- bash
-
- Add patch bsc1245199.patch
* Fix histfile missing timestamp for the oldest record (bsc#1245199)
- bind
-
- Upgrade to release 9.20.15
Security Fixes:
* DNSSEC validation fails if matching but invalid DNSKEY is found.
[CVE-2025-8677, bsc#1252378]
* Address various spoofing attacks.
[CVE-2025-40778, bsc#1252379]
* Cache-poisoning due to weak pseudo-random number generator.
[CVE-2025-40780, bsc#1252380]
New Features:
* Add dnssec-policy keys configuration check to named-checkconf.
* Add a new option `manual-mode` to dnssec-policy.
* Add a new option `servfail-until-ready` to response-policy
zones.
* Support for parsing HHIT and BRID records has been added.
* Support for parsing DSYNC records has been added.
Removed Features:
* Deprecate the `tkey-gssapi-credential` statement.
* Obsolete the `tkey-domain` statement.
Feature Changes:
* Add deprecation warnings for RSASHA1, RSASHA1-NSEC3SHA1, and DS
digest type 1.
Bug Fixes:
* Missing DNSSEC information when CD bit is set in query.
* rndc sign during ZSK rollover will now replace signatures.
* Use signer name when disabling DNSSEC algorithms.
* Preserve cache when reload fails and reload the server again.
* Prevent spurious SERVFAILs for certain 0-TTL resource records.
* Fix unexpected termination if catalog-zones had undefined
`default-primaries`.
* Stale RRsets in a CNAME chain were not always refreshed.
* Add RPZ extended DNS error for zones with a CNAME override
policy configured.
* Fix dig +keepopen option.
* Log dropped or slipped responses in the query-errors category.
* Fix synth-from-dnssec not working in some scenarios.
* Clean enough memory when adding new ADB names/entries under
memory pressure.
* Prevent spurious validation failures.
- Obsoletes
bind-ensure-file-descriptors-0-2-are-in-use-before-using-.patch
- chrony
-
- bsc#1246544: Fix racy socket creation
* Add chrony-unix-socket.patch
* Add chrony-remove-chmod.patch
- Use make quickcheck to speedup build.
- cifs-utils
-
- Add patches:
* 0001-cifs-utils-Skip-TGT-check-if-valid-service-ticket-is.patch (bsc#1248816)
* 0001-setcifsacl-fix-memory-allocation-for-struct-cifs_ace.patch
* 0001-cifs.upcall-fix-UAF-in-get_cachename_from_process_en.patch
* 0001-cifs-utils-avoid-using-mktemp-when-updating-mtab.patch
* 0001-cifs-utils-add-documentation-for-upcall_target.patch
* 0001-cifs.upcall-fix-memory-leaks-in-check_service_ticket.patch
- containerd
-
- Update to containerd v1.7.29. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.29>
* CVE-2024-25621 bsc#1253126
* CVE-2025-64329 bsc#1253132
- Rebase patches:
* 0001-BUILD-SLE12-revert-btrfs-depend-on-kernel-UAPI-inste.patch
- Update to containerd v1.7.28. Upstream release notes:
<https://github.com/containerd/containerd/releases/tag/v1.7.28>
- curl
-
- Security fix: [bsc#1253757, CVE-2025-11563]
* curl: wcurl path traversal with percent-encoded slashes
* Add curl-CVE-2025-11563.patch
- python-kiwi
-
- Fix provides and obsoletes
When upgrading kiwi from a system that has still the old
python3-kiwi but not the new python311-kiwi installed the upgrade
fails because it tries to install one of the versioned sub-packages
that exists only once from python311-kiwi and in a higher version.
As such the install attempt becomes an unresolvable. The correct
behavior would be that the install moves from python3-kiwi to
python311-kiwi and its dependent sub-packages. This can be done
by a correct provides and obsoletes information. bsc#1250754
- Support older schemas
Move back upstream obsoleted schema versions to this code stream.
On SLE15 many image descriptions uses very old schemas and would
fail to build. As such we try to auto convert using the upstream
obsoleted XSL templates
- Port kiwi upstream changes to SLE15
This porting effort fixes bsc#1250754
- ECO: Update kiwi in SLE15
With this patchset we update kiwi in SLE15, fixing the
following main defects and move to the python 3.11 stack
- Fixed get_partition_node_name bsc#1245190
- Add new eficsm type attribute bsc#1243381
This is related to jsc#ped-13168
- Fixed get_partition_node_name
The function get_partition_node_name takes the disk device
and the partition index as arguments to match against the
respective device node for this partition index. The partition
index is the position of the partition in the partition table
according to their start offset. For the code to function
properly it is required that the list of partitions provided
by lsblk is ordered according to the start address of the
partitions in the table. The way lsblk was called did not
enforce this ordering. This commit enforces the order to
be done against the start offset and fixes bsc#1245190
- Add new eficsm type attribute
Allow to produce EFI/UEFI images without hybrid CSM capabilities.
This is a reference commit for SLES. backport from upstream. See
https://github.com/SUSE/kiwi_sle15/pull/22 for details.
This Fixes bsc#1243381
- Fix F824 flake check for global assignments
- dracut
-
- Update to version 059+suse.566.gc1c35aa5:
* fix(kernel-modules-extra): remove stray \ before / (bsc#1253029)
- elfutils
-
- Add elfutils-fix-large-alignment.diff and elfutils-pr28190.diff
to fix build/testsuite for more recent glibc and kernels.
- Add elfutils-fuzz-1.diff, elfutils-fuzz-2.diff,
elfutils-fuzz-3.diff, elfutils-fuzz-4.diff [bsc#1237236,
bsc#1237240, bsc#1237241, bsc#1237242].
- Add elfutils-fix-debuginfod-groom-race.diff to fix a testsuite
race in run-debuginfod-find.sh.
- glib2
-
- Add glib2-CVE-2025-7039.patch: fix computation of temporary file
name (bsc#1249055 CVE-2025-7039 glgo#GNOME/glib#3716).
- grub2
-
- Fix CVE-2025-54771 (bsc#1252931)
* 0001-kern-file-Call-grub_dl_unref-after-fs-fs_close.patch
- Fix CVE-2025-54770 (bsc#1252930)
* 0002-net-net-Unregister-net_set_vlan-command-on-unload.patch
- Fix CVE-2025-61662 (bsc#1252933)
* 0003-gettext-gettext-Unregister-gettext-command-on-module.patch
- Fix CVE-2025-61663 (bsc#1252934)
- Fix CVE-2025-61664 (bsc#1252935)
* 0004-normal-main-Unregister-commands-on-module-unload.patch
* 0005-tests-lib-functional_test-Unregister-commands-on-mod.patch
- Fix CVE-2025-61661 (bsc#1252932)
* 0006-commands-usbtest-Use-correct-string-length-field.patch
* 0007-commands-usbtest-Ensure-string-length-is-sufficient-.patch
- Bump upstream SBAT generation to 6
- Fix timeout when loading initrd via http after PPC CAS reboot (bsc#1245953)
* 0001-tcp-Fix-TCP-port-number-reused-on-reboot.patch
- kernel-default
-
- kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
- commit 0f034b6
- Delete
patches.kabi/KVM-x86-pmu-Allow-programming-events-that-match-unsu.patch.
This avoids a kbuild error in check-patchrv. This patch is not needed
anyway since 4f5efb71e1f4.
- commit 624b1b2
- vhost: vringh: Modify the return value check (CVE-2025-40051
bsc#1252858).
- commit 80d9f20
- btrfs: fix the incorrect max_bytes value for
find_lock_delalloc_range() (git-fixes).
- commit 91a9728
- KVM: x86: Introduce kvm_x86_call() to simplify static calls
of kvm_x86_ops (git-fixes).
- Refresh
patches.suse/KVM-x86-Don-t-inject-PV-async-PF-if-SEND_ALWAYS-0-an.patch.
- Refresh
patches.suse/KVM-x86-Exit-to-userspace-if-fastpath-triggers-one-o.patch.
- Refresh patches.suse/KVM-x86-Introduce-kvm_set_mp_state.patch.
- Refresh
patches.suse/KVM-x86-Route-non-canonical-checks-in-emulator-throu.patch.
- Refresh
patches.suse/KVM-x86-model-canonical-checks-more-precisely.patch.
- commit 3454959
- KVM: x86: Replace static_call_cond() with static_call()
(git-fixes).
- commit 6bb685c
- Update
patches.suse/fbdev-simplefb-Fix-use-after-free-in-simplefb_detach.patch
(git-fixes CVE-2025-40037 bsc#1252819).
- Update
patches.suse/ixgbe-fix-too-early-devlink_free-in-ixgbe_remove.patch
(git-fixes CVE-2025-40091 bsc#1252915).
- Update
patches.suse/ixgbevf-fix-mailbox-API-compatibility-by-negotiating.patch
(bsc#1247222 CVE-2025-40104 bsc#1252921).
- commit 7ff6ed4
- Update
patches.suse/ACPI-x86-s2idle-Catch-multiple-ACPI_TYPE_PACKAGE-obj.patch
(git-fixes CVE-2023-53708 bsc#1252537).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-deference-in-try_to_.patch
(git-fixes CVE-2025-40085 bsc#1252873).
- Update
patches.suse/ALSA-usb-audio-fix-race-condition-to-UAF-in-snd_usbm.patch
(git-fixes CVE-2025-39997 bsc#1252056).
- Update
patches.suse/ASoC-qcom-audioreach-fix-potential-null-pointer-dere.patch
(git-fixes CVE-2025-40013 bsc#1252348).
- Update patches.suse/Bluetooth-MGMT-Fix-possible-UAFs.patch
(git-fixes CVE-2025-39981 bsc#1252060).
- Update
patches.suse/Bluetooth-hci_event-Fix-UAF-in-hci_acl_create_conn_s.patch
(git-fixes CVE-2025-39982 bsc#1252083).
- Update
patches.suse/HID-amd_sfh-Fix-for-shift-out-of-bounds.patch
(bsc#1012628 CVE-2023-53703 bsc#1252553).
- Update
patches.suse/Input-uinput-zero-initialize-uinput_ff_upload_compat.patch
(git-fixes CVE-2025-40035 bsc#1252866).
- Update patches.suse/NFS-Fix-a-potential-data-corruption.patch
(git-fixes CVE-2023-53711 bsc#1252536).
- Update
patches.suse/NFSD-Define-a-proc_layoutcommit-for-the-FlexFiles-layout-type.patch
(git-fixes CVE-2025-40087 bsc#1252909).
- Update
patches.suse/PCI-endpoint-pci-epf-test-Add-NULL-check-for-DMA-cha.patch
(git-fixes CVE-2025-40032 bsc#1252841).
- Update
patches.suse/RDMA-rxe-Fix-race-in-do_task-when-draining.patch
(git-fixes CVE-2025-40061 bsc#1252849).
- Update
patches.suse/Squashfs-fix-uninit-value-in-squashfs_get_parent.patch
(git-fixes CVE-2025-40049 bsc#1252822).
- Update
patches.suse/USB-gadget-Fix-the-memory-leak-in-raw_gadget-dr.patch
(bsc#1012628 CVE-2023-53693 bsc#1252489).
- Update
patches.suse/afs-Fix-potential-null-pointer-dereference-in-afs_put_server.patch
(git-fixes CVE-2025-40010 bsc#1252332).
- Update
patches.suse/arm64-csum-Fix-OoB-access-in-IP-checksum-code-for-ne.patch
(git-fixes CVE-2023-53726 bsc#1252565).
- Update
patches.suse/arm64-sme-Use-STR-P-to-clear-FFR-context-field-.patch
(bsc#1012628 CVE-2023-53713 bsc#1252559).
- Update
patches.suse/blk-iocost-use-spin_lock_irqsave-in-adjust_inus.patch
(bsc#1012628 CVE-2023-53730 bsc#1252495).
- Update
patches.suse/bus-fsl-mc-Check-return-value-of-platform_get_resour.patch
(git-fixes CVE-2025-40029 bsc#1252772).
- Update
patches.suse/can-etas_es58x-populate-ndo_change_mtu-to-prevent-bu.patch
(git-fixes CVE-2025-39988 bsc#1252074).
- Update
patches.suse/can-hi311x-populate-ndo_change_mtu-to-prevent-buffer.patch
(git-fixes CVE-2025-39987 bsc#1252079).
- Update
patches.suse/can-mcba_usb-populate-ndo_change_mtu-to-prevent-buff.patch
(git-fixes CVE-2025-39985 bsc#1252082).
- Update
patches.suse/can-peak_usb-fix-shift-out-of-bounds-issue.patch
(git-fixes CVE-2025-40020 bsc#1252679).
- Update
patches.suse/can-sun4i_can-populate-ndo_change_mtu-to-prevent-buf.patch
(git-fixes CVE-2025-39986 bsc#1252078).
- Update
patches.suse/clk-imx-clk-imx8mp-improve-error-handling-in-im.patch
(bsc#1012628 CVE-2023-53704 bsc#1252490).
- Update
patches.suse/clocksource-drivers-cadence-ttc-Fix-memory-leak.patch
(bsc#1012628 CVE-2023-53725 bsc#1252492).
- Update
patches.suse/crypto-essiv-Check-ssize-for-decryption-and-in-place.patch
(git-fixes CVE-2025-40019 bsc#1252678).
- Update
patches.suse/crypto-hisilicon-qm-set-NULL-to-qm-debug.qm_diff_reg.patch
(git-fixes CVE-2025-40062 bsc#1252850).
- Update
patches.suse/drm-amdgpu-Fix-integer-overflow-in-amdgpu_cs_p.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53707
bsc#1252632).
- Update
patches.suse/drm-gma500-Fix-null-dereference-in-hdmi-teardown.patch
(git-fixes CVE-2025-40011 bsc#1252336).
- Update
patches.suse/drm-sched-Fix-potential-double-free-in-drm_sched_job.patch
(git-fixes CVE-2025-40096 bsc#1252902).
- Update
patches.suse/fbcon-fix-integer-overflow-in-fbcon_do_set_font.patch
(git-fixes CVE-2025-39967 bsc#1252033).
- Update
patches.suse/fs-udf-fix-OOB-read-in-lengthAllocDescs-handling.patch
(git-fixes CVE-2025-40044 bsc#1252785).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_strcasecmp.patch
(git-fixes CVE-2025-40088 bsc#1252904).
- Update
patches.suse/hfsplus-fix-slab-out-of-bounds-read-in-hfsplus_uni2asc_followup.patch
(git-fixes CVE-2025-40082 bsc#1252775).
- Update
patches.suse/iommu-vt-d-Disallow-dirty-tracking-if-incoherent-pag.patch
(git-fixes CVE-2025-40058 bsc#1252854).
- Update
patches.suse/md-raid1-fix-potential-OOB-in-raid1_remove_disk-8b04.patch
(jsc#PED-7542 CVE-2023-53722 bsc#1252499).
- Update
patches.suse/media-b2c2-Fix-use-after-free-causing-by-irq_check_w.patch
(git-fixes CVE-2025-39996 bsc#1252065).
- Update
patches.suse/media-i2c-tc358743-Fix-use-after-free-bugs-caused-by.patch
(git-fixes CVE-2025-39995 bsc#1252064).
- Update
patches.suse/media-rc-fix-races-with-imon_disconnect.patch
(git-fixes CVE-2025-39993 bsc#1252070).
- Update
patches.suse/media-tuner-xc5000-Fix-use-after-free-in-xc5000_rele.patch
(git-fixes CVE-2025-39994 bsc#1252072).
- Update
patches.suse/media-uvcvideo-Mark-invalid-entities-with-id-UVC_INV.patch
(git-fixes CVE-2025-40016 bsc#1252346).
- Update
patches.suse/misc-fastrpc-fix-possible-map-leak-in-fastrpc_put_ar.patch
(git-fixes CVE-2025-40036 bsc#1252865).
- Update
patches.suse/net-nfc-nci-Add-parameter-validation-for-packet-data.patch
(git-fixes CVE-2025-40043 bsc#1252787).
- Update
patches.suse/net-sched-cls_u32-Undo-tcf_bind_filter-if-u32_r.patch
(bsc#1012628 CVE-2023-53733 bsc#1252685).
- Update
patches.suse/net-sched-fq_pie-avoid-stalls-in-fq_pie_timer.patch
(bsc#1220419 CVE-2023-53727 bsc#1252566).
- Update
patches.suse/netlink-fix-potential-deadlock-in-netlink_set_e.patch
(bsc#1012628 CVE-2023-53731 bsc#1252481).
- Update
patches.suse/nvdimm-Fix-memleak-of-pmu-attr_groups-in-unregister_-85ae.patch
(jsc#PED-5853 CVE-2023-53697 bsc#1252534).
- Update
patches.suse/posix-timers-Ensure-timer-ID-search-loop-limit-.patch
(bsc#1012628 CVE-2023-53728 bsc#1252668).
- Update
patches.suse/ring-buffer-Do-not-swap-cpu_buffer-during-resi.patch
(bsc#1012628 CVE-2023-53718 bsc#1252564).
- Update
patches.suse/riscv-move-memblock_allow_resize-after-linear-m.patch
(bsc#1012628 CVE-2023-53699 bsc#1252550).
- Update
patches.suse/smb-client-fix-crypto-buffers-in-non-linear-memory.patch
(bsc#1250491 boo#1239206 CVE-2025-40052 bsc#1252851).
- Update
patches.suse/soc-qcom-qmi_encdec-Restrict-string-length-in-decode.patch
(git-fixes CVE-2023-53729 bsc#1252496).
- Update
patches.suse/tty-n_gsm-Don-t-block-input-queue-by-waiting-MSC.patch
(git-fixes CVE-2025-40071 bsc#1252797).
- Update
patches.suse/wifi-ath11k-fix-NULL-dereference-in-ath11k_qmi_m3_lo.patch
(git-fixes CVE-2025-39991 bsc#1252075).
- Update
patches.suse/wifi-ath12k-Fix-a-NULL-pointer-dereference-in-ath12k.patch
(git-fixes CVE-2023-53721 bsc#1252561).
- Update
patches.suse/xfrm-xfrm_alloc_spi-shouldn-t-use-0-as-SPI.patch
(CVE-2025-39797 bsc#1249608 CVE-2025-39965 bsc#1251967).
- Update
patches.suse/xsk-fix-refcount-underflow-in-error-path.patch
(bsc#1012628 CVE-2023-53698 bsc#1252479).
- commit 9042362
- coresight: trbe: Return NULL pointer for allocation failures
(CVE-2025-40060 bsc#1252848).
- commit 4543e34
- regulator: bd718x7: Fix voltages scaled by resistor divider
(git-fixes).
- regmap: slimbus: fix bus_context pointer in regmap init calls
(git-fixes).
- commit 20abe4b
- drm/ast: Clear preserved bits from register output value
(git-fixes).
- drm/nouveau: Fix race in nouveau_sched_fini() (git-fixes).
- drm/sysfb: Do not dereference NULL pointer in plane reset
(git-fixes).
- drm/msm/dpu: Require linear modifier for writeback framebuffers
(git-fixes).
- drm/amdgpu: fix SPDX header on cyan_skillfish_reg_init.c
(git-fixes).
- drm/radeon: Remove calls to drm_put_dev() (git-fixes).
- drm/radeon: Do not kfree() devres managed rdev (git-fixes).
- ASoC: fsl_sai: Fix sync error in consumer mode (git-fixes).
- drm/amd/display: increase max link count and fix link->enc
NULL pointer access (stable-fixes).
- commit e65d412
- drm/panel: kingdisplay-kd097d04: Disable EoTp (git-fixes).
- drm/panel: sitronix-st7789v: fix sync flags for t28cp45tn89
(git-fixes).
- drm/etnaviv: fix flush sequence logic (git-fixes).
- drm/msm/dpu: Fix pixel extension sub-sampling (git-fixes).
- drm/msm/a6xx: Fix GMU firmware parser (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on
Iceland (git-fixes).
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji
(git-fixes).
- drm/amd/pm: fix smu table id bound check issue in
smu_cmn_update_table() (git-fixes).
- drm/mediatek: Fix device use-after-free on unbind (git-fixes).
- ASoC: fsl_sai: fix bit order for DSD format (git-fixes).
- ASoC: Intel: avs: Unprepare a stream when XRUN occurs
(git-fixes).
- ASoC: qdsp6: q6asm: do not sleep while atomic (git-fixes).
- ALSA: usb-audio: fix control pipe direction (git-fixes).
- commit acb4ea2
- smb: client: fix potential cfid UAF in smb2_query_info_compound
(bsc#1248886).
- commit 5e5239d
- vhost: vringh: Fix copy_to_iter return value check (CVE-2025-40056 bsc#1252826)
- commit 4efa16a
- net: tun: Update napi->skb after XDP process (CVE-2025-39984 bsc#1252081)
- commit f5f1c6b
- btrfs: do not assert we found block group item when creating
free space tree (bsc#1252918 CVE-2025-40100).
- commit 327502f
- btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation
already running (git-fixes).
- commit f5ef369
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
(git-fixes).
- commit 8cb68fe
- KVM: x86/mmu: Prevent installing hugepages when mem attributes
are changing (git-fixes).
- commit 37d594a
- selftests/bpf: Fix a fd leak in error paths in open_netns
(git-fixes).
- commit 51d3745
- selftests/bpf: Fix umount cgroup2 error in test_sockmap
(git-fixes).
- commit 24ba5aa
- selftests/bpf: Use bpf_link__destroy in fill_link_info tests
(git-fixes).
- commit 9809b14
- Bluetooth: rfcomm: fix modem control handling (git-fixes).
- Bluetooth: hci_core: Fix tracking of periodic advertisement
(git-fixes).
- Bluetooth: btintel_pcie: Fix event packet loss issue
(git-fixes).
- Bluetooth: ISO: Fix another instance of dst_type handling
(git-fixes).
- commit 3c2d6c5
- ACPI: video: Fix use-after-free in
acpi_video_switch_brightness() (git-fixes).
- ACPI: button: Call input_free_device() on failing input device
registration (git-fixes).
- fbdev: atyfb: Check if pll_ops->init_pll failed (git-fixes).
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init
(git-fixes).
- net: phy: dp83869: fix STRAP_OPMODE bitmask (git-fixes).
- net: usb: asix_devices: Check return value of
usbnet_get_endpoints (git-fixes).
- Bluetooth: btmtksdio: Add pmctrl handling for BT closed state
during reset (git-fixes).
- Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once
(git-fixes).
- usbnet: Prevents free active kevent (git-fixes).
- wifi: brcmfmac: fix crash while sending Action Frames in
standalone AP Mode (git-fixes).
- wifi: ath12k: free skb during idr cleanup callback (git-fixes).
- wifi: ath11k: Add missing platform IDs for quirk table
(git-fixes).
- wifi: ath10k: Fix memory leak on unsupported WMI command
(git-fixes).
- wifi: mac80211: reset FILS discovery and unsol probe resp
intervals (git-fixes).
- commit cc1ca5e
- bpf: Explicitly check accesses to bpf_sock_addr (CVE-2025-40078
bsc#1252789).
- commit 6edd4b3
- KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass
producer (git-fixes).
- commit fdfcdff
- KVM: x86: Plumb in the vCPU to kvm_x86_ops.hwapic_isr_update()
(git-fixes).
- commit cb2e3ab
- kdb: Replace deprecated strcpy() with memmove() in vkdb_printf()
(bsc#1252939).
- commit 7cb788c
- Revert "KVM: VMX: Move LOAD_IA32_PERF_GLOBAL_CTRL errata
handling out of setup_vmcs_config()" (git-fixes).
- commit 769724a
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()
(git-fixes).
- commit 40898e0
- hfsplus: fix KMSAN uninit-value issue in
__hfsplus_ext_cache_extent() (git-fixes).
- commit a2e4db9
- hfs: validate record offset in hfsplus_bmap_alloc (git-fixes).
- commit 693ef92
- hfsplus: return EIO when type of hidden directory mismatch in
hfsplus_fill_super() (git-fixes).
- commit 6aec9cc
- ARM: tegra: Use I/O memcpy to write to IRAM (CVE-2025-39794 bsc#1249595)
- commit ad8d355
- ipvs: Defer ip_vs_ftp unregister during netns cleanup
(CVE-2025-40018 bsc#1252688).
- commit d48a123
- NFSD: Fix crash in nfsd4_read_release() (git-fixes).
- commit 1a326b8
- Fix Git-commit for patches.suse/cxl-downgrade-a-warning-message-to-debug-level-in-cxl.patch.
- commit 31a5035
- bpf: Allow helper bpf_get_[ns_]current_pid_tgid() for all prog
types (bsc#1252364).
- commit 82fd58d
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
- commit 25615a5
- x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
- commit 4253029
- net/smc: fix warning in smc_rx_splice() when calling get_page()
(CVE-2025-40012 bsc#1252330).
- commit 3565d67
- Update config files: revive minimalistic W1 support on arm64 (bsc#1252735)
It was an overlooked fallout since SLE15-SP7
- commit f817d71
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request()
(git-fixes).
- commit fceae30
- octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()
(CVE-2025-39978 bsc#1252069).
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()
(CVE-2025-39955 bsc#1251804).
- commit 0468786
- Revert "e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898"
This reverts commit df2ae2c1bd0dd998b7e23e3d49e90e95ada467f0.
- commit 79fa523
- i40e: add max boundary check for VF filters (CVE-2025-39968
bsc#1252047).
- i40e: fix validation of VF state in get resources
(CVE-2025-39969 bsc#1252044).
- i40e: fix idx validation in i40e_validate_queue_map
(CVE-2025-39972 bsc#1252039).
- i40e: add validation for ring_len param (CVE-2025-39973
bsc#1252035).
- ice: fix Rx page leak on multi-buffer frames (CVE-2025-39948
bsc#1251233).
- qed: Don't collect too many protection override GRC elements
(CVE-2025-39949 bsc#1251177).
- commit 2c4293d
- nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
- nvme-tcp: send only permitted commands for secure concat
(git-fixes bsc#1247683).
- nvme-auth: update bi_directional flag (git-fixes bsc#1249735).
- commit b9be2a0
- Delete
patches.suse/cpuidle-menu-Avoid-discarding-useful-information.patch.
- commit c2e3ac6
- Delete
patches.suse/cpuidle-governors-menu-Avoid-using-invalid-recent-intervals-data.patch.
- commit b1a47b7
- nvme/tcp: handle tls partially sent records in write_space()
(git-fixes).
- nvme-multipath: Skip nr_active increments in RETRY disposition
(git-fixes).
- nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk
(git-fixes).
- commit 4b35633
- drm/xe/guc: Prepare GuC register list and update ADS size for
error capture (stable-fixes).
- Refresh
patches.suse/drm-xe-Set-LRC-addresses-before-guc-load.patch.
- commit 6d27c53
- drm/xe/guc_submit: fix race around pending_disable (git-fixes).
- drm/xe/guc: Adding steering info support for GuC register lists
(git-fixes).
- commit d1ac105
- Remove unnecessary firmware version check for gc v9_4_2
(stable-fixes).
- commit 0f323b6
- ACPI: battery: Add synchronization between interface updates
(git-fixes).
- locking/mutex: Mark devm_mutex_init() as __must_check
(stable-fixes).
- ACPI: battery: Check for error code from devm_mutex_init()
call (git-fixes).
- ACPI: battery: initialize mutexes through devm_ APIs
(stable-fixes).
- accel/ivpu: Add missing MODULE_FIRMWARE metadata (git-fixes).
- locking/mutex: Introduce devm_mutex_init() (stable-fixes).
- commit 7bacc8f
- wifi: rtw89: fix use-after-free in
rtw89_core_tx_kick_off_and_wait() (CVE-2025-40000 bsc#1252062).
- commit b7a479d
- sched/fair: set_load_weight() must also call reweight_task() (git-fixes)
- commit b185921
- serial: 8250_mtk: Enable baud clock and manage in runtime PM
(git-fixes).
- serial: sc16is7xx: remove useless enable of enhanced features
(git-fixes).
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races
with stall event (git-fixes).
- drm/panic: Fix qr_code, ensure vmargin is positive (git-fixes).
- drm/panic: Fix drawing the logo on a small narrow screen
(git-fixes).
- drm/panthor: Fix kernel panic on partial unmap of a GPU VA
region (git-fixes).
- drm/amd/display: use GFP_NOWAIT for allocation in interrupt
handler (git-fixes).
- drm/xe/guc: Check GuC running state before deregistering exec
queue (git-fixes).
- accel/qaic: Synchronize access to DBC request queue head &
tail pointer (git-fixes).
- accel/qaic: Fix bootlog initialization ordering (git-fixes).
- drm/panthor: Ensure MCU is disabled on suspend (git-fixes).
- drm/amdgpu: fix gfx12 mes packet status return check
(stable-fixes).
- drm/amdgpu: fix handling of harvesting for ip_discovery firmware
(git-fixes).
- wifi: mt76: mt7925u: Add VID/PID for Netgear A9000
(stable-fixes).
- drm/amdgpu: add support for cyan skillfish without IP discovery
(stable-fixes).
- drm/amdgpu: add ip offset support for cyan skillfish
(stable-fixes).
- commit 2303d8a
- misc: fastrpc: Save actual DMA size in fastrpc_map structure
(git-fixes).
- Refresh
patches.suse/misc-fastrpc-Skip-reference-for-DMA-handles.patch.
- commit b472422
- most: usb: hdm_probe: Fix calling put_device() before device
initialization (git-fixes).
- most: usb: Fix use-after-free in hdm_disconnect (git-fixes).
- misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup
(git-fixes).
- serial: 8250_dw: handle reset control deassert error
(git-fixes).
- xhci: dbc: enable back DbC in resume if it was enabled before
suspend (git-fixes).
- spi: spi-nxp-fspi: add extra delay after dll locked (git-fixes).
- net: usb: rtl8150: Fix frame padding (git-fixes).
- HID: multitouch: fix name of Stylus input devices (git-fixes).
- HID: hid-input: only ignore 0 battery events for digitizers
(git-fixes).
- r8169: fix packet truncation after S4 resume on
RTL8168H/RTL8111H (git-fixes).
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled
(stable-fixes).
- rtc: interface: Fix long-standing race when setting alarm
(stable-fixes).
- PCI: j721e: Fix programming sequence of "strap" settings
(git-fixes).
- PCI: endpoint: pci-epf-test: Add NULL check for DMA channels
before release (git-fixes).
- PCI/AER: Support errors introduced by PCIe r6.0 (stable-fixes).
- phy: cadence: cdns-dphy: Update calibration wait time for
startup state machine (git-fixes).
- phy: cadence: cdns-dphy: Fix PLL lock and O_CMN_READY polling
(git-fixes).
- phy: cdns-dphy: Store hs_clk_rate and return it (stable-fixes).
- mtd: rawnand: fsmc: Default to autodetect buswidth
(stable-fixes).
- wifi: mt76: mt7921u: Add VID/PID for Netgear A7500
(stable-fixes).
- media: nxp: imx8-isi: Drop unused argument to
mxc_isi_channel_chain() (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config
flag (git-fixes).
- mmc: core: SPI mode remove cmd7 (stable-fixes).
- lib/crypto/curve25519-hacl64: Disable KASAN with clang-17 and
older (stable-fixes).
- PM: runtime: Add new devm functions (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for
cache_type (stable-fixes).
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config
max_register value (stable-fixes).
- PCI: Add PCI_VDEVICE_SUB helper macro (stable-fixes).
- PCI: endpoint: Remove surplus return statement from
pci_epf_test_clean_dma_chan() (stable-fixes).
- PCI: j721e: Enable ACSPCIE Refclk if
"ti,syscon-acspcie-proxy-ctrl" exists (stable-fixes).
- misc: fastrpc: Add missing dev_err newlines (stable-fixes).
- commit 9f99f4e
- firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing
in raw mode (git-fixes).
- drm/sched: Fix potential double free in
drm_sched_job_add_resv_dependencies (git-fixes).
- drm/rockchip: vop2: use correct destination rectangle height
check (git-fixes).
- drm/bridge: lt9211: Drop check for last nibble of version
register (git-fixes).
- drm/amd/powerplay: Fix CIK shutdown temperature (git-fixes).
- drm/amdgpu: use atomic functions with memory barriers for vm
fault info (git-fixes).
- drm/i915/guc: Skip communication warning on reset in progress
(git-fixes).
- drm/amd: Check whether secure display TA loaded successfully
(stable-fixes).
- drm/exynos: exynos7_drm_decon: properly clear channels during
bind (stable-fixes).
- drm/exynos: exynos7_drm_decon: fix uninitialized crtc reference
in functions (stable-fixes).
- commit 110d102
- can: netlink: can_changelink(): allow disabling of automatic
restart (git-fixes).
- can: bxcan: bxcan_start_xmit(): use can_dev_dropped_skb()
instead of can_dropped_invalid_skb() (git-fixes).
- ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit
(git-fixes).
- ASoC: nau8821: Generalize helper to clear IRQ status
(git-fixes).
- ASoC: nau8821: Cancel jdet_work before handling jack ejection
(git-fixes).
- ASoC: codecs: Fix gain setting ranges for Renesas IDT821034
codec (git-fixes).
- ALSA: usb-audio: Fix NULL pointer deference in
try_to_register_card (git-fixes).
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
(git-fixes).
- accel/qaic: Treat remaining == 0 as error in
find_and_map_user_pages() (git-fixes).
- Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1
(stable-fixes).
- ACPI: property: Add code comments explaining what is going on
(stable-fixes).
- ACPI: property: Disregard references in data-only subnode lists
(stable-fixes).
- ACPICA: Allow to skip Global Lock initialization (stable-fixes).
- ACPI: battery: allocate driver data through devm_ APIs
(stable-fixes).
- drm/msm/adreno: De-spaghettify the use of memory barriers
(stable-fixes).
- commit e53e617
- spi: cadence-quadspi: Implement refcount to handle unbind
during busy (CVE-2025-40005 bsc#1252349).
- commit 7406f70
- i40e: fix idx validation in config queues msg (CVE-2025-39971 bsc#1252052)
- commit 70699a8
- i40e: fix input validation logic for action_meta (CVE-2025-39970 bsc#1252051)
- commit 57401e3
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (git-fixes)
- commit 59db3fb
- arm64: errata: Apply workarounds for Neoverse-V3AE (git-fixes)
- commit da235eb
- arm64: cputype: Add Neoverse-V3AE definitions (git-fixes)
- commit 5587842
- serial: sc16is7xx: rename Kconfig CONFIG_SERIAL_SC16IS7XX_CORE (bsc#1252469)
Re-enable CONFIG_SERIAL_SC16IS7X for aarch64 and x86_64 default
configurations, but keep it disabled for kvmsmall configurations.
For ppc64 and s390x drivers was not enabled, so keep it that way.
Add sc16is7xx_spi and sc16is7xx_i2c drivers to supported list.
- commit d5c70ae
- NFSD: Minor cleanup in layoutcommit processing (git-fixes).
- commit baef4e7
- NFSD: Rework encoding and decoding of nfsd4_deviceid
(git-fixes).
- commit 72f1d28
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
(git-fixes).
- commit a6f88ab
- xfs: rename the old_crc variable in xlog_recover_process
(git-fixes).
- commit 677fb8c
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (CVE-2025-39876 bsc#1250400)
- commit 137f367
- proc: fix type confusion in pde_set_flags() (bsc#1248630)
- commit c6a1bb4
- proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
- commit 539da61
- proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653 bsc#1248630)
- commit bcff9b5
- ovl: fix file reference leak when submitting aio (stable-fixes).
- commit 57db5b5
- KVM: x86: Set PVCLOCK_GUEST_STOPPED only for kvmclock, not
for Xen PV clock (git-fixes).
- commit 85e57cf
- KVM: x86: Don't bleed PVCLOCK_GUEST_STOPPED across PV clocks
(git-fixes).
- commit cd63f69
- KVM: x86: Process "guest stopped request" once per guest time
update (git-fixes).
- commit 29a55cf
- add bug reference to existing hv_netvsc change (bsc#1252265)
- commit 95261dd
- KVM: SVM: Inject #GP if memory operand for INVPCID is
non-canonical (git-fixes).
- commit ed9dfb1
- KVM: x86: Clear pv_unhalted on all transitions to
KVM_MP_STATE_RUNNABLE (git-fixes).
- commit f4d45de
- KVM: x86: Introduce kvm_set_mp_state() (git-fixes).
- commit 4b1f2ec
- NFS: Fix a race when updating an existing write (bsc#1249319
bsc#1252236 CVE-2025-39697).
- commit 40cab0c
- nfs: Add missing release on error in
nfs_lock_and_join_requests() (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit b903556
- nfs: fold nfs_page_group_lock_subrequests into
nfs_lock_and_join_requests (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit 13ceff1
- nfs: fold nfs_folio_find_and_lock_request into
nfs_lock_and_join_requests (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit 14874ac
- nfs: simplify nfs_folio_find_and_lock_request (bsc#1249319
bsc#1252236 CVE-2025-39697).
- commit 1b25c26
- nfs: remove nfs_folio_private_request (bsc#1249319 bsc#1252236
CVE-2025-39697).
- commit c28ea5d
- nfs: remove dead code for the old swap over NFS implementation
(bsc#1249319 bsc#1252236 CVE-2025-39697).
- Refresh
patches.suse/NFS-fix-nfs_release_folio-to-not-deadlock-via-kcompa.patch.
- commit e7a5c52
- kABI fix for KVM: x86: Snapshot the host's DEBUGCTL in common
x86 (git-fixes).
- commit 0bb2570
- overlayfs: set ctime when setting mtime and atime
(stable-fixes).
- ovl: fix incorrect fdput() on aio completion (stable-fixes).
- ovl: Always reevaluate the file signature for IMA
(stable-fixes).
- commit 4cfc4ed
- ixgbe: fix too early devlink_free() in ixgbe_remove()
(git-fixes).
- ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd
(bsc#1247222).
- ixgbevf: fix mailbox API compatibility by negotiating supported
features (bsc#1247222).
- ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation
(bsc#1247222).
- ixgbevf: fix getting link speed data for E610 devices
(bsc#1247222).
- commit 9dd10c7
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (CVE-2025-39911 bsc#1250704)
- commit 627f938
- sched: Fix sched_numa_find_nth_cpu() if mask offline (CVE-2025-39895 bsc#1250721)
- commit 581de7a
- sctp: initialize more fields in sctp_v6_from_sk() (CVE-2025-39812 bsc#1250202)
- commit 56a7db3
- ipv6: sr: Fix MAC comparison to be constant-time (CVE-2025-39702 bsc#1249317)
- commit 3d85c5c
- sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718 bsc#1249161)
- commit 0083867
- scsi: qla4xxx: Prevent a potential error pointer dereference (CVE-2025-39676 bsc#1249302)
- commit a3b8686
- net: usb: lan78xx: Add error handling to
lan78xx_init_mac_address (git-fixes).
- commit f1ec116
- net/mlx5e: Harden uplink netdev access against device unbind
(CVE-2025-39947 bsc#1251232).
- commit d4278a0
- KVM: x86: Snapshot the host's DEBUGCTL after disabling IRQs
(git-fixes).
- commit 09e399f
- KVM: x86: Bypass register cache when querying CPL from
kvm_sched_out() (git-fixes).
- commit 27a06fc
- net: usb: lan78xx: fix use of improperly initialized dev->chipid
in lan78xx_reset (git-fixes).
- commit ad26239
- r8152: add error handling in rtl8152_driver_init (git-fixes).
- commit db73d98
- usbnet: Fix using smp_processor_id() in preemptible code
warnings (git-fixes).
- commit b2c518b
- dpll: Make ZL3073X invisible (bsc#1252253).
- Update config files.
- commit a8ea9a5
- dpll: zl3073x: Handle missing or corrupted flash configuration
(bsc#1252253).
- dpll: zl3073x: Increase maximum size of flash utility
(bsc#1252253).
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update()
(bsc#1252253).
- dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
- dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
- dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
- dpll: zl3073x: Add low-level flash functions (bsc#1252253).
- dpll: zl3073x: Add functions to access hardware registers
(bsc#1252253).
- dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET
(bsc#1252253).
- dpll: zl3073x: Fix build failure (bsc#1252253).
- dpll: zl3073x: Add support to get fractional frequency offset
(bsc#1252253).
- dpll: zl3073x: Add support to get phase offset on connected
input pin (bsc#1252253).
- dpll: zl3073x: Add support to get/set esync on pins
(bsc#1252253).
- commit 3695b99
- cpufreq: scmi: Account for malformed DT in
scmi_dev_used_by_cpus() (git-fixes).
- commit 149500a
- cpuidle: governors: menu: Avoid using invalid recent intervals
data (git-fixes).
- commit a4ef664
- Refresh
patches.suse/devlink-Add-support-for-u64-parameters.patch.
- Refresh
patches.suse/dpll-Add-basic-Microchip-ZL3073x-support.patch.
- Refresh
patches.suse/dpll-zl3073x-Add-support-to-get-set-frequency-on-pin.patch.
- Refresh
patches.suse/dpll-zl3073x-Add-support-to-get-set-priority-on-inpu.patch.
- Refresh
patches.suse/dpll-zl3073x-Fetch-invariants-during-probe.patch.
- Refresh
patches.suse/dpll-zl3073x-Implement-input-pin-selection-in-manual.patch.
- Refresh
patches.suse/dpll-zl3073x-Implement-input-pin-state-setting-in-au.patch.
- Refresh
patches.suse/dpll-zl3073x-Read-DPLL-types-and-pin-properties-from.patch.
- Refresh
patches.suse/dpll-zl3073x-Register-DPLL-devices-and-pins.patch.
- Refresh
patches.suse/dt-bindings-dpll-Add-DPLL-device-and-pin.patch.
- Refresh
patches.suse/dt-bindings-dpll-Add-support-for-Microchip-Azurite-c.patch.
Moved zl3037x patches to sorted section.
- commit cec79fd
- powerpc/fadump: skip parameter area allocation when fadump is
disabled (jsc#PED-9891 git-fixes).
- commit 47f64e6
- hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
(git-fixes).
- commit baddd40
- selftests/bpf: Fix backtrace printing for selftests crashes
(git-fixes).
- commit 63e24c4
- tools/resolve_btfids: Fix build when cross compiling kernel
with clang (git-fixes).
- commit f4f0a36
- samples/bpf: Fix compilation failure for samples/bpf on
LoongArch Fedora (git-fixes).
- commit fa036e9
- selftests/bpf: Fix cross-compiling urandom_read (git-fixes).
- commit d19eec5
- selftests/bpf: Fix compile if backtrace support missing in libc
(git-fixes).
- commit 3353a4b
- selftests/bpf: Fix redefinition errors compiling lwt_reroute.c
(git-fixes).
- commit b5270ce
- selftests/bpf: Fix C++ compile error from missing _Bool type
(git-fixes).
- commit 736692a
- selftests/bpf: Fix error compiling test_lru_map.c (git-fixes).
- commit 8aa3099
- selftests/bpf: Fix compile error from rlim_t in sk_storage_map.c
(git-fixes).
- commit 35f5a49
- ACPI: resource: fix a typo for MECHREVO in
irq1_edge_low_force_override (git-fixes).
- commit 97fd25e
- ACPI: thermal: Execute _SCP before reading trip points
(git-fixes).
- commit 5c7ef5a
- perf/core: Fix the WARN_ON_ONCE is out of lock protected region
(git-fixes).
- perf/x86/intel: Fix crash in icl_update_topdown_event()
(git-fixes).
- perf/x86: Fix non-sampling (counting) events on certain x86
platforms (git-fixes).
- commit 814983a
- doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT
The character was previously 'N', but upstream used it for TAINT_TEST,
which prompted the change of TAINT_NO_SUPPORT to 'n'. This occurred in
commit c35dc3823d08 ("Update to 6.0-rc1") on master and in d016c04d731d
("Bump to 6.4 kernel (jsc#PED-4593)") for SLE15-SP6 (and onwards).
Update the documentation to reflect this change.
- commit f42ecf5
- ACPI: property: Do not pass NULL handles to acpi_attach_data()
(stable-fixes git-fixes).
- commit 19fb175
- ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path
(stable-fixes).
- commit d0f4111
- cpufreq: CPPC: fix perf_to_khz/khz_to_perf conversion exception
(git-fixes).
- commit 59c2171
- ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of
CONFIG_X86_ANDROID_TABLETS (stable-fixes).
- commit 793bb70
- cpuidle: qcom-spm: fix device and OF node leaks at probe
(git-fixes).
- commit 39be628
- cpuidle: menu: Avoid discarding useful information
(stable-fixes).
- commit b136410
- cpufreq: tegra186: Set target frequency for all cpus in policy
(git-fixes).
- commit e1cfca8
- cpufreq: intel_pstate: Fix object lifecycle issue in
update_qos_request() (stable-fixes git-fixes).
- commit 8b10f36
- cpufreq: armada-8k: Fix off by one in
armada_8k_cpufreq_free_table() (stable-fixes git-fixes).
- commit 3e7dc0b
- cpufreq: scmi: Skip SCMI devices that aren't used by the CPUs
(stable-fixes).
- commit 2dde40f
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter
(bsc#1250650).
- commit 5925a0e
- skmsg: Return copied bytes in sk_msg_memcopy_from_iter
(bsc#1250650).
- commit 75793db
- sched/idle: Conditionally handle tick broadcast in
default_idle_call() (bsc#1248517).
- Update config files.
- commit 1a58311
- x86/idle: Sanitize X86_BUG_AMD_E400 handling (bsc#1248517).
- Refresh
patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch.
- commit be42a2d
- perf/aux: Fix pending disable flow when the AUX ring buffer
overruns (git-fixes).
- perf/core: Fix WARN in perf_cgroup_switch() (git-fixes).
- perf: Fix cgroup state vs ERROR (git-fixes).
- perf/core: Fix broken throttling when max_samples_per_tick=1
(git-fixes).
- perf: Ensure bpf_perf_link path is properly serialized
(git-fixes).
- perf/x86/intel: Only check the group flag for X86 leader
(git-fixes).
- perf/x86/intel: Allow to update user space GPRs from PEBS
records (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on SPR (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on ICX (git-fixes).
- perf/x86/intel/uncore: Fix the scale of IIO free running
counters on SNR (git-fixes).
- perf/core: Fix child_total_time_enabled accounting bug at task
exit (git-fixes).
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
(git-fixes).
- perf/bpf: Robustify perf_event_free_bpf_prog() (git-fixes).
- perf/hw_breakpoint: Return EOPNOTSUPP for unsupported breakpoint
type (git-fixes).
- perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample
read (git-fixes).
- perf/x86/intel: Apply static call for drain_pebs (git-fixes).
- perf/amd/ibs: Fix perf_ibs_op.cnt_mask for CurCnt (git-fixes).
- perf/amd/ibs: Fix ->config to sample period calculation for
OP PMU (git-fixes).
- perf/core: Fix pmus_lock vs. pmus_srcu ordering (git-fixes).
- perf/x86/intel: Use better start period for frequency mode
(git-fixes).
- perf/core: Fix low freq setting via IOC_PERIOD (git-fixes).
- perf/x86: Fix low freqency setting issue (git-fixes).
- perf/x86/intel/ds: Unconditionally drain PEBS DS when changing
PEBS_DATA_CFG (git-fixes).
- perf/x86/amd: Warn only on new bits set (git-fixes).
- s390: Initialize psw mask in perf_arch_fetch_caller_regs()
(git-fixes).
- perf/core: Fix small negative period being ignored (git-fixes).
- perf: Extract a few helpers (git-fixes).
- perf/x86/intel/pt: Fix sampling synchronization (git-fixes).
- perf/x86/intel: Allow to setup LBR for counting event for BPF
(git-fixes).
- drivers/perf: arm_spe: Use perf_allow_kernel() for permissions
(git-fixes).
- perf/amd: Prevent grouping of IBS events (git-fixes).
- commit 76eb280
- tls: make sure to abort the stream if headers are bogus
(CVE-2025-39946 bsc#1251114).
- commit d62deaa
- selftests/bpf: Fix error compiling tc_redirect.c with musl libc
(git-fixes).
- commit b2a359c
- selftests/bpf: Fix errors compiling cg_storage_multi.h with
musl libc (git-fixes).
- commit 799529b
- selftests/bpf: Fix errors compiling decap_sanity.c with musl
libc (git-fixes).
- commit f14b275
- selftests/bpf: Fix errors compiling lwt_redirect.c with musl
libc (git-fixes).
- commit 498999e
- selftests/bpf: Fix compiling core_reloc.c with musl-libc
(git-fixes).
- commit eb3a7bd
- selftests/bpf: Fix compiling tcp_rtt.c with musl-libc
(git-fixes).
- commit 109e7cc
- selftests/bpf: Fix compiling flow_dissector.c with musl-libc
(git-fixes).
- commit 9b43d04
- selftests/bpf: Fix compiling kfree_skb.c with musl-libc
(git-fixes).
- commit 442e8bf
- selftests/bpf: Fix compiling parse_tcp_hdr_opt.c with musl-libc
(git-fixes).
- commit 1f65169
- selftests/bpf: Fix error compiling bpf_iter_setsockopt.c with
musl libc (git-fixes).
- commit 7613608
- selftests/bpf: Add test for unpinning htab with internal timer
struct (git-fixes).
- commit 8a1df26
- bpf: Avoid RCU context warning when unpinning htab with internal
structs (git-fixes).
- commit 73d4d2d
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}
(git-fixes).
- commit 1a82fe5
- kabi: hide new member allow_subflows in struct mptcp_sock
(CVE-2025-38552 bsc#1248230).
- commit f51a25e
- mptcp: plug races between subflow fail and subflow creation
(CVE-2025-38552 bsc#1248230).
- Refresh
patches.kabi/kabi-hide-new-member-fallback_lock-in-struct-mptcp_s.patch.
(also delete outdated part of a comment)
- commit fdbbed8
- Update
patches.suse/ALSA-ac97-Fix-possible-NULL-dereference-in-snd_.patch
(bsc#1012628 CVE-2023-53648 bsc#1251750).
- Update
patches.suse/ASoC-codecs-wcd938x-fix-missing-mbhc-init-error.patch
(bsc#1012628 CVE-2023-53666 bsc#1251760).
- Update
patches.suse/ASoC-qcom-q6apm-lpass-dais-Fix-NULL-pointer-derefere.patch
(git-fixes CVE-2025-39938 bsc#1251134).
- Update
patches.suse/Bluetooth-hci_event-call-disconnect-callback-be.patch
(bsc#1012628 CVE-2023-53673 bsc#1251763).
- Update
patches.suse/HID-hyperv-avoid-struct-memcpy-overrun-warning.patch
(bsc#1012628 CVE-2023-53553 bsc#1251068).
- Update
patches.suse/KVM-nSVM-Check-instead-of-asserting-on-nested-TSC-sc.patch
(git-fixes CVE-2023-53663 bsc#1251290).
- Update
patches.suse/RDMA-rxe-Fix-incomplete-state-save-in-rxe_requester.patch
(git-fixes CVE-2023-53539 bsc#1251060).
- Update
patches.suse/USB-Gadget-core-Help-prevent-panic-during-UVC-.patch
(bsc#1012628 CVE-2023-53580 bsc#1251105).
- Update
patches.suse/accel-qaic-Fix-a-leak-in-map_user_pages.patch
(bsc#1012628 CVE-2023-53633 bsc#1251746).
- Update
patches.suse/bcache-Fix-__bch_btree_node_alloc-to-make-the-f.patch
(bsc#1012628 CVE-2023-53681 bsc#1251769).
- Update
patches.suse/bonding-do-not-assume-skb-mac_header-is-set.patch
(bsc#1012628 CVE-2023-53601 bsc#1251153).
- Update
patches.suse/bpf-Make-bpf_refcount_acquire-fallible-for-non-.patch
(bsc#1012628 CVE-2023-53645 bsc#1251321).
- Update
patches.suse/bpf-cpumap-Handle-skb-as-well-when-clean-up-pt.patch
(bsc#1012628 CVE-2023-53660 bsc#1251721).
- Update
patches.suse/bpf-cpumap-Make-sure-kthread-is-running-before.patch
(bsc#1012628 CVE-2023-53577 bsc#1251028).
- Update
patches.suse/bpf-reject-unhashed-sockets-in-bpf_sk_assign.patch
(jsc#PED-6811 CVE-2023-53585 bsc#1251126).
- Update
patches.suse/btrfs-insert-tree-mod-log-move-in-push_node_lef.patch
(bsc#1012628 CVE-2023-53538 bsc#1251024).
- Update
patches.suse/btrfs-output-extra-debug-info-if-we-failed-to-find-a.patch
(git-fixes CVE-2023-53672 bsc#1251780).
- Update
patches.suse/btrfs-reject-invalid-reloc-tree-root-keys-with.patch
(bsc#1012628 CVE-2023-53618 bsc#1251748).
- Update
patches.suse/cifs-Release-folio-lock-on-fscache-read-hit.patch
(bsc#1012628 CVE-2023-53593 bsc#1251132).
- Update
patches.suse/cifs-fix-mid-leak-during-reconnection-after-tim.patch
(bsc#1012628 CVE-2023-53597 bsc#1251159).
- Update
patches.suse/clk-Fix-memory-leak-in-devm_clk_notifier_regist.patch
(bsc#1012628 CVE-2023-53674 bsc#1251764).
- Update
patches.suse/clk-imx-scu-use-_safe-list-iterator-to-avoid-a-.patch
(bsc#1012628 CVE-2023-53572 bsc#1251027).
- Update
patches.suse/cpufreq-amd-pstate-fix-global-sysfs-attribute-.patch
(bsc#1012628 CVE-2023-53550 bsc#1251071).
- Update
patches.suse/cpufreq-amd-pstate-ut-Fix-kernel-panic-when-loading-.patch
(git-fixes CVE-2023-53563 bsc#1251038).
- Update
patches.suse/crypto-af_alg-Fix-missing-initialisation-affecting-g.patch
(bsc#1216396 CVE-2023-53599 bsc#1251150).
- Update
patches.suse/crypto-af_alg-Set-merge-to-zero-early-in-af_alg_send.patch
(git-fixes CVE-2025-39931 bsc#1251100).
- Update
patches.suse/dax-Fix-dax_mapping_release-use-after-free.patch
(bsc#1012628 CVE-2023-53613 bsc#1251119).
- Update
patches.suse/drivers-base-Free-devm-resources-when-unregistering-.patch
(jsc#PED-6054 CVE-2023-53596 bsc#1251161).
- Update
patches.suse/drivers-perf-hisi-Don-t-migrate-perf-to-the-CPU.patch
(bsc#1012628 CVE-2023-53656 bsc#1251758).
- Update
patches.suse/drm-amdgpu-unmap-and-remove-csa_va-properly.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53545
bsc#1251084).
- Update
patches.suse/drm-bridge-anx7625-Fix-NULL-pointer-dereference-with.patch
(git-fixes CVE-2025-39934 bsc#1251146).
- Update
patches.suse/drm-i915-mark-requests-for-GuC-virtual-engines-to-av.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53552
bsc#1251065).
- Update
patches.suse/drm-i915-perf-add-sentinel-to-xehp_oa_b_counter.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53646
bsc#1251742).
- Update
patches.suse/ext4-fix-memory-leaks-in-ext4_fname_-setup_filename-.patch
(bsc#1214954 CVE-2023-53662 bsc#1251282).
- Update
patches.suse/fbdev-omapfb-lcd_mipid-Fix-an-error-handling-pa.patch
(jsc#PED-3527 jsc#PED-5475 jsc#PED-6068 jsc#PED-6070
jsc#PED-6116 jsc#PED-6120 jsc#PED-5065 jsc#PED-5477 jsc#PED-5511
jsc#PED-6041 jsc#PED-6069 jsc#PED-6071 CVE-2023-53650
bsc#1251283).
- Update
patches.suse/fprobe-Release-rethook-after-the-ftrace_ops-is-.patch
(bsc#1012628 CVE-2023-53557 bsc#1251054).
- Update
patches.suse/gfs2-Fix-possible-data-races-in-gfs2_show_opti.patch
(bsc#1012628 CVE-2023-53622 bsc#1251777).
- Update patches.suse/gpio-mvebu-fix-irq-domain-leak.patch
(bsc#1012628 CVE-2023-53579 bsc#1251170).
- Update
patches.suse/iavf-Fix-out-of-bounds-when-setting-channels-on.patch
(bsc#1012628 CVE-2023-53659 bsc#1251247).
- Update patches.suse/iavf-Fix-use-after-free-in-free_netdev.patch
(bsc#1012628 CVE-2023-53556 bsc#1251059).
- Update
patches.suse/ice-Don-t-tx-before-switchdev-is-fully-configured.patch
(jsc#PED-4876 CVE-2023-53657 bsc#1251319).
- Update
patches.suse/ip_vti-fix-potential-slab-use-after-free-in-de.patch
(bsc#1012628 CVE-2023-53559 bsc#1251052).
- Update patches.suse/ipmi_si-fix-a-memleak-in-try_smi_init.patch
(git-fixes CVE-2023-53611 bsc#1251123).
- Update
patches.suse/jfs-fix-invalid-free-of-JFS_IP-ipimap-i_imap-in-diUnmount.patch
(git-fixes CVE-2023-53616 bsc#1251215).
- Update
patches.suse/md-don-t-dereference-mddev-after-export_rdev-7dea.patch
(jsc#PED-7542 CVE-2023-53665 bsc#1251270).
- Update
patches.suse/media-amphion-fix-REVERSE_INULL-issues-reported-by-c.patch
(git-fixes CVE-2023-53653 bsc#1251755).
- Update
patches.suse/memcontrol-ensure-memcg-acquired-by-id-is-properly-s.patch
(git-fixes CVE-2023-53621 bsc#1251323).
- Update
patches.suse/mm-damon-core-initialize-damo_filter-list-from.patch
(bsc#1012628 CVE-2023-53555 bsc#1251056).
- Update
patches.suse/msft-hv-2870-Drivers-hv-vmbus-Don-t-dereference-ACPI-root-object-.patch
(git-fixes CVE-2023-53647 bsc#1251732).
- Update
patches.suse/mtd-rawnand-brcmnand-Fix-potential-out-of-bounds-acc.patch
(git-fixes CVE-2023-53541 bsc#1251043).
- Update
patches.suse/net-handshake-fix-null-ptr-deref-in-handshake_nl_don.patch
(bsc#1220419 CVE-2023-53686 bsc#1251771).
- Update
patches.suse/net-mlx5-DR-fix-memory-leak-in-mlx5dr_cmd_crea.patch
(bsc#1012628 CVE-2023-53546 bsc#1251079).
- Update
patches.suse/net-mlx5e-Check-for-NOT_READY-flag-state-after-.patch
(bsc#1012628 CVE-2023-53581 bsc#1251106).
- Update
patches.suse/net-mlx5e-Take-RTNL-lock-when-needed-before-ca.patch
(bsc#1012628 CVE-2023-53632 bsc#1251269).
- Update
patches.suse/net-rfkill-gpio-Fix-crash-due-to-dereferencering-uni.patch
(git-fixes CVE-2025-39937 bsc#1251143).
- Update
patches.suse/net-usbnet-Fix-WARNING-in-usbnet_start_xmit-us.patch
(bsc#1012628 CVE-2023-53548 bsc#1251066).
- Update
patches.suse/netfilter-conntrack-Avoid-nf_ct_helper_hash-use.patch
(bsc#1012628 CVE-2023-53619 bsc#1251743).
- Update patches.suse/nvme-core-fix-dev_pm_qos-memleak.patch
(bsc#1012628 CVE-2023-53670 bsc#1251762).
- Update
patches.suse/octeon_ep-cancel-queued-works-in-probe-error-p.patch
(bsc#1012628 CVE-2023-53638 bsc#1251328).
- Update
patches.suse/octeontx2-af-Add-validation-before-accessing-cg.patch
(bsc#1012628 CVE-2023-53654 bsc#1251756).
- Update
patches.suse/perf-RISC-V-Remove-PERF_HES_STOPPED-flag-checki.patch
(bsc#1012628 CVE-2023-53583 bsc#1251108).
- Update
patches.suse/perf-trace-Really-free-the-evsel-priv-area.patch
(perf-v6.7 (jsc#PED-6012 jsc#PED-6121) CVE-2023-53649
bsc#1251749).
- Update
patches.suse/platform-x86-dell-sysman-Fix-reference-leak.patch
(git-fixes CVE-2023-53631 bsc#1251529).
- Update
patches.suse/rcu-tasks-Avoid-pr_info-with-spin-lock-in-cblis.patch
(bsc#1012628 CVE-2023-53558 bsc#1251081).
- Update
patches.suse/ring-buffer-Fix-deadloop-issue-on-reading-trace.patch
(bsc#1012628 CVE-2023-53668 bsc#1251286).
- Update
patches.suse/s390-zcrypt-don-t-leak-memory-if-dev_set_name-fails.patch
(git-fixes bsc#1215143 CVE-2023-53568 bsc#1251035).
- Update
patches.suse/scsi-qla2xxx-Avoid-fcport-pointer-dereference.patch
(bsc#1012628 CVE-2023-53603 bsc#1251180).
- Update
patches.suse/scsi-qla2xxx-Fix-deletion-race-condition.patch
(git-fixes CVE-2023-53615 bsc#1251113).
- Update
patches.suse/soc-aspeed-socinfo-Add-kfree-for-kstrdup.patch
(bsc#1012628 CVE-2023-53617 bsc#1251268).
- Update
patches.suse/spi-bcm-qspi-return-error-if-neither-hif_mspi-n.patch
(bsc#1012628 CVE-2023-53658 bsc#1251759).
- Update
patches.suse/staging-ks7010-potential-buffer-overflow-in-ks_.patch
(bsc#1012628 CVE-2023-53554 bsc#1251057).
- Update
patches.suse/tracing-histograms-Add-histograms-to-hist_vars-.patch
(bsc#1012628 CVE-2023-53560 bsc#1251045).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c-832e231.patch
(bsc#1012628 CVE-2023-53687 bsc#1251772).
- Update
patches.suse/tunnels-fix-kasan-splat-when-generating-ipv4-p.patch
(bsc#1012628 CVE-2023-53600 bsc#1251152).
- Update
patches.suse/vdpa-Add-features-attr-to-vdpa_nl_policy-for-n.patch
(bsc#1012628 CVE-2023-53652 bsc#1251754).
- Update
patches.suse/vdpa-Add-max-vqp-attr-to-vdpa_nl_policy-for-nl.patch
(bsc#1012628 CVE-2023-53543 bsc#1251083).
- Update
patches.suse/wifi-ath11k-fix-memory-leak-in-WMI-firmware-sta.patch
(bsc#1012628 CVE-2023-53602 bsc#1251076).
- Update
patches.suse/wifi-cfg80211-reject-auth-assoc-to-AP-with-our-addre.patch
(git-fixes CVE-2023-53540 bsc#1251053).
- Update
patches.suse/wifi-iwlwifi-mvm-fix-potential-array-out-of-bou.patch
(bsc#1012628 CVE-2023-53575 bsc#1251067).
- Update
patches.suse/wifi-mac80211-check-for-station-first-in-client-prob.patch
(git-fixes CVE-2023-53588 bsc#1251206).
- Update
patches.suse/wifi-mac80211-increase-scan_ies_len-for-S1G.patch
(stable-fixes CVE-2025-39957 bsc#1251810).
- Update
patches.suse/wifi-nl80211-fix-integer-overflow-in-nl80211_p.patch
(bsc#1012628 CVE-2023-53570 bsc#1251031).
- Update
patches.suse/wifi-rtw88-delete-timer-and-free-skb-queue-when-unlo.patch
(git-fixes CVE-2023-53574 bsc#1251222).
- Update
patches.suse/wifi-wilc1000-avoid-buffer-overflow-in-WID-string-co.patch
(stable-fixes CVE-2025-39952 bsc#1251216).
- commit 56ea93d
- iommu/vt-d: Disallow dirty tracking if incoherent page walk
(git-fixes).
- iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes).
- commit 9da1184
- mm/page_alloc: fix race condition in unaccepted memory handling
(CVE-2025-38008 bsc#1244939).
- commit b445cb1
- mm/slub: avoid accessing metadata when pointer is invalid in
object_err() (CVE-2025-39902 bsc#1250702).
- commit 46c39b3
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type
(git-fixes).
- commit b115f79
- tracing: Fix filter string testing (git-fixes).
- commit 864d37b
- selftests/tracing: Fix event filter test to retry up to 10 times
(git-fixes).
- commit a9de969
- tracing/selftests: Fix kprobe event name test for
.isra. functions (git-fixes).
- commit 6a094d4
- bpf: Check link_create.flags parameter for multi_kprobe
(git-fixes).
- commit 0e75825
- bpf: Check link_create.flags parameter for multi_uprobe
(git-fixes).
- commit 10550c7
- ftrace: fix incorrect hash size in register_ftrace_direct()
(git-fixes).
- commit 9288055
- bpf: Use preempt_count() directly in bpf_send_signal_common()
(git-fixes).
- commit 9258f2a
- tracing: Correct the refcount if the hist/hist_debug file
fails to open (git-fixes).
- commit 6e8ac35
- module: Prevent silent truncation of module name in
delete_module(2) (git-fixes).
- commit 44dc7b7
- tracing: Add down_write(trace_event_sem) when adding trace event
(bsc#1248211 CVE-2025-38539).
- commit b1816b0
- tracing: Limit access to parser->buffer when trace_get_user
failed (bsc#1249286 CVE-2025-39683).
- tracing: Remove unneeded goto out logic (bsc#1249286).
- commit 8eaad3a
- ftrace: Also allocate and copy hash for reading of filter files
(bsc#1250032 CVE-2025-39813).
- commit 69f706b
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan
timer in probe (git-fixes).
- commit 4cb2ef2
- media: solo6x10: replace max(a, min(b, c)) by clamp(b, a, c)
(git-fixes).
- commit eb03975
- ftrace: Fix potential warning in trace_printk_seq during
ftrace_dump (bsc#1250032 CVE-2025-39813).
- commit 287d6f8
- drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112).
- drm/amdgpu: Report individual reset error (bsc#1243112).
- drm/amd: Check whether secure display TA loaded successfully
(bsc#1243112).
- drm/amdkfd: Fix mmap write lock not release (bsc#1243112).
- drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O
(bsc#1243112).
- drm/amd: Avoid evicting resources at S5 (bsc#1243112).
- drm/amdgpu/mes12: implement detect and reset callback
(bsc#1243112).
- drm/amdgpu/mes11: implement detect and reset callback
(bsc#1243112).
- drm/amdgpu/mes: add front end for detect and reset hung queue
(bsc#1243112).
- drm/amd/amdgpu: Implement MES suspend/resume gang functionality
for v12 (bsc#1243112).
- drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112).
- commit d18a809
- net: sysfs: Fix /sys/class/net/<iface> path (git-fixes).
- commit 753f6d8
- drm/amd: Only restore cached manual clock settings in restore
if OD enabled (bsc#1243112).
- drm/amd/display: Add NULL check for stream before dereference in
'dm_vupdate_high_irq' (bsc#1243112).
- drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112).
- drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112).
- commit b7de4a6
- drm/amd/display: more liberal vmin/vmax update for freesync
(bsc#1243112).
- drm/amd/display: fix dmub access race condition (bsc#1243112).
- commit 95f1e5b
- Drop bogus AMDGPU backport patch from 6.12.y stable
Deleted:
patches.suse/drm-amdgpu-VCN-v5_0_1-to-prevent-FW-checking-RB-duri.patch
The backport was a mess, and the added code wasn't actually used at all.
- commit 7df9271
- drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112).
- drm/amd: Restore cached manual clock settings during resume
(bsc#1243112).
- PM: hibernate: Fix pm_hibernation_mode_is_suspend() build
breakage (bsc#1243112).
- drm/amd: Fix hybrid sleep (bsc#1243112).
- PM: hibernate: Add pm_hibernation_mode_is_suspend()
(bsc#1243112).
- PM: hibernate: Add stub for pm_hibernate_is_recovering()
(bsc#1243112).
- drm/amdgpu: do not resume device in thaw for normal hibernation
(bsc#1243112).
- PM: hibernate: add new api pm_hibernate_is_recovering()
(bsc#1243112).
- commit 7b78d17
- trace/fgraph: Fix the warning caused by missing unregister
notifier (bsc#1248211 CVE-2025-38539).
- commit 739d6c6
- i2c: ocores: use devm_ managed clks (git-fixes).
- commit bc09888
- USB: serial: option: add SIMCom 8230C compositions (git-fixes).
- commit fbae6a0
- usb: phy: twl6030: Fix incorrect type for ret (git-fixes).
- commit 2464609
- net: mana: Use page pool fragments for RX buffers instead of
full pages to improve memory efficiency (bsc#1248754).
- cnic: Fix use-after-free bugs in cnic_delete_task
(CVE-2025-39945 bsc#1251230).
- commit 8a42c4d
- selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (git-fixes).
- commit 8628058
- powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199).
- powerpc/pseries/msi: Fix potential underflow and leak issue
(bsc#1215199).
- powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199).
- KVM: PPC: Fix misleading interrupts comment in
kvmppc_prepare_to_enter() (bsc#1215199).
- powerpc: floppy: Add missing checks after DMA map (bsc#1215199).
- powerpc/boot: Fix build with gcc 15 (bsc#1215199).
- commit c79aae4
- drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes).
- drm/amd/include : Update MES v12 API for fence update
(stable-fixes).
- drm/amd/include : MES v11 and v12 API header update
(stable-fixes).
- drm/amd : Update MES API header file for v11 & v12
(stable-fixes).
- commit 185de3e
- crypto: rng - Ensure set_ent is always present (git-fixes).
- USB: serial: option: add SIMCom 8230C compositions
(stable-fixes).
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
(stable-fixes).
- media: tuner: xc5000: Fix use-after-free in xc5000_release
(git-fixes).
- driver core/PM: Set power.no_callbacks along with power.no_pm
(stable-fixes).
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious
8042 quirks list (stable-fixes).
- can: rcar_canfd: Fix controller mode setting (stable-fixes).
- can: hi311x: fix null pointer dereference when resuming from
sleep before interface was enabled (stable-fixes).
- ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue
(stable-fixes).
- ASoC: amd: acp: Adjust pdm gain value (stable-fixes).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042
list (stable-fixes).
- hid: fix I2C read buffer overflow in raw_event() for mcp2221
(stable-fixes).
- media: tunner: xc5000: Refactor firmware load (stable-fixes).
- commit 6771085
- rtc: optee: fix memory leak on driver removal (git-fixes).
- rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes).
- commit 3f4b7b9
- drm/xe/hw_engine_group: Fix double write lock release in error
path (git-fixes).
- drm/xe/uapi: loosen used tracking restriction (git-fixes).
- ASoC: SOF: Intel: Read the LLP via the associated Link DMA
channel (git-fixes).
- ASoC: SOF: Intel: hda-pcm: Place the constraint on period time
instead of buffer time (git-fixes).
- ASoC: SOF: ipc4-topology: Account for different ChainDMA host
buffer size (git-fixes).
- fbdev: simplefb: Fix use after free in simplefb_detach_genpds()
(git-fixes).
- commit a604b07
- drm/amd/display: Disable scaling on DCE6 for now (git-fixes).
- drm/amd/display: Properly disable scaling on DCE6 (git-fixes).
- drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6
(git-fixes).
- drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs
(git-fixes).
- drm/amdgpu: Add additional DCE6 SCL registers (git-fixes).
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep
(git-fixes).
- drm/vmwgfx: Fix copy-paste typo in validation (git-fixes).
- drm/vmwgfx: Fix Use-after-free in validation (git-fixes).
- drm/vmwgfx: Fix a null-ptr access in the cursor snooper
(git-fixes).
- ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer
size (git-fixes).
- ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines
tear down (git-fixes).
- fbdev: Fix logic error in "offb" name match (git-fixes).
- gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes).
- crypto: essiv - Check ssize for decryption and in-place
encryption (git-fixes).
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
(git-fixes).
- commit a90f502
- scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory
is allocated (CVE-2025-38700 bsc#1249182).
- scsi: bfa: Double-free fix (CVE-2025-38699 bsc#1249224).
- commit d981d82
- Update
patches.suse/scsi-lpfc-Fix-buffer-free-clear-order-in-deferred-re.patch
(bsc#1250519 CVE-2025-39841 bsc#1250274).
added CVE number and associated bsc
- commit 11a7724
- KVM: x86: Snapshot the host's DEBUGCTL in common x86
(git-fixes).
- commit 090e1cd
- KVM: SVM: Set RFLAGS.IF=1 in C code, to get VMRUN out of the
STI shadow (git-fixes).
- Refresh
patches.suse/x86-bugs-Add-a-Transient-Scheduler-Attacks-mitigation.patch.
- commit ab98159
- Drop doubly-applied amdgpu patch (git-fixes)
- Refresh
patches.suse/1395-drm-amd-display-Fix-brightness-level-not-retained-ov.patch.
- Delete
patches.suse/drm-amd-display-Fix-brightness-level-not-retained-ov.patch.
- commit 18449ed
- KVM: SEV: Validate XCR0 provided by guest in GHCB (git-fixes).
- commit 3926356
- KVM: SVM: Pass through GHCB MSR if and only if VM is an SEV-ES
guest (git-fixes).
- commit 1163dde
- KVM: SEV: Read save fields from GHCB exactly once (git-fixes).
- commit 0fe255d
- KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to
kvm_get_cached_sw_exit_code() (git-fixes).
- commit 16f8d6e
- net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL
deadlock (git-fixes).
- commit 4ae0d43
- fs: writeback: fix use-after-free in __mark_inode_dirty()
(bsc#1250455 CVE-2025-39866).
- commit 5efc627
- kernfs: Fix UAF in polling when open file is released
(bsc#1250379 CVE-2025-39881).
- commit 278aed0
- fs: Prevent file descriptor table allocations exceeding INT_MAX
(bsc#1249512 CVE-2025-39756).
- commit eec00db
- ext4: avoid potential buffer over-read in
parse_apply_sb_mount_options() (git-fixes).
- commit b98ec86
- ext4: fix checks for orphan inodes (bsc#1250119).
- commit 63ca2b0
- ext4: fix hole length calculation overflow in non-extent inodes
(git-fixes).
- commit 61cf4bb
- ext4: don't try to clear the orphan_present feature block
device is r/o (git-fixes).
- commit f4163bf
- ext4: fix reserved gdt blocks handling in fsmap (git-fixes).
- commit 97b5bdf
- ext4: fix fsmap end of range reporting with bigalloc
(git-fixes).
- commit 91e12c8
- ext4: check fast symlink for ea_inode correctly (git-fixes).
- commit 42b6930
- ext4: preserve SB_I_VERSION on remount (git-fixes).
- commit 4260078
- ext4: fix largest free orders lists corruption on
mb_optimize_scan switch (git-fixes).
- commit 17d92cc
- ext4: fix zombie groups in average fragment size lists
(git-fixes).
- commit 321e541
- ext4: ensure i_size is smaller than maxbytes (git-fixes).
- commit 83487b1
- ext4: factor out ext4_get_maxbytes() (git-fixes).
- commit e58bd69
- netfilter: nft_objref: validate objref and objrefmap expressions
(bsc#1250237).
No CVE available yet, please see the bugzilla ticket referenced.
- commit 71d77ae
- ext4: fix calculation of credits for extent tree modification
(git-fixes).
- commit 9ee5795
- ext4: reorder capability check last (git-fixes).
- commit ed8a5ff
- jbd2: do not try to recover wiped journal (git-fixes).
- commit 71d37b6
- ext4: do not convert the unwritten extents if data writeback
fails (git-fixes).
- commit 9294482
- iomap: handle a post-direct I/O invalidate race in
iomap_write_delalloc_release (git-fixes).
- commit 1023af1
- iomap: Fix iomap_adjust_read_range for plen calculation
(git-fixes).
- commit dab9a8e
- platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious
8042 quirks list (bsc#1243112).
- platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042
list (bsc#1243112).
- platform/x86/amd: pmc: Drop SMU F/W match for Cezanne
(bsc#1243112).
- platform/x86/amd/pmc: Remove unnecessary line breaks
(bsc#1243112).
- platform/x86/amd/pmc: Notify user when platform does not
support s0ix transition (bsc#1243112).
- platform/x86/amd: pmc: Use guard(mutex) (bsc#1243112).
- platform/x86/amd/pmc: Update IP information structure for
newer SoCs (bsc#1243112).
- platform/x86/amd/pmc: Use ARRAY_SIZE() to fill num_ips
information (bsc#1243112).
- platform/x86/amd/pmc: Extend support for PMC features on new
AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Fix SMU command submission path on new
AMD platform (bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for new AMD platform
(bsc#1243112).
- platform/x86/amd: pmc: Add new ACPI ID AMDI000B (bsc#1243112).
- platform/x86/amd/pmc: Modify SMU message port for latest AMD
platform (bsc#1243112).
- platform/x86/amd/pmc: Add 1Ah family series to STB support list
(bsc#1243112).
- platform/x86/amd/pmc: Add idlemask support for 1Ah family
(bsc#1243112).
- platform/x86/amd/pmc: call amd_pmc_get_ip_info() during driver
probe (bsc#1243112).
- platform/x86/amd/pmc: Add VPE information for AMDI000A platform
(bsc#1243112).
- platform/x86/amd/pmc: Send OS_HINT command for AMDI000A platform
(bsc#1243112).
- commit ba1e1e3
- fs: udf: fix OOB read in lengthAllocDescs handling (git-fixes).
- commit ab7fa65
- udf: Verify partition map count (git-fixes).
- commit acb53b7
- udf: Make sure i_lenExtents is uptodate on inode eviction
(git-fixes).
- commit 1f76b28
- isofs: Verify inode mode when loading from disk (git-fixes).
- commit 96bc3c7
- drm/amdgpu: Fix allocating extra dwords for rings (v2)
(git-fixes).
- drm/amd/display: remove output_tf_change flag (git-fixes).
- drm/amd/display: Init DCN35 clocks from pre-os HW values
(git-fixes).
- drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes).
- drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes).
- drm/amd/display: Don't check for NULL divisor in fixpt code
(git-fixes).
- drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes).
- drm/amdgpu/mes: optimize compute loop handling (stable-fixes).
- drm/amdgpu/vcn: fix ref counting for ring based profile handling
(git-fixes).
- commit d30f346
- Refresh patches.suse/bpf-Track-equal-scalars-history-on-per-instruction-l.patch. (poo#189825)
Previously the changes in tools/testing/selftests/bpf/verifier/precise.c
were dropped because I thought they were simply a revert of a commit
that I did not backport, but turns out that wasn't true, and there was a
single line difference, which is causing 'precise - test 1' to fail.
- commit 8be66e5
- mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox
cleanup loop (git-fixes).
- mailbox: zynqmp-ipi: Remove dev.parent check in
zynqmp_ipi_free_mboxes (git-fixes).
- mailbox: zynqmp-ipi: Remove redundant
mbox_controller_unregister() call (git-fixes).
- Input: uinput - zero-initialize uinput_ff_upload_compat to
avoid info leak (git-fixes).
- commit c2e0f2f
- net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y
(CVE-2025-39900 bsc#1250758).
- commit 6460ef2
- arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes)
- commit cf556af
- x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815).
- commit 2571434
- KVM: x86: Don't inject PV async #PF if SEND_ALWAYS=0 and guest
state is protected (git-fixes).
- commit fa670d1
- misc: fastrpc: Skip reference for DMA handles (git-fixes).
- misc: fastrpc: fix possible map leak in fastrpc_put_args
(git-fixes).
- misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes).
- staging: axis-fifo: flush RX FIFO on read errors (git-fixes).
- staging: axis-fifo: fix TX handling on copy_from_user() failure
(git-fixes).
- staging: axis-fifo: fix maximum TX packet length check
(git-fixes).
- clk: at91: peripheral: fix return value (git-fixes).
- clk: mediatek: clk-mux: Do not pass flags to
clk_mux_determine_rate_flags() (git-fixes).
- clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m
(git-fixes).
- clk: tegra: do not overallocate memory for bpmp clocks
(git-fixes).
- commit ecaf254
- smb: client: fix crypto buffers in non-linear memory
(bsc#1250491, boo#1239206).
- commit eea011a
- usb: xhci: Limit Stop Endpoint retries (git-fixes).
kABI fixup for 474538b8dd1cd9c666e56cfe8ef60fbb0fb513f4
- commit 6d76064
- kABI workaround for struct atmdev_ops extension (CVE-2025-39828
bsc#1250205).
- commit ece3f96
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-not-checking-l2cap_chan-security.patch.
- commit 85c9004
- Refresh
patches.suse/Bluetooth-hci_core-Fix-calling-mgmt_device_connected.patch.
- commit 9720dbb
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry
(git-fixes).
- commit c2be588
- NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul()
(git-fixes).
- commit 7b5a68a
- sunrpc: fix null pointer dereference on zero-length checksum
(git-fixes).
- commit c4c654a
- tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650).
- commit 28c606a
- atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control()
(CVE-2025-39828 bsc#1250205).
- commit a2ac627
- e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898
bsc#1250742).
- vxlan: Fix NPD when refreshing an FDB entry with a nexthop
object (CVE-2025-39851 bsc#1250296).
- commit df2ae2c
- ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err
message (git-fixes).
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling
the watchdog (git-fixes).
- PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock
(git-fixes).
- PCI: tegra194: Fix duplicate PLL disable in
pex_ep_event_pex_rst_assert() (git-fixes).
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys
allocation (git-fixes).
- PCI: rcar-host: Drop PMSR spinlock (git-fixes).
- PCI: keystone: Use devm_request_irq() to free
"ks-pcie-error-irq" on exit (git-fixes).
- PCI: tegra194: Handle errors in BPMP response (git-fixes).
- PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq()
(git-fixes).
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling
SR-IOV (git-fixes).
- PCI/sysfs: Ensure devices are powered for config reads
(git-fixes).
- PCI/AER: Fix missing uevent on recovery when a reset is
requested (git-fixes).
- PCI/ERR: Fix uevent on failure to recover (git-fixes).
- dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation
(git-fixes).
- phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568
(git-fixes).
- media: rc: fix races with imon_disconnect() (git-fixes).
- commit 1710395
- arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes)
- commit 122f705
- arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes)
- commit 886bc20
- arm64: dts: imx8mp: Correct thermal sensor index (git-fixes)
- commit 2283cd3
- kmod
-
- man: modprobe.d: document the config file order handling (bsc#1253741)
* man-modprobe.d-document-the-config-file-order-handling.patch
- libaio
-
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN
- Make the package respect %optflags and disable LTO.
- skip testsuite on qemu_linux_user builds
- add fix-splice-signature.patch to fix build on 32bit
- update to 0.3.113:
* cases/16.t: loongarch only supports eventfd2
* Add loongarch to supported architectures in libaio.spec
* Add endian detection and bit width detection for loongarch
* Use generic syscall number schema for loongarch
* Fix struct io_iocb_vector padding for 32bit architectures
* struct io_iocb_sockaddr padding for 32bit architectures
* Verify structure padding is correct at build time
* harness: add test for aio poll missed events
- Update to version libaio0.3.112+29.696a5e6483ba:
* Fix test issue with gcc-11 (bsc#1181869)
* harness: Skip the test if io_pgetevents() is not implemented
* harness: Print better error messages on error conditions in 22.t
* harness: Fix PROT_WRITE mmap check
* harness: fix read into PROT_WRITE mmap test
* harness: skip 22.p if async_poll isn't supported
* harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT
* harness: Add fallback code for filesystems not supporting O_DIRECT
* harness: add support for skipping tests
* harness: Make the test exit with a code matching the pass/fail state
- Add _constraints for PowerPC to avoid OOM at build time
- Update to 0.3.112:
* Various patches for architectures/etc
- Update url
- Update install
- Enable tests
- Remove mostly merged patches or differently fixed issues:
* libaio-aarch64-support.diff
* libaio-generic-arch.diff
* libaio-optflags.diff
* 00_arches.patch
* 00_arches_sh.patch
* 01_link_libgcc.patch
* 02_libdevdir.patch
* 03_man_errors.patch
* riscv-support.patch
- Disable LTO (boo#1133233).
- riscv-support.patch: Add support for RISC-V
- Use %license instead of %doc [bsc#1082318]
- freetype2
-
- package FTL.TXT and GPLv2.TXT as %license [bsc#1252148]
- gnutls
-
- Security fix bsc#1254132 CVE-2025-9820
* Fix buffer overflow in gnutls_pkcs11_token_init
* Added gnutls-CVE-2025-9820.patch
- gpgme
-
- Treat empty DISPLAY variable as unset. [bsc#1252425, bsc#1231055]
* To avoid gpgme constructing an invalid gpg command line when
the DISPLAY variable is empty it can be treated as unset.
* Add gpgme-Treat-empty-DISPLAY-variable-as-unset.patch
* Reported upstream: dev.gnupg.org/T7919
- pciutils
-
- Synchronize SLE-12 and openSUSE:Factory [jsc#PED-4587].
The following patches are now obsolete in version 3.13.0:
* add-decoding-of-vendor-specific-vpd-fields.patch
* pciutils-3.1.7-fix-memory-leak-in-get_cache_name.patch
* pciutils-3.2.0_update-dist.patch
* pciutils-3.5.1-add-support-for-32-bit-pci-domains.patch
* pciutils-lspci-Correct-Root-Capabilities-CRS-Software-Visibil.patch
* show-gen4-speed-properly.patch
- Synchronize SLE-15 and openSUSE:Factory [jsc#PED-8393, bsc#1224138].
The following patches are now obsolete in version 3.13.0:
* lspci-Fixed-buffer-overflows-in-ls-tree.c.patch
* pciutils-Add-PCIe-5.0-data-rate-32-GT-s-support.patch
* pciutils-Add-PCIe-6.0-data-rate-64-GT-s-support.patch
* pciutils-Add-decoding-of-vendor-specific-VPD-fields.patch
* pciutils-VPD-Cleanup.patch
* pciutils-VPD-When-printing-item-IDs-escape-non-ASCII-characte.patch
- update to 3.13.0:
* lspci decodes CXL 1.1 device link status information.
* Further development of the pcilmr (the link margining
utility)
* Dump parsing supports 6-digit domain numbers.
* Bug fixes in PCIe link state reporting.
* Decode more fields in PCIe AER capability.
* Fixed build on Linux systems with musl libc.
* Updated pci.ids.
- update to 3.12.0:
* lspci decodes the IDE (Integrity & Data Encryption) and
TEE-IO extended capabilities.
* Optimization flags used for compiling individual object files
should be the same as optimization flags for linking the final
executable to make link-time optimization possible.
* no longer look up subsystems in the HWDB
* Updated pci.ids
- include changes from 3.11:
* update-pciids now supports XZ compression
* update-pciids now sends itself as the User-Agent.
* Added a pcilmr utility for PCIe lane margining
* ECAM back-end now scans ACPI and BIOS memory faster.
* Linux systems without pread/pwrite are no longer supported
* Improved decoding of PCIe control and status registers.
* Decoding of CXL capabilities now supports up to CXL 3.0.
* lspci now displays interrupt message numbers consistently across
different capabilities.
* Cache of IDs resolved via DNS, which was located in ~/.pci-ids
by default, is now stored according to the XDG base directory
specification in $XDG_CACHE_HOME/pci-ids.
* All source files now have SPDX license identifiers.
* various minor bug fixes and updated pci.ids.
- cyrus-sasl
-
- Python3 error log upon importing pycurl (bsc#1233529)
Remove senceless log message.
* add remove-senceless-log.patch
- libselinux
-
- Ship license file (bsc#1252160)
- systemd
-
- systemd.spec: use %sysusers_generate_pre so that some systemd users are
already available in %pre. This is important because D-Bus automatically
reloads its configuration whenever new configuration files are installed,
i.e. between %pre and %post. (bsc#1248501)
No needs for systemd and udev packages as they are always installed during
the initial installation.
- Split systemd-network into two new sub-packages: systemd-networkd and
systemd-resolved (bsc#1224386 jsc#PED-12669)
- openssh
-
- Add openssh-cve-2025-61984-username-validation.patch
(bsc#1251198, CVE-2025-61984).
- Add openssh-cve-2025-61985-nul-url-encode.patch
(bsc#1251199, CVE-2025-61985).
- runc
-
- Update to runc v1.3.4. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.4>. bsc#1254362
- Update to runc v1.3.3. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.3>. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
- Remove upstreamed patches for bsc#1252232:
- 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Backport patches for three CVEs. All three vulnerabilities ultimately allow
(through different methods) for full container breakouts by bypassing runc's
restrictions for writing to arbitrary /proc files. bsc#1252232
* CVE-2025-31133
* CVE-2025-52565
* CVE-2025-52881
+ 2025-11-05-CVEs.patch
[ This update was only released for SLE 12 and 15. ]
- Update to runc v1.2.7. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.2.7>.
- Update to runc v1.3.2. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.2> bsc#1252110
- Includes an important fix for the CPUSet translation for cgroupv2.
- Update to runc v1.3.1. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.1>
- Fix runc 1.3.x builds on SLE-12 by enabling --std=gnu11.
- Update to runc v1.3.0. Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.3.0>
- vim
-
- Fix for bsc#1250593.
- Backported from 9.1.1683 (xxd: Avoid null dereference in autoskip colorless).
- Fix for bsc#1229750.
- nocompatible must be set before the syntax highlighting is turned on.