- Update to v1.2.0.

- First build.

- Add BuildRequires on libxdp to use with libbpf-1.x

- Disable afxdp until update v3.1.0.

- Hide systemd-specific utilities to avoid adding a dependency on systemd.

- Updated to kernel-5.14.0-316.el9 (fixes: CVE-2023-2248, CVE-2023-28466, CVE-2023-31436):
  + Add Marvell CN10k DDR PMU driver Support
  + arch/x86: Update to 5.17
  + Backport register read/write tracing support
  + Backport smem and socinfo patches for sa8775p
  + Bonding: add option per-port priority
  + Bonding: rebase to linux v6.3
  + bpf, xdp: update to 6.2
  + cacheinfo: Fix sleep in atomic context on PREEMPT_RT kernels
  + cgroup/cpuset: Fix CLONE_INTO_CGROUP cpu affinity problem
  + CNB: IPv6/GRO: generic helper to remove temporary HBH/jumbo header in driver
  + CNB: net: add support for managed neighbor entries
  + CNB: Update TC subsystem to upstream v6.3
  + config: Enable WiFI on aarch64 architecture
  + CVE-2023-28466: net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()
  + dm: sync with upstream 6.4
  + Documentation: rtla: Correct command line example
  + enable io_uring
  + enic: driver update from v6.3
  + hwrng: imx-rngc - driver updates
  + i2c: imx-lpi2c: driver updates
  + iavf driver update
  + IPsec packet offload
  + iRDMA: bug fixes
  + iSCSI update to 6.3
  + kernel.spec: skip kernel meta package when building without up
  + KVM: aarch64: Rebase (first round towards v6.3)
  + livepatch: selected fixes for rhel-9.3
  + MDRAID - Update to the latest upstream
  + Merge commit 'db7b42de90525a108c02796cbfbf63836088cabb' from documentation
  + Merge remote-tracking branch 'stream9/merge-requests/2284' into bz2178699
  + mmc: sdhci-esdhc-imx: driver updates
  + mm/demotion: Memory tiers and demotion
  + mm: hugetlbfs: return proper error when accessing a poisoned hugetlbfs file page from page cache
  + mm: RHEL-9.3 HMM update
  + net: core: stable backports for 9.3 phase 1
  + net: mptcp: rebase to latest net-next
  + net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
  + net: support ipv4 big tcp
  + NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
  + NFSD: RHEL-only bug introduced in fix for COMMIT and NFS4ERR_DELAY loop
  + PCI/PM: Extend D3hot delay for NVIDIA HDA controllers
  + perf c2c: Add report option to show false sharing in adjacent cachelines
  + perf/imx_ddr driver updates
  + PM / devfreq: imx-bus: driver updates
  + Provide linux kernel support for performing In-Field Scan (IFS)
  + pwm: imx1: Implement .apply callback
  + pwm: imx27: Simplify using devm_pwmchip_add()
  + pwm: imx-tpm: Don't check the return code of pwmchip_remove()
  + RDMA: Add support for Soft-RoCE driver
  + redhat/configs: Enable Dell privacy drivers
  + redhat/configs: Fix incorrect configs location and content
  + [redhat] kernel.spec: create libperf subpackage
  + remoteproc: imx_dsp_rproc: driver updates
  + remoteproc: imx_rproc: driver updates
  + Remove the unnecessary unicode character
  + [s390]: [IBM 9.3 FEAT] DASD autoquiesce support
  + [s390]: [IBM 9.3 FEAT] Support for List-Directed IPL and re-IPL from ECKD DASD - kernel part
  + [s390]: [IBM 9.3 FEAT] Upgrade the QETH driver to latest from upstream, e.g. kernel 6.3
  + [s390]: [IBM 9.3 FEAT] Upgrade the zFCP driver to latest from upstream, kernel 6.3
  + [s390]: RHEL9.0 net/iucv: Fix size of interrupt data
  + sched/debug: Put sched/domains files under the verbose flag
  + Sched/psi: updates to v6.3-rc1
  + sched/rt: Fix bad task migration for rt tasks
  + Scheduler uclamp and asym updates to v6.3-rc1
  + Scheduler updates for 9.3
  + scsi: megaraid_sas: driver update
  + scsi: mpt3sas: driver update
  + sctp: backports from upstream
  + sfc: correctly advertise tunneled IPv6 segmentation
  + soc: imx: i.MX8M blk-ctrl driver updates
  + softirq: Wake ktimers thread also in softirq.
  + tcp: stable backport for 9.3 phase 1
  + thermal/drivers/imx8mm_thermal: driver updates
  + thermal/drivers/imx: Use generic thermal_zone_get_trip() function
  + Update intel_idle to match upstream 6.3
  + Update intel_pstate to upstream 6.3
  + Update NFS/NFSD/SUNRPC/LOCKD to upstream v6.3
  + Update Omni-Path Architecture (OPA) hfi1 kernel driver
  + Updates for NUMA node distance table
  + Updates for powerpc selftests
  + Updates for powerpc VDSO
  + Updates to reset RCU watchdogs after a LPM
  + update turbostat to match upstream 6.3
  + VFIO update to v6.3
  + watchdog: imx2_wdg: driver updates
  + wdat_wdt: avoid watchdog timeout during reboot
  + x86: small memory clearing enhancements
  + xfrm: add extack support
  + xfrm: backport fixes from upstream
  + xfs: don't use BMBT btree split workers for IO completion
  + Various changes and improvements that are poorly described in merge.

- New release (113.0).

- New release (113.0).
- Security fixes:
  + CVE-2023-32205: Browser prompts could have been obscured by popups
  + CVE-2023-32206: Crash in RLBox Expat driver
  + CVE-2023-32207: Potential permissions request bypass via clickjacking
  + CVE-2023-32208: Leak of script base URL in service workers via import()
  + CVE-2023-32209: Persistent DoS via favicon image
  + CVE-2023-32210: Incorrect principal object ordering
  + CVE-2023-32211: Content process crash due to invalid wasm code
  + CVE-2023-32212: Potential spoof due to obscured address bar
  + CVE-2023-32213: Potential memory corruption in FileReader::DoReadData()
  + MFSA-TMP-2023-0002: Race condition in dav1d decoding
  + CVE-2023-32214: Potential DoS via exposed protocol handlers
  + CVE-2023-32215: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11
  + CVE-2023-32216: Memory safety bugs fixed in Firefox 113

- Updated to kernel-5.14.0-309.el9:
  + ata: driver update
  + e1000e: driver update for RHEL-9.3.0
  + ipvlan: phase-1 backports for RHEL-9.3
  + macvlan: Allow some packets to bypass broadcast queue
  + net/other: phase-1 backports for RHEL-9.3
  + net: tunnels: Backport upstream fixes to RHEL 9.
  + redhat: configs: fix CONFIG_WERROR replace in build_configs
  + redhat: Remove editconfig
  + [RHEL-9.3.0] dmaengine updates
  + [RHEL-9.3.0] IOMMU and DMA API Updates for 9.3
  + RHEL9 consolidated CXL update from 6.2
  + rtnetlink: advertise allmulti counter
  + scsi: ses: a bugfix
  + SCSI updates for 9.3
  + sfc: update to 6.3

- New version (113.0.5672.63).
- Security fixes:
  - CVE-2023-2459: Inappropriate implementation in Prompts.
  - CVE-2023-2460: Insufficient validation of untrusted input in Extensions.
  - CVE-2023-2461: Use after free in OS Inputs.
  - CVE-2023-2462: Inappropriate implementation in Prompts.
  - CVE-2023-2463: Inappropriate implementation in Full Screen Mode.
  - CVE-2023-2464: Inappropriate implementation in PictureInPicture.
  - CVE-2023-2465: Inappropriate implementation in CORS.
  - CVE-2023-2466: Inappropriate implementation in Prompts.
  - CVE-2023-2467: Inappropriate implementation in Prompts.
  - CVE-2023-2468: Inappropriate implementation in PictureInPicture.

- Updated to kernel-5.14.0-307.el9:
  + Add support for QoS Features
  + clk: imx: add i.MX93 clk gate
  + crypto: jitter - permanent and intermittent health errors
  + ice: no busy waiting in GNSS thread and for SQ commands
  + netfilter: netfilter: conntrack: unify established states for SCTP paths
  + redhat: Rename configs/ark to configs/rhel
  + tg3: driver update for RHEL-9.3.0

- New release (112.0.2).

- New release (112.0.2).

- New version (1.69.0).
- Obsolete rust-analysis.

- Updated to kernel-5.14.0-303.el9 (fixes: CVE-2023-26545):
  + arch/x86: Update to 5.16
  + arm64: rebase arm core code to upstream v6.2
  + blk-mq: directly poll requests
  + cnic: update cnic driver to latest upstream
  + cpuidle: psci: Do not suspend topology CPUs on PREEMPT_RT
  + crypto: qat: Update QAT drivers upto v6.2
  + Ignore VAS update for DLPAR
  + ipv4: First round of upstream fixes for RHEL 9.3.
  + ipv6: Make sockopt IPV6_TCLASS behave like IP_TOS
  + net: Let sockets explicitely choose between task and sock page_frag.
  + net: mpls: fix stale pointer if allocation fails during device rename
  + nfs42: do not fail with EIO if ssc returns NFS4ERR_OFFLOAD_DENIED
  + PCI: Fix use-after-free in pci_bus_release_domain_nr()
  + Remove unneeded kABI hack from 9.3 file locking code
  + [s390]: RHEL9.0 - kernel: fix __clear_user() inline assembly constraints
  + [s390]: RHEL9.0 - s390/qeth: NET2016 - fix use-after-free in HSCI
  + SUNRPC: Fix a server shutdown leak
  + tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr

- New version (112.0.5615.165).
- Security fixes:
  - CVE-2023-1810: Heap buffer overflow in Visuals.
  - CVE-2023-1811: Use after free in Frames.
  - CVE-2023-1812: Out of bounds memory access in DOM Bindings.
  - CVE-2023-1813: Inappropriate implementation in Extensions.
  - CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing.
  - CVE-2023-1815: Use after free in Networking APIs.
  - CVE-2023-1816: Incorrect security UI in Picture In Picture.
  - CVE-2023-1817: Insufficient policy enforcement in Intents.
  - CVE-2023-1818: Use after free in Vulkan.
  - CVE-2023-1819: Out of bounds read in Accessibility.
  - CVE-2023-1820: Heap buffer overflow in Browser History.
  - CVE-2023-1821: Inappropriate implementation in WebShare.
  - CVE-2023-1822: Incorrect security UI in Navigation.
  - CVE-2023-1823: Inappropriate implementation in FedCM.
  - CVE-2023-2033: Type Confusion in V8.
  - CVE-2023-2133: Out of bounds memory access in Service Worker API.
  - CVE-2023-2134: Out of bounds memory access in Service Worker API.
  - CVE-2023-2135: Use after free in DevTools.
  - CVE-2023-2136: Integer overflow in Skia.
  - CVE-2023-2137: Heap buffer overflow in sqlite.

- New release (112.0.1).

- New release (112.0.1).

- Updated to kernel-5.14.0-300.el9 (fixes: CVE-2023-0386, CVE-2023-1252):
  + Add support for Interrupt Message Storage (IMS)
  + blk-mq: fix bad queue mapping created by blk_mq_map_queues()
  + cifs: fix regression in very old smb1 mounts
  + clk: imx: imx93: driver updates
  + CNB: hwrng: core: Misc updates
  + CNB: netfilter: flowtable updates for unidirectional udp hardware offload
  + CNB: rebase/update netdevsim for RHEL 9.3
  + dm: discard IOs on striped or snap LVs can trigger data corruption
  + Draft: Merge tag 'kernel-5.14.0-284.10.1.el9_2' from 9.2
  + Draft: Merge tag 'kernel-5.14.0-284.9.1.el9_2' from 9.2
  + io_uring: update to v5.19
  + ipvs: add sysctl_run_estimation to support disable estimation
  + kernel-rt: config: disable KGDB in the production and development variants
  + kernel-rt: config: disable SLUB_CPU_PARTIAL for real time kernels
  + KVM: VMX: Fix crash due to uninitialized current_vmcs
  + Merge tag 'kernel-5.14.0-284.10.1.el9_2' from 9.2
  + Merge tag 'kernel-5.14.0-284.9.1.el9_2' from 9.2
  + mm/filemap: fix page end in filemap_get_read_batch
  + mm: Remember a/d bits for migration entries
  + nvme: Update the nvme drivers
  + ovl: fail on invalid uid/gid mapping at copy up
  + ovl: fix use after free in struct ovl_aio_req
  + remoteproc: imx_rproc: updates for NXP i.MX93 support
  + [RHEL-9.3] IPMI updates and bug fixes
  + scsi: target: update the target driver
  + sfc: Change VF mac via PF as first preference if available.
  + soc: imx: imx93-pd and imx93-src updates to not set device_driver owner
  + Update cpumask and bitmask operations
  + Update locking code to upstream 6.1 + follow up fixes
  + Update RHEL9.3 USB And Thunderbolt to linux_v6.1
  + Updates for powerpc radix
  + watchdog: imx7ulp: Use devm_clk_get_enabled() helper
  + x86/cpu: Support AMD autoIBRS in Genoa

- New version (3.89).

- New release (112.0).

- New release (112.0).
- Security fixes:
  + CVE-2023-29531: Out-of-bound memory access in WebGL on macOS
  + CVE-2023-29532: Mozilla Maintenance Service Write-lock bypass
  + CVE-2023-29533: Fullscreen notification obscured
  + CVE-2023-29534: Fullscreen notification could have been obscured on Firefox for Android
  + MFSA-TMP-2023-0001: Double-free in libwebp
  + CVE-2023-29535: Potential Memory Corruption following Garbage Collector compaction
  + CVE-2023-29536: Invalid free from JavaScript code
  + CVE-2023-29537: Data Races in font initialization code
  + CVE-2023-29538: Directory information could have been leaked to WebExtensions
  + CVE-2023-29539: Content-Disposition filename truncation leads to Reflected File Download
  + CVE-2023-29540: Iframe sandbox bypass using redirects and sourceMappingUrls
  + CVE-2023-29541: Files with malicious extensions could have been downloaded unsafely on Linux
  + CVE-2023-29542: Bypass of file download extension restrictions
  + CVE-2023-29543: Use-after-free in debugging APIs
  + CVE-2023-29544: Memory Corruption in garbage collector
  + CVE-2023-29545: Windows Save As dialog resolved environment variables
  + CVE-2023-29546: Screen recording in Private Browsing included address bar on Android
  + CVE-2023-29547: Secure document cookie could be spoofed with insecure cookie
  + CVE-2023-29548: Incorrect optimization result on ARM64
  + CVE-2023-29549: Javascript's bind function may have failed
  + CVE-2023-29550: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10
  + CVE-2023-29551: Memory safety bugs fixed in Firefox 112

- Updated to kernel-5.14.0-297.el9:
  + CNB: net: rename reference+tracking helpers
  + Draft: Merge tag 'kernel-5.14.0-284.8.1.el9_2' from 9.2
  + iavf: fix hang on reboot with ice
  + igb: conditionalize I2C bit banging on external thermal sensor support
  + kernel-rt: config: adjust MAX_LOCKDEP_ENTRIES and MAX_LOCKDEP_CHAINS for RT
  + macsec: rebase to upstream
  + Merge commit '0d4d2d5d4c69a285d379337fc2e674935573f8a6' into 9.2
  + Merge tag 'kernel-5.14.0-284.8.1.el9_2' from 9.2
  + Rebase VFIO and IOMMUFD up to v6.2
  + [redhat] add symbols to stablelist and enable check-kabi
  + Reinstate "GFS2: free disk inode which is deleted by remote node -V2"
  + Updates for PLPKS
  + vfs: file locking fixes and cleanups for 9.3
  + x86/tsc: Add option to force frequency recalibration with HW timer
  + xfs: fix off-by-one-block in xfs_discard_folio()

- Backport 9d110847ab7f ("ReErased regions are local").

- Split package by database backends (Berkeley DB and SQLite).
- Put all utilites in the single package.
- Add alternative for utilities to be able to install them in parallel.
- Make bf_tar use tar instead of pax.
- Move contrib to _datadir.
- Move docs in to separate package.
- Fix License tag.

- Use curl utility by default.

- Updated to kernel-5.14.0-295.el9 (fixes: CVE-2022-2196, CVE-2022-42895, CVE-2022-4744):
  + arm64: updates for NXP i.MX93 support
  + Backport afs updates and fixes from upstream
  + blk-mq: fix "bad unlock balance detected" on q->srcu in __blk_mq_run_dispatch_ops
  + block: bio-integrity: Copy flags when bio_integrity_payload is cloned
  + Bluetooth: L2CAP: Fix attempting to access uninitialized memory
  + bpf/selftests: disable get_branch_snapshot test
  + bpf/xdp: stable backports from upstream for 9.2
  + bpf, xdp: update to 6.1
  + ceph: blocklist the kclient when receiving corrupted snap trace
  + CNB: genetlink: start to validate reserved header bytes
  + CNB: genetlink: support per op type policies
  + CNB: netlink: add support for formatted extack messages
  + CNB: netlink: support reporting missing attributes
  + CNB: net: move from strlcpy with unused retval to strscpy
  + CNB: rtnetlink: verify rate parameters for calls to ndo_set_vf_rate
  + CNB: timers: Provide timer_shutdown[_sync]()
  + dm: sync with upstream 6.3
  + Draft: Merge tag 'kernel-5.14.0-284.6.1.el9_2' from 9.2
  + Fix the random kdump kernel panic with call trace tick_handle_periodic
  + ice: fix lost multicast packets in promisc mode
  + kernel-rt: config: disable saa6588, saa6752hs and snd-soc-sdw-mockup to match stock kernel
  + kernel-rt: config: enable DEBUG_PREEMPT in the production kernel
  + KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
  + Merge commit '920f6ac650b20db91b11d5b435376c276c4ab47c' from documentation
  + Merge commit '920f6ac650b20db91b11d5b435376c276c4ab47c' into 9.2
  + Merge tag 'kernel-5.14.0-284.5.1.el9_2' from 9.2
  + Merge tag 'kernel-5.14.0-284.6.1.el9_2' from 9.2
  + MM changes for RHEL 9.3
  + mm/debug: use valid physical memory for pmd/pud tests
  + netfilter: conntrack: Fix data-races around ct mark
  + net: use indirect calls helpers for sk_exit_memory_pressure()
  + NFS: Correct timing for assigning access cache timestamp
  + nfsd: don't replace page in rq_pages if it's a continuation of last page
  + platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering
  + pmem 9.3 update
  + powerpc/eeh: Set channel state after notifying the drivers
  + rcu: Backport upstream RCU commits up to v6.1
  + redhat/configs: Revert "enable DAMON configs"
  + redhat: Fix kernel-rt-kvm scripts
  + redhat: fix trivial syntax error in 64k-debug modules signing
  + RHEL-only: Build CXL code as modules
  + sched/deadline: Add more reschedule cases to prio_changed_dl()
  + scsi: qla2xxx: Perform lockless command completion in abort path
  + tun: avoid double free in tun_free_netdev
  + Update kernel's PCI subsystem to v6.2
  + Update kernel's PCI subsystem to v6.3
  + x86/nmi: Make register_nmi_handler() more robust
  + Various changes and improvements that are poorly described in merge.

- New version (1.68.2).

- Updated to kernel-5.14.0-291.el9:
  + Backport Core MapleTree Framework
  + gfs2: file corruption in large data files
  + intel_idle: add Emerald Rapids Xeon support
  + Merge tag 'kernel-5.14.0-284.4.1.el9_2' from 9.2
  + powercap: intel_rapl: add support for Emerald Rapids
  + redhat/configs: Disable CONFIG_GCC_PLUGINS
  + redhat/configs: Revert "enable DAMON configs"

- New version (0.16.2)

- Updated to kernel-5.14.0-290.el9:
  + block: update with upstream v6.3
  + cifs: improve checking if we actually got a directory lease or not
  + Draft: Merge tag 'kernel-5.14.0-284.3.1.el9_2' from 9.2
  + Drivers: vmbus: Check for channel allocation before looking up relids
  + Hyper-V: Misc driver updates for RHEL9.3
  + livepatch: selected s390x fixes for rhel-9.3
  + Merge commit 'dd7c5cb0f8ab998d09b29d884d940881e05bd662' into 9.2
  + Merge tag 'kernel-5.14.0-284.3.1.el9_2' from 9.2
  + nfsd fixes up to v6.3 for RHEL9.2
  + ptp: vclock: use mutex to fix "sleep on atomic" bug
  + Stop trying to set boost MSRs on CPUs that don't support boost.
  + x86: hyperv: x86_64 updates for RHEL 9.3
  + Various changes and improvements that are poorly described in merge.

- Updated to kernel-5.14.0-289.el9:
  + Backport latest fixes and memory reclaiming feature from upstream s390x KVM for the RHEL 9.3 kernel
  + crypto: rng - Use a different crypto_rng for reseeding
  + Enable the pinctrl driver for Meteor Lake
  + Fix frequency issues related to hybrid cpus
  + hyper-v: VMBus driver updates for RHEL9.3
  + i2c: i801: Add support for Intel Meteor Lake-P
  + ice: ptp fixes
  + l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
  + Merge commit '583da4e8ca925647df26119a65075c5fb53d346f' into 9.2
  + Merge tag 'kernel-5.14.0-284.2.1.el9_2' from 9.2
  + mfd: intel-lpss: Add Intel Meteor Lake-P PCI IDs
  + mlx5: Mgmt VF rep support in OVN-k
  + net: hv_netvsc: Hyper-V NetVSC driver update for RHEL9.3
  + net: introduce rps_default_mask
  + net: mana: Fix IRQ name - add PCI and queue number
  + net: mana: MANA driver updates for RHEL9.3
  + net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode
  + net/mlx5: Serialize module cleanup with reload and remove
  + nouveau: Backport nouveau mmu fixes
  + platform/x86: intel/pmc/core: Add Meteor Lake mobile support
  + powercap: intel_rapl: add support for Meteor Lake
  + redhat: Fix debug variants modsign
  + redhat: update rpminspect config for patches and debuginfo
  + [s390]: RHEL9.0 - s390/boot: simplify and fix kernel memory layout setup
  + [s390]: RHEL9.0 - s390/dcssblk: fix deadlock when adding a DCSS
  + [s390]: RHEL9.0 - s390/extmem: return correct segment type in __segment_load()
  + srcu: Delegate work to the boot cpu if using SRCU_SIZE_SMALL
  + tools/power turbostat: Add support for MeteorLake platforms
  + Updates for powerpc selftests
  + Update the MSI code in RHEL
  + Various changes and improvements that are poorly described in merge.

- New release (111.0).

- New release (111.0).
- Exclude arch i586.
- Security fixes:
  + CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
  + CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
  + CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
  + CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
  + CVE-2023-25751: Incorrect code generation during JIT compilation
  + CVE-2023-28160: Redirect to Web Extension files may have leaked local path
  + CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  + CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
  + CVE-2023-28162: Invalid downcast in Worklets
  + CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
  + CVE-2023-28163: Windows Save As dialog resolved environment variables
  + CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
  + CVE-2023-28177: Memory safety bugs fixed in Firefox 111

- Updated to kernel-5.14.0-287.el9:
  + arch/x86: Update to 5.15
  + Merge documentation commit '0b4eefcb92b601122e3d51e77d2c968ba2d051e0'
  + Updates for kexec file
  + Updates for powerpc/pseries: hotplug cpu
  + Various changes and improvements that are poorly described in merge.

- Updated to kernel-5.14.0-286.el9 (fixes: CVE-2022-4379):
  + clocksource: hyper-v: Updates for RHEL9.3
  + Draft: Merge tag 'kernel-5.14.0-284.1.1.el9_2' from 9.2
  + kernel.spec: make rhel depend on systemd-boot-unsigned
  + l2tp: Avoid possible recursive deadlock in l2tp_tunnel_register()
  + Merge documentation commit '7e13f7dd9689f6fa503c23e515edaa46e7d38ce5' into c9s
  + Merge tag 'kernel-5.14.0-284.1.1.el9_2' from 9.2
  + NFSD: fix use-after-free in __nfs42_ssc_open()
  + NFS fixes rollup through kernel v6.2
  + Pull OCP patches forward from 8.6
  + redhat: Bump RHEL_MINOR for 9.3
  + redhat: change default dist suffix for RHEL 9.2
  + redhat: enable zstream release numbering for rhel 9.2
  + [RHEL 9.3] Merge PREEMPT_RT and build kernel-rt as sub-package
  + [s390]: RHEL9.0 - diag288_wdt: do not use stack buffers for hardware data
  + x86/cpu: Add CPU model numbers for Meteor Lake
  + Various changes and improvements that are poorly described in merge.

- New version (1.68.0).

- New version (111.0.5563.64).
- Security fixes:
  - CVE-2023-1213: Use after free in Swiftshader.
  - CVE-2023-1214: Type Confusion in V8.
  - CVE-2023-1215: Type Confusion in CSS.
  - CVE-2023-1216: Use after free in DevTools.
  - CVE-2023-1217: Stack buffer overflow in Crash reporting.
  - CVE-2023-1218: Use after free in WebRTC.
  - CVE-2023-1219: Heap buffer overflow in Metrics.
  - CVE-2023-1220: Heap buffer overflow in UMA.
  - CVE-2023-1221: Insufficient policy enforcement in Extensions API.
  - CVE-2023-1222: Heap buffer overflow in Web Audio API.
  - CVE-2023-1223: Insufficient policy enforcement in Autofill.
  - CVE-2023-1224: Insufficient policy enforcement in Web Payments API.
  - CVE-2023-1225: Insufficient policy enforcement in Navigation.
  - CVE-2023-1226: Insufficient policy enforcement in Web Payments API.
  - CVE-2023-1227: Use after free in Core.
  - CVE-2023-1228: Insufficient policy enforcement in Intents.
  - CVE-2023-1229: Inappropriate implementation in Permission prompts.
  - CVE-2023-1230: Inappropriate implementation in WebApp Installs.
  - CVE-2023-1231: Inappropriate implementation in Autofill.
  - CVE-2023-1232: Insufficient policy enforcement in Resource Timing.
  - CVE-2023-1233: Insufficient policy enforcement in Resource Timing.
  - CVE-2023-1234: Inappropriate implementation in Intents.
  - CVE-2023-1235: Type Confusion in DevTools.
  - CVE-2023-1236: Inappropriate implementation in Internals.

- New release (110.0.1).

- New release (110.0.1).

- New version (2.35.0).
- Guess subsystem:
  + Do not fail if device filesystem type is swap.
- Misc:
  + Add udev rules parser. This is a new parser that allows you to search for
    syntactic and logical errors. It also allows you to more accurately
    btain information from the rules.

- Bring back compiler optimizations (ALT#45454).

- New version (110.0.5481.177).
- Fix crach in autofill (ALT#45269).
- Security fixes:
  - CVE-2023-0927: Use after free in Web Payments API.
  - CVE-2023-0928: Use after free in SwiftShader.
  - CVE-2023-0929: Use after free in Vulkan.
  - CVE-2023-0930: Heap buffer overflow in Video.
  - CVE-2023-0931: Use after free in Video.
  - CVE-2023-0932: Use after free in WebRTC.
  - CVE-2023-0933: Integer overflow in PDF.
  - CVE-2023-0941: Use after free in Prompts.

- Updated to kernel-5.14.0-283.el9 (fixes: CVE-2022-33743, CVE-2022-3564, CVE-2022-43750, CVE-2022-4378, CVE-2023-0179, CVE-2023-0590):
  + [9.2] DRM backport part 3: stable backport
  + Add Important AMD BZs to RHEL9.2
  + Add taint flag for partner supported GPL modules
  + [ADL-S] Enable Real-time TSN support on ADL-S platform
  + ALSA: AMD - adjust the gain for PDM microphones
  + arm64-64k: Increase max NR_IRQS from 64+8192 to 2^^19
  + arm64: tegra: Add PWM fan for Jetson AGX Orin
  + arm-smmu-qcom: update to 6.2-rc5
  + atlantic: fix hibernation issues
  + Attend warnings with gcc 11&12 when building kernel and modules
  + Backport i2c-qcom-geni to 6.2
  + backport QDrive3 device tree and drivers/phy/qualcomm (6.2-rc2)
  + Backport QDrive 3 subsystem into CS9: pcie (6.2-rc2)
  + Backport QDrive 3 subsystem into CS9: pinctrl (6.2-rc5)
  + Backport QDrive 3 subsystem into CS9: serial
  + be2net: Fix buffer overflow in be_get_module_eeprom
  + blk-cgroup: don't update io stat for root cgroup
  + Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
  + cifs: backport directory caching from upstream
  + cifs: fix potential double free during failed mount
  + cifs: serialize all mount attempts
  + cpufreq: Enable CPUFREQ thermal cooling for NVIDIA Orin
  + cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode
  + crypto: jitter - consider 32 LSB for APT
  + CVE-2022-43750 kernel: memory corruption in usbmon driver
  + Disable CPPC+FIE on ARM64 machines with PCC trapping
  + docs: networking: Fix bridge documentation URL
  + drm/ast: Fix start address computation
  + dt-bindings: arm: qcom: 6.1 updates for QDrive3
  + EDAC/amd64: Handle three rank interleaving mode
  + Enable kAFS and it's dependancies in RHEL
  + etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead
  + Fix stack overflow in do_proc_dointvec and proc_skip_spaces
  + futex: Resend potentially swallowed owner death notification
  + iavf: Fix long delays when creating multiple VFs
  + ice: fix handling of burst Tx timestamps
  + icmp: Add counters for rate limits
  + [Intel 9.2 FEAT] igb: Driver Update
  + ipv6: remove max_size check inline with ipv4
  + IPv6: RHEL9.2 P2 backports from upstream
  + kernel.spec: allow to package some binaries as unstripped
  + kernfs: fix use-after-free in __kernfs_remove
  + Kself: RHEL9.2 P2 backports from upstream
  + KVM: arm64: GICv4.1: Fix race with doorbell on VPE activation/deactivation
  + KVM: x86: Backport SMM related fixes
  + Merge remote-tracking branch 'centos-stream-9/merge-requests/1484' into orin/pwm-fan-v0
  + missing tee/optee and lib/test_scanf commits for CS9
  + MLX4 driver upgrade - kernel 6.0
  + [mlx5] add support for offloading check_pkt_len
  + mlx5 v6.2 fixes
  + mmc: patches to support NVIDIA Orin
  + mm/kmemleak: Fix a UAF problem in kmemleak
  + netfilter: backports for 9.2 phase 2
  + netfilter: conntrack: handle tcp challenge acks during connection reuse
  + netfilter: flowtable_offload: fix using __this_cpu_add in preemptible
  + netfilter: nf_tables: honor set timeout and garbage collection updates
  + netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
  + net: gso: fix panic on frag_list with mixed head alloc types
  + net: mana: Fix accessing freed irq affinity_hint
  + net: sched: fix race condition in qdisc_graft()
  + net-sysfs: add check for netdevice being present to speed_show
  + nfsd: don't destroy global nfs4_file table in per-net shutdown
  + octeontx2: add Admin/Physical/Virtual Function drivers
  + pci: tegra: add fixes to sound/pci for NVIDIA Orin Support
  + perf: arm_cspmu: Add support for ARM CoreSight PMU driver
  + perf vendor events power10: Fix hv-24x7 metric events
  + Provide support for SPI on Arm SystemReady IR devices (imx8 and nvidia orin)
  + r8169: update the driver
  + RDMA/irdma: Cap MSIX used to online CPUs + 1
  + redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
  + redhat: add support for Jira issues in changelog
  + redhat: fix duplicate jira issues in the resolves line
  + redhat: Include Azure CVM specific udev rules into UKI's initramfs
  + redhat/kernel.spec.template: Parallelize compression
  + remoteproc: qcom: pas: bring 6.0 hw support and fixes
  + Revert "block: freeze the queue earlier in del_gendisk"
  + Revert "ethernet: Remove vf rate limit check for drivers"
  + Revert "vdpa/mlx5: Add RX MAC VLAN filter support"
  + [RHEL for Edge] add changes to enable USB support on NVIDIA Orin
  + [RHEL for Edge] Add devicetree bindings for drivers/dma on NVIDIA Orin
  + [RHEL for Edge] add fixes to drivers/tty/serial to support NVIDIA Orin
  + rtc: efi: Enable SET/GET WAKEUP services as optional
  + rtmutex: Add acquire semantics for rtmutex lock acquisition slow path
  + sctp: backports from upstream, 2nd phase
  + sctp: do not check hb_timer.expires when resetting hb_timer
  + selftests/net: give more time to udpgro bg processes to complete startup
  + selftests: net: update udpgso_bench test
  + soc: qcom: bring up to 6.2rc1
  + [SPR] perf: Workaround the UPI intel_uncore_has_discovery_tables issue on SPR MCC and LCC
  + tegra: Upstream DLA commits to support NVIDIA Orin
  + The Neoverse N2/A710 self hosted trace errata, and updated coresight and spe subsystem
  + thunderbolt: Fix DP tunneling out of resource
  + Update cpufreq/cpufreq-dt-platdev to 6.1
  + update drivers/clk/qcom to 6.2-rc2
  + Update drivers/power in order to support Arm SystemReady IR platforms
  + update drivers/regulator/qcom to 6.2-rc2
  + userfaultfd: add /dev/userfaultfd for fine grained access control
  + vfio migration support
  + virtio_console: break out of buf poll on remove
  + virtio_net: notify MAC address change on device initialization
  + x86/hyperv: Remove unregister syscore call from Hyper-V cleanup
  + x86/module: Fix the paravirt vs alternative order
  + xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses()
  + xfs: estimate post-merge refcounts correctly
  + xfs, iomap: fix data corrupton due to stale cached iomap

- New version (3.88.1).

- Updated to kernel-5.14.0-265.el9 (fixes: CVE-2022-3522, CVE-2022-3619, CVE-2022-41674, CVE-2022-4269, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722):
  + aio: fix mremap after fork null-deref
  + ALSA: Add Intel RaptorLake-P support
  + arm64: Add kernel variant for 64K page-sized ARM64
  + Bluetooth: L2CAP: Fix memory leak in vhci_write
  + bnxt: Driver update for RHEL9.2
  + clks: tegra: add fixes to drivers/clks for NVIDIA Orin Support
  + CNB: net: add netdev_sw_irq_coalesce_default_on()
  + crypto: ccp: update ccp driver upto v6.2-rc6
  + ena: Driver Update
  + Fix kselftests build after changes from bz2162116 (ipv4 backports)
  + Fix outstanding device-mapper bugs from upstream 6.1 and 6.2 an dm-cache cleanup issue
  + Fix the broken CPPC check for non-X86 systems
  + ipv6: Document that max_size sysctl is deprecated
  + ixgbevf: Driver update for RHEL9.2
  + Merge commit 'refs/merge-requests/1690/head' of gitlab.com:redhat/centos-stream/src/kernel/centos-stream-9 into RHEL-9.2-bnxt.update.04.MR1690
  + mm/hugetlb: address race condition in hugetlb_no_page()
  + net: add helper support in tc act_ct for ovs offloading
  + net: openvswitch: Add support to count upcall packets
  + net/other: phase-2 backports for RHEL-9.2
  + net: Return errno in sk->sk_prot->get_port().
  + net/sched: use the backlog for nested mirred ingress
  + nvme: backport fixes to RHEL9.2
  + ovs: backorts P2 for 9.2
  + panic, kexec: make __crash_kexec() NMI safe
  + RDMA: Add support of RDMA dmabuf for mlx5 driver
  + Recognize new Phoenix IDs for AMD-PMC driver
  + Revert "mm/compaction: fix set skip in fast_find_migrateblock"
  + [RHEL9.2 BZ2144376] IDXD driver fixes
  + [RHEL for Edge] add fixes to drivers/net/ethernet to support NVIDIA Orin
  + sched: Always inline is_percpu_thread()
  + tegra: BPMP patchs to support NVIDIA Orin
  + Update Marvell OcteonTX2 device drivers to v6.1-rc1
  + vhost/net: Clear the pending messages when the backend is removed
  + vlan: fix a netdev refcnt leak for QinQ
  + Wireless core and drivers rebase to v6.1
  + xfs: add selinux labels to whiteout inodes
  + xfs: reserve quota for dir expansion when linking/unlinking files

- Build for kernel-image-centos-5.14.0.265-alt1.el9.

- New version (110.0.5481.77).
- Upstream disallow to chromium build with system libwayland (crbug.com/1385736).
- Add more parameters to Yandex search url (ALT#45192).
- Security fixes:
  - CVE-2023-0696: Type Confusion in V8.
  - CVE-2023-0697: Inappropriate implementation in Full screen mode.
  - CVE-2023-0698: Out of bounds read in WebRTC.
  - CVE-2023-0699: Use after free in GPU.
  - CVE-2023-0700: Inappropriate implementation in Download.
  - CVE-2023-0701: Heap buffer overflow in WebUI.
  - CVE-2023-0702: Type Confusion in Data Transfer.
  - CVE-2023-0703: Type Confusion in DevTools.
  - CVE-2023-0704: Insufficient policy enforcement in DevTools.
  - CVE-2023-0705: Integer overflow in Core.

- New version (1.8.1)

- Updated to kernel-5.14.0-259.el9 (fixes: CVE-2021-33655, CVE-2023-0266, CVE-2023-0394):
  + ALSA: backport upstream fixes for 9.2
  + arm64: Update core arch code to v5.19
  + cifs: fix use-after-free caused by invalid pointer `hostname`
  + crypto: testmgr - disallow certain DRBG hash functions in FIPS mode
  + dmaengine: Fix double increment of client_count in dma_chan_get()
  + ext4, jbd2: Stable update and fixes for RHEL 9.2
  + Fix: kernel: sending malicious data to kernel by ioctl FBIOPUT_VSCREENINFO may cause out of bounds write memory
  + Fix obscure ACPI crash on debug kernels
  + fs: replace ll_rw_block()
  + ice: Add missing commits
  + ice: Enable GNSS write capability
  + Input and HID backport to 6.0.x
  + ip tunnels: Fix erroneous calls to RT_TOS().
  + ipv4: Secound round of upstream fixes for RHEL 9.2.
  + ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
  + ipvlan/macvlan: phase-2 backports for RHEL-9.2
  + iwlwifi: fix AC9560 firmware crash and remove previous workaround
  + KVM: aarch64: Rebase to v6.0
  + KVM: SVM: Only dump VMSA to klog at KERN_DEBUG level
  + l2tp: Fix race conditions at tunnel creation time.
  + mailbox: qcom-ipcc: flag IRQ NO_THREAD
  + Merge commit 'refs/merge-requests/1690/head' of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9 into 6.0_patches_with_devlink
  + MLX5 driver upgrade - kernel 6.0
  + mptcp: phase-2 backports for RHEL-9.2
  + netfilter: conntrack: ignore overly delayed tcp packets
  + net: Fix return value of qdisc ingress handling on success
  + net: mana: Fix race on per-CQ variable napi work_done
  + net/sched: phase-2 backports for RHEL-9.2
  + nfsd: don't free files unconditionally in __nfsd_file_cache_purge
  + RDMA/siw: Always consume all skbuf data in sk_data_ready() upcall.
  + [RHEL for Edge] NVIDIA Orin support, Tegra DRM and host1x
  + rtla: Fix exit status when returning from calls to usage()
  + scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM
  + statx: add direct I/O alignment information
  + sync vdpa with upstream
  + tcp: stable backports for 9.2 phase 2
  + tdx: add the attestation driver
  + tipc: backports from upstream, 2nd phase
  + update cpufreq to v6.0
  + Update thermal/drivers/qcom for Qdrive3
  + Upgrade drivers/net/can in order to support Arm SystemReady IR
  + vfio: Fix sr-iov mdev regression, PCI reset regression, complete baseline migration support

- Add support for RHEL9.2 5.14.0-248.el9.

- New release (109.0.1).

- New release (109.0.1).

- New version (109.0.5414.119).
- Add a workaround to make the https_proxy environment variable work (ALT#44986).
- Security fixes:
  - CVE-2023-0471: Use after free in WebTransport.
  - CVE-2023-0472: Use after free in WebRTC.
  - CVE-2023-0473: Type Confusion in ServiceWorker API.
  - CVE-2023-0474: Use after free in GuestView.

- Updated to kernel-5.14.0-247.el9:
  + ALSA: add AMD Pink Sardine DMIC driver
  + bnxt_re: Driver update to v6.0
  + CNB: genirq/msi: Use a named struct for PCI/MSI attributes and other PCI/MSI cleanups
  + CNB: rebase/update devlink for RHEL 9.2
  + config: Enable Security Path
  + gitlab-ci: use CI templates from production branch
  + nvme: fix SRCU protection of nvme_ns_head list
  + perf hv_gpci events fails with not supported error
  + powerpc/perf: Fix branch_filter support for multiple filters
  + [redhat] Enable CONFIG_GPIO_CDEV_V1
  + [s390]: RHEL9 -  s390/kexec: fix ipl report address for kdump
  + Support for decoding CPER CXL protocol error sections
  + update Chrome and Mellanox platform drivers to v6.0
  + Update cpuidle to match Linux v6.0

- New version (1.67.0).

- Updated to kernel-5.14.0-243.el9:
  + aquantia: Do not purge addresses when setting the number of rings
  + arm64: Update drivers/soc/tegra to v6.0
  + blk-cgroup: Fix potential lockup in blkcg_rstat_flush()
  + DG2 DRM Backport
  + drm/amd: Delay removal of the firmware framebuffer
  + Fix call trace from create_trace_option_files in kernel/trace/trace.c
  + Fix for CSB.V bit never becomes valid for NX Gzip job during LPAR migration
  + Follow-up fixes for nfsd for 9.2
  + fs/exec: switch timens when a task gets a new mm
  + ixgbe: Driver update for RHEL9.2
  + mailbox: qcom-ipcc: update qcom-ipcc
  + net: Backport data race annotations in the networking stack (part 2)
  + perf test: Fix "all PMU test" to skip parametrized events
  + perf tools: Fix empty version number when building outside of a git repo
  + powerpc/kprobes: Fix null pointer reference in arch_prepare_kprobe()
  + redhat: ignore rpminspect runpath report on urandom_read selftest binaries
  + rtla: Add License to spec file and sync summary text with upstream
  + [s390]: RHEL9 - dasd: fix no record found for raw_track_access
  + [s390]: RHEL9 - s390/cio: add dev_busid sysfs entry for each subchannel
  + selftests/bpf: test_stacktrace_build_id: use kprobe/urandom_read
  + Update intel_idle to upstream 6.0
  + vsock: backport latest commits for RHEL-9-2
  + xfrm: Fix oops in __xfrm_state_delete()

- New version (3.8)

- New version (1.66.1).
- Security fixes:
  + CVE-2022-46176: Cargo did not verify SSH host keys.

- New release (109.0).

- New release (109.0).
- Security fixes:
  + CVE-2023-23597: Logic bug in process allocation allowed to read arbitrary files
  + CVE-2023-23598: Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599: Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23600: Notification permissions persisted between Normal and Private Browsing on Android
  + CVE-2023-23601: URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602: Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2023-23603: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23604: Creation of duplicate <code>SystemPrincipal</code> from less secure contexts
  + CVE-2023-23605: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
  + CVE-2023-23606: Memory safety bugs fixed in Firefox 109

- Updated to kernel-5.14.0-236.el9 (fixes: CVE-2022-2964, CVE-2022-4139):
  + [9.2] MEI Backport for Intel DG2 support
  + Add support for second RPL-S CPUID
  + ADL-N: Fix multiple packages shown on a single-package system
  + bpf, xdp: update to 6.0
  + cpu/hotplug: Fix some cpuhp->target issues
  + crypto: xts - drop xts_check_key()
  + drm/i915: fix TLB invalidation for Gen12 video and compute engines
  + During DLPAR operations in shared mode and dedicated mode with smt loop, device tree entries are not getting populated
  + fs: add mode_strip_sgid() helper
  + KVM: nVMX: Inject #GP, not #UD, if "generic" VMXON CR0/CR4 check fails
  + mmc: bcm2835: stop setting chan_config->slave_id
  + net: skb free reason sync part 2
  + net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
  + net: vrf: determine the dst using the original ifindex for multicast
  + pNFS/filelayout: Fix coalescing test for single DS
  + Revert "nvme: warn about shared namespaces without CONFIG_NVME_MULTIPATH"
  + sched/core: Fix bugs in user_cpus_ptr handling
  + scsi: target: core: Fix hard lockup when executing a compare-and-write command
  + [SPR] CPU: AMX: Improve the init_fpstate setup code
  + tracing: Add linear buckets to histogram logic
  + vmxnet3: correctly report csum_level for encapsulated packet
  + vxlan: Backport vxlan file split
  + x86: remove vendor checks from prefer_mwait_c1_over_halt

- New version (109.0.5414.74).
- Security fixes:
  - CVE-2023-0128: Use after free in Overview Mode.
  - CVE-2023-0129: Heap buffer overflow in Network Service.
  - CVE-2023-0130: Inappropriate implementation in Fullscreen API.
  - CVE-2023-0131: Inappropriate implementation in iframe Sandbox.
  - CVE-2023-0132: Inappropriate implementation in Permission prompts.
  - CVE-2023-0133: Inappropriate implementation in Permission prompts.
  - CVE-2023-0134: Use after free in Cart.
  - CVE-2023-0135: Use after free in Cart.
  - CVE-2023-0136: Inappropriate implementation in Fullscreen API.
  - CVE-2023-0137: Heap buffer overflow in Platform Apps.
  - CVE-2023-0138: Heap buffer overflow in libphonenumber.
  - CVE-2023-0139: Insufficient validation of untrusted input in Downloads.
  - CVE-2023-0140: Inappropriate implementation in File System API.
  - CVE-2023-0141: Insufficient policy enforcement in CORS.

- New version (0.9.17).