- bash
-
- Add patch bsc1245199.patch
* Fix histfile missing timestamp for the oldest record (bsc#1245199)
- bind
-
- Security Fixes:
* DNSSEC validation fails if matching but invalid DNSKEY is found.
[CVE-2025-8677, bsc#1252378, bind-9.18-CVE-2025-8677.patch]
* Address various spoofing attacks.
[CVE-2025-40778, bsc#1252379, bind-9.18-CVE-2025-40778.patch]
* Cache-poisoning due to weak pseudo-random number generator.
[CVE-2025-40780, bsc#1252380, bind-9.18-CVE-2025-40780.patch]
- chrony
-
- bsc#1246544: Fix racy socket creation
* Add chrony-unix-socket.patch
* Add chrony-remove-chmod.patch
- Use make quickcheck to speedup build.
- cifs-utils
-
- Add patches:
* 0001-cifs-utils-Skip-TGT-check-if-valid-service-ticket-is.patch (bsc#1248816)
* 0001-setcifsacl-fix-memory-allocation-for-struct-cifs_ace.patch
* 0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch
* 0001-cifs-utils-avoid-using-mktemp-when-updating-mtab.patch
* 0001-cifs-utils-add-documentation-for-upcall_target.patch
* 0001-cifs.upcall-fix-memory-leaks-in-check_service_ticket.patch
- containerd
-
- Update to containerd v1.7.29. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.29>
* CVE-2024-25621 bsc#1253126
* CVE-2025-64329 bsc#1253132
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.28. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.28>
- curl
-
- Security fix: [bsc#1253757, CVE-2025-11563]
* curl: wcurl path traversal with percent-encoded slashes
* Add curl-CVE-2025-11563.patch
- elfutils
-
- Add elfutils-fix-large-alignment.diff and elfutils-pr28190.diff
to fix build/testsuite for more recent glibc and kernels.
- Add elfutils-fuzz-1.diff, elfutils-fuzz-2.diff,
elfutils-fuzz-3.diff, elfutils-fuzz-4.diff [bsc#1237236,
bsc#1237240, bsc#1237241, bsc#1237242].
- Add elfutils-fix-debuginfod-groom-race.diff to fix a testsuite
race in run-debuginfod-find.sh.
- glib2
-
- Add glib2-CVE-2025-7039.patch: fix computation of temporary file
name (bsc#1249055 CVE-2025-7039 glgo#GNOME/glib#3716).
- grub2
-
- Fix CVE-2025-54771 (bsc#1252931)
* 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
- Fix CVE-2025-54770 (bsc#1252930)
* 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
- Fix CVE-2025-61662 (bsc#1252933)
* 0003-gettext-gettext-Unregister-gettext-command-on-module.patch
- Fix CVE-2025-61663 (bsc#1252934)
- Fix CVE-2025-61664 (bsc#1252935)
* 0004-normal-main-Unregister-commands-on-module-unload.patch
* 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
- Fix CVE-2025-61661 (bsc#1252932)
* 0006-commands-usbtest-Use-correct-string-length-field.patch
* 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
- Bump upstream SBAT generation to 6
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
* 0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch
- Fix PPC CAS reboot failure work when initiated via submenu (bsc#1241132)
* 0001-Fix-PowerPC-CAS-reboot-to-evaluate-menu-context.patch
- Fix out of memory issue on PowerPC by increasing RMA size (bsc#1236744)
(bsc#1252269)
* 0001-powerpc-increase-MIN-RMA-size-for-CAS-negotiation.patch
- kernel-default
-
- nbd: restrict sockets to TCP and UDP (bsc#1252774
CVE-2025-40080).
- commit a7c3e39
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- commit 0f034b6
- Delete
patches.kabi/KVM-x86-pmu-Allow-programming-events-that-match-unsu.patch.
This avoids a kbuild error in check-patchrv. This patch is not needed
anyway since 4f5efb71e1f4.
- commit 624b1b2
- vhost: vringh: Modify the return value check (CVE-2025-40051
bsc#1252858).
- commit 80d9f20
- btrfs: fix the incorrect max_bytes value for
find_lock_delalloc_range() (git-fixes).
- commit 91a9728
- KVM: x86: Introduce kvm_x86_call() to simplify static calls
of kvm_x86_ops (git-fixes).
- Refresh
patches.suse/KVM-x86-Don-t-inject-PV-async-PF-if-SEND_ALWAYS-0-an.patch.
- Refresh
patches.suse/KVM-x86-Exit-to-userspace-if-fastpath-triggers-one-o.patch.
- Refresh patches.suse/KVM-x86-Introduce-kvm_set_mp_state.patch.
- Refresh
patches.suse/KVM-x86-Route-non-canonical-checks-in-emulator-throu.patch.
- Refresh
patches.suse/KVM-x86-model-canonical-checks-more-precisely.patch.
- commit 3454959
- KVM: x86: Replace static_call_cond() with static_call()
(git-fixes).
- commit 6bb685c
- Update
patches.suse/ACPI-x86-s2idle-Catch-multiple-ACPI_TYPE_PACKAGE-obj.patch
(git-fixes CVE-2023-53708 bsc#1252537).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-deference-in-try_to_.patch
(git-fixes CVE-2025-40085 bsc#1252873).
- Update
patches.suse/ALSA-usb-audio-fix-race-condition-to-UAF-in-snd_usbm.patch
(git-fixes CVE-2025-39997 bsc#1252056).
- Update
patches.suse/ASoC-qcom-audioreach-fix-potential-null-pointer-dere.patch
(git-fixes CVE-2025-40013 bsc#1252348).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-UAFs.patch
(git-fixes CVE-2025-39981 bsc#1252060).
- Update
patches.suse/Bluetooth-hci_event-Fix-UAF-in-hci_acl_create_conn_s.patch
(git-fixes CVE-2025-39982 bsc#1252083).
- Update
patches.suse/HID-amd_sfh-Fix-for-shift-out-of-bounds.patch
(bsc#1012628 CVE-2023-53703 bsc#1252553).
- Update
patches.suse/Input-uinput-zero-initialize-uinput_ff_upload_compat.patch
(git-fixes CVE-2025-40035 bsc#1252866).
- Update patches.suse/NFS-Fix-a-potential-data-corruption.patch
(git-fixes CVE-2023-53711 bsc#1252536).
- Update
patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch
(git-fixes CVE-2025-40087 bsc#1252909).
- Update
patches.suse/PCI-endpoint-pci-epf-test-Add-NULL-check-for-DMA-cha.patch
(git-fixes CVE-2025-40032 bsc#1252841).
- Update
patches.suse/RDMA-rxe-Fix-race-in-do_task-when-draining.patch
(git-fixes CVE-2025-40061 bsc#1252849).
- Update
patches.suse/Squashfs-fix-uninit-value-in-squashfs_get_parent.patch
(git-fixes CVE-2025-40049 bsc#1252822).
- Update
patches.suse/USB-gadget-Fix-the-memory-leak-in-raw_gadget-dr.patch
(bsc#1012628 CVE-2023-53693 bsc#1252489).
- Update
patches.suse/afs-Fix-potential-null-pointer-dereference-in-afs_put_server.patch
(git-fixes CVE-2025-40010 bsc#1252332).
- Update
patches.suse/arm64-csum-Fix-OoB-access-in-IP-checksum-code-for-ne.patch
(git-fixes CVE-2023-53726 bsc#1252565).
- Update
patches.suse/arm64-sme-Use-STR-P-to-clear-FFR-context-field-.patch
(bsc#1012628 CVE-2023-53713 bsc#1252559).
- Update
patches.suse/blk-iocost-use-spin_lock_irqsave-in-adjust_inus.patch
(bsc#1012628 CVE-2023-53730 bsc#1252495).
- Update
patches.suse/bus-fsl-mc-Check-return-value-of-platform_get_resour.patch
(git-fixes CVE-2025-40029 bsc#1252772).
- Update
patches.suse/can-etas_es58x-populate-ndo_change_mtu-to-prevent-bu.patch
(git-fixes CVE-2025-39988 bsc#1252074).
- Update
patches.suse/can-hi311x-populate-ndo_change_mtu-to-prevent-buffer.patch
(git-fixes CVE-2025-39987 bsc#1252079).
- Update
patches.suse/can-mcba_usb-populate-ndo_change_mtu-to-prevent-buff.patch
(git-fixes CVE-2025-39985 bsc#1252082).
- Update
patches.suse/can-peak_usb-fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2025-40020 bsc#1252679).
- Update
patches.suse/can-sun4i_can-populate-ndo_change_mtu-to-prevent-buf.patch
(git-fixes CVE-2025-39986 bsc#1252078).
- Update
patches.suse/clk-imx-clk-imx8mp-improve-error-handling-in-im.patch
(bsc#1012628 CVE-2023-53704 bsc#1252490).
- Update
patches.suse/clocksource-drivers-cadence-ttc-Fix-memory-leak.patch
(bsc#1012628 CVE-2023-53725 bsc#1252492).
- Update
patches.suse/crypto-essiv-Check-ssize-for-decryption-and-in-place.patch
(git-fixes CVE-2025-40019 bsc#1252678).
- Update
patches.suse/crypto-hisilicon-qm-set-NULL-to-qm-debug.qm_diff_reg.patch
(git-fixes CVE-2025-40062 bsc#1252850).
- Update
patches.suse/drm-amdgpu-Fix-integer-overflow-in-amdgpu_cs_p.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53707
bsc#1252632).
- Update
patches.suse/drm-gma500-Fix-null-dereference-in-hdmi-teardown.patch
(git-fixes CVE-2025-40011 bsc#1252336).
- Update
patches.suse/drm-sched-Fix-potential-double-free-in-drm_sched_job.patch
(git-fixes CVE-2025-40096 bsc#1252902).
- Update
patches.suse/fbcon-fix-integer-overflow-in-fbcon_do_set_font.patch
(git-fixes CVE-2025-39967 bsc#1252033).
- Update
patches.suse/fs-udf-fix-OOB-read-in-lengthAllocDescs-handling.patch
(git-fixes CVE-2025-40044 bsc#1252785).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_strcasecmp.patch
(git-fixes CVE-2025-40088 bsc#1252904).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2asc_followup.patch
(git-fixes CVE-2025-40082 bsc#1252775).
- Update
patches.suse/iommu-vt-d-Disallow-dirty-tracking-if-incoherent-pag.patch
(git-fixes CVE-2025-40058 bsc#1252854).
- Update
patches.suse/md-raid1-fix-potential-OOB-in-raid1_remove_disk-8b04.patch
(jsc#PED-7542 CVE-2023-53722 bsc#1252499).
- Update
patches.suse/media-b2c2-Fix-use-after-free-causing-by-irq_check_w.patch
(git-fixes CVE-2025-39996 bsc#1252065).
- Update
patches.suse/media-i2c-tc358743-Fix-use-after-free-bugs-caused-by.patch
(git-fixes CVE-2025-39995 bsc#1252064).
- Update
patches.suse/media-rc-fix-races-with-imon_disconnect.patch
(git-fixes CVE-2025-39993 bsc#1252070).
- Update
patches.suse/media-tuner-xc5000-Fix-use-after-free-in-xc5000_rele.patch
(git-fixes CVE-2025-39994 bsc#1252072).
- Update
patches.suse/media-uvcvideo-Mark-invalid-entities-with-id-UVC_INV.patch
(git-fixes CVE-2025-40016 bsc#1252346).
- Update
patches.suse/misc-fastrpc-fix-possible-map-leak-in-fastrpc_put_ar.patch
(git-fixes CVE-2025-40036 bsc#1252865).
- Update
patches.suse/net-nfc-nci-Add-parameter-validation-for-packet-data.patch
(git-fixes CVE-2025-40043 bsc#1252787).
- Update
patches.suse/net-sched-cls_u32-Undo-tcf_bind_filter-if-u32_r.patch
(bsc#1012628 CVE-2023-53733 bsc#1252685).
- Update
patches.suse/net-sched-fq_pie-avoid-stalls-in-fq_pie_timer.patch
(bsc#1220419 CVE-2023-53727 bsc#1252566).
- Update
patches.suse/netlink-fix-potential-deadlock-in-netlink_set_e.patch
(bsc#1012628 CVE-2023-53731 bsc#1252481).
- Update
patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch
(jsc#PED-5853 CVE-2023-53697 bsc#1252534).
- Update
patches.suse/posix-timers-Ensure-timer-ID-search-loop-limit-.patch
(bsc#1012628 CVE-2023-53728 bsc#1252668).
- Update
patches.suse/ring-buffer-Do-not-swap-cpu_buffer-during-resi.patch
(bsc#1012628 CVE-2023-53718 bsc#1252564).
- Update
patches.suse/riscv-move-memblock_allow_resize-after-linear-m.patch
(bsc#1012628 CVE-2023-53699 bsc#1252550).
- Update
patches.suse/smb-client-fix-crypto-buffers-in-non-linear-memory.patch
(bsc#1250491 boo#1239206 CVE-2025-40052 bsc#1252851).
- Update
patches.suse/soc-qcom-qmi_encdec-Restrict-string-length-in-decode.patch
(git-fixes CVE-2023-53729 bsc#1252496).
- Update
patches.suse/tty-n_gsm-Don-t-block-input-queue-by-waiting-MSC.patch
(git-fixes CVE-2025-40071 bsc#1252797).
- Update
patches.suse/wifi-ath11k-fix-NULL-dereference-in-ath11k_qmi_m3_lo.patch
(git-fixes CVE-2025-39991 bsc#1252075).
- Update
patches.suse/wifi-ath12k-Fix-a-NULL-pointer-dereference-in-ath12k.patch
(git-fixes CVE-2023-53721 bsc#1252561).
- Update
patches.suse/xfrm-xfrm_alloc_spi-shouldn-t-use-0-as-SPI.patch
(CVE-2025-39797 bsc#1249608 CVE-2025-39965 bsc#1251967).
- Update
patches.suse/xsk-fix-refcount-underflow-in-error-path.patch
(bsc#1012628 CVE-2023-53698 bsc#1252479).
- commit 9042362
- coresight: trbe: Return NULL pointer for allocation failures
(CVE-2025-40060 bsc#1252848).
- commit 4543e34
- regulator: bd718x7: Fix voltages scaled by resistor divider
(git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls
(git-fixes).
- commit 20abe4b
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89
(git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on
Iceland (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
(git-fixes).
- drm/amd/pm: fix smu table id bound check issue in
smu_cmn_update_table() (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs
(git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- commit acb4ea2
- smb: client: fix potential cfid UAF in smb2_query_info_compound
(bsc#1248886).
- commit 5e5239d
- vhost: vringh: Fix copy_to_iter return value check (CVE-2025-40056 bsc#1252826)
- commit 4efa16a
- btrfs: do not assert we found block group item when creating
free space tree (bsc#1252918 CVE-2025-40100).
- commit 327502f
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation
already running (git-fixes).
- commit f5ef369
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
(git-fixes).
- commit 8cb68fe
- KVM: x86/mmu: Prevent installing hugepages when mem attributes
are changing (git-fixes).
- commit 37d594a
- selftests/bpf: Fix a fd leak in error paths in open_netns
(git-fixes).
- commit 51d3745
- selftests/bpf: Fix umount cgroup2 error in test_sockmap
(git-fixes).
- commit 24ba5aa
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests
(git-fixes).
- commit 9809b14
- ACPI: video: Fix use-after-free in
acpi_video_switch_brightness() (git-fixes).
- ACPI: button: Call input_free_device() on failing input device
registration (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
(git-fixes).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: usb: asix_devices: Check return value of
usbnet_get_endpoints (git-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state
during reset (git-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
(git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in
standalone AP Mode (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table
(git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command
(git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp
intervals (git-fixes).
- commit cc1ca5e
- bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078
bsc#1252789).
- commit 6edd4b3
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
producer (git-fixes).
- commit fdfcdff
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
(git-fixes).
- commit cb2e3ab
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf()
(bsc#1252939).
- commit 7cb788c
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata
handling out of setup_vmcs_config()" (git-fixes).
- commit 769724a
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
(git-fixes).
- commit 40898e0
- hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent() (git-fixes).
- commit a2e4db9
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- commit 693ef92
- hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super() (git-fixes).
- commit 6aec9cc
- ARM: tegra: Use I/O memcpy to write to IRAM (CVE-2025-39794 bsc#1249595)
- commit ad8d355
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
(CVE-2025-40018 bsc#1252688).
- commit d48a123
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- commit 1a326b8
- Fix Git-commit for patches.suse/cxl-downgrade-a-warning-message-to-debug-level-in-cxl.patch.
- commit 31a5035
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog
types (bsc#1252364).
- commit 82fd58d
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request()
(git-fixes).
- commit fceae30
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
(CVE-2025-39978 bsc#1252069).
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
(CVE-2025-39955 bsc#1251804).
- commit 0468786
- Revert "e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898"
This reverts commit df2ae2c1bd0dd998b7e23e3d49e90e95ada467f0.
- commit 79fa523
- i40e: add max boundary check for VF filters (CVE-2025-39968
bsc#1252047).
- i40e: fix validation of VF state in get resources
(CVE-2025-39969 bsc#1252044).
- i40e: fix idx validation in i40e_validate_queue_map
(CVE-2025-39972 bsc#1252039).
- i40e: add validation for ring_len param (CVE-2025-39973
bsc#1252035).
- ice: fix Rx page leak on multi-buffer frames (CVE-2025-39948
bsc#1251233).
- qed: Don't collect too many protection override GRC elements
(CVE-2025-39949 bsc#1251177).
- commit 2c4293d
- Delete
patches.suse/cpuidle-menu-Avoid-discarding-useful-information.patch.
- commit c2e3ac6
- Delete
patches.suse/cpuidle-governors-menu-Avoid-using-invalid-recent-intervals-data.patch.
- commit b1a47b7
- nvme/tcp: handle tls partially sent records in write_space()
(git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition
(git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
(git-fixes).
- commit 4b35633
- ACPI: battery: Add synchronization between interface updates
(git-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check
(stable-fixes).
- ACPI: battery: Check for error code from devm_mutex_init()
call (git-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs
(stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- commit 7bacc8f
- wifi: rtw89: fix use-after-free in
rtw89_core_tx_kick_off_and_wait() (CVE-2025-40000 bsc#1252062).
- commit b7a479d
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- commit b185921
- misc: fastrpc: Save actual DMA size in fastrpc_map structure
(git-fixes).
- Refresh
patches.suse/misc-fastrpc-Skip-reference-for-DMA-handles.patch.
- commit b472422
- most: usb: hdm_probe: Fix calling put_device() before device
initialization (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
(git-fixes).
- serial: 8250_dw: handle reset control deassert error
(git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before
suspend (git-fixes).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers
(git-fixes).
- r8169: fix packet truncation after S4 resume on
RTL8168H/RTL8111H (git-fixes).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled
(stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm
(stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings
(git-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels
before release (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for
startup state machine (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling
(git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth
(stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500
(stable-fixes).
- media: nxp: imx8-isi: Drop unused argument to
mxc_isi_channel_chain() (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config
flag (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and
older (stable-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config
max_register value (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from
pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if
"ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- commit 9f99f4e
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing
in raw mode (git-fixes).
- drm/sched: Fix potential double free in
drm_sched_job_add_resv_dependencies (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height
check (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version
register (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm
fault info (git-fixes).
- drm/i915/guc: Skip communication warning on reset in progress
(git-fixes).
- drm/amd: Check whether secure display TA loaded successfully
(stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during
bind (stable-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference
in functions (stable-fixes).
- commit 110d102
- can: netlink: can_changelink(): allow disabling of automatic
restart (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb()
instead of can_dropped_invalid_skb() (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
(git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status
(git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection
(git-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034
codec (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in
try_to_register_card (git-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
(git-fixes).
- accel/qaic: Treat remaining == 0 as error in
find_and_map_user_pages() (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1
(stable-fixes).
- ACPI: property: Add code comments explaining what is going on
(stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists
(stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ACPI: battery: allocate driver data through devm_ APIs
(stable-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers
(stable-fixes).
- commit e53e617
- spi: cadence-quadspi: Implement refcount to handle unbind
during busy (CVE-2025-40005 bsc#1252349).
- commit 7406f70
- i40e: fix idx validation in config queues msg (CVE-2025-39971 bsc#1252052)
- commit 70699a8
- i40e: fix input validation logic for action_meta (CVE-2025-39970 bsc#1252051)
- commit 57401e3
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- commit 59db3fb
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- commit da235eb
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- commit 5587842
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- commit baef4e7
- NFSD: Rework encoding and decoding of nfsd4_deviceid
(git-fixes).
- commit 72f1d28
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
(git-fixes).
- commit a6f88ab
- xfs: rename the old_crc variable in xlog_recover_process
(git-fixes).
- commit 677fb8c
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (CVE-2025-39876 bsc#1250400)
- commit 137f367
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- commit c6a1bb4
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- commit 539da61
- proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653 bsc#1248630)
- commit bcff9b5
- ovl: fix file reference leak when submitting aio (stable-fixes).
- commit 57db5b5
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not
for Xen PV clock (git-fixes).
- commit 85e57cf
- KVM: x86: Don't bleed PVCLOCK_GUEST_STOPPED across PV clocks
(git-fixes).
- commit cd63f69
- KVM: x86: Process "guest stopped request" once per guest time
update (git-fixes).
- commit 29a55cf
- add bug reference to existing hv_netvsc change (bsc#1252265)
- commit 95261dd
- KVM: SVM: Inject #GP if memory operand for INVPCID is
non-canonical (git-fixes).
- commit ed9dfb1
- KVM: x86: Clear pv_unhalted on all transitions to
KVM_MP_STATE_RUNNABLE (git-fixes).
- commit f4d45de
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- commit 4b1f2ec
- NFS: Fix a race when updating an existing write (bsc#1249319
bsc#1252236 CVE-2025-39697).
- commit 40cab0c
- nfs: Add missing release on error in
nfs_lock_and_join_requests() (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit b903556
- nfs: fold nfs_page_group_lock_subrequests into
nfs_lock_and_join_requests (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit 13ceff1
- nfs: fold nfs_folio_find_and_lock_request into
nfs_lock_and_join_requests (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit 14874ac
- nfs: simplify nfs_folio_find_and_lock_request (bsc#1249319
bsc#1252236 CVE-2025-39697).
- commit 1b25c26
- nfs: remove nfs_folio_private_request (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit c28ea5d
- nfs: remove dead code for the old swap over NFS implementation
(bsc#1249319 bsc#1252236 CVE-2025-39697).
- Refresh
patches.suse/NFS-fix-nfs_release_folio-to-not-deadlock-via-kcompa.patch.
- commit e7a5c52
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common
x86 (git-fixes).
- commit 0bb2570
- overlayfs: set ctime when setting mtime and atime
(stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- ovl: Always reevaluate the file signature for IMA
(stable-fixes).
- commit 4cfc4ed
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911 bsc#1250704)
- commit 627f938
- sched: Fix sched_numa_find_nth_cpu() if mask offline (CVE-2025-39895 bsc#1250721)
- commit 581de7a
- sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812 bsc#1250202)
- commit 56a7db3
- ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702 bsc#1249317)
- commit 3d85c5c
- sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718 bsc#1249161)
- commit 0083867
- scsi: qla4xxx: Prevent a potential error pointer dereference (CVE-2025-39676 bsc#1249302)
- commit a3b8686
- net: usb: lan78xx: Add error handling to
lan78xx_init_mac_address (git-fixes).
- commit f1ec116
- net/mlx5e: Harden uplink netdev access against device unbind
(CVE-2025-39947 bsc#1251232).
- commit d4278a0
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
(git-fixes).
- commit 09e399f
- KVM: x86: Bypass register cache when querying CPL from
kvm_sched_out() (git-fixes).
- commit 27a06fc
- net: usb: lan78xx: fix use of improperly initialized dev->chipid
in lan78xx_reset (git-fixes).
- commit ad26239
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- commit db73d98
- usbnet: Fix using smp_processor_id() in preemptible code
warnings (git-fixes).
- commit b2c518b
- cpufreq: scmi: Account for malformed DT in
scmi_dev_used_by_cpus() (git-fixes).
- commit 149500a
- cpuidle: governors: menu: Avoid using invalid recent intervals
data (git-fixes).
- commit a4ef664
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(git-fixes).
- commit baddd40
- selftests/bpf: Fix backtrace printing for selftests crashes
(git-fixes).
- commit 63e24c4
- tools/resolve_btfids: Fix build when cross compiling kernel
with clang (git-fixes).
- commit f4f0a36
- samples/bpf: Fix compilation failure for samples/bpf on
LoongArch Fedora (git-fixes).
- commit fa036e9
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- commit d19eec5
- selftests/bpf: Fix compile if backtrace support missing in libc
(git-fixes).
- commit 3353a4b
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c
(git-fixes).
- commit b5270ce
- selftests/bpf: Fix C++ compile error from missing _Bool type
(git-fixes).
- commit 736692a
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- commit 8aa3099
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
(git-fixes).
- commit 35f5a49
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region
(git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event()
(git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86
platforms (git-fixes).
- commit 814983a
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'. This occurred in
commit c35dc3823d08 ("Update to 6.0-rc1") on master and in d016c04d731d
("Bump to 6.4 kernel (jsc#PED-4593)") for SLE15-SP6 (and onwards).
Update the documentation to reflect this change.
- commit f42ecf5
- ACPI: property: Do not pass NULL handles to acpi_attach_data()
(stable-fixes git-fixes).
- commit 19fb175
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
(stable-fixes).
- commit d0f4111
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
(git-fixes).
- commit 59c2171
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of
CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- commit 793bb70
- cpuidle: qcom-spm: fix device and OF node leaks at probe
(git-fixes).
- commit 39be628
- cpuidle: menu: Avoid discarding useful information
(stable-fixes).
- commit b136410
- cpufreq: tegra186: Set target frequency for all cpus in policy
(git-fixes).
- commit e1cfca8
- cpufreq: intel_pstate: Fix object lifecycle issue in
update_qos_request() (stable-fixes git-fixes).
- commit 8b10f36
- cpufreq: armada-8k: Fix off by one in
armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- commit 3e7dc0b
- cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
(stable-fixes).
- commit 2dde40f
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter
(bsc#1250650).
- commit 5925a0e
- sched/idle: Conditionally handle tick broadcast in
default_idle_call() (bsc#1248517).
- Update config files.
- commit 1a58311
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- Refresh
patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch.
- commit be42a2d
- perf/aux: Fix pending disable flow when the AUX ring buffer
overruns (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1
(git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized
(git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader
(git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS
records (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on SPR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on SNR (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task
exit (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
(git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint
type (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample
read (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for
OP PMU (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/x86/intel: Use better start period for frequency mode
(git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing
PEBS_DATA_CFG (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs()
(git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF
(git-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions
(git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- commit 76eb280
- tls: make sure to abort the stream if headers are bogus
(CVE-2025-39946 bsc#1251114).
- commit d62deaa
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc
(git-fixes).
- commit b2a359c
- selftests/bpf: Fix errors compiling cg_storage_multi.h with
musl libc (git-fixes).
- commit 799529b
- selftests/bpf: Fix errors compiling decap_sanity.c with musl
libc (git-fixes).
- commit f14b275
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl
libc (git-fixes).
- commit 498999e
- selftests/bpf: Fix compiling core_reloc.c with musl-libc
(git-fixes).
- commit eb3a7bd
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
(git-fixes).
- commit 109e7cc
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc
(git-fixes).
- commit 9b43d04
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc
(git-fixes).
- commit 442e8bf
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc
(git-fixes).
- commit 1f65169
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with
musl libc (git-fixes).
- commit 7613608
- selftests/bpf: Add test for unpinning htab with internal timer
struct (git-fixes).
- commit 8a1df26
- bpf: Avoid RCU context warning when unpinning htab with internal
structs (git-fixes).
- commit 73d4d2d
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
(git-fixes).
- commit 1a82fe5
- kabi: hide new member allow_subflows in struct mptcp_sock
(CVE-2025-38552 bsc#1248230).
- commit f51a25e
- mptcp: plug races between subflow fail and subflow creation
(CVE-2025-38552 bsc#1248230).
- Refresh
patches.kabi/kabi-hide-new-member-fallback_lock-in-struct-mptcp_s.patch.
(also delete outdated part of a comment)
- commit fdbbed8
- Update
patches.suse/ALSA-ac97-Fix-possible-NULL-dereference-in-snd_.patch
(bsc#1012628 CVE-2023-53648 bsc#1251750).
- Update
patches.suse/ASoC-codecs-wcd938x-fix-missing-mbhc-init-error.patch
(bsc#1012628 CVE-2023-53666 bsc#1251760).
- Update
patches.suse/ASoC-qcom-q6apm-lpass-dais-Fix-NULL-pointer-derefere.patch
(git-fixes CVE-2025-39938 bsc#1251134).
- Update
patches.suse/Bluetooth-hci_event-call-disconnect-callback-be.patch
(bsc#1012628 CVE-2023-53673 bsc#1251763).
- Update
patches.suse/HID-hyperv-avoid-struct-memcpy-overrun-warning.patch
(bsc#1012628 CVE-2023-53553 bsc#1251068).
- Update
patches.suse/KVM-nSVM-Check-instead-of-asserting-on-nested-TSC-sc.patch
(git-fixes CVE-2023-53663 bsc#1251290).
- Update
patches.suse/RDMA-rxe-Fix-incomplete-state-save-in-rxe_requester.patch
(git-fixes CVE-2023-53539 bsc#1251060).
- Update
patches.suse/USB-Gadget-core-Help-prevent-panic-during-UVC-.patch
(bsc#1012628 CVE-2023-53580 bsc#1251105).
- Update
patches.suse/accel-qaic-Fix-a-leak-in-map_user_pages.patch
(bsc#1012628 CVE-2023-53633 bsc#1251746).
- Update
patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-f.patch
(bsc#1012628 CVE-2023-53681 bsc#1251769).
- Update
patches.suse/bonding-do-not-assume-skb-mac_header-is-set.patch
(bsc#1012628 CVE-2023-53601 bsc#1251153).
- Update
patches.suse/bpf-Make-bpf_refcount_acquire-fallible-for-non-.patch
(bsc#1012628 CVE-2023-53645 bsc#1251321).
- Update
patches.suse/bpf-cpumap-Handle-skb-as-well-when-clean-up-pt.patch
(bsc#1012628 CVE-2023-53660 bsc#1251721).
- Update
patches.suse/bpf-cpumap-Make-sure-kthread-is-running-before.patch
(bsc#1012628 CVE-2023-53577 bsc#1251028).
- Update
patches.suse/bpf-reject-unhashed-sockets-in-bpf_sk_assign.patch
(jsc#PED-6811 CVE-2023-53585 bsc#1251126).
- Update
patches.suse/btrfs-insert-tree-mod-log-move-in-push_node_lef.patch
(bsc#1012628 CVE-2023-53538 bsc#1251024).
- Update
patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch
(git-fixes CVE-2023-53672 bsc#1251780).
- Update
patches.suse/btrfs-reject-invalid-reloc-tree-root-keys-with.patch
(bsc#1012628 CVE-2023-53618 bsc#1251748).
- Update
patches.suse/cifs-Release-folio-lock-on-fscache-read-hit.patch
(bsc#1012628 CVE-2023-53593 bsc#1251132).
- Update
patches.suse/cifs-fix-mid-leak-during-reconnection-after-tim.patch
(bsc#1012628 CVE-2023-53597 bsc#1251159).
- Update
patches.suse/clk-Fix-memory-leak-in-devm_clk_notifier_regist.patch
(bsc#1012628 CVE-2023-53674 bsc#1251764).
- Update
patches.suse/clk-imx-scu-use-_safe-list-iterator-to-avoid-a-.patch
(bsc#1012628 CVE-2023-53572 bsc#1251027).
- Update
patches.suse/cpufreq-amd-pstate-fix-global-sysfs-attribute-.patch
(bsc#1012628 CVE-2023-53550 bsc#1251071).
- Update
patches.suse/cpufreq-amd-pstate-ut-Fix-kernel-panic-when-loading-.patch
(git-fixes CVE-2023-53563 bsc#1251038).
- Update
patches.suse/crypto-af_alg-Fix-missing-initialisation-affecting-g.patch
(bsc#1216396 CVE-2023-53599 bsc#1251150).
- Update
patches.suse/crypto-af_alg-Set-merge-to-zero-early-in-af_alg_send.patch
(git-fixes CVE-2025-39931 bsc#1251100).
- Update
patches.suse/dax-Fix-dax_mapping_release-use-after-free.patch
(bsc#1012628 CVE-2023-53613 bsc#1251119).
- Update
patches.suse/drivers-base-Free-devm-resources-when-unregistering-.patch
(jsc#PED-6054 CVE-2023-53596 bsc#1251161).
- Update
patches.suse/drivers-perf-hisi-Don-t-migrate-perf-to-the-CPU.patch
(bsc#1012628 CVE-2023-53656 bsc#1251758).
- Update
patches.suse/drm-amdgpu-unmap-and-remove-csa_va-properly.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53545
bsc#1251084).
- Update
patches.suse/drm-bridge-anx7625-Fix-NULL-pointer-dereference-with.patch
(git-fixes CVE-2025-39934 bsc#1251146).
- Update
patches.suse/drm-i915-mark-requests-for-GuC-virtual-engines-to-av.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53552
bsc#1251065).
- Update
patches.suse/drm-i915-perf-add-sentinel-to-xehp_oa_b_counter.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53646
bsc#1251742).
- Update
patches.suse/ext4-fix-memory-leaks-in-ext4_fname_-setup_filename-.patch
(bsc#1214954 CVE-2023-53662 bsc#1251282).
- Update
patches.suse/fbdev-omapfb-lcd_mipid-Fix-an-error-handling-pa.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53650
bsc#1251283).
- Update
patches.suse/fprobe-Release-rethook-after-the-ftrace_ops-is-.patch
(bsc#1012628 CVE-2023-53557 bsc#1251054).
- Update
patches.suse/gfs2-Fix-possible-data-races-in-gfs2_show_opti.patch
(bsc#1012628 CVE-2023-53622 bsc#1251777).
- Update patches.suse/gpio-mvebu-fix-irq-domain-leak.patch
(bsc#1012628 CVE-2023-53579 bsc#1251170).
- Update
patches.suse/iavf-Fix-out-of-bounds-when-setting-channels-on.patch
(bsc#1012628 CVE-2023-53659 bsc#1251247).
- Update patches.suse/iavf-Fix-use-after-free-in-free_netdev.patch
(bsc#1012628 CVE-2023-53556 bsc#1251059).
- Update
patches.suse/ice-Don-t-tx-before-switchdev-is-fully-configured.patch
(jsc#PED-4876 CVE-2023-53657 bsc#1251319).
- Update
patches.suse/ip_vti-fix-potential-slab-use-after-free-in-de.patch
(bsc#1012628 CVE-2023-53559 bsc#1251052).
- Update patches.suse/ipmi_si-fix-a-memleak-in-try_smi_init.patch
(git-fixes CVE-2023-53611 bsc#1251123).
- Update
patches.suse/jfs-fix-invalid-free-of-JFS_IP-ipimap-i_imap-in-diUnmount.patch
(git-fixes CVE-2023-53616 bsc#1251215).
- Update
patches.suse/md-don-t-dereference-mddev-after-export_rdev-7dea.patch
(jsc#PED-7542 CVE-2023-53665 bsc#1251270).
- Update
patches.suse/media-amphion-fix-REVERSE_INULL-issues-reported-by-c.patch
(git-fixes CVE-2023-53653 bsc#1251755).
- Update
patches.suse/memcontrol-ensure-memcg-acquired-by-id-is-properly-s.patch
(git-fixes CVE-2023-53621 bsc#1251323).
- Update
patches.suse/mm-damon-core-initialize-damo_filter-list-from.patch
(bsc#1012628 CVE-2023-53555 bsc#1251056).
- Update
patches.suse/msft-hv-2870-Drivers-hv-vmbus-Don-t-dereference-ACPI-root-object-.patch
(git-fixes CVE-2023-53647 bsc#1251732).
- Update
patches.suse/mtd-rawnand-brcmnand-Fix-potential-out-of-bounds-acc.patch
(git-fixes CVE-2023-53541 bsc#1251043).
- Update
patches.suse/net-handshake-fix-null-ptr-deref-in-handshake_nl_don.patch
(bsc#1220419 CVE-2023-53686 bsc#1251771).
- Update
patches.suse/net-mlx5-DR-fix-memory-leak-in-mlx5dr_cmd_crea.patch
(bsc#1012628 CVE-2023-53546 bsc#1251079).
- Update
patches.suse/net-mlx5e-Check-for-NOT_READY-flag-state-after-.patch
(bsc#1012628 CVE-2023-53581 bsc#1251106).
- Update
patches.suse/net-mlx5e-Take-RTNL-lock-when-needed-before-ca.patch
(bsc#1012628 CVE-2023-53632 bsc#1251269).
- Update
patches.suse/net-rfkill-gpio-Fix-crash-due-to-dereferencering-uni.patch
(git-fixes CVE-2025-39937 bsc#1251143).
- Update
patches.suse/net-usbnet-Fix-WARNING-in-usbnet_start_xmit-us.patch
(bsc#1012628 CVE-2023-53548 bsc#1251066).
- Update
patches.suse/netfilter-conntrack-Avoid-nf_ct_helper_hash-use.patch
(bsc#1012628 CVE-2023-53619 bsc#1251743).
- Update patches.suse/nvme-core-fix-dev_pm_qos-memleak.patch
(bsc#1012628 CVE-2023-53670 bsc#1251762).
- Update
patches.suse/octeon_ep-cancel-queued-works-in-probe-error-p.patch
(bsc#1012628 CVE-2023-53638 bsc#1251328).
- Update
patches.suse/octeontx2-af-Add-validation-before-accessing-cg.patch
(bsc#1012628 CVE-2023-53654 bsc#1251756).
- Update
patches.suse/perf-RISC-V-Remove-PERF_HES_STOPPED-flag-checki.patch
(bsc#1012628 CVE-2023-53583 bsc#1251108).
- Update
patches.suse/perf-trace-Really-free-the-evsel-priv-area.patch
(perf-v6.7 (jsc#PED-6012 jsc#PED-6121) CVE-2023-53649
bsc#1251749).
- Update
patches.suse/platform-x86-dell-sysman-Fix-reference-leak.patch
(git-fixes CVE-2023-53631 bsc#1251529).
- Update
patches.suse/rcu-tasks-Avoid-pr_info-with-spin-lock-in-cblis.patch
(bsc#1012628 CVE-2023-53558 bsc#1251081).
- Update
patches.suse/ring-buffer-Fix-deadloop-issue-on-reading-trace.patch
(bsc#1012628 CVE-2023-53668 bsc#1251286).
- Update
patches.suse/s390-zcrypt-don-t-leak-memory-if-dev_set_name-fails.patch
(git-fixes bsc#1215143 CVE-2023-53568 bsc#1251035).
- Update
patches.suse/scsi-qla2xxx-Avoid-fcport-pointer-dereference.patch
(bsc#1012628 CVE-2023-53603 bsc#1251180).
- Update
patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch
(git-fixes CVE-2023-53615 bsc#1251113).
- Update
patches.suse/soc-aspeed-socinfo-Add-kfree-for-kstrdup.patch
(bsc#1012628 CVE-2023-53617 bsc#1251268).
- Update
patches.suse/spi-bcm-qspi-return-error-if-neither-hif_mspi-n.patch
(bsc#1012628 CVE-2023-53658 bsc#1251759).
- Update
patches.suse/staging-ks7010-potential-buffer-overflow-in-ks_.patch
(bsc#1012628 CVE-2023-53554 bsc#1251057).
- Update
patches.suse/tracing-histograms-Add-histograms-to-hist_vars-.patch
(bsc#1012628 CVE-2023-53560 bsc#1251045).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c-832e231.patch
(bsc#1012628 CVE-2023-53687 bsc#1251772).
- Update
patches.suse/tunnels-fix-kasan-splat-when-generating-ipv4-p.patch
(bsc#1012628 CVE-2023-53600 bsc#1251152).
- Update
patches.suse/vdpa-Add-features-attr-to-vdpa_nl_policy-for-n.patch
(bsc#1012628 CVE-2023-53652 bsc#1251754).
- Update
patches.suse/vdpa-Add-max-vqp-attr-to-vdpa_nl_policy-for-nl.patch
(bsc#1012628 CVE-2023-53543 bsc#1251083).
- Update
patches.suse/wifi-ath11k-fix-memory-leak-in-WMI-firmware-sta.patch
(bsc#1012628 CVE-2023-53602 bsc#1251076).
- Update
patches.suse/wifi-cfg80211-reject-auth-assoc-to-AP-with-our-addre.patch
(git-fixes CVE-2023-53540 bsc#1251053).
- Update
patches.suse/wifi-iwlwifi-mvm-fix-potential-array-out-of-bou.patch
(bsc#1012628 CVE-2023-53575 bsc#1251067).
- Update
patches.suse/wifi-mac80211-check-for-station-first-in-client-prob.patch
(git-fixes CVE-2023-53588 bsc#1251206).
- Update
patches.suse/wifi-mac80211-increase-scan_ies_len-for-S1G.patch
(stable-fixes CVE-2025-39957 bsc#1251810).
- Update
patches.suse/wifi-nl80211-fix-integer-overflow-in-nl80211_p.patch
(bsc#1012628 CVE-2023-53570 bsc#1251031).
- Update
patches.suse/wifi-rtw88-delete-timer-and-free-skb-queue-when-unlo.patch
(git-fixes CVE-2023-53574 bsc#1251222).
- Update
patches.suse/wifi-wilc1000-avoid-buffer-overflow-in-WID-string-co.patch
(stable-fixes CVE-2025-39952 bsc#1251216).
- commit 56ea93d
- iommu/vt-d: Disallow dirty tracking if incoherent page walk
(git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- commit 9da1184
- mm/page_alloc: fix race condition in unaccepted memory handling
(CVE-2025-38008 bsc#1244939).
- commit b445cb1
- mm/slub: avoid accessing metadata when pointer is invalid in
object_err() (CVE-2025-39902 bsc#1250702).
- commit 46c39b3
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
(git-fixes).
- commit b115f79
- tracing: Fix filter string testing (git-fixes).
- commit 864d37b
- selftests/tracing: Fix event filter test to retry up to 10 times
(git-fixes).
- commit a9de969
- tracing/selftests: Fix kprobe event name test for
.isra. functions (git-fixes).
- commit 6a094d4
- bpf: Check link_create.flags parameter for multi_kprobe
(git-fixes).
- commit 0e75825
- bpf: Check link_create.flags parameter for multi_uprobe
(git-fixes).
- commit 10550c7
- ftrace: fix incorrect hash size in register_ftrace_direct()
(git-fixes).
- commit 9288055
- bpf: Use preempt_count() directly in bpf_send_signal_common()
(git-fixes).
- commit 9258f2a
- tracing: Correct the refcount if the hist/hist_debug file
fails to open (git-fixes).
- commit 6e8ac35
- module: Prevent silent truncation of module name in
delete_module(2) (git-fixes).
- commit 44dc7b7
- tracing: Add down_write(trace_event_sem) when adding trace event
(bsc#1248211 CVE-2025-38539).
- commit b1816b0
- tracing: Limit access to parser->buffer when trace_get_user
failed (bsc#1249286 CVE-2025-39683).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- commit 8eaad3a
- ftrace: Also allocate and copy hash for reading of filter files
(bsc#1250032 CVE-2025-39813).
- commit 69f706b
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan
timer in probe (git-fixes).
- commit 4cb2ef2
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
(git-fixes).
- commit eb03975
- ftrace: Fix potential warning in trace_printk_seq during
ftrace_dump (bsc#1250032 CVE-2025-39813).
- commit 287d6f8
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- commit 753f6d8
- trace/fgraph: Fix the warning caused by missing unregister
notifier (bsc#1248211 CVE-2025-38539).
- commit 739d6c6
- i2c: ocores: use devm_ managed clks (git-fixes).
- commit bc09888
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- commit fbae6a0
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- commit 2464609
- net: mana: Use page pool fragments for RX buffers instead of
full pages to improve memory efficiency (bsc#1248754).
- cnic: Fix use-after-free bugs in cnic_delete_task
(CVE-2025-39945 bsc#1251230).
- commit 8a42c4d
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- commit 8628058
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue
(bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- KVM: PPC: Fix misleading interrupts comment in
kvmppc_prepare_to_enter() (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- commit c79aae4
- crypto: rng - Ensure set_ent is always present (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions
(stable-fixes).
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
(stable-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release
(git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm
(stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious
8042 quirks list (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: hi311x: fix null pointer dereference when resuming from
sleep before interface was enabled (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
(stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042
list (stable-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221
(stable-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- commit 6771085
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- commit 3f4b7b9
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
(git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
(git-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep
(git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
(git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer
size (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines
tear down (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place
encryption (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
(git-fixes).
- commit a90f502
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory
is allocated (CVE-2025-38700 bsc#1249182).
- scsi: bfa: Double-free fix (CVE-2025-38699 bsc#1249224).
- commit d981d82
- Update
patches.suse/scsi-lpfc-Fix-buffer-free-clear-order-in-deferred-re.patch
(bsc#1250519 CVE-2025-39841 bsc#1250274).
added CVE number and associated bsc
- commit 11a7724
- KVM: x86: Snapshot the host's DEBUGCTL in common x86
(git-fixes).
- commit 090e1cd
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the
STI shadow (git-fixes).
- Refresh
patches.suse/x86-bugs-Add-a-Transient-Scheduler-Attacks-mitigation.patch.
- commit ab98159
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- commit 3926356
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES
guest (git-fixes).
- commit 1163dde
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- commit 0fe255d
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to
kvm_get_cached_sw_exit_code() (git-fixes).
- commit 16f8d6e
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL
deadlock (git-fixes).
- commit 4ae0d43
- fs: writeback: fix use-after-free in __mark_inode_dirty()
(bsc#1250455 CVE-2025-39866).
- commit 5efc627
- kernfs: Fix UAF in polling when open file is released
(bsc#1250379 CVE-2025-39881).
- commit 278aed0
- fs: Prevent file descriptor table allocations exceeding INT_MAX
(bsc#1249512 CVE-2025-39756).
- commit eec00db
- ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options() (git-fixes).
- commit b98ec86
- ext4: fix checks for orphan inodes (bsc#1250119).
- commit 63ca2b0
- ext4: fix hole length calculation overflow in non-extent inodes
(git-fixes).
- commit 61cf4bb
- ext4: don't try to clear the orphan_present feature block
device is r/o (git-fixes).
- commit f4163bf
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- commit 97b5bdf
- ext4: fix fsmap end of range reporting with bigalloc
(git-fixes).
- commit 91e12c8
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- commit 42b6930
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- commit 4260078
- ext4: fix largest free orders lists corruption on
mb_optimize_scan switch (git-fixes).
- commit 17d92cc
- ext4: fix zombie groups in average fragment size lists
(git-fixes).
- commit 321e541
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- commit 83487b1
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- commit e58bd69
- netfilter: nft_objref: validate objref and objrefmap expressions
(bsc#1250237).
No CVE available yet, please see the bugzilla ticket referenced.
- commit 71d77ae
- ext4: fix calculation of credits for extent tree modification
(git-fixes).
- commit 9ee5795
- ext4: reorder capability check last (git-fixes).
- commit ed8a5ff
- jbd2: do not try to recover wiped journal (git-fixes).
- commit 71d37b6
- ext4: do not convert the unwritten extents if data writeback
fails (git-fixes).
- commit 9294482
- iomap: handle a post-direct I/O invalidate race in
iomap_write_delalloc_release (git-fixes).
- commit 1023af1
- iomap: Fix iomap_adjust_read_range for plen calculation
(git-fixes).
- commit dab9a8e
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- commit ab7fa65
- udf: Verify partition map count (git-fixes).
- commit acb53b7
- udf: Make sure i_lenExtents is uptodate on inode eviction
(git-fixes).
- commit 1f76b28
- isofs: Verify inode mode when loading from disk (git-fixes).
- commit 96bc3c7
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox
cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in
zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant
mbox_controller_unregister() call (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to
avoid info leak (git-fixes).
- commit c2e0f2f
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- commit cf556af
- KVM: x86: Don't inject PV async #PF if SEND_ALWAYS=0 and guest
state is protected (git-fixes).
- commit fa670d1
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args
(git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure
(git-fixes).
- staging: axis-fifo: fix maximum TX packet length check
(git-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to
clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m
(git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks
(git-fixes).
- commit ecaf254
- smb: client: fix crypto buffers in non-linear memory
(bsc#1250491, boo#1239206).
- commit b5fc334
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
kABI fixup for 474538b8dd1cd9c666e56cfe8ef60fbb0fb513f4
- commit 6d76064
- kABI workaround for struct atmdev_ops extension (CVE-2025-39828
bsc#1250205).
- commit ece3f96
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-not-checking-l2cap_chan-security.patch.
- commit 85c9004
- Refresh
patches.suse/Bluetooth-hci_core-Fix-calling-mgmt_device_connected.patch.
- commit 9720dbb
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
(git-fixes).
- commit c2be588
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
(git-fixes).
- commit 7b5a68a
- sunrpc: fix null pointer dereference on zero-length checksum
(git-fixes).
- commit c4c654a
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control()
(CVE-2025-39828 bsc#1250205).
- commit a2ac627
- e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898
bsc#1250742).
- vxlan: Fix NPD when refreshing an FDB entry with a nexthop
object (CVE-2025-39851 bsc#1250296).
- commit df2ae2c
- kmod
-
- man: modprobe.d: document the config file order handling (bsc#1253741)
* man-modprobe.d-document-the-config-file-order-handling.patch
- krb5
-
- Remove des3-cbc-sha1 and arcfour-hmac-md5 from permitted
enctypes unless new special options "allow_des3" or "allow_rc4"
are set; (CVE-2025-3576); (bsc#1241219).
- Add patch 0015-CVE-2025-3576.patch
- freetype2
-
- package FTL.TXT and GPLv2.TXT as %license [bsc#1252148]
- gnutls
-
- Security fix bsc#1254132 CVE-2025-9820
* Fix buffer overflow in gnutls_pkcs11_token_init
* Added gnutls-CVE-2025-9820.patch
- gpgme
-
- Treat empty DISPLAY variable as unset. [bsc#1252425, bsc#1231055]
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Add gpgme-Treat-empty-DISPLAY-variable-as-unset.patch
* Reported upstream: dev.gnupg.org/T7919
- pciutils
-
- Synchronize SLE-12 and openSUSE:Factory [jsc#PED-4587].
The following patches are now obsolete in version 3.13.0:
* add-decoding-of-vendor-specific-vpd-fields.patch
* pciutils-3.1.7-fix-memory-leak-in-get_cache_name.patch
* pciutils-3.2.0_update-dist.patch
* pciutils-3.5.1-add-support-for-32-bit-pci-domains.patch
* pciutils-lspci-Correct-Root-Capabilities-CRS-Software-Visibil.patch
* show-gen4-speed-properly.patch
- Synchronize SLE-15 and openSUSE:Factory [jsc#PED-8393, bsc#1224138].
The following patches are now obsolete in version 3.13.0:
* lspci-Fixed-buffer-overflows-in-ls-tree.c.patch
* pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
* pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
* pciutils-Add-decoding-of-vendor-specific-VPD-fields.patch
* pciutils-VPD-Cleanup.patch
* pciutils-VPD-When-printing-item-IDs-escape-non-ASCII-characte.patch
- update to 3.13.0:
* lspci decodes CXL 1.1 device link status information.
* Further development of the pcilmr (the link margining
utility)
* Dump parsing supports 6-digit domain numbers.
* Bug fixes in PCIe link state reporting.
* Decode more fields in PCIe AER capability.
* Fixed build on Linux systems with musl libc.
* Updated pci.ids.
- update to 3.12.0:
* lspci decodes the IDE (Integrity & Data Encryption) and
TEE-IO extended capabilities.
* Optimization flags used for compiling individual object files
should be the same as optimization flags for linking the final
executable to make link-time optimization possible.
* no longer look up subsystems in the HWDB
* Updated pci.ids
- include changes from 3.11:
* update-pciids now supports XZ compression
* update-pciids now sends itself as the User-Agent.
* Added a pcilmr utility for PCIe lane margining
* ECAM back-end now scans ACPI and BIOS memory faster.
* Linux systems without pread/pwrite are no longer supported
* Improved decoding of PCIe control and status registers.
* Decoding of CXL capabilities now supports up to CXL 3.0.
* lspci now displays interrupt message numbers consistently across
different capabilities.
* Cache of IDs resolved via DNS, which was located in ~/.pci-ids
by default, is now stored according to the XDG base directory
specification in $XDG_CACHE_HOME/pci-ids.
* All source files now have SPDX license identifiers.
* various minor bug fixes and updated pci.ids.
- python3
-
- Add CVE-2025-6075-expandvars-perf-degrad.patch avoid simple
quadratic complexity vulnerabilities of os.path.expandvars()
(CVE-2025-6075, bsc#1252974).
- Rename
0001-allow-for-reproducible-builds-of-python-packages.patch to
allow-for-reproducible-builds-of-python-packages.patch because
with switch to git such names are dangerous.
- Add CVE-2025-8291-consistency-zip64.patch which checks
consistency of the zip64 end of central directory record, and
preventing obfuscation of the payload, i.e., you scanning for
malicious content in a ZIP file with one ZIP parser (let's say
a Rust one) then unpack it in production with another (e.g.,
the Python one) and get malicious content that the other parser
did not see (CVE-2025-8291, bsc#1251305)
- Readjust patches while synchronizing between openSUSE and SLE trees:
- 99366-patch.dict-can-decorate-async.patch
- CVE-2007-4559-filter-tarfile_extractall.patch
- CVE-2020-10735-DoS-no-limit-int-size.patch
- CVE-2024-6232-ReDOS-backtrack-tarfile.patch
- CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
- CVE-2025-8194-tarfile-no-neg-offsets.patch
- python-3.6.0-multilib-new.patch
- python3-sorted_tar.patch
- cyrus-sasl
-
- Python3 error log upon importing pycurl (bsc#1233529)
Remove senceless log message.
* add remove-senceless-log.patch
- libselinux
-
- Ship license file (bsc#1252160)
- systemd
-
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
- openssh
-
- Add openssh-cve-2025-61984-username-validation.patch
(bsc#1251198, CVE-2025-61984).
- Add openssh-cve-2025-61985-nul-url-encode.patch
(bsc#1251199, CVE-2025-61985).
- runc
-
- Update to runc v1.3.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362
- Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
- Remove upstreamed patches for bsc#1252232:
- 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Backport patches for three CVEs. All three vulnerabilities ultimately allow
(through different methods) for full container breakouts by bypassing runc's
restrictions for writing to arbitrary /proc files. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
+ 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Update to runc v1.2.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.7>.
- Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
- Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
- Fix runc 1.3.x builds on SLE-12 by enabling --std=gnu11.
- Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
- SLES-release
-
- Clear codestream EOL for better readability.
- Adjust EOL in preparation for LTSS.
- vim
-
- Fix for bsc#1250593.
- Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless).
- Fix for bsc#1229750.
- nocompatible must be set before the syntax highlighting is turned on.