Packages changed:
  cni
  conmon (2.0.3 -> 2.0.9)
  kernel-default-base (5.4.7 -> 5.4.10)
  kernel-firmware (20191220 -> 20200107)
  kernel-source (5.4.7 -> 5.4.10)
  patterns-containers
  podman (1.6.4 -> 1.7.0)

=== Details ===

==== cni ====

- Set correct CNI version for 99-loopback.conf

==== conmon ====
Version update (2.0.3 -> 2.0.9)

- Add TimedOutMessage to config to share with go code
- Fix format string to limit the size of the string to 10
  characters
- Persist oom files on cgroup v2
- Revert the check for  the OOM counter on cgroups v1 before
  writing OOM file
- Add --persist-dir flag to allow important container files to be
  written to a persistent directory
- Check OOM counter on cgroups v1 before writing OOM file
- Use splice(2) to copy from stdin
- Kill the process group on timeout
- Add --persist-dir to allow callers to specify a directory that
  conmon should mirror certain important files that should persist
  reboots (right now, just the container exit file)
- Fix tight loop on OOM

==== kernel-default-base ====
Version update (5.4.7 -> 5.4.10)

- Remove iscsi_ibft (bsc#1157460)

==== kernel-firmware ====
Version update (20191220 -> 20200107)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd

- Update to version 20200107 (git commit 67d4ff59bf33):
  * Mellanox: Add new mlxsw_spectrum firmware xx.2000.2714
  * radeon: update oland rlc microcode from amdgpu
  * amdgpu: update vega20 microcode for 19.50
  * amdgpu: update vega12 microcode for 19.50
  * amdgpu: update vega10 microcode for 19.50
  * amdgpu: update picasso microcode for 19.50
  * amdgpu: update raven2 microcode for 19.50
  * amdgpu: update raven microcode for 19.50
  * amdgpu: update navi10 microcode for 19.50
  * amdgpu: update navi14 microcode for 19.50
  * amdgpu: add TA microcode for Raven asics
  * qed: Add firmware 8.42.2.0
  * Adjust WHENCE entry to check_whence doesn't complain
  * qcom: Switch SDM845 WLAN firmware
  * linux-firmware: add NXP firmware licence file

==== kernel-source ====
Version update (5.4.7 -> 5.4.10)

- Linux 5.4.10 (bnc#1012628).
- powerpc/pmem: Fix kernel crash due to wrong range value usage
  in flush_dcache_range (bnc#1012628).
- commit 556a6fe
- Linux 5.4.9 (bnc#1012628).
- drm/mcde: dsi: Fix invalid pointer dereference if panel cannot
  be found (bnc#1012628).
- nvme_fc: add module to ops template to allow module references
  (bnc#1012628).
- nvme-fc: fix double-free scenarios on hw queues (bnc#1012628).
- drm/amdgpu: add check before enabling/disabling broadcast mode
  (bnc#1012628).
- drm/amdgpu: add header line for power profile on Arcturus
  (bnc#1012628).
- drm/amdgpu: add cache flush workaround to gfx8 emit_fence
  (bnc#1012628).
- drm/amd/display: Map DSC resources 1-to-1 if numbers of OPPs
  and DSCs are equal (bnc#1012628).
- drm/amd/display: Fixed kernel panic when booting with DP-to-HDMI
  dongle (bnc#1012628).
- drm/amd/display: Change the delay time before enabling FEC
  (bnc#1012628).
- drm/amd/display: Reset steer fifo before unblanking the stream
  (bnc#1012628).
- drm/amd/display: update dispclk and dppclk vco frequency
  (bnc#1012628).
- nvme/pci: Fix write and poll queue types (bnc#1012628).
- nvme/pci: Fix read queue count (bnc#1012628).
- iio: st_accel: Fix unused variable warning (bnc#1012628).
- iio: adc: max9611: Fix too short conversion time delay
  (bnc#1012628).
- PM / devfreq: Fix devfreq_notifier_call returning errno
  (bnc#1012628).
- PM / devfreq: Set scaling_max_freq to max on OPP notifier error
  (bnc#1012628).
- PM / devfreq: Don't fail devfreq_dev_release if not in list
  (bnc#1012628).
- afs: Fix afs_find_server lookups for ipv4 peers (bnc#1012628).
- afs: Fix SELinux setting security label on /afs (bnc#1012628).
- RDMA/cma: add missed unregister_pernet_subsys in init failure
  (bnc#1012628).
- rxe: correctly calculate iCRC for unaligned payloads
  (bnc#1012628).
- scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func
  (bnc#1012628).
- scsi: qla2xxx: Use explicit LOGO in target mode (bnc#1012628).
- scsi: qla2xxx: Drop superfluous INIT_WORK of del_work
  (bnc#1012628).
- scsi: qla2xxx: Don't call qlt_async_event twice (bnc#1012628).
- scsi: qla2xxx: Fix PLOGI payload and ELS IOCB dump length
  (bnc#1012628).
- scsi: qla2xxx: Configure local loop for N2N target
  (bnc#1012628).
- scsi: qla2xxx: Send Notify ACK after N2N PLOGI (bnc#1012628).
- scsi: qla2xxx: Don't defer relogin unconditonally (bnc#1012628).
- scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (bnc#1012628).
- scsi: iscsi: qla4xxx: fix double free in probe (bnc#1012628).
- scsi: libsas: stop discovering if oob mode is disconnected
  (bnc#1012628).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func
  (bnc#1012628).
- staging/wlan-ng: add CRC32 dependency in Kconfig (bnc#1012628).
- drm/nouveau: Move the declaration of struct nouveau_conn_atom
  up a bit (bnc#1012628).
- drm/nouveau: Fix drm-core using atomic code-paths on pre-nv50
  hardware (bnc#1012628).
- drm/nouveau/kms/nv50-: fix panel scaling (bnc#1012628).
- usb: gadget: fix wrong endpoint desc (bnc#1012628).
- net: make socket read/write_iter() honor IOCB_NOWAIT
  (bnc#1012628).
- afs: Fix mountpoint parsing (bnc#1012628).
- afs: Fix creation calls in the dynamic root to fail with
  EOPNOTSUPP (bnc#1012628).
- raid5: need to set STRIPE_HANDLE for batch head (bnc#1012628).
- md: raid1: check rdev before reference in raid1_sync_request
  func (bnc#1012628).
- s390/cpum_sf: Adjust sampling interval to avoid hitting sample
  limits (bnc#1012628).
- s390/cpum_sf: Avoid SBD overflow condition in irq handler
  (bnc#1012628).
- RDMA/counter: Prevent auto-binding a QP which are not tracked
  with res (bnc#1012628).
- IB/mlx4: Follow mirror sequence of device add during device
  removal (bnc#1012628).
- IB/mlx5: Fix steering rule of drop and count (bnc#1012628).
- xen-blkback: prevent premature module unload (bnc#1012628).
- xen/balloon: fix ballooned page accounting without hotplug
  enabled (bnc#1012628).
- PM / hibernate: memory_bm_find_bit(): Tighten node optimisation
  (bnc#1012628).
- ALSA: hda/realtek - Add Bass Speaker and fixed dac for bass
  speaker (bnc#1012628).
- ALSA: hda/realtek - Enable the bass speaker of ASUS UX431FLC
  (bnc#1012628).
- PCI: Add a helper to check Power Resource Requirements _PR3
  existence (bnc#1012628).
- ALSA: hda: Allow HDA to be runtime suspended when dGPU is not
  bound to a driver (bnc#1012628).
- PCI: Fix missing inline for pci_pr3_present() (bnc#1012628).
- ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1
  7th gen (bnc#1012628).
- tcp: fix data-race in tcp_recvmsg() (bnc#1012628).
- shmem: pin the file in shmem_fault() if mmap_sem is dropped
  (bnc#1012628).
- taskstats: fix data-race (bnc#1012628).
- ALSA: hda - Downgrade error message for single-cmd fallback
  (bnc#1012628).
- netfilter: nft_tproxy: Fix port selector on Big Endian
  (bnc#1012628).
- block: add bio_truncate to fix guard_bio_eod (bnc#1012628).
- mm: drop mmap_sem before calling balance_dirty_pages() in
  write fault (bnc#1012628).
- ALSA: ice1724: Fix sleep-in-atomic in Infrasonic Quartet
  support code (bnc#1012628).
- ALSA: usb-audio: fix set_format altsetting sanity check
  (bnc#1012628).
- ALSA: usb-audio: set the interface format after resume on Dell
  WD19 (bnc#1012628).
- ALSA: hda - Apply sync-write workaround to old Intel platforms,
  too (bnc#1012628).
- ALSA: hda/realtek - Add headset Mic no shutup for ALC283
  (bnc#1012628).
- drm/sun4i: hdmi: Remove duplicate cleanup calls (bnc#1012628).
- drm/amdgpu/smu: add metrics table lock (bnc#1012628).
- drm/amdgpu/smu: add metrics table lock for arcturus (v2)
  (bnc#1012628).
- drm/amdgpu/smu: add metrics table lock for navi (v2)
  (bnc#1012628).
- drm/amdgpu/smu: add metrics table lock for vega20 (v2)
  (bnc#1012628).
- MIPS: BPF: Disable MIPS32 eBPF JIT (bnc#1012628).
- MIPS: BPF: eBPF JIT: check for MIPS ISA compliance in Kconfig
  (bnc#1012628).
- MIPS: Avoid VDSO ABI breakage due to global register variable
  (bnc#1012628).
- media: pulse8-cec: fix lost cec_transmit_attempt_done() call
  (bnc#1012628).
- media: cec: CEC 2.0-only bcast messages were ignored
  (bnc#1012628).
- media: cec: avoid decrementing transmit_queue_sz if it is 0
  (bnc#1012628).
- media: cec: check 'transmit_in_progress', not 'transmitting'
  (bnc#1012628).
- mm/memory_hotplug: shrink zones when offlining memory
  (bnc#1012628).
- mm/zsmalloc.c: fix the migrated zspage statistics (bnc#1012628).
- memcg: account security cred as well to kmemcg (bnc#1012628).
- mm: move_pages: return valid node id in status if the page is
  already on the target node (bnc#1012628).
- mm/oom: fix pgtables units mismatch in Killed process message
  (bnc#1012628).
- ocfs2: fix the crash due to call ocfs2_get_dlm_debug once less
  (bnc#1012628).
- pstore/ram: Write new dumps to start of recycled zones
  (bnc#1012628).
- pstore/ram: Fix error-path memory leak in persistent_ram_new()
  callers (bnc#1012628).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS
  again (bnc#1012628).
- locks: print unsigned ino in /proc/locks (bnc#1012628).
- selftests/seccomp: Zero out seccomp_notif (bnc#1012628).
- seccomp: Check that seccomp_notif is zeroed out by the user
  (bnc#1012628).
- samples/seccomp: Zero out members based on seccomp_notif_sizes
  (bnc#1012628).
- selftests/seccomp: Catch garbage on SECCOMP_IOCTL_NOTIF_RECV
  (bnc#1012628).
- dmaengine: Fix access to uninitialized dma_slave_caps
  (bnc#1012628).
- dmaengine: dma-jz4780: Also break descriptor chains on JZ4725B
  (bnc#1012628).
- Btrfs: fix infinite loop during nocow writeback due to race
  (bnc#1012628).
- compat_ioctl: block: handle Persistent Reservations
  (bnc#1012628).
- compat_ioctl: block: handle BLKREPORTZONE/BLKRESETZONE
  (bnc#1012628).
- compat_ioctl: block: handle BLKGETZONESZ/BLKGETNRZONES
  (bnc#1012628).
- bpf: Fix precision tracking for unbounded scalars (bnc#1012628).
- ata: libahci_platform: Export again
  ahci_platform_<en/dis>able_phys() (bnc#1012628).
- ata: ahci_brcm: Fix AHCI resources management (bnc#1012628).
- ata: ahci_brcm: Add missing clock management during recovery
  (bnc#1012628).
- ata: ahci_brcm: BCM7425 AHCI requires AHCI_HFLAG_DELAY_ENGINE
  (bnc#1012628).
- libata: Fix retrieving of active qcs (bnc#1012628).
- gpio: xtensa: fix driver build (bnc#1012628).
- gpiolib: fix up emulated open drain outputs (bnc#1012628).
- clocksource: riscv: add notrace to riscv_sched_clock
  (bnc#1012628).
- riscv: ftrace: correct the condition logic in function graph
  tracer (bnc#1012628).
- rseq/selftests: Fix: Namespace gettid() for compatibility with
  glibc 2.30 (bnc#1012628).
- tracing: Fix lock inversion in trace_event_enable_tgid_record()
  (bnc#1012628).
- tracing: Avoid memory leak in process_system_preds()
  (bnc#1012628).
- tracing: Have the histogram compare functions convert to u64
  first (bnc#1012628).
- tracing: Fix endianness bug in histogram trigger (bnc#1012628).
- samples/trace_printk: Wait for IRQ work to finish (bnc#1012628).
- io_uring: use current task creds instead of allocating a new
  one (bnc#1012628).
- mm/gup: fix memory leak in __gup_benchmark_ioctl (bnc#1012628).
- apparmor: fix aa_xattrs_match() may sleep while holding a RCU
  lock (bnc#1012628).
- dmaengine: virt-dma: Fix access after free in vchan_complete()
  (bnc#1012628).
- gen_initramfs_list.sh: fix 'bad variable name' error
  (bnc#1012628).
- ALSA: cs4236: fix error return comparison of an unsigned integer
  (bnc#1012628).
- ALSA: pcm: Yet another missing check of non-cached buffer type
  (bnc#1012628).
- ALSA: firewire-motu: Correct a typo in the clock proc string
  (bnc#1012628).
- scsi: lpfc: Fix rpi release when deleting vport (bnc#1012628).
- exit: panic before exit_mm() on global init exit (bnc#1012628).
- arm64: Revert support for execute-only user mappings
  (bnc#1012628).
- ftrace: Avoid potential division by zero in function profiler
  (bnc#1012628).
- spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode
  (bnc#1012628).
- drm/msm: include linux/sched/task.h (bnc#1012628).
- PM / devfreq: Check NULL governor in available_governors_show
  (bnc#1012628).
- sunrpc: fix crash when cache_head become valid before update
  (bnc#1012628).
- arm64: dts: qcom: msm8998-clamshell: Remove retention idle state
  (bnc#1012628).
- nfsd4: fix up replay_matches_cache() (bnc#1012628).
- powerpc: Chunk calls to flush_dcache_range in arch_*_memory
  (bnc#1012628).
- HID: i2c-hid: Reset ALPS touchpads on resume (bnc#1012628).
- net/sched: annotate lockless accesses to qdisc->empty
  (bnc#1012628).
- kernel/module.c: wakeup processes in module_wq on module unload
  (bnc#1012628).
- ACPI: sysfs: Change ACPI_MASKABLE_GPE_MAX to 0x100
  (bnc#1012628).
- perf callchain: Fix segfault in
  thread__resolve_callchain_sample() (bnc#1012628).
- iommu/vt-d: Remove incorrect PSI capability check (bnc#1012628).
- of: overlay: add_changeset_property() memory leak (bnc#1012628).
- cifs: Fix potential softlockups while refreshing DFS cache
  (bnc#1012628).
- firmware: arm_scmi: Avoid double free in error flow
  (bnc#1012628).
- xfs: don't check for AG deadlock for realtime files in bunmapi
  (bnc#1012628).
- platform/x86: pmc_atom: Add Siemens CONNECT X300 to
  critclk_systems DMI table (bnc#1012628).
- netfilter: nf_queue: enqueue skbs with NULL dst (bnc#1012628).
- net, sysctl: Fix compiler warning when only cBPF is present
  (bnc#1012628).
- watchdog: tqmx86_wdt: Fix build error (bnc#1012628).
- regulator: axp20x: Fix axp20x_set_ramp_delay (bnc#1012628).
- regulator: bd70528: Remove .set_ramp_delay for bd70528_ldo_ops
  (bnc#1012628).
- spi: uniphier: Fix FIFO threshold (bnc#1012628).
- regulator: axp20x: Fix AXP22x ELDO2 regulator enable bitmask
  (bnc#1012628).
- powerpc/mm: Mark get_slice_psize() & slice_addr_is_low()
  as notrace (bnc#1012628).
- Bluetooth: btusb: fix PM leak in error case of setup
  (bnc#1012628).
- Bluetooth: delete a stray unlock (bnc#1012628).
- Bluetooth: Fix memory leak in hci_connect_le_scan (bnc#1012628).
- arm64: dts: meson-gxl-s905x-khadas-vim: fix uart_A bluetooth
  node (bnc#1012628).
- arm64: dts: meson-gxm-khadas-vim2: fix uart_A bluetooth node
  (bnc#1012628).
- media: flexcop-usb: ensure -EIO is returned on error condition
  (bnc#1012628).
- regulator: ab8500: Remove AB8505 USB regulator (bnc#1012628).
- media: usb: fix memory leak in af9005_identify_state
  (bnc#1012628).
- dt-bindings: clock: renesas: rcar-usb2-clock-sel: Fix typo in
  example (bnc#1012628).
- arm64: dts: meson: odroid-c2: Disable usb_otg bus to avoid
  power failed warning (bnc#1012628).
- phy: renesas: rcar-gen3-usb2: Use platform_get_irq_optional()
  for optional irq (bnc#1012628).
- tty: serial: msm_serial: Fix lockup for sysrq and oops
  (bnc#1012628).
- cifs: Fix lookup of root ses in DFS referral cache
  (bnc#1012628).
- fs: cifs: Fix atime update check vs mtime (bnc#1012628).
- fix compat handling of FICLONERANGE, FIDEDUPERANGE and
  FS_IOC_FIEMAP (bnc#1012628).
- ath9k_htc: Modify byte order for an error message (bnc#1012628).
- ath9k_htc: Discard undersized packets (bnc#1012628).
- drm/i915/execlists: Fix annotation for decoupling virtual
  request (bnc#1012628).
- xfs: periodically yield scrub threads to the scheduler
  (bnc#1012628).
- net: add annotations on hh->hh_len lockless accesses
  (bnc#1012628).
- ubifs: ubifs_tnc_start_commit: Fix OOB in layout_in_gaps
  (bnc#1012628).
- btrfs: get rid of unique workqueue helper functions
  (bnc#1012628).
- Btrfs: only associate the locked page with one async_chunk
  struct (bnc#1012628).
- s390/smp: fix physical to logical CPU map for SMT (bnc#1012628).
- mm/sparse.c: mark populate_section_memmap as __meminit
  (bnc#1012628).
- xen/blkback: Avoid unmapping unmapped grant pages (bnc#1012628).
- lib/ubsan: don't serialize UBSAN report (bnc#1012628).
- efi: Don't attempt to map RCI2 config table if it doesn't exist
  (bnc#1012628).
- perf/x86/intel/bts: Fix the use of page_private() (bnc#1012628).
- net: annotate lockless accesses to sk->sk_pacing_shift
  (bnc#1012628).
- hsr: avoid debugfs warning message when module is remove
  (bnc#1012628).
- hsr: fix error handling routine in hsr_dev_finalize()
  (bnc#1012628).
- hsr: fix a race condition in node list insertion and deletion
  (bnc#1012628).
- mm/hugetlb: defer freeing of huge pages if in non-task context
  (bnc#1012628).
- Refresh patches.suse/vfs-add-super_operations-get_inode_dev.
- commit 605842d
- libertas: Fix two buffer overflows at parsing bss descriptor
  (CVE-2019-14896 bsc#1157157 CVE-2019-14897 bsc#1157155).
- commit 434d4ff
- tpm: Revert "tpm_tis_core: Turn on the TPM before probing IRQ's"
  (bsc#1159152).
- tpm: Revert "tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing
  for interrupts" (bsc#1159152).
- tpm: Revert "tpm_tis: reserve chip for duration of
  tpm_tis_core_init" (bsc#1159152).
- USB: Fix: Don't skip endpoint descriptors with maxpacket=0
  (bsc#1159811).
- commit 52394e7
- Linux 5.4.8 (bnc#1012628).
- Revert "MIPS: futex: Restore \n after sync instructions"
  (bnc#1012628).
- Revert "MIPS: futex: Emit Loongson3 sync workarounds within asm"
  (bnc#1012628).
- scsi: lpfc: Fix spinlock_irq issues in lpfc_els_flush_cmd()
  (bnc#1012628).
- scsi: lpfc: Fix discovery failures when target device
  connectivity bounces (bnc#1012628).
- scsi: mpt3sas: Fix clear pending bit in ioctl status
  (bnc#1012628).
- scsi: lpfc: Fix locking on mailbox command completion
  (bnc#1012628).
- scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA
  (bnc#1012628).
- gpio: mxc: Only get the second IRQ when there is more than
  one IRQ (bnc#1012628).
- scsi: lpfc: Fix list corruption in lpfc_sli_get_iocbq
  (bnc#1012628).
- Input: atmel_mxt_ts - disable IRQ across suspend (bnc#1012628).
- f2fs: fix to update time in lazytime mode (bnc#1012628).
- powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_{get,
  set} (bnc#1012628).
- tools/power/x86/intel-speed-select: Remove warning for unused
  result (bnc#1012628).
- platform/x86: peaq-wmi: switch to using polled mode of input
  devices (bnc#1012628).
- iommu: rockchip: Free domain on .domain_free (bnc#1012628).
- iommu/tegra-smmu: Fix page tables in > 4 GiB memory
  (bnc#1012628).
- dmaengine: xilinx_dma: Clear desc_pendingcount in
  xilinx_dma_reset (bnc#1012628).
- scsi: target: compare full CHAP_A Algorithm strings
  (bnc#1012628).
- scsi: lpfc: Fix hardlockup in lpfc_abort_handler (bnc#1012628).
- scsi: lpfc: Fix SLI3 hba in loop mode not discovering devices
  (bnc#1012628).
- scsi: csiostor: Don't enable IRQs too early (bnc#1012628).
- scsi: hisi_sas: Replace in_softirq() check in
  hisi_sas_task_exec() (bnc#1012628).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when
  the probe fails (bnc#1012628).
- powerpc/pseries: Mark accumulate_stolen_time() as notrace
  (bnc#1012628).
- powerpc/pseries: Don't fail hash page table insert for bolted
  mapping (bnc#1012628).
- Input: st1232 - do not reset the chip too early (bnc#1012628).
- selftests/powerpc: Fixup clobbers for TM tests (bnc#1012628).
- powerpc/tools: Don't quote $objdump in scripts (bnc#1012628).
- dma-debug: add a schedule point in debug_dma_dump_mappings()
  (bnc#1012628).
- dma-mapping: Add vmap checks to dma_map_single() (bnc#1012628).
- dma-mapping: fix handling of dma-ranges for reserved memory
  (again) (bnc#1012628).
- dmaengine: fsl-qdma: Handle invalid qdma-queue0 IRQ
  (bnc#1012628).
- leds: lm3692x: Handle failure to probe the regulator
  (bnc#1012628).
- leds: an30259a: add a check for devm_regmap_init_i2c
  (bnc#1012628).
- leds: trigger: netdev: fix handling on interface rename
  (bnc#1012628).
- clocksource/drivers/asm9260: Add a check for of_clk_get
  (bnc#1012628).
- clocksource/drivers/timer-of: Use unique device name instead
  of timer (bnc#1012628).
- dtc: Use pkg-config to locate libyaml (bnc#1012628).
- selftests/powerpc: Skip tm-signal-sigreturn-nt if TM not
  available (bnc#1012628).
- powerpc/security/book3s64: Report L1TF status in sysfs
  (bnc#1012628).
- powerpc/book3s64/hash: Add cond_resched to avoid soft lockup
  warning (bnc#1012628).
- ext4: update direct I/O read lock pattern for IOCB_NOWAIT
  (bnc#1012628).
- ext4: iomap that extends beyond EOF should be marked dirty
  (bnc#1012628).
- jbd2: Fix statistics for the number of logged blocks
  (bnc#1012628).
- scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6)
  and WRITE(6) (bnc#1012628).
- scsi: lpfc: Fix unexpected error messages during RSCN handling
  (bnc#1012628).
- scsi: lpfc: Fix duplicate unreg_rpi error in port offline flow
  (bnc#1012628).
- f2fs: fix to update dir's i_pino during cross_rename
  (bnc#1012628).
- clk: qcom: smd: Add missing pnoc clock (bnc#1012628).
- clk: qcom: Allow constant ratio freq tables for rcg
  (bnc#1012628).
- clk: clk-gpio: propagate rate change to parent (bnc#1012628).
- irqchip/irq-bcm7038-l1: Enable parent IRQ if necessary
  (bnc#1012628).
- irqchip: ingenic: Error out if IRQ domain creation failed
  (bnc#1012628).
- fs/quota: handle overflows of sysctl fs.quota.* and report as
  unsigned long (bnc#1012628).
- iommu/arm-smmu-v3: Don't display an error when IRQ lines are
  missing (bnc#1012628).
- i2c: stm32f7: fix & reorder remove & probe error handling
  (bnc#1012628).
- iomap: fix return value of iomap_dio_bio_actor on 32bit systems
  (bnc#1012628).
- Input: ili210x - handle errors from input_mt_init_slots()
  (bnc#1012628).
- scsi: lpfc: fix: Coverity: lpfc_cmpl_els_rsp(): Null pointer
  dereferences (bnc#1012628).
- scsi: zorro_esp: Limit DMA transfers to 65536 bytes (except
  on Fastlane) (bnc#1012628).
- PCI: rpaphp: Fix up pointer to first drc-info entry
  (bnc#1012628).
- scsi: ufs: fix potential bug which ends in system hang
  (bnc#1012628).
- powerpc/pseries/cmm: Implement release() function for sysfs
  device (bnc#1012628).
- PCI: rpaphp: Don't rely on firmware feature to imply drc-info
  support (bnc#1012628).
- PCI: rpaphp: Annotate and correctly byte swap DRC properties
  (bnc#1012628).
- PCI: rpaphp: Correctly match ibm, my-drc-index to drc-name
  when using drc-info (bnc#1012628).
- powerpc/security: Fix wrong message when RFI Flush is disable
  (bnc#1012628).
- powerpc/eeh: differentiate duplicate detection message
  (bnc#1012628).
- powerpc/book3s/mm: Update Oops message to print the correct
  translation in use (bnc#1012628).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of
  SG_NONE (bnc#1012628).
- clk: pxa: fix one of the pxa RTC clocks (bnc#1012628).
- bcache: at least try to shrink 1 node in bch_mca_scan()
  (bnc#1012628).
- HID: quirks: Add quirk for HP MSU1465 PIXART OEM mouse
  (bnc#1012628).
- dt-bindings: Improve validation build error handling
  (bnc#1012628).
- HID: logitech-hidpp: Silence intermittent get_battery_capacity
  errors (bnc#1012628).
- HID: i2c-hid: fix no irq after reset on raydium 3118
  (bnc#1012628).
- ARM: 8937/1: spectre-v2: remove Brahma-B53 from hardening
  (bnc#1012628).
- libnvdimm/btt: fix variable 'rc' set but not used (bnc#1012628).
- HID: Improve Windows Precision Touchpad detection (bnc#1012628).
- HID: rmi: Check that the RMI_STARTED bit is set before
  unregistering the RMI transport device (bnc#1012628).
- watchdog: imx7ulp: Fix reboot hang (bnc#1012628).
- watchdog: prevent deferral of watchdogd wakeup on RT
  (bnc#1012628).
- watchdog: Fix the race between the release of watchdog_core_data
  and cdev (bnc#1012628).
- powerpc/fixmap: Use __fix_to_virt() instead of fix_to_virt()
  (bnc#1012628).
- scsi: pm80xx: Fix for SATA device discovery (bnc#1012628).
- scsi: ufs: Fix error handing during hibern8 enter (bnc#1012628).
- scsi: scsi_debug: num_tgts must be >= 0 (bnc#1012628).
- scsi: NCR5380: Add disconnect_mask module parameter
  (bnc#1012628).
- scsi: target: core: Release SPC-2 reservations when closing
  a session (bnc#1012628).
- scsi: ufs: Fix up auto hibern8 enablement (bnc#1012628).
- scsi: iscsi: Don't send data to unbound connection
  (bnc#1012628).
- scsi: target: iscsi: Wait for all commands to finish before
  freeing a session (bnc#1012628).
- f2fs: Fix deadlock in f2fs_gc() context during atomic files
  handling (bnc#1012628).
- habanalabs: skip VA block list update in reset flow
  (bnc#1012628).
- gpio/mpc8xxx: fix qoriq GPIO reading (bnc#1012628).
- platform/x86: intel_pmc_core: Fix the SoC naming inconsistency
  (bnc#1012628).
- platform/x86: intel_pmc_core: Add Comet Lake (CML) platform
  support to intel_pmc_core driver (bnc#1012628).
- gpio: mpc8xxx: Don't overwrite default irq_set_type callback
  (bnc#1012628).
- gpio: lynxpoint: Setup correct IRQ handlers (bnc#1012628).
- tools/power/x86/intel-speed-select: Ignore missing config level
  (bnc#1012628).
- Drivers: hv: vmbus: Fix crash handler reset of Hyper-V synic
  (bnc#1012628).
- apparmor: fix unsigned len comparison with less than zero
  (bnc#1012628).
- drm/amdgpu: Call find_vma under mmap_sem (bnc#1012628).
- scripts/kallsyms: fix definitely-lost memory leak (bnc#1012628).
- powerpc: Don't add -mabi= flags when building with Clang
  (bnc#1012628).
- cifs: Fix use-after-free bug in cifs_reconnect() (bnc#1012628).
- um: virtio: Keep reading on -EAGAIN (bnc#1012628).
- io_uring: io_allocate_scq_urings() should return a sane state
  (bnc#1012628).
- of: unittest: fix memory leak in attach_node_and_children
  (bnc#1012628).
- cdrom: respect device capabilities during opening action
  (bnc#1012628).
- cifs: move cifsFileInfo_put logic into a work-queue
  (bnc#1012628).
- perf diff: Use llabs() with 64-bit values (bnc#1012628).
- perf script: Fix brstackinsn for AUXTRACE (bnc#1012628).
- perf regs: Make perf_reg_name() return "unknown" instead of NULL
  (bnc#1012628).
- s390/zcrypt: handle new reply code FILTERED_BY_HYPERVISOR
  (bnc#1012628).
- mailbox: imx: Clear the right interrupts at shutdown
  (bnc#1012628).
- libfdt: define INT32_MAX and UINT32_MAX in libfdt_env.h
  (bnc#1012628).
- s390/unwind: filter out unreliable bogus %r14 (bnc#1012628).
- s390/cpum_sf: Check for SDBT and SDB consistency (bnc#1012628).
- ocfs2: fix passing zero to 'PTR_ERR' warning (bnc#1012628).
- mailbox: imx: Fix Tx doorbell shutdown path (bnc#1012628).
- s390: disable preemption when switching to nodat stack with
  CALL_ON_STACK (bnc#1012628).
- selftests: vm: add fragment CONFIG_TEST_VMALLOC (bnc#1012628).
- mm/hugetlbfs: fix error handling when setting up mounts
  (bnc#1012628).
- kernel: sysctl: make drop_caches write-only (bnc#1012628).
- userfaultfd: require CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK
  (bnc#1012628).
- Revert "powerpc/vcpu: Assume dedicated processors as
  non-preempt" (bnc#1012628).
- sctp: fix err handling of stream initialization (bnc#1012628).
- Revert "iwlwifi: assign directly to iwl_trans->cfg in QuZ
  detection" (bnc#1012628).
- netfilter: ebtables: compat: reject all padding in
  matches/watchers (bnc#1012628).
- 6pack,mkiss: fix possible deadlock (bnc#1012628).
- powerpc: Fix __clear_user() with KUAP enabled (bnc#1012628).
- net/smc: add fallback check to connect() (bnc#1012628).
- netfilter: bridge: make sure to pull arp header in
  br_nf_forward_arp() (bnc#1012628).
- inetpeer: fix data-race in inet_putpeer / inet_putpeer
  (bnc#1012628).
- net: add a READ_ONCE() in skb_peek_tail() (bnc#1012628).
- net: icmp: fix data-race in cmp_global_allow() (bnc#1012628).
- hrtimer: Annotate lockless access to timer->state (bnc#1012628).
- tomoyo: Don't use nifty names on sockets (bnc#1012628).
- uaccess: disallow > INT_MAX copy sizes (bnc#1012628).
- drm: limit to INT_MAX in create_blob ioctl (bnc#1012628).
- xfs: fix mount failure crash on invalid iclog memory access
  (bnc#1012628).
- cxgb4/cxgb4vf: fix flow control display for auto negotiation
  (bnc#1012628).
- net: dsa: bcm_sf2: Fix IP fragment location and behavior
  (bnc#1012628).
- net/mlxfw: Fix out-of-memory error in mfa2 flash burning
  (bnc#1012628).
- net: phy: aquantia: add suspend / resume ops for AQR105
  (bnc#1012628).
- net/sched: act_mirred: Pull mac prior redir to non
  mac_header_xmit device (bnc#1012628).
- net/sched: add delete_empty() to filters and use it in
  cls_flower (bnc#1012628).
- net_sched: sch_fq: properly set sk->sk_pacing_status
  (bnc#1012628).
- net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on
  Meson8b/8m2 SoCs (bnc#1012628).
- ptp: fix the race between the release of ptp_clock and cdev
  (bnc#1012628).
- tcp: Fix highest_sack and highest_sack_seq (bnc#1012628).
- udp: fix integer overflow while computing available space in
  sk_rcvbuf (bnc#1012628).
- bnxt_en: Fix MSIX request logic for RDMA driver (bnc#1012628).
- bnxt_en: Free context memory in the open path if firmware has
  been reset (bnc#1012628).
- bnxt_en: Return error if FW returns more data than dump length
  (bnc#1012628).
- bnxt_en: Fix bp->fw_health allocation and free logic
  (bnc#1012628).
- bnxt_en: Remove unnecessary NULL checks for fw_health
  (bnc#1012628).
- bnxt_en: Fix the logic that creates the health reporters
  (bnc#1012628).
- bnxt_en: Add missing devlink health reporters for VFs
  (bnc#1012628).
- mlxsw: spectrum_router: Skip loopback RIFs during MAC validation
  (bnc#1012628).
- mlxsw: spectrum: Use dedicated policer for VRRP packets
  (bnc#1012628).
- net: add bool confirm_neigh parameter for dst_ops.update_pmtu
  (bnc#1012628).
- ip6_gre: do not confirm neighbor when do pmtu update
  (bnc#1012628).
- gtp: do not confirm neighbor when do pmtu update (bnc#1012628).
- net/dst: add new function skb_dst_update_pmtu_no_confirm
  (bnc#1012628).
- tunnel: do not confirm neighbor when do pmtu update
  (bnc#1012628).
- vti: do not confirm neighbor when do pmtu update (bnc#1012628).
- sit: do not confirm neighbor when do pmtu update (bnc#1012628).
- net/dst: do not confirm neighbor for vxlan and geneve pmtu
  update (bnc#1012628).
- net: dsa: sja1105: Reconcile the meaning of TPID and TPID2
  for E/T and P/Q/R/S (bnc#1012628).
- net: marvell: mvpp2: phylink requires the link interrupt
  (bnc#1012628).
- gtp: fix wrong condition in gtp_genl_dump_pdp() (bnc#1012628).
- gtp: avoid zero size hashtable (bnc#1012628).
- bonding: fix active-backup transition after link failure
  (bnc#1012628).
- tcp: do not send empty skb from tcp_write_xmit() (bnc#1012628).
- tcp/dccp: fix possible race __inet_lookup_established()
  (bnc#1012628).
- hv_netvsc: Fix tx_table init in rndis_set_subchannel()
  (bnc#1012628).
- gtp: fix an use-after-free in ipv4_pdp_find() (bnc#1012628).
- gtp: do not allow adding duplicate tid and ms_addr pdp context
  (bnc#1012628).
- bnxt: apply computed clamp value for coalece parameter
  (bnc#1012628).
- ipv6/addrconf: only check invalid header values when
  NETLINK_F_STRICT_CHK is set (bnc#1012628).
- net: phylink: fix interface passed to mac_link_up (bnc#1012628).
- net: ena: fix napi handler misbehavior when the napi budget
  is zero (bnc#1012628).
- vhost/vsock: accept only packets with the right dst_cid
  (bnc#1012628).
- mmc: sdhci-of-esdhc: fix up erratum A-008171 workaround
  (bnc#1012628).
- mmc: sdhci-of-esdhc: re-implement erratum A-009204 workaround
  (bnc#1012628).
- mm/hugetlbfs: fix for_each_hstate() loop in init_hugetlbfs_fs()
  (bnc#1012628).
- commit 582f5cb
- Update config files.
  Turn off CONFIG_HARDENED_USERCOPY as it causes issues on s390
  (bnc#1156053). Until this gets resolved upstream...
- commit 76565ad
- Update
  patches.kernel.org/5.4.3-088-vcs-prevent-write-access-to-vcsu-devices.patch
  (bnc#1012628 CVE-2019-19252 bnc#1157813).
- commit d0d7407

==== patterns-containers ====

- loadbalancer: add kubic-haproxycfg

==== podman ====
Version update (1.6.4 -> 1.7.0)
Subpackages: podman-cni-config

- Add: 0001-clarify-container-prune-force.patch to fix the --force
  flag for the "container prune" command.
  (https://github.com/containers/libpod/issues/4844)
- Update podman to v1.7.0
  * Features
  - Added support for setting a static MAC address for containers
  - Added support for creating macvlan networks with podman
    network create, allowing Podman containers to be attached
    directly to networks the host is connected to
  - The podman image prune and podman container prune commands
    now support the --filter flag to filter what will be pruned,
    and now prompts for confirmation when run without --force
    (#4410 and #4411)
  - Podman now creates CGroup namespaces by default on systems
    using CGroups v2 (#4363)
  - Added the podman system reset command to remove all Podman
    files and perform a factory reset of the Podman installation
  - Added the --history flag to podman images to display previous
    names used by images (#4566)
  - Added the --ignore flag to podman rm and podman stop to not
    error when requested containers no longer exist
  - Added the --cidfile flag to podman rm and podman stop to read
    the IDs of containers to be removed or stopped from a file
  - The podman play kube command now honors Seccomp annotations
    (#3111)
  - The podman play kube command now honors RunAsUser,
    RunAsGroup, and selinuxOptions
  - The output format of the podman version command has been
    changed to better match docker version when using the
  - -format flag
  - Rootless Podman will no longer initialize containers/storage
    twice, removing a potential deadlock preventing Podman
    commands from running while an image was being pulled (#4591)
  - Added tmpcopyup and notmpcopyup options to the --tmpfs and
  - -mount type=tmpfs flags to podman create and podman run to
    control whether the content of directories are copied into
    tmpfs filesystems mounted over them
  - Added support for disabling detaching from containers by
    setting empty detach keys via --detach-keys=""
  - The podman build command now supports the --pull and
  - -pull-never flags to control when images are pulled during a
    build
  - The podman ps -p command now shows the name of the pod as
    well as its ID (#4703)
  - The podman inspect command on containers will now display the
    command used to create the container
  - The podman info command now displays information on registry
    mirrors (#4553)
  * Bugfixes
  - Fixed a bug where Podman would use an incorrect runtime
    directory as root, causing state to be deleted after root
    logged out and making Podman in systemd services not function
    properly
  - Fixed a bug where the --change flag to podman import and
    podman commit was not being parsed properly in many cases
  - Fixed a bug where detach keys specified in libpod.conf were
    not used by the podman attach and podman exec commands, which
    always used the global default ctrl-p,ctrl-q key combination
    (#4556)
  - Fixed a bug where rootless Podman was not able to run podman
    pod stats even on CGroups v2 enabled systems (#4634)
  - Fixed a bug where rootless Podman would fail on kernels
    without the renameat2 syscall (#4570)
  - Fixed a bug where containers with chained network namespace
    dependencies (IE, container A using --net container=B and
    container B using --net container=C) would not properly mount
    /etc/hosts and /etc/resolv.conf into the container (#4626)
  - Fixed a bug where podman run with the --rm flag and without
  - d could, when run in the background, throw a 'container does
    not exist' error when attempting to remove the container
    after it exited
  - Fixed a bug where named volume locks were not properly
    reacquired after a reboot, potentially leading to deadlocks
    when trying to start containers using the volume (#4605 and
    [#4621])
  - Fixed a bug where Podman could not completely remove
    containers if sent SIGKILL during removal, leaving the
    container name unusable without the podman rm --storage
    command to complete removal (#3906)
  - Fixed a bug where checkpointing containers started with --rm
    was allowed when --export was not specified (the container,
    and checkpoint, would be removed after checkpointing was
    complete by --rm) (#3774)
  - Fixed a bug where the podman pod prune command would fail if
    containers were present in the pods and the --force flag was
    not passed (#4346)
  - Fixed a bug where containers could not set a static IP or
    static MAC address if they joined a non-default CNI network
    (#4500)
  - Fixed a bug where podman system renumber would always throw
    an error if a container was mounted when it was run
  - Fixed a bug where podman container restore would fail with
    containers using a user namespace
  - Fixed a bug where rootless Podman would attempt to use the
    journald events backend even on systems without systemd
    installed
  - Fixed a bug where podman history would sometimes not properly
    identify the IDs of layers in an image (#3359)
  - Fixed a bug where containers could not be restarted when
    Conmon v2.0.3 or later was used
  - Fixed a bug where Podman did not check image OS and
    Architecture against the host when starting a container
  - Fixed a bug where containers in pods did not function
    properly with the Kata OCI runtime (#4353)
  - Fixed a bug where `podman info --format '{{ json . }}' would
    not produce JSON output (#4391)
  - Fixed a bug where Podman would not verify if files passed to
  - -authfile existed (#4328)
  - Fixed a bug where podman images --digest would not always
    print digests when they were available
  - Fixed a bug where rootless podman run could hang due to a
    race with reading and writing events
  - Fixed a bug where rootless Podman would print warning-level
    logs despite not be instructed to do so (#4456)
  - Fixed a bug where podman pull would attempt to fetch from
    remote registries when pulling an unqualified image using the
    docker-daemon transport (#4434)
  - Fixed a bug where podman cp would not work if STDIN was a
    pipe
  - Fixed a bug where podman exec could stop accepting input if
    anything was typed between the command being run and the exec
    session starting (#4397)
  - Fixed a bug where podman logs --tail 0 would print all lines
    of a container's logs, instead of no lines (#4396)
  - Fixed a bug where the timeout for slirp4netns was incorrectly
    set, resulting in an extremely long timeout (#4344)
  - Fixed a bug where the podman stats command would print CPU
    utilizations figures incorrectly (#4409)
  - Fixed a bug where the podman inspect --size command would not
    print the size of the container's read/write layer if the
    size was 0 (#4744)
  - Fixed a bug where the podman kill command was not properly
    validating signals before use (#4746)
  - Fixed a bug where the --quiet and --format flags to podman ps
    could not be used at the same time
  - Fixed a bug where the podman stop command was not stopping
    exec sessions when a container was created without a PID
    namespace (--pid=host)
  - Fixed a bug where the podman pod rm --force command was not
    removing anonymous volumes for containers that were removed
  - Fixed a bug where the podman checkpoint command would not
    export all changes to the root filesystem of the container if
    performed more than once on the same container (#4606)
  - Fixed a bug where containers started with --rm would not be
    automatically removed on being stopped if an exec session was
    running inside the container (#4666)
  * Misc
  - The fixes to runtime directory path as root can cause strange
    behavior if an upgrade is performed while containers are
    running
  - Updated vendored Buildah to v1.12.0
  - Updated vendored containers/storage library to v1.15.4
  - Updated vendored containers/image library to v5.1.0
  - Kata Containers runtimes (kata-runtime, kata-qemu, and
    kata-fc) are now present in the default libpod.conf, but will
    not be available unless Kata containers is installed on the
    system
  - Podman previously did not allow the creation of containers
    with a memory limit lower than 4MB. This restriction has been
    removed, as the crun runtime can create containers with
    significantly less memory
- Remove no longer needed workaround for *.5.md man page sources