- cloud-netconfig:ec2
-
- Update to version 1.18
+ Fix issue with link-local address routing (bsc#1258730)
- Update to version 1.17
+ Do not set broadcast address explicitly (bsc#1258406)
- crypto-policies
-
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable and prioritize sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- curl-CVE-2026-3805.patch
- gpg2
-
- Fix Y2K38 FTBFS:
* gpg2 quick-key-manipulation test FTBFS-2038 (bsc#1251214)
* Upstream issue: dev.gnupg.org/T8096
* Add gnupg-gpgscm-New-operator-long-time-t-to-detect-proper-tim.patch
- kernel-source:kernel-default
-
- ASoC: nau8821: Cancel pending work before suspend (git-fixes).
- ASoC: nau8821: Cancel delayed work on component remove
(git-fixes).
- commit b862c94
- spi: wpcm-fiu: Fix potential NULL pointer dereference in
wpcm_fiu_probe() (git-fixes).
- thermal: int340x: Fix sysfs group leak on DLVR registration
failure (stable-fixes).
- watchdog: imx7ulp_wdt: handle the nowayout option
(stable-fixes).
- wifi: ath10k: fix lock protection in
ath10k_wmi_event_peer_sta_ps_state_chg() (stable-fixes).
- wifi: rtw89: pci: restore LDO setting after device resume
(stable-fixes).
- wifi: iwlwifi: mvm: check the validity of noa_len
(stable-fixes).
- wifi: ath12k: fix preferred hardware mode calculation
(stable-fixes).
- wifi: ath11k: add pm quirk for Thinkpad Z13/Z16 Gen1
(stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il4965_store_tx_power() (stable-fixes).
- wifi: iwlegacy: add missing mutex protection in
il3945_store_measurement() (stable-fixes).
- wifi: rtw89: wow: add reason codes for disassociation in WoWLAN
mode (stable-fixes).
- wifi: rtw88: rtw8821cu: Add ID for Mercusys MU6H (stable-fixes).
- wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode()
(stable-fixes).
- wifi: rtw88: fix DTIM period handling when conf->dtim_period
is zero (stable-fixes).
- wifi: libertas: fix WARNING in usb_tx_block (stable-fixes).
- spi: spi-mem: Protect dirmap_create() with
spi_mem_access_start/end (stable-fixes).
- spi: spi-mem: Limit octal DTR constraints to octal DTR
situations (stable-fixes).
- spi: stm32: fix Overrun issue at < 8bpw (stable-fixes).
- spi-geni-qcom: initialize mode related registers to 0
(stable-fixes).
- spi-geni-qcom: use xfer->bits_per_word for can_dma()
(stable-fixes).
- tools/power cpupower: Reset errno before strtoull()
(stable-fixes).
- spi: wpcm-fiu: Simplify with dev_err_probe() (stable-fixes).
- commit 9ae9cd6
- PCI: Add defines for bridge window indexing (stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 7f99d8e
- PCI: Add PCIE_MSG_CODE_ASSERT_INTx message macros
(stable-fixes).
- Refresh
patches.suse/PCI-ACPI-Restrict-program_hpx_type2-to-AER-bits.patch.
- commit 8b1fafb
- media: dvb-net: fix OOB access in ULE extension header tables
(git-fixes).
- rtc: zynqmp: correct frequency value (stable-fixes).
- ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access
(stable-fixes).
- ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut
(stable-fixes).
- net: usb: catc: enable basic endpoint checking (git-fixes).
- phy: mvebu-cp110-utmi: fix dr_mode property read from dts
(stable-fixes).
- phy: fsl-imx8mq-usb: disable bind/unbind platform driver feature
(stable-fixes).
- soundwire: dmi-quirks: add mapping for Avell B.ON (OEM rebranded
of NUC15) (stable-fixes).
- serial: 8250: 8250_omap.c: Clear DMA RX running status only
after DMA termination is done (stable-fixes).
- serial: 8250_dw: handle clock enable errors in runtime_resume
(stable-fixes).
- staging: rtl8723bs: fix memory leak on failure path
(stable-fixes).
- staging: rtl8723bs: fix missing status update on
sdio_alloc_irq() failure (stable-fixes).
- iio: magnetometer: Remove IRQF_ONESHOT (stable-fixes).
- iio: Use IRQF_NO_THREAD (stable-fixes).
- Revert "mmc: rtsx_pci_sdmmc: increase power-on settling delay
to 5ms" (git-fixes).
- mmc: rtsx_pci_sdmmc: increase power-on settling delay to 5ms
(git-fixes).
- misc: bcm_vk: Fix possible null-pointer dereferences in
bcm_vk_read() (stable-fixes).
- misc: eeprom: Fix EWEN/EWDS/ERAL commands for 93xx56 and 93xx66
(stable-fixes).
- net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in
uhdlc_memclean() (git-fixes).
- nfc: nxp-nci: remove interrupt trigger type (stable-fixes).
- myri10ge: avoid uninitialized variable use (stable-fixes).
- net: usb: sr9700: remove code to drive nonexistent multicast
filter (stable-fixes).
- net: usb: r8152: fix transmit queue timeout (stable-fixes).
- PCI: dw-rockchip: Disable BAR 0 and BAR 1 for Root Port
(stable-fixes).
- PCI: Enable ACS after configuring IOMMU for OF platforms
(stable-fixes).
- PCI: Add ACS quirk for Qualcomm Hamoa & Glymur (stable-fixes).
- PCI: Fix pci_slot_lock () device locking (stable-fixes).
- PCI: Mark Nvidia GB10 to avoid bus reset (stable-fixes).
- PCI: Mark ASM1164 SATA controller to avoid bus reset
(stable-fixes).
- media: rkisp1: Fix filter mode register configuration
(stable-fixes).
- media: cx25821: Fix a resource leak in cx25821_dev_setup()
(stable-fixes).
- media: pvrusb2: fix URB leak in pvr2_send_request_ex
(stable-fixes).
- media: solo6x10: Check for out of bounds chip_id (stable-fixes).
- media: adv7180: fix frame interval in progressive mode
(stable-fixes).
- media: amphion: Clear last_buffer_dequeued flag for
DEC_CMD_START (stable-fixes).
- media: omap3isp: isppreview: always clamp in
preview_try_format() (stable-fixes).
- media: omap3isp: set initial format (stable-fixes).
- media: omap3isp: isp_video_mbus_to_pix/pix_to_mbus fixes
(stable-fixes).
- media: dvb-core: dmxdevfilter must always flush bufs
(stable-fixes).
- HID: elecom: Add support for ELECOM HUGE Plus M-HT1MRBK
(stable-fixes).
- HID: multitouch: add eGalaxTouch EXC3188 support (stable-fixes).
- HID: logitech-hidpp: Check maxfield in hidpp_get_report_length()
(stable-fixes).
- HID: prodikeys: Check presence of pm->input_ep82 (stable-fixes).
- HID: magicmouse: Do not crash on missing msc->input
(stable-fixes).
- HID: apple: Add "SONiX KN85 Keyboard" to the list of non-apple
keyboards (stable-fixes).
- hwmon: (f71882fg) Add F81968 support (stable-fixes).
- hwmon: (nct6775) Add ASUS Pro WS WRX90E-SAGE SE (stable-fixes).
- gpio: aspeed-sgpio: Change the macro to support deferred probe
(stable-fixes).
- PCI/MSI: Unmap MSI-X region on error (stable-fixes).
- i3c: master: svc: Initialize 'dev' to NULL in
svc_i3c_master_ibi_isr() (stable-fixes).
- spi: wpcm-fiu: Fix uninitialized res (git-fixes).
- spi: wpcm-fiu: Use devm_platform_ioremap_resource_byname()
(stable-fixes).
- PCI: Log bridge info when first enumerating bridge
(stable-fixes).
- PCI: Log bridge windows conditionally (stable-fixes).
- PCI: Supply bridge device, not secondary bus, to read window
details (stable-fixes).
- PCI: Move pci_read_bridge_windows() below individual window
accessors (stable-fixes).
- commit 291a680
- ASoC: amd: yc: Add DMI quirk for ASUS Vivobook Pro 15X M6501RR
(stable-fixes).
- drm/amdgpu: Add HAINAN clock adjustment (stable-fixes).
- drm/radeon: Add HAINAN clock adjustment (stable-fixes).
- drm/amdgpu: Adjust usleep_range in fence wait (stable-fixes).
- drm/amdkfd: Fix watch_id bounds checking in debug address
watch v2 (git-fixes).
- drm/amd/display: Avoid updating surface with the same surface
under MPO (stable-fixes).
- drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()
(stable-fixes).
- dma: dma-axi-dmac: fix SW cyclic transfers (git-fixes).
- dmaengine: sun6i: Choose appropriate burst length under maxburst
(stable-fixes).
- fpga: of-fpga-region: Fail if any bridge is missing
(stable-fixes).
- fix it87_wdt early reboot by reporting running timer
(stable-fixes).
- fbdev: ffb: fix corrupted video output on Sun FFB1
(stable-fixes).
- ata: libata: avoid long timeouts on hot-unplugged SATA DAS
(stable-fixes).
- Bluetooth: btusb: Add device ID for Realtek RTL8761BU
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID for RTL8852CE (stable-fixes).
- Bluetooth: hci_conn: Set link_policy on incoming ACL connections
(stable-fixes).
- Bluetooth: hci_conn: use mod_delayed_work for active mode
timeout (stable-fixes).
- drm/atmel-hlcdc: don't reject the commit if the src rect has
fractional parts (stable-fixes).
- drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after
release (stable-fixes).
- drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state
callback (stable-fixes).
- drm: Account property blob allocations to memcg (stable-fixes).
- drm/amdkfd: Fix GART PTE for non-4K pagesize in
svm_migrate_gart_map() (stable-fixes).
- drm/amdgpu: avoid a warning in timedout job handler
(stable-fixes).
- drm/amdgpu: add support for HDP IP version 6.1.1 (stable-fixes).
- drm/v3d: Set DMA segment size to avoid debug warnings
(stable-fixes).
- drm/i915/wakeref: clean up INTEL_WAKEREF_PUT_* flag macros
(stable-fixes).
- drm/display/dp_mst: Add protection against 0 vcpi
(stable-fixes).
- ASoC: codecs: max98390: Check return value of
devm_gpiod_get_optional() in max98390_i2c_probe()
(stable-fixes).
- ASoC: sunxi: sun50i-dmic: Add missing check for
devm_regmap_init_mmio (stable-fixes).
- ASoC: wm8962: Don't report a microphone if it's shorted to
ground on plug (stable-fixes).
- ASoC: wm8962: Add WM8962_ADC_MONOMIX to "3D Coefficients" mask
(stable-fixes).
- ASoC: nau8821: Fixup nau8821_enable_jack_detect() (git-fixes).
- char: tpm: cr50: Remove IRQF_ONESHOT (stable-fixes).
- docs: fix WARNING document not included in any toctree
(stable-fixes).
- drm/amdkfd: fix debug watchpoints for logical devices
(stable-fixes).
- commit 0c8127e
- ASoC: nau8821: Consistently clear interrupts before unmasking
(git-fixes).
- Refresh
patches.suse/ASoC-nau8821-Add-DMI-quirk-to-bypass-jack-debounce-c.patch.
- commit abf4286
- ALSA: usb-audio: Add sanity check for OOB writes at silencing
(stable-fixes).
- ALSA: usb-audio: Update the number of packets properly at
receiving (stable-fixes).
- ALSA: usb-audio: Add iface reset and delay quirk for AB13X
USB Audio (stable-fixes).
- ALSA: hda/conexant: Add headset mic fix for MECHREVO Wujie
15X Pro (stable-fixes).
- APEI/GHES: ensure that won't go past CPER allocated record
(stable-fixes).
- ACPI: processor: Fix NULL-pointer dereference in
acpi_processor_errata_piix4() (stable-fixes).
- ACPICA: Abort AML bytecode execution when executing AML_FATAL_OP
(stable-fixes).
- ASoC: nau8821: Avoid unnecessary blocking in IRQ handler
(stable-fixes).
- commit d3af28a
- cifs: add xid to query server interface call (git-fixes).
- Refresh
patches.suse/cifs-handle-when-server-starts-supporting-multichannel.patch.
- Refresh
patches.suse/cifs-make-sure-server-interfaces-are-requested-only-for-SMB3-.patch
(bsc#1258928,bsc#1259070).
- Refresh
patches.suse/cifs-do-not-disable-interface-polling-on-failure.patch.
- Refresh
patches.suse/cifs-add-xid-to-query-server-interface-call.patch.
- commit e67e831
- iommu/mediatek: fix use-after-free on probe deferral
(CVE-2025-71071 bsc#1256802).
- commit 0b777d9
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 9bb0920
- io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop
(CVE-2026-23113 bsc#1258278).
- commit 2e91927
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 1c35b41
- nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready()
(CVE-2026-23179 bsc#1258394).
- commit 63de389
- btrfs: don't log conflicting inode if it's a dir moved in the
current transaction (bsc#1256683 CVE-2025-68778).
- commit 0cd8ff8
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit e38d2c3
- landlock: Fix handling of disconnected directories (CVE-2025-68736 bsc#1255698).
- commit cdf3815
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- commit 5db1b51
- pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask
for 8mq vpu (CVE-2026-23116 bsc#1258277).
- commit 1905ad8
- bonding: fix use-after-free due to enslave fail after slave
array update (CVE-2026-23171 bsc#1258349).
- bonding: provide a net pointer to __skb_flow_dissect()
(CVE-2026-23119 bsc#1258273).
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- net: bonding: update the slave array for broadcast mode
(CVE-2026-23171 bsc#1258349).
- commit d461cd4
- Update
patches.suse/ALSA-ac97-fix-a-double-free-in-snd_ac97_controller_r.patch
(git-fixes CVE-2025-71192 bsc#1257679).
- Update
patches.suse/ALSA-ctxfi-Fix-potential-OOB-access-in-audio-mixer-h.patch
(stable-fixes CVE-2026-23076 bsc#1257788).
- Update
patches.suse/ALSA-scarlett2-Fix-buffer-overflow-in-config-retriev.patch
(git-fixes CVE-2026-23078 bsc#1257789).
- Update
patches.suse/ASoC-amd-fix-memory-leak-in-acp3x-pdm-dma-ops.patch
(git-fixes CVE-2026-23190 bsc#1258397).
- Update
patches.suse/Bluetooth-MGMT-Fix-memory-leak-in-set_ssp_complete.patch
(git-fixes CVE-2026-23151 bsc#1258237).
- Update
patches.suse/Bluetooth-hci_uart-fix-null-ptr-deref-in-hci_uart_wr.patch
(git-fixes CVE-2026-23146 bsc#1258234).
- Update
patches.suse/HID-i2c-hid-fix-potential-buffer-overflow-in-i2c_hid.patch
(stable-fixes CVE-2026-23178 bsc#1258358).
- Update
patches.suse/bus-fsl-mc-fix-use-after-free-in-driver_override_sho.patch
(git-fixes CVE-2026-23221 bsc#1258660).
- Update
patches.suse/can-ems_usb-ems_usb_read_bulk_callback-fix-URB-memor.patch
(git-fixes CVE-2026-23058 bsc#1257739).
- Update
patches.suse/can-etas_es58x-allow-partial-RX-URB-allocation-to-su.patch
(git-fixes CVE-2026-23037 bsc#1257554).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-fix-error-me.patch
(git-fixes CVE-2026-23155 bsc#1258313).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-unanchor-URL.patch
(git-fixes CVE-2026-23082 bsc#1257715).
- Update
patches.suse/can-j1939-make-j1939_session_activate-fail-if-device.patch
(stable-fixes CVE-2025-71182 bsc#1257586).
- Update
patches.suse/can-kvaser_usb-kvaser_usb_read_bulk_callback-fix-URB.patch
(git-fixes CVE-2026-23061 bsc#1257776).
- Update
patches.suse/can-mcba_usb-mcba_usb_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23080 bsc#1257714).
- Update
patches.suse/can-usb_8dev-usb_8dev_read_bulk_callback-fix-URB-mem.patch
(git-fixes CVE-2026-23108 bsc#1257770).
- Update
patches.suse/crypto-iaa-Fix-out-of-bounds-index-in-find_empty_iaa.patch
(git-fixes CVE-2025-71231 bsc#1258424).
- Update
patches.suse/crypto-omap-Allocate-OMAP_CRYPTO_FORCE_COPY-scatterl.patch
(git-fixes CVE-2026-23222 bsc#1258484).
- Update
patches.suse/crypto-virtio-Add-spinlock-protection-with-virtqueue.patch
(git-fixes CVE-2026-23229 bsc#1258429).
- Update
patches.suse/dmaengine-at_hdmac-fix-device-leak-on-of_dma_xlate.patch
(git-fixes CVE-2025-71191 bsc#1257579).
- Update
patches.suse/dmaengine-bcm-sba-raid-fix-device-leak-on-probe.patch
(git-fixes CVE-2025-71190 bsc#1257580).
- Update
patches.suse/dmaengine-dw-dmamux-fix-OF-node-leak-on-route-alloca.patch
(git-fixes CVE-2025-71189 bsc#1257573).
- Update
patches.suse/dmaengine-lpc18xx-dmamux-fix-device-leak-on-route-al.patch
(git-fixes CVE-2025-71188 bsc#1257576).
- Update
patches.suse/dmaengine-omap-dma-fix-dma_pool-resource-leak-in-err.patch
(git-fixes CVE-2026-23033 bsc#1257570).
- Update
patches.suse/dmaengine-qcom-gpi-Fix-memory-leak-in-gpi_peripheral.patch
(git-fixes CVE-2026-23026 bsc#1257562).
- Update
patches.suse/dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-.patch
(git-fixes CVE-2025-71185 bsc#1257560).
- Update
patches.suse/dmaengine-xilinx-xdma-Fix-regmap-max_register.patch
(git-fixes CVE-2025-71195 bsc#1257704).
- Update patches.suse/dpll-Prevent-duplicate-registrations.patch
(git-fixes CVE-2026-23129 bsc#1258299).
- Update
patches.suse/drm-amdgpu-fix-NULL-pointer-dereference-in-amdgpu_gm.patch
(git-fixes CVE-2026-23163 bsc#1258544).
- Update patches.suse/drm-imx-tve-fix-probe-device-leak.patch
(git-fixes CVE-2026-23170 bsc#1258379).
- Update
patches.suse/drm-panel-simple-fix-connector-type-for-DataImage-SC.patch
(git-fixes CVE-2026-23049 bsc#1257723).
- Update
patches.suse/efivarfs-fix-error-propagation-in-efivar_entry_get.patch
(git-fixes CVE-2026-23156 bsc#1258317).
- Update
patches.suse/ext4-fix-iloc.bh-leak-in-ext4_xattr_inode_update_ref.patch
(git-fixes CVE-2026-23145 bsc#1258326).
- Update
patches.suse/iio-adc-at91-sama5d2_adc-Fix-potential-use-after-fre.patch
(git-fixes CVE-2025-71199 bsc#1257750).
- Update
patches.suse/iio-imu-st_lsm6dsx-fix-iio_chan_spec-for-sensors-wit.patch
(git-fixes CVE-2025-71198 bsc#1257741).
- Update
patches.suse/intel_th-fix-device-leak-on-output-open.patch
(git-fixes CVE-2026-23091 bsc#1257813).
- Update
patches.suse/leds-led-class-Only-Add-LED-to-leds_list-when-it-is-.patch
(git-fixes CVE-2026-23101 bsc#1257768).
- Update
patches.suse/mISDN-annotate-data-race-around-dev-work.patch
(git-fixes CVE-2026-23121 bsc#1258309).
- Update
patches.suse/mmc-sdhci-of-dwcmshc-Prevent-illegal-clock-reduction.patch
(git-fixes CVE-2025-71200 bsc#1258222).
- Update
patches.suse/net-usb-pegasus-fix-memory-leak-in-update_eth_regs_a.patch
(git-fixes CVE-2026-23021 bsc#1257557).
- Update
patches.suse/net-wwan-t7xx-fix-potential-skb-frags-overflow-in-RX.patch
(git-fixes CVE-2026-23172 bsc#1258519).
- Update
patches.suse/nfc-llcp-Fix-memleak-in-nfc_llcp_send_ui_frame.patch
(git-fixes CVE-2026-23150 bsc#1258354).
- Update
patches.suse/nfc-nci-Fix-race-between-rfkill-and-nci_unregister_d.patch
(git-fixes CVE-2026-23167 bsc#1258374).
- Update
patches.suse/phy-stm32-usphyc-Fix-off-by-one-in-probe.patch
(git-fixes CVE-2025-71196 bsc#1257716).
- Update
patches.suse/platform-x86-toshiba_haps-Fix-memory-leaks-in-add-re.patch
(git-fixes CVE-2026-23176 bsc#1258256).
- Update
patches.suse/regmap-Fix-race-condition-in-hwspinlock-irqsave-rout.patch
(git-fixes CVE-2026-23071 bsc#1257706).
- Update
patches.suse/scsi-qla2xxx-Delay-module-unload-while-fabric-scan-i.patch
(bsc#1256863 CVE-2025-71235 bsc#1258469).
- Update
patches.suse/scsi-qla2xxx-Free-sp-in-error-path-to-fix-system-cra.patch
(bsc#1256863 CVE-2025-71232 bsc#1258422).
- Update
patches.suse/scsi-qla2xxx-Validate-sp-before-freeing-associated-m.patch
(bsc#1256863 CVE-2025-71236 bsc#1258442).
- Update
patches.suse/slimbus-core-fix-device-reference-leak-on-report-pre.patch
(git-fixes CVE-2026-23090 bsc#1257759).
- Update
patches.suse/spi-spi-sprd-adi-Fix-double-free-in-probe-error-path.patch
(git-fixes CVE-2026-23068 bsc#1257805).
- Update
patches.suse/spi-tegra-Fix-a-memory-leak-in-tegra_slink_probe.patch
(git-fixes CVE-2026-23182 bsc#1258259).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-check-in-IRQ-han.patch
(git-fixes bsc#1257952 CVE-2026-23207 bsc#1258524).
- Update
patches.suse/spi-tegra210-quad-Protect-curr_xfer-in-tegra_qspi_co.patch
(git-fixes bsc#1257952 CVE-2026-23202 bsc#1258338).
- Update
patches.suse/uacce-ensure-safe-queue-release-with-state-managemen.patch
(git-fixes CVE-2026-23063 bsc#1257722).
- Update
patches.suse/uacce-fix-cdev-handling-in-the-cleanup-path.patch
(git-fixes CVE-2026-23096 bsc#1257809).
- Update
patches.suse/uacce-fix-isolate-sysfs-check-condition.patch
(git-fixes CVE-2026-23094 bsc#1257811).
- Update
patches.suse/uacce-implement-mremap-in-uacce_vm_ops-to-return-EPE.patch
(git-fixes CVE-2026-23056 bsc#1257729).
- Update
patches.suse/w1-therm-Fix-off-by-one-buffer-overflow-in-alarms_st.patch
(git-fixes CVE-2025-71197 bsc#1257743).
- Update
patches.suse/wifi-ath10k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23133 bsc#1258249).
- Update
patches.suse/wifi-ath12k-fix-dma_free_coherent-pointer.patch
(git-fixes CVE-2026-23135 bsc#1258245).
- Update
patches.suse/wifi-mac80211-correctly-decode-TTLM-with-default-lin.patch
(git-fixes CVE-2026-23152 bsc#1258252).
- Update
patches.suse/wifi-mac80211-ocb-skip-rx_no_sta-when-interface-is-n.patch
(stable-fixes CVE-2025-71224 bsc#1258824).
- Update
patches.suse/wifi-rsi-Fix-memory-corruption-due-to-not-set-vif-dr.patch
(git-fixes CVE-2026-23073 bsc#1257707).
- Update
patches.suse/wifi-rtl8xxxu-fix-slab-out-of-bounds-in-rtl8xxxu_sta.patch
(git-fixes CVE-2025-71234 bsc#1258419).
- Update
patches.suse/wifi-rtw88-Fix-alignment-fault-in-rtw_core_enable_be.patch
(git-fixes CVE-2025-71229 bsc#1258415).
- Update
patches.suse/wifi-wlcore-ensure-skb-headroom-before-skb_push.patch
(stable-fixes CVE-2025-71222 bsc#1258279).
- commit 30080c1
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit 2028384
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 821259f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit 1325cd1
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues
(CVE-2026-23166 bsc#1258272).
- net/mlx5e: TC, delete flows only for existing peers
(CVE-2026-23173 bsc#1258520).
- commit 1315a36
- device property: Allow secondary lookup in
fwnode_get_next_child_node() (git-fixes).
- commit 13b0bcb
- ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB
Audio 2.0 (stable-fixes).
- ALSA: usb-audio: Check max frame size for implicit feedback
mode, too (stable-fixes).
- commit 94dd673
- PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (git-fixes).
- mmc: mmci: Fix device_node reference leak in
of_get_dml_pipe_index() (git-fixes).
- ALSA: usb-audio: Use correct version for UAC3 header validation
(git-fixes).
- ALSA: usb-audio: Use inclusive terms (git-fixes).
- ALSA: usb-audio: Cap the packet size pre-calculations
(git-fixes).
- ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite
devices (git-fixes).
- drm/bridge: samsung-dsim: Fix memory leak in error path
(git-fixes).
- drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used
(git-fixes).
- drm/logicvc: Fix device node reference leak in
logicvc_drm_config_parse() (git-fixes).
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (git-fixes).
- drm/vmwgfx: Fix invalid kref_put callback in
vmw_bo_dirty_release (git-fixes).
- commit b1fa310
- scsi: core: Wake up the error handler when final completions
race against each other (CVE-2026-23110 bsc#1257761).
- commit 59f5efa
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 3cd007f
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 5bf422c
- netfilter: nf_conncount: update last_gc only when GC has been
performed (CVE-2026-23139 bsc#1258304).
- commit 9a70b26
- netfilter: nf_tables: fix inverted genmask check in
nft_map_catchall_activate() (CVE-2026-23111 bsc#1258181).
- commit 56db8af
- ipmi: ipmb: initialise event handler read bytes (git-fixes).
- wifi: mac80211: fix NULL pointer dereference in
mesh_rx_csa_frame() (git-fixes).
- wifi: mac80211: bounds-check link_id in
ieee80211_ml_reconfiguration (git-fixes).
- wifi: radiotap: reject radiotap with unknown bits (git-fixes).
- wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()
(git-fixes).
- wifi: cfg80211: wext: fix IGTK key ID off-by-one (git-fixes).
- net: usb: kaweth: validate USB endpoints (git-fixes).
- net: usb: kalmia: validate USB endpoints (git-fixes).
- nfc: pn533: properly drop the usb interface reference on
disconnect (git-fixes).
- Bluetooth: L2CAP: Fix missing key size check for
L2CAP_LE_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix not checking output MTU is acceptable
on L2CAP_ECRED_CONN_REQ (git-fixes).
- Bluetooth: L2CAP: Fix response to L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: hci_qca: Cleanup on all setup failures (git-fixes).
- Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
(git-fixes).
- net: usb: pegasus: enable basic endpoint checking (git-fixes).
- net: wan: farsync: Fix use-after-free bugs caused by unfinished
tasklets (git-fixes).
- net: usb: lan78xx: scan all MDIO addresses on LAN7801
(git-fixes).
- net: usb: kaweth: remove TX queue manipulation in
kaweth_set_rx_mode (git-fixes).
- commit d2c7de0
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 2e0cb69
- drm/amdgpu: ensure no_hw_access is visible before MMIO
(CVE-2026-23213 bsc#1258465).
- commit bec3979
- drm/amd/pm: Disable MMIO access during SMU Mode 1 reset
(CVE-2026-23213 bsc#1258465).
- commit 3b81ead
- media: dvb-core: fix wrong reinitialization of ringbuffer on
reopen (git-fixes).
- commit ba51966
- NFS: Fix a deadlock involving nfs_release_folio()
(CVE-2026-23053 bsc#1257718).
- commit 492ba43
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit e973f50
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing
memslot (CVE-2025-68810 bsc#1256679).
- commit a9c2c12
- md: suspend array while updating raid_disks via sysfs
(CVE-2025-71225, bsc#1258411).
- commit 22f1953
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 069aa1f
- Refresh
patches.suse/smb-client-split-cached_fid-bitfields-to-avoid-shared-byte-RMW-rac.patch.
- commit f42de87
- Move upstreamed mm and SCSI patches into sorted section
- commit 2b576e9
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit b93c18b
- btrfs: reject new transactions if the fs is fully read-only
(bsc#1258464 CVE-2026-23214).
- commit c375a48
- net: fix memory leak in skb_segment_list for GRO packets
(CVE-2026-22979 bsc#1257228).
- commit 59160d7
- rpm/check-for-config-changes: add OPENSSL_SUPPORTS_ to IGNORED_CONFIGS_RE
Config option OPENSSL_SUPPORTS_ML_DSA was introduced by mainline commit
0ad9a71933e7 ("modsign: Enable ML-DSA module signing") in 7.0-rc1
- commit 21b4616
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit eaf1535
- bonding: only set speed/duplex to unknown, if getting speed
failed (bsc#1253691).
- commit 0b66a07
- rtc: interface: Alarm race handling should not discard preceding
error (git-fixes).
- commit f96272c
- NTB: ntb_transport: Fix too small buffer for debugfs_name
(git-fixes).
- commit 269c576
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 895c473
- ASoC: rockchip: i2s-tdm: Use param rate if not provided by
set_sysclk (git-fixes).
- drm/amd/display: Use same max plane scaling limits for all 64
bpp formats (git-fixes).
- drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify
(git-fixes).
- drm/i915/acpi: free _DSM package when no connectors (git-fixes).
- drm/amd: Fix hang on amdgpu unload by using
pci_dev_is_disconnected() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_ras_init() (git-fixes).
- drm/amdgpu: Fix memory leak in amdgpu_acpi_enumerate_xcc()
(git-fixes).
- efi: Fix reservation of unaccepted memory table (git-fixes).
- commit 2183b13
- scsi: mpi3mr: Synchronous access b/w reset and tm thread for
reply queue (CVE-2025-37861 bsc#1243055).
- commit 807000c
- net: nfc: nci: Fix parameter validation for packet data
(git-fixes).
- atm: fore200e: fix use-after-free in tasklets during device
removal (git-fixes).
- USB: serial: option: add Telit FN920C04 RNDIS compositions
(stable-fixes).
- fbdev: smscufx: properly copy ioctl memory to kernelspace
(stable-fixes).
- bus: fsl-mc: fix use-after-free in driver_override_show()
(git-fixes).
- ASoC: amd: yc: Add quirk for HP 200 G2a 16 (stable-fixes).
- ASoC: Intel: sof_es8336: Add DMI quirk for Huawei BOD-WXX9
(stable-fixes).
- platform/x86: classmate-laptop: Add missing NULL pointer checks
(stable-fixes).
- platform/x86/amd/pmc: Add quirk for MECHREVO Wujie 15X Pro
(stable-fixes).
- platform/x86: panasonic-laptop: Fix sysfs group leak in error
path (stable-fixes).
- gpio: sprd: Change sprd_gpio lock to raw_spin_lock
(stable-fixes).
- drm/tegra: hdmi: sor: Fix error: variable ‘j’ set but not
used (stable-fixes).
- bus: fsl-mc: Replace snprintf and sprintf with sysfs_emit in
sysfs show functions (stable-fixes).
- commit 436dcdb
- config.conf: Drop armv7hl builds
commit 09ee386c4ae dropped support for armv7hl
in SLE15-SP7, SUSE-2024 never supported it,
therefore, no branch downstream of fixes/linux-6.4
supports this arch (bsc#1255265).
- commit 5dc5aaf
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 114f0d2
- ACPI: CPPC: Fix remaining for_each_possible_cpu() to use online
CPUs (git-fixes).
- ACPI: PM: Add unused power resource quirk for THUNDEROBOT ZERO
(git-fixes).
- powercap: intel_rapl_tpmi: Remove FW_BUG from invalid version
check (git-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments
(git-fixes).
- commit 700df2d
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit 9347d8b
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit 449e0ae
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit f8259ad
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit e8190a1
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit 2a01723
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 2a9a19a
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
Refresh patches.suse/crypto-add-suse_kabi_padding.patch.
- commit a6b1063
- Workaround for hybrid git workflow in SLFO 1.0/1.1
- commit 7ab5a74
- dmaengine: mediatek: uart-apdma: Fix above 4G addressing TX/RX
(git-fixes).
- usb: dwc2: fix resume failure if dr_mode is host (git-fixes).
- usb: gadget: tegra-xudc: Add handling for BLCG_COREPLL_PWRDN
(git-fixes).
- usb: bdc: fix sleep during atomic (git-fixes).
- serial: SH_SCI: improve "DMA support" prompt (git-fixes).
- serial: imx: change SERIAL_IMX_CONSOLE to bool (git-fixes).
- staging: rtl8723bs: fix null dereference in find_network
(git-fixes).
- iio: sca3000: Fix a resource leak in sca3000_probe()
(git-fixes).
- iio: gyro: itg3200: Fix unchecked return value in read_raw
(git-fixes).
- drivers: iio: mpu3050: use dev_err_probe for regulator request
(git-fixes).
- fpga: dfl: use subsys_initcall to allow built-in drivers to
be added (git-fixes).
- commit e89b2ea
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit 27fe347
- leds: qcom-lpg: Check the return value of regmap_bulk_write()
(git-fixes).
- backlight: qcom-wled: Change PM8950 WLED configurations
(git-fixes).
- backlight: qcom-wled: Support ovp values for PMI8994
(git-fixes).
- mfd: arizona: Fix regulator resource leak on
wm5102_clear_write_sequencer() failure (git-fixes).
- mfd: core: Add locking around 'mfd_of_node_list' (git-fixes).
- mfd: tps6105x: Fix kernel-doc warnings relating to the core
struct and tps6105x_mode (git-fixes).
- Revert "mfd: da9052-spi: Change read-mask to write-mask"
(stable-fixes).
- pinctrl: single: fix refcount leak in pcs_add_gpio_func()
(git-fixes).
- pinctrl: qcom: sm8250-lpass-lpi: Fix i2s2_data_groups definition
(git-fixes).
- pinctrl: equilibrium: Fix device node reference leak in
pinbank_init() (git-fixes).
- Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB
(stable-fixes).
- commit 516fe60
- Input: stmfts - make comments correct (git-fixes).
- Input: stmfts - correct wording for the warning message
(git-fixes).
- clk: qcom: gfx3d: add parent to parent request map (git-fixes).
- clk: qcom: dispcc-sdm845: Enable parents for pixel clocks
(git-fixes).
- clk: qcom: gcc-msm8917: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: gcc-msm8953: Remove ALWAYS_ON flag from cpp_gdsc
(git-fixes).
- clk: qcom: rcg2: compute 2d using duty fraction directly
(git-fixes).
- clk: mediatek: Fix error handling in runtime PM setup
(git-fixes).
- clk: meson: g12a: Limit the HDMI PLL OD to /4 (git-fixes).
- clk: meson: gxbb: Limit the HDMI PLL OD to /4 on GXL/GXM SoCs
(git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak in
tegra124_clk_register_emc() (git-fixes).
- clk: tegra: tegra124-emc: fix device leak on set_rate()
(git-fixes).
- clk: clk-apple-nco: Add "apple,t8103-nco" compatible
(git-fixes).
- clk: renesas: rzg2l: Select correct div round macro (git-fixes).
- clk: renesas: rzg2l: Fix intin variable size (git-fixes).
- fbdev: au1200fb: Fix a memory leak in au1200fb_drv_probe()
(git-fixes).
- fbdev: of: display_timing: fix refcount leak in
of_get_display_timings() (git-fixes).
- fbdev: vt8500lcdfb: fix missing dma_free_coherent() (git-fixes).
- fbcon: check return value of con2fb_acquire_newinfo()
(git-fixes).
- fbdev: rivafb: fix divide error in nv3_arb() (git-fixes).
- rpmsg: core: fix race in driver_override_show() and use core
helper (git-fixes).
- commit b135afb
- Update "drm/mgag200: fix mgag200_bmc_stop_scanout()" bug number (bsc#1258153)
- commit 2fe2c66
- crypto: ccp - Add an S4 restore flow (git-fixes).
- tools/power/x86/intel-speed-select: Fix file descriptor leak
in isolate_cpus() (git-fixes).
- mtd: rawnand: pl353: Fix software ECC support (git-fixes).
- mtd: spinand: Fix kernel doc (git-fixes).
- mtd: rawnand: cadence: Fix return type of CDMA send-and-wait
helper (git-fixes).
- mtd: parsers: ofpart: fix OF node refcount leak in
parse_fixed_partitions() (git-fixes).
- mtd: parsers: Fix memory leak in
mtd_parser_tplink_safeloader_parse() (git-fixes).
- commit 766aa67
- ice: fix devlink reload call trace (CVE-2026-23104 bsc#1257763).
- net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv
(CVE-2026-23035 bsc#1257559).
- idpf: fix error handling in the init_task on load
(CVE-2026-23017 bsc#1257552).
- commit fb93c36
- power: supply: qcom_battmgr: Recognize "LiP" as lithium-polymer
(git-fixes).
- power: supply: wm97xx: Fix NULL pointer dereference in
power_supply_changed() (git-fixes).
- power: supply: bq27xxx: fix wrong errno when bus ops are
unsupported (git-fixes).
- power: reset: nvmem-reboot-mode: respect cell size for
nvmem_cell_write (git-fixes).
- power: supply: sbs-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: rt9455: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: goldfish: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: cpcap-battery: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq25980: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: bq256xx: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: act8945a: Fix use-after-free in
power_supply_changed() (git-fixes).
- power: supply: ab8500: Fix use-after-free in
power_supply_changed() (git-fixes).
- ata: pata_ftide010: Fix some DMA timings (git-fixes).
- rapidio: replace rio_free_net() with kfree() in
rio_scan_alloc_net() (git-fixes).
- commit 46137a2
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 75a3dd5
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit a17643b
- Update upstreamed net and powerpc patch references and sorting
- commit 638a424
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit 1d88ad6
- vsock/virtio: Coalesce only linear skb (bsc#1257740, CVE-2026-23057).
- commit 09262b6
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit f5cd5c5
- wifi: ath10k: sdio: add missing lock protection in
ath10k_sdio_fw_crashed_dump() (git-fixes).
- wifi: ath9k: fix kernel-doc warnings in common-debug.h
(git-fixes).
- wifi: ath9k: debug.h: fix kernel-doc bad lines and struct
ath_tx_stats (git-fixes).
- wifi: cfg80211: stop NAN and P2P in cfg80211_leave (git-fixes).
- wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
(git-fixes).
- wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
(git-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh
(git-fixes).
- soc: mediatek: svs: Fix memory leak in svs_enable_debug_write()
(git-fixes).
- soc: qcom: cmd-db: Use devm_memremap() to fix memory leak in
cmd_db_dev_probe (git-fixes).
- soc: qcom: smem: handle ENOMEM error during probe (git-fixes).
- wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt
twice (stable-fixes).
- wifi: mac80211: correctly check if CSA is active (stable-fixes).
- wifi: cfg80211: Fix bitrate calculation overflow for HE rates
(stable-fixes).
- wifi: mac80211: collect station statistics earlier when
disconnect (stable-fixes).
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(stable-fixes).
- wifi: wlcore: ensure skb headroom before skb_push
(stable-fixes).
- commit 7dd6fbf
- PCI: mediatek: Fix IRQ domain leak when MSI allocation fails
(git-fixes).
- PCI: Add ACS quirk for Pericom PI7C9X2G404 switches [12d8:b404]
(git-fixes).
- PCI: Fix pci_slot_trylock() error handling (git-fixes).
- PCI/portdrv: Fix potential resource leak (git-fixes).
- PCI/PM: Avoid redundant delays on D3hot->D3cold (git-fixes).
- PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page()
fails (git-fixes).
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(git-fixes).
- Revert "PCI/IOV: Add PCI rescan-remove locking when
enabling/disabling SR-IOV" (git-fixes).
- PCI/ACPI: Restrict program_hpx_type2() to AER bits (git-fixes).
- PCI: Initialize RCB from pci_configure_device() (git-fixes).
- PCI: Mark 3ware-9650SA Root Port Extended Tags as broken
(git-fixes).
- regulator: core: move supply check earlier in
set_machine_constraints() (git-fixes).
- regulator: core: fix locking in regulator_resolve_supply()
error path (git-fixes).
- platform/chrome: cros_ec_lightbar: Fix response size
initialization (git-fixes).
- platform/chrome: cros_typec_switch: Don't touch struct
fwnode_handle::dev (git-fixes).
- soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
(git-fixes).
- soc: ti: k3-socinfo: Fix regmap leak on probe failure
(git-fixes).
- regmap: maple: free entry on mas_store_gfp() failure
(stable-fixes).
- commit 5d29d16
- nfc: hci: shdlc: Stop timers and work before freeing context
(git-fixes).
- PCI: Do not attempt to set ExtTag for VFs (git-fixes).
- PCI: endpoint: Fix swapped parameters in
pci_{primary/secondary}_epc_epf_unlink() functions (git-fixes).
- media: uvcvideo: Fix allocation for small frame sizes
(git-fixes).
- media: venus: vdec: fix error state assignment for zero
bytesused (git-fixes).
- media: ccs: Accommodate C-PHY into the calculation (git-fixes).
- media: i2c: ov5647: use our own mutex for the ctrl lock
(git-fixes).
- media: i2c: ov5647: Fix PIXEL_RATE value for VGA mode
(git-fixes).
- media: i2c: ov5647: Sensor should report RAW color space
(git-fixes).
- media: i2c: ov5647: Correct minimum VBLANK value (git-fixes).
- media: i2c: ov5647: Correct pixel array offset (git-fixes).
- media: i2c: ov5647: Initialize subdev before controls
(git-fixes).
- media: ccs: Avoid possible division by zero (git-fixes).
- media: qcom: camss: vfe: Fix out-of-bounds access in
vfe_isr_reg_update() (git-fixes).
- media: i2c/tw9906: Fix potential memory leak in tw9906_probe()
(git-fixes).
- media: i2c/tw9903: Fix potential memory leak in tw9903_probe()
(git-fixes).
- media: cx25821: Add missing unmap in snd_cx25821_hw_params()
(git-fixes).
- media: cx23885: Add missing unmap in snd_cx23885_hw_params()
(git-fixes).
- media: cx88: Add missing unmap in snd_cx88_hw_params()
(git-fixes).
- net: usb: sr9700: support devices with virtual driver CD
(stable-fixes).
- commit b9e0ae7
- drm/msm/a2xx: fix pixel shader start on A225 (git-fixes).
- drm/msm/dpu: fix CMD panels on DPU 1.x - 3.x (git-fixes).
- drm/buddy: Prevent BUG_ON by validating rounded allocation
(git-fixes).
- drm/tegra: dsi: fix device leak on probe (git-fixes).
- media: radio-keene: fix memory leak in error path (git-fixes).
- media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove()
(git-fixes).
- media: mtk-mdp: Fix error handling in probe function
(git-fixes).
- HID: hid-pl: handle probe errors (git-fixes).
- HID: playstation: Add missing check for input_ff_create_memless
(git-fixes).
- Revert "hwmon: (ibmpex) fix use-after-free in high/low store"
(git-fixes).
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler
optimization induced race (git-fixes).
- HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30
(2d99:a101) (stable-fixes).
- HID: i2c-hid: fix potential buffer overflow in
i2c_hid_get_report() (stable-fixes).
- HID: quirks: Add another Chicony HP 5MP Cameras to
hid_ignore_list (stable-fixes).
- HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL
(stable-fixes).
- HID: intel-ish-hid: Reset enum_devices_done before enumeration
(stable-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device
ID table (stable-fixes).
- HID: playstation: Center initial joystick axes to prevent
spurious events (stable-fixes).
- commit a4d4518
- Documentation: PCI: endpoint: Fix ntb/vntb copy & paste errors
(git-fixes).
- ASoC: amd: drop unused Kconfig symbols (git-fixes).
- ASoC: pxa: drop unused Kconfig symbol (git-fixes).
- ASoC: SOF: ipc4-control: Keep the payload size up to date
(git-fixes).
- ASoC: SOF: ipc4-control: Use the correct size for
scontrol->ipc_control_data (git-fixes).
- ASoC: SOF: ipc4-topology: Correct the allocation size for
bytes controls (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes
update (git-fixes).
- bus: fsl-mc: fix an error handling in fsl_mc_device_add()
(git-fixes).
- ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU
(git-fixes).
- ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU
(stable-fixes).
- ASoC: tlv320adcx140: Propagate error codes during probe
(stable-fixes).
- ASoC: amd: yc: Fix microphone on ASUS M6500RE (stable-fixes).
- ASoC: davinci-evm: Fix reference leak in davinci_evm_probe
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk
(stable-fixes).
- commit cd7803f
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit 476e9b8
- mfd: wm8350-core: Use IRQF_ONESHOT (git-fixes).
- crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists
correctly (git-fixes).
- crypto: virtio - Remove duplicated virtqueue_kick in
virtio_crypto_skcipher_crypt_req (git-fixes).
- crypto: virtio - Add spinlock protection with virtqueue
notification (git-fixes).
- crypto: hisilicon/sec2 - support skcipher/aead fallback for
hardware queue unavailable (git-fixes).
- crypto: octeontx - fix dma_free_coherent() size (git-fixes).
- crypto: cavium - fix dma_free_coherent() size (git-fixes).
- crypto: iaa - Fix out-of-bounds index in
find_empty_iaa_compression_mode (git-fixes).
- crypto: octeontx - Fix length check to avoid truncation in
ucode_load_store (git-fixes).
- crypto: qat - fix warning on adf_pfvf_pf_proto.c (git-fixes).
- crypto: qat - fix parameter order used in
ICP_QAT_FW_COMN_FLAGS_BUILD (git-fixes).
- Documentation: mailbox: mbox_chan_ops.flush() is optional
(git-fixes).
- commit ef8920f
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit e3370c0
- arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762 CVE-2026-23107)
- commit c430300
- arm64/fpsimd: signal: Fix restoration of SVE context (bsc#1257772 CVE-2026-23102)
- commit 6759c0c
- arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772 CVE-2026-23102)
- commit 1baf93e
- net: tunnel: make skb_vlan_inet_prepare() return drop reasons
(bsc#1257942 bsc#1257246 CVE-2026-23003).
- commit 3935902
- vxlan: Pull inner IP header in vxlan_xmit_one() (bsc#1257942
bsc#1257246 CVE-2026-23003).
- commit 8097957
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- commit 54f273c
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- commit 1da9508
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- commit 25ff6b8
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- commit e3d34f8
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- commit 4658841
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- commit 997844c
- PM: sleep: wakeirq: harden dev_pm_clear_wake_irq() against races
(git-fixes).
- PM: wakeup: Handle empty list in wakeup_sources_walk_start()
(git-fixes).
- ACPICA: Fix NULL pointer dereference in
acpi_ev_address_space_dispatch() (git-fixes).
- tpm: st33zp24: Fix missing cleanup on get_burstcount() error
(git-fixes).
- tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount()
failure (git-fixes).
- i3c: dw: Initialize spinlock to avoid upsetting lockdep
(git-fixes).
- i3c: Move device name assignment after i3c_bus_init (git-fixes).
- auxdisplay: arm-charlcd: fix release_mem_region() size
(git-fixes).
- commit b423671
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)
- commit a0e31fb
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit c09ea34
- spi: tegra114: Preserve SPI mode bits in def_command1_reg
(git-fixes).
- spi: tegra: Fix a memory leak in tegra_slink_probe()
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler
(git-fixes).
- spi: tegra210-quad: Protect curr_xfer clearing in
tegra_qspi_non_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer in
tegra_qspi_combined_seq_xfer (git-fixes).
- spi: tegra210-quad: Protect curr_xfer assignment in
tegra_qspi_setup_transfer_one (git-fixes).
- spi: tegra210-quad: Move curr_xfer read inside spinlock
(git-fixes).
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already
processed transfer (git-fixes).
- commit 95b4070
- ALSA: hda/realtek: Add quirk for Inspur S14-G1 (stable-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for
HP machine (stable-fixes).
- ASoC: amd: yc: Add ASUS ExpertBook PM1503CDA to quirks list
(stable-fixes).
- ASoC: cs35l45: Corrects ASP_TX5 DAPM widget channel
(stable-fixes).
- ALSA: hda/realtek - fixed speaker no sound (stable-fixes).
- commit e53fbb8
- ASoC: amd: fix memory leak in acp3x pdm dma ops (git-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update()
(git-fixes).
- hwmon: (occ) Mark occ_init_attribute() as __printf (git-fixes).
- drm/amd/display: fix wrong color value mapping on MCM shaper
LUT (git-fixes).
- Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
(git-fixes).
- drm/mgag200: fix mgag200_bmc_stop_scanout() (git-fixes).
- efivarfs: fix error propagation in efivar_entry_get()
(git-fixes).
- ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO
(stable-fixes).
- gpio: pca953x: mask interrupts in irq shutdown (stable-fixes).
- drm/amdgpu/gfx11: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/gfx10: fix wptr reset in KGQ init (stable-fixes).
- drm/amdgpu/soc21: fix xclk for APUs (stable-fixes).
- pinctrl: meson: mark the GPIO controller as sleeping
(git-fixes).
- drm/radeon: delete radeon_fence_process in is_signaled, no
deadlock (stable-fixes).
- commit 1cabea4
- net: openvswitch: fix middle attribute validation in push_nsh()
action (CVE-2025-68785 bsc#1256640).
- commit 3dbef50
- clocksource: Reduce watchdog readout delay limit to prevent
false positives (bsc#1241345).
- commit 6736e91
- clocksource: Print durations for sync check unconditionally
(bsc#1241345).
- commit 79738b2
- iomap: account for unaligned end offsets when truncating read
range (git-fixes).
- blacklist.conf: Blacklist 40a71b53d5a6 and 524c3853831c
- commit 6f0c964
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref
(git-fixes).
- commit c2e8303
- mptcp: avoid deadlock on fallback while reinjecting
(CVE-2025-71126 bsc#1256755).
- mptcp: reset fallback status gracefully at disconnect() time
(CVE-2025-71126 bsc#1256755).
- commit 3b7ecc1
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 2b67457
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 167d4d3
- platform/x86: intel_telemetry: Fix PSS event register mask
(git-fixes).
- platform/x86: intel_telemetry: Fix swapped arrays in PSS output
(git-fixes).
- platform/x86: toshiba_haps: Fix memory leaks in add/remove
routines (git-fixes).
- commit 41b7ff7
- btrfs: scrub: always update btrfs_scrub_progress::last_physical
(git-fixes).
- commit b2c29ef
- util-linux:systemd
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- util-linux
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- libxslt
-
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
- freetype2
-
- update to 2.14.2
- Important changes
* Several changes related to LCD filtering are implemented to
achieve better performance and encourage sound practices.
+ Instead of blanket LCD filtering over the entire bitmap, it
is now applied only to non-zero spans using direct rendering.
This speeds up the ClearType-like rendering by more than 40%
at sizes above 32 ppem.
+ Setting the filter weights with FT_Face_Properties is no
longer supported. The default and light filters are optimized
to work with any face.
+ The legacy libXft LCD filter algorithm is no longer provided.
- Important bug fixes
* A bunch of potential security problems have been found
(bsc#1259118, CVE-2026-23865). All users should update.
* The italic angle in `PS_FontInfo` is now stored as a fixed-point
value in degrees for all Type 1 fonts and their derivatives,
consistent with CFF fonts and common practices. The broken
underline position and thickness values are fixed for CFF fonts.
- Miscellaneous
* The `x` field in the `FT_Span` structure is now unsigned.
* Demo program `ftgrid` got an option `-m` to select a start
character to display.
* Similarly, demo program `ftmulti` got an option `-m` to select a
text string for rendering.
* Option `-d` in the demo program `ttdebug` is now called `-a`,
expecting a comma-separated list of axis values. The user
interface is also slightly improved.
* The `ftinspect` demo program can now be compiled with Qt6, too.
- update to 2.14.1:
* The auto-hinter got new abilities. It can now better separate
diacritic glyphs from base glyphs at small sizes by
artificially moving diacritics up (or down) if necessary
* Tilde accent glyphs get vertically stretched at small sizes so
that they don't degenerate to horizontal lines.
* Diacritics directly attached to a base glyph (like the ogonek in
character 'ę') no longer distort the shape of the base glyph
* The TrueType instruction interpreter was optimized to
produce a 15% gain in the glyph loading speed.
* Handling of Variation Fonts is now considerably faster
* TrueType and CFF glyph loading speed has been improved by 5-10%
on modern 64-bit platforms as a result of better handling of
fixed-point multiplication.
* The BDF driver now loads fonts 75% faster.
- package FTL.TXT and GPLv2.TXT [bsc#1252148]
- gnutls
-
- Add the functionality to allow to specify the hash algorithm for
the PSK. This fixes a bug in the current implementation where the
binder is always calculated with SHA256.
* (bsc#1258083, jsc#PED-15752, jsc#PED-15753)
* lib/psk: Add gnutls_psk_allocate_{client,server}_credentials2
* tests/psk-file: Add testing for _credentials2 functions
* lib/psk: add null check for binder algo
* pre_shared_key: fix memleak when retrying with different binder algo
* pre_shared_key: add null check on pskcred
* Add patches:
- gnutls-PSK-hash.patch
- gnutls-PSK-hash-tests.patch
- gnutls-PSK-hash-NULL-check.patch
- gnutls-PSK-hash-NULL-check-pskcred.patch
- gnutls-PSK-hash-fix-memleak.patch
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- python311:base
-
- Fix changelog
- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
ensuring that `SourcelessFileLoader` uses `io.open_code` when
opening `.pyc` files (bsc#1259240, CVE-2026-2297).
- Update to 3.11.15:
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs (bsc#1257029 CVE-2025-11468).
- gh-143925: Reject control characters in data: URL media
types (bsc#1257046, CVE-2025-15282).
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672).
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865).
- gh-142145: Remove quadratic behavior in xml.minidom node ID
cache clearing. In order to do this without breaking
existing users, we also add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead
(bsc#1254997, CVE-2025-12084).
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by Bénédikt Tran.
- gh-136065: Fix quadratic complexity in
os.path.expandvars() (bsc#1252974, CVE-2025-6075).
- gh-119451: Fix a potential memory denial of service in the
http.client module. When connecting to a malicious server,
it could cause an arbitrary amount of memory to be
allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes
(CVE-2025-13836, bsc#1254400).
- gh-119452: Fix a potential memory denial of service in the
http.server module. When a malicious user is connected to
the CGI server on Windows, it could cause an arbitrary
amount of memory to be allocated. This could have led to
symptoms including a MemoryError, swapping, out of memory
(OOM) killed processes or containers, or even system
crashes.
- gh-119342: Fix a potential memory denial of service in the
plistlib module. When reading a Plist file received from
untrusted source, it could cause an arbitrary amount of
memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes
(bsc#1254401, CVE-2025-13837).
- Library
- gh-144833: Fixed a use-after-free in ssl when SSL_new()
returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been
freed.
- gh-144363: Update bundled libexpat to 2.7.4
- gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects
to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by Bénédikt Tran.
- Core and Builtins
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns
a slice and another clears it.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
Remove upstreamed patches:
- CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2025-12084-minidom-quad-search.patch
- CVE-2025-13836-http-resp-cont-len.patch
- CVE-2025-13837-plistlib-mailicious-length.patch
- CVE-2025-6075-expandvars-perf-degrad.patch
- CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- libsolv
-
- respect the "default" attribute in environment optionlist in
the comps parser
- support suse namespace deps in boolean dependencies [bsc#1258193]
- support for the Elbrus2000 (e2k) architecture
- support language() suse namespace rewriting
- bump version to 0.7.36
- sqlite3
-
- Update to version 3.51.3:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
* Other minor bug fixes.
- Update to version 3.51.2:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* Fix an obscure deadlock in the new broken-posix-lock detection
logic.
* Fix multiple problems in the EXISTS-to-JOIN optimization.
* Other minor bug fixes.
- Update to version 3.51.1:
* Fix incorrect results from nested EXISTS queries caused by the
optimization in item 6b in the 3.51.0 release.
* Fix a latent bug in fts5vocab virtual table, exposed by new
optimizations in the 3.51.0 release
- Changes in version 3.51.0:
* New macros in sqlite3.h:
- SQLITE_SCM_BRANCH → the name of the branch from which the
source code is taken.
- SQLITE_SCM_TAGS → space-separated list of tags on the source
code check-in.
- SQLITE_SCM_DATETIME → ISO-8601 date and time of the source
code check-in.
* Two new JSON functions, jsonb_each() and jsonb_tree() work the
same as the existing json_each() and json_tree() functions
except that they return JSONB for the "value" column when the
"type" is 'array' or 'object'.
* The carray and percentile extensions are now built into the
amalgamation, though they are disabled by default and must be
activated at compile-time using the -DSQLITE_ENABLE_CARRAY
and/or -DSQLITE_ENABLE_PERCENTILE options, respectively.
* Enhancements to TCL Interface:
- Add the -asdict flag to the eval command to have it set the
row data as a dict instead of an array.
- User-defined functions may now break to return an SQL NULL.
* CLI enhancements:
- Increase the precision of ".timer" to microseconds.
- Enhance the "box" and "column" formatting modes to deal with
double-wide characters.
- The ".imposter" command provides read-only imposter tables
that work with VACUUM and do not require the --unsafe-testing
option.
- Add the --ifexists option to the CLI command-line option and
to the .open command.
- Limit columns widths set by the ".width" command to 30,000 or
less, as there is not good reason to have wider columns, but
supporting wider columns provides opportunity to malefactors.
* Performance enhancements:
- Use fewer CPU cycles to commit a read transaction.
- Early detection of joins that return no rows due to one or
more of the tables containing no rows.
- Avoid evaluation of scalar subqueries if the result of the
subquery does not change the result of the overall expression.
- Faster window function queries when using
"BETWEEN :x FOLLOWING AND :y FOLLOWING" with a large :y.
* Add the PRAGMA wal_checkpoint=NOOP; command and the
SQLITE_CHECKPOINT_NOOP argument for sqlite3_wal_checkpoint_v2().
* Add the sqlite3_set_errmsg() API for use by extensions.
* Add the sqlite3_db_status64() API, which works just like the
existing sqlite3_db_status() API except that it returns 64-bit
results.
* Add the SQLITE_DBSTATUS_TEMPBUF_SPILL option to the
sqlite3_db_status() and sqlite3_db_status64() interfaces.
* In the session extension add the sqlite3changeset_apply_v3()
interface.
* For the built-in printf() and the format() SQL function, omit
the leading '-' from negative floating point numbers if the '+'
flag is omitted and the "#" flag is present and all displayed
digits are '0'. Use '%#f' or similar to avoid outputs like
'-0.00' and instead show just '0.00'.
* Improved error messages generated by FTS5.
* Enforce STRICT typing on computed columns.
* Improved support for VxWorks
* JavaScript/WASM now supports 64-bit WASM. The canonical builds
continue to be 32-bit but creating one's own 64-bit build is
now as simple as running "make".
* Improved resistance to database corruption caused by an
application breaking Posix advisory locks using close().
- libssh
-
- CVE-2026-3731: Denial of Service via out-of-bounds read in SFTP extension name handler (bsc#1259377)
Added libssh-CVE-2026-3731.patch
- systemd
-
- Import commit a943e3ce2f655b8509038e31f03f5ded18f24683
a943e3ce2f machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
71593f77db udev: fix review mixup
73a89810b4 udev-builtin-net-id: print cescaped bad attributes
0f360bfdc0 udev-builtin-net_id: do not assume the current interface name is ethX
40905232e2 udev: ensure tag parsing stays within bounds
7bce9026e3 udev: ensure there is space for trailing NUL before calling sprintf
d018ac1ea3 udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit aef6e11921f8c46a2b7ee8cfab024c9c641d74d8
aef6e11921 core/cgroup: avoid one unnecessary strjoina()
cc7426f38a sd-json: fix off-by-one issue when updating parent for array elements
26a748f727 core: validate input cgroup path more prudently (bsc#1259418 CVE-2026-29111)
99d8308fde core/dbus-manager: propagate meaningful dbus errors from EnqueueMarkedJobs
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- Fix CVE-2023-45853, integer overflow and resultant heap-based buffer
overflow in zipOpenNewFileInZip4_6, bsc#1216378
* CVE-2023-45853.patch
- libzypp
-
- Fix preloader not caching packages from arch specific subrepos
(bsc#1253740)
- Deprioritize invalid mirrors (fixes openSUSE/zypper#636)
- version 17.38.5 (35)
- Fix Product::referencePackage lookup (bsc#1259311)
Use a provided autoproduct() as hint to the package name of the
release package. It might be that not just multiple versions of
the same release package provide the same product version, but
also different release packages.
- version 17.38.4 (35)
- specfile: on fedora use %{_prefix}/share as zyppconfdir if
%{_distconfdir} is undefined (fixes #693)
This will set '-DZYPPCONFDIR=%{zyppconfdir}' for cmake.
- Fall back to a writable location when precaching packages
without root (bsc#1247948)
- version 17.38.3 (35)
- uyuni-tools
-
- version 5.1.26-0
* Fix applying PTF with images from RPMs (bsc#1252548)
* Ssl Key file can miss if CA password is blank (bsc#1254154)
* mgrpxy ssh tuning should happens before crypto policies (bsc#1254619)
* Fix default value for helm registry (bsc#1258927).
* Remove hub register command
* Optimize postgres migration disk space usage (bsc#1257447)
* Add continuous database backup support (bsc#1250367)
* Explicitly start proxy pods after operations
(bsc#1258015)
* Use static supportconfig name to avoid dynamic search
(bsc#1257941)
* Do not nest multiple tarball files and instead collect
all files into one tarball (bsc#1252964)
* Show where final tarball was generated (bsc#1259208)
* Set proxy config file permissions (bsc#1257660)
- version 5.1.25-0
* If PTF image doesn't exists, use the current service image (bsc#1258418)
- openssh
-
- Add openssh-7.7p1-gssapi-new-unique.patch (bsc#1258166). This
allows using SSSD with a non-file backend.
- Add openssh-cve-2025-61984-username-validation.patch
(bsc#1251198, CVE-2025-61984).
- Add openssh-cve-2025-61985-nul-url-encode.patch
(bsc#1251199, CVE-2025-61985).
- python-PyJWT
-
- Add format-license.patch to work with older setuptools.
- Skip failing tests (gh#jpadilla/pyjwt#1153)
- Update to 2.12.1:
- Add missing typing_extensions dependency for Python < 3.11 in
[#1150]
- Update to 2.12.0:
- Fixed
- Annotate PyJWKSet.keys for pyright by @tamird in #1134
- Close HTTPError response to prevent ResourceWarning on
Python 3.14 by @veeceey in #1133
- Do not keep algorithms dict in PyJWK instances by @akx in
[#1143]
- Validate the crit (Critical) Header Parameter defined in
RFC 7515 §4.1.11. by @dmbs335 in GHSA-752w-5fwx-jx9f
(bsc#1259616, CVE-2026-32597).
- Use PyJWK algorithm when encoding without explicit
algorithm in #1148
- Added
- Docs: Add PyJWKClient API reference and document the
two-tier caching system (JWK Set cache and signing key LRU
cache). v2.11.0
- Fixed
- Enforce ECDSA curve validation per RFC 7518 Section 3.4.
- Fix build system warnings by @kurtmckee in #1105
- Validate key against allowed types for Algorithm family in
[#964]
- Add iterator for JWKSet in #1041
- Validate iss claim is a string during encoding and decoding
by @pachewise in #1040
- Improve typing/logic for options in decode, decode_complete
by @pachewise in #1045
- Declare float supported type for lifespan and timeout by
@nikitagashkov in #1068
- Fix SyntaxWarnings/DeprecationWarnings caused by invalid
escape sequences by @kurtmckee in #1103
- Development: Build a shared wheel once to speed up test
suite setup times by @kurtmckee in #1114
- Development: Test type annotations across all supported
Python versions, increase the strictness of the type
checking, and remove the mypy pre-commit hook by @kurtmckee
in #1112
- Added
- Support Python 3.14, and test against PyPy 3.10 and 3.11 by
@kurtmckee in #1104
- Development: Migrate to build to test package building in
CI by @kurtmckee in #1108
- Development: Improve coverage config and eliminate unused
test suite code by @kurtmckee in #1115
- Docs: Standardize CHANGELOG links to PRs by @kurtmckee in
[#1110]
- Docs: Fix Read the Docs builds by @kurtmckee in #1111
- Docs: Add example of using leeway with nbf by @djw8605 in
[#1034]
- Docs: Refactored docs with autodoc; added PyJWS and
jwt.algorithms docs by @pachewise in #1045
- Docs: Documentation improvements for "sub" and "jti" claims
by @cleder in #1088
- Development: Add pyupgrade as a pre-commit hook by
@kurtmckee in #1109
- Add minimum key length validation for HMAC and RSA keys
(CWE-326). Warns by default via InsecureKeyLengthWarning
when keys are below minimum recommended lengths per RFC
7518 Section 3.2 (HMAC) and NIST SP 800-131A (RSA). Pass
enforce_minimum_key_length=True in options to PyJWT or
PyJWS to raise InvalidKeyError instead.
- Refactor PyJWT to own an internal PyJWS instance instead of
calling global api_jws functions.
- Remove not needed update-alternatives requirement.
- Just use a wildcard for the dist-info metadata to make it
properly work on all setuptools versions.
- Wrap the metadata directory name in a distro-based conditional
- Lowercase metadata directory name.
- Update to version 2.10.1 (bsc#1234038, CVE-2024-53861):
* Prevent partial matching of iss claim. Thanks @fabianbadoi!
(See: GHSA-75c5-xw7c-p5pm)
- Update to version 2.10.0
* chore: use sequence for typing rather than list
* Add support for Python 3.13
* [pre-commit.ci] pre-commit autoupdate
* Add an RTD config file to resolve RTD build failures
* docs: Update iat exception docs
* Remove algorithm requirement for JWT API
* [pre-commit.ci] pre-commit autoupdate
* Create SECURITY.md
* docs fix: decode_complete scope and algorithms
* fix doctest for docs/usage.rst
* fix test_utils.py not to xfail
* Correct jwt.decode audience param doc expression
* Add PS256 encoding and decoding usage
* Add API docs for PyJWK
* Refactor project configuration files from setup.cfg to pyproject.toml PEP-518
* Add JWK support to JWT encode
* Update pre-commit hooks to lint pyproject.toml
* Add EdDSA algorithm encoding/decoding usage
* Ruff linter and formatter changes
* Validate sub and jti claims for the token
* Add ES256 usage
* Encode EC keys with a fixed bit length
* [pre-commit.ci] pre-commit autoupdate
* Drop support for Python 3.8
* Prepare 2.10.0 release
* Bump codecov/codecov-action from 4 to 5
* [pre-commit.ci] pre-commit autoupdate
- Fix requirements
- python-cryptography
-
- CVE-2026-26007: Subgroup Attack Due to Missing Subgroup
Validation for SECT Curves (bsc#1258074)
* added CVE-2026-26007.patch
- python-pyOpenSSL
-
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808)
Add patch CVE-2026-27459.patch
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
Add patch CVE-2026-27448.patch
- python311
-
- Fix changelog
- Add CVE-2026-2297-SourcelessFileLoader-io_open_code.patch
ensuring that `SourcelessFileLoader` uses `io.open_code` when
opening `.pyc` files (bsc#1259240, CVE-2026-2297).
- Update to 3.11.15:
- Security
- gh-144125: BytesGenerator will now refuse to serialize
(write) headers that are unsafely folded or delimited; see
verify_generated_headers. (Contributed by Bas Bloemsaat and
Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299).
- gh-143935: Fixed a bug in the folding of comments when
flattening an email message using a modern email policy.
Comments consisting of a very long sequence of non-foldable
characters could trigger a forced line wrap that omitted
the required leading space on the continuation line,
causing the remainder of the comment to be interpreted as
a new header field. This enabled header injection with
carefully crafted inputs (bsc#1257029 CVE-2025-11468).
- gh-143925: Reject control characters in data: URL media
types (bsc#1257046, CVE-2025-15282).
- gh-143919: Reject control characters in http.cookies.Morsel
fields and values (bsc#1257031, CVE-2026-0672).
- gh-143916: Reject C0 control characters within
wsgiref.headers.Headers fields, values, and parameters
(bsc#1257042, CVE-2026-0865).
- gh-142145: Remove quadratic behavior in xml.minidom node ID
cache clearing. In order to do this without breaking
existing users, we also add the ownerDocument attribute to
xml.dom.minidom elements and attributes created by directly
instantiating the Element or Attr class. Note that this way
of creating nodes is not supported; creator functions like
xml.dom.Document.documentElement() should be used instead
(bsc#1254997, CVE-2025-12084).
- gh-137836: Add support of the “plaintext” element, RAWTEXT
elements “xmp”, “iframe”, “noembed” and “noframes”, and
optionally RAWTEXT element “noscript” in
html.parser.HTMLParser.
- gh-136063: email.message: ensure linear complexity for
legacy HTTP parameters parsing. Patch by Bénédikt Tran.
- gh-136065: Fix quadratic complexity in
os.path.expandvars() (bsc#1252974, CVE-2025-6075).
- gh-119451: Fix a potential memory denial of service in the
http.client module. When connecting to a malicious server,
it could cause an arbitrary amount of memory to be
allocated. This could have led to symptoms including
a MemoryError, swapping, out of memory (OOM) killed
processes or containers, or even system crashes
(CVE-2025-13836, bsc#1254400).
- gh-119452: Fix a potential memory denial of service in the
http.server module. When a malicious user is connected to
the CGI server on Windows, it could cause an arbitrary
amount of memory to be allocated. This could have led to
symptoms including a MemoryError, swapping, out of memory
(OOM) killed processes or containers, or even system
crashes.
- gh-119342: Fix a potential memory denial of service in the
plistlib module. When reading a Plist file received from
untrusted source, it could cause an arbitrary amount of
memory to be allocated. This could have led to symptoms
including a MemoryError, swapping, out of memory (OOM)
killed processes or containers, or even system crashes
(bsc#1254401, CVE-2025-13837).
- Library
- gh-144833: Fixed a use-after-free in ssl when SSL_new()
returns NULL in newPySSLSocket(). The error was reported
via a dangling pointer after the object had already been
freed.
- gh-144363: Update bundled libexpat to 2.7.4
- gh-90949: Add SetAllocTrackerActivationThreshold() and
SetAllocTrackerMaximumAmplification() to xmlparser objects
to prevent use of disproportional amounts of dynamic memory
from within an Expat parser. Patch by Bénédikt Tran.
- Core and Builtins
- gh-120384: Fix an array out of bounds crash in
list_ass_subscript, which could be invoked via some
specificly tailored input: including concurrent
modification of a list object, where one thread assigns
a slice and another clears it.
- gh-120298: Fix use-after free in list_richcompare_impl
which can be invoked via some specificly tailored evil
input.
Remove upstreamed patches:
- CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2025-12084-minidom-quad-search.patch
- CVE-2025-13836-http-resp-cont-len.patch
- CVE-2025-13837-plistlib-mailicious-length.patch
- CVE-2025-6075-expandvars-perf-degrad.patch
- CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- CVE-2025-12781: fix decoding with non-standard Base64 alphabet
(bsc#1257108, gh#python/cpython#125346)
CVE-2025-12781-b64decode-alt-chars.patch
- read-only-root-fs
-
- Add patch to fix workaround for read-only / subvolumes (bsc#1252892):
* 0001-Fix-workaround-for-read-only-subvolumes-by-remountin.patch
- proxy-httpd-image
-
n/a
- proxy-salt-broker-image
-
n/a
- proxy-squid-image
-
n/a
- proxy-ssh-image
-
n/a
- proxy-tftpd-image
-
n/a
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- Add tar-fix-deletion-from-archive.patch
* Fixes tar creating invalid tarballs when used with --delete (bsc#1246607)
* Add makeinfo build requirement, needed after the addition of the patch
- vim
-
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
* Refresh the following patches:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
* Remove autoconf from BuildRequires and drop the autoconf call in %build.
* Package new Swedish (sv) man pages and clean up duplicate encodings
(sv.ISO8859-1 and sv.UTF-8) during %install.
- zypper
-
- Report download progress for command line rpms (fixes #613)
- Hint to '-vv ref' to see the mirrors used to download the
metadata (bsc#1257882)
- Service: Allow "zypper ls SERVICE ..." to test whether a
service with this alias is defined (bsc#1252744)
The command prints an abstract of all services passed on the
command line. It returns 3-ZYPPER_EXIT_ERR_INVALID_ARGS if some
argument does not name an existing service.
- Keep repo data when updating the service settings (bsc#1252744)
- info: Enhance pattern content table (bsc#1158038)
Alternatives (multiple packages providing the same requirement)
are now listed as a single entry in the content table. The entry
shows either the installed package which satisfies the
requirement or the requirement itself as type 'Provides'.
Listing all potential alternatives was miss leading, especially
if the alternatives were mutual exclusive. It looked like an
installed pattern had not-installed requirements and it was not
possible to install all requirements at the same time.
- version 1.14.95