- 000release-packages:SL-Micro-release
-
n/a
- cockpit
-
- Update dependencies for bsc#1257324/CVE-2025-13465
- crun
-
- make sure the opened .krun_config.json is below the rootfs directory
and we don't follow any symlink. (CVE-2025-24965, bsc#1237421)
* krun-fix-CVE-2025-24965.patch
- curl
-
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- kernel-source:kernel-default
-
- ALSA: usb-audio: fix uac2 clock source at terminal parser
(git-fixes).
- commit 74497c6
- nfsd: fix return error codes for nfsd_map_name_to_id
(bsc#1232223).
- commit 24071c5
- nfsd: do not defer requests during idmap lookup in v4 compound
decode (bsc#1232223).
- commit 4b41b11
- tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (CVE-2025-40149 bsc#1253355).
- commit c8fb6ed
- smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427).
- commit 0f10629
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- commit a7ae1b3
- smc: Fix use-after-free in __pnet_find_base_ndev()
(CVE-2025-40064 bsc#1252845).
- commit 2971b90
- tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795).
- commit fcb52d9
- Update
patches.suse/ASoC-Intel-bytcr_rt5640-Fix-invalid-quirk-input-mapp.patch
(git-fixes CVE-2025-40154 bsc#1253431).
- Update
patches.suse/ASoC-Intel-bytcr_rt5651-Fix-invalid-quirk-input-mapp.patch
(git-fixes CVE-2025-40121 bsc#1253367).
- Update
patches.suse/Bluetooth-ISO-Fix-possible-UAF-on-iso_conn_free.patch
(git-fixes CVE-2025-40141 bsc#1253352).
- Update
patches.suse/EDAC-i10nm-Skip-DIMM-enumeration-on-a-disabled-memor.patch
(git-fixes CVE-2025-40157 bsc#1253423).
- Update
patches.suse/PM-devfreq-mtk-cci-Fix-potential-error-pointer-deref.patch
(git-fixes CVE-2025-40156 bsc#1253428).
- Update
patches.suse/Squashfs-reject-negative-file-sizes-in-squashfs_read_inode.patch
(git-fixes CVE-2025-40200 bsc#1253448).
- Update
patches.suse/accel-qaic-Treat-remaining-0-as-error-in-find_and_ma.patch
(git-fixes CVE-2025-40172 bsc#1253424).
- Update
patches.suse/bpf-Fix-metadata_dst-leak-__bpf_redirect_neigh_v-4-6.patch
(git-fixes CVE-2025-40183 bsc#1253441).
- Update
patches.suse/btrfs-avoid-potential-out-of-bounds-in-btrfs_encode_.patch
(git-fixes CVE-2025-40205 bsc#1253456).
- Update
patches.suse/can-hi311x-fix-null-pointer-dereference-when-resumin.patch
(stable-fixes CVE-2025-40107 bsc#1253018).
- Update
patches.suse/cpufreq-intel_pstate-Fix-object-lifecycle-issue-in-update_qos_request.patch
(stable-fixes git-fixes CVE-2025-40194 bsc#1253445).
- Update
patches.suse/crypto-rng-Ensure-set_ent-is-always-present.patch
(git-fixes CVE-2025-40109 bsc#1253176).
- Update
patches.suse/drm-vmwgfx-Fix-Use-after-free-in-validation.patch
(git-fixes CVE-2025-40111 bsc#1253362).
- Update
patches.suse/drm-vmwgfx-Fix-a-null-ptr-access-in-the-cursor-snoop.patch
(git-fixes CVE-2025-40110 bsc#1253275).
- Update
patches.suse/ext4-avoid-potential-buffer-over-read-in-parse_apply.patch
(git-fixes CVE-2025-40198 bsc#1253453).
- Update
patches.suse/hwrng-ks-sa-fix-division-by-zero-in-ks_sa_rng_init.patch
(git-fixes CVE-2025-40127 bsc#1253369).
- Update
patches.suse/mailbox-zynqmp-ipi-Fix-out-of-bounds-access-in-mailb.patch
(git-fixes CVE-2025-40180 bsc#1253440).
- Update
patches.suse/media-v4l2-subdev-Fix-alloc-failure-check-in-v4l2_su.patch
(git-fixes CVE-2025-40207 bsc#1253395).
- Update
patches.suse/net-usb-Remove-disruptive-netif_wake_queue-in-rtl815.patch
(git-fixes CVE-2025-40140 bsc#1253349).
- Update
patches.suse/net-usb-asix-hold-PM-usage-ref-to-avoid-PM-MDIO-RTNL.patch
(git-fixes CVE-2025-40120 bsc#1253360).
- Update
patches.suse/nvmet-fc-move-lsop-put-work-to-nvmet_fc_ls_req_op.patch
(bsc#1245193 bsc#1247500 CVE-2025-40171 bsc#1253412).
- Update
patches.suse/pwm-berlin-Fix-wrong-register-in-suspend-resume.patch
(git-fixes CVE-2025-40188 bsc#1253449).
- Update
patches.suse/scsi-mpt3sas-Fix-crash-in-transport-port-remove-by-using-i.patch
(git-fixes CVE-2025-40115 bsc#1253318).
- Update
patches.suse/scsi-pm80xx-Fix-array-index-out-of-of-bounds-on-rmmod.patch
(git-fixes CVE-2025-40118 bsc#1253363).
- Update
patches.suse/sunrpc-fix-null-pointer-dereference-on-zero-length-checksum.patch
(git-fixes CVE-2025-40129 bsc#1253472).
- Update
patches.suse/tcp-Don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch
(git-fixes CVE-2025-40186 bsc#1253438).
- Update
patches.suse/usb-host-max3421-hcd-Fix-error-pointer-dereference-i.patch
(git-fixes CVE-2025-40116 bsc#1253324).
- Update
patches.suse/usbnet-Fix-using-smp_processor_id-in-preemptible-cod.patch
(git-fixes CVE-2025-40164 bsc#1253407).
- commit d8d3cd1
- ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794).
- commit d58640c
- kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794).
- commit 7047515
- net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794).
- commit bc25dd4
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40074 bsc#1252794).
- commit ba856a3
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074
bsc#1252794).
- commit 74e34e6
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40074 bsc#1252794).
- commit bef51be
- ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794).
- refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch
- commit 7eda2f1
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40074 bsc#1252794).
- commit 172fe2b
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40074 bsc#1252794).
- commit d644653
- net: dst: annotate data-races around dst->output (CVE-2025-40074
bsc#1252794).
- commit a54672b
- net: dst: annotate data-races around dst->input (CVE-2025-40074
bsc#1252794).
- commit ffc43da
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40074 bsc#1252794).
- commit 8826356
- net: dst: annotate data-races around dst->expires
(CVE-2025-40074 bsc#1252794).
- commit 2c55499
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40074 bsc#1252794).
- commit 2ab42e2
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40074 bsc#1252794).
- commit 3c39f8c
- net: gro: convert four dev_net() calls (CVE-2025-40074
bsc#1252794).
- commit cf41694
- tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794).
- commit 2fe0b75
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40074 bsc#1252794).
- commit 5a73952
- Refresh patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
Fix the missing mutex unlock at the error path
- commit f1238c1
- x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
- Refresh
patches.suse/x86-amd_nb-Add-new-PCI-IDs-for-AMD-family-1Ah-model-60h.patch.
- commit 5a88cd1
- ALSA: hda: Fix missing pointer check in
hda_component_manager_init function (git-fixes).
- commit 39c22db
- tools: lib: thermal: don't preserve owner in install
(stable-fixes).
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
(stable-fixes).
- usb: gadget: f_fs: Fix epfile null pointer access after ep
enable (stable-fixes).
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
(stable-fixes).
- usb: xhci: plat: Facilitate using autosuspend for xhci plat
devices (stable-fixes).
- usb: cdns3: gadget: Use-after-free during failed initialization
and exit of cdnsp gadget (stable-fixes).
- usb: gadget: f_hid: Fix zero length packet transfer
(stable-fixes).
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
(stable-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
(stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before
power-on (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922
device (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check
(stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
(stable-fixes).
- commit 7dad19b
- tools: lib: thermal: use pkg-config to locate libnl3
(stable-fixes).
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
register 0 (stable-fixes).
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge
(stable-fixes).
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups
(stable-fixes).
- soc: qcom: smem: Fix endian-unaware access of num_entries
(stable-fixes).
- soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
- pinctrl: single: fix bias pull up/down handling in
pin_config_set (stable-fixes).
- power: supply: qcom_battmgr: handle charging state change
notifications (stable-fixes).
- power: supply: sbs-charger: Support multiple devices
(stable-fixes).
- power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
- spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
- spi: loopback-test: Don't use %pK through printk (stable-fixes).
- commit 47c8f1c
- NFS4: Fix state renewals missing after boot (git-fixes).
- commit 1f41fdb
- NFS: check if suid/sgid was cleared after a write as needed
(git-fixes).
- commit 6f2e3ba
- nfs4_setup_readdir(): insufficient locking for
- >d_parent->d_inode dereferencing (git-fixes).
- commit cbc0708
- PCI: cadence: Check for the existence of cdns_pcie::ops before
using it (stable-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw
spinlock (git-fixes).
- PCI: dwc: Verify the single eDMA IRQ in
dw_pcie_edma_irq_verify() (stable-fixes).
- PCI/PM: Skip resuming to D0 if device is disconnected
(stable-fixes).
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
(stable-fixes).
- PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
(stable-fixes).
- phy: renesas: r8a779f0-ether-serdes: add new step added to
latest datasheet (stable-fixes).
- net: phy: clear link parameters on admin link down
(stable-fixes).
- net: phy: marvell: Fix 88e1510 downshift counter errata
(stable-fixes).
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
(stable-fixes).
- net: phy: fixed_phy: let fixed_phy_unregister free the
phy_device (stable-fixes).
- media: redrat3: use int type to store negative error codes
(stable-fixes).
- media: ov08x40: Fix the horizontal flip control (stable-fixes).
- media: i2c: og01a1b: Specify monochrome media bus format
instead of Bayer (stable-fixes).
- media: adv7180: Only validate format in querystd (stable-fixes).
- media: adv7180: Do not write format to device in set_fmt
(stable-fixes).
- media: adv7180: Add missing lock in suspend callback
(stable-fixes).
- media: fix uninitialized symbol warnings (stable-fixes).
- media: imon: make send_packet() more robust (stable-fixes).
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for
VIDEO_CAMERA_SENSOR (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release()
(stable-fixes).
- mfd: madera: Work around false-positive -Wininitialized warning
(stable-fixes).
- mfd: da9063: Split chip variant reading in two bus transactions
(stable-fixes).
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
- mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
(stable-fixes).
- memstick: Add timeout to prevent indefinite waiting
(stable-fixes).
- mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
- commit 8c57bbb
- NFSv4.1: fix mount hang after CREATE_SESSION failure
(git-fixes).
- commit c832cc2
- NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
- commit aaacda9
- ima: don't clear IMA_DIGSIG flag when setting or removing
non-IMA xattr (stable-fixes).
- iio: adc: imx93_adc: load calibrated values even calibration
failed (stable-fixes).
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg
sample before setting register (stable-fixes).
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
(stable-fixes).
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
(stable-fixes).
- hwmon: sy7636a: add alias (stable-fixes).
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support
(stable-fixes).
- hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based
models (stable-fixes).
- commit f501af0
- jfs: fix uninitialized waitqueue in transaction manager
(git-fixes).
- commit 0b36ea1
- jfs: Verify inode mode when loading from disk (git-fixes).
- commit 475a90c
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
(git-fixes).
- commit 5b8d1e6
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- commit d98de00
- drm/amd/display: ensure committing streams is seamless
(stable-fixes).
- commit 0def0fa
- exfat: limit log print for IO error (git-fixes).
- commit 1fa4a3d
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released
(stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs*
(stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
(stable-fixes).
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
(stable-fixes).
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for
APU devices (stable-fixes).
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
(stable-fixes).
- fbdev: Add bounds checking in bit_putcs to fix
vmalloc-out-of-bounds (stable-fixes).
- extcon: adc-jack: Fix wakeup source leaks on device unbind
(stable-fixes).
- char: misc: Does not request module for miscdevice with dynamic
minor (stable-fixes).
- char: misc: Make misc_register() reentry for miscdevice who
wants dynamic minor (stable-fixes).
- drm/amd/display: Add AVI infoframe copy in
copy_stream_update_to_stream (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
(stable-fixes).
- drm/msm: make sure to not queue up recovery more than once
(stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
(stable-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
(stable-fixes).
- drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info
(stable-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects
(stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
(stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case
(stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping
(stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
(stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
(stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table
(stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
(stable-fixes).
- drm/bridge: display-connector: don't set OP_DETECT for
DisplayPorts (stable-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode
(stable-fixes).
- drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
(stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW
(stable-fixes).
- commit 304e918
- tcp: correct handling of extreme memory squeeze (bsc#1253779
CVE-2025-21710 bsc#1237888).
- commit bba09b0
- net: tcp: send zero-window ACK when no memory (bsc#1253779).
- commit f54e913
- ACPI: property: Return present device nodes only on fwnode
interface (stable-fixes).
- commit 7bfc861
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
(stable-fixes).
- commit d4e809a
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids
(stable-fixes).
- commit cea477f
- ACPICA: Update dsmethod.c to get rid of unused variable warning
(stable-fixes).
- commit 47d058d
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method() (stable-fixes).
- commit a383be8
- tools/cpupower: Fix incorrect size in cpuidle_state_disable()
(stable-fixes).
- commit 2d1aa96
- tools/cpupower: fix error return value in cpupower_write_sysfs()
(stable-fixes).
- commit c9d6e6c
- tools/power x86_energy_perf_policy: Prefer driver HWP limits
(stable-fixes).
- commit e772bc7
- tools/power x86_energy_perf_policy: Enhance HWP enable
(stable-fixes).
- commit 1133dff
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode
usage (stable-fixes).
- commit 23d6e42
- Update
patches.suse/net-smc-Remove-validation-of-reserved-bits-in-CLC-Decline-.patch
(bsc#1252353).
- commit d9fe289
- crypto: aspeed - fix double free caused by devm (git-fixes).
- dmaengine: dw-edma: Set status for callback_result
(stable-fixes).
- dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof()
(stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in
nvkm_snprintbf() (stable-fixes).
- char: misc: restrict the dynamic range to exclude reserved
minors (stable-fixes).
- crypto: aspeed-acry - Convert to platform remove callback
returning void (stable-fixes).
- commit 89d05dd
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
(stable-fixes).
- ALSA: usb-audio: don't log messages meant for 1810c when
initializing 1824c (git-fixes).
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
(stable-fixes).
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
(stable-fixes).
- Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
- Bluetooth: bcsp: receive data only if registered (stable-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting
HCI frames (stable-fixes).
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
(stable-fixes).
- accel/habanalabs/gaudi2: read preboot status after recovering
from dirty state (stable-fixes).
- accel/habanalabs: support mapping cb with vmalloc-backed
coherent memory (stable-fixes).
- accel/habanalabs/gaudi2: fix BMON disable configuration
(stable-fixes).
- accel/habanalabs: return ENOMEM if less than requested pages
were pinned (stable-fixes).
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007
(stable-fixes).
- ASoC: stm32: sai: manage context in set_sysclk callback
(stable-fixes).
- ALSA: usb-audio: add mono main switch to Presonus S1824c
(stable-fixes).
- ASoC: qcom: sc8280xp: explicitly set S16LE format in
sc8280xp_be_hw_params_fixup() (stable-fixes).
- ALSA: serial-generic: remove shared static buffer
(stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
(stable-fixes).
- commit d6deb82
- octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (CVE-2025-39944 bsc#1251120)
- commit f5c6371
- ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (CVE-2025-39859 bsc#1250252)
- commit b475528
- x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
- commit 879f123
- x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
- commit 3042143
- net: macb: fix unregister_netdev call order in macb_remove() (CVE-2025-39805 bsc#1249982)
- commit 8a9576d
- x86/bugs: Report correct retbleed mitigation status (git-fixes).
- commit 11da480
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
- commit 265ca5a
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
- commit 0a4b156
- net/ip6_tunnel: Prevent perpetual tunnel growth (CVE-2025-40173
bsc#1253421).
- commit 2d9c02f
- net/smc: Remove validation of reserved bits in CLC Decline
message (bsc#1253779).
- commit 6b0f67d
- cramfs: Verify inode mode when loading from disk (git-fixes).
- commit 593324b
- minixfs: Verify inode mode when loading from disk (git-fixes).
- commit a428067
- Add missing bugzilla reference to net fix (bsc#1250237 CVE-2025-40206 bsc#1253393)
- commit 9ef65cb
- Input: imx_sc_key - fix memory corruption on unload (git-fixes).
- Input: pegasus-notetaker - fix potential out-of-bounds access
(git-fixes).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
- commit a07d058
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
(CVE-2025-40001 bsc#1252303).
- commit 2c846dd
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc()
(git-fixes).
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
(git-fixes).
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
(git-fixes).
- Revert "drm/tegra: dsi: Clear enable register if powered by
bootloader" (git-fixes).
- drm/tegra: Add call to put_pid() (git-fixes).
- drm/tegra: dc: Fix reference leak in tegra_dc_couple()
(git-fixes).
- commit 401121e
- tls: wait for pending async decryptions if tls_strp_msg_hold
fails (CVE-2025-40176 bsc#1253425).
- commit 411c26e
- series.conf: reorder misplaced patches from kABI section
Fix misplaced patches in the kABI section by restoring correct order.
- commit f6506b9
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return
codes to errnos (git-fixes).
- commit e814a2b
- vfs: Don't leak disconnected dentries on umount (CVE-2025-40105
bsc#1252928).
- commit 29d6b54
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is
updated (git-fixes).
- commit f6f6b8f
- KVM: VMX: Fix check for valid GVA on an EPT violation
(git-fixes).
- commit dab0856
- KVM: x86: Don't treat ENTER and LEAVE as branches, because
they aren't (git-fixes).
- commit 4d07448
- HID: uclogic: Fix potential memory leak in error path
(git-fixes).
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
(git-fixes).
- HID: amd_sfh: Stop sensor before starting (git-fixes).
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
(git-fixes).
- commit 98129db
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- uio_hv_generic: Let userspace take care of interrupt mask (git-fixes CVE-2025-40048 bsc#1252862).
- net/mana: fix warning in the writer of client oob (git-fixes).
- uio_hv_generic: Query the ringbuffer size for device (git-fixes).
- Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
- commit 0473d84
- sctp: Fix MAC comparison to be constant-time (CVE-2025-40204
bsc#1253436).
- commit 53f522f
- tracing: dynevent: Add a missing lockdown check on dynevent
(CVE-2025-40021 bsc#1252681).
- commit c113400
- Update
patches.suse/netfilter-nft_objref-validate-objref-and-objrefmap-e.patch
(bsc#1250237 CVE-2025-40206).
Inserted series, updated CVE reference and mainline
- commit 617e07d
- selftests/bpf: Close fd in error path in drop_on_reuseport
(git-fixes).
- commit 9eacaa7
- selftests/bpf: Close obj in error path in xdp_adjust_tail
(git-fixes).
- commit 32804dc
- selftests/bpf: Use pid_t consistently in test_progs.c
(git-fixes).
- commit 12adc35
- bpf: Reject negative offsets for ALU ops (CVE-2025-40169
bsc#1253416).
- commit 004bd79
- mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference
(git-fixes).
- mtdchar: fix integer overflow in read/write ioctls (git-fixes).
- commit fd43643
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083 bsc#1252912).
- commit 517474e
- mm/secretmem: fix use-after-free race in fault handler
(git-fixes).
- commit 8bf2ad9
- mm/mm_init: fix hash table order logging in
alloc_large_system_hash() (git-fixes).
- commit fdeb2e0
- xsk: Harden userspace-supplied xdp_desc validation
(CVE-2025-40159 bsc#1253403).
- commit 7cd1a7d
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c
(git-fixes).
- commit f67cafa
- selftests/bpf: Fix missing UINT_MAX definitions in benchmarks
(git-fixes).
- commit 172ead3
- selftests/bpf: Fix missing BUILD_BUG_ON() declaration
(git-fixes).
- commit 67585df
- drm/vmwgfx: Validate command header size against
SVGA_CMD_MAX_DATASIZE (git-fixes).
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
(git-fixes).
- acpi,srat: Fix incorrect device handle check for Generic
Initiator (git-fixes).
- spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
- regulator: fixed: fix GPIO descriptor leak on register failure
(git-fixes).
- ASoC: codecs: va-macro: fix resource leak in probe error path
(git-fixes).
- ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd (git-fixes).
- crypto: hisilicon/qm - Fix device reference leak in
qm_get_qos_value (git-fixes).
- commit c9e8681
- s390/mm: Fix in_atomic() handling in do_secure_storage_access()
(git-fixes CVE-2025-38359 bsc#1247076).
- s390/mm,fault: simplify kfence fault handling (bsc#1247076).
- commit 5eab67b
- Bluetooth: L2CAP: export l2cap_chan_hold for modules
(stable-fixes).
- commit 0d1ed96
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
(git-fixes).
- ACPI: CPPC: Perform fast check switch only for online CPUs
(git-fixes).
- ACPI: CPPC: Check _CPC validity for only the online CPUs
(git-fixes).
- wifi: mwl8k: inject DSSS Parameter Set element into beacons
if missing (git-fixes).
- wifi: mac80211: skip rate verification for not captured PSDUs
(git-fixes).
- wifi: ath11k: zero init info->status in
wmi_process_mgmt_tx_comp() (git-fixes).
- wifi: mac80211: reject address change while connecting
(git-fixes).
- Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
(git-fixes).
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type
confusion (git-fixes).
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
(git-fixes).
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid
UAF (git-fixes).
- Bluetooth: MGMT: cancel mesh send timer when hdev removed
(git-fixes).
- strparser: Fix signed/unsigned mismatch bug (git-fixes).
- commit 22e4e84
- bpf: make sure skb->len != 0 when redirecting to a tunneling device (CVE-2022-50253 bsc#1249912)
- commit 9d76bea
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (CVE-2025-39788 bsc#1249547)
- commit 8ecb142
- drm/amd/display: Check dce_hwseq before dereferencing it (CVE-2025-38361 bsc#1247079)
- commit c29726d
- NFSD: Skip close replay processing if XDR encoding fails
(git-fixes).
- commit a56f52a
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails
(git-fixes).
- commit bd549b4
- NFSD: free copynotify stateid in nfs4_free_ol_stateid()
(git-fixes).
- commit e5427cd
- perf script: add --addr2line option (bsc#1247509).
- commit b555487
- scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786 CVE-2023-53676).
- commit 9f54767
- crypto: iaa - Do not clobber req->base.data (git-fixes).
- commit 5feccb5
- btrfs: scrub: put bio after errors in
scrub_raid56_parity_stripe() (git-fixes).
- commit 065dd63
- btrfs: do not update last_log_commit when logging inode due
to a new name (git-fixes).
- commit c42dda1
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
(git-fixes).
- commit 187ad0b
- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from
SEV-ES guest (git-fixes).
- commit ce2cf8f
- KVM: x86: Add helper to retrieve current value of user return
MSR (git-fixes).
- commit aaea082
- KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while
running the guest (git-fixes).
- commit 6c43180
- btrfs: tree-checker: fix the wrong output of data backref
objectid (git-fix).
- commit b216859
- btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
- commit 1ee428c
- btrfs: avoid page_lockend underflow in
btrfs_punch_hole_lock_range() (git-fix).
- commit 0febf2a
- btrfs: run btrfs_error_commit_super() early (git-fix).
- commit 8643309
- btrfs: tree-checker: add dev extent item checks (git-fix).
- commit 48bfe9b
- btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
- commit 4308950
- btrfs: avoid using fixed char array size for tree names
(git-fix).
- commit f141f17
- btrfs: tree-checker: validate dref root and objectid (git-fix).
- commit 3243d37
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
(git-fix).
- commit 36065ed
- btrfs: qgroup: correctly model root qgroup rsv in convert
(git-fix).
- commit 9e4469e
- btrfs: tree-checker: add type and sequence check for inline
backrefs (git-fix).
- commit d1d2092
- btrfs: scrub: put bio after errors in
scrub_raid56_parity_stripe() (git-fix).
- commit ee165a1
- Alt-commit updates
- Refresh
patches.suse/drm-amd-display-Fix-brightness-level-not-retained-ov.patch.
- Refresh
patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch.
- Refresh
patches.suse/drm-i915-dsi-Use-TRANS_DDI_FUNC_CTL-s-own-port-width.patch.
- Refresh
patches.suse/drm-panel-simple-Update-timings-for-AUO-G101EVN010.patch.
- Refresh
patches.suse/drm-sched-Add-locking-to-drm_sched_entity_modify_sch.patch.
- commit 1d2b5d5
- KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
APIs (git-fixes).
- commit baa92d8
- KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
(git-fixes).
- commit 508e295
- btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging
new name (git-fixes).
- commit c373962
- btrfs: simplify error handling logic for btrfs_link()
(git-fixes).
- commit 5e3a1fc
- btrfs: fix inode leak on failure to add link to inode
(git-fixes).
- commit 5155c3a
- btrfs: abort transaction on failure to add link to inode
(git-fixes).
- commit 91c4075
- btrfs: rename err to ret in btrfs_link() (git-fixes).
- commit 4d5a044
- btrfs: send: fix duplicated rmdir operations when using extrefs
(git-fixes).
- commit 2c08529
- KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
supported (git-fixes).
- commit 78a2926
- KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
flag (git-fixes).
- commit d3c0a38
- KVM: x86: Convert vcpu_run()'s immediate exit param into a
generic bitmap (git-fixes).
- commit b58dbd2
- Delete
patches.kabi/KVM-x86-Snapshot-the-host-s-DEBUGCTL-in-common-x86.patch.
Now that kabi/severities is amended to ignore
xfer_to_guest_mode_handle_work(), drop the unneeded kABI workaround.
- commit 27b5996
- btrfs: mark dirty extent range for out of bound prealloc extents
(git-fixes).
- commit d11dc7c
- btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot() (git-fixes).
- commit 0e43958
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
- commit add9d74
- kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if
KVM maps MMIO into the guest (git-fixes) (git-fixes).
- commit 10ade44
- pds_core: remove write-after-free of client_id (CVE-2025-37916 bsc#1243474)
- commit 40805a0
- coresight: Fix incorrect handling for return value of devm_kzalloc (CVE-2025-40059 bsc#1252809)
- commit f7e7b0e
- ocfs2: fix double free in user_cluster_connect() (CVE-2025-40055 bsc#1252821)
- commit 9897d8a
- pinctrl: check the return value of
pinmux_ops::get_function_name() (CVE-2025-40030 bsc#1252773).
- commit 060cddf
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO
into the guest (git-fixes).
- commit 0701a3a
- pps: fix warning in pps_register_cdev when register device fail
(CVE-2025-40070 bsc#1252836).
- commit 98a58ce
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when
making a SPTE (git-fixes).
- commit 15e0a05
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_get_acpi_mute_state() (CVE-2025-40098 bsc#1252917).
- commit 8b9eeeb
- rtc: rx8025: fix incorrect register reference (git-fixes).
- drm/amd: Fix suspend failure with secure display TA (git-fixes).
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments
(git-fixes).
- drm/i915: Fix conversion between clock ticks and nanoseconds
(git-fixes).
- drm/i915: Avoid lock inversion when pinning to GGTT on
CHV/BXT+VTD (git-fixes).
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
(git-fixes).
- Documentation: ACPI: i2c-muxes: fix I2C device references
(git-fixes).
- ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround
for GCC (git-fixes).
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to
netgroup (git-fixes).
- net: usb: qmi_wwan: initialize MAC header offset in
qmimux_rx_fixup (git-fixes).
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
(git-fixes).
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2()
(git-fixes).
- Bluetooth: hci_event: validate skb length for unknown CC opcode
(git-fixes).
- wifi: zd1211rw: fix potential memory leak in
__zd_usb_enable_rx() (git-fixes).
- Revert "wifi: ath10k: avoid unnecessary wait for service ready
message" (git-fixes).
- media: uvcvideo: Use heuristic to find stream entity
(git-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races
with stall event (git-fixes).
- xhci: dbc: Avoid event polling busyloop if pending rx transfers
are inactive (git-fixes).
- xhci: dbc: Improve performance by removing delay in transfer
event polling (stable-fixes).
- xhci: dbc: Allow users to modify DbC poll interval via sysfs
(stable-fixes).
- xhci: dbc: poll at different rate depending on data transfer
activity (stable-fixes).
- commit 6309683
- x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
- Refresh patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch.
- Refresh patches.suse/x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-client.
- commit d7ef23e
- x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
- commit 85fd0b8
- fs/smb: Fix inconsistent refcnt update (bsc#1250176,
CVE-2025-39819).
- commit 966a58e
- kabi/severities: drop xfer_to_guest_mode_handle_work
This is part of KVM, and it is already ignored in SL-16.0. The function
only takes a pointer to a KVM struct and feeds it back to the KVM
subsystem.
- commit dc5bb81
- net/9p: fix double req put in p9_fd_cancelled (CVE-2025-40027
bsc#1252763).
- commit bff03bd
- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't
valid (CVE-2025-40038 bsc#1252817).
- commit d00fe85
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails
to allocate psock->cork (bsc#1250705).
- commit fd68ed6
- scsi: libfc: Prevent integer overflow in fc_fcp_recv_data()
(git-fixes).
- scsi: mpt3sas: Fix crash in transport port remove by using
ioc_info() (git-fixes).
- scsi: hpsa: Fix potential memory leak in
hpsa_big_passthru_ioctl() (git-fixes).
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
(git-fixes).
- md: fix mssing blktrace bio split events (git-fixes).
- md/raid1: fix data lost for writemostly rdev (git-fixes).
- scsi: core: sysfs: Correct sysfs attributes access rights
(git-fixes).
- block: fix kobject double initialization in add_disk
(git-fixes).
- block: avoid possible overflow for chunk_sectors check in
blk_stack_limits() (git-fixes).
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel
scans (git-fixes).
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
- commit 59aa14f
- nexthop: Forbid FDB status change while nexthop is in a group
(CVE-2025-39980 bsc#1252063).
- commit 44a7e79
- mm/ksm: fix flag-dropping behavior in ksm_madvise
(CVE-2025-40040 bsc#1252780).
- commit ff8401e
- serial: 8250_mtk: Enable baud clock and manage in runtime PM
(git-fixes).
- serial: 8250_exar: add support for Advantech 2 port card with
Device ID 0x0018 (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode
(git-fixes).
- commit c2ea229
- selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
- commit 0165696
- selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete
failure (git-fixes).
- commit 2116607
- selftests/bpf: fix signedness bug in redir_partial()
(git-fixes).
- commit b261c17
- util-linux
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).
- curl:mini
-
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- expat
-
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- libsolv
-
- fixed rare crash in the handling of allowuninstall in combination
with forcebest updates
- new pool_satisfieddep_map feature to test if a set of packages
satisfies a dependency
- bump version to 0.7.35
- libxml2
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libzypp
-
- Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros.
See the ZYPP.CONF(5) man page for details.
- Fix runtime check for broken rpm --runposttrans (bsc#1257068)
- version 17.38.2 (35)
- Avoid libcurl-mini4 when building as it does not support ftp
protocol.
- Translation: updated .pot file.
- version 17.38.1 (35)
- zypp.conf: follow the UAPI configuration file specification
(PED-14658)
In short terms it means we will no longer ship an
/etc/zypp/zypp.conf, but store our own defaults in
/usr/etc/zypp/zypp.conf. The systems administrator may choose to
keep a full copy in /etc/zypp/zypp.conf ignoring our config file
settings completely, or - the preferred way - to overwrite
specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files.
See the ZYPP.CONF(5) man page for details.
- cmake: correctly detect rpm6 (fixes #689)
- Use 'zypp.tmp' as temp directory component to ease setting up
SELinux policies (bsc#1249435)
- zyppng: Update Provider to current MediaCurl2 download
approach, drop Metalink ( fixes #682 )
- version 17.38.0 (35)
- podman
-
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- libxml2:python
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- python-urllib3
-
- Add security patches:
* CVE-2025-66471 (bsc#1254867)
* CVE-2025-66418 (bsc#1254866)
- suseconnect-ng
-
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- util-linux:systemd
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).