Packages changed:
  aaa_base (84.87+git20190404.8684de3 -> 84.87+git20190418.d83e9d6)
  apparmor
  autofs
  bash
  bash-completion
  bind
  blog
  branding-openSUSE (15.0 -> 84.87.20180403)
  btrfsprogs (4.20.1 -> 5.1)
  bzip2
  ceph (14.2.0.300+gacd2f2b9e1 -> 14.2.1.463+g99339b576a)
  cloud-init
  cni (0.6.0 -> 0.7.0)
  cri-o (1.14.0 -> 1.14.1)
  curl (7.64.0 -> 7.65.0)
  dbus-1
  dhcp
  dracut
  e2fsprogs (1.45.0 -> 1.45.1)
  elfutils
  ethtool (5.0 -> 5.1)
  fuse
  gcc9 (8.3.1+r269200 -> 9.1.1+r271393)
  glib-networking (2.60.0.1 -> 2.60.2)
  glib2 (2.60.0 -> 2.60.3)
  glibc
  gnutls (3.6.6 -> 3.6.7)
  gpg2 (2.2.15 -> 2.2.16)
  grub2
  gsettings-desktop-schemas (3.28.1 -> 3.32.0)
  health-checker (1.2.2 -> 1.2.3)
  hwdata (0.321 -> 0.323)
  hwinfo (21.64 -> 21.66)
  installation-images-MicroOS (14.420 -> 14.427)
  iproute2 (4.20 -> 5.1)
  iputils (s20180629 -> s20190515)
  kdump
  kernel-default-base (5.0.6 -> 5.1.4)
  kernel-firmware (20190312 -> 20190514)
  kernel-source (5.0.6 -> 5.1.7)
  kmod (25 -> 26)
  krb5
  kubernetes (1.14.0 -> 1.14.1)
  kured (1.1.0 -> 1.2.0)
  ldb (1.4.3 -> 1.5.4)
  libaio
  libapparmor
  libcroco (0.6.12 -> 0.6.13)
  libedit
  libostree
  libpng16 (1.6.36 -> 1.6.37)
  libpsl (0.20.2 -> 0.21.0)
  libselinux
  libselinux-bindings
  libsoup (2.66.0 -> 2.66.2)
  libssh
  libtasn1
  libx86emu (2.2 -> 2.3)
  libxslt
  libyaml (0.2.1 -> 0.2.2)
  logrotate (3.14.0 -> 3.15.0)
  lsof
  lzo
  mozilla-nspr (4.20 -> 4.21)
  mozilla-nss (3.42.1 -> 3.43)
  multipath-tools (0.7.9+139+suse.ed9d450 -> 0.8.1+8+suse.8c11498)
  ncurses
  netcfg
  nghttp2 (1.36.0 -> 1.38.0)
  numactl
  open-lldp
  open-vm-tools
  openldap2
  openssh
  openssl (1.1.0h -> 1.1.1b)
  openssl-1_1 (1.1.0h -> 1.1.1b)
  p11-kit
  pam
  pam-config (0.96 -> 1.0)
  patterns-containers
  patterns-microos
  pcre2 (10.32 -> 10.33)
  permissions (20190212 -> 20190429)
  podman (1.2.0 -> 1.3.1)
  python-Jinja2 (2.10 -> 2.10.1)
  python-base (2.7.15 -> 2.7.16)
  python-cffi (1.12.2 -> 1.12.3)
  python-ecdsa (0.13 -> 0.13.2)
  python-ipy (0.83 -> 1.00)
  python-jsonpatch
  python-jsonschema (3.0.1 -> 2.6.0)
  python-pycryptodome (3.7.2 -> 3.8.1)
  python-pyparsing (2.3.0+git.1546912853.bf348d6 -> 2.4.0)
  python-pyserial
  python-pytz (2018.9 -> 2019.1)
  python-requests (2.21.0 -> 2.22.0)
  python-rpm-macros (20190402.c88be49 -> 20190430.5260267)
  python-semanage
  python-setuptools (40.8.0 -> 41.0.1)
  python-urllib3 (1.24.1 -> 1.24.2)
  rdma-core (22.1 -> 23.1)
  reiserfs
  rpm
  rpm-config-SUSE (0.g11 -> 0.g14)
  rsync
  runc (1.0.0~rc6 -> 1.0.0~rc8)
  salt (2018.3.2 -> 2019.2.0)
  sg3_utils (1.43 -> 1.45~815+5.6aa67ed)
  shadow
  shared-mime-info
  socat (1.7.3.2 -> 1.7.3.3)
  sssd (2.0.0 -> 2.1.0)
  suse-module-tools
  system-user-root (20170617 -> 20190513)
  systemd (241 -> 242)
  systemd-presets-common-SUSE
  sysuser-tools
  sysvinit
  talloc (2.1.14 -> 2.1.16)
  tdb (1.3.16 -> 1.3.18)
  tevent (0.9.37 -> 0.9.39)
  transactional-update (2.14.1 -> 2.14.2)
  ucode-intel (20190312 -> 20190514)
  util-linux (2.33.1 -> 2.33.2)
  util-linux-systemd (2.33.1 -> 2.33.2)
  vim (8.1.1066 -> 8.1.1330)
  xen (4.12.0_08 -> 4.12.0_12)
  xfsprogs (4.20.0 -> 5.0.0)
  xmlsec1 (1.2.26 -> 1.2.28)
  yast2 (4.1.67 -> 4.2.3)
  zstd (1.3.8 -> 1.4.0)

=== Details ===

==== aaa_base ====
Version update (84.87+git20190404.8684de3 -> 84.87+git20190418.d83e9d6)

- Update to version 84.87+git20190418.d83e9d6:
  * convert_sysctl isn't needed anymore
- Update to version 84.87+git20190418.f488c70:
  * Remove sysconfig/sysctl to sysctl.conf merge, there is no active
    distribution anymore from which we support an update with this.
- Update to version 84.87+git20190418.155e7f0:
  * Remove sysconfig/cron to tmpfiles, we don't support upgrade from
    such old distributions to Factory anymore.
  * /etc/sysconfig/boot and /etc/sysconfig/shutdown don't exist anymore,
    no need to remove single variables from it.
  * Remove obsolete code for /etc/psdevtab and YaST
- Remove over 12 year old compat provides
- Remove BuildRequires for net-tools, the code was removed and this
  package does not contain the wanted tool anymore
- Replace net-tools with successors in Recommends
- Update to version 84.87+git20190418.a543e8e:
  * Remove rc.splash and rc.status, now part of insserv-compat [bsc#1132738]

==== apparmor ====
Subpackages: apparmor-abstractions apparmor-parser apparmor-profiles apparmor-utils perl-apparmor python3-apparmor

- Disable LTO (boo#1133091).
- update lessopen.sh profile for usrMerge (bash and tar) (boo#1132350)

==== autofs ====

- Remove legacy LSB-init script code, we don't have that anymore.

==== bash ====

- Add official patch bash50-004
  * In bash-5.0, the `wait' builtin without arguments waits for all children of the
    shell. This includes children it `inherited' at shell invocation time. This
    patch modifies the behavior to not wait for these inherited children, some
    of which might be long-lived.
- Add official patch bash50-005
  * In certain cases, bash optimizes out a fork() call too early and prevents
    traps from running.
- Add official patch bash50-006
  * Bash-5.0 did not build successfully if SYSLOG_HISTORY was defined without
    also defining SYSLOG_SHOPT.
- Add official patch bash50-007
  * Running `exec' when job control was disabled, even temporarily, but after it
    had been initialized, could leave the terminal in the wrong process group for
    the executed process.

==== bash-completion ====

- Add patch gcc-564d068.patch from pull request 564d068 of
  Martin to upstream of bash-completion

==== bind ====
Subpackages: bind-utils libbind9-160 libdns169 libirs160 libisc166 libisccc160 libisccfg160 liblwres160 python3-bind

- Add FIPS patch back into bind (bsc#1128220)
- File: bind-fix-fips.patch

==== blog ====

- Implement shared library packaging guideline.

==== branding-openSUSE ====
Version update (15.0 -> 84.87.20180403)

- Rewrite the spec and makefile to make it easier to contibute
- Change the default plymouth theme to bgrt

==== btrfsprogs ====
Version update (4.20.1 -> 5.1)
Subpackages: btrfsprogs-udev-rules libbtrfs0

- update to version 5.1
  * repair: flush/FUA support to avoid breaking metadata COW
  * file extents repair no longer relies on data in extent tree
  * lowmem: fix false error reports about gaps between extents
  * add inode mode check and repair for various objects
  * add check for invalid combination of nocow/compressed extents
  * device scan option to forget scanned devices [new]
  * mkfs: use same chunk size as kernel for initial creation
  * dev-repace: better report when other exclusive operation runs
  * help for sntax errors on command lines, print relevant msgs
  * defrag: able to open files in RO mode
  * dump-tree: --block can be specified multiple times
- update to version 4.20.2
  * dump-super: minor output fixup
  * revert fix for prefix detection of receive path, this is temporary and
  unbreaks existing user setups

==== bzip2 ====

- add bzip2-1.0.6-CVE-2016-3189.patch to fix a heap use after
  free vulnerability that was reported in bzip2recover [bsc#985657]
  [CVE-2016-3189]

==== ceph ====
Version update (14.2.0.300+gacd2f2b9e1 -> 14.2.1.463+g99339b576a)
Subpackages: ceph-common libcephfs2 librados2 libradosstriper1 librbd1 librgw2 python3-ceph-argparse python3-cephfs python3-rados python3-rbd python3-rgw

- Update to 14.2.1-463-g99339b576a:
  + qa/deepsea: redirect journalctl output to a logfile
  + spec: install/package ceph-volume lvmcache plugin
  + common: make ms_bind_msgr2 default to "false" (bsc#1124957)
- Update to 14.2.1-457-gb42e3171b3:
  + qa/deepsea/salt:
  * 1node5disks salt configuration
  * grafana_service_check validation test
  * Disk drive replacement test
  * use "ceph_cm_ansible: false" instead of "ceph_cm: salt"
  + spec: Disable LTO in spec when being used (bsc#1135030)
- civetweb: fix file descriptor leak (bsc#1125080, CVE-2019-3821)
  (fix has been in since February 2019)
- rgw: sanitize customer encryption keys from log output in v4 auth
  (bsc#1121567, CVE-2018-16889) (fix has been in since February 2019)
- Update to 14.2.1-448-g1bd10a856f:
  + monitoring: update Grafana dashboards
  + mgr/dashboard: fix some performance data are not displayed
  + monitoring: SNMP OID per every Prometheus alert rule
  + mgr/dashboard: Validate if any client belongs to more than one group
  + mgr/dashboard: Admin resource not honored
  + mgr/dashboard: Unable to see tcmu-runner perf counters (bsc#1135388)
  + mgr/dashboard: iSCSI form does not support IPv6
- Update to 14.2.1-440-g0ac6920288:
  + rebase on top of upstream nautilus branch, SHA1 1dc43a036fcc0121e3a0c1fe7ca6cd77cde1bf60
  + client: fix vxattr nanosecond field padding (bsc#1135219, bsc#1135221)
- Update to 14.2.1-431-gd032e5dd80:
  + ReplicatedPG: add CHECKSUM->CMPEXT req translation (bsc#1123360)
  + MDS + libcephfs snapshot btime support (jsc#SES-183)
- Update to 14.2.1-423-g3df171fd28:
  + rgw: cloud sync fixes (jsc#SES-97)
- Update to 14.2.1-419-gb72ca927c1:
  + rebase on top of upstream nautilus branch, SHA1 8e188313cf2f790f131e21a3a02094e32cf02087
  + replaced ~25 downstream ceph-volume lvmcache commits with a single squashed commit
  + rgw: object expirer fixes (bsc#1133139)
  + rgw_lc: use a new bl while encoding RGW_ATTR_LC (jsc#SES-327)
  + rgw: beast IPv6 (jsc#SES-454)
- Update to 14.2.1-426-g7a12897012:
  + nautilus: core: Give recovery for inactive PGs a higher priority (bsc#1133461)
  + spec: new subpackage ceph-prometheus-alerts
  + nautilus: librbd: re-add support for nautilus clients talking to jewel clusters
  + systemd: ceph-mgr: set MemoryDenyWriteExecute to false
- Update to 14.2.1-345-g040ffffe0e:
  + Upstream v14.2.1 release
    draft release notes: https://github.com/ceph/ceph/pull/27793
  + rpm: have pybind RPMs provide/obsolete their python2 predecessors (bsc#1125899)
  + ceph-volume: add lvmcache plugin (jsc#SES-267)
- Update to 14.2.0-636-g19cfb53b0c:
  + rebase on top of upstream nautilus branch, SHA1 d947e804dd316c89c28d25948947927fa290e227
  + downstream branding no longer displays Ceph logo in error popup (bsc#1131984)
  + mgr: make run-tox.sh scripts more robust (jsc#SES-478)
- Update to 14.2.0-465-gdfed19b089:
  + rebase on top of upstream nautilus branch, SHA1 c09e90d1847fc4ffdd7384c9adf7f60c13479095
  * dashboard improvements:
    [#] Add Polish language
    [#] Add date range and log search functionality
    [#] Add refresh interval to the dashboard landing page
    [#] Add separate option to config SSL port
    [#] Filter iSCSI target images based on required features
    [#] Fixed auth TTL expired error
    [#] Fixed error when trying to create NFS export without "NFSv3"
    [#] Fixed error when trying to create NFS export without "UDP"
- Update to 14.2.0-345-g183e6fe4f5:
  + rebase on top of upstream nautilus branch, upstream SHA1 d4290f8edcbadbfecb9396a43a586afe0d0afd00
  * common/blkdev: get_device_id: behave if model is lvm and id_model_enc isn't there
  * mon/Monitor.cc: print min_mon_release correctly
  * mgr/dashboard: dashboard giving 401 unauthorized
- _constraints: increase x86_64 ceph memory constraint to 10G
  after seeing "memory exhausted" build failure on a machine with 9.8G
  total memory (including swap)
- Update to 14.2.0-328-gf3638ba646:
  + rebase on top of upstream nautilus branch, upstream SHA1 41b9e7f94f1f08e8607ef574befaaaf6998a89dd
  * librbd: ignore -EOPNOTSUPP errors when retrieving image group membership
  * crush: various fixes for weight-sets, the osd_crush_update_weight_set option, and tests
  * osd/OSDMap: add 'zone' to default crush map
  * common/blkdev: handle devices with ID_MODEL as "LVM PV ..." but valid ID_MODEL_ENC
  * mgr/orchestrator: Add error handling to interface
  * mon/OSDMonitor: allow 'osd pool set pgp_num_actual'
  * rgw: ldap: fix early return in LDAPAuthEngine::init w/uri not empty()
  * mon/MgrStatMonitor: ensure only one copy of initial service map
  + drop downstream patch "rgw: dmclock: async scheduler: wrap yield_ctx around
    ifdefs" (replaced by https://github.com/ceph/ceph/pull/26634)
- _constraints: increase aarch64 ceph memory constraint to 10G
  after seeing "memory exhausted" build failure on a machine with 9.8G
  total memory (including swap)

==== cloud-init ====

- Update cloud-init-write-routes.patch (bsc#1132692)
  + Properly accumulate all the defined routes for a given network device.
    Previously only the last defined route was written to the routes file.
- Update cloud-init-trigger-udev.patch (bsc#1125950)
  + Write the udev rules to a different file than the default
  + Settle udev if not all configured devices are in the device tree to
    avoid race condition between udev and cloud-init

==== cni ====
Version update (0.6.0 -> 0.7.0)

- Update to version 0.7.0:
  * Spec changes:
    + Use more RFC2119 style language in specification (must, should...)
    + add notes about ADD/DEL ordering
    + Make the container ID required and unique.
    + remove the version parameter from ADD and DEL commands.
    + Network interface name matters
    + be explicit about optional and required structure members
    + add CHECK method
    + Add a well-known error for "try again"
    + SPEC.md: clarify meaning of 'routes'
  * Library changes:
    + pkg/types: Makes IPAM concrete type
    + libcni: return error if Type is empty
    + skel: VERSION shouldn't block on stdin
    + non-pointer instances of types.Route now correctly marshal to JSON
    + libcni: add ValidateNetwork and ValidateNetworkList functions
    + pkg/skel: return error if JSON config has no network name
    + skel: add support for plugin version string
    + libcni: make exec handling an interface for better downstream testing
    + libcni: api now takes a Context to allow operations to be timed out or cancelled
    + types/version: add helper to parse PrevResult
    + skel: only print about message, not errors
    + skel,invoke,libcni: implementation of CHECK method
    + cnitool: Honor interface name supplied via CNI_IFNAME environment variable.
    + cnitool: validate correct number of args
    + Don't copy gw from IP4.Gateway to Route.GW When converting from 0.2.0
    + add PrintTo method to Result interface
    + Return a better error when the plugin returns none
- Install sleep binary into CNI plugin directory
- Restore build.sh script which was removed upstream

==== cri-o ====
Version update (1.14.0 -> 1.14.1)
Subpackages: cri-o-kubeadm-criconfig

- Add _constraints to avoid OOM
- Update cri-o to v1.14.1
  * Add min memory limit check to sandbox_run_linux.go
  * Fix crash when network namespace is not setup
  * Log oom_handling_score failure to debug
  * Fix possible out of bounds access during log parsing
  * Fix sandbox segfault with manage_network_ns_lifecycle
- Add registry-mirror.patch
- Update repository paths from `kubernetes-sigs` to `cri-o`
- Remove unnecessary ostree dependency
- Use /opt/cni/bin as the additional directory where cri-o is going
  to look up for CNI plugins installed by DaemonSets running on
  Kubernetes (i.e. Cilium).
- Update the configuration to fallback to the storage driver
  specified in libcontainers-common (`/etc/containers/storage.conf`)
- Update go version to >= 1.12 to be in sync with upstream

==== curl ====
Version update (7.64.0 -> 7.65.0)
Subpackages: libcurl4

- Update to 7.65.0 [bsc#1135176, CVE-2019-5435][bsc#1135170, CVE-2019-5436]
  * Changes:
  - CURLOPT_DNS_USE_GLOBAL_CACHE: removed
  - CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse
  - pipelining: removed
  * Bugfixes:
  - CVE-2019-5435: Integer overflows in curl_url_set
  - CVE-2019-5436: tftp: use the current blksize for recvfrom()
  - --config: clarify that initial : and = might need quoting
  - CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk
  - CURLOPT_ADDRESS_SCOPE: fix range check and more
  - CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value
  - CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE
  - CURL_MAX_INPUT_LENGTH: largest acceptable string input size
  - Curl_disconnect: treat all CONNECT_ONLY connections as "dead"
  - OS400/ccsidcurl: replace use of Curl_vsetopt
  - OpenSSL: Report -fips in version if OpenSSL is built with FIPS
  - WRITEFUNCTION: add missing set_in_callback around callback
  - altsvc: Fix building with cookies disabled
  - auth: Rename the various authentication clean up functions
  - base64: build conditionally if there are users
  - cmake: avoid linking executable for some tests with cmake 3.6+
  - cmake: clear CMAKE_REQUIRED_LIBRARIES after each use
  - cmake: set SSL_BACKENDS
  - configure: avoid unportable '==' test(1) operator
  - configure: error out if OpenSSL wasn't detected when asked for
  - configure: fix default location for fish completions
  - cookie: Guard against possible NULL ptr deref
  - curl: make code work with protocol-disabled libcurl
  - curl: report error for "--no-" on non-boolean options
  - curlver.h: use parenthesis in CURL_VERSION_BITS macro
  - docs/INSTALL: fix broken link
  - doh: acknowledge CURL_DISABLE_DOH
  - doh: disable DOH for the cases it doesn't work
  - examples: remove unused variables
  - ftplistparser: fix LGTM alert "Empty block without comment"
  - hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS
  - http: Ignore HTTP/2 prior knowledge setting for HTTP proxies
  - http: acknowledge CURL_DISABLE_HTTP_AUTH
  - http: mark bundle as not for multiuse on < HTTP/2 response
  - http_digest: Don't expose functions when HTTP and Crypto Auth are disabled
  - http_negotiate: do not treat failure of gss_init_sec_context() as fatal
  - http_ntlm: Corrected the name of the include guard
  - http_ntlm_wb: Handle auth for only a single request
  - http_ntlm_wb: Return the correct error on receiving an empty auth message
  - lib509: add missing include for strdup
  - lib557: initialize variables
  - mbedtls: enable use of EC keys
  - mime: acknowledge CURL_DISABLE_MIME
  - multi: improved HTTP_1_1_REQUIRED handling
  - netrc: acknowledge CURL_DISABLE_NETRC
  - nss: allow fifos and character devices for certificates
  - nss: provide more specific error messages on failed init
  - ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup
  - ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4
  - openssl: mark connection for close on TLS close_notify
  - openvms: Remove pre-processor for SecureTransport
  - parse_proxy: use the URL parser API
  - parsedate: disabled on CURL_DISABLE_PARSEDATE
  - pingpong: disable more when no pingpong protocols are enabled
  - polarssl_threadlock: remove conditionally unused code
  - progress: acknowledge CURL_DISABLE_PROGRESS_METER
  - proxy: acknowledge DISABLE_PROXY more
  - resolve: apply Happy Eyeballs philosophy to parallel c-ares queries
  - revert "multi: support verbose conncache closure handle"
  - sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616
  - sasl: only enable if there's a protocol enabled using it
  - singleipconnect: show port in the verbose "Trying ..." message
  - socks5: user name and passwords must be shorter than 256
  - socks: fix error message
  - socksd: new SOCKS 4+5 server for tests
  - spnego_gssapi: fix return code on gss_init_sec_context() failure
  - ssh-libssh: remove unused variable
  - ssh: define USE_SSH if SSH is enabled (any backend)
  - ssh: move variable declaration to where it's used
  - test1002: correct the name
  - test2100: Fix typos in test description
  - tests: Run global cleanup at end of tests
  - tests: make Impacket (SMB server) Python 3 compatible
  - tool_cb_wrt: fix bad-function-cast warning
  - tool_formparse: remove redundant assignment
  - tool_help: Warn if curl and libcurl versions do not match
  - tool_help: include for strcasecmp
  - url: always clone the CUROPT_CURLU handle
  - url: convert the zone id from a IPv6 URL to correct scope id
  - urlapi: add CURLUPART_ZONEID to set and get
  - urlapi: increase supported scheme length to 40 bytes
  - urlapi: require a non-zero host name length when parsing URL
  - urlapi: stricter CURLUPART_PORT parsing
  - urlapi: strip off zone id from numerical IPv6 addresses
  - urlapi: urlencode characters above 0x7f correctly
  - vauth/cleartext: update the PLAIN login to match RFC 4616
  - vauth/oauth2: Fix OAUTHBEARER token generation
  - vauth: Fix incorrect function description for Curl_auth_user_contains_domain
  - vtls: fix potential ssl_buffer stack overflow
  - wildcard: disable from build when FTP isn't present
  - xattr: skip unittest on unsupported platforms
- Install curl.fish completions file from curl rather than from the fish package
- update to version 7.64.1
  * Changes:
  - alt-svc: experiemental support added
  - configure: add --with-amissl
  * Bugfixes:
  - AppVeyor: switch VS 2015 builds to VS 2017 image
  - CURLU: fix NULL dereference when used over proxy
  - Curl_easy: remove req.maxfd - never used!
  - Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning
  - DoH: inherit some SSL options from user's easy handle
  - Secure Transport: no more "darwinssl"
  - Secure Transport: tvOS 11 is required for ALPN support
  - cirrus: Added FreeBSD builds using Cirrus CI
  - cleanup: make local functions static
  - cli tool: do not use mime.h private structures
  - cmdline-opts/proxytunnel.d: the option tunnnels all protocols
  - configure: add additional libraries to check for LDAP support
  - configure: remove the unused fdopen macro
  - configure: show features as well in the final summary
  - conncache: use conn->data to know if a transfer owns it
  - connection: never reuse CONNECT_ONLY connections
  - connection_check: restore original conn->data after the check
  - connection_check: set ->data to the transfer doing the check
  - cookie: Add support for cookie prefixes
  - cookies: dotless names can set cookies again
  - cookies: fix NULL dereference if flushing cookies with no CookieInfo set
  - curl.1: --user and --proxy-user are hidden from ps output
  - curl.1: mark the argument to --cookie as
  - curl.h: use __has_declspec_attribute for shared builds
  - curl: display --version features sorted alphabetically
  - curl: fix FreeBSD compiler warning in the --xattr code
  - curl: remove MANUAL from -M output
  - curl_easy_duphandle.3: clarify that a duped handle has no shares
  - curl_multi_remove_handle.3: use at any time, just not from within callbacks
  - curl_url.3: this API is not experimental anymore
  - dns: release sharelock as soon as possible
  - docs: update max-redirs.d phrasing
  - examples/10-at-a-time.c: improve readability and simplify
  - examples/cacertinmem.c: use multiple certificates for loading CA-chain
  - examples/crawler: Fix the Accept-Encoding setting
  - examples/ephiperfifo.c: various fixes
  - examples/externalsocket: add missing close socket calls
  - examples/http2-download: cleaned up
  - examples/http2-serverpush: add some sensible error checks
  - examples/http2-upload: cleaned up
  - examples/httpcustomheader: Value stored to 'res' is never read
  - examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
  - examples/sftpuploadresume: Value stored to 'result' is never read
  - examples: only include
  - examples: remove recursive calls to curl_multi_socket_action
  - examples: remove superfluous null-pointer checks
  - file: fix "Checking if unsigned variable 'readcount' is less than zero."
  - fnmatch: disable if FTP is disabled
  - gnutls: remove call to deprecated gnutls_compression_get_name
  - gopher: remove check for path == NULL
  - gssapi: fix deprecated header warnings
  - hostip: make create_hostcache_id avoid alloc + free
  - http2: multi_connchanged() moved from multi.c, only used for h2
  - http2: verify :athority in push promise requests
  - http: make adding a blank header thread-safe
  - http: send payload when (proxy) authentication is done
  - http: set state.infilesize when sending multipart formposts
  - makefile: make checksrc and hugefile commands "silent"
  - mbedtls: make it build even if MBEDTLS_VERSION_C isn't set
  - mbedtls: release sessionid resources on error
  - memdebug: log pointer before freeing its data
  - memdebug: make debug-specific functions use curl_dbg_ prefix
  - mime: put the boundary buffer into the curl_mime struct
  - multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME
  - multi: remove verbose "Expire in" ... messages
  - multi: removed unused code for request retries
  - multi: support verbose conncache closure handle
  - negotiate: fix for HTTP POST with Negotiate
  - openssl: add support for TLS ASYNC state
  - openssl: if cert type is ENG and no key specified, key is ENG too
  - pretransfer: don't strlen() POSTFIELDS set for GET requests
  - rand: Fix a mismatch between comments in source and header
  - runtests: detect "schannel" as an alias for "winssl"
  - schannel: be quiet - remove verbose output
  - schannel: close TLS before removing conn from cache
  - schannel: support CALG_ECDH_EPHEM algorithm
  - scripts/completion.pl: also generate fish completion file
  - singlesocket: fix the 'sincebefore' placement
  - source: fix two 'nread' may be used uninitialized warnings
  - ssh: fix Condition '!status' is always true
  - ssh: loop the state machine if not done and not blocking
  - strerror: make the strerror function use local buffers
  - test578: make it read data from the correct test
  - tests: Fixed XML validation errors in some test files
  - tests: add stderr comparison to the test suite
  - tests: fix multiple may be used uninitialized warnings
  - threaded-resolver: shutdown the resolver thread without error message
  - tool_cb_wrt: fix writing to Windows null device NUL
  - tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr
  - tool_operate: build on AmigaOS
  - tool_operate: fix typecheck warning
  - transfer.c: do not compute length of undefined hex buffer
  - travis: add build using gnutls
  - travis: add scan-build
  - travis: bump the used wolfSSL version to 4.0.0
  - travis: enable valgrind for the iconv tests
  - travis: use updated compiler versions: clang 7 and gcc 8
  - unit1307: require FTP support
  - unit1651: survive curl_easy_init() fails
  - url/idnconvert: remove scan for <= 32 ascii values
  - url: change conn shutdown order to ensure SOCKETFUNCTION callbacks
  - urlapi: reduce variable scope, remove unreachable 'break'
  - urldata: convert bools to bitfields and move to end
  - urldata: simplify bytecounters
  - urlglob: Argument with 'nonnull' attribute passed null
  - version.c: silent scan-build even when librtmp is not enabled
  - vtls: rename some of the SSL functions
  - wolfssl: stop custom-adding curves
  - x509asn1: "Dereference of null pointer"
  - x509asn1: cleanup and unify code layout
  - zsh.pl: escape ':' character
  - zsh.pl: update regex to better match curl -h output
- Dropped patches fixed upstream:
  * 0001-connection_check-set-data-to-the-transfer-doing-the-.patch
  * 0002-connection_check-restore-original-conn-data-after-th.patch
  * curl-singlesocket-sincebefore-placement.patch

==== dbus-1 ====
Subpackages: libdbus-1-3

- Replace DISABLE_RESTART_ON_UPDATE with
  %service_del_postun_without_restart
- Remove version specific code to block all updates on restart as
  hopefully no tumbleweed versions still have code causing those
  issues (was only present for a few snapshots)
- Remove the Leap42 conditionals that cause file conflict with
  filesystem package

==== dhcp ====
Subpackages: dhcp-client

- Add workaround to require insserv-compat until the package is
  converted to full systemd units (boo#1133632).

==== dracut ====
Subpackages: dracut-ima

- dracut-lib.sh:dev_unit_name() guard against $dev beginning with "-" (bsc#1132448)
  * adds 0601-base-dracut-lib.sh-dev_unit_name-guard-against-dev-b.patch
- 95iscsi: avoid error messages when building initrd, multipath timeouts
  (bsc#1130114, bsc#1130107, bsc#1121238)
  * adds 0595-iscsi-don-t-continue-waiting-if-the-root-device-is-p.patch
  * adds 0596-network-stop-waiting-for-interfaces-if-root-device-i.patch
  * adds 0597-iscsiroot-parse_iscsi_root-overwrites-command-line-a.patch
  * adds 0598-iscsiroot-there-s-never-more-than-one-target-per-cal.patch
  * adds 0599-iscsiroot-try-targets-only-once.patch
  * adds 0600-iscsiroot-remove-bashisms.patch

==== e2fsprogs ====
Version update (1.45.0 -> 1.45.1)
Subpackages: libcom_err2 libext2fs2

- Remove unused configure-Fix-autoheader-failure.patch.
- Update to 1.45.1
  * Remove configure-Fix-autoheader-failure.patch (fixed upstream)
  * Debugfs now supports non-printable chars
  * E2fsck now checks to make sure all unused bits in block are set
  * E2fsck now supports writing out a problem code log
  * Fixed various casefold bugs
  * Fix mke2fs support for < 900TB disks
  * E2scrub will take its snapshots with UDISK_IGNORE
  * Dropped utf8/nls symbols from libext2fs shared library

==== elfutils ====
Subpackages: libasm1 libdw1 libebl-plugins libelf1

- Add gcc9-tests-Don-t-printf-a-known-NULL-symname.patch in order to
  fix boo#1120864.

==== ethtool ====
Version update (5.0 -> 5.1)

- Update to new upstream release 5.1
  * support for 200Gbps (50Gbps per lane) link modes
  * support for new PHY tunable Fast Link Down
  * new 'start N' option when setting Rx flow indirection table
  * add bash completion script
  * support show and set of per queue coalescing
  * fec: add pretty dump

==== fuse ====

- Move definition of _lto_cflags into %build.
- Disable LTO (boo#1133101).

==== gcc9 ====
Version update (8.3.1+r269200 -> 9.1.1+r271393)
Subpackages: libgcc_s1 libstdc++6

- Update to gcc-9-branch head (r271393).
- Always use ISL for crosses like for native compilers.
- Update to gcc-9-branch head (r271050).
- Strip -flto from $optflags as we use LTO bootstrap config.
- Update to GCC 9.1.0 release.
- Update to gcc-9-branch head (r270796).
- Enable D for s390x.
- Enable D for aarch64 and riscv64
- Update to gcc-9-branch head (r270689).
  * GCC 9.1 RC2.
- Update to gcc-9-branch head (r270591).
- Update to SVN trunk head (r270403).
- Use --enable-link-mutex for LTO builds to limit peak memory use.
- Omit libbacktrace .log files from gcc-testresults package to
  fix build.
- Update to SVN trunk head (r270275).
  * Includes gcc9-pgo-lto-bootstrap.patch.
- Update to SVN trunk head (r270202).
- Add gcc9-pgo-lto-bootstrap.patch in order to
  enable LTO on platforms where we use PGO (except i386).
- Limit LTO to new openSUSE.
- Increase constraints for targets that use LTO bootstrap.
- Do not use PGO and LTO in gcc9-testresults package.
- Define 'build_d' in cross.spec.in in order to repair cross package
  builds.
- Update to SVN trunk head (r270012).
- Update to SVN trunk head (r269761).
- Change URLs to use https.
- Update to SVN trunk head (r269411).

==== glib-networking ====
Version update (2.60.0.1 -> 2.60.2)

- Update to version 2.60.2:
  + OpenSSL backend now defaults to system trust store.
  + Fix client auth failure error with GnuTLS 3.6.7.
- Drop 0001-gnutls-Handle-new-GNUTLS_E_CERTIFICATE_REQUIRED.patch:
  fixed upstream.
- Handle new GnuTLS error GNUTLS_E_CERTIFICATE_REQUIRED
  + https://gitlab.gnome.org/GNOME/glib-networking/issues/70
  + add 0001-gnutls-Handle-new-GNUTLS_E_CERTIFICATE_REQUIRED.patch
- Update to version 2.60.1:
  + Improve reliability of client auth failure tests.
  + Fix excessive CPU usage after sync handshake.

==== glib2 ====
Version update (2.60.0 -> 2.60.3)
Subpackages: glib2-tools libgio-2_0-0 libglib-2_0-0 libgmodule-2_0-0 libgobject-2_0-0

- Set umask to 022 before running glib-compile-schemas
  (boo#1131761).
- Update to version 2.60.3:
  + * Various fixes to small key/value support in `GHashTable`.
  * Bugs fixed:
  - Critical in g_socket_client_async_connect_complete.
  - New GHashTable implementation confuses valgrind.
  - test_month_names: assertion failed.
  - GNetworkAddressAddressEnumerator unsafely modifies cache in
    GNetworkAddress.
  - Leaks in gsocketclient.c connection code.
  - glib/date test fails.
  - GDB pretty-printer for GHashTable no longer works
  + Updated translations.
- Move glib2.macros to %_rpmmacrodir. /etc is for the system admin.
- Update to version 2.60.2:
  + Fix crash when displaying notifications on macOS.
  + Improve network status detection with NetworkManager.
  + Bugs fixed: glgo#GNOME/GLib!790, glgo#GNOME/GLib!793,
    glgo#GNOME/GLib!803.
  + Updated translations.
- Use FAT LTO objects in order to provide proper static library (boo#1133129).
- Update to version 2.60.1:
  + Fix documentation for `gdbus-tool wait` to use correct units.
  + Bugs fixed: glgo#GNOME/GLib#1709, glgo#GNOME/GLib#1725,
    glgo#GNOME/GLib#1737, glgo#GNOME/GLib!711, glgo#GNOME/GLib!722,
    glgo#GNOME/GLib!727, glgo#GNOME/GLib!729, glgo#GNOME/GLib!758,
    glgo#GNOME/GLib!775.
  + Updated translations.
- Drop upstream fixed patch:
  0001-Handle-an-UNKNOWN-NetworkManager-connectivity-as-NONE.patch.

==== glibc ====
Subpackages: glibc-locale glibc-locale-base

- dl-show-auxv.patch: Fix output of LD_SHOW_AUXV=1
- s390-vx-vxe-hwcap.patch: S390: Mark vx and vxe as important hwcap
- taisho-era-string.patch: ja_JP: Change the offset for Taisho gan-nen
  from 2 to 1 (BZ #24162)
- malloc-tracing-hooks.patch: malloc: Set and reset all hooks for tracing
  (BZ #16573)
- pldd-inf-loop.patch: elf: Fix pldd (BZ#18035)
- malloc-large-bin-corruption-check.patch: malloc: Check for large bin
  list corruption when inserting unsorted chunk (BZ #24216)
- wfile-sync-crash.patch: Fix crash in _IO_wfile_sync (BZ #20568)

==== gnutls ====
Version update (3.6.6 -> 3.6.7)

- Trim useless %if..%endif guards that do not affect the build.
- Fix language errors in description again.
- Update gnutls to 3.6.7
  * * libgnutls, gnutls tools: Every gnutls_free() will automatically set
    the free'd pointer to NULL. This prevents possible use-after-free and
    double free issues. Use-after-free will be turned into NULL dereference.
    The counter-measure does not extend to applications using gnutls_free().
  * * libgnutls: Fixed a memory corruption (double free) vulnerability in the
    certificate verification API. Reported by Tavis Ormandy; addressed with
    the change above. [GNUTLS-SA-2019-03-27, #694] [bsc#1130681] (CVE-2019-3829)
  * * libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages;
    Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] [bsc#1130682] (CVE-2019-3836)
  * * libgnutls: enforce key usage limitations on certificates more actively.
    Previously we would enforce it for TLS1.2 protocol, now we enforce it
    even when TLS1.3 is negotiated, or on client certificates as well. When
    an inappropriate for TLS1.3 certificate is seen on the credentials structure
    GnuTLS will disable TLS1.3 support for that session (#690).
  * * libgnutls: the default number of tickets sent under TLS 1.3 was increased to
    two. This makes it easier for clients which perform multiple connections
    to the server to use the tickets sent by a default server.
  * * libgnutls: enforce the equality of the two signature parameters fields in
    a certificate. We were already enforcing the signature algorithm, but there
    was a bug in parameter checking code.
  * * libgnutls: fixed issue preventing sending and receiving from different
    threads when false start was enabled (#713).
  * * libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable
    session, as non-writeable security officer sessions are undefined in PKCS#11
    (#721).
  * * libgnutls: no longer send downgrade sentinel in TLS 1.3.
    Previously the sentinel value was embedded to early in version
    negotiation and was sent even on TLS 1.3. It is now sent only when
    TLS 1.2 or earlier is negotiated (#689).
  * * gnutls-cli: Added option --logfile to redirect informational messages output.
- Disabled dane support in SLE since dane is not shipped there
- Changed configure script to hardware guile site directory since command-line
  option '--with-guile-site-dir=' was removed from the configure script.
  * * Added gnutls-3.6.6-set_guile_site_dir.patch
- Modified gnutls-3.6.0-disable-flaky-dtls_resume-test.patch to fix
  compilation issues on PPC

==== gpg2 ====
Version update (2.2.15 -> 2.2.16)

- Update to 2.2.16
  * gpg: Fixed i18n markup of some strings.
  * gpg: Allow deletion of subkeys with --delete-[secret-]key.
  * gpg: Do not bail on an invalid packet in the local keyring.
  * gpg: Do not allow creation of user ids larger than our parser allows.
  * gpg: Do not delete any keys if --dry-run is passed.
  * gpg: Fix using --decrypt along with --use-embedded-filename.
  * gpg: Improve the photo image viewer selection.
  * gpg: enable OpenPGP export of cleartext keys with comments.
  * gpg: Do not print a hint to use the deprecated --keyserver option.
  * gpg: Change update_keysig_packet to replace SHA-1 by SHA-256.
  * gpg: Use just the addrspec from the Signer's UID.
  * gpg: Accept also armored data from the WKD.
  * gpg: Set a limit of 5 to the number of keys imported from the WKD.
  * gpg: Don't use EdDSA algo ID for ECDSA curves.
  * agent: Stop scdaemon after reload when disable_scdaemon.
  * agent: For SSH key, don't put NUL-byte at the end.
  * agent: correct length for uri and comment on 64-bit big-endian platforms
  * dirmngr: Allow for other hash algorithms than SHA-1 in OCSP.
  * dirmngr: Improve domaininfo cache update algorithm.
  * dirmngr: Better error code for http status 413.
  * g10: Fix possible null dereference.
  * g10: Fix double free when locating by mbox.
  * g10: Fix symmetric cipher algo constant for ECDH.
  * sm: Avoid confusing diagnostic for the default key.
  * sm: Fix a warning in an es_fopencooie function.
  * gpgconf: Before --launch check that the config file is fine.
  * gpgconf: Support --homedir for --launch.
  * build: Update m4/iconv.m4.
  * doc: correct documentation for gpgconf --kill.
  * scd: Add dummy option --application-priority.
  * common: Fix AWK portability.

==== grub2 ====
Subpackages: grub2-i386-pc grub2-snapper-plugin grub2-x86_64-efi

- Check/refresh zipl-kernel before hibernate on s390x.  (bsc#940457)
  (Getting rid of hardcoded 'vmlinuz', which failed on PPC as well.)
  * grub2-systemd-sleep.sh
- Try to refresh zipl-kernel on failed kexec.  (bsc#1127293)
  * grub2-s390x-04-grub2-install.patch
- Fully support "previous" zipl-kernel,
  with 'mem=1G' being available on dedicated entries.  (bsc#928131)
  * grub2-s390x-09-improve-zipl-setup.patch
- Refresh
  * grub2-zipl-setup-fix-btrfs-multipledev.patch
- Fix GCC 9 build failure (bsc#1121208)
  * 0001-cpio-Disable-gcc9-Waddress-of-packed-member.patch
  * 0002-jfs-Disable-gcc9-Waddress-of-packed-member.patch
  * 0003-hfs-Fix-gcc9-error-Waddress-of-packed-member.patch
  * 0004-hfsplus-Fix-gcc9-error-with-Waddress-of-packed-membe.patch
  * 0005-acpi-Fix-gcc9-error-Waddress-of-packed-member.patch
  * 0006-usbtest-Disable-gcc9-Waddress-of-packed-member.patch
  * 0007-chainloader-Fix-gcc9-error-Waddress-of-packed-member.patch
  * 0008-efi-Fix-gcc9-error-Waddress-of-packed-member.patch

==== gsettings-desktop-schemas ====
Version update (3.28.1 -> 3.32.0)

- Add adobe-sourcecodepro-fonts Recommends: New default font for
  monospace was added for version 3.32.x.
- Rebase gsettings-desktop-schemas-fate324570-Add-key-for-GDM-background-configuration.patch
- Update to version 3.32.0:
  + Updated translations.
- Update to version 3.31.92:
  + Drop legacy build systems.
  + Updated translations.
- Update to version 3.31.91:
  + Updated translations.
- Update to version 3.31.90:
  + Updated default monospace font.
  + More meson build fixes.
  + Updated translations.
- Switch to meson build system, add meson BuildRequires and macros.
- Drop obsolete gnome-common and intltool BuildRequires.
- Update to version 3.31.0.2:
  + Fixed generation of enums XML on meson builds.
  + Convert post-install script to python.
  + Updated translations.
- Update to version 3.31.0.1:
  + Brown paper bag release, included several fixes to meson build.
- Changes from version 3.31.0:
  + Add settings to inhibit microphone/camera.
  + Change tablets'/touchscreens' "display" setting to "output" one
    with different semantics.
  + Added meson build support.
  + Changed default clock settings.
  + Added XF86Keyboard keybinding to cycle the keyboard layout.
- Disable gsettings-desktop-schemas-fate324570-Add-key-for-GDM-background-configuration.patch
  Needs rebase.
- Add gnome-common BuildRequires and bootstrap tarball.
- Replace glib2-devel with pkgconfig(gio-2.0) BuildRequires.

==== health-checker ====
Version update (1.2.2 -> 1.2.3)
Subpackages: health-checker-plugins-MicroOS health-checker-plugins-kubic

- Update to version 1.2.3
  * Fix crio RPM name

==== hwdata ====
Version update (0.321 -> 0.323)

- Update to version 0.323:
  * Updated pci, usb and vendor ids.
- Update to version 0.322:
  * Updated pci, usb and vendor ids.

==== hwinfo ====
Version update (21.64 -> 21.66)

- merge gh#openSUSE/hwinfo#80
- fix Makefile and allow building for old distros
- 21.66
- merge gh#openSUSE/hwinfo#79
- return BIOS UUID in decoded (with '-'s) form (bsc#1135819)
- 21.65

==== installation-images-MicroOS ====
Version update (14.420 -> 14.427)

- merge gh#openSUSE/installation-images#314
- set root password for rescue system explicitly (bsc#1134524)
- 14.427
- merge gh#openSUSE/installation-images#313
- aarch64: ptp_qoriq.ko is now ptp-qoriq.ko
- 14.426
- do not use openssl-1_1-hmac in openSUSE for now
- merge gh#openSUSE/installation-images#312
- follow aaa_base package change
- 14.425
- merge gh#openSUSE/installation-images#311
- prevent MD/RAID auto-assembly if linuxrc says so (bsc#1132688)
- 14.424
- merge gh#openSUSE/installation-images#310
- Revert "add /dev/btrfs-control to initrd (bsc#1133368)"
- autoload btrfs module to get /dev/btrfs-control (bsc#1133368)
- 14.423
- merge gh#openSUSE/installation-images#308
- add /dev/btrfs-control to initrd (bsc#1133368)
- 14.422
- merge gh#openSUSE/installation-images#307
- patch zypp config also for MicroOS (bsc#1132848)
- adjust branding example
- 14.421

==== iproute2 ====
Version update (4.20 -> 5.1)

- Revert-tc-ematch-fix-deprecated-yacc-warning.patch:
  fix build on SLE12 and openSUSE Leap 42.3
- Update to new upstream release 5.1
  * bridge: fdb: add support for src_vni option
  * devlink: report cell size
  * devlink: add dev info and dev flash subcommands
  * devlink: add health subcommand
  * ip link: display netrom link type
  * ip link: bond_slave: add xstats support
  * ip link: bridge: support mcast to unicast flag
  * ip netns: add attach subcommand to attach existing netns
  * ip xfrm: add option to hide keys in state output
  * ip xfrm: support xfrm interfaces
  * rdma: add unbound workqueue to list of poll context types
  * rdma: provide parent context index for all objects except CM_ID
  * rdma: add prefix for driver attributes
  * ss: support AF_XDP
  * tc: add hit counter for matchall
  * tc: add kind property to csum action
  * tc: q_cake: support fwmark option
  * improve batch and dump performance by caching link lookups
  * more JSON support
  * many text/JSON output fixes
- Update to new upstream release 5.0.0
  * ip route: get print JSON output when -j is given
  * ip route: print route type in JSON output
  * tc: m_connmark: fix action error messages
  * ipaddress: print error messages on stderr
  * iprule: fix printing hint about unresolved iifname + oofname
  * man: Document COLORFGBG environment variable
  * tcpedit: Fix wrong pedit ipv6 structure id
  * ss: Render buffer to output every time a number of chunks alloc
  * ss: fix compilation under glibc < 2.18
- Add patches which enable support of BPF global data section,
  pulled from https://github.com/cilium/iproute2/tree/static-data
  * bpf-bss-section-poc.patch
  * bpf-data-section-support-poc.patch

==== iputils ====
Version update (s20180629 -> s20190515)

- Update to version s20190515 (includes changes s20190324)
  * s20190324: 189 commits since s20180629 that include changing build
    system from autotools to meson, added rarpd and rdisc systemd service
    files, many fixes
  * s20190515 bugfix release (6 commits)
- User visible change: arping and clockdiff are moved from /usr/sbin
  to /usr/bin (respect upstream path)
- Backport patch 0001-build-sys-doc-Fix-the-dependency-on-xsltproc.patch
  (fixing build system)
- Add workaround patch meson-remove-setcap-setuid.sh.patch
- Remove 0001-tracepath-Fix-copying-input-IPv6-address.patch
  (included in s20190324 release)
- Refresh old patches (iputils-ping-interrupt.diff, iputils-sec-ping-unblock.diff)
- Changes caused by upstream switching to meson build system (drop sed build dependency)
- Added locales
- Fix typos

==== kdump ====

- kdump-kdumprd-Look-for-boot-image-and-boot-Image.patch: kdumprd:
  Look for /boot/image-* and /boot/Image-* (bsc#1132799).
- kdump-Add-skip_balance-option-to-BTRFS-mounts.patch: Add
  skip_balance option to BTRFS mounts (bsc#1108255).

==== kernel-default-base ====
Version update (5.0.6 -> 5.1.4)

- dw_mmc-bluefield is not needed in kernel-default-base (bsc#1131574).

==== kernel-firmware ====
Version update (20190312 -> 20190514)
Subpackages: ucode-amd

- Update to version 20190514:
  * linux-firmware: Update firmware file for Intel Bluetooth 8265
  * linux-firmware: Update firmware file for Intel Bluetooth 9260
  * linux-firmware: Update firmware file for Intel Bluetooth 9560
  * linux-firmware: Update firmware file for Intel Bluetooth 22161
  * amlogic: add video decoder firmwares
  * iwlwifi: update -46 firmwares for 22260 and 9000 series
  * iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares
  * iwlwifi: add -46.ucode firmwares for 9000 series
- Update to version 20190502:
  * amdgpu: update vega20 to the latest 19.10 firmware
  * amdgpu: update vega12 to the latest 19.10 firmware
  * amdgpu: update vega10 to the latest 19.10 firmware
  * amdgpu: update polaris11 to the latest 19.10 firmware
  * amdgpu: update polaris10 to the latest 19.10 firmware
  * amdgpu: update raven2 to the latest 19.10 firmware
  * amdgpu: update raven to the latest 19.10 firmware
  * amdgpu: update picasso to the latest 19.10 firmware
  * linux-firmware: update fw for qat devices
  * Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122
  * drm/i915/firmware: Add ICL HuC v8.4.3238
  * drm/i915/firmware: Add ICL GuC v32.0.3
  * drm/i915/firmware: Add GLK HuC v03.01.2893
  * drm/i915/firmware: Add GLK GuC v32.0.3
  * drm/i915/firmware: Add KBL GuC v32.0.3
  * drm/i915/firmware: Add SKL GuC v32.0.3
  * drm/i915/firmware: Add BXT GuC v32.0.3
- Update to version 20190409:
  * linux-firmware: Add firmware file for Intel Bluetooth 22161
  * cxgb4: update firmware to revision 1.23.4.0
  * linux-firmware: Update NXP Management Complex firmware to version 10.14.3
  * linux-firmware: add firmware for MT7615E
  * mediatek: update MT8173 VPU firmware to v1.1.2 [decoder] Enlarge struct vdec_pic_info to support more capture buffer plane and capture buffer format change.
  * linux-firmware: update Marvell 8797/8997 firmware images
  * nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.23
  * cxgb4: update firmware to revision 1.23.3.0
  * linux-firmware: Update firmware file for Intel Bluetooth 8265
  * linux-firmware: Update firmware file for Intel Bluetooth 9260
  * linux-firmware: Update firmware file for Intel Bluetooth 9560

==== kernel-source ====
Version update (5.0.6 -> 5.1.7)
Subpackages: kernel-debug kernel-default

- Linux 5.1.7 (bnc#1012628).
- tipc: fix modprobe tipc failed after switch order of device
  registration (bnc#1012628).
- Revert "tipc: fix modprobe tipc failed after switch order of
  device registration" (bnc#1012628).
- crypto: vmx - ghash: do nosimd fallback manually (bnc#1012628).
- net: correct zerocopy refcnt with udp MSG_MORE (bnc#1012628).
- cxgb4: Revert "cxgb4: Remove SGE_HOST_PAGE_SIZE dependency on
  page size" (bnc#1012628).
- net/tls: don't ignore netdev notifications if no TLS features
  (bnc#1012628).
- net/tls: fix state removal with feature flags off (bnc#1012628).
- selftests/tls: add test for sleeping even though there is data
  (bnc#1012628).
- net/tls: fix no wakeup on partial reads (bnc#1012628).
- selftests/tls: test for lowat overshoot with multiple records
  (bnc#1012628).
- net/tls: fix lowat calculation if some data came from previous
  record (bnc#1012628).
- bnxt_en: Reduce memory usage when running in kdump kernel
  (bnc#1012628).
- bnxt_en: Fix possible BUG() condition when calling
  pci_disable_msix() (bnc#1012628).
- bnxt_en: Fix aggregation buffer leak under OOM condition
  (bnc#1012628).
- net: stmmac: dma channel control register need to be init first
  (bnc#1012628).
- net: stmmac: fix ethtool flow control not able to get/set
  (bnc#1012628).
- net/mlx5e: Disable rxhash when CQE compress is enabled
  (bnc#1012628).
- net/mlx5: Allocate root ns memory using kzalloc to match kfree
  (bnc#1012628).
- tipc: Avoid copying bytes beyond the supplied data
  (bnc#1012628).
- net/mlx5: Avoid double free in fs init error unwinding path
  (bnc#1012628).
- usbnet: fix kernel crash after disconnect (bnc#1012628).
- r8169: fix MAC address being lost in PCI D3 (bnc#1012628).
- net: stmmac: fix reset gpio free missing (bnc#1012628).
- net: sched: don't use tc_action->order during action dump
  (bnc#1012628).
- net: phy: marvell10g: report if the PHY fails to boot firmware
  (bnc#1012628).
- net: mvpp2: fix bad MVPP2_TXQ_SCHED_TOKEN_CNTR_REG queue value
  (bnc#1012628).
- net: mvneta: Fix err code path of probe (bnc#1012628).
- net-gro: fix use-after-free read in napi_gro_frags()
  (bnc#1012628).
- net: fec: fix the clk mismatch in failed_reset path
  (bnc#1012628).
- net: dsa: mv88e6xxx: fix handling of upper half of
  STATS_TYPE_PORT (bnc#1012628).
- mlxsw: spectrum_acl: Avoid warning after identical rules
  insertion (bnc#1012628).
- llc: fix skb leak in llc_build_and_send_ui_pkt() (bnc#1012628).
- ipv6: Fix redirect with VRF (bnc#1012628).
- ipv6: Consider sk_bound_dev_if when binding a raw socket to
  an address (bnc#1012628).
- ipv4/igmp: fix build error if !CONFIG_IP_MULTICAST
  (bnc#1012628).
- ipv4/igmp: fix another memory leak in igmpv3_del_delrec()
  (bnc#1012628).
- inet: switch IP ID generator to siphash (bnc#1012628).
- ethtool: Check for vlan etype or vlan tci when parsing flow_rule
  (bnc#1012628).
- cxgb4: offload VLAN flows regardless of VLAN ethtype
  (bnc#1012628).
- bonding/802.3ad: fix slave link initialization transition states
  (bnc#1012628).
- commit 55f2451
- Refresh
  patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch.
  Update upstream status.
- commit 2e484d7
- Linux 5.1.6 (bnc#1012628).
- x86: Hide the int3_emulate_call/jmp functions from UML
  (bnc#1012628).
- ext4: do not delete unlinked inode from orphan list on failed
  truncate (bnc#1012628).
- ext4: wait for outstanding dio during truncate in nojournal mode
  (bnc#1012628).
- KVM: x86: fix return value for reserved EFER (bnc#1012628).
- bio: fix improper use of smp_mb__before_atomic() (bnc#1012628).
- sbitmap: fix improper use of smp_mb__before_atomic()
  (bnc#1012628).
- Revert "scsi: sd: Keep disk read-only when re-reading partition"
  (bnc#1012628).
- crypto: hash - fix incorrect HASH_MAX_DESCSIZE (bnc#1012628).
- crypto: vmx - CTR: always increment IV as quadword
  (bnc#1012628).
- mmc: sdhci-iproc: cygnus: Set NO_HISPD bit to fix HS50 data
  hold time problem (bnc#1012628).
- mmc: sdhci-iproc: Set NO_HISPD bit to fix HS50 data hold time
  problem (bnc#1012628).
- tracing: Add a check_val() check before updating cond_snapshot()
  track_val (bnc#1012628).
- dax: Arrange for dax_supported check to span multiple devices
  (bnc#1012628).
- kvm: Check irqchip mode before assign irqfd (bnc#1012628).
- kvm: svm/avic: fix off-by-one in checking host APIC ID
  (bnc#1012628).
- KVM: nVMX: Fix using __this_cpu_read() in preemptible context
  (bnc#1012628).
- libnvdimm/pmem: Bypass CONFIG_HARDENED_USERCOPY overhead
  (bnc#1012628).
- arm64/kernel: kaslr: reduce module randomization range to 2 GB
  (bnc#1012628).
- arm64: Kconfig: Make ARM64_PSEUDO_NMI depend on BROKEN for now
  (bnc#1012628).
- arm64/iommu: handle non-remapped addresses in ->mmap and
  - >get_sgtable (bnc#1012628).
- gfs2: Fix sign extension bug in gfs2_update_stats (bnc#1012628).
- btrfs: don't double unlock on error in btrfs_punch_hole
  (bnc#1012628).
- btrfs: Check the compression level before getting a workspace
  (bnc#1012628).
- Btrfs: do not abort transaction at btrfs_update_root() after
  failure to COW path (bnc#1012628).
- Btrfs: avoid fallback to transaction commit during fsync of
  files with holes (bnc#1012628).
- Btrfs: fix race between ranged fsync and writeback of adjacent
  ranges (bnc#1012628).
- btrfs: sysfs: Fix error path kobject memory leak (bnc#1012628).
- btrfs: sysfs: don't leak memory when failing add fsid
  (bnc#1012628).
- fbdev: fix divide error in fb_var_to_videomode (bnc#1012628).
- arm64: errata: Add workaround for Cortex-A76 erratum #1463225
  (bnc#1012628).
- ovl: relax WARN_ON() for overlapping layers use case
  (bnc#1012628).
- fbdev: fix WARNING in __alloc_pages_nodemask bug (bnc#1012628).
- media: cpia2: Fix use-after-free in cpia2_exit (bnc#1012628).
- media: serial_ir: Fix use-after-free in serial_ir_init_module
  (bnc#1012628).
- media: vb2: add waiting_in_dqbuf flag (bnc#1012628).
- media: vivid: use vfree() instead of kfree() for dev->bitmap_cap
  (bnc#1012628).
- ssb: Fix possible NULL pointer dereference in
  ssb_host_pcmcia_exit (bnc#1012628).
- bpf: devmap: fix use-after-free Read in __dev_map_entry_free
  (bnc#1012628).
- batman-adv: mcast: fix multicast tt/tvlv worker locking
  (bnc#1012628).
- at76c50x-usb: Don't register led_trigger if usb_register_driver
  failed (bnc#1012628).
- acct_on(): don't mess with freeze protection (bnc#1012628).
- netfilter: ctnetlink: Resolve conntrack L3-protocol flush
  regression (bnc#1012628).
- Revert "btrfs: Honour FITRIM range constraints during free
  space trim" (bnc#1012628).
- gfs2: Fix lru_count going negative (bnc#1012628).
- cxgb4: Fix error path in cxgb4_init_module (bnc#1012628).
- afs: Fix getting the afs.fid xattr (bnc#1012628).
- NFS: make nfs_match_client killable (bnc#1012628).
- gfs2: fix race between gfs2_freeze_func and unmount
  (bnc#1012628).
- io_uring: use cpu_online() to check p->sq_thread_cpu instead
  of cpu_possible() (bnc#1012628).
- IB/hfi1: Fix WQ_MEM_RECLAIM warning (bnc#1012628).
- gfs2: Fix occasional glock use-after-free (bnc#1012628).
- mmc: core: Verify SD bus width (bnc#1012628).
- tools/bpf: fix perf build error with uClibc (seen on ARC)
  (bnc#1012628).
- i40e: Fix of memory leak and integer truncation in
  i40e_virtchnl.c (bnc#1012628).
- libbpf: fix invalid munmap call (bnc#1012628).
- selftests/bpf: set RLIMIT_MEMLOCK properly for
  test_libbpf_open.c (bnc#1012628).
- bpftool: exclude bash-completion/bpftool from .gitignore pattern
  (bnc#1012628).
- ice: Separate if conditions for ice_set_features()
  (bnc#1012628).
- ice: Preserve VLAN Rx stripping settings (bnc#1012628).
- blk-mq: split blk_mq_alloc_and_init_hctx into two parts
  (bnc#1012628).
- blk-mq: grab .q_usage_counter when queuing request from plug
  code path (bnc#1012628).
- dmaengine: tegra210-dma: free dma controller in remove()
  (bnc#1012628).
- net: ena: gcc 8: fix compilation warning (bnc#1012628).
- net: ena: fix: set freed objects to NULL to avoid failing
  future allocations (bnc#1012628).
- hv_netvsc: fix race that may miss tx queue wakeup (bnc#1012628).
- Bluetooth: Ignore CC events not matching the last HCI command
  (bnc#1012628).
- pinctrl: zte: fix leaked of_node references (bnc#1012628).
- ASoC: Intel: kbl_da7219_max98357a: Map BTN_0 to KEY_PLAYPAUSE
  (bnc#1012628).
- usb: dwc2: gadget: Increase descriptors count for ISOC's
  (bnc#1012628).
- usb: dwc3: move synchronize_irq() out of the spinlock protected
  block (bnc#1012628).
- usb: gadget: f_fs: don't free buffer prematurely (bnc#1012628).
- ASoC: hdmi-codec: unlock the device on startup errors
  (bnc#1012628).
- powerpc/perf: Return accordingly on invalid chip-id in
  (bnc#1012628).
- powerpc/boot: Fix missing check of lseek() return value
  (bnc#1012628).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
  (bnc#1012628).
- spi: atmel-quadspi: fix crash while suspending (bnc#1012628).
- ASoC: imx: fix fiq dependencies (bnc#1012628).
- spi: pxa2xx: fix SCR (divisor) calculation (bnc#1012628).
- net/mlx5: E-Switch, Use atomic rep state to serialize state
  change (bnc#1012628).
- brcm80211: potential NULL dereference in
  brcmf_cfg80211_vndr_cmds_dcmd_handler() (bnc#1012628).
- ACPI / property: fix handling of data_nodes in
  acpi_get_next_subnode() (bnc#1012628).
- drm/nouveau/bar/nv50: ensure BAR is mapped (bnc#1012628).
- media: stm32-dcmi: return appropriate error codes during probe
  (bnc#1012628).
- ARM: vdso: Remove dependency with the arch_timer driver
  internals (bnc#1012628).
- arm64: Fix compiler warning from pte_unmap() with
  - Wunused-but-set-variable (bnc#1012628).
- mt76: remove mt76_queue dependency from tx_queue_skb function
  pointer (bnc#1012628).
- x86/ftrace: Set trampoline pages as executable (bnc#1012628).
- powerpc/watchdog: Use hrtimers for per-CPU heartbeat
  (bnc#1012628).
- cpufreq: Fix kobject memleak (bnc#1012628).
- scsi: qla2xxx: Fix a qla24xx_enable_msix() error path
  (bnc#1012628).
- scsi: qla2xxx: Fix abort handling in tcm_qla2xxx_write_pending()
  (bnc#1012628).
- scsi: qla2xxx: Avoid that lockdep complains about unsafe
  locking in tcm_qla2xxx_close_session() (bnc#1012628).
- scsi: qla2xxx: Fix hardirq-unsafe locking (bnc#1012628).
- x86/modules: Avoid breaking W^X while loading modules
  (bnc#1012628).
- Btrfs: fix data bytes_may_use underflow with fallocate due to
  failed quota reserve (bnc#1012628).
- btrfs: fix panic during relocation after ENOSPC before writeback
  happens (bnc#1012628).
- btrfs: Don't panic when we can't find a root key (bnc#1012628).
- iwlwifi: pcie: don't crash on invalid RX interrupt
  (bnc#1012628).
- rtc: 88pm860x: prevent use-after-free on device remove
  (bnc#1012628).
- rtc: stm32: manage the get_irq probe defer case (bnc#1012628).
- scsi: qedi: Abort ep termination if offload not scheduled
  (bnc#1012628).
- s390/kexec_file: Fix detection of text segment in ELF loader
  (bnc#1012628).
- ALSA: hda: fix unregister device twice on ASoC driver
  (bnc#1012628).
- sched/nohz: Run NOHZ idle load balancer on HK_FLAG_MISC CPUs
  (bnc#1012628).
- net: ethernet: ti: cpsw: fix allmulti cfg in dual_mac mode
  (bnc#1012628).
- w1: fix the resume command API (bnc#1012628).
- net: hns3: fix pause configure fail problem (bnc#1012628).
- net: hns3: fix for TX clean num when cleaning TX BD
  (bnc#1012628).
- net: phy: improve genphy_soft_reset (bnc#1012628).
- s390: qeth: address type mismatch warning (bnc#1012628).
- arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result
  value (bnc#1012628).
- net: hns3: use atomic_t replace u32 for arq's count
  (bnc#1012628).
- dmaengine: pl330: _stop: clear interrupt status (bnc#1012628).
- mac80211/cfg80211: update bss channel on channel switch
  (bnc#1012628).
- drm: prefix header search paths with $(srctree)/ (bnc#1012628).
- libbpf: fix samples/bpf build failure due to undefined
  UINT32_MAX (bnc#1012628).
- slimbus: fix a potential NULL pointer dereference in
  of_qcom_slim_ngd_register (bnc#1012628).
- regulator: core: Actually put the gpiod after use (bnc#1012628).
- ASoC: fsl_sai: Update is_slave_mode with correct value
  (bnc#1012628).
- Fix nfs4.2 return -EINVAL when do dedupe operation
  (bnc#1012628).
- mwifiex: prevent an array overflow (bnc#1012628).
- rsi: Fix NULL pointer dereference in kmalloc (bnc#1012628).
- net: cw1200: fix a NULL pointer dereference (bnc#1012628).
- nvme: set 0 capacity if namespace block size exceeds PAGE_SIZE
  (bnc#1012628).
- nvme-rdma: fix a NULL deref when an admin connect times out
  (bnc#1012628).
- nvme-tcp: fix a NULL deref when an admin connect times out
  (bnc#1012628).
- crypto: sun4i-ss - Fix invalid calculation of hash end
  (bnc#1012628).
- bcache: avoid potential memleak of list of journal_replay(s)
  in the CACHE_SYNC branch of run_cache_set (bnc#1012628).
- bcache: return error immediately in bch_journal_replay()
  (bnc#1012628).
- bcache: fix failure in journal relplay (bnc#1012628).
- bcache: add failure check to run_cache_set() for journal replay
  (bnc#1012628).
- bcache: avoid clang -Wunintialized warning (bnc#1012628).
- RDMA/cma: Consider scope_id while binding to ipv6 ll address
  (bnc#1012628).
- vfio-ccw: Do not call flush_workqueue while holding the spinlock
  (bnc#1012628).
- vfio-ccw: Release any channel program when releasing/removing
  vfio-ccw mdev (bnc#1012628).
- x86/build: Move _etext to actual end of .text (bnc#1012628).
- smpboot: Place the __percpu annotation correctly (bnc#1012628).
- x86/uaccess: Dont leak the AC flag into __put_user() argument
  evaluation (bnc#1012628).
- x86/mm: Remove in_nmi() warning from 64-bit implementation of
  vmalloc_fault() (bnc#1012628).
- mm/uaccess: Use 'unsigned long' to placate UBSAN warnings on
  older GCC versions (bnc#1012628).
- Bluetooth: hci_qca: Fix crash with non-serdev devices
  (bnc#1012628).
- Bluetooth: hci_qca: Give enough time to ROME controller to
  bootup (bnc#1012628).
- Bluetooth: btbcm: Add default address for BCM43341B
  (bnc#1012628).
- Bluetooth: mediatek: Fixed incorrect type in assignment
  (bnc#1012628).
- HID: logitech-hidpp: use RAP instead of FAP to get the protocol
  version (bnc#1012628).
- pinctrl: pistachio: fix leaked of_node references (bnc#1012628).
- pinctrl: st: fix leaked of_node references (bnc#1012628).
- pinctrl: samsung: fix leaked of_node references (bnc#1012628).
- clk: rockchip: undo several noc and special clocks as critical
  on rk3288 (bnc#1012628).
- perf/arm-cci: Remove broken race mitigation (bnc#1012628).
- dmaengine: at_xdmac: remove BUG_ON macro in tasklet
  (bnc#1012628).
- media: coda: clear error return value before picture run
  (bnc#1012628).
- media: ov6650: Move v4l2_clk_get() to ov6650_video_probe()
  helper (bnc#1012628).
- media: au0828: stop video streaming only when last user stops
  (bnc#1012628).
- media: ov2659: make S_FMT succeed even if requested format
  doesn't match (bnc#1012628).
- audit: fix a memory leak bug (bnc#1012628).
- media: stm32-dcmi: fix crash when subdev do not expose any
  formats (bnc#1012628).
- media: au0828: Fix NULL pointer dereference in
  au0828_analog_stream_enable() (bnc#1012628).
- media: pvrusb2: Prevent a buffer overflow (bnc#1012628).
- iio: adc: stm32-dfsdm: fix unmet direct dependencies detected
  (bnc#1012628).
- block: fix use-after-free on gendisk (bnc#1012628).
- powerpc/numa: improve control of topology updates (bnc#1012628).
- powerpc/64: Fix booting large kernels with STRICT_KERNEL_RWX
  (bnc#1012628).
- random: fix CRNG initialization when random.trust_cpu=1
  (bnc#1012628).
- random: add a spinlock_t to struct batched_entropy
  (bnc#1012628).
- cgroup: protect cgroup->nr_(dying_)descendants by css_set_lock
  (bnc#1012628).
- sched/core: Check quota and period overflow at usec to nsec
  conversion (bnc#1012628).
- sched/rt: Check integer overflow at usec to nsec conversion
  (bnc#1012628).
- sched/core: Handle overflow in cpu_shares_write_u64
  (bnc#1012628).
- staging: vc04_services: handle kzalloc failure (bnc#1012628).
- drm/msm/dpu: release resources on modeset failure (bnc#1012628).
- drm/msm: a5xx: fix possible object reference leak (bnc#1012628).
- drm/msm: dpu: Don't set frame_busy_mask for async updates
  (bnc#1012628).
- drm/msm: Fix NULL pointer dereference (bnc#1012628).
- irq_work: Do not raise an IPI when queueing work on the local
  CPU (bnc#1012628).
- thunderbolt: Take domain lock in switch sysfs attribute
  callbacks (bnc#1012628).
- s390/qeth: handle error from qeth_update_from_chp_desc()
  (bnc#1012628).
- USB: core: Don't unbind interfaces following device reset
  failure (bnc#1012628).
- x86/irq/64: Limit IST stack overflow check to #DB stack
  (bnc#1012628).
- drm: etnaviv: avoid DMA API warning when importing buffers
  (bnc#1012628).
- dt-bindings: phy-qcom-qmp: Add UFS PHY reset (bnc#1012628).
- phy: sun4i-usb: Make sure to disable PHY0 passby for peripheral
  mode (bnc#1012628).
- phy: mapphone-mdm6600: add gpiolib dependency (bnc#1012628).
- phy: ti: usb2: fix OMAP_CONTROL_PHY dependency (bnc#1012628).
- dpaa2-eth: Fix Rx classification status (bnc#1012628).
- i40e: Able to add up to 16 MAC filters on an untrusted VF
  (bnc#1012628).
- i40e: don't allow changes to HW VLAN stripping on active port
  VLANs (bnc#1012628).
- ACPI/IORT: Reject platform device creation on NUMA node mapping
  failure (bnc#1012628).
- arm64: vdso: Fix clock_getres() for CLOCK_REALTIME
  (bnc#1012628).
- RDMA/cxgb4: Fix null pointer dereference on alloc_skb failure
  (bnc#1012628).
- fscrypt: use READ_ONCE() to access ->i_crypt_info (bnc#1012628).
- perf/x86/msr: Add Icelake support (bnc#1012628).
- perf/x86/intel/rapl: Add Icelake support (bnc#1012628).
- perf/x86/intel/cstate: Add Icelake support (bnc#1012628).
- PM / devfreq: Fix static checker warning in
  try_then_request_governor (bnc#1012628).
- hwmon: (vt1211) Use request_muxed_region for Super-IO accesses
  (bnc#1012628).
- hwmon: (smsc47m1) Use request_muxed_region for Super-IO accesses
  (bnc#1012628).
- hwmon: (smsc47b397) Use request_muxed_region for Super-IO
  accesses (bnc#1012628).
- hwmon: (pc87427) Use request_muxed_region for Super-IO accesses
  (bnc#1012628).
- hwmon: (f71805f) Use request_muxed_region for Super-IO accesses
  (bnc#1012628).
- scsi: libsas: Do discovery on empty PHY to update PHY info
  (bnc#1012628).
- mmc: core: make pwrseq_emmc (partially) support sleepy GPIO
  controllers (bnc#1012628).
- mmc_spi: add a status check for spi_sync_locked (bnc#1012628).
- mmc: sdhci-of-esdhc: add erratum eSDHC5 support (bnc#1012628).
- mmc: sdhci-of-esdhc: add erratum A-009204 support (bnc#1012628).
- mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support
  (bnc#1012628).
- net: hns3: free the pending skb when clean RX ring
  (bnc#1012628).
- drm/amdgpu: fix old fence check in amdgpu_fence_emit
  (bnc#1012628).
- PM / core: Propagate dev->power.wakeup_path when no callbacks
  (bnc#1012628).
- clk: rockchip: Fix video codec clocks on rk3288 (bnc#1012628).
- extcon: arizona: Disable mic detect if running when driver is
  removed (bnc#1012628).
- clk: rockchip: Make rkpwm a critical clock on rk3288
  (bnc#1012628).
- clk: zynqmp: fix check for fractional clock (bnc#1012628).
- s390: zcrypt: initialize variables before_use (bnc#1012628).
- x86/microcode: Fix the ancient deprecated microcode loading
  method (bnc#1012628).
- drm/amd/display: Initialize stream_update with memset
  (bnc#1012628).
- s390/mm: silence compiler warning when compiling without
  CONFIG_PGSTE (bnc#1012628).
- s390: cio: fix cio_irb declaration (bnc#1012628).
- drm/amd/display: use proper formula to calculate bandwidth
  from timing (bnc#1012628).
- selftests: cgroup: fix cleanup path in
  test_memcg_subtree_control() (bnc#1012628).
- net: hns3: fix keep_alive_timer not stop problem (bnc#1012628).
- qmi_wwan: Add quirk for Quectel dynamic config (bnc#1012628).
- net: hns3: add error handler for initializing command queue
  (bnc#1012628).
- cpufreq: ppc_cbe: fix possible object reference leak
  (bnc#1012628).
- cpufreq/pasemi: fix possible object reference leak
  (bnc#1012628).
- cpufreq: pmac32: fix possible object reference leak
  (bnc#1012628).
- cpufreq: kirkwood: fix possible object reference leak
  (bnc#1012628).
- cpufreq: imx6q: fix possible object reference leak
  (bnc#1012628).
- cpufreq: ap806: fix possible object reference leak
  (bnc#1012628).
- block: sed-opal: fix IOC_OPAL_ENABLE_DISABLE_MBR (bnc#1012628).
- habanalabs: prevent device PTE read/write during hard-reset
  (bnc#1012628).
- habanalabs: all FD must be closed before removing device
  (bnc#1012628).
- samples/bpf: fix build with new clang (bnc#1012628).
- x86/build: Keep local relocations with ld.lld (bnc#1012628).
- spi: Don't call spi_get_gpio_descs() before device name is set
  (bnc#1012628).
- regulator: core: Avoid potential deadlock on
  regulator_unregister (bnc#1012628).
- ASoC: core: remove link components before cleaning up card
  resources (bnc#1012628).
- drm/pl111: fix possible object reference leak (bnc#1012628).
- iio: ad_sigma_delta: Properly handle SPI bus locking vs CS
  assertion (bnc#1012628).
- iio: hmc5843: fix potential NULL pointer dereferences
  (bnc#1012628).
- iio: common: ssp_sensors: Initialize calculated_time in
  ssp_common_process_data (bnc#1012628).
- iio: adc: ti-ads7950: Fix improper use of mlock (bnc#1012628).
- net: hns3: check resetting status in hns3_get_stats()
  (bnc#1012628).
- net: hns3: add protect when handling mac addr list
  (bnc#1012628).
- selftests/bpf: ksym_search won't check symbols exists
  (bnc#1012628).
- rtlwifi: fix a potential NULL pointer dereference (bnc#1012628).
- mwifiex: Fix mem leak in mwifiex_tm_cmd (bnc#1012628).
- brcmfmac: fix missing checks for kmemdup (bnc#1012628).
- b43: shut up clang -Wuninitialized variable warning
  (bnc#1012628).
- brcmfmac: convert dev_init_lock mutex to completion
  (bnc#1012628).
- brcmfmac: fix WARNING during USB disconnect in case of unempty
  psq (bnc#1012628).
- brcmfmac: fix race during disconnect when USB completion is
  in progress (bnc#1012628).
- brcmfmac: fix Oops when bringing up interface during USB
  disconnect (bnc#1012628).
- rtc: xgene: fix possible race condition (bnc#1012628).
- spi: Add missing error handling for CS GPIOs (bnc#1012628).
- rtlwifi: fix potential NULL pointer dereference (bnc#1012628).
- scsi: ufs: Fix regulator load and icc-level configuration
  (bnc#1012628).
- scsi: ufs: Avoid configuring regulator with undefined voltage
  range (bnc#1012628).
- drm/panel: otm8009a: Add delay at the end of initialization
  (bnc#1012628).
- drm/amd/display: Prevent cursor hotspot overflow for RV overlay
  planes (bnc#1012628).
- arm64: cpu_ops: fix a leaked reference by adding missing
  of_node_put (bnc#1012628).
- locking/static_key: Fix false positive warnings on concurrent
  dec/inc (bnc#1012628).
- wil6210: fix return code of wmi_mgmt_tx and wmi_mgmt_tx_ext
  (bnc#1012628).
- x86/uaccess, ftrace: Fix ftrace_likely_update() vs. SMAP
  (bnc#1012628).
- iwlwifi: mvm: IBSS: use BE FIFO for multicast (bnc#1012628).
- x86/uaccess, signal: Fix AC=1 bloat (bnc#1012628).
- x86/ia32: Fix ia32_restore_sigcontext() AC leak (bnc#1012628).
- x86/uaccess: Fix up the fixup (bnc#1012628).
- chardev: add additional check for minor range overlap
  (bnc#1012628).
- RDMA/hns: Fix bad endianess of port_pd variable (bnc#1012628).
- sh: sh7786: Add explicit I/O cast to sh7786_mm_sel()
  (bnc#1012628).
- HID: core: move Usage Page concatenation to Main item
  (bnc#1012628).
- ASoC: eukrea-tlv320: fix a leaked reference by adding missing
  of_node_put (bnc#1012628).
- ASoC: fsl_utils: fix a leaked reference by adding missing
  of_node_put (bnc#1012628).
- ASoC: wcd9335: fix a leaked reference by adding missing
  of_node_put (bnc#1012628).
- cxgb3/l2t: Fix undefined behaviour (bnc#1012628).
- clk: renesas: rcar-gen3: Correct parent clock of SYS-DMAC
  (bnc#1012628).
- block: avoid to break XEN by multi-page bvec (bnc#1012628).
- block: pass page to xen_biovec_phys_mergeable (bnc#1012628).
- clk: renesas: rcar-gen3: Correct parent clock of Audio-DMAC
  (bnc#1012628).
- HID: logitech-hidpp: change low battery level threshold from
  31 to 30 percent (bnc#1012628).
- spi: tegra114: reset controller on probe (bnc#1012628).
- habanalabs: prevent CPU soft lockup on Palladium (bnc#1012628).
- kobject: Don't trigger kobject_uevent(KOBJ_REMOVE) twice
  (bnc#1012628).
- media: video-mux: fix null pointer dereferences (bnc#1012628).
- media: wl128x: prevent two potential buffer overflows
  (bnc#1012628).
- media: gspca: Kill URBs on USB device disconnect (bnc#1012628).
- media: mtk-vcodec: fix access to incorrect planes member
  (bnc#1012628).
- thunderbolt: property: Fix a missing check of kzalloc
  (bnc#1012628).
- thunderbolt: Fix to check the return value of kmemdup
  (bnc#1012628).
- drm: rcar-du: lvds: Set LVEN and LVRES bits together on D3
  (bnc#1012628).
- drm: rcar-du: lvds: Fix post-DLL divider calculation
  (bnc#1012628).
- timekeeping: Force upper bound for setting CLOCK_REALTIME
  (bnc#1012628).
- IB/mlx5: Compare only index part of a memory window rkey
  (bnc#1012628).
- scsi: qedf: Add missing return in qedf_post_io_req() in the
  fcport offload check (bnc#1012628).
- misc: fastrpc: consider address offset before sending to DSP
  (bnc#1012628).
- misc: fastrpc: make sure memory read and writes are visible
  (bnc#1012628).
- misc: fastrpc: Fix a possible double free (bnc#1012628).
- virtio_console: initialize vtermno value for ports
  (bnc#1012628).
- tty: ipwireless: fix missing checks for ioremap (bnc#1012628).
- staging: mt7621-mmc: Initialize completions a single time
  during probe (bnc#1012628).
- overflow: Fix -Wtype-limits compilation warnings (bnc#1012628).
- x86/mce: Fix machine_check_poll() tests for error types
  (bnc#1012628).
- rcutorture: Fix cleanup path for invalid torture_type strings
  (bnc#1012628).
- x86/mce: Handle varying MCA bank counts (bnc#1012628).
- rcuperf: Fix cleanup path for invalid perf_type strings
  (bnc#1012628).
- rcu: Do a single rhp->func read in rcu_head_after_call_rcu()
  (bnc#1012628).
- x86/platform/uv: Fix missing checks of kcalloc() return values
  (bnc#1012628).
- RDMA/rxe: Fix slab-out-bounds access which lead to kernel
  crash later (bnc#1012628).
- spi: stm32-qspi: add spi_master_put in release function
  (bnc#1012628).
- usb: core: Add PM runtime calls to usb_hcd_platform_shutdown
  (bnc#1012628).
- ice: Fix for adaptive interrupt moderation (bnc#1012628).
- scsi: qla4xxx: avoid freeing unallocated dma memory
  (bnc#1012628).
- scsi: lpfc: avoid uninitialized variable warning (bnc#1012628).
- media: vicodec: bugfix - call v4l2_m2m_buf_copy_metadata also
  if decoding fails (bnc#1012628).
- ice: Prevent unintended multiple chain resets (bnc#1012628).
- selinux: avoid uninitialized variable warning (bnc#1012628).
- batman-adv: allow updating DAT entry timeouts on incoming ARP
  Replies (bnc#1012628).
- dmaengine: tegra210-adma: use devm_clk_*() helpers
  (bnc#1012628).
- x86/CPU/hygon: Fix phys_proc_id calculation logic for multi-die
  processors (bnc#1012628).
- net/mlx5e: Fix compilation warning in en_tc.c (bnc#1012628).
- staging: mt7621-mmc: Check for nonzero number of scatterlist
  entries (bnc#1012628).
- hwrng: omap - Set default quality (bnc#1012628).
- thunderbolt: Fix to check return value of ida_simple_get
  (bnc#1012628).
- thunderbolt: Fix to check for kmemdup failure (bnc#1012628).
- spi: export tracepoint symbols to modules (bnc#1012628).
- regulator: add regulator_get_linear_step() stub helper
  (bnc#1012628).
- drm/amd/display: fix releasing planes when exiting odm
  (bnc#1012628).
- drm/amd/display: Link train only when link is DP and backend
  is enabled (bnc#1012628).
- drm/amd/display: Update ABM crtc state on non-modeset
  (bnc#1012628).
- drm/amd/display: Reset alpha state for planes to the correct
  values (bnc#1012628).
- thunderbolt: property: Fix a NULL pointer dereference
  (bnc#1012628).
- media: v4l2-fwnode: The first default data lane is 0 on C-PHY
  (bnc#1012628).
- media: ov7670: restore default settings after power-up
  (bnc#1012628).
- media: staging/intel-ipu3: mark PM function as __maybe_unused
  (bnc#1012628).
- media: vicodec: reset last_src/dst_buf based on the IS_OUTPUT
  (bnc#1012628).
- ice: Fix issue with VF reset and multiple VFs support on PFs
  (bnc#1012628).
- e1000e: Disable runtime PM on CNP+ (bnc#1012628).
- tinydrm/mipi-dbi: Use dma-safe buffers for all SPI transfers
  (bnc#1012628).
- igb: Exclude device from suspend direct complete optimization
  (bnc#1012628).
- media: si2165: fix a missing check of return value
  (bnc#1012628).
- media: dvbsky: Avoid leaking dvb frontend (bnc#1012628).
- media: m88ds3103: serialize reset messages in
  m88ds3103_set_frontend (bnc#1012628).
- drm/amd/display: add pipe lock during stream update
  (bnc#1012628).
- media: staging: davinci_vpfe: disallow building with
  COMPILE_TEST (bnc#1012628).
- drm/amd/display: Fix Divide by 0 in memory calculations
  (bnc#1012628).
- drm/amd/display: Re-add custom degamma support (bnc#1012628).
- drm/amd/display: half bandwidth for YCbCr420 during validation
  (bnc#1012628).
- drm/amd/display: Set stream->mode_changed when connectors change
  (bnc#1012628).
- scsi: ufs: fix a missing check of devm_reset_control_get
  (bnc#1012628).
- media: vimc: stream: fix thread state before sleep
  (bnc#1012628).
- media: gspca: do not resubmit URBs when streaming has stopped
  (bnc#1012628).
- media: vicodec: avoid clang frame size warning (bnc#1012628).
- media: go7007: avoid clang frame overflow warning with KASAN
  (bnc#1012628).
- media: mtk-vcodec: fix access to vb2_v4l2_buffer struct
  (bnc#1012628).
- media: imx: vdic: Restore default case to
  prepare_vdi_in_buffers() (bnc#1012628).
- media: vimc: zero the media_device on probe (bnc#1012628).
- media: vim2m: replace devm_kzalloc by kzalloc (bnc#1012628).
- media: cedrus: Add a quirk for not setting DMA offset
  (bnc#1012628).
- scsi: lpfc: Fix FDMI manufacturer attribute value (bnc#1012628).
- scsi: lpfc: Fix fc4type information for FDMI (bnc#1012628).
- scsi: lpfc: Fix io lost on host resets (bnc#1012628).
- media: saa7146: avoid high stack usage with clang (bnc#1012628).
- scsi: lpfc: Fix SLI3 commands being issued on SLI4 devices
  (bnc#1012628).
- scsi: lpfc: Fix mailbox hang on adapter init (bnc#1012628).
- scsi: lpfc: Resolve inconsistent check of hdwq in
  lpfc_scsi_cmd_iocb_cmpl (bnc#1012628).
- scsi: lpfc: Resolve irq-unsafe lockdep heirarchy warning in
  lpfc_io_free (bnc#1012628).
- scsi: lpfc: Fix use-after-free mailbox cmd completion
  (bnc#1012628).
- audit: fix a memleak caused by auditing load module
  (bnc#1012628).
- spi : spi-topcliff-pch: Fix to handle empty DMA buffers
  (bnc#1012628).
- drm: writeback: Fix leak of writeback job (bnc#1012628).
- drm/omap: dsi: Fix PM for display blank with paired dss_pll
  calls (bnc#1012628).
- drm/omap: Notify all devices in the pipeline of output
  disconnection (bnc#1012628).
- spi: rspi: Fix sequencer reset during initialization
  (bnc#1012628).
- regulator: wm831x ldo: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: wm831x isink: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: ltc3676: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: ltc3589: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: pv88060: Fix notifier mutex lock warning
  (bnc#1012628).
- spi: imx: stop buffer overflow in RX FIFO flush (bnc#1012628).
- regulator: lp8755: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: da9211: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: da9063: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: pv88080: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: wm831x: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: pv88090: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: da9062: Fix notifier mutex lock warning
  (bnc#1012628).
- regulator: da9055: Fix notifier mutex lock warning
  (bnc#1012628).
- spi: Fix zero length xfer bug (bnc#1012628).
- ASoC: davinci-mcasp: Fix clang warning without CONFIG_PM
  (bnc#1012628).
- ASoC: ti: fix davinci_mcasp_probe dependencies (bnc#1012628).
- drm/v3d: Handle errors from IRQ setup (bnc#1012628).
- drm/amd/display: Fix exception from AUX acquire failure
  (bnc#1012628).
- drm/amd/display: Reset planes that were disabled in init_pipes
  (bnc#1012628).
- drm/drv: Hold ref on parent device during drm_device lifetime
  (bnc#1012628).
- drm: Wake up next in drm_read() chain if we are forced to
  putback the event (bnc#1012628).
- drm/sun4i: dsi: Change the start delay calculation
  (bnc#1012628).
- drm/sun4i: dsi: Restrict DSI tcon clock divider (bnc#1012628).
- vfio-ccw: Prevent quiesce function going into an infinite loop
  (bnc#1012628).
- extcon: axp288: Add a depends on ACPI to the Kconfig entry
  (bnc#1012628).
- ice: Put __ICE_PREPARED_FOR_RESET check in ice_prepare_for_reset
  (bnc#1012628).
- drm/sun4i: dsi: Enforce boundaries on the start delay
  (bnc#1012628).
- NFS: Fix a double unlock from nfs_match,get_client
  (bnc#1012628).
- Update config files.
- commit 7375706
- Update config files.
- commit 6ad4f79
- Linux 5.1.5 (bnc#1012628).
- ipv6: fix src addr routing with the exception table
  (bnc#1012628).
- ipv6: prevent possible fib6 leaks (bnc#1012628).
- net: Always descend into dsa/ (bnc#1012628).
- net: avoid weird emergency message (bnc#1012628).
- net/mlx4_core: Change the error print to info print
  (bnc#1012628).
- net: test nouarg before dereferencing zerocopy pointers
  (bnc#1012628).
- net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions
  (bnc#1012628).
- nfp: flower: add rcu locks when accessing netdev for tunnels
  (bnc#1012628).
- ppp: deflate: Fix possible crash in deflate_init (bnc#1012628).
- rtnetlink: always put IFLA_LINK for links with a link-netnsid
  (bnc#1012628).
- tipc: switch order of device registration to fix a crash
  (bnc#1012628).
- vsock/virtio: free packets during the socket release
  (bnc#1012628).
- tipc: fix modprobe tipc failed after switch order of device
  registration (bnc#1012628).
- mlxsw: core: Prevent QSFP module initialization for old hardware
  (bnc#1012628).
- mlxsw: core: Prevent reading unsupported slave address from
  SFP EEPROM (bnc#1012628).
- flow_offload: support CVLAN match (bnc#1012628).
- net/mlx5e: Fix calling wrong function to get inner vlan key
  and mask (bnc#1012628).
- net/mlx5: Fix peer pf disable hca command (bnc#1012628).
- vsock/virtio: Initialize core virtio vsock before registering
  the driver (bnc#1012628).
- net/mlx5e: Add missing ethtool driver info for representors
  (bnc#1012628).
- net/mlx5e: Additional check for flow destination comparison
  (bnc#1012628).
- net/mlx5: Imply MLXFW in mlx5_core (bnc#1012628).
- net/mlx5e: Fix ethtool rxfh commands when CONFIG_MLX5_EN_RXNFC
  is disabled (bnc#1012628).
- blk-mq: free hw queue's resource in hctx's release handler
  (bnc#1012628).
- regulator: core: fix error path for
  regulator_set_voltage_unlocked (bnc#1012628).
- parisc: Export running_on_qemu symbol for modules (bnc#1012628).
- parisc: Add memory clobber to TLB purges (bnc#1012628).
- parisc: Skip registering LED when running in QEMU (bnc#1012628).
- parisc: Add memory barrier to asm pdc and sync instructions
  (bnc#1012628).
- parisc: Allow live-patching of __meminit functions
  (bnc#1012628).
- parisc: Use PA_ASM_LEVEL in boot code (bnc#1012628).
- parisc: Rename LEVEL to PA_ASM_LEVEL to avoid name clash with
  DRBD code (bnc#1012628).
- stm class: Fix channel free in stm output free path
  (bnc#1012628).
- stm class: Fix channel bitmap on 32-bit systems (bnc#1012628).
- brd: re-enable __GFP_HIGHMEM in brd_insert_page() (bnc#1012628).
- proc: prevent changes to overridden credentials (bnc#1012628).
- Revert "MD: fix lock contention for flush bios" (bnc#1012628).
- md: batch flush requests (bnc#1012628).
- md: add mddev->pers to avoid potential NULL pointer dereference
  (bnc#1012628).
- md: add a missing endianness conversion in check_sb_changes
  (bnc#1012628).
- dcache: sort the freeing-without-RCU-delay mess for good
  (bnc#1012628).
- intel_th: msu: Fix single mode with IOMMU (bnc#1012628).
- p54: drop device reference count if fails to enable device
  (bnc#1012628).
- of: fix clang -Wunsequenced for be32_to_cpu() (bnc#1012628).
- brcmfmac: Add DMI nvram filename quirk for ACEPC T8 and T11
  mini PCs (bnc#1012628).
- cifs: fix credits leak for SMB1 oplock breaks (bnc#1012628).
- cifs: fix strcat buffer overflow and reduce raciness in
  smb21_set_oplock_level() (bnc#1012628).
- phy: ti-pipe3: fix missing bit-wise or operator when assigning
  val (bnc#1012628).
- media: ov6650: Fix sensor possibly not detected on probe
  (bnc#1012628).
- media: seco-cec: fix building with RC_CORE=m (bnc#1012628).
- media: imx: csi: Allow unknown nearest upstream entities
  (bnc#1012628).
- media: imx: Clear fwnode link struct for each endpoint iteration
  (bnc#1012628).
- media: imx: Rename functions that add IPU-internal subdevs
  (bnc#1012628).
- media: imx: Don't register IPU subdevs/links if CSI port missing
  (bnc#1012628).
- RDMA/mlx5: Use get_zeroed_page() for clock_info (bnc#1012628).
- RDMA/ipoib: Allow user space differentiate between valid
  dev_port (bnc#1012628).
- NFS4: Fix v4.0 client state corruption when mount (bnc#1012628).
- PNFS fallback to MDS if no deviceid found (bnc#1012628).
- clk: hi3660: Mark clk_gate_ufs_subsys as critical (bnc#1012628).
- clk: tegra: Fix PLLM programming on Tegra124+ when PMC overrides
  divider (bnc#1012628).
- clk: mediatek: Disable tuner_en before change PLL rate
  (bnc#1012628).
- clk: rockchip: fix wrong clock definitions for rk3328
  (bnc#1012628).
- udlfb: delete the unused parameter for dlfb_handle_damage
  (bnc#1012628).
- udlfb: fix sleeping inside spinlock (bnc#1012628).
- udlfb: introduce a rendering mutex (bnc#1012628).
- fuse: fix writepages on 32bit (bnc#1012628).
- fuse: honor RLIMIT_FSIZE in fuse_file_fallocate (bnc#1012628).
- ovl: fix missing upper fs freeze protection on copy up for ioctl
  (bnc#1012628).
- fsnotify: fix unlink performance regression (bnc#1012628).
- gcc-plugins: arm_ssp_per_task_plugin: Fix for older GCC < 6
  (bnc#1012628).
- iommu/tegra-smmu: Fix invalid ASID bits on Tegra30/114
  (bnc#1012628).
- ceph: flush dirty inodes before proceeding with remount
  (bnc#1012628).
- x86_64: Add gap to int3 to allow for call emulation
  (bnc#1012628).
- x86_64: Allow breakpoints to emulate call instructions
  (bnc#1012628).
- ftrace/x86_64: Emulate call function while updating in
  breakpoint handler (bnc#1012628).
- tracing: Fix partial reading of trace event's id file
  (bnc#1012628).
- tracing: probeevent: Fix to make the type of $comm string
  (bnc#1012628).
- memory: tegra: Fix integer overflow on tick value calculation
  (bnc#1012628).
- perf intel-pt: Fix instructions sampling rate (bnc#1012628).
- perf intel-pt: Fix improved sample timestamp (bnc#1012628).
- perf intel-pt: Fix sample timestamp wrt non-taken branches
  (bnc#1012628).
- MIPS: perf: Fix build with CONFIG_CPU_BMIPS5000 enabled
  (bnc#1012628).
- objtool: Allow AR to be overridden with HOSTAR (bnc#1012628).
- x86/mpx, mm/core: Fix recursive munmap() corruption
  (bnc#1012628).
- fbdev/efifb: Ignore framebuffer memmap entries that lack any
  memory types (bnc#1012628).
- fbdev: sm712fb: fix brightness control on reboot, don't set SR30
  (bnc#1012628).
- fbdev: sm712fb: fix VRAM detection, don't set SR70/71/74/75
  (bnc#1012628).
- fbdev: sm712fb: fix white screen of death on reboot, don't
  set CR3B-CR3F (bnc#1012628).
- fbdev: sm712fb: fix boot screen glitch when sm712fb replaces
  VGA (bnc#1012628).
- fbdev: sm712fb: fix crashes during framebuffer writes by
  correctly mapping VRAM (bnc#1012628).
- fbdev: sm712fb: fix support for 1024x768-16 mode (bnc#1012628).
- fbdev: sm712fb: use 1024x768 by default on non-MIPS, fix
  garbled display (bnc#1012628).
- fbdev: sm712fb: fix crashes and garbled display during DPMS
  modesetting (bnc#1012628).
- PCI: Mark AMD Stoney Radeon R7 GPU ATS as broken (bnc#1012628).
- PCI: Mark Atheros AR9462 to avoid bus reset (bnc#1012628).
- PCI: Reset Lenovo ThinkPad P50 nvgpu at boot if necessary
  (bnc#1012628).
- PCI: Init PCIe feature bits for managed host bridge alloc
  (bnc#1012628).
- PCI/AER: Change pci_aer_init() stub to return void
  (bnc#1012628).
- PCI: rcar: Add the initialization of PCIe link in resume_noirq()
  (bnc#1012628).
- PCI: Factor out pcie_retrain_link() function (bnc#1012628).
- PCI: Work around Pericom PCIe-to-PCI bridge Retrain Link erratum
  (bnc#1012628).
- dm cache metadata: Fix loading discard bitset (bnc#1012628).
- dm zoned: Fix zone report handling (bnc#1012628).
- dm init: fix max devices/targets checks (bnc#1012628).
- dm delay: fix a crash when invalid device is specified
  (bnc#1012628).
- dm crypt: move detailed message into debug level (bnc#1012628).
- dm integrity: correctly calculate the size of metadata area
  (bnc#1012628).
- dm ioctl: fix hang in early create error condition
  (bnc#1012628).
- dm mpath: always free attached_handler_name in parse_path()
  (bnc#1012628).
- fuse: Add FOPEN_STREAM to use stream_open() (bnc#1012628).
- md/raid: raid5 preserve the writeback action after the parity
  check (bnc#1012628).
- dmaengine: imx-sdma: Only check ratio on parts that support 1:1
  (bnc#1012628).
- driver core: Postpone DMA tear-down until after devres release
  for probe failure (bnc#1012628).
- bpf: relax inode permission check for retrieving bpf program
  (bnc#1012628).
- bpf: add map_lookup_elem_sys_only for lookups from syscall side
  (bnc#1012628).
- bpf, lru: avoid messing with eviction heuristics upon syscall
  lookup (bnc#1012628).
- y2038: Make CONFIG_64BIT_TIME unconditional (bnc#1012628).
- btrfs: reloc: Fix NULL pointer dereference due to expanded
  reloc_root lifespan (bnc#1012628).
- ARM: dts: imx6q-logicpd: Reduce inrush current on USBH1
  (bnc#1012628).
- ARM: dts: imx6q-logicpd: Reduce inrush current on start
  (bnc#1012628).
- fbdev: sm712fb: fix memory frequency by avoiding a switch/case
  fallthrough (bnc#1012628).
- Update config files.
- commit bde30e1
- Bluetooth: Check key sizes only when Secure Simple Pairing is
  enabled (bsc#1135556).
- commit ed1f493
- Delete patches.suse/Revert-Bluetooth-btusb-driver-to-enable-the-usb-wake.patch (boo#1130448).
  Should be fixed in 5.1-rc5
  commit 771acc7e4a6e5dba779cb1a7fd851a164bc81033
  Author: Brian Norris <briannorris@chromium.org>
  Date:   Tue Apr 9 11:49:17 2019 -0700
    Bluetooth: btusb: request wake pin with NOAUTOEN
- commit 817786b
- Update config files.
- commit 0739fa4
- dm: make sure to obey max_io_len_target_boundary (bnc#1135868).
- commit 4be0add
- Linux 5.1.4 (bnc#1012628).
- s390/mm: convert to the generic get_user_pages_fast code
  (bnc#1012628).
- s390/mm: make the pxd_offset functions more robust
  (bnc#1012628).
- libnvdimm/namespace: Fix label tracking error (bnc#1012628).
- powerpc/32s: fix flush_hash_pages() on SMP (bnc#1012628).
- xen/pvh: correctly setup the PV EFI interface for dom0
  (bnc#1012628).
- xen/pvh: set xen_domain_type to HVM in xen_pvh_init
  (bnc#1012628).
- kbuild: turn auto.conf.cmd into a mandatory include file
  (bnc#1012628).
- smb3: display session id in debug data (bnc#1012628).
- KVM: lapic: Busy wait for timer to expire when using hv_timer
  (bnc#1012628).
- KVM: x86: Skip EFER vs. guest CPUID checks for host-initiated
  writes (bnc#1012628).
- KVM: Fix the bitmap range to copy during clear dirty
  (bnc#1012628).
- Revert "KVM: nVMX: Expose RDPMC-exiting only when guest supports
  PMU" (bnc#1012628).
- jbd2: fix potential double free (bnc#1012628).
- ALSA: hda/realtek - Fix for Lenovo B50-70 inverted internal
  microphone bug (bnc#1012628).
- ALSA: hda/realtek - Fixup headphone noise via runtime suspend
  (bnc#1012628).
- ALSA: hda/realtek - Corrected fixup for System76 Gazelle
  (gaze14) (bnc#1012628).
- ext4: avoid panic during forced reboot due to aborted journal
  (bnc#1012628).
- ext4: fix use-after-free in dx_release() (bnc#1012628).
- ext4: fix data corruption caused by overlapping unaligned and
  aligned IO (bnc#1012628).
- ext4: zero out the unused memory region in the extent tree block
  (bnc#1012628).
- tty: Don't force RISCV SBI console as preferred console
  (bnc#1012628).
- fs/writeback.c: use rcu_barrier() to wait for inflight wb
  switches going into workqueue when umount (bnc#1012628).
- mm/compaction.c: correct zone boundary handling when isolating
  pages from a pageblock (bnc#1012628).
- ARM: dts: imx: Fix the AR803X phy-mode (bnc#1012628).
- ipmi:ssif: compare block number correctly for multi-part return
  messages (bnc#1012628).
- ipmi: Add the i2c-addr property for SSIF interfaces
  (bnc#1012628).
- bcache: never set KEY_PTRS of journal key to 0 in
  journal_reclaim() (bnc#1012628).
- bcache: fix a race between cache register and cacheset
  unregister (bnc#1012628).
- Btrfs: fix race between send and deduplication that lead to
  failures and crashes (bnc#1012628).
- Btrfs: do not start a transaction at iterate_extent_inodes()
  (bnc#1012628).
- Btrfs: do not start a transaction during fiemap (bnc#1012628).
- Btrfs: send, flush dellaloc in order to avoid data loss
  (bnc#1012628).
- btrfs: Honour FITRIM range constraints during free space trim
  (bnc#1012628).
- btrfs: Correctly free extent buffer in case
  btree_read_extent_buffer_pages fails (bnc#1012628).
- btrfs: Check the first key and level for cached extent buffer
  (bnc#1012628).
- ext4: fix ext4_show_options for file systems w/o journal
  (bnc#1012628).
- ext4: actually request zeroing of inode table after grow
  (bnc#1012628).
- ext4: fix use-after-free race with debug_want_extra_isize
  (bnc#1012628).
- ext4: avoid drop reference to iloc.bh twice (bnc#1012628).
- ext4: ignore e_value_offs for xattrs with value-in-ea-inode
  (bnc#1012628).
- ext4: make sanity check in mballoc more strict (bnc#1012628).
- jbd2: check superblock mapped prior to committing (bnc#1012628).
- tty/vt: fix write/write race in ioctl(KDSKBSENT) handler
  (bnc#1012628).
- tty: vt.c: Fix TIOCL_BLANKSCREEN console blanking if
  blankinterval == 0 (bnc#1012628).
- mtd: maps: Allow MTD_PHYSMAP with MTD_RAM (bnc#1012628).
- mtd: maps: physmap: Store gpio_values correctly (bnc#1012628).
- mtd: spi-nor: intel-spi: Avoid crossing 4K address boundary
  on read/write (bnc#1012628).
- mfd: max77620: Fix swapped FPS_PERIOD_MAX_US values
  (bnc#1012628).
- mfd: da9063: Fix OTP control register names to match datasheets
  for DA9063/63L (bnc#1012628).
- ACPICA: Linux: move ACPI_DEBUG_DEFAULT flag out of ifndef
  (bnc#1012628).
- ACPI: PM: Set enable_for_wake for wakeup GPEs during
  suspend-to-idle (bnc#1012628).
- userfaultfd: use RCU to free the task struct when fork fails
  (bnc#1012628).
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget
  (bnc#1012628).
- hugetlb: use same fault hash key for shared and private mappings
  (bnc#1012628).
- mm/hugetlb.c: don't put_page in lock of hugetlb_lock
  (bnc#1012628).
- mm/huge_memory: fix vmf_insert_pfn_{pmd, pud}() crash, handle
  unaligned addresses (bnc#1012628).
- mm/mincore.c: make mincore() more conservative (bnc#1012628).
- crypto: ccree - handle tee fips error during power management
  resume (bnc#1012628).
- crypto: ccree - add function to handle cryptocell tee fips error
  (bnc#1012628).
- crypto: ccree - HOST_POWER_DOWN_EN should be the last CC access
  during suspend (bnc#1012628).
- crypto: ccree - pm resume first enable the source clk
  (bnc#1012628).
- crypto: ccree - don't map AEAD key and IV on stack
  (bnc#1012628).
- crypto: ccree - use correct internal state sizes for export
  (bnc#1012628).
- crypto: ccree - don't map MAC key on stack (bnc#1012628).
- crypto: ccree - fix mem leak on error path (bnc#1012628).
- crypto: ccree - remove special handling of chained sg
  (bnc#1012628).
- bpf: fix out of bounds backwards jmps due to dead code removal
  (bnc#1012628).
- bpf, arm64: remove prefetch insn in xadd mapping (bnc#1012628).
- ASoC: codec: hdac_hdmi add device_link to card device
  (bnc#1012628).
- ASoC: fsl_esai: Fix missing break in switch statement
  (bnc#1012628).
- ASoC: RT5677-SPI: Disable 16Bit SPI Transfers (bnc#1012628).
- ASoC: max98090: Fix restore of DAPM Muxes (bnc#1012628).
- ALSA: hdea/realtek - Headset fixup for System76 Gazelle (gaze14)
  (bnc#1012628).
- ALSA: hda/realtek - EAPD turn on later (bnc#1012628).
- ALSA: hda/hdmi - Consider eld_valid when reporting jack event
  (bnc#1012628).
- ALSA: hda/hdmi - Read the pin sense from register when repolling
  (bnc#1012628).
- ALSA: usb-audio: Fix a memory leak bug (bnc#1012628).
- ALSA: line6: toneport: Fix broken usage of timer for delayed
  execution (bnc#1012628).
- mmc: sdhci-pci: Fix BYT OCP setting (bnc#1012628).
- mmc: core: Fix tag set memory leak (bnc#1012628).
- mmc: tegra: fix ddr signaling for non-ddr modes (bnc#1012628).
- dt-bindings: mmc: Add disable-cqe-dcmd property (bnc#1012628).
- drivers/dax: Allow to include DEV_DAX_PMEM as builtin
  (bnc#1012628).
- crypto: arm64/aes-neonbs - don't access already-freed walk.iv
  (bnc#1012628).
- crypto: arm/aes-neonbs - don't access already-freed walk.iv
  (bnc#1012628).
- crypto: caam/qi2 - generate hash keys in-place (bnc#1012628).
- crypto: caam/qi2 - fix DMA mapping of stack memory
  (bnc#1012628).
- crypto: caam/qi2 - fix zero-length buffer DMA mapping
  (bnc#1012628).
- crypto: rockchip - update IV buffer to contain the next IV
  (bnc#1012628).
- crypto: gcm - fix incompatibility between "gcm" and "gcm_base"
  (bnc#1012628).
- crypto: arm64/gcm-aes-ce - fix no-NEON fallback code
  (bnc#1012628).
- crypto: x86/crct10dif-pcl - fix use via crypto_shash_digest()
  (bnc#1012628).
- crypto: crct10dif-generic - fix use via crypto_shash_digest()
  (bnc#1012628).
- crypto: skcipher - don't WARN on unprocessed data after slow
  walk step (bnc#1012628).
- crypto: vmx - fix copy-paste error in CTR mode (bnc#1012628).
- crypto: ccp - Do not free psp_master when PLATFORM_INIT fails
  (bnc#1012628).
- crypto: ccm - fix incompatibility between "ccm" and "ccm_base"
  (bnc#1012628).
- crypto: chacha20poly1305 - set cra_name correctly (bnc#1012628).
- crypto: chacha-generic - fix use as arm64 no-NEON fallback
  (bnc#1012628).
- crypto: lrw - don't access already-freed walk.iv (bnc#1012628).
- crypto: salsa20 - don't access already-freed walk.iv
  (bnc#1012628).
- crypto: crypto4xx - fix cfb and ofb "overran dst buffer" issues
  (bnc#1012628).
- crypto: crypto4xx - fix ctr-aes missing output IV (bnc#1012628).
- x86/MCE/AMD: Don't report L1 BTB MCA errors on some family
  17h models (bnc#1012628).
- x86/MCE: Add an MCE-record filtering function (bnc#1012628).
- sched/x86: Save [ER]FLAGS on context switch (bnc#1012628).
- arm64: Save and restore OSDLR_EL1 across suspend/resume
  (bnc#1012628).
- arm64: Clear OSDLR_EL1 on CPU boot (bnc#1012628).
- arm64: compat: Reduce address limit (bnc#1012628).
- arm64: arch_timer: Ensure counter register reads occur with
  seqlock held (bnc#1012628).
- arm64: mmap: Ensure file offset is treated as unsigned
  (bnc#1012628).
- power: supply: axp288_fuel_gauge: Add ACEPC T8 and T11 mini
  PCs to the blacklist (bnc#1012628).
- power: supply: axp288_charger: Fix unchecked return value
  (bnc#1012628).
- ARM: exynos: Fix a leaked reference by adding missing
  of_node_put (bnc#1012628).
- mmc: sdhci-of-arasan: Add DTS property to disable DCMDs
  (bnc#1012628).
- ARM: dts: exynos: Fix audio (microphone) routing on Odroid XU3
  (bnc#1012628).
- ARM: dts: exynos: Fix audio routing on Odroid XU3 (bnc#1012628).
- ARM: dts: exynos: Fix interrupt for shared EINTs on Exynos5260
  (bnc#1012628).
- ARM: dts: qcom: ipq4019: enlarge PCIe BAR range (bnc#1012628).
- arm64: dts: rockchip: Disable DCMDs on RK3399's eMMC controller
  (bnc#1012628).
- arm64: dts: rockchip: fix IO domain voltage setting of APIO5
  on rockpro64 (bnc#1012628).
- objtool: Fix function fallthrough detection (bnc#1012628).
- x86/speculation/mds: Improve CPU buffer clear documentation
  (bnc#1012628).
- x86/speculation/mds: Revert CPU buffer clear on double fault
  exit (bnc#1012628).
- locking/rwsem: Prevent decrement of reader count before
  increment (bnc#1012628).
- commit 047096a
- TTY: serial_core, add ->install (bnc#1129693).
- commit da4e6dd
- Refresh
  patches.suse/memcg-make-it-work-on-sparse-non-0-node-systems.patch.
  Update to a solution proposed by upstream.
- commit 53906c9
- Revert "selinux: do not report error on connect(AF_UNSPEC)"
  (git-fixes).
- Revert "Don't jump to compute_result state from check_result
  state" (git-fixes).
- commit 3d34296
- Linux 5.1.3 (bnc#1012628).
- f2fs: Fix use of number of devices (bnc#1012628).
- PCI: hv: Add pci_destroy_slot() in pci_devices_present_work(),
  if necessary (bnc#1012628).
- PCI: hv: Add hv_pci_remove_slots() when we unload the driver
  (bnc#1012628).
- PCI: hv: Fix a memory leak in hv_eject_device_work()
  (bnc#1012628).
- virtio_ring: Fix potential mem leak in
  virtqueue_add_indirect_packed (bnc#1012628).
- powerpc/booke64: set RI in default MSR (bnc#1012628).
- powerpc/powernv/idle: Restore IAMR after idle (bnc#1012628).
- powerpc/book3s/64: check for NULL pointer in pgd_alloc()
  (bnc#1012628).
- drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
  (bnc#1012628).
- drivers/virt/fsl_hypervisor.c: dereferencing error pointers
  in ioctl (bnc#1012628).
- isdn: bas_gigaset: use usb_fill_int_urb() properly
  (bnc#1012628).
- flow_dissector: disable preemption around BPF calls
  (bnc#1012628).
- net: phy: fix phy_validate_pause (bnc#1012628).
- tuntap: synchronize through tfiles array instead of
  tun->numqueues (bnc#1012628).
- tuntap: fix dividing by zero in ebpf queue selection
  (bnc#1012628).
- vrf: sit mtu should not be updated when vrf netdev is the link
  (bnc#1012628).
- vlan: disable SIOCSHWTSTAMP in container (bnc#1012628).
- tipc: fix hanging clients using poll with EPOLLOUT flag
  (bnc#1012628).
- selinux: do not report error on connect(AF_UNSPEC)
  (bnc#1012628).
- packet: Fix error path in packet_init (bnc#1012628).
- net: ucc_geth - fix Oops when changing number of buffers in
  the ring (bnc#1012628).
- net: seeq: fix crash caused by not set dev.parent (bnc#1012628).
- net: macb: Change interrupt and napi enable order in open
  (bnc#1012628).
- net: ethernet: stmmac: dwmac-sun8i: enable support of unicast
  filtering (bnc#1012628).
- net: dsa: Fix error cleanup path in dsa_init_module
  (bnc#1012628).
- ipv4: Fix raw socket lookup for local traffic (bnc#1012628).
- fib_rules: return 0 directly if an exactly same rule exists
  when NLM_F_EXCL not supplied (bnc#1012628).
- dpaa_eth: fix SG frame cleanup (bnc#1012628).
- bridge: Fix error path for kobject_init_and_add() (bnc#1012628).
- bonding: fix arp_validate toggling in active-backup mode
  (bnc#1012628).
- Don't jump to compute_result state from check_result state
  (bnc#1012628).
- rtlwifi: rtl8723ae: Fix missing break in switch statement
  (bnc#1012628).
- mwl8k: Fix rate_idx underflow (bnc#1012628).
- USB: serial: fix unthrottle races (bnc#1012628).
- virt: vbox: Sanity-check parameter types for hgcm-calls coming
  from userspace (bnc#1012628).
- kernfs: fix barrier usage in __kernfs_new_node() (bnc#1012628).
- i2c: core: ratelimit 'transfer when suspended' errors
  (bnc#1012628).
- selftests/seccomp: Handle namespace failures gracefully
  (bnc#1012628).
- hwmon: (occ) Fix extended status bits (bnc#1012628).
- hwmon: (pwm-fan) Disable PWM if fetching cooling data fails
  (bnc#1012628).
- platform/x86: dell-laptop: fix rfkill functionality
  (bnc#1012628).
- platform/x86: thinkpad_acpi: Disable Bluetooth for some machines
  (bnc#1012628).
- platform/x86: sony-laptop: Fix unintentional fall-through
  (bnc#1012628).
- commit 073196d
- Update config files: disable CONFIG_IDE for ppc64/ppc64le (bsc#1135333)
- commit 012b7ed
- x86/kvm/pmu: Set AMD's virt PMU version to 1
  (https://patchwork.kernel.org/patch/10936271/).
- commit d737fc7
- Linux 5.1.2 (bnc#1012628).
- x86/speculation/mds: Fix documentation typo (bnc#1012628).
- Documentation: Correct the possible MDS sysfs values
  (bnc#1012628).
- x86/mds: Add MDSUM variant to the MDS documentation
  (bnc#1012628).
- x86/speculation/mds: Add 'mitigations=' support for MDS
  (bnc#1012628).
- s390/speculation: Support 'mitigations=' cmdline option
  (bnc#1012628).
- powerpc/speculation: Support 'mitigations=' cmdline option
  (bnc#1012628).
- x86/speculation: Support 'mitigations=' cmdline option
  (bnc#1012628).
- cpu/speculation: Add 'mitigations=' cmdline option
  (bnc#1012628).
- x86/speculation/mds: Print SMT vulnerable on MSBDS with
  mitigations off (bnc#1012628).
- x86/speculation/mds: Fix comment (bnc#1012628).
- x86/speculation/mds: Add SMT warning message (bnc#1012628).
- x86/speculation: Move arch_smt_update() call to after mitigation
  decisions (bnc#1012628).
- x86/speculation/mds: Add mds=full,nosmt cmdline option
  (bnc#1012628).
- Documentation: Add MDS vulnerability documentation
  (bnc#1012628).
- Documentation: Move L1TF to separate directory (bnc#1012628).
- x86/speculation/mds: Add mitigation mode VMWERV (bnc#1012628).
- x86/speculation/mds: Add sysfs reporting for MDS (bnc#1012628).
- x86/speculation/mds: Add mitigation control for MDS
  (bnc#1012628).
- x86/speculation/mds: Conditionally clear CPU buffers on idle
  entry (bnc#1012628).
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
  (bnc#1012628).
- x86/speculation/mds: Clear CPU buffers on exit to user
  (bnc#1012628).
- x86/speculation/mds: Add mds_clear_cpu_buffers() (bnc#1012628).
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (bnc#1012628).
- x86/speculation/mds: Add BUG_MSBDS_ONLY (bnc#1012628).
- x86/speculation/mds: Add basic bug infrastructure for MDS
  (bnc#1012628).
- x86/speculation: Consolidate CPU whitelists (bnc#1012628).
- x86/msr-index: Cleanup bit defines (bnc#1012628).
- commit 5a8c05f
- config: keep LSM empty in s390x/zfcpdump
  This config doesn't really build AppArmor and always had
  DEFAULT_SECURITY_DAC so it seems more consistent to keep LSM list empty.
- commit 3073856
- config: enable AppArmor by default again (bsc#1134906)
  AppArmor used to be enabled in kernel by default by after the recent
  introduction of CONFIG_LSM, we disabled all LSM modules. Enable AppArmor
  again.
- commit 953db35
- Update upstream reference:
  patches.suse/efifb-Omit-memory-map-check-on-legacy-boot.patch
- commit 133a780
- Linux 5.1.1 (bnc#1012628).
- arm64: futex: Bound number of LDXR/STXR loops in FUTEX_WAKE_OP
  (bnc#1012628).
- locking/futex: Allow low-level atomic operations to return
  - EAGAIN (bnc#1012628).
- i3c: Fix a shift wrap bug in i3c_bus_set_addr_slot_status()
  (bnc#1012628).
- ASoC: Intel: avoid Oops if DMA setup fails (bnc#1012628).
- UAS: fix alignment of scatter/gather segments (bnc#1012628).
- Bluetooth: hci_bcm: Fix empty regulator supplies for Intel Macs
  (bnc#1012628).
- Bluetooth: Fix not initializing L2CAP tx_credits (bnc#1012628).
- Bluetooth: Align minimum encryption key size for LE and BR/EDR
  connections (bnc#1012628).
- Bluetooth: hidp: fix buffer overflow (bnc#1012628).
- scsi: qla2xxx: Fix device staying in blocked state
  (bnc#1012628).
- scsi: qla2xxx: Set remote port devloss timeout to 0
  (bnc#1012628).
- scsi: qla2xxx: Fix incorrect region-size setting in optrom
  SYSFS routines (bnc#1012628).
- scsi: lpfc: change snprintf to scnprintf for possible overflow
  (bnc#1012628).
- soc: sunxi: Fix missing dependency on REGMAP_MMIO (bnc#1012628).
- ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions
  for hibernate (bnc#1012628).
- cpufreq: armada-37xx: fix frequency calculation for opp
  (bnc#1012628).
- iio: adc: qcom-spmi-adc5: Fix of-based module autoloading
  (bnc#1012628).
- intel_th: pci: Add Comet Lake support (bnc#1012628).
- genirq: Prevent use-after-free and work list corruption
  (bnc#1012628).
- usb-storage: Set virt_boundary_mask to avoid SG overflows
  (bnc#1012628).
- USB: cdc-acm: fix unthrottle races (bnc#1012628).
- USB: serial: f81232: fix interrupt worker not stop
  (bnc#1012628).
- usb: dwc3: Fix default lpm_nyet_threshold value (bnc#1012628).
- usb: dwc3: Allow building USB_DWC3_QCOM without EXTCON
  (bnc#1012628).
- staging: most: sound: pass correct device when creating a
  sound card (bnc#1012628).
- staging: most: cdev: fix chrdev_region leak in mod_exit
  (bnc#1012628).
- staging: wilc1000: Avoid GFP_KERNEL allocation from atomic
  context (bnc#1012628).
- staging: greybus: power_supply: fix prop-descriptor request size
  (bnc#1012628).
- ubsan: Fix nasty -Wbuiltin-declaration-mismatch GCC-9 warnings
  (bnc#1012628).
- Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in
  hv_synic_cleanup() (bnc#1012628).
- commit 8e0a089
- Sign non-x86 kernels when possible (boo#1134303)
- commit bac621c
- Update to 5.1 final
- Eliminated 1 patch
- New config options:
  - PCI:
  - PCIE_BW=n (recommended default)
- commit a974d8b
- Linux 5.0.13 (bnc#1012628).
- ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
  (bnc#1012628).
- ipv6: A few fixes on dereferencing rt->from (bnc#1012628).
- ipv6: fix races in ip6_dst_destroy() (bnc#1012628).
- ipv6/flowlabel: wait rcu grace period before put_pid()
  (bnc#1012628).
- ipv6: invert flowlabel sharing check in process and user mode
  (bnc#1012628).
- l2ip: fix possible use-after-free (bnc#1012628).
- l2tp: use rcu_dereference_sk_user_data() in
  l2tp_udp_encap_recv() (bnc#1012628).
- net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc
  (bnc#1012628).
- net: phy: marvell: Fix buffer overrun with stats counters
  (bnc#1012628).
- net/tls: avoid NULL pointer deref on nskb->sk in fallback
  (bnc#1012628).
- rxrpc: Fix net namespace cleanup (bnc#1012628).
- sctp: avoid running the sctp state machine recursively
  (bnc#1012628).
- selftests: fib_rule_tests: print the result and return 1 if
  any tests failed (bnc#1012628).
- packet: validate msg_namelen in send directly (bnc#1012628).
- packet: in recvmsg msg_name return at least sizeof sockaddr_ll
  (bnc#1012628).
- selftests: fib_rule_tests: Fix icmp proto with ipv6
  (bnc#1012628).
- tcp: add sanity tests in tcp_add_backlog() (bnc#1012628).
- udp: fix GRO reception in case of length mismatch (bnc#1012628).
- udp: fix GRO packet of death (bnc#1012628).
- bnxt_en: Improve multicast address setup logic (bnc#1012628).
- bnxt_en: Free short FW command HWRM memory in error path in
  bnxt_init_one() (bnc#1012628).
- bnxt_en: Fix possible crash in bnxt_hwrm_ring_free() under
  error conditions (bnc#1012628).
- bnxt_en: Pass correct extended TX port statistics size to
  firmware (bnc#1012628).
- bnxt_en: Fix statistics context reservation logic (bnc#1012628).
- bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt()
  (bnc#1012628).
- net/tls: don't copy negative amounts of data in reencrypt
  (bnc#1012628).
- net/tls: fix copy to fragments in reencrypt (bnc#1012628).
- KVM: nVMX: Fix size checks in vmx_set_nested_state
  (bnc#1012628).
- ALSA: line6: use dynamic buffers (bnc#1012628).
- iwlwifi: mvm: properly check debugfs dentry before using it
  (bnc#1012628).
- ath10k: Drop WARN_ON()s that always trigger during system resume
  (bnc#1012628).
- commit b11e2d7
- Linux 5.0.12 (bnc#1012628).
- selinux: use kernel linux/socket.h for genheaders and mdp
  (bnc#1012628).
- drm/i915: Do not enable FEC without DSC (bnc#1012628).
- mm: make page ref count overflow check tighter and more explicit
  (bnc#1012628).
- mm: add 'try_get_page()' helper function (bnc#1012628).
- mm: prevent get_user_pages() from overflowing page refcount
  (bnc#1012628).
- fs: prevent page refcount overflow in pipe_buf_get
  (bnc#1012628).
- arm64: dts: renesas: r8a77990: Fix SCIF5 DMA channels
  (bnc#1012628).
- ARM: dts: bcm283x: Fix hdmi hpd gpio pull (bnc#1012628).
- s390: limit brk randomization to 32MB (bnc#1012628).
- mt76x02: fix hdr pointer in write txwi for USB (bnc#1012628).
- mt76: mt76x2: fix external LNA gain settings (bnc#1012628).
- mt76: mt76x2: fix 2.4 GHz channel gain settings (bnc#1012628).
- net: ieee802154: fix a potential NULL pointer dereference
  (bnc#1012628).
- ieee802154: hwsim: propagate genlmsg_reply return code
  (bnc#1012628).
- Btrfs: fix file corruption after snapshotting due to mix of
  buffered/DIO writes (bnc#1012628).
- net: stmmac: don't set own bit too early for jumbo frames
  (bnc#1012628).
- net: stmmac: fix jumbo frame sending with non-linear skbs
  (bnc#1012628).
- qlcnic: Avoid potential NULL pointer dereference (bnc#1012628).
- xsk: fix umem memory leak on cleanup (bnc#1012628).
- staging: axis-fifo: add CONFIG_OF dependency (bnc#1012628).
- staging, mt7621-pci: fix build without pci support
  (bnc#1012628).
- netfilter: nft_set_rbtree: check for inactive element after
  flag mismatch (bnc#1012628).
- netfilter: bridge: set skb transport_header before entering
  NF_INET_PRE_ROUTING (bnc#1012628).
- netfilter: fix NETFILTER_XT_TARGET_TEE dependencies
  (bnc#1012628).
- netfilter: ip6t_srh: fix NULL pointer dereferences
  (bnc#1012628).
- s390/qeth: fix race when initializing the IP address table
  (bnc#1012628).
- ARM: imx51: fix a leaked reference by adding missing of_node_put
  (bnc#1012628).
- sc16is7xx: missing unregister/delete driver on error in
  sc16is7xx_init() (bnc#1012628).
- serial: ar933x_uart: Fix build failure with disabled console
  (bnc#1012628).
- KVM: arm64: Reset the PMU in preemptible context (bnc#1012628).
- arm64: KVM: Always set ICH_HCR_EL2.EN if GICv4 is enabled
  (bnc#1012628).
- KVM: arm/arm64: vgic-its: Take the srcu lock when writing to
  guest memory (bnc#1012628).
- KVM: arm/arm64: vgic-its: Take the srcu lock when parsing the
  memslots (bnc#1012628).
- usb: dwc3: pci: add support for Comet Lake PCH ID (bnc#1012628).
- usb: gadget: net2280: Fix overrun of OUT messages (bnc#1012628).
- usb: gadget: net2280: Fix net2280_dequeue() (bnc#1012628).
- usb: gadget: net2272: Fix net2272_dequeue() (bnc#1012628).
- ARM: dts: pfla02: increase phy reset duration (bnc#1012628).
- i2c: i801: Add support for Intel Comet Lake (bnc#1012628).
- KVM: arm/arm64: Fix handling of stage2 huge mappings
  (bnc#1012628).
- net: ks8851: Dequeue RX packets explicitly (bnc#1012628).
- net: ks8851: Reassert reset pin if chip ID check fails
  (bnc#1012628).
- net: ks8851: Delay requesting IRQ until opened (bnc#1012628).
- net: ks8851: Set initial carrier state to down (bnc#1012628).
- staging: rtl8188eu: Fix potential NULL pointer dereference of
  kcalloc (bnc#1012628).
- staging: rtlwifi: rtl8822b: fix to avoid potential NULL pointer
  dereference (bnc#1012628).
- staging: rtl8712: uninitialized memory in read_bbreg_hdl()
  (bnc#1012628).
- staging: rtlwifi: Fix potential NULL pointer dereference of
  kzalloc (bnc#1012628).
- net: phy: Add DP83825I to the DP83822 driver (bnc#1012628).
- net: macb: Add null check for PCLK and HCLK (bnc#1012628).
- net/sched: don't dereference a->goto_chain to read the chain
  index (bnc#1012628).
- ARM: dts: imx6qdl: Fix typo in imx6qdl-icore-rqs.dtsi
  (bnc#1012628).
- drm/tegra: hub: Fix dereference before check (bnc#1012628).
- NFS: Fix a typo in nfs_init_timeout_values() (bnc#1012628).
- net: xilinx: fix possible object reference leak (bnc#1012628).
- net: ibm: fix possible object reference leak (bnc#1012628).
- net: ethernet: ti: fix possible object reference leak
  (bnc#1012628).
- drm: Fix drm_release() and device unplug (bnc#1012628).
- gpio: aspeed: fix a potential NULL pointer dereference
  (bnc#1012628).
- drm/meson: Fix invalid pointer in meson_drv_unbind()
  (bnc#1012628).
- drm/meson: Uninstall IRQ handler (bnc#1012628).
- ARM: davinci: fix build failure with allnoconfig (bnc#1012628).
- sbitmap: order READ/WRITE freed instance and setting clear bit
  (bnc#1012628).
- staging: vc04_services: Fix an error code in vchiq_probe()
  (bnc#1012628).
- scsi: mpt3sas: Fix kernel panic during expander reset
  (bnc#1012628).
- scsi: aacraid: Insure we don't access PCIe space during AER/EEH
  (bnc#1012628).
- scsi: qla4xxx: fix a potential NULL pointer dereference
  (bnc#1012628).
- usb: usb251xb: fix to avoid potential NULL pointer dereference
  (bnc#1012628).
- leds: trigger: netdev: fix refcnt leak on interface rename
  (bnc#1012628).
- SUNRPC: fix uninitialized variable warning (bnc#1012628).
- x86/realmode: Don't leak the trampoline kernel address
  (bnc#1012628).
- usb: u132-hcd: fix resource leak (bnc#1012628).
- ceph: fix use-after-free on symlink traversal (bnc#1012628).
- scsi: zfcp: reduce flood of fcrscn1 trace records on
  multi-element RSCN (bnc#1012628).
- x86/mm: Don't exceed the valid physical address space
  (bnc#1012628).
- libata: fix using DMA buffers on stack (bnc#1012628).
- kbuild: skip parsing pre sub-make code for recursion
  (bnc#1012628).
- afs: Fix StoreData op marshalling (bnc#1012628).
- gpio: of: Check propname before applying "cs-gpios" quirks
  (bnc#1012628).
- gpio: of: Check for "spi-cs-high" in child instead of parent
  node (bnc#1012628).
- KVM: nVMX: Do not inherit quadrant and invalid for the root
  shadow EPT (bnc#1012628).
- KVM: SVM: Workaround errata#1096 (insn_len maybe zero on SMAP
  violation) (bnc#1012628).
- kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs
  (bnc#1012628).
- x86/kvm/hyper-v: avoid spurious pending stimer on vCPU init
  (bnc#1012628).
- KVM: selftests: assert on exit reason in CR4/cpuid sync test
  (bnc#1012628).
- KVM: selftests: explicitly disable PIE for tests (bnc#1012628).
- KVM: selftests: disable stack protector for all KVM tests
  (bnc#1012628).
- KVM: selftests: complete IO before migrating guest state
  (bnc#1012628).
- gpio: of: Fix of_gpiochip_add() error path (bnc#1012628).
- nvme-multipath: relax ANA state check (bnc#1012628).
- nvmet: fix building bvec from sg list (bnc#1012628).
- nvmet: fix error flow during ns enable (bnc#1012628).
- perf cs-etm: Add missing case value (bnc#1012628).
- perf machine: Update kernel map address and re-order properly
  (bnc#1012628).
- kconfig/[mn]conf: handle backspace (^H) key (bnc#1012628).
- iommu/amd: Reserve exclusion range in iova-domain (bnc#1012628).
- kasan: fix variable 'tag' set but not used warning
  (bnc#1012628).
- ptrace: take into account saved_sigmask in
  PTRACE{GET,SET}SIGMASK (bnc#1012628).
- leds: pca9532: fix a potential NULL pointer dereference
  (bnc#1012628).
- leds: trigger: netdev: use memcpy in device_name_store
  (bnc#1012628).
- commit 0b5ff0f
- Refresh
  patches.suse/KVM-x86-Whitelist-port-0x7e-for-pre-incrementing-rip.patch.
  Update upstream status.
- commit 410b1c0
- Linux 5.0.11 (bnc#1012628).
- netfilter: nf_tables: bogus EBUSY when deleting set after flush
  (bnc#1012628).
- netfilter: nf_tables: bogus EBUSY in helper removal from
  transaction (bnc#1012628).
- intel_th: gth: Fix an off-by-one in output unassigning
  (bnc#1012628).
- powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 (bnc#1012628).
- ALSA: hda/realtek - Move to ACT_INIT state (bnc#1012628).
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference
  (bnc#1012628).
- block, bfq: fix use after free in bfq_bfqq_expire (bnc#1012628).
- cifs: fix memory leak in SMB2_read (bnc#1012628).
- cifs: fix page reference leak with readv/writev (bnc#1012628).
- cifs: do not attempt cifs operation on smb2+ rename error
  (bnc#1012628).
- tracing: Fix a memory leak by early error exit in
  trace_pid_write() (bnc#1012628).
- tracing: Fix buffer_ref pipe ops (bnc#1012628).
- crypto: xts - Fix atomic sleep when walking skcipher
  (bnc#1012628).
- crypto: lrw - Fix atomic sleep when walking skcipher
  (bnc#1012628).
- gpio: eic: sprd: Fix incorrect irq type setting for the sync
  EIC (bnc#1012628).
- zram: pass down the bvec we need to read into in the work struct
  (bnc#1012628).
- lib/Kconfig.debug: fix build error without CONFIG_BLOCK
  (bnc#1012628).
- MIPS: scall64-o32: Fix indirect syscall number load
  (bnc#1012628).
- trace: Fix preempt_enable_no_resched() abuse (bnc#1012628).
- mm: do not boost watermarks to avoid fragmentation for the
  DISCONTIG memory model (bnc#1012628).
- arm64: mm: Ensure tail of unaligned initrd is reserved
  (bnc#1012628).
- IB/rdmavt: Fix frwr memory registration (bnc#1012628).
- RDMA/mlx5: Do not allow the user to write to the clock page
  (bnc#1012628).
- RDMA/mlx5: Use rdma_user_map_io for mapping BAR pages
  (bnc#1012628).
- RDMA/ucontext: Fix regression with disassociate (bnc#1012628).
- sched/numa: Fix a possible divide-by-zero (bnc#1012628).
- ceph: only use d_name directly when parent is locked
  (bnc#1012628).
- ceph: ensure d_name stability in ceph_dentry_hash()
  (bnc#1012628).
- ceph: fix ci->i_head_snapc leak (bnc#1012628).
- nfsd: Don't release the callback slot unless it was actually
  held (bnc#1012628).
- nfsd: wake waiters blocked on file_lock before deleting it
  (bnc#1012628).
- nfsd: wake blocked file lock waiters before sending callback
  (bnc#1012628).
- sunrpc: don't mark uninitialised items as VALID (bnc#1012628).
- perf/x86/intel: Update KBL Package C-state events to also
  include PC8/PC9/PC10 counters (bnc#1012628).
- Input: synaptics-rmi4 - write config register values to the
  right offset (bnc#1012628).
- dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid
  (bnc#1012628).
- dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status
  (bnc#1012628).
- dmaengine: mediatek-cqdma: fix wrong register usage in
  mtk_cqdma_start (bnc#1012628).
- ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning
  the cache (bnc#1012628).
- powerpc/mm/radix: Make Radix require HUGETLB_PAGE (bnc#1012628).
- drm/vc4: Fix memory leak during gpu reset (bnc#1012628).
- drm/ttm: fix re-init of global structures (bnc#1012628).
- drm/vc4: Fix compilation error reported by kbuild test bot
  (bnc#1012628).
- USB: Add new USB LPM helpers (bnc#1012628).
- USB: Consolidate LPM checks to avoid enabling LPM twice
  (bnc#1012628).
- ext4: fix some error pointer dereferences (bnc#1012628).
- loop: do not print warn message if partition scan is successful
  (bnc#1012628).
- tipc: handle the err returned from cmd header function
  (bnc#1012628).
- slip: make slhc_free() silently accept an error pointer
  (bnc#1012628).
- workqueue: Try to catch flush_work() without INIT_WORK()
  (bnc#1012628).
- binder: fix handling of misaligned binder object (bnc#1012628).
- sched/deadline: Correctly handle active 0-lag timers
  (bnc#1012628).
- mac80211_hwsim: calculate if_combination.max_interfaces
  (bnc#1012628).
- NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family
  (bnc#1012628).
- netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON
  (bnc#1012628).
- fm10k: Fix a potential NULL pointer dereference (bnc#1012628).
- tipc: check bearer name with right length in
  tipc_nl_compat_bearer_enable (bnc#1012628).
- tipc: check link name with right length in
  tipc_nl_compat_link_set (bnc#1012628).
- net: netrom: Fix error cleanup path of nr_proto_init
  (bnc#1012628).
- net/rds: Check address length before reading address family
  (bnc#1012628).
- rxrpc: fix race condition in rxrpc_input_packet() (bnc#1012628).
- pin iocb through aio (bnc#1012628).
- aio: fold lookup_kiocb() into its sole caller (bnc#1012628).
- aio: keep io_event in aio_kiocb (bnc#1012628).
- aio: store event at final iocb_put() (bnc#1012628).
- Fix aio_poll() races (bnc#1012628).
- x86, retpolines: Raise limit for generating indirect calls
  from switch-case (bnc#1012628).
- x86/retpolines: Disable switch jump tables when retpolines
  are enabled (bnc#1012628).
- rdma: fix build errors on s390 and MIPS due to bad ZERO_PAGE
  use (bnc#1012628).
- ipv4: add sanity checks in ipv4_link_failure() (bnc#1012628).
- ipv4: set the tcp_min_rtt_wlen range from 0 to one day
  (bnc#1012628).
- mlxsw: spectrum: Fix autoneg status in ethtool (bnc#1012628).
- net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages
  query (bnc#1012628).
- net: rds: exchange of 8K and 1M pool (bnc#1012628).
- net/rose: fix unbound loop in rose_loopback_timer()
  (bnc#1012628).
- net: stmmac: move stmmac_check_ether_addr() to driver probe
  (bnc#1012628).
- net/tls: fix refcount adjustment in fallback (bnc#1012628).
- stmmac: pci: Adjust IOT2000 matching (bnc#1012628).
- team: fix possible recursive locking when add slaves
  (bnc#1012628).
- net: socionext: replace napi_alloc_frag with the netdev variant
  on init (bnc#1012628).
- net/ncsi: handle overflow when incrementing mac address
  (bnc#1012628).
- mlxsw: pci: Reincrease PCI reset timeout (bnc#1012628).
- mlxsw: spectrum: Put MC TCs into DWRR mode (bnc#1012628).
- net/mlx5e: Fix the max MTU check in case of XDP (bnc#1012628).
- net/mlx5e: Fix use-after-free after xdp_return_frame
  (bnc#1012628).
- net/tls: avoid potential deadlock in tls_set_device_offload_rx()
  (bnc#1012628).
- net/tls: don't leak IV and record seq when offload fails
  (bnc#1012628).
- commit 07c5318
- Revert "ACPICA: Clear status of GPEs before enabling them"
  (bsc#1132943).
- commit 13cf3aa
- HID: i2c-hid: Ignore input report if there's no data present
  on Elan touchpanels (bsc#1133486).
- commit 5a94296
- rdma: fix build errors on s390 and MIPS due to bad ZERO_PAGE use
  (http://lkml.kernel.org/r/20190429052136.GA21672@unicorn.suse.cz).
- Delete
  patches.suse/rdma-fix-argument-of-ZERO_PAGE-in-rdma_umap_fault.patch.
- commit a764394
- KVM: x86: Whitelist port 0x7e for pre-incrementing %rip
  (bnc#1132694).
- Delete patches.suse/kvm-Workaround-OUT-0x7E.patch.
  Update per upstream.
- commit 93ba681
- memcg: make it work on sparse non-0-node systems (bnc#1133616).
- commit c0ba22a
- Workaround Qemu "OUT 0x7E" handling in KVM (bnc#1132694).
- commit e8fc1e9
- Update to 5.1-rc7
- add patches.suse/rdma-fix-argument-of-ZERO_PAGE-in-rdma_umap_fault.patch
  (tentative s390x build fix)
- New config options:
  - ARM:
  - KEYBOARD_SNVS_PWRKEY=m
  - armv7hl:
  - FRAME_POINTER=y
  - UNWINDER_FRAME_POINTER=y
- commit 04c1966
- Linux 5.0.10 (bnc#1012628).
- bonding: fix event handling for stacked bonds (bnc#1012628).
- failover: allow name change on IFF_UP slave interfaces
  (bnc#1012628).
- net: atm: Fix potential Spectre v1 vulnerabilities
  (bnc#1012628).
- net: bridge: fix per-port af_packet sockets (bnc#1012628).
- net: bridge: multicast: use rcu to access port list from
  br_multicast_start_querier (bnc#1012628).
- net: fec: manage ahb clock in runtime pm (bnc#1012628).
- net: Fix missing meta data in skb with vlan packet
  (bnc#1012628).
- net: fou: do not use guehdr after iptunnel_pull_offloads in
  gue_udp_recv (bnc#1012628).
- tcp: tcp_grow_window() needs to respect tcp_space()
  (bnc#1012628).
- team: set slave to promisc if team is already in promisc mode
  (bnc#1012628).
- tipc: missing entries in name table of publications
  (bnc#1012628).
- vhost: reject zero size iova range (bnc#1012628).
- ipv4: recompile ip options in ipv4_link_failure (bnc#1012628).
- ipv4: ensure rcu_read_lock() in ipv4_link_failure()
  (bnc#1012628).
- mlxsw: spectrum_switchdev: Add MDB entries in prepare phase
  (bnc#1012628).
- mlxsw: core: Do not use WQ_MEM_RECLAIM for EMAD workqueue
  (bnc#1012628).
- mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw ordered
  workqueue (bnc#1012628).
- mlxsw: core: Do not use WQ_MEM_RECLAIM for mlxsw workqueue
  (bnc#1012628).
- mlxsw: spectrum_router: Do not check VRF MAC address
  (bnc#1012628).
- net: thunderx: raise XDP MTU to 1508 (bnc#1012628).
- net: thunderx: don't allow jumbo frames with XDP (bnc#1012628).
- net/tls: fix the IV leaks (bnc#1012628).
- net/tls: don't leak partially sent record in device mode
  (bnc#1012628).
- net: strparser: partially revert "strparser: Call skb_unclone
  conditionally" (bnc#1012628).
- net/tls: fix build without CONFIG_TLS_DEVICE (bnc#1012628).
- net: bridge: fix netlink export of vlan_stats_per_port option
  (bnc#1012628).
- net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
  (bnc#1012628).
- net/mlx5e: Protect against non-uplink representor for encap
  (bnc#1012628).
- net/mlx5e: Switch to Toeplitz RSS hash by default (bnc#1012628).
- net/mlx5e: Rx, Fixup skb checksum for packets with tail padding
  (bnc#1012628).
- net/mlx5e: Rx, Check ip headers sanity (bnc#1012628).
- Revert "net/mlx5e: Enable reporting checksum unnecessary also
  for L3 packets" (bnc#1012628).
- net/mlx5: FPGA, tls, hold rcu read lock a bit longer
  (bnc#1012628).
- net/tls: prevent bad memory access in
  tls_is_sk_tx_device_offloaded() (bnc#1012628).
- net/mlx5: FPGA, tls, idr remove on flow delete (bnc#1012628).
- route: Avoid crash from dereferencing NULL rt->from
  (bnc#1012628).
- nfp: flower: replace CFI with vlan present (bnc#1012628).
- nfp: flower: remove vlan CFI bit from push vlan action
  (bnc#1012628).
- sch_cake: Use tc_skb_protocol() helper for getting packet
  protocol (bnc#1012628).
- sch_cake: Make sure we can write the IP header before changing
  DSCP bits (bnc#1012628).
- NFC: nci: Add some bounds checking in nci_hci_cmd_received()
  (bnc#1012628).
- nfc: nci: Potential off by one in ->pipes[] array (bnc#1012628).
- sch_cake: Simplify logic in cake_select_tin() (bnc#1012628).
- CIFS: keep FileInfo handle live during oplock break
  (bnc#1012628).
- cifs: Fix lease buffer length error (bnc#1012628).
- cifs: Fix use-after-free in SMB2_write (bnc#1012628).
- cifs: Fix use-after-free in SMB2_read (bnc#1012628).
- cifs: fix handle leak in smb2_query_symlink() (bnc#1012628).
- fs/dax: Deposit pagetable even when installing zero page
  (bnc#1012628).
- KVM: x86: Don't clear EFER during SMM transitions for 32-bit
  vCPU (bnc#1012628).
- KVM: x86: svm: make sure NMI is injected after nmi_singlestep
  (bnc#1012628).
- Staging: iio: meter: fixed typo (bnc#1012628).
- staging: iio: ad7192: Fix ad7193 channel address (bnc#1012628).
- iio: gyro: mpu3050: fix chip ID reading (bnc#1012628).
- iio/gyro/bmg160: Use millidegrees for temperature scale
  (bnc#1012628).
- iio:chemical:bme680: Fix, report temperature in millidegrees
  (bnc#1012628).
- iio:chemical:bme680: Fix SPI read interface (bnc#1012628).
- iio: cros_ec: Fix the maths for gyro scale calculation
  (bnc#1012628).
- iio: ad_sigma_delta: select channel when reading register
  (bnc#1012628).
- iio: dac: mcp4725: add missing powerdown bits in store eeprom
  (bnc#1012628).
- iio: Fix scan mask selection (bnc#1012628).
- iio: adc: at91: disable adc channel interrupt in timeout case
  (bnc#1012628).
- iio: core: fix a possible circular locking dependency
  (bnc#1012628).
- io: accel: kxcjk1013: restore the range after resume
  (bnc#1012628).
- staging: most: core: use device description as name
  (bnc#1012628).
- staging: comedi: vmk80xx: Fix use of uninitialized semaphore
  (bnc#1012628).
- staging: comedi: vmk80xx: Fix possible double-free of
  - >usb_rx_buf (bnc#1012628).
- staging: comedi: ni_usb6501: Fix use of uninitialized mutex
  (bnc#1012628).
- staging: comedi: ni_usb6501: Fix possible double-free of
  - >usb_rx_buf (bnc#1012628).
- ALSA: hda/realtek - add two more pin configuration sets to
  quirk table (bnc#1012628).
- ALSA: core: Fix card races between register and disconnect
  (bnc#1012628).
- Input: elan_i2c - add hardware ID for multiple Lenovo laptops
  (bnc#1012628).
- serial: sh-sci: Fix HSCIF RX sampling point adjustment
  (bnc#1012628).
- serial: sh-sci: Fix HSCIF RX sampling point calculation
  (bnc#1012628).
- vt: fix cursor when clearing the screen (bnc#1012628).
- scsi: core: set result when the command cannot be dispatched
  (bnc#1012628).
- Revert "scsi: fcoe: clear FC_RP_STARTED flags when receiving
  a LOGO" (bnc#1012628).
- i3c: dw: Fix dw_i3c_master_disable controller by using correct
  mask (bnc#1012628).
- i3c: Fix the verification of random PID (bnc#1012628).
- Revert "svm: Fix AVIC incomplete IPI emulation" (bnc#1012628).
- coredump: fix race condition between
  mmget_not_zero()/get_task_mm() and core dumping (bnc#1012628).
- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context
  (bnc#1012628).
- ipmi: fix sleep-in-atomic in free_user at cleanup SRCU
  user->release_barrier (bnc#1012628).
- crypto: x86/poly1305 - fix overflow during partial reduction
  (bnc#1012628).
- drm/ttm: fix out-of-bounds read in ttm_put_pages() v2
  (bnc#1012628).
- arm64: futex: Restore oldval initialization to work around
  buggy compilers (bnc#1012628).
- x86/kprobes: Verify stack frame on kretprobe (bnc#1012628).
- kprobes: Mark ftrace mcount handler functions nokprobe
  (bnc#1012628).
- x86/kprobes: Avoid kretprobe recursion bug (bnc#1012628).
- kprobes: Fix error check when reusing optimized probes
  (bnc#1012628).
- rt2x00: do not increment sequence number while re-transmitting
  (bnc#1012628).
- mac80211: do not call driver wake_tx_queue op during reconfig
  (bnc#1012628).
- s390/mem_detect: Use IS_ENABLED(CONFIG_BLK_DEV_INITRD)
  (bnc#1012628).
- drm/amdgpu/gmc9: fix VM_L2_CNTL3 programming (bnc#1012628).
- perf/x86/amd: Add event map for AMD Family 17h (bnc#1012628).
- x86/cpu/bugs: Use __initconst for 'const' init data
  (bnc#1012628).
- perf/x86: Fix incorrect PEBS_REGS (bnc#1012628).
- x86/speculation: Prevent deadlock on ssb_state::lock
  (bnc#1012628).
- timers/sched_clock: Prevent generic sched_clock wrap caused
  by tick_freeze() (bnc#1012628).
- nfit/ars: Remove ars_start_flags (bnc#1012628).
- nfit/ars: Introduce scrub_flags (bnc#1012628).
- nfit/ars: Allow root to busy-poll the ARS state machine
  (bnc#1012628).
- nfit/ars: Avoid stale ARS results (bnc#1012628).
- tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
  (bnc#1012628).
- tpm: Fix the type of the return value in calc_tpm2_event_size()
  (bnc#1012628).
- Revert "kbuild: use -Oz instead of -Os when using clang"
  (bnc#1012628).
- sched/fair: Limit sched_cfs_period_timer() loop to avoid hard
  lockup (bnc#1012628).
- tpm: fix an invalid condition in tpm_common_poll (bnc#1012628).
- mt76x02: avoid status_list.lock and sta->rate_ctrl_lock
  dependency (bnc#1012628).
- device_cgroup: fix RCU imbalance in error case (bnc#1012628).
- perf/ring_buffer: Fix AUX record suppression (bnc#1012628).
- mm/memory_hotplug: do not unlock after failing to take the
  device_hotplug_lock (bnc#1012628).
- mm/vmstat.c: fix /proc/vmstat format for CONFIG_DEBUG_TLBFLUSH=y
  CONFIG_SMP=n (bnc#1012628).
- ALSA: info: Fix racy addition/deletion of nodes (bnc#1012628).
- percpu: stop printing kernel addresses (bnc#1012628).
- commit 048e1d2
- kernel/sysctl.c: fix out-of-bounds access when setting file-max
  (kasan).
- commit 09ca824
- Update to v5.1-rc6
- New config options:
  - IIO:
  - SENSIRION_SGP30=n
- commit ab97af0
- Linux 5.0.9 (bnc#1012628).
- paride/pcd: Fix potential NULL pointer dereference and mem leak
  (bnc#1012628).
- paride/pf: Fix potential NULL pointer dereference (bnc#1012628).
- IB/hfi1: Failed to drain send queue when QP is put into error
  state (bnc#1012628).
- bpf: fix use after free in bpf_evict_inode (bnc#1012628).
- include/linux/swap.h: use offsetof() instead of custom
  __swapoffset macro (bnc#1012628).
- f2fs: fix to add refcount once page is tagged PG_private
  (bnc#1012628).
- f2fs: fix to use kvfree instead of kzfree (bnc#1012628).
- f2fs: fix to dirty inode for i_mode recovery (bnc#1012628).
- rxrpc: Fix client call connect/disconnect race (bnc#1012628).
- lib/div64.c: off by one in shift (bnc#1012628).
- cifs: return -ENODATA when deleting an xattr that does not exist
  (bnc#1012628).
- appletalk: Fix use-after-free in atalk_proc_exit (bnc#1012628).
- drm/amdkfd: use init_mqd function to allocate object for hid_mqd
  (CI) (bnc#1012628).
- ARM: 8839/1: kprobe: make patch_lock a raw_spinlock_t
  (bnc#1012628).
- platform/x86: intel_pmc_core: Quirk to ignore XTAL shutdown
  (bnc#1012628).
- drm/nouveau/volt/gf117: fix speedo readout register
  (bnc#1012628).
- f2fs: sync filesystem after roll-forward recovery (bnc#1012628).
- PCI/ASPM: Save LTR Capability for suspend/resume (bnc#1012628).
- PCI: Blacklist power management of Gigabyte X299 DESIGNARE EX
  PCIe ports (bnc#1012628).
- coresight: cpu-debug: Support for CA73 CPUs (bnc#1012628).
- RDMA/hns: Fix the Oops during rmmod or insmod ko when reset
  occurs (bnc#1012628).
- Revert "ACPI / EC: Remove old CLEAR_ON_RESUME quirk"
  (bnc#1012628).
- crypto: axis - fix for recursive locking from bottom half
  (bnc#1012628).
- net: hns3: Fix NULL deref when unloading driver (bnc#1012628).
- drm/panel: panel-innolux: set display off in
  innolux_panel_unprepare (bnc#1012628).
- drm/amdgpu: psp_ring_destroy cause psp->km_ring.ring_mem NULL
  (bnc#1012628).
- lkdtm: Add tests for NULL pointer dereference (bnc#1012628).
- lkdtm: Print real addresses (bnc#1012628).
- ext4: prohibit fstrim in norecovery mode (bnc#1012628).
- x86/gart: Exclude GART aperture from kcore (bnc#1012628).
- cifs: Fix slab-out-of-bounds when tracing SMB tcon
  (bnc#1012628).
- fix incorrect error code mapping for OBJECTID_NOT_FOUND
  (bnc#1012628).
- cifs: fix that return -EINVAL when do dedupe operation
  (bnc#1012628).
- x86/hw_breakpoints: Make default case in
  hw_breakpoint_arch_parse() return an error (bnc#1012628).
- iommu/vt-d: Save the right domain ID used by hardware
  (bnc#1012628).
- iommu/vt-d: Check capability before disabling protected memory
  (bnc#1012628).
- drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure
  (bnc#1012628).
- x86/cpu/cyrix: Use correct macros for Cyrix calls on Geode
  processors (bnc#1012628).
- x86/hyperv: Prevent potential NULL pointer dereference
  (bnc#1012628).
- x86/hpet: Prevent potential NULL pointer dereference
  (bnc#1012628).
- irqchip/mbigen: Don't clear eventid when freeing an MSI
  (bnc#1012628).
- irqchip/stm32: Don't set rising configuration registers at init
  (bnc#1012628).
- irqchip/stm32: Don't clear rising/falling config registers at
  init (bnc#1012628).
- drm/exynos/mixer: fix MIXER shadow registry synchronisation code
  (bnc#1012628).
- blk-iolatency: #include "blk.h" (bnc#1012628).
- PM / Domains: Avoid a potential deadlock (bnc#1012628).
- ACPI / utils: Drop reference in test for device presence
  (bnc#1012628).
- perf tests: Fix a memory leak in
  test__perf_evsel__tp_sched_test() (bnc#1012628).
- perf tests: Fix memory leak by expr__find_other() in
  test__expr() (bnc#1012628).
- perf tests: Fix a memory leak of cpu_map object in the
  openat_syscall_event_on_all_cpus test (bnc#1012628).
- perf evsel: Free evsel->counts in perf_evsel__exit()
  (bnc#1012628).
- perf top: Fix global-buffer-overflow issue (bnc#1012628).
- perf maps: Purge all maps from the 'names' tree (bnc#1012628).
- perf map: Remove map from 'names' tree in __maps__remove()
  (bnc#1012628).
- perf hist: Add missing map__put() in error case (bnc#1012628).
- perf top: Fix error handling in cmd_top() (bnc#1012628).
- perf build-id: Fix memory leak in print_sdt_events()
  (bnc#1012628).
- perf config: Fix a memory leak in collect_config()
  (bnc#1012628).
- perf config: Fix an error in the config template documentation
  (bnc#1012628).
- perf tools: Fix errors under optimization level '-Og'
  (bnc#1012628).
- perf list: Don't forget to drop the reference to the allocated
  thread_map (bnc#1012628).
- perf stat: Fix --no-scale (bnc#1012628).
- scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID
  (bnc#1012628).
- scsi: core: Also call destroy_rcu_head() for passthrough
  requests (bnc#1012628).
- tools/power turbostat: return the exit status of a command
  (bnc#1012628).
- x86/mm: Don't leak kernel addresses (bnc#1012628).
- sched/core: Fix buffer overflow in cgroup2 property cpu.max
  (bnc#1012628).
- sched/cpufreq: Fix 32-bit math overflow (bnc#1012628).
- scsi: iscsi: flush running unbind operations when removing a
  session (bnc#1012628).
- thermal/intel_powerclamp: fix truncated kthread name
  (bnc#1012628).
- thermal/int340x_thermal: fix mode setting (bnc#1012628).
- thermal/int340x_thermal: Add additional UUIDs (bnc#1012628).
- thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs
  (bnc#1012628).
- thermal: samsung: Fix incorrect check after code merge
  (bnc#1012628).
- thermal/intel_powerclamp: fix __percpu declaration of
  worker_data (bnc#1012628).
- paride/pcd: cleanup queues when detection fails (bnc#1012628).
- paride/pf: cleanup queues when detection fails (bnc#1012628).
- ALSA: opl3: fix mismatch between snd_opl3_drum_switch definition
  and declaration (bnc#1012628).
- mmc: davinci: remove extraneous __init annotation (bnc#1012628).
- i40iw: Avoid panic when handling the inetdev event
  (bnc#1012628).
- IB/mlx4: Fix race condition between catas error reset and
  aliasguid flows (bnc#1012628).
- drm/udl: use drm_gem_object_put_unlocked (bnc#1012628).
- auxdisplay: hd44780: Fix memory leak on ->remove()
  (bnc#1012628).
- ALSA: sb8: add a check for request_region (bnc#1012628).
- ALSA: echoaudio: add a check for ioremap_nocache (bnc#1012628).
- ext4: report real fs size after failed resize (bnc#1012628).
- ext4: add missing brelse() in add_new_gdb_meta_bg()
  (bnc#1012628).
- ext4: avoid panic during forced reboot (bnc#1012628).
- mips: bcm47xx: Enable USB power on Netgear WNDR3400v2
  (bnc#1012628).
- perf/core: Restore mmap record type correctly (bnc#1012628).
- inotify: Fix fsnotify_mark refcount leak in
  inotify_update_existing_watch() (bnc#1012628).
- arc: hsdk_defconfig: Enable CONFIG_BLK_DEV_RAM (bnc#1012628).
- ARC: u-boot args: check that magic number is correct
  (bnc#1012628).
- commit 7bd8353
- brcmfmac: assure SSID length from firmware is limited
  (CVE-2019-9500,bsc#1132681).
- brcmfmac: add subtype check for event handling in data path
  (CVE-2019-8564,bsc#1132673).
- commit 4835ec0
- Move the vfio patch from kernel.org to suse.
  kernel.org is only for stable patches.
- commit 6daf8be
- Linux 5.0.8 (bnc#1012628).
- drm/i915/gvt: do not let pin count of shadow mm go negative
  (bnc#1012628).
- kbuild: pkg: use -f $(srctree)/Makefile to recurse to top
  Makefile (bnc#1012628).
- netfilter: nft_compat: use .release_ops and remove list of
  extension (bnc#1012628).
- netfilter: nf_tables: use-after-free in dynamic operations
  (bnc#1012628).
- netfilter: nf_tables: add missing ->release_ops() in error
  path of newrule() (bnc#1012628).
- hv_netvsc: Fix unwanted wakeup after tx_disable (bnc#1012628).
- ibmvnic: Fix completion structure initialization (bnc#1012628).
- ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type (bnc#1012628).
- ipv6: Fix dangling pointer when ipv6 fragment (bnc#1012628).
- ipv6: sit: reset ip header pointer in ipip6_rcv (bnc#1012628).
- net: ethtool: not call vzalloc for zero sized memory request
  (bnc#1012628).
- net-gro: Fix GRO flush when receiving a GSO packet
  (bnc#1012628).
- net/mlx5: Decrease default mr cache size (bnc#1012628).
- netns: provide pure entropy for net_hash_mix() (bnc#1012628).
- net: rds: force to destroy connection if t_sock is NULL in
  rds_tcp_kill_sock() (bnc#1012628).
- net/sched: act_sample: fix divide by zero in the traffic path
  (bnc#1012628).
- net/sched: fix ->get helper of the matchall cls (bnc#1012628).
- openvswitch: fix flow actions reallocation (bnc#1012628).
- qmi_wwan: add Olicard 600 (bnc#1012628).
- r8169: disable ASPM again (bnc#1012628).
- sctp: initialize _pad of sockaddr_in before copying to user
  memory (bnc#1012628).
- tcp: Ensure DCTCP reacts to losses (bnc#1012628).
- tcp: fix a potential NULL pointer dereference in tcp_sk_exit
  (bnc#1012628).
- vrf: check accept_source_route on the original netdevice
  (bnc#1012628).
- net/mlx5e: Fix error handling when refreshing TIRs
  (bnc#1012628).
- net/mlx5e: Add a lock on tir list (bnc#1012628).
- nfp: validate the return code from dev_queue_xmit()
  (bnc#1012628).
- nfp: disable netpoll on representors (bnc#1012628).
- bnxt_en: Improve RX consumer index validity check (bnc#1012628).
- bnxt_en: Reset device on RX buffer errors (bnc#1012628).
- net: ip_gre: fix possible use-after-free in erspan_rcv
  (bnc#1012628).
- net: ip6_gre: fix possible use-after-free in ip6erspan_rcv
  (bnc#1012628).
- net: bridge: always clear mcast matching struct on reports
  and leaves (bnc#1012628).
- net: thunderx: fix NULL pointer dereference in
  nicvf_open/nicvf_stop (bnc#1012628).
- net: vrf: Fix ping failed when vrf mtu is set to 0
  (bnc#1012628).
- net: core: netif_receive_skb_list: unlist skb before passing
  to pt->func (bnc#1012628).
- r8169: disable default rx interrupt coalescing on RTL8168
  (bnc#1012628).
- net: mlx5: Add a missing check on idr_find, free buf
  (bnc#1012628).
- net/mlx5e: Update xoff formula (bnc#1012628).
- net/mlx5e: Update xon formula (bnc#1012628).
- kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD (bnc#1012628).
- lib/string.c: implement a basic bcmp (bnc#1012628).
- Revert "clk: meson: clean-up clock registration" (bnc#1012628).
- tty: mark Siemens R3964 line discipline as BROKEN (bnc#1012628).
- tty: ldisc: add sysctl to prevent autoloading of ldiscs
  (bnc#1012628).
- hwmon: (w83773g) Select REGMAP_I2C to fix build error
  (bnc#1012628).
- hwmon: (occ) Fix power sensor indexing (bnc#1012628).
- SMB3: Allow persistent handle timeout to be configurable on
  mount (bnc#1012628).
- HID: logitech: Handle 0 scroll events for the m560
  (bnc#1012628).
- ACPICA: Clear status of GPEs before enabling them (bnc#1012628).
- ACPICA: Namespace: remove address node from global list after
  method termination (bnc#1012628).
- ALSA: seq: Fix OOB-reads from strlcpy (bnc#1012628).
- ALSA: hda/realtek: Enable headset MIC of Acer TravelMate
  B114-21 with ALC233 (bnc#1012628).
- ALSA: hda/realtek - Add quirk for Tuxedo XC 1509 (bnc#1012628).
- ALSA: xen-front: Do not use stream buffer size before it is set
  (bnc#1012628).
- ALSA: hda - Add two more machines to the power_save_blacklist
  (bnc#1012628).
- mm/huge_memory.c: fix modifying of page protection by
  insert_pfn_pmd() (bnc#1012628).
- arm64: dts: rockchip: fix rk3328 sdmmc0 write errors
  (bnc#1012628).
- mmc: alcor: don't write data before command has completed
  (bnc#1012628).
- mmc: sdhci-omap: Don't finish_mrq() on a command error during
  tuning (bnc#1012628).
- parisc: Detect QEMU earlier in boot process (bnc#1012628).
- parisc: regs_return_value() should return gpr28 (bnc#1012628).
- parisc: also set iaoq_b in instruction_pointer_set()
  (bnc#1012628).
- alarmtimer: Return correct remaining time (bnc#1012628).
- drm/i915/gvt: do not deliver a workload if its creation fails
  (bnc#1012628).
- drm/sun4i: DW HDMI: Lower max. supported rate for H6
  (bnc#1012628).
- drm/udl: add a release method and delay modeset teardown
  (bnc#1012628).
- kvm: svm: fix potential get_num_contig_pages overflow
  (bnc#1012628).
- include/linux/bitrev.h: fix constant bitrev (bnc#1012628).
- mm: writeback: use exact memcg dirty counts (bnc#1012628).
- ASoC: intel: Fix crash at suspend/resume after failed codec
  registration (bnc#1012628).
- ASoC: fsl_esai: fix channel swap issue when stream starts
  (bnc#1012628).
- Btrfs: do not allow trimming when a fs is mounted with the
  nologreplay option (bnc#1012628).
- btrfs: prop: fix zstd compression parameter validation
  (bnc#1012628).
- btrfs: prop: fix vanished compression property after failed set
  (bnc#1012628).
- riscv: Fix syscall_get_arguments() and syscall_set_arguments()
  (bnc#1012628).
- block: Revert v5.0 blk_mq_request_issue_directly() changes
  (bnc#1012628).
- block: do not leak memory in bio_copy_user_iov() (bnc#1012628).
- block: fix the return errno for direct IO (bnc#1012628).
- genirq: Respect IRQCHIP_SKIP_SET_WAKE in
  irq_chip_set_wake_parent() (bnc#1012628).
- genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n
  (bnc#1012628).
- virtio: Honour 'may_reduce_num' in vring_create_virtqueue
  (bnc#1012628).
- ARM: OMAP1: ams-delta: Fix broken GPIO ID allocation
  (bnc#1012628).
- ARM: dts: rockchip: fix rk3288 cpu opp node reference
  (bnc#1012628).
- ARM: dts: am335x-evmsk: Correct the regulators for the audio
  codec (bnc#1012628).
- ARM: dts: am335x-evm: Correct the regulators for the audio codec
  (bnc#1012628).
- ARM: dts: rockchip: Fix SD card detection on rk3288-tinker
  (bnc#1012628).
- ARM: dts: at91: Fix typo in ISC_D0 on PC9 (bnc#1012628).
- arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result
  value (bnc#1012628).
- arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity on
  rk3328-rock64 (bnc#1012628).
- arm64: dts: rockchip: fix rk3328 rgmii high tx error rate
  (bnc#1012628).
- arm64: backtrace: Don't bother trying to unwind the userspace
  stack (bnc#1012628).
- arm64/ftrace: fix inadvertent BUG() in trampoline check
  (bnc#1012628).
- IB/mlx5: Reset access mask when looping inside page fault
  handler (bnc#1012628).
- xen: Prevent buffer overflow in privcmd ioctl (bnc#1012628).
- sched/fair: Do not re-read ->h_load_next during hierarchical
  load calculation (bnc#1012628).
- xtensa: fix return_address (bnc#1012628).
- csky: Fix syscall_get_arguments() and syscall_set_arguments()
  (bnc#1012628).
- x86/asm: Remove dead __GNUC__ conditionals (bnc#1012628).
- x86/asm: Use stricter assembly constraints in bitops
  (bnc#1012628).
- x86/perf/amd: Resolve race condition when disabling PMC
  (bnc#1012628).
- x86/perf/amd: Resolve NMI latency issues for active PMCs
  (bnc#1012628).
- x86/perf/amd: Remove need to check "running" bit in NMI handler
  (bnc#1012628).
- PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA
  controller (bnc#1012628).
- PCI: pciehp: Ignore Link State Changes after powering off a slot
  (bnc#1012628).
- xprtrdma: Fix helper that drains the transport (bnc#1012628).
- powerpc/64s/radix: Fix radix segment exception handling
  (bnc#1012628).
- dm integrity: change memcmp to strncmp in dm_integrity_ctr
  (bnc#1012628).
- dm: revert 8f50e358153d ("dm: limit the max bio size as
  BIO_MAX_PAGES * PAGE_SIZE") (bnc#1012628).
- dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic
  checksum errors (bnc#1012628).
- dm: disable DISCARD if the underlying storage no longer supports
  it (bnc#1012628).
- dm integrity: fix deadlock with overlapping I/O (bnc#1012628).
- drm/virtio: do NOT reuse resource ids (bnc#1012628).
- Update config files: keep LDISC_AUTOLOAD and let R3964 go
  * LDISC_AUTOLOAD is new and =y preserves the original behaviour.
  * R3964 was marked as BROKEN.
- commit 33c0e93
- series.conf: cleanup
  patches.suse/ext2-fsync-err was deleted in 2011 but its (commented out)
  line in series.conf was left behind.
- commit d2aebe3
- Delete
  patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete
  patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Delete
  patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch.
- Delete
  patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch.
- Delete
  patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
  Drop SUSE-specific IBRS-on-SKL implementation. Please refer to
  page 16 of Intel's paper [1]: "Intel considers the risk of an attack
  based on exploiting deep call stacks low."
  [1] https://software.intel.com/security-software-guidance/api-app/sites/default/files/Retpoline-A-Branch-Target-Injection-Mitigation.pdf
- Delete
  patches.suse/0001-x86-speculation-Add-basic-IBRS-support-infrastructur.patch.
- Delete
  patches.suse/0002-x86-speculation-Add-inlines-to-control-Indirect-Bran.patch.
- Delete
  patches.suse/0003-x86-idle-Control-Indirect-Branch-Speculation-in-idle.patch.
- Delete
  patches.suse/0004-x86-enter-Create-macros-to-restrict-unrestrict-Indir.patch.
- Delete
  patches.suse/0005-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch.
  Drop SUSE-specific IBRS-on-SKL implementation. Please refer to
  page 16 of [1]
  [1] https://software.intel.com/security-software-guidance/api-app/sites/default/files/Retpoline-A-Branch-Target-Injection-Mitigation.pdf
- commit 2cfda4d
- Refresh
  patches.suse/drm-i915-dp-revert-back-to-max-link-rate-and-lane-count-on-eDP.patch.
- commit 8a6bcaf
- Update to 5.1-rc5
- commit 2fd333d
- vfio/type1: Limit DMA mappings per container (CVE-2019-3882 bsc#1131427).
- commit 012b5f1
- KVM: x86: nVMX: fix x2APIC VTPR read intercept (CVE-2019-3887
  bsc#1131800).
- KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
  (CVE-2019-3887 bsc#1131800).
- commit d597027
- Do not provide kernel-default from kernel-default-base (boo#1132154, bsc#1106751).
- commit 0e54e61
- rpm/kernel-subpackage-spec: only provide firmware actually present in
  subpackage.
- commit 839debd
- kcm: switch order of device registration to fix a crash
  (bnc#1130527).
- commit 508a450
- kernel-subpackage-spec: Add dummy package to ensure subpackages are
  rebuilt with kernel update (bsc#1106751).
  In factory packages are not rebuilt automatically so a dependency is
  needed on the old kernel to get a rebuild with the new kernel. THe
  subpackage itself cannot depend on the kernel so add another empty
  pacakge that does depend on it.
- commit 6d14837
- drm/i915/dp: revert back to max link rate and lane count on eDP
  (bsc#1132033).
- commit d7dabeb
- Disable CONFIG_SERIO_OLPC_APSP on all but armv7
  This driver is only used by ARMv7-based OLPC laptops.
- commit 7b1b640
- Disable CONFIG_SENSORS_OCC_*
  These drivers are running on the BMC of PowerPC servers. The BMC runs
  OpenBMC and is not a target for SUSE distributions.
- commit a82eb87
- config: disable DEVKMEM (bsc#1128045)
- commit 8b88553
- Update to 5.1-rc4
- Refresh configs
- commit e334e4f
- Linux 5.0.7 (bnc#1012628).
- ext4: cleanup bh release code in ext4_ind_remove_space()
  (bnc#1012628).
- CIFS: fix POSIX lock leak and invalid ptr deref (bnc#1012628).
- nvme-fc: fix numa_node when dev is null (bnc#1012628).
- nvme-loop: init nvmet_ctrl fatal_err_work when allocate
  (bnc#1012628).
- h8300: use cc-cross-prefix instead of hardcoding
  h8300-unknown-linux- (bnc#1012628).
- f2fs: fix to adapt small inline xattr space in
  __find_inline_xattr() (bnc#1012628).
- f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
  (bnc#1012628).
- apparmor: fix double free when unpack of secmark rules fails
  (bnc#1012628).
- tracing: kdb: Fix ftdump to not sleep (bnc#1012628).
- net/mlx5e: Fix access to non-existing receive queue
  (bnc#1012628).
- net/mlx5: Avoid panic when setting vport rate (bnc#1012628).
- net/mlx5: Avoid panic when setting vport mac, getting vport
  config (bnc#1012628).
- xsk: fix to reject invalid flags in xsk_bind (bnc#1012628).
- clk: ti: clkctrl: Fix clkdm_name regression for
  TI_CLK_CLKCTRL_COMPAT (bnc#1012628).
- gpio: gpio-omap: fix level interrupt idling (bnc#1012628).
- include/linux/relay.h: fix percpu annotation in struct rchan
  (bnc#1012628).
- sysctl: handle overflow for file-max (bnc#1012628).
- net: stmmac: Avoid sometimes uninitialized Clang warnings
  (bnc#1012628).
- enic: fix build warning without CONFIG_CPUMASK_OFFSTACK
  (bnc#1012628).
- libbpf: force fixdep compilation at the start of the build
  (bnc#1012628).
- scsi: hisi_sas: Set PHY linkrate when disconnected
  (bnc#1012628).
- scsi: hisi_sas: Fix a timeout race of driver internal and SMP IO
  (bnc#1012628).
- iio: adc: fix warning in Qualcomm PM8xxx HK/XOADC driver
  (bnc#1012628).
- x86/hyperv: Fix kernel panic when kexec on HyperV (bnc#1012628).
- perf c2c: Fix c2c report for empty numa node (bnc#1012628).
- mm/sparse: fix a bad comparison (bnc#1012628).
- mm/cma.c: cma_declare_contiguous: correct err handling
  (bnc#1012628).
- mm/page_ext.c: fix an imbalance with kmemleak (bnc#1012628).
- mm, swap: bounds check swap_info array accesses to avoid NULL
  derefs (bnc#1012628).
- docs/core-api/mm: fix user memory accessors formatting
  (bnc#1012628).
- mm,oom: don't kill global init via memory.oom.group
  (bnc#1012628).
- memcg: killed threads should not invoke memcg OOM killer
  (bnc#1012628).
- mm, mempolicy: fix uninit memory access (bnc#1012628).
- mm/vmalloc.c: fix kernel BUG at mm/vmalloc.c:512! (bnc#1012628).
- mm/slab.c: kmemleak no scan alien caches (bnc#1012628).
- ocfs2: fix a panic problem caused by o2cb_ctl (bnc#1012628).
- f2fs: do not use mutex lock in atomic context (bnc#1012628).
- f2fs: fix to data block override node segment by mistake
  (bnc#1012628).
- fs/file.c: initialize init_files.resize_wait (bnc#1012628).
- page_poison: play nicely with KASAN (bnc#1012628).
- kasan: fix kasan_check_read/write definitions (bnc#1012628).
- cifs: use correct format characters (bnc#1012628).
- dm thin: add sanity checks to thin-pool and external snapshot
  creation (bnc#1012628).
- f2fs: fix to check inline_xattr_size boundary correctly
  (bnc#1012628).
- cifs: Accept validate negotiate if server return
  NT_STATUS_NOT_SUPPORTED (bnc#1012628).
- perf beauty msg_flags: Add missing %s lost when adding prefix
  suppression logic (bnc#1012628).
- netfilter: nf_tables: check the result of dereferencing
  base_chain->stats (bnc#1012628).
- PCI: mediatek: Fix memory mapped IO range size computation
  (bnc#1012628).
- netfilter: conntrack: tcp: only close if RST matches exact
  sequence (bnc#1012628).
- iommu/vt-d: Disable ATS support on untrusted devices
  (bnc#1012628).
- jbd2: fix invalid descriptor block checksum (bnc#1012628).
- ext4: fix bigalloc cluster freeing when hole punching under load
  (bnc#1012628).
- fs: fix guard_bio_eod to check for real EOD errors
  (bnc#1012628).
- tools lib traceevent: Fix buffer overflow in arg_eval
  (bnc#1012628).
- mm/resource: Return real error codes from walk failures
  (bnc#1012628).
- PCI/PME: Fix hotplug/sysfs remove deadlock in pcie_pme_remove()
  (bnc#1012628).
- wil6210: check null pointer in _wil_cfg80211_merge_extra_ies
  (bnc#1012628).
- mt76: fix a leaked reference by adding a missing of_node_put
  (bnc#1012628).
- ath10k: Fix the wrong updation of BW in tx_stats debugfs entry
  (bnc#1012628).
- lockdep/lib/tests: Fix run_tests.sh (bnc#1012628).
- crypto: crypto4xx - add missing of_node_put after
  of_device_is_available (bnc#1012628).
- crypto: cavium/zip - fix collision with generic cra_driver_name
  (bnc#1012628).
- tools/bpf: selftests: add map lookup to test_map_in_map bpf prog
  (bnc#1012628).
- usb: chipidea: Grab the (legacy) USB PHY by phandle first
  (bnc#1012628).
- powerpc/powernv/ioda: Fix locked_vm counting for memory used
  by IOMMU tables (bnc#1012628).
- scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c
  (bnc#1012628).
- kbuild: invoke syncconfig if include/config/auto.conf.cmd is
  missing (bnc#1012628).
- kbuild: make -r/-R effective in top Makefile for old Make
  versions (bnc#1012628).
- btrfs: save drop_progress if we drop refs at all (bnc#1012628).
- drm/amd/display: Fix reference counting for struct dc_sink
  (bnc#1012628).
- ath10k: don't report unset rssi values to mac80211
  (bnc#1012628).
- powerpc/xmon: Fix opcode being uninitialized in
  print_insn_powerpc (bnc#1012628).
- coresight: etm4x: Add support to enable ETMv4.2 (bnc#1012628).
- serial: 8250_pxa: honor the port number from devicetree
  (bnc#1012628).
- ARM: 8840/1: use a raw_spinlock_t in unwind (bnc#1012628).
- ARM: 8845/1: use unified assembler in c files (bnc#1012628).
- iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables
  (bnc#1012628).
- powerpc/hugetlb: Handle mmap_min_addr correctly in
  get_unmapped_area callback (bnc#1012628).
- net: dsa: mv88e6xxx: Default CMODE to 1000BaseX only on 6390X
  (bnc#1012628).
- ice: fix ice_remove_rule_internal vsi_list handling
  (bnc#1012628).
- perf script: Handle missing fields with -F +. (bnc#1012628).
- btrfs: qgroup: Make qgroup async transaction commit more
  aggressive (bnc#1012628).
- btrfs: don't enospc all tickets on flush failure (bnc#1012628).
- mmc: omap: fix the maximum timeout setting (bnc#1012628).
- net: dsa: mv88e6xxx: Add lockdep classes to fix false positive
  splat (bnc#1012628).
- net: hns3: fix setting of the hns reset_type for rdma hw errors
  (bnc#1012628).
- veth: Fix -Wformat-truncation (bnc#1012628).
- e1000e: Fix -Wformat-truncation warnings (bnc#1012628).
- mlxsw: spectrum: Avoid -Wformat-truncation warnings
  (bnc#1012628).
- i2c: Allow recovery of the initial IRQ by an I2C client device
  (bnc#1012628).
- platform/x86: ideapad-laptop: Fix no_hw_rfkill_list for Lenovo
  RESCUER R720-15IKBN (bnc#1012628).
- platform/mellanox: mlxreg-hotplug: Fix KASAN warning
  (bnc#1012628).
- loop: set GENHD_FL_NO_PART_SCAN after blkdev_reread_part()
  (bnc#1012628).
- i2c: designware: Do not allow i2c_dw_xfer() calls while
  suspended (bnc#1012628).
- IB/mlx4: Increase the timeout for CM cache (bnc#1012628).
- clk: fractional-divider: check parent rate only if flag is set
  (bnc#1012628).
- perf annotate: Fix getting source line failure (bnc#1012628).
- powerpc/44x: Force PCI on for CURRITUCK (bnc#1012628).
- ASoC: qcom: Fix of-node refcount unbalance in
  qcom_snd_parse_of() (bnc#1012628).
- cpufreq: acpi-cpufreq: Report if CPU doesn't support boost
  technologies (bnc#1012628).
- efi: cper: Fix possible out-of-bounds access (bnc#1012628).
- s390/ism: ignore some errors during deregistration
  (bnc#1012628).
- scsi: megaraid_sas: return error when create DMA pool failed
  (bnc#1012628).
- scsi: fcoe: make use of fip_mode enum complete (bnc#1012628).
- drm/amd/display: Clear stream->mode_changed after commit
  (bnc#1012628).
- perf test: Fix failure of 'evsel-tp-sched' test on s390
  (bnc#1012628).
- mwifiex: don't advertise IBSS features without FW support
  (bnc#1012628).
- perf report: Don't shadow inlined symbol with different addr
  range (bnc#1012628).
- SoC: imx-sgtl5000: add missing put_device() (bnc#1012628).
- media: ov7740: fix runtime pm initialization (bnc#1012628).
- media: sh_veu: Correct return type for mem2mem buffer helpers
  (bnc#1012628).
- media: s5p-jpeg: Correct return type for mem2mem buffer helpers
  (bnc#1012628).
- media: rockchip/rga: Correct return type for mem2mem buffer
  helpers (bnc#1012628).
- media: s5p-g2d: Correct return type for mem2mem buffer helpers
  (bnc#1012628).
- media: mx2_emmaprp: Correct return type for mem2mem buffer
  helpers (bnc#1012628).
- media: mtk-jpeg: Correct return type for mem2mem buffer helpers
  (bnc#1012628).
- media: rockchip/vpu: Correct return type for mem2mem buffer
  helpers (bnc#1012628).
- mt76: usb: do not run mt76u_queues_deinit twice (bnc#1012628).
- gpio: of: Apply regulator-gpio quirk only to enable-gpios
  (bnc#1012628).
- xen/gntdev: Do not destroy context while dma-bufs are in use
  (bnc#1012628).
- vfs: fix preadv64v2 and pwritev64v2 compat syscalls with offset
  == -1 (bnc#1012628).
- HID: intel-ish-hid: avoid binding wrong ishtp_cl_device
  (bnc#1012628).
- cgroup, rstat: Don't flush subtree root unless necessary
  (bnc#1012628).
- efi: Fix build error due to enum collision between efi.h and
  ima.h (bnc#1012628).
- drm/sched: Fix entities with 0 rqs (bnc#1012628).
- regulator: core: Take lock before applying system load
  (bnc#1012628).
- jbd2: fix race when writing superblock (bnc#1012628).
- leds: lp55xx: fix null deref on firmware load failure
  (bnc#1012628).
- tools build: Add -lrt to FEATURE_CHECK_LDFLAGS-libaio
  (bnc#1012628).
- tools build: Add test-reallocarray.c to test-all.c to fix the
  build (bnc#1012628).
- perf beauty waitid options: Fix up prefix showing logic
  (bnc#1012628).
- perf trace: Check if the 'fd' is negative when mapping it to
  pathname (bnc#1012628).
- perf report: Add s390 diagnosic sampling descriptor size
  (bnc#1012628).
- perf coresight: Do not test for libopencsd by default
  (bnc#1012628).
- iwlwifi: pcie: fix emergency path (bnc#1012628).
- ACPI / video: Refactor and fix dmi_is_desktop() (bnc#1012628).
- =?UTF-8?q?selftests:=20ir:=20fix=20warning:=20"%s"=20dire?=
  =?UTF-8?q?ctive=20output=20may=20be=20truncated=20=E2=80=99=20directive?=
  =?UTF-8?q?=20output=20may=20be=20truncated?= (bnc#1012628).
- selftests: skip seccomp get_metadata test if not real root
  (bnc#1012628).
- kprobes: Prohibit probing on bsearch() (bnc#1012628).
- kprobes: Prohibit probing on RCU debug routine (bnc#1012628).
- netfilter: conntrack: fix cloned unconfirmed skb->_nfct race
  in __nf_conntrack_confirm (bnc#1012628).
- ARM: 8833/1: Ensure that NEON code always compiles with Clang
  (bnc#1012628).
- ARM: dts: meson8b: fix the Ethernet data line signals in
  eth_rgmii_pins (bnc#1012628).
- ALSA: PCM: check if ops are defined before suspending PCM
  (bnc#1012628).
- ath10k: fix shadow register implementation for WCN3990
  (bnc#1012628).
- usb: f_fs: Avoid crash due to out-of-scope stack ptr access
  (bnc#1012628).
- sched/topology: Fix percpu data types in struct sd_data &
  struct s_data (bnc#1012628).
- bcache: fix input overflow to cache set sysfs file
  io_error_halflife (bnc#1012628).
- bcache: fix input overflow to sequential_cutoff (bnc#1012628).
- bcache: fix potential div-zero error of
  writeback_rate_i_term_inverse (bnc#1012628).
- bcache: improve sysfs_strtoul_clamp() (bnc#1012628).
- genirq: Avoid summation loops for /proc/stat (bnc#1012628).
- net: marvell: mvpp2: fix stuck in-band SGMII negotiation
  (bnc#1012628).
- iw_cxgb4: fix srqidx leak during connection abort (bnc#1012628).
- net: phy: consider latched link-down status in polling mode
  (bnc#1012628).
- fbdev: fbmem: fix memory access if logo is bigger than the
  screen (bnc#1012628).
- cdrom: Fix race condition in cdrom_sysctl_register
  (bnc#1012628).
- drm: rcar-du: add missing of_node_put (bnc#1012628).
- drm/amd/display: Don't re-program planes for DPMS changes
  (bnc#1012628).
- bpf: test_maps: fix possible out of bound access warning
  (bnc#1012628).
- x86/kexec: Fill in acpi_rsdp_addr from the first kernel
  (bnc#1012628).
- powerpc/ptrace: Mitigate potential Spectre v1 (bnc#1012628).
- drm/amd/display: Disconnect mpcc when changing tg (bnc#1012628).
- perf/aux: Make perf_event accessible to setup_aux()
  (bnc#1012628).
- e1000e: fix cyclic resets at link up with active tx
  (bnc#1012628).
- e1000e: Exclude device from suspend direct complete optimization
  (bnc#1012628).
- platform/x86: intel_pmc_core: Fix PCH IP sts reading
  (bnc#1012628).
- i2c: of: Try to find an I2C adapter matching the parent
  (bnc#1012628).
- staging: spi: mt7621: Add return code check on device_reset()
  (bnc#1012628).
- iwlwifi: mvm: fix RFH config command with >=10 CPUs
  (bnc#1012628).
- ASoC: fsl-asoc-card: fix object reference leaks in
  fsl_asoc_card_probe (bnc#1012628).
- sched/debug: Initialize sd_sysctl_cpus if
  !CONFIG_CPUMASK_OFFSTACK (bnc#1012628).
- efi/memattr: Don't bail on zero VA if it equals the region's PA
  (bnc#1012628).
- sched/core: Use READ_ONCE()/WRITE_ONCE() in
  move_queued_task()/task_rq_lock() (bnc#1012628).
- drm/vkms: Bugfix racing hrtimer vblank handle (bnc#1012628).
- drm/vkms: Bugfix extra vblank frame (bnc#1012628).
- ARM: dts: lpc32xx: Remove leading 0x and 0s from bindings
  notation (bnc#1012628).
- efi/arm/arm64: Allow SetVirtualAddressMap() to be omitted
  (bnc#1012628).
- soc: qcom: gsbi: Fix error handling in gsbi_probe()
  (bnc#1012628).
- drm/msm/dpu: Convert to a chained irq chip (bnc#1012628).
- mt7601u: bump supported EEPROM version (bnc#1012628).
- ARM: 8830/1: NOMMU: Toggle only bits in EXC_RETURN we are
  really care of (bnc#1012628).
- ARM: avoid Cortex-A9 livelock on tight dmb loops (bnc#1012628).
- block, bfq: fix in-service-queue check for queue merging
  (bnc#1012628).
- block, bfq: fix queue removal from weights tree (bnc#1012628).
- bpf: fix missing prototype warnings (bnc#1012628).
- selftests/bpf: skip verifier tests for unsupported program types
  (bnc#1012628).
- powerpc/64s: Clear on-stack exception marker upon exception
  return (bnc#1012628).
- cgroup/pids: turn cgroup_subsys->free() into
  cgroup_subsys->release() to fix the accounting (bnc#1012628).
- backlight: pwm_bl: Use gpiod_get_value_cansleep() to get
  initial state (bnc#1012628).
- tty: increase the default flip buffer limit to 2*640K
  (bnc#1012628).
- powerpc/pseries: Perform full re-add of CPU for topology update
  post-migration (bnc#1012628).
- drm/amd/display: Enable vblank interrupt during CRC capture
  (bnc#1012628).
- ALSA: dice: add support for Solid State Logic Duende
  Classic/Mini (bnc#1012628).
- regulator: mcp16502: Include linux/gpio/consumer.h to fix
  build error (bnc#1012628).
- usb: dwc3: gadget: Fix OTG events when gadget driver isn't
  loaded (bnc#1012628).
- platform/x86: intel-hid: Missing power button release on some
  Dell models (bnc#1012628).
- perf trace: Fixup etcsnoop example (bnc#1012628).
- perf script python: Use PyBytes for attr in trace-event-python
  (bnc#1012628).
- perf script python: Add trace_context extension module to
  sys.modules (bnc#1012628).
- media: mt9m111: set initial frame size other than 0x0
  (bnc#1012628).
- hwrng: virtio - Avoid repeated init of completion (bnc#1012628).
- soc/tegra: fuse: Fix illegal free of IO base address
  (bnc#1012628).
- selftests/bpf: suppress readelf stderr when probing for BTF
  support (bnc#1012628).
- HID: intel-ish: ipc: handle PIMR before ish_wakeup also clear
  PISR busy_clear bit (bnc#1012628).
- f2fs: UBSAN: set boolean value iostat_enable correctly
  (bnc#1012628).
- f2fs: fix to initialize variable to avoid UBSAN/smatch warning
  (bnc#1012628).
- hpet: Fix missing '=' character in the __setup() code of
  hpet_mmap_enable (bnc#1012628).
- pinctrl: meson: fix G12A ao pull registers base address
  (bnc#1012628).
- pinctrl: sh-pfc: r8a77990: Fix MOD_SEL bit numbering
  (bnc#1012628).
- pinctrl: sh-pfc: r8a77995: Fix MOD_SEL bit numbering
  (bnc#1012628).
- cpu/hotplug: Mute hotplug lockdep during init (bnc#1012628).
- dmaengine: imx-dma: fix warning comparison of distinct pointer
  types (bnc#1012628).
- dmaengine: qcom_hidma: assign channel cookie correctly
  (bnc#1012628).
- dmaengine: qcom_hidma: initialize tx flags in hidma_prep_dma_*
  (bnc#1012628).
- netfilter: physdev: relax br_netfilter dependency (bnc#1012628).
- media: rcar-vin: Allow independent VIN link enablement
  (bnc#1012628).
- media: s5p-jpeg: Check for fmt_ver_flag when doing fmt
  enumeration (bnc#1012628).
- PCI: pciehp: Assign ctrl->slot_ctrl before writing it to
  hardware (bnc#1012628).
- audit: hand taken context to audit_kill_trees for syscall
  logging (bnc#1012628).
- regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting
  (bnc#1012628).
- pinctrl: meson: meson8b: add the eth_rxd2 and eth_rxd3 pins
  (bnc#1012628).
- drm: Auto-set allow_fb_modifiers when given modifiers at plane
  init (bnc#1012628).
- drm/nouveau: Stop using drm_crtc_force_disable (bnc#1012628).
- x86/build: Specify elf_i386 linker emulation explicitly for
  i386 objects (bnc#1012628).
- selinux: do not override context on context mounts
  (bnc#1012628).
- brcmfmac: Use firmware_request_nowarn for the clm_blob
  (bnc#1012628).
- wlcore: Fix memory leak in case wl12xx_fetch_firmware failure
  (bnc#1012628).
- x86/build: Mark per-CPU symbols as absolute explicitly for LLD
  (bnc#1012628).
- drm/fb-helper: fix leaks in error path of
  drm_fb_helper_fbdev_setup (bnc#1012628).
- clk: meson: clean-up clock registration (bnc#1012628).
- ARM: shmobile: Fix R-Car Gen2 regulator quirk (bnc#1012628).
- clk: rockchip: fix frac settings of GPLL clock for rk3328
  (bnc#1012628).
- dmaengine: tegra: avoid overflow of byte tracking (bnc#1012628).
- staging: iio: adt7316: fix dac_bits assignment (bnc#1012628).
- Input: soc_button_array - fix mapping of the 5th GPIO in a
  PNP0C40 device (bnc#1012628).
- ASoC: simple-card-utils: check "reg" property on
  asoc_simple_card_get_dai_id() (bnc#1012628).
- drm: Reorder set_property_atomic to avoid returning with an
  active ww_ctx (bnc#1012628).
- drm/dp/mst: Configure no_stop_bit correctly for remote i2c xfers
  (bnc#1012628).
- net: stmmac: Avoid one more sometimes uninitialized Clang
  warning (bnc#1012628).
- appletalk: Fix compile regression (bnc#1012628).
- gpio: of: Restrict enable-gpio quirk to regulator-gpio
  (bnc#1012628).
- ACPI / video: Extend chassis-type detection with a "Lunch Box"
  check (bnc#1012628).
- bcache: fix potential div-zero error of
  writeback_rate_p_term_inverse (bnc#1012628).
- kbuild: add workaround for Debian make-kpkg (bnc#1012628).
- kbuild: skip sub-make for in-tree build with GNU Make 4.x
  (bnc#1012628).
- commit 8f18342

==== kmod ====
Version update (25 -> 26)
Subpackages: kmod-compat libkmod2

- Enable PKCS#7 signature parsing again - requires openssl
- Update to new upstream release 26
  * depmod now handles parallel invocations better by protecting
    the temporary files being used.
  * modprobe has a new --show-exports option. Under the hood,
    this reads the .symtab and .strtab sections rather than
    __versions so it shows useful data even if kernel is
    configured without modversions (CONFIG_MODVERSIONS).
  * modinfo supports PKCS#7 parsing by using openssl.
- Replaced the asn1c-based parser by an openssl-based PKCS
  parser.
- Remove libkmod-signature-Fix-crash-when-module-signature-is.patch,
  libkmod-signature-pkcs-7-fix-crash-when-signer-info-.patch,
  libkmod-signature-implement-pkcs7-parsing-with-asn1c.patch
  (not accepted upstream)
- Remove enum.patch,
  depmod-Prevent-module-dependency-files-corruption-du.patch,
  depmod-Prevent-module-dependency-files-missing-durin.patch,
  depmod-shut-up-gcc-insufficinet-buffer-warning.patch
  (accepted upstream)

==== krb5 ====

- Move LDAP schema files from /usr/share/doc/packages/krb5 to
  /usr/share/kerberos/ldap; (bsc#1134217);

==== kubernetes ====
Version update (1.14.0 -> 1.14.1)
Subpackages: kubernetes-client kubernetes-common kubernetes-kubeadm kubernetes-kubelet

- Update to version 1.14.1:
  * Avoid panic in cronjob sorting
  * fix-kubeadm-upgrade-12-13-14
  * kubeadm: fix "upgrade plan" not working without k8s version
  * Full Changelog: https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.14.md#v1141
- Fix go 1.12.1 BuildRequires
- Reformat spec file with spec-cleaner
- Remove references to 'is_susecaasp' macro in spec file
- Remove unused config files related to previous version of CaaSP

==== kured ====
Version update (1.1.0 -> 1.2.0)

- Update to version 1.2.0
  - support newer kubernetes versions
- Adjust kured-telemetrics.patch
- Update vendor.tar.gz with recent versions
- Enable building on s390x

==== ldb ====
Version update (1.4.3 -> 1.5.4)

- Update to 1.5.4
  + Fix standalone build of ldb.
  + C99 build fixes.
  + CVE-2019-3824 out of bounds read in wildcard compare (bug#13773)
- Update to 1.5.3
  + Avoid inefficient one-level searches (bug#13762)
  + The test api.py should not rely on order of entries in dict (bug#13772)
- Update to 1.5.2
  + dirsync: Allow arbitrary length cookies (bug #13686)
  + The build uses python3 by default: --extra-python would take
    python2 now
  + To build with python2 only use:
    PYTHON=python2 ./configure
    PYTHON=python2 make
    PYTHON=python2 make install

==== libaio ====

- Disable LTO (boo#1133233).

==== libapparmor ====

- Disable LTO (boo#1133091).

==== libcroco ====
Version update (0.6.12 -> 0.6.13)

- Add libcroco-CVE-2017-8834.patch: fix infinite loop on invalid
  UTF-8 (boo#1043898 boo#1043899 bgo#782647 CVE-2017-8834
  CVE-2017-8871).
- Update to version 0.6.13:
  + Visual Studio builds: Enhance security of x64 binaries.
  + win32/replace.py: Fix replacing items in files with UTF-8
    content.
  + tknzr: support only max long rgb values.
  + input: check end of input before reading a byte.
- Drop upstream fixed patches:
  + libcroco-fix-CVE-2017-7960.patch.
  + libcroco-fix-CVE-2017-7961.patch.
- Stop exporting -fno-strict-aliasing" to configure, no longer
  needed.
- Update URL to new gitlab home.

==== libedit ====

- Update to version 20190324-3.1:
  * Sync with upstream sources

==== libostree ====

- Disable LTO (boo#1133120).

==== libpng16 ====
Version update (1.6.36 -> 1.6.37)

- make check actually works under asan
- version update to 1.6.37
  Fixed a use-after-free vulnerability (CVE-2019-7317) in png_image_free.
  Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette.
  Fixed a memory leak in pngtest.c.
  Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in
    contrib/pngminus; refactor.
  Changed the license of contrib/pngminus to MIT; refresh makefile and docs.
    (Contributed by Willem van Schaik)
  Added makefiles for AddressSanitizer-enabled builds.
- deleted patches
  - libpng-arm-free.patch (upstreamed)

==== libpsl ====
Version update (0.20.2 -> 0.21.0)

- update to 0.21.0:
  * Add -b/--batch to 'psl' to suppress printing the domain

==== libselinux ====
Subpackages: libselinux1 selinux-tools

- Set License: to correct value (bsc#1135710)
- Disable LTO (boo#1133244).

==== libselinux-bindings ====

- Set License: to correct value (bsc#1135710)

==== libsoup ====
Version update (2.66.0 -> 2.66.2)

- Update to version 2.66.2:
  + Make gettext optional (might not be available in Windows).
  + MSVC: set encoding to UTF-8 to avoid errors.
  + MinGW tests build fix.
  + Check for TLS support only when external glib dependency is
    available.
- Update to version 2.66.1:
  + Fix dylib versioning in MacOS.
  + Visual Studio build fixes.
  + MinGW build fixes.
  + Meson build system improvements.
  + Fix random CI failures due to parallel apache tests.
  + Code cleanups.

==== libssh ====

- Add support for new AES-GCM encryption types; (bsc#1134193)
  * Add 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch
  * Add 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch
  * Add 0001-tests-Add-aes-gcm-ciphers-tests.patch

==== libtasn1 ====
Subpackages: libtasn1-6

- Add libtasn1-object-id-recursion.patch: limit recursion in
  _asn1_expand_object_id (boo#1105435 CVE-2018-1000654
  (https://gitlab.com/gnutls/libtasn1/merge_requests/8)

==== libx86emu ====
Version update (2.2 -> 2.3)

- merge gh#wfeldt/libx86emu#15
- include: Fix GCC strict-prototypes warning
- include: Fix 'multiple definition of' linker errors
- Small fixes
- 2.3

==== libxslt ====

- Security fix: [bsc#1132160, CVE-2019-11068]
  * Bypass of a protection mechanism because callers of xsltCheckRead
    and xsltCheckWrite permit access even upon receiving a -1 error
    code. xsltCheckRead can return -1 for a crafted URL that is not
    actually invalid and is subsequently loaded.
  * Added libxslt-CVE-2019-11068.patch

==== libyaml ====
Version update (0.2.1 -> 0.2.2)

- update to 0.2.2
- refreshed libyaml-revert-emitter-changes.patch
  * Fix comparison in tests/run-emitter.c
  * Allow colons in plain scalars inside flow collections
  * The closing single quote needs to be indented...
  * Revert removing of open_ended after top level plain scalar

==== logrotate ====
Version update (3.14.0 -> 3.15.0)

- Version update to 3.15.0:
  * timer unit: change trigger fuzz from 12h to 1h
  * service unit: only run if /var/log is mounted
  * preserve fractional part of timestamps when compressing
  * re-indent source code using spaces only
  * minage: avoid rounding issue while comparing the amount of seconds
  * never remove old log files if rotate -1 is specified
  * return non-zero exit status if a config file contains an error
  * make copytruncate work with rotate 0
  * warn user if both size and the time interval options are used
  * pass rotated log file name as the 2nd argument of the postrotate
    script when sharedscript is not enabled
  * rename logrotate-default to logrotate.conf
- Added asc file.

==== lsof ====

- Add lsof-glibc-linux-5.0.patch: Fix build with
  linux-glibc-devel-5.0 by including sysmacros.h as needed.

==== lzo ====

- Use FAT LTO objects in order to provide proper static library (boo#1133259).

==== mozilla-nspr ====
Version update (4.20 -> 4.21)

- update to version 4.21
  * Use MAP_SHARED for read-only file mappings on MacOS and Android
  * Changed prbit.h to use builtin function on aarch64
  * Test program build fixes
  * Minor fixes to support unified builds
  * Update library copyright notices
  * Removed Gonk/B2G references

==== mozilla-nss ====
Version update (3.42.1 -> 3.43)
Subpackages: libfreebl3 libsoftokn3 mozilla-nss-certs

- update to NSS 3.43
  * required by Firefox 67.0
  New functions
  * HASH_GetHashOidTagByHashType - convert type HASH_HashType to type SECOidTag
  * SSL_SendCertificateRequest - allow server to request post-handshake
    client authentication. To use this both peers need to enable the
    SSL_ENABLE_POST_HANDSHAKE_AUTH option. Note that while the mechanism
    is present, post-handshake authentication is currently not TLS 1.3
    compliant due to bug 1532312
  Notable changes
  * The following CA certificates were Added:
  - emSign Root CA - G1
  - emSign ECC Root CA - G3
  - emSign Root CA - C1
  - emSign ECC Root CA - C3
  - Hongkong Post Root CA 3
  Bugs fixed
  * Improve Gyp build system handling (bmo#1528669, bmo#1529308)
  * Improve NSS S/MIME tests for Thunderbird (bmo#1529950, bmo#1521174)
  * If Docker isn't installed, try running a local clang-format as a
    fallback (bmo#1530134)
  * Enable FIPS mode automatically if the system FIPS mode flag is set
    (bmo#1531267)
  * Add a -J option to the strsclnt command to specify sigschemes
    (bmo#1528262)
  * Add manual for nss-policy-check (bmo#1513909)
  * Fix a deref after a null check in SECKEY_SetPublicValue (bmo#1531074)
  * Properly handle ESNI with HRR (bmo#1517714)
  * Expose HKDF-Expand-Label with mechanism (bmo#1529813)
  * Align TLS 1.3 HKDF trace levels (bmo#1535122)
  * Use getentropy on compatible versions of FreeBSD (bmo#1530102)

==== multipath-tools ====
Version update (0.7.9+139+suse.ed9d450 -> 0.8.1+8+suse.8c11498)
Subpackages: kpartx

- Disable kmod() style dependencies again (bsc#1119414)
  * For TW, dependencies will be autogenerated
    (gh#openSUSE/rpm-config-SUSE#3)
  * For SLE, feature is currently rejected (jsc#SLE-3853)
- Update to version 0.8.1+8+suse.8c11498:
  * Avoid deadlock situation during udev settle
  (bsc#1131789, bsc#1125145)
  - multipath -u: test socket connection in non-blocking mode
  * Fix priority handling for offline paths
  (bsc#1118495)
- Update to upstream 0.8.1
  * Avoid device IO in "multipath -u" (bsc#1125145)
  * multipathd: protect all access to running_state
  (bsc##1110060, bsc#1110439)
  * Improve handling of changed WWIDs and temporary failure
  to obtain WWID. Option "disable_changed_wwids" is now ignored.
  * Fixes for PATH_PENDING state handling (bsc#1125043)
- Trim %if..%endif guards that do not affect the build result.
- Combine %service_* calls to reduce generated code.
- Make use of %make_install.
- Re-enable kmod-style dependencies for multipath-tools package
  (bsc#1119414)
- Separate out libmpath0 (bsc#1119414)
- Spec file improvements
  * Add Conflicts: for older multipath-tools to libmpath0
  * Move license files to the libmpath0 package, which contains the
    code with complex licensing. The executables are GPL-2.0 anyway.
  * Remove bogus dependency of -devel package on device-mapper
  * -devel package depends on libmpath0, not multipath-tools
  * Remove %dir %{_defaultlicensedir} for SLE12-SP3 and newer
    (John Vandenberg <jayvdb@gmail.com>)
  * Remove unused /var/cache/multipath directory
  * Remove check for multipath maps in %pre and %post
  * Remove SLE11-specific multipathd service stop / start from
    %pre / %post
  * Remove obsolete tools from package description (bsc#1129827)
  * Add -n to %service_del_{pre,post}un for multipathd.socket
- Update to version 0.8.0+17+suse.a28893f:
  * Code-identical to 0.7.9+139+suse.ed9d450, except for new
    version number
- Disable kmod() style dependencies for now, as they are causing
  problems with image builds (bsc#1119414). They'd been active
  for SLE15-SP1 only, anyway.
- _service: determine "tag offset" manually, the patch count
  determined by git is far too high.

==== ncurses ====
Subpackages: libncurses6 ncurses-utils terminfo terminfo-base

- Make pkg-config files .pc consistent
- Add ncurses patch 20190511
  + fix a spurious blank line seen with "infocmp -1fx xterm+x11mouse"
  + add checks in repair_subwindows() to keep the current position and
    scroll-margins inside the resized subwindow.
  + add a limit check in newline_forces_scroll() for the case where the
    row is inside scroll-margins, but not at the end (report by Toshio
    Kuratomi, cf: 20170729).
  + corrected a warning message in tic for extended capabilities versus
    number of parameters.
- Add ncurses patch 20190504
  + improve workaround for Solaris wcwidth versus line-drawing characters
    (report by Pavel Stehule).
  + add special case in tic to validate RGB string-capability extension.
  + corrected string/parameter-field for RGB in Caps-ncurses.
- Add ncurses patch 20190427
  + corrected problem in terminfo load/realignment which prevented
    infocmp from comparing extended capabilities with the same name
    but different types.
- Add ncurses patch 20190420
  + improve ifdef's for TABSIZE variable, to help with AIX/HPUX ports.
- Add ncurses patch 20190413
  + check for TABSIZE variable in test/configure script.
  + used test/test_arrays.c to improve Caps.aix1 and Caps.hpux11
  + corrected filtering of comments in MKparametrized.sh
  + reduce duplication across Caps* files by moving some parts which do
    not depend on order into Caps-ncurses.
- Add ncurses patch 20190406
  + modify MKcaptab.sh, MKkey_defs.sh, and MKhashsize.sh to handle
    split-up Caps-files.
  + build-fixes if extended-functions are disabled.
- Add ncurses patch 20190330
  + add "screen5", to mention italics (report by Stefan Assmann)
  + modify description of xterm+x11hilite to eliminate unused p5 -TD
  + add configure script checks to help with a port to Ultrix 3.1
    (report by Dennis Grevenstein).
    + check if "b" binary feature of fopen works
    + check for missing feature of locale.h
    + add fallback for strstr() in test-programs
    + add fallback for STDOUT_FILENO in test-programs
  + update config.guess, config.sub

==== netcfg ====

- Remove pre/post install to get rid of coreutils dependency.
  We don't support upgrading of this old code anymore and coreutils
  is not wanted in busybox containers.
- Update services.bz2

==== nghttp2 ====
Version update (1.36.0 -> 1.38.0)

- Update to 1.38.0:
  * This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
  * It also fixes the bug that HTTP/1.1 chunked request stalls.
  * Now nghttpx does not log authorization request header field value with -LINFO.
  * This release fixes possible backend stall when header and request body are sent in their own packets.
  * The backend option gets weight parameter to influence backend selection.
  * This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
  * boost170.patch

==== numactl ====

- Disable LTO (boo#1133098).

==== open-lldp ====
Subpackages: liblldp_clif1

- Add disable-werror.patch.
- Disable -Werror (boo#1128299) and remove gcc9-fix-werror.patch.

==== open-vm-tools ====
Subpackages: libvmtools0

- Update vmtoolsd.service tools to run after the network service is
  ready. (bsc#1133623)
- Link VGAuthService to libxmlsec1 rather than libxml-security-c in
  SLES 12 SP3. (bsc#1122435)

==== openldap2 ====

- bsc#1111388 - incorrect post script call causes tmpfiles create not to
  be run.

==== openssh ====

- Fix a crash with GSSAPI key exchange (bsc#1136104)
  * modify openssh-7.7p1-gssapi_key_exchange.patch

==== openssl ====
Version update (1.1.0h -> 1.1.1b)

- Update to 1.1.1b release
- Update to 1.1.1a release
- Update to 1.1.1 release
- Update to 1.1.1~pre9 (Beta 7)
- Update to 1.1.0i release

==== openssl-1_1 ====
Version update (1.1.0h -> 1.1.1b)
Subpackages: libopenssl1_1

- Drop bc and ed BuildRequires: I could not find any reference to
  these tools being used during build or check.
- Use upstream-approved patch for the handling of strerror_r
  * https://github.com/openssl/openssl/pull/8371
- add openssl-fix-handling-of-GNU-strerror_r.patch
- drop strerror.patch
- Update to 1.1.1b
  * Added SCA hardening for modular field inversion in EC_GROUP
    through a new dedicated field_inv() pointer in EC_METHOD.
  * Change the info callback signals for the start and end of a post-handshake
    message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
    and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
    confused by this and assume that a TLSv1.2 renegotiation has started. This
    can break KeyUpdate handling. Instead we no longer signal the start and end
    of a post handshake message exchange (although the messages themselves are
    still signalled). This could break some applications that were expecting
    the old signals. However without this KeyUpdate is not usable for many
    applications.
  * Fix a bug in the computation of the endpoint-pair shared secret used
    by DTLS over SCTP. This breaks interoperability with older versions
    of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
    switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
    interoperability with such broken implementations. However, enabling
    this switch breaks interoperability with correct implementations.
  * Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
    re-used X509_PUBKEY object if the second PUBKEY is malformed.
  * Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0()
- Add strerror.patch to avoid problems with strerror_r() not setting
  the provided buf
- Add s390x poly1305 vectorized implementation (fate#326351)
  * https://github.com/openssl/openssl/pull/7991
- add 0001-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
- Add s390x chacha20 vectorized implementation (fate#326561)
  * https://github.com/openssl/openssl/pull/6919
- added patches:
  0001-s390x-assembly-pack-perlasm-support.patch
  0002-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
- Update to 1.1.1a
  * Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
    the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
    are retained for backwards compatibility.
  * Fixed the issue that RAND_add()/RAND_seed() silently discards random input
    if its length exceeds 4096 bytes. The limit has been raised to a buffer size
    of two gigabytes and the error handling improved.
- drop upstream patches:
  * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
  * 0001-DSA-Check-for-sanity-of-input-parameters.patch
  * 0001-DSA-mod-inverse-fix.patch
  * openssl-CVE-2018-0734.patch
  * openssl-CVE-2018-0735.patch
- OpenSSL Security Advisory [30 October 2018]
  * Timing vulnerability in ECDSA signature generation
    (bsc#1113651, CVE-2018-0735)
  * Timing vulnerability in DSA signature generation
    (bsc#1113652, CVE-2018-0734)
  * And more timing fixes
- Add patches:
  * openssl-CVE-2018-0734.patch
  * openssl-CVE-2018-0735.patch
  * 0001-DSA-mod-inverse-fix.patch
  * 0001-Add-a-constant-time-flag-to-one-of-the-bignums-to-av.patch
- Fix infinite loop in DSA generation with incorrect parameters
  (bsc#1112209)
  * 0001-DSA-Check-for-sanity-of-input-parameters.patch
- Explictly select "getrandom" system call as the seed source,
  it is the safer/best performing choice on linux.
- do not force -std=gnu99, pick the compiler default.
- Update to 1.1.1 release
  * This is the first official release of the OpenSSL 1.1.1 branch
    which brings TLS 1.3 support
- remove all TLS 1.3 ciphers from the DEFAULT_SUSE cipher list as they
  are configured differently
  * modified openssl-DEFAULT_SUSE_cipher.patch
- drop obsolete openssl-pretend_we_are_not_beta.patch
- Update to 1.1.1-pre9 (Beta 7)
  * Support for TLSv1.3 added
  * Move the display of configuration data to configdata.pm.
  * Allow GNU style "make variables" to be used with Configure.
  * Add a STORE module (OSSL_STORE)
  * Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
  * Add multi-prime RSA (RFC 8017) support
  * Add SM3 implemented according to GB/T 32905-2016
  * Add SM4 implemented according to GB/T 32907-2016.
  * Add 'Maximum Fragment Length' TLS extension negotiation and support
  * Add ARIA support
  * Add SHA3
  * Rewrite of devcrypto engine
  * Add support for SipHash
  * Grand redesign of the OpenSSL random generator
- pretend the release is not a Beta, to avoid "OpenSSL version mismatch"
  with OpenSSH
  * add openssl-pretend_we_are_not_beta.patch
- drop FIPS support
  * don't build with FIPS mode (not supported in 1.1.1)
  * don't create the -hmac subpackages
  - drop FIPS patches
  * openssl-fips-clearerror.patch
  * openssl-fips-dont-fall-back-to-default-digest.patch
  * openssl-fips-dont_run_FIPS_module_installed.patch
  * openssl-fips-fix-odd-rsakeybits.patch
  * openssl-fips-rsagen-d-bits.patch
  * openssl-fips-selftests_in_nonfips_mode.patch
  * openssl-fips_disallow_ENGINE_loading.patch
  * openssl-rsakeygen-minimum-distance.patch
  * openssl-1.1.0-fips.patch
  * openssl-urandom-reseeding.patch
  * openssl-CVE-2018-0737-fips.patch
- add TLS 1.3 ciphers to DEFAULT_SUSE
- merge openssl-1.0.1e-add-suse-default-cipher.patch and
  openssl-1.0.1e-add-test-suse-default-cipher-suite.patch to
  openssl-DEFAULT_SUSE_cipher.patch
- drop patches:
  * openssl-static-deps.patch (upstream)
  * 0001-Resume-reading-from-randfile-when-interrupted-by-a-s.patch
  * openssl-disable_rsa_keygen_tests_with_small_modulus.patch
  * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
- drop s390x patches
  * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
  * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
  * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
  * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
  * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
  * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
  * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
  * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
  * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
  * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
  * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
- Update to 1.1.0i
  OpenSSL Security Advisory [12 June 2018]
  * Reject excessively large primes in DH key generation
    (bsc#1097158, CVE-2018-0732)
  * Make EVP_PKEY_asn1_new() a bit stricter about its input
  * Revert blinding in ECDSA sign and instead make problematic addition
    length-invariant. Switch even to fixed-length Montgomery multiplication.
  * Change generating and checking of primes so that the error rate of not
    being prime depends on the intended use based on the size of the input.
  * Increase the number of Miller-Rabin rounds for DSA key generating to 64.
  * Add blinding to ECDSA and DSA signatures to protect against side channel
    attacks
  * When unlocking a pass phrase protected PEM file or PKCS#8 container, we
    now allow empty (zero character) pass phrases.
  * Certificate time validation (X509_cmp_time) enforces stricter
    compliance with RFC 5280. Fractional seconds and timezone offsets
    are no longer allowed.
  * Fixed a text canonicalisation bug in CMS
- drop patches (upstream):
  * 0001-Limit-scope-of-CN-name-constraints.patch
  * 0001-Revert-util-dofile.pl-only-quote-stuff-that-actually.patch
  * 0001-Tolerate-a-Certificate-using-a-non-supported-group-o.patch
  * 0002-Skip-CN-DNS-name-constraint-checks-when-not-needed.patch
- refresh patches:
  * openssl-1.1.0-fips.patch
  * openssl-disable_rsa_keygen_tests_with_small_modulus.patch
- rename openssl-CVE-2018-0737.patch to openssl-CVE-2018-0737-fips.patch
  as it now only includes changes to the fips code

==== p11-kit ====
Subpackages: libp11-kit0 p11-kit-tools

- Move RPM macros to %_rpmmacrodir.

==== pam ====

- Add virtual symbols for login.defs compatibility (bsc#1121197).
- Add login.defs safety check pam-login_defs-check.sh
  (bsc#1121197).

==== pam-config ====
Version update (0.96 -> 1.0)

- Update to version 1.0:
  - Add search in different locations for config files
  - Add support for pam_mktemp [bsc#1123878]

==== patterns-containers ====
Subpackages: patterns-containers-container_runtime patterns-containers-container_runtime_kubernetes patterns-containers-kubeadm

- kubeadm pattern:
  - add cilium-k8s-yaml
- kubeadm pattern:
  - remove multipath-tools, no need to install it by default
- kubeadm pattern:
  - Adjust name of kured yaml file to kured-k8s-yaml
  - Add metallb-k8s-yaml
- Add kubic_worker and kubic_admin patterns [boo#1134332]
- Correctly obsolete patterns-caasp-* version 4.0

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-basesystem patterns-microos-cloud patterns-microos-defaults patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-selinux patterns-microos-sssd_ldap

- Add multipath-tools to DVD for the case the installer needs it
- Add wpa_supplicant to media [boo#1134429]
- Add cryptsetup to media [bsc#1134139]
- Remove salt-master and -minion from onlyDVD pattern
  Not needed for MicroOS, will be used in Kubic via system_roles
- Correctly obsolete patterns-caasp-* version 4.0

==== pcre2 ====
Version update (10.32 -> 10.33)

- Update to 10.33-RC1 to fix issue with LTO (boo#1133274).
  * Callouts from pcre2_substitute() are now available.
  * The POSIX functions are now all called pcre2_regcomp() etc., with wrapper
    functions that use the standard POSIX names. However, in pcre2posix.h the POSIX
    names are defined as macros. This should help avoid linking with the wrong
    library in some environments, while still exporting the POSIX names for
    pre-existing programs that use them.
  * Some new options:
    (a) PCRE2_EXTRA_ESCAPED_CR_IS_LF makes \r behave as \n.
    (b) PCRE2_EXTRA_ALT_BSUX enables support for ECMAScript 6's \u{hh...}
    construct.
    (c) PCRE2_COPY_MATCHED_SUBJECT causes a copy of a matched subject to be
    made, instead of just remembering a pointer.
  * Some new Perl features:
    (a) Perl 5.28's experimental alphabetic names for atomic groups and
    lookaround assertions, for example, (*pla:...) and (*atomic:...).
    (b) The new Perl "script run" features (*script_run:...) and
    (*atomic_script_run:...) aka (*sr:...) and (*asr:...).
    (c) When PCRE2_UTF is set, allow non-ASCII letters and decimal digits in
    capture group names.
  * --disable-percent-zt disables the use of %zu and %td in formatting strings
    in pcre2test. They were already automatically disabled for VC and older C
    compilers.
  * Some changes related to callouts in pcre2grep:
    (a) Support for running an external program under VMS has been added, in
    addition to Windows and fork() support.
    (b) --disable-pcre2grep-callout-fork restricts the callout support in
    to the inbuilt echo facility.
- Disable LTO (boo#1133274).

==== permissions ====
Version update (20190212 -> 20190429)

- Fixed versions. Removed set_version from _service file, doesn't
  work with the new packaging. Call fix_version.sh to set current
  date as version instead
- Fixed requires for -config and -zypp-plugin
- Update to version 20190429:
  * removed entry for /var/cache/man. Conflicts with packaging and man:man is
    the better setting anyway (bsc#1133678)
  * fixed error in description of permissions.paranoid. Make it clear that this
    is not a usable profile, but intended as a base for own developments
- Fix RPM group, fix hard requirement on documentation.
  Update description typography.
- Created new subpackages -config, -doc and standalone package chkstat
  where we can start a better versioning scheme and require it from the
  original package

==== podman ====
Version update (1.2.0 -> 1.3.1)
Subpackages: podman-cni-config

- Update podman to v1.3.1:
  - The podman cp command can now read input redirected to STDIN, and output to
    STDOUT instead of a file, using - instead of an argument.
  - The Podman remote client now displays version information from both the
    client and server in podman version
  - The podman unshare command has been added, allowing easy entry into the
    user namespace set up by rootless Podman (allowing the removal of files
    created by rootless Podman, among other things)
  - Fixed a bug where Podman containers with the --rm flag were removing
    created volumes when they were automatically removed
  - Fixed a bug where container and pod locks were incorrectly marked as
    released after a system reboot, causing errors on container and pod removal
  - Fixed a bug where Podman pods could not be removed if any container in the
    pod encountered an error during removal
  - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
    encounter a race condition during removal, potentially failing to remove
    the pod CGroup
  - Fixed a bug where the podman container checkpoint and podman container
    restore commands were not visible in the remote client
  - Fixed a bug where podman remote ps --ns would not print the container's
    namespaces
  - Fixed a bug where removing stopped containers with healthchecks could cause
    an error
  - Fixed a bug where the default libpod.conf file was causing parsing errors
  - Fixed a bug where pod locks were not being freed when pods were removed,
    potentially leading to lock exhaustion
  - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running
    containers, create an inconsistent state rendering the container unusable
  - The remote Podman client now uses the Varlink bridge to establish remote
    connections by default
- Update conmon to 0.2.0 and switched to containers/conmon upstream project
- Update `systemd-devel` to actually be `pkgconfig(libsystemd)` to allow OBS to
  shortcut through systemd-mini-devel
- Update podman to v1.3.0
  * Podman now supports container restart policies! The --restart-policy flag
    on podman create and podman run allows containers to be restarted after
    they exit. Please note that Podman cannot restart containers after a system
    reboot - for that, see our next feature
  * Podman podman generate systemd command was added to generate systemd unit
    files for managing Podman containers
  * The podman runlabel command now allows a $GLOBAL_OPTS variable, which will
    be populated by global options passed to the podman runlabel command,
    allowing custom storage configurations to be passed into containers run
    with runlabel
  * The podman play kube command now allows File and FileOrCreate volumes
  * The podman pod prune command was added to prune unused pods
  * Added the podman system migrate command to migrate containers using older
    configurations to allow their use by newer Libpod versions
  * Podman containers now forward proxy-related environment variables from the
    host into the container with the --http-proxy flag (enabled by default)
  * Read-only Podman containers can now create tmpfs filesystems on /tmp,
    /var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)
  * The podman init command was added, performing all container pre-start tasks
    without starting the container to allow pre-run debugging
- Update conmon to cri-o v1.14.1
- Update libpod.conf to match latest feature set

==== python-Jinja2 ====
Version update (2.10 -> 2.10.1)

- Trim bias from descriptions. Make sure % is escaped.
- update to version 2.10.1 (bsc#1132323, CVE-2019-10906, bsc#1125815, CVE-2019-8341):
  * "SandboxedEnvironment" securely handles "str.format_map" in order
    to prevent code execution through untrusted format strings.  The
    sandbox already handled "str.format".

==== python-base ====
Version update (2.7.15 -> 2.7.16)
Subpackages: libpython2_7-1_0

- bsc#1130847 (CVE-2019-9948) add CVE-2019-9948-avoid_local-file.patch
  removing unnecessary (and potentially harmful) URL scheme
  local-file://.
- bsc#1129346: add CVE-2019-9636-netloc-no-decompose-characters.patch
  Characters in the netloc attribute that decompose under NFKC
  normalization (as used by the IDNA encoding) into any of ``/``,
  ``?``, ``#``, ``@``, or ``:`` will raise a ValueError. If the
  URL is decomposed before parsing, or is not a Unicode string,
  no error will be raised.
  Upstream commits e37ef41 and 507bd8c.
- Update to 2.7.16:
  * bugfix-only release: complete list of changes on
    https://github.com/python/cpython/blob/2.7/Misc/NEWS.d/2.7.16rc1.rst
  * Removed openssl-111.patch and CVE-2018-1000802-shutil_use_subprocess_no_spawn.patch
    which are fully included in the tarball.
  * Updated patches to apply cleanly:
    CVE-2019-5010-null-defer-x509-cert-DOS.patch
    bpo36160-init-sysconfig_vars.patch
    do-not-use-non-ascii-in-test_ssl.patch
    openssl-111-middlebox-compat.patch
    openssl-111-ssl_options.patch
    python-2.5.1-sqlite.patch
    python-2.6-gettext-plurals.patch
    python-2.7-dirs.patch
    python-2.7.2-fix_date_time_compiler.patch
    python-2.7.4-canonicalize2.patch
    python-2.7.5-multilib.patch
    python-2.7.9-ssl_ca_path.patch
    python-bsddb6.diff
    remove-static-libpython.diff
  * Update python-2.7.5-multilib.patch to pass with new platlib
    regime.

==== python-cffi ====
Version update (1.12.2 -> 1.12.3)

- Update to 1.12.3
  * Fix for nested struct types that end in a var-sized array (#405).
  * Add support for using U and L characters at the end of integer constants in ffi.cdef() (thanks Guillaume).
  * More 3.8 fixes.

==== python-ecdsa ====
Version update (0.13 -> 0.13.2)

- update to 0.13.2
- enable tests
- fix requires
  * python packaging fixes

==== python-ipy ====
Version update (0.83 -> 1.00)

- version update to 1.00
  * Fix IPv6 string interpretation for small ints
  * Various Python3 language fixes
  * consider 127.0 range LOOPBACK not PRIVATE

==== python-jsonpatch ====

- Removing conflict with jsondiff
  * Reasoning:
  - moto requires cfn-lint and jsondiff
  - cfn-lint requires jsonpatch

==== python-jsonschema ====
Version update (3.0.1 -> 2.6.0)

- Add non-updating note to the SPEC file
- downgrade to < 3.0.0 again to fix all openstack clients

==== python-pycryptodome ====
Version update (3.7.2 -> 3.8.1)

-  Use -fno-strict-aliasing in order to bypass:
  https://github.com/Legrandin/pycryptodome/issues/291.
- Update to 3.8.1
  * Add support for loading PEM files encrypted with AES192-CBC,
    AES256-CBC, and AES256-GCM.
  * When importing ECC keys, ignore EC PARAMS section that was
    included by some openssl commands.
  * repr() did not work for ECC.EccKey.
  * Minimal length for Blowfish cipher is 32 bits, not 40 bits.
  3.8.0
  * Speed-up ECC performance. ECDSA is 33 times faster on the
    NIST P-256 curve.
  * Added support for NIST P-384 and P-521 curves.
  * EccKey has new methods size_in_bits() and size_in_bytes().
  * Support HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, and HMAC-SHA512
    in PBE2/PBKDF2.
  * DER objects were not rejected if their length field had
    a leading zero.
  * Allow legacy RC2 ciphers to have 40-bit keys.
  * point_at_infinity() becomes an instance method for
    Crypto.PublicKey.ECC.EccKey, from a static one.
  3.7.3
  * GH#258: False positive on PSS signatures when externally
    provided salt is too long.

==== python-pyparsing ====
Version update (2.3.0+git.1546912853.bf348d6 -> 2.4.0)

- update to 2.4.0
- drop nose_to_unittest.patch
- drop _service
  * Adds a pyparsing.__compat__ object for specifying compatibility with
  future breaking changes.
  * Conditionalizes the API-breaking behavior, based on the value
  pyparsing.__compat__.collect_all_And_tokens.  By default, this value
  will be set to True, reflecting the new bugfixed behavior.
  * User code that is dependent on the pre-bugfix behavior can restore
  it by setting this value to False.
  * Updated unitTests.py and simple_unit_tests.py to be compatible with
  "python setup.py test".
  * Fixed bug in runTests handling '\n' literals in quoted strings.
  * Added tag_body attribute to the start tag expressions generated by
  makeHTMLTags, so that you can avoid using SkipTo to roll your own
  tag body expression:
  * indentedBlock failure handling was improved
  * Address Py2 incompatibility in simpleUnitTests, plus explain() and
  Forward str() cleanup
  * Fixed docstring with embedded '\w', which creates SyntaxWarnings in Py3.8.
  * Added example parser for rosettacode.org tutorial compiler.
  * Added example to show how an HTML table can be parsed into a
  collection of Python lists or dicts, one per row.
  * Updated SimpleSQL.py example to handle nested selects, reworked
  'where' expression to use infixNotation.
  * Added include_preprocessor.py, similar to macroExpander.py.
  * Examples using makeHTMLTags use new tag_body expression when
  retrieving a tag's body text.
  * Updated examples that are runnable as unit tests
- Do not BuildRequire python-unittest2 when no tests are executed.
  This breaks a build cycle for pyparsing->unittest2->traceback2->pbr->
  Pygments->pytest->setuptools_scm->packaging which needs pyparsing

==== python-pyserial ====

- Remove unnecessary Windows and OSX modules from runtime package
- Remove Mono and Java CLI modules from runtime package
- Activate test suite
- Fix fdupes, hashbangs and executable bits
- Remove non-break-space in python-pyserial.changes with normal space

==== python-pytz ====
Version update (2018.9 -> 2019.1)

- update to 2019.1
  * Raise UnknownTimeZoneError if provided timezone name is None
  * Use early python2 compatible str formatting
  * timezone constructor arg is case-insensitive
  * Add _all_timezones_lower_to_standard to gen_tzinfo

==== python-requests ====
Version update (2.21.0 -> 2.22.0)

- Update to 2.22.0:
  * Requests now supports urllib3 v1.25.2. (note: 1.25.0 and 1.25.1 are incompatible)
- Rebase requests-no-hardcoded-version.patch
- Do not hardcode version requirements in setup.py allowing us to
  update and verify functionality on our own:
  * requests-no-hardcoded-version.patch

==== python-rpm-macros ====
Version update (20190402.c88be49 -> 20190430.5260267)

- Update to version 20190430.5260267:
  * Yet another attempt to preserve $PYTHONPATH set in the environment.
  * Document also %pytest_arch
  * Document %pytest in README.md
- Update to version 20190408.32abece bsc#1128323:
  * Multiline macros don't work correctly on older RPMs.

==== python-semanage ====

- Disable LTO (boo#1133280).

==== python-setuptools ====
Version update (40.8.0 -> 41.0.1)

- update to version 41.0.1:
  * #1671: Fixed issue with the PEP 517 backend that prevented
    building a wheel when the dist/ directory contained existing .whl
    files.
  * #1709: In test.paths_on_python_path, avoid adding unnecessary
    duplicates to the PYTHONPATH.
  * #1741: In package_index, now honor "current directory" during a
    checkout of git and hg repositories under Windows
- update to 41.0.0
  * #1735: When parsing setup.cfg files, setuptools now requires the files
    to be encoded as UTF-8. Any other encoding will lead to a UnicodeDecodeError.
    This change removes support for specifying an encoding using a 'coding: '
    directive in the header of the file, a feature that was introduces in 40.7.
    Given the recent release of the aforementioned feature, it is assumed that
    few if any projects are utilizing the feature to specify an encoding
    other than UTF-8.

==== python-urllib3 ====
Version update (1.24.1 -> 1.24.2)

- Update to 1.24.2:
  - Implemented a more efficient HTTPResponse.__iter__() method.
    (Issue #1483)
  - Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
    (Pull #1487)
  - Remove Authorization header regardless of case when
    redirecting to cross-site. (Issue #1510)
  - Added support for key_password for HTTPSConnectionPool to use
    encrypted key_file without creating your own SSLContext
    object. (Pull #1489)
  - Fixed issue where OpenSSL would block if an encrypted client
    private key was given and no password was given. Instead an
    SSLError is raised. (Pull #1489)
  - Require and validate certificates by default when using HTTPS
    (Pull #1507)
  - Added support for Brotli content encoding. It is enabled
    automatically if brotlipy package is installed which can be
    requested with urllib3[brotli] extra. (Pull #1532)
  - Add TLSv1.3 support to CPython, pyOpenSSL, and
    SecureTransport SSLContext implementations. (Pull #1496)
  - Drop ciphers using DSS key exchange from default TLS cipher
    suites. Improve default ciphers when using SecureTransport.
    (Pull #1496)
  - Add support for IPv6 addresses in subjectAltName section of
    certificates. (Issue #1269)
  - Switched the default multipart header encoder from RFC 2231
    to HTML 5 working draft. (Issue #303, PR #1492)

==== rdma-core ====
Version update (22.1 -> 23.1)
Subpackages: libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1

- Update to rdma-core v23.1
  - No release notes available
- Replace prebuild-pandoc.sh by post_download.sh to patch the spec
  file form upstream for OBS setup
- Update to rdma-core v23
  - No release notes available
- Enable pyverbs package
- Remove patches that were merged upstream
  - Update-kernel-headers.patch
  - bnxt_re-lib-Enable-Broadcom-s-57500-RoCE-adapter.patch

==== reiserfs ====

- Use %make_build.
- Use FAT LTO objects in order to provide proper static library (boo#1133282).
- fix build for older distros

==== rpm ====

- backport "push name/epoch/version/release macro before invoking depgens"
  change for correct generation of dependencies by other dep generators
  * new patch: rpmfc-push-name-epoch-version-release-macro-before-invoking-depgens.patch

==== rpm-config-SUSE ====
Version update (0.g11 -> 0.g14)

- Don't use bash syntax in %install_info macro [bsc#1131957]

==== rsync ====

- Fixed bug numbers in spec file
- Add patch: rsync-fix-prealloc-to-keep-file-size-0-when-possible.patch (boo#1108562)

==== runc ====
Version update (1.0.0~rc6 -> 1.0.0~rc8)

- Upgrade to runc v1.0.0~rc8. Upstream changelog is available from
  https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc8
- Includes upstreamed patches for regressions (bsc#1131314 bsc#1131553).
- Remove upstreamed patches:
  - CVE-2019-5736.patch

==== salt ====
Version update (2018.3.2 -> 2019.2.0)
Subpackages: python3-salt salt-master salt-minion

- Switch firewalld state to use change_interface (bsc#1132076)
- Added:
  * switch-firewalld-state-to-use-change_interface.patch
- Fix async-batch to fire a single done event
- Added:
  * fix-async-batch-multiple-done-events.patch
- Do not make Salt CLI to crash when there are IPv6 established
  connections (bsc#1130784)
- Added:
  * do-not-crash-when-there-are-ipv6-established-connect.patch
- Include aliases in FQDNS grain (bsc#1121439)
- Fix issue preventing syndic to start
- Update year on spec copyright notice
- Added:
  * fix-syndic-start-issue.patch
- Use ThreadPool from multiprocessing.pool to avoid leakings
  when calculating FQDNs
- Do not report patches as installed on RHEL systems when not all
  the related packages are installed (bsc#1128061)
- Added:
  * use-threadpool-from-multiprocessing.pool-to-avoid-le.patch
  * do-not-report-patches-as-installed-when-not-all-the-.patch
- Update to 2019.2.0 complete (FATE#327138, bsc#1133523)
- Fix batch/batch-async related issues
- Calculate FQDNs in parallel to avoid blockings (bsc#1129079)
- Incorporate virt.volume_info fixes (PR#131)
- Re-adds patch because of increased offset due to previous patch removal
- Removing patch to add root parameter to zypper module
- Fix for -t parameter in mount module
- Added:
  * mount-fix-extra-t-parameter.patch
  * add-batch_presence_ping_timeout-and-batch_presence_p.patch
  * fix-async-batch-race-conditions.patch
  * calculate-fqdns-in-parallel-to-avoid-blockings-bsc-1.patch
- Modified:
  * don-t-call-zypper-with-more-than-one-no-refresh.patch
  * add-virt.volume_infos-and-virt.volume_delete.patch
- Removed:
  * zypper-add-root-configuration-parameter.patch
- No longer limiting Python3 version to <3.7
- Async batch implementation
- Added:
  * async-batch-implementation.patch
- Update to Salt 2019.2.0 release
  For further information see:
  https://docs.saltstack.com/en/latest/topics/releases/2019.2.0.html
- Added:
  * add-virt.all_capabilities.patch
  * add-virt.volume_infos-and-virt.volume_delete.patch
  * don-t-call-zypper-with-more-than-one-no-refresh.patch
  * include-aliases-in-the-fqdns-grains.patch
  * temporary-fix-extend-the-whitelist-of-allowed-comman.patch
- Removed:
  * accounting-for-when-files-in-an-archive-contain-non-.patch
  * add-engine-relaying-libvirt-events.patch
  * add-other-attribute-to-gecos-fields-to-avoid-inconsi.patch
  * add-support-for-python-3.7.patch
  * align-suse-salt-master.service-limitnofiles-limit-wi.patch
  * avoid-incomprehensive-message-if-crashes.patch
  * change-stringio-import-in-python2-to-import-the-clas.patch
  * decode-file-contents-for-python2-bsc-1102013.patch
  * do-not-override-jid-on-returners-only-sending-back-t.patch
  * don-t-error-on-retcode-0-in-libcrypto.openssl_init_c.patch
  * feat-add-grain-for-all-fqdns.patch
  * fix-async-call-to-process-manager.patch
  * fix-decrease-loglevel-when-unable-to-resolve-addr.patch
  * fix-deprecation-warning-bsc-1095507.patch
  * fix-diffing-binary-files-in-file.get_diff-bsc-109839.patch
  * fix-for-ec2-rate-limit-failures.patch
  * fix-for-errno-0-resolver-error-0-no-error-bsc-108758.patch
  * fix-for-sorting-of-multi-version-packages-bsc-109717.patch
  * fix-index-error-when-running-on-python-3.patch
  * fix-latin1-encoding-problems-on-file-module-bsc-1116.patch
  * fix-mine.get-not-returning-data-workaround-for-48020.patch
  * fix-unboundlocalerror-in-file.get_diff.patch
  * fixed-usage-of-ipaddress.patch
  * fixing-issue-when-a-valid-token-is-generated-even-wh.patch
  * get-os_family-for-rpm-distros-from-the-rpm-macros.-u.patch
  * improved-handling-of-ldap-group-id.patch
  * only-do-reverse-dns-lookup-on-ips-for-salt-ssh.patch
  * option-to-merge-current-pillar-with-opts-pillar-duri.patch
  * prepend-current-directory-when-path-is-just-filename.patch
  * prevent-zypper-from-parsing-repo-configuration-from-.patch
  * remove-old-hack-when-reporting-multiversion-packages.patch
  * retire-md5-checksum-for-pkg-mgmt-plugins.patch
  * show-recommendations-for-salt-ssh-cross-version-pyth.patch
  * strip-trailing-commas-on-linux-user-gecos-fields.patch
  * support-use-of-gce-instance-credentials-109.patch
  * update-error-list-for-zypper.patch
  * x509-fixes-for-remote-signing-106.patch
- Modified:
  * add-all_versions-parameter-to-include-all-installed-.patch
  * add-cpe_name-for-osversion-grain-parsing-u-49946.patch
  * add-environment-variable-to-know-if-yum-is-invoked-f.patch
  * add-hold-unhold-functions.patch
  * add-saltssh-multi-version-support-across-python-inte.patch
  * azurefs-gracefully-handle-attributeerror.patch
  * bugfix-any-unicode-string-of-length-16-will-raise-ty.patch
  * debian-info_installed-compatibility-50453.patch
  * do-not-load-pip-state-if-there-is-no-3rd-party-depen.patch
  * fall-back-to-pymysql.patch
  * fix-for-suse-expanded-support-detection.patch
  * fix-git_pillar-merging-across-multiple-__env__-repos.patch
  * fix-ipv6-scope-bsc-1108557.patch
  * fix-issue-2068-test.patch
  * fix-zypper.list_pkgs-to-be-aligned-with-pkg-state.patch
  * fixes-cve-2018-15750-cve-2018-15751.patch
  * get-os_arch-also-without-rpm-package-installed.patch
  * integration-of-msi-authentication-with-azurearm-clou.patch
  * loosen-azure-sdk-dependencies-in-azurearm-cloud-driv.patch
  * remove-arch-from-name-when-pkg.list_pkgs-is-called-w.patch
  * use-adler32-algorithm-to-compute-string-checksums.patch
  * x509-fixes-111.patch
  * zypper-add-root-configuration-parameter.patch
- Add root parameter to Zypper module
- Added:
  * zypper-add-root-configuration-parameter.patch

==== sg3_utils ====
Version update (1.43 -> 1.45~815+5.6aa67ed)

- Update to version 1.45~815+5.6aa67ed:
  * 59-fc-wwpn-id.rules: fix rule syntax (bsc#1133418)
- Update to svn r815:
  * sg_opcodes: expand MLU (spc5r20)
  * sg_inq: update version descriptors to spc5r21
  * sg_vpd: 3pc VPD page add copy group descriptor
  * sg_xcopy: add --fco (fast copy only) (spc5r20) and --app=1
  * add nanosecond durations with SG3_UTILS_LINUX_NANO
- Earlier SUSE fixes now included upstream:
  * 58-scsi-sg3_symlink.rules: don't skip multipath members
  (bsc#1085212) [r815]
  * rescan-scsi-bus.sh: terminate scanning if last lun got removed
  (bsc#1087008) [r815]
  * Add scsi-enable-target-scan.sh (bsc#954600) [r814]
  * shellcheck cleanups for rescan-scsi-bus.sh [r814]
- Replace old $RPM_* shell vars.
- Spec file:
  * add fc_wwpn_id (bsc#1005063)
  * add lun masking service (bsc#954600)
  * drop BuildRequires on udev
  * replace unversioned "Provides: scsi" with versioned
- Update to version sg3_utils-1.45~803+31.564be3d:
  * New versioning scheme for upstream pre-release:
    1.45 - upstream release target, 803 - upstream svn id,
    +31: SUSE commits on top of svn, 564be3d - git hash
  * rescan-scsi-bus.sh: terminate scanning if last lun got removed
  (bsc#1087008)
  * 58-scsi-sg3_symlink.rules: don't skip multipath members
  (bsc#1085212)
  * Add scsi-enable-target-scan.sh (bsc#954600)
- Update to svn r803:
  * sg_opcodes: expand MLU (18-102r0)
  * sg_format: add --dcrt used twice (FOV=1 DCRT=0)
  * rescan-scsi-bus: widen LUN 0 only scanning
  (bsc#1069384)
- Earlier SUSE fixes included in 1.45:
  * rescan-scsi-bus.sh: use LUN wildcard in idlist (bsc#1069384)
  [svn: r795]
  * sg_ses: fixup page decoding (bsc#1077787) [svn: r795]
  * sg_ses: allow to decode raw data instead of reading from a device
  (bsc#1050943) [svn: r795]
- Update to sg3_utils-1.44 [20180912] [svn: r791]
  * rescan-scsi-bus.sh: harden code
  - bump version to 20180615
  - add --ignore-rev to ignore revision change
  * introduce SG3_UTILS_DSENSE environment variable
  * sginfo: don't open /dev/snapshot
  * sg_timestamp: add '--no-timestamp' option
  - add --elapsed and --hex options
  * sg_wr_mode: add --rtd option for RTD bi
  * sg_unmap: add --all=ST,RN[,LA] option
  * sgm_dd, sg_dd: add --dry-run and --verbose options
  * sg_inq+sg_vpd: update Extended inquiry data vpd page
  * sg_ses: add 'hw_reset' and 'sw_reset' to enclosure services
    controller electronics element type (18-047r1)
  * sg_decode sense: add --cdb and --err=ES options
  * sg_format: add --dry-run option
  - extend --wait timeout for > 4TB disks
  * sg_sanitize: add --dry-run option
- Earlier SUSE fixes included in 1.44:
  * sg_inq: decode standard INQUIRY for CD-ROMs correctly
  (bsc#1065448, bsc#1070431) [svn: r742]
  * sg_inq: export all NAA values (bsc#1050767) [svn: r715]
  * Add fc_wwpn_id to generate by-path links for fibrechannel
  (bsc#1005063) (svn@715)
  * sg_vpd: struct opts_t misaligment (bsc#1050943) [svn: r707]

==== shadow ====

- Split shadow-login_defs.patch hunks to its logical components
  (bsc#1121197):
  * shadow-login_defs-unused-by-pam.patch
  * shadow-login_defs-comments.patch
  * shadow-login_defs-util-linux.patch
  * shadow-login_defs-suse.patch
  * Move appropriate hunks to chkname-regex.patch and
    encryption_method_nis.patch
  * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14).
- Split getdef-new-defs.patch hunks to its logical components
  (bsc#1121197):
  * encryption_method_nis.patch
  * chkname-regex.patch
  * shadow-util-linux.patch
    Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT.
  * useradd-script.patch, userdel-script.patch
  * Remove duplicated definitions of MOTD_FILE and ENV_PATH.
- Add shadow-login_defs-unused-check.sh to allow verification of
  login.defs variable usage (bsc#1121197).
- Add virtual symbols for login.defs compatibility (bsc#1121197).

==== shared-mime-info ====

- Move RPM macros to %_rpmmacrodir.
- Move RPM macros file to correct directory in /usr

==== socat ====
Version update (1.7.3.2 -> 1.7.3.3)

- Update to version 1.7.3.3:
  * bugfix release, see the CHANGES file for all changes
- Drop patch:
  * socat-openssl-1.1-tests.patch (not longer needed)
- Run spec-cleaner

==== sssd ====
Version update (2.0.0 -> 2.1.0)
Subpackages: libsss_certmap0 libsss_idmap0 libsss_nss_idmap0 sssd-krb5-common sssd-ldap

- Update to new upstream release 2.1.0
  * Any provider can now match and map certificates to user
    identities.
  * pam_sss can now be configured to only perform Smart Card
    authentication or return an error if this is not possible.
  * pam_sss can also prompt the user to insert a Smart Card if,
    during an authentication it is not available.
  * A new configuration option ad_gpo_implicit_deny was added.
    This option (when set to True) can be used to deny access to
    users even if there is not applicable GPO.
  * The dynamic DNS update can now batch DNS updates to include
    all address family updates in a single transaction.

==== suse-module-tools ====

- Only ship RPM macros up to suse_version 1500: after that, the
  macros can be found in the rpm-config-SUSE package.
- Move RPM macros to %_rpmmacrodir.

==== system-user-root ====
Version update (20170617 -> 20190513)

- Bump to version 20190513:
  * Invalidate root password by default (bsc#1134524)

==== systemd ====
Version update (241 -> 242)
Subpackages: libsystemd0 libudev1 systemd-logger systemd-sysvinit udev

- Import commit eaa7b8b148927d471609de75e542dffcc1b36df4
  7e58b89136 udevd: change the default value of udev.children-max (again) (bsc#1107617)
- Add 0001-rc-local-generator-deprecate-halt.local-support.patch
  /etc/init.d/halt.local support will removed from the next systemd
  version (v243) so for now on warn (hopefully the few) users who rely
  on this script so they have a chance to switch to systemd-shutdown
  interface.
- Add 0001-Revert-insserv.conf-generator.patch (bsc#1052837)
  All remaining packages have been fixed so they don't rely on the
  insser-generator to generate proper deps. So let's drop it as all
  services should carry the proper dependencies itself.
- Drop debug-only-remove-new-policies.patch
  The new DBUS methods have been reviewed by the security team.
- Import commit 9984a86d0d2259d54c7060f9c09f214202b4efa7
  f2459bf373 random-util: eat up bad RDRAND values seen on AMD CPUs
  c90a2e9793 util-lib: fix a typo in rdrand
  4db1cc9d46 random-util: rename "err" to "success"
  981a62a102 random-util: hash AT_RANDOM getauxval() value before using it
  64a9c3d918 random-util: use gcc's bit_RDRND definition if it exists
  c5d6ecfdca random-util: rename RANDOM_DONT_DRAIN ? RANDOM_MAY_FAIL
  298d13df7e network: remove redunant link name in message
  77cbde31f2 hwdb: Align airplane mode toggle key mapping for all Acer series
  460f03794e Revert "hwdb: Apply Acer mappings to all Gateway and Packard Bell models"
  fe9271ad84 test: return a non-zero return code when 'nobody' user doesn't exist
  29d355e755 fstab-generator: Prevent double free of reused FILE*
  f30f1adc11 meson: make source files including nspawn-settings.h depend on libseccomp
  84bab914b8 alloc-util: don't use malloc_usable_size() to determine allocated size
  5240972d8d units: drop reference to sushell man page
  0a26de5e33 codespell: fix spelling errors
  582de105c8 nspawn-expose-ports: fix a typo in error message
- Buildrequire polkit so /usr/share/polkit-1/rules.d has an owner
  Otherwise the "post build checks" would complain and would force
  systemd to own this directory. The owner should still be "polkit"
  and the perms should be in sync with the perm set by polkit
  itself.
- Add debug-only-remove-new-policies.patch
  A temporary patch to suppress the new DBUS methods introduced by
  v242 until they are reviewed and whitelisted by the secteam.
- Add a comment explaining why static enablement symlinks in /etc are suppressed
  Also remove any /etc/systemd/system/*.requires/ symlinks for the
  same reason.
- preset remote-cryptsetup.target during package installation
  This target is supposed to be part of the targets that should be
  enabled (or not depending on the presets) at package installation.
- Upgrade to v242 (commit 071c380dcc434dca2a0c8b6de0519cc9e816c6d6)
  See https://github.com/openSUSE/systemd/blob/SUSE/v242/NEWS for
  details.
- Drop "BuildRequires:  -post-build-checks" from the specfile (bsc#1130230)
  The syntax of this directive is obsolete and should be replaced by
  "#!BuildIgnore: post-build-checks".
  However there's no good reasons to disable these SUSE extra checks,
  so let's re-enable them and fix the few errors it detected.
- Import commit 4e6e66ea94cf5125f9044f0869939a86801ed2d8
  430877e794 pam-systemd: use secure_getenv() rather than getenv() (bsc#1132348 CVE-2019-3842)
  3cff2e6514 man: document that if the main process exits after SIGTERM we go directly to SIGKILL
  26c4f7191c bus: fix memleak on invalid message
- systemd-coredump: generate a stack trace of all core dumps (bsc#1128832)
  This stack trace is logged to the journal.

==== systemd-presets-common-SUSE ====

- Enable logwatch.timer (bsc#1112500).
- enable nvmefc-boot-connections.service to discover
  network-provided nvme drives on boot (bsc#1128428)

==== sysuser-tools ====

- Fix default home directory [bsc#1105934]
- Use _rpmmacrodir for macro file

==== sysvinit ====

- Add patch killproc-mntinf-optional.patch to handle various optional
  fields of /proc/<pid>/mountinfo on the entry/ies before the hypen
  (bsc#1131982)

==== talloc ====
Version update (2.1.14 -> 2.1.16)

- Update to version 2.1.16
  + Fix standalone build of talloc.
- Update to version 2.1.15
  + Deprecate talloc_set_memlimit() and talloc_autofree_context()
  + Fix undefined behavior in talloc_memdup
  + The build uses python3 by default:
  + --extra-python would take python2 now
  + To build with python2 only use:
    PYTHON=python2 ./configure
    PYTHON=python2 make
    PYTHON=python2 make install

==== tdb ====
Version update (1.3.16 -> 1.3.18)

- Update to 1.3.18
  + Fix build problems with older python versions.
  + C99 build fixes.
  + Fix standalone build of tdb.
- Update to 1.3.17

==== tevent ====
Version update (0.9.37 -> 0.9.39)

- Update to version 0.9.39
  + py_tevent: add_timer takes float argument
  + C99 build fixes.
  + Fix standalone build of tevent.
- Update to version 0.9.38
  + Deprecate tevent wrapper api again
  + Build fixes
  + The build uses python3 by default:
  + --extra-python would take python2 now
  + To build with python2 only use:
    PYTHON=python2 ./configure
    PYTHON=python2 make
    PYTHON=python2 make install

==== transactional-update ====
Version update (2.14.1 -> 2.14.2)
Subpackages: transactional-update-zypp-config

- Update to version 2.14.2
  - Prevent unnecessary error message on systems not installed with
    YaST (e.g. KIWI)
- Add requires for bc, needed for some calculations

==== ucode-intel ====
Version update (20190312 -> 20190514)

- Intel QSR 2019.1 Microcode release (bsc#1111331 CVE-2018-12126
  CVE-2018-12130 CVE-2018-12127 CVE-2019-11091)
  Processor             Identifier     Version       Products
  Model        Stepping F-MO-S/PI      Old->New
  - --- new platforms ----------------------------------------
  VLV          C0       6-37-8/02           00000838 Atom Z series
  VLV          C0       6-37-8/0C           00000838 Celeron N2xxx, Pentium N35xx
  VLV          D0       6-37-9/0F           0000090c Atom E38xx
  CHV          C0       6-4c-3/01           00000368 Atom X series
  CHV          D0       6-4c-4/01           00000411 Atom X series
  CLX-SP       B1       6-55-7/bf           05000021 Xeon Scalable Gen2
  - --- updated platforms ------------------------------------
  SNB          D2/G1/Q0 6-2a-7/12 0000002e->0000002f Core Gen2
  IVB          E1/L1    6-3a-9/12 00000020->00000021 Core Gen3
  HSW          C0       6-3c-3/32 00000025->00000027 Core Gen4
  BDW-U/Y      E0/F0    6-3d-4/c0 0000002b->0000002d Core Gen5
  IVB-E/EP     C1/M1/S1 6-3e-4/ed 0000042e->0000042f Core Gen3 X Series; Xeon E5 v2
  IVB-EX       D1       6-3e-7/ed 00000714->00000715 Xeon E7 v2
  HSX-E/EP     Cx/M1    6-3f-2/6f 00000041->00000043 Core Gen4 X series; Xeon E5 v3
  HSX-EX       E0       6-3f-4/80 00000013->00000014 Xeon E7 v3
  HSW-U        C0/D0    6-45-1/72 00000024->00000025 Core Gen4
  HSW-H        C0       6-46-1/32 0000001a->0000001b Core Gen4
  BDW-H/E3     E0/G0    6-47-1/22 0000001e->00000020 Core Gen5
  SKL-U/Y      D0/K1    6-4e-3/c0 000000c6->000000cc Core Gen6
  BDX-ML       B0/M0/R0 6-4f-1/ef 0b00002e->00000036 Xeon E5/E7 v4; Core i7-69xx/68xx
  SKX-SP       H0/M0/U0 6-55-4/b7 0200005a->0000005e Xeon Scalable
  SKX-D        M1       6-55-4/b7 0200005a->0000005e Xeon D-21xx
  BDX-DE       V1       6-56-2/10 00000019->0000001a Xeon D-1520/40
  BDX-DE       V2/3     6-56-3/10 07000016->07000017 Xeon D-1518/19/21/27/28/31/33/37/41/48, Pentium D1507/08/09/17/19
  BDX-DE       Y0       6-56-4/10 0f000014->0f000015 Xeon D-1557/59/67/71/77/81/87
  BDX-NS       A0       6-56-5/10 0e00000c->0e00000d Xeon D-1513N/23/33/43/53
  APL          D0       6-5c-9/03 00000036->00000038 Pentium N/J4xxx, Celeron N/J3xxx, Atom x5/7-E39xx
  SKL-H/S      R0/N0    6-5e-3/36 000000c6->000000cc Core Gen6; Xeon E3 v5
  DNV          B0       6-5f-1/01 00000024->0000002e Atom C Series
  GLK          B0       6-7a-1/01 0000002c->0000002e Pentium Silver N/J5xxx, Celeron N/J4xxx
  AML-Y22      H0       6-8e-9/10 0000009e->000000b4 Core Gen8 Mobile
  KBL-U/Y      H0       6-8e-9/c0 0000009a->000000b4 Core Gen7 Mobile
  CFL-U43e     D0       6-8e-a/c0 0000009e->000000b4 Core Gen8 Mobile
  WHL-U        W0       6-8e-b/d0 000000a4->000000b8 Core Gen8 Mobile
  WHL-U        V0       6-8e-d/94 000000b2->000000b8 Core Gen8 Mobile
  KBL-G/H/S/E3 B0       6-9e-9/2a 0000009a->000000b4 Core Gen7; Xeon E3 v6
  CFL-H/S/E3   U0       6-9e-a/22 000000aa->000000b4 Core Gen8 Desktop, Mobile, Xeon E
  CFL-S        B0       6-9e-b/02 000000aa->000000b4 Core Gen8
  CFL-H/S      P0       6-9e-c/22 000000a2->000000ae Core Gen9
  CFL-H        R0       6-9e-d/22 000000b0->000000b8 Core Gen9 Mobile

==== util-linux ====
Version update (2.33.1 -> 2.33.2)
Subpackages: libblkid1 libfdisk1 libmount1 libsmartcols1 libuuid1

- Update to version 2.33.2 (bsc#1134337):
  * agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
  * mount: Fix "mount" output for net file systems (bsc#1122417).
  * Many Other fixes, see
    https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes
- Fix problems in reading of login.defs values (bsc#1121197,
  util-linux-login_defs-priority1.patch,
  util-linux-login_defs-priority2.patch,
  util-linux-login_defs-SYS_UID.patch).
- Perform one-time reset of /etc/default/su (bsc#1121197).
- Add virtual symbols for login.defs compatibility (bsc#1121197).
- Add login.defs safety check util-linux-login_defs-check.sh
  (bsc#1121197).

==== util-linux-systemd ====
Version update (2.33.1 -> 2.33.2)

- Update to version 2.33.2 (bsc#1134337):
  * agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
  * mount: Fix "mount" output for net file systems (bsc#1122417).
  * Many Other fixes, see
    https://www.kernel.org/pub/linux/utils/util-linux/v2.33/v2.33.2-ReleaseNotes
- Fix problems in reading of login.defs values (bsc#1121197,
  util-linux-login_defs-priority1.patch,
  util-linux-login_defs-priority2.patch,
  util-linux-login_defs-SYS_UID.patch).
- Perform one-time reset of /etc/default/su (bsc#1121197).
- Add virtual symbols for login.defs compatibility (bsc#1121197).
- Add login.defs safety check util-linux-login_defs-check.sh
  (bsc#1121197).

==== vim ====
Version update (8.1.1066 -> 8.1.1330)
Subpackages: vim-data-common

- Updated to version 8.1.1330, fixes the following problems
- refreshed disable-unreliable-tests.patch
  * Running make in src/po leaves LINGUAS file behind. (Ken Takata)
  * Delaying half a second after the top-bot message.
  * Detecting *.tmpl as htmlcheetah is outdated.
  * Test17 is old style.
  * Running tests leaves XTest_tabpage_cmdheight file behind.
  * Cannot build with +eval but without +mouse.
  * Search stats don't show for mapped command.
  * May not have enough space to add "W" to search stats.
  * .hgignore and .gitignore are either distributed or in git, not both.
  * Not easy to change directory and restore.
  * Invalid command line arguments not tested.
  * When vimrun.exe does not exist external command may fail.
  * Crash when using invalid command line argument.
  * Invalid argument test fails without GTK.
  * Invalid argument test fails without X clipboard.
  * "extends" from 'listchars' is used when 'list' is off. (Hiroyuki Yoshinaga)
  * In a terminal 'ballooneval' does not work right away.
  * When compiled with VIMDLL some messages are not shown.
  * v:beval_text is not tested in Visual mode.
  * Not possible to hide a balloon.
  * There is no easy way to manipulate environment variables.
  * Borland support is outdated and doesn't work.
  * Cannot reconnect to the X server after it restarted.
  * The Normal highlight is not defined when compiled with GUI.
  * Test for Normal highlight fails on MS-Windows GUI.
  * Named function arguments are never optional.
  * Aborting an autocmd with an exception is not tested.
  * Coverity warning for using uninitialized variable.
  * Warnings for using localtime() and ctime().
  * There is always a delay if a termrequest is never answered.
  * Duplicated localtime() call.
  * Output from Travis can be improved.
  * Code for text changes is in a "misc" file.
  * Computing function length name in many places.
  * It is not possible to track changes to a buffer.
  * No docs or tests for listener functions.
  * Cygwin makefile is not nicely indented.
  * 'mouse' option is reset when using GPM mouse.
  * Stray comma in VMS makefile.
  * Cannot build with +eval but without +channel and +timers. (John Marriott)
  * No test for listener with partial.
  * Unnecessary scroll after horizontal split.
  * No test for listener with undo operation.
  * Plans for popup window support are spread out.
  * Using bold attribute in terminal changes the color. (Jason Franklin)
- Updated to version 8.1.1282, fixes the following problems
- refresh disable-unreliable-tests.patch
  * Bracketed paste may remain active after Vim exists, because the terminal
  emulater restores the setting.
  * No test for :abclear.
  * Old style comments in debugger source.
  * Output of :command is hard to read.
  * Always get regexp debugging logs when building with -DDEBUG.
  * Some autocmd tests are old style.
  * Output of :command with address completion is not nice.
  * A BufReadPre autocommand may cause the cursor to move.
  * User command parsing and listing not properly tested.
  * Some compilers give warning messages.
  * Links to repository use wrong file name.
  * Clever compiler warns for buffer being too small.
  * Support for user commands is spread out. No good reason to make user
  commands optional.
  * Not all user command code is tested.
  * Signal PWR is not tested.
  * "make clean" in top dir does not cleanup indent test output.
  * Old style tests.
  * "make clean" does not remove generated src/po files.
  * Mouse middle click is not tested.
  * MS-Windows: no space reserved for font quality name.
  * Cannot set a directory for a tab page.
  * Not checking for NULL return from alloc().
  * Build fails on MS-Windows.
  * Filtering does not work when listing marks.
  * Middle mouse click test fails without a clipboard.
  * {not in Vi} remarks get in the way of useful help text.
  * Duplicate entries in the generate .desktop files. (Ralf Schandl)
  * Not possible to process tags with a function.
  * Warning for posix_openpt() not declared. (Tony Mechelynck)
  * A lot of code is shared between vim.exe and gvim.exe.
  * Asking about existing swap file unnecessarily.
  * Cannot build tiny version.
  * Compiler warnings for using STRLEN() value.
  * sjiscorr.c not found in shadow directory. (Tony Mechelynck)
  * Error for using "compl", reserved word in C++.
  * MS-Windows: compiler warning for sprintf() format.
  * Key with byte sequence containing CSI does not work.
  * Runtime desktop files are overwritten by build. (Tony Mechelynck)
  * Ex command info contains confusing information.
  * No cmdline redraw when tabpages have different 'cmdheight'.
  * Compiler warnings for incomplete switch statement. (Tony Mechelynck)
  * No tests for CTRL-mouse-click.
  * ":copen 10" sets height in full-height window. (Daniel Hahler)
  * Cannot handle negative mouse coordinate from urxvt.
  * Urxvt mouse codes are not tested.
  * No test for dec mouse.
  * Compiler warning for uninitialized variable.
  * No test for netterm mouse.
  * No test for completion of mapping keys.
  * Not all mapping completion is tested.
  * Mapping completion test fails.
  * Mapping completion contains dead code.
  * Building desktop files fails on FreeBSD. (Adam Weinberger)
  * Cannot navigate through errors relative to the cursor.
  * The "N files to edit" message can not be surpressed.
  * Crash when exiting early. (Ralf Schandl)
  * Comparing with pointer instead of value.
  * No error for quickfix commands with negative range.
  * Cannot simulate a mouse click in a test.
  * Mouse clicks in WinBar not tested.
  * Crash when closing window from WinBar click. (Ben Jackson)
  * When GPM mouse support is enabled double clicks in xterm do not work.
  * Winbar test doesn't test enough.
  * Cannot check if GPM mouse support is working.
  * Map completion test fails in GUI.
  * Cannot see current match position.
  * Compiler warnings for use of STRNCPY(). (John Marriott)
  * Click on WinBar of other window not tested.
  * Compiler warning in direct write code.
  * After :unmenu can still execute the menu with :emenu.
  * Cannot navigate to errors before/after the cursor.
  * Cannot combine text properties with syntax highlighting.
  * Missing screenshot update.
  * Missing change for "combine" field.
  * Cannot set 'spellang' to "sr@latin". (Bojan Stipic)
  * Cannot specify a count with :chistory.
  * Running make in src/po leaves LINGUAS file behind. (Ken Takata)
- Updated to version 8.1.1198, fixes the following problems
  * Xterm mouse wheel escape sequence is not tested.
  * Plugins don't get notified when the popup menu changes.
  * No test for what is fixed in patch 8.1.0716.
  * Not easy to find out what neighbors a window has.
  * Terminal winpos test fails with very large terminal. (Dominique Pelle)
  * No test for dragging the window separators with the mouse.
  * May pass weird strings to file name expansion.
  * Too strict checking of the 'spellfile' option.
  * Compiler warning for unused function. (Tony Mechelynck)
  * Desktop file translations are requiring manual updates.
  * CTRL-L with 'incsearch' does not pick up char under cursor. (Smylers)
  * Building desktop files fails with older msgfmt.
  * Generating desktop files not tested on Travis.
  * Build fails when using shadow directory.
  * Msgfmt complains about missing LINGUAS file. (Tony Mechelynck)
  * Getting a newer msgfmt on Travis is too complicated.
  * Termcodes tests can be improved.
  * Unicode emoji and other image characters not recognized.
  * Unicode tables are out of date.
  * Json encoded string is sometimes missing the final NUL.
  * Termcodes test would fail in a very big terminal.
  * Unreachable code.
  * Incorrect coverage information; typo in color name.
  * Codecov does not report all the coverage information.
  * Gettitle test is failing when server name differs. (Kenta Sato)
  * No test for mouse clicks in the terminal tabpage line.
  * Gettitle test can still fail when another Vim is running.
  * No test for closing tab by click in tabline.
  * Not all screen update code of the terminal window is executed in tests.
  * Writing coverage info in a separate dir is not needed.
  * Terminal ANSI color test does not cover all colors.
  * Statusline test could fail in large terminal.
  * Cursor properties were not fully tested.
  * Suspend test has duplicated lines.
  * No test for dragging a tab with the mouse and for creating a new tab by
  double clicking in the tabline.
  * Test for dragging a tab is flaky.
  * .ts files are recognized as xml, while typescript is more common.
  * When mouse click tests fails value of 'ttytype' is unknown.
  * No test for mouse clicks in the fold column.
  * Vim script debugger tests are old style.
  * Tests for mouse clicks are a bit flaky when run in an interactive terminal.
  * Some function prototypes are outdated.
  * Typos in VisVim comments.
  * Undo file left behind after running test.
  * Mapping for CTRL-X is inconsistent.
  * readdir() allocates list twice.
  * Cannot recognize Pipfile.
  * Not all Vim variables require the v: prefix.
  * Mode is not cleared when leaving Insert mode.
  * has('vimscript-3') does not work.
  * Not all debug commands are covered by a test.
  * Mode is not cleared when leaving Insert mode with mapped Esc.
  * Typos and small problems in test files.
  * Typos and small problems in source files.
  * Vim script debugger functionality needs cleanup.
  * Parallel build may fail.
  * When starting with multiple tabs file messages is confusing.
- Updated to version 8.1.1137, fixes the following problems
- refreshed disable-unreliable-tests.patch
  * Cannot get all the information about current completion.
  * Source README file doesn't look nice on github.
  * Issue templates are not good enough.
  * Cannot get composing characters from the screen.
  * Extending sign and foldcolumn below the text is confusing.
  * Space in number column is on wrong side with 'rightleft' set.
  * Python test doesn't wipe out hidden buffer.
  * Function reference count wrong in Python code.
  * File for Insert mode is much too big.
  * reg_executing() is reset by calling input().
  * When 'listchars' is set a composing char on a space is wrong.
  * No need for a separate ScreenLinesUtf8() test function.
  * When a screendump test fails, moving the file is a hassle.
  current code page.
  * "Conceal" match is mixed up with 'hlsearch' match.
  * Cannot delete a match from another window. (Paul Jolly)
  * Compiler warning for possibly uninitialized variable. (Tony Mechelynck)
  * Too many curly braces.
  * tag stack is incorrect after CTRL-T and then :tag
  * Height of quickfix window not retained with vertical split.
  * Tutor does not check $LC_MESSAGES.
  * Setting 'guifont' when maximized resizes the Vim window. When 'guioptions'
  contains "k" gvim may open with a tiny window.
  * Support for outdated tags format slows down tag parsing.
  * Long line in tags file causes error.
  * Quickfix code duplication.
  * The do_tag() function is too long.
  * Tag file without trailing newline no longer works. (Marco Hinz)
  * Signals test may fail in the GUI.
  * Long escape sequences may be split up.
  * No test for 'writedelay'.
  * No test for 'visualbell'.
  * Test for 'visualbell' doesn't work.
  * Deleted file still in list of distributed files.
  * Composing chars on space wrong when 'listchars' is set.
  * It is not easy to check for infinity.
  * Duplicate code in quickfix file.
  * Making an autocommand trigger once is not so easy.
  * Confusing overloaded operator "." for string concatenation.
  * Cannot build with older C compiler.
  * Cannot enforce a Vim script style.
  * Build failure without the +eval feature.
  * A couple of conditions are hard to understand.
  * Cannot easily get directory entry matches.
  * Test for term_gettitle() was disabled.
  * char2nr() does not handle composing characters.
  * No way to avoid filtering for autocomplete function, causing flickering
  of the popup menu.
  * Insert completion flags are mixed up.
  * Libvterm does not handle the window position report.
  * Build failure with +terminal but without tgetent.
  * When making a new screendump test have to create the file.
  * Compiler warning for uninitialized struct member. (Yegappan Lakshmanan)
  * Buffer for quickfix window is reused for another file.
  * Build failure for small version. (Tony Mechelynck)
  * Decoding of mouse click escape sequence is not tested.
  * Xterm mouse wheel escape sequence is not tested.

==== xen ====
Version update (4.12.0_08 -> 4.12.0_12)

- Disable LTO (boo#1133296).
- Remove arm32 from ExclusiveArch to fix build
- bsc#1111331 - VUL-0: CPU issues Q2 2019 aka "Group 4"
  xsa297-0a.patch
  xsa297-0b.patch
  xsa297-0c.patch
  xsa297-0d.patch
  xsa297-1.patch
  xsa297-2.patch
  xsa297-3.patch
- Update 5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch and
  drop 5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch
  Refresh 5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
- bsc#1131811 - [XEN] internal error: libxenlight failed to create
  new domain. This patch is a workaround for a systemd issue. See
  patch header for additional comments.
  xenstore-launch.patch
- bsc#1125378 - [xen][pygrub] Can not restore sle11sp4 pv guest
  after upgrading host from sle11sp4 to sle15sp1
  pygrub-python3-conversion.patch
- Fix "TypeError: virDomainDefineXML() argument 2 must be str or
  None, not bytes" when converting VMs from using the xm/xend
  toolstack to the libxl/libvirt toolstack. (bsc#1123378)
  xen2libvirt.py
- bsc#1124560 - Fully virtualized guests crash on boot
  5cac6cba-vmx-Fixup-removals-of-MSR-load-save-list-entries.patch
- bsc#1121391 - GCC 9: xen build fails
  5c8f752c-x86-e820-build-with-gcc9.patch
- Upstream bug fixes (bsc#1027519)
  5c87b644-IOMMU-leave-enabled-for-kexec-crash.patch
  5c87b6a2-x86-HVM-dont-crash-guest-in-find_mmio_cache.patch
  5c87e6d1-x86-TSX-controls-for-RTM-force-abort-mode.patch
  5c8fb92d-x86-HVM-split-linear-reads-and-writes.patch
  5c8fb951-x86-HVM-finish-IOREQs-correctly-on-completion.patch
  5c8fc6c0-x86-MSR-shorten-ARCH_CAPABILITIES.patch
  5c8fc6c0-x86-SC-retpoline-safety-calculations-for-eIBRS.patch
  5c9e63c5-credit2-SMT-idle-handling.patch
  5ca46b68-x86emul-no-GPR-update-upon-AVX-gather-failures.patch
  5ca773d1-x86emul-dont-read-mask-reg-without-AVX512F.patch
  5cab1f66-timers-fix-memory-leak-with-cpu-plug.patch
  5cac6219-xen-cpu-Fix-ARM-build-following-cs-597fbb8.patch
- Install pkgconfig files into libdir instead of datadir

==== xfsprogs ====
Version update (4.20.0 -> 5.0.0)

- Update to v5.0.0
  * xfs_db: scan all sparse inodes when using 'frag'
  * Fix build with newer statx headers
  * libxfs: fix buffer & inode lifetimes
  * misc: fix strncpy length complaints from gcc
  * Merge libxfs from kernel 5.0

==== xmlsec1 ====
Version update (1.2.26 -> 1.2.28)
Subpackages: libxmlsec1-1 libxmlsec1-openssl1

- Update to 1.2.28:
  * Added BoringSSL support (chenbd).
  * Added gnutls-3.6.x support (alonbl).
  * Added DSA and ECDSA key size getter for MSCNG (vmiklos).
  * Added --enable-mans configuration option (alonbl).
  * Added coninuous build integration for MacOSX (vmiklos).
  * Several other small fixes (more details).
- Make sure to recommend at least one backend when you install
  just xmlsec1
- Drop the gnutls backend as based on the tests it is quite borked:
  * We still have nss and openssl backend for people to use
- Version update to 1.2.27:
  * Added AES-GCM support for OpenSSL and MSCNG (snargit).
  * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos).
  * Added RSA-OAEP support for MSCNG (vmiklos).
  * Continuous build integration in Travis and Appveyor.
  * Several other small fixes (more details).

==== yast2 ====
Version update (4.1.67 -> 4.2.3)

- Make sure the wizard buttons always remain visible in NCurses
  (bsc#1133367)
- 4.2.3
- give more verbose feedback in 'view_anymsg' client (bsc#1132658)
- 4.2.2
- Uninstall the "SUSE-Manager-Proxy" product when upgrading from
  SLES12 + SUMA Proxy + SUMA Branch Server (bsc#1133215)
- 4.2.1
- Allow not prescribing UI in yast2, to use YUILoader::loadUI.
  Required to load integration tests framework
  (poo#36712, bsc#1132247)
- 4.2.0
- Updated map for evaluating upgraded products
  (e.g. for SUSE-Manager). (bsc#1131503)
- Upgrade: Evaluating product obsoletes in order to show it in
  the proposal overview.
- 4.1.68
- Use noun phrase in summary.

==== zstd ====
Version update (1.3.8 -> 1.4.0)

- Update description with 1.4.0 statistics.
- Use FAT LTO objects in order to provide proper static library (boo#1133297).
- Update to new upstream release 1.4.0
  * perf: level 1 compression speed was improved by ~6?8%
  * cli: added --[no-]compress-literals flag to enable or disable
    literal compression
- Reword "real-time" in description by some actual statistics,
  because 603MB/s (lowest zstd level) is not "real-time" for
  quite some applications.