bind
- ensure file descriptors 0-2 are in use before using libuv (bsc#1230649)
  * bind-ensure-file-descriptors-0-2-are-in-use-before-using-.patch
boost
- CVE-2016-9840: fixed out-of-bounds pointer arithmetic in zlib in beast
  (bsc#1245936)
  - adds patch boost-zlib.patch
branding-SLE
- Update plymouth theme to fix splash screen element placement issue.
  (bsc#1236818)
cloud-regionsrv-client
- Update version to 10.5.2 (bsc#1247539)
  + When an instance fails verification server side the default credentials
    were left behind requireing manual intervantion prior to the next
    registration attempt.
  + Fix issue triggered when using instance-billing-flavor-check due to
    IP address handling as object rather than string introduced 10.5.0

- Update version to 10.5.1
  + Fix issue with picking up configured server names from the
    regionsrv config file. Previously only IP addresses were collected
  + Update scriptlet for package uninstall to avoid issues in the
    build service

- Update version to 10.5.0
  + Use region server IP addresses to determine Internet access rather
    than a generic address. Region server IP addresses may not be blocked
    in the network construct. (bsc#1245305)
curl
- tool_operate: fix return code when --retry is used but not
  triggered [bsc#1249367]
  * Add curl-tool_operate-fix-return-code-when-retry-is-used.patch

- Security fixes:
  * [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
  * [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
  * Add patches:
  - curl-CVE-2025-9086.patch
  - curl-CVE-2025-10148.patch

- Fix the --ftp-pasv option in curl v8.14.1 [bsc#1246197]
  * tool_getparam: fix --ftp-pasv [5f805ee]
  * Add curl-fix--ftp-pasv.patch

- Update to 8.14.1: [jsc#PED-13055, jsc#PED-13056]
  * Add _multibuild
  * Rebase patches:
  - curl-disabled-redirect-protocol-message.patch
  - curl-secure-getenv.patch
  - dont-mess-with-rpmoptflags.patch
  - libcurl-ocloexec.patch
  * Remove patches fixed in the update:
  - curl-CVE-2023-28319.patch
  - curl-CVE-2023-28320.patch
  - curl-CVE-2023-28321.patch
  - curl-CVE-2023-28322.patch
  - curl-CVE-2023-32001.patch
  - curl-CVE-2023-38039.patch
  - curl-CVE-2023-38545.patch
  - curl-CVE-2023-38546.patch
  - curl-CVE-2023-46218.patch
  - curl-CVE-2023-46219.patch
  - curl-CVE-2024-11053.patch
  - curl-CVE-2024-2004.patch
  - curl-CVE-2024-2398.patch
  - curl-CVE-2024-7264.patch
  - curl-CVE-2024-8096.patch
  - curl-CVE-2024-9681.patch
  - curl-CVE-2025-0167.patch
  - curl-CVE-2025-0725.patch
  - curl-aws_sigv4-canonicalise-valueless-query-params.patch
  - curl-aws_sigv4-canonicalize-the-query.patch
  - curl-aws_sigv4-skip-the-op-if-the-query-pair-is-zero-bytes.patch
  - curl-aws_sigv4-the-query-canon-code-miscounted-url-encoded-input.patch
  - curl-aws_sigv4-url-encode-the-canonical-path.patch
  - curl-aws_sigv4-verify-query-canonization.patch
  - curl-libssh_Implement_SFTP_packet_size_limit.patch

- Sync spec file with SLE codestreams: [jsc#PED-13055, jsc#PED-13056]
  * Add curl-mini.rpmlintrc to avoid rpmlint shlib-policy-name-error
    when building the curl-mini package in SLE.
  * Add libssh minimum version requirements.
  * Use ldconfig_scriptlets when available.
  * Remove unused option --disable-ntlm-wb.
docker
- Update to Docker 28.3.3-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/28/#2833>
  CVE-2025-54388 bsc#1247367

- Update to docker-buildx v0.26.1. Upstream changelog:
  <https://github.com/docker/buildx/releases/tag/v0.26.1>

- Update to docker-buildx v0.26.0. Upstream changelog:
  <https://github.com/docker/buildx/releases/tag/v0.26.0>

- Update to Go 1.24 for builds, to match upstream.

- Update to Docker 28.3.2-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/28/#2832>

- Update to Docker 28.3.1-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/28/#2831>

- Update to Docker 28.3.0-ce. See upstream changelog online at
  <https://docs.docker.com/engine/release-notes/28/#2830>
  bsc#1246556
- Rebase patches:
  * 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
  * 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
  * 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
  * 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
  * 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
  * 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
dracut
- Update to version 055+suse.398.g8f75016e:
  * fix(dracut-util): crash if CMDLINE ends with quotation mark (bsc#1247819)
  * fix(rngd): adjust license to match the license of the whole project
grub2
- Skip mount point in grub_find_device function (bsc#1246231)
  * 0001-getroot-Skip-mount-points-in-grub_find_device.patch

- Fix CVE-2024-56738: side-channel attack due to not constant-time
  algorithm in grub_crypto_memcmp (bsc#1234959)
  * grub2-constant-time-grub_crypto_memcmp.patch
hwinfo
- merge gh#openSUSE/hwinfo#168
- fix usb network card detection (bsc#1245950)
- 21.89
kernel-default
- net/sched: ets: use old 'nbands' while purging unused classes
  (git-fixes).
- commit b4fe27e

- Update
  patches.suse/0216-drm-amdgpu-SDMA-update-use-unlocked-iterator.patch
  (jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
  jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
  CVE-2022-50393 bsc#1250278).
- Update
  patches.suse/ASoC-Intel-avs-Fix-potential-RX-buffer-overflow.patch
  (git-fixes CVE-2022-50325 bsc#1249704).
- Update
  patches.suse/Bluetooth-avoid-hci_dev_test_and_set_flag-in-mgmt_in.patch
  (jsc#PED-1407 CVE-2022-50339 bsc#1249913).
- Update
  patches.suse/Bluetooth-hci_conn-Fix-crash-on-hci_create_cis_sync.patch
  (jsc#PED-1407 CVE-2022-50447 bsc#1250771).
- Update
  patches.suse/Bluetooth-use-RCU-for-hci_conn_params-and-iterate-sa.patch
  (git-fixes CVE-2023-53252 bsc#1249756).
- Update
  patches.suse/dma-buf-dma-resv-Stop-leaking-on-krealloc-failure.patch
  (git-fixes CVE-2023-53181 bsc#1249824).
- Update
  patches.suse/drivers-net-qlcnic-Fix-potential-memory-leak-in-qlcn.patch
  (jsc#PED-1523 CVE-2022-50242 bsc#1249696).
- Update
  patches.suse/drm-amd-display-Fix-possible-underflow-for-displays-.patch
  (git-fixes CVE-2023-53258 bsc#1249780).
- Update
  patches.suse/drm-amdgpu-fix-amdgpu_irq_put-call-trace-in-gmc_v10_.patch
  (git-fixes CVE-2023-53193 bsc#1249816).
- Update
  patches.suse/drm-amdgpu-fix-amdgpu_irq_put-call-trace-in-gmc_v11_.patch
  (git-fixes CVE-2023-53237 bsc#1249782).
- Update
  patches.suse/drm-amdgpu-fix-calltrace-warning-in-amddrm_buddy_fin.patch
  (git-fixes CVE-2023-53152 bsc#1249883).
- Update
  patches.suse/drm-amdgpu-fix-memory-leak-in-mes-self-test.patch
  (git-fixes CVE-2023-53370 bsc#1250208).
- Update
  patches.suse/drm-amdkfd-Fix-double-release-compute-pasid.patch
  (bsc#1206843 CVE-2022-50303 bsc#1249884).
- Update
  patches.suse/drm-amdkfd-Fix-kfd_process_device_init_vm-error-hand.patch
  (bsc#1206843 CVE-2022-50354 bsc#1250215).
- Update
  patches.suse/drm-bridge-adv7511-unregister-cec-i2c-device-after-c.patch
  (git-fixes CVE-2022-50412 bsc#1250189).
- Update
  patches.suse/drm-i915-bios-fix-a-memory-leak-in-generate_lfp_data.patch
  (git-fixes CVE-2022-50287 bsc#1249757).
- Update
  patches.suse/drm-i915-dpt-Treat-the-DPT-BO-as-a-framebuffer.patch
  (git-fixes CVE-2023-53378 bsc#1250134).
- Update
  patches.suse/drm-meson-reorder-driver-deinit-sequence-to-fix-use-.patch
  (git-fixes CVE-2022-50378 bsc#1250306).
- Update
  patches.suse/drm-msm-dp-add-atomic_check-to-bridge-ops.patch
  (git-fixes CVE-2022-50398 bsc#1250103).
- Update patches.suse/drm-msm-dp-fix-aux-bus-EP-lifetime.patch
  (git-fixes CVE-2022-50360 bsc#1250037).
- Update patches.suse/drm-msm-dp-fix-bridge-lifetime.patch
  (git-fixes CVE-2022-50292 bsc#1249800).
- Update
  patches.suse/drm-msm-dpu-check-for-null-return-of-devm_kzalloc-in.patch
  (git-fixes CVE-2023-53284 bsc#1249940).
- Update
  patches.suse/drm-nouveau-disp-fix-use-after-free-in-error-handlin.patch
  (bsc#1214073 CVE-2023-53263 bsc#1249861).
- Update
  patches.suse/drm-ttm-fix-bulk_move-corruption-when-adding-a-entry.patch
  (git-fixes CVE-2023-53444 bsc#1250157).
- Update
  patches.suse/drm-ttm-fix-undefined-behavior-in-bit-shift-for-TTM_.patch
  (git-fixes CVE-2022-50390 bsc#1250130).
- Update
  patches.suse/efi-ssdt-Don-t-free-memory-if-ACPI-table-was-loaded-.patch
  (git-fixes CVE-2022-50433 bsc#1250814).
- Update
  patches.suse/fbdev-imxfb-Removed-unneeded-release_mem_region.patch
  (git-fixes CVE-2023-53448 bsc#1250873).
- Update
  patches.suse/genirq-ipi-Fix-NULL-pointer-deref-in-irq_data_get_af.patch
  (git-fixes CVE-2023-53332 bsc#1249951).
- Update
  patches.suse/ice-Block-switchdev-mode-when-ADQ-is-active-and-vice.patch
  (git-fixes CVE-2023-53442 bsc#1250201).
- Update
  patches.suse/io_uring-fix-fget-leak-when-fs-don-t-support-nowait.patch
  (bsc#1205205 CVE-2023-53511 bsc#1250913).
- Update
  patches.suse/iomap-iomap-fix-memory-corruption-when-recording-err.patch
  (git-fixes CVE-2022-50406 bsc#1250165).
- Update
  patches.suse/iommu-Fix-error-unwind-in-iommu_group_alloc.patch
  (git-fixes CVE-2023-53482 bsc#1250832).
- Update
  patches.suse/ipv6-addrconf-fix-a-potential-refcount-underflow-for.patch
  (git-fixes CVE-2023-53189 bsc#1249894).
- Update
  patches.suse/irqchip-gicv3-Workaround-for-NVIDIA-erratum-T241-FABRIC-4.patch
  (bsc#1213533 CVE-2023-53383 bsc#1250327).
- Update
  patches.suse/kobject-Add-sanity-check-for-kset-kobj.ktype-in-kset_register.patch
  (bsc#1234639 CVE-2023-53480 bsc#1250861).
- Update
  patches.suse/md-raid10-check-slab-out-of-bounds-in-md_bitmap_get_-3018.patch
  (git-fixes CVE-2023-53357 bsc#1249994).
- Update
  patches.suse/md-raid5-cache-fix-null-ptr-deref-for-r5l_flush_stri-0d0b.patch
  (git-fixes CVE-2023-53210 bsc#1249673).
- Update
  patches.suse/mlx5-fix-possible-ptp-queue-fifo-use-after-free.patch
  (jsc#PED-1549 CVE-2023-53398 bsc#1250144).
- Update
  patches.suse/msft-hv-3329-hv_netvsc-Fix-panic-during-namespace-deletion-with-V.patch
  (bsc#1248111 CVE-2025-38683 bsc#1249159).
- Update
  patches.suse/mt76-mt7915-Fix-PCI-device-refcount-leak-in-mt7915_p.patch
  (bsc#1209980 CVE-2022-50464 bsc#1250881).
- Update
  patches.suse/mt76-mt7921-fix-kernel-panic-by-accessing-unallocate.patch
  (git-fixes CVE-2023-53232 bsc#1249648).
- Update
  patches.suse/net-do-not-sense-pfmemalloc-status-in-skb_append_pag.patch
  (git-fixes bsc#1223959 CVE-2022-50323 bsc#1249708).
- Update
  patches.suse/net-mlx5-Collect-command-failures-data-only-for-know.patch
  (jsc#PED-1549 CVE-2023-53340 bsc#1250075).
- Update
  patches.suse/net-mlx5-Handle-pairing-of-E-switch-via-uplink-un-lo.patch
  (jsc#PED-1549 CVE-2023-53347 bsc#1250017).
- Update
  patches.suse/net-mlx5-Lag-fix-failure-to-cancel-delayed-bond-work.patch
  (jsc#PED-1549 CVE-2022-50441 bsc#1250849).
- Update
  patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_fs_tt_redirect_an.patch
  (git-fixes CVE-2023-53371 bsc#1250112).
- Update
  patches.suse/net-sched-cake-fix-null-pointer-access-issue-when-ca.patch
  (bsc#1207361 CVE-2022-50452 bsc#1250793).
- Update
  patches.suse/net-sched-fix-memory-leak-in-tcindex_set_parms.patch
  (bsc#1207361 CVE-2022-50396 bsc#1250104).
- Update
  patches.suse/net-sched-sfb-fix-null-pointer-access-issue-when-sfb.patch
  (bsc#1207361 CVE-2022-50356 bsc#1250040).
- Update
  patches.suse/null_blk-fix-poll-request-timeout-handling-5a26.patch
  (git-fixes CVE-2023-53531 bsc#1250931).
- Update
  patches.suse/qlcnic-prevent-dcb-use-after-free-on-qlcnic_dcb_enab.patch
  (jsc#PED-1523 CVE-2022-50288 bsc#1249802).
- Update
  patches.suse/sched-fair-Don-t-balance-task-to-its-current-running-CPU.patch
  (git fixes (sched) CVE-2023-53215 bsc#1250397).
- Update
  patches.suse/scsi-mpi3mr-Fix-issues-in-mpi3mr_get_all_tgt_info.patch
  (git-fixes CVE-2023-53320 bsc#1250068).
- Update
  patches.suse/scsi-qla4xxx-Add-length-check-when-parsing-nlattrs.patch
  (git-fixes CVE-2023-53456 bsc#1250765).
- Update
  patches.suse/shmem-use-ramfs_kill_sb-for-kill_sb-method-of-ramfs-based-tmpfs.patch
  (git-fixes CVE-2023-53391 bsc#1250117).
- Update
  patches.suse/tcp-udp-Fix-memleaks-of-sk-and-zerocopy-skbs-with-TX.patch
  (git-fixes CVE-2023-53489 bsc#1250829).
- Update
  patches.suse/usb-cdns3-Put-the-cdns-set-active-part-outside-the-s.patch
  (git-fixes CVE-2023-53287 bsc#1250089).
- Update patches.suse/usb-dwc3-core-fix-some-leaks-in-probe.patch
  (git-fixes CVE-2022-50357 bsc#1250042).
- Update
  patches.suse/usb-ucsi_acpi-Increase-the-command-completion-timeou.patch
  (git-fixes CVE-2023-53168 bsc#1249874).
- Update
  patches.suse/wifi-ath11k-fix-deinitialization-of-firmware-resourc.patch
  (git-fixes CVE-2023-53532 bsc#1250932).
- Update
  patches.suse/wifi-ath11k-mhi-fix-potential-memory-leak-in-ath11k_.patch
  (bsc#1206451 CVE-2022-50418 bsc#1250285).
- Update
  patches.suse/wifi-mt76-mt7915-fix-memory-leak-in-mt7915_mcu_exit.patch
  (git-fixes CVE-2023-53466 bsc#1250862).
- commit f85a51b

- net: If sock is dead don't access sock's sk_wq in
  sk_stream_wait_memory (CVE-2022-50409 bsc#1250392).
- commit 89e3be4

- net/mdiobus: Fix potential out-of-bounds read/write access
  (CVE-2025-38111 bsc#1245666).
- igb: Do not free q_vector unless new one was allocated
  (CVE-2022-50252 bsc#1249846).
- commit ce67a8c

- Update
  patches.suse/0001-mm-mempolicy-fix-memory-leak-in-set_mempolicy_home_n.patch
  (bsc#1206468 CVE-2022-50391 bsc#1250138).
- Update
  patches.suse/0001-ubi-ensure-that-VID-header-offset-VID-header-size-al.patch
  (bsc#1210584 CVE-2023-53265 bsc#1249908).
- Update
  patches.suse/0014-md-Replace-snprintf-with-scnprintf.patch
  (git-fixes bsc#1164051 CVE-2022-50299 bsc#1249734).
- Update
  patches.suse/0054-block-bfq-fix-uaf-for-bfqq-in-bfq_exit_icq_bfqq.patch
  (git-fixes CVE-2022-50329 bsc#1249699).
- Update
  patches.suse/ACPI-tables-FPDT-Don-t-call-acpi_os_map_memory-on-in.patch
  (git-fixes CVE-2022-50320 bsc#1249858).
- Update
  patches.suse/ACPICA-Add-AML_NO_OPERAND_RESOLVE-flag-to-Timer.patch
  (git-fixes CVE-2023-53395 bsc#1250358).
- Update
  patches.suse/ACPICA-Avoid-undefined-behavior-applying-zero-offset.patch
  (git-fixes CVE-2023-53182 bsc#1250010).
- Update
  patches.suse/ACPICA-Fix-error-code-path-in-acpi_ds_call_control_m.patch
  (git-fixes CVE-2022-50411 bsc#1250393).
- Update
  patches.suse/ACPICA-Fix-use-after-free-in-acpi_ut_copy_ipackage_t.patch
  (git-fixes CVE-2022-50423 bsc#1250784).
- Update
  patches.suse/ALSA-ac97-fix-possible-memory-leak-in-snd_ac97_dev_r.patch
  (git-fixes CVE-2022-50427 bsc#1250787).
- Update
  patches.suse/ALSA-aoa-i2sbus-fix-possible-memory-leak-in-i2sbus_a.patch
  (git-fixes CVE-2022-50431 bsc#1250790).
- Update
  patches.suse/ALSA-hda-Fix-Oops-by-9.1-surround-channel-names.patch
  (git-fixes CVE-2023-53400 bsc#1250328).
- Update
  patches.suse/ALSA-hda-fix-a-possible-null-pointer-dereference-due.patch
  (git-fixes CVE-2023-53275 bsc#1250459).
- Update
  patches.suse/ASoC-fsl_mqs-move-of_node_put-to-the-correct-locatio.patch
  (git-fixes CVE-2023-53268 bsc#1249914).
- Update
  patches.suse/ASoC-mediatek-mt8173-Enable-IRQ-when-pdata-is-ready.patch
  (git-fixes CVE-2022-50439 bsc#1250948).
- Update
  patches.suse/ASoC-mediatek-mt8183-fix-refcount-leak-in-mt8183_mt6.patch
  (git-fixes CVE-2022-50392 bsc#1250105).
- Update patches.suse/ASoC-qcom-Add-checks-for-devm_kcalloc.patch
  (git-fixes CVE-2022-50308 bsc#1249722).
- Update
  patches.suse/Bluetooth-Fix-potential-use-after-free-when-clear-ke.patch
  (git-fixes CVE-2023-53386 bsc#1250106).
- Update patches.suse/Bluetooth-L2CAP-Fix-use-after-free.patch
  (git-fixes CVE-2023-53305 bsc#1250049).
- Update patches.suse/Bluetooth-L2CAP-Fix-user-after-free.patch
  (git-fixes CVE-2022-50386 bsc#1250301).
- Update
  patches.suse/Bluetooth-L2CAP-fix-bad-unlock-balance-in-l2cap_disc.patch
  (git-fixes CVE-2023-53297 bsc#1250322).
- Update
  patches.suse/Bluetooth-hci_-ldisc-serdev-check-percpu_init_rwsem-.patch
  (git-fixes CVE-2022-50374 bsc#1250060).
- Update
  patches.suse/Bluetooth-hci_sysfs-Fix-attempting-to-call-device_ad.patch
  (git-fixes CVE-2022-50419 bsc#1250394).
- Update
  patches.suse/FS-JFS-Fix-null-ptr-deref-Read-in-txBegin.patch
  (git-fixes CVE-2023-53457 bsc#1250763).
- Update
  patches.suse/HID-multitouch-Correct-devm-device-reference-for-hid.patch
  (git-fixes CVE-2023-53454 bsc#1250759).
- Update
  patches.suse/IB-hfi1-Fix-possible-panic-during-hotplug-remove.patch
  (git-fixes CVE-2023-53488 bsc#1250825).
- Update
  patches.suse/KVM-s390-diag-fix-racy-access-of-physical-cpu-number-in-diag-9c-handler.patch
  (git-fixes bsc#1215911 CVE-2023-53205 bsc#1249677).
- Update patches.suse/NFS-Fix-an-Oops-in-nfs_d_automount.patch
  (git-fixes CVE-2022-50385 bsc#1250131).
- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-R.patch
  (bsc#1205128 CVE-2022-43945 CVE-2022-50410 bsc#1250187).
- Update
  patches.suse/NFSD-Protect-against-send-buffer-overflow-in-NFSv2-Rdir.patch
  (bsc#1205128 CVE-2022-43945 CVE-2022-50235 bsc#1249667).
- Update
  patches.suse/NFSD-fix-leaked-reference-count-of-nfsd4_ssc_umount_.patch
  (git-fixes CVE-2023-53381 bsc#1250118).
- Update
  patches.suse/NFSD-fix-use-after-free-on-source-server-when-doing-.patch
  (git-fixes CVE-2022-50241 bsc#1249691).
- Update
  patches.suse/PCI-ASPM-Disable-ASPM-on-MFD-function-removal-to-avo.patch
  (git-fixes CVE-2023-53446 bsc#1250145).
- Update
  patches.suse/PM-devfreq-Fix-leak-in-devfreq_dev_release.patch
  (git-fixes CVE-2023-53518 bsc#1250923).
- Update
  patches.suse/PNP-fix-name-memory-leak-in-pnp_alloc_dev.patch
  (git-fixes CVE-2022-50278 bsc#1249715).
- Update
  patches.suse/RDMA-bnxt_re-wraparound-mbox-producer-index.patch
  (git-fixes CVE-2023-53201 bsc#1249687).
- Update
  patches.suse/RDMA-cma-Allow-UD-qp_type-to-join-multicast-only.patch
  (git-fixes CVE-2023-53525 bsc#1250927).
- Update
  patches.suse/RDMA-cxgb4-Fix-potential-null-ptr-deref-in-pass_esta.patch
  (git-fixes CVE-2023-53335 bsc#1250072).
- Update
  patches.suse/RDMA-mlx5-Fix-mlx5_ib_get_hw_stats-when-used-for-dev.patch
  (git-fixes CVE-2023-53393 bsc#1250114).
- Update
  patches.suse/RDMA-mlx5-Return-the-firmware-result-upon-destroying.patch
  (git-fixes CVE-2023-53286 bsc#1250325).
- Update
  patches.suse/USB-chipidea-fix-memory-leak-with-using-debugfs_look.patch
  (git-fixes CVE-2023-53334 bsc#1250077).
- Update
  patches.suse/USB-dwc3-fix-memory-leak-with-using-debugfs_lookup.patch
  (git-fixes CVE-2023-53415 bsc#1250412).
- Update
  patches.suse/USB-fix-memory-leak-with-using-debugfs_lookup.patch
  (git-fixes CVE-2023-53359 bsc#1250316).
- Update
  patches.suse/USB-fotg210-fix-memory-leak-with-using-debugfs_looku.patch
  (git-fixes CVE-2023-53404 bsc#1250331).
- Update
  patches.suse/USB-gadget-gr_udc-fix-memory-leak-with-using-debugfs.patch
  (git-fixes CVE-2023-53405 bsc#1250454).
- Update
  patches.suse/USB-gadget-pxa25x_udc-fix-memory-leak-with-using-deb.patch
  (git-fixes CVE-2023-53406 bsc#1250362).
- Update
  patches.suse/USB-isp116x-fix-memory-leak-with-using-debugfs_looku.patch
  (git-fixes CVE-2023-53413 bsc#1250370).
- Update
  patches.suse/USB-isp1362-fix-memory-leak-with-using-debugfs_looku.patch
  (git-fixes CVE-2023-53416 bsc#1250428).
- Update
  patches.suse/USB-uhci-fix-memory-leak-with-using-debugfs_lookup.patch
  (git-fixes CVE-2023-53197 bsc#1249791).
- Update
  patches.suse/VMCI-check-context-notify_page-after-call-to-get_use.patch
  (git-fixes CVE-2023-53259 bsc#1249767).
- Update
  patches.suse/arm64-efi-Make-efi_rt_lock-a-raw_spinlock.patch
  (git-fixes CVE-2023-53216 bsc#1249669).
- Update
  patches.suse/blk-mq-fix-possible-memleak-when-register-hctx-failed-4b7a.patch
  (git-fixes CVE-2022-50434 bsc#1250792).
- Update
  patches.suse/brcmfmac-return-error-when-getting-invalid-max_flowr.patch
  (git-fixes CVE-2022-50358 bsc#1250264).
- Update
  patches.suse/btrfs-fix-race-between-quota-enable-and-quota-rescan.patch
  (bsc#1207158 CVE-2022-50379 bsc#1250245).
- Update
  patches.suse/btrfs-fix-resolving-backrefs-for-inline-extent-follo.patch
  (bsc#1206456 CVE-2022-50456 bsc#1250856).
- Update
  patches.suse/caif-fix-memory-leak-in-cfctrl_linkup_request.patch
  (git-fixes CVE-2023-53330 bsc#1249954).
- Update
  patches.suse/can-bcm-bcm_tx_setup-fix-KMSAN-uninit-value-in-vfs_w.patch
  (git-fixes CVE-2023-53344 bsc#1250023).
- Update
  patches.suse/cassini-Fix-a-memory-leak-in-the-error-handling-path.patch
  (git-fixes CVE-2023-53435 bsc#1250159).
- Update
  patches.suse/chardev-fix-error-handling-in-cdev_device_add.patch
  (git-fixes CVE-2022-50282 bsc#1249739).
- Update
  patches.suse/cifs-Fix-memory-leak-when-build-ntlmssp-negotiate-blob-failed.patch
  (bsc#1193629 CVE-2022-50372 bsc#1250052).
- Update
  patches.suse/cifs-Fix-warning-and-UAF-when-destroy-the-MR-list.patch
  (git-fixes CVE-2023-53427 bsc#1250168).
- Update patches.suse/cifs-Fix-xid-leak-in-cifs_create-.patch
  (bsc#1193629 CVE-2022-50351 bsc#1249925).
- Update patches.suse/cifs-Fix-xid-leak-in-cifs_flock-.patch
  (bsc#1193629 CVE-2022-50460 bsc#1250879).
- Update
  patches.suse/cifs-fix-DFS-traversal-oops-without-CONFIG_CIFS_DFS_UPCALL.patch
  (bsc#1193629 CVE-2023-53246 bsc#1249867).
- Update
  patches.suse/cifs-prevent-use-after-free-by-freeing-the-cfile-later.patch
  (bsc#1193629 CVE-2023-53377 bsc#1250161).
- Update
  patches.suse/clk-imx-clk-imx8mn-fix-memory-leak-in-imx8mn_clocks_.patch
  (git-fixes CVE-2023-53249 bsc#1249642).
- Update
  patches.suse/clk-samsung-Fix-memory-leak-in-_samsung_clk_register.patch
  (git-fixes CVE-2022-50449 bsc#1250889).
- Update
  patches.suse/clk-socfpga-Fix-memory-leak-in-socfpga_gate_init.patch
  (git-fixes CVE-2022-50264 bsc#1249685).
- Update
  patches.suse/clk-tegra-Fix-refcount-leak-in-tegra210_clock_init.patch
  (git-fixes CVE-2022-50458 bsc#1250891).
- Update
  patches.suse/clk-tegra-tegra124-emc-Fix-potential-memory-leak.patch
  (git-fixes CVE-2023-53505 bsc#1250807).
- Update
  patches.suse/clk-tegra20-Fix-refcount-leak-in-tegra20_clock_init.patch
  (git-fixes CVE-2022-50444 bsc#1250767).
- Update
  patches.suse/cpufreq-qcom-fix-writes-in-read-only-memory-region.patch
  (git-fixes CVE-2022-50239 bsc#1249836).
- Update
  patches.suse/crypto-cavium-prevent-integer-overflow-loading-firmw.patch
  (git-fixes CVE-2022-50330 bsc#1249700).
- Update patches.suse/crypto-seqiv-Handle-EBUSY-correctly.patch
  (git-fixes CVE-2023-53373 bsc#1250137).
- Update patches.suse/crypto-xts-Handle-EBUSY-correctly.patch
  (git-fixes CVE-2023-53494 bsc#1250822).
- Update
  patches.suse/dmaengine-hisilicon-Add-multi-thread-support-for-a-D.patch
  (git-fixes CVE-2022-50362 bsc#1250039).
- Update
  patches.suse/drivers-base-component-fix-memory-leak-with-using-de.patch
  (git-fixes CVE-2023-53409 bsc#1250418).
- Update
  patches.suse/drivers-base-dd-fix-memory-leak-with-using-debugfs_l.patch
  (git-fixes CVE-2023-53390 bsc#1250453).
- Update
  patches.suse/drivers-md-md-bitmap-check-the-return-value-of-md_bitmap_get_counter-3bd5.patch
  (git-fixes CVE-2022-50402 bsc#1250363).
- Update
  patches.suse/drivers-serial-jsm-fix-some-leaks-in-probe.patch
  (git-fixes CVE-2022-50312 bsc#1249716).
- Update
  patches.suse/drivers-staging-rtl8723bs-Fix-locking-in-_rtw_join_t.patch
  (git-fixes CVE-2023-53281 bsc#1249939).
- Update
  patches.suse/drm-amd-display-Fix-potential-null-dereference.patch
  (git-fixes CVE-2023-53498 bsc#1250819).
- Update
  patches.suse/drm-amdgpu-gfx-disable-gfx9-cp_ecc_error_irq-only-wh.patch
  (git-fixes CVE-2023-53471 bsc#1250866).
- Update
  patches.suse/drm-bridge-megachips-Fix-a-null-pointer-dereference-.patch
  (git-fixes CVE-2022-50317 bsc#1249713).
- Update
  patches.suse/drm-client-Fix-memory-leak-in-drm_client_modeset_pro.patch
  (git-fixes CVE-2023-53288 bsc#1250058).
- Update
  patches.suse/drm-mediatek-Clean-dangling-pointer-on-bind-error-pa.patch
  (git-fixes CVE-2023-53388 bsc#1250191).
- Update
  patches.suse/drm-msm-Make-.remove-and-.shutdown-HW-shutdown-consi.patch
  (git-fixes CVE-2022-50260 bsc#1249885).
- Update
  patches.suse/drm-msm-dp-Free-resources-after-unregistering-them.patch
  (git-fixes CVE-2023-53316 bsc#1250066).
- Update
  patches.suse/drm-msm-dsi-Add-missing-check-for-alloc_ordered_work.patch
  (git-fixes CVE-2023-53223 bsc#1250080).
- Update
  patches.suse/drm-msm-dsi-fix-memory-corruption-with-too-many-brid.patch
  (git-fixes CVE-2022-50368 bsc#1250009).
- Update
  patches.suse/drm-msm-hdmi-fix-memory-corruption-with-too-many-bri.patch
  (git-fixes CVE-2022-50437 bsc#1250797).
- Update patches.suse/drm-msm-mdp5-Add-check-for-kzalloc.patch
  (git-fixes CVE-2023-53239 bsc#1249781).
- Update
  patches.suse/drm-msm-mdp5-Don-t-leak-some-plane-state.patch
  (git-fixes CVE-2023-53324 bsc#1250070).
- Update
  patches.suse/drm-nouveau-fix-a-use-after-free-in-nouveau_gem_prim.patch
  (git-fixes CVE-2022-50454 bsc#1250890).
- Update
  patches.suse/drm-panfrost-Fix-GEM-handle-creation-ref-counting.patch
  (git-fixes CVE-2022-50417 bsc#1250184).
- Update
  patches.suse/drm-radeon-Add-the-missed-acpi_put_table-to-fix-memo.patch
  (git-fixes CVE-2022-50275 bsc#1249705).
- Update
  patches.suse/drm-radeon-Fix-integer-overflow-in-radeon_cs_parser_.patch
  (git-fixes CVE-2023-53309 bsc#1250055).
- Update
  patches.suse/drm-radeon-free-iio-for-atombios-when-driver-shutdow.patch
  (git-fixes CVE-2023-53453 bsc#1250761).
- Update
  patches.suse/drm-rockchip-lvds-fix-PM-usage-counter-unbalance-in-.patch
  (git-fixes CVE-2022-50443 bsc#1250768).
- Update
  patches.suse/drm-sti-Fix-return-type-of-sti_-dvo-hda-hdmi-_connec.patch
  (git-fixes CVE-2022-50261 bsc#1249742).
- Update
  patches.suse/drm-ttm-check-null-pointer-before-accessing-when-swa.patch
  (git-fixes CVE-2023-53352 bsc#1250006).
- Update patches.suse/drm-vkms-Fix-memory-leak-in-vkms_init.patch
  (git-fixes CVE-2022-50269 bsc#1249777).
- Update
  patches.suse/drm-vkms-Fix-null-ptr-deref-in-vkms_release.patch
  (git-fixes CVE-2022-50369 bsc#1250026).
- Update
  patches.suse/drm-vmwgfx-Validate-the-box-size-for-the-snooped-cur.patch
  (bsc#1203332 CVE-2022-36280 git-fixes CVE-2022-50440
  bsc#1250853).
- Update
  patches.suse/ext4-avoid-crash-when-inline-data-creation-follows-D.patch
  (bsc#1206883 CVE-2022-50435 bsc#1250799).
- Update
  patches.suse/ext4-avoid-deadlock-in-fs-reclaim-with-page-writebac.patch
  (bsc#1213016 CVE-2023-53149 bsc#1249882).
- Update
  patches.suse/ext4-don-t-allow-journal-inode-to-have-encrypt-flag.patch
  (bsc#1207621 CVE-2022-50277 bsc#1249750).
- Update
  patches.suse/ext4-don-t-set-up-encryption-key-during-jbd2-transac.patch
  (bsc#1207624 CVE-2022-50436 bsc#1250846).
- Update patches.suse/ext4-fix-WARNING-in-mb_find_extent.patch
  (bsc#1213099 CVE-2023-53317 bsc#1250081).
- Update
  patches.suse/ext4-fix-delayed-allocation-bug-in-ext4_clu_mapped-f.patch
  (bsc#1207631 CVE-2022-50286 bsc#1249753).
- Update
  patches.suse/ext4-fix-i_disksize-exceeding-i_size-problem-in-pari.patch
  (bsc#1213015 CVE-2023-53270 bsc#1249872).
- Update
  patches.suse/ext4-fix-leaking-uninitialized-memory-in-fast-commit.patch
  (bsc#1207625 CVE-2022-50465 bsc#1250883).
- Update
  patches.suse/ext4-fix-null-ptr-deref-in-ext4_write_info.patch
  (bsc#1206884 CVE-2022-50344 bsc#1250014).
- Update
  patches.suse/ext4-fix-off-by-one-errors-in-fast-commit-block-fill.patch
  (bsc#1207628 CVE-2022-50428 bsc#1250786).
- Update
  patches.suse/ext4-improve-error-handling-from-ext4_dirhash.patch
  (bsc#1213104 CVE-2023-53473 bsc#1250848).
- Update
  patches.suse/ext4-init-quota-for-old.inode-in-ext4_rename.patch
  (bsc#1207629 CVE-2022-50346 bsc#1250044).
- Update
  patches.suse/fbdev-ep93xx-fb-Do-not-assign-to-struct-fb_info.dev.patch
  (git-fixes CVE-2023-53314 bsc#1250065).
- Update
  patches.suse/fbdev-fbcon-release-buffer-when-fbcon_do_set_font-fa.patch
  (git-fixes CVE-2022-50404 bsc#1250153).
- Update
  patches.suse/firmware-dmi-sysfs-Fix-null-ptr-deref-in-dmi_sysfs_r.patch
  (git-fixes CVE-2023-53250 bsc#1249727).
- Update
  patches.suse/firmware-stratix10-svc-Fix-a-potential-resource-leak.patch
  (git-fixes CVE-2023-53255 bsc#1249762).
- Update
  patches.suse/floppy-Fix-memory-leak-in-do_floppy_init.patch
  (git-fixes CVE-2022-50342 bsc#1249890).
- Update
  patches.suse/fs-binfmt_elf-Fix-memory-leak-in-load_elf_binary.patch
  (git-fixes CVE-2022-50466 bsc#1250875).
- Update patches.suse/fs-dlm-fix-race-in-lowcomms.patch (git-fixes
  CVE-2022-50373 bsc#1250287).
- Update
  patches.suse/fs-fix-UAF-GPF-bug-in-nilfs_mdt_destroy.patch
  (CVE-2022-2978 bsc#1202700 CVE-2022-50367 bsc#1250277).
- Update
  patches.suse/fs-jfs-Fix-UBSAN-array-index-out-of-bounds-in-dbAllocDmapLev.patch
  (git-fixes CVE-2023-53485 bsc#1250872).
- Update
  patches.suse/fs-jfs-fix-shift-out-of-bounds-in-dbDiscardAG.patch
  (git-fixes CVE-2022-50333 bsc#1249860).
- Update
  patches.suse/gpiolib-cdev-fix-NULL-pointer-dereferences.patch
  (git-fixes CVE-2022-50453 bsc#1250887).
- Update
  patches.suse/i2c-designware-Fix-handling-of-real-but-unexpected-d.patch
  (git-fixes CVE-2022-50370 bsc#1250011).
- Update
  patches.suse/i2c-ismt-Fix-an-out-of-bounds-bug-in-ismt_access.patch
  (git-fixes CVE-2022-50394 bsc#1250107).
- Update
  patches.suse/i2c-mux-reg-check-return-value-after-calling-platfor.patch
  (git-fixes CVE-2022-50364 bsc#1250083).
- Update
  patches.suse/ibmvnic-Do-not-reset-dql-stats-on-NON_FATAL-err.patch
  (bsc#1212603 ltc#202604 CVE-2023-53463 bsc#1250867).
- Update
  patches.suse/integrity-Fix-memory-leakage-in-keyring-allocation-e.patch
  (git-fixes CVE-2022-50395 bsc#1250211).
- Update
  patches.suse/io_uring-af_unix-defer-registered-files-gc-to-io_uri.patch
  (bsc#1204228 CVE-2022-2602 CVE-2022-50234 bsc#1249664).
- Update patches.suse/iommu-omap-Fix-buffer-overflow-in-debugfs
  (git-fixes CVE-2022-50301 bsc#1249733).
- Update
  patches.suse/iw_cxgb4-Fix-potential-NULL-dereference-in-c4iw_fill.patch
  (git-fixes CVE-2023-53476 bsc#1250839).
- Update
  patches.suse/jbd2-check-jh-b_transaction-before-removing-it-from-.patch
  (bsc#1214953 CVE-2023-53526 bsc#1250928).
- Update
  patches.suse/jbd2-fix-potential-use-after-free-in-jbd2_fc_wait_bu.patch
  (bsc#1207645 CVE-2022-50328 bsc#1250181).
- Update
  patches.suse/jfs-jfs_dmap-Validate-db_l2nbperpage-while-mounting.patch
  (git-fixes CVE-2023-53222 bsc#1249864).
- Update
  patches.suse/kernfs-fix-use-after-free-in-__kernfs_remove.patch
  (git-fixes CVE-2022-50432 bsc#1250851).
- Update
  patches.suse/kprobes-Fix-check-for-probe-enabled-in-kill_kprobe.patch
  (git-fixes CVE-2022-50266 bsc#1249810).
- Update patches.suse/md-fix-a-crash-in-mempool_free-3410.patch
  (git-fixes CVE-2022-50381 bsc#1250257).
- Update
  patches.suse/md-raid10-fix-leak-of-r10bio-remaining-for-recovery-2620.patch
  (git-fixes CVE-2023-53299 bsc#1249927).
- Update
  patches.suse/md-raid10-fix-null-ptr-deref-of-mreplace-in-raid10_s-3481.patch
  (git-fixes CVE-2023-53380 bsc#1250198).
- Update
  patches.suse/md-raid10-fix-wrong-setting-of-max_corr_read_errors-f8b2.patch
  (git-fixes CVE-2023-53313 bsc#1249911).
- Update
  patches.suse/md-raid10-prevent-soft-lockup-while-flush-writes-0104.patch
  (git-fixes CVE-2023-53151 bsc#1249865).
- Update
  patches.suse/media-atomisp-prevent-integer-overflow-in-sh_css_set.patch
  (git-fixes CVE-2022-50399 bsc#1250108).
- Update
  patches.suse/media-cx23885-Fix-a-null-ptr-deref-bug-in-buffer_pre.patch
  (git-fixes CVE-2023-53458 bsc#1250864).
- Update
  patches.suse/media-cx88-Fix-a-null-ptr-deref-bug-in-buffer_prepar.patch
  (git-fixes CVE-2022-50359 bsc#1250269).
- Update
  patches.suse/media-dvb-usb-az6027-fix-null-ptr-deref-in-az6027_i2.patch
  (git-fixes bsc#1209291 CVE-2023-28328 CVE-2022-50272
  bsc#1249808).
- Update
  patches.suse/media-netup_unidvb-fix-use-after-free-at-del_timer.patch
  (git-fixes CVE-2023-53219 bsc#1249661).
- Update
  patches.suse/media-ov2740-Fix-memleak-in-ov2740_init_controls.patch
  (git-fixes CVE-2023-53349 bsc#1250015).
- Update
  patches.suse/media-pci-tw68-Fix-null-ptr-deref-bug-in-buf-prepare.patch
  (git-fixes CVE-2023-53244 bsc#1249868).
- Update
  patches.suse/media-uvcvideo-Handle-cameras-with-invalid-descripto.patch
  (git-fixes CVE-2023-53437 bsc#1250178).
- Update
  patches.suse/media-v4l2-mem2mem-add-lock-to-protect-parameter-num.patch
  (git-fixes CVE-2023-53519 bsc#1250964).
- Update
  patches.suse/media-vimc-Fix-wrong-function-called-when-vimc_init-.patch
  (git-fixes CVE-2022-50340 bsc#1249892).
- Update
  patches.suse/media-xilinx-vipp-Fix-refcount-leak-in-xvip_graph_dm.patch
  (git-fixes CVE-2022-50309 bsc#1249718).
- Update
  patches.suse/memory-of-Fix-refcount-leak-bug-in-of_get_ddr_timing.patch
  (git-fixes CVE-2022-50249 bsc#1249747).
- Update
  patches.suse/memory-of-Fix-refcount-leak-bug-in-of_lpddr3_get_ddr.patch
  (git-fixes CVE-2022-50429 bsc#1250811).
- Update
  patches.suse/mfd-arizona-Use-pm_runtime_resume_and_get-to-prevent.patch
  (git-fixes CVE-2023-53443 bsc#1250457).
- Update
  patches.suse/misc-tifm-fix-possible-memory-leak-in-tifm_7xx1_swit.patch
  (git-fixes CVE-2022-50349 bsc#1249920).
- Update
  patches.suse/mmc-moxart-fix-return-value-check-of-mmc_add_host.patch
  (git-fixes CVE-2022-50268 bsc#1249741).
- Update
  patches.suse/mmc-rtsx_pci-fix-return-value-check-of-mmc_add_host.patch
  (git-fixes CVE-2022-50267 bsc#1249749).
- Update
  patches.suse/mmc-rtsx_usb_sdmmc-fix-return-value-check-of-mmc_add.patch
  (git-fixes CVE-2022-50347 bsc#1249928).
- Update
  patches.suse/mmc-vub300-fix-return-value-check-of-mmc_add_host.patch
  (git-fixes CVE-2022-50251 bsc#1249745).
- Update
  patches.suse/mmc-vub300-fix-warning-do-not-call-blocking-ops-when.patch
  (git-fixes CVE-2022-50430 bsc#1250791).
- Update
  patches.suse/mmc-wmt-sdmmc-fix-return-value-check-of-mmc_add_host.patch
  (git-fixes CVE-2022-50353 bsc#1250047).
- Update
  patches.suse/msft-hv-2770-Drivers-vmbus-Check-for-channel-allocation-before-lo.patch
  (git-fixes CVE-2023-53273 bsc#1249930).
- Update
  patches.suse/msft-hv-2841-scsi-storvsc-Fix-handling-of-virtual-Fibre-Channel-t.patch
  (git-fixes CVE-2023-53245 bsc#1249641).
- Update
  patches.suse/mtd-maps-pxa2xx-flash-fix-memory-leak-in-probe.patch
  (git-fixes CVE-2022-50324 bsc#1249701).
- Update
  patches.suse/net-ena-fix-shift-out-of-bounds-in-exponential-backo.patch
  (git-fixes CVE-2023-53272 bsc#1249917).
- Update
  patches.suse/netfilter-conntrack-dccp-copy-entire-header-to-stack.patch
  (CVE-2023-39197 bsc#1216976 CVE-2023-53333 bsc#1249949).
- Update
  patches.suse/netfilter-ipset-add-the-missing-IP_SET_HASH_WITH_NET.patch
  (CVE-2023-42753 bsc#1215150 CVE-2023-53179 bsc#1249825).
- Update
  patches.suse/netfilter-nf_tables-do-not-ignore-genmask-when-looki.patch
  (CVE-2023-31248 bsc#1213061 CVE-2023-53492 bsc#1250823).
- Update
  patches.suse/netfilter-nft_set_rbtree-fix-overlap-expiration-walk.patch
  (CVE-2023-52923 bsc#1236104 CVE-2023-53304 bsc#1249923).
- Update
  patches.suse/nfc-fix-memory-leak-of-se_io-context-in-nfc_genl_se_.patch
  (git-fixes CVE-2023-53298 bsc#1249944).
- Update
  patches.suse/nfsd-Fix-a-memory-leak-in-an-error-handling-path.patch
  (git-fixes CVE-2022-50348 bsc#1249924).
- Update
  patches.suse/nfsd-call-op_release-even-when-op_func-returns-an-er.patch
  (git-fixes CVE-2023-53241 bsc#1249638).
- Update
  patches.suse/nfsd-under-NFSv4.1-fix-double-svc_xprt_put-on-rpc_cr.patch
  (git-fixes CVE-2022-50401 bsc#1250140).
- Update
  patches.suse/nilfs2-do-not-write-dirty-data-after-degenerating-to.patch
  (git-fixes CVE-2023-53337 bsc#1250315).
- Update patches.suse/nilfs2-fix-sysfs-interface-lifetime.patch
  (git-fixes CVE-2023-53440 bsc#1250151).
- Update
  patches.suse/nilfs2-fix-use-after-free-of-nilfs_root-in-dirtying-.patch
  (git-fixes CVE-2023-53311 bsc#1250062).
- Update
  patches.suse/nvme-fix-multipath-crash-caused-by-flush-request-whe.patch
  (git-fixes CVE-2022-50388 bsc#1250293).
- Update
  patches.suse/ocfs2-fix-memory-leak-in-ocfs2_stack_glue_init.patch
  (bsc#1207651 CVE-2022-50289 bsc#1249981).
- Update
  patches.suse/orangefs-Fix-kmemleak-in-orangefs_-kernel-client-_debug_init.patch
  (git-fixes CVE-2022-50376 bsc#1250209).
- Update
  patches.suse/perf-x86-intel-uncore-Fix-reference-count-leak-in-hswep_has_limit_sbox.patch
  (git fixes CVE-2022-50318 bsc#1249709).
- Update
  patches.suse/phy-hisilicon-Fix-an-out-of-bounds-check-in-hisi_inn.patch
  (git-fixes CVE-2023-53238 bsc#1249707).
- Update
  patches.suse/platform-chrome-cros_usbpd_notify-Fix-error-handling.patch
  (git-fixes CVE-2022-50468 bsc#1250877).
- Update
  patches.suse/power-supply-fix-null-pointer-dereferencing-in-power.patch
  (git-fixes CVE-2022-50276 bsc#1249651).
- Update
  patches.suse/powerpc-Don-t-try-to-copy-PPR-for-task-with-NULL-pt_.patch
  (bsc#1065729 CVE-2023-53326 bsc#1250071).
- Update
  patches.suse/powerpc-rtas_flash-allow-user-copy-to-flash-block-ca.patch
  (bsc#1194869 CVE-2023-53487 bsc#1250830).
- Update
  patches.suse/pstore-ram-Check-start-of-empty-przs-during-init.patch
  (git-fixes CVE-2023-53331 bsc#1249950).
- Update
  patches.suse/pwm-lpc32xx-Remove-handling-of-PWM-channels.patch
  (git-fixes CVE-2023-53472 bsc#1250841).
- Update patches.suse/qed-allow-sleep-in-qed_mcp_trace_dump.patch
  (jsc#SLE-19001 CVE-2023-53509 bsc#1250810).
- Update
  patches.suse/regulator-core-fix-use_count-leakage-when-handling-b.patch
  (git-fixes CVE-2022-50250 bsc#1249844).
- Update
  patches.suse/s390-dasd-Fix-potential-memleak-in-dasd_eckd_init.patch
  (git-fixes CVE-2023-53449 bsc#1250874).
- Update
  patches.suse/scsi-core-Fix-possible-memory-leak-if-device_add-fails.patch
  (git-fixes CVE-2023-53174 bsc#1250024).
- Update
  patches.suse/scsi-fcoe-Fix-transport-not-deattached-when-fcoe_if_init-fails.patch
  (git-fixes CVE-2022-50414 bsc#1250183).
- Update
  patches.suse/scsi-iscsi-iscsi_tcp-Fix-null-ptr-deref-while-calling-getpeername.patch
  (git-fixes CVE-2022-50459 bsc#1250850).
- Update
  patches.suse/scsi-iscsi_tcp-Check-that-sock-is-valid-before-iscsi_set_param.patch
  (git-fixes CVE-2023-53464 bsc#1250868).
- Update
  patches.suse/scsi-libsas-Fix-use-after-free-bug-in-smp_execute_task_sg.patch
  (git-fixes CVE-2022-50422 bsc#1250774).
- Update
  patches.suse/scsi-lpfc-Fix-null-ndlp-ptr-dereference-in-abnormal-.patch
  (bsc#1203063 CVE-2022-50467 bsc#1250847).
- Update
  patches.suse/scsi-lpfc-Fix-use-after-free-KFENCE-violation-during.patch
  (bsc#1208607 CVE-2023-53282 bsc#1250311).
- Update patches.suse/scsi-mpt3sas-Fix-a-memory-leak.patch
  (git-fixes CVE-2023-53512 bsc#1250915).
- Update
  patches.suse/scsi-qla2xxx-Fix-potential-NULL-pointer-dereference.patch
  (bsc#1213747 CVE-2023-53451 bsc#1250831).
- Update
  patches.suse/scsi-qla2xxx-Pointer-may-be-dereferenced.patch
  (bsc#1213747 CVE-2023-53150 bsc#1249853).
- Update
  patches.suse/scsi-qla2xxx-Remove-unused-nvme_ls_waitq-wait-queue.patch
  (bsc#1213747 CVE-2023-53280 bsc#1249938).
- Update
  patches.suse/scsi-qla2xxx-Use-raw_smp_processor_id-instead-of-smp.patch
  (git-fixes CVE-2023-53530 bsc#1250949).
- Update
  patches.suse/scsi-qla2xxx-Wait-for-io-return-on-terminate-rport.patch
  (bsc#1211960 CVE-2023-53322 bsc#1250323).
- Update
  patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_intf_remove.patch
  (git-fixes CVE-2023-53521 bsc#1250965).
- Update
  patches.suse/scsi-ses-Handle-enclosure-with-just-a-primary-component-gracefully.patch
  (git-fixes CVE-2023-53431 bsc#1250374).
- Update
  patches.suse/scsi-snic-Fix-memory-leak-with-using-debugfs_lookup.patch
  (git-fixes CVE-2023-53414 bsc#1250425).
- Update
  patches.suse/scsi-snic-Fix-possible-memory-leak-if-device_add-fails.patch
  (git-fixes CVE-2023-53436 bsc#1250156).
- Update
  patches.suse/serial-8250-Reinit-port-pm-on-port-specific-driver-u.patch
  (git-fixes CVE-2023-53176 bsc#1249991).
- Update
  patches.suse/slimbus-qcom-ngd-cleanup-in-probe-error-path.patch
  (git-fixes CVE-2022-50298 bsc#1249934).
- Update
  patches.suse/smb-client-fix-warning-in-cifs_smb3_do_mount-.patch
  (bsc#1193629 CVE-2023-53230 bsc#1249866).
- Update
  patches.suse/soundwire-qcom-fix-storing-port-config-out-of-bounds.patch
  (git-fixes CVE-2023-53465 bsc#1250863).
- Update
  patches.suse/staging-rtl8723bs-fix-potential-memory-leak-in-rtw_i.patch
  (git-fixes CVE-2022-50469 bsc#1250824).
- Update
  patches.suse/staging-vt6655-fix-some-erroneous-memory-clean-up-lo.patch
  (git-fixes CVE-2022-50355 bsc#1250041).
- Update
  patches.suse/thermal-drivers-hisi-Drop-second-sensor-hi3660.patch
  (git-fixes CVE-2023-53242 bsc#1249639).
- Update
  patches.suse/tls-separate-no-async-decryption-request-handling-fr.patch
  (CVE-2024-26583 CVE-2024-26584 bsc#1220185 bsc#1220186
  CVE-2024-58240 bsc#1248847).
- Update
  patches.suse/tpm-tpm_crb-Add-the-missed-acpi_put_table-to-fix-mem.patch
  (git-fixes CVE-2022-50389 bsc#1250121).
- Update
  patches.suse/tracing-Fix-null-pointer-dereference-in-tracing_err_log_open.patch
  (git-fixes CVE-2023-53167 bsc#1249712).
- Update
  patches.suse/tracing-Fix-race-issue-between-cpu-buffer-write-and-swap.patch
  (git-fixes CVE-2023-53368 bsc#1249979).
- Update
  patches.suse/tracing-Fix-reading-strings-from-synthetic-events.patch
  (git-fixes CVE-2022-50255 bsc#1249910).
- Update
  patches.suse/tracing-Free-error-logs-of-tracing-instances.patch
  (git-fixes CVE-2023-53375 bsc#1250197).
- Update
  patches.suse/tty-serial-fsl_lpuart-disable-dma-rx-tx-use-flags-in.patch
  (git-fixes CVE-2022-50375 bsc#1250132).
- Update patches.suse/ubifs-Fix-memory-leak-in-alloc_wbufs.patch
  (git-fixes CVE-2023-53468 bsc#1250888).
- Update patches.suse/ubifs-Fix-memory-leak-in-do_rename.patch
  (git-fixes CVE-2023-53396 bsc#1250200).
- Update patches.suse/ubifs-Free-memory-for-tmpfile-name.patch
  (git-fixes CVE-2023-53276 bsc#1250309).
- Update
  patches.suse/udf-Do-not-bother-merging-very-long-extents.patch
  (bsc#1213040 CVE-2023-53506 bsc#1250963).
- Update
  patches.suse/udf-Do-not-update-file-length-for-failed-writes-to-i.patch
  (bsc#1213041 CVE-2023-53295 bsc#1250324).
- Update
  patches.suse/udf-Fix-uninitialized-array-access-for-some-pathname.patch
  (bsc#1214967 CVE-2023-53165 bsc#1250395).
- Update
  patches.suse/usb-dwc3-qcom-Fix-potential-memory-leak.patch
  (git-fixes CVE-2023-53196 bsc#1249758).
- Update
  patches.suse/usb-gadget-u_serial-Add-null-pointer-check-in-gseria-2f6ecb89fe8f.patch
  (git-fixes CVE-2023-53356 bsc#1249997).
- Update
  patches.suse/usb-phy-phy-tahvo-fix-memory-leak-in-tahvo_usb_probe.patch
  (git-fixes CVE-2023-53379 bsc#1250128).
- Update
  patches.suse/usb-typec-tcpci-fix-of-node-refcount-leak-in-tcpci_r.patch
  (git-fixes CVE-2022-50246 bsc#1249746).
- Update
  patches.suse/usb-xhci-mtk-fix-leakage-of-shared-hcd-when-fail-to-.patch
  (git-fixes CVE-2022-50247 bsc#1249681).
- Update
  patches.suse/usb-xhci-tegra-fix-sleep-in-atomic-call.patch
  (git-fixes CVE-2023-53475 bsc#1250843).
- Update
  patches.suse/vfio-type1-prevent-underflow-of-locked_vm-via-exec.patch
  (git-fixes CVE-2023-53171 bsc#1249933).
- Update
  patches.suse/vhost-vsock-Use-kvmalloc-kvfree-for-larger-packets.patch
  (git-fixes CVE-2022-50271 bsc#1249740).
- Update
  patches.suse/virtio-mmio-don-t-break-lifecycle-of-vm_dev.patch
  (git-fixes CVE-2023-53515 bsc#1250917).
- Update
  patches.suse/virtio_net-Fix-error-unwinding-of-XDP-initialization.patch
  (git-fixes CVE-2023-53499 bsc#1250818).
- Update
  patches.suse/watchdog-Fix-kmemleak-in-watchdog_cdev_register.patch
  (git-fixes CVE-2023-53234 bsc#1249784).
- Update
  patches.suse/wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
  (git-fixes CVE-2023-53315 bsc#1250303).
- Update
  patches.suse/wifi-ath9k-don-t-allow-to-overwrite-ENDPOINT0-attrib.patch
  (git-fixes CVE-2023-53185 bsc#1249820).
- Update
  patches.suse/wifi-ath9k-hif_usb-clean-up-skbs-if-ath9k_hif_usb_rx.patch
  (git-fixes CVE-2023-53199 bsc#1249683).
- Update
  patches.suse/wifi-ath9k-verify-the-expected-usb_endpoints-are-pre.patch
  (git-fixes CVE-2022-50297 bsc#1250250).
- Update
  patches.suse/wifi-brcmfmac-Fix-potential-stack-out-of-bounds-in-b.patch
  (git-fixes CVE-2022-50258 bsc#1249947).
- Update
  patches.suse/wifi-brcmfmac-fix-potential-memory-leak-in-brcmf_net.patch
  (git-fixes CVE-2022-50321 bsc#1249706).
- Update
  patches.suse/wifi-brcmfmac-fix-use-after-free-bug-in-brcmf_netdev.patch
  (git-fixes CVE-2022-50408 bsc#1250391).
- Update
  patches.suse/wifi-brcmfmac-slab-out-of-bounds-read-in-brcmf_get_a.patch
  (git-fixes bsc#1209287 CVE-2023-1380 CVE-2023-53213
  bsc#1249918).
- Update
  patches.suse/wifi-cfg80211-Fix-use-after-free-for-wext.patch
  (git-fixes CVE-2023-53153 bsc#1249877).
- Update
  patches.suse/wifi-iwl3945-Add-missing-check-for-create_singlethre.patch
  (git-fixes CVE-2023-53277 bsc#1249936).
- Update
  patches.suse/wifi-iwl4965-Add-missing-check-for-create_singlethre.patch
  (git-fixes CVE-2023-53302 bsc#1249958).
- Update
  patches.suse/wifi-iwlwifi-fw-fix-memory-leak-in-debugfs.patch
  (git-fixes CVE-2023-53422 bsc#1250182).
- Update
  patches.suse/wifi-iwlwifi-mvm-fix-double-free-on-tx-path.patch
  (git-fixes CVE-2022-50248 bsc#1249840).
- Update
  patches.suse/wifi-iwlwifi-pcie-Fix-integer-overflow-in-iwl_write_.patch
  (git-fixes CVE-2023-53524 bsc#1250953).
- Update
  patches.suse/wifi-iwlwifi-pcie-fix-NULL-pointer-dereference-in-iw.patch
  (git-fixes CVE-2023-53251 bsc#1249730).
- Update
  patches.suse/wifi-libertas-fix-memory-leak-in-lbs_init_adapter.patch
  (git-fixes CVE-2022-50294 bsc#1249799).
- Update
  patches.suse/wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
  (git-fixes CVE-2023-53229 bsc#1249650).
- Update
  patches.suse/wifi-mwifiex-Fix-OOB-and-integer-underflow-when-rx-p.patch
  (git-fixes CVE-2023-53226 bsc#1249658).
- Update
  patches.suse/wifi-mwifiex-avoid-possible-NULL-skb-pointer-derefer.patch
  (git-fixes CVE-2023-53384 bsc#1250127).
- Update
  patches.suse/wifi-rtlwifi-Fix-global-out-of-bounds-bug-in-_rtl881.patch
  (git-fixes CVE-2022-50279 bsc#1249751).
- Update
  patches.suse/wifi-rtw89-fix-potential-race-condition-between-napi.patch
  (git-fixes CVE-2023-53452 bsc#1250762).
- Update
  patches.suse/wwan_hwsim-fix-possible-memory-leak-in-wwan_hwsim_de.patch
  (git-fixes CVE-2022-50331 bsc#1249695).
- Update
  patches.suse/x86-fpu-fix-copy_xstate_to_uabi-to-copy-init-states-correctly.patch
  (git-fixes CVE-2022-50425 bsc#1250781).
- Update patches.suse/x86-mce-amd-use-an-u64-for-bank_map.patch
  (git-fixes CVE-2023-53474 bsc#1250842).
- Update
  patches.suse/x86-platform-uv-Use-alternate-source-for-socket-to-n.patch
  (bsc#1215696 bsc#1217790 CVE-2023-53496 bsc#1250905).
- Update patches.suse/xen-gntdev-Prevent-leaking-grants.patch
  (git-fixes CVE-2022-50257 bsc#1249743).
- Update
  patches.suse/xfrm-add-NULL-check-in-xfrm_update_ae_params.patch
  (bsc#1213666 CVE-2023-3772 CVE-2023-53147 bsc#1249880).
- commit 3e8722f

- Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen()
  (CVE-2025-39860 bsc#1250247).
- commit a1c6acf

- HID: asus: fix UAF via HID_CLAIMED_INPUT validation
  (CVE-2025-39824 bsc#1250007).
- commit 4aec876

- net/smc: fix UAF on smcsk after smc_listen_out() (CVE-2025-38734
  bsc#1249324).
- commit fe18faf

- s390/ism: fix concurrency management in ism_cmd() (git-fixes
  bsc#1249266 CVE-2025-39726).
- commit ac040b4

- dmaengine: ti: edma: Fix memory allocation size for
  queue_priority_map (CVE-2025-39869 bsc#1250406).
- commit 9685491

- KVM: x86: use array_index_nospec with indices that come from
  guest (CVE-2025-39823 bsc#1250002).
- commit d9de1fd

- mm/huge_memory: fix dereferencing invalid pmd migration entry
  (CVE-2025-37958 bsc#1243539).
- commit 521422d

- ext4: ignore xattrs past end (bsc#1242846 CVE-2025-37738).
- commit 4630cc6

- fs/buffer: fix use-after-free when call bh_read() helper
  (bsc#1249374 CVE-2025-39691).
- commit 996c520

- Bluetooth: eir: Fix using strlen with
  hdev->{dev_name,short_name} (CVE-2022-50233 bsc#1246968).
- commit 2e1f686

- mm: fix zswap writeback race condition (CVE-2023-53178
  bsc#1249827).
- Refresh
  patches.suse/mm-zswap-properly-synchronize-freeing-resources-duri.patch.
- commit 42ab563

- mm: zswap: fix missing folio cleanup in writeback race path
  (CVE-2023-53178 bsc#1249827 git-fix).
- commit ccc740f

- wifi: mac80211_hwsim: drop short frames (CVE-2023-53321
  bsc#1250313).
- commit 19db60e

- x86/MCE: Always save CS register on AMD Zen IF Poison errors
  (CVE-2023-53438 bsc#1250180).
- commit b12ae2d

- wifi: mac80211: check S1G action frame size (CVE-2023-53257
  bsc#1249869).
- commit 3efa6da

- Limit patch filenames to 100 characters (bsc#1249604).
- commit 34d0532

- kernel-source.spec: Depend on python3-base for build
  Both kernel-binary and kernel-docs already have this dependency.
  Adding it to kernel-source makes it possible to use python in shared
  build scripts.
- commit 72fdedd

- kernel-source: Do not list mkspec and its inputs as sources
  (bsc#1250522).
  This excludes the files from the src.rpm. The next step is to remove
  these files in tar-up so that they do not get uploaded to OBS either.
  As there is only one version of tar-up these files need to be removed
  from all kernels.
- commit e72b8a2

- rpm: Link arch-symbols script from scripts directory.
- commit 90b2abb

- use uniform permission checks for all mount propagation changes
  (git-fixes).
- commit 7dba905

- Refresh
  patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
  A badly done backport/rebase introduced a double free of cfid_put_wq
  workqueue on 'rmmod cifs'.
  The original patch did introduce a memory leak of the workqueue, but
  it's been addressed on a further fix.
  Refreshing this patch to its original form.
- commit d4181c1

- rpm: Link guards script from scripts directory.
- commit e19a893

- Delete ARMv7 configs.
  There is no longer a 5.14 based Leap.
- commit c9e0295

- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
  (bsc#1249200 CVE-2025-38713).
- commit 0f4fe03

- Revert backported patches for bsc#1238160 because the CVSS less than 7.0
- Delete
    patches.suse/Bluetooth-hci_event-Fix-checking-conn-for-le_conn_co.patch.
- Delete
    patches.suse/Bluetooth-hci_event-Fix-checking-for-invalid-handle-.patch.
- Delete
    patches.suse/Bluetooth-hci_event-Ignore-multiple-conn-complete-ev.patch.
  (bsc#1238160 CVE-2022-49138)
- commit 58636bb

- Update config files. (bsc#1249186)
  Enable where we define KABI refs + rely on Kconfig deps.
- commit 40e5ff4

- xfs: rework datasync tracking and execution (bsc#1237449).
- commit 6d2ba43

- ASoC: core: Check for rtd == NULL in
  snd_soc_remove_pcm_runtime() (CVE-2025-38706 bsc#1249195).
- commit 00df3f7

- net, hsr: reject HSR frame if skb can't hold tag (CVE-2025-39703
  bsc#1249315).
- commit 4aa620b

- Revert selinux patches that caused regressions (bsc#1249353)
  Deleted:
  patches.suse/security-lsm-Introduce-security_mptcp_add_subflow.patch
  patches.suse/selinux-Implement-mptcp_add_subflow-hook.patch
- commit 1be528b

- i2c/designware: Fix an initialization issue (git-fixes
  CVE-2025-38380 bsc#1247028).
- commit 3969bae

- kabi/severities: ignore kABI for atheros helper modules
  The symbols are used only internally by atheros drivers.
- commit 35d7d9d

- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
  (CVE-2025-39751 bsc#1249538).
- commit 2fa5c70

- wifi: ath10k: shutdown driver when hardware is unreliable
  (CVE-2025-39746 bsc#1249516).
- commit b79070e

- bus: mhi: host: Detect events pointing to unexpected TREs
  (CVE-2025-39790 bsc#1249548).
- commit 8f23ea7

- netfilter: nf_tables: reject duplicate device on updates
  (CVE-2025-38678 bsc#1249126).
- commit ed53d59

- dmaengine: idxd: Fix refcount underflow on module unload
  (CVE-2025-38014 bsc#1244732).
- commit 7288c92

- Limit patch filenames to 100 characters (bsc#1249604).
- commit 864f4b6

- supported.conf: mark hyperv_drm as external
- hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111).
- commit 2dd0e8c

- kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346)
- commit 40606b5

- fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (bsc#1249220 CVE-2025-38685)
- commit 92b9def

- btrfs: avoid NULL pointer dereference if no valid extent tree
  (bsc#1249158).
- commit 6c3a163

- smb: client: fix use-after-free in crypt_message when using
  async crypto (bsc#1247239, CVE-2025-38488).
- commit 03f19df

- ipv6: reject malicious packets in ipv6_gso_segment()
  (CVE-2025-38572 bsc#1248399).
- net/sched: Restrict conditions for adding duplicating netems
  to qdisc tree (CVE-2025-38553 bsc#1248255).
- commit 27382a9

- rpm: Configure KABI checkingness macro (bsc#1249186)
  The value of the config should match presence of KABI reference data. If
  it mismatches:
- !CONFIG & reference  -> this is bug, immediate fail
- CONFIG & no reference -> OK temporarily, must be resolved eventually
- commit 23c1536

- Kconfig.suse: Add KABI checkiness macro (config) (bsc#1249186)
  The motivation: there are patches.kabi/ patches that restore KABI and
  they check validity of the approach with static_assert()s to prevent
  accidental KABI breakage.
  These asserts are invoked on each arch-flavor and they may signal false
  negatives -- that is KABI restoration patch could break KABI but the
  given arch-flavor defines no KABI.
  The intended use is to disable the compile time checks in patches.kabi/
  (but not to be confused with __GENKSYMS__ that affects how reference is
  calculated).
  The name is chosen so that it mimics HAVE_* macros that are not
  configured manually (but is selected by an arch). In our case it's
  (un)selected by build script depending on whether KABI reference is
  defined for given arch-flavor and whether check is really requested by
  the user. Default value is 'n' so that people building merely via
  Makefile (not RPM with KABI checking) obtain consistent config.
- commit a007049

- gfs2: No more self recovery (bsc#1248639 CVE-2025-38659).
- gfs2: Get rid of gfs2_glock_queue_put in signal_our_withdraw
  (bsc#1248639 CVE-2025-38659).
- commit d2aba16

- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing
  (CVE-2022-49980 bsc#1245110).
- commit b9c8803

- ice: Fix a null pointer dereference in ice_copy_and_init_pkg()
  (CVE-2025-38664 bsc#1248628).
- commit 5eff097

- wifi: mac80211: reject TDLS operations when station is not
  associated (CVE-2025-38644 bsc#1248748).
- commit a8c476b

- vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511
  CVE-2025-38618).
- commit 33452e8

- USB: gadget: Fix obscure lockdep violation for udc_mutex
  (CVE-2022-49980 bsc#1245110).
- commit 25d2f46

- usb: gadget: core: do not try to disconnect gadget if it is
  not connected (CVE-2022-49980 bsc#1245110).
- commit a760fdc

- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (CVE-2025-38184 bsc#1245956)
- commit 9365d7a

- kernel-binary: Another installation ordering fix (bsc#1241353).
- commit fe14ab5

- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
  (CVE-2022-49980 bsc#1245110).
- commit dffc69a

- atm: clip: Fix memory leak of struct clip_vcc (CVE-2025-38546
  bsc#1248223).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
  (CVE-2025-38460 bsc#1247143).
- tls: stop recv() if initial process_rx_list gave us non-DATA
  (CVE-2024-58239 bsc#1248614).
- tls: rx: drop pointless else after goto (CVE-2024-58239
  bsc#1248614).
- commit 47416a2

- x86/sev: Evict cache lines during SNP memory validation
  (CVE-2025-38560 bsc#1248312).
- commit 766631f

- selftests/perf_events: Add a mmap() correctness test
  (CVE-2025-38563 bsc#1248306 selftest).
- commit b58bec8

- perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563
  bsc#1248306).
- commit 30b2db8

- perf/core: Exit early on perf_mmap() fail (CVE-2025-38563
  bsc#1248306 dependency).
- commit 037df8e

- perf/core: Don't leak AUX buffer refcount on allocation failure
  (CVE-2025-38563 bsc#1248306 dependency).
- commit 4273af9

- bpf, ktls: Fix data corruption when using bpf_msg_pop_data()
  in ktls (bsc#1248338 CVE-2025-38608).
- commit 43a92df

- build_bug.h: Add KABI assert (bsc#1249186).
- commit 6e38849

- usb: gadget : fix use-after-free in composite_dev_cleanup()
  (CVE-2025-38555 bsc#1248297).
- commit d29d36a

- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499 bsc#1247976)
- commit 767ab57

- net/packet: fix a race in packet_set_ring() and
  packet_notifier() (CVE-2025-38617 bsc#1248621).
- commit a477bef

- Update config files. Disable N_GSM (jsc#PED-8240, bsc#1244824, CVE-2022-50116)
- commit 98bb21f

- selinux: Implement mptcp_add_subflow hook (bsc#1240375).
- security, lsm: Introduce security_mptcp_add_subflow()
  (bsc#1240375).
- commit 2547a6d

- nvme-multipath: defer partition scanning (bsc#122824 git-fixes
  CVE-2024-53093 bsc#1233640).
- commit 7846c6e

- Move pesign-obs-integration requirement from kernel-syms to kernel devel
  subpackage (bsc#1248108).
- commit e707e41

- NFSv4.1: fix backchannel max_resp_sz verification check
  (bsc#1247518).
- commit 3b06caf

- smb: prevent use-after-free due to open_cached_dir error paths
  (bsc#1234896, CVE-2024-53177).
- commit 99ad7d6

- posix-cpu-timers: fix race between handle_posix_cpu_timers()
  and posix_cpu_timer_del() (bsc#1246911 CVE-2025-38352).
- commit 5c74715

- do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498 bsc#1247374)
- commit 16fc04a

- kabi fix for NFSv4: fairly test all delegations on a SEQ4_
  revocation (bsc#1246211).
- commit 6f389a0

- NFSv4: fairly test all delegations on a SEQ4_ revocation
  (bsc#1246211).
- Refresh
  patches.kabi/kabi-fix-for-NFSv4-Prevent-NULL-pointer-dereference-in.patch.
- Refresh
  patches.suse/NFS-Avoid-unnecessary-rescanning-of-the-per-server-delegation-list.patch.
- Refresh
  patches.suse/NFSv4-Prevent-NULL-pointer-dereference-in-nfs42_complete_copies.patch.
- commit 10bdb9b

- net: atm: fix /proc/net/atm/lec handling (CVE-2025-38180
  bsc#1245970).
- net: atm: add lec_mutex (CVE-2025-38323 bsc#1246473).
- commit d88adbc

- protect the fetch of ->fd[fd] in do_dup2() from mispredictions
  (bsc#1229334 CVE-2024-42265).
- fs: prevent out-of-bounds array speculation when closing a
  file descriptor (CVE-2023-53117 bsc#1242780).
- commit 832757a

- net/sched: sch_qfq: Avoid triggering might_sleep in atomic
  context in qfq_delete_class (CVE-2025-38477 bsc#1247314).
- net/sched: Return NULL when htb_lookup_leaf encounters an
  empty rbtree (CVE-2025-38468 bsc#1247437).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
  (CVE-2025-38477 bsc#1247314).
- net/sched: Always pass notifications when child class becomes
  empty (CVE-2025-38350 bsc#1246781).
- commit 03528bf

- net_sched: Prevent creation of classes with TC_H_ROOT
  (CVE-2025-21971 bsc#1240799).
- commit c846a50

- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- commit b4fa2d1

- Update
  patches.suse/netfilter-nf_set_pipapo_avx2-fix-initial-map-fill.patch
  (git-fixes CVE-2024-57947 bsc#1236333 CVE-2025-38120
  bsc#1245711).
- Update
  patches.suse/powerpc-powernv-memtrace-Fix-out-of-bounds-issue-in-.patch
  (bsc#1244309 ltc#213790 CVE-2025-38088 bsc#1245506).
- Update
  patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
  (CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- commit c5b1aff

- HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494
  bsc#1247349).
- HID: core: ensure the allocated report buffer can contain the
  reserved report ID (CVE-2025-38495 bsc#1247348).
- commit 8b00261

- net: avoid race between device unregistration and ethnl ops
  (CVE-2025-21701 bsc#1237164).
- commit ef7f4cc

- usb: gadget: configfs: Fix OOB read on empty string write
  (CVE-2025-38497 bsc#1247347).
- commit 2908061

- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
  Put the same workaround to avoid file truncation of vmlinux and co in
  kernel-default-base package, too.
- commit 2329734

- rpm/kernel-binary.spec.in: Ignore return code from ksymtypes compare
  When using suse-kabi-tools, the RPM build invokes 'ksymvers compare' to
  compare the resulting symbol CRCs with the reference data. If the values
  differ, it then invokes 'ksymtypes compare' to provide a detailed report
  explaining why the symbols differ. The build expects the latter
  'ksymtypes compare' command to always return zero, even if the two
  compared kABI corpuses are different.
  This is currently the case for 'ksymtypes compare'. However, I plan to
  update the command to return a non-zero code when the comparison detects
  any differences. This should ensure consistent behavior with 'ksymvers
  compare'.
  Since the build uses 'ksymtypes compare' only for more detailed
  diagnostics, ignore its return code.
- commit 5ac1381

- netfilter: nf_tables: mark set as dead when unbinding anonymous
  set with timeout (CVE-2024-26643 bsc#1221829).
- commit 4daa764

- netfilter: allow exp not to be removed in nf_ct_find_expectation
  (CVE-2023-52927 bsc#1239644).
- commit b3f811c

- netfilter: nf_tables: split async and sync catchall in two
  functions (CVE-2023-52923 bsc#1236104).
- Refresh
  patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 11c8f5d

- netfilter: nft_set_hash: unaligned atomic read on struct
  nft_set_ext (CVE-2023-52923 bsc#1236104).
- commit 81059b2

- netfilter: nft_set_rbtree: skip end interval element from gc
  (CVE-2023-52923 bsc#1236104).
- commit f47327b

- netfilter: nf_tables: remove catchall element in GC sync path
  (CVE-2023-52923 bsc#1236104).
- Refresh
  patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 9970986

- netfilter: nf_tables: nft_set_rbtree: fix spurious insertion
  failure (CVE-2023-52923 bsc#1236104).
- commit e63b022

- netfilter: nft_set_hash: skip duplicated elements pending gc
  run (CVE-2023-52923 bsc#1236104).
- commit 828ecf9

- netfilter: nft_set_pipapo: prefer gfp_kernel allocation
  (CVE-2023-52923 bsc#1236104).
- commit 65fa0d6

- netfilter: nft_set_hash: try later when GC hits EAGAIN on
  iteration (CVE-2023-52923 bsc#1236104).
- commit 10f2b11

- net: usb: usbnet: restore usb%d name exception for local mac
  addresses (bsc#1234480 bsc#1246555).
- commit acb1d49

- netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync()
  in catchall GC (CVE-2023-52923 bsc#1236104).
- Refresh
  patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 01a51e7

- netfilter: nft_set_rbtree: use read spinlock to avoid datapath
  contention (CVE-2023-52923 bsc#1236104).
- commit 3a9efbc

- netfilter: nft_set_rbtree: skip sync GC for new elements in
  this transaction (CVE-2023-52923 bsc#1236104).
- commit 20a6d45

- netfilter: nf_tables: defer gc run if previous batch is still
  pending (CVE-2023-52923 bsc#1236104).
- commit 8c98aa6

- netfilter: nf_tables: adapt set backend to use GC transaction
  API (CVE-2023-52923 bsc#1236104).
- Refresh
  patches.suse/netfilter-nf_tables-check-if-catch-all-set-element-i.patch.
- Refresh
  patches.suse/netfilter-nf_tables-don-t-fail-inserts-if-duplicate-has-ex.patch.
- Refresh
  patches.suse/netfilter-nf_tables-fix-kdoc-warnings-after-gc-rewor.patch.
- Refresh
  patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit 84a46c0

- netfilter: nft_set_rbtree: fix overlap expiration walk
  (CVE-2023-52923 bsc#1236104).
- commit 314088b

- netfilter: nft_set_rbtree: fix null deref on element insertion
  (CVE-2023-52923 bsc#1236104).
- commit 5658720

- netfilter: nft_set_rbtree: skip elements in transaction from
  garbage collection (CVE-2023-52923 bsc#1236104).
- commit da32326

- netfilter: nft_set_rbtree: Switch to node list walk for overlap
  detection (CVE-2023-52923 bsc#1236104).
- Refresh
  patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
- commit fb97724

- netfilter: nft_set_rbtree: overlap detection with element
  re-addition after deletion (CVE-2023-52923 bsc#1236104).
- commit 043eda8

- net: sched: fix ordering of qlen adjustment (CVE-2024-53164 bsc#1234863)
- commit 40219c0

- scsi: lpfc: Avoid potential ndlp use-after-free in
  dev_loss_tmo_callbk (CVE-2025-38289 bsc#1246287).
- commit 7088af6

- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
  bsc#1246029).
- commit d87772b

- s390/pkey: Prevent overflow in size calculation for
  memdup_user() (git-fixes CVE-2025-38257 bsc#1246186).
- commit 95d7e4c

- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
  (CVE-2025-38200 bsc#1246045).
- commit 1f55e7a

- Revert "hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431)."
  This reverts commit 42d0bfa0c264cdd972320d70cf30244e83ed6d45.
  Fix requires more work.
- commit bd9ff6c

- Revert "mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race"
  This reverts commit 5ac7828c47ade79e31bb3a63af46f7ba40385d3c.
  Fix requires more work.
  Conflicts:
  series.conf
- commit b735458

- Revert "mm/hugetlb: unshare page tables during VMA split, not before"
  This reverts commit 16c03c20551418e44e64746e1adb153a94eb8624.
  Fix requires more work.
  Conflicts:
  series.conf
- commit 6f94b5c

- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
  (CVE-2025-38181 bsc#1246000).
- commit 84f7580

- vgacon: Add check for vc_origin address range in vgacon_scroll()
  (CVE-2025-38213 bsc#1246037).
- commit 8cddace

- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- commit 630f139

- exfat: fix double free in delayed_free (bsc#1246073
  CVE-2025-38206).
- commit e34f200

- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
  (bsc#1238160 CVE-2022-49138).
- commit 5955361

- Bluetooth: hci_event: Fix checking for invalid handle on error
  status (bsc#1238160 CVE-2022-49138).
- commit bf7f8a7

- Bluetooth: hci_event: Ignore multiple conn complete events
  (bsc#1238160 CVE-2022-49138).
- commit fa787ad

- crypto: algif_hash - fix double free in hash_accept
  (CVE-2025-38079 bsc#1245217).
- commit 6c6cb3d

- net_sched: hfsc: Fix a UAF vulnerability in class handling
  (CVE-2025-37797 bsc#1242417).
- commit 3ddb4b2

- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
  (CVE-2024-53057 bsc#1233551).
- commit 1066e4f

- netfilter: nf_set_pipapo_avx2: fix initial map fill (git-fixes
  CVE-2024-57947 bsc#1236333).
- commit 1758014

- netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947
  bsc#1236333).
- commit 233ce6a

- rpm: Drop support for kabi/arch/ignore-flavor (bsc#1249186)
  It's not used in any active branches and it cannot solve contemporary
  problems.
- commit f86a16a
krb5
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
  enctypes unless new special options "allow_des3" or "allow_rc4"
  are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0013-CVE-2025-3576.patch
avahi
- Add avahi-CVE-2024-52615.patch:
  Backport 4e2e1ea from upstream, Resolve fixed source ports for
  wide-area DNS queries cause DNS responses be injected.
  (CVE-2024-52615, bsc#1233421)
expat
- Fix CVE-2025-59375 / bsc#1249584.
- Add patch file:
  * CVE-2025-59375.patch
gcc14
- Exclude shared objects present for link editing in the GCC specific
  subdirectory from provides processing via __provides_exclude_from.
  [bsc#1244050][bsc#1243991]

- Make cross-*-gcc14-bootstrap package conflict with the non-bootstrap
  variant conflict with the unversioned cross-*-gcc package.

- Disable build of glibc cross to loongarch64 and hppa in SLFO
  and SLE15.

- Update to GCC 14.3 release, bb24b4c804f3d95b0ba95b7496, git11799
- Remove gcc14-pr120061.patch which is now included upstream.

- Add gcc14-pr120061.patch to fix the PR108900 fix instead of
  reverting it.
- Remove gcc14-pr108900.patch

- Add gcc14-pr108900.patch to revert it, fixing libqt6webengine build.

- Update to gcc-14 branch head, 3418d740b344e0ba38022f3be, git11702
  * Remove gcc14-pr118780.patch now on the upstream branch
- Fix build on s390x [bsc#1241549]

- Make sure link editing is done against our own shared library
  copy rather than the installed system runtime.  [bsc#1240788]
- Add gcc14-pr119680.patch to fix cross-compiler builds with
  - -enable-host-pie.
libgcrypt
- Security fix [bsc#1221107, CVE-2024-2236]
  * Add --enable-marvin-workaround to spec to enable workaround
  * Fix  timing based side-channel in RSA implementation ( Marvin attack )
  * Add libgcrypt-CVE-2024-2236_01.patch
  * Add libgcrypt-CVE-2024-2236_02.patch
  * Add libgcrypt-CVE-2024-2236_03.patch
gnutls
- Fix heap buffer overread when handling the CT SCT extension during X.509
  certificate parsing [bsc#1246233, CVE-2025-32989]
  * Add patch gnutls-CVE-2025-32989.patch
- Fix double-free due to incorrect ownership handling in the export logic of
  SAN entries containing an otherName [bsc#1246232, CVE-2025-32988]
  * Add patch gnutls-CVE-2025-32988.patch
- Fix 1-byte heap buffer overflow when parsing templates with certtool
  [bsc#1246267, CVE-2025-32990]
  * Add patch gnutls-CVE-2025-32990.patch
- Fix NULL pointer dereference when 2nd Client Hello omits PSK
  [bsc#1246299, CVE-2025-6395]
  * Add patch gnutls-CVE-2025-6395.patch
openssl-1_1
- Security fix: [bsc#1250232 CVE-2025-9230]
  * Fix out-of-bounds read & write in RFC 3211 KEK unwrap
  * Add patch openssl3-CVE-2025-9230.patch
polkit
- CVE-2025-7519: Fixed that a XML policy file with a large number of
  nested elements may lead to out-of-bounds write (bsc#1246472)
  added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
python311
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
  validates archives to ensure member offsets are non-negative
  (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
python3
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
  validates archives to ensure member offsets are non-negative
  (gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).

- Add CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
  Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138,
  CVE-2024-12718, CVE-2025-4435 on tarfile (bsc#1244032,
  bsc#1244061, bsc#1244059, bsc#1244060, bsc#1244056).
  The backported fixes do not contain changes for ntpath.py and
  related tests, because the support for symlinks and junctions
  were added later in Python 3.9, and it does not make sense to
  backport them to 3.6 here.
  The patch is contains the following changes:
  - python@42deeab fixes symlink handling for tarfile.data_filter
  - python@9d2c2a8 fixes handling of existing files/symlinks in tarfile
  - python@00af979 adds a new "strict" argument to realpath()
  - python@dd8f187 fixes mulriple CVE fixes in the tarfile module
  - downstream only fixes that makes the changes work and
    compatible with Python 3.6
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
  case quadratic complexity when processing certain crafted
  malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).

- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
  migration, bsc#1233012

- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
  update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
  size for IPv6 address parsing (gh#python/cpython#128840,
  bsc#1244401).
- Update CVE-2025-4516-DecodeError-handler.patch not to break
  _PyBytes_DecodeEscape signature.

- Add CVE-2025-4516-DecodeError-handler.patch fixing
  CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
  vulnerability, which could lead to DoS.
ruby2.5
- update suse.patch to 3f3682bf07fcd4f2fa875958853d3843ee7dcdb9
  - fix remote DoS via YAML manifest
    bsc#1225905 CVE-2024-35221

- update suse.patch to c76fb820676cfded16c697a62281a3bfeb8e4bb1
  - fix webrick: Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
    bsc#1245254 CVE-2025-6442

- update suse.patch to 5d79fc609c5761864aec47e1ae4796b93db99104
  - fix ruby: userinfo leakage in URI#join, URI#merge and URI#+
    bsc#1237805 CVE-2025-27221
libsolv
- add support for product-obsoletes() provides in the product
  autopackage generation code
- bump version to 0.7.34

- improve transaction ordering by allowing more uninst->uninst
  edges [bsc#1243457]
- implement color filtering when adding update targets
- support orderwithrequires dependencies in susedata.xml
- bump version to 0.7.33
sqlite3
- Backpatch the URLs in sqlite3.n from https to http to avoid a
  file conflict with the tcl package on SLE-15-GA up to SP2. In
  SP3 and onwards the Tcl package does not contain the sqlite
  extension anymore.

- Sync version 3.50.2 from Factory:
  * CVE-2025-6965, bsc#1246597:
    Raise an error early if the number of aggregate terms in a
    query exceeds the maximum number of columns, to avoid
    downstream assertion faults.
  * Add subpackage for the lemon parser generator.
    + sqlite-3.49.0-fix-lemon-missing-cflags.patch
    + sqlite-3.6.23-lemon-system-template.patch
systemd
- Start the systemd-coredump.socket unit on systemd-coredump package
  installation.
- Restore the kernel default values of the coredump sysctl settings on
  systemd-coredump package removal.

- Import commit 6b9681f9bb313728baa3ff0c16814eb33516cd54
  a474df9866 coredump: get rid of a bogus assertion
  d4546562f8 coredump: use %d in kernel core pattern (bsc#1243935 CVE-2025-4598)
  a5784c2856 coredump: get rid of _META_MANDATORY_MAX
  dbaa7bc4bd coredump: restore compatibility with older patterns
  32b6cd311f basic/macro: add macro to iterate variadic args

- Apply coredump sysctl settings on systemd-coredump updates/removals
libxml2
- security update
- added patches
  CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
  + libxml2-CVE-2025-7425.patch
libzypp
- runposttrans: strip root prefix from tmppath (bsc#1250343)
- fixup! Make ld.so ignore the subarch packages during install
  (bsc#1246912)
- version 17.37.18 (35)

- Make ld.so ignore the subarch packages during install
  (bsc#1246912)
- version 17.37.17 (35)

- Fix evaluation of libproxy results (bsc#1247690)
- Replace URL variables inside mirrorlist/metalink files
  (fixes #667)
- version 17.37.16 (35)

- Append RepoInfo::path() to the mirror URLs in Preloader
  (bsc#1247054)
- version 17.37.15 (35)

- During installation indicate the backend being used (bsc#1246038)
  If some package actually needs to know, it should test for
  ZYPP_CLASSIC_RPMTRANS being set in the environment.
  Otherwise the transaction is driven by librpm.
- version 17.37.14 (35)

- Workaround 'rpm -vv' leaving scriptlets /var/tmp (bsc#1218459)
- Verbose log libproxy results if PX_DEBUG=1 is set.
- BuildRequires:  cmake >= 3.17.
- version 17.37.13 (35)

- Allow explicit request to probe an added repo's URL
  (bsc#1246466)
- Fix tests with -DISABLE_MEDIABACKEND_TESTS=1 (fixes #661)
- version 17.37.12 (35)

- Add runtime check for a broken rpm-4.18.0 --runpostrans
  (bsc#1246149)
- Add regression test for bsc#1245220 and some other filesize
  related tests.
- version 17.37.11 (35)

- BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486)
  Newer rpm versions no longer allow a ':' in rpm package names or
  obsoletes. So injecting an
    Obsoletes: product:oldproductname < oldproductversion
  into the -release package to indicate a product rename is no longer
  possible.
  Since libsolv-0.7.34 you can and should use:
    Provides: product-obsoletes(oldproductname) < oldproductversion
  in the -release package. libsolv will then inject the appropriate
  Obsoletes into the Product.
- version 17.37.10 (35)

- Ignore DeltaRpm download errors (bsc#1245672)
  DeltaRpms are in fact optional resources. In case of a failure
  the full rpm is downloaded.
- Improve fix for incorrect filesize handling (bsc#1245220)
- version 17.37.9 (35)

- Do not trigger download data exceeded errors on HTTP non data
  responses (bsc#1245220)
  In some cases a HTTP 401 or 407 did trigger a "filesize exceeded"
  error, because the response payload size was compared against the
  expected filesize. This patch adds some checks if the response
  code is in the success range and only then takes expected
  filesize into account. Otherwise the response content-length is
  used or a fallback of 2Mb if no content-length is known.
- version 17.37.8 (35)

- Fix SEGV in MediaDISK handler (bsc#1245452)
- Explicitly selecting DownloadAsNeeded also selects the
  classic_rpmtrans backend.
  DownloadAsNeeded can not be combined with the rpm singletrans
  installer backend because a rpm transaction requires all package
  headers to be available the the beginning of the transaction. So
  explicitly selecting this mode also turns on the classic_rpmtrans
  backend.
- Fix evaluation of libproxy results (bsc#1244710)
- version 17.37.7 (35)

- Enhancements regarding mirror handling during repo refresh.
  Added  means to disable the use of mirrors when downloading
  security relevant files. Requires updaing zypper to 1.14.91.
- Fix autotestcase writer if ZYPP_FULLLOG=1 (bsc#1244042)
  If ZYPP_FULLLOG=1 a solver testcase to
  "/var/log/YaST2/autoTestcase" should be written for each solver
  run. There was no testcase written for the very first solver run.
  This is now fixed.
- Pass $1==2 to %posttrans script if it's an update (bsc#1243279)
- version 17.37.6 (35)
net-tools
- Drop 0002-Do-not-warn-about-interface-socket-not-binded.patch. It
  worked around a net-tools-1.60 specific problem, that does not
  happen in net-tools-2.10. It is more harmful than useful, as it
  can hide real problems. (bsc#430864#c15,
  https://github.com/ecki/net-tools/issues/32#issuecomment-3265471116).

- Drop 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch. It
  was net-tools-1.60 specific leak fix and breaks netrom in
  net-tools-2.10 (bnc#544339#c2).

- Drop old Fedora patch 0006-Allow-interface-stacking.patch. It
  provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
  by the upstream in 2025 in a different way. Revert interferring
  net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
  GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
  GHSA-w7jq-cmw2-cq59,
  net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
  net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
  net-tools-ax25+netrom-overflow-1.patch,
  net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
  not accepted by the kernel, because it was always possible up to
  CVE-2025-46836 fix. But issue a warning about an interface name
  concatenation (bsc#1248410,
  net-tools-ifconfig-long-name-warning.patch).

- Provide more readable error for interface name size checking
  introduced by net-tools-CVE-2025-46836.patch
  (bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).

- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).

- Perform bound checks when parsing interface labels in
  /proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
  net-tools-CVE-2025-46836.patch,
  net-tools-CVE-2025-46836-regression.patch).
pam
- Make sure that the buffer containing encrypted passwords get's erased
  bedore free.
- Replace to previous CVE fix which led to CPU performance issues.
  [bsc#1246221, CVE-2024-10041,
  + libpam-introduce-secure-memory-erasure-helpers.patch
  + pam_modutil_get-overwrite-password-at-free.patch
  - passverify-always-run-the-helper-to-obtain-shadow_pwd.patch]
permissions
- Update to version 20201225:
  * permissions: remove unnecessary static dirs and devices (bsc#1235873)

- Update to version 20201225:
  * nvidia-modprobe: SLE-15-SP4 backport (bsc#1246776)
python-appdirs
- Add python36-appdirs provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-asn1crypto
- Add python36-asn1crypto provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-attrs
- Add python36-attrs provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-certifi
- Add python36-certifi provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-chardet
- Add python36-chardet provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python3-cryptography
- Add python36-cryptography provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
- Skipping failing test
python-idna
- Add python36-idna provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-importlib-metadata
- Add python36-importlib-metadata provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python3-more-itertools
- Add python36-more-itertools provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-packaging
- Add python36-packaging provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-ply
- Add python36-ply provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python3-pyOpenSSL
- Add python36-pyOpenSSL provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-pyasn1
- Add python36-pyasn1 provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-pycparser
- Add python36-pycparser provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-pyparsing
- Add python36-pyparsing provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-pytz
- Add python36-pytz provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-py
- Add python36-py provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-requests
- Add python36- provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python3-setuptools
- Add python36-setuptools provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-six
- Add python36-six provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-urllib3
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
  * Pool managers now properly control redirects when retries is passed
    (CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)

- Add python36-urllib3 provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
python-zipp
- Add python36-zipp provides/obsoletes to enable SLE-12 ->
  SLE-15 migration, bsc#1233012
regionServiceClientConfigEC2
- Update to version 5.0.0 (bsc#1246995)
  + SLE 16 python-requests requiers SSL v3 certificates. Update 2
    region server certs to support SLE 16 when it gets released.

- Update dependency to accomodate metadata binary package name change
  in SLE 16 (bsc#1243419)
release-notes-sles
- 15.5.20250821 (tracked in bsc#933411)
- Added note about 4096-bit signing key (jsc#PED-8000)
- Added note about new systems management module (jsc#PED-12703)
samba
- CVE-2025-9640: fix vfs_streams_xattr uninitialized memory write;
  (bsc#1251279);(bso#15885).
- CVE-2025-10230: fix command Injection in WINS Server Hook Script;
  (bsc#1251280);(bso#15903).
000release-packages:sle-module-basesystem-release
n/a
000release-packages:sle-module-containers-release
n/a
000release-packages:sle-module-desktop-applications-release
n/a
000release-packages:sle-module-development-tools-release
n/a
000release-packages:sle-module-public-cloud-release
n/a
000release-packages:sle-module-server-applications-release
n/a
suse-build-key
- adjust UID (name + email) of SLES16 signing key with official
  names. (bsc#1245223)
suse-module-tools
- Update to version 15.5.7:
  * add blacklist entry for reiserfs (jsc#PED-6167)
  * Add more modules to file system blacklist (jsc#PED-6167)
  * Add hfsplus to file system blacklist (bsc#1240950, jsc#PED-12632)

- Update to version 15.5.6:
  * udevrules: activate CPUs on hotplug for s390, too (bsc#1224400)
sysconfig
- version 0.85.10
  * codespell run for all repository files and changes file
  * spec: define permissions for ghost file attrs to avoid
    rpm --restore resets them to 0 (bsc#1237595).
  * spec: fix name-repeated-in-summary rpmlint warning
systemd-presets-branding-SLE
- enable sysstat_collect.timer and sysstat_summary.timer [bsc#1244553]
  and [bsc#1246835]
- modified sources
  % default-SLE.preset
systemd-rpm-macros
- Bump version to 16

- Introduce %udev_trigger_with_reload() for packages that need to trigger events
  in theirs scriplets. The new macro automatically triggers a reload of the udev
  rule files as this step is often overlooked by packages (bsc#1237143).
vim
- Fix the following CVEs and bugs:
  * bsc#1246602 (CVE-2025-53906)
  * bsc#1246604 (CVE-2025-53905)
  * bsc#1247939 (CVE-2025-55158)
  * bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
  9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
  9.1.1628: fuzzy.c has a few issues
  9.1.1627: fuzzy matching can be improved
  9.1.1626: cindent: does not handle compound literals
  9.1.1625: Autocompletion slow with include- and tag-completion
  9.1.1624: Cscope not enabled on MacOS
  9.1.1623: Buffer menu does not handle unicode names correctly
  9.1.1622: Patch v9.1.1432 causes performance regressions
  9.1.1621: flicker in popup menu during cmdline autocompletion
  9.1.1620: filetype: composer.lock and symfony.lock files not recognized
  9.1.1619: Incorrect E535 error message
  9.1.1618: completion: incorrect selected index returned from complete_info()
  9.1.1617: Vim9: some error messages can be improved
  9.1.1616: xxd: possible buffer overflow with bitwise output
  9.1.1615: diff format erroneously detected
  9.1.1614: Vim9: possible variable type change
  9.1.1613: tests: test_search leaves a few swapfiles behind
  9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
  9.1.1611: possible undefined behaviour in mb_decompose()
  9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
  9.1.1609: complete: Heap-buffer overflow with complete function
  9.1.1608: No command-line completion for :unsilent {command}
  9.1.1607: :apple command detected as :append
  9.1.1606: filetype: a few more files are not recognized
  9.1.1605: cannot specify scope for chdir()
  9.1.1604: completion: incsearch highlight might be lost
  9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
  9.1.1602: filetype: requirements-*.txt files are not recognized
  9.1.1601: Patch v8.1.0425 was wrong
  9.1.1600: using diff anchors with hidden buffers fails silently
  9.1.1599: :bnext doesn't go to unlisted help buffers
  9.1.1598: filetype: waybar config file is not recognized
  9.1.1597: CI reports leaks in libgtk3 library
  9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
  9.1.1595: Wayland: non-portable use of select()
  9.1.1594: completion: search completion throws errors
  9.1.1593: Confusing error when compiling incomplete try block
  9.1.1592: Vim9: crash with classes and garbage collection
  9.1.1591: VMS support can be improved
  9.1.1590: cannot perform autocompletion
  9.1.1589: Cannot disable cscope interface using configure
  9.1.1588: Vim9: cannot split dict inside command block
  9.1.1587: Wayland: timeout not updated before select()
  9.1.1586: Vim9: can define an enum/interface in a function
  9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
  9.1.1584: using ints as boolean type
  9.1.1583: gvim window lost its icons
  9.1.1582: style issue in vim9type.c and vim9generics.c
  9.1.1581: possible memory leak in vim9generics.c
  9.1.1580: possible memory leak in vim9type.c
  9.1.1579: Coverity complains about unchecked return value
  9.1.1578: configure: comment still mentions autoconf 2.71
  9.1.1577: Vim9: no generic support yet
  9.1.1576: cannot easily trigger wildcard expansion
  9.1.1575: tabpanel not drawn correctly with wrapped lines
  9.1.1574: Dead code in mbyte.c
  9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
  9.1.1572: expanding $var does not escape whitespace for 'path'
  9.1.1571: CmdlineChanged triggered to often
  9.1.1570: Copilot suggested some improvements in cmdexpand.c
  9.1.1569: tests: Vim9 tests can be improved
  9.1.1568: need a few more default highlight groups
  9.1.1567: crash when using inline diff mode
  9.1.1566: self-referenced enum may not get freed
  9.1.1565: configure: does not consider tiny version for wayland
  9.1.1564: crash when opening popup to closing buffer
  9.1.1563: completion: ruler may disappear
  9.1.1562: close button always visible in the 'tabline'
  9.1.1561: configure: wayland test can be improved
  9.1.1560: configure: uses $PKG_CONFIG before it is defined
  9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
  9.1.1558: str2blob() treats NULL string and empty string differently
  9.1.1557: not possible to anchor specific lines in difff mode
  9.1.1556: string handling in cmdexpand.c can be improved
  9.1.1555: completion: repeated insertion of leader
  9.1.1554: crash when omni-completion opens command-line window
  9.1.1553: Vim9: crash when accessing a variable in if condition
  9.1.1552: [security]: path traversal issue in tar.vim
  9.1.1551: [security]: path traversal issue in zip.vim
  9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
  9.1.1549: filetype: pkl files are not recognized
  9.1.1548: filetype: OpenFGA files are not recognized
  9.1.1547: Wayland: missing ifdef
  9.1.1546: Vim9: error with has() and short circuit evaluation
  9.1.1545: typo in os_unix.c
  9.1.1544: :retab cannot be limited to indentation only
  9.1.1543: Wayland: clipboard appears to not be working
  9.1.1542: Coverity complains about uninitialized variable
  9.1.1541: Vim9: error when last enum value ends with a comma
  9.1.1540: completion: menu state wrong on interruption
  9.1.1539: completion: messages don't respect 'shm' setting
  9.1.1537: helptoc: still some issues when markdown code blocks
  9.1.1536: tests: test_plugin_comment uses wrong :Check command
  9.1.1535: the maximum search count uses hard-coded value 99
  9.1.1534: unnecessary code in tabpanel.c
  9.1.1533: helptoc: does not handle code sections in markdown well
  9.1.1532: termdebug: not enough ways to configure breakpoints
  9.1.1531: confusing error with nested legacy function
  9.1.1530: Missing version change in v9.1.1529
  9.1.1529: Win32: the toolbar in the GUI is old and dated
  9.1.1528: completion: crash with getcompletion()
  9.1.1527: Vim9: Crash with string compound assignment
  9.1.1526: completion: search completion match may differ in case
  9.1.1525: tests: testdir/ is a bit messy
  9.1.1524: tests: too many imports in the test suite
  9.1.1523: tests: test_clipmethod fails in non X11 environment
  9.1.1522: tests: still some ANSI escape sequences in test output
  9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
  9.1.1520: completion: search completion doesn't handle 'smartcase' well
  9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
  9.1.1518: getcompletiontype() may crash
  9.1.1517: filetype: autopkgtest files are not recognized
  9.1.1516: tests: no test that 'incsearch' is updated after search completion
  9.1.1515: Coverity complains about potential unterminated strings
  9.1.1514: Coverity complains about the use of tmpfile()
  9.1.1513: resizing Vim window causes unexpected internal window width
  9.1.1512: completion: can only complete from keyword characters
  9.1.1511: tests: two edit tests change v:testing from 1 to 0
  9.1.1510: Search completion may use invalid memory
  9.1.1509: patch 9.1.1505 was not good
  9.1.1508: string manipulation can be improved in cmdexpand.c
  9.1.1507: symlinks are resolved on :cd commands
  9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
  9.1.1505: not possible to return completion type for :ex command
  9.1.1504: filetype: numbat files are not recognized
  9.1.1503: filetype: haxe files are not recognized
  9.1.1502: filetype: quickbms files are not recognized
  9.1.1501: filetype: flix files are not recognized
  9.1.1500: if_python: typo in python error variable
  9.1.1499: MS-Windows: no indication of ARM64 architecture
  9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
  9.1.1497: Link error with shm_open()
  9.1.1496: terminal: still not highlighting empty cells correctly
  9.1.1495: Wayland: uses $XDG_SEAT to determine seat
  9.1.1494: runtime(tutor): no French translation for Chapter 2
  9.1.1493: manually comparing positions on buffer
  9.1.1492: tests: failure when Wayland compositor fails to start
  9.1.1491: missing out-of-memory checks in cmdexpand.c
  9.1.1490: 'wildchar' does not work in search contexts
  9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
  9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
  9.1.1487: :cl doesn't invoke :clist
  9.1.1486: documentation issues with Wayland
  9.1.1485: missing Wayland clipboard support
  9.1.1484: tests: Turkish locale tests fails on Mac
  9.1.1483: not possible to translation position in buffer
  9.1.1482: scrolling with 'splitkeep' and line()
  9.1.1481: gcc complains about uninitialized variable
  9.1.1480: Turkish translation outdated
  9.1.1479: regression when displaying localized percentage position
  9.1.1478: Unused assignment in ex_uniq()
  9.1.1476: no easy way to deduplicate text
  9.1.1476: missing out-of-memory checks in cmdexpand.c
  9.1.1475: completion: regression when "nearest" in 'completeopt'
  9.1.1474: missing out-of-memory check in mark.c
  9.1.1473: inconsistent range arg for :diffget/diffput
  9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
  9.1.1471: completion: inconsistent ordering with CTRL-P
  9.1.1470: use-after-free with popup callback on error
  9.1.1469: potential buffer-underflow with invalid hl_id
  9.1.1468: filetype: bright(er)script files are not recognized
  9.1.1467: too many strlen() calls
  9.1.1466: filetype: not all lex files are recognized
  9.1.1465: tabpanel: not correctly drawn with 'equalalways'
  9.1.1464: gv does not work in operator-pending mode
  9.1.1463: Integer overflow in getmarklist() after linewise operation
  9.1.1462: missing change from patch v9.1.1461
  9.1.1461: tabpanel: tabpanel vanishes with popup menu
  9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
  9.1.1459: xxd: coloring output is inefficient
  9.1.1458: tabpanel: tabs not properly updated with 'stpl'
  9.1.1457: compile warning with tabpanelopt
  9.1.1456: comment plugin fails toggling if 'cms' contains \
  9.1.1455: Haiku: dailog objects created with no reference
  9.1.1454: tests: no test for pum at line break position
  9.1.1453: tests: Test_geometry() may fail
  9.1.1452: completion: redundant check for completion flags
  9.1.1451: tabpanel rendering artifacts when scrolling
  9.1.1450: Session has wrong arglist with :tcd and :arglocal
  9.1.1449: typo in pum_display()
  9.1.1448: tabpanel is not displayed correctly when msg_scrolled
  9.1.1447: completion: crash when backspacing with fuzzy completion
  9.1.1446: filetype: cuda-gdb config files are not recognized
  9.1.1445: negative matchfuzzy scores although there is a match
  9.1.1444: Unused assignment in set_fuzzy_score()
  9.1.1443: potential buffer underflow in insertchar()
  9.1.1442: tests: Test_diff_fold_redraw() is insufficient
  9.1.1441: completion: code can be improved
  9.1.1440: too many strlen() calls in os_win32.c
  9.1.1439: Last diff folds not merged
  9.1.1438: tests: Test_breakindent_list_split() fails
  9.1.1437: MS-Windows: internal compile error in uc_list()
  9.1.1436: GUI control code is displayed on the console on startup
  9.1.1435: completion: various flaws in fuzzy completion
  9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
  9.1.1433: Unnecessary :if when writing session
  9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
  9.1.1431: Hit-Enter Prompt when loading session files
  9.1.1430: tabpanel may flicker in the GUI
  9.1.1429: dragging outside the tabpanel changes tabpagenr
  9.1.1428: completion: register completion needs cleanup
  9.1.1427: rendering artifacts with the tabpanel
  9.1.1426: completion: register contents not completed
  9.1.1425: tabpanel: there are still some problems with the tabpanel
  9.1.1424: PMenu selection broken with multi-line selection and limits
  9.1.1423: :tag command not working correctly using Vim9 Script
  9.1.1422: scheduling of complete function can be improved
  9.1.1421: tests: need a test for the new-style tutor.tutor
  9.1.1420: tests: could need some more tests for shebang lines
  9.1.1419: It is difficult to ignore all but some events
  9.1.1418: configures GUI auto detection favors GTK2
  9.1.1417: missing info about register completion in complete_info()
  9.1.1416: completion limits not respected for fuzzy completions
  9.1.1415: potential use-after free when there is an error in 'tabpanel'
  9.1.1414: MS-Windows: compile warnings in os_win32.c
  9.1.1413: spurious CursorHold triggered in GUI on startup
  9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
  9.1.1411: crash when calling non-existing function for tabpanel
  9.1.1410: out-of-bounds access with 'completefunc'
  9.1.1409: using f-flag in 'complete' conflicts with Neovim
  9.1.1408: not easily possible to complete from register content
  9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
zypper
- Fixed `bash-completion`: `zypper refresh` now ignores
  repository priority lines.
- Changes to support building against restructured libzypp in
  stack build (bsc#1230267)
- version 1.14.94

- Fix addrepo to handle explicit --check and --no-check requests
  (bsc#1246466)
- Accept "show" as alias for "info" (bsc#1245985)
- version 1.14.93

- sh: Reset solver options after command (bsc#1245496)
- Explicitly selecting DownloadAsNeeded also selects the
  classic_rpmtrans backend.
- version 1.14.92

- BuildRequires:  libzypp-devel >= 17.37.6.
  Enhancements regarding mirror handling during repo refresh. Adapt
  to libzypp API changes. (bsc#1230267)
- version 1.14.91