Removed rpms
============

 - aaa_base-malloccheck

Added rpms
==========

 - s390-tools-genprotimg-data

Package Source Changes
======================

kernel-default
+- Refresh
+  patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+  (don't print about zero-sized CMA reservation)
+- commit 14e6598
+
+- Update
+  patches.suse/usb-roles-fix-NULL-pointer-issue-when-put-module-s-r.patch
+  (bsc#1222609 CVE-2024-26747).
+  Added CVE reference
+- commit 5db3e1d
+
+- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen
+  PE (bsc#1222011 ltc#205900).
+- commit a6aad75
+
+- Update
+  patches.suse/0001-s390-cio-fix-race-condition-during-online-processing.patch
+  (bsc#1219485 bsc#1219451).
+- Update patches.suse/0001-s390-qdio-handle-deferred-cc1.patch
+  (bsc#1219485 bsc#1219451).
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485 bsc#1219451).
+- Update patches.suse/s390-qeth-handle-deferred-cc1.patch
+  (bsc#1219485 git-fixes bsc#1219451).
+- commit 097f888
+
+- Update
+  patches.suse/fbdev-savage-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26778 bsc#1222770).
+- commit fbfa53e
+
+- Update
+  patches.suse/fbdev-sis-Error-out-if-pixclock-equals-zero.patch
+  (git-fixes CVE-2024-26777 bsc#1222765).
+- commit 4648979
+
+- Update
+  patches.suse/tls-fix-use-after-free-on-failed-backlog-decryption.patch
+  (CVE-2024-26584 bsc#1220186 CVE-2024-26800 bsc#1222728).
+- commit 6cb76c6
+
+- crash: use macro to add crashk_res into iomem early for specific
+  arch (jsc#PED-7249, bsc#1222742).
+  Refresh patches.suse/kdump-implement-reserve_crashkernel_cma.patch.
+- commit b256f70
+
+- blacklist.conf: Disable irrelevant patch
+  We don't have syscall hardening in our kernels.
+- commit 36739c9
+
+- x86/bugs: Fix BHI documentation (git-fixes).
+- commit b981493
+
+- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
+- commit 6f75bb6
+
+- "nouveau: offload fence uevents work to workqueue"
+  Reference bug report and CVE number.
+- commit 92c99bd
+
+- Update patches.suse/RDMA-srpt-Support-specifying-the-srpt_service_guid-p.patch
+  (git-fixes bsc#1222449 CVE-2024-26744)
+- Update patches.suse/RDMA-qedr-Fix-qedr_create_user_qp-error-flow.patch
+  (git-fixes bsc#1222677 CVE-2024-26743)
+- Update patches.suse/IB-hfi1-Fix-sdma.h-tx-num_descs-off-by-one-error.patch
+  (git-fixes bsc#1222726 CVE-2024-26766)
+- commit 3b16fea
+
+- Revert patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch
+  (bsc#1220419 bsc#1222656).
+- Revert patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch
+  (bsc#1220419 bsc#1222656).
+- Refresh
+  patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
+  Revert dfa2f0483360 ("tcp: get rid of sysctl_tcp_adv_win_scale") to
+  resolve a performance regression in HTML traffic.
+- commit e2e7d0b
+
+- udp: Avoid call to compute_score on multiple sites
+  (bsc#1220709).
+- commit 78244c6
+
+- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
+- commit 3d18f9a
+
+- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto  (git-fixes).
+- Update config files.
+- commit b2f373b
+
+- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
+- commit 66c46fb
+
+- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
+- commit 6aec207
+
+- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
+- commit 1fdb38f
+
+- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
+- commit 13662e2
+
+- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (bsc#1222823).
+- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
+- commit 1bc31f7
+
+- KVM: x86: Add BHI_NO (bsc#1222823).
+- commit 07366ce
+
+- x86/bhi: Mitigate KVM by default (bsc#1222823).
+- commit 64cbcbe
+
+- x86/bhi: Add BHI mitigation knob (bsc#1222823).
+- Update config files.
+- commit 65ced6f
+
+- x86/bhi: Enumerate Branch History Injection (BHI) bug (bsc#1222823).
+- commit 5ca568d
+
+- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (bsc#1222823).
+- commit 496b11d
+
+- x86/bhi: Add support for clearing branch history at syscall entry (bsc#1222823).
+- commit dee5dff
+
+- Update
+  patches.suse/net-pds_core-Fix-possible-double-free-in-error-handl.patch
+  (git-fixes CVE-2024-26652 bsc#1222115).
+  Added CVE reference.
+- commit 070cd49
+
+- Update
+  patches.suse/net-atlantic-Fix-DMA-mapping-for-PTP-hwts-ring.patch
+  (git-fixes bsc#1222427 CVE-2024-26680).
+  Added CVE reference.
+- commit 97f0341
+
+- s390/cio: fix race condition during online processing
+  (bsc#1219485).
+- commit 83d7614
+
+- s390/qdio: handle deferred cc1 (bsc#1219485).
+- commit aec0983
+
+- s390/qeth: handle deferred cc1 (bsc#1219485 git-fixes).
+- commit 6c10bf2
+
+- Update
+  patches.suse/s390-cio-fix-invalid-EBUSY-on-ccw_device_start.patch
+  (git-fixes bsc#1220360 bsc#1219485).
+- commit 174a4e8
+
+- Update patches.suse/mmc-mmci-stm32-fix-DMA-API-overlapping-mappings-warn.patch (git-fixes CVE-2024-26787 bsc#1222781)
+- commit 2816ca9
+
+- Update patches.suse/dmaengine-fsl-qdma-fix-SoC-may-hang-on-16-byte-unali.patch (git-fixes CVE-2024-26790 bsc#1222784)
+- commit 0d6086f
+
+- Update patches.suse/spi-hisi-sfc-v3xx-Return-IRQ_NONE-if-no-interrupts-w.patch (git-fixes CVE-2024-26776 bsc#1222764)
+- commit ec068f3
+
+- Update to add bsc#1222531, CVE-2024-26756 references,
+  patches.suse/md-Don-t-register-sync_thread-for-reshape-directly-ad39.patch
+  (bsc#1219596, bsc#1222531, CVE-2024-26756).
+- commit de5884e
+
+- Update to add bsc#1222527, CVE-2024-26757 references,
+  patches.suse/md-Don-t-ignore-read-only-array-in-md_check_recovery-55a4.patch
+  (bsc#1219596, bsc#1222527, CVE-2024-26757).
+- commit 0b6b491
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-dm-verity-disable-tasklets-0a9b.patch
+  (bsc#1222416, CVE-2024-26718).
+- commit 59bf5a5
+
+- Update to add bsc# and CVE tags,
+  patches.suse/dm-crypt-don-t-modify-the-data-when-using-authentica-50c7.patch
+  (bsc#1222720, CVE-2024-26763).
+- commit 710cd5e
+
+- Update patches.suse/ARM-ep93xx-Add-terminator-to-gpiod_lookup_table.patch (git-fixes CVE-2024-26751 bsc#1222724)
+- commit a85b7fa
+
+- Update patches.suse/dmaengine-ti-edma-Add-some-null-pointer-checks-to-th.patch (git-fixes CVE-2024-26771 bsc#1222610)
+- commit b7bab4f
+
+- Update
+  patches.suse/gtp-fix-use-after-free-and-null-ptr-deref-in-gtp_gen.patch
+  (git-fixes CVE-2024-26754 bsc#1222632).
+- commit 0bddcea
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789 bsc#1222626).
+- commit 9c3828e
+
+- KVM: arm64: pmu: Resync EL0 state on counter rotation
+  (bsc#1219475).
+- commit 99d8e75
+
+- KVM: arm64: Always invalidate TLB for stage-2 permission faults
+  (bsc#1219478).
+- commit 1762ca5
+
+- Update
+  patches.suse/usb-cdns3-fixed-memory-use-after-free-at-cdns3_gadge.patch
+  (git-fixes CVE-2024-26749 bsc#1222680).
+- commit e627f8d
+
+- Update
+  patches.suse/powerpc-pseries-iommu-IOMMU-table-is-not-initialized.patch
+  (bsc#1220492 ltc#205270 CVE-2024-26745 bsc#1222678).
+- commit 6398fc1
+
+- Update
+  patches.suse/l2tp-pass-correct-message-length-to-ip6_append_data.patch
+  (bsc#1220419 CVE-2024-26752 bsc#1222667).
+- commit 1a3becd
+
+- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
+  (bsc#1222619).
+- commit a9c1ee0
+
+- Update
+  patches.suse/crypto-arm64-neonbs-fix-out-of-bounds-access-on-shor.patch
+  (git-fixes CVE-2024-26789).
+- commit 270f850
+
+- Update
+  patches.suse/usb-cdns3-fix-memory-double-free-when-handle-zero-pa.patch
+  (bsc#1222513 CVE-2024-26748).
+  Added CVE references
+- commit b3e425f
+
+- Update
+  patches.suse/usb-dwc3-gadget-Fix-NULL-pointer-dereference-in-dwc3.patch
+  (bsc#1222561 CVE-2024-26715).
+  Added CVE reference
+- commit ebacab7
+
+- Update
+  patches.suse/powerpc-pseries-iommu-DLPAR-add-doesn-t-completely-i.patch
+  (bsc#1215199 bsc#1219077 ltc#204477 CVE-2024-26738).
+- commit d6e4ef3
+
+- Update
+  patches.suse/drm-amd-display-Fix-array-index-out-of-bounds-in-dcn.patch
+  (git-fixes CVE-2024-26699 bsc#1222602).
+- commit f52d16e
+
+- Update
+  patches.suse/crypto-virtio-akcipher-Fix-stack-overflow-on-memcpy.patch
+  (git-fixes CVE-2024-26753 bsc#1222601).
+- commit 0099199
+
+- Update
+  patches.suse/ceph-prevent-use-after-free-in-encode_cap_msg.patch
+  (bsc#1221391 CVE-2024-26689).
+- commit 8a44287
+
+- Update
+  patches.suse/btrfs-do-not-ASSERT-if-the-newly-created-subvolume-a.patch
+  (bsc#1219126 CVE-2024-26727 bsc#1222536).
+- commit 7bb93e9
+
+- Update
+  patches.suse/net-mlx5-DPLL-Fix-possible-use-after-free-after-dela.patch
+  (git-fixes CVE-2024-26724 bsc#1222523).
+- commit bb60edc
+
+- Update
+  patches.suse/ASoC-rt5645-Fix-deadlock-in-rt5645_jack_detect_work.patch
+  (git-fixes CVE-2024-26722 bsc#1222520).
+- commit f0aaca0
+
+- Update
+  patches.suse/netdevsim-avoid-potential-loop-in-nsim_dev_trap_repo.patch
+  (git-fixes CVE-2024-26681 bsc#1222431).
+- commit 12b3ceb
+
+- Update patches.suse/wifi-iwlwifi-fix-double-free-bug.patch
+  (git-fixes CVE-2024-26694 bsc#1222466).
+- commit 5048255
+
+- fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+  (bsc#1219264 CVE-2024-0841).
+- commit 440934e
+
+- Update
+  patches.suse/HID-i2c-hid-of-fix-NULL-deref-on-failed-power-up.patch
+  (git-fixes CVE-2024-26717 bsc#1222360).
+- Update
+  patches.suse/arm64-entry-fix-ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD.patch
+  (git-fixes CVE-2024-26670 bsc#1222356).
+- Update
+  patches.suse/crypto-ccp-Fix-null-pointer-dereference-in-__sev_pla.patch
+  (git-fixes CVE-2024-26695 bsc#1222373).
+- Update
+  patches.suse/dpll-fix-possible-deadlock-during-netlink-dump-opera.patch
+  (jsc#PED-6079 CVE-2024-26725 bsc#1222369).
+- Update
+  patches.suse/drm-amd-display-Add-NULL-test-for-timing-generator-i.patch
+  (git-fixes CVE-2024-26661 bsc#1222323).
+- Update
+  patches.suse/drm-amd-display-Fix-panel_cntl-could-be-null-in-dcn2.patch
+  (git-fixes CVE-2024-26662 bsc#1222324).
+- Update
+  patches.suse/drm-amd-display-Implement-bounds-check-for-stream-en.patch
+  (git-fixes CVE-2024-26660 bsc#1222266).
+- Update
+  patches.suse/drm-amd-display-fix-null-pointer-dereference-on-edid.patch
+  (git-fixes CVE-2024-26728 bsc#1222370).
+- Update
+  patches.suse/drm-amdgpu-Fix-variable-mca_funcs-dereferenced-befor.patch
+  (git-fixes CVE-2024-26672 bsc#1222358).
+- Update
+  patches.suse/drm-i915-dsc-Fix-the-macro-that-calculates-DSCC_-DSC.patch
+  (git-fixes CVE-2024-26721 bsc#1222365).
+- Update
+  patches.suse/drm-msm-dpu-check-for-valid-hw_pp-in-dpu_encoder_hel.patch
+  (git-fixes CVE-2024-26667 bsc#1222331).
+- Update
+  patches.suse/hwmon-coretemp-Fix-out-of-bounds-memory-access.patch
+  (git-fixes CVE-2024-26664 bsc#1222355).
+- Update
+  patches.suse/lan966x-Fix-crash-when-adding-interface-under-a-lag.patch
+  (git-fixes CVE-2024-26723 bsc#1222367).
+- Update
+  patches.suse/mm-writeback-fix-possible-divide-by-zero-in-wb_dirty_limits-again.patch
+  (git-fixes CVE-2024-26720 bsc#1222364).
+- Update
+  patches.suse/msft-hv-2940-hv_netvsc-Fix-race-condition-between-netvsc_probe-an.patch
+  (git-fixes CVE-2024-26698 bsc#1222374).
+- Update
+  patches.suse/sr9800-Add-check-for-usbnet_get_endpoints.patch
+  (git-fixes CVE-2024-26651 bsc#1221337).
+- Update
+  patches.suse/usb-core-Prevent-null-pointer-dereference-in-update_.patch
+  (git-fixes CVE-2024-26716 bsc#1222359).
+- Update
+  patches.suse/wifi-mac80211-fix-RCU-use-in-TDLS-fast-xmit.patch
+  (git-fixes CVE-2024-26666 bsc#1222293).
+- Update
+  patches.suse/xhci-handle-isoc-Babble-and-Buffer-Overrun-events-pr.patch
+  (git-fixes CVE-2024-26659 bsc#1222317).
+- commit 967a843
+
+- Update
+  patches.suse/KVM-s390-vsie-fix-race-during-shadow-creation.patch
+  (git-fixes bsc#1219810 CVE-2023-52639 bsc#1222300).
+- Update
+  patches.suse/can-j1939-Fix-UAF-in-j1939_sk_match_filter-during-se.patch
+  (git-fixes CVE-2023-52637 bsc#1222291).
+- Update
+  patches.suse/can-j1939-prevent-deadlock-by-changing-j1939_socks_l.patch
+  (git-fixes CVE-2023-52638 bsc#1222299).
+- Update
+  patches.suse/drm-amd-display-Fix-disable_otg_wa-logic.patch
+  (git-fixes CVE-2023-52634 bsc#1222278).
+- Update
+  patches.suse/drm-amd-display-Refactor-DMCUB-enter-exit-idle-inter.patch
+  (git-fixes CVE-2023-52625 bsc#1222085).
+- Update
+  patches.suse/drm-amd-display-Wake-DMCUB-before-executing-GPINT-co.patch
+  (git-fixes CVE-2023-52624 bsc#1222083).
+- Update
+  patches.suse/drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch
+  (git-fixes CVE-2023-52632 bsc#1222274).
+- Update
+  patches.suse/libceph-just-wait-for-more-data-to-be-available-on-th.patch
+  (bsc#1221390 CVE-2023-52636 bsc#1222247).
+- Update
+  patches.suse/netfilter-nftables-exthdr-fix-4-byte-stack-OOB-write.patch
+  (CVE-2023-4881 bsc#1215221 CVE-2023-52628 bsc#1222117).
+- commit dc877fc
+
+- net: pds_core: Fix possible double free in error handling path
+  (git-fixes).
+- commit 2613145
+
multipath-tools
+- Update to version 0.9.8+88+suse.d504d83:
+  * Revert "libmultipath: fix max_sectors_kb on adding path"
+  (bsc#1222458)
+
+- Update to version 0.9.8+87+suse.f72b9f3:
+  * fix misspelled DM_UDEV_DISABLE_OTHER_RULES_FLAG in udev rules
+    (bsc#1220810)
+
+- Remove libmpathpersist-example-old.c, which has been obsolete
+  since multipath-tools 0.8.6.
+
+- Update to version 0.9.8+83+suse.bcae610 (bsc#1220374)
+  * multipath-tools: added NEWS.md
+
openssh
+- Make openssh-server recommend the openssh-server-config-rootlogin
+  package in SLE in order to keep the same behaviour of previous
+  SPs where the PermitRootLogin default was set to yes
+  (bsc#1221005).
+- Fix crypto-policies requirement to be set by openssh-server, not
+  the config-rootlogin subpackage.
+- Add back %config(noreplace) tag for more config files that were
+  already set like this in previous SPs.
+
+- Fix duplicate loading of dropins. (boo#1222467)
+
patterns-fonts
+- Update patterns-fonts.spec:
+  Add google-noto-sans-symbols-fonts google-noto-sans-symbols2-fonts
+  to default installation, to enable terminal display special
+  characters (bsc#1219553).
+
s390-tools
+- Amended the .spec file for x86_64
+  * Recommends: s390-tools-genprotimg-data
+
+- Amended the .spec file for s390-tools-genprotimg-data-*.noarch.rpm
+  * Removed the dependency on it on x86_64 platform
+  * Updated the Summary and Description of the *.noarch.rpm (bsc#1222675)
+
+- Updated the .spec file to enable Secure Execution in the Cloud (bsc#1222675)
+  * Creates a s390-tools-genprotimg-data-*.noarch.rpm package which includes
+    s390x bootload binaries for x86_64:
+  - /lib/s390-tools/stage3.bin
+  - /usr/share/s390-tools/genprotimg/stage3a.bin
+  - /usr/share/s390-tools/genprotimg/stage3b_reloc.bin
+  * Excludes the above binaries from the (main) s390-tools-*.s390x.rpm
+  * Requires: s390-tools-genprotimg-data
+