- 000release-packages:SL-Micro-release
-
- fix issue generator.conf bsc#1256098
- cloud-netconfig:ec2
-
- Update to version 1.16
+ Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223
+ Fix variable names in the README
- cockpit-podman
-
- Update dependencies for bsc#1257324/CVE-2025-13465
- curl
-
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- Security fixes:
* [bsc#1255731, CVE-2025-14524] if redirected, require permission to use bearer
* [bsc#1255734, CVE-2025-15224] require private key or user-agent for public key auth
* [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
* [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file
* Add patches:
- curl-CVE-2025-14524.patch
- curl-CVE-2025-15224.patch
- curl-CVE-2025-14819.patch
- curl-CVE-2025-15079.patch
- Security fix: [bsc#1253757, CVE-2025-11563]
* curl: wcurl path traversal with percent-encoded slashes
* Add curl-CVE-2025-11563.patch
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- Add CVE fixes:
+ glib2-CVE-2025-13601-1.patch, glib2-CVE-2025-13601-2.patch
(bsc#1254297 CVE-2025-13601 glgo#GNOME/glib#3827).
+ glib2-CVE-2025-14087-1.patch, glib2-CVE-2025-14087-2.patch,
glib2-CVE-2025-14087-3.patch (bsc#1254662 CVE-2025-14087
glgo#GNOME/glib#3834).
+ glib2-CVE-2025-14512.patch (bsc#1254878 CVE-2025-14512
glgo#GNOME/glib#3845).
- gpg2
-
- Security fix [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- Security fix: [bsc#1255715, CVE-2025-68973] (gpg.fail/memcpy)
* gpg: Fix possible memory corruption in the armor parser [T7906]
* Add gnupg-CVE-2025-68973.patch
- Security fix: [bsc#1256246] (gpg.fail/sha1)
* gpg: Avoid potential downgrade to SHA1 in 3rd party key signatures [T7904]
* Add gnupg-gpg-Avoid-potential-downgrade-to-SHA1-in-3rd-party-keysig.patch
- Security fix: [bsc#1256244] (gpg.fail/detached)
* gpg: Error out on unverified output for non-detached signatures [T7903]
* Add gnupg-gpg-Error-out-on-unverified-output-for-non-detached-signatures.patch
- Security fix: [bsc#1256243]
* gpg2 agent: Fix a memory leak
* Add patch gnupg-agent-memleak.patch
- Security fix: [bsc#1256390] (gpg.fail/notdash)
* gpg2: Cleartext Signature Forgery in the NotDashEscaped header
implementation in GnuPG
* Add patch gnupg-notdash-escape.patch
- grub2
-
- Optimize PBKDF2 to reduce the decryption time (bsc#1248516)
* 0001-lib-crypto-Introduce-new-HMAC-functions-to-reuse-buf.patch
* 0002-lib-pbkdf2-Optimize-PBKDF2-by-reusing-HMAC-handle.patch
* 0001-kern-misc-Implement-faster-grub_memcpy-for-aligned-b.patch
- kernel-source:kernel-default
-
- ALSA: usb-audio: fix uac2 clock source at terminal parser
(git-fixes).
- commit 74497c6
- nfsd: fix return error codes for nfsd_map_name_to_id
(bsc#1232223).
- commit 24071c5
- nfsd: do not defer requests during idmap lookup in v4 compound
decode (bsc#1232223).
- commit 4b41b11
- tls: Use __sk_dst_get() and dst_dev_rcu() in
get_netdev_for_sock() (CVE-2025-40149 bsc#1253355).
- commit c8fb6ed
- smc: Use __sk_dst_get() and dst_dev_rcu() in
smc_clc_prfx_match() (CVE-2025-40168 bsc#1253427).
- commit 0f10629
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- commit a7ae1b3
- smc: Fix use-after-free in __pnet_find_base_ndev()
(CVE-2025-40064 bsc#1252845).
- commit 2971b90
- tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075 bsc#1252795).
- commit fcb52d9
- Update
patches.suse/ASoC-Intel-bytcr_rt5640-Fix-invalid-quirk-input-mapp.patch
(git-fixes CVE-2025-40154 bsc#1253431).
- Update
patches.suse/ASoC-Intel-bytcr_rt5651-Fix-invalid-quirk-input-mapp.patch
(git-fixes CVE-2025-40121 bsc#1253367).
- Update
patches.suse/Bluetooth-ISO-Fix-possible-UAF-on-iso_conn_free.patch
(git-fixes CVE-2025-40141 bsc#1253352).
- Update
patches.suse/EDAC-i10nm-Skip-DIMM-enumeration-on-a-disabled-memor.patch
(git-fixes CVE-2025-40157 bsc#1253423).
- Update
patches.suse/PM-devfreq-mtk-cci-Fix-potential-error-pointer-deref.patch
(git-fixes CVE-2025-40156 bsc#1253428).
- Update
patches.suse/Squashfs-reject-negative-file-sizes-in-squashfs_read_inode.patch
(git-fixes CVE-2025-40200 bsc#1253448).
- Update
patches.suse/accel-qaic-Treat-remaining-0-as-error-in-find_and_ma.patch
(git-fixes CVE-2025-40172 bsc#1253424).
- Update
patches.suse/bpf-Fix-metadata_dst-leak-__bpf_redirect_neigh_v-4-6.patch
(git-fixes CVE-2025-40183 bsc#1253441).
- Update
patches.suse/btrfs-avoid-potential-out-of-bounds-in-btrfs_encode_.patch
(git-fixes CVE-2025-40205 bsc#1253456).
- Update
patches.suse/can-hi311x-fix-null-pointer-dereference-when-resumin.patch
(stable-fixes CVE-2025-40107 bsc#1253018).
- Update
patches.suse/cpufreq-intel_pstate-Fix-object-lifecycle-issue-in-update_qos_request.patch
(stable-fixes git-fixes CVE-2025-40194 bsc#1253445).
- Update
patches.suse/crypto-rng-Ensure-set_ent-is-always-present.patch
(git-fixes CVE-2025-40109 bsc#1253176).
- Update
patches.suse/drm-vmwgfx-Fix-Use-after-free-in-validation.patch
(git-fixes CVE-2025-40111 bsc#1253362).
- Update
patches.suse/drm-vmwgfx-Fix-a-null-ptr-access-in-the-cursor-snoop.patch
(git-fixes CVE-2025-40110 bsc#1253275).
- Update
patches.suse/ext4-avoid-potential-buffer-over-read-in-parse_apply.patch
(git-fixes CVE-2025-40198 bsc#1253453).
- Update
patches.suse/hwrng-ks-sa-fix-division-by-zero-in-ks_sa_rng_init.patch
(git-fixes CVE-2025-40127 bsc#1253369).
- Update
patches.suse/mailbox-zynqmp-ipi-Fix-out-of-bounds-access-in-mailb.patch
(git-fixes CVE-2025-40180 bsc#1253440).
- Update
patches.suse/media-v4l2-subdev-Fix-alloc-failure-check-in-v4l2_su.patch
(git-fixes CVE-2025-40207 bsc#1253395).
- Update
patches.suse/net-usb-Remove-disruptive-netif_wake_queue-in-rtl815.patch
(git-fixes CVE-2025-40140 bsc#1253349).
- Update
patches.suse/net-usb-asix-hold-PM-usage-ref-to-avoid-PM-MDIO-RTNL.patch
(git-fixes CVE-2025-40120 bsc#1253360).
- Update
patches.suse/nvmet-fc-move-lsop-put-work-to-nvmet_fc_ls_req_op.patch
(bsc#1245193 bsc#1247500 CVE-2025-40171 bsc#1253412).
- Update
patches.suse/pwm-berlin-Fix-wrong-register-in-suspend-resume.patch
(git-fixes CVE-2025-40188 bsc#1253449).
- Update
patches.suse/scsi-mpt3sas-Fix-crash-in-transport-port-remove-by-using-i.patch
(git-fixes CVE-2025-40115 bsc#1253318).
- Update
patches.suse/scsi-pm80xx-Fix-array-index-out-of-of-bounds-on-rmmod.patch
(git-fixes CVE-2025-40118 bsc#1253363).
- Update
patches.suse/sunrpc-fix-null-pointer-dereference-on-zero-length-checksum.patch
(git-fixes CVE-2025-40129 bsc#1253472).
- Update
patches.suse/tcp-Don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch
(git-fixes CVE-2025-40186 bsc#1253438).
- Update
patches.suse/usb-host-max3421-hcd-Fix-error-pointer-dereference-i.patch
(git-fixes CVE-2025-40116 bsc#1253324).
- Update
patches.suse/usbnet-Fix-using-smp_processor_id-in-preemptible-cod.patch
(git-fixes CVE-2025-40164 bsc#1253407).
- commit d8d3cd1
- ipv4: start using dst_dev_rcu() (CVE-2025-40074 bsc#1252794).
- commit d58640c
- kabi: hide dst_entry::dev_rcu (CVE-2025-40074 bsc#1252794).
- commit 7047515
- net: dst: introduce dst->dev_rcu (CVE-2025-40074 bsc#1252794).
- commit bc25dd4
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40074 bsc#1252794).
- commit ba856a3
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40074
bsc#1252794).
- commit 74e34e6
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40074 bsc#1252794).
- commit bef51be
- ipv6: adopt dst_dev() helper (CVE-2025-40074 bsc#1252794).
- refresh patches.suse/net-ip6_tunnel-Prevent-perpetual-tunnel-growth.patch
- commit 7eda2f1
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40074 bsc#1252794).
- commit 172fe2b
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40074 bsc#1252794).
- commit d644653
- net: dst: annotate data-races around dst->output (CVE-2025-40074
bsc#1252794).
- commit a54672b
- net: dst: annotate data-races around dst->input (CVE-2025-40074
bsc#1252794).
- commit ffc43da
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40074 bsc#1252794).
- commit 8826356
- net: dst: annotate data-races around dst->expires
(CVE-2025-40074 bsc#1252794).
- commit 2c55499
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40074 bsc#1252794).
- commit 2ab42e2
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40074 bsc#1252794).
- commit 3c39f8c
- net: gro: convert four dev_net() calls (CVE-2025-40074
bsc#1252794).
- commit cf41694
- tcp: convert to dev_net_rcu() (CVE-2025-40074 bsc#1252794).
- commit 2fe0b75
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40074 bsc#1252794).
- commit 5a73952
- Refresh patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
Fix the missing mutex unlock at the error path
- commit f1238c1
- x86/amd_nb: Add new PCI IDs for AMD family 0x1a (stable-fixes).
- Refresh
patches.suse/x86-amd_nb-Add-new-PCI-IDs-for-AMD-family-1Ah-model-60h.patch.
- commit 5a88cd1
- ALSA: hda: Fix missing pointer check in
hda_component_manager_init function (git-fixes).
- commit 39c22db
- tools: lib: thermal: don't preserve owner in install
(stable-fixes).
- watchdog: s3c2410_wdt: Fix max_timeout being calculated larger
(stable-fixes).
- usb: gadget: f_fs: Fix epfile null pointer access after ep
enable (stable-fixes).
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs
(stable-fixes).
- usb: xhci: plat: Facilitate using autosuspend for xhci plat
devices (stable-fixes).
- usb: cdns3: gadget: Use-after-free during failed initialization
and exit of cdnsp gadget (stable-fixes).
- usb: gadget: f_hid: Fix zero length packet transfer
(stable-fixes).
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet
(stable-fixes).
- wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256
(stable-fixes).
- wifi: ath10k: Fix connection after GTK rekeying (stable-fixes).
- wifi: rtw88: sdio: use indirect IO for device registers before
power-on (stable-fixes).
- wifi: mt76: mt7996: Temporarily disable EPCS (stable-fixes).
- wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922
device (stable-fixes).
- wifi: mac80211: Fix HE capabilities element check
(stable-fixes).
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556
(stable-fixes).
- commit 7dad19b
- tools: lib: thermal: use pkg-config to locate libnl3
(stable-fixes).
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf
register 0 (stable-fixes).
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge
(stable-fixes).
- soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups
(stable-fixes).
- soc: qcom: smem: Fix endian-unaware access of num_entries
(stable-fixes).
- soc: aspeed: socinfo: Add AST27xx silicon IDs (stable-fixes).
- pinctrl: single: fix bias pull up/down handling in
pin_config_set (stable-fixes).
- power: supply: qcom_battmgr: handle charging state change
notifications (stable-fixes).
- power: supply: sbs-charger: Support multiple devices
(stable-fixes).
- power: supply: qcom_battmgr: add OOI chemistry (stable-fixes).
- spi: rpc-if: Add resume support for RZ/G3E (stable-fixes).
- spi: loopback-test: Don't use %pK through printk (stable-fixes).
- commit 47c8f1c
- NFS4: Fix state renewals missing after boot (git-fixes).
- commit 1f41fdb
- NFS: check if suid/sgid was cleared after a write as needed
(git-fixes).
- commit 6f2e3ba
- nfs4_setup_readdir(): insufficient locking for
- >d_parent->d_inode dereferencing (git-fixes).
- commit cbc0708
- PCI: cadence: Check for the existence of cdns_pcie::ops before
using it (stable-fixes).
- PCI: rcar-host: Convert struct rcar_msi mask_lock into raw
spinlock (git-fixes).
- PCI: dwc: Verify the single eDMA IRQ in
dw_pcie_edma_irq_verify() (stable-fixes).
- PCI/PM: Skip resuming to D0 if device is disconnected
(stable-fixes).
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call
(stable-fixes).
- PCI: Disable MSI on RDC PCI to PCIe bridges (stable-fixes).
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy
(stable-fixes).
- phy: renesas: r8a779f0-ether-serdes: add new step added to
latest datasheet (stable-fixes).
- net: phy: clear link parameters on admin link down
(stable-fixes).
- net: phy: marvell: Fix 88e1510 downshift counter errata
(stable-fixes).
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms
(stable-fixes).
- net: phy: fixed_phy: let fixed_phy_unregister free the
phy_device (stable-fixes).
- media: redrat3: use int type to store negative error codes
(stable-fixes).
- media: ov08x40: Fix the horizontal flip control (stable-fixes).
- media: i2c: og01a1b: Specify monochrome media bus format
instead of Bayer (stable-fixes).
- media: adv7180: Only validate format in querystd (stable-fixes).
- media: adv7180: Do not write format to device in set_fmt
(stable-fixes).
- media: adv7180: Add missing lock in suspend callback
(stable-fixes).
- media: fix uninitialized symbol warnings (stable-fixes).
- media: imon: make send_packet() more robust (stable-fixes).
- media: i2c: Kconfig: Ensure a dependency on HAVE_CLK for
VIDEO_CAMERA_SENSOR (stable-fixes).
- media: amphion: Delete v4l2_fh synchronously in .release()
(stable-fixes).
- mfd: madera: Work around false-positive -Wininitialized warning
(stable-fixes).
- mfd: da9063: Split chip variant reading in two bus transactions
(stable-fixes).
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (stable-fixes).
- mfd: stmpe: Remove IRQ domain upon removal (stable-fixes).
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card
(stable-fixes).
- memstick: Add timeout to prevent indefinite waiting
(stable-fixes).
- mmc: host: renesas_sdhi: Fix the actual clock (stable-fixes).
- commit 8c57bbb
- NFSv4.1: fix mount hang after CREATE_SESSION failure
(git-fixes).
- commit c832cc2
- NFSv4: handle ERR_GRACE on delegation recalls (git-fixes).
- commit aaacda9
- ima: don't clear IMA_DIGSIG flag when setting or removing
non-IMA xattr (stable-fixes).
- iio: adc: imx93_adc: load calibrated values even calibration
failed (stable-fixes).
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg
sample before setting register (stable-fixes).
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040
(stable-fixes).
- hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex
(stable-fixes).
- hwmon: sy7636a: add alias (stable-fixes).
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support
(stable-fixes).
- hwmon: (k10temp) Add device ID for Strix Halo (stable-fixes).
- hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based
models (stable-fixes).
- commit f501af0
- jfs: fix uninitialized waitqueue in transaction manager
(git-fixes).
- commit 0b36ea1
- jfs: Verify inode mode when loading from disk (git-fixes).
- commit 475a90c
- extcon: adc-jack: Cleanup wakeup source only if it was enabled
(git-fixes).
- commit 5b8d1e6
- drm/amd/display: Disable VRR on DCE 6 (stable-fixes).
- commit d98de00
- drm/amd/display: ensure committing streams is seamless
(stable-fixes).
- commit 0def0fa
- exfat: limit log print for IO error (git-fixes).
- commit 1fa4a3d
- drm/amd/display: Fix black screen with HDMI outputs (git-fixes).
- fbcon: Set fb_display[i]->mode to NULL when the mode is released
(stable-fixes).
- fbdev: bitblit: bound-check glyph index in bit_putcs*
(stable-fixes).
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS
(stable-fixes).
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug
(stable-fixes).
- drm/amdgpu: Fix NULL pointer dereference in VRAM logic for
APU devices (stable-fixes).
- drm/amd/pm: Disable MCLK switching on SI at high pixel clocks
(stable-fixes).
- fbdev: Add bounds checking in bit_putcs to fix
vmalloc-out-of-bounds (stable-fixes).
- extcon: adc-jack: Fix wakeup source leaks on device unbind
(stable-fixes).
- char: misc: Does not request module for miscdevice with dynamic
minor (stable-fixes).
- char: misc: Make misc_register() reentry for miscdevice who
wants dynamic minor (stable-fixes).
- drm/amd/display: Add AVI infoframe copy in
copy_stream_update_to_stream (stable-fixes).
- drm/amdgpu: reject gang submissions under SRIOV (stable-fixes).
- drm/amd/display: Fix DVI-D/HDMI adapters (stable-fixes).
- drm/amd: Avoid evicting resources at S5 (stable-fixes).
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl
(stable-fixes).
- drm/msm: make sure to not queue up recovery more than once
(stable-fixes).
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate
(stable-fixes).
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL
(stable-fixes).
- drm/amdgpu: don't enable SMU on cyan skillfish (stable-fixes).
- drm/amdgpu: add support for cyan skillfish gpu_info
(stable-fixes).
- drm/amd: add more cyan skillfish PCI ids (stable-fixes).
- drm/amdgpu: Allow kfd CRIU with no buffer objects
(stable-fixes).
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption
(stable-fixes).
- drm/amdkfd: fix vram allocation failure for a special case
(stable-fixes).
- drm/amdkfd: Handle lack of READ permissions in SVM mapping
(stable-fixes).
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs
(stable-fixes).
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff
(stable-fixes).
- drm/amd/pm: Use cached metrics data on arcturus (stable-fixes).
- drm/amd/pm: Use cached metrics data on aldebaran (stable-fixes).
- drm/amd/display: update dpp/disp clock from smu clock table
(stable-fixes).
- drm/amd/display: add more cyan skillfish devices (stable-fixes).
- drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration
(stable-fixes).
- drm/bridge: display-connector: don't set OP_DETECT for
DisplayPorts (stable-fixes).
- drm/tidss: Set crtc modesetting parameters with adjusted mode
(stable-fixes).
- drm/bridge: cdns-dsi: Don't fail on MIPI_DSI_MODE_VIDEO_BURST
(stable-fixes).
- drm/bridge: cdns-dsi: Fix REG_WAKEUP_TIME value (stable-fixes).
- drm/tidss: Use the crtc_* timings when programming the HW
(stable-fixes).
- commit 304e918
- tcp: correct handling of extreme memory squeeze (bsc#1253779
CVE-2025-21710 bsc#1237888).
- commit bba09b0
- net: tcp: send zero-window ACK when no memory (bsc#1253779).
- commit f54e913
- ACPI: property: Return present device nodes only on fwnode
interface (stable-fixes).
- commit 7bfc861
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA
(stable-fixes).
- commit d4e809a
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids
(stable-fixes).
- commit cea477f
- ACPICA: Update dsmethod.c to get rid of unused variable warning
(stable-fixes).
- commit 47d058d
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in
acpi_ds_call_control_method() (stable-fixes).
- commit a383be8
- tools/cpupower: Fix incorrect size in cpuidle_state_disable()
(stable-fixes).
- commit 2d1aa96
- tools/cpupower: fix error return value in cpupower_write_sysfs()
(stable-fixes).
- commit c9d6e6c
- tools/power x86_energy_perf_policy: Prefer driver HWP limits
(stable-fixes).
- commit e772bc7
- tools/power x86_energy_perf_policy: Enhance HWP enable
(stable-fixes).
- commit 1133dff
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode
usage (stable-fixes).
- commit 23d6e42
- Update
patches.suse/net-smc-Remove-validation-of-reserved-bits-in-CLC-Decline-.patch
(bsc#1252353).
- commit d9fe289
- crypto: aspeed - fix double free caused by devm (git-fixes).
- dmaengine: dw-edma: Set status for callback_result
(stable-fixes).
- dmaengine: mv_xor: match alloc_wc and free_wc (stable-fixes).
- crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof()
(stable-fixes).
- drm/nouveau: replace snprintf() with scnprintf() in
nvkm_snprintbf() (stable-fixes).
- char: misc: restrict the dynamic range to exclude reserved
minors (stable-fixes).
- crypto: aspeed-acry - Convert to platform remove callback
returning void (stable-fixes).
- commit 89d05dd
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
(stable-fixes).
- ALSA: usb-audio: don't log messages meant for 1810c when
initializing 1824c (git-fixes).
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down
(stable-fixes).
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity
(stable-fixes).
- Bluetooth: SCO: Fix UAF on sco_conn_free (stable-fixes).
- Bluetooth: bcsp: receive data only if registered (stable-fixes).
- Bluetooth: btusb: Check for unexpected bytes when defragmenting
HCI frames (stable-fixes).
- amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
(stable-fixes).
- accel/habanalabs/gaudi2: read preboot status after recovering
from dirty state (stable-fixes).
- accel/habanalabs: support mapping cb with vmalloc-backed
coherent memory (stable-fixes).
- accel/habanalabs/gaudi2: fix BMON disable configuration
(stable-fixes).
- accel/habanalabs: return ENOMEM if less than requested pages
were pinned (stable-fixes).
- ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007
(stable-fixes).
- ASoC: stm32: sai: manage context in set_sysclk callback
(stable-fixes).
- ALSA: usb-audio: add mono main switch to Presonus S1824c
(stable-fixes).
- ASoC: qcom: sc8280xp: explicitly set S16LE format in
sc8280xp_be_hw_params_fixup() (stable-fixes).
- ALSA: serial-generic: remove shared static buffer
(stable-fixes).
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (stable-fixes).
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units
(stable-fixes).
- commit d6deb82
- octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() (CVE-2025-39944 bsc#1251120)
- commit f5c6371
- ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog (CVE-2025-39859 bsc#1250252)
- commit b475528
- x86/bugs: Fix reporting of LFENCE retpoline (git-fixes).
- commit 879f123
- x86/vmscape: Add old Intel CPUs to affected list (git-fixes).
- commit 3042143
- net: macb: fix unregister_netdev call order in macb_remove() (CVE-2025-39805 bsc#1249982)
- commit 8a9576d
- x86/bugs: Report correct retbleed mitigation status (git-fixes).
- commit 11da480
- x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (git-fixes).
- commit 265ca5a
- x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode (git-fixes).
- commit 0a4b156
- net/ip6_tunnel: Prevent perpetual tunnel growth (CVE-2025-40173
bsc#1253421).
- commit 2d9c02f
- net/smc: Remove validation of reserved bits in CLC Decline
message (bsc#1253779).
- commit 6b0f67d
- cramfs: Verify inode mode when loading from disk (git-fixes).
- commit 593324b
- minixfs: Verify inode mode when loading from disk (git-fixes).
- commit a428067
- Add missing bugzilla reference to net fix (bsc#1250237 CVE-2025-40206 bsc#1253393)
- commit 9ef65cb
- Input: imx_sc_key - fix memory corruption on unload (git-fixes).
- Input: pegasus-notetaker - fix potential out-of-bounds access
(git-fixes).
- Input: atmel_mxt_ts - allow reset GPIO to sleep (stable-fixes).
- commit a07d058
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
(CVE-2025-40001 bsc#1252303).
- commit 2c846dd
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc()
(git-fixes).
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
(git-fixes).
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
(git-fixes).
- Revert "drm/tegra: dsi: Clear enable register if powered by
bootloader" (git-fixes).
- drm/tegra: Add call to put_pid() (git-fixes).
- drm/tegra: dc: Fix reference leak in tegra_dc_couple()
(git-fixes).
- commit 401121e
- tls: wait for pending async decryptions if tls_strp_msg_hold
fails (CVE-2025-40176 bsc#1253425).
- commit 411c26e
- series.conf: reorder misplaced patches from kABI section
Fix misplaced patches in the kABI section by restoring correct order.
- commit f6506b9
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return
codes to errnos (git-fixes).
- commit e814a2b
- vfs: Don't leak disconnected dentries on umount (CVE-2025-40105
bsc#1252928).
- commit 29d6b54
- KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is
updated (git-fixes).
- commit f6f6b8f
- KVM: VMX: Fix check for valid GVA on an EPT violation
(git-fixes).
- commit dab0856
- KVM: x86: Don't treat ENTER and LEAVE as branches, because
they aren't (git-fixes).
- commit 4d07448
- HID: uclogic: Fix potential memory leak in error path
(git-fixes).
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version()
(git-fixes).
- HID: amd_sfh: Stop sensor before starting (git-fixes).
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155
(git-fixes).
- commit 98129db
- scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
- uio_hv_generic: Let userspace take care of interrupt mask (git-fixes CVE-2025-40048 bsc#1252862).
- net/mana: fix warning in the writer of client oob (git-fixes).
- uio_hv_generic: Query the ringbuffer size for device (git-fixes).
- Drivers: hv: vmbus: Add utility function for querying ring size (git-fixes).
- commit 0473d84
- sctp: Fix MAC comparison to be constant-time (CVE-2025-40204
bsc#1253436).
- commit 53f522f
- tracing: dynevent: Add a missing lockdown check on dynevent
(CVE-2025-40021 bsc#1252681).
- commit c113400
- Update
patches.suse/netfilter-nft_objref-validate-objref-and-objrefmap-e.patch
(bsc#1250237 CVE-2025-40206).
Inserted series, updated CVE reference and mainline
- commit 617e07d
- selftests/bpf: Close fd in error path in drop_on_reuseport
(git-fixes).
- commit 9eacaa7
- selftests/bpf: Close obj in error path in xdp_adjust_tail
(git-fixes).
- commit 32804dc
- selftests/bpf: Use pid_t consistently in test_progs.c
(git-fixes).
- commit 12adc35
- bpf: Reject negative offsets for ALU ops (CVE-2025-40169
bsc#1253416).
- commit 004bd79
- mtd: onenand: Pass correct pointer to IRQ handler (git-fixes).
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference
(git-fixes).
- mtdchar: fix integer overflow in read/write ioctls (git-fixes).
- commit fd43643
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083 bsc#1252912).
- commit 517474e
- mm/secretmem: fix use-after-free race in fault handler
(git-fixes).
- commit 8bf2ad9
- mm/mm_init: fix hash table order logging in
alloc_large_system_hash() (git-fixes).
- commit fdeb2e0
- xsk: Harden userspace-supplied xdp_desc validation
(CVE-2025-40159 bsc#1253403).
- commit 7cd1a7d
- selftests/bpf: Fix missing ARRAY_SIZE() definition in bench.c
(git-fixes).
- commit f67cafa
- selftests/bpf: Fix missing UINT_MAX definitions in benchmarks
(git-fixes).
- commit 172ead3
- selftests/bpf: Fix missing BUILD_BUG_ON() declaration
(git-fixes).
- commit 67585df
- drm/vmwgfx: Validate command header size against
SVGA_CMD_MAX_DATASIZE (git-fixes).
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4
(git-fixes).
- acpi,srat: Fix incorrect device handle check for Generic
Initiator (git-fixes).
- spi: Try to get ACPI GPIO IRQ earlier (git-fixes).
- regulator: fixed: fix GPIO descriptor leak on register failure
(git-fixes).
- ASoC: codecs: va-macro: fix resource leak in probe error path
(git-fixes).
- ASoC: cs4271: Fix regulator leak on probe failure (git-fixes).
- ALSA: usb-audio: Fix NULL pointer dereference in
snd_usb_mixer_controls_badd (git-fixes).
- crypto: hisilicon/qm - Fix device reference leak in
qm_get_qos_value (git-fixes).
- commit c9e8681
- s390/mm: Fix in_atomic() handling in do_secure_storage_access()
(git-fixes CVE-2025-38359 bsc#1247076).
- s390/mm,fault: simplify kfence fault handling (bsc#1247076).
- commit 5eab67b
- Bluetooth: L2CAP: export l2cap_chan_hold for modules
(stable-fixes).
- commit 0d1ed96
- ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs
(git-fixes).
- ACPI: CPPC: Perform fast check switch only for online CPUs
(git-fixes).
- ACPI: CPPC: Check _CPC validity for only the online CPUs
(git-fixes).
- wifi: mwl8k: inject DSSS Parameter Set element into beacons
if missing (git-fixes).
- wifi: mac80211: skip rate verification for not captured PSDUs
(git-fixes).
- wifi: ath11k: zero init info->status in
wmi_process_mgmt_tx_comp() (git-fixes).
- wifi: mac80211: reject address change while connecting
(git-fixes).
- Bluetooth: 6lowpan: add missing l2cap_chan_lock() (git-fixes).
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions
(git-fixes).
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type
confusion (git-fixes).
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
(git-fixes).
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid
UAF (git-fixes).
- Bluetooth: MGMT: cancel mesh send timer when hdev removed
(git-fixes).
- strparser: Fix signed/unsigned mismatch bug (git-fixes).
- commit 22e4e84
- bpf: make sure skb->len != 0 when redirecting to a tunneling device (CVE-2022-50253 bsc#1249912)
- commit 9d76bea
- scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (CVE-2025-39788 bsc#1249547)
- commit 8ecb142
- drm/amd/display: Check dce_hwseq before dereferencing it (CVE-2025-38361 bsc#1247079)
- commit c29726d
- NFSD: Skip close replay processing if XDR encoding fails
(git-fixes).
- commit a56f52a
- NFSD: Never cache a COMPOUND when the SEQUENCE operation fails
(git-fixes).
- commit bd549b4
- NFSD: free copynotify stateid in nfs4_free_ol_stateid()
(git-fixes).
- commit e5427cd
- perf script: add --addr2line option (bsc#1247509).
- commit b555487
- scsi: target: iscsi: Fix buffer overflow in
lio_target_nacl_info_show() (bsc#1251786 CVE-2023-53676).
- commit 9f54767
- crypto: iaa - Do not clobber req->base.data (git-fixes).
- commit 5feccb5
- btrfs: scrub: put bio after errors in
scrub_raid56_parity_stripe() (git-fixes).
- commit 065dd63
- btrfs: do not update last_log_commit when logging inode due
to a new name (git-fixes).
- commit c42dda1
- KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2
(git-fixes).
- commit 187ad0b
- KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from
SEV-ES guest (git-fixes).
- commit ce2cf8f
- KVM: x86: Add helper to retrieve current value of user return
MSR (git-fixes).
- commit aaea082
- KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while
running the guest (git-fixes).
- commit 6c43180
- btrfs: tree-checker: fix the wrong output of data backref
objectid (git-fix).
- commit b216859
- btrfs: fix COW handling in run_delalloc_nocow() (git-fix).
- commit 1ee428c
- btrfs: avoid page_lockend underflow in
btrfs_punch_hole_lock_range() (git-fix).
- commit 0febf2a
- btrfs: run btrfs_error_commit_super() early (git-fix).
- commit 8643309
- btrfs: tree-checker: add dev extent item checks (git-fix).
- commit 48bfe9b
- btrfs: tree-checker: reject BTRFS_FT_UNKNOWN dir type (git-fix).
- commit 4308950
- btrfs: avoid using fixed char array size for tree names
(git-fix).
- commit f141f17
- btrfs: tree-checker: validate dref root and objectid (git-fix).
- commit 3243d37
- btrfs: make btrfs_clear_delalloc_extent() free delalloc reserve
(git-fix).
- commit 36065ed
- btrfs: qgroup: correctly model root qgroup rsv in convert
(git-fix).
- commit 9e4469e
- btrfs: tree-checker: add type and sequence check for inline
backrefs (git-fix).
- commit d1d2092
- btrfs: scrub: put bio after errors in
scrub_raid56_parity_stripe() (git-fix).
- commit ee165a1
- Alt-commit updates
- Refresh
patches.suse/drm-amd-display-Fix-brightness-level-not-retained-ov.patch.
- Refresh
patches.suse/drm-amdkfd-Don-t-call-mmput-from-MMU-notifier-callba.patch.
- Refresh
patches.suse/drm-i915-dsi-Use-TRANS_DDI_FUNC_CTL-s-own-port-width.patch.
- Refresh
patches.suse/drm-panel-simple-Update-timings-for-AUO-G101EVN010.patch.
- Refresh
patches.suse/drm-sched-Add-locking-to-drm_sched_entity_modify_sch.patch.
- commit 1d2b5d5
- KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter
APIs (git-fixes).
- commit baa92d8
- KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter
(git-fixes).
- commit 508e295
- btrfs: set inode flag BTRFS_INODE_COPY_EVERYTHING when logging
new name (git-fixes).
- commit c373962
- btrfs: simplify error handling logic for btrfs_link()
(git-fixes).
- commit 5e3a1fc
- btrfs: fix inode leak on failure to add link to inode
(git-fixes).
- commit 5155c3a
- btrfs: abort transaction on failure to add link to inode
(git-fixes).
- commit 91c4075
- btrfs: rename err to ret in btrfs_link() (git-fixes).
- commit 4d5a044
- btrfs: send: fix duplicated rmdir operations when using extrefs
(git-fixes).
- commit 2c08529
- KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is
supported (git-fixes).
- commit 78a2926
- KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN
flag (git-fixes).
- commit d3c0a38
- KVM: x86: Convert vcpu_run()'s immediate exit param into a
generic bitmap (git-fixes).
- commit b58dbd2
- Delete
patches.kabi/KVM-x86-Snapshot-the-host-s-DEBUGCTL-in-common-x86.patch.
Now that kabi/severities is amended to ignore
xfer_to_guest_mode_handle_work(), drop the unneeded kABI workaround.
- commit 27b5996
- btrfs: mark dirty extent range for out of bound prealloc extents
(git-fixes).
- commit d11dc7c
- btrfs: use smp_mb__after_atomic() when forcing COW in
create_pending_snapshot() (git-fixes).
- commit 0e43958
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (git-fixes).
- commit add9d74
- kABI fix for KVM: VMX: Apply MMIO Stale Data mitigation if
KVM maps MMIO into the guest (git-fixes) (git-fixes).
- commit 10ade44
- pds_core: remove write-after-free of client_id (CVE-2025-37916 bsc#1243474)
- commit 40805a0
- coresight: Fix incorrect handling for return value of devm_kzalloc (CVE-2025-40059 bsc#1252809)
- commit f7e7b0e
- ocfs2: fix double free in user_cluster_connect() (CVE-2025-40055 bsc#1252821)
- commit 9897d8a
- pinctrl: check the return value of
pinmux_ops::get_function_name() (CVE-2025-40030 bsc#1252773).
- commit 060cddf
- KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO
into the guest (git-fixes).
- commit 0701a3a
- pps: fix warning in pps_register_cdev when register device fail
(CVE-2025-40070 bsc#1252836).
- commit 98a58ce
- KVM: x86/mmu: Locally cache whether a PFN is host MMIO when
making a SPTE (git-fixes).
- commit 15e0a05
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_get_acpi_mute_state() (CVE-2025-40098 bsc#1252917).
- commit 8b9eeeb
- rtc: rx8025: fix incorrect register reference (git-fixes).
- drm/amd: Fix suspend failure with secure display TA (git-fixes).
- drm/amd/display: Fix NULL deref in debugfs odm_combine_segments
(git-fixes).
- drm/i915: Fix conversion between clock ticks and nanoseconds
(git-fixes).
- drm/i915: Avoid lock inversion when pinning to GGTT on
CHV/BXT+VTD (git-fixes).
- drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
(git-fixes).
- Documentation: ACPI: i2c-muxes: fix I2C device references
(git-fixes).
- ACPI: SBS: Fix present test in acpi_battery_read() (git-fixes).
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround
for GCC (git-fixes).
- wifi: mac80211_hwsim: Limit destroy_on_close radio removal to
netgroup (git-fixes).
- net: usb: qmi_wwan: initialize MAC header offset in
qmimux_rx_fixup (git-fixes).
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe()
(git-fixes).
- Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2()
(git-fixes).
- Bluetooth: hci_event: validate skb length for unknown CC opcode
(git-fixes).
- wifi: zd1211rw: fix potential memory leak in
__zd_usb_enable_rx() (git-fixes).
- Revert "wifi: ath10k: avoid unnecessary wait for service ready
message" (git-fixes).
- media: uvcvideo: Use heuristic to find stream entity
(git-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races
with stall event (git-fixes).
- xhci: dbc: Avoid event polling busyloop if pending rx transfers
are inactive (git-fixes).
- xhci: dbc: Improve performance by removing delay in transfer
event polling (stable-fixes).
- xhci: dbc: Allow users to modify DbC poll interval via sysfs
(stable-fixes).
- xhci: dbc: poll at different rate depending on data transfer
activity (stable-fixes).
- commit 6309683
- x86/CPU/AMD: Do the common init on future Zens too (git-fixes).
- Refresh patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch.
- Refresh patches.suse/x86-CPU-AMD-Clear-virtualized-VMLOAD-VMSAVE-on-Zen4-client.
- commit d7ef23e
- x86/CPU/AMD: Add RDSEED fix for Zen5 (git-fixes).
- commit 85fd0b8
- fs/smb: Fix inconsistent refcnt update (bsc#1250176,
CVE-2025-39819).
- commit 966a58e
- kabi/severities: drop xfer_to_guest_mode_handle_work
This is part of KVM, and it is already ignored in SL-16.0. The function
only takes a pointer to a KVM struct and feeds it back to the KVM
subsystem.
- commit dc5bb81
- net/9p: fix double req put in p9_fd_cancelled (CVE-2025-40027
bsc#1252763).
- commit bff03bd
- KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't
valid (CVE-2025-40038 bsc#1252817).
- commit d00fe85
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails
to allocate psock->cork (bsc#1250705).
- commit fd68ed6
- scsi: libfc: Prevent integer overflow in fc_fcp_recv_data()
(git-fixes).
- scsi: mpt3sas: Fix crash in transport port remove by using
ioc_info() (git-fixes).
- scsi: hpsa: Fix potential memory leak in
hpsa_big_passthru_ioctl() (git-fixes).
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
(git-fixes).
- md: fix mssing blktrace bio split events (git-fixes).
- md/raid1: fix data lost for writemostly rdev (git-fixes).
- scsi: core: sysfs: Correct sysfs attributes access rights
(git-fixes).
- block: fix kobject double initialization in add_disk
(git-fixes).
- block: avoid possible overflow for chunk_sectors check in
blk_stack_limits() (git-fixes).
- scsi: Fix sas_user_scan() to handle wildcard and multi-channel
scans (git-fixes).
- scsi: aacraid: Stop using PCI_IRQ_AFFINITY (git-fixes).
- commit 59aa14f
- nexthop: Forbid FDB status change while nexthop is in a group
(CVE-2025-39980 bsc#1252063).
- commit 44a7e79
- mm/ksm: fix flag-dropping behavior in ksm_madvise
(CVE-2025-40040 bsc#1252780).
- commit ff8401e
- serial: 8250_mtk: Enable baud clock and manage in runtime PM
(git-fixes).
- serial: 8250_exar: add support for Advantech 2 port card with
Device ID 0x0018 (git-fixes).
- PCI: j721e: Fix incorrect error message in probe() (git-fixes).
- PCI: tegra194: Reset BARs when running in PCIe endpoint mode
(git-fixes).
- commit c2ea229
- selftests/bpf: Fix string read in strncmp benchmark (git-fixes).
- commit 0165696
- selftests/bpf: Mitigate sockmap_ktls disconnect_after_delete
failure (git-fixes).
- commit 2116607
- selftests/bpf: fix signedness bug in redir_partial()
(git-fixes).
- commit b261c17
- kmod
-
- man: modprobe.d: document the config file order handling (bsc#1253741)
* man-modprobe.d-document-the-config-file-order-handling.patch
- util-linux:systemd
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).
- util-linux
-
- Fix heap buffer overread in setpwnam() when processing 256-byte
usernames (bsc#1254666, CVE-2025-14104,
util-linux-CVE-2025-14104-1.patch,
util-linux-CVE-2025-14104-2.patch).
- lscpu: Add support for NVIDIA Olympus arm64 core (jsc#PED-13682,
util-linux-lscpu-add-arm64-NVIDIA-Olympus.patch).
- expat
-
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- gnutls
-
- Security fix bsc#1254132 CVE-2025-9820
* Fix buffer overflow in gnutls_pkcs11_token_init
* Added gnutls-CVE-2025-9820.patch
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
- libpng16
-
- security update
- added patches
CVE-2025-66293 [bsc#1254480], LIBPNG out-of-bounds read in png_image_read_composite
* libpng16-CVE-2025-66293-1.patch
* libpng16-CVE-2025-66293-2.patch
- security update
- added patches
CVE-2025-64505 [bsc#1254157], heap buffer over-read in `png_do_quantize` via malformed palette index
* libpng16-CVE-2025-64505.patch
CVE-2025-64506 [bsc#1254158], heap buffer over-read in `png_write_image_8bit` with 8-bit input and `convert_to_8bit` enabled
* libpng16-CVE-2025-64506.patch
CVE-2025-64720 [bsc#1254159], buffer overflow in `png_image_read_composite` via incorrect palette premultiplication
* libpng16-CVE-2025-64720.patch
CVE-2025-65018 [bsc#1254160], heap buffer overflow in `png_combine_row` triggered via `png_image_finish_read`
* libpng16-CVE-2025-65018.patch
- python311:base
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Readjusted patches:
- CVE-2023-52425-libexpat-2.6.0-backport.patch
- CVE-2023-52425-remove-reparse_deferral-tests.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- Update to 3.11.14:
- Security
- gh-139700: Check consistency of the zip64 end of central
directory record. Support records with “zip64 extensible data”
if there are no bytes prepended to the ZIP file
(CVE-2025-8291, bsc#1251305).
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
* Whitespaces no longer accepted between </ and the tag name. E.g.
</ script> does not end the script section.
* Vertical tabulation (\v) and non-ASCII whitespaces no longer
recognized as whitespaces. The only whitespaces are \t\n\r\f and
space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now
ignored, instead of terminating after the first > in quoted
attribute value. E.g. </script/foo=">"/>.
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. <a
foo=bar/ //>.
* Multiple = between attribute name and value are no longer
collapsed. E.g. <a foo==bar> produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the <script> tag is not closed. Patch by Waylan Limberg.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130577: tarfile now validates archives to ensure member
offsets are non-negative. (Contributed by Alexander Enrique
Urieles Nieto in gh-130577.)
- gh-135374: Update the bundled copy of setuptools to 79.0.1.
- Drop upstreamed patches:
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- CVE-2025-6069-quad-complex-HTMLParser.patch
- Add gh139257-Support-docutils-0.22.patch to fix build with latest
docutils (>=0.22) gh#python/cpython#139257
- Drop AppStream buildrequires and don't run appstreamcli validate
as part of the build process: the appdata.xml is not updated by
source directly, so we have more contol. Having Appstream or the
deprecated appstream-glib result in a build cycle.
- Require AppStream to validate appdata file instead of deprecated
appstream-glib.
- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
- libsolv
-
- fixed rare crash in the handling of allowuninstall in combination
with forcebest updates
- new pool_satisfieddep_map feature to test if a set of packages
satisfies a dependency
- bump version to 0.7.35
- systemd
-
- Name libsystemd-{shared,core} based on the major version of systemd and the
package release number (bsc#1228081 bsc#1256427)
This way, both the old and new versions of the shared libraries will be
present during the update. This should prevent issues during package updates
when incompatible changes are introduced in the new versions of the shared
libraries.
- Import commit 8bbac1d508acb8aa4e7262f47c7f4076b8350f72
8bbac1d508 detect-virt: bare-metal GCE only for x86 and i386 (bsc#1254293)
- Import commit 9ecd16228492f44212e2771bec11ec78245b4094
9ecd162284 timer: rebase last_trigger timestamp if needed
cd4a9103ef timer: rebase the next elapse timestamp only if timer didn't already run
c3f4407e97 timer: don't run service immediately after restart of a timer (bsc#1254563)
05bcfe3295 test: check the next elapse timer timestamp after deserialization
fe8f656975 test: restarting elapsed timer shouldn't trigger the corresponding service
e4dd315b6c units: don't force the loading of the loop and dm_mod modules in systemd-repart.service (bsc#1248356)
b58e72215a units: add dep on systemd-logind.service by user@.service
97ceca445c detect-virt: add bare-metal support for GCE (bsc#1244449
- Sync systemd-update-helper with the version shipped in Base:System
This includes the following changes:
- systemd-update-helper: do not stop or disable services when they are migrated
to other packages. This can occur during package renaming or splitting.
- systemd-update-helper: Fix invalid use of "break" in case statement
- systemd-update-helper: fix regression introduced when support for package
renaming/splitting was added (bsc#1245551)
- systemd-update-helper: backport commit 2d0af8bc354f4a1429ce
Since user@.service has `Type=notify-reload` (making the reloading process
synchronous) and reloading implies reexecuting with `ReloadSignal=RTMIN+25`,
reexecuting user managers synchronously can be achieved with `systemctl reload
user@*.service" now.
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
- libtasn1
-
- Security fix: [bsc#1256341, CVE-2025-13151]
* Stack-based buffer overflow. The function asn1_expend_octet_string()
fails to validate the size of input data resulting in a buffer overflow.
* Add libtasn1-CVE-2025-13151.patch
- libxml2
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libzypp
-
- Prepare a legacy /etc/zypp/zypp.conf to be installed on old distros.
See the ZYPP.CONF(5) man page for details.
- Fix runtime check for broken rpm --runposttrans (bsc#1257068)
- version 17.38.2 (35)
- Avoid libcurl-mini4 when building as it does not support ftp
protocol.
- Translation: updated .pot file.
- version 17.38.1 (35)
- zypp.conf: follow the UAPI configuration file specification
(PED-14658)
In short terms it means we will no longer ship an
/etc/zypp/zypp.conf, but store our own defaults in
/usr/etc/zypp/zypp.conf. The systems administrator may choose to
keep a full copy in /etc/zypp/zypp.conf ignoring our config file
settings completely, or - the preferred way - to overwrite
specific settings via /etc/zypp/zypp.conf.d/*.conf overlay files.
See the ZYPP.CONF(5) man page for details.
- cmake: correctly detect rpm6 (fixes #689)
- Use 'zypp.tmp' as temp directory component to ease setting up
SELinux policies (bsc#1249435)
- zyppng: Update Provider to current MediaCurl2 download
approach, drop Metalink ( fixes #682 )
- version 17.38.0 (35)
- podman
-
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- libxml2:python
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- python-urllib3
-
- Add security patches:
* CVE-2025-66471.patch (bsc#1254867)
* CVE-2025-66418.patch (bsc#1254866)
- Add CVE-2026-21441.patch to fix excessive resource consumption
during decompression of data in HTTP redirect responses
(bsc#1256331, CVE-2026-21441)
- python311
-
- Add CVE-2025-13836-http-resp-cont-len.patch (bsc#1254400,
CVE-2025-13836) to prevent reading an HTTP response from
a server, if no read amount is specified, with using
Content-Length per default as the length.
- Add CVE-2025-12084-minidom-quad-search.patch prevent quadratic
behavior in node ID cache clearing (CVE-2025-12084,
bsc#1254997).
- Add CVE-2025-13837-plistlib-mailicious-length.patch protect
against OOM when loading malicious content (CVE-2025-13837,
bsc#1254401).
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Readjusted patches:
- CVE-2023-52425-libexpat-2.6.0-backport.patch
- CVE-2023-52425-remove-reparse_deferral-tests.patch
- fix_configure_rst.patch
- skip_if_buildbot-extend.patch
- Update to 3.11.14:
- Security
- gh-139700: Check consistency of the zip64 end of central
directory record. Support records with “zip64 extensible data”
if there are no bytes prepended to the ZIP file
(CVE-2025-8291, bsc#1251305).
- gh-139400: xml.parsers.expat: Make sure that parent Expat
parsers are only garbage-collected once they are no longer
referenced by subparsers created by
ExternalEntityParserCreate(). Patch by Sebastian Pipping.
- gh-135661: Fix parsing start and end tags in
html.parser.HTMLParser according to the HTML5 standard.
* Whitespaces no longer accepted between </ and the tag name. E.g.
</ script> does not end the script section.
* Vertical tabulation (\v) and non-ASCII whitespaces no longer
recognized as whitespaces. The only whitespaces are \t\n\r\f and
space.
* Null character (U+0000) no longer ends the tag name.
* Attributes and slashes after the tag name in end tags are now
ignored, instead of terminating after the first > in quoted
attribute value. E.g. </script/foo=">"/>.
* Multiple slashes and whitespaces between the last attribute and
closing > are now ignored in both start and end tags. E.g. <a
foo=bar/ //>.
* Multiple = between attribute name and value are no longer
collapsed. E.g. <a foo==bar> produces attribute “foo” with value
“=bar”.
- gh-135661: Fix CDATA section parsing in html.parser.HTMLParser
according to the HTML5 standard: ] ]> and ]] > no longer end the
CDATA section. Add private method _set_support_cdata() which can
be used to specify how to parse <[CDATA[ — as a CDATA section in
foreign content (SVG or MathML) or as a bogus comment in the
HTML namespace.
- gh-102555: Fix comment parsing in html.parser.HTMLParser
according to the HTML5 standard. --!> now ends the comment. -- >
no longer ends the comment. Support abnormally ended empty
comments <--> and <--->.
- gh-135462: Fix quadratic complexity in processing specially
crafted input in html.parser.HTMLParser. End-of-file errors are
now handled according to the HTML5 specs – comments and
declarations are automatically closed, tags are ignored.
- gh-118350: Fix support of escapable raw text mode (elements
“textarea” and “title”) in html.parser.HTMLParser.
- gh-86155: html.parser.HTMLParser.close() no longer loses data
when the <script> tag is not closed. Patch by Waylan Limberg.
- Library
- gh-139312: Upgrade bundled libexpat to 2.7.3
- gh-138998: Update bundled libexpat to 2.7.2
- gh-130577: tarfile now validates archives to ensure member
offsets are non-negative. (Contributed by Alexander Enrique
Urieles Nieto in gh-130577.)
- gh-135374: Update the bundled copy of setuptools to 79.0.1.
- Drop upstreamed patches:
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- CVE-2025-6069-quad-complex-HTMLParser.patch
- Add gh139257-Support-docutils-0.22.patch to fix build with latest
docutils (>=0.22) gh#python/cpython#139257
- Drop AppStream buildrequires and don't run appstreamcli validate
as part of the build process: the appdata.xml is not updated by
source directly, so we have more contol. Having Appstream or the
deprecated appstream-glib result in a build cycle.
- Require AppStream to validate appdata file instead of deprecated
appstream-glib.
- Update idle3.appdata.xml to pass the more pedantic appstreamcli.
- rsync
-
- Security update (CVE-2025-10158, bsc#1254441): rsync: Out of
bounds array access via negative index
- Add rsync-CVE-2025-10158.patch
- runc
-
- Update to runc v1.3.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362
- selinux-policy
-
- Update to version 20241031+git17.66062d7a5:
* rsync: add rsync_exec_commands boolean and enable it by default (bsc#1231494, bsc#1255372)
- Update to version 20241031+git15.e32e86fd5:
* Add a new type for systemd-ssh-issue PID files (bsc#1254889)
* Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t (bsc#1254889)
- shim
-
- shim-install: Add ca_string for SL Micro to update fallback loader
The fallback loader, /boot/efi/EFI/BOOT/bootaa64.efi or bootx64.efi,
cannot be upgraded by shim-install on SL Micro. The issue case is
SL Micro 6.0. It causes that system gets regression bug because it's
fallback to a old shim. So this patch adds ca_string to SL Micro.
(bsc#1254336)
- Add DER format certificate files for the pretrans script to verify
that the necessary certificate is in the UEFI db
- openSUSE Secure Boot CA, 2013-2035
openSUSE_Secure_Boot_CA_2013.crt
- SUSE Linux Enterprise Secure Boot CA, 2013-2035
SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt
- Microsoft Corporation UEFI CA 2011, 2011-2026
Microsoft_Corporation_UEFI_CA_2011.crt
- Microsoft UEFI CA 2023, 2023-2038
Microsoft_UEFI_CA_2023.crt
- shim.spec: Add a pretrans script to verify that the necessary certificate
is in the UEFI db.
- Always put SUSE Linux Enterprise Secure Boot CA to target array.
(bsc#1254679)
- Update to 16.1
- RPMs
shim-16.1-150300.4.31.1.x86_64.rpm
shim-debuginfo-16.1-150300.4.31.1.x86_64.rpm
shim-debugsource-16.1-150300.4.31.1.x86_64.rpm
shim-16.1-150300.4.31.1.aarch64.rpm
shim-debuginfo-16.1-150300.4.31.1.aarch64.rpm
shim-debugsource-16.1-150300.4.31.1.aarch64.rpm
- submitreq: https://build.suse.de/request/show/395247
- repo: https://build.suse.de/package/show/SUSE:Maintenance:39913/shim.SUSE_SLE-15-SP3_Update
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch (bsc#1205588)
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n (bsc#1205588)
- Building with the latest version of gcc in the codebase:
- The gcc13 can workaround dxe_get_mem_attrs() hsi_status problem
- We prefer that building shim with the latest version of gcc in codebase.
- Set the minimum version is gcc-13.
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
- supportutils
-
- Changes to version 3.2.12
+ Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
+ Run in containers without errors (bsc#1245667, PR#272)
+ Removed pmap PID from memory.txt (bsc#1246011, PR#263)
+ Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
+ Improved database perforce with kGraft patching (bsc#1249657, PR#273)
+ Using last boot for journalctl for optimization (bsc#1250224, PR#287)
+ Fixed extraction failures (bsc#1252318, PR#275)
+ Update supportconfig.conf path in docs (bsc#1254425, PR#281)
+ drm_sub_info: Catch error when dir doesn't exist (PR#265)
+ Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
+ Add process affinity to slert logs (PR#269)
+ Reintroduce cgroup statistics (and v2) (PR#270)
+ Minor changes to basic-health-check: improve information level (PR#271)
+ Collect important machine health counters (PR#276)
+ powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
+ podman: collect podman disk usage (PR#279)
+ Exclude binary files in crondir (PR#282)
+ kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
+ Use short-iso for journalctl (PR#288)
- Changes to version 3.2.11
+ Collect rsyslog frule files (bsc#1244003, pr#257)
+ Remove proxy passwords (bsc#1244011, pr#257)
+ Missing NetworkManager information (bsc#1241284, pr#257)
+ Include agama logs bsc#1244937, pr#256)
+ Additional NFS conf files (pr#253)
+ New fadump sysfs files (pr#252)
+ Fixed change log dates
- suseconnect-ng
-
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.