Packages changed:
  busybox
  container-selinux (2.187.0 -> 2.188.0)
  kernel-source (5.18.9 -> 5.18.11)
  keylime (6.4.1 -> 6.4.2)
  konsole
  libselinux
  libstorage-ng (4.5.27 -> 4.5.28)
  patterns-base
  patterns-microos
  perl
  pipewire (0.3.54 -> 0.3.55)
  python-html5lib
  selinux-policy (20220624 -> 20220714)
  suse-module-tools (16.0.21 -> 16.0.22)
  sysconfig (0.85.8 -> 0.90.0)
  wireplumber
  yast2-services-manager (4.5.0 -> 4.5.1)

=== Details ===

==== busybox ====
Subpackages: busybox-static

- prepare spec file for rpmbuild --build-in-place --noprep
- use bcond for static and ww3 subpackages
- fix verbose flag

==== container-selinux ====
Version update (2.187.0 -> 2.188.0)

- Update to version 2.188.0:
  * Allow confined containers to mount overlay filesystems
  Fixed bsc#1201348

==== kernel-source ====
Version update (5.18.9 -> 5.18.11)

- Refresh
  patches.suse/0001-drm-aperture-Run-fbdev-removal-before-internal-helpe.patch.
  Update upstream status.
- commit 4fcb983
- x86/mm: Simplify RESERVE_BRK() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit da1381f
- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit ce3ce6a
- Refresh
  patches.suse/x86-kvm-fix-FASTOP_SIZE-when-return-thunks-are-enabl.patch.
  Update to upstream version.
- commit 3f7e318
- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
  Update upstream status.
- commit eae54b1
- tty: use new tty_insert_flip_string_and_push_buffer() in
  pty_write() (bsc#1198829 CVE-2022-1462).
- tty: extract tty_flip_buffer_commit() from
  tty_flip_buffer_push() (bsc#1198829 CVE-2022-1462).
- commit cec52d3
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 86ef7b4
- x86/asm/32: fix ANNOTATE_UNRET_SAFE use on 32bit (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/static_call: Serialize __static_call_fixup() properly
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Disable RRSBA behavior (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/kexec: Disable RET on kexec (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/entry: Move PUSH_AND_CLEAR_REGS() back into error_entry
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Add Cannon lake to RETBleed affected CPU list
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- commit 834606b
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit 9dbc2f6
- x86/cpu/amd: Enumerate BTC_NO (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/common: Stamp out the stepping madness (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Prevent RSB underflow before vmenter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fill RSB on vmexit for IBRS (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Fix IBRS handling after vmexit (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Convert launched argument to flags (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- KVM: VMX: Flatten __vmx_vcpu_run() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Remove x86_spec_ctrl_mask (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Use cached host SPEC_CTRL value for guest
  entry/exit (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fix SPEC_CTRL write on SMT state change
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fix firmware entry SPEC_CTRL handling
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/cpu/amd: Add Spectral Chicken (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- objtool: Add entry UNRET validation (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/bugs: Do IBPB fallback check only once (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Add retbleed=ibpb (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/xen: Add UNTRAIN_RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/xen: Rename SYS* entry points (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- objtool: Update Retpoline validation (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- intel_idle: Disable IBRS during long idle (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Report Intel retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Split spectre_v2_select_mitigation() and
  spectre_v2_user_select_mitigation() (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/speculation: Add spectre_v2=ibrs option to support Kernel
  IBRS (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Optimize SPEC_CTRL MSR writes (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/entry: Add kernel IBRS implementation (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/bugs: Enable STIBP for JMP2RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- commit 023a0b9
- x86/bugs: Add AMD retbleed= boot parameter (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- Update config files.
- commit a4a04c4
- x86/bugs: Report AMD retbleed vulnerability (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86: Add magic AMD return-thunk (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- objtool: Treat .text.__x86.* as noinstr (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/entry: Avoid very early RET (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86: Use return-thunk in asm code (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/sev: Avoid using __x86_return_thunk (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/kvm: Fix SETcc emulation for return thunks (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/bpf: Use alternative RET encoding (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/ftrace: Use alternative RET encoding (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86,static_call: Use alternative RET encoding (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- objtool: skip non-text sections when adding return-thunk sites
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86,objtool: Create .return_sites (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86: Undo return-thunk damage (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/retpoline: Use -mfunction-return (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/retpoline: Swizzle retpoline thunk (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/retpoline: Cleanup some #ifdefery (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/cpufeatures: Move RETPOLINE flags to word 11 (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/kvm/vmx: Make noinstr clean (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/entry: Remove skip_r11rcx (bsc#1199657 CVE-2022-29900
  CVE-2022-29901).
- x86/entry: Don't call error_entry() for XENPV (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry()
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/entry: Switch the stack after error_entry() returns
  (bsc#1199657 CVE-2022-29900 CVE-2022-29901).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (bsc#1199657
  CVE-2022-29900 CVE-2022-29901).
- commit bc4fd7c
- Linux 5.18.11 (bsc#1012628).
- io_uring: fix provided buffer import (bsc#1012628).
- ALSA: usb-audio: Workarounds for Behringer UMC 204/404 HD
  (bsc#1012628).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (bsc#1012628).
- ALSA: cs46xx: Fix missing snd_card_free() call at probe error
  (bsc#1012628).
- can: bcm: use call_rcu() instead of costly synchronize_rcu()
  (bsc#1012628).
- can: grcan: grcan_probe(): remove extra of_node_get()
  (bsc#1012628).
- can: gs_usb: gs_usb_open/close(): fix memory leak (bsc#1012628).
- can: m_can: m_can_chip_config(): actually enable internal
  timestamping (bsc#1012628).
- can: m_can: m_can_{read_fifo,echo_tx_event}(): shift timestamp
  to full 32 bits (bsc#1012628).
- can: kvaser_usb: replace run-time checks with struct
  kvaser_usb_driver_info (bsc#1012628).
- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency
  regression (bsc#1012628).
- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits
  (bsc#1012628).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): improve workaround
  handling for mcp2517fd (bsc#1012628).
- can: mcp251xfd: mcp251xfd_regmap_crc_read(): update workaround
  broken CRC on TBC register (bsc#1012628).
- can: mcp251xfd: mcp251xfd_stop(): add missing hrtimer_cancel()
  (bsc#1012628).
- bpf: Fix incorrect verifier simulation around jmp32's jeq/jne
  (bsc#1012628).
- bpf: Fix insufficient bounds propagation from
  adjust_scalar_min_max_vals (bsc#1012628).
- usbnet: fix memory leak in error case (bsc#1012628).
- net: rose: fix UAF bug caused by rose_t0timer_expiry
  (bsc#1012628).
- net: lan966x: hardcode the number of external ports
  (bsc#1012628).
- netfilter: nft_set_pipapo: release elements in clone from
  abort path (bsc#1012628).
- selftests/net: fix section name when using xdp_dummy.o
  (bsc#1012628).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): use correct
  length to read dev_id (bsc#1012628).
- can: mcp251xfd: mcp251xfd_register_get_dev_id(): fix endianness
  conversion (bsc#1012628).
- can: rcar_canfd: Fix data transmission failed on R-Car V3U
  (bsc#1012628).
- ASoC: qdsp6: q6apm-dai: unprepare stream if its already prepared
  (bsc#1012628).
- MAINTAINERS: Remove iommu@lists.linux-foundation.org
  (bsc#1012628).
- iommu/vt-d: Fix PCI bus rescan device hot add (bsc#1012628).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (bsc#1012628).
- cxl/mbox: Use __le32 in get,set_lsa mailbox structures
  (bsc#1012628).
- cxl: Fix cleanup of port devices on failure to probe driver
  (bsc#1012628).
- fbdev: fbmem: Fix logo center image dx issue (bsc#1012628).
- fbmem: Check virtual screen sizes in fb_set_var() (bsc#1012628).
- fbcon: Disallow setting font bigger than screen size
  (bsc#1012628).
- fbcon: Prevent that screen size is smaller than font size
  (bsc#1012628).
- PM: runtime: Redefine pm_runtime_release_supplier()
  (bsc#1012628).
- PM: runtime: Fix supplier device management during consumer
  probe (bsc#1012628).
- memregion: Fix memregion_free() fallback definition
  (bsc#1012628).
- video: of_display_timing.h: include errno.h (bsc#1012628).
- fscache: Fix invalidation/lookup race (bsc#1012628).
- fscache: Fix if condition in fscache_wait_on_volume_collision()
  (bsc#1012628).
- powerpc/powernv: delay rng platform device creation until
  later in boot (bsc#1012628).
- net: dsa: qca8k: reset cpu port on MTU change (bsc#1012628).
- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus
  (bsc#1012628).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins
  (bsc#1012628).
- srcu: Tighten cleanup_srcu_struct() GP checks (bsc#1012628).
- ASoC: rt711: Add endianness flag in snd_soc_component_driver
  (bsc#1012628).
- ASoC: rt711-sdca: Add endianness flag in
  snd_soc_component_driver (bsc#1012628).
- ASoC: codecs: rt700/rt711/rt711-sdca: resume bus/codec in
  .set_jack_detect (bsc#1012628).
- ASoC: SOF: ipc3-topology: Move and correct size checks in
  sof_ipc3_control_load_bytes() (bsc#1012628).
- ASoC: SOF: Intel: hda: Fix compressed stream position tracking
  (bsc#1012628).
- arm64: dts: qcom: sm8450: fix interconnects property of UFS node
  (bsc#1012628).
- arm64: dts: qcom: msm8994: Fix CPU6/7 reg values (bsc#1012628).
- arm64: dts: qcom: sdm845: use dispcc AHB clock for mdss node
  (bsc#1012628).
- ARM: mxs_defconfig: Enable the framebuffer (bsc#1012628).
- arm64: dts: imx8mp-evk: correct mmc pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct the uart2 pinctl value
  (bsc#1012628).
- arm64: dts: imx8mp-evk: correct gpio-led pad settings
  (bsc#1012628).
- arm64: dts: imx8mp-evk: correct vbus pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct eqos pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct I2C5 pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct I2C1 pad settings (bsc#1012628).
- arm64: dts: imx8mp-evk: correct I2C3 pad settings (bsc#1012628).
- arm64: dts: imx8mp-phyboard-pollux-rdk: correct uart pad
  settings (bsc#1012628).
- arm64: dts: imx8mp-phyboard-pollux-rdk: correct eqos pad
  settings (bsc#1012628).
- arm64: dts: imx8mp-phyboard-pollux-rdk: correct i2c2 & mmc
  settings (bsc#1012628).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset
  (bsc#1012628).
- arm64: dts: qcom: msm8992-*: Fix vdd_lvs1_2-supply typo
  (bsc#1012628).
- ARM: at91: pm: use proper compatible for sama5d2's rtc
  (bsc#1012628).
- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt
  (bsc#1012628).
- ARM: at91: pm: use proper compatibles for sama7g5's rtc and rtt
  (bsc#1012628).
- ARM: dts: at91: sam9x60ek: fix eeprom compatible and size
  (bsc#1012628).
- ARM: dts: at91: sama5d2_icp: fix eeprom compatibles
  (bsc#1012628).
- ARM: at91: fix soc detection for SAM9X60 SiPs (bsc#1012628).
- xsk: Clear page contiguity bit when unmapping pool
  (bsc#1012628).
- i2c: piix4: Fix a memory leak in the EFCH MMIO support
  (bsc#1012628).
- i40e: Fix dropped jumbo frames statistics (bsc#1012628).
- i40e: Fix VF's MAC Address change on VM (bsc#1012628).
- ARM: dts: stm32: add missing usbh clock and fix clk order on
  stm32mp15 (bsc#1012628).
- ibmvnic: Properly dispose of all skbs during a failover
  (bsc#1012628).
- selftests: forwarding: fix flood_unicast_test when h2 supports
  IFF_UNICAST_FLT (bsc#1012628).
- selftests: forwarding: fix learning_test when h1 supports
  IFF_UNICAST_FLT (bsc#1012628).
- selftests: forwarding: fix error message in learning_test
  (bsc#1012628).
- ACPI: CPPC: Check _OSC for flexible address space (bsc#1012628).
- ACPI: bus: Set CPPC _OSC bits for all and when CPPC_LIB is
  supported (bsc#1012628).
- ACPI: CPPC: Only probe for _CPC if CPPC v2 is acked
  (bsc#1012628).
- ACPI: CPPC: Don't require _OSC if X86_FEATURE_CPPC is supported
  (bsc#1012628).
- net/mlx5e: Fix matchall police parameters validation
  (bsc#1012628).
- mptcp: Avoid acquiring PM lock for subflow priority changes
  (bsc#1012628).
- mptcp: Acquire the subflow socket lock before modifying MP_PRIO
  flags (bsc#1012628).
- mptcp: fix local endpoint accounting (bsc#1012628).
- r8169: fix accessing unset transport header (bsc#1012628).
- i2c: cadence: Unregister the clk notifier in error path
  (bsc#1012628).
- net/sched: act_api: Add extack to offload_act_setup() callback
  (bsc#1012628).
- net/sched: act_police: Add extack messages for offload failure
  (bsc#1012628).
- net/sched: act_police: allow 'continue' action offload
  (bsc#1012628).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (bsc#1012628).
- dmaengine: imx-sdma: only restart cyclic channel when enabled
  (bsc#1012628).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk
  transfer (bsc#1012628).
- misc: rtsx_usb: use separate command and response buffers
  (bsc#1012628).
- misc: rtsx_usb: set return value in rsp_buf alloc err path
  (bsc#1012628).
- dmaengine: dw-axi-dmac: Fix RMW on channel suspend register
  (bsc#1012628).
- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo
  (bsc#1012628).
- ida: don't use BUG_ON() for debugging (bsc#1012628).
- dmaengine: pl330: Fix lockdep warning about non-static key
  (bsc#1012628).
- dmaengine: lgm: Fix an error handling path in intel_ldma_probe()
  (bsc#1012628).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc()
  correctly (bsc#1012628).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
  (bsc#1012628).
- dmaengine: qcom: bam_dma: fix runtime PM underflow
  (bsc#1012628).
- dmaengine: ti: Add missing put_device in
  ti_dra7_xbar_route_allocate (bsc#1012628).
- dmaengine: idxd: force wq context cleanup on device disable path
  (bsc#1012628).
- commit 0e7e901
- Linux 5.18.10 (bsc#1012628).
- xen/arm: Fix race in RB-tree based P2M accounting (bsc#1012628).
- xen-netfront: restore __skb_queue_tail() positioning in
  xennet_get_responses() (bsc#1012628).
- xen/blkfront: force data bouncing when backend is untrusted
  (bsc#1012628).
- xen/netfront: force data bouncing when backend is untrusted
  (bsc#1012628).
- xen/netfront: fix leaking data in shared pages (bsc#1012628).
- xen/blkfront: fix leaking data in shared pages (bsc#1012628).
- hwmon: (ibmaem) don't call platform_device_del() if
  platform_device_add() fails (bsc#1012628).
- net: sparx5: mdb add/del handle non-sparx5 devices
  (bsc#1012628).
- net: sparx5: Add handling of host MDB entries (bsc#1012628).
- drm/fourcc: fix integer type usage in uapi header (bsc#1012628).
- platform/x86: panasonic-laptop: filter out duplicate volume
  up/down/mute keypresses (bsc#1012628).
- platform/x86: panasonic-laptop: don't report duplicate
  brightness key-presses (bsc#1012628).
- platform/x86: panasonic-laptop: revert "Resolve hotkey double
  trigger bug" (bsc#1012628).
- platform/x86: panasonic-laptop: sort includes alphabetically
  (bsc#1012628).
- platform/x86: panasonic-laptop: de-obfuscate button codes
  (bsc#1012628).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
  (bsc#1012628).
- drm/msm/gem: Fix error return on fence id alloc fail
  (bsc#1012628).
- drm/i915/dgfx: Disable d3cold at gfx root port (bsc#1012628).
- drm/i915/gem: add missing else (bsc#1012628).
- platform/x86: ideapad-laptop: Add allow_v4_dytc module parameter
  (bsc#1012628).
- drm/msm/dpu: Increment vsync_cnt before waking up userspace
  (bsc#1012628).
- cifs: fix minor compile warning (bsc#1012628).
- net: tun: avoid disabling NAPI twice (bsc#1012628).
- mlxsw: spectrum_router: Fix rollback in tunnel next hop init
  (bsc#1012628).
- ipv6: fix lockdep splat in in6_dump_addrs() (bsc#1012628).
- ipv6/sit: fix ipip6_tunnel_get_prl return value (bsc#1012628).
- nvmet: add a clear_ids attribute for passthru targets
  (bsc#1012628).
- fanotify: refine the validation checks on non-dir inode mask
  (bsc#1012628).
- tunnels: do not assume mac header is set in
  skb_tunnel_check_pmtu() (bsc#1012628).
- ACPI: video: Change how we determine if brightness key-presses
  are handled (bsc#1012628).
- nvmet-tcp: fix regression in data_digest calculation
  (bsc#1012628).
- tcp: add a missing nf_reset_ct() in 3WHS handling (bsc#1012628).
- cpufreq: qcom-hw: Don't do lmh things without a throttle
  interrupt (bsc#1012628).
- epic100: fix use after free on rmmod (bsc#1012628).
- tipc: move bc link creation back to tipc_node_create
  (bsc#1012628).
- NFC: nxp-nci: Don't issue a zero length i2c_master_read()
  (bsc#1012628).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value
  (bsc#1012628).
- platform/x86: ideapad-laptop: Add Ideapad 5 15ITL05 to
  ideapad_dytc_v4_allow_table[] (bsc#1012628).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO
  resource (bsc#1012628).
- powerpc/memhotplug: Add add_pages override for PPC
  (bsc#1012628).
- Update config files.
- net: dsa: felix: fix race between reading PSFP stats and port
  stats (bsc#1012628).
- net: bonding: fix use-after-free after 802.3ad slave unbind
  (bsc#1012628).
- selftests net: fix kselftest net fatal error (bsc#1012628).
- net: phy: ax88772a: fix lost pause advertisement configuration
  (bsc#1012628).
- net: bonding: fix possible NULL deref in rlb code (bsc#1012628).
- net: asix: fix "can't send until first packet is send" issue
  (bsc#1012628).
- net/sched: act_api: Notify user space if any actions were
  flushed before error (bsc#1012628).
- net/dsa/hirschmann: Add missing of_node_get() in
  hellcreek_led_setup() (bsc#1012628).
- netfilter: nft_dynset: restore set element counter when failing
  to update (bsc#1012628).
- s390: remove unneeded 'select BUILD_BIN2C' (bsc#1012628).
- vdpa/mlx5: Update Control VQ callback information (bsc#1012628).
- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch()
  (bsc#1012628).
- PM / devfreq: exynos-ppmu: Fix refcount leak in
  of_get_devfreq_events (bsc#1012628).
- io_uring: ensure that send/sendmsg and recv/recvmsg check
  sqe->ioprio (bsc#1012628).
- caif_virtio: fix race between virtio_device_ready() and
  ndo_open() (bsc#1012628).
- vfs: fix copy_file_range() regression in cross-fs copies
  (bsc#1012628).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
  (bsc#1012628).
- NFSD: restore EINVAL error translation in nfsd_commit()
  (bsc#1012628).
- NFS: restore module put when manager exits (bsc#1012628).
- net: ipv6: unexport __init-annotated seg6_hmac_net_init()
  (bsc#1012628).
- hwmon: (occ) Prevent power cap command overwriting poll response
  (bsc#1012628).
- selftests: mptcp: Initialize variables to quiet gcc 12 warnings
  (bsc#1012628).
- mptcp: fix conflict with <netinet/in.h> (bsc#1012628).
- selftests: mptcp: more stable diag tests (bsc#1012628).
- mptcp: fix race on unaccepted mptcp sockets (bsc#1012628).
- usbnet: fix memory allocation in helpers (bsc#1012628).
- net: usb: asix: do not force pause frames support (bsc#1012628).
- linux/dim: Fix divide by 0 in RDMA DIM (bsc#1012628).
- RDMA/cm: Fix memory leak in ib_cm_insert_listen (bsc#1012628).
- RDMA/qedr: Fix reporting QP timeout attribute (bsc#1012628).
- net: dp83822: disable rx error interrupt (bsc#1012628).
- net: dp83822: disable false carrier interrupt (bsc#1012628).
- net: fix IFF_TX_SKB_NO_LINEAR definition (bsc#1012628).
- net: tun: stop NAPI when detaching queues (bsc#1012628).
- net: tun: unlink NAPI from device on destruction (bsc#1012628).
- net: dsa: bcm_sf2: force pause link settings (bsc#1012628).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
  (bsc#1012628).
- virtio-net: fix race between ndo_open() and
  virtio_device_ready() (bsc#1012628).
- net: usb: ax88179_178a: Fix packet receiving (bsc#1012628).
- net: rose: fix UAF bugs caused by timer handler (bsc#1012628).
- SUNRPC: Fix READ_PLUS crasher (bsc#1012628).
- dm raid: fix KASAN warning in raid5_add_disks (bsc#1012628).
- dm raid: fix accesses beyond end of raid member array
  (bsc#1012628).
- cpufreq: amd-pstate: Add resume and suspend callbacks
  (bsc#1012628).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1012628).
- powerpc/book3e: Fix PUD allocation size in map_kernel_page()
  (bsc#1012628).
- powerpc/prom_init: Fix kernel config grep (bsc#1012628).
- parisc/unaligned: Fix emulate_ldw() breakage (bsc#1012628).
- parisc: Fix vDSO signal breakage on 32-bit kernel (bsc#1012628).
- ceph: wait on async create before checking caps for syncfs
  (bsc#1012628).
- nvdimm: Fix badblocks clear off-by-one error (bsc#1012628).
- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA IM2P33F8ABR1
  (bsc#1012628).
- nvme-pci: add NVME_QUIRK_BOGUS_NID for ADATA XPG SX6000LNP
  (AKA SPECTRIX S40G) (bsc#1012628).
- s390/archrandom: simplify back to earlier design and initialize
  earlier (bsc#1012628).
- net: phy: Don't trigger state machine while in suspend
  (bsc#1012628).
- ipv6: take care of disable_policy when restoring routes
  (bsc#1012628).
- ksmbd: use vfs_llseek instead of dereferencing NULL
  (bsc#1012628).
- ksmbd: check invalid FileOffset and BeyondFinalZero in
  FSCTL_ZERO_DATA (bsc#1012628).
- ksmbd: set the range of bytes to zero without extending file
  size in FSCTL_ZERO_DATA (bsc#1012628).
- drm/amdgpu: To flush tlb for MMHUB of RAVEN series
  (bsc#1012628).
- Revert "drm/amdgpu/display: set vblank_disable_immediate for DC"
  (bsc#1012628).
- drm/amdgpu: fix adev variable used in
  amdgpu_device_gpu_recover() (bsc#1012628).
- commit 97c4fd2

==== keylime ====
Version update (6.4.1 -> 6.4.2)
Subpackages: keylime-agent keylime-config keylime-firewalld keylime-logrotate keylime-registrar keylime-tpm_cert_store keylime-verifier python310-keylime

- Replace python-gpg requirement
- Fix consolidation for _distconfdir and _sysconfdir macro
- Update to version v6.4.2:
  * Bump version # to 6.4.2
  * Use python3-gpg instead of python3-gnupg
  * Update Packit CI tests to test both agent and zeromq revocation notifiers
  * ima_ast: Make entry parsing stricter
  * ima_ast: Calculate length of "n" and "n-ng" in bytes
  * Fix broken URLs in README (Additional Reading)
  * Remove CFSSL leftovers
  * signing: move exception handing to verify_signature()
  * Set revocation_notifiers = agent as default in keylime.conf
  * cloud_verifier: Support /notifications/revocation REST API
  * keylime_agent: Support /notifications/revocation REST method
  * revocation_notifier: Factor out revocation message processing
  * keylime: initialize supplementary groups when dropping privileges
  * Refactor allowlist processing to enable verifier-side signature checks
  * Full removal of the tenant WebApp
  * update roadmap for 2022 and 2023
  * docs: make Python requirements less strict
  * docs: update API documentation for 2.1, add missing fields for agent quote
  * Add python3-alembic to distros
  * Update fmf plans to run test with IMA policy
  * Drop SPDX-License-Identifier header
  * Adjust CI test name according to keylime-tests PR#125
  * ci: Run lint with Python 3.6 as well
  * [trivial]: fix style of recently added docs files
  * Improve error handling when doing signature verification
  * Fix coverage file paths in submit-HEAD-coverage workflow
  * Adding files from keylime-docs into main repo
- Fix keylime service home directory
- Adjust the directory for the TPM certificates

==== konsole ====
Subpackages: konsole-part konsole-part-lang

- Add patch to fix editing imported SSH hosts (kde#455290):
  * 0001-Fix-error-when-trying-to-edit-the-editable-parts-of-.patch

==== libselinux ====
Subpackages: libselinux1 selinux-tools

- Fixed initrd check in selinux-ready (bnc#1186127)
- Added restorecon_pin_file.patch. Fixes issus when running
  fixfiles/restorecon

==== libstorage-ng ====
Version update (4.5.27 -> 4.5.28)
Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1

- merge gh#openSUSE/libstorage-ng#888
- handle rootprefix when combining information from /etc/fstab and
  /proc/mounts
- added unit tests
- avoid deprecated fuunctions
- coding style
- typo fix and documentation update
- 4.5.28

==== patterns-base ====
Subpackages: patterns-base-base patterns-base-bootloader patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-x11 patterns-base-x11_enhanced

- Have the base pattern recommend service(network)

==== patterns-microos ====
Subpackages: patterns-microos-alt_onlyDVD patterns-microos-apparmor patterns-microos-base patterns-microos-base-microdnf patterns-microos-base-packagekit patterns-microos-base-zypper patterns-microos-basesystem patterns-microos-cloud patterns-microos-cockpit patterns-microos-defaults patterns-microos-desktop-common patterns-microos-desktop-gnome patterns-microos-desktop-kde patterns-microos-hardware patterns-microos-ima_evm patterns-microos-onlyDVD patterns-microos-ra_agent patterns-microos-ra_verifier patterns-microos-selinux patterns-microos-sssd_ldap

- Use gnome-initial-setup for configuring user on firstboot of MicroOS Desktop
- Add firewalld to the DVD pattern as YaST can be used to configure it
  during installation (boo#1200741)

==== perl ====
Subpackages: perl-base

- move builtin.pm to perl-base as File::Copy relies on it since last
  update.
  This fixes execution of builtime source services in OBS.

==== pipewire ====
Version update (0.3.54 -> 0.3.55)
Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-alsa pipewire-lang pipewire-modules-0_3 pipewire-pulseaudio pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools

- Add patch to fix audio after tty switching (boo#1201349):
  * 0002-spa-alsa-udev-Check-accessibility-of-pcm-devices-as-well.patch
- Update to version 0.3.55:
  * Highlights
  - Fix some more critical bugs in the new audioconvert and the
    queueing in pw-stream that causes stuttering and hickups.
  - HFP hardware volumes are now saved and restored.
  - Format conversions and mixing was improved.
  - Small bug fixes and improvements.
  * PipeWire
  - The queueing in pw-stream was improved with support for
    buffer prefetch in asynchronous mode.
  - Add a pw-filter unit test.
  * tools
  - pw-midiplay should now work again after improvements in
    pw-stream.
  * modules
  - The RAOP module was improved to support auth_setup.
  - The RAOP module should now handle timing packets better.
  - Add some more filter-chain examples.
  - The filter-chain now has a separate config file with the
    boilerplate settings. The examples are now just config
    snippets that can be dropped in .conf.d/ directories, such as
    the filter-chain.conf.d/ one.
  - Start suggesting to use target.object instead of node.target
    in docs and examples.
  * SPA
  - Use the cosh window again for the resampler. It should now
    give better resampler quality.
  - Rework the mixer functions. They were rewritten for higher
    precision and better performance. Add unit tests and
    benchmarks.
  - Improve format conversion for 32bits for avoid errors in
    clang because of undefined behaviour at extreme ranges.
  - Fix a bug in audioconvert where it would not consume the
    right amount of samples when the resampler was disabled.
    This could cause skipping and hickups.
  - Fix bug in audioconvert where it would try to convert the
    input samples multiple times, causing strange artefacts when
    upmixing.
  - Be more strict about valid JSON floats.
  - device.vendor.id and device.product.id should now always show
    up in 0xXXXX format and should not be converted to floats in
    pw-dump anymore.
  - Add triangular dither, add unit tests for noise generation,
    add some more optimisations.
  * Bluetooth
  - HFP and A2DP now expose different routes and thus can have
    different volumes.
  - HW Volumes for HFP are now synchronised better.
    Volume changes from HW buttons are now also saved.
- Rebase reduce-meson-dependency.patch.
- Add 0001-jack-only-mix-when-we-have-input-to-mix.patch: Fix an
  Ardour start-up crash.

==== python-html5lib ====

- Remove BuildRequires on mock.

==== selinux-policy ====
Version update (20220624 -> 20220714)
Subpackages: selinux-policy-targeted

- Update to version 20220714. Refreshed:
  * fix_init.patch
  * fix_systemd_watch.patch

==== suse-module-tools ====
Version update (16.0.21 -> 16.0.22)

- Update to version 16.0.22:
  * weak-modules2: only use kernel version under /run/regenerate-initrd
  (boo#1201387)

==== sysconfig ====
Version update (0.85.8 -> 0.90.0)
Subpackages: sysconfig-netconfig

- version 0.90.0
- sysconfig: cleanup network and wicked dependencies
- ppp: move /etc/ppp/ip-up to libexec directory
- spec: move further executables/scripts to /usr
- spec: revert to recommend wicked-service on <= 15.4
- spec: install scripts except of ip-up bellow of /usr
- spec: drop (sle11) legacy migration and rpm-utils
- ifuser: drop the artefact utility on >= 15.5
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: move scripts to a FHS conform libexec

==== wireplumber ====
Subpackages: libwireplumber-0_4-0 wireplumber-audio wireplumber-lang

- Add patch to fix crash on session end:
  * 0001-dbus-fix-crash-when-trying-to-reconnect.patch

==== yast2-services-manager ====
Version update (4.5.0 -> 4.5.1)

- Explicitly pull in systemctl for buildtime tests (jsc#SMO-84)
- 4.5.1