- aws-cli-container
-
n/a
- aws-sdk-container
-
n/a
- cloud-init
-
- Fix dependency replace -serial with -pyserial
- Drop unneeded test dependency on httpretty, fixed long ago
* https://github.com/canonical/cloud-init/pull/1720
- cups
-
- Version upgrade to 2.4.16:
See https://github.com/openprinting/cups/releases
The hotfix release 2.4.16 includes fix for infinite loop in GTK,
which was caused by change of internal behavior in libcups
on which GTK depended on, and workaround for stopping
the scheduler if configuration includes unknown directives.
Detailed list (from CHANGES.md):
* 'cupsUTF8ToCharset' didn't validate 2-byte UTF-8 sequences,
potentially reading past the end of the source string
(Issue #1438)
* The web interface did not support domain usernames fully
(Issue #1441)
* Fixed an infinite loop issue in the GTK+ print dialog
(Issue #1439 boo#1254353)
* Fixed stopping scheduler on unknown directive in
configuration (Issue #1443)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Version upgrade to 2.4.15:
See https://github.com/openprinting/cups/releases
The release CUPS 2.4.15 brings two CVE fixes:
Fix various cupsd issues which cause local DoS
(CVE-2025-61915 bsc#1253783)
Fix unresponsive cupsd process caused by slow client
(CVE-2025-58436 bsc#1244057)
and several bug fixes described in CHANGES.md.
Detailed list (from CHANGES.md):
* Fixed potential crash in 'cups-driverd' when there are
duplicate PPDs (Issue #1355)
* Fixed error recovery when scanning for PPDs
in 'cups-driverd' (Issue #1416)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.16
- Fixed entry below dated "Sat Sep 30 08:52:42 UTC 2017"
which contained needless UTF-8 Unicode characters that are
now replaced by plain ASCII text in "... line - the ..."
to fix a rpmlint "non-break-space" warning.
- Adapted and enhanced 'tmpfiles.d' related things in cups.spec
to "Fix packages for Immutable Mode - cups"
(implementation task jsc#PED-14775 from epic jsc#PED-14688)
- Version upgrade to 2.4.14:
See https://github.com/openprinting/cups/releases
The hotfix release brings fix for installation process
of localized templates and CUPS web UI home pages.
- Version upgrade to 2.4.13:
See https://github.com/openprinting/cups/releases
The release 2.4.13 brings two CVE fixes
fix for important CVE-2025-58060
"Authentication bypass with AuthType Negotiate" (bsc#1249049)
and fix for moderate CVE-2025-58364
"Remote DoS via null dereference" (bsc#1249128)
together with several bug fixes.
The release includes a new feature - new attribute
for printer and job objects - print-as-raster - which
allows enforce rasterization of the file for
IPP Everywhere/AirPrint printers, which supports PDF
and raster document formats. The feature is useful for
working around internal PDF issues in the printer firmware,
for example missing diacritic when printing a PDF.
Detailed list (from CHANGES.md):
* Blocked authentication using alternate methods
in cupsd (CVE-2025-58060)
* Fixed extension tag handling in 'ipp_read_io()'
in libcups (CVE-2025-58364)
* Added 'print-as-raster' printer and job attributes
for forcing rasterization (Issue #1282)
* Updated documentation (Issue #1086)
* Updated IPP backend to try a sanitized user name if the
printer/server does not like the value (Issue #1145)
* Updated the scheduler to send the "printer-added"
or "printer-modified" events whenever an IPP Everywhere PPD
is installed (Issue #1244)
* Updated the scheduler to send the "printer-modified" event
whenever the system default printer is changed (Issue #1246)
* Fixed a memory leak in 'httpClose' (Issue #1223)
* Fixed missing commas in 'ippCreateRequestedArray'
(Issue #1234)
* Fixed subscription issues in the scheduler and D-Bus notifier
(Issue #1235)
* Fixed media-default reporting for custom sizes (Issue #1238)
* Fixed support for IPP/PPD options with periods or underscores
(Issue #1249)
* Fixed parsing of real numbers in PPD compiler source files
(Issue #1263)
* Fixed scheduler freezing with zombie clients (Issue #1264)
* Fixed support for the server name in the ErrorLog filename
(Issue #1277)
* Fixed job cleanup after daemon restart (Issue #1315)
* Fixed handling of buggy DYMO USB printer serial numbers
(Issue #1338)
* Fixed unreachable block in IPP backend (Issue #1351)
* Fixed memory leak in _cupsConvertOptions (Issue #1354)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.14
- Version upgrade to 2.4.12:
See https://github.com/openprinting/cups/releases
The last planned release of CUPS 2.4.x series
(the next will be 2.5.x series) contains several enhancements
among set of bug fixes, such following cryptographic policies
when using GnuTLS crypto provider and possibility to opt-out
from this behavior, logging job debugging history if print
queue backends fails, or raising alerts for certificate issues
in IPPS backend.
Detailed list (from CHANGES.md):
* GnuTLS follows system crypto policies now (Issue #1105)
* Added `NoSystem` SSLOptions value (Issue #1130)
* Now we raise alert for certificate issues (Issue #1194)
* Added Kyocera USB quirk (Issue #1198)
* The scheduler now logs a job's debugging history
if the backend fails (Issue #1205)
* Fixed a potential timing issue with `cupsEnumDests`
(Issue #1084)
* Fixed a potential "lost PPD" condition in the scheduler
(Issue #1109)
* Fixed a compressed file error handling bug (Issue #1070)
* Fixed a bug in the make-and-model whitespace trimming
code (Issue #1096)
* Fixed a removal of IPP Everywhere permanent queue
if installation failed (Issue #1102)
* Fixed `ServerToken None` in scheduler (Issue #1111)
* Fixed invalid IPP keyword values created from PPD
option names (Issue #1118)
* Fixed handling of "media" and "PageSize" in the same
print request (Issue #1125)
* Fixed client raster printing from macOS (Issue #1143)
* Fixed the default User-Agent string.
* Fixed a recursion issue in `ippReadIO`.
* Fixed handling incorrect radix in `scan_ps()` (Issue #1188)
* Fixed validation of dateTime values with time zones
more than UTC+11 (Issue #1201)
* Fixed attributes returned by the Create-Xxx-Subscriptions
requests (Issue #1204)
* Fixed `ippDateToTime` when using a non GMT/UTC timezone
(Issue #1208)
* Fixed `job-completed` event notifications for jobs that are
cancelled before started (Issue #1209)
* Fixed DNS-SD discovery with `ippfind` (Issue #1211)
Issues are those at https://github.com/OpenPrinting/cups/issues
- Adapted downgrade-autoconf-requirement.patch for CUPS 2.4.12
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- glibc
-
- memalign-overflow-check.patch: memalign: reinstate alignment overflow
check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- nptl-optimize-trylock.patch: nptl: Optimize trylock for high cache
contention workloads (bsc#1256436, BZ #33704)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- abort-msg-s-underallocation.patch: Fix underallocation of abort_msg_s
struct (CVE-2025-0395, bsc#1236282, BZ #32582)
- gpg2
-
- Security fix
* [bsc#1257396, CVE-2026-24882]
- gpg2: stack-based buffer overflow in TPM2 PKDECRYPT for TPM-backed RSA and ECC keys
- Added gnupg-CVE-2026-24882.patch
* [bsc#1257395, CVE-2026-24883]
- gpg2: denial of service due to long signature packet length causing parse_signature to return success with sig->data[] set to a NULL value
- Added gnupg-CVE-2026-24883.patch
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- java-21-openjdk
-
- Update to upstream tag jdk-21.0.10+7 (January 2026 CPU)
* CVEs
+ CVE-2026-21925, bsc#1257034
+ CVE-2026-21932, bsc#1257036
+ CVE-2026-21933, bsc#1257037
+ CVE-2026-21945, bsc#1257038
* Changes
+ JDK-7191877: TEST_BUG: java/rmi/transport/checkLeaseInfoLeak/
/CheckLeaseLeak.java failing intermittently
+ JDK-8072701: resume001 failed due to ERROR: timeout for
waiting for a BreakpintEvent
+ JDK-8139228: JFileChooser renders file names as HTML document
+ JDK-8139392: JInternalFrame has incorrect padding
+ JDK-8140527: JInternalFrame has incorrect title button width
+ JDK-8162380: [TEST_BUG] MouseEvent/.../
/AltGraphModifierTest.java has only "Fail" button
+ JDK-8199149: Improve the exception message thrown by
VarHandle of unsupported operation
+ JDK-8201183: sjavac build failures: "Connection attempt
failed: Connection refused"
+ JDK-8201778: Speed up test
javax/net/ssl/DTLS/PacketLossRetransmission.java
+ JDK-8204868: java/util/zip/ZipFile/TestCleaner.java still
fails with "cleaner failed to clean zipfile."
+ JDK-8210807: Printing a JTable with a JScrollPane prints
table without rows populated
+ JDK-8216437: PPC64: Add intrinsic for GHASH algorithm
+ JDK-8219408: Tests should handle ${} in the view of jtreg
"smart action"
+ JDK-8230016: re-visit test
sun/security/pkcs11/Serialize/SerializeProvider.java
+ JDK-8245545: Disable TLS_RSA cipher suites
+ JDK-8265429: Improve GCM encryption
+ JDK-8277424: javax/net/ssl/TLSCommon/TLSTest.java fails with
connection refused
+ JDK-8280482: Window transparency bug on Linux
+ JDK-8290043: serviceability/attach/ConcAttachTest.java failed
"guarantee(!CheckJNICalls) failed: Attached JNI thread exited
without being detached"
+ JDK-8297531: sun/security/krb5/MicroTime.java fails with
"Exception: What? only 100 musec precision?"
+ JDK-8300708: Some nsk jvmti tests fail with virtual thread
wrapper due to jvmti missing some virtual thread support
+ JDK-8304065: HttpServer.stop should terminate immediately if
no exchanges are in progress
+ JDK-8304811: vmTestbase/vm/mlvm/indy/func/jvmti/
/stepBreakPopReturn/INDIFY_Test.java fails with
JVMTI_ERROR_TYPE_MISMATCH
+ JDK-8305186: Reference.waitForReferenceProcessing should be
more accessible to tests
+ JDK-8305567: serviceability/tmtools/jstat/GcTest01.java
failed utils.JstatGcResults.assertConsistency
+ JDK-8306579: Consider building with /Zc:throwingNew
+ JDK-8307160: Fix AWT/2D/A11Y to support the permissive- flag
on the Microsoft Visual C compiler
+ JDK-8308780: Fix the Java Integer types on Windows
+ JDK-8309511: Regression test ExtraImportSemicolon.java refers
to the wrong bug
+ JDK-8310049: Refactor Charset tests to use JUnit
+ JDK-8310915: Typo in aarch64.ad: "envcodings"
+ JDK-8311076: RedefineClasses doesn't check for ConstantPool
overflow
+ JDK-8311906: Improve robustness of String constructors with
mutable array inputs
+ JDK-8313231: Redundant if statement in ZoneInfoFile
+ JDK-8313770: jdk/internal/platform/docker/
/TestSystemMetrics.java fails on Ubuntu
+ JDK-8315130: java.lang.IllegalAccessError when processing
classlist to create CDS archive
+ JDK-8315990: Amend problemlisted tests to proper position
+ JDK-8316422: TestIntegerUnsignedDivMod.java triggers "invalid
layout" assert in FrameValues::validate
+ JDK-8317132: Prepare HotSpot for permissive-
+ JDK-8317332: Prepare security for permissive-
+ JDK-8317970: Bump target macosx-x64 version to 11.00.00
+ JDK-8318467: [jmh] tests concurrent.Queues and
concurrent.ProducerConsumer hang with 101+ threads
+ JDK-8318730: MonitorVmStartTerminate.java still times out
after JDK-8209595
+ JDK-8318850: Duplicate code in the LCMSImageLayout
+ JDK-8319570: Change to GCC 13.2.0 for building on Linux at
Oracle
+ JDK-8320049: PKCS10 would not discard the cause when throw
SignatureException on invalid key
+ JDK-8320577: Improve MessageHeader's toString() function to
make HttpURLConnection's debug log readable
+ JDK-8320836: jtreg gtest runs should limit heap size
+ JDK-8321180: Condition for non-latin1 string size too large
exception is off by one
+ JDK-8321183: Incorrect warning from cds about the modules file
+ JDK-8321514: UTF16 string gets constructed incorrectly from
codepoints if CompactStrings is not enabled
+ JDK-8322018: Test java/lang/String/CompactString/
/MaxSizeUTF16String.java fails with -Xcomp
+ JDK-8322135: Printing JTable in Windows L&F throws
InternalError: HTHEME is null
+ JDK-8322140: javax/swing/JTable/JTableScrollPrintTest.java
does not print the rows and columns of the table in Nimbus and
Aqua LookAndFeel
+ JDK-8323803: ConstantOopReadValue::print_on should print
'null' instead of 'nullptr'
+ JDK-8324065: Daylight saving information for
'Africa/Casablanca' are incorrect
+ JDK-8324491: Keyboard layout didn't keep its state if it was
changed when dialog was active
+ JDK-8325277: [21u] Backout test change of JDK-8291809
+ JDK-8325530: Vague error message when com.sun.tools.attach
.VirtualMachine fails to load agent library
+ JDK-8325590: Regression in round-tripping UTF-16 strings
after JDK-8311906
+ JDK-8325647: [IR framework] Only prints stdout if exitCode is
134
+ JDK-8325731: Installation instructions for Debian/Ubuntu
don't mention autoconf
+ JDK-8325766: Extend CertificateBuilder to create trust and
end entity certificates programmatically
+ JDK-8327434: Test java/util/PluggableLocale/
/TimeZoneNameProviderTest.java timed out
+ JDK-8327704: Update nsk/jdi tests to use driver instead of
othervm
+ JDK-8327757: Convert javax/swing/JSlider/6524424/
/bug6524424.java applet to main
+ JDK-8327856: Convert applet test SpanishDiacriticsTest.java
to a main program
+ JDK-8327980: Convert javax/swing/JToggleButton/4128979/
/bug4128979.java applet test to main
+ JDK-8328124: Convert java/awt/Frame/ShownOnPack/
/ShownOnPack.html applet test to main
+ JDK-8328247: Remove redundant dir for tests converted from
applet to main
+ JDK-8328299: Convert DnDFileGroupDescriptor.html applet test
to main
+ JDK-8328377: Convert java/awt/Cursor/MultiResolutionCursorTest
test to main
+ JDK-8328562: Convert java/awt/InputMethods/DiacriticsTest/
/DiacriticsTest.java applet test to main
+ JDK-8331231: containers/docker/TestContainerInfo.java fails
+ JDK-8333200: Test containers/docker/TestPids.java fails Limit
value -1 is not accepted as unlimited
+ JDK-8333526: Restructure java/nio/channels/DatagramChannel/
/StressNativeSignal.java to a fail fast exception handling
policy
+ JDK-8333569: jpackage tests must run app launchers with
retries on Linux only
+ JDK-8333783: java/nio/channels/FileChannel/directio/
/DirectIOTest.java is unstable with AV software
+ JDK-8334217: [AIX] Misleading error messages after JDK-8320005
+ JDK-8334509: Cancelling PageDialog does not return the same
PageFormat object
+ JDK-8334756: javac crashed on call to non-existent generic
method with explicit annotated type arg
+ JDK-8334771: [TESTBUG] Run TestDockerMemoryMetrics.java with
- Xcomp fails exitValue = 137
+ JDK-8335986: Test javax/swing/JCheckBox/4449413/
/bug4449413.java fails on Windows 11 x64 because RBMenuItem's
and CBMenuItem's checkmark on the left side are not visible
+ JDK-8337723: Remove redundant tests from
com/sun/security/sasl/gsskerb
+ JDK-8338428: Add logging of final VM flags while setting
properties
+ JDK-8338740: java/net/httpclient/HttpsTunnelAuthTest.java
fails with java.io.IOException: HTTP/1.1 header parser
received no bytes
+ JDK-8339280: jarsigner -verify performs cross-checking
between CEN and LOC
+ JDK-8339366: [jittester] Make it possible to generate tests
without execution
+ JDK-8340015: Open source several AWT focus tests - series 7
+ JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake
signatures
+ JDK-8340354: Open source AWT desktop properties and print
related tests
+ JDK-8341097: GHA: Demote Mac x86 jobs to build only
+ JDK-8341131: Some jdk/jfr/event/compiler tests shouldn't be
executed with Xcomp
+ JDK-8341138: Rename jtreg property docker.support as
container.support
+ JDK-8341443: [macos] AppContentTest and SigningOptionsTest
failed due to "codesign" does not fails with "--app-content"
on macOS 15
+ JDK-8341496: Improve JMX connections
+ JDK-8342576: [macos] AppContentTest still fails after
JDK-8341443 for same reason on older macOS versions
+ JDK-8342582: user.region for formatting number no longer
works for 21.0.5
+ JDK-8342934: TYPE_USE annotations printed with error causing
"," in toString output
+ JDK-8343191: Cgroup v1 subsystem fails to set subsystem path
+ JDK-8343340: Swapping checking do not work for
MetricsMemoryTester failcount
+ JDK-8343875: Minor improvements of jpackage test library
+ JDK-8343876: Enhancements to jpackage test lib
+ JDK-8344143: Test jdk/java/lang/Thread/virtual/stress/
/GetStackTraceALotWhenPinned.java timed out on macosx-x64
+ JDK-8344577: Virtual thread tests are timing out on some
macOS systems
+ JDK-8345213: JVM Prefers /etc/timezone Over /etc/localtime on
Debian 12
+ JDK-8346142: [perf] scalability issue for the
specjvm2008::xml.validation workload
+ JDK-8346234: javax/swing/text/DefaultEditorKit/4278839/
/bug4278839.java still fails in CI
+ JDK-8346753: Test javax/swing/JMenuItem/RightLeftOrientation/
/RightLeftOrientation.java fails on Windows Server 2025 x64
because the icons of RBMenuItem and CBMenuItem are not visible
in Nimbus LookAndFeel
+ JDK-8346839: [TESTBUG] "java/awt/textfield/setechochartest4/
/setechochartest4.java" failed because the test frame
disappears on clicking "Click Several Times" button
+ JDK-8346875: Test jdk/jdk/jfr/event/os/TestCPULoad.java fails
on macOS
+ JDK-8347143: [aix] Fix strdup use in os::dll_load
+ JDK-8347277: java/awt/Focus/ComponentLostFocusTest.java fails
intermittently
+ JDK-8347300: Don't exclude the "PATH" var from the
environment when running app launchers in jpackage tests
+ JDK-8347377: Add validation checks for ICC_Profile header
fields
+ JDK-8347434: Richer VM operations events logging
+ JDK-8347811: Container detection code for cgroups v2 should
use cgroup.controllers
+ JDK-8347841: Test fixes that use deprecated time zone IDs
+ JDK-8348240: Remove
SystemDictionaryShared::lookup_super_for_unregistered_class()
+ JDK-8348402: PerfDataManager stalls shutdown for 1ms
+ JDK-8349188: LineBorder does not scale correctly
+ JDK-8349534: Refactor jdk/sun/security/krb5/runNameEquals.sh
to java test
+ JDK-8349705: java.net.URI.scanIPv4Address throws unnecessary
URISyntaxException
+ JDK-8349988: Change cgroup version detection logic to not
depend on /proc/cgroups
+ JDK-8350102: Decouple jpackage test-lib Executor.Result and
Executor classes
+ JDK-8350623: Fix -Wzero-as-null-pointer-constant warnings in
nsk native test utilities
+ JDK-8350813: Rendering of bulky sound bank from MIDI sequence
can cause OutOfMemoryError
+ JDK-8351110: ImageIO.write for JPEG can write corrupt JPEG
for certain thumbnail dimensions
+ JDK-8351359: OperatingSystemMXBean: values from getCpuLoad
and getProcessCpuLoad are stale after 24.8 days (Windows)
+ JDK-8351382: New test
containers/docker/TestMemoryWithSubgroups.java is failing
+ JDK-8351567: Jar Manifest test ValueUtf8Coding produces
misleading diagnostic output
+ JDK-8352016: Improve java/lang/RuntimeTests/
/RuntimeExitLogTest.java
+ JDK-8352533: Report useful IOExceptions when jspawnhelper
fails
+ JDK-8352678: Opensource few JMenuItem tests
+ JDK-8352682: Opensource JComponent tests
+ JDK-8352686: Opensource JInternalFrame tests - series3
+ JDK-8352687: Opensource few JInternalFrame and JTextField
tests
+ JDK-8352793: Open source several AWT TextComponent tests -
Batch 1
+ JDK-8352865: Open source several AWT TextComponent tests -
Batch 2
+ JDK-8352905: Open some JComboBox bugs 1
+ JDK-8352926: New test TestDockerMemoryMetricsSubgroup.java
fails
+ JDK-8352966: Opensource Several Font related tests - Batch 2
+ JDK-8352997: Open source several Swing JTabbedPane tests
+ JDK-8353007: Open some JComboBox bugs 2
+ JDK-8353011: Open source Swing JButton tests - Set 1
+ JDK-8353013: java.net.URI.create(String) may have low
performance to scan the host/domain name from URI string when
the hostname starts with number
+ JDK-8353175: Eliminate double iteration of stream in
FieldDescriptor reinitialization
+ JDK-8353201: Open source Swing Tooltip tests - Set 2
+ JDK-8353299: VerifyJarEntryName.java test fails
+ JDK-8353309: Open source several Swing text tests
+ JDK-8353319: Open source Swing tests - Set 3
+ JDK-8353445: Open source several AWT Menu tests - Batch 1
+ JDK-8353470: Clean up and open source couple AWT Graphics
related tests (Part 2)
+ JDK-8353483: Open source some JProgressBar tests
+ JDK-8353486: Open source Swing Tests - Set 4
+ JDK-8353585: Provide ChoiceFormat#parse(String,
ParsePosition) tests
+ JDK-8353586: Open source several toolkit tests
+ JDK-8353589: Open source a few Swing menu-related tests
+ JDK-8353592: Open source several scrollbar tests
+ JDK-8353661: Open source several swing tests batch5
+ JDK-8353832: Opensource FontClass, Selection and Icon tests
+ JDK-8353953: com/sun/jdi tests should be fixed to not always
require includevirtualthreads=y
+ JDK-8353957: Open source several AWT ScrollPane tests -
Batch 1
+ JDK-8353958: Open source several AWT ScrollPane tests -
Batch 2
+ JDK-8354095: Open some JTable bugs 5
+ JDK-8354106: Clean up and open source KeyEvent related tests
(Part 2)
+ JDK-8354214: Open source Swing tests Batch 2
+ JDK-8354233: Open some JTable bugs 6
+ JDK-8354235: Test javax/net/ssl/SSLSocket/Tls13PacketSize.java
failed with java.net.SocketException: An established
connection was aborted by the software in your host machine
+ JDK-8354248: Open source several AWT GridBagLayout and List
tests
+ JDK-8354340: Open source Swing Tests - Set 6
+ JDK-8354341: Open some JTable bugs 7
+ JDK-8354365: Opensource few Modal and Full Screen related
tests
+ JDK-8354418: Open source Swing tests Batch 4
+ JDK-8354451: Open source some more Swing popup menu tests
+ JDK-8354465: Open some JTable bugs 8
+ JDK-8354466: Open some misc Swing bugs 9
+ JDK-8354472: Clean up and open source KeyEvent related tests
(Part 3)
+ JDK-8354475: TestDockerMemoryMetricsSubgroup.java fails with
exitValue = 1
+ JDK-8354493: Opensource Several MultiScreen and Insets
related tests
+ JDK-8354495: Open source several AWT DataTransfer tests
+ JDK-8354532: Open source JFileChooser Tests - Set 7
+ JDK-8354552: Open source a few Swing tests
+ JDK-8354553: Open source several clipboard tests batch0
+ JDK-8354561: Open source several swing tests batch0
+ JDK-8354646: java.awt.TextField allows to identify the spaces
in a password when double clicked at the starting and end of
the text
+ JDK-8354653: Clean up and open source KeyEvent related tests
(Part 4)
+ JDK-8354701: Open source few JToolTip tests
+ JDK-8354873: javax/swing/plaf/metal/MetalIconFactory/
/bug4952462.java failing on CI
+ JDK-8354928: Clean up and open source some miscellaneous AWT
tests
+ JDK-8355071: Fix nsk/jdi test to not require lookup of main
thread in order to set the breakpoint used for communication
+ JDK-8355077: Compiler error at splashscreen_gif.c due to
unterminated string initialization
+ JDK-8355241: Move NativeDialogToFrontBackTest.java PL test to
manual category
+ JDK-8355333: Some Problem list entries point to non-existent
/ wrong files
+ JDK-8355387: [jittester] Disable downcasts by default
+ JDK-8355444: [java.io] Use @requires tag instead of exiting
based on "os.name" property value
+ JDK-8355478: DoubleActionESC.java fails intermittently
+ JDK-8355558: SJIS.java test is always ignored
+ JDK-8355561: [macos] Build failure with Xcode 16.3
+ JDK-8355569: Some nsk/jdi tests can glean the "main" thread
by using the ClassPrepareEvent for the debuggee main class
+ JDK-8355773: Some nsk/jdi tests can fetch ThreadReference
from static field in the debuggee
+ JDK-8356023: Some nsk/jdi tests can fetch ThreadReference
from static field in the debuggee: part 2
+ JDK-8356040: java/util/PluggableLocale/
/LocaleNameProviderTest.java timed out
+ JDK-8356145: ListEnterExitTest.java fails on macos
+ JDK-8356187: TestJcmd.java may incorrectly parse podman
version
+ JDK-8356588: Some nsk/jdi tests can fetch ThreadReference
from static field in the debuggee: part 3
+ JDK-8356752: Log mouse enter and exit events for debugging
+ JDK-8356811: Some nsk/jdi tests can fetch ThreadReference
from static field in the debuggee: part 4
+ JDK-8356897: Update NSS library to 3.111
+ JDK-8357172: Extend try block in nsk/jdi tests to capture
exceptions thrown by Debuggee.classByName()
+ JDK-8357305: Compilation failure in
javax/swing/JMenuItem/bug6197830.java
+ JDK-8357561: BootstrapLoggerTest does not work on Ubuntu 24
with LANG de_DE.UTF-8
+ JDK-8357799: Improve instructions for
JFileChooser/HTMLFileName.java
+ JDK-8357822: C2: Multiple string optimization tests are no
longer testing string concatenation optimizations
+ JDK-8357882: Use UTF-8 encoded data in LocaleDataTest
+ JDK-8358048: java/net/httpclient/HttpsTunnelAuthTest.java
incorrectly calls Thread::stop
+ JDK-8358532: JFileChooser in GTK L&F still displays HTML
filename
+ JDK-8358577: Test serviceability/jvmti/thread/
/GetCurrentContendedMonitor/contmon01/contmon01.java failed:
unexpected monitor object
+ JDK-8358679: [asan] vmTestbase/nsk/jvmti tests show memory
issues
+ JDK-8358748: Large page size initialization fails with assert
"page_size must be a power of 2"
+ JDK-8358764: (sc) SocketChannel.close when thread blocked in
read causes connection to be reset (win)
+ JDK-8358813: JPasswordField identifies spaces in password via
delete shortcuts
+ JDK-8359061: Update and ProblemList manual test
java/awt/Cursor/CursorDragTest/ListDragCursor.java
+ JDK-8359167: Remove unused test/hotspot/jtreg/vmTestbase/nsk/
/share/jpda/BindServer.java
+ JDK-8359182: Use @requires instead of SkippedException for
MaxPath.java
+ JDK-8359207: Remove runtime/signal/TestSigusr2.java since it
is always skipped
+ JDK-8359418: Test "javax/swing/text/GlyphView/bug4188841.java"
failed because the phrase of text pane does not match the
instructions
+ JDK-8359428: Test 'javax/swing/JTabbedPane/bug4499556.java'
failed because after selecting one of L&F items, the test case
automatically failed when clicking on L&F Menu button again
+ JDK-8359449: [TEST] open/test/jdk/java/io/File/SymLinks.java
Refactor extract method for Windows specific test
+ JDK-8359477: com/sun/net/httpserver/Test12.java appears to
have a temp file race
+ JDK-8359501: Enhance Handling of URIs
+ JDK-8359687: Use PassFailJFrame for
java/awt/print/Dialog/DialogType.java
+ JDK-8360022: ClassRefDupInConstantPoolTest.java fails when
running in repeat
+ JDK-8360178: TestArguments.atojulong gtest has incorrect
format string
+ JDK-8360288: Shenandoah crash at size_given_klass in
op_degenerated
+ JDK-8360408: [TEST] Use @requires tag instead of exiting
based on "os.name" property value for sun/net/www/protocol/
/file/FileURLTest.java
+ JDK-8360411: [TEST] open/test/jdk/java/io/File/
/MaxPathLength.java Refactor extract method to encapsulate
Windows specific test logic
+ JDK-8360478: libjsig related tier3 jtreg tests fail when asan
is configured
+ JDK-8360533: ContainerRuntimeVersionTestUtils
fromVersionString fails with some docker versions
+ JDK-8360981: Remove use of Thread.stop in
test/jdk/java/net/Socket/DeadlockTest.java
+ JDK-8361253: CommandLineOptionTest library should report
observed values on failure
+ JDK-8361298: SwingUtilities/bug4967768.java fails where
character P is not underline
+ JDK-8361314: Test serviceability/jvmti/VMEvent/MyPackage/
/VMEventRecursionTest.java FATAL ERROR in native method:
Failed during the GetClassSignature call
+ JDK-8361423: Add IPSupport::printPlatformSupport to
java/net/NetworkInterface/IPv4Only.java
+ JDK-8361447: [REDO] Checked version of JNI
Release<type>ArrayElements needs to filter out known wrapped
arrays
+ JDK-8361599: [PPC64] enable missing tests via jtreg requires
+ JDK-8361751: Test sun/tools/jcmd/TestJcmdSanity.java timed
out on Windows
+ JDK-8361754: New test runtime/jni/checked/
/TestCharArrayReleasing.java can cause disk full errors
+ JDK-8361868: [GCC static analyzer] complains about missing
calloc - NULL checks in p11_util.c
+ JDK-8361871: [GCC static analyzer] complains about use of
uninitialized value ckpObject in p11_util.c
+ JDK-8362123: ClassLoader Leak via
Executors.newSingleThreadExecutor(...)
+ JDK-8362204: test/jdk/sun/awt/font/TestDevTransform.java
fails on Ubuntu 24.04
+ JDK-8362207: Add more test cases for possible double-rounding
in fma
+ JDK-8362308: Enhance Bitmap operations
+ JDK-8362516: Support of GCC static analyzer (-fanalyzer)
+ JDK-8362532: Test gc/g1/plab/* duplicate command-line options
+ JDK-8362533: Tests sun/management/jmxremote/bootstrap/*
duplicate VM flags
+ JDK-8362602: Add test.timeout.factor to CompileFactory to
avoid test timeouts
+ JDK-8362632: Improve HttpServer Request handling
+ JDK-8363676: [GCC static analyzer] missing return value check
of malloc in OGLContext_SetTransform
+ JDK-8363720: Follow up to JDK-8360411 with post review
comments
+ JDK-8363966: GHA: Switch cross-compiling sysroots to Debian
trixie
+ JDK-8364198: NMT should have a better corruption message
+ JDK-8364199: Enhance list of environment variables printed in
hserr/hsinfo file
+ JDK-8364214: Enhance polygon data support
+ JDK-8364235: Fix for JDK-8361447 breaks the alignment
requirements for GuardedMemory
+ JDK-8364257: JFR: User-defined events and settings with a
one-letter name cannot be configured
+ JDK-8364258: ThreadGroup constant pool serialization is not
normalized
+ JDK-8364263: HttpClient: Improve encapsulation of ProxyServer
+ JDK-8364484: misc tests fail with Received fatal alert:
handshake_failure
+ JDK-8364514: [asan] runtime/jni/checked/
/TestCharArrayReleasing.java heap-buffer-overflow
+ JDK-8364556: JFR: Disable SymbolTableStatistics and
StringTableStatistics in default.jfc
+ JDK-8364597: Replace THL A29 Limited with Tencent
+ JDK-8364660: ClassVerifier::ends_in_athrow() should be removed
+ JDK-8364786: Test java/net/vthread/HttpALot.java
intermittently fails - 24999 handled, expected 25000
+ JDK-8364993: JFR: Disable jdk.ModuleExport in default.jfc
+ JDK-8364996: java/awt/font/FontNames/LocaleFamilyNames.java
times out on Windows
+ JDK-8365058: Enhance CopyOnWriteArraySet
+ JDK-8365086: CookieStore.getURIs() and get(URI) should return
an immutable List
+ JDK-8365098: make/RunTests.gmk generates a wrong path to test
artifacts on Alpine
+ JDK-8365168: Use 64-bit aligned addresses for CK_ULONG access
in PKCS11 native key code
+ JDK-8365240: [asan] exclude some tests when using asan
enabled binaries
+ JDK-8365271: Improve Swing supports
+ JDK-8365280: Enhance JOptionPane
+ JDK-8365425: [macos26] javax/swing/JInternalFrame/8160248/
/JInternalFrameDraggingTest.java fails on macOS 26
+ JDK-8365442: [asan] runtime/ErrorHandling/
/CreateCoredumpOnCrash.java fails
+ JDK-8365487: [asan] some oops (mode) related tests fail
+ JDK-8365615: Improve JMenuBar/RightLeftOrientation.java
+ JDK-8365660: test/jdk/sun/security/pkcs11/KeyAgreement/ tests
skipped without SkipExceprion
+ JDK-8365790: Shutdown hook for application image does not
work on Windows
+ JDK-8365834: Mark java/net/httpclient/ManyRequests.java as
intermittent
+ JDK-8365913: Support latest MSC_VER in abstract_vm_version.cpp
+ JDK-8365919: Replace currentTimeMillis with nanoTime in
Stresser.java
+ JDK-8365983: Tests should throw SkippedException when SCTP
not supported
+ JDK-8366092: [GCC static analyzer] UnixOperatingSystem.c
warning: use of uninitialized value 'systemTicks'
+ JDK-8366159: SkippedException is treated as a pass for
pkcs11/KeyStore, pkcs11/SecretKeyFactory and
pkcs11/SecureRandom
+ JDK-8366208: Unexpected exception in
sun.java2d.cmm.lcms.LCMSImageLayout
+ JDK-8366229: runtime/Thread/TooSmallStackSize.java runs with
all collectors
+ JDK-8366231: Bump update version for OpenJDK: jdk-21.0.10
+ JDK-8366342: Key generator and key pair generator tests
skipping, but showing as passed
+ JDK-8366359: Test should throw SkippedException when there is
no lpstat
+ JDK-8366558: Gtests leave /tmp/cgroups-test* files
+ JDK-8366750: Remove test 'java/awt/Choice/
/ChoiceMouseWheelTest/ChoiceMouseWheelTest.java' from
problemlist
+ JDK-8366764: Deproblemlist
java/awt/ScrollPane/ScrollPositionTest.java
+ JDK-8366844: Update and automate
MouseDraggedOriginatedByScrollBarTest.java
+ JDK-8366893: java/lang/Thread/virtual/stress/
/GetStackTraceALotWhenPinned.java timed out on macos-aarch64
+ JDK-8367017: Remove legacy checks from WrappedToolkitTest and
convert from bash
+ JDK-8367021: Regression in LocaleDataTest refactoring
+ JDK-8367131: Test com/sun/jdi/ThreadMemoryLeakTest.java fails
on 32 bits
+ JDK-8367133: DTLS: fragmentation of Finished message results
in handshake failure
+ JDK-8367237: Thread-Safety Usage Warning for
java.text.Collator Classes
+ JDK-8367348: Enhance PassFailJFrame to support links in HTML
+ JDK-8367372: Test 'test/hotspot/jtreg/gc/
/TestObjectAlignmentCardSize.java' fails on 32 bit systems
+ JDK-8367384: The ICC_Profile class may throw exceptions
during serialization
+ JDK-8367782: VerifyJarEntryName.java: Fix modifyJarEntryName
to operate on bytes and re-introduce verifySignatureEntryName
+ JDK-8367869: Test java/io/FileDescriptor/Sync.java timed out
+ JDK-8367904: Test java/net/InetAddress/ptr/Lookup.java should
throw SkippedException
+ JDK-8368032: Enhance Certificate Checking
+ JDK-8368192: Test java/lang/ProcessBuilder/Basic.java#id0
fails with Exception: Stack trace
+ JDK-8368668: Several vmTestbase/vm/gc/compact tests timed out
on large memory machine
+ JDK-8368960: Adjust java UL logging in the build
+ JDK-8368982: Test sun/security/tools/jarsigner/EC.java
completed and timed out
+ JDK-8369032: Add test to ensure serialized ICC_Profile stores
only necessary optional data
+ JDK-8369078: Fix faulty test conversion in
IllegalCharsetName.java
+ JDK-8369184: SimpleTimeZone equals() Returns True for Unequal
Instances with Different hashCode Values
+ JDK-8369226: GHA: Switch to MacOS 15
+ JDK-8369319: java/net/httpclient/CancelRequestTest.java fails
intermittently
+ JDK-8369450: [Ubuntu 25.10] openjdk fails to build due to
rust-coreutils date
+ JDK-8369506: Bytecode rewriting causes Java heap corruption
on AArch64
+ JDK-8369563: Gtest dll_address_to_function_and_library_name
has issues with stripped pdb files
+ JDK-8369616: JavaFrameAnchor on RISC-V has unnecessary
barriers and wrong store order in MacroAssembler
+ JDK-8369946: Bytecode rewriting causes Java heap corruption
on PPC
+ JDK-8369947: Bytecode rewriting causes Java heap corruption
on RISC-V
+ JDK-8370214: [21u] Remove -Xdebug and -Xnoagent from tests:
backport parts of 8227229 and 8312072
+ JDK-8370465: Right to Left Orientation Issues with MenuItem
Component
+ JDK-8372534: Update Libpng to 1.6.51
+ JDK-8375447: Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.10
- Do not depend on update-desktop-files (jsc#PED-14507 and
jsc#PED-15217)
- kernel-source:kernel-default
-
- Refresh
patches.kabi/bpf-Enforce-expected_attach_type-for-tailcall-compat.patch.
Refresh kABI workaround to use 'unsigned char' instead
of the original 'enum bpf_attach_type' as the data type.
It was discovered at SL-16.0 MU submission time that the kABI workaround
currently in-place does not work on -rt flavor. The reason is that due
to preceding spinlock_t having a different size, the hole was only 2
bytes instead of 6 bytes, and thus too small to fit 'enum'.
Since all the possible enum values are small enough to fit within
'unsigned char', switch the data type of the new field to that instead.
- commit 06ff4d9
- efi/cper: Fix cper_bits_to_str buffer handling and return value
(git-fixes).
- lib/buildid: use __kernel_read() for sleepable context
(git-fixes).
- net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate
session upon receiving the second rts (git-fixes).
- can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher
than 1 MBit (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak
(git-fixes).
- can: etas_es58x: allow partial RX URB allocation to succeed
(git-fixes).
- commit 6b2a65b
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit bfcbd27
- landlock: Fix handling of disconnected directories
(CVE-2025-68736 bsc#1255698).
- landlock: Optimize file path walks and prepare for audit support
(CVE-2025-68736 bsc#1255698).
- commit 255f197
- libceph: fix invalid accesses to ceph_connection_v1_info (CVE-2025-39880 bsc#1250388).
- commit f8b4e56
- ceph: fix race condition validating r_parent before applying state (CVE-2025-39880 bsc#1250388).
- commit 5a88d0a
- cpuset: fix warning when disabling remote partition
(bsc#1256794).
- commit ab4d052
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (CVE-2025-71096 bsc#1256606)
- commit 6757234
- Refresh
patches.suse/smb-client-introduce-close_cached_dir_locked-.patch.
Just refresh to fix:
warning: patches.suse/smb-client-introduce-close_cached_dir_locked-.patch:
Patch unexpectedly ends in the middle of a line.
- commit 675e06b
- x86/fpu: Ensure XFD state on signal delivery (CVE-2025-68171
bsc#1255255).
- commit 74e061b
- sched: Increase sched_tick_remote timeout (bsc#1254510).
- commit 6c6193f
- ice: fix PTP cleanup on driver removal in error path
(CVE-2025-68215 bsc#1255226).
- commit eb213a2
- KVM: VMX: Clean up and macrofy x86_ops (git-fixes).
- Refresh
patches.suse/KVM-x86-Drop-kvm_x86_ops.set_dr6-in-favor-of-a-new-K.patch.
- Refresh
patches.suse/KVM-VMX-Preserve-host-s-DEBUGCTLMSR_FREEZE_IN_SMM-wh.patch.
- commit 03cc358
- KVM: VMX: Define a VMX glue macro for kvm_complete_insn_gp()
(git-fixes).
- commit 2d0bc5c
- KVM: VMX: Move vt_apicv_pre_state_restore() to posted_intr.c
and tweak name (git-fixes).
- Refresh
patches.suse/KVM-Pass-new-routing-entries-and-irqfd-when-updating.patch.
- commit 6b2a898
- selftests/bpf: Test bpf_skb_check_mtu(BPF_MTU_CHK_SEGS) when
transport_header is not set (CVE-2025-68363 bsc#1255552).
- commit ed9cc2b
- bpf: Check skb->transport_header is set in bpf_skb_check_mtu
(CVE-2025-68363 bsc#1255552).
- commit 8c412fd
- rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer (bsc#1254408 CVE-2025-38704)
- commit 7bdb299
- sched_ext: Fix unsafe locking in the scx_dump_state() (bsc#1255223 CVE-2025-68202)
- commit 22f9135
- btrfs: fix reservation leak in some error paths when inserting
inline extent (git-fixes).
- commit 362a620
- btrfs: do not free data reservation in fallback from inline
due to -ENOSPC (git-fixes).
- commit 38b35b2
- btrfs: fix the qgroup data free range for inline data extents
(git-fixes).
- commit 9d6cfa8
- btrfs: always detect conflicting inodes when logging inode refs
(git-fixes).
- commit 626d828
- btrfs: release path before initializing extent tree in
btrfs_read_locked_inode() (git-fixes).
- commit 78aa23f
- ext4: use optimized mballoc scanning regardless of inode format
(bsc#1254378).
- commit af9447d
- supported.conf: Mark lan 743x supported (jsc#PED-14571)
- commit b80b147
- Set HZ=1000 for ppc64 default configuration (jsc#PED-14344)
Update based on upstream commit a206d2334012 ("powerpc/defconfigs: Set
HZ=1000 on ppc64 and powernv defconfigs") and requested by jsc#PED-14344.
- commit 031e354
- net: vxlan: prevent NULL deref in vxlan_xmit_one (CVE-2025-68353
bsc#1255533).
- net/mlx5: Fix IPsec cleanup over MPV device (CVE-2025-40238
bsc#1254871).
- net/mlx5e: RX, Fix generating skb from non-linear xdp_buff
for striding RQ (CVE-2025-40350 bsc#1255260).
- commit 0edf819
- bpf: Fix invalid prog->stats access when update_effective_progs
fails (CVE-2025-68742 bsc#1255707).
- commit 4f8b390
- perf/x86/intel: Fix KASAN global-out-of-bounds warning
(CVE-2025-40359 bsc#1255087).
- commit ed1e93a
- mlx5: Fix default values in create CQ (CVE-2025-68209
bsc#1255230).
- commit 02d60e0
- x86/microcode/AMD: Use sha256() instead of init/update/final
(bsc#1256495).
- Refresh
patches.suse/x86-microcode-AMD-Limit-Entrysign-signature-checking-to-kn.patch.
- commit 6b04345
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix
Halo (bsc#1256495).
- x86/microcode/AMD: Select which microcode patch to load
(bsc#1256495).
- x86/microcode/AMD: Make __verify_patch_size() return bool
(bsc#1256495).
- x86/microcode/AMD: Remove bogus comment from parse_container()
(bsc#1256495).
- commit 9f14cfe
- crash: fix crashkernel resource shrink (CVE-2025-68198 bsc#1255243)
- commit 7e8f708
- bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (CVE-2025-68197 bsc#1255242)
- commit 766431f
- lib/crypto: aes: Fix missing MMU protection for AES S-box
(git-fixes).
- virtio_console: fix order of fields cols and rows
(stable-fixes).
- commit d55882c
- drm/amdgpu: Forward VMID reservation errors (git-fixes).
- commit 2373a9d
- supported.conf: mark ksmbd unsupported
Based on discussion with Enzo Matsumiya it has tuned out that ksmbd
module is unsupported but the supported.conf entry is incorrect. Fix
that.
- commit 143566d
- powerpc/eeh: fix recursive pci_lock_rescan_remove locking in
EEH event handling (bsc#1253262 ltc#216029).
- commit 594b86e
- Update
patches.suse/ACPI-video-Fix-use-after-free-in-acpi_video_switch_b.patch
(git-fixes CVE-2025-40211 bsc#1254126).
- Update
patches.suse/ALSA-dice-fix-buffer-overflow-in-detect_stream_forma.patch
(git-fixes CVE-2025-68346 bsc#1255603).
- Update
patches.suse/ALSA-firewire-motu-add-bounds-check-in-put_user-loop.patch
(git-fixes CVE-2025-68753 bsc#1256238).
- Update
patches.suse/ALSA-firewire-motu-fix-buffer-overflow-in-hwdep-read.patch
(git-fixes CVE-2025-68347 bsc#1255706).
- Update
patches.suse/ALSA-hda-cs35l41-Fix-NULL-pointer-dereference-in-cs3-c34b04c.patch
(git-fixes CVE-2025-68345 bsc#1255601).
- Update
patches.suse/ALSA-usb-audio-Fix-NULL-pointer-dereference-in-snd_u.patch
(git-fixes CVE-2025-40275 bsc#1254829).
- Update
patches.suse/ALSA-usb-audio-Fix-potential-overflow-of-PCM-transfe.patch
(stable-fixes CVE-2025-40269 bsc#1255035).
- Update
patches.suse/ALSA-wavefront-Fix-integer-overflow-in-sample-size-v.patch
(git-fixes CVE-2025-68344 bsc#1255816).
- Update
patches.suse/ASoC-Intel-avs-Disable-periods-elapsed-work-when-clo.patch
(git-fixes CVE-2025-40344 bsc#1254618).
- Update
patches.suse/Bluetooth-6lowpan-reset-link-local-header-on-ipv6-re.patch
(git-fixes CVE-2025-40282 bsc#1254850).
- Update
patches.suse/Bluetooth-MGMT-Fix-OOB-access-in-parse_adv_monitor_p.patch
(git-fixes CVE-2025-40294 bsc#1255181).
- Update
patches.suse/Bluetooth-MGMT-cancel-mesh-send-timer-when-hdev-remo.patch
(git-fixes CVE-2025-40284 bsc#1254860).
- Update
patches.suse/Bluetooth-MGMT-fix-crash-in-set_mesh_sync-and-set_me.patch
(git-fixes CVE-2025-40213 bsc#1253674).
- Update patches.suse/Bluetooth-SCO-Fix-UAF-on-sco_conn_free.patch
(stable-fixes CVE-2025-40309 bsc#1255065).
- Update
patches.suse/Bluetooth-bcsp-receive-data-only-if-registered.patch
(stable-fixes CVE-2025-40308 bsc#1255064).
- Update
patches.suse/Bluetooth-btusb-mediatek-Avoid-btusb_mtk_claim_iso_i.patch
(git-fixes CVE-2025-68298 bsc#1255124).
- Update
patches.suse/Bluetooth-btusb-mediatek-Fix-kernel-crash-when-relea.patch
(git-fixes CVE-2025-68306 bsc#1255145).
- Update
patches.suse/Bluetooth-btusb-reorder-cleanup-in-btusb_disconnect-.patch
(git-fixes CVE-2025-40283 bsc#1254858).
- Update
patches.suse/Bluetooth-hci_event-validate-skb-length-for-unknown-.patch
(git-fixes CVE-2025-40301 bsc#1255193).
- Update
patches.suse/Bluetooth-hci_sock-Prevent-race-in-socket-write-iter.patch
(git-fixes CVE-2025-68305 bsc#1255169).
- Update
patches.suse/Bluetooth-hci_sync-fix-race-in-hci_cmd_sync_dequeue_.patch
(git-fixes CVE-2025-40318 bsc#1254798).
- Update
patches.suse/Input-cros_ec_keyb-fix-an-invalid-memory-access.patch
(stable-fixes CVE-2025-40263 bsc#1255077).
- Update
patches.suse/Input-imx_sc_key-fix-memory-corruption-on-unload.patch
(git-fixes CVE-2025-40262 bsc#1254840).
- Update
patches.suse/Input-pegasus-notetaker-fix-potential-out-of-bounds-.patch
(git-fixes CVE-2025-68217 bsc#1255221).
- Update
patches.suse/KVM-arm64-Check-the-untrusted-offset-in-FF-A-memory-.patch
(git-fixes CVE-2025-40266 bsc#1255040).
- Update
patches.suse/NFS-Fix-LTP-test-failures-when-timestamps-are-delegated.patch
(git-fixes CVE-2025-68242 bsc#1255186).
- Update patches.suse/NFSD-Fix-crash-in-nfsd4_read_release.patch
(git-fixes CVE-2025-40324 bsc#1254791).
- Update
patches.suse/NFSD-free-copynotify-stateid-in-nfs4_free_ol_stateid.patch
(git-fixes CVE-2025-40273 bsc#1254828).
- Update
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-.patch
(git-fixes CVE-2025-40219 bsc#1254518).
- Update
patches.suse/PCI-cadence-Check-for-the-existence-of-cdns_pcie-ops.patch
(stable-fixes CVE-2025-68176 bsc#1255329).
- Update
patches.suse/accel-habanalabs-support-mapping-cb-with-vmalloc-bac.patch
(stable-fixes CVE-2025-40311 bsc#1255068).
- Update
patches.suse/accel-ivpu-Fix-race-condition-when-unbinding-BOs.patch
(git-fixes CVE-2025-68749 bsc#1255724).
- Update
patches.suse/amd-amdkfd-resolve-a-race-in-amdgpu_amdkfd_device_fi.patch
(stable-fixes CVE-2025-40310 bsc#1255041).
- Update
patches.suse/arm64-mte-Do-not-warn-if-the-page-is-already-tagged-in-cop.patch
(git-fixes CVE-2025-40353 bsc#1255312).
- Update
patches.suse/atm-fore200e-Fix-possible-data-race-in-fore200e_open.patch
(git-fixes CVE-2025-68339 bsc#1255505).
- Update
patches.suse/backlight-led-bl-Add-devlink-to-supplier-LEDs.patch
(git-fixes CVE-2025-68758 bsc#1255944).
- Update
patches.suse/btrfs-directly-free-partially-initialized-fs_info-in.patch
(git-fixes CVE-2025-40235 bsc#1254808).
- Update
patches.suse/btrfs-ensure-no-dirty-metadata-is-written-back-for-a.patch
(git-fix CVE-2025-40303 bsc#1255058).
- Update
patches.suse/btrfs-fix-memory-leak-of-qgroup_list-in-btrfs_add_qg.patch
(git-fixes CVE-2025-40209 bsc#1254128).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual-395d988.patch
(git-fixes CVE-2025-68342 bsc#1255508).
- Update
patches.suse/can-gs_usb-gs_usb_receive_bulk_callback-check-actual.patch
(git-fixes CVE-2025-68343 bsc#1255509).
- Update
patches.suse/can-gs_usb-gs_usb_xmit_callback-fix-handling-of-fail.patch
(git-fixes CVE-2025-68307 bsc#1255146).
- Update
patches.suse/can-kvaser_usb-leaf-Fix-potential-infinite-loop-in-c.patch
(git-fixes CVE-2025-68308 bsc#1255149).
- Update
patches.suse/comedi-c6xdigio-Fix-invalid-PNP-driver-unregistratio.patch
(git-fixes CVE-2025-68332 bsc#1255483).
- Update
patches.suse/comedi-check-device-s-attached-status-in-compat-ioct.patch
(git-fixes CVE-2025-68257 bsc#1255167).
- Update
patches.suse/comedi-multiq3-sanitize-config-options-in-multiq3_at.patch
(git-fixes CVE-2025-68258 bsc#1255182).
- Update
patches.suse/comedi-pcl818-fix-null-ptr-deref-in-pcl818_ai_cancel.patch
(git-fixes CVE-2025-68335 bsc#1255480).
- Update
patches.suse/crypto-aspeed-fix-double-free-caused-by-devm.patch
(git-fixes CVE-2025-68172 bsc#1255253).
- Update
patches.suse/crypto-asymmetric_keys-prevent-overflow-in-asymmetri.patch
(git-fixes CVE-2025-68724 bsc#1255550).
- Update
patches.suse/drm-amd-display-Check-NULL-before-accessing.patch
(stable-fixes CVE-2025-68286 bsc#1255351).
- Update
patches.suse/drm-amd-display-Fix-NULL-deref-in-debugfs-odm_combin.patch
(git-fixes CVE-2025-68180 bsc#1255252).
- Update
patches.suse/drm-amd-display-increase-max-link-count-and-fix-link.patch
(stable-fixes CVE-2025-40354 bsc#1255316).
- Update
patches.suse/drm-amdgpu-Fix-NULL-pointer-dereference-in-VRAM-logi.patch
(stable-fixes CVE-2025-40288 bsc#1255057).
- Update
patches.suse/drm-amdgpu-atom-Check-kcalloc-for-WS-buffer-in-amdgp.patch
(stable-fixes CVE-2025-68190 bsc#1255131).
- Update
patches.suse/drm-amdgpu-fix-gpu-page-fault-after-hibernation-on-P.patch
(stable-fixes CVE-2025-68230 bsc#1255134).
- Update
patches.suse/drm-amdgpu-fix-nullptr-err-of-vm_handle_moved.patch
(stable-fixes CVE-2025-40339 bsc#1255428).
- Update
patches.suse/drm-amdgpu-hide-VRAM-sysfs-attributes-on-GPUs-withou.patch
(stable-fixes CVE-2025-40289 bsc#1255042).
- Update patches.suse/drm-amdgpu-remove-two-invalid-BUG_ON-s.patch
(stable-fixes CVE-2025-68201 bsc#1255136).
- Update
patches.suse/drm-amdkfd-Fix-mmap-write-lock-not-release.patch
(bsc#1243112 CVE-2025-40332 bsc#1255116).
- Update
patches.suse/drm-i915-Avoid-lock-inversion-when-pinning-to-GGTT-o.patch
(git-fixes CVE-2025-68244 bsc#1255190).
- Update
patches.suse/drm-mediatek-Disable-AFBC-support-on-Mediatek-DRM-dr.patch
(git-fixes CVE-2025-68184 bsc#1255220).
- Update
patches.suse/drm-mediatek-Fix-device-use-after-free-on-unbind.patch
(git-fixes CVE-2025-40316 bsc#1254797).
- Update
patches.suse/drm-panthor-Fix-UAF-on-kernel-BO-VA-nodes.patch
(git-fixes CVE-2025-68747 bsc#1255723).
- Update
patches.suse/drm-panthor-Fix-UAF-race-between-device-unplug-and-F.patch
(git-fixes CVE-2025-68748 bsc#1255813).
- Update
patches.suse/drm-panthor-Fix-kernel-panic-on-partial-unmap-of-a-G.patch
(git-fixes CVE-2025-40225 bsc#1254827).
- Update
patches.suse/drm-radeon-Do-not-kfree-devres-managed-rdev.patch
(git-fixes CVE-2025-68170 bsc#1255256).
- Update patches.suse/drm-radeon-Remove-calls-to-drm_put_dev.patch
(git-fixes CVE-2025-68181 bsc#1255247).
- Update
patches.suse/drm-radeon-delete-radeon_fence_process-in-is_signale.patch
(stable-fixes CVE-2025-68223 bsc#1255357).
- Update
patches.suse/drm-sched-Fix-deadlock-in-drm_sched_entity_kill_jobs.patch
(git-fixes CVE-2025-40329 bsc#1254621).
- Update
patches.suse/drm-sysfb-Do-not-dereference-NULL-pointer-in-plane-r.patch
(git-fixes CVE-2025-40360 bsc#1255095).
- Update patches.suse/drm-tegra-Add-call-to-put_pid.patch
(git-fixes CVE-2025-68233 bsc#1255206).
- Update
patches.suse/drm-vgem-fence-Fix-potential-deadlock-on-release.patch
(git-fixes CVE-2025-68757 bsc#1255943).
- Update
patches.suse/drm-vmwgfx-Validate-command-header-size-against-SVGA.patch
(git-fixes CVE-2025-40277 bsc#1254894).
- Update
patches.suse/drm-xe-Fix-oops-in-xe_gem_fault-when-running-core_ho.patch
(stable-fixes CVE-2025-40340 bsc#1254996).
- Update
patches.suse/drm-xe-guc-Synchronize-Dead-CT-worker-with-unbind.patch
(git-fixes CVE-2025-68207 bsc#1255234).
- Update
patches.suse/erofs-avoid-infinite-loop-due-to-incomplete-zstd-compressed-data.patch
(git-fixes CVE-2025-68210 bsc#1255231).
- Update
patches.suse/exfat-fix-improper-check-of-dentry.stream.valid_size.patch
(git-fixes CVE-2025-40287 bsc#1255030).
- Update patches.suse/exfat-fix-refcount-leak-in-exfat_find.patch
(git-fixes CVE-2025-68351 bsc#1255567).
- Update
patches.suse/exfat-validate-cluster-allocation-bits-of-the-allocation-bitmap.patch
(git-fixes CVE-2025-40307 bsc#1255039).
- Update
patches.suse/fbcon-Set-fb_display-i-mode-to-NULL-when-the-mode-is.patch
(stable-fixes CVE-2025-40323 bsc#1255094).
- Update
patches.suse/fbdev-Add-bounds-checking-in-bit_putcs-to-fix-vmallo.patch
(stable-fixes CVE-2025-40304 bsc#1255034).
- Update
patches.suse/fbdev-bitblit-bound-check-glyph-index-in-bit_putcs.patch
(stable-fixes CVE-2025-40322 bsc#1255092).
- Update
patches.suse/firmware-arm_scmi-Account-for-failed-debug-initializ.patch
(git-fixes CVE-2025-40226 bsc#1254821).
- Update
patches.suse/firmware-stratix10-svc-fix-bug-in-saving-controller-.patch
(git-fixes CVE-2025-68328 bsc#1255489).
- Update
patches.suse/gpiolib-fix-invalid-pointer-access-in-debugfs.patch
(git-fixes CVE-2025-68167 bsc#1255099).
- Update
patches.suse/gpu-host1x-Fix-race-in-syncpt-alloc-free.patch
(git-fixes CVE-2025-68732 bsc#1255688).
- Update
patches.suse/idpf-fix-possible-vport_config-NULL-pointer-deref-in.patch
(git-fixes CVE-2025-68213 bsc#1255228).
- Update
patches.suse/iio-accel-bmc150-Fix-irq-assumption-regression.patch
(stable-fixes CVE-2025-68330 bsc#1255493).
- Update
patches.suse/ima-Handle-error-code-returned-by-ima_filter_rule_ma.patch
(git-fixes CVE-2025-68740 bsc#1255812).
- Update
patches.suse/ima-don-t-clear-IMA_DIGSIG-flag-when-setting-or-remo.patch
(stable-fixes CVE-2025-68183 bsc#1255251).
- Update
patches.suse/irqchip-mchp-eic-Fix-error-code-in-mchp_eic_domain_a.patch
(git-fixes CVE-2025-68766 bsc#1255932).
- Update
patches.suse/media-imon-make-send_packet-more-robust.patch
(stable-fixes CVE-2025-68194 bsc#1255325).
- Update
patches.suse/media-pci-mg4b-fix-uninitialized-iio-scan-data.patch
(git-fixes CVE-2025-40221 bsc#1254519).
- Update
patches.suse/media-videobuf2-forbid-remove_bufs-when-legacy-filei.patch
(git-fixes CVE-2025-40302 bsc#1255196).
- Update
patches.suse/misc-fastrpc-Fix-dma_buf-object-leak-in-fastrpc_map_.patch
(git-fixes CVE-2025-68252 bsc#1255197).
- Update
patches.suse/mm-secretmem-fix-use-after-free-race-in-fault-handle.patch
(git-fixes CVE-2025-40272 bsc#1254832).
- Update
patches.suse/most-usb-Fix-use-after-free-in-hdm_disconnect.patch
(git-fixes CVE-2025-40223 bsc#1254957).
- Update
patches.suse/most-usb-fix-double-free-on-late-probe-failure.patch
(git-fixes CVE-2025-68290 bsc#1255154).
- Update
patches.suse/most-usb-hdm_probe-Fix-calling-put_device-before-dev.patch
(git-fixes CVE-2025-68249 bsc#1255233).
- Update
patches.suse/mt76-mt7615-Fix-memory-leak-in-mt7615_mcu_wtbl_sta_a.patch
(git-fixes CVE-2025-68765 bsc#1255931).
- Update
patches.suse/mtd-rawnand-cadence-fix-DMA-device-NULL-pointer-dere.patch
(git-fixes CVE-2025-68238 bsc#1255202).
- Update
patches.suse/mtdchar-fix-integer-overflow-in-read-write-ioctls.patch
(git-fixes CVE-2025-68237 bsc#1255203).
- Update
patches.suse/net-stmmac-Correctly-handle-Rx-checksum-offload-erro.patch
(git-fixes CVE-2025-40337 bsc#1255081).
- Update
patches.suse/net-usb-qmi_wwan-initialize-MAC-header-offset-in-qmi.patch
(git-fixes CVE-2025-68192 bsc#1255246).
- Update
patches.suse/nfs4_setup_readdir-insufficient-locking-for-d_parent-d_inode-dereferencing.patch
(git-fixes CVE-2025-68185 bsc#1255135).
- Update
patches.suse/nfsd-fix-refcount-leak-in-nfsd_set_fh_dentry.patch
(git-fixes CVE-2025-40212 bsc#1254195).
- Update
patches.suse/nouveau-firmware-Add-missing-kfree-of-nvkm_falcon_fw.patch
(git-fixes CVE-2025-68235 bsc#1255209).
- Update
patches.suse/nvme-fc-use-lock-accessing-port_state-and-rport-stat.patch
(bsc#1245193 bsc#1247500 CVE-2025-40342 bsc#1255274).
- Update
patches.suse/nvmet-fc-avoid-scheduling-association-deletion-twice.patch
(bsc#1245193 bsc#1247500 CVE-2025-40343 bsc#1255276).
- Update
patches.suse/pinctrl-s32cc-fix-uninitialized-memory-in-s32_pinctr.patch
(git-fixes CVE-2025-68222 bsc#1255218).
- Update
patches.suse/platform-x86-intel-punit_ipc-fix-memory-corruption.patch
(git-fixes CVE-2025-68303 bsc#1255122).
- Update
patches.suse/regmap-slimbus-fix-bus_context-pointer-in-regmap-ini.patch
(git-fixes CVE-2025-40317 bsc#1254796).
- Update
patches.suse/regulator-core-Protect-regulator_supply_alias_list-w.patch
(git-fixes CVE-2025-68354 bsc#1255553).
- Update
patches.suse/sctp-avoid-NULL-dereference-when-chunk-data-buffer-i.patch
(git-fixes CVE-2025-40240 bsc#1254869).
- Update
patches.suse/smb-client-fix-potential-cfid-UAF-in-smb2_query_info_compound.patch
(git-fixes CVE-2025-40320 bsc#1254793).
- Update
patches.suse/spi-ch341-fix-out-of-bounds-memory-access-in-ch341_t.patch
(git-fixes CVE-2025-68352 bsc#1255541).
- Update patches.suse/spi-tegra210-quad-Fix-timeout-handling.patch
(bsc#1253155 CVE-2025-68746 bsc#1255722).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-OnBeacon.patch
(stable-fixes CVE-2025-68254 bsc#1255140).
- Update
patches.suse/staging-rtl8723bs-fix-out-of-bounds-read-in-rtw_get_.patch
(stable-fixes CVE-2025-68256 bsc#1255138).
- Update
patches.suse/staging-rtl8723bs-fix-stack-buffer-overflow-in-OnAss.patch
(stable-fixes CVE-2025-68255 bsc#1255395).
- Update
patches.suse/tty-serial-ip22zilog-Use-platform-device-for-probing.patch
(stable-fixes CVE-2025-68311 bsc#1255161).
- Update
patches.suse/usb-cdns3-gadget-Use-after-free-during-failed-initia.patch
(stable-fixes CVE-2025-40314 bsc#1255072).
- Update
patches.suse/usb-dwc3-Fix-race-condition-between-concurrent-dwc3_.patch
(git-fixes CVE-2025-68287 bsc#1255152).
- Update
patches.suse/usb-gadget-f_eem-Fix-memory-leak-in-eem_unwrap.patch
(git-fixes CVE-2025-68289 bsc#1255155).
- Update
patches.suse/usb-gadget-f_fs-Fix-epfile-null-pointer-access-after.patch
(stable-fixes CVE-2025-40315 bsc#1255083).
- Update
patches.suse/usb-potential-integer-overflow-in-usbg_make_tpg.patch
(stable-fixes CVE-2025-68750 bsc#1255814).
- Update
patches.suse/usb-renesas_usbhs-Fix-synchronous-external-abort-on-.patch
(git-fixes CVE-2025-68327 bsc#1255488).
- Update
patches.suse/usb-storage-sddr55-Reject-out-of-bound-new_pba.patch
(stable-fixes CVE-2025-40345 bsc#1255279).
- Update
patches.suse/usb-uas-fix-urb-unmapping-issue-when-the-uas-device-.patch
(git-fixes CVE-2025-68331 bsc#1255495).
- Update patches.suse/usbnet-Prevents-free-active-kevent.patch
(git-fixes CVE-2025-68312 bsc#1255171).
- Update patches.suse/wifi-ath11k-fix-peer-HE-MCS-assignment.patch
(git-fixes CVE-2025-68380 bsc#1255580).
- Update
patches.suse/wifi-brcmfmac-fix-crash-while-sending-Action-Frames-.patch
(git-fixes CVE-2025-40321 bsc#1254795).
- Update
patches.suse/wifi-rtl818x-Fix-potential-memory-leaks-in-rtl8180_i.patch
(git-fixes CVE-2025-68759 bsc#1255934).
- Update
patches.suse/wifi-rtl818x-rtl8187-Fix-potential-buffer-underflow-.patch
(git-fixes CVE-2025-68362 bsc#1255611).
- Update patches.suse/x86-CPU-AMD-Add-RDSEED-fix-for-Zen5.patch
(git-fixes CVE-2025-68313 bsc#1255415).
- Update
patches.suse/x86-CPU-AMD-Add-missing-terminator-for-zen5_rdseed_m.patch
(git-fixes CVE-2025-68195 bsc#1255259).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- commit c0f554e
- docs: ABI: sysfs-devices-soc: Fix swapped sample values
(git-fixes).
- commit 8c83315
- gpio: rockchip: mark the GPIO controller as sleeping
(git-fixes).
- drm/pl111: Fix error handling in pl111_amba_probe (git-fixes).
- crypto: qat - fix duplicate restarting msg during AER error
(git-fixes).
- commit f18c9f6
- io_uring/zctx: check chained notif contexts (CVE-2025-68317
bsc#1255354).
- commit b895dee
- cifs: client: fix memory leak in smb3_fs_context_parse_param
(bsc#1255082, CVE-2025-40268).
- commit 7120bdc
- selftests/bpf: Add test to verify freeing the special fields
in pcpu maps (CVE-2025-68744 bsc#1255709).
- commit 763d99d
- drm/amdkfd: Trap handler support for expert scheduling mode
(stable-fixes).
- commit 021ac24
- PCI: brcmstb: Reuse pcie_cfg_data structure (stable-fixes).
- Refresh
patches.suse/PCI-brcmstb-Set-generation-limit-before-PCIe-link-up.patch.
- commit 0f681e6
- pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping
(git-fixes).
- wifi: mac80211: restore non-chanctx injection behaviour
(git-fixes).
- wifi: avoid kernel-infoleak from struct iw_point (git-fixes).
- atm: Fix dma_free_coherent() size (git-fixes).
- net: usb: pegasus: fix memory leak in update_eth_regs_async()
(git-fixes).
- net: wwan: iosm: Fix memory leak in ipc_mux_deinit()
(git-fixes).
- HID: quirks: work around VID/PID conflict for appledisplay
(git-fixes).
- ASoC: sun4i-spdif: Add missing kerneldoc fields for
sun4i_spdif_quirks (git-fixes).
- ALSA: ac97: fix a double free in snd_ac97_controller_register()
(git-fixes).
- usb: usb-storage: Maintain minimal modifications to the
bcdDevice range (git-fixes).
- serial: xilinx_uartps: fix rs485 delay_rts_after_send
(git-fixes).
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042
quirk table (stable-fixes).
- Input: lkkbd - disable pending work before freeing device
(stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN351
(stable-fixes).
- drm/amd/display: Fix scratch registers offsets for DCN35
(stable-fixes).
- broadcom: b44: prevent uninitialized value usage (git-fixes).
- Revert "drm/amd/display: Fix pbn to kbps Conversion"
(stable-fixes).
- drm/amdkfd: bump minimum vgpr size for gfx1151 (stable-fixes).
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace
(stable-fixes).
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state()
(stable-fixes).
- i2c: designware: Disable SMBus interrupts to prevent storms
from mis-configured firmware (stable-fixes).
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to
VGBS DMI quirks (stable-fixes).
- clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src
(stable-fixes).
- usb: usb-storage: No additional quirks need to be added to
the EL-R12 optical drive (stable-fixes).
- usb: xhci: limit run_graceperiod for only usb 3.0 devices
(stable-fixes).
- usb: typec: ucsi: Handle incorrect num_connectors capability
(stable-fixes).
- usbip: Fix locking bug in RT-enabled kernels (stable-fixes).
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready
(stable-fixes).
- char: applicom: fix NULL pointer dereference in ac_ioctl
(stable-fixes).
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for
gcc complains (stable-fixes).
- fbdev: gbefb: fix to use physical address instead of dma address
(stable-fixes).
- via_wdt: fix critical boot hang due to unnamed resource
allocation (stable-fixes).
- ipmi: Fix __scan_channels() failing to rescan channels
(stable-fixes).
- ipmi: Fix the race between __scan_channels() and
deliver_response() (stable-fixes).
- reset: fix BIT macro reference (stable-fixes).
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx
(stable-fixes).
- firmware: imx: scu-irq: Init workqueue before request mbox
channel (stable-fixes).
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 &
pcie_x4 (stable-fixes).
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen
(stable-fixes).
- mmc: sdhci-msm: Avoid early clock doubling during HS400
transition (stable-fixes).
- mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips
(stable-fixes).
- mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips
(stable-fixes).
- mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips
(stable-fixes).
- mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips
(stable-fixes).
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips
(stable-fixes).
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips
(stable-fixes).
- ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime
(git-fixes).
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling
(stable-fixes).
- drm/displayid: add quirk to ignore DisplayID checksum errors
(stable-fixes).
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct
drm_edid_ident (stable-fixes).
- drm/displayid: pass iter to drm_find_displayid_extension()
(stable-fixes).
- media: amphion: Remove vpu_vb_is_codecconfig (git-fixes).
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT
(stable-fixes).
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV
(stable-fixes).
- Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (stable-fixes).
- Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (stable-fixes).
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING
after CLC load (stable-fixes).
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840
tablet (stable-fixes).
- wifi: cfg80211: stop radar detection in cfg80211_leave()
(stable-fixes).
- wifi: cfg80211: use cfg80211_leave() in iftype change
(stable-fixes).
- wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU
(stable-fixes).
- cpufreq: nforce2: fix reference count leak in nforce2
(git-fixes).
- ACPI: fan: Workaround for 64-bit firmware bug (stable-fixes).
- ACPI: property: Use ACPI functions in
acpi_graph_get_next_endpoint() only (stable-fixes).
- ACPICA: Avoid walking the Namespace if start_node is NULL
(stable-fixes).
- media: amphion: Make some vpu_v4l2 functions static
(stable-fixes).
- firmware: imx: Add stub functions for SCMI MISC API (git-fixes).
- media: amphion: Add a frame flush mode for decoder
(stable-fixes).
- serial: xilinx_uartps: Use helper function
hrtimer_update_function() (stable-fixes).
- commit 52a2394
- net/smc: fix general protection fault in __smc_diag_dump
(CVE-2025-40357 bsc#1255097).
- commit ef3290b
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is
replaced (CVE-2025-68259 bsc#1255199).
- commit 0428a24
- bpf: Free special fields when update [lru_,]percpu_hash maps
(CVE-2025-68744 bsc#1255709).
- commit ab66ed0
- cifs: reset iface weights when we cannot find a candidate
(git-fixes).
- commit 859fca4
- smb: client: fix warning when reconnecting channel (git-fixes).
- commit 700befa
- cifs: do not disable interface polling on failure (git-fixes).
- commit 87a748d
- cifs: deal with the channel loading lag while picking channels
(git-fixes).
- commit c445274
- cifs: serialize other channels when query server interfaces
is pending (git-fixes).
- commit 202c543
- cifs: dns resolution is needed only for primary channel
(git-fixes).
- commit 47e47ab
- cifs: update dstaddr whenever channel iface is updated
(git-fixes).
- commit cd217a8
- cifs: reset connections for all channels when reconnect
requested (git-fixes).
- commit a324ea9
- smb: client: introduce close_cached_dir_locked() (git-fixes).
- commit e15b950
- smb: client: fix potential UAF in smb2_close_cached_fid()
(CVE-2025-40328 bsc#1254624).
- commit f11d74a
- binfmt_misc: restore write access before closing files opened
by open_exec() (bsc#1255272 CVE-2025-68239).
- commit 2983172
- fs/proc: fix uaf in proc_readdir_de() (bsc#1255297
CVE-2025-40271).
- commit 46250e7
- ext4: refresh inline data size before write operations
(bsc#1255380 CVE-2025-68264).
- commit c23012b
- fs/notify: call exportfs_encode_fid with s_umount (bsc#1254809
CVE-2025-40237).
- commit 70d7e44
- ext4: guard against EA inode refcount underflow in xattr update
(bsc#1253623 CVE-2025-40190).
- commit 6c51c0b
- mm/damon/vaddr: do not repeat pte_offset_map_lock() until success (CVE-2025-40218 bsc#1254964)
- commit a3828d9
- arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() (CVE-2025-40346 bsc#1255318)
- commit 799eb50
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (CVE-2025-68302 bsc#1255121)
- commit 15ce001
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN
kernel-infoleak (CVE-2025-40278 bsc#1254825).
- commit a5a7e57
- Refresh
patches.suse/perf-hwmon_pmu-Fix-uninitialized-variable-warning.patch.
- Refresh
patches.suse/scsi-lpfc-Add-capability-to-register-Platform-Name-I.patch.
- Refresh
patches.suse/scsi-lpfc-Allow-support-for-BB-credit-recovery-in-po.patch.
- Refresh
patches.suse/scsi-lpfc-Ensure-unregistration-of-rpis-for-received.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-leaked-ndlp-krefs-when-in-point-to-poi.patch.
- Refresh
patches.suse/scsi-lpfc-Fix-reusing-an-ndlp-that-is-marked-NLP_DRO.patch.
- Refresh
patches.suse/scsi-lpfc-Modify-kref-handling-for-Fabric-Controller.patch.
- Refresh
patches.suse/scsi-lpfc-Remove-redundant-NULL-ptr-assignment-in-lp.patch.
- Refresh
patches.suse/scsi-lpfc-Revise-discovery-related-function-headers-.patch.
- Refresh
patches.suse/scsi-lpfc-Update-lpfc-version-to-14.4.0.12.patch.
- Refresh
patches.suse/scsi-lpfc-Update-various-NPIV-diagnostic-log-messagi.patch.
- commit b565804
- mm/huge_memory: fix NULL pointer deference when splitting folio
(CVE-2025-68293 bsc#1255150).
- commit 1dd8abe
- iommufd: Don't overflow during division for dirty tracking
(CVE-2025-40293 bsc#1255179).
- commit b6a4633
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit 9132138
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 0f51ab5
- ceph: fix multifs mds auth caps issue (CVE-2025-40362 bsc#1255103).
- commit 9fee071
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 9838be9
- ASoC: codecs: wcd937x: fix OF node leaks on probe failure
(git-fixes).
- ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches
(git-fixes).
- commit 1cc2d04
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
(CVE-2025-40251 bsc#1254856).
- commit da56dba
- net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower()
(bsc#1255156 CVE-2025-40255).
- commit 57e1c6f
- net: sched: act_connmark: initialize struct tc_ife to fix
kernel leak (CVE-2025-40279 bsc#1254846).
- commit cb9f7bb
- btrfs: do not skip logging new dentries when logging a new name
(git-fixes).
- commit ec916c6
- btrfs: don't log conflicting inode if it's a dir moved in the
current transaction (git-fixes).
- commit a690d41
- btrfs: fix changeset leak on mmap write after failure to
reserve metadata (git-fixes).
- commit 75e4299
- team: Move team device type change at the end of team_port_add
(CVE-2025-68340 bsc#1255507).
- net/mlx5: Clean up only new IRQ glue on request_irq() failure
(CVE-2025-40250 bsc#1254854).
- net: qlogic/qede: fix potential out-of-bounds read in
qede_tpa_cont() and qede_tpa_end() (CVE-2025-40252 bsc#1254849).
- net: enetc: fix the deadlock of enetc_mdio_lock (CVE-2025-40347
bsc#1255262).
- commit 085c913
- ASoC: Intel: avs: Do not share the name pointer between
components (CVE-2025-40338 bsc#1255273).
- commit fb15ec5
- usb: phy: isp1301: fix non-OF device reference imbalance
(git-fixes).
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path
(git-fixes).
- serial: core: Fix serial device initialization (git-fixes).
- commit 592ca99
- wifi: mac80211: do not use old MBSSID elements (git-fixes).
- wifi: cfg80211: sme: store capped length in
__cfg80211_connect_result() (git-fixes).
- wifi: rtlwifi: 8192cu: fix tid out of range in
rtl92cu_tx_fill_desc() (git-fixes).
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS
(git-fixes).
- usb: ohci-nxp: fix device leak on probe failure (git-fixes).
- usb: dwc3: of-simple: fix clock resource leak in
dwc3_of_simple_probe (git-fixes).
- USB: lpc32xx_udc: Fix error handling in probe (git-fixes).
- usb: typec: altmodes/displayport: Drop the device reference
in dp_altmode_probe() (git-fixes).
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc()
(git-fixes).
- usb: dwc3: keep susphy enabled during exit to avoid controller
faults (git-fixes).
- usb: dwc2: fix hang during shutdown if set as peripheral
(git-fixes).
- wifi: ath10k: move recovery check logic into a new work
(git-fixes).
- wifi: ath10k: Add missing include of export.h (stable-fixes).
- wifi: ath10k: Avoid vdev delete timeout when firmware is
already down (stable-fixes).
- commit 07af9a3
- of: unittest: Fix memory leak in unittest_data_add()
(git-fixes).
- drm/i915/gem: Zero-initialize the eb.vma array in
i915_gem_do_execbuffer (git-fixes).
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state()
in prepare_fb (git-fixes).
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in
ACPI package parsing (git-fixes).
- platform/x86: ibm_rtl: fix EBDA signature search pointer
arithmetic (git-fixes).
- platform/x86: msi-laptop: add missing sysfs_remove_group()
(git-fixes).
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from
event names (git-fixes).
- net: rose: fix invalid array index in rose_kill_by_device()
(git-fixes).
- net: usb: sr9700: fix incorrect command used to write single
register (git-fixes).
- net: nfc: fix deadlock between nfc_unregister_device and
rfkill_fop_write (git-fixes).
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
(git-fixes).
- net: mdio: aspeed: add dummy read to avoid read-after-write
issue (git-fixes).
- idr: fix idr_alloc() returning an ID out of range (git-fixes).
- genalloc.h: fix htmldocs warning (git-fixes).
- serial: sh-sci: Check that the DMA cookie is valid (git-fixes).
- serial: core: Restore sysfs fwnode information (git-fixes).
- firewire: nosy: Fix dma_free_coherent() size (git-fixes).
- Input: ti_am335x_tsc - fix off-by-one error in wire_order
validation (git-fixes).
- Input: alps - fix use-after-free bugs caused by
dev3_register_work (git-fixes).
- Input: atkbd - skip deactivate for HONOR FMB-P's internal
keyboard (git-fixes).
- spi: cadence-quadspi: Fix clock disable on probe failure path
(git-fixes).
- spi: fsl-cpm: Check length parity before switching to 16 bit
mode (git-fixes).
- hwmon: (ltc4282): Fix reset_history file permissions
(git-fixes).
- hwmon: (tmp401) fix overflow caused by default conversion rate
value (git-fixes).
- hwmon: (ibmpex) fix use-after-free in high/low store
(git-fixes).
- hwmon: (dell-smm) Limit fan multiplier to avoid overflow
(git-fixes).
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to
Kconfig (git-fixes).
- mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds
(git-fixes).
- PM: runtime: Do not clear needs_force_resume with enabled
runtime PM (git-fixes).
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr()
(git-fixes).
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (git-fixes).
- net: phy: marvell-88q2xxx: Fix clamped value in
mv88q2xxx_hwmon_write (git-fixes).
- firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select
FW_LOADER (git-fixes).
- efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs
(stable-fixes).
- efi/cper: Add a new helper function to print bitmasks
(stable-fixes).
- efi/cper: Adjust infopfx size to accept an extra space
(stable-fixes).
- usb: dwc2: disable platform lowlevel hw resources during
shutdown (stable-fixes).
- resource: introduce is_type_match() helper and use it
(stable-fixes).
- resource: replace open coded resource_intersection()
(stable-fixes).
- commit 0273be1
- accel/ivpu: Prevent runtime suspend during context abort work
(stable-fixes).
- Refresh
patches.suse/accel-ivpu-Trigger-device-recovery-on-engine-reset-r.patch.
- commit 79c3327
- drm/imagination: Disallow exporting of PM/FW protected objects
(git-fixes).
- Bluetooth: btusb: revert use of devm_kzalloc in btusb
(git-fixes).
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(git-fixes).
- drm/msm/dpu: Add missing NULL pointer check for pingpong
interface (git-fixes).
- ASoC: ak4458: remove the reset operation in probe and remove
(git-fixes).
- ASoC: fsl_sai: Constrain sample rates from audio PLLs only in
master mode (git-fixes).
- ALSA: usb-mixer: us16x08: validate meter packet indices
(git-fixes).
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path
(git-fixes).
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path
(git-fixes).
- drm/xe: Use usleep_range for accurate long-running workload
timeslicing (git-fixes).
- drm/xe: Drop preempt-fences when destroying imported dma-bufs
(git-fixes).
- drm/xe/oa: Disallow 0 OA property values (git-fixes).
- drm/xe: Adjust long-running workload timeslices to reasonable
values (git-fixes).
- drm/xe/oa: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Limit num_syncs to prevent oversized allocations
(git-fixes).
- drm/xe: Restore engine registers before restarting schedulers
after GT reset (git-fixes).
- drm/xe/bo: Don't include the CCS metadata in the dma-buf
sg-table (git-fixes).
- drm/me/gsc: mei interrupt top half should be in irq disabled
context (git-fixes).
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first
(git-fixes).
- ACPI: PCC: Fix race condition by removing static qualifier
(git-fixes).
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf
(git-fixes).
- can: j1939: make j1939_sk_bind() fail if device is no longer
registered (git-fixes).
- can: gs_usb: gs_can_open(): fix error handling (git-fixes).
- ASoC: codecs: nau8325: Silence uninitialized variables warnings
(stable-fixes).
- ASoC: nau8325: use simple i2c probe function (stable-fixes).
- ALSA: wavefront: Fix integer overflow in sample size validation
(git-fixes).
- accel/ivpu: Ensure rpm_runtime_put in case of engine
reset/resume fail (git-fixes).
- commit bc5d2b7
- bpf: Fix stackmap overflow check in __bpf_get_stackid()
(CVE-2025-68378 bsc#1255614).
- commit 7a823bd
- bpf: Refactor stack map trace depth calculation into helper
function (CVE-2025-68378 bsc#1255614).
- commit 296727b
- powerpc/kexec: Enable SMT before waking offline CPUs
(bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes
bsc#1253739 ltc#211493 bsc#1254244 ltc#216496).
- commit 2cae729
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct()
(git-fixes).
- commit fa39b88
- uprobe: Do not emulate/sstep original instruction when ip is
changed (git-fixes).
- commit d467aca
- scsi: ufs: core: Fix PM QoS mutex initialization (git-fixes).
- commit d4f8c1e
- sysfs: check visibility before changing group attribute
ownership (CVE-2025-40355 bsc#1255261).
- commit 880a26c
- kabi: fix struct ufs_hba changes (bsc#1253414 CVE-2025-40130).
- commit fc77a12
- tracing: Fix race condition in kprobe initialization causing
NULL pointer dereference (CVE-2025-40042 bsc#1252861).
- commit bdfa48f
- KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
(bsc#1255672).
- Refresh
patches.suse/KVM-SEV-Enforce-minimum-GHCB-version-requirement-for.patch.
- Refresh
patches.suse/KVM-SEV-Rename-kvm_ghcb_get_sw_exit_code-to-kvm_get_.patch.
- commit 24d45f1
- scsi: ufs: core: Fix data race in CPU latency PM QoS request
handling (CVE-2025-40130 bsc#1253414).
- commit ebfcb5d
- cpuidle: menu: Use residency threshold in polling state override
decisions (bsc#1255026).
- commit 652c9d1
- supported.conf: Update path for ufs drivers
As part of bsc#1253414 CVE-2025-40130, which updates
the ufs driver, it was discovered that the pathnames
in the supported module list had the old ufs driver
pathnames, which was drivers/scsi/ufs. But the
ufs drivers are now in drivers/ufs.
Also, the ti-j721e-ufs modules is now in the "host"
subdirectory.
- commit 0d9f529
- selftests/bpf: Test widen_imprecise_scalars() with different
stack depth (CVE-2025-68208 bsc#1255227).
- commit cbc44e7
- bpf: account for current allocated stack depth in
widen_imprecise_scalars() (CVE-2025-68208 bsc#1255227).
- commit ac93c78
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit d162d45
- netfilter: nft_ct: add seqadj extension for natted connections
(CVE-2025-68206 bsc#1255142).
- commit c2d456f
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit cd21b6d
- net: bridge: fix use-after-free due to MST port state bypass
(CVE-2025-40297 bsc#1255187).
- commit 656c4a6
- bpf: Sync pending IRQ work before freeing ring buffer
(CVE-2025-40319 bsc#1254794).
- commit 0031a97
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit 852b35f
- net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170
bsc#1253413).
- commit 2787f89
- tipc: Fix use-after-free in tipc_mon_reinit_self()
(CVE-2025-40280 bsc#1254847).
- commit 1a4ecc3
- cgroup: rstat: use LOCK CMPXCHG in css_rstat_updated
(bsc#1255434).
- bpf: Do not limit bpf_cgroup_from_id to current's namespace
(bsc#1255433).
- commit f9dd89c
- virtio-net: fix received length check in big packets (bsc#1255175, CVE-2025-40292).
- commit d9c33d8
- af_unix: Initialise scc_index in unix_add_edge() (CVE-2025-40214
bsc#1254961).
- commit f4d0234
- net: atlantic: fix fragment overflow handling in RX path
(CVE-2025-68301 bsc#1255120).
- net: openvswitch: remove never-working support for setting
nsh fields (CVE-2025-40254 bsc#1254852).
- commit ca34a4d
- vsock: Ignore signal/timeout on connect() if already established
(CVE-2025-40248, bsc#1254864).
- commit 8f55c39
- vsock: fix lock inversion in vsock_assign_transport()
(CVE-2025-40231, bsc#1254815).
- commit 1f7e22a
- xen/events: Return -EEXIST for bound VIRQs (CVE-2025-40160,
bsc#1253400).
- commit 3883ce8
- xen/events: Cleanup find_virq() return codes (CVE-2025-40160,
bsc#1253400).
- commit 8f641eb
- selftests: net: fib-onlink-tests: Set high metric for default
IPv6 route (bsc#1255346).
- selftests: net: use slowwait to make sure IPv6 setup finished
(bsc#1255349).
- selftests: net: use slowwait to stabilize vrf_route_leaking test
(bsc#1255349).
- commit 18154f6
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 23f1b71
- be2net: pass wrb_params in case of OS2BMC (CVE-2025-40264
bsc#1254835).
- net: phy: micrel: always set shared->phydev for LAN8814
(CVE-2025-40239 bsc#1254868).
- commit 48a9709
- drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (CVE-2025-40276 bsc#1254824).
- commit a018fa4
- mptcp: fix race condition in mptcp_schedule_work()
(CVE-2025-40258 bsc#1254843).
- commit 37cfb37
- netdevsim: print human readable IP address (bsc#1255071).
- commit f4d9e1a
- selftests/bpf: Skip timer cases when bpf_timer is not supported
(git-fixes).
- commit 52f69d8
- bpf: Reject bpf_timer for PREEMPT_RT (git-fixes).
- commit 772432b
- xfs: fix out of bounds memory read error in symlink repair
(CVE-2025-40246 bsc#1254861).
- commit 520885a
- xfs: Replace strncpy with memcpy (git-fixes).
- commit d262779
- KVM: guest_memfd: Remove bindings on memslot deletion when
gmem is dying (CVE-2025-40274, bsc#1254830).
- commit bf3055c
- btrfs: handle aligned EOF truncation correctly for subpage cases
(bsc#1253238).
- commit abcc81c
- tick/sched: Limit non-timekeeper CPUs calling jiffies update
(bsc#1254477).
- commit 5c0d7c3
- futex: Prevent use-after-free during requeue-PI (CVE-2025-39977
bsc#1252046).
- commit 584a8ca
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit e9b2533
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit 2fc5164
- net: call cond_resched() less often in __release_sock()
(git-fixes).
- commit 38a2c24
- bnxt_en: Shutdown FW DMA in bnxt_shutdown() (CVE-2025-40330
bsc#1254616).
- commit b08b65b
- Update
patches.kabi/devlink_hide_adding_u64_to_devlink_param_types.patch
(jsc#PED-12745).
- Refresh
patches.suse/devlink-Add-support-for-u64-parameters.patch.
- Delete
patches.suse/devlink-avoid-param-type-value-translations.patch.
Fix kABI breakage, caused by adding U64 type to DEVLINK_PARAM_TYPE (bsc#1254363)
- commit 4d0e363
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
(git-fixes).
- args: fix documentation to reflect the correct numbers
(git-fixes).
- drm/mgag200: Fix big-endian support (git-fixes).
- drm/tilcdc: Fix removal actions in case of failed probe
(git-fixes).
- drm/ttm: Avoid NULL pointer deref for evicted BOs (git-fixes).
- drm: nouveau: Replace sprintf() with sysfs_emit() (git-fixes).
- drm/nouveau: refactor deprecated strcpy (git-fixes).
- drm/plane: Fix IS_ERR() vs NULL check in
drm_plane_create_hotspot_properties() (git-fixes).
- drm/i915: Fix format string truncation warning (git-fixes).
- drm/amdkfd: Use huge page size to check split svm range
alignment (git-fixes).
- rtc: gamecube: Check the return value of ioremap() (git-fixes).
- commit 26c9258
- ASoC: codecs: wcd939x: fix OF node leaks on probe failure
(git-fixes).
- ASoC: codecs: wcd938x: fix OF node leaks on probe failure
(git-fixes).
- ASoC: ak5558: Disable regulator when error happens (git-fixes).
- ASoC: ak4458: Disable regulator when error happens (git-fixes).
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of
of_dma_configure() (git-fixes).
- ALSA: firewire-motu: add bounds check in put_user loop for
DSP events (git-fixes).
- ALSA: uapi: Fix typo in asound.h comment (git-fixes).
- ALSA: firewire-motu: fix buffer overflow in hwdep read for
DSP events (git-fixes).
- ALSA: hda: cs35l41: Fix NULL pointer dereference in
cs35l41_hda_read_acpi() (git-fixes).
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE
parsing (stable-fixes).
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq
IE parsing (stable-fixes).
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie()
parser (stable-fixes).
- USB: serial: option: move Telit 0x10c7 composition in the
right place (stable-fixes).
- USB: serial: option: add Telit Cinterion FE910C04 new
compositions (stable-fixes).
- USB: serial: option: add Foxconn T99W760 (stable-fixes).
- USB: serial: ftdi_sio: match on interface number for jtag
(stable-fixes).
- serial: add support of CPCI cards (stable-fixes).
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1
(stable-fixes).
- wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1
(stable-fixes).
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration
(stable-fixes).
- samples: work around glibc redefining some of our defines wrong
(stable-fixes).
- platform/x86: acer-wmi: Ignore backlight event (stable-fixes).
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list
(stable-fixes).
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally
(stable-fixes).
- platform/x86: huawei-wmi: add keys for HONOR models
(stable-fixes).
- HID: elecom: Add support for ELECOM M-XT3URBK (018F)
(stable-fixes).
- HID: hid-input: Extend Elan ignore battery quirk to USB
(stable-fixes).
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk
list (stable-fixes).
- drm/vmwgfx: Use kref in vmw_bo_dirty (stable-fixes).
- drm/amdkfd: Fix GPU mappings for APU after prefetch
(stable-fixes).
- spi: xilinx: increase number of retries before declaring stall
(stable-fixes).
- spi: imx: keep dma request disabled before dma transfer setup
(stable-fixes).
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series
(stable-fixes).
- Bluetooth: btrtl: Avoid loading the config file on security
chips (stable-fixes).
- commit 5d984a6
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination
(bsc#1253458 CVE-2025-40167).
- commit 605db4d
- ext4: align max orphan file size with e2fsprogs limit
(bsc#1253442 CVE-2025-40179).
- commit 26fd0f5
- ext4: free orphan info with kvfree (bsc#1253442 CVE-2025-40179).
- commit 610e2f7
- ext4: verify orphan file size is not too big (bsc#1253442
CVE-2025-40179).
- commit ab947ea
- config.conf: add kernel-azure as additonal flavor
The content is based on commit 55ebf5f2a4b and de2b7669cdd.
This makes kernel-source-azure and kernel-syms-azure obsolete.
- commit 8ce1bdd
- kABI workaround for HCI_LE_ADV_0 addition (git-fixes).
- commit 10199fc
- regulator: fixed: Rely on the core freeing the enable GPIO
(git-fixes).
- commit 5011006
- openssl-3
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795]
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
* TLS 1.3 CompressedCertificate excessive memory allocation
- openssl-CVE-2025-66199.patch [bsc#1256833, CVE-2025-66199]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* 'openssl dgst' one-shot codepath silently truncates inputs greater than 16MB
- openssl-CVE-2025-15469.patch [bsc#1256832, CVE-2025-15469]
* Stack buffer overflow in CMS AuthEnvelopedData parsing
- openssl-CVE-2025-15467.patch [bsc#1256830, CVE-2025-15467]
- openssl-CVE-2025-15467-comments.patch
- openssl-CVE-2025-15467-test.patch
* Improper validation of PBMAC1 parameters in PKCS#12 MAC verification
- openssl-CVE-2025-11187.patch [bsc#1256829, CVE-2025-11187]
* NULL dereference in SSL_CIPHER_find() function on unknown cipher ID
- openssl-CVE-2025-15468.patch [bsc#1256831, CVE-2025-15468]
- Enable livepatching support for ppc64le [bsc#1257274]
- udisks2
-
- (CVE-2025-8067) VUL-0: missing bounds check can lead to out-of-bounds
read in udisks daemon (bsc#1248502)
+ add 0001-udiskslinuxmanager-Add-lower-bounds-check-to-fd_inde.patch
- Fix dbus daemon requires, it's dbus-service, not dbus-1
- libxml2
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libxml2:python
-
- Add patch libxml2-CVE-2026-0989.patch, to fix call stack exhaustion
leading to application crash due to RelaxNG parser not limiting the
recursion depth when resolving `<include>` directives
CVE-2026-0989, bsc#1256805, https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- python-maturin
-
- Update vendor tarball to fix CVE-2025-58160 (bsc#1249011)
- python-urllib3
-
- Add security patch:
* CVE-2025-66471.patch (bsc#1254867)
* CVE-2025-66418.patch (bsc#1254866)