- perl
-
- do not change the current directory when cloning an open
directory handle [bnc#1244079] [CVE-2025-40909]
new patch: perl-dirdup.diff
- python-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
- grub2
-
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- Fix page fault due to stricter memory permissions in shim 15.8 with later
ovmf built from edk2-stable202502 (bsc#1240771)
* 0001-efi-refactor-grub_efi_allocate_pages.patch
* 0002-Remove-grub_efi_allocate_pages.patch
* 0003-efi-change-heap-allocation-type-to-GRUB_EFI_LOADER_C.patch
* 0004-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
* 0005-mkimage-Align-efi-sections-on-4k-boundary.patch
- icu
-
- Add icu-CVE-2025-5222.patch:
Backport 2c667e3 from upstream, ICU-22973 Fix buffer overflow by
using CharString.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim06_9e4365c.patch
Backport 9e4365c from upstream, ICU-10810 genrb: preflight strings
on final parse tree, not while building the tree. To prepare
dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim05_7496867.patch:
Backport 7496867 from markusicu upstream, which is tree merged to
icu. ICU-9101 build all source/data/coll/ tailorings, except
search, with new CollationBuilder. To prepare dependence code for
CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim04_8067293.patch:
Backport 8067293 from upstream, ICU-10043 ignore the genrb
- -omitCollationRules flag while importing rules. To prepare
dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim03-dd72356.patch:
Backport dd72356 from upstream, ICU-11276 Adding UChar* method in
CharString. To prepare dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim02_80a6684.patch:
Backport 80a6684 from upstream, ICU-11794 change error handling
of CharString::appendInvariantChars(). To prepare dependence code
for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim01.patch:
Include stringpiece.h charstr.h for following source porting. To
prepare dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- xen
-
- bsc#1246112 - VUL-0: xen: More AMD transient execution attacks
(XSA-471)
xsa471-01.patch
xsa471-02.patch
xsa471-03.patch
xsa471-04.patch
xsa471-05.patch
xsa471-06.patch
xsa471-07.patch
xsa471-08.patch
xsa471-09.patch
xsa471-10.patch
xsa471-11.patch
xsa471-12.patch
xsa471-13.patch
xsa471-14.patch
xsa471-15.patch
xsa471-16.patch
xsa471-17.patch
xsa471-18.patch
xsa471-19.patch
- Fix issue with booting on AMD hardware
5e67a376-AMD-IOMMU-no-XT-x2APIC-phys.patch
- bsc#1244644 - VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs
exception handling for flags recovery (XSA-470)
xsa470.patch
- bsc#1243117 - VUL-0: CVE-2024-28956: xen: Intel CPU: Indirect
Target Selection (ITS) (XSA-469)
xsa469-01.patch
xsa469-02.patch
xsa469-03.patch
xsa469-04.patch
xsa469-05.patch
xsa469-06.patch
xsa469-07.patch
- bsc#1238043 - VUL-0: CVE-2025-1713: xen: deadlock potential with
VT-d and legacy PCI device pass-through (XSA-467)
xsa467.patch
- net-tools
-
- Provide more readable error for interface name size checking
introduced by net-tools-CVE-2025-46836.patch
(bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
- Perform bound checks when parsing interface labels in
/proc/net/dev (bsc#1243581, CVE-2025-46836,
net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
- pam
-
- Make sure that the buffer containing encrypted passwords get's erased
bedore free.
- Replace to previous CVE fix which led to CPU performance issues.
[bsc#1246221, CVE-2024-10041,
+ libpam-introduce-secure-memory-erasure-helpers.patch,
+ pam_modutil_get-overwrite-password-at-free.patch,
- passverify-always-run-the-helper-to-obtain-shadow_pwd.patch,
- pam_unix-arbitrary-upper-limit-for-MAX_FD_NO.patch]
- pam_unix: Set an arbitrary upper limit for the maximum file descriptor number
[pam_unix-arbitrary-upper-limit-for-MAX_FD_NO.patch, bsc#1246221]
- pam_namespace: convert functions that may operate on a user-controlled path
to operate on file descriptors instead of absolute path. And keep the
bind-mount protection from protect_mount() as a defense in depthmeasure.
[bsc#1244509
pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
pam_namespace-fix-potential-privilege-escalation.patch,
pam_namespace-add-flags-to-indicate-path-safety.patch,
pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
changes from upstream commits: ds6242a, bc856cd.
* pam_namespace fix logic in return value handling
* pam_namespace move functions around
- pam_env: Change the default to not read the user .pam_environment file
[bsc#1243226, CVE-2025-6018,
pam_env-change-the-default-to-not-read-the-user-env.patch]
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
- vim
-
- Fix bsc#1228776 / CVE-2024-41965.
- Fix bsc#1239602 / CVE-2025-29768.
- Refresh patch:
vim-7.3-sh_is_bash.patch
- Update to 9.1.1406:
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- python-base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- python3-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- regionServiceClientConfigEC2
-
- Update to version 5.0.0 (bsc#1246995)
+ SLE 16 python-requests requiers SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update dependency to accomodate metadata binary package name change
in SLE 16 (bsc#1243419)
- sudo
-
- Fix a possilbe local privilege escalation via the --host option
[bsc#1245274, CVE-2025-32462]
- curl
-
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- python36
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138,
CVE-2024-12718, CVE-2025-4435 on tarfile (bsc#1244032,
bsc#1244061, bsc#1244059, bsc#1244060, bsc#1244056).
The backported fixes do not contain changes for ntpath.py and
related tests, because the support for symlinks and junctions
were added later in Python 3.9, and it does not make sense to
backport them to 3.6 here.
The patch is contains the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
migration, bsc#1233012
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Update CVE-2025-4516-DecodeError-handler.patch not to break
_PyBytes_DecodeEscape signature.
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- cups
-
- cups-1.7.5-CVE-2025-58364.patch is derived
from the upstream patch to fix CVE-2025-58364
"Remote DoS via null dereference"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4
bsc#1249128
- cups-1.7.5-CVE-2025-58060.patch is derived
from the upstream patch against CUPS 2.4
to fix CVE-2025-58060
"Authentication bypass with AuthType Negotiate"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
bsc#1249049
- python3-base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add functools-cached_property.patch adding the port of
functools.cached_property from Python 3.8
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Make the time module statically linked to prevent faliure to
start when building.
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
since kernel 3.6-rc1)
- screen
-
- also use tty fd passing after a suspend (MSG_CONT)
new patch: sendfdcont.diff
- do not chmod the tty for multiattach, rely on tty fd passing
instead [bsc#1242269] [CVE-2025-46802]
new patch: nottychmod.diff
- samba
-
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page;(bsc#1233880).
- python-instance-billing-flavor-check
-
- Update to version 1.0.1
+ Fix infinite loop (bsc#1242064)
+ Fix bug in update infrastructure request (bsc#1242064)
- mozilla-nss
-
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template
* bmo#1965754 - update taskgraph to v14.2.1
* bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set
* bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls
* bmo#1963102 - Remove Cryptofuzz CI version check
- update to NSS 3.111
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1957685 - Turn off Websites Trust Bit from CAs
* bmo#1937338 - Update nssckbi version following April 2025 Batch of Changes
* bmo#1943135 - Disable SMIME ‘trust bit’ for GoDaddy CAs
* bmo#1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c
* bmo#1954612 - Need up update NSS for PKCS 3.1
* bmo#1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID
* bmo#1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI
* bmo#1943962 - selfserv: Add support for zlib certificate compression
- update to NSS 3.110
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
* bmo#1953429 - Remove Crl templates from ASN1 fuzz target
* bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
* bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
* bmo#1930807 - NSS policy updates
* bmo#1951161 - Improve locking in nssPKIObject_GetInstances
* bmo#1951394 - Fix race in sdb_GetMetaData
* bmo#1951800 - Fix member access within null pointer
* bmo#1950077 - Increase smime fuzzer memory limit
* bmo#1949677 - Enable resumption when using custom extensions
* bmo#1952568 - change CN of server12 test certificate
* bmo#1949118 - Part 2: Add missing check in
NSS_CMSDigestContext_FinishSingle
* bmo#1949118 - Part 1: Fix smime UBSan errors
* bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
* bmo#1951491 - Don't build libpkix in static builds
* bmo#1951395 - handle `-p all` in try syntax
* bmo#1951346 - fix opt-make builds to actually be opt
* bmo#1951346 - fix opt-static builds to actually be opt
* bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
- update to NSS 3.109
* bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special
SHA instructions can be used if available
* bmo#1930807 - NSS policy updates - fix inaccurate key policy issues
* bmo#1945883 - SMIME fuzz target
* bmo#1914256 - ASN1 decoder fuzz target
* bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests
for fuzzing”
* bmo#1915155 - Add fuzz/README.md
* bmo#1936001 - Part 4: Fix tstclnt arguments script
* bmo#1944545 - Extend pkcs7 fuzz target
* bmo#1912320 - Extend certDN fuzz target
* bmo#1944300 - revert changes to HACL* files from bug 1866841
* bmo#1936001 - Part 3: Package frida corpus script
- update to NSS 3.108
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
* bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set
* bmo#1934526 - Fix memory leak in pkcs7 fuzz target
* bmo#1934529 - Set -O2 for ASan builds in CI
* bmo#1934543 - Change branch of tlsfuzzer dependency
* bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1
* bmo#1934241 - Fix coverage failure in CI
* bmo#1934213 - Add fuzzing for delegated credentials, DTLS short
header and Tls13BackendEch
* bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround
* bmo#1913677 - Part 3: Restructure fuzz/
* bmo#1931925 - Extract testcases from ssl gtests for fuzzing
* bmo#1923037 - Force Cryptofuzz to use NSS in CI
* bmo#1923037 - Fix Cryptofuzz on 32 bit in CI
* bmo#1933154 - Update Cryptofuzz repository link
* bmo#1926256 - fix build error from 9505f79d
* bmo#1926256 - simplify error handling in get_token_objects_for_cache
* bmo#1931973 - nss doc: fix a warning
* bmo#1930797 - pkcs12 fixes from RHEL need to be picked up
- remove obsolete patches
* nss-fips-safe-memset.patch
* nss-bmo1930797.patch
- update to NSS 3.107
* bmo#1923038 - Remove MPI fuzz targets.
* bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
* bmo#1919015 - Enable PKCS8 fuzz target.
* bmo#1923037 - Integrate Cryptofuzz in CI.
* bmo#1913677 - Part 2: Set tls server target socket options in config class
* bmo#1913677 - Part 1: Set tls client target socket options in config class
* bmo#1913680 - Support building with thread sanitizer.
* bmo#1922392 - set nssckbi version number to 2.72.
* bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4.
* bmo#1920641 - remove Security Communication RootCA3 root cert.
* bmo#1918559 - remove SecureSign RootCA11 root cert.
* bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
* bmo#1927096 - update expected error code in pk12util pbmac1 tests.
* bmo#1929041 - Use random tstclnt args with handshake collection script
* bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
* bmo#1928402 - Adding missing release notes for NSS_3_105.
* bmo#1874451 - Enable the disabled mlkem tests for dtls.
* bmo#1874451 - NSS gtests filter cleans up the constucted buffer
before the use.
* bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
* bmo#1925503 - Remove short circuit test from ssl_Init.
- fix build on loongarch64 (setting it as 64bit arch)
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
- update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
* bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
* bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
* bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
* bmo#1918767 - override default definition of KRML_MUSTINLINE
* bmo#1916525 - libssl support for mlkem768x25519
* bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
* bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
* bmo#1911912 - Avoid misuse of ctype(3) functions
* bmo#1917311 - part 2: run clang-format
* bmo#1917311 - part 1: upgrade to clang-format 13
* bmo#1916953 - clang-format fuzz
* bmo#1910370 - DTLS client message buffer may not empty be on retransmit
* bmo#1916413 - Optionally print config for TLS client and server
fuzz target
* bmo#1916059 - Fix some simple documentation issues in NSS.
* bmo#1915439 - improve performance of NSC_FindObjectsInit when
template has CKA_TOKEN attr
* bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
- update to NSS 3.104
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
* bmo#1911576 - Initialize NSS DB once
* bmo#1910361 - Additional ECH cipher suites and PSK hash types
* bmo#1903604 - Automate corpus file generation for TLS client Fuzzer
* bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE
* bmo#1910605 - clang-format shlibsign.c
- remove obsolete nss-reproducible-builds.patch
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783 - Adjust libFuzzer size limits
* bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm,
SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- update to NSS 3.102.1
* bmo#1905691 - ChaChaXor to return after the function
- update to NSS 3.102
* bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305.
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
* bmo#1660676 - correct length of raw SPKI data before printing in pp utility.
- Add nss-reproducible-chksums.patch to make NSS-build reproducible
Use key from openssl (bsc#1081723)
- Updated nss-fips-approved-crypto-non-ec.patch to exclude the
SHA-1 hash from SLI approval.
- python3
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- glib2
-
- Add glib2-CVE-2025-4373.patch: carefully handle gssize parameters
(bsc#1242844 CVE-2025-4373 glgo#GNOME/glib#3677).
- gnutls
-
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- systemd
-
- Apply coredump sysctl settings on systemd package updates/removals.
- Add 6007-coredump-use-d-in-kernel-core-pattern.patch (bsc#1243935 CVE-2025-4598)
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- python
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- sqlite3
-
- Backpatch the URLs in sqlite3.n from https to http to avoid a
file conflict with the tcl package on SLE-12.
- Sync version 3.50.2 from Factory:
* CVE-2025-6965, bsc#1246597:
Raise an error early if the number of aggregate terms in a
query exceeds the maximum number of columns, to avoid
downstream assertion faults.
* Add subpackage for the lemon parser generator.
+ sqlite-3.49.0-fix-lemon-missing-cflags.patch
+ sqlite-3.6.23-lemon-system-template.patch
- libxml2
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- pam-config
-
- Stop adding pam_env in AUTH stack, and be sure to put this module at the
really end of the SESSION stack.
[bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]
- kernel-default
-
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints
(CVE-2025-22022 bsc#1241292).
- commit b35c518
- usb: xhci: move link chain bit quirk checks into one helper
function (CVE-2025-22022 bsc#1241292).
- commit e8f6e8b
- drm/framebuffer: Fix object locking in destroy function (bsc#1248130)
Fix the locking in drm_gem_fb_destroy(). This is an bug in the backport
of commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on
GEM handles") for bsc#1247255.
- commit 8b690c9
- HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556 bsc#1248296)
- commit efa9b29
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (CVE-2025-38473 bsc#1247289)
- commit 3bda5d9
- bus: fsl-mc: fix double-free on mc_dev (CVE-2025-38313 bsc#1246342)
- commit cfe0da6
- bcache: fix NULL pointer in cache_set_flush() (CVE-2025-38263 bsc#1246248)
- commit 0207ad5
- wifi: mac80211: reject TDLS operations when station is not
associated (CVE-2025-38644 bsc#1248748).
- commit 38baafe
- vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511
CVE-2025-38618).
- commit 7301855
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(CVE-2022-49980 bsc#1245110).
- commit e73f583
- usb: gadget: Fix use-after-free bug by not setting
udc->dev.driver (CVE-2022-49980 bsc#1245110).
- commit 7b2e080
- usb: gadget: udc: core: Use pr_fmt() to prefix messages
(CVE-2022-49980 bsc#1245110).
- commit 342cb6b
- usb: gadget: core: do not try to disconnect gadget if it is
not connected (CVE-2022-49980 bsc#1245110).
- commit 6ce9821
- USB: gadget core: Issue ->disconnect() callback from
usb_gadget_disconnect() (CVE-2022-49980 bsc#1245110).
- commit e372dab
- usb: gadget: udc: Use scnprintf() instead of snprintf()
(CVE-2022-49980 bsc#1245110).
- commit 01ff878
- usb: gadget: udc: remove duplicate & operation (CVE-2022-49980
bsc#1245110).
- commit 6258328
- usb: gadget: remove redundant self assignment (CVE-2022-49980
bsc#1245110).
- commit aa82e52
- Update patches.suse/perf-core-Exit-early-on-perf_mmap-fail.patch
(CVE-2025-38563 bsc#1248306 dependency CVE-2025-38565
bsc#1248377).
- commit d0832f2
- thunderbolt: Do not double dequeue a configuration request (CVE-2025-38174 bsc#1245781)
- commit 34371af
- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (CVE-2025-38214 bsc#1246042)
- commit 4cdcf0a
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (CVE-2025-38184 bsc#1245956)
- commit f59dd51
- gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (CVE-2025-38122 bsc#1245746)
- commit c710bdd
- net: usb: aqc111: debug info before sanitation (bsc#1245744)
- commit 3ab10bb
- net: usb: aqc111: fix error handling of usbnet read calls (CVE-2025-38153 bsc#1245744)
- commit 0a0b0b6
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (CVE-2025-38102 bsc#1245669)
- commit 104e403
- Fix backport of the patch:
patches.suse/ext4-fix-race-when-reusing-xattr-blocks.patch (bsc#1247929)
- commit 2389678
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(CVE-2022-49980 bsc#1245110).
- commit 5e1438b
- perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563
bsc#1248306).
- commit 8cbbc54
- perf/core: Exit early on perf_mmap() fail (CVE-2025-38563
bsc#1248306 dependency).
- commit 45bf71a
- usb: net: sierra: check for no status endpoint (CVE-2025-38474
bsc#1247311).
- commit 9d6b398
- perf/core: Don't leak AUX buffer refcount on allocation failure
(CVE-2025-38563 bsc#1248306 dependency).
- commit 6e78f38
- atm: clip: Fix memory leak of struct clip_vcc (CVE-2025-38546
bsc#1248223).
- commit 9623eb0
- hid: hide cleanup of hid_descriptor (CVE-2025-38103
bsc#1245663).
- commit 13489bf
- HID: usbhid: Eliminate recurrent out-of-bounds bug in
usbhid_parse() (CVE-2025-38103 bsc#1245663).
- commit de56614
- wifi: zd1211rw: Fix potential NULL pointer dereference in
zd_mac_tx_to_dev() (CVE-2025-38513 bsc#1248179).
- commit 5d08711
- drm/sched: Increment job count before swapping tail spsc queue
(CVE-2025-38515 bsc#1248212).
- commit c4cd790
- bluetooth put new member for hci_dev at end (CVE-2025-38117
bsc#1245695).
- commit 0a0a7e2
- bluetooth: hide change to struct mgmt_pending_cmd
(CVE-2025-38117 bsc#1245695).
- commit be95d10
- wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-38512
bsc#1248178).
- commit b3fbfce
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (bsc#1225527)
- commit 696796d
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499 bsc#1247976)
- commit 853d04a
- net/packet: fix a race in packet_set_ring() and
packet_notifier() (CVE-2025-38617 bsc#1248621).
- commit b606d75
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (CVE-2025-38245 bsc#1246193)
- commit b752c31
- atm: Revert atm_account_tx() if copy_from_iter_full() fails (CVE-2025-38190 bsc#1245973)
- commit 3bb91d5
- atm: atmtcp: Free invalid length skb in atmtcp_c_send() (CVE-2025-38185 bsc#1246012)
- commit eb7640e
- crypto: marvell/cesa - Handle zero-length skcipher requests (CVE-2025-38173 bsc#1245769)
- commit 202473d
- tee: fix compiler warning in tee_shm_register() (CVE-2022-50080 bsc#1244972)
- commit 22a7c7b
- tee: add overflow check in register_shm_helper() (CVE-2022-50080 bsc#1244972)
- commit a02103f
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CVE-2022-50228 bsc#1244854)
- commit ac7e443
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (CVE-2022-50185 bsc#1244887)
- commit 50be8a6
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (CVE-2022-50229 bsc#1244856)
- commit f2b2849
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (CVE-2022-50191 bsc#1244899)
- commit de6ac5a
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (CVE-2022-50141 bsc#1244794)
- commit 6834f5d
- net: atlantic: fix aq_vec index out of range error (CVE-2022-50066 bsc#1244985).
- commit 6c25c9e
- Update config files. Disable N_GSM (jsc#PED-8240, bsc#1244824, CVE-2022-50116)
- commit e07a3f6
- tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464
bsc#1247112).
- commit 9f4aa7a
- xfrm: fix refcount leak in __xfrm_policy_check() (CVE-2022-50007 bsc#1245016)
- commit 8245963
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (CVE-2022-50162 bsc#1244773)
- commit 67efefc
- HID: hidraw: fix a problem of memory leak in hidraw_release() (bsc#1245072)
- commit 990e001
- HID: hidraw: fix memory leak in hidraw_release() (CVE-2022-49981 bsc#1245072)
- commit ffa8f52
- scsi: target: iscsi: Fix timeout on deleted connection (CVE-2025-38075 bsc#1244734)
- commit c2e8d4f
- bpf: Fix a data-race around bpf_jit_limit (CVE-2022-49967 bsc#1244964)
- commit b2d2477
- crypto: pcrypt - Fix hungtask for PADATA_RESET (CVE-2023-52813 bsc#1225527)
- commit b063c0a
- RDMA/rxe: Fix error unwind in rxe_create_qp() (CVE-2022-50127 bsc#1244815)
- commit bd0b886
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (CVE-2022-50138 bsc#1244797)
- commit 585ba4c
- Refresh patches.suse/x86-alternative-Merge-include-files.patch.
- commit 61adacf
- drm/framebuffer: Acquire internal references on GEM handles (bsc#1247255)
- commit 13075c4
- Move pesign-obs-integration requirement from kernel-syms to kernel devel
subpackage (bsc#1248108).
- commit e707e41
- drm/gem: Acquire references on GEM handles for framebuffers (bsc#1247255 CVE-2025-38449)
- commit 4e06401
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
(bsc#1242782, CVE-2025-23141).
- commit 9f573f0
- netlink: avoid infinite retry looping in netlink_unicast()
(CVE-2025-38465 bsc#1247118).
- commit 0acd3ff
- posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del() (bsc#1246911 CVE-2025-38352).
- blacklist.conf: CVE-2022-50159
- commit 0e930ec
- kABI fix for net: vlan: fix VLAN 0 refcount imbalance of
toggling (CVE-2025-38470 bsc#1247288).
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering
during runtime (CVE-2025-38470 bsc#1247288).
- net/sched: Abort __tc_modify_qdisc if parent class does not
exist (CVE-2025-38457 bsc#1247098).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(CVE-2025-38460 bsc#1247143).
- net: sched: simplify the qdisc_leaf code (CVE-2025-38457
bsc#1247098).
- commit bc4b1c9
- x86/its: Align RETs in BHB clear sequence to avoid thunking (bsc#1242006 CVE-2024-28956).
- commit 9e72e87
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 7095d7d
- x86/its: Enable Indirect Target Selection mitigation (bsc#1242006 CVE-2024-28956).
- commit 06978e9
- x86/its: Add support for ITS-safe return thunk (bsc#1242006 CVE-2024-28956).
- commit ed80f34
- x86/its: Add support for ITS-safe indirect thunk (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 847f2c0
- do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498 bsc#1247374)
- commit fc35a30
- af_packet: Don't send zero-byte data in packet_sendmsg_spkt()
(CVE-2022-49975 bsc#1245196).
- bpf: Move skb->len == 0 checks into __bpf_redirect
(CVE-2022-49975 bsc#1245196).
- bpf: make sure skb->len != 0 when redirecting to a tunneling
device (CVE-2022-49975 bsc#1245196).
- net/ieee802154: don't warn zero-sized raw_sendmsg()
(CVE-2022-49975 bsc#1245196).
- net/af_packet: check len when min_header_len equals to 0
(CVE-2022-49975 bsc#1245196).
- bpf: Don't redirect packets with invalid pkt_len (CVE-2022-49975
bsc#1245196).
- bpf: in __bpf_redirect_no_mac pull mac only if present
(CVE-2022-49975 bsc#1245196).
- commit bde4efa
- ACPICA: Refuse to evaluate a method if arguments are missing
(CVE-2025-38386 bsc#1247138).
- commit 2984cfb
- x86/asm: Provide ALTERNATIVE_3 (git-fixes).
- commit f737462
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound
request (bsc#1247160 CVE-2025-38430).
- commit 53125b5
- linkage: Introduce new macros for assembler symbols (git-fixes).
- commit e08683f
- x86: Simplify retpoline declaration (git-fixes).
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-cpu-Fix-up-srso_safe_ret-and-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-cpu-Rename-srso_-.-_alias-to-srso_alias_-1.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-retpoline-kprobes-Fix-position-of-thunk-sections-with-.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit 8b2413e
- netlink: make sure we allow at least one dump skb
(CVE-2025-38465 bsc#1247118).
- netlink: Fix rmem check in netlink_broadcast_deliver()
(CVE-2025-38465 bsc#1247118).
- netlink: Fix wraparounds of sk->sk_rmem_alloc (CVE-2025-38465
bsc#1247118).
- commit 0e7befb
- l2tp: convert l2tp_tunnel_list to idr (CVE-2023-53020 bsc#1240224).
Fix locking imbalance introduced by earlier backport.
(See bsc#1240224 comment 10.)
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
- commit e975b9c
- l2ip: fix possible use-after-free (CVE-2023-53020 bsc#1240224).
A prerequisity for a locking issue fix.
- commit c99f095
- x86/alternatives: Add an ALTERNATIVE_3() macro (git-fixes).
- commit 7cd3769
- x86/alternatives: Print containing function (git-fixes).
- commit 195541d
- x86/alternatives: Add macro comments (git-fixes).
- commit efb228e
- x86/alternative: Merge include files (git-fixes).
- Refresh
patches.suse/x86-lib-atomic64_386_32-rename-things.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit d6a4cdb
- fs: prevent out-of-bounds array speculation when closing a
file descriptor (CVE-2023-53117 bsc#1242780).
- commit f9988ba
- update patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch
Fix locking imbalance in the backport, see bsc#1240224 comment 10.
- commit 5e477f0
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic
context in qfq_delete_class (CVE-2025-38477 bsc#1247314).
- net/sched: Return NULL when htb_lookup_leaf encounters an
empty rbtree (CVE-2025-38468 bsc#1247437).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
(CVE-2025-38477 bsc#1247314).
- commit 7630d26
- x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 42eb2aa
- HID: intel-ish-hid: Fix use-after-free issue in
ishtp_hid_remove() (git-fixes CVE-2025-21928 bsc#1240722).
- commit 1ea59c1
- sched, cpuset: Fix dl_cpu_busy() panic due to empty
cs->cpus_allowed (CVE-2022-50103 bsc#1244840).
- commit 42c9f5e
- btrfs: harden block_group::bg_list against list_del() races (CVE-2025-37856 bsc#1243068)
- commit b816dc5
- crypto: lzo - Fix compression buffer overrun (CVE-2025-38068 bsc#1245210)
- commit 7609c8c
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
(bsc#1242960 CVE-2025-37885).
- commit eff0d4a
- KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
(bsc#242960 CVE-2025-37885).
- commit b7ec59d
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- commit b4fa2d1
- virtio-net: ensure the received length does not exceed allocated
size (CVE-2025-38375 bsc#1247177).
- commit e965903
- vsock/vmci: Clear the vmci transport packet properly when
initializing it (CVE-2025-38403 bsc#1247141).
- commit 42a6e1c
- wifi: carl9170: do not ping device which has failed to load
firmware (CVE-2025-38420 bsc#1247279).
- commit 77ff409
- crypto: qat - resolve race condition during AER recovery
(bsc#1223638 CVE-2024-26974).
- crypto: qat - fix double free during reset (bsc#1223638
CVE-2024-26974).
- commit 839d708
- Update
patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- commit 9499075
- bdi: Fix up kabi for dev_name addition (bsc#1171844).
- bdi: add a ->dev_name field to struct backing_dev_info
(bsc#1171844).
- commit 2563dd2
- Squashfs: check return result of sb_min_blocksize (bsc#1247147
CVE-2025-38415).
- commit 83161f2
- RDMA/core: Always release restrack object (git-fixes)
- commit 1647262
- HID: core: ensure the allocated report buffer can contain the
reserved report ID (CVE-2025-38495 bsc#1247348).
- commit a99e88f
- HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494
bsc#1247349).
- commit a6f63b8
- net/sched: Always pass notifications when child class becomes
empty (CVE-2025-38350 bsc#1246781).
- commit a358033
- usb: host: ohci-ppc-of: Fix refcount leak bug (CVE-2022-50033
bsc#1245139).
- commit 341200f
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent
kernel memory leak (CVE-2022-50226 bsc#1244860).
- commit aa9545e
- l2tp: Don't sleep and disable BH under writer-side
sk_callback_lock (git-fixes).
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
- commit eb080d7
- l2tp: fix a sock refcnt leak in l2tp_tunnel_register
(git-fixes).
- net: fix a concurrency bug in l2tp_tunnel_register()
(bsc#1205711 CVE-2022-4129).
- Refresh
patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch.
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- commit 72fa3a1
- loop: Check for overflow while configuring loop (bsc#1245121
CVE-2022-49993).
- blacklist.conf: Remove commit from blacklist
- commit bb8ea17
- jbd2: fix data-race and null-ptr-deref in
jbd2_journal_dirty_metadata() (bsc#1246253 CVE-2025-38337).
- commit 3af075b
- ext4: inline: fix len overflow in ext4_prepare_inline_data
(bsc#1245976 CVE-2025-38222).
- commit 30045aa
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under
mount_lock (bsc#1245151 CVE-2025-38058).
- commit cc3f42a
- usb: typec: altmodes/displayport: do not index invalid
pin_assignments (CVE-2025-38391 bsc#1247181).
- commit de59e61
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- scsi: core: Fix a procfs host directory removal regression
(git-fixes CVE-2023-53118 bsc#1242365).
- commit 8e14770
- scsi: core: Fix a source code comment (git-fixes).
This isn't super useful per se, but makes applying other patches easier.
- commit a0df70c
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock
(CVE-2025-38117 bsc#1245695).
- commit 59a2ea0
- Refresh
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_priv-ec.patch.
Fix the following warning:
drivers/net/can/dev.c: In function 'can_put_echo_skb':
drivers/net/can/dev.c:451:3: warning: 'return' with a value, in function returning void
- commit 3c66160
- kabi fix for perf/aux: Fix AUX buffer serialization
(bsc#1230581, CVE-2024-46713).
- perf/aux: Fix AUX buffer serialization (bsc#1230581,
CVE-2024-46713).
- commit a370cdb
- iommu/arm-smmu: fix possible null-ptr-deref in
arm_smmu_device_probe() (CVE-2022-49323 bsc#1238400).
- commit 1c0f036
- nvme-tcp: sanitize request list handling (CVE-2025-38264
bsc#1246387).
- commit eab9cf4
- iommu/arm-smmu-v3: check return value after calling
platform_get_resource() (CVE-2022-49319 bsc#1238374).
- commit d41ddd7
- RDMA/core: Update CMA destination address on rdma_resolve_addr (bsc#1210629 CVE-2023-2176)
- commit 45a243e
- Squashfs: check the inode number is not the invalid value of
zero (bsc#1223634 CVE-2024-26982).
- commit d6425c9
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211 bsc#1246008)
- commit e7cb52a
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
Put the same workaround to avoid file truncation of vmlinux and co in
kernel-default-base package, too.
- commit 2329734
- Bluetooth: Replace BT_DBG with bt_dev_dbg for management support
(CVE-2025-38117 bsc#1245695).
- Refresh
patches.suse/Bluetooth-MGMT-Fix-not-checking-if-BT_HS-is-enabled.patch.
- commit c096742
- Bluetooth: Fix spelling mistakes (CVE-2025-38117 bsc#1245695).
- commit 82a31bb
- rpm/kernel-binary.spec.in: Ignore return code from ksymtypes compare
When using suse-kabi-tools, the RPM build invokes 'ksymvers compare' to
compare the resulting symbol CRCs with the reference data. If the values
differ, it then invokes 'ksymtypes compare' to provide a detailed report
explaining why the symbols differ. The build expects the latter
'ksymtypes compare' command to always return zero, even if the two
compared kABI corpuses are different.
This is currently the case for 'ksymtypes compare'. However, I plan to
update the command to return a non-zero code when the comparison detects
any differences. This should ensure consistent behavior with 'ksymvers
compare'.
Since the build uses 'ksymtypes compare' only for more detailed
diagnostics, ignore its return code.
- commit 5ac1381
- net: atm: fix /proc/net/atm/lec handling (CVE-2025-38180
bsc#1245970).
- net: atm: add lec_mutex (CVE-2025-38323 bsc#1246473).
- net: atm: clean up a range check (CVE-2025-38323 bsc#1246473).
- commit 273d1a3
- Bluetooth: fix appearance typo in mgmt.c (CVE-2025-38117
bsc#1245695).
- commit 7c5fd29
- Bluetooth: mgmt: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit 27a3626
- Bluetooth: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit a97aa39
- Bluetooth: mgmt: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit e452cf2
- Bluetooth: Mark expected switch fall-throughs (CVE-2025-38117
bsc#1245695).
- commit 524b16d
- Refresh
patches.suse/ipv6-mcast-add-RCU-protection-to-mld_newpack.patch.
- commit b9c9349
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
(CVE-2025-38312 bsc#1246386).
- commit aea2659
- kABI workaround for bluetooth hci_dev changes (CVE-2025-38250
bsc#1246182).
- commit 3a445ce
- Bluetooth: hci_core: Fix use-after-free in vhci_flush()
(CVE-2025-38250 bsc#1246182).
- commit 0b02672
- fbcon: Make sure modelist not set on unregistered console (bsc#1245952 CVE-2025-38198)
- commit f64b2f2
- serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
(CVE-2025-38040 bsc#1245078).
- kabi: serial: mctrl_gpio: split disable_ms into sync and
no_sync APIs (CVE-2025-38040 bsc#1245078).
- commit 3c2fda4
- btrfs: fix deadlock when cloning inline extents and using qgroups (CVE-2021-46987 bsc#1220704)
- commit 68d125c
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (CVE-2025-38034 bsc#1244792)
- commit c1bc05f
- btrfs: do not BUG_ON() when freeing tree block after error (CVE-2024-44963 1230216)
- commit c7b8e6b
- net_sched: red: fix a race in __red_change() (CVE-2025-38108
bsc#1245675).
- net: stmmac: make sure that ptp_rate is not 0 before configuring
timestamping (CVE-2025-38126 bsc#1245708).
- bpf: fix ktls panic with sockmap (CVE-2025-38166 bsc#1245758).
- commit 1452ad9
- perf: Fix sample vs do_exit() (bsc#1246547 CVE-2025-38424 bsc#1247293)
- commit 887b64f
- Update
patches.suse/net-clear-the-dst-when-changing-skb-protocol.patch
(bsc#1245954 CVE-2025-38192).
Fix incorrect CVE reference.
- commit 8a5f77c
- patches.suse/ext4-fix-warning-in-ext4_iomap_begin-as-race-begin-as-race-between.patch:
Remove the patch as it's not needed and is causing deadlocks
(bsc#1246459, bsc#1245115, CVE-2022-50082)
- commit fab7cb7
- net_sched: sch_sfq: reject invalid perturb period
(CVE-2025-38193 bsc#1245945).
- commit b90f28d
- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
bsc#1246029).
- commit 3438ce5
- calipso: unlock rcu before returning -EAFNOSUPPORT
(CVE-2025-38147 bsc#1245768).
- calipso: Don't call calipso functions for AF_INET sk
(CVE-2025-38147 bsc#1245768).
- commit 6d3ad82
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
(CVE-2025-38200 bsc#1246045).
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx
(CVE-2025-38094 bsc#1245649).
- commit 3fe4112
- drm/amd/pp: Fix potential NULL pointer dereference in
atomctrl_initialize_mc_reg_table (CVE-2025-38319 bsc#1246243).
- commit 28370d4
- ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3() (CVE-2025-38249 bsc#1246171).
- commit a7d7572
- iopoll: Introduce read_poll_timeout_atomic macro (CVE-2025-38094
bsc#1245649).
- net: cadence: Fix a sleep-in-atomic-context bug in
macb_halt_tx() (CVE-2025-38094 bsc#1245649).
- commit 94f52a4
- net: clear the dst when changing skb protocol (bsc#1245954
CVE-2024-49861).
- commit c3ead22
- wifi: ath9k_htc: Abort software beacon handling if disabled
(CVE-2025-38157 bsc#1245747).
- commit 2580def
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (CVE-2025-38161 bsc#1245777)
- commit 884e454
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(CVE-2025-38181 bsc#1246000).
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
(CVE-2025-38115 bsc#1245689).
- commit 4ac1c90
- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
(bsc#1238160 CVE-2022-49138).
- commit a00d68a
- net: Fix TOCTOU issue in sk_is_readable() (CVE-2025-38112
bsc#1245668).
- commit 5d4114f
- Bluetooth: hci_event: Fix checking for invalid handle on error
status (bsc#1238160 CVE-2022-49138).
- commit c843371
- vgacon: Add check for vc_origin address range in vgacon_scroll()
(CVE-2025-38213 bsc#1246037).
- commit 22c4880
- ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105
bsc#1245682).
- commit 917cf9d
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (CVE-2022-49934
bsc#1245051).
- commit cf69513
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- commit 630f139
- nbd: don't allow reconnect after disconnect (CVE-2025-21731 bsc#1237881).
- commit 8a4b419
- vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074
bsc#1244735).
- commit 18cd652
- Bluetooth: hci_event: Ignore multiple conn complete events
(bsc#1238160 CVE-2022-49138).
- commit a0784d3
- virtgpu: don't reset on shutdown (git-fixes).
- commit b2d9b68
- Refresh
patches.suse/kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch.
Fix NULL pointer deference leading to a kernel panic/oops (bsc#1245948).
- commit 7935351
- crypto: algif_hash - fix double free in hash_accept
(CVE-2025-38079 bsc#1245217).
- commit 288b933
- virtio: break and reset virtio devices on device_shutdown()
(CVE-2025-38064 bsc#1245201).
- commit 1ec66e0
- drm/amd/display: clear optc underflow before turn off odm clock (bsc#1245060 CVE-2022-49969)
- commit 360b84f
- can: dev: can_put_echo_skb(): don't crash kernel if
can_priv::echo_skb is accessed out of bounds (CVE-2023-52878
bsc#1225000).
- commit 71fb63a
- smb: client: Fix use-after-free in cifs_fill_dirent
(CVE-2025-38051 bsc#1244750).
- commit 1258b98
- cxl: Fix a memory leak in an error handling path (CVE-2022-50025
bsc#1245132).
- commit fe62ac8
- driver core: fix potential deadlock in __driver_attach
(CVE-2022-50149 bsc#1244883).
- commit 0cc27e4
- scsi: lpfc: Fix possible memory leak when failing to issue
CMF WQE (bsc#1245073 CVE-2022-50027).
- commit e689b05
- nvmet-tcp: don't restore null sk_state_change (bsc#1244801
CVE-2025-38035).
- commit eece831
- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (CVE-2022-49768 bsc#1242446).
- commit 29f06d8
- blk-mq: Fixup kABI due to added parameter to bio_merge
(bsc#1220631 CVE-2021-46984).
- commit de58150
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
malformed user input (bsc#1245265 CVE-2022-50030).
- commit e1b77ba
- kyber: fix out of bounds access when preempted (CVE-2021-46984
bsc#1220631).
- blacklist.conf: Remove from blacklist
- Refresh patches.kabi/bfq_depth_updated-fix-kABI.patch
- commit 8efa3ed
- ext4: fix warning in ext4_iomap_begin as race between bmap
and write (bsc#1245115 CVE-2022-50082).
- commit 06b2a8c
- kABI workaround for xsk: Fix race condition in AF_XDP generic
RX path (CVE-2025-37920 bsc#1243479).
- commit cd1f0aa
- xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479
CVE-2025-37920).
- commit 0e83480
- vt: Clear selection before changing the font (CVE-2022-49948
bsc#1245058).
- commit 3e5249e
- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (CVE-2022-49768 bsc#1242446).
- commit 4d2a2e9
- net: pktgen: fix access outside of user given buffer in
pktgen_thread_write() (CVE-2025-38061 bsc#1245440).
- commit fb0f1a2
- net: vlan: don't propagate flags on open (CVE-2025-23163
bsc#1242837).
- commit d0e8595
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- scsi: storvsc: Don't report the host packet status as the hv status (git-fixes).
- commit adbc421
- kernel-obs-qa: Do not depend on srchash when qemu emulation is used
In this case the dependency is never fulfilled
Fixes: 485ae1da2b88 ("kernel-obs-qa: Use srchash for dependency as well")
- commit a840f87
- firmware: arm_scpi: Ensure scpi_info is not assigned if the
probe fails (CVE-2022-50087 bsc#1245119).
- commit ec5ba42
- Update
patches.suse/0001-drm-msm-mdp5-Fix-global-state-lock-backoff.patch
(bsc#1238275 CVE-2022-50173 bsc#1244992).
- Update
patches.suse/0005-video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch
(bsc#1154048 CVE-2022-50109 bsc#1244884).
- Update
patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch
(bsc#1154048 CVE-2022-50102 bsc#1244838).
- Update
patches.suse/0008-dm-thin-fix-use-after-free-crash-in-dm_sm_register_t.patch
(git-fixes CVE-2022-50092 bsc#1244848).
- Update
patches.suse/0008-video-fbdev-vt8623fb-Check-the-size-of-screen-before.patch
(bsc#1154048 CVE-2022-50101 bsc#1244839).
- Update
patches.suse/0009-video-fbdev-arkfb-Check-the-size-of-screen-before-me.patch
(bsc#1154048 CVE-2022-50099 bsc#1244842).
- Update
patches.suse/0010-dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
(git-fixes CVE-2022-50084 bsc#1245117).
- Update
patches.suse/0010-video-fbdev-s3fb-Check-the-size-of-screen-before-mem.patch
(bsc#1154048 CVE-2022-50097 bsc#1244845).
- Update
patches.suse/0011-dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
(git-fixes CVE-2022-50085 bsc#1245147).
- Update
patches.suse/0011-fbdev-fb_pm2fb-Avoid-potential-divide-by-zero-error.patch
(bsc#1154048 CVE-2022-49978 bsc#1245195).
- Update
patches.suse/0080-drivers-md-fix-a-potential-use-after-free-bug.patch
(git-fixes CVE-2022-50022 bsc#1245131).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch
(CVE-2023-1989 bsc#1210336 CVE-2023-53145 bsc#1243047
CVE-2023-53063 bsc#1242216).
- Update
patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch
(git-fixes CVE-2022-49954 bsc#1244976).
- Update
patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch
(git-fixes CVE-2022-50146 bsc#1244788).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662 CVE-2022-49936 bsc#1244984).
- Update
patches.suse/arm64-fix-oops-in-concurrently-setting-insn_emulation-sysctls.patch
(git-fixes CVE-2022-50206 bsc#1245152).
- Update
patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
(CVE-2022-1679 bsc#1199487 CVE-2022-50179 bsc#1244886).
- Update
patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch
(bsc#1212051 CVE-2023-3111 CVE-2022-50067 bsc#1245047).
- Update
patches.suse/cifs-fix-small-mempool-leak-in-SMB2_negotiate-.patch
(bsc#1190317 CVE-2022-49938 bsc#1244820).
- Update
patches.suse/ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
(bsc#1206878 CVE-2022-50083 bsc#1244968).
- Update
patches.suse/ext4-avoid-resizing-to-a-partial-cluster-size.patch
(bsc#1206880 CVE-2022-50020 bsc#1245129).
- Update
patches.suse/ftrace-Fix-NULL-pointer-dereference-in-is_ftrace_trampoline-when-ftrace-is-dead.patch
(git-fixes CVE-2022-49977 bsc#1244936).
- Update
patches.suse/iommu-vt-d-avoid-invalid-memory-access-via-node_online-NUMA_NO_N
(git-fixes CVE-2022-50093 bsc#1244849).
- Update
patches.suse/jbd2-fix-assertion-jh-b_frozen_data-NULL-failure-whe.patch
(bsc#1202716 CVE-2022-50126 bsc#1244813).
- Update patches.suse/kcm-fix-strp_init-order-and-cleanup.patch
(git-fixes CVE-2022-49957 bsc#1244966).
- Update
patches.suse/kprobes-don-t-call-disarm_kprobe-for-disabled-kprobes.patch
(git-fixes CVE-2022-50008 bsc#1245009).
- Update
patches.suse/locking-csd_lock-Change-csdlock_debug-from-early_par.patch
(git-fixes CVE-2022-50091 bsc#1244885).
- Update patches.suse/md-call-__md_stop_writes-in-md_stop.patch
(git-fixes CVE-2022-49987 bsc#1245024).
- Update patches.suse/md-raid10-fix-KASAN-warning.patch (git-fixes
CVE-2022-50211 bsc#1245140).
- Update
patches.suse/media-mceusb-Use-new-usb_control_msg_-routines.patch
(CVE-2022-3903 bsc#1205220 CVE-2022-49937 bsc#1245057).
- Update
patches.suse/msft-hv-2639-scsi-storvsc-Remove-WQ_MEM_RECLAIM-from-storvsc_erro.patch
(git-fixes CVE-2022-49986 bsc#1244948).
- Update
patches.suse/net-tap-NULL-pointer-derefence-in-dev_parse_header_p.patch
(git-fixes CVE-2022-50073 bsc#1244978).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch
(bsc#1202095 CVE-2022-2586 CVE-2022-50213 bsc#1244867).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(bsc#1242154 CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch
(bsc#1065729 CVE-2022-50012 bsc#1245125).
- Update patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch
(bsc#1065729 CVE-2022-50045 bsc#1244967).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch
(fate#322438 git-fixess CVE-2022-50104 bsc#1244836).
- Update
patches.suse/s390-fix-double-free-of-GS-and-RI-CBs-on-fork-failure
(bsc#1203254 LTC#199911 CVE-2022-49990 bsc#1245006).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-due-to-stale-SRB-access-aroun.patch
(bsc#1201958 CVE-2022-50098 bsc#1244841).
- Update
patches.suse/scsi-sg-Allow-waiting-for-commands-to-complete-on-removed-device.patch
(git-fixes CVE-2022-50215 bsc#1245138).
- Update
patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch
(git-fixes CVE-2022-50094 bsc#1244851).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch
(CVE-2022-4095 bsc#1205514 CVE-2022-49956 bsc#1244969).
- Update
patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch
(git-fixes CVE-2022-50153 bsc#1244786).
- Update
patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch
(git-fixes CVE-2022-50152 bsc#1244783).
- Update
patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch
(git-fixes CVE-2022-50220 bsc#1245348).
- Update
patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch
(git-fixes CVE-2022-50181 bsc#1244901).
- Update
patches.suse/virtio_net-fix-memory-leak-inside-XPD_TX-with-mergea.patch
(git-fixes CVE-2022-50065 bsc#1244986).
- commit 4b076ee
- selinux: Add boundary check in put_entry() (CVE-2022-50200
bsc#1245149).
- commit 90c9727
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (CVE-2022-50134 bsc#1244802)
- commit 544eb52
- tracing: Fix compilation warning on arm32 (bsc#1243551).
- commit f83d64b
- tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923
bsc#1243551).
- commit ab5c2ad
- net_sched: prio: fix a race in prio_tune() (CVE-2025-38083
bsc#1245183).
- commit 4ff0382
- tracing: Fix use-after-free in print_graph_function_flags
during tracer switching (CVE-2025-22035 bsc#1241544).
- commit 93e9f48
- iavf: Fix adminq error handling (CVE-2022-50055 bsc#1245039).
- commit cf4815a
- ftrace: Return the first found result in lookup_rec()
(bsc#1226837).
- commit 548c54e
- ftrace: Fix possible use-after-free issue in ftrace_location()
(CVE-2024-38588 bsc#1226837).
- ftrace: Fix possible warning on checking all pages used in
ftrace_process_locs() (bsc#1226837).
- blacklist.conf: Remove the commit
- ftrace: Separate out functionality from ftrace_location_range()
(bsc#1226837).
- ftrace: Zero out ftrace hashes when a module is removed (bsc#1226837).
- commit ca17def
- Check for losing the race against dp_altmode_probe
(CVE-2024-35790 bsc#1224712).
This is a nonstandard fix because the upstream fix
includes a cleanup that requires infrastructure
that breaks kABI by changing struct device_driver
- commit ffe9de9
- bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133 bsc#1242423)
- commit 4d2b740
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
(CVE-2025-37927 bsc#1243620).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (CVE-2025-37927
bsc#1243620).
- commit 3614667
- Remove host-memcpy-hack.h
This might have been usefult at some point but we have more things that
depend on specific library versions today.
- commit 0396c23
- Remove compress-vmlinux.sh
/usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in
pesign-obs-integration during SLE12 RC. This workaround can be removed.
- commit 19caac0
- Remove try-disable-staging-driver
The config for linux-next is autogenerated from master config, and
defaults filled for missing options. This is unlikely to enable any
staging driver in the first place.
- commit a6f21ed
- scsi: target: Fix WRITE_SAME No Data Buffer crash
(CVE-2022-21546, bsc#1242243).
- commit 0b27e73
- kABI fix for net: xfrm: Localize sequence counter per network
namespace (CVE-2024-57982 bsc#1237913).
- commit e37d325
- xfrm: state: fix out-of-bounds read during lookup
(CVE-2024-57982 bsc#1237913).
- net: xfrm: Localize sequence counter per network namespace
(CVE-2024-57982 bsc#1237913).
- commit 03cb718
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CVE-2025-38024 bsc#1245025)
- commit 4f2eb61
- nfs: handle failure of nfs_get_lock_context in unlock path
(bsc#1245004 CVE-2025-38023).
- commit 1be83c3
- libnvdimm/labels: Fix divide error in nd_label_data_init()
(bsc#1244743, CVE-2025-38072).
- commit dacc95b
- scsi: target: tcm_loop: Fix possible name leak in
tcm_loop_setup_hba_bus() (CVE-2022-49780 bsc#1242262).
- commit 6710526
- Set CPUID_8000_0021_EAX to the right value (20)
This is the word in which individual feature flags are defined,
so the cpuid_leaf number must match.
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit c63ac04
- ALSA: pcm: Fix race of buffer access at PCM OSS layer
(CVE-2025-38078 bsc#1244737).
- commit 7c6d995
- Move upstreamed sound patch into sorted section
- commit 4436fa8
- packaging: Add support for suse-kabi-tools
The current workflow to check kABI stability during the RPM build of SUSE
kernels consists of the following steps:
* The downstream script rpm/modversions unpacks the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and creates
individual symref files.
* The build performs a regular kernel make. During this operation, genksyms
is invoked for each source file. The tool determines type signatures of
all exports within the file, reports any differences compared to the
associated symref reference, calculates symbol CRCs from the signatures
and writes new type data into a symtypes file.
* The script rpm/modversions is invoked again, this time it packs all new
symtypes files to a consolidated kABI file.
* The downstream script rpm/kabi.pl checks symbol CRCs in the new build and
compares them to a reference from kabi/<arch>/symvers-<flavor>, taking
kabi/severities into account.
suse-kabi-tools is a new set of tools to improve the kABI checking process.
The suite includes two tools, ksymtypes and ksymvers, which replace the
existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison
functionality previously provided by genksyms. The tools have their own
source repository and package.
The tools provide faster operation and more detailed, unified output. In
addition, they allow the use of the new upstream tool gendwarfksyms, which
lacks any built-in comparison functionality.
The updated workflow is as follows:
* The build performs a regular kernel make. During this operation, genksyms
(gendwarfksyms) is invoked as usual, determinining signatures and CRCs of
all exports and writing the type data to symtypes files. However,
genksyms no longer performs any comparison.
* 'ksymtypes consolidate' packs all new symtypes files to a consolidated
kABI file.
* 'ksymvers compare' checks symbol CRCs in the new build and compares them
to a reference from kabi/<arch>/symvers-<flavor>, taking kabi/severities
into account. The tool writes its result in a human-readable form on
standard output and also writes a list of all changed exports (not
ignored by kabi/severities) to the changed-exports file.
* 'ksymtypes compare' takes the changed-exports file, the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and the new
consolidated data. Based on this data, it produces a detailed report
explaining why the symbols changed.
The patch enables the use of suse-kabi-tools via rpm/config.sh, providing
explicit control to each branch. To enable the support, set
USE_SUSE_KABI_TOOLS=Yes in the config file.
- commit a2c6f89
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit c88f971
- kernel-source: Remove log.sh from sources
- commit 96bd779
- media: pvrusb2: fix uaf in pvr2_context_set_notify
(CVE-2024-26875 bsc#1223118).
- commit 9270436
- drm/amdkfd: Fix an illegal memory access (CVE-2023-53090
bsc#1242753).
- commit 8280475
- can: bcm: add locking for bcm_op runtime updates (CVE-2025-38004
bsc#1244274).
- commit 27f3405
- scsi: drivers: base: Propagate errors through the transport component (bsc#1242548)
- commit 19a4dc6
- scsi: drivers: base: Support atomic version of attribute_container_device_trigger (bsc#1242548)
- commit 250283f
- sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (CVE-2025-38000 bsc#1244277).
- commit 8634486
- net_sched: Flush gso_skb list too during ->change()
(CVE-2025-37992 bsc#1243698).
- ipvs: fix uninit-value for saddr in do_output_route4
(CVE-2025-37961 bsc#1243523).
- net: tls: explicitly disallow disconnect (CVE-2025-37756
bsc#1242515).
- net_sched: Prevent creation of classes with TC_H_ROOT
(CVE-2025-21971 bsc#1240799).
- vlan: enforce underlying device type (CVE-2025-21920
bsc#1240686).
- kcm: close race conditions on sk_receive_queue (CVE-2022-49814
bsc#1242498).
- wifi: cfg80211: fix memory leak in query_regdb_file()
(CVE-2022-49881 bsc#1242481).
- ipvs: fix WARNING in ip_vs_app_net_cleanup() (CVE-2022-49917
bsc#1242406).
- commit 225b1ce
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- commit 619fd3b
- netfilter: bridge: replace physindev with physinif in
nf_bridge_info (CVE-2024-35839 bsc#1224726).
- Refresh patches.kabi/kabi-add-__nf_bridge_get_physindev-for-kabi.patch.
- commit ec55ccf
- kabi: add __nf_bridge_get_physindev() for kabi
(bsc#1224726,CVE-2024-35839).
- commit 8066fc3
- tipc: fix memory leak in tipc_link_xmit (CVE-2025-37757 bsc#1242521)
- commit ca38369
- net: sched: Fix use after free in red_enqueue() (CVE-2022-49921 bsc#1242359)
- commit 91e83c2
- netfilter: propagate net to nf_bridge_get_physindev
(CVE-2024-35839 bsc#1224726).
- Refresh patches.kabi/kabi-add-__nf_queue_get_refs-for-kabi-compliance.patch.
- commit 3ffae8c
- serial: core: fix transmit-buffer reset and memleak (bsc#1227768
CVE-2021-47527).
- commit 1772922
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
(CVE-2025-37911 bsc#1243469).
- mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586
bsc#1220243).
- net/mlx5: Update error handler for UCTX and UMEM (CVE-2021-47212
bsc#1222709).
- commit 5027586
- module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995 bsc#1243827)
- commit 31568b0
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- commit 7c95ae0
- Refresh
patches.suse/kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch.
Fix the kernel Oops (bsc#1244317)
- commit 6a26caf
- mnt: fix __detach_mounts infinite loop (bsc#1242140).
- commit 973877c
- MyBS: Do not build kernel-obs-qa with limit_packages
Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- commit f4c6047
- MyBS: Simplify qa_expr generation
Start with a 0 which makes the expression valid even if there are no QA
repositories (currently does not happen). Then separator is always
needed.
- commit e4c2851
- MyBS: Correctly generate build flags for non-multibuild package limit
(bsc# 1244241)
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- commit 27588c9
- bs-upload-kernel: Pass limit_packages also on multibuild
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- commit 8ef486c
- ftrace: Avoid potential division by zero in function_stat_show()
(CVE-2025-21898 bsc#1240610).
- commit f3b653b
- kABI: workaround "bpf: Prevent bpf program recursion for raw
tracepoint probes" changes (bsc#1242301 CVE-2022-49764).
- commit 06373a9
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
(CVE-2024-26825 bsc#1223065).
- commit e2bddb4
- ptp: Fix possible memory leak in ptp_clock_register()
(CVE-2021-47455 bsc#1225254).
- Refresh patches.kabi/ptp_clock-kABI-workaround.patch.
- commit e9de86b
- RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872 bsc#1223115)
- commit cad3736
- driver core: fix potential NULL pointer dereference in
dev_uevent() (CVE-2025-37800 bsc#1242849).
- driver core: introduce device_set_driver() helper
(CVE-2025-37800 bsc#1242849).
- commit f8f225c
- Drop rejected CVE fix for driver core
Delete
patches.suse/driver-core-Fix-uevent_show-vs-driver-detach-race.patch
as it was reverted in the upstream (and CVE was rejected).
Another form of the fix will follow.
- commit c791e65
- kernel-source: Do not use multiple -r in sed parameters
This usage is enabled in commit b18d64d
(sed: allow multiple (non-conflicting) -E/-r parameters, 2016-07-31)
only available since sed 4.3
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit 91ad98e
- block: fix resource leak in blk_register_queue() error path (CVE-2025-37980 bsc#1243522)
- commit 65b2595
- openvswitch: Fix unsafe attribute parsing in output_userspace() (CVE-2025-37998 bsc#1243836)
- commit 1de5c37
- dm-bufio: don't schedule in atomic context (CVE-2025-37928 bsc#1243621)
- commit 8d6e517
- mtd: inftlcore: Add error check for inftl_read_oob() (CVE-2025-37892 bsc#1243536)
- commit 54793bb
- wifi: wl1251: fix memory leak in wl1251_tx_work (CVE-2025-37982 bsc#1243524)
- commit 9ed11b8
- netfilter: nf_tables: fix crash when nf_trace is enabled
(git-fixes CVE-2022-49622 bsc#1239042).
- commit 1ebebaa
- netfilter: nf_tables: avoid skb access on nf_stolen
(CVE-2022-49622 bsc#1239042).
- commit 3d1f851
- netfilter: nf_tables: consolidate rule verdict trace call (bsc#1239042).
- commit a2784df
- netfilter: nf_tables: remove old nf_log based tracing (bsc#1239042).
- Refresh
patches.suse/netfilter-nf_tables-check-the-result-of-dereferencin.patch.
- Refresh
patches.suse/netfilter-nf_tables-use-WARN_ON_ONCE-instead-of-BUG_.patch.
- commit c5a2d73
- KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167 CVE-2022-49154).
- commit 930b864
- Update tags in
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch
(bsc#1208542 CVE-2023-53081 bsc#1242281).
- commit 54cff45
- ext4: update s_journal_inum if it changes after journal replay
(bsc#1242767 CVE-2023-53091).
- commit 36a043e
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1242733 CVE-2022-49879).
- commit dfbcdb4
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500 CVE-2023-52500).
- commit 8a3dd0b
- ata: libata-core: fix NULL pointer deref in
ata_host_alloc_pinfo() (bsc#1239071 CVE-2022-49731).
- commit f8e7ddf
- l2tp: fix lockdep splat (CVE-2023-53020 bsc#1240224).
- l2tp: Avoid possible recursive deadlock in
l2tp_tunnel_register() (CVE-2023-53020 bsc#1240224).
- l2tp: prevent lockdep issue in l2tp_tunnel_register()
(CVE-2023-53020 bsc#1240224).
- l2tp: close all race conditions in l2tp_tunnel_register()
(CVE-2023-53020 bsc#1240224).
- blacklist.conf: remove 0b2c59720e65885a394a017d0cf9cab118914682
it is a bit unclear why it was there but it should not be there any more
- l2tp: define helper for parsing struct sockaddr_pppol2tp*
(CVE-2023-53020 bsc#1240224).
- commit 6df99cf
- Fix bug reference in patches.suse/net_sched-sch_sfq-use-a-temporary-work-area-for-vali.patch (bsc#1242504)
- commit 14f3c70
- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 67aed4a
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- commit dab1e97
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- commit 01a0a7a
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- commit 198eac5
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- commit ed57497
- HID: pidff: Fix null pointer dereference in pidff_find_fields (CVE-2025-37862 bsc#1242982)
- commit 3dd1249
- PCI: Fix reference leak in pci_register_host_bridge() (CVE-2025-37836 bsc#1242957)
- commit ed65adb
- usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810 bsc#1242906)
- commit b2856a0
- cifs: avoid NULL pointer dereference in dbg call (CVE-2025-37844 bsc#1242946)
- commit 32900ee
- tpm: do not start chip while suspended (CVE-2025-23149 bsc#1242758)
- commit 0620cc8
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
Fix a couple of issues with this backport, namely:
1. Wrong upstream commit id used
2. Missing hunk dealing with RETPOLINE being enabled on RRSBA CPUs, thus
obviating the need to have BHI mitigation explicitly enabled.
- commit daaf354
- Update
patches.suse/0084-dm-ioctl-fix-misbehavior-if-list_versions-races-with-module-loading.patch
(git-fixes CVE-2022-49771 bsc#1242686).
- Update
patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_r.patch
(CVE-2022-3564 bsc#1206073 CVE-2022-49910 bsc#1242452).
- Update
patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch
(CVE-2025-21969 bsc#1240784 CVE-2022-49909 bsc#1242453).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch
(CVE-2023-1989 bsc#1210336 CVE-2023-53145 bsc#1243047).
- Update patches.suse/SUNRPC-Fix-a-server-shutdown-leak.patch
(git-fixes CVE-2023-53131 bsc#1242377).
- Update
patches.suse/arm64-bpf-Add-BHB-mitigation-to-the-epilogue-for-cBP.patch
(bsc#1242778 CVE-2025-37948 bsc#1243649).
- Update
patches.suse/arm64-bpf-Only-mitigate-cBPF-programs-loaded-by-unpr.patch
(bsc#1242778 CVE-2025-37963 bsc#1243660).
- Update
patches.suse/bpf-sockmap-Fix-the-sk-sk_forward_alloc-warning-of-s.patch
(bsc#1235485 CVE-2024-56633 CVE-2022-49877 bsc#1242483).
- Update
patches.suse/cifs-Fix-connections-leak-when-tlink-setup-failed.patch
(bsc#1190317 CVE-2022-49822 bsc#1242544).
- Update
patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch
(git-fixes CVE-2023-53044 bsc#1242759).
- Update
patches.suse/ext4-fix-WARNING-in-ext4_update_inline_data.patch
(bsc#1213012 CVE-2023-53100 bsc#1242790).
- Update
patches.suse/ext4-fix-warning-in-ext4_da_release_space.patch
(bsc#1206887 CVE-2022-49880 bsc#1242734).
- Update
patches.suse/ext4-zero-i_disksize-when-initializing-the-bootloade.patch
(bsc#1213013 CVE-2023-53101 bsc#1242791).
- Update
patches.suse/ftrace-Fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
(git-fixes CVE-2023-53075 bsc#1242218).
- Update
patches.suse/ftrace-Fix-use-after-free-for-dynamic-ftrace_ops.patch
(git-fixes CVE-2022-49892 bsc#1242449).
- Update
patches.suse/gfs2-Check-sb_bsize_shift-after-reading-superblock.patch
(git-fixes CVE-2022-49769 bsc#1242440).
- Update patches.suse/ibmvnic-Free-rwi-on-reset-success.patch
(bsc#1184350 ltc#191533 git-fixes CVE-2022-49906 bsc#1242464).
- Update
patches.suse/igb-revert-rtnl_lock-that-causes-deadlock.patch
(git-fixes CVE-2023-53060 bsc#1242241).
- Update
patches.suse/ila-do-not-generate-empty-messages-in-ila_xlat_nl_cm.patch
(git-fixes CVE-2023-53141 bsc#1242362).
- Update
patches.suse/mISDN-fix-misuse-of-put_device-in-mISDN_register_dev.patch
(CVE-2022-49915 bsc#1242409 CVE-2022-49818 bsc#1242527).
- Update patches.suse/net-iucv-Fix-size-of-interrupt-data.patch
(bsc#1211466 CVE-2023-53108 bsc#1242422).
- Update
patches.suse/net-tunnels-annotate-lockless-accesses-to-dev-needed_headroom.patch
(CVE-2024-26804 bsc#1222629 CVE-2023-53109 bsc#1242405).
- Update
patches.suse/net-usb-lan78xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53068 bsc#1242239).
- Update
patches.suse/net-usb-smsc75xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53125 bsc#1242285).
- Update
patches.suse/net-usb-smsc95xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53062 bsc#1242228).
- Update
patches.suse/net_sched-keep-alloc_hash-updated-after-hash-allocat.patch
(git-fixes CVE-2020-36791 bsc#1242835).
- Update
patches.suse/nfc-pn533-initialize-struct-pn533_out_arg-properly.patch
(CVE-2022-48875 bsc#1229516 CVE-2023-53119 bsc#1242370).
- Update
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990 CVE-2023-53106
bsc#1242215).
- Update
patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch
(git-fixes CVE-2022-49927 bsc#1242416).
- Update
patches.suse/nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch
(CVE-2025-22025 bsc#1241361 CVE-2025-37871 bsc#1242949).
- Update
patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer_wake_waiters.patch
(git-fixes CVE-2022-49889 bsc#1242455).
- Update patches.suse/sch_htb-make-htb_deactivate-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37953 bsc#1243543).
- Update
patches.suse/sch_htb-make-htb_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37932 bsc#1243627).
- Update
patches.suse/scsi-core-Remove-the-proc-scsi-proc_name-directory-earlier.patch
(git-fixes CVE-2023-53140 bsc#1242372).
- Update
patches.suse/scsi-mpt3sas-Fix-NULL-pointer-access-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2023-53124 bsc#1242165).
- Update
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch
(git-fixes CVE-2023-53041 bsc#1242747).
- Update
patches.suse/scsi-qla2xxx-Synchronize-the-IOCB-count-to-be-in-ord.patch
(bsc#1209292 bsc#1209684 bsc#1209556 CVE-2023-53056
bsc#1242219).
- Update
patches.suse/scsi-scsi_dh_alua-Fix-memleak-for-qdata-in-alua_activate.patch
(git-fixes CVE-2023-53078 bsc#1242231).
- Update
patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails
(git-fixes CVE-2022-49789 bsc#1242366).
- Update
patches.suse/tcp-tcp_make_synack-can-be-called-from-process-conte.patch
(git-fixes CVE-2023-53121 bsc#1242225).
- Update
patches.suse/udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_e.patch
(bsc#1206649 CVE-2022-49846 bsc#1242716).
- commit 69b5e67
- drm/scheduler: fix fence ref counting (bsc#1242691 CVE-2022-49829)
- commit 14778ea
- net: sched: extract qstats update code into functions
(CVE-2024-26740 bsc#1222563).
- refresh patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
- commit e226feb
- net/sched: act_mirred: use the backlog for mirred ingress
(CVE-2024-26740 bsc#1222563).
- refresh patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
- act_mirred: use the backlog for nested calls to mirred ingress
(CVE-2024-26740 bsc#1222563).
- net/sched: act_mirred: refactor the handle of xmit
(CVE-2024-26740 bsc#1222563).
- cleanup patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue.patch
drop net/sched/act_mirred.c part which was a combination of unrelated
commits which are going to be backported separately now
- refresh patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
- net: sched: don't expose action qstats to skb_tc_reinsert()
(CVE-2024-26740 bsc#1222563).
- net: sched: refactor reinsert action (CVE-2024-26740
bsc#1222563).
- commit 7ca05e8
- can: peak_usb: fix use after free bugs (bsc#1241407
CVE-2021-47670).
- blacklist.conf: blacklisted in error
- commit 3cc9a48
- xenbus: Use kref to track req lifetime (bsc#1243541
CVE-2025-37949).
- commit e59a814
- 9p/net: fix improper handling of bogus negative read/write
replies (bsc#1243077 CVE-2025-37879).
- commit fe1bf4b
- usb: gadget: u_audio: don't let userspace block driver unbind (CVE-2023-53045 bsc#1242756)
- commit 96aa745
- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (CVE-2022-49862 bsc#1242755)
- commit d64fec6
- net: macvlan: fix memory leaks of macvlan_common_newlink (CVE-2022-49853 bsc#1242688)
- commit d85ed83
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (CVE-2022-49861 bsc#1242580)
- commit f8dabfc
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (CVE-2022-49865 bsc#1242570)
- commit 8923317
- ata: libata-transport: fix error handling in ata_tport_add() (CVE-2022-49825 bsc#1242548)
- commit e76ffee
- net_sched: sch_sfq: move the limit validation (CVE-2025-37752 bsc#1242504)
- commit 3268e2e
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- commit e350897
- net: ena: Fix error handling in ena_init() (CVE-2022-49813 bsc#1242497)
- commit 55f4ea4
- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (CVE-2022-49907 bsc#1242450)
- commit 35b4747
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (CVE-2023-53114 bsc#1242398)
- commit 9232bee
- ALSA: hda: fix potential memleak in 'add_widget_node' (CVE-2022-49835 bsc#1242385)
- commit b245eca
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (CVE-2022-49922 bsc#1242378)
- commit ec5842a
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (CVE-2022-49772 bsc#1242147)
- commit 05dc09a
- Remove debug flavor (bsc#1243919).
This is only released in Leap, and we don't have Leap 42 anymore.
- commit c8f417b
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE
Useful when someone tries (needs) to build the kernel with clang.
- commit 06918e3
- HID: hyperv: fix possible memory leak in mousevsc_probe()
(CVE-2022-49874 bsc#1242478).
- commit 4edbe8d
- Refresh patches.suse/netfilter-nf_tables-Reject-tables-of-unsupported-fam.patch.
Adjusted the backported patch as it caused a regression. bsc#1218752
- commit 9c294ed
- ipv6: Fix signed integer overflow in __ip6_append_data
(CVE-2022-49728 bsc#1239111).
- commit e5a4bfa
- devm-helpers: Add resource managed version of work init (bsc#1242745)
- commit af41987
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (bsc#1242154)
- commit 28b2ba4
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (CVE-2023-53139 bsc#1242361)
- commit 2977dda
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788 bsc#1242353)
- commit 9e63e91
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (CVE-2022-49787 bsc#1242352)
- commit e6bd23b
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (CVE-2023-53066 bsc#1242227)
- commit 3926868
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (CVE-2022-49832 bsc#1242154)
- commit 18c2436
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745)
- commit eb37482
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (CVE-2023-53039 bsc#1242745)
- commit 09f159d
- workqueue: Add resource managed version of delayed work init (bsc#1242745)
- commit 26c1fec
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(CVE-2024-53168 bsc#1234887).
- commit 14cbc36
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(CVE-2022-49145 bsc#1238162).
- commit 470a12c
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- commit 9010162
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 2dfc668
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (CVE-2022-49923 bsc#1242394)
- commit 90c2109
- NFC: nxp-nci: remove unnecessary labels (bsc#1242394)
- commit 211515d
- isofs: Prevent the use of too small fid (CVE-2025-37780 bsc#1242786)
- commit 66b8f1c
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (CVE-2025-37794 bsc#1242566)
- commit be7520f
- wifi: at76c50x: fix use after free access in at76_disconnect (CVE-2025-37796 bsc#1242727)
- commit 926c6d8
- ext4: fix off-by-one error in do_split (CVE-2025-23150 bsc#1242513)
- commit 63c211a
- d_invalidate(): unhash immediately (bsc#1242140).
- commit 0bb13d9
- net: phy: leds: fix memory leak (CVE-2025-37989 bsc#1243511).
- commit 80b696b
- Refresh fixes for cBPF issue (bsc#1242778)
- Update metadata and put them into the sorted part of the series
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- Refresh
patches.suse/x86-bpf-add-IBHF-call-at-end-of-classic-BPF.patch.
- Refresh
patches.suse/x86-bpf-call-branch-history-clearing-sequence-on-exit.patch.
- commit 78cd843
- kabi: hide owner from struct Qdisc (CVE-2024-27010,
bsc#1223720).
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010, bsc#1223720).
- commit 2646651
- Refresh patches.suse/net-mlx5-Fix-steering-rules-cleanup.patch.
- commit cad4104
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (CVE-2025-37781 bsc#1242575)
- commit 648898d
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (CVE-2022-49729 bsc#1239060)
- commit e4a37ce
- net_sched: skbprio: Remove overly strict queue assertions (CVE-2025-38637 bsc#1241657).
- commit a3f71a8
- usbnet:fix NPE during rx_complete (CVE-2025-22050 bsc#1241441)
- commit b29f445
- thermal: int340x: Add NULL check for adev (CVE-2025-23136 bsc#1241357)
- commit aca813f
- btrfs: do not clean up repair bio if submit fails
(CVE-2022-49168 bsc#1238109).
- commit eb3f122
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (CVE-2023-52988 bsc#1240293)
- commit 47e6e52
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (CVE-2023-52993 bsc#1240297)
- commit b8c925f
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (CVE-2023-52989 bsc#1240266)
- commit 4f68c93
- w1: fix WARNING after calling w1_process() (CVE-2022-49751 bsc#1240254)
- commit 9507421
- nfc: fdp: Fix potential memory leak in fdp_nci_send() (CVE-2022-49924 bsc#1242426)
- commit 1ff0fc5
- PM / devfreq: rk3399_dmc: Disable edev on remove() (CVE-2022-49460 bsc#1238892)
- commit 556bc32
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (CVE-2022-49652 bsc#1238871)
- commit d4f6d8a
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (CVE-2022-49503 bsc#1238868)
- commit b38fbf8
- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (CVE-2022-49715 bsc#1238818)
- commit c85152c
- irqchip: gic-v3: Use of_cpu_node_to_id helper (bsc#1238818)
- commit 955125a
- net/mlx5: Fix steering rules cleanup (CVE-2023-53079
bsc#1242765).
- commit 4ab30d6
- ata: libata-transport: fix double ata_host_put() in
ata_tport_add() (CVE-2022-49826 bsc#1242549).
- commit a0074f3
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
(CVE-2025-37823 bsc#1242924).
- commit 9b2e245
- team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787 bsc#1238774)
- commit c0334f8
- btrfs: fix inode list leak during backref walking at
resolve_indirect_refs() (CVE-2022-49914 bsc#1242427).
- commit f13d5c5
- thermal: core: prevent potential string overflow (CVE-2023-52868 bsc#1225044)
- commit 45a76bf
- bpf: Prevent bpf program recursion for raw tracepoint probes
(CVE-2022-49764 bsc#1242301).
- commit 193b281
- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
(CVE-2022-49840 bsc#1242447).
- commit 19b730c
- nfsd: decrease sc_count directly if fail to queue dl_recall
(CVE-2025-22025 bsc#1241361).
- commit 5566843
- nfsd: put dl_stid if fail to queue dl_recall (CVE-2025-22025
bsc#1241361).
- commit 36e54e4
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702 bsc#1237312)
- commit 2cd0611
- usb: cdc-acm: Check control transfer buffer size before access (CVE-2025-21704 bnc#1237571)
- commit 25db018
- ptp: Ensure info->enable callback is always set (CVE-2025-21814 bsc#1238473)
- commit 04ecd88
- net/niu: Niu requires MSIX ENTRY_DATA fields touch before
entry reads (CVE-2025-37833 bsc#1242868).
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
(CVE-2025-37833 bsc#1242868).
- commit 07a4c2c
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (CVE-2025-37852 bsc#1243074).
- commit 85e74d7
- net: mvpp2: parser fix QinQ (CVE-2025-22060 bsc#1241526).
- Refresh
patches.suse/net-mvpp2-Prevent-parser-TCAM-memory-corruption.patch.
- commit 39cd74b
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
(bsc#1235632 CVE-2024-56779).
- commit 6133296
- x86/smpboot: Remove unused phys_id variable (git-commit).
This fixes a build warning.
- commit ceba46a
- kernel/resource: fix kfree() of bootmem memory again
(CVE-2022-49190 bsc#1238130).
- commit 48c0013
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (CVE-2022-49467 bsc#1238815)
- commit 9b240ea
- drm/i915/selftests: fix subtraction overflow bug (CVE-2022-49635 bsc#1238806)
- commit c5c18ff
- net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749 bsc#1242859)
- commit a8fe412
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (CVE-2025-22063 bsc#1241351)
- commit 69b9c55
- tcp: cdg: allow tcp_cdg_release() to be called multiple times (CVE-2022-49775 bsc#1242245)
- commit 462783c
- rpm: Stop using is_kotd_qa macro
This macro is set by bs-upload-kernel, and a conditional in each spec
file is used to determine when to build the spec file.
This logic should not really be in the spec file. Previously this was
done with package links and package meta for the individula links.
However, the use of package links is rejected for packages in git based
release projects (nothing to do with git actually, new policy). An
alternative to package links is multibuild. However, for multibuild
packages package meta cannot be used to set which spec file gets built.
Use prjcon buildflags instead, and remove this conditional. Depends on
bs-upload-kernel adding the build flag.
- commit 9eb8a6f
- kernel-obs-qa: Use srchash for dependency as well
- commit 485ae1d
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
(CVE-2025-23161 bsc#1242792).
- commit b40664f
- ocfs2: fix the issue with discontiguous allocation in the
global_bitmap (git-fixes).
- commit e15ed3a
- nfsd: fix race between laundromat and free_stateid()
(CVE-2024-50106 bsc#1232882).
- commit a790b42
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size
data type (bsc#1238394 CVE-2022-49320).
- commit 436663c
- btrfs: fix inode list leak during backref walking at
find_parent_nodes() (bsc#1242470 CVE-2022-49913).
- commit c05de9e
- btrfs: replace BUG_ON() with error handling at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- commit acac3f6
- Btrfs: don't iterate mod seq list when putting a tree mod seq
(bsc#1242472 CVE-2022-49898).
- btrfs: always pin deleted leaves when there are active tree
mod log users (bsc#1242472 CVE-2022-49898).
- btrfs: fix tree mod log mishandling of reallocated nodes
(bsc#1242472 CVE-2022-49898).
- btrfs: use a bit to track the existence of tree mod log users
(bsc#1242472 CVE-2022-49898).
- btrfs: use the new bit BTRFS_FS_TREE_MOD_LOG_USERS at
btrfs_free_tree_block() (bsc#1242472 CVE-2022-49898).
- Refresh
patches.suse/0002-btrfs-Remove-fsid-metadata_fsid-fields-from-btrfs_in.patch.
- commit dacb815
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit 4e6c9d7
- IB/hfi1: Correctly move list in sc_disable() (CVE-2022-49931 bsc#1242382)
- commit 581a698
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (CVE-2022-49925 bsc#1242371)
- commit 629991b
- rtl818x: Prevent using not initialized queues (CVE-2022-49326 bsc#1238646)
- commit 2e4f859
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (CVE-2022-49491 bsc#1238539)
- commit cacfaf7
- driver core: fix deadlock in __device_attach (CVE-2022-49371 bsc#1238546)
- commit e1fc85e
- Refresh patches.suse/tpm-tis-Double-the-timeout-B-to-4s.patch.
- commit db263b9
- Update
patches.suse/USB-usbfs-Don-t-WARN-about-excessively-large-memory-.patch
(bsc#1222004 CVE-2021-47170 CVE-2021-20320).
- commit 2ffa0a7
- Update
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch
(bsc#1206677 CVE-2023-1074).
- commit 2c70e65
- media: streamzap: fix race between device disconnection and
urb callback (CVE-2025-22027 bsc#1241369).
- commit 45f284f
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
(CVE-2022-49842 bsc#1242484).
- commit dfda6bc
- ASoC: core: Fix use-after-free in snd_soc_exit() (CVE-2022-49842
bsc#1242484).
- commit 89ba7b3
- btrfs: always report error in run_one_delayed_ref() (CVE-2022-49761 bsc#1240261)
- commit e432f24
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX (CVE-2025-21648 bsc#1236142)
- commit 9316b29
- media: usb: go7007: s2250-board: fix leak in probe() (CVE-2022-49253 bsc#1238420)
- commit db86595
- sfc: fix kernel panic when creating VF (CVE-2022-49625 bsc#1238411)
- commit bcdf72a
- arm64: insn: Fix two bugs in encoding 32-bit logical immediates
(bsc#1242778).
- commit 538ec8a
- arm64: insn: Add encoder for bitwise operations using literals
(bsc#1242778).
- arm64: insn: Add N immediate encoding (bsc#1242778).
- commit e6408da
- sch_htb: make htb_deactivate() idempotent (CVE-2025-37798
bsc#1242414).
- sch_qfq: make qfq_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_drr: make drr_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_htb: make htb_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- commit 85d67da
- bonding: Fix memory leak when changing bond type to Ethernet
(CVE-2023-53103 bsc#1242408).
- commit 03cee1f
- bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave
fails (CVE-2023-53103 bsc#1242408).
- bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether
type change (CVE-2023-53103 bsc#1242408).
- commit c76a60e
- libgcrypt
-
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236_01.patch
* Add libgcrypt-CVE-2024-2236_02.patch
* Add libgcrypt-CVE-2024-2236_03.patch
* Add libgcrypt-CVE-2024-2236_04.patch
* Add libgcrypt-CVE-2024-2236_05.patch
* Add libgcrypt-CVE-2024-2236_06.patch
* Add libgcrypt-CVE-2024-2236_07.patch
* Add libgcrypt-CVE-2024-2236_08.patch
* Add libgcrypt-CVE-2024-2236_09.patch
* Add libgcrypt-CVE-2024-2236_10.patch
* Add libgcrypt-CVE-2024-2236_11.patch
* Add libgcrypt-CVE-2024-2236_decoding_fix.patch
- cloud-regionsrv-client
-
- Update version to 10.5.2 (bsc#1247539)
+ When an instance fails verification server side the default credentials
were left behind requireing manual intervantion prior to the next
registration attempt.
+ Fix issue triggered when using instance-billing-flavor-check due to
IP address handling as object rather than string introduced 10.5.0
- Update version to 10.5.1
+ Fix issue with picking up configured server names from the
regionsrv config file. Previously only IP addresses were collected
+ Update scriptlet for package uninstall to avoid issues in the
build service
- Update version to 10.5.0
+ Use region server IP addresses to determine Internet access rather
than a generic address. Region server IP addresses may not be blocked
in the network construct. (bsc#1245305)