (jsc#PED-682). +- commit 10afe67 + +- dmaengine: idxd: set defaults for wq configs (jsc#PED-688). +- Refresh + patches.suse/dmaengine-idxd-fix-wq-settings-post-wq-disable.patch. +- commit d90c3a3 + +- PCI: Disable MSI for Tegra234 Root Ports (git-fixes). +- PCI: Correct misspelled words (git-fixes). +- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes). +- commit 2fdd511 + +- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited + (jsc#PED-387). +- commit 7d30fcd + +- net: dsa: mt7530: 1G can also support 1000BASE-X link mode + (git-fixes). +- commit cdb75aa + +- igb: skip phy status check where unavailable (git-fixes). +- commit a3b27da + +- ice: fix possible under reporting of ethtool Tx and Rx + statistics (git-fixes). +- commit c2f52c2 + +- ice: fix crash when writing timestamp on RX rings (git-fixes). +- commit fb0a1aa + +- net/mlx5: Drain fw_reset when removing device (git-fixes). +- commit 97a86a6 + +- net/mlx5e: Remove HW-GRO from reported features (git-fixes). +- commit 4a77968 + +- net/mlx5e: Properly block HW GRO when XDP is enabled + (git-fixes). +- commit f953f8f + +- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes). +- commit 6b1fa7c + +- net/mlx5e: Block rx-gro-hw feature in switchdev mode + (git-fixes). +- commit a1cfc32 + +- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes). +- commit 52c2fa5 + +- net: systemport: Fix an error handling path in + bcm_sysport_probe() (git-fixes). +- commit b45f6dc + +- net: macb: Increment rx bd head after allocating skb and buffer + (git-fixes). +- commit 41b13b2 + +- net: ipa: get rid of a duplicate initialization (git-fixes). +- commit a69d7cd + +- net: ipa: record proper RX transaction count (git-fixes). +- commit 0de4988 + +- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() + (git-fixes). +- commit cf3c3f2 + +- net: ethernet: mediatek: ppe: fix wrong size passed to memset() + (git-fixes). +- commit f134be1 + +- ice: Fix race during aux device (un)plugging (git-fixes). +- commit 4278261 + +- net: mscc: ocelot: avoid corrupting hardware counters when + moving VCAP filters (git-fixes). +- commit ca8eb08 + +- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 + (git-fixes). +- commit d224ca3 + +- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups + (git-fixes). +- commit 95340f0 + +- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in + hardware when deleted (git-fixes). +- commit bda7960 + +- net: emaclite: Add error handling for of_address_to_resource() + (git-fixes). +- commit a361614 + +- net: cpsw: add missing of_node_put() in cpsw_probe_dt() + (git-fixes). +- commit 014fc77 + +- net: stmmac: dwmac-sun8i: add missing of_node_put() in + sun8i_dwmac_register_mdio_mux() (git-fixes). +- commit 72dc370 + +- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() + (git-fixes). +- commit 1fa6443 + +- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller + (git-fixes). +- commit f4b10fd + +- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() + (git-fixes). +- commit 6d689b8 + +- net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK + (git-fixes). +- commit cda6d8f + +- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for + port_base_addr (git-fixes). +- commit fc0f29e + +- net: bcmgenet: hide status block before TX timestamping + (git-fixes). +- commit 7471b10 + +- net: stmmac: Use readl_poll_timeout_atomic() in atomic state + (git-fixes). +- commit 77bb15d + +- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes). +- commit 9360c59 + +- net: bcmgenet: Revert "Use stronger register read/writes to + assure ordering" (git-fixes). +- commit 2e1c776 + +- net: ftgmac100: access hardware register after clock ready + (git-fixes). +- commit 6f339f4 + +- s390/boot: fix absolute zero lowcore corruption on boot + (git-fixes). +- commit 673e9bc + +- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904). +- commit 04343f5 + +- Update patches.suse/SUNRPC-Prevent-immediate-close-reconnect.patch + (git-fixes, bsc#1203338). +- commit 1a26f26 + +- net: ethernet: stmmac: fix altr_tse_pcs function when using + a fixed-link (git-fixes). +- commit 6e948de + +- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes). +- commit 6052c6d + +- mlxsw: i2c: Fix initialization error flow (git-fixes). +- commit b1671b5 + +- net: ethernet: mv643xx: Fix over zealous checking + of_get_mac_address() (git-fixes). +- commit d6232d0 + +- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg + (git-fixes). +- commit 5811714 + +- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes). +- commit 20972b2 + +- net: stmmac: Fix unset max_speed difference between DT and + non-DT platforms (git-fixes). +- commit 21d6298 + +- vrf: fix packet sniffing for traffic originating from ip tunnels + (git-fixes). +- commit 656f34a + +- net: hns3: fix the concurrency between functions reading debugfs + (git-fixes). +- commit b62a96b + +- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes). +- commit 91c7940 + +- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list + iterator (git-fixes). +- commit 587d5e0 + +- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes). +- commit e5cbf9e + +- blacklist.conf: update blacklist +- commit b64ff66 + +- usb: typec: ucsi: Better fix for missing unplug events issue + (jsc#PED-531). +- commit 23c30d4 + +- usb: typec: ucsi: Read the PDOs in separate work (jsc#PED-531). +- commit 120360c + +- usb: typec: ucsi: Check the partner alt modes always if there + is PD contract (jsc#PED-531). +- commit 109aef2 + +- usb: typec: ucsi: acpi: Reduce the command completion timeout + (jsc#PED-531). +- commit 6c0912c + +- usb: typec: ucsi: Add polling mechanism for partner tasks like + alt mode checking (jsc#PED-531). +- commit 9e46ec7 + +- usb: typec: tcpci: Fix spelling mistake "resolbed" -> "resolved" + (jsc#PED-531). +- commit fbac539 + +- usb: typec: tipd: Add an additional overflow check (git-fixes). +- commit b1f97fa + +- usb: typec: tipd: Don't read/write more bytes than required + (git-fixes). +- commit e669366 + +- Update patch references for ALSA fixes (jsc#PED-652 jsc#PED-720) +- commit 3c5b516 + +- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720). +- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720). +- commit 012fcdf + +- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs + (jsc#PED-720). +- commit ae48fdf + +- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652). +- commit c23d1e1 + +- ALSA: control: Use deferred fasync helper (git-fixes). +- ALSA: timer: Use deferred fasync helper (git-fixes). +- ALSA: core: Add async signal helpers (git-fixes). +- ALSA: jack: Access input_dev under mutex (git-fixes). +- commit d1a09af + +- Enable the build of nvidia-wmi-ec-backlight module (jsc#PED-1164) +- commit f9ebde3 + +- platform/x86: Rename wmaa-backlight-wmi to + nvidia-wmi-ec-backlight (jsc#PED-1164). +- platform/x86: Remove "WMAA" from identifier names in + wmaa-backlight-wmi.c (jsc#PED-1164). +- platform/x86: Add driver for ACPI WMAA EC-based backlight + control (jsc#PED-1164). +- commit 1975b25 + +- blacklist.conf: Drop kABI-related ALSA entries from SP4 +- commit cb39f3b + +- usb: Link the ports to the connectors they are attached to + (jsc#PED-531). +- commit fe04d18 + +- usb: core: Export usb_device_match_id (jsc#PED-531). +- commit aa72be2 + +- usb: hub: make wait_for_connected() take an int instead of a + pointer to int (jsc#PED-531). +- commit d7280d6 + +- usb: chipidea: tegra: Add runtime PM and OPP support + (jsc#PED-531). +- commit 3f3ba93 + +- soc/tegra: Add devm_tegra_core_dev_init_opp_table_common() + (jsc#PED-531). +- commit 7ad426c + +- Update DRM UDL patches from upstreamed patches (bsc#1195917) + Dropped: + patches.suse/0001-drm-udl-Restore-display-mode-on-resume.patch +- commit eab8d35 + +- ice: Allow operation with reduced device MSI-X (bsc#1201987). +- commit adb8f10 + +- powerpc/pseries/vas: Use QoS credits from the userspace + (jsc#PED-542). +- powerpc/pseries/vas: Add VAS migration handler (jsc#PED-542). +- Refresh patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch +- Refresh patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch +- powerpc/pseries/vas: Modify reconfig open/close functions for + migration (jsc#PED-542). +- powerpc/pseries/vas: Define global hv_cop_caps struct + (jsc#PED-542). +- powerpc/pseries/vas: Add 'update_total_credits' entry for QoS + capabilities (jsc#PED-542). +- powerpc/pseries/vas: sysfs interface to export capabilities + (jsc#PED-542). +- powerpc/pseries/vas: Reopen windows with DLPAR core add + (jsc#PED-542). +- powerpc/pseries/vas: Close windows with DLPAR core removal + (jsc#PED-542). +- powerpc/vas: Map paste address only if window is active + (jsc#PED-542). +- powerpc/vas: Return paste instruction failure if no active + window (jsc#PED-542). +- powerpc/vas: Add paste address mmap fault handler (jsc#PED-542). +- powerpc/pseries/vas: Save PID in pseries_vas_window struct + (jsc#PED-542). +- powerpc/pseries/vas: Use common names in VAS capability + structure (jsc#PED-542). +- commit b24c3ed + +- watchdog/pseries-wdt: initial support for H_WATCHDOG-based + watchdog timers (jsc#PED-549). +- Update config files. +- supported.conf: Add pseries-wdt +- powerpc/pseries: register pseries-wdt device with platform bus + (jsc#PED-549). +- powerpc/pseries: add FW_FEATURE_WATCHDOG flag (jsc#PED-549). +- powerpc/pseries: hvcall.h: add H_WATCHDOG opcode, H_NOOP return + code (jsc#PED-549). +- powerpc/pseries: Fix numa FORM2 parsing fallback code + (jsc#PED-551). +- powerpc/pseries: rename numa_dist_table to form2_distances + (jsc#PED-551). +- powerpc/pseries: Add support for FORM2 associativity + (jsc#PED-551). +- Refresh patches.suse/powerpc-pseries-Interface-to-represent-PAPR-firmware.patch +- powerpc/pseries: Add a helper for form1 cpu distance + (jsc#PED-551). +- powerpc/pseries: Consolidate different NUMA distance update + code paths (jsc#PED-551). +- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch +- commit 1708bfe + +- usb: hub: avoid warm port reset during USB3 disconnect + (git-fixes). +- commit 8af7b8e + +- usb: core: hcd: change sizeof(vaddr) to sizeof(unsigned long) + (jsc#PED-531). +- commit 1523b0b + +- scsi: ipr: Fix missing/incorrect resource cleanup in error case + (jsc#PED-548). +- scsi: ipr: Use kobj_to_dev() (jsc#PED-548). +- scsi: ipr: Directly return instead of using local ret variable + (jsc#PED-548). +- commit 1d92f11 + +- usb: core: Fix file path that does not exist (jsc#PED-531). +- commit f9f0a5e + +- USB: common: debug: add needed kernel.h include (jsc#PED-531). +- commit 944eff7 + +- xhci: use max() to make code cleaner (jsc#PED-531). +- commit a9fbbb5 + +- usb: xhci-mtk: fix random remote wakeup (jsc#PED-531). +- commit 6629649 + +- usb: xhci-mtk: remove unnecessary error check (jsc#PED-531). +- commit b17a19c + +- usb: xhci-mtk: fix list_del warning when enable list debug + (jsc#PED-531). +- commit 90a533c + +- usb: xhci-mtk: enable wake-up interrupt after runtime_suspend + called (jsc#PED-531). +- commit 293016f + +- PM / wakeirq: support enabling wake-up irq after runtime_suspend + called (jsc#PED-531). +- commit c727a40 + +- usb: xhci: Use to_pci_driver() instead of pci_dev->driver + (jsc#PED-531). +- commit 541116e + +- usb: core: config: Change sizeof(struct ...) to + sizeof(*...) (jsc#PED-531). +- commit 249a144 + +- usb: core: hcd: fix messages in usb_hcd_request_irqs() + (jsc#PED-531). +- commit 6d29347 + +- usb: core: hcd: Modularize HCD stop configuration in + usb_stop_hcd() (jsc#PED-531). +- commit dfccab2 + +- usb: xhci-mtk: use xhci_dbg() to print log (jsc#PED-531). +- commit e7dd0f8 + +- usb: xhci-mtk: allow bandwidth table rollover (jsc#PED-531). +- commit 11e08d1 + +- usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint + (jsc#PED-531). +- commit 8d6c90e + +- usb: xhci-mtk: modify the SOF/ITP interval for mt8195 + (jsc#PED-531). +- commit da8bc69 + +- usb: xhci-mtk: add a member of num_esit (jsc#PED-531). +- commit 4745d08 + +- usb: xhci-mtk: check boundary before check tt (jsc#PED-531). +- commit 5bf9b17 + +- usb: xhci-mtk: update fs bus bandwidth by bw_budget_table + (jsc#PED-531). +- commit 2035273 + +- usb: xhci-mtk: support option to disable usb2 ports + (jsc#PED-531). +- commit 21ff31f + +- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes) +- commit 49a8536 + +- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes) +- commit 8e1f358 + +- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes) + Enable this errata fix configuration option to arm64/default. +- commit c8ec028 + +- Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes) +- commit 3916261 + +- arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes) +- commit 0ad904d + +- tty: drop put_tty_driver (jsc#PED-531). +- Refresh + patches.suse/ipack-ipoctal-fix-stack-information-leak.patch. +- commit 512f7d8 + +- tracing: hold caller_addr to hardirq_{enable,disable}_ip + (git-fixes). +- commit ec23c84 + +- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline + when ftrace is dead (git-fixes). +- commit 4b6dc41 + +- usb: renesas-xhci: Remove renesas_xhci_pci_exit() (jsc#PED-531). +- commit 5a90fd4 + +- btrfs: fix space cache corruption and potential double + allocations (bsc#1203361). +- commit 0479f45 + +- btrfs: fix relocation crash due to premature return from + btrfs_commit_transaction() (bsc#1203360). +- commit 5ceb88f + +- usb: xhci-renesas: Minor coding style cleanup (jsc#PED-531). +- commit 229132e + +- KVM: x86: do not report a vCPU as preempted outside instruction + boundaries (bsc#1203066 CVE-2022-39189). +- commit c89b7e4 + +- blacklist.conf: add 3 commits for git-fixes not needed +- commit 6f1ca85 + +- netfilter: nf_tables: do not allow RULE_ID to refer to another + chain (CVE-2022-2586 bsc#1202095). +- netfilter: nf_tables: do not allow CHAIN_ID to refer to another + table (CVE-2022-2586 bsc#1202095). +- netfilter: nf_tables: do not allow SET_ID to refer to another + table (CVE-2022-2586 bsc#1202095). +- commit 42bb8dc + +- Update + patches.suse/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch + references (add CVE-2020-16119 bsc#1177471). +- commit 7d3c30f + +- Update message from free_area_init (bsc#1203101) + Refreshed: + patches.suse/0002-mm-handle-uninitialized-numa-nodes-gracefully.patch +- commit 58d8d59 + +- blacklist.conf: unwanted s390 commits +- commit 7773032 + +- watchdog: wdat_wdt: Set the min and max timeout values properly + (bsc#1194023). +- commit d609cb4 + +- kbuild: disable header exports for UML in a straightforward way + (git-fixes). +- docs: i2c: i2c-topology: fix incorrect heading (git-fixes). +- commit 96f4a7a + +- hwmon: (mr75203) enable polling for all VM channels (git-fixes). +- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes). +- hwmon: (mr75203) fix voltage equation for negative source input + (git-fixes). +- hwmon: (mr75203) update pvt->v_num and vm_num to the actual + number of used sensors (git-fixes). +- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map" + not defined (git-fixes). +- dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to + be optional (git-fixes). +- hwmon: (tps23861) fix byte order in resistance register + (git-fixes). +- commit 4be15df + +- ALSA: emu10k1: Fix out of bounds access in + snd_emu10k1_pcm_channel_alloc() (git-fixes). +- ALSA: usb-audio: Fix an out-of-bounds bug in + __snd_usb_parse_audio_interface() (git-fixes). +- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes). +- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes). +- ALSA: aloop: Fix random zeros in capture data when using + jiffies timer (git-fixes). +- commit e787e77 + +- ASoC: qcom: sm8250: add missing module owner (git-fixes). +- ALSA: hda/sigmatel: Fix unused variable warning for beep power + change (git-fixes). +- ALSA: usb-audio: Split endpoint setups for hw_params and prepare + (git-fixes). +- ALSA: usb-audio: Register card again for iface over + delayed_register option (git-fixes). +- ALSA: usb-audio: Inform the delayed registration more properly + (git-fixes). +- commit fdc009b + +- Move upstreamed patches into sorted section +- commit 9769cb9 + +- bnxt_en: add dynamic debug support for HWRM messages + (jsc#PED-1495). +- Refresh + patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch. +- commit 9044955 + +- RDMA: Constify netdev->dev_addr accesses (jsc#PED-1494). +- Refresh + patches.suse/RDMA-bnxt_re-Use-helper-function-to-set-GUIDs.patch. +- commit d62d7be + +- bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback + (jsc#PED-1495). +- bnxt_en: fix NQ resource accounting during vf creation on + 57500 chips (jsc#PED-1495). +- bnxt_en: set missing reload flag in devlink features + (jsc#PED-1495). +- bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP + is not in use (jsc#PED-1495). +- bnxt: Use the bitmap API to allocate bitmaps (jsc#PED-1495). +- bnxt: Fix typo in comments (jsc#PED-1495). +- bnxt_en: Fix bnxt_refclk_read() (jsc#PED-1495). +- bnxt_en: Fix and simplify XDP transmit path (jsc#PED-1495). +- bnxt_en: fix livepatch query (jsc#PED-1495). +- bnxt_en: Fix bnxt_reinit_after_abort() code path (jsc#PED-1495). +- bnxt_en: reclaim max resources if sriov enable fails + (jsc#PED-1495). +- eth: bnxt: make ulp_id unsigned to make GCC 12 happy + (jsc#PED-1495). +- bnxt_en: parse and report result field when NVRAM package + install fails (jsc#PED-1495). +- bnxt_en: Enable packet timestamping for all RX packets + (jsc#PED-1495). +- bnxt_en: Configure ptp filters during bnxt open (jsc#PED-1495). +- bnxt_en: Update firmware interface to 1.10.2.95 (jsc#PED-1495). +- bnxt: XDP multibuffer enablement (jsc#PED-1495). +- bnxt: support transmit and free of aggregation buffers + (jsc#PED-1495). +- bnxt: adding bnxt_xdp_build_skb to build skb from multibuffer + xdp_buff (jsc#PED-1495). +- bnxt: add page_pool support for aggregation ring when using xdp + (jsc#PED-1495). +- bnxt: change receive ring space parameters (jsc#PED-1495). +- bnxt: set xdp_buff pfmemalloc flag if needed (jsc#PED-1495). +- bnxt: adding bnxt_rx_agg_pages_xdp for aggregated xdp + (jsc#PED-1495). +- bnxt: rename bnxt_rx_pages to bnxt_rx_agg_pages_skb + (jsc#PED-1495). +- bnxt: refactor bnxt_rx_pages operate on skb_shared_info + (jsc#PED-1495). +- bnxt: add flag to denote that an xdp program is currently + attached (jsc#PED-1495). +- bnxt: refactor bnxt_rx_xdp to separate + xdp_init_buff/xdp_prepare_buff (jsc#PED-1495). +- bnxt_en: Initiallize bp->ptp_lock first before using it + (jsc#PED-1495). +- devlink: add explicitly locked flavor of the rate node APIs + (jsc#PED-1495). +- bnxt: use the devlink instance lock to protect sriov + (jsc#PED-1495). +- devlink: expose instance locking and add locked port registering + (jsc#PED-1495). +- bnxt: revert hastily merged uAPI aberrations (jsc#PED-1495). +- bnxt_en: add an nvm test for hw diagnose (jsc#PED-1495). +- bnxt_en: implement hw health reporter (jsc#PED-1495). +- bnxt_en: Properly report no pause support on some cards + (jsc#PED-1495). +- bnxt_en: introduce initial link state of unknown (jsc#PED-1495). +- bnxt_en: parse result field when NVRAM package install fails + (jsc#PED-1495). +- bnxt_en: add more error checks to HWRM_NVM_INSTALL_UPDATE + (jsc#PED-1495). +- bnxt_en: refactor error handling of HWRM_NVM_INSTALL_UPDATE + (jsc#PED-1495). +- bnxt: report header-data split state (jsc#PED-1495). +- ethtool: add header/data split indication (jsc#PED-1495). +- bnxt_en: Handle async event when the PHC is updated in RTC mode + (jsc#PED-1495). +- bnxt_en: Implement .adjtime() for PTP RTC mode (jsc#PED-1495). +- bnxt_en: Add driver support to use Real Time Counter for PTP + (jsc#PED-1495). +- bnxt_en: PTP: Refactor PTP initialization functions + (jsc#PED-1495). +- bnxt_en: Update firmware interface to 1.10.2.73 (jsc#PED-1495). +- bpf: introduce BPF_F_XDP_HAS_FRAGS flag in prog_flags loading + the ebpf program (jsc#PED-1495). +- net: xdp: add xdp_update_skb_shared_info utility routine + (jsc#PED-1495). +- xdp: introduce flags field in xdp_buff/xdp_frame (jsc#PED-1495). +- net: skbuff: add size metadata to skb_shared_info for xdp + (jsc#PED-1495). +- RDMA/bnxt_re: Fix endianness warning for req.pkey + (jsc#PED-1494). +- RDMA/bnxt_re: Use bitmap_zalloc() when applicable + (jsc#PED-1494). +- RDMA/bnxt_re: Remove dynamic pkey table (jsc#PED-1494). +- RDMA/bnxt_re: Remove unneeded variable (jsc#PED-1494). +- bnxt_en: improve firmware timeout messaging (jsc#PED-1495). +- bnxt_en: improve VF error messages when PF is unavailable + (jsc#PED-1495). +- bnxt_en: Use page frag RX buffers for better software GRO + performance (jsc#PED-1495). +- bnxt_en: convert to xdp_do_flush (jsc#PED-1495). +- bnxt_en: Support CQE coalescing mode in ethtool (jsc#PED-1495). +- bnxt_en: Support configurable CQE coalescing mode + (jsc#PED-1495). +- bnxt_en: enable interrupt sampling on 5750X for DIM + (jsc#PED-1495). +- bnxt_en: Log error report for dropped doorbell (jsc#PED-1495). +- bnxt_en: Add event handler for PAUSE Storm event (jsc#PED-1495). +- devlink: Add new "event_eq_size" generic device param + (jsc#PED-1495). +- devlink: Add new "io_eq_size" generic device param + (jsc#PED-1495). +- flow_offload: reject to offload tc actions in offload drivers + (jsc#PED-1495). +- devlink: Remove misleading internal_flags from health reporter + dump (jsc#PED-1495). +- devlink: fix flexible_array.cocci warning (jsc#PED-1495). +- ethtool: don't drop the rtnl_lock half way thru the ioctl + (jsc#PED-1495). +- devlink: expose get/put functions (jsc#PED-1495). +- ethtool: handle info/flash data copying outside rtnl_lock + (jsc#PED-1495). +- ethtool: push the rtnl_lock into dev_ethtool() (jsc#PED-1495). +- devlink: make all symbols GPL-only (jsc#PED-1495). +- devlink: Simplify internal devlink params implementation + (jsc#PED-1495). +- devlink: Clean not-executed param notifications (jsc#PED-1495). +- ethtool: ioctl: Use array_size() helper in copy_{from,to}_user() + (jsc#PED-1495). +- ethtool: prevent endless loop if eeprom size is smaller than + announced (jsc#PED-1495). +- ethtool: runtime-resume netdev parent before ethtool ioctl ops + (jsc#PED-1495). +- commit 5128686 + +- s390: fix double free of GS and RI CBs on fork() failure + (bsc#1203197 LTC#199895). +- commit a3c49e0 + +- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock + on resume (git-fixes). +- commit 196b9a7 + +- net: stmmac: dwmac-qcom-ethqos: add platform level clocks + management (git-fixes). +- commit 9419c89 + +- net: axienet: fix RX ring refill allocation failure handling + (git-fixes). +- commit 4644276 + +- bnx2x: fix built-in kernel driver load failure (git-fixes). +- commit 4c90c2b + +- net: stmmac: only enable DMA interrupts when ready (git-fixes). +- commit 8b7732b + +- net: stmmac: perserve TX and RX coalesce value during XDP setup + (git-fixes). +- commit 7ef4525 + +- net: stmmac: enhance XDP ZC driver level switching performance + (git-fixes). +- commit 0b61dc1 + +- bnx2x: fix driver load from initrd (git-fixes). +- commit 922bb4e + +- Update metadata references +- commit b8d9524 + +- regulator: core: Clean up on enable failure (git-fixes). +- wifi: iwlegacy: 4965: corrected fix for potential off-by-one + overflow in il4965_rs_fill_link_cmd() (git-fixes). +- vt: Clear selection before changing the font (git-fixes). +- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes). +- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage + switch failure (git-fixes). +- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes). +- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk + (git-fixes). +- USB: serial: cp210x: add Decagon UCA device id (git-fixes). +- USB: serial: option: add support for Cinterion MV32-WA/WB + RmNet mode (git-fixes). +- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id + (git-fixes). +- USB: serial: option: add Quectel EM060K modem (git-fixes). +- USB: serial: option: add support for OPPO R11 diag port + (git-fixes). +- media: mceusb: Use new usb_control_msg_*() routines (git-fixes). +- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020) + (git-fixes). +- usb: xhci-mtk: relax TT periodic bandwidth allocation + (git-fixes). +- usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes). +- usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake + IOM device (git-fixes). +- usb-storage: Add ignore-residue quirk for NXP PN7462AU + (git-fixes). +- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes). +- clk: bcm: rpi: Use correct order for the parameters of + devm_kcalloc() (git-fixes). +- commit 8d6d69c + +- bnx2x: Fix comment typo (jsc#PED-535). +- cnic: Use the bitmap API to allocate bitmaps (jsc#PED-1516). +- bnx2x: Fix spelling mistake "regiser" -> "register" + (jsc#PED-535). +- bnx2x: Fix undefined behavior due to shift overflowing the + constant (jsc#PED-535). +- bnx2x: truncate value to original sizing (jsc#PED-535). +- bnx2x: use correct format characters (jsc#PED-535). +- bnx2x: Replace one-element array with flexible-array member + (jsc#PED-535). +- bnx2x: fix built-in kernel driver load failure (jsc#PED-535). +- bnx2: Fix an error message (jsc#PED-1187). +- bnx2x: fix driver load from initrd (jsc#PED-535). +- bnx2x: Remove useless DMA-32 fallback configuration + (jsc#PED-535). +- bna: Simplify DMA setting (jsc#PED-1521). +- net: bna: Update supported link modes (jsc#PED-1521). +- bnx2x: constify static inline stub for dev_addr (jsc#PED-535). +- bnx2x: Use struct_group() for memcpy() region (jsc#PED-535). +- net: move gro definitions to include/net/gro.h (jsc#PED-535). +- bnx2: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1187). +- bnx2: Replace open-coded version with swab32s() (jsc#PED-1187). +- commit 9e44625 + +- tty: remove CMSPAR ifdefs (jsc#PED-531). +- commit 8886a3f + +- net: dsa: microchip: fix bridging with more than two member + ports (git-fixes). +- commit f2a5e08 + +- net: dsa: lantiq_gswip: fix use after free in gswip_remove() + (git-fixes). +- commit 577992b + +- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler + (git-fixes). +- commit f16c949 + +- net: mscc: ocelot: fix all IP traffic getting trapped to CPU + with PTP over IP (git-fixes). +- commit 391f1b3 + +- net: axienet: reset core on initialization prior to MDIO access + (git-fixes). +- Refresh + patches.suse/net-axienet-setup-mdio-unconditionally.patch. +- commit afb1beb + +- usb: Prepare cleanup of powerpc's asm/prom.h (jsc#PED-531). +- commit b5dac6b + +- net: mscc: ocelot: fix missing unlock on error in + ocelot_hwstamp_set() (git-fixes). +- commit c38c182 + +- blacklist.conf: update blacklist +- commit 9d146c4 + +- Update + patches.suse/watchqueue-make-sure-to-serialize-wqueue-defunct-pro.patch + (git-fixes, CVE-2022-1882, bsc#1199904). +- add references to CVE-2022-1882, bsc#1199904 +- commit b499e0d + +- PCI: VMD: ACPI: Make ACPI companion lookup work for VMD bus + (jsc#PED-633). +- Refresh + patches.suse/PCI-ACPI-Check-parent-pointer-in-acpi_pci_find_compa.patch. +- Refresh + patches.suse/PCI-vmd-Assign-VMD-IRQ-domain-before-enumeration.patch. +- x86: link vdso and boot with -z noexecstack + - -no-warn-rwx-segments (bsc#1203200). +- Makefile: link with -z noexecstack --no-warn-rwx-segments + (bsc#1203200). +- commit ee065ad + +- Update config files (change CONFIG_SUSE_PATCHLEVEL to 5). +- commit f931313 + +- intel_idle: Add a new flag to initialize the AMX state + (jsc#PED-681). +- x86/fpu: Add a helper to prepare AMX state for low-power CPU + idle (jsc#PED-681). +- platform/x86: intel/pmc: Add Alder Lake N support to PMC core + driver (jsc#PED-692). +- platform/x86/intel: pmc: Support Intel Raptorlake P + (jsc#PED-667). +- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers + (jsc#PED-743). +- PCI: vmd: Add DID 8086:A77F for all Intel Raptor Lake SKU's + (jsc#PED-633). +- PCI: vmd: Honor ACPI _OSC on PCIe features (jsc#PED-633). +- PCI: vmd: Clean up domain before enumeration (jsc#PED-633). +- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define + (jsc#PED-690). +- x86/cpu: Add Raptor Lake to Intel family (jsc#PED-690). +- commit 2f2c9c2 + +- compat: make linux/compat.h available everywhere (jsc#PED-1492). +- commit 82594a3 + +- dev_ioctl: pass SIOCDEVPRIVATE data separately (jsc#PED-1492). +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. +- commit 220a22b + +- net: socket: rework compat_ifreq_ioctl() (jsc#PED-1492). +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. +- commit 9e52d0a + +- net: socket: simplify dev_ifconf handling (jsc#PED-1492). +- Refresh + patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch. +- commit 7ce1665 + +- tg3: Disable tg3 device on system reboot to avoid triggering + AER (jsc#PED-1492). +- tg3: Remove redundant assignments (jsc#PED-1492). +- ethernet: Remove redundant statement (jsc#PED-1492). +- ethernet: tg3: remove direct netdev->dev_addr writes + (jsc#PED-1492). +- net: tg3: fix redundant check of true expression (jsc#PED-1492). +- net: tg3: fix obsolete check of !err (jsc#PED-1492). +- tg3: Search VPD with pci_vpd_find_ro_info_keyword() + (jsc#PED-1492). +- tg3: Validate VPD checksum with pci_vpd_check_csum() + (jsc#PED-1492). +- tg3: Read VPD with pci_vpd_alloc() (jsc#PED-1492). +- dev_ioctl: split out ndo_eth_ioctl (jsc#PED-1492). +- cxgb3: use ndo_siocdevprivate (jsc#PED-1492). +- qeth: use ndo_siocdevprivate (jsc#PED-1492). +- hamachi: use ndo_siocdevprivate (jsc#PED-1492). +- bonding: use siocdevprivate (jsc#PED-1492). +- net: split out SIOCDEVPRIVATE handling from dev_ioctl + (jsc#PED-1492). +- net: socket: remove register_gifconf (jsc#PED-1492). +- net: socket: rework SIOC?IFMAP ioctls (jsc#PED-1492). +- commit 9963a02 + +- sched/core: Use try_cmpxchg in set_nr_{and_not,if}_polling + (bnc#1202494 (Scheduler functional and performance backports)). +- sched/fair: Decay task PELT values during wakeup migration + (bnc#1202494 (Scheduler functional and performance backports)). +- sched/fair: Provide u64 read for 32-bits arch helper + (bnc#1202494 (Scheduler functional and performance backports)). +- sched/fair: Introduce SIS_UTIL to search idle CPU based on + sum of util_avg (jsc#PED-1213). +- sched/numa: Fix boot crash on arm64 systems (jsc#PED-827). +- sched/numa: Avoid migrating task to CPU-less node (jsc#PED-827). +- sched/numa: Fix NUMA topology for systems with CPU-less nodes + (jsc#PED-827). +- commit 2f3bfae + +- USB: HCD: Fix URB giveback issue in tasklet function + (git-fixes). +- commit 12ef886 + +- ethtool: extend ringparam setting/getting API with rx_buf_len + (jsc#PED-1497). +- Refresh + patches.suse/Revert-ibmvnic-Add-ethtool-private-flag-for-driver-d.patch. +- commit ee8f1a8 + +- ethernet/emulex:fix repeated words in comments (jsc#PED-1497). +- eth: benet: remove a copy of the NAPI_POLL_WEIGHT define + (jsc#PED-1497). +- be2net: Use irq_update_affinity_hint() (jsc#PED-1497). +- genirq: Provide new interfaces for affinity hints + (jsc#PED-1497). +- be2net: Remove useless DMA-32 fallback configuration + (jsc#PED-1497). +- ethtool: add support to set/get rx buf len via ethtool + (jsc#PED-1497). +- ethernet: constify references to netdev->dev_addr in drivers + (jsc#PED-1497). +- commit bb6401d + +- Update Yousaf's e-mail +- commit bde91a1 + +- rpm/config.sh: 15.4 -> 15.5 +- commit 11c86df + +- README.BRANCH: Update it with new co-maintainer and fix typo + Replace SLE15-SP4 for SLE15-SP5 and add Yousaf Kaukab as a + co-maintainer. +- commit 2f7c5b6 + +- Delete patches.kabi/* workarounds +- commit 6b96c7b + +- Delete patches.suse/revert-btrfs-props-change-how-empty-value-is-interpr.patch. + Align btrfs property compression to upstream behaviour (JSC#PED-1711) +- commit 2670de5 + +- README.BRANCH: Switch SLE15-SP5 maintainer to Oscar Salvador +- commit ad4c348 + +- Drop SLE15-SP4 kABI workaround patches + patches.kabi/kABI-fix-removal-of-iscsi_destroy_conn.patch is still kept as + the build breaks otherwise +- commit 492e2dd + +- Drop SLE15-SP4 kernel symbols +- commit 0837ac5 + +- supported.conf Add TDA4VM-SK modules (jsc#PED-1379) +- commit 890c2be + +- config/arm64: Add support for TDA4VM-SK machine (jsc#PED-1379) +- commit e6bb890 + libarchive +- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target + (CVE-2021-23177, bsc#1192425) + * CVE-2021-23177.patch + libassuan +- update to 2.5.5: + * Fix a crash in the logging code + * Upgrade autoconf + +- update to 2.5.4: + * Fix some minor build annoyances + +- Update to 2.5.3: + * Add a timeout for writing to a SOCKS5 proxy. + * Add workaround for a problem with LD_LIBRARY_PATH on newer systems. + +- qemu-disable-fdpassing-test.patch: remove + +-Update to 2.5.2: + * configure.ac: Bump LT version to C8/A8/R2 + * include libassuan.pc in the spec file + -- update to 2.1.2: - * Added support for ppc64le. - -- update to 2.1.1 - * no changes on the GNU/Linux platform -- includes changes from 2.1.0: - * Support for the nPth library. - * Add assuan_check_version and two version macros. - * Interface changes relative to the 2.0.3 release: - ASSUAN_SYSTEM_NPTH_IMPL NEW macro. - ASSUAN_SYSTEM_NPTH NEW macro. - __assuan_read NEW (private). - __assuan_write NEW (private). - __assuan_recvmsg NEW (private). - __assuan_sendmsg NEW (private). - __assuan_waitpid NEW (private). - ASSUAN_VERSION NEW macro. - ASSUAN_VERSION_NUMBER NEW macro. - assuan_check_version NEW. -- add tarball signature and keyring -- run unit tests during build -- libgpg-error requirement is >= 1.8 - -- build with LFS support in 32bit archs to be consistent - with the rest of the system, no good will come when LFS - enabled callers talk to non-LFS libraries. - -- license update: GPL-3.0+ and LGPL-2.1+ - Look at COPYING, COPYING.LIB and README - -- update to Libassuan 2.0.3 - - Make assuan_get_pid work correctly for pipe server. - - Interface changes relative to the 2.0.2 release: - * ASSUAN_FORCE_CLOSE (NEW) - -- own aclocal directory - -- Remove Requires/BuildRequires on libpth, this package - no longer uses this library. - -- update to libassuan-2.0.2 - - A new flag may now be used to convey comments via - assuan_transact. - - A new flag value may now be used to disable logging. - - The gpgcedev.c driver now provides a log device. - - It is now possible to overwrite socket and connect functions in - struct assuan_system_hooks. - - Interface changes relative to the 2.0.1 release: - ASSUAN_CONVEY_COMMENTS NEW. - ASSUAN_NO_LOGGING NEW. - assuan_system_hooks_t CHANGED: Added socket and connect members. - ASSUAN_SYSTEM_HOOKS_VERSION CHANGED: Bumped to 2. - assuan_register_pre_cmd_notify NEW. -- use spec-cleaner - -- Use %_smp_mflags - -- update to libassuan-2.0.1 - * Input and output notification handler can now really access the - parsed fd as stated in the manual. - * Cleaned up the logging. - * Interface changes relative to the 2.0.0 release: - assuan_free NEW - _assuan_w32ce_create_pipe NEW - ASSUAN_LOG_CONTROL NEW - -- fixed deps - o libgpg-error-devel >= 1.4 - -- fix deps for pth - pth < 1120 >= libpth-devel -- sort TAGS - -- add baselibs.conf (needed for libgpgme) - -- update to libassuan-2.0.0 - * Now using libtool and builds a DSO. - * Lots of interface cleanups. - * Pth support has changed. This now follows the same style as - libgcrypt by setting system hook callbacks. -- split package to libassuan0 and libassuan-devel - -- change BuildRequires: (pth-devel -> libpth-devel) - -- BuildRequires: pth-devel - libcaca +- More overflow prevention of multiplying large ints + [bsc#1182731, CVE-2021-3410, libcaca-bsc1182731-prevent-overflow.patch] + libgcrypt +- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117] + * Add libgcrypt-FIPS-rndjent_poll.patch + +- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700] + * Consider approved keylength greater or equal to 112 bits. + * Add libgcrypt-FIPS-kdf-leylength.patch + +- FIPS: Zeroize buffer and digest in check_binary_integrity() + * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020] + +- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while + typing Tab key to Auto-Completion. [bsc#1182983] + * Add libgcrypt-out-of-core-handler.patch + +- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941] + * Enable the jitter based entropy generator by default in random.conf + - Add libgcrypt-jitterentropy-3.3.0.patch + * Update the internal jitterentropy to version 3.4.0 + - Add libgcrypt-jitterentropy-3.4.0.patch + libtirpc +- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of + connections (bsc#1201680) + - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch + +-exclude ipv6 addresses in client protocol 2 code (bsc#1200800) + - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch + +- fix memory leak in params.r_addr assignement (bsc#1198752) + - add 0001-fix-parms.r_addr-memory-leak.patch + +- check for nullpointer in check_address (bsc#1198176) + update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch + +- add option to enforce connection via protocol version 2 first + (bsc#1196647) + add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch + +- Update to libtirpc 1.2.6 + - Drop patches all patches backported from this release + (0001-Add-authdes_seccreate-stub.patch, + 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch) + +- Backport upstream fix daed7ee ("Avoid multiple-definiton with gcc -fno-common") + to fix build error with gcc flag -fno-common (bsc#1160875). + Tested on gcc-9 and gcc-10. + 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch + +- Skip unneeded autogen.sh run (configure is up-to-date), drop + dependencies: libtool, autoconf +- Replace krb5-mini-devel/krb5-devel with pkgconfig(krb5) + +- Update to libtirpc 1.2.5 + - A number resource leaks and other issues were fix which were identified + by a Coverity Scan. + - The AUTH_DES authentication has been deprecated. If any of those routines + are called, they will fail immediately. + - numerous bug fixes +- Package changes: + - Build without AUTH_DES authentication + - Add patch from next release 0001-Add-authdes_seccreate-stub.patch + (a86b4ff Add authdes_seccreate() stub) + - Drop rc patches (libtirpc-1-1-5-rc1.patch, libtirpc-1-1-5-rc2.patch) + - Drop patches all patches backported from this release + (0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch, + 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch, + 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch) + +- Fix previous version: + - actually delete + 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch + - use 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch + - use 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch (renamed from + 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch) + - use 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch + (renamed from + 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch) + +- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release) + - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect + upstream changes after 1.1.4 release + - remove /etc/bindresvport.blacklist as it's still supported by glibc + although it's not compiled with --enable-obsolete-rpc +- Drop patches accepted in previous releases or not needed + - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4) + - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory) + - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1) + - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch + (backport of 25d38d7, libtirpc-1-0-4-rc1) + - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch + (backport of 145272c, libtirpc-1-0-4-rc2) +- Add fixes from upcomming release + - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch + - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch + - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch + +- Fix SLES 15 - yp_bind_client_create_v3: RPC: Unknown host (bsc#1126096). + - Add upstream patch + 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch + +- fix socket leak introduced by change-rpc-protocol-version-order patch + (bsc#1087925) + - add 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch + +- Revert binddynport changes as they break backward compatibility + [brc#1562169]. + - add 002-revert-binddynport.patch + +- Remove ineffective --with-pic. + +- Update to libtirpc 1.0.3 + - clnt_dg_call: Fix a buffer overflow (CVE-2016-4429) + - Avoid choosing reserved ports in legacy RPC APIs + - rpcinfo: change order of version to be tried to 4, 3, 2 + - includes 003-rpc-types.patch + - includes 004-replace-bzero-with-memset.patch + - includes 005-missing-includes.patch + - includes 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch + - includes decls.patch +- Drop COPYING.GPLv2, GPLv2 code was removed from library + +- Adjust include directory [bsc#1083902] + +- Use %license (boo#1082318) + +- Move /usr/include/tirpc to /usr/include + +- Add COPYING.GPLv2 and install Licenses for GPLv2 code. + +- 005-missing-includes.patch: add missing includes to make headers + compatible to sunrpc. + +- Update to version 1.0.2 + - 002-old-automake.patch: not needed anymore + - 005-libtirpc-1.0.2-rc1.patch: dropped + - 006-Remove-old-meanwhile-wrong-comment-about-FD_SETSIZE-.patch: + removed, merged upstream + - 007-Change-rtime-function-to-use-poll-instead-of-select.patch: + removed, merged upstream + - 008-Add-parameters-to-local-prototypes-to-fix-compiler-w.patch: + removed, merged upstream + - 009-makefd_xprt-checks-that-the-filedesriptor-is-lower-t.patch: + removed, merged upstream + - 010-The-goto-again-statement-was-an-left-over-from-the-p.patch: + removed, merged upstream + - 012-libtirpc-needs-rpcsvc-nis.h-for-compiling-but-does-n.patch: + removed, merged upstream + - 013-If-we-don-t-compile-in-YP-support-don-t-include-YP-h.patch: + removed, merged upstream + - 014-Add-des_crypt.c-and-des_impl.c-to-become-independent.patch: + removed, merged upstream + - 015-Fix-includes-to-compile-without-deprecated-glibc-fun.patch: + removed, merged upstream + - patch6_7.diff: obsolete + - Replace explicit_bzero.patch with + 004-replace-bzero-with-memset.patch from git + - Rename libtirpc-new-path-rpcbindsock.patch to + 001-new-rpcbindsock-path.patch + +- 003-rpc-types.patch: Add some typedefs to rpc/types.h to allow + applications be compiled with -std=iso9899:1990 + +- Rectify RPM groups and summaries, + and update old macro/variable constructs. + +- decls.patch: fix missing declarations +- explicit_bzero.patch: use explicit_bzero if available + +- Add some patches to get libtirpc compiled without needing glibc + deprecated functions: + - 015-Fix-includes-to-compile-without-deprecated-glibc-fun.patch + - 014-Add-des_crypt.c-and-des_impl.c-to-become-independent.patch + - 013-If-we-don-t-compile-in-YP-support-don-t-include-YP-h.patch +- Add 012-libtirpc-needs-rpcsvc-nis.h-for-compiling-but-does-n.patch + to allow bootstrapping of libtirpc without glibc sunrpc code or + libnsl NIS+ code. + +- Add 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch + (fix export of key_secretkey_is_set) + +- Add the following patches to fix some bugs from the poll() + port and an endless loop: + - 006-Remove-old-meanwhile-wrong-comment-about-FD_SETSIZE-.patch + - 007-Change-rtime-function-to-use-poll-instead-of-select.patch + - 008-Add-parameters-to-local-prototypes-to-fix-compiler-w.patch + - 009-makefd_xprt-checks-that-the-filedesriptor-is-lower-t.patch + - 010-The-goto-again-statement-was-an-left-over-from-the-p.patch + +- Remove 004-netconfig-prefer-IPv6.patch for SLES12. +- Remove libtirpc-getnetconfig-races.patch (was backport). + [FATE#320393] + +- Split the netconfig configuration file and manual page off into + an own RPM. Else it is not possible to install the old and new + libtirpc libraries in parallel. + +- Update to libtirpc-1.0.1 + - new major soname + - Adjust auth code to match other RPC implementations + - Implement more gss auth stuff + - use poll() instead of select() in svc_run() + - Add more sunrpc compat functions + - Sync compat headers with real functions +- Drop 005-missing-symvers.patch (upstream) +- Drop 006-memleak1.patch (upstream) +- Drop 007-memleak2.patch (upstream) +- Drop 008-fix-undef-ref.patch (upstream) +- Drop 009-authdes_pk_create.patch (upstream) +- Drop 010-xdr_sizeof.patch (upstream) +- Drop 011-authdes_create.patch (upstream) +- Drop 012-xp_sock.patch (upstream) +- Drop 099-poll.patch (upstream) +- Drop libtirpc-xdr-header.patch (was backport) +- Add 005-libtirpc-1.0.2-rc1.patch (fixes deadlock) + +- Fix public xdr.h header - xdr_rpcvers() were broken (bsc#902439) + Added: libtirpc-xdr-header.patch + +- Update 099-poll.patch with newest version send upstream. + +- Add 099-poll.patch: change svc_run from select() to poll(). + +- Add 012-xp_sock.patch: add sunrpc compatibility define + +- Update 009-authdes_pk_create.patch (fix syncaddr handling) +- Add 011-authdes_create.patch (fix syncaddr handling) + +- Add 010-xdr_sizeof.patch (enable xdr_sizeof) + +- Add 009-authdes_pk_create.patch (missing SunRPC compat function) + +- Add 008-fix-undef-ref.patch to fix a undefined reference bug + +- Update to version 0.3.2 (bring authdes back) +- Remove 005-no_IPv6_for_old_code.patch (accepted upstream) +- Remove 001-tirpc-features.patch (obsolete) +- Add 005-missing-symvers.patch (fix missing, new symbols) +- Add 006-memleak1.patch (fix memory leak) +- Add 007-memleak2.patch (fix memory leak) + +- Remove krb5-devel from -devel requires, not needed anymore + +- Update to libtirpc 0.3.1, which incorporates the following + patches: + - 011-gssapi-update1.patch + - 012-gssapi-update2.patch + - 013-gssapi-update3.patch + - 014-gssapi-update4.patch + - 015-gssapi-update5.patch + - 016-gssapi-update6.patch + - 017-gssapi-update7.patch + - 018-gssapi-update8.patch + Not needed anymore: + - 007-fix-tirpc_map.patch + Adjusted: + - 001-tirpc-features.patch, merged with 006-rework-features.diff + - 002-old-automake.patch + +- 007-fix-tirpc_map.patch: fix symbol version for new global names + +- 006-rework-features.diff: Adjust for set of gssapi patches +- 003-fix-gssapi.patch replaced by 011-gssapi-update1.patch +- 012-gssapi-update2.patch: fix krb5-config usage +- 013-gssapi-update3.patch: check for gssapi.h +- 014-gssapi-update4.patch: don't include rpcsec_gss.h +- 015-gssapi-update5.patch: don't install GSSAPI files if disabled +- 016-gssapi-update6.patch: fix rpc_gss_seccreate +- 017-gssapi-update7.patch: officialy export two internal functions +- 018-gssapi-update8.patch: don't use glibc special header files + +- 003-fix-gssapi.patch: Correct fix for GSS ABI breakage +- 005-no_IPv6_for_old_code.patch: Update comment +- 006-rework-features.diff: Rework tirpc-features.h + +- 003-fix-gssapi.patch: Update, one chunk did go lost + +- 001-tirpc-features.patch: update with official git version +- 002-old-automake.patch: re-add for SLES11 +- 003-fix-gssapi.patch: try to fix the disable-gssapi option correct + +- Fix HAVE_AUTHDES/HAVE_GSSAPI in public header files + (001-tirpc-features.patch) + +- Update to official release 0.3.0. authdes was disabled by default + upstream. +- Following patches were merged: + - 001-symbol-versions-v5.patch + - 003-add-des_crypt.diff +- Remove 002-old-automake.patch, not needed anymore + +- Update 001-symbol-versions-v4.patch with + 001-symbol-versions-v5.patch: Add --disable-symvers option + +- Update 003-add-des_crypt.diff, fix unresolved des functions + +- Update to git +- Add 003-add-des_crypt.diff to fix unresolved *_crypt() functions + +- Disable gssapi for SLE11, kerberos version is too old + +- rpc/rpc.h requires now indirectly gssapi.h from krb5-devel + +- Update to current git. +- The following patches were accepted upstream: + - 003-xdr_h-fix.patch + - 005-disable-rpcent.patch + - 006-no-libnsl.patch + - patch1_7.diff + - patch2_7.diff + - patch3_7.diff +- patch7_7.diff: removed, rejected upstream +- 001-symbol-versions-v3.patch: replace with 001-symbol-versions-v4.patch + +- Add the following patches from the libtirpc-devel mailing list: + - patch1_7.diff (remove wrong config.h.in) + - patch2_7.diff (fix function name of yp_check) + - patch3_7.diff (make sure config.h is included) + - patch6_7.diff (use getaddrinfo in getrpcport) + - patch7_7.diff (remove prototypes from headers we don't supply) + +- Add following patches: + - 003-xdr_h-fix.patch (fix wrong defines using xdr_u_int32) + - 005-disable-rpcent.patch (use rpcent functions from glibc) + - 006-no-libnsl.patch (don't link against libnsl) + +- Update to 0.2.5.git from 20150423 + - following patches are accepted upstream: + - 003-rpc_broadcast_misformed_replies.patch + - libtirpc-misc-segfaults.patch + - replace 001-symbol-versions-v2.patch with + 001-symbol-versions-v3.patch + - enable symbol versioning patch + +- Fix race conditions in getnetconfig (bsc#899576, bsc#882973) + Added: libtirpc-getnetconfig-races.patch + +- 004-netconfig-prefer-IPv6.patch: Prever IPv6 over IPv4 (configured + in /etc/netconfig) + +- 002-old-automake.patch: make buildable on old systems + +- Update to 0.2.5.git from 20141217 + - following patches are accepted upstream: + - 002-clnt_broadcast_fix.patch + - 004-getpmaphandle.patch + - libtirpc-clntunix_create.patch + - libtirpc-getbroadifs-crash.patch + - libtirpc-taddr2uaddr-local.patch + +- Update to upstream 0.2.5 release +- Add symbol versioning to fix symbol conflicts + (001-symbol-versions-v2.patch), but disable until commited upstream +- Adjust libtirpc-clnt_broadcast_fix.patch and rename to + 002-clnt_broadcast_fix.patch +- Adjust libtirpc-rpc_broadcast_misformed_replies.patch and rename + to 003-rpc_broadcast_misformed_replies.patch +- Rename libtirpc-getpmaphandle.patch to 004-getpmaphandle.patch +- Adjust libtirpc-bindresvport_blacklist.patch and rename to + 000-bindresvport_blacklist.patch +- Drop libtirpc-pmap-setunset.patch, not needed anymore +- Apply libtirpc-new-path-rpcbindsock.patch only on openSUSE 13.1 + and later + libvirt +- spec: Only drop redefinition of libexecdir on Factory and newer + bsc#1203775 + +- Migration to /usr/etc: Saving user changed configuration files + in /etc and restoring them while an RPM update. + lvm2 +- lvmlockd is not supporting sanlock (bsc#1203482) + - set 1 for _supportsanlock in lvm2.spec for enabling sanlock. + +- Upgrade lvm2 from LVM2.2.03.05 to LVM2.2.03.16 (bsc#1201616) + - device-mapper version upgrade to 1.02.185 (bsc#1199074) +- Drop patches that have been merged into upstream + - bug-1122666_devices-drop-open-error-message.patch + - bug-1150021_01-scanning-open-devs-rw-when-rescanning-for-write.patch + - bug-1149408_Fix-rounding-writes-up-to-sector-size.patch + - bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch + - bug-1152378-md-component-detection-for-differing-PV-and-device-s.patch + - bug-1152378-pvscan-fix-PV-online-when-device-has-a-different-siz.patch + - jcs-SLE5498_pvscan-allow-use-of-noudevsync-option.patch + - bug-1154655_udev-remove-unsupported-OPTIONS-event_timeout-rule.patch + - bug-1158628_01-tests-replaces-grep-q-usage.patch + - bug-1158628_02-tests-fix-ra-checking.patch + - bug-1158628_03-tests-simplify-some-var-settings.patch + - bug-1158628_04-pvmove-correcting-read_ahead-setting.patch + - bug-1158628_05-activation-add-synchronization-point.patch + - bug-1158628_06-pvmove-add-missing-synchronization.patch + - bug-1158628_07-activation-extend-handling-of-pending_delete.patch + - bug-1158628_08-lv_manip-add-synchronizations.patch + - bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch + - bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch + - bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch + - bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch + - bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch + - bug-1158628_14-tests-add-extra-settle.patch + - bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch + - bug-1158861_01-config-remove-filter-typo.patch + - bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch + - bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch + - bug-1158861_04-fix-duplicate-pv-size-check.patch + - bug-1158861_05-hints-fix-copy-of-filter.patch + - bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch + - bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch + - bug-1158861_08-hints-fix-mem-leaking-buffers.patch + - bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch + - bug-1150021_02-bcache-add-bcache_abort.patch + - bug-1150021_03-label-Use-bcache_abort_fd-to-ensure-blocks-are-no-lo.patch + - bug-1150021_04-bcache-add-unit-test.patch + - bug-1150021_05-bcache-bcache_invalidate_fd-only-remove-prefixes-on.patch + - bug-1150021_06-fix-dev_unset_last_byte-after-write-error.patch + - bug-1157736-add-suggestion-message-for-mirror-LVs.patch + - bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch + - bug-1172566_cachevol-use-cachepool-code-for-metadata-size.patch + - bug-1175110_dmeventd-avoid-bail-out-preventing-repair-in-raid-pl.patch + - bug-1177734_raid-no-wiping-when-zeroing-raid-metadata-device.patch + - bug-1181319_01-Revert-lvmlockd-use-commonly-used-define-NOTIFYDBUS_.patch + - bug-1181319_02-lvmlockctl-ensure-result-value-is-always-defined.patch + - bug-1181319_03-lvmlockctl-use-inline-initilizers.patch + - bug-1181319_04-lvmlockd-replace-lock-adopt-info-source.patch + - bug-1181319_05-cov-check-sscanf-result.patch + - bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch + - bug-1185190_01-pvscan-support-disabled-event_activation.patch + - bug-1185190_02-config-improve-description-for-event_activation.patch + - bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch + - bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch + - bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch + - bug-1202011_vgchange-monitor-don-t-use-udev-info.patch + - bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch + - bug-1179691_config-set-external_device_info_source-none.patch +- Update patch + - fate-309425_display-dm-name-for-lv-name.patch + - bug-1184687_Add-nolvm-for-kernel-cmdline.patch +- replace exist patch with fixed bug patches + - (remove) fate-31841_fsadm-add-support-for-btrfs.patch + - (add) fate-31841-01_fsadm-add-support-to-resize-check-btrfs-filesystem.patch + - (add) fate-31841-02_man-add-support-for-btrfs.patch + - (add) fate-31841-03_tests-new-test-suite-of-fsadm-for-btrfs.patch +- Add upstream patch + - 0001-devices-file-move-clean-up-after-command-is-run.patch + - 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch + - 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch + - 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch + - 0005-pvdisplay-restore-reportformat-option.patch + - 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch + - 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch + - 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch + - 0009-mm-remove-libaio-from-being-skipped.patch + - 0010-dmsetup-check-also-for-ouf-of-range-value.patch + - 0011-devices-drop-double-from-sysfs-path.patch + - 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch + - 0013-vgimportdevices-change-result-when-devices-are-not-a.patch + - 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch +- update lvm2.spec + - indent some lines for easy read + - add new binraries: lvmdevices lvm_import_vdo vgimportdevices dmfilemapd + - remove config item '--enable-cmirrord', which was obsoleted. + - remove config item '--enable-realtime', which became default setting. + - add config item "--with-cluster=internal" for cluster test + - add config item "--enable-dmfilemapd" for new daemon dmfilemapd + - add new man: lvmautoactivation.7 lvmdevices.8 lvm_import_vdo.8 dmfilemapd.8 + - remove lvm2-activation-generator & lvm2-activation-generator.8 + - remove lvm2-pvscan@.service + - replace 69-dm-lvm-metad.rules with 69-dm-lvm.rules + - change %post behaviour, only do deleting job for non-link folder (bsc#1198523) +- lvm.conf + - follow upstream style, comment out default value (bsc#1179739) + mdadm +- imsm: support for third Sata controller (bsc#1201297) + 0122-imsm-support-for-third-Sata-controller.patch +- mdadm: enable Intel Alderlake RSTe configuration (bsc#1201297) + 1005-mdadm-enable-Intel-Alderlake-RSTe-configuration.patch + perl-Bootloader +- merge gh#openSUSE/perl-bootloader#139 +- fix sysconfig parsing (bsc#1198828) +- 0.939 + +- merge gh#openSUSE/perl-bootloader#138 +- grub2/install: reset error code when passing through recover code + (bsc#1198197) +- 0.938 + permissions + * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252) + +- Update to version 20201225: python-apipkg +- Update to v2.1.0 + * fix race condition for import of modules using apipkg.initpkg + in Python 3.3+ by updating existing modules in-place rather + than replacing in sys.modules with an apipkg.ApiModule + instances. This race condition exists for import statements + (and __import__) in Python 3.3+ where sys.modules is checked + before obtaining an import lock, and for + importlib.import_module in Python 3.11+ for the same reason. +- Release 2.0.1 + * fix race conditions for attribute creation +- Release 2.0.0 + * also transfer __spec__ attribute + * make py.test hack more specific to avoid hiding real errors + * switch from Travis CI to GitHub Actions + * modernize package build + * reformat code with black +- Drop pytest4.patch + +- The now broken apicycle requires apipkg to be importable from + elsewhere -- use src dir. + +- Split package into multibuild, to avoid apipkg -> pytest -> py -> + apipkg cycle. + +- refresh pytest4.patch for pytest5 + +- Add patch to fix build with pytest newer than 4: + * pytest4.patch + +- update to 1.5 +- fixed dependencies + * switch to setuptools_scm + * avoid dict iteration (fixes issue on python3) + * preserve __package__ - ths gets us better pep 302 compliance + python3 +- Add patch CVE-2021-28861-double-slash-path.patch: + * http.server: Fix an open redirection vulnerability in the HTTP server + when an URI path starts with //. (bsc#1202624, CVE-2021-28861) + qemu -- Improve the output of update_git.sh, by including the list of - repos to which we have downstream patches. -- Fix bsc#1197084 and bsc#1199924 +- Runs of the test-suite seem much more stable now, in this version + of QEMU. (bsc#1203610) We are also fine re-enabling running them + in parallel. + +- Switch QEMU Linux user to emulate the same CPU as the one of the + host by default. This is a bit conrtoversial and tricky, when + thinking about system emulation/virtualization. But for linux-user, + it should be just fine. (bsc#1203684) + * Patches added: + linux-user-use-max-as-default-CPU-model-.patch + +- Be less verbose when packaging documentation. In fact, with just + a couple of (minor) re-arrangements, we can get rid of having to + list all the files all the time +- Package /etc/qemu/bridge.conf as '%config(noreplace). Next step + will probably be to move it to /usr/etc/qemu (bsc#1201944) + +- Switch to %autosetup for all products (this required some changes + in update_git.sh) +- Run check-qtest sequentially, as it's more reliable, when in OBS +- Build with libbpf, fdt and capstone support +- Drop the patch adding our support document, and deal with that + in the spec file directly + * Patches dropped: + doc-add-our-support-doc-to-the-main-proj.patch + +- Updated to latest upstream version 7.1 + * https://wiki.qemu.org/ChangeLog/7.1 + Be sure to also check the following pages: + * https://qemu-project.gitlab.io/qemu/about/removed-features.html + * https://qemu-project.gitlab.io/qemu/about/deprecated.html + Some notable changes: + * [x86] Support for architectural LBRs on KVM virtual machines + * [x86] The libopcode-based disassembler has been removed. Use + Capstone instead + * [LoongArch] Add initial support for the LoongArch64 architecture. + * [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2 + * [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers + * [ARM] The versal machine now models the Cortex-R5s in the Real-Time + Processing Unit (RPU) subsystem + * [ARM] The virt board now supports emulation of the GICv4.0 + * [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1 + * [HPPA] Fix serial port pass-through from host to guest + * [HPPA] Lots of general code improvements and tidy-ups + * [RISC-V] RISC-V + * [RISC-V] Add support for privileged spec version 1.12.0 + * [RISC-V] Use privileged spec version 1.12.0 for virt machine by default + * [RISC-V] Allow software access to MIP SEIP + * [RISC-V] Add initial support for the Sdtrig extension + * [RISC-V] Optimisations and improvements for the vector extension + * [VFIO] Experimental support for exposing emulated PCI devices over the + new vfio-user protocol (a vfio-user client is not yet available + in QEMU, though) + * [QMP] The on-cbw-error option for copy-before-write filter, to specify + behavior on CBW (copy before write) operation failure. + * [QMP] The cbw-timeout option for copy-before-write filter, to specify + timeout for CBW operation. + * [QMP] New commands query-stats and query-stats-schema to retrieve + statistics from various QEMU subsystems (right now only from + KVM). + * [QMP] The PanicAction can now be configured to report an exit-failure + (useful for automated testing) + * [Networking] QEMU can be compiled with the system slirp library even + when using CFI. This requires libslirp 4.7. + * [Migration] Support for zero-copy-send on Linux, which reduces CPU + usage on the source host. Note that locked memory is needed + to support this + Revert-tests-qtest-enable-more-vhost-use.patch + meson-remove-pkgversion-from-CONFIG_STAM.patch + * Patches dropped: + AIO-Reduce-number-of-threads-for-32bit-h.patch + Makefile-Don-t-check-pc-bios-as-pre-requ.patch + Revert-8dcb404bff6d9147765d7dd3e9c849337.patch + Revert-qht-constify-qht_statistics_init.patch + XXX-dont-dump-core-on-sigabort.patch + acpi_piix4-Fix-migration-from-SLE11-SP2.patch + configure-only-populate-roms-if-softmmu.patch + configure-remove-pkgversion-from-CONFIG_.patch + coroutine-ucontext-use-QEMU_DEFINE_STATI.patch + coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch + coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch + hw-usb-hcd-ehci-fix-writeback-order.patch + i8254-Fix-migration-from-SLE11-SP2.patch + intc-exynos4210_gic-replace-snprintf-wit.patch + modules-generates-per-target-modinfo.patch + modules-introduces-module_kconfig-direct.patch + pc-bios-s390-ccw-net-avoid-warning-about.patch + qemu-cvs-gettimeofday.patch + qemu-cvs-ioctl_debug.patch + qemu-cvs-ioctl_nodirection.patch + qht-Revert-some-constification-in-qht.c.patch + qom-handle-case-of-chardev-spice-module-.patch + scsi-lsi53c895a-fix-use-after-free-in-ls.patch + scsi-lsi53c895a-really-fix-use-after-fre.patch + softmmu-Always-initialize-xlat-in-addres.patch + sphinx-change-default-language-to-en.patch + test-add-mapping-from-arch-of-i686-to-qe.patch + tests-Fix-block-tests-to-be-compatible-w.patch + tests-qtest-Move-the-fuzz-tests-to-x86-o.patch + usb-Help-compiler-out-to-avoid-a-warning.patch + +- pcre-devel-static is only needed when building against + glib2 < 2.73. After that, glib2 was migrated to pcre2. + +- Substantial rework of the spec file: + * the 'make check' testsuite now runs in the %check section of + the main package, not in a subpackage + * switched from %setup to %autosetup + * rearranged the content in order to minimize the use of %if, + %ifarch, etc + +- Properly fix bsc#1198038, CVE-2022-0216 + * Patches added: + scsi-lsi53c895a-really-fix-use-after-fre.patch + tests-qtest-Move-the-fuzz-tests-to-x86-o.patch + +- Make temp dir (for update_git.sh) configurable +- Added new subpackages (audio-dbus, ui-dbus) +- bsc#1199018 was never fixed in Factory's QEMU 6.2. It is + now (since the patches are already in SeaBIOS 1.16.0) +- Some tests are having issues when run in OBS. They seem to be + due to race conditions, triggered by resource constraints of + OBS workers. Let's disable them for now, while looking for a fix +- Update to v7.0.0 (bsc#1201307). For full release notes, see: + * https://wiki.qemu.org/ChangeLog/7.0 + Be sure to also check the following pages: + * https://qemu-project.gitlab.io/qemu/about/removed-features.html + * https://qemu-project.gitlab.io/qemu/about/deprecated.html + Some notable changes: + * [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed) + * [ARM] The AST2600 SoC now supports a dummy version of the i3c device + * [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges + * [ARM] The virt board now supports virtio-mem-pci + * [ARM] The virt board now supports specifying the guest CPU topology + * [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it + * [RISC-V] Add support for ratified 1.0 Vector extension + * [RISC-V] Support for the Zve64f and Zve32f extensions + * [RISC-V] Drop support for draft 0.7.1 Vector extension + * [RISC-V] Support Zfhmin and Zfh extensions + * [RISC-V] RISC-V KVM support + * [RISC-V] Mark Hypervisor extension as non experimental + * [RISC-V] Enable Hypervisor extension by default + * [x86] Support for Intel AMX. + * [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec) + * [PCI/PCIe] initial bits of SR/IOV support (250346169) + * [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45) + * [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9) + * [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories + * [virtiofs] Improved security label support + * [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd + * Patches dropped: + acpi-validate-hotplug-selector-on-access.patch + block-backend-Retain-permissions-after-m.patch + block-qdict-Fix-Werror-maybe-uninitializ.patch + brotli-fix-actual-variable-array-paramet.patch + display-qxl-render-fix-race-condition-in.patch + doc-Add-the-SGX-numa-description.patch + hw-i386-amd_iommu-Fix-maybe-uninitialize.patch + hw-intc-exynos4210_gic-provide-more-room.patch + hw-nvme-fix-CVE-2021-3929.patch + hw-nvram-at24-return-0xff-if-1-byte-addr.patch + iotest-065-explicit-compression-type.patch + iotest-214-explicit-compression-type.patch + iotest-302-use-img_info_log-helper.patch + iotest-303-explicit-compression-type.patch + iotest-39-use-_qcow2_dump_header.patch + iotests-60-more-accurate-set-dirty-bit-i.patch + iotests-bash-tests-filter-compression-ty.patch + iotests-common.rc-introduce-_qcow2_dump_.patch + iotests-declare-lack-of-support-for-comp.patch + iotests-drop-qemu_img_verbose-helper.patch + iotests-massive-use-_qcow2_dump_header.patch + iotests-MRCE-Write-data-to-source.patch + iotests.py-filter-out-successful-output-.patch + iotests.py-img_info_log-rename-imgopts-a.patch + iotests.py-implement-unsupported_imgopts.patch + iotests.py-qemu_img-create-support-IMGOP.patch + iotests.py-rewrite-default-luks-support-.patch + iotests-specify-some-unsupported_imgopts.patch + meson-build-all-modules-by-default.patch + numa-Enable-numa-for-SGX-EPC-sections.patch + numa-Support-SGX-numa-in-the-monitor-and.patch + python-aqmp-add-__del__-method-to-legacy.patch + python-aqmp-add-_session_guard.patch + python-aqmp-add-SocketAddrT-to-package-r.patch + python-aqmp-add-socket-bind-step-to-lega.patch + python-aqmp-add-start_server-and-accept-.patch + python-aqmp-copy-type-definitions-from-q.patch + python-aqmp-drop-_bind_hack.patch + python-aqmp-fix-docstring-typo.patch + python-aqmp-Fix-negotiation-with-pre-oob.patch + python-aqmp-fix-race-condition-in-legacy.patch + Python-aqmp-fix-type-definitions-for-myp.patch + python-aqmp-handle-asyncio.TimeoutError-.patch + python-aqmp-refactor-_do_accept-into-two.patch + python-aqmp-remove-_new_session-and-_est.patch + python-aqmp-rename-accept-to-start_serve.patch + python-aqmp-rename-AQMPError-to-QMPError.patch + python-aqmp-split-_client_connected_cb-o.patch + python-aqmp-squelch-pylint-warning-for-t.patch + python-aqmp-stop-the-server-during-disco.patch + python-introduce-qmp-shell-wrap-convenie.patch + python-machine-raise-VMLaunchFailure-exc.patch + python-move-qmp-shell-under-the-AQMP-pac.patch + python-move-qmp-utilities-to-python-qemu.patch + python-qmp-switch-qmp-shell-to-AQMP.patch + python-support-recording-QMP-session-to-.patch + python-upgrade-mypy-to-0.780.patch + qcow2-simple-case-support-for-downgradin.patch + qemu-binfmt-conf.sh-should-use-F-as-shor.patch + tests-qemu-iotests-040-Skip-TestCommitWi.patch + tests-qemu-iotests-Fix-051-for-binaries-.patch + tests-qemu-iotests-testrunner-Quote-case.patch + tools-virtiofsd-Add-rseq-syscall-to-the-.patch + ui-cursor-fix-integer-overflow-in-cursor.patch + vhost-vsock-detach-the-virqueue-element-.patch + virtiofsd-Drop-membership-of-all-supplem.patch + virtio-net-fix-map-leaking-on-error-duri.patch + Disable-some-tests-that-have-problems-in.patch + * Patches added: + intc-exynos4210_gic-replace-snprintf-wit.patch + Revert-8dcb404bff6d9147765d7dd3e9c849337.patch + +- Fix bsc#1197084 + * Patches added: + hostmem-default-the-amount-of-prealloc-t.patch -- Fix bsc#1198712, CVE-2022-26354 -- Fix bsc#1198711, CVE-2022-26353 +- backport patches for having coroutine work well when LTO is used - vhost-vsock-detach-the-virqueue-element-.patch - virtio-net-fix-map-leaking-on-error-duri.patch + coroutine-ucontext-use-QEMU_DEFINE_STATI.patch + coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch + coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch -- Fix bsc#1198037, CVE-2021-4207 -- Fix bsc#1198035, CVE-2021-4206 +- seabios: drop patch that changes python in python2. + Just go to python3 directly. + * Patches dropped: + seabios-use-python2-explicitly-as-needed.patch + +- Fix the following bugs: + - bsc#1198037, CVE-2021-4207 + - bsc#1198038, CVE-2022-0216 + - bsc#1201367, CVE-2022-35414 + - bsc#1198035, CVE-2021-4206 + - bsc#1198712, CVE-2022-26354 + - bsc#1198711, CVE-2022-26353 + scsi-lsi53c895a-fix-use-after-free-in-ls.patch + softmmu-Always-initialize-xlat-in-addres.patch + vhost-vsock-detach-the-virqueue-element-.patch + virtio-net-fix-map-leaking-on-error-duri.patch + +- Fix usb ehci boot failure (bsc#1192115) + * Patches added: + hw-usb-hcd-ehci-fix-writeback-order.patch + +- Fix bugs boo#1200557 and boo#1199924 +- Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3 + * Patches added: + pci-fix-overflow-in-snprintf-string-form.patch + sphinx-change-default-language-to-en.patch + +- It has been observed that building QEMU with _FORTIFY_SOURCE=3 + causes problem (see bsc#1199924). Force it to =2 for now, while + we investigate the issue. -- Backport SeaBIOS patches for fixing bsc#1199018 - * Patches added: - pci-let-firmware-reserve-IO-for-pcie-pci.patch - pci-reserve-resources-for-pcie-pci-bridg.patch +- Filter out rpmlint error that is valid for qemu, but will + have its badness increased in the future. +- Backport aqmp patches from upstream which can fix iotest issues + * Patches added: + python-aqmp-add-__del__-method-to-legacy.patch + python-aqmp-add-_session_guard.patch + python-aqmp-add-SocketAddrT-to-package-r.patch + python-aqmp-add-socket-bind-step-to-lega.patch + python-aqmp-add-start_server-and-accept-.patch + python-aqmp-copy-type-definitions-from-q.patch + python-aqmp-drop-_bind_hack.patch + python-aqmp-fix-docstring-typo.patch + python-aqmp-Fix-negotiation-with-pre-oob.patch + python-aqmp-fix-race-condition-in-legacy.patch + Python-aqmp-fix-type-definitions-for-myp.patch + python-aqmp-handle-asyncio.TimeoutError-.patch + python-aqmp-refactor-_do_accept-into-two.patch + python-aqmp-remove-_new_session-and-_est.patch + python-aqmp-rename-accept-to-start_serve.patch + python-aqmp-rename-AQMPError-to-QMPError.patch + python-aqmp-split-_client_connected_cb-o.patch + python-aqmp-squelch-pylint-warning-for-t.patch + python-aqmp-stop-the-server-during-disco.patch + python-introduce-qmp-shell-wrap-convenie.patch + python-machine-raise-VMLaunchFailure-exc.patch + python-move-qmp-shell-under-the-AQMP-pac.patch + python-move-qmp-utilities-to-python-qemu.patch + python-qmp-switch-qmp-shell-to-AQMP.patch + python-support-recording-QMP-session-to-.patch + python-upgrade-mypy-to-0.780.patch + +- Drop the patches which are workaround to fix iotest issues + * Patches dropped: + Revert-python-iotests-replace-qmp-with-a.patch + Revert-python-machine-add-instance-disam.patch + Revert-python-machine-add-sock_dir-prope.patch + Revert-python-machine-handle-fast-QEMU-t.patch + Revert-python-machine-move-more-variable.patch + Revert-python-machine-remove-_remove_mon.patch + sqlite3 +- update to 3.39.3: + * Use a statement journal on DML statement affecting two or more + database rows if the statement makes use of a SQL functions + that might abort. + * Use a mutex to protect the PRAGMA temp_store_directory and + PRAGMA data_store_directory statements, even though they are + decremented and documented as not being threadsafe. + +- update to 3.39.2: + * Fix a performance regression in the query planner associated + with rearranging the order of FROM clause terms in the + presences of a LEFT JOIN. + * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and + 1345947, forum post 3607259d3c, and other minor problems + discovered by internal testing. [boo#1201783] + +- update to 3.39.1: + * Fix an incorrect result from a query that uses a view that + contains a compound SELECT in which only one arm contains a + RIGHT JOIN and where the view is not the first FROM clause term + of the query that contains the view + * Fix a long-standing problem with ALTER TABLE RENAME that can + only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set + to a very small value. + * Fix a long-standing problem in FTS3 that can only arise when + compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time + option. + * Fix the initial-prefix optimization for the REGEXP extension so + that it works correctly even if the prefix contains characters + that require a 3-byte UTF8 encoding. + * Enhance the sqlite_stmt virtual table so that it buffers all of + its output. + +- update to 3.39.0: + * Add (long overdue) support for RIGHT and FULL OUTER JOIN + * Add new binary comparison operators IS NOT DISTINCT FROM and + IS DISTINCT FROM that are equivalent to IS and IS NOT, + respective, for compatibility with PostgreSQL and SQL standards + * Add a new return code (value "3") from the sqlite3_vtab_distinct() + interface that indicates a query that has both DISTINCT and + ORDER BY clauses + * Added the sqlite3_db_name() interface + * The unix os interface resolves all symbolic links in database + filenames to create a canonical name for the database before + the file is opened + * Defer materializing views until the materialization is actually + needed, thus avoiding unnecessary work if the materialization + turns out to never be used + * The HAVING clause of a SELECT statement is now allowed on any + aggregate query, even queries that do not have a GROUP BY + clause + * Many microoptimizations collectively reduce CPU cycles by about + 2.3%. +- drop sqlite-src-3380100-atof1.patch, included upstream +- add sqlite-src-3390000-func7-pg-181.patch to skip float precision + related test failures on 32 bit + +- update to 3.38.5: + * Fix a blunder in the CLI of the 3.38.4 release +- includes changes from 3.38.4: + * fix a byte-code problem in the Bloom filter pull-down + optimization added by release 3.38.0 in which an error in the + byte code causes the byte code engine to enter an infinite loop + when the pull-down optimization encounters a NULL key + +- update to 3.38.3: + * Fix a case of the query planner be overly aggressive with + optimizing automatic-index and Bloom-filter construction, + using inappropriate ON clause terms to restrict the size of the + automatic-index or Bloom filter, and resulting in missing rows + in the output. + * Other minor patches. See the timeline for details. + +- update to 3.38.2: + * Fix a problem with the Bloom filter optimization that might + cause an incorrect answer when doing a LEFT JOIN with a WHERE + clause constraint that says that one of the columns on the + right table of the LEFT JOIN is NULL. + * Other minor patches. + +- Remove obsolete configure flags +- Package the Tcl bindings here again so that we only ship one copy + of SQLite (bsc#1195773). + +- update to 3.38.1: + * Fix problems with the new Bloom filter optimization that might + cause some obscure queries to get an incorrect answer. + * Fix the localtime modifier of the date and time functions so + that it preserves fractional seconds. + * Fix the sqlite_offset SQL function so that it works correctly + even in corner cases such as when the argument is a virtual + column or the column of a view. + * Fix row value IN operator constraints on virtual tables so that + they work correctly even if the virtual table implementation + relies on bytecode to filter rows that do not satisfy the + constraint. + * Other minor fixes to assert() statements, test cases, and + documentation. See the source code timeline for details. +- add upstream patch to run atof1 tests only on x86_64 + sqlite-src-3380100-atof1.patch + +- update to 3.38.0 + * Add the -> and ->> operators for easier processing of JSON + * The JSON functions are now built-ins + * Enhancements to date and time functions + * Rename the printf() SQL function to format() for better + compatibility, with alias for backwards compatibility. + * Add the sqlite3_error_offset() interface for helping localize + an SQL error to a specific character in the input SQL text + * Enhance the interface to virtual tables + * CLI columnar output modes are enhanced to correctly handle tabs + and newlines embedded in text, and add options like "--wrap N", + "--wordwrap on", and "--quote" to the columnar output modes. + * Query planner enhancements using a Bloom filter to speed up + large analytic queries, and a balanced merge tree to evaluate + UNION or UNION ALL compound SELECT statements that have an + ORDER BY clause. + * The ALTER TABLE statement is changed to silently ignores + entries in the sqlite_schema table that do not parse when + PRAGMA writable_schema=ON + +- update to 3.37.2: + * Fix a bug introduced in version 3.35.0 (2021-03-12) that can + cause database corruption if a SAVEPOINT is rolled back while + in PRAGMA temp_store=MEMORY mode, and other changes are made, + and then the outer transaction commits + * Fix a long-standing problem with ON DELETE CASCADE and ON + UPDATE CASCADE in which a cache of the bytecode used to + implement the cascading change was not being reset following a + local DDL change + +- update to 3.37.1: + * Fix a bug introduced by the UPSERT enhancements of version + 3.35.0 that can cause incorrect byte-code to be generated for + some obscure but valid SQL, possibly resulting in a NULL- + pointer dereference. + * Fix an OOB read that can occur in FTS5 when reading corrupt + database files. + * Improved robustness of the --safe option in the CLI. + * Other minor fixes to assert() statements and test cases. + +- SQLite3 3.37.0: + * STRICT tables provide a prescriptive style of data type + management, for developers who prefer that kind of thing. + * When adding columns that contain a CHECK constraint or a + generated column containing a NOT NULL constraint, the + ALTER TABLE ADD COLUMN now checks new constraints against + preexisting rows in the database and will only proceed if no + constraints are violated. + * Added the PRAGMA table_list statement. + * Add the .connection command, allowing the CLI to keep multiple + database connections open at the same time. + * Add the --safe command-line option that disables dot-commands + and SQL statements that might cause side-effects that extend + beyond the single database file named on the command-line. + * CLI: Performance improvements when reading SQL statements that + span many lines. + * Added the sqlite3_autovacuum_pages() interface. + * The sqlite3_deserialize() does not and has never worked + for the TEMP database. That limitation is now noted in the + documentation. + * The query planner now omits ORDER BY clauses on subqueries and + views if removing those clauses does not change the semantics + of the query. + * The generate_series table-valued function extension is modified + so that the first parameter ("START") is now required. This is + done as a way to demonstrate how to write table-valued + functions with required parameters. The legacy behavior is + available using the -DZERO_ARGUMENT_GENERATE_SERIES + compile-time option. + * Added new sqlite3_changes64() and sqlite3_total_changes64() + interfaces. + * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2(). + * Use less memory to hold the database schema. + * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert + extension when a column has no collating sequence. + sudo +- Modified sudo-sudoers.patch + * bsc#1177578 + * Removed redundant and confusing 'secure_path' settings in + sudo-sudoers file. + +- Update to 1.9.11p3: + * Changes in Sudo 1.9.11 + * Fixed a crash in the Python module with Python 3.9.10 on some systems. + Additionally, make check now passes for Python 3.9.10. + * Error messages sent via email now include more details, including the file + name and the line number and column of the error. Multiple errors are sent in + a single message. Previously, only the first error was included. + * Fixed logging of parse errors in JSON format. Previously, the JSON logger would + not write entries unless the command and runuser were set. These may not be + known at the time a parse error is encountered. + * Fixed a potential crash parsing sudoers lines larger than twice the value of + LINE_MAX on systems that lack the getdelim() function. + * The tests run by make check now unset the LANGUAGE environment variable. + Otherwise, localization strings will not match if LANGUAGE is set to a + non-English locale. Bug #1025. + * The “starttime” test now passed when run under Debian faketime. Bug #1026. + * The Kerberos authentication module now honors the custom password prompt if one + has been specified. + * The embedded copy of zlib has been updated to version 1.2.12. + * Updated the version of libtool used by sudo to version 2.4.7. + * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the + header files (currently only GNU libc). This is required to allow the use of + 64-bit time values on some 32-bit systems. + * Sudo’s intercept and log_subcmds options no longer force the command to run in + its own pseudo-terminal. It is now also possible to intercept the system(3) function. + * Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit + point messages sent by the server were incorrect if the command was suspended + or received a window size change event. + * Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration + setting was used. + * The intercept and log_subcmds functionality can now use ptrace(2) on Linux + systems that support seccomp(2) filtering. This has the advantage of working + for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode. + The following architectures are currently supported: i386, x86_64, aarch64, arm, + mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use + ptrace(2) where possible; the new intercept_type sudoers setting can be used + to explicitly set the type. + * New Georgian translation from translationproject.org. + * Fixed creating packages on CentOS Stream. + * Fixed a bug in the intercept and log_subcmds support where the execve(2) + wrapper was using the current environment instead of the passed environment + pointer. Bug #1030. + * Added AppArmor integration for Linux. A sudoers rule can now specify an + APPARMOR_PROFILE option to run a command confined by the named AppArmor profile. + * Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were + being treated as paths and an actual path was treated as an error. + * Changes in Sudo 1.9.11p1: + * Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on + some systems when piping a large amount of data through sudo, such as via rsync. + Bug #963. + * Changes to avoid implementation or unspecified behavior when bit shifting signed + values in the protobuf library. + * Fixed a compilation error on Linux/aarch64. + * Fixed the configure check for seccomp(2) support on Linux. + * Corrected the EBNF specification for tags in the sudoers manual page. + GitHub issue #153. + * Changes in Sudo 1.9.11p2: + * Fixed a compilation error on Linux/x86_64 with the x32 ABI. + * Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to + sudo_logsrvd if the command returned no output. + * Changes in Sudo 1.9.11p3: + * Fixed “connection reset” errors on AIX when running shell scripts with the intercept + or log_subcmds sudoers options enabled. Bug #1034. + * Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers + options are set on systems that enable Nagle’s algorithm on the loopback device, + such as AIX. Bug #1034. + * Modified sudo-sudoers.patch +- Added sudo-1.9.10-update_sudouser_to_utf8.patch + * [bsc#1197998] + * Enable sudouser LDAP schema to use UTF-8 encodings. + * Sourced from https://github.com/sudo-project/sudo/pull/163 + * Credit to William Brown, william.brown@suse.com + +- Use %_pam_vendordir macro +- Fix errors around LICENSE.md (fixes building on SLE12 SP5 again) + +- update to 1.9.10: + * Added new log_passwords and passprompt_regex sudoers options. If + log_passwords is disabled, sudo will attempt to prevent passwords from being + logged. If sudo detects any of the regular expressions in the passprompt_regex + list in the terminal output, sudo will log ‘*’ characters instead of the + terminal input until a newline or carriage return is found in the input or an + output character is received. + * Added new log_passwords and passprompt_regex settings to sudo_logsrvd that + operate like the sudoers options when logging terminal input. + * Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers + sources. + * Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the + retry_interval in the [relay] section was not being recognized. + * Restored the pre-1.9.9 behavior of not performing authentication when sudo’s -n + option is specified. A new noninteractive_auth sudoers option has been added to + enable PAM authentication in non-interactive mode. GitHub issue #131. + * On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo + (other systems) file is missing or invalid, sudo will now check file + descriptors 0-2 to determine the user’s terminal. Bug #1020. + * Fixed a compilation problem on Debian kFreeBSD. Bug #1021. + * Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is + received. + * Fixed an issue that resulting in “problem with defaults entries” email to be + sent if a user ran sudo when the sudoers entry in the nsswitch.conf file + includes “sss” but no sudo provider is configured in /etc/sssd/sssd.conf. + * Updated the warning displayed when the invoking user is not allowed to run + sudo. If sudo has been configured to send mail on failed attempts (see the + mail_* flags in sudoers), it will now print “This incident has been reported to + the administrator.” If the mailto or mailerpath sudoers settings are disabled, + the message will not be printed and no mail will be sent. + * Fixed a bug where the user-specified command timeout was not being honored if + the sudoers rule did not also specify a timeout. + * Added support for using POSIX extended regular expressions in sudoers rules. A + command and/or arguments in sudoers are treated as a regular expression if they + start with a ‘^’ character and end with a ‘$’. The command and arguments are + matched separately, either one (or both) may be a regular expression. + * A user may now only run sudo -U otheruser -l if they have a “sudo ALL” + privilege where the RunAs user contains either root or otheruser. Previously, + having “sudo ALL” was sufficient, regardless of the RunAs user. GitHub issue + [#134]. + * The sudo lecture is now displayed immediately before the password prompt. As a + result, sudo will no longer display the lecture unless the user needs to enter + a password. Authentication methods that don’t interact with the user via a + terminal do not trigger the lecture. + * Sudo now uses its own closefrom() emulation on Linux systems. The glibc version + may not work in a chroot jail where /proc is not available. If close_range(2) + is present, it will be used in preference to /proc/self/fd. +- drop sudo-1.9.9-honor-T_opt.patch , feature-upstream-restrict-sudo-U-other-l.patch + (upstream) + unzip +- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string + to a local string (CVE-2022-0530, bsc#1196177) + * CVE-2022-0530.patch +- Fix CVE-2022-0529, Heap out-of-bound writes and reads during + conversion of wide string to local string (CVE-2022-0529, bsc#1196180) + * CVE-2022-0529.patch + -- fix defaultattr for old distros - -- split the rcc dependency into a spec file of it's own, we don't - need that complexity during build causing cycles like this: - unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets - -- Cleanup spec file -- Add Source URL, see https://en.opensuse.org/SourceUrls - -- Don't call isprint (bnc#620483). - -- remove use of __DATE__ from correct file - -- Sync our compile time flags with Debian except Acorn stuff, this enables - UTF-8, saves an unrelated warning about lchmod being not implemented. -- Enable make check - -- use dlopen for librcc0. A direct requires causes lots of other - packages to get installed such as aspell which bloats a minimal - install. - -- Do not include build host specific info like build dates In - binaries. - -- Doing open(O_WRONLY) and then fdopen("w+") will now fail with - "Invalid Argument" whereas former glibcs would succeed. So now - do open(O_RDWR). -- Print error message when open(2) fails. -- Add debugging traces in open_outfile. - -- Update to 6.0: - * Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive - entries larger than 4 GiBytes and more than 65536 entries within a - single Zip archive. This support is currently only available for Unix, - OpenVMS and Win32/Win64. - * Support for bzip2 compression method. - * Support for UTF-8 encoded entry names, both through PKWARE's "General - Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path - extra field. (Currently, on Windows the UTF-8 handling is limited to - the character subset contained in the configured non-unicode "system - code page".) - * Fixed "Time of Creation/Time of Use" vulnerability when setting - attributes of extracted files, for Unix and Unix-like ports. - * Fixed memory leak when processing invalid deflated data. - * Fixed long-standing bug in unshrink (partial_clear), added boundary - checks against invalid compressed data. - * On Unix, keep inherited SGID attribute bit for extracted directories - unless restoration of owner/group id or SUID/SGID/Tacky attributes was - requested. - * On Unix, allow extracted filenames to contain embedded control - characters when explicitly requested by specifying the new command line - option "-^". - * On Unix, support restoration of symbolic link attributes. - * On Unix, support restoration of 32-bit UID/GID data using the new "ux" - IZUNIX3 extra field introduced with Zip 3.0. - * Support symbolic links zipped up on VMS. - * New -D option to suppress restoration of timestamps for extracted - directory entries (on those ports that support setting of directory - timestamps). By specifying "-DD", this new option also allows to - suppress timestamp restoration for ALL extracted files on all UnZip - ports which support restoration of timestamps. On VMS, the default - behaviour is now to skip restoration of directory timestamps; here, - "--D" restores ALL timestamps, "-D" restores none. - * On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP - to allow saving backup copies of overwritten files on extraction is now - enabled by default. - -- Use librcc to convert russian/slavic file names (bnc#540598). - -- enable parallel building - util-linux +- Update to version 2.37.4 (PED-1869): + * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563). + SUSE is not affected (bsc#1196241). + * CVE-2021-3996 (bsc#1194976, obsoletes + util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch) + Improper UID check in libmount allows an unprivileged user to unmount FUSE + filesystems of users with similar UID. + * CVE-2021-3995 (bsc#1194976, obsoletes + util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch) + This issue is related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. +- linux-fs.patch: Fix conflict between and + +- libuuid improvements (bsc#1201959, PED-1150): + * libuuid: Fix range when parsing UUIDs + (util-linux-libuuid-uuid_parse-overrun.patch). + * Improve cache handling for short running applications-increment + the cache size over runtime + (util-linux-libuuid-improve-cache-handling.patch). + * Implement continuous clock handling for time based UUIDs + (util-linux-libuuid-continuous-clock-handling.patch). + * Check clock value from clock file to provide seamless libuuid + update (util-linux-libuuid-check-clock-value.patch). + util-linux-systemd +- Update to version 2.37.4 (PED-1869): + * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563). + SUSE is not affected (bsc#1196241). + * CVE-2021-3996 (bsc#1194976, obsoletes + util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch) + Improper UID check in libmount allows an unprivileged user to unmount FUSE + filesystems of users with similar UID. + * CVE-2021-3995 (bsc#1194976, obsoletes + util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch) + This issue is related to parsing the /proc/self/mountinfo file allows an + unprivileged user to unmount other user's filesystems that are either + world-writable themselves or mounted in a world-writable directory. +- linux-fs.patch: Fix conflict between and + +- libuuid improvements (bsc#1201959, PED-1150): + * libuuid: Fix range when parsing UUIDs + (util-linux-libuuid-uuid_parse-overrun.patch). + * Improve cache handling for short running applications-increment + the cache size over runtime + (util-linux-libuuid-improve-cache-handling.patch). + * Implement continuous clock handling for time based UUIDs + (util-linux-libuuid-continuous-clock-handling.patch). + * Check clock value from clock file to provide seamless libuuid + update (util-linux-libuuid-check-clock-value.patch). + vsftpd +- Apply "disable-tls13-to-support-older-openssl-versions.patch" + when building on SLE-15. This is necessary, because openssl_1_1 + on that codestream is version 1.1.0 rather than 1.1.1 and that + older version has no TLSv1.3 support. [bsc#1187686] + +- When building on Tumbleweed, move logrotate files from user + specific directory /etc/logrotate.d to vendor specific directory + /usr/etc/logrotate.d. Builds on other codestreams still use the + original location. + +- Use rpm conditional to build against the proper OpenSSL version + on all distributions. [jsc#PM-3322, bsc#1187686] + -- Apply "add vsftpd-allow-dev-log-socket.patch" to allow sendto() +- Apply "vsftpd-allow-dev-log-socket.patch" to allow sendto() webkit2gtk3 +- Update to version 2.36.8 (boo#1203530): + + Fix jumpy elements when scrolling GitLab and other web sites. + + Fix WebKitWebView:web-process-terminated signal not being + emitted for the first web view when sandboxing is enabled. + + Fix hang when opening HTML