- aaa_base
-
- Add patch git-51-fbf7ee9dc9cd970532a54eed6472d7f3b0e7f431.patch
* If a user switches the login shell respect the already set
PATH environment (bsc#1235481)
- add patch aaa_base-rc.status.patch (bsc#1236033)
(no git, file is gone in factory/tumbleweed)
update detection for systemd in rc.status, mountpoint for
cgroup changed with cgroup2, so just check if pid 1 is systemd
- ca-certificates-mozilla
-
- revert the distrusted certs for now. originally these only
distrust "new issued" certs starting after a certain date,
while old certs should still work. (bsc#1240343)
- remove-distrusted.patch: removed
- glibc
-
- pthread-wakeup.patch: pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ
[#25847])
- Mark functions in libc_nonshared.a as hidden (bsc#1239883)
- Bump minimal kernel version to 4.3 to enable use of direct socketcalls
on x86-32 and s390x (bsc#1234713)
- kernel-default
-
- Revert "Merge remote-tracking branch 'origin/users/sjaeckel/SLE15-SP6/for-next' into SLE15-SP6"
This reverts commit bb7a7b2a95aa93ef5db11cca2317b7fe59e19e38, reversing
changes made to ac2aed10902386a981d430e6af9b7946722682ea.
- commit 9b78ca6
- selftests: mptcp: close fd_in before returning in main_loop
(git-fixes).
- selftests: mptcp: fix incorrect fd checks in main_loop
(git-fixes).
- rndis_host: Flag RNDIS modems as WWAN devices (git-fixes).
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
(git-fixes).
- i3c: Add NULL pointer check in i3c_master_queue_ibi()
(git-fixes).
- i3c: master: svc: Use readsb helper for reading MDB (git-fixes).
- i3c: master: svc: Fix missing the IBI rules (git-fixes).
- soundwire: slave: fix an OF node reference leak in soundwire
slave device (git-fixes).
- bus: mhi: host: Fix race between unprepare and queue_buf
(git-fixes).
- iio: adc: ad7124: Fix comparison of channel configs (git-fixes).
- iio: adc: ad4130: Fix comparison of channel setups (git-fixes).
- iio: accel: msa311: Fix failure to release runtime pm if direct
mode claim fails (git-fixes).
- iio: accel: mma8452: Ensure error return on failure to matching
oversampling ratio (git-fixes).
- driver core: Remove needless return in void API
device_remove_group() (git-fixes).
- selftests/mm/cow: fix the incorrect error handling (git-fixes).
- commit 0fbd190
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
Replace our patch with the upstream version.
- Delete
patches.suse/RAS-AMD-FMPM-Fix-build-when-debugfs-is-not-enabled.patch.
- commit 9580b87
- kABI fix for RDMA/core: Don't expose hw_counters outside (git-fixes)
- commit 6079f81
- RDMA/core: Don't expose hw_counters outside of init net namespace (git-fixes)
- commit f134527
- rpm/release-projects: Update the ALP projects again (bsc#1231293).
- commit a2f9145
- nvme: move passthrough logging attribute to head (git-fixes).
- nvme: introduce nvme_disk_is_ns_head helper (git-fixes).
- commit e2a4340
- bpf: Add tracepoints with null-able arguments (bsc#1235501
CVE-2024-56702).
- commit 60ddcfa
- net: Add rx_skb of kfree_skb to raw_tp_null_args (bsc#1235501
CVE-2024-56702).
- commit 2f246d2
- bpf: Augment raw_tp arguments with PTR_MAYBE_NULL (bsc#1235501
CVE-2024-56702).
- commit bd84127
- mm/page_alloc: fix memory accept before watermarks gets
initialized (bsc#1239600).
- commit 10a4fc6
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit 67af0a4
- nvme-tcp: Fix a C2HTermReq error message (git-fixes).
- commit c4c365f
- nvme: move error logging from nvme_end_req() to __nvme_end_req()
(git-fixes).
- commit c939fa2
- nvme-fc: rely on state transitions to handle connectivity loss
(git-fixes bsc#1222649).
- commit 0e1fcfd
- nvme: allow passthru cmd error logging (git-fixes).
Refresh:
- patches.suse/nvme-fix-multipath-batched-completion-accounting.patch
- patches.suse/nvme-use-srcu-for-iterating-namespace-list.patch
- patches.suse/nvme-split-off-tls-sysfs-attributes-into-a-separate-group.patch
- commit ca344c0
- arm64: cputype: Add MIDR_CORTEX_A76AE (git-fixes)
- commit aad868b
- nvmet-fc: Remove unused functions (git-fixes).
- nvme-pci: remove stale comment (git-fixes).
- nvme-tcp: fix signedness bug in nvme_tcp_init_connection()
(git-fixes).
- nvmet-tcp: Fix a possible sporadic response drops in weakly
ordered arch (git-fixes).
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
(git-fixes).
- nvmet: remove old function prototype (git-fixes).
- nvme-ioctl: fix leaked requests on mapping error (git-fixes).
- nvme: only allow entering LIVE from CONNECTING state
(git-fixes bsc#1222649).
- nvmet-rdma: recheck queue state is LIVE in state lock in recv
done (git-fixes).
- nvme-tcp: add basic support for the C2HTermReq PDU (git-fixes).
- nvme-pci: quirk Acer FA100 for non-uniqueue identifiers
(git-fixes).
- nvme-fc: do not ignore connectivity loss during connecting
(git-fixes bsc#1222649).
Refresh:
- patches.suse/nvme-fc-use-ctrl-state-getter.patch
- nvme-fc: go straight to connecting state when initializing
(git-fixes bsc#1222649).
- commit 22d62a2
- arm64: dts: rockchip: Fix PWM pinctrl names (git-fixes)
- commit bea89fa
- arm64: dts: rockchip: Remove bluetooth node from rock-3a (git-fixes)
- commit 3224bb8
- arm64: tegra: Remove the Orin NX/Nano suspend key (git-fixes)
- commit bcfde59
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() (git-fixes)
- commit 4d30cdc
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe (git-fixes)
- commit 49aa8a8
- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre (git-fixes)
- commit eb80776
- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (git-fixes)
- commit b4f3b31
- idpf: fix checksums set in idpf_rx_rsc() (CVE-2025-21890
bsc#1240173).
- ice: Fix deinitializing VF in error path (CVE-2025-21883
bsc#1240189).
- ipvlan: ensure network headers are in skb linear part
(CVE-2025-21891 bsc#1240186).
- commit ac7a561
- Update
patches.suse/RDMA-bnxt_re-Fix-the-page-details-for-the-srq-create.patch
(git-fixes CVE-2025-21885 bsc#1240169).
- Update
patches.suse/RDMA-mlx5-Fix-a-WARN-during-dereg_mr-for-DM-type.patch
(git-fixes CVE-2025-21888 bsc#1240177).
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistra.patch
(git-fixes CVE-2025-21886 bsc#1240188).
- Update
patches.suse/RDMA-mlx5-Fix-the-recovery-flow-of-the-UMR-QP.patch
(git-fixes CVE-2025-21892 bsc#1240175).
- Update
patches.suse/i2c-npcm-disable-interrupt-enable-bit-before-devm_re.patch
(git-fixes CVE-2025-21878 bsc#1240192).
- Update
patches.suse/ibmvnic-Don-t-reference-skb-after-sending-to-VIOS.patch
(CVE-2025-21858 bsc#1239468 CVE-2025-21855 bsc#1239484).
- Update patches.suse/iommu-vt-d-Fix-suspicious-RCU-usage.patch
(git-fixes CVE-2025-21876 bsc#1240179).
- Update
patches.suse/ndisc-use-RCU-protection-in-ndisc_alloc_skb.patch
(bsc#1239994 CVE-2025-21764 bsc#1237885).
- Update
patches.suse/powerpc-code-patching-Disable-KASAN-report-during-pa.patch
(bsc#1215199 CVE-2025-21869 bsc#1240182).
- Update
patches.suse/usbnet-gl620a-fix-endpoint-checking-in-genelink_bind.patch
(git-fixes CVE-2025-21877 bsc#1240172).
- commit 9c6e710
- Update
patches.suse/block-fix-integer-overflow-in-BLKSECDISCARD.patch
(git-fixes CVE-2024-49994 bsc#1225770 bsc#1237757).
- Update
patches.suse/crypto-qat-qat_420xx-fix-off-by-one-in-uof_get_name.patch
(jsc#PED-12416 CVE-2024-53163 bsc#1234828).
- Update
patches.suse/crypto-qat-validate-slices-count-returned-by-FW.patch
(jsc#PED-12416 CVE-2024-38606 bsc#1226871).
- Update
patches.suse/dm-raid-Fix-WARN_ON_ONCE-check-for-sync_thread-in-ra.patch
(git-fixes CVE-2024-43820 bsc#1229311).
- Update
patches.suse/fbdev-pxafb-Fix-possible-use-after-free-in-pxafb_tas.patch
(stable-fixes CVE-2024-49924 bsc#1232364).
- Update
patches.suse/media-cx24116-prevent-overflows-on-SNR-calculus.patch
(git-fixes CVE-2024-50290 bsc#1233479 bsc#1225742).
- Update
patches.suse/media-dvbdev-prevent-the-risk-of-out-of-memory-acces.patch
(git-fixes CVE-2024-53063 bsc#1233557 bsc#1225742).
- commit e0b966a
- IB/mad: Check available slots before posting receive WRs (git-fixes)
- commit 34587d0
- RDMA/mlx5: Fix calculation of total invalidated pages (git-fixes)
- commit 2fa0f31
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (git-fixes)
- commit b249c41
- RDMA/mlx5: Fix cache entry update on dereg error (git-fixes)
- commit 0fe5ca5
- RDMA/mlx5: Fix MR cache initialization error flow (git-fixes)
- commit e5c2137
- RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() (git-fixes)
- commit 3634652
- power: supply: max77693: Fix wrong conversion of charge input
threshold value (git-fixes).
- pinctrl: qcom: Clear latched interrupt status when changing
IRQ type (git-fixes).
- pinctrl: tegra: Set SFIO mode to Mux Register (git-fixes).
- pinctrl: intel: Fix wrong bypass assignment in
intel_pinctrl_probe_pwm() (git-fixes).
- pinctrl: renesas: rza2: Fix missing of_node_put() call
(git-fixes).
- pinctrl: renesas: rzv2m: Fix missing of_node_put() call
(git-fixes).
- backlight: led_bl: Hold led_access lock when calling
led_sysfs_disable() (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix calculation of best period Hi-Res
PWMs (git-fixes).
- leds: rgb: leds-qcom-lpg: Fix pwm resolution max for Hi-Res PWMs
(git-fixes).
- Revert "leds-pca955x: Remove the unused function
pca95xx_num_led_regs()" (stable-fixes).
- crypto: nx - Fix uninitialised hv_nxc on error (git-fixes).
- crypto: qat - remove access to parity register for QAT GEN4
(git-fixes).
- crypto: qat - set parity error mask for qat_420xx (git-fixes).
- crypto: ccp - Fix uAPI definitions of PSP errors (git-fixes).
- crypto: iaa - Test the correct request flag (git-fixes).
- crypto: hisilicon/sec2 - fix for sec spec check (git-fixes).
- crypto: hisilicon/sec2 - fix for aead authsize alignment
(git-fixes).
- crypto: hisilicon/sec2 - fix for aead auth key length
(git-fixes).
- crypto: ccp - Fix check for the primary ASP device (git-fixes).
- lib: 842: Improve error handling in sw842_compress()
(git-fixes).
- commit 8ad02d4
- mfd: ene-kb3930: Fix a potential NULL pointer dereference
(git-fixes).
- mfd: sm501: Switch to BIT() to mitigate integer overflows
(git-fixes).
- mfd: syscon: Fix race in device_node_get_regmap() (git-fixes).
- mfd: syscon: Use scoped variables with memory allocators to
simplify error paths (stable-fixes).
- mfd: syscon: Add of_syscon_register_regmap() API (stable-fixes).
- mfd: syscon: Remove extern from function prototypes
(stable-fixes).
- commit 87db269
- ocfs2: mark dquot as inactive if failed to start trans while
releasing dquot (git-fixes).
- commit 54dc104
- ocfs2: fix deadlock in ocfs2_get_system_file_inode (git-fixes).
- commit 73be6ce
- ocfs2: update seq_file index in ocfs2_dlm_seq_next (git-fixes).
- commit ef7689a
- ocfs2: check dir i_size in ocfs2_find_entry (git-fixes).
- commit cc4c3a7
- ocfs2: handle a symlink read error correctly (git-fixes).
- commit 79c2998
- dlm: prevent NPD when writing a positive value to event_done
(git-fixes).
- commit 8f717c8
- jfs: add index corruption check to DT_GETPAGE() (git-fixes).
- commit bb32126
- jfs: fix slab-out-of-bounds read in ea_get() (git-fixes).
- commit 45fdfe2
- jfs: add check read-only before truncation in
jfs_truncate_nolock() (git-fixes).
- commit 88c1bf9
- jfs: add check read-only before txBeginAnon() call (git-fixes).
- commit 7ae1e64
- jfs: reject on-disk inodes of an unsupported type (git-fixes).
- commit fd3fbef
- Move upstreamed nfsd and sunrpc patches into sorted section
- commit 8ca9bbb
- Move upstreamed PCI and initramfs patches into sorted section
- commit 66970bb
- Move upstreamed powerpc and SCSI patches into sorted section
- commit 21807c4
- PCI: xilinx-cpm: Fix IRQ domain leak in error path of probe
(git-fixes).
- PCI: dwc: ep: Return -ENOMEM for allocation failures
(git-fixes).
- PCI: cadence-ep: Fix the driver to send MSG TLP for INTx
without data payload (git-fixes).
- PCI: brcmstb: Fix potential premature regulator disabling
(git-fixes).
- PCI: brcmstb: Fix error path after a call to
regulator_bulk_get() (git-fixes).
- PCI: brcmstb: Use internal register to change link capability
(git-fixes).
- PCI: brcmstb: Set generation limit before PCIe link up
(git-fixes).
- PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe()
(git-fixes).
- PCI: Avoid reset when disabled via sysfs (git-fixes).
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
(git-fixes).
- PCI/portdrv: Only disable pciehp interrupts early when needed
(git-fixes).
- PCI: Remove stray put_device() in pci_register_host_bridge()
(git-fixes).
- PCI: Fix reference leak in pci_alloc_child_bus() (git-fixes).
- PCI/ASPM: Fix link state exit during switch upstream function
removal (git-fixes).
- PCI/ACS: Fix 'pci=config_acs=' parameter (git-fixes).
- drm/amd/display: avoid NPD when ASIC does not support DMUB
(git-fixes).
- drm/mediatek: dsi: fix error codes in mtk_dsi_host_transfer()
(git-fixes).
- drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL
ptr (git-fixes).
- drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member
(git-fixes).
- drm/mediatek: mtk_hdmi: Unregister audio platform device on
failure (git-fixes).
- drm/msm/a6xx: Fix a6xx indexed-regs in devcoreduump (git-fixes).
- drm/msm/a6xx: Fix stale rpmh votes from GPU (git-fixes).
- drm/msm/dsi: Set PHY usescase (and mode) before registering
DSI host (git-fixes).
- drm/msm/dsi: Use existing per-interface slice count in DSC
timing (git-fixes).
- drm/msm/dpu: don't use active in atomic_check() (git-fixes).
- drm/amd/display: fix type mismatch in
CalculateDynamicMetadataParameters() (git-fixes).
- drm/amdkfd: Fix Circular Locking Dependency in
'svm_range_cpu_invalidate_pagetables' (git-fixes).
- drm/bridge: Fix spelling mistake "gettin" -> "getting"
(git-fixes).
- drm/repaper: fix integer overflows in repeat functions
(git-fixes).
- drm/panel: ilitek-ili9882t: fix GPIO name in error message
(git-fixes).
- drm/i915/dsi: Use TRANS_DDI_FUNC_CTL's own port width macro
(git-fixes).
- drm/amdgpu: Replace Mutex with Spinlock for RLCG register
access to avoid Priority Inversion in SRIOV (git-fixes).
- drm/amdgpu/umsch: declare umsch firmware (git-fixes).
- drm/radeon/ci_dpm: Remove needless NULL checks of dpm tables
(git-fixes).
- drm/vkms: Fix use after free and double free on init error
(git-fixes).
- drm: xlnx: zynqmp: Fix max dma segment size (git-fixes).
- drm/bridge: it6505: fix HDCP V match check is not performed
correctly (git-fixes).
- drm/dp_mst: Fix drm RAD print (git-fixes).
- drm/ssd130x: ensure ssd132x pitch is correct (git-fixes).
- drm/ssd130x: fix ssd132x encoding (git-fixes).
- drm/ssd130x: Set SPI .id_table to prevent an SPI core warning
(git-fixes).
- drm/bridge: ti-sn65dsi86: Fix multiple instances (git-fixes).
- fbdev: sm501fb: Add some geometry checks (git-fixes).
- mdacon: rework dependency list (git-fixes).
- dummycon: fix default rows/cols (git-fixes).
- fbdev: au1100fb: Move a variable assignment behind a null
pointer check (git-fixes).
- tpm, tpm_tis: Fix timeout handling when waiting for TPM status
(git-fixes).
- tpm: do not start chip while suspended (git-fixes).
- regulator: check that dummy regulator has been probed before
using it (stable-fixes).
- drm/amd/display: Use HW lock mgr for PSR1 when only one eDP
(git-fixes).
- drm/amdgpu: Fix JPEG video caps max size for navi1x and raven
(stable-fixes).
- drm/amdgpu: Fix MPEG2, MPEG4 and VC1 video caps max size
(stable-fixes).
- soc: imx8m: Unregister cpufreq and soc dev in cleanup path
(git-fixes).
- soc: imx8m: Use devm_* to simplify probe failure handling
(stable-fixes).
- soc: imx8m: Remove global soc_uid (stable-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task()
(stable-fixes).
- commit 0b221d1
- mptcp: pm: only set fullmesh for subflow endp (CVE-2025-21706 bsc#1238528)
- commit 1499b76
- net: ipv6: fix dst refleaks in rpl, seg6 and ioam6 lwtunnels
(git-fixes).
- net: ipv6: ioam6_iptunnel: mitigate 2-realloc issue (git-fixes).
- ioam6: improve checks on user data (git-fixes).
- net: ipv6: ioam6: new feature tunsrc (git-fixes).
- net: ipv6: ioam6: code alignment (git-fixes).
- ipv6: ioam: block BH from ioam6_output() (git-fixes).
- commit 2678976
- af_unix: Remove put_pid()/put_cred() in copy_peercred()
(bsc#1240334).
- commit 3c2ac6a
- splice: do not checksum AF_UNIX sockets (bsc#1240333).
- commit 73d1c92
- Reapply "wifi: ath11k: restore country code during resume"
(bsc#1207948).
- wifi: ath11k: choose default PM policy for hibernation
(bsc#1207948).
- wifi: ath11k: support non-WoWLAN mode suspend as well
(bsc#1207948).
- wifi: ath11k: refactor ath11k_core_suspend/_resume()
(bsc#1207948).
- wifi: ath11k: introduce ath11k_core_continue_suspend_resume()
(bsc#1207948).
- wifi: ath11k: determine PM policy based on machine model
(bsc#1207948).
- commit 776bdcc
- tee: optee: Fix supplicant wait loop (CVE-2025-21871
bsc#1240183).
- ASoC: SOF: ipc4-topology: Harden loops for looking up ALH
copiers (CVE-2025-21870 bsc#1240191).
- commit d4df66d
- kunit: qemu_configs: sparc: use Zilog console (git-fixes).
- bus: qcom-ssc-block-bus: Fix the error handling path of
qcom_ssc_block_bus_probe() (git-fixes).
- bus: qcom-ssc-block-bus: Remove some duplicated iounmap()
calls (git-fixes).
- memory: mtk-smi: Add ostd setting for mt8192 (git-fixes).
- soc: samsung: exynos-chipid: Add NULL pointer check in
exynos_chipid_probe() (git-fixes).
- soc: mediatek: mt8365-mmsys: Fix routing table masks and values
(git-fixes).
- soc: mediatek: mt8167-mmsys: Fix missing regval in all entries
(git-fixes).
- firmware: arm_scmi: use ioread64() instead of ioread64_hi_lo()
(git-fixes).
- firmware: arm_ffa: Explicitly cast return value from FFA_VERSION
before comparison (git-fixes).
- Bluetooth: HCI: Add definition of hci_rp_remote_name_req_cancel
(git-fixes).
- wifi: mt76: mt7925: remove unused acpi function for clc
(git-fixes).
- wifi: mt76: Add check for devm_kstrdup() (git-fixes).
- wifi: mt76: mt7925: fix country count limitation for CLC
(git-fixes).
- wifi: mt76: mt7925: ensure wow pattern command align fw format
(git-fixes).
- wifi: mt76: mt7915: fix possible integer overflows in
mt7915_muru_stats_show() (git-fixes).
- wifi: rtw89: pci: correct ISR RDU bit for 8922AE (git-fixes).
- wifi: rtw89: fw: correct debug message format in
rtw89_build_txpwr_trk_tbl_from_elm() (git-fixes).
- wifi: mwifiex: Fix premature release of RF calibration data
(git-fixes).
- wifi: cfg80211: init wiphy_work before allocating rfkill fails
(git-fixes).
- wifi: ath12k: Clear affinity hint before calling
ath12k_pci_free_irq() in error path (git-fixes).
- wifi: ath11k: Clear affinity hint before calling
ath11k_pcic_free_irq() in error path (git-fixes).
- wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor
mode (git-fixes).
- wifi: ath11k: fix RCU stall while reaping monitor destination
ring (git-fixes).
- wifi: ath11k: fix wrong overriding for VHT Beamformee STS
Capability (git-fixes).
- wifi: ath9k: do not submit zero bytes to the entropy pool
(git-fixes).
- wifi: ath12k: encode max Tx power in scan channel list command
(git-fixes).
- broadcom: fix supported flag check in periodic output function
(git-fixes).
- wifi: mac80211: fix integer overflow in hwmp_route_info_get()
(git-fixes).
- commit 62d1ca7
- drop_monitor: fix incorrect initialization order (CVE-2025-21862
bsc#1239474).
- rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
(CVE-2025-21635 bsc#1236111).
- net/smc: protect link down work from execute after lgr freed
(CVE-2024-56718 bsc#1235589).
- netfilter: IDLETIMER: Fix for possible ABBA deadlock
(CVE-2024-54683 bsc#1235729).
- net/smc: fix LGR and link use-after-free issue (CVE-2024-56640
bsc#1235436).
- ipv6: Fix soft lockups in fib6_select_path under high next
hop churn (CVE-2024-56703 bsc#1235455).
- commit 32a040d
- kABI fix for net: ipv6: support reporting otherwise unknown
prefix flags in RTM_NEWPREFIX (git-fixes).
- commit 3656735
- net: avoid race between device unregistration and ethnl ops
(CVE-2025-21701 bsc#1237164).
- commit adae27d
- net: usb: usbnet: restore usb%d name exception for local mac
addresses (bsc#1234480).
- commit 0605bcc
- x86/entry: Add __init to ia32_emulation_override_cmdline()
(git-fixes).
- commit 98c0019
- ALSA: hda: Fix speakers on ASUS EXPERTBOOK P5405CSA 1.0
(stable-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-support-for-various-ASUS-Laptop.patch.
- commit a9e9dbb
- ALSA: hda/realtek: Add support for various HP Laptops using
CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B5405 and B5605 Laptops
using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS B3405 and B3605 Laptops
using CS35L41 HDA (stable-fixes).
- commit 249008f
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix
control names (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 15s-du3xxx
(stable-fixes).
- commit 401355a
- coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes).
- ata: libata: Fix NCQ Non-Data log not supported print
(git-fixes).
- mtd: nand: Fix a kdoc comment (git-fixes).
- mtd: rawnand: brcmnand: fix PM resume warning (git-fixes).
- mtd: Add check for devm_kcalloc() (git-fixes).
- mtd: Replace kcalloc() with devm_kcalloc() (git-fixes).
- HID: Enable playstation driver independently of sony driver
(git-fixes).
- HID: remove superfluous (and wrong) Makefile entry for
CONFIG_INTEL_ISH_FIRMWARE_DOWNLOADER (git-fixes).
- platform/x86: dell-ddv: Fix temperature calculation (git-fixes).
- ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook
X515UA (git-fixes).
- ASoC: cs35l41: check the return value from spi_setup()
(git-fixes).
- ASoC: ti: j721e-evm: Fix clock configuration for
ti,j7200-cpb-audio compatible (git-fixes).
- ALSA: usb-audio: separate DJM-A9 cap lvl options (git-fixes).
- ALSA: hda/realtek: Always honor no_shutup_pins (git-fixes).
- ALSA: pcm: Drop superfluous NULL check in
snd_pcm_format_set_silence() (git-fixes).
- commit 52d0d3b
- netfilter: nf_set_pipapo: fix initial map fill (CVE-2024-57947
bsc#1236333).
- commit 970aeca
- include: net: add static inline dst_dev_overhead() to dst.h
(git-fixes).
- commit 38a62b9
- Refresh patches.suse/tpm-send_data-Wait-longer-for-the-TPM-to-become-read.patch.
Also extend the remaining tpm_tis_send_data timeout (bsc#1235870).
- commit 4b3d91d
- x86/microcode/intel: Add a minimum required revision for late loading (git-fixes).
- commit 5da2185
- x86/microcode: Prepare for minimal revision check (git-fixes).
- commit c420631
- x86/microcode: Handle "offline" CPUs correctly (git-fixes).
- commit 392e00e
- x86/apic: Provide apic_force_nmi_on_cpu() (git-fixes).
- commit b3900fd
- cpufreq/amd-pstate: Fix max_perf updation with schedutil
(bsc#1239707).
- commit fefd3ab
- kABI fix for ipv6: remove hard coded limitation on ipv6_pinfo
(git-fixes).
- commit 2b5c9da
- x86/microcode: Protect against instrumentation (git-fixes).
- commit c6912a2
- x86/microcode: Rendezvous and load in NMI (git-fixes).
- commit 62c98c3
- x86/microcode: Replace the all-in-one rendevous handler (git-fixes).
- commit 918f8ee
- x86/microcode: Provide new control functions (git-fixes).
- commit 8430c04
- x86/microcode: Add per CPU control field (git-fixes).
- commit 866b0a5
- x86/microcode: Add per CPU result state (git-fixes).
- commit 579033e
- net/smc: check smcd_v2_ext_offset when receiving proposal msg
(CVE-2024-47408 bsc#1235711).
- commit 2f01046
- x86/microcode: Clarify the late load logic (git-fixes).
- commit 6230ee4
- x86/microcode: Handle "nosmt" correctly (git-fixes).
- Refresh
patches.suse/x86-microcode-Sanitize-__wait_for_cpus.patch.
- commit dc94359
- x86/microcode: Clean up mc_cpu_down_prep() (git-fixes).
- commit bdacddf
- x86/microcode: Get rid of the schedule work indirection (git-fixes).
- commit 6a00f9e
- x86/microcode: Mop up early loading leftovers (git-fixes).
- commit 9018df4
- kABI fix for "netfilter: nft_inner: incorrect percpu area
handling under softirq" (CVE-2024-56638 bsc#1235524).
- commit 3acf757
- ipv6: introduce dst_rt6_info() helper (git-fixes).
- Refresh patches.suse/ipv6-prevent-UAF-in-ip6_send_skb.patch.
- Refresh patches.suse/net-fix-__dst_negative_advice-race.patch.
- commit a265247
- ipv6: sr: add missing seg6_local_exit (git-fixes).
- Refresh
patches.suse/ipv6-sr-fix-incorrect-unregister-order.patch.
- commit ef06a22
- ipv6: annotate data-races around cnf.disable_ipv6 (git-fixes).
- Refresh
patches.suse/ipv6-prevent-NULL-dereference-in-ip6_output.patch.
- commit 97af13b
- x86/microcode/amd: Use cached microcode for AP load (git-fixes).
- commit 916bc1a
- x86/microcode/amd: Cache builtin/initrd microcode early (git-fixes).
- commit 6cd5382
- x86/microcode/amd: Cache builtin microcode too (git-fixes).
- commit d0a37ed
- x86/microcode/amd: Use correct per CPU ucode_cpu_info (git-fixes).
- commit 834a488
- x86/microcode: Remove pointless apply() invocation (git-fixes).
- commit a5ea134
- ipv6: Set errno after ip_fib_metrics_init() in
ip6_route_info_create() (git-fixes).
- ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw()
(git-fixes).
- net: ipv6: fix missing dst ref drop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop in ila lwtunnel (git-fixes).
- net: ipv6: fix dst ref loop on input in rpl lwt (git-fixes).
- net: ipv6: fix dst ref loop on input in seg6 lwt (git-fixes).
- net: ipv6: rpl_iptunnel: mitigate 2-realloc issue (git-fixes).
- net: ipv6: seg6_iptunnel: mitigate 2-realloc issue (git-fixes).
- ipv6: release nexthop on device removal (CVE-2024-56751
bsc#1234936).
- net: ipv6: select DST_CACHE from IPV6_RPL_LWTUNNEL (git-fixes).
- net: ipv6: rpl_iptunnel: Fix memory leak in rpl_input
(git-fixes).
- ipv6: fix ndisc_is_useropt() handling for PIO (git-fixes).
- ipv6: take care of scope when choosing the src addr (git-fixes).
- net: use unrcu_pointer() helper (git-fixes).
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core()
(git-fixes).
- net: ipv6: rpl_iptunnel: block BH in rpl_output() and
rpl_input() (git-fixes).
- net: ipv6: fix wrong start position when receive hop-by-hop
fragment (git-fixes).
- ipv6: fib: hide unused 'pn' variable (git-fixes).
- ipv6: fib6_rules: flush route cache when rule is changed
(git-fixes).
- commit ae4c044
- ipv6: properly combine dev_base_seq and ipv6.dev_addr_genid
(git-fixes).
- ipv6: Ensure natural alignment of const ipv6 loopback and
router addresses (git-fixes).
- commit 3e6f7bb
- net: ipv6: support reporting otherwise unknown prefix flags
in RTM_NEWPREFIX (git-fixes).
- ipv6: fix potential NULL deref in fib6_add() (git-fixes).
- ipv6: avoid atomic fragment on GSO packets (git-fixes).
- ipv6: remove hard coded limitation on ipv6_pinfo (git-fixes).
- commit aab80f1
- x86/microcode/intel: Rework intel_find_matching_signature() (git-fixes).
- commit a8e1ba8
- x86/microcode/intel: Reuse intel_cpu_collect_info() git-fixes).
- commit 12d10b3
- x86/microcode/intel: Rework intel_cpu_collect_info() (git-fixes).
- commit 44d31ee
- x86/microcode/intel: Unify microcode apply() functions (git-fixes).
- Refresh
patches.suse/x86-microcode-intel-Remove-unnecessary-cache-writeback-and.patch.
- commit fd684d8
- x86/microcode/intel: Switch to kvmalloc() (git-fixes).
- commit deae801
- x86/microcode/intel: Save the microcode only after a successful late-load (git-fixes).
- commit c89162d
- x86/microcode/intel: Simplify early loading (git-fixes).
- commit 571e4fe
- x86/microcode/intel: Cleanup code further (git-fixes).
- commit 53a643e
- x86/microcode/32: Move early loading after paging enable (git-fixes).
- commit f3beb78
- x86/boot/32: Temporarily map initrd for microcode loading (git-fixes).
- commit f25c748
- x86/microcode: Provide CONFIG_MICROCODE_INITRD32 (git-fixes).
- commit 040895c
- x86/boot/32: Restructure mk_early_pgtbl_32() (git-fixes).
- commit bf7e36d
- x86/boot/32: De-uglify the 2/3 level paging difference in mk_early_pgtbl_32() (git-fixes).
- commit cb4b02a
- x86/boot: Use __pa_nodebug() in mk_early_pgtbl_32() (git-fixes).
- commit 1ec4661
- x86/boot/32: Disable stackprotector and tracing for mk_early_pgtbl_32() (git-fixes).
- commit 1bef486
- x86/microcode/intel: Simplify and rename generic_load_microcode() (git-fixes).
- commit 7d2da5d
- x86/microcode/intel: Simplify scan_microcode() (git-fixes).
- commit 4164fad
- x86/microcode/intel: Rip out mixed stepping support for Intel CPUs (git-fixes).
- commit 842e778
- x86/microcode/intel: Remove pointless mutex (git-fixes).
- commit d92edaf
- x86/microcode/intel: Remove debug code (git-fixes).
- commit f06da57
- x86/microcode: Move core specific defines to local header (git-fixes).
- Delete
patches.suse/x86-cpu-Fix-amd_check_microcode-declaration.patch.
- commit 68e5a18
- x86/hyperv: Fix output argument to hypercall that changes page
visibility (git-fixes).
- x86/hyperv/vtl: Stop kernel from probing VTL0 low memory
(git-fixes).
- commit d929456
- x86/microcode/intel: Rename get_datasize() since its used externally (git-fixes).
- commit cd4315f
- x86/microcode: Make reload_early_microcode() static (git-fixes).
- commit adc4f73
- x86/microcode: Include vendor headers into microcode.h (git-fixes).
- Refresh
patches.suse/platform-x86-intel-ifs-Gen2-scan-image-loading.patch.
- commit 9b8d381
- x86/microcode/intel: Move microcode functions out of cpu/intel.c (git-fixes).
- Refresh
patches.suse/x86-cpu-intel-Detect-TME-keyid-bits-before-setting-MTRR-ma.patch.
- commit 4e2f346
- x86/microcode: Hide the config knob (git-fixes).
- commit d6f3245
- x86/mm: Remove unused microcode.h include (git-fixes).
- commit 88b351c
- x86/microcode: Remove microcode_mutex (git-fixes).
- commit 9723346
- Revert "wifi: ath11k: support hibernation" (bsc#1207948).
- commit 36caa36
- Revert "wifi: ath11k: restore country code during resume"
(bsc#1207948).
- commit 18bdb23
- x86/microcode: Sanitize __wait_for_cpus() (git-fixes).
- commit 4a52b36
- x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes).
- commit a5f84ff
- x86/entry: Add __init to ia32_emulation_override_cmdline() (git-fixes).
- commit e6ba4df
- x86/coco: Replace 'static const cc_mask' with the newly introduced cc_get_mask() function (git-fixes).
- commit c13c7b0
- x86/usercopy: Fix kernel-doc func param name in clean_cache_range()'s description (git-fixes).
- commit 8e4bd72
- x86/fpu: Fix guest FPU state buffer allocation size (git-fixes).
- commit 0180053
- media: vim2m: print device name after registering device
(git-fixes).
- media: platform: stm32: Add check for clk_enable() (git-fixes).
- media: siano: Fix error handling in smsdvb_module_init()
(git-fixes).
- media: v4l2-dv-timings: prevent possible overflow in
v4l2_detect_gtf() (git-fixes).
- media: venus: hfi: add a check to handle OOB in sfr region
(git-fixes).
- media: venus: hfi: add check to handle incorrect queue size
(git-fixes).
- media: venus: hfi_parser: refactor hfi packet parsing logic
(git-fixes).
- media: venus: hfi_parser: add check to avoid out of bound access
(git-fixes).
- media: visl: Fix ERANGE error when setting enum controls
(git-fixes).
- media: platform: allgro-dvt: unregister v4l2_device on the
error path (git-fixes).
- media: verisilicon: HEVC: Initialize start_bit field
(git-fixes).
- media: i2c: adv748x: Fix test pattern selection mask
(git-fixes).
- media: i2c: ov7251: Introduce 1 ms delay between regulators
and en GPIO (git-fixes).
- media: i2c: ov7251: Set enable GPIO low in probe (git-fixes).
- media: i2c: ccs: Set the device's runtime PM status correctly
in remove (git-fixes).
- media: streamzap: prevent processing IR data on URB failure
(git-fixes).
- media: streamzap: fix race between device disconnection and
urb callback (git-fixes).
- auxdisplay: panel: Fix an API misuse in panel.c (git-fixes).
- mmc: omap: Fix memory leak in mmc_omap_new_slot (git-fixes).
- memstick: rtsx_usb_ms: Fix slab-use-after-free in
rtsx_usb_ms_drv_remove (git-fixes).
- mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD
(git-fixes).
- spi: cadence-qspi: Fix probe on AM62A LP SK (git-fixes).
- thermal: int340x: Add NULL check for adev (git-fixes).
- PM: sleep: Fix handling devices with direct_complete set on
errors (git-fixes).
- PM: sleep: Adjust check before setting power.must_resume
(git-fixes).
- selftests/x86/syscall: Fix coccinelle WARNING recommending
the use of ARRAY_SIZE() (git-fixes).
- commit d741ce2
- smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844 bsc#1239512)
- commit 5413aee
- smb: client: destroy cfid_put_wq on module exit (git-fixes).
- commit c180144
- ipv6: mcast: extend RCU protection in igmp6_send()
(CVE-2025-21759 bsc#1238738).
- commit 400a352
- ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-21760
bsc#1238763).
- commit 156bf64
- vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791
bsc#1238512).
- commit f01aefb
- openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
(CVE-2025-21761 bsc#1238775).
- commit 742de46
- arp: use RCU protection in arp_xmit() (CVE-2025-21762
bsc#1238780).
- commit 816de2a
- neighbour: use RCU protection in __neigh_notify()
(CVE-2025-21763 bsc#1237897).
- commit f8fc7e4
- ndisc: use RCU protection in ndisc_alloc_skb() (bsc#1239994).
- commit d3f8de7
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
(bsc#1239994).
- commit 60e0c13
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (git-fixes).
- commit 8abe0aa
- x86/cpu: Allow reducing x86_phys_bits during early_identify_cpu() (git-fixes).
- commit 095440f
- intel_idle: Add ibrs_off module parameter to force-disable IBRS (git-fixes).
- commit c35924e
- intel_idle: Use __update_spec_ctrl() in intel_idle_ibrs() (git-fixes).
- Refresh
patches.suse/x86-Fix-CPUIDLE_FLAG_IRQ_ENABLE-leaking-timer-reprogram.patch.
- commit d3998f0
- x86/idle: Disable IBRS when CPU is offline to improve single-threaded performance (git-fixes).
- commit 317b615
- x86/speculation: Add __update_spec_ctrl() helper (git-fixes).
- commit 3276cd3
- lockdep: Don't disable interrupts on RT in
disable_irq_nosync_lockdep.*() (git-fixes).
- kbuild: hdrcheck: fix cross build with clang (git-fixes).
- commit 77968cd
- ipv6: Use RCU in ip6_input() (bsc#1239994).
- commit 29ec493
- ipv6: icmp: convert to dev_net_rcu() (bsc#1239994).
- commit 4c35517
- flow_dissector: use RCU protection to fetch dev_net()
(bsc#1239994).
- commit a0e50a6
- ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765
bsc#1237906).
- commit c531d1f
- ipv4: use RCU protection in rt_is_expired() (bsc#1239994).
- commit 48756fc
- ipv4: use RCU protection in ipv4_default_advmss() (bsc#1239994).
- commit 81b29a5
- ipv4: use RCU protection in inet_select_addr() (bsc#1239994).
- commit 5eecff1
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
(bsc#1239994).
- commit 6188164
- ipv4: use RCU protection in __ip_rt_update_pmtu()
(CVE-2025-21766 bsc#1238754).
- commit 03eaa8b
- ipv4: add RCU protection to ip4_dst_hoplimit() (bsc#1239994).
- commit 95bdee3
- net: add dev_net_rcu() helper (bsc#1239994).
- commit 63dac1b
- net: mana: Support holes in device list reply msg (git-fixes).
- net: mana: cleanup mana struct after debugfs_remove()
(git-fixes).
- Drivers: hv: vmbus: Don't release fb_mmio resource in
vmbus_free_mmio() (git-fixes).
- clockevents/drivers/i8253: Fix stop sequence for timer 0
(git-fixes).
- commit a640830
- rpm/kernel-binary.spec.in: Fix missing 20-kernel-default-extra.conf (bsc#1239986)
sle_version was obsoleted for SLE16. It has to be combined with
suse_version check.
- commit cbd5de3
- kABI workaround for intel-ish-hid (git-fixes).
- commit c1e0e59
- HID: intel-ish-hid: Send clock sync message immediately after
reset (stable-fixes).
- commit bb56845
- kABI workaround for soc_mixer_control changes (git-fixes).
- commit 41b23df
- i2c: amd-mp2: drop free_irq() of devm_request_irq() allocated
irq (git-fixes).
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
(stable-fixes).
- USB: serial: option: fix Telit Cinterion FE990A name
(stable-fixes).
- USB: serial: option: add Telit Cinterion FE990B compositions
(stable-fixes).
- USB: serial: option: match on interface class for Telit FN990B
(stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
more devices (stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
several devices (stable-fixes).
- Input: i8042 - add required quirks for missing old boardnames
(stable-fixes).
- Input: i8042 - swap old quirk combination with new quirk for
NHxxRZQ (stable-fixes).
- Input: xpad - rename QH controller to Legion Go S
(stable-fixes).
- Input: xpad - add support for TECNO Pocket Go (stable-fixes).
- Input: xpad - add support for ZOTAC Gaming Zone (stable-fixes).
- Input: xpad - add multiple supported devices (stable-fixes).
- Input: xpad - add 8BitDo SN30 Pro, Hyperkin X91 and Gamesir
G7 SE controllers (stable-fixes).
- ASoC: ops: Consistently treat platform_max as control value
(git-fixes).
- drm/i915/cdclk: Do cdclk post plane programming later
(stable-fixes).
- drm/atomic: Filter out redundant DPMS calls (stable-fixes).
- drm/amd/display: Assign normalized_pix_clk when color depth =
14 (stable-fixes).
- drm/amd/display: Restore correct backlight brightness after
a GPU reset (stable-fixes).
- drm/amd/display: Disable unneeded hpd interrupts during dm_init
(stable-fixes).
- drm/hyperv: Fix address space leak when Hyper-V DRM device is
removed (git-fixes).
- HID: apple: disable Fn key handling on the Omoton KB066
(git-fixes).
- drm/nouveau: Do not override forced connector status
(stable-fixes).
- drm/vkms: Round fixp2int conversion in lerp_u16 (stable-fixes).
- ASoC: tas2764: Set the SDOUT polarity correctly (stable-fixes).
- ASoC: tas2764: Fix power control mask (stable-fixes).
- ASoC: tas2770: Fix volume scale (stable-fixes).
- net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors
(stable-fixes).
- ASoC: SOF: amd: Handle IPC replies before FW_BOOT_COMPLETE
(stable-fixes).
- ASoC: SOF: Intel: hda: add softdep pre to snd-hda-codec-hdmi
module (stable-fixes).
- ASoC: arizona/madera: use fsleep() in up/down DAPM event delays
(stable-fixes).
- usb: phy: generic: Use proper helper for property detection
(stable-fixes).
- platform/x86: thinkpad_acpi: Support for V9 DYTC platform
profiles (stable-fixes).
- platform/x86: thinkpad_acpi: Fix invalid fan speed on ThinkPad
X120e (stable-fixes).
- HID: apple: fix up the F6 key on the Omoton KB066 keyboard
(stable-fixes).
- HID: hid-apple: Apple Magic Keyboard a3203 USB-C support
(stable-fixes).
- HID: topre: Fix n-key rollover on Realforce R3S TKL boards
(stable-fixes).
- HID: ignore non-functional sensor in HP 5MP Camera
(stable-fixes).
- HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in
doorbell (stable-fixes).
- ACPI: resource: IRQ override for Eluktronics MECH-17
(stable-fixes).
- vboxsf: fix building with GCC 15 (stable-fixes).
- platform/x86/intel: pmc: fix ltr decode in pmc_core_ltr_show()
(stable-fixes).
- commit 3767537
- regulator: dummy: force synchronous probing (git-fixes).
- regulator: core: Fix deadlock in create_regulator() (git-fixes).
- commit 74ce27f
- Refresh
patches.suse/udp-Deal-with-race-between-UDP-socket-address-change-and-r.patch.
- commit 4648743
- tools: move alignment-related macros to new <linux/align.h> (git-fixes).
Fix tools/ build breakage introduced by suse commit 3d6cb93162fd
"bitmap: introduce generic optimized bitmap_size() (git-fixes)"
- commit a17c3c2
- memblock tests: fix warning: "__ALIGN_KERNEL" redefined (git-fixes).
Fix tools/ build breakage introduced by suse commit 3d6cb93162fd
"bitmap: introduce generic optimized bitmap_size() (git-fixes)"
- commit 2860902
- kABI: ufshcd: add ufshcd_dealloc_host back (CVE-2025-21739
bsc#1238506).
- commit 722da19
- KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
(CVE-2024-58083 bsc#1239036).
- commit bbd863b
- nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848
bsc#1239479).
- commit bd498df
- ACPI: processor: idle: Return an error if both P_LVL{2,3}
idle states are invalid (bsc#1237530).
- commit f46ae1f
- udp: Deal with race between UDP socket address change and rehash
(CVE-2024-57974 bsc#1238532).
- commit d248d8d
- drm/radeon: fix uninitialized size issue in
radeon_vce_cs_parse() (git-fixes).
- gpu: host1x: Do not assume that a NULL domain means no DMA IOMMU
(git-fixes).
- accel/qaic: Fix integer overflow in qaic_validate_req()
(git-fixes).
- accel/qaic: Fix possible data corruption in BOs > 2G
(git-fixes).
- drm/v3d: Don't run jobs that have errors flagged in its fence
(git-fixes).
- drm/sched: Fix fence reference count leak (git-fixes).
- batman-adv: Ignore own maximum aggregation size during RX
(git-fixes).
- Bluetooth: hci_event: Fix connection regression between LE
and non-LE adapters (git-fixes).
- Bluetooth: Fix error code in chan_alloc_skb_cb() (git-fixes).
- can: flexcan: disable transceiver during system PM (git-fixes).
- can: flexcan: only change CAN state when link up in system PM
(git-fixes).
- can: rcar_canfd: Fix page entries in the AFL list (git-fixes).
- can: ucan: fix out of bound read in strscpy() source
(git-fixes).
- mmc: sdhci-brcmstb: add cqhci suspend/resume to PM ops
(git-fixes).
- mmc: atmel-mci: Add missing clk_disable_unprepare() (git-fixes).
- commit fa047d8
- RDMA/hns: Fix wrong value of max_sge_rd (git-fixes)
- commit be0fccb
- RDMA/hns: Fix missing xa_destroy() (git-fixes)
- commit 7560f3b
- RDMA/hns: Fix a missing rollback in error path of hns_roce_create_qp_common() (git-fixes)
- commit fae22e5
- RDMA/hns: Fix unmatched condition in error path of alloc_user_qp_db() (git-fixes)
- commit 4a61cfc
- RDMA/hns: Fix soft lockup during bt pages loop (git-fixes)
- commit d7a5712
- RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path (git-fixes)
- commit 1c0ffc5
- RDMA/mlx5: Handle errors returned from mlx5r_ib_rate() (git-fixes)
- commit fb56cee
- RDMA/bnxt_re: Add missing paranthesis in map_qp_id_to_tbl_indx (git-fixes)
- commit d9ad94d
- RDMA/rxe: Fix the failure of ibv_query_device() and ibv_query_device_ex() tests (git-fixes)
- commit 3a68d14
- scsi: ufs: core: Fix use-after free in init error and remove
paths (CVE-2025-21739 bsc#1238506).
- commit f971898
- btrfs: use a separate end_io handler for extent_buffer writing
(bsc#1239045).
- btrfs: don't use btrfs_bio_ctrl for extent buffer writing
(bsc#1239045).
- btrfs: remove the mirror_num argument to
btrfs_submit_compressed_read (bsc#1239045).
- btrfs: subpage: fix error handling in
end_bio_subpage_eb_writepage (bsc#1239045).
- commit 5ca42b7
- ata: sata_highbank: fix OF node reference leak in
highbank_initialize_phys() (git-fixes).
- commit a7b4ac3
- ata: sata_sil: Rename sil_blacklist to sil_quirks (git-fixes).
- commit c17a6ef
- ata: pata_serverworks: Do not use the term blacklist
(git-fixes).
- commit cdc9008
- ata: libata-scsi: Check ATA_QCFLAG_RTF_FILLED before using
result_tf (git-fixes).
- commit cf84546
- ata: libata-scsi: Remove redundant sense_buffer memsets
(git-fixes).
- commit 3ff83f7
- ata: ahci: Add mask_port_map module parameter (git-fixes).
- commit f3d1fc7
- ata: pata_parport: fit3: implement IDE command set registers
(git-fixes).
- commit b753758
- arm64: dts: rockchip: fix pinmux of UART5 for PX30 Ringneck on Haikou (git-fixes)
- commit e6786aa
- ata: pata_parport: add custom version of wait_after_reset
(git-fixes).
- commit 92ba445
- arm64: dts: rockchip: Add missing PCIe supplies to RockPro64 board (git-fixes)
- commit d1b0425
- arm64: dts: rockchip: Add avdd HDMI supplies to RockPro64 board dtsi (git-fixes)
- commit b541e7c
- arm64: dts: rockchip: Remove undocumented sdmmc property from (git-fixes)
- commit 4d05cf3
- arm64: dts: rockchip: fix pinmux of UART0 for PX30 Ringneck on Haikou (git-fixes)
- commit cfcc878
- arm64: dts: freescale: imx8mm-verdin-dahlia: add Microphone Jack to (git-fixes)
- commit e1ac37c
- arm64: dts: freescale: tqma8mpql: Fix vqmmc-supply (git-fixes)
- commit 86fe977
- arm64: mm: Populate vmemmap at the page level if not section aligned (git-fixes)
- commit 9a15b23
- arm64: dts: rockchip: add rs485 support on uart5 of (git-fixes)
- commit 674715a
- mm: zswap: move allocations during CPU init outside the lock
(git-fixes).
- commit 4a03990
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog()
(git-fixes CVE-2025-21703 bsc#1237313).
- commit ca9c9ec
- iommu/vt-d: Fix suspicious RCU usage (git-fixes).
- commit 57c0aea
- net_sched: sch_sfq: handle bigger packets (git-fixes).
- Refresh
patches.suse/net_sched-sch_sfq-don-t-allow-1-packet-limit.patch.
- commit e8a43b7
- net/sched: act_api: rely on rcu in tcf_idr_check_alloc
(git-fixes).
- Refresh
patches.suse/net-sched-act_api-fix-possible-infinite-loop-in-tcf_.patch.
- commit b0f7ecb
- net_sched: Prevent creation of classes with TC_H_ROOT
(git-fixes).
- net/sched: cls_api: fix error handling causing NULL dereference
(git-fixes CVE-2025-21857 bsc#1239478).
- net/sched: netem: account for backlog updates from child qdisc
(git-fixes CVE-2024-56770 bsc#1235637).
- net/sched: tbf: correct backlog statistic for GSO packets
(git-fixes).
- net/sched: cbs: Fix integer overflow in cbs_set_port_rate()
(git-fixes).
- net/sched: act_api: deny mismatched skip_sw/skip_hw flags for
actions created by classifiers (git-fixes).
- net/sched: taprio: make q->picos_per_byte available to
fill_sched_entry() (git-fixes).
- net/sched: adjust device watchdog timer to detect stopped
queue at right time (git-fixes).
- net_sched: sch_sfq: annotate data-races around q->perturb_period
(git-fixes).
- net/sched: flower: Add lock protection when remove filter handle
(git-fixes).
- net/sched: cls_u32: replace int refcounts with proper refcounts
(git-fixes).
- commit a5cca5e
- powerpc/pseries/eeh: move pseries_eeh_err_inject() outside
CONFIG_DEBUG_FS block (bsc#1239573).
- powerpc/pseries/eeh: Fix pseries_eeh_err_inject (bsc#1239573).
- powerpc: Stop using no_llseek (bsc#1239573).
- commit 5b9a0f5
- wifi: rtl8xxxu: Perform update_beacon_work when beaconing is
enabled (git-fixes).
- commit 39d5ea8
- kABI fix for netlink: terminate outstanding dump on socket close
(git-fixes).
- commit b2fd571
- usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
(bsc#1232389 CVE-2024-50056).
- commit e07e4ef
- netlink: terminate outstanding dump on socket close
(CVE-2024-53140 bsc#1234222).
- net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT
(CVE-2024-53057 bsc#1233551).
- commit b824575
- usb: gadget: uvc: fix try format returns on uncompressed formats
(bsc#1232389 CVE-2024-50056).
- commit d2b161f
- mm: zswap: properly synchronize freeing resources during CPU
hotunplug (bsc#1237029 CVE-2025-21693).
- commit 215e0dc
- series.conf: temporarily disable patches.suse/md-md-bitmap-fix-writing-non-bitmap-pages-ab99.patch (bsc#1238212)
- commit bc1d649
- initramfs: fix hardlink hash leak without TRAILER (bsc#1232848).
- initramfs: allocate heap buffers together (bsc#1232848).
- init: add initramfs_internal.h (bsc#1232848).
- commit f42c132
- net: stmmac: fix TSO DMA API usage causing oops (CVE-2024-56719 bsc#1235591)
- commit 66963e5
- Documentation: qat: fix auto_reset attribute details (git-fixes).
- Documentation: qat: fix auto_reset section (git-fixes).
- commit f832e33
- supported.conf: add now-included qat_420xx (external, intel)
- commit 85940df
- net: constify sk_dst_get() and __sk_dst_get() argument
(git-fixes).
- commit a24981b
- crypto: qat - Fix missing destroy_workqueue in adf_init_aer() (jsc#PED-12416).
- crypto: qat - Fix typo "accelaration" (jsc#PED-12416).
- crypto: qat - Constify struct pm_status_row (jsc#PED-12416).
- crypto: qat - remove unused adf_devmgr_get_first (jsc#PED-12416).
- crypto: qat/qat_420xx - fix off by one in uof_get_name() (jsc#PED-12416).
- crypto: iaa - Remove potential infinite loop in check_completion() (jsc#PED-12416).
- crypto: qat - Remove trailing space after \n newline (jsc#PED-12416).
- crypto: qat - fix "Full Going True" macro definition (jsc#PED-12416).
- crypto: qat - Use static_assert() to check struct sizes (jsc#PED-12416).
- crypto: qat - allow disabling SR-IOV VFs (jsc#PED-12416).
- crypto: qat - ensure correct order in VF restarting handler (jsc#PED-12416).
- crypto: qat - fix recovery flow for VFs (jsc#PED-12416).
- crypto: qat - preserve ADF_GENERAL_SEC (jsc#PED-12416).
- crypto: qat - initialize user_input.lock for rate_limiting (jsc#PED-12416).
- crypto: qat - make adf_ctl_class constant (jsc#PED-12416).
- crypto: qat - Fix typo (jsc#PED-12416).
- crypto: qat - fix linking errors when PCI_IOV is disabled (jsc#PED-12416).
- crypto: iaa - Use kmemdup() instead of kzalloc() and memcpy() (jsc#PED-12416).
- crypto: qat - validate slices count returned by FW (jsc#PED-12416).
- crypto: qat - improve error message in adf_get_arbiter_mapping() (jsc#PED-12416).
- crypto: qat - implement dh fallback for primes > 4K (jsc#PED-12416).
- crypto: iaa - Use cpumask_weight() when rebalancing (jsc#PED-12416).
- crypto: qat - Fix spelling mistake "Invalide" -> "Invalid" (jsc#PED-12416).
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (jsc#PED-12416).
- crypto: iaa - Change iaa statistics to atomic64_t (jsc#PED-12416).
- crypto: iaa - Add global_stats file and remove individual stat files (jsc#PED-12416).
- crypto: iaa - Remove comp/decomp delay statistics (jsc#PED-12416).
- crypto: iaa - fix decomp_bytes_in stats (jsc#PED-12416).
- crypto: qat - implement interface for live migration (jsc#PED-12416).
- crypto: qat - add interface for live migration (jsc#PED-12416).
- crypto: qat - add bank save and restore flows (jsc#PED-12416).
- crypto: qat - expand CSR operations for QAT GEN4 devices (jsc#PED-12416).
- crypto: qat - rename get_sla_arr_of_type() (jsc#PED-12416).
- crypto: qat - relocate CSR access code (jsc#PED-12416).
- crypto: qat - move PFVF compat checker to a function (jsc#PED-12416).
- crypto: qat - relocate and rename 4xxx PF2VM definitions (jsc#PED-12416).
- crypto: qat - adf_get_etr_base() helper (jsc#PED-12416).
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (jsc#PED-12416).
- crypto: iaa - Fix comp/decomp delay statistics (jsc#PED-12416).
- crypto: qat - make ring to service map common for QAT GEN4 (jsc#PED-12416).
- crypto: qat - fix ring to service map for dcc in 420xx (jsc#PED-12416).
- crypto: qat - fix comment structure (jsc#PED-12416).
- crypto: qat - remove unnecessary description from comment (jsc#PED-12416).
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (jsc#PED-12416).
- crypto: qat - improve aer error reset handling (jsc#PED-12416).
- crypto: qat - limit heartbeat notifications (jsc#PED-12416).
- crypto: qat - add auto reset on error (jsc#PED-12416).
- crypto: qat - add fatal error notification (jsc#PED-12416).
- crypto: qat - re-enable sriov after pf reset (jsc#PED-12416).
- crypto: qat - update PFVF protocol for recovery (jsc#PED-12416).
- crypto: qat - disable arbitration before reset (jsc#PED-12416).
- crypto: qat - add fatal error notify method (jsc#PED-12416).
- crypto: qat - add heartbeat error simulator (jsc#PED-12416).
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (jsc#PED-12416).
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (jsc#PED-12416).
- crypto: iaa - Remove header table code (jsc#PED-12416).
- crypto: qat - avoid memcpy() overflow warning (jsc#PED-12416).
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (jsc#PED-12416).
- crypto: qat - generate dynamically arbiter mappings (jsc#PED-12416).
- crypto: qat - add support for ring pair level telemetry (jsc#PED-12416).
- commit 5d1d9ed
- crypto: qat - add support for device telemetry (jsc#PED-12416). - Refresh patches.suse/crypto-qat-disable-IOV-in-adf_dev_stop.patch. - Refresh patches.suse/crypto-qat-remove-check-after-debugfs_create_dir.patch.
- commit 3d131da
- crypto: qat - add admin msgs for telemetry (jsc#PED-12416).
- crypto: qat - include pci.h for GET_DEV() (jsc#PED-12416).
- crypto: iaa - remove unneeded semicolon (jsc#PED-12416).
- crypto: iaa - Remove unneeded newline in update_max_adecomp_delay_ns() (jsc#PED-12416).
- crypto: iaa - Change desc->priv to 0 (jsc#PED-12416).
- crypto: qat - add support for 420xx devices (jsc#PED-12416).
- crypto: qat - move fw config related structures (jsc#PED-12416).
- crypto: qat - relocate portions of qat_4xxx code (jsc#PED-12416).
- crypto: qat - change signature of uof_get_num_objs() (jsc#PED-12416).
- seq_file: add helper macro to define attribute for rw file (jsc#PED-12416).
- commit 8fbb076
- Update config files for PED-12416: QAT_420XX=m on x86, disable error injection.
- commit bbce3cc
- mm/zswap: change per-cpu mutex and buffer to per-acomp_ctx
(bsc#1237029 CVE-2025-21693).
- commit 0b762e3
- usb: gadget: uvc: Fix use-after-free for inflight usb_requests
(bsc#1232389 CVE-2024-50056).
- commit 2525765
- usb: gadget: uvc: move video disable logic to its own function
(bsc#1232389 CVE-2024-50056).
- commit 2ceecdc
- usb: gadget: uvc: Allocate uvc_requests one at a time
(bsc#1232389 CVE-2024-50056).
- commit 4e4b74d
- usb: gadget: uvc: prevent use of disabled endpoint (bsc#1232389
CVE-2024-50056).
- commit fe7e829
- usb: gadget: uvc: clean up comments and styling in video_pump
(bsc#1232389 CVE-2024-50056).
- commit c00889e
- Bluetooth: Improve setsockopt() handling of malformed user input
(git-fixes).
- commit b7abeef
- btrfs: drop the backref cache during relocation if we commit
(bsc#1239605).
- btrfs: check delayed refs when we're checking if a ref exists
(bsc#1239605).
- commit cfc9247
- xhci: dbc: Fix STALL transfer event handling (git-fixes).
- commit cae0f76
- Update
patches.suse/net-sched-use-RCU-read-side-critical-section-in-taprio_dump.patch
(CVE-2024-50126 bsc#1232895).
- commit 4fbfb83
- xhci: dbc: Replace custom return value with proper Linux error
code (git-fixes).
- commit 8f2f3fe
- xhci: dbc: Check for errors first in xhci_dbc_stop()
(git-fixes).
- commit 393eaad
- xhci: dbc: Use ATTRIBUTE_GROUPS() (git-fixes).
- commit c847619
- xhci: dbc: Use sysfs_emit() to instead of scnprintf()
(git-fixes).
- commit fdc638e
- xhci: dbc: Convert to use sysfs_streq() (git-fixes).
- commit de56eef
- xhci: dbc: Drop duplicate checks for dma_free_coherent()
(git-fixes).
- commit b4ff421
- Update
patches.suse/xhci-Combine-two-if-statements-for-Etron-xHCI-host.patch
(git-fixes).
- Update
patches.suse/xhci-Don-t-issue-Reset-Device-command-to-Etron-xHCI-.patch
(git-fixes).
Fix false references introduced by reusing patches for SP7 needed
for a feature
- commit f1a52b1
- ila: serialize calls to nf_register_net_hooks() (CVE-2024-57900
bsc#1235973).
- commit a940895
- efi/libstub: Bump up EFI_MMAP_NR_SLACK_SLOTS to 32
(bsc#1239349).
- commit 4c2eac0
- kABI fix for tcp: replace tcp_time_stamp_raw() (git-fixes).
- kABI fix for tcp: fix cookie_init_timestamp() overflows
(git-fixes).
- commit e3c259b
- ubi: Add a check for ubi_num (git-fixes).
- ubi: fastmap: wl: Schedule fm_work if wear-leveling pool is
empty (git-fixes).
- ubi: wl: Put source PEB into correct list if trying locking
LEB failed (git-fixes).
- ubi: block: fix null-pointer-dereference in ubiblock_create()
(git-fixes).
- ubi: eba: properly rollback inside self_check_eba (git-fixes).
- ubi: correct the calculation of fastmap size (stable-fixes).
- ubi: block: Fix use-after-free in ubiblock_cleanup (git-fixes).
- ubi: fastmap: may_reserve_for_fm: Don't reserve PEB if fm_anchor
exists (git-fixes).
- ubi: fastmap: Fix missed ec updating after erasing old fastmap
data block (git-fixes).
- commit 123f0f1
- soc: qcom: pdr: Fix the potential deadlock (git-fixes).
- firmware: imx-scu: fix OF node leak in .probe() (git-fixes).
- commit cbadc13
- tcp: introduce tcp_clock_ms() (git-fixes).
- commit ef89ad4
- include/linux/mmzone.h: clean up watermark accessors
(bsc#1239600).
- commit 9cc8558
- mm: create promo_wmark_pages and clean up open-coded sites
(bsc#1239600).
- commit 9684a94
- tcp: process the 3rd ACK with sk_socket for TFO/MPTCP
(git-fixes).
- tcp: reduce accepted window in NEW_SYN_RECV state (git-fixes).
- tcp: replace tcp_time_stamp_raw() (git-fixes).
- commit 3bc54d8
- mm: accept to promo watermark (bsc#1239600).
- commit 1ee3b42
- mm: fix endless reclaim on machines with unaccepted memory
(bsc#1239600).
- commit 2f9ff68
- dm-flakey: Fix memory corruption in optional corrupt_bio_byte
feature (git-fixes).
- commit a688092
- kABI fix for tcp: drop secpath at the same time as we currently
drop (CVE-2025-21864 bsc#1239482).
- commit 79a237f
- usb: xhci: Enable the TRB overfetch quirk on VIA VL805
(git-fixes).
- commit f5ad85e
- xhci: pci: Use standard pattern for device IDs (git-fixes).
- Refresh
patches.suse/xhci-pci-Fix-indentation-in-the-PCI-device-ID-defini.patch.
- commit 6e83d36
- xhci: Don't perform Soft Retry for Etron xHCI host (git-fixes).
- commit 9beb310
- xhci: Don't issue Reset Device command to Etron xHCI host
(jsc#PED-10701).
- commit 5ad7a28
- xhci: Combine two if statements for Etron xHCI host
(jsc#PED-10701).
- commit 68c16e1
- xhci: Cleanup Candence controller PCI device and vendor ID usage
(git-fixes).
- commit df43775
- usb: xHCI: add XHCI_RESET_ON_RESUME quirk for Phytium xHCI host
(git-fixes).
- commit 1479d30
- usb: xhci: remove 'retval' from xhci_pci_resume() (git-fixes).
- commit 6f73c8c
- xhci: Apply XHCI_RESET_TO_DEFAULT quirk to TGL (git-fixes).
- commit 32a2ce7
- xhci: pci: Use PCI_VENDOR_ID_RENESAS (git-fixes).
- commit 02e0809
- xhci: pci: Group out Thunderbolt xHCI IDs (git-fixes).
- commit 3ebb63d
- xhci: pci: Use full names in PCI IDs for Intel platforms
(git-fixes).
- commit 38d020d
- ila: call nf_unregister_net_hooks() sooner (CVE-2024-46782
bsc#1230769).
- commit e9d9715
- Input: iqs7222 - preserve system status register (git-fixes).
- commit 1f2a9a2
- Input: iqs7222 - add support for IQS7222D v1.1 and v1.2
(git-fixes).
- commit 9ee6aed
- Input: iqs7222 - add support for Azoteq IQS7222D (git-fixes).
- commit 6fedbfd
- Update
patches.suse/ASoC-SOF-stream-ipc-Check-for-cstream-nullity-in-sof.patch
(git-fixes CVE-2025-21847 bsc#1239471).
- Update
patches.suse/HID-multitouch-Add-NULL-check-in-mt_input_configured.patch
(git-fixes CVE-2024-58020 bsc#1239346).
- Update
patches.suse/USB-gadget-f_midi-f_midi_complete-to-call-queue_work.patch
(git-fixes CVE-2025-21859 bsc#1239467).
- Update patches.suse/acct-perform-last-write-from-workqueue.patch
(git-fixes CVE-2025-21846 bsc#1239508).
- Update
patches.suse/block-don-t-revert-iter-for-EIOCBQUEUED.patch
(git-fixes CVE-2025-21832 bsc#1239105).
- Update
patches.suse/fbdev-omap-use-threaded-IRQ-for-LCD-DMA.patch
(stable-fixes CVE-2025-21821 bsc#1239174).
- Update
patches.suse/nfsd-clear-acl_access-acl_default-after-releasing-them.patch
(git-fixes CVE-2025-21796 bsc#1238716).
- Update
patches.suse/nvmet-Fix-crash-when-a-namespace-is-disabled.patch
(git-fixes CVE-2025-21850 bsc#1239477).
- Update
patches.suse/orangefs-fix-a-oob-in-orangefs_debug_write.patch
(git-fixes CVE-2025-21782 bsc#1239117).
- Update
patches.suse/partitions-mac-fix-handling-of-bogus-partition-table.patch
(git-fixes CVE-2025-21772 bsc#1238911).
- Update
patches.suse/powerpc-code-patching-Fix-KASAN-hit-by-not-flagging-.patch
(bsc#1215199 CVE-2025-21866 bsc#1239473).
- commit d74c347
- nvkm/gsp: correctly advance the read pointer of GSP message queue (bsc#1238997 CVE-2024-58019)
- commit 73aa11f
- i2c: sis630: Fix an error handling path in sis630_probe()
(git-fixes).
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
(git-fixes).
- i2c: ali1535: Fix an error handling path in ali1535_probe()
(git-fixes).
- i2c: omap: fix IRQ storms (git-fixes).
- commit a2963cf
- Input: ads7846 - fix gpiod allocation (git-fixes).
- commit 829ae40
- ASoC: amd: yc: Support mic on another Lenovo ThinkPad E16 Gen
2 model (stable-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Pavilion x360
14-dy1xxx (stable-fixes).
- commit 10b7907
- ASoC: codecs: wm0010: Fix error handling path in
wm0010_spi_probe() (git-fixes).
- ASoC: rt722-sdca: add missing readable registers (git-fixes).
- drm/dp_mst: Fix locking when skipping CSN before topology
probing (git-fixes).
- drm/gma500: Add NULL check for pci_gfx_root in
mid_get_vbt_data() (git-fixes).
- drm/amd/display: Fix slab-use-after-free on hdcp_work
(git-fixes).
- commit 866bbeb
- Refresh patches.suse/mptcp-fix-rcv-buffer-auto-tuning.patch.
- Refresh
patches.suse/mptcp-move-__mptcp_error_report-in-protocol.c.patch.
- Refresh
patches.suse/tcp-define-initial-scaling-factor-value-as-a-macro.patch.
- Refresh
patches.suse/tcp-increase-the-default-TCP-scaling-ratio.patch.
After discussing with @jwiesner: re-introduce b8dc6d6ce ("mptcp: fix rcv
buffer auto-tuning")
- commit 2c38df3
- mm/migrate_device: don't add folio to be freed to LRU in
migrate_device_finalize() (CVE-2025-21861 bsc#1239483).
- commit 2aaf230
- mm: migrate_device: use more folio in migrate_device_finalize()
(CVE-2025-21861 bsc#1239483 dependency).
- commit 6c15dfd
- geneve: Suppress list corruption splat in
geneve_destroy_tunnels() (CVE-2025-21858 bsc#1239468).
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl()
(CVE-2025-21865 bsc#1239481).
- ibmvnic: Don't reference skb after sending to VIOS
(CVE-2025-21858 bsc#1239468).
- geneve: Fix use-after-free in geneve_find_dev() (CVE-2025-21858
bsc#1239468).
- commit 37714b5
- drm/amdgpu: Check extended configuration space register when
system uses large bar (stable-fixes).
- Refresh
patches.suse/drm-amdgpu-disable-BAR-resize-on-Dell-G5-SE.patch.
- commit 3119f0d
- wifi: cfg80211: cancel wiphy_work before freeing wiphy
(git-fixes).
- wifi: iwlwifi: mvm: fix PNVM timeout for non-MSI-X platforms
(git-fixes).
- Bluetooth: hci_event: Fix enabling passive scanning (git-fixes).
- usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass
Storage Card Reader (stable-fixes).
- intel_th: pci: Add Panther Lake-P/U support (stable-fixes).
- intel_th: pci: Add Panther Lake-H support (stable-fixes).
- intel_th: pci: Add Arrow Lake support (stable-fixes).
- mei: me: add panther lake P DID (stable-fixes).
- gpio: rcar: Use raw_spinlock to protect register access
(stable-fixes).
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad
X131e (stable-fixes).
- drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress
200M (stable-fixes).
- drm/i915/ddi: Fix HDMI port width programming in DDI_BUF_CTL
(git-fixes).
- xhci: pci: Fix indentation in the PCI device ID definitions
(stable-fixes).
- drm/i915/xe2lpd: Move D2D enable/disable (stable-fixes).
- commit afdffc3
- Delete patches.suse/APEI-GHES-Have-GHES-honor-the-panic-setting.patch (bsc#1239615)
The panic-on-reboot behavior change is too surprsing as an update,
better to be reverted during SP
- commit 38b0ca3
- dm-crypt: track tag_offset in convert_context (git-fixes).
- commit e418c3f
- dm-crypt: don't update io->sector after
kcryptd_crypt_write_io_submit() (git-fixes).
- commit 4e42a0d
- dm-ebs: don't set the flag DM_TARGET_PASSES_INTEGRITY
(git-fixes).
- commit d656a3c
- dm-verity FEC: Fix RS FEC repair for roots unaligned to block
size (take 2) (git-fixes).
mwilck: some hand editing because d95e2c34a3ca ("dm verity: Fix IO
priority lost when reading FEC and hash") is missing
- commit 952c7af
- dm array: fix cursor index when skipping across block boundaries
(git-fixes).
- commit 9559a70
- dm array: fix unreleased btree blocks on closing a faulty
array cursor (git-fixes).
- commit 3401ff8
- dm thin: Add missing destroy_work_on_stack() (git-fixes).
- commit b8c64af
- dm: Fix typo in error message (git-fixes).
- commit 085bad2
- dm-unstriped: cast an operand to sector_t to prevent potential
uint32_t overflow (git-fixes).
- commit 9289690
- Revert "dm: requeue IO if mapping table not yet available"
(git-fixes).
- commit 5102f1f
- dm-integrity: fix a race condition when accessing recalc_sector
(git-fixes).
- commit f9223d3
- dm persistent data: fix memory allocation failure (git-fixes).
- commit 6ad0a55
- dm resume: don't return EINVAL when signalled (git-fixes).
- commit b83910f
- dm suspend: return -ERESTARTSYS instead of -EINTR (git-fixes).
- commit d18f8de
- dm-raid: Fix WARN_ON_ONCE check for sync_thread in raid_resume
(git-fixes).
- commit 6d3fcd8
- dm init: Handle minors larger than 255 (git-fixes).
- commit 73dcd27
- bitmap: introduce generic optimized bitmap_size() (git-fixes).
- commit 3d6cb93
- dm-delay: fix max_delay calculations (git-fixes).
- commit 9bd5588
- dm-delay: fix hung task introduced by kthread mode (git-fixes).
- commit c232aae
- dm-delay: fix workqueue delay_timer race (git-fixes).
- commit d3bc4cb
- dm integrity: fix out-of-range warning (git-fixes).
- commit 94146a8
- dm-integrity: align the outgoing bio in integrity_recheck
(git-fixes).
- commit 8ef7f34
- tcp: Defer ts_recent changes until req is owned (git-fixes).
- tcp: adjust rcvq_space after updating scaling ratio (git-fixes).
- tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
(git-fixes).
- tcp: check space before adding MPTCP SYN options (git-fixes).
- commit 3e8333c
- tcp: fix TFO SYN_RECV to not zero retrans_stamp with retransmits
out (git-fixes).
- tcp: fix tcp_enter_recovery() to zero retrans_stamp when it's
safe (git-fixes).
- tcp: fix to allow timestamp undo if no retransmits were sent
(git-fixes).
- commit 057626d
- tcp: avoid reusing FIN_WAIT2 when trying to find port in
connect() process (git-fixes).
- commit b709352
- tcp: fix forever orphan socket caused by tcp_abort (git-fixes).
- commit ee5bb6a
- tcp: Update window clamping condition (git-fixes).
- commit 21c2df7
- tcp: Adjust clamping window for applications specifying
SO_RCVBUF (git-fixes).
- commit 45a6b13
- tcp: Don't drop SYN+ACK for simultaneous connect() (git-fixes).
- commit d347622
- tcp: fix races in tcp_v_err() (git-fixes).
- commit 7d8961a
- tcp: fix races in tcp_abort() (git-fixes).
- commit 57c21f2
- tcp: fix race in tcp_write_err() (git-fixes).
- commit f7c5a0b
- tcp: add tcp_done_with_error() helper (git-fixes).
- commit 67b079b
- tcp: fix incorrect undo caused by DSACK of TLP retransmit
(git-fixes).
- commit 7fc3dc6
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call
tcp_try_to_open() (git-fixes).
- commit 481ef49
- tcp: fix tcp_rcv_fastopen_synack() to enter TCP_CA_Loss for
failed TFO (git-fixes).
- commit e0d6e17
- tcp: clear tp->retrans_stamp in tcp_rcv_fastopen_synack()
(git-fixes).
- commit 2f9ac53
- tcp: fix race in tcp_v6_syn_recv_sock() (git-fixes).
- commit debc800
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (git-fixes).
- commit e578c32
- tcp: remove 64 KByte limit for initial tp->rcv_wnd value
(git-fixes).
- commit a0f87a0
- tcp: avoid premature drops in tcp_add_backlog() (git-fixes).
- commit 9d8f16e
- tcp: increase the default TCP scaling ratio (git-fixes).
- commit 37d2a56
- tcp: annotate data-races around tp->window_clamp (git-fixes).
- Refresh
patches.suse/mptcp-cope-racing-subflow-creation-in-mptcp_rcv_spac.patch.
- commit baccd3e
- tcp: Fix bind() regression for v6-only wildcard and
v4(-mapped-v6) non-wildcard addresses (git-fixes).
- commit 10a8fd3
- tcp: Fix NEW_SYN_RECV handling in inet_twsk_purge() (git-fixes).
- commit 2c65748
- tcp: fix incorrect parameter validation in the
do_tcp_getsockopt() function (git-fixes).
- commit 1b71f1e
- tcp: Add memory barrier to tcp_push() (git-fixes).
- commit 9e18439
- tcp: fix mid stream window clamp (git-fixes).
- commit 1da9c62
- tcp: define initial scaling factor value as a macro (git-fixes).
- Refresh
patches.suse/tcp-get-rid-of-sysctl_tcp_adv_win_scale.patch.
- Refresh
patches.suse/tcp-reorganize-tcp_sock-fast-path-variables.patch.
- commit 5d65891
- tcp: fix cookie_init_timestamp() overflows (git-fixes).
- commit 35f4bde
- tcp: derive delack_max from rto_min (git-fixes).
- commit 681cef6
- tcp: check mptcp-level constraints for backlog coalescing
(git-fixes).
- commit f47afe8
- s390/traps: Fix test_monitor_call() inline assembly (git-fixes
bsc#1239595).
- commit e1c229c
- s390/stackleak: Use exrl instead of ex in __stackleak_poison()
(git-fixes bsc#1239594).
- commit bf5ac4c
- s390/ism: add release function for struct device (git-fixes
CVE-2025-21856 bsc#1239486).
- commit ae9aecd
- tcp: drop secpath at the same time as we currently drop dst
(CVE-2025-21864 bsc#1239482).
- commit 068f76d
- tcp: properly terminate timers for kernel sockets
(CVE-2024-35910 bsc#1224489).
- commit cd84ccc
- net: sched: use RCU read-side critical section in taprio_dump()
(CVE-2024-50140 bsc#1233060).
- commit 481b06f
- spi: microchip-core: Use helper function devm_clk_get_enabled()
(git-fixes).
- commit ba5bb35
- spi: microchip-core: Clean up redundant dev_err_probe()
(git-fixes).
- Refresh
patches.suse/spi-microchip-core-switch-to-use-modern-name.patch.
- commit e92f46c
- net/smc: check iparea_offset and ipv6_prefixes_cnt when
receiving proposal msg (CVE-2024-49571 bsc#1235733).
- commit d49e720
- kABI: bpf: Prevent tailcall infinite loop caused by freplace
kABI workaround (bsc#1235712 CVE-2024-47794).
- commit b659789
- bpf: Prevent tailcall infinite loop caused by freplace
(bsc#1235712 CVE-2024-47794).
- commit 594a2b0
- netdev: prevent accessing NAPI instances from another namespace
(CVE-2025-21659 bsc#1236206).
- commit 4814e4a
- ice: Remove and readd netdev during devlink reload (bsc#1230497
bsc#1239518).
- Refresh
patches.suse/ice-add-ice_adapter-for-shared-data-across-PFs-on-th.patch.
- commit fac3f79
- HID: hid-steam: Fix use-after-free when detaching device
(git-fixes).
- HID: appleir: Fix potential NULL dereference at raw event handle
(git-fixes).
- HID: intel-ish-hid: Fix use-after-free issue in
ishtp_hid_remove() (git-fixes).
- HID: google: fix unused variable warning under !CONFIG_ACPI
(git-fixes).
- HID: i2c-hid: Skip SET_POWER SLEEP for Cirque touchpad on
system suspend (stable-fixes).
- commit 66671e7
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
(git-fixes).
- commit e9a08e4
- net: mana: Allow variable size indirection table (bsc#1239016).
- Refresh
patches.suse/net-mana-Enable-debugfs-files-for-MANA-device.patch.
- commit 987aac3
- net: mana: Fix irq_contexts memory leak in mana_gd_setup_irqs
(bsc#1239015).
- net: mana: Fix memory leak in mana_gd_setup_irqs (bsc#1239015).
- net: mana: Avoid open coded arithmetic (bsc#1239016).
- RDMA/mana_ib: Prefer struct_size over open coded arithmetic
(bsc#1239016).
- net: mana: Add flex array to struct mana_cfg_rx_steer_req_v2
(bsc#1239016).
- net: mana: Assigning IRQ affinity on HT cores (bsc#1239015).
- net: mana: add a function to spread IRQs per CPUs (bsc#1239015).
- cpumask: define cleanup function for cpumasks (bsc#1239015).
- cpumask: add cpumask_weight_andnot() (bsc#1239015).
- commit 99e576d
- af_unix: Disable MSG_OOB handling for sockets in
sockmap/sockhash (bsc#1239435).
- af_unix: Annotate data-race of sk->sk_state in
unix_stream_read_skb() (bsc#1239435).
- commit 53fc06a
- padata: fix sysfs store callback check (git-fixes).
- commit 9e53996
- netpoll: Fix race condition in netpoll_owner_active
(CVE-2024-41005 bsc#1227858).
- commit edbf839
- sched/membarrier: Fix redundant load of membarrier_state
(bsc#1232743).
- commit 4b4693f
- tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for
server bind (git-fixes).
- commit acac4ee
- selftests/bpf: Add test case for the freeing of bpf_timer
(bsc#1238971 CVE-2025-21825).
- bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
(bsc#1238971 CVE-2025-21825).
- commit d0cb4f3
- kABI fix for l2tp: prevent possible tunnel refcount underflow
(CVE-2024-49940 bsc#1232812).
- commit d6225ab
- powerpc/pseries/iommu: memory notifier incorrectly adds TCEs
for pmemory (bsc#1239167 ltc#211055).
- commit 1543fff
- l2tp: fix lockdep splat (git-fixes).
- commit 1b614a9
- l2tp: fix ICMP error handling for UDP-encap sockets (git-fixes).
- commit 9f93194
- net l2tp: drop flow hash on forward (git-fixes).
- commit c98f745
- l2tp: fix incorrect parameter validation in the
pppol2tp_getsockopt() function (git-fixes).
- commit 33af351
- net_sched: sch_sfq: don't allow 1 packet limit (CVE-2024-57996
bsc#1239076).
- commit 8f719fe
- ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during
params (CVE-2024-58012 bsc#1239104).
- commit 3d2e163
- usb: gadget: Check bmAttributes only if configuration is valid
(git-fixes).
- usb: gadget: Fix setting self-powered state on suspend
(git-fixes).
- commit 1151d65
- usb: typec: ucsi: Fix NULL pointer access (git-fixes).
- usb: hub: lack of clearing xHC resources (git-fixes).
- usb: renesas_usbhs: Flush the notify_hotplug_work (git-fixes).
- usb: renesas_usbhs: Use devm_usb_get_phy() (git-fixes).
- usb: renesas_usbhs: Call clk_put() (git-fixes).
- usb: dwc3: gadget: Prevent irq storm when TH re-executes
(git-fixes).
- usb: typec: ucsi: increase timeout for PPM reset operations
(git-fixes).
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix
functionality (git-fixes).
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
(git-fixes).
- usb: gadget: u_ether: Set is_suspend flag if remote wakeup fails
(git-fixes).
- usb: atm: cxacru: fix a flaw in existing endpoint checks
(git-fixes).
- drivers: core: fix device leak in __fw_devlink_relax_cycles()
(git-fixes).
- Revert "drivers/card_reader/rtsx_usb: Restore interrupt based
detection" (git-fixes).
- bus: simple-pm-bus: fix forced runtime PM use (git-fixes).
- char: misc: deallocate static minor in error path (git-fixes).
- eeprom: digsy_mtc: Make GPIO lookup table match the device
(git-fixes).
- drivers: virt: acrn: hsm: Use kzalloc to avoid info leak in
pmcmd_ioctl (git-fixes).
- slimbus: messaging: Free transaction ID in delayed interrupt
scenario (git-fixes).
- cdx: Fix possible UAF error in driver_override_show()
(git-fixes).
- bus: mhi: host: pci_generic: Use pci_try_reset_function()
to avoid deadlock (git-fixes).
- iio: filter: admv8818: Force initialization of SDO (git-fixes).
- iio: dac: ad3552r: clear reset status flag (git-fixes).
- iio: adc: at91-sama5d2_adc: fix sama7g5 realbits value
(git-fixes).
- commit 481095d
- Update
patches.suse/HID-hid-thrustmaster-fix-stack-out-of-bounds-read-in.patch
(git-fixes CVE-2025-21794 bsc#1238502).
- Update
patches.suse/NFC-nci-Add-bounds-checking-in-nci_hci_create_pipe.patch
(git-fixes CVE-2025-21735 bsc#1238497).
- Update
patches.suse/PCI-Avoid-putting-some-root-ports-into-D3-on-TUXEDO-.patch
(git-fixes CVE-2025-21831 bsc#1239039).
- Update
patches.suse/PCI-rcar-ep-Fix-incorrect-variable-used-when-calling.patch
(git-fixes CVE-2025-21804 bsc#1238736).
- Update
patches.suse/RDMA-mlx5-Fix-a-race-for-an-ODP-MR-which-leads-to-CQ.patch
(git-fixes CVE-2025-21732 bsc#1237877).
- Update
patches.suse/RDMA-mlx5-Fix-implicit-ODP-use-after-free.patch
(git-fixes CVE-2025-21714 bsc#1237890).
- Update
patches.suse/RDMA-rxe-Fix-the-warning-__rxe_cleanup-0x12c-0x170-r.patch
(git-fixes CVE-2025-21829 bsc#1239030).
- Update
patches.suse/Revert-drm-amd-display-Use-HW-lock-mgr-for-PSR1.patch
(stable-fixes CVE-2025-21819 bsc#1238994).
- Update
patches.suse/USB-hub-Ignore-non-compliant-devices-with-too-many-c.patch
(stable-fixes CVE-2025-21776 bsc#1238909).
- Update
patches.suse/arm64-cacheinfo-Avoid-out-of-bounds-write-to-cacheinfo-array.patch
(git-fixes CVE-2025-21785 bsc#1238747).
- Update
patches.suse/ata-libata-sff-Ensure-that-we-cannot-write-outside-t.patch
(stable-fixes CVE-2025-21738 bsc#1238917).
- Update
patches.suse/batman-adv-Drop-unmanaged-ELP-metric-worker.patch
(git-fixes CVE-2025-21823 bsc#1238475).
- Update
patches.suse/batman-adv-fix-panic-during-interface-removal.patch
(git-fixes CVE-2025-21781 bsc#1238735).
- Update
patches.suse/blk-cgroup-Fix-class-block_class-s-subsystem-refcount-leakage.patch
(bsc#1237558 CVE-2025-21745 bsc#1238785).
- Update
patches.suse/block-bfq-fix-waker_bfqq-UAF-after-bfq_split_bfqq.patch
(git-fixes CVE-2025-21631 bsc#1236099).
- Update
patches.suse/can-ctucanfd-handle-skb-allocation-failure.patch
(git-fixes CVE-2025-21775 bsc#1238501).
- Update
patches.suse/can-etas_es58x-fix-potential-NULL-pointer-dereferenc.patch
(git-fixes CVE-2025-21773 bsc#1238762).
- Update
patches.suse/driver-core-class-Fix-wild-pointer-dereferences-in-A.patch
(git-fixes CVE-2025-21810 bsc#1238757).
- Update
patches.suse/drm-amdgpu-avoid-buffer-overflow-attach-in-smu_sys_s.patch
(stable-fixes CVE-2025-21780 bsc#1239115).
- Update
patches.suse/drm-amdgpu-bail-out-when-failed-to-load-fw-in-psp_in.patch
(git-fixes CVE-2025-21784 bsc#1238510).
- Update patches.suse/landlock-Handle-weird-files.patch (git-fixes
CVE-2025-21830 bsc#1239033).
- Update patches.suse/misc-fastrpc-Fix-copy-buffer-page-size.patch
(git-fixes CVE-2025-21734 bsc#1238734).
- Update
patches.suse/mm-compaction-fix-UBSAN-shift-out-of-bounds-warning.patch
(git fixes (mm/compaction) CVE-2025-21815 bsc#1238474).
- Update
patches.suse/msft-hv-3160-KVM-x86-Reject-Hyper-V-s-SEND_IPI-hypercalls-if-loca.patch
(git-fixes CVE-2025-21779 bsc#1238768).
- Update
patches.suse/nbd-don-t-allow-reconnect-after-disconnect.patch
(git-fixes CVE-2025-21731 bsc#1237881).
- Update
patches.suse/net-rose-fix-timer-races-against-user-threads.patch
(git-fixes CVE-2025-21718 bsc#1239073).
- Update patches.suse/net-rose-lock-the-socket-in-rose_bind.patch
(git-fixes CVE-2025-21749 bsc#1238904).
- Update
patches.suse/net-rose-prevent-integer-overflows-in-rose_setsockop.patch
(git-fixes CVE-2025-21711 bsc#1239114).
- Update
patches.suse/net-usb-rtl8150-enable-basic-endpoint-checking.patch
(git-fixes CVE-2025-21708 bsc#1239087).
- Update
patches.suse/nilfs2-fix-possible-int-overflows-in-nilfs_fiemap.patch
(git-fixes CVE-2025-21736 bsc#1238715).
- Update patches.suse/padata-avoid-UAF-for-reorder_work.patch
(git-fixes CVE-2025-21726 bsc#1238865).
- Update patches.suse/padata-fix-UAF-in-padata_reorder.patch
(git-fixes CVE-2025-21727 bsc#1237876).
- Update
patches.suse/scsi-mpi3mr-Fix-possible-crash-when-setting-up-bsg-f.patch
(git-fixes CVE-2025-21723 bsc#1238864).
- Update patches.suse/spi-sn-f-ospi-Fix-division-by-zero.patch
(git-fixes CVE-2025-21793 bsc#1238500).
- Update patches.suse/tty-xilinx_uartps-split-sysrq-handling.patch
(git-fixes CVE-2025-21820 bsc#1238479).
- Update
patches.suse/usb-cdc-acm-Check-control-transfer-buffer-size-befor.patch
(git-fixes CVE-2025-21704 bsc#1237571).
- Update
patches.suse/usb-gadget-core-flush-gadget-workqueue-after-device-.patch
(git-fixes CVE-2025-21838 bsc#1239065).
- Update
patches.suse/usb-gadget-f_midi-fix-MIDI-Streaming-descriptor-leng.patch
(git-fixes CVE-2025-21835 bsc#1239068).
- Update patches.suse/usbnet-ipheth-fix-DPE-OoB-read.patch
(git-fixes CVE-2025-21741 bsc#1238767).
- Update
patches.suse/usbnet-ipheth-fix-possible-overflow-in-DPE-length-ch.patch
(git-fixes CVE-2025-21743 bsc#1238781).
- Update
patches.suse/usbnet-ipheth-use-static-NDP16-location-in-URB.patch
(git-fixes CVE-2025-21742 bsc#1238771).
- Update
patches.suse/vsock-Keep-the-binding-until-socket-destruction.patch
(git-fixes CVE-2025-21756 bsc#1238876).
- Update
patches.suse/wifi-brcmfmac-Check-the-return-value-of-of_property_.patch
(stable-fixes CVE-2025-21750 bsc#1238905).
- Update
patches.suse/wifi-brcmfmac-fix-NULL-pointer-dereference-in-brcmf_.patch
(stable-fixes CVE-2025-21744 bsc#1238903).
- Update
patches.suse/wifi-mac80211-don-t-flush-non-uploaded-STAs.patch
(git-fixes CVE-2025-21828 bsc#1238958).
- Update patches.suse/zram-fix-potential-UAF-of-zram-table.patch
(git-fixes CVE-2025-21671 bsc#1236692).
- commit 0d7f015
- Update
patches.suse/Bluetooth-L2CAP-handle-NULL-sock-pointer-in-l2cap_so.patch
(git-fixes CVE-2024-58009 bsc#1238760).
- Update
patches.suse/Bluetooth-MGMT-Fix-slab-use-after-free-Read-in-mgmt_.patch
(stable-fixes CVE-2024-58013 bsc#1239095).
- Update
patches.suse/HID-core-Fix-assumption-that-Resolution-Multipliers-.patch
(git-fixes CVE-2024-57986 bsc#1237907).
- Update
patches.suse/HID-hid-thrustmaster-Fix-warning-in-thrustmaster_pro.patch
(git-fixes CVE-2024-57993 bsc#1237894).
- Update
patches.suse/PCI-dwc-ep-Prevent-changing-BAR-size-flags-in-pci_ep.patch
(git-fixes CVE-2024-58006 bsc#1238772).
- Update
patches.suse/block-Fix-page-refcounts-for-unaligned-buffers-in-__bio_release_pages.patch
(git-fixes CVE-2024-35826 bsc#1224610).
- Update
patches.suse/block-avoid-to-reuse-hctx-not-removed-from-cpuhp-callback-list.patch
(git-fixes CVE-2024-41149 bsc#1235698).
- Update
patches.suse/block-fix-integer-overflow-in-BLKSECDISCARD.patch
(git-fixes CVE-2024-49994 bsc#1225770).
- Update
patches.suse/cifs-fix-potential-null-pointer-use-in-destroy_workqueue-in-init_ci.patch
(bsc#1231432 CVE-2024-42307 bsc#1229361).
- Update
patches.suse/clk-qcom-dispcc-sm6350-Add-missing-parent_map-for-a-.patch
(git-fixes CVE-2024-58080 bsc#1239027).
- Update
patches.suse/clk-qcom-gcc-sm6350-Add-missing-parent_map-for-two-c.patch
(git-fixes CVE-2024-58076 bsc#1239037).
- Update
patches.suse/drm-amdgpu-Fix-potential-NULL-pointer-dereference-in.patch
(git-fixes CVE-2024-58052 bsc#1238986).
- Update
patches.suse/drm-msm-gem-prevent-integer-overflow-in-msm_ioctl_ge.patch
(git-fixes CVE-2024-52559 bsc#1238507).
- Update
patches.suse/drm-v3d-Stop-active-perfmon-if-it-is-being-destroyed.patch
(git-fixes CVE-2024-58086 bsc#1239038).
- Update patches.suse/idpf-convert-workqueues-to-unbound.patch
(git-fixes CVE-2024-58057 bsc#1238969).
- Update
patches.suse/ipmi-ipmb-Add-check-devm_kasprintf-returned-value.patch
(git-fixes CVE-2024-58051 bsc#1238963).
- Update
patches.suse/media-imx-jpeg-Fix-potential-error-pointer-dereferen.patch
(git-fixes CVE-2024-57978 bsc#1238523).
- Update
patches.suse/media-uvcvideo-Fix-crash-during-unbind-if-gpio-unit-.patch
(git-fixes CVE-2024-58079 bsc#1239029).
- Update
patches.suse/media-uvcvideo-Fix-double-free-in-error-path.patch
(git-fixes CVE-2024-57980 bsc#1237911).
- Update
patches.suse/media-uvcvideo-Remove-dangling-pointers.patch
(git-fixes CVE-2024-58002 bsc#1238503).
- Update
patches.suse/media-vidtv-Fix-a-null-ptr-deref-in-vidtv_mux_stop_t.patch
(stable-fixes CVE-2024-57834 bsc#1238993).
- Update
patches.suse/memory-tegra20-emc-fix-an-OF-node-reference-bug-in-t.patch
(git-fixes CVE-2024-58034 bsc#1238773).
- Update
patches.suse/misc-misc_minor_alloc-to-use-ida-for-all-dynamic-mis.patch
(git-fixes CVE-2024-58078 bsc#1239034).
- Update
patches.suse/net-fix-removing-a-namespace-with-conflicting-altnam.patch
(bsc#1233749 CVE-2024-26634 bsc#1221651).
- Update patches.suse/null_blk-fix-validation-of-block-size.patch
(git-fixes CVE-2024-41077 bsc#1228653).
- Update
patches.suse/platform-x86-int3472-Check-for-adev-NULL.patch
(stable-fixes CVE-2024-58011 bsc#1239080).
- Update
patches.suse/powerpc-pseries-iommu-IOMMU-incorrectly-marks-MMIO-r.patch
(bsc#1218470 ltc#204531 CVE-2024-57999 bsc#1238526).
- Update
patches.suse/printk-Fix-signed-integer-overflow-when-defining-LOG_BUF_LEN_MAX.patch
(bsc#1237950 CVE-2024-58017 bsc#1239112).
- Update
patches.suse/rdma-cxgb4-Prevent-potential-integer-overflow-on-32b.patch
(git-fixes CVE-2024-57973 bsc#1238531).
- Update
patches.suse/remoteproc-core-Fix-ida_free-call-while-not-allocate.patch
(git-fixes CVE-2024-58056 bsc#1238981).
- Update
patches.suse/rtc-pcf85063-fix-potential-OOB-write-in-PCF85063-NVM.patch
(git-fixes CVE-2024-58069 bsc#1238978).
- Update
patches.suse/scsi-hisi_sas-Fix-a-deadlock-issue-related-to-automa-3c4f53b2.patch
(git-fixes CVE-2024-26873 bsc#1223047).
- Update
patches.suse/scsi-megaraid_sas-Fix-for-a-potential-deadlock.patch
(git-fixes CVE-2024-57807 bsc#1235761).
- Update
patches.suse/smb-client-fix-double-put-of-cfile-in-smb2_rename_path-.patch
(git-fixes CVE-2024-46736 bsc#1230728).
- Update
patches.suse/smb-client-fix-double-put-of-cfile-in-smb2_set_path_size-.patch
(git-fixes CVE-2024-46796 bsc#1230832).
- Update
patches.suse/smb-client-fix-possible-double-free-in-smb2_set_ea-.patch
(git-fixes CVE-2024-50152 bsc#1233033).
- Update
patches.suse/soc-qcom-socinfo-Avoid-out-of-bounds-read-of-serial-.patch
(git-fixes CVE-2024-58007 bsc#1238511).
- Update
patches.suse/staging-media-max96712-fix-kernel-oops-when-removing.patch
(git-fixes CVE-2024-58054 bsc#1238975).
- Update
patches.suse/tomoyo-don-t-emit-warning-in-tomoyo_write_control.patch
(stable-fixes CVE-2024-58085 bsc#1239085).
- Update
patches.suse/tpm-Change-to-kvalloc-in-eventlog-acpi.c.patch
(bsc#1233260 bsc#1233259 bsc#1232421 CVE-2024-58005
bsc#1237873).
- Update
patches.suse/ubifs-skip-dumping-tnc-tree-when-zroot-is-null.patch
(git-fixes CVE-2024-58058 bsc#1238979).
- Update
patches.suse/usb-gadget-f_tcm-Don-t-free-command-immediately.patch
(git-fixes CVE-2024-58055 bsc#1238959).
- Update
patches.suse/usb-xhci-Fix-NULL-pointer-dereference-on-certain-com.patch
(git-fixes CVE-2024-57981 bsc#1237912).
- Update
patches.suse/wifi-brcmsmac-add-gain-range-check-to-wlc_phy_iqcal_.patch
(stable-fixes CVE-2024-58014 bsc#1239109).
- Update
patches.suse/wifi-mac80211-prohibit-deactivating-all-links.patch
(git-fixes CVE-2024-58061 bsc#1238973).
- Update
patches.suse/wifi-mt76-mt7925-fix-off-by-one-in-mt7925_load_clc.patch
(git-fixes CVE-2024-57990 bsc#1237900).
- Update
patches.suse/wifi-rtlwifi-fix-memory-leaks-and-invalid-access-at-.patch
(git-fixes CVE-2024-58063 bsc#1238984).
- Update
patches.suse/wifi-rtlwifi-remove-unused-check_buddy_priv.patch
(git-fixes CVE-2024-58072 bsc#1238964).
- Update
patches.suse/wifi-wcn36xx-fix-channel-survey-memory-allocation-si.patch
(git-fixes CVE-2024-57997 bsc#1238529).
- commit fb231d1
- Update
patches.suse/cpu-hotplug-Don-t-offline-the-last-non-isolated-CPU.patch
(bsc#1237562 CVE-2023-52831 bsc#1225533).
- Update
patches.suse/io_uring-rw-split-io_read-into-a-helper.patch
(bsc#1215211 CVE-2023-52926 bsc#1237565).
- commit a1ecaa9
- partitions: mac: fix handling of bogus partition table
(git-fixes).
- block: cleanup and fix batch completion adding conditions
(git-fixes).
- block: don't revert iter for -EIOCBQUEUED (git-fixes).
- commit 9b6ced4
- rapidio: add check for rio_add_net() in rio_scan_alloc_net()
(git-fixes).
- rapidio: fix an API misues when rio_add_net() fails (git-fixes).
- dma: kmsan: export kmsan_handle_dma() for modules (git-fixes).
- commit 6203500
- orangefs: fix a oob in orangefs_debug_write (git-fixes).
- commit d83f55b
- sunrpc: suppress warnings for unused procfs functions
(git-fixes).
- commit cd678ab
- SUNRPC: Handle -ETIMEDOUT return from tlshd (git-fixes).
- commit 55bec3b
- SUNRPC: Prevent looping due to rpc_signal_task() races
(git-fixes).
- commit 033fbe6
- SUNRPC: convert RPC_TASK_* constants to enum (git-fixes).
- commit 444dbb7
- nfsd: clear acl_access/acl_default after releasing them
(git-fixes).
- commit 44261ed
- pnfs/flexfiles: retry getting layout segment for reads
(git-fixes).
- commit 76f556a
- ALSA: hda/realtek: Fix Asus Z13 2025 audio (stable-fixes).
- Refresh
patches.suse/ALSA-hda-realtek-Add-support-for-various-ASUS-Laptop.patch.
- commit 9363cb2
- ALSA: hda/realtek: Add support for ASUS ROG Strix GA603 Laptops
using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G814 Laptop
using CS35L41 HDA (stable-fixes).
- commit aea7c4e
- Refresh patches.suse/ALSA-hda-realtek-Workaround-for-resume-on-Dell-Venue.patch
A patch chunk was dropped mistakenly
- commit 0e9ac09
- ALSA: hda/realtek: Add support for ASUS Zenbook UM3406KA
Laptops using CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Add support for ASUS ROG Strix G614 Laptops
using CS35L41 HDA (stable-fixes).
- commit 4ef6d55
- ALSA: hda: realtek: fix incorrect IS_REACHABLE() usage
(git-fixes).
- commit 844da8a
- ALSA: hda/realtek: Add support for various ASUS Laptops using
CS35L41 HDA (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on Positivo ARN50
(stable-fixes).
- commit 2ee2163
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
(stable-fixes).
- ALSA: hda/realtek: update ALC222 depop optimize (stable-fixes).
- ALSA: hda/realtek - add supported Mic Mute LED for Lenovo
platform (stable-fixes).
- ALSA: seq: Avoid module auto-load handling at event delivery
(stable-fixes).
- commit 10a77af
- hwmon: fix a NULL vs IS_ERR_OR_NULL() check in
xgene_hwmon_probe() (git-fixes).
- hwmon: (ad7314) Validate leading zero bits and return error
(git-fixes).
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
(git-fixes).
- hwmon: (pmbus) Initialise page count in pmbus_identify()
(git-fixes).
- gpio: rcar: Fix missing of_node_put() call (git-fixes).
- gpio: aggregator: protect driver attr handlers against module
unload (git-fixes).
- ALSA: usx2y: validate nrpacks module parameter on probe
(git-fixes).
- ALSA: hda/realtek: Remove (revert) duplicate Ally X config
(git-fixes).
- drm/amd/display: Fix HPD after gpu reset (stable-fixes).
- drm/amd/display: Disable PSR-SU on eDP panels (stable-fixes).
- firmware: cs_dsp: Remove async regmap writes (git-fixes).
- commit c757c56
- packaging: Patch Makefile to pre-select gcc version (jsc#PED-12251).
When compiler different from the one which was used to configure the
kernel is used to build modules a warning is issued and the build
continues. This could be turned into an error but that would be too
restrictive.
The generated kernel-devel makefile could set the compiler but then the
main Makefile as to be patched to assign CC with ?=
This causes run_oldconfig failure on SUSE-2024 and kbuild config check
failure on SUSE-2025.
This cannot be hardcoded to one version in a regular patch because the
value is expected to be configurable at mkspec time. Patch the Makefile
after aplyin patches in rpm prep step instead. A check is added to
verify that the sed command did indeed apply the change.
- commit 6031391
- tracing/osnoise: Fix resetting of tracepoints (CVE-2025-21733
bsc#1238494).
- commit 27d6e3b
- btrfs: fix assertion failure when splitting ordered extent
after transaction abort (CVE-2025-21754 bsc#1238496).
- commit 2050c25
- kABI workaround for pps changes (CVE-2024-57979 bsc#1238521).
- commit b151154
- pps: Fix a use-after-free (CVE-2024-57979 bsc#1238521).
- commit c19b588
- expat
-
- version update to 2.7.1
Bug fixes:
[#980] #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
[#976] #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
[#983] #984 Fix printf format specifiers for 32bit Emscripten
[#992] docs: Promote OpenSSF Best Practices self-certification
[#978] tests/benchmark: Resolve mistaken double close
[#986] Address compiler warnings
[#990] #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
[#982] CI: Start running Perl XML::Parser integration tests
[#987] CI: Enforce Clang Static Analyzer clean code
[#991] CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
[#981] CI: Cover compilation with musl
[#983] #984 CI: Cover compilation with 32bit Emscripten
[#976] #977 CI: Protect against fuzzer files missing from future
release archives
- version update to 2.7.0 for SLE-15-SP4
- deleted patches
- expat-CVE-2022-25235.patch (upstreamed)
- expat-CVE-2022-25236-relax-fix.patch (upstreamed)
- expat-CVE-2022-25236.patch (upstreamed)
- expat-CVE-2022-25313-fix-regression.patch (upstreamed)
- expat-CVE-2022-25313.patch (upstreamed)
- expat-CVE-2022-25314.patch (upstreamed)
- expat-CVE-2022-25315.patch (upstreamed)
- expat-CVE-2022-40674.patch (upstreamed)
- expat-CVE-2022-43680.patch (upstreamed)
- expat-CVE-2023-52425-1.patch (upstreamed)
- expat-CVE-2023-52425-2.patch (upstreamed)
- expat-CVE-2023-52425-backport-parser-changes.patch (upstreamed)
- expat-CVE-2023-52425-fix-tests.patch (upstreamed)
- expat-CVE-2024-28757.patch (upstreamed)
- expat-CVE-2024-45490.patch (upstreamed)
- expat-CVE-2024-45491.patch (upstreamed)
- expat-CVE-2024-45492.patch (upstreamed)
- expat-CVE-2024-50602.patch (upstreamed)
- version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
[#893] #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
[#935] #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
[#925] Autotools: Sync CMake templates with CMake 3.29
[#945] #962 #966 CMake: Drop support for CMake <3.13
[#942] CMake: Small fuzzing related improvements
[#921] docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
[#941] docs: Document need for C++11 compiler for use from C++
[#959] tests/benchmark: Fix a (harmless) TOCTTOU
[#944] Windows: Fix installer target location of file xmlwf.xml
for CMake
[#953] Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
[#971] Address Cppcheck warnings
[#969] #970 Mass-migrate links from http:// to https://
[#947] #958 ..
[#974] #975 Document changes since the previous release
[#974] #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
- supportutils
-
- Changes to version 3.2.10
+ network.txt collect all firewalld zones (pr#233)
+ Collects gfs2 info (PED-11853, pr#235, pr#236)
+ Ignore tasks/threads to prevent collecting duplicate fd data in open_files (bsc#1230371, pr#237)
+ Added openldap2_5 support for SLES (pr#238)
+ Collects additional hawk details (pr#239)
+ Optimized filtering D/Z processes (pr#241)
+ Collect firewalld permanent configuration (pr#243)
+ ldap_info: support for multiple DBs and sanitize olcRootPW (bsc#1231838, pr#247)
+ Added dbus_info for dbus.txt (bsc#1222650, pr#248)
- Changes to version 3.2.9
+ Map running PIDs to RPM package owner aiding BPF program detection (bsc#1222896, bsc#1213291, PED-8221)
+ Supportconfig available in current distro (PED-7131)
+ Corrected display issues (bsc#1231396)
+ NFS takes too long, showmount times out (bsc#1231423)
+ Merged sle15 and master branches (bsc#1233726, PED-11669)