- util-linux
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- ncurses
-
- Add patch fix-bsc1259924.patch (bsc#1259924, CVE-2025-69720)
* Backport from ncurses-6.5-20251213.patch
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- cups
-
- cups-1.7.5-CVE-2026-34980.patch is based on
https://github.com/OpenPrinting/cups/commit/8d0f51cac24cb5bf949c5b6a221e51a150d982e3
backported to CUPS 1.7.5 to fix CVE-2026-34980
"Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
bsc#1261569
- cups-1.7.5-CVE-2026-34990.patch is is based on
https://github.com/OpenPrinting/cups/commit/e052dc44da9d12adfbebc51de4975fbadb2ce356
backported to CUPS 1.7.5 to fix CVE-2026-34990
"Local print admin token disclosure using temporary printers"
as far as matching code parts were found in CUPS 1.7.5
in particular CUPS 1.7.5 has no function to
"Create a local (temporary) [print] queue"
so CUPS 1.7.5 should not be affected by issues
which are related to "using temporary printers"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
bsc#1261568
- Incompatible changes needed to properly fix CVE-2026-34990:
The scheduler incorrectly allowed local certificates over the
loopback interface. Now this is only via domain sockets allowed.
The ability to create/overwrite files via a 'file:' device URI
is removed. Now the specified file must already exist
and is opened only for writing in exclusive mode.
In general: Historically 'file:' devices were provided
for backwards compatibility with System V interface scripts
that talked to serial printers over a character device, with
very limited debugging support for writing to an ordinary file.
It is not and never was intended as a way to "print to a file".
For a proper debugging method see the section
"A backend that sends its input into a file for debugging" in
https://en.opensuse.org/SDB:Using_Your_Own_Backends_to_Print_with_CUPS
- vim
-
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Switch GUI build requirement to GTK2 for SLE 12 compatibility.
Replaced pkgconfig(gtk+-3.0) with pkgconfig(gtk+-2.0) and
set --enable-gui=gtk2.
* Remove autoconf BuildRequires and autoconf call in %build.
* Package new Swedish (sv) man pages and remove duplicate encodings
(sv.ISO8859-1 and sv.UTF-8).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1-revert-v9.1.86.patch
* Refresh the following patches for 9.2.0045:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
- tigervnc
-
- U_Prevent-other-users-reading-x0vncserver-screen.patch
* Prevent other users from observing the screen, or modifying
what is sent to the client. Malicious attackers could even
crash x0vncserver if they timed the modifications right.
(CVE-2026-34352, bsc#1260871)
- python36
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- libcap
-
- CVE-2026-4878: Fixed a a potential TOCTOU race condition in cap_set_file() (bsc#1261809)
0001-Address-a-potential-TOCTOU-race-condition-in-cap_set.patch:
- python-pyOpenSSL
-
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804)
Add patch CVE-2026-27448.patch
- avahi
-
- Add avahi-CVE-2026-24401.patch: Fix unsolicited mDNS response
containing a recursive CNAME record (bsc#1257235).
- shim
-
- Add DER format certificate files for the pretrans script to verify
that the necessary certificate is in the UEFI db
- openSUSE Secure Boot CA, 2013-2035
openSUSE_Secure_Boot_CA_2013.crt
- SUSE Linux Enterprise Secure Boot CA, 2013-2035
SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt
- Microsoft Corporation UEFI CA 2011, 2011-2026
Microsoft_Corporation_UEFI_CA_2011.crt
- Microsoft UEFI CA 2023, 2023-2038
Microsoft_UEFI_CA_2023.crt
- shim.spec: Add a pretrans script to verify that the necessary certificate
is in the UEFI db.
- Always put SUSE Linux Enterprise Secure Boot CA to target array.
(bsc#1254679)
- Update to 16.1
- RPMs
shim-16.1-150300.4.31.1.x86_64.rpm
- submitreq: https://build.suse.de/request/show/395247
- repo: https://build.suse.de/package/show/SUSE:Maintenance:39913/shim.SUSE_SLE-15-SP3_Update
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746 (bsc#1240871)
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch (bsc#1205588)
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n (bsc#1205588)
- Building with the latest version of gcc in the codebase:
- The gcc13 can workaround dxe_get_mem_attrs() hsi_status problem
- We prefer that building shim with the latest version of gcc in codebase.
- Set the minimum version is gcc-13.
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
- libpng12
-
- version update to 1.2.59 [jsc#PED-16191]
Added png_check_chunk_length() function, and check all chunks except
IDAT against the default 8MB limit; check IDAT against the maximum
size computed from IHDR parameters (Fixes CVE-2017-12652).
Initialize memory allocated by png_inflate to zero, using memset, to
stop an oss-fuzz "use of uninitialized value" detection in png_set_text_2()
due to truncated iTXt or zTXt chunk.
Added png_check_chunk_length() function, and check all chunks except
IDAT against the default 8MB limit; check IDAT against the maximum
size computed from IHDR parameters (Fixes CVE-2017-12652).
Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
and 162707).
Fixed a potential null pointer dereference in png_set_text_2() (bug report
and patch by Patrick Keshishian, CVE-2016-10087).
Fixed an out-of-range read in png_check_keyword() (Bug report from
Qixue Xiao, CVE-2015-8540).
Avoid potential pointer overflow in png_handle_iTXt(), png_handle_zTXt(),
png_handle_sPLT(), and png_handle_pCAL() (Bug report by John Regehr).
Fixed new bug with CRC error after reading an over-length palette
(bug report by Cosmin Truta) (CVE-2015-8126).- deleted patches
Check for 0 return from png_get_rowbytes() and added some (size_t) typecasts
in contrib/pngminus/*.c to stop some Coverity issues (162705, 162706,
and 162707).
Fixed typecast in a png_debug2() statement in png_set_text_2() to
avoid a compiler warning in PNG_DEBUG builds.
Fixed printf formats in pngtest.c to avoid compiler warnings and a
Coverity warning in PNG_DEBUG builds.
Avoid Coverity issue 80858 (REVERSE NULL) in pngtest.c PNG_DEBUG builds.
Removed WRITE_WEIGHTED_FILTERED code.
Avoid potentially dereferencing NULL info_ptr in png_info_init_3().
Fixed potential leak of png_pixels in contrib/pngminus/pnm2png.c
Use nanosleep() instead of usleep() in contrib/gregbook/rpng2-x.c
because usleep() is deprecated (port from libpng16).
Fixed some bad links in the man page.
Added a safety check in png_set_tIME() (Fixes CVE-2015-7981, bug report
from Qixue Xiao).
Issue a png_error() instead of a png_warning() when width is
potentially too large for the architecture, in case the calling
application has overridden the default 1,000,000-column limit
(fixes CVE-2014-9495 and CVE-2015-0973).
Quieted some harmless warnings from Coverity-scan.
Avoid out-of-bounds memory access while checking version string in
pngread.c and pngwrite.c
* libpng-1.2.50-CVE-2013-7353.patch (upstreamed)
* libpng-1.2.50-CVE-2013-7354.patch (upstreamed)
* libpng12-CVE-2015-7981.patch (upstreamed)
* libpng12-CVE-2015-8126-complete.patch (upstreamed)
* libpng12-CVE-2015-8126.patch (upstreamed)
* libpng12-CVE-2015-8540.patch (upstreamed)
* libpng12-CVE-2016-10087.patch (upstreamed)
* libpng12-CVE-2017-12652.patch (upstreamed)
* libpng12-CVE-2026-25646.patch (upstreamed)
- added patches
* libpng-1.2.51-CVE-2013-7353.patch
* libpng-1.2.51-CVE-2013-7354.patch
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution [bsc#1260754]
* libpng12-CVE-2026-33416.patch
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng12-CVE-2026-34757.patch
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- added patches
CVE-2026-33416: use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` can lead to arbitrary code execution (bsc#1260754)
* libpng16-CVE-2026-33416-1.patch
* libpng16-CVE-2026-33416-2.patch
* libpng16-CVE-2026-33416-3.patch
* libpng16-CVE-2026-33416-4.patch
- tiff
-
- CVE-2025-61143: Fix NULL pointer dereference (bsc#1258798)
Add tiff-CVE-2025-61143.patch
- CVE-2025-61144: Fix stack overflow in readSeparateStripsIntoBuffer (bsc#1258801)
Add tiff-CVE-2025-61144.patch
- suseconnect-ng
-
- Update version to 1.21.1:
- Fix nil token handling (bsc#1261155)
- Switch to using go1.24-openssl as the default Go version to
install to support building the package (jsc#SCC-585).
- Update version to 1.21:
- Add expanded metric collection for kernel modules and hardware
detection (jsc#TEL-226).
- Support new profile based metric collection
- Fix ignored --root parameter hanbling when reading and
writing configuration (bsc#1257667)
- Add expanded metric collection for system vendor/manfacturer
(jsc#TEL-260).
- Removed backport patch: fix-libsuseconnect-and-pci.patch
- Add missing product id to allow yast2-registration to not break (bsc#1257825)
- Fix libsuseconnect APIError detection logic (bsc#1257825)
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Backported by PATCH: fix-libsuseconnect-and-pci.patch
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- python3
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- systemd
-
- Import commit b9c5a78950c6d2dfd9c0ee57a380afa6b203e9a5
cbf8ee66ee machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
1a55ad48da udev: fix review mixup
1eba76668c udev-builtin-net-id: print cescaped bad attributes
cbd4b55380 udev: ensure tag parsing stays within bounds
5973d3b1cc udev: ensure there is space for trailing NUL before calling sprintf
f038eb6c8b udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- mozilla-nss
-
- update to NSS 3.112.4
* bmo#2030135 - improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
* bmo#2029752 - Improving the allocation of S/MIME DecryptSymKey.
* bmo#2029462 - store email on subject cache_entry in NSS trust domain.
* bmo#2029425 - Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
* bmo#2029323 - Improve size calculations in CMS content buffering.
* bmo#2028001 - avoid integer overflow while escaping RFC822 Names.
* bmo#2027378 - Reject excessively large ASN.1 SEQUENCE OF in quickder.
* bmo#2027365 - Deep copy profile data in CERT_FindSMimeProfile.
* bmo#2027345 - Improve input validation in DSAU signature decoding.
* bmo#2026311 - avoid integer overflow in RSA_EMSAEncodePSS.
* bmo#2019357 - RSA_EMSAEncodePSS should validate the length of mHash.
* bmo#2026156 - Add a maximum cert uncompressed len and tests.
* bmo#2026089 - Clarify extension negotiation mechanism for TLS Handshakes.
* bmo#2023209 - ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
* bmo#2023207 - Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
* bmo#2019224 - Remove invalid PORT_Free().
* bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
* bmo#1935995 - make ss->ssl3.hs.cookie an owned-copy of the cookie.
- openssl-1_0_0
-
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* CVE-2026-31790: Incorrect failure handling in RSA KEM RSASVE
encapsulation (bsc#1260445)
* CVE-2026-31791: NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches: openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31791.patch
- python-PyJWT
-
- Add CVE-2026-32597_crit-header.patch to reject the crit
(Critical) Header Parameter defined in RFC 7515 (bsc#1259616,
CVE-2026-32597).
- sed
-
- Add CVE-2026-5958.patch
* Fix CVE-2026-5958 (bsc#1262144):
A TOCTOU race can allow to read attacker-controlled content and write
it to an unintended file
- openssl-1_1
-
- Security fix:
* CVE-2026-28390: NULL pointer dereference during processing of a crafted
CMS EnvelopedData message with KeyTransportRecipientInfo (bsc#1261678)
* Add openssl-CVE-2026-28390.patch
- Security fixes:
* CVE-2026-28387: Potential use-after-free in DANE client code
(bsc#1260441)
* CVE-2026-28388: NULL Pointer Dereference When Processing a
Delta (bsc#1260442)
* CVE-2026-28389: Possible NULL dereference when processing CMS
KeyAgreeRecipientInfo (bsc#1260443)
* CVE-2026-31789: Heap buffer overflow in hexadecimal conversion
(bsc#1260444)
* NULL pointer dereference when processing an
OCSP response (bsc#1260446)
* Add patches:
openssl-CVE-2026-28387.patch
openssl-CVE-2026-28388.patch
openssl-CVE-2026-28389.patch
openssl-CVE-2026-31789.patch
openssl-NULL-pointer-dereference-in-ocsp_find_signer_sk.patch
- polkit
-
- avoid reading endless amounts of memory (CVE-2026-4897 bsc#1260859)
0001-CVE-2026-4897-getline-string-overflow.patch
- python
-
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- perl-XML-Parser
-
- added patches
CVE-2006-10002: heap buffer overflow in `parse_stream` when processing UTF-8 input streams (bsc#1259901)
* perl-XML-Parser-CVE-2006-10002.patch
CVE-2006-10003: off-by-one heap buffer overflow in `st_serial_stack` (bsc#1259902)
* perl-XML-Parser-CVE-2006-10003.patch
- gdk-pixbuf
-
- Add gdk-pixbuf-CVE-2026-5201.patch: jpeg: Reject unsupported
number of components (bsc#1261210 CVE-2026-5201
glgo#GNOME/gdk-pixbuf#266).
- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- nghttp2
-
- added patches
CVE-2026-27135: assertion failure due to missing state validation can lead to DoS (bsc#1259845)
* nghttp2-CVE-2026-27135.patch
- python-requests
-
- CVE-2026-25645: `extract_zipped_paths()` uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation (bsc#1260589)
Add patch CVE-2026-25645.patch
- python-urllib3
-
- fix regression in CVE-2025-66471.patch when downloading large files
(bsc#1259829)
- CVE-2025-66471: excessive resource consumption via decompression
of highly compressed data in Streaming API (bsc#1254867)
added CVE-2025-66471.patch
- CVE-2025-66418: resource exhaustion via unbounded number of links
in the decompression chain (bsc#1254866)
added CVE-2025-66418.patch
- CVE-2026-21441: excessive resource consumption during decompression
of data in HTTP redirect responses (bsc#1256331)
added CVE-2026-21441.patch
- disabled response decompression with brotli due to missing brotli
feature (jsc#PED-15380)
- Add security patches:
* CVE-2025-66471 (bsc#1254867)
* CVE-2025-66418 (bsc#1254866)
* CVE-2026-21441 (bsc#1256331)
- bind
-
- Fix unbounded NSEC3 iterations when validating referrals to
unsigned delegations.
(CVE-2026-1519)
[bsc#1260805, bind-9.11-CVE-2026-1519.patch]
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- perl
-
- Fix stack buffer overflow in Storable's deserialization of hooks
code [bsc#1262486] [CVE-2017-20230]
new patch: perl-storable-overflow.diff
- kernel-default
-
- crypto: authencesn - Fix src offset when decrypting in-place
(bsc#1262573 CVE-2026-31431).
- commit 447ae9a
- crypto: authencesn - Do not place hiseq at end of dst for
out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit ce75b61
- crypto: authenc - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- Refresh
patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 2ef1585
- crypto: aead - set CRYPTO_TFM_NEED_KEY if ->setkey() fails
(bsc#1262573 CVE-2026-31431).
- commit 3389719
- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
CVE-2026-31431).
- commit e0a7432
- crypto: algif_aead - Revert to operating out-of-place
(bsc#1262573 CVE-2026-31431).
- commit 3324e92
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- commit e04265b
- crypto: aead - prevent using AEADs without setting key
(bsc#1262573 CVE-2026-31431).
- commit 81b8a54
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
(bsc#1262573 CVE-2026-31431).
- commit b51c829
- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
CVE-2026-31431).
- commit 18c7752
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks
missing them (CVE-2026-23382 bsc#1260551).
- commit 0938773
- ALSA: usb-audio: Use correct version for UAC3 header validation
(CVE-2026-23318 bsc#1260536).
- commit d97948d
- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
on TEQL slave xmit (CVE-2026-23277 bsc#1259997).
- commit 1e064e8
- netfilter: nf_tables: unconditionally bump set->nelems before
insertion (CVE-2026-23272 bsc#1260009).
- commit 09c01da
- icmp: fix NULL pointer dereference in icmp_tag_validation()
(CVE-2026-23398 bsc#1260730).
- commit 4a6435e
- gve: Fix stats report corruption on queue count change
(CVE-2026-23262 bsc#1259870).
- commit 9fb91de
- btrfs: fix reservation leak in some error paths when inserting
inline extent (CVE-2025-71268 bsc#1259865).
- commit 9f5a354
- btrfs: do not free data reservation in fallback from inline
due to -ENOSPC (CVE-2025-71269 bsc#1259889).
- commit 1264408
- gve: fix incorrect buffer cleanup in
gve_tx_clean_pending_packets for QPL (CVE-2026-23386
bsc#1260799).
- commit cbe159d
- can: bcm: fix locking for bcm_op runtime updates (CVE-2026-23362
bsc#1260489).
- commit 2c7a147
- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit f1f6f9a
- net/tls: return ENOTSUPP on tls_init() (CVE-2024-26584
bsc#1220186).
- blacklist.conf: blacklist original commit.
- commit eedeb3a
- btrfs: fix processing of delayed data refs during backref walking (bsc#1228031).
- commit 4e68ed0
- fs: skip superblock shrink on frozen xfs filesystems
(bsc#1259770).
- commit f01e7af
- libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990 bsc#1257221).
- commit 48abf39
- btrfs: qgroup: fix race between quota disable and quota rescan
ioctl (CVE-2025-39759 bsc#1249522).
- commit 80667fb
- kABI fix for ipvlan: Make the addrs_lock be per port
(CVE-2026-23103 bsc#1257773).
- commit d449598
- sched/rt: Fix race in push_rt_task (CVE-2025-38234 bsc#1246057)
- commit 2ff5901
- Refresh
patches.suse/0001-apparmor-validate-DFA-start-states-are-in-bounds-in-.patch.
- commit c19850e
- l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280)
- commit 30aaeff
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
bsc#1257773).
- Delete patches.kabi/ipvlan_addr_lock_kabi.patch.
- commit 9627a6e
- Use unified maintainers' email address
- commit 0ed1513
- libceph: make free_choose_arg_map() resilient to partial allocation (CVE-2026-22991 bsc#1257220).
- commit 9ff4124
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit caea5fb
- sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT
(CVE-2026-23125 bsc#1258293).
- commit 666649e
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836)
Disable sch_atm module, it doesn't seem to be used and security issues
led to its removal from upstream.
- commit 197c542
- md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes).
- Refresh
patches.suse/mdraid-fix-read-write-bytes-accounting.patch.
- commit 6a54f47
- md/raid1,raid10: don't handle IO error for REQ_RAHEAD and
REQ_NOWAIT (git-fixes).
- commit 3758085
- Delete
patches.suse/scsi-qla2xxx-Complete-command-early-within-lock.patch.
- Delete
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
Commnit 0367076b0817 ('scsi: qla2xxx: Perform lockless command
completion in abort path'), locally contained in patch
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch,
has been reveted upstream by CVE-2025-68818 (see bsc#1256675).
Intead of committing a revert patch, just remove this patch.
This also requires removing our local patch
scsi-qla2xxx-Complete-command-early-within-lock.patch,
since this modified the code that was previously added in
scsi-qla2xxx-Perform-lockless-command-completion-in-.patch.
- commit 239eaae
- scsi: aic94xx: fix use-after-free in device removal path
(CVE-2025-71075 bsc#1256629).
- commit f9c693f
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit 2fb7a81
- md/raid1,raid10: don't ignore IO flags (CVE-2025-22125
bsc#1241596).
- commit aa9f7d7
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (CVE-2025-68223 bsc#1255357).
- commit 9a5ddda
- drm/amdkfd: fix potential kgd_mem UAFs (CVE-2023-53816 bsc#1254958).
- commit 8f7c148
- vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755, CVE-2026-23069).
- Refresh
patches.suse/vsock-virtio-cap-TX-credit-to-local-buffer-size.patch.
- commit 047f7a1
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
In addition backport 13e00fdc9236b which introduces
skb_header_pointer_careful() header which is required.
- commit 3465c86
- Update patches.suse/netfilter-nf_tables-Reject-tables-of-unsupported-fam.patch
(CVE-2023-6040 bsc#1218752 bsc#1259069 CVE-2026-25702).
Added references to bsc#1259069 and CVE-2026-25702.
- commit 1452528
- ata: libata-sff: Ensure that we cannot write outside the
allocated buffer (bsc#1238917 CVE-2025-21738).
- commit 4dc232e
- PCI/IOV: Fix race between SR-IOV enable/disable and hotplug
(CVE-2025-40219 bsc#1254518).
- Delete
patches.suse/PCI-IOV-Add-PCI-rescan-remove-locking-when-enabling-d.patch.
Replace a reverted commit (due to deadlocks) with a better fix.
- commit 3aab429
- bpf: Forget ranges when refining tnum after JSET (CVE-2025-39748
bsc#1249587).
- commit 596e702
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare
(bsc#1249998 CVE-2025-39817).
- commit fca031c
- libceph: replace BUG_ON with bounds check for map->max_osd (CVE-2025-68283 bsc#1255379).
- commit 159cfe5
- fou: Don't allow 0 for FOU_ATTR_IPPROTO (CVE-2026-23083
bsc#1257745).
- bonding: limit BOND_MODE_8023AD to Ethernet devices
(CVE-2026-23099 bsc#1257816).
- commit d173346
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit 8469a6e
- scsi: qla2xxx: Validate sp before freeing associated memory
(CVE-2025-71236 bsc#1258442).
- commit 152e17d
- nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec
(CVE-2026-23112 bsc#1258184).
- commit 0850ede
- smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924,
CVE-2025-40103).
- commit ee83c59
- cifs: parse_dfs_referrals: prevent oob on malformed input
(bsc#1252911, CVE-2025-40099).
- commit 303c99b
- Refresh
patches.suse/dst-fix-races-in-rt6_uncached_list_del-and-rt_del_un.patch.
- commit ee740c8
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit 16f0a57
- btrfs: fix deadlock in wait_current_trans() due to ignored
transaction type (bsc#1257687 CVE-2025-71194).
- commit 817285f
- cifs: fix session state check in reconnect to avoid
use-after-free issue (bsc#1255163, CVE-2023-53794).
- commit 0e35638
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 4abf8ac
- wifi: mac80211: ocb: skip rx_no_sta when interface is not joined
(CVE-2025-71224 bsc#1258824).
- commit cb35621
- Delete custom fix for bsc#1215420 as it caused regression bsc#1257672
Please notice that the backport for bsc#1215420 isn't needed for
SLE12-SP5 because the CVE does not apply here.
- Delete patches.kabi/netfilter-nft_set-preserver-kabi.patch.
- Delete
patches.suse/netfilter-Implement-reference-counting-for-nft_sets.patch.
- Delete
patches.suse/netfilter-take-a-reference-when-looking-up-nft_sets.patch.
- commit f1caf6c
- Bluetooth: Fix l2cap_disconnect_req deadlock (CVE-2023-53827
bsc#1255049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit 1c9a63f
- vhost-scsi: Fix handling of multiple calls to
vhost_scsi_set_endpoint (CVE-2025-22083 bsc#1241414).
- commit fc4b2ad
- gpiolib: cdev: fix NULL-pointer dereferences (git-fixes
CVE-2022-50453 bsc#1250887).
- commit 720a0a8
- KVM: Don't clobber irqfd routing type when deassigning irqfd
(CVE-2026-23198 bsc#1258321).
- commit 9210e96
- Bluetooth: L2CAP: Fix use-after-free in
l2cap_disconnect_{req,rsp} (CVE-2023-53827 bsc#1255049).
- Refresh
patches.suse/Bluetooth-L2CAP-Fix-corrupted-list-in-hci_chan_del.patch.
- commit b9be58b
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read()
(CVE-2023-53808 bsc#1254723).
- commit 8ddd031
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there
is no callback function (CVE-2023-53802 bsc#1254725).
- commit fa09e6d
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit 987fc92
- smb: client: fix memory leak in cifs_construct_tcon()
(bsc#1255129, CVE-2025-68295).
- commit 7183095
- btrfs: send: check for inline extents in
range_is_hole_in_parent() (bsc#1258377 CVE-2026-23141).
- commit 0c324f3
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit 0aa7839
- btrfs: fix NULL dereference on root when tracing inode eviction
(bsc#1257635 CVE-2025-71184).
- commit 97b4a24
- ALSA: usb-audio: Use the right limit for PCM OOB check
(CVE-2026-23208 bsc#1258468).
- ALSA: usb-audio: Prevent excessive number of frames
(CVE-2026-23208 bsc#1258468).
- commit 1a417a8
- btrfs: always detect conflicting inodes when logging inode refs
(bsc#1257631 CVE-2025-71183).
- commit f7a95eb
- crypto: fix kABI fixup for af_alg_ctx (bsc#1251966 CVE-2025-39964)
struct af_alg_ctx is completely internal and not relevant for
kABI stability: instances thereof are referenced exclusively from
`struct alg_sock`'s ->private and it doesn't appear in any EXPORTed
function's prototype.
Drop the existing, unneeded kABI fixup to struct af_alg_ctx in order
to facilitate subsequent backports affecting that struct's definition.
- commit de20ef8
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 8a5df43
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit e033ed1
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
(bsc#1256742 CVE-2025-71131).
- commit 0e8f309
- crypto: af_alg - zero initialize memory allocated via
sock_kmalloc (bsc#1256716 CVE-2025-71113).
- commit fd7a81e
- usb: dwc3: Fix race condition between concurrent
dwc3_remove_requests() call paths (CVE-2025-68287 bsc#1255152).
- commit 3edfe08
- crypto: asymmetric_keys - prevent overflow in
asymmetric_key_generate_id (bsc#1255550 CVE-2025-68724).
- commit 9c5c373
- crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui()
(bsc#1254992 CVE-2023-53817).
- commit bfc63b3
- gue: Fix skb memleak with inner IP protocol 0 (CVE-2026-23095
bsc#1257808).
- commit 3fbd310
- vsock/virtio: cap TX credit to local buffer size (CVE-2026-23086
bsc#1257757).
- commit ded7b5c
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx
(bsc#1251966 CVE-2025-39964).
- commit 4689216
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg
(bsc#1251966 CVE-2025-39964).
- commit 5d5f781
- be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list
(CVE-2026-23084 bsc#1257830).
- commit cfb18f3
- drm/mgag200: fix mgag200_bmc_stop_scanout() (bsc#1258153 bsc#1258226)
- commit 1fecfbd
- scsi: target: iscsit: Free cmds before session free
(CVE-2023-54184 bsc#1255991).
- commit b34bf9f
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 05d7a54
- scsi: imm: Fix use-after-free bug caused by unfinished delayed
work (CVE-2025-68234 bsc#1255416).
- commit fd3d164
- net/sched: act_ife: avoid possible NULL deref (CVE-2026-23064
bsc#1257765).
- net/sched: qfq: Use cl_is_active to determine whether class
is active in qfq_rm_from_ag (CVE-2026-23105 bsc#1257775).
- commit 880a2a6
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708, CVE-2025-71104).
- commit ad3585c
- Fix locking order issue then unsharing pmds.
Refresh
patches.suse/hugetlbfs-flush-TLBs-correctly-after-huge_pmd_unshar.patch.
- commit f19c57e
- nvme-tcp: fix NULL pointer dereferences in
nvmet_tcp_build_pdu_iovec (CVE-2026-22998 bsc#1257209).
- commit a0264a1
- nvme-fc: use lock accessing port_state and rport state
(CVE-2025-40342 bsc#1255274).
- commit 50aba1a
- net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473 bsc#1257732 CVE-2026-23054).
- commit 4f9f160
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit be8cfc1
- irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758 CVE-2026-23085)
- commit 640e30b
- Update
patches.suse/ip6_tunnel-use-skb_vlan_inet_prepare-in-__ip6_tnl_rcv.patch
(CVE-2026-23003 bsc#1257246 bsc#1257942).
- commit 4442655
- usb: storage: Fix memory leak in USB bulk transport
(bsc#1257949).
- commit 4443d16
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit 726823e
- ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv()
(CVE-2026-23003 bsc#1257246).
- commit 000c866
- geneve: Fix incorrect inner network header offset when
innerprotoinherit is set (CVE-2026-23003 bsc#1257246).
- commit 4a41a3f
- geneve: fix header validation in geneve_xmit_skb (CVE-2026-23003
bsc#1257246).
- commit 6cf7b31
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- util-linux-systemd
-
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).