- php8:apache2
-
- version update to 8.4.21
Core:
Fixed bug GH-19983 (GC assertion failure with fibers, generators and destructors).
Fixed bug GH-21478 (Forward property operations to real instance for initialized lazy proxies).
Fixed bug GH-21605 (Missing addref for Countable::count()).
Fixed bug GH-21699 (Assertion failure in shutdown_executor when resolving self::/parent::/static:: callables if the error handler throws).
Fixed bug GH-21603 (Missing addref for __unset).
Fixed bug GH-21760 (Trait with class constant name conflict against enum case causes SEGV).
CLI:
Fixed bug GH-21754 (`--rf` command line option with a method triggers ext/reflection deprecation warnings).
Curl:
Add support for brotli and zstd on Windows.
DOM:
Fixed GHSA-4jhr-8w89-j733 and GH-21566 (Dom\XMLDocument::C14N() emits duplicate xmlns declarations after setAttributeNS()). (CVE-2026-7263)
Fixed bug GH-21688 (segmentation fault on empty HTMLDocument).
Upgrade to lexbor v2.7.0.
FPM:
Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735)
Iconv:
Fixed bug GH-17399 (iconv memory leak on bailout).
MBString:
Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259)
Fixed GHSA-74r9-qxhc-fx53 (Out-of-bounds access in mbfl_name2encoding_ex()). (CVE-2026-6104)
Opcache:
Fixed bug GH-21158 (JIT: Assertion jit->ra[var].flags & (1<<0) failed in zend_jit_use_reg).
Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch).
Fixed bug GH-21460 (COND optimization regression).
Fixed faulty returns out of zend_try block in zend_jit_trace().
OpenSSL:
Fix a bunch of memory leaks and crashes on edge cases.
PDO_Firebird:
Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179)
Phar:
Restore is_link handler in phar_intercept_functions_shutdown.
Fixed bug GH-21797 (phar: NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent from SAPI environment).
Fix memory leak in Phar::offsetGet().
Fix memory leak in phar_add_file().
Fixed bug GH-21799 (phar: propagate phar_stream_flush return value from phar_stream_close).
Fix memory leak in phar_verify_signature() when md_ctx is invalid.
Random:
Fixed bug GH-21731 (Random\Engine\Xoshiro256StarStar::__unserialize() accepts all-zero state).
Session:
Fixed memory leak when session GC callback return a refcounted value.
SOAP:
Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722)
Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261)
Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262)
SPL:
Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent free).
Fix concurrent iteration and deletion issues in SplObjectStorage.
Standard:
Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568)
Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258)
Streams:
Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL and a proxy set).
XSL:
Fixed bug GH-21600 (Segfault on module shutdown).
Zip:
Fixed bug GH-21698 (memory leak with ZipArchive::addGlob() early return statements).
- version update to 8.4.20
Bz2:
Fix truncation of total output size causing erroneous errors.
Core:
Fixed bugs GH-20875, GH-20873, GH-20854 (Propagate IN_GET guard in get_property_ptr_ptr for lazy proxies).
DOM:
Fixed bug GH-21486 (Dom\HTMLDocument parser mangles xml:space and xml:lang attributes).
FFI:
Fixed resource leak in FFI::cdef() onsymbol resolution failure.
GD:
Fixed bug GH-21431 (phpinfo() to display libJPEG 10.0 support).
Opcache:
Fixed bug GH-20838 (JIT compiler produces wrong arithmetic results).
Fixed bug GH-21267 (JIT tracing: infinite loop on FETCH_OBJ_R with IS_UNDEF property in polymorphic context).
Fixed bug GH-21395 (uaf in jit).
OpenSSL:
Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based keys).
Fix missing error propagation for BIO_printf() calls.
PCRE:
Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl, php_pcre_split_impl, and php_pcre_grep_impl.
PGSQL:
Fixed preprocessor silently guarding PGSQL_SUPPRESS_TIMESTAMPS support due to a typo.
SNMP:
Fixed bug GH-21336 (SNMP::setSecurity() undefined behavior with NULL arguments).
SOAP:
Fixed Set-Cookie parsing bug wrong offset while scanning attributes.
SPL:
Fixed bug GH-21454 (missing write lock validation in SplHeap).
Standard:
Fixed bug GH-20906 (Assertion failure when messing up output buffers).
Fixed bug GH-20627 (Cannot identify some avif images with getimagesize).
Sysvshm:
Fix memory leak in shm_get_var() when variable is corrupted.
XSL:
Fix GH-21357 (XSLTProcessor works with DOMDocument, but fails with Dom\XMLDocument).
Fixed bug GH-21496 (UAF in dom_objects_free_storage).
- version update to 8.4.19
Core:
Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds).
Fixed bug GH-20657 (Assertion failure in zend_lazy_object_get_info triggered by setRawValueWithoutLazyInitialization() and newLazyGhost()).
Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when accessing properties on Reflection LazyProxy via isset()).
Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked property backing value).
Fixed bug GH-21215 (Build fails with -std=).
Fixed bug GH-13674 (Build system installs libtool wrappers when using slibtool).
Curl:
Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback).
Don't truncate length.
Date:
Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start).
Fix timezone offset with seconds losing precision.
DOM:
Fixed bug GH-21077 (Accessing Dom\Node::baseURI can throw TypeError).
Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError).
MBString:
Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries).
Opcache:
Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris).
Fixed bug GH-21227 (Borked SCCP of array containing partial object).
Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached script).
OpenSSL:
Fix a bunch of leaks and error propagation.
PCNTL:
Fixed pcntl_setns() internal errors handling regarding errnos.
Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID on NetBSD/Solaris platforms.
Fixed pcntl_signal() signal table registering the callback first OS-wise before the internal list.
Fixed pcntl_signal_dispatch() stale pointer and exception handling.
PCRE:
Fixed preg_match memory leak with invalid regexes.
PDO_PGSQL:
Fixed bug GH-21055 (connection attribute status typo for GSS negotiation).
PGSQL:
Fixed bug GH-21162 (pg_connect() memory leak on error).
Sockets:
Fixed bug GH-21161 (socket_set_option() crash with array 'addr' entry as null).
Fixed possible addr length overflow with socket_connect() and AF_UNIX family sockets.
- version update to 8.4.18
Core:
Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown function triggered by bailout in php_output_lock_error()).
Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber).
Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization).
Fixed bug GH-GH-20914 (Internal enums can be cloned and compared).
Fix OSS-Fuzz #474613951 (Leaked parent property default value).
Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction).
Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked backing value).
Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may uaf).
Fixed bug GH-20905 (Lazy proxy bailing __clone assertion).
Fixed bug GH-20479 (Hooked object properties overflow).
Date:
Update timelib to 2022.16.
DOM:
Fixed GH-21041 (Dom\HTMLDocument corrupts closing tags within scripts).
MbString:
Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is invalid in the encoding).
Fixed bug GH-20836 (Stack overflow in mb_convert_variables with recursive array references).
Opcache:
Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
OpenSSL:
Fix memory leaks when sk_X509_new_null() fails.
Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
Phar:
Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
PGSQL:
Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible UB.
Readline:
Fixed bug GH-18139 (Memory leak when overriding some settings via readline_info()).
SPL:
Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration).
Standard:
Fixed bug #74357 (lchown fails to change ownership of symlink with ZTS) (Jakub Zelenka)
Fixed bug GH-20843 (var_dump() crash with nested objects) (David Carlier)
- version u pdate to 8.4.17
Core:
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Bz2:
Fixed bug GH-20620 (bzcompress overflow on large source size).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
GD:
Fixed bug GH-20622 (imagestring/imagestringup overflow).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
POSIX:
Fixed crash on posix groups to php array creation on macos.
SPL:
Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()).
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
Zlib:
Fix OOB gzseek() causing assertion failure.
- modified patches
* php-build-reproducible-phar.patch (refreshed)
- fixes CVE-2025-14179 [bsc#1264778]
CVE-2026-7568 [bsc#1264769]
CVE-2026-7263 [bsc#1264770]
CVE-2026-7261 [bsc#1264772]
CVE-2026-7259 [bsc#1264773]
CVE-2026-7258 [bsc#1264774]
CVE-2026-6722 [bsc#1264776]
CVE-2026-6104 [bsc#1264777]
CVE-2026-6735 [bsc#1264775]
CVE-2026-7262 [bsc#1264771]
- apache2:prefork
-
- Version update to 2.4.66 (jsc#PED-16181)
* ) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec
bypass via AllowOverride FileInfo (cve.mitre.org)
mod_userdir+suexec bypass via AllowOverride FileInfo
vulnerability in Apache HTTP Server. Users with access to use
the RequestHeader directive in htaccess can cause some CGI
scripts to run under an unexpected userid.
This issue affects Apache HTTP Server: from 2.4.7 through
2.4.65.
* ) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment
variable override (cve.mitre.org)
Improper Neutralization of Escape, Meta, or Control Sequences
vulnerability in Apache HTTP Server through environment
variables set via the Apache configuration unexpectedly
superseding variables calculated by the server for CGI programs.
This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
* ) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on
Windows through UNC SSRF (cve.mitre.org)
Server-Side Request Forgery (SSRF) vulnerability
 in Apache HTTP Server on Windows
with AllowEncodedSlashes On and MergeSlashes Off allows to
potentially leak NTLM
hashes to a malicious server via SSRF and malicious requests or
content
* ) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side
Includes adds query string to #exec cmd=... (cve.mitre.org)
Apache HTTP Server 2.4.65 and earlier with Server Side Includes
(SSI) enabled and mod_cgid (but not mod_cgi) passes the
shell-escaped query string to #exec cmd="..." directives.
This issue affects Apache HTTP Server before 2.4.66.
* ) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME),
unintended retry intervals (cve.mitre.org)
An integer overflow in the case of failed ACME certificate
renewal leads, after a number of failures (~30 days in default
configurations), to the backoff timer becoming 0. Attempts to
renew the certificate then are repeated without delays until it
succeeds.
This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.
* ) mod_http2: Fix handling of 304 responses from mod_cache.
* ) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of
integers, used in push diaries and proxy window size calculations.
* ) mod_md: update to version 2.6.5
- New directive `MDInitialDelay`, controlling how longer to wait after
a server restart before checking certificates for renewal.
[Michael Kaufmann]
- Hardening: when build with OpenSSL older than 1.0.2 or old libressl
versions, the parsing of ASN.1 time strings did not do a length check.
- Hardening: when reading back OCSP responses stored in the local JSON
store, missing 'valid' key led to uninitialized values, resulting in
wrong refresh behaviour.
* ) mod_md: update to version 2.6.6
- Fix a small memory leak when using OpenSSL's BIGNUMs.
- Fix reuse of curl easy handles by resetting them.
* ) mod_http2: update to version 2.0.35
New directive `H2MaxStreamErrors` to control how much bad behaviour
by clients is tolerated before the connection is closed.
* ) mod_proxy_http2: add support for ProxyErrorOverride directive.
* ) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify
the value set for the TCP_DEFER_ACCEPT socket option on listen sockets.
* ) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual
host compatibility policy.
* ) mod_md: update to version 2.6.2
- Fix error retry delay calculation to not already doubling the wait
on the first error.
* ) mod_md: update to version 2.6.1
- Increasing default `MDRetryDelay` to 30 seconds to generate less bursty
traffic on errored renewals for the ACME CA. This leads to error retries
of 30s, 1 minute, 2, 4, etc. up to daily attempts.
- Checking that configuring `MDRetryDelay` will result in a positive
duration. A delay of 0 is not accepted.
- Fix a bug in checking Content-Type of responses from the ACME server.
- Added ACME ARI support (rfc9773) to the module. Enabled by default. New
directive "MDRenewViaARI on|off" for controlling this.
- Removing tailscale support. It has not been working for a long time
as the company decided to change their APIs. Away with the dead code,
documentation and tests.
- Fixed a compilation issue with pre-industrial versions of libcurl.
- httpd testsuite of svn revision 1929573
- Remove the following patches, as they've been upstream as of 2.4.66:
* CVE-2024-42516.patch
* CVE-2024-43204.patch
* CVE-2024-47252.patch
* CVE-2025-23048.patch
* CVE-2025-49630.patch
* CVE-2025-49812.patch
* CVE-2025-53020.patch
* CVE-2025-55753.patch
* CVE-2025-58098.patch
* CVE-2025-65082.patch
* CVE-2025-66200.patch
- Refresh patches:
* apache-test-application-xml-type.patch
* apache-test-turn-off-variables-in-ssl-var-lookup.patch
* apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
* apache2-LimitRequestFieldSize-limits-headers.patch
- apache2
-
- Version update to 2.4.66 (jsc#PED-16181)
* ) SECURITY: CVE-2025-66200: Apache HTTP Server: mod_userdir+suexec
bypass via AllowOverride FileInfo (cve.mitre.org)
mod_userdir+suexec bypass via AllowOverride FileInfo
vulnerability in Apache HTTP Server. Users with access to use
the RequestHeader directive in htaccess can cause some CGI
scripts to run under an unexpected userid.
This issue affects Apache HTTP Server: from 2.4.7 through
2.4.65.
* ) SECURITY: CVE-2025-65082: Apache HTTP Server: CGI environment
variable override (cve.mitre.org)
Improper Neutralization of Escape, Meta, or Control Sequences
vulnerability in Apache HTTP Server through environment
variables set via the Apache configuration unexpectedly
superseding variables calculated by the server for CGI programs.
This issue affects Apache HTTP Server from 2.4.0 through 2.4.65.
* ) SECURITY: CVE-2025-59775: Apache HTTP Server: NTLM Leakage on
Windows through UNC SSRF (cve.mitre.org)
Server-Side Request Forgery (SSRF) vulnerability
 in Apache HTTP Server on Windows
with AllowEncodedSlashes On and MergeSlashes Off allows to
potentially leak NTLM
hashes to a malicious server via SSRF and malicious requests or
content
* ) SECURITY: CVE-2025-58098: Apache HTTP Server: Server Side
Includes adds query string to #exec cmd=... (cve.mitre.org)
Apache HTTP Server 2.4.65 and earlier with Server Side Includes
(SSI) enabled and mod_cgid (but not mod_cgi) passes the
shell-escaped query string to #exec cmd="..." directives.
This issue affects Apache HTTP Server before 2.4.66.
* ) SECURITY: CVE-2025-55753: Apache HTTP Server: mod_md (ACME),
unintended retry intervals (cve.mitre.org)
An integer overflow in the case of failed ACME certificate
renewal leads, after a number of failures (~30 days in default
configurations), to the backoff timer becoming 0. Attempts to
renew the certificate then are repeated without delays until it
succeeds.
This issue affects Apache HTTP Server: from 2.4.30 before 2.4.66.
* ) mod_http2: Fix handling of 304 responses from mod_cache.
* ) mod_http2/mod_proxy_http2: fix a bug in calculating the log2 value of
integers, used in push diaries and proxy window size calculations.
* ) mod_md: update to version 2.6.5
- New directive `MDInitialDelay`, controlling how longer to wait after
a server restart before checking certificates for renewal.
[Michael Kaufmann]
- Hardening: when build with OpenSSL older than 1.0.2 or old libressl
versions, the parsing of ASN.1 time strings did not do a length check.
- Hardening: when reading back OCSP responses stored in the local JSON
store, missing 'valid' key led to uninitialized values, resulting in
wrong refresh behaviour.
* ) mod_md: update to version 2.6.6
- Fix a small memory leak when using OpenSSL's BIGNUMs.
- Fix reuse of curl easy handles by resetting them.
* ) mod_http2: update to version 2.0.35
New directive `H2MaxStreamErrors` to control how much bad behaviour
by clients is tolerated before the connection is closed.
* ) mod_proxy_http2: add support for ProxyErrorOverride directive.
* ) mpm_common: Add new ListenTCPDeferAccept directive that allows to specify
the value set for the TCP_DEFER_ACCEPT socket option on listen sockets.
* ) mod_ssl: Add SSLVHostSNIPolicy directive to control the virtual
host compatibility policy.
* ) mod_md: update to version 2.6.2
- Fix error retry delay calculation to not already doubling the wait
on the first error.
* ) mod_md: update to version 2.6.1
- Increasing default `MDRetryDelay` to 30 seconds to generate less bursty
traffic on errored renewals for the ACME CA. This leads to error retries
of 30s, 1 minute, 2, 4, etc. up to daily attempts.
- Checking that configuring `MDRetryDelay` will result in a positive
duration. A delay of 0 is not accepted.
- Fix a bug in checking Content-Type of responses from the ACME server.
- Added ACME ARI support (rfc9773) to the module. Enabled by default. New
directive "MDRenewViaARI on|off" for controlling this.
- Removing tailscale support. It has not been working for a long time
as the company decided to change their APIs. Away with the dead code,
documentation and tests.
- Fixed a compilation issue with pre-industrial versions of libcurl.
- httpd testsuite of svn revision 1929573
- Remove the following patches, as they've been upstream as of 2.4.66:
* CVE-2024-42516.patch
* CVE-2024-43204.patch
* CVE-2024-47252.patch
* CVE-2025-23048.patch
* CVE-2025-49630.patch
* CVE-2025-49812.patch
* CVE-2025-53020.patch
* CVE-2025-55753.patch
* CVE-2025-58098.patch
* CVE-2025-65082.patch
* CVE-2025-66200.patch
- Refresh patches:
* apache-test-application-xml-type.patch
* apache-test-turn-off-variables-in-ssl-var-lookup.patch
* apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch
* apache2-LimitRequestFieldSize-limits-headers.patch
- aws-cli-container
-
n/a
- aws-sdk-container
-
n/a
- cloud-regionsrv-client
-
- Update to version 11.0.2 (bsc#1260421)
+ Add iputils as a dependency to make automatic NVIDIA repo enablement
work
- Update to version 11.0.1
+ Fix attempt to read a deleted file resulting in an error. Refresh
the file list for repos and services for each pass over the
server domains we are looking to clean up the registration.
+ Update user visible messages only showing messages for the
application configuration file.
- Update to version 11.0.0 (bsc#1254960, bsc#1254982, bsc#1253777)
+ Major version bump for main package and plugin sub-packages due to
interpreter change in SLE 15 SP4+ from Python 3.6 to Python 3.11
+ Create cache directory in code and drop from package (jsc#PED-14732)
+ Fix race condition between license watcher timer and registration
(bsc#1254984)
+ Fix cleanup issue in hosts (bsc#1254702)
+ Fix cache clean up
+ Fix exit condition from container registry setup
+ Lock the registration process to ensure single execution (bsc#1254984)
+ Fix traceback on FP and cert mismatch
+ Switch remaining code to updated logging implementation
+ Increase loggin information in log to help with issue debugging
+ Fix exit code on partial registration success
+ Remove obsolete switchcloudguestservices
- Update to version 10.5.3
+ Move project setup to poetry and apply python standards
+ Fix use of logging facility
Use logging facility in the desired way throughout the entire
code base. This includes the following changes and refactor
* Add handler and formatter for the logfile containing more
information about function and position in code for the message
* Add handler for stdout (INFO and WARNING)
* Add handler for stderr (ERROR).
* Implement Logger class providing the logging setup and methods
* Drop the start_logging() method.
* Fix and refactor all unit tests around the use of logging
with a proper fixture and place all tests for registerutils
into its own class TestRegisterUtils.
* Add --debug switch for registercloudguest. Allow to increase
logfile information. All messages produced via log.debug(...)
in code will be part of the logfile. Debug messages will not
be shown on the console
* Update SLE12 patches due to logging refactor
* Use --debug flag in guestregister service
This Fixes #188
- crypto-policies
-
- Remove crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch
to allow X25519 as required for sntrup761x25519-sha512@openssh.com
and sntrup761x25519-sha512 in the DEFAULT policy. (bsc#1259825)
Rebase crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch
- Add PQC support for OpenSSH (bsc#1258311, bsc#1259825)
* Enable sntrup761x25519-sha512 for OpenSSH by default
* Add crypto-policies-OpenSSH-PQC.patch
- Modify the output of fips-mode-setup to hint the user when
setting the FIPS mode in transactional systems to use the
command 'transactional-update setup-fips'. (bsc#1262315)
- Disable the use of posix_spawn() under qemu user-mode emulation.
- cups
-
- Version upgrade to 2.4.19:
See https://github.com/openprinting/cups/releases
Release 2.4.19 contains another hotfix after CVE-2026-27447 fix:
* Fixed a regression in shared printing from non-local accounts
(Issue #1557)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.19
- Added 'Michael R Sweet' key to cups.keyring
because cups-2.4.19-source.tar.gz.sig belongs to him.
- Version upgrade to 2.4.18:
See https://github.com/openprinting/cups/releases
The new release 2.4.18 contains hotfix after CVE-2026-27447 fix:
* Fixed cupsd crash if user does not exist (Issue #1555)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.18
- Version upgrade to 2.4.17:
See https://github.com/openprinting/cups/releases
The new release 2.4.17 contains the following security fixes:
* CVE-2026-27447: The scheduler treated local user
and group names as case-insensitive (bsc#1261572)
* CVE-2026-34978: The RSS notifier could write outside
the scheduler's RSS directory (bsc#1261571)
* CVE-2026-34980: The scheduler did not filter control
characters from option values (bsc#1261569)
* CVE-2026-34979: The scheduler did not always allocate
enough memory for a job's options string (bsc#1261570)
* CVE-2026-34990: The scheduler incorrectly allowed
local certificates over the loopback interface (bsc#1261568)
* CVE-2026-39314: Fixed the range check for
job password strings (bsc#1261743)
* CVE-2026-39316: Fixed a printer subscription bug
in the scheduler (bsc#1261742)
* CVE-2026-41079: Fixed a SNMP string conversion bug
in the backends (bsc#1263116)
- The release includes other fixes as well, listed in CHANGES.md.
Issues are those at https://github.com/OpenPrinting/cups/issues
Detailed list (from CHANGES.md):
* The scheduler followed symbolic links when cleaning out
its temporary directory (Issue #1448)
* Updated `cupsFileGetConf` and `cupsFilePutConf` to escape
more characters.
* Updated man page `cancel` (Issue #984)
* Updated `cupsRasterReadHeader` to validate more of the
page header values (Issue #1501)
* Fixed an issue with the class/printer CGI name checking.
* Fixed infinite loop in `http_write()` on busy print servers
(Issue #827)
* Fixed potential TLS blocking issues (Issue #1128)
* Fixed a job history bug in the scheduler (Issue #1440)
* Fixed notifier logging bug that would result in nul bytes
getting into the log (Issue #1450)
* Fixed possible use-after-free in `cupsdReadClient()`
(Issue #1454)
* Fixed a document format bug in the IPP backend (Issue #1457)
* Fixed DRAIN_OUTPUT race condition (Issue #1461)
* Fixed a bug when then `ippFindXxx` and `ippSetXxx` functions
were mixed.
* Fixed the mapping of supply type keywords to SNMP names.
* Fixed a bug in the IPP backend when SNMP was disabled.
* Fixed a crash bug in the rastertoepson filter.
* Fixed a bug in cgiCheckVariables.
* Fixed handling read/write errors with OpenSSL (Issue #1506)
* Fixed handling rehandshake error in `_httpTLSRead`
(Issue #1508)
* Fixed a debug printf bug on Windows (Issue #1529)
* Fixed a recursion issue with encoding of nested collections
(Issue #1539)
* Fixed parsing of the `LimitRequestBody`, `MaxLogSize`,
and `MaxRequestSize` directives in "cupsd.conf" (Issue #1540)
* Fixed a parsing bug in `ipptool` (Issue #1542)
* Fixed blank line detection in the `rastertolabel` filter
(Issue #1545)
* Fixed `httpPeek` edge case on compressed streams
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.17
- dbus-broker
-
- Fix timeout on ssh due to not handling ESRCH (boo#1255678)
* fix-ESRCH-check.patch
- glibc
-
- ungetwc-byte-stream.patch: libio: Fix ungetwc operating on byte stream
(CVE-2026-5928, bsc#1262464, BZ #33998)
- scanf-mc-buffer-overflow.patch: stdio-common: Fix buffer overflow in
scanf %mc (CVE-2026-5450, bsc#1262465, BZ #34008)
- ibm139x-pending-char-state.patch: Use pending character state in
IBM1390, IBM1399 character sets (CVE-2026-4046, bsc#1261206, BZ #33980)
- iproute2
-
- add netshaper support (bsc#1253044)
* netshaper-Add-netshaper-command.patch
* netshaper-update-include-files.patch
* netshaper-fix-build-failure.patch
* netshaper-remove-unused-variable.patch
* netshaper-ignore-build-result.patch
* netshaper-fix-grammar-and-style-issues-in-man-page.patch
- fix package for immutable mode (jsc#PED-14787)
* drop ghost entry for /run/netns
- add CVE fix (CVE-2024-58251 bsc#1254324)
* ss-escape-characters-in-command-name.patch
- add post-6.12 upstream fixes (bsc#1241316)
* Parse-FQ-band-weights-correctly.patch
* bond-fix-stack-smash-in-xstats.patch
* ip-support-setting-multiple-features.patch
* tc-gred-fix-debug-print.patch
- kdump
-
- upgrade to version 2.1.6+git9.g60a2898
* fix VLAN interface naming (bsc#1255300)
* fix bonding options for VLAN slaves (bsc#1255300)
* fix return value of kdumptool commandline -d (bsc#1257471)
* man: fix install instructions in kdump(7)
* kdumptool commandline: ignore minor differencies (bsc#1260535)
* fix sysconfig syntax
- kernel-source:kernel-default
-
- net: gro: don't merge zcopy skbs (git-fixes).
- net: skbuff: propagate shared-frag marker through frag-transfer
helpers (CVE-2026-43503 bsc#1265960).
- net: skbuff: preserve shared-frag marker during coalescing
(CVE-2026-46300 bsc#1265209).
- commit 68f8e8b
- Revert "net: skbuff: propagate shared-frag marker through pskb_copy()"
This reverts commit f71c96250de20f4edf1c4beeb9d8b973a9ad6943.
- commit aaf0bdb
- Update
patches.kabi/ptrace-slightly-saner-get_dumpable-logic-kabi-assert.patch
(CVE-2026-46333 bsc#1265308).
- Update
patches.kabi/ptrace-slightly-saner-get_dumpable-logic-kabi.patch
(CVE-2026-46333 bsc#1265308).
- Update
patches.suse/ptrace-slightly-saner-get_dumpable-logic.patch
(CVE-2026-46333 bsc#1265308).
- commit 493e3ed
- kernel-binary: Only apply vmlinux workaround on SLE15 and later
To create debuginfo for vmlinux the file needs to be present even if
it's not packaged because a compressed file is packaged insteand.
To accomplish that the file is marked as ghost in the file list. Then
rpm does not complain that the file exists but does not package it.
However, rpm still reserves space for ghost files when installing a
package. To avoid reserving space for a file that is not used the file
is truncated.
That works on SLE 15 but on SLE 12 rpm then fails packaging the
debuginfo complaiing that extra debuginfo files are present. Limit the
workaround to SLE 15 and later.
Fixes: 222edac2a18 (kernel-binary: prevent uncompressed vmlinux from inflating rpm size requirements)
- commit 1ef7451
- scsi: target: iscsi: validate CHAP_R length before base64 decode
(bsc#1265449).
- commit 04f607e
- Refresh
patches.suse/io-wq-check-that-the-predecessor-is-hashed-in-io_wq_remove_pending.patch.
- commit 033df25
- net: mana: Fix crash from unvalidated SHM offset read from BAR0 during FLR (bsc#1265846).
- net: mana: remove double CQ cleanup in mana_create_rxq error path (git-fixes).
- net: mana: Skip WQ object destruction for uninitialized RXQ (git-fixes).
- net: mana: check xdp_rxq registration before unreg in mana_destroy_rxq() (git-fixes).
- RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Fix mana_destroy_wq_obj() cleanup in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (git-fixes).
- RDMA/mana: Validate rx_hash_key_len (git-fixes).
- hv_sock: fix ARM64 support (git-fixes).
- mshv: Fix error handling in mshv_region_pin (CVE-2026-43045 bsc#1263942).
- mshv: Refactor and rename memory region handling functions (CVE-2026-43045 bsc#1263942).
- commit 6cbd7cb
- Kernel-binary: Do not truncate vmlinux when it's the boot image
Some architectures use vmlinux to boot. Truncating vmlinux on those
architectures causes signing failure during build. Also if the signing
was disabled a brokne kernel would be produced.
Fixes: 222edac2a18 (kernel-binary: prevent uncompressed vmlinux from inflating rpm size requirements)
- commit d3cf603
- perf: Fix __perf_event_overflow() vs perf_remove_from_context()
race (bsc#1260018 CVE-2026-23271).
- commit 1c3b58a
- drivers/base/memory: fix memory block reference leak in poison
accounting (git-fixes).
- commit c0de598
- xfs: avoid dereferencing log items after push callbacks
(CVE-2026-31453 bsc#1262617).
- commit 682fb9c
- kernel-binary: prevent uncompressed vmlinux from inflating rpm size requirements
define %__spec_install_post to truncate the uncompressed vmlinux
to 0 bytes after find-debuginfo.sh and brp-* scripts run. This prevents
rpmbuild from baking the %ghost file size into the FILESIZES
header, which can cause installation failures on smaller /boot partitions.
Fixes: bsc#1265456
- commit 222edac
- net/rds: reset op_nents when zerocopy page pin fails
(bsc#1265626 CVE-2026-43494).
- net/rds: reset op_nents when zerocopy page pin fails
(bsc#1265626).
- commit dc2b91c
- ipv6: rpl: reserve mac_len headroom when recompressed SRH grows
(git-fixes).
- commit 02b019a
- xfs: remove xfs_attr_leaf_hasname (CVE-2026-43153 bsc#1264586).
- commit 78141a4
- perf: Make sure to use pmu_ctx->pmu for groups (bsc#1263001
CVE-2026-31528).
- commit 953abda
- RDMA/irdma: Fix deadlock during netdev reset with active connections (CVE-2026-31565 bsc#1263064)
- commit 768a64a
- virt: sev-guest: Do not use host-controlled page order in
cleanup path (git-fixes).
- commit 27d6e80
- net/sched: fix pedit partial COW leading to page cache corruption
(bsc#1265421).
- commit c4afa7d
- drm/amdkfd: Add upper bound check for num_of_nodes
(stable-fixes).
- commit 42e71c7
- drm/amdgpu: zero-initialize GART table on allocation
(stable-fixes).
- drm/amdgpu/gfx9: drop unnecessary 64-bit fence flag check in
KIQ (stable-fixes).
- drm/amdkfd: Make all TLB-flushes heavy-weight (stable-fixes).
- drm/amdgpu/vcn4: Avoid overflow on msg bound check (git-fixes).
- drm/amdgpu/vcn3: Avoid overflow on msg bound check (git-fixes).
- drm/amdkfd: validate SVM ioctl nattr against buffer size
(stable-fixes).
- drm/amdkfd: Clear VRAM on allocation to prevent stale data
exposure (stable-fixes).
- drm/amdgpu: gate VM CPU HDP flush on reset lock (stable-fixes).
- drm/amdgpu: Use SMUIO 15.0.0 offsets for TSC upper and lower
count (stable-fixes).
- drm/amdgpu/vcn4: Prevent OOB reads when parsing IB
(stable-fixes).
- drm/amdgpu/vcn4: Prevent OOB reads when parsing dec msg
(stable-fixes).
- drm/amdgpu/vcn3: Prevent OOB reads when parsing dec msg
(stable-fixes).
- drm/amdgpu/vce: Prevent partial address patches (stable-fixes).
- drm/amdgpu: Add bounds checking to ib_{get,set}_value
(stable-fixes).
- platform/x86: hp-wmi: Ignore backlight and FnLock events
(stable-fixes).
- spi: zynq-qspi: fix controller deregistration (git-fixes).
- spi: uniphier: fix controller deregistration (git-fixes).
- spi: uniphier: Simplify clock handling with
devm_clk_get_enabled() (stable-fixes).
- spi: zynq-qspi: Simplify clock handling with
devm_clk_get_enabled() (stable-fixes).
- commit de422d6
- ALSA: hda: Fix NULL pointer dereference in snd_hda_ctl_add()
(git-fixes).
- ALSA: scarlett2: Add missing error check when initialise
Autogain Status (git-fixes).
- ALSA: hda: cs35l41: Put ACPI device on missing physical node
(git-fixes).
- ALSA: hda: cs35l56: Put ACPI device after setting companion
(git-fixes).
- ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans
(git-fixes).
- ALSA: usb-audio: Bound MIDI endpoint descriptor scans
(git-fixes).
- ALSA: core: Serialize deferred fasync state checks (git-fixes).
- ALSA: misc: Use guard() for spin locks (stable-fixes).
- ALSA: seq: Notify client and port info changes (stable-fixes).
- commit 64f2c72
- drm/loongson: Use managed KMS polling (git-fixes).
- drm/gma500/oaktrail_lvds: fix i2c adapter leaks on init
(git-fixes).
- drm/gma500/oaktrail_lvds: fix hang on init failure (git-fixes).
- drm/gma500/oaktrail_hdmi: fix i2c adapter leak on setup
(git-fixes).
- accel/qaic: Add overflow check to remap_pfn_range during mmap
(git-fixes).
- drm/panfrost: Fix wait_bo ioctl leaking positive return from
dma_resv_wait_timeout() (git-fixes).
- drm/xe/dma-buf: handle empty bo and UAF races (git-fixes).
- drm/i915/dp: Fix VSC dynamic range signaling for RGB formats
(git-fixes).
- drm/i915: skip __i915_request_skip() for already signaled
requests (git-fixes).
- commit 98a8998
- net: phy: DP83TC811: add reading of abilities (git-fixes).
- batman-adv: bla: put backbone reference on failed claim hash
insert (git-fixes).
- batman-adv: bla: only purge non-released claims (git-fixes).
- batman-adv: bla: prevent use-after-free when deleting claims
(git-fixes).
- batman-adv: stop caching unowned originator pointers in BAT IV
(git-fixes).
- batman-adv: reject new tp_meter sessions during teardown
(git-fixes).
- batman-adv: fix integer overflow on buff_pos (git-fixes).
- net: wan: fsl_ucc_hdlc: free tx_skbuff in uhdlc_memclean
(git-fixes).
- hwmon: (ads7871) Fix endianness bug in 16-bit register reads
(git-fixes).
- hwmon: (lm63) Add locking to avoid TOCTOU (git-fixes).
- hwmon: (corsair-psu) Close HID device on probe errors
(git-fixes).
- hwmon: (ltc2992) Fix u32 overflow in power read path
(git-fixes).
- hwmon: (ltc2992) Clamp threshold writes to hardware range
(git-fixes).
- staging: vme_user: fix root device leak on init failure
(git-fixes).
- USB: serial: option: add Telit Cinterion LE910Cx compositions
(stable-fixes).
- usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl
(stable-fixes).
- usb: usblp: fix heap leak in IEEE 1284 device ID via short
response (stable-fixes).
- usb: typec: tcpm: reset internal port states on soft reset AMS
(git-fixes).
- usb: ulpi: fix memory leak on ulpi_register() error paths
(git-fixes).
- USB: omap_udc: DMA: Don't enable burst 4 mode (git-fixes).
- i2c: smbus: reject oversized block transfers in the common path
(git-fixes).
- i2c: stub: Reject I2C block transfers with invalid length
(git-fixes).
- i2c: stm32f7: reinit_completion() per transfer not per msg
(git-fixes).
- drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission
(git-fixes).
- drm/radeon: add missing revision check for CI (git-fixes).
- drm/amdgpu/pm: align Hawaii mclk workaround with radeon
(git-fixes).
- drm/amdgpu/pm: add missing revision check for CI (git-fixes).
- drm/exynos: remove bridge when component_add fails (git-fixes).
- drm/panel: himax-hx83102: restore MODE_LPM after sending
disable cmds (git-fixes).
- drm/panel: boe-tv101wum-nl6: restore MODE_LPM after sending
disable cmds (git-fixes).
- drm/etnaviv: Fix armed job not being pushed to the DRM scheduler
(git-fixes).
- drm/fb-helper: Fix clipping when damage area spans a single
scanline (git-fixes).
- selinux: shrink critical section in sel_write_load()
(stable-fixes).
- selinux: prune /sys/fs/selinux/disable (stable-fixes).
- net: phy: broadcom: Save PHY counters during suspend
(git-fixes).
- Bluetooth: HIDP: serialise l2cap_unregister_user via
hidp_session_sem (git-fixes).
- Bluetooth: hci_event: fix memset typo (git-fixes).
- Bluetooth: RFCOMM: pull credit byte with skb_pull_data()
(git-fixes).
- Bluetooth: virtio_bt: validate rx pkt_type header length
(git-fixes).
- Bluetooth: virtio_bt: clamp rx length before skb_put
(git-fixes).
- Bluetooth: btmtk: validate WMT event SKB length before struct
access (git-fixes).
- Bluetooth: ISO: Fix data-race on dst in iso_sock_connect()
(git-fixes).
- Bluetooth: SCO: hold sk properly in sco_conn_ready (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in
l2cap_sock_new_connection_cb() (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref in
l2cap_sock_state_change_cb() (git-fixes).
- Bluetooth: l2cap: fix MPS check in l2cap_ecred_reconf_req
(git-fixes).
- Bluetooth: bnep: fix incorrect length parsing in bnep_rx_frame()
extension handling (git-fixes).
- Bluetooth: hci_event: Fix OOB read and infinite loop in
hci_le_create_big_complete_evt (git-fixes).
- Bluetooth: SCO: fix sleeping under spinlock in sco_conn_ready
(git-fixes).
- wifi: nl80211: fix NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST
usage (git-fixes).
- wifi: mac80211: remove station if connection prep fails
(git-fixes).
- wifi: mac80211: use safe list iteration in radar detect work
(git-fixes).
- wifi: ath5k: do not access array OOB (git-fixes).
- wifi: ath12k: fix leak in some ath12k_wmi_xxx() functions
(git-fixes).
- wifi: libertas: notify firmware load wait on disconnect
(git-fixes).
- wifi: cw1200: Revert "Fix locking in error paths" (git-fixes).
- wifi: ath12k: use lockdep_assert_in_rcu_read_lock() for RCU
assertions (git-fixes).
- wifi: rsi: fix kthread lifetime race between self-exit and
external-stop (git-fixes).
- wifi: mac80211: drop stray 'static' from fast-RX rx_result
(git-fixes).
- wifi: mac80211: check ieee80211_rx_data_set_link return in
pubsta MLO path (git-fixes).
- wifi: nl80211: require admin perm on SET_PMK / DEL_PMK
(git-fixes).
- wifi: b43legacy: enforce bounds check on firmware key index
in RX path (git-fixes).
- wifi: b43: enforce bounds check on firmware key index in
b43_rx() (git-fixes).
- wifi: brcmfmac: Fix potential use-after-free issue when stopping
watchdog task (git-fixes).
- net: wwan: t7xx: validate port_count against message length
in t7xx_port_enum_msg_handler (git-fixes).
- net: usb: asix: ax88772: re-add usbnet_link_change() in phylink
callbacks (git-fixes).
- net: wan: fsl_ucc_hdlc: fix ucc_hdlc_remove (git-fixes).
- net: wan: fsl_ucc_hdlc: fix uhdlc_memclean (git-fixes).
- ASoC: cs35l56: Destroy workqueue in probe error path
(git-fixes).
- ASoC: cs35l56: Don't use devres to unregister component
(git-fixes).
- ASoC: fsl_xcvr: Fix event generation for cached controls
(git-fixes).
- ASoC: amd: yc: Add HP OMEN Gaming Laptop 16-ap0xxx product
line in quirk table (stable-fixes).
- ASoC: cs35l56: Fix hibernate write in runtime resume error path
(git-fixes).
- ALSA: usb-audio: midi2: Restart output URBs on resume
(git-fixes).
- ALSA: firewire-tascam: Do not drop unread control events
(git-fixes).
- ALSA: pcmtest: Return -EFAULT on pattern read copy failure
(git-fixes).
- efi: pstore: Drop efivar lock when efi_pstore_open() returns
with an error (git-fixes).
- ipmi: Add limits to event and receive message requests
(git-fixes).
- drm/amdgpu: fix zero-size GDS range init on RDNA4
(stable-fixes).
- selinux: don't reserve xattr slot when we won't fill it
(stable-fixes).
- ACPI: video: force native backlight on HP OMEN 16 (8A44)
(stable-fixes).
- ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger
(stable-fixes).
- iio: frequency: admv1013: fix NULL pointer dereference on str
(git-fixes).
- iio: frequency: admv1013: add dev variable (stable-fixes).
- amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2
(stable-fixes).
- ACPI: scan: Use acpi_dev_put() in object add error paths
(git-fixes).
- leds: qcom-lpg: Check for array overflow when selecting the
high resolution (stable-fixes).
- ALSA: aoa: i2sbus: clear stale prepared state (git-fixes).
- ALSA: seq_oss: return full count for successful SEQ_FULLSIZE
writes (stable-fixes).
- ALSA: aoa: Skip devices with no codecs in i2sbus_resume()
(git-fixes).
- wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling
(git-fixes).
- wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor
(stable-fixes).
- ALSA: aoa: Use guard() for mutex locks (stable-fixes).
- commit 7b0ff1e
- kabi assert: ptrace: slightly saner 'get_dumpable()' logic
(bsc#1265308).
- kabi: ptrace: slightly saner 'get_dumpable()' logic
(bsc#1265308).
- ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
- commit f8f4ca2
- net: altera-tse: fix skb leak on DMA mapping error in
tse_start_xmit() (CVE-2026-31658 bsc#1263052).
- ipv6: icmp: clear skb2->cb in ip6_err_gen_icmpv6_unreach()
(CVE-2026-43038 bsc#1264097).
- commit 25154e4
- netfilter: ip6t_eui64: reject invalid MAC header for all packets
(CVE-2026-31685 bsc#1263668).
- commit ebc3df3
- netfilter: ctnetlink: ignore explicit helper on new expectations
(CVE-2026-43025 bsc#1263931).
- commit f7d829f
- netfilter: nf_conntrack_helper: pass helper to expect cleanup
(CVE-2026-43027 bsc#1263933).
- commit 09b2b4e
- netfilter: xt_tcpmss: check remaining length before reading
optlen (CVE-2026-43190 bsc#1264848).
- commit 81f4cf4
- net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-43441 bsc#1264674).
- commit 1eba512
- net: txgbe: leave space for null terminators on property_entry
(CVE-2026-43082 bsc#1264233).
- vxlan: validate ND option lengths in vxlan_na_create
(CVE-2026-31738 bsc#1264059).
- commit 5117d0a
- selftests/bpf: Add more precision tracking tests for atomics
(CVE-2026-43009 bsc#1264014).
- commit 8a6ae29
- bpf: Fix incorrect pruning due to atomic fetch precision tracking
(CVE-2026-43009 bsc#1264014).
- commit e98d57a
- btrfs: qgroup: update all parent qgroups when doing quick
inherit (bsc#1258933).
- commit e80dd17
- netfilter: xt_multiport: validate range encoding in checkentry
(CVE-2026-31681 bsc#1263593).
- commit 51b6dbb
- netfilter: nft_ct: drop pending enqueued packets on removal
(CVE-2026-43060 bsc#1264183).
- commit 45a5b23
- netfilter: flowtable: strictly check for maximum number of
actions (CVE-2026-43329 bsc#1265085).
- commit 2044fe7
- netfilter: nf_conntrack_expect: skip expectations in other
netns via proc (CVE-2026-31496 bsc#1262673).
- commit c2fbef4
- net: af_key: zero aligned sockaddr tail in PF_KEY exports
(CVE-2026-43088 bsc#1264469).
- commit d4c3a74
- io_uring/kbuf: check if target buffer list is still legacy on
recycle (CVE-2026-43366 bsc#1265116).
- commit 3d68eb1
- mm/pagewalk: fix race between concurrent split and refault
(CVE-2026-31456 bsc#1262627).
- commit 66d2a63
- KVM: nVMX: Add consistency check for TSC_MULTIPLIER=0
(git-fixes).
- commit e1d61c7
- KVM: Reject wrapped offset in kvm_reset_dirty_gfn() (git-fixes).
- commit 8c874fe
- KVM: x86: check for nEPT/nNPT in slow flush hypercalls
(git-fixes).
- commit 91ba5ef
- io-wq: check that the predecessor is hashed in
io_wq_remove_pending() (git-fixes).
- commit 7709fe4
- pmdomain: bcm: bcm2835-power: Increase ASB control timeout (CVE-2026-31550 bsc#1263104)
- commit b1bcef2
- net: skbuff: propagate shared-frag marker through pskb_copy()
(CVE-2026-46300 bsc#1265209).
- commit f71c962
- drm/panthor: fix for dma-fence safe access rules (CVE-2025-71302
bsc#1264837).
- commit e1e86cf
- KVM: x86: Ignore -EBUSY when checking nested events from
vcpu_block() (CVE-2026-43265 bsc#1264427).
- commit e23f394
- openvswitch: vport: fix self-deadlock on release of tunnel ports
(git-fixes).
- commit 7143335
- Refresh patches.suse/x86-CPU-AMD-Prevent-improper-isolation-of-shared-resources.patch.
- commit 26bf91f
- openvswitch: defer tunnel netdev_put to RCU release
(CVE-2026-31678 bsc#1263562).
- commit 56e44f5
- nfnetlink_osf: validate individual option lengths in
fingerprints (CVE-2026-23397 bsc#1260728).
- commit 86012c7
- xfs: fix undersized l_iclog_roundoff values (CVE-2026-43365
bsc#1265119).
- commit 0d027d9
- net: sched: act_csum: validate nested VLAN headers
(CVE-2026-31684 bsc#1263596).
- commit cfad388
- net/sched: cls_fw: fix NULL dereference of "old" filters before
change() (git-fixes).
- commit 3fc3976
- ipv6: avoid overflows in ip6_datagram_send_ctl() (CVE-2026-31415
bsc#1262099).
- net/sched: cls_fw: fix NULL pointer dereference on shared blocks
(CVE-2026-31421 bsc#1262061).
- ip6_tunnel: clear skb2->cb in ip4ip6_err() (CVE-2026-43037
bsc#1263995).
- af_key: validate families in pfkey_send_migrate() (CVE-2026-31515
bsc#1262752).
- openvswitch: validate MPLS set/set_masked payload length
(CVE-2026-31679 bsc#1263592).
- commit 1dd4910
- net/sched: sch_netem: fix out-of-bounds access in packet
corruption (CVE-2026-31675 bsc#1263556).
- commit 9c1c60a
- ibmveth: Disable GSO for packets with small MSS (bsc#1265144).
- commit 45266f7
- net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd()
(CVE-2026-31700 bsc#1263882).
- commit 2ec21fc
- smb: client: fix krb5 mount with username option (bsc#1261788
CVE-2026-31392)
- commit dc306e2
- KVM: SVM: Disallow EFER.LMSLE when not supported by hardware
(git-fixes).
- commit abdb6dd
- KVM: x86: Advertise EferLmsleUnsupported to userspace
(git-fixes).
- commit 1a12381
- KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested
[#]VMEXIT (git-fixes).
- commit 0bcee83
- gtp: disable BH before calling udp_tunnel_xmit_skb()
(git-fixes).
- net/mlx5: Fix HCA caps leak on notifier init failure
(git-fixes).
- tg3: replace placeholder MAC address with device property
(git-fixes).
- commit a806d46
- igb: remove napi_synchronize() in igb_down() (CVE-2026-31691
bsc#1263604).
- commit fa98b35
- io_uring/timeout: check unused sqe fields (git-fixes).
- commit a4e675d
- nvme-loop: do not cancel I/O and admin tagset during ctrl
reset/shutdown (bsc#1262709).
- commit 1ee1250
- scsi: lpfc: Update lpfc version to 15.0.0.0 (bsc#1262019).
- scsi: lpfc: Add PCI ID support for LPe42100 series adapters
(bsc#1262019).
- scsi: lpfc: Introduce 128G link speed selection and support
(bsc#1262019).
- scsi: lpfc: Check ASIC_ID register to aid diagnostics during
failed fw updates (bsc#1262019).
- scsi: lpfc: Update construction of SGL when XPSGL is enabled
(bsc#1262019).
- scsi: lpfc: Remove deprecated PBDE feature (bsc#1262019).
- scsi: lpfc: Add REG_VFI mailbox cmd error handling
(bsc#1262019).
- scsi: lpfc: Log MCQE contents for mbox commands with no context
(bsc#1262019).
- scsi: lpfc: Select mailbox rq_create cmd version based on SLI4
if_type (bsc#1262019).
- scsi: lpfc: Break out of IRQ affinity assignment when mask
reaches nr_cpu_ids (bsc#1262019).
- scsi: lpfc: Update outdated comment for renamed lpfc_freenode()
(bsc#1262019).
- scsi: lpfc: Use the crc32c() function (bsc#1262019).
- scsi: lpfc: ELIMINATE kernel-doc warnings in lpfc.h
(bsc#1262019).
- scsi: lpfc: Update lpfc version to 14.4.0.14 (bsc#1262019).
- scsi: lpfc: Update copyright year string for 2026 (bsc#1262019).
- scsi: lpfc: Restrict first burst to non-FCoE and SLI4 adapters
only (bsc#1262019).
- scsi: lpfc: Update class of service bit field to 3 bits for
WQE submissions (bsc#1262019).
- scsi: lpfc: Add clean up of aborted NVMe commands during PCI
fcn reset (bsc#1262019).
- scsi: lpfc: Fix incorrect txcmplq_cnt during cleanup in
lpfc_sli_abort_ring() (bsc#1262019).
- scsi: lpfc: Cleanup error exit paths in lpfc_fdmi_cmd() and
associated messages (bsc#1262019).
- scsi: lpfc: Remove unnecessary ndlp kref get in
lpfc_check_nlp_post_devloss (bsc#1262019).
- scsi: lpfc: Reduce pointer chasing when accessing vmid_flag
(bsc#1262019).
- scsi: lpfc: Use min_t() instead of min() in
lpfc_sli4_driver_resource_setup (bsc#1262019).
- scsi: lpfc: Add log messages to fabric login error labels
(bsc#1262019).
- scsi: lpfc: Log discarded and insufficient RQE buffer events
(bsc#1262019).
- scsi: lpfc: Update log message when ndlp kref get is
unsuccessful (bsc#1262019).
- scsi: lpfc: Properly set WC for DPP mapping (bsc#1262019).
- commit 7b714a9
- wireguard: device: use exit_rtnl callback instead of manual
rtnl_lock in pre_exit (CVE-2026-31579 bsc#1263074).
- commit e06a63d
- seg6: separate dst_cache for input and output paths in seg6
lwtunnel (CVE-2026-31668 bsc#1263140).
- tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
(CVE-2026-31662 bsc#1263131).
- bridge: br_nd_send: linearize skb before parsing ND options
(CVE-2026-31682 bsc#1263595).
- iavf: fix out-of-bounds writes in iavf_get_ethtool_stats()
(CVE-2026-31505 bsc#1263093).
- udp: Fix wildcard bind conflict check when using hash2
(CVE-2026-31503 bsc#1263077).
- atm: lec: fix use-after-free in sock_def_readable()
(CVE-2026-43050 bsc#1264082).
- commit a38bbef
- mkspec: Add signature to source list only when it exists
- commit e496e84
- nvme-apple: drop invalid put of admin queue reference count
(git-fixes).
- nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to
its callers (git-fixes).
- nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston
OM3SGP4 (git-fixes).
- commit 045f69b
- Update config files: disable unsupported CONFIG_AFS_FS and CONFIG_AF_RXRPC
- commit a035dd7
- net: lan966x: fix use-after-free and leak in
lan966x_fdma_reload() (CVE-2026-31644 bsc#1263048).
- net: macb: use the current queue number for stats
(CVE-2026-31494 bsc#1262671).
- net: cadence: macb: Synchronize stats calculations
(CVE-2026-31494 bsc#1262671).
- commit decc1b9
- supported.conf: drop rxrpc completely (bsc#1264450)
- commit 2dc3b0f
- xfrm: esp: avoid in-place decrypt on shared skb frags
(bsc#1264449).
- commit afc97fe
- drm/xe: Fix missing runtime PM reference in ccs_mode_store
(CVE-2026-31547 bsc#1263018).
- commit fed53ff
- fuse: reject oversized dirents in page cache (CVE-2026-31694 bsc#1263901).
- commit 0f4f926
- Xarray: do not return sibling entries from xas_find_marked()
(bsc#1263815).
- commit 7ce1887
- futex: Require sys_futex_requeue() to have identical flags
(CVE-2026-31554 bsc#1263107).
- commit ce7d9f8
- kABI fix after KVM: x86: Use scratch field in MMIO fragment
to hold small write values (CVE-2026-31588 bsc#1263165).
- commit a1ea62d
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (git-fixes).
- commit 9cbc888
- KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN
(git-fixes).
- commit 360d18b
- KVM: x86: Use scratch field in MMIO fragment to hold small
write values (CVE-2026-31588 bsc#1263165).
- commit 19429bd
- Refresh
patches.suse/btrfs-fix-incorrect-return-value-after-changing-leaf-in-lo.patch.
- commit 45e3335
- selftests/bpf: Add tests for sdiv32/smod32 with INT_MIN dividend
(CVE-2026-31525 bsc#1262725).
- commit 6ce77a2
- bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN
(CVE-2026-31525 bsc#1262725).
- commit 6e6a9d2
- iommu/vt-d: Remove LPIG from page group response descriptor
(jsc#PED-16113).
- commit 02909a4
- mm: blk-cgroup: fix use-after-free in cgwb_release_workfn()
(bsc#1263176 CVE-2026-31586).
- commit ceea29f
- ipmi:si: Return state to normal if message allocation fails
(git-fixes).
- ipmi: Check event message buffer response for bad data
(git-fixes).
- commit f949a9a
- KVM: x86: Fix shadow paging use-after-free due to unexpected
GFN (git-fixes).
- commit 998ec99
- mptcp: fix slab-use-after-free in __inet_lookup_established
(CVE-2026-31669 bsc#1263141).
- commit 9fd5bc5
- net: fix fanout UAF in packet_release() via NETDEV_UP race
(CVE-2026-31504 bsc#1263085).
- commit f302432
- net/tls: fix use-after-free in -EBUSY error path of
tls_do_encryption (CVE-2026-31533 bsc#1262758).
- commit 6f034ca
- x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013 CVE-2025-54518).
- commit b2d5a21
- dpll: zl3073x: Add support to adjust phase (bsc#1255752).
- Refresh
patches.suse/dpll-zl3073x-Add-functions-to-access-hardware-regist.patch.
- commit 6bfd04c
- dpll: zl3073x: fix REF_PHASE_OFFSET_COMP register width for
some chip IDs (bsc#1255752).
- dpll: zl3073x: Fix output pin phase adjustment sign
(bsc#1255752).
- dpll: zl3073x: Specify phase adjustment granularity for pins
(bsc#1255752).
- commit c6899d0
- net/smc: fix double-free of smc_spd_priv when tee() duplicates
splice pipe buffer (CVE-2026-31507 bsc#1263095).
- commit 962222e
- net: stmmac: fix integer underflow in chain mode (CVE-2026-31649
bsc#1263582).
- net-shapers: don't free reply skb after genlmsg_reply()
(git-fixes).
- commit 9dae3e5
- btrfs: fix incorrect return value after changing leaf in
lookup_extent_data_ref() (CVE-2026-31666 bsc#1263138).
- commit e74f8c2
- btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (CVE-2026-31519 bsc#1263012).
- commit 8e45f1b
- netfs: Fix read abandonment during retry (CVE-2026-31435 bsc#1262601).
- commit fd2ee6f
- drm/xe/gsc: Fix BO leak on error in
query_compatibility_version() (git-fixes).
- drm/xe: Fix error cleanup in xe_exec_queue_create_ioctl()
(git-fixes).
- drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import()
(git-fixes).
- drm/xe/bo: Fix bo leak on GGTT flag validation in
xe_bo_init_locked() (git-fixes).
- drm/xe/bo: Fix bo leak on unaligned size validation in
xe_bo_init_locked() (git-fixes).
- drm/xe/debugfs: Correct printing of register whitelist ranges
(git-fixes).
- drm/amd/display: Read EDID from VBIOS embedded panel info
(git-fixes).
- drm/amd/display: Allow DCE link encoder without AUX registers
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v5.0.0 ring
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.5 ring
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0.3 ring
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v4.0 ring
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v3.0 ring
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v2.5 ring
(git-fixes).
- drm/amdgpu/jpeg: set no_user_fence for JPEG v2.0 ring
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v5.0.0 enc ring
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0.5 enc ring
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0.3 enc ring
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v4.0 enc ring
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v3.0 enc/dec rings
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v2.5 enc/dec rings
(git-fixes).
- drm/amdgpu/vcn: set no_user_fence for VCN v2.0 enc/dec rings
(git-fixes).
- drm/amdgpu/gfx6: Support harvested SI chips with disabled TCCs
(v2) (git-fixes).
- drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG (git-fixes).
- drm/amdgpu/gmc: Fix AMDGPU_GART_PLACEMENT_LOW to not overlap
with VRAM (git-fixes).
- drm/gem: Fix inconsistent plane dimension calculation in
drm_gem_fb_init_with_funcs() (git-fixes).
- spi: cadence: fix unclocked access on unbind (git-fixes).
- spi: rockchip: Read ISR, not IMR, to detect cs-inactive IRQ
(git-fixes).
- mtd: spi-nor: debugfs: fix out-of-bounds read in
spi_nor_params_show() (git-fixes).
- net: phy: dp83869: fix setting CLK_O_SEL field (git-fixes).
- NFC: trf7970a: Ignore antenna noise when checking for RF field
(git-fixes).
- net: usb: rtl8150: free skb on usb_submit_urb() failure in xmit
(git-fixes).
- net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()
(git-fixes).
- sound: ua101: fix division by zero at probe (git-fixes).
- i2c: s3c24xx: check the size of the SMBUS message before using
it (stable-fixes).
- HID: core: clamp report_size in s32ton() to avoid undefined
shift (stable-fixes).
- drm/vc4: platform_get_irq_byname() returns an int
(stable-fixes).
- fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
(stable-fixes).
- pinctrl: intel: Fix the revision for new features (1kOhm PD,
HW debouncer) (stable-fixes).
- wifi: brcmfmac: validate bsscfg indices in IF events
(stable-fixes).
- platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug
(stable-fixes).
- HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3
(stable-fixes).
- HID: roccat: fix use-after-free in roccat_report_event
(stable-fixes).
- wifi: wl1251: validate packet IDs before indexing tx_frames
(stable-fixes).
- can: mcp251x: add error handling for power enable in open and
resume (stable-fixes).
- commit 5a35487
- rds: ib: reject FRMR registration before IB connection is
established (CVE-2026-31425 bsc#1262074).
- bridge: mrp: reject zero test interval to avoid OOM panic
(CVE-2026-31420 bsc#1262055).
- net: atm: fix crash due to unvalidated vcc pointer in sigd_send()
(CVE-2026-31411 bsc#1261752).
- commit e9e6eaa
- ASoC: codecs: ab8500: Fix casting of private data (git-fixes).
- ASoC: Intel: bytcr_wm5102: Fix MCLK leak on
platform_clock_control error (git-fixes).
- ASoC: amd: acp: Add DMI quirk for Valve Steam Deck OLED
(git-fixes).
- ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B,
LEFT_J (stable-fixes).
- ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585
(stable-fixes).
- ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list
(stable-fixes).
- ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx
(stable-fixes).
- ASoC: SOF: topology: reject invalid vendor array size in token
parser (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA
(stable-fixes).
- commit b9f0fc5
- ACPI: CPPC: Fix related_cpus inconsistency during CPU hotplug
(git-fixes).
- ALSA: usb-audio: Avoid potential endless loop in
convert_chmap_v3() (git-fixes).
- ALSA: usb-audio: Fix potential leak of pd at parsing UAC3
streams (git-fixes).
- ALSA: caiaq: Don't abort when no input device is available
(git-fixes).
- ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path
(git-fixes).
- ALSA: caiaq: fix usb_dev refcount leak on probe failure
(git-fixes).
- ALSA: usb-audio: Fix UAC3 cluster descriptor size check
(git-fixes).
- ALSA: hda: cs35l56: Propagate ASP TX source control errors
(git-fixes).
- ACPI: video: Move Lenovo Legion S7 15ACH6 quirk to the right
section (git-fixes).
- ACPI: video: Add backlight=native quirk for Dell OptiPlex 7770
AIO (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10
(stable-fixes).
- ALSA: hda/realtek: add quirk for Framework F111:000F
(stable-fixes).
- ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex
(stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx
(stable-fixes).
- ALSA: asihpi: avoid write overflow check warning (stable-fixes).
- ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk
(stable-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC
(stable-fixes).
- commit 1cbf4e0
- cairo
-
- Migrate to xz compression and manual service run
- Add b5752618.patch:
Backport from William Bader's request 621, Fix NULL access
in active_edges_to_traps().
https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621/diffs
https://gitlab.freedesktop.org/williamb/cairo/-/commit/b5752618
(CVE-2025-50422, bsc#1247589)
- Switch back to using source service.
- c-ares
-
- c-ares 1.35.6:
* CVE-2025-62408: use-after-free in read_answers() (boo#1254738)
* Ignore Windows IDN Search Domains until proper IDN support is
added
* Various bug fixes
- gnutls
-
- Security fixes:
* CVE-2026-33846: buffers: add more checks to DTLS reassembly (bsc#1263705)
* CVE-2026-42009: lib/buffers: ensure packets have differing sequence numbers (bsc#1263708)
* CVE-2026-33845: buffers: switch from end_offset over to frag_length (bsc#1263704)
* CVE-2026-42010: lib/auth/rsa_psk: fix binary PSK identity lookup (bsc#1263709)
* CVE-2026-3833: x509/name-constraints: compare domain names case-insensitive (bsc#1263707)
* CVE-2026-42011: x509/name_constraints: fix intersecting empty constraints (bsc#1263710)
* CVE-2026-42012: x509/hostname-verify: make URI/SRV SAN preclude CN fallback (bsc#1263711)
* CVE-2026-42013: x509: prevent fallback on oversized SAN (bsc#1263712)
* CVE-2026-42014: pkcs11_write: fix UAF and leak in gnutls_pkcs11_token_set_pin (bsc#1263713)
* CVE-2026-42015: x509/pkcs12_bag: fix off-by-one in bag element bounds check (bsc#1263714)
* CVE-2026-5260: lib/pkcs11_privkey: guard against overreading on short ciphertexts (bsc#1263715)
* CVE-2026-3832: cert-session: fix multi-entry OCSP revocation bypass (bsc#1263706)
* CVE-2026-5419: gnutls_cipher_decrypt3: make PKCS#7 unpadding branch free (bsc#1263716)
* Add patches:
gnutls-CVE-2026-33846.patch gnutls-CVE-2026-42009.patch
gnutls-CVE-2026-33845.patch gnutls-CVE-2026-42010.patch
gnutls-CVE-2026-3833.patch gnutls-CVE-2026-42011.patch
gnutls-CVE-2026-42012.patch gnutls-CVE-2026-42013.patch
gnutls-CVE-2026-42014.patch gnutls-CVE-2026-5260.patch
gnutls-CVE-2026-42015.patch gnutls-CVE-2026-3832.patch
gnutls-CVE-2026-5419.patch
- leancrypto
-
- Calculate the FIPS HMAC for the leancrypto and the leancrypto-fips
libraries. (bsc#1262399)
- Fix build on kernel 7.0
* Add patch 0001-Linux-kernel-leancrypto_kernel_rng_tester-include-li.patch
- Pick fix for ABI issue in AVX2 assembly for Curve448 causing
test failures when building with GCC 16.
* Add patch leancrypto-ABI-fix.patch
- Update to 1.7.2:
* Fix RDSEED counter
* Process code by AI code checkers and apply suggested cosmetic fixes
* Heap memory: always munlock all mlock'ed memory
* Fix ChaCha20 on Apple compiled with XCode 26.4
* Fix a potential crasher with Base64 and applied various fixes reported
* Add X.509 certificate signing request (CSR) generator and parser
* ML-DSA: add lc_dilithium_pk_from_sk API to derive the PK from a given SK
* SLH-DSA: add lc_sphincs_pk_from_sk API to derive the PK from a given SK
* ML-KEM: add lc_kyber_pk_from_sk API to derive the PK from a given SK
* AES-CT: fix non-aligned data processing - reported
* Apply suggestions from Claude code
* X.509: Enforce path length restriction
- Update to 1.7.1
* Offer a means to select the AES-C constant time / S-Box implementation via
lc_init API
* use the AES-C constant time implementation by default - it is about 3 times
slower than the AES-C S-Box implementation, but more secure. As the
leancrypto library is about secure by default, the CT implementation is
just right. Furthermore, if a caller wants to have the faster AES-C S-Box,
he can call lc_init(LC_INIT_AES_SBOX) at the beginning.
* CVE-2026-34610: X.509: fix security issue (bsc#1261382)
* FIPS: mark only seeded DRBG instances as FIPS-approved
* ASN.1: add lc_x509_cert_check_issuer_ca convenience function
* Enable side-channel-resistant AES implementation (and thus enable
respective Timecop tests)
* Fix some side channel test failures (all failures are due to test case
issues, and no real problems)
* AARCH64: enable GCS support (see
https://community.arm.com/arm-community-blogs/b/tools-software-ides-blog/posts/gcc-15-continuously-improving#guarded
and https://docs.kernel.org/next/arch/arm64/gcs.html)
* Add PKCS#8 support for ML-DSA following RFC9881 including full support for
the seed or full keys. The change adds OpenSSL interoperability testing as
well. NOTE: The raw on-disk private key format that is generated with
lc_x509_generate --create-keypair changed to comply with RFC9881.
* Add PKCS#8 support for SLH-DSA. The change adds OpenSSL interoperability
testing as well. NOTE: The raw on-disk private key format that is generated
with lc_x509_generate --create-keypair changed to dump the raw key instead
of wrapping it into a BIT STRING to comply with OpenSSL's format.
* Provide full PKCS#7 interoperability with OpenSSL: OpenSSL artificially
orders the parsing of the authenticated attributes. This implies that the
message digest part of the authenticated attributes is parsed as last
entry. This ordering is important for the signature generation and
verification. Furthermore, for ML-DSA/SLH-DSA, the authenticated attributes
are signed with the pure algorithm instead of the pre-hashed operation as
suggested by RFC5652 section 9.2.
* ML-KEM/DSA: add safety measures against compilers trying to reason about
code they should not reason about. Derived from
https://github.com/pq-code-package/ml[dsa|kem]-native/
* ML-DSA: reduce amount of duplicate code compilation suggested
* ML-DSA: fix bug in poly_uniform which, however, is unlikely to be triggered
* ChaCha20: fix crasher when assembler support is not compiled
* Add AES constant time C implementation accessible with the lc_aes_*ct
references. Yet, it is about 3 times slower than the default C
implementation. Thus is is only provided if somebody truly relies on a
constant time implementation.
- Patches are merged upstream:
* Drop fe9751f2.patch
* Drop leancrypto_avx_detect1.patch
* Drop leancrypto_avx_detect2.patch
* Drop 0469d92f.patch
- For full changelog, see:
https://github.com/smuellerDD/leancrypto/releases/tag/v1.7.0
https://github.com/smuellerDD/leancrypto/releases/tag/v1.7.1
- Add upstream patch to fix build with kernel 6.19 on aarch64:
* 0469d92f.patch
- Add upstream patch to fix build with kernel 6.19 on aarch64:
* 0469d92f.patch
- Fix bsc#1254370, bsc#1253654 - AVX detection is wrong on older intel CPUs
* Add leancrypto_avx_detect1.patch
* Add leancrypto_avx_detect2.patch
- Add upstream patch to fix GCS on aarch64:
* fe9751f2.patch
- Update to 1.6.0:
* ASN.1: use stack for small generator for small use cases
* X.509: Updates required to support the shim boot loader
* X.509: add lc_gmtime to convert Epoch to time format
* ASN.1: added to Linux kernel (for 64 bit systems only)
* Added AES-GCM and AES-XTS
* Availability: remove assert() calls throughout the code - in case of a self
test error, disable the algorithm. Instead of using assert, apply a centrally
managed test manager that stores the test status. This implies that some
initalization APIs like lc_hash_init, lc_sym_init, lc_hmac_init are changed
such that they return an error code if self tests failed. Thus, the version
is now changed as this is considered to be an ABI change. Although this
sounds heavy, the test manager is relatively small and the runtime state
should be smaller than the old approach considering the old approach uses one
global 32 bit integer per self test to maintain the state. This is now
replaced with a set of 32 bit atomic integers that hold a 3-bit field for
each algorithm. This change also adds the API call of lc_rerun_one_selftest
which allows triggering the reruning of a self test for one given algorithm.
* FIPS: Rearchitect integrity test control value generator: The build process now
uses the host's objcopy to extract the ELF sections of interest into a separate
file, use a build_machine compiled version of sha3-256sum to generate the
digest of it and reinsert it into the leancrypto-fips.so. This now allows
cross-compilation with FIPS integrity test support. There is no functional
change to leancrypto though.
* Significant reduction of compilation units by almost half by not having
global, but per-test compiled C files.
* Linux kernel: add /proc/leancrypto
* FIPS: Add negative testing support
* Add SHAKE-512 and XDRBG-512 support
* FIPS: Add FIPS indicator which implies that libleancrypto.so has the same
functionality as libleancrypto-fips.so with the exception that the latter
performs an integrity test.
* ARMv9: fix BTI for ML-DSA
- Remove patch:
* leancrypto-fix-aarch64-BTI.patch
- Don't strip debug symbols
- Add patch to fix BTI on aarch64:
* leancrypto-fix-aarch64-BTI.patch
- xz
-
- Fix buffer overflow in lzma_index_append (bsc#1261280, CVE-2026-34743)
* CVE-2026-34743.patch
- nfs-utils
-
- Fix broken libnfsimapd static and regex plugins (bsc#1261840)
* add Patch-for-broken-libnfsimapd-static-and-regex-plugins.patch
- libselinux
-
- Backport commit "libselinux: retain LIFO order for path substitutions" (bsc#1261639)
- otherwise we can not add equivalencies that overload each other
in the policy (e.g. /srv/www /var/www and /srv/www/htdocs /var/www/html
in file_contexts.subs_dist would result in /srv/www/htdocs not receiving the right labels)
- https://github.com/SELinuxProject/selinux/commit/b1802386d2ec6a2767927abef4b99b4575da4085
* Added patch: 1261639-libselinux-retain-LIFO-order-for-path-substitutions.patch
- sssd
-
- Reduce the message severity logged when the LDAP server hosts
multiple naming contexts without defining a default one in the
rootdse; (bsc#1264185); Add patch
0016-sdap-Reduce-log-level-when-get_naming_context-fails.patch
- Do not ignore tests result at build time; (bsc#1246196);
- Skip tests depending on soft-hsm; Add patch
0015-TESTS-Disable-pam-srv-and-certmap-cmocka-tests.patch
- With the 2.10 update sssd runs under unprivileged user which is
not possible in certain scenarios. This update reverts to run as
root with minimum privileges; (bsc#1259436); Add patch
0012-run-as-root.patch
- Let krb5 child tolerate missing capabilities; Add patch
0013-KRB5-let-krb5_child-tolerate-missing-cap-set-id.patch
- Add support for UsrEtc; (bsc#1257643); Add patch
0014-UsrEtc.patch
- The default configuration file is installed now in
/usr/etc/sssd/sssd.conf. It can be completely overridden by
manually creating the system specific config file
/etc/sssd/sssd.conf, or partially overridden by creating config
snippets in /etc/sssd/conf.d/ directory. Check sssd.conf manpage
for more details.
- Fix ldap_child process started by the backend process ending in
defunc state. Add patch
0011-sdap_select_principal_from_keytab_sync-waitpid-synch.patch
- Create the secrets directory for the KCM service; (bsc#1259253);
- Make sure previously rotated logs are chown-ed as well;
(bsc#1259475); Add patch
0009-Make-sure-previously-rotated-logs-are-chown-ed-as-we.patch
- Use %pre scriptlet instead of %pretrans to migrate from
sssd-common; (bsc#1257509);
- Update to release 2.10.2; (jsc#PED-12449);
* If the ssh responder is not running, sss_ssh_knownhosts will
not fail (but it will not return the keys).
* SSSD is now capable of handling multiple services associated
with the same port.
* sssd_pam, being a privileged binary, now clears the
environment and does not allow configuration of the
PR_SET_DUMPABLE flag as a precaution.
- Changes from sssd 2.10.1
* SSSD does not create anymore missing path components of
DIR:/FILE: ccache types while acquiring user's TGT. The
parent directory of requested ccache directory must exist and
the user trying to log in must have rwx access to this
directory. This matches behavior of /usr/bin/kinit.
* The option default_domain_suffix is deprecated.
- Changes from sssd 2.10.0
* The ``sssctl cache-upgrade`` command was removed. SSSD
performs automatic upgrades at startup when needed.
* Support of ``enumeration`` feature (i.e. ability to list all
users/groups using ``getent passwd/group`` without argument)
for AD/IPA providers is deprecated and might be removed in
further releases.
* The new tool ``sss_ssh_knownhosts`` can be used with ssh's
``KnownHostsCommand`` configuration option to retrieve the
host's public keys from a remote server (FreeIPA, LDAP,
etc.). It replaces ```sss_ssh_knownhostsproxy``.
* The default value for ``ldap_id_use_start_tls`` changed from
false to true for improved security.
* https://github.com/SSSD/sssd/releases/tag/2.10.0
- Fix socket activation of responders
- Daemon runs now as unprivileged user 'sssd'
- Add patch:
* 0007-TOOL-Fix-build-parameter-name-omitted.patch
- Fix sssctl config-check exit code when the conf.d snippets
directory does not exist; (bsc#1230348); Add patch
0006-SSSCTL-config-check-do-not-return-an-error-if-snippe.patch
- nginx
-
- Add CVE-2026-42945.patch: Fix heap buffer overflow via crafted HTTP
requests in ngx_http_rewrite_module (bsc#1265232)
- Add CVE-2026-42946.patch: Fix excessive memory allocation and data
overread in ngx_http_scgi_module/ngx_http_uwsgi_module (bsc#1265233)
- Add CVE-2026-42934.patch: Fix heap buffer overread in the worker
process within ngx_http_charset_module (bsc#1265231)
- Add CVE-2026-40701.patch: Fix heap use-after-free in the worker
process when ssl_verify_client and ssl_ocsp are set (bsc#1265229)
- Add CVE-2026-32647.patch: Prevent worker memory over-read or over-write
via malicious MP4 files (bsc#1260420)
- Add CVE-2026-27651.patch: Fix denial of service via undisclosed
requests when ngx_mail_auth_http_module is active (bsc#1260415)
- CVE-2026-1642: Fix plaintext data injection into TLS-proxied upstream
responses via race condition in event loop (bsc#1257675)
- CVE-2026-27784: Fix integer overflow in ngx_http_mp4_module on 32-bit
platforms allowing out-of-bounds read/write (bsc#1260417)
- CVE-2026-27654: Fix heap buffer overflow in ngx_http_dav_module with
COPY/MOVE and alias allowing path escape (bsc#1260416)
- CVE-2026-28755: Fix OCSP client certificate validation bypass in
ngx_stream_ssl_module (bsc#1260419)
- CVE-2026-28753: Fix CRLF injection in ngx_mail_smtp_module via
attacker-controlled DNS PTR records (bsc#1260418)
- openssh
-
- Added openssh-cve-2026-35385-scp-setuid-modes.patch
(CVE-2026-35385, bsc#1261427), ensuring setuid bits default to
being masked out by scp.
- Added openssh-cve-2026-35414-mishandled-ca-commas.patch
(CVE-2026-35414, bsc#1261430), fixing mishandling of comma
characters in CA in certain situations.
- Updated openssh-7.7p1-fips.patch and
openssh-8.0p1-gssapi-keyex.patch (bsc#1262555): Don't bail out on
startup if a non-FIPS algorithm is requested. Filter it out and
warn instead.
- Updated openssh-8.1p1-audit.patch (bsc#1252890): Fix race
condition in monitor protocol.
- Rebased openssh-mitigate-lingering-secrets.patch.
- php8
-
- version update to 8.4.21
Core:
Fixed bug GH-19983 (GC assertion failure with fibers, generators and destructors).
Fixed bug GH-21478 (Forward property operations to real instance for initialized lazy proxies).
Fixed bug GH-21605 (Missing addref for Countable::count()).
Fixed bug GH-21699 (Assertion failure in shutdown_executor when resolving self::/parent::/static:: callables if the error handler throws).
Fixed bug GH-21603 (Missing addref for __unset).
Fixed bug GH-21760 (Trait with class constant name conflict against enum case causes SEGV).
CLI:
Fixed bug GH-21754 (`--rf` command line option with a method triggers ext/reflection deprecation warnings).
Curl:
Add support for brotli and zstd on Windows.
DOM:
Fixed GHSA-4jhr-8w89-j733 and GH-21566 (Dom\XMLDocument::C14N() emits duplicate xmlns declarations after setAttributeNS()). (CVE-2026-7263)
Fixed bug GH-21688 (segmentation fault on empty HTMLDocument).
Upgrade to lexbor v2.7.0.
FPM:
Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735)
Iconv:
Fixed bug GH-17399 (iconv memory leak on bailout).
MBString:
Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259)
Fixed GHSA-74r9-qxhc-fx53 (Out-of-bounds access in mbfl_name2encoding_ex()). (CVE-2026-6104)
Opcache:
Fixed bug GH-21158 (JIT: Assertion jit->ra[var].flags & (1<<0) failed in zend_jit_use_reg).
Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch).
Fixed bug GH-21460 (COND optimization regression).
Fixed faulty returns out of zend_try block in zend_jit_trace().
OpenSSL:
Fix a bunch of memory leaks and crashes on edge cases.
PDO_Firebird:
Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179)
Phar:
Restore is_link handler in phar_intercept_functions_shutdown.
Fixed bug GH-21797 (phar: NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent from SAPI environment).
Fix memory leak in Phar::offsetGet().
Fix memory leak in phar_add_file().
Fixed bug GH-21799 (phar: propagate phar_stream_flush return value from phar_stream_close).
Fix memory leak in phar_verify_signature() when md_ctx is invalid.
Random:
Fixed bug GH-21731 (Random\Engine\Xoshiro256StarStar::__unserialize() accepts all-zero state).
Session:
Fixed memory leak when session GC callback return a refcounted value.
SOAP:
Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722)
Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261)
Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262)
SPL:
Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent free).
Fix concurrent iteration and deletion issues in SplObjectStorage.
Standard:
Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568)
Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258)
Streams:
Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL and a proxy set).
XSL:
Fixed bug GH-21600 (Segfault on module shutdown).
Zip:
Fixed bug GH-21698 (memory leak with ZipArchive::addGlob() early return statements).
- version update to 8.4.20
Bz2:
Fix truncation of total output size causing erroneous errors.
Core:
Fixed bugs GH-20875, GH-20873, GH-20854 (Propagate IN_GET guard in get_property_ptr_ptr for lazy proxies).
DOM:
Fixed bug GH-21486 (Dom\HTMLDocument parser mangles xml:space and xml:lang attributes).
FFI:
Fixed resource leak in FFI::cdef() onsymbol resolution failure.
GD:
Fixed bug GH-21431 (phpinfo() to display libJPEG 10.0 support).
Opcache:
Fixed bug GH-20838 (JIT compiler produces wrong arithmetic results).
Fixed bug GH-21267 (JIT tracing: infinite loop on FETCH_OBJ_R with IS_UNDEF property in polymorphic context).
Fixed bug GH-21395 (uaf in jit).
OpenSSL:
Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based keys).
Fix missing error propagation for BIO_printf() calls.
PCRE:
Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl, php_pcre_split_impl, and php_pcre_grep_impl.
PGSQL:
Fixed preprocessor silently guarding PGSQL_SUPPRESS_TIMESTAMPS support due to a typo.
SNMP:
Fixed bug GH-21336 (SNMP::setSecurity() undefined behavior with NULL arguments).
SOAP:
Fixed Set-Cookie parsing bug wrong offset while scanning attributes.
SPL:
Fixed bug GH-21454 (missing write lock validation in SplHeap).
Standard:
Fixed bug GH-20906 (Assertion failure when messing up output buffers).
Fixed bug GH-20627 (Cannot identify some avif images with getimagesize).
Sysvshm:
Fix memory leak in shm_get_var() when variable is corrupted.
XSL:
Fix GH-21357 (XSLTProcessor works with DOMDocument, but fails with Dom\XMLDocument).
Fixed bug GH-21496 (UAF in dom_objects_free_storage).
- version update to 8.4.19
Core:
Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds).
Fixed bug GH-20657 (Assertion failure in zend_lazy_object_get_info triggered by setRawValueWithoutLazyInitialization() and newLazyGhost()).
Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when accessing properties on Reflection LazyProxy via isset()).
Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked property backing value).
Fixed bug GH-21215 (Build fails with -std=).
Fixed bug GH-13674 (Build system installs libtool wrappers when using slibtool).
Curl:
Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback).
Don't truncate length.
Date:
Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start).
Fix timezone offset with seconds losing precision.
DOM:
Fixed bug GH-21077 (Accessing Dom\Node::baseURI can throw TypeError).
Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError).
MBString:
Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries).
Opcache:
Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris).
Fixed bug GH-21227 (Borked SCCP of array containing partial object).
Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached script).
OpenSSL:
Fix a bunch of leaks and error propagation.
PCNTL:
Fixed pcntl_setns() internal errors handling regarding errnos.
Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID on NetBSD/Solaris platforms.
Fixed pcntl_signal() signal table registering the callback first OS-wise before the internal list.
Fixed pcntl_signal_dispatch() stale pointer and exception handling.
PCRE:
Fixed preg_match memory leak with invalid regexes.
PDO_PGSQL:
Fixed bug GH-21055 (connection attribute status typo for GSS negotiation).
PGSQL:
Fixed bug GH-21162 (pg_connect() memory leak on error).
Sockets:
Fixed bug GH-21161 (socket_set_option() crash with array 'addr' entry as null).
Fixed possible addr length overflow with socket_connect() and AF_UNIX family sockets.
- version update to 8.4.18
Core:
Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown function triggered by bailout in php_output_lock_error()).
Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber).
Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization).
Fixed bug GH-GH-20914 (Internal enums can be cloned and compared).
Fix OSS-Fuzz #474613951 (Leaked parent property default value).
Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction).
Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked backing value).
Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may uaf).
Fixed bug GH-20905 (Lazy proxy bailing __clone assertion).
Fixed bug GH-20479 (Hooked object properties overflow).
Date:
Update timelib to 2022.16.
DOM:
Fixed GH-21041 (Dom\HTMLDocument corrupts closing tags within scripts).
MbString:
Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is invalid in the encoding).
Fixed bug GH-20836 (Stack overflow in mb_convert_variables with recursive array references).
Opcache:
Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
OpenSSL:
Fix memory leaks when sk_X509_new_null() fails.
Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
Phar:
Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
PGSQL:
Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible UB.
Readline:
Fixed bug GH-18139 (Memory leak when overriding some settings via readline_info()).
SPL:
Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration).
Standard:
Fixed bug #74357 (lchown fails to change ownership of symlink with ZTS) (Jakub Zelenka)
Fixed bug GH-20843 (var_dump() crash with nested objects) (David Carlier)
- version u pdate to 8.4.17
Core:
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Bz2:
Fixed bug GH-20620 (bzcompress overflow on large source size).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
GD:
Fixed bug GH-20622 (imagestring/imagestringup overflow).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
POSIX:
Fixed crash on posix groups to php array creation on macos.
SPL:
Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()).
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
Zlib:
Fix OOB gzseek() causing assertion failure.
- modified patches
* php-build-reproducible-phar.patch (refreshed)
- fixes CVE-2025-14179 [bsc#1264778]
CVE-2026-7568 [bsc#1264769]
CVE-2026-7263 [bsc#1264770]
CVE-2026-7261 [bsc#1264772]
CVE-2026-7259 [bsc#1264773]
CVE-2026-7258 [bsc#1264774]
CVE-2026-6722 [bsc#1264776]
CVE-2026-6104 [bsc#1264777]
CVE-2026-6735 [bsc#1264775]
CVE-2026-7262 [bsc#1264771]
- php8:fpm
-
- version update to 8.4.21
Core:
Fixed bug GH-19983 (GC assertion failure with fibers, generators and destructors).
Fixed bug GH-21478 (Forward property operations to real instance for initialized lazy proxies).
Fixed bug GH-21605 (Missing addref for Countable::count()).
Fixed bug GH-21699 (Assertion failure in shutdown_executor when resolving self::/parent::/static:: callables if the error handler throws).
Fixed bug GH-21603 (Missing addref for __unset).
Fixed bug GH-21760 (Trait with class constant name conflict against enum case causes SEGV).
CLI:
Fixed bug GH-21754 (`--rf` command line option with a method triggers ext/reflection deprecation warnings).
Curl:
Add support for brotli and zstd on Windows.
DOM:
Fixed GHSA-4jhr-8w89-j733 and GH-21566 (Dom\XMLDocument::C14N() emits duplicate xmlns declarations after setAttributeNS()). (CVE-2026-7263)
Fixed bug GH-21688 (segmentation fault on empty HTMLDocument).
Upgrade to lexbor v2.7.0.
FPM:
Fixed GHSA-7qg2-v9fj-4mwv (XSS within status endpoint). (CVE-2026-6735)
Iconv:
Fixed bug GH-17399 (iconv memory leak on bailout).
MBString:
Fixed GHSA-wm6j-2649-pv75 (Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()). (CVE-2026-7259)
Fixed GHSA-74r9-qxhc-fx53 (Out-of-bounds access in mbfl_name2encoding_ex()). (CVE-2026-6104)
Opcache:
Fixed bug GH-21158 (JIT: Assertion jit->ra[var].flags & (1<<0) failed in zend_jit_use_reg).
Fixed bug GH-21593 (Borked function JIT JMPNZ smart branch).
Fixed bug GH-21460 (COND optimization regression).
Fixed faulty returns out of zend_try block in zend_jit_trace().
OpenSSL:
Fix a bunch of memory leaks and crashes on edge cases.
PDO_Firebird:
Fixed GHSA-w476-322c-wpvm (SQL injection via NUL bytes in quoted strings). (CVE-2025-14179)
Phar:
Restore is_link handler in phar_intercept_functions_shutdown.
Fixed bug GH-21797 (phar: NULL dereference in Phar::webPhar() when SCRIPT_NAME is absent from SAPI environment).
Fix memory leak in Phar::offsetGet().
Fix memory leak in phar_add_file().
Fixed bug GH-21799 (phar: propagate phar_stream_flush return value from phar_stream_close).
Fix memory leak in phar_verify_signature() when md_ctx is invalid.
Random:
Fixed bug GH-21731 (Random\Engine\Xoshiro256StarStar::__unserialize() accepts all-zero state).
Session:
Fixed memory leak when session GC callback return a refcounted value.
SOAP:
Fixed GHSA-85c2-q967-79q5 (Stale SOAP_GLOBAL(ref_map) pointer with Apache Map). (CVE-2026-6722)
Fixed GHSA-m33r-qmcv-p97q (Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION). (CVE-2026-7261)
Fixed GHSA-hmxp-6pc4-f3vv (Broken Apache map value NULL check). (CVE-2026-7262)
SPL:
Fixed bug GH-21499 (RecursiveArrayIterator getChildren UAF after parent free).
Fix concurrent iteration and deletion issues in SplObjectStorage.
Standard:
Fixed GHSA-96wq-48vp-hh57 (Signed integer overflow of char array offset). (CVE-2026-7568)
Fixed GHSA-m8rr-4c36-8gq4 (Consistently pass unsigned char to ctype.h functions). (CVE-2026-7258)
Streams:
Fixed bug GH-21468 (Segfault in file_get_contents w/ a https URL and a proxy set).
XSL:
Fixed bug GH-21600 (Segfault on module shutdown).
Zip:
Fixed bug GH-21698 (memory leak with ZipArchive::addGlob() early return statements).
- version update to 8.4.20
Bz2:
Fix truncation of total output size causing erroneous errors.
Core:
Fixed bugs GH-20875, GH-20873, GH-20854 (Propagate IN_GET guard in get_property_ptr_ptr for lazy proxies).
DOM:
Fixed bug GH-21486 (Dom\HTMLDocument parser mangles xml:space and xml:lang attributes).
FFI:
Fixed resource leak in FFI::cdef() onsymbol resolution failure.
GD:
Fixed bug GH-21431 (phpinfo() to display libJPEG 10.0 support).
Opcache:
Fixed bug GH-20838 (JIT compiler produces wrong arithmetic results).
Fixed bug GH-21267 (JIT tracing: infinite loop on FETCH_OBJ_R with IS_UNDEF property in polymorphic context).
Fixed bug GH-21395 (uaf in jit).
OpenSSL:
Fixed bug GH-21083 (Skip private_key_bits validation for EC/curve-based keys).
Fix missing error propagation for BIO_printf() calls.
PCRE:
Fixed re-entrancy issue on php_pcre_match_impl, php_pcre_replace_impl, php_pcre_split_impl, and php_pcre_grep_impl.
PGSQL:
Fixed preprocessor silently guarding PGSQL_SUPPRESS_TIMESTAMPS support due to a typo.
SNMP:
Fixed bug GH-21336 (SNMP::setSecurity() undefined behavior with NULL arguments).
SOAP:
Fixed Set-Cookie parsing bug wrong offset while scanning attributes.
SPL:
Fixed bug GH-21454 (missing write lock validation in SplHeap).
Standard:
Fixed bug GH-20906 (Assertion failure when messing up output buffers).
Fixed bug GH-20627 (Cannot identify some avif images with getimagesize).
Sysvshm:
Fix memory leak in shm_get_var() when variable is corrupted.
XSL:
Fix GH-21357 (XSLTProcessor works with DOMDocument, but fails with Dom\XMLDocument).
Fixed bug GH-21496 (UAF in dom_objects_free_storage).
- version update to 8.4.19
Core:
Fixed bug GH-21029 (zend_mm_heap corrupted on Aarch64, LTO builds).
Fixed bug GH-20657 (Assertion failure in zend_lazy_object_get_info triggered by setRawValueWithoutLazyInitialization() and newLazyGhost()).
Fixed bug GH-20504 (Assertion failure in zend_get_property_guard when accessing properties on Reflection LazyProxy via isset()).
Fixed OSS-Fuzz #478009707 (Borked assign-op/inc/dec on untyped hooked property backing value).
Fixed bug GH-21215 (Build fails with -std=).
Fixed bug GH-13674 (Build system installs libtool wrappers when using slibtool).
Curl:
Fixed bug GH-21023 (CURLOPT_XFERINFOFUNCTION crash with a null callback).
Don't truncate length.
Date:
Fixed bug GH-20936 (DatePeriod::__set_state() cannot handle null start).
Fix timezone offset with seconds losing precision.
DOM:
Fixed bug GH-21077 (Accessing Dom\Node::baseURI can throw TypeError).
Fixed bug GH-21097 (Accessing Dom\Node properties can can throw TypeError).
MBString:
Fixed bug GH-21223; mb_guess_encoding no longer crashes when passed huge list of candidate encodings (with 200,000+ entries).
Opcache:
Fixed bug GH-20718 ("Insufficient shared memory" when using JIT on Solaris).
Fixed bug GH-21227 (Borked SCCP of array containing partial object).
Fixed bug GH-21052 (Preloaded constant erroneously propagated to file-cached script).
OpenSSL:
Fix a bunch of leaks and error propagation.
PCNTL:
Fixed pcntl_setns() internal errors handling regarding errnos.
Fixed cpuset leak in pcntl_setcpuaffinity on out-of-range CPU ID on NetBSD/Solaris platforms.
Fixed pcntl_signal() signal table registering the callback first OS-wise before the internal list.
Fixed pcntl_signal_dispatch() stale pointer and exception handling.
PCRE:
Fixed preg_match memory leak with invalid regexes.
PDO_PGSQL:
Fixed bug GH-21055 (connection attribute status typo for GSS negotiation).
PGSQL:
Fixed bug GH-21162 (pg_connect() memory leak on error).
Sockets:
Fixed bug GH-21161 (socket_set_option() crash with array 'addr' entry as null).
Fixed possible addr length overflow with socket_connect() and AF_UNIX family sockets.
- version update to 8.4.18
Core:
Fixed bug GH-20837 (NULL dereference when calling ob_start() in shutdown function triggered by bailout in php_output_lock_error()).
Fix OSS-Fuzz #471533782 (Infinite loop in GC destructor fiber).
Fix OSS-Fuzz #472563272 (Borked block_pass JMP[N]Z optimization).
Fixed bug GH-GH-20914 (Internal enums can be cloned and compared).
Fix OSS-Fuzz #474613951 (Leaked parent property default value).
Fixed bug GH-20766 (Use-after-free in FE_FREE with GC interaction).
Fix OSS-Fuzz #471486164 (Broken by-ref assignment to uninitialized hooked backing value).
Fix OSS-Fuzz #438780145 (Nested finally with repeated return type check may uaf).
Fixed bug GH-20905 (Lazy proxy bailing __clone assertion).
Fixed bug GH-20479 (Hooked object properties overflow).
Date:
Update timelib to 2022.16.
DOM:
Fixed GH-21041 (Dom\HTMLDocument corrupts closing tags within scripts).
MbString:
Fixed bug GH-20833 (mb_str_pad() divide by zero if padding string is invalid in the encoding).
Fixed bug GH-20836 (Stack overflow in mb_convert_variables with recursive array references).
Opcache:
Fixed bug GH-20818 (Segfault in Tracing JIT with object reference).
OpenSSL:
Fix memory leaks when sk_X509_new_null() fails.
Fix crash when in openssl_x509_parse() when i2s_ASN1_INTEGER() fails.
Fix crash in openssl_x509_parse() when X509_NAME_oneline() fails.
Phar:
Fixed bug GH-20882 (buildFromIterator breaks with missing base directory).
PGSQL:
Fixed INSERT/UPDATE queries building with PQescapeIdentifier() and possible UB.
Readline:
Fixed bug GH-18139 (Memory leak when overriding some settings via readline_info()).
SPL:
Fixed bug GH-20856 (heap-use-after-free in SplDoublyLinkedList iterator when modifying during iteration).
Standard:
Fixed bug #74357 (lchown fails to change ownership of symlink with ZTS) (Jakub Zelenka)
Fixed bug GH-20843 (var_dump() crash with nested objects) (David Carlier)
- version u pdate to 8.4.17
Core:
Fix OSS-Fuzz #465488618 (Wrong assumptions when dumping function signature with dynamic class const lookup default argument).
Fixed bug GH-20695 (Assertion failure in normalize_value() when parsing malformed INI input via parse_ini_string()).
Fixed bug GH-20714 (Uncatchable exception thrown in generator).
Fixed bug GH-20352 (UAF in php_output_handler_free via re-entrant ob_start() during error deactivation).
Bz2:
Fixed bug GH-20620 (bzcompress overflow on large source size).
DOM:
Fixed bug GH-20722 (Null pointer dereference in DOM namespace node cloning via clone on malformed objects).
Fixed bug GH-20444 (Dom\XMLDocument::C14N() seems broken compared to DOMDocument::C14N()).
GD:
Fixed bug GH-20622 (imagestring/imagestringup overflow).
Intl:
Fix leak in umsg_format_helper().
LDAP:
Fix memory leak in ldap_set_options().
Mbstring:
Fixed bug GH-20674 (mb_decode_mimeheader does not handle separator).
PCNTL:
Fixed bug with pcntl_getcpuaffinity() on solaris regarding invalid process ids handling.
Phar:
Fixed bug GH-20732 (Phar::LoadPhar undefined behavior when reading fails).
Fix SplFileInfo::openFile() in write mode.
Fix build on legacy OpenSSL 1.1.0 systems.
Fixed bug #74154 (Phar extractTo creates empty files).
POSIX:
Fixed crash on posix groups to php array creation on macos.
SPL:
Fixed bug GH-20678 (resource created by GlobIterator crashes with fclose()).
Sqlite3:
Fixed bug GH-20699 (SQLite3Result fetchArray return array|false, null returned).
Standard:
Fix error check for proc_open() command.
Fix memory leak in mail() when header key is numeric.
Fixed bug GH-20582 (Heap Buffer Overflow in iptcembed).
Zlib:
Fix OOB gzseek() causing assertion failure.
- modified patches
* php-build-reproducible-phar.patch (refreshed)
- fixes CVE-2025-14179 [bsc#1264778]
CVE-2026-7568 [bsc#1264769]
CVE-2026-7263 [bsc#1264770]
CVE-2026-7261 [bsc#1264772]
CVE-2026-7259 [bsc#1264773]
CVE-2026-7258 [bsc#1264774]
CVE-2026-6722 [bsc#1264776]
CVE-2026-6104 [bsc#1264777]
CVE-2026-6735 [bsc#1264775]
CVE-2026-7262 [bsc#1264771]
- python-lxml
-
- CVE-2026-41066: Information disclosure via untrusted XML input
leading to local file read (bsc#1263254)
Add patch CVE-2026-41066.patch
- rsync
-
- Security update (CVE-2026-41035, bsc#1262223): rsync: count of
entries mismatch can lead to a use-after-free
- Add rsync-CVE-2026-41035.patch
- Security update (CVE-2025-10158, bsc#1254441): rsync: Out of
bounds array access via negative index
- Add rsync-CVE-2025-10158.patch
- systemd-presets-branding-SLE
-
- change %pretrans script from shell to lua, as we cannot guarantee a shell on %pretrans at all.
(bsc#1261822). Translated by Gemini.
- Fix escaping for migration_flag (bsc#1262134)
- vim
-
- Update to v9.2.0530.
- Fix for SG#71948, bsc#1262395:
* vim-9.1.1732-fix-inc-detection.patch: Fix for incorrectly detecting
scientific parameter files as bitbake recipies.
- Upstream fixed the following bugs / CVEs:
* bsc#1264706 CVE-2026-42307
* bsc#1265360 CVE-2026-46483
* bsc#1264708 CVE-2026-45130
* bsc#1264707 CVE-2026-44656
* bsc#1265349 CVE-2026-43961
- Changes:
* 9.2.0530: WinBar row vertical separator not refreshed on window change
* 9.2.0529: GTK4: clipboard returns empty after a foreign app takes the selection
* 9.2.0528: possible overflow in XIM resource handling
* 9.2.0527: Possible double free in fill_partial_and_closure()
* 9.2.0526: missing out-of-memory check in ex_substitute()
* 9.2.0525: spell: memory leak in spell_read_dic()
* 9.2.0524: spell: buffer overflow with many affix or compound flags
* 9.2.0523: tests: no test for using shellescape() in combination with :!
* 9.2.0522: event_nr2name() in autocmd.c can be improved
* 9.2.0521: GTK4: cannot resize shell after the window is shown
* 9.2.0520: Reversed text opacity in popup when termguicolor is set
* 9.2.0519: GTK4: GUI tabline is not displayed correctly
* 9.2.0518: GTK4: input method cannot compose text
* 9.2.0517: quickfix: can set quickfixtextfunc in restricted/sandbox mode
* 9.2.0516: socketserver: spurious error when servername is taken
* 9.2.0515: virtualedit=insert doesn't work during change operation
* 9.2.0514: GTK4: build errors when socketserver is enabled
* 9.2.0513: [security]: memory safety issues in spellfile.c
* 9.2.0512: clientserver uses binary protocol
* 9.2.0511: configure: when GTK4 is used also links in X11 libs
* 9.2.0510: setline() mapping may trigger autoindent
* 9.2.0509: term.c: compile error when LOG_TRN is enabled
* 9.2.0508: completion: cannot complete user cmd :K with 'ignorecase'
* 9.2.0507: Vim9 class: public/protected member name clash uses same error
* 9.2.0506: home_replace() function can be improved
* 9.2.0505: GTK4: text looks blurry on HiDPI displays
* 9.2.0504: configure: requires X11 libraries for GTK4 build
* 9.2.0503: Makefile: Missing dependencies for new GTK4 source files
* 9.2.0502: runtime(netrw): bookmark handling can be improved
* 9.2.0501: GTK4: there is no GTK4 UI available
* 9.2.0500: filetype: some html files wrongly recognized as htmlangular
* 9.2.0499: modeline: allow to disable modelines with modelinestrict
* 9.2.0498: potential heap buffer overflow in if_xcmdsrv.c
* 9.2.0497: Cannot jump to remote tags
* 9.2.0496: [security]: Code Injection in cucumber filetype plugin
* 9.2.0495: [security]: runtime(netrw): code injection via NetrwBookHistSave()
* 9.2.0494: User commands cannot handle single args with spaces
* 9.2.0493: popup: missing Popup, PopupBorder and PopupTitle hi groups
* 9.2.0492: popup: decoration wrongly drawn with clipping on border
* 9.2.0491: VMS: various build issues
* 9.2.0490: matchfuzzy() can crash on long multi-word patterns
* 9.2.0489: filetype: some Objective-C files are not recognized
* 9.2.0488: statusline: status line highlight blends into adjacent vsep cells
* 9.2.0487: viminfo: possible signed int overflow in register array
* 9.2.0486: out-of-bound read when recovering swap files
* 9.2.0485: clipboard provider callback can be called recursively
* 9.2.0484: TextPutPre triggers clipboard provider callback twice
* 9.2.0483: popup: terminal embedded in an opacity popup freezes Vim on input
* 9.2.0482: runtime(osc52): triggered twice with TextPutPoste autocmd
* 9.2.0481: runtime(netrw): command injection possible via maps
* 9.2.0480: [security]: runtime(netrw): code injection via mf command
* 9.2.0479: [security]: runtime(tar): command injection in tar plugin
* 9.2.0478: channel: redundant str/length assignments in channel_part_info()
* 9.2.0477: popup: leftover content after popup_free under layout change
* 9.2.0476: pattern completion leaks memory on alloc failures
* 9.2.0475: runtime(netrw): bookmark paths not normalized
* 9.2.0474: MS-Windows: hard to tell which Visual Studio version was selected with MSVC
* 9.2.0473: Pasting ". register without autocommands breaks TextPut*
* 9.2.0472: popup: column jitters when scrolled outside viewport
* 9.2.0471: vimvars di_key initialized at runtime
* 9.2.0470: No way to hook into put commands
* 9.2.0469: popup: textprop-anchored popups bleed past host window edges
* 9.2.0468: popups: not correctly updated from a CmdlineChanged autocommand
* 9.2.0467: multi-line statusline loses highlighting attributes
* 9.2.0466: popup: redraw can use stale blended cells
* 9.2.0465: modeline: foldmarker cannot be set with modelinestrict
* 9.2.0464: runtime(netrw): bookmarking directory uses current dir
* 9.2.0463: Not able to use legacy expression evaluation in a vim9script maps
* 9.2.0462: MS-Windows: workaround for assert error on GUI
* 9.2.0461: Corrupted undofile causes use-after-free
* 9.2.0460: did_set_shellpipe_redir() in wrong file
* 9.2.0459: tests: test_termcodes fails (after v9.2.0456)
* 9.2.0458: Crash with invalid shellredir/shellpipe value
* 9.2.0457: Compile warning about unused variable
* 9.2.0456: stray p character displayed on some terms
* 9.2.0455: 'findfunc' only allows extra info for cmdline completion
* 9.2.0454: tests: no test that "abbr" in customlist completion is shown
* 9.2.0453: vertical separator of statusline blend into active statusline
* 9.2.0452: screen.c popup opacity blend logic is duplicated
* 9.2.0451: 'findfunc' can't return extra info for cmdline completion
* 9.2.0450: [security]: heap buffer overflow in spellfile.c read_compound()
* 9.2.0449: Make proto fails in non GTK builds
* 9.2.0448: Vim9: dangling cmdline pointer after skip_expr_cctx()
* 9.2.0447: cindent does not ignore comments
* 9.2.0446: runtime(netrw): off-by-one bug in s:NetrwUnMarkFile()
* 9.2.0445: win_fix_scroll() called before win_comp_pos() in command_height()
* 9.2.0444: Cannot set 'path' option via modeline
* 9.2.0443: GUI: cancelling save dialog overwrites or discards unnamed buffer
* 9.2.0442: completion: i_CTRL-X_CTRL-V doesn't use dict from customlist
* 9.2.0441: statusline: click handler not called on multi-line statusline
* 9.2.0440: MS-Windows: cursor flicker during update_screen()
* 9.2.0439: completion: info popup not removed in cmdline mode
* 9.2.0438: tests: test_plugin_termdebug is flaky
* 9.2.0437: MS-Windows: cursor flicker in vtp mode
* 9.2.0436: Buffer overflow when parsing overlong errorformat lines
* 9.2.0435: [security]: backticks in 'path' may cause shell execution on completion
* 9.2.0434: cscope: filename interpreted by /bin/sh
* 9.2.0433: customlist completion cannot supply pum metadata
* 9.2.0432: blob to string conversion can be improved
* 9.2.0431: blob encoding can be improved
* 9.2.0430: tests: Test_shortmess_F3() is flaky on MS-Windows
* 9.2.0429: tests: flaky screendump Test_smoothscroll_incsearch()
* 9.2.0428: popup: no opacity support for completepopup/previewpopup
* 9.2.0427: popup: opacity blend may leaks white bg color
* 9.2.0426: tests: still some flaky screendump tests
* 9.2.0425: Cannot silence undo/redo messages
* 9.2.0424: popup: flicker when wildtrigger() refreshes the popup menu
* 9.2.0423: popup: wrapped cmdline truncated with wildoptions=pum
* 9.2.0422: popup: leave stray char when scrollbar changes
* 9.2.0421: vimball: can smuggle Vimscript into VimballRecord file
* 9.2.0420: channel: cannot handle binary data via channel callbacks
* 9.2.0419: popup: rendering issues
* 9.2.0418: wildcards in expanded env vars reinterpreted by glob
* 9.2.0417: completion: no support for "noinsert" with 'wildmode'
* 9.2.0416: Unix: filename completion splits at space for single-file Ex commands
* 9.2.0415: Wrong behavior when executing register that ends in Insert mode
* 9.2.0414: Flicker when drawing window separator and pum is shown
* 9.2.0413: Scrolling wrong with 'splitkeep' when changing 'cmdheight'
* 9.2.0412: channel: term_start() out_cb/err_cb no longer deliver raw chunks
* 9.2.0411: tabpanel: no Vim script functions for the tabpanel
* 9.2.0410: test suite races when run with parallel make
* 9.2.0409: memory leaks in copy_substring_from_pos()
* 9.2.0408: Insert-mode <Cmd> edits can corrupt undo
* 9.2.0407: tabpanel: A few issues with the tabpanel
* 9.2.0406: VisualNOS not used when Wayland selection ownership lost
* 9.2.0405: when jumping to tags, will open URLs
* 9.2.0404: redraw_listener_add() does not check secure flag
* 9.2.0403: Vim9: def function sandbox bypass
* 9.2.0402: pum: opacity not applied to wildmenu pum
* 9.2.0401: tests: still a few flaky tests
* 9.2.0400: sandbox callbacks selected through 'complete'
* 9.2.0399: MS-Windows: compile warning in strptime.c
- Fix bsc#1261833 / CVE-2026-39881.
- Update to 9.2.0398.
- Changes:
* 9.2.0398: MS-Windows: missing strptime() support
* 9.2.0397: tabpanel: double-click opens a new tab
* 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS
* 9.2.0395: tests: Test_backupskip() may read from $HOME
* 9.2.0394: xxd: offsets greater than LONG_MAX print as negative
* 9.2.0393: MS-Windows: link error with XPM support on UCRT64
* 9.2.0392: tests: Some tests are flaky
* 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting
* 9.2.0390: filetype: some Beancount files are not recognized
* 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app
* 9.2.0388: strange indent in update_topline()
* 9.2.0387: DECRQM request may leave stray chars in terminal
* 9.2.0386: No scroll/scrollbar support in the tabpanel
* 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff'
* 9.2.0384: stale Insstart after <Cmd> cursor move breaks undo
* 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs
* 9.2.0382: Wayland: focus-stealing is non-working
* 9.2.0381: Vim9: Missing check_secure() in exec_instructions()
* 9.2.0380: completion: a few issues in completion code
* 9.2.0379: gui.color_approx is never used
* 9.2.0378: Using int as bool type in win_T struct
* 9.2.0377: Using int as bool type in gui_T struct
* 9.2.0376: Vim9: elseif condition compiled in dead branch
* 9.2.0375: prop_find() does not find a virt text in starting line
* 9.2.0374: c_CTRL-{G,T} does not handle offset
* 9.2.0373: Ctrl-R mapping not triggered during completion
* 9.2.0372: pum: rendering issues with multibyte text and opacity
* 9.2.0371: filetype: ghostty config files are not recognized
* 9.2.0370: duplicate code with literal string_T assignment
* 9.2.0369: multiple definitions of STRING_INIT macro
* 9.2.0368: too many strlen() calls when adding strings to dicts
* 9.2.0367: runtime(netrw): ~ note expanded on MS Windows
* 9.2.0366: pum: flicker when updating pum in place
* 9.2.0365: using int as bool
* 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails
* 9.2.0363: Vim9: variable shadowed by script-local function
* 9.2.0362: division by zero with smoothscroll and small windows
* 9.2.0361: tests: no tests for ch_listen() with IPs
* 9.2.0360: Cannot handle mouse-clicks in the tabpanel
* 9.2.0359: wrong VertSplitNC highlighting on winbar
* 9.2.0358: runtime(vimball): still path traversal attacks possible
* 9.2.0357: [security]: command injection via backticks in tag files
* 9.2.0356: Cannot apply 'scrolloff' context lines at end of file
* 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract()
* 9.2.0354: filetype: not all Bitbake include files are recognized
* 9.2.0353: Missing out-of-memory check in register.c
* 9.2.0352: 'winhighlight' of left window blends into right window
* 9.2.0351: repeat_string() can be improved
* 9.2.0350: Enabling modelines poses a risk
* 9.2.0349: cannot style non-current window separator
* 9.2.0348: potential buffer underrun when setting statusline like option
* 9.2.0347: Vim9: script-local variable not found
* 9.2.0346: Wrong cursor position when entering command line window
* 9.2.0345: Wrong autoformatting with 'autocomplete'
* 9.2.0344: channel: ch_listen() can bind to network interface
* 9.2.0343: tests: test_clientserver may fail on slower systems
* 9.2.0342: tests: test_excmd.vim leaves swapfiles behind
* 9.2.0341: some functions can be run from the sandbox
* 9.2.0340: pum_redraw() may cause flicker
* 9.2.0339: regexp: nfa_regmatch() allocates and frees too often
* 9.2.0338: Cannot handle mouseclicks in the tabline
* 9.2.0337: list indexing broken on big-endian 32-bit platforms
* 9.2.0336: libvterm: no terminal reflow support
* 9.2.0335: json_encode() uses recursive algorithm
* 9.2.0334: GTK: window geometry shrinks with with client-side decorations
* 9.2.0333: filetype: PklProject files are not recognized
* 9.2.0332: popup: still opacity rendering issues
* 9.2.0331: spellfile: stack buffer overflows in spell file generation
* 9.2.0330: tests: some patterns in tar and zip plugin tests not strict enough
* 9.2.0329: tests: test_indent.vim leaves swapfiles behind
* 9.2.0328: Cannot handle mouseclicks in the statusline
* 9.2.0327: filetype: uv scripts are not detected
* 9.2.0326: runtime(tar): but with dotted path
* 9.2.0325: runtime(tar): bug in zstd handling
* 9.2.0324: 0x9b byte not unescaped in <Cmd> mapping
* 9.2.0323: filetype: buf.lock files are not recognized
* 9.2.0322: tests: test_popupwin fails
* 9.2.0321: MS-Windows: No OpenType font support
* 9.2.0320: several bugs with text properties
* 9.2.0319: popup: rendering issues with partially transparent popups
* 9.2.0318: cannot configure opacity for popup menu
* 9.2.0317: listener functions do not check secure flag
* 9.2.0316: [security]: command injection in netbeans interface via defineAnnoType
* 9.2.0315: missing bound-checks
* 9.2.0314: channel: can bind to all network interfaces
* 9.2.0313: Callback channel not registered in GUI
* 9.2.0312: C-type names are marked as translatable
* 9.2.0311: redrawing logic with text properties can be improved
* 9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys()
* 9.2.0309: Missing out-of-memory check to may_get_cmd_block()
* 9.2.0308: Error message E1547 is wrong
* 9.2.0307: more mismatches between return types and documentation
* 9.2.0306: runtime(tar): some issues with lz4 support
* 9.2.0305: mismatch between return types and documentation
* 9.2.0304: tests: test for 9.2.0285 doesn't always fail without the fix
* 9.2.0303: tests: zip plugin tests don't check for warning message properly
* 9.2.0302: runtime(netrw): RFC2396 decoding double escaping spaces
* 9.2.0301: Vim9: void function return value inconsistent
* 9.2.0300: The vimball plugin needs some love
* 9.2.0299: runtime(zip): may write using absolute paths
* 9.2.0298: Some internal variables are not modified
* 9.2.0297: libvterm: can improve CSI overflow code
* 9.2.0296: Redundant and incorrect integer pointer casts in drawline.c
* 9.2.0295: 'showcmd' shows wrong Visual block size with 'linebreak'
* 9.2.0294: if_lua: lua interface does not work with lua 5.5
* 9.2.0293: :packadd may lead to heap-buffer-overflow
* 9.2.0292: E340 internal error when using method call on void value
* 9.2.0291: too many strlen() calls
* 9.2.0290: Amiga: no support for AmigaOS 3.x
* 9.2.0289: 'linebreak' may lead to wrong Visual block highlighting
* 9.2.0288: libvterm: signed integer overflow parsing long CSI args
* 9.2.0287: filetype: not all ObjectScript routines are recognized
* 9.2.0286: still some unnecessary (int) casts in alloc()
* 9.2.0285: :syn sync grouphere may go beyond end of line
* 9.2.0284: tabpanel: crash when tabpanel expression returns variable line count
* 9.2.0283: unnecessary (int) casts before alloc() calls
* 9.2.0282: tests: Test_viminfo_len_overflow() fails
* 9.2.0281: tests: Test_netrw_FileUrlEdit.. fails on Windows