Removed rpms
============
- glibc-32bit
- glibc-locale-base-32bit
- libblkid1-32bit
- libdevmapper1_03-32bit
- libexpat1-32bit
- libgcrypt20-32bit
- libtirpc3-32bit
- qemu-ipxe
- qemu-seabios
- iscsiuio
- libgnutls30-32bit
- libmount1-32bit
- libnettle8-32bit
- perl-TermReadLine-Gnu
- qemu-microvm
- qemu-vgabios
Added rpms
==========
- glibc-32bit
- glibc-locale-base-32bit
- libgnutls30-32bit
- libjitterentropy3-32bit
- libmount1-32bit
- libnettle8-32bit
- qemu-microvm
- qemu-vgabios
- libblkid1-32bit
- libbpf0
- libcapstone4
- libdevmapper1_03-32bit
- libexpat1-32bit
- libgcrypt20-32bit
- libjitterentropy3
- libtirpc3-32bit
- perl-Term-ReadLine-Gnu
- qemu-ipxe
- qemu-seabios
Package Source Changes
======================
ImageMagick
+ fix CVE-2022-3213 [bsc#1203450], heap buffer overflow while processing a malformed TIFF file
+ + ImageMagick-CVE-2022-3213.patch
+
+- security update
+- added patches
LibVNCServer
+- security update
+- added patches
+ fix CVE-2020-29260 [bsc#1203106], memory leakage via rfbClientCleanup()
+ + LibVNCServer-CVE-2020-29260.patch
+
MozillaFirefox
+- Firefox 102.3.0esr ESR
+ Placeholder changelog-entry (bsc#1203477)
+- Rebase mozilla-silence-no-return-type.patch to apply with fuzz=0
+
+- Firefox 102.2.0esr ESR
+ * Fixed: Various stability, functionality, and security fixes.
+ MFSA 2022-34 (bsc#1202645)
+ * CVE-2022-38472 (bmo#1769155)
+ Address bar spoofing via XSLT error handling
+ * CVE-2022-38473 (bmo#1771685)
+ Cross-origin XSLT Documents would have inherited the parent's
+ permissions
+ * CVE-2022-38476 (bmo#1760998)
+ Data race and potential use-after-free in PK11_ChangePW
+ * CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159,
+ bmo#1773363)
+ Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
+ * CVE-2022-38478 (bmo#1770630, bmo#1776658)
+ Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
+ and Firefox ESR 91.13
+- Add mozilla-bmo1775202.patch to fix build on ppc64le
+- Firefox Extended Support Release 102.1 ESR
+ * Fixed: Various stability, functionality, and security fixes.
+ MFSA 2022-30 (bsc#1201758)
+ * CVE-2022-36319 (bmo#1737722)
+ Mouse Position spoofing with CSS transforms
+ * CVE-2022-36318 (bmo#1771774)
+ Directory indexes for bundled resources reflected URL
+ parameters
+ * CVE-2022-36314 (bmo#1773894)
+ Opening local <code>.lnk</code> files could cause unexpected
+ network loads
+ * CVE-2022-2505 (bmo#1769739, bmo#1772824)
+ Memory safety bugs fixed in Firefox 103 and 102.1
+- Firefox Extended Support Release 102.0.1 ESR
+ * Fixed: Fixed bookmark shortcut creation by dragging to
+ Windows File Explorer and dropping partially broken
+ (bmo#1774683)
+ * Fixed: Fixed bookmarks sidebar flashing white when opened in
+ dark mode (bmo#1776157)
+ * Fixed: Fixed multilingual spell checking not working with
+ content in both English and a non-Latin alphabet
+ (bmo#1773802)
+ * Fixed: Developer tools: Fixed an issue where the console
+ output keep getting scrolled to the bottom when the last
+ visible message is an evaluation result (bmo#1776262)
+ * Fixed: Fixed *Delete cookies and site data when Firefox is
+ closed* checkbox getting disabled on startup (bmo#1777419)
+ * Fixed: Various stability fixes
+- Firefox 102.0 ESR
+ * New:
+ - We now provide more secure connections: Firefox can
+ now automatically upgrade to HTTPS using HTTPS RR as Alt-Svc
+ headers.
+ - For added viewing pleasure, full-range color levels are now
+ supported for video playback on many systems.
+ - Find it easier now! Mac users can now access the macOS
+ share options from the Firefox File menu.
+ - Voilà ! Support for images containing ICC v4 profiles is
+ enabled on macOS.
+ - Firefox now supports the new AVIF image format, which is
+ based on the modern and royalty-free AV1 video codec. It
+ offers significant bandwidth savings for sites compared to
+ existing image formats. It also supports transparency and
+ other advanced features.
+ - Firefox PDF viewer now supports filling more forms (e.g.,
+ XFA-based forms, used by multiple governments and banks).
+ Learn more.
+ - When available system memory is critically low, Firefox on
+ Windows will automatically unload tabs based on their last
+ access time, memory usage, and other attributes. This helps
+ to reduce Firefox out-of-memory crashes. Forgot something?
+ Switching to an unloaded tab automatically reloads it.
+ - To prevent session loss for macOS users who are running
+ Firefox from a mounted .dmg file, they’ll now be prompted to
+ finish installation. Bear in mind, this permission prompt
+ only appears the first time these users run Firefox on their
+ computer.
+ - For your safety, Firefox now blocks downloads that rely on
+ insecure connections, protecting against potentially
+ malicious or unsafe downloads. Learn more and see where to
+ find downloads in Firefox.
+ - Improved web compatibility for privacy protections with
+ SmartBlock 3.0: In Private Browsing and Strict Tracking
+ Protection, Firefox goes to great lengths to protect your web
+ browsing activity from trackers. As part of this, the built-
+ in content blocking will automatically block third-party
+ scripts, images, and other content from being loaded from
+ cross-site tracking companies reported by Disconnect. Learn
+ more.
+ - Introducing a new referrer tracking protection in Strict
+ Tracking Protection and Private Browsing. This feature
+ prevents sites from unknowingly leaking private information
+ to trackers. Learn more.
+ - Introducing Firefox Suggest, a feature that provides
+ website suggestions as you type into the address bar. Learn
+ more about this faster way to navigate the web and locale-
+ specific features.
+ - Firefox macOS now uses Apple's low-power mode for
+ fullscreen video on sites such as YouTube and Twitch. This
+ meaningfully extends battery life in long viewing sessions.
+ Now your kids can find out what the fox says on a loop
+ without you ever missing a beat…
+ - With this release, power users can use about:unloads to
+ release system resources by manually unloading tabs without
+ closing them.
+ - On Windows, there will now be fewer interruptions because
+ Firefox won’t prompt you for updates. Instead, a background
+ agent will download and install updates even if Firefox is
+ closed.
+ - On Linux, we’ve improved WebGL performance and reduced
+ power consumption for many users.
+ - To better protect all Firefox users against side-channel
+ attacks, such as Spectre, we introduced Site Isolation.
+ - Firefox no longer warns you by default when you exit the
+ browser or close a window using a menu, button, or three-key
+ command. This should cut back on unwelcome notifications,
+ which is always nice—however, if you prefer a bit of notice,
+ you’ll still have full control over the quit/close modal
+ behavior. All warnings can be managed within Firefox
+ Settings. No worries! More details here.
+ - Firefox supports the new Snap Layouts menus when running on
+ Windows 11.
+ - RLBox—a new technology that hardens Firefox against
+ potential security vulnerabilities in third-party
+ libraries—is now enabled on all platforms.
+ - We’ve reduced CPU usage on macOS in Firefox and
+ WindowServer during event processing.
+ - We’ve also reduced the power usage of software decoded
+ video on macOS, especially in fullscreen. This includes
+ streaming sites such as Netflix and Amazon Prime Video.
+ - You can now move the Picture-in-Picture toggle button to
+ the opposite side of the video. Simply look for the new
+ context menu option Move Picture-in-Picture Toggle to Left
+ (Right) Side.
+ - We’ve made significant improvements in noise suppression
+ and auto-gain-control, as well as slight improvements in
+ echo-cancellation to provide you with a better overall
+ experience.
+ - We’ve also significantly reduced main-thread load.
+ - When printing, you can now choose to print only the
+ odd/even pages.
+ - Firefox now supports and displays the new style of
+ scrollbars on Windows 11.
+ - Firefox has a new optimized download flow. Instead of
+ prompting every time, files will download automatically.
+ However, they can still be opened from the downloads panel
+ with just one click. Easy! More information
+ - Firefox no longer asks what to do for each file by default.
+ You won’t be prompted to choose a helper application or save
+ to disk before downloading a file unless you have changed
+ your download action setting for that type of file.
+ - Any files you download will be immediately saved on your
+ disk. Depending on the current configuration, they’ll be
+ saved in your preferred download folder, or you’ll be asked
+ to select a location for each download. Windows and Linux
+ users will find their downloaded files in the destination
+ folder. They’ll no longer be put in the Temp folder.
+ - Firefox allows users to choose from a number of built-in
+ search engines to set as their default. In this release, some
+ users who had previously configured a default engine might
+ notice their default search engine has changed since Mozilla
+ was unable to secure formal permission to continue including
+ certain search engines in Firefox.
+ - You can now toggle Narrate in ReaderMode with the keyboard
+ shortcut "n."
+ - You can find added support for search—with or without
+ diacritics—in the PDF viewer.
+ - The Linux sandbox has been strengthened: processes exposed
+ to web content no longer have access to the X Window system
+ (X11).
+ - Firefox now supports credit card autofill and capture in
+ Germany, France, and the United Kingdom.
+ - We now support captions/subtitles display on YouTube, Prime
+ Video, and Netflix videos you watch in Picture-in-Picture.
+ Just turn on the subtitles on the in-page video player, and
+ they will appear in PiP.
+ - Picture-in-Picture now also supports video captions on
+ websites that use Web Video Text Track (WebVTT) format (e.g.,
+ Coursera.org, Canadian Broadcasting Corporation, and many
+ more).
+ - On the first run after install, Firefox detects when its
+ language does not match the operating system language and
+ offers the user a choice between the two languages.
+ - Firefox spell checking now checks spelling in multiple
+ languages. To enable additional languages, select them in the
+ text field’s context menu.
+ - HDR video is now supported in Firefox on Mac—starting with
+ YouTube! Firefox users on macOS 11+ (with HDR-compatible
+ screens) can enjoy higher-fidelity video content. No need to
+ manually flip any preferences to turn HDR video support
+ on—just make sure battery preferences are NOT set to
+ “optimize video streaming while on batteryâ€.
+ - Hardware-accelerated AV1 video decoding is enabled on
+ Windows with supported GPUs (Intel Gen 11+, AMD RDNA 2
+ Excluding Navi 24, GeForce 30). Installing the AV1 Video
+ Extension from the Microsoft Store may also be required.
+ - Video overlay is enabled on Windows for Intel GPUs,
+ reducing power usage during video playback.
+ - Improved fairness between painting and handling other
+ events. This noticeably improves the performance of the
+ volume slider on Twitch.
+ - Scrollbars on Linux and Windows 11 won't take space by
+ default. On Linux, users can change this in Settings. On
+ Windows, Firefox follows the system setting (System Settings
+ > Accessibility > Visual Effects > Always show scrollbars).
+ - Firefox now ignores less restricted referrer
+ policies—including unsafe-url, no-referrer-when-downgrade,
+ and origin-when-cross-origin—for cross-site
+ subresource/iframe requests to prevent privacy leaks from the
+ referrer.
+ - Reading is now easier with the prefers-contrast media
+ query, which allows sites to detect if the user has requested
+ that web content is presented with a higher (or lower)
+ contrast.
+ - All non-configured MIME types can now be assigned a custom
+ action upon download completion.
+ - Firefox now allows users to use as many microphones as they
+ want, at the same time, during video conferencing. The most
+ exciting benefit is that you can easily switch your
+ microphones at any time (if your conferencing service
+ provider enables this flexibility).
+ - Print preview has been updated.
+ * Fixed: Various security fixes.
+ MFSA 2022-24 (bsc#1200793)
+ * CVE-2022-34479 (bmo#1745595)
+ A popup window could be resized in a way to overlay the
+ address bar with web content
+ * CVE-2022-34470 (bmo#1765951)
+ Use-after-free in nsSHistory
+ * CVE-2022-34468 (bmo#1768537)
+ CSP sandbox header without `allow-scripts` can be bypassed
+ via retargeted javascript: URI
+ * CVE-2022-34482 (bmo#845880)
+ Drag and drop of malicious image could have led to malicious
+ executable and potential code execution
+ * CVE-2022-34483 (bmo#1335845)
+ Drag and drop of malicious image could have led to malicious
+ executable and potential code execution
+ * CVE-2022-34476 (bmo#1387919)
+ ASN.1 parser could have been tricked into accepting malformed
+ ASN.1
+ * CVE-2022-34481 (bmo#1483699, bmo#1497246)
+ Potential integer overflow in ReplaceElementsAt
+ * CVE-2022-34474 (bmo#1677138)
+ Sandboxed iframes could redirect to external schemes
+ * CVE-2022-34469 (bmo#1721220)
+ TLS certificate errors on HSTS-protected domains could be
+ bypassed by the user on Firefox for Android
+ * CVE-2022-34471 (bmo#1766047)
+ Compromised server could trick a browser into an addon
+ downgrade
+ * CVE-2022-34472 (bmo#1770123)
+ Unavailable PAC file resulted in OCSP requests being blocked
+ * CVE-2022-34478 (bmo#1773717)
+ Microsoft protocols can be attacked if a user accepts a
+ prompt
+ * CVE-2022-2200 (bmo#1771381)
+ Undesired attributes could be set as part of prototype
+ pollution
+ * CVE-2022-34480 (bmo#1454072)
+ Free of uninitialized pointer in lg_init
+ * CVE-2022-34477 (bmo#1731614)
+ MediaError message property leaked information on cross-
+ origin same-site pages
+ * CVE-2022-34475 (bmo#1757210)
+ HTML Sanitizer could have been bypassed via same-origin
+ script via use tags
+ * CVE-2022-34473 (bmo#1770888)
+ HTML Sanitizer could have been bypassed via use tags
+ * CVE-2022-34484 (bmo#1763634, bmo#1772651)
+ Memory safety bugs fixed in Firefox 102 and Firefox ESR 91.11
+ * CVE-2022-34485 (bmo#1768409, bmo#1768578)
+ Memory safety bugs fixed in Firefox 102
+- Add patch one_swizzle_to_rule_them_all.patch to fix big endian
+ platforms and remove old patches for this:
+ mozilla-bmo1626236.patch and mozilla-bmo1602730.patch
+- Rename and rebase firefox-i586-conflict-typedef-error.patch
+ to mozilla-bmo531915.patch
+- Remove upstreamed mozilla-sandbox-fips.patch
+
aaa_base
+- Add patch git-46-78b2a0b29381c16bec6b2a8fc7eabaa9925782d7.patch
+ * The wrapper rootsh is not a restricted shell (bsc#1199492)
+
ca-certificates-mozilla
+- Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
+ Added:
+ - Certainly Root E1
+ - Certainly Root R1
+ - DigiCert SMIME ECC P384 Root G5
+ - DigiCert SMIME RSA4096 Root G5
+ - DigiCert TLS ECC P384 Root G5
+ - DigiCert TLS RSA4096 Root G5
+ - E-Tugra Global Root CA ECC v3
+ - E-Tugra Global Root CA RSA v3
+ Removed:
+ - Hellenic Academic and Research Institutions RootCA 2011
+
+- Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
+ Added:
+ - Autoridad de Certificacion Firmaprofesional CIF A62634068
+ - D-TRUST BR Root CA 1 2020
+ - D-TRUST EV Root CA 1 2020
+ - GlobalSign ECC Root CA R4
+ - GTS Root R1
+ - GTS Root R2
+ - GTS Root R3
+ - GTS Root R4
+ - HiPKI Root CA - G1
+ - ISRG Root X2
+ - Telia Root CA v2
+ - vTrus ECC Root CA
+ - vTrus Root CA
+ Removed:
+ - Cybertrust Global Root
+ - DST Root CA X3
+ - DigiNotar PKIoverheid CA Organisatie - G2
+ - GlobalSign ECC Root CA R4
+ - GlobalSign Root CA R2
+ - GTS Root R1
+ - GTS Root R2
+ - GTS Root R3
+ - GTS Root R4
+
+- updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
+- Added CAs:
+ + HARICA Client ECC Root CA 2021
+ + HARICA Client RSA Root CA 2021
+ + HARICA TLS ECC Root CA 2021
+ + HARICA TLS RSA Root CA 2021
+ + TunTrust Root CA
+
+- Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
+- Added new root CAs:
+ - NAVER Global Root Certification Authority
+- Removed old root CA:
+ - GeoTrust Global CA
+ - GeoTrust Primary Certification Authority
+ - GeoTrust Primary Certification Authority - G3
+ - GeoTrust Universal CA
+ - GeoTrust Universal CA 2
+ - thawte Primary Root CA
+ - thawte Primary Root CA - G2
+ - thawte Primary Root CA - G3
+ - VeriSign Class 3 Public Primary Certification Authority - G4
+ - VeriSign Class 3 Public Primary Certification Authority - G5
+
cifs-utils
- * mount.cifs: fix verbose messages on option parsing
+ * mount.cifs: fix verbose messages on option parsing (bsc#1198976, CVE-2022-29869)
colord
+- Add colord-CVE-2021-42523.patch: fix a small memory leak in
+ sqlite3_exec (boo#1202802 CVE-2021-42523).
+
dmidecode
+2 recommended fixes from upstream:
+- news-fix-typo.patch: We ship the NEWS file so avoid including a
+ typo in it.
+- dmioem-fix-segmentation-fault-in-dmi_hp_240_attr.patch: Passing
+ NULL to a %s printf conversion specifier is illegal, and can
+ result in a segmentation fault. Current version of glibc doesn't
+ mind, but alternative, past or future libc implementations could
+ crash, so let's fix it.
+
+- Update to upstream version 3.4:
+ * This update implements jsc#SLE-24502 and jsc#PED-1466.
+ * [COMPATIBILITY] Document how the UUID fields are interpreted.
+ * [PORTABILITY] Don't use memcpy on /dev/mem on arm64.
+ * Support for SMBIOS 3.4.0. This includes new memory device types, new
+ processor upgrades, new slot types and characteristics, decoding of memory
+ module extended speed, new system slot types, new processor characteristics
+ and new format of Processor ID.
+ * Support for SMBIOS 3.5.0. This includes new processor upgrades, BIOS
+ characteristics, new slot characteristics, new on-board device types, new
+ pointing device interface types, and a new record type (type 45 -
+ Firmware Inventory Information).
+ * Decode HPE OEM records 194, 199, 203, 236, 237, 238 ans 240.
+ * Bug fixes:
+ Fix OEM vendor name matching
+ * Minor improvements:
+ Add bios-revision, firmware-revision and system-sku-number to -s option
+ Use the most appropriate unit for cache size
+ Decode system slot base bus width and peers
+ Skip details of uninstalled memory modules
+ Don't display the raw CPU ID in quiet mode
+ Improve the formatting of the manual pages
+ * Obsoletes dmidecode-add-enumerated-values-from-smbios-3.3.0.patch,
+ dmidecode-add-logical-non-volatile-device.patch,
+ dmidecode-add-memory-device-types-from-smbios-3.4.0.patch,
+ dmidecode-add-processor-characteristics-bits-from-smbios-3.4.0.patch,
+ dmidecode-add-processor-upgrades-from-smbios-3.4.0.patch,
+ dmidecode-add-slot-characteristics2-from-smbios-3.4.0.patch,
+ dmidecode-add-system-slot-types-from-smbios-3.4.0.patch,
+ dmidecode-fix-formatting-of-tpm-table-output.patch,
+ dmidecode-fix-redfish-hostname-print-length.patch,
+ dmidecode-fix-system-slot-information-for-pcie-ssd.patch,
+ dmidecode-missing-commas.patch,
+ dmidecode-only-scan-dev-mem-for-entry-point-on-x86.patch and
+ dmidecode-skip-details-of-uninstalled-memory-modules.patch.
+
dracut
+- Update to version 055+suse.300.ge878982d:
+ * chore(suse): change default persistent policy (jsc#PED-1885)
+ * fix(systemd): add missing modprobe@.service (bsc#1203749)
+ * fix(i18n): do not fail if FONT in /etc/vconsole.conf has the file extension (bsc#1203267)
+
expat
+- Security fix:
+ * (CVE-2022-40674, bsc#1203438) use-after-free in the doContent
+ function in xmlparse.c
+ - Added patch expat-CVE-2022-40674.patch
+
+- Security fixes:
+ * (CVE-2022-25236, bsc#1196784) [>=2.4.5] Fix to CVE-2022-25236
+ breaks biboumi, ClairMeta, jxmlease, libwbxml,
+ openleadr-python, rnv, xmltodict
+ - Added expat-CVE-2022-25236-relax-fix.patch
+
+- Security fixes:
+ * (CVE-2022-25236, bsc#1196025) Expat before 2.4.5 allows
+ attackers to insert namespace-separator characters into
+ namespace URIs
+ - Added expat-CVE-2022-25236.patch
+ * (CVE-2022-25235, bsc#1196026) xmltok_impl.c in Expat before
+ 2.4.5 does not check whether a UTF-8 character is valid in a
+ certain context.
+ - Added expat-CVE-2022-25235.patch
+ * (CVE-2022-25313, bsc#1196168) Stack exhaustion in
+ build_model() via uncontrolled recursion
+ - Added expat-CVE-2022-25313.patch
+ - The fix upstream introduced a regression that was later
+ amended in 2.4.6 version
+ + Added expat-CVE-2022-25313-fix-regression.patch
+ * (CVE-2022-25314, bsc#1196169) Integer overflow in copyString
+ - Added expat-CVE-2022-25314.patch
+ * (CVE-2022-25315, bsc#1196171) Integer overflow in storeRawNames
+ - Added expat-CVE-2022-25315.patch
+
+- Update to latest version 2.4.4 in SLE-15-SP4 [jsc#SLE-21253]
+
+- update to 2.4.4 (bsc#1195217, bsc#1195054):
+ * Security fixes:
+ - CVE-2022-23852 -- Fix signed integer overflow
+ (undefined behavior) in function XML_GetBuffer
+ that is also called by function XML_Parse internally)
+ for when XML_CONTEXT_BYTES is defined to >0 (which is both
+ common and default).
+ Impact is denial of service or more.
+ - CVE-2022-23990 -- Fix unsigned integer overflow in function
+ doProlog triggered by large content in element type
+ declarations when there is an element declaration handler
+ present (from a prior call to XML_SetElementDeclHandler).
+ Impact is denial of service or more.
+ * Bug fixes:
+ - xmlwf: Fix a memory leak on output file opening error
+ * Other changes:
+ - Version info bumped from 9:3:8 to 9:4:8;
+ see https://verbump.de/ for what these numbers do
+ * Drop unused file valid-xhtml10.png
+
+- update to 2.4.3 (bsc#1194251, bsc#1194362, bsc#1194474,
+ bsc#1194476, bsc#1194477, bsc#1194478, bsc#1194479, bsc#1194480):
+ * CVE-2021-45960 -- Fix issues with left shifts by >=29 places
+ resulting in
+ a) realloc acting as free
+ b) realloc allocating too few bytes
+ c) undefined behavior
+ depending on architecture and precise value
+ for XML documents with >=2^27+1 prefixed attributes
+ on a single XML tag a la
+ "<r xmlns:a='[..]' a:a123='[..]' [..] />"
+ where XML_ParserCreateNS is used to create the parser
+ (which needs argument "-n" when running xmlwf).
+ Impact is denial of service, or more.
+ * CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
+ on variable m_groupSize in function doProlog leading
+ to realloc acting as free.
+ Impact is denial of service or more.
+ * CVE-2022-22822 to CVE-2022-22827 -- Prevent integer overflows
+ near memory allocation at multiple places. Mitre assigned
+ a dedicated CVE for each involved internal C function:
+ - CVE-2022-22822 for function addBinding
+ - CVE-2022-22823 for function build_model
+ - CVE-2022-22824 for function defineAttribute
+ - CVE-2022-22825 for function lookup
+ - CVE-2022-22826 for function nextScaffoldPart
+ - CVE-2022-22827 for function storeAtts
+ Impact is denial of service or more.
+
+- update to 2.4.2:
+ * Link againgst libm for function "isnan"
+ * Include expat_config.h as early as possible
+ * Autotools: Include files with release archives:
+ - buildconf.sh
+ - fuzz/*.c
+ * Autotools: Sync CMake templates
+ * docs: Document that function XML_GetBuffer may return NULL
+ when asking for a buffer of 0 (zero) bytes size
+ * docs: Fix return value docs for both
+ XML_SetBillionLaughsAttackProtection* functions
+ * Version info bumped from 9:1:8 to 9:2:8
+
+- Update to 2.4.1 in SLE-15-SP4 [jsc#SLE-21253]
+ * Remove expat-CVE-2018-20843.patch upstream
+
+- Update to 2.4.1:
+ * Bug fixes:
+ - Autotools: Fix installed header expat_config.h for multilib
+ systems; regression introduced in 2.4.0 by pull request #486
+ * Other changes:
+ - Version info bumped from 9:0:8 to 9:1:8; see
+ https://verbump.de/ for what these numbers do
+
+- Update to 2.4.0: [CVE-2013-0340 "Billion Laughs"]
+ * Security fixes:
+ - CVE-2013-0340/CWE-776 -- Protect against billion laughs attacks
+ (denial-of-service; flavors targeting CPU time or RAM or both,
+ leveraging general entities or parameter entities or both)
+ by tracking and limiting the input amplification factor
+ (<amplification> := (<direct> + <indirect>) / <direct>).
+ By conservative default, amplification up to a factor of 100.0
+ is tolerated and rejection only starts after 8 MiB of output bytes
+ (=<direct> + <indirect>) have been processed.
+ The fix adds the following to the API:
+ - A new error code XML_ERROR_AMPLIFICATION_LIMIT_BREACH to
+ signals this specific condition.
+ - Two new API functions ..
+ - XML_SetBillionLaughsAttackProtectionMaximumAmplification and
+ - XML_SetBillionLaughsAttackProtectionActivationThreshold
+ .. to further tighten billion laughs protection parameters
+ when desired. Please see file "doc/reference.html" for details.
+ If you ever need to increase the defaults for non-attack XML
+ payload, please file a bug report with libexpat.
+ - Two new XML_FEATURE_* constants ..
+ - that can be queried using the XML_GetFeatureList function, and
+ - that are shown in "xmlwf -v" output.
+ - Two new environment variable switches ..
+ - EXPAT_ACCOUNTING_DEBUG=(0|1|2|3) and
+ - EXPAT_ENTITY_DEBUG=(0|1)
+ .. for runtime debugging of accounting and entity processing.
+ Specific behavior of these values may change in the future.
+ - Two new command line arguments "-a FACTOR" and "-b BYTES"
+ for xmlwf to further tighten billion laughs protection
+ parameters when desired.
+ If you ever need to increase the defaults for non-attack XML
+ payload, please file a bug report with libexpat.
+ * Bug fixes:
+ - For (non-default) compilation with -DEXPAT_MIN_SIZE=ON (CMake)
+ or CPPFLAGS=-DXML_MIN_SIZE (GNU Autotools): Fix segfault
+ for UTF-16 payloads containing CDATA sections.
+ - Autotools: Fix generated CMake files for non-64bit and
+ non-Linux platforms (e.g. macOS and MinGW in particular)
+ that were introduced with release 2.3.0
+ * Other changes:
+ - xmlwf: Improve help output and the xmlwf man page
+ - xmlwf: Improve maintainability through some refactoring
+ - xmlwf: Fix man page DocBook validity
+ - CMake: Support absolute paths for both CMAKE_INSTALL_LIBDIR
+ and CMAKE_INSTALL_INCLUDEDIR
+ - CMake: Add support for standard variable BUILD_SHARED_LIBS
+ - Unexpose symbol _INTERNAL_trim_to_complete_utf8_characters
+ - Resolve macro HAVE_EXPAT_CONFIG_H
+ - Delete unused legacy helper file "conftools/PrintPath"
+ - doc/reference.html: Fix XHTML validity
+ - doc/reference.html: Replace the 90s look by OK.css
+ - Version info bumped from 8:0:7 to 9:0:8 due to addition of
+ new symbols and error codes; see https://verbump.de/ for
+ what these numbers do
+
+- Do not BuildRequire cmake: expat is part of the distro bootstrap
+ cycle and any additional dependency makes the ring larger. In
+ this case here, cmake was even only used to own a directory.
+
+- update to 2.3.0:
+ * When calling XML_ParseBuffer without a prior successful call to
+ XML_GetBuffer as a user, no longer trigger undefined behavior
+ (by adding an integer to a NULL pointer) but rather return
+ XML_STATUS_ERROR and set the error code to (new) code
+ XML_ERROR_NO_BUFFER. Found by UBSan (UndefinedBehaviorSanitizer)
+ of Clang 11 (but not Clang 9).
+ * xmlwf: Exit status 2 was used for both:
+ - malformed input files (documented) and
+ - invalid command-line arguments (undocumented).
+ case of invalid command-line arguments now
+ has its own exit status 4, resolving the ambiguity.
+ * Other changes
+
+- Update to 2.2.10:
+ * Bug fixes:
+ - Fix undefined behavior during parsing caused by pointer
+ arithmetic with NULL pointers
+ - Fix reading uninitialized variable during parsing
+ - xmlwf: Add missing check for malloc NULL return
+ * Other changes:
+ - xmlwf: Document exit codes in xmlwf manpage and exit with code 3
+ (rather than code 1) for output errors when used with "-d DIRECTORY"
+ - Autotools: Use -Werror while configure tests the compiler for
+ supported compile flags to avoid false positives
+ - Autotools: Improve handling of user (C|CPP|CXX|LD)FLAGS, e.g.
+ ensure that they have the last word over flags added while
+ running ./configure
+ - CMake: Create libexpatw.{dll,so} and expatw.pc (with emphasis
+ on suffix "w") with -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
+ - CMake: Detect and deny unsupported build combinations
+ involving -DEXPAT_CHAR_TYPE=(ushort|wchar_t)
+ - CMake: Install pre-compiled shipped xmlwf.1 manpage in case
+ of -DEXPAT_BUILD_DOCS=OFF
+ - CMake: Fix use of Expat by means of add_subdirectory
+ - CMake: Keep expat target name constant at "expat" (i.e. refrain
+ from using the target name to control build artifact filenames)
+ - CMake: Expose man page compilation as target "xmlwf-manpage"
+ - CMake: Introduce option EXPAT_BUILD_PKGCONFIG to control
+ generation of pkg-config file "expat.pc"
+ - CMake: Add minimalistic support for building binary packages
+ with CMake target "package"; based on CPack
+ - CMake: Add option -DEXPAT_OSSFUZZ_BUILD=(ON|OFF) with default
+ OFF to build fuzzer code against OSS-Fuzz and related
+ environment variable LIB_FUZZING_ENGINE
+ - Fix testsuite for -DEXPAT_DTD=OFF and -DEXPAT_NS=OFF
+ - Address compiler warnings
+ - Address pngcheck warnings with doc/*.png images: Version info
+ bumped from 7:11:6 to 7:12:6
+
+- Version update to 2.2.9
+ * Other changes:
+ - examples: Drop executable bits from elements.c
+ [#349] Windows: Change the name of the Windows DLLs from expat*.dll
+ to libexpat*.dll once more (regression from 2.2.8, first
+ fixed in 1.95.3, issue #61 on SourceForge today,
+ was issue #432456 back then); needs a fix due
+ case-insensitive file systems on Windows and the fact that
+ Perl's XML::Parser::Expat compiles into Expat.dll.
+ [#347] Windows: Only define _CRT_RAND_S if not defined
+ Version info bumped from 7:10:6 to 7:11:6
+
+- Version update to 2.2.8
+ * Security fixes: (CVE-2019-15903, bsc#1149429)
+ - CVE-2019-15903 -- Fix heap overflow triggered by XML_GetCurrentLineNumber
+ (or XML_GetCurrentColumnNumber), and deny internal entities closing the doctype;
+ * Bug fixes:
+ - Fix cases where XML_StopParser did not have any effect
+ when called from inside of an end element handler
+ - xmlwf: Fix exit code for operation without "-d DIRECTORY";
+ previously, only "-d DIRECTORY" would give you a proper exit code:
+ Now both cases return exit code 2.
+ * Other changes:
+ - examples: Improve elements.c
+ - Autotools: Add argument --enable-xml-attr-info
+ - Autotools: Add arguments --with-getrandom --without-getrandom --with-sys-getrandom --without-sys-getrandom
+ - Autotools: Fix linking issues with "./configure LD=clang"
+ - Autotools: Fix "make run-xmltest" for out-of-source builds
+ - CMake: Pull all options from Expat <=2.2.7 into namespace
+ - CMake: Add argument -DEXPAT_ATTR_INFO=(ON|OFF), default OFF
+ - CMake: Add argument -DEXPAT_LARGE_SIZE=(ON|OFF), default OFF
+ - CMake: Add argument -DEXPAT_MIN_SIZE=(ON|OFF), default OFF
+ - CMake: Add arguments -DEXPAT_WITH_GETRANDOM=(ON|OFF|AUTO), default AUTO
+ - CMake: Add arguments -DEXPAT_WITH_SYS_GETRANDOM=(ON|OFF|AUTO), default AUTO
+ - CMake: Install expat_config.h to include directory
+ - CMake: Generate and install configuration files for future find_package(expat [..] CONFIG [..])
+ - CMake: Now produces a summary of applied configuration
+ - CMake: Require C++ compiler only when tests are enabled
+ - CMake: Fix compilation for 16bit character types, i.e. ex -DXML_UNICODE=ON (and ex -DXML_UNICODE_WCHAR_T=ON)
+ - CMake: Port "make run-xmltest" from GNU Autotools to CMake
+ - CMake: Integrate OSS-Fuzz fuzzers, option -DEXPAT_BUILD_FUZZERS=(ON|OFF), default OFF
+- Removed patches fixed in the update:
+ * expat-CVE-2019-15903.patch
+ * expat-CVE-2019-15903-tests.patch
+
+- Security fix (CVE-2019-15903, bsc#1149429)
+ * Crafted XML input results in heap-based buffer over-read by fooling
+ the parser into changing from DTD parsing to document parsing
+ * Added patches:
+ - expat-CVE-2019-15903.patch
+ - expat-CVE-2019-15903-tests.patch
+
+- Version update to 2.2.7 (CVE-2018-20843, bsc#1139937)
+ * Security fixes:
+ - CVE-2018-20843 - Fix extraction of namespace prefixes from
+ XML names; XML names with multiple colons could end up in
+ the wrong namespace, and take a high amount of RAM and CPU
+ resources while processing, opening the door to use for
+ denial-of-service attacks
+ * Other changes:
+ - Autotools/CMake: Utilize -fvisibility=hidden to stop
+ exporting non-API symbols
+ - Autotools: Add --without-examples and --without-tests
+ - Autotools: Modernize configure.ac
+ - Autotools: Fix check for -fvisibility=hidden for Clang
+ - Autotools: Fix compilation for lack of docbook2x-man
+ - CMake: Make libdir of pkgconfig expat.pc support multilib
+ - CMake: Build man page in PROJECT_BINARY_DIR not _SOURCE_DIR
+ - Remove fallback to bcopy, assume that memmove(3) exists
+- Removed expat-2.2.6-fix-make-clean.patch
+
+- Add expat-2.2.6-fix-make-clean.patch
+- Allow profile guided optimization again
+
+- Drop docbook2x dependency, the manpages are generated in
+ the upstream archive and this way we break buildcycle
+
+- Version update to 2.2.6 Sun August 12 2018
+ * Bug fixes:
+ - Avoid doing arithmetic with NULL pointers in XML_GetBuffer
+ - Fix 2.2.5 regression with suspend-resume while parsing
+ a document like '<root/>'
+ * Other changes:
+ - Autotools: Fix docbook-related configure syntax error
+ - Autotools: Avoid grep option `-q` for Solaris
+ - Autotools: Support
+ ./configure DOCBOOK_TO_MAN="xmlto man --skip-validation"
+ - Autotools: Support DOCBOOK_TO_MAN command which produces
+ xmlwf.1 rather than XMLWF.1; also covers case insensitive
+ file systems
+ - Autotools: Drop -rpath option passed to libtool
+ - Autotools: Detect and deny SGML docbook2man as ours is XML
+ - Autotools/CMake: Support command db2x_docbook2man as well
+ - CMake: Introduce option WARNINGS_AS_ERRORS, defaults to OFF
+ - CMake: Introduce option MSVC_USE_STATIC_CRT, defaults to OFF
+ - CMake: Introduce option XML_UNICODE and XML_UNICODE_WCHAR_T,
+ both defaulting to OFF
+ - CMake: Prefer check_symbol_exists over check_function_exists
+ - CMake: Create the same pkg-config file as with GNU Autotools
+ - CMake: Use GNUInstallDirs module to set proper defaults for
+ install directories
+ - CMake: Utilize expat_config.h.cmake for XML_DEV_URANDOM
+ - Address compiler warnings
+ - Fix miscellaneous typos
+
+- Expand description of expat-devel.
+
+- Do not generate manpages from docbook
+- Temporarily disable profiling due to bug in build system
+
+- Version update to 2.2.5 Tue October 31 2017
+ * Bug fixes:
+ - If the parser runs out of memory, make sure its internal
+ state reflects the memory it actually has, not the memory
+ it wanted to have.
+ - The default handler wasn't being called when it should for
+ a SYSTEM or PUBLIC doctype if an entity declaration handler
+ was registered.
+ - Fix a case of mistakenly reported parsing success where
+ XML_StopParser was called from an element handler
+ - Function XML_ErrorString was returning NULL rather than
+ a message for code XML_ERROR_INVALID_ARGUMENT
+ introduced with release 2.2.1
+ * Other changes:
+ - Add argument -N adding notation declarations
+ - various compiler-specific fixes
+ - Improve docbook2x-man detection
+- drop expat-docbook.patch
+ * fixed in 0f5186c7b8e503c669e332d944712de010b265f3
+- switch to github for release tarballs and website
+
+- Version update to 2.2.4 Sat August 19 2017
+ * Bug fixes:
+ [#115] Fix copying of partial characters for UTF-8 input
+ * Other changes:
+ [#109] Fix "make check" for non-x86 architectures that default
+ to unsigned type char (-128..127 rather than 0..255)
+ [#109] coverage.sh: Cover -funsigned-char
+ Autotools: Introduce --without-xmlwf argument
+ [#65] Autotools: Replace handwritten Makefile with GNU Automake
+ [#43] CMake: Auto-detect high quality entropy extractors, add new
+ option USE_libbsd=ON to use arc4random_buf of libbsd
+ [#74] CMake: Add -fno-strict-aliasing only where supported
+ [#114] CMake: Always honor manually set BUILD_* options
+ [#114] CMake: Compile man page if docbook2x-man is available, only
+ [#117] Include file tests/xmltest.log.expected in source tarball
+ (required for "make run-xmltest")
+ [#111] Fix some typos in documentation
+ Version info bumped from 7:5:6 to 7:6:6
+- Release 2.2.3 Wed August 2 2017
+ * Bug fixes:
+ [#85] Fix a dangling pointer issue related to realloc
+ * Other changes:
+ [#91] Linux: Allow getrandom to fail if nonblocking pool has not
+ yet been initialized and read /dev/urandom then, instead.
+ This is in line with what recent Python does.
+ [#86] Check that a UTF-16 encoding in an XML declaration has the
+ right endianness
+ [#4] #5 #7 Recover correctly when some reallocations fail
+ Repair "./configure && make" for systems without any
+ provider of high quality entropy
+ and try reading /dev/urandom on those
+ Ensure that user-defined character encodings have converter
+ functions when they are needed
+ Fix mis-leading description of argument -c in xmlwf.1
+ Rely on macro HAVE_ARC4RANDOM_BUF (rather than __CloudABI__)
+ for CloudABI
+ [#100] Fix use of SIPHASH_MAIN in siphash.h
+ [#23] Test suite: Fix memory leaks
+ Version info bumped from 7:4:6 to 7:5:6
+- Release 2.2.2 Wed July 12 2017
+ * Security fixes:
+ [#43] Protect against compilation without any source of high
+ quality entropy enabled, e.g. with CMake build system;
+ * [MOX-006] Fix non-NULL parser parameter validation in XML_Parse;
+ resulted in NULL dereference, previously;
+ * Bug fixes:
+ [#69] Fix improper use of unsigned long long integer literals
+ * Other changes:
+ [#73] Start requiring a C99 compiler
+ [#49] Fix "==" Bashism in configure script
+ [#58] Address compile warnings
+ [#68] Fix "./buildconf.sh && ./configure" for some versions
+ of Dash for /bin/sh
+ [#72] CMake: Ease use of Expat in context of a parent project
+ with multiple CMakeLists.txt files
+ [#72] CMake: Resolve mistaken executable permissions
+ [#76] Address compile warning with -DNDEBUG (not recommended!)
+ [#77] Address compile warning about macro redefinition
+ * Added patch expat-docbook.patch to compile the man pages with
+ docbook-to-man
+ * Cleaned spec file with spec-cleaner
+
+- Allow building when do_profiling is undefined
+
+- Build with profiling when possible
+
+- Version update to 2.2.1 Sat June 17 2017
+ - Security fixes:
+ CVE-2017-9233 / bsc#1047236 -- External entity infinite loop DoS
+ Details: https://libexpat.github.io/doc/cve-2017-9233/
+ Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
+ - [MOX-002] CVE-2016-9063 / bsc#1047240 -- Detect integer overflow;
+ (Fixed version of existing downstream patches!)
+ - (SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
+ longer tag names;
+ [#25] More integer overflow detection (function poolGrow);
+ - [MOX-002] Detect overflow from len=INT_MAX call to XML_Parse;
+ - [MOX-005] #30 Use high quality entropy for hash initialization:
+ * arc4random_buf on BSD, systems with libbsd
+ (when configured with --with-libbsd), CloudABI
+ * RtlGenRandom on Windows XP / Server 2003 and later
+ * getrandom on Linux 3.17+
+ In a way, that's still part of CVE-2016-5300.
+ https://github.com/libexpat/libexpat/pull/30/commits
+ - [MOX-005] For the low quality entropy extraction fallback code,
+ the parser instance address can no longer leak,
+ - [MOX-003] Prevent use of uninitialised variable; commit
+ - [MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
+ Add missing parameter validation to public API functions
+ and dedicated error code XML_ERROR_INVALID_ARGUMENT:
+ - [MOX-006] * NULL checks; commits
+ * Negative length (XML_Parse); commit
+ - [MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
+ - [MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
+ to go further with fixing CVE-2012-0876.
+ https://github.com/libexpat/libexpat/pull/39/commits
+ - Bug fixes:
+ [#32] Fix sharing of hash salt across parsers;
+ relevant where XML_ExternalEntityParserCreate is called
+ prior to XML_Parse, in particular (e.g. FBReader)
+ [#28] xmlwf: Auto-disable use of memory-mapping (and parsing
+ as a single chunk) for files larger than ~1 GB (2^30 bytes)
+ rather than failing with error "out of memory"
+ [#3] Fix double free after malloc failure in DTD code; commit
+ 7ae9c3d3af433cd4defe95234eae7dc8ed15637f
+ [#17] Fix memory leak on parser error for unbound XML attribute
+ prefix with new namespaces defined in the same tag;
+ found by Google's OSS-Fuzz; commits
+ xmlwf on Windows: Add missing calls to CloseHandle
+ - New features:
+ [#30] Introduced environment switch EXPAT_ENTROPY_DEBUG=1
+ for runtime debugging of entropy extraction
+ Bump version info from 7:2:6 to 7:3:6
+
+- Remove pointless --with-pic (for static only)
+
+- Version update to 2.2.0:
+ * Fixes bnc#983215 CVE-2012-6702
+ * Fixes bnc#983216 CVE-2016-5300
+ * Various cmake and autotools script updates
+ * Fix detection of utf8 character boundaries
+- Remove all patches merged upstream:
+ * expat-2.1.1-avoid_relying_on_undef_behaviour.patch
+ * expat-2.1.1-parser_crashes_on_malformed_input.patch
+ * expat-alloc-size.patch
+ * expat-visibility.patch
+
+- add expat-2.1.1-avoid_relying_on_undef_behaviour.patch to avoid
+ relying on undefined behavior in the original CVE-2015-1283 fix
+ [bnc#980391], [bnc#983985], [CVE-2016-4472]
+- add expat-2.1.1-parser_crashes_on_malformed_input.patch to fix
+ Expat XML parser that mishandles certain kinds of malformed input
+ documents [bnc#979441], [CVE-2016-0718]
+- use spec-cleaner to clean specfile
+
+- After simplification of expat-visibility.patch, it became
+ uneffective as no symbols are getting hidden. add
+ - fvisibility=hidden to CFLAGS again.
+- expat-alloc-size.patch: fix braino, realloc()-like functions
+ should not take __attribute__(malloc)
+
+- Update to version 2.1.1
+ * Fixes CVE-2015-1283 — Multiple integer overflows in the
+ XML_GetBuffer function
+ * Fix potential null pointer dereference
+ * Symbol XML_SetHashSalt was not exported
+ * Output of xmlwf -h was incomplete
+ * Document behavior of calling XML_SetHashSalt with salt 0
+ * Minor improvements to man page xmlwf(1)
+- Simplify expat-visibility.patch, refresh expat-alloc-size.patch
+- Drop config-guess-sub-update.patch, fixed upstream.
+
+- Cleanup spec file with spec-cleaner
+- Remove old ppc obsoletes/provides
+
glibc
+- x86-shared-non-temporal-threshold.patch: Reversing calculation of
+ __x86_shared_non_temporal_threshold (bsc#1201942)
+
+- memcmp-power10.patch: powerpc: Optimized memcmp for power10
+ (jsc#PED-987)
+
gnutls
-- Security fix: [bsc#1202020, CVE-2022-2509]
- * Fixed double free during verification of pkcs7 signatures
- * Add gnutls-CVE-2022-2509.patch
-
-- FIPS:
- * Modify gnutls-FIPS-force-self-test.patch [bsc#1198979]
- - gnutls_fips140_run_self_tests now properly releases fips_context
-
-- FIPS:
- * Add gnutls_ECDSA_signing.patch [bsc#1190698]
- - Check minimum keylength for symmetric key generation
- - Only allows ECDSA signature with valid set of hashes
- (SHA2 and SHA3)
- * Add gnutls-FIPS-force-self-test.patch [bsc#1198979]
- - Provides interface for running library self tests on-demand
- - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1598
-
-- FIPS: Make sure zeroization is performed in all API functions
- * Add gnutls-zeroization-API-functions.patch [bsc#1191021]
- * Upsream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1573
-
-- FIPS: Add missing requirements for the SLI [bsc#1190698]
- * Remove 3DES from FIPS approved algorithms:
- - gnutls-Remove-3DES-from-FIPS-approved-algos.patch
- - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1570
- * DRBG service (gnutls_rnd) should be considered approved:
- - gnutls-Add-missing-FIPS-service-indicator-transitions.patch
- - gnutls-Add-missing-FIPS-service-indicator-transitions-tests.patch
- - gnutls-pkcs12-tighten-algorithm-checks-under-FIPS.patch
- - Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1569
-
-- FIPS: Mark AES-GCM as approved in the TLS context [bsc#1194907]
- * Add gnutls-FIPS-Mark-HKDF-and-AES-GCM-as-approved-when-used-in-TLS.patch
- * Upstream issue: https://gitlab.com/gnutls/gnutls/issues/1311
-
-- FIPS: Additional PBKDF2 requirements for KAT [bsc#1184669]
- * The IG 10.3.A and SP800-132 require some minimum parameters for
- the salt length, password length and iteration count. These
- parameters should be also used in the KAT.
- * Add gnutls-FIPS-PBKDF2-KAT-requirements.patch
- * Upstream: https://gitlab.com/gnutls/gnutls/merge_requests/1561
-- Enable to run the regression tests also in FIPS mode.
-
-- Update to 3.7.3: [bsc#1190698, bsc#1190796]
- * libgnutls: The allowlisting configuration mode has been added
- to the system-wide settings. In this mode, all the algorithms
- are initially marked as insecure or disabled, while the
- applications can re-enable them either through the [overrides]
- section of the configuration file or the new API (#1172).
- * The build infrastructure no longer depends on GNU AutoGen for
- generating command-line option handling, template file parsing
- in certtool, and documentation generation (#773, #774). This
- change also removes run-time or bundled dependency on the
- libopts library, and requires Python 3.6 or later to regenerate
- the distribution tarball. Note that this brings in known backward
- incompatibility in command-line tools, such as long options are
- now case sensitive, while previously they were treated in a case
- insensitive manner: for example --RSA is no longer a valid option
- of certtool. The existing scripts using GnuTLS tools may need
- adjustment for this change.
- * libgnutls: The tpm2-tss-engine compatible private blobs can be loaded
- and used as a gnutls_privkey_t (#594). The code was originally written
- for the OpenConnect VPN project by David Woodhouse. To generate such
- blobs, use the tpm2tss-genkey tool from tpm2-tss-engine:
- https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
- or the tpm2_encodeobject tool from unreleased tpm2-tools.
- * libgnutls: The library now transparently enables Linux KTLS (kernel
- TLS) when the feature is compiled in with --enable-ktls configuration
- option (#1113). If the KTLS initialization fails it automatically falls
- back to the user space implementation.
- * certtool: The certtool command can now read the Certificate Transparency
- (RFC 6962) SCT extension (#232). New API functions are also provided to
- access and manipulate the extension values.
- * certtool: The certtool command can now generate, manipulate, and evaluate
- x25519 and x448 public keys, private keys, and certificates.
- * libgnutls: Disabling a hashing algorithm through "insecure-hash"
- configuration directive now also disables TLS ciphersuites that use it
- as a PRF algorithm.
- * libgnutls: PKCS#12 files are now created with modern algorithms by default
- (!1499). Previously certtool used PKCS12-3DES-SHA1 for key derivation and
- HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
- PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
- default PBKDF2 iteration count has been increased to 600000.
- * libgnutls: PKCS#12 keys derived using GOST algorithm now uses
- HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity,
- to conform with the latest TC-26 requirements (#1225).
- * libgnutls: The library now provides a means to report the status
- of approved cryptographic operations (!1465). To adhere to the
- FIPS140-3 IG 2.4.C., this complements the existing mechanism to
- prohibit the use of unapproved algorithms by making the library
- unusable state.
- * gnutls-cli: The gnutls-cli command now provides a --list-config
- option to print the library configuration (!1508).
- * libgnutls: Fixed possible race condition in
- gnutls_x509_trust_list_verify_crt2 when a single trust list object
- is shared among multiple threads (#1277). [GNUTLS-SA-2022-01-17,
- CVSS: low]
- * API and ABI modifications:
- GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in
- gnutls_privkey_flags_t
- GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in
- gnutls_certificate_verify_flags
- gnutls_ecc_curve_set_enabled: Added.
- gnutls_sign_set_secure: Added.
- gnutls_sign_set_secure_for_certs: Added.
- gnutls_digest_set_secure: Added.
- gnutls_protocol_set_enabled: Added.
- gnutls_fips140_context_init: New function
- gnutls_fips140_context_deinit: New function
- gnutls_fips140_push_context: New function
- gnutls_fips140_pop_context: New function
- gnutls_fips140_get_operation_state: New function
- gnutls_fips140_operation_state_t: New enum
- gnutls_transport_is_ktls_enabled: New function
- gnutls_get_library_configuration: New function
- * Remove patches fixed in the update:
- - gnutls-FIPS-module-version.patch
- - gnutls-FIPS-service-indicator.patch
- - gnutls-FIPS-service-indicator-public-key.patch
- - gnutls-FIPS-service-indicator-symmetric-key.patch
- - gnutls-FIPS-RSA-PSS-flags.patch
- - gnutls-FIPS-RSA-mod-sizes.patch
-
-- FIPS: Fix regression tests in fips and non-fips mode [bsc#1194468]
- * Add gnutls-FIPS-disable-failing-tests.patch
- * Remove patches:
- - gnutls-temporarily_disable_broken_guile_reauth_test.patch
- - gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- - disable-psk-file-test.patch
-
-- FIPS: Provide module identifier and version [bsc#1190796]
- * Add configurable options to output the module name/identifier
- (--with-fips140-module-name) and the module version
- (--with-fips140-module-version).
- * Add the CLI option list-config that reports the configuration
- of the library.
- * Add gnutls-FIPS-module-version.patch
-
-- FIPS: Provide a service-level indicator [bsc#1190698]
- * Add support for a "service indicator" as required in
- the FIPS140-3 Implementation Guidance in section 2.4.C
- * Add patches:
- - gnutls-FIPS-service-indicator.patch
- - gnutls-FIPS-service-indicator-public-key.patch
- - gnutls-FIPS-service-indicator-symmetric-key.patch
- - gnutls-FIPS-RSA-PSS-flags.patch
-
-- FIPS: RSA KeyGen/SigGen fail with 4096 bit key sizes [bsc#1192008]
- * fips: allow more RSA modulus sizes
- * Add gnutls-FIPS-RSA-mod-sizes.patch
- * Delete gnutls-3.6.7-fips-rsa-4096.patch
-
-- Drop bogus condition "> 1550": that would mean 'more recent than
- Tumbleweed' which is technically impossible, as Tumbleweed is the
- leading project (and the condition causes issues as Tumbleweed
- needs to move away from 1550 due to CODE 15 SP5 plans).
-
-- Add crypto-policies support in SLE-15-SP4 [jsc#SLE-20287]
-
-- Account for the libnettle soname bump [jsc#SLE-19765]
-
-- Update to 3.7.2 in SLE-15-SP4: [jsc#SLE-19765, jsc#SLE-18139]
- - Add gnutls-temporarily_disable_broken_guile_reauth_test.patch
- - Rebased patches:
- * disable-psk-file-test.patch
- * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- * gnutls-fips_mode_enabled.patch
- - Remove patches merged upstream:
- * gnutls-CVE-2020-11501.patch
- * gnutls-CVE-2020-13777.patch
- * gnutls-CVE-2020-24659.patch
- * gnutls-CVE-2021-20231.patch
- * gnutls-CVE-2021-20232.patch
- * gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch
- * gnutls-fips_XTS_key_check.patch
- * 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch
- * 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
- * 0003-x509-trigger-fallback-verification-path-when-cert-is.patch
- * 0004-tests-add-test-case-for-certificate-chain-supersedin.patch
- * 0001-Add-Full-Public-Key-Check-for-DH.patch
- * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch
- * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch
- * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch
- * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch
- * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch
- * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch
- * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch
- * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch
- * 0001-dh-check-validity-of-Z-before-export.patch
- * 0002-ecdh-check-validity-of-P-before-export.patch
- * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch
- * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch
- * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch
- * 0001-Vendor-in-XTS-functionality-from-Nettle.patch
- * 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch
- * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
- * gnutls-3.6.7-fix-FTBFS-2024.patch
- * gnutls-3.6.7-reproducible-date.patch
-
-- Update to version 3.7.2
- * Added Linux kernel AF_ALG based acceleration
- * Fixed timing of early data exchange
- * The priority string option DISABLE_TLS13_COMPAT_MODE was added
- to disable TLS 1.3 middlebox compatibility mode
- * The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
- GNUTLS_NO_IMPLICIT_INIT to reflect the purpose
- * certtool:
- * When signing a CSR, CRL distribution point (CDP) is no
- longer copied from the signing CA by default
- * When producing certificates and certificate requests, subject
- DN components that are provided individually will now be
- ordered by assumed scale
-
-- Add gnutls-3.6.7-fix-FTBFS-2024.patch to let tests pass after 2024 (boo#1186579)
-- Add gnutls-3.6.7-reproducible-date.patch to override build date (boo#1047218)
-
-- Security fix: [bsc#1183456, CVE-2021-20232]
- * A use after free issue in client_send_params
- in lib/ext/pre_shared_key.c may lead to memory
- corruption and other potential consequences.
-- Add gnutls-CVE-2021-20232.patch
-
-- Security fix: [bsc#1183457, CVE-2021-20231]
- * A use after free issue in client sending key_share extension
- may lead to memory corruption and other consequences.
-- Add gnutls-CVE-2021-20231.patch
-
-- Update to 3.7.1:
- [bsc#1183456, CVE-2021-20232] [bsc#1183457, CVE-2021-20231]
- * Fixed potential use-after-free in sending "key_share" and
- "pre_shared_key" extensions.
- * Fixed a regression in handling duplicated certs in a chain.
- * Fixed sending of session ID in TLS 1.3 middlebox compatibility
- mode. In that mode the client shall always send a non-zero
- session ID to make the handshake resemble the TLS 1.2
- resumption; this was not true in the previous versions.
- * Removed dependency on the external 'fipscheck' package,
- when compiled with --enable-fips140-mode.
- * Added padlock acceleration for AES-192-CBC.
-- Remove patches upstream:
- * gnutls-gnutls-cli-debug.patch
- * gnutls-ignore-duplicate-certificates.patch
- * gnutls-test-fixes.patch
-
-- Fix the test suite for tests/gnutls-cli-debug.sh [bsc#1171565]
- * Don't unset system priority settings in gnutls-cli-debug.sh
- * Upstream: gitlab.com/gnutls/gnutls/merge_requests/1387
-- Add gnutls-gnutls-cli-debug.patch
-
-- Fix: Test certificates in tests/testpkcs11-certs have expired
- * Upstream bug: gitlab.com/gnutls/gnutls/issues/1135
-- Add gnutls-test-fixes.patch
-
-- gnutls_x509_trust_list_verify_crt2: ignore duplicate certificates
- * Upstream bug: https://gitlab.com/gnutls/gnutls/issues/1131
-- Add gnutls-ignore-duplicate-certificates.patch
-
-- Update to 3.7.0
- * Depend on nettle 3.6
- * Added a new API that provides a callback function to retrieve
- missing certificates from incomplete certificate chains
- * Added a new API that provides a callback function to output the
- complete path to the trusted root during certificate chain
- verification
- * OIDs exposed as gnutls_datum_t no longer account for the
- terminating null bytes, while the data field is null terminated.
- The affected API functions are: gnutls_ocsp_req_get_extension,
- gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
- * Added a new set of API to enable QUIC implementation
- * The crypto implementation override APIs deprecated in 3.6.9 are
- now no-op
- * Added MAGMA/KUZNYECHIK CTR-ACPKM and CMAC support
- * Support for padlock has been fixed to make it work with Zhaoxin CPU
- * The maximum PIN length for PKCS #11 has been increased from 31
- bytes to 255 bytes
-- Remove patch fixed upstream:
- * gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
-- Fix threading bug in libgnutls [bsc#1173434]
- * Upstream bug: gitlab.com/gnutls/gnutls/issues/1044
-
-- Avoid spurious audit messages about incompatible signature algorithms
- (bsc#1172695)
- * add 0001-pubkey-avoid-spurious-audit-messages-from-_gnutls_pu.patch
-
-- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
- * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
-- FIPS: Add TLS KDF selftest (bsc#1176671)
- * add gnutls-FIPS-TLS_KDF_selftest.patch
-
-- Escape rpm command %%expand when used in comment.
-
-- FIPS: Use 2048 bit prime in DH selftest (bsc#1176086)
- * add gnutls-FIPS-use_2048_bit_prime_in_DH_selftest.patch
-
-- FIPS: Add TLS KDF selftest (bsc#1176671)
- * add gnutls-FIPS-TLS_KDF_selftest.patch
-
-- Fix heap buffer overflow in handshake with no_renegotiation alert sent
- * CVE-2020-24659 (bsc#1176181)
-- add gnutls-CVE-2020-24659.patch
-
-- FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086)
-- add patches
- * 0001-Add-Full-Public-Key-Check-for-DH.patch
- * 0001-Add-test-to-ensure-DH-exchange-behaves-correctly.patch
- * 0002-Add-test-to-ensure-ECDH-exchange-behaves-correctly.patch
- * 0003-Add-plumbing-to-handle-Q-parameter-in-DH-exchanges.patch
- * 0004-Always-pass-in-and-check-Q-in-TLS-1.3.patch
- * 0005-Check-Q-for-FFDHE-primes-in-prime-check.patch
- * 0006-Pass-down-Q-for-FFDHE-in-al-pre-TLS1.3-as-well.patch
- * 0001-dh-primes-add-MODP-primes-from-RFC-3526.patch
- * 0002-dhe-check-if-DH-params-in-SKE-match-the-FIPS-approve.patch
- * 0001-dh-check-validity-of-Z-before-export.patch
- * 0002-ecdh-check-validity-of-P-before-export.patch
- * 0003-dh-primes-make-the-FIPS-approved-check-return-Q-valu.patch
- * 0004-dh-perform-SP800-56A-rev3-full-pubkey-validation-on-.patch
- * 0005-ecdh-perform-SP800-56A-rev3-full-pubkey-validation-o.patch
-- drop obsolete gnutls-3.6.7-fips_DH_ECDH_key_tests.patch
-
-- Update to 3.6.15
- * libgnutls: Fixed "no_renegotiation" alert handling at incorrect timing.
- [GNUTLS-SA-2020-09-04, CVSS: medium]
- * libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now
- indicates that with a false return value (!1306).
- * libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked
- accordingly to SP800-56A rev 3 (!1295, !1299).
- * libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than
- the size of the internal base64 blob (#1025).
- * libgnutls: Certificate verification failue due to OCSP must-stapling is not
- honered is now correctly marked with the GNUTLS_CERT_INVALID flag
- * libgnutls: The audit log message for weak hashes is no longer printed twice
- * libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is
- disabled in the priority string. Previously, even when TLS 1.2 is explicitly
- disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is
- enabled (#1054).
-- drop upstreamed patches:
- * gnutls-detect_nettle_so.patch
- * 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
-
-- Correctly detect gmp, nettle, and hogweed libraries (bsc#1172666)
- * add gnutls-detect_nettle_so.patch
-
-- Fix a memory leak that could lead to a DoS attack against Samba
- servers (bsc#1172663)
- * add 0001-crypto-api-always-allocate-memory-when-serializing-i.patch
-- Temporarily disable broken guile reauth test (bsc#1171565)
- * add gnutls-temporarily_disable_broken_guile_reauth_test.patch
-
-- GNUTLS-SA-2020-06-03 (Fixed insecure session ticket key construction)
- The TLS server would not bind the session ticket encryption key with a
- value supplied by the application until the initial key rotation, allowing
- attacker to bypass authentication in TLS 1.3 and recover previous
- conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
- * add patches:
- + gnutls-CVE-2020-13777.patch
-- Fixed handling of certificate chain with cross-signed intermediate
- CA certificates (#1008). (bsc#1172461)
- * add patches:
- + 0001-_gnutls_verify_crt_status-apply-algorithm-checks-to-.patch
- + 0002-_gnutls_pkcs11_verify_crt_status-check-validity-agai.patch
- + 0003-x509-trigger-fallback-verification-path-when-cert-is.patch
- + 0004-tests-add-test-case-for-certificate-chain-supersedin.patch
-
-- Update to 3.6.14
- * libgnutls: Fixed insecure session ticket key construction, since 3.6.4.
- The TLS server would not bind the session ticket encryption key with a
- value supplied by the application until the initial key rotation, allowing
- attacker to bypass authentication in TLS 1.3 and recover previous
- conversations in TLS 1.2 (#1011). (bsc#1172506, CVE-2020-13777)
- [GNUTLS-SA-2020-06-03, CVSS: high]
- * libgnutls: Fixed handling of certificate chain with cross-signed
- intermediate CA certificates (#1008). (bsc#1172461)
- * libgnutls: Fixed reception of empty session ticket under TLS 1.2 (#997).
- * libgnutls: gnutls_x509_crt_print() is enhanced to recognizes commonName
- (2.5.4.3), decodes certificate policy OIDs (!1245), and prints Authority
- Key Identifier (AKI) properly (#989, #991).
- * certtool: PKCS #7 attributes are now printed with symbolic names (!1246).
- * libgnutls: Use accelerated AES-XTS implementation if possible (!1244).
- Also both accelerated and non-accelerated implementations check key block
- according to FIPS-140-2 IG A.9 (!1233).
- * libgnutls: Added support for AES-SIV ciphers (#463).
- * libgnutls: Added support for 192-bit AES-GCM cipher (!1267).
- * libgnutls: No longer use internal symbols exported from Nettle (!1235)
- * API and ABI modifications:
- GNUTLS_CIPHER_AES_128_SIV: Added
- GNUTLS_CIPHER_AES_256_SIV: Added
- GNUTLS_CIPHER_AES_192_GCM: Added
- gnutls_pkcs7_print_signature_info: Added
-- Add key D605848ED7E69871: public key "Daiki Ueno <ueno@unixuser.org>" to
- the keyring
-- Drop gnutls-fips_correct_nettle_soversion.patch (upstream)
-
-- Add RSA 4096 key generation support in FIPS mode (bsc#1171422)
- * add gnutls-3.6.7-fips-rsa-4096.patch
-
-- Don't check for /etc/system-fips which we don't have (bsc#1169992)
- * add gnutls-fips_mode_enabled.patch
-
-- Backport AES XTS support (bsc#1168835)
- * add 0001-Vendor-in-XTS-functionality-from-Nettle.patch
- * add gnutls-fips_XTS_key_check.patch
-
-- Use correct nettle .so version when looking for a FIPS checksum
- (bsc#1166635)
- * add gnutls-fips_correct_nettle_soversion.patch
-
-- Update to 3.6.13
- * libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support)
- The DTLS client would not contribute any randomness to the DTLS negotiation,
- breaking the security guarantees of the DTLS protocol (#960)
- [GNUTLS-SA-2020-03-31, CVSS: high] (bsc#1168345)
- * libgnutls: Added new APIs to access KDF algorithms (#813).
- * libgnutls: Added new callback gnutls_keylog_func that enables a custom
- logging functionality.
- * libgnutls: Added support for non-null terminated usernames in PSK
- negotiation (#586).
- * gnutls-cli-debug: Improved support for old servers that only support
- SSL 3.0.
-
-- Fix zero random value in DTLS client hello
- (CVE-2020-11501, bsc#1168345)
- * add gnutls-CVE-2020-11501.patch
-
-- Split off FIPS checksums into a separate libgnutls30-hmac
- subpackage (bsc#1152692)
- * update baselibs.conf
-
-- bsc#1166881 - FIPS: gnutls: cfb8 decryption issue
- * No longer truncate output IV if input is shorter than block size.
- * Added gnutls-3.6.7-fips-backport_dont_truncate_output_IV.patch
-
-- bsc#1155327 jira#SLE-9518 - FIPS: add DH key test
- * Added Diffie Hellman public key verification test.
- * gnutls-3.6.7-fips_DH_ECDH_key_tests.patch
-
-- gnutls 3.6.12
- * libgnutls: Introduced TLS session flag (gnutls_session_get_flags())
- to identify sessions that client request OCSP status request (#829).
- * libgnutls: Added support for X448 key exchange (RFC 7748) and Ed448
- signature algorithm (RFC 8032) under TLS (#86).
- * libgnutls: Added the default-priority-string option to system configuration;
- it allows overriding the compiled-in default-priority-string.
- * libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
- draft-smyshlyaev-tls12-gost-suites-07).
- By default this ciphersuite is disabled. It can be enabled by adding
- +GOST to priority string. In the future this priority string may enable
- other GOST ciphersuites as well. Note, that server will fail to negotiate
- GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It
- is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites
- are enabled on GnuTLS-based servers.
- * libgnutls: added priority shortcuts for different GOST categories like
- CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
- * libgnutls: Reject certificates with invalid time fields. That is we reject
- certificates with invalid characters in Time fields, or invalid time formatting
- To continue accepting the invalid form compile with --disable-strict-der-time
- * libgnutls: Reject certificates which contain duplicate extensions. We were
- previously printing warnings when printing such a certificate, but that is
- not always sufficient to flag such certificates as invalid. Instead we now
- refuse to import them (#887).
- * libgnutls: If a CA is found in the trusted list, check in addition to
- time validity, whether the algorithms comply to the expected level prior
- to accepting it. This addresses the problem of accepting CAs which would
- have been marked as insecure otherwise (#877).
- * libgnutls: The min-verification-profile from system configuration applies
- for all certificate verifications, not only under TLS. The configuration can
- be overriden using the GNUTLS_SYSTEM_PRIORITY_FILE environment variable.
- * libgnutls: The stapled OCSP certificate verification adheres to the convention
- used throughout the library of setting the 'GNUTLS_CERT_INVALID' flag.
- * libgnutls: On client side only send OCSP staples if they have been requested
- by the server, and on server side always advertise that we support OCSP stapling
- * libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
- with gnutls_ocsp_req_t but const.
- * certtool: Added the --verify-profile option to set a certificate
- verification profile. Use '--verify-profile low' for certificate verification
- to apply the 'NORMAL' verification profile.
- * certtool: The add_extension template option is considered even when generating
- a certificate from a certificate request.
-
-- gnutls 3.6.11.1:
- * libgnutls: Corrected issue with TLS 1.2 session ticket
- handling as client during resumption
- * libgnutls: gnutls_base64_decode2() succeeds decoding the empty
- string to the empty string. This is a behavioral change of the
- API but it conforms to the RFC4648 expectations
- * libgnutls: Fixed AES-CFB8 implementation, when input is shorter
- than the block size. Fix backported from nettle.
- * certtool: CRL distribution points will be set in CA
- certificates even when non self-signed
- * gnutls-cli/serv: added raw public-key handling capabilities
- (RFC7250). Key material can be set via the --rawpkkeyfile and
- - -rawpkfile flags.
-
-- gnutls 3.6.10:
- * Add support for deterministic ECDSA/DSA (RFC6979)
- * Add functions for in-place encryption/decryption of data buffers
- * server now selects the highest TLS protocol version, if TLS 1.3
- is enabled and the client advertises an older protocol version
- first
- * Add support for GOST 28147-89 cipher in CNT (GOST counter) mode
- and MAC generation based on GOST 28147-89 (IMIT)
- * certtool: when outputting an encrypted private key do not
- insert the textual description of it
-
-- Install checksums for binary integrity verification which are
- required when running in FIPS mode (bsc#1152692, jsc#SLE-9518)
-
-- gnutls 3.6.9:
- * add support for copying digest or MAC contexts
- * Mark the crypto implementation override APIs as deprecated
- * Add support for AES-GMAC, as a separate to GCM, MAC algorithm
- * Add support for Generalname registeredID
- * The priority configuration was enhanced to allow more elaborate
- system-wide configuration of the library
-- includes changes from 3.6.8:
- * Add support for AES-XTS cipher
- * Fix calculation of Streebog digests
- * During Diffie-Hellman operations in TLS, verify that the peer's
- public key is on the right subgroup (y^q=1 mod p), when q is
- available (under TLS 1.3 and under earlier versions when RFC7919
- parameters are used).
- * Apply STD3 ASCII rules in gnutls_idna_map() to prevent
- hostname/domain crafting via IDNA conversion
- * certtool: allow the digital signature key usage flag in CA
- certificates
- * gnutls-cli/serv: add the --keymatexport and --keymatexportsize
- options. These allow testing the RFC5705 using these tools
-- drop patches to re-enable tests:
- * disable-psk-file-test.patch
- * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-
-- Explicitly require libnettle 3.4.1 (bsc#1134856)
- * The RSA decryption code was rewritten in GnuTLS 3.6.5 in order
- to fix CVE-2018-16868, the new implementation makes use of a new
- rsa_sec_decrypt() function introduced in libnettle 3.4.1
- * libnettle was recently updated to the 3.4.1 version but we need
- to add explicit dependency on it to prevent missing symbol errors
- with the older versions
-
-- Restored autoreconf in build.
-- Removed gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch
- since the version requirements of required libraries are once again
- automatically determined.
-- Added gnutls-3.6.7-SUSE_SLE15_guile_site_directory.patch because it is a
- better patch name for handling the '--with-guile-site-dir=' problem in
- 3.6.7.
-
-- Trim useless %if..%endif guards that do not affect the build.
-- Fix language errors in description again.
-
-- Update gnutls to 3.6.7
- * * libgnutls, gnutls tools: Every gnutls_free() will automatically set
- the free'd pointer to NULL. This prevents possible use-after-free and
- double free issues. Use-after-free will be turned into NULL dereference.
- The counter-measure does not extend to applications using gnutls_free().
- * * libgnutls: Fixed a memory corruption (double free) vulnerability in the
- certificate verification API. Reported by Tavis Ormandy; addressed with
- the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829)
- * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
- Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836)
- * * libgnutls: enforce key usage limitations on certificates more actively.
- Previously we would enforce it for TLS1.2 protocol, now we enforce it
- even when TLS1.3 is negotiated, or on client certificates as well. When
- an inappropriate for TLS1.3 certificate is seen on the credentials structure
- GnuTLS will disable TLS1.3 support for that session (#690).
- * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to
- two. This makes it easier for clients which perform multiple connections
- to the server to use the tickets sent by a default server.
- * * libgnutls: enforce the equality of the two signature parameters fields in
- a certificate. We were already enforcing the signature algorithm, but there
- was a bug in parameter checking code.
- * * libgnutls: fixed issue preventing sending and receiving from different
- threads when false start was enabled (#713).
- * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
- session, as non-writeable security officer sessions are undefined in PKCS#11
- (#721).
- * * libgnutls: no longer send downgrade sentinel in TLS 1.3.
- Previously the sentinel value was embedded to early in version
- negotiation and was sent even on TLS 1.3. It is now sent only when
- TLS 1.2 or earlier is negotiated (#689).
- * * gnutls-cli: Added option --logfile to redirect informational messages output.
-- Disabled dane support since dane is not shipped with SLE-15
-- Changed configure script to hardware guile site directory since command-line
- option '--with-guile-site-dir=' was removed from the configure script in 3.6.7.
- * * Modified gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch
-- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix
- compilation issues on PPC
-- Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification
- and padding oracle verification (in 3.6.5) [bsc#1118087] (CVE-2018-16868)
-
-- FATE#327114 - Update gnutls to 3.6.6 to support TLS 1.3
- * * libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits
- on the public key (#640).
- * * libgnutls: Added support for raw public-key authentication as defined in RFC7250.
- Raw public-keys can be negotiated by enabling the corresponding certificate
- types via the priority strings. The raw public-key mechanism must be explicitly
- enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280).
- * * libgnutls: When on server or client side we are sending no extensions we do
- not set an empty extensions field but we rather remove that field competely.
- This solves a regression since 3.5.x and improves compatibility of the server
- side with certain clients.
- * * libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if
- the CKA_SIGN is not set (#667).
- * * libgnutls: The priority string option %NO_EXTENSIONS was improved to completely
- disable extensions at all cases, while providing a functional session. This
- also implies that when specified, TLS1.3 is disabled.
- * * libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated.
- The previous definition was non-functional (#609).
- * Removed patches:
- 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch
- 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
- 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
- 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
- * Added Patches:
- * * disable failing psk-file test (race condition):
- disable-psk-file-test.patch
- * * Patch configure script to accept specific versions of autotools and guile
- that are present in SUSE-SLE15. (A bug prevents configure from accepting
- a range of compatible versions. Upstream's solution is to hardwire for
- the most current versions.)
- gnutls-3.6.6-SUSE_SLE15_congruent_version_requirements.patch
- * Modified:
- * * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-- drop no longer needed gnutls-enbale-guile-2.2.patch
-- refresh disable-psk-file-test.patch
-
-- Update to 3.6.5
- * * libgnutls: Provide the option of transparent re-handshake/reauthentication
- when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571).
- * * libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
- * * libgnutls: The priority functions will ignore and not enable TLS1.3 if
- requested with legacy TLS versions enabled but not TLS1.2. That is because
- if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
- servers which do not support TLS1.3 will negotiate TLS1.2 which will be
- rejected by the client as disabled (#621).
- * * libgnutls: Change RSA decryption to use a new side-channel silent function.
- This addresses a security issue where memory access patterns as well as timing
- on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher
- attacks. Side-channel resistant code is slower due to the need to mask
- access and timings. When used in TLS the new functions cause RSA based
- handshakes to be between 13% and 28% slower on average (Numbers are indicative,
- the tests where performed on a relatively modern Intel CPU, results vary
- depending on the CPU and architecture used). This change makes nettle 3.4.1
- the minimum requirement of gnutls (#630). [CVSS: medium]
- * * libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
- in the priority string. It is only accepted as legacy option and is ignored.
- * * libgnutls: Added support for EdDSA under PKCS#11 (#417)
- * * libgnutls: Added support for AES-CFB8 cipher (#357)
- * * libgnutls: Added support for AES-CMAC MAC (#351)
- * * libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers
- have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
- S-BOXes). They are fixed now.
- * * libgnutls: Added support for GOST key unmasking and unwrapped GOST private
- keys parsing, as specified in R 50.1.112-2016.
- * * gnutls-serv: It applies the default settings when no --priority option is given,
- using gnutls_set_default_priority().
- * * p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
- option (#561)
- * * certtool: Add parameter --no-text that prevents certtool from outputting
- text before PEM-encoded private key, public key, certificate, CRL or CSR.
-- minimum required libnettle is now 3.4.1
-- refresh
- * disable-psk-file-test.patch
- * gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-
-- search for guile-2.2 during configure, part of boo#1117121
- add patches:
- * gnutls-enbale-guile-2.2.patch: search for guile-2.2
- refresh patches:
- * disable-psk-file-test.patch: disable psk-file in Makefile.am
-
-- Temporarily disable failing psk-file test (race condition)
- * add disable-psk-file-test.patch
-
-- Version update to 3.6.4 (bsc#1111757):
- * * libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
- * * libgnutls: Corrected regression since 3.6.3 in the callbacks set with
- gnutls_certificate_set_retrieve_function() which could not handle the case where
- no certificates were returned, or the callbacks were set to NULL (see #528).
- * * libgnutls: gnutls_handshake() on server returns early on handshake when no
- certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START
- is specified.
- * * libgnutls: Added session ticket key rotation on server side with TOTP.
- The key set with gnutls_session_ticket_enable_server() is used as a
- master key to generate time-based keys for tickets. The rotation
- relates to the gnutls_db_set_cache_expiration() period.
- * * libgnutls: The 'record size limit' extension is added and preferred to the
- 'max record size' extension when possible.
- * * libgnutls: Provide a more flexible PKCS#11 search of trust store certificates.
- This addresses the problem where the CA certificate doesn't have a subject key
- identifier whereas the end certificates have an authority key identifier (#569)
- * * libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(),
- gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import
- and export GOST parameters in the "native" little endian format used for these
- curves. This is an intentional incompatible change with 3.6.3.
- * * libgnutls: Added support for seperately negotiating client and server certificate types
- as defined in RFC7250. This mechanism must be explicitly enabled via the
- GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init().
-- Drop upstreamed patch:
- * gnutls-3.6.3-backport-upstream-fixes.patch
-
-- gnutls-3.6.0-disable-flaky-dtls_resume-test.patch: refresh to also patch
- test/Makefile.in as autoreconf does not work
-
-- Backport of upstream fixes (boo#1108450)
- * gnutls-3.6.3-backport-upstream-fixes.patch
- Fixes taken from upstream commits:
- * * 3df5b7bc8a64 ("cert-cred: fix possible segfault when resetting cert retrieval function")
- * * 42945a7aab6d ("allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks")
- * * 10f83e36ed92 ("hello_ext_parse: apply the test for pre-shared key ext being last on client hello")
- The patch was taken from https://github.com/weechat/weechat/issues/1231
-
-- Security update
- Improve mitigations against Lucky 13 class of attacks
- * "Just in Time" PRIME + PROBE cache-based side channel attack
- can lead to plaintext recovery (CVE-2018-10846, bsc#1105460)
- * HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of
- wrong constant (CVE-2018-10845, bsc#1105459)
- * HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not
- enough dummy function calls (CVE-2018-10844, bsc#1105437)
- * add patches:
- 0001-dummy_wait-correctly-account-the-length-field-in-SHA.patch
- 0002-dummy_wait-always-hash-the-same-amount-of-blocks-tha.patch
- 0003-cbc_mac_verify-require-minimum-padding-under-SSL3.0.patch
- 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch
-
-- Update to 3.6.3
- Fixes security issues:
- CVE-2018-10846, CVE-2018-10845, CVE-2018-10844, CVE-2017-10790
- (bsc#1105437, bsc#1105460, bsc#1105459, bsc#1047002)
- Other Changes:
- * * libgnutls: Introduced support for draft-ietf-tls-tls13-28
- * * libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or
- earlier and TLS 1.3.
- * * Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836.
- * * Provide a uniform cipher list across supported TLS protocols
- * * The SSL 3.0 protocol is disabled on compile-time by default.
- * * libgnutls: Introduced function to switch the current FIPS140-2 operational
- mode
- * * libgnutls: Introduced low-level function to assist applications attempting client
- hello extension parsing, prior to GnuTLS' parsing of the message.
- * * libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no
- modifications to the certificate.
- * * libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups
- which are preferred by the server.
- * * Improved counter-measures for TLS CBC record padding.
- * * Introduced the %FORCE_ETM priority string option. This option prevents the negotiation
- of legacy CBC ciphersuites unless encrypt-then-mac is negotiated.
- * * libgnutls: gnutls_privkey_import_ext4() was enhanced with the
- GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag.
- * * libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2,
- gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default
- unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API
- change for these functions which make them err towards safety.
- * * libgnutls: improved aarch64 cpu features detection by using getauxval().
- * * certtool: It is now possible to specify certificate and serial CRL numbers greater
- than 2**63-2 as a hex-encoded string both when prompted and in a template file.
- Default certificate serial numbers are now fully random.
-- don't run autoreconf to avoid pulling in gtk-doc
-
-- Require pkgconfig(autoopts) for building
-
-- Simplify the DANE support %ifdef condition
- * build with DANE on openSUSE only
-
-- Adjust RPM groups. Drop %if..%endif guards that are idempotent.
-
-- build without DANE support on SLE-15, as it doesn't have unbound
- (bsc#1086428)
-
-- add back refreshed gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- the dtls-resume test still keeps randomly failing on PPC
-
-- remove gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
- patch does not apply any more and apparently the build
- suceeds even if the formerly flaky testcase is run (bsc#1086579)
-
-- gnutls.keyring: Nikos key refreshed to be unexpired
-
-- GnuTLS 3.6.2:
- * libgnutls: When verifying against a self signed certificate ignore issuer.
- That is, ignore issuer when checking the issuer's parameters strength,
- resolving issue #347 which caused self signed certificates to be
- additionally marked as of insufficient security level.
- * libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data
- MTU calculation now, it correctly accounts for the fixed overhead due to
- padding (as 1 byte), while at the same time considers the rest of the
- padding as part of data MTU.
- * libgnutls: Address issue of loading of all PKCS#11 modules on startup
- on systems with a PKCS#11 trust store (as opposed to a file trust store).
- Introduced a multi-stage initialization which loads the trust modules, and
- other modules are deferred for the first pure PKCS#11 request.
- * libgnutls: The SRP authentication will reject any parameters outside
- RFC5054. This protects any client from potential MitM due to insecure
- parameters. That also brings SRP in par with the RFC7919 changes to
- Diffie-Hellman.
- * libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters
- for SRP authentication.
- * libgnutls: Addressed issue in the accelerated code affecting
- interoperability with versions of nettle >= 3.4.
- * libgnutls: Addressed issue in the AES-GCM acceleration under aarch64.
- * libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by
- Vitezslav Cizek).
- * srptool: the --create-conf option no longer includes 1024-bit parameters.
- * p11tool: Fixed the deletion of objects in batch mode.
-- Dropped gnutls-check_aes_keysize.patch as it is included upstream now.
-
-- Use %license (boo#1082318)
-
-- Sanity check key size in SSSE3 AES cipher implementation (bsc#1074303)
- * add gnutls-check_aes_keysize.patch
-
-- GnuTLS 3.6.1:
- * Fix interoperability issue with openssl when safe renegotiation
- was used
- * gnutls_x509_crl_sign, gnutls_x509_crt_sign,
- gnutls_x509_crq_sign, were modified to sign with a better
- algorithm than SHA1. They will now sign with an algorithm that
- corresponds to the security level of the signer's key.
- * gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign()
- accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That
- will signal the function to auto-detect an appropriate hash
- algorithm to use.
- * Remove support for signature algorithms using SHA2-224 in TLS.
- TLS 1.3 no longer uses SHA2-224 and it was never a widespread
- algorithm in TLS 1.2
- * Refuse to use client certificates containing disallowed
- algorithms for a session, reverting a change on 3.5.5
- * Refuse to resume a session which had a different SNI advertised
- That improves RFC6066 support in server side.
- * p11tool: Mark all generated objects as sensitive by default.
- * p11tool: added options --sign-params and --hash. This allows
- testing signature with multiple algorithms, including RSA-PSS.
-
-- Disable flaky dtls_resume test on Power
- * add gnutls-3.6.0-disable-flaky-dtls_resume-test.patch
-
-- GnuTLS 3.6.0:
- * Introduce a lock-free random generator which operates per-
- thread and eliminates random-generator related bottlenecks in
- multi-threaded operation.
- * Replace the Salsa20 random generator with one based on CHACHA.
- The goal is to reduce code needed in cache (CHACHA is also
- used for TLS), and the number of primitives used by the
- library. That does not affect the AES-DRBG random generator
- used in FIPS140-2 mode.
- * Add support for RSA-PSS key type as well as signatures in
- certificates, and TLS key exchange
- * Add support for Ed25519 signing in certificates and TLS key
- exchange following draft-ietf-tls-rfc4492bis-17
- * Enable X25519 key exchange by default, following
- draft-ietf-tls-rfc4492bis-17.
- * Add support for Diffie-Hellman group negotiation following
- RFC7919.
- * Introduce various sanity checks on certificate import
- * Introduce gnutls_x509_crt_set_flags(). This function can set
- flags in the crt structure. The only flag supported at the
- moment is GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the
- certificate sanity checks on import.
- * PKIX certificates with unknown critical extensions are rejected
- on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS
- * Refuse to generate a certificate with an illegal version, or an
- illegal serial number. That is, gnutls_x509_crt_set_version()
- and gnutls_x509_crt_set_serial(), will fail on input considered
- to be invalid in RFC5280.
- * Call to gnutls_record_send() and gnutls_record_recv() prior to
- handshake being complete are now refused
- * Add support for PKCS#12 files with no salt (zero length) in
- their password encoding, and PKCS#12 files using SHA384 and
- SHA512 as MAC.
- * libgnutls: Exported functions to encode and decode DSA and ECDSA
- r,s values.
- * Add new callback setting function to gnutls_privkey_t for
- external keys. The new function (gnutls_privkey_import_ext4),
- allows signing in addition to previous algorithms (RSA PKCS#1
- 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 keys.
- * Introduce the %VERIFY_ALLOW_BROKEN and
- %VERIFY_ALLOW_SIGN_WITH_SHA1 priority string options. These
- allows enabling all broken and SHA1-based signature algorithms
- in certificate verification, respectively.
- * 3DES-CBC is no longer included in the default priorities list.
- It has to be explicitly enabled, e.g., with a string like
- "NORMAL:+3DES-CBC".
- * SHA1 was marked as insecure for signing certificates.
- Verification of certificates signed with SHA1 is now considered
- insecure and will fail, unless flags intended to enable broken
- algorithms are set. Other uses of SHA1 are still allowed.
- * RIPEMD160 was marked as insecure for certificate signatures.
- Verification of certificates signed with RIPEMD160 hash
- algorithm is now considered insecure and will fail, unless
- flags intended to enable broken algorithms are set.
- * No longer enable SECP192R1 and SECP224R1 by default on TLS
- handshakes. These curves were rarely used for that purpose,
- provide no advantage over x25519 and were deprecated by TLS 1.3.
- * Remove support for DEFLATE, or any other compression method.
- * OpenPGP authentication was removed; the resulting library is ABI
- compatible, with the openpgp related functions being stubs that
- fail on invocation.
- Drop gnutls-broken-openpgp-tests.patch, no longer required.
- * Remove support for libidn (i.e., IDNA2003); gnutls can now be
- compiled only with libidn2 which provides IDNA2008.
- * certtool: The option '--load-ca-certificate' can now accept
- PKCS#11 URLs in addition to files.
- * certtool: The option '--load-crl' can now be used when
- generating PKCS#12 files (i.e., in conjunction with '--to-p12' option).
- * certtool: Keys with provable RSA and DSA parameters are now
- only read and exported from PKCS#8 form, following
- draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt.
- This removes support for the previous a non-standard key format.
- * certtool: Added support for generating, printing and handling
- RSA-PSS and Ed25519 keys and certificates.
- * certtool: the parameters --rsa, --dsa and --ecdsa to
- - -generate-privkey are now deprecated, replaced by the
- - -key-type option.
- * p11tool: The --generate-rsa, --generate-ecc and --generate-dsa
- options were replaced by the --generate-privkey option.
- * psktool: Generate 256-bit keys by default.
- * gnutls-server: Increase request buffer size to 16kb, and added
- the --alpn and --alpn-fatal options, allowing testing of ALPN
- negotiation.
- * Enables FIPS 140-2 mode during build
-
-- Buildrequire iproute2: the test suite calls /usr/bin/ss and as
- such we have to ensure to pull it in.
-
-- GnuTLS 3.5.15:
- * libgnutls: Disable hardware acceleration on aarch64/ilp32 mode
- * certtool: Keys with provable RSA and DSA parameters are now
- only exported in PKCS#8 form
-
-- RPM group fix. Diversification of summaries.
-- Avoid aims and future plans in description. Say what it does now.
-
-- Drop the deprecated openssl compat ; discussed and suggested by
- vcizek
-- Cleanup a bit with spec-cleaner
-
-- GnuTLS 3.5.14:
- * Handle specially HSMs which request explicit authentication
- * he GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login on HSMs
- * do not set leading zeros when copying integers on HSMs
- * Fix issue discovering certain OCSP signers, and improved the
- discovery of OCSP signer in the case where the Subject Public
- Key identifier field matches
- * ensure OCSP responses are saved with --save-ocsp even if
- certificate verification fails.
-
-- GnuTLS 3.5.13:
- * libgnutls: fixed issue with AES-GCM in-place encryption and
- decryption in aarch64
- * libgnutls: no longer parse the ResponseID field of the status
- response TLS extension. The field is not used by GnuTLS nor is
- made available to calling applications. That addresses a null
- pointer dereference on server side caused by packets containing
- the ResponseID field. GNUTLS-SA-2017-4, bsc#1043398
- * libgnutls: tolerate certificates which do not have strict DER
- time encoding. It is possible using 3rd party tools to generate
- certificates with time fields that do not conform to DER
- requirements. Since 3.4.x these certificates were rejected and
- cannot be used with GnuTLS, however that caused problems with
- existing private certificate infrastructures, which were
- relying on such certificates. Tolerate reading and using these
- certificates.
- * minitasn1: updated to libtasn1 4.11.
- * certtool: allow multiple certificates to be used in --p7-sign
- with the --load-certificate option
-
-- GnuTLS 3.5.12:
- * libgnutls: gnutls_x509_crt_check_hostname2() no longer matches
- IP addresses against DNS fields of certificate (CN or DNSname).
- The previous behavior was to tolerate some misconfigured
- servers, but that was non-standard and skipped any IP
- constraints present in higher level certificates.
- * libgnutls: when converting to IDNA2008, fallback to IDNA2003
- (i.e., transitional encoding) if the domain cannot be converted.
- That provides maximum compatibility with browsers like firefox
- that perform the same conversion.
- * libgnutls: fix issue in RSA-PSK client callback which resulted
- in no username being sent to the peer
- * libgnutls: fix regression causing stapled extensions in trust
- modules not to be considered.
- * certtool: introduced the email_protection_key option. This
- option was introduced in documentation for certtool without an
- implementation of it. It is a shortcut for option
- 'key_purpose_oid = 1.3.6.1.5.5.7.3.4'.
- * certtool: made printing of key ID and key PIN consistent
- between certificates, public keys, and private keys. That is
- the private key printing now uses the same format as the rest.
- * gnutls-cli: introduced the --sni-hostname option. This allows
- overriding the hostname advertised to the peer.
-
-- skip trust-store tests to avoid build cycle with
- ca-certificates-mozilla, add gnutls-3.5.11-skip-trust-store-tests.patch
-
-- GnuTLS 3.5.11:
- * gnutls.pc: do not include libtool options into Libs.private.
- * libgnutls: Fixed issue when rehandshaking without a client certificate in
- a session which initially used one
- * libgnutls: Addressed read of 4 bytes past the end of buffer in OpenPGP
- certificate parsing (bsc#1038337)
- * libgnutls: Introduced locks in gnutls_pkcs11_privkey_t structure access.
- That allows PKCS#11 operations such as signing to be performed with the
- same object from multiple threads.
- * libgnutls: when disabling OpenPGP authentication, the resulting library
- is ABI compatible (will openpgp related functions being stubs that fail
- on invocation).
-
-- call gzip -n to make build fully reproducible
-
-- update to 3.5.10
- * addresses GNUTLS-SA-2017-3 CVE-2017-7869 bsc#1034173
- * gnutls.pc: do not include libidn2 in Requires.private
- * libgnutls: optimized access to subject alternative names (SANs) in parsed
- certificates
- * libgnutls: Print the key PIN value used by the HPKP protocol as per RFC7469
- when printing certificate information.
- * libgnutls: gnutls_ocsp_resp_verify_direct() and gnutls_ocsp_resp_verify()
- flags can be set from the gnutls_certificate_verify_flags enumeration.
- This allows the functions to pass the same flags available for certificates
- to the verification function (e.g., GNUTLS_VERIFY_DISABLE_TIME_CHECKS or
- GNUTLS_VERIFY_ALLOW_BROKEN).
- * libgnutls: gnutls_store_commitment() can accept flag
- GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN. This is to allow the function to operate
- in applications which use SHA1 for example, after SHA1 is deprecated.
- * certtool: No longer ignore the 'add_critical_extension' template option if
- the 'add_extension' option is not present.
- * gnutls-cli: Added LMTP, POP3, NNTP, Sieve and PostgreSQL support to the
- starttls-proto command- drop gnutls-3.5.9-pkgconfig.patch (upstream)
-- drop gnutls-3.5.9-pkgconfig.patch (upstream)
-- remove unknown --disable-srp flag (bsc#901857)
-
-- disable the deprecated OpenPGP authentication support
- * see https://gitlab.com/gnutls/gnutls/issues/102
-- add gnutls-broken-openpgp-tests.patch
-
-- GnuTLS 3.5.9:
- * libgnutls: OpenPGP references removed, functionality deprecated
- * libgnutls: Improve detection of AVX support
- * libgnutls: Add support for IDNA2008 with libidn2 FATE#321897
- * p11tool: re-use ID from corresponding objects when writing
- certificates.
- * API and ABI modifications:
- gnutls_idna_map: Added
- gnutls_idna_reverse_map: Added
-- prevent pkgconfig issues due to libidn2 when building with GnuTLS
- add gnutls-3.5.9-pkgconfig.patch
-
-- Version 3.5.8 (released 2016-01-09)
- * libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
- functions will not leave the verification profiles field to an
- undefined state. The last call will take precedence.
- * libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
- by PKCS#8 decryption functions when an invalid key is provided. This
- addresses regression on decrypting certain PKCS#8 keys.
- * libgnutls: Introduced option to override the default priority string
- used by the library. The intention is to allow support of system-wide
- priority strings (as set with --with-system-priority-file). The
- configure option is --with-default-priority-string.
- * libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
- This prevents crashes when decrypting malformed PKCS#8 keys.
- * libgnutls: Fix crash on the loading of malformed private keys with certain
- parameters set to zero.
- * libgnutls: Fix double free in certificate information printing. If the PKIX
- extension proxy was set with a policy language set but no policy specified,
- that could lead to a double free.
- * libgnutls: Addressed memory leaks in client and server side error paths
- (issues found using oss-fuzz project)
- * libgnutls: Addressed memory leaks in X.509 certificate printing error paths
- (issues found using oss-fuzz project)
- * libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
- parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
- * libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
- (issues found using oss-fuzz project)
-- security issues fixed: GNUTLS-SA-2017-1 GNUTLS-SA-2017-2
-
-- GnuTLS 3.5.7, the next stable branch, with the following
- highlights:
- * SHA3 as a certificate signature algorithm
- * X25519 (formerly curve25519) for ephemeral EC diffie-hellman
- key exchange
- * TLS false start
- * New APIs to access the Shawe-Taylor-based provable RSA and DSA
- parameter generation
- * Prevent the change of identity on rehandshakes by default
-
-- GnuTLS 3.4.17:
- * libgnutls: Introduced time and constraints checks in the end
- certificate in the gnutls_x509_crt_verify_data2() and
- gnutls_pkcs7_verify_direct() functions.
- * libgnutls: Set limits on the maximum number of alerts handled.
- That is, applications using gnutls could be tricked into an
- busy loop if the peer sends continuously alert messages.
- Applications which set a maximum handshake time (via
- gnutls_handshake_set_timeout) will eventually recover but
- others may remain in a busy loops indefinitely. This is related
- but not identical to CVE-2016-8610, due to the difference in
- alert handling of the libraries (gnutls delegates that handling
- to applications). boo#1005879
- * libgnutls: Enhanced the PKCS#7 parser to allow decoding old
- (pre-rfc5652) structures with arbitrary encapsulated content.
- * libgnutls: Backported cipher priorities order from 3.5.x branch
- That adds CHACHA20-POLY1305 ciphersuite to SECURE priority
- strings.
- * certtool: When exporting a CRQ in DER format ensure no text data
- are intermixed.
- * API and ABI modifications:
- gnutls_pkcs7_get_embedded_data_oid: Added
-- includes changes from 3.4.16:
- * libgnutls: Ensure proper cleanups on
- gnutls_certificate_set_*key() failures due to key mismatch.
- This prevents leaks or double freeing on such failures.
- * libgnutls: Increased the maximum size of the handshake message
- hash. This will allow the library to cope better with larger
- packets, as the ones offered by current TLS 1.3 drafts.
- * libgnutls: Allow to use client certificates despite them
- containing disallowed algorithms for a session. That allows for
- example a client to use DSA-SHA1 due to his old DSA
- certificate, without requiring him to enable DSA-SHA1 (and thus
- make it acceptable for the server's certificate).
- * guile: Backported all improvements from 3.5.x branch.
- * guile: Update code to the I/O port API of Guile >= 2.1.4
- This makes sure the GnuTLS bindings will work with the
- forthcoming 2.2 stable series of Guile, of which 2.1 is a
- preview.
-
-- GnuTLS 3.4.15:
- * libgnutls: Corrected the comparison of the serial size in OCSP
- response. Previously the OCSP certificate check wouldn't verify
- the serial length and could succeed in cases it shouldn't
- (GNUTLS-SA-2016-3).
- * libgnutls: Fixes in gnutls_x509_crt_list_import2, which was
- ignoring flags if all certificates in the list fit within the
- initially allocated memory.
- * libgnutls: Corrected issue which made
- gnutls_certificate_get_x509_crt() to return invalid pointers
- when returned more than a single certificate.
- * libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the
- complete chain.
- * libgnutls: Added support for decrypting PKCS#8 files which use
- the HMAC-SHA256 as PRF.
- * libgnutls: Addressed issue with PKCS#11 signature generation on
- ECDSA keys. The signature is now written as unsigned integers
- into the DSASignatureValue structure. Previously signed
- integers could be written depending on what the underlying
- module would produce. Addresses #122.
-- fix build error for 13.2, 42.1 and 42.2
-
-- GnuTLS 3.4.14:
- * libgnutls: Address issue when utilizing the p11-kit trust store
- for certificate verification (GNUTLS-SA-2016-2, boo#988276)
- * libgnutls: Fixed DTLS handshake packet reconstruction.
- * libgnutls: Fixed issues with PKCS#11 reading of sensitive
- objects from SafeNet Network HSM
- * libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER
-- drop upstreamed
- 0001-tests-use-datefudge-in-name-constraints-test.patch
-
-- Fix a problem with expired test certificate by using datefudge
- (boo#987139)
- * add 0001-tests-use-datefudge-in-name-constraints-test.patch
-
-- Version 3.4.13 (released 2016-06-06)
- * libgnutls: Consider the SSLKEYLOGFILE environment to be compatible with
- NSS instead of using a separate variable; in addition append any keys to
- the file instead of overwriting it.
- * libgnutls: use secure_getenv() where available to obtain environment
- variables. Addresses GNUTLS-SA-2016-1.
-- Version 3.4.12 (released 2016-05-20)
- * libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This
- cipher is prioritized after AES-GCM.
- * libgnutls: Fixes in gnutls_privkey_import_ecc_raw().
- * libgnutls: Fixed gnutls_pkcs11_get_raw_issuer() usage with the
- GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag. Previously that
- operation could fail on certain PKCS#11 modules.
- * libgnutls: gnutls_pkcs11_obj_import_url() and gnutls_x509_crt_import_url()
- can accept the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag.
- * libgnutls: gnutls_certificate_set_key() was enhanced to import the DNS
- name of the certificates if the provided names are NULL.
- * libgnutls: when receiving SNI names, only save and expose to application
- the supported DNS names.
- * libgnutls: when importing the certificate names at the
- gnutls_certificate_set* functions, only consider the CN as a fallback
- if DNS names are provided via the alternative name extension.
- * gnutls-cli: on OCSP verification do not fail if we have a single valid
- reply. Report and reproducer by Thomas Klute.
- * libgnutls: The GNUTLS_KEYLOGFILE environment variable can be used to
- log session keys in client side. These session keys are compatible with
- the NSS Key Log Format and can be used to decrypt the session for
- debugging using wireshark.
-
-- enabled guile support
-- removed duplicates
-
-- Updated to 3.4.11
- * Version 3.4.11 (released 2016-04-11)
- * * libgnutls: Fixes in gnutls_record_get/set_state() with DTLS.
- Reported by Fridolin Pokorny.
- * * libgnutls: Fixes in DSA key generation under PKCS #11. Report and
- patches by Jan Vcelak.
- * * libgnutls: Corrected behavior of ALPN extension parsing during
- session resumption. Report and patches by Yuriy M. Kaminskiy.
- * * libgnutls: Corrected regression (since 3.4.0) in
- gnutls_server_name_set() which caused it not to accept non-null-
- terminated hostnames. Reported by Tim Ruehsen.
- * * libgnutls: Corrected printing of the IP Adress name constraints.
- * * ocsptool: use HTTP/1.0 for requests. This avoids issue with servers
- serving chunk encoding which ocsptool doesn't support. Reported by
- Thomas Klute.
- * * certtool: do not require a CA for OCSP signing tag. This follows the
- recommendations in RFC6960 in 4.2.2.2 which allow a CA to delegate
- OCSP signing to another certificate without requiring it to be a CA.
- Reported by Thomas Klute.
- * Version 3.4.10 (released 2016-03-03)
- * * libgnutls: Eliminated issues preventing buffers more than 2^32 bytes
- to be used with hashing functions.
- * * libgnutls: Corrected leaks and other issues in
- gnutls_x509_crt_list_import().
- * * libgnutls: Fixes in DSA key handling for PKCS #11. Report and
- patches by Jan Vcelak.
- * * libgnutls: Several fixes to prevent relying on undefined behavior
- of C (found with libubsan).
- * Version 3.4.9 (released 2016-02-03)
- * * libgnutls: Corrected ALPN protocol negotiation. Before GnuTLS would
- negotiate the last commonly supported protocol, rather than the
- first. Reported by Remi Denis-Courmont (#63).
- * * libgnutls: Tolerate empty DN fields in informational output
- functions.
- * * libgnutls: Corrected regression causes by incorrect fix in
- gnutls_x509_ext_export_key_usage() at 3.4.8 release.
-
-- follow the work in the unbound package and use the
- libunbound-devel symbol for the buildrequires. we override it for
- the distro build with libunbound-devel-mini to avoid build loops.
-
-- reenable dane support, require unbound-devel bsc#964346
-- split out libgnutls-dane-devel to try to avoid build cycle.
-
-- Update to 3.4.8
- All changes since 3.4.4:
- * libgnutls: Corrected memory leak in gnutls_pubkey_import_privkey()
- when used with PKCS #11 keys.
- * libgnutls: For DSA and ECDSA keys in PKCS #11 objects, import
- their public keys from either a public key object or a certificate.
- That is, because private keys do not contain all the required
- parameters for a direct import.
- * libgnutls: Fixed issue when writing ECDSA private keys in PKCS #11
- tokens.
- * libgnutls: Fixed out-of-bounds read in
- gnutls_x509_ext_export_key_usage()
- * libgnutls: The CHACHA20-POLY1305 ciphersuites were updated to
- conform to draft-ietf-tls-chacha20-poly1305-02.
- * libgnutls: Several fixes in PKCS #7 signing which improve
- compatibility with the MacOSX tools.
- * libgnutls: The max-record extension not negotiated on DTLS. This
- resolves issue with the max-record being negotiated but ignored.
- * certtool: Added the --p7-include-cert and --p7-show-data options.
- * libgnutls: Properly require TLS 1.2 in all CBC-SHA256 and CBC-SHA384
- ciphersuites. This solves an interoperability issue with openssl.
- * libgnutls: Corrected the setting of salt size in
- gnutls_pkcs12_mac_info().
- * libgnutls: On a rehandshake allow switching from anonymous to ECDHE
- and DHE ciphersuites.
- * libgnutls: Corrected regression from 3.3.x which prevented
- ARCFOUR128 from using arbitrary key sizes.
- * libgnutls: Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs
- skipping the implicit global initialization.
- * gnutls.pc: Don't include libtool specific options to link flags.
- * tools: Better support for FTP AUTH TLS negotiation
- * libgnutls: Added new simple verification functions. That avoids the
- need to install a callback to perform certificate verification. See
- doc/examples/ex-client-x509.c for usage.
- * libgnutls: Introduced the security parameter 'future' which is at
- the 256-bit level of security, and 'ultra' was aligned to its
- documented size at 192-bits.
- * libgnutls: When writing a certificate into a PKCS #11 token, ensure
- that CKA_SERIAL_NUMBER and CKA_ISSUER are written.
- * libgnutls: Allow the presence of legacy ciphers and key exchanges in
- priority strings and consider them a no-op.
- * libgnutls: Handle the extended master secret as a mandatory
- extension. That fixes incompatibility issues with Chromium (#45).
- * libgnutls: Added the ability to copy a public key into a PKCS #11
- token.
- * tools: Added support for LDAP and XMPP negotiation for STARTTLS.
- * p11tool: Allow writing a public key into a PKCS #11 token.
- * certtool: Key generation security level was switched to HIGH. That
- is, by default the tool generates 3072 bit keys for RSA and DSA.
- * libgnutls: When re-importing CRLs to a trust list ensure that there
- no duplicate entries.
- * certtool: Removed any arbitrary limits imposed on input file sizes
- and maximum number of certificates imported.
- * certtool: Allow specifying fixed dates on CRL generation.
- * gnutls-cli-debug: Added check for inappropriate fallback support
- (RFC7507).
-
-- Update to 3.4.4
- This update contains a fix for a denial of service vulnerability:
- * Allow the parsing of very long DNs. Also fixes double free
- in DN decoding [GNUTLS-SA-2015-3]. boo#941794 CVE-2015-6251
- Other changes:
- * Add high level API (gnutls_prf_rfc5705) to access the PRF as
- specified by RFC5705.
- * Link to trousers (TPM library) dynamically when this
- functionality is requested. (disabled in SUSE package)
- * Fix issue with server side sending the status request extension
- even when not requested.
- * Add support for RFC7507 by introducing the %FALLBACK_SCSV
- priority string option.
- * gnutls_pkcs11_privkey_generate2() will store the generated
- public key, unless the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY
- flag is specified.
- * Correct regression from 3.4.3 in loading PKCS #8 keys as fallback.
- * API and ABI modifications:
- gnutls_prf_rfc5705: Added
- gnutls_hex_encode2: Added
- gnutls_hex_decode2: Added
-- build with autogen for libopts compatibility
-- fix failures in test suite, add upstream commits
- 0001-certtool-lifted-limits-on-file-size-to-load.patch
- 0002-certtool-eliminated-memory-leaks-due-to-new-cert-loa.patch
-
-- update to 3.4.3
- * * libgnutls: Follow closely RFC5280 recommendations and use UTCTime for
- dates prior to 2050.
- * * libgnutls: Force 16-byte alignment to all input to ciphers (previously it
- was done only when cryptodev was enabled).
- * * libgnutls: Removed support for pthread_atfork() as it has undefined
- semantics when used with dlopen(), and may lead to a crash.
- * * libgnutls: corrected failure when importing plain files
- with gnutls_x509_privkey_import2(), and a password was provided.
- * * libgnutls: Don't reject certificates if a CA has the URI or IP address
- name constraints, and the end certificate doesn't have an IP address
- name or a URI set.
- * * libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites.
- * * p11tool: Added --list-token-urls option, and print the token module name
- in list-tokens.
- * * libgnutls: DTLS blocking API is more robust against infinite blocking,
- and will notify of more possible timeouts.
- * * libgnutls: corrected regression with Camellia-256-GCM cipher. Reported
- by Manuel Pegourie-Gonnard.
- * * libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
- allows to disable SIGPIPE for writes done within gnutls.
- * * libgnutls: Enhanced the PKCS #7 API to allow signing and verification
- of structures. API moved to gnutls/pkcs7.h header.
- * * certtool: Added options to generate PKCS #7 bundles and signed
- structures.
-- includes changes from 3.4.2:
- * DTLS blocking API is more robust against infinite blocking,
- and will notify of more possible timeouts.
- * Correct regression with Camellia-256-GCM cipher.
- * Introduce the GNUTLS_NO_SIGNAL flag to gnutls_init(). That
- allows to disable SIGPIPE for writes done within gnutls.
- * Enhance the PKCS #7 API to allow signing and verification
- of structures. Move API to gnutls/pkcs7.h header.
- * certtool: Added options to generate PKCS #7 bundles and signed
- structures.
-
-- disable testsuite run against valgrind on aarch64
-
-- Updated to 3.4.1 (released 2015-05-03)
- * * libgnutls: gnutls_certificate_get_ours: will return the certificate even
- if a callback was used to send it.
- * * libgnutls: Check for invalid length in the X.509 version field. Without
- the check certificates with invalid length would be detected as having an
- arbitrary version. Reported by Hanno Böck.
- * * libgnutls: Handle DNS name constraints with a leading dot. Patch by
- Fotis Loukos.
- * * libgnutls: Updated system-keys support for windows to compile in more
- versions of mingw. Patch by Tim Kosse.
- * * libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by
- Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. bsc#929690
- * * libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout
- by default. That caused issues with non-blocking programs.
- * * certtool: It can generate SHA256 key IDs.
- * * gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos.
- * * API and ABI modifications: gnutls_x509_crt_get_pk_ecc_raw: Added
-- gnutls-fix-double-mans.patch: fixed upstream
-
-- Disable buggy valgrind on armv7l
-
-- updated to 3.4.0 (released 2015-04-08)
- * * libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251)
- ciphersuites. The former are enabled by default, the latter need to be
- explicitly enabled, since they reduce the overall security level.
- * * libgnutls: Added support for Chacha20-Poly1305 ciphersuites following
- draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10.
- That is currently provided as technology preview and is not enabled by
- default, since there are no assigned ciphersuite points by IETF and there
- is no guarrantee of compatibility between draft versions. The ciphersuite
- priority string to enable it is "+CHACHA20-POLY1305".
- * * libgnutls: Added support for encrypt-then-authenticate in CBC
- ciphersuites (RFC7366 -taking into account its errata text). This is
- enabled by default and can be disabled using the %NO_ETM priority
- string.
- * * libgnutls: Added support for the extended master secret
- (triple-handshake fix) following draft-ietf-tls-session-hash-02.
- * * libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h).
- * * libgnutls: SSL 3.0 is no longer included in the default priorities
- list. It has to be explicitly enabled, e.g., with a string like
- "NORMAL:+VERS-SSL3.0".
- * * libgnutls: ARCFOUR (RC4) is no longer included in the default priorities
- list. It has to be explicitly enabled, e.g., with a string like
- "NORMAL:+ARCFOUR-128".
- * * libgnutls: DSA signatures and DHE-DSS are no longer included in the
- default priorities list. They have to be explicitly enabled, e.g., with
- a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The
- DSA ciphersuites were dropped because they had no deployment at all
- on the internet, to justify their inclusion.
- * * libgnutls: The priority string EXPORT was completely removed. The string
- was already defunc as support for the EXPORT ciphersuites was removed in
- GnuTLS 3.2.0.
- * * libgnutls: Added API to utilize system specific private keys in
- "gnutls/system-keys.h". It is currently provided as technology preview
- and is restricted to windows CNG keys.
- * * libgnutls: gnutls_x509_crt_check_hostname() and friends will use
- RFC6125 comparison of hostnames. That introduces a dependency on libidn.
- * * libgnutls: Depend on p11-kit 0.23.1 to comply with the final
- PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21).
- * * libgnutls: Depend on nettle 3.1.
- * * libgnutls: Use getrandom() or getentropy() when available. That
- avoids the complexity of file descriptor handling and issues with
- applications closing all open file descriptors on startup.
- * * libgnutls: Use pthread_atfork() to detect fork when available.
- * * libgnutls: The gnutls_handshake() process will enforce a timeout by
- default.
- * * libgnutls: If a key purpose (extended key usage) is specified for verification,
- it is applied into intermediate certificates. The verification result
- GNUTLS_CERT_PURPOSE_MISMATCH is also introduced.
- * * libgnutls: When gnutls_certificate_set_x509_key_file2() is used in
- combination with PKCS #11, or TPM URLs, it will utilize the provided
- password as PIN if required. That removes the requirement for the
- application to set a callback for PINs in that case.
- * * libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are
- restricted to the corresponding protocols only, and the VERS-ALL
- string is introduced to catch all possible protocols.
- * * libgnutls: Added helper functions to obtain information on PKCS #8
- structures.
- * * libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t
- will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED.
- * * libgnutls: Added functions to export and set the record state. That
- allows for gnutls_record_send() and recv() to be offloaded (to kernel,
- hardware or any other subsystem).
- * * libgnutls: Added the ability to register application specific URL
- types, which express certificates and keys using gnutls_register_custom_url().
- * * libgnutls: Added API to override existing ciphers, digests and MACs, e.g.,
- to override AES-GCM using a system-specific accelerator. That is, (crypto.h)
- gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(),
- gnutls_crypto_register_mac(), and gnutls_crypto_register_digest().
- * * libgnutls: Added gnutls_ext_register() to register custom extensions.
- Contributed by Thierry Quemerais.
- * * libgnutls: Added gnutls_supplemental_register() to register custom
- supplemental data handshake messages. Contributed by Thierry Quemerais.
- * * libgnutls-openssl: it is no longer built by default.
- * * certtool: Added --p8-info option, which will print PKCS #8 information
- even if the password is not available.
- * * certtool: --key-info option will print PKCS #8 encryption information
- when available.
- * * certtool: Added the --key-id and --fingerprint options.
- * * certtool: Added the --verify-hostname, --verify-email and --verify-purpose
- options to be used in certificate chain verification, to simulate verification
- for specific hostname and key purpose (extended key usage).
- * * certtool: --p12-info option will print PKCS #12 MAC and cipher information
- when available.
- * * certtool: it will print the A-label (ACE) names in addition to UTF-8.
- * * p11tool: added options --set-id and --set-label.
- * * gnutls-cli: added options --priority-list and --save-cert.
- * * guile: Deprecated priority API has been removed. The old priority API,
- which had been deprecated for some time, is now gone; use 'set-session-priorities!'
- instead.
- * * guile: Remove RSA parameters and related procedures. This API had been
- deprecated.
- * * guile: Fix compilation on MinGW. Previously only the static version of the
- 'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile.
-
-- updated to 3.3.13 (released 2015-03-30)
- * * libgnutls: When retrieving OCTET STRINGS from PKCS #12 ContentInfo
- structures use BER to decode them (requires libtasn1 4.3). That allows
- to decode some more complex structures.
- * * libgnutls: When an end-certificate with no name is present and there
- are CA name constraints, don't reject the certificate. This follows RFC5280
- advice closely. Reported by Fotis Loukos.
- * * libgnutls: Fixed handling of supplemental data with types > 255.
- Patch by Thierry Quemerais.
- * * libgnutls: Fixed double free in the parsing of CRL distribution points certificate
- extension. Reported by Robert Święcki.
- * * libgnutls: Fixed a two-byte stack overflow in DTLS 0.9 protocol. That
- protocol is not enabled by default (used by openconnect VPN).
- * * libgnutls: The maximum user data send size is set to be the same for
- block and non-block ciphersuites. This addresses a regression with wine:
- https://bugs.winehq.org/show_bug.cgi?id=37500
- * * libgnutls: When generating PKCS #11 keys, set CKA_ID, CKA_SIGN,
- and CKA_DECRYPT when needed.
- * * libgnutls: Allow names with zero size to be set using
- gnutls_server_name_set(). That will disable the Server Name Indication.
- Resolves issue with wine: https://gitlab.com/gnutls/gnutls/issues/2
-- new main library major version .so.30
-- requires new libnettle >= 3.1, p11-kit-devel >= 0.23.1
-- Now need to configure --enable-openssl-compatibility (might go away)
-- added gnutls-fix-double-mans.patch: avoid double installing manpages
-- dropped gnutls-3.0.26-skip-test-fwrite.patch: does not seem to be needed
- anymore
-- install_info_delete moved from %postun to %preun
-
-- for DANE support, use bcond_with
-- for tpm support, same
-- note p11-kit >= 0.20.7 requirement
-- note libtasn1 3.9 requirement (built-in lib used otherwise)
-
-- disable trousers and unbound again for now, as it causes too long
- build cycles.
-
-- added unbound-devel (for DANE) and trousers-devel (for TPM support)
-- removed now upstreamed gnutls-implement-trust-store-dir-3.2.8.diff
-- libgnutls-dane0 new library added
-- updated to 3.3.13 (released 2015-02-25)
- * * libgnutls: Enable AESNI in GCM on x86
- * * libgnutls: Fixes in DTLS message handling
- * * libgnutls: Check certificate algorithm consistency, i.e.,
- check whether the signatureAlgorithm field matches the signature
- field inside TBSCertificate.
- * * gnutls-cli: Fixes in OCSP verification.
-- Version 3.3.12 (released 2015-01-17)
- * * libgnutls: When negotiating TLS use the lowest enabled version in
- the client hello, rather than the lowest supported. In addition, do
- not use SSL 3.0 as a version in the TLS record layer, unless SSL 3.0
- is the only protocol supported. That addresses issues with servers that
- immediately drop the connection when the encounter SSL 3.0 as the record
- version number. See:
- http://lists.gnutls.org/pipermail/gnutls-help/2014-November/003673.html
- * * libgnutls: Corrected encoding and decoding of ANSI X9.62 parameters.
- * * libgnutls: Handle zero length plaintext for VIA PadLock functions.
- This solves a potential crash on AES encryption for small size plaintext.
- Patch by Matthias-Christian Ott.
- * * libgnutls: In DTLS don't combine multiple packets which exceed MTU.
- Reported by Andreas Schultz. https://savannah.gnu.org/support/?108715
- * * libgnutls: In DTLS decode all handshake packets present in a record
- packet, in a single pass. Reported by Andreas Schultz.
- https://savannah.gnu.org/support/?108712
- * * libgnutls: When importing a CA file with a PKCS #11 URL, simply
- import the certificates, if the URL specifies objects, rather than
- treating it as trust module.
- * * libgnutls: When importing a PKCS #11 URL and we know the type of
- object we are importing, don't require the object type in the URL.
- * * libgnutls: fixed openpgp authentication when gnutls_certificate_set_retrieve_function2
- was used by the server.
- * * certtool: --pubkey-info will also attempt to load a public key from stdin.
- * * gnutls-cli: Added --starttls-proto option. That allows to specify a
- protocol for starttls negotiation.
-- Version 3.3.11 (released 2014-12-11)
- * * libgnutls: Corrected regression introduced in 3.3.9 related to
- session renegotiation. Reported by Dan Winship.
- * * libgnutls: Corrected parsing issue with OCSP responses.
-- Version 3.3.10 (released 2014-11-10)
- * * libgnutls: Refuse to import v1 or v2 certificates that contain
- extensions.
- * * libgnutls: Fixes in usage of PKCS #11 token callback
- * * libgnutls: Fixed bug in gnutls_x509_trust_list_get_issuer() when used
- with a PKCS #11 trust module and without the GNUTLS_TL_GET_COPY flag.
- Reported by David Woodhouse.
- * * libgnutls: Removed superfluous random generator refresh on every call
- of gnutls_deinit(). That reduces load and usage of /dev/urandom.
- * * libgnutls: Corrected issue in export of ECC parameters to X9.63 format.
- Reported by Sean Burford [GNUTLS-SA-2014-5].
- * * libgnutls: When gnutls_global_init() is called for a second time, it
- will check whether the /dev/urandom fd kept is still open and matches
- the original one. That behavior works around issues with servers that
- close all file descriptors.
- * * libgnutls: Corrected behavior with PKCS #11 objects that are marked
- as CKA_ALWAYS_AUTHENTICATE.
- * * certtool: The default cipher for PKCS #12 structures is 3des-pkcs12.
- That option is more compatible than AES or RC4.
-- Version 3.3.9 (released 2014-10-13)
- * * libgnutls: Fixes in the transparent import of PKCS #11 certificates.
- Reported by Joseph Peruski.
- * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the
- handshake's hash buffer, in applications using the heartbeat extension
- or DTLS. Reported by Joeri de Ruiter.
- * * libgnutls: When both a trust module and additional CAs are present
- account the latter as well; reported by David Woodhouse.
- * * libgnutls: added GNUTLS_TL_GET_COPY flag for
- gnutls_x509_trust_list_get_issuer(). That allows the function to be used
- in a thread safe way when PKCS #11 trust modules are in use.
- * * libgnutls: fix issue in DTLS retransmission when session tickets
- were in use; reported by Manuel Pégourié-Gonnard.
- * * libgnutls-dane: Do not require the CA on a ca match to be direct CA.
- * * libgnutls: Prevent abort() in library if getrusage() fails. Try to
- detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
- * * guile: new 'set-session-server-name!' procedure; see the manual for
- details.
- * * certtool: The authority key identifier will be set in a certificate only
- if the CA's subject key identifier is set.
-- Version 3.3.8 (released 2014-09-18)
- * * libgnutls: Updates in the name constraints checks. No name constraints
- will be checked for intermediate certificates. As our support for name
- constraints is limited to e-mail addresses in DNS names, it is pointless
- to check them on intermediate certificates.
- * * libgnutls: Fixed issues in PKCS #11 object listing. Previously multiple
- object listing would fail completely if a single object could not be exported.
- * * libgnutls: Improved the performance of PKCS #11 object listing/retrieving,
- by retrieving them in large batches. Report and suggestion by David
- Woodhouse.
- * * libgnutls: Fixed issue with certificates being sanitized by gnutls prior
- to signature verification. That resulted to certain non-DER compliant modifications
- of valid certificates, being corrected by libtasn1's parser and restructured as
- the original. Issue found and reported by Antti Karjalainen and Matti Kamunen from
- Codenomicon.
- * * libgnutls: Fixes in gnutls_x509_crt_set_dn() and friends to properly handle
- strings with embedded spaces and escaped commas.
- * * libgnutls: when comparing a CA certificate with the trusted list compare
- the name and key only instead of the whole certificate. That is to handle
- cases where a CA certificate was superceded by a different one with the same
- name and the same key.
- * * libgnutls: when verifying a certificate against a p11-kit trusted
- module, use the attached extensions in the module to override the CA's
- extensions (that requires p11-kit 0.20.7).
- * * libgnutls: In DTLS prevent sending zero-size fragments in certain cases
- of MTU split. Reported by Manuel Pégourié-Gonnard.
- * * libgnutls: Added gnutls_x509_trust_list_verify_crt2() which allows
- verifying using a hostname and a purpose (extended key usage). That
- enhances PKCS #11 trust module verification, as it can now check the purpose
- when this function is used.
- * * libgnutls: Corrected gnutls_x509_crl_verify() which would always report
- a CRL signature as invalid. Reported by Armin Burgmeier.
- * * libgnutls: added option --disable-padlock to allow disabling the padlock
- CPU acceleration.
- * * p11tool: when listing tokens, list their type as well.
- * * p11tool: when listing objects from a trust module print any attached
- extensions on certificates.
-- Version 3.3.7 (released 2014-08-24)
- * * libgnutls: Added function to export the public key of a PKCS #11
- private key. Contributed by Wolfgang Meyer zu Bergsten.
- * * libgnutls: Explicitly set the exponent in PKCS #11 key generation.
- That improves compatibility with certain PKCS #11 modules. Contributed by
- Wolfgang Meyer zu Bergsten.
- * * libgnutls: When generating a PKCS #11 private key allow setting
- the WRAP/UNWRAP flags. Contributed by Wolfgang Meyer zu Bergsten.
- * * libgnutls: gnutls_pkcs11_privkey_t will always hold an open session
- to the key.
- * * libgnutls: bundle replacements of inet_pton and inet_aton if not
- available.
- * * libgnutls: initialize parameters variable on PKCS #8 decryption.
- * * libgnutls: gnutls_pkcs12_verify_mac() will not fail in other than SHA1
- algorithms.
- * * libgnutls: gnutls_x509_crt_check_hostname() will follow the RFC6125
- requirement of checking the Common Name (CN) part of DN only if there is
- a single CN present in the certificate.
- * * libgnutls: The environment variable GNUTLS_FORCE_FIPS_MODE can be used
- to force the FIPS mode, when set to 1.
- * * libgnutls: In DTLS ignore only errors that relate to unexpected packets
- and decryption failures.
- * * p11tool: Added --info parameter.
- * * certtool: Added --mark-wrap parameter.
- * * danetool: --check will attempt to retrieve the server's certificate
- chain and verify against it.
- * * danetool/gnutls-cli-debug: Added --app-proto parameters which can
- be used to enforce starttls (currently only SMTP and IMAP) on the connection.
- * * danetool: Added openssl linking exception, to allow linking
- with libunbound.
-- Version 3.3.6 (released 2014-07-23)
- * * libgnutls: Use inet_ntop to print IP addresses when available
- * * libgnutls: gnutls_x509_crt_check_hostname and friends will also check
- IP addresses, and match documented behavior. Reported by David Woodhouse.
- * * libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024
- bit parameters.
- * * libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens
- being usable after a reinitialization.
- * * libgnutls: fixed PKCS #11 private key operations after a fork.
- * * libgnutls: fixed PKCS #11 ECDSA key generation.
- * * libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to
- explicitly enable/disable the use of certain CPU capabilities. Note that CPU
- detection cannot be overriden, i.e., VIA options cannot be enabled on an Intel
- CPU. The currently available options are:
- 0x1: Disable all run-time detected optimizations
- 0x2: Enable AES-NI
- 0x4: Enable SSSE3
- 0x8: Enable PCLMUL
- 0x100000: Enable VIA padlock
- 0x200000: Enable VIA PHE
- 0x400000: Enable VIA PHE SHA512
- * * libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott.
- * * p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set.
- * * p11tool: ask for label when one isn't provided.
- * * p11tool: added --batch parameter to disable any interactivity.
- * * p11tool: will not implicitly enable so-login for certain types of
- objects. That avoids issues with tokens that require different login
- types.
- * * certtool/p11tool: Added the --curve parameter which allows to explicitly
- specify the curve to use.
-- Version 3.3.5 (released 2014-06-26)
- * * libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit().
- These functions provide a variant of gnutls_record_recv() that avoids
- the final memcpy of data.
- * * libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a
- faster variant of gnutls_x509_crl_get_crt_serial() when coping with
- very large structures.
- * * libgnutls: When the decoding of a printable DN element fails, then treat
- it as unknown and print its hex value rather than failing. That works around
- an issue in a TURKTRST root certificate which improperly encodes the
- X520countryName element.
- * * libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number
- of certificates present in a PKCS #11 token when loading it.
- * * libgnutls: Allow the post client hello callback to put the handshake on
- hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED.
- * * certtool: option --to-p12 will now consider --load-ca-certificate
- * * certtol: Added option to specify the PKCS #12 friendly name on command line.
- * * p11tool: Allow marking a certificate copied to a token as a CA.
-- Version 3.3.4 (released 2014-05-31)
- * * libgnutls: Updated Andy Polyakov's assembly code. That prevents a
- crash on certain CPUs.
-- Version 3.3.3 (released 2014-05-30)
- * * libgnutls: Eliminated memory corruption issue in Server Hello parsing.
- Issue reported by Joonas Kuorilehto of Codenomicon.
- * * libgnutls: gnutls_global_set_mutex() was modified to operate with the
- new initialization process.
- * * libgnutls: Increased the maximum certificate size buffer
- in the PKCS #11 subsystem.
- * * libgnutls: Check the return code of getpwuid_r() instead of relying
- on the result value. That avoids issue in certain systems, when using
- tofu authentication and the home path cannot be determined. Issue reported
- by Viktor Dukhovni.
- * * libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to
- create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552
- * * gnutls-cli: --dane will only check the end certificate if PKIX validation
- has been disabled.
- * * gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot
- be emulated with the implicit initialization of gnutls.
- * * certtool: Allow multiple organizations and organizational unit names to
- be specified in a template.
- * * certtool: Warn when invalid configuration options are set to a template.
- * * ocsptool: Include path in ocsp request. This resolves #108582
- (https://savannah.gnu.org/support/?108582), reported by Matt McCutchen.
-- Version 3.3.2 (released 2014-05-06)
- * * libgnutls: Added the 'very weak' certificate verification profile
- that corresponds to 64-bit security level.
- * * libgnutls: Corrected file descriptor leak on random generator
- initialization.
- * * libgnutls: Corrected file descriptor leak on PSK password file
- reading. Issue identified using the Codenomicon TLS test suite.
- * * libgnutls: Avoid deinitialization if initialization has failed.
- * * libgnutls: null-terminate othername alternative names.
- * * libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly
- on a PKCS #11 trust list.
- * * libgnutls: Several small bug fixes identified using valgrind and
- the Codenomicon TLS test suite.
- * * libgnutls-dane: Accept a certificate using DANE if there is at least one
- entry that matches the certificate. Patch by simon [at] arlott.org.
- * * libgnutls-guile: Fixed compilation issue.
- * * certtool: Allow exporting a CRL on DER format.
- * * certtool: The ECDSA keys generated by default use the SECP256R1 curve
- which is supported more widely than the previously used SECP224R1.
-- Version 3.3.1 (released 2014-04-19)
- * * libgnutls: Enforce more strict checks to heartbeat messages
- concerning padding and payload. Suggested by Peter Dettman.
- * * libgnutls: Allow decoding PKCS #8 files with ECC parameters
- from openssl.
- * * libgnutls: Several small bug fixes found by coverity.
- * * libgnutls: The conditionally available self-test functions
- were moved to self-test.h.
- * * libgnutls: Fixed issue with the check of incoming data when two
- different recv and send pointers have been specified. Reported and
- investigated by JMRecio.
- * * libgnutls: Fixed issue in the RSA-PSK key exchange, which would
- result to illegal memory access if a server hint was provided. Reported
- by André Klitzing.
- * * libgnutls: Fixed client memory leak in the PSK key exchange, if a
- server hint was provided.
- * * libgnutls: Corrected the *get_*_othername_oid() functions.
-- Version 3.3.0 (released 2014-04-10)
- * * libgnutls: The initialization of the library was moved to a
- constructor. That is, gnutls_global_init() is no longer required
- unless linking with a static library or a system that does not
- support library constructors.
- * * libgnutls: static libraries are not built by default.
- * * libgnutls: PKCS #11 initialization is delayed to first usage.
- That avoids long delays in gnutls initialization due to broken PKCS #11
- modules.
- * * libgnutls: The PKCS #11 subsystem is re-initialized "automatically"
- on the first PKCS #11 API call after a fork.
- * * libgnutls: certificate verification profiles were introduced
- that can be specified as flags to verification functions. They
- are enumerations in gnutls_certificate_verification_profiles_t
- and can be converted to flags for use in a verification function
- using GNUTLS_PROFILE_TO_VFLAGS().
- * * libgnutls: Added the ability to read system-specific initial
- keywords, if they are prefixed with '@'. That allows a compile-time
- specified configuration file to be used to read pre-configured priority
- strings from. That can be used to impose system specific policies.
- * * libgnutls: Increased the default security level of priority
- strings (NORMAL and PFS strings require at minimum a 1008 DH prime),
- and set a verification profile by default. The LEGACY keyword is
- introduced to set the old defaults.
- * * libgnutls: Added support for the name constraints PKIX extension.
- Currently only DNS names and e-mails are supported (no URIs, IPs
- or DNs).
- * * libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to
- SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL.
- * * libgnutls: Added new API in x509-ext.h to handle X.509 extensions.
- This API handles the X.509 extensions in isolation, allowing to parse
- similarly formatted extensions stored in other structures.
- * * libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS
- can be used to specify a particular subgroup as the number of bits in
- gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256).
- * * libgnutls: DH parameter generation is now delegated to nettle.
- That unfortunately has the side-effect that DH parameters longer than
- 3072 bits, cannot be generated (not without a nettle update).
- * * libgnutls: Separated nonce RNG from the main RNG. The nonce
- random number generator is based on salsa20/12.
- * * libgnutls: The buffer alignment provided to crypto backend is
- enforced to be 16-byte aligned, when compiled with cryptodev
- support. That allows certain cryptodev drivers to operate more
- efficiently.
- * * libgnutls: Return error when a public/private key pair that doesn't
- match is set into a credentials structure.
- * * libgnutls: Depend on p11-kit 0.20.0 or later.
- * * libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has
- been removed. It was not approved by IETF.
- * * libgnutls: The experimental xssl library is removed from the gnutls
- distribution.
- * * libgnutls: Reduced the number of gnulib modules used in the main library.
- * * libgnutls: Added priority string %DISABLE_WILDCARDS.
- * * libgnutls: Added the more extensible verification function
- gnutls_certificate_verify_peers(), that allows checking, in addition
- to a peer's DNS hostname, for the key purpose of the end certificate
- (via PKIX extended key usage).
- * * certtool: Timestamps for serial numbers were increased to 8 bytes,
- and in batch mode to 12 (appended with 4 random bytes).
- * * certtool: When no CRL number is provided (or value set to -1), then
- a time-based number will be used, similarly to the serial generation
- number in certificates.
- * * certtool: Print the SHA256 fingerprint of a certificate in addition
- to SHA1.
- * * libgnutls: Added --enable-fips140-mode configuration option (unsupported).
- That option enables (when running on FIPS140-enabled system):
- o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes)
- o The DRBG-CTR-AES256 deterministic random generator from SP800-90A.
- o Self-tests on initialization on ciphers/MACs, public key algorithms
- and the random generator.
- o HMAC-SHA256 verification of the library on load.
- o MD5 is included for TLS purposes but cannot be used by the high level
- hashing functions.
- o All ciphers except AES are disabled.
- o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5).
- o All keys (temporal and long term) are zeroized after use.
- o Security levels are adjusted to the FIPS140-2 recommendations (rather
- than ECRYPT).
-
-- build with PIE for commandline tools
-
-- Updated to 3.2.21 (released 2014-12-11)
- - libgnutls: Corrected regression introduced in 3.2.19 related to
- session renegotiation. Reported by Dan Winship.
- - libgnutls: Corrected parsing issue with OCSP responses.
-
-- Updated to 3.2.20 (released 2014-11-10)
- * * libgnutls: Removed superfluous random generator refresh on every
- call of gnutls_deinit(). That reduces load and usage of /dev/urandom.
- * * libgnutls: Corrected issue in export of ECC parameters to X9.63
- format. Reported by Sean Burford [GNUTLS-SA-2014-5].
- (CVE-2014-8564 bnc#904603)
-- Updated to 3.2.19 (released 2014-10-13)
- * * libgnutls: Fixes in the transparent import of PKCS #11 certificates.
- Reported by Joseph Peruski.
- * * libgnutls: Fixed issue with unexpected non-fatal errors resetting the
- handshake's hash buffer, in applications using the heartbeat extension
- or DTLS. Reported by Joeri de Ruiter.
- * * libgnutls: fix issue in DTLS retransmission when session tickets were
- in use; reported by Manuel Pégourié-Gonnard.
- * * libgnutls: Prevent abort() in library if getrusage() fails. Try to
- detect instead which of RUSAGE_THREAD and RUSAGE_SELF would work.
- * * guile: new 'set-session-server-name!' procedure; see the manual
- for details.
-
kdump
+- pull from new upstream SLE-15-SP5 branch
+- copy SLE-15-SP4 calibration data for SLE-15-SP5
+
kernel-default
+- arm64: Discard .note.GNU-stack section (bsc#1203693).
+- commit a5e7cb4
+
+- media: i2c: ov2640: Depend on V4L2_ASYNC (git-fixes).
+- commit 91b3b5b
+
+- Update
+ patches.suse/usb-typec-intel_pmc_mux-Add-new-ACPI-ID-for-Meteor-L.patch
+ (jsc#PED-1211).
+ Adding Jira
+- commit 5026c96
+
+- Update
+ patches.suse/usb-dwc3-pci-Add-support-for-Intel-Raptor-Lake.patch
+ (jsc#PED-1715).
+ Only adding Jira
+- commit af0fb94
+
+- xhci: Don't defer primary roothub registration if there is
+ only one roothub (jsc#PED-531).
+- commit bb0af18
+
+- xhci: prevent U2 link power state if Intel tier policy prevented
+ U1 (jsc#PED-531).
+- commit 4580e55
+
+- xhci: use generic command timer for stop endpoint commands
+ (jsc#PED-531).
+- commit 0f31a26
+
+- usb: host: xhci-plat: omit shared hcd if either root hub has
+ no ports (jsc#PED-531).
+- commit 2387fca
+
+- usb: host: xhci-plat: prepare operation w/o shared hcd
+ (jsc#PED-531).
+- commit 47afbac
+
+- usb: host: xhci-plat: create shared hcd after having added
+ main hcd (jsc#PED-531).
+- commit f9fd004
+
+- xhci: prepare for operation w/o shared hcd (jsc#PED-531).
+- commit 09ce63b
+
+- xhci: factor out parts of xhci_gen_setup() (jsc#PED-531).
+- commit 783aae7
+
+- usb: xhci-mtk: add support optional controller reset
+ (jsc#PED-531).
+- commit b567962
+
+- usb/core: fix repeated words in comments (git-fixes).
+- commit 5f46c47
+
+- usb: core: sysfs: convert sysfs snprintf to sysfs_emit
+ (git-fixes).
+- commit 40a09c7
+
+- usb: Avoid extra usb SET_SEL requests when enabling link power
+ management (jsc#PED-531).
+- commit 3988270
+
+- usb: hub: port: add sysfs entry to switch port power
+ (jsc#PED-531).
+- commit 9c3549e
+
+- powerpc/papr_scm: Ensure rc is always initialized in
+ papr_scm_pmu_register() (jsc#PED-1925).
+- tools/testing/nvdimm: Fix security_init() symbol collision
+ (jsc#PED-1925).
+- commit a333f5d
+
+- powerpc/papr_scm: don't requests stats with '0' sized stats
+ buffer (jsc#PED-1925).
+- commit 3918fb0
+
+- powerpc/papr_scm: Fix nvdimm event mappings (jsc#PED-557).
+- powerpc/papr_scm: Fix leaking nvdimm_events_map elements
+ (jsc#PED-557).
+- drivers/nvdimm: Fix build failure when CONFIG_PERF_EVENTS is
+ not set (jsc#PED-1925).
+- commit 8ecc2ba
+
+- x86: clk: clk-fch: Add support for newer family of AMD's SOC
+ (jsc#PED-1408).
+- commit c6a96ee
+
+- ACPI: tools: Introduce utility for firmware updates/telemetry
+ (jsc#PED-1408).
+- efi: Introduce EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER and
+ corresponding structures (jsc#PED-1408).
+- commit a7f95e0
+
+- powerpc/papr_scm: Fix buffer overflow issue with
+ CONFIG_FORTIFY_SOURCE (jsc#PED-1925).
+- powerpc/papr_scm: Fix build failure when (jsc#PED-1925).
+- powerpc/papr_scm: Add perf interface support (jsc#PED-1925).
+- drivers/nvdimm: Add perf interface to expose nvdimm performance
+ stats (jsc#PED-1925).
+- drivers/nvdimm: Add nvdimm pmu structure (jsc#PED-1925).
+- commit 61ab009
+
+- Revert "ACPI: processor: idle: Only flush cache on entering C3"
+ (jsc#PED-1408).
+- Revert "ACPI: scan: Do not add device IDs from _CID if _HID
+ is not valid" (jsc#PED-1408).
+- ACPI: tables: Quiet ACPI table not found warning (jsc#PED-1408).
+- ACPI: require CRC32 to build (jsc#PED-1408).
+- ACPI: DPTF: Support Raptor Lake (jsc#PED-1408).
+- ACPI: CPPC: Drop redundant local variable from cpc_read()
+ (jsc#PED-1408).
+- ACPI: CPPC: Fix up I/O port access in cpc_read() (jsc#PED-1408).
+- ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl()
+ (jsc#PED-1408).
+- ACPI: pfr_update: Fix return value check in pfru_write()
+ (jsc#PED-1408).
+- ACPI: Introduce Platform Firmware Runtime Telemetry driver
+ (jsc#PED-1408).
+- Update supported.conf
+ - add drivers/acpi/pfr_telemetry.ko
+ ACPI Platform Firmware Runtime Telemetry driver
+- ACPI: Introduce Platform Firmware Runtime Update device driver
+ (jsc#PED-1408).
+- Update config files.
+- Update supported.conf
+ - add drivers/acpi/pfr_update.ko
+ ACPI Platform Firmware Runtime Update Device driver
+- ACPI: SPCR: check if table->serial_port.access_width is too wide
+ (jsc#PED-1408).
+- ACPI: scan: Rename label in acpi_scan_init() (jsc#PED-1408).
+- ACPI: scan: Simplify initialization of power and sleep buttons
+ (jsc#PED-1408).
+- ACPI: scan: Change acpi_scan_init() return value type to void
+ (jsc#PED-1408).
+- x86/PCI: Remove initialization of static variables to false
+ (jsc#PED-1408).
+- ACPI: APD: Add a fmw property clk-name (jsc#PED-1408).
+- drivers: acpi: acpi_apd: Remove unused device property "is-rv"
+ (jsc#PED-1408).
+- ACPI: Add a context argument for table parsing handlers
+ (jsc#PED-1408).
+- ACPI: Teach ACPI table parsing about the CEDT header format
+ (jsc#PED-1408).
+- ACPI: Keep sub-table parsing infrastructure available for
+ modules (jsc#PED-1408).
+- ACPI: NFIT: Import GUID before use (jsc#PED-1408).
+- PM: hibernate: Allow ACPI hardware signature to be honoured
+ (jsc#PED-1408).
+- ACPI: CPPC: Add CPPC enable register function (jsc#PED-1408).
+- ACPI: CPPC: Implement support for SystemIO registers
+ (jsc#PED-1408).
+- ACPI: CPPC: Amend documentation in the comments (jsc#PED-1408).
+- ACPI: sysfs: use default_groups in kobj_type (jsc#PED-1408).
+- ACPI: NUMA: Process hotpluggable memblocks when
+ !CONFIG_MEMORY_HOTPLUG (jsc#PED-1408).
+- ACPI: tables: Add AEST to the list of known table signatures
+ (jsc#PED-1408).
+- ACPI: DPTF: Update device ID in a comment (jsc#PED-1408).
+- ACPI: PMIC: xpower: Fix _TMP ACPI errors (jsc#PED-1408).
+- ACPI: PMIC: allow drivers to provide a custom lpat_raw_to_temp()
+ function (jsc#PED-1408).
+- ACPI: PMIC: constify all struct intel_pmic_opregion_data
+ declarations (jsc#PED-1408).
+- ACPI / x86: Skip AC and battery devices on x86 Android tablets
+ with broken DSDTs (jsc#PED-1408).
+- ACPI / x86: Introduce an acpi_quirk_skip_acpi_ac_and_battery()
+ helper (jsc#PED-1408).
+ Refresh
+ patches.suse/ACPI-battery-Add-the-ThinkPad-Not-Charging-quirk.patch.
+- ACPI / x86: Add PWM2 on the Xiaomi Mi Pad 2 to the
+ always_present list (jsc#PED-1408).
+- ACPI: processor: thermal: avoid cpufreq_get_policy()
+ (jsc#PED-1408).
+- ACPI: processor: idle: Only flush cache on entering C3
+ (jsc#PED-1408).
+- ACPI: processor idle: Use swap() instead of open coding it
+ (jsc#PED-1408).
+- ACPI: processor: Replace kernel.h with the necessary inclusions
+ (jsc#PED-1408).
+- ACPI: EC: Mark the ec_sys write_support param as
+ module_param_hw() (jsc#PED-1408).
+- ACPI: EC: Relocate acpi_ec_create_query() and drop
+ acpi_ec_delete_query() (jsc#PED-1408).
+- ACPI: EC: Make the event work state machine visible
+ (jsc#PED-1408).
+- ACPI: EC: Avoid queuing unnecessary work in
+ acpi_ec_submit_event() (jsc#PED-1408).
+- ACPI: EC: Rename three functions (jsc#PED-1408).
+- ACPI: EC: Simplify locking in acpi_ec_event_handler()
+ (jsc#PED-1408).
+- ACPI: EC: Rearrange the loop in acpi_ec_event_handler()
+ (jsc#PED-1408).
+- ACPI: EC: Fold acpi_ec_check_event() into
+ acpi_ec_event_handler() (jsc#PED-1408).
+- ACPI: EC: Pass one argument to acpi_ec_query() (jsc#PED-1408).
+- ACPI: EC: Call advance_transaction() from acpi_ec_dispatch_gpe()
+ (jsc#PED-1408).
+- ACPI: EC: Rework flushing of EC work while suspended to idle
+ (jsc#PED-1408).
+- ACPI: PM: Emit debug messages when enabling/disabling wakeup
+ power (jsc#PED-1408).
+- ACPI: PM: Remove redundant cache flushing (jsc#PED-1408).
+- ACPI: PM: Avoid CPU cache flush when entering S4 (jsc#PED-1408).
+- ACPI / x86: Add
+ acpi_quirk_skip_[i2c_client|serdev]_enumeration() helpers
+ (jsc#PED-1408).
+- ACPI: Use acpi_fetch_acpi_dev() instead of acpi_bus_get_device()
+ (jsc#PED-1408).
+ Refresh
+ patches.suse/ACPI-properties-Consistently-return-ENOENT-if-there-.patch.
+- ACPI: scan: Do not add device IDs from _CID if _HID is not valid
+ (jsc#PED-1408).
+- ACPICA: Update version to 20211217 (jsc#PED-1408).
+- ACPICA: iASL/NHLT table: "Specific Data" field support
+ (jsc#PED-1408).
+- ACPICA: iASL: Add suppport for AGDI table (jsc#PED-1408).
+- ACPICA: iASL: Add TDEL table to both compiler/disassembler
+ (jsc#PED-1408).
+- ACPICA: Fixed a couple of warnings under MSVC (jsc#PED-1408).
+- ACPICA: Change a return_ACPI_STATUS (AE_BAD_PARAMETER)
+ (jsc#PED-1408).
+- ACPICA: Add support for PCC Opregion special context data
+ (jsc#PED-1408).
+- ACPICA: Fix AEST Processor generic resource substructure data
+ field byte length (jsc#PED-1408).
+- ACPICA: iASL/Disassembler: Additional support for NHLT table
+ (jsc#PED-1408).
+- ACPICA: Avoid subobject buffer overflow when validating RSDP
+ signature (jsc#PED-1408).
+- ACPICA: Macros: Remove ACPI_PHYSADDR_TO_PTR (jsc#PED-1408).
+- ACPICA: Use original pointer for virtual origin tables
+ (jsc#PED-1408).
+- ACPICA: Use original data_table_region pointer for accesses
+ (jsc#PED-1408).
+- ACPI: delay enumeration of devices with a _DEP pointing to an
+ INT3472 device (jsc#PED-1408).
+- commit a883e60
+
+- ice: support crosstimestamping on E822 devices if supported
+ (jsc#PED-376).
+- Update config files.
+- commit 52d22d8
+
+- net: phy: add Maxlinear GPY115/21x/24x driver (jsc#PED-829).
+- Update config files.
+- supported.conf: mark mxl-gpy supported
+- commit 038e0dc
+
+- ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id
+ (jsc#PED-376).
+- blacklist.conf: removed broken blacklist
+- commit 4dd2967
+
+- RDMA/irdma: Remove enum irdma_status_code (jsc#PED-377).
+- Refresh
+ patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
+- commit 0e1b54d
+
+- ice: introduce ice_virtchnl.c and ice_virtchnl.h (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
+- Refresh
+ patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch.
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- Refresh
+ patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
+- commit b1a640b
+
+- ice: rename ice_virtchnl_pf.c to ice_sriov.c (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
+- Refresh
+ patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch.
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- Refresh
+ patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
+- Refresh
+ patches.suse/ice-fix-use-after-free-when-deinitializing-mailbox-s.patch.
+- commit a6dcbb6
+
+- ice: convert VF storage to hash table with krefs and RCU
+ (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch.
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- commit bb85cb8
+
+- ice: introduce VF accessor functions (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- commit 567361b
+
+- ice: factor VF variables to separate structure (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- commit 3f8b512
+
+- ice: add TTY for GNSS module for E810T device (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Fix-race-during-aux-device-un-plugging.patch.
+- commit 8bbff5a
+
+- ice: Simplify tracking status of RDMA support (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Allow-operation-with-reduced-device-MSI-X.patch.
+- commit 679eb4d
+
+- ice: implement basic E822 PTP support (jsc#PED-376).
+- Refresh
+ patches.suse/ice-fix-possible-under-reporting-of-ethtool-Tx-and-R.patch.
+- commit ef8d58e
+
+- ice: Propagate error codes (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Fix-curr_link_speed-advertised-speed.patch.
+- commit 80453bf
+
+- ice: Remove string printing for ice_status (jsc#PED-376).
+- Refresh
+ patches.suse/ice-enable-parsing-IPSEC-SPI-headers-for-RSS.patch.
+- commit e71a23c
+
+- ice: xsk: use Rx ring's XDP ring when picking NAPI context
+ (jsc#PED-376).
+- commit d811ddb
+
+- ice: xsk: prohibit usage of non-balanced queue id (jsc#PED-376).
+- ice: Fix VF not able to send tagged traffic with no VLAN filters
+ (jsc#PED-376).
+- ice: Ignore error message when setting same promiscuous mode
+ (jsc#PED-376).
+- ice: Fix clearing of promisc mode with bridge over bond
+ (jsc#PED-376).
+- ice: Ignore EEXIST when setting promisc mode (jsc#PED-376).
+- ice: Fix double VLAN error when entering promisc mode
+ (jsc#PED-376).
+- ice: Fix call trace with null VSI during VF reset (jsc#PED-376).
+- ice: Fix VSI rebuild WARN_ON check for VF (jsc#PED-376).
+- net/ice: fix initializing the bitmap in the switch code
+ (jsc#PED-376).
+- RDMA/irdma: Use the bitmap API to allocate bitmaps
+ (jsc#PED-377).
+- RDMA/irdma: Fix setting of QP context err_rq_idx_valid field
+ (jsc#PED-377).
+- RDMA/irdma: Fix VLAN connection with wildcard address
+ (jsc#PED-377).
+- RDMA/irdma: Fix a window for use-after-free (jsc#PED-377).
+- RDMA/irdma: Make resource distribution algorithm more QP
+ oriented (jsc#PED-377).
+- RDMA/irdma: Make CQP invalid state error non-critical
+ (jsc#PED-377).
+- RDMA/irdma: Add AE source to error log (jsc#PED-377).
+- RDMA/irdma: Add 2 level PBLE support for FMR (jsc#PED-377).
+- net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in
+ ice_vsi_sync_fltr() (jsc#PED-376).
+- ice: implement adjfine with mul_u64_u64_div_u64 (jsc#PED-376).
+- ice: allow toggling loopback mode via ndo_set_features callback
+ (jsc#PED-376).
+- ice: compress branches in ice_set_features() (jsc#PED-376).
+- ice: Fix promiscuous mode not turning off (jsc#PED-376).
+- ice: Introduce enabling promiscuous mode on multiple VF's
+ (jsc#PED-376).
+- ice: Add support for PPPoE hardware offload (jsc#PED-376).
+- flow_offload: Introduce flow_match_pppoe (jsc#PED-376).
+- flow_dissector: Add PPPoE dissectors (jsc#PED-376).
+- ice: add write functionality for GNSS TTY (jsc#PED-376).
+- ice: add i2c write command (jsc#PED-376).
+- ice: Remove pci_aer_clear_nonfatal_status() call (jsc#PED-376).
+- ice: Add EXTTS feature to the feature bitmap (jsc#PED-376).
+- net: extract port range fields from fl_flow_key (jsc#PED-376).
+- ice: Remove unnecessary NULL check before dev_put (jsc#PED-376).
+- ice: use eth_broadcast_addr() to set broadcast address
+ (jsc#PED-376).
+- ice: switch: dynamically add VLAN headers to dummy packets
+ (jsc#PED-376).
+- ice: Add support for VLAN TPID filters in switchdev
+ (jsc#PED-376).
+- ice: Add support for double VLAN in switchdev (jsc#PED-376).
+- intel/ice:fix repeated words in comments (jsc#PED-376).
+- ice: Use correct order for the parameters of devm_kcalloc()
+ (jsc#PED-376).
+- ice: remove u16 arithmetic in ice_gnss (jsc#PED-376).
+- ice: remove VLAN representor specific ops (jsc#PED-376).
+- ice: don't set VF VLAN caps in switchdev (jsc#PED-376).
+- ice: do not setup vlan for loopback VSI (jsc#PED-376).
+- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP |
+ RS) (jsc#PED-376).
+- ice: Fix VSIs unable to share unicast MAC (jsc#PED-376).
+- ice: Fix tunnel checksum offload with fragmented traffic
+ (jsc#PED-376).
+- ice: Fix max VLANs available for VF (jsc#PED-376).
+- RDMA/irdma: Fix sleep from invalid context BUG (jsc#PED-377).
+- RDMA/irdma: Do not advertise 1GB page size for x722
+ (jsc#PED-377).
+- ice: change devlink code to read NVM in blocks (jsc#PED-376).
+- ice: handle E822 generic device ID in PLDM header (jsc#PED-376).
+- ice: ethtool: Prohibit improper channel config for DCB
+ (jsc#PED-376).
+- ice: ethtool: advertise 1000M speeds properly (jsc#PED-376).
+- ice: Fix switchdev rules book keeping (jsc#PED-376).
+- ice: ignore protocol field in GTP offload (jsc#PED-376).
+- ice: Fix memory corruption in VF driver (jsc#PED-376).
+- ice: Fix queue config fail handling (jsc#PED-376).
+- ice: Sync VLAN filtering features for DVM (jsc#PED-376).
+- ice: Fix PTP TX timestamp offset calculation (jsc#PED-376).
+- ice: fix access-beyond-end in the switch code (jsc#PED-376).
+- RDMA/irdma: Add SW mechanism to generate completions on error
+ (jsc#PED-377).
+- RDMA/irdma: Remove the redundant variable (jsc#PED-377).
+- eth: ice: silence the GCC 12 array-bounds warning (jsc#PED-376).
+- ice: Expose RSS indirection tables for queue groups via ethtool
+ (jsc#PED-376).
+- Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode"
+ (jsc#PED-376).
+- ice: link representors to PCI device (jsc#PED-376).
+- ice: remove period on argument description in ice_for_each_vf
+ (jsc#PED-376).
+- ice: add a function comment for ice_cfg_mac_antispoof
+ (jsc#PED-376).
+- ice: fix wording in comment for ice_reset_vf (jsc#PED-376).
+- ice: remove return value comment for ice_reset_all_vfs
+ (jsc#PED-376).
+- ice: always check VF VSI pointer values (jsc#PED-376).
+- ice: add newline to dev_dbg in ice_vf_fdir_dump_info
+ (jsc#PED-376).
+- ice: get switch id on switchdev devices (jsc#PED-376).
+- ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS
+ (jsc#PED-376).
+- ice: introduce common helper for retrieving VSI by vsi_num
+ (jsc#PED-376).
+- ice: use min_t() to make code cleaner in ice_gnss (jsc#PED-376).
+- ice, xsk: Avoid refilling single Rx descriptors (jsc#PED-376).
+- ice, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-376).
+- ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full
+ (jsc#PED-376).
+- ice, xsk: Decorate ICE_XDP_REDIR with likely() (jsc#PED-376).
+- flow_dissector: Add number of vlan tags dissector (jsc#PED-376).
+- ice: Add mpls+tso support (jsc#PED-376).
+- ice: switch: convert packet template match code to rodata
+ (jsc#PED-376).
+- ice: switch: use convenience macros to declare dummy pkt
+ templates (jsc#PED-376).
+- ice: switch: use a struct to pass packet template params
+ (jsc#PED-376).
+- ice: switch: unobscurify bitops loop in
+ ice_fill_adv_dummy_packet() (jsc#PED-376).
+- ice: switch: add and use u16 aliases to ice_adv_lkup_elem::{h,
+ m}_u (jsc#PED-376).
+- ice: Fix interrupt moderation settings getting cleared
+ (jsc#PED-376).
+- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core()
+ (jsc#PED-377).
+- ice: wait 5 s for EMP reset after firmware flash (jsc#PED-376).
+- ice: Fix memory leak in ice_get_orom_civd_data() (jsc#PED-376).
+- ice: xsk: check if Rx ring was filled up to the end
+ (jsc#PED-376).
+- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
+ (jsc#PED-376).
+- flow_dissector: fix false-positive __read_overflow2_field()
+ warning (jsc#PED-376).
+- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
+ (jsc#PED-376).
+- ice: Fix broken IFF_ALLMULTI handling (jsc#PED-376).
+- ice: Fix MAC address setting (jsc#PED-376).
+- ice: xsk: Stop Rx processing when ntc catches ntu (jsc#PED-376).
+- ice: xsk: Eliminate unnecessary loop iteration (jsc#PED-376).
+- RDMA/irdma: Add support for address handle re-use (jsc#PED-377).
+- RDMA/irdma: Make irdma_create_mg_ctx return a void
+ (jsc#PED-377).
+- RDMA/irdma: Move union irdma_sockaddr to header file
+ (jsc#PED-377).
+- RDMA/irdma: Remove the unnecessary variable saddr (jsc#PED-377).
+- RDMA/irdma: Use net_type to check network type (jsc#PED-377).
+- RDMA/irdma: Remove excess error variables (jsc#PED-377).
+- RDMA/irdma: Propagate error codes (jsc#PED-377).
+- RDMA/irdma: Add support for DSCP (jsc#PED-377).
+- RDMA/irdma: Refactor DCB bits in prep for DSCP support
+ (jsc#PED-377).
+- ice: add trace events for tx timestamps (jsc#PED-376).
+- ice: fix return value check in ice_gnss.c (jsc#PED-376).
+- ice: Fix inconsistent indenting in ice_switch (jsc#PED-376).
+- gtp: Fix inconsistent indenting (jsc#PED-376).
+- ice: remove PF pointer from ice_check_vf_init (jsc#PED-376).
+- ice: cleanup long lines in ice_sriov.c (jsc#PED-376).
+- ice: introduce ICE_VF_RESET_LOCK flag (jsc#PED-376).
+- ice: introduce ICE_VF_RESET_NOTIFY flag (jsc#PED-376).
+- ice: convert ice_reset_vf to take flags (jsc#PED-376).
+- ice: convert ice_reset_vf to standard error codes (jsc#PED-376).
+- ice: make ice_reset_all_vfs void (jsc#PED-376).
+- ice: drop is_vflr parameter from ice_reset_all_vfs
+ (jsc#PED-376).
+- ice: move reset functionality into ice_vf_lib.c (jsc#PED-376).
+- ice: fix a long line warning in ice_reset_vf (jsc#PED-376).
+- ice: introduce VF operations structure for reset flows
+ (jsc#PED-376).
+- ice: introduce ice_vf_lib.c, ice_vf_lib.h, and
+ ice_vf_lib_private.h (jsc#PED-376).
+- ice: use ice_is_vf_trusted helper function (jsc#PED-376).
+- ice: log an error message when eswitch fails to configure
+ (jsc#PED-376).
+- ice: cleanup error logging for ice_ena_vfs (jsc#PED-376).
+- ice: move ice_set_vf_port_vlan near other .ndo ops
+ (jsc#PED-376).
+- ice: refactor spoofchk control code in ice_sriov.c
+ (jsc#PED-376).
+- ice: rename ICE_MAX_VF_COUNT to avoid confusion (jsc#PED-376).
+- ice: remove unused definitions from ice_sriov.h (jsc#PED-376).
+- ice: convert vf->vc_ops to a const pointer (jsc#PED-376).
+- ice: remove circular header dependencies on ice.h (jsc#PED-376).
+- ice: rename ice_sriov.c to ice_vf_mbx.c (jsc#PED-376).
+- ice: Support GTP-U and GTP-C offload in switchdev (jsc#PED-376).
+- ice: Fix FV offset searching (jsc#PED-376).
+- gtp: Add support for checking GTP device type (jsc#PED-376).
+- net/sched: Allow flower to match on GTP options (jsc#PED-376).
+- gtp: Implement GTP echo request (jsc#PED-376).
+- gtp: Implement GTP echo response (jsc#PED-376).
+- gtp: Allow to create GTP device without FDs (jsc#PED-376).
+- flow_dissector: Add support for HSRv0 (jsc#PED-376).
+- ice: Add support for outer dest MAC for ADQ tunnels
+ (jsc#PED-376).
+- ice: avoid XDP checks in ice_clean_tx_irq() (jsc#PED-376).
+- ice: change "can't set link" message to dbg level (jsc#PED-376).
+- ice: Add slow path offload stats on port representor in
+ switchdev (jsc#PED-376).
+- ice: Add support for inner etype in switchdev (jsc#PED-376).
+- ice: xsk: fix GCC version checking against pragma unroll
+ presence (jsc#PED-376).
+- ice: convert ice_for_each_vf to include VF entry iterator
+ (jsc#PED-376).
+- ice: use ice_for_each_vf for iteration during removal
+ (jsc#PED-376).
+- ice: remove checks in ice_vc_send_msg_to_vf (jsc#PED-376).
+- ice: move VFLR acknowledge during ice_free_vfs (jsc#PED-376).
+- ice: move clear_malvf call in ice_free_vfs (jsc#PED-376).
+- ice: pass num_vfs to ice_set_per_vf_res() (jsc#PED-376).
+- ice: store VF pointer instead of VF ID (jsc#PED-376).
+- ice: refactor unwind cleanup in eswitch mode (jsc#PED-376).
+- flow_dissector: Add support for HSR (jsc#PED-376).
+- ice: Add ability for PF admin to enable VF VLAN pruning
+ (jsc#PED-376).
+- ice: Add support for 802.1ad port VLANs VF (jsc#PED-376).
+- ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev
+ (jsc#PED-376).
+- ice: Support configuring the device to Double VLAN Mode
+ (jsc#PED-376).
+- ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-376).
+- ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads
+ (jsc#PED-376).
+- ice: Add outer_vlan_ops and VSI specific VLAN ops
+ implementations (jsc#PED-376).
+- ice: Adjust naming for inner VLAN operations (jsc#PED-376).
+- ice: Use the proto argument for VLAN ops (jsc#PED-376).
+- ice: Refactor vf->port_vlan_info to use ice_vlan (jsc#PED-376).
+- ice: Introduce ice_vlan struct (jsc#PED-376).
+- ice: Add new VSI VLAN ops (jsc#PED-376).
+- ice: Add helper function for adding VLAN 0 (jsc#PED-376).
+- ice: Refactor spoofcheck configuration functions (jsc#PED-376).
+- ice: xsk: Borrow xdp_tx_active logic from i40e (jsc#PED-376).
+- ice: xsk: Improve AF_XDP ZC Tx and use batching API
+ (jsc#PED-376).
+- ice: xsk: Avoid potential dead AF_XDP Tx processing
+ (jsc#PED-376).
+- ice: Make Tx threshold dependent on ring length (jsc#PED-376).
+- ice: xsk: Handle SW XDP ring wrap and bump tail more often
+ (jsc#PED-376).
+- ice: xsk: Force rings to be sized to power of 2 (jsc#PED-376).
+- ice: Remove likely for napi_complete_done (jsc#PED-376).
+- ice: add support for DSCP QoS for IDC (jsc#PED-376).
+- ice: respect metadata in legacy-rx/ice_construct_skb()
+ (jsc#PED-376).
+- ice: Remove useless DMA-32 fallback configuration (jsc#PED-376).
+- ice: destroy flow director filter mutex after releasing VSIs
+ (jsc#PED-376).
+- ice: Match on all profiles in slow-path (jsc#PED-376).
+- RDMA/irdma: Remove the redundant return (jsc#PED-377).
+- RDMA/irdma: Make the source udp port vary (jsc#PED-377).
+- RDMA/core: Calculate UDP source port based on flow label or
+ lqpn/rqpn (jsc#PED-377).
+- RDMA/irdma: Fix the type used to declare a bitmap (jsc#PED-377).
+- RDMA/irdma: Use helper function to set GUIDs (jsc#PED-377).
+- RDMA/irdma: Use irq_update_affinity_hint() (jsc#PED-377).
+- ice: Use bitmap_free() to free bitmap (jsc#PED-376).
+- ice: Optimize a few bitmap operations (jsc#PED-376).
+- ice: Slightly simply ice_find_free_recp_res_idx (jsc#PED-376).
+- ice: improve switchdev's slow-path (jsc#PED-376).
+- ice: replay advanced rules after reset (jsc#PED-376).
+- ice: Add flow director support for channel mode (jsc#PED-376).
+- skbuff: introduce skb_pull_data (jsc#PED-376).
+- ice: switch to napi_build_skb() (jsc#PED-376).
+- ice: trivial: fix odd indenting (jsc#PED-376).
+- ice: exit bypass mode once hardware finishes timestamp
+ calibration (jsc#PED-376).
+- ice: ensure the hardware Clock Generation Unit is configured
+ (jsc#PED-376).
+- ice: convert clk_freq capability into time_ref (jsc#PED-376).
+- ice: introduce ice_ptp_init_phc function (jsc#PED-376).
+- ice: use 'int err' instead of 'int status' in ice_ptp_hw.c
+ (jsc#PED-376).
+- ice: PTP: move setting of tstamp_config (jsc#PED-376).
+- ice: introduce ice_base_incval function (jsc#PED-376).
+- ice: Fix E810 PTP reset flow (jsc#PED-376).
+- ice: use modern kernel API for kick (jsc#PED-376).
+- ice: tighter control over VSI_DOWN state (jsc#PED-376).
+- ice: use prefetch methods (jsc#PED-376).
+- ice: update to newer kernel API (jsc#PED-376).
+- ice: support immediate firmware activation via devlink reload
+ (jsc#PED-376).
+- ice: reduce time to read Option ROM CIVD data (jsc#PED-376).
+- ice: move ice_devlink_flash_update and merge with
+ ice_flash_pldm_image (jsc#PED-376).
+- ice: move and rename ice_check_for_pending_update (jsc#PED-376).
+- ice: devlink: add shadow-ram region to snapshot Shadow RAM
+ (jsc#PED-376).
+- ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (jsc#PED-376).
+- ice: Remove unnecessary casts (jsc#PED-376).
+- ice: Remove excess error variables (jsc#PED-376).
+- ice: Cleanup after ice_status removal (jsc#PED-376).
+- ice: Remove enum ice_status (jsc#PED-376).
+- ice: Use int for ice_status (jsc#PED-376).
+- ice: Refactor status flow for DDP load (jsc#PED-376).
+- ice: Refactor promiscuous functions (jsc#PED-376).
+- ice: refactor PTYPE validating (jsc#PED-376).
+- ice: Add package PTYPE enable information (jsc#PED-376).
+- gtp: use skb_dst_update_pmtu_no_confirm() instead of direct call
+ (jsc#PED-376).
+- dissector: do not set invalid PPP protocol (jsc#PED-376).
+- net: phy: enhance GPY115 loopback disable function
+ (jsc#PED-829).
+- net: phy: add API to read 802.3-c45 IDs (jsc#PED-829).
+- commit 172341e
+
+- usb: core: devices: remove dead code under #ifdef PROC_EXTRA
+ (jsc#PED-531).
+- commit ffed5f4
+
+- arm64: numa: Don't check node against MAX_NUMNODES
+ (jsc#PED-1408).
+- arm64: Simplify checking for populated DT (jsc#PED-1408).
+- commit 87c5b07
+
+- Revert "usb: host: xhci: mvebu: make USB 3.0 PHY optional for
+ Armada 3720" (jsc#PED-531).
+- commit a68eb3d
+
+- xhci: omit mem read just after allocation of trb (jsc#PED-531).
+- commit 9657cdf
+
+- usb: xhci: fix minmax.cocci warnings (jsc#PED-531).
+- commit 31c9b81
+
+- usb: host: xhci: drop redundant checks (jsc#PED-531).
+- commit 8545650
+
+- xhci: Allocate separate command structures for each LPM command
+ (git-fixes).
+- commit 3b8bc54
+
+- xhci: dbgtty: use IDR to support several dbc instances
+ (jsc#PED-531).
+- commit 7b43f4d
+
+- xhci: dbc: Don't call dbc_tty_init() on every dbc tty probe
+ (jsc#PED-531).
+- commit c0f4051
+
+- net: mscc: ocelot: add MAC table stream learn and lookup
+ operations (jsc#PED-1549).
+- Refresh
+ patches.suse/net-mscc-ocelot-use-index-to-set-vcap-policer.patch.
+- commit 210cb02
+
+- usb: host: xhci-mtk: Simplify supplies handling with
+ regulator_bulk (jsc#PED-531).
+- commit bc712ac
+
+- net: mscc: ocelot: serialize access to the MAC table
+ (jsc#PED-1549).
+- commit fb07363
+
+- ACPI: Make acpi_node_get_parent() local (jsc#PED-1408).
+- ACPI: video: use platform backlight driver on Xiaomi Mi Pad 2
+ (jsc#PED-1408).
+- ACPI: video: Drop dmi_system_id.ident settings from
+ video_detect_dmi_table (jsc#PED-1408).
+- ACPI: EC: Remove initialization of static variables to false
+ (jsc#PED-1408).
+- ACPI: EC: Use ec_no_wakeup on HP ZHAN 66 Pro (jsc#PED-1408).
+- ACPI: Drop ACPI_USE_BUILTIN_STDARG ifdef from acgcc.h
+ (jsc#PED-1408).
+- ACPI: Add a convenience function to tell a device is in D0 state
+ (jsc#PED-1408).
+- ACPI: scan: Obtain device's desired enumeration power state
+ (jsc#PED-1408).
+- ACPI: PRM: Handle memory allocation and memory remap failure
+ (jsc#PED-1408).
+- ACPI: PRM: Remove unnecessary blank lines (jsc#PED-1408).
+- ACPI: APEI: mark apei_hest_parse() static (jsc#PED-1408).
+- ACPI: APEI: EINJ: Relax platform response timeout to 1 second
+ (jsc#PED-1408).
+- ACPI: PM: sleep: Do not set suspend_ops unnecessarily
+ (jsc#PED-1408).
+- ACPI: PM: Turn off wakeup power resources on _DSW/_PSW errors
+ (jsc#PED-1408).
+- ACPI: PM: Check states of power resources during initialization
+ (jsc#PED-1408).
+- ACPI: LPSS: Use ACPI_COMPANION() directly (jsc#PED-1408).
+- ACPI: PNP: remove duplicated BRI0A49 and BDP3336 entries
+ (jsc#PED-1408).
+- ACPI: glue: Use acpi_device_adr() in acpi_find_child_device()
+ (jsc#PED-1408).
+- ACPI: glue: Look for ACPI bus type only if ACPI companion is
+ not known (jsc#PED-1408).
+- ACPI: glue: Drop cleanup callback from struct acpi_bus_type
+ (jsc#PED-1408).
+- ACPI: replace snprintf() in "show" functions with sysfs_emit()
+ (jsc#PED-1408).
+- ACPI: Kconfig: Fix a typo in Kconfig (jsc#PED-1408).
+- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (jsc#PED-1408).
+- x86/ACPI: Don't add CPUs that are not online capable
+ (jsc#PED-1408).
+- ACPICA: Add support for MADT online enabled bit (jsc#PED-1408).
+- ACPICA: Update version to 20210930 (jsc#PED-1408).
+- ACPICA: iASL table disassembler: Added disassembly support
+ for the NHLT ACPI table (jsc#PED-1408).
+- ACPICA: ACPI 6.4 SRAT: add Generic Port Affinity type
+ (jsc#PED-1408).
+- ACPICA: Add support for Windows 2020 _OSI string (jsc#PED-1408).
+- hwmon: (acpi_power_meter) Use acpi_bus_get_acpi_device()
+ (jsc#PED-1408).
+- commit f5b4569
+
+- net/mlx5: Reduce kconfig complexity while building crypto
+ support (jsc#PED-1549).
+- Update config files.
+- commit 855cd57
+
+- net/mlx5_fpga: Drop INNOVA IPsec support (jsc#PED-1549).
+- Update config files.
+- commit 578a0d4
+
+- net/mlx5_fpga: Drop INNOVA TLS support (jsc#PED-1549).
+- Update config files.
+- commit 795dab1
+
+- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/net-mlx5e-Fix-trust-state-reset-in-reload.patch.
+- commit 471621b
+
+- ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly
+ (jsc#PED-373).
+- Refresh
+ patches.suse/ixgbe-don-t-reserve-excessive-XDP_PACKET_HEADROOM-on.patch.
+- Refresh
+ patches.suse/ixgbe-respect-metadata-on-XSK-Rx-to-skb.patch.
+- commit 7177fc1
+
+- net/mlx5: Disable SRIOV before PF removal (jsc#PED-1549).
+- Refresh
+ patches.suse/net-mlx5-Drain-fw_reset-when-removing-device.patch.
+- commit f8869cb
+
+- i40e: Add ensurance of MacVlan resources for every trusted VF
+ (jsc#PED-372).
+- Refresh
+ patches.suse/i40e-stop-disabling-VFs-due-to-PF-error-responses.patch.
+- commit 820414c
+
+- flow_offload: validate flags of filter and actions
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch.
+- commit 45cd6c8
+
+- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload
+ enable/disable (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch.
+- commit 9e30247
+
+- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath
+ (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch.
+- commit 8b35988
+
+- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation
+ (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch.
+- commit c795d27
+
+- iavf: Add trace while removing device (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Rework-mutexes-for-better-synchronisation.patch.
+- commit 5cee973
+
+- net/sched: Extend qdisc control block with tc control block
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/net-Don-t-include-filter.h-from-net-sock.h.patch.
+- commit f04ca77
+
+- mlxsw: spectrum: Use PLLP to get front panel number and split
+ number (jsc#PED-1549).
+- Refresh
+ patches.suse/mlxsw-spectrum-Use-PMTDB-register-to-obtain-split-in.patch.
+- commit 4d99513
+
+- mlxsw: reg: Add Port Local port to Label Port mapping Register
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/mlxsw-reg-Add-Port-Module-To-local-DataBase-Register.patch.
+- commit a1f7333
+
+- vduse: Introduce VDUSE - vDPA Device in Userspace
+ (jsc#PED-1549).
+- Update config files.
+- commit 0310e1b
+
+- vdpa/mlx5: Add support for control VQ and MAC setting
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/RDMA-mlx5-Replace-struct-mlx5_core_mkey-by-u32-key.patch.
+- commit df0ceb2
+
+- i40e: Fix incorrect address type for IPv6 flow rules
+ (jsc#PED-372).
+- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
+ (jsc#PED-373).
+- net/mlx5: Unlock on error in mlx5_sriov_enable() (jsc#PED-1549).
+- net/mlx5e: Fix use after free in mlx5e_fs_init() (jsc#PED-1549).
+- net/mlx5e: kTLS, Use _safe() iterator in
+ mlx5e_tls_priv_tx_list_cleanup() (jsc#PED-1549).
+- net/mlx5: unlock on error path in
+ esw_vfs_changed_event_handler() (jsc#PED-1549).
+- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
+ (jsc#PED-1549).
+- net/mlx5e: TC, Add missing policer validation (jsc#PED-1549).
+- net/mlx5e: Fix wrong application of the LRO state
+ (jsc#PED-1549).
+- net/mlx5: Avoid false positive lockdep warning by adding
+ lock_class_key (jsc#PED-1549).
+- net/mlx5: Fix cmd error logging for manage pages cmd
+ (jsc#PED-1549).
+- net/mlx5: Disable irq when locking lag_lock (jsc#PED-1549).
+- net/mlx5: Eswitch, Fix forwarding decision to uplink
+ (jsc#PED-1549).
+- net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY
+ (jsc#PED-1549).
+- net/mlx5e: Properly disable vlan strip on non-UL reps
+ (jsc#PED-1549).
+- RDMA/mlx5: Use the proper number of ports (jsc#PED-1552).
+- igb: Add lock to avoid data race (jsc#PED-370).
+- net/mlx5e: Allocate flow steering storage during uplink
+ initialization (jsc#PED-1549).
+- i40e: Fix to stop tx_timeout recovery if GLOBR fails
+ (jsc#PED-372).
+- i40e: Fix tunnel checksum offload with fragmented traffic
+ (jsc#PED-372).
+- iavf: Fix deadlock in initialization (jsc#PED-835).
+- iavf: Fix reset error handling (jsc#PED-835).
+- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings
+ (jsc#PED-835).
+- iavf: Fix adminq error handling (jsc#PED-835).
+- vdpa/mlx5: Fix possible uninitialized return value
+ (jsc#PED-1549).
+- vhost-vdpa: uAPI to suspend the device (jsc#PED-1549).
+- vhost-vdpa: introduce SUSPEND backend feature bit
+ (jsc#PED-1549).
+- vdpa: Add suspend operation (jsc#PED-1549).
+- vhost-vdpa: Call ida_simple_remove() when failed (jsc#PED-1549).
+- vDPA/ifcvf: support userspace to query features and MQ of a
+ management device (jsc#PED-1549).
+- vdpa/mlx5: Support different address spaces for control and data
+ (jsc#PED-1549).
+- vdpa/mlx5: Implement susupend virtqueue callback (jsc#PED-1549).
+- vdpa: ifcvf: Fix spelling mistake in comments (jsc#PED-1549).
+- vdpa/mlx5: Use eth_broadcast_addr() to assign broadcast address
+ (jsc#PED-1549).
+- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#PED-1549).
+- bnxt_en: Remove duplicated include bnxt_devlink.c
+ (jsc#PED-1495).
+- RDMA/mlx5: Add missing check for return value in get namespace
+ flow (jsc#PED-1552).
+- RDMA/mlx5: Rename the mkey cache variables and functions
+ (jsc#PED-1552).
+- RDMA/mlx5: Store in the cache mkeys instead of mrs
+ (jsc#PED-1552).
+- RDMA/mlx5: Store the number of in_use cache mkeys instead of
+ total_mrs (jsc#PED-1552).
+- RDMA/mlx5: Replace cache list with Xarray (jsc#PED-1552).
+- RDMA/mlx5: Replace ent->lock with xa_lock (jsc#PED-1552).
+- RDMA/mlx5: Expose steering anchor to userspace (jsc#PED-1552).
+- RDMA/mlx5: Refactor get flow table function (jsc#PED-1552).
+- net/mlx5: fs, allow flow table creation with a UID
+ (jsc#PED-1549).
+- net/mlx5: fs, expose flow table ID to users (jsc#PED-1549).
+- net/mlx5: Expose the ability to point to any UID from shared
+ UID (jsc#PED-1549).
+- RDMA/mlx5: Add a umr recovery flow (jsc#PED-1552).
+- net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ
+ (jsc#PED-1549).
+- iavf: Fix 'tc qdisc show' listing too many queues (jsc#PED-835).
+- iavf: Fix max_rate limiting (jsc#PED-835).
+- net/mlx5: Fix driver use of uninitialized timeout
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix SMFS steering info dump format (jsc#PED-1549).
+- net/mlx5: Adjust log_max_qp to be 18 at most (jsc#PED-1549).
+- net/mlx5e: Modify slow path rules to go to slow fdb
+ (jsc#PED-1549).
+- net/mlx5e: Fix calculations related to max MPWQE size
+ (jsc#PED-1549).
+- net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ
+ size (jsc#PED-1549).
+- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
+ (jsc#PED-1549).
+- net/mlx5e: TC, Fix post_act to not match on in_port metadata
+ (jsc#PED-1549).
+- net/mlx5e: Remove WARN_ON when trying to offload an unsupported
+ TLS cipher/version (jsc#PED-1549).
+- igb: convert .adjfreq to .adjfine (jsc#PED-370).
+- ixgbe: convert .adjfreq to .adjfine (jsc#PED-373).
+- i40e: convert .adjfreq to .adjfine (jsc#PED-372).
+- i40e: use mul_u64_u64_div_u64 for PTP frequency calculation
+ (jsc#PED-372).
+- net: devlink: convert reload command to take implicit
+ devlink->lock (jsc#PED-1549).
+- net/mlx5e: Move mlx5e_init_l2_addr to en_main (jsc#PED-1549).
+- net/mlx5e: Split en_fs ndo's and move to en_main (jsc#PED-1549).
+- net/mlx5e: Separate mlx5e_set_rx_mode_work and move caller to
+ en_main (jsc#PED-1549).
+- net/mlx5e: Add mdev to flow_steering struct (jsc#PED-1549).
+- net/mlx5e: Report flow steering errors with mdev err report API
+ (jsc#PED-1549).
+- net/mlx5e: Convert mlx5e_flow_steering member of mlx5e_priv
+ to pointer (jsc#PED-1549).
+- net/mlx5e: Allocate VLAN and TC for featured profiles only
+ (jsc#PED-1549).
+- net/mlx5e: Make mlx5e_tc_table private (jsc#PED-1549).
+- net/mlx5e: Convert mlx5e_tc_table member of mlx5e_flow_steering
+ to pointer (jsc#PED-1549).
+- net/mlx5e: TC, Support tc action api for police (jsc#PED-1549).
+- net/mlx5e: TC, Separate get/update/replace meter functions
+ (jsc#PED-1549).
+- net/mlx5e: Add red and green counters for metering
+ (jsc#PED-1549).
+- net/mlx5e: TC, Allocate post meter ft per rule (jsc#PED-1549).
+- net/mlx5: DR, Add support for flow metering ASO (jsc#PED-1549).
+- devlink: Hold the instance lock in health callbacks
+ (jsc#PED-1549).
+- net/mlx5: Lock mlx5 devlink health recovery callback
+ (jsc#PED-1549).
+- net/mlx4: Lock mlx4 devlink reload callback (jsc#PED-1548).
+- net/mlx4: Use devl_ API for devlink region create / destroy
+ (jsc#PED-1548).
+- net/mlx5: Lock mlx5 devlink reload callbacks (jsc#PED-1549).
+- net/mlx5: Move fw reset unload to mlx5_fw_reset_complete_reload
+ (jsc#PED-1549).
+- net: devlink: remove region snapshots list dependency on
+ devlink->lock (jsc#PED-1549).
+- net: devlink: remove region snapshot ID tracking dependency
+ on devlink->lock (jsc#PED-1549).
+- bnxt_en: implement callbacks for devlink selftests
+ (jsc#PED-1495).
+- devlink: introduce framework for selftests (jsc#PED-1549).
+- net/mlx5e: kTLS, Dynamically re-size TX recycling pool
+ (jsc#PED-1549).
+- net/mlx5e: kTLS, Recycle objects of device-offloaded TLS TX
+ connections (jsc#PED-1549).
+- net/mlx5e: kTLS, Take stats out of OOO handler (jsc#PED-1549).
+- net/mlx5e: kTLS, Introduce TLS-specific create TIS
+ (jsc#PED-1549).
+- net: devlink: remove redundant net_eq() check from
+ sb_pool_get_dumpit() (jsc#PED-1549).
+- net: devlink: introduce nested devlink entity for line card
+ (jsc#PED-1549).
+- net: devlink: move net check into
+ devlinks_xa_for_each_registered_get() (jsc#PED-1549).
+- net: devlink: make sure that devlink_try_get() works with
+ valid pointer during xarray iteration (jsc#PED-1549).
+- iavf: Check for duplicate TC flower filter before parsing
+ (jsc#PED-835).
+- i40e: Refactor tc mqprio checks (jsc#PED-372).
+- mlxsw: core: Fix use-after-free calling devl_unlock() in
+ mlxsw_core_bus_device_unregister() (jsc#PED-1549).
+- net/mlx5: CT: Remove warning of ignore_flow_level support for
+ non PF (jsc#PED-1549).
+- net/mlx5e: Add resiliency for PTP TX port timestamp
+ (jsc#PED-1549).
+- net/mlx5: Expose ts_cqe_metadata_size2wqe_counter
+ (jsc#PED-1549).
+- net/mlx5e: HTB, move htb functions to a new file (jsc#PED-1549).
+- net/mlx5e: HTB, change functions name to follow convention
+ (jsc#PED-1549).
+- net/mlx5e: HTB, remove priv from htb function calls
+ (jsc#PED-1549).
+- net/mlx5e: HTB, hide and dynamically allocate mlx5e_htb
+ structure (jsc#PED-1549).
+- net/mlx5e: HTB, move stats and max_sqs to priv (jsc#PED-1549).
+- net/mlx5e: HTB, move section comment to the right place
+ (jsc#PED-1549).
+- net/mlx5e: HTB, move ids to selq_params struct (jsc#PED-1549).
+- net/mlx5e: HTB, reduce visibility of htb functions
+ (jsc#PED-1549).
+- net/mlx5e: Fix mqprio_rl handling on devlink reload
+ (jsc#PED-1549).
+- net/mlx5e: Report header-data split state through ethtool
+ (jsc#PED-1549).
+- igc: Remove forced_speed_duplex value (jsc#PED-375).
+- igc: Remove MSI-X PBA Clear register (jsc#PED-375).
+- igc: Lift TAPRIO schedule restriction (jsc#PED-375).
+- net: devlink: remove unused locked functions (jsc#PED-1549).
+- netdevsim: convert driver to use unlocked devlink API during
+ init/fini (jsc#PED-1549).
+- net: devlink: add unlocked variants of
+ devlink_region_create/destroy() functions (jsc#PED-1549).
+- mlxsw: convert driver to use unlocked devlink API during
+ init/fini (jsc#PED-1549).
+- net: devlink: add unlocked variants of devlink_dpipe*()
+ functions (jsc#PED-1549).
+- net: devlink: add unlocked variants of devlink_sb*() functions
+ (jsc#PED-1549).
+- net: devlink: add unlocked variants of devlink_resource*()
+ functions (jsc#PED-1549).
+- net: devlink: add unlocked variants of devling_trap*() functions
+ (jsc#PED-1549).
+- net: devlink: avoid false DEADLOCK warning reported by lockdep
+ (jsc#PED-1549).
+- net/mlx5e: Remove the duplicating check for striding RQ when
+ enabling LRO (jsc#PED-1549).
+- net/mlx5e: Move the LRO-XSK check to mlx5e_fix_features
+ (jsc#PED-1549).
+- net/mlx5e: Extend flower police validation (jsc#PED-1549).
+- net/mlx5e: configure meter in flow action (jsc#PED-1549).
+- net/mlx5e: Removed useless code in function (jsc#PED-1549).
+- net/mlx5: Bridge, implement QinQ support (jsc#PED-1549).
+- net/mlx5: Bridge, implement infrastructure for VLAN protocol
+ change (jsc#PED-1549).
+- net/mlx5: Bridge, extract VLAN push/pop actions creation
+ (jsc#PED-1549).
+- net/mlx5: Bridge, rename filter fg to vlan_filter
+ (jsc#PED-1549).
+- net/mlx5: Bridge, refactor groups sizes and indices
+ (jsc#PED-1549).
+- net/mlx5: debugfs, Add num of in-use FW command interface slots
+ (jsc#PED-1549).
+- net/mlx5: Expose vnic diagnostic counters for eswitch managed
+ vports (jsc#PED-1549).
+- net/mlx5: Use software VHCA id when it's supported
+ (jsc#PED-1549).
+- net/mlx5: Introduce ifc bits for using software vhca id
+ (jsc#PED-1549).
+- net/mlx5: Use the bitmap API to allocate bitmaps (jsc#PED-1549).
+- net: devlink: fix return statement in devlink_port_new_notify()
+ (jsc#PED-1549).
+- net: devlink: fix a typo in function name
+ devlink_port_new_notifiy() (jsc#PED-1549).
+- net: devlink: make devlink_dpipe_headers_register() return void
+ (jsc#PED-1549).
+- net: devlink: use helpers to work with devlink->lock mutex
+ (jsc#PED-1549).
+- net: devlink: fix unlocked vs locked functions descriptions
+ (jsc#PED-1549).
+- igb: add xdp frags support to ndo_xdp_xmit (jsc#PED-370).
+- devlink: Hold the instance lock in port_new / port_del callbacks
+ (jsc#PED-1549).
+- net/mlx5: Remove devl_unlock from mlx5_devlink_eswitch_mode_set
+ (jsc#PED-1549).
+- net/mlx5: Use devl_ API in mlx5e_devlink_port_register
+ (jsc#PED-1549).
+- devlink: Remove unused functions
+ devlink_rate_leaf_create/destroy (jsc#PED-1549).
+- net/mlx5: Use devl_ API in mlx5_esw_devlink_sf_port_register
+ (jsc#PED-1549).
+- net/mlx5: Use devl_ API in
+ mlx5_esw_offloads_devlink_port_register (jsc#PED-1549).
+- devlink: Remove unused function devlink_rate_nodes_destroy
+ (jsc#PED-1549).
+- net/mlx5: Use devl_ API for rate nodes destroy (jsc#PED-1549).
+- net/mlx5: Remove devl_unlock from
+ mlx5_eswtich_mode_callback_enter (jsc#PED-1549).
+- net/mlx5: fix 32bit build (jsc#PED-1549).
+- net/mlx5e: TC, Support offloading police action (jsc#PED-1549).
+- net/mlx5e: Add flow_action to parse state (jsc#PED-1549).
+- net/mlx5e: Add post meter table for flow metering
+ (jsc#PED-1549).
+- net/mlx5e: Add generic macros to use metadata register mapping
+ (jsc#PED-1549).
+- net/mlx5e: Get or put meter by the index of tc police action
+ (jsc#PED-1549).
+- net/mlx5e: Add support to modify hardware flow meter parameters
+ (jsc#PED-1549).
+- net/mlx5e: Prepare for flow meter offload if hardware supports
+ it (jsc#PED-1549).
+- net/mlx5: Implement interfaces to control ASO SQ and CQ
+ (jsc#PED-1549).
+- net/mlx5: Add support to create SQ and CQ for ASO
+ (jsc#PED-1549).
+- net/mlx5: E-switch: Change eswitch mode only via devlink command
+ (jsc#PED-1549).
+- net/mlx5: E-switch, Remove dependency between sriov and eswitch
+ mode (jsc#PED-1549).
+- net/mlx5: E-switch, Introduce flag to indicate if fdb table
+ is created (jsc#PED-1549).
+- net/mlx5: E-switch, Introduce flag to indicate if vport acl
+ namespace is created (jsc#PED-1549).
+- net/mlx5: delete dead code in mlx5_esw_unlock() (jsc#PED-1549).
+- net/mlx5: Delete ipsec_fs header file as not used
+ (jsc#PED-1549).
+- intel/ixgbevf:fix repeated words in comments (jsc#PED-373).
+- intel/igc:fix repeated words in comments (jsc#PED-375).
+- intel/igbvf:fix repeated words in comments (jsc#PED-370).
+- intel/igb:fix repeated words in comments (jsc#PED-370).
+- intel/iavf:fix repeated words in comments (jsc#PED-835).
+- intel/i40e:fix repeated words in comments (jsc#PED-372).
+- ixgbe: drop unexpected word 'for' in comments (jsc#PED-373).
+- igb: remove unexpected word "the" (jsc#PED-370).
+- ixgbe: remove unexpected word "the" (jsc#PED-373).
+- i40e: read the XDP program once per NAPI (jsc#PED-372).
+- intel/i40e: delete if NULL check before dev_kfree_skb
+ (jsc#PED-372).
+- i40e: Remove unnecessary synchronize_irq() before free_irq()
+ (jsc#PED-372).
+- i40e: Add support for ethtool -s <interface> speed <speed in Mb>
+ (jsc#PED-372).
+- mlxsw: Add a resource describing number of RIFs (jsc#PED-1549).
+- mlxsw: Keep track of number of allocated RIFs (jsc#PED-1549).
+- i40e: add xdp frags support to ndo_xdp_xmit (jsc#PED-372).
+- net/mlx5: Add bits and fields to support enhanced CQE
+ compression (jsc#PED-1549).
+- net/mlx5: Remove not used MLX5_CAP_BITS_RW_MASK (jsc#PED-1549).
+- net/mlx5: group fdb cleanup to single function (jsc#PED-1549).
+- net/mlx5: Add support EXECUTE_ASO action for flow entry
+ (jsc#PED-1549).
+- net/mlx5: Add HW definitions of vport debug counters
+ (jsc#PED-1549).
+- net/mlx5: Add IFC bits and enums for flow meter (jsc#PED-1549).
+- RDMA/mlx5: Support handling of modify-header pattern ICM area
+ (jsc#PED-1552).
+- net/mlx5: Manage ICM of type modify-header pattern
+ (jsc#PED-1549).
+- net/mlx5: Introduce header-modify-pattern ICM properties
+ (jsc#PED-1549).
+- drivers/net/ethernet/intel: fix typos in comments (jsc#PED-373).
+- ixgbe: Fix typos in comments (jsc#PED-373).
+- igb: Remove duplicate defines (jsc#PED-370).
+- drivers, ixgbe: export vf statistics (jsc#PED-373).
+- devlink: adopt u64_stats_t (jsc#PED-1549).
+- iavf: Add waiting for response from PF in set mac (jsc#PED-835).
+- i40e: Add VF VLAN pruning (jsc#PED-372).
+- i40e: Fix interface init with MSI interrupts (no MSI-X)
+ (jsc#PED-372).
+- iavf: Fix missing state logs (jsc#PED-835).
+- iavf: Fix handling of dummy receive descriptors (jsc#PED-835).
+- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
+ (jsc#PED-835).
+- iavf: Fix VLAN_V2 addition/rejection (jsc#PED-835).
+- ixgbe: Add locking to prevent panic when setting sriov_numvfs
+ to zero (jsc#PED-373).
+- i40e: Fix erroneous adapter reinitialization during recovery
+ process (jsc#PED-372).
+- igc: Reinstate IGC_REMOVED logic and implement it properly
+ (jsc#PED-375).
+- net/mlx5e: Ring the TX doorbell on DMA errors (jsc#PED-1549).
+- net/mlx5e: Fix capability check for updating vnic env counters
+ (jsc#PED-1549).
+- net/mlx5e: CT: Use own workqueue instead of mlx5e priv
+ (jsc#PED-1549).
+- net/mlx5: Lag, correct get the port select mode str
+ (jsc#PED-1549).
+- net/mlx5e: Fix enabling sriov while tc nic rules are offloaded
+ (jsc#PED-1549).
+- net/mlx5e: kTLS, Fix build time constant test in RX
+ (jsc#PED-1549).
+- net/mlx5e: kTLS, Fix build time constant test in TX
+ (jsc#PED-1549).
+- net/mlx5: Lag, decouple FDB selection and shared FDB
+ (jsc#PED-1549).
+- net/mlx5: TC, allow offload from uplink to other PF's VF
+ (jsc#PED-1549).
+- i40e: Fix VF's MAC Address change on VM (jsc#PED-372).
+- i40e: Fix dropped jumbo frames statistics (jsc#PED-372).
+- vhost-vdpa: call vhost_vdpa_cleanup during the release
+ (jsc#PED-1549).
+- vdpa/mlx5: Initialize CVQ vringh only once (jsc#PED-1549).
+- vdpa/mlx5: Update Control VQ callback information
+ (jsc#PED-1549).
+- igb: Make DMA faster when CPU is active on the PCIe link
+ (jsc#PED-370).
+- igb: fix a use-after-free issue in igb_clean_tx_ring
+ (jsc#PED-370).
+- iavf: Fix issue with MAC address of VF shown as zero
+ (jsc#PED-835).
+- i40e: Fix call trace in setup_tx_descriptors (jsc#PED-372).
+- i40e: Fix calculating the number of queue pairs (jsc#PED-372).
+- i40e: Fix adding ADQ filter to TC0 (jsc#PED-372).
+- vdpa: make get_vq_group and set_group_asid optional
+ (jsc#PED-1549).
+- vdpa/mlx5: clean up indenting in handle_ctrl_vlan()
+ (jsc#PED-1549).
+- vdpa/mlx5: fix error code for deleting vlan (jsc#PED-1549).
+- vdpa/mlx5: Fix syntax errors in comments (jsc#PED-1549).
+- net/mlx5: fs, fail conflicting actions (jsc#PED-1549).
+- net/mlx5: Rearm the FW tracer after each tracer event
+ (jsc#PED-1549).
+- net/mlx5: E-Switch, pair only capable devices (jsc#PED-1549).
+- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules
+ (jsc#PED-1549).
+- Revert "net/mlx5e: Allow relaxed ordering over VFs"
+ (jsc#PED-1549).
+- ixgbe: fix unexpected VLAN Rx in promisc mode on VF
+ (jsc#PED-373).
+- ixgbe: fix bcast packets Rx on VF after promisc removal
+ (jsc#PED-373).
+- mellanox: mlx5: avoid uninitialized variable warning with gcc-12
+ (jsc#PED-1549).
+- vdpa: Use helper for safer setting of driver_override
+ (jsc#PED-1549).
+- driver: platform: Add helper for safer setting of
+ driver_override (jsc#PED-1549).
+- vdpa: ifcvf: set pci driver data in probe (jsc#PED-1549).
+- vdpa/mlx5: Add RX MAC VLAN filter support (jsc#PED-1549).
+- vdpa/mlx5: Remove flow counter from steering (jsc#PED-1549).
+- vhost-vdpa: return -EFAULT on copy_to_user() failure
+ (jsc#PED-1549).
+- vDPA/ifcvf: fix uninitialized config_vector warning
+ (jsc#PED-1549).
+- vdpa/vp_vdpa : add vdpa tool support in vp_vdpa (jsc#PED-1549).
+- vhost-vdpa: support ASID based IOTLB API (jsc#PED-1549).
+- vhost-vdpa: introduce uAPI to set group ASID (jsc#PED-1549).
+- vhost-vdpa: uAPI to get virtqueue group id (jsc#PED-1549).
+- vhost-vdpa: introduce uAPI to get the number of address spaces
+ (jsc#PED-1549).
+- vhost-vdpa: introduce uAPI to get the number of virtqueue groups
+ (jsc#PED-1549).
+- vhost-vdpa: introduce asid based IOTLB (jsc#PED-1549).
+- vhost: support ASID in IOTLB API (jsc#PED-1549).
+- vhost_iotlb: split out IOTLB initialization (jsc#PED-1549).
+- vdpa: introduce config operations for associating ASID to a
+ virtqueue group (jsc#PED-1549).
+- vdpa: multiple address spaces support (jsc#PED-1549).
+- vdpa: introduce virtqueue groups (jsc#PED-1549).
+- vhost-vdpa: switch to use vhost-vdpa specific IOTLB
+ (jsc#PED-1549).
+- vhost-vdpa: passing iotlb to IOMMU mapping helpers
+ (jsc#PED-1549).
+- vhost: move the backend feature bits to vhost_types.h
+ (jsc#PED-1549).
+- vdpa/mlx5: Use readers/writers semaphore instead of mutex
+ (jsc#PED-1549).
+- vdpa/mlx5: Add support for reading descriptor statistics
+ (jsc#PED-1549).
+- net/vdpa: Use readers/writers semaphore instead of cf_mutex
+ (jsc#PED-1549).
+- vdpa: Add support for querying vendor statistics (jsc#PED-1549).
+- net/mlx5: Fix mlx5_get_next_dev() peer device matching
+ (jsc#PED-1549).
+- net/mlx5e: Update netdev features after changing XDP state
+ (jsc#PED-1549).
+- net/mlx5: correct ECE offset in query qp output (jsc#PED-1549).
+- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race
+ condition (jsc#PED-1549).
+- net/mlx5: CT: Fix header-rewrite re-use for tupels
+ (jsc#PED-1549).
+- net/mlx5e: TC NIC mode, fix tc chains miss table (jsc#PED-1549).
+- net/mlx5: Don't use already freed action pointer (jsc#PED-1549).
+- net/mlx5: Expose mlx5_sriov_blocking_notifier_register /
+ unregister APIs (jsc#PED-1549).
+- RDMA/mlx5: Remove duplicate pointer assignment in
+ mlx5_ib_alloc_implicit_mr() (jsc#PED-1552).
+- RDMA/mlx5: Clean UMR QP type flow from mlx5_ib_post_send()
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update xlt
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update MR pas
+ (jsc#PED-1552).
+- RDMA/mlx5: Move creation and free of translation tables to umr.c
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to rereg pd access
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to revoke MRs
+ (jsc#PED-1552).
+- RDMA/mlx5: Introduce mlx5_umr_post_send_wait() (jsc#PED-1552).
+- RDMA/mlx5: Expose wqe posting helpers outside of wr.c
+ (jsc#PED-1552).
+- RDMA/mlx5: Simplify get_umr_update_access_mask() (jsc#PED-1552).
+- RDMA/mlx5: Move mkey ctrl segment logic to umr.c (jsc#PED-1552).
+- RDMA/mlx5: Move umr checks to umr.h (jsc#PED-1552).
+- RDMA/mlx5: Move init and cleanup of UMR to umr.c (jsc#PED-1552).
+- RDMA/mlx5: Fix flow steering egress flow (jsc#PED-1552).
+- net/mlx5: fix typo in comment (jsc#PED-1549).
+- net/mlx5: fix multiple definitions of mlx5_lag_mpesw_init /
+ mlx5_lag_mpesw_cleanup (jsc#PED-1549).
+- net/mlx5: Support multiport eswitch mode (jsc#PED-1549).
+- net/mlx5: Remove unused argument (jsc#PED-1549).
+- net/mlx5: Lag, refactor lag state machine (jsc#PED-1549).
+- net/mlx5e: Add XDP SQs to uplink representors steering tables
+ (jsc#PED-1549).
+- net/mlx5e: Correct the calculation of max channels for rep
+ (jsc#PED-1549).
+- net/mlx5e: CT: Add ct driver counters (jsc#PED-1549).
+- net/mlx5e: Allow relaxed ordering over VFs (jsc#PED-1549).
+- net/mlx5e: Support partial GSO for tunnels over vlans
+ (jsc#PED-1549).
+- net/mlx5e: IPoIB, Improve ethtool rxnfc callback structure in
+ IPoIB (jsc#PED-1549).
+- net/mlx5e: Allocate virtually contiguous memory for reps
+ structures (jsc#PED-1549).
+- net/mlx5e: Allocate virtually contiguous memory for VLANs list
+ (jsc#PED-1549).
+- net/mlx5: Allocate virtually contiguous memory in pci_irq.c
+ (jsc#PED-1549).
+- net/mlx5: Allocate virtually contiguous memory in vport.c
+ (jsc#PED-1549).
+- net/mlx5: Inline db alloc API function (jsc#PED-1549).
+- net/mlx5: Add last command failure syndrome to debugfs
+ (jsc#PED-1549).
+- net/mlx5: sparse: error: context imbalance in
+ 'mlx5_vf_get_core_dev' (jsc#PED-1549).
+- ixgbe: add xdp frags support to ndo_xdp_xmit (jsc#PED-373).
+- net/mlx5e: Use XFRM state direction instead of flags
+ (jsc#PED-1549).
+- ixgbe: propagate XFRM offload state direction instead of flags
+ (jsc#PED-373).
+- xfrm: store and rely on direction to construct offload flags
+ (jsc#PED-373).
+- xfrm: rename xfrm_state_offload struct to allow reuse
+ (jsc#PED-373).
+- xfrm: delete not used number of external headers (jsc#PED-373).
+- xfrm: free not used XFRM_ESP_NO_TRAILER flag (jsc#PED-373).
+- igc: Change type of the 'igc_check_downshift' method
+ (jsc#PED-375).
+- igc: Remove unused phy_type enum (jsc#PED-375).
+- igc: Remove igc_set_spd_dplx method (jsc#PED-375).
+- net/mlx5: Lag, add debugfs to query hardware lag state
+ (jsc#PED-1549).
+- net/mlx5: Lag, use buckets in hash mode (jsc#PED-1549).
+- net/mlx5: Lag, refactor dmesg print (jsc#PED-1549).
+- net/mlx5: Support devices with more than 2 ports (jsc#PED-1549).
+- net/mlx5: Lag, use actual number of lag ports (jsc#PED-1549).
+- net/mlx5: Lag, use hash when in roce lag on 4 ports
+ (jsc#PED-1549).
+- net/mlx5: Lag, support single FDB only on 2 ports
+ (jsc#PED-1549).
+- net/mlx5: Lag, store number of ports inside lag object
+ (jsc#PED-1549).
+- net/mlx5: Lag, filter non compatible devices (jsc#PED-1549).
+- net/mlx5: Lag, use lag lock (jsc#PED-1549).
+- net/mlx5: Lag, move E-Switch prerequisite check into lag code
+ (jsc#PED-1549).
+- net/mlx5: devcom only supports 2 ports (jsc#PED-1549).
+- net/mlx5: Lag, expose number of lag ports (jsc#PED-1552).
+- net/mlx5: Increase FW pre-init timeout for health recovery
+ (jsc#PED-1549).
+- net/mlx5: Add exit route when waiting for FW (jsc#PED-1549).
+- igb: Convert kmap() to kmap_local_page() (jsc#PED-370).
+- ixgbe: Fix module_param allow_unsupported_sfp type
+ (jsc#PED-373).
+- net/mlx5: Allow future addition of IPsec object modifiers
+ (jsc#PED-1549).
+- net/mlx5: Don't perform lookup after already known sec_path
+ (jsc#PED-1549).
+- net/mlx5: Cleanup XFRM attributes struct (jsc#PED-1549).
+- net/mlx5: Remove not-supported ICV length (jsc#PED-1549).
+- net/mlx5: Simplify IPsec capabilities logic (jsc#PED-1549).
+- net/mlx5: Don't advertise IPsec netdev support for non-IPsec
+ device (jsc#PED-1549).
+- net/mlx5: Make sure that no dangling IPsec FS pointers exist
+ (jsc#PED-1549).
+- net/mlx5: Clean IPsec FS add/delete rules (jsc#PED-1549).
+- net/mlx5: Simplify HW context interfaces by using SA entry
+ (jsc#PED-1549).
+- net/mlx5: Remove indirections from esp functions (jsc#PED-1549).
+- net/mlx5: Merge various control path IPsec headers into one file
+ (jsc#PED-1549).
+- net/mlx5: Remove useless validity check (jsc#PED-1549).
+- net/mlx5: Store IPsec ESN update work in XFRM state
+ (jsc#PED-1549).
+- net/mlx5: Reduce useless indirection in IPsec FS add/delete
+ flows (jsc#PED-1549).
+- net/mlx5: Don't hide fallback to software IPsec in FS code
+ (jsc#PED-1549).
+- net/mlx5: Check IPsec TX flow steering namespace in advance
+ (jsc#PED-1549).
+- net/mlx5: Simplify IPsec flow steering init/cleanup functions
+ (jsc#PED-1549).
+- net/mlx5: fs, an FTE should have no dests when deleted
+ (jsc#PED-1549).
+- net/mlx5: fs, call the deletion function of the node
+ (jsc#PED-1549).
+- net/mlx5: fs, delete the FTE when there are no rules attached
+ to it (jsc#PED-1549).
+- net/mlx5: fs, do proper bookkeeping for forward destinations
+ (jsc#PED-1549).
+- net/mlx5: fs, add unused destination type (jsc#PED-1549).
+- net/mlx5: fs, jump to exit point and don't fall through
+ (jsc#PED-1549).
+- net/mlx5: fs, refactor software deletion rule (jsc#PED-1549).
+- net/mlx5: fs, split software and IFC flow destination
+ definitions (jsc#PED-1549).
+- net/mlx5e: TC, set proper dest type (jsc#PED-1549).
+- net/mlx5e: Remove unused mlx5e_dcbnl_build_rep_netdev function
+ (jsc#PED-1549).
+- net/mlx5e: Drop error CQE handling from the XSK RX handler
+ (jsc#PED-1549).
+- net/mlx5: Print initializing field in case of timeout
+ (jsc#PED-1549).
+- net/mlx5: Delete redundant default assignment of runtime
+ devlink params (jsc#PED-1549).
+- net/mlx5: Remove useless kfree (jsc#PED-1549).
+- net/mlx5: use kvfree() for kvzalloc() in
+ mlx5_ct_fs_smfs_matcher_create (jsc#PED-1549).
+- i40e, xsk: Get rid of redundant 'fallthrough' (jsc#PED-372).
+- ixgbe, xsk: Get rid of redundant 'fallthrough' (jsc#PED-373).
+- mlx5, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-1549).
+- ixgbe, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-373).
+- i40e, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-372).
+- ixgbe, xsk: Terminate Rx side of NAPI when XSK Rx queue gets
+ full (jsc#PED-373).
+- i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full
+ (jsc#PED-372).
+- ixgbe, xsk: Decorate IXGBE_XDP_REDIR with likely()
+ (jsc#PED-373).
+- ipv6: Use ipv6_only_sock() helper in condition (jsc#PED-1549).
+- mlxsw: spectrum: Introduce port mapping change event processing
+ (jsc#PED-1549).
+- mlxsw: Narrow the critical section of devl_lock during ports
+ creation/removal (jsc#PED-1549).
+- mlxsw: reg: Add Ports Mapping Event Configuration Register
+ (jsc#PED-1549).
+- mlxsw: spectrum: Allocate port mapping array of structs instead
+ of pointers (jsc#PED-1549).
+- devlink: add port to line card relationship set (jsc#PED-1549).
+- devlink: implement line card active state (jsc#PED-1549).
+- devlink: implement line card provisioning (jsc#PED-1549).
+- devlink: add support to create line card and expose to user
+ (jsc#PED-1549).
+- i40e: Add Ethernet Connection X722 for 10GbE SFP+ support
+ (jsc#PED-372).
+- i40e: Add vsi.tx_restart to i40e ethtool stats (jsc#PED-372).
+- i40e: Add tx_stopped stat (jsc#PED-372).
+- i40e: Add support for MPLS + TSO (jsc#PED-372).
+- net/mlx5: Remove not-implemented IPsec capabilities
+ (jsc#PED-1549).
+- net/mlx5: Remove ipsec_ops function table (jsc#PED-1549).
+- net/mlx5: Move IPsec file to relevant directory (jsc#PED-1549).
+- net/mlx5: Remove not-needed IPsec config (jsc#PED-1549).
+- net/mlx5: Align flow steering allocation namespace to common
+ style (jsc#PED-1549).
+- net/mlx5: Unify device IPsec capabilities check (jsc#PED-1549).
+- net/mlx5: Remove useless IPsec device checks (jsc#PED-1549).
+- net/mlx5: Remove ipsec vs. ipsec offload file separation
+ (jsc#PED-1549).
+- RDMA/mlx5: Drop crypto flow steering API (jsc#PED-1549).
+- RDMA/mlx5: Delete never supported IPsec flow action
+ (jsc#PED-1552).
+- net/mlx5: Remove FPGA ipsec specific statistics (jsc#PED-1549).
+- net/mlx5: Remove XFRM no_trailer flag (jsc#PED-1549).
+- net/mlx5: Remove not-used IDA field from IPsec struct
+ (jsc#PED-1549).
+- net/mlx5: Delete metadata handling logic (jsc#PED-1549).
+- IB/mlx5: Fix undefined behavior due to shift overflowing the
+ constant (jsc#PED-1549).
+- net/mlx5: Cleanup kTLS function names and their exposure
+ (jsc#PED-1549).
+- net/mlx5: Remove tls vs. ktls separation as it is the same
+ (jsc#PED-1549).
+- net/mlx5: Remove indirection in TLS build (jsc#PED-1549).
+- net/mlx5: Reliably return TLS device capabilities
+ (jsc#PED-1549).
+- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples
+ (jsc#PED-1549).
+- net/mlx5e: CT: Fix support for GRE tuples (jsc#PED-1549).
+- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock
+ (jsc#PED-1549).
+- net/mlx5: DR, Ignore modify TTL on RX if device doesn't support
+ it (jsc#PED-1549).
+- net/mlx5: Initialize flow steering during driver probe
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix missing flow_source when creating
+ multi-destination FW table (jsc#PED-1549).
+- vdpa/mlx5: Use consistent RQT size (jsc#PED-1549).
+- net/mlx5e: Avoid checking offload capability in post_parse
+ action (jsc#PED-1549).
+- net/mlx5e: TC, fix decap fallback to uplink when int port not
+ supported (jsc#PED-1549).
+- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata
+ (jsc#PED-1549).
+- net/mlx5e: Don't match double-vlan packets if cvlan is not set
+ (jsc#PED-1549).
+- net/sched: flower: fix parsing of ethertype following VLAN
+ header (jsc#PED-1549).
+- vdpa: mlx5: synchronize driver status with CVQ (jsc#PED-1549).
+- vdpa: mlx5: prevent cvq work from hogging CPU (jsc#PED-1549).
+- vdpa/mlx5: Avoid processing works if workqueue was destroyed
+ (jsc#PED-1549).
+- vhost: handle error while adding split ranges to iotlb
+ (jsc#PED-1549).
+- vdpa: support exposing the count of vqs to userspace
+ (jsc#PED-1549).
+- vdpa: change the type of nvqs to u32 (jsc#PED-1549).
+- vdpa: support exposing the config size to userspace
+ (jsc#PED-1549).
+- vdpa/mlx5: re-create forwarding rules after mac modified
+ (jsc#PED-1549).
+- net/mlx5: Add support for configuring max device MTU
+ (jsc#PED-1549).
+- vDPA/ifcvf: implement shared IRQ feature (jsc#PED-1549).
+- vDPA/ifcvf: implement device MSIX vector allocator
+ (jsc#PED-1549).
+- vDPA/ifcvf: make use of virtio pci modern IO helpers in ifcvf
+ (jsc#PED-1549).
+- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled()
+ (jsc#PED-1552).
+- RDMA/mlx5: Store ndescs instead of the translation table size
+ (jsc#PED-1552).
+- RDMA/mlx5: Merge similar flows of allocating MR from the cache
+ (jsc#PED-1552).
+- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent
+ (jsc#PED-1552).
+- RDMA/mlx5: Delete useless module.h include (jsc#PED-1552).
+- RDMA/mlx5: Delete get_num_static_uars function (jsc#PED-1552).
+- net/mlx5e: Fix build warning, detected write beyond size of
+ field (jsc#PED-1549).
+- net: veth: Account total xdp_frame len running ndo_xdp_xmit
+ (jsc#PED-373).
+- devlink: hold the instance lock during eswitch_mode callbacks
+ (jsc#PED-1549).
+- netdevsim: replace vfs_lock with devlink instance lock
+ (jsc#PED-1549).
+- netdevsim: replace port_list_lock with devlink instance lock
+ (jsc#PED-1549).
+- net/mlx5e: HTB, remove unused function declaration
+ (jsc#PED-1549).
+- net/mlx5e: Statify function mlx5_cmd_trigger_completions
+ (jsc#PED-1549).
+- net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (jsc#PED-1549).
+- net/mlx5e: Permit XDP with non-linear legacy RQ (jsc#PED-1549).
+- net/mlx5e: Support multi buffer XDP_TX (jsc#PED-1549).
+- net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff
+ (jsc#PED-1549).
+- net/mlx5e: Implement sending multi buffer XDP frames
+ (jsc#PED-1549).
+- net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode
+ (jsc#PED-1549).
+- net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX
+ (jsc#PED-1549).
+- net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame
+ (jsc#PED-1549).
+- net/mlx5e: Store DMA address inside struct page (jsc#PED-1549).
+- net/mlx5e: Add XDP multi buffer support to the non-linear
+ legacy RQ (jsc#PED-1549).
+- net/mlx5e: Use page-sized fragments with XDP multi buffer
+ (jsc#PED-1549).
+- net/mlx5e: Use fragments of the same size in non-linear legacy
+ RQ with XDP (jsc#PED-1549).
+- net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer
+ support (jsc#PED-1549).
+- xfrm: delete duplicated functions that calls same
+ xfrm_api_check() (jsc#PED-373).
+- igb: zero hwtstamp by default (jsc#PED-370).
+- i40e: little endian only valid checksums (jsc#PED-372).
+- net/mlx5: Remove unused fill page array API function
+ (jsc#PED-1549).
+- net/mlx5: Remove unused exported contiguous coherent buffer
+ allocation API (jsc#PED-1549).
+- net/mlx5: CT: Remove extra rhashtable remove on tuple entries
+ (jsc#PED-1549).
+- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory
+ (jsc#PED-1549).
+- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce
+ memory (jsc#PED-1549).
+- net/mlx5: DR, Remove num_of_entries byte_size from struct
+ mlx5_dr_icm_chunk (jsc#PED-1549).
+- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce
+ memory (jsc#PED-1549).
+- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk
+ (jsc#PED-1549).
+- net/mlx5: DR, Adjust structure member to reduce memory hole
+ (jsc#PED-1549).
+- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear
+ (jsc#PED-1549).
+- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle
+ (jsc#PED-1549).
+- net/mlx5e: RX, Test the XDP program existence out of the handler
+ (jsc#PED-1549).
+- net/mlx5e: Build SKB in place over the first fragment in
+ non-linear legacy RQ (jsc#PED-1549).
+- net/mlx5e: Add headroom only to the first fragment in legacy RQ
+ (jsc#PED-1549).
+- net/mlx5e: Validate MTU when building non-linear legacy RQ
+ fragments info (jsc#PED-1549).
+- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth
+ explicitly (jsc#PED-1549).
+- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit
+ (jsc#PED-1549).
+- net/sched: add vlan push_eth and pop_eth action to the hardware
+ IR (jsc#PED-1549).
+- devlink: pass devlink_port to port_split / port_unsplit
+ callbacks (jsc#PED-1549).
+- devlink: hold the instance lock in port_split / port_unsplit
+ callbacks (jsc#PED-1549).
+- eth: mlxsw: switch to explicit locking for port registration
+ (jsc#PED-1549).
+- eth: nfp: replace driver's "pf" lock with devlink instance lock
+ (jsc#PED-1549).
+- eth: nfp: wrap locking assertions in helpers (jsc#PED-1549).
+- net/mlx5: Support GRE conntrack offload (jsc#PED-1549).
+- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats
+ (jsc#PED-1549).
+- net/mlx5e: Remove overzealous validations in netlink EEPROM
+ query (jsc#PED-1549).
+- net/mlx5: Parse module mapping using mlx5_ifc (jsc#PED-1549).
+- net/mlx5: Query the maximum MCIA register read size from
+ firmware (jsc#PED-1549).
+- net/mlx5: CT: Create smfs dr matchers dynamically
+ (jsc#PED-1549).
+- net/mlx5: CT: Add software steering ct flow steering provider
+ (jsc#PED-1549).
+- net/mlx5: Add smfs lib to export direct steering API to CT
+ (jsc#PED-1549).
+- net/mlx5: DR, Add helper to get backing dr table from a mlx5
+ flow table (jsc#PED-1549).
+- net/mlx5: CT: Introduce a platform for multiple flow steering
+ providers (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the doorbell pgdir
+ (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for UAR (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the EQs (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the EQ table (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the IRQ table
+ (jsc#PED-1549).
+- net/mlx5: Delete useless module.h include (jsc#PED-1549).
+- net/mlx5: DR, Add support for ConnectX-7 steering
+ (jsc#PED-1549).
+- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1
+ (jsc#PED-1549).
+- net/mlx5: DR, Rename action modify fields to reflect naming
+ in HW spec (jsc#PED-1549).
+- net/mlx5: DR, Fix handling of different actions on the same
+ STE in STEv1 (jsc#PED-1549).
+- net/mlx5: DR, Remove unneeded comments (jsc#PED-1549).
+- net/mlx5: DR, Add support for matching on Internet Header Length
+ (IHL) (jsc#PED-1549).
+- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior
+ (jsc#PED-1549).
+- net/mlx5: Add debugfs counters for page commands failures
+ (jsc#PED-1549).
+- net/mlx5: Add pages debugfs (jsc#PED-1549).
+- net/mlx5: Move debugfs entries to separate struct
+ (jsc#PED-1549).
+- net/mlx5: Change release_all_pages cap bit location
+ (jsc#PED-1549).
+- net/mlx5: Remove redundant error on reclaim pages
+ (jsc#PED-1549).
+- net/mlx5: Remove redundant error on give pages (jsc#PED-1549).
+- net/mlx5: Remove redundant notify fail on give pages
+ (jsc#PED-1549).
+- net/mlx5: Add command failures data to debugfs (jsc#PED-1549).
+- net/mlx5e: TC, Fix use after free in
+ mlx5e_clone_flow_attr_for_post_act() (jsc#PED-1549).
+- mlx5: add support for page_pool_get_stats (jsc#PED-1549).
+- iavf: Remove non-inclusive language (jsc#PED-835).
+- iavf: Fix incorrect use of assigning iavf_status to int
+ (jsc#PED-835).
+- iavf: stop leaking iavf_status as "errno" values (jsc#PED-835).
+- iavf: remove redundant ret variable (jsc#PED-835).
+- iavf: Add usage of new virtchnl format to set default MAC
+ (jsc#PED-835).
+- iavf: refactor processing of VLAN V2 capability message
+ (jsc#PED-835).
+- iavf: Add support for 50G/100G in AIM algorithm (jsc#PED-835).
+- net/mlx5: Add clarification on sync reset failure
+ (jsc#PED-1549).
+- net/mlx5: Add reset_state field to MFRL register (jsc#PED-1549).
+- RDMA/mlx5: Use new command interface API (jsc#PED-1552).
+- net/mlx5: cmdif, Refactor error handling and reporting of
+ async commands (jsc#PED-1549).
+- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct}
+ (jsc#PED-1549).
+- net/mlx5: cmdif, Add new api for command execution
+ (jsc#PED-1549).
+- net/mlx5: cmdif, cmd_check refactoring (jsc#PED-1549).
+- net/mlx5: cmdif, Return value improvements (jsc#PED-1549).
+- net/mlx5: Lag, offload active-backup drops to hardware
+ (jsc#PED-1549).
+- net/mlx5: Lag, record inactive state of bond device
+ (jsc#PED-1549).
+- net/mlx5: Lag, don't use magic numbers for ports (jsc#PED-1549).
+- net/mlx5: Lag, use local variable already defined to access
+ E-Switch (jsc#PED-1549).
+- net/mlx5: E-switch, add drop rule support to ingress ACL
+ (jsc#PED-1549).
+- net/mlx5: E-switch, remove special uplink ingress ACL handling
+ (jsc#PED-1549).
+- net/mlx5: E-Switch, reserve and use same uplink metadata across
+ ports (jsc#PED-1549).
+- net/mlx5: Add ability to insert to specific flow group
+ (jsc#PED-1549).
+- mlx5: remove unused static inlines (jsc#PED-1549).
+- flow_offload: reject offload for all drivers with invalid
+ police parameters (jsc#PED-1549).
+- net: flow_offload: add tc police action parameters
+ (jsc#PED-1549).
+- nfp: add support to offload police action from flower table
+ (jsc#PED-1549).
+- nfp: add process to get action stats from hardware
+ (jsc#PED-1549).
+- nfp: add hash table to store meter table (jsc#PED-1549).
+- nfp: add support to offload tc action to hardware
+ (jsc#PED-1549).
+- nfp: refactor policer config to support ingress/egress meter
+ (jsc#PED-1549).
+- ixgbe: Remove non-inclusive language (jsc#PED-373).
+- ixgbevf: clean up some inconsistent indenting (jsc#PED-373).
+- net/mlx5e: TC, Allow sample action with CT (jsc#PED-1549).
+- net/mlx5e: TC, Make post_act parse CT and sample actions
+ (jsc#PED-1549).
+- net/mlx5e: TC, Clean redundant counter flag from tc action
+ parsers (jsc#PED-1549).
+- net/mlx5e: Use multi table support for CT and sample actions
+ (jsc#PED-1549).
+- net/mlx5e: Create new flow attr for multi table actions
+ (jsc#PED-1549).
+- net/mlx5e: Add post act offload/unoffload API (jsc#PED-1549).
+- net/mlx5e: Pass actions param to actions_match_supported()
+ (jsc#PED-1549).
+- net/mlx5e: TC, Move flow hashtable to be per rep (jsc#PED-1549).
+- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev
+ mode (jsc#PED-1549).
+- net/mlx5e: E-Switch, Add PTP counters for uplink representor
+ (jsc#PED-1549).
+- net/mlx5e: RX, Restrict bulk size for small Striding RQs
+ (jsc#PED-1549).
+- net/mlx5e: Default to Striding RQ when not conflicting with
+ CQE compression (jsc#PED-1549).
+- net/mlx5e: Generalize packet merge error message (jsc#PED-1549).
+- net/mlx5e: Add support for using xdp->data_meta (jsc#PED-1549).
+- net/mlx5e: Fix spelling mistake "supoported" -> "supported"
+ (jsc#PED-1549).
+- net/mlx5e: Optimize the common case condition in
+ mlx5e_select_queue (jsc#PED-1549).
+- net/mlx5e: Optimize modulo in mlx5e_select_queue (jsc#PED-1549).
+- net/mlx5e: Optimize mlx5e_select_queue (jsc#PED-1549).
+- net/mlx5e: Move repeating code that gets TC prio into a function
+ (jsc#PED-1549).
+- net/mlx5e: Use select queue parameters to sync with control flow
+ (jsc#PED-1549).
+- net/mlx5e: Move mlx5e_select_queue to en/selq.c (jsc#PED-1549).
+- net/mlx5e: Introduce select queue parameters (jsc#PED-1549).
+- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues
+ (jsc#PED-1549).
+- net/mlx5e: Use a barrier after updating txq2sq (jsc#PED-1549).
+- net/mlx5e: Disable TX queues before registering the netdev
+ (jsc#PED-1549).
+- net/mlx5e: Cleanup of start/stop all queues (jsc#PED-1549).
+- net/mlx5e: Use FW limitation for max MPW WQEBBs (jsc#PED-1549).
+- net/mlx5e: Read max WQEBBs on the SQ from firmware
+ (jsc#PED-1549).
+- net/mlx5e: Remove unused tstamp SQ field (jsc#PED-1549).
+- i40e: xsk: Move tmp desc array from driver to pool
+ (jsc#PED-372).
+- i40e: Add a stat for tracking busy rx pages (jsc#PED-372).
+- i40e: Add a stat for tracking pages waived (jsc#PED-372).
+- i40e: Add a stat tracking new RX page allocations (jsc#PED-372).
+- i40e: Aggregate and export RX page reuse stat (jsc#PED-372).
+- i40e: Remove rx page reuse double count (jsc#PED-372).
+- i40e: Fix race condition while adding/deleting MAC/VLAN filters
+ (jsc#PED-372).
+- i40e: Add new version of i40e_aq_add_macvlan function
+ (jsc#PED-372).
+- i40e: Add new versions of send ASQ command functions
+ (jsc#PED-372).
+- i40e: Add sending commands in atomic context (jsc#PED-372).
+- i40e: Remove unused RX realloc stat (jsc#PED-372).
+- i40e: Disable hw-tc-offload feature on driver load
+ (jsc#PED-372).
+- mlxsw: spectrum: Guard against invalid local ports
+ (jsc#PED-1549).
+- net/mlx5: VLAN push on RX, pop on TX (jsc#PED-1549).
+- net/mlx5: Introduce software defined steering capabilities
+ (jsc#PED-1549).
+- net/mlx5: Remove unused TIR modify bitmask enums (jsc#PED-1549).
+- net/mlx5e: CT, Remove redundant flow args from tc ct calls
+ (jsc#PED-1549).
+- net/mlx5e: TC, Store mapped tunnel id on flow attr
+ (jsc#PED-1549).
+- net/mlx5e: Test CT and SAMPLE on flow attr (jsc#PED-1549).
+- net/mlx5e: Refactor eswitch attr flags to just attr flags
+ (jsc#PED-1549).
+- net/mlx5e: CT, Don't set flow flag CT for ct clear flow
+ (jsc#PED-1549).
+- net/mlx5e: TC, Hold sample_attr on stack instead of pointer
+ (jsc#PED-1549).
+- net/mlx5e: TC, Reject rules with multiple CT actions
+ (jsc#PED-1549).
+- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get
+ flow attr (jsc#PED-1549).
+- net/mlx5e: TC, Pass attr to tc_act can_offload() (jsc#PED-1549).
+- net/mlx5e: TC, Split pedit offloads verify from
+ alloc_tc_pedit_action() (jsc#PED-1549).
+- net/mlx5e: TC, Move pedit_headers_action to parse_attr
+ (jsc#PED-1549).
+- net/mlx5e: Move counter creation call to
+ alloc_flow_attr_counter() (jsc#PED-1549).
+- net/mlx5e: Pass attr arg for attaching/detaching encaps
+ (jsc#PED-1549).
+- net/mlx5e: Move code chunk setting encap dests into its own
+ function (jsc#PED-1549).
+- igbvf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-370).
+- igb: Remove useless DMA-32 fallback configuration (jsc#PED-370).
+- igc: Remove useless DMA-32 fallback configuration (jsc#PED-375).
+- iavf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-835).
+- i40e: Remove useless DMA-32 fallback configuration
+ (jsc#PED-372).
+- ixgbevf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-373).
+- ixgbe: Remove useless DMA-32 fallback configuration
+ (jsc#PED-373).
+- bpf: add frags support to the bpf_xdp_adjust_tail() API
+ (jsc#PED-373).
+- bpf: introduce bpf_xdp_get_buff_len helper (jsc#PED-373).
+- xdp: add frags support to xdp_return_{buff/frame} (jsc#PED-373).
+- net/mlx5: Add migration commands definitions (jsc#PED-1549).
+- net/mlx5: Introduce migration bits and structures
+ (jsc#PED-1549).
+- net/mlx5: Expose APIs to get/put the mlx5 core device
+ (jsc#PED-1549).
+- PCI/IOV: Add pci_iov_get_pf_drvdata() to allow VF reaching
+ the drvdata of a PF (jsc#PED-1549).
+- net/mlx5: Reuse exported virtfn index function call
+ (jsc#PED-1549).
+- PCI/IOV: Add pci_iov_vf_id() to get VF index (jsc#PED-1549).
+- iavf: Fix adopting new combined setting (jsc#PED-835).
+- vdpa: fix use-after-free on vp_vdpa_remove (jsc#PED-1549).
+- vhost: fix hung thread due to erroneous iotlb entries
+ (jsc#PED-1549).
+- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET
+ command (jsc#PED-1549).
+- vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
+ (jsc#PED-1549).
+- vdpa: factor out vdpa_set_features_unlocked for vdpa internal
+ use (jsc#PED-1549).
+- xfrm: enforce validity of offload input flags (jsc#PED-373).
+- net/mlx5e: Fix VF min/max rate parameters interchange mistake
+ (jsc#PED-1549).
+- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
+ (jsc#PED-1549).
+- net/mlx5e: Add feature check for set fec counters
+ (jsc#PED-1549).
+- net/mlx5e: TC, Skip redundant ct clear actions (jsc#PED-1549).
+- net/mlx5: Update log_max_qp value to be 17 at most
+ (jsc#PED-1549).
+- net_sched: add __rcu annotation to netdev->qdisc (jsc#PED-1549).
+- vdpa/mlx5: Fix tracking of current number of VQs (jsc#PED-1549).
+- vdpa/mlx5: Fix is_index_valid() to refer to features
+ (jsc#PED-1549).
+- vdpa: Protect vdpa reset with cf_mutex (jsc#PED-1549).
+- vdpa: Avoid taking cf_mutex lock on get status (jsc#PED-1549).
+- vdpa/mlx5: Report max device capabilities (jsc#PED-1549).
+- vdpa: Support reporting max device capabilities (jsc#PED-1549).
+- vdpa/mlx5: Restore cur_num_vqs in case of failure in
+ change_num_qps() (jsc#PED-1549).
+- vdpa: Add support for returning device configuration information
+ (jsc#PED-1549).
+- vdpa/mlx5: Support configuring max data virtqueue
+ (jsc#PED-1549).
+- vdpa/mlx5: Fix config_attr_mask assignment (jsc#PED-1549).
+- vdpa: Allow to configure max data virtqueues (jsc#PED-1549).
+- vdpa: Read device configuration only if FEATURES_OK
+ (jsc#PED-1549).
+- vdpa: Sync calls set/get config/status with cf_mutex
+ (jsc#PED-1549).
+- vdpa/mlx5: Distribute RX virtqueues in RQT object
+ (jsc#PED-1549).
+- vdpa: Provide interface to read driver features (jsc#PED-1549).
+- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
+ (jsc#PED-1549).
+- vdpa: Mark vdpa_config_ops.get_vq_notification as optional
+ (jsc#PED-1549).
+- vdpa: Avoid duplicate call to vp_vdpa get_status (jsc#PED-1549).
+- net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU
+ (jsc#PED-1549).
+- vdpa: add driver_override support (jsc#PED-1549).
+- docs: document sysfs ABI for vDPA bus (jsc#PED-1549).
+- ifcvf/vDPA: fix misuse virtio-net device config size for blk
+ dev (jsc#PED-1549).
+- RDMA/mlx5: Print wc status on CQE error and dump needed
+ (jsc#PED-1552).
+- RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr
+ (jsc#PED-1552).
+- net/mlx5: Use irq_set_affinity_and_hint() (jsc#PED-1549).
+- ixgbe: Use irq_update_affinity_hint() (jsc#PED-373).
+- i40e: Use irq_update_affinity_hint() (jsc#PED-372).
+- iavf: Use irq_update_affinity_hint() (jsc#PED-835).
+- vdpa/mlx5: Use auxiliary_device driver data helpers
+ (jsc#PED-1549).
+- net/mlx5e: Use auxiliary_device driver data helpers
+ (jsc#PED-1549).
+- RDMA/irdma: Use auxiliary_device driver data helpers
+ (jsc#PED-1552).
+- net: openvswitch: Fix ct_state nat flags for conns arriving
+ from tc (jsc#PED-1549).
+- net/mlx5e: Fix build error in fec_set_block_stats()
+ (jsc#PED-1549).
+- iavf: remove an unneeded variable (jsc#PED-835).
+- i40e: remove variables set but not used (jsc#PED-372).
+- i40e: Remove non-inclusive language (jsc#PED-372).
+- i40e: Update FW API version (jsc#PED-372).
+- i40e: Minimize amount of busy-waiting during AQ send
+ (jsc#PED-372).
+- net/mlx5e: Add recovery flow in case of error CQE
+ (jsc#PED-1549).
+- net/mlx5e: TC, Remove redundant error logging (jsc#PED-1549).
+- net/mlx5e: Refactor set_pflag_cqe_based_moder (jsc#PED-1549).
+- net/mlx5e: Move HW-GRO and CQE compression check to fix features
+ flow (jsc#PED-1549).
+- net/mlx5e: Fix feature check per profile (jsc#PED-1549).
+- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't
+ eswitch manager (jsc#PED-1549).
+- net/mlx5e: Expose FEC counters via ethtool (jsc#PED-1549).
+- net/mlx5: Update log_max_qp value to FW max capability
+ (jsc#PED-1549).
+- net/mlx5: SF, Use all available cpu for setting cpu affinity
+ (jsc#PED-1549).
+- net/mlx5: Introduce API for bulk request and release of IRQs
+ (jsc#PED-1549).
+- net/mlx5: Split irq_pool_affinity logic to new file
+ (jsc#PED-1549).
+- net/mlx5: Move affinity assignment into irq_request
+ (jsc#PED-1549).
+- net/mlx5: Introduce control IRQ request API (jsc#PED-1549).
+- net/mlx5: mlx5e_hv_vhca_stats_create return type to void
+ (jsc#PED-1549).
+- mlxsw: spectrum: Extend to support Spectrum-4 ASIC
+ (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Add support for Spectrum-4
+ calculation (jsc#PED-1549).
+- mlxsw: Add operations structure for bloom filter calculation
+ (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Rename Spectrum-2 specific
+ objects for future use (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Make
+ mlxsw_sp_acl_bf_key_encode() more flexible (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Reorder functions to make
+ the code more aesthetic (jsc#PED-1549).
+- mlxsw: Introduce flex key elements for Spectrum-4
+ (jsc#PED-1549).
+- mlxsw: Rename virtual router flex key element (jsc#PED-1549).
+- net: fixup build after bpf header changes (jsc#PED-1549).
+- net/mlx5: CT: Set flow source hint from provided tuple device
+ (jsc#PED-1549).
+- xsk: Wipe out dead zero_copy_allocator declarations
+ (jsc#PED-373).
+- net/mlx5: Set SMFS as a default steering mode if device supports
+ it (jsc#PED-1549).
+- net/mlx5: DR, Ignore modify TTL if device doesn't support it
+ (jsc#PED-1549).
+- net/mlx5: DR, Improve steering for empty or RX/TX-only matchers
+ (jsc#PED-1549).
+- net/mlx5: DR, Add support for matching on
+ geneve_tlv_option_0_exist field (jsc#PED-1549).
+- net/mlx5: DR, Support matching on tunnel headers 0 and 1
+ (jsc#PED-1549).
+- net/mlx5: DR, Add misc5 to match_param structs (jsc#PED-1549).
+- net/mlx5: Add misc5 flow table match parameters (jsc#PED-1549).
+- net/mlx5: DR, Warn on failure to destroy objects due to refcount
+ (jsc#PED-1549).
+- net/mlx5: DR, Add support for UPLINK destination type
+ (jsc#PED-1549).
+- net/mlx5: DR, Add support for dumping steering info
+ (jsc#PED-1549).
+- net/mlx5: DR, Add missing reserved fields to dr_match_param
+ (jsc#PED-1549).
+- net/mlx5: DR, Add check for flex parser ID value (jsc#PED-1549).
+- net/mlx5: DR, Rename list field in matcher struct to list_node
+ (jsc#PED-1549).
+- net/mlx5: DR, Remove unused struct member in matcher
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix lower case macro prefix "mlx5_" to "MLX5_"
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix error flow in creating matcher (jsc#PED-1549).
+- igb: support EXTTS on 82580/i354/i350 (jsc#PED-370).
+- igb: support PEROUT on 82580/i354/i350 (jsc#PED-370).
+- igb: move PEROUT and EXTTS isr logic to separate functions
+ (jsc#PED-370).
+- igb: move SDP config initialization to separate function
+ (jsc#PED-370).
+- ixgbevf: switch to napi_build_skb() (jsc#PED-373).
+- ixgbe: switch to napi_build_skb() (jsc#PED-373).
+- igc: switch to napi_build_skb() (jsc#PED-375).
+- igb: switch to napi_build_skb() (jsc#PED-370).
+- iavf: switch to napi_build_skb() (jsc#PED-835).
+- i40e: switch to napi_build_skb() (jsc#PED-372).
+- net/mlx5e: Take packet_merge params directly from the RX res
+ struct (jsc#PED-1549).
+- net/mlx5e: Allocate per-channel stats dynamically at first usage
+ (jsc#PED-1549).
+- net/mlx5e: Use dynamic per-channel allocations in stats
+ (jsc#PED-1549).
+- net/mlx5e: Allow profile-specific limitation on max num of
+ channels (jsc#PED-1549).
+- net/mlx5e: Save memory by using dynamic allocation in netdev
+ priv (jsc#PED-1549).
+- net/mlx5e: Add profile indications for PTP and QOS HTB features
+ (jsc#PED-1549).
+- net/mlx5e: Use bitmap field for profile features (jsc#PED-1549).
+- net/mlx5: Remove the repeated declaration (jsc#PED-1549).
+- net/mlx5: Let user configure max_macs generic param
+ (jsc#PED-1549).
+- net/mlx5: Let user configure event_eq_size param (jsc#PED-1549).
+- net/mlx5: Let user configure io_eq_size param (jsc#PED-1549).
+- igbvf: Refactor trace (jsc#PED-370).
+- igb: remove never changed variable `ret_val' (jsc#PED-370).
+- igc: Remove obsolete define (jsc#PED-375).
+- igc: Remove obsolete mask (jsc#PED-375).
+- igc: Remove obsolete nvm type (jsc#PED-375).
+- igc: Remove unused phy type (jsc#PED-375).
+- igc: Remove unused _I_PHY_ID define (jsc#PED-375).
+- net/sched: use min() macro instead of doing it manually
+ (jsc#PED-1549).
+- flow_offload: add reoffload process to update hw_count
+ (jsc#PED-1549).
+- net: sched: save full flags for tc action (jsc#PED-1549).
+- flow_offload: add process to update action stats from hardware
+ (jsc#PED-1549).
+- flow_offload: add skip_hw and skip_sw to control if offload
+ the action (jsc#PED-1549).
+- flow_offload: allow user to offload tc action to net device
+ (jsc#PED-1549).
+- flow_offload: add ops to tc_action_ops for flow action setup
+ (jsc#PED-1549).
+- flow_offload: rename offload functions with offload instead
+ of flow (jsc#PED-1549).
+- flow_offload: add index to flow_action_entry structure
+ (jsc#PED-1549).
+- iavf: Restrict maximum VLAN filters for
+ VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-835).
+- iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev
+ config (jsc#PED-835).
+- virtchnl: Add support for new VLAN capabilities (jsc#PED-835).
+- net/mlx5: Introduce log_max_current_uc_list_wr_supported bit
+ (jsc#PED-1549).
+- RDMA/mlx5: Add support to multiple priorities for FDB rules
+ (jsc#PED-1552).
+- net/mlx5: Create more priorities for FDB bypass namespace
+ (jsc#PED-1549).
+- net/mlx5: Refactor mlx5_get_flow_namespace (jsc#PED-1549).
+- net/mlx5: Separate FDB namespace (jsc#PED-1549).
+- net/mlx5e: Move goto action checks into tc_action goto post
+ parse op (jsc#PED-1549).
+- net/mlx5e: Move vlan action chunk into tc action vlan post
+ parse op (jsc#PED-1549).
+- net/mlx5e: Add post_parse() op to tc action infrastructure
+ (jsc#PED-1549).
+- net/mlx5e: Move sample attr allocation to tc_action sample
+ parse op (jsc#PED-1549).
+- net/mlx5e: TC action parsing loop (jsc#PED-1549).
+- net/mlx5e: Add redirect ingress to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add sample and ptype to tc_action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add ct to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add mirred/redirect to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add mpls push/pop to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add vlan push/pop/mangle to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add pedit to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add csum to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add tunnel encap/decap to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add goto to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add tc action infrastructure (jsc#PED-1549).
+- xfrm: add net device refcount tracker to struct
+ xfrm_state_offload (jsc#PED-373).
+- net/mlx5: Dynamically resize flow counters query buffer
+ (jsc#PED-1549).
+- net/mlx5e: TC, Set flow attr ip_version earlier (jsc#PED-1549).
+- net/mlx5e: TC, Move common flow_action checks into function
+ (jsc#PED-1549).
+- net/mlx5e: Remove redundant actions arg from vlan push/pop funcs
+ (jsc#PED-1549).
+- net/mlx5e: Remove redundant actions arg from
+ validate_goto_chain() (jsc#PED-1549).
+- net/mlx5e: TC, Remove redundant action stack var (jsc#PED-1549).
+- net/mlx5e: Hide function mlx5e_num_channels_changed
+ (jsc#PED-1549).
+- net/mlx5e: SHAMPO, clean MLX5E_MAX_KLM_PER_WQE macro
+ (jsc#PED-1549).
+- net/mlx5: Print more info on pci error handlers (jsc#PED-1549).
+- net/mlx5: SF, silence an uninitialized variable warning
+ (jsc#PED-1549).
+- net/mlx5: Fix error return code in esw_qos_create()
+ (jsc#PED-1549).
+- mlx5: fix mlx5i_grp_sw_update_stats() stack usage
+ (jsc#PED-1549).
+- mlx5: fix psample_sample_packet link error (jsc#PED-1549).
+- mlxsw: Use u16 for local_port field instead of u8
+ (jsc#PED-1549).
+- mlxsw: reg: Adjust PPCNT register to support local port 255
+ (jsc#PED-1549).
+- mlxsw: reg: Increase 'port_num' field in PMTDB register
+ (jsc#PED-1549).
+- mlxsw: reg: Align existing registers to use extended local_port
+ field (jsc#PED-1549).
+- mlxsw: item: Add support for local_port field in a split form
+ (jsc#PED-1549).
+- iavf: Fix displaying queue statistics shown by ethtool
+ (jsc#PED-835).
+- iavf: Refactor string format to avoid static analysis warnings
+ (jsc#PED-835).
+- iavf: Refactor text of informational message (jsc#PED-835).
+- iavf: Fix static code analysis warning (jsc#PED-835).
+- iavf: Refactor iavf_mac_filter struct memory usage
+ (jsc#PED-835).
+- iavf: Enable setting RSS hash key (jsc#PED-835).
+- iavf: return errno code instead of status code (jsc#PED-835).
+- iavf: Log info when VF is entering and leaving Allmulti mode
+ (jsc#PED-835).
+- iavf: Add change MTU message (jsc#PED-835).
+- igc: enable XDP metadata in driver (jsc#PED-375).
+- devlink: Simplify devlink resources unregister call
+ (jsc#PED-1549).
+- mlxsw: spectrum_router: Remove deadcode in
+ mlxsw_sp_rif_mac_profile_find (jsc#PED-1549).
+- net: dsa: felix: restrict psfp rules on ingress port
+ (jsc#PED-1549).
+- net: dsa: felix: use vcap policer to set flow meter for psfp
+ (jsc#PED-1549).
+- net: mscc: ocelot: use index to set vcap policer (jsc#PED-1549).
+- net: dsa: felix: add stream gate settings for psfp
+ (jsc#PED-1549).
+- net: dsa: felix: support psfp filter on vsc9959 (jsc#PED-1549).
+- net: mscc: ocelot: add gate and police action offload to PSFP
+ (jsc#PED-1549).
+- net: mscc: ocelot: set vcap IS2 chain to goto PSFP chain
+ (jsc#PED-1549).
+- ixgbevf: Add support for new mailbox communication between PF
+ and VF (jsc#PED-373).
+- ixgbevf: Mailbox improvements (jsc#PED-373).
+- ixgbevf: Add legacy suffix to old API mailbox functions
+ (jsc#PED-373).
+- ixgbevf: Improve error handling in mailbox (jsc#PED-373).
+- stmmac: fix build due to brainos in trans_start changes
+ (jsc#PED-370).
+- net: annotate accesses to queue->trans_start (jsc#PED-370).
+- net/mlx5: E-switch, Create QoS on demand (jsc#PED-1549).
+- net/mlx5: E-switch, Enable vport QoS on demand (jsc#PED-1549).
+- net/mlx5: E-switch, move offloads mode callbacks to offloads
+ file (jsc#PED-1549).
+- net/mlx5: E-switch, Reuse mlx5_eswitch_set_vport_mac
+ (jsc#PED-1549).
+- net/mlx5: E-switch, Remove vport enabled check (jsc#PED-1549).
+- net/mlx5e: Specify out ifindex when looking up decap route
+ (jsc#PED-1549).
+- net/mlx5e: TC, Move comment about mod header flag to correct
+ place (jsc#PED-1549).
+- net/mlx5e: TC, Move kfree() calls after destroying all resources
+ (jsc#PED-1549).
+- net/mlx5e: TC, Destroy nic flow counter if exists
+ (jsc#PED-1549).
+- net/mlx5: TC, using swap() instead of tmp variable
+ (jsc#PED-1549).
+- net/mlx5: CT: Allow static allocation of mod headers
+ (jsc#PED-1549).
+- net/mlx5e: Refactor mod header management API (jsc#PED-1549).
+- net/mlx5: Avoid printing health buffer when firmware is
+ unavailable (jsc#PED-1549).
+- net/mlx5: Fix format-security build warnings (jsc#PED-1549).
+- net/mlx5e: Support ethtool cq mode (jsc#PED-1549).
+- net: openvswitch: Fix matching zone id for invalid conns
+ arriving from tc (jsc#PED-1549).
+- net/sched: flow_dissector: Fix matching on zone id for invalid
+ conns (jsc#PED-1549).
+- mlxsw: spectrum_router: Consolidate MAC profiles when possible
+ (jsc#PED-1549).
+- vhost-vdpa: clean irqs before reseting vdpa device
+ (jsc#PED-1549).
+- vdpa/mlx5: Forward only packets with allowed MAC address
+ (jsc#PED-1549).
+- vdpa/mlx5: Support configuration of MAC (jsc#PED-1549).
+- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit
+ (jsc#PED-1549).
+- vdpa: Enable user to set mac and mtu of vdpa device
+ (jsc#PED-1549).
+- vdpa: Use kernel coding style for structure comments
+ (jsc#PED-1549).
+- vdpa: Introduce query of device config layout (jsc#PED-1549).
+- vdpa: Introduce and use vdpa device get, set config helpers
+ (jsc#PED-1549).
+- vdpa/mlx5: Propagate link status from device to vdpa driver
+ (jsc#PED-1549).
+- vdpa/mlx5: Rename control VQ workqueue to vdpa wq
+ (jsc#PED-1549).
+- vdpa/mlx5: Remove mtu field from vdpa net device (jsc#PED-1549).
+- vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE
+ (jsc#PED-1549).
+- vdpa: min vq num of vdpa device cannot be greater than max vq
+ num (jsc#PED-1549).
+- vdpa: add new callback get_vq_num_min in vdpa_config_ops
+ (jsc#PED-1549).
+- vp_vdpa: add vq irq offloading support (jsc#PED-1549).
+- vdpa: fix typo (jsc#PED-1549).
+- cls_flower: Fix inability to match GRE/IPIP packets
+ (jsc#PED-1549).
+- netdevsim: fix uninit value in nsim_drv_configure_vfs()
+ (jsc#PED-1549).
+- netdevsim: rename 'driver' entry points (jsc#PED-1549).
+- netdevsim: move max vf config to dev (jsc#PED-1549).
+- netdevsim: move details of vf config to dev (jsc#PED-1549).
+- netdevsim: move vfconfig to nsim_dev (jsc#PED-1549).
+- netdevsim: take rtnl_lock when assigning num_vfs (jsc#PED-1549).
+- virtchnl: Use the BIT() macro for capability/offload flags
+ (jsc#PED-835).
+- virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define
+ (jsc#PED-835).
+- netdevsim: remove max_vfs dentry (jsc#PED-1549).
+- mlxsw: spectrum_router: Expose RIF MAC profiles to devlink
+ resource (jsc#PED-1549).
+- mlxsw: spectrum_router: Add RIF MAC profiles support
+ (jsc#PED-1549).
+- mlxsw: spectrum_router: Propagate extack further (jsc#PED-1549).
+- mlxsw: resources: Add resource identifier for RIF MAC profiles
+ (jsc#PED-1549).
+- mlxsw: reg: Add MAC profile ID field to RITR register
+ (jsc#PED-1549).
+- mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
+ (jsc#PED-1549).
+- net: mscc: ocelot: support egress VLAN rewriting via VCAP ES0
+ (jsc#PED-1549).
+- xsk: Optimize for aligned case (jsc#PED-1549).
+- virtio_net: introduce TX timeout watchdog (jsc#PED-370).
+- mlxsw: Make PMAOS pack function more generic (jsc#PED-1549).
+- mlxsw: reg: Add fields to PMAOS register (jsc#PED-1549).
+- mlxsw: Track per-module port status (jsc#PED-1549).
+- mlxsw: spectrum: Do not return an error in
+ mlxsw_sp_port_module_unmap() (jsc#PED-1549).
+- mlxsw: spectrum: Do not return an error in ndo_stop()
+ (jsc#PED-1549).
+- mlxsw: core_env: Convert 'module_info_lock' to a mutex
+ (jsc#PED-1549).
+- mlxsw: core_env: Defer handling of module temperature warning
+ events (jsc#PED-1549).
+- mlxsw: reg: Remove PMTM register (jsc#PED-1549).
+- mlxsw: spectrum: Move port SWID set before core port init
+ (jsc#PED-1549).
+- mlxsw: spectrum: Move port module mapping before core port init
+ (jsc#PED-1549).
+- mlxsw: spectrum: Bump minimum FW version to xx.2008.3326
+ (jsc#PED-1549).
+- vduse: Fix race condition between resetting and irq injecting
+ (jsc#PED-1549).
+- vduse: Disallow injecting interrupt before DRIVER_OK is set
+ (jsc#PED-1549).
+- vhost_vdpa: unset vq irq before freeing irq (jsc#PED-1549).
+- vdpa: potential uninitialized return in vhost_vdpa_va_map()
+ (jsc#PED-1549).
+- vdpa/mlx5: Avoid executing set_vq_ready() if device is reset
+ (jsc#PED-1549).
+- vdpa/mlx5: Clear ready indication for control VQ (jsc#PED-1549).
+- vduse: Cleanup the old kernel states after reset failure
+ (jsc#PED-1549).
+- vduse: missing error code in vduse_init() (jsc#PED-1549).
+- Documentation: Add documentation for VDUSE (jsc#PED-1549).
+- vduse: Implement an MMU-based software IOTLB (jsc#PED-1549).
+- vdpa: Support transferring virtual addressing during DMA mapping
+ (jsc#PED-1549).
+- vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap()
+ (jsc#PED-1549).
+- vdpa: Add an opaque pointer for vdpa_config_ops.dma_map()
+ (jsc#PED-1549).
+- vhost-iotlb: Add an opaque pointer for vhost IOTLB
+ (jsc#PED-1549).
+- vhost-vdpa: Handle the failure of vdpa_reset() (jsc#PED-1549).
+- vdpa: Add reset callback in vdpa_config_ops (jsc#PED-1549).
+- vdpa: Fix some coding style issues (jsc#PED-1549).
+- file: Export receive_fd() to modules (jsc#PED-1549).
+- vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
+ (jsc#PED-1549).
+- vdpa/mlx5: Add multiqueue support (jsc#PED-1549).
+- vdpa/mlx5: Ensure valid indices are provided (jsc#PED-1549).
+- vdpa/mlx5: Decouple virtqueue callback from struct
+ mlx5_vdpa_virtqueue (jsc#PED-1549).
+- vdpa/mlx5: function prototype modifications in preparation to
+ control VQ (jsc#PED-1549).
+- vdpa/mlx5: Remove redundant header file inclusion
+ (jsc#PED-1549).
+- vDPA/ifcvf: enable multiqueue and control vq (jsc#PED-1549).
+- vDPA/ifcvf: detect and use the onboard number of queues directly
+ (jsc#PED-1549).
+- vDPA/ifcvf: implement management netlink framework for ifcvf
+ (jsc#PED-1549).
+- vDPA/ifcvf: introduce get_dev_type() which returns virtio dev id
+ (jsc#PED-1549).
+- mlxsw: spectrum: Add infrastructure for parsing configuration
+ (jsc#PED-1549).
+- net/sched: store the last executed chain also for clsact egress
+ (jsc#PED-1549).
+- nfp: flower-tc: add flow stats updates for ct (jsc#PED-1549).
+- nfp: flower-ct: add offload calls to the nfp (jsc#PED-1549).
+- nfp: flower-ct: add flow_pay to the offload table
+ (jsc#PED-1549).
+- nfp: flower-ct: add actions into flow_pay for offload
+ (jsc#PED-1549).
+- nfp: flower-ct: compile match sections of flow_payload
+ (jsc#PED-1549).
+- nfp: flower-ct: calculate required key_layers (jsc#PED-1549).
+- nfp: flower: refactor action offload code slightly
+ (jsc#PED-1549).
+- nfp: flower: refactor match functions to take flow_rule as input
+ (jsc#PED-1549).
+- nfp: flower: make the match compilation functions reusable
+ (jsc#PED-1549).
+- netdevsim: Add multi-queue support (jsc#PED-1549).
+- net/sched: Remove unnecessary if statement (jsc#PED-1549).
+- bpf: Add function for XDP meta data length check (jsc#PED-373).
+- commit 820516d
+
+- ethernet: sparx5: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: sxgbe: use eth_hw_addr_set() (jsc#PED-1565).
+- commit efcaf78
+
+- ethernet: ibmveth: use ether_addr_to_u64() (jsc#PED-1565).
+- commit 62557e1
+
+- intersil: remove obsolete prism54 wireless driver
+ (jsc#PED-1565).
+- Update config files.
+- supported.conf: removed prism64
+- commit 2e3787e
+
+- staging: rtl8188eu fix fallout of constifying dev_addr
+ (jsc#PED-1565).
+- commit 388ba9a
+
+- sfc: siena: Fix Kconfig dependencies (jsc#PED-1565).
+- Update config files.
+- supported.conf: Addedd sfc-siena
+- commit d576f42
+
+- net: add net device refcount tracker infrastructure
+ (jsc#PED-1565).
+- Update config files.
+- commit 62b348b
+
+- of: net: move of_net under net/ (jsc#PED-1565).
+- Update config files.
+- commit 04e77fb
+
+- net: annotate accesses to dev->gso_max_segs (jsc#PED-1565).
+- Refresh patches.suse/octeontx2-pf-Add-TC-feature-for-VFs.patch.
+- commit 37035f5
+
+- usb: gadget: u_ether: use eth_hw_addr_set() (jsc#PED-1565).
+- Refresh
+ patches.suse/usb-gadget-u_ether-fix-regression-in-setting-fixed-M.patch.
+- commit 219037e
+
+- device property: move mac addr helpers to eth.c (jsc#PED-1565).
+- Refresh
+ patches.suse/device-property-Add-fwnode_irq_get_byname.patch.
+- commit c05663b
+
+- sfc: implement ethtool get/set RX ring size for EF100 reps
+ (jsc#PED-1565).
+- sfc: use a dynamic m-port for representor RX and set it promisc
+ (jsc#PED-1565).
+- sfc: move table locking into filter_table_{probe,remove}
+ methods (jsc#PED-1565).
+- sfc: insert default MAE rules to connect VFs to representors
+ (jsc#PED-1565).
+- sfc: receive packets from EF100 VFs into representors
+ (jsc#PED-1565).
+- sfc: check ef100 RX packets are from the wire (jsc#PED-1565).
+- sfc: determine wire m-port at EF100 PF probe time
+ (jsc#PED-1565).
+- sfc: ef100 representor RX top half (jsc#PED-1565).
+- sfc: ef100 representor RX NAPI poll (jsc#PED-1565).
+- sfc: plumb ef100 representor stats (jsc#PED-1565).
+- sfc/siena: fix repeated words in comments (jsc#PED-1565).
+- sfc/falcon: fix repeated words in comments (jsc#PED-1565).
+- sfc: attach/detach EF100 representors along with their owning PF
+ (jsc#PED-1565).
+- sfc: hook up ef100 representor TX (jsc#PED-1565).
+- sfc: support passing a representor to the EF100 TX path
+ (jsc#PED-1565).
+- sfc: determine representee m-port for EF100 representors
+ (jsc#PED-1565).
+- sfc: phys port/switch identification for ef100 reps
+ (jsc#PED-1565).
+- sfc: add basic ethtool ops to ef100 reps (jsc#PED-1565).
+- sfc: add skeleton ef100 VF representors (jsc#PED-1565).
+- sfc: detect ef100 MAE admin privilege/capability at probe time
+ (jsc#PED-1565).
+- sfc: update EF100 register descriptions (jsc#PED-1565).
+- sfc: update MCDI protocol headers (jsc#PED-1565).
+- sfc: falcon: Use the bitmap API to allocate bitmaps
+ (jsc#PED-1565).
+- sfc/siena: Use the bitmap API to allocate bitmaps
+ (jsc#PED-1565).
+- sfc: Separate netdev probe/remove from PCI probe/remove
+ (jsc#PED-1565).
+- sfc: disable softirqs for ptp TX (jsc#PED-1565).
+- sfc: fix kernel panic when creating VF (jsc#PED-1565).
+- sfc: fix use after free when disabling sriov (jsc#PED-1565).
+- net: make drivers set the TSO limit not the GSO limit
+ (jsc#PED-1565).
+- bpf: Let bpf_warn_invalid_xdp_action() report more info
+ (jsc#PED-1565).
+- bpf: Do not WARN in bpf_warn_invalid_xdp_action()
+ (jsc#PED-1565).
+- net: usb: ax88179_178a: add TSO feature (jsc#PED-1565).
+- bpf, devmap: Exclude XDP broadcast to master device
+ (jsc#PED-1565).
+- bpf: devmap: Implement devmap prog execution for generic XDP
+ (jsc#PED-1565).
+- bpf: cpumap: Implement generic cpumap (jsc#PED-1565).
+- bitops: Add non-atomic bitops for pointers (jsc#PED-1565).
+- net: core: Split out code to run generic XDP prog
+ (jsc#PED-1565).
+- commit 86a0101
+
+- ethernet: netsec: use eth_hw_addr_set() (jsc#PED-1565).
+- commit de114d2
+
+- net: fec_mpc52xx: don't discard const from netdev->dev_addr
+ (jsc#PED-1565).
+- ethernet: fec: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: ocelot: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: enetc: use eth_hw_addr_set() (jsc#PED-1565).
+- commit 7d923f4
+
+- ethernet: via-velocity: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: via-rhine: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: ec_bhf: use eth_hw_addr_set() (jsc#PED-1565).
+- commit fba8780
+
+- RDMA/cxgb4: fix accept failure due to increased
+ cpl_t5_pass_accept_rpl size (jsc#PED-1508).
+- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY
+ event (jsc#PED-1503).
+- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
+ (jsc#PED-1529).
+- RDMA: remove useless condition in siw_create_cq()
+ (jsc#PED-1503).
+- e1000e: convert .adjfreq to .adjfine (jsc#PED-837).
+- e1000e: remove unnecessary range check in e1000e_phc_adjfreq
+ (jsc#PED-837).
+- net/mlx4: Use devl_ API for devlink port register / unregister
+ (jsc#PED-1548).
+- qlogic: qed: fix clang -Wformat warnings (jsc#PED-1526).
+- qed: Use bitmap_empty() (jsc#PED-1526).
+- qed: Use the bitmap API to allocate bitmaps (jsc#PED-1526).
+- cxgb4: Use the bitmap API to allocate bitmaps (jsc#PED-1506).
+- qlogic/qed: fix repeated words in comments (jsc#PED-1526).
+- cxgb4: Fix typo in string (jsc#PED-1506).
+- intel/e1000e:fix repeated words in comments (jsc#PED-837).
+- intel: remove unused macros (jsc#PED-837).
+- sfc: replace function name in string with __func__
+ (jsc#PED-1565).
+- sfc: Unsplit literal string (jsc#PED-1565).
+- sfc: Move EF100 efx_nic_type structs to the end of the file
+ (jsc#PED-1565).
+- sfc: Separate efx_nic memory from net_device memory
+ (jsc#PED-1565).
+- sfc: Encapsulate access to netdev_priv() (jsc#PED-1565).
+- sfc: Change BUG_ON to WARN_ON and recovery code (jsc#PED-1565).
+- sfc: Remove netdev init from efx_init_struct (jsc#PED-1565).
+- sfc: Add a PROBED state for EF100 VDPA use (jsc#PED-1565).
+- sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP
+ (jsc#PED-1565).
+- sfc:falcon: fix repeated words in comments (jsc#PED-1565).
+- sfc: fix repeated words in comments (jsc#PED-1565).
+- sfc: siena: fix repeated words in comments (jsc#PED-1565).
+- cxgb4/cxgb4vf: Fix typo in comments (jsc#PED-1506).
+- cxgb4vf: remove unexpected word "the" (jsc#PED-1506).
+- sfc/siena: Fix typo in comment (jsc#PED-1565).
+- sfc: Fix typo in comment (jsc#PED-1565).
+- tcp: Fix data-races around sysctl knobs related to SYN option
+ (jsc#PED-1506).
+- tcp: Fix data-races around sysctl_tcp_ecn (jsc#PED-1506).
+- RDMA/qedr: Fix reporting QP timeout attribute (jsc#PED-1529).
+- net/mlx4_en: Fix wrong return value on ioctl EEPROM query
+ failure (jsc#PED-1548).
+- qed: replace bitmap_weight with bitmap_empty in qed_roce_stop()
+ (jsc#PED-1526).
+- qed: rework qed_rdma_bmap_free() (jsc#PED-1526).
+- net: mellanox: fix open-coded for_each_set_bit() (jsc#PED-1548).
+- sfc/siena: fix wrong tx channel offset with
+ efx_separate_tx_channels (jsc#PED-1565).
+- sfc/siena: fix considering that all channels have TX queues
+ (jsc#PED-1565).
+- sfc: fix wrong tx channel offset with efx_separate_tx_channels
+ (jsc#PED-1565).
+- sfc: fix considering that all channels have TX queues
+ (jsc#PED-1565).
+- RDMA/mlx4: Avoid flush_scheduled_work() usage (jsc#PED-1547).
+- RDMA/qedr: Remove unnecessary synchronize_irq() before
+ free_irq() (jsc#PED-1529).
+- RDMA/siw: Enable siw on tunnel devices (jsc#PED-1503).
+- qed: fix typos in comments (jsc#PED-1526).
+- net: qed: fix typos in comments (jsc#PED-1526).
+- sfc/siena: Remove duplicate check on segments (jsc#PED-1565).
+- sfc: siena: Have a unique wrapper ifndef for efx channels header
+ (jsc#PED-1565).
+- net: qede: Remove unnecessary synchronize_irq() before
+ free_irq() (jsc#PED-1526).
+- qed: Remove unnecessary synchronize_irq() before free_irq()
+ (jsc#PED-1526).
+- sfc/siena: Reinstate SRIOV init/fini function calls
+ (jsc#PED-1565).
+- sfc/siena: Make PTP and reset support specific for Siena
+ (jsc#PED-1565).
+- sfc/siena: Make MCDI logging support specific for Siena
+ (jsc#PED-1565).
+- siena: Make HWMON support specific for Siena (jsc#PED-1565).
+- siena: Make SRIOV support specific for Siena (jsc#PED-1565).
+- siena: Make MTD support specific for Siena (jsc#PED-1565).
+- sfc: Add a basic Siena module (jsc#PED-1565).
+- sfc/siena: Inline functions in sriov.h to avoid conflicts with
+ sfc (jsc#PED-1565).
+- sfc/siena: Rename functions in nic_common.h to avoid conflicts
+ with sfc (jsc#PED-1565).
+- sfc/siena: Rename functions in mcdi headers to avoid conflicts
+ with sfc (jsc#PED-1565).
+- sfc/siena: Rename peripheral functions to avoid conflicts with
+ sfc (jsc#PED-1565).
+- sfc/siena: Rename RX/TX functions to avoid conflicts with sfc
+ (jsc#PED-1565).
+- sfc/siena: Rename functions in efx headers to avoid conflicts
+ with sfc (jsc#PED-1565).
+- sfc/siena: Remove build references to missing functionality
+ (jsc#PED-1565).
+- sfc: Copy shared files needed for Siena (part 2) (jsc#PED-1565).
+- sfc: Copy shared files needed for Siena (part 1) (jsc#PED-1565).
+- sfc: Move Siena specific files (jsc#PED-1565).
+- net: don't allow user space to lift the device limits
+ (jsc#PED-1565).
+- net: add netif_inherit_tso_max() (jsc#PED-1565).
+- sfc: Copy a subset of mcdi_pcol.h to siena (jsc#PED-1565).
+- sfc: Disable Siena support (jsc#PED-1565).
+- netdev: reshuffle netif_napi_add() APIs to allow dropping weight
+ (jsc#PED-1565).
+- qede: Reduce verbosity of ptp tx timestamp (jsc#PED-1526).
+- sfc: add EF100 VF support via a write to sriov_numvfs
+ (jsc#PED-1565).
+- qed: Remove IP services API (jsc#PED-1526).
+- sfc: Remove global definition of efx_reset_type_names
+ (jsc#PED-1565).
+- sfc: Remove duplicate definition of efx_xmit_done
+ (jsc#PED-1565).
+- sfc: efx_default_channel_type APIs can be static (jsc#PED-1565).
+- sfc: Fix spelling mistake "writting" -> "writing"
+ (jsc#PED-1565).
+- sfc: ef10: Fix assigning negative value to unsigned variable
+ (jsc#PED-1565).
+- sfc: use hardware tx timestamps for more than PTP
+ (jsc#PED-1565).
+- qed: remove an unneed NULL check on list iterator
+ (jsc#PED-1526).
+- sfc: Stop using iommu_present() (jsc#PED-1565).
+- net: chelsio: cxgb4: Avoid potential negative array offset
+ (jsc#PED-1506).
+- sfc: Avoid NULL pointer dereference on systems without numa
+ awareness (jsc#PED-1565).
+- RDMA/mlx4: remove redundant assignment to variable nreq
+ (jsc#PED-1547).
+- RDMA/mlx4: Delete useless module.h include (jsc#PED-1547).
+- qed: remove unnecessary memset in qed_init_fw_funcs
+ (jsc#PED-1526).
+- net/mlx4_en: use kzalloc (jsc#PED-1548).
+- net/mlx4: Delete useless moduleparam include (jsc#PED-1548).
+- e1000e: Print PHY register address when MDI read/write fails
+ (jsc#PED-837).
+- sfc: set affinity hints in local NUMA node only (jsc#PED-1565).
+- sfc: default config to 1 channel/core in local NUMA node only
+ (jsc#PED-1565).
+- qed: prevent a fw assert during device shutdown (jsc#PED-1526).
+- sfc: The size of the RX recycle ring should be more flexible
+ (jsc#PED-1565).
+- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep()
+ for udelay (jsc#PED-1526).
+- e1000e: Remove useless DMA-32 fallback configuration
+ (jsc#PED-837).
+- sfc: extend the locking on mcdi->seqno (jsc#PED-1565).
+- ethernet: broadcom/sb1250-mac: don't write directly to
+ netdev->dev_addr (jsc#PED-1565).
+- amd: declance: use eth_hw_addr_set() (jsc#PED-1565).
+- sysctl: move some boundary constants from sysctl.c to
+ sysctl_vals (jsc#PED-1506).
+- RDMA/siw: make use of the helper function kthread_run_on_cpu()
+ (jsc#PED-1503).
+- kthread: add the helper function kthread_run_on_cpu()
+ (jsc#PED-1503).
+- RDMA/mad: Delete duplicated init_query_mad functions
+ (jsc#PED-1547).
+- iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl
+ (jsc#PED-1508).
+- RDMA/siw: Use max() instead of doing it manually (jsc#PED-1503).
+- RDMA/mlx4: Use bitmap_alloc() when applicable (jsc#PED-1547).
+- RDMA/siw: Use helper function to set sys_image_guid
+ (jsc#PED-1503).
+- RDMA/cxgb4: Use non-atomic bitmap functions when possible
+ (jsc#PED-1508).
+- RDMA/cxgb4: Use bitmap_set() when applicable (jsc#PED-1508).
+- RDMA/cxgb4: Use bitmap_zalloc() when applicable (jsc#PED-1508).
+- RDMA/cxgb4: Use helper function to set GUIDs (jsc#PED-1508).
+- net/mlx4: Use irq_update_affinity_hint() (jsc#PED-1548).
+- cxgb4vf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-1506).
+- cxgb4: Remove useless DMA-32 fallback configuration
+ (jsc#PED-1506).
+- gro: add ability to control gro max packet size (jsc#PED-1565).
+- qed: Use dma_set_mask_and_coherent() and simplify code
+ (jsc#PED-1526).
+- net: Don't include filter.h from net/sock.h (jsc#PED-1548).
+- net: linkwatch: add net device refcount tracker (jsc#PED-1565).
+- lib: add reference counting tracking infrastructure
+ (jsc#PED-1565).
+- qed*: esl priv flag support through ethtool (jsc#PED-1526).
+- qed*: enhance tx timeout debug info (jsc#PED-1526).
+- qed: Enhance rammod debug prints to provide pretty details
+ (jsc#PED-1526).
+- cxgb4: allow reading unrecognized port module eeprom
+ (jsc#PED-1506).
+- qed: Use the bitmap API to simplify some functions
+ (jsc#PED-1526).
+- net: annotate accesses to dev->gso_max_size (jsc#PED-1565).
+- dev_addr: add a modification check (jsc#PED-1565).
+- net: unexport dev_addr_init() & dev_addr_flush() (jsc#PED-1565).
+- net: constify netdev->dev_addr (jsc#PED-1565).
+- cxgb4: Use struct_group() for memcpy() region (jsc#PED-1506).
+- smc9194: use eth_hw_addr_set() (jsc#PED-1565).
+- amd: a2065/ariadne: use eth_hw_addr_set() (jsc#PED-1565).
+- amd: ni65: use eth_hw_addr_set() (jsc#PED-1565).
+- amd: lance: use eth_hw_addr_set() (jsc#PED-1565).
+- ipw2200: constify address in ipw_send_adapter_address
+ (jsc#PED-1565).
+- mlxsw: constify address in mlxsw_sp_port_dev_addr_set
+ (jsc#PED-1565).
+- net: gro: populate net/core/gro.c (jsc#PED-1565).
+- net: gro: move skb_gro_receive into net/core/gro.c
+ (jsc#PED-1565).
+- net: gro: move skb_gro_receive_list to udp_offload.c
+ (jsc#PED-1565).
+- tools: sync uapi/linux/if_link.h header (jsc#PED-1565).
+- r8169: fix incorrect mac address assignment (jsc#PED-1565).
+- staging: use eth_hw_addr_set() in orphan drivers (jsc#PED-1565).
+- staging: rtl: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: unisys: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: rtl8712: prepare for const netdev->dev_addr
+ (jsc#PED-1565).
+- staging: qlge: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: use eth_hw_addr_set() for dev->addr_len cases
+ (jsc#PED-1565).
+- staging: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- staging: use eth_hw_addr_set() (jsc#PED-1565).
+- RDMA/qed: Use helper function to set GUIDs (jsc#PED-1526).
+- net: sgi-xp: use eth_hw_addr_set() (jsc#PED-1565).
+- net: virtio: use eth_hw_addr_set() (jsc#PED-1565).
+- mpt fusion: use dev_addr_set() (jsc#PED-1565).
+- media: use eth_hw_addr_set() (jsc#PED-1565).
+- net: thunderbolt: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: use of_get_ethdev_address() (jsc#PED-1565).
+- net/mlx5e: don't write directly to netdev->dev_addr
+ (jsc#PED-1565).
+- bluetooth: use dev_addr_set() (jsc#PED-1565).
+- bluetooth: use eth_hw_addr_set() (jsc#PED-1565).
+- fddi: defza: add missing pointer type cast (jsc#PED-1565).
+- usbb: catc: use correct API for MAC addresses (jsc#PED-1565).
+- net: atm: use address setting helpers (jsc#PED-1565).
+- net: drivers: get ready for const netdev->dev_addr
+ (jsc#PED-1565).
+- net: caif: get ready for const netdev->dev_addr (jsc#PED-1565).
+- net: hsr: get ready for const netdev->dev_addr (jsc#PED-1565).
+- net: bonding: constify and use dev_addr_set() (jsc#PED-1565).
+- net: rtnetlink: use __dev_addr_set() (jsc#PED-1565).
+- net: core: constify mac addrs in selftests (jsc#PED-1565).
+- zd1201: use eth_hw_addr_set() (jsc#PED-1565).
+- wl3501_cs: use eth_hw_addr_set() (jsc#PED-1565).
+- ray_cs: use eth_hw_addr_set() (jsc#PED-1565).
+- wilc1000: use eth_hw_addr_set() (jsc#PED-1565).
+- hostap: use eth_hw_addr_set() (jsc#PED-1565).
+- ipw2200: prepare for const netdev->dev_addr (jsc#PED-1565).
+- airo: use eth_hw_addr_set() (jsc#PED-1565).
+- brcmfmac: prepare for const netdev->dev_addr (jsc#PED-1565).
+- atmel: use eth_hw_addr_set() (jsc#PED-1565).
+- wil6210: use eth_hw_addr_set() (jsc#PED-1565).
+- ath6kl: use eth_hw_addr_set() (jsc#PED-1565).
+- wireless: use eth_hw_addr_set() for dev->addr_len cases
+ (jsc#PED-1565).
+- wireless: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- wireless: use eth_hw_addr_set() (jsc#PED-1565).
+- cfg80211: prepare for const netdev->dev_addr (jsc#PED-1565).
+- mac80211: use eth_hw_addr_set() (jsc#PED-1565).
+- wireless: mac80211_hwsim: use eth_hw_addr_set() (jsc#PED-1565).
+- net: sb1000,rionet: use eth_hw_addr_set() (jsc#PED-1565).
+- net: plip: use eth_hw_addr_set() (jsc#PED-1565).
+- net: fjes: constify and use eth_hw_addr_set() (jsc#PED-1565).
+- fddi: skfp: constify and use dev_addr_set() (jsc#PED-1565).
+- fddi: defxx,defza: use dev_addr_set() (jsc#PED-1565).
+- net: usb: don't write directly to netdev->dev_addr
+ (jsc#PED-1565).
+- net: qmi_wwan: use dev_addr_mod() (jsc#PED-1565).
+- usb: smsc: use eth_hw_addr_set() (jsc#PED-1565).
+- net: xen: use eth_hw_addr_set() (jsc#PED-1565).
+- batman-adv: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- mac802154: use dev_addr_set() - manual (jsc#PED-1565).
+- mac802154: use dev_addr_set() (jsc#PED-1565).
+- batman-adv: prepare for const netdev->dev_addr (jsc#PED-1565).
+- ethernet: tlan: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: tehuti: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: stmmac: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: mlxsw: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: prestera: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: add a helper for assigning port addresses
+ (jsc#PED-1565).
+- ethernet: smsc: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: smc91x: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: sis190: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: rocker: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: r8169: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: netxen: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: sky2/skge: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: mv643xx: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: use eth_hw_addr_set() in unmaintained drivers
+ (jsc#PED-1565).
+- ethernet: ixgb: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: enic: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: bcmgenet: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: aquantia: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: amd: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: alteon: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: adaptec: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: remove random_ether_addr() (jsc#PED-1565).
+- ethernet: replace netdev->dev_addr 16bit writes (jsc#PED-1565).
+- ethernet: replace netdev->dev_addr assignment loops
+ (jsc#PED-1565).
+- ethernet: manually convert memcpy(dev_addr,..., sizeof(addr))
+ (jsc#PED-1565).
+- ethernet: make use of eth_hw_addr_random() where appropriate
+ (jsc#PED-1565).
+- ethernet: make eth_hw_addr_random() use dev_addr_set()
+ (jsc#PED-1565).
+- net: remove single-byte netdev->dev_addr writes (jsc#PED-1565).
+- ip: use dev_addr_set() in tunnels (jsc#PED-1565).
+- hamradio: use dev_addr_set() for setting device address
+ (jsc#PED-1565).
+- netdevice: demote the type of some dev_addr_set() helpers
+ (jsc#PED-1565).
+- ipv6: constify dev_addr passing (jsc#PED-1565).
+- llc/snap: constify dev_addr passing (jsc#PED-1565).
+- ethernet: tulip: avoid duplicate variable name on sparc
+ (jsc#PED-1565).
+- tulip: fix setting device address from rom (jsc#PED-1565).
+- ethernet: sun: add missing semicolon, fix build (jsc#PED-1565).
+- net: use dev_addr_set() (jsc#PED-1565).
+- ethernet: sun: remove direct netdev->dev_addr writes
+ (jsc#PED-1565).
+- ethernet: tulip: remove direct netdev->dev_addr writes
+ (jsc#PED-1565).
+- ethernet: forcedeth: remove direct netdev->dev_addr writes
+ (jsc#PED-1565).
+- ethernet: use platform_get_ethdev_address() (jsc#PED-1565).
+- eth: platform: add a helper for loading netdev->dev_addr
+ (jsc#PED-1565).
+- ethernet: use device_get_ethdev_address() (jsc#PED-1565).
+- eth: fwnode: add a helper for loading netdev->dev_addr
+ (jsc#PED-1565).
+- eth: fwnode: remove the addr len from mac helpers
+ (jsc#PED-1565).
+- eth: fwnode: change the return type of mac address helpers
+ (jsc#PED-1565).
+- ethernet: use of_get_ethdev_address() (jsc#PED-1565).
+- of: net: add a helper for loading netdev->dev_addr
+ (jsc#PED-1565).
+- net: usb: use eth_hw_addr_set() for dev->addr_len cases
+ (jsc#PED-1565).
+- ethernet: use eth_hw_addr_set() - casts (jsc#PED-1565).
+- fddi: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: s2io: use eth_hw_addr_set() (jsc#PED-1565).
+- net: usb: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- net: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- net: usb: use eth_hw_addr_set() (jsc#PED-1565).
+- net:dev: Change napi_gro_complete return type to void
+ (jsc#PED-1565).
+- string.h: Introduce memset_startat() for wiping trailing
+ members and padding (jsc#PED-1508).
+- string.h: Introduce memset_after() for wiping trailing
+ members/padding (jsc#PED-1508).
+- lib: Introduce CONFIG_MEMCPY_KUNIT_TEST (jsc#PED-1508).
+- skb_expand_head() adjust skb->truesize incorrectly
+ (jsc#PED-1565).
+- etherdevice: use __dev_addr_set() (jsc#PED-1565).
+- net: dev_addr_list: handle first address in __hw_addr_add_ex
+ (jsc#PED-1565).
+- cxgb4: Use pci_vpd_find_id_string() to find VPD ID string
+ (jsc#PED-1506).
+- PCI/VPD: Add pci_vpd_find_id_string() (jsc#PED-1506).
+- PCI/VPD: Include post-processing in pci_vpd_find_tag()
+ (jsc#PED-1506).
+- PCI/VPD: Stop exporting pci_vpd_find_info_keyword()
+ (jsc#PED-1506).
+- PCI/VPD: Stop exporting pci_vpd_find_tag() (jsc#PED-1506).
+- scsi: cxlflash: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1506).
+- sfc: falcon: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1565).
+- sfc: falcon: Read VPD with pci_vpd_alloc() (jsc#PED-1565).
+- sfc: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1565).
+- sfc: Read VPD with pci_vpd_alloc() (jsc#PED-1565).
+- net-next: When a bond have a massive amount of VLANs with
+ IPv6 addresses, performance of changing link state, attaching
+ a VRF, changing an IPv6 address, etc. go down dramtically
+ (jsc#PED-1565).
+- net: fix GRO skb truesize update (jsc#PED-1565).
+- net: add netif_set_real_num_queues() for device reconfig
+ (jsc#PED-1565).
+- net: add extack arg for link ops (jsc#PED-1565).
+- move netdev_boot_setup into Space.c (jsc#PED-1565).
+- drivers/net/usb: Remove all strcpy() uses (jsc#PED-1565).
+- skbuff: introduce skb_expand_head() (jsc#PED-1565).
+- sk_buff: avoid potentially clearing 'slow_gro' field
+ (jsc#PED-1565).
+- skbuff: allow 'slow_gro' for skb carring sock reference
+ (jsc#PED-1565).
+- net: optimize GRO for the common case (jsc#PED-1565).
+- sk_buff: track extension status in slow_gro (jsc#PED-1565).
+- sk_buff: track dst status in slow_gro (jsc#PED-1565).
+- sk_buff: introduce 'slow_gro' flags (jsc#PED-1565).
+- commit 407836b
+
+- ACPI: scan: Introduce acpi_fetch_acpi_dev() (jsc#PED-531).
+- commit b412683
+
+- usb: xhci-mtk: Use struct_size() helper in create_sch_ep()
+ (jsc#PED-531).
+- commit 9da5b62
+
+- usb: host: xhci-plat: Remove useless DMA-32 fallback
+ configuration (jsc#PED-531).
+- commit ece14b2
+
+- PM: sleep: Add device name to suspend_report_result()
+ (jsc#PED-531).
+- commit 7dc852b
+
+- USB: core: Update kerneldoc for usb_get_dev() and usb_get_intf()
+ (jsc#PED-531).
+- commit fb5f494
+
+- usb: remove Link Powermanagement (LPM) disable before port reset
+ (jsc#PED-531).
+- commit 4ce8161
+
+- USB: usbfs: Use a spinlock instead of atomic accesses to tally
+ used memory (jsc#PED-531).
+- commit a94fca8
+
+- USB: ACPI: Replace acpi_bus_get_device() (jsc#PED-531).
+- commit 37182c2
+
+- usb: core: Bail out when port is stuck in reset loop
+ (jsc#PED-531).
+- commit 656550a
+
+- usb: common: usb-conn-gpio: Make VBUS supply completely optional
+ (jsc#PED-531).
+- commit fa1ce11
+
+- usb: ulpi: Add debugfs support (jsc#PED-531).
+- commit d397b49
+
+- component: Add common helper for compare/release functions
+ (jsc#PED-531).
+- commit 2986bd9
+
+- acpi: Export acpi_bus_type (jsc#PED-531).
+- commit 7c22384
+
+- component: Replace most references to 'master' with 'aggregate
+ device' (jsc#PED-531).
+- commit 9131eb9
+
+- drivers/base/component.c: remove superfluous header files from
+ component.c (jsc#PED-531).
+- commit ab1424f
+
+- blacklist.conf: remove kABI entries for SP5
+ SP5 may break the kABI. Hence the patches that did not go
+ into SP4 for kABI reasons should go into SP5, unless other reasons
+ for blocking them exist. Removing the entries to trigger
+ a reevaluation
+- commit 8607b86
+
+- acpi: Store CRC-32 hash of the _PLD in struct acpi_device
+ (jsc#PED-531).
+- commit 817d17e
+
+- usb: typec: port-mapper: Convert to the component framework
+ (jsc#PED-531).
+- Refresh patches.suse/typeC-Add-kABI-placeholders.patch.
+- commit ee7ecd6
+
+- usb: typec: ucsi: Expose number of alternate modes in partner
+ (jsc#PED-531).
+- commit 2bab2dd
+
+- usb: typec: tipd: Fix initialization sequence for cd321x
+ (jsc#PED-531).
+- commit c7460c1
+
+- usb: typec: tipd: Fix typo in cd321x_switch_power_state
+ (jsc#PED-531).
+- commit 11f03ee
+
+- usb: typec: tipd: Enable event interrupts by default
+ (jsc#PED-531).
+- commit cba4c03
+
+- usb: typec: tipd: Remove FIXME about testing with I2C_FUNC_I2C
+ (jsc#PED-531).
+- commit a81811f
+
+- usb: typec: tipd: Switch CD321X power state to S0 (jsc#PED-531).
+- commit 2cbb386
+
+- usb: typec: tipd: Add support for Apple CD321X (jsc#PED-531).
+- commit 31d2bf2
+
+- usb: typec: tipd: Add short-circuit for no irqs (jsc#PED-531).
+- commit e9cc528
+
+- usb: typec: tipd: Split interrupt handler (jsc#PED-531).
+- commit 5143aea
+
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+ Added missing chenge from merge commit (bsc#1203479)
+- commit 2a4b363
+
+- powerpc/doc: Fix htmldocs errors (git-fixes).
+- commit c32a50b
+
+- efi: do not automatically generate secret key (jsc#PED-1444).
+- commit 4a26ca3
+
+- dmaengine: idxd: fix retry value to be constant for duration
+ of function call (git-fixes).
+- dmaengine: idxd: match type for retries var in idxd_enqcmds()
+ (git-fixes).
+- commit ad373ba
+
+- dmaengine: idxd: change MSIX allocation based on per wq
+ activation (jsc#PED-664).
+- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
+- dmaengine: idxd: embed irq_entry in idxd_wq struct
+ (jsc#PED-664).
+- commit d9570b4
+
+- Update patch referece for IDXD fix (jsc#PED-729)
+- commit 0666616
+
+- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
+- commit b9e7fd2
+
+- dmaengine: idxd: update IAA definitions for user header
+ (jsc#PED-763).
+- commit 966fd07
+
+- dmaengine: idxd: handle interrupt handle revoked event
+ (jsc#PED-682).
+- Refresh
+ patches.suse/dmaengine-idxd-set-defaults-for-wq-configs.patch.
+- commit b8b62ed
+
+- dmaengine: idxd: handle invalid interrupt handle descriptors
+ (jsc#PED-682).
+- commit 4d43b5f
+
+- dmaengine: idxd: create locked version of idxd_quiesce() call
+ (jsc#PED-682).
+- commit 84c33cd
+
+- dmaengine: idxd: add helper for per interrupt handle drain
+ (jsc#PED-682).
+- commit 7f570d2
+
+- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
+- commit c11ff86
+
+- dmaengine: idxd: int handle management refactoring
+ (jsc#PED-682).
+- commit a2ea081
+
+- dmaengine: idxd: rework descriptor free path on failure
+ (jsc#PED-682).
+- commit 10afe67
+
+- dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
+- Refresh
+ patches.suse/dmaengine-idxd-fix-wq-settings-post-wq-disable.patch.
+- commit d90c3a3
+
+- PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
+- PCI: Correct misspelled words (git-fixes).
+- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
+- commit 2fdd511
+
+- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
+ (jsc#PED-387).
+- commit 7d30fcd
+
+- net: dsa: mt7530: 1G can also support 1000BASE-X link mode
+ (git-fixes).
+- commit cdb75aa
+
+- igb: skip phy status check where unavailable (git-fixes).
+- commit a3b27da
+
+- ice: fix possible under reporting of ethtool Tx and Rx
+ statistics (git-fixes).
+- commit c2f52c2
+
+- ice: fix crash when writing timestamp on RX rings (git-fixes).
+- commit fb0a1aa
+
+- net/mlx5: Drain fw_reset when removing device (git-fixes).
+- commit 97a86a6
+
+- net/mlx5e: Remove HW-GRO from reported features (git-fixes).
+- commit 4a77968
+
+- net/mlx5e: Properly block HW GRO when XDP is enabled
+ (git-fixes).
+- commit f953f8f
+
+- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
+- commit 6b1fa7c
+
+- net/mlx5e: Block rx-gro-hw feature in switchdev mode
+ (git-fixes).
+- commit a1cfc32
+
+- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
+- commit 52c2fa5
+
+- net: systemport: Fix an error handling path in
+ bcm_sysport_probe() (git-fixes).
+- commit b45f6dc
+
+- net: macb: Increment rx bd head after allocating skb and buffer
+ (git-fixes).
+- commit 41b13b2
+
+- net: ipa: get rid of a duplicate initialization (git-fixes).
+- commit a69d7cd
+
+- net: ipa: record proper RX transaction count (git-fixes).
+- commit 0de4988
+
+- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down()
+ (git-fixes).
+- commit cf3c3f2
+
+- net: ethernet: mediatek: ppe: fix wrong size passed to memset()
+ (git-fixes).
+- commit f134be1
+
+- ice: Fix race during aux device (un)plugging (git-fixes).
+- commit 4278261
+
+- net: mscc: ocelot: avoid corrupting hardware counters when
+ moving VCAP filters (git-fixes).
+- commit ca8eb08
+
+- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
+ (git-fixes).
+- commit d224ca3
+
+- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
+ (git-fixes).
+- commit 95340f0
+
+- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in
+ hardware when deleted (git-fixes).
+- commit bda7960
+
+- net: emaclite: Add error handling for of_address_to_resource()
+ (git-fixes).
+- commit a361614
+
+- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
+ (git-fixes).
+- commit 014fc77
+
+- net: stmmac: dwmac-sun8i: add missing of_node_put() in
+ sun8i_dwmac_register_mdio_mux() (git-fixes).
+- commit 72dc370
+
+- net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
+ (git-fixes).
+- commit 1fa6443
+
+- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
+ (git-fixes).
+- commit f4b10fd
+
+- net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
+ (git-fixes).
+- commit 6d689b8
+
+- net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
+ (git-fixes).
+- commit cda6d8f
+
+- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for
+ port_base_addr (git-fixes).
+- commit fc0f29e
+
+- net: bcmgenet: hide status block before TX timestamping
+ (git-fixes).
+- commit 7471b10
+
+- net: stmmac: Use readl_poll_timeout_atomic() in atomic state
+ (git-fixes).
+- commit 77bb15d
+
+- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
+- commit 9360c59
+
+- net: bcmgenet: Revert "Use stronger register read/writes to
+ assure ordering" (git-fixes).
+- commit 2e1c776
+
+- net: ftgmac100: access hardware register after clock ready
+ (git-fixes).
+- commit 6f339f4
+
+- s390/boot: fix absolute zero lowcore corruption on boot
+ (git-fixes).
+- commit 673e9bc
+
+- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
+- commit 04343f5
+
+- Update patches.suse/SUNRPC-Prevent-immediate-close-reconnect.patch
+ (git-fixes, bsc#1203338).
+- commit 1a26f26
+
+- net: ethernet: stmmac: fix altr_tse_pcs function when using
+ a fixed-link (git-fixes).
+- commit 6e948de
+
+- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
+- commit 6052c6d
+
+- mlxsw: i2c: Fix initialization error flow (git-fixes).
+- commit b1671b5
+
+- net: ethernet: mv643xx: Fix over zealous checking
+ of_get_mac_address() (git-fixes).
+- commit d6232d0
+
+- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
+ (git-fixes).
+- commit 5811714
+
+- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
+- commit 20972b2
+
+- net: stmmac: Fix unset max_speed difference between DT and
+ non-DT platforms (git-fixes).
+- commit 21d6298
+
+- vrf: fix packet sniffing for traffic originating from ip tunnels
+ (git-fixes).
+- commit 656f34a
+
+- net: hns3: fix the concurrency between functions reading debugfs
+ (git-fixes).
+- commit b62a96b
+
+- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
+- commit 91c7940
+
+- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list
+ iterator (git-fixes).
+- commit 587d5e0
+
+- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
+- commit e5cbf9e
+
+- blacklist.conf: update blacklist
+- commit b64ff66
+
+- usb: typec: ucsi: Better fix for missing unplug events issue
+ (jsc#PED-531).
+- commit 23c30d4
+
+- usb: typec: ucsi: Read the PDOs in separate work (jsc#PED-531).
+- commit 120360c
+
+- usb: typec: ucsi: Check the partner alt modes always if there
+ is PD contract (jsc#PED-531).
+- commit 109aef2
+
+- usb: typec: ucsi: acpi: Reduce the command completion timeout
+ (jsc#PED-531).
+- commit 6c0912c
+
+- usb: typec: ucsi: Add polling mechanism for partner tasks like
+ alt mode checking (jsc#PED-531).
+- commit 9e46ec7
+
+- usb: typec: tcpci: Fix spelling mistake "resolbed" -> "resolved"
+ (jsc#PED-531).
+- commit fbac539
+
+- usb: typec: tipd: Add an additional overflow check (git-fixes).
+- commit b1f97fa
+
+- usb: typec: tipd: Don't read/write more bytes than required
+ (git-fixes).
+- commit e669366
+
+- Update patch references for ALSA fixes (jsc#PED-652 jsc#PED-720)
+- commit 3c5b516
+
+- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
+- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
+- commit 012fcdf
+
+- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs
+ (jsc#PED-720).
+- commit ae48fdf
+
+- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
+- commit c23d1e1
+
+- ALSA: control: Use deferred fasync helper (git-fixes).
+- ALSA: timer: Use deferred fasync helper (git-fixes).
+- ALSA: core: Add async signal helpers (git-fixes).
+- ALSA: jack: Access input_dev under mutex (git-fixes).
+- commit d1a09af
+
+- Enable the build of nvidia-wmi-ec-backlight module (jsc#PED-1164)
+- commit f9ebde3
+
+- platform/x86: Rename wmaa-backlight-wmi to
+ nvidia-wmi-ec-backlight (jsc#PED-1164).
+- platform/x86: Remove "WMAA" from identifier names in
+ wmaa-backlight-wmi.c (jsc#PED-1164).
+- platform/x86: Add driver for ACPI WMAA EC-based backlight
+ control (jsc#PED-1164).
+- commit 1975b25
+
+- blacklist.conf: Drop kABI-related ALSA entries from SP4
+- commit cb39f3b
+
+- usb: Link the ports to the connectors they are attached to
+ (jsc#PED-531).
+- commit fe04d18
+
+- usb: core: Export usb_device_match_id (jsc#PED-531).
+- commit aa72be2
+
+- usb: hub: make wait_for_connected() take an int instead of a
+ pointer to int (jsc#PED-531).
+- commit d7280d6
+
+- usb: chipidea: tegra: Add runtime PM and OPP support
+ (jsc#PED-531).
+- commit 3f3ba93
+
+- soc/tegra: Add devm_tegra_core_dev_init_opp_table_common()
+ (jsc#PED-531).
+- commit 7ad426c
+
+- Update DRM UDL patches from upstreamed patches (bsc#1195917)
+ Dropped:
+ patches.suse/0001-drm-udl-Restore-display-mode-on-resume.patch
+- commit eab8d35
+
+- ice: Allow operation with reduced device MSI-X (bsc#1201987).
+- commit adb8f10
+
+- powerpc/pseries/vas: Use QoS credits from the userspace
+ (jsc#PED-542).
+- powerpc/pseries/vas: Add VAS migration handler (jsc#PED-542).
+- Refresh patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch
+- Refresh patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch
+- powerpc/pseries/vas: Modify reconfig open/close functions for
+ migration (jsc#PED-542).
+- powerpc/pseries/vas: Define global hv_cop_caps struct
+ (jsc#PED-542).
+- powerpc/pseries/vas: Add 'update_total_credits' entry for QoS
+ capabilities (jsc#PED-542).
+- powerpc/pseries/vas: sysfs interface to export capabilities
+ (jsc#PED-542).
+- powerpc/pseries/vas: Reopen windows with DLPAR core add
+ (jsc#PED-542).
+- powerpc/pseries/vas: Close windows with DLPAR core removal
+ (jsc#PED-542).
+- powerpc/vas: Map paste address only if window is active
+ (jsc#PED-542).
+- powerpc/vas: Return paste instruction failure if no active
+ window (jsc#PED-542).
+- powerpc/vas: Add paste address mmap fault handler (jsc#PED-542).
+- powerpc/pseries/vas: Save PID in pseries_vas_window struct
+ (jsc#PED-542).
+- powerpc/pseries/vas: Use common names in VAS capability
+ structure (jsc#PED-542).
+- commit b24c3ed
+
+- watchdog/pseries-wdt: initial support for H_WATCHDOG-based
+ watchdog timers (jsc#PED-549).
+- Update config files.
+- supported.conf: Add pseries-wdt
+- powerpc/pseries: register pseries-wdt device with platform bus
+ (jsc#PED-549).
+- powerpc/pseries: add FW_FEATURE_WATCHDOG flag (jsc#PED-549).
+- powerpc/pseries: hvcall.h: add H_WATCHDOG opcode, H_NOOP return
+ code (jsc#PED-549).
+- powerpc/pseries: Fix numa FORM2 parsing fallback code
+ (jsc#PED-551).
+- powerpc/pseries: rename numa_dist_table to form2_distances
+ (jsc#PED-551).
+- powerpc/pseries: Add support for FORM2 associativity
+ (jsc#PED-551).
+- Refresh patches.suse/powerpc-pseries-Interface-to-represent-PAPR-firmware.patch
+- powerpc/pseries: Add a helper for form1 cpu distance
+ (jsc#PED-551).
+- powerpc/pseries: Consolidate different NUMA distance update
+ code paths (jsc#PED-551).
+- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
+- commit 1708bfe
+
+- usb: hub: avoid warm port reset during USB3 disconnect
+ (git-fixes).
+- commit 8af7b8e
+
+- usb: core: hcd: change sizeof(vaddr) to sizeof(unsigned long)
+ (jsc#PED-531).
+- commit 1523b0b
+
+- scsi: ipr: Fix missing/incorrect resource cleanup in error case
+ (jsc#PED-548).
+- scsi: ipr: Use kobj_to_dev() (jsc#PED-548).
+- scsi: ipr: Directly return instead of using local ret variable
+ (jsc#PED-548).
+- commit 1d92f11
+
+- usb: core: Fix file path that does not exist (jsc#PED-531).
+- commit f9f0a5e
+
+- USB: common: debug: add needed kernel.h include (jsc#PED-531).
+- commit 944eff7
+
+- xhci: use max() to make code cleaner (jsc#PED-531).
+- commit a9fbbb5
+
+- usb: xhci-mtk: fix random remote wakeup (jsc#PED-531).
+- commit 6629649
+
+- usb: xhci-mtk: remove unnecessary error check (jsc#PED-531).
+- commit b17a19c
+
+- usb: xhci-mtk: fix list_del warning when enable list debug
+ (jsc#PED-531).
+- commit 90a533c
+
+- usb: xhci-mtk: enable wake-up interrupt after runtime_suspend
+ called (jsc#PED-531).
+- commit 293016f
+
+- PM / wakeirq: support enabling wake-up irq after runtime_suspend
+ called (jsc#PED-531).
+- commit c727a40
+
+- usb: xhci: Use to_pci_driver() instead of pci_dev->driver
+ (jsc#PED-531).
+- commit 541116e
+
+- usb: core: config: Change sizeof(struct ...) to
+ sizeof(*...) (jsc#PED-531).
+- commit 249a144
+
+- usb: core: hcd: fix messages in usb_hcd_request_irqs()
+ (jsc#PED-531).
+- commit 6d29347
+
+- usb: core: hcd: Modularize HCD stop configuration in
+ usb_stop_hcd() (jsc#PED-531).
+- commit dfccab2
+
+- usb: xhci-mtk: use xhci_dbg() to print log (jsc#PED-531).
+- commit e7dd0f8
+
+- usb: xhci-mtk: allow bandwidth table rollover (jsc#PED-531).
+- commit 11e08d1
+
+- usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint
+ (jsc#PED-531).
+- commit 8d6c90e
+
+- usb: xhci-mtk: modify the SOF/ITP interval for mt8195
+ (jsc#PED-531).
+- commit da8bc69
+
+- usb: xhci-mtk: add a member of num_esit (jsc#PED-531).
+- commit 4745d08
+
+- usb: xhci-mtk: check boundary before check tt (jsc#PED-531).
+- commit 5bf9b17
+
+- usb: xhci-mtk: update fs bus bandwidth by bw_budget_table
+ (jsc#PED-531).
+- commit 2035273
+
+- usb: xhci-mtk: support option to disable usb2 ports
+ (jsc#PED-531).
+- commit 21ff31f
+
+- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
+- commit 49a8536
+
+- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
+- commit 8e1f358
+
+- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)
+ Enable this errata fix configuration option to arm64/default.
+- commit c8ec028
+
+- Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes)
+- commit 3916261
+
+- arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes)
+- commit 0ad904d
+
+- tty: drop put_tty_driver (jsc#PED-531).
+- Refresh
+ patches.suse/ipack-ipoctal-fix-stack-information-leak.patch.
+- commit 512f7d8
+
+- tracing: hold caller_addr to hardirq_{enable,disable}_ip
+ (git-fixes).
+- commit ec23c84
+
+- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
+ when ftrace is dead (git-fixes).
+- commit 4b6dc41
+
+- usb: renesas-xhci: Remove renesas_xhci_pci_exit() (jsc#PED-531).
+- commit 5a90fd4
+
+- btrfs: fix space cache corruption and potential double
+ allocations (bsc#1203361).
+- commit 0479f45
+
+- btrfs: fix relocation crash due to premature return from
+ btrfs_commit_transaction() (bsc#1203360).
+- commit 5ceb88f
+
+- usb: xhci-renesas: Minor coding style cleanup (jsc#PED-531).
+- commit 229132e
+
+- KVM: x86: do not report a vCPU as preempted outside instruction
+ boundaries (bsc#1203066 CVE-2022-39189).
+- commit c89b7e4
+
+- blacklist.conf: add 3 commits for git-fixes not needed
+- commit 6f1ca85
+
+- netfilter: nf_tables: do not allow RULE_ID to refer to another
+ chain (CVE-2022-2586 bsc#1202095).
+- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
+ table (CVE-2022-2586 bsc#1202095).
+- netfilter: nf_tables: do not allow SET_ID to refer to another
+ table (CVE-2022-2586 bsc#1202095).
+- commit 42bb8dc
+
+- Update
+ patches.suse/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch
+ references (add CVE-2020-16119 bsc#1177471).
+- commit 7d3c30f
+
+- Update message from free_area_init (bsc#1203101)
+ Refreshed:
+ patches.suse/0002-mm-handle-uninitialized-numa-nodes-gracefully.patch
+- commit 58d8d59
+
+- blacklist.conf: unwanted s390 commits
+- commit 7773032
+
+- watchdog: wdat_wdt: Set the min and max timeout values properly
+ (bsc#1194023).
+- commit d609cb4
+
+- kbuild: disable header exports for UML in a straightforward way
+ (git-fixes).
+- docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
+- commit 96f4a7a
+
+- hwmon: (mr75203) enable polling for all VM channels (git-fixes).
+- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
+- hwmon: (mr75203) fix voltage equation for negative source input
+ (git-fixes).
+- hwmon: (mr75203) update pvt->v_num and vm_num to the actual
+ number of used sensors (git-fixes).
+- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map"
+ not defined (git-fixes).
+- dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to
+ be optional (git-fixes).
+- hwmon: (tps23861) fix byte order in resistance register
+ (git-fixes).
+- commit 4be15df
+
+- ALSA: emu10k1: Fix out of bounds access in
+ snd_emu10k1_pcm_channel_alloc() (git-fixes).
+- ALSA: usb-audio: Fix an out-of-bounds bug in
+ __snd_usb_parse_audio_interface() (git-fixes).
+- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
+- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
+- ALSA: aloop: Fix random zeros in capture data when using
+ jiffies timer (git-fixes).
+- commit e787e77
+
+- ASoC: qcom: sm8250: add missing module owner (git-fixes).
+- ALSA: hda/sigmatel: Fix unused variable warning for beep power
+ change (git-fixes).
+- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
+ (git-fixes).
+- ALSA: usb-audio: Register card again for iface over
+ delayed_register option (git-fixes).
+- ALSA: usb-audio: Inform the delayed registration more properly
+ (git-fixes).
+- commit fdc009b
+
+- Move upstreamed patches into sorted section
+- commit 9769cb9
+
+- bnxt_en: add dynamic debug support for HWRM messages
+ (jsc#PED-1495).
+- Refresh
+ patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch.
+- commit 9044955
+
+- RDMA: Constify netdev->dev_addr accesses (jsc#PED-1494).
+- Refresh
+ patches.suse/RDMA-bnxt_re-Use-helper-function-to-set-GUIDs.patch.
+- commit d62d7be
+
+- bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback
+ (jsc#PED-1495).
+- bnxt_en: fix NQ resource accounting during vf creation on
+ 57500 chips (jsc#PED-1495).
+- bnxt_en: set missing reload flag in devlink features
+ (jsc#PED-1495).
+- bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP
+ is not in use (jsc#PED-1495).
+- bnxt: Use the bitmap API to allocate bitmaps (jsc#PED-1495).
+- bnxt: Fix typo in comments (jsc#PED-1495).
+- bnxt_en: Fix bnxt_refclk_read() (jsc#PED-1495).
+- bnxt_en: Fix and simplify XDP transmit path (jsc#PED-1495).
+- bnxt_en: fix livepatch query (jsc#PED-1495).
+- bnxt_en: Fix bnxt_reinit_after_abort() code path (jsc#PED-1495).
+- bnxt_en: reclaim max resources if sriov enable fails
+ (jsc#PED-1495).
+- eth: bnxt: make ulp_id unsigned to make GCC 12 happy
+ (jsc#PED-1495).
+- bnxt_en: parse and report result field when NVRAM package
+ install fails (jsc#PED-1495).
+- bnxt_en: Enable packet timestamping for all RX packets
+ (jsc#PED-1495).
+- bnxt_en: Configure ptp filters during bnxt open (jsc#PED-1495).
+- bnxt_en: Update firmware interface to 1.10.2.95 (jsc#PED-1495).
+- bnxt: XDP multibuffer enablement (jsc#PED-1495).
+- bnxt: support transmit and free of aggregation buffers
+ (jsc#PED-1495).
+- bnxt: adding bnxt_xdp_build_skb to build skb from multibuffer
+ xdp_buff (jsc#PED-1495).
+- bnxt: add page_pool support for aggregation ring when using xdp
+ (jsc#PED-1495).
+- bnxt: change receive ring space parameters (jsc#PED-1495).
+- bnxt: set xdp_buff pfmemalloc flag if needed (jsc#PED-1495).
+- bnxt: adding bnxt_rx_agg_pages_xdp for aggregated xdp
+ (jsc#PED-1495).
+- bnxt: rename bnxt_rx_pages to bnxt_rx_agg_pages_skb
+ (jsc#PED-1495).
+- bnxt: refactor bnxt_rx_pages operate on skb_shared_info
+ (jsc#PED-1495).
+- bnxt: add flag to denote that an xdp program is currently
+ attached (jsc#PED-1495).
+- bnxt: refactor bnxt_rx_xdp to separate
+ xdp_init_buff/xdp_prepare_buff (jsc#PED-1495).
+- bnxt_en: Initiallize bp->ptp_lock first before using it
+ (jsc#PED-1495).
+- devlink: add explicitly locked flavor of the rate node APIs
+ (jsc#PED-1495).
+- bnxt: use the devlink instance lock to protect sriov
+ (jsc#PED-1495).
+- devlink: expose instance locking and add locked port registering
+ (jsc#PED-1495).
+- bnxt: revert hastily merged uAPI aberrations (jsc#PED-1495).
+- bnxt_en: add an nvm test for hw diagnose (jsc#PED-1495).
+- bnxt_en: implement hw health reporter (jsc#PED-1495).
+- bnxt_en: Properly report no pause support on some cards
+ (jsc#PED-1495).
+- bnxt_en: introduce initial link state of unknown (jsc#PED-1495).
+- bnxt_en: parse result field when NVRAM package install fails
+ (jsc#PED-1495).
+- bnxt_en: add more error checks to HWRM_NVM_INSTALL_UPDATE
+ (jsc#PED-1495).
+- bnxt_en: refactor error handling of HWRM_NVM_INSTALL_UPDATE
+ (jsc#PED-1495).
+- bnxt: report header-data split state (jsc#PED-1495).
+- ethtool: add header/data split indication (jsc#PED-1495).
+- bnxt_en: Handle async event when the PHC is updated in RTC mode
+ (jsc#PED-1495).
+- bnxt_en: Implement .adjtime() for PTP RTC mode (jsc#PED-1495).
+- bnxt_en: Add driver support to use Real Time Counter for PTP
+ (jsc#PED-1495).
+- bnxt_en: PTP: Refactor PTP initialization functions
+ (jsc#PED-1495).
+- bnxt_en: Update firmware interface to 1.10.2.73 (jsc#PED-1495).
+- bpf: introduce BPF_F_XDP_HAS_FRAGS flag in prog_flags loading
+ the ebpf program (jsc#PED-1495).
+- net: xdp: add xdp_update_skb_shared_info utility routine
+ (jsc#PED-1495).
+- xdp: introduce flags field in xdp_buff/xdp_frame (jsc#PED-1495).
+- net: skbuff: add size metadata to skb_shared_info for xdp
+ (jsc#PED-1495).
+- RDMA/bnxt_re: Fix endianness warning for req.pkey
+ (jsc#PED-1494).
+- RDMA/bnxt_re: Use bitmap_zalloc() when applicable
+ (jsc#PED-1494).
+- RDMA/bnxt_re: Remove dynamic pkey table (jsc#PED-1494).
+- RDMA/bnxt_re: Remove unneeded variable (jsc#PED-1494).
+- bnxt_en: improve firmware timeout messaging (jsc#PED-1495).
+- bnxt_en: improve VF error messages when PF is unavailable
+ (jsc#PED-1495).
+- bnxt_en: Use page frag RX buffers for better software GRO
+ performance (jsc#PED-1495).
+- bnxt_en: convert to xdp_do_flush (jsc#PED-1495).
+- bnxt_en: Support CQE coalescing mode in ethtool (jsc#PED-1495).
+- bnxt_en: Support configurable CQE coalescing mode
+ (jsc#PED-1495).
+- bnxt_en: enable interrupt sampling on 5750X for DIM
+ (jsc#PED-1495).
+- bnxt_en: Log error report for dropped doorbell (jsc#PED-1495).
+- bnxt_en: Add event handler for PAUSE Storm event (jsc#PED-1495).
+- devlink: Add new "event_eq_size" generic device param
+ (jsc#PED-1495).
+- devlink: Add new "io_eq_size" generic device param
+ (jsc#PED-1495).
+- flow_offload: reject to offload tc actions in offload drivers
+ (jsc#PED-1495).
+- devlink: Remove misleading internal_flags from health reporter
+ dump (jsc#PED-1495).
+- devlink: fix flexible_array.cocci warning (jsc#PED-1495).
+- ethtool: don't drop the rtnl_lock half way thru the ioctl
+ (jsc#PED-1495).
+- devlink: expose get/put functions (jsc#PED-1495).
+- ethtool: handle info/flash data copying outside rtnl_lock
+ (jsc#PED-1495).
+- ethtool: push the rtnl_lock into dev_ethtool() (jsc#PED-1495).
+- devlink: make all symbols GPL-only (jsc#PED-1495).
+- devlink: Simplify internal devlink params implementation
+ (jsc#PED-1495).
+- devlink: Clean not-executed param notifications (jsc#PED-1495).
+- ethtool: ioctl: Use array_size() helper in copy_{from,to}_user()
+ (jsc#PED-1495).
+- ethtool: prevent endless loop if eeprom size is smaller than
+ announced (jsc#PED-1495).
+- ethtool: runtime-resume netdev parent before ethtool ioctl ops
+ (jsc#PED-1495).
+- commit 5128686
+
+- s390: fix double free of GS and RI CBs on fork() failure
+ (bsc#1203197 LTC#199895).
+- commit a3c49e0
+
+- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock
+ on resume (git-fixes).
+- commit 196b9a7
+
+- net: stmmac: dwmac-qcom-ethqos: add platform level clocks
+ management (git-fixes).
+- commit 9419c89
+
+- net: axienet: fix RX ring refill allocation failure handling
+ (git-fixes).
+- commit 4644276
+
+- bnx2x: fix built-in kernel driver load failure (git-fixes).
+- commit 4c90c2b
+
+- net: stmmac: only enable DMA interrupts when ready (git-fixes).
+- commit 8b7732b
+
+- net: stmmac: perserve TX and RX coalesce value during XDP setup
+ (git-fixes).
+- commit 7ef4525
+
+- net: stmmac: enhance XDP ZC driver level switching performance
+ (git-fixes).
+- commit 0b61dc1
+
+- bnx2x: fix driver load from initrd (git-fixes).
+- commit 922bb4e
+
+- Update metadata references
+- commit b8d9524
+
+- regulator: core: Clean up on enable failure (git-fixes).
+- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
+ overflow in il4965_rs_fill_link_cmd() (git-fixes).
+- vt: Clear selection before changing the font (git-fixes).
+- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
+- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage
+ switch failure (git-fixes).
+- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
+- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
+ (git-fixes).
+- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
+- USB: serial: option: add support for Cinterion MV32-WA/WB
+ RmNet mode (git-fixes).
+- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
+ (git-fixes).
+- USB: serial: option: add Quectel EM060K modem (git-fixes).
+- USB: serial: option: add support for OPPO R11 diag port
+ (git-fixes).
+- media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
+- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
+ (git-fixes).
+- usb: xhci-mtk: relax TT periodic bandwidth allocation
+ (git-fixes).
+- usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
+- usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake
+ IOM device (git-fixes).
+- usb-storage: Add ignore-residue quirk for NXP PN7462AU
+ (git-fixes).
+- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
+- clk: bcm: rpi: Use correct order for the parameters of
+ devm_kcalloc() (git-fixes).
+- commit 8d6d69c
+
+- bnx2x: Fix comment typo (jsc#PED-535).
+- cnic: Use the bitmap API to allocate bitmaps (jsc#PED-1516).
+- bnx2x: Fix spelling mistake "regiser" -> "register"
+ (jsc#PED-535).
+- bnx2x: Fix undefined behavior due to shift overflowing the
+ constant (jsc#PED-535).
+- bnx2x: truncate value to original sizing (jsc#PED-535).
+- bnx2x: use correct format characters (jsc#PED-535).
+- bnx2x: Replace one-element array with flexible-array member
+ (jsc#PED-535).
+- bnx2x: fix built-in kernel driver load failure (jsc#PED-535).
+- bnx2: Fix an error message (jsc#PED-1187).
+- bnx2x: fix driver load from initrd (jsc#PED-535).
+- bnx2x: Remove useless DMA-32 fallback configuration
+ (jsc#PED-535).
+- bna: Simplify DMA setting (jsc#PED-1521).
+- net: bna: Update supported link modes (jsc#PED-1521).
+- bnx2x: constify static inline stub for dev_addr (jsc#PED-535).
+- bnx2x: Use struct_group() for memcpy() region (jsc#PED-535).
+- net: move gro definitions to include/net/gro.h (jsc#PED-535).
+- bnx2: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1187).
+- bnx2: Replace open-coded version with swab32s() (jsc#PED-1187).
+- commit 9e44625
+
+- tty: remove CMSPAR ifdefs (jsc#PED-531).
+- commit 8886a3f
+
+- net: dsa: microchip: fix bridging with more than two member
+ ports (git-fixes).
+- commit f2a5e08
+
+- net: dsa: lantiq_gswip: fix use after free in gswip_remove()
+ (git-fixes).
+- commit 577992b
+
+- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
+ (git-fixes).
+- commit f16c949
+
+- net: mscc: ocelot: fix all IP traffic getting trapped to CPU
+ with PTP over IP (git-fixes).
+- commit 391f1b3
+
+- net: axienet: reset core on initialization prior to MDIO access
+ (git-fixes).
+- Refresh
+ patches.suse/net-axienet-setup-mdio-unconditionally.patch.
+- commit afb1beb
+
+- usb: Prepare cleanup of powerpc's asm/prom.h (jsc#PED-531).
+- commit b5dac6b
+
+- net: mscc: ocelot: fix missing unlock on error in
+ ocelot_hwstamp_set() (git-fixes).
+- commit c38c182
+
+- blacklist.conf: update blacklist
+- commit 9d146c4
+
+- Update
+ patches.suse/watchqueue-make-sure-to-serialize-wqueue-defunct-pro.patch
+ (git-fixes, CVE-2022-1882, bsc#1199904).
+- add references to CVE-2022-1882, bsc#1199904
+- commit b499e0d
+
+- PCI: VMD: ACPI: Make ACPI companion lookup work for VMD bus
+ (jsc#PED-633).
+- Refresh
+ patches.suse/PCI-ACPI-Check-parent-pointer-in-acpi_pci_find_compa.patch.
+- Refresh
+ patches.suse/PCI-vmd-Assign-VMD-IRQ-domain-before-enumeration.patch.
+- x86: link vdso and boot with -z noexecstack
+ - -no-warn-rwx-segments (bsc#1203200).
+- Makefile: link with -z noexecstack --no-warn-rwx-segments
+ (bsc#1203200).
+- commit ee065ad
+
+- Update config files (change CONFIG_SUSE_PATCHLEVEL to 5).
+- commit f931313
+
+- intel_idle: Add a new flag to initialize the AMX state
+ (jsc#PED-681).
+- x86/fpu: Add a helper to prepare AMX state for low-power CPU
+ idle (jsc#PED-681).
+- platform/x86: intel/pmc: Add Alder Lake N support to PMC core
+ driver (jsc#PED-692).
+- platform/x86/intel: pmc: Support Intel Raptorlake P
+ (jsc#PED-667).
+- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
+ (jsc#PED-743).
+- PCI: vmd: Add DID 8086:A77F for all Intel Raptor Lake SKU's
+ (jsc#PED-633).
+- PCI: vmd: Honor ACPI _OSC on PCIe features (jsc#PED-633).
+- PCI: vmd: Clean up domain before enumeration (jsc#PED-633).
+- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
+ (jsc#PED-690).
+- x86/cpu: Add Raptor Lake to Intel family (jsc#PED-690).
+- commit 2f2c9c2
+
+- compat: make linux/compat.h available everywhere (jsc#PED-1492).
+- commit 82594a3
+
+- dev_ioctl: pass SIOCDEVPRIVATE data separately (jsc#PED-1492).
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+- commit 220a22b
+
+- net: socket: rework compat_ifreq_ioctl() (jsc#PED-1492).
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+- commit 9e52d0a
+
+- net: socket: simplify dev_ifconf handling (jsc#PED-1492).
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+- commit 7ce1665
+
+- tg3: Disable tg3 device on system reboot to avoid triggering
+ AER (jsc#PED-1492).
+- tg3: Remove redundant assignments (jsc#PED-1492).
+- ethernet: Remove redundant statement (jsc#PED-1492).
+- ethernet: tg3: remove direct netdev->dev_addr writes
+ (jsc#PED-1492).
+- net: tg3: fix redundant check of true expression (jsc#PED-1492).
+- net: tg3: fix obsolete check of !err (jsc#PED-1492).
+- tg3: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1492).
+- tg3: Validate VPD checksum with pci_vpd_check_csum()
+ (jsc#PED-1492).
+- tg3: Read VPD with pci_vpd_alloc() (jsc#PED-1492).
+- dev_ioctl: split out ndo_eth_ioctl (jsc#PED-1492).
+- cxgb3: use ndo_siocdevprivate (jsc#PED-1492).
+- qeth: use ndo_siocdevprivate (jsc#PED-1492).
+- hamachi: use ndo_siocdevprivate (jsc#PED-1492).
+- bonding: use siocdevprivate (jsc#PED-1492).
+- net: split out SIOCDEVPRIVATE handling from dev_ioctl
+ (jsc#PED-1492).
+- net: socket: remove register_gifconf (jsc#PED-1492).
+- net: socket: rework SIOC?IFMAP ioctls (jsc#PED-1492).
+- commit 9963a02
+
+- sched/core: Use try_cmpxchg in set_nr_{and_not,if}_polling
+ (bnc#1202494 (Scheduler functional and performance backports)).
+- sched/fair: Decay task PELT values during wakeup migration
+ (bnc#1202494 (Scheduler functional and performance backports)).
+- sched/fair: Provide u64 read for 32-bits arch helper
+ (bnc#1202494 (Scheduler functional and performance backports)).
+- sched/fair: Introduce SIS_UTIL to search idle CPU based on
+ sum of util_avg (jsc#PED-1213).
+- sched/numa: Fix boot crash on arm64 systems (jsc#PED-827).
+- sched/numa: Avoid migrating task to CPU-less node (jsc#PED-827).
+- sched/numa: Fix NUMA topology for systems with CPU-less nodes
+ (jsc#PED-827).
+- commit 2f3bfae
+
+- USB: HCD: Fix URB giveback issue in tasklet function
+ (git-fixes).
+- commit 12ef886
+
+- ethtool: extend ringparam setting/getting API with rx_buf_len
+ (jsc#PED-1497).
+- Refresh
+ patches.suse/Revert-ibmvnic-Add-ethtool-private-flag-for-driver-d.patch.
+- commit ee8f1a8
+
+- ethernet/emulex:fix repeated words in comments (jsc#PED-1497).
+- eth: benet: remove a copy of the NAPI_POLL_WEIGHT define
+ (jsc#PED-1497).
+- be2net: Use irq_update_affinity_hint() (jsc#PED-1497).
+- genirq: Provide new interfaces for affinity hints
+ (jsc#PED-1497).
+- be2net: Remove useless DMA-32 fallback configuration
+ (jsc#PED-1497).
+- ethtool: add support to set/get rx buf len via ethtool
+ (jsc#PED-1497).
+- ethernet: constify references to netdev->dev_addr in drivers
+ (jsc#PED-1497).
+- commit bb6401d
+
+- Update Yousaf's e-mail
+- commit bde91a1
+
+- rpm/config.sh: 15.4 -> 15.5
+- commit 11c86df
+
+- README.BRANCH: Update it with new co-maintainer and fix typo
+ Replace SLE15-SP4 for SLE15-SP5 and add Yousaf Kaukab as a
+ co-maintainer.
+- commit 2f7c5b6
+
+- Delete patches.kabi/* workarounds
+- commit 6b96c7b
+
+- Delete patches.suse/revert-btrfs-props-change-how-empty-value-is-interpr.patch.
+ Align btrfs property compression to upstream behaviour (JSC#PED-1711)
+- commit 2670de5
+
+- README.BRANCH: Switch SLE15-SP5 maintainer to Oscar Salvador
+- commit ad4c348
+
+- Drop SLE15-SP4 kABI workaround patches
+ patches.kabi/kABI-fix-removal-of-iscsi_destroy_conn.patch is still kept as
+ the build breaks otherwise
+- commit 492e2dd
+
+- Drop SLE15-SP4 kernel symbols
+- commit 0837ac5
+
+- supported.conf Add TDA4VM-SK modules (jsc#PED-1379)
+- commit 890c2be
+
+- config/arm64: Add support for TDA4VM-SK machine (jsc#PED-1379)
+- commit e6bb890
+
kernel-kvmsmall
+- arm64: Discard .note.GNU-stack section (bsc#1203693).
+- commit a5e7cb4
+
+- media: i2c: ov2640: Depend on V4L2_ASYNC (git-fixes).
+- commit 91b3b5b
+
+- Update
+ patches.suse/usb-typec-intel_pmc_mux-Add-new-ACPI-ID-for-Meteor-L.patch
+ (jsc#PED-1211).
+ Adding Jira
+- commit 5026c96
+
+- Update
+ patches.suse/usb-dwc3-pci-Add-support-for-Intel-Raptor-Lake.patch
+ (jsc#PED-1715).
+ Only adding Jira
+- commit af0fb94
+
+- xhci: Don't defer primary roothub registration if there is
+ only one roothub (jsc#PED-531).
+- commit bb0af18
+
+- xhci: prevent U2 link power state if Intel tier policy prevented
+ U1 (jsc#PED-531).
+- commit 4580e55
+
+- xhci: use generic command timer for stop endpoint commands
+ (jsc#PED-531).
+- commit 0f31a26
+
+- usb: host: xhci-plat: omit shared hcd if either root hub has
+ no ports (jsc#PED-531).
+- commit 2387fca
+
+- usb: host: xhci-plat: prepare operation w/o shared hcd
+ (jsc#PED-531).
+- commit 47afbac
+
+- usb: host: xhci-plat: create shared hcd after having added
+ main hcd (jsc#PED-531).
+- commit f9fd004
+
+- xhci: prepare for operation w/o shared hcd (jsc#PED-531).
+- commit 09ce63b
+
+- xhci: factor out parts of xhci_gen_setup() (jsc#PED-531).
+- commit 783aae7
+
+- usb: xhci-mtk: add support optional controller reset
+ (jsc#PED-531).
+- commit b567962
+
+- usb/core: fix repeated words in comments (git-fixes).
+- commit 5f46c47
+
+- usb: core: sysfs: convert sysfs snprintf to sysfs_emit
+ (git-fixes).
+- commit 40a09c7
+
+- usb: Avoid extra usb SET_SEL requests when enabling link power
+ management (jsc#PED-531).
+- commit 3988270
+
+- usb: hub: port: add sysfs entry to switch port power
+ (jsc#PED-531).
+- commit 9c3549e
+
+- powerpc/papr_scm: Ensure rc is always initialized in
+ papr_scm_pmu_register() (jsc#PED-1925).
+- tools/testing/nvdimm: Fix security_init() symbol collision
+ (jsc#PED-1925).
+- commit a333f5d
+
+- powerpc/papr_scm: don't requests stats with '0' sized stats
+ buffer (jsc#PED-1925).
+- commit 3918fb0
+
+- powerpc/papr_scm: Fix nvdimm event mappings (jsc#PED-557).
+- powerpc/papr_scm: Fix leaking nvdimm_events_map elements
+ (jsc#PED-557).
+- drivers/nvdimm: Fix build failure when CONFIG_PERF_EVENTS is
+ not set (jsc#PED-1925).
+- commit 8ecc2ba
+
+- x86: clk: clk-fch: Add support for newer family of AMD's SOC
+ (jsc#PED-1408).
+- commit c6a96ee
+
+- ACPI: tools: Introduce utility for firmware updates/telemetry
+ (jsc#PED-1408).
+- efi: Introduce EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER and
+ corresponding structures (jsc#PED-1408).
+- commit a7f95e0
+
+- powerpc/papr_scm: Fix buffer overflow issue with
+ CONFIG_FORTIFY_SOURCE (jsc#PED-1925).
+- powerpc/papr_scm: Fix build failure when (jsc#PED-1925).
+- powerpc/papr_scm: Add perf interface support (jsc#PED-1925).
+- drivers/nvdimm: Add perf interface to expose nvdimm performance
+ stats (jsc#PED-1925).
+- drivers/nvdimm: Add nvdimm pmu structure (jsc#PED-1925).
+- commit 61ab009
+
+- Revert "ACPI: processor: idle: Only flush cache on entering C3"
+ (jsc#PED-1408).
+- Revert "ACPI: scan: Do not add device IDs from _CID if _HID
+ is not valid" (jsc#PED-1408).
+- ACPI: tables: Quiet ACPI table not found warning (jsc#PED-1408).
+- ACPI: require CRC32 to build (jsc#PED-1408).
+- ACPI: DPTF: Support Raptor Lake (jsc#PED-1408).
+- ACPI: CPPC: Drop redundant local variable from cpc_read()
+ (jsc#PED-1408).
+- ACPI: CPPC: Fix up I/O port access in cpc_read() (jsc#PED-1408).
+- ACPI: pfr_telemetry: Fix info leak in pfrt_log_ioctl()
+ (jsc#PED-1408).
+- ACPI: pfr_update: Fix return value check in pfru_write()
+ (jsc#PED-1408).
+- ACPI: Introduce Platform Firmware Runtime Telemetry driver
+ (jsc#PED-1408).
+- Update supported.conf
+ - add drivers/acpi/pfr_telemetry.ko
+ ACPI Platform Firmware Runtime Telemetry driver
+- ACPI: Introduce Platform Firmware Runtime Update device driver
+ (jsc#PED-1408).
+- Update config files.
+- Update supported.conf
+ - add drivers/acpi/pfr_update.ko
+ ACPI Platform Firmware Runtime Update Device driver
+- ACPI: SPCR: check if table->serial_port.access_width is too wide
+ (jsc#PED-1408).
+- ACPI: scan: Rename label in acpi_scan_init() (jsc#PED-1408).
+- ACPI: scan: Simplify initialization of power and sleep buttons
+ (jsc#PED-1408).
+- ACPI: scan: Change acpi_scan_init() return value type to void
+ (jsc#PED-1408).
+- x86/PCI: Remove initialization of static variables to false
+ (jsc#PED-1408).
+- ACPI: APD: Add a fmw property clk-name (jsc#PED-1408).
+- drivers: acpi: acpi_apd: Remove unused device property "is-rv"
+ (jsc#PED-1408).
+- ACPI: Add a context argument for table parsing handlers
+ (jsc#PED-1408).
+- ACPI: Teach ACPI table parsing about the CEDT header format
+ (jsc#PED-1408).
+- ACPI: Keep sub-table parsing infrastructure available for
+ modules (jsc#PED-1408).
+- ACPI: NFIT: Import GUID before use (jsc#PED-1408).
+- PM: hibernate: Allow ACPI hardware signature to be honoured
+ (jsc#PED-1408).
+- ACPI: CPPC: Add CPPC enable register function (jsc#PED-1408).
+- ACPI: CPPC: Implement support for SystemIO registers
+ (jsc#PED-1408).
+- ACPI: CPPC: Amend documentation in the comments (jsc#PED-1408).
+- ACPI: sysfs: use default_groups in kobj_type (jsc#PED-1408).
+- ACPI: NUMA: Process hotpluggable memblocks when
+ !CONFIG_MEMORY_HOTPLUG (jsc#PED-1408).
+- ACPI: tables: Add AEST to the list of known table signatures
+ (jsc#PED-1408).
+- ACPI: DPTF: Update device ID in a comment (jsc#PED-1408).
+- ACPI: PMIC: xpower: Fix _TMP ACPI errors (jsc#PED-1408).
+- ACPI: PMIC: allow drivers to provide a custom lpat_raw_to_temp()
+ function (jsc#PED-1408).
+- ACPI: PMIC: constify all struct intel_pmic_opregion_data
+ declarations (jsc#PED-1408).
+- ACPI / x86: Skip AC and battery devices on x86 Android tablets
+ with broken DSDTs (jsc#PED-1408).
+- ACPI / x86: Introduce an acpi_quirk_skip_acpi_ac_and_battery()
+ helper (jsc#PED-1408).
+ Refresh
+ patches.suse/ACPI-battery-Add-the-ThinkPad-Not-Charging-quirk.patch.
+- ACPI / x86: Add PWM2 on the Xiaomi Mi Pad 2 to the
+ always_present list (jsc#PED-1408).
+- ACPI: processor: thermal: avoid cpufreq_get_policy()
+ (jsc#PED-1408).
+- ACPI: processor: idle: Only flush cache on entering C3
+ (jsc#PED-1408).
+- ACPI: processor idle: Use swap() instead of open coding it
+ (jsc#PED-1408).
+- ACPI: processor: Replace kernel.h with the necessary inclusions
+ (jsc#PED-1408).
+- ACPI: EC: Mark the ec_sys write_support param as
+ module_param_hw() (jsc#PED-1408).
+- ACPI: EC: Relocate acpi_ec_create_query() and drop
+ acpi_ec_delete_query() (jsc#PED-1408).
+- ACPI: EC: Make the event work state machine visible
+ (jsc#PED-1408).
+- ACPI: EC: Avoid queuing unnecessary work in
+ acpi_ec_submit_event() (jsc#PED-1408).
+- ACPI: EC: Rename three functions (jsc#PED-1408).
+- ACPI: EC: Simplify locking in acpi_ec_event_handler()
+ (jsc#PED-1408).
+- ACPI: EC: Rearrange the loop in acpi_ec_event_handler()
+ (jsc#PED-1408).
+- ACPI: EC: Fold acpi_ec_check_event() into
+ acpi_ec_event_handler() (jsc#PED-1408).
+- ACPI: EC: Pass one argument to acpi_ec_query() (jsc#PED-1408).
+- ACPI: EC: Call advance_transaction() from acpi_ec_dispatch_gpe()
+ (jsc#PED-1408).
+- ACPI: EC: Rework flushing of EC work while suspended to idle
+ (jsc#PED-1408).
+- ACPI: PM: Emit debug messages when enabling/disabling wakeup
+ power (jsc#PED-1408).
+- ACPI: PM: Remove redundant cache flushing (jsc#PED-1408).
+- ACPI: PM: Avoid CPU cache flush when entering S4 (jsc#PED-1408).
+- ACPI / x86: Add
+ acpi_quirk_skip_[i2c_client|serdev]_enumeration() helpers
+ (jsc#PED-1408).
+- ACPI: Use acpi_fetch_acpi_dev() instead of acpi_bus_get_device()
+ (jsc#PED-1408).
+ Refresh
+ patches.suse/ACPI-properties-Consistently-return-ENOENT-if-there-.patch.
+- ACPI: scan: Do not add device IDs from _CID if _HID is not valid
+ (jsc#PED-1408).
+- ACPICA: Update version to 20211217 (jsc#PED-1408).
+- ACPICA: iASL/NHLT table: "Specific Data" field support
+ (jsc#PED-1408).
+- ACPICA: iASL: Add suppport for AGDI table (jsc#PED-1408).
+- ACPICA: iASL: Add TDEL table to both compiler/disassembler
+ (jsc#PED-1408).
+- ACPICA: Fixed a couple of warnings under MSVC (jsc#PED-1408).
+- ACPICA: Change a return_ACPI_STATUS (AE_BAD_PARAMETER)
+ (jsc#PED-1408).
+- ACPICA: Add support for PCC Opregion special context data
+ (jsc#PED-1408).
+- ACPICA: Fix AEST Processor generic resource substructure data
+ field byte length (jsc#PED-1408).
+- ACPICA: iASL/Disassembler: Additional support for NHLT table
+ (jsc#PED-1408).
+- ACPICA: Avoid subobject buffer overflow when validating RSDP
+ signature (jsc#PED-1408).
+- ACPICA: Macros: Remove ACPI_PHYSADDR_TO_PTR (jsc#PED-1408).
+- ACPICA: Use original pointer for virtual origin tables
+ (jsc#PED-1408).
+- ACPICA: Use original data_table_region pointer for accesses
+ (jsc#PED-1408).
+- ACPI: delay enumeration of devices with a _DEP pointing to an
+ INT3472 device (jsc#PED-1408).
+- commit a883e60
+
+- ice: support crosstimestamping on E822 devices if supported
+ (jsc#PED-376).
+- Update config files.
+- commit 52d22d8
+
+- net: phy: add Maxlinear GPY115/21x/24x driver (jsc#PED-829).
+- Update config files.
+- supported.conf: mark mxl-gpy supported
+- commit 038e0dc
+
+- ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id
+ (jsc#PED-376).
+- blacklist.conf: removed broken blacklist
+- commit 4dd2967
+
+- RDMA/irdma: Remove enum irdma_status_code (jsc#PED-377).
+- Refresh
+ patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch.
+- commit 0e1b54d
+
+- ice: introduce ice_virtchnl.c and ice_virtchnl.h (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
+- Refresh
+ patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch.
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- Refresh
+ patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
+- commit b1a640b
+
+- ice: rename ice_virtchnl_pf.c to ice_sriov.c (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Do-not-skip-not-enabled-queues-in-ice_vc_dis_qs_.patch.
+- Refresh
+ patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch.
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- Refresh
+ patches.suse/ice-clear-stale-Tx-queue-settings-before-configuring.patch.
+- Refresh
+ patches.suse/ice-fix-use-after-free-when-deinitializing-mailbox-s.patch.
+- commit a6dcbb6
+
+- ice: convert VF storage to hash table with krefs and RCU
+ (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Fix-incorrect-locking-in-ice_vc_process_vf_msg.patch.
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- commit bb85cb8
+
+- ice: introduce VF accessor functions (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- commit 567361b
+
+- ice: factor VF variables to separate structure (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Protect-vf_state-check-by-cfg_lock-in-ice_vc_pro.patch.
+- commit 3f8b512
+
+- ice: add TTY for GNSS module for E810T device (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Fix-race-during-aux-device-un-plugging.patch.
+- commit 8bbff5a
+
+- ice: Simplify tracking status of RDMA support (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Allow-operation-with-reduced-device-MSI-X.patch.
+- commit 679eb4d
+
+- ice: implement basic E822 PTP support (jsc#PED-376).
+- Refresh
+ patches.suse/ice-fix-possible-under-reporting-of-ethtool-Tx-and-R.patch.
+- commit ef8d58e
+
+- ice: Propagate error codes (jsc#PED-376).
+- Refresh
+ patches.suse/ice-Fix-curr_link_speed-advertised-speed.patch.
+- commit 80453bf
+
+- ice: Remove string printing for ice_status (jsc#PED-376).
+- Refresh
+ patches.suse/ice-enable-parsing-IPSEC-SPI-headers-for-RSS.patch.
+- commit e71a23c
+
+- ice: xsk: use Rx ring's XDP ring when picking NAPI context
+ (jsc#PED-376).
+- commit d811ddb
+
+- ice: xsk: prohibit usage of non-balanced queue id (jsc#PED-376).
+- ice: Fix VF not able to send tagged traffic with no VLAN filters
+ (jsc#PED-376).
+- ice: Ignore error message when setting same promiscuous mode
+ (jsc#PED-376).
+- ice: Fix clearing of promisc mode with bridge over bond
+ (jsc#PED-376).
+- ice: Ignore EEXIST when setting promisc mode (jsc#PED-376).
+- ice: Fix double VLAN error when entering promisc mode
+ (jsc#PED-376).
+- ice: Fix call trace with null VSI during VF reset (jsc#PED-376).
+- ice: Fix VSI rebuild WARN_ON check for VF (jsc#PED-376).
+- net/ice: fix initializing the bitmap in the switch code
+ (jsc#PED-376).
+- RDMA/irdma: Use the bitmap API to allocate bitmaps
+ (jsc#PED-377).
+- RDMA/irdma: Fix setting of QP context err_rq_idx_valid field
+ (jsc#PED-377).
+- RDMA/irdma: Fix VLAN connection with wildcard address
+ (jsc#PED-377).
+- RDMA/irdma: Fix a window for use-after-free (jsc#PED-377).
+- RDMA/irdma: Make resource distribution algorithm more QP
+ oriented (jsc#PED-377).
+- RDMA/irdma: Make CQP invalid state error non-critical
+ (jsc#PED-377).
+- RDMA/irdma: Add AE source to error log (jsc#PED-377).
+- RDMA/irdma: Add 2 level PBLE support for FMR (jsc#PED-377).
+- net: ice: fix error NETIF_F_HW_VLAN_CTAG_FILTER check in
+ ice_vsi_sync_fltr() (jsc#PED-376).
+- ice: implement adjfine with mul_u64_u64_div_u64 (jsc#PED-376).
+- ice: allow toggling loopback mode via ndo_set_features callback
+ (jsc#PED-376).
+- ice: compress branches in ice_set_features() (jsc#PED-376).
+- ice: Fix promiscuous mode not turning off (jsc#PED-376).
+- ice: Introduce enabling promiscuous mode on multiple VF's
+ (jsc#PED-376).
+- ice: Add support for PPPoE hardware offload (jsc#PED-376).
+- flow_offload: Introduce flow_match_pppoe (jsc#PED-376).
+- flow_dissector: Add PPPoE dissectors (jsc#PED-376).
+- ice: add write functionality for GNSS TTY (jsc#PED-376).
+- ice: add i2c write command (jsc#PED-376).
+- ice: Remove pci_aer_clear_nonfatal_status() call (jsc#PED-376).
+- ice: Add EXTTS feature to the feature bitmap (jsc#PED-376).
+- net: extract port range fields from fl_flow_key (jsc#PED-376).
+- ice: Remove unnecessary NULL check before dev_put (jsc#PED-376).
+- ice: use eth_broadcast_addr() to set broadcast address
+ (jsc#PED-376).
+- ice: switch: dynamically add VLAN headers to dummy packets
+ (jsc#PED-376).
+- ice: Add support for VLAN TPID filters in switchdev
+ (jsc#PED-376).
+- ice: Add support for double VLAN in switchdev (jsc#PED-376).
+- intel/ice:fix repeated words in comments (jsc#PED-376).
+- ice: Use correct order for the parameters of devm_kcalloc()
+ (jsc#PED-376).
+- ice: remove u16 arithmetic in ice_gnss (jsc#PED-376).
+- ice: remove VLAN representor specific ops (jsc#PED-376).
+- ice: don't set VF VLAN caps in switchdev (jsc#PED-376).
+- ice: do not setup vlan for loopback VSI (jsc#PED-376).
+- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP |
+ RS) (jsc#PED-376).
+- ice: Fix VSIs unable to share unicast MAC (jsc#PED-376).
+- ice: Fix tunnel checksum offload with fragmented traffic
+ (jsc#PED-376).
+- ice: Fix max VLANs available for VF (jsc#PED-376).
+- RDMA/irdma: Fix sleep from invalid context BUG (jsc#PED-377).
+- RDMA/irdma: Do not advertise 1GB page size for x722
+ (jsc#PED-377).
+- ice: change devlink code to read NVM in blocks (jsc#PED-376).
+- ice: handle E822 generic device ID in PLDM header (jsc#PED-376).
+- ice: ethtool: Prohibit improper channel config for DCB
+ (jsc#PED-376).
+- ice: ethtool: advertise 1000M speeds properly (jsc#PED-376).
+- ice: Fix switchdev rules book keeping (jsc#PED-376).
+- ice: ignore protocol field in GTP offload (jsc#PED-376).
+- ice: Fix memory corruption in VF driver (jsc#PED-376).
+- ice: Fix queue config fail handling (jsc#PED-376).
+- ice: Sync VLAN filtering features for DVM (jsc#PED-376).
+- ice: Fix PTP TX timestamp offset calculation (jsc#PED-376).
+- ice: fix access-beyond-end in the switch code (jsc#PED-376).
+- RDMA/irdma: Add SW mechanism to generate completions on error
+ (jsc#PED-377).
+- RDMA/irdma: Remove the redundant variable (jsc#PED-377).
+- eth: ice: silence the GCC 12 array-bounds warning (jsc#PED-376).
+- ice: Expose RSS indirection tables for queue groups via ethtool
+ (jsc#PED-376).
+- Revert "ice: Hide bus-info in ethtool for PRs in switchdev mode"
+ (jsc#PED-376).
+- ice: link representors to PCI device (jsc#PED-376).
+- ice: remove period on argument description in ice_for_each_vf
+ (jsc#PED-376).
+- ice: add a function comment for ice_cfg_mac_antispoof
+ (jsc#PED-376).
+- ice: fix wording in comment for ice_reset_vf (jsc#PED-376).
+- ice: remove return value comment for ice_reset_all_vfs
+ (jsc#PED-376).
+- ice: always check VF VSI pointer values (jsc#PED-376).
+- ice: add newline to dev_dbg in ice_vf_fdir_dump_info
+ (jsc#PED-376).
+- ice: get switch id on switchdev devices (jsc#PED-376).
+- ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS
+ (jsc#PED-376).
+- ice: introduce common helper for retrieving VSI by vsi_num
+ (jsc#PED-376).
+- ice: use min_t() to make code cleaner in ice_gnss (jsc#PED-376).
+- ice, xsk: Avoid refilling single Rx descriptors (jsc#PED-376).
+- ice, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-376).
+- ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full
+ (jsc#PED-376).
+- ice, xsk: Decorate ICE_XDP_REDIR with likely() (jsc#PED-376).
+- flow_dissector: Add number of vlan tags dissector (jsc#PED-376).
+- ice: Add mpls+tso support (jsc#PED-376).
+- ice: switch: convert packet template match code to rodata
+ (jsc#PED-376).
+- ice: switch: use convenience macros to declare dummy pkt
+ templates (jsc#PED-376).
+- ice: switch: use a struct to pass packet template params
+ (jsc#PED-376).
+- ice: switch: unobscurify bitops loop in
+ ice_fill_adv_dummy_packet() (jsc#PED-376).
+- ice: switch: add and use u16 aliases to ice_adv_lkup_elem::{h,
+ m}_u (jsc#PED-376).
+- ice: Fix interrupt moderation settings getting cleared
+ (jsc#PED-376).
+- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core()
+ (jsc#PED-377).
+- ice: wait 5 s for EMP reset after firmware flash (jsc#PED-376).
+- ice: Fix memory leak in ice_get_orom_civd_data() (jsc#PED-376).
+- ice: xsk: check if Rx ring was filled up to the end
+ (jsc#PED-376).
+- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap
+ (jsc#PED-376).
+- flow_dissector: fix false-positive __read_overflow2_field()
+ warning (jsc#PED-376).
+- ice: Set txq_teid to ICE_INVAL_TEID on ring creation
+ (jsc#PED-376).
+- ice: Fix broken IFF_ALLMULTI handling (jsc#PED-376).
+- ice: Fix MAC address setting (jsc#PED-376).
+- ice: xsk: Stop Rx processing when ntc catches ntu (jsc#PED-376).
+- ice: xsk: Eliminate unnecessary loop iteration (jsc#PED-376).
+- RDMA/irdma: Add support for address handle re-use (jsc#PED-377).
+- RDMA/irdma: Make irdma_create_mg_ctx return a void
+ (jsc#PED-377).
+- RDMA/irdma: Move union irdma_sockaddr to header file
+ (jsc#PED-377).
+- RDMA/irdma: Remove the unnecessary variable saddr (jsc#PED-377).
+- RDMA/irdma: Use net_type to check network type (jsc#PED-377).
+- RDMA/irdma: Remove excess error variables (jsc#PED-377).
+- RDMA/irdma: Propagate error codes (jsc#PED-377).
+- RDMA/irdma: Add support for DSCP (jsc#PED-377).
+- RDMA/irdma: Refactor DCB bits in prep for DSCP support
+ (jsc#PED-377).
+- ice: add trace events for tx timestamps (jsc#PED-376).
+- ice: fix return value check in ice_gnss.c (jsc#PED-376).
+- ice: Fix inconsistent indenting in ice_switch (jsc#PED-376).
+- gtp: Fix inconsistent indenting (jsc#PED-376).
+- ice: remove PF pointer from ice_check_vf_init (jsc#PED-376).
+- ice: cleanup long lines in ice_sriov.c (jsc#PED-376).
+- ice: introduce ICE_VF_RESET_LOCK flag (jsc#PED-376).
+- ice: introduce ICE_VF_RESET_NOTIFY flag (jsc#PED-376).
+- ice: convert ice_reset_vf to take flags (jsc#PED-376).
+- ice: convert ice_reset_vf to standard error codes (jsc#PED-376).
+- ice: make ice_reset_all_vfs void (jsc#PED-376).
+- ice: drop is_vflr parameter from ice_reset_all_vfs
+ (jsc#PED-376).
+- ice: move reset functionality into ice_vf_lib.c (jsc#PED-376).
+- ice: fix a long line warning in ice_reset_vf (jsc#PED-376).
+- ice: introduce VF operations structure for reset flows
+ (jsc#PED-376).
+- ice: introduce ice_vf_lib.c, ice_vf_lib.h, and
+ ice_vf_lib_private.h (jsc#PED-376).
+- ice: use ice_is_vf_trusted helper function (jsc#PED-376).
+- ice: log an error message when eswitch fails to configure
+ (jsc#PED-376).
+- ice: cleanup error logging for ice_ena_vfs (jsc#PED-376).
+- ice: move ice_set_vf_port_vlan near other .ndo ops
+ (jsc#PED-376).
+- ice: refactor spoofchk control code in ice_sriov.c
+ (jsc#PED-376).
+- ice: rename ICE_MAX_VF_COUNT to avoid confusion (jsc#PED-376).
+- ice: remove unused definitions from ice_sriov.h (jsc#PED-376).
+- ice: convert vf->vc_ops to a const pointer (jsc#PED-376).
+- ice: remove circular header dependencies on ice.h (jsc#PED-376).
+- ice: rename ice_sriov.c to ice_vf_mbx.c (jsc#PED-376).
+- ice: Support GTP-U and GTP-C offload in switchdev (jsc#PED-376).
+- ice: Fix FV offset searching (jsc#PED-376).
+- gtp: Add support for checking GTP device type (jsc#PED-376).
+- net/sched: Allow flower to match on GTP options (jsc#PED-376).
+- gtp: Implement GTP echo request (jsc#PED-376).
+- gtp: Implement GTP echo response (jsc#PED-376).
+- gtp: Allow to create GTP device without FDs (jsc#PED-376).
+- flow_dissector: Add support for HSRv0 (jsc#PED-376).
+- ice: Add support for outer dest MAC for ADQ tunnels
+ (jsc#PED-376).
+- ice: avoid XDP checks in ice_clean_tx_irq() (jsc#PED-376).
+- ice: change "can't set link" message to dbg level (jsc#PED-376).
+- ice: Add slow path offload stats on port representor in
+ switchdev (jsc#PED-376).
+- ice: Add support for inner etype in switchdev (jsc#PED-376).
+- ice: xsk: fix GCC version checking against pragma unroll
+ presence (jsc#PED-376).
+- ice: convert ice_for_each_vf to include VF entry iterator
+ (jsc#PED-376).
+- ice: use ice_for_each_vf for iteration during removal
+ (jsc#PED-376).
+- ice: remove checks in ice_vc_send_msg_to_vf (jsc#PED-376).
+- ice: move VFLR acknowledge during ice_free_vfs (jsc#PED-376).
+- ice: move clear_malvf call in ice_free_vfs (jsc#PED-376).
+- ice: pass num_vfs to ice_set_per_vf_res() (jsc#PED-376).
+- ice: store VF pointer instead of VF ID (jsc#PED-376).
+- ice: refactor unwind cleanup in eswitch mode (jsc#PED-376).
+- flow_dissector: Add support for HSR (jsc#PED-376).
+- ice: Add ability for PF admin to enable VF VLAN pruning
+ (jsc#PED-376).
+- ice: Add support for 802.1ad port VLANs VF (jsc#PED-376).
+- ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev
+ (jsc#PED-376).
+- ice: Support configuring the device to Double VLAN Mode
+ (jsc#PED-376).
+- ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-376).
+- ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads
+ (jsc#PED-376).
+- ice: Add outer_vlan_ops and VSI specific VLAN ops
+ implementations (jsc#PED-376).
+- ice: Adjust naming for inner VLAN operations (jsc#PED-376).
+- ice: Use the proto argument for VLAN ops (jsc#PED-376).
+- ice: Refactor vf->port_vlan_info to use ice_vlan (jsc#PED-376).
+- ice: Introduce ice_vlan struct (jsc#PED-376).
+- ice: Add new VSI VLAN ops (jsc#PED-376).
+- ice: Add helper function for adding VLAN 0 (jsc#PED-376).
+- ice: Refactor spoofcheck configuration functions (jsc#PED-376).
+- ice: xsk: Borrow xdp_tx_active logic from i40e (jsc#PED-376).
+- ice: xsk: Improve AF_XDP ZC Tx and use batching API
+ (jsc#PED-376).
+- ice: xsk: Avoid potential dead AF_XDP Tx processing
+ (jsc#PED-376).
+- ice: Make Tx threshold dependent on ring length (jsc#PED-376).
+- ice: xsk: Handle SW XDP ring wrap and bump tail more often
+ (jsc#PED-376).
+- ice: xsk: Force rings to be sized to power of 2 (jsc#PED-376).
+- ice: Remove likely for napi_complete_done (jsc#PED-376).
+- ice: add support for DSCP QoS for IDC (jsc#PED-376).
+- ice: respect metadata in legacy-rx/ice_construct_skb()
+ (jsc#PED-376).
+- ice: Remove useless DMA-32 fallback configuration (jsc#PED-376).
+- ice: destroy flow director filter mutex after releasing VSIs
+ (jsc#PED-376).
+- ice: Match on all profiles in slow-path (jsc#PED-376).
+- RDMA/irdma: Remove the redundant return (jsc#PED-377).
+- RDMA/irdma: Make the source udp port vary (jsc#PED-377).
+- RDMA/core: Calculate UDP source port based on flow label or
+ lqpn/rqpn (jsc#PED-377).
+- RDMA/irdma: Fix the type used to declare a bitmap (jsc#PED-377).
+- RDMA/irdma: Use helper function to set GUIDs (jsc#PED-377).
+- RDMA/irdma: Use irq_update_affinity_hint() (jsc#PED-377).
+- ice: Use bitmap_free() to free bitmap (jsc#PED-376).
+- ice: Optimize a few bitmap operations (jsc#PED-376).
+- ice: Slightly simply ice_find_free_recp_res_idx (jsc#PED-376).
+- ice: improve switchdev's slow-path (jsc#PED-376).
+- ice: replay advanced rules after reset (jsc#PED-376).
+- ice: Add flow director support for channel mode (jsc#PED-376).
+- skbuff: introduce skb_pull_data (jsc#PED-376).
+- ice: switch to napi_build_skb() (jsc#PED-376).
+- ice: trivial: fix odd indenting (jsc#PED-376).
+- ice: exit bypass mode once hardware finishes timestamp
+ calibration (jsc#PED-376).
+- ice: ensure the hardware Clock Generation Unit is configured
+ (jsc#PED-376).
+- ice: convert clk_freq capability into time_ref (jsc#PED-376).
+- ice: introduce ice_ptp_init_phc function (jsc#PED-376).
+- ice: use 'int err' instead of 'int status' in ice_ptp_hw.c
+ (jsc#PED-376).
+- ice: PTP: move setting of tstamp_config (jsc#PED-376).
+- ice: introduce ice_base_incval function (jsc#PED-376).
+- ice: Fix E810 PTP reset flow (jsc#PED-376).
+- ice: use modern kernel API for kick (jsc#PED-376).
+- ice: tighter control over VSI_DOWN state (jsc#PED-376).
+- ice: use prefetch methods (jsc#PED-376).
+- ice: update to newer kernel API (jsc#PED-376).
+- ice: support immediate firmware activation via devlink reload
+ (jsc#PED-376).
+- ice: reduce time to read Option ROM CIVD data (jsc#PED-376).
+- ice: move ice_devlink_flash_update and merge with
+ ice_flash_pldm_image (jsc#PED-376).
+- ice: move and rename ice_check_for_pending_update (jsc#PED-376).
+- ice: devlink: add shadow-ram region to snapshot Shadow RAM
+ (jsc#PED-376).
+- ice: Remove unused ICE_FLOW_SEG_HDRS_L2_MASK (jsc#PED-376).
+- ice: Remove unnecessary casts (jsc#PED-376).
+- ice: Remove excess error variables (jsc#PED-376).
+- ice: Cleanup after ice_status removal (jsc#PED-376).
+- ice: Remove enum ice_status (jsc#PED-376).
+- ice: Use int for ice_status (jsc#PED-376).
+- ice: Refactor status flow for DDP load (jsc#PED-376).
+- ice: Refactor promiscuous functions (jsc#PED-376).
+- ice: refactor PTYPE validating (jsc#PED-376).
+- ice: Add package PTYPE enable information (jsc#PED-376).
+- gtp: use skb_dst_update_pmtu_no_confirm() instead of direct call
+ (jsc#PED-376).
+- dissector: do not set invalid PPP protocol (jsc#PED-376).
+- net: phy: enhance GPY115 loopback disable function
+ (jsc#PED-829).
+- net: phy: add API to read 802.3-c45 IDs (jsc#PED-829).
+- commit 172341e
+
+- usb: core: devices: remove dead code under #ifdef PROC_EXTRA
+ (jsc#PED-531).
+- commit ffed5f4
+
+- arm64: numa: Don't check node against MAX_NUMNODES
+ (jsc#PED-1408).
+- arm64: Simplify checking for populated DT (jsc#PED-1408).
+- commit 87c5b07
+
+- Revert "usb: host: xhci: mvebu: make USB 3.0 PHY optional for
+ Armada 3720" (jsc#PED-531).
+- commit a68eb3d
+
+- xhci: omit mem read just after allocation of trb (jsc#PED-531).
+- commit 9657cdf
+
+- usb: xhci: fix minmax.cocci warnings (jsc#PED-531).
+- commit 31c9b81
+
+- usb: host: xhci: drop redundant checks (jsc#PED-531).
+- commit 8545650
+
+- xhci: Allocate separate command structures for each LPM command
+ (git-fixes).
+- commit 3b8bc54
+
+- xhci: dbgtty: use IDR to support several dbc instances
+ (jsc#PED-531).
+- commit 7b43f4d
+
+- xhci: dbc: Don't call dbc_tty_init() on every dbc tty probe
+ (jsc#PED-531).
+- commit c0f4051
+
+- net: mscc: ocelot: add MAC table stream learn and lookup
+ operations (jsc#PED-1549).
+- Refresh
+ patches.suse/net-mscc-ocelot-use-index-to-set-vcap-policer.patch.
+- commit 210cb02
+
+- usb: host: xhci-mtk: Simplify supplies handling with
+ regulator_bulk (jsc#PED-531).
+- commit bc712ac
+
+- net: mscc: ocelot: serialize access to the MAC table
+ (jsc#PED-1549).
+- commit fb07363
+
+- ACPI: Make acpi_node_get_parent() local (jsc#PED-1408).
+- ACPI: video: use platform backlight driver on Xiaomi Mi Pad 2
+ (jsc#PED-1408).
+- ACPI: video: Drop dmi_system_id.ident settings from
+ video_detect_dmi_table (jsc#PED-1408).
+- ACPI: EC: Remove initialization of static variables to false
+ (jsc#PED-1408).
+- ACPI: EC: Use ec_no_wakeup on HP ZHAN 66 Pro (jsc#PED-1408).
+- ACPI: Drop ACPI_USE_BUILTIN_STDARG ifdef from acgcc.h
+ (jsc#PED-1408).
+- ACPI: Add a convenience function to tell a device is in D0 state
+ (jsc#PED-1408).
+- ACPI: scan: Obtain device's desired enumeration power state
+ (jsc#PED-1408).
+- ACPI: PRM: Handle memory allocation and memory remap failure
+ (jsc#PED-1408).
+- ACPI: PRM: Remove unnecessary blank lines (jsc#PED-1408).
+- ACPI: APEI: mark apei_hest_parse() static (jsc#PED-1408).
+- ACPI: APEI: EINJ: Relax platform response timeout to 1 second
+ (jsc#PED-1408).
+- ACPI: PM: sleep: Do not set suspend_ops unnecessarily
+ (jsc#PED-1408).
+- ACPI: PM: Turn off wakeup power resources on _DSW/_PSW errors
+ (jsc#PED-1408).
+- ACPI: PM: Check states of power resources during initialization
+ (jsc#PED-1408).
+- ACPI: LPSS: Use ACPI_COMPANION() directly (jsc#PED-1408).
+- ACPI: PNP: remove duplicated BRI0A49 and BDP3336 entries
+ (jsc#PED-1408).
+- ACPI: glue: Use acpi_device_adr() in acpi_find_child_device()
+ (jsc#PED-1408).
+- ACPI: glue: Look for ACPI bus type only if ACPI companion is
+ not known (jsc#PED-1408).
+- ACPI: glue: Drop cleanup callback from struct acpi_bus_type
+ (jsc#PED-1408).
+- ACPI: replace snprintf() in "show" functions with sysfs_emit()
+ (jsc#PED-1408).
+- ACPI: Kconfig: Fix a typo in Kconfig (jsc#PED-1408).
+- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (jsc#PED-1408).
+- x86/ACPI: Don't add CPUs that are not online capable
+ (jsc#PED-1408).
+- ACPICA: Add support for MADT online enabled bit (jsc#PED-1408).
+- ACPICA: Update version to 20210930 (jsc#PED-1408).
+- ACPICA: iASL table disassembler: Added disassembly support
+ for the NHLT ACPI table (jsc#PED-1408).
+- ACPICA: ACPI 6.4 SRAT: add Generic Port Affinity type
+ (jsc#PED-1408).
+- ACPICA: Add support for Windows 2020 _OSI string (jsc#PED-1408).
+- hwmon: (acpi_power_meter) Use acpi_bus_get_acpi_device()
+ (jsc#PED-1408).
+- commit f5b4569
+
+- net/mlx5: Reduce kconfig complexity while building crypto
+ support (jsc#PED-1549).
+- Update config files.
+- commit 855cd57
+
+- net/mlx5_fpga: Drop INNOVA IPsec support (jsc#PED-1549).
+- Update config files.
+- commit 578a0d4
+
+- net/mlx5_fpga: Drop INNOVA TLS support (jsc#PED-1549).
+- Update config files.
+- commit 795dab1
+
+- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/net-mlx5e-Fix-trust-state-reset-in-reload.patch.
+- commit 471621b
+
+- ixgbe: pass bi->xdp to ixgbe_construct_skb_zc() directly
+ (jsc#PED-373).
+- Refresh
+ patches.suse/ixgbe-don-t-reserve-excessive-XDP_PACKET_HEADROOM-on.patch.
+- Refresh
+ patches.suse/ixgbe-respect-metadata-on-XSK-Rx-to-skb.patch.
+- commit 7177fc1
+
+- net/mlx5: Disable SRIOV before PF removal (jsc#PED-1549).
+- Refresh
+ patches.suse/net-mlx5-Drain-fw_reset-when-removing-device.patch.
+- commit f8869cb
+
+- i40e: Add ensurance of MacVlan resources for every trusted VF
+ (jsc#PED-372).
+- Refresh
+ patches.suse/i40e-stop-disabling-VFs-due-to-PF-error-responses.patch.
+- commit 820414c
+
+- flow_offload: validate flags of filter and actions
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch.
+- commit 45cd6c8
+
+- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 offload
+ enable/disable (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch.
+- commit 9e30247
+
+- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 hotpath
+ (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch.
+- commit 8b35988
+
+- iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation
+ (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Fix-locking-for-VIRTCHNL_OP_GET_OFFLOAD_VLAN_V2.patch.
+- commit c795d27
+
+- iavf: Add trace while removing device (jsc#PED-835).
+- Refresh
+ patches.suse/iavf-Rework-mutexes-for-better-synchronisation.patch.
+- commit 5cee973
+
+- net/sched: Extend qdisc control block with tc control block
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/net-Don-t-include-filter.h-from-net-sock.h.patch.
+- commit f04ca77
+
+- mlxsw: spectrum: Use PLLP to get front panel number and split
+ number (jsc#PED-1549).
+- Refresh
+ patches.suse/mlxsw-spectrum-Use-PMTDB-register-to-obtain-split-in.patch.
+- commit 4d99513
+
+- mlxsw: reg: Add Port Local port to Label Port mapping Register
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/mlxsw-reg-Add-Port-Module-To-local-DataBase-Register.patch.
+- commit a1f7333
+
+- vduse: Introduce VDUSE - vDPA Device in Userspace
+ (jsc#PED-1549).
+- Update config files.
+- commit 0310e1b
+
+- vdpa/mlx5: Add support for control VQ and MAC setting
+ (jsc#PED-1549).
+- Refresh
+ patches.suse/RDMA-mlx5-Replace-struct-mlx5_core_mkey-by-u32-key.patch.
+- commit df0ceb2
+
+- i40e: Fix incorrect address type for IPv6 flow rules
+ (jsc#PED-372).
+- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter
+ (jsc#PED-373).
+- net/mlx5: Unlock on error in mlx5_sriov_enable() (jsc#PED-1549).
+- net/mlx5e: Fix use after free in mlx5e_fs_init() (jsc#PED-1549).
+- net/mlx5e: kTLS, Use _safe() iterator in
+ mlx5e_tls_priv_tx_list_cleanup() (jsc#PED-1549).
+- net/mlx5: unlock on error path in
+ esw_vfs_changed_event_handler() (jsc#PED-1549).
+- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off
+ (jsc#PED-1549).
+- net/mlx5e: TC, Add missing policer validation (jsc#PED-1549).
+- net/mlx5e: Fix wrong application of the LRO state
+ (jsc#PED-1549).
+- net/mlx5: Avoid false positive lockdep warning by adding
+ lock_class_key (jsc#PED-1549).
+- net/mlx5: Fix cmd error logging for manage pages cmd
+ (jsc#PED-1549).
+- net/mlx5: Disable irq when locking lag_lock (jsc#PED-1549).
+- net/mlx5: Eswitch, Fix forwarding decision to uplink
+ (jsc#PED-1549).
+- net/mlx5: LAG, fix logic over MLX5_LAG_FLAG_NDEVS_READY
+ (jsc#PED-1549).
+- net/mlx5e: Properly disable vlan strip on non-UL reps
+ (jsc#PED-1549).
+- RDMA/mlx5: Use the proper number of ports (jsc#PED-1552).
+- igb: Add lock to avoid data race (jsc#PED-370).
+- net/mlx5e: Allocate flow steering storage during uplink
+ initialization (jsc#PED-1549).
+- i40e: Fix to stop tx_timeout recovery if GLOBR fails
+ (jsc#PED-372).
+- i40e: Fix tunnel checksum offload with fragmented traffic
+ (jsc#PED-372).
+- iavf: Fix deadlock in initialization (jsc#PED-835).
+- iavf: Fix reset error handling (jsc#PED-835).
+- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings
+ (jsc#PED-835).
+- iavf: Fix adminq error handling (jsc#PED-835).
+- vdpa/mlx5: Fix possible uninitialized return value
+ (jsc#PED-1549).
+- vhost-vdpa: uAPI to suspend the device (jsc#PED-1549).
+- vhost-vdpa: introduce SUSPEND backend feature bit
+ (jsc#PED-1549).
+- vdpa: Add suspend operation (jsc#PED-1549).
+- vhost-vdpa: Call ida_simple_remove() when failed (jsc#PED-1549).
+- vDPA/ifcvf: support userspace to query features and MQ of a
+ management device (jsc#PED-1549).
+- vdpa/mlx5: Support different address spaces for control and data
+ (jsc#PED-1549).
+- vdpa/mlx5: Implement susupend virtqueue callback (jsc#PED-1549).
+- vdpa: ifcvf: Fix spelling mistake in comments (jsc#PED-1549).
+- vdpa/mlx5: Use eth_broadcast_addr() to assign broadcast address
+ (jsc#PED-1549).
+- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#PED-1549).
+- bnxt_en: Remove duplicated include bnxt_devlink.c
+ (jsc#PED-1495).
+- RDMA/mlx5: Add missing check for return value in get namespace
+ flow (jsc#PED-1552).
+- RDMA/mlx5: Rename the mkey cache variables and functions
+ (jsc#PED-1552).
+- RDMA/mlx5: Store in the cache mkeys instead of mrs
+ (jsc#PED-1552).
+- RDMA/mlx5: Store the number of in_use cache mkeys instead of
+ total_mrs (jsc#PED-1552).
+- RDMA/mlx5: Replace cache list with Xarray (jsc#PED-1552).
+- RDMA/mlx5: Replace ent->lock with xa_lock (jsc#PED-1552).
+- RDMA/mlx5: Expose steering anchor to userspace (jsc#PED-1552).
+- RDMA/mlx5: Refactor get flow table function (jsc#PED-1552).
+- net/mlx5: fs, allow flow table creation with a UID
+ (jsc#PED-1549).
+- net/mlx5: fs, expose flow table ID to users (jsc#PED-1549).
+- net/mlx5: Expose the ability to point to any UID from shared
+ UID (jsc#PED-1549).
+- RDMA/mlx5: Add a umr recovery flow (jsc#PED-1552).
+- net/mlx5e: xsk: Discard unaligned XSK frames on striding RQ
+ (jsc#PED-1549).
+- iavf: Fix 'tc qdisc show' listing too many queues (jsc#PED-835).
+- iavf: Fix max_rate limiting (jsc#PED-835).
+- net/mlx5: Fix driver use of uninitialized timeout
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix SMFS steering info dump format (jsc#PED-1549).
+- net/mlx5: Adjust log_max_qp to be 18 at most (jsc#PED-1549).
+- net/mlx5e: Modify slow path rules to go to slow fdb
+ (jsc#PED-1549).
+- net/mlx5e: Fix calculations related to max MPWQE size
+ (jsc#PED-1549).
+- net/mlx5e: xsk: Account for XSK RQ UMRs when calculating ICOSQ
+ size (jsc#PED-1549).
+- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS
+ (jsc#PED-1549).
+- net/mlx5e: TC, Fix post_act to not match on in_port metadata
+ (jsc#PED-1549).
+- net/mlx5e: Remove WARN_ON when trying to offload an unsupported
+ TLS cipher/version (jsc#PED-1549).
+- igb: convert .adjfreq to .adjfine (jsc#PED-370).
+- ixgbe: convert .adjfreq to .adjfine (jsc#PED-373).
+- i40e: convert .adjfreq to .adjfine (jsc#PED-372).
+- i40e: use mul_u64_u64_div_u64 for PTP frequency calculation
+ (jsc#PED-372).
+- net: devlink: convert reload command to take implicit
+ devlink->lock (jsc#PED-1549).
+- net/mlx5e: Move mlx5e_init_l2_addr to en_main (jsc#PED-1549).
+- net/mlx5e: Split en_fs ndo's and move to en_main (jsc#PED-1549).
+- net/mlx5e: Separate mlx5e_set_rx_mode_work and move caller to
+ en_main (jsc#PED-1549).
+- net/mlx5e: Add mdev to flow_steering struct (jsc#PED-1549).
+- net/mlx5e: Report flow steering errors with mdev err report API
+ (jsc#PED-1549).
+- net/mlx5e: Convert mlx5e_flow_steering member of mlx5e_priv
+ to pointer (jsc#PED-1549).
+- net/mlx5e: Allocate VLAN and TC for featured profiles only
+ (jsc#PED-1549).
+- net/mlx5e: Make mlx5e_tc_table private (jsc#PED-1549).
+- net/mlx5e: Convert mlx5e_tc_table member of mlx5e_flow_steering
+ to pointer (jsc#PED-1549).
+- net/mlx5e: TC, Support tc action api for police (jsc#PED-1549).
+- net/mlx5e: TC, Separate get/update/replace meter functions
+ (jsc#PED-1549).
+- net/mlx5e: Add red and green counters for metering
+ (jsc#PED-1549).
+- net/mlx5e: TC, Allocate post meter ft per rule (jsc#PED-1549).
+- net/mlx5: DR, Add support for flow metering ASO (jsc#PED-1549).
+- devlink: Hold the instance lock in health callbacks
+ (jsc#PED-1549).
+- net/mlx5: Lock mlx5 devlink health recovery callback
+ (jsc#PED-1549).
+- net/mlx4: Lock mlx4 devlink reload callback (jsc#PED-1548).
+- net/mlx4: Use devl_ API for devlink region create / destroy
+ (jsc#PED-1548).
+- net/mlx5: Lock mlx5 devlink reload callbacks (jsc#PED-1549).
+- net/mlx5: Move fw reset unload to mlx5_fw_reset_complete_reload
+ (jsc#PED-1549).
+- net: devlink: remove region snapshots list dependency on
+ devlink->lock (jsc#PED-1549).
+- net: devlink: remove region snapshot ID tracking dependency
+ on devlink->lock (jsc#PED-1549).
+- bnxt_en: implement callbacks for devlink selftests
+ (jsc#PED-1495).
+- devlink: introduce framework for selftests (jsc#PED-1549).
+- net/mlx5e: kTLS, Dynamically re-size TX recycling pool
+ (jsc#PED-1549).
+- net/mlx5e: kTLS, Recycle objects of device-offloaded TLS TX
+ connections (jsc#PED-1549).
+- net/mlx5e: kTLS, Take stats out of OOO handler (jsc#PED-1549).
+- net/mlx5e: kTLS, Introduce TLS-specific create TIS
+ (jsc#PED-1549).
+- net: devlink: remove redundant net_eq() check from
+ sb_pool_get_dumpit() (jsc#PED-1549).
+- net: devlink: introduce nested devlink entity for line card
+ (jsc#PED-1549).
+- net: devlink: move net check into
+ devlinks_xa_for_each_registered_get() (jsc#PED-1549).
+- net: devlink: make sure that devlink_try_get() works with
+ valid pointer during xarray iteration (jsc#PED-1549).
+- iavf: Check for duplicate TC flower filter before parsing
+ (jsc#PED-835).
+- i40e: Refactor tc mqprio checks (jsc#PED-372).
+- mlxsw: core: Fix use-after-free calling devl_unlock() in
+ mlxsw_core_bus_device_unregister() (jsc#PED-1549).
+- net/mlx5: CT: Remove warning of ignore_flow_level support for
+ non PF (jsc#PED-1549).
+- net/mlx5e: Add resiliency for PTP TX port timestamp
+ (jsc#PED-1549).
+- net/mlx5: Expose ts_cqe_metadata_size2wqe_counter
+ (jsc#PED-1549).
+- net/mlx5e: HTB, move htb functions to a new file (jsc#PED-1549).
+- net/mlx5e: HTB, change functions name to follow convention
+ (jsc#PED-1549).
+- net/mlx5e: HTB, remove priv from htb function calls
+ (jsc#PED-1549).
+- net/mlx5e: HTB, hide and dynamically allocate mlx5e_htb
+ structure (jsc#PED-1549).
+- net/mlx5e: HTB, move stats and max_sqs to priv (jsc#PED-1549).
+- net/mlx5e: HTB, move section comment to the right place
+ (jsc#PED-1549).
+- net/mlx5e: HTB, move ids to selq_params struct (jsc#PED-1549).
+- net/mlx5e: HTB, reduce visibility of htb functions
+ (jsc#PED-1549).
+- net/mlx5e: Fix mqprio_rl handling on devlink reload
+ (jsc#PED-1549).
+- net/mlx5e: Report header-data split state through ethtool
+ (jsc#PED-1549).
+- igc: Remove forced_speed_duplex value (jsc#PED-375).
+- igc: Remove MSI-X PBA Clear register (jsc#PED-375).
+- igc: Lift TAPRIO schedule restriction (jsc#PED-375).
+- net: devlink: remove unused locked functions (jsc#PED-1549).
+- netdevsim: convert driver to use unlocked devlink API during
+ init/fini (jsc#PED-1549).
+- net: devlink: add unlocked variants of
+ devlink_region_create/destroy() functions (jsc#PED-1549).
+- mlxsw: convert driver to use unlocked devlink API during
+ init/fini (jsc#PED-1549).
+- net: devlink: add unlocked variants of devlink_dpipe*()
+ functions (jsc#PED-1549).
+- net: devlink: add unlocked variants of devlink_sb*() functions
+ (jsc#PED-1549).
+- net: devlink: add unlocked variants of devlink_resource*()
+ functions (jsc#PED-1549).
+- net: devlink: add unlocked variants of devling_trap*() functions
+ (jsc#PED-1549).
+- net: devlink: avoid false DEADLOCK warning reported by lockdep
+ (jsc#PED-1549).
+- net/mlx5e: Remove the duplicating check for striding RQ when
+ enabling LRO (jsc#PED-1549).
+- net/mlx5e: Move the LRO-XSK check to mlx5e_fix_features
+ (jsc#PED-1549).
+- net/mlx5e: Extend flower police validation (jsc#PED-1549).
+- net/mlx5e: configure meter in flow action (jsc#PED-1549).
+- net/mlx5e: Removed useless code in function (jsc#PED-1549).
+- net/mlx5: Bridge, implement QinQ support (jsc#PED-1549).
+- net/mlx5: Bridge, implement infrastructure for VLAN protocol
+ change (jsc#PED-1549).
+- net/mlx5: Bridge, extract VLAN push/pop actions creation
+ (jsc#PED-1549).
+- net/mlx5: Bridge, rename filter fg to vlan_filter
+ (jsc#PED-1549).
+- net/mlx5: Bridge, refactor groups sizes and indices
+ (jsc#PED-1549).
+- net/mlx5: debugfs, Add num of in-use FW command interface slots
+ (jsc#PED-1549).
+- net/mlx5: Expose vnic diagnostic counters for eswitch managed
+ vports (jsc#PED-1549).
+- net/mlx5: Use software VHCA id when it's supported
+ (jsc#PED-1549).
+- net/mlx5: Introduce ifc bits for using software vhca id
+ (jsc#PED-1549).
+- net/mlx5: Use the bitmap API to allocate bitmaps (jsc#PED-1549).
+- net: devlink: fix return statement in devlink_port_new_notify()
+ (jsc#PED-1549).
+- net: devlink: fix a typo in function name
+ devlink_port_new_notifiy() (jsc#PED-1549).
+- net: devlink: make devlink_dpipe_headers_register() return void
+ (jsc#PED-1549).
+- net: devlink: use helpers to work with devlink->lock mutex
+ (jsc#PED-1549).
+- net: devlink: fix unlocked vs locked functions descriptions
+ (jsc#PED-1549).
+- igb: add xdp frags support to ndo_xdp_xmit (jsc#PED-370).
+- devlink: Hold the instance lock in port_new / port_del callbacks
+ (jsc#PED-1549).
+- net/mlx5: Remove devl_unlock from mlx5_devlink_eswitch_mode_set
+ (jsc#PED-1549).
+- net/mlx5: Use devl_ API in mlx5e_devlink_port_register
+ (jsc#PED-1549).
+- devlink: Remove unused functions
+ devlink_rate_leaf_create/destroy (jsc#PED-1549).
+- net/mlx5: Use devl_ API in mlx5_esw_devlink_sf_port_register
+ (jsc#PED-1549).
+- net/mlx5: Use devl_ API in
+ mlx5_esw_offloads_devlink_port_register (jsc#PED-1549).
+- devlink: Remove unused function devlink_rate_nodes_destroy
+ (jsc#PED-1549).
+- net/mlx5: Use devl_ API for rate nodes destroy (jsc#PED-1549).
+- net/mlx5: Remove devl_unlock from
+ mlx5_eswtich_mode_callback_enter (jsc#PED-1549).
+- net/mlx5: fix 32bit build (jsc#PED-1549).
+- net/mlx5e: TC, Support offloading police action (jsc#PED-1549).
+- net/mlx5e: Add flow_action to parse state (jsc#PED-1549).
+- net/mlx5e: Add post meter table for flow metering
+ (jsc#PED-1549).
+- net/mlx5e: Add generic macros to use metadata register mapping
+ (jsc#PED-1549).
+- net/mlx5e: Get or put meter by the index of tc police action
+ (jsc#PED-1549).
+- net/mlx5e: Add support to modify hardware flow meter parameters
+ (jsc#PED-1549).
+- net/mlx5e: Prepare for flow meter offload if hardware supports
+ it (jsc#PED-1549).
+- net/mlx5: Implement interfaces to control ASO SQ and CQ
+ (jsc#PED-1549).
+- net/mlx5: Add support to create SQ and CQ for ASO
+ (jsc#PED-1549).
+- net/mlx5: E-switch: Change eswitch mode only via devlink command
+ (jsc#PED-1549).
+- net/mlx5: E-switch, Remove dependency between sriov and eswitch
+ mode (jsc#PED-1549).
+- net/mlx5: E-switch, Introduce flag to indicate if fdb table
+ is created (jsc#PED-1549).
+- net/mlx5: E-switch, Introduce flag to indicate if vport acl
+ namespace is created (jsc#PED-1549).
+- net/mlx5: delete dead code in mlx5_esw_unlock() (jsc#PED-1549).
+- net/mlx5: Delete ipsec_fs header file as not used
+ (jsc#PED-1549).
+- intel/ixgbevf:fix repeated words in comments (jsc#PED-373).
+- intel/igc:fix repeated words in comments (jsc#PED-375).
+- intel/igbvf:fix repeated words in comments (jsc#PED-370).
+- intel/igb:fix repeated words in comments (jsc#PED-370).
+- intel/iavf:fix repeated words in comments (jsc#PED-835).
+- intel/i40e:fix repeated words in comments (jsc#PED-372).
+- ixgbe: drop unexpected word 'for' in comments (jsc#PED-373).
+- igb: remove unexpected word "the" (jsc#PED-370).
+- ixgbe: remove unexpected word "the" (jsc#PED-373).
+- i40e: read the XDP program once per NAPI (jsc#PED-372).
+- intel/i40e: delete if NULL check before dev_kfree_skb
+ (jsc#PED-372).
+- i40e: Remove unnecessary synchronize_irq() before free_irq()
+ (jsc#PED-372).
+- i40e: Add support for ethtool -s <interface> speed <speed in Mb>
+ (jsc#PED-372).
+- mlxsw: Add a resource describing number of RIFs (jsc#PED-1549).
+- mlxsw: Keep track of number of allocated RIFs (jsc#PED-1549).
+- i40e: add xdp frags support to ndo_xdp_xmit (jsc#PED-372).
+- net/mlx5: Add bits and fields to support enhanced CQE
+ compression (jsc#PED-1549).
+- net/mlx5: Remove not used MLX5_CAP_BITS_RW_MASK (jsc#PED-1549).
+- net/mlx5: group fdb cleanup to single function (jsc#PED-1549).
+- net/mlx5: Add support EXECUTE_ASO action for flow entry
+ (jsc#PED-1549).
+- net/mlx5: Add HW definitions of vport debug counters
+ (jsc#PED-1549).
+- net/mlx5: Add IFC bits and enums for flow meter (jsc#PED-1549).
+- RDMA/mlx5: Support handling of modify-header pattern ICM area
+ (jsc#PED-1552).
+- net/mlx5: Manage ICM of type modify-header pattern
+ (jsc#PED-1549).
+- net/mlx5: Introduce header-modify-pattern ICM properties
+ (jsc#PED-1549).
+- drivers/net/ethernet/intel: fix typos in comments (jsc#PED-373).
+- ixgbe: Fix typos in comments (jsc#PED-373).
+- igb: Remove duplicate defines (jsc#PED-370).
+- drivers, ixgbe: export vf statistics (jsc#PED-373).
+- devlink: adopt u64_stats_t (jsc#PED-1549).
+- iavf: Add waiting for response from PF in set mac (jsc#PED-835).
+- i40e: Add VF VLAN pruning (jsc#PED-372).
+- i40e: Fix interface init with MSI interrupts (no MSI-X)
+ (jsc#PED-372).
+- iavf: Fix missing state logs (jsc#PED-835).
+- iavf: Fix handling of dummy receive descriptors (jsc#PED-835).
+- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq
+ (jsc#PED-835).
+- iavf: Fix VLAN_V2 addition/rejection (jsc#PED-835).
+- ixgbe: Add locking to prevent panic when setting sriov_numvfs
+ to zero (jsc#PED-373).
+- i40e: Fix erroneous adapter reinitialization during recovery
+ process (jsc#PED-372).
+- igc: Reinstate IGC_REMOVED logic and implement it properly
+ (jsc#PED-375).
+- net/mlx5e: Ring the TX doorbell on DMA errors (jsc#PED-1549).
+- net/mlx5e: Fix capability check for updating vnic env counters
+ (jsc#PED-1549).
+- net/mlx5e: CT: Use own workqueue instead of mlx5e priv
+ (jsc#PED-1549).
+- net/mlx5: Lag, correct get the port select mode str
+ (jsc#PED-1549).
+- net/mlx5e: Fix enabling sriov while tc nic rules are offloaded
+ (jsc#PED-1549).
+- net/mlx5e: kTLS, Fix build time constant test in RX
+ (jsc#PED-1549).
+- net/mlx5e: kTLS, Fix build time constant test in TX
+ (jsc#PED-1549).
+- net/mlx5: Lag, decouple FDB selection and shared FDB
+ (jsc#PED-1549).
+- net/mlx5: TC, allow offload from uplink to other PF's VF
+ (jsc#PED-1549).
+- i40e: Fix VF's MAC Address change on VM (jsc#PED-372).
+- i40e: Fix dropped jumbo frames statistics (jsc#PED-372).
+- vhost-vdpa: call vhost_vdpa_cleanup during the release
+ (jsc#PED-1549).
+- vdpa/mlx5: Initialize CVQ vringh only once (jsc#PED-1549).
+- vdpa/mlx5: Update Control VQ callback information
+ (jsc#PED-1549).
+- igb: Make DMA faster when CPU is active on the PCIe link
+ (jsc#PED-370).
+- igb: fix a use-after-free issue in igb_clean_tx_ring
+ (jsc#PED-370).
+- iavf: Fix issue with MAC address of VF shown as zero
+ (jsc#PED-835).
+- i40e: Fix call trace in setup_tx_descriptors (jsc#PED-372).
+- i40e: Fix calculating the number of queue pairs (jsc#PED-372).
+- i40e: Fix adding ADQ filter to TC0 (jsc#PED-372).
+- vdpa: make get_vq_group and set_group_asid optional
+ (jsc#PED-1549).
+- vdpa/mlx5: clean up indenting in handle_ctrl_vlan()
+ (jsc#PED-1549).
+- vdpa/mlx5: fix error code for deleting vlan (jsc#PED-1549).
+- vdpa/mlx5: Fix syntax errors in comments (jsc#PED-1549).
+- net/mlx5: fs, fail conflicting actions (jsc#PED-1549).
+- net/mlx5: Rearm the FW tracer after each tracer event
+ (jsc#PED-1549).
+- net/mlx5: E-Switch, pair only capable devices (jsc#PED-1549).
+- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules
+ (jsc#PED-1549).
+- Revert "net/mlx5e: Allow relaxed ordering over VFs"
+ (jsc#PED-1549).
+- ixgbe: fix unexpected VLAN Rx in promisc mode on VF
+ (jsc#PED-373).
+- ixgbe: fix bcast packets Rx on VF after promisc removal
+ (jsc#PED-373).
+- mellanox: mlx5: avoid uninitialized variable warning with gcc-12
+ (jsc#PED-1549).
+- vdpa: Use helper for safer setting of driver_override
+ (jsc#PED-1549).
+- driver: platform: Add helper for safer setting of
+ driver_override (jsc#PED-1549).
+- vdpa: ifcvf: set pci driver data in probe (jsc#PED-1549).
+- vdpa/mlx5: Add RX MAC VLAN filter support (jsc#PED-1549).
+- vdpa/mlx5: Remove flow counter from steering (jsc#PED-1549).
+- vhost-vdpa: return -EFAULT on copy_to_user() failure
+ (jsc#PED-1549).
+- vDPA/ifcvf: fix uninitialized config_vector warning
+ (jsc#PED-1549).
+- vdpa/vp_vdpa : add vdpa tool support in vp_vdpa (jsc#PED-1549).
+- vhost-vdpa: support ASID based IOTLB API (jsc#PED-1549).
+- vhost-vdpa: introduce uAPI to set group ASID (jsc#PED-1549).
+- vhost-vdpa: uAPI to get virtqueue group id (jsc#PED-1549).
+- vhost-vdpa: introduce uAPI to get the number of address spaces
+ (jsc#PED-1549).
+- vhost-vdpa: introduce uAPI to get the number of virtqueue groups
+ (jsc#PED-1549).
+- vhost-vdpa: introduce asid based IOTLB (jsc#PED-1549).
+- vhost: support ASID in IOTLB API (jsc#PED-1549).
+- vhost_iotlb: split out IOTLB initialization (jsc#PED-1549).
+- vdpa: introduce config operations for associating ASID to a
+ virtqueue group (jsc#PED-1549).
+- vdpa: multiple address spaces support (jsc#PED-1549).
+- vdpa: introduce virtqueue groups (jsc#PED-1549).
+- vhost-vdpa: switch to use vhost-vdpa specific IOTLB
+ (jsc#PED-1549).
+- vhost-vdpa: passing iotlb to IOMMU mapping helpers
+ (jsc#PED-1549).
+- vhost: move the backend feature bits to vhost_types.h
+ (jsc#PED-1549).
+- vdpa/mlx5: Use readers/writers semaphore instead of mutex
+ (jsc#PED-1549).
+- vdpa/mlx5: Add support for reading descriptor statistics
+ (jsc#PED-1549).
+- net/vdpa: Use readers/writers semaphore instead of cf_mutex
+ (jsc#PED-1549).
+- vdpa: Add support for querying vendor statistics (jsc#PED-1549).
+- net/mlx5: Fix mlx5_get_next_dev() peer device matching
+ (jsc#PED-1549).
+- net/mlx5e: Update netdev features after changing XDP state
+ (jsc#PED-1549).
+- net/mlx5: correct ECE offset in query qp output (jsc#PED-1549).
+- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race
+ condition (jsc#PED-1549).
+- net/mlx5: CT: Fix header-rewrite re-use for tupels
+ (jsc#PED-1549).
+- net/mlx5e: TC NIC mode, fix tc chains miss table (jsc#PED-1549).
+- net/mlx5: Don't use already freed action pointer (jsc#PED-1549).
+- net/mlx5: Expose mlx5_sriov_blocking_notifier_register /
+ unregister APIs (jsc#PED-1549).
+- RDMA/mlx5: Remove duplicate pointer assignment in
+ mlx5_ib_alloc_implicit_mr() (jsc#PED-1552).
+- RDMA/mlx5: Clean UMR QP type flow from mlx5_ib_post_send()
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update xlt
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to update MR pas
+ (jsc#PED-1552).
+- RDMA/mlx5: Move creation and free of translation tables to umr.c
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to rereg pd access
+ (jsc#PED-1552).
+- RDMA/mlx5: Use mlx5_umr_post_send_wait() to revoke MRs
+ (jsc#PED-1552).
+- RDMA/mlx5: Introduce mlx5_umr_post_send_wait() (jsc#PED-1552).
+- RDMA/mlx5: Expose wqe posting helpers outside of wr.c
+ (jsc#PED-1552).
+- RDMA/mlx5: Simplify get_umr_update_access_mask() (jsc#PED-1552).
+- RDMA/mlx5: Move mkey ctrl segment logic to umr.c (jsc#PED-1552).
+- RDMA/mlx5: Move umr checks to umr.h (jsc#PED-1552).
+- RDMA/mlx5: Move init and cleanup of UMR to umr.c (jsc#PED-1552).
+- RDMA/mlx5: Fix flow steering egress flow (jsc#PED-1552).
+- net/mlx5: fix typo in comment (jsc#PED-1549).
+- net/mlx5: fix multiple definitions of mlx5_lag_mpesw_init /
+ mlx5_lag_mpesw_cleanup (jsc#PED-1549).
+- net/mlx5: Support multiport eswitch mode (jsc#PED-1549).
+- net/mlx5: Remove unused argument (jsc#PED-1549).
+- net/mlx5: Lag, refactor lag state machine (jsc#PED-1549).
+- net/mlx5e: Add XDP SQs to uplink representors steering tables
+ (jsc#PED-1549).
+- net/mlx5e: Correct the calculation of max channels for rep
+ (jsc#PED-1549).
+- net/mlx5e: CT: Add ct driver counters (jsc#PED-1549).
+- net/mlx5e: Allow relaxed ordering over VFs (jsc#PED-1549).
+- net/mlx5e: Support partial GSO for tunnels over vlans
+ (jsc#PED-1549).
+- net/mlx5e: IPoIB, Improve ethtool rxnfc callback structure in
+ IPoIB (jsc#PED-1549).
+- net/mlx5e: Allocate virtually contiguous memory for reps
+ structures (jsc#PED-1549).
+- net/mlx5e: Allocate virtually contiguous memory for VLANs list
+ (jsc#PED-1549).
+- net/mlx5: Allocate virtually contiguous memory in pci_irq.c
+ (jsc#PED-1549).
+- net/mlx5: Allocate virtually contiguous memory in vport.c
+ (jsc#PED-1549).
+- net/mlx5: Inline db alloc API function (jsc#PED-1549).
+- net/mlx5: Add last command failure syndrome to debugfs
+ (jsc#PED-1549).
+- net/mlx5: sparse: error: context imbalance in
+ 'mlx5_vf_get_core_dev' (jsc#PED-1549).
+- ixgbe: add xdp frags support to ndo_xdp_xmit (jsc#PED-373).
+- net/mlx5e: Use XFRM state direction instead of flags
+ (jsc#PED-1549).
+- ixgbe: propagate XFRM offload state direction instead of flags
+ (jsc#PED-373).
+- xfrm: store and rely on direction to construct offload flags
+ (jsc#PED-373).
+- xfrm: rename xfrm_state_offload struct to allow reuse
+ (jsc#PED-373).
+- xfrm: delete not used number of external headers (jsc#PED-373).
+- xfrm: free not used XFRM_ESP_NO_TRAILER flag (jsc#PED-373).
+- igc: Change type of the 'igc_check_downshift' method
+ (jsc#PED-375).
+- igc: Remove unused phy_type enum (jsc#PED-375).
+- igc: Remove igc_set_spd_dplx method (jsc#PED-375).
+- net/mlx5: Lag, add debugfs to query hardware lag state
+ (jsc#PED-1549).
+- net/mlx5: Lag, use buckets in hash mode (jsc#PED-1549).
+- net/mlx5: Lag, refactor dmesg print (jsc#PED-1549).
+- net/mlx5: Support devices with more than 2 ports (jsc#PED-1549).
+- net/mlx5: Lag, use actual number of lag ports (jsc#PED-1549).
+- net/mlx5: Lag, use hash when in roce lag on 4 ports
+ (jsc#PED-1549).
+- net/mlx5: Lag, support single FDB only on 2 ports
+ (jsc#PED-1549).
+- net/mlx5: Lag, store number of ports inside lag object
+ (jsc#PED-1549).
+- net/mlx5: Lag, filter non compatible devices (jsc#PED-1549).
+- net/mlx5: Lag, use lag lock (jsc#PED-1549).
+- net/mlx5: Lag, move E-Switch prerequisite check into lag code
+ (jsc#PED-1549).
+- net/mlx5: devcom only supports 2 ports (jsc#PED-1549).
+- net/mlx5: Lag, expose number of lag ports (jsc#PED-1552).
+- net/mlx5: Increase FW pre-init timeout for health recovery
+ (jsc#PED-1549).
+- net/mlx5: Add exit route when waiting for FW (jsc#PED-1549).
+- igb: Convert kmap() to kmap_local_page() (jsc#PED-370).
+- ixgbe: Fix module_param allow_unsupported_sfp type
+ (jsc#PED-373).
+- net/mlx5: Allow future addition of IPsec object modifiers
+ (jsc#PED-1549).
+- net/mlx5: Don't perform lookup after already known sec_path
+ (jsc#PED-1549).
+- net/mlx5: Cleanup XFRM attributes struct (jsc#PED-1549).
+- net/mlx5: Remove not-supported ICV length (jsc#PED-1549).
+- net/mlx5: Simplify IPsec capabilities logic (jsc#PED-1549).
+- net/mlx5: Don't advertise IPsec netdev support for non-IPsec
+ device (jsc#PED-1549).
+- net/mlx5: Make sure that no dangling IPsec FS pointers exist
+ (jsc#PED-1549).
+- net/mlx5: Clean IPsec FS add/delete rules (jsc#PED-1549).
+- net/mlx5: Simplify HW context interfaces by using SA entry
+ (jsc#PED-1549).
+- net/mlx5: Remove indirections from esp functions (jsc#PED-1549).
+- net/mlx5: Merge various control path IPsec headers into one file
+ (jsc#PED-1549).
+- net/mlx5: Remove useless validity check (jsc#PED-1549).
+- net/mlx5: Store IPsec ESN update work in XFRM state
+ (jsc#PED-1549).
+- net/mlx5: Reduce useless indirection in IPsec FS add/delete
+ flows (jsc#PED-1549).
+- net/mlx5: Don't hide fallback to software IPsec in FS code
+ (jsc#PED-1549).
+- net/mlx5: Check IPsec TX flow steering namespace in advance
+ (jsc#PED-1549).
+- net/mlx5: Simplify IPsec flow steering init/cleanup functions
+ (jsc#PED-1549).
+- net/mlx5: fs, an FTE should have no dests when deleted
+ (jsc#PED-1549).
+- net/mlx5: fs, call the deletion function of the node
+ (jsc#PED-1549).
+- net/mlx5: fs, delete the FTE when there are no rules attached
+ to it (jsc#PED-1549).
+- net/mlx5: fs, do proper bookkeeping for forward destinations
+ (jsc#PED-1549).
+- net/mlx5: fs, add unused destination type (jsc#PED-1549).
+- net/mlx5: fs, jump to exit point and don't fall through
+ (jsc#PED-1549).
+- net/mlx5: fs, refactor software deletion rule (jsc#PED-1549).
+- net/mlx5: fs, split software and IFC flow destination
+ definitions (jsc#PED-1549).
+- net/mlx5e: TC, set proper dest type (jsc#PED-1549).
+- net/mlx5e: Remove unused mlx5e_dcbnl_build_rep_netdev function
+ (jsc#PED-1549).
+- net/mlx5e: Drop error CQE handling from the XSK RX handler
+ (jsc#PED-1549).
+- net/mlx5: Print initializing field in case of timeout
+ (jsc#PED-1549).
+- net/mlx5: Delete redundant default assignment of runtime
+ devlink params (jsc#PED-1549).
+- net/mlx5: Remove useless kfree (jsc#PED-1549).
+- net/mlx5: use kvfree() for kvzalloc() in
+ mlx5_ct_fs_smfs_matcher_create (jsc#PED-1549).
+- i40e, xsk: Get rid of redundant 'fallthrough' (jsc#PED-372).
+- ixgbe, xsk: Get rid of redundant 'fallthrough' (jsc#PED-373).
+- mlx5, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-1549).
+- ixgbe, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-373).
+- i40e, xsk: Diversify return values from xsk_wakeup call paths
+ (jsc#PED-372).
+- ixgbe, xsk: Terminate Rx side of NAPI when XSK Rx queue gets
+ full (jsc#PED-373).
+- i40e, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full
+ (jsc#PED-372).
+- ixgbe, xsk: Decorate IXGBE_XDP_REDIR with likely()
+ (jsc#PED-373).
+- ipv6: Use ipv6_only_sock() helper in condition (jsc#PED-1549).
+- mlxsw: spectrum: Introduce port mapping change event processing
+ (jsc#PED-1549).
+- mlxsw: Narrow the critical section of devl_lock during ports
+ creation/removal (jsc#PED-1549).
+- mlxsw: reg: Add Ports Mapping Event Configuration Register
+ (jsc#PED-1549).
+- mlxsw: spectrum: Allocate port mapping array of structs instead
+ of pointers (jsc#PED-1549).
+- devlink: add port to line card relationship set (jsc#PED-1549).
+- devlink: implement line card active state (jsc#PED-1549).
+- devlink: implement line card provisioning (jsc#PED-1549).
+- devlink: add support to create line card and expose to user
+ (jsc#PED-1549).
+- i40e: Add Ethernet Connection X722 for 10GbE SFP+ support
+ (jsc#PED-372).
+- i40e: Add vsi.tx_restart to i40e ethtool stats (jsc#PED-372).
+- i40e: Add tx_stopped stat (jsc#PED-372).
+- i40e: Add support for MPLS + TSO (jsc#PED-372).
+- net/mlx5: Remove not-implemented IPsec capabilities
+ (jsc#PED-1549).
+- net/mlx5: Remove ipsec_ops function table (jsc#PED-1549).
+- net/mlx5: Move IPsec file to relevant directory (jsc#PED-1549).
+- net/mlx5: Remove not-needed IPsec config (jsc#PED-1549).
+- net/mlx5: Align flow steering allocation namespace to common
+ style (jsc#PED-1549).
+- net/mlx5: Unify device IPsec capabilities check (jsc#PED-1549).
+- net/mlx5: Remove useless IPsec device checks (jsc#PED-1549).
+- net/mlx5: Remove ipsec vs. ipsec offload file separation
+ (jsc#PED-1549).
+- RDMA/mlx5: Drop crypto flow steering API (jsc#PED-1549).
+- RDMA/mlx5: Delete never supported IPsec flow action
+ (jsc#PED-1552).
+- net/mlx5: Remove FPGA ipsec specific statistics (jsc#PED-1549).
+- net/mlx5: Remove XFRM no_trailer flag (jsc#PED-1549).
+- net/mlx5: Remove not-used IDA field from IPsec struct
+ (jsc#PED-1549).
+- net/mlx5: Delete metadata handling logic (jsc#PED-1549).
+- IB/mlx5: Fix undefined behavior due to shift overflowing the
+ constant (jsc#PED-1549).
+- net/mlx5: Cleanup kTLS function names and their exposure
+ (jsc#PED-1549).
+- net/mlx5: Remove tls vs. ktls separation as it is the same
+ (jsc#PED-1549).
+- net/mlx5: Remove indirection in TLS build (jsc#PED-1549).
+- net/mlx5: Reliably return TLS device capabilities
+ (jsc#PED-1549).
+- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples
+ (jsc#PED-1549).
+- net/mlx5e: CT: Fix support for GRE tuples (jsc#PED-1549).
+- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock
+ (jsc#PED-1549).
+- net/mlx5: DR, Ignore modify TTL on RX if device doesn't support
+ it (jsc#PED-1549).
+- net/mlx5: Initialize flow steering during driver probe
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix missing flow_source when creating
+ multi-destination FW table (jsc#PED-1549).
+- vdpa/mlx5: Use consistent RQT size (jsc#PED-1549).
+- net/mlx5e: Avoid checking offload capability in post_parse
+ action (jsc#PED-1549).
+- net/mlx5e: TC, fix decap fallback to uplink when int port not
+ supported (jsc#PED-1549).
+- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata
+ (jsc#PED-1549).
+- net/mlx5e: Don't match double-vlan packets if cvlan is not set
+ (jsc#PED-1549).
+- net/sched: flower: fix parsing of ethertype following VLAN
+ header (jsc#PED-1549).
+- vdpa: mlx5: synchronize driver status with CVQ (jsc#PED-1549).
+- vdpa: mlx5: prevent cvq work from hogging CPU (jsc#PED-1549).
+- vdpa/mlx5: Avoid processing works if workqueue was destroyed
+ (jsc#PED-1549).
+- vhost: handle error while adding split ranges to iotlb
+ (jsc#PED-1549).
+- vdpa: support exposing the count of vqs to userspace
+ (jsc#PED-1549).
+- vdpa: change the type of nvqs to u32 (jsc#PED-1549).
+- vdpa: support exposing the config size to userspace
+ (jsc#PED-1549).
+- vdpa/mlx5: re-create forwarding rules after mac modified
+ (jsc#PED-1549).
+- net/mlx5: Add support for configuring max device MTU
+ (jsc#PED-1549).
+- vDPA/ifcvf: implement shared IRQ feature (jsc#PED-1549).
+- vDPA/ifcvf: implement device MSIX vector allocator
+ (jsc#PED-1549).
+- vDPA/ifcvf: make use of virtio pci modern IO helpers in ifcvf
+ (jsc#PED-1549).
+- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled()
+ (jsc#PED-1552).
+- RDMA/mlx5: Store ndescs instead of the translation table size
+ (jsc#PED-1552).
+- RDMA/mlx5: Merge similar flows of allocating MR from the cache
+ (jsc#PED-1552).
+- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent
+ (jsc#PED-1552).
+- RDMA/mlx5: Delete useless module.h include (jsc#PED-1552).
+- RDMA/mlx5: Delete get_num_static_uars function (jsc#PED-1552).
+- net/mlx5e: Fix build warning, detected write beyond size of
+ field (jsc#PED-1549).
+- net: veth: Account total xdp_frame len running ndo_xdp_xmit
+ (jsc#PED-373).
+- devlink: hold the instance lock during eswitch_mode callbacks
+ (jsc#PED-1549).
+- netdevsim: replace vfs_lock with devlink instance lock
+ (jsc#PED-1549).
+- netdevsim: replace port_list_lock with devlink instance lock
+ (jsc#PED-1549).
+- net/mlx5e: HTB, remove unused function declaration
+ (jsc#PED-1549).
+- net/mlx5e: Statify function mlx5_cmd_trigger_completions
+ (jsc#PED-1549).
+- net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (jsc#PED-1549).
+- net/mlx5e: Permit XDP with non-linear legacy RQ (jsc#PED-1549).
+- net/mlx5e: Support multi buffer XDP_TX (jsc#PED-1549).
+- net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff
+ (jsc#PED-1549).
+- net/mlx5e: Implement sending multi buffer XDP frames
+ (jsc#PED-1549).
+- net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode
+ (jsc#PED-1549).
+- net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX
+ (jsc#PED-1549).
+- net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame
+ (jsc#PED-1549).
+- net/mlx5e: Store DMA address inside struct page (jsc#PED-1549).
+- net/mlx5e: Add XDP multi buffer support to the non-linear
+ legacy RQ (jsc#PED-1549).
+- net/mlx5e: Use page-sized fragments with XDP multi buffer
+ (jsc#PED-1549).
+- net/mlx5e: Use fragments of the same size in non-linear legacy
+ RQ with XDP (jsc#PED-1549).
+- net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer
+ support (jsc#PED-1549).
+- xfrm: delete duplicated functions that calls same
+ xfrm_api_check() (jsc#PED-373).
+- igb: zero hwtstamp by default (jsc#PED-370).
+- i40e: little endian only valid checksums (jsc#PED-372).
+- net/mlx5: Remove unused fill page array API function
+ (jsc#PED-1549).
+- net/mlx5: Remove unused exported contiguous coherent buffer
+ allocation API (jsc#PED-1549).
+- net/mlx5: CT: Remove extra rhashtable remove on tuple entries
+ (jsc#PED-1549).
+- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory
+ (jsc#PED-1549).
+- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce
+ memory (jsc#PED-1549).
+- net/mlx5: DR, Remove num_of_entries byte_size from struct
+ mlx5_dr_icm_chunk (jsc#PED-1549).
+- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce
+ memory (jsc#PED-1549).
+- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk
+ (jsc#PED-1549).
+- net/mlx5: DR, Adjust structure member to reduce memory hole
+ (jsc#PED-1549).
+- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear
+ (jsc#PED-1549).
+- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle
+ (jsc#PED-1549).
+- net/mlx5e: RX, Test the XDP program existence out of the handler
+ (jsc#PED-1549).
+- net/mlx5e: Build SKB in place over the first fragment in
+ non-linear legacy RQ (jsc#PED-1549).
+- net/mlx5e: Add headroom only to the first fragment in legacy RQ
+ (jsc#PED-1549).
+- net/mlx5e: Validate MTU when building non-linear legacy RQ
+ fragments info (jsc#PED-1549).
+- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth
+ explicitly (jsc#PED-1549).
+- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit
+ (jsc#PED-1549).
+- net/sched: add vlan push_eth and pop_eth action to the hardware
+ IR (jsc#PED-1549).
+- devlink: pass devlink_port to port_split / port_unsplit
+ callbacks (jsc#PED-1549).
+- devlink: hold the instance lock in port_split / port_unsplit
+ callbacks (jsc#PED-1549).
+- eth: mlxsw: switch to explicit locking for port registration
+ (jsc#PED-1549).
+- eth: nfp: replace driver's "pf" lock with devlink instance lock
+ (jsc#PED-1549).
+- eth: nfp: wrap locking assertions in helpers (jsc#PED-1549).
+- net/mlx5: Support GRE conntrack offload (jsc#PED-1549).
+- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats
+ (jsc#PED-1549).
+- net/mlx5e: Remove overzealous validations in netlink EEPROM
+ query (jsc#PED-1549).
+- net/mlx5: Parse module mapping using mlx5_ifc (jsc#PED-1549).
+- net/mlx5: Query the maximum MCIA register read size from
+ firmware (jsc#PED-1549).
+- net/mlx5: CT: Create smfs dr matchers dynamically
+ (jsc#PED-1549).
+- net/mlx5: CT: Add software steering ct flow steering provider
+ (jsc#PED-1549).
+- net/mlx5: Add smfs lib to export direct steering API to CT
+ (jsc#PED-1549).
+- net/mlx5: DR, Add helper to get backing dr table from a mlx5
+ flow table (jsc#PED-1549).
+- net/mlx5: CT: Introduce a platform for multiple flow steering
+ providers (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the doorbell pgdir
+ (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for UAR (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the EQs (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the EQ table (jsc#PED-1549).
+- net/mlx5: Node-aware allocation for the IRQ table
+ (jsc#PED-1549).
+- net/mlx5: Delete useless module.h include (jsc#PED-1549).
+- net/mlx5: DR, Add support for ConnectX-7 steering
+ (jsc#PED-1549).
+- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1
+ (jsc#PED-1549).
+- net/mlx5: DR, Rename action modify fields to reflect naming
+ in HW spec (jsc#PED-1549).
+- net/mlx5: DR, Fix handling of different actions on the same
+ STE in STEv1 (jsc#PED-1549).
+- net/mlx5: DR, Remove unneeded comments (jsc#PED-1549).
+- net/mlx5: DR, Add support for matching on Internet Header Length
+ (IHL) (jsc#PED-1549).
+- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior
+ (jsc#PED-1549).
+- net/mlx5: Add debugfs counters for page commands failures
+ (jsc#PED-1549).
+- net/mlx5: Add pages debugfs (jsc#PED-1549).
+- net/mlx5: Move debugfs entries to separate struct
+ (jsc#PED-1549).
+- net/mlx5: Change release_all_pages cap bit location
+ (jsc#PED-1549).
+- net/mlx5: Remove redundant error on reclaim pages
+ (jsc#PED-1549).
+- net/mlx5: Remove redundant error on give pages (jsc#PED-1549).
+- net/mlx5: Remove redundant notify fail on give pages
+ (jsc#PED-1549).
+- net/mlx5: Add command failures data to debugfs (jsc#PED-1549).
+- net/mlx5e: TC, Fix use after free in
+ mlx5e_clone_flow_attr_for_post_act() (jsc#PED-1549).
+- mlx5: add support for page_pool_get_stats (jsc#PED-1549).
+- iavf: Remove non-inclusive language (jsc#PED-835).
+- iavf: Fix incorrect use of assigning iavf_status to int
+ (jsc#PED-835).
+- iavf: stop leaking iavf_status as "errno" values (jsc#PED-835).
+- iavf: remove redundant ret variable (jsc#PED-835).
+- iavf: Add usage of new virtchnl format to set default MAC
+ (jsc#PED-835).
+- iavf: refactor processing of VLAN V2 capability message
+ (jsc#PED-835).
+- iavf: Add support for 50G/100G in AIM algorithm (jsc#PED-835).
+- net/mlx5: Add clarification on sync reset failure
+ (jsc#PED-1549).
+- net/mlx5: Add reset_state field to MFRL register (jsc#PED-1549).
+- RDMA/mlx5: Use new command interface API (jsc#PED-1552).
+- net/mlx5: cmdif, Refactor error handling and reporting of
+ async commands (jsc#PED-1549).
+- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct}
+ (jsc#PED-1549).
+- net/mlx5: cmdif, Add new api for command execution
+ (jsc#PED-1549).
+- net/mlx5: cmdif, cmd_check refactoring (jsc#PED-1549).
+- net/mlx5: cmdif, Return value improvements (jsc#PED-1549).
+- net/mlx5: Lag, offload active-backup drops to hardware
+ (jsc#PED-1549).
+- net/mlx5: Lag, record inactive state of bond device
+ (jsc#PED-1549).
+- net/mlx5: Lag, don't use magic numbers for ports (jsc#PED-1549).
+- net/mlx5: Lag, use local variable already defined to access
+ E-Switch (jsc#PED-1549).
+- net/mlx5: E-switch, add drop rule support to ingress ACL
+ (jsc#PED-1549).
+- net/mlx5: E-switch, remove special uplink ingress ACL handling
+ (jsc#PED-1549).
+- net/mlx5: E-Switch, reserve and use same uplink metadata across
+ ports (jsc#PED-1549).
+- net/mlx5: Add ability to insert to specific flow group
+ (jsc#PED-1549).
+- mlx5: remove unused static inlines (jsc#PED-1549).
+- flow_offload: reject offload for all drivers with invalid
+ police parameters (jsc#PED-1549).
+- net: flow_offload: add tc police action parameters
+ (jsc#PED-1549).
+- nfp: add support to offload police action from flower table
+ (jsc#PED-1549).
+- nfp: add process to get action stats from hardware
+ (jsc#PED-1549).
+- nfp: add hash table to store meter table (jsc#PED-1549).
+- nfp: add support to offload tc action to hardware
+ (jsc#PED-1549).
+- nfp: refactor policer config to support ingress/egress meter
+ (jsc#PED-1549).
+- ixgbe: Remove non-inclusive language (jsc#PED-373).
+- ixgbevf: clean up some inconsistent indenting (jsc#PED-373).
+- net/mlx5e: TC, Allow sample action with CT (jsc#PED-1549).
+- net/mlx5e: TC, Make post_act parse CT and sample actions
+ (jsc#PED-1549).
+- net/mlx5e: TC, Clean redundant counter flag from tc action
+ parsers (jsc#PED-1549).
+- net/mlx5e: Use multi table support for CT and sample actions
+ (jsc#PED-1549).
+- net/mlx5e: Create new flow attr for multi table actions
+ (jsc#PED-1549).
+- net/mlx5e: Add post act offload/unoffload API (jsc#PED-1549).
+- net/mlx5e: Pass actions param to actions_match_supported()
+ (jsc#PED-1549).
+- net/mlx5e: TC, Move flow hashtable to be per rep (jsc#PED-1549).
+- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev
+ mode (jsc#PED-1549).
+- net/mlx5e: E-Switch, Add PTP counters for uplink representor
+ (jsc#PED-1549).
+- net/mlx5e: RX, Restrict bulk size for small Striding RQs
+ (jsc#PED-1549).
+- net/mlx5e: Default to Striding RQ when not conflicting with
+ CQE compression (jsc#PED-1549).
+- net/mlx5e: Generalize packet merge error message (jsc#PED-1549).
+- net/mlx5e: Add support for using xdp->data_meta (jsc#PED-1549).
+- net/mlx5e: Fix spelling mistake "supoported" -> "supported"
+ (jsc#PED-1549).
+- net/mlx5e: Optimize the common case condition in
+ mlx5e_select_queue (jsc#PED-1549).
+- net/mlx5e: Optimize modulo in mlx5e_select_queue (jsc#PED-1549).
+- net/mlx5e: Optimize mlx5e_select_queue (jsc#PED-1549).
+- net/mlx5e: Move repeating code that gets TC prio into a function
+ (jsc#PED-1549).
+- net/mlx5e: Use select queue parameters to sync with control flow
+ (jsc#PED-1549).
+- net/mlx5e: Move mlx5e_select_queue to en/selq.c (jsc#PED-1549).
+- net/mlx5e: Introduce select queue parameters (jsc#PED-1549).
+- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues
+ (jsc#PED-1549).
+- net/mlx5e: Use a barrier after updating txq2sq (jsc#PED-1549).
+- net/mlx5e: Disable TX queues before registering the netdev
+ (jsc#PED-1549).
+- net/mlx5e: Cleanup of start/stop all queues (jsc#PED-1549).
+- net/mlx5e: Use FW limitation for max MPW WQEBBs (jsc#PED-1549).
+- net/mlx5e: Read max WQEBBs on the SQ from firmware
+ (jsc#PED-1549).
+- net/mlx5e: Remove unused tstamp SQ field (jsc#PED-1549).
+- i40e: xsk: Move tmp desc array from driver to pool
+ (jsc#PED-372).
+- i40e: Add a stat for tracking busy rx pages (jsc#PED-372).
+- i40e: Add a stat for tracking pages waived (jsc#PED-372).
+- i40e: Add a stat tracking new RX page allocations (jsc#PED-372).
+- i40e: Aggregate and export RX page reuse stat (jsc#PED-372).
+- i40e: Remove rx page reuse double count (jsc#PED-372).
+- i40e: Fix race condition while adding/deleting MAC/VLAN filters
+ (jsc#PED-372).
+- i40e: Add new version of i40e_aq_add_macvlan function
+ (jsc#PED-372).
+- i40e: Add new versions of send ASQ command functions
+ (jsc#PED-372).
+- i40e: Add sending commands in atomic context (jsc#PED-372).
+- i40e: Remove unused RX realloc stat (jsc#PED-372).
+- i40e: Disable hw-tc-offload feature on driver load
+ (jsc#PED-372).
+- mlxsw: spectrum: Guard against invalid local ports
+ (jsc#PED-1549).
+- net/mlx5: VLAN push on RX, pop on TX (jsc#PED-1549).
+- net/mlx5: Introduce software defined steering capabilities
+ (jsc#PED-1549).
+- net/mlx5: Remove unused TIR modify bitmask enums (jsc#PED-1549).
+- net/mlx5e: CT, Remove redundant flow args from tc ct calls
+ (jsc#PED-1549).
+- net/mlx5e: TC, Store mapped tunnel id on flow attr
+ (jsc#PED-1549).
+- net/mlx5e: Test CT and SAMPLE on flow attr (jsc#PED-1549).
+- net/mlx5e: Refactor eswitch attr flags to just attr flags
+ (jsc#PED-1549).
+- net/mlx5e: CT, Don't set flow flag CT for ct clear flow
+ (jsc#PED-1549).
+- net/mlx5e: TC, Hold sample_attr on stack instead of pointer
+ (jsc#PED-1549).
+- net/mlx5e: TC, Reject rules with multiple CT actions
+ (jsc#PED-1549).
+- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get
+ flow attr (jsc#PED-1549).
+- net/mlx5e: TC, Pass attr to tc_act can_offload() (jsc#PED-1549).
+- net/mlx5e: TC, Split pedit offloads verify from
+ alloc_tc_pedit_action() (jsc#PED-1549).
+- net/mlx5e: TC, Move pedit_headers_action to parse_attr
+ (jsc#PED-1549).
+- net/mlx5e: Move counter creation call to
+ alloc_flow_attr_counter() (jsc#PED-1549).
+- net/mlx5e: Pass attr arg for attaching/detaching encaps
+ (jsc#PED-1549).
+- net/mlx5e: Move code chunk setting encap dests into its own
+ function (jsc#PED-1549).
+- igbvf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-370).
+- igb: Remove useless DMA-32 fallback configuration (jsc#PED-370).
+- igc: Remove useless DMA-32 fallback configuration (jsc#PED-375).
+- iavf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-835).
+- i40e: Remove useless DMA-32 fallback configuration
+ (jsc#PED-372).
+- ixgbevf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-373).
+- ixgbe: Remove useless DMA-32 fallback configuration
+ (jsc#PED-373).
+- bpf: add frags support to the bpf_xdp_adjust_tail() API
+ (jsc#PED-373).
+- bpf: introduce bpf_xdp_get_buff_len helper (jsc#PED-373).
+- xdp: add frags support to xdp_return_{buff/frame} (jsc#PED-373).
+- net/mlx5: Add migration commands definitions (jsc#PED-1549).
+- net/mlx5: Introduce migration bits and structures
+ (jsc#PED-1549).
+- net/mlx5: Expose APIs to get/put the mlx5 core device
+ (jsc#PED-1549).
+- PCI/IOV: Add pci_iov_get_pf_drvdata() to allow VF reaching
+ the drvdata of a PF (jsc#PED-1549).
+- net/mlx5: Reuse exported virtfn index function call
+ (jsc#PED-1549).
+- PCI/IOV: Add pci_iov_vf_id() to get VF index (jsc#PED-1549).
+- iavf: Fix adopting new combined setting (jsc#PED-835).
+- vdpa: fix use-after-free on vp_vdpa_remove (jsc#PED-1549).
+- vhost: fix hung thread due to erroneous iotlb entries
+ (jsc#PED-1549).
+- vdpa/mlx5: add validation for VIRTIO_NET_CTRL_MQ_VQ_PAIRS_SET
+ command (jsc#PED-1549).
+- vdpa/mlx5: should verify CTRL_VQ feature exists for MQ
+ (jsc#PED-1549).
+- vdpa: factor out vdpa_set_features_unlocked for vdpa internal
+ use (jsc#PED-1549).
+- xfrm: enforce validity of offload input flags (jsc#PED-373).
+- net/mlx5e: Fix VF min/max rate parameters interchange mistake
+ (jsc#PED-1549).
+- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information
+ (jsc#PED-1549).
+- net/mlx5e: Add feature check for set fec counters
+ (jsc#PED-1549).
+- net/mlx5e: TC, Skip redundant ct clear actions (jsc#PED-1549).
+- net/mlx5: Update log_max_qp value to be 17 at most
+ (jsc#PED-1549).
+- net_sched: add __rcu annotation to netdev->qdisc (jsc#PED-1549).
+- vdpa/mlx5: Fix tracking of current number of VQs (jsc#PED-1549).
+- vdpa/mlx5: Fix is_index_valid() to refer to features
+ (jsc#PED-1549).
+- vdpa: Protect vdpa reset with cf_mutex (jsc#PED-1549).
+- vdpa: Avoid taking cf_mutex lock on get status (jsc#PED-1549).
+- vdpa/mlx5: Report max device capabilities (jsc#PED-1549).
+- vdpa: Support reporting max device capabilities (jsc#PED-1549).
+- vdpa/mlx5: Restore cur_num_vqs in case of failure in
+ change_num_qps() (jsc#PED-1549).
+- vdpa: Add support for returning device configuration information
+ (jsc#PED-1549).
+- vdpa/mlx5: Support configuring max data virtqueue
+ (jsc#PED-1549).
+- vdpa/mlx5: Fix config_attr_mask assignment (jsc#PED-1549).
+- vdpa: Allow to configure max data virtqueues (jsc#PED-1549).
+- vdpa: Read device configuration only if FEATURES_OK
+ (jsc#PED-1549).
+- vdpa: Sync calls set/get config/status with cf_mutex
+ (jsc#PED-1549).
+- vdpa/mlx5: Distribute RX virtqueues in RQT object
+ (jsc#PED-1549).
+- vdpa: Provide interface to read driver features (jsc#PED-1549).
+- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0
+ (jsc#PED-1549).
+- vdpa: Mark vdpa_config_ops.get_vq_notification as optional
+ (jsc#PED-1549).
+- vdpa: Avoid duplicate call to vp_vdpa get_status (jsc#PED-1549).
+- net/mlx5_vdpa: Offer VIRTIO_NET_F_MTU when setting MTU
+ (jsc#PED-1549).
+- vdpa: add driver_override support (jsc#PED-1549).
+- docs: document sysfs ABI for vDPA bus (jsc#PED-1549).
+- ifcvf/vDPA: fix misuse virtio-net device config size for blk
+ dev (jsc#PED-1549).
+- RDMA/mlx5: Print wc status on CQE error and dump needed
+ (jsc#PED-1552).
+- RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr
+ (jsc#PED-1552).
+- net/mlx5: Use irq_set_affinity_and_hint() (jsc#PED-1549).
+- ixgbe: Use irq_update_affinity_hint() (jsc#PED-373).
+- i40e: Use irq_update_affinity_hint() (jsc#PED-372).
+- iavf: Use irq_update_affinity_hint() (jsc#PED-835).
+- vdpa/mlx5: Use auxiliary_device driver data helpers
+ (jsc#PED-1549).
+- net/mlx5e: Use auxiliary_device driver data helpers
+ (jsc#PED-1549).
+- RDMA/irdma: Use auxiliary_device driver data helpers
+ (jsc#PED-1552).
+- net: openvswitch: Fix ct_state nat flags for conns arriving
+ from tc (jsc#PED-1549).
+- net/mlx5e: Fix build error in fec_set_block_stats()
+ (jsc#PED-1549).
+- iavf: remove an unneeded variable (jsc#PED-835).
+- i40e: remove variables set but not used (jsc#PED-372).
+- i40e: Remove non-inclusive language (jsc#PED-372).
+- i40e: Update FW API version (jsc#PED-372).
+- i40e: Minimize amount of busy-waiting during AQ send
+ (jsc#PED-372).
+- net/mlx5e: Add recovery flow in case of error CQE
+ (jsc#PED-1549).
+- net/mlx5e: TC, Remove redundant error logging (jsc#PED-1549).
+- net/mlx5e: Refactor set_pflag_cqe_based_moder (jsc#PED-1549).
+- net/mlx5e: Move HW-GRO and CQE compression check to fix features
+ flow (jsc#PED-1549).
+- net/mlx5e: Fix feature check per profile (jsc#PED-1549).
+- net/mlx5e: Unblock setting vid 0 for VF in case PF isn't
+ eswitch manager (jsc#PED-1549).
+- net/mlx5e: Expose FEC counters via ethtool (jsc#PED-1549).
+- net/mlx5: Update log_max_qp value to FW max capability
+ (jsc#PED-1549).
+- net/mlx5: SF, Use all available cpu for setting cpu affinity
+ (jsc#PED-1549).
+- net/mlx5: Introduce API for bulk request and release of IRQs
+ (jsc#PED-1549).
+- net/mlx5: Split irq_pool_affinity logic to new file
+ (jsc#PED-1549).
+- net/mlx5: Move affinity assignment into irq_request
+ (jsc#PED-1549).
+- net/mlx5: Introduce control IRQ request API (jsc#PED-1549).
+- net/mlx5: mlx5e_hv_vhca_stats_create return type to void
+ (jsc#PED-1549).
+- mlxsw: spectrum: Extend to support Spectrum-4 ASIC
+ (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Add support for Spectrum-4
+ calculation (jsc#PED-1549).
+- mlxsw: Add operations structure for bloom filter calculation
+ (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Rename Spectrum-2 specific
+ objects for future use (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Make
+ mlxsw_sp_acl_bf_key_encode() more flexible (jsc#PED-1549).
+- mlxsw: spectrum_acl_bloom_filter: Reorder functions to make
+ the code more aesthetic (jsc#PED-1549).
+- mlxsw: Introduce flex key elements for Spectrum-4
+ (jsc#PED-1549).
+- mlxsw: Rename virtual router flex key element (jsc#PED-1549).
+- net: fixup build after bpf header changes (jsc#PED-1549).
+- net/mlx5: CT: Set flow source hint from provided tuple device
+ (jsc#PED-1549).
+- xsk: Wipe out dead zero_copy_allocator declarations
+ (jsc#PED-373).
+- net/mlx5: Set SMFS as a default steering mode if device supports
+ it (jsc#PED-1549).
+- net/mlx5: DR, Ignore modify TTL if device doesn't support it
+ (jsc#PED-1549).
+- net/mlx5: DR, Improve steering for empty or RX/TX-only matchers
+ (jsc#PED-1549).
+- net/mlx5: DR, Add support for matching on
+ geneve_tlv_option_0_exist field (jsc#PED-1549).
+- net/mlx5: DR, Support matching on tunnel headers 0 and 1
+ (jsc#PED-1549).
+- net/mlx5: DR, Add misc5 to match_param structs (jsc#PED-1549).
+- net/mlx5: Add misc5 flow table match parameters (jsc#PED-1549).
+- net/mlx5: DR, Warn on failure to destroy objects due to refcount
+ (jsc#PED-1549).
+- net/mlx5: DR, Add support for UPLINK destination type
+ (jsc#PED-1549).
+- net/mlx5: DR, Add support for dumping steering info
+ (jsc#PED-1549).
+- net/mlx5: DR, Add missing reserved fields to dr_match_param
+ (jsc#PED-1549).
+- net/mlx5: DR, Add check for flex parser ID value (jsc#PED-1549).
+- net/mlx5: DR, Rename list field in matcher struct to list_node
+ (jsc#PED-1549).
+- net/mlx5: DR, Remove unused struct member in matcher
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix lower case macro prefix "mlx5_" to "MLX5_"
+ (jsc#PED-1549).
+- net/mlx5: DR, Fix error flow in creating matcher (jsc#PED-1549).
+- igb: support EXTTS on 82580/i354/i350 (jsc#PED-370).
+- igb: support PEROUT on 82580/i354/i350 (jsc#PED-370).
+- igb: move PEROUT and EXTTS isr logic to separate functions
+ (jsc#PED-370).
+- igb: move SDP config initialization to separate function
+ (jsc#PED-370).
+- ixgbevf: switch to napi_build_skb() (jsc#PED-373).
+- ixgbe: switch to napi_build_skb() (jsc#PED-373).
+- igc: switch to napi_build_skb() (jsc#PED-375).
+- igb: switch to napi_build_skb() (jsc#PED-370).
+- iavf: switch to napi_build_skb() (jsc#PED-835).
+- i40e: switch to napi_build_skb() (jsc#PED-372).
+- net/mlx5e: Take packet_merge params directly from the RX res
+ struct (jsc#PED-1549).
+- net/mlx5e: Allocate per-channel stats dynamically at first usage
+ (jsc#PED-1549).
+- net/mlx5e: Use dynamic per-channel allocations in stats
+ (jsc#PED-1549).
+- net/mlx5e: Allow profile-specific limitation on max num of
+ channels (jsc#PED-1549).
+- net/mlx5e: Save memory by using dynamic allocation in netdev
+ priv (jsc#PED-1549).
+- net/mlx5e: Add profile indications for PTP and QOS HTB features
+ (jsc#PED-1549).
+- net/mlx5e: Use bitmap field for profile features (jsc#PED-1549).
+- net/mlx5: Remove the repeated declaration (jsc#PED-1549).
+- net/mlx5: Let user configure max_macs generic param
+ (jsc#PED-1549).
+- net/mlx5: Let user configure event_eq_size param (jsc#PED-1549).
+- net/mlx5: Let user configure io_eq_size param (jsc#PED-1549).
+- igbvf: Refactor trace (jsc#PED-370).
+- igb: remove never changed variable `ret_val' (jsc#PED-370).
+- igc: Remove obsolete define (jsc#PED-375).
+- igc: Remove obsolete mask (jsc#PED-375).
+- igc: Remove obsolete nvm type (jsc#PED-375).
+- igc: Remove unused phy type (jsc#PED-375).
+- igc: Remove unused _I_PHY_ID define (jsc#PED-375).
+- net/sched: use min() macro instead of doing it manually
+ (jsc#PED-1549).
+- flow_offload: add reoffload process to update hw_count
+ (jsc#PED-1549).
+- net: sched: save full flags for tc action (jsc#PED-1549).
+- flow_offload: add process to update action stats from hardware
+ (jsc#PED-1549).
+- flow_offload: add skip_hw and skip_sw to control if offload
+ the action (jsc#PED-1549).
+- flow_offload: allow user to offload tc action to net device
+ (jsc#PED-1549).
+- flow_offload: add ops to tc_action_ops for flow action setup
+ (jsc#PED-1549).
+- flow_offload: rename offload functions with offload instead
+ of flow (jsc#PED-1549).
+- flow_offload: add index to flow_action_entry structure
+ (jsc#PED-1549).
+- iavf: Restrict maximum VLAN filters for
+ VIRTCHNL_VF_OFFLOAD_VLAN_V2 (jsc#PED-835).
+- iavf: Add support VIRTCHNL_VF_OFFLOAD_VLAN_V2 during netdev
+ config (jsc#PED-835).
+- virtchnl: Add support for new VLAN capabilities (jsc#PED-835).
+- net/mlx5: Introduce log_max_current_uc_list_wr_supported bit
+ (jsc#PED-1549).
+- RDMA/mlx5: Add support to multiple priorities for FDB rules
+ (jsc#PED-1552).
+- net/mlx5: Create more priorities for FDB bypass namespace
+ (jsc#PED-1549).
+- net/mlx5: Refactor mlx5_get_flow_namespace (jsc#PED-1549).
+- net/mlx5: Separate FDB namespace (jsc#PED-1549).
+- net/mlx5e: Move goto action checks into tc_action goto post
+ parse op (jsc#PED-1549).
+- net/mlx5e: Move vlan action chunk into tc action vlan post
+ parse op (jsc#PED-1549).
+- net/mlx5e: Add post_parse() op to tc action infrastructure
+ (jsc#PED-1549).
+- net/mlx5e: Move sample attr allocation to tc_action sample
+ parse op (jsc#PED-1549).
+- net/mlx5e: TC action parsing loop (jsc#PED-1549).
+- net/mlx5e: Add redirect ingress to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add sample and ptype to tc_action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add ct to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add mirred/redirect to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add mpls push/pop to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add vlan push/pop/mangle to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add pedit to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add csum to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add tunnel encap/decap to tc action infra
+ (jsc#PED-1549).
+- net/mlx5e: Add goto to tc action infra (jsc#PED-1549).
+- net/mlx5e: Add tc action infrastructure (jsc#PED-1549).
+- xfrm: add net device refcount tracker to struct
+ xfrm_state_offload (jsc#PED-373).
+- net/mlx5: Dynamically resize flow counters query buffer
+ (jsc#PED-1549).
+- net/mlx5e: TC, Set flow attr ip_version earlier (jsc#PED-1549).
+- net/mlx5e: TC, Move common flow_action checks into function
+ (jsc#PED-1549).
+- net/mlx5e: Remove redundant actions arg from vlan push/pop funcs
+ (jsc#PED-1549).
+- net/mlx5e: Remove redundant actions arg from
+ validate_goto_chain() (jsc#PED-1549).
+- net/mlx5e: TC, Remove redundant action stack var (jsc#PED-1549).
+- net/mlx5e: Hide function mlx5e_num_channels_changed
+ (jsc#PED-1549).
+- net/mlx5e: SHAMPO, clean MLX5E_MAX_KLM_PER_WQE macro
+ (jsc#PED-1549).
+- net/mlx5: Print more info on pci error handlers (jsc#PED-1549).
+- net/mlx5: SF, silence an uninitialized variable warning
+ (jsc#PED-1549).
+- net/mlx5: Fix error return code in esw_qos_create()
+ (jsc#PED-1549).
+- mlx5: fix mlx5i_grp_sw_update_stats() stack usage
+ (jsc#PED-1549).
+- mlx5: fix psample_sample_packet link error (jsc#PED-1549).
+- mlxsw: Use u16 for local_port field instead of u8
+ (jsc#PED-1549).
+- mlxsw: reg: Adjust PPCNT register to support local port 255
+ (jsc#PED-1549).
+- mlxsw: reg: Increase 'port_num' field in PMTDB register
+ (jsc#PED-1549).
+- mlxsw: reg: Align existing registers to use extended local_port
+ field (jsc#PED-1549).
+- mlxsw: item: Add support for local_port field in a split form
+ (jsc#PED-1549).
+- iavf: Fix displaying queue statistics shown by ethtool
+ (jsc#PED-835).
+- iavf: Refactor string format to avoid static analysis warnings
+ (jsc#PED-835).
+- iavf: Refactor text of informational message (jsc#PED-835).
+- iavf: Fix static code analysis warning (jsc#PED-835).
+- iavf: Refactor iavf_mac_filter struct memory usage
+ (jsc#PED-835).
+- iavf: Enable setting RSS hash key (jsc#PED-835).
+- iavf: return errno code instead of status code (jsc#PED-835).
+- iavf: Log info when VF is entering and leaving Allmulti mode
+ (jsc#PED-835).
+- iavf: Add change MTU message (jsc#PED-835).
+- igc: enable XDP metadata in driver (jsc#PED-375).
+- devlink: Simplify devlink resources unregister call
+ (jsc#PED-1549).
+- mlxsw: spectrum_router: Remove deadcode in
+ mlxsw_sp_rif_mac_profile_find (jsc#PED-1549).
+- net: dsa: felix: restrict psfp rules on ingress port
+ (jsc#PED-1549).
+- net: dsa: felix: use vcap policer to set flow meter for psfp
+ (jsc#PED-1549).
+- net: mscc: ocelot: use index to set vcap policer (jsc#PED-1549).
+- net: dsa: felix: add stream gate settings for psfp
+ (jsc#PED-1549).
+- net: dsa: felix: support psfp filter on vsc9959 (jsc#PED-1549).
+- net: mscc: ocelot: add gate and police action offload to PSFP
+ (jsc#PED-1549).
+- net: mscc: ocelot: set vcap IS2 chain to goto PSFP chain
+ (jsc#PED-1549).
+- ixgbevf: Add support for new mailbox communication between PF
+ and VF (jsc#PED-373).
+- ixgbevf: Mailbox improvements (jsc#PED-373).
+- ixgbevf: Add legacy suffix to old API mailbox functions
+ (jsc#PED-373).
+- ixgbevf: Improve error handling in mailbox (jsc#PED-373).
+- stmmac: fix build due to brainos in trans_start changes
+ (jsc#PED-370).
+- net: annotate accesses to queue->trans_start (jsc#PED-370).
+- net/mlx5: E-switch, Create QoS on demand (jsc#PED-1549).
+- net/mlx5: E-switch, Enable vport QoS on demand (jsc#PED-1549).
+- net/mlx5: E-switch, move offloads mode callbacks to offloads
+ file (jsc#PED-1549).
+- net/mlx5: E-switch, Reuse mlx5_eswitch_set_vport_mac
+ (jsc#PED-1549).
+- net/mlx5: E-switch, Remove vport enabled check (jsc#PED-1549).
+- net/mlx5e: Specify out ifindex when looking up decap route
+ (jsc#PED-1549).
+- net/mlx5e: TC, Move comment about mod header flag to correct
+ place (jsc#PED-1549).
+- net/mlx5e: TC, Move kfree() calls after destroying all resources
+ (jsc#PED-1549).
+- net/mlx5e: TC, Destroy nic flow counter if exists
+ (jsc#PED-1549).
+- net/mlx5: TC, using swap() instead of tmp variable
+ (jsc#PED-1549).
+- net/mlx5: CT: Allow static allocation of mod headers
+ (jsc#PED-1549).
+- net/mlx5e: Refactor mod header management API (jsc#PED-1549).
+- net/mlx5: Avoid printing health buffer when firmware is
+ unavailable (jsc#PED-1549).
+- net/mlx5: Fix format-security build warnings (jsc#PED-1549).
+- net/mlx5e: Support ethtool cq mode (jsc#PED-1549).
+- net: openvswitch: Fix matching zone id for invalid conns
+ arriving from tc (jsc#PED-1549).
+- net/sched: flow_dissector: Fix matching on zone id for invalid
+ conns (jsc#PED-1549).
+- mlxsw: spectrum_router: Consolidate MAC profiles when possible
+ (jsc#PED-1549).
+- vhost-vdpa: clean irqs before reseting vdpa device
+ (jsc#PED-1549).
+- vdpa/mlx5: Forward only packets with allowed MAC address
+ (jsc#PED-1549).
+- vdpa/mlx5: Support configuration of MAC (jsc#PED-1549).
+- vdpa/mlx5: Fix clearing of VIRTIO_NET_F_MAC feature bit
+ (jsc#PED-1549).
+- vdpa: Enable user to set mac and mtu of vdpa device
+ (jsc#PED-1549).
+- vdpa: Use kernel coding style for structure comments
+ (jsc#PED-1549).
+- vdpa: Introduce query of device config layout (jsc#PED-1549).
+- vdpa: Introduce and use vdpa device get, set config helpers
+ (jsc#PED-1549).
+- vdpa/mlx5: Propagate link status from device to vdpa driver
+ (jsc#PED-1549).
+- vdpa/mlx5: Rename control VQ workqueue to vdpa wq
+ (jsc#PED-1549).
+- vdpa/mlx5: Remove mtu field from vdpa net device (jsc#PED-1549).
+- vdpa: add new attribute VDPA_ATTR_DEV_MIN_VQ_SIZE
+ (jsc#PED-1549).
+- vdpa: min vq num of vdpa device cannot be greater than max vq
+ num (jsc#PED-1549).
+- vdpa: add new callback get_vq_num_min in vdpa_config_ops
+ (jsc#PED-1549).
+- vp_vdpa: add vq irq offloading support (jsc#PED-1549).
+- vdpa: fix typo (jsc#PED-1549).
+- cls_flower: Fix inability to match GRE/IPIP packets
+ (jsc#PED-1549).
+- netdevsim: fix uninit value in nsim_drv_configure_vfs()
+ (jsc#PED-1549).
+- netdevsim: rename 'driver' entry points (jsc#PED-1549).
+- netdevsim: move max vf config to dev (jsc#PED-1549).
+- netdevsim: move details of vf config to dev (jsc#PED-1549).
+- netdevsim: move vfconfig to nsim_dev (jsc#PED-1549).
+- netdevsim: take rtnl_lock when assigning num_vfs (jsc#PED-1549).
+- virtchnl: Use the BIT() macro for capability/offload flags
+ (jsc#PED-835).
+- virtchnl: Remove unused VIRTCHNL_VF_OFFLOAD_RSVD define
+ (jsc#PED-835).
+- netdevsim: remove max_vfs dentry (jsc#PED-1549).
+- mlxsw: spectrum_router: Expose RIF MAC profiles to devlink
+ resource (jsc#PED-1549).
+- mlxsw: spectrum_router: Add RIF MAC profiles support
+ (jsc#PED-1549).
+- mlxsw: spectrum_router: Propagate extack further (jsc#PED-1549).
+- mlxsw: resources: Add resource identifier for RIF MAC profiles
+ (jsc#PED-1549).
+- mlxsw: reg: Add MAC profile ID field to RITR register
+ (jsc#PED-1549).
+- mlxsw: spectrum: Use 'bitmap_zalloc()' when applicable
+ (jsc#PED-1549).
+- net: mscc: ocelot: support egress VLAN rewriting via VCAP ES0
+ (jsc#PED-1549).
+- xsk: Optimize for aligned case (jsc#PED-1549).
+- virtio_net: introduce TX timeout watchdog (jsc#PED-370).
+- mlxsw: Make PMAOS pack function more generic (jsc#PED-1549).
+- mlxsw: reg: Add fields to PMAOS register (jsc#PED-1549).
+- mlxsw: Track per-module port status (jsc#PED-1549).
+- mlxsw: spectrum: Do not return an error in
+ mlxsw_sp_port_module_unmap() (jsc#PED-1549).
+- mlxsw: spectrum: Do not return an error in ndo_stop()
+ (jsc#PED-1549).
+- mlxsw: core_env: Convert 'module_info_lock' to a mutex
+ (jsc#PED-1549).
+- mlxsw: core_env: Defer handling of module temperature warning
+ events (jsc#PED-1549).
+- mlxsw: reg: Remove PMTM register (jsc#PED-1549).
+- mlxsw: spectrum: Move port SWID set before core port init
+ (jsc#PED-1549).
+- mlxsw: spectrum: Move port module mapping before core port init
+ (jsc#PED-1549).
+- mlxsw: spectrum: Bump minimum FW version to xx.2008.3326
+ (jsc#PED-1549).
+- vduse: Fix race condition between resetting and irq injecting
+ (jsc#PED-1549).
+- vduse: Disallow injecting interrupt before DRIVER_OK is set
+ (jsc#PED-1549).
+- vhost_vdpa: unset vq irq before freeing irq (jsc#PED-1549).
+- vdpa: potential uninitialized return in vhost_vdpa_va_map()
+ (jsc#PED-1549).
+- vdpa/mlx5: Avoid executing set_vq_ready() if device is reset
+ (jsc#PED-1549).
+- vdpa/mlx5: Clear ready indication for control VQ (jsc#PED-1549).
+- vduse: Cleanup the old kernel states after reset failure
+ (jsc#PED-1549).
+- vduse: missing error code in vduse_init() (jsc#PED-1549).
+- Documentation: Add documentation for VDUSE (jsc#PED-1549).
+- vduse: Implement an MMU-based software IOTLB (jsc#PED-1549).
+- vdpa: Support transferring virtual addressing during DMA mapping
+ (jsc#PED-1549).
+- vdpa: factor out vhost_vdpa_pa_map() and vhost_vdpa_pa_unmap()
+ (jsc#PED-1549).
+- vdpa: Add an opaque pointer for vdpa_config_ops.dma_map()
+ (jsc#PED-1549).
+- vhost-iotlb: Add an opaque pointer for vhost IOTLB
+ (jsc#PED-1549).
+- vhost-vdpa: Handle the failure of vdpa_reset() (jsc#PED-1549).
+- vdpa: Add reset callback in vdpa_config_ops (jsc#PED-1549).
+- vdpa: Fix some coding style issues (jsc#PED-1549).
+- file: Export receive_fd() to modules (jsc#PED-1549).
+- vdpa: Make use of PFN_PHYS/PFN_UP/PFN_DOWN helper macro
+ (jsc#PED-1549).
+- vdpa/mlx5: Add multiqueue support (jsc#PED-1549).
+- vdpa/mlx5: Ensure valid indices are provided (jsc#PED-1549).
+- vdpa/mlx5: Decouple virtqueue callback from struct
+ mlx5_vdpa_virtqueue (jsc#PED-1549).
+- vdpa/mlx5: function prototype modifications in preparation to
+ control VQ (jsc#PED-1549).
+- vdpa/mlx5: Remove redundant header file inclusion
+ (jsc#PED-1549).
+- vDPA/ifcvf: enable multiqueue and control vq (jsc#PED-1549).
+- vDPA/ifcvf: detect and use the onboard number of queues directly
+ (jsc#PED-1549).
+- vDPA/ifcvf: implement management netlink framework for ifcvf
+ (jsc#PED-1549).
+- vDPA/ifcvf: introduce get_dev_type() which returns virtio dev id
+ (jsc#PED-1549).
+- mlxsw: spectrum: Add infrastructure for parsing configuration
+ (jsc#PED-1549).
+- net/sched: store the last executed chain also for clsact egress
+ (jsc#PED-1549).
+- nfp: flower-tc: add flow stats updates for ct (jsc#PED-1549).
+- nfp: flower-ct: add offload calls to the nfp (jsc#PED-1549).
+- nfp: flower-ct: add flow_pay to the offload table
+ (jsc#PED-1549).
+- nfp: flower-ct: add actions into flow_pay for offload
+ (jsc#PED-1549).
+- nfp: flower-ct: compile match sections of flow_payload
+ (jsc#PED-1549).
+- nfp: flower-ct: calculate required key_layers (jsc#PED-1549).
+- nfp: flower: refactor action offload code slightly
+ (jsc#PED-1549).
+- nfp: flower: refactor match functions to take flow_rule as input
+ (jsc#PED-1549).
+- nfp: flower: make the match compilation functions reusable
+ (jsc#PED-1549).
+- netdevsim: Add multi-queue support (jsc#PED-1549).
+- net/sched: Remove unnecessary if statement (jsc#PED-1549).
+- bpf: Add function for XDP meta data length check (jsc#PED-373).
+- commit 820516d
+
+- ethernet: sparx5: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: sxgbe: use eth_hw_addr_set() (jsc#PED-1565).
+- commit efcaf78
+
+- ethernet: ibmveth: use ether_addr_to_u64() (jsc#PED-1565).
+- commit 62557e1
+
+- intersil: remove obsolete prism54 wireless driver
+ (jsc#PED-1565).
+- Update config files.
+- supported.conf: removed prism64
+- commit 2e3787e
+
+- staging: rtl8188eu fix fallout of constifying dev_addr
+ (jsc#PED-1565).
+- commit 388ba9a
+
+- sfc: siena: Fix Kconfig dependencies (jsc#PED-1565).
+- Update config files.
+- supported.conf: Addedd sfc-siena
+- commit d576f42
+
+- net: add net device refcount tracker infrastructure
+ (jsc#PED-1565).
+- Update config files.
+- commit 62b348b
+
+- of: net: move of_net under net/ (jsc#PED-1565).
+- Update config files.
+- commit 04e77fb
+
+- net: annotate accesses to dev->gso_max_segs (jsc#PED-1565).
+- Refresh patches.suse/octeontx2-pf-Add-TC-feature-for-VFs.patch.
+- commit 37035f5
+
+- usb: gadget: u_ether: use eth_hw_addr_set() (jsc#PED-1565).
+- Refresh
+ patches.suse/usb-gadget-u_ether-fix-regression-in-setting-fixed-M.patch.
+- commit 219037e
+
+- device property: move mac addr helpers to eth.c (jsc#PED-1565).
+- Refresh
+ patches.suse/device-property-Add-fwnode_irq_get_byname.patch.
+- commit c05663b
+
+- sfc: implement ethtool get/set RX ring size for EF100 reps
+ (jsc#PED-1565).
+- sfc: use a dynamic m-port for representor RX and set it promisc
+ (jsc#PED-1565).
+- sfc: move table locking into filter_table_{probe,remove}
+ methods (jsc#PED-1565).
+- sfc: insert default MAE rules to connect VFs to representors
+ (jsc#PED-1565).
+- sfc: receive packets from EF100 VFs into representors
+ (jsc#PED-1565).
+- sfc: check ef100 RX packets are from the wire (jsc#PED-1565).
+- sfc: determine wire m-port at EF100 PF probe time
+ (jsc#PED-1565).
+- sfc: ef100 representor RX top half (jsc#PED-1565).
+- sfc: ef100 representor RX NAPI poll (jsc#PED-1565).
+- sfc: plumb ef100 representor stats (jsc#PED-1565).
+- sfc/siena: fix repeated words in comments (jsc#PED-1565).
+- sfc/falcon: fix repeated words in comments (jsc#PED-1565).
+- sfc: attach/detach EF100 representors along with their owning PF
+ (jsc#PED-1565).
+- sfc: hook up ef100 representor TX (jsc#PED-1565).
+- sfc: support passing a representor to the EF100 TX path
+ (jsc#PED-1565).
+- sfc: determine representee m-port for EF100 representors
+ (jsc#PED-1565).
+- sfc: phys port/switch identification for ef100 reps
+ (jsc#PED-1565).
+- sfc: add basic ethtool ops to ef100 reps (jsc#PED-1565).
+- sfc: add skeleton ef100 VF representors (jsc#PED-1565).
+- sfc: detect ef100 MAE admin privilege/capability at probe time
+ (jsc#PED-1565).
+- sfc: update EF100 register descriptions (jsc#PED-1565).
+- sfc: update MCDI protocol headers (jsc#PED-1565).
+- sfc: falcon: Use the bitmap API to allocate bitmaps
+ (jsc#PED-1565).
+- sfc/siena: Use the bitmap API to allocate bitmaps
+ (jsc#PED-1565).
+- sfc: Separate netdev probe/remove from PCI probe/remove
+ (jsc#PED-1565).
+- sfc: disable softirqs for ptp TX (jsc#PED-1565).
+- sfc: fix kernel panic when creating VF (jsc#PED-1565).
+- sfc: fix use after free when disabling sriov (jsc#PED-1565).
+- net: make drivers set the TSO limit not the GSO limit
+ (jsc#PED-1565).
+- bpf: Let bpf_warn_invalid_xdp_action() report more info
+ (jsc#PED-1565).
+- bpf: Do not WARN in bpf_warn_invalid_xdp_action()
+ (jsc#PED-1565).
+- net: usb: ax88179_178a: add TSO feature (jsc#PED-1565).
+- bpf, devmap: Exclude XDP broadcast to master device
+ (jsc#PED-1565).
+- bpf: devmap: Implement devmap prog execution for generic XDP
+ (jsc#PED-1565).
+- bpf: cpumap: Implement generic cpumap (jsc#PED-1565).
+- bitops: Add non-atomic bitops for pointers (jsc#PED-1565).
+- net: core: Split out code to run generic XDP prog
+ (jsc#PED-1565).
+- commit 86a0101
+
+- ethernet: netsec: use eth_hw_addr_set() (jsc#PED-1565).
+- commit de114d2
+
+- net: fec_mpc52xx: don't discard const from netdev->dev_addr
+ (jsc#PED-1565).
+- ethernet: fec: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: ocelot: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: enetc: use eth_hw_addr_set() (jsc#PED-1565).
+- commit 7d923f4
+
+- ethernet: via-velocity: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: via-rhine: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: ec_bhf: use eth_hw_addr_set() (jsc#PED-1565).
+- commit fba8780
+
+- RDMA/cxgb4: fix accept failure due to increased
+ cpl_t5_pass_accept_rpl size (jsc#PED-1508).
+- RDMA/siw: Fix duplicated reported IW_CM_EVENT_CONNECT_REPLY
+ event (jsc#PED-1503).
+- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr()
+ (jsc#PED-1529).
+- RDMA: remove useless condition in siw_create_cq()
+ (jsc#PED-1503).
+- e1000e: convert .adjfreq to .adjfine (jsc#PED-837).
+- e1000e: remove unnecessary range check in e1000e_phc_adjfreq
+ (jsc#PED-837).
+- net/mlx4: Use devl_ API for devlink port register / unregister
+ (jsc#PED-1548).
+- qlogic: qed: fix clang -Wformat warnings (jsc#PED-1526).
+- qed: Use bitmap_empty() (jsc#PED-1526).
+- qed: Use the bitmap API to allocate bitmaps (jsc#PED-1526).
+- cxgb4: Use the bitmap API to allocate bitmaps (jsc#PED-1506).
+- qlogic/qed: fix repeated words in comments (jsc#PED-1526).
+- cxgb4: Fix typo in string (jsc#PED-1506).
+- intel/e1000e:fix repeated words in comments (jsc#PED-837).
+- intel: remove unused macros (jsc#PED-837).
+- sfc: replace function name in string with __func__
+ (jsc#PED-1565).
+- sfc: Unsplit literal string (jsc#PED-1565).
+- sfc: Move EF100 efx_nic_type structs to the end of the file
+ (jsc#PED-1565).
+- sfc: Separate efx_nic memory from net_device memory
+ (jsc#PED-1565).
+- sfc: Encapsulate access to netdev_priv() (jsc#PED-1565).
+- sfc: Change BUG_ON to WARN_ON and recovery code (jsc#PED-1565).
+- sfc: Remove netdev init from efx_init_struct (jsc#PED-1565).
+- sfc: Add a PROBED state for EF100 VDPA use (jsc#PED-1565).
+- sfc: Split STATE_READY in to STATE_NET_DOWN and STATE_NET_UP
+ (jsc#PED-1565).
+- sfc:falcon: fix repeated words in comments (jsc#PED-1565).
+- sfc: fix repeated words in comments (jsc#PED-1565).
+- sfc: siena: fix repeated words in comments (jsc#PED-1565).
+- cxgb4/cxgb4vf: Fix typo in comments (jsc#PED-1506).
+- cxgb4vf: remove unexpected word "the" (jsc#PED-1506).
+- sfc/siena: Fix typo in comment (jsc#PED-1565).
+- sfc: Fix typo in comment (jsc#PED-1565).
+- tcp: Fix data-races around sysctl knobs related to SYN option
+ (jsc#PED-1506).
+- tcp: Fix data-races around sysctl_tcp_ecn (jsc#PED-1506).
+- RDMA/qedr: Fix reporting QP timeout attribute (jsc#PED-1529).
+- net/mlx4_en: Fix wrong return value on ioctl EEPROM query
+ failure (jsc#PED-1548).
+- qed: replace bitmap_weight with bitmap_empty in qed_roce_stop()
+ (jsc#PED-1526).
+- qed: rework qed_rdma_bmap_free() (jsc#PED-1526).
+- net: mellanox: fix open-coded for_each_set_bit() (jsc#PED-1548).
+- sfc/siena: fix wrong tx channel offset with
+ efx_separate_tx_channels (jsc#PED-1565).
+- sfc/siena: fix considering that all channels have TX queues
+ (jsc#PED-1565).
+- sfc: fix wrong tx channel offset with efx_separate_tx_channels
+ (jsc#PED-1565).
+- sfc: fix considering that all channels have TX queues
+ (jsc#PED-1565).
+- RDMA/mlx4: Avoid flush_scheduled_work() usage (jsc#PED-1547).
+- RDMA/qedr: Remove unnecessary synchronize_irq() before
+ free_irq() (jsc#PED-1529).
+- RDMA/siw: Enable siw on tunnel devices (jsc#PED-1503).
+- qed: fix typos in comments (jsc#PED-1526).
+- net: qed: fix typos in comments (jsc#PED-1526).
+- sfc/siena: Remove duplicate check on segments (jsc#PED-1565).
+- sfc: siena: Have a unique wrapper ifndef for efx channels header
+ (jsc#PED-1565).
+- net: qede: Remove unnecessary synchronize_irq() before
+ free_irq() (jsc#PED-1526).
+- qed: Remove unnecessary synchronize_irq() before free_irq()
+ (jsc#PED-1526).
+- sfc/siena: Reinstate SRIOV init/fini function calls
+ (jsc#PED-1565).
+- sfc/siena: Make PTP and reset support specific for Siena
+ (jsc#PED-1565).
+- sfc/siena: Make MCDI logging support specific for Siena
+ (jsc#PED-1565).
+- siena: Make HWMON support specific for Siena (jsc#PED-1565).
+- siena: Make SRIOV support specific for Siena (jsc#PED-1565).
+- siena: Make MTD support specific for Siena (jsc#PED-1565).
+- sfc: Add a basic Siena module (jsc#PED-1565).
+- sfc/siena: Inline functions in sriov.h to avoid conflicts with
+ sfc (jsc#PED-1565).
+- sfc/siena: Rename functions in nic_common.h to avoid conflicts
+ with sfc (jsc#PED-1565).
+- sfc/siena: Rename functions in mcdi headers to avoid conflicts
+ with sfc (jsc#PED-1565).
+- sfc/siena: Rename peripheral functions to avoid conflicts with
+ sfc (jsc#PED-1565).
+- sfc/siena: Rename RX/TX functions to avoid conflicts with sfc
+ (jsc#PED-1565).
+- sfc/siena: Rename functions in efx headers to avoid conflicts
+ with sfc (jsc#PED-1565).
+- sfc/siena: Remove build references to missing functionality
+ (jsc#PED-1565).
+- sfc: Copy shared files needed for Siena (part 2) (jsc#PED-1565).
+- sfc: Copy shared files needed for Siena (part 1) (jsc#PED-1565).
+- sfc: Move Siena specific files (jsc#PED-1565).
+- net: don't allow user space to lift the device limits
+ (jsc#PED-1565).
+- net: add netif_inherit_tso_max() (jsc#PED-1565).
+- sfc: Copy a subset of mcdi_pcol.h to siena (jsc#PED-1565).
+- sfc: Disable Siena support (jsc#PED-1565).
+- netdev: reshuffle netif_napi_add() APIs to allow dropping weight
+ (jsc#PED-1565).
+- qede: Reduce verbosity of ptp tx timestamp (jsc#PED-1526).
+- sfc: add EF100 VF support via a write to sriov_numvfs
+ (jsc#PED-1565).
+- qed: Remove IP services API (jsc#PED-1526).
+- sfc: Remove global definition of efx_reset_type_names
+ (jsc#PED-1565).
+- sfc: Remove duplicate definition of efx_xmit_done
+ (jsc#PED-1565).
+- sfc: efx_default_channel_type APIs can be static (jsc#PED-1565).
+- sfc: Fix spelling mistake "writting" -> "writing"
+ (jsc#PED-1565).
+- sfc: ef10: Fix assigning negative value to unsigned variable
+ (jsc#PED-1565).
+- sfc: use hardware tx timestamps for more than PTP
+ (jsc#PED-1565).
+- qed: remove an unneed NULL check on list iterator
+ (jsc#PED-1526).
+- sfc: Stop using iommu_present() (jsc#PED-1565).
+- net: chelsio: cxgb4: Avoid potential negative array offset
+ (jsc#PED-1506).
+- sfc: Avoid NULL pointer dereference on systems without numa
+ awareness (jsc#PED-1565).
+- RDMA/mlx4: remove redundant assignment to variable nreq
+ (jsc#PED-1547).
+- RDMA/mlx4: Delete useless module.h include (jsc#PED-1547).
+- qed: remove unnecessary memset in qed_init_fw_funcs
+ (jsc#PED-1526).
+- net/mlx4_en: use kzalloc (jsc#PED-1548).
+- net/mlx4: Delete useless moduleparam include (jsc#PED-1548).
+- e1000e: Print PHY register address when MDI read/write fails
+ (jsc#PED-837).
+- sfc: set affinity hints in local NUMA node only (jsc#PED-1565).
+- sfc: default config to 1 channel/core in local NUMA node only
+ (jsc#PED-1565).
+- qed: prevent a fw assert during device shutdown (jsc#PED-1526).
+- sfc: The size of the RX recycle ring should be more flexible
+ (jsc#PED-1565).
+- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep()
+ for udelay (jsc#PED-1526).
+- e1000e: Remove useless DMA-32 fallback configuration
+ (jsc#PED-837).
+- sfc: extend the locking on mcdi->seqno (jsc#PED-1565).
+- ethernet: broadcom/sb1250-mac: don't write directly to
+ netdev->dev_addr (jsc#PED-1565).
+- amd: declance: use eth_hw_addr_set() (jsc#PED-1565).
+- sysctl: move some boundary constants from sysctl.c to
+ sysctl_vals (jsc#PED-1506).
+- RDMA/siw: make use of the helper function kthread_run_on_cpu()
+ (jsc#PED-1503).
+- kthread: add the helper function kthread_run_on_cpu()
+ (jsc#PED-1503).
+- RDMA/mad: Delete duplicated init_query_mad functions
+ (jsc#PED-1547).
+- iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl
+ (jsc#PED-1508).
+- RDMA/siw: Use max() instead of doing it manually (jsc#PED-1503).
+- RDMA/mlx4: Use bitmap_alloc() when applicable (jsc#PED-1547).
+- RDMA/siw: Use helper function to set sys_image_guid
+ (jsc#PED-1503).
+- RDMA/cxgb4: Use non-atomic bitmap functions when possible
+ (jsc#PED-1508).
+- RDMA/cxgb4: Use bitmap_set() when applicable (jsc#PED-1508).
+- RDMA/cxgb4: Use bitmap_zalloc() when applicable (jsc#PED-1508).
+- RDMA/cxgb4: Use helper function to set GUIDs (jsc#PED-1508).
+- net/mlx4: Use irq_update_affinity_hint() (jsc#PED-1548).
+- cxgb4vf: Remove useless DMA-32 fallback configuration
+ (jsc#PED-1506).
+- cxgb4: Remove useless DMA-32 fallback configuration
+ (jsc#PED-1506).
+- gro: add ability to control gro max packet size (jsc#PED-1565).
+- qed: Use dma_set_mask_and_coherent() and simplify code
+ (jsc#PED-1526).
+- net: Don't include filter.h from net/sock.h (jsc#PED-1548).
+- net: linkwatch: add net device refcount tracker (jsc#PED-1565).
+- lib: add reference counting tracking infrastructure
+ (jsc#PED-1565).
+- qed*: esl priv flag support through ethtool (jsc#PED-1526).
+- qed*: enhance tx timeout debug info (jsc#PED-1526).
+- qed: Enhance rammod debug prints to provide pretty details
+ (jsc#PED-1526).
+- cxgb4: allow reading unrecognized port module eeprom
+ (jsc#PED-1506).
+- qed: Use the bitmap API to simplify some functions
+ (jsc#PED-1526).
+- net: annotate accesses to dev->gso_max_size (jsc#PED-1565).
+- dev_addr: add a modification check (jsc#PED-1565).
+- net: unexport dev_addr_init() & dev_addr_flush() (jsc#PED-1565).
+- net: constify netdev->dev_addr (jsc#PED-1565).
+- cxgb4: Use struct_group() for memcpy() region (jsc#PED-1506).
+- smc9194: use eth_hw_addr_set() (jsc#PED-1565).
+- amd: a2065/ariadne: use eth_hw_addr_set() (jsc#PED-1565).
+- amd: ni65: use eth_hw_addr_set() (jsc#PED-1565).
+- amd: lance: use eth_hw_addr_set() (jsc#PED-1565).
+- ipw2200: constify address in ipw_send_adapter_address
+ (jsc#PED-1565).
+- mlxsw: constify address in mlxsw_sp_port_dev_addr_set
+ (jsc#PED-1565).
+- net: gro: populate net/core/gro.c (jsc#PED-1565).
+- net: gro: move skb_gro_receive into net/core/gro.c
+ (jsc#PED-1565).
+- net: gro: move skb_gro_receive_list to udp_offload.c
+ (jsc#PED-1565).
+- tools: sync uapi/linux/if_link.h header (jsc#PED-1565).
+- r8169: fix incorrect mac address assignment (jsc#PED-1565).
+- staging: use eth_hw_addr_set() in orphan drivers (jsc#PED-1565).
+- staging: rtl: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: unisys: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: rtl8712: prepare for const netdev->dev_addr
+ (jsc#PED-1565).
+- staging: qlge: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: use eth_hw_addr_set() for dev->addr_len cases
+ (jsc#PED-1565).
+- staging: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- staging: use eth_hw_addr_set() (jsc#PED-1565).
+- RDMA/qed: Use helper function to set GUIDs (jsc#PED-1526).
+- net: sgi-xp: use eth_hw_addr_set() (jsc#PED-1565).
+- net: virtio: use eth_hw_addr_set() (jsc#PED-1565).
+- mpt fusion: use dev_addr_set() (jsc#PED-1565).
+- media: use eth_hw_addr_set() (jsc#PED-1565).
+- net: thunderbolt: use eth_hw_addr_set() (jsc#PED-1565).
+- staging: use of_get_ethdev_address() (jsc#PED-1565).
+- net/mlx5e: don't write directly to netdev->dev_addr
+ (jsc#PED-1565).
+- bluetooth: use dev_addr_set() (jsc#PED-1565).
+- bluetooth: use eth_hw_addr_set() (jsc#PED-1565).
+- fddi: defza: add missing pointer type cast (jsc#PED-1565).
+- usbb: catc: use correct API for MAC addresses (jsc#PED-1565).
+- net: atm: use address setting helpers (jsc#PED-1565).
+- net: drivers: get ready for const netdev->dev_addr
+ (jsc#PED-1565).
+- net: caif: get ready for const netdev->dev_addr (jsc#PED-1565).
+- net: hsr: get ready for const netdev->dev_addr (jsc#PED-1565).
+- net: bonding: constify and use dev_addr_set() (jsc#PED-1565).
+- net: rtnetlink: use __dev_addr_set() (jsc#PED-1565).
+- net: core: constify mac addrs in selftests (jsc#PED-1565).
+- zd1201: use eth_hw_addr_set() (jsc#PED-1565).
+- wl3501_cs: use eth_hw_addr_set() (jsc#PED-1565).
+- ray_cs: use eth_hw_addr_set() (jsc#PED-1565).
+- wilc1000: use eth_hw_addr_set() (jsc#PED-1565).
+- hostap: use eth_hw_addr_set() (jsc#PED-1565).
+- ipw2200: prepare for const netdev->dev_addr (jsc#PED-1565).
+- airo: use eth_hw_addr_set() (jsc#PED-1565).
+- brcmfmac: prepare for const netdev->dev_addr (jsc#PED-1565).
+- atmel: use eth_hw_addr_set() (jsc#PED-1565).
+- wil6210: use eth_hw_addr_set() (jsc#PED-1565).
+- ath6kl: use eth_hw_addr_set() (jsc#PED-1565).
+- wireless: use eth_hw_addr_set() for dev->addr_len cases
+ (jsc#PED-1565).
+- wireless: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- wireless: use eth_hw_addr_set() (jsc#PED-1565).
+- cfg80211: prepare for const netdev->dev_addr (jsc#PED-1565).
+- mac80211: use eth_hw_addr_set() (jsc#PED-1565).
+- wireless: mac80211_hwsim: use eth_hw_addr_set() (jsc#PED-1565).
+- net: sb1000,rionet: use eth_hw_addr_set() (jsc#PED-1565).
+- net: plip: use eth_hw_addr_set() (jsc#PED-1565).
+- net: fjes: constify and use eth_hw_addr_set() (jsc#PED-1565).
+- fddi: skfp: constify and use dev_addr_set() (jsc#PED-1565).
+- fddi: defxx,defza: use dev_addr_set() (jsc#PED-1565).
+- net: usb: don't write directly to netdev->dev_addr
+ (jsc#PED-1565).
+- net: qmi_wwan: use dev_addr_mod() (jsc#PED-1565).
+- usb: smsc: use eth_hw_addr_set() (jsc#PED-1565).
+- net: xen: use eth_hw_addr_set() (jsc#PED-1565).
+- batman-adv: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- mac802154: use dev_addr_set() - manual (jsc#PED-1565).
+- mac802154: use dev_addr_set() (jsc#PED-1565).
+- batman-adv: prepare for const netdev->dev_addr (jsc#PED-1565).
+- ethernet: tlan: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: tehuti: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: stmmac: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: mlxsw: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: prestera: use eth_hw_addr_gen() (jsc#PED-1565).
+- ethernet: add a helper for assigning port addresses
+ (jsc#PED-1565).
+- ethernet: smsc: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: smc91x: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: sis190: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: rocker: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: r8169: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: netxen: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: sky2/skge: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: mv643xx: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: use eth_hw_addr_set() in unmaintained drivers
+ (jsc#PED-1565).
+- ethernet: ixgb: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: enic: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: bcmgenet: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: aquantia: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: amd: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: alteon: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: adaptec: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: remove random_ether_addr() (jsc#PED-1565).
+- ethernet: replace netdev->dev_addr 16bit writes (jsc#PED-1565).
+- ethernet: replace netdev->dev_addr assignment loops
+ (jsc#PED-1565).
+- ethernet: manually convert memcpy(dev_addr,..., sizeof(addr))
+ (jsc#PED-1565).
+- ethernet: make use of eth_hw_addr_random() where appropriate
+ (jsc#PED-1565).
+- ethernet: make eth_hw_addr_random() use dev_addr_set()
+ (jsc#PED-1565).
+- net: remove single-byte netdev->dev_addr writes (jsc#PED-1565).
+- ip: use dev_addr_set() in tunnels (jsc#PED-1565).
+- hamradio: use dev_addr_set() for setting device address
+ (jsc#PED-1565).
+- netdevice: demote the type of some dev_addr_set() helpers
+ (jsc#PED-1565).
+- ipv6: constify dev_addr passing (jsc#PED-1565).
+- llc/snap: constify dev_addr passing (jsc#PED-1565).
+- ethernet: tulip: avoid duplicate variable name on sparc
+ (jsc#PED-1565).
+- tulip: fix setting device address from rom (jsc#PED-1565).
+- ethernet: sun: add missing semicolon, fix build (jsc#PED-1565).
+- net: use dev_addr_set() (jsc#PED-1565).
+- ethernet: sun: remove direct netdev->dev_addr writes
+ (jsc#PED-1565).
+- ethernet: tulip: remove direct netdev->dev_addr writes
+ (jsc#PED-1565).
+- ethernet: forcedeth: remove direct netdev->dev_addr writes
+ (jsc#PED-1565).
+- ethernet: use platform_get_ethdev_address() (jsc#PED-1565).
+- eth: platform: add a helper for loading netdev->dev_addr
+ (jsc#PED-1565).
+- ethernet: use device_get_ethdev_address() (jsc#PED-1565).
+- eth: fwnode: add a helper for loading netdev->dev_addr
+ (jsc#PED-1565).
+- eth: fwnode: remove the addr len from mac helpers
+ (jsc#PED-1565).
+- eth: fwnode: change the return type of mac address helpers
+ (jsc#PED-1565).
+- ethernet: use of_get_ethdev_address() (jsc#PED-1565).
+- of: net: add a helper for loading netdev->dev_addr
+ (jsc#PED-1565).
+- net: usb: use eth_hw_addr_set() for dev->addr_len cases
+ (jsc#PED-1565).
+- ethernet: use eth_hw_addr_set() - casts (jsc#PED-1565).
+- fddi: use eth_hw_addr_set() (jsc#PED-1565).
+- ethernet: s2io: use eth_hw_addr_set() (jsc#PED-1565).
+- net: usb: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- net: use eth_hw_addr_set() instead of ether_addr_copy()
+ (jsc#PED-1565).
+- net: usb: use eth_hw_addr_set() (jsc#PED-1565).
+- net:dev: Change napi_gro_complete return type to void
+ (jsc#PED-1565).
+- string.h: Introduce memset_startat() for wiping trailing
+ members and padding (jsc#PED-1508).
+- string.h: Introduce memset_after() for wiping trailing
+ members/padding (jsc#PED-1508).
+- lib: Introduce CONFIG_MEMCPY_KUNIT_TEST (jsc#PED-1508).
+- skb_expand_head() adjust skb->truesize incorrectly
+ (jsc#PED-1565).
+- etherdevice: use __dev_addr_set() (jsc#PED-1565).
+- net: dev_addr_list: handle first address in __hw_addr_add_ex
+ (jsc#PED-1565).
+- cxgb4: Use pci_vpd_find_id_string() to find VPD ID string
+ (jsc#PED-1506).
+- PCI/VPD: Add pci_vpd_find_id_string() (jsc#PED-1506).
+- PCI/VPD: Include post-processing in pci_vpd_find_tag()
+ (jsc#PED-1506).
+- PCI/VPD: Stop exporting pci_vpd_find_info_keyword()
+ (jsc#PED-1506).
+- PCI/VPD: Stop exporting pci_vpd_find_tag() (jsc#PED-1506).
+- scsi: cxlflash: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1506).
+- sfc: falcon: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1565).
+- sfc: falcon: Read VPD with pci_vpd_alloc() (jsc#PED-1565).
+- sfc: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1565).
+- sfc: Read VPD with pci_vpd_alloc() (jsc#PED-1565).
+- net-next: When a bond have a massive amount of VLANs with
+ IPv6 addresses, performance of changing link state, attaching
+ a VRF, changing an IPv6 address, etc. go down dramtically
+ (jsc#PED-1565).
+- net: fix GRO skb truesize update (jsc#PED-1565).
+- net: add netif_set_real_num_queues() for device reconfig
+ (jsc#PED-1565).
+- net: add extack arg for link ops (jsc#PED-1565).
+- move netdev_boot_setup into Space.c (jsc#PED-1565).
+- drivers/net/usb: Remove all strcpy() uses (jsc#PED-1565).
+- skbuff: introduce skb_expand_head() (jsc#PED-1565).
+- sk_buff: avoid potentially clearing 'slow_gro' field
+ (jsc#PED-1565).
+- skbuff: allow 'slow_gro' for skb carring sock reference
+ (jsc#PED-1565).
+- net: optimize GRO for the common case (jsc#PED-1565).
+- sk_buff: track extension status in slow_gro (jsc#PED-1565).
+- sk_buff: track dst status in slow_gro (jsc#PED-1565).
+- sk_buff: introduce 'slow_gro' flags (jsc#PED-1565).
+- commit 407836b
+
+- ACPI: scan: Introduce acpi_fetch_acpi_dev() (jsc#PED-531).
+- commit b412683
+
+- usb: xhci-mtk: Use struct_size() helper in create_sch_ep()
+ (jsc#PED-531).
+- commit 9da5b62
+
+- usb: host: xhci-plat: Remove useless DMA-32 fallback
+ configuration (jsc#PED-531).
+- commit ece14b2
+
+- PM: sleep: Add device name to suspend_report_result()
+ (jsc#PED-531).
+- commit 7dc852b
+
+- USB: core: Update kerneldoc for usb_get_dev() and usb_get_intf()
+ (jsc#PED-531).
+- commit fb5f494
+
+- usb: remove Link Powermanagement (LPM) disable before port reset
+ (jsc#PED-531).
+- commit 4ce8161
+
+- USB: usbfs: Use a spinlock instead of atomic accesses to tally
+ used memory (jsc#PED-531).
+- commit a94fca8
+
+- USB: ACPI: Replace acpi_bus_get_device() (jsc#PED-531).
+- commit 37182c2
+
+- usb: core: Bail out when port is stuck in reset loop
+ (jsc#PED-531).
+- commit 656550a
+
+- usb: common: usb-conn-gpio: Make VBUS supply completely optional
+ (jsc#PED-531).
+- commit fa1ce11
+
+- usb: ulpi: Add debugfs support (jsc#PED-531).
+- commit d397b49
+
+- component: Add common helper for compare/release functions
+ (jsc#PED-531).
+- commit 2986bd9
+
+- acpi: Export acpi_bus_type (jsc#PED-531).
+- commit 7c22384
+
+- component: Replace most references to 'master' with 'aggregate
+ device' (jsc#PED-531).
+- commit 9131eb9
+
+- drivers/base/component.c: remove superfluous header files from
+ component.c (jsc#PED-531).
+- commit ab1424f
+
+- blacklist.conf: remove kABI entries for SP5
+ SP5 may break the kABI. Hence the patches that did not go
+ into SP4 for kABI reasons should go into SP5, unless other reasons
+ for blocking them exist. Removing the entries to trigger
+ a reevaluation
+- commit 8607b86
+
+- acpi: Store CRC-32 hash of the _PLD in struct acpi_device
+ (jsc#PED-531).
+- commit 817d17e
+
+- usb: typec: port-mapper: Convert to the component framework
+ (jsc#PED-531).
+- Refresh patches.suse/typeC-Add-kABI-placeholders.patch.
+- commit ee7ecd6
+
+- usb: typec: ucsi: Expose number of alternate modes in partner
+ (jsc#PED-531).
+- commit 2bab2dd
+
+- usb: typec: tipd: Fix initialization sequence for cd321x
+ (jsc#PED-531).
+- commit c7460c1
+
+- usb: typec: tipd: Fix typo in cd321x_switch_power_state
+ (jsc#PED-531).
+- commit 11f03ee
+
+- usb: typec: tipd: Enable event interrupts by default
+ (jsc#PED-531).
+- commit cba4c03
+
+- usb: typec: tipd: Remove FIXME about testing with I2C_FUNC_I2C
+ (jsc#PED-531).
+- commit a81811f
+
+- usb: typec: tipd: Switch CD321X power state to S0 (jsc#PED-531).
+- commit 2cbb386
+
+- usb: typec: tipd: Add support for Apple CD321X (jsc#PED-531).
+- commit 31d2bf2
+
+- usb: typec: tipd: Add short-circuit for no irqs (jsc#PED-531).
+- commit e9cc528
+
+- usb: typec: tipd: Split interrupt handler (jsc#PED-531).
+- commit 5143aea
+
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+ Added missing chenge from merge commit (bsc#1203479)
+- commit 2a4b363
+
+- powerpc/doc: Fix htmldocs errors (git-fixes).
+- commit c32a50b
+
+- efi: do not automatically generate secret key (jsc#PED-1444).
+- commit 4a26ca3
+
+- dmaengine: idxd: fix retry value to be constant for duration
+ of function call (git-fixes).
+- dmaengine: idxd: match type for retries var in idxd_enqcmds()
+ (git-fixes).
+- commit ad373ba
+
+- dmaengine: idxd: change MSIX allocation based on per wq
+ activation (jsc#PED-664).
+- dmaengine: idxd: fix descriptor flushing locking (jsc#PED-664).
+- dmaengine: idxd: embed irq_entry in idxd_wq struct
+ (jsc#PED-664).
+- commit d9570b4
+
+- Update patch referece for IDXD fix (jsc#PED-729)
+- commit 0666616
+
+- dmaengine: idxd: add knob for enqcmds retries (jsc#PED-755).
+- commit b9e7fd2
+
+- dmaengine: idxd: update IAA definitions for user header
+ (jsc#PED-763).
+- commit 966fd07
+
+- dmaengine: idxd: handle interrupt handle revoked event
+ (jsc#PED-682).
+- Refresh
+ patches.suse/dmaengine-idxd-set-defaults-for-wq-configs.patch.
+- commit b8b62ed
+
+- dmaengine: idxd: handle invalid interrupt handle descriptors
+ (jsc#PED-682).
+- commit 4d43b5f
+
+- dmaengine: idxd: create locked version of idxd_quiesce() call
+ (jsc#PED-682).
+- commit 84c33cd
+
+- dmaengine: idxd: add helper for per interrupt handle drain
+ (jsc#PED-682).
+- commit 7f570d2
+
+- dmaengine: idxd: move interrupt handle assignment (jsc#PED-682).
+- commit c11ff86
+
+- dmaengine: idxd: int handle management refactoring
+ (jsc#PED-682).
+- commit a2ea081
+
+- dmaengine: idxd: rework descriptor free path on failure
+ (jsc#PED-682).
+- commit 10afe67
+
+- dmaengine: idxd: set defaults for wq configs (jsc#PED-688).
+- Refresh
+ patches.suse/dmaengine-idxd-fix-wq-settings-post-wq-disable.patch.
+- commit d90c3a3
+
+- PCI: Disable MSI for Tegra234 Root Ports (git-fixes).
+- PCI: Correct misspelled words (git-fixes).
+- PCI: Prefer 'unsigned int' over bare 'unsigned' (git-fixes).
+- commit 2fdd511
+
+- PCI/ASPM: Make Intel DG2 L1 acceptable latency unlimited
+ (jsc#PED-387).
+- commit 7d30fcd
+
+- net: dsa: mt7530: 1G can also support 1000BASE-X link mode
+ (git-fixes).
+- commit cdb75aa
+
+- igb: skip phy status check where unavailable (git-fixes).
+- commit a3b27da
+
+- ice: fix possible under reporting of ethtool Tx and Rx
+ statistics (git-fixes).
+- commit c2f52c2
+
+- ice: fix crash when writing timestamp on RX rings (git-fixes).
+- commit fb0a1aa
+
+- net/mlx5: Drain fw_reset when removing device (git-fixes).
+- commit 97a86a6
+
+- net/mlx5e: Remove HW-GRO from reported features (git-fixes).
+- commit 4a77968
+
+- net/mlx5e: Properly block HW GRO when XDP is enabled
+ (git-fixes).
+- commit f953f8f
+
+- net/mlx5e: Properly block LRO when XDP is enabled (git-fixes).
+- commit 6b1fa7c
+
+- net/mlx5e: Block rx-gro-hw feature in switchdev mode
+ (git-fixes).
+- commit a1cfc32
+
+- net/qla3xxx: Fix a test in ql_reset_work() (git-fixes).
+- commit 52c2fa5
+
+- net: systemport: Fix an error handling path in
+ bcm_sysport_probe() (git-fixes).
+- commit b45f6dc
+
+- net: macb: Increment rx bd head after allocating skb and buffer
+ (git-fixes).
+- commit 41b13b2
+
+- net: ipa: get rid of a duplicate initialization (git-fixes).
+- commit a69d7cd
+
+- net: ipa: record proper RX transaction count (git-fixes).
+- commit 0de4988
+
+- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down()
+ (git-fixes).
+- commit cf3c3f2
+
+- net: ethernet: mediatek: ppe: fix wrong size passed to memset()
+ (git-fixes).
+- commit f134be1
+
+- ice: Fix race during aux device (un)plugging (git-fixes).
+- commit 4278261
+
+- net: mscc: ocelot: avoid corrupting hardware counters when
+ moving VCAP filters (git-fixes).
+- commit ca8eb08
+
+- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0
+ (git-fixes).
+- commit d224ca3
+
+- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups
+ (git-fixes).
+- commit 95340f0
+
+- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in
+ hardware when deleted (git-fixes).
+- commit bda7960
+
+- net: emaclite: Add error handling for of_address_to_resource()
+ (git-fixes).
+- commit a361614
+
+- net: cpsw: add missing of_node_put() in cpsw_probe_dt()
+ (git-fixes).
+- commit 014fc77
+
+- net: stmmac: dwmac-sun8i: add missing of_node_put() in
+ sun8i_dwmac_register_mdio_mux() (git-fixes).
+- commit 72dc370
+
+- net: dsa: mt7530: add missing of_node_put() in mt7530_setup()
+ (git-fixes).
+- commit 1fa6443
+
+- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller
+ (git-fixes).
+- commit f4b10fd
+
+- net: fec: add missing of_node_put() in fec_enet_init_stop_mode()
+ (git-fixes).
+- commit 6d689b8
+
+- net: dsa: lantiq_gswip: Don't set GSWIP_MII_CFG_RMII_CLK
+ (git-fixes).
+- commit cda6d8f
+
+- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for
+ port_base_addr (git-fixes).
+- commit fc0f29e
+
+- net: bcmgenet: hide status block before TX timestamping
+ (git-fixes).
+- commit 7471b10
+
+- net: stmmac: Use readl_poll_timeout_atomic() in atomic state
+ (git-fixes).
+- commit 77bb15d
+
+- net: mscc: ocelot: fix broken IP multicast flooding (git-fixes).
+- commit 9360c59
+
+- net: bcmgenet: Revert "Use stronger register read/writes to
+ assure ordering" (git-fixes).
+- commit 2e1c776
+
+- net: ftgmac100: access hardware register after clock ready
+ (git-fixes).
+- commit 6f339f4
+
+- s390/boot: fix absolute zero lowcore corruption on boot
+ (git-fixes).
+- commit 673e9bc
+
+- ppc64/kdump: Limit kdump base to 512MB (bsc#1203410 ltc#199904).
+- commit 04343f5
+
+- Update patches.suse/SUNRPC-Prevent-immediate-close-reconnect.patch
+ (git-fixes, bsc#1203338).
+- commit 1a26f26
+
+- net: ethernet: stmmac: fix altr_tse_pcs function when using
+ a fixed-link (git-fixes).
+- commit 6e948de
+
+- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
+- commit 6052c6d
+
+- mlxsw: i2c: Fix initialization error flow (git-fixes).
+- commit b1671b5
+
+- net: ethernet: mv643xx: Fix over zealous checking
+ of_get_mac_address() (git-fixes).
+- commit d6232d0
+
+- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg
+ (git-fixes).
+- commit 5811714
+
+- dpaa2-ptp: Fix refcount leak in dpaa2_ptp_probe (git-fixes).
+- commit 20972b2
+
+- net: stmmac: Fix unset max_speed difference between DT and
+ non-DT platforms (git-fixes).
+- commit 21d6298
+
+- vrf: fix packet sniffing for traffic originating from ip tunnels
+ (git-fixes).
+- commit 656f34a
+
+- net: hns3: fix the concurrency between functions reading debugfs
+ (git-fixes).
+- commit b62a96b
+
+- net: sparx5: uses, depends on BRIDGE or !BRIDGE (git-fixes).
+- commit 91c7940
+
+- net: dsa: bcm_sf2_cfp: fix an incorrect NULL check on list
+ iterator (git-fixes).
+- commit 587d5e0
+
+- net: sparx5: depends on PTP_1588_CLOCK_OPTIONAL (git-fixes).
+- commit e5cbf9e
+
+- blacklist.conf: update blacklist
+- commit b64ff66
+
+- usb: typec: ucsi: Better fix for missing unplug events issue
+ (jsc#PED-531).
+- commit 23c30d4
+
+- usb: typec: ucsi: Read the PDOs in separate work (jsc#PED-531).
+- commit 120360c
+
+- usb: typec: ucsi: Check the partner alt modes always if there
+ is PD contract (jsc#PED-531).
+- commit 109aef2
+
+- usb: typec: ucsi: acpi: Reduce the command completion timeout
+ (jsc#PED-531).
+- commit 6c0912c
+
+- usb: typec: ucsi: Add polling mechanism for partner tasks like
+ alt mode checking (jsc#PED-531).
+- commit 9e46ec7
+
+- usb: typec: tcpci: Fix spelling mistake "resolbed" -> "resolved"
+ (jsc#PED-531).
+- commit fbac539
+
+- usb: typec: tipd: Add an additional overflow check (git-fixes).
+- commit b1f97fa
+
+- usb: typec: tipd: Don't read/write more bytes than required
+ (git-fixes).
+- commit e669366
+
+- Update patch references for ALSA fixes (jsc#PED-652 jsc#PED-720)
+- commit 3c5b516
+
+- ASoC: SOF: Intel: pci-tgl: add RPL-P support (jsc#PED-720).
+- ASoC: SOF: Intel: pci-tgl: add ADL-PS support (jsc#PED-720).
+- commit 012fcdf
+
+- ALSA: hda: intel-dsp-config: Add RaptorLake PCI IDs
+ (jsc#PED-720).
+- commit ae48fdf
+
+- ASoC: SOF: Intel: pci-tgl: add RPL-S support (jsc#PED-652).
+- commit c23d1e1
+
+- ALSA: control: Use deferred fasync helper (git-fixes).
+- ALSA: timer: Use deferred fasync helper (git-fixes).
+- ALSA: core: Add async signal helpers (git-fixes).
+- ALSA: jack: Access input_dev under mutex (git-fixes).
+- commit d1a09af
+
+- Enable the build of nvidia-wmi-ec-backlight module (jsc#PED-1164)
+- commit f9ebde3
+
+- platform/x86: Rename wmaa-backlight-wmi to
+ nvidia-wmi-ec-backlight (jsc#PED-1164).
+- platform/x86: Remove "WMAA" from identifier names in
+ wmaa-backlight-wmi.c (jsc#PED-1164).
+- platform/x86: Add driver for ACPI WMAA EC-based backlight
+ control (jsc#PED-1164).
+- commit 1975b25
+
+- blacklist.conf: Drop kABI-related ALSA entries from SP4
+- commit cb39f3b
+
+- usb: Link the ports to the connectors they are attached to
+ (jsc#PED-531).
+- commit fe04d18
+
+- usb: core: Export usb_device_match_id (jsc#PED-531).
+- commit aa72be2
+
+- usb: hub: make wait_for_connected() take an int instead of a
+ pointer to int (jsc#PED-531).
+- commit d7280d6
+
+- usb: chipidea: tegra: Add runtime PM and OPP support
+ (jsc#PED-531).
+- commit 3f3ba93
+
+- soc/tegra: Add devm_tegra_core_dev_init_opp_table_common()
+ (jsc#PED-531).
+- commit 7ad426c
+
+- Update DRM UDL patches from upstreamed patches (bsc#1195917)
+ Dropped:
+ patches.suse/0001-drm-udl-Restore-display-mode-on-resume.patch
+- commit eab8d35
+
+- ice: Allow operation with reduced device MSI-X (bsc#1201987).
+- commit adb8f10
+
+- powerpc/pseries/vas: Use QoS credits from the userspace
+ (jsc#PED-542).
+- powerpc/pseries/vas: Add VAS migration handler (jsc#PED-542).
+- Refresh patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch
+- Refresh patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch
+- powerpc/pseries/vas: Modify reconfig open/close functions for
+ migration (jsc#PED-542).
+- powerpc/pseries/vas: Define global hv_cop_caps struct
+ (jsc#PED-542).
+- powerpc/pseries/vas: Add 'update_total_credits' entry for QoS
+ capabilities (jsc#PED-542).
+- powerpc/pseries/vas: sysfs interface to export capabilities
+ (jsc#PED-542).
+- powerpc/pseries/vas: Reopen windows with DLPAR core add
+ (jsc#PED-542).
+- powerpc/pseries/vas: Close windows with DLPAR core removal
+ (jsc#PED-542).
+- powerpc/vas: Map paste address only if window is active
+ (jsc#PED-542).
+- powerpc/vas: Return paste instruction failure if no active
+ window (jsc#PED-542).
+- powerpc/vas: Add paste address mmap fault handler (jsc#PED-542).
+- powerpc/pseries/vas: Save PID in pseries_vas_window struct
+ (jsc#PED-542).
+- powerpc/pseries/vas: Use common names in VAS capability
+ structure (jsc#PED-542).
+- commit b24c3ed
+
+- watchdog/pseries-wdt: initial support for H_WATCHDOG-based
+ watchdog timers (jsc#PED-549).
+- Update config files.
+- supported.conf: Add pseries-wdt
+- powerpc/pseries: register pseries-wdt device with platform bus
+ (jsc#PED-549).
+- powerpc/pseries: add FW_FEATURE_WATCHDOG flag (jsc#PED-549).
+- powerpc/pseries: hvcall.h: add H_WATCHDOG opcode, H_NOOP return
+ code (jsc#PED-549).
+- powerpc/pseries: Fix numa FORM2 parsing fallback code
+ (jsc#PED-551).
+- powerpc/pseries: rename numa_dist_table to form2_distances
+ (jsc#PED-551).
+- powerpc/pseries: Add support for FORM2 associativity
+ (jsc#PED-551).
+- Refresh patches.suse/powerpc-pseries-Interface-to-represent-PAPR-firmware.patch
+- powerpc/pseries: Add a helper for form1 cpu distance
+ (jsc#PED-551).
+- powerpc/pseries: Consolidate different NUMA distance update
+ code paths (jsc#PED-551).
+- Refresh patches.suse/powerpc-numa-Update-cpu_cpu_map-on-CPU-online-offlin.patch
+- commit 1708bfe
+
+- usb: hub: avoid warm port reset during USB3 disconnect
+ (git-fixes).
+- commit 8af7b8e
+
+- usb: core: hcd: change sizeof(vaddr) to sizeof(unsigned long)
+ (jsc#PED-531).
+- commit 1523b0b
+
+- scsi: ipr: Fix missing/incorrect resource cleanup in error case
+ (jsc#PED-548).
+- scsi: ipr: Use kobj_to_dev() (jsc#PED-548).
+- scsi: ipr: Directly return instead of using local ret variable
+ (jsc#PED-548).
+- commit 1d92f11
+
+- usb: core: Fix file path that does not exist (jsc#PED-531).
+- commit f9f0a5e
+
+- USB: common: debug: add needed kernel.h include (jsc#PED-531).
+- commit 944eff7
+
+- xhci: use max() to make code cleaner (jsc#PED-531).
+- commit a9fbbb5
+
+- usb: xhci-mtk: fix random remote wakeup (jsc#PED-531).
+- commit 6629649
+
+- usb: xhci-mtk: remove unnecessary error check (jsc#PED-531).
+- commit b17a19c
+
+- usb: xhci-mtk: fix list_del warning when enable list debug
+ (jsc#PED-531).
+- commit 90a533c
+
+- usb: xhci-mtk: enable wake-up interrupt after runtime_suspend
+ called (jsc#PED-531).
+- commit 293016f
+
+- PM / wakeirq: support enabling wake-up irq after runtime_suspend
+ called (jsc#PED-531).
+- commit c727a40
+
+- usb: xhci: Use to_pci_driver() instead of pci_dev->driver
+ (jsc#PED-531).
+- commit 541116e
+
+- usb: core: config: Change sizeof(struct ...) to
+ sizeof(*...) (jsc#PED-531).
+- commit 249a144
+
+- usb: core: hcd: fix messages in usb_hcd_request_irqs()
+ (jsc#PED-531).
+- commit 6d29347
+
+- usb: core: hcd: Modularize HCD stop configuration in
+ usb_stop_hcd() (jsc#PED-531).
+- commit dfccab2
+
+- usb: xhci-mtk: use xhci_dbg() to print log (jsc#PED-531).
+- commit e7dd0f8
+
+- usb: xhci-mtk: allow bandwidth table rollover (jsc#PED-531).
+- commit 11e08d1
+
+- usb: xhci-mtk: Do not use xhci's virt_dev in drop_endpoint
+ (jsc#PED-531).
+- commit 8d6c90e
+
+- usb: xhci-mtk: modify the SOF/ITP interval for mt8195
+ (jsc#PED-531).
+- commit da8bc69
+
+- usb: xhci-mtk: add a member of num_esit (jsc#PED-531).
+- commit 4745d08
+
+- usb: xhci-mtk: check boundary before check tt (jsc#PED-531).
+- commit 5bf9b17
+
+- usb: xhci-mtk: update fs bus bandwidth by bw_budget_table
+ (jsc#PED-531).
+- commit 2035273
+
+- usb: xhci-mtk: support option to disable usb2 ports
+ (jsc#PED-531).
+- commit 21ff31f
+
+- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes)
+- commit 49a8536
+
+- arm64: select TRACE_IRQFLAGS_NMI_SUPPORT (git-fixes)
+- commit 8e1f358
+
+- arm64: errata: Add Cortex-A510 to the repeat tlbi list (git-fixes)
+ Enable this errata fix configuration option to arm64/default.
+- commit c8ec028
+
+- Revert "arm64: Mitigate MTE issues with str{n}cmp()" (git-fixes)
+- commit 3916261
+
+- arm64: lib: Import latest version of Arm Optimized Routines' strcmp (git-fixes)
+- commit 0ad904d
+
+- tty: drop put_tty_driver (jsc#PED-531).
+- Refresh
+ patches.suse/ipack-ipoctal-fix-stack-information-leak.patch.
+- commit 512f7d8
+
+- tracing: hold caller_addr to hardirq_{enable,disable}_ip
+ (git-fixes).
+- commit ec23c84
+
+- ftrace: Fix NULL pointer dereference in is_ftrace_trampoline
+ when ftrace is dead (git-fixes).
+- commit 4b6dc41
+
+- usb: renesas-xhci: Remove renesas_xhci_pci_exit() (jsc#PED-531).
+- commit 5a90fd4
+
+- btrfs: fix space cache corruption and potential double
+ allocations (bsc#1203361).
+- commit 0479f45
+
+- btrfs: fix relocation crash due to premature return from
+ btrfs_commit_transaction() (bsc#1203360).
+- commit 5ceb88f
+
+- usb: xhci-renesas: Minor coding style cleanup (jsc#PED-531).
+- commit 229132e
+
+- KVM: x86: do not report a vCPU as preempted outside instruction
+ boundaries (bsc#1203066 CVE-2022-39189).
+- commit c89b7e4
+
+- blacklist.conf: add 3 commits for git-fixes not needed
+- commit 6f1ca85
+
+- netfilter: nf_tables: do not allow RULE_ID to refer to another
+ chain (CVE-2022-2586 bsc#1202095).
+- netfilter: nf_tables: do not allow CHAIN_ID to refer to another
+ table (CVE-2022-2586 bsc#1202095).
+- netfilter: nf_tables: do not allow SET_ID to refer to another
+ table (CVE-2022-2586 bsc#1202095).
+- commit 42bb8dc
+
+- Update
+ patches.suse/dccp-don-t-duplicate-ccid-when-cloning-dccp-sock.patch
+ references (add CVE-2020-16119 bsc#1177471).
+- commit 7d3c30f
+
+- Update message from free_area_init (bsc#1203101)
+ Refreshed:
+ patches.suse/0002-mm-handle-uninitialized-numa-nodes-gracefully.patch
+- commit 58d8d59
+
+- blacklist.conf: unwanted s390 commits
+- commit 7773032
+
+- watchdog: wdat_wdt: Set the min and max timeout values properly
+ (bsc#1194023).
+- commit d609cb4
+
+- kbuild: disable header exports for UML in a straightforward way
+ (git-fixes).
+- docs: i2c: i2c-topology: fix incorrect heading (git-fixes).
+- commit 96f4a7a
+
+- hwmon: (mr75203) enable polling for all VM channels (git-fixes).
+- hwmon: (mr75203) fix multi-channel voltage reading (git-fixes).
+- hwmon: (mr75203) fix voltage equation for negative source input
+ (git-fixes).
+- hwmon: (mr75203) update pvt->v_num and vm_num to the actual
+ number of used sensors (git-fixes).
+- hwmon: (mr75203) fix VM sensor allocation when "intel,vm-map"
+ not defined (git-fixes).
+- dt-bindings: hwmon: (mr75203) fix "intel,vm-map" property to
+ be optional (git-fixes).
+- hwmon: (tps23861) fix byte order in resistance register
+ (git-fixes).
+- commit 4be15df
+
+- ALSA: emu10k1: Fix out of bounds access in
+ snd_emu10k1_pcm_channel_alloc() (git-fixes).
+- ALSA: usb-audio: Fix an out-of-bounds bug in
+ __snd_usb_parse_audio_interface() (git-fixes).
+- ALSA: hda/tegra: Align BDL entry to 4KB boundary (git-fixes).
+- ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC (git-fixes).
+- ALSA: aloop: Fix random zeros in capture data when using
+ jiffies timer (git-fixes).
+- commit e787e77
+
+- ASoC: qcom: sm8250: add missing module owner (git-fixes).
+- ALSA: hda/sigmatel: Fix unused variable warning for beep power
+ change (git-fixes).
+- ALSA: usb-audio: Split endpoint setups for hw_params and prepare
+ (git-fixes).
+- ALSA: usb-audio: Register card again for iface over
+ delayed_register option (git-fixes).
+- ALSA: usb-audio: Inform the delayed registration more properly
+ (git-fixes).
+- commit fdc009b
+
+- Move upstreamed patches into sorted section
+- commit 9769cb9
+
+- bnxt_en: add dynamic debug support for HWRM messages
+ (jsc#PED-1495).
+- Refresh
+ patches.suse/bnxt_en-Increase-firmware-message-response-DMA-wait-.patch.
+- commit 9044955
+
+- RDMA: Constify netdev->dev_addr accesses (jsc#PED-1494).
+- Refresh
+ patches.suse/RDMA-bnxt_re-Use-helper-function-to-set-GUIDs.patch.
+- commit d62d7be
+
+- bnxt_en: fix LRO/GRO_HW features in ndo_fix_features callback
+ (jsc#PED-1495).
+- bnxt_en: fix NQ resource accounting during vf creation on
+ 57500 chips (jsc#PED-1495).
+- bnxt_en: set missing reload flag in devlink features
+ (jsc#PED-1495).
+- bnxt_en: Use PAGE_SIZE to init buffer when multi buffer XDP
+ is not in use (jsc#PED-1495).
+- bnxt: Use the bitmap API to allocate bitmaps (jsc#PED-1495).
+- bnxt: Fix typo in comments (jsc#PED-1495).
+- bnxt_en: Fix bnxt_refclk_read() (jsc#PED-1495).
+- bnxt_en: Fix and simplify XDP transmit path (jsc#PED-1495).
+- bnxt_en: fix livepatch query (jsc#PED-1495).
+- bnxt_en: Fix bnxt_reinit_after_abort() code path (jsc#PED-1495).
+- bnxt_en: reclaim max resources if sriov enable fails
+ (jsc#PED-1495).
+- eth: bnxt: make ulp_id unsigned to make GCC 12 happy
+ (jsc#PED-1495).
+- bnxt_en: parse and report result field when NVRAM package
+ install fails (jsc#PED-1495).
+- bnxt_en: Enable packet timestamping for all RX packets
+ (jsc#PED-1495).
+- bnxt_en: Configure ptp filters during bnxt open (jsc#PED-1495).
+- bnxt_en: Update firmware interface to 1.10.2.95 (jsc#PED-1495).
+- bnxt: XDP multibuffer enablement (jsc#PED-1495).
+- bnxt: support transmit and free of aggregation buffers
+ (jsc#PED-1495).
+- bnxt: adding bnxt_xdp_build_skb to build skb from multibuffer
+ xdp_buff (jsc#PED-1495).
+- bnxt: add page_pool support for aggregation ring when using xdp
+ (jsc#PED-1495).
+- bnxt: change receive ring space parameters (jsc#PED-1495).
+- bnxt: set xdp_buff pfmemalloc flag if needed (jsc#PED-1495).
+- bnxt: adding bnxt_rx_agg_pages_xdp for aggregated xdp
+ (jsc#PED-1495).
+- bnxt: rename bnxt_rx_pages to bnxt_rx_agg_pages_skb
+ (jsc#PED-1495).
+- bnxt: refactor bnxt_rx_pages operate on skb_shared_info
+ (jsc#PED-1495).
+- bnxt: add flag to denote that an xdp program is currently
+ attached (jsc#PED-1495).
+- bnxt: refactor bnxt_rx_xdp to separate
+ xdp_init_buff/xdp_prepare_buff (jsc#PED-1495).
+- bnxt_en: Initiallize bp->ptp_lock first before using it
+ (jsc#PED-1495).
+- devlink: add explicitly locked flavor of the rate node APIs
+ (jsc#PED-1495).
+- bnxt: use the devlink instance lock to protect sriov
+ (jsc#PED-1495).
+- devlink: expose instance locking and add locked port registering
+ (jsc#PED-1495).
+- bnxt: revert hastily merged uAPI aberrations (jsc#PED-1495).
+- bnxt_en: add an nvm test for hw diagnose (jsc#PED-1495).
+- bnxt_en: implement hw health reporter (jsc#PED-1495).
+- bnxt_en: Properly report no pause support on some cards
+ (jsc#PED-1495).
+- bnxt_en: introduce initial link state of unknown (jsc#PED-1495).
+- bnxt_en: parse result field when NVRAM package install fails
+ (jsc#PED-1495).
+- bnxt_en: add more error checks to HWRM_NVM_INSTALL_UPDATE
+ (jsc#PED-1495).
+- bnxt_en: refactor error handling of HWRM_NVM_INSTALL_UPDATE
+ (jsc#PED-1495).
+- bnxt: report header-data split state (jsc#PED-1495).
+- ethtool: add header/data split indication (jsc#PED-1495).
+- bnxt_en: Handle async event when the PHC is updated in RTC mode
+ (jsc#PED-1495).
+- bnxt_en: Implement .adjtime() for PTP RTC mode (jsc#PED-1495).
+- bnxt_en: Add driver support to use Real Time Counter for PTP
+ (jsc#PED-1495).
+- bnxt_en: PTP: Refactor PTP initialization functions
+ (jsc#PED-1495).
+- bnxt_en: Update firmware interface to 1.10.2.73 (jsc#PED-1495).
+- bpf: introduce BPF_F_XDP_HAS_FRAGS flag in prog_flags loading
+ the ebpf program (jsc#PED-1495).
+- net: xdp: add xdp_update_skb_shared_info utility routine
+ (jsc#PED-1495).
+- xdp: introduce flags field in xdp_buff/xdp_frame (jsc#PED-1495).
+- net: skbuff: add size metadata to skb_shared_info for xdp
+ (jsc#PED-1495).
+- RDMA/bnxt_re: Fix endianness warning for req.pkey
+ (jsc#PED-1494).
+- RDMA/bnxt_re: Use bitmap_zalloc() when applicable
+ (jsc#PED-1494).
+- RDMA/bnxt_re: Remove dynamic pkey table (jsc#PED-1494).
+- RDMA/bnxt_re: Remove unneeded variable (jsc#PED-1494).
+- bnxt_en: improve firmware timeout messaging (jsc#PED-1495).
+- bnxt_en: improve VF error messages when PF is unavailable
+ (jsc#PED-1495).
+- bnxt_en: Use page frag RX buffers for better software GRO
+ performance (jsc#PED-1495).
+- bnxt_en: convert to xdp_do_flush (jsc#PED-1495).
+- bnxt_en: Support CQE coalescing mode in ethtool (jsc#PED-1495).
+- bnxt_en: Support configurable CQE coalescing mode
+ (jsc#PED-1495).
+- bnxt_en: enable interrupt sampling on 5750X for DIM
+ (jsc#PED-1495).
+- bnxt_en: Log error report for dropped doorbell (jsc#PED-1495).
+- bnxt_en: Add event handler for PAUSE Storm event (jsc#PED-1495).
+- devlink: Add new "event_eq_size" generic device param
+ (jsc#PED-1495).
+- devlink: Add new "io_eq_size" generic device param
+ (jsc#PED-1495).
+- flow_offload: reject to offload tc actions in offload drivers
+ (jsc#PED-1495).
+- devlink: Remove misleading internal_flags from health reporter
+ dump (jsc#PED-1495).
+- devlink: fix flexible_array.cocci warning (jsc#PED-1495).
+- ethtool: don't drop the rtnl_lock half way thru the ioctl
+ (jsc#PED-1495).
+- devlink: expose get/put functions (jsc#PED-1495).
+- ethtool: handle info/flash data copying outside rtnl_lock
+ (jsc#PED-1495).
+- ethtool: push the rtnl_lock into dev_ethtool() (jsc#PED-1495).
+- devlink: make all symbols GPL-only (jsc#PED-1495).
+- devlink: Simplify internal devlink params implementation
+ (jsc#PED-1495).
+- devlink: Clean not-executed param notifications (jsc#PED-1495).
+- ethtool: ioctl: Use array_size() helper in copy_{from,to}_user()
+ (jsc#PED-1495).
+- ethtool: prevent endless loop if eeprom size is smaller than
+ announced (jsc#PED-1495).
+- ethtool: runtime-resume netdev parent before ethtool ioctl ops
+ (jsc#PED-1495).
+- commit 5128686
+
+- s390: fix double free of GS and RI CBs on fork() failure
+ (bsc#1203197 LTC#199895).
+- commit a3c49e0
+
+- net: stmmac: dwmac-qcom-ethqos: Enable RGMII functional clock
+ on resume (git-fixes).
+- commit 196b9a7
+
+- net: stmmac: dwmac-qcom-ethqos: add platform level clocks
+ management (git-fixes).
+- commit 9419c89
+
+- net: axienet: fix RX ring refill allocation failure handling
+ (git-fixes).
+- commit 4644276
+
+- bnx2x: fix built-in kernel driver load failure (git-fixes).
+- commit 4c90c2b
+
+- net: stmmac: only enable DMA interrupts when ready (git-fixes).
+- commit 8b7732b
+
+- net: stmmac: perserve TX and RX coalesce value during XDP setup
+ (git-fixes).
+- commit 7ef4525
+
+- net: stmmac: enhance XDP ZC driver level switching performance
+ (git-fixes).
+- commit 0b61dc1
+
+- bnx2x: fix driver load from initrd (git-fixes).
+- commit 922bb4e
+
+- Update metadata references
+- commit b8d9524
+
+- regulator: core: Clean up on enable failure (git-fixes).
+- wifi: iwlegacy: 4965: corrected fix for potential off-by-one
+ overflow in il4965_rs_fill_link_cmd() (git-fixes).
+- vt: Clear selection before changing the font (git-fixes).
+- clk: bcm: rpi: Prevent out-of-bounds access (git-fixes).
+- mmc: core: Fix inconsistent sd3_bus_mode at UHS-I SD voltage
+ switch failure (git-fixes).
+- drm/i915: Skip wm/ddb readout for disabled pipes (git-fixes).
+- drm/i915/glk: ECS Liva Q2 needs GLK HDMI port timing quirk
+ (git-fixes).
+- USB: serial: cp210x: add Decagon UCA device id (git-fixes).
+- USB: serial: option: add support for Cinterion MV32-WA/WB
+ RmNet mode (git-fixes).
+- USB: serial: ftdi_sio: add Omron CS1W-CIF31 device id
+ (git-fixes).
+- USB: serial: option: add Quectel EM060K modem (git-fixes).
+- USB: serial: option: add support for OPPO R11 diag port
+ (git-fixes).
+- media: mceusb: Use new usb_control_msg_*() routines (git-fixes).
+- USB: cdc-acm: Add Icom PMR F3400 support (0c26:0020)
+ (git-fixes).
+- usb: xhci-mtk: relax TT periodic bandwidth allocation
+ (git-fixes).
+- usb: dwc3: pci: Add support for Intel Raptor Lake (git-fixes).
+- usb: typec: intel_pmc_mux: Add new ACPI ID for Meteor Lake
+ IOM device (git-fixes).
+- usb-storage: Add ignore-residue quirk for NXP PN7462AU
+ (git-fixes).
+- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (git-fixes).
+- clk: bcm: rpi: Use correct order for the parameters of
+ devm_kcalloc() (git-fixes).
+- commit 8d6d69c
+
+- bnx2x: Fix comment typo (jsc#PED-535).
+- cnic: Use the bitmap API to allocate bitmaps (jsc#PED-1516).
+- bnx2x: Fix spelling mistake "regiser" -> "register"
+ (jsc#PED-535).
+- bnx2x: Fix undefined behavior due to shift overflowing the
+ constant (jsc#PED-535).
+- bnx2x: truncate value to original sizing (jsc#PED-535).
+- bnx2x: use correct format characters (jsc#PED-535).
+- bnx2x: Replace one-element array with flexible-array member
+ (jsc#PED-535).
+- bnx2x: fix built-in kernel driver load failure (jsc#PED-535).
+- bnx2: Fix an error message (jsc#PED-1187).
+- bnx2x: fix driver load from initrd (jsc#PED-535).
+- bnx2x: Remove useless DMA-32 fallback configuration
+ (jsc#PED-535).
+- bna: Simplify DMA setting (jsc#PED-1521).
+- net: bna: Update supported link modes (jsc#PED-1521).
+- bnx2x: constify static inline stub for dev_addr (jsc#PED-535).
+- bnx2x: Use struct_group() for memcpy() region (jsc#PED-535).
+- net: move gro definitions to include/net/gro.h (jsc#PED-535).
+- bnx2: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1187).
+- bnx2: Replace open-coded version with swab32s() (jsc#PED-1187).
+- commit 9e44625
+
+- tty: remove CMSPAR ifdefs (jsc#PED-531).
+- commit 8886a3f
+
+- net: dsa: microchip: fix bridging with more than two member
+ ports (git-fixes).
+- commit f2a5e08
+
+- net: dsa: lantiq_gswip: fix use after free in gswip_remove()
+ (git-fixes).
+- commit 577992b
+
+- ice: Fix KASAN error in LAG NETDEV_UNREGISTER handler
+ (git-fixes).
+- commit f16c949
+
+- net: mscc: ocelot: fix all IP traffic getting trapped to CPU
+ with PTP over IP (git-fixes).
+- commit 391f1b3
+
+- net: axienet: reset core on initialization prior to MDIO access
+ (git-fixes).
+- Refresh
+ patches.suse/net-axienet-setup-mdio-unconditionally.patch.
+- commit afb1beb
+
+- usb: Prepare cleanup of powerpc's asm/prom.h (jsc#PED-531).
+- commit b5dac6b
+
+- net: mscc: ocelot: fix missing unlock on error in
+ ocelot_hwstamp_set() (git-fixes).
+- commit c38c182
+
+- blacklist.conf: update blacklist
+- commit 9d146c4
+
+- Update
+ patches.suse/watchqueue-make-sure-to-serialize-wqueue-defunct-pro.patch
+ (git-fixes, CVE-2022-1882, bsc#1199904).
+- add references to CVE-2022-1882, bsc#1199904
+- commit b499e0d
+
+- PCI: VMD: ACPI: Make ACPI companion lookup work for VMD bus
+ (jsc#PED-633).
+- Refresh
+ patches.suse/PCI-ACPI-Check-parent-pointer-in-acpi_pci_find_compa.patch.
+- Refresh
+ patches.suse/PCI-vmd-Assign-VMD-IRQ-domain-before-enumeration.patch.
+- x86: link vdso and boot with -z noexecstack
+ - -no-warn-rwx-segments (bsc#1203200).
+- Makefile: link with -z noexecstack --no-warn-rwx-segments
+ (bsc#1203200).
+- commit ee065ad
+
+- Update config files (change CONFIG_SUSE_PATCHLEVEL to 5).
+- commit f931313
+
+- intel_idle: Add a new flag to initialize the AMX state
+ (jsc#PED-681).
+- x86/fpu: Add a helper to prepare AMX state for low-power CPU
+ idle (jsc#PED-681).
+- platform/x86: intel/pmc: Add Alder Lake N support to PMC core
+ driver (jsc#PED-692).
+- platform/x86/intel: pmc: Support Intel Raptorlake P
+ (jsc#PED-667).
+- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers
+ (jsc#PED-743).
+- PCI: vmd: Add DID 8086:A77F for all Intel Raptor Lake SKU's
+ (jsc#PED-633).
+- PCI: vmd: Honor ACPI _OSC on PCIe features (jsc#PED-633).
+- PCI: vmd: Clean up domain before enumeration (jsc#PED-633).
+- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define
+ (jsc#PED-690).
+- x86/cpu: Add Raptor Lake to Intel family (jsc#PED-690).
+- commit 2f2c9c2
+
+- compat: make linux/compat.h available everywhere (jsc#PED-1492).
+- commit 82594a3
+
+- dev_ioctl: pass SIOCDEVPRIVATE data separately (jsc#PED-1492).
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+- commit 220a22b
+
+- net: socket: rework compat_ifreq_ioctl() (jsc#PED-1492).
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+- commit 9e52d0a
+
+- net: socket: simplify dev_ifconf handling (jsc#PED-1492).
+- Refresh
+ patches.suse/net-don-t-unconditionally-copy_from_user-a-struct-if.patch.
+- commit 7ce1665
+
+- tg3: Disable tg3 device on system reboot to avoid triggering
+ AER (jsc#PED-1492).
+- tg3: Remove redundant assignments (jsc#PED-1492).
+- ethernet: Remove redundant statement (jsc#PED-1492).
+- ethernet: tg3: remove direct netdev->dev_addr writes
+ (jsc#PED-1492).
+- net: tg3: fix redundant check of true expression (jsc#PED-1492).
+- net: tg3: fix obsolete check of !err (jsc#PED-1492).
+- tg3: Search VPD with pci_vpd_find_ro_info_keyword()
+ (jsc#PED-1492).
+- tg3: Validate VPD checksum with pci_vpd_check_csum()
+ (jsc#PED-1492).
+- tg3: Read VPD with pci_vpd_alloc() (jsc#PED-1492).
+- dev_ioctl: split out ndo_eth_ioctl (jsc#PED-1492).
+- cxgb3: use ndo_siocdevprivate (jsc#PED-1492).
+- qeth: use ndo_siocdevprivate (jsc#PED-1492).
+- hamachi: use ndo_siocdevprivate (jsc#PED-1492).
+- bonding: use siocdevprivate (jsc#PED-1492).
+- net: split out SIOCDEVPRIVATE handling from dev_ioctl
+ (jsc#PED-1492).
+- net: socket: remove register_gifconf (jsc#PED-1492).
+- net: socket: rework SIOC?IFMAP ioctls (jsc#PED-1492).
+- commit 9963a02
+
+- sched/core: Use try_cmpxchg in set_nr_{and_not,if}_polling
+ (bnc#1202494 (Scheduler functional and performance backports)).
+- sched/fair: Decay task PELT values during wakeup migration
+ (bnc#1202494 (Scheduler functional and performance backports)).
+- sched/fair: Provide u64 read for 32-bits arch helper
+ (bnc#1202494 (Scheduler functional and performance backports)).
+- sched/fair: Introduce SIS_UTIL to search idle CPU based on
+ sum of util_avg (jsc#PED-1213).
+- sched/numa: Fix boot crash on arm64 systems (jsc#PED-827).
+- sched/numa: Avoid migrating task to CPU-less node (jsc#PED-827).
+- sched/numa: Fix NUMA topology for systems with CPU-less nodes
+ (jsc#PED-827).
+- commit 2f3bfae
+
+- USB: HCD: Fix URB giveback issue in tasklet function
+ (git-fixes).
+- commit 12ef886
+
+- ethtool: extend ringparam setting/getting API with rx_buf_len
+ (jsc#PED-1497).
+- Refresh
+ patches.suse/Revert-ibmvnic-Add-ethtool-private-flag-for-driver-d.patch.
+- commit ee8f1a8
+
+- ethernet/emulex:fix repeated words in comments (jsc#PED-1497).
+- eth: benet: remove a copy of the NAPI_POLL_WEIGHT define
+ (jsc#PED-1497).
+- be2net: Use irq_update_affinity_hint() (jsc#PED-1497).
+- genirq: Provide new interfaces for affinity hints
+ (jsc#PED-1497).
+- be2net: Remove useless DMA-32 fallback configuration
+ (jsc#PED-1497).
+- ethtool: add support to set/get rx buf len via ethtool
+ (jsc#PED-1497).
+- ethernet: constify references to netdev->dev_addr in drivers
+ (jsc#PED-1497).
+- commit bb6401d
+
+- Update Yousaf's e-mail
+- commit bde91a1
+
+- rpm/config.sh: 15.4 -> 15.5
+- commit 11c86df
+
+- README.BRANCH: Update it with new co-maintainer and fix typo
+ Replace SLE15-SP4 for SLE15-SP5 and add Yousaf Kaukab as a
+ co-maintainer.
+- commit 2f7c5b6
+
+- Delete patches.kabi/* workarounds
+- commit 6b96c7b
+
+- Delete patches.suse/revert-btrfs-props-change-how-empty-value-is-interpr.patch.
+ Align btrfs property compression to upstream behaviour (JSC#PED-1711)
+- commit 2670de5
+
+- README.BRANCH: Switch SLE15-SP5 maintainer to Oscar Salvador
+- commit ad4c348
+
+- Drop SLE15-SP4 kABI workaround patches
+ patches.kabi/kABI-fix-removal-of-iscsi_destroy_conn.patch is still kept as
+ the build breaks otherwise
+- commit 492e2dd
+
+- Drop SLE15-SP4 kernel symbols
+- commit 0837ac5
+
+- supported.conf Add TDA4VM-SK modules (jsc#PED-1379)
+- commit 890c2be
+
+- config/arm64: Add support for TDA4VM-SK machine (jsc#PED-1379)
+- commit e6bb890
+
libarchive
+- Fix CVE-2021-23177, extracting a symlink with ACLs modifies ACLs of target
+ (CVE-2021-23177, bsc#1192425)
+ * CVE-2021-23177.patch
+
libassuan
+- update to 2.5.5:
+ * Fix a crash in the logging code
+ * Upgrade autoconf
+
+- update to 2.5.4:
+ * Fix some minor build annoyances
+
+- Update to 2.5.3:
+ * Add a timeout for writing to a SOCKS5 proxy.
+ * Add workaround for a problem with LD_LIBRARY_PATH on newer systems.
+
+- qemu-disable-fdpassing-test.patch: remove
+
+-Update to 2.5.2:
+ * configure.ac: Bump LT version to C8/A8/R2
+ * include libassuan.pc in the spec file
+
-- update to 2.1.2:
- * Added support for ppc64le.
-
-- update to 2.1.1
- * no changes on the GNU/Linux platform
-- includes changes from 2.1.0:
- * Support for the nPth library.
- * Add assuan_check_version and two version macros.
- * Interface changes relative to the 2.0.3 release:
- ASSUAN_SYSTEM_NPTH_IMPL NEW macro.
- ASSUAN_SYSTEM_NPTH NEW macro.
- __assuan_read NEW (private).
- __assuan_write NEW (private).
- __assuan_recvmsg NEW (private).
- __assuan_sendmsg NEW (private).
- __assuan_waitpid NEW (private).
- ASSUAN_VERSION NEW macro.
- ASSUAN_VERSION_NUMBER NEW macro.
- assuan_check_version NEW.
-- add tarball signature and keyring
-- run unit tests during build
-- libgpg-error requirement is >= 1.8
-
-- build with LFS support in 32bit archs to be consistent
- with the rest of the system, no good will come when LFS
- enabled callers talk to non-LFS libraries.
-
-- license update: GPL-3.0+ and LGPL-2.1+
- Look at COPYING, COPYING.LIB and README
-
-- update to Libassuan 2.0.3
- - Make assuan_get_pid work correctly for pipe server.
- - Interface changes relative to the 2.0.2 release:
- * ASSUAN_FORCE_CLOSE (NEW)
-
-- own aclocal directory
-
-- Remove Requires/BuildRequires on libpth, this package
- no longer uses this library.
-
-- update to libassuan-2.0.2
- - A new flag may now be used to convey comments via
- assuan_transact.
- - A new flag value may now be used to disable logging.
- - The gpgcedev.c driver now provides a log device.
- - It is now possible to overwrite socket and connect functions in
- struct assuan_system_hooks.
- - Interface changes relative to the 2.0.1 release:
- ASSUAN_CONVEY_COMMENTS NEW.
- ASSUAN_NO_LOGGING NEW.
- assuan_system_hooks_t CHANGED: Added socket and connect members.
- ASSUAN_SYSTEM_HOOKS_VERSION CHANGED: Bumped to 2.
- assuan_register_pre_cmd_notify NEW.
-- use spec-cleaner
-
-- Use %_smp_mflags
-
-- update to libassuan-2.0.1
- * Input and output notification handler can now really access the
- parsed fd as stated in the manual.
- * Cleaned up the logging.
- * Interface changes relative to the 2.0.0 release:
- assuan_free NEW
- _assuan_w32ce_create_pipe NEW
- ASSUAN_LOG_CONTROL NEW
-
-- fixed deps
- o libgpg-error-devel >= 1.4
-
-- fix deps for pth
- pth < 1120 >= libpth-devel
-- sort TAGS
-
-- add baselibs.conf (needed for libgpgme)
-
-- update to libassuan-2.0.0
- * Now using libtool and builds a DSO.
- * Lots of interface cleanups.
- * Pth support has changed. This now follows the same style as
- libgcrypt by setting system hook callbacks.
-- split package to libassuan0 and libassuan-devel
-
-- change BuildRequires: (pth-devel -> libpth-devel)
-
-- BuildRequires: pth-devel
-
libcaca
+- More overflow prevention of multiplying large ints
+ [bsc#1182731, CVE-2021-3410, libcaca-bsc1182731-prevent-overflow.patch]
+
libgcrypt
+- FIPS: Get most of the entropy from rndjent_poll [bsc#1202117]
+ * Add libgcrypt-FIPS-rndjent_poll.patch
+
+- FIPS: Check keylength in gcry_fips_indicator_kdf() [bsc#1190700]
+ * Consider approved keylength greater or equal to 112 bits.
+ * Add libgcrypt-FIPS-kdf-leylength.patch
+
+- FIPS: Zeroize buffer and digest in check_binary_integrity()
+ * Add libgcrypt-FIPS-Zeroize-hmac.patch [bsc#1191020]
+
+- FIPS: gpg/gpg2 gets out of core handler in FIPS mode while
+ typing Tab key to Auto-Completion. [bsc#1182983]
+ * Add libgcrypt-out-of-core-handler.patch
+
+- FIPS: Port libgcrypt to use jitterentropy [bsc#1202117, jsc#SLE-24941]
+ * Enable the jitter based entropy generator by default in random.conf
+ - Add libgcrypt-jitterentropy-3.3.0.patch
+ * Update the internal jitterentropy to version 3.4.0
+ - Add libgcrypt-jitterentropy-3.4.0.patch
+
libtirpc
+- fix CVE-2021-46828: libtirpc: DoS vulnerability with lots of
+ connections (bsc#1201680)
+ - add 0001-Fix-DoS-vulnerability-in-libtirpc.patch
+
+-exclude ipv6 addresses in client protocol 2 code (bsc#1200800)
+ - update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
+
+- fix memory leak in params.r_addr assignement (bsc#1198752)
+ - add 0001-fix-parms.r_addr-memory-leak.patch
+
+- check for nullpointer in check_address (bsc#1198176)
+ update 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
+
+- add option to enforce connection via protocol version 2 first
+ (bsc#1196647)
+ add 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch
+
+- Update to libtirpc 1.2.6
+ - Drop patches all patches backported from this release
+ (0001-Add-authdes_seccreate-stub.patch,
+ 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch)
+
+- Backport upstream fix daed7ee ("Avoid multiple-definiton with gcc -fno-common")
+ to fix build error with gcc flag -fno-common (bsc#1160875).
+ Tested on gcc-9 and gcc-10.
+ 0001-Avoid-multiple-definiton-with-gcc-fno-common.patch
+
+- Skip unneeded autogen.sh run (configure is up-to-date), drop
+ dependencies: libtool, autoconf
+- Replace krb5-mini-devel/krb5-devel with pkgconfig(krb5)
+
+- Update to libtirpc 1.2.5
+ - A number resource leaks and other issues were fix which were identified
+ by a Coverity Scan.
+ - The AUTH_DES authentication has been deprecated. If any of those routines
+ are called, they will fail immediately.
+ - numerous bug fixes
+- Package changes:
+ - Build without AUTH_DES authentication
+ - Add patch from next release 0001-Add-authdes_seccreate-stub.patch
+ (a86b4ff Add authdes_seccreate() stub)
+ - Drop rc patches (libtirpc-1-1-5-rc1.patch, libtirpc-1-1-5-rc2.patch)
+ - Drop patches all patches backported from this release
+ (0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch,
+ 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch,
+ 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch)
+
+- Fix previous version:
+ - actually delete
+ 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
+ - use 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
+ - use 0002-man-rpc_secure.3t-Fix-typo-in-manpage.patch (renamed from
+ 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch)
+ - use 0003-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
+ (renamed from
+ 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch)
+
+- Updated to libtirpc 1.1.5 rc2 (this includes changes in 1.1.4 release)
+ - add libtirpc-1-1-5-rc1.patch and libtirpc-1-1-5-rc2.patch to reflect
+ upstream changes after 1.1.4 release
+ - remove /etc/bindresvport.blacklist as it's still supported by glibc
+ although it's not compiled with --enable-obsolete-rpc
+- Drop patches accepted in previous releases or not needed
+ - 000-bindresvport_blacklist.patch (accepted in 5b037cc9, libtirpc 1.1.4)
+ - 001-new-rpcbindsock-path.patch (not needed, rpcbind now uses /var/run directory)
+ - 002-revert-binddynport.patch (fixed in 2802259, libtirpc-1-0-4-rc1)
+ - 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
+ (backport of 25d38d7, libtirpc-1-0-4-rc1)
+ - 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
+ (backport of 145272c, libtirpc-1-0-4-rc2)
+- Add fixes from upcomming release
+ - 0001-Makefile.am-Use-LIBADD-instead-of-LDFLAGS-to-link-ag.patch
+ - 0003-man-rpc_secure.3t-Fix-typo-in-manpage.patch
+ - 0004-xdr-add-a-defensive-mask-in-xdr_int64_t-and-xdr_u_in.patch
+
+- Fix SLES 15 - yp_bind_client_create_v3: RPC: Unknown host (bsc#1126096).
+ - Add upstream patch
+ 0001-xdrstdio_create-buffers-do-not-output-encoded-values.patch
+
+- fix socket leak introduced by change-rpc-protocol-version-order patch
+ (bsc#1087925)
+ - add 0001-Fix-regression-introduced-by-change-rpc-version-orde.patch
+
+- Revert binddynport changes as they break backward compatibility
+ [brc#1562169].
+ - add 002-revert-binddynport.patch
+
+- Remove ineffective --with-pic.
+
+- Update to libtirpc 1.0.3
+ - clnt_dg_call: Fix a buffer overflow (CVE-2016-4429)
+ - Avoid choosing reserved ports in legacy RPC APIs
+ - rpcinfo: change order of version to be tried to 4, 3, 2
+ - includes 003-rpc-types.patch
+ - includes 004-replace-bzero-with-memset.patch
+ - includes 005-missing-includes.patch
+ - includes 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch
+ - includes decls.patch
+- Drop COPYING.GPLv2, GPLv2 code was removed from library
+
+- Adjust include directory [bsc#1083902]
+
+- Use %license (boo#1082318)
+
+- Move /usr/include/tirpc to /usr/include
+
+- Add COPYING.GPLv2 and install Licenses for GPLv2 code.
+
+- 005-missing-includes.patch: add missing includes to make headers
+ compatible to sunrpc.
+
+- Update to version 1.0.2
+ - 002-old-automake.patch: not needed anymore
+ - 005-libtirpc-1.0.2-rc1.patch: dropped
+ - 006-Remove-old-meanwhile-wrong-comment-about-FD_SETSIZE-.patch:
+ removed, merged upstream
+ - 007-Change-rtime-function-to-use-poll-instead-of-select.patch:
+ removed, merged upstream
+ - 008-Add-parameters-to-local-prototypes-to-fix-compiler-w.patch:
+ removed, merged upstream
+ - 009-makefd_xprt-checks-that-the-filedesriptor-is-lower-t.patch:
+ removed, merged upstream
+ - 010-The-goto-again-statement-was-an-left-over-from-the-p.patch:
+ removed, merged upstream
+ - 012-libtirpc-needs-rpcsvc-nis.h-for-compiling-but-does-n.patch:
+ removed, merged upstream
+ - 013-If-we-don-t-compile-in-YP-support-don-t-include-YP-h.patch:
+ removed, merged upstream
+ - 014-Add-des_crypt.c-and-des_impl.c-to-become-independent.patch:
+ removed, merged upstream
+ - 015-Fix-includes-to-compile-without-deprecated-glibc-fun.patch:
+ removed, merged upstream
+ - patch6_7.diff: obsolete
+ - Replace explicit_bzero.patch with
+ 004-replace-bzero-with-memset.patch from git
+ - Rename libtirpc-new-path-rpcbindsock.patch to
+ 001-new-rpcbindsock-path.patch
+
+- 003-rpc-types.patch: Add some typedefs to rpc/types.h to allow
+ applications be compiled with -std=iso9899:1990
+
+- Rectify RPM groups and summaries,
+ and update old macro/variable constructs.
+
+- decls.patch: fix missing declarations
+- explicit_bzero.patch: use explicit_bzero if available
+
+- Add some patches to get libtirpc compiled without needing glibc
+ deprecated functions:
+ - 015-Fix-includes-to-compile-without-deprecated-glibc-fun.patch
+ - 014-Add-des_crypt.c-and-des_impl.c-to-become-independent.patch
+ - 013-If-we-don-t-compile-in-YP-support-don-t-include-YP-h.patch
+- Add 012-libtirpc-needs-rpcsvc-nis.h-for-compiling-but-does-n.patch
+ to allow bootstrapping of libtirpc without glibc sunrpc code or
+ libnsl NIS+ code.
+
+- Add 011-Fix-typo-in-src-libtirpc.map-which-prevents-that-key.patch
+ (fix export of key_secretkey_is_set)
+
+- Add the following patches to fix some bugs from the poll()
+ port and an endless loop:
+ - 006-Remove-old-meanwhile-wrong-comment-about-FD_SETSIZE-.patch
+ - 007-Change-rtime-function-to-use-poll-instead-of-select.patch
+ - 008-Add-parameters-to-local-prototypes-to-fix-compiler-w.patch
+ - 009-makefd_xprt-checks-that-the-filedesriptor-is-lower-t.patch
+ - 010-The-goto-again-statement-was-an-left-over-from-the-p.patch
+
+- Remove 004-netconfig-prefer-IPv6.patch for SLES12.
+- Remove libtirpc-getnetconfig-races.patch (was backport).
+ [FATE#320393]
+
+- Split the netconfig configuration file and manual page off into
+ an own RPM. Else it is not possible to install the old and new
+ libtirpc libraries in parallel.
+
+- Update to libtirpc-1.0.1
+ - new major soname
+ - Adjust auth code to match other RPC implementations
+ - Implement more gss auth stuff
+ - use poll() instead of select() in svc_run()
+ - Add more sunrpc compat functions
+ - Sync compat headers with real functions
+- Drop 005-missing-symvers.patch (upstream)
+- Drop 006-memleak1.patch (upstream)
+- Drop 007-memleak2.patch (upstream)
+- Drop 008-fix-undef-ref.patch (upstream)
+- Drop 009-authdes_pk_create.patch (upstream)
+- Drop 010-xdr_sizeof.patch (upstream)
+- Drop 011-authdes_create.patch (upstream)
+- Drop 012-xp_sock.patch (upstream)
+- Drop 099-poll.patch (upstream)
+- Drop libtirpc-xdr-header.patch (was backport)
+- Add 005-libtirpc-1.0.2-rc1.patch (fixes deadlock)
+
+- Fix public xdr.h header - xdr_rpcvers() were broken (bsc#902439)
+ Added: libtirpc-xdr-header.patch
+
+- Update 099-poll.patch with newest version send upstream.
+
+- Add 099-poll.patch: change svc_run from select() to poll().
+
+- Add 012-xp_sock.patch: add sunrpc compatibility define
+
+- Update 009-authdes_pk_create.patch (fix syncaddr handling)
+- Add 011-authdes_create.patch (fix syncaddr handling)
+
+- Add 010-xdr_sizeof.patch (enable xdr_sizeof)
+
+- Add 009-authdes_pk_create.patch (missing SunRPC compat function)
+
+- Add 008-fix-undef-ref.patch to fix a undefined reference bug
+
+- Update to version 0.3.2 (bring authdes back)
+- Remove 005-no_IPv6_for_old_code.patch (accepted upstream)
+- Remove 001-tirpc-features.patch (obsolete)
+- Add 005-missing-symvers.patch (fix missing, new symbols)
+- Add 006-memleak1.patch (fix memory leak)
+- Add 007-memleak2.patch (fix memory leak)
+
+- Remove krb5-devel from -devel requires, not needed anymore
+
+- Update to libtirpc 0.3.1, which incorporates the following
+ patches:
+ - 011-gssapi-update1.patch
+ - 012-gssapi-update2.patch
+ - 013-gssapi-update3.patch
+ - 014-gssapi-update4.patch
+ - 015-gssapi-update5.patch
+ - 016-gssapi-update6.patch
+ - 017-gssapi-update7.patch
+ - 018-gssapi-update8.patch
+ Not needed anymore:
+ - 007-fix-tirpc_map.patch
+ Adjusted:
+ - 001-tirpc-features.patch, merged with 006-rework-features.diff
+ - 002-old-automake.patch
+
+- 007-fix-tirpc_map.patch: fix symbol version for new global names
+
+- 006-rework-features.diff: Adjust for set of gssapi patches
+- 003-fix-gssapi.patch replaced by 011-gssapi-update1.patch
+- 012-gssapi-update2.patch: fix krb5-config usage
+- 013-gssapi-update3.patch: check for gssapi.h
+- 014-gssapi-update4.patch: don't include rpcsec_gss.h
+- 015-gssapi-update5.patch: don't install GSSAPI files if disabled
+- 016-gssapi-update6.patch: fix rpc_gss_seccreate
+- 017-gssapi-update7.patch: officialy export two internal functions
+- 018-gssapi-update8.patch: don't use glibc special header files
+
+- 003-fix-gssapi.patch: Correct fix for GSS ABI breakage
+- 005-no_IPv6_for_old_code.patch: Update comment
+- 006-rework-features.diff: Rework tirpc-features.h
+
+- 003-fix-gssapi.patch: Update, one chunk did go lost
+
+- 001-tirpc-features.patch: update with official git version
+- 002-old-automake.patch: re-add for SLES11
+- 003-fix-gssapi.patch: try to fix the disable-gssapi option correct
+
+- Fix HAVE_AUTHDES/HAVE_GSSAPI in public header files
+ (001-tirpc-features.patch)
+
+- Update to official release 0.3.0. authdes was disabled by default
+ upstream.
+- Following patches were merged:
+ - 001-symbol-versions-v5.patch
+ - 003-add-des_crypt.diff
+- Remove 002-old-automake.patch, not needed anymore
+
+- Update 001-symbol-versions-v4.patch with
+ 001-symbol-versions-v5.patch: Add --disable-symvers option
+
+- Update 003-add-des_crypt.diff, fix unresolved des functions
+
+- Update to git
+- Add 003-add-des_crypt.diff to fix unresolved *_crypt() functions
+
+- Disable gssapi for SLE11, kerberos version is too old
+
+- rpc/rpc.h requires now indirectly gssapi.h from krb5-devel
+
+- Update to current git.
+- The following patches were accepted upstream:
+ - 003-xdr_h-fix.patch
+ - 005-disable-rpcent.patch
+ - 006-no-libnsl.patch
+ - patch1_7.diff
+ - patch2_7.diff
+ - patch3_7.diff
+- patch7_7.diff: removed, rejected upstream
+- 001-symbol-versions-v3.patch: replace with 001-symbol-versions-v4.patch
+
+- Add the following patches from the libtirpc-devel mailing list:
+ - patch1_7.diff (remove wrong config.h.in)
+ - patch2_7.diff (fix function name of yp_check)
+ - patch3_7.diff (make sure config.h is included)
+ - patch6_7.diff (use getaddrinfo in getrpcport)
+ - patch7_7.diff (remove prototypes from headers we don't supply)
+
+- Add following patches:
+ - 003-xdr_h-fix.patch (fix wrong defines using xdr_u_int32)
+ - 005-disable-rpcent.patch (use rpcent functions from glibc)
+ - 006-no-libnsl.patch (don't link against libnsl)
+
+- Update to 0.2.5.git from 20150423
+ - following patches are accepted upstream:
+ - 003-rpc_broadcast_misformed_replies.patch
+ - libtirpc-misc-segfaults.patch
+ - replace 001-symbol-versions-v2.patch with
+ 001-symbol-versions-v3.patch
+ - enable symbol versioning patch
+
+- Fix race conditions in getnetconfig (bsc#899576, bsc#882973)
+ Added: libtirpc-getnetconfig-races.patch
+
+- 004-netconfig-prefer-IPv6.patch: Prever IPv6 over IPv4 (configured
+ in /etc/netconfig)
+
+- 002-old-automake.patch: make buildable on old systems
+
+- Update to 0.2.5.git from 20141217
+ - following patches are accepted upstream:
+ - 002-clnt_broadcast_fix.patch
+ - 004-getpmaphandle.patch
+ - libtirpc-clntunix_create.patch
+ - libtirpc-getbroadifs-crash.patch
+ - libtirpc-taddr2uaddr-local.patch
+
+- Update to upstream 0.2.5 release
+- Add symbol versioning to fix symbol conflicts
+ (001-symbol-versions-v2.patch), but disable until commited upstream
+- Adjust libtirpc-clnt_broadcast_fix.patch and rename to
+ 002-clnt_broadcast_fix.patch
+- Adjust libtirpc-rpc_broadcast_misformed_replies.patch and rename
+ to 003-rpc_broadcast_misformed_replies.patch
+- Rename libtirpc-getpmaphandle.patch to 004-getpmaphandle.patch
+- Adjust libtirpc-bindresvport_blacklist.patch and rename to
+ 000-bindresvport_blacklist.patch
+- Drop libtirpc-pmap-setunset.patch, not needed anymore
+- Apply libtirpc-new-path-rpcbindsock.patch only on openSUSE 13.1
+ and later
+
libvirt
+- spec: Only drop redefinition of libexecdir on Factory and newer
+ bsc#1203775
+
+- Migration to /usr/etc: Saving user changed configuration files
+ in /etc and restoring them while an RPM update.
+
lvm2
+- lvmlockd is not supporting sanlock (bsc#1203482)
+ - set 1 for _supportsanlock in lvm2.spec for enabling sanlock.
+
+- Upgrade lvm2 from LVM2.2.03.05 to LVM2.2.03.16 (bsc#1201616)
+ - device-mapper version upgrade to 1.02.185 (bsc#1199074)
+- Drop patches that have been merged into upstream
+ - bug-1122666_devices-drop-open-error-message.patch
+ - bug-1150021_01-scanning-open-devs-rw-when-rescanning-for-write.patch
+ - bug-1149408_Fix-rounding-writes-up-to-sector-size.patch
+ - bug-1149408_vgcreate-vgextend-restrict-PVs-with-mixed-block-size.patch
+ - bug-1152378-md-component-detection-for-differing-PV-and-device-s.patch
+ - bug-1152378-pvscan-fix-PV-online-when-device-has-a-different-siz.patch
+ - jcs-SLE5498_pvscan-allow-use-of-noudevsync-option.patch
+ - bug-1154655_udev-remove-unsupported-OPTIONS-event_timeout-rule.patch
+ - bug-1158628_01-tests-replaces-grep-q-usage.patch
+ - bug-1158628_02-tests-fix-ra-checking.patch
+ - bug-1158628_03-tests-simplify-some-var-settings.patch
+ - bug-1158628_04-pvmove-correcting-read_ahead-setting.patch
+ - bug-1158628_05-activation-add-synchronization-point.patch
+ - bug-1158628_06-pvmove-add-missing-synchronization.patch
+ - bug-1158628_07-activation-extend-handling-of-pending_delete.patch
+ - bug-1158628_08-lv_manip-add-synchronizations.patch
+ - bug-1158628_09-lvconvert-improve-validation-thin-and-cache-pool-con.patch
+ - bug-1158628_10-thin-activate-layer-pool-aas-read-only-LV.patch
+ - bug-1158628_11-tests-mdadm-stop-in-test-cleanup.patch
+ - bug-1158628_12-test-increase-size-of-raid10-LV-allowing-tests-to-su.patch
+ - bug-1158628_13-lvconvert-fix-return-value-when-zeroing-fails.patch
+ - bug-1158628_14-tests-add-extra-settle.patch
+ - bug-1158628_15-test-Fix-handling-leftovers-from-previous-tests.patch
+ - bug-1158861_01-config-remove-filter-typo.patch
+ - bug-1158861_02-config-Fix-default-option-which-makes-no-sense.patch
+ - bug-1158861_03-vgchange-don-t-fail-monitor-command-if-vg-is-exporte.patch
+ - bug-1158861_04-fix-duplicate-pv-size-check.patch
+ - bug-1158861_05-hints-fix-copy-of-filter.patch
+ - bug-1158861_06-fix-segfault-for-invalid-characters-in-vg-name.patch
+ - bug-1158861_07-vgck-let-updatemetadata-repair-mismatched-metadata.patch
+ - bug-1158861_08-hints-fix-mem-leaking-buffers.patch
+ - bug-1158861_09-pvcreate-pvremove-fix-reacquiring-global-lock-after.patch
+ - bug-1150021_02-bcache-add-bcache_abort.patch
+ - bug-1150021_03-label-Use-bcache_abort_fd-to-ensure-blocks-are-no-lo.patch
+ - bug-1150021_04-bcache-add-unit-test.patch
+ - bug-1150021_05-bcache-bcache_invalidate_fd-only-remove-prefixes-on.patch
+ - bug-1150021_06-fix-dev_unset_last_byte-after-write-error.patch
+ - bug-1157736-add-suggestion-message-for-mirror-LVs.patch
+ - bug-1171907-lvremove-remove-attached-cachevol-with-removed-LV.patch
+ - bug-1172566_cachevol-use-cachepool-code-for-metadata-size.patch
+ - bug-1175110_dmeventd-avoid-bail-out-preventing-repair-in-raid-pl.patch
+ - bug-1177734_raid-no-wiping-when-zeroing-raid-metadata-device.patch
+ - bug-1181319_01-Revert-lvmlockd-use-commonly-used-define-NOTIFYDBUS_.patch
+ - bug-1181319_02-lvmlockctl-ensure-result-value-is-always-defined.patch
+ - bug-1181319_03-lvmlockctl-use-inline-initilizers.patch
+ - bug-1181319_04-lvmlockd-replace-lock-adopt-info-source.patch
+ - bug-1181319_05-cov-check-sscanf-result.patch
+ - bug-1178680_add-metadata-based-autoactivation-property-for-VG-an.patch
+ - bug-1185190_01-pvscan-support-disabled-event_activation.patch
+ - bug-1185190_02-config-improve-description-for-event_activation.patch
+ - bug-1191019_vgextend-check-missing-device-during-block-size-chec.patch
+ - bug-1183905_lvconvert-allow-stripes-stripesize-in-mirror-convers.patch
+ - bug-1195231-udev-create-symlinks-and-watch-even-in-suspended-sta.patch
+ - bug-1202011_vgchange-monitor-don-t-use-udev-info.patch
+ - bug-1193181_vgimportclone_on_hardware_snapshot_does_not_work.patch
+ - bug-1179691_config-set-external_device_info_source-none.patch
+- Update patch
+ - fate-309425_display-dm-name-for-lv-name.patch
+ - bug-1184687_Add-nolvm-for-kernel-cmdline.patch
+- replace exist patch with fixed bug patches
+ - (remove) fate-31841_fsadm-add-support-for-btrfs.patch
+ - (add) fate-31841-01_fsadm-add-support-to-resize-check-btrfs-filesystem.patch
+ - (add) fate-31841-02_man-add-support-for-btrfs.patch
+ - (add) fate-31841-03_tests-new-test-suite-of-fsadm-for-btrfs.patch
+- Add upstream patch
+ - 0001-devices-file-move-clean-up-after-command-is-run.patch
+ - 0002-devices-file-fail-if-devicesfile-filename-doesn-t-ex.patch
+ - 0003-filter-mpath-handle-other-wwid-types-in-blacklist.patch
+ - 0004-filter-mpath-get-wwids-from-sysfs-vpd_pg83.patch
+ - 0005-pvdisplay-restore-reportformat-option.patch
+ - 0006-exit-with-error-when-devicesfile-name-doesn-t-exist.patch
+ - 0007-report-fix-pe_start-column-type-from-NUM-to-SIZ.patch
+ - 0008-_vg_read_raw_area-fix-segfault-caused-by-using-null-.patch
+ - 0009-mm-remove-libaio-from-being-skipped.patch
+ - 0010-dmsetup-check-also-for-ouf-of-range-value.patch
+ - 0011-devices-drop-double-from-sysfs-path.patch
+ - 0012-devices-file-fix-pvcreate-uuid-matching-pvid-entry-w.patch
+ - 0013-vgimportdevices-change-result-when-devices-are-not-a.patch
+ - 0014-vgimportdevices-fix-locking-when-creating-devices-fi.patch
+- update lvm2.spec
+ - indent some lines for easy read
+ - add new binraries: lvmdevices lvm_import_vdo vgimportdevices dmfilemapd
+ - remove config item '--enable-cmirrord', which was obsoleted.
+ - remove config item '--enable-realtime', which became default setting.
+ - add config item "--with-cluster=internal" for cluster test
+ - add config item "--enable-dmfilemapd" for new daemon dmfilemapd
+ - add new man: lvmautoactivation.7 lvmdevices.8 lvm_import_vdo.8 dmfilemapd.8
+ - remove lvm2-activation-generator & lvm2-activation-generator.8
+ - remove lvm2-pvscan@.service
+ - replace 69-dm-lvm-metad.rules with 69-dm-lvm.rules
+ - change %post behaviour, only do deleting job for non-link folder (bsc#1198523)
+- lvm.conf
+ - follow upstream style, comment out default value (bsc#1179739)
+
mdadm
+- imsm: support for third Sata controller (bsc#1201297)
+ 0122-imsm-support-for-third-Sata-controller.patch
+- mdadm: enable Intel Alderlake RSTe configuration (bsc#1201297)
+ 1005-mdadm-enable-Intel-Alderlake-RSTe-configuration.patch
+
perl-Bootloader
+- merge gh#openSUSE/perl-bootloader#139
+- fix sysconfig parsing (bsc#1198828)
+- 0.939
+
+- merge gh#openSUSE/perl-bootloader#138
+- grub2/install: reset error code when passing through recover code
+ (bsc#1198197)
+- 0.938
+
permissions
+ * chkstat: also consider group controlled paths (bsc#1203018, CVE-2022-31252)
+
+- Update to version 20201225:
python-apipkg
+- Update to v2.1.0
+ * fix race condition for import of modules using apipkg.initpkg
+ in Python 3.3+ by updating existing modules in-place rather
+ than replacing in sys.modules with an apipkg.ApiModule
+ instances. This race condition exists for import statements
+ (and __import__) in Python 3.3+ where sys.modules is checked
+ before obtaining an import lock, and for
+ importlib.import_module in Python 3.11+ for the same reason.
+- Release 2.0.1
+ * fix race conditions for attribute creation
+- Release 2.0.0
+ * also transfer __spec__ attribute
+ * make py.test hack more specific to avoid hiding real errors
+ * switch from Travis CI to GitHub Actions
+ * modernize package build
+ * reformat code with black
+- Drop pytest4.patch
+
+- The now broken apicycle requires apipkg to be importable from
+ elsewhere -- use src dir.
+
+- Split package into multibuild, to avoid apipkg -> pytest -> py ->
+ apipkg cycle.
+
+- refresh pytest4.patch for pytest5
+
+- Add patch to fix build with pytest newer than 4:
+ * pytest4.patch
+
+- update to 1.5
+- fixed dependencies
+ * switch to setuptools_scm
+ * avoid dict iteration (fixes issue on python3)
+ * preserve __package__ - ths gets us better pep 302 compliance
+
python3
+- Add patch CVE-2021-28861-double-slash-path.patch:
+ * http.server: Fix an open redirection vulnerability in the HTTP server
+ when an URI path starts with //. (bsc#1202624, CVE-2021-28861)
+
qemu
-- Improve the output of update_git.sh, by including the list of
- repos to which we have downstream patches.
-- Fix bsc#1197084 and bsc#1199924
+- Runs of the test-suite seem much more stable now, in this version
+ of QEMU. (bsc#1203610) We are also fine re-enabling running them
+ in parallel.
+
+- Switch QEMU Linux user to emulate the same CPU as the one of the
+ host by default. This is a bit conrtoversial and tricky, when
+ thinking about system emulation/virtualization. But for linux-user,
+ it should be just fine. (bsc#1203684)
+ * Patches added:
+ linux-user-use-max-as-default-CPU-model-.patch
+
+- Be less verbose when packaging documentation. In fact, with just
+ a couple of (minor) re-arrangements, we can get rid of having to
+ list all the files all the time
+- Package /etc/qemu/bridge.conf as '%config(noreplace). Next step
+ will probably be to move it to /usr/etc/qemu (bsc#1201944)
+
+- Switch to %autosetup for all products (this required some changes
+ in update_git.sh)
+- Run check-qtest sequentially, as it's more reliable, when in OBS
+- Build with libbpf, fdt and capstone support
+- Drop the patch adding our support document, and deal with that
+ in the spec file directly
+ * Patches dropped:
+ doc-add-our-support-doc-to-the-main-proj.patch
+
+- Updated to latest upstream version 7.1
+ * https://wiki.qemu.org/ChangeLog/7.1
+ Be sure to also check the following pages:
+ * https://qemu-project.gitlab.io/qemu/about/removed-features.html
+ * https://qemu-project.gitlab.io/qemu/about/deprecated.html
+ Some notable changes:
+ * [x86] Support for architectural LBRs on KVM virtual machines
+ * [x86] The libopcode-based disassembler has been removed. Use
+ Capstone instead
+ * [LoongArch] Add initial support for the LoongArch64 architecture.
+ * [ARM] The emulated SMMUv3 now advertises support for SMMUv3.2-BBML2
+ * [ARM] The xlnx-zynqmp SoC model now implements the 4 TTC timers
+ * [ARM] The versal machine now models the Cortex-R5s in the Real-Time
+ Processing Unit (RPU) subsystem
+ * [ARM] The virt board now supports emulation of the GICv4.0
+ * [ARM] New emulated CPU types: Cortex-A76, Neoverse-N1
+ * [HPPA] Fix serial port pass-through from host to guest
+ * [HPPA] Lots of general code improvements and tidy-ups
+ * [RISC-V] RISC-V
+ * [RISC-V] Add support for privileged spec version 1.12.0
+ * [RISC-V] Use privileged spec version 1.12.0 for virt machine by default
+ * [RISC-V] Allow software access to MIP SEIP
+ * [RISC-V] Add initial support for the Sdtrig extension
+ * [RISC-V] Optimisations and improvements for the vector extension
+ * [VFIO] Experimental support for exposing emulated PCI devices over the
+ new vfio-user protocol (a vfio-user client is not yet available
+ in QEMU, though)
+ * [QMP] The on-cbw-error option for copy-before-write filter, to specify
+ behavior on CBW (copy before write) operation failure.
+ * [QMP] The cbw-timeout option for copy-before-write filter, to specify
+ timeout for CBW operation.
+ * [QMP] New commands query-stats and query-stats-schema to retrieve
+ statistics from various QEMU subsystems (right now only from
+ KVM).
+ * [QMP] The PanicAction can now be configured to report an exit-failure
+ (useful for automated testing)
+ * [Networking] QEMU can be compiled with the system slirp library even
+ when using CFI. This requires libslirp 4.7.
+ * [Migration] Support for zero-copy-send on Linux, which reduces CPU
+ usage on the source host. Note that locked memory is needed
+ to support this
+ Revert-tests-qtest-enable-more-vhost-use.patch
+ meson-remove-pkgversion-from-CONFIG_STAM.patch
+ * Patches dropped:
+ AIO-Reduce-number-of-threads-for-32bit-h.patch
+ Makefile-Don-t-check-pc-bios-as-pre-requ.patch
+ Revert-8dcb404bff6d9147765d7dd3e9c849337.patch
+ Revert-qht-constify-qht_statistics_init.patch
+ XXX-dont-dump-core-on-sigabort.patch
+ acpi_piix4-Fix-migration-from-SLE11-SP2.patch
+ configure-only-populate-roms-if-softmmu.patch
+ configure-remove-pkgversion-from-CONFIG_.patch
+ coroutine-ucontext-use-QEMU_DEFINE_STATI.patch
+ coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+ coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch
+ hw-usb-hcd-ehci-fix-writeback-order.patch
+ i8254-Fix-migration-from-SLE11-SP2.patch
+ intc-exynos4210_gic-replace-snprintf-wit.patch
+ modules-generates-per-target-modinfo.patch
+ modules-introduces-module_kconfig-direct.patch
+ pc-bios-s390-ccw-net-avoid-warning-about.patch
+ qemu-cvs-gettimeofday.patch
+ qemu-cvs-ioctl_debug.patch
+ qemu-cvs-ioctl_nodirection.patch
+ qht-Revert-some-constification-in-qht.c.patch
+ qom-handle-case-of-chardev-spice-module-.patch
+ scsi-lsi53c895a-fix-use-after-free-in-ls.patch
+ scsi-lsi53c895a-really-fix-use-after-fre.patch
+ softmmu-Always-initialize-xlat-in-addres.patch
+ sphinx-change-default-language-to-en.patch
+ test-add-mapping-from-arch-of-i686-to-qe.patch
+ tests-Fix-block-tests-to-be-compatible-w.patch
+ tests-qtest-Move-the-fuzz-tests-to-x86-o.patch
+ usb-Help-compiler-out-to-avoid-a-warning.patch
+
+- pcre-devel-static is only needed when building against
+ glib2 < 2.73. After that, glib2 was migrated to pcre2.
+
+- Substantial rework of the spec file:
+ * the 'make check' testsuite now runs in the %check section of
+ the main package, not in a subpackage
+ * switched from %setup to %autosetup
+ * rearranged the content in order to minimize the use of %if,
+ %ifarch, etc
+
+- Properly fix bsc#1198038, CVE-2022-0216
+ * Patches added:
+ scsi-lsi53c895a-really-fix-use-after-fre.patch
+ tests-qtest-Move-the-fuzz-tests-to-x86-o.patch
+
+- Make temp dir (for update_git.sh) configurable
+- Added new subpackages (audio-dbus, ui-dbus)
+- bsc#1199018 was never fixed in Factory's QEMU 6.2. It is
+ now (since the patches are already in SeaBIOS 1.16.0)
+- Some tests are having issues when run in OBS. They seem to be
+ due to race conditions, triggered by resource constraints of
+ OBS workers. Let's disable them for now, while looking for a fix
+- Update to v7.0.0 (bsc#1201307). For full release notes, see:
+ * https://wiki.qemu.org/ChangeLog/7.0
+ Be sure to also check the following pages:
+ * https://qemu-project.gitlab.io/qemu/about/removed-features.html
+ * https://qemu-project.gitlab.io/qemu/about/deprecated.html
+ Some notable changes:
+ * [ARM] The virt board has gained a new control knob to disable passing a RNG seed in the DTB (dtb-kaslr-seed)
+ * [ARM] The AST2600 SoC now supports a dummy version of the i3c device
+ * [ARM] The virt board can now run guests with KVM on hosts with restricted IPA ranges
+ * [ARM] The virt board now supports virtio-mem-pci
+ * [ARM] The virt board now supports specifying the guest CPU topology
+ * [ARM] On the virt board, we now enable PAuth when using KVM or hvf and the host CPU supports it
+ * [RISC-V] Add support for ratified 1.0 Vector extension
+ * [RISC-V] Support for the Zve64f and Zve32f extensions
+ * [RISC-V] Drop support for draft 0.7.1 Vector extension
+ * [RISC-V] Support Zfhmin and Zfh extensions
+ * [RISC-V] RISC-V KVM support
+ * [RISC-V] Mark Hypervisor extension as non experimental
+ * [RISC-V] Enable Hypervisor extension by default
+ * [x86] Support for Intel AMX.
+ * [PCI/PCIe] Q35: fix PCIe device becoming disabled after migration when ACPI based PCI hotplug is used (6b0969f1ec)
+ * [PCI/PCIe] initial bits of SR/IOV support (250346169)
+ * [PCI/PCIe] arm/virt: fixed PXB interrupt routing (e609301b45)
+ * [PCI/PCIe] arm/virt: support for virtio-mem-pci (b1b87327a9)
+ * [virtiofs] Fix for CVE-2022-0358 - behaviour with supplementary groups and SGID directories
+ * [virtiofs] Improved security label support
+ * [virtiofs] The virtiofsd in qemu is now starting to be deprecated; please start using and contributing to Rust virtiofsd
+ * Patches dropped:
+ acpi-validate-hotplug-selector-on-access.patch
+ block-backend-Retain-permissions-after-m.patch
+ block-qdict-Fix-Werror-maybe-uninitializ.patch
+ brotli-fix-actual-variable-array-paramet.patch
+ display-qxl-render-fix-race-condition-in.patch
+ doc-Add-the-SGX-numa-description.patch
+ hw-i386-amd_iommu-Fix-maybe-uninitialize.patch
+ hw-intc-exynos4210_gic-provide-more-room.patch
+ hw-nvme-fix-CVE-2021-3929.patch
+ hw-nvram-at24-return-0xff-if-1-byte-addr.patch
+ iotest-065-explicit-compression-type.patch
+ iotest-214-explicit-compression-type.patch
+ iotest-302-use-img_info_log-helper.patch
+ iotest-303-explicit-compression-type.patch
+ iotest-39-use-_qcow2_dump_header.patch
+ iotests-60-more-accurate-set-dirty-bit-i.patch
+ iotests-bash-tests-filter-compression-ty.patch
+ iotests-common.rc-introduce-_qcow2_dump_.patch
+ iotests-declare-lack-of-support-for-comp.patch
+ iotests-drop-qemu_img_verbose-helper.patch
+ iotests-massive-use-_qcow2_dump_header.patch
+ iotests-MRCE-Write-data-to-source.patch
+ iotests.py-filter-out-successful-output-.patch
+ iotests.py-img_info_log-rename-imgopts-a.patch
+ iotests.py-implement-unsupported_imgopts.patch
+ iotests.py-qemu_img-create-support-IMGOP.patch
+ iotests.py-rewrite-default-luks-support-.patch
+ iotests-specify-some-unsupported_imgopts.patch
+ meson-build-all-modules-by-default.patch
+ numa-Enable-numa-for-SGX-EPC-sections.patch
+ numa-Support-SGX-numa-in-the-monitor-and.patch
+ python-aqmp-add-__del__-method-to-legacy.patch
+ python-aqmp-add-_session_guard.patch
+ python-aqmp-add-SocketAddrT-to-package-r.patch
+ python-aqmp-add-socket-bind-step-to-lega.patch
+ python-aqmp-add-start_server-and-accept-.patch
+ python-aqmp-copy-type-definitions-from-q.patch
+ python-aqmp-drop-_bind_hack.patch
+ python-aqmp-fix-docstring-typo.patch
+ python-aqmp-Fix-negotiation-with-pre-oob.patch
+ python-aqmp-fix-race-condition-in-legacy.patch
+ Python-aqmp-fix-type-definitions-for-myp.patch
+ python-aqmp-handle-asyncio.TimeoutError-.patch
+ python-aqmp-refactor-_do_accept-into-two.patch
+ python-aqmp-remove-_new_session-and-_est.patch
+ python-aqmp-rename-accept-to-start_serve.patch
+ python-aqmp-rename-AQMPError-to-QMPError.patch
+ python-aqmp-split-_client_connected_cb-o.patch
+ python-aqmp-squelch-pylint-warning-for-t.patch
+ python-aqmp-stop-the-server-during-disco.patch
+ python-introduce-qmp-shell-wrap-convenie.patch
+ python-machine-raise-VMLaunchFailure-exc.patch
+ python-move-qmp-shell-under-the-AQMP-pac.patch
+ python-move-qmp-utilities-to-python-qemu.patch
+ python-qmp-switch-qmp-shell-to-AQMP.patch
+ python-support-recording-QMP-session-to-.patch
+ python-upgrade-mypy-to-0.780.patch
+ qcow2-simple-case-support-for-downgradin.patch
+ qemu-binfmt-conf.sh-should-use-F-as-shor.patch
+ tests-qemu-iotests-040-Skip-TestCommitWi.patch
+ tests-qemu-iotests-Fix-051-for-binaries-.patch
+ tests-qemu-iotests-testrunner-Quote-case.patch
+ tools-virtiofsd-Add-rseq-syscall-to-the-.patch
+ ui-cursor-fix-integer-overflow-in-cursor.patch
+ vhost-vsock-detach-the-virqueue-element-.patch
+ virtiofsd-Drop-membership-of-all-supplem.patch
+ virtio-net-fix-map-leaking-on-error-duri.patch
+ Disable-some-tests-that-have-problems-in.patch
+ * Patches added:
+ intc-exynos4210_gic-replace-snprintf-wit.patch
+ Revert-8dcb404bff6d9147765d7dd3e9c849337.patch
+
+- Fix bsc#1197084
+ * Patches added:
+ hostmem-default-the-amount-of-prealloc-t.patch
-- Fix bsc#1198712, CVE-2022-26354
-- Fix bsc#1198711, CVE-2022-26353
+- backport patches for having coroutine work well when LTO is used
- vhost-vsock-detach-the-virqueue-element-.patch
- virtio-net-fix-map-leaking-on-error-duri.patch
+ coroutine-ucontext-use-QEMU_DEFINE_STATI.patch
+ coroutine-use-QEMU_DEFINE_STATIC_CO_TLS.patch
+ coroutine-win32-use-QEMU_DEFINE_STATIC_C.patch
-- Fix bsc#1198037, CVE-2021-4207
-- Fix bsc#1198035, CVE-2021-4206
+- seabios: drop patch that changes python in python2.
+ Just go to python3 directly.
+ * Patches dropped:
+ seabios-use-python2-explicitly-as-needed.patch
+
+- Fix the following bugs:
+ - bsc#1198037, CVE-2021-4207
+ - bsc#1198038, CVE-2022-0216
+ - bsc#1201367, CVE-2022-35414
+ - bsc#1198035, CVE-2021-4206
+ - bsc#1198712, CVE-2022-26354
+ - bsc#1198711, CVE-2022-26353
+ scsi-lsi53c895a-fix-use-after-free-in-ls.patch
+ softmmu-Always-initialize-xlat-in-addres.patch
+ vhost-vsock-detach-the-virqueue-element-.patch
+ virtio-net-fix-map-leaking-on-error-duri.patch
+
+- Fix usb ehci boot failure (bsc#1192115)
+ * Patches added:
+ hw-usb-hcd-ehci-fix-writeback-order.patch
+
+- Fix bugs boo#1200557 and boo#1199924
+- Now that boo#1199924 is fixed, re-enable FORTIFY_SOURCE=3
+ * Patches added:
+ pci-fix-overflow-in-snprintf-string-form.patch
+ sphinx-change-default-language-to-en.patch
+
+- It has been observed that building QEMU with _FORTIFY_SOURCE=3
+ causes problem (see bsc#1199924). Force it to =2 for now, while
+ we investigate the issue.
-- Backport SeaBIOS patches for fixing bsc#1199018
- * Patches added:
- pci-let-firmware-reserve-IO-for-pcie-pci.patch
- pci-reserve-resources-for-pcie-pci-bridg.patch
+- Filter out rpmlint error that is valid for qemu, but will
+ have its badness increased in the future.
+- Backport aqmp patches from upstream which can fix iotest issues
+ * Patches added:
+ python-aqmp-add-__del__-method-to-legacy.patch
+ python-aqmp-add-_session_guard.patch
+ python-aqmp-add-SocketAddrT-to-package-r.patch
+ python-aqmp-add-socket-bind-step-to-lega.patch
+ python-aqmp-add-start_server-and-accept-.patch
+ python-aqmp-copy-type-definitions-from-q.patch
+ python-aqmp-drop-_bind_hack.patch
+ python-aqmp-fix-docstring-typo.patch
+ python-aqmp-Fix-negotiation-with-pre-oob.patch
+ python-aqmp-fix-race-condition-in-legacy.patch
+ Python-aqmp-fix-type-definitions-for-myp.patch
+ python-aqmp-handle-asyncio.TimeoutError-.patch
+ python-aqmp-refactor-_do_accept-into-two.patch
+ python-aqmp-remove-_new_session-and-_est.patch
+ python-aqmp-rename-accept-to-start_serve.patch
+ python-aqmp-rename-AQMPError-to-QMPError.patch
+ python-aqmp-split-_client_connected_cb-o.patch
+ python-aqmp-squelch-pylint-warning-for-t.patch
+ python-aqmp-stop-the-server-during-disco.patch
+ python-introduce-qmp-shell-wrap-convenie.patch
+ python-machine-raise-VMLaunchFailure-exc.patch
+ python-move-qmp-shell-under-the-AQMP-pac.patch
+ python-move-qmp-utilities-to-python-qemu.patch
+ python-qmp-switch-qmp-shell-to-AQMP.patch
+ python-support-recording-QMP-session-to-.patch
+ python-upgrade-mypy-to-0.780.patch
+
+- Drop the patches which are workaround to fix iotest issues
+ * Patches dropped:
+ Revert-python-iotests-replace-qmp-with-a.patch
+ Revert-python-machine-add-instance-disam.patch
+ Revert-python-machine-add-sock_dir-prope.patch
+ Revert-python-machine-handle-fast-QEMU-t.patch
+ Revert-python-machine-move-more-variable.patch
+ Revert-python-machine-remove-_remove_mon.patch
+
sqlite3
+- update to 3.39.3:
+ * Use a statement journal on DML statement affecting two or more
+ database rows if the statement makes use of a SQL functions
+ that might abort.
+ * Use a mutex to protect the PRAGMA temp_store_directory and
+ PRAGMA data_store_directory statements, even though they are
+ decremented and documented as not being threadsafe.
+
+- update to 3.39.2:
+ * Fix a performance regression in the query planner associated
+ with rearranging the order of FROM clause terms in the
+ presences of a LEFT JOIN.
+ * Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and
+ 1345947, forum post 3607259d3c, and other minor problems
+ discovered by internal testing. [boo#1201783]
+
+- update to 3.39.1:
+ * Fix an incorrect result from a query that uses a view that
+ contains a compound SELECT in which only one arm contains a
+ RIGHT JOIN and where the view is not the first FROM clause term
+ of the query that contains the view
+ * Fix a long-standing problem with ALTER TABLE RENAME that can
+ only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set
+ to a very small value.
+ * Fix a long-standing problem in FTS3 that can only arise when
+ compiled with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
+ option.
+ * Fix the initial-prefix optimization for the REGEXP extension so
+ that it works correctly even if the prefix contains characters
+ that require a 3-byte UTF8 encoding.
+ * Enhance the sqlite_stmt virtual table so that it buffers all of
+ its output.
+
+- update to 3.39.0:
+ * Add (long overdue) support for RIGHT and FULL OUTER JOIN
+ * Add new binary comparison operators IS NOT DISTINCT FROM and
+ IS DISTINCT FROM that are equivalent to IS and IS NOT,
+ respective, for compatibility with PostgreSQL and SQL standards
+ * Add a new return code (value "3") from the sqlite3_vtab_distinct()
+ interface that indicates a query that has both DISTINCT and
+ ORDER BY clauses
+ * Added the sqlite3_db_name() interface
+ * The unix os interface resolves all symbolic links in database
+ filenames to create a canonical name for the database before
+ the file is opened
+ * Defer materializing views until the materialization is actually
+ needed, thus avoiding unnecessary work if the materialization
+ turns out to never be used
+ * The HAVING clause of a SELECT statement is now allowed on any
+ aggregate query, even queries that do not have a GROUP BY
+ clause
+ * Many microoptimizations collectively reduce CPU cycles by about
+ 2.3%.
+- drop sqlite-src-3380100-atof1.patch, included upstream
+- add sqlite-src-3390000-func7-pg-181.patch to skip float precision
+ related test failures on 32 bit
+
+- update to 3.38.5:
+ * Fix a blunder in the CLI of the 3.38.4 release
+- includes changes from 3.38.4:
+ * fix a byte-code problem in the Bloom filter pull-down
+ optimization added by release 3.38.0 in which an error in the
+ byte code causes the byte code engine to enter an infinite loop
+ when the pull-down optimization encounters a NULL key
+
+- update to 3.38.3:
+ * Fix a case of the query planner be overly aggressive with
+ optimizing automatic-index and Bloom-filter construction,
+ using inappropriate ON clause terms to restrict the size of the
+ automatic-index or Bloom filter, and resulting in missing rows
+ in the output.
+ * Other minor patches. See the timeline for details.
+
+- update to 3.38.2:
+ * Fix a problem with the Bloom filter optimization that might
+ cause an incorrect answer when doing a LEFT JOIN with a WHERE
+ clause constraint that says that one of the columns on the
+ right table of the LEFT JOIN is NULL.
+ * Other minor patches.
+
+- Remove obsolete configure flags
+- Package the Tcl bindings here again so that we only ship one copy
+ of SQLite (bsc#1195773).
+
+- update to 3.38.1:
+ * Fix problems with the new Bloom filter optimization that might
+ cause some obscure queries to get an incorrect answer.
+ * Fix the localtime modifier of the date and time functions so
+ that it preserves fractional seconds.
+ * Fix the sqlite_offset SQL function so that it works correctly
+ even in corner cases such as when the argument is a virtual
+ column or the column of a view.
+ * Fix row value IN operator constraints on virtual tables so that
+ they work correctly even if the virtual table implementation
+ relies on bytecode to filter rows that do not satisfy the
+ constraint.
+ * Other minor fixes to assert() statements, test cases, and
+ documentation. See the source code timeline for details.
+- add upstream patch to run atof1 tests only on x86_64
+ sqlite-src-3380100-atof1.patch
+
+- update to 3.38.0
+ * Add the -> and ->> operators for easier processing of JSON
+ * The JSON functions are now built-ins
+ * Enhancements to date and time functions
+ * Rename the printf() SQL function to format() for better
+ compatibility, with alias for backwards compatibility.
+ * Add the sqlite3_error_offset() interface for helping localize
+ an SQL error to a specific character in the input SQL text
+ * Enhance the interface to virtual tables
+ * CLI columnar output modes are enhanced to correctly handle tabs
+ and newlines embedded in text, and add options like "--wrap N",
+ "--wordwrap on", and "--quote" to the columnar output modes.
+ * Query planner enhancements using a Bloom filter to speed up
+ large analytic queries, and a balanced merge tree to evaluate
+ UNION or UNION ALL compound SELECT statements that have an
+ ORDER BY clause.
+ * The ALTER TABLE statement is changed to silently ignores
+ entries in the sqlite_schema table that do not parse when
+ PRAGMA writable_schema=ON
+
+- update to 3.37.2:
+ * Fix a bug introduced in version 3.35.0 (2021-03-12) that can
+ cause database corruption if a SAVEPOINT is rolled back while
+ in PRAGMA temp_store=MEMORY mode, and other changes are made,
+ and then the outer transaction commits
+ * Fix a long-standing problem with ON DELETE CASCADE and ON
+ UPDATE CASCADE in which a cache of the bytecode used to
+ implement the cascading change was not being reset following a
+ local DDL change
+
+- update to 3.37.1:
+ * Fix a bug introduced by the UPSERT enhancements of version
+ 3.35.0 that can cause incorrect byte-code to be generated for
+ some obscure but valid SQL, possibly resulting in a NULL-
+ pointer dereference.
+ * Fix an OOB read that can occur in FTS5 when reading corrupt
+ database files.
+ * Improved robustness of the --safe option in the CLI.
+ * Other minor fixes to assert() statements and test cases.
+
+- SQLite3 3.37.0:
+ * STRICT tables provide a prescriptive style of data type
+ management, for developers who prefer that kind of thing.
+ * When adding columns that contain a CHECK constraint or a
+ generated column containing a NOT NULL constraint, the
+ ALTER TABLE ADD COLUMN now checks new constraints against
+ preexisting rows in the database and will only proceed if no
+ constraints are violated.
+ * Added the PRAGMA table_list statement.
+ * Add the .connection command, allowing the CLI to keep multiple
+ database connections open at the same time.
+ * Add the --safe command-line option that disables dot-commands
+ and SQL statements that might cause side-effects that extend
+ beyond the single database file named on the command-line.
+ * CLI: Performance improvements when reading SQL statements that
+ span many lines.
+ * Added the sqlite3_autovacuum_pages() interface.
+ * The sqlite3_deserialize() does not and has never worked
+ for the TEMP database. That limitation is now noted in the
+ documentation.
+ * The query planner now omits ORDER BY clauses on subqueries and
+ views if removing those clauses does not change the semantics
+ of the query.
+ * The generate_series table-valued function extension is modified
+ so that the first parameter ("START") is now required. This is
+ done as a way to demonstrate how to write table-valued
+ functions with required parameters. The legacy behavior is
+ available using the -DZERO_ARGUMENT_GENERATE_SERIES
+ compile-time option.
+ * Added new sqlite3_changes64() and sqlite3_total_changes64()
+ interfaces.
+ * Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
+ * Use less memory to hold the database schema.
+ * bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
+ extension when a column has no collating sequence.
+
sudo
+- Modified sudo-sudoers.patch
+ * bsc#1177578
+ * Removed redundant and confusing 'secure_path' settings in
+ sudo-sudoers file.
+
+- Update to 1.9.11p3:
+ * Changes in Sudo 1.9.11
+ * Fixed a crash in the Python module with Python 3.9.10 on some systems.
+ Additionally, make check now passes for Python 3.9.10.
+ * Error messages sent via email now include more details, including the file
+ name and the line number and column of the error. Multiple errors are sent in
+ a single message. Previously, only the first error was included.
+ * Fixed logging of parse errors in JSON format. Previously, the JSON logger would
+ not write entries unless the command and runuser were set. These may not be
+ known at the time a parse error is encountered.
+ * Fixed a potential crash parsing sudoers lines larger than twice the value of
+ LINE_MAX on systems that lack the getdelim() function.
+ * The tests run by make check now unset the LANGUAGE environment variable.
+ Otherwise, localization strings will not match if LANGUAGE is set to a
+ non-English locale. Bug #1025.
+ * The “starttime†test now passed when run under Debian faketime. Bug #1026.
+ * The Kerberos authentication module now honors the custom password prompt if one
+ has been specified.
+ * The embedded copy of zlib has been updated to version 1.2.12.
+ * Updated the version of libtool used by sudo to version 2.4.7.
+ * Sudo now defines _TIME_BITS to 64 on systems that define __TIMESIZE in the
+ header files (currently only GNU libc). This is required to allow the use of
+ 64-bit time values on some 32-bit systems.
+ * Sudo’s intercept and log_subcmds options no longer force the command to run in
+ its own pseudo-terminal. It is now also possible to intercept the system(3) function.
+ * Fixed a bug in sudo_logsrvd when run in store-first relay mode where the commit
+ point messages sent by the server were incorrect if the command was suspended
+ or received a window size change event.
+ * Fixed a potential crash in sudo_logsrvd when the tls_dhparams configuration
+ setting was used.
+ * The intercept and log_subcmds functionality can now use ptrace(2) on Linux
+ systems that support seccomp(2) filtering. This has the advantage of working
+ for both static and dynamic binaries and can work with sudo’s SELinux RBAC mode.
+ The following architectures are currently supported: i386, x86_64, aarch64, arm,
+ mips (log_subcmds only), powerpc, riscv, and s390x. The default is to use
+ ptrace(2) where possible; the new intercept_type sudoers setting can be used
+ to explicitly set the type.
+ * New Georgian translation from translationproject.org.
+ * Fixed creating packages on CentOS Stream.
+ * Fixed a bug in the intercept and log_subcmds support where the execve(2)
+ wrapper was using the current environment instead of the passed environment
+ pointer. Bug #1030.
+ * Added AppArmor integration for Linux. A sudoers rule can now specify an
+ APPARMOR_PROFILE option to run a command confined by the named AppArmor profile.
+ * Fixed parsing of the server_log setting in sudo_logsrvd.conf. Non-paths were
+ being treated as paths and an actual path was treated as an error.
+ * Changes in Sudo 1.9.11p1:
+ * Correctly handle EAGAIN in the I/O read/right events. This fixes a hang seen on
+ some systems when piping a large amount of data through sudo, such as via rsync.
+ Bug #963.
+ * Changes to avoid implementation or unspecified behavior when bit shifting signed
+ values in the protobuf library.
+ * Fixed a compilation error on Linux/aarch64.
+ * Fixed the configure check for seccomp(2) support on Linux.
+ * Corrected the EBNF specification for tags in the sudoers manual page.
+ GitHub issue #153.
+ * Changes in Sudo 1.9.11p2:
+ * Fixed a compilation error on Linux/x86_64 with the x32 ABI.
+ * Fixed a regression introduced in 1.9.11p1 that caused a warning when logging to
+ sudo_logsrvd if the command returned no output.
+ * Changes in Sudo 1.9.11p3:
+ * Fixed “connection reset†errors on AIX when running shell scripts with the intercept
+ or log_subcmds sudoers options enabled. Bug #1034.
+ * Fixed very slow execution of shell scripts when the intercept or log_subcmds sudoers
+ options are set on systems that enable Nagle’s algorithm on the loopback device,
+ such as AIX. Bug #1034.
+ * Modified sudo-sudoers.patch
+- Added sudo-1.9.10-update_sudouser_to_utf8.patch
+ * [bsc#1197998]
+ * Enable sudouser LDAP schema to use UTF-8 encodings.
+ * Sourced from https://github.com/sudo-project/sudo/pull/163
+ * Credit to William Brown, william.brown@suse.com
+
+- Use %_pam_vendordir macro
+- Fix errors around LICENSE.md (fixes building on SLE12 SP5 again)
+
+- update to 1.9.10:
+ * Added new log_passwords and passprompt_regex sudoers options. If
+ log_passwords is disabled, sudo will attempt to prevent passwords from being
+ logged. If sudo detects any of the regular expressions in the passprompt_regex
+ list in the terminal output, sudo will log ‘*’ characters instead of the
+ terminal input until a newline or carriage return is found in the input or an
+ output character is received.
+ * Added new log_passwords and passprompt_regex settings to sudo_logsrvd that
+ operate like the sudoers options when logging terminal input.
+ * Fixed several few bugs in the cvtsudoers utility when merging multiple sudoers
+ sources.
+ * Fixed a bug in sudo_logsrvd parsing the sudo_logsrvd.conf file, where the
+ retry_interval in the [relay] section was not being recognized.
+ * Restored the pre-1.9.9 behavior of not performing authentication when sudo’s -n
+ option is specified. A new noninteractive_auth sudoers option has been added to
+ enable PAM authentication in non-interactive mode. GitHub issue #131.
+ * On systems with /proc, if the /proc/self/stat (Linux) or /proc/pid/psinfo
+ (other systems) file is missing or invalid, sudo will now check file
+ descriptors 0-2 to determine the user’s terminal. Bug #1020.
+ * Fixed a compilation problem on Debian kFreeBSD. Bug #1021.
+ * Fixed a crash in sudo_logsrvd when running in relay mode if an alert message is
+ received.
+ * Fixed an issue that resulting in “problem with defaults entries†email to be
+ sent if a user ran sudo when the sudoers entry in the nsswitch.conf file
+ includes “sss†but no sudo provider is configured in /etc/sssd/sssd.conf.
+ * Updated the warning displayed when the invoking user is not allowed to run
+ sudo. If sudo has been configured to send mail on failed attempts (see the
+ mail_* flags in sudoers), it will now print “This incident has been reported to
+ the administrator.†If the mailto or mailerpath sudoers settings are disabled,
+ the message will not be printed and no mail will be sent.
+ * Fixed a bug where the user-specified command timeout was not being honored if
+ the sudoers rule did not also specify a timeout.
+ * Added support for using POSIX extended regular expressions in sudoers rules. A
+ command and/or arguments in sudoers are treated as a regular expression if they
+ start with a ‘^’ character and end with a ‘$’. The command and arguments are
+ matched separately, either one (or both) may be a regular expression.
+ * A user may now only run sudo -U otheruser -l if they have a “sudo ALLâ€
+ privilege where the RunAs user contains either root or otheruser. Previously,
+ having “sudo ALL†was sufficient, regardless of the RunAs user. GitHub issue
+ [#134].
+ * The sudo lecture is now displayed immediately before the password prompt. As a
+ result, sudo will no longer display the lecture unless the user needs to enter
+ a password. Authentication methods that don’t interact with the user via a
+ terminal do not trigger the lecture.
+ * Sudo now uses its own closefrom() emulation on Linux systems. The glibc version
+ may not work in a chroot jail where /proc is not available. If close_range(2)
+ is present, it will be used in preference to /proc/self/fd.
+- drop sudo-1.9.9-honor-T_opt.patch , feature-upstream-restrict-sudo-U-other-l.patch
+ (upstream)
+
unzip
+- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
+ to a local string (CVE-2022-0530, bsc#1196177)
+ * CVE-2022-0530.patch
+- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
+ conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
+ * CVE-2022-0529.patch
+
-- fix defaultattr for old distros
-
-- split the rcc dependency into a spec file of it's own, we don't
- need that complexity during build causing cycles like this:
- unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
-
-- Cleanup spec file
-- Add Source URL, see https://en.opensuse.org/SourceUrls
-
-- Don't call isprint (bnc#620483).
-
-- remove use of __DATE__ from correct file
-
-- Sync our compile time flags with Debian except Acorn stuff, this enables
- UTF-8, saves an unrelated warning about lchmod being not implemented.
-- Enable make check
-
-- use dlopen for librcc0. A direct requires causes lots of other
- packages to get installed such as aspell which bloats a minimal
- install.
-
-- Do not include build host specific info like build dates In
- binaries.
-
-- Doing open(O_WRONLY) and then fdopen("w+") will now fail with
- "Invalid Argument" whereas former glibcs would succeed. So now
- do open(O_RDWR).
-- Print error message when open(2) fails.
-- Add debugging traces in open_outfile.
-
-- Update to 6.0:
- * Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
- entries larger than 4 GiBytes and more than 65536 entries within a
- single Zip archive. This support is currently only available for Unix,
- OpenVMS and Win32/Win64.
- * Support for bzip2 compression method.
- * Support for UTF-8 encoded entry names, both through PKWARE's "General
- Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
- extra field. (Currently, on Windows the UTF-8 handling is limited to
- the character subset contained in the configured non-unicode "system
- code page".)
- * Fixed "Time of Creation/Time of Use" vulnerability when setting
- attributes of extracted files, for Unix and Unix-like ports.
- * Fixed memory leak when processing invalid deflated data.
- * Fixed long-standing bug in unshrink (partial_clear), added boundary
- checks against invalid compressed data.
- * On Unix, keep inherited SGID attribute bit for extracted directories
- unless restoration of owner/group id or SUID/SGID/Tacky attributes was
- requested.
- * On Unix, allow extracted filenames to contain embedded control
- characters when explicitly requested by specifying the new command line
- option "-^".
- * On Unix, support restoration of symbolic link attributes.
- * On Unix, support restoration of 32-bit UID/GID data using the new "ux"
- IZUNIX3 extra field introduced with Zip 3.0.
- * Support symbolic links zipped up on VMS.
- * New -D option to suppress restoration of timestamps for extracted
- directory entries (on those ports that support setting of directory
- timestamps). By specifying "-DD", this new option also allows to
- suppress timestamp restoration for ALL extracted files on all UnZip
- ports which support restoration of timestamps. On VMS, the default
- behaviour is now to skip restoration of directory timestamps; here,
- "--D" restores ALL timestamps, "-D" restores none.
- * On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
- to allow saving backup copies of overwritten files on extraction is now
- enabled by default.
-
-- Use librcc to convert russian/slavic file names (bnc#540598).
-
-- enable parallel building
-
util-linux
+- Update to version 2.37.4 (PED-1869):
+ * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+ SUSE is not affected (bsc#1196241).
+ * CVE-2021-3996 (bsc#1194976, obsoletes
+ util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch)
+ Improper UID check in libmount allows an unprivileged user to unmount FUSE
+ filesystems of users with similar UID.
+ * CVE-2021-3995 (bsc#1194976, obsoletes
+ util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch)
+ This issue is related to parsing the /proc/self/mountinfo file allows an
+ unprivileged user to unmount other user's filesystems that are either
+ world-writable themselves or mounted in a world-writable directory.
+- linux-fs.patch: Fix conflict between <linux/fs.h> and <sys/mount.h>
+
+- libuuid improvements (bsc#1201959, PED-1150):
+ * libuuid: Fix range when parsing UUIDs
+ (util-linux-libuuid-uuid_parse-overrun.patch).
+ * Improve cache handling for short running applications-increment
+ the cache size over runtime
+ (util-linux-libuuid-improve-cache-handling.patch).
+ * Implement continuous clock handling for time based UUIDs
+ (util-linux-libuuid-continuous-clock-handling.patch).
+ * Check clock value from clock file to provide seamless libuuid
+ update (util-linux-libuuid-check-clock-value.patch).
+
util-linux-systemd
+- Update to version 2.37.4 (PED-1869):
+ * Fix security issue in chsh(1) and chfn(8) (CVE-2022-0563).
+ SUSE is not affected (bsc#1196241).
+ * CVE-2021-3996 (bsc#1194976, obsoletes
+ util-linux-libmount-fix-deleted-suffix-CVE-2021-3996.patch)
+ Improper UID check in libmount allows an unprivileged user to unmount FUSE
+ filesystems of users with similar UID.
+ * CVE-2021-3995 (bsc#1194976, obsoletes
+ util-linux-libmount-check-fuse-umount-CVE-2021-3995.patch)
+ This issue is related to parsing the /proc/self/mountinfo file allows an
+ unprivileged user to unmount other user's filesystems that are either
+ world-writable themselves or mounted in a world-writable directory.
+- linux-fs.patch: Fix conflict between <linux/fs.h> and <sys/mount.h>
+
+- libuuid improvements (bsc#1201959, PED-1150):
+ * libuuid: Fix range when parsing UUIDs
+ (util-linux-libuuid-uuid_parse-overrun.patch).
+ * Improve cache handling for short running applications-increment
+ the cache size over runtime
+ (util-linux-libuuid-improve-cache-handling.patch).
+ * Implement continuous clock handling for time based UUIDs
+ (util-linux-libuuid-continuous-clock-handling.patch).
+ * Check clock value from clock file to provide seamless libuuid
+ update (util-linux-libuuid-check-clock-value.patch).
+
vsftpd
+- Apply "disable-tls13-to-support-older-openssl-versions.patch"
+ when building on SLE-15. This is necessary, because openssl_1_1
+ on that codestream is version 1.1.0 rather than 1.1.1 and that
+ older version has no TLSv1.3 support. [bsc#1187686]
+
+- When building on Tumbleweed, move logrotate files from user
+ specific directory /etc/logrotate.d to vendor specific directory
+ /usr/etc/logrotate.d. Builds on other codestreams still use the
+ original location.
+
+- Use rpm conditional to build against the proper OpenSSL version
+ on all distributions. [jsc#PM-3322, bsc#1187686]
+
-- Apply "add vsftpd-allow-dev-log-socket.patch" to allow sendto()
+- Apply "vsftpd-allow-dev-log-socket.patch" to allow sendto()
webkit2gtk3
+- Update to version 2.36.8 (boo#1203530):
+ + Fix jumpy elements when scrolling GitLab and other web sites.
+ + Fix WebKitWebView:web-process-terminated signal not being
+ emitted for the first web view when sandboxing is enabled.
+ + Fix hang when opening HTML <select> elements in GTK4 builds.
+ + Fix kinetic scrolling with elements that use overflow
+ scrolling.
+ + Fix several crashes and rendering issues.
+ + Security fixes: CVE-2022-32886, CVE-2022-32912.
+
yast2
+- add Yast::ReducedRecorder for Cheetah to filter out certain streams to
+ be able to not log sensitive information (bsc#1201962)
+- 4.5.16
+
+- Better detection of YaST2 Journal (related to bsc#1199840).
+- 4.5.15
+
yast2-bootloader
+- write stage1 location on transactional systems (bsc#1128853)
+- 4.5.6
+
+- bsc#1203418
+ - added default proposal for hidden timeout
+- 4.5.5
+
yast2-iscsi-client
+- replace .process agent with running Execute to respect changed
+ root (bsc#1128853)
+- drop spec dependencies on open-iscsi and iscsiuio as it is needed
+ only on target system. This allows container size reduction
+ (bsc#1128853)
+- 4.5.5
+
yast2-journal
+- Fix Internal Error with systemd-251 again, the last change
+ uncovered another case (bsc#1203956).
+- 4.5.3
+
+- Localize date range in Change Filter dialog (B S Srinidhi,
+ bsc#1081459)
+- 4.5.2
+
yast2-kdump
+- bsc#1202575
+ - fixed internal error caused by bug in UI in 4.5.3
+- 4.5.5
+
yast2-network
+- Fixed issue when writing the NetworkManager config without a
+ gateway (bsc#1203866)
+- 4.5.8
+
yast2-ntp-client
+- Skip to write and update netconfig configuration when netconfig
+ executable does not exist (bsc#1198066, bsc#1202748)
+- 4.5.1
+
yast2-ruby-bindings
+- Dropped support for profiler / Y2PROFILER env var (bsc#1189647)
+- 4.5.3
+
yast2-storage-ng
+- Decouple user interface logic from the probing process
+ (related to gh#yast/d-installer#247).
+- 4.5.9
+