- 000release-packages:Multi-Linux-Manager-Proxy-release
-
- Update EOL to 2027-07-31
- Handle properly the migrations from SUSE Manager 5.0 to
SUSE Multi-Linux Manager 5.1 (bsc#1243486)
- aaa_base
-
- Update to version 84.87+git20250903.33e5ba4:
* Correct fix for boo#1247495 (boo#1248158)
- Update to version 84.87+git20250805.3069494:
* Remove initviocons for tcsh as well and
* Update csh.login
* Add missing quoting and remove unneeded uses of eval
- Update to version 84.87+git20250801.f305627:
* Remove sysconfig.language [bsc#1247286]
- Update to version 84.87+git20250801.b2fa3fe:
* Allow /etc/locale.conf to have no newline
- Update to version 84.87+git20250429.1cad3bc:
* Remove alias "you" (boo#1242011)
- Update to version 84.87+git20250425.1664836:
* Fix bug boo#1241205 by adding missed endif
* alias.bash: future-proof egrep/fgrep color aliases
- Update to version 84.87+git20250410.71df276:
* Modern s390x uses TERM=linux for ttysclp<X>
- Update to version 84.87+git20250313.4dd1cfd:
* DIR_COLORS: add backup and temporary file extensions
* DIR_COLORS: sort audio formats
* DIR_COLORS: use cyan for audio formats instead of green
* DIR_COLORS: add 'avif' to image formats
* DIR_COLORS: add updated and sorted list of archive formats
* DIR_COLORS: don't colour DOS/Windows executables
* DIR_COLORS: update existing colours and add missing ones
* DIR_COLORS: add COLORTERM and 'st' terminal
* DIR_COLORS: update file description
* DIR_COLORS: sort TERM entries
* DIR_COLORS: remove COLOR, OPTIONS and EIGHTBIT
- Update to version 84.87+git20250313.e71c2f4:
* Respect PROFILEREAD/CSHRCREAD at shell switch
* Modernize specfile
* Add safety quotes and proper escaping
* Avoid bashisms in build recipe
* Add setup-systemd-proxy-env
* profile.{sh,csh}: Drop useless proxy variables cleanup
- Update to version 84.87+git20250102.c08e614:
* Load distrobox_profile.sh
- audit:audit-secondary
-
- Fix plugin termination when using systemd service units (bsc#1215377)
* add auditd.service-fix-plugin-termination.patch
- chrony
-
- Update to version 4.8:
* Add maxunreach option to limit selection of unreachable sources
* Add -u option to chronyc to drop root privileges (default
chronyc user is set by configure script)
* Fix refclock extpps option to work on Linux >= 6.15
* Validate refclock samples for reachability updates
* Obsoletes chrony-unix-socket.patch
* Obsoletes chrony-remove-chmod.patch
- bsc#1246544: Fix racy socket creation
* Add chrony-unix-socket.patch
* Add chrony-remove-chmod.patch
- Update clknetsim to snapshot a2eb0b25.
- Update to version 4.7:
* Add opencommands directive to select remote monitoring
commands
* Add interval option to driftfile directive
* Add waitsynced and waitunsynced options to local directive
* Add sanity checks for integer values in configuration
* Add support for systemd Type=notify service
* Add RTC refclock driver
* Allow PHC refclock to be specified with network interface name
* Don’t require multiple refclock samples per poll to simplify
filter configuration
* Keep refclock reachable when dropping samples with large delay
* Improve quantile-based filtering to adapt faster to larger
delay
* Improve logging of selection failures
* Detect clock interference from other processes
* Try to reopen message log (-l option) on cyclelogs command
* Fix sourcedir reloading to not multiply sources
* Fix tracking offset after failed clock step
* Drop support for NTS with Nettle < 3.6 and GnuTLS < 3.6.14
* Drop support for building without POSIX threads
- Update clknetsim to snapshot 530d1a5.
- Update to version 4.6.1:
* Add ntsaeads directive to enable only selected AEAD algorithms
for NTS.
* Negotiate use of compliant NTS keys with AES-128-GCM-SIV AEAD
algorithm.
* Switch to compliant NTS keys if first response from server is
NTS NAK.
- Drop rcFOO symlinks for CODE16 (PED-266).
- Update to version 4.6:
* Add activate option to local directive to set activation threshold
* Add ipv4 and ipv6 options to server/pool/peer directive
* Add kod option to ratelimit directive for server KoD RATE support
* Add leapseclist directive to read NIST/IERS leap-seconds.list file
* Add ptpdomain directive to set PTP domain for NTP over PTP
* Allow disabling pidfile
* Improve copy server option to accept unsynchronised status instantly
* Log one selection failure on start
* Add offset command to modify source offset correction
* Add timestamp sources to ntpdata report
* Fix crash on sources reload during initstepslew or RTC initialisation
* Fix source refreshment to not repeat failed name resolving attempts
* Obsoletes chrony-124-tai.patch
- The project's new home is https://chrony-project.org/ .
- Update clknetsim to snapshot 633a0be: fix missing stat/fstat with
latest glibc.
- cloud-init
-
- Update to version 25.1.3 (bsc#1245401,bsc#1245403)
+ Forward port
- cloud-init-no-openstack-guess.patch
+ docs: provide example3 for PAM and ssh_pwauth behavior (#27)
+ fix: Make hotplug socket writable only by root (#25) (CVE-2024-11584)
+ fix: Don't attempt to identify non-x86 OpenStack instances (LP: #2069607)
(CVE-2024-6174)
From 25.1.2
+ fix: ensure MAAS datasource retries on failure (#6167)
- Update to version 25.1.1 (bsc#1239715,jsc#PED-8680,bsc#1228414)
+ Removed included upstream
- pep-594-drop-pipes.patch
- cloud-init-fix-python313.patch
- cloud-init-dont-assume-ordering-of-ThreadPoolExecutor.patch
- cloud-init-direxist.patch
- cloud-init-wait-for-net.patch
- cloud-init-usr-sudoers.patch
- cloud-init-no-nmcfg-needed.patch
- cloud-init-keep-flake.patch
- cloud-init-lint-fixes.patch
- cloud-init-pckg-reboot.patch
- cloud-init-ds-deterministic.patch
- cloud-init-write-routes.patch
- cloud-init-skip-empty-conf.patch
+ Forward port
- cloud-init-no-tempnet-oci.patch
- cloud-init-no-openstack-guess.patch
- cloud-init-lint-set-interpreter.patch
+ Add
- cloud-init-ssh-usrmerge.patch (bsc#1237764)
- cloud-init-lint-set-interpreter.patch
- cloud-init-lint-fix.patch
- cloud-init-no-single-process.patch
- cloud-init-needs-action.patch
+ Drop hidesensitivedata in 16 & greater
+ test: pytestify cc_chef tests, add migration test
+ chef: migrate files in old config directories for backups and cache
+ fix: correct the path for Chef's backups (#5994)
+ fix(Azure): don't reraise FileNotFoundError during ephemeral setup (#6113)
+ fix(azure): handle unexpected exceptions during obtain_lease() (#6092)
[Ksenija Stanojevic]
+ Allow to set mac_address for VLAN subinterface (#6081)
[jumpojoy] (GH: 5364)
+ fix: Remove erroneous EC2 reference from 503 warning (#6077)
+ fix: NM reload and bring up individual network conns (#6073) [Ani Sinha]
+ fix: stop warning on dual-stack request failure (#6044)
+ fix: install_method: pip cannot find ansible-pull command path (#6021)
[Hasan Aliyev] (GH: 5720)
+ fix: Fix DataSourceAliYun exception_cb signature (#6068) (GH: 6066)
+ fix: Update OauthUrlHelper to use readurl exception_cb signature
(GH: 6065)
+ test: add OauthUrlHelper tests
+ test: Remove CiTestCase from test_url_helper.py
+ test: pytestify test_url_helper.py
+ fix: track more removed modules (#6043)
- From 25.1
+ ci: fix post-merge packaging CI (#6038)
+ feat(azure): Fix imds-based ssh_pwauth (#6002) [Ksenija Stanojevic]
+ ci: check for sorted patches (#6036)
+ feat: aliyun datasource support crawl metadata at once (#5942)
[jinkangkang]
+ docs: document /usr merge breaking change (#6032)
+ test: Add integration test for /var mounts (#6033)
+ test: Ensure pre-24.2 custom modules work (#6034)
+ doc: Update references to older keys (#6022) [Pedro Ribeiro]
+ fix: untyped-defs in tests/unittests/{config, net, sources} (#6023)
[Romain]
+ fix: don't reference PR in post-merged CI (#6019)
+ chore: explicitly skip broken ansible integration tests (#5996) [a-dubs]
+ tests(oracle): fix test_install_missing_deps apt race condition (#5996)
[a-dubs]
+ test(oracle): fix test_ubuntu_drivers_installed (#5996) [a-dubs]
+ test(oracle): fix test_frequency_override integration test (#5996)
[a-dubs]
+ chore: add type hint to IntegrationCloud's cloud_instance field (#5996)
[a-dubs]
+ test(oracle): fix modules/test_lxd.py::test_storage_lvm on noble (#5996)
[a-dubs]
+ commit 9e591fff266be9d4c83f74ec02a717b74993304d [a-dubs]
+ net/sysconfig: do not remove all existing settings of
/etc/sysconfig/network (#5991) [Ani Sinha] (GH: 5990)
+ fix: remove wrong return when checking if network necessary (#6013)
+ fix: typing for rsyslog, ubuntu_pro, power_state_change (#5985)
[MostafaTarek124eru]
+ fix: Retry on OpenStack HTTP status codes (#5943) [weiyang] (GH: 5687)
+ fix: Ensure fqdn is treated as string in get_hostname_fqdn (#5993)
[MKhatibzadeh] (GH: 5989)
+ feat(vmware): Convert imc network config to v2 (#5937) [PengpengSun]
+ ci: add upstream post-merge test
+ ci: check if upstream commit causes ubuntu patch conflicts
+ ci: organize cla tests together
+ test: eliminate obsolete cases, add non-error case
+ chore: remove redundant manual schema validation
+ doc: clarify subiquity docs
+ chore: cleanup `len' usage (#5956) [Shreenidhi Shedi]
+ Fix: GCE _get_data crashes if DHCP lease fails (#5998) [Bryan Fraschetti]
+ Fixes GH-5997
+ fix: correct the path for Chef's cache (#5994)
[MostafaTarek124eru] (GH: 5090)
+ fix: Run ansible with run_user instead of root for distro install_method
(#5986) [Amirhossein Shaerpour] (GH: 4092)
+ fix: retry AWS hotplug for async IMDS (#5995) (GH: 5373)
+ feat(integration_tests): add optional INSTANCE_TYPE setting (#5988)
[Alec Warren]
+ feat(integration-tests): set boto3 and botocore to INFO to prevent
log spamming [a-dubs]
+ ci: add 'tox -e integration-tests-fast' command [a-dubs]
+ chore: Add feature flag for manual network waiting (#5977)
+ Release 24.4.1
+ fix: Use /usr/lib/ rather than /lib in packaging code (#5970)
+ Use log_with_downgradable_level for user password warnings (#5927)
[Ani Sinha]
+ doc: change to hyphenated keys (#5909) (GH: 5555)
+ fix: Wait for udev on openstack (#5947) [Robert Schweikert] (GH: 4125)
+ test: disambiguate resource cleanup from test failure (#5926)
+ fix: use program name of netcat as installed by upstream, "nc" (#5933)
(#5933) [Andreas K. Hüttel]
+ ci: bump canonical/setup-lxd to version v0.1.2 (#5948)
+ feat(cc_chef): Allow change of Chef configuration file (#5925)
[Sean Smith]
+ docs: fix typo in generated file in LXD tutorial (#5941) [Pavel Shpak]
+ feat: Identify Samsung Cloud Platform as OpenStack (#5924) [us0310306]
+ fix: don't deadlock when starting network service with systemctl (#5935)
+ feat: Custom keys for apt archives (#5828) [Bryan Fraschetti] (GH: 5473)
+ test: improve test initialization error path (#5920)
+ chore: improve logging when lxd detection fails (#5919)
+ fix: Add "manual" to allowed subnet types (#5875)
[Math Marchand] (GH: 5769)
+ fix: remove bad ssh_svcname setting for Gentoo/OpenRC (#5918)
[Andreas K. Hüttel]
+ feat(gentoo): Add compatibility for Gentoo with systemd (#5918)
[Andreas K. Hüttel]
+ fix(ovf): no warning should be log when rpctool found no value (#5915)
[PengpengSun] (GH: 5914)
+ Move DS VMware to be in front of DS OVF (#5912) [PengpengSun] (GH: 4030)
+ ci: Add proper 'Breaks: ' to integration testing simple deb (#5923)
+ chore: Add akhuettel to CLA signers file (#5917) [Andreas K. Hüttel]
+ chore: eliminate calls at import time (#5889) (GH: 5344)
+ test: Add pyserial to test-requirements.txt (#5907)
+ test: Allow unknown size in growpart test (#5876)
+ doc: Update tutorials [Sally]
+ fix: bump azure key size to 3072 (#5841)
24.4.1
+ fix: Ensure _should_wait_via_user_data() handles all user data types (#5976)
+ fix: Don't log error in wait_for_url (#5972)
+ feat(url_helper): Retry on 503 error (#5938)
+ fix: Don't break modules that use get_meta_doc() (#5953)
+ refactor: Pass deprecation log args as tuple (#5953)
+ fix: uninstall custom signal handlers before shutdown (#5913)
24.4
+ test: Ensure unit ordering in ftp tests includes downstream units (#5892)
+ test: re-decrement expected webhook events (#5894)
+ test: allow relative path in apt-get test (#5891)
+ Fix metric setting of nmconnection for rhel (#5878) [Amy Chen]
+ chore: remove unused code(#5887)
+ feat(ephemeral): replace old has_url_connectivity() with new
_check_connectivity_to_imds() [a-dubs]
+ feat(oracle): add true single stack ipv6 support [a-dubs]
+ feat(ephemeral): refactor ephemeralIP and add ipv6 connectivity check
[a-dubs]
+ test: Decrement expected webhook events (#5888)
+ chore: remove `--docs` option from `cloud-init schema` (#5857) (GH: 5756)
+ test: pytestify "tests/unittests/config/test_cc_timezone.py" (#5885)
[Mahesh Ghumare]
+ ci: bump integration tests to use plucky
+ test: add grub_dpkg to inactive modules
+ test: move default behavior tests into their own module
+ test(apt): add plucky version for hello pkg (#5883)
+ Docs: improved mermaid diagram for better visibility. Add "MaheshG11"
as contributor (#5874) [Mahesh Ghumare] (GH: 5837)
+ fix(ntp): Fix RockyLinux OS support (#5864) [Sid Shukla]
+ chore(jsonschema): migrate from deprecated Validator.iter_errors (#5856)
+ chore: remove deprecation warning getting jsonschema's version (#5856)
+ chore: use filter arg for tar.extractall (#5856)
+ chore: remove __init__ from pytest test class (#5856)
+ chore: do not test element's truth value directly (#5856)
+ chore: migrate from deprecated datetime.datetime.utcfromtimestamp (#5856)
+ chore: migrate from deprecated datetime.datetime.utcnow() (#5856)
+ chore: set recursive=False for ensure_dir if parent path is "/" (#5816)
[sxt1001]
+ ci: fix broken daily dependencies (#5867)
+ ci: fix packaging tests (#5865)
+ feat(vultr): add override for network interface detection (#5847)
[Andrew Davis]
+ feat(networkd): Support RequiredForOnline option (#5852) [Dan McGregor]
+ Prevent NM from handling DNS when network interfaces have DNS config
(#5846) [Ani Sinha]
+ fix(smartos): Add `addrconf` IPv6 support (#5831)
[blackhelicoptersdotnet]
+ freebsd: adjust to match the new pyyaml package name (#5844)
[Gonéri Le Bouder]
+ fix: disable grub-dpkg by default (#5840)
+ fix(openbsd): Enable sysv init scripts in OpenBSD build script (#5790)
[Hyacinthe Cartiaux] (LP: 4036, #1992853)
+ test: Fix duplicate judgment conditions in password generation (#5835)
[sxt1001]
+ chore: don't render non-templated unit files (#5830)
+ chore: simplify and standardize cloud-final.service (#5830)
+ chore: simplify Conflicts=shutdown.target (#5830)
+ chore: remove redundant Before=NetworkManager.service (#5830)
+ chore: remove unnecessary systemd settings (#5830)
+ chore: eliminate redundant ordering dependencies (#5819)
+ fix: fix ordering cycle for distros with default deps (#5819) (GH: 5755)
+ test: unbreak pytest-xdist (#5829)
+ feat: Conditionally remove networkd online dependency on Ubuntu (#5772)
+ feat: Ensure random passwords contain multiple character types (#5815)
[sxt1001] (GH: 5814)
+ docs: split example page into example library (#5645) [Sally]
+ doc: clarify workarounds required for single process changes (#5817)
+ chore: add 3.13 to PR CI runs, 3.14 to scheduled (#5825)
+ fix: Render v2 bridges correctly on network-manager with set-name
(#5740) (GH: 5717)
+ test: add no_thinpool unit test (#5802)
+ chore: split lxd init config into separate function (#5802)
+ test: pytestify test_cc_lxd.py (#5802)
+ fix: Correctly handle missing thinpool in cc_lxd (#5802)
+ fix: Render bridges correctly for v2 on sysconfig with set-name (#5674)
(GH: 5574)
+ tests(minimal): rsyslog not in minimal images expect warning (#5811)
+ tests(lxd): avoid failure on multiple calls to --show-log (#5811)
+ chore: update netplan import semantics and related tests (#5805)
(GH: 5804)
+ lint: fix untyped-defs on /tests/unittest/cmd (#5800) [iru]
+ test: actually use devel release and verify_clean_boot enhancements
(#5801)
+ feat(locale): locales install on minimal images when cfg requests (#5799)
+ feat(byobu): support byobu install on minimal images when cfg requests
(#5799)
+ chore: Use devel release and no sbuild in integration CI (#5798)
+ test: Update integration tests from netplan backport (#5796)
+ test: add get_syslog_or_console for minimal images without syslog (#5793)
+ chore: Remove resize_root_tmp from cloud.cfg.tmpl (#5795) (GH: 5786)
+ docs: Fix field name from `contents` to `content` (#5787) [Igor Akkerman]
+ chore: bump pycloudlib to required version (#5792)
+ fix: avoid deprecation logs for calling cli stages (#5770) (GH: 5726)
+ tests: bump pycloudlib deps to include gce bug fix for id str (#5783)
+ fix(test): convert use p.gce.instance.id instead of instance_id (#5783)
+ fix(network-manager): bond properties and network schema (#5768)
[Denis Kadyshev]
+ Fix metric setting for ifcfg network connections for rhel (#5777)
[Ani Sinha] (GH: 5776)
+ fix(akamai): handle non-string user data in base64 decoding (#5751)
[Jesse Alter]
+ fix(ci): do not auto stale issues (#5775)
+ Make pytest more verbose for easier debugging (#5778) [Ani Sinha]
+ ci: fix tox.ini pytest cmd to use cloudinit dir for coverage reporting
(#5774) [Alec Warren]
+ tests: add OS_IMAGE_TYPE setting to allow for minimal tests (#5682)
+ test(hotplug): Simplify test_multi_nic_hotplug (#5763)
+ test(hotplug): increase nc timeout (#5763)
+ test: pytestify test_main.py (#5758)
+ test(ec2-dual-stack): fix int-test (#5762)
+ test: make verify_clean_boot really respect return code (#5761)
+ test: bump timeout in test_order (#5759)
+ docs: Properly document the cc_ubuntu_autoinstall module (#5757)
+ docs: fix WSL tutorial (#5752) (GH: 5746)
+ test: make verify_clean_boot respect return code by environment (#5754)
+ feat(integration_test): add CLOUD_INIT_PKG setting (#5739)
+ fix(ci): fix packaging check merge operation (#5750)
+ doc: do not document user.meta-data key (#5745)
+ test: avoid undocumented lxd key (#5748)
+ test: Refactor test_cc_set_hostname.py and test_cc_ntp.py (#5727)
+ chore: update docs URLs to cloud-init.io (#5741)
+ test: fix timer logging change expected logs (#5734)
+ fix: type annotations for several modules (#5733)
+ chore: add timer to io and string manipulation code
+ feat: add log package and performance module
+ remove newline injected for cloud-init status --wait (#5700)
[Andrew Nelson] (GH: 5863)
+ test: webhook require_deprecation msg on 24.3 (#5731)
+ test: fix test_nocloud message typo introduced by 313390f8 (#5731)
+ test: Fix test_log_message_on_missing_version_file (#5730)
+ tests: assert info level warnings instead of require_deprecation
+ tests: fix test to ignore_warnings not require Used fallback ds
+ chore: clean up pytest warnings (#5721)
+ tests(pro): bump pycloudlib add noble release to pro tests (#5719)
+ fix(hotplugd.socket): remove basic.target as dependency (#5722)
(LP: #2081124)
+ ci: fix integration test positional argument (#5718)
+ Create datasource for CloudCIX (#1351) [BrianKelleher]
+ ci: colorize output (#5716)
+ fix(schema): Allow for locale: false in schema add tests (#5647)
+ ci: fix packaging patch check (#5713)
+ chore: clean up old pickle workaround (#5714)
+ fix: force sftp cleanup when done with instance (#5698)
+ test(hotplug): reenable vpc test in focal (#5492)
+ chore: fix typing of userdata_raw (#5710)
+ fix(NetworkManager): Fix network activator (#5620)
+ fix: lxd do not check for thinpool kernel module (#5709)
+ docs: fix typo in docstring (#5708)
+ Scaleway: Force on-link: true for static networks (#5654)
[Louis Bouchard] (LP: 5523, #2073869)
+ fix: Invalid "seedfrom" in NoCloud system configuration (#5701)
+ tests: pytestify test_nocloud.py (#5701)
+ test: make verify_clean_boot respect return code by series (#5695)
+ fix: use cross-distro netcat name (#5696)
+ ci: fix labeler (#5697)
+ chore(actions): add packaging label for any branches modifying debian/*
+ (#5693)
+ test: add verify_clean_boot() calls alongside verify_clean_log() (#5671)
+ test: add deprecation support to verify_clean_boot (#5671)
+ doc: remove misleading warning (#5681)
+ chore: Prefer other methods over $INSTANCE_ID (#5661)
+ ci: fix packaging test when no patches (#5680)
+ chore: fix tip-ruff and update to latest version (#5676)
+ chore: make ansible test serial (#5677)
+ feat(ec2): Bump url_max_timeout to 240s from 120s. (#5565)
[Robert Nickel]
+ chore: fix typo in requirements.txt (#5637)
+ feat: make pyserial an optional dependency (#5637)
+ chore: bump ci dependency versions (#5660)
+ chore: drop broken optimization (#5666)
24.3.1
+ test: add test coverage for iproute2 commands (#5651)
+ fix(netops): fix ip addr flush command (#5651) (GH: 5648)
24.3
+ docs: Clarify v2 set-name behavior (#5639)
+ fix: properly handle blank lines in fstab (#5643)
+ fix: cc_user_groups incorrectly assumes "useradd" never locks password
field (#5355) [dermotbradley]
+ tests: assert cloud-init user-data cert is the only root cert (#5641)
+ feat: add automation for ubuntu/* branches asserting quilt patches apply
(#5622)
+ fix(sources/wsl): no error with empty .cloud-init dir (SC-1862) (#5633)
+ feat(azure): add PPS support for azure-proxy-agent (#5601)
[Ksenija Stanojevic]
+ fix(tests): use instance.clean/restart instead of clean --reboot (#5636)
+ test: fix cmd/test_schema int test (#5629)
+ test: fix test_honor_cloud_dir int test (#5627)
+ docs: alphabetize dsname lookup table. update comment to create the csv
(#5624)
+ docs: new datasources should update reference/ds_dsname_map (#5624)
+ test: fix ca_certs int test (#5626)
+ chore: update schema docs to use RST bold for config key names (#5562)
+ fix(doc): italics around deprecation prefix, description bolds key names
(#5562)
+ feat(doc): add env vars to debug config module doc builds (#5562)
+ fix(doc): doc of nested objects under JSON schema items.oneOf (#5562)
+ fix(doc): object type check if patternProperties or properties (#5562)
+ doc(schema): schema descriptions should end with trailing stop (#5562)
+ fix(wsl): Properly assemble multipart data (#5538) [Carlos Nihelton]
+ feat: collect-logs improvements (#5619)
+ tests: fix test_ca_certs.py for gcp (#5621)
+ fix(nm): Ensure bond property name formatting matches schema definition
(#5383) [Curt Moore]
+ Update behavior of base bond interface with NetworkManager (#5385)
[Curt Moore]
+ ci: Drop Python 3.6 and 3.7 (#5607)
+ chore(black): Bump version (#5607)
+ chore(mypy): Fix failures on newer versions of mypy (#5607)
+ chore(tox.ini): Simplify configuration, fix minor bugs (#5607)
+ chore(mypy): Lint log module (#5607)
+ fix(systemd): Correct location of installed drop-in files(#5615)
[Noah Meyerhans]
+ fix(btrfs): Version parsing (#5618)
+ docs: Remove unnecessary section, add feature flag page (#5617)
+ docs: Drop Python 3.6 and 3.7 support (#5617)
+ chore: explain other use of oauth (#5616)
+ chore(actions): add doc label for any doc related subdir file matches
(#5602)
+ doc: Add misc links, improve wording (#5595)
+ doc(boot): Make first boot a dedicated page (#5595)
+ doc: Describe all stages in a single process (#5595)
+ chore: Deprecate old commands in help output (#5595)
+ chore: add comment explaining the NetworkManager may-fail setting
(#5598) [Ani Sinha]
+ Revert "fix(vmware): Set IPv6 to dhcp when there is no IPv6 addr
(#5471)" (#5596) [PengpengSun]
+ fix: read_optional_seed to set network-config when present (#5593)
+ feat(snap): avoid refresh on package_upgrade: true and refresh.hold
(#5426)
+ fix: Fix tests which have outdated strings (#5585)
+ fix: Fix ftp failures (#5585)
+ doc: improve integration testing configuration instructions (#5556)
[Alec Warren]
+ azure: check azure-proxy-agent status (#5138) [Ksenija Stanojevic]
+ refactor: refactor and fix mypy in DataSourceIBMCloud.py (#5509)
[Alec Warren]
+ fix: Update default LXD meta-data with user meta-data (#5584)
+ chore: Fix log message in url_helper.py (#5583)
+ fix: nocloud no fail when network-config absent (#5580)
+ feat: Single process optimization (#5489)
+ chore: Add helper, refactor utilities into separate module (#5573)
+ refactor: update handle function of cc_mounts (#5498)
+ fix: Integration tests (#5576)
+ fix(NoCloudNet): Add network-config support (#5566)
+ feat: Eliminate redundant configuration reads (#5536)
+ fix(actions): correct typo in cloudinit/config/schemas/ match (#5570)
+ fix: add host template for AOSC (#5557) [Yuanhang Sun]
+ chore(debian): Remove vestigial postinst and preinst code (#5569)
+ fix(actions): doc labeler needs all clause instead of default any (#5568)
+ docs: Overhaul user data formats documentation (#5551)
+ chore: Deprecate ENI as an input configuration format (#5561)
+ doc: improve drop-in custom modules (#5548)
+ doc(NoCloud): Categorize the different configuration types (#5521)
+ doc(autoinstall): Remove incorrect statements, be more direct (#5545)
+ chore: remove unneeded doc-lint tox env config (#5547)
+ fix(doc-spelling): config spelling_word_list_filename (#5547)
+ doc(modules): add section to wrap modules' doc (#5550)
+ doc: Update docs on boothooks (#5546)
+ fix: doc auto label to consider schema json changes as doc PRs (#5543)
+ feat(schema): add chef_license schema enum (#5543)
+ doc: add diagram with boot stages (#5539)
+ docs: improve qemu command line (#5540) [Christian Ehrhardt]
+ fix: auto label doc PRs (#5542)
+ fix(wsl): Put back the "path" argument to wsl_path in ds-identify
+ (#5537) [Carlos Nihelton]
+ test: fix test_kernel_command_line_match (#5529)
+ test: fix no ds cache tests (#5529)
+ fix(azurelinux): Change default usr_lib_exec path (#5526) [Minghe Ren]
+ feat: Support URI sources in `write_files` module (#5505)
[Lucas Ritzdorf]
+ add openeuler to distros in cc_spacewalk.py (#5530) [sxt1001]
+ feat(wsl): Special handling Landscape client config tags (#5460)
[Carlos Nihelton]
+ chore: Deprecate partially supported system config (#5515)
+ chore: Improve detection logging for user clarity (#5515)
+ fix(ds-identify): Detect nocloud when seedfrom url exists (#5515)
+ refactor: logs.py add typing and small misc refactors (#5414)
+ refactor: logs.py pathlib changes (#5414)
+ refactor: replace verbosity with log levels in logs.py (#5414)
+ feat: Add trace-level logger (#5414)
+ chore(formatting): fix squashed commit test formatting (#5524)
+ fix: Clean cache if no datasource fallback (#5499)
+ Support setting mirrorlist in yum repository config (#5522) [Ani Sinha]
+ doc(OFV): Document how to configure cloud-init (#5519)
+ fix: Update DNS behavior for NetworkManager interfaces (#5496)
[Curt Moore]
+ Fix configuration of DNS servers via OpenStack (#5384) [Curt Moore]
+ test: Unconditionally skip test_multi_nic_hotplug_vpc (#5503)
+ tests: revert expectation of exit 2 from cloud-init init --local (#5504)
+ fix(test): Fix ip printer for non-lxd (#5488)
+ feat(systemd): convert warning level message to deprecation (#5209)
+ test: allow verify_clean_boot to ignore all or specific tracebacks
(#5209)
+ test: Don't fail tests which call cloud-init as a command (#5209)
+ feat(systemd): Warn user of unexpected run mode (#5209)
+ fix: add schema rules for 'baseurl' and 'metalink' in yum repo config
(#5501) [Ani Sinha]
+ Set MTU for bond parent interface (#5495) [Curt Moore]
+ refactor: util.mounts to handle errors (#5490)
+ refactor: util.get_proc_env to work with strs (#5490)
+ typing: fix check_untyped_defs in cloudinit.util (#5490)
+ test: Add missing assert to test_status.py (#5494)
+ test: Ensure mkcert executable in ftp tests (#5493)
+ test: pytestify and cleanup test_cc_mounts.py (#5459)
+ fix(vmware): Set IPv6 to dhcp when there is no IPv6 addr (#5471)
[PengpengSun]
+ fix(openbsd): fix mtu on newline in hostname files (#5412) [Tobias Urdin]
+ feat(aosc): Add 'AOSC OS' support (#5310) [Yuanhang Sun]
24.2
+ test: Fix no default user in test_status.py (#5478)
+ fix: correct deprecated_version=22.2 for users.sudo
+ test: Add jsonschema guard in test_cc_ubuntu_pro.py (#5479)
+ fix(test): Fix pycloudlib types in integration tests (#5350)
+ fix(test): Fix ip printing for non-lxd instances (#5350)
+ chore(mypy): Drop unused missing import exclusions (#5350)
+ type: Add stub types for network v1/v2 config (#5350)
+ chore: Auto-format network jsonschema in ci (#5350)
+ fix(tox): Update tox.ini (#5350)
+ chore(typing): Remove type ignores and casts (#5350)
+ refactor(typing): Remove unused code paths (#5350)
+ fix(typing): Add / update type annotations (#5350)
+ fix(typing): Remove type annotation for unused variable (#5350)
+ fix(typing): Remove invalid type annotations (#5350)
+ ci(mypy): Set default follow_imports value (#5350)
+ test: Update integration tests to pass on focal (#5476)
+ tests: update ubuntu_pro test to account for info-level deprecations
(#5475)
+ tests: update nocloud deprecation test for boundary version (#5474)
+ fix(rh_subscription): add string type to org (#5453)
+ tests: integration tests aware of features.DEPRECATION_INFO_BOUNDARY
+ tests: update keyserver PPA key fur curtin-dev (#5472)
+ test: Fix deprecation test failures (#5466)
+ chore: fix schema.py formatting (#5465)
+ fix: dont double-log deprecated INFOs (#5465)
+ fix(test): Mock version boundary (#5464)
+ fix(schema): Don't report changed keys as deprecated (#5464)
+ test: fix unit test openstack vlan mac_address (#5367)
+ fix: Ensure properties for bonded interfaces are properly translated
(#5367) [Curt Moore]
+ fix(schema): permit deprecated hyphenated keys under users key (#5456)
+ fix: Do not add the vlan_mac_address field into the VLAN object (#5365)
[Curt Moore]
+ doc(refactor): Convert module docs to new system (#5427) [Sally]
+ test: Add unit tests for features.DEPRECATION_INFO_BOUNDARY (#5411)
+ feat: Add deprecation boundary support to schema validator (#5411)
+ feat: Add deprecation boundary to logger (#5411)
+ fix: Gracefully handle missing files (#5397) [Curt Moore]
+ test(openstack): Test bond mac address (#5369)
+ fix(openstack): Fix bond mac_address (#5369) [Curt Moore]
+ test: Add ds-identify integration test coverage (#5394)
+ chore(cmdline): Update comments (#5458)
+ fix: Add get_connection_with_tls_context() for requests 2.32.2+ (#5435)
[eaglegai]
+ fix(net): klibc ipconfig PROTO compatibility (#5437)
[Alexsander de Souza] (LP: #2065787)
+ Support metalink in yum repository config (#5444) [Ani Sinha]
+ tests: hard-code curtin-dev ppa instead of canonical-kernel-team (#5450)
+ ci: PR update checklist GH- anchors to align w/ later template (#5449)
+ test: update validate error message in test_networking (#5436)
+ ci: Add PR checklist (#5446)
+ chore: fix W0105 in t/u/s/h/test_netlink.py (#5409)
+ chore(pyproject.toml): migrate to booleans (#5409)
+ typing: add check_untyped_defs (#5409)
+ fix(openstack): Append interface / scope_id for IPv6 link-local metadata
address (#5419) [Christian Rohmann]
+ test: Update validation error in test_cli.py test (#5430)
+ test: Update schema validation error in integration test (#5429)
+ test: bump pycloudlib to get azure oracular images (#5428)
+ fix(azure): fix discrepancy for monotonic() vs time() (#5420)
[Chris Patterson]
+ fix(pytest): Fix broken pytest gdb flag (#5415)
+ fix: Use monotonic time (#5423)
+ docs: Remove mention of resolv.conf (#5424)
+ perf(netplan): Improve network v1 -> network v2 performance (#5391)
+ perf(set_passwords): Run module in Network stage (#5395)
+ fix(test): Remove temporary directory side effect (#5416)
+ Improve schema validator warning messages (#5404) [Ani Sinha]
+ feat(sysconfig): Add DNS from interface config to resolv.conf (#5401)
[Ani Sinha]
+ typing: add no_implicit_optional lint (#5408)
+ doc: update examples to reflect alternative ways to provide `sudo`
option (#5418) [Ani Sinha]
+ fix(jsonschema): Add missing sudo definition (#5418)
+ chore(doc): migrate cc modules i through r to templates (#5313)
+ chore(doc): migrate grub_dpkg to tmpl add changed/deprecation (#5313)
+ chore(json): migrate cc_apt_configure and json schema indents (#5313)
+ chore(doc): migrate ca_certs/chef to template, flatten schema (#5313)
+ chore(doc): migrate cc_byobu to templates (#5313)
+ chore(doc): migrate cc_bootcmd to templates (#5313)
+ fix(apt): Enable calling apt update multiple times (#5230)
+ chore(VMware): Modify section of instance-id in the customization config
(#5356) [PengpengSun]
+ fix(treewide): Remove dead code (#5332) [Shreenidhi Shedi]
+ doc: network-config v2 ethernets are of type object (#5381) [Malte Poll]
+ Release 24.1.7 (#5375)
+ fix(azure): url_helper: specify User-Agent when using headers_cb with
readurl() (#5298) [Ksenija Stanojevic]
+ fix: Stop attempting to resize ZFS in cc_growpart on Linux (#5370)
+ doc: update docs adding YAML 1.1 spec and jinja template references
+ fix(final_message): do not warn on datasourcenone when single ds
+ fix(growpart): correct growpart log message to include value of mode
+ feat(hotplug): disable hotplugd.socket (#5058)
+ feat(hotlug): trigger hotplug after cloud-init.service (#5058)
+ test: add function to push and enable systemd units (#5058)
+ test(util): fix wait_until_cloud_init exit code 2 (#5058)
+ test(hotplug): fix race getting ipv6 (#5271)
+ docs: Adjust CSS to increase font weight across the docs (#5363) [Sally]
+ fix(ec2): Correctly identify netplan renderer (#5361)
+ tests: fix expect logging from growpart on devent with partition (#5360)
+ test: Add v2 test coverage to test_net.py (#5247)
+ refactor: Simplify collect_logs() in logs.py (#5268)
+ fix: Ensure no subp from logs.py import (#5268)
+ tests: fix integration tests for ubuntu pro 32.3 release (#5351)
+ tests: add oracular's hello package for pkg upgrade test (#5354)
+ growpart: Fix behaviour for ZFS datasets (#5169) [Mina Galić]
+ device_part_info: do not recurse if we did not match anything (#5169)
[Mina Galić]
+ feat(alpine): add support for Busybox adduser/addgroup (#5176)
[dermotbradley]
+ ci: Move lint tip and py3-dev jobs to daily (#5347)
+ fix(netplan): treat netplan warnings on stderr as debug for cloud-init
(#5348)
+ feat(disk_setup): Add support for nvme devices (#5263)
+ fix(log): Do not warn when doing requested operation (#5263)
+ Support sudoers in the "/usr/usr merge" location (#5161)
[Robert Schweikert]
+ doc(nocloud): Document network-config file (#5204)
+ fix(netplan): Fix predictable interface rename issue (#5339)
+ cleanup: Don't execute code on import (#5295)
+ fix(net): Make duplicate route add succeed. (#5343)
+ fix(freebsd): correct configuration of IPv6 routes (#5291) [Théo Bertin]
+ fix(azure): disable use-dns for secondary nics (#5314)
+ chore: fix lint failure (#5320)
+ Update pylint version to support python 3.12 (#5338) [Ani Sinha]
+ fix(tests): use regex to avoid focal whitespace in jinja debug test
(#5335)
+ chore: Add docstrings and types to Version class (#5262)
+ ci(mypy): add type-jinja2 stubs (#5337)
+ tests(alpine): github trust lxc mounted source dir cloud-init-ro (#5329)
+ test: Add oracular release to integration tests (#5328)
+ Release 24.1.6 (#5326)
+ test: Fix failing test_ec2.py test (#5324)
+ fix: Check renderer for netplan-specific code (#5321)
+ docs: Removal of top-level --file breaking change (#5308)
+ fix: typo correction of delaycompress (#5317)
+ docs: Renderers/Activators have downstream overrides (#5322)
+ fix(ec2): Ensure metadata exists before configuring PBR (#5287)
+ fix(lxd): Properly handle unicode from LXD socket (#5309)
+ docs: Prefer "artifact" over "artefact" (#5311) [Arthur Le Maitre]
+ chore(doc): migrate cc_byobu to templates
+ chore(doc): migrate cc_bootcmd to templates
+ chore(doc): migrate apt_pipelining and apk_configure to templates
+ tests: in_place mount module-docs into lxd vm/container
+ feat(docs): generate rtd module schema from rtd/module-docs
+ feat: Set RH ssh key permissions when no 'ssh_keys' group (#5296)
[Ani Sinha]
+ test: Avoid circular import in Azure tests (#5280)
+ test: Fix test_failing_userdata_modules_exit_codes (#5279)
+ chore: Remove CPY check from ruff (#5281)
+ chore: Clean up docstrings
+ chore(ruff): Bump to version 0.4.3
+ feat(systemd): Improve AlmaLinux OS and CloudLinux OS support (#5265)
[Elkhan Mammadli]
+ feat(ca_certs): Add AlmaLinux OS and CloudLinux OS support (#5264)
[Elkhan Mammadli]
+ docs: cc_apt_pipelining docstring typo fix (#5273) [Alex Ratner]
+ feat(azure): add request identifier to IMDS requests (#5218)
[Ksenija Stanojevic]
+ test: Fix TestFTP integration test (#5237) [d1r3ct0r]
+ feat(ifconfig): prepare for CIDR output (#5272) [Mina Galić]
+ fix: stop manually dropping dhcp6 key in integration test (#5267)
[Alec Warren]
+ test: Remove some CiTestCase tests (#5256)
+ fix: Warn when signal is handled (#5186)
+ fix(snapd): ubuntu do not snap refresh when snap absent (LP: #2064300)
+ feat(landscape-client): handle already registered client (#4784)
[Fabian Lichtenegger-Lukas]
+ doc: Show how to debug external services blocking cloud-init (#5255)
+ fix(pdb): Enable running cloud-init under pdb (#5217)
+ chore: Update systemd description (#5250)
+ fix(time): Harden cloud-init to system clock changes
+ fix: Update analyze timestamp uptime
+ fix(schema): no network validation on netplan systems without API
+ fix(mount): Don't run cloud-init.service if cloud-init disabled (#5226)
+ fix(ntp): Fix AlmaLinux OS and CloudLinux OS support (#5235)
[Elkhan Mammadli]
+ tests: force version of cloud-init from PPA regardless of version (#5251)
+ ci: Print isort diff (#5242)
+ test: Fix integration test dependencies (#5248)
+ fix(ec2): Fix broken uuid match with other-endianness (#5236)
+ fix(schema): allow networkv2 schema without top-level key (#5239)
[Cat Red]
+ fix(cmd): Do not hardcode reboot command (#5208)
+ test: Run Alpine tests without network (#5220)
+ docs: Add base config reference from explanation (#5241)
+ docs: Remove preview from WSL tutorial (#5225)
+ chore: Remove broken maas code (#5219)
+ feat(WSL): Add support for Ubuntu Pro configs (#5116) [Ash]
+ chore: sync ChangeLog and version.py from 24.1.x (#5228)
+ bug(package_update): avoid snap refresh in images without snap command
(LP: #2064132)
+ ci: Skip package build on tox runs (#5210)
+ chore: Fix test skip message
+ test(ec2): adopt pycloudlib public ip creation while launching instances
+ test(ec2): add ipv6 testing for multi-nic instances
+ test(ec2): adopt pycloudlib enable_ipv6 while launching instances
+ feat: tool to print diff between netplan and networkv2 schema (#5200)
[Cat Red]
+ test: mock internet access in test_upgrade (#5212)
+ ci: Add timezone for alpine unit tests (#5216)
+ fix: Ensure dump timestamps parsed as UTC (#5214)
+ docs: Add WSL tutorial (#5206)
+ feature(schema): add networkv2 schema (#4892) [Cat Red]
+ Add alpine unittests to ci (#5121)
+ test: Fix invalid openstack datasource name (#4905)
+ test: Fix MAAS test and mark xfail (#4905)
+ chore(ds-identify): Update shellcheck ignores (#4905)
+ fix(ds-identify): Prevent various false positives and false negatives
(#4905)
+ Use grep for faster parsing of cloud config in ds-identify (#4905)
[Scott Moser] (LP: #2030729)
+ tests: validate netplan API YAML instead of strict content (#5195)
+ chore(templates): update ubuntu universe wording (#5199)
+ Deprecate the users ssh-authorized-keys property (#5162)
[Anders Björklund]
+ doc(nocloud): Describe ftp and ftp over tls implementation (#5193)
+ feat(net): provide network config to netplan.State for render (#4981)
+ docs: Add breaking datasource identification changes (#5171)
+ fix(openbsd): Update build-on-openbsd python dependencies (#5172)
[Hyacinthe Cartiaux]
+ fix: Add subnet ipv4/ipv6 to network schema (#5191)
+ docs: Add deprecated system_info to schema (#5168)
+ docs: Add DataSourceNone documentation (#5165)
+ test: Skip test if console log is None (#5188)
+ fix(dhcp): Enable interactively running cloud-init init --local (#5166)
+ test: Update message for netplan apply dbus issue
+ test: install software-properties-common if absent during PPA setup
+ test: bump pycloudlib to use latest version
+ test: Update version of hello package installed on noble
+ test: universally ignore netplan apply dbus issue (#5178)
+ chore: Remove obsolete nose workaround
+ feat: Add support for FTP and FTP over TLS (#4834)
+ feat(opennebula): Add support for posix shell
+ test: Make analyze tests not depend on GNU date
+ test: Eliminate bash dependency from subp tests
+ docs: Add breaking changes section to reference docs (#5147) [Cat Red]
+ util: add log_level kwarg for logexc() (#5125) [Chris Patterson]
+ refactor: Make device info part of distro definition (#5067)
+ refactor: Distro-specific growpart code (#5067)
+ test(ec2): fix mocking with responses==0.9.0 (focal) (#5163)
+ chore(safeyaml): Remove unicode helper for Python2 (#5142)
+ Revert "test: fix upgrade dhcp6 on ec2 (#5131)" (#5148)
+ refactor(net): Reuse netops code
+ refactor(iproute2): Make expressions multi-line for legibility
+ feat(freebsd): support freebsd find part by gptid and ufsid (#5122)
[jinkangkang]
+ feat: Determining route metric based on NIC name (#5070) [qidong.ld]
+ test: Enable profiling in integration tests (#5130)
+ dhcp: support configuring static routes for dhclient's unknown-121
option (#5146) [Chris Patterson]
+ feat(azure): parse ProvisionGuestProxyAgent as bool (#5126)
[Ksenija Stanojevic]
+ fix(url_helper): fix TCP connection leak on readurl() retries (#5144)
[Chris Patterson]
+ test: pytest-ify t/u/sources/test_ec2.py
+ Revert "ec2: Do not enable dhcp6 on EC2 (#5104)" (#5145) [Major Hayden]
+ fix: Logging sensitive data
+ test: Mock ds-identify systemd path (#5119)
+ fix(dhcpcd): Make lease parsing more robust (#5129)
+ test: fix upgrade dhcp6 on ec2 (#5131)
+ net/dhcp: raise InvalidDHCPLeaseFileError on error parsing dhcpcd lease
(#5128) [Chris Patterson]
+ fix: Fix runtime file locations for cloud-init (#4820)
+ ci: fix linkcheck.yml invalid yaml (#5123)
+ net/dhcp: bump dhcpcd timeout to 300s (#5127) [Chris Patterson]
+ ec2: Do not enable dhcp6 on EC2 (#5104) [Major Hayden]
+ fix: Fall back to cached local ds if no valid ds found (#4997)
[PengpengSun]
+ ci: Make linkcheck a scheduled job (#5118)
+ net: Warn when interface rename fails
+ ephemeral(dhcpcd): Set dhcpcd interface down
+ Release 24.1.3
+ chore: Handle all level 1 TiCS security violations (#5103)
+ fix: Always use single datasource if specified (#5098)
+ fix(tests): Leaked mocks (#5097)
+ fix(rhel)!: Fix network boot order in upstream cloud-init
+ fix(rhel): Fix network ordering in sysconfig
+ feat: Use NetworkManager renderer by default in RHEL family
+ fix: Allow caret at the end of apt package (#5099)
+ test: Add missing mocks to prevent bleed through (#5082)
[Robert Schweikert]
+ fix: Ensure network config in DataSourceOracle can be unpickled (#5073)
+ docs: set the home directory using homedir, not home (#5101)
[Olivier Gayot] (LP: #2047796)
+ fix(cacerts): Correct configuration customizations for Photon (#5077)
[Christopher McCann]
+ fix(test): Mock systemd fs path for non-systemd distros
+ fix(tests): Leaked subp.which mock
+ fix(networkd): add GatewayOnLink flag when necessary (#4996) [王煎饼]
+ Release 24.1.2
+ test: fix `disable_sysfs_net` mock (#5065)
+ refactor: don't import subp function directly (#5065)
+ test: Remove side effects from tests (#5074)
+ refactor: Import log module rather than functions (#5074)
+ fix: Fix breaking changes in package install (#5069)
+ fix: Undeprecate 'network' in schema route definition (#5072)
+ refactor(ec2): simplify convert_ec2_metadata_network_config
+ fix(ec2): fix ipv6 policy routing
+ fix: document and add 'accept-ra' to network schema (#5060)
+ bug(maas): register the correct DatasourceMAASLocal in init-local
(#5068) (LP: #2057763)
+ ds-identify: Improve ds-identify testing flexibility (#5047)
+ fix(ansible): Add verify_commit and inventory to ansible.pull schema
(#5032) [Fionn Fitzmaurice]
+ doc: Explain breaking change in status code (#5049)
+ gpg: Handle temp directory containing files (#5063)
+ distro(freebsd): add_user: respect homedir (#5061) [Mina Galić]
+ doc: Install required dependencies (#5054)
+ networkd: Always respect accept-ra if set (#4928) [Phil Sphicas]
+ chore: ignore all cloud-init_*.tar.gz in .gitignore (#5059)
+ test: Don't assume ordering of ThreadPoolExecutor submissions (#5052)
+ feat: Add new distro 'azurelinux' for Microsoft Azure Linux. (#4931)
[Dan Streetman]
+ fix(gpg): Make gpg resilient to host configuration changes (#5026)
+ Sync 24.1.1 changelog and version
+ DS VMware: Fix ipv6 addr converter from netinfo to netifaces (#5029)
[PengpengSun]
+ packages/debian: remove dependency on isc-dhcp-client (#5041)
[Chris Patterson]
+ test: Allow fake_filesystem to work with TemporaryDirectory (#5035)
+ tests: Don't wait for GCE instance teardown (#5037)
+ fix: Include DataSourceCloudStack attribute in unpickle test (#5039)
+ bug(vmware): initialize new DataSourceVMware attributes at unpickle
(#5021) (LP: #2056439)
+ fix(apt): Don't warn on apt 822 source format (#5028)
+ fix(atomic_helper.py): ensure presence of parent directories (#4938)
[Shreenidhi Shedi]
+ fix: Add "broadcast" to network v1 schema (#5034) (LP: #2056460)
+ pro: honor but warn on custom ubuntu_advantage in /etc/cloud/cloud.cfg
(#5030)
+ net/dhcp: handle timeouts for dhcpcd (#5022) [Chris Patterson]
+ fix: Make wait_for_url respect explicit arguments
+ test: Fix scaleway retry assumptions
+ fix: Make DataSourceOracle more resilient to early network issues
(#5025) (LP: #2056194)
+ chore(cmd-modules): fix exit code when --mode init (#5017)
+ feat: pylint: enable W0201 - attribute-defined-outside-init
+ refactor: Ensure no attributes defined outside __init__
+ chore: disable attribute-defined-outside-init check in tests
+ refactor: Use _unpickle rather than hasattr() in sources
+ chore: remove unused vendordata "_pure" variables
+ chore(cmd-modules): deprecate --mode init (#5005)
+ tests: drop CiTestCase and convert to pytest
+ bug(tests): mock reads of host's /sys/class/net via get_sys_class_path
+ fix: log correct disabled path in ds-identify (#5016)
+ tests: ec2 dont spend > 1 second retrying 19 times when 3 times will do
+ tests: openstack mock expected ipv6 IMDS
+ bug(wait_for_url): when exceptions occur url is unset, use url_exc
(LP: #2055077)
+ feat(run-container): Run from arbitrary commitish (#5015)
+ tests: Fix wsl test (#5008)
+ feat(ds-identify): Don't run unnecessary systemd-detect-virt (#4633)
+ chore(ephemeral): add debug log when bringing up ephemeral network
(#5010) [Alec Warren]
+ release: sync changelog and version (#5011)
+ Cleanup test_net.py (#4840)
+ refactor: remove dependency on netifaces (#4634) [Cat Red]
+ feat: make lxc binary configurable (#5000)
+ docs: update 404 page for new doc site and bug link
+ test(aws): local network connectivity on multi-nics (#4982)
+ test: Make integration test output more useful (#4984)
From 24.1.7
+ fix(ec2): Correctly identify netplan renderer (#5361)
From 24.1.6
+ fix(ec2): Ensure metadata exists before configuring PBR (#5287)
+ fix: Check renderer for netplan-specific code (#5321)
+ test: Fix failing test_ec2.py test (#5324)
From 24.1.5
+ fix(package_update): avoid snap refresh in images without snap command
(LP: #2064132)
From 24.1.4
+ fix(dhcpcd): Make lease parsing more robust (#5129)
+ net/dhcp: raise InvalidDHCPLeaseFileError on error parsing dhcpcd lease
+ (#5128) [Chris Patterson]
+ fix: Fix runtime file locations for cloud-init (#4820)
+ net/dhcp: bump dhcpcd timeout to 300s (#5127) [Chris Patterson]
+ net: Warn when interface rename fails
+ ephemeral(dhcpcd): Set dhcpcd interface down
+ test: Remove side effects from tests (#5074)
+ refactor: Import log module rather than functions (#5074)
From 24.1.3
+ fix: Always use single datasource if specified (#5098)
+ fix: Allow caret at the end of apt package (#5099)
From 24.1.2
+ test: Don't assume ordering of ThreadPoolExecutor submissions (#5052)
+ refactor(ec2): simplify convert_ec2_metadata_network_config
+ tests: drop CiTestCase and convert to pytest
+ bug(tests): mock reads of host's /sys/class/net via get_sys_class_path
+ fix: Fix breaking changes in package install (#5069)
+ fix: Undeprecate 'network' in schema route definition (#5072)
+ fix(ec2): fix ipv6 policy routing
+ fix: document and add 'accept-ra' to network schema (#5060)
+ bug(maas): register the correct DatasourceMAASLocal in init-local
(#5068) (LP: #2057763)
From 24.1.1
+ fix: Include DataSourceCloudStack attribute in unpickle test (#5039)
+ bug(vmware): initialize new DataSourceVMware attributes at unpickle (#5021)
+ fix(apt): Don't warn on apt 822 source format (#5028)
+ fix: Add "broadcast" to network v1 schema (#5034)
+ pro: honor but warn on custom ubuntu_advantage in /etc/cloud/cloud.cfg
(#5030)
+ net/dhcp: handle timeouts for dhcpcd (#5022)
+ fix: Make wait_for_url respect explicit arguments
+ bug(wait_for_url): when exceptions occur url is unset, use url_exc
+ test: Fix scaleway retry assumptions
+ fix: Make DataSourceOracle more resilient to early network issues (#5025)
+ tests: Fix wsl test (#5008)
From 24.1
+ fix: Don't warn on vendor directory (#4986)
+ apt: kill spawned keyboxd after gpg cmd interaction
+ tests: upgrade tests should only validate current boot log
+ net/dhcp: fix maybe_perform_dhcp_discovery check for interface=None
[Chris Patterson]
+ doc(network-v2): fix section nesting levels
+ fix(tests): don't check for clean log on minimal image (#4965) [Cat Red]
+ fix(cc_resize): Don't warn if zpool command not found (#4969)
(LP: #2055219)
+ feat(subp): Make invalid command warning more user-friendly (#4972)
+ docs: Remove statement about device path matching (#4966)
+ test: Fix xfail to check the dhcp client name (#4971)
+ tests: avoid console prompts when removing gpg on Noble
+ test: fix test_get_status_systemd_failure
+ fix: Remove hardcoded /var/lib/cloud hotplug path (#4940)
+ refactor: Refactor status.py (#4864)
+ test: Use correct lxd network-config keys (#4950)
+ test: limit temp dhcp6 changes to < NOBLE (#4942)
+ test: allow downgrades when install debs (#4941)
+ tests: on noble, expect default /etc/apt/sources.list
+ tests: lxd_vm early boot status test ordered After=systemd-remount-fs
(#4936)
+ tests: pro integration tests supply ubuntu_advantage until pro v32
(#4935)
+ feat(hotplug): add cmd to enable hotplug (#4821)
+ test: fix test_combined_cloud_config_json (#4925)
+ test: xfail udhcpc on azure (#4924)
+ feat: Implement the WSL datasource (#4786) [Carlos Nihelton]
+ refactor(openrc): Improve the OpenRC files (#4916) [dermotbradley]
+ tests: use apt install instead of dpkg -i to install pkg deps
+ tests: inactive module rename ubuntu_advantage to ubuntu_pro
+ test: fix tmpdir in test_cc_apk_configure (#4914)
+ test: fix jsonschema version checking in pro test (#4915)
+ feat(dhcp): Make dhcpcd the default dhcp client (#4912)
+ feat(Alpine) cc_growpart.py: fix handling of /dev/mapper devices (#4876)
[dermotbradley]
+ test: Retry longer in test_status.py integration test (#4910)
+ test: fix kernel override test (#4913)
+ chore: Rename sysvinit/gentoo directory to sysvinit/openrc (#4906)
[dermotbradley]
+ doc: update ubuntu_advantage references to pro
+ chore: rename cc_ubuntu_advantage to cc_ubuntu_pro (SC-1555)
+ feat(ubuntu pro): deprecate ubuntu_pro key in favor of ubuntu_advantage
+ feat(schema): support ubuntu_pro key and deprecate ubuntu_advantage
+ test: fix verify_clean_log (#4903)
+ test: limit test_no_hotplug_triggered_by_docker to stable releases
+ tests: generalize warning Open vSwitch warning from netplan apply (#4894)
+ fix(hotplug): remove literal quotes in args
+ feat(apt): skip known /etc/apt/sources.list content
+ feat(apt): use APT deb822 source format by default
+ test(ubuntu-pro): change livepatch to esm-infra
+ doc(ec2): fix metadata urls (#4880)
+ fix: unpin jsonschema and update tests (#4882)
+ distro: add eject FreeBSD code path (#4838) [Mina Galić]
+ feat(ec2): add hotplug as a default network update event (#4799)
+ feat(ec2): support instances with repeated device-number (#4799)
+ feat(cc_install_hotplug): trigger hook on known ec2 drivers (#4799)
+ feat(ec2): support multi NIC/IP setups (#4799)
+ feat(hotplug): hook-hotplug is now POSIX shell add OpenRC init script
[dermotbradley]
+ test: harden test_dhcp.py::test_noble_and_newer_force_client
+ test: fix test_combined_cloud_config_json (#4868)
+ feat(apport): Disable hook when disabled (#4874)
+ chore: Add pyright ignore comments (#4874)
+ bug(apport): Fix invalid typing (#4874)
+ refactor: Move general apport hook to main branch (#4874)
+ feat(bootspeed)!: cloud-config.service drop After=snapd.seeded
+ chore: update CI package build to oldest supported Ubuntu release focal
(#4871)
+ test: fix test_cli.test_valid_userdata
+ feat: handle error when log file is empty (#4859) [Hasan]
+ test: fix test_ec2_ipv6
+ fix: Address TIOBE abstract interpretation issues (#4866)
+ feat(dhcp): Make udhcpc use same client id (#4830)
+ feat(dhcp): Support InfiniBand with dhcpcd (#4830)
+ feat(azure): Add ProvisionGuestProxyAgent OVF setting (#4860)
[Ksenija Stanojevic]
+ test: Bring back dhcp6 integration test changes (#4855)
+ tests: add status --wait blocking test from early boot
+ tests: fix retry decorator to return the func value
+ docs: add create_hostname_file to all hostname user-data examples
(#4727) [Cat Red]
+ fix: Fix typos (#4850) [Viktor Szépe]
+ feat(dhcpcd): Read dhcp option 245 for azure wireserver (#4835)
+ tests(dhcp): Add udhcpc client to test matrix (#4839)
+ fix: Add types to network v1 schema (#4841)
+ docs(vmware): fixed indentation on example userdata yaml (#4854)
[Alec Warren]
+ tests: Remove invalid keyword from method call
+ fix: Handle systemctl when dbus not ready (#4842) (LP: #2046483)
+ fix(schema cli): avoid netplan validation on net-config version 1
+ tests: reduce expected reports due to dropped rightscale module
+ tests(net-config): add awareness of netplan on stable Ubuntu
[Gilbert Gilb's]
+ feat: fall back to cdrom_id eject if eject is not available (#4769)
[Cat Red]
+ fix(packages/bddeb): restrict debhelper-compat to 12 in focal (#4831)
+ tests: Add kernel commandline test (#4833)
+ fix: Ensure NetworkManager renderer works without gateway (#4829)
+ test: Correct log parsing in schema test (#4832)
+ refactor: Remove cc_rightscale_userdata (#4813)
+ refactor: Replace load_file with load_binary_file to simplify typing
(#4823)
+ refactor: Add load_text_file function to simplify typing (#4823)
+ refactor: Change variable name for consistent typing (#4823)
+ feat(dhcp): Add support for dhcpcd (#4746)
+ refactor: Remove unused networking code (#4810)
+ test: Add more DNS net tests
+ BREAKING CHANGE: Stop adding network v2 DNS to global DNS
+ doc: update DataSource.default_update_events doc (#4815)
+ chore: do not modify instance attribute (#4815)
+ test: fix mocking leaks (#4815)
+ Revert "ci: Pin pytest<8.0.0. (#4816)" (#4815)
+ test: Update tests for passlib (#4818)
+ fix(net-schema): no warn when skipping schema check on non-netplan
+ feat(SUSE): reboot marker file is written as /run/reboot-needed (#4788)
[Robert Schweikert]
+ test: Cleanup unwanted logger setup calls (#4817)
+ refactor(cloudinit.util): Modernize error handling, add better warnings
(#4812)
+ ci: Pin pytest<8.0.0. (#4816)
+ fix(tests): fixing KeyError on integrations tests (#4811) [Cat Red]
+ tests: integration for network schema on netplan systems (#4767)
+ feat(schema): use netplan API to validate network-config (#4767)
+ chore: define CLOUDINIT_NETPLAN_FILE static var (#4767)
+ fix: cli schema config-file option report network-config type (#4767)
+ refactor(azure): replace BrokenAzureDataSource with reportable errors
(#4807) [Chris Patterson]
+ Fix Alpine and Mariner /etc/hosts templates (#4780) [dermotbradley]
+ tests: revert #4792 as noble images no longer return 2 (#4809) [Cat Red]
+ tests: use client fixture instead of class_client in cleantest (#4806)
+ tests: enable ds-idenitfy xfail test LXD-kvm-not-MAAS-1 (#4808)
+ fix(tests): failing integration tests due to missing ua token (#4802)
[Cat Red]
+ Revert "Use grep for faster parsing of cloud config in ds-identify
(#4327)"
+ tests: Demonstrate ds-identify yaml parsing broken
+ tests: add exit 2 on noble from cloud-init status (#4792)
+ fix: linkcheck for ci to ignore scaleway anchor URL (#4793)
+ feat: Update cacerts to support VMware Photon (#4763)
[Christopher McCann]
+ fix: netplan rendering integrations tests (#4795) [Cat Red]
+ azure: remove cloud-init.log reporting via KVP (#4715) [Chris Patterson]
+ feat(Alpine): Modify ds-identify for Alpine support and add OpenRC
init.d script (#4785) [dermotbradley]
+ doc: Add DatasourceScaleway documentation (#4773) [Louis Bouchard]
+ fix: packaged logrotate file lacks suffix on ubuntu (#4790)
+ feat(logrotate): config flexibility more backups (#4790)
+ fix(clean): stop warning when running clean command (#4761) [d1r3ct0r]
+ feat: network schema v1 strict on nic name length 15 (#4774)
+ logrotate config (#4721) [Fabian Lichtenegger-Lukas]
+ test: Enable coverage in integration tests (#4682)
+ test: Move unit test helpers to global test helpers (#4682)
+ test: Remove snapshot option from install_new_cloud_init (#4682)
+ docs: fix cloud-init single param docs (#4682)
+ Alpine: fix location of dhclient leases file (#4782) [dermotbradley]
+ test(jsonschema): Pin jsonschema version (#4781)
+ refactor(IscDhclient): discover DHCP leases at distro-provided location
(#4683) [Phsm Qwerty]
+ feat: datasource check for WSL (#4730) [Carlos Nihelton]
+ test: Update hostname integration tests (#4744)
+ test: Add mantic and noble releases to integration tests (#4744)
+ refactor: Ensure internal DNS state same for v1 and v2 (#4756)
+ feat: Add v2 route mtu rendering to NetworkManager (#4748)
+ tests: stable ubuntu releases will not exit 2 on warnings (#4757)
+ doc(ds-identify): Describe ds-identify irrespective of distro (#4742)
+ fix: relax NetworkManager renderer rules (#4745)
+ fix: fix growpart race (#4618)
+ feat: apply global DNS to interfaces in network-manager (#4723)
[Florian Apolloner]
+ feat(apt): remove /etc/apt/sources.list when deb22 preferred (#4740)
+ chore: refactor schema data as enums and namedtuples (#4585)
+ feat(schema): improve CLI message on unprocessed data files (#4585)
+ fix(config): relocate /run to /var/run on BSD (canonical#4677)
[Mina Galić]
+ fix(ds-identify): relocate /run on *BSD (#4677) [Mina Galić]
+ fix(sysvinit): make code a bit more consistent (#4677) [Mina Galić]
+ doc: Document how cloud-init is, not how it was (#4737)
+ tests: add expected exit 2 on noble from cloud-init status (#4738)
+ test(linkcheck): ignore github md and rst link headers (#4734)
+ test: Update webhook test due to removed cc_migrator module (#4726)
+ fix(ds-identify): Return code 2 is a valid result, use cached value
+ fix(cloudstack): Use parsed lease file for virtual router in cloudstack
+ fix(dhcp): Guard against FileNotFoundError and NameError exceptions
+ fix(apt_configure): disable sources.list if rendering deb822 (#4699)
(LP: #2045086)
+ docs: Add link to contributing to docs (#4725) [Cat Red]
+ chore: remove commented code (#4722)
+ chore: Add log message when create_hostname_file key is false (#4724)
[Cat Red]
+ fix: Correct v2 NetworkManager route rendering (#4637)
+ azure/imds: log http failures as warnings instead of info (#4714)
[Chris Patterson]
+ fix(setup): Relocate libexec on OpenBSD (#4708) [Mina Galić]
+ feat(jinja): better jinja feedback and error catching (#4629)
[Alec Warren]
+ test: Fix silent swallowing of unexpected subp error (#4702)
+ fix: Move cloud-final.service after time-sync.target (#4610)
[Dave Jones] (LP: #1951639)
+ feat(log): Make logger name more useful for __init__.py
+ chore: Remove cc_migrator module (#4690)
+ fix(tests): make cmd/devel/tests work on non-GNU [Mina Galić]
+ chore: Remove cmdline from spelling list (#4670)
+ doc: Document boot status meaning (#4670)
+ doc: Set expectations for new datasources (#4670)
+ ci: Show linkcheck broken links in job output (#4670)
+ dmi: Add support for OpenBSD (#4654) [Mina Galić]
+ ds-identify: fake dmidecode support on OpenBSD (#4654) [Mina Galić]
+ ds-identify: add OpenBSD support in uname (#4654) [Mina Galić]
+ refactor: Ensure '_cfg' in Init class is dict (#4674)
+ refactor: Make event scope required in stages.py (#4674)
+ refactor: Remove unused argument (#4674)
+ chore: Move from lintian to a sphinx spelling plugin (#3639)
+ fix(doc): Fix spelling errors found by sphinxcontrib-spelling (#3639)
+ ci: Add Python 3.13 (#4567)
+ Add AlexSv04047 to CLA signers file (#4671) [AlexSv04047]
+ fix(openbsd): services & build tool (#4660) [CodeBleu]
+ tests/unittests: add a new unit test for network manager net activator
(#4672) [Ani Sinha]
+ Implement DataSourceCloudStack.get_hostname() (#4433) [Phsm Qwerty]
+ net/nm: check for presence of ifcfg files when nm connection files
are absent (#4645) [Ani Sinha]
+ doc: Overhaul debugging documentation (#4578)
+ doc: Move dangerous commands to dev docs (#4578)
+ doc: Relocate file location docs (#4578)
+ doc: Remove the debugging page (#4578)
+ fix(util): Fix boottime to work on OpenBSD (#4667) [Mina Galić]
+ net: allow dhcp6 configuration from generate_fallback_configuration()
[Ani Sinha]
+ net/network_manager: do not set "may-fail" to False for both ipv4 and
ipv6 dhcp [Ani Sinha]
+ feat(subp): Measure subprocess command time (#4606)
+ fix(python3.13): Fix import error for passlib on Python 3.13 (#4669)
+ style(brpm/bddeb): add black and ruff for packages build scripts (#4666)
+ copr: remove TODO.rst from spec file
+ fix(packages/brpm): correct syntax error and typo
+ style(ruff): fix tip target
+ config: Module documentation updates (#4599)
+ refactor(subp): Remove redundant parameter 'env' (#4555)
+ refactor(subp): Remove unused parameter 'target' (#4555)
+ refactor: Remove 'target' boilerplate from cc_apt_configure (#4555)
+ refactor(subp): Re-add return type to subp() (#4555)
+ refactor(subp): Add type information to args (#4555)
+ refactor(subp): Use subprocess.DEVNULL (#4555)
+ refactor(subp): Remove parameter 'combine_capture' (#4555)
+ refactor(subp): Remove unused parameter 'status_cb' (#4555)
+ fix(cli): fix parsing of argparse subcommands (#4559)
[Calvin Mwadime] (LP: #2040325)
+ chore!: drop support for dsa ssh hostkeys in docs and schema (#4456)
+ chore!: do not generate ssh dsa host keys (#4456) [shixuantong]
From 23.4.4
+ fix(nocloud): smbios datasource definition
+ tests: Check that smbios seed works
+ fix(source): fix argument boundaries when parsing cmdline (#4825)
From 23.4.3
+ fix: Handle systemctl when dbus not ready (#4842)
(LP: #2046483)
From 23.4.2
+ fix: Handle invalid user configuration gracefully (#4797)
(LP: #2051147)
From 23.4.1
+ fix: Handle systemctl commands when dbus not ready (#4681)
From 23.4
+ tests: datasourcenone use client.restart to block until done (#4635)
+ tests: increase number of retries across reboot to 90 (#4651)
+ fix: Add schema for merge types (#4648)
+ feat: Allow aliyun ds to fetch data in init-local (#4590) [qidong.ld]
+ azure: report failure to eject as error instead of debug (#4643)
[Chris Patterson]
+ bug(schema): write network-config if instance dir present (#4635)
+ test: fix schema fuzzing test (#4639)
+ Update build-on-openbsd dependencies (#4644) [CodeBleu]
+ fix(test): Fix expected log for ipv6-only ephemeral network (#4641)
+ refactor: Remove metaclass from network_state.py (#4638)
+ schema: non-root fallback to default paths on perm errors (# 4631)
+ fix: Don't loosen the permissions of the log file (#4628)
+ Revert "logging: keep current file mode of log file if its stricter
than the new mode (#4250)"
+ ephemeral: Handle link up failure for both ipv4 and ipv6 (#4547)
+ fix(main): Don't call logging too early (#4595)
+ fix: Remove Ubuntu-specific kernel naming convention assertion (#4617)
+ fix(log): Do not implement handleError with a self parameter (#4617)
+ fix(log): Don't try to reuse stderr logger (#4617)
+ feat: Standardize logging output to stderr (#4617)
+ chore: Sever unmaintained TODO.rst (#4625)
+ test: Skip failing tests
+ distros: Add suse
+ test: Add default hello package version (#4614)
+ fix(net): Improve DHCPv4 SUSE code, add test
+ net: Fix DHCPv4 not enabled on SUSE in some cases [bin456789]
+ fix(schema): Warn if missing dependency (#4616)
+ fix(cli): main source cloud_config for schema validation (#4562)
+ feat(schema): annotation path for invalid top-level keys (#4562)
+ feat(schema): top-level additionalProperties: false (#4562)
+ test: ensure top-level properties tests will pass (#4562)
+ fix(schema): Add missing schema definitions (#4562)
+ test: Fix snap tests (#4562)
+ azure: Check for stale pps data from IMDS (#4596) [Ksenija Stanojevic]
+ test: Undo dhcp6 integration test changes (#4612)
+ azure: update diagnostic from warning level to debug [Chris Patterson]
+ azure/imds: remove limit for connection errors if route present (#4604)
+ [Chris Patterson]
+ [enhancement]: Add shellcheck to CI (#4488) [Aviral Singh]
+ chore: add conventional commits template (#4593)
+ Revert "net: allow dhcp6 configuration from
generate_fallback_configuration()" (#4607)
+ azure: workaround to disable reporting IMDS failures on Azure Stack
[Chris Patterson]
+ cc_apt_pipelining: Update docs, deprecate options (#4571)
+ test: add gh workflows on push to main, update status badges (#4597)
+ util: Remove function abs_join() (#4587)
+ url_helper: Remove unused function retry_on_url_exc() (#4587)
+ cc_resizefs: Add bcachefs resize support (#4594)
+ integration_tests: Support non-Ubuntu distros (#4586)
+ fix(cmdline): fix cmdline parsing with MAC containing cc:
+ azure/errors: include http code in reason for IMDS failure
[Chris Patterson]
+ tests: cloud-init schema --system does not return exit code 2
+ github: allow pull request to specify desired rebase and merge
+ tests: fix integration test expectations of exit 2 on schema warning
+ tests: fix schema test expected cli output Valid schema <type>
+ fix(schema cli): check raw userdata when processed cloud-config empty
+ azure: report failure to host if ephemeral DHCP secondary NIC (#4558)
[Chris Patterson]
+ man: Document cloud-init error codes (#4500)
+ Add support for cloud-init "degraded" state (#4500)
+ status.json: Don't override detail key with error condition (#4500)
+ status: Remove duplicated data (#4500)
+ refactor: Rename exported_errors in status.json (#4500)
+ test: Remove stale status.json value (#4500)
+ tools/render-template: Make yaml loading opt-in, fix setup.py (#4564)
+ Add summit digest/trip report to docs (#4561) [Sally]
+ doc: Fix incorrect statement about `cloud-init analyze`
+ azure/imds: ensure new errors are logged immediately when retrying
(#4468) [Chris Patterson]
+ Clarify boothook docs (#4543)
+ boothook: allow stdout/stderr to emit to cloud-init-output.log
+ summit-notes: add 2023 notes for reference in mailinglist/discourse
+ fix: added mock to stop leaking journalctl that slows down unit test
(#4556) [Alec Warren]
+ tests: maas test for DataSourceMAASLocal get_data
+ maas tests: avoid using CiTest case and prefer pytest.tmpdir fixture
+ MAAS: Add datasource to init-local timeframe
+ Ensure all tests passed and/or are skipped
+ Support QEMU in integration tests
+ fix(read-dependencies): handle version specifiers containing [~!]
+ test: unpin pytest
+ schema: network-config optional network key. route uses oneOf (#4482)
+ schema: add cloud_init_deepest_matches for best error message (#4482)
+ network: warn invalid cfg add /run/cloud-init/network-config (#4482)
+ schema: add network-config support to schema subcommand (#4482)
+ Update version number and merge ChangeLog from 23.3.3 into main (#4553)
+ azure: check for primary interface when performing DHCP (#4465)
[Chris Patterson]
+ Fix hypothesis failure
+ subp: add a log when skipping a file for execution for lack of exe
permission (#4506) [Ani Sinha]
+ azure/imds: refactor max_connection_errors definition (#4467)
[Chris Patterson]
+ chore: fix PR template rendering (#4526)
+ fix(cc_apt_configure): avoid unneeded call to apt-install (#4519)
+ comment difference between sysconfig and NetworkManager renderer (#4517)
[Ani Sinha]
+ Set Debian's default locale to be c.UTF-8 (#4503) (LP: #2038945)
+ Convert test_debian.py to pytest (#4503)
+ doc: fix cloudstack link
+ doc: fix development/contributing.html references
+ doc: hide duplicated links
+ Revert "ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen
(#4281)" (#4511) (LP: #2039453)
+ Fix the missing mcopy argument [Vladimir Pouzanov]
+ tests: Add logging fix (#4499)
+ Update upgrade test to account for dhcp6
+ Remove logging of PPID path (#4502)
+ Make Python 3.12 CI test non-experimental (#4498)
+ ds-identify: exit 2 on disabled state from marker or cmdline (#4399)
+ cloud-init-generator: Various performance optimizations (#4399)
+ systemd: Standardize cloud-init systemd enablement (#4399)
+ benchmark: benchmark cloud-init-generator independent of ds-identify
(#4399)
+ tests/integration_tests: add cloud-init disablement coverage (#4399)
+ doc: Describe disabling cloud-init using an environment variable (#4399)
+ fix: cloud-init status --wait broken with KERNEL_CMDLINE (#4399)
+ azure/imds: retry on 429 errors for reprovisiondata (#4470)
[Chris Patterson]
+ cmd: Don't write json status files for non-boot stages (#4478)
+ ds-identify: Allow disable service and override environment (#4485)
[Mina Galić]
+ Update DataSourceNWCS.py (#4496) [shell-skrimp]
+ Add r00ta to CLA signers file
+ Fix override of systemd_locale_conf in rhel [Jacopo Rota]
+ ci(linkcheck): minor fixes (#4495)
+ integration test fix for deb822 URI format (#4492)
+ test: use a mantic-compatible tz in t/i/m/test_combined.py (#4494)
+ ua: shift CLI command from ua to pro for all interactions
+ pro: avoid double-dash when enabling inviddual services on CLI
+ net: allow dhcp6 configuration from generate_fallback_configuration()
(#4474) [Ani Sinha]
+ tests: apt re.search to match alternative ordering of installed pkgs
+ apt: doc apt_pkg performance improvement over subp apt-config dump
+ Tidy up contributing docs (#4469) [Sally]
+ [enhancement]: Automatically linkcheck in CI (#4479) [Aviral Singh]
+ Revert allowing pro service warnings (#4483)
+ Export warning logs to status.json (#4455)
+ Fix regression in package installation (#4466)
+ schema: cloud-init schema in early boot or in dev environ (#4448)
+ schema: annotation of nested dicts lists in schema marks (#4448)
+ feat(apport): collect ubuntu-pro logs if ubuntu-advantage.log present
(#4443)
+ apt_configure: add deb822 support for default sources file (#4437)
+ net: remove the word "on instance boot" from cloud-init generated config
(#4457) [Ani Sinha]
+ style: Make cloudinit.log functions use snake case (#4449)
+ Don't recommend using cloud-init as a library (#4459)
+ vmware: Fall back to vmtoolsd if vmware-rpctool errs (#4444)
[Andrew Kutz]
+ azure: add option to enable/disable secondary ip config (#4432)
+ [Ksenija Stanojevic]
+ Allow installing snaps via package_update_upgrade_install module (#4202)
+ docs: Add cloud-init overview/introduction (#4440) [Sally]
+ apt: install software-properties-common when absent but needed (#4441)
+ sources/Azure: Ignore system volume information folder while scanning
for files in the ntfs resource disk (#4446) [Anh Vo]
+ refactor: Remove unnecessary __main__.py file
+ style: Drop vi format comments
+ cloudinit.log: Use more appropriate exception (#4435)
+ cloudinit.log: Don't configure NullHandler (#4435)
+ commit 6bbbfbbb030831c72b5aa2bba9cb8492f19d56f4
+ cloudinit.log: Remove unnecessary module function and variables (#4435)
+ cloudinit.log: Remove unused getLogger wrapper (#4435)
+ cloudinit.log: Standardize use of cloudinit's logging module (#4435)
+ Remove unnecessary logging wrapper in Cloud class (#4435)
+ integration test: allow pro service warnings (#4447)
+ integration tests: fix mount indentation (#4445)
+ sources/Azure: fix for conflicting reports to platform (#4434)
[Chris Patterson]
+ docs: link the cloud-config validation service (#4442)
+ Fix pip-managed ansible on pip < 23.0.1 (#4403)
+ Install gnupg if gpg not found (#4431)
+ Add "phsm" as contributor (#4429) [Phsm Qwerty]
+ cc_ubuntu_advantage: do not rely on uaclient.messages module (#4397)
[Grant Orndorff]
+ tools/ds-identify: match Azure datasource's ds_detect() behavior (#4430)
[Chris Patterson]
+ Refactor test_apt_source_v1.py to use pytest (#4427)
+ sources: do not override datasource detection if None is in list (#4426)
[Chris Patterson]
+ feat: check for create_hostname_file key before writing /etc/hostname
(SC-1588) (#4330) [Cat Red]
+ Pytestify apt config test modules (#4424)
+ upstream gentoo patch (#4422)
+ Work around no instance ip (#4419)
+ Fix typing issues in subp module (#4401)
+ net: fix ipv6_dhcpv6_stateful/stateless/slaac configuration for rhel
(#4395) [Ani Sinha]
+ Release 23.3.1
+ apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ integration tests: fix mount indentation (#4405)
+ Use grep for faster parsing of cloud config in ds-identify (#4327)
[Scott Moser] (LP: #2030729)
+ doc: fix instructions on how to disable cloud-init from kernel command
line (#4406) [Ani Sinha]
+ doc/vmware: Update contents relevant to disable_vmware_customization
[PengpengSun]
+ Bring back flake8 for python 3.6 (#4394)
+ integration tests: Fix cgroup parsing (#4402)
+ summary: Update template parameter descriptions in docs [MJ Moshiri]
+ Log PPID for better debugging (#4398)
+ integration tests: don't clean when KEEP_* flags true (#4400)
+ clean: add a new option to clean generated config files [Ani Sinha]
+ pep-594: drop deprecated pipes module import
From 23.3.3
+ Fix pip-managed ansible on pip < 23.0.1 (#4403)
From 23.3.2
+ Revert "ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen"
(#4281) (#4511) (LP: #2039453)
From 23.3.1
+ apt: kill dirmngr/gpg-agent without gpgconf dependency (LP: #2034273)
+ integration tests: Fix cgroup parsing (#4402)
- Add cloud-init-direxist.patch (bsc#1236720)
+ Make sure the directory exists, if not create it, before writing in that
location.
- Support python 3.13 (bsc#1233649):
+ pep-594-drop-pipes.patch, gh#canonical/cloud-init#4392
+ cloud-init-fix-python313.patch, gh#canonical/cloud-init#4669
+ cloud-init-dont-assume-ordering-of-ThreadPoolExecutor.patch gh#canonical/cloud-init#5052
- containerd
-
- Update to containerd v1.7.29. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.29>
* CVE-2024-25621 bsc#1253126
* CVE-2025-64329 bsc#1253132
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.28. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.28>
- curl
-
- Security fix: [bsc#1253757, CVE-2025-11563]
* curl: wcurl path traversal with percent-encoded slashes
* Add curl-CVE-2025-11563.patch
- tool_operate: fix return code when --retry is used but not
triggered [bsc#1249367]
* Add curl-tool_operate-fix-return-code-when-retry-is-used.patch
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- docker
-
- Enable SELinux in default daemon.json config (--selinux-enabled). This has no
practical impact on non-SELinux systems. bsc#1252290
- Update to Docker 28.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2851>
- Rebased patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
* cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Remove upstreamed patch:
- 0007-Add-back-vendor.sum.patch
- Update to Docker 28.5.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2850>
- Backport <https://github.com/moby/moby/pull/51091> to re-add vendor.sum,
fixing our builds.
+ 0007-Add-back-vendor.sum.patch
- Rebased patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-openSUSE-point-users-to-docker-buildx-package.patch
* cli-0002-SECRETS-SUSE-default-to-DOCKER_BUILDKIT-0-for-docker.patch
- Update to docker-buildx v0.29.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.29.0>
- Remove git-core recommends also on openSUSE: the below argument
is valid for those users too.
- Remove git-core recommends on SLE. Most SLE systems have
installRecommends=yes by default and thus end up installing git with Docker.
bsc#1250508
This feature is mostly intended for developers ("docker build git://") so
most users already have the dependency installed, and the error when git is
missing is fairly straightforward (so they can easily figure out what they
need to install).
- dracut
-
- Update to version 059+suse.641.g906a3d31:
* fix(kernel-modules-extra): remove stray \ before / (bsc#1253029)
- glib2
-
- Add glib2-CVE-2025-7039.patch: fix computation of temporary file
name (bsc#1249055 CVE-2025-7039 glgo#GNOME/glib#3716).
- grub2
-
- Fix CVE-2025-54771 (bsc#1252931)
* 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
- Fix CVE-2025-54770 (bsc#1252930)
* 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
- Fix CVE-2025-61662 (bsc#1252933)
* 0003-gettext-gettext-Unregister-gettext-command-on-module.patch
- Fix CVE-2025-61663 (bsc#1252934)
- Fix CVE-2025-61664 (bsc#1252935)
* 0004-normal-main-Unregister-commands-on-module-unload.patch
* 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
- Fix CVE-2025-61661 (bsc#1252932)
* 0006-commands-usbtest-Use-correct-string-length-field.patch
* 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
- Bump upstream SBAT generation to 6
- Fix error: /boot/grub2/x86_64-efi/bli.mod not found (bsc#1231591)
- Fix OOM error in loading loopback file (bsc#1230840) (bsc#1249140)
* 0001-tpm-Skip-loopback-image-measurement.patch
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- Update the patch to fix "SRK not matched" errors when unsealing
the key (bsc#1232411) (bsc#1247242)
* 0001-tpm2-Add-extra-RSA-SRK-types.patch
- Fix CVE-2025-4382: TPM auto-decryption data exposure (bsc#1242971)
* 0001-kern-rescue_reader-Block-the-rescue-mode-until-the-C.patch
* 0002-commands-search-Introduce-the-cryptodisk-only-argume.patch
* 0003-disk-diskfilter-Introduce-the-cryptocheck-command.patch
* 0004-commands-search-Add-the-diskfilter-support.patch
* 0005-docs-Document-available-crypto-disks-checks.patch
* 0006-disk-cryptodisk-Add-the-erase-secrets-function.patch
* 0007-disk-cryptodisk-Wipe-the-passphrase-from-memory.patch
* 0008-cryptocheck-Add-quiet-option.patch
- patch rebased
* 0001-Improve-TPM-key-protection-on-boot-interruptions.patch
* 0004-Key-revocation-on-out-of-bound-file-access.patch
- patch refrehed
* 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch
* 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Updated to upstream version
* 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Bump upstream SBAT generation to 5
- Fix CVE-2024-49504 (bsc#1229163) (bsc#1229164)
- Restrict CLI access if the encrypted root device is automatically unlocked by
the TPM. LUKS password authentication is required for access to be granted
* 0001-cli_lock-Add-build-option-to-block-command-line-inte.patch
* 0002-Requiring-authentication-after-tpm-unlock-for-CLI-ac.patch
- Obsolete, as CLI access is now locked and granted access no longer requires
the previous restrictions
* 0002-Restrict-file-access-on-cryptodisk-print.patch
* 0003-Restrict-ls-and-auto-file-completion-on-cryptodisk-p.patch
- Rediff
* 0004-Key-revocation-on-out-of-bound-file-access.patch
- kernel-source:kernel-default
-
- nbd: restrict sockets to TCP and UDP (bsc#1252774
CVE-2025-40080).
- commit a7c3e39
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- commit 0f034b6
- Delete
patches.kabi/KVM-x86-pmu-Allow-programming-events-that-match-unsu.patch.
This avoids a kbuild error in check-patchrv. This patch is not needed
anyway since 4f5efb71e1f4.
- commit 624b1b2
- vhost: vringh: Modify the return value check (CVE-2025-40051
bsc#1252858).
- commit 80d9f20
- btrfs: fix the incorrect max_bytes value for
find_lock_delalloc_range() (git-fixes).
- commit 91a9728
- KVM: x86: Introduce kvm_x86_call() to simplify static calls
of kvm_x86_ops (git-fixes).
- Refresh
patches.suse/KVM-x86-Don-t-inject-PV-async-PF-if-SEND_ALWAYS-0-an.patch.
- Refresh
patches.suse/KVM-x86-Exit-to-userspace-if-fastpath-triggers-one-o.patch.
- Refresh patches.suse/KVM-x86-Introduce-kvm_set_mp_state.patch.
- Refresh
patches.suse/KVM-x86-Route-non-canonical-checks-in-emulator-throu.patch.
- Refresh
patches.suse/KVM-x86-model-canonical-checks-more-precisely.patch.
- commit 3454959
- KVM: x86: Replace static_call_cond() with static_call()
(git-fixes).
- commit 6bb685c
- Update
patches.suse/ACPI-x86-s2idle-Catch-multiple-ACPI_TYPE_PACKAGE-obj.patch
(git-fixes CVE-2023-53708 bsc#1252537).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-deference-in-try_to_.patch
(git-fixes CVE-2025-40085 bsc#1252873).
- Update
patches.suse/ALSA-usb-audio-fix-race-condition-to-UAF-in-snd_usbm.patch
(git-fixes CVE-2025-39997 bsc#1252056).
- Update
patches.suse/ASoC-qcom-audioreach-fix-potential-null-pointer-dere.patch
(git-fixes CVE-2025-40013 bsc#1252348).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-UAFs.patch
(git-fixes CVE-2025-39981 bsc#1252060).
- Update
patches.suse/Bluetooth-hci_event-Fix-UAF-in-hci_acl_create_conn_s.patch
(git-fixes CVE-2025-39982 bsc#1252083).
- Update
patches.suse/HID-amd_sfh-Fix-for-shift-out-of-bounds.patch
(bsc#1012628 CVE-2023-53703 bsc#1252553).
- Update
patches.suse/Input-uinput-zero-initialize-uinput_ff_upload_compat.patch
(git-fixes CVE-2025-40035 bsc#1252866).
- Update patches.suse/NFS-Fix-a-potential-data-corruption.patch
(git-fixes CVE-2023-53711 bsc#1252536).
- Update
patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch
(git-fixes CVE-2025-40087 bsc#1252909).
- Update
patches.suse/PCI-endpoint-pci-epf-test-Add-NULL-check-for-DMA-cha.patch
(git-fixes CVE-2025-40032 bsc#1252841).
- Update
patches.suse/RDMA-rxe-Fix-race-in-do_task-when-draining.patch
(git-fixes CVE-2025-40061 bsc#1252849).
- Update
patches.suse/Squashfs-fix-uninit-value-in-squashfs_get_parent.patch
(git-fixes CVE-2025-40049 bsc#1252822).
- Update
patches.suse/USB-gadget-Fix-the-memory-leak-in-raw_gadget-dr.patch
(bsc#1012628 CVE-2023-53693 bsc#1252489).
- Update
patches.suse/afs-Fix-potential-null-pointer-dereference-in-afs_put_server.patch
(git-fixes CVE-2025-40010 bsc#1252332).
- Update
patches.suse/arm64-csum-Fix-OoB-access-in-IP-checksum-code-for-ne.patch
(git-fixes CVE-2023-53726 bsc#1252565).
- Update
patches.suse/arm64-sme-Use-STR-P-to-clear-FFR-context-field-.patch
(bsc#1012628 CVE-2023-53713 bsc#1252559).
- Update
patches.suse/blk-iocost-use-spin_lock_irqsave-in-adjust_inus.patch
(bsc#1012628 CVE-2023-53730 bsc#1252495).
- Update
patches.suse/bus-fsl-mc-Check-return-value-of-platform_get_resour.patch
(git-fixes CVE-2025-40029 bsc#1252772).
- Update
patches.suse/can-etas_es58x-populate-ndo_change_mtu-to-prevent-bu.patch
(git-fixes CVE-2025-39988 bsc#1252074).
- Update
patches.suse/can-hi311x-populate-ndo_change_mtu-to-prevent-buffer.patch
(git-fixes CVE-2025-39987 bsc#1252079).
- Update
patches.suse/can-mcba_usb-populate-ndo_change_mtu-to-prevent-buff.patch
(git-fixes CVE-2025-39985 bsc#1252082).
- Update
patches.suse/can-peak_usb-fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2025-40020 bsc#1252679).
- Update
patches.suse/can-sun4i_can-populate-ndo_change_mtu-to-prevent-buf.patch
(git-fixes CVE-2025-39986 bsc#1252078).
- Update
patches.suse/clk-imx-clk-imx8mp-improve-error-handling-in-im.patch
(bsc#1012628 CVE-2023-53704 bsc#1252490).
- Update
patches.suse/clocksource-drivers-cadence-ttc-Fix-memory-leak.patch
(bsc#1012628 CVE-2023-53725 bsc#1252492).
- Update
patches.suse/crypto-essiv-Check-ssize-for-decryption-and-in-place.patch
(git-fixes CVE-2025-40019 bsc#1252678).
- Update
patches.suse/crypto-hisilicon-qm-set-NULL-to-qm-debug.qm_diff_reg.patch
(git-fixes CVE-2025-40062 bsc#1252850).
- Update
patches.suse/drm-amdgpu-Fix-integer-overflow-in-amdgpu_cs_p.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53707
bsc#1252632).
- Update
patches.suse/drm-gma500-Fix-null-dereference-in-hdmi-teardown.patch
(git-fixes CVE-2025-40011 bsc#1252336).
- Update
patches.suse/drm-sched-Fix-potential-double-free-in-drm_sched_job.patch
(git-fixes CVE-2025-40096 bsc#1252902).
- Update
patches.suse/fbcon-fix-integer-overflow-in-fbcon_do_set_font.patch
(git-fixes CVE-2025-39967 bsc#1252033).
- Update
patches.suse/fs-udf-fix-OOB-read-in-lengthAllocDescs-handling.patch
(git-fixes CVE-2025-40044 bsc#1252785).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_strcasecmp.patch
(git-fixes CVE-2025-40088 bsc#1252904).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2asc_followup.patch
(git-fixes CVE-2025-40082 bsc#1252775).
- Update
patches.suse/iommu-vt-d-Disallow-dirty-tracking-if-incoherent-pag.patch
(git-fixes CVE-2025-40058 bsc#1252854).
- Update
patches.suse/md-raid1-fix-potential-OOB-in-raid1_remove_disk-8b04.patch
(jsc#PED-7542 CVE-2023-53722 bsc#1252499).
- Update
patches.suse/media-b2c2-Fix-use-after-free-causing-by-irq_check_w.patch
(git-fixes CVE-2025-39996 bsc#1252065).
- Update
patches.suse/media-i2c-tc358743-Fix-use-after-free-bugs-caused-by.patch
(git-fixes CVE-2025-39995 bsc#1252064).
- Update
patches.suse/media-rc-fix-races-with-imon_disconnect.patch
(git-fixes CVE-2025-39993 bsc#1252070).
- Update
patches.suse/media-tuner-xc5000-Fix-use-after-free-in-xc5000_rele.patch
(git-fixes CVE-2025-39994 bsc#1252072).
- Update
patches.suse/media-uvcvideo-Mark-invalid-entities-with-id-UVC_INV.patch
(git-fixes CVE-2025-40016 bsc#1252346).
- Update
patches.suse/misc-fastrpc-fix-possible-map-leak-in-fastrpc_put_ar.patch
(git-fixes CVE-2025-40036 bsc#1252865).
- Update
patches.suse/net-nfc-nci-Add-parameter-validation-for-packet-data.patch
(git-fixes CVE-2025-40043 bsc#1252787).
- Update
patches.suse/net-sched-cls_u32-Undo-tcf_bind_filter-if-u32_r.patch
(bsc#1012628 CVE-2023-53733 bsc#1252685).
- Update
patches.suse/net-sched-fq_pie-avoid-stalls-in-fq_pie_timer.patch
(bsc#1220419 CVE-2023-53727 bsc#1252566).
- Update
patches.suse/netlink-fix-potential-deadlock-in-netlink_set_e.patch
(bsc#1012628 CVE-2023-53731 bsc#1252481).
- Update
patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch
(jsc#PED-5853 CVE-2023-53697 bsc#1252534).
- Update
patches.suse/posix-timers-Ensure-timer-ID-search-loop-limit-.patch
(bsc#1012628 CVE-2023-53728 bsc#1252668).
- Update
patches.suse/ring-buffer-Do-not-swap-cpu_buffer-during-resi.patch
(bsc#1012628 CVE-2023-53718 bsc#1252564).
- Update
patches.suse/riscv-move-memblock_allow_resize-after-linear-m.patch
(bsc#1012628 CVE-2023-53699 bsc#1252550).
- Update
patches.suse/smb-client-fix-crypto-buffers-in-non-linear-memory.patch
(bsc#1250491 boo#1239206 CVE-2025-40052 bsc#1252851).
- Update
patches.suse/soc-qcom-qmi_encdec-Restrict-string-length-in-decode.patch
(git-fixes CVE-2023-53729 bsc#1252496).
- Update
patches.suse/tty-n_gsm-Don-t-block-input-queue-by-waiting-MSC.patch
(git-fixes CVE-2025-40071 bsc#1252797).
- Update
patches.suse/wifi-ath11k-fix-NULL-dereference-in-ath11k_qmi_m3_lo.patch
(git-fixes CVE-2025-39991 bsc#1252075).
- Update
patches.suse/wifi-ath12k-Fix-a-NULL-pointer-dereference-in-ath12k.patch
(git-fixes CVE-2023-53721 bsc#1252561).
- Update
patches.suse/xfrm-xfrm_alloc_spi-shouldn-t-use-0-as-SPI.patch
(CVE-2025-39797 bsc#1249608 CVE-2025-39965 bsc#1251967).
- Update
patches.suse/xsk-fix-refcount-underflow-in-error-path.patch
(bsc#1012628 CVE-2023-53698 bsc#1252479).
- commit 9042362
- coresight: trbe: Return NULL pointer for allocation failures
(CVE-2025-40060 bsc#1252848).
- commit 4543e34
- regulator: bd718x7: Fix voltages scaled by resistor divider
(git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls
(git-fixes).
- commit 20abe4b
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89
(git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on
Iceland (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
(git-fixes).
- drm/amd/pm: fix smu table id bound check issue in
smu_cmn_update_table() (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs
(git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- commit acb4ea2
- smb: client: fix potential cfid UAF in smb2_query_info_compound
(bsc#1248886).
- commit 5e5239d
- vhost: vringh: Fix copy_to_iter return value check (CVE-2025-40056 bsc#1252826)
- commit 4efa16a
- btrfs: do not assert we found block group item when creating
free space tree (bsc#1252918 CVE-2025-40100).
- commit 327502f
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation
already running (git-fixes).
- commit f5ef369
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
(git-fixes).
- commit 8cb68fe
- KVM: x86/mmu: Prevent installing hugepages when mem attributes
are changing (git-fixes).
- commit 37d594a
- selftests/bpf: Fix a fd leak in error paths in open_netns
(git-fixes).
- commit 51d3745
- selftests/bpf: Fix umount cgroup2 error in test_sockmap
(git-fixes).
- commit 24ba5aa
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests
(git-fixes).
- commit 9809b14
- ACPI: video: Fix use-after-free in
acpi_video_switch_brightness() (git-fixes).
- ACPI: button: Call input_free_device() on failing input device
registration (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
(git-fixes).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: usb: asix_devices: Check return value of
usbnet_get_endpoints (git-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state
during reset (git-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
(git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in
standalone AP Mode (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table
(git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command
(git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp
intervals (git-fixes).
- commit cc1ca5e
- bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078
bsc#1252789).
- commit 6edd4b3
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
producer (git-fixes).
- commit fdfcdff
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
(git-fixes).
- commit cb2e3ab
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf()
(bsc#1252939).
- commit 7cb788c
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata
handling out of setup_vmcs_config()" (git-fixes).
- commit 769724a
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
(git-fixes).
- commit 40898e0
- hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent() (git-fixes).
- commit a2e4db9
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- commit 693ef92
- hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super() (git-fixes).
- commit 6aec9cc
- ARM: tegra: Use I/O memcpy to write to IRAM (CVE-2025-39794 bsc#1249595)
- commit ad8d355
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
(CVE-2025-40018 bsc#1252688).
- commit d48a123
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- commit 1a326b8
- Fix Git-commit for patches.suse/cxl-downgrade-a-warning-message-to-debug-level-in-cxl.patch.
- commit 31a5035
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog
types (bsc#1252364).
- commit 82fd58d
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request()
(git-fixes).
- commit fceae30
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
(CVE-2025-39978 bsc#1252069).
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
(CVE-2025-39955 bsc#1251804).
- commit 0468786
- Revert "e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898"
This reverts commit df2ae2c1bd0dd998b7e23e3d49e90e95ada467f0.
- commit 79fa523
- i40e: add max boundary check for VF filters (CVE-2025-39968
bsc#1252047).
- i40e: fix validation of VF state in get resources
(CVE-2025-39969 bsc#1252044).
- i40e: fix idx validation in i40e_validate_queue_map
(CVE-2025-39972 bsc#1252039).
- i40e: add validation for ring_len param (CVE-2025-39973
bsc#1252035).
- ice: fix Rx page leak on multi-buffer frames (CVE-2025-39948
bsc#1251233).
- qed: Don't collect too many protection override GRC elements
(CVE-2025-39949 bsc#1251177).
- commit 2c4293d
- Delete
patches.suse/cpuidle-menu-Avoid-discarding-useful-information.patch.
- commit c2e3ac6
- Delete
patches.suse/cpuidle-governors-menu-Avoid-using-invalid-recent-intervals-data.patch.
- commit b1a47b7
- nvme/tcp: handle tls partially sent records in write_space()
(git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition
(git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
(git-fixes).
- commit 4b35633
- ACPI: battery: Add synchronization between interface updates
(git-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check
(stable-fixes).
- ACPI: battery: Check for error code from devm_mutex_init()
call (git-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs
(stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- commit 7bacc8f
- wifi: rtw89: fix use-after-free in
rtw89_core_tx_kick_off_and_wait() (CVE-2025-40000 bsc#1252062).
- commit b7a479d
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- commit b185921
- misc: fastrpc: Save actual DMA size in fastrpc_map structure
(git-fixes).
- Refresh
patches.suse/misc-fastrpc-Skip-reference-for-DMA-handles.patch.
- commit b472422
- most: usb: hdm_probe: Fix calling put_device() before device
initialization (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
(git-fixes).
- serial: 8250_dw: handle reset control deassert error
(git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before
suspend (git-fixes).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers
(git-fixes).
- r8169: fix packet truncation after S4 resume on
RTL8168H/RTL8111H (git-fixes).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled
(stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm
(stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings
(git-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels
before release (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for
startup state machine (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling
(git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth
(stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500
(stable-fixes).
- media: nxp: imx8-isi: Drop unused argument to
mxc_isi_channel_chain() (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config
flag (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and
older (stable-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config
max_register value (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from
pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if
"ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- commit 9f99f4e
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing
in raw mode (git-fixes).
- drm/sched: Fix potential double free in
drm_sched_job_add_resv_dependencies (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height
check (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version
register (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm
fault info (git-fixes).
- drm/i915/guc: Skip communication warning on reset in progress
(git-fixes).
- drm/amd: Check whether secure display TA loaded successfully
(stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during
bind (stable-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference
in functions (stable-fixes).
- commit 110d102
- can: netlink: can_changelink(): allow disabling of automatic
restart (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb()
instead of can_dropped_invalid_skb() (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
(git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status
(git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection
(git-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034
codec (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in
try_to_register_card (git-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
(git-fixes).
- accel/qaic: Treat remaining == 0 as error in
find_and_map_user_pages() (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1
(stable-fixes).
- ACPI: property: Add code comments explaining what is going on
(stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists
(stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ACPI: battery: allocate driver data through devm_ APIs
(stable-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers
(stable-fixes).
- commit e53e617
- spi: cadence-quadspi: Implement refcount to handle unbind
during busy (CVE-2025-40005 bsc#1252349).
- commit 7406f70
- i40e: fix idx validation in config queues msg (CVE-2025-39971 bsc#1252052)
- commit 70699a8
- i40e: fix input validation logic for action_meta (CVE-2025-39970 bsc#1252051)
- commit 57401e3
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- commit 59db3fb
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- commit da235eb
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- commit 5587842
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- commit baef4e7
- NFSD: Rework encoding and decoding of nfsd4_deviceid
(git-fixes).
- commit 72f1d28
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
(git-fixes).
- commit a6f88ab
- xfs: rename the old_crc variable in xlog_recover_process
(git-fixes).
- commit 677fb8c
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (CVE-2025-39876 bsc#1250400)
- commit 137f367
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- commit c6a1bb4
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- commit 539da61
- proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653 bsc#1248630)
- commit bcff9b5
- ovl: fix file reference leak when submitting aio (stable-fixes).
- commit 57db5b5
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not
for Xen PV clock (git-fixes).
- commit 85e57cf
- KVM: x86: Don't bleed PVCLOCK_GUEST_STOPPED across PV clocks
(git-fixes).
- commit cd63f69
- KVM: x86: Process "guest stopped request" once per guest time
update (git-fixes).
- commit 29a55cf
- add bug reference to existing hv_netvsc change (bsc#1252265)
- commit 95261dd
- KVM: SVM: Inject #GP if memory operand for INVPCID is
non-canonical (git-fixes).
- commit ed9dfb1
- KVM: x86: Clear pv_unhalted on all transitions to
KVM_MP_STATE_RUNNABLE (git-fixes).
- commit f4d45de
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- commit 4b1f2ec
- NFS: Fix a race when updating an existing write (bsc#1249319
bsc#1252236 CVE-2025-39697).
- commit 40cab0c
- nfs: Add missing release on error in
nfs_lock_and_join_requests() (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit b903556
- nfs: fold nfs_page_group_lock_subrequests into
nfs_lock_and_join_requests (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit 13ceff1
- nfs: fold nfs_folio_find_and_lock_request into
nfs_lock_and_join_requests (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit 14874ac
- nfs: simplify nfs_folio_find_and_lock_request (bsc#1249319
bsc#1252236 CVE-2025-39697).
- commit 1b25c26
- nfs: remove nfs_folio_private_request (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit c28ea5d
- nfs: remove dead code for the old swap over NFS implementation
(bsc#1249319 bsc#1252236 CVE-2025-39697).
- Refresh
patches.suse/NFS-fix-nfs_release_folio-to-not-deadlock-via-kcompa.patch.
- commit e7a5c52
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common
x86 (git-fixes).
- commit 0bb2570
- overlayfs: set ctime when setting mtime and atime
(stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- ovl: Always reevaluate the file signature for IMA
(stable-fixes).
- commit 4cfc4ed
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911 bsc#1250704)
- commit 627f938
- sched: Fix sched_numa_find_nth_cpu() if mask offline (CVE-2025-39895 bsc#1250721)
- commit 581de7a
- sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812 bsc#1250202)
- commit 56a7db3
- ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702 bsc#1249317)
- commit 3d85c5c
- sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718 bsc#1249161)
- commit 0083867
- scsi: qla4xxx: Prevent a potential error pointer dereference (CVE-2025-39676 bsc#1249302)
- commit a3b8686
- net: usb: lan78xx: Add error handling to
lan78xx_init_mac_address (git-fixes).
- commit f1ec116
- net/mlx5e: Harden uplink netdev access against device unbind
(CVE-2025-39947 bsc#1251232).
- commit d4278a0
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
(git-fixes).
- commit 09e399f
- KVM: x86: Bypass register cache when querying CPL from
kvm_sched_out() (git-fixes).
- commit 27a06fc
- net: usb: lan78xx: fix use of improperly initialized dev->chipid
in lan78xx_reset (git-fixes).
- commit ad26239
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- commit db73d98
- usbnet: Fix using smp_processor_id() in preemptible code
warnings (git-fixes).
- commit b2c518b
- config.sh: Update IBS project
- commit f8ef735
- cpufreq: scmi: Account for malformed DT in
scmi_dev_used_by_cpus() (git-fixes).
- commit 149500a
- cpuidle: governors: menu: Avoid using invalid recent intervals
data (git-fixes).
- commit a4ef664
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(git-fixes).
- commit baddd40
- selftests/bpf: Fix backtrace printing for selftests crashes
(git-fixes).
- commit 63e24c4
- tools/resolve_btfids: Fix build when cross compiling kernel
with clang (git-fixes).
- commit f4f0a36
- samples/bpf: Fix compilation failure for samples/bpf on
LoongArch Fedora (git-fixes).
- commit fa036e9
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- commit d19eec5
- selftests/bpf: Fix compile if backtrace support missing in libc
(git-fixes).
- commit 3353a4b
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c
(git-fixes).
- commit b5270ce
- selftests/bpf: Fix C++ compile error from missing _Bool type
(git-fixes).
- commit 736692a
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- commit 8aa3099
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
(git-fixes).
- commit 35f5a49
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region
(git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event()
(git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86
platforms (git-fixes).
- commit 814983a
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'. This occurred in
commit c35dc3823d08 ("Update to 6.0-rc1") on master and in d016c04d731d
("Bump to 6.4 kernel (jsc#PED-4593)") for SLE15-SP6 (and onwards).
Update the documentation to reflect this change.
- commit f42ecf5
- ACPI: property: Do not pass NULL handles to acpi_attach_data()
(stable-fixes git-fixes).
- commit 19fb175
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
(stable-fixes).
- commit d0f4111
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
(git-fixes).
- commit 59c2171
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of
CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- commit 793bb70
- cpuidle: qcom-spm: fix device and OF node leaks at probe
(git-fixes).
- commit 39be628
- cpuidle: menu: Avoid discarding useful information
(stable-fixes).
- commit b136410
- cpufreq: tegra186: Set target frequency for all cpus in policy
(git-fixes).
- commit e1cfca8
- cpufreq: intel_pstate: Fix object lifecycle issue in
update_qos_request() (stable-fixes git-fixes).
- commit 8b10f36
- cpufreq: armada-8k: Fix off by one in
armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- commit 3e7dc0b
- cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
(stable-fixes).
- commit 2dde40f
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter
(bsc#1250650).
- commit 5925a0e
- sched/idle: Conditionally handle tick broadcast in
default_idle_call() (bsc#1248517).
- Update config files.
- commit 1a58311
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- Refresh
patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch.
- commit be42a2d
- perf/aux: Fix pending disable flow when the AUX ring buffer
overruns (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1
(git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized
(git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader
(git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS
records (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on SPR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on SNR (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task
exit (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
(git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint
type (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample
read (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for
OP PMU (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/x86/intel: Use better start period for frequency mode
(git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing
PEBS_DATA_CFG (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs()
(git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF
(git-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions
(git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- commit 76eb280
- tls: make sure to abort the stream if headers are bogus
(CVE-2025-39946 bsc#1251114).
- commit d62deaa
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc
(git-fixes).
- commit b2a359c
- selftests/bpf: Fix errors compiling cg_storage_multi.h with
musl libc (git-fixes).
- commit 799529b
- selftests/bpf: Fix errors compiling decap_sanity.c with musl
libc (git-fixes).
- commit f14b275
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl
libc (git-fixes).
- commit 498999e
- selftests/bpf: Fix compiling core_reloc.c with musl-libc
(git-fixes).
- commit eb3a7bd
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
(git-fixes).
- commit 109e7cc
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc
(git-fixes).
- commit 9b43d04
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc
(git-fixes).
- commit 442e8bf
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc
(git-fixes).
- commit 1f65169
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with
musl libc (git-fixes).
- commit 7613608
- selftests/bpf: Add test for unpinning htab with internal timer
struct (git-fixes).
- commit 8a1df26
- bpf: Avoid RCU context warning when unpinning htab with internal
structs (git-fixes).
- commit 73d4d2d
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
(git-fixes).
- commit 1a82fe5
- kabi: hide new member allow_subflows in struct mptcp_sock
(CVE-2025-38552 bsc#1248230).
- commit f51a25e
- mptcp: plug races between subflow fail and subflow creation
(CVE-2025-38552 bsc#1248230).
- Refresh
patches.kabi/kabi-hide-new-member-fallback_lock-in-struct-mptcp_s.patch.
(also delete outdated part of a comment)
- commit fdbbed8
- Update
patches.suse/ALSA-ac97-Fix-possible-NULL-dereference-in-snd_.patch
(bsc#1012628 CVE-2023-53648 bsc#1251750).
- Update
patches.suse/ASoC-codecs-wcd938x-fix-missing-mbhc-init-error.patch
(bsc#1012628 CVE-2023-53666 bsc#1251760).
- Update
patches.suse/ASoC-qcom-q6apm-lpass-dais-Fix-NULL-pointer-derefere.patch
(git-fixes CVE-2025-39938 bsc#1251134).
- Update
patches.suse/Bluetooth-hci_event-call-disconnect-callback-be.patch
(bsc#1012628 CVE-2023-53673 bsc#1251763).
- Update
patches.suse/HID-hyperv-avoid-struct-memcpy-overrun-warning.patch
(bsc#1012628 CVE-2023-53553 bsc#1251068).
- Update
patches.suse/KVM-nSVM-Check-instead-of-asserting-on-nested-TSC-sc.patch
(git-fixes CVE-2023-53663 bsc#1251290).
- Update
patches.suse/RDMA-rxe-Fix-incomplete-state-save-in-rxe_requester.patch
(git-fixes CVE-2023-53539 bsc#1251060).
- Update
patches.suse/USB-Gadget-core-Help-prevent-panic-during-UVC-.patch
(bsc#1012628 CVE-2023-53580 bsc#1251105).
- Update
patches.suse/accel-qaic-Fix-a-leak-in-map_user_pages.patch
(bsc#1012628 CVE-2023-53633 bsc#1251746).
- Update
patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-f.patch
(bsc#1012628 CVE-2023-53681 bsc#1251769).
- Update
patches.suse/bonding-do-not-assume-skb-mac_header-is-set.patch
(bsc#1012628 CVE-2023-53601 bsc#1251153).
- Update
patches.suse/bpf-Make-bpf_refcount_acquire-fallible-for-non-.patch
(bsc#1012628 CVE-2023-53645 bsc#1251321).
- Update
patches.suse/bpf-cpumap-Handle-skb-as-well-when-clean-up-pt.patch
(bsc#1012628 CVE-2023-53660 bsc#1251721).
- Update
patches.suse/bpf-cpumap-Make-sure-kthread-is-running-before.patch
(bsc#1012628 CVE-2023-53577 bsc#1251028).
- Update
patches.suse/bpf-reject-unhashed-sockets-in-bpf_sk_assign.patch
(jsc#PED-6811 CVE-2023-53585 bsc#1251126).
- Update
patches.suse/btrfs-insert-tree-mod-log-move-in-push_node_lef.patch
(bsc#1012628 CVE-2023-53538 bsc#1251024).
- Update
patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch
(git-fixes CVE-2023-53672 bsc#1251780).
- Update
patches.suse/btrfs-reject-invalid-reloc-tree-root-keys-with.patch
(bsc#1012628 CVE-2023-53618 bsc#1251748).
- Update
patches.suse/cifs-Release-folio-lock-on-fscache-read-hit.patch
(bsc#1012628 CVE-2023-53593 bsc#1251132).
- Update
patches.suse/cifs-fix-mid-leak-during-reconnection-after-tim.patch
(bsc#1012628 CVE-2023-53597 bsc#1251159).
- Update
patches.suse/clk-Fix-memory-leak-in-devm_clk_notifier_regist.patch
(bsc#1012628 CVE-2023-53674 bsc#1251764).
- Update
patches.suse/clk-imx-scu-use-_safe-list-iterator-to-avoid-a-.patch
(bsc#1012628 CVE-2023-53572 bsc#1251027).
- Update
patches.suse/cpufreq-amd-pstate-fix-global-sysfs-attribute-.patch
(bsc#1012628 CVE-2023-53550 bsc#1251071).
- Update
patches.suse/cpufreq-amd-pstate-ut-Fix-kernel-panic-when-loading-.patch
(git-fixes CVE-2023-53563 bsc#1251038).
- Update
patches.suse/crypto-af_alg-Fix-missing-initialisation-affecting-g.patch
(bsc#1216396 CVE-2023-53599 bsc#1251150).
- Update
patches.suse/crypto-af_alg-Set-merge-to-zero-early-in-af_alg_send.patch
(git-fixes CVE-2025-39931 bsc#1251100).
- Update
patches.suse/dax-Fix-dax_mapping_release-use-after-free.patch
(bsc#1012628 CVE-2023-53613 bsc#1251119).
- Update
patches.suse/drivers-base-Free-devm-resources-when-unregistering-.patch
(jsc#PED-6054 CVE-2023-53596 bsc#1251161).
- Update
patches.suse/drivers-perf-hisi-Don-t-migrate-perf-to-the-CPU.patch
(bsc#1012628 CVE-2023-53656 bsc#1251758).
- Update
patches.suse/drm-amdgpu-unmap-and-remove-csa_va-properly.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53545
bsc#1251084).
- Update
patches.suse/drm-bridge-anx7625-Fix-NULL-pointer-dereference-with.patch
(git-fixes CVE-2025-39934 bsc#1251146).
- Update
patches.suse/drm-i915-mark-requests-for-GuC-virtual-engines-to-av.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53552
bsc#1251065).
- Update
patches.suse/drm-i915-perf-add-sentinel-to-xehp_oa_b_counter.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53646
bsc#1251742).
- Update
patches.suse/ext4-fix-memory-leaks-in-ext4_fname_-setup_filename-.patch
(bsc#1214954 CVE-2023-53662 bsc#1251282).
- Update
patches.suse/fbdev-omapfb-lcd_mipid-Fix-an-error-handling-pa.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53650
bsc#1251283).
- Update
patches.suse/fprobe-Release-rethook-after-the-ftrace_ops-is-.patch
(bsc#1012628 CVE-2023-53557 bsc#1251054).
- Update
patches.suse/gfs2-Fix-possible-data-races-in-gfs2_show_opti.patch
(bsc#1012628 CVE-2023-53622 bsc#1251777).
- Update patches.suse/gpio-mvebu-fix-irq-domain-leak.patch
(bsc#1012628 CVE-2023-53579 bsc#1251170).
- Update
patches.suse/iavf-Fix-out-of-bounds-when-setting-channels-on.patch
(bsc#1012628 CVE-2023-53659 bsc#1251247).
- Update patches.suse/iavf-Fix-use-after-free-in-free_netdev.patch
(bsc#1012628 CVE-2023-53556 bsc#1251059).
- Update
patches.suse/ice-Don-t-tx-before-switchdev-is-fully-configured.patch
(jsc#PED-4876 CVE-2023-53657 bsc#1251319).
- Update
patches.suse/ip_vti-fix-potential-slab-use-after-free-in-de.patch
(bsc#1012628 CVE-2023-53559 bsc#1251052).
- Update patches.suse/ipmi_si-fix-a-memleak-in-try_smi_init.patch
(git-fixes CVE-2023-53611 bsc#1251123).
- Update
patches.suse/jfs-fix-invalid-free-of-JFS_IP-ipimap-i_imap-in-diUnmount.patch
(git-fixes CVE-2023-53616 bsc#1251215).
- Update
patches.suse/md-don-t-dereference-mddev-after-export_rdev-7dea.patch
(jsc#PED-7542 CVE-2023-53665 bsc#1251270).
- Update
patches.suse/media-amphion-fix-REVERSE_INULL-issues-reported-by-c.patch
(git-fixes CVE-2023-53653 bsc#1251755).
- Update
patches.suse/memcontrol-ensure-memcg-acquired-by-id-is-properly-s.patch
(git-fixes CVE-2023-53621 bsc#1251323).
- Update
patches.suse/mm-damon-core-initialize-damo_filter-list-from.patch
(bsc#1012628 CVE-2023-53555 bsc#1251056).
- Update
patches.suse/msft-hv-2870-Drivers-hv-vmbus-Don-t-dereference-ACPI-root-object-.patch
(git-fixes CVE-2023-53647 bsc#1251732).
- Update
patches.suse/mtd-rawnand-brcmnand-Fix-potential-out-of-bounds-acc.patch
(git-fixes CVE-2023-53541 bsc#1251043).
- Update
patches.suse/net-handshake-fix-null-ptr-deref-in-handshake_nl_don.patch
(bsc#1220419 CVE-2023-53686 bsc#1251771).
- Update
patches.suse/net-mlx5-DR-fix-memory-leak-in-mlx5dr_cmd_crea.patch
(bsc#1012628 CVE-2023-53546 bsc#1251079).
- Update
patches.suse/net-mlx5e-Check-for-NOT_READY-flag-state-after-.patch
(bsc#1012628 CVE-2023-53581 bsc#1251106).
- Update
patches.suse/net-mlx5e-Take-RTNL-lock-when-needed-before-ca.patch
(bsc#1012628 CVE-2023-53632 bsc#1251269).
- Update
patches.suse/net-rfkill-gpio-Fix-crash-due-to-dereferencering-uni.patch
(git-fixes CVE-2025-39937 bsc#1251143).
- Update
patches.suse/net-usbnet-Fix-WARNING-in-usbnet_start_xmit-us.patch
(bsc#1012628 CVE-2023-53548 bsc#1251066).
- Update
patches.suse/netfilter-conntrack-Avoid-nf_ct_helper_hash-use.patch
(bsc#1012628 CVE-2023-53619 bsc#1251743).
- Update patches.suse/nvme-core-fix-dev_pm_qos-memleak.patch
(bsc#1012628 CVE-2023-53670 bsc#1251762).
- Update
patches.suse/octeon_ep-cancel-queued-works-in-probe-error-p.patch
(bsc#1012628 CVE-2023-53638 bsc#1251328).
- Update
patches.suse/octeontx2-af-Add-validation-before-accessing-cg.patch
(bsc#1012628 CVE-2023-53654 bsc#1251756).
- Update
patches.suse/perf-RISC-V-Remove-PERF_HES_STOPPED-flag-checki.patch
(bsc#1012628 CVE-2023-53583 bsc#1251108).
- Update
patches.suse/perf-trace-Really-free-the-evsel-priv-area.patch
(perf-v6.7 (jsc#PED-6012 jsc#PED-6121) CVE-2023-53649
bsc#1251749).
- Update
patches.suse/platform-x86-dell-sysman-Fix-reference-leak.patch
(git-fixes CVE-2023-53631 bsc#1251529).
- Update
patches.suse/rcu-tasks-Avoid-pr_info-with-spin-lock-in-cblis.patch
(bsc#1012628 CVE-2023-53558 bsc#1251081).
- Update
patches.suse/ring-buffer-Fix-deadloop-issue-on-reading-trace.patch
(bsc#1012628 CVE-2023-53668 bsc#1251286).
- Update
patches.suse/s390-zcrypt-don-t-leak-memory-if-dev_set_name-fails.patch
(git-fixes bsc#1215143 CVE-2023-53568 bsc#1251035).
- Update
patches.suse/scsi-qla2xxx-Avoid-fcport-pointer-dereference.patch
(bsc#1012628 CVE-2023-53603 bsc#1251180).
- Update
patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch
(git-fixes CVE-2023-53615 bsc#1251113).
- Update
patches.suse/soc-aspeed-socinfo-Add-kfree-for-kstrdup.patch
(bsc#1012628 CVE-2023-53617 bsc#1251268).
- Update
patches.suse/spi-bcm-qspi-return-error-if-neither-hif_mspi-n.patch
(bsc#1012628 CVE-2023-53658 bsc#1251759).
- Update
patches.suse/staging-ks7010-potential-buffer-overflow-in-ks_.patch
(bsc#1012628 CVE-2023-53554 bsc#1251057).
- Update
patches.suse/tracing-histograms-Add-histograms-to-hist_vars-.patch
(bsc#1012628 CVE-2023-53560 bsc#1251045).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c-832e231.patch
(bsc#1012628 CVE-2023-53687 bsc#1251772).
- Update
patches.suse/tunnels-fix-kasan-splat-when-generating-ipv4-p.patch
(bsc#1012628 CVE-2023-53600 bsc#1251152).
- Update
patches.suse/vdpa-Add-features-attr-to-vdpa_nl_policy-for-n.patch
(bsc#1012628 CVE-2023-53652 bsc#1251754).
- Update
patches.suse/vdpa-Add-max-vqp-attr-to-vdpa_nl_policy-for-nl.patch
(bsc#1012628 CVE-2023-53543 bsc#1251083).
- Update
patches.suse/wifi-ath11k-fix-memory-leak-in-WMI-firmware-sta.patch
(bsc#1012628 CVE-2023-53602 bsc#1251076).
- Update
patches.suse/wifi-cfg80211-reject-auth-assoc-to-AP-with-our-addre.patch
(git-fixes CVE-2023-53540 bsc#1251053).
- Update
patches.suse/wifi-iwlwifi-mvm-fix-potential-array-out-of-bou.patch
(bsc#1012628 CVE-2023-53575 bsc#1251067).
- Update
patches.suse/wifi-mac80211-check-for-station-first-in-client-prob.patch
(git-fixes CVE-2023-53588 bsc#1251206).
- Update
patches.suse/wifi-mac80211-increase-scan_ies_len-for-S1G.patch
(stable-fixes CVE-2025-39957 bsc#1251810).
- Update
patches.suse/wifi-nl80211-fix-integer-overflow-in-nl80211_p.patch
(bsc#1012628 CVE-2023-53570 bsc#1251031).
- Update
patches.suse/wifi-rtw88-delete-timer-and-free-skb-queue-when-unlo.patch
(git-fixes CVE-2023-53574 bsc#1251222).
- Update
patches.suse/wifi-wilc1000-avoid-buffer-overflow-in-WID-string-co.patch
(stable-fixes CVE-2025-39952 bsc#1251216).
- commit 56ea93d
- iommu/vt-d: Disallow dirty tracking if incoherent page walk
(git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- commit 9da1184
- mm/page_alloc: fix race condition in unaccepted memory handling
(CVE-2025-38008 bsc#1244939).
- commit b445cb1
- mm/slub: avoid accessing metadata when pointer is invalid in
object_err() (CVE-2025-39902 bsc#1250702).
- commit 46c39b3
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
(git-fixes).
- commit b115f79
- tracing: Fix filter string testing (git-fixes).
- commit 864d37b
- selftests/tracing: Fix event filter test to retry up to 10 times
(git-fixes).
- commit a9de969
- tracing/selftests: Fix kprobe event name test for
.isra. functions (git-fixes).
- commit 6a094d4
- bpf: Check link_create.flags parameter for multi_kprobe
(git-fixes).
- commit 0e75825
- bpf: Check link_create.flags parameter for multi_uprobe
(git-fixes).
- commit 10550c7
- ftrace: fix incorrect hash size in register_ftrace_direct()
(git-fixes).
- commit 9288055
- bpf: Use preempt_count() directly in bpf_send_signal_common()
(git-fixes).
- commit 9258f2a
- tracing: Correct the refcount if the hist/hist_debug file
fails to open (git-fixes).
- commit 6e8ac35
- module: Prevent silent truncation of module name in
delete_module(2) (git-fixes).
- commit 44dc7b7
- tracing: Add down_write(trace_event_sem) when adding trace event
(bsc#1248211 CVE-2025-38539).
- commit b1816b0
- tracing: Limit access to parser->buffer when trace_get_user
failed (bsc#1249286 CVE-2025-39683).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- commit 8eaad3a
- ftrace: Also allocate and copy hash for reading of filter files
(bsc#1250032 CVE-2025-39813).
- commit 69f706b
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan
timer in probe (git-fixes).
- commit 4cb2ef2
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
(git-fixes).
- commit eb03975
- ftrace: Fix potential warning in trace_printk_seq during
ftrace_dump (bsc#1250032 CVE-2025-39813).
- commit 287d6f8
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- commit 753f6d8
- trace/fgraph: Fix the warning caused by missing unregister
notifier (bsc#1248211 CVE-2025-38539).
- commit 739d6c6
- i2c: ocores: use devm_ managed clks (git-fixes).
- commit bc09888
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- commit fbae6a0
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- commit 2464609
- net: mana: Use page pool fragments for RX buffers instead of
full pages to improve memory efficiency (bsc#1248754).
- cnic: Fix use-after-free bugs in cnic_delete_task
(CVE-2025-39945 bsc#1251230).
- commit 8a42c4d
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- commit 8628058
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue
(bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- KVM: PPC: Fix misleading interrupts comment in
kvmppc_prepare_to_enter() (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- commit c79aae4
- crypto: rng - Ensure set_ent is always present (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions
(stable-fixes).
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
(stable-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release
(git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm
(stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious
8042 quirks list (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: hi311x: fix null pointer dereference when resuming from
sleep before interface was enabled (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
(stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042
list (stable-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221
(stable-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- commit 6771085
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- commit 3f4b7b9
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
(git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
(git-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep
(git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
(git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer
size (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines
tear down (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place
encryption (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
(git-fixes).
- commit a90f502
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory
is allocated (CVE-2025-38700 bsc#1249182).
- scsi: bfa: Double-free fix (CVE-2025-38699 bsc#1249224).
- commit d981d82
- Update
patches.suse/scsi-lpfc-Fix-buffer-free-clear-order-in-deferred-re.patch
(bsc#1250519 CVE-2025-39841 bsc#1250274).
added CVE number and associated bsc
- commit 11a7724
- KVM: x86: Snapshot the host's DEBUGCTL in common x86
(git-fixes).
- commit 090e1cd
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the
STI shadow (git-fixes).
- Refresh
patches.suse/x86-bugs-Add-a-Transient-Scheduler-Attacks-mitigation.patch.
- commit ab98159
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- commit 3926356
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES
guest (git-fixes).
- commit 1163dde
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- commit 0fe255d
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to
kvm_get_cached_sw_exit_code() (git-fixes).
- commit 16f8d6e
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL
deadlock (git-fixes).
- commit 4ae0d43
- fs: writeback: fix use-after-free in __mark_inode_dirty()
(bsc#1250455 CVE-2025-39866).
- commit 5efc627
- kernfs: Fix UAF in polling when open file is released
(bsc#1250379 CVE-2025-39881).
- commit 278aed0
- fs: Prevent file descriptor table allocations exceeding INT_MAX
(bsc#1249512 CVE-2025-39756).
- commit eec00db
- ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options() (git-fixes).
- commit b98ec86
- ext4: fix checks for orphan inodes (bsc#1250119).
- commit 63ca2b0
- ext4: fix hole length calculation overflow in non-extent inodes
(git-fixes).
- commit 61cf4bb
- ext4: don't try to clear the orphan_present feature block
device is r/o (git-fixes).
- commit f4163bf
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- commit 97b5bdf
- ext4: fix fsmap end of range reporting with bigalloc
(git-fixes).
- commit 91e12c8
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- commit 42b6930
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- commit 4260078
- ext4: fix largest free orders lists corruption on
mb_optimize_scan switch (git-fixes).
- commit 17d92cc
- ext4: fix zombie groups in average fragment size lists
(git-fixes).
- commit 321e541
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- commit 83487b1
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- commit e58bd69
- netfilter: nft_objref: validate objref and objrefmap expressions
(bsc#1250237).
No CVE available yet, please see the bugzilla ticket referenced.
- commit 71d77ae
- ext4: fix calculation of credits for extent tree modification
(git-fixes).
- commit 9ee5795
- ext4: reorder capability check last (git-fixes).
- commit ed8a5ff
- jbd2: do not try to recover wiped journal (git-fixes).
- commit 71d37b6
- ext4: do not convert the unwritten extents if data writeback
fails (git-fixes).
- commit 9294482
- iomap: handle a post-direct I/O invalidate race in
iomap_write_delalloc_release (git-fixes).
- commit 1023af1
- iomap: Fix iomap_adjust_read_range for plen calculation
(git-fixes).
- commit dab9a8e
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- commit ab7fa65
- udf: Verify partition map count (git-fixes).
- commit acb53b7
- udf: Make sure i_lenExtents is uptodate on inode eviction
(git-fixes).
- commit 1f76b28
- isofs: Verify inode mode when loading from disk (git-fixes).
- commit 96bc3c7
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox
cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in
zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant
mbox_controller_unregister() call (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to
avoid info leak (git-fixes).
- commit c2e0f2f
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- commit cf556af
- KVM: x86: Don't inject PV async #PF if SEND_ALWAYS=0 and guest
state is protected (git-fixes).
- commit fa670d1
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args
(git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure
(git-fixes).
- staging: axis-fifo: fix maximum TX packet length check
(git-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to
clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m
(git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks
(git-fixes).
- commit ecaf254
- smb: client: fix crypto buffers in non-linear memory
(bsc#1250491, boo#1239206).
- commit b5fc334
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
kABI fixup for 474538b8dd1cd9c666e56cfe8ef60fbb0fb513f4
- commit 6d76064
- kABI workaround for struct atmdev_ops extension (CVE-2025-39828
bsc#1250205).
- commit ece3f96
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-not-checking-l2cap_chan-security.patch.
- commit 85c9004
- Refresh
patches.suse/Bluetooth-hci_core-Fix-calling-mgmt_device_connected.patch.
- commit 9720dbb
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
(git-fixes).
- commit c2be588
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
(git-fixes).
- commit 7b5a68a
- sunrpc: fix null pointer dereference on zero-length checksum
(git-fixes).
- commit c4c654a
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control()
(CVE-2025-39828 bsc#1250205).
- commit a2ac627
- e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898
bsc#1250742).
- vxlan: Fix NPD when refreshing an FDB entry with a nexthop
object (CVE-2025-39851 bsc#1250296).
- commit df2ae2c
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err
message (git-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling
the watchdog (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock
(git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in
pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys
allocation (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: keystone: Use devm_request_irq() to free
"ks-pcie-error-irq" on exit (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq()
(git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling
SR-IOV (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads
(git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is
requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation
(git-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568
(git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- commit 1710395
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- commit 122f705
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- commit 886bc20
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- commit 2283cd3
- wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952).
- commit fbc86d9
- scsi: qla2xxx: Fix incorrect sign of error code in
qla_nvme_xmt_ls_rsp() (git-fixes).
- scsi: qla2xxx: Fix incorrect sign of error code in
START_SP_W_RETRIES() (git-fixes).
- scsi: qla2xxx: edif: Fix incorrect sign of error code
(git-fixes).
- scsi: qla2xxx: Use secs_to_jiffies() instead of
msecs_to_jiffies() (git-fixes).
- scsi: qla2xxx: Remove firmware URL (git-fixes).
- scsi: qla2xxx: Avoid stack frame size warning in qla_dfs
(git-fixes).
- commit db6525b
- scsi: lpfc: Copyright updates for 14.4.0.11 patches
(bsc#1250519).
- scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519).
- scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point
to Point topology (bsc#1250519).
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context
during TGT_RESET (bsc#1250519).
- scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted
(bsc#1250519).
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl
in lpfc_cleanup (bsc#1250519).
- scsi: lpfc: Clean up allocated queues when queue setup mbox
commands fail (bsc#1250519).
- scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod
is in progress (bsc#1250519).
- scsi: lpfc: Remove unused member variables in struct lpfc_hba
and lpfc_vport (bsc#1250519).
- scsi: lpfc: Use int type to store negative error codes
(bsc#1250519).
- scsi: fc: Avoid -Wflex-array-member-not-at-end warnings
(bsc#1250519).
- scsi: lpfc: use min() to improve code (bsc#1250519).
- scsi: lpfc: Fix buffer free/clear order in deferred receive path
(bsc#1250519).
- scsi: lpfc: Remove redundant assignment to avoid memory leak
(bsc#1250519).
- scsi: lpfc: Fix wrong function reference in a comment
(bsc#1250519).
- commit 9af1a7a
- nvme-fc: use lock accessing port_state and rport state
(bsc#1245193 bsc#1247500).
- nvmet-fcloop: call done callback even when remote port is gone
(bsc#1245193 bsc#1247500).
- nvmet-fc: avoid scheduling association deletion twice
(bsc#1245193 bsc#1247500).
- nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193
bsc#1247500).
- commit 9a1d529
- NFSv4.1: fix backchannel max_resp_sz verification check
(git-fixes).
- commit 8db6e65
- orangefs: Remove unused type in macro fill_default_sys_attrs
(git-fixes).
- commit 98fbe5c
- ppp: fix memory leak in pad_compress_skb (CVE-2025-39847
bsc#1250292).
- ice: fix NULL access of tx->in_use in ice_ll_ts_intr
(CVE-2025-39854 bsc#1250297).
- vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop
objects (CVE-2025-39850 bsc#1250276).
- net/mlx5: Fix lockdep assertion on sync reset unload event
(CVE-2025-39832 bsc#1249901).
- net/mlx5: Reload auxiliary drivers on fw_activate
(CVE-2025-39832 bsc#1249901).
- bnxt_en: Fix memory corruption when FW resources change during
ifdown (CVE-2025-39810 bsc#1249975).
- gve: prevent ethtool ops after shutdown (CVE-2025-38735
bsc#1249288).
- net/mlx5: Add sync reset drop mode support (CVE-2025-39832
bsc#1249901).
- commit 703f4a7
- Update
patches.suse/0780-drm-mediatek-dp-Change-logging-to-dev-for-mtk_dp_aux.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53325
bsc#1250035).
- Update
patches.suse/ACPI-APEI-send-SIGBUS-to-current-task-if-synchronous.patch
(stable-fixes CVE-2025-39763 bsc#1249615).
- Update
patches.suse/ACPI-pfr_update-Fix-the-driver-update-version-check.patch
(git-fixes CVE-2025-39701 bsc#1249308).
- Update
patches.suse/ACPICA-Add-AML_NO_OPERAND_RESOLVE-flag-to-Timer.patch
(git-fixes CVE-2023-53395 bsc#1250358).
- Update
patches.suse/ALSA-hda-ca0132-Fix-buffer-overflow-in-add_tuning_co.patch
(stable-fixes CVE-2025-39751 bsc#1249538).
- Update
patches.suse/ALSA-hda-fix-a-possible-null-pointer-dereferen.patch
(bsc#1012628 CVE-2023-53275 bsc#1250459).
- Update
patches.suse/ALSA-usb-audio-Validate-UAC3-cluster-segment-descrip.patch
(git-fixes CVE-2025-39757 bsc#1249515).
- Update
patches.suse/ALSA-usb-audio-Validate-UAC3-power-domain-descriptor.patch
(git-fixes CVE-2025-38729 bsc#1249164).
- Update
patches.suse/ASoC-core-Check-for-rtd-NULL-in-snd_soc_remove_pcm_r.patch
(stable-fixes CVE-2025-38706 bsc#1249195).
- Update patches.suse/Bluetooth-Fix-hci_suspend_sync-crash.patch
(git-fixes CVE-2023-53520 bsc#1250957).
- Update
patches.suse/Bluetooth-Fix-potential-use-after-free-when-clear-ke.patch
(git-fixes CVE-2023-53386 bsc#1250106).
- Update
patches.suse/Bluetooth-Fix-use-after-free-in-l2cap_sock_cleanup_l.patch
(git-fixes CVE-2025-39860 bsc#1250247).
- Update patches.suse/Bluetooth-L2CAP-Fix-use-after-free.patch
(bsc#1012628 CVE-2023-53305 bsc#1250049).
- Update
patches.suse/Bluetooth-hci_conn-fail-SCO-ISO-via-hci_conn_failed-.patch
(git-fixes CVE-2023-53374 bsc#1250196).
- Update
patches.suse/Bluetooth-l2cap-Check-encryption-key-size-on-incomin.patch
(git-fixes CVE-2025-39889 bsc#1249833).
- Update
patches.suse/Bluetooth-use-RCU-for-hci_conn_params-and-itera.patch
(bsc#1012628 CVE-2023-53252 bsc#1249756).
- Update
patches.suse/Bluetooth-vhci-Prevent-use-after-free-by-removing-de.patch
(git-fixes CVE-2025-39861 bsc#1250249).
- Update
patches.suse/FS-JFS-Fix-null-ptr-deref-Read-in-txBegin.patch
(bsc#1012628 CVE-2023-53457 bsc#1250763).
- Update
patches.suse/HID-asus-fix-UAF-via-HID_CLAIMED_INPUT-validation.patch
(git-fixes CVE-2025-39824 bsc#1250007).
- Update
patches.suse/HID-hid-ntrig-fix-unable-to-handle-page-fault-in-ntr.patch
(stable-fixes CVE-2025-39808 bsc#1250088).
- Update
patches.suse/HID-multitouch-Correct-devm-device-reference-for-hid.patch
(git-fixes CVE-2023-53454 bsc#1250759).
- Update
patches.suse/HID-multitouch-fix-slab-out-of-bounds-access-in-mt_r.patch
(git-fixes CVE-2025-39806 bsc#1249888).
- Update
patches.suse/IB-hfi1-Fix-possible-panic-during-hotplug-remo.patch
(bsc#1012628 CVE-2023-53488 bsc#1250825).
- Update
patches.suse/KVM-arm64-Handle-kvm_arm_init-failure-correctly.patch
(bsc#1012628 CVE-2023-53319 bsc#1250067).
- Update
patches.suse/KVM-nSVM-Load-L1-s-TSC-multiplier-based-on-L1-state-.patch
(git-fixes CVE-2023-53208 bsc#1249698).
- Update
patches.suse/KVM-s390-diag-fix-racy-access-of-physical-cpu-n.patch
(bsc#1012628 CVE-2023-53205 bsc#1249677).
- Update
patches.suse/NFS-Fix-filehandle-bounds-checking-in-nfs_fh_to_dentry.patch
(git-fixes CVE-2025-39730 bsc#1249296).
- Update
patches.suse/NFS-Fix-the-setting-of-capabilities-when-automounting-a-new-filesystem.patch
(git-fixes CVE-2025-39798 bsc#1249774).
- Update
patches.suse/NFSv4.2-Rework-scratch-handling-for-READ_PLUS-again.patch
(git-fixes CVE-2023-53360 bsc#1249990).
- Update
patches.suse/PCI-ASPM-Disable-ASPM-on-MFD-function-removal-t.patch
(bsc#1012628 CVE-2023-53446 bsc#1250145).
- Update
patches.suse/PCI-endpoint-Fix-configfs-group-list-head-handling.patch
(git-fixes CVE-2025-39783 bsc#1249486).
- Update
patches.suse/PCI-hv-Fix-a-crash-in-hv_pci_restore_msi_msg-during-.patch
(git-fixes CVE-2023-53175 bsc#1249845).
- Update
patches.suse/PM-devfreq-Fix-leak-in-devfreq_dev_release.patch
(git-fixes CVE-2023-53518 bsc#1250923).
- Update
patches.suse/RDMA-bnxt_re-Properly-order-ib_device_unalloc-.patch
(bsc#1012628 CVE-2023-53504 bsc#1250813).
- Update
patches.suse/RDMA-bnxt_re-wraparound-mbox-producer-index.patch
(bsc#1012628 CVE-2023-53201 bsc#1249687).
- Update
patches.suse/RDMA-hfi1-fix-possible-divide-by-zero-in-find_hw_thr.patch
(git-fixes CVE-2025-39742 bsc#1249479).
- Update
patches.suse/RDMA-mlx5-Return-the-firmware-result-upon-dest.patch
(bsc#1012628 CVE-2023-53286 bsc#1250325).
- Update
patches.suse/RDMA-rxe-Fix-unsafe-drain-work-queue-code.patch
(git-fixes CVE-2023-53528 bsc#1250930).
- Update
patches.suse/RDMA-siw-Fix-the-sendmsg-byte-count-in-siw_tcp_sendp.patch
(git-fixes CVE-2025-39758 bsc#1249490).
- Update
patches.suse/accel-habanalabs-fix-mem-leak-in-capture-user-.patch
(bsc#1012628 CVE-2023-53367 bsc#1250243).
- Update patches.suse/accel-qaic-Fix-slicing-memory-leak.patch
(bsc#1012628 CVE-2023-53350 bsc#1250012).
- Update
patches.suse/accel-qaic-tighten-bounds-checking-in-decode_me.patch
(bsc#1012628 CVE-2023-53493 bsc#1250820).
- Update
patches.suse/af_unix-Fix-data-races-around-user-unix_inflight.patch
(git-fixes CVE-2023-53204 bsc#1249682).
- Update
patches.suse/arm64-sme-Set-new-vector-length-before-realloca.patch
(bsc#1012628 CVE-2023-53184 bsc#1249823).
- Update
patches.suse/ax25-properly-unshare-skbs-in-ax25_kiss_rcv.patch
(git-fixes CVE-2025-39848 bsc#1250298).
- Update
patches.suse/batman-adv-fix-OOB-read-write-in-network-coding-deco.patch
(git-fixes CVE-2025-39839 bsc#1250291).
- Update
patches.suse/blk-cgroup-Reinit-blkg_iostat_set-after-clearin.patch
(bsc#1012628 CVE-2023-53421 bsc#1250171).
- Update
patches.suse/blk-mq-fix-NULL-dereference-on-q-elevator-in-bl.patch
(bsc#1012628 CVE-2023-53292 bsc#1250163).
- Update
patches.suse/bpf-Fix-memleak-due-to-fentry-attach-failure.patch
(bsc#1012628 CVE-2023-53221 bsc#1249662).
- Update
patches.suse/bpf-cpumap-Fix-memory-leak-in-cpu_map_update_el.patch
(bsc#1012628 CVE-2023-53441 bsc#1250150).
- Update
patches.suse/btrfs-abort-transaction-on-unexpected-eb-generation-.patch
(git-fixes CVE-2025-39800 bsc#1250177).
- Update
patches.suse/btrfs-add-handling-for-RAID1C23-DUP-to-btrfs_re.patch
(bsc#1012628 CVE-2023-53243 bsc#1249640).
- Update
patches.suse/btrfs-don-t-check-PageError-in-__extent_writepa.patch
(bsc#1012628 CVE-2023-53429 bsc#1250384).
- Update
patches.suse/btrfs-exit-gracefully-if-reloc-roots-don-t-mat.patch
(bsc#1012628 CVE-2023-53183 bsc#1249863).
- Update
patches.suse/btrfs-fix-BUG_ON-condition-in-btrfs_cancel_bal.patch
(bsc#1012628 CVE-2023-53339 bsc#1250329).
- Update
patches.suse/btrfs-fix-use-after-free-of-new-block-group-th.patch
(bsc#1012628 CVE-2023-53187 bsc#1249815).
- Update
patches.suse/btrfs-qgroup-fix-race-between-quota-disable-and-quot.patch
(git-fixes CVE-2025-39759 bsc#1249522).
- Update
patches.suse/btrfs-set_page_extent_mapped-after-read_folio-i.patch
(bsc#1012628 CVE-2023-53247 bsc#1249870).
- Update
patches.suse/bus-fsl-mc-don-t-assume-child-devices-are-all-f.patch
(bsc#1012628 CVE-2023-53362 bsc#1249993).
- Update
patches.suse/bus-mhi-host-Detect-events-pointing-to-unexpected-TR.patch
(git-fixes CVE-2025-39790 bsc#1249548).
- Update
patches.suse/can-gs_usb-fix-time-stamp-counter-initializatio.patch
(bsc#1012628 CVE-2023-53523 bsc#1250926).
- Update
patches.suse/can-j1939-implement-NETDEV_UNREGISTER-notification-h.patch
(git-fixes CVE-2025-39925 bsc#1250736).
- Update
patches.suse/can-xilinx_can-xcan_write_frame-fix-use-after-free-o.patch
(git-fixes CVE-2025-39873 bsc#1250371).
- Update
patches.suse/cifs-prevent-use-after-free-by-freeing-the-cfil.patch
(bsc#1012628 CVE-2023-53377 bsc#1250161).
- Update
patches.suse/clk-imx-clk-imx8mn-fix-memory-leak-in-imx8mn_cl.patch
(bsc#1012628 CVE-2023-53249 bsc#1249642).
- Update
patches.suse/clk-imx-clk-imxrt1050-fix-memory-leak-in-imxrt1.patch
(bsc#1012628 CVE-2023-53264 bsc#1249795).
- Update patches.suse/clk-mediatek-fix-of_iomap-memory-leak.patch
(bsc#1012628 CVE-2023-53424 bsc#1250169).
- Update
patches.suse/clk-mediatek-mt8183-Add-back-SSPM-related-cloc.patch
(bsc#1012628 CVE-2023-53274 bsc#1249919).
- Update
patches.suse/clk-tegra-tegra124-emc-Fix-potential-memory-lea.patch
(bsc#1012628 CVE-2023-53505 bsc#1250807).
- Update
patches.suse/comedi-Fix-use-of-uninitialized-memory-in-do_insn_io.patch
(git-fixes CVE-2025-39684 bsc#1249281).
- Update
patches.suse/comedi-Make-insn_rw_emulate_bits-do-insn-n-samples.patch
(git-fixes CVE-2025-39686 bsc#1249312).
- Update
patches.suse/comedi-fix-race-between-polling-and-detaching.patch
(git-fixes CVE-2025-38687 bsc#1249177).
- Update
patches.suse/comedi-pcl726-Prevent-invalid-irq-number.patch
(git-fixes CVE-2025-39685 bsc#1249282).
- Update
patches.suse/crypto-qat-flush-misc-workqueue-during-device-shutdo.patch
(git-fixes CVE-2025-39721 bsc#1249323).
- Update
patches.suse/cxl-acpi-Fix-a-use-after-free-in-cxl_parse_cfmw.patch
(bsc#1012628 CVE-2023-53479 bsc#1250837).
- Update
patches.suse/cxl-downgrade-a-warning-message-to-debug-level-in-cxl.patch
(bsc#1229165 CVE-2023-53479 bsc#1250837).
- Update
patches.suse/dma-buf-dma-resv-Stop-leaking-on-krealloc-failu.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53181
bsc#1249824).
- Update
patches.suse/dmaengine-idxd-Fix-double-free-in-idxd_setup_wqs.patch
(git-fixes CVE-2025-39870 bsc#1250402).
- Update
patches.suse/dmaengine-idxd-Remove-improper-idxd_free.patch
(git-fixes CVE-2025-39871 bsc#1250377).
- Update
patches.suse/dmaengine-qcom-bam_dma-Fix-DT-error-handling-for-num.patch
(git-fixes CVE-2025-39923 bsc#1250741).
- Update
patches.suse/dmaengine-ti-edma-Fix-memory-allocation-size-for-que.patch
(git-fixes CVE-2025-39869 bsc#1250406).
- Update
patches.suse/drm-amd-display-Add-null-pointer-check-in-mod_hdcp_h.patch
(git-fixes CVE-2025-39675 bsc#1249263).
- Update
patches.suse/drm-amd-display-Avoid-a-NULL-pointer-dereference.patch
(stable-fixes CVE-2025-39693 bsc#1249279).
- Update
patches.suse/drm-amd-display-Fix-possible-underflow-for-disp.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53258
bsc#1249780).
- Update
patches.suse/drm-amdgpu-fix-calltrace-warning-in-amddrm_bud.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53152
bsc#1249883).
- Update
patches.suse/drm-amdgpu-fix-memory-leak-in-mes-self-test.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53370
bsc#1250208).
- Update
patches.suse/drm-amdgpu-install-stub-fence-into-potential-u.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53248
bsc#1249779).
- Update
patches.suse/drm-amdkfd-Destroy-KFD-debugfs-after-destroy-KFD-wq.patch
(stable-fixes CVE-2025-39706 bsc#1249413).
- Update
patches.suse/drm-client-Fix-memory-leak-in-drm_client_modese.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53288
bsc#1250058).
- Update
patches.suse/drm-hisilicon-hibmc-fix-the-hibmc-loaded-failed-bug.patch
(git-fixes CVE-2025-39772 bsc#1249506).
- Update
patches.suse/drm-mediatek-fix-potential-OF-node-use-after-free.patch
(git-fixes CVE-2025-39882 bsc#1250389).
- Update
patches.suse/drm-msm-dp-Free-resources-after-unregistering-t.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53316
bsc#1250066).
- Update
patches.suse/drm-msm-mdp5-Don-t-leak-some-plane-state.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53324
bsc#1250070).
- Update
patches.suse/drm-nouveau-disp-fix-use-after-free-in-error-h.patch
(bsc#1012628 bsc#1214073 CVE-2023-53263 bsc#1249861).
- Update
patches.suse/drm-nouveau-nvif-Fix-potential-memory-leak-in-nvif_v.patch
(git-fixes CVE-2025-39679 bsc#1249338).
- Update
patches.suse/drm-radeon-Fix-integer-overflow-in-radeon_cs_pa.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53309
bsc#1250055).
- Update patches.suse/drm-tests-helpers-Avoid-a-driver-uaf.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53235
bsc#1249785).
- Update
patches.suse/drm-ttm-check-null-pointer-before-accessing-wh.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53352
bsc#1250006).
- Update
patches.suse/drm-ttm-fix-bulk_move-corruption-when-adding-a-.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53444
bsc#1250157).
- Update patches.suse/erofs-Fix-detection-of-atomic-context.patch
(bsc#1012628 CVE-2023-53231 bsc#1249787).
- Update
patches.suse/exfat-add-cluster-chain-loop-check-for-dir.patch
(git-fixes CVE-2025-38692 bsc#1249221).
- Update
patches.suse/ext2-dax-Fix-ext2_setsize-when-len-is-page-alig.patch
(bsc#1012628 CVE-2023-53323 bsc#1250069).
- Update
patches.suse/f2fs-don-t-reset-unchangable-mount-option-in-f2.patch
(bsc#1012628 CVE-2023-53447 bsc#1250241).
- Update
patches.suse/fbdev-Fix-vmalloc-out-of-bounds-write-in-fast_imageb.patch
(stable-fixes CVE-2025-38685 bsc#1249220).
- Update
patches.suse/fbdev-ep93xx-fb-Do-not-assign-to-struct-fb_info.dev.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53314
bsc#1250065).
- Update
patches.suse/fbdev-fix-potential-buffer-overflow-in-do_register_f.patch
(stable-fixes CVE-2025-38702 bsc#1249254).
- Update
patches.suse/fbdev-imxfb-Removed-unneeded-release_mem_region.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53448
bsc#1250873).
- Update
patches.suse/firewire-net-fix-use-after-free-in-fwnet_finis.patch
(bsc#1012628 CVE-2023-53432 bsc#1250426).
- Update
patches.suse/firmware-stratix10-svc-Fix-a-potential-resource.patch
(bsc#1012628 CVE-2023-53255 bsc#1249762).
- Update
patches.suse/fs-jfs-Fix-UBSAN-array-index-out-of-bounds-in-d.patch
(bsc#1012628 CVE-2023-53485 bsc#1250872).
- Update
patches.suse/fs-ntfs3-Enhance-sanity-check-while-generating.patch
(bsc#1012628 CVE-2023-53328 bsc#1249952).
- Update
patches.suse/hfs-fix-slab-out-of-bounds-in-hfs_bnode_read.patch
(git-fixes CVE-2025-38715 bsc#1249196).
- Update
patches.suse/hfsplus-don-t-use-BUG_ON-in-hfsplus_create_attributes_file.patch
(git-fixes CVE-2025-38712 bsc#1249194).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-in-hfsplus_bnode_read.patch
(git-fixes CVE-2025-38714 bsc#1249260).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2asc.patch
(git-fixes CVE-2025-38713 bsc#1249200).
- Update
patches.suse/hsr-Fix-uninit-value-access-in-fill_frame_info.patch
(bsc#1220419 CVE-2023-53462 bsc#1250878).
- Update
patches.suse/hwmon-pmbus_core-Fix-NULL-pointer-dereference.patch
(bsc#1012628 CVE-2023-53206 bsc#1249679).
- Update
patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
(bsc#1012628 CVE-2023-53463 bsc#1250867).
- Update
patches.suse/ice-Block-switchdev-mode-when-ADQ-is-active-an.patch
(bsc#1012628 CVE-2023-53442 bsc#1250201).
- Update
patches.suse/icmp6-Fix-null-ptr-deref-of-ip6_null_entry-rt6i.patch
(bsc#1012628 CVE-2023-53343 bsc#1250022).
- Update
patches.suse/igb-Fix-igb_down-hung-on-surprise-removal.patch
(bsc#1012628 CVE-2023-53148 bsc#1249842).
- Update
patches.suse/iio-imu-bno055-fix-OOB-access-of-hw_xlate-array.patch
(git-fixes CVE-2025-39719 bsc#1249271).
- Update
patches.suse/io_uring-wait-interruptibly-for-request-complet.patch
(bsc#1012628 CVE-2023-53461 bsc#1250941).
- Update
patches.suse/iommu-amd-iommu_v2-Fix-pasid_state-refcount-dec-hit-.patch
(git-fixes CVE-2023-53501 bsc#1250815).
- Update
patches.suse/iommu-arm-smmu-qcom-Add-SM6115-MDSS-compatible.patch
(git-fixes CVE-2025-39739 bsc#1249542).
- Update
patches.suse/ip6mr-Fix-skb_under_panic-in-ip6mr_cache_repor.patch
(bsc#1012628 CVE-2023-53365 bsc#1249988).
- Update
patches.suse/ipv6-addrconf-fix-a-potential-refcount-underflo.patch
(bsc#1012628 CVE-2023-53189 bsc#1249894).
- Update
patches.suse/jbd2-check-jh-b_transaction-before-removing-it-from-.patch
(bsc#1214953 CVE-2023-53526 bsc#1250928).
- Update patches.suse/jfs-Regular-file-corruption-check.patch
(git-fixes CVE-2025-38698 bsc#1249255).
- Update
patches.suse/jfs-jfs_dmap-Validate-db_l2nbperpage-while-moun.patch
(bsc#1012628 CVE-2023-53222 bsc#1249864).
- Update
patches.suse/jfs-truncate-good-inode-pages-when-hard-link-is-0.patch
(git-fixes CVE-2025-39743 bsc#1249489).
- Update
patches.suse/jfs-upper-bound-check-of-tree-index-in-dbAllocAG.patch
(git-fixes CVE-2025-38697 bsc#1249257).
- Update
patches.suse/kobject-Add-sanity-check-for-kset-kobj.ktype-in-kset.patch
(git-fixes CVE-2023-53480 bsc#1250861).
- Update patches.suse/lwt-Fix-return-values-of-BPF-xmit-ops.patch
(jsc#PED-6811 CVE-2023-53338 bsc#1250074).
- Update
patches.suse/mISDN-hfcpci-Fix-warning-when-deleting-uninitialized.patch
(git-fixes CVE-2025-39833 bsc#1250028).
- Update
patches.suse/macvlan-add-forgotten-nla_policy-for-IFLA_MACVL.patch
(bsc#1012628 CVE-2023-53516 bsc#1250918).
- Update
patches.suse/md-raid10-check-slab-out-of-bounds-in-md_bitmap.patch
(bsc#1012628 CVE-2023-53357 bsc#1249994).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-of-mreplace-in-rai.patch
(bsc#1012628 CVE-2023-53380 bsc#1250198).
- Update
patches.suse/md-raid10-fix-wrong-setting-of-max_corr_read_er.patch
(bsc#1012628 CVE-2023-53313 bsc#1249911).
- Update
patches.suse/md-raid10-prevent-soft-lockup-while-flush-write.patch
(bsc#1012628 CVE-2023-53151 bsc#1249865).
- Update
patches.suse/md-raid5-cache-fix-null-ptr-deref-for-r5l_flush_stri-0d0b.patch
(jsc#PED-7542 CVE-2023-53210 bsc#1249673).
- Update
patches.suse/media-az6007-Fix-null-ptr-deref-in-az6007_i2c_xfer.patch
(git-fixes CVE-2023-53220 bsc#1250337).
- Update
patches.suse/media-dvb-frontends-dib7090p-fix-null-ptr-deref-in-d.patch
(stable-fixes CVE-2025-38694 bsc#1249272).
- Update
patches.suse/media-dvb-frontends-w7090p-fix-null-ptr-deref-in-w70.patch
(stable-fixes CVE-2025-38693 bsc#1249190).
- Update
patches.suse/media-hi846-fix-usage-of-pm_runtime_get_if_in_u.patch
(bsc#1012628 CVE-2023-53177 bsc#1249849).
- Update
patches.suse/media-ipu-bridge-Fix-null-pointer-deref-on-SSDB-PLD-.patch
(git-fixes CVE-2023-53336 bsc#1250073).
- Update
patches.suse/media-mdp3-Fix-resource-leaks-in-of_find_device_by_n.patch
(git-fixes CVE-2023-53385 bsc#1250319).
- Update
patches.suse/media-platform-mediatek-vpu-fix-NULL-ptr-deref.patch
(bsc#1012628 CVE-2023-53425 bsc#1250290).
- Update
patches.suse/media-rainshadow-cec-fix-TOCTOU-race-condition-in-ra.patch
(git-fixes CVE-2025-39713 bsc#1249321).
- Update
patches.suse/media-usbtv-Lock-resolution-while-streaming.patch
(git-fixes CVE-2025-39714 bsc#1249273).
- Update
patches.suse/media-uvcvideo-Fix-1-byte-out-of-bounds-read-in-uvc_.patch
(git-fixes CVE-2025-38680 bsc#1249203).
- Update
patches.suse/media-v4l2-mem2mem-add-lock-to-protect-paramet.patch
(bsc#1012628 CVE-2023-53519 bsc#1250964).
- Update
patches.suse/media-venus-Add-a-check-for-packet-size-after-readin.patch
(git-fixes CVE-2025-39710 bsc#1249304).
- Update
patches.suse/media-venus-protect-against-spurious-interrupts-duri.patch
(git-fixes CVE-2025-39709 bsc#1249278).
- Update
patches.suse/mlxsw-minimal-fix-potential-memory-leak-in-mlxs.patch
(bsc#1012628 CVE-2023-53195 bsc#1249761).
- Update
patches.suse/mm-kmem-fix-a-NULL-pointer-dereference-in-obj_.patch
(bsc#1012628 CVE-2023-53401 bsc#1250120).
- Update
patches.suse/mm-move-page-table-sync-declarations-to-linux-pgtabl.patch
(git-fixes CVE-2025-39844 bsc#1250268).
- Update
patches.suse/mm-ptdump-take-the-memory-hotplug-lock-inside-ptdump_walk_.patch
(git-fixes CVE-2025-38681 bsc#1249204).
- Update
patches.suse/modpost-fix-off-by-one-in-is_executable_section.patch
(bsc#1012628 CVE-2023-53397 bsc#1250125).
- Update patches.suse/mptcp-fix-disconnect-vs-accept-race.patch
(bsc#1012628 CVE-2023-53490 bsc#1250827).
- Update
patches.suse/msft-hv-3329-hv_netvsc-Fix-panic-during-namespace-deletion-with-V.patch
(bsc#1248111 CVE-2025-38683 bsc#1249159).
- Update
patches.suse/mtd-rawnand-stm32_fmc2-avoid-overlapping-mappings-on.patch
(git-fixes CVE-2025-39907 bsc#1250713).
- Update
patches.suse/net-dcb-choose-correct-policy-to-parse-DCB_ATT.patch
(bsc#1012628 CVE-2023-53369 bsc#1250206).
- Update
patches.suse/net-dsa-Removed-unneeded-of_node_put-in-felix_p.patch
(bsc#1012628 CVE-2023-53170 bsc#1249850).
- Update
patches.suse/net-ena-fix-shift-out-of-bounds-in-exponential-.patch
(bsc#1012628 CVE-2023-53272 bsc#1249917).
- Update
patches.suse/net-ethernet-mvpp2_main-fix-possible-OOB-write-in-mv.patch
(git-fixes CVE-2023-53495 bsc#1250907).
- Update
patches.suse/net-fix-net_dev_start_xmit-trace-event-vs-skb_t.patch
(bsc#1012628 CVE-2023-53312 bsc#1250063).
- Update
patches.suse/net-marvell-prestera-fix-handling-IPv4-routes-.patch
(bsc#1012628 CVE-2023-53342 bsc#1250029).
- Update
patches.suse/net-microchip-vcap-api-Fix-possible-memory-leak-for-.patch
(git-fixes CVE-2023-53303 bsc#1249896).
- Update
patches.suse/net-mlx5-Unregister-devlink-params-in-case-int.patch
(bsc#1012628 CVE-2023-53507 bsc#1250808).
- Update
patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_fs_tt_redire.patch
(bsc#1012628 CVE-2023-53371 bsc#1250112).
- Update
patches.suse/net-mlx5e-xsk-Fix-crash-on-regular-rq-reactiva.patch
(bsc#1012628 CVE-2023-53394 bsc#1250199).
- Update
patches.suse/net-rose-convert-use-field-to-refcount_t.patch
(git-fixes CVE-2025-39826 bsc#1250203).
- Update
patches.suse/net-rose-include-node-references-in-rose_neigh-refco.patch
(git-fixes CVE-2025-39827 bsc#1250204).
- Update
patches.suse/net-usb-asix_devices-Fix-PHY-address-mask-in-MDIO-bu.patch
(git-fixes CVE-2025-38736 bsc#1249318).
- Update
patches.suse/net-usb-asix_devices-add-phy_mask-for-ax88772-mdio-b.patch
(git-fixes CVE-2025-38725 bsc#1249170).
- Update
patches.suse/netfilter-conntrack-dccp-copy-entire-header-to-.patch
(CVE-2023-39197 bsc#1012628 bsc#1216976 CVE-2023-53333
bsc#1249949).
- Update
patches.suse/netfilter-ipset-add-the-missing-IP_SET_HASH_WITH_NET.patch
(CVE-2023-42753 bsc#1215150 CVE-2023-53179 bsc#1249825).
- Update
patches.suse/netfilter-nf_tables-do-not-ignore-genmask-when-.patch
(bsc#1012628 CVE-2023-31248 bsc#1213061 CVE-2023-53492
bsc#1250823).
- Update
patches.suse/netfilter-nft_set_rbtree-fix-overlap-expiration.patch
(bsc#1012628 CVE-2023-53304 bsc#1249923).
- Update
patches.suse/netlink-avoid-infinite-retry-looping-in-netlink_unic.patch
(CVE-2025-38465 bsc#1247118 CVE-2025-38727 bsc#1249166).
- Update
patches.suse/nfsd-handle-get_client_locked-failure-in-nfsd4_setclientid_confirm.patch
(git-fixes CVE-2025-38724 bsc#1249169).
- Update
patches.suse/nilfs2-fix-use-after-free-of-nilfs_root-in-dir.patch
(bsc#1012628 CVE-2023-53311 bsc#1250062).
- Update
patches.suse/ntfs-Fix-panic-about-slab-out-of-bounds-caused-.patch
(bsc#1012628 CVE-2023-53420 bsc#1250186).
- Update
patches.suse/nubus-Partially-revert-proc_create_single_data-.patch
(bsc#1012628 CVE-2023-53217 bsc#1249672).
- Update
patches.suse/null_blk-fix-poll-request-timeout-handling.patch
(bsc#1216436 CVE-2023-53531 bsc#1250931).
- Update
patches.suse/ovl-fix-null-pointer-dereference-in-ovl_permiss.patch
(bsc#1012628 CVE-2023-53260 bsc#1249768).
- Update
patches.suse/pNFS-Fix-uninited-ptr-deref-in-block-scsi-layout.patch
(git-fixes CVE-2025-38691 bsc#1249215).
- Update
patches.suse/pcmcia-Add-error-handling-for-add_interval-in-do_val.patch
(git-fixes CVE-2025-39920 bsc#1250732).
- Update
patches.suse/pcmcia-Fix-a-NULL-pointer-dereference-in-__iodyn_fin.patch
(git-fixes CVE-2025-39846 bsc#1250263).
- Update
patches.suse/phy-hisilicon-Fix-an-out-of-bounds-check-in-his.patch
(bsc#1012628 CVE-2023-53238 bsc#1249707).
- Update
patches.suse/powercap-arm_scmi-Remove-recursion-while-parsing-zon.patch
(git-fixes CVE-2023-53428 bsc#1250167).
- Update
patches.suse/powerpc-rtas_flash-allow-user-copy-to-flash-bl.patch
(bsc#1012628 bsc#1194869 CVE-2023-53487 bsc#1250830).
- Update
patches.suse/pstore-ram-Check-start-of-empty-przs-during-init.patch
(git-fixes CVE-2023-53331 bsc#1249950).
- Update
patches.suse/pwm-lpc32xx-Remove-handling-of-PWM-channels.patch
(git-fixes CVE-2023-53472 bsc#1250841).
- Update
patches.suse/rcu-rcuscale-Stop-kfree_scale_thread-thread-s-a.patch
(bsc#1012628 CVE-2023-53291 bsc#1249926).
- Update
patches.suse/regulator-da9063-better-fix-null-deref-with-pa.patch
(bsc#1012628 CVE-2023-53364 bsc#1249984).
- Update
patches.suse/s390-ism-fix-concurrency-management-in-ism_cmd.patch
(git-fixes bsc#1248735 CVE-2025-39726 bsc#1249266).
- Update patches.suse/s390-sclp-Fix-SCCB-present-check.patch
(git-fixes bsc#1249123 CVE-2025-39694 bsc#1249299).
- Update
patches.suse/sched-fair-Don-t-balance-task-to-its-current-ru.patch
(bsc#1012628 CVE-2023-53215 bsc#1250397).
- Update
patches.suse/scsi-core-Fix-possible-memory-leak-if-device_a.patch
(bsc#1012628 CVE-2023-53174 bsc#1250024).
- Update
patches.suse/scsi-lpfc-Check-for-hdwq-null-ptr-when-cleaning-up-l.patch
(bsc#1245260 bsc#1243100 bsc#1246125 CVE-2025-38695
bsc#1249285).
- Update
patches.suse/scsi-qla2xxx-Fix-potential-NULL-pointer-derefer.patch
(bsc#1012628 CVE-2023-53451 bsc#1250831).
- Update
patches.suse/scsi-qla2xxx-Pointer-may-be-dereferenced.patch
(bsc#1012628 CVE-2023-53150 bsc#1249853).
- Update
patches.suse/scsi-qla2xxx-Remove-unused-nvme_ls_waitq-wait-q.patch
(bsc#1012628 CVE-2023-53280 bsc#1249938).
- Update
patches.suse/scsi-qla2xxx-Use-raw_smp_processor_id-instead-of-smp.patch
(bsc#1214928 jsc#PED-5063 CVE-2023-53530 bsc#1250949).
- Update
patches.suse/scsi-qla2xxx-Wait-for-io-return-on-terminate-rp.patch
(bsc#1012628 CVE-2023-53322 bsc#1250323).
- Update
patches.suse/scsi-qla4xxx-Add-length-check-when-parsing-nlattrs.patch
(git-fixes CVE-2023-53456 bsc#1250765).
- Update
patches.suse/scsi-snic-Fix-possible-memory-leak-if-device_a.patch
(bsc#1012628 CVE-2023-53436 bsc#1250156).
- Update
patches.suse/scsi-storvsc-Fix-handling-of-virtual-Fibre-Cha.patch
(bsc#1012628 CVE-2023-53245 bsc#1249641).
- Update patches.suse/scsi-ufs-core-Fix-handling-of-lrbp-cmd.patch
(bsc#1012628 CVE-2023-53510 bsc#1250812).
- Update patches.suse/serial-8250-fix-panic-due-to-PSLVERR.patch
(git-fixes CVE-2025-39724 bsc#1249265).
- Update
patches.suse/shmem-use-ramfs_kill_sb-for-kill_sb-method-of-r.patch
(bsc#1012628 CVE-2023-53391 bsc#1250117).
- Update
patches.suse/skbuff-skb_segment-Call-zero-copy-functions-before-u.patch
(bsc#1220419 CVE-2023-53354 bsc#1250004).
- Update
patches.suse/smb-client-fix-warning-in-cifs_smb3_do_mount.patch
(bsc#1012628 CVE-2023-53230 bsc#1249866).
- Update
patches.suse/soundwire-qcom-fix-storing-port-config-out-of-b.patch
(bsc#1012628 CVE-2023-53465 bsc#1250863).
- Update
patches.suse/start_kernel-Add-__no_stack_protector-function-.patch
(bsc#1012628 CVE-2023-53491 bsc#1250942).
- Update
patches.suse/thunderbolt-Fix-memory-leak-in-tb_handle_dp_ba.patch
(bsc#1012628 CVE-2023-53527 bsc#1250929).
- Update
patches.suse/tls-separate-no-async-decryption-request-handling-fr.patch
(CVE-2024-26584 bsc#1220186 CVE-2024-58240 bsc#1248847).
- Update
patches.suse/tracing-Fix-null-pointer-dereference-in-tracing.patch
(bsc#1012628 CVE-2023-53167 bsc#1249712).
- Update
patches.suse/tracing-Fix-race-issue-between-cpu-buffer-write-and-swap.patch
(git-fixes CVE-2023-53368 bsc#1249979).
- Update
patches.suse/ublk-fail-to-recover-device-if-queue-setup-is-i.patch
(bsc#1012628 CVE-2023-53207 bsc#1249678).
- Update
patches.suse/ublk-fail-to-start-device-if-queue-setup-is-int.patch
(bsc#1012628 CVE-2023-53508 bsc#1250809).
- Update
patches.suse/udf-Fix-uninitialized-array-access-for-some-pat.patch
(bsc#1012628 CVE-2023-53165 bsc#1250395).
- Update
patches.suse/usb-cdns3-Put-the-cdns-set-active-part-outside-the-s.patch
(git-fixes CVE-2023-53287 bsc#1250089).
- Update
patches.suse/usb-core-config-Prevent-OOB-read-in-SS-endpoint-comp.patch
(stable-fixes CVE-2025-39760 bsc#1249598).
- Update
patches.suse/usb-dwc3-Remove-WARN_ON-for-device-endpoint-command-.patch
(stable-fixes CVE-2025-39801 bsc#1250450).
- Update
patches.suse/usb-dwc3-qcom-Fix-potential-memory-leak.patch
(bsc#1012628 CVE-2023-53196 bsc#1249758).
- Update
patches.suse/usb-gadget-u_serial-Add-null-pointer-check-in-g.patch
(bsc#1012628 CVE-2023-53356 bsc#1249997).
- Update
patches.suse/usb-phy-phy-tahvo-fix-memory-leak-in-tahvo_usb_.patch
(bsc#1012628 CVE-2023-53379 bsc#1250128).
- Update
patches.suse/virtio-mmio-don-t-break-lifecycle-of-vm_dev.patch
(bsc#1012628 CVE-2023-53515 bsc#1250917).
- Update patches.suse/vxlan-Fix-nexthop-hash-size.patch
(bsc#1012628 CVE-2023-53192 bsc#1249897).
- Update
patches.suse/wifi-ath11k-fix-sleeping-in-atomic-in-ath11k_mac_op_.patch
(git-fixes CVE-2025-39732 bsc#1249292).
- Update
patches.suse/wifi-ath12k-Avoid-NULL-pointer-access-during-ma.patch
(bsc#1012628 CVE-2023-53180 bsc#1249826).
- Update
patches.suse/wifi-ath12k-Correct-tid-cleanup-when-tid-setup-fails.patch
(stable-fixes CVE-2025-39750 bsc#1249523).
- Update
patches.suse/wifi-ath12k-Decrement-TID-on-RX-peer-frag-setup-erro.patch
(stable-fixes CVE-2025-39761 bsc#1249554).
- Update
patches.suse/wifi-ath9k-don-t-allow-to-overwrite-ENDPOINT0-a.patch
(bsc#1012628 CVE-2023-53185 bsc#1249820).
- Update
patches.suse/wifi-brcmfmac-fix-use-after-free-when-rescheduling-b.patch
(git-fixes CVE-2025-39863 bsc#1250281).
- Update
patches.suse/wifi-cfg80211-fix-use-after-free-in-cmp_bss.patch
(git-fixes CVE-2025-39864 bsc#1250242).
- Update
patches.suse/wifi-cfg80211-sme-cap-SSID-length-in-__cfg80211_conn.patch
(git-fixes CVE-2025-39849 bsc#1250266).
- Update
patches.suse/wifi-iwlwifi-pcie-fix-NULL-pointer-dereference-.patch
(bsc#1012628 CVE-2023-53251 bsc#1249730).
- Update
patches.suse/wifi-mac80211-check-S1G-action-frame-size.patch
(git-fixes CVE-2023-53257 bsc#1249869).
- Update
patches.suse/wifi-mac80211_hwsim-Fix-possible-NULL-dereferen.patch
(bsc#1012628 CVE-2023-53209 bsc#1249856).
- Update patches.suse/wifi-mac80211_hwsim-drop-short-frames.patch
(git-fixes CVE-2023-53321 bsc#1250313).
- Update
patches.suse/wifi-mwifiex-Fix-OOB-and-integer-underflow-when-rx-p.patch
(git-fixes CVE-2023-53226 bsc#1249658).
- Update
patches.suse/wifi-mwifiex-Initialize-the-chan_stats-array-to-zero.patch
(git-fixes CVE-2025-39891 bsc#1250712).
- Update
patches.suse/wifi-mwifiex-avoid-possible-NULL-skb-pointer-derefer.patch
(git-fixes CVE-2023-53384 bsc#1250127).
- Update
patches.suse/x86-MCE-Always-save-CS-register-on-AMD-Zen-IF-Poison-error.patch
(git-fixes CVE-2023-53438 bsc#1250180).
- Update
patches.suse/x86-mm-64-define-ARCH_PAGE_TABLE_SYNC_MASK-and-arch_.patch
(git-fixes CVE-2025-39845 bsc#1250262).
- Update
patches.suse/x86-platform-uv-Use-alternate-source-for-socket-to-n.patch
(bsc#1215696 CVE-2023-53496 bsc#1250905).
- Update
patches.suse/xfrm-add-NULL-check-in-xfrm_update_ae_params.patch
(bsc#1012628 bsc#1213666 CVE-2023-3772 CVE-2023-53147
bsc#1249880).
- Update
patches.suse/xfrm-fix-slab-use-after-free-in-decode_session.patch
(bsc#1012628 CVE-2023-53500 bsc#1250816).
- Update
patches.suse/xsk-Fix-xsk_diag-use-after-free-error-during-socket-.patch
(bsc#1220419 CVE-2023-53426 bsc#1250166).
- commit ee10a6d
- i40e: Fix potential invalid access when MAC list is empty (CVE-2025-39853 bsc#1250275)
- commit 4246fc5
- RDMA/siw: Always report immediate post SQ errors (git-fixes)
- commit c1b6a15
- RDMA/rxe: Fix race in do_task() when draining (git-fixes)
- commit 650fcb3
- IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes)
- commit ced2c38
- RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes)
- commit 9a8b6d9
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- commit 99220cf
- RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes)
- commit aced925
- RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes)
- commit 665905d
- bus: mhi: host: Do not use uninitialized 'dev' pointer in
mhi_init_irq_setup() (git-fixes).
- iio: imu: inv_icm42600: Drop redundant pm_runtime
reinitialization in resume (git-fixes).
- iio: consumers: Fix offset handling in
iio_convert_raw_to_processed() (git-fixes).
- iio: dac: ad5421: use int type to store negative error codes
(git-fixes).
- iio: dac: ad5360: use int type to store negative error codes
(git-fixes).
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE
(git-fixes).
- iio: frequency: adf4350: Fix prescaler usage (git-fixes).
- iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes).
- iio: xilinx-ams: Unmask interrupts after updating alarms
(git-fixes).
- misc: genwqe: Fix incorrect cmd field being reported in error
(git-fixes).
- uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes).
- thunderbolt: Compare HMAC values in constant time (git-fixes).
- usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure
calls (git-fixes).
- usb: host: max3421-hcd: Fix error pointer dereference in probe
cleanup (git-fixes).
- tty: n_gsm: Don't block input queue by waiting MSC (git-fixes).
- serial: max310x: Add error checking in probe() (git-fixes).
- mtd: rawnand: omap2: fix device leak on probe failure
(git-fixes).
- HID: intel-ish-ipc: Remove redundant ready check after timeout
function (git-fixes).
- hwrng: ks-sa - fix division by zero in ks_sa_rng_init
(git-fixes).
- crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs
(git-fixes).
- crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes).
- crypto: atmel - Fix dma_unmap_sg() direction (git-fixes).
- crypto: hisilicon/qm - check whether the input function and
PF are on the same device (git-fixes).
- hwrng: nomadik - add ARM_AMBA dependency (git-fixes).
- crypto: keembay - Add missing check after sg_nents_for_len()
(git-fixes).
- commit 6795b42
- rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
CONFIG_SCHED_PROXY_EXEC is set only when the debug is off, exclusive
to CONFIG_SCHED_CLASS_EXT.
- commit ac06fa9
- drivers/base/node: fix double free in register_one_node()
(git-fixes).
- commit 205d070
- net: nfc: nci: Add parameter validation for packet data
(git-fixes).
- net: usb: Remove disruptive netif_wake_queue in
rtl8150_set_multicast (git-fixes).
- wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize
again (git-fixes).
- wifi: ath10k: avoid unnecessary wait for service ready message
(git-fixes).
- wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load()
(git-fixes).
- wifi: rtw89: avoid circular locking dependency in
ser_state_run() (git-fixes).
- wifi: mac80211: fix Rx packet handling when pubsta information
is not available (git-fixes).
- wifi: mt76: fix potential memory leak in mt76_wmac_probe()
(git-fixes).
- wifi: mwifiex: send world regulatory domain to driver
(git-fixes).
- media: b2c2: Fix use-after-free causing by irq_check_work in
flexcop_pci_remove (git-fixes).
- media: uvcvideo: Mark invalid entities with id
UVC_INVALID_ENTITY_ID (git-fixes).
- media: i2c: mt9v111: fix incorrect type for ret (git-fixes).
- media: pci: ivtv: Add missing check after DMA map (git-fixes).
- media: cx18: Add missing check after DMA map (git-fixes).
- media: st-delta: avoid excessive stack usage (git-fixes).
- media: v4l2-subdev: Fix alloc failure check in
v4l2_subdev_call_state_try() (git-fixes).
- wifi: virt_wifi: Fix page fault on connect (stable-fixes).
- mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes).
- usb: core: Add 0x prefix to quirks debug output (stable-fixes).
- commit dbb8904
- maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs
(git-fixes).
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes).
- media: lirc: Fix error handling in lirc_register() (git-fixes).
- media: zoran: Remove zoran_fh structure (git-fixes).
- drm/amdgpu: remove the redeclaration of variable i (git-fixes).
- drm/msm/dpu: fix incorrect type for ret (git-fixes).
- drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl()
(git-fixes).
- drm/amd/pm: Disable SCLK switching on Oland with high pixel
clocks (v3) (git-fixes).
- drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2)
(git-fixes).
- drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3)
(git-fixes).
- drm/amd/pm: Adjust si_upload_smc_data register programming (v3)
(git-fixes).
- drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes).
- drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes).
- drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes).
- drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes).
- drm/amd/display: Remove redundant semicolons (git-fixes).
- firewire: core: fix overlooked update of subsystem ABI version
(git-fixes).
- commit 2161328
- docs: admin-guide: update to current minimum pipe size default
(git-fixes).
- drivers/base/node: handle error properly in register_one_node()
(git-fixes).
- Bluetooth: ISO: don't leak skb in ISO_CONT RX (git-fixes).
- Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes).
- Bluetooth: MGMT: Fix not exposing debug UUID on
MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes).
- drm/radeon/r600_cs: clean up of dead code in r600_cs
(git-fixes).
- drm/bridge: it6505: select REGMAP_I2C (git-fixes).
- drm/panel: novatek-nt35560: Fix invalid return value
(git-fixes).
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI
(stable-fixes).
- drm/i915/backlight: Return immediately when scale() finds
invalid parameters (stable-fixes).
- commit 07504f9
- ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data()
(git-fixes).
- ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free
(git-fixes).
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
(git-fixes).
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
(git-fixes).
- ASoC: qcom: audioreach: fix potential null pointer dereference
(git-fixes).
- ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes).
- ALSA: lx_core: use int type to store negative error codes
(git-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on more
devices (stable-fixes).
- ALSA: usb-audio: move mixer_quirks' min_mute into common quirk
(stable-fixes).
- commit 86dd099
- ALSA: usb-audio: Add DSD support for Comtrue USB Audio device
(stable-fixes).
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes).
- ALSA: usb-audio: Convert comma to semicolon (git-fixes).
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
(stable-fixes).
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
(stable-fixes).
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
(stable-fixes).
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
(stable-fixes).
- ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks
(stable-fixes).
- ALSA: usb-audio: Fix block comments in mixer_quirks
(stable-fixes).
- commit 929e260
- Squashfs: reject negative file sizes in squashfs_read_inode()
(git-fixes).
- commit 2f68e78
- Squashfs: add additional inode sanity checking (git-fixes).
- commit fe46811
- Squashfs: fix uninit-value in squashfs_get_parent (git-fixes).
- commit 126861e
- kbuild/modpost: Continue processing all unresolved symbols
when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655).
- commit ec0a51c
- Fix BPF selftests compilation error in bpf_iter.c (git-fixes)
Since SUSE commit 7cae2487c586, BPF selftests fails to compile.
.../tools/testing/selftests/bpf/prog_tests/bpf_iter.c: In function 'test_task_common_nocheck':
.../tools/testing/selftests/bpf/prog_tests/bpf_iter.c:231:26: error: implicit declaration of function 'gettid'; did you mean 'getgid'? [-Werror=implicit-function-declaration]
231 | skel->bss->tid = gettid();
| ^~~~~~
| getgid
Fix the BPF selftests compilation failure by:
- bpf: handle implicit declaration of function gettid in
bpf_iter.c
- Refresh
patches.suse/selftests-bpf-Clean-up-open-coded-gettid-syscall-inv.patch.
- commit 43aa317
- Drivers: hv: Select CONFIG_SYSFB only if EFI is enabled (git-fixes).
- KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782 CVE-2025-38351).
- Drivers: hv: Always select CONFIG_SYSFB for Hyper-V guests (git-fixes).
- KVM: x86: model canonical checks more precisely (bsc#1246782 CVE-2025-38351).
- KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical (bsc#1246782 CVE-2025-38351).
- KVM: x86: Route non-canonical checks in emulator through emulate_ops (bsc#1246782 CVE-2025-38351).
- KVM: x86: drop x86.h include from cpuid.h (bsc#1246782 CVE-2025-38351).
- KVM: x86: Bury guest_cpuid_is_amd_or_hygon() in cpuid.c (bsc#1246782 CVE-2025-38351).
- KVM: SVM: Emulate SYSENTER RIP/RSP behavior for all Intel compat (bsc#1246782 CVE-2025-38351).
- KVM: x86: Inhibit code #DBs in MOV-SS shadow for all Intel compat (bsc#1246782 CVE-2025-38351).
- KVM: x86: Apply Intel's TSC_AUX reserved-bit behavior to Intel compat (bsc#1246782 CVE-2025-38351).
- KVM: x86/pmu: Squash period for checkpointed events based on host (bsc#1246782 CVE-2025-38351).
- commit 6e28165
- Update
patches.suse/HID-asus-fix-UAF-via-HID_CLAIMED_INPUT-validation.patch
(CVE-2025-39824 bsc#1250007).
Added CVE reference
- commit 579a063
- smb: client: fix race with concurrent opens in rename(2)
(bsc#1250179, CVE-2025-39825).
- commit 4df7381
- bus: fsl-mc: Check return value of platform_get_resource()
(git-fixes).
- memory: samsung: exynos-srom: Fix of_iomap leak in
exynos_srom_probe (git-fixes).
- firmware: meson_sm: fix device leak at probe (git-fixes).
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
(git-fixes).
- thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes).
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT
(git-fixes).
- ACPI: property: Fix buffer properties extraction for subnodes
(git-fixes).
- ACPI: processor: idle: Fix memory leak when register cpuidle
device failed (git-fixes).
- ACPICA: Fix largest possible resource descriptor index
(git-fixes).
- ACPI: debug: fix signedness issues in read/write helpers
(git-fixes).
- PM: sleep: core: Clear power.must_resume in noirq suspend
error path (git-fixes).
- PM / devfreq: mtk-cci: Fix potential error pointer dereference
in probe() (git-fixes).
- i3c: master: svc: Recycle unused IBI slot (git-fixes).
- i3c: Fix default I2C adapter timeout value (git-fixes).
- i2c: designware: Add disabling clocks when probe fails
(git-fixes).
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD
(git-fixes).
- pinctrl: renesas: Use int type to store negative error codes
(git-fixes).
- pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes).
- pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes).
- pinctrl: equilibrium: Remove redundant semicolons (git-fixes).
- power: supply: max77976_charger: fix constant current reporting
(git-fixes).
- power: supply: cw2015: Fix a alignment coding style issue
(git-fixes).
- mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before DAC
access (git-fixes).
- spi: cadence-quadspi: Flush posted register writes before
INDAC access (git-fixes).
- spi: mtk-snfi: Remove redundant semicolons (git-fixes).
- spi: bcm2835: Remove redundant semicolons (git-fixes).
- regulator: scmi: Use int type to store negative error codes
(git-fixes).
- regmap: Remove superfluous check for !config in __regmap_init()
(git-fixes).
- mfd: vexpress-sysreg: Check the return value of
devm_gpiochip_add_data() (git-fixes).
- pwm: tiehrpwm: Fix corner case in clock divisor calculation
(git-fixes).
- pwm: tiehrpwm: Make code comment in .free() more useful
(git-fixes).
- pwm: berlin: Fix wrong register in suspend/resume (git-fixes).
- hwmon: (mlxreg-fan) Separate methods of fan setting coming
from different subsystems (git-fixes).
- commit e80711d
- Drop patches.suse/drm-amd-display-Disable-PSR-SU-on-eDP-panels.patch (bsc#1243112)
The patch caused a regression wrt s2idle on AMD laptops
- commit 5a5bec2
- net/smc: fix UAF on smcsk after smc_listen_out() (CVE-2025-38734
bsc#1249324).
- commit b4812d3
- Update
patches.suse/dmaengine-ti-edma-Fix-memory-allocation-size-for-que.patch
(CVE-2025-39869 bsc#1250406).
Added CVE reference
- commit 056198e
- writeback: Avoid contention on wb->list_lock when switching
inodes (kABI fixup) (bsc#1237776).
- commit 883c841
- netfilter: ctnetlink: remove refcounting in expectation dumpers
(CVE-2025-39764 bsc#1249513).
- commit 09ba55b
- net/sched: Make cake_enqueue return NET_XMIT_CN when past
buffer_limit (CVE-2025-39766 bsc#1249510).
- commit c0189b7
- net/sched: Fix backlog accounting in qdisc_dequeue_internal
(CVE-2025-39677 bsc#1249300).
- commit 3cfca22
- tls: handle data disappearing from under the TLS ULP
(CVE-2025-38616 bsc#1248512).
- tls: fix lockless read of strp->msg_ready in ->poll
(CVE-2025-38616 bsc#1248512).
- commit 8c223c9
- cifs: prevent NULL pointer dereference in UTF16 conversion
(bsc#1250365, CVE-2025-39838).
- commit 9718aa1
- scsi: core: ufs: Fix a hang in the error handler (CVE-2025-38119
bsc#1245700).
- commit 43675ce
- writeback: Avoid excessively long inode switching times
(bsc#1237776).
- commit 77817f2
- writeback: Avoid softlockup when switching many inodes
(bsc#1237776).
- commit 9ecba0d
- writeback: Avoid contention on wb->list_lock when switching
inodes (bsc#1237776).
- commit a591614
- usb: hub: Fix flushing of delayed work used for post resume
purposes (git-fixes).
- commit 4e89947
- usb: xhci: Avoid queuing redundant Stop Endpoint commands
(git-fixes).
- commit 4f545a3
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
- commit e78c1d4
- usb: hub: Fix flushing and scheduling of delayed work that
tunes runtime pm (git-fixes).
- commit ae10133
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- Refresh
patches.suse/usb-xhci-Don-t-change-the-status-of-stalled-TDs-on-f.patch.
- commit beea3a0
- usb: hub: fix detection of high tier USB3 devices behind
suspended hubs (git-fixes).
- commit 06b2dc7
- bpftool: Fix JSON writer resource leak in version command
(git-fixes).
- commit d19e155
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory
controller (git-fixes).
- commit 45a7726
- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 36ede09
- sched/core: Prevent rescheduling when interrupts are disabled (CVE-2024-58090 bsc#1240324)
- commit 5da028c
- xfs: do not propagate ENODATA disk errors into xattr code
(bsc#1250025 CVE-2025-39835).
- commit 78d977d
- ocfs2: fix recursive semaphore deadlock in fiemap call
(bsc#1250407 CVE-2025-39885).
- ocfs2: prevent release journal inode after journal shutdown
(bsc#1250267 CVE-2025-39842).
- commit 3a5de55
- mm/smaps: fix race between smaps_hugetlb_range and migration
(CVE-2025-39754 bsc#1249524).
- commit 313ab7a
- seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer
replies too fast (git-fixes).
- commit fb88d9d
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally
(bsc#1230062).
- commit 3702f36
- afs: Fix potential null pointer dereference in afs_put_server
(git-fixes).
- commit 3a230bf
- net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (CVE-2025-39857 bsc#1250251)
- commit 7481e31
- selftests/cpufreq: Fix cpufreq basic read and update testcases
(bsc#1250344).
- commit 83a7790
- drm/ast: Use msleep instead of mdelay for edid read
(bsc#1250530).
- commit 2fd5794
- net/sched: ets: use old 'nbands' while purging unused classes
(CVE-2025-38684 bsc#1249156).
- commit e0501b7
- KVM: x86: use array_index_nospec with indices that come from
guest (CVE-2025-39823 bsc#1250002).
- commit ecf3611
- tee: fix NULL pointer dereference in tee_shm_put (CVE-2025-39865
bsc#1250294).
- commit 3708eb2
- cpufreq: Initialize cpufreq-based invariance before subsys
(git-fixes).
- commit 9618c74
- cpufreq: tegra186: Share policy per cluster (stable-fixes).
- commit dac2616
- x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init
helper (CVE-2025-39681 bsc#1249303).
- commit 5bc51ab
- coresight: Fix memory leak in acpi_buffer->pointer
(CVE-2023-53261 bsc#1249770).
- commit 7cf7512
- soc: qcom: mdt_loader: Deal with zero e_shentsize
(CVE-2025-39787 bsc#1249545).
- soc: qcom: mdt_loader: Fix error return values in
mdt_header_valid() (CVE-2025-39787 bsc#1249545).
- commit 3946900
- i2c: riic: Allow setting frequencies lower than 50KHz
(git-fixes).
- soc: qcom: mdt_loader: Ensure we don't read past the ELF header
(CVE-2025-39787 bsc#1249545).
- commit bb8f700
- sched/isolation: Fix boot crash when maxcpus < first (git-fixes)
- commit f52d7e3
- sched/numa, mm: do not try to migrate memory to memoryless (git-fixes)
- commit d547451
- sched/fair: Remove unused parameter from sched_asym() (git-fixes)
- commit 6507dc9
- sched/fair: Take the scheduling domain into account in (git-fixes)
- commit 3d3501e
- sched/deadline: Collect sched_dl_entity initialization (git-fixes)
- commit 73df41d
- Bluetooth: MGMT: Fix possible UAFs (git-fixes).
- Refresh patches.kabi/hci_dev-centralize-extra-lock.patch.
- commit 358e9ae
- fbcon: Fix OOB access in font allocation (git-fixes).
- commit e730b01
- fbcon: fix integer overflow in fbcon_do_set_font (git-fixes).
- drm/gma500: Fix null dereference in hdmi teardown (git-fixes).
- can: peak_usb: fix shift-out-of-bounds issue (git-fixes).
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer
overflow (git-fixes).
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer
overflow (git-fixes).
- can: hi311x: populate ndo_change_mtu() to prevent buffer
overflow (git-fixes).
- can: etas_es58x: populate ndo_change_mtu() to prevent buffer
overflow (git-fixes).
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync
(git-fixes).
- Bluetooth: hci_sync: Fix hci_resume_advertising_sync
(git-fixes).
- ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx
(stable-fixes).
- net: rfkill: gpio: Fix crash due to dereferencering
uninitialized pointer (git-fixes).
- net: phy: fix phy_uses_state_machine() (git-fixes).
- wifi: wilc1000: avoid buffer overflow in WID string
configuration (stable-fixes).
- wifi: mac80211: increase scan_ies_len for S1G (stable-fixes).
- wifi: mac80211: fix incorrect type for ret (stable-fixes).
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as
write is not supported (stable-fixes).
- dmaengine: mediatek: Fix a flag reuse error in
mtk_cqdma_tx_status() (git-fixes).
- commit f69acd3
- iommu/vt-d: Fix __domain_mapping()'s usage of
switch_to_super_page() (git-fixes).
- commit 9b4fa49
- net: gso: Forbid IPv6 TSO with extensions on devices with only
IPV6_CSUM (CVE-2025-39770 bsc#1249508).
- commit 8d2822a
- kabi: Restore layout of parallel_data (bsc1248343).
- commit c7e8448
- padata: Fix pd UAF once and for all (CVE-2025-38584 bsc1248343).
- commit 00470a2
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (CVE-2025-39797
bsc#1249608).
- commit a50d626
- xfrm: Duplicate SPI Handling (CVE-2025-39797 bsc#1249608).
- commit 313a1d3
- kernel-source.spec: Depend on python3-base for build
Both kernel-binary and kernel-docs already have this dependency.
Adding it to kernel-source makes it possible to use python in shared
build scripts.
- commit 72fdedd
- kernel-source: Do not list mkspec and its inputs as sources
(bsc#1250522).
This excludes the files from the src.rpm. The next step is to remove
these files in tar-up so that they do not get uploaded to OBS either.
As there is only one version of tar-up these files need to be removed
from all kernels.
- commit e72b8a2
- selftests: bpf: test batch lookup on array of maps with holes
(git-fixes).
- commit 6ee12a9
- bpf: skip non exist keys in generic_map_lookup_batch
(git-fixes).
- commit dcb10ca
- kABI: arm64: ftrace: Restore init_module behavior (git-fixes).
- commit 113b4db
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- commit 8f9b835
- rpm: Link arch-symbols script from scripts directory.
- commit 90b2abb
- Refresh
patches.kabi/kABI-fix-for-net-vlan-fix-VLAN-0-refcount-imbalance-.patch.
- commit e192478
- struct ci_hdrc: new member has_short_pkt_limit to end
(git-fixes).
- commit 5b5fa69
- cgroup: llist: avoid memory tears for llist_node (bsc#1247963).
- commit 854319b
- kabi: add struct cgroup_extra (bsc#1247963).
- commit 5114e86
- cgroup/rstat: Reduce cpu_lock hold time in
cgroup_rstat_flush_locked() (bsc#1247963).
- commit 2f30983
- cgroup/rstat: Optimize cgroup_rstat_updated_list()
(bsc#1247963).
- Refresh patches.kabi/kabi-add-struct-cgroup_extra.patch.
- commit 966ee8b
- btrfs: do not allow relocation of partially dropped subvolumes
(bsc#1249540 CVE-2025-39738).
- commit 60a9a58
- crypto: qat - add shutdown handler to qat_c3xxx (git-fixes).
- commit 562553d
- crypto: qat - add shutdown handler to qat_c62x (git-fixes).
- commit 95c669b
- rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes)
- commit bc7d88d
- rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494 CVE-2025-39744)
- commit ef20792
- rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533 CVE-2025-39749)
- commit 2b090f5
- use uniform permission checks for all mount propagation changes
(git-fixes).
- commit 4b14435
- rcu/exp: Handle RCU expedited grace period kworker allocation (git-fixes)
- commit 7737606
- rcu/exp: Fix RCU expedited parallel grace period kworker (git-fixes)
- commit 19ee671
- crypto: qat - add shutdown handler to qat_dh895xcc (git-fixes).
- commit 7ca55c2
- usb: typec: tcpci: use GENMASK() for TCPC_ROLE_CTRL_CC[12]
(git-fixes).
- commit 61574e5
- rpm: Link guards script from scripts directory.
- commit e19a893
- usb: typec: maxim_contaminant: re-enable cc toggle if cc is
open and port is clean (git-fixes).
- commit d3067ea
- usb: typec: maxim_contaminant: disable low power mode when
reading comparator values (git-fixes).
- commit f661b59
- usb: typec: tcpm/tcpci_maxim: fix non-contaminant CC handling
(git-fixes).
- commit 38cd076
- usb: typec: tcpm/tcpci_maxim: use GENMASK() for
TCPC_VENDOR_CC_CTRL2 register (git-fixes).
- commit 2b55585
- usb: dwc3: imx8mp: fix device leak at unbind (git-fixes).
- commit 5a35982
- usb: xhci: Fix invalid pointer dereference in Etron workaround
(git-fixes).
- commit a8cfeaf
- config.sh: Use Step repository for building Leap kernel
bs-upload-kernel does not understand the Leap repository layout
- commit cae4664
- usb: typec: fusb302: cache PD RX state (git-fixes).
- commit 3e6c8b0
- usb: dwc3: qcom: Don't leave BCR asserted (git-fixes).
- commit fdef7a6
- xhci: Fix control transfer error on Etron xHCI host (git-fixes).
- commit f7d6da1
- usb: chipidea: add CI_HDRC_HAS_SHORT_PKT_LIMIT flag (git-fixes).
- commit ff0fd10
- fs/nfs/io: make nfs_start_io_*() killable (git-fixes).
- commit 8cf21ec
- Delete patches.kabi/KVM-x86-Re-split-x2APIC-ICR-into-ICR-ICR2-for-AMD-x2.patch
- commit 0a00b28
- kabi: drop kvm_x86_ops from kabi relevant symbols
Since upstream commit dfc4e6ca04113 ("KVM: x86: Unexport kvm_x86_ops")
v5.18-rc1~139^2~153 kvm_x86_ops is no longer exported, so it can be
dropped from kabi checks.
- commit 4f5efb7
- kABI fix after vsock/virtio: fix `rx_bytes` accounting for
stream sockets (git-fixes).
- commit dd1042c
- platform/x86: thinkpad_acpi: Handle KCOV __init vs inline
mismatches (git-fixes).
- commit 7941d4d
- platform/mellanox: mlxbf-pmc: Validate event/enable input
(git-fixes).
- commit 7bd7d6e
- platform/mellanox: mlxbf-pmc: Remove newline char from event
name input (git-fixes).
- commit e4c52ac
- platform/x86: dell-wmi-sysman: Fix class device unregistration
(git-fixes).
- commit c3cf8fd
- platform/x86: think-lmi: Fix class device unregistration
(git-fixes).
- commit dab00ca
- netfilter: nf_reject: don't leak dst refcount for loopback
packets (CVE-2025-38732 bsc#1249262).
- commit e613385
- vhost/net: Protect ubufs with rcu read lock in
vhost_net_ubuf_put() (git-fixes).
- commit b347e0b
- vsock/virtio: Resize receive buffers so that each SKB fits in
a 4K page (git-fixes).
- commit 64aa75c
- vhost/vsock: Avoid allocating arbitrarily-sized SKBs
(git-fixes).
- commit 62a440b
- vhost: fail early when __vhost_add_used() fails (git-fixes).
- commit 9d77130
- vhost-scsi: Fix log flooding with target does not exist errors
(git-fixes).
- commit 2d6a672
- vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also
`transport_local` (git-fixes).
- commit 7139f2e
- vsock/virtio: fix `rx_bytes` accounting for stream sockets
(git-fixes).
- commit c34e345
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes)
- commit c2e717d
- vsock: avoid timeout during connect() if the socket is closing
(git-fixes).
- commit 34796d2
- vhost-scsi: Return queue full for page alloc failures during
copy (git-fixes).
- commit 3dcf5c3
- vsock: Allow retrying on connect() failure (git-fixes).
- commit 1f9e448
- 9p/xen: fix init sequence (git-fixes).
- commit 22e0fa2
- btrfs: tree-checker: fix the incorrect inode ref size check
(git-fixes).
- commit 1a69e6a
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC
is active (git-fixes).
- commit 97c436d
- KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting
MP_STATE (git-fixes).
- commit 1086ea1
- KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists
for the guest (git-fixes).
- commit 16aecdb
- KVM: VMX: Extract checking of guest's DEBUGCTL into helper
(git-fixes).
- commit a89d774
- KVM: x86: avoid underflow when scaling TSC frequency
(git-fixes).
- commit 1dc5b36
- KVM: x86/xen: Allow 'out of range' event channel ports in IRQ
routing table (git-fixes).
- commit fc7a1db
- KVM: VMX: Flush shadow VMCS on emergency reboot (git-fixes).
- commit 75149a0
- KVM: SVM: Clear current_vmcb during vCPU free for all *possible*
CPUs (git-fixes).
- commit 221d435
- KVM: x86: Fully defer to vendor code to decide how to force
immediate exit (git-fixes).
- commit 9d7cfec
- KVM: VMX: Handle KVM-induced preemption timer exits in fastpath
for L2 (git-fixes).
- commit 4708423
- KVM: x86: Move handling of is_guest_mode() into fastpath exit
handlers (git-fixes).
- commit 80f5d63
- btrfs: fix invalid extref key setup when replaying dentry
(git-fixes).
- commit d51ea66
- KVM: VMX: Handle forced exit due to preemption timer in fastpath
(git-fixes).
- commit 1eccc09
- KVM: VMX: Re-enter guest in fastpath for "spurious" preemption
timer exits (git-fixes).
- commit e920f78
- KVM: x86: Plumb "force_immediate_exit" into kvm_entry()
tracepoint (git-fixes).
- commit d90d7aa
- KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes).
- commit 972706e
- ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr
(bsc#1249258 CVE-2025-38701).
- commit f3682c5
- fs/buffer: fix use-after-free when call bh_read() helper
(bsc#1249374 CVE-2025-39691).
- jbd2: prevent softlockup in jbd2_log_do_checkpoint()
(bsc#1249526 CVE-2025-39782).
- loop: Avoid updating block size under exclusive owner
(bsc#1249199 CVE-2025-38709).
- eventpoll: Fix semi-unbounded recursion (bsc#1248392
CVE-2025-38614).
- commit fc4be97
- PCI: Extend isolated function probing to LoongArch (git-fixes).
- commit d35f4c9
- compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes).
- commit bf93f6c
- x86/cpu: Add model number for Intel Clearwater Forest processor
(git-fixes).
- commit 7c8efd9
- wifi: cfg80211: remove cfg80211_inform_single_bss_frame_data()
(git-fixes).
- commit a72bcdf
- xen/netfront: Fix TX response spurious interrupts (git-fixes).
- commit 5e0ce6f
- KVM: s390: Fix incorrect usage of mmu_notifier_register()
(git-fixes bsc#1250336).
- commit 64b94c2
- xen/gntdev: remove struct gntdev_copy_batch from stack
(git-fixes).
- commit 13539ce
- wireless: purelifi: plfxlc: fix memory leak in
plfxlc_usb_wreq_asyn() (git-fixes).
- commit 5a9e007
- xenbus: Allow PVH dom0 a non-local xenstore (git-fixes).
- commit 81be2ce
- xen: Add support for XenServer 6.1 platform device (git-fixes).
- commit a4daef0
- kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963).
- commit 05abe8b
- mmc: core: Use GFP_NOIO in ACMD22 (git-fixes).
- commit 58bbbbb
- cgroup: remove per-cpu per-subsystem locks (bsc#1247963).
- cgroup: make css_rstat_updated nmi safe (bsc#1247963).
- cgroup: support to enable nmi-safe css_rstat_updated
(bsc#1247963).
- commit 2adc7c0
- NFSv4/flexfiles: Fix layout merge mirror check (git-fixes).
- commit fcad211
- SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes).
- commit 1f5dab1
- Revert "SUNRPC: Don't allow waiting for exiting tasks"
(git-fixes).
- commit f25412a
- flexfiles/pNFS: fix NULL checks on result of
ff_layout_choose_ds_for_read (git-fixes).
- commit 43ddf37
- NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the
server (git-fixes).
- commit da99754
- NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set
(git-fixes).
- commit 0b05e92
- NFSv4: Don't clear capabilities that won't be reset (git-fixes).
- commit f31092e
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
(git-fixes).
- commit 4438737
- mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes).
- crypto: af_alg - Set merge to zero early in af_alg_sendmsg
(git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for
I2S (git-fixes).
- ASoC: qcom: audioreach: Fix lpaif_type configuration for the
I2S interface (git-fixes).
- ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if
source graph failed (git-fixes).
- ASoC: wm8974: Correct PLL rate rounding (git-fixes).
- ASoC: wm8940: Correct typo in control name (git-fixes).
- ASoC: wm8940: Correct PLL rate rounding (git-fixes).
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in
error message (git-fixes).
- ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE()
is NULL (git-fixes).
- ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup
(git-fixes).
- drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error
path (git-fixes).
- drm: bridge: anx7625: Fix NULL pointer dereference with early
IRQ (git-fixes).
- USB: serial: option: add Telit Cinterion LE910C4-WWX new
compositions (stable-fixes).
- USB: serial: option: add Telit Cinterion FN990A w/audio
compositions (stable-fixes).
- Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042
quirk table (stable-fixes).
- Input: iqs7222 - avoid enabling unused interrupts
(stable-fixes).
- drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at
any time (stable-fixes).
- drm/amdgpu/vcn4: Fix IB parsing with multiple engine info
packages (stable-fixes).
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
(git-fixes).
- compiler-clang.h: define __SANITIZE_*__ macros only when
undefined (stable-fixes).
- i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes).
- mtd: nand: raw: atmel: Fix comment in timings preparation
(stable-fixes).
- commit 60c59ef
- Drop arm64 patches that may lead to module load failure (bsc#1250057)
Deleted:
patches.suse/arm64-ftrace-fix-unreachable-PLT-for-ftrace_caller-in-init.patch
patches.kabi/kABI-arm64-ftrace-Restore-struct-mod_arch_specific-l.patch
- commit 2621bab
- xfs: rework datasync tracking and execution (bsc#1237449).
- xfs: rearrange code in xfs_inode_item_precommit (bsc#1237449).
- commit 730f72c
- habanalabs: fix UAF in export_dmabuf() (CVE-2025-38722
bsc#1249163).
- commit 5507c4a
- net: bridge: fix soft lockup in br_multicast_query_expired()
(CVE-2025-39773 bsc#1249504).
- commit 8e6b9c2
- cgroup: remove cgroup_rstat_flush_atomic() (bsc#1247963).
- commit 45cbf76
- io_uring/net: commit partial buffers on retry (CVE-2025-38730
bsc#1249172).
- commit 7b5fe24
- selftests/bpf: adapt one more case in test_lru_map to the new
target_free (git-fixes).
- commit 951807c
- Correct typos of References tags in some patches
- commit 183c46e
- selftests/bpf: Add asserts for netfilter link info (git-fixes).
- commit 443e26f
- bpf: Fix link info netfilter flags to populate defrag flag
(git-fixes).
- commit d659929
- bpf: Adjust free target to avoid global starvation of LRU map
(git-fixes).
- commit a87821b
- bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure
(git-fixes).
- commit fc9c396
- struct l2cap_chan: shift new member rx_avail to end (git-fixes).
- commit df4a4b8
- Bluetooth: compute LE flow credits based on recvbuf space
(git-fixes).
- Refresh patches.suse/Bluetooth-L2CAP-Fix-deadlock.patch.
- Refresh
patches.suse/bluetooth-l2cap-sync-sock-recv-cb-and-release.patch.
- commit 89343db
- ppp: fix race conditions in ppp_fill_forward_path
(CVE-2025-39673 bsc#1249320).
- commit ab5f3b1
- drm/amd/pm: fix null pointer access (CVE-2025-38705
bsc#1249334).
- commit b78844e
- vsock/virtio: Validate length in packet header before skb_put()
(CVE-2025-39718 bsc#1249305).
- commit 8072632
- arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes)
- commit 420c073
- Bluetooth: qca: fix wcn3991 device address check (git-fixes).
- commit 9189126
- Bluetooth: qca: fix invalid device address check (git-fixes).
- commit 0795907
- wifi: ath10k: shutdown driver when hardware is unreliable
(CVE-2025-39746 bsc#1249516).
- commit b5556c6
- cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag
(stable-fixes).
- commit 9a8a959
- cpufreq: Exit governor when failed to start old governor
(stable-fixes).
- commit 39287fb
- cpufreq: Init policy->rwsem before it may be possibly used
(git-fixes).
- commit 04861e7
- cpufreq: Initialize cpufreq-based frequency-invariance later
(git-fixes).
- commit ed31199
- cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive
mode (git-fixes).
- commit 723f0f4
- cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode
(git-fixes).
- commit 662764f
- cpufreq: cppc: Fix invalid return value in .get() callback
(git-fixes).
- commit 6fc7d2a
- drm/amd/display: fix a Null pointer dereference vulnerability (bsc#1249295 CVE-2025-39705)
- commit fd61b4f
- pptp: fix pptp_xmit() error path (git-fixes).
- commit 91ca931
- net, hsr: reject HSR frame if skb can't hold tag (CVE-2025-39703
bsc#1249315).
- netfilter: ctnetlink: fix refcount leak on table dump
(CVE-2025-38721 bsc#1249176).
- pptp: ensure minimal skb length in pptp_xmit() (CVE-2025-38574
bsc#1248365).
- commit a50f469
- media: venus: Fix OOB read due to missing payload bound check
(CVE-2025-38679 bsc#1249202).
- commit 8b1060a
- platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL
(CVE-2025-39678 bsc#1249290).
- commit d0b499a
- drivers/base/node: rename __register_one_node() to
register_one_node() (bsc#1241866).
- commit 806b51c
- drivers/base/node: rename register_memory_blocks_under_node()
and remove context argument (bsc#1241866).
- commit 9ef69ed
- drivers/base/node: remove register_memory_blocks_under_node()
function call from register_one_node (bsc#1241866).
- commit 2f00393
- drivers/base/node: remove register_mem_block_under_node_early()
(bsc#1241866).
- commit 02a1a4a
- drivers/base/node: optimize memory block registration to reduce
boot time (bsc#1241866).
- commit 3a0dd5e
- cpufreq: scpi: compare kHz instead of Hz (git-fixes).
- commit bd20bfa
- cpufreq: governor: Fix negative 'idle_time' handling in
dbs_update() (git-fixes).
- commit 7fc2c58
- cpufreq: Use the fixed and coherent frequency for scaling
capacity (stable-fixes).
- commit 573ea38
- power: supply: bq27xxx: restrict no-battery detection to bq27000
(git-fixes).
- power: supply: bq27xxx: fix error return in case of no bq27000
hdq battery (git-fixes).
- commit 7d4436e
- kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes).
- commit 7f84dae
- arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes)
- commit 06d6c63
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes)
- commit d3f6628
- arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes)
- commit faa58e2
- arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes)
- commit 775e3f7
- arm64: Mark kernel as tainted on SAE and SError panic (git-fixes)
- commit 833fcf1
- arm64: Handle KCOV __init vs inline mismatches (git-fixes)
- commit 187b48f
- arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes)
- commit 8c45279
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (git-fixes).
- commit 5a86595
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes)
- commit 655bf48
- arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes)
- commit d929ee1
- i2c: tegra: Use internal reset when reset property is not available (bsc#1249143)
- commit 7b11853
- tls: fix handling of zero-length records on the rx_list
(CVE-2025-39682 bsc#1249284).
- commit 409e98c
- kABI workaround for "drm/dp: Add an EDID quirk for the DPCD
register access probe" (bsc#1248121).
- commit 6cdcefb
- drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121).
- commit 617e84a
- drm/dp: Add an EDID quirk for the DPCD register access probe
(bsc#1248121).
- Refresh
patches.suse/drm-Add-kabi-placeholders-to-commonly-used-structs.patch.
- commit db9d8ac
- drm/edid: Add support for quirks visible to DRM core and drivers
(bsc#1248121).
- drm/edid: Define the quirks in an enum list (bsc#1248121).
- commit bc5a858
- drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to
TRAINING_PATTERN_SET (bsc#1248121).
- commit 36a72f9
- Update patches.suse/drm-dp-Change-AUX-DPCD-probe-address-from-DPCD_REV-t.patch (bsc#1248121)
Move to the cherry-picked 6.16-rc patch, to be applied earlier
- commit 49f20a1
- netfilter: nf_tables: reject duplicate device on updates
(CVE-2025-38678 bsc#1249126).
- commit 8b40732
- Limit patch filenames to 100 characters (bsc#1249604).
- commit 8a17cff
- iommu/amd: Avoid stack buffer overflow from kernel cmdline
(CVE-2025-38676 bsc#1248775).
- commit eddb6c4
- phy: ti-pipe3: fix device leak at unbind (git-fixes).
- phy: tegra: xusb: fix device and OF node leak at probe
(git-fixes).
- dmaengine: dw: dmamux: Fix device reference leak in
rzn1_dmamux_route_allocate (git-fixes).
- dmaengine: ti: edma: Fix memory allocation size for
queue_priority_map (git-fixes).
- dmaengine: idxd: Fix double free in idxd_setup_wqs()
(git-fixes).
- dmaengine: idxd: Fix refcount underflow on module unload
(git-fixes).
- dmaengine: idxd: Remove improper idxd_free (git-fixes).
- dmaengine: qcom: bam_dma: Fix DT error handling for
num-channels/ees (git-fixes).
- serial: sc16is7xx: fix bug in flow control levels init
(git-fixes).
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
(git-fixes).
- xhci: fix memory leak regression when freeing xhci vdev devices
depth first (git-fixes).
- xhci: dbc: Fix full DbC transfer ring after several reconnects
(git-fixes).
- commit 517a9a9
- regulator: sy7636a: fix lifecycle of power good gpio
(git-fixes).
- commit 519b81c
- struct cdc_ncm_ctx: hide new member filtering_supported
(git-fixes).
- commit 1152814
- drm/amdgpu: fix a memory leak in fence cleanup when unloading
(git-fixes).
- drm/i915/power: fix size for for_each_set_bit() in abox
iteration (git-fixes).
- commit 48c87c2
- drm/mediatek: fix potential OF node use-after-free (git-fixes).
- drm/amd/display: use udelay rather than fsleep (git-fixes).
- commit 9e6eea4
- net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new
compositions (git-fixes).
- net: usb: cdc-ncm: check for filtering capability (git-fixes).
- commit ce04178
- cgroup/cpuset: Use static_branch_enable_cpuslocked() on
cpusets_insane_config_key (bsc#1241166).
- commit 414381b
- s390/vfio-ap: Fix no AP queue sharing allowed message written
to kernel log (git-fixes bsc#1249488).
- commit e007691
- s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes
bsc#1249481).
- s390/pai: Deny all events not handled by this PMU (git-fixes
bsc#1249482).
- commit 85f3e91
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes).
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC
buffer (git-fixes).
- can: xilinx_can: xcan_write_frame(): fix use-after-free of
transmitted SKB (git-fixes).
- can: j1939: j1939_local_ecu_get(): undo increment when
j1939_local_ecu_get() fails (git-fixes).
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately
when j1939_local_ecu_get() failed (git-fixes).
- can: j1939: implement NETDEV_UNREGISTER notification handler
(git-fixes).
- commit ab68e9b
- net/mlx5e: Remove skb secpath if xfrm state is not found (CVE-2025-38590 bsc#1248360)
- commit ed11350
- rcu-tasks: Maintain real-time response in (bsc#1246298)
- commit 1fbb6ff
- rcu-tasks: Eliminate deadlocks involving do_exit() and RCU (bsc#1246298)
- commit 61288e7
- smb: client: fix use-after-free in cifs_oplock_break
(bsc#1248199, CVE-2025-38527).
- commit 4692a87
- supported.conf: mark hyperv_drm as external
- net: hv_netvsc: fix loss of early receive events from host
during channel open (git-fixes).
- hv_netvsc: Fix panic during namespace deletion with VF
(bsc#1248111).
- hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open
to prevent IPv6 addrconf (git-fixes).
- commit 2985c60
- Drop PCI patches that broke kdump capture boot (bsc#1246509)
Deleted:
patches.suse/PCI-Explicitly-put-devices-into-D0-when-initializing.patch
patches.suse/PCI-PM-Set-up-runtime-PM-even-for-devices-without-PC.patch
Refreshed:
patches.suse/PCI-Support-Immediate-Readiness-on-devices-without-PM.patch
- commit 70a44f4
- netfilter: nf_tables: split async and sync catchall in two
functions (git-fixes).
- Refresh
patches.kabi/kABI-make-nft_trans_gc_catchall-public-again.patch.
- commit b907ff6
- netfilter: nf_tables: Fix entries val in rule reset audit log
(git-fixes).
- commit a8ae150
- platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious
8042 quirks list (stable-fixes).
- drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes).
- drm/amd/display: Don't warn when missing DCE encoder caps
(stable-fixes).
- commit 2aad2ce
- ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4
model (stable-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY
(stable-fixes).
- ALSA: usb-audio: Add mute TLV for playback volumes on some
devices (stable-fixes).
- cpupower: Fix a bug where the -t option of the set subcommand
was not working (stable-fixes).
- cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN
(stable-fixes).
- Bluetooth: hci_sync: Avoid adding default advertising on startup
(stable-fixes).
- commit 3580eab
- ALSA: hda/realtek - Add new HP ZBook laptop with micmute led
fixup (stable-fixes).
- commit 0d08638
- ALSA: hda/realtek: Add support for HP Agusta using CS35L41 HDA
(stable-fixes).
- commit 33271d8
- bpf, bpftool: Fix incorrect disasm pc (git-fixes).
- commit 4188abf
- bpf: bpftool: Setting error code in do_loader() (git-fixes).
- commit 6283bbf
- bpftool: Fix readlink usage in get_fd_type (git-fixes).
- commit ae9652c
- bpftool: fix potential NULL pointer dereferencing in prog_dump()
(git-fixes).
- commit 171c943
- bpftool: Mount bpffs when pinmaps path not under the bpffs
(git-fixes).
- commit fb91e0e
- x86/amd_nb: Restrict init function to AMD-based systems (git-fixes).
- commit f7e4409
- x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes).
- commit a5e740f
- x86/fpu: Delay instruction pointer fixup until after warning (git-fixes).
- commit 6c7016a
- x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes).
- commit 8f2342d
- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- commit 40606b5
- kABI workaround for RCU tasks exit tracking (bsc#1246298).
- commit 90e8606
- btrfs: always update fstrim_range on failure in FITRIM ioctl
(git-fixes).
- commit 8b0d717
- netfilter: nf_tables: remove catchall element in GC sync path
(git-fixes).
- Refresh
patches.kabi/kABI-make-nft_trans_gc_catchall-public-again.patch.
- commit 6c470e7
- netfilter: nf_tables: revert do not remove elements if set
backend implements .abort (git-fixes).
- commit 54e2e34
- netfilter: nf_tables: Unbreak audit log reset (git-fixes).
- commit 1d98f3d
- net/mlx5: Check device memory pointer before usage
(CVE-2025-38645 bsc#1248626).
- commit 1353943
- x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes).
- commit 74f5e8a
- ceph: validate snapdirname option length when mounting (git-fixes).
- commit 3370873
- ceph: fix possible integer overflow in ceph_zero_objects() (git-fixes).
- commit 096933b
- x86/CPU/AMD: WARN when setting EFER.AUTOIBRS if and only if the WRMSR fails (git-fixes).
- commit 1d1b06c
- btrfs: add cancellation points to trim loops (git-fixes).
- btrfs: split remaining space to discard in chunks (git-fixes).
- btrfs: use SECTOR_SHIFT to convert physical offset to LBA
(git-fixes).
- commit 6bf77bf
- mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn
(git-fixes).
- commit 6e9d9d9
- mm/hwpoison: do not send SIGBUS to processes with recovered
clean pages (git-fixes).
- commit 34ad618
- xen: fix UAF in dmabuf_exp_from_pages() (CVE-2025-38595
bsc#1248380).
- commit 00fd621
- selftests/bpf: Add test cases with CONST_PTR_TO_MAP null checks
(git-fixes).
- selftests/bpf: Add cmp_map_pointer_with_const test (git-fixes).
- bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes).
- commit d187572
- PCI: pnv_php: Fix surprise plug detection and recovery
(CVE-2025-38623 bsc#1248610).
- commit e872ea6
- file: add take_fd() cleanup helper (CVE-2025-38595 bsc#1248380).
- commit 7ffa1d7
- drm/rockchip: vop2: fail cleanly if missing a primary plane
for a video-port (CVE-2025-38597 bsc#1248378).
- commit 7f132df
- bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622
CVE-2025-38640).
- commit b485f08
- btrfs: avoid load/store tearing races when checking if an
inode was logged (git-fixes).
- commit 60df77c
- btrfs: fix race between setting last_dir_index_offset and
inode logging (git-fixes).
- commit 9120538
- btrfs: fix race between logging inode and checking if it was
logged before (git-fixes).
- commit 84758cf
- btrfs: always abort transaction on failure to add block group
to free space tree (git-fixes).
- commit 55788e0
- btrfs: move transaction aborts to the error site in
add_block_group_free_space() (git-fixes).
- commit 1bba414
- btrfs: abort transaction on unexpected eb generation at
btrfs_copy_root() (git-fixes).
- commit 47cbfed
- isolcpus: add missing hunk back (bsc#1236897 bsc#1249206).
Update
patches.suse/blk-mq-use-hk-cpus-only-when-isolcpus-managed_irq-is.patch
(bsc#1236897 bsc#1249206).
- commit d06c033
- btrfs: qgroup: fix race between quota disable and quota rescan
ioctl (git-fixes).
- commit 6ecd72c
- btrfs: abort transaction during log replay if walk_log_tree()
failed (git-fixes).
- commit 9ed0531
- netfilter: nf_tables: bogus ENOENT when destroying element
which does not exist (git-fixes).
- commit 1720cdf
- netfilter: nf_conntrack_bridge: initialize err to 0 (git-fixes).
- commit 37ed3f8
- netfilter: nat: fix ipv6 nat redirect with mapped and scoped
addresses (git-fixes).
- commit dc55ccf
- netfilter: xt_recent: fix (increase) ipv6 literal buffer length
(git-fixes).
- commit 9b71437
- netfilter: nf_tables: Carry reset boolean in nft_obj_dump_ctx
(git-fixes).
- commit 1837d60
- netfilter: nf_tables: nft_obj_filter fits into cb->ctx
(git-fixes).
- commit 7ebf747
- netfilter: nf_tables: Carry s_idx in nft_obj_dump_ctx
(git-fixes).
- commit 94eb28c
- netfilter: nf_tables: A better name for nft_obj_filter
(git-fixes).
- commit 4e97e28
- netfilter: nf_tables: Unconditionally allocate nft_obj_filter
(git-fixes).
- commit 71527ef
- netfilter: nf_tables: Drop pointless memset in
nf_tables_dump_obj (git-fixes).
- commit 457aebd
- netfilter: nf_tables: Introduce nf_tables_getrule_single()
(git-fixes).
- commit 1f75537
- netfilter: xt_nfacct: don't assume acct name is null-terminated (CVE-2025-38639 bsc#1248674)
- commit e51b72e
- netfilter: nf_tables: Open-code audit log call in
nf_tables_getrule() (git-fixes).
- commit 05444c9
- netfilter: nft_set_rbtree: prefer sync gc to async worker
(git-fixes).
- commit 3892bab
- netfilter: nft_set_rbtree: rename gc deactivate+erase function
(git-fixes).
- commit ee5de41
- netfilter: nf_tables: Drop pointless memset when dumping rules
(git-fixes).
- commit 9da7ab8
- kABI: netfilter flowtable move gc operation to bottom
(git-fixes).
- commit 81690ca
- netfilter: flowtable: GC pushes back packets to classic path
(git-fixes).
- commit 6e4c347
- Update config files. (bsc#1249186)
Plain run_oldconfig after Kconfig update.
- commit 9d7abe4
- Refresh
patches.suse/kernel-add-product-identifying-information-to-kernel-build.patch. (bsc#1249186)
- commit 99400d5
- x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and
arch_sync_kernel_mappings() (git-fixes).
- commit 79df6a3
- mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes).
- commit b0342dd
- netfilter: nf_tables: audit log object reset once per table
(git-fixes).
- commit fd6322c
- netfilter: nft_payload: fix wrong mac header matching
(git-fixes).
- commit d699ba5
- netfilter: nfnetlink_log: silence bogus compiler warning
(git-fixes).
- commit f57923e
- mm: move page table sync declarations to linux/pgtable.h
(git-fixes).
- commit 1222abb
- netfilter: nf_tables: do not remove elements if set backend
implements .abort (git-fixes).
- commit 19ebcee
- netfilter: nf_tables: Deduplicate nft_register_obj audit logs
(git-fixes).
- commit 649bcef
- kABI workaround for bluetooth discovery_state change
(CVE-2025-38593 bsc#1248357).
- commit a2afff6
- Bluetooth: hci_sync: fix double free in
'hci_discovery_filter_clear()' (CVE-2025-38593 bsc#1248357).
- Refresh patches.kabi/bluetooth-hci_dev-kabi-workaround.patch.
- commit c998281
- nouveau: fix disabling the nonstall irq due to storm code
(git-fixes).
- commit 476894d
- spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer
abort (git-fixes).
- spi: spi-fsl-lpspi: Set correct chip-select polarity bit
(git-fixes).
- spi: spi-fsl-lpspi: Fix transmissions when using CONT
(git-fixes).
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM
(git-fixes).
- drm/amd/amdgpu: Fix missing error return on kzalloc failure
(git-fixes).
- drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes).
- pcmcia: Add error handling for add_interval() in
do_validate_mem() (git-fixes).
- pcmcia: omap: Add missing check for platform_get_resource
(git-fixes).
- pcmcia: Fix a NULL pointer dereference in
__iodyn_find_io_region() (git-fixes).
- commit 2aa7ff8
- Update config files: CONFIG_SUSE_HAVE_STABLE_KABI=n for arm64/debug flavor
- commit 7319322
- erofs: fix atomic context detection when
!CONFIG_DEBUG_LOCK_ALLOC (git-fixes).
- commit 8bbba66
- net: drop UFO packets in udp_rcv_segment() (CVE-2025-38622
bsc#1248619).
- commit b74a30a
- kABI: adjust new field on ip_ct_sctp struct (git-fixes).
- commit b932c6f
- netfilter: handle the connecting collision properly in
nf_conntrack_proto_sctp (git-fixes).
- commit 935c934
- smb: client: fix use-after-free in crypt_message when using
async crypto (bsc#1247239, CVE-2025-38488).
- commit 4fd2db6
- HID: input: report battery status changes immediately
(git-fixes).
- HID: input: rename hidinput_set_battery_charge_status()
(stable-fixes).
- commit c8518b5
- wifi: ath12k: Pass ab pointer directly to
ath12k_dp_tx_get_encap_type() (CVE-2025-38605 bsc#1248334).
- regulator: core: fix NULL dereference on unbind due to stale
coupling data (CVE-2025-38668 bsc#1248647).
- commit 684e871
- wifi: ath11k: fix group data packet drops during rekey
(git-fixes).
- commit 8f7f429
- ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes).
- wifi: cfg80211: sme: cap SSID length in
__cfg80211_connect_result() (git-fixes).
- wifi: libertas: cap SSID len in lbs_associate() (git-fixes).
- wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes).
- batman-adv: fix OOB read/write in network-coding decode
(git-fixes).
- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
(git-fixes).
- Bluetooth: vhci: Prevent use-after-free by removing debugfs
files early (git-fixes).
- mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes).
- xirc2ps_cs: fix register access when enabling FullDuplex
(git-fixes).
- wifi: iwlwifi: uefi: check DSM item validity (git-fixes).
- wifi: mt76: mt7996: Initialize hdr before passing to
skb_put_data() (git-fixes).
- wifi: mwifiex: Initialize the chan_stats array to zero
(git-fixes).
- wifi: brcmfmac: fix use-after-free when rescheduling
brcmf_btcoex_info work (git-fixes).
- wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes).
- HID: quirks: add support for Legion Go dual dinput modes
(stable-fixes).
- HID: hid-ntrig: fix unable to handle page fault in
ntrig_report_version() (stable-fixes).
- HID: wacom: Add a new Art Pen 2 (stable-fixes).
- Revert "drm/amdgpu: fix incorrect vm flags to map bo"
(stable-fixes).
- net: rose: fix a typo in rose_clear_routes() (git-fixes).
- net: rose: include node references in rose_neigh refcount
(git-fixes).
- net: rose: convert 'use' field to refcount_t (git-fixes).
- net: rose: split remove and free operations in
rose_remove_neigh() (stable-fixes).
- dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted
(stable-fixes).
- ASoC: codecs: tx-macro: correct tx_macro_component_drv name
(stable-fixes).
- ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list
(stable-fixes).
- HID: mcp2221: Handle reads greater than 60 bytes (stable-fixes).
- HID: mcp2221: Don't set bus speed on every transfer
(stable-fixes).
- commit c45df83
- perf: Revert to requiring CAP_SYS_ADMIN for uprobes (bsc#1247442
CVE-2025-38466).
- commit 6200f52
- bpf: Properly test iter/task tid filtering (git-fixes).
- commit 7cae248
- bpf: Fix iter/task tid filtering (git-fixes).
- commit 51eef98
- wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643 bsc#1248681)
- commit 913bce0
- netfilter: conntrack: fix extension size table (git-fixes).
- commit 3a3ec96
- netfilter: nf_tables: disallow element removal on anonymous sets
(git-fixes).
- commit ed5fdf4
- netfilter: nft_set_hash: try later when GC hits EAGAIN on
iteration (git-fixes).
- commit 1044906
- netfilter: nft_set_pipapo: stop GC iteration if GC transaction
allocation fails (git-fixes).
- commit 102d93f
- kABI: make nft_trans_gc_catchall() public again (git-fixes).
- commit a176bb1
- netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync()
in catchall GC (git-fixes).
- commit d64bf79
- kABI fix for "netfilter: nf_tables: Audit log rule reset"
(git-fixes).
- commit 5173417
- netfilter: nf_tables: Audit log rule reset (git-fixes).
- commit f27562f
- [ceph] parse_longname(): strrchr() expects NUL-terminated string
(bsc#1248634 CVE-2025-38660).
- commit cc1fe76
- s390/sclp: Fix SCCB present check (git-fixes bsc#1249123).
- s390/time: Use monotonic clock in get_cycles() (git-fixes
bsc#1249125).
- s390/stp: Remove udelay from stp_sync_clock() (git-fixes
bsc#1249124).
- hypfs_create_cpu_files(): add missing check for hypfs_mkdir()
failure (git-fixes bsc#1249122).
- commit a699d99
- Refresh
patches.kabi/kabi-s390-ism-fix-concurrency-management-in-ism_cmd.patch.
- commit e8175f3
- ext4: remove writable userspace mappings before truncating
page cache (bsc#1247223).
- commit afc4afd
- rpm: Configure KABI checkingness macro (bsc#1249186)
The value of the config should match presence of KABI reference data. If
it mismatches:
- !CONFIG & reference -> this is bug, immediate fail
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- commit 23c1536
- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186)
The motivation: there are patches.kabi/ patches that restore KABI and
they check validity of the approach with static_assert()s to prevent
accidental KABI breakage.
These asserts are invoked on each arch-flavor and they may signal false
negatives -- that is KABI restoration patch could break KABI but the
given arch-flavor defines no KABI.
The intended use is to disable the compile time checks in patches.kabi/
(but not to be confused with __GENKSYMS__ that affects how reference is
calculated).
The name is chosen so that it mimics HAVE_* macros that are not
configured manually (but is selected by an arch). In our case it's
(un)selected by build script depending on whether KABI reference is
defined for given arch-flavor and whether check is really requested by
the user. Default value is 'n' so that people building merely via
Makefile (not RPM with KABI checking) obtain consistent config.
- commit 5e4e9c5
- s390/pci: Allow automatic recovery with minimal driver support
(git-fixes bsc#1248734 LTC#214880).
- commit 3fdd470
- btrfs: fix data overwriting bug during buffered write when
block size < page size (git-fixes).
- commit d006c37
- btrfs: make found_logical_ret parameter mandatory for function
queue_scrub_stripe() (git-fixes).
- commit da7f7f5
- btrfs: scrub: fix grouping of read IO (git-fixes).
- commit bd555d2
- btrfs: scrub: avoid unnecessary csum tree search preparing
stripes (git-fixes).
- commit d485678
- btrfs: scrub: avoid unnecessary extent tree search preparing
stripes (git-fixes).
- commit a00c933
- btrfs: scrub: remove scrub_ctx::csum_list member (git-fixes).
- commit fa7dbad
- gfs2: No more self recovery (bsc#1248639 CVE-2025-38659).
- gfs2: Get rid of gfs2_glock_queue_put in signal_our_withdraw
(bsc#1248639 CVE-2025-38659).
- commit bdb1b5c
- s390/ism: fix concurrency management in ism_cmd() (git-fixes
bsc#1248735).
- commit 1005186
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints
(CVE-2025-22022 bsc#1241292).
- commit 8a5182c
- usb: xhci: move link chain bit quirk checks into one helper
function (CVE-2025-22022 bsc#1241292).
- commit 4cca94b
- nvme-pci: try function level reset on init failure (git-fixes).
- commit 1ee35d9
- ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
(CVE-2025-38664 bsc#1248628).
- commit 7e27b08
- s390/hypfs: Enable limited access during lockdown (git-fixes
bsc#1248733 LTC#214881).
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs
(git-fixes bsc#1248733 LTC#214881).
- commit 97ff25b
- HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556 bsc#1248296)
- commit 1097818
- rxrpc: Fix bug due to prealloc collision (CVE-2025-38544 bsc#1248225)
- commit bc50a3d
- net: libwx: fix the using of Rx buffer DMA (CVE-2025-38533 bsc#1248200)
- commit 8863383
- ice: add NULL check in eswitch lag check (CVE-2025-38526 bsc#1248192)
- commit 7ad8c40
- rxrpc: Fix oops due to non-existence of prealloc backlog struct (CVE-2025-38514 bsc#1248202)
- commit 4ea1963
- idpf: return 0 size for RSS key if not supported (CVE-2025-38402 bsc#1247262)
- commit 1ca20ce
- remoteproc: core: Release rproc->clean_table after rproc_attach() fails (CVE-2025-38418 bsc#1247137)
- commit 14c64f1
- remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (CVE-2025-38419 bsc#1247136)
- commit 7e69a49
- genirq/irq_sim: Initialize work context pointers properly (CVE-2025-38408 bsc#1247126)
- commit a8d685c
- ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (CVE-2025-38456 bsc#1247099)
- commit 8a59cf2
- bcache: fix NULL pointer in cache_set_flush() (CVE-2025-38263 bsc#1246248)
- commit d6d8f29
- Update reference in patches.suse/lib-group_cpus-fix-NULL-pointer-dereference-from-gro.patch (CVE-2025-38255 bsc#1246190 bsc#1236897)
- commit 0bab045
- kmod
-
- man: modprobe.d: document the config file order handling (bsc#1253741)
* man-modprobe.d-document-the-config-file-order-handling.patch
- expat
-
- Fix CVE-2025-59375 / bsc#1249584.
- Add patch file:
* CVE-2025-59375.patch
- libxslt
-
- security update
- added patches
CVE-2025-11731 [bsc#1251979], type confusion in exsltFuncResultCompfunction leading to denial of service
* libxslt-CVE-2025-11731.patch
- security update
- added patches
CVE-2025-10911 [bsc#1250553], use-after-free with key data stored cross-RVT
* libxslt-CVE-2025-10911.patch
- mozilla-nss
-
- Add bmo1990242.patch to move NSS DB password hash away from SHA-1
- update to NSS 3.112.2
* bmo#1970079 - Prevent leaks during pkcs12 decoding.
* bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
- Adding patch bmo1980465.patch to fix bug on s390x (bmo#1980465)
- Adding patch bmo1956754.patch to fix possible undefined behaviour (bmo#1956754)
- update to NSS 3.112.1
* bmo#1982742 - restore support for finding certificates by decoded serial number.
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template
* bmo#1965754 - update taskgraph to v14.2.1
* bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set
* bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls
* bmo#1963102 - Remove Cryptofuzz CI version check
- update to NSS 3.111
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1957685 - Turn off Websites Trust Bit from CAs
* bmo#1937338 - Update nssckbi version following April 2025 Batch of Changes
* bmo#1943135 - Disable SMIME ‘trust bit’ for GoDaddy CAs
* bmo#1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c
* bmo#1954612 - Need up update NSS for PKCS 3.1
* bmo#1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID
* bmo#1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI
* bmo#1943962 - selfserv: Add support for zlib certificate compression
- update to NSS 3.110
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
* bmo#1953429 - Remove Crl templates from ASN1 fuzz target
* bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
* bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
* bmo#1930807 - NSS policy updates
* bmo#1951161 - Improve locking in nssPKIObject_GetInstances
* bmo#1951394 - Fix race in sdb_GetMetaData
* bmo#1951800 - Fix member access within null pointer
* bmo#1950077 - Increase smime fuzzer memory limit
* bmo#1949677 - Enable resumption when using custom extensions
* bmo#1952568 - change CN of server12 test certificate
* bmo#1949118 - Part 2: Add missing check in
NSS_CMSDigestContext_FinishSingle
* bmo#1949118 - Part 1: Fix smime UBSan errors
* bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
* bmo#1951491 - Don't build libpkix in static builds
* bmo#1951395 - handle `-p all` in try syntax
* bmo#1951346 - fix opt-make builds to actually be opt
* bmo#1951346 - fix opt-static builds to actually be opt
* bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Removed upstreamed nss-reproducible-chksums.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
- update to NSS 3.109
* bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special
SHA instructions can be used if available
* bmo#1930807 - NSS policy updates - fix inaccurate key policy issues
* bmo#1945883 - SMIME fuzz target
* bmo#1914256 - ASN1 decoder fuzz target
* bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests
for fuzzing”
* bmo#1915155 - Add fuzz/README.md
* bmo#1936001 - Part 4: Fix tstclnt arguments script
* bmo#1944545 - Extend pkcs7 fuzz target
* bmo#1912320 - Extend certDN fuzz target
* bmo#1944300 - revert changes to HACL* files from bug 1866841
* bmo#1936001 - Part 3: Package frida corpus script
- update to NSS 3.108
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
* bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set
* bmo#1934526 - Fix memory leak in pkcs7 fuzz target
* bmo#1934529 - Set -O2 for ASan builds in CI
* bmo#1934543 - Change branch of tlsfuzzer dependency
* bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1
* bmo#1934241 - Fix coverage failure in CI
* bmo#1934213 - Add fuzzing for delegated credentials, DTLS short
header and Tls13BackendEch
* bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround
* bmo#1913677 - Part 3: Restructure fuzz/
* bmo#1931925 - Extract testcases from ssl gtests for fuzzing
* bmo#1923037 - Force Cryptofuzz to use NSS in CI
* bmo#1923037 - Fix Cryptofuzz on 32 bit in CI
* bmo#1933154 - Update Cryptofuzz repository link
* bmo#1926256 - fix build error from 9505f79d
* bmo#1926256 - simplify error handling in get_token_objects_for_cache
* bmo#1931973 - nss doc: fix a warning
* bmo#1930797 - pkcs12 fixes from RHEL need to be picked up
- remove obsolete patches
* nss-fips-safe-memset.patch
* nss-bmo1930797.patch
- update to NSS 3.107
* bmo#1923038 - Remove MPI fuzz targets.
* bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
* bmo#1919015 - Enable PKCS8 fuzz target.
* bmo#1923037 - Integrate Cryptofuzz in CI.
* bmo#1913677 - Part 2: Set tls server target socket options in config class
* bmo#1913677 - Part 1: Set tls client target socket options in config class
* bmo#1913680 - Support building with thread sanitizer.
* bmo#1922392 - set nssckbi version number to 2.72.
* bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4.
* bmo#1920641 - remove Security Communication RootCA3 root cert.
* bmo#1918559 - remove SecureSign RootCA11 root cert.
* bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
* bmo#1927096 - update expected error code in pk12util pbmac1 tests.
* bmo#1929041 - Use random tstclnt args with handshake collection script
* bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
* bmo#1928402 - Adding missing release notes for NSS_3_105.
* bmo#1874451 - Enable the disabled mlkem tests for dtls.
* bmo#1874451 - NSS gtests filter cleans up the constucted buffer
before the use.
* bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
* bmo#1925503 - Remove short circuit test from ssl_Init.
- fix build on loongarch64 (setting it as 64bit arch)
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
- update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
* bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
* bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
* bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
* bmo#1918767 - override default definition of KRML_MUSTINLINE
* bmo#1916525 - libssl support for mlkem768x25519
* bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
* bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
* bmo#1911912 - Avoid misuse of ctype(3) functions
* bmo#1917311 - part 2: run clang-format
* bmo#1917311 - part 1: upgrade to clang-format 13
* bmo#1916953 - clang-format fuzz
* bmo#1910370 - DTLS client message buffer may not empty be on retransmit
* bmo#1916413 - Optionally print config for TLS client and server
fuzz target
* bmo#1916059 - Fix some simple documentation issues in NSS.
* bmo#1915439 - improve performance of NSC_FindObjectsInit when
template has CKA_TOKEN attr
* bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
- update to NSS 3.104
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
* bmo#1911576 - Initialize NSS DB once
* bmo#1910361 - Additional ECH cipher suites and PSK hash types
* bmo#1903604 - Automate corpus file generation for TLS client Fuzzer
* bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE
* bmo#1910605 - clang-format shlibsign.c
- remove obsolete nss-reproducible-builds.patch
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783 - Adjust libFuzzer size limits
* bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm,
SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- update to NSS 3.102.1
* bmo#1905691 - ChaChaXor to return after the function
- update to NSS 3.102
* bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305.
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
* bmo#1660676 - correct length of raw SPKI data before printing in pp utility.
- Add nss-reproducible-chksums.patch to make NSS-build reproducible
Use key from openssl (bsc#1081723)
- Updated nss-fips-approved-crypto-non-ec.patch to exclude the
SHA-1 hash from SLI approval.
- Updated nss-fips-approved-crypto-non-ec.patch to not pass in
bad targetKeyLength parameters when checking for FIPS approval
after keygen. This was causing false rejections.
- Updated nss-fips-approved-crypto-non-ec.patch to approve
RSA signature verification mechanisms with PKCS padding and
legacy moduli (bsc#1222834).
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- libgcrypt
-
- Fix running the test suite in FIPS mode [bsc#1246934]
* Add libgcrypt-fix-pkcs12-test-in-FIPS-mode.patch
* Rebase libgcrypt-FIPS-SLI-kdf-leylength.patch
- gnutls
-
- Security fix bsc#1254132 CVE-2025-9820
* Fix buffer overflow in gnutls_pkcs11_token_init
* Added gnutls-CVE-2025-9820.patch
- gpgme
-
- Treat empty DISPLAY variable as unset. [bsc#1252425, bsc#1231055]
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Add gpgme-Treat-empty-DISPLAY-variable-as-unset.patch
* Reported upstream: dev.gnupg.org/T7919
- openssl-3
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- Disable LTO for userspace livepatching [jsc#PED-13245]
- libpng16
-
- security update
- added patches
CVE-2025-66293 [bsc#1254480], LIBPNG out-of-bounds read in png_image_read_composite
* libpng16-CVE-2025-66293-1.patch
* libpng16-CVE-2025-66293-2.patch
- security update
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng16-CVE-2025-64505.patch
CVE-2025-64506 [bsc#1254158], heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled
* libpng16-CVE-2025-64506.patch
CVE-2025-64720 [bsc#1254159], buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
* libpng16-CVE-2025-64720.patch
CVE-2025-65018 [bsc#1254160], heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
* libpng16-CVE-2025-65018.patch
- python311:base
-
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Readjusted patches:
- CVE-2023-52425-libexpat-2.6.0-backport.patch
- CVE-2023-52425-remove-reparse_deferral-tests.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- Update to 3.11.14:
- Security
- gh-139700: Check consistency of the zip64 end of central
directory record. Support records with “zip64 extensible data”
if there are no bytes prepended to the ZIP file
(CVE-2025-8291, bsc#1251305).
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
* Whitespaces no longer accepted between </ and the tag name. E.g.
</ script> does not end the script section.
* Vertical tabulation (\v) and non-ASCII whitespaces no longer
recognized as whitespaces. The only whitespaces are \t\n\r\f and
space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now
ignored, instead of terminating after the first > in quoted
attribute value. E.g. </script/foo=">"/>.
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. <a
foo=bar/ //>.
* Multiple = between attribute name and value are no longer
collapsed. E.g. <a foo==bar> produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the <script> tag is not closed. Patch by Waylan Limberg.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130577: tarfile now validates archives to ensure member
offsets are non-negative. (Contributed by Alexander Enrique
Urieles Nieto in gh-130577.)
- gh-135374: Update the bundled copy of setuptools to 79.0.1.
- Drop upstreamed patches:
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- CVE-2025-6069-quad-complex-HTMLParser.patch
- Add gh139257-Support-docutils-0.22.patch to fix build with latest
docutils (>=0.22) gh#python/cpython#139257
- Drop AppStream buildrequires and don't run appstreamcli validate
as part of the build process: the appdata.xml is not updated by
source directly, so we have more contol. Having Appstream or the
deprecated appstream-glib result in a build cycle.
- Require AppStream to validate appdata file instead of deprecated
appstream-glib.
- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
- sqlite3
-
- bsc#1252217: Add a %license file.
- bsc#1248586: Fix icu-enabled build.
- Update to version 3.50.4:
* Fix two long-standings cases of the use of uninitialized
variables in obscure circumstances.
- Update to version 3.50.3:
* Fix a possible memory error that can occur if a query is made
against against FTS5 index that has been deliberately corrupted
in a very specific way.
* Fix the parser so that it ignored SQL comments in all places of
a CREATE TRIGGER statement. This resolves a problem that was
introduced by the introduction of the
SQLITE_DBCONFIG_ENABLE_COMMENTS feature in version 3.49.0.
* Fix an incorrect answer due to over-optimization of an AND
operator.
- libssh
-
- Security fix: [CVE-2025-8277, bsc#1249375]
* Memory Exhaustion via Repeated Key Exchange
* Add patches:
- libssh-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch
- libssh-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch
- libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch
- Security fix: [CVE-2025-8114, bsc#1246974]
* NULL pointer dereference when calculating session ID during KEX
* Add libssh-CVE-2025-8114.patch
- libzypp
-
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install
(bsc#1246912)
- version 17.37.18 (35)
- uyuni-tools
-
- version 5.1.23-0
* Update the default tag to 5.1.1.1
- version 5.1.22-0
* Fix cobbler config migration to standalone files
* Fix generated DB certificate subject alternate names
- version 5.1.21-0
* Remove extraneous quotes when getting the running image
(bsc#1249434)
- version 5.1.20-0
* Add migration for server monitoring configuration (bsc#1247688)
- version 5.1.19-0
* Add a lowercase version of --logLevel (bsc#1243611)
* Stop executing scripts in temporary folder (bsc#1243704)
* support config: collect podman inspect for hub container
(bsc#1245099)
* Use new dedicated path for Cobbler settings (bsc#1244027)
* Migrate custom auto installation snippets (bsc#1246320)
* Add SUSE Linux Enterprise 15 SP7 to buildin productmap
* Fix loading product map from mgradm configuration file
(bsc#1246068)
* Fix channel override for distro copy
* Do not use sudo when running as a root user (bsc#1246882)
* Do not require backups to be at the same location for restoring
(bsc#1246906)
* Fix recomputing proxy images when installing a PTF or TEST
(bsc#1246553)
* Add mgradm server rename to change the server FQDN (bsc#1229825)
* If no DB SSL CA parameter is given, use the other one
(bsc#1245120)
* More fault tolerant mgradm stop (bsc#1243331)
* Backup systemd dropin directory too and create if missing
* Add 3rd party SSL options for upgrade and migration scenarios
* Do not consider stderr output of podman as an error
(bsc#1247836)
* Restore SELinux contexts for restored backup volumes
(bsc#1244127)
* Automatically get up-to-date systemid file on salt based proxy
hosts (bsc#1246789)
* Bump the default image tag to 5.1.1
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- pam
-
- Make sure that the buffer containing encrypted passwords get's erased,
before free.
[pam_modutil_get-overwrite-password-at-free.patch, bsc#1232234,
CVE-2024-10041]
- podman
-
- Add patch for CVE-2025-9566 (bsc#1249154):
* 0004-CVE-2025-9566-kube-play-don-t-follow-volume-symlinks.patch
- Rebase patches:
* 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
* 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch
* 0003-CVE-2025-6032-machine-init-fix-tls-check.patch
- Add patch for CVE-2025-6032 (bsc#1245320):
* 0003-CVE-2025-6032-machine-init-fix-tls-check.patch
- Add patch for bsc#1242132:
* 0002-Fix-Remove-appending-rw-as-the-default-mount-option.patch
- Rebase patches:
* 0001-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
- Removed patches:
* 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
* 0002-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
* 0003-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
- Drop iptables support in favor of nftables (required by netavark)
- Fix conditional Requires (remove deprecated sle_version macro)
- Update to version 5.4.2:
* Bump to v5.4.2
* Add release notes for v5.4.2
* Fix a potential deadlock during `podman cp`
* Improve the file format documentation of podman-import.
* Revert "podman-import only supports gz and tar"
* Bump buildah to v1.39.4
* libpod: do not cover idmapped mountpoint
* test: Fix runc error message
* oci: report empty exec path as ENOENT
* test: adapt tests new crun error messages
* test: remove duplicate test
* cirrus: test only on f41/rawhide
* CI: use z1d instance for windows machine testing
* New images 2025-03-24
* test/e2e: use go net.Dial() ov nc
* test: use ncat over nc
* New images 2025-03-12
* RPM: Add riscv64 to ExclusiveArch-es
* Fix HealthCheck log destination, count, and size defaults
* Win installer test: hardcode latest GH release ID
* Packit: Fix action script for fetching upstream commit
* Bump to v5.4.2-dev
* Bump to v5.4.1
* update gvproxy version to 0.8.4
* Update Buildah to v1.39.2
* Update release notes for v5.4.1
* Fix reporting summed image size for compat endpoint
* podman-import only supports gz and tar
* quadlet kube: correctly mark unit as failed
* pkg/domain/infra/abi/play.go: fix two nilness issues
* kube play: don't print start errors twice
* libpod: race in WaitForConditionWithInterval()
* libpod: race in WaitForExit() with autoremove
* Don't try to resolve host path if copying to container from stdin.
* Use svg for pkginstaller banner
* Create quota before _data dir for volumes
* Packit: clarify secondary status in CI
* Packit/RPM: Display upstream commit SHA in all rpm builds
* podman run: fix --pids-limit -1 wrt runc
* vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
* chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
* wire up --retry-delay for artifact pull
* Revert "silence false positve from golangci-lint"
* update golangci-lint to v1.64.4
* update golangci-lint to v1.64.2
* silence false positve from golangci-lint
* cmd/podman: refactor Context handling
* fix new usetesting lint issue
* Packit/Copr: Fix `podman version` in rpm
* Remove persist directory when cleaning up Conmon files
* Bump to v5.4.1-dev
* Bump to v5.4.0
* Update release notes for v5.4.0 final
* In SQLite state, use defaults for empty-string checks
* Bump FreeBSD version to 13.4
* docs: add v5.4 to API reference
* Update rpm/podman.spec
* RPM: set buildOrigin in LDFLAG
* RPM: cleanup macro defs
* Makefile: escape BUILD_ORIGIN properly
* rootless: fix hang on s390x
* Set Cirrus DEST_BRANCH appropriately to fix CI
* Bump to v5.4.0-dev
* Bump to v5.4.0-rc3
* Update release notes for v5.4.0-rc3
* Add BuildOrigin field to podman info
* artifact: only allow single manifest
* test/e2e: improve write/removeConf()
* Add --noheading to artifact ls
* Add --no-trunc to artifact ls
* Add type and annotations to artifact add
* pkg/api: honor cdi devices from the hostconfig
* util: replace Walk with WalkDir
* fix(pkg/rootless): avoid memleak during init() contructor.
* Add `machine init --playbook`
* RPM: include empty check to silence rpmlint
* RPM: adjust qemu dependencies
* Force use of iptables on Windows WSL
* rpm: add attr as dependency for podman-tests
* update gvproxy version
* [v5.4] Bump Buildah to v1.39.0
* podman exec: correctly support detaching
* libpod: remove unused ExecStartAndAttach()
* [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0
* Move detection of libkrun and intel
* Prevent two podman machines running on darwin
* Remove unnecessary error handling
* Remove usused Kind() function
* Bump to v5.4.0-dev
* Bump to v5.4.0-rc2
* Update release notes for v5.4.0-rc2
* Safer use of `filepath.EvalSymlinks()` on Windows
* error with libkrun on intel-based machines
* chore(deps): update dependency pytest to v8.3.4
* test/buildah-bud: skip two new problematic tests on remote
* Fix podman-restart.service when there are no containers
* Avoid upgrading from v5.3.1 on Windows
* Clean up after unexpectedly terminated build
* system-tests: switch ls with getfattr for selinux tests
* vendor latest c/{buildah,common,image,storage}
* Makefile: Add validatepr description for 'make help' output
* docs: Enhance podman build --secret documentation and add examples
* docs: mount.md - idmapped mounts only work for root user
* Define, and use, PodmanExitCleanlyWithOptions
* Eliminate PodmanSystemdScope
* Fix image ID query
* Revert "Use the config digest to compare images loaded/pulled using different methods"
* Update c/image after https://github.com/containers/image/pull/2613
* Update expected errors when pulling encrypted images
* Eliminate PodmanExtraFiles
* Introduce PodmanTestIntegration.PodmanWithOptions
* Restructure use of options
* Inline PodmanBase into callers
* Pass all of PodmanExecOptions to various [mM]akeOptions functions
* Turn PodmanAsUserBase into PodmanExecBaseWithOptions
* Avoid indirect links through quadlet(5)
* do not set the CreateCommand for API users
* Add podman manifest rm --ignore
* Bump to v5.4.0-dev
* Bump to v5.4.0-rc1
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2
* podman artifact
* vendor latest c/{common,image,storage}
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2
* cirrus: bump macos machine test timeout
* pkg/machine/e2e: improve podman.exe match
* pkg/machine/e2e: improve "list machine from all providers"
* Remove JSON tag from UseImageHosts in ContainerConfig
* Set network ID if available during container inspect
* Stop creating a patch for v5.3.1 upgrades on windows
* compose docs: fix typo
* Document kube-play CDI support
* docs: Add quadlet debug method systemd-analyze
* Replace instances of PodmanExitCleanly in play_kube_test.go
* docs: add 'initialized' state to status filters
* fix(deps): update module google.golang.org/protobuf to v1.36.3
* Switch all calls of assert.Nil to assert.NoError
* Add --no-hostname option
* Fix unescaping octal escape sequence in values of Quadlet unit files
* Remove `.exe` suffix if any
* Add kube play support for CDI resource allocation
* add support to `;` for comments in unit files as per systemd documentation
* Use PodmanExitCleanly in attach_test.go
* Introduce PodmanTestIntegration.PodmanExitCleanly
* chore(deps): update dependency setuptools to ~=75.8.0
* Add newer c/i to support artifacts
* fix(deps): update module golang.org/x/tools to v0.29.0
* fix(deps): update module golang.org/x/net to v0.34.0
* specgenutil: Fix parsing of mount option ptmxmode
* namespaces: allow configuring keep-id userns size
* Update description for completion
* Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless
* Document .build for Image .container option
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1
* New VM Images
* update golangci/golangci-lint to v1.63.4
* fix(deps): update module google.golang.org/protobuf to v1.36.2
* chore(deps): update dependency setuptools to ~=75.7.0
* Fixing ~/.ssh/identity handling
* vendor latest c/common from main
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12
* fix(deps): update module github.com/opencontainers/runc to v1.2.4
* specgen: fix comment
* Add hint to restart Podman machine to really accept new certificates
* fix(deps): update module github.com/onsi/gomega to v1.36.2
* fix(deps): update module github.com/moby/term to v0.5.2
* Pass container hostname to netavark
* Fix slirp4netns typo in podman-network.1.md
* Add support to ShmSize in Pods with Quadlet
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1
* chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
* fix(deps): update module golang.org/x/net to v0.33.0 [security]
* Kube volumes can not container _
* fix(deps): update module github.com/docker/docker to v27.4.1+incompatible
* test/system: fix "podman play --build private registry" error
* test/system: CopyDirectory() do not chown files
* test/system: remove system dial-stdio test
* shell completion: respect CONTAINERS_REGISTRIES_CONF
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6
* When generating host volumes for k8s, force to lowercase
* test: enable newly added test
* vfkit: Use 0.6.0 binary
* gvproxy: Use 0.8.1 binary
* systemd: simplify parser and fix infinite loop
* Revert "win-installer test: revert to v5.3.0"
* Avoid rebooting twice when installing WSL
* Avoid rebooting on Windows when upgrading and WSL isn't installed
* Add win installer patch
* Bump WiX toolset version to 5.0.2
* test/e2e: SkipOnOSVersion() add reason field
* test/e2e: remove outdated SkipOnOSVersion() calls
* Update VM images
* fix(deps): update module golang.org/x/crypto to v0.31.0 [security]
* fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0
* fix(deps): update module github.com/opencontainers/runc to v1.2.3
* quadlet: fix inter-dependency of containers in `Network=`
* Add man pages to Mac installer
* fix(deps): update module github.com/onsi/gomega to v1.36.1
* fix(deps): update module github.com/docker/docker to v27.4.0+incompatible
* Fix device limitations in podman-remote update on remote systems
* Use latest version of VS BuildTools
* bin/docker: fix broken escaping and variable substitution
* manifest annotate: connect IndexAnnotations
* Fix panic in `manifest annotate --index`
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5
* fix(deps): update module golang.org/x/net to v0.32.0
* fix(deps): update module golang.org/x/tools to v0.28.0
* fix(deps): update module golang.org/x/crypto to v0.30.0
* fix(deps): update module golang.org/x/sys to v0.28.0
* Fix overwriting of LinuxResources structure in the database
* api: replace inspectID with name
* fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563
* Replace ExclusiveArch with ifarch
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1
* Improve platform specific URL handling in `podman compose` for machines
* Fix `podman info` with multiple imagestores
* Switch to fixed common
* refact: use uptime.minutes instead of uptime.seconds
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11
* fix(deps): update golang.org/x/exp digest to 2d47ceb
* fix(deps): update github.com/godbus/dbus/v5 digest to c266b19
* Cover Unix socket in inpect test on Windows platform
* Add a test for forcing compression and v2s2 format
* fix(deps): update module github.com/crc-org/vfkit to v0.6.0
* Package podman-machine on supported architectures only.
* Fixes missing binary in systemd.
* stats: ignore errors from containers without cgroups
* api: Error checking before NULL dereference
* [skip-ci] Packit/copr: switch to fedora-all
* make remotesystem: fail early if serial tests fail
* spec: clamp rlimits without CAP_SYS_RESOURCE
* Clarify the reason for skip_if_remote
* Sanity-check that the test is really using partial pulls
* Fix apparent typos in zstd:chunked tests
* Fix compilation issues in QEMU machine files (Windows platform)
* Mount volumes before copying into a container
* Revert "libpod: remove shutdown.Unregister()"
* docs: improve documentation for internal networks
* docs: document bridge mode option
* [skip-ci] Packit: remove epel and re-enable c9s
* chore(deps): update dependency golangci/golangci-lint to v1.62.2
* vendor: update containers/common
* OWNERS: remove edsantiago
* fix(deps): update module github.com/onsi/gomega to v1.36.0
* fix(deps): update github.com/containers/common digest to ceceb40
* refact: EventerType and improve consistency
* Add --hosts-file flag to container and pod commands
* Add nohosts option to /build and /libpod/build
* fix(deps): update module github.com/stretchr/testify to v1.10.0
* Quadlet - Use = sign when setting the pull arg for build
* win-installer test: revert to v5.3.0
* fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0
* chore(deps): update dependency setuptools to ~=75.6.0
* Update windows installer tests
* Windows: don't install WSL/HyperV on update
* Switch to non-installing WSL by default
* fix(deps): update github.com/containers/buildah digest to 52437ef
* Configure HealthCheck with `podman update`
* CI: --image-volume test: robustify
* docs: add 5.3 as Reference version
* Bump CI VMs
* libpod: pass down NoPivotRoot to Buildah
* vendor: bump containers/buildah
* fix(deps): update module github.com/opencontainers/runc to v1.2.2
* Overlay mounts supersede image volumes & volumes-from
* libpod: addHosts() prevent nil deref
* only read ssh_config for non machine connections
* ssh_config: allow IdentityFile file with tilde
* ssh_config: do not overwrite values from config file
* connection: ignore errors when parsing ssh_config
* Bump bundled krunkit to 0.1.4
* fix(deps): update module google.golang.org/protobuf to v1.35.2
* add support for driver-specific options during container creation
* doc: fix words repetitions
* Update release notes on main for v5.3.0
* chore(deps): update dependency setuptools to ~=75.5.0
* CI: system tests: parallelize 010
* fix podman machine init --ignition-path
* vendor: update containers/common
* spec: clamp rlimits in a userns
* Add subpath support to volumes in `--mount` option
* refactor: simplify LinuxNS type definition and String method
* test/e2e: remove FIPS test
* vendor containers projects to tagged versions
* fix(deps): update module github.com/moby/sys/capability to v0.4.0
* chore(deps): update dependency setuptools to ~=75.4.0
* system tests: safer install_kube_template()
* Buildah treadmill tweaks
* update golangci-lint to v1.62.0
* fix(deps): update module golang.org/x/net to v0.31.0
* fix(deps): update module golang.org/x/tools to v0.27.0
* Revert "Reapply "CI: test nftables driver on fedora""
* Yet another bump, f41 with fixed kernel
* test: add zstd:chunked system tests
* pkg/machine/e2e: remove dead code
* fix(deps): update module golang.org/x/crypto to v0.29.0
* kube SIGINT system test: fix race in timeout handling
* New `system connection add` tests
* Update codespell to v2.3.0
* Avoid printing PR text to stdout in system test
* Exclude symlink from pre-commit end-of-file-fixer
* api: Add error check
* [CI:ALL] Bump main to v5.4.0-dev
* test/buildah-bud: build new inet helper
* test/system: add regression test for TZDIR local issue
* vendor latest c/{buildah,common,image,storage}
* Reapply "CI: test nftables driver on fedora"
* Revert "cirrus: test only on f40/rawhide"
* test f41 VMs
* AdditionalSupport for SubPath volume mounts
* wsl-e2e: Add a test to ensure port 2222 is free with usermode networking
* winmake.ps1: Fix the syntax of the function call Win-SSHProxy
* volume ls: fix race that caused it to fail
* gvproxy: Disable port-forwarding on WSL
* build: update gvisor-tap-vsock to 0.8.0
* podman: update roadmap
* Log network creation and removal events in Podman
* libpod: journald do not lock thread
* Add key to control if a container can get started by its pod
* Honor users requests in quadlet files
* CI: systests: workaround for parallel podman-stop flake
* Fix inconsistent line ending in win-installer project
* fix(deps): update module github.com/opencontainers/runc to v1.2.1
* Quadlet - support image file based mount in container file
* API: container logs flush status code
* rework event code to improve API errors
* events: remove memory eventer
* libpod: log file use Wait() over event API
* Makefile: vendor target should always remove toolchain
* cirrus: check consitent vendoring in test/tools
* test/tools/go.mod: remove toolchain
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.10
* fix(deps): update module github.com/onsi/gomega to v1.35.1
* doc: explain --interactive in more detail
* fix(deps): update golang.org/x/exp digest to f66d83c
* fix(deps): update github.com/opencontainers/runtime-tools digest to 6c9570a
* fix(deps): update github.com/linuxkit/virtsock digest to cb6a20c
* add default polling interval to Container.Wait
* Instrument cleanup tracer to log weird volume removal flake
* make podman-clean-transient.service work as user
* Add default remote socket path if empty
* Use current user if no user specified
* Add support for ssh_config for connection
* libpod: use pasta Setup() over Setup2()
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.21.0
* fix(deps): update module github.com/onsi/gomega to v1.35.0
* logformatter: add cleanup tracer log link
* docs: fix broken example
* docs: add missing swagger links for the stable branches
* readthedocs: build extra formats
* pkg/machine/e2e: remove debug
* fix(docs): Integrate pasta in rootless tutorial
* chore(deps): update dependency setuptools to ~=75.3.0
* libpod: report cgroups deleted during Stat() call
* chore: fix some function names in comment
* CI: parallelize 450-interactive system tests
* CI: parallelize 520-checkpoint tests
* CI: make 070-build.bats use safe image names
* test/system: add podman network reload test to distro gating
* System tests: clean up unit file leaks
* healthcheck: do not leak service on failed stop
* healthcheck: do not leak statup service
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.0
* Add Startup HealthCheck configuration to the podman inspect
* buildah version display: use progress()
* new showrun() for displaying and running shell commands
* Buildah treadmill: redo the .cirrus.yml tweaks
* Buildah treadmill: more allow-empty options
* Buildah treadmill: improve test-failure instructions
* Buildah treadmill: improve wording in test-fail instructions
* doc: Remove whitespace before comma
* fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.3.0
* ps: fix display of exposed ports
* ps: do not loop over port protocol
* readme: Add reference to pasta in the readme
* test/system: Fix spurious "duplicate tests" failures in pasta tests
* Improve "podman load - from URL"
* Try to repair c/storage after removing an additional image store
* Use the config digest to compare images loaded/pulled using different methods
* Simplify the additional store test
* Fix the store choice in "podman pull image with additional store"
* Bump to v5.3.0-dev
* Bump to v5.3.0-rc1
* Set quota on volume root directory, not _data
* fix(deps): update module github.com/opencontainers/runc to v1.2.0
* test: set soft ulimit
* Vagrantfile: Delete
* Enable pod restore with crun
* vendor: update c/{buildah,common,image,storage}
* Fix 330-corrupt-images.bats in composefs test runs
* quadlet: add default network dependencies to all units
* quadlet: ensure user units wait for the network
* add new podman-user-wait-network-online.service
* contrib/systemd: switch user symlink for file symlinks
* Makefile: remove some duplication from install.systemd
* contrib/systemd: move podman-auto-update units
* quadlet: do not reject RemapUsers=keep-id as root
* test/e2e: test quadlet with and without --user
* CI: e2e: fix checkpoint flake
* APIv2 test fix: image history
* pasta udp tests: new bytecheck helper
* Document packaging process
* [skip-ci] RPM: remove dup Provides
* Update dependency setuptools to ~=75.2.0
* System tests: safer pause-image creation
* Update module github.com/opencontainers/selinux to v1.11.1
* Added escaping to invoked powershell command for hyperv stubber.
* use slices.Clone instead of assignment
* libpod API: only return exit code without conditions
* Housekeeping: remove duplicates from success_task
* Thorough overhaul of CONTRIBUTING doc.
* api: Replace close function in condition body
* test/e2e: fix default signal exit code test
* Test new VM build
* CI: fix changing-rootFsSize flake
* scp: add option types
* Unlock mutex before returning from function
* Note in the README that we are moving to timed releases
* cirrus: let tar extract figure out the compression
* Make error messages more descriptive
* Mention containers.conf settings for podman machine commands
* [skip-ci] Packit: re-enable CentOS Stream 10/Fedora ELN teasks"
* cmd: use logrus to print error
* podman: do not set rlimits to the default value
* spec: always specify default rlimits
* vendor: update containers/common
* Note in the README that we are moving to timed releases
* Revert "CI: test nftables driver on fedora"
* cirrus: use zstd over bzip2 for repo archive
* cirrus: use shared repo_prep/repo_artifacts scripts
* cirrus: speed up postbuild
* cirrus: change alt arch task to only compile binaries
* cirrus: run make with parallel jobs where useful
* Makefile: allow man-page-check to be run in parallel
* cirrus: use fastvm for builds
* test/e2e: skip some Containerized checkpoint tests
* test: update timezone checks
* cirrus: update CI images
* test/e2e: try debug potential pasta issue
* CI: quadlet system tests: use airgapped testimage
* Allow removing implicit quadlet systemd dependencies
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.4
* libpod API: make wait endpoint better against rm races
* podman-remote run: improve how we get the exit code
* [skip-ci] Packit: constrain koji and bodhi jobs to fedora package to avoid dupes
* 055-rm test: clean up a test, and document
* CI: remove skips for libkrun
* Bump bundled krunkit to 0.1.3
* fix(deps): update module google.golang.org/protobuf to v1.35.0
* fix(deps): update module golang.org/x/net to v0.30.0
* server: fix url parsing in info
* fix(deps): update module golang.org/x/tools to v0.26.0
* Makefile: fix ginkgo FOCUS option
* fix(deps): update module golang.org/x/crypto to v0.28.0
* podman-systemd.unit.5: adjust example options
* docs: prefer --network to --net
* fix(deps): update module golang.org/x/term to v0.25.0
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.24
* fix(deps): update module golang.org/x/sys to v0.26.0
* OWNERS file audit and update
* Exposed ports are only included when not --net=host
* libpod: hasCurrentUserMapped checks for gid too
* [CI:DOCS] Document TESTFLAGS in test README file
* Validate the bind-propagation option to `--mount`
* Fix typo in secret inspect examples
* Mention `no_hosts` and `base_hosts_file` configs in CLI option docs
* Fixes for vendoring Buildah
* vendor: update buildah to latest
* Makefile - silence skipped tests when focusing on a file
* vendor: update to latest c/common
* Quadlet - prefer "param val" over "param=val" to allow env expansion
* System tests: sdnotify: wait for socket file creation
* Switch to moby/sys/capability
* platformInspectContainerHostConfig: rm dead code
* CI: require and test CI_DESIRED_NETWORK on RHEL
* Add ExposedPorts to Inspect's ContainerConfig
* fix(deps): update golang.org/x/exp digest to 701f63a
* quadlet: allow variables in PublishPort
* fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.9
* fix(deps): update github.com/godbus/dbus/v5 digest to a817f3c
* Document that zstd:chunked is downgraded to zstd when encrypting
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.3
* chore(deps): update dependency ubuntu to v24
* rpm: do not load iptables modules on f41+
* adding docs for network-cmd-path
* Include exposed ports in inspect output when net=host
* feat(libpod): support kube play tar content-type (#24015)
* podman mount: some better error wrapping
* podman mount: ignore ErrLayerUnknown
* Quadlet - make sure the order of the UnitsDir is deterministic
* packit: disable Centos Stream/fedora ELN teasks
* libpod: remove shutdown.Unregister()
* libpod: rework shutdown handler flow
* libpod: ensure we are not killed during netns creation
* Update module github.com/moby/sys/capability to v0.3.0
* Update documentation of `--no-hosts`, `--hostname`, and `--name` CLI options
* Update documentation of `--add-host` CLI option
* System tests: set a default XDG_RUNTIME_DIR
* Modify machine "Remove machine" test
* CORS system test: clean up
* Add --health-max-log-count, --health-max-log-size, --health-log-destination flags
* troubleshooting: adjust home path in tip 44
* test/system: For pasta port forwarding tests don't bind socat server
* Update connection on removal
* Simplify `RemoveConnections`
* Move `DefaultMachineName` to `pkg/machine/define`
* vendor: update containers/image
* vendor: update containers/storage
* CI: skip the flaking quadlet test
* CI: make systemd tests parallel-safe (*)
* CI: run and collect cleanup tracer logs
* add epbf program to trace podman cleanup errors
* CI: parallelize logs test as much as possible
* CI: format test: use local registry if available
* CI: make 700-play parallel-safe
* docs: Fix missing negation
* bin/docker support warning message suppression from user config dir
* Update module github.com/docker/docker to v27.3.1+incompatible
* Quadlet - add full support for Symlinks
* libpod: setupNetNS() correctly mount netns
* vendor latest c/common
* docs: remove usage of deprecated `--storage`
* Update module github.com/docker/docker to v27.3.0+incompatible
* CI: Quadlet rootfs test: use container image as rootfs
* CI: system test registry: use --net=host
* CI: rm system test: bump grace period
* CI: system tests: minor documentation on parallel
* fix typo in error message Fixes: containers/podman#24001
* CI: system tests: always create pause image
* CI: quadlet system test: be more forgiving
* vendor latest c/common
* CI: make 200-pod parallel-safe
* allow exposed sctp ports
* test/e2e: add netns leak check
* test/system: netns leak check for rootless as well
* test/system: Improve TODO comments on IPv6 pasta custom DNS forward test
* test/system: Clarify "Local forwarder" pasta tests
* test/system: Simplify testing for nameserver connectivity
* test/system: Consolidate "External resolver" pasta tests
* test/system: Move test for default forwarder into its own case
* CI: make 090-events parallel-safe
* Misc minor test fixes
* Add network namespace leak check
* Add workaround for buildah parallel bug
* registry: lock start attempts
* Update system test template and README
* bats log: differentiate parallel tests from sequential
* ci: bump system tests to fastvm
* clean_setup: create pause image
* CI: make 012-manifest parallel-safe
* podman-manifest-remove: update docs and help output
* test/system: remove wait workaround
* wait: fix handling of multiple conditions with exited
* Match output of Compat Top API to Docker
* system test parallelization: enable two-pass approach
* New VMs: test crun 1.17
* libpod: hides env secrets from container inspect
* CI: e2e: workaround for events out-of-sequence flake
* update golangci-lint to 1.61.0
* libpod: convert owner IDs only with :idmap
* Podman CLI --add-host with multiple host for a single IP
* Quadlet - Split getUnitDirs to small functions
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.5
* chore(deps): update dependency setuptools to ~=75.1.0
* Fxi typo in cache-ttl.md
* Get WSL disk as an OCI artifact
* CI: make 260-sdnotify parallel-safe
* quadlet: do not log ENOENT errors
* pkg/specgen: allow pasta when running inside userns
* troubleshooting: add tip about the user containers
* chore(deps): update dependency setuptools to v75
* Convert windows paths in volume arg of the build command
* Improve error when starting multiple machines
* fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.2
* Minor typo noticed when reading podman man page
* Remove `RemoveFilesAndConnections`
* Add `GetAllMachinesAndRootfulness`
* rewrite typo osascript
* typo
* fix(deps): update module github.com/docker/docker to v27.2.1+incompatible
* Add radio buttons to select WSL or Hyper-V in windows setup.exe
* [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
* [skip-ci] Packit: Enable sidetags for bodhi updates
* vendor: update c/common
* CI: make 710-kube parallel-safe
* CI: mark 320-system-df *NOT* parallel safe
* Add kube play support for image volume source
* refactor: add sshClient function
* fix(deps): update module golang.org/x/tools to v0.25.0
* CI: make 505-pasta parallel safe
* CI: make 020-tag parallel-safe
* CI: make 410-selinux parallel-safe
* Bump VMs. ShellCheck is now built-in
* troubleshooting: add tip about auto, keep-id, nomap
* libpod: make use of new pasta option from c/common
* vendor latest c/common
* podman images: sort repository with tags
* Remove containers/common/pkg/config from pkg/util
* fix(deps): update module golang.org/x/net to v0.29.0
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.23
* fix(deps): update module golang.org/x/crypto to v0.27.0
* Fix CI
* Detect and fix typos using codespell
* Fix typo: replace buildin with built-in
* Add codespell config, pre-commit definition, and move options from Makefile
* prune: support clearing build cache using CleanCacheMount
* test/e2e: fix network prune flake
* Add support for Job to kube generate & play
* Add podman-rootless.7 man page
* Add DNS, DNSOption and DNSSearch to quadlet pod
* podman.1.md: improve policy.json section
* e2e: flake fix: SIGPIPE in hook test
* libpod: fix rootless cgroup path with --cgroup-parent
* vendor: update c/storage
* CI: make 055-rm parallel-safe
* CI: make 130-kill parallel-safe
* CI: make 125-import parallel-safe
* CI: make 110-history parallel-safe
* CI: system tests: parallelize low-hanging fruit
* Add disclaimer to `podman machine info` manpage.
* man pages: refactor two more options
* update github.com/opencontainers/runc to v1.2.0-rc.3
* update go.etcd.io/bbolt to v1.3.11
* update github.com/onsi/{ginkgo,gomega}
* Update module github.com/shirou/gopsutil to v4
* packit: update fedora and epel targets
* bump go to 1.22
* cirrus: test only on f40/rawhide
* cirrus: remove CI_DESIRED_NETWORK reference
* cirrus: prebuild use f40 for extra tests
* chore(deps): update dependency setuptools to ~=74.1.0
* libpod: fix HostConfig.Devices output from 'podman inspect' on FreeBSD
* fix(deps): update golang.org/x/exp digest to 9b4947d
* Implement publishing API UNIX socket on Windows platforms
* Vendor c/common:8483ef6022b4
* quadlet: support container network reusing
* docs: update read the docs changes
* CI: parallel-safe network system test
* Quadlet - Support multiple image tags in .build files
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.3
* cirrus: remove _bail_if_test_can_be_skipped
* cirrus: move renovate check into validate
* cirrus: remove 3rd party connectivity check
* cirrus: remove cross jobs for aarch64 and x86_64
* cirrus: do not upload alt arch cross artifacts
* cirrus: remove ginkgo-e2e.json artifact
* cirrus: fix default timeouts
* github: remove fcos-podman-next-build-prepush
* Clarify podman machine volume mounting behavior under WSL
* machine: Add -all-providers flag to machine list
* Create a podman-troubleshooting man page
* chore(deps): update dependency setuptools to v74
* fix(deps): update module github.com/docker/docker to v27.2.0+incompatible
* Fix an improperly ignored error in SQLite
* CI: flake workaround: ignore socat waitpid warnings
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.1
* Stop skipping machine volume test on Hyper-V
* cleanup: add new --stopped-only option
* fix races in the HTTP attach API
* cirrus: skip windows/macos machine task on RHEL branches
* Update module github.com/containers/gvisor-tap-vsock to v0.7.5
* run: fix detach passthrough and --rmi
* podman run: ignore image rm error
* Add support for AddHost in quadlet .pod and .container
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.3
* update github.com/vishvananda/netlink to v1.3.0
* build: Update gvisor-tap-vsock to 0.7.5
* Quote systemd DefaultEnvironment Proxy values, as documented in systemd.conf man page:
* fix typo in podman-network-create.1.md
* Use HTTP path prefix of TCP connections to match Docker context behavior
* Makefile: remotesystem: use real podman server, no --url
* Update module github.com/openshift/imagebuilder to v1.2.15
* CI: parallel-safe userns test
* Update module github.com/onsi/ginkgo/v2 to v2.20.1
* Add support for IP in quadlet .pod files
* Specify format to use for referencing fixed bugs.
* CI: parallel-safe run system test
* Revert "test/e2e: work around for pasta issue"
* CI: On vX.Y-rhel branches, ensure that some downstream Jira issue is linked
* quadlet: support user mapping in pod unit
* Update Release Process
* Test new VM build
* command is not optional to podman exec
* CI: parallel-safe namespaces system test
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.60.2
* quadlet: add key CgroupsMode
* Fix `podman stop` and `podman run --rmi`
* quadlet: set infra name to %s-infra
* chore(deps): update dependency setuptools to v73
* [skip-ci] Packit: update targets for propose-downstream
* Do not segfault on hard stop
* Fix description of :Z to talk about pods
* CI: disable ginkgo flake retries
* vendor: update go-criu to latest
* golangci-lint: make darwin linting happy
* golangci-lint: make windows linting happy
* test/e2e: remove kernel version check
* golangci-lint: remove most skip dirs
* set !remote build tags where needed
* update golangci-lint to 1.60.1
* test/e2e: rm systemd start test
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.8.1
* podman wait: allow waiting for removal of containers
* libpod: remove UpdateContainerStatus()
* podman mount: fix storage/libpod ctr race
* CI: quadlet tests: make parallel-safe
* CI: system tests: make random_free_port() parallel-safe
* remove trailing comma in example
* CI: format test: make parallel-safe
* Fix podman-docker.sh under -eu shells (fixes #23628)
* docs: update podman-wait man page
* libpod: remove duplicated HasVolume() check
* podman volume rm --force: fix ABBA deadlock
* test/system: fix network cleanup restart test
* libpod: do not stop pod on init ctr exit
* libpod: simplify WaitForExit()
* CI: remove build-time quay check
* Fix known_hosts file clogging and remote host id
* Update docker.io/library/golang Docker tag to v1.23
* Update dependency setuptools to ~=72.2.0
* Update module github.com/docker/docker to v27.1.2+incompatible
* healthcheck system check: reduce raciness
* CI: healthcheck system test: make parallel-safe
* Validate renovate config in every PR
* pkg/machine: Read stderr from ssh-keygen correctly
* Fix renovate config syntax error
* CI: 080-pause.bats: make parallel-safe
* CI: 050-stop.bats: make parallel-safe
* Additional potential race condition on os.Readdir
* pkg/bindings/containers: handle ignore for stop
* remote: fix invalid --cidfile + --ignore
* Update/simplify renovate config header comment
* Migrate renovate config to latest schema
* Fix race condition when listing /dev
* docs/podman-systemd: Try to clarify `Exec=` more
* libpod: reset state error on init
* test/system: pasta_test_do add explicit port check
* test/e2e: work around new push warning
* vendor: update c/common to latest
* stopIfOnlyInfraRemains: log all errors
* libpod: do not save expected stop errors in ctr state
* libpod: fix broken saveContainerError()
* Quadlet: fix filters failure when the search paths are symlinks
* readme: replace GPG with PGP
* Drop APIv2 CNI configuration
* De-duplicate docker-py testing
* chore(podmansnoop): explain why crun comm is 3
* libpod: cleanupNetwork() return error
* fix(deps): update module golang.org/x/sys to v0.24.0
* Reduce python APIv2 test net dependency
* Fix not testing registry.conf updates
* test/e2e: improve command timeout handling
* Update module github.com/onsi/ginkgo/v2 to v2.20.0
* Update module github.com/moby/sys/user to v0.3.0
* Add passwd validate and generate steps
* podman container cleanup: ignore common errors
* Quadlet - Allow the user to override the default service name
* CI: e2e: serialize root containerPort tests
* Should not force conversion of manifest type to DockerV2ListMediaType
* fix(deps): update module golang.org/x/tools to v0.24.0
* fix(deps): update github.com/containers/common digest to 05b2e1f
* CI: mount system test: parallelize
* Update module golang.org/x/net to v0.28.0
* Ignore ERROR_SHARING_VIOLATION error on windows
* CI: manifest system tests: make parallel-safe
* Create volume path before state initialization
* vendor: update c/storage
* CI: fix broken libkrun test
* test/e2e: work around for pasta issue
* test/e2e: fix missing exit code checks
* Test new CI images
* Remove another race condition when mounting containers or images
* fix(deps): update github.com/containers/common digest to c0cc6b7
* Change Windows installer MajorUpgrade Schedule
* Ignore missing containers when calling GetExternalContainerLists
* Remove runc edit to lock to specific version
* fix(deps): update module golang.org/x/sys to v0.23.0
* CI: podman-machine: do not use cache registry
* CI: completion system test: use safename
* Temporarly disable failing Windows Installer CI test
* libpod: fix volume copyup with idmap
* libpod: avoid hang on errors
* Temp. disable PM basic Volume ops test
* Add libkrun Mac task
* Never skip checkout step in release workflow
* System tests: leak_test: readable output
* fix(deps): update github.com/docker/go-plugins-helpers digest to 45e2431
* vendor: bump c/common
* Version: bump to v5.3.0-dev
* libpod: inhibit SIGTERM during cleanup()
* Tweak versions in register_images.go
* fix network cleanup flake in play kube
* WIP: Fixes for vendoring Buildah
* Add --compat-volumes option to build and farm build
* Bump to Buildah v1.37.0
* Quadlet test - Split between success, warning and error cases
* libpod: bind ports before network setup
* Disable compose-warning-logs if PODMAN_COMPOSE_WARNING_LOGS=false
* Use new syntax for selinux options in quadlet
* fix(deps): update module github.com/onsi/gomega to v1.34.1
* CI: kube test: fix broken external-storage test
* Update dependency setuptools to v72
* Convert additional build context paths on Windows
* pkg/api: do not leak config pointers into specgen
* Quadlet - Allow the user to set the service name for .pod files
* Quadlet tests - allow overriding the expected service name
* fix(deps): update module github.com/moby/sys/user to v0.2.0
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.5
* CI: enable root user namespaces
* libpod: force rootfs for OCI path with idmap
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.1
* Add test steps for automount with multi images
* CI: cp tests: use safename
* [skip-ci] RPM: podman-iptables.conf only on Fedora
* CI: 700-play: fix a leaked non-safename
* test: check that kube generate/play restores the userns
* test: disable artifacts cache with composefs
* test: fix podman pull tests
* vendor: bump c/storage
* Update module github.com/cyphar/filepath-securejoin to v0.3.1
* Add /run/containers/systemd, ${XDG_RUNTIME_DIR}/containers/systemd quadlet dirs
* build: Update gvisor-tap-vsock to 0.7.4
* test/system: fix borken pasta interface name checks
* test/system: fix bridge host.containers.internal test
* api: honor the userns for the infra container
* play: handle 'private' as 'auto'
* kube: record infra user namespace
* infra: user ns annotation higher precedence
* specgenutil: record the pod userns in the annotations
* kube: invert branches
* CI: system log test: use safe names
* Update encryption tests to avoid a warning if zstd:chunked is the default
* Fix "podman pull and decrypt"/"from local registry"
* Use unique image names for the encrypted test images
* CI: system tests: instrument to allow failure analysis
* Fix outdated comment for the build step win-gvproxy
* Add utility to convert VMFile to URL for UNIX sockets
* Run codespell on source
* fix(deps): update module github.com/docker/docker to v27.1.0+incompatible
* chore(deps): update dependency setuptools to ~=71.1.0
* logformatter: tweaks to pass html tidy
* More information for podman --remote build and running out of space.
* Fix windows installer deleting machine provider config file
* Use uploaded .zip for Windows action
* pr-should-include-tests: no more CI:DOCS override
- Depend on runc unconditionally, not only on SLE 15 (bsc#1239088)
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- python311
-
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Readjusted patches:
- CVE-2023-52425-libexpat-2.6.0-backport.patch
- CVE-2023-52425-remove-reparse_deferral-tests.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- Update to 3.11.14:
- Security
- gh-139700: Check consistency of the zip64 end of central
directory record. Support records with “zip64 extensible data”
if there are no bytes prepended to the ZIP file
(CVE-2025-8291, bsc#1251305).
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
* Whitespaces no longer accepted between </ and the tag name. E.g.
</ script> does not end the script section.
* Vertical tabulation (\v) and non-ASCII whitespaces no longer
recognized as whitespaces. The only whitespaces are \t\n\r\f and
space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now
ignored, instead of terminating after the first > in quoted
attribute value. E.g. </script/foo=">"/>.
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. <a
foo=bar/ //>.
* Multiple = between attribute name and value are no longer
collapsed. E.g. <a foo==bar> produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the <script> tag is not closed. Patch by Waylan Limberg.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130577: tarfile now validates archives to ensure member
offsets are non-negative. (Contributed by Alexander Enrique
Urieles Nieto in gh-130577.)
- gh-135374: Update the bundled copy of setuptools to 79.0.1.
- Drop upstreamed patches:
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- CVE-2025-6069-quad-complex-HTMLParser.patch
- Add gh139257-Support-docutils-0.22.patch to fix build with latest
docutils (>=0.22) gh#python/cpython#139257
- Drop AppStream buildrequires and don't run appstreamcli validate
as part of the build process: the appdata.xml is not updated by
source directly, so we have more contol. Having Appstream or the
deprecated appstream-glib result in a build cycle.
- Require AppStream to validate appdata file instead of deprecated
appstream-glib.
- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
- runc
-
- Update to runc v1.3.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362
- Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
- Remove upstreamed patches for bsc#1252232:
- 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Backport patches for three CVEs. All three vulnerabilities ultimately allow
(through different methods) for full container breakouts by bypassing runc's
restrictions for writing to arbitrary /proc files. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
+ 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Update to runc v1.2.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.7>.
- Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
- Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
- Fix runc 1.3.x builds on SLE-12 by enabling --std=gnu11.
- Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
- selinux-policy
-
- Update to version 20241031+git12.52417acff:
* Mark configfs_t as mountpoint (bsc#1246080, bsc#1250628)
- Update to version 20241031+git10.f4f74e9f2:
* Label /var/livepatches as lib_t for ULP on micro (bsc#1228879, bsc#1249832)
- supportutils-plugin-suse-public-cloud
-
- Update to version 1.0.9 (bsc#1218762, bsc#1218763)
+ Remove duplicate data collection for the plugin itself
+ Collect archive metering data when available
+ Query billing flavor status
- proxy-httpd-image
-
n/a
- proxy-salt-broker-image
-
n/a
- proxy-squid-image
-
n/a
- proxy-ssh-image
-
n/a
- proxy-tftpd-image
-
n/a
- vim
-
- Add patches:
* vim-9.1.1134-revert-putty-terminal-colors.patch
* reorder-exit-raw-mode.patch
- Remove obsoleted patches:
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
* vim-7.3-mktemp_tutor.patch
- Refresh patches:
* vim-7.3-sh_is_bash.patch
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
9.1.1176: wrong indent when expanding multiple lines
9.1.1175: inconsistent behaviour with exclusive selection and motion commands
9.1.1174: tests: Test_complete_cmdline() may fail
9.1.1173: filetype: ABNF files are not detected
9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
9.1.1171: tests: wrong arguments passed to assert_equal()
9.1.1170: wildmenu highlighting in popup can be improved
9.1.1169: using global variable for get_insert()/get_lambda_name()
9.1.1168: wrong flags passed down to nextwild()
9.1.1167: mark '] wrong after copying text object
9.1.1166: command-line auto-completion hard with wildmenu
9.1.1165: diff: regression with multi-file diff blocks
9.1.1164: [security]: code execution with tar.vim and special crafted tar files
9.1.1163: $MYVIMDIR is set too late
9.1.1162: completion popup not cleared in cmdline
9.1.1161: preinsert requires bot "menu" and "menuone" to be set
9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
9.1.1159: $MYVIMDIR may not always be set
9.1.1158: :verbose set has wrong file name with :compiler!
9.1.1157: command completion wrong for input()
9.1.1156: tests: No test for what patch 9.1.1152 fixes
9.1.1155: Mode message not cleared after :silent message
9.1.1154: Vim9: not able to use autoload class accross scripts
9.1.1153: build error on Haiku
9.1.1152: Patch v9.1.1151 causes problems
9.1.1151: too many strlen() calls in getchar.c
9.1.1150: :hi completion may complete to wrong value
9.1.1149: Unix Makefile does not support Brazilian lang for the installer
9.1.1148: Vim9: finding imported scripts can be further improved
9.1.1147: preview-window does not scroll correctly
9.1.1146: Vim9: wrong context being used when evaluating class member
9.1.1145: multi-line completion has wrong indentation for last line
9.1.1144: no way to create raw strings from a blob
9.1.1143: illegal memory access when putting a register
9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
9.1.1141: Misplaced comment in readfile()
9.1.1140: filetype: m17ndb files are not detected
9.1.1139: [fifo] is not displayed when editing a fifo
9.1.1138: cmdline completion for :hi is too simplistic
9.1.1137: ins_str() is inefficient by calling STRLEN()
9.1.1136: Match highlighting marks a buffer region as changed
9.1.1135: 'suffixesadd' doesn't work with multiple items
9.1.1134: filetype: Guile init file not recognized
9.1.1133: filetype: xkb files not recognized everywhere
9.1.1132: Mark positions wrong after triggering multiline completion
9.1.1131: potential out-of-memory issue in search.c
9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
9.1.1129: missing out-of-memory test in buf_write()
9.1.1128: patch 9.1.1119 caused a regression with imports
9.1.1127: preinsert text is not cleaned up correctly
9.1.1126: patch 9.1.1121 used a wrong way to handle enter
9.1.1125: cannot loop through pum menu with multiline items
9.1.1124: No test for 'listchars' "precedes" with double-width char
9.1.1123: popup hi groups not falling back to defaults
9.1.1122: too many strlen() calls in findfile.c
9.1.1121: Enter does not insert newline with "noselect"
9.1.1120: tests: Test_registers fails
9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
9.1.1118: tests: test_termcodes fails
9.1.1117: there are a few minor style issues
9.1.1116: Vim9: super not supported in lambda expressions
9.1.1115: [security]: use-after-free in str_to_reg()
9.1.1114: enabling termguicolors automatically confuses users
9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
9.1.1112: Inconsistencies in get_next_or_prev_match()
9.1.1111: Vim9: variable not found in transitive import
9.1.1110: Vim tests are slow and flaky
9.1.1109: cmdexpand.c hard to read
9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
9.1.1107: cannot loop through completion menu with fuzzy
9.1.1106: tests: Test_log_nonexistent() causes asan failure
9.1.1105: Vim9: no support for protected new() method
9.1.1104: CI: using Ubuntu 22.04 Github runners
9.1.1103: if_perl: still some compile errors with Perl 5.38
9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename
9.1.1101: insexpand.c hard to read
9.1.1100: tests: Test_log_nonexistent only works on Linux
9.1.1099: Vim9: import with extends may crash
9.1.1098: leaking memory with completing multi lines
9.1.1097: --log with non-existent path causes a crash
9.1.1096: if_perl: Perl 5.38 adds new symbols causing link failure
9.1.1095: tests: matchparen plugin test wrongly named
9.1.1094: Vim9: problem finding implemented method in type hierarchy
9.1.1093: tests: output of test ...win32_ctrl_z depends on python version
9.1.1092: tests: fix expected return code for python 3.13 on Windows
9.1.1091: tests: timeout might be a bit too small
9.1.1090: tests: test_terminwscroll_topline2 unreliable
9.1.1089: tests: No check when tests are run under Github actions
9.1.1088: tests: plugin tests are named inconsistently
9.1.1087: Vim9: import with extends may crash
9.1.1086: completion doesn't work with multi lines
9.1.1085: filetype: cmmt files are not recognized
9.1.1084: Unable to persistently ignore events in a window and its buffers
9.1.1083: setreg() doesn't correctly handle mbyte chars in blockwise mode
9.1.1082: unexpected DCS responses may cause out of bounds reads
9.1.1081: has('bsd') is true for GNU/Hurd
9.1.1080: filetype: Mill files are not recognized
9.1.1079: GUI late startup leads to uninitialized scrollbars
9.1.1078: Terminal ansi colors off by one after tgc reset
9.1.1077: included syntax items do not understand contains=TOP
9.1.1076: vim_strnchr() is strange and unnecessary
9.1.1075: Vim9: len variable not used in compile_load()
9.1.1074: Strange error when heredoc marker starts with "trim"
9.1.1073: tests: test_compiler fails on Windows without Maven
9.1.1072: 'diffopt' "linematch" cannot be used with {n} less than 10
9.1.1071: args missing after failing to redefine a function
9.1.1070: Cannot control cursor positioning of getchar()
9.1.1069: preinsert text completions not deleted with <C-W>/<C-U>
9.1.1068: getchar() can't distinguish between C-I and Tab
9.1.1067: tests: Test_termwinscroll_topline2 fails on MacOS
9.1.1066: heap-use-after-free and stack-use-after-scope with :14verbose
9.1.1065: no digraph for "Approaches the limit"
9.1.1064: not possible to use plural forms with gettext()
9.1.1063: too many strlen() calls in userfunc.c
9.1.1062: terminal: E315 when dragging the terminal with the mouse
9.1.1061: tests: test_glvs fails when unarchiver not available
9.1.1060: Vim always enables 'termguicolors' in a terminal
9.1.1059: completion: input text deleted with preinsert when adding leader
9.1.1058: translation(sr): Missing Serbian translation for the tutor
9.1.1057: Superfluous cleanup steps in test_ins_complete.vim
9.1.1056: Vim doesn't highlight to be inserted text when completing
9.1.1055: make install fails because of a missing dependency
9.1.1054: Vim doesn't work well with TERM=xterm-direct
9.1.1053: "nosort" enables fuzzy filtering even if "fuzzy" isn't in 'completeopt'
9.1.1052: tests: off-by-one error in CheckCWD in test_debugger.vim
9.1.1051: tests: no support for env variables when running Vim in terminal
9.1.1050: too many strlen() calls in os_unix.c
9.1.1049: insert-completed items are always sorted
9.1.1048: crash after scrolling and pasting in silent Ex mode
9.1.1047: Makefiles uses non-portable syntax
9.1.1046: fuzzymatching doesn't prefer matching camelcase
9.1.1045: filetype: N-Tripels and TriG files are not recognized
9.1.1044: Vim9: Patch 9.1.1014 causes regressions
9.1.1043: [security]: segfault in win_line()
9.1.1042: filetype: just files are not recognized
9.1.1041: Vim9: out-of-bound access when echoing an enum
9.1.1040: Vim9: imported type cannot be used as func return type
9.1.1039: Vim9: comments are outdated
9.1.1038: tests: test_channel.py fails with IPv6
9.1.1037: Vim9: confusing error when using abstract method via super
9.1.1036: make install fails when using shadowdir
9.1.1035: Vim9: memory leak with blob2str()
9.1.1033: Vim9: compiling abstract method fails without return
9.1.1033: tests: shaderslang was removed from test_filetype erroneously
9.1.1032: link error when FEAT_SPELL not defined
9.1.1031: Coverity complains about insecure data handling
9.1.1030: filetype: setting bash filetype is backwards incompatible
9.1.1029: the installer can be improved
9.1.1028: too many strlen() calls in screen.c
9.1.1027: no sanitize check when running linematch
9.1.1026: filetype: swc configuration files are not recognized
9.1.1025: wrong return type of blob2str()
9.1.1024: blob2str/str2blob() do not support list of strings
9.1.1023: Coverity complains about dereferencing NULL pointer
9.1.1022: linematch option value not completed
9.1.1021: string might be used without a trailing NUL
9.1.1020: no way to get current selected item in a async context
9.1.1019: filetype: fd ignore files are not recognized
9.1.1018: v9.1.0743 causes regression with diff mode
9.1.1017: Vim9: Patch 9.1.1013 causes a few problems
9.1.1016: Not possible to convert string2blob and blob2string
9.1.1015: Coverity complains about dereferencing NULL value
9.1.1014: Vim9: variable not found in transitive import
9.1.1013: Vim9: Regression caused by patch v9.1.0646
9.1.1012: Vim9: class interface inheritance not correctly working
9.1.1011: popupmenu internal error with some abbr in completion item
9.1.1010: filetype: VisualCode setting file not recognized
9.1.1009: diff feature can be improved
9.1.1008: tests: test for patch 9.1.1006 doesn't fail without the patch
9.1.1007: filetype: various ignore are not recognized
9.1.1006: PmenuMatch completion highlight can be combined
9.1.1005: completion text is highlighted even with no pattern found
9.1.1004: tests: a few termdebug tests are flaky
9.1.1003: [security]: heap-buffer-overflow with visual mode
9.1.1002: Vim9: unknown func error with interface declaring func var
9.1.1001: ComplMatchIns highlight hard to read on light background
9.1.1000: tests: ruby tests fail with Ruby 3.4
9.1.0999: Vim9: leaking finished exception
9.1.0998: filetype: TI assembly files are not recognized
9.1.0997: too many strlen() calls in drawscreen.c
9.1.0996: ComplMatchIns may highlight wrong text
9.1.0995: filetype: shaderslang files are not detected
9.1.0994: Vim9: not able to use comment after opening curly brace
9.1.0993: New 'cmdheight' behavior may be surprising
9.1.0992: Vim9: double-free after v9.1.0988
9.1.0991: v:stacktrace has wrong type in Vim9 script
9.1.0990: Inconsistent behavior when changing cmdheight
9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error
9.1.0988: Vim9: no error when using uninitialized var in new()
9.1.0987: filetype: cake files are not recognized
9.1.0986: filetype: 'jj' filetype is a bit imprecise
9.1.0985: Vim9: some ex commands can be shortened
9.1.0984: exception handling can be improved
9.1.0983: not able to get the displayed items in complete_info()
9.1.0982: TI linker files are not recognized
9.1.0981: tests: typo in test_filetype.vim
9.1.0980: no support for base64 en-/decoding functions in Vim Script
9.1.0979: VMS: type warning with $XDG_VIMRC_FILE
9.1.0978: GUI tests sometimes fail when setting 'scroll' options
9.1.0977: filetype: msbuild filetypes are not recognized
9.1.0976: Vim9: missing return statement with throw
9.1.0975: Vim9: interpolated string expr not working in object methods
9.1.0974: typo in change of commit v9.1.0873
9.1.0973: too many strlen() calls in fileio.c
9.1.0972: filetype: TI linker map files are not recognized
9.1.0971: filetype: SLNX files are not recognized
9.1.0970: VMS: build errors on VMS architecture
9.1.0969: ghostty not using kitty protocol by default
9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name
9.1.0967: SpotBugs compiler setup can be further improved
9.1.0966: Vim9: :enum command can be shortened
9.1.0965: filetype: sh filetype set when detecting the use of bash
9.1.0964: MS-Windows: sed error with MinGW
9.1.0963: fuzzy-matching does not prefer full match
9.1.0962: filetype: bun.lock file is not recognized
9.1.0961: filetype: TI gel files are not recognized
9.1.0960: filetype: hy history files are not recognized
9.1.0959: Coverity complains about type conversion
9.1.0958: filetype: supertux2 config files detected as lisp
9.1.0957: MS-Windows: conversion warnings
9.1.0956: completion may crash, completion highlight wrong with preview window
9.1.0955: Vim9: vim9compile.c can be further improved
9.1.0954: popupmenu.c can be improved
9.1.0953: filetype: APKBUILD files not correctly detected
9.1.0952: Vim9: missing type checking for any type assignment
9.1.0951: filetype: jshell files are not recognized
9.1.0950: filetype: fennelrc files are not recognized
9.1.0949: popups inconsistently shifted to the left
9.1.0948: Missing cmdline completion for :pbuffer
9.1.0947: short-description
9.1.0946: cross-compiling fails on osx-arm64
9.1.0945: ComplMatchIns highlight doesn't end after inserted text
9.1.0944: tests: test_registers fails when not run under X11
9.1.0943: Vim9: vim9compile.c can be further improved
9.1.0942: a few typos were found
9.1.0941: ComplMatchIns doesn't work after multibyte chars
9.1.0940: Wrong cursor shape with "gq" and 'indentexpr' executes :normal
9.1.0939: make installtutor fails
9.1.0938: exclusive selection not respected when re-selecting block mode
9.1.0937: test_undolist() is flaky
9.1.0936: cannot highlight completed text
9.1.0935: SpotBugs compiler can be improved
9.1.0934: hard to view an existing buffer in the preview window
9.1.0933: Vim9: vim9compile.c can be further improved
9.1.0932: new Italian tutor not installed
9.1.0931: ml_get error in terminal buffer
9.1.0930: tests: test_terminal2 may hang in GUI mode
9.1.0929: filetype: lalrpop files are not recognized
9.1.0928: tests: test_popupwin fails because the filter command fails
9.1.0927: style issues in insexpand.c
9.1.0926: filetype: Pixi lock files are not recognized
9.1.0925: Vim9: expression compiled when not necessary
9.1.0924: patch 9.1.0923 causes issues
9.1.0923: too many strlen() calls in filepath.c
9.1.0923: wrong MIN macro in popupmenu.c
9.1.0921: popupmenu logic is a bit convoluted
9.1.0920: Vim9: compile_assignment() too long
9.1.0919: filetype: some assembler files are not recognized
9.1.0918: tiny Vim crashes with fuzzy buffer completion
9.1.0917: various vartabstop and shiftround bugs when shifting lines
9.1.0916: messages.c is exceeding 80 columns
9.1.0915: GVim: default font size a bit too small
9.1.0914: Vim9: compile_assignment() is too long
9.1.0913: no error check for neg values for 'messagesopt'
9.1.0912: xxd: integer overflow with sparse files and -autoskip
9.1.0911: Variable name for 'messagesopt' doesn't match short name
9.1.0910: 'messagesopt' does not check max wait time
9.1.0909: Vim9: crash when calling instance method
9.1.0908: not possible to configure :messages
9.1.0907: printoptions:portrait does not change postscript Orientation
9.1.0906: filetype: Nvidia PTX files are not recognized
9.1.0905: Missing information in CompleteDone event
9.1.0904: Vim9: copy-paste error in class_defining_member()
9.1.0903: potential overflow in spell_soundfold_wsal()
9.1.0902: filetype: Conda configuration files are not recognized
9.1.0901: MS-Windows: vimtutor batch script can be improved
9.1.0900: Vim9: digraph_getlist() does not accept bool arg
9.1.0899: default for 'backspace' can be set in C code
9.1.0898: runtime(compiler): pytest compiler not included
9.1.0897: filetype: pyrex files are not detected
9.1.0896: completion list wrong after v9.1.0891
9.1.0895: default history value is too small
9.1.0894: No test for what the spotbug compiler parses
9.1.0893: No test that undofile format does not regress
9.1.0892: the max value of 'tabheight' is limited by other tabpages
9.1.0891: building the completion list array is inefficient
9.1.0890: %! item not allowed for 'rulerformat'
9.1.0889: Possible unnecessary redraw after adding/deleting lines
9.1.0888: leftcol property not available in getwininfo()
9.1.0887: Wrong expression in sign.c
9.1.0886: filetype: debian control file not detected
9.1.0885: style of sign.c can be improved
9.1.0884: gcc warns about uninitialized variable
9.1.0883: message history cleanup is missing some tests
9.1.0882: too many strlen() calls in insexpand.c
9.1.0881: GUI: message dialog may not get focus
9.1.0880: filetype: C3 files are not recognized
9.1.0879: source is not consistently formatted
9.1.0878: termdebug: cannot enable DEBUG mode
9.1.0877: tests: missing test for termdebug + decimal signs
9.1.0876: filetype: openCL files are not recognized
9.1.0875: filetype: hyprlang detection can be improved
9.1.0874: filetype: karel files are not detected
9.1.0873: filetype: Vivado files are not recognized
9.1.0872: No test for W23 message
9.1.0871: getcellpixels() can be further improved
9.1.0870: too many strlen() calls in eval.c
9.1.0869: Problem: curswant not set on gm in folded line
9.1.0868: the warning about missing clipboard can be improved
9.1.0867: ins_compl_add() has too many args
9.1.0866: filetype: LLVM IR files are not recognized
9.1.0865: filetype: org files are not recognized
9.1.0864: message history is fixed to 200
9.1.0863: getcellpixels() can be further improved
9.1.0862: 'wildmenu' not enabled by default in nocp mode
9.1.0861: Vim9: no runtime check for object member access of any var
9.1.0860: tests: mouse_shape tests use hard code sleep value
9.1.0859: several problems with the GLVS plugin
9.1.0858: Coverity complains about dead code
9.1.0857: xxd: --- is incorrectly recognized as end-of-options
9.1.0856: mouseshape might be wrong on r and gr
9.1.0855: setting 'cmdheight' may cause hit-enter-prompt
9.1.0854: cannot get terminal cell size
9.1.0853: filetype: kubernetes config file not recognized
9.1.0852: No warning when X11 registers are not available
9.1.0851: too many strlen() calls in getchar.c
9.1.0850: Vim9: cannot access nested object inside objects
9.1.0849: there are a few typos in the source
9.1.0848: if_lua: v:false/v:true are not evaluated to boolean
9.1.0847: tests: test_popupwin fails because of updated help file
9.1.0846: debug symbols for xxd are not cleaned in Makefile
9.1.0845: vimtutor shell script can be improved
9.1.0844: if_python: no way to pass local vars to python
9.1.0843: too many strlen() calls in undo.c
9.1.0842: not checking for the sync() systemcall
9.1.0841: tests: still preferring python2 over python3
9.1.0840: filetype: idris2 files are not recognized
9.1.0839: filetype: leo files are not recognized
9.1.0838: vimtutor is bash-specific
9.1.0837: cross-compiling has some issues
9.1.0836: The vimtutor can be improved
9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
9.1.0834: tests: 2html test fails
9.1.0833: CI: recent ASAN changes do not work for indent tests
9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
9.1.0831: 'findexpr' can't be used as lambad or Funcref
9.1.0830: using wrong highlight group for spaces for popupmenu
9.1.0829: Vim source code uses a mix of tabs and spaces
9.1.0828: string_T struct could be used more often
9.1.0827: CI: tests can be improved
9.1.0826: filetype: sway files are not recognized
9.1.0825: compile error for non-diff builds
9.1.0824: too many strlen() calls in register.c
9.1.0823: filetype: Zephyr overlay files not recognized
9.1.0822: topline might be changed in diff mode unexpectedly
9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
9.1.0820: tests: Mac OS tests are too flaky
9.1.0819: tests: using findexpr and imported func not tested
9.1.0818: some global functions are only used in single files
9.1.0817: termdebug: cannot evaluate expr in a popup
9.1.0816: tests: not clear what tests cause asan failures
9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
9.1.0814: mapset() may remove unrelated mapping
9.1.0813: no error handling with setglobal and number types
9.1.0812: Coverity warns about dereferencing NULL ptr
9.1.0811: :find expansion does not consider 'findexpr'
9.1.0810: cannot easily adjust the |:find| command
9.1.0809: filetype: petalinux config files not recognized
9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
9.1.0807: tests: having 'nolist' in modelines isn't always desired
9.1.0806: tests: no error check when setting global 'briopt'
9.1.0805: tests: minor issues in gen_opt_test.vim
9.1.0804: tests: no error check when setting global 'cc'
9.1.0803: tests: no error check when setting global 'isk'
9.1.0802: tests: no error check when setting global 'fdm' to empty value
9.1.0801: tests: no error check when setting global 'termwinkey'
9.1.0800: tests: no error check when setting global 'termwinsize'
9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
9.1.0798: too many strlen() calls in cmdhist.c
9.1.0797: testing of options can be further improved
9.1.0796: filetype: libtool files are not recognized
9.1.0795: filetype: Vivado memory info file are not recognized
9.1.0794: tests: tests may fail on Windows environment
9.1.0793: xxd: -e does add one extra space
9.1.0792: tests: Test_set_values() is not comprehensive enough
9.1.0791: tests: errors in gen_opt_test.vim are not shown
9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
9.1.0789: tests: ':resize + 5' has invalid space after '+'
9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
9.1.0787: cursor position changed when using hidden terminal
9.1.0786: tests: quickfix update test does not test location list
9.1.0785: cannot preserve error position when setting quickfix list
9.1.0784: there are several problems with python 3.13
9.1.0783: 'spell' option setting has problems
9.1.0782: tests: using wrong neomuttlog file name
9.1.0781: tests: test_filetype fails
9.1.0780: MS-Windows: incorrect Win32 error checking
9.1.0779: filetype: neomuttlog files are not recognized
9.1.0778: filetype: lf config files are not recognized
9.1.0777: filetype: Some upstream php files are not recognized
9.1.0776: test_strftime may fail because of missing TZ data
9.1.0775: tests: not enough tests for setting options
9.1.0774: "shellcmdline" doesn't work with getcompletion()
9.1.0773: filetype: some Apache files are not recognized
9.1.0772: some missing changes from v9.1.0771
9.1.0771: completion attribute hl_group is confusing
9.1.0770: current command line completion is a bit limited
9.1.0769: filetype: MLIR files are not recognized
9.1.0768: MS-Windows: incorrect cursor position when restoring screen
9.1.0767: A condition is always true in ex_getln.c
9.1.0766: too many strlen() calls in ex_getln.c
9.1.0765: No test for patches 6.2.418 and 7.3.489
9.1.0764: [security]: use-after-free when closing a buffer
9.1.0763: tests: cannot run single syntax tests
9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
9.1.0761: :cd completion fails on Windows with backslash in path
9.1.0760: tests: no error reported, if gen_opt_test.vim fails
9.1.0759: screenpos() may return invalid position
9.1.0758: it's possible to set an invalid key to 'wildcharm'
9.1.0757: tests: messages files contains ANSI escape sequences
9.1.0756: missing change from patch v9.1.0754
9.1.0755: quickfix list does not handle hardlinks well
9.1.0754: fixed order of items in insert-mode completion menu
9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
9.1.0752: can set 'cedit' to an invalid value
9.1.0751: Error callback for term_start() not used
9.1.0750: there are some Win9x legacy references
9.1.0749: filetype: http files not recognized
9.1.0748: :keep* commmands are sometimes misidentified as :k
9.1.0747: various typos in repo found
9.1.0746: tests: Test_halfpage_longline() fails on large terminals
9.1.0745: filetype: bun and deno history files not recognized
9.1.0744: filetype: notmuch configs are not recognised
9.1.0743: diff mode does not handle overlapping diffs correctly
9.1.0742: getcmdprompt() implementation can be improved
9.1.0741: No way to get prompt for input()/confirm()
9.1.0740: incorrect internal diff with empty file
9.1.0739: [security]: use-after-free in ex_getln.c
9.1.0738: filetype: rapid files are not recognized
9.1.0737: tests: screendump tests may require a bit more time
9.1.0736: Unicode tables are outdated
9.1.0735: filetype: salt files are not recognized
9.1.0734: filetype: jinja files are not recognized
9.1.0733: keyword completion does not work with fuzzy
9.1.0732: xxd: cannot use -b and -i together
9.1.0731: inconsistent case sensitive extension matching
9.1.0730: Crash with cursor-screenline and narrow window
9.1.0729: Wrong cursor-screenline when resizing window
9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
9.1.0727: too many strlen() calls in option.c
9.1.0726: not using correct python3 API with dynamic linking
9.1.0725: filetype: swiftinterface files are not recognized
9.1.0724: if_python: link error with python 3.13 and stable ABI
9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
9.1.0722: crash with large id in text_prop interface
9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
9.1.0718: hard to know the users personal Vim Runtime Directory
9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
9.1.0716: resetting setcellwidth() doesn't update the screen
9.1.0715: Not correctly parsing color names (after v9.1.0709)
9.1.0714: tests: GuiEnter_Turkish test may fail
9.1.0713: Newline causes E749 in Ex mode
9.1.0712: tests: missing dependency of Test_gettext_makefile
9.1.0711: tests: test_xxd may file when using different xxd
9.1.0710: popup window may hide part of Command line
9.1.0709: GUIEnter event not found in Turkish locale
9.1.0708: Recursive window update does not account for reset skipcol
9.1.0707: [security]: invalid cursor position may cause a crash
9.1.0706: tests: test_gettext fails when using shadow dir
9.1.0705: Sorting of fuzzy filename completion is not stable
9.1.0704: inserting with a count is inefficient
9.1.0703: crash with 2byte encoding and glob2regpat()
9.1.0702: Patch 9.1.0700 broke CI
9.1.0701: crash with NFA regex engine when searching for composing chars
9.1.0700: crash with 2byte encoding and glob2regpat()
9.1.0699: "dvgo" is not always an inclusive motion
9.1.0698: tests: "Untitled" file not removed when running Test_crash1_3 alone
9.1.0697: [security]: heap-buffer-overflow in ins_typebuf
9.1.0696: installing runtime files fails when using SHADOWDIR
9.1.0695: tests: test_crash leaves Untitled file around
9.1.0694: matchparen is slow on a long line
9.1.0693: Configure doesn't show result when not using python3 stable abi
9.1.0692: Wrong patlen value in ex_substitute()
9.1.0691: python3: stable-abi may cause segfault on Python 3.11
9.1.0690: cannot set special highlight kind in popupmenu
9.1.0689: [security]: buffer-overflow in do_search() with 'rightleft'
9.1.0688: Vim9: dereferences NULL pointer in check_type_is_value()
9.1.0687: Makefile may not install desktop files
9.1.0686: zip-plugin has problems with special characters
9.1.0685: too many strlen() calls in usercmd.c
9.1.0684: completion is inserted on Enter with "noselect"
9.1.0683: mode() returns wrong value with <Cmd> mapping
9.1.0682: Vim9: Segfault with uninitialized funcref
9.1.0681: tests: Analyzing failed screendumps is hard
9.1.0680: VMS does not have defined uintptr_t
9.1.0679: Rename from w_closing to w_locked is incomplete
9.1.0678: [security]: use-after-free in alist_add()
9.1.0677: :keepp does not retain the substitute pattern
9.1.0676: style issues with man pages
9.1.0675: Patch v9.1.0674 causes problems
9.1.0674: Vim9: compiling abstract method fails because of missing return
9.1.0673: Vim9: too recursive func calls when calling super-class method
9.1.0672: marker folds may get corrupted on undo
9.1.0670: po file encoding fails on *BSD during make
9.1.0669: if_python: stable python ABI not used by default
9.1.0668: build-error with python3.12 and stable ABI
9.1.0667: Some other options reset curswant unnecessarily when set
9.1.0666: assert_equal() doesn't show multibyte string correctly
9.1.0665: Locked variable can be changed in a :for loop
9.1.0664: MS-Windows: console vim did not switch back to main screen on exit
9.1.0663: tests: zip test still resets 'shellslash' option
9.1.0662: filecopy() may return wrong value when readlink() fails
9.1.0661: the zip plugin is not tested.
9.1.0660: MS-Windows: Shift-Insert does work on old conhost
9.1.0659: MS-Windows: MSVC Makefile is a bit hard to read
9.1.0658: Coverity warns about dereferencing NULL pointer.
9.1.0657: MS-Windows: MSVC build time can be optimized
9.1.0656: MS-Windows: MSVC Makefile CPU handling can be improved
9.1.0655: filetype: goaccess config file not recognized
9.1.0654: completion does not respect completeslash with fuzzy
9.1.0653: Patch v9.1.0648 not completely right
9.1.0652: too many strlen() calls in syntax.c
9.1.0651: ex: trailing dot is optional for :g and :insert/:append
9.1.0650: Coverity warning in cstrncmp()
9.1.0649: Wrong comment for "len" argument of call_simple_func()
9.1.0648: [security] double-free in dialog_changed()
9.1.0647: [security] use-after-free in tagstack_clear_entry
9.1.0646: Vim9: imported function may not be found
9.1.0645: regex: wrong match when searching multi-byte char case-insensitive
9.1.0644: Unnecessary STRLEN() when applying mapping
9.1.0643: terminal: cursor may end up on invalid position
9.1.0642: Check that mapping rhs starts with lhs fails if not simplified
9.1.0641: MS-Windows: OLE enabled in console version
9.1.0640: Mingw: Makefile can be improved
9.1.0639: channel timeout may wrap around
9.1.0638: E1510 may happen when formatting a message for smsg()
9.1.0637: MS-Windows: Style issues in MSVC Makefile
9.1.0636: filetype: ziggy files are not recognized
9.1.0635: filetype: SuperHTML template files not recognized
9.1.0634: Ctrl-P not working by default
9.1.0633: Compilation warnings with `-Wunused-parameter`
9.1.0632: MS-Windows: Compiler Warnings
9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
9.1.0629: Rename of pum hl_group is incomplete
9.1.0628: MinGW: coverage files are not cleaned up
9.1.0627: MinGW: build-error when COVERAGE is enabled
9.1.0626: Vim9: need more tests with null objects
9.1.0625: tests: test output all translated messages for all translations
9.1.0624: ex command modifiers not found
9.1.0623: Mingw: errors when trying to delete non-existing files
9.1.0622: MS-Windows: mingw-build can be optimized
9.1.0621: MS-Windows: startup code can be improved
9.1.0620: Vim9: segfauls with null objects
9.1.0619: tests: test_popup fails
9.1.0618: cannot mark deprecated attributes in completion menu
9.1.0617: Cursor moves beyond first line of folded end of buffer
9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
9.1.0615: Unnecessary STRLEN() in make_percent_swname()
9.1.0614: tests: screendump tests fail due to recent syntax changes
9.1.0613: tests: termdebug test may fail and leave file around
9.1.0612: filetype: deno.lock file not recognized
9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
9.1.0610: filetype: OpenGL Shading Language files are not detected
9.1.0609: outdated comments in Makefile
9.1.0608: Coverity warns about a few potential issues
9.1.0607: termdebug: uses inconsistent style
9.1.0606: tests: generated files may cause failure in test_codestyle
9.1.0605: internal error with fuzzy completion
9.1.0604: popup_filter during Press Enter prompt seems to hang
9.1.0603: filetype: use correct extension for Dracula
9.1.0602: filetype: Prolog detection can be improved
9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
9.1.0600: Unused function and unused error constants
9.1.0599: Termdebug: still get E1023 when specifying arguments
9.1.0598: fuzzy completion does not work with default completion
9.1.0597: KeyInputPre cannot get the (unmapped typed) key
9.1.0596: filetype: devscripts config files are not recognized
9.1.0595: make errors out with the po Makefile
9.1.0594: Unnecessary redraw when setting 'winfixbuf'
9.1.0593: filetype: Asymptote files are not recognized
9.1.0592: runtime: filetype: Mediawiki files are not recognized
9.1.0591: filetype: *.wl files are not recognized
9.1.0590: Vim9: crash when accessing getregionpos() return value
9.1.0589: vi: d{motion} and cw work differently than expected
9.1.0588: The maze program no longer compiles on newer clang
9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
9.1.0586: ocaml runtime files are outdated
9.1.0585: tests: test_cpoptions leaves swapfiles around
9.1.0584: Warning about redeclaring f_id() non-static
9.1.0583: filetype: *.pdf_tex files are not recognized
9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
9.1.0581: Various lines are indented inconsistently
9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
9.1.0579: Ex command is still executed after giving E1247
9.1.0578: no tests for :Tohtml
9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
9.1.0576: tests: still an issue with test_gettext_make
9.1.0575: Wrong comments in alt_tabpage()
9.1.0574: ex: wrong handling of commands after bar
9.1.0573: ex: no implicit print for single addresses
9.1.0572: cannot specify tab page closing behaviour
9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
9.1.0570: tests: test_gettext_make can be improved
9.1.0569: fnamemodify() treats ".." and "../" differently
9.1.0568: Cannot expand paths from 'cdpath' setting
9.1.0567: Cannot use relative paths as findfile() stop directories
9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
9.1.0565: Stop directory doesn't work properly in 'tags'
9.1.0564: id() can be faster
9.1.0563: Cannot process any Key event
9.1.0562: tests: inconsistency in test_findfile.vim
9.1.0561: netbeans: variable used un-initialized (Coverity)
9.1.0560: bindtextdomain() does not indicate an error
9.1.0559: translation of vim scripts can be improved
9.1.0558: filetype: prolog detection can be improved
9.1.0557: moving in the buffer list doesn't work as documented
9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
9.1.0555: filetype: angular ft detection is still problematic
9.1.0554: :bw leaves jumplist and tagstack data around
9.1.0553: filetype: *.mcmeta files are not recognized
9.1.0552: No test for antlr4 filetype
9.1.0551: filetype: htmlangular files are not properly detected
9.1.0550: filetype: antlr4 files are not recognized
9.1.0549: fuzzycollect regex based completion not working as expected
9.1.0548: it's not possible to get a unique id for some vars
9.1.0547: No way to get the arity of a Vim function
9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
9.1.0545: MSVC conversion warning
9.1.0544: filetype: ldapconf files are not recognized
9.1.0543: Behavior of CursorMovedC is strange
9.1.0542: Vim9: confusing string() output for object functions
9.1.0541: failing test with Vim configured without channel
9.1.0540: Unused assignment in sign_define_cmd()
9.1.0539: Not enough tests for what v9.1.0535 fixed
9.1.0538: not possible to assign priority when defining a sign
9.1.0537: signed number detection for CTRL-X/A can be improved
9.1.0536: filetype: zone files are not recognized
9.1.0535: newline escape wrong in ex mode
9.1.0534: completion wrong with fuzzy when cycling back to original
9.1.0533: Vim9: need more tests for nested objects equality
9.1.0532: filetype: Cedar files not recognized
9.1.0531: resource leak in mch_get_random()
9.1.0530: xxd: MSVC warning about non-ASCII character
9.1.0529: silent! causes following try/catch to not work
9.1.0528: spell completion message still wrong in translations
9.1.0527: inconsistent parameter in Makefiles for Vim executable
9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
9.1.0525: Right release selects immediately when pum is truncated.
9.1.0524: the recursive parameter in the *_equal functions can be removed
9.1.0523: Vim9: cannot downcast an object
9.1.0522: Vim9: string(object) hangs for recursive references
9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
9.1.0520: Vim9: incorrect type checking for modifying lists
9.1.0519: MS-Windows: libvterm compilation can be optimized
9.1.0518: initialize the random buffer can be improved
9.1.0517: MS-Windows: too long lines in Make_mvc.mak
9.1.0516: need more tests for nested dicts and list comparision
9.1.0515: Vim9: segfault in object_equal()
9.1.0514: Vim9: issue with comparing objects recursively
9.1.0513: Vim9: segfault with object comparison
9.1.0512: Mode message for spell completion doesn't match allowed keys
9.1.0511: CursorMovedC triggered wrongly with setcmdpos()
9.1.0510: CI: test_gettext fails on MacOS14 + MSVC Win
9.1.0509: not possible to translate Vim script messages
9.1.0508: termdebug plugin can be further improved
9.1.0507: hard to detect cursor movement in the command line
9.1.0506: filetype: .envrc & .prettierignore not recognized
9.1.0505: filetype: Faust files are not recognized
9.1.0504: inner-tag textobject confused about ">" in attributes
9.1.0503: cannot use fuzzy keyword completion
9.1.0502: MS-Windows: too much legacy code
9.1.0501: too complicated mapping restore in termdebug
9.1.0500: cannot switch buffer in a popup
9.1.0499: MS-Windows: doesn't handle symlinks properly
9.1.0498: getcmdcompltype() interferes with cmdline completion
9.1.0497: termdebug can be further improved
9.1.0496: matched text is highlighted case-sensitively
9.1.0495: Matched text isn't highlighted in cmdline pum
9.1.0494: Wrong matched text highlighted in pum with 'rightleft'
9.1.0493: Test for patch 9.1.0489 doesn't fail without the fix
9.1.0492: filetype: Vim-script files not detected by shebang line
9.1.0491: Cmdline pum doesn't work properly with 'rightleft'
9.1.0490: minor style problems with patch 9.1.0487
9.1.0489: default completion may break with fuzzy
9.1.0488: Wrong padding for pum "kind" with 'rightleft'
9.1.0487: completed item not update on fuzzy completion
9.1.0486: filetype: Snakemake files are not recognized
9.1.0485: Matched text shouldn't be highlighted in "kind" and "menu"
9.1.0484: Sorting of completeopt+=fuzzy is not stable
9.1.0483: glob() not sufficiently tested
9.1.0482: termdebug plugin needs more love
9.1.0481: Vim9: term_getjob() throws an exception on error
9.1.0480: fuzzy string matching executed when not needed
9.1.0479: fuzzy_match_str_with_pos() does unnecessary list operations
9.1.0478: potential deref of NULL pointer in fuzzy_match_str_with_pos
9.1.0477: block_editing errors out when using <enter>
9.1.0476: Cannot see matched text in popup menu
9.1.0475: cmod_split modifier is always reset in term_start()
9.1.0474: CI: Test_ColonEight() fails on github runners
9.1.0473: term_start() does not clear vertical modifier
9.1.0472: Inconsistencies between functions for option flags
9.1.0471: Crash when using autocmd_get() after removing event inside autocmd
9.1.0470: tests: Test_ColonEight_MultiByte() fails sporadically
9.1.0469: Cannot have buffer-local value for 'completeopt'
9.1.0468: GvimExt does not consult HKEY_CURRENT_USER
9.1.0467: typos in some comments
9.1.0466: Missing comments for fuzzy completion
9.1.0465: missing filecopy() function
9.1.0464: no whitespace padding in commentstring option in ftplugins
9.1.0463: no fuzzy-matching support for insert-completion
9.1.0462: eval5() and eval7 are too complex
9.1.0461: too many strlen() calls in drawline.c
9.1.0460: filetype: lintstagedrc files are not recognized
9.1.0459: Vim9: import autoload does not work with symlink
9.1.0458: Coverity complains about division by zero
9.1.0457: tests: test_gui fails on Wayland
9.1.0456: Left shift is incorrect with vartabstop and shiftwidth=0
9.1.0455: MS-Windows: compiler warning for size_t to int conversion
9.1.0454: minor issues in test_filetype with rasi test
9.1.0453: filetype: rasi files are not recognized
9.1.0452: Configure checks for libelf unnecessarily
9.1.0451: No test for escaping '<' with shellescape()
9.1.0450: evalc. code too complex
9.1.0449: MS-Windows: Compiler warnings
9.1.0448: compiler warning in eval.c
9.1.0447: completion may be wrong when deleting all chars
9.1.0446: getregionpos() inconsistent for partly-selected multibyte char
9.1.0445: Coverity warning after 9.1.0440
9.1.0444: Not enough tests for getregion() with multibyte chars
9.1.0443: Can't use blockwise selection with width for getregion()
9.1.0442: hare runtime files outdated
9.1.0441: getregionpos() can't properly indicate positions beyond eol
9.1.0440: function get_lval() is too long
9.1.0439: Cannot filter the history
9.1.0438: Wrong Ex command executed when :g uses '?' as delimiter
9.1.0437: Motif requires non-const char pointer for XPM data
9.1.0436: Crash when using '?' as separator for :s
9.1.0435: filetype: cygport files are not recognized
9.1.0434: make errors trying to access autoload/zig
9.1.0433: Wrong yanking with exclusive selection and ve=all
9.1.0432: Ancient XPM preprocessor hack may cause build errors
9.1.0431: eval.c is too long
9.1.0430: getregionpos() doesn't handle one char selection
9.1.0429: Coverity complains about eval.c refactor
9.1.0428: Tag guessing leaves wrong search history with very short names
9.1.0427: tests: some issues with termdebug mapping test
9.1.0426: too many strlen() calls in search.c
9.1.0425: filetype: purescript files are not recognized
9.1.0424: filetype: slint files are not recognized
9.1.0423: getregionpos() wrong with blockwise mode and multibyte
9.1.0422: function echo_string_core() is too long
9.1.0421: filetype: hyprlang files are not recognized
9.1.0420: :browse oldfiles prompts even with single entry
9.1.0419: eval.c not sufficiently tested
9.1.0418: Cannot move to previous/next rare word
9.1.0417: if_py: find_module has been removed in Python 3.12.0a7
9.1.0416: some screen dump tests can be improved
9.1.0415: Some functions are not tested
9.1.0414: Unable to leave long line with 'smoothscroll' and 'scrolloff'
9.1.0413: smoothscroll may cause infinite loop
9.1.0412: typo in regexp_bt.c in DEBUG code
9.1.0411: too long functions in eval.c
9.1.0410: warning about uninitialized variable
9.1.0409: too many strlen() calls in the regexp engine
9.1.0408: configure fails on Fedora when including perl
9.1.0407: Stuck with long line and half-page scrolling
9.1.0406: Divide by zero with getmousepos() and 'smoothscroll'
9.1.0405: tests: xxd buffer overflow fails on 32-bit
9.1.0404: [security] xxd: buffer-overflow with specific flags
9.1.0403: Vim9: not able to import file from start dir
9.1.0402: filetype: mdd files detected as zsh filetype
9.1.0401: filetype: zsh module files are not recognized
9.1.0400: Vim9: confusing error message for unknown type
9.1.0399: block_editing errors out when using del
9.1.0398: Vim9: imported vars are not properly type checked
9.1.0397: Wrong display with 'smoothscroll' when changing quickfix list
9.1.0396: filetype: jj files are not recognized
9.1.0395: getregionpos() may leak memory on error
9.1.0394: Cannot get a list of positions describing a region
9.1.0393: 'viewdir' not respecting $XDG_CONFIG_HOME
9.1.0392: tests: Vim9 debug tests may be flaky
9.1.0391: Vim9: could improve testing
9.1.0390: filetype: inko files are not recognized
9.1.0389: filetype: templ files are not recognized
9.1.0388: cursor() and getregion() don't handle v:maxcol well
9.1.0387: Vim9: null value tests not sufficient
9.1.0386: filetype: stylus files not recognized
9.1.0385: Vim9: crash with null_class and null_object
9.1.0384: tests: vt420 terminfo entry may not be found
9.1.0383: filetype: .out files recognized as tex files
9.1.0382: filetype: Kbuild files are not recognized
9.1.0381: cbuffer and similar commands don't accept a range
9.1.0380: Calculating line height for unnecessary amount of lines
9.1.0379: There are a few typos
9.1.0378: Vim9: no comments allowed after class vars
9.1.0377: Formatting text wrong when 'breakindent' is set
9.1.0376: Vim9: Trailing commands after class/enum keywords ignored
9.1.0375: tests: 1-second delay after Test_BufEnter_botline()
9.1.0374: wrong botline in BufEnter
9.1.0373: ops.c code uses too many strlen() calls
9.1.0372: Calling CLEAR_FIELD() on the same struct twice
9.1.0371: Vim9: compile_def_function() still too long
9.1.0370: MS-Windows: patch number is zero in installer
9.1.0369: Vim9: problem when importing autoloaded scripts
9.1.0368: MS-Windows: Hard to define the Vim Patchlevel with leading zeroes
9.1.0367: compile_def_function is too long
9.1.0366: filetype: ondir files are not recognized
9.1.0365: Crash when typing many keys with D- modifier
9.1.0364: tests: test_vim9_builtin is a bit slow
9.1.0363: tests: test_winfixbuf is a bit slow
9.1.0362: expanding rc config files does not work well
9.1.0361: Vim9: vim9type.c is too complicated
9.1.0360: Vim9: does not handle autoloaded variables well
9.1.0359: MS-Windows: relative import in a script sourced from a buffer doesn't work
9.1.0358: wrong drawing in GUI with setcellwidth()
9.1.0357: Page scrolling should place cursor at window boundaries
9.1.0356: MS-Windows: --remote may change working directory
9.1.0355: filetype: flake.lock files are not recognized
9.1.0354: runtime(uci): No support for uci file types
9.1.0353: tests: Test_autoload_import_relative_compiled fails on Windows
9.1.0352: Finding cmd modifiers and cmdline-specials is inefficient
9.1.0351: No test that completing a partial mapping clears 'showcmd'
9.1.0350: tests: test_vim9_dissamble may fail
9.1.0349: Vim9: need static type for typealias
9.1.0348: X11 does not ignore smooth scroll event
9.1.0347: A few typos in test_xdg when testing gvimrc
9.1.0346: Patch v9.1.0338 fixed sourcing a script with import
9.1.0345: Problem: gvimrc not sourced from XDG_CONFIG_HOME
9.1.0344: Cursor wrong after using setcellwidth() in terminal
9.1.0343: 'showcmd' wrong for partial mapping with multibyte
9.1.0342: tests: test_taglist fails when 'helplang' contains non-english
9.1.0341: Problem: a few memory leaks are found
9.1.0340: Problem: Error with matchaddpos() and empty list
9.1.0339: tests: xdg test uses screen dumps
9.1.0338: Vim9: import through symlinks not correctly handled
9.1.0337: Missing entry for XDG vimrc file in :version
9.1.0336: tests: typo in test_xdg
9.1.0335: String interpolation fails for List type
9.1.0334: No test for highlight behavior with 'ambiwidth'
9.1.0333: tests: test_xdg fails on the appimage repo
9.1.0332: tests: some assert_equal() calls have wrong order of args
9.1.0331: make install does not install all files
- zypper
-
- Fixed `bash-completion`: `zypper refresh` now ignores
repository priority lines.
- Changes to support building against restructured libzypp in
stack build (bsc#1230267)
- version 1.14.94