- aaa_base
-
- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
* If a user switches the login shell respect the already set
PATH environment (bsc#1235481)
- add patch aaa_base-rc.status.patch (bsc#1236033)
(no git, file is gone in factory/tumbleweed)
update detection for systemd in rc.status, mountpoint for
cgroup changed with cgroup2, so just check if pid 1 is systemd
- apparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- ca-certificates-mozilla
-
- revert the distrusted certs for now. originally these only
distrust "new issued" certs starting after a certain date,
while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed
- cifs-utils
-
- Add patches:
* 0001-cifs.upcall-correctly-treat-UPTARGET_UNSPECIFIED-as-.patch
(bsc#1243488)
* 0001-mount.cifs-retry-mount-on-EINPROGRESS.patch
- CVE-2025-2312: cifs-utils: cifs.upcall makes an upcall to the wrong
namespace in containerized environments while trying to get Kerberos
credentials (bsc#1239680)
* add New-mount-option-for-cifs.upcall-namespace-reso.patch
- cloud-netconfig
-
- Update to version 1.15
+ Add support for creating IPv6 default route in GCE (bsc#1240869)
+ Minor fix when looking up IPv6 default route
- cloud-regionsrv-client
-
- Update version to 10.4.0
+ Remove repositories when the package is being removed
We do not want to leave repositories behind refering to the plugin that
is being removed when the package gets removed (bsc#1240310, bsc#1240311)
+ Turn docker into an optional setup (jsc#PCT-560)
Change the Requires into a Recommends and adapt the code accordingly
+ Support flexible licenses in GCE (jsc#PCT-531)
+ Drop the azure-addon package it is geting replaced by the
license-watcher package which has a generic implementation of the
same functionality.
+ Handle cache inconsistencies (bsc#1218345)
+ Properly handle the zypper root target argument (bsc#1240997)
- containerd
-
- Update to containerd v1.7.27. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.27>
bsc#1239749 CVE-2024-40635
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.26. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.26>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.25. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.25>
<https://github.com/containerd/containerd/releases/tag/v1.7.24>
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- lvm2
-
- LVM filter behaves unexpectedly for MPIO devices in SLES15SP5 (bsc#1216938)
* set lvm.conf devices.multipath_wwids_file=""
- docker
-
[ This update is a no-op, only needed to work around unfortunate automated
packaging script behaviour on SLES. ]
- The following patches were removed in openSUSE in the Docker 28.1.1-ce
update, but the patch names were later renamed in a SLES-only update before
Docker 28.1.1-ce was submitted to SLES.
This causes the SLES build scripts to refuse the update because the patches
are not referenced in the changelog. There is no obvious place to put the
patch removals (the 28.1.1-ce update removing the patches chronologically
predates their renaming in SLES), so they are included here a dummy changelog
entry to work around the issue.
- 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to docker-buildx v0.25.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.25.0>
- Do not try to inject SUSEConnect secrets when in Rootless Docker mode, as
Docker does not have permission to access the host zypper credentials in this
mode (and unprivileged users cannot disable the feature using
/etc/docker/suse-secrets-enable.) bsc#1240150
* 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- Rebase patches:
* 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
* 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
[NOTE: This update was only ever released in SLES and Leap.]
- Always clear SUSEConnect suse_* secrets when starting containers regardless
of whether the daemon was built with SUSEConnect support. Not doing this
causes containers from SUSEConnect-enabled daemons to fail to start when
running with SUSEConnect-disabled (i.e. upstream) daemons.
This was a long-standing issue with our secrets support but until recently
this would've required migrating from SLE packages to openSUSE packages
(which wasn't supported). However, as SLE Micro 6.x and SLES 16 will move
away from in-built SUSEConnect support, this is now a practical issue users
will run into. bsc#1244035
+ 0001-SECRETS-SUSE-always-clear-our-internal-secrets.patch
- Rearrange patches:
- 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
+ 0002-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
- 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
+ 0003-SECRETS-SUSE-implement-SUSE-container-secrets.patch
- 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
+ 0004-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
- 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
+ 0005-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
- 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
+ 0006-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
+ 0007-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
+ 0008-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- Update to Docker 28.2.2-ce. See upstream changelog online at
<https://github.com/moby/moby/releases/tag/v28.2.2>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to Docker 28.2.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2820> bsc#1243833
<https://github.com/moby/moby/releases/tag/v28.2.1>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Update to docker-buildx v0.24.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.24.0>
- Update to Docker 28.1.1-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/28/#2811> bsc#1242114
Includes upstream fixes:
- CVE-2025-22872 bsc#1241830
- Remove long-outdated build handling for deprecated and unsupported
devicemapper and AUFS storage drivers. AUFS was removed in v24, and
devicemapper was removed in v25.
<https://docs.docker.com/engine/deprecated/#aufs-storage-driver>
- Rebase patches:
* 0001-SECRETS-daemon-allow-directory-creation-in-run-secre.patch
* 0002-SECRETS-SUSE-implement-SUSE-container-secrets.patch
* 0003-BUILD-SLE12-revert-graphdriver-btrfs-use-kernel-UAPI.patch
* 0004-bsc1073877-apparmor-clobber-docker-default-profile-o.patch
* 0005-SLE12-revert-apparmor-remove-version-conditionals-fr.patch
- Remove upstreamed patches:
- 0006-CVE-2025-22868-vendor-jws-split-token-into-fixed-num.patch
- 0007-CVE-2025-22869-vendor-ssh-limit-the-size-of-the-inte.patch
- cli-0001-docs-include-required-tools-in-source-tree.patch
- Update to docker-buildx v0.23.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.23.0>
- Update to docker-buildx v0.22.0. Upstream changelog:
<https://github.com/docker/buildx/releases/tag/v0.22.0>
* Includes fixes for CVE-2025-0495. bsc#1239765
- Disable transparent SUSEConnect support for SLE-16. PED-12534
When this patchset was first added in 2013 (and rewritten over the years),
there was no upstream way to easily provide SLE customers with a way to build
container images based on SLE using the host subscription. However, with
docker-buildx you can now define secrets for builds (this is not entirely
transparent, but we can easily document this new requirement for SLE-16).
Users should use
RUN --mount=type=secret,id=SCCcredentials zypper -n ...
in their Dockerfiles, and
docker buildx build --secret id=SCCcredentials,src=/etc/zypp/credentials.d/SCCcredentials,type=file .
when doing their builds.
- Now that the only blocker for docker-buildx support was removed for SLE-16,
enable docker-buildx for SLE-16 as well. PED-8905
- glib2
-
- Add glib2-CVE-2025-3360.patch:
Backport 8d60d7dc from upstream, Fix integer overflow when
parsing very long ISO8601 inputs. This will only happen with
invalid (or maliciously invalid) potential ISO8601 strings,
but `g_date_time_new_from_iso8601()` needs to be robust against
that.
(CVE-2025-3360, bsc#1240897)
- glibc
-
- static-setuid-ld-library-path.patch: elf: Ignore LD_LIBRARY_PATH and
debug env var for setuid for static (CVE-2025-4802, bsc#1243317)
- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
[#25847])
- grub2
-
- Refresh PPC NVMEoF ofpath related patches to newer revision
* 0002-ieee1275-ofpath-enable-NVMeoF-logical-device-transla.patch
- Patch refreshed
* 0001-grub2-Set-multiple-device-path-for-a-nvmf-boot-devic.patch
- Patch obsoleted
* 0004-ofpath-controller-name-update.patch
- Fix segmentation fault error in grub2-probe with target=hints_string
(bsc#1235971) (bsc#1235958) (bsc#1239651)
* 0001-ofpath-Add-error-check-in-NVMEoF-device-translation.patch
- haveged
-
- Fix for bsc#1222296 and bsc#1165294.
- Remove haveged-switch-root.service.
- Add haveged-once.service.
- Add patch files introducing the '--once' flag.
* introduce-once-1.patch
* introduce-once-2.patch
- hwinfo
-
- merge gh#openSUSE/hwinfo#156
- fix network card detection on aarch64 (bsc#1240648)
- 21.88
- iproute2
-
- avoid spurious cgroup warning (bsc#1234383):
- ss-Tone-down-cgroup-path-resolution.patch
- iputils
-
- Security fix [bsc#1242300, CVE-2025-47268]
* integer overflow in RTT calculation can lead to undefined behavior
* Add iputils-CVE-2025-47268.patch
- kbd
-
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230,
kbd-ignore-working-directory-1.patch,
kbd-ignore-working-directory-2.patch,
kbd-ignore-working-directory-3.patch).
- kernel-default
-
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- scsi: storvsc: Don't report the host packet status as the hv status (git-fixes).
- commit 509c9eb
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest
memory accesses (bsc#1242782 CVE-2025-23141).
- commit c01b303
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
(bsc#1245431).
- commit 5ac7828
- mm/hugetlb: unshare page tables during VMA split, not before
(bsc#1245431).
- commit 16c03c2
- hugetlb: unshare some PMDs when splitting VMAs (bsc#1245431).
- commit 42d0bfa
- Update
patches.suse/0081-drm-meson-Fix-refcount-leak-in-meson_encoder_hdmi_in.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50188 bsc#1244892).
- Update
patches.suse/0155-drm-meson-encoder_cvbs-Fix-refcount-leak-in-meson_en.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50183 bsc#1244893).
- Update
patches.suse/0156-drm-meson-encoder_hdmi-Fix-refcount-leak-in-meson_en.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50184 bsc#1244898).
- Update
patches.suse/0365-drm-fb-helper-Fix-out-of-bounds-access.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50221 bsc#1244858).
- Update
patches.suse/1392-drm-i915-ttm-don-t-leak-the-ccs-state.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50037 bsc#1244953).
- Update
patches.suse/1454-drm-amd-pm-Fix-a-potential-gpu_metrics_table-memory-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49971 bsc#1245070).
- Update
patches.suse/1461-drm-amd-pm-add-missing-fini_xxxx-interfaces-for-some.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49965 bsc#1245063).
- Update
patches.suse/1496-drm-amdgpu-Fix-use-after-free-on-amdgpu_bo_list-mute.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-50035 bsc#1244955).
- Update patches.suse/1535-drm-i915-ttm-fix-CCS-handling.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49963 bsc#1244914).
- Update
patches.suse/1541-dma-buf-dma-resv-check-if-the-new-fence-is-really-la.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49935 bsc#1245052).
- Update
patches.suse/ASoC-DPCM-Don-t-pick-up-BE-without-substream.patch
(jsc#PED-850 CVE-2022-50049 bsc#1244973).
- Update
patches.suse/ASoC-Intel-avs-Fix-potential-buffer-overflow-by-snpr.patch
(jsc#PED-850 CVE-2022-50052 bsc#1245048).
- Update
patches.suse/ASoC-SOF-Intel-cnl-Do-not-process-IPC-reply-before-f.patch
(jsc#PED-850 CVE-2022-50016 bsc#1245340).
- Update
patches.suse/ASoC-SOF-Intel-hda-Fix-potential-buffer-overflow-by-.patch
(jsc#PED-850 CVE-2022-50050 bsc#1244987).
- Update
patches.suse/ASoC-SOF-Intel-hda-ipc-Do-not-process-IPC-reply-befo.patch
(jsc#PED-850 CVE-2022-50015 bsc#1245094).
- Update
patches.suse/ASoC-SOF-ipc3-topology-Prevent-double-freeing-of-ipc.patch
(jsc#PED-850 CVE-2022-50115 bsc#1244827).
- Update
patches.suse/Bluetooth-Fix-race-condition-in-hci_cmd_sync_clear.patch
(git-fixes CVE-2023-53046 bsc#1244180).
- Update
patches.suse/Bluetooth-When-HCI-work-queue-is-drained-only-queue-.patch
(jsc#PED-1407 CVE-2022-50166 bsc#1244772).
- Update
patches.suse/RDMA-rxe-Fix-BUG-KASAN-null-ptr-deref-in-rxe_qp_do_c.patch
(jsc#PED-1111 CVE-2022-50135 bsc#1244805).
- Update
patches.suse/Revert-usb-typec-ucsi-add-a-common-function-ucsi_unr.patch
(git-fixes CVE-2022-49944 bsc#1244905).
- Update
patches.suse/USB-gadget-Fix-obscure-lockdep-violation-for-udc_mut.patch
(git-fixes CVE-2022-49943 bsc#1244904).
- Update
patches.suse/USB-gadget-Fix-use-after-free-Read-in-usb_udc_uevent.patch
(git-fixes CVE-2022-49980 bsc#1245111).
- Update
patches.suse/arm64-bpf-Add-BHB-mitigation-to-the-epilogue-for-cBP.patch
(bsc#1242778 CVE-2025-37948 bsc#1243649).
- Update
patches.suse/arm64-bpf-Only-mitigate-cBPF-programs-loaded-by-unpr.patch
(bsc#1242778 CVE-2025-37963 bsc#1243660).
- Update
patches.suse/ath11k-fix-missing-skb-drop-on-htc_tx_completion-err.patch
(bsc#1206451 CVE-2022-50186 bsc#1244888).
- Update
patches.suse/block-don-t-allow-the-same-type-rq_qos-add-more-than-once-14a6.patch
(git-fixes CVE-2022-50086 bsc#1245116).
- Update
patches.suse/firmware_loader-Fix-memory-leak-in-firmware-upload.patch
(jsc#PED-1263 CVE-2022-49949 bsc#1244928).
- Update
patches.suse/firmware_loader-Fix-use-after-free-during-unregister.patch
(jsc#PED-1263 CVE-2022-49951 bsc#1244940).
- Update
patches.suse/iavf-Fix-NULL-pointer-dereference-in-iavf_get_link_k.patch
(jsc#PED-835 CVE-2022-50054 bsc#1245040).
- Update
patches.suse/ice-Fix-call-trace-with-null-VSI-during-VF-reset.patch
(jsc#PED-376 CVE-2022-50041 bsc#1244957).
- Update
patches.suse/ice-xsk-prohibit-usage-of-non-balanced-queue-id.patch
(jsc#PED-376 CVE-2022-50003 bsc#1245015).
- Update
patches.suse/net-mlx5-LAG-fix-logic-over-MLX5_LAG_FLAG_NDEVS_READ.patch
(jsc#PED-1549 CVE-2022-50002 bsc#1245023).
- Update
patches.suse/net-qrtr-start-MHI-channel-after-endpoit-creation.patch
(git-fixes CVE-2022-50044 bsc#1244961).
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-incorrectly-marks-MMIO-r.patch
(bsc#1218470 ltc#204531 CVE-2024-57999 bsc#1238526).
- Update
patches.suse/soundwire-revisit-driver-bind-unbind-and-callbacks.patch
(jsc#PED-850 CVE-2022-50144 bsc#1244791).
- Update
patches.suse/usb-xhci_plat_remove-avoid-NULL-dereference.patch
(git-fixes CVE-2022-50133 bsc#1244806).
- Update
patches.suse/vfio-Split-migration-ops-from-main-device-ops
(bsc#1205701 CVE-2022-50117 bsc#1244826).
- Update
patches.suse/xhci-Fix-null-pointer-dereference-in-remove-if-xHC-h.patch
(git-fixes CVE-2022-49962 bsc#1244912).
- Update
patches.suse/xsk-Fix-corrupted-packets-for-XDP_SHARED_UMEM.patch
(git-fixes CVE-2022-49972 bsc#1244960).
- commit dbcd12d
- Update
patches.suse/0012-dm-thin-fix-use-after-free-crash-in-dm_sm_register_t.patch
(git-fixes CVE-2022-50092 bsc#1244848).
- Update
patches.suse/0023-dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
(git-fixes CVE-2022-50084 bsc#1245117).
- Update
patches.suse/0024-dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
(git-fixes CVE-2022-50085 bsc#1245147).
- Update
patches.suse/0027-drivers-md-fix-a-potential-use-after-free-bug.patch
(git-fixes CVE-2022-50022 bsc#1245131).
- Update
patches.suse/ALSA-bcd2000-Fix-a-UAF-bug-on-the-error-path-of-prob.patch
(git-fixes CVE-2022-50229 bsc#1244856).
- Update
patches.suse/ARM-OMAP2-Fix-refcount-leak-in-omap3xxx_prm_late_ini.patch
(git-fixes CVE-2022-50198 bsc#1244872).
- Update
patches.suse/ARM-OMAP2-Fix-refcount-leak-in-omapdss_init_of.patch
(git-fixes CVE-2022-50199 bsc#1244873).
- Update
patches.suse/ARM-OMAP2-display-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50203 bsc#1245189).
- Update
patches.suse/ARM-OMAP2-pdata-quirks-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50204 bsc#1245191).
- Update
patches.suse/ARM-bcm-Fix-refcount-leak-in-bcm_kona_smc_init.patch
(git-fixes CVE-2022-50207 bsc#1244871).
- Update
patches.suse/ASoC-SOF-debug-Fix-potential-buffer-overflow-by-snpr.patch
(git-fixes CVE-2022-50051 bsc#1245041).
- Update
patches.suse/ASoC-cros_ec_codec-Fix-refcount-leak-in-cros_ec_code.patch
(git-fixes CVE-2022-50125 bsc#1244814).
- Update patches.suse/ASoC-mt6359-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50111 bsc#1244831).
- Update
patches.suse/ASoC-mt6797-mt6351-Fix-refcount-leak-in-mt6797_mt635.patch
(git-fixes CVE-2022-50124 bsc#1244816).
- Update
patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch
(git-fixes CVE-2022-50156 bsc#1244782).
- Update
patches.suse/HID-hidraw-fix-memory-leak-in-hidraw_release.patch
(git-fixes CVE-2022-49981 bsc#1245072).
- Update
patches.suse/HID-mcp2221-prevent-a-buffer-overflow-in-mcp_smbus_w.patch
(git-fixes CVE-2022-50131 bsc#1244807).
- Update
patches.suse/HID-steam-Prevent-NULL-pointer-dereference-in-steam_.patch
(git-fies CVE-2022-49984 bsc#1244950).
- Update
patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch
(git-fixes CVE-2022-49954 bsc#1244976).
- Update
patches.suse/KVM-SVM-Don-t-BUG-if-userspace-injects-an-interrupt-.patch
(git-fixes CVE-2022-50228 bsc#1244854).
- Update
patches.suse/NFSv4-pnfs-Fix-a-use-after-free-bug-in-open.patch
(git-fixes CVE-2022-50072 bsc#1244979).
- Update
patches.suse/NFSv4.2-fix-problems-with-__nfs42_ssc_open.patch
(git-fixes CVE-2022-50006 bsc#1245018).
- Update
patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch
(git-fixes CVE-2022-50146 bsc#1244788).
- Update
patches.suse/PCI-mediatek-gen3-Fix-refcount-leak-in-mtk_pcie_init.patch
(git-fixes CVE-2022-50154 bsc#1244784).
- Update
patches.suse/PCI-microchip-Fix-refcount-leak-in-mc_pcie_init_irq_.patch
(git-fixes CVE-2022-50157 bsc#1244780).
- Update
patches.suse/PM-hibernate-defer-device-probing-when-resuming-from.patch
(git-fixes CVE-2022-50202 bsc#1245154).
- Update
patches.suse/RDMA-hfi1-fix-potential-memory-leak-in-setup_base_ct.patch
(git-fixes CVE-2022-50134 bsc#1244802).
- Update
patches.suse/RDMA-irdma-Fix-a-window-for-use-after-free.patch
(git-fixes CVE-2022-50137 bsc#1244800).
- Update
patches.suse/RDMA-qedr-Fix-potential-memory-leak-in-__qedr_alloc_.patch
(git-fixes CVE-2022-50138 bsc#1244797).
- Update
patches.suse/RDMA-rxe-Fix-error-unwind-in-rxe_create_qp.patch
(git-fixes CVE-2022-50127 bsc#1244815).
- Update
patches.suse/RDMA-siw-Fix-duplicated-reported-IW_CM_EVENT_CONNECT.patch
(git-fixes CVE-2022-50136 bsc#1244804).
- Update patches.suse/RDMA-srpt-Fix-a-use-after-free.patch
(git-fixes CVE-2022-50129 bsc#1244811).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(git-fixes bsc#1206664 CVE-2022-4662 CVE-2022-49936
bsc#1244984).
- Update
patches.suse/apparmor-Fix-memleak-in-aa_simple_write_to_buffer.patch
(git-fixes CVE-2022-50074 bsc#1244965).
- Update
patches.suse/apparmor-fix-reference-count-leak-in-aa_pivotroot.patch
(git-fixes CVE-2022-50077 bsc#1244977).
- Update
patches.suse/arm64-cacheinfo-Fix-incorrect-assignment-of-signed-error-value-to-unsigned-fw_level.patch
(git-fixes CVE-2022-49964 bsc#1245064).
- Update
patches.suse/arm64-fix-oops-in-concurrently-setting-insn_emulatio.patch
(git-fixes CVE-2022-50206 bsc#1245152).
- Update patches.suse/ath11k-fix-netdev-open-race.patch (git-fixes
CVE-2022-50187 bsc#1244890).
- Update
patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
(CVE-2022-1679 bsc#1199487 CVE-2022-50179 bsc#1244886).
- Update
patches.suse/bpf-Adjust-insufficient-default-bpf_jit_limit.patch
(bsc#1218234 git-fixes CVE-2023-53076 bsc#1242221).
- Update
patches.suse/bpf-Don-t-use-tnum_range-on-array-range-checking-for.patch
(bsc#1202564 bsc#1202860 CVE-2022-2905 CVE-2022-49985
bsc#1244956).
- Update
patches.suse/btrfs-fix-space-cache-corruption-and-potential-doubl.patch
(bsc#1203361 CVE-2022-49999 bsc#1245019).
- Update
patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch
(bsc#1212051 CVE-2023-3111 CVE-2022-50067 bsc#1245047).
- Update
patches.suse/ceph-don-t-leak-snap_rwsem-in-handle_cap_grant.patch
(bsc#1202823 CVE-2022-50059 bsc#1245031).
- Update
patches.suse/cifs-Fix-memory-leak-on-the-deferred-close.patch
(bsc#1193629 CVE-2022-50076 bsc#1244983).
- Update
patches.suse/cifs-fix-small-mempool-leak-in-SMB2_negotiate-.patch
(bsc#1193629 CVE-2022-49938 bsc#1244820).
- Update
patches.suse/clk-bcm-rpi-Prevent-out-of-bounds-access.patch
(git-fixes CVE-2022-49946 bsc#1244944).
- Update
patches.suse/clk-qcom-ipq8074-dont-disable-gcc_sleep_clk_src.patch
(git-fixes CVE-2022-50029 bsc#1245146).
- Update
patches.suse/cpufreq-zynq-Fix-refcount-leak-in-zynq_get_revision.patch
(git-fixes CVE-2022-50197 bsc#1244876).
- Update
patches.suse/crypto-arm64-poly1305-fix-a-read-out-of-bound.patch
(git-fixes CVE-2022-50231 bsc#1244853).
- Update
patches.suse/crypto-ccp-Use-kzalloc-for-sev-ioctl-interfaces-to-p.patch
(git-fixes CVE-2022-50226 bsc#1244860).
- Update
patches.suse/crypto-hisilicon-sec-don-t-sleep-when-in-softirq.patch
(git-fixes CVE-2022-50171 bsc#1244765).
- Update
patches.suse/dmaengine-dw-axi-dmac-do-not-print-NULL-LLI-during-e.patch
(git-fixes CVE-2022-50024 bsc#1245133).
- Update
patches.suse/dmaengine-dw-axi-dmac-ignore-interrupt-if-no-descrip.patch
(git-fixes CVE-2022-50023 bsc#1245134).
- Update
patches.suse/dmaengine-sf-pdma-Add-multithread-support-for-a-DMA-.patch
(git-fixes CVE-2022-50145 bsc#1244787).
- Update
patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch
(git-fixes CVE-2022-50149 bsc#1244883).
- Update
patches.suse/drm-amd-display-Check-correct-bounds-for-stream-enco.patch
(git-fixes CVE-2022-50079 bsc#1244970).
- Update
patches.suse/drm-amd-display-clear-optc-underflow-before-turn-off.patch
(git-fixes CVE-2022-49969 bsc#1245060).
- Update
patches.suse/drm-amd-pm-add-missing-fini_microcode-interface-for-.patch
(git-fixes CVE-2022-49966 bsc#1245062).
- Update patches.suse/drm-i915-fix-null-pointer-dereference.patch
(git-fixes CVE-2022-49960 bsc#1244911).
- Update
patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch
(git-fixes CVE-2022-50176 bsc#1244902).
- Update
patches.suse/drm-meson-Fix-refcount-bugs-in-meson_vpu_has_availab.patch
(git-fixes CVE-2022-50038 bsc#1244943).
- Update
patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch
(git-fixes CVE-2022-50173 bsc#1244992).
- Update
patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch
(git-fixes CVE-2022-50185 bsc#1244887).
- Update
patches.suse/drm-sun4i-dsi-Prevent-underflow-when-computing-packe.patch
(git-fixes CVE-2022-50036 bsc#1244941).
- Update
patches.suse/drm-ttm-Fix-dummy-res-NULL-ptr-deref-bug.patch
(git-fixes CVE-2022-50068 bsc#1245142).
- Update
patches.suse/ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
(bsc#1206878 CVE-2022-50083 bsc#1244968).
- Update
patches.suse/ext4-avoid-resizing-to-a-partial-cluster-size.patch
(bsc#1206880 CVE-2022-50020 bsc#1245129).
- Update
patches.suse/ext4-block-range-must-be-validated-before-use-in-ext.patch
(bsc#1213090 CVE-2022-50021 bsc#1245180).
- Update
patches.suse/fbdev-fb_pm2fb-Avoid-potential-divide-by-zero-error.patch
(git-fixes CVE-2022-49978 bsc#1245195).
- Update
patches.suse/firmware-arm_scpi-Ensure-scpi_info-is-not-assigned-i.patch
(git-fixes CVE-2022-50087 bsc#1245119).
- Update
patches.suse/ftrace-Fix-NULL-pointer-dereference-in-is_ftrace_trampoline-when-ftrace-is-dead.patch
(git-fixes CVE-2022-49977 bsc#1244936).
- Update patches.suse/gadgetfs-ep_io-wait-until-IRQ-finishes.patch
(git-fixes CVE-2022-50028 bsc#1245135).
- Update
patches.suse/habanalabs-gaudi-fix-shift-out-of-bounds.patch
(git-fixes CVE-2022-50026 bsc#1245088).
- Update
patches.suse/hwmon-gpio-fan-Fix-array-out-of-bounds-access.patch
(git-fixes CVE-2022-49945 bsc#1244908).
- Update patches.suse/iavf-Fix-adminq-error-handling.patch
(git-fixes CVE-2022-50055 bsc#1245039).
- Update patches.suse/iavf-Fix-reset-error-handling.patch
(git-fixes CVE-2022-50053 bsc#1245038).
- Update
patches.suse/ieee802154-adf7242-defer-destroy_workqueue-call.patch
(git-fixes CVE-2022-49968 bsc#1244959).
- Update
patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch
(git-fixes CVE-2022-50218 bsc#1244861).
- Update
patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch
(git-fixes CVE-2022-50143 bsc#1244790).
- Update patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch
(git-fixes CVE-2022-50142 bsc#1244796).
- Update
patches.suse/iommu-vt-d-avoid-invalid-memory-access-via-node_online-NUMA_NO_N
(git-fixes CVE-2022-50093 bsc#1244849).
- Update
patches.suse/jbd2-fix-assertion-jh-b_frozen_data-NULL-failure-whe.patch
(bsc#1202716 CVE-2022-50126 bsc#1244813).
- Update patches.suse/kcm-fix-strp_init-order-and-cleanup.patch
(git-fies CVE-2022-49957 bsc#1244966).
- Update
patches.suse/kprobes-don-t-call-disarm_kprobe-for-disabled-kprobes.patch
(git-fixes CVE-2022-50008 bsc#1245009).
- Update
patches.suse/loop-Check-for-overflow-while-configuring-loop.patch
(git-fies CVE-2022-49993 bsc#1245121).
- Update patches.suse/md-call-__md_stop_writes-in-md_stop.patch
(git-fixes CVE-2022-49987 bsc#1245024).
- Update patches.suse/md-raid10-fix-KASAN-warning.patch (git-fixes
CVE-2022-50211 bsc#1245140).
- Update
patches.suse/media-mceusb-Use-new-usb_control_msg_-routines.patch
(CVE-2022-3903 bsc#1205220 CVE-2022-49937 bsc#1245057).
- Update
patches.suse/media-pvrusb2-fix-memory-leak-in-pvr_probe.patch
(git-fixes CVE-2022-49982 bsc#1245069).
- Update
patches.suse/media-tw686x-Fix-memory-leak-in-tw686x_video_init.patch
(git-fixes CVE-2022-50175 bsc#1244903).
- Update patches.suse/memstick-ms_block-Fix-a-memory-leak.patch
(git-fixes CVE-2022-50140 bsc#1244793).
- Update
patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch
(git-fixes CVE-2022-50209 bsc#1244868).
- Update
patches.suse/mfd-max77620-Fix-refcount-leak-in-max77620_initialis.patch
(git-fixes CVE-2022-50108 bsc#1244834).
- Update
patches.suse/misc-fastrpc-fix-memory-corruption-on-open.patch
(git-fixes CVE-2022-49950 bsc#1244958).
- Update
patches.suse/misc-fastrpc-fix-memory-corruption-on-probe.patch
(git-fixes CVE-2022-49952 bsc#1244945).
- Update
patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch
(git-fixes CVE-2022-50141 bsc#1244794).
- Update
patches.suse/mptcp-use-OPTION_MPTCP_MPJ_SYNACK-in-subflow_finish_.patch
(CVE-2025-23145 bsc#1242596 CVE-2024-35840 bsc#1224597).
- Update
patches.suse/msft-hv-2639-scsi-storvsc-Remove-WQ_MEM_RECLAIM-from-storvsc_erro.patch
(git-fixes CVE-2022-49986 bsc#1244948).
- Update
patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch
(git-fixes CVE-2022-50172 bsc#1244764).
- Update
patches.suse/mtd-maps-Fix-refcount-leak-in-ap_flash_init.patch
(git-fixes CVE-2022-50160 bsc#1244776).
- Update
patches.suse/mtd-maps-Fix-refcount-leak-in-of_flash_probe_versati.patch
(git-fixes CVE-2022-50161 bsc#1244774).
- Update
patches.suse/mtd-parsers-ofpart-Fix-refcount-leak-in-bcm4908_part.patch
(git-fixes CVE-2022-50155 bsc#1244781).
- Update
patches.suse/mtd-partitions-Fix-refcount-leak-in-parse_redboot_of.patch
(git-fixes CVE-2022-50158 bsc#1244779).
- Update
patches.suse/net-atlantic-fix-aq_vec-index-out-of-range-error.patch
(git-fixes CVE-2022-50066 bsc#1244985).
- Update
patches.suse/net-bgmac-Fix-a-BUG-triggered-by-wrong-bytes_compl.patch
(git-fixes CVE-2022-50062 bsc#1245028).
- Update
patches.suse/net-dsa-mv88e6060-prevent-crash-on-an-unused-port.patch
(git-fixes CVE-2022-50047 bsc#1244993).
- Update
patches.suse/net-dsa-sja1105-fix-buffer-overflow-in-sja1105_setup.patch
(git-fixes CVE-2022-50040 bsc#1244949).
- Update
patches.suse/net-sched-fix-netdevice-reference-leaks-in-attach_de.patch
(git-fixes CVE-2022-49958 bsc#1244974).
- Update
patches.suse/net-sunrpc-fix-potential-memory-leaks-in-rpc_sysfs_x.patch
(git-fixes CVE-2022-50046 bsc#1244991).
- Update
patches.suse/net-tap-NULL-pointer-derefence-in-dev_parse_header_p.patch
(git-fixes CVE-2022-50073 bsc#1244978).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-CHAIN_ID-to-refer-t.patch
(CVE-2022-2586 bsc#1202095 CVE-2022-50212 bsc#1244869).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch
(CVE-2022-2586 bsc#1202095 CVE-2022-50213 bsc#1244867).
- Update
patches.suse/nfc-pn533-Fix-use-after-free-bugs-caused-by-pn532_cm.patch
(git-fixes CVE-2022-50005 bsc#1245011).
- Update
patches.suse/octeontx2-af-Fix-mcam-entry-resource-leak.patch
(git-fixes CVE-2022-50060 bsc#1245032).
- Update
patches.suse/pinctrl-nomadik-Fix-refcount-leak-in-nmk_pinctrl_dt_.patch
(git-fixes CVE-2022-50061 bsc#1245033).
- Update
patches.suse/posix-cpu-timers-Cleanup-CPU-timers-before-freeing-t.patch
(CVE-2022-2585 bsc#1202094 CVE-2022-50095 bsc#1244846).
- Update
patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch
(bsc#1065729 CVE-2022-50012 bsc#1245125).
- Update
patches.suse/powerpc-iommu-fix-memory-leak-with-using-debugfs_loo.patch
(bsc#1194869 CVE-2023-53097 bsc#1244114).
- Update patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch
(bsc#1065729 CVE-2022-50045 bsc#1244967).
- Update
patches.suse/powerpc-perf-Optimize-clearing-the-pending-PMI-and-r.patch
(bsc#1156395 CVE-2022-50118 bsc#1244825).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch
(fate#322438 git-fixess CVE-2022-50104 bsc#1244836).
- Update
patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch
(git-fixes CVE-2022-50191 bsc#1244899).
- Update
patches.suse/remoteproc-imx_rproc-Fix-refcount-leak-in-imx_rproc_.patch
(git-fixes CVE-2022-50120 bsc#1244819).
- Update
patches.suse/remoteproc-k3-r5-Fix-refcount-leak-in-k3_r5_cluster_.patch
(git-fixes CVE-2022-50121 bsc#1244823).
- Update
patches.suse/rpmsg-qcom_smd-Fix-refcount-leak-in-qcom_smd_parse_e.patch
(git-fixes CVE-2022-50112 bsc#1244832).
- Update
patches.suse/s390-fix-double-free-of-GS-and-RI-CBs-on-fork-failure
(bsc#1203197 LTC#199895 CVE-2022-49990 bsc#1245006).
- Update patches.suse/sch_htb-make-htb_deactivate-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37953 bsc#1243543).
- Update
patches.suse/sch_htb-make-htb_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37932 bsc#1243627).
- Update
patches.suse/sched-core-Do-not-requeue-task-on-CPU-excluded-from-cpus_mask.patch
(bnc#1199356 CVE-2022-50100 bsc#1244843).
- Update
patches.suse/sched-cpuset-Fix-dl_cpu_busy-panic-due-to-empty-cs-c.patch
(git-fixes CVE-2022-50103 bsc#1244840).
- Update
patches.suse/scsi-core-Fix-unremoved-procfs-host-directory-regression.patch
(git-fixes CVE-2024-26935 bsc#1223675).
- Update
patches.suse/scsi-iscsi-Fix-HW-conn-removal-use-after-free.patch
(bsc#1198410 CVE-2022-50031 bsc#1245118).
- Update
patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch
(bsc#1201956 CVE-2022-50027 bsc#1245073).
- Update
patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch
(bsc#1201956 CVE-2022-50030 bsc#1245265).
- Update
patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch
(bsc#1201160 CVE-2022-50098 bsc#1244841).
- Update
patches.suse/scsi-sg-Allow-waiting-for-commands-to-complete-on-removed-device.patch
(git-fixes CVE-2022-50215 bsc#1245138).
- Update
patches.suse/selinux-Add-boundary-check-in-put_entry.patch
(git-fixes CVE-2022-50200 bsc#1245149).
- Update
patches.suse/selinux-fix-memleak-in-security_read_state_kernel.patch
(git-fixes CVE-2022-50201 bsc#1245197).
- Update
patches.suse/soc-amlogic-Fix-refcount-leak-in-meson-secure-pwrc.c.patch
(git-fixes CVE-2022-50208 bsc#1244870).
- Update
patches.suse/soc-qcom-aoss-Fix-refcount-leak-in-qmp_cooling_devic.patch
(git-fixes CVE-2022-50194 bsc#1244878).
- Update
patches.suse/soc-qcom-ocmem-Fix-refcount-leak-in-of_get_ocmem.patch
(git-fixes CVE-2022-50196 bsc#1244875).
- Update
patches.suse/spi-Fix-simplification-of-devm_spi_register_controll.patch
(git-fixes CVE-2022-50190 bsc#1244895).
- Update
patches.suse/spi-tegra20-slink-fix-UAF-in-tegra_slink_remove.patch
(git-fixes CVE-2022-50192 bsc#1244879).
- Update
patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch
(git-fixes CVE-2022-50094 bsc#1244851).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch
(CVE-2022-4095 bsc#1205514 CVE-2022-49956 bsc#1244969).
- Update
patches.suse/stmmac-intel-Add-a-missing-clk_disable_unprepare-cal.patch
(git-fixes CVE-2022-50039 bsc#1244942).
- Update
patches.suse/tty-n_gsm-add-sanity-check-for-gsm-receive-in-gsm_re.patch
(git-fixes CVE-2022-49940 bsc#1244866).
- Update
patches.suse/tty-n_gsm-fix-deadlock-and-link-starvation-in-outgoi.patch
(git-fixes CVE-2022-50116 bsc#1244824).
- Update
patches.suse/tty-serial-Fix-refcount-leak-bug-in-ucc_uart.c.patch
(git-fixes CVE-2022-50019 bsc#1245098).
- Update
patches.suse/tty-vt-initialize-unicode-screen-buffer.patch
(git-fixes CVE-2022-50222 bsc#1245136).
- Update
patches.suse/udmabuf-Set-the-DMA-mask-for-the-udmabuf-device-v2.patch
(git-fixes CVE-2022-49983 bsc#1245092).
- Update
patches.suse/usb-aspeed-vhub-Fix-refcount-leak-bug-in-ast_vhub_in.patch
(git-fixes CVE-2022-50139 bsc#1244798).
- Update
patches.suse/usb-cdns3-change-place-of-priv_ep-assignment-in-cdns.patch
(git-fixes CVE-2022-50132 bsc#1244808).
- Update
patches.suse/usb-cdns3-fix-random-warning-message-when-driver-loa.patch
(git-fixes CVE-2022-50151 bsc#1245093).
- Update
patches.suse/usb-cdns3-fix-use-after-free-at-workaround-2.patch
(git-fixes CVE-2022-50034 bsc#1245089).
- Update
patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch
(git-fixes CVE-2022-50153 bsc#1244786).
- Update
patches.suse/usb-host-ohci-ppc-of-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50033 bsc#1245139).
- Update
patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch
(git-fixes CVE-2022-50152 bsc#1244783).
- Update patches.suse/usb-renesas-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-50032 bsc#1245103).
- Update
patches.suse/usb-typec-tcpm-fix-warning-when-handle-discover_iden.patch
(git-fixes CVE-2023-53048 bsc#1244179).
- Update
patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch
(git-fixes CVE-2022-50220 bsc#1245348).
- Update
patches.suse/venus-pm_helpers-Fix-warning-in-OPP-during-probe.patch
(git-fixes CVE-2022-50011 bsc#1244915).
- Update
patches.suse/video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch
(git-fixes CVE-2022-50109 bsc#1244884).
- Update
patches.suse/video-fbdev-arkfb-Check-the-size-of-screen-before-me.patch
(git-fixes CVE-2022-50099 bsc#1244842).
- Update
patches.suse/video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch
(git-fixes CVE-2022-50102 bsc#1244838).
- Update
patches.suse/video-fbdev-i740fb-Check-the-argument-of-i740_calc_v.patch
(git-fixes CVE-2022-50010 bsc#1245122).
- Update
patches.suse/video-fbdev-s3fb-Check-the-size-of-screen-before-mem.patch
(git-fixes CVE-2022-50097 bsc#1244845).
- Update
patches.suse/video-fbdev-vt8623fb-Check-the-size-of-screen-before.patch
(git-fixes CVE-2022-50101 bsc#1244839).
- Update
patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch
(git-fixes CVE-2022-50181 bsc#1244901).
- Update
patches.suse/virtio_net-fix-memory-leak-inside-XPD_TX-with-mergea.patch
(git-fixes CVE-2022-50065 bsc#1244986).
- Update
patches.suse/vt-Clear-selection-before-changing-the-font.patch
(git-fixes CVE-2022-49948 bsc#1245058).
- Update
patches.suse/watchdog-sp5100_tco-Fix-a-memory-leak-of-EFCH-MMIO-r.patch
(git-fixes CVE-2022-50110 bsc#1244830).
- Update
patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch
(git-fixes CVE-2022-50164 bsc#1244770).
- Update
patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch
(git-fixes CVE-2022-50162 bsc#1244773).
- Update
patches.suse/wifi-mac80211-Don-t-finalize-CSA-in-IBSS-mode-if-sta.patch
(git-fixes CVE-2022-49942 bsc#1244881).
- Update
patches.suse/wifi-mac80211-Fix-UAF-in-ieee80211_scan_rx.patch
(git-fixes CVE-2022-49934 bsc#1245051).
- Update
patches.suse/wifi-rtw89-8852a-rfk-fix-div-0-exception.patch
(git-fixes CVE-2022-50178 bsc#1244900).
- Update
patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch
(git-fixes CVE-2022-50169 bsc#1244767).
- Update
patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch
(git-fixes CVE-2022-50165 bsc#1244771).
- Update
patches.suse/writeback-avoid-use-after-free-after-removing-device.patch
(bsc#1207638 CVE-2022-49995 bsc#1245012).
- Update
patches.suse/xen-privcmd-fix-error-exit-of-privcmd_ioctl_dm_op.patch
(git-fixes CVE-2022-49989 bsc#1245007).
- commit 7202356
- bpf: abort verification if env->cur_state->loop_entry != NULL
(CVE-2025-38060 bsc#1245155).
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch.
- commit 7231f0c
- bpf: copy_verifier_state() should copy 'loop_entry' field
(CVE-2025-38060 bsc#1245155).
- Refresh patches.kabi/bpf-callback-fixes-kABI-workaround.patch.
- commit 5ab8be4
- net_sched: prio: fix a race in prio_tune() (CVE-2025-38083
bsc#1245183).
- commit 2221c2d
- dmaengine: idxd: Refactor remove call with idxd_cleanup()
helper (CVE-2025-38014 bsc#1244732).
- commit c97ce5d
- Refresh patches.suse/netfilter-nf_tables-use-timestamp-to-check-for-set-element.patch.
The gc path is async therefore it shouldn't use the timestamp but the
current time instead.
- commit 7fca653
- x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc()
(CVE-2024-28956 bsc#1242006).
- commit 995d9ba
- net_sched: hfsc: Address reentrant enqueue adding class to
eltree twice (CVE-2025-38001 bsc#1244234).
- commit 47685d0
- net/sched: sch_ets: don't remove idle classes from the
round-robin list (bsc#1207361 CVE-2021-47595 bsc#1226552).
- net/sched: sch_ets: don't peek at classes beyond 'nbands'
(bsc#1207361 bsc#1225468 CVE-2021-47557).
- commit 6b479ec
- sch_htb: make htb_deactivate() idempotent (CVE-2025-37798
bsc#1242414).
- codel: remove sch->q.qlen check before
qdisc_tree_reduce_backlog() (CVE-2025-37798 bsc#1242414).
- sch_ets: make est_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_qfq: make qfq_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_drr: make drr_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_htb: make htb_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- commit 4e7c132
- netfilter: nf_tables: use timestamp to check for set element
timeout (CVE-2024-27397 bsc#1224095).
- commit 0345626
- packaging: Add support for suse-kabi-tools
The current workflow to check kABI stability during the RPM build of SUSE
kernels consists of the following steps:
* The downstream script rpm/modversions unpacks the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and creates
individual symref files.
* The build performs a regular kernel make. During this operation, genksyms
is invoked for each source file. The tool determines type signatures of
all exports within the file, reports any differences compared to the
associated symref reference, calculates symbol CRCs from the signatures
and writes new type data into a symtypes file.
* The script rpm/modversions is invoked again, this time it packs all new
symtypes files to a consolidated kABI file.
* The downstream script rpm/kabi.pl checks symbol CRCs in the new build and
compares them to a reference from kabi/<arch>/symvers-<flavor>, taking
kabi/severities into account.
suse-kabi-tools is a new set of tools to improve the kABI checking process.
The suite includes two tools, ksymtypes and ksymvers, which replace the
existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison
functionality previously provided by genksyms. The tools have their own
source repository and package.
The tools provide faster operation and more detailed, unified output. In
addition, they allow the use of the new upstream tool gendwarfksyms, which
lacks any built-in comparison functionality.
The updated workflow is as follows:
* The build performs a regular kernel make. During this operation, genksyms
(gendwarfksyms) is invoked as usual, determinining signatures and CRCs of
all exports and writing the type data to symtypes files. However,
genksyms no longer performs any comparison.
* 'ksymtypes consolidate' packs all new symtypes files to a consolidated
kABI file.
* 'ksymvers compare' checks symbol CRCs in the new build and compares them
to a reference from kabi/<arch>/symvers-<flavor>, taking kabi/severities
into account. The tool writes its result in a human-readable form on
standard output and also writes a list of all changed exports (not
ignored by kabi/severities) to the changed-exports file.
* 'ksymtypes compare' takes the changed-exports file, the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and the new
consolidated data. Based on this data, it produces a detailed report
explaining why the symbols changed.
The patch enables the use of suse-kabi-tools via rpm/config.sh, providing
explicit control to each branch. To enable the support, set
USE_SUSE_KABI_TOOLS=Yes in the config file.
- commit a2c6f89
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for
inet/ingress basechain (CVE-2024-26808 bsc#1222634).
- commit 8ae94b6
- netfilter: nft_set_rbtree: .deactivate fails if element has
expired (CVE-2024-27397 bsc#1224095).
- commit 544c57e
- kernel-source: Remove log.sh from sources
- commit 96bd779
- netfilter: ipset: add missing range check in bitmap_ip_uadt (CVE-2024-53141 bsc#1234381)
- commit 6255020
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
(CVE-2025-37823 bsc#1242924).
- commit 10fd231
- net: sched: sch_multiq: fix possible OOB write in multiq_tune()
(CVE-2024-36978 bsc#1226514).
- commit 6416785
- sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (CVE-2025-38000 bsc#1244277).
- commit 411bb06
- net_sched: hfsc: Fix a UAF vulnerability in class with netem
as child qdisc (CVE-2025-37890 bsc#1243330).
- commit 33c0be8
- netfilter: ipset: fix region locking in hash types
(CVE-2025-37997 bsc#1243832).
- commit e26a95e
- netfilter: nf_tables: don't fail inserts if duplicate has
expired (git-fixes CVE-2023-52925 bsc#1236822).
- commit cd97e1a
- netfilter: nf_tables: don't skip expired elements during walk
(CVE-2023-52924 bsc#1236821).
- Refresh
patches.suse/netfilter-nft_set_pipapo-skip-inactive-elements-duri.patch.
- commit 6faff42
- bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156
CVE-2024-53125).
- commit 29ff5bf
- net: sched: Disallow replacing of child qdisc from one parent
to another (CVE-2025-21700 bsc#1237159).
- commit 7b38bc0
- vsock: Orphan socket after transport release (bsc#1238876
CVE-2025-21756).
- commit 7e39328
- vsock: Keep the binding until socket destruction (bsc#1238876
CVE-2025-21756).
- commit a3adf03
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
(git-fixes CVE-2025-21703 bsc#1237313).
- commit 6fdf91c
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702 bsc#1237312)
- commit 874558c
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- commit a5fc425
- netfilter: nft_set_pipapo: do not free live element
(CVE-2024-26924 bsc#1223387).
- commit b8b066b
- net/sched: netem: account for backlog updates from child qdisc
(CVE-2024-56770 bsc#1235637).
- sch/netem: fix use after free in netem_dequeue (CVE-2024-56770
bsc#1235637 CVE-2024-46800 bsc#1230827).
- commit a31493e
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- commit 7c95ae0
- powerpc/vas: Return -EINVAL if the offset is non-zero in mmap()
(bsc#1244309 ltc#213790).
- powerpc/powernv/memtrace: Fix out of bounds issue in memtrace
mmap (bsc#1244309 ltc#213790).
- commit 85e9dad
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- commit 3546c41
- ALSA: usb-audio: Fix potential out-of-bound accesses for
Extigy and Mbox devices (git-fixes CVE-2024-53197 bsc#1235464
bsc#1244282).
- commit e7fd703
- MyBS: Do not build kernel-obs-qa with limit_packages
Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- commit f4c6047
- MyBS: Simplify qa_expr generation
Start with a 0 which makes the expression valid even if there are no QA
repositories (currently does not happen). Then separator is always
needed.
- commit e4c2851
- MyBS: Correctly generate build flags for non-multibuild package limit
(bsc# 1244241)
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- commit 27588c9
- bs-upload-kernel: Pass limit_packages also on multibuild
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- commit 8ef486c
- kernel-source: Do not use multiple -r in sed parameters
This usage is enabled in commit b18d64d
(sed: allow multiple (non-conflicting) -E/-r parameters, 2016-07-31)
only available since sed 4.3
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit 91ad98e
- ext4: fix OOB read when checking dotdot dir (bsc#1241640
CVE-2025-37785).
- commit a1f98cf
- Update
patches.suse/0519-drm-amd-display-Fix-optc2_configure-warning-on-dcn31.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225 jsc#PED-2849
CVE-2022-49773 bsc#1242311).
- Update
patches.suse/ACPI-PPTT-Fix-to-avoid-sleep-in-the-atomic-context-w.patch
(git-fixes CVE-2023-53070 bsc#1242286).
- Update patches.suse/Bluetooth-HCI-Fix-global-out-of-bounds.patch
(git-fixes bsc#1209780 CVE-2023-28866 CVE-2023-53057
bsc#1242240).
- Update patches.suse/RDMA-rxe-Fix-mr-leak-in-RESPST_ERR_RNR.patch
(jsc#PED-1111 CVE-2022-49929 bsc#1242360).
- Update
patches.suse/blk-cgroup-properly-pin-the-parent-in-blkcg_css_online.patch
(bsc#1208105 CVE-2022-49786 bsc#1242351).
- Update
patches.suse/blk-mq-Fix-kmemleak-in-blk_mq_init_allocated_queue-943f.patch
(git-fixes CVE-2022-49901 bsc#1242448).
- Update
patches.suse/block-Fix-possible-memory-leak-for-rq_wb-on-add_disk-failure-fa81.patch
(git-fixes CVE-2022-49902 bsc#1242465).
- Update
patches.suse/bpf-Fix-memory-leaks-in-__check_func_call.patch
(bsc#1225903 CVE-2022-49837 bsc#1242160).
- Update
patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch
(git-fixes CVE-2023-53044 bsc#1242759).
- Update
patches.suse/drm-amd-display-Do-not-set-DRR-on-pipe-Commit.patch
(bsc#1206843 CVE-2023-53042 bsc#1242748).
- Update
patches.suse/drm-amdgpu-Fix-call-trace-warning-and-hang-when-remo.patch
(bsc#1206843 CVE-2023-53036 bsc#1242740).
- Update
patches.suse/drm-amdgpu-fix-ttm_bo-calltrace-warning-in-psp_hw_fi.patch
(bsc#1206843 CVE-2023-53074 bsc#1242751).
- Update
patches.suse/drm-i915-sseu-fix-max_subslices-array-index-out-of-b.patch
(git-fixes CVE-2023-53112 bsc#1242410).
- Update patches.suse/drm-ttm-Fix-a-NULL-pointer-dereference.patch
(git-fixes CVE-2023-53095 bsc#1242278).
- Update
patches.suse/ice-xsk-disable-txq-irq-before-flushing-hw.patch
(jsc#PED-376 CVE-2023-53102 bsc#1242393).
- Update
patches.suse/ipvs-fix-WARNING-in-__ip_vs_cleanup_batch.patch
(bsc#1207361 CVE-2022-49918 bsc#1242425).
- Update
patches.suse/ipvs-fix-WARNING-in-ip_vs_app_net_cleanup.patch
(bsc#1207361 CVE-2022-49917 bsc#1242406).
- Update
patches.suse/net-mlx5e-Fix-cleanup-null-ptr-deref-on-encap-lock.patch
(jsc#PED-1549 CVE-2023-53105 bsc#1242400).
- Update
patches.suse/net-sched-Fix-use-after-free-in-red_enqueue.patch
(bsc#1207361 CVE-2022-49921 bsc#1242359).
- Update
patches.suse/net-tunnels-annotate-lockless-accesses-to-dev-needed_headroom.patch
(CVE-2024-26804 bsc#1222629 CVE-2023-53109 bsc#1242405).
- Update
patches.suse/ntfs-check-overflow-when-iterating-ATTR_RECORDs.patch
(git-fixes CVE-2022-49762 bsc#1242146).
- Update
patches.suse/ntfs-fix-use-after-free-in-ntfs_attr_find.patch
(git-fixes CVE-2022-49763 bsc#1242249).
- Update
patches.suse/perf-x86-amd-Fix-crash-due-to-race-between-amd_pmu_enable_all-perf-NMI-and-throttling.patch
(git fixes CVE-2022-49781 bsc#1242302).
- Update
patches.suse/perf-x86-amd-core-Always-clear-status-for-idx.patch
(bsc#1213233 CVE-2023-53073 bsc#1242224).
- Update
patches.suse/perf-x86-amd-uncore-Fix-memory-leak-for-events-array.patch
(git fixes CVE-2022-49784 bsc#1242349).
- Update
patches.suse/rethook-fix-a-potential-memleak-in-rethook_alloc.patch
(git-fixes CVE-2022-49795 bsc#1242298).
- Update
patches.suse/scsi-mpi3mr-Fix-throttle_groups-memory-leak.patch
(git-fixes CVE-2023-53128 bsc#1242381).
- Update
patches.suse/vp_vdpa-fix-the-crash-in-hot-unplug-with-vp_vdpa.patch
(git-fixes CVE-2023-53082 bsc#1242295).
- Update
patches.suse/wifi-mt76-do-not-run-mt76_unregister_device-on-unreg.patch
(bsc#1209980 CVE-2023-53071 bsc#1242217).
- Update
patches.suse/x86-tdx-Panic-on-bad-configs-that-VE-on-private-memo.patch
(jsc#PED-342 CVE-2022-49886 bsc#1242474).
- commit 3794a99
- Update
patches.suse/0001-netfs-Fix-missing-xas_retry-calls-in-xarray-iteratio.patch
(bsc#1213946 CVE-2022-49810 bsc#1242489).
- Update
patches.suse/0037-dm-ioctl-fix-misbehavior-if-list_versions-races-with-module-loading.patch
(git-fixes CVE-2022-49771 bsc#1242686).
- Update
patches.suse/ACPI-APEI-Fix-integer-overflow-in-ghes_estatus_pool_.patch
(git-fixes CVE-2022-49885 bsc#1242735).
- Update
patches.suse/ALSA-hda-fix-potential-memleak-in-add_widget_node.patch
(git-fixes CVE-2022-49835 bsc#1242385).
- Update
patches.suse/ALSA-usb-audio-Drop-snd_BUG_ON-from-snd_usbmidi_outp.patch
(git-fixes CVE-2022-49772 bsc#1242147).
- Update
patches.suse/ASoC-core-Fix-use-after-free-in-snd_soc_exit.patch
(git-fixes CVE-2022-49842 bsc#1242484).
- Update
patches.suse/Bluetooth-L2CAP-Fix-memory-leak-in-vhci_write.patch
(CVE-2022-3619 bsc#1204569 CVE-2022-49908 bsc#1242157).
- Update
patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_r.patch
(CVE-2022-3564 bsc#1206073 CVE-2022-49910 bsc#1242452).
- Update
patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch
(CVE-2022-3640 bsc#1204619 CVE-2022-49909 bsc#1242453).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re-73f7b171b7c0.patch
(git-fixes CVE-2023-53145 bsc#1243047).
- Update
patches.suse/HID-intel-ish-hid-ipc-Fix-potential-use-after-free-i.patch
(git-fixes CVE-2023-53039 bsc#1242745).
- Update
patches.suse/IB-hfi1-Correctly-move-list-in-sc_disable.patch
(git-fixes CVE-2022-49931 bsc#1242382).
- Update
patches.suse/Input-i8042-fix-leaking-of-platform-device-on-module.patch
(git-fixes CVE-2022-49777 bsc#1242232).
- Update
patches.suse/Input-iforce-invert-valid-length-check-when-fetching.patch
(git-fixes CVE-2022-49790 bsc#1242387).
- Update
patches.suse/PCI-s390-Fix-use-after-free-of-PCI-resources-with-pe.patch
(git-fixes CVE-2023-53123 bsc#1242403).
- Update
patches.suse/RDMA-core-Fix-null-ptr-deref-in-ib_core_cleanup.patch
(git-fixes CVE-2022-49925 bsc#1242371).
- Update patches.suse/SUNRPC-Fix-a-server-shutdown-leak.patch
(git-fixes CVE-2023-53131 bsc#1242377).
- Update
patches.suse/SUNRPC-Fix-null-ptr-deref-when-xps-sysfs-alloc-faile.patch
(git-fixes CVE-2022-49928 bsc#1242369).
- Update patches.suse/arm64-entry-avoid-kprobe-recursion.patch
(git-fixes CVE-2022-49888 bsc#1242458).
- Update
patches.suse/ata-libata-transport-fix-double-ata_host_put-in-ata_.patch
(git-fixes CVE-2022-49826 bsc#1242549).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tdev_.patch
(git-fixes CVE-2022-49823 bsc#1242545).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tlink.patch
(git-fixes CVE-2022-49824 bsc#1242547).
- Update
patches.suse/ata-libata-transport-fix-error-handling-in-ata_tport.patch
(git-fixes CVE-2022-49825 bsc#1242548).
- Update
patches.suse/bnxt_en-Avoid-order-5-memory-allocation-for-TPA-data.patch
(jsc#SLE-18978 CVE-2023-53134 bsc#1242380).
- Update
patches.suse/bnxt_en-Fix-possible-crash-in-bnxt_hwrm_set_coal.patch
(git-fixes CVE-2022-49869 bsc#1242158).
- Update
patches.suse/bridge-switchdev-Fix-memory-leaks-when-changing-VLAN.patch
(git-fixes CVE-2022-49812 bsc#1242151).
- Update
patches.suse/ca8210-fix-mac_len-negative-array-access.patch
(git-fixes CVE-2023-53040 bsc#1242746).
- Update
patches.suse/can-af_can-fix-NULL-pointer-dereference-in-can_rx_re.patch
(git-fixes CVE-2022-49863 bsc#1242169).
- Update
patches.suse/can-j1939-j1939_send_one-fix-missing-CAN-header-init.patch
(git-fixes CVE-2022-49845 bsc#1243133).
- Update
patches.suse/capabilities-fix-potential-memleak-on-error-path-fro.patch
(git-fixes CVE-2022-49890 bsc#1242469).
- Update
patches.suse/capabilities-fix-undefined-behavior-in-bit-shift-for.patch
(git-fixes CVE-2022-49870 bsc#1242551).
- Update
patches.suse/ceph-avoid-putting-the-realm-twice-when-decoding-snaps-fails.patch
(bsc#1206051 CVE-2022-49770 bsc#1242597).
- Update
patches.suse/cifs-Fix-connections-leak-when-tlink-setup-failed.patch
(git-fixes CVE-2022-49822 bsc#1242544).
- Update
patches.suse/cifs-fix-use-after-free-bug-in-refresh_cache_worker-.patch
(bsc#1193629 CVE-2023-53052 bsc#1242749).
- Update
patches.suse/dmaengine-mv_xor_v2-Fix-a-resource-leak-in-mv_xor_v2.patch
(git-fixes CVE-2022-49861 bsc#1242580).
- Update
patches.suse/dmaengine-ti-k3-udma-glue-fix-memory-leak-when-regis.patch
(git-fixes CVE-2022-49860 bsc#1242586).
- Update
patches.suse/drm-Fix-potential-null-ptr-deref-in-drm_vblank_destr.patch
(git-fixes CVE-2022-49827 bsc#1242689).
- Update
patches.suse/drm-amd-display-fix-shift-out-of-bounds-in-Calculate.patch
(git-fixes CVE-2023-53077 bsc#1242752).
- Update
patches.suse/drm-amdkfd-Fix-NULL-pointer-dereference-in-svm_migra.patch
(git-fixes CVE-2022-49864 bsc#1242685).
- Update
patches.suse/drm-amdkfd-Fix-an-illegal-memory-access.patch
(git-fixes CVE-2023-53090 bsc#1242753).
- Update
patches.suse/drm-drv-Fix-potential-memory-leak-in-drm_dev_init.patch
(git-fixes CVE-2022-49830 bsc#1242150).
- Update
patches.suse/drm-i915-active-Fix-misuse-of-non-idle-barriers-as-f.patch
(git-fixes CVE-2023-53087 bsc#1242280).
- Update
patches.suse/drm-shmem-helper-Remove-another-errant-put-in-error-.patch
(git-fixes CVE-2023-53084 bsc#1242294).
- Update
patches.suse/ext4-Fix-possible-corruption-when-moving-a-directory.patch
(bsc#1210763 CVE-2023-53137 bsc#1242358).
- Update
patches.suse/ext4-fix-BUG_ON-when-directory-entry-has-invalid-rec.patch
(bsc#1206886 CVE-2022-49879 bsc#1242733).
- Update
patches.suse/ext4-fix-WARNING-in-ext4_update_inline_data.patch
(bsc#1213012 CVE-2023-53100 bsc#1242790).
- Update
patches.suse/ext4-fix-another-off-by-one-fsmap-error-on-1k-block-.patch
(bsc#1210767 CVE-2023-53143 bsc#1242276).
- Update
patches.suse/ext4-fix-task-hung-in-ext4_xattr_delete_inode.patch
(bsc#1213096 CVE-2023-53089 bsc#1242744).
- Update
patches.suse/ext4-fix-warning-in-ext4_da_release_space.patch
(bsc#1206887 CVE-2022-49880 bsc#1242734).
- Update
patches.suse/ext4-update-s_journal_inum-if-it-changes-after-journ.patch
(bsc#1213094 CVE-2023-53091 bsc#1242767).
- Update
patches.suse/ext4-zero-i_disksize-when-initializing-the-bootloade.patch
(bsc#1213013 CVE-2023-53101 bsc#1242791).
- Update
patches.suse/firmware-xilinx-don-t-make-a-sleepable-memory-alloca.patch
(git-fixes CVE-2023-53099 bsc#1242399).
- Update
patches.suse/ftrace-Fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
(git-fixes CVE-2023-53075 bsc#1242218).
- Update
patches.suse/ftrace-Fix-null-pointer-dereference-in-ftrace_add_mod.patch
(git-fixes CVE-2022-49802 bsc#1242270).
- Update
patches.suse/ftrace-Fix-use-after-free-for-dynamic-ftrace_ops.patch
(git-fixes CVE-2022-49892 bsc#1242449).
- Update
patches.suse/gfs2-Check-sb_bsize_shift-after-reading-superblock.patch
(git-fixes CVE-2022-49769 bsc#1242440).
- Update
patches.suse/i2c-piix4-Fix-adapter-not-be-removed-in-piix4_remove.patch
(git-fixes CVE-2022-49900 bsc#1242454).
- Update
patches.suse/i40e-Fix-kernel-crash-during-reboot-when-adapter-is-.patch
(jsc#SLE-18378 CVE-2023-53114 bsc#1242398).
- Update patches.suse/iavf-fix-hang-on-reboot-with-ice.patch
(jsc#SLE-18385 CVE-2023-53064 bsc#1242222).
- Update patches.suse/ibmvnic-Free-rwi-on-reset-success.patch
(bsc#1184350 ltc#191533 git-fixes CVE-2022-49906 bsc#1242464).
- Update
patches.suse/ice-copy-last-block-omitted-in-ice_get_module_eeprom.patch
(git-fixes CVE-2023-53142 bsc#1242282).
- Update
patches.suse/igb-revert-rtnl_lock-that-causes-deadlock.patch
(jsc#SLE-18379 CVE-2023-53060 bsc#1242241).
- Update
patches.suse/iio-adc-at91_adc-fix-possible-memory-leak-in-at91_ad.patch
(git-fixes CVE-2022-49794 bsc#1242392).
- Update
patches.suse/iio-adc-mp2629-fix-potential-array-out-of-bound-acce.patch
(git-fixes CVE-2022-49792 bsc#1242389).
- Update
patches.suse/iio-trigger-sysfs-fix-possible-memory-leak-in-iio_sy.patch
(git-fixes CVE-2022-49793 bsc#1242391).
- Update
patches.suse/interconnect-exynos-fix-node-leak-in-probe-PM-QoS-er.patch
(git-fixes CVE-2023-53092 bsc#1242415).
- Update
patches.suse/interconnect-fix-mem-leak-when-freeing-nodes.patch
(git-fixes CVE-2023-53096 bsc#1242289).
- Update
patches.suse/ipv6-addrlabel-fix-infoleak-when-sending-struct-ifad.patch
(git-fixes CVE-2022-49865 bsc#1242570).
- Update
patches.suse/kprobes-Skip-clearing-aggrprobe-s-post_handler-in-kprobe-on-ftrace-case.patch
(git-fixes CVE-2022-49779 bsc#1242261).
- Update patches.suse/loop-Fix-use-after-free-issues.patch
(bsc#1214991 CVE-2023-53111 bsc#1242428).
- Update
patches.suse/mISDN-fix-misuse-of-put_device-in-mISDN_register_dev.patch
(git-fixes CVE-2022-49818 bsc#1242527).
- Update
patches.suse/mISDN-fix-possible-memory-leak-in-mISDN_dsp_element_.patch
(git-fixes CVE-2022-49821 bsc#1242542).
- Update
patches.suse/mISDN-fix-possible-memory-leak-in-mISDN_register_dev.patch
(git-fixes CVE-2022-49915 bsc#1242409).
- Update
patches.suse/macvlan-enforce-a-consistent-minimal-mtu.patch
(git-fixes CVE-2022-49776 bsc#1242248).
- Update
patches.suse/media-meson-vdec-fix-possible-refcount-leak-in-vdec_.patch
(git-fixes CVE-2022-49887 bsc#1242736).
- Update
patches.suse/media-rc-gpio-ir-recv-add-remove-function.patch
(git-fixes CVE-2023-53098 bsc#1242779).
- Update
patches.suse/misc-vmw_vmci-fix-an-infoleak-in-vmci_host_do_receiv.patch
(git-fixes CVE-2022-49788 bsc#1242353).
- Update
patches.suse/mmc-sdhci-pci-Fix-possible-memory-leak-caused-by-mis.patch
(git-fixes CVE-2022-49787 bsc#1242352).
- Update
patches.suse/msft-hv-2675-HID-hyperv-fix-possible-memory-leak-in-mousevsc_prob.patch
(git-fixes CVE-2022-49874 bsc#1242478).
- Update patches.suse/net-ena-Fix-error-handling-in-ena_init.patch
(git-fixes CVE-2022-49813 bsc#1242497).
- Update patches.suse/net-iucv-Fix-size-of-interrupt-data.patch
(bsc#1211465 git-fixes CVE-2023-53108 bsc#1242422).
- Update
patches.suse/net-macvlan-fix-memory-leaks-of-macvlan_common_newli.patch
(git-fixes CVE-2022-49853 bsc#1242688).
- Update
patches.suse/net-mlx5-E-Switch-Fix-an-Oops-in-error-handling-code.patch
(jsc#SLE-19253 CVE-2023-53058 bsc#1242237).
- Update patches.suse/net-mlx5-Fix-steering-rules-cleanup.patch
(jsc#SLE-19253 CVE-2023-53079 bsc#1242765).
- Update
patches.suse/net-smc-Fix-possible-leaked-pernet-namespace-in-smc_init
(git-fixes CVE-2022-49905 bsc#1242467).
- Update
patches.suse/net-tun-Fix-memory-leaks-of-napi_get_frags.patch
(git-fixes CVE-2022-49871 bsc#1242558).
- Update
patches.suse/net-usb-lan78xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53068 bsc#1242239).
- Update
patches.suse/net-usb-smsc75xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53125 bsc#1242285).
- Update
patches.suse/net-usb-smsc95xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53062 bsc#1242228).
- Update
patches.suse/net-x25-Fix-skb-leak-in-x25_lapb_receive_frame.patch
(git-fixes CVE-2022-49809 bsc#1242402).
- Update
patches.suse/nfc-fdp-Fix-potential-memory-leak-in-fdp_nci_send.patch
(git-fixes CVE-2022-49924 bsc#1242426).
- Update
patches.suse/nfc-fdp-add-null-check-of-devm_kmalloc_array-in-fdp_.patch
(git-fixes CVE-2023-53139 bsc#1242361).
- Update
patches.suse/nfc-nfcmrvl-Fix-potential-memory-leak-in-nfcmrvl_i2c.patch
(git-fixes CVE-2022-49922 bsc#1242378).
- Update
patches.suse/nfc-nxp-nci-Fix-potential-memory-leak-in-nxp_nci_sen.patch
(git-fixes CVE-2022-49923 bsc#1242394).
- Update
patches.suse/nfc-pn533-initialize-struct-pn533_out_arg-properly.patch
(git-fixes CVE-2023-53119 bsc#1242370).
- Update
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990 CVE-2023-53106
bsc#1242215).
- Update
patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch
(git-fixes CVE-2022-49927 bsc#1242416).
- Update
patches.suse/nilfs2-fix-deadlock-in-nilfs_count_free_blocks.patch
(git-fixes CVE-2022-49850 bsc#1242164).
- Update
patches.suse/nilfs2-fix-kernel-infoleak-in-nilfs_ioctl_wrap_copy.patch
(git-fixes CVE-2023-53035 bsc#1242739).
- Update
patches.suse/nilfs2-fix-use-after-free-bug-of-ns_writer-on-remoun.patch
(git-fixes CVE-2022-49834 bsc#1242695).
- Update
patches.suse/nvmet-avoid-potential-UAF-in-nvmet_req_complete.patch
(git-fixes CVE-2023-53116 bsc#1242411).
- Update
patches.suse/nvmet-fix-a-memory-leak-in-nvmet_auth_set_key.patch
(git-fixes CVE-2022-49807 bsc#1242357).
- Update
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch
(bsc#1208542 CVE-2023-53081 bsc#1242281).
- Update
patches.suse/octeontx2-pf-Fix-SQE-threshold-checking.patch
(jsc#SLE-24682 CVE-2022-49858 bsc#1242589).
- Update
patches.suse/perf-core-Fix-perf_output_begin-parameter-is-incorrectly-invoked-in-perf_event_bpf_output.patch
(git fixes CVE-2023-53065 bsc#1242229).
- Update
patches.suse/phy-ralink-mt7621-pci-add-sentinel-to-quirks-table.patch
(git-fixes CVE-2022-49868 bsc#1242550).
- Update
patches.suse/pinctrl-devicetree-fix-null-pointer-dereferencing-in.patch
(git-fixes CVE-2022-49832 bsc#1242154).
- Update
patches.suse/platform-chrome-cros_ec_chardev-fix-kernel-data-leak.patch
(git-fixes CVE-2023-53059 bsc#1242230).
- Update
patches.suse/qed-qed_sriov-guard-against-NULL-derefs-from-qed_iov.patch
(jsc#SLE-19001 CVE-2023-53066 bsc#1242227).
- Update
patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer.patch
(bsc#1204705 CVE-2022-49889 bsc#1242455).
- Update
patches.suse/rose-Fix-NULL-pointer-dereference-in-rose_send_frame.patch
(git-fixes CVE-2022-49916 bsc#1242421).
- Update
patches.suse/scsi-core-Remove-the-proc-scsi-proc_name-directory-earlier.patch
(git-fixes CVE-2023-53140 bsc#1242372).
- Update
patches.suse/scsi-lpfc-Check-kzalloc-in-lpfc_sli4_cgn_params_read.patch
(git-fixes CVE-2023-53038 bsc#1242743).
- Update
patches.suse/scsi-mpt3sas-Fix-NULL-pointer-access-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2023-53124 bsc#1242165).
- Update
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-abort-path.patch
(git-fixes CVE-2023-53041 bsc#1242747).
- Update
patches.suse/scsi-qla2xxx-Synchronize-the-IOCB-count-to-be-in-ord.patch
(bsc#1209292 bsc#1209684 bsc#1209556 CVE-2023-53056
bsc#1242219).
- Update
patches.suse/scsi-scsi_dh_alua-Fix-memleak-for-qdata-in-alua_activate.patch
(git-fixes CVE-2023-53078 bsc#1242231).
- Update
patches.suse/scsi-scsi_transport_sas-Fix-error-handling-in-sas_phy_add.patch
(git-fixes CVE-2022-49839 bsc#1242443).
- Update
patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails
(git-fixes CVE-2022-49789 bsc#1242366).
- Update
patches.suse/serial-imx-Add-missing-.thaw_noirq-hook.patch
(git-fixes CVE-2022-49841 bsc#1242473).
- Update
patches.suse/siox-fix-possible-memory-leak-in-siox_device_add.patch
(git-fixes CVE-2022-49836 bsc#1242355).
- Update
patches.suse/tracing-Do-not-let-histogram-values-have-some-modifiers.patch
(git-fixes CVE-2023-53093 bsc#1242279).
- Update
patches.suse/tracing-Fix-memory-leak-in-test_gen_synth_cmd-and-test_empty_synth_event.patch
(git-fixes CVE-2022-49800 bsc#1242265).
- Update
patches.suse/tracing-Fix-memory-leak-in-tracing_read_pipe.patch
(git-fixes CVE-2022-49801 bsc#1242338).
- Update
patches.suse/tracing-Fix-wild-memory-access-in-register_synth_event.patch
(git-fixes CVE-2022-49799 bsc#1242264).
- Update
patches.suse/tracing-kprobe-Fix-memory-leak-in-test_gen_kprobe-kretprobe_cmd.patch
(git-fixes CVE-2022-49891 bsc#1242456).
- Update
patches.suse/tracing-kprobe-Fix-potential-null-ptr-deref-on-trace_array-in-kprobe_event_gen_test_exit.patch
(git-fixes CVE-2022-49796 bsc#1242305).
- Update
patches.suse/tracing-kprobe-Fix-potential-null-ptr-deref-on-trace_event_file-in-kprobe_event_gen_test_exit.patch
(git-fixes CVE-2022-49797 bsc#1242320).
- Update
patches.suse/udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_e.patch
(bsc#1206649 CVE-2022-49846 bsc#1242716).
- Update
patches.suse/usb-dwc2-fix-a-devres-leak-in-hw_enable-upon-suspend.patch
(git-fixes CVE-2023-53054 bsc#1242226).
- Update
patches.suse/usb-gadget-u_audio-don-t-let-userspace-block-driver-.patch
(git-fixes CVE-2023-53045 bsc#1242756).
- Update
patches.suse/usb-ucsi-Fix-NULL-pointer-deref-in-ucsi_connector_ch.patch
(git-fixes CVE-2023-53049 bsc#1242244).
- Update
patches.suse/wifi-cfg80211-fix-memory-leak-in-query_regdb_file.patch
(git-fixes CVE-2022-49881 bsc#1242481).
- Update
patches.suse/x86-fpu-Drop-fpregs-lock-before-inheriting-FPU-permissions.patch
(bnc#1205282 CVE-2022-49783 bsc#1242312).
- commit b466a4e
- arm64: proton-pack: Add new CPUs 'k' values for branch
mitigation (bsc#1242778).
- commit 288ec51
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged
users (bsc#1242778).
- commit 60765a9
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
(bsc#1242778).
- commit d70f026
- arm64: proton-pack: Expose whether the branchy loop k value
(bsc#1242778).
- commit 22cefaf
- arm64: proton-pack: Expose whether the platform is mitigated
by firmware (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- commit 03c0bf2
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit 335bd7e
- net_sched: sch_sfq: move the limit validation (CVE-2025-37752 bsc#1242504)
- commit 875a484
- Fix reference in "net_sched: sch_sfq: use a temporary work area for validating configuration" (bsc#1242504)
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- commit e3d5b43
- hv_netvsc: Remove rmsg_pgcnt (bsc#1243737).
- hv_netvsc: Preserve contiguous PFN grouping in the page buffer
array (bsc#1243737).
- hv_netvsc: Use vmbus_sendpacket_mpb_desc() to send VMBus
messages (bsc#1243737).
- Drivers: hv: Allow vmbus_sendpacket_mpb_desc() to create
multiple ranges (bsc#1243737).
- commit bb391f9
- nvme-pci: acquire cq_poll_lock in nvme_poll_irqdisable
(bsc#1223096).
- commit b6273ad
- Remove debug flavor (bsc#1243919).
This is only released in Leap, and we don't have Leap 15.4 anymore.
- Remove debug flavor (bsc#1243919).
This is only released in Leap, and we don't have Leap 15.5 anymore.
- commit 30c990a
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE
Useful when someone tries (needs) to build the kernel with clang.
- commit 06918e3
- mptcp: fix NULL pointer in can_accept_new_subflow
(CVE-2025-23145 bsc#1242596).
- mptcp: relax check on MPC passive fallback (CVE-2025-23145
bsc#1242596).
- mptcp: refine opt_mp_capable determination (CVE-2025-23145
bsc#1242596).
- mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req()
(CVE-2025-23145 bsc#1242596).
- mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
(CVE-2025-23145 bsc#1242596).
- mptcp: strict validation before using mp_opt->hmac
(CVE-2025-23145 bsc#1242596).
- mptcp: mptcp_parse_option() fix for MPTCPOPT_MP_JOIN
(CVE-2025-23145 bsc#1242596).
- mptcp: Fix duplicated argument in protocol.h (CVE-2025-23145
bsc#1242596).
- mptcp: consolidate in_opt sub-options fields in a bitmask
(CVE-2025-23145 bsc#1242596).
- mptcp: better binary layout for mptcp_options_received
(CVE-2025-23145 bsc#1242596).
- mptcp: do not set unconditionally csum_reqd on incoming opt
(CVE-2025-23145 bsc#1242596).
- commit 3eef261
- net: make sock_inuse_add() available (CVE-2024-53168
bsc#1234887).
- commit a64cc81
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(CVE-2024-53168 bsc#1234887).
- commit 2087675
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit a56bcbc
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- commit af6a7f8
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit
(bsc#1242778).
- commit 647d41a
- Move upstreamed sched/membarrier patch into sorted section
- commit a44e0ee
- Refresh
patches.suse/ACPI-processor-idle-return-an-error-if-both-P_LVL-2-.patch.
The patch has meanwhile been merged upstream. Add it to the sorted section.
- commit 80e0d9c
- nfsd: make sure exp active before svc_export_show
(CVE-2024-56558 bsc#1235100).
- commit 3fbc559
- netfilter: nft_tunnel: fix geneve_opt type confusion addition
(CVE-2025-22056 bsc#1241525).
- commit ead34ea
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit 5d6f289
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT
(bsc#1234395).
- commit 525cc7d
- net: mana: Add gdma stats to ethtool output for mana
(bsc#1234395).
- Refresh
patches.suse/net-mana-Implement-get_ringparam-set_ringparam-for-m.patch.
- Refresh
patches.suse/net-mana-Improve-mana_set_channels-in-low-mem-condit.patch.
- commit 05681a7
- net :mana :Add remaining GDMA stats for MANA to ethtool
(bsc#1234395).
- commit b4b82f2
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- commit fcdce73
- x86/its: FineIBT-paranoid vs ITS (bsc#1242006 CVE-2024-28956).
- commit 910887a
- x86/its: Fix build errors when CONFIG_MODULES=n (bsc#1242006 CVE-2024-28956).
- commit f09caf9
- x86/its: Use dynamic thunks for indirect branches (bsc#1242006 CVE-2024-28956).
- Refresh
patches.suse/0003-kabi-Add-placeholders-to-a-couple-of-important-struc.patch.
- commit e1c48e2
- x86/alternatives: Remove faulty optimization (bsc#1242006 CVE-2024-28956).
- commit 153c2b8
- x86/alternative: Optimize returns patching (bsc#1242006 CVE-2024-28956).
- Refresh
patches.suse/x86-srso-Fix-return-thunks-in-generated-code.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit 4dc3059
- x86/speculation: Remove the extra #ifdef around CALL_NOSPEC (bsc#1242006 CVE-2024-28956).
- commit 419b05d
- x86/speculation: Add a conditional CS prefix to CALL_NOSPEC (bsc#1242006 CVE-2024-28956).
- commit 2332509
- x86,nospec: Simplify {JMP,CALL}_NOSPEC (bsc#1242006 CVE-2024-28956).
- commit b305ae9
- x86/speculation: Simplify and make CALL_NOSPEC consistent (bsc#1242006 CVE-2024-28956).
- commit e33c4a0
- x86/its: Align RETs in BHB clear sequence to avoid thunking (bsc#1242006 CVE-2024-28956).
- commit fd3adc0
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (bsc#1242006 CVE-2024-28956).
- commit 2ea6e6b
- x86/its: Enable Indirect Target Selection mitigation (bsc#1242006 CVE-2024-28956).
- commit 0653fe9
- x86/its: Add support for ITS-safe return thunk (bsc#1242006 CVE-2024-28956).
- commit 0cc92a6
- x86/its: Add support for ITS-safe indirect thunk (bsc#1242006 CVE-2024-28956).
- Update config files.
- commit 10dd32f
- x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006 CVE-2024-28956).
- commit 28f7216
- tcp: cdg: allow tcp_cdg_release() to be called multiple times (CVE-2022-49775 bsc#1242245)
- commit 1480658
- rpm: Stop using is_kotd_qa macro
This macro is set by bs-upload-kernel, and a conditional in each spec
file is used to determine when to build the spec file.
This logic should not really be in the spec file. Previously this was
done with package links and package meta for the individula links.
However, the use of package links is rejected for packages in git based
release projects (nothing to do with git actually, new policy). An
alternative to package links is multibuild. However, for multibuild
packages package meta cannot be used to set which spec file gets built.
Use prjcon buildflags instead, and remove this conditional. Depends on
bs-upload-kernel adding the build flag.
- commit 9eb8a6f
- kernel-obs-qa: Use srchash for dependency as well
- commit 485ae1d
- ocfs2: fix the issue with discontiguous allocation in the
global_bitmap (git-fixes).
- commit 1773903
- Update
patches.suse/scsi-core-Fix-a-procfs-host-directory-removal-regression.patch
(git-fixes CVE-2023-53118 bsc#1242365).
updated meta-data, adding new CVE and bug references
- commit 87fcd7f
- proc: fix UAF in proc_get_inode() (bsc#1240802 CVE-2025-21999).
- commit 8fb7944
- net: openvswitch: fix nested key length validation in the set()
action (CVE-2025-37789 bsc#1242762).
- commit 52f7543
- check-for-config-changes: Fix flag name typo
- commit 1046b16
- tcp: Dump bound-only sockets in inet_diag (bsc#1204562).
- commit 4ffa357
- netfilter: conntrack: revisit the gc initial rescheduling bias
(CVE-2022-49110 bsc#1237981).
- commit 7e1d902
- netfilter: conntrack: fix the gc rescheduling delay
(CVE-2022-49110 bsc#1237981).
- commit 9cc8bdd
- netfilter: conntrack: revisit gc autotuning (CVE-2022-49110
bsc#1237981).
- commit da48bfa
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1238032 CVE-2022-49139).
- commit 2031355
- watch_queue: fix pipe accounting mismatch (CVE-2025-23138 bsc#1241648).
- commit 789ef85
- 9p/trans_fd: always use O_NONBLOCK read/write (CVE-2022-49767 bsc#1242493).
- commit 9dce75d
- Update
patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch
(git-fixes CVE-2023-53051 bsc#1242284).
- commit 9098844
- Update
patches.suse/can-etas_es58x-es58x_rx_err_msg-fix-memory-leak-in-e.patch
(git-fixes stable-5.14.19 CVE-2021-47671 bsc#1241421).
- commit 855e2af
- Update
patches.suse/cifs-fix-potential-null-pointer-use-in-destroy_workqueue-in-init_ci.patch
(git-fixes CVE-2024-42307 bsc#1229361).
- Update patches.suse/fou-fix-initialization-of-grc.patch
(CVE-2024-46763 bsc#1230764 CVE-2024-46865 bsc#1231103).
- commit 5bc8269
- Require zstd in kernel-default-devel when module compression is zstd
To use ksym-provides tool modules need to be uncompressed.
Without zstd at least kernel-default-base does not have provides.
Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- commit a3262dd
- Revert "exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029"
This reverts commit b68bd5953c15c3c2b21e60fbd6d8a52b0bbb030c.
This turned out to be not an issue. See https://bugzilla.suse.com/show_bug.cgi?id=1241378#c4
- commit d9d19c1
- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
bsc#1241378).
- commit b68bd59
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
(CVE-2025-22045 bsc#1241433).
- commit c4ca325
- ovl: fix use inode directly in rcu-walk mode (bsc#1241900).
- commit a21148c
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (bsc#1241280 CVE-2025-22020).
- commit 0f74fae
- drm/vkms: Fix use after free and double free on init error
(CVE-2025-22097 bsc#1241541).
- commit 02fe040
- jfs: fix slab-out-of-bounds read in ea_get() (bsc#1241625
CVE-2025-39735).
- commit dfc1530
- Test the correct macro to detect RT kernel build
Fixes: 470cd1a41502 ("kernel-binary: Support livepatch_rt with merged RT branch")
- commit 50e863e
- fou: fix initialization of grc (CVE-2024-46763 bsc#1230764).
- commit 3a5d26f
- kernel-source: Also update the search to match bin/env
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit bae6b69
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
Both spellings are actually used
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- commit d9e0b30
- fou: Fix null-ptr-deref in GRO (CVE-2024-46763 bsc#1230764).
- commit 176d11e
- net: fix geneve_opt length integer overflow (CVE-2025-22055
bsc#1241371).
- commit 15ff527
- rpm/kernel-binary.spec.in: Also order against update-bootloader
(boo#1228659, boo#1240785, boo#1241038).
- commit fe0a8c9
- rpm/package-descriptions: Add rt and rt_debug descriptions
- commit 09573c0
- net: atm: fix use after free in lec_send() (CVE-2025-22004
bsc#1240835).
- commit 889e26f
- kABI workaround struct rcu_head and ax25_ptr (CVE-2025-21812
bsc#1238471).
- commit 1d6ea68
- ax25: rcu protect dev->ax25_ptr (CVE-2025-21812 bsc#1238471).
- Refresh patches.kabi/net-ax25_dev-kabi-workaround.patch.
- commit 88b5c8e
- Update patches.suse/Bluetooth-hci_conn-Fix-memory-leaks.patch
(git-fixes CVE-2023-53018 bsc#1240211).
- Update patches.suse/acpi-Fix-suspend-with-Xen-PV.patch
(git-fixes CVE-2023-52994 bsc#1240269).
- Update
patches.suse/bpf-Skip-invalid-kfunc-call-in-backtrack_insn.patch
(bsc#1225903 CVE-2023-52928 bsc#1240248).
- Update
patches.suse/bpf-sockmap-Check-for-any-of-tcp_bpf_prots-when-clon.patch
(git-fixes CVE-2023-52986 bsc#1240306).
- Update
patches.suse/dmaengine-tegra-Fix-memory-leak-in-terminate_all.patch
(git-fixes CVE-2023-53014 bsc#1240295).
- Update
patches.suse/drm-amdkfd-Add-sync-after-creating-vram-bo.patch
(bsc#1206843 CVE-2023-53009 bsc#1240314).
- Update
patches.suse/drm-drm_vma_manager-Add-drm_vma_node_allow_once.patch
(git-fixes CVE-2023-53001 bsc#1240315).
- Update
patches.suse/drm-i915-Avoid-potential-vm-use-after-free.patch
(git-fixes CVE-2023-52931 bsc#1240271).
- Update
patches.suse/drm-i915-Fix-a-memory-leak-with-reused-mmap_offset.patch
(git-fixes CVE-2023-53002 bsc#1240230).
- Update
patches.suse/drm-i915-Fix-request-ref-counting-during-error-captu.patch
(git-fixes CVE-2023-52981 bsc#1240274).
- Update patches.suse/fpga-m10bmc-sec-Fix-probe-rollback.patch
(git-fixes CVE-2022-49745 bsc#1240246).
- Update
patches.suse/fscache-Use-wait_on_bit-to-wait-for-the-freeing-of-re.patch
(bsc#1210409 CVE-2023-52982 bsc#1240214).
- Update
patches.suse/kernel-irq-irqdomain.c-fix-memory-leak-with-using-de.patch
(git-fixes CVE-2023-52936 bsc#1240321).
- Update
patches.suse/msft-hv-2746-HV-hv_balloon-fix-memory-leak-with-using-debugfs_loo.patch
(git-fixes CVE-2023-52937 bsc#1240209).
- Update
patches.suse/powerpc-imc-pmu-Fix-use-of-mutex-in-IRQs-disabled-se.patch
(bsc#1054914 fate#322448 git-fixes CVE-2023-53031 bsc#1240285).
- Update
patches.suse/usb-typec-ucsi-Don-t-attempt-to-resume-the-ports-bef.patch
(git-fixes CVE-2023-52938 bsc#1240228).
- commit 402c01c
- Update
patches.suse/fbdev-smscufx-fix-error-handling-code-in-ufx_usb_pro.patch
(git-fixes CVE-2022-49741 bsc#1240747).
- commit 0c9a431
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785 bsc#1238747)
- commit 2c96a9a
- netfilter: nf_tables: must hold rcu read lock while iterating
object type list (CVE-2022-48933 bsc#1229621).
- netfilter: nf_tables: skip transaction if update object is
not implemented (CVE-2022-48933 bsc#1229621).
- netfilter: nf_tables: NULL pointer dereference in
nf_tables_updobj() (CVE-2022-48933 bsc#1229621).
- commit 176015d
- netfilter: nf_tables: fix memory leak during stateful obj update
(CVE-2022-48933 bsc#1229621).
- commit e34cbe9
- netfilter: xtables: fix typo causing some targets not to load
on IPv6 (CVE-2024-50038 bsc#1231910).
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed
(CVE-2024-50038 bsc#1231910).
- commit 9a939db
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit 50bbf71
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
We now have LD_CAN_USE_KEEP_IN_OVERLAY since commit:
e7607f7d6d81 ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
- commit 7b55ff2
- CIFS: New mount option for cifs.upcall namespace resolution
(CVE-2025-2312 bsc#1239684).
- commit 8fc41d8
- Delete
patches.suse/btrfs-defrag-don-t-use-merged-extent-map-for-their-generat.patch.
- Delete
patches.suse/btrfs-fix-defrag-not-merging-contiguous-extents-due-to-mer.patch.
- Delete
patches.suse/btrfs-fix-extent-map-merging-not-happening-for-adjacent-ex.patch.
Reverting ineffective changes for bsc#1239968 and closing it as WONTFIX.
- commit d7eeedb
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow
a package to inform the order of installation of other package without
hard requiring that package. This means our kernel-binary packages no
longer need to hard require perl-Bootloader or dracut, resolving the
long-commented issue there. This is also needed for udev & systemd-boot
to ensure those packages are installed before being called by dracut
(boo#1228659)
- commit 634be2c
- padata: avoid UAF for reorder_work (CVE-2025-21726 bsc#1238865).
- commit bfab8c2
- Delete patches.suse/tpm-send_data-Wait-longer-for-the-TPM-to-become-read.patch.
To be replaced with upstream fix.
- commit 7f27868
- kernel-binary: Support livepatch_rt with merged RT branch
- commit 470cd1a
- tpm: tis: Double the timeout B to 4s (bsc#1235870).
- commit 69c154b
- tpm, tpm_tis: Workaround failed command reception on Infineon
devices (bsc#1235870).
- commit e15be23
- kABI: Fix kABI after backport od CVE-2025-21839 (bsc#1239061 CVE-2025-21839).
- commit 38fa6d3
- KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (bsc#1239061 CVE-2025-21839).
- commit 325b428
- rpm/check-for-config-changes: ignore DRM_MSM_VALIDATE_XML
This option is dynamically enabled to build-test different configurations.
This makes run_oldconfig.sh complain sporadically for arm64.
- commit 8fbe8b1
- KVM: X86: Set host DR6 only on VMX and for KVM_DEBUGREG_WONT_EXIT (bsc#1239061 CVE-2025-21839).
- commit 8727046
- KVM: X86: Remove unneeded KVM_DEBUGREG_RELOAD (bsc#1239061 CVE-2025-21839).
- commit bbb1715
- net: fix data-races around sk->sk_forward_alloc (CVE-2024-53124
bsc#1234074).
- commit da48f3c
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Always check inode size of inline inodes (bsc#1240207
CVE-2022-49739).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (bsc#1240207
CVE-2022-49739).
- commit a949c3f
- Revert "gfs2: Fix inode height consistency check (git-fixes)."
This reverts commit 935054ab3fe2351d6b7c7a49e49bc57d5ae66ce2.
The revert commit will re-add by bsc#1240207 bug fix
- commit f6fc2e8
- Refresh
patches.suse/blk-throttle-Set-BIO_THROTTLED-when-bio-has-been-throttled.patch.
The original version had a back-port mistake that cause aregression.
- commit fb94b71
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- commit a2f9145
- mm/khugepaged: fix ->anon_vma race (CVE-2023-52935 bsc#1240276).
- commit 6257477
- net: mana: Support holes in device list reply msg (bsc#1240133).
- commit 4d6c8d2
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit 4c491c6
- Update
patches.suse/ALSA-hda-via-Avoid-potential-array-out-of-bound-in-a.patch
(git-fixes CVE-2023-52988 bsc#1240293).
- Update
patches.suse/Bluetooth-Fix-possible-deadlock-in-rfcomm_sk_state_c.patch
(git-fixes CVE-2023-53016 bsc#1240281).
- Update
patches.suse/HID-betop-check-shape-of-output-reports.patch
(git-fixes bsc#1207186 CVE-2023-53015 bsc#1240288).
- Update
patches.suse/NFSD-fix-use-after-free-in-nfsd4_ssc_setup_dul.patch
(git-fixes bsc#1209788 CVE-2023-1652 CVE-2023-53025
bsc#1240264).
- Update
patches.suse/RDMA-core-Fix-ib-block-iterator-counter-overflow.patch
(bsc#1207878 CVE-2023-53026 bsc#1240308).
- Update
patches.suse/Revert-wifi-mac80211-fix-memory-leak-in-ieee80211_if.patch
(git-fixes CVE-2023-53028 bsc#1240212).
- Update
patches.suse/Squashfs-fix-handling-and-sanity-checking-of-xattr_i.patch
(git-fixes CVE-2023-52933 bsc#1240275).
- Update
patches.suse/block-bfq-fix-uaf-for-bfqq-in-bic_set_bfqq-b600.patch
(git-fixes CVE-2023-52983 bsc#1240284).
- Update
patches.suse/bnxt-Do-not-read-past-the-end-of-test-names.patch
(jsc#SLE-18978 CVE-2023-53010 bsc#1240290).
- Update
patches.suse/bpf-Fix-pointer-leak-due-to-insufficient-speculative.patch
(bsc#1231375 CVE-2023-53024 bsc#1240272).
- Update
patches.suse/bpf-Skip-task-with-pid-1-in-send_signal_common.patch
(git-fixes CVE-2023-52992 bsc#1240317).
- Update
patches.suse/can-isotp-split-tx-timer-into-transmission-and-timeo.patch
(git-fixes CVE-2023-52941 bsc#1240280).
- Update
patches.suse/cifs-Fix-oops-due-to-uncleared-server-smbd_conn-in-reconnect.patch
(git-fixes CVE-2023-53006 bsc#1240208).
- Update
patches.suse/cifs-fix-potential-memory-leaks-in-session-setup.patch
(bsc#1193629 CVE-2023-53008 bsc#1240318).
- Update
patches.suse/drm-i915-Fix-potential-bit_17-double-free.patch
(git-fixes CVE-2023-52930 bsc#1240304).
- Update
patches.suse/efi-fix-potential-NULL-deref-in-efi_mem_reserve_pers.patch
(git-fixes CVE-2023-52976 bsc#1240283).
- Update
patches.suse/firewire-fix-memory-leak-for-payload-of-request-suba.patch
(git-fixes CVE-2023-52989 bsc#1240266).
- Update
patches.suse/mm-memcg-fix-NULL-pointer-in-mem_cgroup_track_foreign_dirty_slowpath.patch
(bsc#1209262 CVE-2023-52939 bsc#1240231).
- Update
patches.suse/net-mdio-validate-parameter-addr-in-mdiobus_get_phy.patch
(git-fixes CVE-2023-53019 bsc#1240286).
- Update
patches.suse/net-nfc-Fix-use-after-free-in-local_cleanup.patch
(git-fixes CVE-2023-53023 bsc#1240309).
- Update
patches.suse/net-phy-dp83822-Fix-null-pointer-access-on-DP83825-D.patch
(git-fixes CVE-2023-52984 bsc#1240279).
- Update
patches.suse/netfilter-nft_payload-incorrect-arithmetics-when-fet.patch
(CVE-2023-0179 bsc#1207034 CVE-2023-53033 bsc#1240210).
- Update
patches.suse/netlink-prevent-potential-spectre-v1-gadgets.patch
(bsc#1209547 CVE-2017-5753 CVE-2023-53000 bsc#1240227).
- Update
patches.suse/octeontx2-pf-Avoid-use-of-GFP_KERNEL-in-atomic-conte.patch
(git-fixes CVE-2023-53030 bsc#1240292).
- Update
patches.suse/octeontx2-pf-Fix-the-use-of-GFP_KERNEL-in-atomic-con.patch
(git-fixes CVE-2023-53029 bsc#1240220).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-login-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-2162 bsc#1210647 CVE-2023-52974
bsc#1240213).
- Update
patches.suse/scsi-iscsi_tcp-Fix-UAF-during-logout-when-accessing-the-shost-ipaddress.patch
(git-fixes CVE-2023-52975 bsc#1240322).
- Update
patches.suse/squashfs-harden-sanity-check-in-squashfs_read_xattr_.patch
(git-fixes CVE-2023-52979 bsc#1240282).
- Update
patches.suse/trace_events_hist-add-check-for-return-value-of-create_hist_field.patch
(git-fixes CVE-2023-53005 bsc#1240278).
- Update
patches.suse/tracing-Make-sure-trace_printk-can-output-as-soon-as-it-can-be-used.patch
(git-fixes CVE-2023-53007 bsc#1240229).
- Update
patches.suse/vc_screen-move-load-of-struct-vc_data-pointer-in-vcs.patch
(git-fixes bsc#1213167 CVE-2023-3567 CVE-2023-52973
bsc#1240218).
- Update
patches.suse/x86-i8259-Mark-legacy-PIC-interrupts-with-IRQ_LEVEL.patch
(git-fixes CVE-2023-52993 bsc#1240297).
- commit f69d55e
- Update
patches.suse/VMCI-Use-threaded-irqs-instead-of-tasklets.patch
(git-fixes CVE-2022-49759 bsc#1240245).
- Update
patches.suse/dmaengine-Fix-double-increment-of-client_count-in-dm.patch
(git-fixes CVE-2022-49753 bsc#1240250).
- Update
patches.suse/dmaengine-imx-sdma-Fix-a-possible-memory-leak-in-sdm.patch
(git-fixes CVE-2022-49746 bsc#1240242).
- Update
patches.suse/perf-x86-amd-fix-potential-integer-overflow-on-shift-of-a-int.patch
(git fixes CVE-2022-49748 bsc#1240256).
- Update
patches.suse/usb-gadget-f_fs-Prevent-race-during-ffs_ep0_queue_wa.patch
(git-fixes CVE-2022-49755 bsc#1240247).
- Update
patches.suse/w1-fix-WARNING-after-calling-w1_process.patch
(git-fixes CVE-2022-49751 bsc#1240254).
- commit 67615b0
- Update
patches.suse/can-j1939-fix-errant-WARN_ON_ONCE-in-j1939_session_d.patch
(git-fixes CVE-2021-4454 bsc#1240205).
- commit 3ad7432
- fix series.conf - missing patch
- commit 020a0ef
- can: hi311x: hi3110_can_ist(): fix potential use-after-free
(CVE-2024-56651 bsc#1235528).
- commit c9a4975
- smb: client: do not start laundromat thread on nohandlecache
(git-fixes).
- Refresh
patches.suse/smb-client-disable-directory-caching-when-dir_cache_timeout-is-zer.patch.
- commit 3ce73cd
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- commit 5919b00
- smb3: do not start laundromat thread when dir leases disabled
(git-fixes).
- Refresh
patches.suse/smb-Don-t-leak-cfid-when-reconnect-races-with-open_cached_dir.patch.
- Refresh
patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
- Refresh
patches.suse/smb-client-make-laundromat-a-delayed-worker.patch.
- commit 6f304f5
- cifs: fix potential null pointer use in destroy_workqueue in
init_cifs error path (git-fixes).
- Refresh
patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
- commit 4e039a9
- smb: client: disable directory caching when dir_cache_timeout
is zero (git-fixes).
- commit 96fe0fe
- btrfs: send: fix invalid clone operation for file that got
its size decreased (bsc#1239969).
- btrfs: send: allow cloning non-aligned extent if it ends at
i_size (bsc#1239969).
- commit 7f72133
- smb3: allow controlling length of time directory entries are
cached with dir leases (git-fixes).
- commit 6b79659
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986)
sle_version was obsoleted for SLE16. It has to be combined with
suse_version check.
- commit cbd5de3
- btrfs: fix defrag not merging contiguous extents due to merged
extent maps (bsc#1239968).
- btrfs: fix extent map merging not happening for adjacent extents
(bsc#1239968).
- btrfs: defrag: don't use merged extent map for their generation
check (bsc#1239968).
- commit b8a7082
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 91cd32f
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- RDMA/mana_ib: Use v2 version of cfg_rx_steer_req to enable RX
coalescing (bsc#1239016).
- commit 6bdf0de
- scsi: target: tcmu: Fix possible page UAF (CVE-2022-49053
bsc#1237918).
- commit 31de519
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit 98d777f
- smb: Don't leak cfid when reconnect races with open_cached_dir
(bsc#1234895, CVE-2024-53178).
- Refresh
patches.suse/smb-During-unmount-ensure-all-cached-dir-instances-drop-their-dent.patch.
- commit d202cd3
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 2ba6fb9
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit a35b49f
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 2a858ad
- partitions: mac: fix handling of bogus partition table
(CVE-2025-21772 bsc#1238911).
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
(CVE-2022-49465 bsc#1238919).
- commit 0fbb2d1
- smb: During unmount, ensure all cached dir instances drop
their dentry (bsc#1234894, CVE-2024-53176).
- commit 71772d4
- smb3: retrying on failed server close (git-fixes).
- commit d7501d0
- smb: client: make laundromat a delayed worker (git-fixes).
- commit 396eac9
- cifs: Add a laundromat thread for cached directories
(git-fixes).
- commit f8af923
- Update
patches.suse/0011-drm-omap-fix-NULL-but-dereferenced-coccicheck-error.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49510 bsc#1237799).
- Update
patches.suse/0068-fbdev-defio-fix-the-pagelist-corruption.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49511 bsc#1238551).
- Update
patches.suse/0499-drm-amd-display-Call-dc_stream_release-for-remove-li.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49233 bsc#1238341).
- Update
patches.suse/0517-drm-amdkfd-svm-range-restore-work-deadlock-when-proc.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49133 bsc#1237972).
- Update
patches.suse/0655-drm-amdgpu-pm-fix-the-null-pointer-while-the-smu-is-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49529 bsc#1238941).
- Update
patches.suse/0658-drm-amd-pm-fix-double-free-in-si_parse_power_table.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49530 bsc#1238944).
- Update
patches.suse/0829-drm-v3d-Fix-null-pointer-dereference-of-pointer-perf.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49485 bsc#1238114).
- Update
patches.suse/1009-drm-sprd-fix-potential-NULL-dereference.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49125 bsc#1237927).
- Update
patches.suse/1195-drm-msm-Fix-null-pointer-dereferences-without-iommu.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49499 bsc#1238261).
- Update
patches.suse/1198-drm-msm-disp-dpu1-avoid-clearing-hw-interrupts-if-hw.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49483 bsc#1238179).
- Update
patches.suse/1415-drm-amd-display-Fix-double-free-during-GPU-reset-on-.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49203 bsc#1238422).
- Update
patches.suse/1521-drm-panel-ili9341-fix-optional-regulator-handling.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49071 bsc#1238025).
- Update
patches.suse/1553-fbdev-Fix-unregistering-of-framebuffers-without-devi.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49070 bsc#1237749).
- Update
patches.suse/1614-drm-msm-don-t-free-the-IRQ-if-it-was-not-requested.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49458 bsc#1238810).
- Update
patches.suse/1643-video-fbdev-vesafb-Fix-a-use-after-free-due-early-fb.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49419 bsc#1237820).
- Update
patches.suse/1683-drm-amdgpu-Off-by-one-in-dm_dmub_outbox1_low_irq.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49365 bsc#1238661).
- Update
patches.suse/1744-drm-panfrost-Job-should-reference-MMU-not-file_priv.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49359 bsc#1238291).
- Update
patches.suse/1859-drm-i915-selftests-fix-subtraction-overflow-bug.patch
(jsc#PED-1166 jsc#PED-1168 jsc#PED-1170 jsc#PED-1218
jsc#PED-1220 jsc#PED-1222 jsc#PED-1223 jsc#PED-1225
CVE-2022-49635 bsc#1238806).
- Update patches.suse/ALSA-jack-Access-input_dev-under-mutex.patch
(git-fixes CVE-2022-49538 bsc#1238843).
- Update
patches.suse/ASoC-SOF-ipc3-topology-Correct-get_control_data-for-.patch
(jsc#PED-850 CVE-2022-49518 bsc#1238942).
- Update
patches.suse/Bluetooth-btmtksdio-fix-use-after-free-at-btmtksdio_.patch
(jsc#PED-1407 CVE-2022-49470 bsc#1237809).
- Update
patches.suse/Bluetooth-fix-null-ptr-deref-on-hci_sync_conn_comple-3afee211.patch
(jsc#PED-1407 CVE-2022-49139 bsc#1238032).
- Update
patches.suse/Bluetooth-hci_event-Ignore-multiple-conn-complete-ev-d5ebaa7c.patch
(jsc#PED-1407 CVE-2022-49138 bsc#1238160).
- Update
patches.suse/Bluetooth-hci_sync-Fix-queuing-commands-when-HCI_UNR-0b94f265.patch
(jsc#PED-1407 CVE-2022-49136 bsc#1238153).
- Update
patches.suse/Bluetooth-hci_uart-add-missing-NULL-check-in-h5_enqu-32cb08e9.patch
(jsc#PED-1407 CVE-2022-49202 bsc#1238084).
- Update
patches.suse/NFSD-Fix-potential-use-after-free-in-nfsd_file_put.patch
(git-fixes CVE-2022-49362 bsc#1237792).
- Update
patches.suse/ath11k-Change-max-no-of-active-probe-SSID-and-BSSID-.patch
(bsc#1206451 CVE-2022-49533 bsc#1238222).
- Update
patches.suse/ath11k-Fix-frames-flush-failure-caused-by-deadlock.patch
(bsc#1206451 CVE-2022-49123 bsc#1237980).
- Update
patches.suse/ath11k-add-missing-of_node_put-to-avoid-leak.patch
(bsc#1206451 CVE-2022-49237 bsc#1237794).
- Update
patches.suse/ath11k-fix-the-warning-of-dev_wake-in-mhi_pm_disable.patch
(bsc#1206451 CVE-2022-49543 bsc#1238178).
- Update
patches.suse/ath11k-free-peer-for-station-when-disconnect-from-AP.patch
(bsc#1206451 CVE-2022-49238 bsc#1238118).
- Update
patches.suse/blk-throttle-Set-BIO_THROTTLED-when-bio-has-been-thr.patch
(jsc#PED-1183 CVE-2022-49465 bsc#1238919).
- Update
patches.suse/block-Fix-potential-deadlock-in-blk_ia_range_sysfs_s.patch
(jsc#PED-1183 CVE-2022-49406 bsc#1238226).
- Update
patches.suse/block-disable-the-elevator-int-del_gendisk.patch
(jsc#PED-1183 CVE-2022-49694 bsc#1238221).
- Update
patches.suse/block-null_blk-end-timed-out-poll-request.patch
(jsc#PED-1183 CVE-2022-49057 bsc#1238005).
- Update
patches.suse/bpf-Fix-a-btf-decl_tag-bug-when-tagging-a-function.patch
(jsc#PED-1377 CVE-2022-49228 bsc#1238344).
- Update
patches.suse/bpf-Fix-combination-of-jit-blinding-and-pointers-to-.patch
(jsc#PED-1377 CVE-2022-49552 bsc#1238649).
- Update
patches.suse/bpf-Fix-insufficient-bounds-propagation-from-adjust_.patch
(jsc#PED-1377 CVE-2022-49658 bsc#1238803).
- Update
patches.suse/bpf-Fix-potential-array-overflow-in-bpf_trampoline_g.patch
(jsc#PED-1377 CVE-2022-49548 bsc#1238648).
- Update
patches.suse/bpf-Fix-request_sock-leak-in-sk-lookup-helpers.patch
(jsc#PED-1377 CVE-2022-49697 bsc#1238820).
- Update
patches.suse/bpf-sockmap-Fix-double-uncharge-the-mem-of-sk_msg.patch
(jsc#PED-1377 CVE-2022-49205 bsc#1238335).
- Update
patches.suse/bpf-sockmap-Fix-memleak-in-sk_psock_queue_msg.patch
(jsc#PED-1377 CVE-2022-49207 bsc#1237962).
- Update
patches.suse/bpf-sockmap-Fix-memleak-in-tcp_bpf_sendmsg-while-sk-.patch
(jsc#PED-1377 CVE-2022-49209 bsc#1238252).
- Update
patches.suse/bpf-sockmap-Fix-more-uncharged-while-msg-has-more_da.patch
(jsc#PED-1377 CVE-2022-49204 bsc#1238240).
- Update
patches.suse/btrfs-fix-qgroup-reserve-overflow-the-qgroup-limit.patch
(git-fixes CVE-2022-49075 bsc#1237733).
- Update
patches.suse/cachefiles-Fix-KASAN-slab-out-of-bounds-in-cachefiles_set_volume_xattr.patch
(jsc#SES-1880 CVE-2022-49062 bsc#1237730).
- Update
patches.suse/cachefiles-unmark-inode-in-use-in-error-path.patch
(jsc#SES-1880 CVE-2022-49064 bsc#1237744).
- Update
patches.suse/ceph-fix-possible-deadlock-when-holding-Fwb-to-get-inline_data.patch
(jsc#SES-1880 CVE-2022-49296 bsc#1238187).
- Update
patches.suse/drivers-ethernet-cpsw-fix-panic-when-interrupt-coale.patch
(CVE-2021-47517 bsc#1225428 CVE-2022-49192 bsc#1237790).
- Update patches.suse/exfat-check-if-cluster-num-is-valid.patch
(git-fixes CVE-2022-49560 bsc#1238616).
- Update patches.suse/fscache-Fix-invalidation-lookup-race.patch
(jsc#SES-1880 CVE-2022-49655 bsc#1238122).
- Update patches.suse/ice-always-check-VF-VSI-pointer-values.patch
(jsc#PED-376 CVE-2022-49516 bsc#1238953).
- Update patches.suse/icmp-Fix-data-races-around-sysctl.patch
(CVE-2024-47678 bsc#1231854 git-fixes CVE-2022-49638
bsc#1238613).
- Update
patches.suse/io_uring-abort-file-assignment-prior-to-assigning-cr.patch
(bsc#1205205 CVE-2022-49056 bsc#1238004).
- Update
patches.suse/io_uring-fix-memory-leak-of-uid-in-files-registratio.patch
(bsc#1205205 CVE-2022-49144 bsc#1238009).
- Update patches.suse/macsec-fix-UAF-bug-for-real_dev.patch
(jsc#PED-1549 CVE-2022-49390 bsc#1238233).
- Update
patches.suse/memstick-mspro_block-fix-handling-of-read-only-devic.patch
(jsc#PED-1183 CVE-2022-49178 bsc#1238107).
- Update
patches.suse/mlxsw-spectrum-Guard-against-invalid-local-ports.patch
(jsc#PED-1549 CVE-2022-49134 bsc#1237982).
- Update
patches.suse/mt76-fix-tx-status-related-use-after-free-race-on-st.patch
(bsc#1209980 CVE-2022-49479 bsc#1238285).
- Update
patches.suse/mt76-mt7915-fix-possible-NULL-pointer-dereference-in.patch
(git-fixes CVE-2022-49484 bsc#1238424).
- Update
patches.suse/mt76-mt7915-fix-possible-memory-leak-in-mt7915_mcu_a.patch
(bsc#1209980 CVE-2022-49230 bsc#1238086).
- Update
patches.suse/mt76-mt7921-fix-kernel-crash-at-mt7921_pci_remove.patch
(git-fixes CVE-2022-49476 bsc#1238048).
- Update
patches.suse/mt76-mt7921s-fix-a-possible-memory-leak-in-mt7921_lo.patch
(bsc#1209980 CVE-2022-49225 bsc#1238085).
- Update
patches.suse/net-atlantic-remove-aq_nic_deinit-when-resume.patch
(jsc#PED-1530 CVE-2022-49624 bsc#1238128).
- Update
patches.suse/net-fix-removing-a-namespace-with-conflicting-altnam.patch
(bsc#1233749 CVE-2024-26634 bsc#1221651).
- Update
patches.suse/net-mlx5-E-Switch-pair-only-capable-devices.patch
(jsc#PED-1549 CVE-2022-49333 bsc#1238401).
- Update
patches.suse/net-mlx5e-CT-Fix-cleanup-of-CT-before-cleanup-of-TC-.patch
(jsc#PED-1549 CVE-2022-49338 bsc#1238300).
- Update
patches.suse/net-remove-two-BUG-from-skb_checksum_help.patch
(bsc#1229312 CVE-2022-49497 bsc#1238946).
- Update
patches.suse/net-sched-act_ct-fix-ref-leak-when-switching-zones.patch
(bsc#1207361 CVE-2022-49183 bsc#1238083).
- Update
patches.suse/nvdimm-Fix-firmware-activation-deadlock-scenarios-e682.patch
(git-fixes CVE-2022-49446 bsc#1238822).
- Update
patches.suse/perf-x86-intel-lbr-Fix-unchecked-MSR-access-error-on-HSW.patch
(git fixes CVE-2022-49565 bsc#1238542).
- Update
patches.suse/powerpc-papr_scm-Fix-leaking-nvdimm_events_map-eleme.patch
(jsc#PED-557 CVE-2022-49436 bsc#1237816).
- Update
patches.suse/powerpc-papr_scm-don-t-requests-stats-with-0-sized-s.patch
(jsc#PED-1925 CVE-2022-49353 bsc#1238385).
- Update
patches.suse/sock-redo-the-psock-vs-ULP-protection-check.patch
(jsc#PED-1377 CVE-2022-49732 bsc#1237928).
- Update
patches.suse/tcp-add-accessors-to-read-set-tp-snd_cwnd.patch
(jsc#PED-1377 CVE-2022-49325 bsc#1238398).
- Update
patches.suse/tcp-fix-tcp_mtup_probe_success-vs-wrong-snd_cwnd.patch
(bsc#1218450 CVE-2022-49330 bsc#1238378).
- Update
patches.suse/usb-dwc3-host-Stop-setting-the-ACPI-companion.patch
(jsc#PED-1817 CVE-2022-49306 bsc#1238658).
- Update
patches.suse/usb-gadget-uvc-fix-list-double-add-in-uvcg_video_pum.patch
(git-fixes CVE-2022-49686 bsc#1238552).
- Update
patches.suse/vduse-Fix-NULL-pointer-dereference-on-sysfs-access.patch
(jsc#PED-1549 CVE-2022-49329 bsc#1238069).
- Update
patches.suse/vfio-pci-fix-memory-leak-during-D3hot-to-D0-transition
(bsc#1205701 CVE-2022-49219 bsc#1237992).
- Update patches.suse/xsk-Fix-race-at-socket-teardown.patch
(jsc#PED-1377 CVE-2022-49215 bsc#1238329).
- commit 2e81119
- Update
patches.suse/dmaengine-qcom-bam_dma-fix-runtime-PM-underflow.patch
(git-fixes CVE-2022-49650 bsc#1239452).
- Update
patches.suse/netfilter-nf_tables-initialize-registers-in-nft_do_c.patch
(CVE-2022-1016 bsc#1197227 CVE-2022-49293 bsc#1239454).
- commit 320b3f1
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(bsc#1237903 CVE-2022-49051).
Added CVE reference
- commit 3c47ace
- drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() (bsc#1239115 CVE-2025-21780)
- commit 698625c
- Bluetooth: MGMT: Fix slab-use-after-free Read in
mgmt_remove_adv_monitor_sync (bsc#1239095 CVE-2024-58013).
- commit b147dd9
- Update
patches.suse/0001-be2net-Fix-buffer-overflow-in-be_get_module_eeprom.patch
(bsc#1201323 CVE-2022-49581 bsc#1238540).
- Update
patches.suse/0004-dm-fix-use-after-free-in-dm_cleanup_zoned_dev.patch
(git-fixes CVE-2022-49270 bsc#1238459).
- Update
patches.suse/0005-drm-mediatek-Add-vblank-register-unregister-callback.patch
(bsc#1190768 CVE-2022-49506 bsc#1238804).
- Update
patches.suse/0006-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch
(git-fixes CVE-2022-49044 bsc#1237840).
- Update patches.suse/0009-block-bfq-don-t-move-oom_bfqq.patch
(git-fixes CVE-2022-49179 bsc#1238092).
- Update
patches.suse/0010-bfq-fix-use-after-free-in-bfq_dispatch_request.patch
(git-fixes CVE-2022-49176 bsc#1238097).
- Update
patches.suse/0011-dm-raid-fix-accesses-beyond-end-of-raid-member-array.patch
(git-fixes CVE-2022-49674 bsc#1239041).
- Update
patches.suse/0012-dm-ioctl-prevent-potential-spectre-v1-gadget.patch
(git-fixes CVE-2022-49122 bsc#1237983).
- Update
patches.suse/0014-drm-dp-Fix-OOB-read-when-handling-Post-Cursor2-regis.patch
(bsc#1190786 CVE-2022-49218 bsc#1237785).
- Update
patches.suse/0015-bcache-avoid-journal-no-space-deadlock-by-reserving-.patch
(git-fixes CVE-2022-49327 bsc#1238662).
- Update
patches.suse/0017-nbd-call-genl_unregister_family-first-in-nbd_cleanup.patch
(git-fixes CVE-2022-49295 bsc#1238707).
- Update
patches.suse/0018-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch
(git-fixes CVE-2022-49710 bsc#1238417).
- Update
patches.suse/0018-nbd-fix-race-between-nbd_alloc_config-and-module-removal.patch
(git-fixes CVE-2022-49300 bsc#1238183).
- Update
patches.suse/0019-block-Fix-handling-of-offline-queues-in-blk_mq_alloc.patch
(git-fixes CVE-2022-49720 bsc#1238281).
- Update
patches.suse/0019-nbd-fix-io-hung-while-disconnecting-device.patch
(git-fixes CVE-2022-49297 bsc#1238469).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_atomic_open_dot.patch
(git-fixes CVE-2022-49705 bsc#1237990).
- Update
patches.suse/9p-fix-fid-refcount-leak-in-v9fs_vfs_get_link.patch
(git-fixes CVE-2022-49704 bsc#1237780).
- Update
patches.suse/ACPI-CPPC-Avoid-out-of-bounds-access-when-parsing-_C.patch
(git-fixes CVE-2022-49145 bsc#1238162).
- Update
patches.suse/ALSA-firewire-lib-fix-uninitialized-flag-for-AV-C-de.patch
(git-fixes CVE-2022-49248 bsc#1238284).
- Update
patches.suse/ALSA-oss-Fix-PCM-OSS-buffer-allocation-overflow.patch
(git-fixes CVE-2022-49292 bsc#1238625).
- Update
patches.suse/ALSA-pcm-Check-for-null-pointer-of-pointer-substream.patch
(git-fixes CVE-2022-49498 bsc#1238825).
- Update
patches.suse/ALSA-pcm-Fix-potential-AB-BA-lock-with-buffer_mutex-.patch
(CVE-2022-1048 bsc#1197331 CVE-2022-49272 bsc#1238272).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-hw_params-and-hw.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49291
bsc#1238705).
- Update
patches.suse/ALSA-pcm-Fix-races-among-concurrent-prealloc-proc-wr.patch
(CVE-2022-1048 bsc#1197331 git-fixes CVE-2022-49288
bsc#1238271).
- Update
patches.suse/ALSA-pcm-oss-Fix-race-at-SNDCTL_DSP_SYNC.patch
(CVE-2022-3303 bsc#1203769 git-fixes CVE-2022-49733
bsc#1238454).
- Update
patches.suse/ALSA-usb-audio-Cancel-pending-work-at-closing-a-MIDI.patch
(git-fixes CVE-2022-49545 bsc#1238729).
- Update
patches.suse/ARM-Fix-refcount-leak-in-axxia_boot_secondary.patch
(git-fixes CVE-2022-49679 bsc#1238418).
- Update
patches.suse/ARM-cns3xxx-Fix-refcount-leak-in-cns3xxx_init.patch
(git-fixes CVE-2022-49677 bsc#1238601).
- Update
patches.suse/ARM-exynos-Fix-refcount-leak-in-exynos_map_pmu.patch
(git-fixes CVE-2022-49680 bsc#1238415).
- Update
patches.suse/ARM-hisi-Add-missing-of_node_put-after-of_find_compa.patch
(git-fixes CVE-2022-49447 bsc#1238956).
- Update
patches.suse/ARM-meson-Fix-refcount-leak-in-meson_smp_prepare_cpu.patch
(git-fixes CVE-2022-49656 bsc#1237812).
- Update
patches.suse/ASoC-Intel-sof_sdw-handle-errors-on-card-registratio.patch
(git-fixes CVE-2022-49617 bsc#1238902).
- Update
patches.suse/ASoC-SOF-Intel-Fix-NULL-ptr-dereference-when-ENOMEM.patch
(git-fixes CVE-2022-49268 bsc#1238090).
- Update
patches.suse/ASoC-atmel-Add-missing-of_node_put-in-at91sam9g20ek_.patch
(git-fixes CVE-2022-49243 bsc#1238337).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-sam9x5_wm8731_drive.patch
(git-fixes CVE-2022-49241 bsc#1238116).
- Update
patches.suse/ASoC-atmel-Fix-error-handling-in-snd_proto_probe.patch
(git-fixes CVE-2022-49246 bsc#1238302).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49252 bsc#1237787).
- Update
patches.suse/ASoC-codecs-rx-macro-fix-accessing-compander-for-aux.patch
(git-fixes CVE-2022-49250 bsc#1238389).
- Update
patches.suse/ASoC-codecs-va-macro-fix-accessing-array-out-of-boun.patch
(git-fixes CVE-2022-49251 bsc#1237835).
- Update
patches.suse/ASoC-codecs-wc938x-fix-accessing-array-out-of-bounds.patch
(git-fixes CVE-2022-49249 bsc#1238339).
- Update
patches.suse/ASoC-codecs-wcd934x-Add-missing-of_node_put-in-wcd93.patch
(git-fixes CVE-2022-49239 bsc#1238334).
- Update
patches.suse/ASoC-cs35l41-Fix-an-out-of-bounds-access-in-otp_pack.patch
(bsc#1203699 CVE-2022-49515 bsc#1237817).
- Update
patches.suse/ASoC-fsl-Fix-refcount-leak-in-imx_sgtl5000_probe.patch
(git-fixes CVE-2022-49486 bsc#1237946).
- Update
patches.suse/ASoC-imx-hdmi-Fix-refcount-leak-in-imx_hdmi_probe.patch
(git-fixes CVE-2022-49480 bsc#1238799).
- Update
patches.suse/ASoC-mediatek-Fix-error-handling-in-mt8173_max98090_.patch
(git-fixes CVE-2022-49514 bsc#1238429).
- Update
patches.suse/ASoC-mediatek-Fix-missing-of_node_put-in-mt2701_wm89.patch
(git-fixes CVE-2022-49517 bsc#1237996).
- Update
patches.suse/ASoC-mediatek-mt8192-mt6359-Fix-error-handling-in-mt.patch
(git-fixes CVE-2022-49244 bsc#1238176).
- Update
patches.suse/ASoC-mxs-Fix-error-handling-in-mxs_sgtl5000_probe.patch
(git-fixes CVE-2022-49242 bsc#1238126).
- Update
patches.suse/ASoC-mxs-saif-Fix-refcount-leak-in-mxs_saif_probe.patch
(git-fixes CVE-2022-49482 bsc#1238543).
- Update
patches.suse/ASoC-rt5645-Fix-errorenous-cleanup-order.patch
(git-fixes CVE-2022-49493 bsc#1238939).
- Update
patches.suse/ASoC-rt7-sdw-harden-jack_detect_handler.patch
(git-fixes CVE-2022-49616 bsc#1238898).
- Update
patches.suse/ASoC-rt711-sdca-fix-kernel-NULL-pointer-dereference-.patch
(git-fixes CVE-2022-49615 bsc#1238897).
- Update
patches.suse/ASoC-samsung-Fix-refcount-leak-in-aries_audio_probe.patch
(git-fixes CVE-2022-49477 bsc#1238295).
- Update
patches.suse/ASoC-ti-j721e-evm-Fix-refcount-leak-in-j721e_soc_pro.patch
(git-fixes CVE-2022-49473 bsc#1238135).
- Update
patches.suse/Bluetooth-Fix-use-after-free-in-hci_send_acl.patch
(git-fixes CVE-2022-49111 bsc#1237984).
- Update
patches.suse/Bluetooth-btmtksdio-Fix-kernel-oops-in-btmtksdio_int.patch
(git-fixes CVE-2022-49200 bsc#1237958).
- Update
patches.suse/Bluetooth-fix-dangling-sco_conn-and-use-after-free-i.patch
(git-fixes CVE-2022-49474 bsc#1238071).
- Update
patches.suse/Bluetooth-hci_qca-Use-del_timer_sync-before-freeing.patch
(git-fixes CVE-2022-49555 bsc#1238231).
- Update
patches.suse/Bluetooth-use-memset-avoid-memory-leaks.patch
(git-fixes CVE-2022-49116 bsc#1237922).
- Update
patches.suse/HID-elan-Fix-potential-double-free-in-elan_input_con.patch
(git-fixes CVE-2022-49508 bsc#1237940).
- Update
patches.suse/IB-rdmavt-add-lock-to-call-to-rvt_error_qp-to-preven.patch
(git-fixes CVE-2022-49089 bsc#1238041).
- Update
patches.suse/Input-gpio-keys-cancel-delayed-work-only-in-case-of-.patch
(git-fixes CVE-2022-49430 bsc#1238870).
- Update
patches.suse/Input-sparcspkr-fix-refcount-leak-in-bbc_beep_probe.patch
(git-fixes CVE-2022-49438 bsc#1238242).
- Update patches.suse/KVM-Don-t-null-dereference-ops-destroy.patch
(git-fixes CVE-2022-49568 bsc#1238792).
- Update
patches.suse/KVM-SVM-Use-kzalloc-for-sev-ioctl-interfaces-to-prev.patch
(git-fixes CVE-2022-49556 bsc#1238134).
- Update
patches.suse/KVM-SVM-fix-panic-on-out-of-bounds-guest-IRQ.patch
(git-fixes CVE-2022-49154 bsc#1238167).
- Update
patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49610
bsc#1238952).
- Update
patches.suse/KVM-x86-Drop-WARNs-that-assert-a-triple-fault-never-.patch
(git-fixes CVE-2022-49559 bsc#1237942).
- Update
patches.suse/KVM-x86-Use-__try_cmpxchg_user-to-update-guest-PTE-A.patch
(git-fixes CVE-2022-49562 bsc#1238309).
- Update
patches.suse/LSM-general-protection-fault-in-legacy_parse_param.patch
(git-fixes CVE-2022-49180 bsc#1238110).
- Update
patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch
(git-fixes CVE-2022-49505 bsc#1238615).
- Update
patches.suse/NFS-Avoid-writeback-threads-getting-stuck-in-mempool.patch
(git-fixes CVE-2022-49097 bsc#1237729).
- Update
patches.suse/NFSD-prevent-integer-overflow-on-32-bit-systems.patch
(git-fixes CVE-2022-49279 bsc#1238655).
- Update
patches.suse/NFSD-prevent-underflow-in-nfssvc_decode_writeargs.patch
(git-fixes CVE-2022-49280 bsc#1238630).
- Update
patches.suse/NFSv4-Don-t-hold-the-layoutget-locks-across-multiple.patch
(git-fixes CVE-2022-49316 bsc#1238386).
- Update
patches.suse/NFSv4-Fix-free-of-uninitialized-nfs4_label-on-referr.patch
(git-fixes CVE-2022-49418 bsc#1238878).
- Update
patches.suse/NFSv4.2-fix-reference-count-leaks-in-_nfs42_proc_cop.patch
(git-fixes CVE-2022-49103 bsc#1238080).
- Update
patches.suse/PCI-Avoid-pci_dev_lock-AB-BA-deadlock-with-sriov_num.patch
(git-fixes CVE-2022-49434 bsc#1238916).
- Update patches.suse/PCI-endpoint-Fix-misused-goto-label.patch
(git-fixes CVE-2022-49115 bsc#1237961).
- Update
patches.suse/PM-core-keep-irq-flags-in-device_pm_check_callbacks.patch
(git-fixes CVE-2022-49175 bsc#1238099).
- Update
patches.suse/PM-devfreq-exynos-ppmu-Fix-refcount-leak-in-of_get_d.patch
(git-fixes CVE-2022-49668 bsc#1237957).
- Update
patches.suse/PM-devfreq-rk3399_dmc-Disable-edev-on-remove.patch
(git-fixes CVE-2022-49460 bsc#1238892).
- Update
patches.suse/PM-domains-Fix-sleep-in-atomic-bug-caused-by-genpd_d.patch
(git-fixes CVE-2022-49265 bsc#1238432).
- Update
patches.suse/RDMA-cm-Fix-memory-leak-in-ib_cm_insert_listen.patch
(git-fixes CVE-2022-49671 bsc#1238823).
- Update
patches.suse/RDMA-hfi1-Fix-potential-integer-multiplication-overf.patch
(git-fixes CVE-2022-49404 bsc#1238430).
- Update
patches.suse/RDMA-hfi1-Fix-use-after-free-bug-for-mm-struct.patch
(git-fixes CVE-2022-49076 bsc#1237738).
- Update
patches.suse/RDMA-hfi1-Prevent-panic-when-SDMA-is-disabled.patch
(git-fixes CVE-2022-49429 bsc#1238889).
- Update
patches.suse/RDMA-hfi1-Prevent-use-of-lock-before-it-is-initializ.patch
(git-fixes CVE-2022-49433 bsc#1238268).
- Update
patches.suse/RDMA-irdma-Fix-sleep-from-invalid-context-BUG.patch
(git-fixes CVE-2022-49606 bsc#1238410).
- Update
patches.suse/RDMA-irdma-Prevent-some-integer-underflows.patch
(git-fixes CVE-2022-49208 bsc#1238345).
- Update
patches.suse/RDMA-mlx5-Fix-memory-leak-in-error-flow-for-subscrib.patch
(git-fixes CVE-2022-49206 bsc#1238343).
- Update
patches.suse/RDMA-nldev-Prevent-underflow-in-nldev_stat_set_count.patch
(jsc#SLE-19249 CVE-2022-49199 bsc#1238234).
- Update
patches.suse/SUNRPC-Fix-the-svc_deferred_event-trace-class.patch
(git-fixes CVE-2022-49065 bsc#1237739).
- Update patches.suse/SUNRPC-Trap-RDMA-segment-overflows.patch
(git-fixes CVE-2022-49356 bsc#1238444).
- Update
patches.suse/USB-host-isp116x-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49302 bsc#1238653).
- Update patches.suse/afs-Fix-dynamic-root-getattr.patch
(git-fixes CVE-2022-49688 bsc#1238423).
- Update
patches.suse/arch-arm64-Fix-topology-initialization-for-core-sche.patch
(git-fixes CVE-2022-49090 bsc#1238021).
- Update
patches.suse/arm64-compat-Do-not-treat-syscall-number-as-ESR_ELx-.patch
(git-fixes CVE-2022-49520 bsc#1238836).
- Update patches.suse/arm64-ftrace-consistently-handle-PLTs.patch
(git-fixes CVE-2022-49721 bsc#1237789).
- Update
patches.suse/ata-libata-core-fix-NULL-pointer-deref-in-ata_host_a.patch
(git-fixes CVE-2022-49731 bsc#1239071).
- Update
patches.suse/ata-pata_octeon_cf-Fix-refcount-leak-in-octeon_cf_pr.patch
(git-fixes CVE-2022-49354 bsc#1238636).
- Update
patches.suse/ata-sata_dwc_460ex-Fix-crash-due-to-OOB-write.patch
(git-fixes CVE-2022-49073 bsc#1237746).
- Update
patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch
(git-fixes CVE-2022-49213 bsc#1238327).
- Update
patches.suse/ath10k-skip-ath10k_halt-during-suspend-for-driver-st.patch
(git-fixes CVE-2022-49519 bsc#1238943).
- Update
patches.suse/ath11k-disable-spectral-scan-during-spectral-deinit.patch
(git-fixes CVE-2022-49523 bsc#1238557).
- Update
patches.suse/ath11k-fix-kernel-panic-during-unload-load-ath11k-mo.patch
(git-fixes CVE-2022-49131 bsc#1237966).
- Update patches.suse/ath11k-mhi-use-mhi_sync_power_up.patch
(git-fixes CVE-2022-49130 bsc#1237978).
- Update
patches.suse/ath11k-pci-fix-crash-on-suspend-if-board-file-is-not.patch
(git-fixes CVE-2022-49132 bsc#1237976).
- Update
patches.suse/ath9k_htc-fix-potential-out-of-bounds-access-with-in.patch
(git-fixes CVE-2022-49503 bsc#1238868).
- Update patches.suse/ath9k_htc-fix-uninit-value-bugs.patch
(git-fixes CVE-2022-49235 bsc#1238333).
- Update
patches.suse/bfq-Avoid-merging-queues-with-different-parents.patch
(bsc#1197926 CVE-2022-49412 bsc#1238436).
- Update
patches.suse/bfq-Make-sure-bfqg-for-which-we-are-queueing-request.patch
(bsc#1197926 CVE-2022-49411 bsc#1238307).
- Update
patches.suse/bfq-Update-cgroup-information-before-merging-bio.patch
(bsc#1197926 CVE-2022-49413 bsc#1238710).
- Update
patches.suse/blk-iolatency-Fix-inflight-count-imbalances-and-IO-h.patch
(bsc#1200825 CVE-2022-49394 bsc#1238712).
- Update
patches.suse/blk-mq-don-t-touch-tagset-in-blk_mq_get_sq_hctx.patch
(bsc#1200824 CVE-2022-49377 bsc#1238545).
- Update
patches.suse/block-Fix-the-maximum-minor-value-is-blk_alloc_ext_m.patch
(bsc#1198021 CVE-2022-49147 bsc#1237960).
- Update
patches.suse/block-don-t-delete-queue-kobject-before-its-children.patch
(bsc#1198019 CVE-2022-49259 bsc#1238413).
- Update
patches.suse/block-fix-rq-qos-breakage-from-skipping-rq_qos_done_.patch
(bsc#1202781 CVE-2022-49266 bsc#1238465).
- Update
patches.suse/bpf-Fix-UAF-due-to-race-between-btf_try_get_module-a.patch
(git-fixes CVE-2022-49236 bsc#1238120).
- Update
patches.suse/bpf-arm64-Clear-prog-jited_len-along-prog-jited.patch
(git-fixes CVE-2022-49341 bsc#1238381).
- Update
patches.suse/brcmfmac-pcie-Release-firmwares-in-the-brcmf_pcie_se.patch
(git-fixes CVE-2022-49263 bsc#1238267).
- Update
patches.suse/bus-fsl-mc-bus-fix-KASAN-use-after-free-in-fsl_mc_bu.patch
(git-fixes CVE-2022-49711 bsc#1238416).
- Update
patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch
(git-fixes CVE-2022-49661 bsc#1237788).
- Update
patches.suse/can-isotp-sanitize-CAN-ID-checks-in-isotp_bind.patch
(git-fixes CVE-2022-49269 bsc#1238533).
- Update
patches.suse/can-m_can-m_can_tx_handler-fix-use-after-free-of-skb.patch
(git-fixes CVE-2022-49275 bsc#1238719).
- Update
patches.suse/can-mcba_usb-properly-check-endpoint-type.patch
(git-fixes CVE-2022-49151 bsc#1237778).
- Update
patches.suse/ceph-fix-inode-reference-leakage-in-ceph_get_snapdir.patch
(bsc#1206048 CVE-2022-49109 bsc#1237836).
- Update
patches.suse/ceph-fix-memory-leak-in-ceph_readdir-when-note_last_dentry-returns-error.patch
(bsc#1206049 CVE-2022-49107 bsc#1237973).
- Update
patches.suse/cgroup-Use-separate-src-dst-nodes-when-preloading-css_sets-for-migration.patch
(bsc#1201610 CVE-2022-49647 bsc#1238805).
- Update
patches.suse/char-xillybus-fix-a-refcount-leak-in-cleanup_dev.patch
(git-fixes CVE-2022-49310 bsc#1238642).
- Update patches.suse/cifs-fix-handlecache-and-multiuser.patch
(bsc#1193629 CVE-2022-49281 bsc#1238635).
- Update
patches.suse/cifs-fix-potential-double-free-during-failed-mount.patch
(bsc#1193629 CVE-2022-49541 bsc#1238727).
- Update
patches.suse/cifs-potential-buffer-overflow-in-handling-symlinks.patch
(bsc#1193629 CVE-2022-49058 bsc#1237814).
- Update
patches.suse/cifs-prevent-bad-output-lengths-in-smb2_ioctl_query_info-.patch
(CVE-2022-0168 bsc#1197472 CVE-2022-49271 bsc#1238626).
- Update
patches.suse/clk-Fix-clk_hw_get_clk-when-dev-is-NULL.patch
(git-fixes CVE-2022-49187 bsc#1238011).
- Update
patches.suse/clk-qcom-clk-rcg2-Update-logic-to-calculate-D-value-.patch
(git-fixes CVE-2022-49189 bsc#1238150).
- Update
patches.suse/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch
(bsc#1201218 CVE-2022-49726 bsc#1238808).
- Update
patches.suse/cpufreq-pmac32-cpufreq-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49621 bsc#1239051).
- Update
patches.suse/crypto-ccree-Fix-use-after-free-in-cc_cipher_exit.patch
(git-fixes CVE-2022-49258 bsc#1237952).
- Update
patches.suse/crypto-hisilicon-sec-fix-the-aead-software-fallback-.patch
(bsc#1198240 CVE-2022-49260 bsc#1238458).
- Update
patches.suse/crypto-octeontx2-remove-CONFIG_DM_CRYPT-check.patch
(git-fixes CVE-2022-49262 bsc#1238463).
- Update patches.suse/crypto-qat-add-param-check-for-DH.patch
(jsc#PED-1073 CVE-2022-49564 bsc#1238789).
- Update patches.suse/crypto-qat-add-param-check-for-RSA.patch
(jsc#PED-1073 CVE-2022-49563 bsc#1238787).
- Update patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch
(git-fixes CVE-2022-49566 bsc#1238266).
- Update patches.suse/dlm-fix-plock-invalid-read.patch (git-fixes
CVE-2022-49407 bsc#1238180).
- Update
patches.suse/dm-raid-fix-KASAN-warning-in-raid5_add_disks.patch
(git-fixes CVE-2022-49673 bsc#1238933).
- Update
patches.suse/dmaengine-idxd-Fix-the-error-handling-path-in-idxd_c.patch
(git-fixes CVE-2022-49422 bsc#1237784).
- Update
patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch
(git-fixes CVE-2022-49652 bsc#1238871).
- Update
patches.suse/dmaengine-zynqmp_dma-In-struct-zynqmp_dma_chan-fix-d.patch
(git-fixes CVE-2022-49320 bsc#1238394).
- Update
patches.suse/dpaa2-ptp-Fix-refcount-leak-in-dpaa2_ptp_probe.patch
(git-fixes CVE-2022-49088 bsc#1237724).
- Update
patches.suse/drbd-Fix-five-use-after-free-bugs-in-get_initial_state
(git-fixes CVE-2022-49085 bsc#1238036).
- Update
patches.suse/driver-base-fix-UAF-when-driver_attach-failed.patch
(git-fixes CVE-2022-49385 bsc#1237951).
- Update
patches.suse/driver-core-Fix-wait_for_device_probe-deferred_probe.patch
(git-fixes CVE-2022-49379 bsc#1238446).
- Update
patches.suse/driver-core-fix-deadlock-in-__device_attach.patch
(git-fixes CVE-2022-49371 bsc#1238546).
- Update
patches.suse/drivers-base-node.c-fix-compaction-sysfs-file-leak.patch
(git-fixes CVE-2022-49442 bsc#1238243).
- Update
patches.suse/drivers-staging-rtl8192bs-Fix-deadlock-in-rtw_joinbs.patch
(git-fixes CVE-2022-49311 bsc#1238632).
- Update
patches.suse/drivers-staging-rtl8192e-Fix-deadlock-in-rtllib_beac.patch
(git-fixes CVE-2022-49315 bsc#1238638).
- Update
patches.suse/drivers-staging-rtl8192u-Fix-deadlock-in-ieee80211_b.patch
(git-fixes CVE-2022-49305 bsc#1238645).
- Update
patches.suse/drivers-staging-rtl8723bs-Fix-deadlock-in-rtw_survey.patch
(git-fixes CVE-2022-49309 bsc#1238640).
- Update
patches.suse/drivers-tty-serial-Fix-deadlock-in-sa1100_set_termio.patch
(git-fixes CVE-2022-49304 bsc#1238639).
- Update
patches.suse/drivers-usb-host-Fix-deadlock-in-oxu_bus_suspend.patch
(git-fixes CVE-2022-49313 bsc#1238633).
- Update
patches.suse/drm-amd-amdgpu-amdgpu_cs-fix-refcount-leak-of-a-dma_.patch
(git-fixes CVE-2022-49137 bsc#1238155).
- Update
patches.suse/drm-amd-display-Check-if-modulo-is-0-before-dividing.patch
(git-fixes CVE-2022-49294 bsc#1238147).
- Update
patches.suse/drm-amd-display-Fix-a-NULL-pointer-dereference-in-am.patch
(git-fixes CVE-2022-49232 bsc#1238139).
- Update patches.suse/drm-amd-display-Fix-memory-leak.patch
(git-fixes CVE-2022-49135 bsc#1238006).
- Update
patches.suse/drm-amdgpu-cs-make-commands-with-0-chunks-illegal-be.patch
(git-fixes CVE-2022-49335 bsc#1238377).
- Update
patches.suse/drm-amdkfd-Check-for-potential-null-return-of-kmallo.patch
(git-fixes CVE-2022-49055 bsc#1237868).
- Update
patches.suse/drm-bridge-Add-missing-pm_runtime_put_sync.patch
(git-fixes CVE-2022-49128 bsc#1237970).
- Update
patches.suse/drm-bridge-anx7625-Fix-overflow-issue-on-reading-EDI.patch
(git-fixes CVE-2022-49222 bsc#1238328).
- Update
patches.suse/drm-etnaviv-check-for-reaped-mapping-in-etnaviv_iomm.patch
(git-fixes CVE-2022-49336 bsc#1238397).
- Update
patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch
(git-fixes CVE-2022-49644 bsc#1238235).
- Update
patches.suse/drm-i915-gem-add-missing-boundary-check-in-vm_access.patch
(git-fixes bsc#1211263 CVE-2023-28410 CVE-2022-49261
bsc#1238462).
- Update
patches.suse/drm-i915-reset-Fix-error_state_read-ptr-offset-use.patch
(git-fixes CVE-2022-49723 bsc#1237997).
- Update
patches.suse/drm-imx-Fix-memory-leak-in-imx_pd_connector_get_mode.patch
(git-fixes CVE-2022-49091 bsc#1237726).
- Update
patches.suse/drm-msm-a6xx-Fix-refcount-leak-in-a6xx_gpu_init.patch
(git-fixes CVE-2022-49462 bsc#1238123).
- Update
patches.suse/drm-msm-disp-dpu1-set-vbif-hw-config-to-NULL-to-avoi.patch
(git-fixes CVE-2022-49489 bsc#1238244).
- Update
patches.suse/drm-msm-dp-populate-connector-of-struct-dp_panel.patch
(git-fixes CVE-2022-49221 bsc#1238326).
- Update
patches.suse/drm-msm-fix-possible-memory-leak-in-mdp5_crtc_cursor.patch
(git-fixes CVE-2022-49467 bsc#1238815).
- Update
patches.suse/drm-msm-hdmi-check-return-value-after-calling-platfo.patch
(git-fixes CVE-2022-49495 bsc#1237932).
- Update
patches.suse/drm-msm-mdp4-Fix-refcount-leak-in-mdp4_modeset_init_.patch
(git-fixes CVE-2022-49693 bsc#1237954).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_mixer_release.patch
(git-fixes CVE-2022-49488 bsc#1238600).
- Update
patches.suse/drm-msm-mdp5-Return-error-code-in-mdp5_pipe_release-.patch
(git-fixes CVE-2022-49490 bsc#1238275).
- Update
patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch
(git-fixes CVE-2022-49645 bsc#1238435).
- Update
patches.suse/drm-rockchip-vop-fix-possible-null-ptr-deref-in-vop_.patch
(git-fixes CVE-2022-49491 bsc#1238539).
- Update
patches.suse/drm-tegra-Fix-reference-leak-in-tegra_dsi_ganged_pro.patch
(git-fixes CVE-2022-49216 bsc#1238338).
- Update
patches.suse/drm-virtio-fix-NULL-pointer-dereference-in-virtio_gp.patch
(git-fixes CVE-2022-49532 bsc#1238925).
- Update
patches.suse/efi-Do-not-import-certificates-from-UEFI-Secure-Boot.patch
(git-fixes CVE-2022-49357 bsc#1238631).
- Update
patches.suse/exec-Force-single-empty-string-when-argv-is-empty.patch
(bsc#1200571 CVE-2022-49264 bsc#1237815).
- Update patches.suse/ext4-add-reserved-GDT-blocks-check.patch
(bsc#1202712 CVE-2022-49707 bsc#1239035).
- Update patches.suse/ext4-avoid-cycles-in-directory-h-tree.patch
(bsc#1198577 CVE-2022-1184 CVE-2022-49343 bsc#1238382).
- Update
patches.suse/ext4-filter-out-EXT4_FC_REPLAY-from-on-disk-superblo.patch
(bsc#1202771 CVE-2022-49348 bsc#1238383).
- Update patches.suse/ext4-fix-bug_on-ext4_mb_use_inode_pa.patch
(bsc#1200810 CVE-2022-49708 bsc#1238599).
- Update patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch
(bsc#1200809 CVE-2022-49409 bsc#1238279).
- Update patches.suse/ext4-fix-bug_on-in-ext4_writepages.patch
(bsc#1200872 CVE-2022-49347 bsc#1238393).
- Update
patches.suse/ext4-fix-ext4_mb_mark_bb-with-flex_bg-with-fast_comm.patch
(bsc#1207593 CVE-2022-49174 bsc#1238091).
- Update
patches.suse/ext4-fix-race-condition-between-ext4_write-and-ext4_.patch
(bsc#1200807 CVE-2022-49414 bsc#1238623).
- Update
patches.suse/ext4-fix-use-after-free-in-ext4_rename_dir_prepare.patch
(bsc#1200871 CVE-2022-49349 bsc#1238372).
- Update
patches.suse/ext4-fix-warning-in-ext4_handle_inode_extension.patch
(bsc#1202711 CVE-2022-49352 bsc#1238395).
- Update
patches.suse/extcon-Modify-extcon-device-to-be-created-after-driv.patch
(git-fixes CVE-2022-49308 bsc#1238654).
- Update
patches.suse/filemap-Handle-sibling-entries-in-filemap_get_read_b.patch
(bsc#1202774 CVE-2022-49699 bsc#1238248).
- Update
patches.suse/firmware-arm_scmi-Fix-list-protocols-enumeration-in-.patch
(git-fixes CVE-2022-49451 bsc#1238177).
- Update
patches.suse/firmware-dmi-sysfs-Fix-memory-leak-in-dmi_sysfs_regi.patch
(git-fixes CVE-2022-49370 bsc#1238467).
- Update
patches.suse/firmware-sysfb-fix-platform-device-leak-in-error-pat.patch
(git-fixes CVE-2022-49283 bsc#1238012).
- Update
patches.suse/ftrace-Clean-up-hash-direct_functions-on-register-failures.patch
(git-fixes CVE-2022-49402 bsc#1238255).
- Update patches.suse/gpio-gpio-xilinx-Fix-integer-overflow.patch
(git-fixes CVE-2022-49570 bsc#1238298).
- Update
patches.suse/habanalabs-fix-possible-memory-leak-in-MMU-DR-fini.patch
(git-fixes CVE-2022-49102 bsc#1238018).
- Update
patches.suse/hwrng-cavium-fix-NULL-but-dereferenced-coccicheck-er.patch
(jsc#SLE-24682 CVE-2022-49177 bsc#1238010).
- Update
patches.suse/i2c-piix4-Fix-a-memory-leak-in-the-EFCH-MMIO-support.patch
(git-fixes CVE-2022-49653 bsc#1238664).
- Update
patches.suse/i40e-Fix-call-trace-in-setup_tx_descriptors.patch
(git-fixes CVE-2022-49725 bsc#1238016).
- Update
patches.suse/iavf-Fix-handling-of-dummy-receive-descriptors.patch
(git-fixes CVE-2022-49583 bsc#1237818).
- Update
patches.suse/ibmvnic-fix-race-between-xmit-and-reset.patch
(bsc#1197302 ltc#197259 CVE-2022-49201 bsc#1238256).
- Update patches.suse/ice-Fix-memory-corruption-in-VF-driver.patch
(git-fixes CVE-2022-49722 bsc#1238301).
- Update
patches.suse/ice-arfs-fix-use-after-free-when-freeing-rx_cpu_rmap.patch
(git-fixes CVE-2022-49063 bsc#1237846).
- Update
patches.suse/ice-fix-scheduling-while-atomic-on-aux-critical-err-.patch
(git-fixes CVE-2022-49193 bsc#1238283).
- Update
patches.suse/igb-fix-a-use-after-free-issue-in-igb_clean_tx_ring.patch
(git-fixes CVE-2022-49695 bsc#1238556).
- Update
patches.suse/igc-Reinstate-IGC_REMOVED-logic-and-implement-it-pro.patch
(jsc#SLE-18377 CVE-2022-49605 bsc#1238433).
- Update
patches.suse/igc-avoid-kernel-warning-when-changing-RX-ring-param.patch
(git-fixes CVE-2022-49227 bsc#1237786).
- Update
patches.suse/iio-accel-mma8452-use-the-correct-logic-to-get-mma84.patch
(git-fixes CVE-2022-49285 bsc#1238641).
- Update
patches.suse/iio-adc-adi-axi-adc-Fix-refcount-leak-in-adi_axi_adc.patch
(git-fixes CVE-2022-49683 bsc#1238308).
- Update
patches.suse/iio-trigger-sysfs-fix-use-after-free-on-remove.patch
(git-fixes CVE-2022-49685 bsc#1237963).
- Update
patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch
(git-fixes CVE-2022-49643 bsc#1238663).
- Update
patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch
(git-fixes CVE-2022-49627 bsc#1237798).
- Update
patches.suse/iommu-arm-smmu-fix-possible-null-ptr-deref-in-arm_smmu_device_pr
(git-fixes CVE-2022-49323 bsc#1238400).
- Update
patches.suse/iommu-arm-smmu-v3-check-return-value-after-calling-platform_get_
(git-fixes CVE-2022-49319 bsc#1238374).
- Update patches.suse/iommu-arm-smmu-v3-sva-Fix-mm-use-after-free
(git-fixes CVE-2022-49426 bsc#1238445).
- Update
patches.suse/iommu-mediatek-Fix-NULL-pointer-dereference-when-printing-dev_na
(git-fixes CVE-2022-49424 bsc#1238247).
- Update
patches.suse/iommu-mediatek-Remove-clk_disable-in-mtk_iommu_remove
(git-fixes CVE-2022-49427 bsc#1238246).
- Update
patches.suse/iommu-omap-Fix-regression-in-probe-for-NULL-pointer-dereference
(git-fixes CVE-2022-49083 bsc#1237723).
- Update
patches.suse/ip-Fix-data-races-around-sysctl_ip_fwd_update_priori.patch
(git-fixes CVE-2022-49603 bsc#1238867).
- Update
patches.suse/ipv4-Fix-data-races-around-sysctl_fib_multipath_hash.patch
(git-fixes CVE-2022-49579 bsc#1238014).
- Update
patches.suse/ipw2x00-Fix-potential-NULL-dereference-in-libipw_xmi.patch
(git-fixes CVE-2022-49544 bsc#1238721).
- Update
patches.suse/irqchip-gic-realview-Fix-refcount-leak-in-realview_g.patch
(git-fixes CVE-2022-49719 bsc#1238262).
- Update
patches.suse/irqchip-gic-v3-Fix-GICR_CTLR.RWP-polling.patch
(git-fixes CVE-2022-49074 bsc#1237728).
- Update
patches.suse/irqchip-gic-v3-Fix-error-handling-in-gic_populate_pp.patch
(git-fixes CVE-2022-49716 bsc#1238288).
- Update
patches.suse/irqchip-gic-v3-Fix-refcount-leak-in-gic_populate_ppi.patch
(git-fixes CVE-2022-49715 bsc#1238818).
- Update
patches.suse/irqchip-realtek-rtl-Fix-refcount-leak-in-map_interru.patch
(git-fixes CVE-2022-49714 bsc#1238538).
- Update
patches.suse/ixgbe-Add-locking-to-prevent-panic-when-setting-srio.patch
(git-fixes CVE-2022-49584 bsc#1237933).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_fill_super.patch
(git-fixes CVE-2022-49381 bsc#1238112).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_do_mount_fs.patch
(git-fixes CVE-2022-49277 bsc#1238144).
- Update
patches.suse/jffs2-fix-memory-leak-in-jffs2_scan_medium.patch
(git-fixes CVE-2022-49276 bsc#1238142).
- Update patches.suse/linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch
(git-fixes CVE-2022-49670 bsc#1238809).
- Update patches.suse/list-fix-a-data-race-around-ep-rdllist.patch
(git-fixes CVE-2022-49443 bsc#1238434).
- Update
patches.suse/lz4-fix-LZ4_decompress_safe_partial-read-out-of-boun.patch
(git-fixes CVE-2022-49078 bsc#1237736).
- Update
patches.suse/mac80211-fix-potential-double-free-on-mesh-join.patch
(git-fixes CVE-2022-49290 bsc#1238156).
- Update
patches.suse/md-Don-t-set-mddev-private-to-NULL-in-raid0-pers-fre.patch
(git-fixes CVE-2022-49400 bsc#1238125).
- Update
patches.suse/md-bitmap-don-t-set-sb-values-if-can-t-pass-sanity-c.patch
(bsc#1197158 CVE-2022-49526 bsc#1238030).
- Update
patches.suse/md-fix-double-free-of-io_acct_set-bioset.patch
(git-fixes CVE-2022-49384 bsc#1237959).
- Update
patches.suse/media-cx25821-Fix-the-warning-when-removing-the-modu.patch
(git-fixes CVE-2022-49525 bsc#1238022).
- Update
patches.suse/media-i2c-max9286-fix-kernel-oops-when-removing-modu.patch
(git-fixes CVE-2022-49509 bsc#1238650).
- Update
patches.suse/media-imx-jpeg-Prevent-decoding-NV12M-jpegs-into-sin.patch
(git-fixes CVE-2022-49165 bsc#1238106).
- Update
patches.suse/media-imx-jpeg-fix-a-bug-of-accessing-array-out-of-b.patch
(git-fixes CVE-2022-49163 bsc#1238105).
- Update
patches.suse/media-pci-cx23885-Fix-the-error-handling-in-cx23885_.patch
(git-fixes CVE-2022-49524 bsc#1238949).
- Update
patches.suse/media-pvrusb2-fix-array-index-out-of-bounds-in-pvr2_.patch
(git-fixes CVE-2022-49478 bsc#1238000).
- Update
patches.suse/media-rga-fix-possible-memory-leak-in-rga_probe.patch
(git-fixes CVE-2022-49502 bsc#1238834).
- Update
patches.suse/media-stk1160-If-start-stream-fails-return-buffers-w.patch
(git-fixes CVE-2022-49247 bsc#1237783).
- Update
patches.suse/media-ti-vpe-cal-Fix-a-NULL-pointer-dereference-in-c.patch
(git-fixes CVE-2022-49254 bsc#1238089).
- Update
patches.suse/media-usb-go7007-s2250-board-fix-leak-in-probe.patch
(git-fixes CVE-2022-49253 bsc#1238420).
- Update
patches.suse/media-venus-hfi-avoid-null-dereference-in-deinit.patch
(git-fixes CVE-2022-49527 bsc#1238013).
- Update
patches.suse/memory-renesas-rpc-if-fix-platform-device-leak-in-er.patch
(git-fixes CVE-2022-49050 bsc#1237892).
- Update
patches.suse/memory-samsung-exynos5422-dmc-Fix-refcount-leak-in-o.patch
(git-fixes CVE-2022-49676 bsc#1237821).
- Update
patches.suse/mfd-davinci_voicecodec-Fix-possible-null-ptr-deref-d.patch
(git-fixes CVE-2022-49435 bsc#1238292).
- Update
patches.suse/misc-ocxl-fix-possible-double-free-in-ocxl_file_regi.patch
(git-fixes CVE-2022-49455 bsc#1238229).
- Update
patches.suse/mm-slub-add-missing-TID-updates-on-slab-deactivation.patch
(git-fixes CVE-2022-49700 bsc#1238249).
- Update
patches.suse/mmc-jz4740-Apply-DMA-engine-limits-to-maximum-segmen.patch
(git-fixes CVE-2022-49522 bsc#1238948).
- Update
patches.suse/module-fix-e_shstrndx-.sh_size-0-OOB-access.patch
(git-fixes CVE-2022-49444 bsc#1238127).
- Update
patches.suse/msft-hv-2554-Drivers-hv-vmbus-Deactivate-sysctl_record_panic_msg-.patch
(bsc#1183682 CVE-2022-49054 bsc#1237931).
- Update
patches.suse/msft-hv-2555-Drivers-hv-vmbus-Fix-initialization-of-device-object.patch
(git-fixes CVE-2022-49099 bsc#1237727).
- Update
patches.suse/msft-hv-2556-Drivers-hv-vmbus-Fix-potential-crash-on-module-unloa.patch
(git-fixes CVE-2022-49098 bsc#1238079).
- Update
patches.suse/mt76-fix-monitor-mode-crash-with-sdio-driver.patch
(git-fixes CVE-2022-49112 bsc#1237971).
- Update
patches.suse/mt76-fix-use-after-free-by-removing-a-non-RCU-wcid-p.patch
(git-fixes CVE-2022-49328 bsc#1238391).
- Update
patches.suse/mt76-mt7921-fix-crash-when-startup-fails.patch
(git-fixes CVE-2022-49129 bsc#1237968).
- Update
patches.suse/mtd-rawnand-atmel-fix-refcount-issue-in-atmel_nand_c.patch
(git-fixes CVE-2022-49212 bsc#1238331).
- Update
patches.suse/mtd-rawnand-cadence-fix-possible-null-ptr-deref-in-c.patch
(git-fixes CVE-2022-49494 bsc#1237955).
- Update
patches.suse/mtd-rawnand-denali-Use-managed-device-resources.patch
(git-fixes CVE-2022-49512 bsc#1237986).
- Update
patches.suse/mtd-rawnand-intel-fix-possible-null-ptr-deref-in-ebu.patch
(git-fixes CVE-2022-49487 bsc#1238115).
- Update
patches.suse/net-altera-Fix-refcount-leak-in-altera_tse_mdio_crea.patch
(git-fixes CVE-2022-49351 bsc#1237939).
- Update
patches.suse/net-asix-add-proper-error-handling-of-usb-read-error.patch
(git-fixes CVE-2022-49226 bsc#1238336).
- Update
patches.suse/net-bcmgenet-Use-stronger-register-read-writes-to-as.patch
(git-fixes CVE-2022-49194 bsc#1238453).
- Update
patches.suse/net-bonding-fix-use-after-free-after-802.3ad-slave-u.patch
(git-fixes CVE-2022-49667 bsc#1238282).
- Update
patches.suse/net-dsa-lantiq_gswip-Fix-refcount-leak-in-gswip_gphy.patch
(git-fixes CVE-2022-49346 bsc#1238392).
- Update
patches.suse/net-dsa-microchip-ksz_common-Fix-refcount-leak-bug.patch
(git-fixes CVE-2022-49591 bsc#1238666).
- Update
patches.suse/net-dsa-mv88e6xxx-Fix-refcount-leak-in-mv88e6xxx_mdi.patch
(git-fixes CVE-2022-49367 bsc#1238447).
- Update
patches.suse/net-ethernet-bgmac-Fix-refcount-leak-in-bcma_mdio_mi.patch
(git-fixes CVE-2022-49342 bsc#1238390).
- Update
patches.suse/net-ethernet-mtk_eth_soc-out-of-bounds-read-in-mtk_h.patch
(git-fixes CVE-2022-49368 bsc#1237808).
- Update
patches.suse/net-ethernet-stmmac-fix-altr_tse_pcs-function-when-u.patch
(git-fixes CVE-2022-49061 bsc#1238024).
- Update
patches.suse/net-ethernet-ti-am65-cpsw-nuss-Fix-some-refcount-lea.patch
(git-fixes CVE-2022-49386 bsc#1237826).
- Update
patches.suse/net-hns3-add-vlan-list-lock-to-protect-vlan-list.patch
(git-fixes CVE-2022-49182 bsc#1238260).
- Update
patches.suse/net-ipv4-fix-route-with-nexthop-object-delete-warnin.patch
(bsc#1204171 CVE-2022-3435 CVE-2022-49092 bsc#1237779).
- Update
patches.suse/net-ipv6-unexport-__init-annotated-seg6_hmac_init.patch
(bsc#1201218 CVE-2022-49339 bsc#1238388).
- Update
patches.suse/net-mdio-unexport-__init-annotated-mdio_bus_init.patch
(bsc#1201218 CVE-2022-49350 bsc#1238387).
- Update
patches.suse/net-openvswitch-fix-leak-of-nested-actions.patch
(git-fixes CVE-2022-49086 bsc#1238037).
- Update
patches.suse/net-phy-micrel-Allow-probing-without-.driver_data.patch
(git-fixes CVE-2022-49472 bsc#1238951).
- Update
patches.suse/net-sfc-add-missing-xdp-queue-reinitialization.patch
(git-fixes CVE-2022-49096 bsc#1238077).
- Update
patches.suse/net-smc-Fix-NULL-pointer-dereference-in-smc_pnet_find_ib
(git-fixes CVE-2022-49060 bsc#1237845).
- Update
patches.suse/net-stmmac-dwc-qos-Disable-split-header-for-Tegra194.patch
(bsc#1194904 CVE-2022-49642 bsc#1238437).
- Update
patches.suse/net-stmmac-fix-dma-queue-left-shift-overflow-issue.patch
(git-fixes CVE-2022-49592 bsc#1238311).
- Update patches.suse/net-stmmac-fix-leaks-in-probe.patch
(git-fixes CVE-2022-49628 bsc#1238619).
- Update
patches.suse/net-tun-unlink-NAPI-from-device-on-destruction.patch
(git-fixes CVE-2022-49672 bsc#1238816).
- Update
patches.suse/net-usb-aqc111-Fix-out-of-bounds-accesses-in-RX-fixu.patch
(git-fixes CVE-2022-49051 bsc#1237903).
- Update
patches.suse/net-xfrm-unexport-__init-annotated-xfrm4_protocol_in.patch
(bsc#1201218 CVE-2022-49345 bsc#1238238).
- Update
patches.suse/nfc-nci-add-flush_workqueue-to-prevent-uaf.patch
(git-fixes CVE-2022-49059 bsc#1238007).
- Update
patches.suse/nfc-nfcmrvl-Fix-memory-leak-in-nfcmrvl_play_deferred.patch
(git-fixes CVE-2022-49729 bsc#1239060).
- Update
patches.suse/nfc-st21nfca-fix-memory-leaks-in-EVT_TRANSACTION-han.patch
(git-fixes CVE-2022-49331 bsc#1237813).
- Update
patches.suse/nvme-pci-fix-a-NULL-pointer-dereference-in-nvme_allo.patch
(git-fixes CVE-2022-49492 bsc#1238954).
- Update
patches.suse/ocfs2-dlmfs-fix-error-handling-of-user_dlm_destroy_l.patch
(bsc#1202778 CVE-2022-49337 bsc#1238376).
- Update
patches.suse/ocfs2-fix-crash-when-mount-with-quota-enabled.patch
(bsc#1207640 CVE-2022-49274 bsc#1238668).
- Update
patches.suse/perf-core-Fix-data-race-between-perf_event_set_output-and-perf_mmap_close.patch
(git fixes CVE-2022-49607 bsc#1238817).
- Update
patches.suse/phy-qcom-qmp-fix-reset-controller-leak-on-probe-erro.patch
(git-fixes CVE-2022-49396 bsc#1238289).
- Update
patches.suse/phy-qcom-qmp-fix-struct-clk-leak-on-probe-errors.patch
(git-fixes CVE-2022-49397 bsc#1237823).
- Update
patches.suse/pinctrl-aspeed-Fix-potential-NULL-dereference-in-asp.patch
(git-fixes CVE-2022-49618 bsc#1238957).
- Update
patches.suse/pinctrl-nomadik-Add-missing-of_node_put-in-nmk_pinct.patch
(git-fixes CVE-2022-49185 bsc#1238111).
- Update
patches.suse/pinctrl-renesas-core-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49445 bsc#1238019).
- Update
patches.suse/pinctrl-renesas-rzn1-Fix-possible-null-ptr-deref-in-.patch
(git-fixes CVE-2022-49449 bsc#1238936).
- Update
patches.suse/platform-x86-thinkpad_acpi-Fix-a-memory-leak-of-EFCH.patch
(bsc#1210050 CVE-2022-49665 bsc#1238017).
- Update
patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch
(git-fixes CVE-2022-49609 bsc#1238241).
- Update
patches.suse/power-supply-ab8500-Fix-memory-leak-in-ab8500_fg_sys.patch
(git-fixes CVE-2022-49224 bsc#1237998).
- Update
patches.suse/powerpc-64s-Don-t-use-DSISR-for-SLB-faults.patch
(bsc#1194869 CVE-2022-49214 bsc#1238003).
- Update
patches.suse/powerpc-iommu-Add-missing-of_node_put-in-iommu_init_.patch
(bsc#1194869 CVE-2022-49431 bsc#1238899).
- Update
patches.suse/powerpc-pseries-Fix-use-after-free-in-remove_phb_dyn.patch
(bsc#1065729 bsc#1198660 ltc#197803 CVE-2022-49196 bsc#1238274).
- Update
patches.suse/powerpc-rtas-Keep-MSR-RI-set-when-calling-RTAS.patch
(bsc#1197174 ltc#196362 CVE-2022-49440 bsc#1238945).
- Update
patches.suse/powerpc-secvar-fix-refcount-leak-in-format_show.patch
(bsc#1194869 CVE-2022-49113 bsc#1237967).
- Update
patches.suse/powerpc-tm-Fix-more-userspace-r13-corruption.patch
(bsc#1065729 CVE-2022-49164 bsc#1238108).
- Update
patches.suse/powerpc-xics-fix-refcount-leak-in-icp_opal_init.patch
(bsc#1194869 CVE-2022-49432 bsc#1238950).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_spapr_init.patch
(fate#322438 git-fixes CVE-2022-49437 bsc#1238443).
- Update
patches.suse/powerpc-xive-spapr-correct-bitmap-allocation-size.patch
(fate#322438 git-fixes CVE-2022-49623 bsc#1239040).
- Update
patches.suse/qede-confirm-skb-is-allocated-before-using.patch
(git-fixes CVE-2022-49084 bsc#1237751).
- Update
patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch
(git-fixes CVE-2022-49631 bsc#1238814).
- Update
patches.suse/regulator-da9121-Fix-uninit-value-in-da9121_assign_c.patch
(git-fixes CVE-2022-49507 bsc#1238811).
- Update
patches.suse/regulator-pfuze100-Fix-refcount-leak-in-pfuze_parse_.patch
(git-fixes CVE-2022-49481 bsc#1238264).
- Update
patches.suse/regulator-scmi-Fix-refcount-leak-in-scmi_regulator_p.patch
(git-fixes CVE-2022-49466 bsc#1238287).
- Update
patches.suse/remoteproc-Fix-count-check-in-rproc_coredump_write.patch
(git-fixes CVE-2022-49278 bsc#1238253).
- Update
patches.suse/remoteproc-qcom_q6v5_mss-Fix-some-leaks-in-q6v5_allo.patch
(git-fixes CVE-2022-49188 bsc#1238138).
- Update
patches.suse/rtc-mt6397-check-return-value-after-calling-platform.patch
(git-fixes CVE-2022-49375 bsc#1238228).
- Update
patches.suse/rtc-pl031-fix-rtc-features-null-pointer-dereference.patch
(git-fixes CVE-2022-49273 bsc#1238140).
- Update
patches.suse/rtl818x-Prevent-using-not-initialized-queues.patch
(git-fixes CVE-2022-49326 bsc#1238646).
- Update
patches.suse/scsi-hisi_sas-Free-irq-vectors-in-order-for-v3-HW.patch
(git-fixes CVE-2022-49118 bsc#1237979).
- Update
patches.suse/scsi-ibmvfc-Allocate-free-queue-resource-only-during.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49701
bsc#1237810).
- Update
patches.suse/scsi-ibmvfc-Store-vhost-pointer-during-subcrq-alloca.patch
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes CVE-2022-49703
bsc#1238131).
- Update
patches.suse/scsi-libfc-Fix-use-after-free-in-fc_exch_abts_resp.patch
(git-fixes CVE-2022-49114 bsc#1238146).
- Update
patches.suse/scsi-lpfc-Address-NULL-pointer-dereference-after-sta.patch
(bsc#1201193 CVE-2022-49332 bsc#1238236).
- Update
patches.suse/scsi-lpfc-Fix-SCSI-I-O-completion-and-abort-handler-.patch
(bsc#1200045 CVE-2022-49536 bsc#1238838).
- Update
patches.suse/scsi-lpfc-Fix-call-trace-observed-during-I-O-with-CM.patch
(bsc#1200045 CVE-2022-49537 bsc#1238930).
- Update
patches.suse/scsi-lpfc-Fix-null-pointer-dereference-after-failing.patch
(bsc#1200045 CVE-2022-49535 bsc#1238937).
- Update
patches.suse/scsi-lpfc-Fix-resource-leak-in-lpfc_sli4_send_seq_to.patch
(bsc#1200045 CVE-2022-49521 bsc#1238938).
- Update
patches.suse/scsi-lpfc-Inhibit-aborts-if-external-loopback-plug-i.patch
(bsc#1200045 CVE-2022-49504 bsc#1238835).
- Update
patches.suse/scsi-lpfc-Move-cfg_log_verbose-check-before-calling-.patch
(bsc#1200045 CVE-2022-49542 bsc#1238722).
- Update
patches.suse/scsi-lpfc-Protect-memory-leak-for-NPIV-ports-sending.patch
(bsc#1200045 CVE-2022-49534 bsc#1238893).
- Update
patches.suse/scsi-lpfc-Resolve-NULL-ptr-dereference-after-an-ELS-.patch
(bsc#1201193 CVE-2022-49730 bsc#1239070).
- Update patches.suse/scsi-mpi3mr-Fix-memory-leaks.patch
(git-fixes CVE-2022-49126 bsc#1237929).
- Update
patches.suse/scsi-mpt3sas-Fix-use-after-free-in-_scsih_expander_node_remove
(git-fixes CVE-2022-49082 bsc#1237740).
- Update
patches.suse/scsi-pm8001-Fix-abort-all-task-initialization.patch
(git-fixes CVE-2022-49217 bsc#1238313).
- Update
patches.suse/scsi-pm8001-Fix-memory-leak-in-pm8001_chip_fw_flash_update_req.patch
(git-fixes CVE-2022-49119 bsc#1237925).
- Update patches.suse/scsi-pm8001-Fix-tag-leaks-on-error.patch
(git-fixes CVE-2022-49121 bsc#1237926).
- Update
patches.suse/scsi-pm8001-Fix-task-leak-in-pm8001_send_abort_all.patch
(git-fixes CVE-2022-49120 bsc#1237969).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-during-module-load-unload-tes.patch
(bsc#1197661 CVE-2022-49160 bsc#1238172).
- Update
patches.suse/scsi-qla2xxx-Fix-premature-hw-access-after-PCI-error.patch
(bsc#1195823 CVE-2022-49157 bsc#1238169).
- Update
patches.suse/scsi-qla2xxx-Fix-scheduling-while-atomic.patch
(bsc#1195823 CVE-2022-49156 bsc#1238168).
- Update
patches.suse/scsi-qla2xxx-Fix-warning-message-due-to-adisc-being-.patch
(bsc#1195823 CVE-2022-49158 bsc#1238170).
- Update
patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch
(bsc#1195823 CVE-2022-49159 bsc#1238171).
- Update
patches.suse/scsi-qla2xxx-Suppress-a-kernel-complaint-in-qla_crea.patch
(bsc#1195823 CVE-2022-49155 bsc#1237941).
- Update
patches.suse/scsi-sd-Fix-potential-NULL-pointer-dereference.patch
(git-fixes CVE-2022-49376 bsc#1238103).
- Update
patches.suse/scsi-zorro7xx-Fix-a-resource-leak-in-zorro7xx_remove_one
(git-fixes CVE-2022-49095 bsc#1237752).
- Update
patches.suse/serial-8250-Fix-PM-usage_count-for-console-handover.patch
(git-fixes CVE-2022-49613 bsc#1238440).
- Update
patches.suse/serial-8250_aspeed_vuart-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49392 bsc#1238113).
- Update
patches.suse/sfc-fix-considering-that-all-channels-have-TX-queues.patch
(git-fixes CVE-2022-49378 bsc#1238286).
- Update patches.suse/sfc-fix-kernel-panic-when-creating-VF.patch
(git-fixes CVE-2022-49625 bsc#1238411).
- Update
patches.suse/sfc-fix-use-after-free-when-disabling-sriov.patch
(git-fixes CVE-2022-49626 bsc#1238270).
- Update
patches.suse/skbuff-fix-coalescing-for-page_pool-fragment-recycli.patch
(bsc#1190336 CVE-2022-49093 bsc#1237737).
- Update
patches.suse/soc-bcm-Check-for-NULL-return-of-devm_kzalloc.patch
(git-fixes CVE-2022-49448 bsc#1238536).
- Update
patches.suse/soc-bcm-brcmstb-pm-pm-arm-Fix-refcount-leak-in-brcms.patch
(git-fixes CVE-2022-49678 bsc#1238821).
- Update
patches.suse/soc-rockchip-Fix-refcount-leak-in-rockchip_grf_init.patch
(git-fixes CVE-2022-49382 bsc#1238306).
- Update
patches.suse/soc-ti-ti_sci_pm_domains-Check-for-null-return-of-de.patch
(git-fixes CVE-2022-49453 bsc#1239004).
- Update
patches.suse/spi-bcm2835-bcm2835_spi_handle_err-fix-NULL-pointer-.patch
(git-fixes CVE-2022-49569 bsc#1238605).
- Update
patches.suse/spi-spi-fsl-qspi-check-return-value-after-calling-pl.patch
(git-fixes CVE-2022-49475 bsc#1238617).
- Update
patches.suse/staging-rtl8712-fix-a-potential-memory-leak-in-r871x.patch
(git-fixes CVE-2022-49312 bsc#1238157).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-r871xu_drv_init.patch
(git-fixes CVE-2022-49298 bsc#1238718).
- Update
patches.suse/staging-rtl8712-fix-uninit-value-in-usb_read8-and-fr.patch
(git-fixes CVE-2022-49301 bsc#1238643).
- Update
patches.suse/staging-vchiq_arm-Avoid-NULL-ptr-deref-in-vchiq_dump.patch
(git-fixes CVE-2022-49106 bsc#1237965).
- Update
patches.suse/staging-vchiq_core-handle-NULL-result-of-find_servic.patch
(git-fixes CVE-2022-49104 bsc#1237999).
- Update
patches.suse/staging-wfx-fix-an-error-handling-in-wfx_init_common.patch
(git-fixes CVE-2022-49105 bsc#1237975).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_dou8vec_minmax.patch
(git-fixes CVE-2022-49634 bsc#1237937).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch
(git-fixes CVE-2022-49641 bsc#1237831).
- Update
patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch
(git-fixes CVE-2022-49640 bsc#1237782).
- Update
patches.suse/thermal-core-Fix-memory-leak-in-__thermal_cooling_de.patch
(git-fixes CVE-2022-49468 bsc#1238047).
- Update
patches.suse/thermal-drivers-broadcom-Fix-potential-NULL-derefere.patch
(git-fixes CVE-2022-49459 bsc#1238046).
- Update
patches.suse/thermal-drivers-imx_sc_thermal-Fix-refcount-leak-in-.patch
(git-fixes CVE-2022-49463 bsc#1238428).
- Update
patches.suse/tick-nohz-unexport-__init-annotated-tick_nohz_full_s.patch
(bsc#1201218 CVE-2022-49675 bsc#1238431).
- Update
patches.suse/tpm-fix-reference-counting-for-struct-tpm_chip.patch
(CVE-2022-2977 bsc#1202672 CVE-2022-49287 bsc#1238276).
- Update patches.suse/tpm-use-try_get_ops-in-tpm-space.c.patch
(git-fixes CVE-2022-49286 bsc#1238647).
- Update
patches.suse/tracing-Fix-potential-double-free-in-create_var_ref.patch
(git-fixes CVE-2022-49410 bsc#1238441).
- Update
patches.suse/tracing-Fix-sleeping-function-called-from-invalid-context-on-RT-kernel.patch
(git-fixes CVE-2022-49322 bsc#1238396).
- Update
patches.suse/tracing-histograms-Fix-memory-leak-problem.patch
(git-fixes CVE-2022-49648 bsc#1238278).
- Update
patches.suse/tty-Fix-a-possible-resource-leak-in-icom_probe.patch
(git-fixes CVE-2022-49314 bsc#1238158).
- Update
patches.suse/tty-fix-deadlock-caused-by-calling-printk-under-tty_.patch
(git-fixes CVE-2022-49441 bsc#1238263).
- Update patches.suse/tty-goldfish-Fix-free_irq-on-remove.patch
(git-fixes CVE-2022-49724 bsc#1238869).
- Update
patches.suse/tty-goldfish-Use-tty_port_destroy-to-destroy-port.patch
(git-fixes CVE-2022-49399 bsc#1237829).
- Update
patches.suse/tty-synclink_gt-Fix-null-pointer-dereference-in-slgt.patch
(git-fixes CVE-2022-49307 bsc#1238149).
- Update
patches.suse/tunnels-do-not-assume-mac-header-is-set-in-skb_tunne.patch
(git-fixes CVE-2022-49663 bsc#1238442).
- Update
patches.suse/usb-dwc2-Fix-memory-leak-in-dwc2_hcd_init.patch
(git-fixes CVE-2022-49713 bsc#1238419).
- Update
patches.suse/usb-dwc2-gadget-don-t-reset-gadget-s-driver-bus.patch
(git-fixes CVE-2022-49299 bsc#1238184).
- Update
patches.suse/usb-dwc3-gadget-Replace-list_for_each_entry_safe-if-.patch
(git-fixes CVE-2022-49398 bsc#1238621).
- Update
patches.suse/usb-gadget-lpc32xx_udc-Fix-refcount-leak-in-lpc32xx_.patch
(git-fixes CVE-2022-49712 bsc#1238239).
- Update
patches.suse/usb-isp1760-Fix-out-of-bounds-array-access.patch
(git-fixes CVE-2022-49551 bsc#1237795).
- Update
patches.suse/usb-usbip-fix-a-refcount-leak-in-stub_probe.patch
(git-fixes CVE-2022-49389 bsc#1238257).
- Update
patches.suse/usbnet-Run-unregister_netdev-before-unbind-again.patch
(git-fixes CVE-2022-49501 bsc#1238830).
- Update patches.suse/usbnet-fix-memory-leak-in-error-case.patch
(git-fixes CVE-2022-49657 bsc#1238269).
- Update
patches.suse/veth-Ensure-eth-header-is-in-skb-s-linear-part.patch
(git-fixes CVE-2022-49066 bsc#1237722).
- Update
patches.suse/video-fbdev-clcdfb-Fix-refcount-leak-in-clcdfb_of_vr.patch
(git-fixes CVE-2022-49421 bsc#1238819).
- Update
patches.suse/video-fbdev-sm712fb-Fix-crash-in-smtcfb_write.patch
(git-fixes CVE-2022-49162 bsc#1238096).
- Update
patches.suse/virtio_console-eliminate-anonymous-module_init-modul.patch
(git-fixes CVE-2022-49100 bsc#1237735).
- Update
patches.suse/virtio_net-fix-xdp_rxq_info-bug-after-suspend-resume.patch
(git-fixes CVE-2022-49687 bsc#1238181).
- Update patches.suse/watch_queue-Actually-free-the-watch.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49256 bsc#1238277).
- Update
patches.suse/watch_queue-Fix-NULL-dereference-in-error-cleanup.patch
(CVE-2022-0995 bsc#1197246 CVE-2022-49257 bsc#1237987).
- Update
patches.suse/watch_queue-Free-the-page-array-when-watch_queue-is-.patch
(git-fixes CVE-2022-49148 bsc#1237797).
- Update
patches.suse/watchdog-ts4800_wdt-Fix-refcount-leak-in-ts4800_wdt_.patch
(git-fixes CVE-2022-49373 bsc#1238175).
- Update
patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch
(git-fixes CVE-2022-49646 bsc#1239001).
- Update
patches.suse/wifi-mac80211-fix-use-after-free-in-chanctx-code.patch
(git-fixes CVE-2022-49416 bsc#1238293).
- Update
patches.suse/wireguard-socket-free-skb-in-send6-when-ipv6-is-disa.patch
(git-fixes CVE-2022-49153 bsc#1238166).
- Update
patches.suse/x86-MCE-AMD-Fix-memory-leak-when-threshold_create_ba.patch
(git-fixes CVE-2022-49549 bsc#1238602).
- Update
patches.suse/x86-kexec-fix-memory-leak-of-elf-header-buffer.patch
(bsc#1196444 CVE-2022-49546 bsc#1238750).
- Update
patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch
(bsc#1199657 CVE-2022-29900 CVE-2022-29901 CVE-2022-49611
bsc#1238618).
- Update
patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch
(bsc#1201381 CVE-2022-49649 bsc#1238612).
- Update
patches.suse/xprtrdma-treat-all-calls-not-a-bcall-when-bc_serv-is.patch
(git-fixes CVE-2022-49321 bsc#1238373).
- commit a27d758
- Update
patches.suse/0011-Revert-Revert-block-bfq-honor-already-setup-queue-merges.patch
(git-fixes CVE-2021-47646 bsc#1237774).
- Update
patches.suse/ARM-davinci-da850-evm-Avoid-NULL-pointer-dereference.patch
(git-fixes CVE-2021-47631 bsc#1237718).
- Update
patches.suse/ASoC-soc-compress-prevent-the-potentially-use-of-nul.patch
(git-fixes CVE-2021-47650 bsc#1237742).
- Update
patches.suse/KVM-x86-mmu-Zap-_all_-roots-when-unmapping-gfn-range.patch
(git-fixes CVE-2021-47639 bsc#1237824).
- Update
patches.suse/ath5k-fix-OOB-in-ath5k_eeprom_read_pcal_info_5111.patch
(git-fixes CVE-2021-47633 bsc#1237768).
- Update patches.suse/clk-qcom-ipq8074-fix-PCI-E-clock-oops.patch
(git-fixes CVE-2021-47647 bsc#1237775).
- Update
patches.suse/drm-amd-pm-fix-a-potential-gpu_metrics_table-memory-.patch
(git-fixes CVE-2021-4453 bsc#1237753).
- Update
patches.suse/drm-plane-Move-range-check-for-format_count-earlier.patch
(git-fixes CVE-2021-47659 bsc#1237839).
- Update
patches.suse/drm-virtio-Ensure-that-objs-is-not-NULL-in-virtio_gp.patch
(git-fixes CVE-2021-47657 bsc#1237837).
- Update
patches.suse/gpu-host1x-Fix-a-memory-leak-in-host1x_remove.patch
(git-fixes CVE-2021-47648 bsc#1237725).
- Update
patches.suse/jffs2-fix-use-after-free-in-jffs2_clear_xattr_subsystem.patch
(git-fixes CVE-2021-47656 bsc#1237827).
- Update
patches.suse/media-davinci-vpif-fix-use-after-free-on-driver-unbi.patch
(git-fixes CVE-2021-47653 bsc#1237748).
- Update patches.suse/media-ir_toy-free-before-error-exiting.patch
(git-fixes CVE-2021-47643 bsc#1237743).
- Update
patches.suse/media-staging-media-zoran-calculate-the-right-buffer.patch
(git-fixes CVE-2021-47645 bsc#1237767).
- Update
patches.suse/media-staging-media-zoran-move-videodev-alloc.patch
(git-fixes CVE-2021-47644 bsc#1237766).
- Update
patches.suse/powerpc-set_memory-Avoid-spinlock-recursion-in-chang.patch
(bsc#1194869 CVE-2021-47632 bsc#1237755).
- Update
patches.suse/samples-landlock-Fix-path_list-memory-leak.patch
(git-fixes CVE-2021-47654 bsc#1237807).
- Update
patches.suse/soc-qcom-rpmpd-Check-for-null-return-of-devm_kcalloc.patch
(git-fixes CVE-2021-47651 bsc#1237872).
- Update
patches.suse/ubifs-Fix-deadlock-in-concurrent-rename-whiteout-and-inode-writeback.patch
(git-fixes CVE-2021-47637 bsc#1237761).
- Update
patches.suse/ubifs-Fix-read-out-of-bounds-in-ubifs_wbuf_write_nolock.patch
(git-fixes CVE-2021-47636 bsc#1237904).
- Update
patches.suse/ubifs-Fix-to-add-refcount-once-page-is-set-private.patch
(git-fixes CVE-2021-47635 bsc#1237759).
- Update
patches.suse/ubifs-rename_whiteout-Fix-double-free-for-whiteout_ui-data.patch
(git-fixes CVE-2021-47638 bsc#1237763).
- Update patches.suse/udmabuf-validate-ubuf-pagecount.patch
(git-fixes CVE-2021-47649 bsc#1237745).
- Update
patches.suse/video-fbdev-cirrusfb-check-pixclock-to-avoid-divide-.patch
(git-fixes CVE-2021-47641 bsc#1237734).
- Update
patches.suse/video-fbdev-nvidiafb-Use-strscpy-to-prevent-buffer-o.patch
(git-fixes CVE-2021-47642 bsc#1237916).
- Update
patches.suse/video-fbdev-smscufx-Fix-null-ptr-deref-in-ufx_usb_pr.patch
(git-fixes CVE-2021-47652 bsc#1237721).
- commit e92be69
- sched/membarrier: Fix redundant load of membarrier_state
(bsc#1232743).
- commit dcd9cb5
- mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove() (bsc#1239126).
- commit e8a4f87
- net: rose: fix timer races against user threads (CVE-2025-21718
bsc#1239073).
- commit 0089650
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 1575e37
- wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014 bsc#1239109)
- commit a0ab5c3
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
When compiler different from the one which was used to configure the
kernel is used to build modules a warning is issued and the build
continues. This could be turned into an error but that would be too
restrictive.
The generated kernel-devel makefile could set the compiler but then the
main Makefile as to be patched to assign CC with ?=
This causes run_oldconfig failure on SUSE-2024 and kbuild config check
failure on SUSE-2025.
This cannot be hardcoded to one version in a regular patch because the
value is expected to be configurable at mkspec time. Patch the Makefile
after aplyin patches in rpm prep step instead. A check is added to
verify that the sed command did indeed apply the change.
- commit 6031391
- initcall_blacklist: Does not allow kernel_lockdown be
blacklisted (bsc#1237521).
- commit 248ffca
- initcall_blacklist: Does not allow kernel_lockdown be
blacklisted (bsc#1237521).
- commit 1a3f1f0
- rpm/split-modules: Fix optional splitting with usrmerge (bsc#1238570)
- commit 8be63c4
- packaging: Turn gcc version into config.sh variable
Fixes: 51dacec21eb1 ("Use gcc-13 for build on SLE16 (jsc#PED-10028).")
- commit 011d54b
- rpm/kernel-docs.spec.in: Workaround for reproducible builds (bsc#1238303)
- commit 1f1e842
- kexec-tools
-
- add support for lockless ringbuffer (bsc#1241249)
- kexec-tools-Cleanup-remove-the-read_elf_kcore.patch
- kexec-tools-Fix-an-error-definition-about-the-variable-fname.patch
- kexec-tools-Cleanup-move-it-back-from-util_lib-elf_info.c.patch
- kexec-tools-printk-add-support-for-lockless-ringbuffer.patch
- libapparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- Allow pam_unix to execute unix_chkpwd with abi/3.0
- remove dovecot-unix_chkpwd.diff
- Add allow-pam_unix-to-execute-unix_chkpwd.patch
- Add revert-abi-change-for-unix_chkpwd.patch
(bsc#1234452, bsc#1232234)
- expat
-
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 for SLE-15-SP4
- deleted patches
- expat-CVE-2022-25235.patch (upstreamed)
- expat-CVE-2022-25236-relax-fix.patch (upstreamed)
- expat-CVE-2022-25236.patch (upstreamed)
- expat-CVE-2022-25313-fix-regression.patch (upstreamed)
- expat-CVE-2022-25313.patch (upstreamed)
- expat-CVE-2022-25314.patch (upstreamed)
- expat-CVE-2022-25315.patch (upstreamed)
- expat-CVE-2022-40674.patch (upstreamed)
- expat-CVE-2022-43680.patch (upstreamed)
- expat-CVE-2023-52425-1.patch (upstreamed)
- expat-CVE-2023-52425-2.patch (upstreamed)
- expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
- expat-CVE-2023-52425-fix-tests.patch (upstreamed)
- expat-CVE-2024-28757.patch (upstreamed)
- expat-CVE-2024-45490.patch (upstreamed)
- expat-CVE-2024-45491.patch (upstreamed)
- expat-CVE-2024-45492.patch (upstreamed)
- expat-CVE-2024-50602.patch (upstreamed)
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
- freetype2
-
- enable brotli support (jsc#PED-12258)
- icu
-
- Add icu-CVE-2025-5222.patch:
Backport 2c667e3 from upstream, ICU-22973 Fix buffer overflow by
using CharString.
(CVE-2025-5222, bsc#1243721)
- ncurses
-
- Modify patch ncurses-5.9-ibm327x.dif
* Backport sclp terminfo description entry if for s390 sclp terminal lines
* Add a further sclp entry for qemu s390 based systems
* Make use of dumb
- python311
-
- Update to 3.11.13:
- Security
- gh-135034: Fixes multiple issues that allowed tarfile
extraction filters (filter="data" and filter="tar") to be
bypassed using crafted symlinks and hard links.
Addresses CVE-2024-12718 (bsc#1244056), CVE-2025-4138
(bsc#1244059), CVE-2025-4330 (bsc#1244060), and
CVE-2025-4517 (bsc#1244032).
- gh-133767: Fix use-after-free in the “unicode-escape”
decoder with a non-“strict” error handler (CVE-2025-4516,
bsc#1243273).
- gh-128840: Short-circuit the processing of long IPv6
addresses early in ipaddress to prevent excessive memory
consumption and a minor denial-of-service.
- Library
- gh-128840: Fix parsing long IPv6 addresses with embedded
IPv4 address.
- gh-134062: ipaddress: fix collisions in __hash__() for
IPv4Network and IPv6Network objects.
- gh-123409: Fix ipaddress.IPv6Address.reverse_pointer output
according to RFC 3596, §2.5. Patch by Bénédikt Tran.
- bpo-43633: Improve the textual representation of
IPv4-mapped IPv6 addresses (RFC 4291 Sections 2.2, 2.5.5.2)
in ipaddress. Patch by Oleksandr Pavliuk.
- Remove upstreamed patches:
- gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
- CVE-2025-4516-DecodeError-handler.patch
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- Use extended %autopatch.
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
since kernel 3.6-rc1)
- Update to 3.11.12:
- gh-131809: Update bundled libexpat to 2.7.1
- gh-131261: Upgrade to libexpat 2.7.0
- gh-105704: When using urllib.parse.urlsplit() and
urllib.parse.urlparse() host parsing would not reject domain
names containing square brackets ([ and ]). Square brackets
are only valid for IPv6 and IPvFuture hosts according to RFC
3986 Section 3.2.2 (bsc#1236705, CVE-2025-0938,
gh#python/cpython#105704).
- gh-121284: Fix bug in the folding of rfc2047 encoded-words
when flattening an email message using a modern email
policy. Previously when an encoded-word was too long for
a line, it would be decoded, split across lines, and
re-encoded. But commas and other special characters in the
original text could be left unencoded and unquoted. This
could theoretically be used to spoof header lines using a
carefully constructed encoded-word if the resulting rendered
email was transmitted or re-parsed.
- gh-80222: Fix bug in the folding of quoted strings
when flattening an email message using a modern email
policy. Previously when a quoted string was folded so that
it spanned more than one line, the surrounding quotes and
internal escapes would be omitted. This could theoretically
be used to spoof header lines using a carefully constructed
quoted string if the resulting rendered email was transmitted
or re-parsed.
- gh-119511: Fix a potential denial of service in the imaplib
module. When connecting to a malicious server, it could
cause an arbitrary amount of memory to be allocated. On many
systems this is harmless as unused virtual memory is only
a mapping, but if this hit a virtual address size limit
it could lead to a MemoryError or other process crash. On
unusual systems or builds where all allocated memory is
touched and backed by actual ram or storage it could’ve
consumed resources doing so until similarly crashing.
- gh-127257: In ssl, system call failures that OpenSSL reports
using ERR_LIB_SYS are now raised as OSError.
- gh-121277: Writers of CPython’s documentation can now use
next as the version for the versionchanged, versionadded,
deprecated directives.
- gh-106883: Disable GC during the _PyThread_CurrentFrames()
and _PyThread_CurrentExceptions() calls to avoid the
interpreter to deadlock.
- Remove upstreamed patch:
- CVE-2025-0938-sq-brackets-domain-names.patch
- Add gh-126572-test_ssl-no-stop-ThreadedEchoServer-OSError.patch
which makes test_ssl not to stop ThreadedEchoServer on OSError,
which makes test_ssl pass with OpenSSL 3.5 (bsc#1241067,
gh#python/cpython!126572)
- librdkafka
-
- 0001-Fix-timespec-conversion-to-avoid-infinite-loop-2108-.patch:
avoid endless loops (bsc#1242842)
- ruby2.5
-
- update suse.patch to 736ea75f25d52fdebb88ed6583468bd7c21190f6
- fix ReDoS in CGI::Util#escapeElement
bsc#1237806 CVE-2025-27220
- fix denial of service in CGI::Cookie.parse
bsc#1237804 CVE-2025-27219
- update suse.patch to 6bf78da1fc4048a11a8612741216ebc47d9ebb41
- move the request smuggling patch to the correct place
actually fixes bsc#1230930 CVE-2024-47220 and now boo#1235773
- libsolv
-
- build both static and dynamic libraries on new suse distros
- support the apk package and repository format (both v2 and v3)
- new dataiterator_final_{repo,solvable} functions
- bump version to 0.7.32
- Provide a symbol specific for the ruby-version
so yast does not break across updates (boo#1235598)
- sqlite3
-
- Sync version 3.49.1 from Factory (jsc#SLE-16032):
* CVE-2025-29087, bsc#1241020: Fix a bug in the concat_ws()
function, introduced in version 3.44.0, that could lead to a
memory error if the separator string is very large (hundreds
of megabytes).
* CVE-2025-29088, bsc#1241078: Enhanced the
SQLITE_DBCONFIG_LOOKASIDE interface to make it more robust
against misuse.
* Obsoletes sqlite3-rtree-i686.patch
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- libxml2
-
- security update
- added patches
CVE-2025-32414 [bsc#1241551], out-of-bounds read when parsing text via the Python API
+ libxml2-CVE-2025-32414.patch
CVE-2025-32415 [bsc#1241453], a crafted XML document may lead to a heap-based buffer under-read
+ libxml2-CVE-2025-32415.patch
- libzypp
-
- Fix credential handling in HEAD requests (bsc#1244105)
- version 17.37.5 (35)
- RepoInfo: use pathNameSetTrailingSlash (fixes #643)
- Fix wrong userdata parameter type when running zypp with debug
verbosity (bsc#1239012)
- version 17.37.4 (35)
- Do not warn about no mirrors if mirrorlist was switched on
automatically. (bsc#1243901)
- Relax permission of cached packages to 0644 & ~umask
(bsc#1243887)
- version 17.37.3 (35)
- Add a note to service maintained .repo file entries (fixes #638)
- Support using %{url} variable in a RIS service's repo section.
- version 17.37.2 (35)
- Use a cookie file to validate mirrorlist cache.
This patch extends the mirrorlist code to use a cookie file to
validate the contents of the cache against the source URL, making
sure that we do not accidentially use a old cache when the
mirrorlist url was changed. For example when migrating a system
from one release to the next where the same repo alias might just
have a different URL.
- Let Service define and update gpgkey, mirrorlist and metalink.
- Preserve a mirrorlist file in the raw cache during refresh.
- version 17.37.1 (35)
- Code16: Enable curl2 backend and parallel package download by
default. In Code15 it's optional.
Environment variables ZYPP_CURL2=<0|1> and ZYPP_PCK_PRELOAD=<0|1>
can be used to turn the features on or off.
- Make gpgKeyUrl the default source for gpg keys.
When refreshing zypp now primarily uses gpgKeyUrl information
from the repo files and only falls back to a automatically
generated key Url if a gpgKeyUrl was not specified.
- Introduce mirrors into the Media backends (bsc#1240132)
- Drop MediaMultiCurl backend.
- Throttle progress updates when preloading packages (bsc#1239543)
- Check if request is in valid state in CURL callbacks (fixes
openSUSE/zypper#605)
- spec/CMake: add conditional build
'--with[out] classic_rpmtrans_as_default'.
classic_rpmtrans is the current builtin default for SUSE,
otherwise it's single_rpmtrans.
The `enable_preview_single_rpmtrans_as_default_for_zypper` switch
was removed from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
- version 17.37.0 (35)
- fixed build with boost 1.88.
- XmlReader: Fix detection of bad input streams (fixes #635)
libxml2 2.14 potentially reads the complete stream, so it may
have the 'eof' bit set. Which is not 'good' but also not 'bad'.
- rpm: Fix detection of %triggerscript starts (bsc#1222044)
- RepoindexFileReader: add more <repo> related attributes a
service may set.
Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck,
keeppackages, gpgkey, mirrorlist, and metalink with the same
semantic as in a .repo file.
- version 17.36.7 (35)
- Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
- BuildRequires: %{libsolv_devel_package} >= 0.7.32.
Code16 moved static libs to libsolv-devel-static.
- Drop usage of SHA1 hash algorithm because it will become
unavailable in FIPS mode (bsc#1240529)
- Fix zypp.conf dupAllowVendorChange to reflect the correct
default (false).
The default was true in Code12 (libzypp-16.x) and changed to
false with Code15 (libzypp-17.x). Unfortunately this was done by
shipping a modified zypp.conf file rather than fixing the code.
- zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
- version 17.36.6 (35)
- Fix computation of RepStatus if Repo URLs change.
- Fix lost double slash when appending to an absolute FTP url
(bsc#1238315)
Ftp actually differs between absolute and relative URL paths.
Absolute path names begin with a double slash encoded as '/%2F'.
This must be preserved when manipulating the path.
- version 17.36.5 (35)
- Add a transaction package preloader (fixes openSUSE/zypper#104)
This patch adds a preloader that concurrently downloads files
during a transaction commit. It's not yet enabled per default.
To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
in the environment.
- RpmPkgSigCheck_test: Exchange the test package signingkey
(fixes #622)
- Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
- Strip a mediahandler tag from baseUrl querystrings.
- version 17.36.4 (35)
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- openssh
-
- Added openssh-bsc1241045-kexalgo-gt-256bits.patch (bsc#1241045)
from upstream, which allows KEX hashes greater than 256 bits.
Thanks to Ali Abdallah <ali.abdallah@suse.com>.
- Added openssh-cve-2025-32728.patch (bsc#1241012, CVE-2025-32728).
This fixes an upstream logic error handling the DisableForwarding
option.
- Update openssh-7.6p1-audit_race_condition.patch (bsc#1232533),
fixing failures with very large MOTDs. Thanks to Ali Abdallah
<ali.abdallah@suse.com>.
- Updated openssh-8.1p1-audit.patch (bsc#1228634) with modification
from Jaroslav Jindrak (jjindrak@suse.com) to fix the hostname
being left out of the audit output.
- pam-config
-
- Stop adding pam_env in AUTH stack, and be sure to put this module at the
really end of the SESSION stack.
[bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]
- pam
-
- pam_namespace: convert functions that may operate on a user-controlled path
to operate on file descriptors instead of absolute path. And keep the
bind-mount protection from protect_mount() as a defense in depthmeasure.
[bsc#1244509
pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
pam_namespace-fix-potential-privilege-escalation.patch,
pam_namespace-add-flags-to-indicate-path-safety.patch,
pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
changes from upstream commits: ds6242a, bc856cd.
* pam_namespace fix logic in return value handling
* pam_namespace move functions around
- pam_env: Change the default to not read the user .pam_environment file
[bsc#1243226, CVE-2025-6018,
pam_env-change-the-default-to-not-read-the-user-env.patch]
- pam_unix/passverify: (get_account_info) [!HELPER_COMPILE]: Always return
PAM_UNIX_RUN_HELPER instead of trying to obtain the shadow password file
entry.
[passverify-always-run-the-helper-to-obtain-shadow_pwd.patch, bsc#1232234,
CVE-2024-10041]
- Do not reject the user with a hash assuming it's non-empty.
[pam_unix-allow-empty-passwords-with-non-empty-hashes.patch]
- patterns-base
-
- add bpftool to patterns enhanced base. jsc#PED-8375
- perl
-
- do not change the current directory when cloning an open
directory handle [bnc#1244079] [CVE-2025-40909]
new patch: perl-dirdup.diff
- python-instance-billing-flavor-check
-
- Update to version 1.0.1
+ Fix infinite loop (bsc#1242064)
+ Fix bug in update infrastructure request (bsc#1242064)
- python-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- python3-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- python-cryptography
-
- Update vendor tarball to fix CVE-2025-3416 (bsc#1242631)
- runc
-
- Update to runc v1.2.6. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.6>.
- Update to runc v1.2.5. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.5>.
- Update to runc v1.2.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.4>.
- Update runc.keyring to match upstream.
- Update to runc v1.2.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.3>.
- Update to runc v1.2.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.2>.
- Update to runc v1.2.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.1>.
- Update to runc v1.2.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0>.
- Remove upstreamed patches.
- 0001-bsc1221050-libct-seccomp-patchbpf-rm-duplicated-code.patch
- 0002-bsc1221050-seccomp-patchbpf-rename-nativeArch-linuxA.patch
- 0003-bsc1221050-seccomp-patchbpf-always-include-native-ar.patch
- 0004-bsc1214960-nsenter-cloned_binary-remove-bindfd-logic.patch
- Update to runc v1.2.0~rc3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.0-rc.3>.
Includes the patch for CVE-2024-45310. bsc#1230092
- screen
-
- also use tty fd passing after a suspend (MSG_CONT)
new patch: sendfdcont.diff
- do not chmod the tty for multiattach, rely on tty fd passing
instead [bsc#1242269] [CVE-2025-46802]
new patch: nottychmod.diff
- fix resume after suspend in multiuser mode
new patch: multicont.diff
- 000release-packages:sle-module-basesystem-release
-
n/a
- 000release-packages:sle-module-containers-release
-
n/a
- 000release-packages:sle-module-desktop-applications-release
-
n/a
- 000release-packages:sle-module-development-tools-release
-
n/a
- 000release-packages:sle-module-public-cloud-release
-
n/a
- 000release-packages:sle-module-python3-release
-
n/a
- 000release-packages:sle-module-server-applications-release
-
n/a
- 000release-packages:sle-module-web-scripting-release
-
n/a
- sudo
-
- Fix a possilbe local privilege escalation via the --host option
[bsc#1245274, CVE-2025-32462]
- timezone
-
- Update to 2025b:
* New zone for Aysén Region in Chile (America/Coyhaique) which
moves from -04/-03 to -03
- Refresh patches
* revert-philippines-historical-data.patch
* tzdata-china.diff
- vim
-
- Fix bsc#1228776 / CVE-2024-41965.
- Fix bsc#1239602 / CVE-2025-29768.
- Refresh patch:
vim-7.3-sh_is_bash.patch
- Update to 9.1.1406:
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
- xen
-
- bsc#1243117 - VUL-0: CVE-2024-28956: xen: Intel CPU: Indirect
Target Selection (ITS) (XSA-469)
xsa469-01.patch
xsa469-02.patch
xsa469-03.patch
xsa469-04.patch
xsa469-05.patch
xsa469-06.patch
xsa469-07.patch
- bsc#1238043 - VUL-0: CVE-2025-1713: xen: deadlock potential with
VT-d and legacy PCI device pass-through (XSA-467)
xsa467.patch
- bsc#1234282 - VUL-0: xen: XSA-466: Xen hypercall page unsafe
against speculative attacks
xsa466.patch
- zypper
-
- BuildRequires: libzypp-devel >= 17.37.0.
- Use libzypp improvements for preload and mirror handling.
- xmlout.rnc: Update repo-element (bsc#1241463)
Add the "metalink" attribute and reflect that the "url" elements
list may in fact be empty, if no baseurls are defined in the
.repo files.
- man: update --allow-unsigned-rpm description.
Explain how to achieve the same for packages provided by
repositories.
- version 1.14.90
- Updated translations (bsc#1230267)
- version 1.14.89
- Do not double encode URL strings passed on the commandline
(bsc#1237587)
URLs passed on the commandline must have their special chars
encoded already. We just want to check and encode forgotten
unsafe chars like a blank. A '%' however must not be encoded
again.
- version 1.14.88
- Package preloader that concurrently downloads files. It's not yet
enabled per default. To enable the preview set ZYPP_CURL2=1 and
ZYPP_PCK_PRELOAD=1 in the environment. (#104)
- BuildRequires: libzypp-devel >= 17.36.4.
- version 1.14.87
- refresh: add --include-all-archs (fixes #598)
Future multi-arch repos may allow to download only those metadata
which refer to packages actually compatible with the systems
architecture. Some tools however want zypp to provide the full
metadata of a repository without filtering incompatible
architectures.
- info,search: add option to search and list Enhances
(bsc#1237949)
- version 1.14.86