- aaa_base
-
- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
* If a user switches the login shell respect the already set
PATH environment (bsc#1235481)
- add patch aaa_base-rc.status.patch (bsc#1236033)
(no git, file is gone in factory/tumbleweed)
update detection for systemd in rc.status, mountpoint for
cgroup changed with cgroup2, so just check if pid 1 is systemd
- Add patch git-50-845b509c9a005340a0455cb8a7fe084d1b8f1946.patch
* Add mc helpers for both tcsh and bash resources (boo#1203617)
- apparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- bash
-
- Add patch boo1227807.patch
* Load completion file eveh if a brace expansion is in the
command line included (boo#1227807)
- bind
-
- Limit additional section processing for large RDATA sets.
When answering queries, don’t add data to the additional
section if the answer has more than 13 names in the RDATA. This
limits the number of lookups into the database(s) during a
single client query, reducing the query-processing load.
(CVE-2024-11187)
[bsc#1236596, bind-9.16-CVE-2024-11187.patch]
- ca-certificates-mozilla
-
- revert the distrusted certs for now. originally these only
distrust "new issued" certs starting after a certain date,
while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed
- explit remove distruted certs, as the distrust does not get exported
correctly and the SSL certs are still trusted. (bsc#1240343)
- Entrust.net Premium 2048 Secure Server CA
- Entrust Root Certification Authority
- AffirmTrust Commercial
- AffirmTrust Networking
- AffirmTrust Premium
- AffirmTrust Premium ECC
- Entrust Root Certification Authority - G2
- Entrust Root Certification Authority - EC1
- GlobalSign Root E46
- GLOBALTRUST 2020
- remove-distrusted.patch: apply to certdata.txt
- Fix awk to compare (missing a =) and give the following output:
[#] NSS_BUILTINS_LIBRARY_VERSION "2.74"
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
- cifs-utils
-
- Add patches:
* 0001-cifs.upcall-correctly-treat-UPTARGET_UNSPECIFIED-as-.patch
(bsc#1243488)
* 0001-mount.cifs-retry-mount-on-EINPROGRESS.patch
- CVE-2025-2312: cifs-utils: cifs.upcall makes an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
* add New-mount-option-for-cifs.upcall-namespace-reso.patch
- cloud-init
-
- Add cloud-init-wait-for-net.patch (bsc#1227237)
+ Wait for udev once if we cannot find the expected MAC
- remove dependency on /usr/bin/python3 via using the macros (bsc#1212476)
- containerd
-
- Update to containerd v1.7.27. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.27>
bsc#1239749 CVE-2024-40635
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.26. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.25. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.25>
<https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.23. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.23>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.22. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.22>
- Bump minimum Go version to 1.22.
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- curl
-
- Security fix: [bsc#1236590, CVE-2025-0725]
* content_encoding: drop support for zlib before 1.2.0.4
* content_encoding: put the decomp buffers into the writer structs
* Add curl-CVE-2025-0725.patch
- Security fix: [bsc#1236588, CVE-2025-0167]
* netrc: 'default' with no credentials is not a match
* Add curl-CVE-2025-0167.patch
- Security fix: [bsc#1234068, CVE-2024-11053]
* curl could leak the password used for the first host to the
followed-to host under certain circumstances.
* netrc: address several netrc parser flaws
* Add curl-CVE-2024-11053.patch
- Security fix: [bsc#1232528, CVE-2024-9681]
* HSTS subdomain overwrites parent cache entry
* Add curl-CVE-2024-9681.patch
- Make special characters in URL work with aws-sigv4 [bsc#1230516]
* http_aws_sigv4: canonicalize the query [fc76a24c]
* test439: verify query canonization for aws-sigv4 [65661016]
* http_aws_sigv4: skip the op if the query pair is zero bytes [16bdc09e]
* aws_sigv4: the query canon code miscounted URL encoded input [a1532a33]
* http_aws_sigv4: canonicalise valueless query params [bbba69da]
* aws-sigv4: url encode the canonical path [768909d8]
* Add upstream patches:
- curl-aws_sigv4-canonicalize-the-query.patch
- curl-aws_sigv4-verify-query-canonization.patch
- curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
- curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
- curl-aws_sigv4-canonicalise-valueless-query-params.patch
- curl-aws_sigv4-url-encode-the-canonical-path.patch
- dhcp
-
- bsc#1192020: Add 'Requires(pre): group(nogroup)' to fix user
creation in pre scriptlet for dhcp-server.
- docker
-
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to Docker 28.2.2-ce. See upstream changelog online at
<https://github.com/moby/moby/releases/tag/v28.2.2>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to Docker 28.2.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2820> bsc#1243833
<https://github.com/moby/moby/releases/tag/v28.2.1>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to docker-buildx v0.24.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.24.0>
- Update to Docker 28.1.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2811> bsc#1242114
Includes upstream fixes:
- CVE-2025-22872 bsc#1241830
- Remove long-outdated build handling for deprecated and unsupported
devicemapper and AUFS storage drivers. AUFS was removed in v24, and
devicemapper was removed in v25.
<https://docs.docker.com/engine/deprecated/#aufs-storage-driver>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Remove upstreamed patches:
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx v0.23.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.23.0>
- Update to docker-buildx v0.22.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
- Don't use the new container-selinux conditional requires on SLE-12, as the
RPM version there doesn't support it. Arguably the change itself is a bit
suspect but we can fix that later. bsc#1237367
- Add backport for golang.org/x/oauth2 CVE-2025-22868 fix. bsc#1239185
+ 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- Add backport for golang.org/x/crypto CVE-2025-22869 fix. bsc#1239322
+ 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Refresh patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Make container-selinux requirement conditional on selinux-policy
(bsc#1237367)
- Update to Docker 27.5.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741> bsc#1237335
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.20.1. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.20.1>
- Update to Docker 27.4.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#2741>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx 0.19.3. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.3>
- Update to Docker 27.4.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/27/#274>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- Remove upstreamed patches:
- 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
- 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Update to Go 1.22.
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Add docker-integration-tests-devel subpackage for building and running the
upstream Docker integration tests on machines to test that Docker works
properly. Users should not install this package.
- docker-rpmlintrc updated to include allow-list for all of the integration
tests package, since it contains a bunch of stuff that wouldn't normally be
allowed.
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Further merge docker and docker-stable specfiles to minimise the differences.
The main thing is that we now include both halves of the
Conflicts/Provides/Obsoletes dance in both specfiles.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Add %{_sysconfdir}/audit/rules.d to filelist.
- Mark docker-buildx as required since classic "docker build" has been
deprecated since Docker 23.0. bsc#1230331
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
bsc#1230333
- Make some minor name macro updates to help with the docker-stable package
fork.
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070
* CVE-2023-45142. bsc#1228553
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
* 0006-bsc1221916-update-to-patched-buildkit-version-to-fix.patch
* 0007-bsc1214855-volume-use-AtomicWriteFile-to-save-volume.patch
* cli-0001-docs-include-required-tools-in-source-tree.patch
- e2fsprogs
-
- resize2fs-Check-number-of-group-descriptors-only-if-.patch: resize2fs: Check
number of group descriptors only if meta_bg is disabled (bsc#1230145)
- findutils
-
- do not crash when file system loop was encountered [bsc#1231472]
- added patches
fix https://git.savannah.gnu.org/cgit/findutils.git/commit/?id=e5d6eb919b9
+ findutils-avoid-crash-system-loop.patch
- modified patches
% findutils-xautofs.patch (p1)
- glibc
-
- static-setuid-ld-library-path.patch: elf: Ignore LD_LIBRARY_PATH and
debug env var for setuid for static (CVE-2025-4802, bsc#1243317)
- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
[#25847])
- assert-message-allocation.patch: Fix underallocation of abort_msg_s
struct (CVE-2025-0395, bsc#1236282, BZ #32582))
- tcache-thread-shutdown.patch: malloc: Initiate tcache shutdown even
without allocations (bsc#1228661, BZ #28028)
- grub2
-
- Fix zfs.mo not found message when booting on legacy BIOS (bsc#1237865)
* 0001-autofs-Ignore-zfs-not-found.patch
- Security fixes for 2024
* 0001-misc-Implement-grub_strlcpy.patch
- Fix CVE-2024-45781 (bsc#1233617)
* 0002-fs-ufs-Fix-a-heap-OOB-write.patch
- Fix CVE-2024-56737 (bsc#1234958)
- Fix CVE-2024-45782 (bsc#1233615)
* 0003-fs-hfs-Fix-stack-OOB-write-with-grub_strcpy.patch
- Fix CVE-2024-45780 (bsc#1233614)
* 0004-fs-tar-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2024-45783 (bsc#1233616)
* 0005-fs-hfsplus-Set-a-grub_errno-if-mount-fails.patch
* 0006-kern-file-Ensure-file-data-is-set.patch
* 0007-kern-file-Implement-filesystem-reference-counting.patch
- Fix CVE-2025-0624 (bsc#1236316)
* 0008-net-Fix-OOB-write-in-grub_net_search_config_file.patch
- Fix CVE-2024-45774 (bsc#1233609)
* 0009-video-readers-jpeg-Do-not-permit-duplicate-SOF0-mark.patch
- Fix CVE-2024-45775 (bsc#1233610)
* 0010-commands-extcmd-Missing-check-for-failed-allocation.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0011-commands-pgp-Unregister-the-check_signatures-hooks-o.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0012-normal-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2025-0622 (bsc#1236317)
* 0013-gettext-Remove-variables-hooks-on-module-unload.patch
- Fix CVE-2024-45776 (bsc#1233612)
* 0014-gettext-Integer-overflow-leads-to-heap-OOB-write-or-.patch
- Fix CVE-2024-45777 (bsc#1233613)
* 0015-gettext-Integer-overflow-leads-to-heap-OOB-write.patch
- Fix CVE-2025-0690 (bsc#1237012)
* 0016-commands-read-Fix-an-integer-overflow-when-supplying.patch
- Fix CVE-2025-1118 (bsc#1237013)
* 0017-commands-minicmd-Block-the-dump-command-in-lockdown-.patch
- Fix CVE-2024-45778 (bsc#1233606)
- Fix CVE-2024-45779 (bsc#1233608)
* 0018-fs-bfs-Disable-under-lockdown.patch
- Fix CVE-2025-0677 (bsc#1237002)
- Fix CVE-2025-0684 (bsc#1237008)
- Fix CVE-2025-0685 (bsc#1237009)
- Fix CVE-2025-0686 (bsc#1237010)
- Fix CVE-2025-0689 (bsc#1237011)
* 0019-fs-Disable-many-filesystems-under-lockdown.patch
- Fix CVE-2025-1125 (bsc#1237014)
- Fix CVE-2025-0678 (bsc#1237006)
* 0020-fs-Prevent-overflows-when-allocating-memory-for-arra.patch
- Bump upstream SBAT generation to 5
- grub2.spec: Add ofnet to signed grub.elf to support powerpc net boot
installation when secure boot is enabled (bsc#1217761) (bsc#1228866)
- Improved check for disk device when looking for PReP partition
* 0004-Introduce-prep_load_env-command.patch
- haveged
-
- Fix for bsc#1222296 and bsc#1165294.
- Remove haveged-switch-root.service.
- Add haveged-once.service.
- Add patch files introducing the '--once' flag.
* introduce-once-1.patch
* introduce-once-2.patch
- hwdata
-
- Update to version 0.394:
* Update pci and vendor ids
- Update to version 0.393:
* Update pci, usb and vendor ids
* Fix usb.ids encoding and a couple of typos
* Fix configure to honor --prefix
- Update to version 0.392:
* Update pci and vendor ids
- Update to version 0.391:
* Update pci and vendor ids
- update to 0.390:
* Update pci and vendor ids
update to 0.389:
* Update pci and vendor ids
- update to 0.385:
* Update pci and vendor ids
- update to 0.383:
* Update pci and vendor ids
- update to 0.382:
* Update pci, usb and vendor ids
- hwinfo
-
- merge gh#openSUSE/hwinfo#156
- fix network card detection on aarch64 (bsc#1240648)
- 21.88
- merge gh#openSUSE/hwinfo#152
- avoid reporting of spurious usb storage devices (bsc#1223330)
- 21.87
- merge gh#openSUSE/hwinfo#151
- do not overdo usb device de-duplication (bsc#1239663)
- 21.86
- iproute2
-
- avoid spurious cgroup warning (bsc#1234383):
- ss-Tone-down-cgroup-path-resolution.patch
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
* Add iputils-CVE-2025-48964_03.patch
* Add iputils-CVE-2025-48964_regression.patch
- Fix bsc#1243284 - ping on s390x prints invalid ttl
* Add iputils-invalid-ttl-s390x.patch
* Fix ipv4 ttl value when using SOCK_DGRAM on big endian systems
- Security fix [bsc#1242300, CVE-2025-47268]
* integer overflow in RTT calculation can lead to undefined behavior
* Add iputils-CVE-2025-47268.patch
- jq
-
- Add patch CVE-2024-23337.patch (CVE-2024-23337, bsc#1243450)
- kbd
-
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230,
kbd-ignore-working-directory-1.patch,
kbd-ignore-working-directory-2.patch,
kbd-ignore-working-directory-3.patch).
- kernel-default
-
- ext4: fix OOB read when checking dotdot dir (bsc#1241640
CVE-2025-37785).
- commit a1f98cf
- Update
patches.suse/arm64-bpf-Add-BHB-mitigation-to-the-epilogue-for-cBP.patch
(bsc#1242778 CVE-2025-37948 bsc#1243649).
- Update
patches.suse/arm64-bpf-Only-mitigate-cBPF-programs-loaded-by-unpr.patch
(bsc#1242778 CVE-2025-37963 bsc#1243660).
- Update
patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch
(git-fixes CVE-2023-53044 bsc#1242759).
- commit 70937e2
- Update
patches.suse/0001-netfs-Fix-missing-xas_retry-calls-in-xarray-iteratio.patch
(bsc#1213946 CVE-2022-49810 bsc#1242489).
- Update
patches.suse/0037-dm-ioctl-fix-misbehavior-if-list_versions-races-with-module-loading.patch
(git-fixes CVE-2022-49771 bsc#1242686).
- Update
patches.suse/ACPI-APEI-Fix-integer-overflow-in-ghes_estatus_pool_.patch
(git-fixes CVE-2022-49885 bsc#1242735).
- Update
patches.suse/ALSA-hda-fix-potential-memleak-in-add_widget_node.patch
(git-fixes CVE-2022-49835 bsc#1242385).
- Update
patches.suse/ALSA-usb-audio-Drop-snd_BUG_ON-from-snd_usbmidi_outp.patch
(git-fixes CVE-2022-49772 bsc#1242147).
- Update
patches.suse/ASoC-core-Fix-use-after-free-in-snd_soc_exit.patch
(git-fixes CVE-2022-49842 bsc#1242484).
- Update
patches.suse/Bluetooth-L2CAP-Fix-memory-leak-in-vhci_write.patch
(CVE-2022-3619 bsc#1204569 CVE-2022-49908 bsc#1242157).
- Update
patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_r.patch
(CVE-2022-3564 bsc#1206073 CVE-2022-49910 bsc#1242452).
- Update
patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch
(CVE-2022-3640 bsc#1204619 CVE-2022-49909 bsc#1242453).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re-73f7b171b7c0.patch
(git-fixes CVE-2023-53145 bsc#1243047).
- Update
patches.suse/HID-intel-ish-hid-ipc-Fix-potential-use-after-free-i.patch
(git-fixes CVE-2023-53039 bsc#1242745).
- Update
patches.suse/IB-hfi1-Correctly-move-list-in-sc_disable.patch
(git-fixes CVE-2022-49931 bsc#1242382).
- Update
patches.suse/Input-i8042-fix-leaking-of-platform-device-on-module.patch
(git-fixes CVE-2022-49777 bsc#1242232).
- Update
patches.suse/Input-iforce-invert-valid-length-check-when-fetching.patch
(git-fixes CVE-2022-49790 bsc#1242387).
- Update
patches.suse/PCI-s390-Fix-use-after-free-of-PCI-resources-with-pe.patch
(git-fixes CVE-2023-53123 bsc#1242403).
- Update
patches.suse/RDMA-core-Fix-null-ptr-deref-in-ib_core_cleanup.patch
(git-fixes CVE-2022-49925 bsc#1242371).
- Update patches.suse/SUNRPC-Fix-a-server-shutdown-leak.patch
(git-fixes CVE-2023-53131 bsc#1242377).
- Update
patches.suse/SUNRPC-Fix-null-ptr-deref-when-xps-sysfs-alloc-faile.patch
(git-fixes CVE-2022-49928 bsc#1242369).
- Update patches.suse/arm64-entry-avoid-kprobe-recursion.patch
(git-fixes CVE-2022-49888 bsc#1242458).
- Update
patches.suse/ata-libata-transport-fix-double-ata_host_put-in-ata_.patch
(git-fixes CVE-2022-49826 bsc#1242549).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tdev_.patch
(git-fixes CVE-2022-49823 bsc#1242545).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tlink.patch
(git-fixes CVE-2022-49824 bsc#1242547).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tport.patch
(git-fixes CVE-2022-49825 bsc#1242548).
- Update
patches.suse/bnxt_en-Avoid-order-5-memory-allocation-for-TPA-data.patch
(jsc#SLE-18978 CVE-2023-53134 bsc#1242380).
- Update
patches.suse/bnxt_en-Fix-possible-crash-in-bnxt_hwrm_set_coal.patch
(git-fixes CVE-2022-49869 bsc#1242158).
- Update
patches.suse/bridge-switchdev-Fix-memory-leaks-when-changing-VLAN.patch
(git-fixes CVE-2022-49812 bsc#1242151).
- Update
patches.suse/ca8210-fix-mac_len-negative-array-access.patch
(git-fixes CVE-2023-53040 bsc#1242746).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rx_re.patch
(git-fixes CVE-2022-49863 bsc#1242169).
- Update
patches.suse/can-j1939-j1939_send_one-fix-missing-CAN-header-init.patch
(git-fixes CVE-2022-49845 bsc#1243133).
- Update
patches.suse/capabilities-fix-potential-memleak-on-error-path-fro.patch
(git-fixes CVE-2022-49890 bsc#1242469).
- Update
patches.suse/capabilities-fix-undefined-behavior-in-bit-shift-for.patch
(git-fixes CVE-2022-49870 bsc#1242551).
- Update
patches.suse/ceph-avoid-putting-the-realm-twice-when-decoding-snaps-fails.patch
(bsc#1206051 CVE-2022-49770 bsc#1242597).
- Update
patches.suse/cifs-Fix-connections-leak-when-tlink-setup-failed.patch
(git-fixes CVE-2022-49822 bsc#1242544).
- Update
patches.suse/cifs-fix-use-after-free-bug-in-refresh_cache_worker-.patch
(bsc#1193629 CVE-2023-53052 bsc#1242749).
- Update
patches.suse/dmaengine-mv_xor_v2-Fix-a-resource-leak-in-mv_xor_v2.patch
(git-fixes CVE-2022-49861 bsc#1242580).
- Update
patches.suse/dmaengine-ti-k3-udma-glue-fix-memory-leak-when-regis.patch
(git-fixes CVE-2022-49860 bsc#1242586).
- Update
patches.suse/drm-Fix-potential-null-ptr-deref-in-drm_vblank_destr.patch
(git-fixes CVE-2022-49827 bsc#1242689).
- Update
patches.suse/drm-amd-display-fix-shift-out-of-bounds-in-Calculate.patch
(git-fixes CVE-2023-53077 bsc#1242752).
- Update
patches.suse/drm-amdkfd-Fix-NULL-pointer-dereference-in-svm_migra.patch
(git-fixes CVE-2022-49864 bsc#1242685).
- Update
patches.suse/drm-amdkfd-Fix-an-illegal-memory-access.patch
(git-fixes CVE-2023-53090 bsc#1242753).
- Update
patches.suse/drm-drv-Fix-potential-memory-leak-in-drm_dev_init.patch
(git-fixes CVE-2022-49830 bsc#1242150).
- Update
patches.suse/drm-i915-active-Fix-misuse-of-non-idle-barriers-as-f.patch
(git-fixes CVE-2023-53087 bsc#1242280).
- Update
patches.suse/drm-shmem-helper-Remove-another-errant-put-in-error-.patch
(git-fixes CVE-2023-53084 bsc#1242294).
- Update
patches.suse/ext4-Fix-possible-corruption-when-moving-a-directory.patch
(bsc#1210763 CVE-2023-53137 bsc#1242358).
- Update
patches.suse/ext4-fix-BUG_ON-when-directory-entry-has-invalid-rec.patch
(bsc#1206886 CVE-2022-49879 bsc#1242733).
- Update
patches.suse/ext4-fix-WARNING-in-ext4_update_inline_data.patch
(bsc#1213012 CVE-2023-53100 bsc#1242790).
- Update
patches.suse/ext4-fix-another-off-by-one-fsmap-error-on-1k-block-.patch
(bsc#1210767 CVE-2023-53143 bsc#1242276).
- Update
patches.suse/ext4-fix-task-hung-in-ext4_xattr_delete_inode.patch
(bsc#1213096 CVE-2023-53089 bsc#1242744).
- Update
patches.suse/ext4-fix-warning-in-ext4_da_release_space.patch
(bsc#1206887 CVE-2022-49880 bsc#1242734).
- Update
patches.suse/ext4-update-s_journal_inum-if-it-changes-after-journ.patch
(bsc#1213094 CVE-2023-53091 bsc#1242767).
- Update
patches.suse/ext4-zero-i_disksize-when-initializing-the-bootloade.patch
(bsc#1213013 CVE-2023-53101 bsc#1242791).
- Update
patches.suse/firmware-xilinx-don-t-make-a-sleepable-memory-alloca.patch
(git-fixes CVE-2023-53099 bsc#1242399).
- Update
patches.suse/ftrace-Fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
(git-fixes CVE-2023-53075 bsc#1242218).
- Update
patches.suse/ftrace-Fix-null-pointer-dereference-in-ftrace_add_mod.patch
(git-fixes CVE-2022-49802 bsc#1242270).
- Update
patches.suse/ftrace-Fix-use-after-free-for-dynamic-ftrace_ops.patch
(git-fixes CVE-2022-49892 bsc#1242449).
- Update
patches.suse/gfs2-Check-sb_bsize_shift-after-reading-superblock.patch
(git-fixes CVE-2022-49769 bsc#1242440).
- Update
patches.suse/i2c-piix4-Fix-adapter-not-be-removed-in-piix4_remove.patch
(git-fixes CVE-2022-49900 bsc#1242454).
- Update
patches.suse/i40e-Fix-kernel-crash-during-reboot-when-adapter-is-.patch
(jsc#SLE-18378 CVE-2023-53114 bsc#1242398).
- Update patches.suse/iavf-fix-hang-on-reboot-with-ice.patch
(jsc#SLE-18385 CVE-2023-53064 bsc#1242222).
- Update patches.suse/ibmvnic-Free-rwi-on-reset-success.patch
(bsc#1184350 ltc#191533 git-fixes CVE-2022-49906 bsc#1242464).
- Update
patches.suse/ice-copy-last-block-omitted-in-ice_get_module_eeprom.patch
(git-fixes CVE-2023-53142 bsc#1242282).
- Update
patches.suse/igb-revert-rtnl_lock-that-causes-deadlock.patch
(jsc#SLE-18379 CVE-2023-53060 bsc#1242241).
- Update
patches.suse/iio-adc-at91_adc-fix-possible-memory-leak-in-at91_ad.patch
(git-fixes CVE-2022-49794 bsc#1242392).
- Update
patches.suse/iio-adc-mp2629-fix-potential-array-out-of-bound-acce.patch
(git-fixes CVE-2022-49792 bsc#1242389).
- Update
patches.suse/iio-trigger-sysfs-fix-possible-memory-leak-in-iio_sy.patch
(git-fixes CVE-2022-49793 bsc#1242391).
- Update
patches.suse/interconnect-exynos-fix-node-leak-in-probe-PM-QoS-er.patch
(git-fixes CVE-2023-53092 bsc#1242415).
- Update
patches.suse/interconnect-fix-mem-leak-when-freeing-nodes.patch
(git-fixes CVE-2023-53096 bsc#1242289).
- Update
patches.suse/ipv6-addrlabel-fix-infoleak-when-sending-struct-ifad.patch
(git-fixes CVE-2022-49865 bsc#1242570).
- Update
patches.suse/kprobes-Skip-clearing-aggrprobe-s-post_handler-in-kprobe-on-ftrace-case.patch
(git-fixes CVE-2022-49779 bsc#1242261).
- Update patches.suse/loop-Fix-use-after-free-issues.patch
(bsc#1214991 CVE-2023-53111 bsc#1242428).
- Update
patches.suse/mISDN-fix-misuse-of-put_device-in-mISDN_register_dev.patch
(git-fixes CVE-2022-49818 bsc#1242527).
- Update
patches.suse/mISDN-fix-possible-memory-leak-in-mISDN_dsp_element_.patch
(git-fixes CVE-2022-49821 bsc#1242542).
- Update
patches.suse/mISDN-fix-possible-memory-leak-in-mISDN_register_dev.patch
(git-fixes CVE-2022-49915 bsc#1242409).
- Update
patches.suse/macvlan-enforce-a-consistent-minimal-mtu.patch
(git-fixes CVE-2022-49776 bsc#1242248).
- Update
patches.suse/media-meson-vdec-fix-possible-refcount-leak-in-vdec_.patch
(git-fixes CVE-2022-49887 bsc#1242736).
- Update
patches.suse/media-rc-gpio-ir-recv-add-remove-function.patch
(git-fixes CVE-2023-53098 bsc#1242779).
- Update
patches.suse/misc-vmw_vmci-fix-an-infoleak-in-vmci_host_do_receiv.patch
(git-fixes CVE-2022-49788 bsc#1242353).
- Update
patches.suse/mmc-sdhci-pci-Fix-possible-memory-leak-caused-by-mis.patch
(git-fixes CVE-2022-49787 bsc#1242352).
- Update
patches.suse/msft-hv-2675-HID-hyperv-fix-possible-memory-leak-in-mousevsc_prob.patch
(git-fixes CVE-2022-49874 bsc#1242478).
- Update patches.suse/net-ena-Fix-error-handling-in-ena_init.patch
(git-fixes CVE-2022-49813 bsc#1242497).
- Update patches.suse/net-iucv-Fix-size-of-interrupt-data.patch
(bsc#1211465 git-fixes CVE-2023-53108 bsc#1242422).
- Update
patches.suse/net-macvlan-fix-memory-leaks-of-macvlan_common_newli.patch
(git-fixes CVE-2022-49853 bsc#1242688).
- Update
patches.suse/net-mlx5-E-Switch-Fix-an-Oops-in-error-handling-code.patch
(jsc#SLE-19253 CVE-2023-53058 bsc#1242237).
- Update patches.suse/net-mlx5-Fix-steering-rules-cleanup.patch
(jsc#SLE-19253 CVE-2023-53079 bsc#1242765).
- Update
patches.suse/net-smc-Fix-possible-leaked-pernet-namespace-in-smc_init
(git-fixes CVE-2022-49905 bsc#1242467).
- Update
patches.suse/net-tun-Fix-memory-leaks-of-napi_get_frags.patch
(git-fixes CVE-2022-49871 bsc#1242558).
- Update
patches.suse/net-usb-lan78xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53068 bsc#1242239).
- Update
patches.suse/net-usb-smsc75xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53125 bsc#1242285).
- Update
patches.suse/net-usb-smsc95xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53062 bsc#1242228).
- Update
patches.suse/net-x25-Fix-skb-leak-in-x25_lapb_receive_frame.patch
(git-fixes CVE-2022-49809 bsc#1242402).
- Update
patches.suse/nfc-fdp-Fix-potential-memory-leak-in-fdp_nci_send.patch
(git-fixes CVE-2022-49924 bsc#1242426).
- Update
patches.suse/nfc-fdp-add-null-check-of-devm_kmalloc_array-in-fdp_.patch
(git-fixes CVE-2023-53139 bsc#1242361).
- Update
patches.suse/nfc-nfcmrvl-Fix-potential-memory-leak-in-nfcmrvl_i2c.patch
(git-fixes CVE-2022-49922 bsc#1242378).
- Update
patches.suse/nfc-nxp-nci-Fix-potential-memory-leak-in-nxp_nci_sen.patch
(git-fixes CVE-2022-49923 bsc#1242394).
- Update
patches.suse/nfc-pn533-initialize-struct-pn533_out_arg-properly.patch
(git-fixes CVE-2023-53119 bsc#1242370).
- Update
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990 CVE-2023-53106
bsc#1242215).
- Update
patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch
(git-fixes CVE-2022-49927 bsc#1242416).
- Update
patches.suse/nilfs2-fix-deadlock-in-nilfs_count_free_blocks.patch
(git-fixes CVE-2022-49850 bsc#1242164).
- Update
patches.suse/nilfs2-fix-kernel-infoleak-in-nilfs_ioctl_wrap_copy.patch
(git-fixes CVE-2023-53035 bsc#1242739).
- Update
patches.suse/nilfs2-fix-use-after-free-bug-of-ns_writer-on-remoun.patch
(git-fixes CVE-2022-49834 bsc#1242695).
- Update
patches.suse/nvmet-avoid-potential-UAF-in-nvmet_req_complete.patch
(git-fixes CVE-2023-53116 bsc#1242411).
- Update
patches.suse/nvmet-fix-a-memory-leak-in-nvmet_auth_set_key.patch
(git-fixes CVE-2022-49807 bsc#1242357).
- Update
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch
(bsc#1208542 CVE-2023-53081 bsc#1242281).
- Update
patches.suse/octeontx2-pf-Fix-SQE-threshold-checking.patch
(jsc#SLE-24682 CVE-2022-49858 bsc#1242589).
- Update
patches.suse/perf-core-Fix-perf_output_begin-parameter-is-incorrectly-invoked-in-perf_event_bpf_output.patch
(git fixes CVE-2023-53065 bsc#1242229).
- Update
patches.suse/phy-ralink-mt7621-pci-add-sentinel-to-quirks-table.patch
(git-fixes CVE-2022-49868 bsc#1242550).
- Update
patches.suse/pinctrl-devicetree-fix-null-pointer-dereferencing-in.patch
(git-fixes CVE-2022-49832 bsc#1242154).
- Update
patches.suse/platform-chrome-cros_ec_chardev-fix-kernel-data-leak.patch
(git-fixes CVE-2023-53059 bsc#1242230).
- Update
patches.suse/qed-qed_sriov-guard-against-NULL-derefs-from-qed_iov.patch
(jsc#SLE-19001 CVE-2023-53066 bsc#1242227).
- Update
patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch
(bsc#1204705 CVE-2022-49889 bsc#1242455).
- Update
patches.suse/rose-Fix-NULL-pointer-dereference-in-rose_send_frame.patch
(git-fixes CVE-2022-49916 bsc#1242421).
- Update
patches.suse/scsi-core-Remove-the-proc-scsi-proc_name-directory-earlier.patch
(git-fixes CVE-2023-53140 bsc#1242372).
- Update
patches.suse/scsi-lpfc-Check-kzalloc-in-lpfc_sli4_cgn_params_read.patch
(git-fixes CVE-2023-53038 bsc#1242743).
- Update
patches.suse/scsi-mpt3sas-Fix-NULL-pointer-access-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2023-53124 bsc#1242165).
- Update
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch
(git-fixes CVE-2023-53041 bsc#1242747).
- Update
patches.suse/scsi-qla2xxx-Synchronize-the-IOCB-count-to-be-in-ord.patch
(bsc#1209292 bsc#1209684 bsc#1209556 CVE-2023-53056
bsc#1242219).
- Update
patches.suse/scsi-scsi_dh_alua-Fix-memleak-for-qdata-in-alua_activate.patch
(git-fixes CVE-2023-53078 bsc#1242231).
- Update
patches.suse/scsi-scsi_transport_sas-Fix-error-handling-in-sas_phy_add.patch
(git-fixes CVE-2022-49839 bsc#1242443).
- Update
patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails
(git-fixes CVE-2022-49789 bsc#1242366).
- Update
patches.suse/serial-imx-Add-missing-.thaw_noirq-hook.patch
(git-fixes CVE-2022-49841 bsc#1242473).
- Update
patches.suse/siox-fix-possible-memory-leak-in-siox_device_add.patch
(git-fixes CVE-2022-49836 bsc#1242355).
- Update
patches.suse/tracing-Do-not-let-histogram-values-have-some-modifiers.patch
(git-fixes CVE-2023-53093 bsc#1242279).
- Update
patches.suse/tracing-Fix-memory-leak-in-test_gen_synth_cmd-and-test_empty_synth_event.patch
(git-fixes CVE-2022-49800 bsc#1242265).
- Update
patches.suse/tracing-Fix-memory-leak-in-tracing_read_pipe.patch
(git-fixes CVE-2022-49801 bsc#1242338).
- Update
patches.suse/tracing-Fix-wild-memory-access-in-register_synth_event.patch
(git-fixes CVE-2022-49799 bsc#1242264).
- Update
patches.suse/tracing-kprobe-Fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch
(git-fixes CVE-2022-49891 bsc#1242456).
- Update
patches.suse/tracing-kprobe-Fix-potential-null-ptr-deref-on-trace_array-in-kprobe_event_gen_test_exit.patch
(git-fixes CVE-2022-49796 bsc#1242305).
- Update
patches.suse/tracing-kprobe-Fix-potential-null-ptr-deref-on-trace_event_file-in-kprobe_event_gen_test_exit.patch
(git-fixes CVE-2022-49797 bsc#1242320).
- Update
patches.suse/udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_e.patch
(bsc#1206649 CVE-2022-49846 bsc#1242716).
- Update
patches.suse/usb-dwc2-fix-a-devres-leak-in-hw_enable-upon-suspend.patch
(git-fixes CVE-2023-53054 bsc#1242226).
- Update
patches.suse/usb-gadget-u_audio-don-t-let-userspace-block-driver-.patch
(git-fixes CVE-2023-53045 bsc#1242756).
- Update
patches.suse/usb-ucsi-Fix-NULL-pointer-deref-in-ucsi_connector_ch.patch
(git-fixes CVE-2023-53049 bsc#1242244).
- Update
patches.suse/wifi-cfg80211-fix-memory-leak-in-query_regdb_file.patch
(git-fixes CVE-2022-49881 bsc#1242481).
- Update
patches.suse/x86-fpu-Drop-fpregs-lock-before-inheriting-FPU-permissions.patch
(bnc#1205282 CVE-2022-49783 bsc#1242312).
- commit b466a4e
- arm64: proton-pack: Add new CPUs 'k' values for branch
mitigation (bsc#1242778).
- commit 9eea847
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged
users (bsc#1242778).
- commit 8fea3ff
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
(bsc#1242778).
- commit 40fcf50
- arm64: proton-pack: Expose whether the branchy loop k value
(bsc#1242778).
- commit ec2de57
- arm64: proton-pack: Expose whether the platform is mitigated
by firmware (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- commit ae7bc9f
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit 335bd7e
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer array (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus messages (bsc#1243737).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create multiple ranges (bsc#1243737).
- scsi: storvsc: Set correct data length for sending SCSI command without payload (git-fixes).
- commit 19dfad0
- Remove debug flavor (bsc#1243919).
This is only released in Leap, and we don't have Leap 15.4 anymore.
- commit 30c990a
- Refresh fixes for cBPF issue (bsc#1242778)
- Update metadata and put them into the sorted part of the series
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- Refresh
patches.suse/x86-bpf-add-IBHF-call-at-end-of-classic-BPF.patch.
- Refresh
patches.suse/x86-bpf-call-branch-history-clearing-sequence-on-exit.patch.
- commit 46d2b60
- mptcp: fix NULL pointer in can_accept_new_subflow
(CVE-2025-23145 bsc#1242596).
- mptcp: relax check on MPC passive fallback (CVE-2025-23145
bsc#1242596).
- mptcp: refine opt_mp_capable determination (CVE-2025-23145
bsc#1242596).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
(CVE-2025-23145 bsc#1242596).
- mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
(CVE-2025-23145 bsc#1242596).
- mptcp: strict validation before using mp_opt->hmac
(CVE-2025-23145 bsc#1242596).
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
(CVE-2025-23145 bsc#1242596).
- mptcp: Fix duplicated argument in protocol.h (CVE-2025-23145
bsc#1242596).
- mptcp: consolidate in_opt sub-options fields in a bitmask
(CVE-2025-23145 bsc#1242596).
- mptcp: better binary layout for mptcp_options_received
(CVE-2025-23145 bsc#1242596).
- mptcp: do not set unconditionally csum_reqd on incoming opt
(CVE-2025-23145 bsc#1242596).
- commit 3eef261
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (CVE-2025-21888 bsc#1240177)
- commit a053ba8
- net: make sock_inuse_add() available (CVE-2024-53168
bsc#1234887).
- commit a64cc81
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(CVE-2024-53168 bsc#1234887).
- commit 2087675
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit ba9a618
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- commit af6a7f8
- Refresh
patches.suse/ACPI-processor-idle-return-an-error-if-both-P_LVL-2-.patch.
The patch has meanwhile been merged upstream. Add it to the sorted section.
- commit 2243312
- nfsd: make sure exp active before svc_export_show
(CVE-2024-56558 bsc#1235100).
- commit 3fbc559
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
(CVE-2025-22056 bsc#1241525).
- commit ead34ea
- net: mvpp2: Prevent parser TCAM memory corruption
(CVE-2025-22060 bsc#1241526).
- net: mvpp2: parser fix QinQ (CVE-2025-22060 bsc#1241526).
- commit d211f59
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- commit fcdce73
- tcp: cdg: allow tcp_cdg_release() to be called multiple times (CVE-2022-49775 bsc#1242245)
- commit 1480658
- ocfs2: fix the issue with discontiguous allocation in the
global_bitmap (git-fixes).
- commit 1773903
- Update
patches.suse/scsi-core-Fix-a-procfs-host-directory-removal-regression.patch
(git-fixes CVE-2023-53118 bsc#1242365).
updated meta-data, adding new CVE and bug references
- commit 87fcd7f
- proc: fix UAF in proc_get_inode() (bsc#1240802 CVE-2025-21999).
- commit 8fb7944
- net: openvswitch: fix nested key length validation in the set()
action (CVE-2025-37789 bsc#1242762).
- commit 52f7543
- netfilter: conntrack: revisit the gc initial rescheduling bias
(CVE-2022-49110 bsc#1237981).
- commit 7e1d902
- netfilter: conntrack: fix the gc rescheduling delay
(CVE-2022-49110 bsc#1237981).
- commit 9cc8bdd
- netfilter: conntrack: revisit gc autotuning (CVE-2022-49110
bsc#1237981).
- commit da48bfa
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1238032 CVE-2022-49139).
- commit 2031355
- watch_queue: fix pipe accounting mismatch (CVE-2025-23138 bsc#1241648).
- commit 789ef85
- 9p/trans_fd: always use O_NONBLOCK read/write (CVE-2022-49767 bsc#1242493).
- commit 9dce75d
- Update
patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch
(git-fixes CVE-2023-53051 bsc#1242284).
- commit 33b6152
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit
(bsc#1242778).
- commit bcd2c85
- Update
patches.suse/can-etas_es58x-es58x_rx_err_msg-fix-memory-leak-in-e.patch
(git-fixes stable-5.14.19 CVE-2021-47671 bsc#1241421).
- commit 855e2af
- Update
patches.suse/net-mana-Fix-error-handling-in-mana_create_txq-rxq-s.patch
(bsc#1240195 CVE-2024-46784 bsc#1230771).
- commit b86bfe4
- Revert "exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029"
This reverts commit b68bd5953c15c3c2b21e60fbd6d8a52b0bbb030c.
This turned out to be not an issue. See https://bugzilla.suse.com/show_bug.cgi?id=1241378#c4
- commit d9d19c1
- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
bsc#1241378).
- commit b68bd59
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
(CVE-2025-22045 bsc#1241433).
- commit c4ca325
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280 CVE-2025-22020).
- commit 0f74fae
- drm/vkms: Fix use after free and double free on init error
(CVE-2025-22097 bsc#1241541).
- commit 02fe040
- net: fix geneve_opt length integer overflow (CVE-2025-22055
bsc#1241371).
- commit 15ff527
- net: atm: fix use after free in lec_send() (CVE-2025-22004
bsc#1240835).
- commit 889e26f
- kABI workaround struct rcu_head and ax25_ptr (CVE-2025-21812
bsc#1238471).
- commit 1d6ea68
- ax25: rcu protect dev->ax25_ptr (CVE-2025-21812 bsc#1238471).
- Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch.
- commit 88b5c8e
- Update
patches.suse/fbdev-smscufx-fix-error-handling-code-in-ufx_usb_pro.patch
(git-fixes CVE-2022-49741 bsc#1240747).
- commit 0c9a431
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
(git-fixes CVE-2025-21886 bsc#1240188).
- commit 6a0c1b0
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785 bsc#1238747)
- commit 2c96a9a
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit 50bbf71
- Delete
patches.suse/btrfs-defrag-don-t-use-merged-extent-map-for-their-generat.patch.
- Delete
patches.suse/btrfs-fix-defrag-not-merging-contiguous-extents-due-to-mer.patch.
- Delete
patches.suse/btrfs-fix-extent-map-merging-not-happening-for-adjacent-ex.patch.
Reverting ineffective changes for bsc#1239968 and closing it as WONTFIX.
- commit a1bc1ab
- padata: avoid UAF for reorder_work (CVE-2025-21726 bsc#1238865).
- commit bfab8c2
- kABI: Fix kABI after backport od CVE-2025-21839 (bsc#1239061 CVE-2025-21839).
- commit 38fa6d3
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061 CVE-2025-21839).
- commit 325b428
- KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT (bsc#1239061 CVE-2025-21839).
- commit 8727046
- KVM: X86: Remove unneeded KVM_DEBUGREG_RELOAD (bsc#1239061 CVE-2025-21839).
- commit bbb1715
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Always check inode size of inline inodes (bsc#1240207
CVE-2022-49739).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (bsc#1240207
CVE-2022-49739).
- commit a949c3f
- Revert "gfs2: Fix inode height consistency check (git-fixes)."
This reverts commit 935054ab3fe2351d6b7c7a49e49bc57d5ae66ce2.
The revert commit will re-add by bsc#1240207 bug fix
- commit f6fc2e8
- Refresh
patches.suse/blk-throttle-Set-BIO_THROTTLED-when-bio-has-been-throttled.patch.
The original version had a back-port mistake that cause aregression.
- commit fb94b71
- mm/khugepaged: fix ->anon_vma race (CVE-2023-52935 bsc#1240276).
- commit 6257477
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI
cleanup (bsc#1240195).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 15a2f6b
- net: mana: Support holes in device list reply msg (bsc#1240133).
- commit 1dee3f4
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit 4c491c6
- Update
patches.suse/ALSA-hda-via-Avoid-potential-array-out-of-bound-in-a.patch
(git-fixes CVE-2023-52988 bsc#1240293).
- Update
patches.suse/Bluetooth-Fix-possible-deadlock-in-rfcomm_sk_state_c.patch
(git-fixes CVE-2023-53016 bsc#1240281).
- Update
patches.suse/HID-betop-check-shape-of-output-reports.patch
(git-fixes bsc#1207186 CVE-2023-53015 bsc#1240288).
- Update
patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
(git-fixes bsc#1209788 CVE-2023-1652 CVE-2023-53025
bsc#1240264).
- Update
patches.suse/RDMA-core-Fix-ib-block-iterator-counter-overflow.patch
(bsc#1207878 CVE-2023-53026 bsc#1240308).
- Update
patches.suse/Revert-wifi-mac80211-fix-memory-leak-in-ieee80211_if.patch
(git-fixes CVE-2023-53028 bsc#1240212).
- Update
patches.suse/Squashfs-fix-handling-and-sanity-checking-of-xattr_i.patch
(git-fixes CVE-2023-52933 bsc#1240275).
- Update
patches.suse/block-bfq-fix-uaf-for-bfqq-in-bic_set_bfqq-b600.patch
(git-fixes CVE-2023-52983 bsc#1240284).
- Update
patches.suse/bnxt-Do-not-read-past-the-end-of-test-names.patch
(jsc#SLE-18978 CVE-2023-53010 bsc#1240290).
- Update
patches.suse/bpf-Fix-pointer-leak-due-to-insufficient-speculative.patch
(bsc#1231375 CVE-2023-53024 bsc#1240272).
- Update
patches.suse/bpf-Skip-task-with-pid-1-in-send_signal_common.patch
(git-fixes CVE-2023-52992 bsc#1240317).
- Update
patches.suse/can-isotp-split-tx-timer-into-transmission-and-timeo.patch
(git-fixes CVE-2023-52941 bsc#1240280).
- Update
patches.suse/cifs-Fix-oops-due-to-uncleared-server-smbd_conn-in-reconnect.patch
(git-fixes CVE-2023-53006 bsc#1240208).
- Update
patches.suse/cifs-fix-potential-memory-leaks-in-session-setup.patch
(bsc#1193629 CVE-2023-53008 bsc#1240318).
- Update
patches.suse/drm-i915-Fix-potential-bit_17-double-free.patch
(git-fixes CVE-2023-52930 bsc#1240304).
- Update
patches.suse/efi-fix-potential-NULL-deref-in-efi_mem_reserve_pers.patch
(git-fixes CVE-2023-52976 bsc#1240283).
- Update
patches.suse/firewire-fix-memory-leak-for-payload-of-request-suba.patch
(git-fixes CVE-2023-52989 bsc#1240266).
- Update
patches.suse/mm-memcg-fix-NULL-pointer-in-mem_cgroup_track_foreign_dirty_slowpath.patch
(bsc#1209262 CVE-2023-52939 bsc#1240231).
- Update
patches.suse/net-mdio-validate-parameter-addr-in-mdiobus_get_phy.patch
(git-fixes CVE-2023-53019 bsc#1240286).
- Update
patches.suse/net-nfc-Fix-use-after-free-in-local_cleanup.patch
(git-fixes CVE-2023-53023 bsc#1240309).
- Update
patches.suse/net-phy-dp83822-Fix-null-pointer-access-on-DP83825-D.patch
(git-fixes CVE-2023-52984 bsc#1240279).
- Update
patches.suse/netfilter-nft_payload-incorrect-arithmetics-when-fet.patch
(CVE-2023-0179 bsc#1207034 CVE-2023-53033 bsc#1240210).
- Update
patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch
(bsc#1209547 CVE-2017-5753 CVE-2023-53000 bsc#1240227).
- Update
patches.suse/octeontx2-pf-Avoid-use-of-GFP_KERNEL-in-atomic-conte.patch
(git-fixes CVE-2023-53030 bsc#1240292).
- Update
patches.suse/octeontx2-pf-Fix-the-use-of-GFP_KERNEL-in-atomic-con.patch
(git-fixes CVE-2023-53029 bsc#1240220).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-2162 bsc#1210647 CVE-2023-52974
bsc#1240213).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-logout-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-52975 bsc#1240322).
- Update
patches.suse/squashfs-harden-sanity-check-in-squashfs_read_xattr_.patch
(git-fixes CVE-2023-52979 bsc#1240282).
- Update
patches.suse/trace_events_hist-add-check-for-return-value-of-create_hist_field.patch
(git-fixes CVE-2023-53005 bsc#1240278).
- Update
patches.suse/tracing-Make-sure-trace_printk-can-output-as-soon-as-it-can-be-used.patch
(git-fixes CVE-2023-53007 bsc#1240229).
- Update
patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
(git-fixes bsc#1213167 CVE-2023-3567 CVE-2023-52973
bsc#1240218).
- Update
patches.suse/x86-i8259-Mark-legacy-PIC-interrupts-with-IRQ_LEVEL.patch
(git-fixes CVE-2023-52993 bsc#1240297).
- commit f69d55e
- Update
patches.suse/VMCI-Use-threaded-irqs-instead-of-tasklets.patch
(git-fixes CVE-2022-49759 bsc#1240245).
- Update
patches.suse/dmaengine-Fix-double-increment-of-client_count-in-dm.patch
(git-fixes CVE-2022-49753 bsc#1240250).
- Update
patches.suse/dmaengine-imx-sdma-Fix-a-possible-memory-leak-in-sdm.patch
(git-fixes CVE-2022-49746 bsc#1240242).
- Update
patches.suse/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch
(git fixes CVE-2022-49748 bsc#1240256).
- Update
patches.suse/usb-gadget-f_fs-Prevent-race-during-ffs_ep0_queue_wa.patch
(git-fixes CVE-2022-49755 bsc#1240247).
- Update
patches.suse/w1-fix-WARNING-after-calling-w1_process.patch
(git-fixes CVE-2022-49751 bsc#1240254).
- commit 67615b0
- Update
patches.suse/can-j1939-fix-errant-WARN_ON_ONCE-in-j1939_session_d.patch
(git-fixes CVE-2021-4454 bsc#1240205).
- commit 3ad7432
- RDMA/mlx5: Fix implicit ODP hang on parent deregistration (git-fixes)
- commit fb96cb5
- RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732 bsc#1237877)
- commit 4fd8031
- RDMA/mlx5: Fix implicit ODP use after free (CVE-2025-21714 bsc#1237890)
- commit b066549
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
(CVE-2024-56651 bsc#1235528).
- commit c9a4975
- btrfs: fix use-after-free when attempting to join an aborted transaction (CVE-2025-21753 bsc#1237875)
- commit 4b7aa14
- idpf: fix idpf_vc_core_init error path (CVE-2024-53064
bsc#1233558).
- commit f7c6f3c
- btrfs: send: fix invalid clone operation for file that got
its size decreased (bsc#1239969).
- btrfs: send: allow cloning non-aligned extent if it ends at
i_size (bsc#1239969).
- commit 6046fcc
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit ab31abc
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX
coalescing (bsc#1239016).
- commit 3e2838d
- btrfs: fix defrag not merging contiguous extents due to merged
extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents
(bsc#1239968).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1239968).
- commit 7ca0c8b
- scsi: target: tcmu: Fix possible page UAF (CVE-2022-49053
bsc#1237918).
- commit 31de519
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
(CVE-2024-58083 bsc#1239036).
- commit c06a95f
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit bc72fe5
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()
(bsc#1239126).
- commit 9ba4a9a
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 2ba6fb9
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit a35b49f
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 2a858ad
- partitions: mac: fix handling of bogus partition table
(CVE-2025-21772 bsc#1238911).
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
(CVE-2022-49465 bsc#1238919).
- commit 0fbb2d1
- crypto: ecdh - explicitly zeroize private_key
(CVE-2024-42098 bsc#1228779).
- commit b69238c
- crypto: aead,cipher - zeroize key buffer after use
(CVE-2024-42229 bsc#1228708).
- commit 15d760d
- Update
patches.suse/dmaengine-qcom-bam_dma-fix-runtime-PM-underflow.patch
(git-fixes CVE-2022-49650 bsc#1239452).
- Update
patches.suse/netfilter-nf_tables-initialize-registers-in-nft_do_c.patch
(CVE-2022-1016 bsc#1197227 CVE-2022-49293 bsc#1239454).
- commit 320b3f1
- Update
patches.suse/x86-bhi-Avoid-warning-in-DB-handler-due-to-BHI-mitigation.patch
(git-fixes CVE-2024-42240 bsc#1228966).
- commit b914598
- drm/i915/gt: Fix potential UAF by revoke of fence registers
(git-fixes CVE-2024-41092 bsc#1228483).
- commit 8041e33
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(bsc#1237903 CVE-2022-49051).
Added CVE reference
- commit 3c47ace
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115 CVE-2025-21780)
- commit 698625c
- Update
patches.suse/0001-be2net-Fix-buffer-overflow-in-be_get_module_eeprom.patch
(bsc#1201323 CVE-2022-49581 bsc#1238540).
- Update
patches.suse/0004-dm-fix-use-after-free-in-dm_cleanup_zoned_dev.patch
(git-fixes CVE-2022-49270 bsc#1238459).
- Update
patches.suse/0005-drm-mediatek-Add-vblank-register-unregister-callback.patch
(bsc#1190768 CVE-2022-49506 bsc#1238804).
- Update
patches.suse/0006-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch
(git-fixes CVE-2022-49044 bsc#1237840).
- Update patches.suse/0009-block-bfq-don-t-move-oom_bfqq.patch
(git-fixes CVE-2022-49179 bsc#1238092).
- Update
patches.suse/0010-bfq-fix-use-after-free-in-bfq_dispatch_request.patch
(git-fixes CVE-2022-49176 bsc#1238097).
- Update
patches.suse/0011-dm-raid-fix-accesses-beyond-end-of-raid-member-array.patch
(git-fixes CVE-2022-49674 bsc#1239041).
- Update
patches.suse/0012-dm-ioctl-prevent-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-49122 bsc#1237983).
- Update
patches.suse/0014-drm-dp-Fix-OOB-read-when-handling-Post-Cursor2-regis.patch
(bsc#1190786 CVE-2022-49218 bsc#1237785).
- Update
patches.suse/0015-bcache-avoid-journal-no-space-deadlock-by-reserving-.patch
(git-fixes CVE-2022-49327 bsc#1238662).
- Update
patches.suse/0017-nbd-call-genl_unregister_family-first-in-nbd_cleanup.patch
(git-fixes CVE-2022-49295 bsc#1238707).
- Update
patches.suse/0018-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch
(git-fixes CVE-2022-49710 bsc#1238417).
- Update
patches.suse/0018-nbd-fix-race-between-nbd_alloc_config-and-module-removal.patch
(git-fixes CVE-2022-49300 bsc#1238183).
- Update
patches.suse/0019-block-Fix-handling-of-offline-queues-in-blk_mq_alloc.patch
(git-fixes CVE-2022-49720 bsc#1238281).
- Update
patches.suse/0019-nbd-fix-io-hung-while-disconnecting-device.patch
(git-fixes CVE-2022-49297 bsc#1238469).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_atomic_open_dot.patch
(git-fixes CVE-2022-49705 bsc#1237990).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_get_link.patch
(git-fixes CVE-2022-49704 bsc#1237780).
- Update
patches.suse/ACPI-CPPC-Avoid-out-of-bounds-access-when-parsing-_C.patch
(git-fixes CVE-2022-49145 bsc#1238162).
- Update
patches.suse/ALSA-firewire-lib-fix-uninitialized-flag-for-AV-C-de.patch
(git-fixes CVE-2022-49248 bsc#1238284).
- Update
patches.suse/ALSA-oss-Fix-PCM-OSS-buffer-allocation-overflow.patch
(git-fixes CVE-2022-49292 bsc#1238625).
- Update
patches.suse/ALSA-pcm-Check-for-null-pointer-of-pointer-substream.patch
(git-fixes CVE-2022-49498 bsc#1238825).
- Update
patches.suse/ALSA-pcm-Fix-potential-AB-BA-lock-with-buffer_mutex-.patch
(CVE-2022-1048 bsc#1197331 CVE-2022-49272 bsc#1238272).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-hw_params-and-hw.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49291
bsc#1238705).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-prealloc-proc-wr.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49288
bsc#1238271).
- Update
patches.suse/ALSA-pcm-oss-Fix-race-at-SNDCTL_DSP_SYNC.patch
(CVE-2022-3303 bsc#1203769 git-fixes CVE-2022-49733
bsc#1238454).
- Update
patches.suse/ALSA-usb-audio-Cancel-pending-work-at-closing-a-MIDI.patch
(git-fixes CVE-2022-49545 bsc#1238729).
- Update
patches.suse/ARM-Fix-refcount-leak-in-axxia_boot_secondary.patch
(git-fixes CVE-2022-49679 bsc#1238418).
- Update
patches.suse/ARM-cns3xxx-Fix-refcount-leak-in-cns3xxx_init.patch
(git-fixes CVE-2022-49677 bsc#1238601).
- Update
patches.suse/ARM-exynos-Fix-refcount-leak-in-exynos_map_pmu.patch
(git-fixes CVE-2022-49680 bsc#1238415).
- Update
patches.suse/ARM-hisi-Add-missing-of_node_put-after-of_find_compa.patch
(git-fixes CVE-2022-49447 bsc#1238956).
- Update
patches.suse/ARM-meson-Fix-refcount-leak-in-meson_smp_prepare_cpu.patch
(git-fixes CVE-2022-49656 bsc#1237812).
- Update
patches.suse/ASoC-Intel-sof_sdw-handle-errors-on-card-registratio.patch
(git-fixes CVE-2022-49617 bsc#1238902).
- Update
patches.suse/ASoC-SOF-Intel-Fix-NULL-ptr-dereference-when-ENOMEM.patch
(git-fixes CVE-2022-49268 bsc#1238090).
- Update
patches.suse/ASoC-atmel-Add-missing-of_node_put-in-at91sam9g20ek_.patch
(git-fixes CVE-2022-49243 bsc#1238337).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-sam9x5_wm8731_drive.patch
(git-fixes CVE-2022-49241 bsc#1238116).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-snd_proto_probe.patch
(git-fixes CVE-2022-49246 bsc#1238302).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49252 bsc#1237787).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-compander-for-aux.patch
(git-fixes CVE-2022-49250 bsc#1238389).
- Update
patches.suse/ASoC-codecs-va-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49251 bsc#1237835).
- Update
patches.suse/ASoC-codecs-wc938x-fix-accessing-array-out-of-bounds.patch
(git-fixes CVE-2022-49249 bsc#1238339).
- Update
patches.suse/ASoC-codecs-wcd934x-Add-missing-of_node_put-in-wcd93.patch
(git-fixes CVE-2022-49239 bsc#1238334).
- Update
patches.suse/ASoC-cs35l41-Fix-an-out-of-bounds-access-in-otp_pack.patch
(bsc#1203699 CVE-2022-49515 bsc#1237817).
- Update
patches.suse/ASoC-fsl-Fix-refcount-leak-in-imx_sgtl5000_probe.patch
(git-fixes CVE-2022-49486 bsc#1237946).
- Update
patches.suse/ASoC-imx-hdmi-Fix-refcount-leak-in-imx_hdmi_probe.patch
(git-fixes CVE-2022-49480 bsc#1238799).
- Update
patches.suse/ASoC-mediatek-Fix-error-handling-in-mt8173_max98090_.patch
(git-fixes CVE-2022-49514 bsc#1238429).
- Update
patches.suse/ASoC-mediatek-Fix-missing-of_node_put-in-mt2701_wm89.patch
(git-fixes CVE-2022-49517 bsc#1237996).
- Update
patches.suse/ASoC-mediatek-mt8192-mt6359-Fix-error-handling-in-mt.patch
(git-fixes CVE-2022-49244 bsc#1238176).
- Update
patches.suse/ASoC-mxs-Fix-error-handling-in-mxs_sgtl5000_probe.patch
(git-fixes CVE-2022-49242 bsc#1238126).
- Update
patches.suse/ASoC-mxs-saif-Fix-refcount-leak-in-mxs_saif_probe.patch
(git-fixes CVE-2022-49482 bsc#1238543).
- Update
patches.suse/ASoC-rt5645-Fix-errorenous-cleanup-order.patch
(git-fixes CVE-2022-49493 bsc#1238939).
- Update
patches.suse/ASoC-rt7-sdw-harden-jack_detect_handler.patch
(git-fixes CVE-2022-49616 bsc#1238898).
- Update
patches.suse/ASoC-rt711-sdca-fix-kernel-NULL-pointer-dereference-.patch
(git-fixes CVE-2022-49615 bsc#1238897).
- Update
patches.suse/ASoC-samsung-Fix-refcount-leak-in-aries_audio_probe.patch
(git-fixes CVE-2022-49477 bsc#1238295).
- Update
patches.suse/ASoC-ti-j721e-evm-Fix-refcount-leak-in-j721e_soc_pro.patch
(git-fixes CVE-2022-49473 bsc#1238135).
- Update
patches.suse/Bluetooth-Fix-use-after-free-in-hci_send_acl.patch
(git-fixes CVE-2022-49111 bsc#1237984).
- Update
patches.suse/Bluetooth-btmtksdio-Fix-kernel-oops-in-btmtksdio_int.patch
(git-fixes CVE-2022-49200 bsc#1237958).
- Update
patches.suse/Bluetooth-fix-dangling-sco_conn-and-use-after-free-i.patch
(git-fixes CVE-2022-49474 bsc#1238071).
- Update
patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch
(git-fixes CVE-2022-49555 bsc#1238231).
- Update
patches.suse/Bluetooth-use-memset-avoid-memory-leaks.patch
(git-fixes CVE-2022-49116 bsc#1237922).
- Update
patches.suse/HID-elan-Fix-potential-double-free-in-elan_input_con.patch
(git-fixes CVE-2022-49508 bsc#1237940).
- Update
patches.suse/IB-rdmavt-add-lock-to-call-to-rvt_error_qp-to-preven.patch
(git-fixes CVE-2022-49089 bsc#1238041).
- Update
patches.suse/Input-gpio-keys-cancel-delayed-work-only-in-case-of-.patch
(git-fixes CVE-2022-49430 bsc#1238870).
- Update
patches.suse/Input-sparcspkr-fix-refcount-leak-in-bbc_beep_probe.patch
(git-fixes CVE-2022-49438 bsc#1238242).
- Update patches.suse/KVM-Don-t-null-dereference-ops-destroy.patch
(git-fixes CVE-2022-49568 bsc#1238792).
- Update
patches.suse/KVM-SVM-Use-kzalloc-for-sev-ioctl-interfaces-to-prev.patch
(git-fixes CVE-2022-49556 bsc#1238134).
- Update
patches.suse/KVM-SVM-fix-panic-on-out-of-bounds-guest-IRQ.patch
(git-fixes CVE-2022-49154 bsc#1238167).
- Update
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49610
bsc#1238952).
- Update
patches.suse/KVM-x86-Drop-WARNs-that-assert-a-triple-fault-never-.patch
(git-fixes CVE-2022-49559 bsc#1237942).
- Update
patches.suse/KVM-x86-Use-__try_cmpxchg_user-to-update-guest-PTE-A.patch
(git-fixes CVE-2022-49562 bsc#1238309).
- Update
patches.suse/LSM-general-protection-fault-in-legacy_parse_param.patch
(git-fixes CVE-2022-49180 bsc#1238110).
- Update
patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch
(git-fixes CVE-2022-49505 bsc#1238615).
- Update
patches.suse/NFS-Avoid-writeback-threads-getting-stuck-in-mempool.patch
(git-fixes CVE-2022-49097 bsc#1237729).
- Update
patches.suse/NFSD-prevent-integer-overflow-on-32-bit-systems.patch
(git-fixes CVE-2022-49279 bsc#1238655).
- Update
patches.suse/NFSD-prevent-underflow-in-nfssvc_decode_writeargs.patch
(git-fixes CVE-2022-49280 bsc#1238630).
- Update
patches.suse/NFSv4-Don-t-hold-the-layoutget-locks-across-multiple.patch
(git-fixes CVE-2022-49316 bsc#1238386).
- Update
patches.suse/NFSv4-Fix-free-of-uninitialized-nfs4_label-on-referr.patch
(git-fixes CVE-2022-49418 bsc#1238878).
- Update
patches.suse/NFSv4.2-fix-reference-count-leaks-in-_nfs42_proc_cop.patch
(git-fixes CVE-2022-49103 bsc#1238080).
- Update
patches.suse/PCI-Avoid-pci_dev_lock-AB-BA-deadlock-with-sriov_num.patch
(git-fixes CVE-2022-49434 bsc#1238916).
- Update patches.suse/PCI-endpoint-Fix-misused-goto-label.patch
(git-fixes CVE-2022-49115 bsc#1237961).
- Update
patches.suse/PM-core-keep-irq-flags-in-device_pm_check_callbacks.patch
(git-fixes CVE-2022-49175 bsc#1238099).
- Update
patches.suse/PM-devfreq-exynos-ppmu-Fix-refcount-leak-in-of_get_d.patch
(git-fixes CVE-2022-49668 bsc#1237957).
- Update
patches.suse/PM-devfreq-rk3399_dmc-Disable-edev-on-remove.patch
(git-fixes CVE-2022-49460 bsc#1238892).
- Update
patches.suse/PM-domains-Fix-sleep-in-atomic-bug-caused-by-genpd_d.patch
(git-fixes CVE-2022-49265 bsc#1238432).
- Update
patches.suse/RDMA-cm-Fix-memory-leak-in-ib_cm_insert_listen.patch
(git-fixes CVE-2022-49671 bsc#1238823).
- Update
patches.suse/RDMA-hfi1-Fix-potential-integer-multiplication-overf.patch
(git-fixes CVE-2022-49404 bsc#1238430).
- Update
patches.suse/RDMA-hfi1-Fix-use-after-free-bug-for-mm-struct.patch
(git-fixes CVE-2022-49076 bsc#1237738).
- Update
patches.suse/RDMA-hfi1-Prevent-panic-when-SDMA-is-disabled.patch
(git-fixes CVE-2022-49429 bsc#1238889).
- Update
patches.suse/RDMA-hfi1-Prevent-use-of-lock-before-it-is-initializ.patch
(git-fixes CVE-2022-49433 bsc#1238268).
- Update
patches.suse/RDMA-irdma-Fix-sleep-from-invalid-context-BUG.patch
(git-fixes CVE-2022-49606 bsc#1238410).
- Update
patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch
(git-fixes CVE-2022-49208 bsc#1238345).
- Update
patches.suse/RDMA-mlx5-Fix-memory-leak-in-error-flow-for-subscrib.patch
(git-fixes CVE-2022-49206 bsc#1238343).
- Update
patches.suse/RDMA-nldev-Prevent-underflow-in-nldev_stat_set_count.patch
(jsc#SLE-19249 CVE-2022-49199 bsc#1238234).
- Update
patches.suse/SUNRPC-Fix-the-svc_deferred_event-trace-class.patch
(git-fixes CVE-2022-49065 bsc#1237739).
- Update patches.suse/SUNRPC-Trap-RDMA-segment-overflows.patch
(git-fixes CVE-2022-49356 bsc#1238444).
- Update
patches.suse/USB-host-isp116x-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49302 bsc#1238653).
- Update patches.suse/afs-Fix-dynamic-root-getattr.patch
(git-fixes CVE-2022-49688 bsc#1238423).
- Update
patches.suse/arch-arm64-Fix-topology-initialization-for-core-sche.patch
(git-fixes CVE-2022-49090 bsc#1238021).
- Update
patches.suse/arm64-compat-Do-not-treat-syscall-number-as-ESR_ELx-.patch
(git-fixes CVE-2022-49520 bsc#1238836).
- Update patches.suse/arm64-ftrace-consistently-handle-PLTs.patch
(git-fixes CVE-2022-49721 bsc#1237789).
- Update
patches.suse/ata-libata-core-fix-NULL-pointer-deref-in-ata_host_a.patch
(git-fixes CVE-2022-49731 bsc#1239071).
- Update
patches.suse/ata-pata_octeon_cf-Fix-refcount-leak-in-octeon_cf_pr.patch
(git-fixes CVE-2022-49354 bsc#1238636).
- Update
patches.suse/ata-sata_dwc_460ex-Fix-crash-due-to-OOB-write.patch
(git-fixes CVE-2022-49073 bsc#1237746).
- Update
patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch
(git-fixes CVE-2022-49213 bsc#1238327).
- Update
patches.suse/ath10k-skip-ath10k_halt-during-suspend-for-driver-st.patch
(git-fixes CVE-2022-49519 bsc#1238943).
- Update
patches.suse/ath11k-disable-spectral-scan-during-spectral-deinit.patch
(git-fixes CVE-2022-49523 bsc#1238557).
- Update
patches.suse/ath11k-fix-kernel-panic-during-unload-load-ath11k-mo.patch
(git-fixes CVE-2022-49131 bsc#1237966).
- Update patches.suse/ath11k-mhi-use-mhi_sync_power_up.patch
(git-fixes CVE-2022-49130 bsc#1237978).
- Update
patches.suse/ath11k-pci-fix-crash-on-suspend-if-board-file-is-not.patch
(git-fixes CVE-2022-49132 bsc#1237976).
- Update
patches.suse/ath9k_htc-fix-potential-out-of-bounds-access-with-in.patch
(git-fixes CVE-2022-49503 bsc#1238868).
- Update patches.suse/ath9k_htc-fix-uninit-value-bugs.patch
(git-fixes CVE-2022-49235 bsc#1238333).
- Update
patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch
(bsc#1197926 CVE-2022-49412 bsc#1238436).
- Update
patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch
(bsc#1197926 CVE-2022-49411 bsc#1238307).
- Update
patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch
(bsc#1197926 CVE-2022-49413 bsc#1238710).
- Update
patches.suse/blk-iolatency-Fix-inflight-count-imbalances-and-IO-h.patch
(bsc#1200825 CVE-2022-49394 bsc#1238712).
- Update
patches.suse/blk-mq-don-t-touch-tagset-in-blk_mq_get_sq_hctx.patch
(bsc#1200824 CVE-2022-49377 bsc#1238545).
- Update
patches.suse/block-Fix-the-maximum-minor-value-is-blk_alloc_ext_m.patch
(bsc#1198021 CVE-2022-49147 bsc#1237960).
- Update
patches.suse/block-don-t-delete-queue-kobject-before-its-children.patch
(bsc#1198019 CVE-2022-49259 bsc#1238413).
- Update
patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch
(bsc#1202781 CVE-2022-49266 bsc#1238465).
- Update
patches.suse/bpf-Fix-UAF-due-to-race-between-btf_try_get_module-a.patch
(git-fixes CVE-2022-49236 bsc#1238120).
- Update
patches.suse/bpf-arm64-Clear-prog-jited_len-along-prog-jited.patch
(git-fixes CVE-2022-49341 bsc#1238381).
- Update
patches.suse/brcmfmac-pcie-Release-firmwares-in-the-brcmf_pcie_se.patch
(git-fixes CVE-2022-49263 bsc#1238267).
- Update
patches.suse/bus-fsl-mc-bus-fix-KASAN-use-after-free-in-fsl_mc_bu.patch
(git-fixes CVE-2022-49711 bsc#1238416).
- Update
patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
(git-fixes CVE-2022-49661 bsc#1237788).
- Update
patches.suse/can-isotp-sanitize-CAN-ID-checks-in-isotp_bind.patch
(git-fixes CVE-2022-49269 bsc#1238533).
- Update
patches.suse/can-m_can-m_can_tx_handler-fix-use-after-free-of-skb.patch
(git-fixes CVE-2022-49275 bsc#1238719).
- Update
patches.suse/can-mcba_usb-properly-check-endpoint-type.patch
(git-fixes CVE-2022-49151 bsc#1237778).
- Update
patches.suse/ceph-fix-inode-reference-leakage-in-ceph_get_snapdir.patch
(bsc#1206048 CVE-2022-49109 bsc#1237836).
- Update
patches.suse/ceph-fix-memory-leak-in-ceph_readdir-when-note_last_dentry-returns-error.patch
(bsc#1206049 CVE-2022-49107 bsc#1237973).
- Update
patches.suse/cgroup-Use-separate-src-dst-nodes-when-preloading-css_sets-for-migration.patch
(bsc#1201610 CVE-2022-49647 bsc#1238805).
- Update
patches.suse/char-xillybus-fix-a-refcount-leak-in-cleanup_dev.patch
(git-fixes CVE-2022-49310 bsc#1238642).
- Update patches.suse/cifs-fix-handlecache-and-multiuser.patch
(bsc#1193629 CVE-2022-49281 bsc#1238635).
- Update
patches.suse/cifs-fix-potential-double-free-during-failed-mount.patch
(bsc#1193629 CVE-2022-49541 bsc#1238727).
- Update
patches.suse/cifs-potential-buffer-overflow-in-handling-symlinks.patch
(bsc#1193629 CVE-2022-49058 bsc#1237814).
- Update
patches.suse/cifs-prevent-bad-output-lengths-in-smb2_ioctl_query_info-.patch
(CVE-2022-0168 bsc#1197472 CVE-2022-49271 bsc#1238626).
- Update
patches.suse/clk-Fix-clk_hw_get_clk-when-dev-is-NULL.patch
(git-fixes CVE-2022-49187 bsc#1238011).
- Update
patches.suse/clk-qcom-clk-rcg2-Update-logic-to-calculate-D-value-.patch
(git-fixes CVE-2022-49189 bsc#1238150).
- Update
patches.suse/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch
(bsc#1201218 CVE-2022-49726 bsc#1238808).
- Update
patches.suse/cpufreq-pmac32-cpufreq-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49621 bsc#1239051).
- Update
patches.suse/crypto-ccree-Fix-use-after-free-in-cc_cipher_exit.patch
(git-fixes CVE-2022-49258 bsc#1237952).
- Update
patches.suse/crypto-hisilicon-sec-fix-the-aead-software-fallback-.patch
(bsc#1198240 CVE-2022-49260 bsc#1238458).
- Update
patches.suse/crypto-octeontx2-remove-CONFIG_DM_CRYPT-check.patch
(git-fixes CVE-2022-49262 bsc#1238463).
- Update patches.suse/crypto-qat-add-param-check-for-DH.patch
(jsc#PED-1073 CVE-2022-49564 bsc#1238789).
- Update patches.suse/crypto-qat-add-param-check-for-RSA.patch
(jsc#PED-1073 CVE-2022-49563 bsc#1238787).
- Update patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch
(git-fixes CVE-2022-49566 bsc#1238266).
- Update patches.suse/dlm-fix-plock-invalid-read.patch (git-fixes
CVE-2022-49407 bsc#1238180).
- Update
patches.suse/dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch
(git-fixes CVE-2022-49673 bsc#1238933).
- Update
patches.suse/dmaengine-idxd-Fix-the-error-handling-path-in-idxd_c.patch
(git-fixes CVE-2022-49422 bsc#1237784).
- Update
patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch
(git-fixes CVE-2022-49652 bsc#1238871).
- Update
patches.suse/dmaengine-zynqmp_dma-In-struct-zynqmp_dma_chan-fix-d.patch
(git-fixes CVE-2022-49320 bsc#1238394).
- Update
patches.suse/dpaa2-ptp-Fix-refcount-leak-in-dpaa2_ptp_probe.patch
(git-fixes CVE-2022-49088 bsc#1237724).
- Update
patches.suse/drbd-Fix-five-use-after-free-bugs-in-get_initial_state
(git-fixes CVE-2022-49085 bsc#1238036).
- Update
patches.suse/driver-base-fix-UAF-when-driver_attach-failed.patch
(git-fixes CVE-2022-49385 bsc#1237951).
- Update
patches.suse/driver-core-Fix-wait_for_device_probe-deferred_probe.patch
(git-fixes CVE-2022-49379 bsc#1238446).
- Update
patches.suse/driver-core-fix-deadlock-in-__device_attach.patch
(git-fixes CVE-2022-49371 bsc#1238546).
- Update
patches.suse/drivers-base-node.c-fix-compaction-sysfs-file-leak.patch
(git-fixes CVE-2022-49442 bsc#1238243).
- Update
patches.suse/drivers-staging-rtl8192bs-Fix-deadlock-in-rtw_joinbs.patch
(git-fixes CVE-2022-49311 bsc#1238632).
- Update
patches.suse/drivers-staging-rtl8192e-Fix-deadlock-in-rtllib_beac.patch
(git-fixes CVE-2022-49315 bsc#1238638).
- Update
patches.suse/drivers-staging-rtl8192u-Fix-deadlock-in-ieee80211_b.patch
(git-fixes CVE-2022-49305 bsc#1238645).
- Update
patches.suse/drivers-staging-rtl8723bs-Fix-deadlock-in-rtw_survey.patch
(git-fixes CVE-2022-49309 bsc#1238640).
- Update
patches.suse/drivers-tty-serial-Fix-deadlock-in-sa1100_set_termio.patch
(git-fixes CVE-2022-49304 bsc#1238639).
- Update
patches.suse/drivers-usb-host-Fix-deadlock-in-oxu_bus_suspend.patch
(git-fixes CVE-2022-49313 bsc#1238633).
- Update
patches.suse/drm-amd-amdgpu-amdgpu_cs-fix-refcount-leak-of-a-dma_.patch
(git-fixes CVE-2022-49137 bsc#1238155).
- Update
patches.suse/drm-amd-display-Check-if-modulo-is-0-before-dividing.patch
(git-fixes CVE-2022-49294 bsc#1238147).
- Update
patches.suse/drm-amd-display-Fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2022-49232 bsc#1238139).
- Update patches.suse/drm-amd-display-Fix-memory-leak.patch
(git-fixes CVE-2022-49135 bsc#1238006).
- Update
patches.suse/drm-amdgpu-cs-make-commands-with-0-chunks-illegal-be.patch
(git-fixes CVE-2022-49335 bsc#1238377).
- Update
patches.suse/drm-amdkfd-Check-for-potential-null-return-of-kmallo.patch
(git-fixes CVE-2022-49055 bsc#1237868).
- Update
patches.suse/drm-bridge-Add-missing-pm_runtime_put_sync.patch
(git-fixes CVE-2022-49128 bsc#1237970).
- Update
patches.suse/drm-bridge-anx7625-Fix-overflow-issue-on-reading-EDI.patch
(git-fixes CVE-2022-49222 bsc#1238328).
- Update
patches.suse/drm-etnaviv-check-for-reaped-mapping-in-etnaviv_iomm.patch
(git-fixes CVE-2022-49336 bsc#1238397).
- Update
patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
(git-fixes CVE-2022-49644 bsc#1238235).
- Update
patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch
(git-fixes bsc#1211263 CVE-2023-28410 CVE-2022-49261
bsc#1238462).
- Update
patches.suse/drm-i915-reset-Fix-error_state_read-ptr-offset-use.patch
(git-fixes CVE-2022-49723 bsc#1237997).
- Update
patches.suse/drm-imx-Fix-memory-leak-in-imx_pd_connector_get_mode.patch
(git-fixes CVE-2022-49091 bsc#1237726).
- Update
patches.suse/drm-msm-a6xx-Fix-refcount-leak-in-a6xx_gpu_init.patch
(git-fixes CVE-2022-49462 bsc#1238123).
- Update
patches.suse/drm-msm-disp-dpu1-set-vbif-hw-config-to-NULL-to-avoi.patch
(git-fixes CVE-2022-49489 bsc#1238244).
- Update
patches.suse/drm-msm-dp-populate-connector-of-struct-dp_panel.patch
(git-fixes CVE-2022-49221 bsc#1238326).
- Update
patches.suse/drm-msm-fix-possible-memory-leak-in-mdp5_crtc_cursor.patch
(git-fixes CVE-2022-49467 bsc#1238815).
- Update
patches.suse/drm-msm-hdmi-check-return-value-after-calling-platfo.patch
(git-fixes CVE-2022-49495 bsc#1237932).
- Update
patches.suse/drm-msm-mdp4-Fix-refcount-leak-in-mdp4_modeset_init_.patch
(git-fixes CVE-2022-49693 bsc#1237954).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_mixer_release.patch
(git-fixes CVE-2022-49488 bsc#1238600).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_pipe_release-.patch
(git-fixes CVE-2022-49490 bsc#1238275).
- Update
patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch
(git-fixes CVE-2022-49645 bsc#1238435).
- Update
patches.suse/drm-rockchip-vop-fix-possible-null-ptr-deref-in-vop_.patch
(git-fixes CVE-2022-49491 bsc#1238539).
- Update
patches.suse/drm-tegra-Fix-reference-leak-in-tegra_dsi_ganged_pro.patch
(git-fixes CVE-2022-49216 bsc#1238338).
- Update
patches.suse/drm-virtio-fix-NULL-pointer-dereference-in-virtio_gp.patch
(git-fixes CVE-2022-49532 bsc#1238925).
- Update
patches.suse/efi-Do-not-import-certificates-from-UEFI-Secure-Boot.patch
(git-fixes CVE-2022-49357 bsc#1238631).
- Update
patches.suse/exec-Force-single-empty-string-when-argv-is-empty.patch
(bsc#1200571 CVE-2022-49264 bsc#1237815).
- Update patches.suse/ext4-add-reserved-GDT-blocks-check.patch
(bsc#1202712 CVE-2022-49707 bsc#1239035).
- Update patches.suse/ext4-avoid-cycles-in-directory-h-tree.patch
(bsc#1198577 CVE-2022-1184 CVE-2022-49343 bsc#1238382).
- Update
patches.suse/ext4-filter-out-EXT4_FC_REPLAY-from-on-disk-superblo.patch
(bsc#1202771 CVE-2022-49348 bsc#1238383).
- Update patches.suse/ext4-fix-bug_on-ext4_mb_use_inode_pa.patch
(bsc#1200810 CVE-2022-49708 bsc#1238599).
- Update patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch
(bsc#1200809 CVE-2022-49409 bsc#1238279).
- Update patches.suse/ext4-fix-bug_on-in-ext4_writepages.patch
(bsc#1200872 CVE-2022-49347 bsc#1238393).
- Update
patches.suse/ext4-fix-ext4_mb_mark_bb-with-flex_bg-with-fast_comm.patch
(bsc#1207593 CVE-2022-49174 bsc#1238091).
- Update
patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
(bsc#1200807 CVE-2022-49414 bsc#1238623).
- Update
patches.suse/ext4-fix-use-after-free-in-ext4_rename_dir_prepare.patch
(bsc#1200871 CVE-2022-49349 bsc#1238372).
- Update
patches.suse/ext4-fix-warning-in-ext4_handle_inode_extension.patch
(bsc#1202711 CVE-2022-49352 bsc#1238395).
- Update
patches.suse/extcon-Modify-extcon-device-to-be-created-after-driv.patch
(git-fixes CVE-2022-49308 bsc#1238654).
- Update
patches.suse/filemap-Handle-sibling-entries-in-filemap_get_read_b.patch
(bsc#1202774 CVE-2022-49699 bsc#1238248).
- Update
patches.suse/firmware-arm_scmi-Fix-list-protocols-enumeration-in-.patch
(git-fixes CVE-2022-49451 bsc#1238177).
- Update
patches.suse/firmware-dmi-sysfs-Fix-memory-leak-in-dmi_sysfs_regi.patch
(git-fixes CVE-2022-49370 bsc#1238467).
- Update
patches.suse/firmware-sysfb-fix-platform-device-leak-in-error-pat.patch
(git-fixes CVE-2022-49283 bsc#1238012).
- Update
patches.suse/ftrace-Clean-up-hash-direct_functions-on-register-failures.patch
(git-fixes CVE-2022-49402 bsc#1238255).
- Update patches.suse/gpio-gpio-xilinx-Fix-integer-overflow.patch
(git-fixes CVE-2022-49570 bsc#1238298).
- Update
patches.suse/habanalabs-fix-possible-memory-leak-in-MMU-DR-fini.patch
(git-fixes CVE-2022-49102 bsc#1238018).
- Update
patches.suse/hwrng-cavium-fix-NULL-but-dereferenced-coccicheck-er.patch
(jsc#SLE-24682 CVE-2022-49177 bsc#1238010).
- Update
patches.suse/i2c-piix4-Fix-a-memory-leak-in-the-EFCH-MMIO-support.patch
(git-fixes CVE-2022-49653 bsc#1238664).
- Update
patches.suse/i40e-Fix-call-trace-in-setup_tx_descriptors.patch
(git-fixes CVE-2022-49725 bsc#1238016).
- Update
patches.suse/iavf-Fix-handling-of-dummy-receive-descriptors.patch
(git-fixes CVE-2022-49583 bsc#1237818).
- Update
patches.suse/ibmvnic-fix-race-between-xmit-and-reset.patch
(bsc#1197302 ltc#197259 CVE-2022-49201 bsc#1238256).
- Update patches.suse/ice-Fix-memory-corruption-in-VF-driver.patch
(git-fixes CVE-2022-49722 bsc#1238301).
- Update
patches.suse/ice-arfs-fix-use-after-free-when-freeing-rx_cpu_rmap.patch
(git-fixes CVE-2022-49063 bsc#1237846).
- Update
patches.suse/ice-fix-scheduling-while-atomic-on-aux-critical-err-.patch
(git-fixes CVE-2022-49193 bsc#1238283).
- Update
patches.suse/igb-fix-a-use-after-free-issue-in-igb_clean_tx_ring.patch
(git-fixes CVE-2022-49695 bsc#1238556).
- Update
patches.suse/igc-Reinstate-IGC_REMOVED-logic-and-implement-it-pro.patch
(jsc#SLE-18377 CVE-2022-49605 bsc#1238433).
- Update
patches.suse/igc-avoid-kernel-warning-when-changing-RX-ring-param.patch
(git-fixes CVE-2022-49227 bsc#1237786).
- Update
patches.suse/iio-accel-mma8452-use-the-correct-logic-to-get-mma84.patch
(git-fixes CVE-2022-49285 bsc#1238641).
- Update
patches.suse/iio-adc-adi-axi-adc-Fix-refcount-leak-in-adi_axi_adc.patch
(git-fixes CVE-2022-49683 bsc#1238308).
- Update
patches.suse/iio-trigger-sysfs-fix-use-after-free-on-remove.patch
(git-fixes CVE-2022-49685 bsc#1237963).
- Update
patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch
(git-fixes CVE-2022-49643 bsc#1238663).
- Update
patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch
(git-fixes CVE-2022-49627 bsc#1237798).
- Update
patches.suse/iommu-arm-smmu-fix-possible-null-ptr-deref-in-arm_smmu_device_pr
(git-fixes CVE-2022-49323 bsc#1238400).
- Update
patches.suse/iommu-arm-smmu-v3-check-return-value-after-calling-platform_get_
(git-fixes CVE-2022-49319 bsc#1238374).
- Update patches.suse/iommu-arm-smmu-v3-sva-Fix-mm-use-after-free
(git-fixes CVE-2022-49426 bsc#1238445).
- Update
patches.suse/iommu-mediatek-Fix-NULL-pointer-dereference-when-printing-dev_na
(git-fixes CVE-2022-49424 bsc#1238247).
- Update
patches.suse/iommu-mediatek-Remove-clk_disable-in-mtk_iommu_remove
(git-fixes CVE-2022-49427 bsc#1238246).
- Update
patches.suse/iommu-omap-Fix-regression-in-probe-for-NULL-pointer-dereference
(git-fixes CVE-2022-49083 bsc#1237723).
- Update
patches.suse/ip-Fix-data-races-around-sysctl_ip_fwd_update_priori.patch
(git-fixes CVE-2022-49603 bsc#1238867).
- Update
patches.suse/ipv4-Fix-data-races-around-sysctl_fib_multipath_hash.patch
(git-fixes CVE-2022-49579 bsc#1238014).
- Update
patches.suse/ipw2x00-Fix-potential-NULL-dereference-in-libipw_xmi.patch
(git-fixes CVE-2022-49544 bsc#1238721).
- Update
patches.suse/irqchip-gic-realview-Fix-refcount-leak-in-realview_g.patch
(git-fixes CVE-2022-49719 bsc#1238262).
- Update
patches.suse/irqchip-gic-v3-Fix-GICR_CTLR.RWP-polling.patch
(git-fixes CVE-2022-49074 bsc#1237728).
- Update
patches.suse/irqchip-gic-v3-Fix-error-handling-in-gic_populate_pp.patch
(git-fixes CVE-2022-49716 bsc#1238288).
- Update
patches.suse/irqchip-gic-v3-Fix-refcount-leak-in-gic_populate_ppi.patch
(git-fixes CVE-2022-49715 bsc#1238818).
- Update
patches.suse/irqchip-realtek-rtl-Fix-refcount-leak-in-map_interru.patch
(git-fixes CVE-2022-49714 bsc#1238538).
- Update
patches.suse/ixgbe-Add-locking-to-prevent-panic-when-setting-srio.patch
(git-fixes CVE-2022-49584 bsc#1237933).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_fill_super.patch
(git-fixes CVE-2022-49381 bsc#1238112).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_mount_fs.patch
(git-fixes CVE-2022-49277 bsc#1238144).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_scan_medium.patch
(git-fixes CVE-2022-49276 bsc#1238142).
- Update patches.suse/linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch
(git-fixes CVE-2022-49670 bsc#1238809).
- Update patches.suse/list-fix-a-data-race-around-ep-rdllist.patch
(git-fixes CVE-2022-49443 bsc#1238434).
- Update
patches.suse/lz4-fix-LZ4_decompress_safe_partial-read-out-of-boun.patch
(git-fixes CVE-2022-49078 bsc#1237736).
- Update
patches.suse/mac80211-fix-potential-double-free-on-mesh-join.patch
(git-fixes CVE-2022-49290 bsc#1238156).
- Update
patches.suse/md-Don-t-set-mddev-private-to-NULL-in-raid0-pers-fre.patch
(git-fixes CVE-2022-49400 bsc#1238125).
- Update
patches.suse/md-bitmap-don-t-set-sb-values-if-can-t-pass-sanity-c.patch
(bsc#1197158 CVE-2022-49526 bsc#1238030).
- Update
patches.suse/md-fix-double-free-of-io_acct_set-bioset.patch
(git-fixes CVE-2022-49384 bsc#1237959).
- Update
patches.suse/media-cx25821-Fix-the-warning-when-removing-the-modu.patch
(git-fixes CVE-2022-49525 bsc#1238022).
- Update
patches.suse/media-i2c-max9286-fix-kernel-oops-when-removing-modu.patch
(git-fixes CVE-2022-49509 bsc#1238650).
- Update
patches.suse/media-imx-jpeg-Prevent-decoding-NV12M-jpegs-into-sin.patch
(git-fixes CVE-2022-49165 bsc#1238106).
- Update
patches.suse/media-imx-jpeg-fix-a-bug-of-accessing-array-out-of-b.patch
(git-fixes CVE-2022-49163 bsc#1238105).
- Update
patches.suse/media-pci-cx23885-Fix-the-error-handling-in-cx23885_.patch
(git-fixes CVE-2022-49524 bsc#1238949).
- Update
patches.suse/media-pvrusb2-fix-array-index-out-of-bounds-in-pvr2_.patch
(git-fixes CVE-2022-49478 bsc#1238000).
- Update
patches.suse/media-rga-fix-possible-memory-leak-in-rga_probe.patch
(git-fixes CVE-2022-49502 bsc#1238834).
- Update
patches.suse/media-stk1160-If-start-stream-fails-return-buffers-w.patch
(git-fixes CVE-2022-49247 bsc#1237783).
- Update
patches.suse/media-ti-vpe-cal-Fix-a-NULL-pointer-dereference-in-c.patch
(git-fixes CVE-2022-49254 bsc#1238089).
- Update
patches.suse/media-usb-go7007-s2250-board-fix-leak-in-probe.patch
(git-fixes CVE-2022-49253 bsc#1238420).
- Update
patches.suse/media-venus-hfi-avoid-null-dereference-in-deinit.patch
(git-fixes CVE-2022-49527 bsc#1238013).
- Update
patches.suse/memory-renesas-rpc-if-fix-platform-device-leak-in-er.patch
(git-fixes CVE-2022-49050 bsc#1237892).
- Update
patches.suse/memory-samsung-exynos5422-dmc-Fix-refcount-leak-in-o.patch
(git-fixes CVE-2022-49676 bsc#1237821).
- Update
patches.suse/mfd-davinci_voicecodec-Fix-possible-null-ptr-deref-d.patch
(git-fixes CVE-2022-49435 bsc#1238292).
- Update
patches.suse/misc-ocxl-fix-possible-double-free-in-ocxl_file_regi.patch
(git-fixes CVE-2022-49455 bsc#1238229).
- Update
patches.suse/mm-slub-add-missing-TID-updates-on-slab-deactivation.patch
(git-fixes CVE-2022-49700 bsc#1238249).
- Update
patches.suse/mmc-jz4740-Apply-DMA-engine-limits-to-maximum-segmen.patch
(git-fixes CVE-2022-49522 bsc#1238948).
- Update
patches.suse/module-fix-e_shstrndx-.sh_size-0-OOB-access.patch
(git-fixes CVE-2022-49444 bsc#1238127).
- Update
patches.suse/msft-hv-2554-Drivers-hv-vmbus-Deactivate-sysctl_record_panic_msg-.patch
(bsc#1183682 CVE-2022-49054 bsc#1237931).
- Update
patches.suse/msft-hv-2555-Drivers-hv-vmbus-Fix-initialization-of-device-object.patch
(git-fixes CVE-2022-49099 bsc#1237727).
- Update
patches.suse/msft-hv-2556-Drivers-hv-vmbus-Fix-potential-crash-on-module-unloa.patch
(git-fixes CVE-2022-49098 bsc#1238079).
- Update
patches.suse/mt76-fix-monitor-mode-crash-with-sdio-driver.patch
(git-fixes CVE-2022-49112 bsc#1237971).
- Update
patches.suse/mt76-fix-use-after-free-by-removing-a-non-RCU-wcid-p.patch
(git-fixes CVE-2022-49328 bsc#1238391).
- Update
patches.suse/mt76-mt7921-fix-crash-when-startup-fails.patch
(git-fixes CVE-2022-49129 bsc#1237968).
- Update
patches.suse/mtd-rawnand-atmel-fix-refcount-issue-in-atmel_nand_c.patch
(git-fixes CVE-2022-49212 bsc#1238331).
- Update
patches.suse/mtd-rawnand-cadence-fix-possible-null-ptr-deref-in-c.patch
(git-fixes CVE-2022-49494 bsc#1237955).
- Update
patches.suse/mtd-rawnand-denali-Use-managed-device-resources.patch
(git-fixes CVE-2022-49512 bsc#1237986).
- Update
patches.suse/mtd-rawnand-intel-fix-possible-null-ptr-deref-in-ebu.patch
(git-fixes CVE-2022-49487 bsc#1238115).
- Update
patches.suse/net-altera-Fix-refcount-leak-in-altera_tse_mdio_crea.patch
(git-fixes CVE-2022-49351 bsc#1237939).
- Update
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch
(git-fixes CVE-2022-49226 bsc#1238336).
- Update
patches.suse/net-bcmgenet-Use-stronger-register-read-writes-to-as.patch
(git-fixes CVE-2022-49194 bsc#1238453).
- Update
patches.suse/net-bonding-fix-use-after-free-after-802.3ad-slave-u.patch
(git-fixes CVE-2022-49667 bsc#1238282).
- Update
patches.suse/net-dsa-lantiq_gswip-Fix-refcount-leak-in-gswip_gphy.patch
(git-fixes CVE-2022-49346 bsc#1238392).
- Update
patches.suse/net-dsa-microchip-ksz_common-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49591 bsc#1238666).
- Update
patches.suse/net-dsa-mv88e6xxx-Fix-refcount-leak-in-mv88e6xxx_mdi.patch
(git-fixes CVE-2022-49367 bsc#1238447).
- Update
patches.suse/net-ethernet-bgmac-Fix-refcount-leak-in-bcma_mdio_mi.patch
(git-fixes CVE-2022-49342 bsc#1238390).
- Update
patches.suse/net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch
(git-fixes CVE-2022-49368 bsc#1237808).
- Update
patches.suse/net-ethernet-stmmac-fix-altr_tse_pcs-function-when-u.patch
(git-fixes CVE-2022-49061 bsc#1238024).
- Update
patches.suse/net-ethernet-ti-am65-cpsw-nuss-Fix-some-refcount-lea.patch
(git-fixes CVE-2022-49386 bsc#1237826).
- Update
patches.suse/net-hns3-add-vlan-list-lock-to-protect-vlan-list.patch
(git-fixes CVE-2022-49182 bsc#1238260).
- Update
patches.suse/net-ipv4-fix-route-with-nexthop-object-delete-warnin.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-49092 bsc#1237779).
- Update
patches.suse/net-ipv6-unexport-__init-annotated-seg6_hmac_init.patch
(bsc#1201218 CVE-2022-49339 bsc#1238388).
- Update
patches.suse/net-mdio-unexport-__init-annotated-mdio_bus_init.patch
(bsc#1201218 CVE-2022-49350 bsc#1238387).
- Update
patches.suse/net-openvswitch-fix-leak-of-nested-actions.patch
(git-fixes CVE-2022-49086 bsc#1238037).
- Update
patches.suse/net-phy-micrel-Allow-probing-without-.driver_data.patch
(git-fixes CVE-2022-49472 bsc#1238951).
- Update
patches.suse/net-sfc-add-missing-xdp-queue-reinitialization.patch
(git-fixes CVE-2022-49096 bsc#1238077).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereference-in-smc_pnet_find_ib
(git-fixes CVE-2022-49060 bsc#1237845).
- Update
patches.suse/net-stmmac-dwc-qos-Disable-split-header-for-Tegra194.patch
(bsc#1194904 CVE-2022-49642 bsc#1238437).
- Update
patches.suse/net-stmmac-fix-dma-queue-left-shift-overflow-issue.patch
(git-fixes CVE-2022-49592 bsc#1238311).
- Update patches.suse/net-stmmac-fix-leaks-in-probe.patch
(git-fixes CVE-2022-49628 bsc#1238619).
- Update
patches.suse/net-tun-unlink-NAPI-from-device-on-destruction.patch
(git-fixes CVE-2022-49672 bsc#1238816).
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(git-fixes CVE-2022-49051 bsc#1237903).
- Update
patches.suse/net-xfrm-unexport-__init-annotated-xfrm4_protocol_in.patch
(bsc#1201218 CVE-2022-49345 bsc#1238238).
- Update
patches.suse/nfc-nci-add-flush_workqueue-to-prevent-uaf.patch
(git-fixes CVE-2022-49059 bsc#1238007).
- Update
patches.suse/nfc-nfcmrvl-Fix-memory-leak-in-nfcmrvl_play_deferred.patch
(git-fixes CVE-2022-49729 bsc#1239060).
- Update
patches.suse/nfc-st21nfca-fix-memory-leaks-in-EVT_TRANSACTION-han.patch
(git-fixes CVE-2022-49331 bsc#1237813).
- Update
patches.suse/nvme-pci-fix-a-NULL-pointer-dereference-in-nvme_allo.patch
(git-fixes CVE-2022-49492 bsc#1238954).
- Update
patches.suse/ocfs2-dlmfs-fix-error-handling-of-user_dlm_destroy_l.patch
(bsc#1202778 CVE-2022-49337 bsc#1238376).
- Update
patches.suse/ocfs2-fix-crash-when-mount-with-quota-enabled.patch
(bsc#1207640 CVE-2022-49274 bsc#1238668).
- Update
patches.suse/perf-core-Fix-data-race-between-perf_event_set_output-and-perf_mmap_close.patch
(git fixes CVE-2022-49607 bsc#1238817).
- Update
patches.suse/phy-qcom-qmp-fix-reset-controller-leak-on-probe-erro.patch
(git-fixes CVE-2022-49396 bsc#1238289).
- Update
patches.suse/phy-qcom-qmp-fix-struct-clk-leak-on-probe-errors.patch
(git-fixes CVE-2022-49397 bsc#1237823).
- Update
patches.suse/pinctrl-aspeed-Fix-potential-NULL-dereference-in-asp.patch
(git-fixes CVE-2022-49618 bsc#1238957).
- Update
patches.suse/pinctrl-nomadik-Add-missing-of_node_put-in-nmk_pinct.patch
(git-fixes CVE-2022-49185 bsc#1238111).
- Update
patches.suse/pinctrl-renesas-core-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49445 bsc#1238019).
- Update
patches.suse/pinctrl-renesas-rzn1-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49449 bsc#1238936).
- Update
patches.suse/platform-x86-thinkpad_acpi-Fix-a-memory-leak-of-EFCH.patch
(bsc#1210050 CVE-2022-49665 bsc#1238017).
- Update
patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch
(git-fixes CVE-2022-49609 bsc#1238241).
- Update
patches.suse/power-supply-ab8500-Fix-memory-leak-in-ab8500_fg_sys.patch
(git-fixes CVE-2022-49224 bsc#1237998).
- Update
patches.suse/powerpc-64s-Don-t-use-DSISR-for-SLB-faults.patch
(bsc#1194869 CVE-2022-49214 bsc#1238003).
- Update
patches.suse/powerpc-iommu-Add-missing-of_node_put-in-iommu_init_.patch
(bsc#1194869 CVE-2022-49431 bsc#1238899).
- Update
patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803 CVE-2022-49196 bsc#1238274).
- Update
patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch
(bsc#1197174 ltc#196362 CVE-2022-49440 bsc#1238945).
- Update
patches.suse/powerpc-secvar-fix-refcount-leak-in-format_show.patch
(bsc#1194869 CVE-2022-49113 bsc#1237967).
- Update
patches.suse/powerpc-tm-Fix-more-userspace-r13-corruption.patch
(bsc#1065729 CVE-2022-49164 bsc#1238108).
- Update
patches.suse/powerpc-xics-fix-refcount-leak-in-icp_opal_init.patch
(bsc#1194869 CVE-2022-49432 bsc#1238950).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_spapr_init.patch
(fate#322438 git-fixes CVE-2022-49437 bsc#1238443).
- Update
patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch
(fate#322438 git-fixes CVE-2022-49623 bsc#1239040).
- Update
patches.suse/qede-confirm-skb-is-allocated-before-using.patch
(git-fixes CVE-2022-49084 bsc#1237751).
- Update
patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch
(git-fixes CVE-2022-49631 bsc#1238814).
- Update
patches.suse/regulator-da9121-Fix-uninit-value-in-da9121_assign_c.patch
(git-fixes CVE-2022-49507 bsc#1238811).
- Update
patches.suse/regulator-pfuze100-Fix-refcount-leak-in-pfuze_parse_.patch
(git-fixes CVE-2022-49481 bsc#1238264).
- Update
patches.suse/regulator-scmi-Fix-refcount-leak-in-scmi_regulator_p.patch
(git-fixes CVE-2022-49466 bsc#1238287).
- Update
patches.suse/remoteproc-Fix-count-check-in-rproc_coredump_write.patch
(git-fixes CVE-2022-49278 bsc#1238253).
- Update
patches.suse/remoteproc-qcom_q6v5_mss-Fix-some-leaks-in-q6v5_allo.patch
(git-fixes CVE-2022-49188 bsc#1238138).
- Update
patches.suse/rtc-mt6397-check-return-value-after-calling-platform.patch
(git-fixes CVE-2022-49375 bsc#1238228).
- Update
patches.suse/rtc-pl031-fix-rtc-features-null-pointer-dereference.patch
(git-fixes CVE-2022-49273 bsc#1238140).
- Update
patches.suse/rtl818x-Prevent-using-not-initialized-queues.patch
(git-fixes CVE-2022-49326 bsc#1238646).
- Update
patches.suse/scsi-hisi_sas-Free-irq-vectors-in-order-for-v3-HW.patch
(git-fixes CVE-2022-49118 bsc#1237979).
- Update
patches.suse/scsi-ibmvfc-Allocate-free-queue-resource-only-during.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49701
bsc#1237810).
- Update
patches.suse/scsi-ibmvfc-Store-vhost-pointer-during-subcrq-alloca.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49703
bsc#1238131).
- Update
patches.suse/scsi-libfc-Fix-use-after-free-in-fc_exch_abts_resp.patch
(git-fixes CVE-2022-49114 bsc#1238146).
- Update
patches.suse/scsi-lpfc-Address-NULL-pointer-dereference-after-sta.patch
(bsc#1201193 CVE-2022-49332 bsc#1238236).
- Update
patches.suse/scsi-lpfc-Fix-SCSI-I-O-completion-and-abort-handler-.patch
(bsc#1200045 CVE-2022-49536 bsc#1238838).
- Update
patches.suse/scsi-lpfc-Fix-call-trace-observed-during-I-O-with-CM.patch
(bsc#1200045 CVE-2022-49537 bsc#1238930).
- Update
patches.suse/scsi-lpfc-Fix-null-pointer-dereference-after-failing.patch
(bsc#1200045 CVE-2022-49535 bsc#1238937).
- Update
patches.suse/scsi-lpfc-Fix-resource-leak-in-lpfc_sli4_send_seq_to.patch
(bsc#1200045 CVE-2022-49521 bsc#1238938).
- Update
patches.suse/scsi-lpfc-Inhibit-aborts-if-external-loopback-plug-i.patch
(bsc#1200045 CVE-2022-49504 bsc#1238835).
- Update
patches.suse/scsi-lpfc-Move-cfg_log_verbose-check-before-calling-.patch
(bsc#1200045 CVE-2022-49542 bsc#1238722).
- Update
patches.suse/scsi-lpfc-Protect-memory-leak-for-NPIV-ports-sending.patch
(bsc#1200045 CVE-2022-49534 bsc#1238893).
- Update
patches.suse/scsi-lpfc-Resolve-NULL-ptr-dereference-after-an-ELS-.patch
(bsc#1201193 CVE-2022-49730 bsc#1239070).
- Update patches.suse/scsi-mpi3mr-Fix-memory-leaks.patch
(git-fixes CVE-2022-49126 bsc#1237929).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-in-_scsih_expander_node_remove
(git-fixes CVE-2022-49082 bsc#1237740).
- Update
patches.suse/scsi-pm8001-Fix-abort-all-task-initialization.patch
(git-fixes CVE-2022-49217 bsc#1238313).
- Update
patches.suse/scsi-pm8001-Fix-memory-leak-in-pm8001_chip_fw_flash_update_req.patch
(git-fixes CVE-2022-49119 bsc#1237925).
- Update patches.suse/scsi-pm8001-Fix-tag-leaks-on-error.patch
(git-fixes CVE-2022-49121 bsc#1237926).
- Update
patches.suse/scsi-pm8001-Fix-task-leak-in-pm8001_send_abort_all.patch
(git-fixes CVE-2022-49120 bsc#1237969).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-during-module-load-unload-tes.patch
(bsc#1197661 CVE-2022-49160 bsc#1238172).
- Update
patches.suse/scsi-qla2xxx-Fix-premature-hw-access-after-PCI-error.patch
(bsc#1195823 CVE-2022-49157 bsc#1238169).
- Update
patches.suse/scsi-qla2xxx-Fix-scheduling-while-atomic.patch
(bsc#1195823 CVE-2022-49156 bsc#1238168).
- Update
patches.suse/scsi-qla2xxx-Fix-warning-message-due-to-adisc-being-.patch
(bsc#1195823 CVE-2022-49158 bsc#1238170).
- Update
patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch
(bsc#1195823 CVE-2022-49159 bsc#1238171).
- Update
patches.suse/scsi-qla2xxx-Suppress-a-kernel-complaint-in-qla_crea.patch
(bsc#1195823 CVE-2022-49155 bsc#1237941).
- Update
patches.suse/scsi-sd-Fix-potential-NULL-pointer-dereference.patch
(git-fixes CVE-2022-49376 bsc#1238103).
- Update
patches.suse/scsi-zorro7xx-Fix-a-resource-leak-in-zorro7xx_remove_one
(git-fixes CVE-2022-49095 bsc#1237752).
- Update
patches.suse/serial-8250-Fix-PM-usage_count-for-console-handover.patch
(git-fixes CVE-2022-49613 bsc#1238440).
- Update
patches.suse/serial-8250_aspeed_vuart-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49392 bsc#1238113).
- Update
patches.suse/sfc-fix-considering-that-all-channels-have-TX-queues.patch
(git-fixes CVE-2022-49378 bsc#1238286).
- Update patches.suse/sfc-fix-kernel-panic-when-creating-VF.patch
(git-fixes CVE-2022-49625 bsc#1238411).
- Update
patches.suse/sfc-fix-use-after-free-when-disabling-sriov.patch
(git-fixes CVE-2022-49626 bsc#1238270).
- Update
patches.suse/skbuff-fix-coalescing-for-page_pool-fragment-recycli.patch
(bsc#1190336 CVE-2022-49093 bsc#1237737).
- Update
patches.suse/soc-bcm-Check-for-NULL-return-of-devm_kzalloc.patch
(git-fixes CVE-2022-49448 bsc#1238536).
- Update
patches.suse/soc-bcm-brcmstb-pm-pm-arm-Fix-refcount-leak-in-brcms.patch
(git-fixes CVE-2022-49678 bsc#1238821).
- Update
patches.suse/soc-rockchip-Fix-refcount-leak-in-rockchip_grf_init.patch
(git-fixes CVE-2022-49382 bsc#1238306).
- Update
patches.suse/soc-ti-ti_sci_pm_domains-Check-for-null-return-of-de.patch
(git-fixes CVE-2022-49453 bsc#1239004).
- Update
patches.suse/spi-bcm2835-bcm2835_spi_handle_err-fix-NULL-pointer-.patch
(git-fixes CVE-2022-49569 bsc#1238605).
- Update
patches.suse/spi-spi-fsl-qspi-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49475 bsc#1238617).
- Update
patches.suse/staging-rtl8712-fix-a-potential-memory-leak-in-r871x.patch
(git-fixes CVE-2022-49312 bsc#1238157).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-r871xu_drv_init.patch
(git-fixes CVE-2022-49298 bsc#1238718).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-usb_read8-and-fr.patch
(git-fixes CVE-2022-49301 bsc#1238643).
- Update
patches.suse/staging-vchiq_arm-Avoid-NULL-ptr-deref-in-vchiq_dump.patch
(git-fixes CVE-2022-49106 bsc#1237965).
- Update
patches.suse/staging-vchiq_core-handle-NULL-result-of-find_servic.patch
(git-fixes CVE-2022-49104 bsc#1237999).
- Update
patches.suse/staging-wfx-fix-an-error-handling-in-wfx_init_common.patch
(git-fixes CVE-2022-49105 bsc#1237975).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_dou8vec_minmax.patch
(git-fixes CVE-2022-49634 bsc#1237937).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch
(git-fixes CVE-2022-49641 bsc#1237831).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch
(git-fixes CVE-2022-49640 bsc#1237782).
- Update
patches.suse/thermal-core-Fix-memory-leak-in-__thermal_cooling_de.patch
(git-fixes CVE-2022-49468 bsc#1238047).
- Update
patches.suse/thermal-drivers-broadcom-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49459 bsc#1238046).
- Update
patches.suse/thermal-drivers-imx_sc_thermal-Fix-refcount-leak-in-.patch
(git-fixes CVE-2022-49463 bsc#1238428).
- Update
patches.suse/tick-nohz-unexport-__init-annotated-tick_nohz_full_s.patch
(bsc#1201218 CVE-2022-49675 bsc#1238431).
- Update
patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
(CVE-2022-2977 bsc#1202672 CVE-2022-49287 bsc#1238276).
- Update patches.suse/tpm-use-try_get_ops-in-tpm-space.c.patch
(git-fixes CVE-2022-49286 bsc#1238647).
- Update
patches.suse/tracing-Fix-potential-double-free-in-create_var_ref.patch
(git-fixes CVE-2022-49410 bsc#1238441).
- Update
patches.suse/tracing-Fix-sleeping-function-called-from-invalid-context-on-RT-kernel.patch
(git-fixes CVE-2022-49322 bsc#1238396).
- Update
patches.suse/tracing-histograms-Fix-memory-leak-problem.patch
(git-fixes CVE-2022-49648 bsc#1238278).
- Update
patches.suse/tty-Fix-a-possible-resource-leak-in-icom_probe.patch
(git-fixes CVE-2022-49314 bsc#1238158).
- Update
patches.suse/tty-fix-deadlock-caused-by-calling-printk-under-tty_.patch
(git-fixes CVE-2022-49441 bsc#1238263).
- Update patches.suse/tty-goldfish-Fix-free_irq-on-remove.patch
(git-fixes CVE-2022-49724 bsc#1238869).
- Update
patches.suse/tty-goldfish-Use-tty_port_destroy-to-destroy-port.patch
(git-fixes CVE-2022-49399 bsc#1237829).
- Update
patches.suse/tty-synclink_gt-Fix-null-pointer-dereference-in-slgt.patch
(git-fixes CVE-2022-49307 bsc#1238149).
- Update
patches.suse/tunnels-do-not-assume-mac-header-is-set-in-skb_tunne.patch
(git-fixes CVE-2022-49663 bsc#1238442).
- Update
patches.suse/usb-dwc2-Fix-memory-leak-in-dwc2_hcd_init.patch
(git-fixes CVE-2022-49713 bsc#1238419).
- Update
patches.suse/usb-dwc2-gadget-don-t-reset-gadget-s-driver-bus.patch
(git-fixes CVE-2022-49299 bsc#1238184).
- Update
patches.suse/usb-dwc3-gadget-Replace-list_for_each_entry_safe-if-.patch
(git-fixes CVE-2022-49398 bsc#1238621).
- Update
patches.suse/usb-gadget-lpc32xx_udc-Fix-refcount-leak-in-lpc32xx_.patch
(git-fixes CVE-2022-49712 bsc#1238239).
- Update
patches.suse/usb-isp1760-Fix-out-of-bounds-array-access.patch
(git-fixes CVE-2022-49551 bsc#1237795).
- Update
patches.suse/usb-usbip-fix-a-refcount-leak-in-stub_probe.patch
(git-fixes CVE-2022-49389 bsc#1238257).
- Update
patches.suse/usbnet-Run-unregister_netdev-before-unbind-again.patch
(git-fixes CVE-2022-49501 bsc#1238830).
- Update patches.suse/usbnet-fix-memory-leak-in-error-case.patch
(git-fixes CVE-2022-49657 bsc#1238269).
- Update
patches.suse/veth-Ensure-eth-header-is-in-skb-s-linear-part.patch
(git-fixes CVE-2022-49066 bsc#1237722).
- Update
patches.suse/video-fbdev-clcdfb-Fix-refcount-leak-in-clcdfb_of_vr.patch
(git-fixes CVE-2022-49421 bsc#1238819).
- Update
patches.suse/video-fbdev-sm712fb-Fix-crash-in-smtcfb_write.patch
(git-fixes CVE-2022-49162 bsc#1238096).
- Update
patches.suse/virtio_console-eliminate-anonymous-module_init-modul.patch
(git-fixes CVE-2022-49100 bsc#1237735).
- Update
patches.suse/virtio_net-fix-xdp_rxq_info-bug-after-suspend-resume.patch
(git-fixes CVE-2022-49687 bsc#1238181).
- Update patches.suse/watch_queue-Actually-free-the-watch.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49256 bsc#1238277).
- Update
patches.suse/watch_queue-Fix-NULL-dereference-in-error-cleanup.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49257 bsc#1237987).
- Update
patches.suse/watch_queue-Free-the-page-array-when-watch_queue-is-.patch
(git-fixes CVE-2022-49148 bsc#1237797).
- Update
patches.suse/watchdog-ts4800_wdt-Fix-refcount-leak-in-ts4800_wdt_.patch
(git-fixes CVE-2022-49373 bsc#1238175).
- Update
patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch
(git-fixes CVE-2022-49646 bsc#1239001).
- Update
patches.suse/wifi-mac80211-fix-use-after-free-in-chanctx-code.patch
(git-fixes CVE-2022-49416 bsc#1238293).
- Update
patches.suse/wireguard-socket-free-skb-in-send6-when-ipv6-is-disa.patch
(git-fixes CVE-2022-49153 bsc#1238166).
- Update
patches.suse/x86-MCE-AMD-Fix-memory-leak-when-threshold_create_ba.patch
(git-fixes CVE-2022-49549 bsc#1238602).
- Update
patches.suse/x86-kexec-fix-memory-leak-of-elf-header-buffer.patch
(bsc#1196444 CVE-2022-49546 bsc#1238750).
- Update
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49611
bsc#1238618).
- Update
patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch
(bsc#1201381 CVE-2022-49649 bsc#1238612).
- Update
patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch
(git-fixes CVE-2022-49321 bsc#1238373).
- commit a27d758
- Update
patches.suse/0011-Revert-Revert-block-bfq-honor-already-setup-queue-merges.patch
(git-fixes CVE-2021-47646 bsc#1237774).
- Update
patches.suse/ARM-davinci-da850-evm-Avoid-NULL-pointer-dereference.patch
(git-fixes CVE-2021-47631 bsc#1237718).
- Update
patches.suse/ASoC-soc-compress-prevent-the-potentially-use-of-nul.patch
(git-fixes CVE-2021-47650 bsc#1237742).
- Update
patches.suse/KVM-x86-mmu-Zap-_all_-roots-when-unmapping-gfn-range.patch
(git-fixes CVE-2021-47639 bsc#1237824).
- Update
patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch
(git-fixes CVE-2021-47633 bsc#1237768).
- Update patches.suse/clk-qcom-ipq8074-fix-PCI-E-clock-oops.patch
(git-fixes CVE-2021-47647 bsc#1237775).
- Update
patches.suse/drm-amd-pm-fix-a-potential-gpu_metrics_table-memory-.patch
(git-fixes CVE-2021-4453 bsc#1237753).
- Update
patches.suse/drm-plane-Move-range-check-for-format_count-earlier.patch
(git-fixes CVE-2021-47659 bsc#1237839).
- Update
patches.suse/drm-virtio-Ensure-that-objs-is-not-NULL-in-virtio_gp.patch
(git-fixes CVE-2021-47657 bsc#1237837).
- Update
patches.suse/gpu-host1x-Fix-a-memory-leak-in-host1x_remove.patch
(git-fixes CVE-2021-47648 bsc#1237725).
- Update
patches.suse/jffs2-fix-use-after-free-in-jffs2_clear_xattr_subsystem.patch
(git-fixes CVE-2021-47656 bsc#1237827).
- Update
patches.suse/media-davinci-vpif-fix-use-after-free-on-driver-unbi.patch
(git-fixes CVE-2021-47653 bsc#1237748).
- Update patches.suse/media-ir_toy-free-before-error-exiting.patch
(git-fixes CVE-2021-47643 bsc#1237743).
- Update
patches.suse/media-staging-media-zoran-calculate-the-right-buffer.patch
(git-fixes CVE-2021-47645 bsc#1237767).
- Update
patches.suse/media-staging-media-zoran-move-videodev-alloc.patch
(git-fixes CVE-2021-47644 bsc#1237766).
- Update
patches.suse/powerpc-set_memory-Avoid-spinlock-recursion-in-chang.patch
(bsc#1194869 CVE-2021-47632 bsc#1237755).
- Update
patches.suse/samples-landlock-Fix-path_list-memory-leak.patch
(git-fixes CVE-2021-47654 bsc#1237807).
- Update
patches.suse/soc-qcom-rpmpd-Check-for-null-return-of-devm_kcalloc.patch
(git-fixes CVE-2021-47651 bsc#1237872).
- Update
patches.suse/ubifs-Fix-deadlock-in-concurrent-rename-whiteout-and-inode-writeback.patch
(git-fixes CVE-2021-47637 bsc#1237761).
- Update
patches.suse/ubifs-Fix-read-out-of-bounds-in-ubifs_wbuf_write_nolock.patch
(git-fixes CVE-2021-47636 bsc#1237904).
- Update
patches.suse/ubifs-Fix-to-add-refcount-once-page-is-set-private.patch
(git-fixes CVE-2021-47635 bsc#1237759).
- Update
patches.suse/ubifs-rename_whiteout-Fix-double-free-for-whiteout_ui-data.patch
(git-fixes CVE-2021-47638 bsc#1237763).
- Update patches.suse/udmabuf-validate-ubuf-pagecount.patch
(git-fixes CVE-2021-47649 bsc#1237745).
- Update
patches.suse/video-fbdev-cirrusfb-check-pixclock-to-avoid-divide-.patch
(git-fixes CVE-2021-47641 bsc#1237734).
- Update
patches.suse/video-fbdev-nvidiafb-Use-strscpy-to-prevent-buffer-o.patch
(git-fixes CVE-2021-47642 bsc#1237916).
- Update
patches.suse/video-fbdev-smscufx-Fix-null-ptr-deref-in-ufx_usb_pr.patch
(git-fixes CVE-2021-47652 bsc#1237721).
- commit e92be69
- net: rose: fix timer races against user threads (CVE-2025-21718
bsc#1239073).
- commit 0089650
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 1575e37
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014 bsc#1239109)
- commit a0ab5c3
- initcall_blacklist: Does not allow kernel_lockdown be
blacklisted (bsc#1237521).
- commit 248ffca
- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 083fa08
- Sort BHI mitigation patches
- Refresh patches.suse/KVM-x86-Add-BHI_NO.patch.
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh patches.suse/x86-bhi-Define-SPEC_CTRL_BHI_DIS_S.patch.
- Refresh
patches.suse/x86-bhi-Enumerate-Branch-History-Injection-BHI-bug.patch.
- Refresh patches.suse/x86-bhi-Mitigate-KVM-by-default.patch.
- commit 2ed304e
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (bsc#1217339 CVE-2024-2201).
- commit 3e06375
- mm/mempolicy: fix mpol_new leak in shared_policy_replace
(CVE-2022-49080 bsc#1238033).
- commit ee261e8
- KVM: VMX: Bury Intel PT virtualization (guest/host mode)
behind CONFIG_BROKEN (CVE-2024-53135 bsc#1234154).
- commit c33dbae
- net: wwan: fix global oob in wwan_rtnl_policy (CVE-2024-50128
bsc#1232905).
- commit b1050a1
- ipv4/tcp: do not use per netns ctl sockets (bsc#1237693).
- commit f950ad1
- x86/xen: add FRAME_END to xen_hypercall_hvm() (git-fixes).
- commit e70ee83
- x86/xen: fix xen_hypercall_hvm() to not clobber %rbx
(git-fixes).
- commit 2ad21f6
- idpf: call set_real_num_queues in idpf_open (bsc#1236661
bsc#1237316).
- commit 67a5892
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
(bsc#1237139 CVE-2025-21699).
- commit 94ceb50
- scsi: storvsc: Ratelimit warning logs to prevent VM denial of
service (bsc#1237025 CVE-2025-21690).
- scsi: storvsc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(git-fixes).
- commit f3c7eea
- Update
patches.suse/cifs-Fix-UAF-in-cifs_demultiplex_thread-.patch
(bsc#1208995 CVE-2023-1192 CVE-2023-52572 bsc#1220946).
Move to the sorted section.
- commit bb08640
- net: sched: fix ets qdisc OOB Indexing (bsc#1237028
CVE-2025-21692).
- commit 947f160
- net: mana: Cleanup "mana" debugfs dir after cleanup of all
children (bsc#1236760).
- net: mana: Enable debugfs files for MANA device (bsc#1236758).
- net: mana: Add get_link and get_link_ksettings in ethtool
(bsc#1236761).
- net: netvsc: Update default VMBus channels (bsc#1236757).
- commit dd59602
- Update
patches.suse/ALSA-6fire-Release-resources-at-card-release.patch
(CVE-2024-53239 bsc#1235054 bsc#1234853).
- Update
patches.suse/Bluetooth-L2CAP-do-not-leave-dangling-sk-pointer-on-.patch
(CVE-2024-56605 bsc#1235061 bsc#1234853).
- Update
patches.suse/KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-me.patch
(CVE-2024-50115 bsc#1232919 bsc#1225742).
- Update
patches.suse/NFSv4.0-Fix-a-use-after-free-problem-in-the-asynchronous-open.patch
(CVE-2024-53173 bsc#1234891 bsc#1234853).
- Update
patches.suse/hfsplus-don-t-query-the-device-logical-block-size-multiple-times.patch
(bsc#1235073 CVE-2024-56548 bsc#1234853).
- Update
patches.suse/wifi-mwifiex-Fix-memcpy-field-spanning-write-warning-in-mwifiex_config_scan.patch
(CVE-2024-56539 bsc#1234963 bsc#1234853).
- commit c3c2bf8
- mac802154: check local interfaces before deleting sdata list
(CVE-2024-57948 bsc#1236677).
- commit 4de21f7
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED
in uvc_parse_format (CVE-2024-53104 bsc#1234025).
- commit a0c98f3
- Fix sorting error
```
Error: Current series.conf is not sorted. Please run series_sort.py first and commit the result before adding new patches.
```
- commit a81b3e9
- kABI fix for net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
Upstream commit 0f6ede9fbc74 ("net: defer final 'struct
net' free in netns dismantle") introduced a new struct element
`defer_free_list` into `struct net`. In order to preserve the kABI, move
the newly added element into a hole.
```
struct netns_nexthop nexthop; /* 560 72 */
/* XXX 8 bytes hole, try to pack */
/* --- cacheline 10 boundary (640 bytes) --- */
struct netns_ipv4 ipv4 __attribute__((__aligned__(64))); /* 640 704 */
```
- commit 3fc1183
- net: defer final 'struct net' free in netns dismantle (CVE-2024-56658 bsc#1235441).
- commit 8694248
- NFS: Trigger the "ls -l" readdir heuristic sooner (bsc#1231847).
- commit eadd17e
- NFS: Improve heuristic for readdirplus (bsc#1231847).
- commit ea10ca2
- NFS: Adjust the amount of readahead performed by NFS readdir
(bsc#1231847).
- commit ec8e677
- NFS: Do not flush the readdir cache in nfs_dentry_iput()
(bsc#1231847).
- commit ac72a63
- smb: prevent use-after-free due to open_cached_dir error paths
(CVE-2024-53177 bsc#1234896).
- commit 43156cd
- net: inet6: do not leave a dangling sk pointer in inet6_create()
(CVE-2024-56600 bsc#1235217).
- commit 4f3d37a
- blacklist.conf: Not affected byy CVE-2024-44932 and CVE-2024-44964
- Delete
patches.suse/idpf-fix-UAFs-when-destroying-the-queues.patch.
- Delete
patches.suse/idpf-fix-memory-leaks-and-crashes-while-performing-a.patch.
This fixes bsc#1236628
- commit 6ceedf0
- netfilter: x_tables: fix LED ID check in led_tg_check()
(CVE-2024-56650 bsc#1235430).
- commit a130a9c
- drm/amdkfd: Correct the migration DMA map direction (bsc#1235969 CVE-2024-57897)
- commit e14ed1e
- Refresh patches.suse/drm-dp_mst-Ensure-mst_primary-pointer-is-valid-in-dr.patch.
Fix warning by removing unused label out_put_primary
- commit 354b3cb
- Update patches.suse/tipc-fix-NULL-deref-in-cleanup_bearer.patch
(bsc#1235433 CVE-2024-56661 bsc#1234931).
- commit cb91989
- Update
patches.suse/Bluetooth-hci_event-Align-BR-EDR-JUST_WORKS-paring-w.patch
(git-fixes bsc#1230697 CVE-2024-8805 CVE-2024-53144
bsc#1234690).
- commit ea9bf7d
- net: inet: do not leave a dangling sk pointer in inet_create()
(CVE-2024-56601 bsc#1235230).
- commit b4769c0
- btrfs: fix use-after-free when COWing tree bock and tracing
is enabled (bsc#1235645 CVE-2024-56759).
- commit e811c1c
- powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
(bsc#1218470 ltc#204531).
- commit f5ab5f5
- scsi: qla2xxx: Fix use after free on unload (CVE-2024-56623
bsc#1235466).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (CVE-2024-53166
bsc#1234884).
- commit 894e940
- Refresh
patches.suse/x86-xen-don-t-do-PV-iret-hypercall-through-hypercall.patch.
- commit df281af
- x86/static-call: Remove early_boot_irqs_disabled check to fix
Xen PVH dom0 (git-fixes).
- commit 2c0880a
- ALSA: seq: oss: Fix races at processing SysEx messages
(CVE-2024-57893 bsc#1235920).
- commit f05049d
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit bfdad42
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (CVE-2024-57798 bsc#1235818).
- commit 15490f2
- net/smc: check return value of sock_recvmsg when draining clc
data (CVE-2024-57791 bsc#1235759).
- commit b879d55
- power: supply: gpio-charger: Fix set charge current limits
(git-fixes CVE-2024-57792 bsc#1235764).
- commit 80ed527
- bpf, sockmap: Fix race between element replace and close()
(CVE-2024-56664 bsc#1235249).
- commit 03e2626
- s390/cpum_sf: Handle CPU hotplug remove during sampling
(CVE-2024-57849 bsc#1235814).
- commit e03f9af
- Update
patches.suse/smb-client-fix-TCP-timers-deadlock-after-rmmod.patch
(CVE-2024-53095 bsc#1233642 CVE-2024-54680 bsc#1235723).
- commit 6deb1aa
- mm/swapfile: skip HugeTLB pages for unuse_vma (CVE-2024-50199
bsc#1233112).
- commit 63ec06b
- tipc: fix NULL deref in cleanup_bearer() (bsc#1235433).
- commit a0043a3
- scsi: sg: Fix slab-use-after-free read in sg_release()
(CVE-2024-56631 bsc#1235480).
- commit 9399f03
- 9p/xen: fix release of IRQ (CVE-2024-56704 bsc#1235584).
- commit 614e74c
- net: ieee802154: do not leave a dangling sk pointer in
ieee802154_create() (CVE-2024-56602 bsc#1235521).
- commit 4049cc5
- net: hsr: avoid potential out-of-bound access in
fill_frame_info() (CVE-2024-56648 bsc#1235451).
- commit 0a88cb0
- ovl: Filter invalid inodes with missing lookup function
(bsc#1235035 CVE-2024-56570).
- commit 54169ab
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
(CVE-2024-53173 bsc#1234891).
- commit f801b5b
- tipc: Fix use-after-free of kernel socket in cleanup_bearer()
(CVE-2024-56642 bsc#1235433).
- commit ec9cc8d
- can: j1939: j1939_session_new(): fix skb reference counting
(CVE-2024-56645 bsc#1235134).
- commit 5011af1
- Bluetooth: L2CAP: do not leave dangling sk pointer on error
in l2cap_sock_create() (CVE-2024-56605 bsc#1235061).
- commit c461209
- idpf: trigger SW interrupt when exiting wb_on_itr mode
(bsc#1235507).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024
(bsc#1235246).
- idpf: enable WB_ON_ITR (bsc#1235507).
- commit 3cbddc0
- smb: client: fix use-after-free of signing key (CVE-2024-53179
bsc#1234921).
- commit 86400c7
- smb: client: fix TCP timers deadlock after rmmod (git-fixes)
[hcarvalho: this fixes issue discussed in bsc#1233642].
- commit 3e3e1af
- smb: client: Fix use-after-free of network namespace
(CVE-2024-53095 bsc#1233642).
[hcarvalho: remove netfs_tracker_* related code because we don't have
such infrastructure.]
- commit 97b2d9e
- wifi: mwifiex: Fix memcpy() field-spanning write warning in
mwifiex_config_scan() (CVE-2024-56539 bsc#1234963).
- commit e27d4b2
- vfio/pci: Properly hide first-in-list PCIe extended capability
(bsc#1235004 CVE-2024-53214).
- commit f520125
- Bluetooth: RFCOMM: avoid leaving dangling sk pointer in
rfcomm_sock_alloc() (bsc#1235056 CVE-2024-56604).
- commit cf32d9d
- Bluetooth: Consolidate code around sk_alloc into a helper
function (bsc#1235056 CVE-2024-56604).
Refresh
patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout.patch.
- commit 4de890e
- nilfs2: fix potential out-of-bounds memory access in
nilfs_find_entry() (bsc#1235224 CVE-2024-56619).
- commit b3f788e
- jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220
CVE-2024-56598).
- commit 4762f9a
- hfsplus: don't query the device logical block size multiple
times (bsc#1235073 CVE-2024-56548).
- commit 67473c2
- wifi: ath9k: add range check for conn_rsp_epid in
htc_connect_service() (CVE-2024-53156 bsc#1234846).
- commit 747e664
- ALSA: 6fire: Release resources at card release (CVE-2024-53239
bsc#1235054).
- commit 6995b0a
- NFSD: Prevent a potential integer overflow (CVE-2024-53146
bsc#1234853).
- commit 79b751c
- Update
patches.suse/tcp-Fix-use-after-free-of-nreq-in-reqsk_timer_handler.patch
(CVE-2024-50154 bsc#1233070 CVE-2024-53206 bsc#1234960).
- commit cdf9cb8
- Update
patches.suse/media-s5p_cec-limit-msg.len-to-CEC_MAX_MSG_SIZE.patch
(git-fixes CVE-2022-49035 bsc#1215304).
- commit d91bb81
- x86/xen: use new hypercall functions instead of hypercall page
(XSA-466 CVE-2024-53241 bsc#1234282).
- commit 439afbb
- x86/xen: add central hypercall functions (XSA-466 CVE-2024-53241
bsc#1234282).
- commit 1784c5e
- x86/xen: don't do PV iret hypercall through hypercall page
(XSA-466 CVE-2024-53241 bsc#1234282).
- commit 9f17f93
- x86/static-call: provide a way to do very early static-call
updates (XSA-466 CVE-2024-53241 bsc#1234282).
- Refresh patches.kabi/tracepoint-fix.patch.
- commit 2e422a6
- objtool/x86: allow syscall instruction (XSA-466 CVE-2024-53241
bsc#1234282).
- commit 1f61d5b
- x86: make get_cpu_vendor() accessible from Xen code (XSA-466
CVE-2024-53241 bsc#1234282).
- commit 4d90703
- xen/netfront: fix crash when removing device (XSA-465
CVE-2024-53240 bsc#1234281).
- commit f11b367
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
(git-fixes, bsc#1230697, CVE-2024-8805).
- commit cddc976
- Update
patches.suse/initramfs-avoid-filename-buffer-overrun.patch
(CVE-2024-53142 bsc#1232436).
- commit 14f79ec
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- commit fe5d084
- idpf: fix UAFs when destroying the queues (CVE-2024-44932
bsc#1229808).
- idpf: fix memory leaks and crashes while performing a soft reset
(CVE-2024-44964 bsc#1230220).
- commit 4316b61
- USB: serial: io_edgeport: fix use after free in debug printk (CVE-2024-50267 bsc#1233456)
- commit 5a7c927
- tcp: Fix use-after-free of nreq in reqsk_timer_handler()
(CVE-2024-50154 bsc#1233070).
- commit 9c54dc2
- README.BRANCH: Remove bouncing e-mail address.
- commit 9d57d70
- netdevsim: Add trailing zero to terminate the string
in nsim_nexthop_bucket_activity_write() (CVE-2024-50259
bsc#1233214).
- commit 3b589d0
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 624f722
- security/keys: fix slab-out-of-bounds in key_task_permission
(CVE-2024-50301 bsc#1233490).
- commit b8c1415
- media: cx24116: prevent overflows on SNR calculus
(CVE-2024-50290 bsc#1233479).
- commit c59cd01
- dm cache: fix out-of-bounds access to the dirty bitset when
resizing (CVE-2024-50279 bsc#1233468).
- commit 6c88f14
- Update config files.
Enabled IDPF for ARM64 (bsc#1221309)
- commit 8dd2b1c
- HID: core: zero-initialize the report buffer (CVE-2024-50302
bsc#1233491).
- commit 086ff16
- vsock/virtio: Initialization of the dangling pointer occurring
in vsk->trans (CVE-2024-50264 bsc#1233453).
- commit 008fbbf
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125
bsc#1232928).
- commit f9d799e
- Update
patches.suse/0002-x86-mm-ident_map-Use-gbpages-only-where-full-GB-page.patch
(bsc#1220382 CVE-2024-50017 bsc#1232312).
- commit 02ff322
- Update patches.suse/can-bcm-Fix-UAF-in-bcm_proc_show.patch
(git-fixes CVE-2023-52922 bsc#1233977).
- commit 82c5a0a
- Refresh
patches.suse/initramfs-avoid-filename-buffer-overrun.patch.
- commit 145c949
- idpf: avoid vport access in idpf_get_link_ksettings
(CVE-2024-50274 bsc#1233463).
- commit 8971b65
- nilfs2: fix potential oob read in nilfs_btree_check_delete()
(bsc#1232187 CVE-2024-47757).
- commit d813a1d
- media: dvbdev: prevent the risk of out of memory access
(CVE-2024-53063 bsc#1233557).
- commit 52a90e5
- media: s5p-jpeg: prevent buffer overflows (CVE-2024-53061
bsc#1233555).
- commit aef5475
- firmware: arm_scmi: Fix slab-use-after-free in
scmi_bus_notifier() (CVE-2024-53068 bsc#1233561).
- commit e507b37
- x86/kvm: fix is_stale_page_fault() (bsc#1236675).
(cherry picked from commit 332e96833f1a2a081df46c4419786e0131c9b5af)
- commit 17eb2c1
- kernel-binary: Enable livepatch package only when livepatch is enabled
Otherwise the filelist may be empty failing the build (bsc#1218644).
- commit f730eec
- Update config files (bsc#1218644).
LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- commit 9c28790
- ALSA: firewire-lib: Avoid division by zero in
apply_constraint_to_size() (CVE-2024-50205 bsc#1233293).
- commit d31c5c9
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()
(CVE-2024-50154 bsc#1233070).
- commit 2430e1b
- unicode: Don't special case ignorable code points
(CVE-2024-50089 bsc#1232860).
- commit ba47e72
- mm/memory: add non-anonymous page check in the
copy_present_page() (bsc#1231646).
- commit 9f5cb06
- README.BRANCH: drop explicit maintainers
kbuild already recognizes all downstream branch maintainers an
merge their PRs so we do not need explicit maintainers for the cve
branch itself.
- commit cd6f8fb
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
(CVE-2024-50115 bsc#1232919).
- commit 4c6b1da
- mptcp: fix double-free on socket dismantle (CVE-2024-26782
bsc#1222590).
(cherry picked from commit 03ac3f085c702ef308481c09b021887b5a01d52b)
- commit 7f40404
- net/ncsi: Disable the ncsi work before freeing the associated
structure (CVE-2024-49945 bsc#1232165).
- commit 0369bdb
- net: sched: fix use-after-free in taprio_change()
(CVE-2024-50127 bsc#1232907).
- commit 88b0d06
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117 CVE-2024-50208)
- commit da4098a
- block: initialize integrity buffer to zero before writing it
to media (CVE-2024-43854 bsc#1229345).
- commit 2fc5adb
- x86/mm/ident_map: Use gbpages only where full GB page should
be mapped (bsc#1220382).
- x86/kexec: Add EFI config table identity mapping for kexec
kernel (bsc#1220382).
- commit c11660d
- initramfs: avoid filename buffer overrun (bsc#1232436).
- commit 6855778
- fbdev: efifb: Register sysfs groups through driver core
(bsc#1232224 CVE-2024-49925).
- commit ed25954
- net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979 CVE-2022-48960)
- commit e22014e
- ipv6: avoid use-after-free in ip6_fragment() (CVE-2022-48956
bsc#1231893).
- commit c192a62
- drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
(CVE-2024-49991 bsc#1232282).
- commit 6ba5342
- vhost_vdpa: assign irq bypass producer token correctly
(bsc#1232174 CVE-2024-47748).
- commit 51b6257
- ext4: fix timer use-after-free on failed mount (CVE-2024-49960
bsc#1232395).
- tipc: guard against string buffer overrun (CVE-2024-49995
bsc#1232432).
- commit 7dec126
- net/xen-netback: prevent UAF in xenvif_flush_hash()
(CVE-2024-49936 bsc#1232424).
- commit 05a71d8
- Update
patches.suse/IB-core-Implement-a-limit-on-UMAD-receive-List.patch
(bsc#1228743 CVE-2024-42145 bsc#1223384).
- Update
patches.suse/aoe-fix-the-potential-use-after-free-problem-in-more.patch
(bsc#1218562 CVE-2023-6270 CVE-2024-49982 bsc#1232097).
- Update
patches.suse/fuse-Initialize-beyond-EOF-page-contents-before-setti.patch
(bsc#1229454 CVE-2024-44947 bsc#1229456).
- Update patches.suse/media-edia-dvbdev-fix-a-use-after-free.patch
(CVE-2024-27043 bsc#1223824 bsc#1218562).
- commit 1967352
- Update
patches.suse/i3c-mipi-i3c-hci-Fix-out-of-bounds-access-in-hci_dma.patch
(git-fixes CVE-2023-52766 bsc#1230620).
- Update
patches.suse/nfc-nci-fix-possible-NULL-pointer-dereference-in-sen.patch
(git-fixes CVE-2023-52919 bsc#1231988).
- Update
patches.suse/tcp-do-not-accept-ACK-of-bytes-we-never-sent.patch
(CVE-2023-52881 bsc#1225611 bsc#1223384).
- Update patches.suse/wifi-ath11k-fix-htt-pktlog-locking.patch
(git-fixes CVE-2023-52800 bsc#1230600).
- commit 4af6b80
- Update
patches.suse/0001-af_unix-Get-user_ns-from-in_skb-in-unix_diag_get_exa.patch
(bsc#1209290 CVE-2023-28327 CVE-2022-48970 bsc#1231887).
- Update
patches.suse/ALSA-seq-Fix-function-prototype-mismatch-in-snd_seq_.patch
(git-fixes CVE-2022-48994 bsc#1232119).
- Update
patches.suse/ASoC-ops-Check-bounds-for-second-channel-in-snd_soc_.patch
(git-fixes CVE-2022-48951 bsc#1231929).
- Update
patches.suse/ASoC-ops-Fix-bounds-check-for-_sx-controls.patch
(git-fixes CVE-2022-49005 bsc#1232150).
- Update
patches.suse/ASoC-soc-pcm-Add-NULL-check-in-BE-reparenting.patch
(git-fixes CVE-2022-48992 bsc#1232071).
- Update
patches.suse/Bluetooth-Fix-not-cleanup-led-when-bt_init-fails.patch
(git-fixes CVE-2022-48971 bsc#1232037).
- Update patches.suse/Bluetooth-L2CAP-Fix-u8-overflow.patch
(CVE-2022-45934 bsc#1205796 CVE-2022-48947 bsc#1231895).
- Update
patches.suse/HID-core-fix-shift-out-of-bounds-in-hid_report_raw_e.patch
(git-fixes CVE-2022-48978 bsc#1232038).
- Update
patches.suse/Input-raydium_ts_i2c-fix-memory-leak-in-raydium_i2c_.patch
(git-fixes CVE-2022-48995 bsc#1232120).
- Update
patches.suse/NFC-nci-Bounds-check-struct-nfc_target-arrays.patch
(git-fixes CVE-2022-48967 bsc#1232304).
- Update
patches.suse/afs-Fix-server-active-leak-in-afs_put_server.patch
(git-fixes CVE-2022-49012 bsc#1232005).
- Update
patches.suse/btrfs-fix-hang-during-unmount-when-stopping-a-space-.patch
(bsc#1232262 CVE-2024-49867 CVE-2022-48664 bsc#1223524).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rcv_f.patch
(bsc#1210627 CVE-2023-2166 CVE-2022-48977 bsc#1231883).
- Update
patches.suse/can-m_can-pci-add-missing-m_can_class_free_dev-in-pr.patch
(git-fixes CVE-2022-49024 bsc#1232001).
- Update
patches.suse/char-tpm-Protect-tpm_pm_suspend-with-locks.patch
(git-fixes CVE-2022-48997 bsc#1232035).
- Update
patches.suse/drm-shmem-helper-Remove-errant-put-in-error-path.patch
(git-fixes CVE-2022-48981 bsc#1232229).
- Update
patches.suse/e100-Fix-possible-use-after-free-in-e100_xmit_prepar.patch
(git-fixes CVE-2022-49026 bsc#1231997).
- Update
patches.suse/gpio-amd8111-Fix-PCI-device-reference-count-leak.patch
(git-fixes CVE-2022-48973 bsc#1232039).
- Update
patches.suse/gpiolib-fix-memory-leak-in-gpiochip_setup_dev.patch
(git-fixes CVE-2022-48975 bsc#1231885).
- Update
patches.suse/hwmon-coretemp-Check-for-null-before-removing-sysfs-.patch
(git-fixes CVE-2022-49010 bsc#1232172).
- Update
patches.suse/hwmon-coretemp-fix-pci-device-refcount-leak-in-nv1a_.patch
(git-fixes CVE-2022-49011 bsc#1232006).
- Update
patches.suse/hwmon-ibmpex-Fix-possible-UAF-when-ibmpex_register_b.patch
(git-fixes CVE-2022-49029 bsc#1231995).
- Update
patches.suse/iavf-Fix-error-handling-in-iavf_init_module.patch
(jsc#SLE-18385 CVE-2022-49027 bsc#1232007).
- Update
patches.suse/igb-Initialize-mailbox-message-for-VF-reset.patch
(jsc#SLE-18379 CVE-2022-48949 bsc#1231897).
- Update
patches.suse/iio-health-afe4403-Fix-oob-read-in-afe4403_read_raw.patch
(git-fixes CVE-2022-49031 bsc#1231992).
- Update
patches.suse/iio-health-afe4404-Fix-oob-read-in-afe4404_-read-wri.patch
(git-fixes CVE-2022-49032 bsc#1231991).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-dmar_dev_scope_init
(git-fixes CVE-2022-49002 bsc#1232133).
- Update
patches.suse/iommu-vt-d-Fix-PCI-device-refcount-leak-in-has_external_pci
(git-fixes CVE-2022-49000 bsc#1232123).
- Update
patches.suse/ipv4-Handle-attempt-to-delete-multipath-route-when-f.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-48999 bsc#1231936).
- Update
patches.suse/ixgbevf-Fix-resource-leak-in-ixgbevf_init_module.patch
(git-fixes CVE-2022-49028 bsc#1231996).
- Update
patches.suse/mac802154-fix-missing-INIT_LIST_HEAD-in-ieee802154_i.patch
(git-fixes CVE-2022-48972 bsc#1232025).
- Update
patches.suse/media-v4l2-dv-timings.c-fix-too-strict-blanking-sani.patch
(git-fixes CVE-2022-48987 bsc#1232067).
- Update
patches.suse/msft-hv-2684-net-mana-Fix-race-on-per-CQ-variable-napi-work_done.patch
(git-fixes bsc#1206188 CVE-2022-48985 bsc#1231958).
- Update
patches.suse/net-ethernet-nixge-fix-NULL-dereference.patch
(git-fixes CVE-2022-49019 bsc#1231940).
- Update
patches.suse/net-mdio-fix-unbalanced-fwnode-reference-count-in-md.patch
(git-fixes CVE-2022-48961 bsc#1232108).
- Update
patches.suse/net-mdiobus-fix-unbalanced-node-reference-count.patch
(git-fixes CVE-2022-49016 bsc#1231937).
- Update
patches.suse/net-mlx5e-Fix-use-after-free-when-reverting-terminat.patch
(jsc#SLE-19253 CVE-2022-49025 bsc#1231960).
- Update
patches.suse/net-phy-fix-null-ptr-deref-while-probe-failed.patch
(git-fixes CVE-2022-49021 bsc#1231939).
- Update
patches.suse/net-thunderbolt-fix-memory-leak-in-tbnet_open.patch
(git-fixes CVE-2022-48955 bsc#1231892).
- Update
patches.suse/net-tun-Fix-use-after-free-in-tun_detach.patch
(git-fixes CVE-2022-49014 bsc#1231890).
- Update
patches.suse/nilfs2-fix-NULL-pointer-dereference-in-nilfs_palloc_.patch
(git-fixes CVE-2022-49007 bsc#1232170).
- Update
patches.suse/nvme-fix-SRCU-protection-of-nvme_ns_head-list.patch
(git-fixes CVE-2022-49003 bsc#1232136).
- Update
patches.suse/octeontx2-pf-Fix-potential-memory-leak-in-otx2_init_.patch
(jsc#SLE-24682 CVE-2022-48968 bsc#1232237).
- Update
patches.suse/rtc-cmos-Fix-event-handler-registration-ordering-iss.patch
(git-fixes CVE-2022-48953 bsc#1231941).
- Update patches.suse/s390-qeth-fix-use-after-free-in-hsci.patch
(bsc#1210449 git-fixes CVE-2022-48954 bsc#1231972).
- Update
patches.suse/tracing-Free-buffers-when-a-used-dynamic-event-is-removed.patch
(git-fixes CVE-2022-49006 bsc#1232163).
- Update
patches.suse/udf-Fix-preallocation-discarding-at-indirect-extent-.patch
(bsc#1213034 CVE-2022-48946 bsc#1231888).
- Update
patches.suse/usb-gadget-uvc-Prevent-buffer-overflow-in-setup-hand.patch
(git-fixes CVE-2022-48948 bsc#1231896).
- Update
patches.suse/wifi-cfg80211-fix-buffer-overflow-in-elem-comparison.patch
(git-fixes CVE-2022-49023 bsc#1231961).
- Update
patches.suse/wifi-mac8021-fix-possible-oob-access-in-ieee80211_ge.patch
(git-fixes CVE-2022-49022 bsc#1231962).
- Update
patches.suse/xen-netfront-Fix-NULL-sring-after-live-migration.patch
(git-fixes CVE-2022-48969 bsc#1232026).
- commit 2377658
- Update
patches.suse/drm-vc4-kms-Add-missing-drm_crtc_commit_put.patch
(git-fixes CVE-2021-47534 bsc#1230903).
- Update patches.suse/phy-mdio-fix-memory-leak.patch (git-fixes
stable-5.14.12 CVE-2021-47416 bsc#1225336 bsc#1225189).
- commit d4160e3
- NFSD: Force all NFSv4.2 COPY requests to be synchronous
(CVE-2024-49974 bsc#1232383).
- commit e488dd4
- ACPI: sysfs: validate return type of _STR method (bsc#1231861
CVE-2024-49860).
- commit 1bb3615
- Delete patches.suse/scsi-Update-max_hw_sectors-on-rescan.patch (bsc#1216223)
- commit c6f8315
- Refresh
patches.suse/scsi-ibmvfc-Add-max_sectors-module-parameter.patch.
- commit 707c768
- drm/amd/display: Fix index out of bounds in DCN30 color
transformation (CVE-2024-49969 bsc#1232519).
- commit a2392a3
- smb: client: fix UAF in async decryption (bsc#1232418
CVE-2024-50047).
- commit dcba7ec
- net: hisilicon: Fix potential use-after-free in hisi_femac_rx()
(CVE-2022-48962 bsc#1232286).
- commit 0f23f49
- btrfs: wait for fixup workers before stopping cleaner kthread
during umount (bsc#1232262 CVE-2024-49867).
- btrfs: fix hang during unmount when stopping a space reclaim
worker (bsc#1232262 CVE-2024-49867).
- commit b603fa4
- mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma
(CVE-2022-48991 bsc#1232070 prerequisity git-fix).
- mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths
(CVE-2022-48991 bsc#1232070).
- commit 3ab8533
- mm/khugepaged: fix GUP-fast interaction by sending IPI
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 327d525
- mm/khugepaged: take the right locks for page table retraction
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit e43adf4
- mm: gup: fix the fast GUP race against THP collapse
(CVE-2022-48991 bsc#1232070 prerequisity).
- commit 262192e
- s390/dasd: fix error recovery leading to data corruption on
ESE devices (git-fixes bsc#1229452 CVE-2024-45026 bsc#1230454
bsc#1232281).
- commit fc1d054
- net: seeq: Fix use after free vulnerability in ether3 Driver
Due to Race Condition (CVE-2024-47747 bsc#1232145).
- commit a1020b1
- drm/amd/display: Check msg_id before processing transcation (CVE-2024-46814 bsc#1231193).
- commit 81681a2
- RDMA/mana_ib: use the correct page size for mapping user-mode
doorbell page (bsc#1232036).
- net: mana: Fix the extra HZ in mana_hwc_send_request
(bsc#1232033).
- commit 8c14fb0
- block, bfq: fix possible UAF for bfqq->bic with merge chain (CVE-2024-47706 bsc#1231942)
- commit c5d0bc0
- tcp: check skb is non-NULL in tcp_rto_delta_us() (CVE-2024-47684 bsc#1231987)
- commit 569d856
- net: hsr: Fix potential use-after-free (CVE-2022-49015 bsc#1231938)
- commit 5883d13
- wifi: ath11k: fix array out-of-bound access in SoC stats
(CVE-2024-49930 bsc#1232260).
- commit e11de4c
- Update
patches.suse/memcg-Fix-possible-use-after-free-in-memcg_write_event_control.patch
(bsc#1206344, CVE-2022-48988, bsc#1232069).
- commit e7eaea8
- net: dsa: sja1105: fix memory leak in
sja1105_setup_devlink_regions() (CVE-2022-48959 bsc#1231976).
- commit ec81f5f
- mm: avoid leaving partial pfn mappings around in error case
(CVE-2024-47674 bsc#1231673).
- commit 9910e8f
- netem: fix return value if duplicate enqueue fails
(CVE-2024-45016 bsc#1230429).
- commit 2e9108a
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668 bsc#1231502)
- commit 45aa8b3
- dn_route: set rt neigh to blackhole_netdev instead of
loopback_dev in ifdown (bsc#1216813).
- commit 673d32f
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev
in ifdown (bsc#1216813).
- commit 0e5b278
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- commit 0c7762c
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- commit 5d1a23a
- aoe: fix the potential use-after-free problem in more places
(bsc#1218562 CVE-2023-6270).
- commit e949a45
- efi: fix NULL-deref in init error path (bsc#1229556
CVE-2022-48879).
- commit 41e1770
- dmaengine: altera-msgdma: properly free descriptor in
msgdma_free_descriptor (bsc#1230715 CVE-2024-46716).
- commit 92074a5
- bpf: Fix pointer-leak due to insufficient speculative store
bypass mitigation (bsc#1231375).
- commit fd93435
- drm/amd/display: Check gpio_id before used as array index (CVE-2024-46818 bsc#1231203).
- commit 53caf4b
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (CVE-2024-46815 bsc#1231195).
- commit ad18f86
- drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (CVE-2024-46816 bsc#1231197).
- commit 1eea356
- Delete some more obsolete scripts
- commit 0d4cf12
- drm/amd/display: Check link_index before accessing dc->links (CVE-2024-46813 bsc#1231191).
- commit a97e1a4
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (CVE-2024-46817 bsc#1231200).
- commit 18cf241
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- commit 9f2c584
- NFSv3: only use NFS timeout for MOUNT when protocols are
compatible (bsc#1231016).
- commit 2b5943c
- ASoC: meson: axg-card: fix 'use-after-free' (CVE-2024-46849 bsc#1231073)
- commit a395e2d
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE
They depend on SHADOW_CALL_STACK.
- commit 65fa52b
- usb: dwc3: st: fix probed platform device ref count on probe
error path (bsc#1230507 CVE-2024-46674).
- commit ffd5693
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
Delete
patches.suse/ibmvfc-make-max_sectors-a-module-option.patch.
- commit 13d3e25
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (CVE-2024-45013 bsc#1230442)
- commit 75bf6d9
- Update
patches.suse/media-vivid-fix-compose-size-exceed-boundary.patch
(git-fixes CVE-2022-48945 bsc#1230398).
- Update
patches.suse/powerpc-rtas-Prevent-Spectre-v1-gadget-construction-.patch
(bsc#1227487 CVE-2024-46774 bsc#1230767).
- Update patches.suse/sched-Fix-yet-more-sched_fork-races.patch
(git fixes (sched/core) CVE-2022-48944 bsc#1229947).
- commit be5b46d
- SUNRPC: avoid soft lockup when transmitting UDP to reachable
server (bsc#1225272 bsc#1231016).
- commit d8ddf61
- kabi: add __nf_queue_get_refs() for kabi compliance.
- netfilter: nf_queue: fix possible use-after-free (bsc#1229633,
CVE-2022-48911).
- commit 09526c9
- btrfs: prevent copying too big compressed lzo segment (CVE-2022-48923 bsc#1229662)
- commit 9c5b30e
- dev/parport: fix the array out-of-bounds risk (CVE-2024-42301
bsc#1229407).
- commit 0515c56
- KABI: kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 4220de4
- kcm: Serialise kcm_sendmsg() for the same socket
(CVE-2024-44946 bsc#1230015).
- commit 195f676
- Refresh
patches.suse/Bluetooth-hci_ldisc-check-HCI_UART_PROTO_READY-flag-.patch.
Update upstream status and move to the sorted section.
- commit 43dbf50
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit f5c92ca
- Revert "mm/sparsemem: fix race in accessing memory_section->usage"
This reverts commit 606bd9b8228bfe004cf6ab930ffb673a535e3c55.
- commit 532bbfe
- Revert "mm, kmsan: fix infinite recursion due to RCU critical section"
This reverts commit 1702784a5db6b26695f0bc2c6b0cbe973db5c0f3.
- commit e220e83
- Revert "mm: prevent derefencing NULL ptr in pfn_section_valid()"
This reverts commit d77caa16c18115f0c470ecf5cdd3cdb6f9865aeb.
- commit b38d226
- blk-mq: add helper for checking if one CPU is mapped to
specified hctx (bsc#1223600).
- blk-mq: don't schedule block kworker on isolated CPUs
(bsc#1223600).
- commit 4537dc0
- vfs: Don't evict inode under the inode lru traversing context
(CVE-2024-45003 bsc#1230245).
- commit 82e6e44
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- commit 9438e54
- bluetooth/l2cap: sync sock recv cb and release (bsc#1228576
CVE-2024-41062).
- commit 5b1f743
- Update references
- commit a096907
- fuse: Initialize beyond-EOF page contents before setting
uptodate (bsc#1229454 CVE-2024-44947).
- commit ddfd2d7
- usb: vhci-hcd: Do not drop references before new references
are gained (CVE-2024-43883 bsc#1229707).
- commit 44d7bae
- net: usb: qmi_wwan: fix memory leak for not ip packets
(CVE-2024-43861 bsc#1229500).
- commit 3e796c3
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7
(bsc#1226666).
- commit 95da232
- Update
patches.suse/ASoC-ops-Shift-tested-values-in-snd_soc_put_volsw-by.patch
(git-fixes CVE-2022-48917 bsc#1229637).
- Update
patches.suse/Bluetooth-hci_qca-Fix-driver-shutdown-on-closed-serd.patch
(git-fixes CVE-2022-48878 bsc#1229554).
- Update
patches.suse/CDC-NCM-avoid-overflow-in-sanity-checking.patch
(git-fixes CVE-2022-48938 bsc#1229664).
- Update
patches.suse/KVM-x86-mmu-make-apf-token-non-zero-to-fix-bug.patch
(git-fixes CVE-2022-48943 bsc#1229645).
- Update
patches.suse/RDMA-cma-Do-not-change-route.addr.src_addr-outside-s.patch
(git-fixes CVE-2022-48925 bsc#1229630).
- Update patches.suse/RDMA-ib_srp-Fix-a-deadlock.patch (git-fixes
CVE-2022-48930 bsc#1229624).
- Update
patches.suse/USB-gadgetfs-Fix-race-between-mounting-and-unmountin.patch
(CVE-2022-4382 bsc#1206258 CVE-2022-48869 bsc#1229507).
- Update
patches.suse/auxdisplay-lcd2s-Fix-memory-leak-in-remove.patch
(git-fixes CVE-2022-48907 bsc#1229608).
- Update
patches.suse/blktrace-fix-use-after-free-for-struct-blk_trace.patch
(bsc#1198017 CVE-2022-48913 bsc#1229643).
- Update
patches.suse/bpf-Fix-crash-due-to-out-of-bounds-access-into-reg2b.patch
(git-fixes bsc#1194111 bsc#1194765 bsc#1196261 CVE-2021-4204
CVE-2022-0500 CVE-2022-23222 CVE-2022-48929 bsc#1229625).
- Update
patches.suse/btrfs-fix-race-between-quota-rescan-and-disable-lead.patch
(bsc#1207158 CVE-2023-52896 bsc#1229533).
- Update
patches.suse/btrfs-fix-relocation-crash-due-to-premature-return-f.patch
(bsc#1203360 CVE-2022-48903 bsc#1229613).
- Update
patches.suse/cgroup-cpuset-Prevent-UAF-in-proc_cpuset_show.patch
(bsc#1228801 CVE-2024-43853 bsc#1229292).
- Update
patches.suse/cifs-fix-double-free-race-when-mount-fails-in-cifs_get_root-.patch
(bsc#1193629 CVE-2022-48919 bsc#1229657).
- Update
patches.suse/configfs-fix-a-race-in-configfs_-un-register_subsyst.patch
(git-fixes CVE-2022-48931 bsc#1229623).
- Update
patches.suse/dmaengine-idxd-Let-probe-fail-when-workqueue-cannot-.patch
(git-fixes CVE-2022-48868 bsc#1229506).
- Update
patches.suse/drm-msm-another-fix-for-the-headless-Adreno-GPU.patch
(git-fixes CVE-2023-52911 bsc#1229522).
- Update
patches.suse/drm-msm-dp-do-not-complete-dp_aux_cmd_fifo_tx-if-irq.patch
(git-fixes CVE-2022-48898 bsc#1229537).
- Update patches.suse/drm-virtio-Fix-GEM-handle-creation-UAF.patch
(git-fixes CVE-2022-48899 bsc#1229536).
- Update
patches.suse/gsmi-fix-null-deref-in-gsmi_get_variable.patch
(git-fixes CVE-2023-52893 bsc#1229535).
- Update
patches.suse/hwmon-Handle-failure-to-register-sensor-with-thermal.patch
(git-fixes CVE-2022-48942 bsc#1229612).
- Update
patches.suse/ibmvnic-free-reset-work-item-when-flushing.patch
(bsc#1196516 ltc#196391 CVE-2022-48905 bsc#1229604).
- Update
patches.suse/ice-fix-concurrent-reset-and-removal-of-VFs.patch
(git-fixes CVE-2022-48941 bsc#1229614).
- Update
patches.suse/iio-adc-men_z188_adc-Fix-a-resource-leak-in-an-error.patch
(git-fixes CVE-2022-48928 bsc#1229626).
- Update
patches.suse/iio-adc-tsc2046-fix-memory-corruption-by-preventing-.patch
(git-fixes CVE-2022-48927 bsc#1229628).
- Update
patches.suse/io_uring-add-a-schedule-point-in-io_add_buffers.patch
(git-fixes CVE-2022-48937 bsc#1229617).
- Update patches.suse/iommu-amd-Fix-I-O-page-table-memory-leak
(git-fixes CVE-2022-48904 bsc#1229603).
- Update
patches.suse/iommu-vt-d-fix-double-list_add-when-enabling-vmd-in-scalable-mode
(bsc#1196894 CVE-2022-48916 bsc#1229638).
- Update
patches.suse/iwlwifi-mvm-check-debugfs_dir-ptr-before-use.patch
(git-fixes CVE-2022-48918 bsc#1229636).
- Update patches.suse/ixgbe-fix-pci-device-refcount-leak.patch
(jsc#SLE-18384 CVE-2022-48896 bsc#1229540).
- Update
patches.suse/misc-fastrpc-Don-t-remove-map-on-creater_process-and.patch
(git-fixes CVE-2022-48873 bsc#1229512).
- Update
patches.suse/misc-fastrpc-Fix-use-after-free-race-condition-for-m.patch
(git-fixes CVE-2022-48872 bsc#1229510).
- Update
patches.suse/net-mlx5-DR-Fix-slab-out-of-bounds-in-mlx5_cmd_dr_cr.patch
(jsc#SLE-19253 CVE-2022-48932 bsc#1229622).
- Update patches.suse/net-smc-fix-connection-leak (git-fixes
CVE-2022-48909 bsc#1229611).
- Update
patches.suse/nfc-pn533-Wait-for-out_urb-s-completion-in-pn533_usb.patch
(git-fixes CVE-2023-52907 bsc#1229526).
- Update
patches.suse/nfp-flower-Fix-a-potential-leak-in-nfp_tunnel_add_sh.patch
(git-fixes CVE-2022-48934 bsc#1229620).
- Update
patches.suse/nilfs2-fix-general-protection-fault-in-nilfs_btree_i.patch
(git-fixes CVE-2023-52900 bsc#1229581).
- Update
patches.suse/octeontx2-pf-Fix-resource-leakage-in-VF-driver-unbin.patch
(git-fixes CVE-2023-52905 bsc#1229528).
- Update
patches.suse/platform-surface-aggregator-Add-missing-call-to-ssam.patch
(git-fixes CVE-2022-48880 bsc#1229557).
- Update
patches.suse/regulator-da9211-Use-irq-handler-when-ready.patch
(git-fixes CVE-2022-48891 bsc#1229565).
- Update
patches.suse/sched-fair-Fix-fault-in-reweight_entity.patch
(git fixes (sched/core) CVE-2022-48921 bsc#1229635).
- Update
patches.suse/scsi-storvsc-Fix-swiotlb-bounce-buffer-leak-in-confi.patch
(bsc#1206006 CVE-2022-48890 bsc#1229544).
- Update
patches.suse/spi-spi-zynq-qspi-Fix-a-NULL-pointer-dereference-in-.patch
(git-fixes CVE-2021-4441 bsc#1229598).
- Update
patches.suse/thermal-core-Fix-TZ_GET_TRIP-NULL-pointer-dereferenc.patch
(git-fixes CVE-2022-48915 bsc#1229639).
- Update
patches.suse/thermal-int340x-fix-memory-leak-in-int3400_notify.patch
(git-fixes CVE-2022-48924 bsc#1229631).
- Update
patches.suse/tty-fix-possible-null-ptr-defer-in-spk_ttyio_release.patch
(git-fixes CVE-2022-48870 bsc#1229508).
- Update
patches.suse/tty-serial-qcom-geni-serial-fix-slab-out-of-bounds-o.patch
(git-fixes CVE-2022-48871 bsc#1229509).
- Update
patches.suse/usb-gadget-f_ncm-fix-potential-NULL-ptr-deref-in-ncm.patch
(git-fixes CVE-2023-52894 bsc#1229566).
- Update
patches.suse/usb-gadget-rndis-add-spinlock-for-rndis-response-lis.patch
(git-fixes CVE-2022-48926 bsc#1229629).
- Update
patches.suse/usb-xhci-Check-endpoint-is-valid-before-dereferencin.patch
(git-fixes CVE-2023-52901 bsc#1229531).
- Update
patches.suse/wifi-mac80211-sdata-can-be-NULL-during-AMPDU-start.patch
(git-fixes CVE-2022-48875 bsc#1229516).
- Update
patches.suse/xen-netfront-destroy-queues-before-real_num_tx_queue.patch
(git-fixes CVE-2022-48914 bsc#1229642).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-when-host-dies.patch
(git-fixes CVE-2023-52898 bsc#1229568).
- commit 5c5e4d7
- mm: prevent derefencing NULL ptr in pfn_section_valid()
(git-fixes).
- commit d77caa1
- mm, kmsan: fix infinite recursion due to RCU critical section
(git-fixes).
- commit 1702784
- mm/sparsemem: fix race in accessing memory_section->usage
(bsc#1221326 CVE-2023-52489).
- commit 606bd9b
- jfs: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792
CVE-2024-44938).
- commit 8003b7e
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit b5892ca
- ata: libata-core: Fix double free on error
(CVE-2024-41087,bsc#1228466).
- commit 0a4b370
- exec: Fix ToCToU between perm check and set-uid/gid usage
(CVE-2024-43882 bsc#1229503).
- commit 83a7456
- netfilter: nf_tables: unregister flowtable hooks on netns exit (CVE-2022-48935 bsc#1229619)
- commit 3e33f70
- netfilter: fix use-after-free in __nf_register_net_hook() (CVE-2022-48912 bsc#1229641)
- commit f8f42c3
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY
gcc version dependent, at least on ppc
- commit 16da158
- scsi: smartpqi: Expose SAS address for SATA drives
(bsc#1223958).
- commit 6711c21
- net/iucv: fix use after free in iucv_sock_close()
(CVE-2024-42271 bsc#1229400 bsc#1228974).
- commit 82bb6f3
- Update
patches.suse/drm-amdkfd-don-t-allow-mapping-the-MMIO-HDP-page-wit.patch
(CVE-2024-41011 bsc#1228115 bsc#1228114).
- Update
patches.suse/powerpc-pseries-Fix-scv-instruction-crash-with-kexec.patch
(bsc#1194869 CVE-2024-42230 bsc#1228489).
- commit f6019c1
- libceph: fix race between delayed_work() and ceph_monc_stop()
(bsc#1228959 CVE-2024-42232).
- commit 27160c2
- rpm/kernel-binary.spec.in: fix klp_symbols macro
The commit below removed openSUSE filter from %ifs of the klp_symbols
definition. But it removed -c of grep too and that causes:
error: syntax error in expression: 01 && ( || 1 )
error: ^
error: unmatched (: 01 && ( || 1 )
error: ^
error: kernel-default.spec:137: bad %if condition: 01 && ( || 1 )
So reintroduce -c to the PTF's grep.
Fixes: fd0b293bebaf (kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).)
- commit 4a36fe3
- rpm/kernel-binary.spec.in: Fix build regression
The previous fix forgot to take over grep -c option that broke the
conditional expression
- commit d29edf2
- kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042).
After the Jump project the kernel used by SLE and openSUSE Leap are the
same. As consequence the klp_symbols variable is set, enabling
kernel-default-livepatch-devel on both SLE and openSUSE.
The current rules to avoid enabling the package exclude openSUSE
Tumbleweed alone, which doesn't makes sense for now. Enabling
kernel-default-livepatch-devel on TW makes it easier to test the
creation of kernel livepatches of the next SLE versions.
- commit fd0b293
- Update
patches.suse/powerpc-Avoid-nmi_enter-nmi_exit-in-real-mode-interr.patch
(bsc#1221645 ltc#205739 bsc#1223191 CVE-2024-42126 bsc#1228718).
Add CVE references.
- commit 637c320
- Update
patches.suse/0001-ocfs2-fix-DIO-failure-due-to-insufficient-transactio.patch
(bsc#1216834 CVE-2024-42077 bsc#1228516).
Add CVE references.
- commit 8360e90
- ax25: Fix refcount imbalance on inbound connections
(CVE-2024-40910 bsc#1227832).
- commit 12cb329
- config.sh: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- kernel-binary: generate and install compile_commands.json (bsc#1228971)
This file contains the command line options used to compile every C file.
It's useful for the livepatching team.
- commit 314f719
- packaging: Add case-sensitive perl option parsing
A recent change in Getopt::Long [1]:
Changes in version 2.55
- ----------------------
* Fix long standing bug that duplicate options were not detected
when the options differ in case while ignore_case is in effect.
This will now yield a warning and become a fatal error in a future
release.
perl defaults to ignore_case by default, switch it off to avoid
accidental misparsing of options.
This was suggested after similar change in scripts/.
- commit e978477
- krb5
-
- Prevent overflow when calculating ulog block size. An authenticated
attacker can cause kadmind to write beyond the end of the mapped
region for the iprop log file, likely causing a process crash;
(CVE-2025-24528); (bsc#1236619).
- Add patch 0014-Prevent-overflow-when-calculating-ulog-block-size.patch
- libapparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- Add dovecot-unix_chkpwd.diff to allow dovecot-auth to execute
unix_chkpwd, and add a profile for unix_chkpwd. This is needed
for PAM with CVE-2024-10041 (bsc#1234452)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- avahi
-
- prerequire avahi in avahi-autipd as we user "user avahi"
- Add avahi-CVE-2024-52616.patch:
Backporting 1dade81c from upstream: Properly randomize query id
of DNS packets.
(CVE-2024-52616, bsc#1233420)
- Add avahi-filter-bogus-services.patch: no longer supply bogus
services to callbacks (bsc#1226586).
- util-linux
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- cryptsetup
-
- luksFormat succeeds despite creating corrupt device [bsc#1234273]
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
* Add patches:
- cryptsetup-Add-a-better-warning-if-luksFormat-no-space-for-data.patch
- cryptsetup-Print-warning-early-if-LUKS-container-is-too-small-for-activation.patch
- expat
-
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 for SLE-15-SP4
- deleted patches
- expat-CVE-2022-25235.patch (upstreamed)
- expat-CVE-2022-25236-relax-fix.patch (upstreamed)
- expat-CVE-2022-25236.patch (upstreamed)
- expat-CVE-2022-25313-fix-regression.patch (upstreamed)
- expat-CVE-2022-25313.patch (upstreamed)
- expat-CVE-2022-25314.patch (upstreamed)
- expat-CVE-2022-25315.patch (upstreamed)
- expat-CVE-2022-40674.patch (upstreamed)
- expat-CVE-2022-43680.patch (upstreamed)
- expat-CVE-2023-52425-1.patch (upstreamed)
- expat-CVE-2023-52425-2.patch (upstreamed)
- expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
- expat-CVE-2023-52425-fix-tests.patch (upstreamed)
- expat-CVE-2024-28757.patch (upstreamed)
- expat-CVE-2024-45490.patch (upstreamed)
- expat-CVE-2024-45491.patch (upstreamed)
- expat-CVE-2024-45492.patch (upstreamed)
- expat-CVE-2024-50602.patch (upstreamed)
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
- version update to 2.6.4
* Security fixes: [bsc#1232601][bsc#1232579]
[#915] CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
* Other changes:
[#903] CMake: Add alias target "expat::expat"
[#905] docs: Document use via CMake >=3.18 with FetchContent
and SOURCE_SUBDIR and its consequences
[#902] tests: Reduce use of global parser instance
[#904] tests: Resolve duplicate handler
[#317] #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
[#914] Fix signedness of format strings
[#919] #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
- updated keyring [https://build.suse.de/request/show/345282]
- modified sources
% expat.keyring
- freetype2
-
- enable brotli support (jsc#PED-12258)
- Added patch:
* CVE-2025-27363.patch
+ fixes bsc#1239465, CVE-2025-27363: out-of-bounds write when
attempting to parse font subglyph structures related to
TrueType GX and variable font files
- glib2
-
- Add glib2-CVE-2025-4373.patch: carefully handle gssize parameters
(bsc#1242844 CVE-2025-4373 glgo#GNOME/glib#3677).
- Add glib2-CVE-2025-3360.patch:
Backport 8d60d7dc from upstream, Fix integer overflow when
parsing very long ISO8601 inputs. This will only happen with
invalid (or maliciously invalid) potential ISO8601 strings,
but `g_date_time_new_from_iso8601()` needs to be robust against
that.
(CVE-2025-3360, bsc#1240897)
- Add glib2-CVE-2024-52533.patch: fix a single byte buffer overflow
(boo#1233282 CVE-2024-52533 glgo#GNOME/glib#3461).
- gnutls
-
- Security fix [bsc#1236974, CVE-2024-12243]
* gnutls: inefficient DER Decoding in libtasn1 could lead to remote DoS
* Add gnutls-CVE-2024-12243.patch
- ncurses
-
- Modify patch ncurses-5.9-ibm327x.dif
* Backport sclp terminfo description entry if for s390 sclp terminal lines
* Add a further sclp entry for qemu s390 based systems
* Make use of dumb
- Add patch ncurses-6.1-boo1229028.patch (boo#1229028)
* Allow that terminal description based on static fallback
entries can be freed.
- open-iscsi
-
- Moved this patch upstream, so now it's part of
open-iscsi-SUSE-latest.diff, and no longer needed here:
* iscsid-clear-scanning-thread-pr_set_io_flusher-flag.patch
- iscsid-clear-scanning-thread-pr_set_io_flusher-flag.patch: fix
device discovery failure on systems with a large number of
devices (bsc#1235606).
- Fix issue with yast restarting the iscsid service without
first restarting the iscsid socket, which upsets systemd
(bsc#1206132). This is already fixed upstream.
- Branched SLE-15-SP3 from Factory. No longer in sync with
Tumbleweed.
- Backported upstream commit, which sets 'safe_logout' and
'startup' in iscsid.conf, to address bsc#1207157
- Updated year in SPEC file
- openssl-1_1
-
- Security fix: [bsc#1236136, CVE-2024-13176]
* timing side-channel in the ECDSA signature computation
* Add openssl-CVE-2024-13176.patch
- Security fix: [bsc#1220262, CVE-2023-50782]
* Implicit rejection in PKCS#1 v1.5
* Add openssl-CVE-2023-50782.patch
- libpcap
-
- enable rdma support (bsc#1230894)
- procps
-
- Add patch CVE-2023-4016-part2.patch
* Fix the ps command segfaults when pid argument has a leading space (bsc#1236842)
- python3
-
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- Add CVE-2025-0938-sq-brackets-domain-names.patch which
disallows square brackets ([ and ]) in domain names for parsed
URLs (bsc#1236705, CVE-2025-0938, gh#python/cpython#105704)
- Remove -IVendor/ from python-config boo#1231795
- Fix CVE-2024-11168-validation-IPv6-addrs.patch
- PGO run of build freezes with parallel processing, switch to -j1
- Add CVE-2024-11168-validation-IPv6-addrs.patch
fixing bsc#1233307 (CVE-2024-11168,
gh#python/cpython#103848): Improper validation of IPv6 and
IPvFuture addresses.
- Add CVE-2024-9287-venv_path_unquoted.patch to properly quote
path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)
- Drop .pyc files from docdir for reproducible builds
(bsc#1230906).
- Add CVE-2024-6232-ReDOS-backtrack-tarfile.patch prevent
ReDos via excessive backtracking while parsing header values
(bsc#1230227, CVE-2024-6232).
- Add CVE-2024-5642-switch-off-NPN.patch switching off the NPN
support eliminating bsc#1227233 (CVE-2024-5642).
- Add CVE-2024-6923-email-hdr-inject.patch to prevent email
header injection due to unquoted newlines (bsc#1228780,
CVE-2024-6923).
- Add CVE-2024-7592-quad-complex-cookies.patch fixing quadratic
complexity in parsing cookies with backslashes (bsc#1229596,
CVE-2024-7592)
- %{profileopt} variable is set according to the variable
%{do_profiling} (bsc#1227999)
- Remove %suse_update_desktop_file macro as it is not useful any
more.
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
- librdkafka
-
- 0001-Fix-timespec-conversion-to-avoid-infinite-loop-2108-.patch:
avoid endless loops (bsc#1242842)
- libsolv
-
- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- bump version to 0.7.32
- Provide a symbol specific for the ruby-version
so yast does not break across updates (boo#1235598)
- fix replaces_installed_package using the wrong solvable id
when checking the noupdate map
- make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- add rpm_query_idarray query function
- support rpm's "orderwithrequires" dependency
- bump version to 0.7.31
- sqlite3
-
- Sync version 3.49.1 from Factory (jsc#SLE-16032):
* CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
function, introduced in version 3.44.0, that could lead to a
memory error if the separator string is very large (hundreds
of megabytes).
* CVE-2025-29088, bsc#1241078: Enhanced the
SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust
against misuse.
* Obsoletes sqlite3-rtree-i686.patch
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- systemd
-
- Import commit cba472567893618e15b4ab95a3cb0a762ad3ed10
0e8c003e1f core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
621e16c0b8 core/unit: add get_timeout_start_usec in UnitVTable and define it for service
b4140d888a sd-bus: make bus_add_match_full accept timeout
81cb3a4fb5 udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
533e98fc6b sd-device: add helper to read a unsigned int attribute
- libtasn1
-
- Security fix: [bsc#1236878, CVE-2024-12133]
* Potential DoS in handling of numerous SEQUENCE OF or SET OF elements
* Add libtasn1-CVE-2024-12133.patch
- libxml2
-
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- security update
- added patches
CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+ libxml2-CVE-2025-32414.patch
CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+ libxml2-CVE-2025-32415.patch
- security update
- added patches
fix CVE-2024-56171 [bsc#1237363], use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c
+ libxml2-CVE-2024-56171.patch
fix CVE-2025-24928 [bsc#1237370], stack-based buffer overflow in xmlSnprintfElements in valid.c
+ libxml2-CVE-2025-24928.patch
fix CVE-2025-27113 [bsc#1237418], NULL Pointer Dereference in libxml2 xmlPatMatch
+ libxml2-CVE-2025-27113.patch
- security update
- added patches
fix CVE-2022-49043 [bsc#1236460], use-after-free in xmlXIncludeAddNode
+ libxml2-CVE-2022-49043.patch
- libzypp
-
- Fix credential handling in HEAD requests (bsc#1244105)
- version 17.37.5 (35)
- RepoInfo: use pathNameSetTrailingSlash (fixes #643)
- Fix wrong userdata parameter type when running zypp with debug
verbosity (bsc#1239012)
- version 17.37.4 (35)
- Do not warn about no mirrors if mirrorlist was switched on
automatically. (bsc#1243901)
- Relax permission of cached packages to 0644 & ~umask
(bsc#1243887)
- version 17.37.3 (35)
- Add a note to service maintained .repo file entries (fixes #638)
- Support using %{url} variable in a RIS service's repo section.
- version 17.37.2 (35)
- Use a cookie file to validate mirrorlist cache.
This patch extends the mirrorlist code to use a cookie file to
validate the contents of the cache against the source URL, making
sure that we do not accidentially use a old cache when the
mirrorlist url was changed. For example when migrating a system
from one release to the next where the same repo alias might just
have a different URL.
- Let Service define and update gpgkey, mirrorlist and metalink.
- Preserve a mirrorlist file in the raw cache during refresh.
- version 17.37.1 (35)
- Code16: Enable curl2 backend and parallel package download by
default. In Code15 it's optional.
Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1>
can be used to turn the features on or off.
- Make gpgKeyUrl the default source for gpg keys.
When refreshing zypp now primarily uses gpgKeyUrl information
from the repo files and only falls back to a automatically
generated key Url if a gpgKeyUrl was not specified.
- Introduce mirrors into the Media backends (bsc#1240132)
- Drop MediaMultiCurl backend.
- Throttle progress updates when preloading packages (bsc#1239543)
- Check if request is in valid state in CURL callbacks (fixes
openSUSE/zypper#605)
- spec/CMake: add conditional build
'--with[out] classic_rpmtrans_as_default'.
classic_rpmtrans is the current builtin default for SUSE,
otherwise it's single_rpmtrans.
The `enable_preview_single_rpmtrans_as_default_for_zypper` switch
was removed from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
- version 17.37.0 (35)
- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
libxml2 2.14 potentially reads the complete stream, so it may
have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
service may set.
Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
keeppackages, gpgkey, mirrorlist, and metalink with the same
semantic as in a .repo file.
- version 17.36.7 (35)
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires: %{libsolv_devel_package} >= 0.7.32.
Code16 moved static libs to libsolv-devel-static.
- Drop usage of SHA1 hash algorithm because it will become
unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
default (false).
The default was true in Code12 (libzypp-16.x) and changed to
false with Code15 (libzypp-17.x). Unfortunately this was done by
shipping a modified zypp.conf file rather than fixing the code.
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- version 17.36.6 (35)
- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
(bsc#1238315)
Ftp actually differs between absolute and relative URL paths.
Absolute path names begin with a double slash encoded as '/%2F'.
This must be preserved when manipulating the path.
- version 17.36.5 (35)
- Add a transaction package preloader (fixes openSUSE/zypper#104)
This patch adds a preloader that concurrently downloads files
during a transaction commit. It's not yet enabled per default.
To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
in the environment.
- RpmPkgSigCheck_test: Exchange the test package signingkey
(fixes #622)
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
- Strip a mediahandler tag from baseUrl querystrings.
- version 17.36.4 (35)
- Disable zypp.conf:download.use_deltarpm by default (fixes #620)
Measurements show that you don't benefit from using deltarpms
unless your network connection is very slow. That's why most
distributions even stop offering deltarpms. The default remains
unchanged on SUSE-15.6 and older.
- Make sure repo variables are evaluated in the right context
(bsc#1237044)
- Introducing MediaCurl2 a alternative HTTP backend.
This patch adds MediaCurl2 as a testbed for experimenting with a
more simple way to download files. Set ZYPP_CURL2=1 in the
environment to use it.
- version 17.36.3 (35)
- Filesystem usrmerge must not be done in singletrans mode
(bsc#1236481, bsc#1189788)
Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
- Workaround bsc#1216091 on Code16.
- version 17.36.2 (35)
- Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983)
Released libyui packages compile with -Werror=deprecated-declarations
so we can't add deprecated warnings without breaking them.
- make gcc15 happy (fixes #613)
- version 17.36.1 (35)
- Drop zypp-CheckAccessDeleted in favor of 'zypper ps'.
- Fix Repoverification plugin not being executed (fixes #614)
- Refresh: Fetch the master index file before key and signature
(bsc#1236820)
- Allow libzypp to compile with C++20.
- Deprecate RepoReports we do not trigger.
- version 17.36.0 (35)
- Create '.keep_packages' in the package cache dir to enforce
keeping downloaded packages of all repos cahed there (bsc#1232458)
- version 17.35.19 (35)
- Fix missing UID checks in repomanager workflow (fixes #603)
- version 17.35.18 (35)
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp (fixes #28)
- Fix 'zypper ps' when running in incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- version 17.35.17 (35)
- Url: queryparams without value should not have a trailing "=".
- version 17.35.16 (35)
- Url query part: `=` is a safe char in value (bsc#1234304)
- RpmDb: Recognize rpmdb.sqlite as database file (#593)
- Fix typo (fixes #592)
- cmake: check location of fcgi header and adjust include
accordingly. On Debian and derivatives the fcgi headers
are not stored in a fastcgi/ subdirectory.(#590)
- version 17.35.15 (35)
- The 20MB download limit must not apply to non-metadata files like
package URLs provided via the CLI (bsc#1233393).
- version 17.35.14 (35)
- BuildCache: Don't try to retrieve missing raw metadata if no
permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
permission to update(write) the caches (bsc#1225451)
- version 17.35.13 (35)
- PluginFrame: Send unescaped colons in header values
(bsc#1231043)
According to the STOMP protocol it would be correct to escape a
colon in a header-value, but it breaks plugin receivers which do
not expect this. The first colon separates header-name from
header-value, so escaping in the header-value is not needed
anyway.
Escaping in the header-value affects especially the urlresolver
plugins. The input URL is passed in a header, but sent back as
raw data in the frames body. If the plugin receiver does not
correctly unescape the URL we may get back a "https\c//" which is
not usable.
- Do not ignore return value of std::remove_if in MediaSyncFacade
(fixes #579)
- Fix hang in curl code with no network connection (bsc#1230912)
- version 17.35.12 (35)
- Deprecate librpmDb::db_const_iterator default ctor (bsc#1230267)
It's preferred to explicitly tell the root directory of the
system whose database you want to query.
- version 17.35.11 (35)
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- Conflicts: zypper <= 1.14.76
- version 17.35.10 (35)
- single_rpmtrans: fix installation of .src.rpms (bsc#1228647)
- version 17.35.9 (35)
- shadow
-
- bsc#1230972: Add useradd warnings when requested UID is outside
the default range
- add shadow-bsc1230972-useradd-warning.patch
- bsc#1228337: chage -d date vs passwd -S output is off by one
Remove shadow-bsc1176006-chage-date.patch
- logrotate
-
- Backport 'ignoreduplicates' configuration flag (jsc#PED-10366)
* Added patch logrotate-ignore-duplicates.patch
* Allows log processing with duplicate logfile matches
- openssh
-
- Added openssh-bsc1241045-kexalgo-gt-256bits.patch (bsc#1241045)
from upstream, which allows KEX hashes greater than 256 bits.
Thanks to Ali Abdallah <ali.abdallah@suse.com>.
- Added openssh-cve-2025-32728.patch (bsc#1241012, CVE-2025-32728).
This fixes an upstream logic error handling the DisableForwarding
option.
- Update openssh-7.6p1-audit_race_condition.patch (bsc#1232533),
fixing failures with very large MOTDs. Thanks to Ali Abdallah
<ali.abdallah@suse.com>.
- Updated openssh-8.1p1-audit.patch (bsc#1228634) with modification
from Jaroslav Jindrak (jjindrak@suse.com) to fix the hostname
being left out of the audit output.
- Backported patch to fix a MitM attack against OpenSSH's
VerifyHostKeyDNS-enabled client (bsc#1237040, CVE-2025-26465):
* fix-CVE-2025-26465.patch
- pam-config
-
- Stop adding pam_env in AUTH stack, and be sure to put this module at the
really end of the SESSION stack.
[bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]
- Change check for existence of modules.
If we have a biarch architecture, we check that the 64bit
PAM module is there and report an error if not. For the 32bit
variant, we only issue a warning.
[pam-config-change-check-for-existence-of-modules.patch, bsc#1227216]
- pam
-
- pam_namespace: convert functions that may operate on a user-controlled path
to operate on file descriptors instead of absolute path. And keep the
bind-mount protection from protect_mount() as a defense in depthmeasure.
[bsc#1244509
pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
pam_namespace-fix-potential-privilege-escalation.patch,
pam_namespace-add-flags-to-indicate-path-safety.patch,
pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
changes from upstream commits: ds6242a, bc856cd.
* pam_namespace fix logic in return value handling
* pam_namespace move functions around
- pam_env: Change the default to not read the user .pam_environment file
[bsc#1243226, CVE-2025-6018,
pam_env-change-the-default-to-not-read-the-user-env.patch]
- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
entry.
[passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
[pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]
- perl
-
- do not change the current directory when cloning an open
directory handle [bnc#1244079] [CVE-2025-40909]
new patch: perl-dirdup.diff
- python-Jinja2
-
- Add security patch CVE-2025-27516.patch (bsc#1238879)
- Add security patch CVE-2024-56326.patch (bsc#1234809)
- python-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- python3-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- rsyslog
-
- fix PreserveFQDN option before daemon is restarted (bsc#1231229)
add 0001-core-bugfix-rsyslog-messages-may-not-always-have-FQD.patch
- restart daemon after update at the end of the transaction
(bsc#1230984)
- runc
-
- Update to runc v1.2.6. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.6>.
- Update to runc v1.2.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.5>.
- Update to runc v1.2.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.4>.
- Update runc.keyring to match upstream.
- Update to runc v1.2.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.3>.
- Update to runc v1.2.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.2>.
- Update to runc v1.2.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.1>.
- Update to runc v1.2.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0>.
- Remove upstreamed patches.
- 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
- 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
- 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- Update to runc v1.2.0~rc3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.3>.
Includes the patch for CVE-2024-45310. bsc#1230092
- shim
-
- Update shim-install to apply the missing fix for openSUSE Leap
(bsc#1210382) fixed by Gary.
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316) fixed by Gary.
* 433cc4e Always use the removable way for SL-Micro
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- socat
-
- Security fix for readline.sh: arbitrary file overwrite (bsc#1225462)
- add CVE-2024-54661.patch
- sudo
-
- Fix a possilbe local privilege escalation via the --host option
[bsc#1245274, CVE-2025-32462]
- supportutils
-
- Changes to version 3.2.10
+ network.txt collect all firewalld zones (pr#233)
+ Collects gfs2 info (PED-11853, pr#235, pr#236)
+ Ignore tasks/threads to prevent collecting duplicate fd data in open_files (bsc#1230371, pr#237)
+ Added openldap2_5 support for SLES (pr#238)
+ Collects additional hawk details (pr#239)
+ Optimized filtering D/Z processes (pr#241)
+ Collect firewalld permanent configuration (pr#243)
+ ldap_info: support for multiple DBs and sanitize olcRootPW (bsc#1231838, pr#247)
+ Added dbus_info for dbus.txt (bsc#1222650, pr#248)
- Changes to version 3.2.9
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221)
+ Supportconfig available in current distro (PED-7131)
+ Corrected display issues (bsc#1231396)
+ NFS takes too long, showmount times out (bsc#1231423)
+ Merged sle15 and master branches (bsc#1233726, PED-11669)
- suse-build-key
-
- changed keys to use SHA256 UIDs instead of SHA1. (bsc#1237294
bsc#1236779 jsc#PED-12321)
- gpg-pubkey-3fa1d6ce-67c856ee.asc to gpg-pubkey-09d9ea69-67c857f3.asc
- gpg-pubkey-09d9ea69-645b99ce.asc to gpg-pubkey-3fa1d6ce-63c9481c.asc
- suse_ptf_key_2023.asc, suse_ptf_key.asc: adjusted
- suseconnect-ng
-
- Update version to 1.13:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Integrate with uptime-tracker ( https://github.com/SUSE/uptime-tracker/ )
- Add a command to show the info being gathered
- Update version to 1.12:
- Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014)
- timezone
-
- Update to 2025b:
* New zone for Aysén Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches
* revert-philippines-historical-data.patch
* tzdata-china.diff
- Update to 2025a:
* Paraguay adopts permanent -03 starting spring 2024
* Improve pre-1991 data for the Philippines
* Etc/Unknown is now reserved
- Update to 2024b:
* Improve historical data for Mexico, Mongolia, and Portugal.
* System V names are now obsolescent.
* The main data form now uses %z.
* The code now conforms to RFC 8536 for early timestamps.
* Support POSIX.1-2024, which removes asctime_r and ctime_r.
* Assume POSIX.2-1992 or later for shell scripts.
* SUPPORT_C89 now defaults to 1.
- Add revert-philippines-historical-data.patch, revert-systemv-deprecation.patch
* Fixes testsuite failures for other packages
- util-linux-systemd
-
- Skip aarch64 decode path for rest of the architectures
(bsc#1229476, util-linux-lscpu-skip-aarch64-decode.patch).
- vim
-
- Fix bsc#1228776 / CVE-2024-41965.
- Fix bsc#1239602 / CVE-2025-29768.
- Refresh patch:
vim-7.3-sh_is_bash.patch
- Update to 9.1.1406:
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
- Introduce patch to fix bsc#1235751 (regression).
* vim-9.1.1134-revert-putty-terminal-colors.patch
- Update to 9.1.1176. Changes:
* 9.1.1176: wrong indent when expanding multiple lines
* 9.1.1175: inconsistent behaviour with exclusive selection and motion commands
* 9.1.1174: tests: Test_complete_cmdline() may fail
* 9.1.1173: filetype: ABNF files are not detected
* 9.1.1172: [security]: overflow with 'nostartofline' and Ex command in tag file
* 9.1.1171: tests: wrong arguments passed to assert_equal()
* 9.1.1170: wildmenu highlighting in popup can be improved
* 9.1.1169: using global variable for get_insert()/get_lambda_name()
* 9.1.1168: wrong flags passed down to nextwild()
* 9.1.1167: mark '] wrong after copying text object
* 9.1.1166: command-line auto-completion hard with wildmenu
* 9.1.1165: diff: regression with multi-file diff blocks
* 9.1.1164: [security]: code execution with tar.vim and special crafted tar files
* 9.1.1163: $MYVIMDIR is set too late
* 9.1.1162: completion popup not cleared in cmdline
* 9.1.1161: preinsert requires bot "menu" and "menuone" to be set
* 9.1.1160: Ctrl-Y does not work well with "preinsert" when completing items
* 9.1.1159: $MYVIMDIR may not always be set
* 9.1.1158: :verbose set has wrong file name with :compiler!
* 9.1.1157: command completion wrong for input()
* 9.1.1156: tests: No test for what patch 9.1.1152 fixes
* 9.1.1155: Mode message not cleared after :silent message
* 9.1.1154: Vim9: not able to use autoload class accross scripts
* 9.1.1153: build error on Haiku
* 9.1.1152: Patch v9.1.1151 causes problems
* 9.1.1151: too many strlen() calls in getchar.c
* 9.1.1150: :hi completion may complete to wrong value
* 9.1.1149: Unix Makefile does not support Brazilian lang for the installer
* 9.1.1148: Vim9: finding imported scripts can be further improved
* 9.1.1147: preview-window does not scroll correctly
* 9.1.1146: Vim9: wrong context being used when evaluating class member
* 9.1.1145: multi-line completion has wrong indentation for last line
* 9.1.1144: no way to create raw strings from a blob
* 9.1.1143: illegal memory access when putting a register
* 9.1.1142: tests: test_startup fails if $HOME/$XDG_CONFIG_HOME is defined
* 9.1.1141: Misplaced comment in readfile()
* 9.1.1140: filetype: m17ndb files are not detected
* 9.1.1139: [fifo] is not displayed when editing a fifo
* 9.1.1138: cmdline completion for :hi is too simplistic
* 9.1.1137: ins_str() is inefficient by calling STRLEN()
* 9.1.1136: Match highlighting marks a buffer region as changed
* 9.1.1135: 'suffixesadd' doesn't work with multiple items
* 9.1.1134: filetype: Guile init file not recognized
* 9.1.1133: filetype: xkb files not recognized everywhere
* 9.1.1132: Mark positions wrong after triggering multiline completion
* 9.1.1131: potential out-of-memory issue in search.c
* 9.1.1130: 'listchars' "precedes" is not drawn on Tabs.
* 9.1.1129: missing out-of-memory test in buf_write()
* 9.1.1128: patch 9.1.1119 caused a regression with imports
* 9.1.1127: preinsert text is not cleaned up correctly
* 9.1.1126: patch 9.1.1121 used a wrong way to handle enter
* 9.1.1125: cannot loop through pum menu with multiline items
* 9.1.1124: No test for 'listchars' "precedes" with double-width char
* 9.1.1123: popup hi groups not falling back to defaults
* 9.1.1122: too many strlen() calls in findfile.c
* 9.1.1121: Enter does not insert newline with "noselect"
* 9.1.1120: tests: Test_registers fails
* 9.1.1119: Vim9: Not able to use an autoloaded class from another autoloaded script
* 9.1.1118: tests: test_termcodes fails
* 9.1.1117: there are a few minor style issues
* 9.1.1116: Vim9: super not supported in lambda expressions
* 9.1.1115: [security]: use-after-free in str_to_reg()
* 9.1.1114: enabling termguicolors automatically confuses users
* 9.1.1113: tests: Test_terminal_builtin_without_gui waits 2 seconds
* 9.1.1112: Inconsistencies in get_next_or_prev_match()
* 9.1.1111: Vim9: variable not found in transitive import
* 9.1.1110: Vim tests are slow and flaky
* 9.1.1109: cmdexpand.c hard to read
* 9.1.1108: 'smoothscroll' gets stuck with 'listchars' "eol"
* 9.1.1107: cannot loop through completion menu with fuzzy
* 9.1.1106: tests: Test_log_nonexistent() causes asan failure
* 9.1.1105: Vim9: no support for protected new() method
* 9.1.1104: CI: using Ubuntu 22.04 Github runners
* 9.1.1103: if_perl: still some compile errors with Perl 5.38
* 9.1.1102: tests: Test_WinScrolled_Resized_eiw() uses wrong filename
- 9.1.1101 is a fix for:
bsc#1229685 (CVE-2024-43790)
bsc#1229822 (CVE-2024-43802)
bsc#1230078 (CVE-2024-45306)
bsc#1235695 (CVE-2025-22134)
bsc#1236151 (CVE-2025-24014)
bsc#1237137 (CVE-2025-1215)
- Remove obsoleted patch:
* vim-7.3-mktemp_tutor.patch
- update to 9.1.1101
* insexpand.c hard to read
* tests: Test_log_nonexistent only works on Linux
* Update base-syntax, improve variable matching
* Vim9: import with extends may crash
* leaking memory with completing multi lines
* --log with non-existent path causes a crash
* if_perl: Perl 5.38 adds new symbols causing link failure
* tests: matchparen plugin test wrongly named
* Vim9: problem finding implemented method in type hierarchy
* runtime(qf): Update syntax file, match second delimiter
* tests: output of test ...win32_ctrl_z depends on python version
* tests: fix expected return code for python 3.13 on Windows
* tests: timeout might be a bit too small
* tests: test_terminwscroll_topline2 unreliable
* tests: No check when tests are run under Github actions
* tests: plugin tests are named inconsistently
* Vim9: import with extends may crash
* completion doesn't work with multi lines
* filetype: cmmt files are not recognized
* Unable to persistently ignore events in a window and its buffers
* improve syntax highlighting
* setreg() doesn't correctly handle mbyte chars in blockwise mode
* unexpected DCS responses may cause out of bounds reads
* has('bsd') is true for GNU/Hurd
* filetype: Mill files are not recognized
* GUI late startup leads to uninitialized scrollbars
* Add support for lz4 to tar & gzip plugin
* Terminal ansi colors off by one after tgc reset
* included syntax items do not understand contains=TOP
* vim_strnchr() is strange and unnecessary
* Vim9: len variable not used in compile_load()
* runtime(vim): Update base-syntax, match :debuggreedy count prefix
* Strange error when heredoc marker starts with "trim"
* tests: test_compiler fails on Windows without Maven
* 'diffopt' "linematch" cannot be used with {n} less than 10
* args missing after failing to redefine a function
* Cannot control cursor positioning of getchar()
* preinsert text completions not deleted with <C-W>/<C-U>
* getchar() can't distinguish between C-I and Tab
* tests: Test_termwinscroll_topline2 fails on MacOS
* heap-use-after-free and stack-use-after-scope with :14verbose
* no digraph for "Approaches the limit"
* not possible to use plural forms with gettext()
* too many strlen() calls in userfunc.c
* terminal: E315 when dragging the terminal with the mouse
* runtime(openPlugin): fix unclosed parenthesis in GetWordUnderCursor()
* runtime(doc): Tweak documentation style a bit
* tests: test_glvs fails when unarchiver not available
* Vim always enables 'termguicolors' in a terminal
* completion: input text deleted with preinsert when adding leader
* translation(sr): Missing Serbian translation for the tutor
* Superfluous cleanup steps in test_ins_complete.vim
* runtime(netrw): correct wrong version check
* Vim doesn't highlight to be inserted text when completing
* runtime(netrw): upstream snapshot of v176
* runtime(dist/vim9): fix regressions in dist#vim9#Open
* runtime(hyprlang): fix string recognition
* make install fails because of a missing dependency
* runtime(asm): add byte directives to syntax script
* Vim doesn't work well with TERM=xterm-direct
* runtime(filetype): commit 99181205c5f8284a3 breaks V lang detection
* runtime: decouple Open and Launch commands and gx mapping from netrw
* "nosort" enables fuzzy filtering even if "fuzzy" isn't in 'completeopt'
* runtime(just): fix typo in syntax file
* runtime(filetype): Improve Verilog detection by checking for modules definition
* tests: off-by-one error in CheckCWD in test_debugger.vim
* tests: no support for env variables when running Vim in terminal
* too many strlen() calls in os_unix.c
* insert-completed items are always sorted
* crash after scrolling and pasting in silent Ex mode
* Makefiles uses non-portable syntax
* fuzzymatching doesn't prefer matching camelcase
* filetype: N-Tripels and TriG files are not recognized
* Vim9: Patch 9.1.1014 causes regressions
* translation(sr): Update Serbian messages translation
- updade to 9.1.1043
* [security]: segfault in win_line()
* update helptags
* filetype: just files are not recognized
* Update base-syntax, match ternary and falsy operators
* Vim9: out-of-bound access when echoing an enum
* Vim9: imported type cannot be used as func return type
* runtime(kconfig): updated ftplugin and syntax script
* runtime(doc): rename last t_BG reference to t_RB
* Vim9: comments are outdated
* tests: test_channel.py fails with IPv6
* runtime(vim): Update base-syntax, fix is/isnot operator matching
* Vim9: confusing error when using abstract method via super
* make install fails when using shadowdir
* Vim9: memory leak with blob2str()
* runtime(tex): add texEmphStyle to texMatchGroup in syntax script
* runtime(netrw): upstream snapshot of v175
* Vim9: compiling abstract method fails without return
* runtime(c): add new constexpr keyword to syntax file (C23)
* tests: shaderslang was removed from test_filetype erroneously
* link error when FEAT_SPELL not defined
* Coverity complains about insecure data handling
* runtime(sh): update syntax script
* runtime(c): Add missing syntax test files
* filetype: setting bash filetype is backwards incompatible
* runtime(c): Update syntax and ftplugin files
* the installer can be improved
* too many strlen() calls in screen.c
* no sanitize check when running linematch
* filetype: swc configuration files are not recognized
* runtime(netrw): change netrw maintainer
* wrong return type of blob2str()
* blob2str/str2blob() do not support list of strings
* runtime(doc): fix typo in usr_02.txt
* Coverity complains about dereferencing NULL pointer
* linematch option value not completed
* string might be used without a trailing NUL
* no way to get current selected item in a async context
* filetype: fd ignore files are not recognized
* v9.1.0743 causes regression with diff mode
* runtime(doc): fix base64 encode/decode examples
* Vim9: Patch 9.1.1013 causes a few problems
* Not possible to convert string2blob and blob2string
* Coverity complains about dereferencing NULL value
* Vim9: variable not found in transitive import
* runtime(colors): Update colorschemes, include new unokai colorscheme
* Vim9: Regression caused by patch v9.1.0646
* runtime(lyrics): support milliseconds in syntax script
* runtime(vim): Split Vim legacy and Vim9 script indent tests
* Vim9: class interface inheritance not correctly working
* popupmenu internal error with some abbr in completion item
* filetype: VisualCode setting file not recognized
* diff feature can be improved
* tests: test for patch 9.1.1006 doesn't fail without the patch
* filetype: various ignore are not recognized
* tests: Load screendump files with "git vimdumps"
* PmenuMatch completion highlight can be combined
* completion text is highlighted even with no pattern found
* tests: a few termdebug tests are flaky
* [security]: heap-buffer-overflow with visual mode
* runtime(doc): add package-<name> helptags for included packages
* Vim9: unknown func error with interface declaring func var
* runtime(filetype): don't detect string interpolation as angular
* ComplMatchIns highlight hard to read on light background
* runtime(vim): Update base-syntax, highlight literal string quote escape
* runtime(editorconfig): set omnifunc to syntaxcomplete func
* tests: ruby tests fail with Ruby 3.4
* Vim9: leaking finished exception
* runtime(tiasm): use correct syntax name tiasm in syntax script
* filetype: TI assembly files are not recognized
* too many strlen() calls in drawscreen.c
* runtime(xf86conf): add section name OutputClass to syntax script
* ComplMatchIns may highlight wrong text
* runtime(vim): Update base-syntax, improve ex-bang matching
* runtime(doc): clarify buffer deletion on popup_close()
* filetype: shaderslang files are not detected
* Vim9: not able to use comment after opening curly brace
- update to 9.1.0993
* 9.1.0993: New 'cmdheight' behavior may be surprising
* runtime(sh): fix typo in Last Change header
* 9.1.0992: Vim9: double-free after v9.1.0988
* 9.1.0991: v:stacktrace has wrong type in Vim9 script
* runtime(sh): add PS0 to bashSpecialVariables in syntax script
* runtime(vim): Remove trailing comma from match_words
* runtime(zsh): sync syntax script with upstream repo
* runtime(doc): Capitalise the mnemonic "Zero" for the 'z' flag of search()
* 9.1.0990: Inconsistent behavior when changing cmdheight
* 9.1.0989: Vim9: Whitespace after the final enum value causes a syntax error
* runtime(java): Quietly opt out for unsupported markdown.vim versions
* runtime(vim): fix failing vim syntax test
* 9.1.0988: Vim9: no error when using uninitialized var in new()
* runtime(doc): update index.txt
* 9.1.0987: filetype: cake files are not recognized
* 9.1.0986: filetype: 'jj' filetype is a bit imprecise
* runtime(jj): Support diffs in jj syntax
* runtime(vim): Update matchit pattern, no Vim9 short names
* 9.1.0985: Vim9: some ex commands can be shortened
* 9.1.0984: exception handling can be improved
* runtime(doc): update doc for :horizontal
* runtime(doc): update index.txt, windows.txt and version9.txt
* runtime(doc): Tweak documentation about base64 function
* runtime(chordpro): update syntax script
* 9.1.0983: not able to get the displayed items in complete_info()
* runtime(doc): use standard SGR format at :h xterm-true-color
* 9.1.0982: TI linker files are not recognized
* runtime(vim): update vim generator syntax script
* 9.1.0981: tests: typo in test_filetype.vim
* 9.1.0980: no support for base64 en-/decoding functions in Vim Script
* syntax(sh): Improve the recognition of bracket expressions
* runtime(doc): mention how NUL bytes are handled
* 9.1.0979: VMS: type warning with $XDG_VIMRC_FILE
* 9.1.0978: GUI tests sometimes fail when setting 'scroll' options
* 9.1.0977: filetype: msbuild filetypes are not recognized
* 9.1.0976: Vim9: missing return statement with throw
* 9.1.0975: Vim9: interpolated string expr not working in object methods
* 9.1.0974: typo in change of commit v9.1.0873
* 9.1.0973: too many strlen() calls in fileio.c
* runtime(sh): set shellcheck as the compiler for supported shells
* runtime(doc): Fix enum example syntax
* 9.1.0972: filetype: TI linker map files are not recognized
* runtime(vim): Improve syntax script generator for Vim Script
* 9.1.0971: filetype: SLNX files are not recognized
* 9.1.0970: VMS: build errors on VMS architecture
* runtime(doc): Fix documentation typos
* runtime(doc): update for new keyprotocol option value (after v9.1.0969)
* 9.1.0969: ghostty not using kitty protocol by default
* 9.1.0968: tests: GetFileNameChecks() isn't fully sorted by filetype name
* runtime(doc): update version9.txt for bash filetype
* runtime(netrw): update last change header for #16265
* runtime(doc): fix doc error in :r behaviour
* 9.1.0967: SpotBugs compiler setup can be further improved
* 9.1.0966: Vim9: :enum command can be shortened
* runtime(compiler): include a basic bash syntax checker compiler
* 9.1.0965: filetype: sh filetype set when detecting the use of bash
* runtime(doc): clarify ARCH value for 32-bit in INSTALLpc.txt
* 9.1.0963: fuzzy-matching does not prefer full match
* 9.1.0962: filetype: bun.lock file is not recognized
* runtime(vim): update indentation plugin for Vim script
* runtime(doc): tweak documentation style in helphelp.txt
* runtime(vim): Update base-syntax, allow parens in default arguments
* runtime(doc): mention auto-format using clang-format for sound.c/sign.c
* runtime(help): fix typo s/additional/arbitrary/
* runtime(help): Add better support for language annotation highlighting
* 9.1.0961: filetype: TI gel files are not recognized
* 9.1.0960: filetype: hy history files are not recognized
* translation(fi): Fix typoes in Finish menu translation
* 9.1.0959: Coverity complains about type conversion
* runtime(vim): Use supported syntax in indent tests
* 9.1.0958: filetype: supertux2 config files detected as lisp
* 9.1.0956: completion may crash, completion highlight wrong with preview window
* 9.1.0955: Vim9: vim9compile.c can be further improved
* runtime(doc): move help tag E1182
* runtime(graphql): contribute vim-graphql to Vim core
* 9.1.0954: popupmenu.c can be improved
* 9.1.0953: filetype: APKBUILD files not correctly detected
* 9.1.0952: Vim9: missing type checking for any type assignment
* 9.1.0951: filetype: jshell files are not recognized
* runtime(dockerfile): do not set commentstring in syntax script
* 9.1.0950: filetype: fennelrc files are not recognized
* runtime(netrw): do not double escape Vim special characters
* git: ignore reformatting change of netrw plugin
* runtime(netrw): more reformating #16248
* runtime(doc): Add a note about handling symbolic links in starting.txt
* 9.1.0949: popups inconsistently shifted to the left
* git: ignore reformatting change of netrw plugin
* runtime(netrw): change indent size from 1 to 2
* 9.1.0948: Missing cmdline completion for :pbuffer
* runtime(tutor): Reformat tutor1
* 9.1.0947: short-description
* 9.1.0946: cross-compiling fails on osx-arm64
* 9.1.0945: ComplMatchIns highlight doesn't end after inserted text
* translation(sv): re-include the change from #16240
* 9.1.0944: tests: test_registers fails when not run under X11
* 9.1.0943: Vim9: vim9compile.c can be further improved
* runtime(doc): Update README and mention make check to verify
* translation(sv): partly revert commit 98874dca6d0b60ccd6fc3a140b3ec
* runtime(vim): update base-syntax after v9.1.0936
* 9.1.0942: a few typos were found
* 9.1.0941: ComplMatchIns doesn't work after multibyte chars
* runtime(doc): Fix style in fold.txt
* translation(sv): Fix typo in Swedish translation
* 9.1.0940: Wrong cursor shape with "gq" and 'indentexpr' executes :normal
* runtime(doc): fix some small errors
* 9.1.0939: make installtutor fails
* 9.1.0938: exclusive selection not respected when re-selecting block mode
* 9.1.0937: test_undolist() is flaky
* 9.1.0936: cannot highlight completed text
* 9.1.0935: SpotBugs compiler can be improved
* 9.1.0934: hard to view an existing buffer in the preview window
* runtime(doc): document how to minimize fold computation costs
* 9.1.0933: Vim9: vim9compile.c can be further improved
* 9.1.0932: new Italian tutor not installed
* runtime(doc): fix a few minor errors from the last doc updates
* translation(it): add Italian translation for the interactive tutor
* runtime(doc): update the change.txt help file
* runtime(help): Add Vim lang annotation support for codeblocks
* 9.1.0931: ml_get error in terminal buffer
* 9.1.0930: tests: test_terminal2 may hang in GUI mode
* 9.1.0929: filetype: lalrpop files are not recognized
* 9.1.0928: tests: test_popupwin fails because the filter command fails
* editorconfig: set trim_trailing_whitespace = false for src/testdir/test*.vim
* 9.1.0927: style issues in insexpand.c
* 9.1.0926: filetype: Pixi lock files are not recognized
* runtime(doc): Add a reference to |++opt| and |+cmd| at `:h :pedit`
* runtime(doc): add a note about inclusive motions and exclusive selection
* 9.1.0925: Vim9: expression compiled when not necessary
* 9.1.0924: patch 9.1.0923 causes issues
* 9.1.0923: too many strlen() calls in filepath.c
* 9.1.0923: wrong MIN macro in popupmenu.c
* 9.1.0921: popupmenu logic is a bit convoluted
* 9.1.0920: Vim9: compile_assignment() too long
* 9.1.0919: filetype: some assembler files are not recognized
* runtime(netrw): do not pollute search history with symlinks
* 9.1.0918: tiny Vim crashes with fuzzy buffer completion
* 9.1.0917: various vartabstop and shiftround bugs when shifting lines
* runtime(typst): add definition lists to formatlistpat, update maintainer
* 9.1.0916: messages.c is exceeding 80 columns
* runtime(proto): include filetype plugin for protobuf
* 9.1.0915: GVim: default font size a bit too small
* 9.1.0914: Vim9: compile_assignment() is too long
* 9.1.0913: no error check for neg values for 'messagesopt'
* runtime(netrw): only check first arg of netrw_browsex_viewer for being executable
* 9.1.0912: xxd: integer overflow with sparse files and -autoskip
* 9.1.0911: Variable name for 'messagesopt' doesn't match short name
* 9.1.0910: 'messagesopt' does not check max wait time
* runtime(doc): update wrong Vietnamese localization tag
* 9.1.0909: Vim9: crash when calling instance method
- update to 9.1.0908
* refresh vim-7.3-mktemp_tutor.patch
* 9.1.0908: not possible to configure :messages
* 9.1.0907: printoptions:portrait does not change postscript Orientation
* runtime(doc): Add vietnamese.txt to helps main TOC
* 9.1.0906: filetype: Nvidia PTX files are not recognized
* runtime(doc): updated version9.txt with changes from v9.1.0905
* 9.1.0905: Missing information in CompleteDone event
* 9.1.0904: Vim9: copy-paste error in class_defining_member()
* 9.1.0903: potential overflow in spell_soundfold_wsal()
* runtime(netrw): do not detach when launching external programs in gvim
* runtime(doc): make tag alignment more consistent in filetype.txt
* runtime(doc): fix wrong syntax and style of vietnamese.txt
* translation(it): update Italian manpage for vimtutor
* runtime(lua): add optional lua function folding
* Filelist: include translations for Chapter 2 tutor
* translation(vi): Update Vietnamese translation
* runtime(doc): include vietnamese.txt
* runtime(tutor): fix another typo in tutor2
* runtime(doc): fix typo in vimtutor manpage
* translation(it): update Italian manpage for vimtutor
* translation(it): include Italian version of tutor chapter 2
* runtime(tutor): regenerated some translated tutor1 files
* runtime(tutor): fix typo in Chapter 2
* 9.1.0902: filetype: Conda configuration files are not recognized
* runtime(doc): Tweak documentation style a bit
* runtime(tutor): update the tutor files and re-number the chapters
* runtime(tutor): Update the makefiles for tutor1 and tutor2 files
* 9.1.0901: MS-Windows: vimtutor batch script can be improved
* runtime(doc): remove buffer-local completeopt todo item
* 9.1.0900: Vim9: digraph_getlist() does not accept bool arg
* runtime(typst): provide a formatlistpat in ftplugin
* runtime(doc): Update documentation for "noselect" in 'completeopt'
* 9.1.0899: default for 'backspace' can be set in C code
* runtime(helptoc): reload cached g:helptoc.shell_prompt when starting toc
* translation(ru): Updated messages translation
* 9.1.0898: runtime(compiler): pytest compiler not included
* 9.1.0897: filetype: pyrex files are not detected
* runtime(compiler): update eslint compiler
* 9.1.0896: completion list wrong after v9.1.0891
* runtime(doc): document changed default value for 'history'
* 9.1.0895: default history value is too small
* 9.1.0894: No test for what the spotbug compiler parses
* 9.1.0893: No test that undofile format does not regress
* translation(de): update German manpages
* runtime(compiler): include spotbugs Java linter
* 9.1.0892: the max value of 'tabheight' is limited by other tabpages
* runtime(po): remove poDiffOld/New, add po-format flags to syntax file
* 9.1.0891: building the completion list array is inefficient
* patch 9.1.0890: %! item not allowed for 'rulerformat'
* runtime(gzip): load undofile if there exists one
* 9.1.0889: Possible unnecessary redraw after adding/deleting lines
* 9.1.0888: leftcol property not available in getwininfo()
* 9.1.0887: Wrong expression in sign.c
* 9.1.0886: filetype: debian control file not detected
* runtime(c3): include c3 filetype plugin
* 9.1.0885: style of sign.c can be improved
* 9.1.0884: gcc warns about uninitialized variable
* runtime(apache): Update syntax directives for apache server 2.4.62
* translation(ru): updated vimtutor translation, update MAINTAINERS file
* 9.1.0883: message history cleanup is missing some tests
* runtime(doc): Expand docs on :! vs. :term
* runtime(netrw): Fixing powershell execution issues on Windows
* 9.1.0882: too many strlen() calls in insexpand.c
* 9.1.0881: GUI: message dialog may not get focus
* runtime(netrw): update netrw's decompress logic
* runtime(apache): Update syntax keyword definition
* runtime(misc): add Italian LICENSE and (top-level) README file
* 9.1.0880: filetype: C3 files are not recognized
* runtime(doc): add helptag for :HelpToc command
* 9.1.0879: source is not consistently formatted
* Add clang-format config file
* runtime(compiler): fix escaping of arguments passed to :CompilerSet
* 9.1.0878: termdebug: cannot enable DEBUG mode
* 9.1.0877: tests: missing test for termdebug + decimal signs
* 9.1.0876: filetype: openCL files are not recognized
* 9.1.0875: filetype: hyprlang detection can be improved
* 9.1.0874: filetype: karel files are not detected
* 9.1.0873: filetype: Vivado files are not recognized
* 9.1.0872: No test for W23 message
* 9.1.0871: getcellpixels() can be further improved
* 9.1.0870: too many strlen() calls in eval.c
* 9.1.0869: Problem: curswant not set on gm in folded line
* 9.1.0868: the warning about missing clipboard can be improved
* runtime(doc): Makefile does not clean up all temporary files
* 9.1.0867: ins_compl_add() has too many args
* editorconfig: don't trim trailing whitespaces in runtime/doc
* translation(am): Remove duplicate keys in desktop files
* runtime(doc): update helptags
* runtime(filetype): remove duplicated *.org file pattern
* runtime(cfg): only consider leading // as starting a comment
* 9.1.0866: filetype: LLVM IR files are not recognized
* 9.1.0865: filetype: org files are not recognized
* 9.1.0864: message history is fixed to 200
* 9.1.0863: getcellpixels() can be further improved
* runtime(sh): better function support for bash/zsh in indent script
* runtime(netrw): small fixes to netrw#BrowseX
* 9.1.0862: 'wildmenu' not enabled by default in nocp mode
* runtime(doc): update how to report issues for mac Vim
* runtime(doc): mention option-backslash at :h CompilerSet
* runtime(compiler): include a Java Maven compiler plugin
* runtime(racket): update Racket runtime files
* runtime(doc): improve indentation in examples for netrw-handler
* runtime(doc): improve examples for netrw-handler functions
* runtime(idris2): include filetype,indent+syntax plugins for (L)Idris2 + ipkg
* runtime(doc): clarify the use of filters and external commands
* 9.1.0861: Vim9: no runtime check for object member access of any var
* runtime(compiler): update pylint linter
* 9.1.0860: tests: mouse_shape tests use hard code sleep value
* 9.1.0859: several problems with the GLVS plugin
* 9.1.0858: Coverity complains about dead code
* runtime(tar): Update tar.vim to support permissions
* 9.1.0857: xxd: --- is incorrectly recognized as end-of-options
* 9.1.0851: too many strlen() calls in getchar.c
* 9.1.0850: Vim9: cannot access nested object inside objects
* runtime(tex): extra Number highlighting causes issues
* runtime(vim): Fix indent after :silent! function
* 9.1.0849: there are a few typos in the source
* runtime(netrw): directory symlink not resolved in tree view
* runtime(doc): add a table of supported Operating Systems
* runtime(tex): update Last Change header in syntax script
* runtime(doc): fix typo in g:termdebug_config
* runtime(vim): Update base-syntax, improve :normal highlighting
* runtime(tex): add Number highlighting to syntax file
* runtime(doc): Tweak documentation style a bit
* 9.1.0848: if_lua: v:false/v:true are not evaluated to boolean
* runtime(dune): use :setl instead of :set in ftplugin
* runtime(termdebug): allow to use decimal signs
* translation(it): Updated Italian vimtutor
* runtime(compiler): improve cppcheck
* git: git-blame-ignore-revs shown as an error on Github
* 9.1.0847: tests: test_popupwin fails because of updated help file
* 9.1.0846: debug symbols for xxd are not cleaned in Makefile
* runtime(structurizr): Update structurizr syntax
* runtime(8th): updated 8th syntax
* runtime(doc): Add pi_tutor.txt to help TOC
* runtime(compiler): add mypy and ruff compiler; update pylint linter
* runtime(netrw): fix several bugs in netrw tree listing
* runtime(netrw): prevent polluting the search history
* 9.1.0845: vimtutor shell script can be improved
* 9.1.0844: if_python: no way to pass local vars to python
* 9.1.0843: too many strlen() calls in undo.c
* runtime(doc): update default value for fillchars option
* runtime(compiler): fix typo in cppcheck compiler plugin
* runtime(doc): simplify vimtutor manpage a bit more
* runtime(matchparen): Add matchparen_disable_cursor_hl config option
* 9.1.0842: not checking for the sync() systemcall
* 9.1.0841: tests: still preferring python2 over python3
* 9.1.0840: filetype: idris2 files are not recognized
* 9.1.0839: filetype: leo files are not recognized
* runtime(cook): include cook filetype plugin
* runtime(debversions): Update Debian versions
* patch 9.1.0838: vimtutor is bash-specific
* runtime(doc): add help specific modeline to pi_tutor.txt
* Filelist: vimtutor chapter 2 is missing in Filelist
* 9.1.0837: cross-compiling has some issues
* runtime(vimtutor): Add a second chapter
- Provide latest 9.1.0836 release.
- Fix for bsc#1230625 and bsc#1231846.
- update to 9.1.0836
* 9.1.0836: The vimtutor can be improved
* 9.1.0835: :setglobal doesn't work properly for 'ffu' and 'tsrfu'
* 9.1.0834: tests: 2html test fails
* 9.1.0833: CI: recent ASAN changes do not work for indent tests
* 9.1.0832: :set doesn't work for 'cot' and 'bkc' after :setlocal
* runtime(doc): update help-toc description
* runtime(2html): Make links use color scheme colors in TOhtml
* 9.1.0831: 'findexpr' can't be used as lambad or Funcref
* Filelist: include helptoc package
* runtime(doc): include a TOC Vim9 plugin
* Filelist: ignore .git-blame-ignore-revs
* 9.1.0830: using wrong highlight group for spaces for popupmenu
* runtime(typst): synchronize updates from the upstream typst.vim
* git: ignore reformatting commit for git-blame (after v9.1.0829)
* 9.1.0829: Vim source code uses a mix of tabs and spaces
* 9.1.0828: string_T struct could be used more often
* 9.1.0827: CI: tests can be improved
* runtime(doc): remove stray sentence in pi_netrw.txt
* 9.1.0826: filetype: sway files are not recognized
* runtime(doc): Include netrw-gp in TOC
* runtime(doc): mention 'iskeyword' at :h charclass()
* runtime(doc): update help tags
* 9.1.0825: compile error for non-diff builds
* runtime(netrw): fix E874 when browsing remote directory which contains `~` character
* runtime(doc): update coding style documentation
* runtime(debversions): Add plucky (25.04) as Ubuntu release name
* 9.1.0824: too many strlen() calls in register.c
* 9.1.0823: filetype: Zephyr overlay files not recognized
* runtime(doc): Clean up minor formatting issues for builtin functions
* runtime(netrw): make :Launch/Open autoloadable
* runtime(netrw): fix regression with x mapping on Cygwin
* runtime(netrw): fix filetype detection for remote files
* 9.1.0822: topline might be changed in diff mode unexpectedly
* CI: huge linux builds should also run syntax & indent tests
* 9.1.0821: 'findexpr' completion doesn't set v:fname to cmdline argument
* 9.1.0820: tests: Mac OS tests are too flaky
* runtime(awk): Highlight more awk comments in syntax script
* runtime(netrw): add missing change for s:redir()
* 9.1.0819: tests: using findexpr and imported func not tested
* runtime(netrw): improve netrw's open-handling further
* runtime(netrw): fix syntax error in netrwPlugin.vim
* runtime(netrw): simplify gx file handling
* 9.1.0818: some global functions are only used in single files
* 9.1.0817: termdebug: cannot evaluate expr in a popup
* runtime(defaults): Detect putty terminal and switch to dark background
* 9.1.0816: tests: not clear what tests cause asan failures
* runtime(doc): Remove some completed items from todo.txt
* 9.1.0815: "above" virtual text causes wrong 'colorcolumn' position
* runtime(syntax-tests): tiny vim fails because of line-continuation
* 9.1.0814: mapset() may remove unrelated mapping
* 9.1.0813: no error handling with setglobal and number types
* 9.1.0812: Coverity warns about dereferencing NULL ptr
* 9.1.0811: :find expansion does not consider 'findexpr'
* 9.1.0810: cannot easily adjust the |:find| command
* 9.1.0809: filetype: petalinux config files not recognized
* 9.1.0808: Terminal scrollback doesn't shrink when decreasing 'termwinscroll'
* 9.1.0807: tests: having 'nolist' in modelines isn't always desired
* 9.1.0806: tests: no error check when setting global 'briopt'
* 9.1.0805: tests: minor issues in gen_opt_test.vim
* 9.1.0804: tests: no error check when setting global 'cc'
* 9.1.0803: tests: no error check when setting global 'isk'
* 9.1.0802: tests: no error check when setting global 'fdm' to empty value
* 9.1.0801: tests: no error check when setting global 'termwinkey'
* 9.1.0800: tests: no error check when setting global 'termwinsize'
* runtime(doc): :ownsyntax also resets 'spelloptions'
* 9.1.0799: tests: gettwinvar()/gettabwinvar() tests are not comprehensive
* runtime(doc): Fix wrong Mac default options
* 9.1.0798: too many strlen() calls in cmdhist.c
* 9.1.0797: testing of options can be further improved
* 9.1.0796: filetype: libtool files are not recognized
* (typst): add folding to typst ftplugin
* runtime(netrw): deprecate and remove netrwFileHandlers#Invoke()
* 9.1.0795: filetype: Vivado memory info file are not recognized
* 9.1.0794: tests: tests may fail on Windows environment
* runtime(doc): improve the :colorscheme documentation
* 9.1.0793: xxd: -e does add one extra space
* 9.1.0792: tests: Test_set_values() is not comprehensive enough
* runtime(swayconfig): add flag for bindsym/bindcode to syntax script
* 9.1.0791: tests: errors in gen_opt_test.vim are not shown
* runtime(compiler): check for compile_commands in build dirs for cppcheck
* 9.1.0790: Amiga: AmigaOS4 build should use default runtime (newlib)
* runtime(help): Update help syntax
* runtime(help): fix end of sentence highlight in code examples
* runtime(jinja): Support jinja syntax as secondary filetype
* 9.1.0789: tests: ':resize + 5' has invalid space after '+'
* 9.1.0788: <CSI>27;<mod>u is not decoded to literal Escape in kitty/foot
* 9.1.0787: cursor position changed when using hidden terminal
* 9.1.0786: tests: quickfix update test does not test location list
* runtime(doc): add some docs for file-watcher programs
* CI: uploading failed screendumps still fails on Cirrus CI
* 9.1.0785: cannot preserve error position when setting quickfix list
* 9.1.0784: there are several problems with python 3.13
* 9.1.0783: 'spell' option setting has problems
* 9.1.0782: tests: using wrong neomuttlog file name
* runtime(doc): add preview flag to statusline example
* 9.1.0781: tests: test_filetype fails
* 9.1.0780: MS-Windows: incorrect Win32 error checking
* 9.1.0779: filetype: neomuttlog files are not recognized
* 9.1.0778: filetype: lf config files are not recognized
* runtime(comment): fix commment toggle with mixed tabs & spaces
* runtime(misc): Use consistent "Vim script" spelling
* runtime(gleam): add ftplugin for gleam files
* runtime(doc): link help-writing from write-local-help
* 9.1.0777: filetype: Some upstream php files are not recognized
* runtime(java): Define javaBlockStart and javaBlockOtherStart hl groups
* runtime(doc): mention conversion rules for remote_expr()
* runtime(tutor): Fix missing :s command in spanish translation section 4.4
* 9.1.0776: test_strftime may fail because of missing TZ data
* translation(am): Add Armenian language translation
* 9.1.0775: tests: not enough tests for setting options
* 9.1.0774: "shellcmdline" doesn't work with getcompletion()
* 9.1.0773: filetype: some Apache files are not recognized
* 9.1.0772: some missing changes from v9.1.0771
* 9.1.0771: completion attribute hl_group is confusing
* 9.1.0770: current command line completion is a bit limited
* 9.1.0769: filetype: MLIR files are not recognized
* 9.1.0768: MS-Windows: incorrect cursor position when restoring screen
* runtime(nasm): Update nasm syntax script
* 9.1.0767: A condition is always true in ex_getln.c
* runtime(skill): Update syntax file to fix string escapes
* runtime(help): highlight CTRL-<Key> correctly
* runtime(doc): add missing usr_52 entry to toc
* 9.1.0766: too many strlen() calls in ex_getln.c
* runtime(doc): correct `vi` registers 1-9 documentation error
* 9.1.0765: No test for patches 6.2.418 and 7.3.489
* runtime(spec): set comments and commentstring options
* NSIS: Include libgcc_s_sjlj-1.dll again
* runtime(doc): clarify the effect of 'startofline' option
* 9.1.0764: [security]: use-after-free when closing a buffer
* runtime(vim): Update base-syntax file, improve class, enum and interface highlighting
* 9.1.0763: tests: cannot run single syntax tests
* 9.1.0762: 'cedit', 'termwinkey' and 'wildchar' may not be parsed correctly
* 9.1.0761: :cd completion fails on Windows with backslash in path
* 9.1.0760: tests: no error reported, if gen_opt_test.vim fails
* 9.1.0759: screenpos() may return invalid position
* runtime(misc): unset compiler in various ftplugins
* runtime(doc): update formatting and syntax
* runtime(compiler): add cppcheck linter compiler plugin
* runtime(doc): Fix style in documents
* runtime(doc): Fix to two-space convention in user manual
* runtime(comment): consider &tabstop in lines after whitespace indent
* 9.1.0758: it's possible to set an invalid key to 'wildcharm'
* runtime(java): Manage circularity for every :syn-included syntax file
* 9.1.0757: tests: messages files contains ANSI escape sequences
* 9.1.0756: missing change from patch v9.1.0754
* 9.1.0755: quickfix list does not handle hardlinks well
* runtime(doc): 'filetype', 'syntax' and 'keymap' only allow alphanumeric + some characters
* runtime(systemd): small fixes to &keywordprg in ftplugin
* CI: macos-12 runner is being sunset, switch to 13
* 9.1.0754: fixed order of items in insert-mode completion menu
* runtime(comment): commenting might be off by one column
* 9.1.0753: Wrong display when typing in diff mode with 'smoothscroll'
* 9.1.0752: can set 'cedit' to an invalid value
* runtime(doc): add `usr` tag to usr_toc.txt
* 9.1.0751: Error callback for term_start() not used
* 9.1.0750: there are some Win9x legacy references
* runtime(java): Recognise the CommonMark form (///) of Javadoc comments
* 9.1.0749: filetype: http files not recognized
* runtime(comment): fix syntax error
* CI: uploading failed screendump tests does not work Cirrus
* 9.1.0748: :keep* commmands are sometimes misidentified as :k
* runtime(indent): allow matching negative numbers for gnu indent config file
* runtime(comment): add gC mapping to (un)comment rest of line
* 9.1.0747: various typos in repo found
* 9.1.0746: tests: Test_halfpage_longline() fails on large terminals
* runtime(doc): reformat gnat example
* runtime(doc): reformat ada_standard_types section
* 9.1.0745: filetype: bun and deno history files not recognized
* runtime(glvs): Correct the tag name of glvs-autoinstal
* runtime(doc): include short form for :earlier/:later
* runtime(doc): remove completed TODO
* 9.1.0744: filetype: notmuch configs are not recognised
* 9.1.0743: diff mode does not handle overlapping diffs correctly
* runtime(glvs): fix a few issues
* runtime(doc): Fix typo in :help :command-modifiers
* 9.1.0742: getcmdprompt() implementation can be improved
* runtime(docs): update `:set?` command behavior table
* runtime(doc): update vim90 to vim91 in docs
* runtime(doc): fix typo in :h dos-colors
* 9.1.0741: No way to get prompt for input()/confirm()
* runtime(doc): fix typo in version9.txt nrformat -> nrformats
* runtime(rmd,rrst): 'fex' option not properly restored
* runtime(netrw): remove extraneous closing bracket
* 9.1.0740: incorrect internal diff with empty file
* 9.1.0739: [security]: use-after-free in ex_getln.c
* runtime(filetype): tests: Test_filetype_detection() fails
* runtime(dist): do not output a message if executable is not found
* 9.1.0738: filetype: rapid files are not recognized
* runtime(modconf): remove erroneous :endif in ftplugin
* runtime(lyrics): support multiple timestamps in syntax script
* runtime(java): Optionally recognise _module_ import declarations
* runtime(vim): Update base-syntax, improve folding function matches
* CI: upload failed screendump tests also for Cirrus
* 9.1.0737: tests: screendump tests may require a bit more time
* runtime(misc): simplify keywordprg in various ftplugins
* runtime(java): Optionally recognise all primitive constants in _switch-case_ labels
* runtime(zsh,sh): set and unset compiler in ftplugin
* runtime(netrw): using inefficient highlight pattern for 'mf'
* 9.1.0736: Unicode tables are outdated
* 9.1.0735: filetype: salt files are not recognized
* 9.1.0734: filetype: jinja files are not recognized
* runtime(zathurarc): add double-click-follow to syntax script
* translation(ru): Updated messages translation
* translation(it): updated xxd man page
* translation(ru): updated xxd man page
* 9.1.0733: keyword completion does not work with fuzzy
* 9.1.0732: xxd: cannot use -b and -i together
* runtime(java): Highlight javaConceptKind modifiers with StorageClass
* runtime(doc): reword and reformat how to use defaults.vim
* 9.1.0731: inconsistent case sensitive extension matching
* runtime(vim): Update base-syntax, match Vim9 bool/null literal args to :if/:while/:return
* runtime(netrw): delete confirmation not strict enough
* 9.1.0730: Crash with cursor-screenline and narrow window
* 9.1.0729: Wrong cursor-screenline when resizing window
* 9.1.0728: [security]: heap-use-after-free in garbage collection with location list user data
* runtime(doc): clarify the effect of the timeout for search()-functions
* runtime(idlang): update syntax script
* runtime(spec): Recognize epoch when making spec changelog in ftplugin
* runtime(spec): add file triggers to syntax script
* 9.1.0727: too many strlen() calls in option.c
* runtime(make): add compiler/make.vim to reset compiler plugin settings
* runtime(java): Recognise all available standard doclet tags
* 9.1.0726: not using correct python3 API with dynamic linking
* runtime(dosini): Update syntax script, spellcheck comments only
* runtime(doc): Revert outdated comment in completeopt's fuzzy documentation
* 9.1.0725: filetype: swiftinterface files are not recognized
* runtime(pandoc): Update compiler plugin to use actual 'spelllang'
* runtime(groff): Add compiler plugin for groff
* 9.1.0724: if_python: link error with python 3.13 and stable ABI
* 9.1.0723: if_python: dynamic linking fails with python3 >= 3.13
* 9.1.0722: crash with large id in text_prop interface
* 9.1.0721: tests: test_mksession does not consider XDG_CONFIG_HOME
* runtime(glvs): update GetLatestVimScripts plugin
* runtime(doc): Fix typo in :help :hide text
* runtime(doc): buffers can be re-used
* 9.1.0720: Wrong breakindentopt=list:-1 with multibyte or TABs
* 9.1.0719: Resetting cell widths can make 'listchars' or 'fillchars' invalid
* runtime(doc): Update version9.txt and mention $MYVIMDIR
- Update to 9.1.0718:
* v9.1.0718: hard to know the users personal Vim Runtime Directory
* v9.1.0717: Unnecessary nextcmd NULL checks in parse_command_modifiers()
Maintainers: fix typo in author name
* v9.1.0716: resetting setcellwidth( doesn't update the screen
runtime(hcl,terraform): Add runtime files for HCL and Terraform
runtime(tmux): Update syntax script
* v9.1.0715: Not correctly parsing color names (after v9.1.0709)
* v9.1.0714: GuiEnter_Turkish test may fail
* v9.1.0713: Newline causes E749 in Ex mode
* v9.1.0712: missing dependency of Test_gettext_makefile
* v9.1.0711: test_xxd may file when using different xxd
* v9.1.0710: popup window may hide part of Command line
runtime(vim): Update syntax, improve user-command matching
* v9.1.0709: GUIEnter event not found in Turkish locale
runtime(sudoers): improve recognized Runas_Spec and Tag_Spec items
* v9.1.0708: Recursive window update does not account for reset skipcol
runtime(nu): include filetype plugin
* v9.1.0707: invalid cursor position may cause a crash
* v9.1.0706: test_gettext fails when using shadow dir
CI: Install locales-all package
* v9.1.0705: Sorting of fuzzy filename completion is not stable
translation(pt): update Portuguese/Brazilian menu translation
runtime(vim): Update base-syntax, match bracket mark ranges
runtime(doc): Update :help :command-complete list
* v9.1.0704: inserting with a count is inefficient
runtime(doc): use mkdir -p to save a command
* v9.1.0703: crash with 2byte encoding and glob2regpat()
runtime(hollywood): update syn highlight for If-Then statements
and For-In-Loops
* v9.1.0702: Patch 9.1.0700 broke CI
* v9.1.0701: crash with NFA regex engine when searching for
composing chars
* v9.1.0700: crash with 2byte encoding and glob2regpat()
* v9.1.0699: "dvgo" is not always an inclusive motion
runtime(java): Provide support for syntax preview features
* v9.1.0698: "Untitled" file not removed when running Test_crash1_3
alone
* v9.1.0697: heap-buffer-overflow in ins_typebuf
* v9.1.0696: installing runtime files fails when using SHADOWDIR
runtime(doc): fix typo
* v9.1.0695: test_crash leaves Untitled file around
translation(br): Update Brazilian translation
translation(pt): Update menu_pt_br
* v9.1.0694: matchparen is slow on a long line
* v9.1.0693: Configure doesn't show result when not using python3
stable abi
* v9.1.0692: Wrong patlen value in ex_substitute()
* v9.1.0691: stable-abi may cause segfault on Python 3.11
runtime(vim): Update base-syntax, match :loadkeymap after colon and bar
runtime(mane): Improve <Plug>ManBS mapping
* v9.1.0690: cannot set special highlight kind in popupmenu
translation(pt): Revert and fix wrong Portuguese menu translation
files
translation(pt): revert Portuguese menu translation
translation(br): Update Brazilian translations
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
* v9.1.0689: buffer-overflow in do_search( with 'rightleft'
runtime(vim): Improve heredoc handling for all embedded scripts
* v9.1.0688: dereferences NULL pointer in check_type_is_value()
* v9.1.0687: Makefile may not install desktop files
runtime(man): Fix <Plug>ManBS
runtime(java): Make the bundled &foldtext function optional
runtime(netrw): Change line on `mx` if command output exists
runtime(netrw): Fix `mf`-selected entry highlighting
runtime(htmlangular): add html syntax highlighting
translation(it): Fix filemode of Italian manpages
runtime(doc): Update outdated man.vim plugin information
runtime(zip): simplify condition to detect MS-Windows
* v9.1.0686: zip-plugin has problems with special characters
runtime(pandoc): escape quotes in &errorformat for pandoc
translation(it): updated Italian manpage
* v9.1.0685: too many strlen( calls in usercmd.c
runtime(doc): fix grammar in :h :keeppatterns
runtime(pandoc): refine pandoc compiler settings
* v9.1.0684: completion is inserted on Enter with "noselect"
translation(ru): update man pages
* v9.1.0683: mode( returns wrong value with <Cmd> mapping
runtime(doc): remove trailing whitespace in cmdline.txt
* v9.1.0682: Segfault with uninitialized funcref
* v9.1.0681: Analyzing failed screendumps is hard
runtime(doc): more clarification for the :keeppatterns needed
* v9.1.0680: VMS does not have defined uintptr_t
runtime(doc): improve typedchar documentation for KeyInputPre autocmd
runtime(dist): verify that executable is in $PATH
translation(it): update Italian manpages
runtime(doc): clarify the effect of :keeppatterns after * v9.1.0677
runtime(doc): update Makefile and make it portable between GNU and BSD
* v9.1.0679: Rename from w_closing to w_locked is incomplete
runtime(colors): update colorschemes
runtime(vim): Update base-syntax, improve :let-heredoc highlighting
runtime(doc): Updating the examples in the xxd manpage
translation(ru): Updated uganda.rux
runtime(yaml): do not re-indent when commenting out lines
* v9.1.0678: use-after-free in alist_add()
* v9.1.0677 :keepp does not retain the substitute pattern
translation(ja): Update Japanese translations to latest release
runtime(netrw): Drop committed trace lines
runtime(netrw): Error popup not always used
runtime(netrw): ErrorMsg( may throw E121
runtime(tutor): update Makefile and make it portable between GNU and BSD
translation: improve the po/cleanup.vim script
runtime(lang): update Makefile and make it portable between GNU and BSD
* v9.1.0676: style issues with man pages
* v9.1.0675: Patch v9.1.0674 causes problems
runtime(dosbatch): Show %%i as an argument in syntax file
runtime(dosbatch): Add syn-sync to syntax file
runtime(sql, mysql): fix E169: Command too recursive with
sql_type_default = "mysql"
* v9.1.0674: compiling abstract method fails because of missing return
runtime(javascript): fix a few issues with syntax higlighting
runtime(mediawiki): fix typo in doc, test for b:did_ftplugin var
runtime(termdebug): Fix wrong test for balloon feature
runtime(doc): Remove mentioning of the voting feature
runtime(doc): add help tags for json + markdown global variables
* v9.1.0673: too recursive func calls when calling super-class method
runtime(syntax-tests): Facilitate the viewing of rendered screendumps
runtime(doc): fix a few style issues
* v9.1.0672: marker folds may get corrupted on undo
* v9.1.0671 Problem: crash with WinNewPre autocommand
* v9.1.0670: po file encoding fails on *BSD during make
translation(it): Update Italian translation
translation: Stop using msgconv
* v9.1.0669: stable python ABI not used by default
Update .gitignore and .hgignore files
* v9.1.0668: build-error with python3.12 and stable ABI
translations: Update generated po files
* v9.1.0667: Some other options reset curswant unnecessarily when set
* v9.1.0666: assert_equal( doesn't show multibyte string correctly
runtime(doc): clarify directory of Vim's executable vs CWD
* v9.1.0665 :for loop
runtime(proto): Add indent script for protobuf filetype
* v9.1.0664: console vim did not switch back to main screen on exit
runtime(zip): zip plugin does not work with Vim 9.0
* v9.1.0663: zip test still resets 'shellslash' option
runtime(zip): use defer to restore old settings
runtime(zip): add a generic Message function
runtime(zip): increment base version of zip plugin
runtime(zip): raise minimum Vim version to * v9.0
runtime(zip): refactor save and restore of options
runtime(zip): remove test for fnameescape
runtime(zip): use :echomsg instead of :echo
runtime(zip): clean up and remove comments
* v9.1.0662: filecopy( may return wrong value when readlink( fails
* v9.1.0661: the zip plugin is not tested.
runtime(zip): Fix for FreeBSD's unzip command
runtime(doc): capitalize correctly
* v9.1.0660: Shift-Insert does work on old conhost
translation(it): update Italian manpage
runtime(lua): add/subtract a 'shiftwidth' after '('/')' in indentexpr
runtime(zip): escape '[' on Unix as well
* v9.1.0659: MSVC Makefile is a bit hard to read
runtime(doc): fix typo in syntax.txt
runtime(doc): -x is only available when compiled with crypt feature
* v9.1.0658: Coverity warns about dereferencing NULL pointer.
runtime(colors): update Todo highlight in habamax colorscheme
* v9.1.0657: MSVC build time can be optimized
* v9.1.0656: MSVC Makefile CPU handling can be improved
* v9.1.0655: goaccess config file not recognized
CI: update clang compiler to version 20
runtime(netrw): honor `g:netrw_alt{o,v}` for `:{S,H,V}explore`
* v9.1.0654: completion does not respect completeslash with fuzzy
* v9.1.0653: Patch v9.1.0648 not completely right
* v9.1.0652: too many strlen( calls in syntax.c
* v9.1.0651 :append
* v9.1.0650: Coverity warning in cstrncmp()
* v9.1.0649: Wrong comment for "len" argument of call_simple_func()
* v9.1.0648: [security] double-free in dialog_changed()
* v9.1.0647: [security] use-after-free in tagstack_clear_entry
runtime(doc): re-format tag example lines, mention ctags --list-kinds
* v9.1.0646: imported function may not be found
runtime(java): Document "g:java_space_errors" and "g:java_comment_strings"
runtime(java): Cluster optional group definitions and their group links
runtime(java): Tidy up the syntax file
runtime(java): Tidy up the documentation for "ft-java-syntax"
runtime(colors): update habamax scheme - tweak diff/search/todo colors
runtime(nohlsearch): add missing loaded_hlsearch guard
runtime(kivy): Updated maintainer info for syntax script
Maintainers: Add maintainer for ondir ftplugin + syntax files
runtime(netrw): removing trailing slash when copying files in same
directory
* v9.1.0645: wrong match when searching multi-byte char case-insensitive
runtime(html): update syntax script to sync by 250 minlines by default
* v9.1.0644: Unnecessary STRLEN( when applying mapping
runtime(zip): Opening a remote zipfile don't work
runtime(cuda): source c and cpp ftplugins
* v9.1.0643: cursor may end up on invalid position
* v9.1.0642: Check that mapping rhs starts with lhs fails if not
simplified
* v9.1.0641: OLE enabled in console version
runtime(thrift): add ftplugin, indent and syntax scripts
* v9.1.0640: Makefile can be improved
* v9.1.0639: channel timeout may wrap around
* v9.1.0638: E1510 may happen when formatting a message for smsg()
* v9.1.0637: Style issues in MSVC Makefile
- Update apparmor.vim to latest version (from AppArmor 4.0.2)
- add support for "all" and "userns" rules, and new profile flags
- Update to 9.1.0636:
* 9.1.0636: filetype: ziggy files are not recognized
* 9.1.0635: filetype: SuperHTML template files not recognized
* 9.1.0634: Ctrl-P not working by default
* 9.1.0633: Compilation warnings with `-Wunused-parameter`
* 9.1.0632: MS-Windows: Compiler Warnings
Add support for Files-Included in syntax script
tweak documentation style a bit
* 9.1.0631: wrong completion list displayed with non-existing dir + fuzzy completion
* 9.1.0630: MS-Windows: build fails with VIMDLL and mzscheme
* 9.1.0629: Rename of pum hl_group is incomplete
* 9.1.0628: MinGW: coverage files are not cleaned up
* 9.1.0627: MinGW: build-error when COVERAGE is enabled
* 9.1.0626: Vim9: need more tests with null objects
include initial filetype plugin
* 9.1.0625: tests: test output all translated messages for all translations
* 9.1.0624: ex command modifiers not found
* 9.1.0623: Mingw: errors when trying to delete non-existing files
* 9.1.0622: MS-Windows: mingw-build can be optimized
* 9.1.0621: MS-Windows: startup code can be improved
* 9.1.0620: Vim9: segfauls with null objects
* 9.1.0619: tests: test_popup fails
* 9.1.0618: cannot mark deprecated attributes in completion menu
* 9.1.0617: Cursor moves beyond first line of folded end of buffer
* 9.1.0616: filetype: Make syntax highlighting off for MS Makefiles
* 9.1.0615: Unnecessary STRLEN() in make_percent_swname()
Add single-line comment syntax
Add syntax test for comments
Update maintainer info
* 9.1.0614: tests: screendump tests fail due to recent syntax changes
* 9.1.0613: tests: termdebug test may fail and leave file around
Update base-syntax, improve :set highlighting
Optionally highlight the :: token for method references
* 9.1.0612: filetype: deno.lock file not recognized
Use delete() for deleting directory
escape filename before trying to delete it
* 9.1.0611: ambiguous mappings not correctly resolved with modifyOtherKeys
correctly extract file from zip browser
* 9.1.0610: filetype: OpenGL Shading Language files are not detected
Fix endless recursion in netrw#Explore()
* 9.1.0609: outdated comments in Makefile
update syntax script
Fix flow mapping key detection
Remove orphaned YAML syntax dump files
* 9.1.0608: Coverity warns about a few potential issues
Update syntax script and remove syn sync
* 9.1.0607: termdebug: uses inconsistent style
* 9.1.0606: tests: generated files may cause failure in test_codestyle
* 9.1.0605: internal error with fuzzy completion
* 9.1.0604: popup_filter during Press Enter prompt seems to hang
translation: Update Serbian messages translation
* 9.1.0603: filetype: use correct extension for Dracula
* 9.1.0602: filetype: Prolog detection can be improved
fix more inconsistencies in assert function docs
* 9.1.0601: Wrong cursor position with 'breakindent' when wide char doesn't fit
Update base-syntax, improve :map highlighting
* 9.1.0600: Unused function and unused error constants
* 9.1.0599: Termdebug: still get E1023 when specifying arguments
correct wrong comment options
fix typo "a xterm" -> "an xterm"
* 9.1.0598: fuzzy completion does not work with default completion
* 9.1.0597: KeyInputPre cannot get the (unmapped typed) key
* 9.1.0596: filetype: devscripts config files are not recognized
gdb file/folder check is now performed only in CWD.
quote filename arguments using double quotes
update syntax to SDC-standard 2.1
minor updates.
Cleanup :match and :loadkeymap syntax test files
Update base-syntax, match types in Vim9 variable declarations
* 9.1.0595: make errors out with the po Makefile
* 9.1.0594: Unnecessary redraw when setting 'winfixbuf'
using wrong highlight for UTF-8
include simple syntax plugin
* 9.1.0593: filetype: Asymptote files are not recognized
add recommended indent options to ftplugin
add recommended indent options to ftplugin
add recommended indent options to ftplugin
* 9.1.0592: filetype: Mediawiki files are not recognized
* 9.1.0591: filetype: *.wl files are not recognized
* 9.1.0590: Vim9: crash when accessing getregionpos() return value
'cpoptions': Include "z" in the documented default
* 9.1.0589: vi: d{motion} and cw work differently than expected
update included colorschemes
grammar fixes in options.txt
- Add "Keywords" to gvim.desktop to make searching for gvim easier
- Removed patches, as they're no longer required (refreshing them
deleted their contents):
* vim-7.3-help_tags.patch
* vim-7.4-highlight_fstab.patch
- Reorganise all applied patches in the spec file.
- Update to 9.1.0588:
* 9.1.0588: The maze program no longer compiles on newer clang
runtime(typst): Add typst runtime files
* 9.1.0587: tests: Test_gui_lowlevel_keyevent is still flaky
* 9.1.0586: ocaml runtime files are outdated
runtime(termdebug): fix a few issues
* 9.1.0585: tests: test_cpoptions leaves swapfiles around
* 9.1.0584: Warning about redeclaring f_id() non-static
runtime(doc): Add hint how to load termdebug from vimrc
runtime(doc): document global insert behavior
* 9.1.0583: filetype: *.pdf_tex files are not recognized
* 9.1.0582: Printed line doesn't overwrite colon when pressing Enter in Ex mode
* 9.1.0581: Various lines are indented inconsistently
* 9.1.0580: :lmap mapping for keypad key not applied when typed in Select mode
* 9.1.0579: Ex command is still executed after giving E1247
* 9.1.0578: no tests for :Tohtml
* 9.1.0577: Unnecessary checks for v:sizeoflong in test_put.vim
* 9.1.0576: tests: still an issue with test_gettext_make
* 9.1.0575: Wrong comments in alt_tabpage()
* 9.1.0574: ex: wrong handling of commands after bar
runtime(doc): add a note for netrw bug reports
* 9.1.0573: ex: no implicit print for single addresses
runtime(vim): make &indentexpr available from the outside
* 9.1.0572: cannot specify tab page closing behaviour
runtime(doc): remove obsolete Ex insert behavior
* 9.1.0571: tests: Test_gui_lowlevel_keyevent is flaky
runtime(logindefs): update syntax with new keywords
* 9.1.0570: tests: test_gettext_make can be improved
runtime(filetype): Fix Prolog file detection regex
* 9.1.0569: fnamemodify() treats ".." and "../" differently
runtime(mojo): include mojo ftplugin and indent script
* 9.1.0568: Cannot expand paths from 'cdpath' setting
* 9.1.0567: Cannot use relative paths as findfile() stop directories
* 9.1.0566: Stop dir in findfile() doesn't work properly w/o trailing slash
* 9.1.0565: Stop directory doesn't work properly in 'tags'
* 9.1.0564: id() can be faster
* 9.1.0563: Cannot process any Key event
* 9.1.0562: tests: inconsistency in test_findfile.vim
runtime(fstab): Add missing keywords to fstab syntax
* 9.1.0561: netbeans: variable used un-initialized (Coverity)
* 9.1.0560: bindtextdomain() does not indicate an error
* 9.1.0559: translation of vim scripts can be improved
* 9.1.0558: filetype: prolog detection can be improved
* 9.1.0557: moving in the buffer list doesn't work as documented
runtime(doc): fix inconsistencies in :h file-searching
* 9.1.0556: :bwipe doesn't remove file from jumplist of other tabpages
runtime(htmlangular): correct comment
* 9.1.0555: filetype: angular ft detection is still problematic
* 9.1.0554: :bw leaves jumplist and tagstack data around
* 9.1.0553: filetype: *.mcmeta files are not recognized
* 9.1.0552: No test for antlr4 filetype
* 9.1.0551: filetype: htmlangular files are not properly detected
* 9.1.0550: filetype: antlr4 files are not recognized
* 9.1.0549: fuzzycollect regex based completion not working as expected
runtime(doc): autocmd_add() accepts a list not a dict
* 9.1.0548: it's not possible to get a unique id for some vars
runtime(tmux): Update syntax script
* 9.1.0547: No way to get the arity of a Vim function
* 9.1.0546: vim-tiny fails on CTRL-X/CTRL-A
runtime(hlsplaylist): include hlsplaylist ftplugin file
runtime(doc): fix typo in :h ft-csv-syntax
runtime(doc): Correct shell command to get $VIMRUNTIME into
shell
* 9.1.0545: MSVC conversion warning
* 9.1.0544: filetype: ldapconf files are not recognized
runtime(cmakecache): include cmakecache ftplugin file
runtime(lex): include lex ftplugin file
runtime(yacc): include yacc ftplugin file
runtime(squirrel): include squirrel ftplugin file
runtime(objcpp): include objcpp ftplugin file
runtime(tf): include tf ftplugin file
runtime(mysql): include mysql ftplugin file
runtime(javacc): include javacc ftplugin file
runtime(cabal): include cabal ftplugin file
runtime(cuda): include CUDA ftplugin file
runtime(editorconfig): include editorconfig ftplugin file
runtime(kivy): update kivy syntax, include ftplugin
runtime(syntax-tests): Stop generating redundant "*_* 99.dump"
files
* 9.1.0543: Behavior of CursorMovedC is strange
runtime(vim): Update base-syntax, improve :match command
highlighting
* 9.1.0542: Vim9: confusing string() output for object functions
* 9.1.0541: failing test with Vim configured without channel
* 9.1.0540: Unused assignment in sign_define_cmd()
runtime(doc): add page-scrolling keys to index.txt
runtime(doc): add reference to xterm-focus-event from
FocusGained/Lost
* 9.1.0539: Not enough tests for what v9.1.0535 fixed
runtime(doc): clarify how to re-init csv syntax file
* 9.1.0538: not possible to assign priority when defining a sign
* 9.1.0537: signed number detection for CTRL-X/A can be improved
* 9.1.0536: filetype: zone files are not recognized
* 9.1.0535: newline escape wrong in ex mode
runtime(man): honor cmd modifiers before `g:ft_man_open_mode`
runtime(man): use `nnoremap` to map to Ex commands
* 9.1.0534: completion wrong with fuzzy when cycling back to original
runtime(syntax-tests): Abort and report failed cursor progress
runtime(syntax-tests): Introduce self tests for screen dumping
runtime(syntax-tests): Clear and redraw the ruler line with
the shell info
runtime(syntax-tests): Allow for folded and wrapped lines in
syntax test files
* 9.1.0533: Vim9: need more tests for nested objects equality
CI: Pre-v* 9.0.0110 versions generate bogus documentation tag entries
runtime(doc): Remove wrong help tag CTRL-SHIFT-CR
* 9.1.0532: filetype: Cedar files not recognized
runtime(doc): document further keys that scroll page up/down
* 9.1.0531: resource leak in mch_get_random()
runtime(tutor): Fix wrong spanish translation
runtime(netrw): fix remaining case of register clobber
* 9.1.0530: xxd: MSVC warning about non-ASCII character
* 9.1.0529: silent! causes following try/catch to not work
runtime(rust): use shiftwidth() in indent script
* 9.1.0528: spell completion message still wrong in translations
* 9.1.0527: inconsistent parameter in Makefiles for Vim executable
* 9.1.0526: Unwanted cursor movement with pagescroll at start of buffer
runtime(doc): mention $XDG_CONFIG_HOME instead of $HOME/.config
* 9.1.0525: Right release selects immediately when pum is truncated.
* 9.1.0524: the recursive parameter in the *_equal functions can be removed
runtime(termdebug): Add Deprecation warnings
* 9.1.0523: Vim9: cannot downcast an object
* 9.1.0522: Vim9: string(object) hangs for recursive references
* 9.1.0521: if_py: _PyObject_CallFunction_SizeT is dropped in Python 3.13
* 9.1.0520: Vim9: incorrect type checking for modifying lists
runtime(manpager): avoid readonly prompt
* 9.1.0519: MS-Windows: libvterm compilation can be optimized
* 9.1.0518: initialize the random buffer can be improved
* 9.1.0517: MS-Windows: too long lines in Make_mvc.mak
runtime(terraform): Add filetype plugin for terraform
runtime(dockerfile): enable spellchecking of comments in
syntax script
runtime(doc): rename variable for pandoc markdown support
runtime(doc): In builtin overview use {buf} as param for
appendbufline/setbufline
runtime(doc): clarify, that register 1-* 9 will always be shifted
runtime(netrw): save and restore register 0-* 9, a and unnamed
runtime(termdebug): Refactored StartDebug_term and EndDebug
functions
runtime(java): Compose "g:java_highlight_signature" and
"g:java_highlight_functions"
* 9.1.0516: need more tests for nested dicts and list comparision
* 9.1.0515: Vim9: segfault in object_equal()
* 9.1.0514: Vim9: issue with comparing objects recursively
runtime(termdebug): Change some variables to Enums
runtime(vim): Update base-syntax, fix function tail comments
* 9.1.0513: Vim9: segfault with object comparison
- Update to 9.1.0512:
* Mode message for spell completion doesn't match allowed keys
* CursorMovedC triggered wrongly with setcmdpos()
* update runtime files
* CI: test_gettext fails on MacOS14 + MSVC Win
* not possible to translate Vim script messages
* termdebug plugin can be further improved
* add gomod filetype plugin
* hard to detect cursor movement in the command line
* Optionally highlight parameterised types
* filetype: .envrc & .prettierignore not recognized
* filetype: Faust files are not recognized
* inner-tag textobject confused about ">" in attributes
* cannot use fuzzy keyword completion
* Remove the group exclusion list from @javaTop
* wrong return type for execute() function
* MS-Windows: too much legacy code
* too complicated mapping restore in termdebug
* simplify mapping
* cannot switch buffer in a popup
* MS-Windows: doesn't handle symlinks properly
* getcmdcompltype() interferes with cmdline completion
* termdebug can be further improved
* update htmldjango detection
* Improve Turkish documentation
* include a simple csv filetype and syntax plugin
* include the the simple nohlsearch package
* matched text is highlighted case-sensitively
* Matched text isn't highlighted in cmdline pum
* Fix typos in several documents
* clarify when text properties are cleared
* improve the vim-shebang example
* revert unintended formatting changes for termdebug
* Add a config variable for commonly used compiler options
* Wrong matched text highlighted in pum with 'rightleft'
* bump length of character references in syntax script
* properly check mapping variables using null_dict
* fix KdlIndent and kdlComment in indent script
* Test for patch 9.1.0489 doesn't fail without the fix
* Fold multi-line comments with the syntax kind of &fdm
* using wrong type for PlaceSign()
* filetype: Vim-script files not detected by shebang line
* revert unintended change to zip#Write()
* add another tag for vim-shebang feature
* Cmdline pum doesn't work properly with 'rightleft'
* minor style problems with patch 9.1.0487
* default completion may break with fuzzy
* Wrong padding for pum "kind" with 'rightleft'
* Update base-syntax, match shebang lines
* MS-Windows: handle files with spaces properly
* Restore HTML syntax file tests
* completed item not update on fuzzy completion
* filetype: Snakemake files are not recognized
* make TermDebugSendCommand() a global function again
* close all buffers in the same way
* Matched text shouldn't be highlighted in "kind" and "menu"
* fix wrong helptag for :defer
* Update base-syntax, match :sleep arg
* include Georgian keymap
* Sorting of completeopt+=fuzzy is not stable
* correctly test for windows in NetrwGlob()
* glob() on windows fails with [] in directory name
* rewrite mkdir() doc and simplify {flags} meaning
* glob() not sufficiently tested
* update return type for job_info()
* termdebug plugin needs more love
* correct return types for job_start() and job_status()
* Update base-syntax, match :catch and :throw args
* Include element values in non-marker annotations
* Vim9: term_getjob() throws an exception on error
* fuzzy string matching executed when not needed
* fuzzy_match_str_with_pos() does unnecessary list operations
* restore description of "$" in col() and virtcol()
* deduplicate getpos(), line(), col(), virtcol()
* Update g:vimsyn_comment_strings dump file tests
* Use string interpolation instead of string concat
* potential deref of NULL pointer in fuzzy_match_str_with_pos
* block_editing errors out when using <enter>
* Update base-syntax, configurable comment string highlighting
* fix typos in syntax.txt
* Cannot see matched text in popup menu
* Update base-syntax, match multiline continued comments
* clarify documentation for "v" position at line()
* cmod_split modifier is always reset in term_start()
* remove line-continuation characters
* use shiftwidth() instead of &tabstop in indent script
* Remove orphaned screen dump files
* include syntax, indent and ftplugin files
* CI: Test_ColonEight() fails on github runners
* add missing Enabled field in syntax script
* basic svelte ftplugin file
* term_start() does not clear vertical modifier
* fix mousemodel restoration by comparing against null_string
* Added definitions of Vim scripts and plugins
* Exclude lambda expressions from _when_ _switch-case_ label clauses
* Fix saved_mousemodel check
* Inconsistencies between functions for option flags
* Crash when using autocmd_get() after removing event inside autocmd
* Fix small style issues
* add return type info for Vim function descriptions
* Update Italian Vim manpage
* disable the q mapping
* Change 'cms' for C++ to '// %s'
* fix type mismatch error
* Fix wrong email address
* convert termdebug plugin to Vim9 script
- Update to 9.1.0470:
* tests Test_ColonEight_MultiByte() fails sporadically
* Cannot have buffer-local value for 'completeopt'
* GvimExt does not consult HKEY_CURRENT_USER
* typos in some comments
* runtime(vim): Update base-syntax, allow whitespace before
:substitute pattern
* Missing comments for fuzzy completion
* runtime(man): update Vim manpage
* runtime(comment): clarify the usage of 'commentstring' option
value
* runtime(doc): clarify how fuzzy 'completeopt' should work
* runtime(netrw): prevent accidental data loss
* missing filecopy() function
* no whitespace padding in commentstring option in ftplugins
* no fuzzy-matching support for insert-completion
* eval5() and eval7 are too complex
* too many strlen() calls in drawline.c
* filetype lintstagedrc files are not recognized
* Vim9 import autoload does not work with symlink
* Coverity complains about division by zero
* tests test_gui fails on Wayland
* Left shift is incorrect with vartabstop and shiftwidth=0
* runtime(doc): clarify 'shortmess' flag "S"
* MS-Windows compiler warning for size_t to int conversion
* runtime(doc): include some vim9 script examples in the help
* minor issues in test_filetype with rasi test
* filetype rasi files are not recognized
* runtime(java): Improve the matching of lambda expressions
* Configure checks for libelf unnecessarily
* No test for escaping '<' with shellescape()
* check.vim complains about overlong comment lines
* translation(it): Update Italian translation
* evalc. code too complex
* MS-Windows Compiler warnings
- Update to 9.1.0448:
* compiler warning in eval.c
* remove remaining css code
* Add ft_hare.txt to Reference Manual TOC
* re-generate vim syntax from generator
* fix syntax vim bug
* completion may be wrong when deleting all chars
* getregionpos() inconsistent for partly-selected multibyte char
* fix highlighting nested and escaped quotes in string props
* remove the indent plugin since it has too many issues
* update Debian runtime files
* Coverity warning after 9.1.0440
* Not enough tests for getregion() with multibyte chars
* Can't use blockwise selection with width for getregion()
* update outdated syntax files
* fix floating_modifier highlight
* hare runtime files outdated
* getregionpos() can't properly indicate positions beyond eol
* function get_lval() is too long
* Cannot filter the history
* Wrong Ex command executed when :g uses '?' as delimiter
* support floating_modifier none; revert broken highlighting
* Motif requires non-const char pointer for XPM data
* Crash when using '?' as separator for :s
* filetype: cygport files are not recognized
* make errors trying to access autoload/zig
* Wrong yanking with exclusive selection and ve=all
* add missing help tags file
* Ancient XPM preprocessor hack may cause build errors
* include basic rescript ftplugin file
* eval.c is too long
* getregionpos() doesn't handle one char selection
* check for gdb file/dir before using as buffer name
* refactor zig ftplugin, remove auto format
* Coverity complains about eval.c refactor
* Tag guessing leaves wrong search history with very short names
* some issues with termdebug mapping test
* update matchit plugin to v1.20
* too many strlen() calls in search.c
* set commentstring option
* update vb indent plugin as vim9script
* filetype: purescript files are not recognized
* filetype: slint files are not recognized
* basic nim ftplugin file for comments
* Add Arduino ftplugin and indent files
* include basic typst ftplugin file
* include basic prisma ftplugin file
* include basic v ftplugin for comment support
* getregionpos() wrong with blockwise mode and multibyte
* function echo_string_core() is too long
* hyprlang files are not recognized
* add basic dart ftplugin file
* basic ftplugin file for graphql
* mention comment plugin at :h 'commentstring'
* set commentstring for sql files in ftplugin
* :browse oldfiles prompts even with single entry
* eval.c not sufficiently tested
* clarify why E195 is returned
* clarify temporary file clean up
* fix :NoMatchParen not working
* Cannot move to previous/next rare word
* add basic ftplugin file for sshdconfig
* if_py: find_module has been removed in Python 3.12.0a7
* some screen dump tests can be improved
* Some functions are not tested
* clarify instal instructions for comment package
* Unable to leave long line with 'smoothscroll' and 'scrolloff'
* fix typo in vim9script help file
* Remove trailing spaces
* clarify {special} argument for shellescape()
- update to 9.1.0413
* smoothscroll may cause infinite loop
* add missing entries for the keys CTRL-W g<Tab> and <C-Tab>
* update vi_diff.txt: add default value for 'flash'
* typo in regexp_bt.c in DEBUG code
* allow indented commands
* Fix wrong define regex in ftplugin
* Filter out non-Latin-1 characters for syntax tests
* prefer scp over pscp
* fix typo in usr_52.txt
* too long functions in eval.c
* warning about uninitialized variable
* too many strlen() calls in the regexp engine
* E16 fix, async keyword support for define
* Stuck with long line and half-page scrolling
* Divide by zero with getmousepos() and 'smoothscroll'
* update and remove some invalid links
* update translation of xxd manpage
* Recursively delete directories by default with netrw delete command
* Strive to remain compatible for at least Vim 7.0
* tests: xxd buffer overflow fails on 32-bit
* Stop handpicking syntax groups for @javaTop
* [security] xxd: buffer-overflow with specific flags
* Vim9: not able to import file from start dir
* filetype: mdd files detected as zsh filetype
* filetype: zsh module files are not recognized
* Remove hardcoded private.ppk logic from netrw
* Vim9: confusing error message for unknown type
* block_editing errors out when using del
* add new items to scripts section in syntax plugin
* Vim9: imported vars are not properly type checked
* Wrong display with 'smoothscroll' when changing quickfix list
* filetype: jj files are not recognized
* getregionpos() may leak memory on error
* The CODEOWNERS File is not useful
* Remove and cleanup Win9x legacy from netrw
* add MsgArea to 'highlight' option description
* Cannot get a list of positions describing a region
* Fix digit separator in syntax script for octals and floats
* Update link to Wikipedia Vi page
* clear $MANPAGER in ftplugin before shelling out
* Fix typos in help documents
* 'viewdir' not respecting $XDG_CONFIG_HOME
* tests: Vim9 debug tests may be flaky
* correct getscriptinfo() example
* Vim9: could improve testing
* test_sound fails on macos-12
* update Serbian menu
* update Slovak menu
* update Slovenian menu
* update Portuguese menu
* update Dutch menu
* update Korean menu
* update Icelandic menu
* update Czech menu
* update Afrikaans menu
* update German menu
* filetype: inko files are not recognized
* filetype: templ files are not recognized
* cursor() and getregion() don't handle v:maxcol well
* Vim9: null value tests not sufficient
* update Catalan menu
* filetype: stylus files not recognized
* update spanish menu localization
* regenerate helptags
* Vim9: crash with null_class and null_object
* Add tags about lazyloading of menu
* tests: vt420 terminfo entry may not be found
* filetype: .out files recognized as tex files
* filetype: Kbuild files are not recognized
* cbuffer and similar commands don't accept a range
* Improve the recognition of the "indent" method declarations
* Fix a typo in usr_30.txt
* remove undefined var s:save_cpoptions and add include setting
* missing setlocal in indent plugin
* Calculating line height for unnecessary amount of lines
* improve syntax file performance
* There are a few typos
* Vim9: no comments allowed after class vars
* CI: remove trailing white space in documentation
* Formatting text wrong when 'breakindent' is set
* Add oracular (24.10) as Ubuntu release name
* Vim9: Trailing commands after class/enum keywords ignored
* tests: 1-second delay after Test_BufEnter_botline()
* update helptags for jq syntax
* include syntax, ftplugin and compiler plugin
* fix typo synconcealend -> synconcealed
* include a simple comment toggling plugin
* wrong botline in BufEnter
* clarify syntax vs matching mechanism
* fix undefined variable in indent plugin
* ops.c code uses too many strlen() calls
* Calling CLEAR_FIELD() on the same struct twice
* Vim9: compile_def_function() still too long
* Update Serbian messages
* clarify the effect of setting the shell to powershell
* Improve the recognition of the "style" method declarations
* Vim9: problem when importing autoloaded scripts
* compile_def_function is too long
* filetype: ondir files are not recognized
* Crash when typing many keys with D- modifier
* tests: test_vim9_builtin is a bit slow
* update documentation
* change the download URL of "libsodium"
* tests: test_winfixbuf is a bit slow
* Add filetype, syntax and indent plugin for Astro
* expanding rc config files does not work well
* Vim9: vim9type.c is too complicated
* Vim9: does not handle autoloaded variables well
* minor spell fix in starting.txt
* wrong drawing in GUI with setcellwidth()
* Add include and suffixesadd
* Page scrolling should place cursor at window boundaries
* align command line table
* minor fixes to starting.txt
* fix comment definition in filetype plugin
* filetype: flake.lock files are not recognized
* runtime(uci): No support for uci file types
* Support "g:ftplugin_java_source_path" with archived files
* tests: Test_autoload_import_relative_compiled fails on Windows
* Finding cmd modifiers and cmdline-specials is inefficient
* No test that completing a partial mapping clears 'showcmd'
* tests: test_vim9_dissamble may fail
* Vim9: need static type for typealias
* X11 does not ignore smooth scroll event
* A few typos in test_xdg when testing gvimrc
* Patch v9.1.0338 fixed sourcing a script with import
* Problem: gvimrc not sourced from XDG_CONFIG_HOME
* Cursor wrong after using setcellwidth() in terminal
* 'showcmd' wrong for partial mapping with multibyte
* tests: test_taglist fails when 'helplang' contains non-english
* Problem: a few memory leaks are found
* Problem: Error with matchaddpos() and empty list
* tests: xdg test uses screen dumps
* Vim9: import through symlinks not correctly handled
* Missing entry for XDG vimrc file in :version
* tests: typo in test_xdg
* runtime(i3config/swayconfig): update syntax scripts
* document pandoc compiler and enable configuring arguments
* String interpolation fails for List type
* No test for highlight behavior with 'ambiwidth'
* tests: test_xdg fails on the appimage repo
* tests: some assert_equal() calls have wrong order of args
* make install does not install all files
* runtime(doc): fix typos in starting.txt
- wget
-
- If wget for an http URL is redirected to a different site (hostname
parts of URLs differ), then any "Authenticate" and "Cookie" header
entries are discarded.
[bsc#1185551, wget-do-not-propagate-credentials.patch,
bsc#1230795, CVE-2021-31879]
- Drop support for shorthand URLs
* Breaking change to fix CVE-2024-10524.
[+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
- Update 0001-possibly-truncate-pathname-components.patch
* Take the patch from savannah repository where the checking of the file
length doesn't include path length.
* [bsc#1204720, bsc#1231661]
- wicked
-
- Update to version 0.6.77
- compat-suse: use iftype in sysctl handling (bsc#1230911, gh#openSUSE/wicked#1043)
- Always generate the ipv4/ipv6 <enabled>true|false</enabled> node
- Inherit all, default and interface sysctl settings also for loopback,
except for use_tempaddr and accept_dad.
- Consider only interface specific accept_redirects sysctl settings.
- Adopt ifsysctl(5) manual page with wicked specific behavior.
- route: fix family and destination processing (bsc#1231060)
- man: improve wicked-config(5) file description (gh#openSUSE/wicked#1039)
- dhcp4: add ignore-rfc3927-1-6 wicked-config(5) option (jsc#PED-10855, gh#openSUSE/wicked#1038)
- team: set arp link watcher interval default to 1s (gh#openSUSE/wicked#1037)
- systemd: use `BindsTo=dbus.service` in favor of `Requisite=` (bsc#1229745)
- compat-suse: fix use of deprecated `INTERFACETYPE=dummy` (boo#1229555)
- arp: don't set target broadcast hardware address (gh#openSUSE/wicked#1036)
- dbus: don't memcpy empty/NULL array value (gh#openSUSE/wicked#1035)
- ethtool: fix leak and free pause data in ethtool_free (gh#openSUSE/wicked#1030)
- Removed patches included in the source archive:
[- 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- compat-suse: fix dummy interfaces configuration with
INTERFACETYPE=dummy (boo#1229555, gh#openSUSE/wicked#1031)
[+ 0001-compat-suse-repair-dummy-interfaces-boo-1229555.patch]
- xen
-
- bsc#1246112, bsc#1238896 - VUL-0: xen: More AMD transient
execution attack (CVE-2024-36350, CVE-2024-36357, XSA-471)
xsa471-01.patch
xsa471-02.patch
xsa471-03.patch
xsa471-04.patch
xsa471-05.patch
xsa471-06.patch
xsa471-07.patch
xsa471-08.patch
xsa471-09.patch
xsa471-10.patch
xsa471-11.patch
xsa471-12.patch
xsa471-13.patch
xsa471-14.patch
xsa471-15.patch
xsa471-16.patch
xsa471-17.patch
xsa471-18.patch
xsa471-19.patch
xsa471-20.patch
- bsc#1244644 - VUL-0: CVE-2025-27465: xen: x86: Incorrect stubs
exception handling for flags recovery (XSA-470)
xsa470.patch
- bsc#1243117 - VUL-0: CVE-2024-28956: xen: Intel CPU: Indirect
Target Selection (ITS) (XSA-469)
xsa469-01.patch
xsa469-02.patch
xsa469-03.patch
xsa469-04.patch
xsa469-05.patch
xsa469-06.patch
xsa469-07.patch
- bsc#1238043 - VUL-0: CVE-2025-1713: xen: deadlock potential with
VT-d and legacy PCI device pass-through (XSA-467)
xsa467.patch
- bsc#1234282 - VUL-0: xen: XSA-466: Xen hypercall page unsafe
against speculative attacks
xsa466.patch
- Update to Xen 4.16.7 security bug fix release (bsc#1027519)
xen-4.16.7-testing-src.tar.bz2
* No upstream changelog found in sources or webpage
- Dropped patches contained in new tarball
661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
669662ea-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
66bb6f78-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
xen.stubdom.newlib.patch
xsa462.patch
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa463-10.patch
xsa464.patch
- bsc#1232622 - VUL-0: CVE-2024-45818: xen: Deadlock in x86 HVM
standard VGA handling (XSA-463)
xsa463-01.patch
xsa463-02.patch
xsa463-03.patch
xsa463-04.patch
xsa463-05.patch
xsa463-06.patch
xsa463-07.patch
xsa463-08.patch
xsa463-09.patch
xsa463-10.patch
- bsc#1232624 - VUL-0: CVE-2024-45819: xen: libxl leaks data to PVH
guests via ACPI tables (XSA-464)
xsa464.patch
- Drop the following patches
stdvga-cache.patch
- bsc#1232542 - remove usage of net-tools-deprecated from supportconfig plugin
- bsc#1230366 - VUL-0: CVE-2024-45817: xen: x86: Deadlock in
vlapic_error() (XSA-462)
xsa462.patch
- bsc#1228201 - [Baremetal][sles15sp4][guest migration] xl
migration fail , guest not shutdown.
This also fixes, bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86:
Native Branch History Injection (XSA-456)
661d00b8-VMX-prevent-fallthrough-in-vmx_set_reg.patch
- bsc#1228574 - VUL-0: CVE-2024-31145: xen: error handling in x86
IOMMU identity mapping (XSA-460)
66bb7316-x86-IOMMU-move-tracking-in-iommu_identity_mapping.patch
- bsc#1228575 - VUL-0: CVE-2024-31146: xen: PCI device pass-through
with shared resources (XSA-461)
66bb6fa5-x86-pass-through-document-as-security-unsupported.patch
- Drop xsa458.patch in favor of upstream version (bsc#1227355)
669662ea-x86-IRQ-avoid-double-unlock-in-map_domain_pirq.patch
- bsc#1227355 - VUL-0: CVE-2024-31143: xen: double unlock in x86
guest IRQ handling (XSA-458)
xsa458.patch
- bsc#1222453 - VUL-0: CVE-2024-2201: xen: x86: Native Branch
History Injection (XSA-456)
662a6a4c-x86-spec-reporting-of-BHB-clearing.patch
662a6a8d-x86-spec-adjust-logic-to-elide-LFENCE.patch
- zypper
-
- BuildRequires: libzypp-devel >= 17.37.0.
- Use libzypp improvements for preload and mirror handling.
- xmlout.rnc: Update repo-element (bsc#1241463)
Add the "metalink" attribute and reflect that the "url" elements
list may in fact be empty, if no baseurls are defined in the
.repo files.
- man: update --allow-unsigned-rpm description.
Explain how to achieve the same for packages provided by
repositories.
- version 1.14.90
- Updated translations (bsc#1230267)
- version 1.14.89
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88
- Package preloader that concurrently downloads files. It's not yet
enabled per default. To enable the preview set ZYPP_CURL2=1 and
ZYPP_PCK_PRELOAD=1 in the environment. (#104)
- BuildRequires: libzypp-devel >= 17.36.4.
- version 1.14.87
- refresh: add --include-all-archs (fixes #598)
Future multi-arch repos may allow to download only those metadata
which refer to packages actually compatible with the systems
architecture. Some tools however want zypp to provide the full
metadata of a repository without filtering incompatible
architectures.
- info,search: add option to search and list Enhances
(bsc#1237949)
- version 1.14.86
- Annonunce --root in commands not launching a Target
(bsc#1237044)
- BuildRequires: libzypp-devel >= 17.36.3.
- version 1.14.85
- Let zypper dup fail in case of (temporarily) unaccessible repos
(bsc#1228434, bsc#1236939, fixes #446)
- version 1.14.84
- New system-architecture command (bsc#1236384)
Prints the detected system architecture.
- version 1.14.83
- requires: libzypp >= 17.36.0.
- Change versioncmp command to return exit code according to the
comparison result (#593)
- version 1.14.82
- lr: show the repositories keep-packages flag (bsc#1232458)
It is shown in the details view or by using -k,--keep-packages.
In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- version 1.14.81
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
An update repo may contain a prolonged GPG key for the GA repo.
Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
- version 1.14.80
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append "-<version>" or
"-<version>-<release>" to the "<name>" pattern. Note that the
edition part must always match exactly.
- version 1.14.79
- Don't try to download missing raw metadata if cache is not
writable (bsc#1225451)
- man: Update 'search' command description.
Hint to "se -v" showing the matches within the packages metadata.
Explain that search strings starting with a "/" will implicitly
look into the filelist as well. Otherfise an explicit "-f" is
needed.
- version 1.14.78
- API refactoring. Prevent zypper from using now private libzypp
symbols (bsc#1230267)
- BuildRequires: libzypp-devel >= 17.35.10.
- Fix wrong numbers used in CommitSummary skipped/failed messages.
- version 1.14.77