- cloud-netconfig
-
- Update to version 1.19
+ Make sure IPADDR variable is stripped of netmask
- Update to version 1.18
+ Fix issue with link-local address routing (bsc#1258730)
- Update to version 1.17
+ Do not set broadcast address explicitly (bsc#1258406)
- Update to version 1.16
+ Fix query of default CLOUD_NETCONFIG_MANAGE (bsc#1253223
+ Fix variable names in the README
- kernel-default
-
- kabi assert ptrace: slightly saner 'get_dumpable()' logic
(bsc#1265308).
- kabi ptrace: slightly saner 'get_dumpable()' logic
(bsc#1265308).
- commit 51e3e5d
- ptrace: slightly saner 'get_dumpable()' logic (bsc#1265308).
- commit a7685e1
- io-wq: check that the predecessor is hashed in
io_wq_remove_pending() (git-fixes).
- commit 447a089
- net: skbuff: propagate shared-frag marker through pskb_copy()
(CVE-2026-46300 bsc#1265209).
- commit 4c684ee
- xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449 bsc#1264450).
- commit f187bc6
- supported.conf: drop rxrpc and afs_fs (bsc#1264450)
- commit c00b898
- x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013 CVE-2025-54518).
- commit 5f11806
- crypto: authencesn - Fix src offset when decrypting in-place
(bsc#1262573 CVE-2026-31431).
- commit 4921c60
- crypto: authencesn - Do not place hiseq at end of dst for
out-of-place decryption (bsc#1262573 CVE-2026-31431).
- commit 2c8047b
- crypto: authenc - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- Refresh
patches.suse/crypto-authencesn-reject-too-short-AAD-assoclen-8-to.patch
- commit 24731ba
- kABI: Restore af_alg_{count,pull}_tsgl() signatures (bsc#1262573
CVE-2026-31431).
- commit b418ef6
- crypto: algif_aead - Revert to operating out-of-place
(bsc#1262573 CVE-2026-31431).
- commit eb1a8c9
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher
(bsc#1262573 CVE-2026-31431).
- commit 8a67d67
- crypto: scatterwalk - Fix memcpy_sglist() to always succeed
(bsc#1262573 CVE-2026-31431).
- commit c2ad254
- crypto: scatterwalk - Add memcpy_sglist (bsc#1262573
CVE-2026-31431).
- commit 28aed48
- soc: aspeed: socinfo: Mask table entries for accurate SoC ID
matching (git-fixes).
- commit df6cd61
- net/sched: teql: fix NULL pointer dereference in iptunnel_xmit
on TEQL slave xmit (CVE-2026-23277 bsc#1259997).
- commit 852cc2c
- scsi: target: Fix recursive locking in __configfs_open_file()
(CVE-2026-23292 bsc#1260500).
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() (CVE-2026-23193 bsc#1258414).
- scsi: target: iscsi: Fix use-after-free in
iscsit_dec_conn_usage_count() (CVE-2026-23216 bsc#1258447).
- commit e7b5dcd
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs
and shared blocks (CVE-2026-23270 bsc#1259886).
- commit 00821f1
- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).
- commit c8a645c
- net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23381 bsc#1260471).
- commit 21aa5bd
- clsact: Fix use-after-free in init/destroy rollback asymmetry
(CVE-2026-23413 bsc#1261498).
- commit eaf3b22
- icmp: fix NULL pointer dereference in icmp_tag_validation()
(CVE-2026-23398 bsc#1260730).
- net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled
(CVE-2026-23293 bsc#1260486).
- commit 05f5f64
- net/sched: ets: fix divide by zero in the offload path
(CVE-2026-23379 bsc#1260481).
- commit 3672900
- tls: Purge async_hold in tls_decrypt_async_wait() (CVE-2026-23414
bsc#1261496).
- commit 1058925
- usb: core: phy: avoid double use of 'usb3-phy' (git-fixes).
- commit 4e8787e
- usb: gadget: uvc: fix NULL pointer dereference during unbind
race (git-fixes).
- commit 4a9ee96
- misc: fastrpc: possible double-free of cctx->remote_heap
(git-fixes).
- comedi: Reinit dev->spinlock between attachments to low-level
drivers (git-fixes).
- comedi: me_daq: Fix potential overrun of firmware buffer
(git-fixes).
- comedi: me4000: Fix potential overrun of firmware buffer
(git-fixes).
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach
(git-fixes).
- iio: dac: ad5770r: fix error return in ad5770r_read_raw()
(git-fixes).
- iio: accel: fix ADXL355 temperature signature value (git-fixes).
- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
- iio: adc: ti-adc161s626: fix buffer read on big-endian
(git-fixes).
- iio: imu: bmi160: Remove potential undefined behavior in
bmi160_config_pin() (git-fixes).
- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one
(git-fixes).
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
- iio: gyro: mpu3050: Move iio_device_register() to correct
location (git-fixes).
- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
- iio: gyro: mpu3050: Fix incorrect free_irq() variable
(git-fixes).
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and
gyroscope only (git-fixes).
- usb: cdns3: gadget: fix state inconsistency on gadget init
failure (git-fixes).
- usb: ulpi: fix double free in ulpi_register_interface() error
path (git-fixes).
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue
(git-fixes).
- usb: gadget: f_rndis: Protect RNDIS options with mutex
(git-fixes).
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free
(git-fixes).
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in
dwc2_hsotg_udc_stop() (git-fixes).
- usb: ehci-brcm: fix sleep during atomic (git-fixes).
- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
- usb: gadget: u_ether: Fix race between gether_disconnect and
eth_stop (git-fixes).
- thunderbolt: Fix property read in nhi_wake_supported()
(git-fixes).
- commit 4e3d5c2
- Input: synaptics-rmi4 - fix a locking bug in an error path
(git-fixes).
- hwmon: (occ) Fix missing newline in occ_show_extended()
(git-fixes).
- hwmon: (occ) Fix division by zero in occ_show_power_1()
(git-fixes).
- hwmon: (tps53679) Fix device ID comparison and printing in
tps53676_identify() (git-fixes).
- hwmon: (pxe1610) Check return value of page-select write in
probe (git-fixes).
- commit 08cee84
- Revert "drm: Fix use-after-free on framebuffers and property
blobs when calling drm_dev_unplug" (git-fixes).
- drm/i915/dsi: Don't do DSC horizontal timing adjustments in
command mode (git-fixes).
- drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB
(git-fixes).
- commit 79130c8
- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
- drm/ioc32: stop speculation on the drm_compat_ioctl path
(git-fixes).
- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
- accel/qaic: Handle DBC deactivation if the owner went away
(git-fixes).
- drm/i915/dp: Use crtc_state->enhanced_framing properly on
ivb/hsw CPU eDP (git-fixes).
- crypto: af-alg - fix NULL pointer dereference in scatterwalk
(git-fixes).
- crypto: caam - fix overflow on long hmac keys (git-fixes).
- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
- commit 376a907
- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D
mode (stable-fixes).
- commit 2d1bac8
- Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync
(git-fixes).
- wifi: ath11k: Pass the correct value of each TID during a stop
AMPDU session (git-fixes).
- ASoC: Intel: boards: fix unmet dependency on PINCTRL
(git-fixes).
- drm/amdgpu: prevent immediate PASID reuse case (stable-fixes).
- usb: core: new quirk to handle devices with zero configurations
(stable-fixes).
- drm/amdgpu: fix gpu idle power consumption issue for gfx v12
(stable-fixes).
- drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes).
- commit 7612e81
- net/x25: Fix overflow when accumulating packets (git-fixes).
- net/x25: Fix potential double free of skb (git-fixes).
- Bluetooth: SMP: derive legacy responder STK authentication
from MITM state (git-fixes).
- Bluetooth: SMP: force responder MITM requirements before
building the pairing response (git-fixes).
- Bluetooth: MGMT: validate mesh send advertising payload length
(git-fixes).
- Bluetooth: hci_event: fix potential UAF in
hci_le_remote_conn_param_req_evt (git-fixes).
- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
- Bluetooth: SCO: fix race conditions in sco_sock_connect()
(git-fixes).
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if
immediate (git-fixes).
- NFC: pn533: bound the UART receive buffer (git-fixes).
- wifi: iwlwifi: mvm: fix potential out-of-bounds read in
iwl_mvm_nd_match_info_handler() (git-fixes).
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size
calculation (git-fixes).
- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add
rollback on failure (git-fixes).
- ALSA: caiaq: fix stack out-of-bounds read in init_card
(git-fixes).
- dmaengine: idxd: Fix freeing the allocated ida too late
(git-fixes).
- Bluetooth: btintel: serialize btintel_hw_error() with
hci_req_sync_lock (git-fixes).
- hwmon: axi-fan: don't use driver_override as IRQ name
(git-fixes).
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390
(stable-fixes).
- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk
(stable-fixes).
- ASoC: fsl_easrc: Fix event generation in
fsl_easrc_iec958_set_reg() (stable-fixes).
- ASoC: fsl_easrc: Fix event generation in
fsl_easrc_iec958_put_bits() (stable-fixes).
- HID: mcp2221: cancel last I2C command on read error
(stable-fixes).
- HID: asus: avoid memory leak in asus_report_fixup()
(stable-fixes).
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup()
(stable-fixes).
- HID: apple: avoid memory leak in apple_report_fixup()
(stable-fixes).
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1
Fold 16 Gen 1 (stable-fixes).
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to
dmi_vgbs_allow_list (stable-fixes).
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix
touchscreen on SUPI S10 (stable-fixes).
- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D
mode (stable-fixes).
- Bluetooth: hci_sync: Remove remaining dependencies of
hci_request (stable-fixes).
- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
- hwmon: (axi-fan-control) Make use of dev_err_probe()
(stable-fixes).
- hwmon: (axi-fan-control) Use device firmware agnostic API
(stable-fixes).
- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx()
API (stable-fixes).
- commit a6c10e6
- smb: client: fix krb5 mount with username option (git-fixes).
- commit 0e79d63
- cifs: make default value of retrans as zero (git-fixes).
- commit 5d4b8c7
- smb: client: fix in-place encryption corruption in SMB2_write()
(git-fixes).
- commit e7144ea
- smb: client: fix broken multichannel with krb5+signing
(git-fixes).
- commit c4e64ff
- smb: client: fix cifs_pick_channel when channels are equally
loaded (git-fixes).
- commit dfa0ecd
- cifs: some missing initializations on replay (git-fixes).
- commit d98e800
- smb: client: prevent races in ->query_interfaces() (git-fixes).
- commit 78bd9b1
- smb: client: add proper locking around ses->iface_last_update
(git-fixes).
- commit 2b9d663
- cifs: force interface update before a fresh session setup
(git-fixes).
- commit 99b8edb
- cifs: Fix locking usage for tcon fields (git-fixes).
- commit 2b819dd
- cpufreq/amd-pstate: Set the initial min_freq to
lowest_nonlinear_freq (bsc#1252803).
- commit 6223a40
- cpufreq/amd-pstate: Remove the redundant verify() function
(bsc#1252803).
- commit 2b46ac7
- net: add proper RCU protection to /proc/net/ptype
(CVE-2026-23255 bsc#1259891).
- commit 970622a
- netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels
(CVE-2026-23274 bsc#1260005).
- commit b61cf0b
- netfilter: nf_tables: always walk all pending catchall elements
(CVE-2026-23278 bsc#1259998).
- commit bde2f22
- netfilter: nf_tables: unconditionally bump set->nelems before
insertion (CVE-2026-23272 bsc#1260009).
- commit 4898783
- io_uring/rw: free potentially allocated iovec on cache put
failure (CVE-2026-23259 bsc#1259866).
- commit 1144130
- btrfs: fix zero size inode with non-zero size after log replay
(git-fixes).
- commit f810098
- btrfs: log new dentries when logging parent dir of a conflicting
inode (git-fixes).
- commit 2a2fe4a
- bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
(CVE-2026-23319 bsc#1260735).
- commit afdc54a
- bpf: export bpf_link_inc_not_zero (CVE-2026-23319 bsc#1260735).
- commit 3c0dee1
- Refresh patches.suse/nvme-add-partial_nid-quirk.patch.
- commit a0ca140
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- commit dd3433a
- btrfs: fix reservation leak in some error paths when inserting
inline extent (CVE-2025-71268 bsc#1259865).
- commit f586cfb
- btrfs: do not free data reservation in fallback from inline
due to -ENOSPC (CVE-2025-71269 bsc#1259889).
- commit 2f2ec59
- kABI fix for ipvlan: Make the addrs_lock be per port
(CVE-2026-23103 bsc#1257773).
- ipvlan: Make the addrs_lock be per port (CVE-2026-23103
bsc#1257773).
- commit 546f802
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- commit 5f963b7
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit aa72668
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- commit a92902d
- Move upstreamed mana patch into sorted section
- commit 7835c5b
- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
- bonding: do not set usable_slaves for broadcast mode
(git-fixes).
- idpf: nullify pointers after they are freed (git-fixes).
- gve: fix incorrect buffer cleanup in
gve_tx_clean_pending_packets for QPL (CVE-2026-23386
bsc#1260799).
- commit 1051a48
- xen/privcmd: unregister xenstore notifier on module exit
(git-fixes).
- commit 0c94fec
- xen/privcmd: restrict usage in unprivileged domU (bsc#1259707
CVE-2026-31788).
- commit 0c51260
- dmaengine: idxd: Fix freeing the allocated ida too late
(git-fixes).
- irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment
(git-fixes).
- commit 8028a3b
- phy: ti: j721e-wiz: Fix device node reference leak in
wiz_get_lane_phy_types() (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction
(git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for
cyclic DMA (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions
(git-fixes).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock
(git-fixes).
- dmaengine: sh: rz-dmac: Protect the driver specific lists
(git-fixes).
- dmaengine: idxd: fix possible wrong descriptor completion in
llist_abort_desc() (git-fixes).
- dmaengine: xilinx: xdma: Fix regmap init error handling
(git-fixes).
- dmaengine: idxd: Fix leaking event log memory (git-fixes).
- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
- dmaengine: idxd: Fix not releasing workqueue on .release()
(git-fixes).
- commit f22ea44
- drm/vmwgfx: Return the correct value in vmw_translate_ptr
functions (CVE-2026-23317 bsc#1260562).
- commit 62d1ba3
- PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry
(CVE-2026-23361 bsc#1260732).
- commit e28de60
- Delete
patches.suse/scsi-Fix-sas_user_scan-to-handle-wildcard-and-multi-channe.patch.
See bsc#1257506.
The git-fix being removed had issues and needs to be redesigned.
In the mean time, reverting this addresses the problem.
See:
> https://bugzilla.suse.com/show_bug.cgi?id=1257506#c47
- commit 14d63c6
- drm/i915/dp_tunnel: Fix error handling when clearing stream
BW in atomic state (git-fixes).
- drm/amd/display: Do not skip unrelated mode changes in DSC
validation (git-fixes).
- commit 4a5f1c3
- hwmon: (adm1177) fix sysfs ABI violation and current unit
conversion (git-fixes).
- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible()
(git-fixes).
- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead
of absolute temperature (git-fixes).
- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable
sysfs attributes (git-fixes).
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads
(git-fixes).
- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib
(git-fixes).
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
- regmap: Synchronize cache for the page selector (git-fixes).
- ASoC: SOF: ipc4-topology: Allow bytes controls without initial
payload (git-fixes).
- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value
(git-fixes).
- ASoC: Intel: catpt: Fix the device initialization (git-fixes).
- ALSA: firewire-lib: fix uninitialized local variable
(git-fixes).
- commit a2172e0
- libceph: reset sparse-read state in osd_fault() (CVE-2026-23136 bsc#1258303).
- commit 7606f01
- wifi: libertas: fix use-after-free in lbs_free_adapter()
(CVE-2026-23281 bsc#1260464).
- commit 43b8c42
- Bluetooth: btintel: serialize btintel_hw_error() with
hci_req_sync_lock (git-fixes).
- Bluetooth: L2CAP: Fix stack-out-of-bounds read in
l2cap_ecred_conn_req (git-fixes).
- drm/xe: Open-code GGTT MMIO access protection (git-fixes).
- drm/xe/oa: Allow reading after disabling OA stream (git-fixes).
- drm/amdgpu/mmhub4.1.0: add bounds checking for cid
(stable-fixes).
- drm/amd: fix dcn 2.01 check (git-fixes).
- drm/amd/display: Wrap dcn32_override_min_req_memclk() in
DC_FP_{START, END} (git-fixes).
- drm: Fix use-after-free on framebuffers and property blobs
when calling drm_dev_unplug (git-fixes).
- drm/imagination: Fix deadlock in soft reset sequence
(git-fixes).
- mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN
stations (stable-fixes).
- Bluetooth: qca: fix ROM version reading on WCN3998 chips
(git-fixes).
- Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ
(git-fixes).
- Bluetooth: MGMT: Fix list corruption and UAF in command complete
handlers (git-fixes).
- Bluetooth: ISO: Fix defer tests being unstable (git-fixes).
- USB: add QUIRK_NO_BOS for video capture several devices
(stable-fixes).
- drm/i915/dsc: Add helper for writing DSC Selective Update ET
parameters (stable-fixes).
- drm/i915/dsc: Add Selective Update register definitions
(stable-fixes).
- drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on
smu v13.0.x (stable-fixes).
- drm/amd/display: Fallback to boot snapshot for dispclk
(stable-fixes).
- ASoC: cs42l43: Report insert for exotic peripherals
(stable-fixes).
- drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes).
- commit 11a085d
- serial: 8250: Add late synchronize_irq() to shutdown to handle
DW UART BUSY (git-fixes).
- serial: 8250_pci: add support for the AX99100 (stable-fixes).
- serial: uartlite: fix PM runtime usage count underflow on probe
(git-fixes).
- serial: 8250: Fix TX deadlock when using DMA (git-fixes).
- spi: fix statistics allocation (git-fixes).
- spi: fix use-after-free on controller registration failure
(git-fixes).
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is
not enough headroom (git-fixes).
- wifi: mac80211: fix NULL deref in mesh_matches_local()
(git-fixes).
- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
(git-fixes).
- wifi: mac80211: Fix static_branch_dec() underflow for
aql_disable (git-fixes).
- soc: fsl: qbman: fix race condition in qman_destroy_fq
(git-fixes).
- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb
speed (stable-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -H
(stable-fixes).
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk
(stable-fixes).
- usb: xhci: Prevent interrupt storm on host controller error
(HCE) (stable-fixes).
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343
(git-fixes).
- usb: misc: uss720: properly clean up reference in uss720_probe()
(stable-fixes).
- usb: image: mdc800: kill download URB on timeout (stable-fixes).
- usb: mdc800: handle signal and read racing (stable-fixes).
- usb: yurex: fix race in probe (stable-fixes).
- staging: rtl8723bs: properly validate the data in
rtw_get_ie_ex() (stable-fixes).
- wifi: mac80211: set default WMM parameters on all links
(stable-fixes).
- usb: cdns3: fix role switching during resume (git-fixes).
- USB: serial: f81232: fix incomplete serial port generation
(stable-fixes).
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume()
(stable-fixes).
- usb: cdns3: remove redundant if branch (stable-fixes).
- commit 9cd434e
- nfc: nci: fix circular locking dependency in nci_close_device
(git-fixes).
- pinctrl: mediatek: common: Fix probe failure for devices
without EINT (git-fixes).
- pinctrl: qcom: spmi-gpio: implement .get_direction()
(git-fixes).
- platform/x86: ISST: Correct locked bit width (git-fixes).
- platform/olpc: olpc-xo175-ec: Fix overflow error message to
print inlen (git-fixes).
- mmc: sdhci: fix timing selection for 1-bit bus width
(git-fixes).
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
- mtd: rawnand: pl353: make sure optimal timings are applied
(git-fixes).
- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
- mtd: rawnand: serialize lock/unlock against other NAND
operations (git-fixes).
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent()
in cadence_nand_init() (git-fixes).
- mtd: Avoid boot crash in RedBoot partition table parser
(git-fixes).
- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
- net: usb: aqc111: Do not perform PM inside suspend callback
(git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check
(git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check
(git-fixes).
- net/rose: fix NULL pointer dereference in rose_transmit_link
on reconnect (git-fixes).
- PM: runtime: Fix a race condition related to device removal
(git-fixes).
- regulator: pca9450: Correct interrupt type (git-fixes).
- platform/x86: dell-wmi: Add audio/mic mute key codes
(stable-fixes).
- pinctrl: equilibrium: fix warning trace on load (git-fixes).
- pinctrl: equilibrium: rename irq_chip function callbacks
(stable-fixes).
- net: usb: pegasus: validate USB endpoints (stable-fixes).
- mfd: omap-usb-host: Fix OF populate on driver rebind
(git-fixes).
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
- regulator: pca9450: Make IRQ optional (stable-fixes).
- PCI: Update BAR # and window messages (stable-fixes).
- mfd: qcom-pm8xxx: Convert to platform remove callback returning
void (stable-fixes).
- commit ec2548e
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
(git-fixes).
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
- media: mc, v4l2: serialize REINIT and REQBUFS with
req_queue_mutex (git-fixes).
- i2c: pxa: defer reset on Armada 3700 when recovery is used
(git-fixes).
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
- hwmon: (pmbus/isl68137) Fix unchecked return value and use
sysfs_emit() (git-fixes).
- drm/radeon: apply state adjust rules to some additional HAINAN
vairants (stable-fixes).
- drm/amdgpu: apply state adjust rules to some additional HAINAN
vairants (stable-fixes).
- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.2: add bounds checking for cid
(stable-fixes).
- drm/amdgpu/mmhub3.0.1: add bounds checking for cid
(stable-fixes).
- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
- drm/amd/display: Fix DisplayID not-found handling in
parse_edid_displayid_vrr() (git-fixes).
- drm/i915/gt: Check set_default_submission() before deferencing
(git-fixes).
- firmware: arm_scpi: Fix device_node reference leak in probe path
(git-fixes).
- drm/amd: Set num IP blocks to 0 if discovery fails
(stable-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi
(git-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi
registers (git-fixes).
- drm/amdgpu: Fix use-after-free race in VM acquire
(stable-fixes).
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks
missing them (stable-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics
(stable-fixes).
- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode
with HPD (stable-fixes).
- drm/amd/display: Add pixel_clock to amd_pp_display_configuration
(stable-fixes).
- drm/msm/dsi: Document DSC related pclk_rate and hdisplay
calculations (stable-fixes).
- mfd: omap-usb-host: Convert to platform remove callback
returning void (stable-fixes).
- media: tegra-video: Use accessors for pad config 'try_*' fields
(stable-fixes).
- i2c: cp2615: replace deprecated strncpy with strscpy
(stable-fixes).
- commit 19fcdc7
- Bluetooth: btusb: clamp SCO altsetting table indices
(git-fixes).
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite
loop (git-fixes).
- Bluetooth: L2CAP: Fix send LE flow credits in ACL link
(git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb
(git-fixes).
- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
- Bluetooth: MGMT: Fix dangling pointer on
mgmt_add_adv_patterns_monitor_complete (git-fixes).
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to
missing sock_hold (git-fixes).
- Bluetooth: L2CAP: Validate PDU length before reading SDU length
in l2cap_ecred_data_rcv() (git-fixes).
- commit d4b4294
- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup()
(git-fixes).
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before
access (git-fixes).
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()
(git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user
(git-fixes).
- Bluetooth: HIDP: Fix possible UAF (git-fixes).
- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed
SDU (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU
exceeds IMTU (git-fixes).
- ACPI: processor: Fix previous acpi_processor_errata_piix4()
fix (git-fixes).
- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2
mixer interfaces (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA
(stable-fixes).
- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table
(stable-fixes).
- ALSA: hda: cs35l56: Fix signedness error in
cs35l56_hda_posture_put() (git-fixes).
- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255
(stable-fixes).
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift
SF314 (stable-fixes).
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4
(stable-fixes).
- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
- commit d930c45
- ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337 CVE-2026-23201).
- commit c1d531a
- libceph: make calc_target() set t->paused, not just clear it (bsc#1257682 CVE-2026-23047).
- commit 9134bbf
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- commit f09c977
- Update config files.
Pure run_oldconfig -- dismiss removed configs like
CONFIG_TEST_LIVEPATCH.
- commit 9d0caee
- RDMA/umad: Reject negative data_len in ib_umad_write (CVE-2026-23243 bsc#1259797)
- commit b964f1d
- RDMA/siw: Fix potential NULL pointer dereference in header processing (CVE-2026-23242 bsc#1259795)
- commit b14d408
- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
- commit a1c1b16
- Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
This reverts commit 7b00832607c6c999e43cce72e2a7feaf7db3bbfa.
- commit 6e3ca09
- Update kabi files (jsc#PED-15582).
- commit c06e238
- bpf, test_run: Subtract size of xdp_frame from allowed metadata
size (CVE-2026-23140 bsc#1258305).
- commit 2fff83a
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue
(bsc#1255687, git-fixes).
- commit 7ef9035
- scsi: hisi_sas: Fix NULL pointer exception during user_scan()
(bsc#1255687).
- commit 0bea95d
- s390/debug: Pass in and enforce output buffer size for format
handlers (jsc#PED-15582).
- Refresh
patches.suse/s390-pci-Add-pci_msg-debug-view-to-PCI-report.patch.
- commit d8dd9c7
- netfilter: nf_tables: fix use-after-free in nf_tables_addchain()
(CVE-2026-23231 bsc#1259188).
- netfilter: nf_tables: register hooks last when adding new
chain/flowtable (CVE-2026-23231 bsc#1259188).
- commit fd540e6
- Refresh azure config files, no runtime changes intended.
- commit 5cf84bb
- x86/vmware: Fix hypercall clobbers (CVE-2026-23215 bsc#1258476).
- commit 1c8c139
- nvme: fix memory leak in quirks_param_set() (bsc#1243208).
- nvme: add support for dynamic quirk configuration via module
parameter (bsc#1243208).
- nvme: expose active quirks in sysfs (bsc#1243208).
Refresh:
- patches.suse/nvme-add-partial_nid-quirk.patch
- commit c6a41b6
- scsi: target: target_core_configfs: Add length check to avoid
buffer overflow (CVE-2025-39998 bsc#1252073).
- commit dff8745
- l2tp: avoid one data-race in l2tp_tunnel_del_work() (CVE-2026-23120 bsc#1258280)
- commit 975023c
- pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (CVE-2026-23187 bsc#1258330)
- commit 4b333af
- phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (CVE-2026-23030 bsc#1257561)
- commit 4c335f0
- Use unified maintainers' email address
- commit d015f19
- Use unified maintainers' email address
- commit e7955e0
- Use unified maintainers' email address
- commit 3c803fb
- vhost: fix caching attributes of MMIO regions by setting them
explicitly (git-fixes).
- commit 08a5f81
- vmw_vsock: bypass false-positive Wnonnull warning with gcc-16
(git-fixes).
- commit 096a8f1
- xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes).
- commit da0ad33
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fix).
- commit 4b21ba9
- iomap: adjust read range correctly for non-block-aligned positions (CVE-2025-68794 bsc#1256647)
- commit bad6b8a
- net: mana: fix use-after-free in mana_hwc_destroy_channel()
by reordering teardown (git-fixes).
- net/mana: Null service_wq on setup error to prevent double
destroy (git-fixes).
- commit 679a815
- Refresh
patches.suse/selftests-bpf-add-verifier-sign-extension-bound-comp.patch.
Updated expected BPF verifier message to align with those output by
SLE15-SP7 kernel.
- commit bc643c5
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343
(git-fixes).
- commit 4484921
- usb: roles: get usb role switch from parent only for
usb-b-connector (git-fixes).
- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
- usb: class: cdc-wdm: fix reordering issue in read code path
(git-fixes).
- usb: renesas_usbhs: fix use-after-free in ISR during device
removal (git-fixes).
- usb: gadget: f_mass_storage: Fix potential integer overflow
in check_command_size_in_blocks() (git-fixes).
- USB: core: Limit the length of unkillable synchronous timeouts
(git-fixes).
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified
timeouts (git-fixes).
- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
- usb: core: don't power off roothub PHYs if phy_set_mode()
fails (git-fixes).
- iio: gyro: mpu3050-core: fix pm_runtime error handling
(git-fixes).
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling
(git-fixes).
- iio: chemical: sps30_serial: fix buffer size in
sps30_serial_read_meas() (git-fixes).
- iio: chemical: sps30_i2c: fix buffer size in
sps30_i2c_read_meas() (git-fixes).
- iio: chemical: bme680: Fix measurement wait duration calculation
(git-fixes).
- iio: dac: ds4424: reject -128 RAW value (git-fixes).
- iio: potentiometer: mcp4131: fix double application of wiper
shift (git-fixes).
- iio: frequency: adf4377: Fix duplicated soft reset mask
(git-fixes).
- iio: imu: inv_icm42600: fix odr switch to the same value
(git-fixes).
- commit 4702653
- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
- drm/amdgpu: Fix kernel-doc comments for some LUT properties
(git-fixes).
- drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT
for smu v14 (git-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi
(git-fixes).
- drm/msm: Fix dma_free_attrs() buffer size (git-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi
registers (git-fixes).
- drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes).
- drm/xe: Do not preempt fence signaling CS instructions
(git-fixes).
- drm/exynos: vidi: use ctx->lock to protect struct vidi_context
member variables related to memory alloc/free (stable-fixes).
- drm/exynos: vidi: fix to avoid directly dereferencing user
pointer (stable-fixes).
- drm/exynos/vidi: Remove redundant error handling in
vidi_get_modes() (stable-fixes).
- commit 56adb0e
- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding
(git-fixes).
- ASoC: amd: acp-mach-common: Add missing error check for clock
acquisition (git-fixes).
- ASoC: detect empty DMI strings (git-fixes).
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for
clock acquisition (git-fixes).
- ASoC: soc-core: flush delayed work before removing DAIs and
widgets (git-fixes).
- ASoC: soc-core: drop delayed_work_pending() check before flush
(git-fixes).
- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop
and start (git-fixes).
- ALSA: pcm: fix use-after-free on linked stream runtime in
snd_pcm_drain() (git-fixes).
- commit 1a186d1
- crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (CVE-2025-71231 bsc#1258424).
- commit f8a95c7
- libpng16
-
- added patches
CVE-2026-34757: Information disclosure and data corruption via use-after-free vulnerability [bsc#1261957]
* libpng16-CVE-2026-34757.patch
- python3
-
- Add CVE-2026-6019-Morsel-js_output.patch protects against HTML
injection by Base64-encoding cookie values embedded in JS
(bsc#1262654, CVE-2026-6019, gh#python/cpython#90309).
- Add CVE-2026-1502-reject-CRLF-HTTP-tunnel.patch which rejects
CR/LF in HTTP tunnel request headers (bsc#1261969,
CVE-2026-1502, gh#python/cpython#146211).
- Add CVE-2026-4786-webbrowser-open-action.patch, which fixes
webbrowser %action substitution bypass of dash-prefix check
(bsc#1262319, CVE-2026-4786, gh#python/cpython#148169).
- Add CVE-2026-6100-use-after-free-decompression.patch preventing
dangling pointer which can end in the use-after-free error
(CVE-2026-6100, bsc#1262098, gh#python/cpython#148395).
- Fix calling of sphinx build with non-standard Python
interpreter (including new patch sphinx-set-PYTHON.patch).
- Add CVE-2026-3446-base64-padding.patch preventing ignoring
excess Base64 data after the first padded quad (bsc#1261970,
CVE-2026-3446, gh#python/cpython#145264).
- Add CVE-2026-3479-pkgutil_get_data.patch pkgutil.get_data() has
the same security model as open(). The documented limitations
ensure compatibility with non-filesystem loaders; Python
doesn't check that. (bsc#1259989, CVE-2026-3479,
gh#python/cpython#146121).
- Add CVE-2026-4519-webbrowser-open-dashes.patch to reject
leading dashes in webbrowser URLs (bsc#1260026, CVE-2026-4519,
gh#python/cpython#143930).
- Add CVE-2025-13462-tarinfo-header-parse.patch which skips
TarInfo DIRTYPE normalization during GNU long name handling
(bsc#1259611, CVE-2025-13462).
- Add CVE-2026-4224-expat-unbound-C-recursion.patch avoiding
unbound C recursion in conv_content_model in pyexpat.c
(bsc#1259735, CVE-2026-4224).
- Add CVE-2026-3644-cookies-Morsel-update-II.patch to reject
control characters in http.cookies.Morsel.update() and
http.cookies.BaseCookie.js_output (bsc#1259734, CVE-2026-3644).
- openssh
-
- Added openssh-cve-2026-35385-scp-setuid-modes.patch (bsc#1261427),
ensuring setuid bits default to being masked out by scp.
- Added openssh-cve-2026-35414-mishandled-ca-commas.patch
(bsc#1261430), fixing mishandling of comma characters in CA in
certain situations.
- sed
-
- Add CVE-2026-5958.patch
* Fix CVE-2026-5958 (bsc#1262144):
A TOCTOU race can allow to read attacker-controlled content and write
it to an unintended file
- suse-build-key
-
- import all keys if they are not yet in the RPM db.
- Added post quantum cryptographic keys for SLES 15 and SLES 16.
- build-pqc-15.pem
- build-pqc-16.pem
- vim
-
- Fix bsc#1261833 / CVE-2026-39881.
- Update to 9.2.0398.
- Changes:
* 9.2.0398: MS-Windows: missing strptime() support
* 9.2.0397: tabpanel: double-click opens a new tab
* 9.2.0396: tests: Test_error_callback_terminal is flaky on macOS
* 9.2.0395: tests: Test_backupskip() may read from $HOME
* 9.2.0394: xxd: offsets greater than LONG_MAX print as negative
* 9.2.0393: MS-Windows: link error with XPM support on UCRT64
* 9.2.0392: tests: Some tests are flaky
* 9.2.0391: tests: Comment in test_vim9_cmd breaks syntax highlighting
* 9.2.0390: filetype: some Beancount files are not recognized
* 9.2.0389: DECRQM still leaves stray "pp" on Apple Terminal.app
* 9.2.0388: strange indent in update_topline()
* 9.2.0387: DECRQM request may leave stray chars in terminal
* 9.2.0386: No scroll/scrollbar support in the tabpanel
* 9.2.0385: Integer overflow with "ze" and large 'sidescrolloff'
* 9.2.0384: stale Insstart after <Cmd> cursor move breaks undo
* 9.2.0383: [security]: runtime(netrw): shell-injection via sftp: and file: URLs
* 9.2.0382: Wayland: focus-stealing is non-working
* 9.2.0381: Vim9: Missing check_secure() in exec_instructions()
* 9.2.0380: completion: a few issues in completion code
* 9.2.0379: gui.color_approx is never used
* 9.2.0378: Using int as bool type in win_T struct
* 9.2.0377: Using int as bool type in gui_T struct
* 9.2.0376: Vim9: elseif condition compiled in dead branch
* 9.2.0375: prop_find() does not find a virt text in starting line
* 9.2.0374: c_CTRL-{G,T} does not handle offset
* 9.2.0373: Ctrl-R mapping not triggered during completion
* 9.2.0372: pum: rendering issues with multibyte text and opacity
* 9.2.0371: filetype: ghostty config files are not recognized
* 9.2.0370: duplicate code with literal string_T assignment
* 9.2.0369: multiple definitions of STRING_INIT macro
* 9.2.0368: too many strlen() calls when adding strings to dicts
* 9.2.0367: runtime(netrw): ~ note expanded on MS Windows
* 9.2.0366: pum: flicker when updating pum in place
* 9.2.0365: using int as bool
* 9.2.0364: tests: test_smoothscroll_textoff_showbreak() fails
* 9.2.0363: Vim9: variable shadowed by script-local function
* 9.2.0362: division by zero with smoothscroll and small windows
* 9.2.0361: tests: no tests for ch_listen() with IPs
* 9.2.0360: Cannot handle mouse-clicks in the tabpanel
* 9.2.0359: wrong VertSplitNC highlighting on winbar
* 9.2.0358: runtime(vimball): still path traversal attacks possible
* 9.2.0357: [security]: command injection via backticks in tag files
* 9.2.0356: Cannot apply 'scrolloff' context lines at end of file
* 9.2.0355: runtime(tar): missing path traversal checks in tar#Extract()
* 9.2.0354: filetype: not all Bitbake include files are recognized
* 9.2.0353: Missing out-of-memory check in register.c
* 9.2.0352: 'winhighlight' of left window blends into right window
* 9.2.0351: repeat_string() can be improved
* 9.2.0350: Enabling modelines poses a risk
* 9.2.0349: cannot style non-current window separator
* 9.2.0348: potential buffer underrun when setting statusline like option
* 9.2.0347: Vim9: script-local variable not found
* 9.2.0346: Wrong cursor position when entering command line window
* 9.2.0345: Wrong autoformatting with 'autocomplete'
* 9.2.0344: channel: ch_listen() can bind to network interface
* 9.2.0343: tests: test_clientserver may fail on slower systems
* 9.2.0342: tests: test_excmd.vim leaves swapfiles behind
* 9.2.0341: some functions can be run from the sandbox
* 9.2.0340: pum_redraw() may cause flicker
* 9.2.0339: regexp: nfa_regmatch() allocates and frees too often
* 9.2.0338: Cannot handle mouseclicks in the tabline
* 9.2.0337: list indexing broken on big-endian 32-bit platforms
* 9.2.0336: libvterm: no terminal reflow support
* 9.2.0335: json_encode() uses recursive algorithm
* 9.2.0334: GTK: window geometry shrinks with with client-side decorations
* 9.2.0333: filetype: PklProject files are not recognized
* 9.2.0332: popup: still opacity rendering issues
* 9.2.0331: spellfile: stack buffer overflows in spell file generation
* 9.2.0330: tests: some patterns in tar and zip plugin tests not strict enough
* 9.2.0329: tests: test_indent.vim leaves swapfiles behind
* 9.2.0328: Cannot handle mouseclicks in the statusline
* 9.2.0327: filetype: uv scripts are not detected
* 9.2.0326: runtime(tar): but with dotted path
* 9.2.0325: runtime(tar): bug in zstd handling
* 9.2.0324: 0x9b byte not unescaped in <Cmd> mapping
* 9.2.0323: filetype: buf.lock files are not recognized
* 9.2.0322: tests: test_popupwin fails
* 9.2.0321: MS-Windows: No OpenType font support
* 9.2.0320: several bugs with text properties
* 9.2.0319: popup: rendering issues with partially transparent popups
* 9.2.0318: cannot configure opacity for popup menu
* 9.2.0317: listener functions do not check secure flag
* 9.2.0316: [security]: command injection in netbeans interface via defineAnnoType
* 9.2.0315: missing bound-checks
* 9.2.0314: channel: can bind to all network interfaces
* 9.2.0313: Callback channel not registered in GUI
* 9.2.0312: C-type names are marked as translatable
* 9.2.0311: redrawing logic with text properties can be improved
* 9.2.0310: unnecessary work in vim_strchr() and find_term_bykeys()
* 9.2.0309: Missing out-of-memory check to may_get_cmd_block()
* 9.2.0308: Error message E1547 is wrong
* 9.2.0307: more mismatches between return types and documentation
* 9.2.0306: runtime(tar): some issues with lz4 support
* 9.2.0305: mismatch between return types and documentation
* 9.2.0304: tests: test for 9.2.0285 doesn't always fail without the fix
* 9.2.0303: tests: zip plugin tests don't check for warning message properly
* 9.2.0302: runtime(netrw): RFC2396 decoding double escaping spaces
* 9.2.0301: Vim9: void function return value inconsistent
* 9.2.0300: The vimball plugin needs some love
* 9.2.0299: runtime(zip): may write using absolute paths
* 9.2.0298: Some internal variables are not modified
* 9.2.0297: libvterm: can improve CSI overflow code
* 9.2.0296: Redundant and incorrect integer pointer casts in drawline.c
* 9.2.0295: 'showcmd' shows wrong Visual block size with 'linebreak'
* 9.2.0294: if_lua: lua interface does not work with lua 5.5
* 9.2.0293: :packadd may lead to heap-buffer-overflow
* 9.2.0292: E340 internal error when using method call on void value
* 9.2.0291: too many strlen() calls
* 9.2.0290: Amiga: no support for AmigaOS 3.x
* 9.2.0289: 'linebreak' may lead to wrong Visual block highlighting
* 9.2.0288: libvterm: signed integer overflow parsing long CSI args
* 9.2.0287: filetype: not all ObjectScript routines are recognized
* 9.2.0286: still some unnecessary (int) casts in alloc()
* 9.2.0285: :syn sync grouphere may go beyond end of line
* 9.2.0284: tabpanel: crash when tabpanel expression returns variable line count
* 9.2.0283: unnecessary (int) casts before alloc() calls
* 9.2.0282: tests: Test_viminfo_len_overflow() fails
* 9.2.0281: tests: Test_netrw_FileUrlEdit.. fails on Windows
- Fix bsc#1261191 / CVE-2026-34714.
- Fix bsc#1261271 / CVE-2026-34982.
- Fix bsc#1259985 / CVE-2026-33412.
- Update to 9.2.0280:
* patch 9.2.0280: [security]: path traversal issue in zip.vim
* patch 9.2.0279: terminal: out-of-bounds write with overlong CSI argument list
* patch 9.2.0278: viminfo: heap buffer overflow when reading viminfo file
* patch 9.2.0277: tests: test_modeline.vim fails
* patch 9.2.0276: [security]: modeline security bypass
* patch 9.2.0275: tests: test_options.vim fails
* patch 9.2.0274: BSU/ESU are output directly to the terminal
* patch 9.2.0273: tabpanel: undefined behaviour with large tabpanelop columns
* patch 9.2.0272: [security]: 'tabpanel' can be set in a modeline
* patch 9.2.0271: buffer underflow in vim_fgets()
* patch 9.2.0270: test: trailing spaces used in tests
* patch 9.2.0269: configure: Link error on Solaris
* patch 9.2.0268: memory leak in call_oc_method()
* patch 9.2.0267: 'autowrite' not triggered for :term
* patch 9.2.0266: typeahead buffer overflow during mouse drag event
* patch 9.2.0265: unnecessary restrictions for defining dictionary function names
* patch 9.2.0264: Cannot disable kitty keyboard protocol in vim :terminal
* patch 9.2.0263: hlset() cannot handle attributes with spaces
* patch 9.2.0262: invalid lnum when pasting text copied blockwise
* patch 9.2.0261: terminal: redraws are slow
* patch 9.2.0260: statusline not redrawn after closing a popup window
* patch 9.2.0259: tabpanel: corrupted display during scrolling causing flicker
* patch 9.2.0258: memory leak in add_mark()
* patch 9.2.0257: unnecessary memory allocation in set_callback()
* patch 9.2.0256: visual selection size not shown in showcmd during test
* patch 9.2.0255: tests: Test_popup_opacity_vsplit() fails in a wide terminal
* patch 9.2.0254: w_locked can be bypassed when setting recursively
* patch 9.2.0253: various issues with wrong b_nwindows after closing buffers
* patch 9.2.0252: Crash when ending Visual mode after curbuf was unloaded
* patch 9.2.0251: Link error when building without channel feature
* patch 9.2.0250: system() does not support bypassing the shell
* patch 9.2.0249: clipboard: provider reacts to autoselect feature
* patch 9.2.0248: json_decode() is not strict enough
* patch 9.2.0247: popup: popups may not wrap as expected
* patch 9.2.0246: memory leak in globpath()
* patch 9.2.0245: xxd: color output detection is broken
* patch 9.2.0244: memory leak in eval8()
* patch 9.2.0243: memory leak in change_indent()
* patch 9.2.0242: memory leak in check_for_cryptkey()
* patch 9.2.0241: tests: Test_visual_block_hl_with_autosel() is flaky
* patch 9.2.0240: syn_name2id() is slow due to linear search
* patch 9.2.0239: signcolumn may cause flicker
* patch 9.2.0238: showmode message may not be displayed
* patch 9.2.0237: filetype: ObjectScript routines are not recognized
* patch 9.2.0236: stack-overflow with deeply nested data in json_encode/decode()
* patch 9.2.0235: filetype: wks files are not recognized.
* patch 9.2.0234: test: Test_close_handle() is flaky
* patch 9.2.0233: Compiler warning in strings.c
* patch 9.2.0232: fileinfo not shown after :bd of last listed buffer
* patch 9.2.0231: Amiga: Link error for missing HAVE_LOCALE_H
* patch 9.2.0230: popup: opacity not working accross vert splits
* patch 9.2.0229: keypad keys may overwrite keycode for another key
* patch 9.2.0228: still possible flicker
* patch 9.2.0227: MS-Windows: CSI sequences may be written to screen
* patch 9.2.0226: No 'incsearch' highlighting support for :uniq
* patch 9.2.0225: runtime(compiler): No compiler plugin for just
* patch 9.2.0224: channel: 2 issues with out/err callbacks
* patch 9.2.0223: Option handling for key:value suboptions is limited
* patch 9.2.0222: "zb" scrolls incorrectly with cursor on fold
* patch 9.2.0221: Visual selection drawn incorrectly with "autoselect"
* patch 9.2.0220: MS-Windows: some defined cannot be set on Cygwin/Mingw
* patch 9.2.0219: call stack can be corrupted
* patch 9.2.0218: visual selection highlighting in X11 GUI is wrong.
* patch 9.2.0217: filetype: cto files are not recognized
* patch 9.2.0216: MS-Windows: Rendering artifacts with DirectX
* patch 9.2.0215: MS-Windows: several tests fail in the Windows CUI.
* patch 9.2.0214: tests: Test_gui_system_term_scroll() is flaky
* patch 9.2.0213: Crash when using a partial or lambda as a clipboard provider
* patch 9.2.0212: MS-Windows: version packing may overflow
* patch 9.2.0211: possible crash when setting 'winhighlight'
* patch 9.2.0210: tests: Test_xxd tests are failing
* patch 9.2.0209: freeze during wildmenu completion
* patch 9.2.0208: MS-Windows: excessive scroll-behaviour with go+=!
* patch 9.2.0207: MS-Windows: freeze on second :hardcopy
* patch 9.2.0206: MS-Window: stripping all CSI sequences
* patch 9.2.0205: xxd: Cannot NUL terminate the C include file style
* patch 9.2.0204: filetype: cps files are not recognized
* patch 9.2.0203: Patch v9.2.0185 was wrong
* patch 9.2.0202: [security]: command injection via newline in glob()
* patch 9.2.0201: filetype: Wireguard config files not recognized
* patch 9.2.0200: term: DECRQM codes are sent too early
* patch 9.2.0199: tests: test_startup.vim fails
* patch 9.2.0198: cscope: can escape from restricted mode
* patch 9.2.0197: tabpanel: frame width not updated for existing tab pages
* patch 9.2.0196: textprop: negative IDs and can cause a crash
* patch 9.2.0195: CI: test-suite gets killed for taking too long
* patch 9.2.0194: tests: test_startup.vim leaves temp.txt around
* patch 9.2.0193: using copy_option_part() can be improved
* patch 9.2.0192: not correctly recognizing raw key codes
* patch 9.2.0191: Not possible to know if Vim was compiled with Android support
* patch 9.2.0190: Status line height mismatch in vertical splits
* patch 9.2.0189: MS-Windows: opacity popups flicker during redraw in the console
* patch 9.2.0188: Can set environment variables in restricted mode
* patch 9.2.0187: MS-Windows: rendering artifacts with DirectX renderer
* patch 9.2.0186: heap buffer overflow with long generic function name
* patch 9.2.0185: buffer overflow when redrawing custom tabline
* patch 9.2.0184: MS-Windows: screen flicker with termguicolors and visualbell
* patch 9.2.0183: channel: using deprecated networking APIs
* patch 9.2.0182: autocmds may leave windows with w_locked set
* patch 9.2.0181: line('w0') moves cursor in terminal-normal mode
* patch 9.2.0180: possible crash with winminheight=0
* patch 9.2.0179: MS-Windows: Compiler warning for converting from size_t to int
* patch 9.2.0178: DEC mode requests are sent even when not in raw mode
* patch 9.2.0177: Vim9: Can set environment variables in restricted mode
* patch 9.2.0176: external diff is allowed in restricted mode
* patch 9.2.0175: No tests for what v9.2.0141 and v9.2.0156 fixes
* patch 9.2.0174: diff: inline word-diffs can be fragmented
* patch 9.2.0173: tests: Test_balloon_eval_term_visual is flaky
* patch 9.2.0172: Missing semicolon in os_mac_conv.c
* patch 9.2.0171: MS-Windows: version detection is deprecated
* patch 9.2.0170: channel: some issues in ch_listen()
* patch 9.2.0169: assertion failure in syn_id2attr()
* patch 9.2.0168: invalid pointer casting in string_convert() arguments
* patch 9.2.0167: terminal: setting buftype=terminal may cause a crash
* patch 9.2.0166: Coverity warning for potential NULL dereference
* patch 9.2.0165: tests: perleval fails in the sandbox
* patch 9.2.0164: build error when XCLIPBOARD is not defined
* patch 9.2.0163: MS-Windows: Compile warning for unused variable
* patch 9.2.0162: tests: unnecessary CheckRunVimInTerminal in test_quickfix
* patch 9.2.0161: intro message disappears on startup in some terminals
* patch 9.2.0160: terminal DEC mode handling is overly complex
* patch 9.2.0159: Crash when reading quickfix line
* patch 9.2.0158: Visual highlighting might be incorrect
* patch 9.2.0157: Vim9: concatenation can be improved
* patch 9.2.0156: perleval() and rubyeval() ignore security settings
* patch 9.2.0155: filetype: ObjectScript are not recognized
* patch 9.2.0154: if_lua: runtime error with lua 5.5
* patch 9.2.0153: No support to act as a channel server
* patch 9.2.0152: concatenating strings is slow
* patch 9.2.0151: blob_from_string() is slow for long strings
* patch 9.2.0150: synchronized terminal update may cause display artifacts
* patch 9.2.0149: Vim9: segfault when unletting an imported variable
* patch 9.2.0148: Compile error when FEAT_DIFF is not defined
* patch 9.2.0147: blob: concatenation can be improved
* patch 9.2.0146: dictionary lookups can be improved
* patch 9.2.0145: UTF-8 decoding and length calculation can be improved
* patch 9.2.0144: 'statuslineopt' is a global only option
* patch 9.2.0143: termdebug: no support for thread and condition in :Break
* patch 9.2.0142: Coverity: Dead code warning
* patch 9.2.0141: :perl ex commands allowed in restricted mode
* patch 9.2.0140: file reading performance can be improved
* patch 9.2.0139: Cannot configure terminal resize event
* patch 9.2.0138: winhighlight option handling can be improved
* patch 9.2.0137: [security]: crash with composing char in collection range
* patch 9.2.0136: memory leak in add_interface_from_super_class()
* patch 9.2.0135: memory leak in eval_tuple()
* patch 9.2.0134: memory leak in socket_server_send_reply()
* patch 9.2.0133: memory leak in netbeans_file_activated()
* patch 9.2.0132: tests: Test_recover_corrupted_swap_file1 fails on be systems
* patch 9.2.0131: potential buffer overflow in regdump()
* patch 9.2.0130: missing range flags for the :tab command
* patch 9.2.0129: popup: wrong handling of wide-chars and opacity:0
* patch 9.2.0128: Wayland: using _Boolean instead of bool type
* patch 9.2.0127: line('w0') and line('w$') return wrong values in a terminal
* patch 9.2.0126: String handling can be improved
* patch 9.2.0125: tests: test_textformat.vim leaves swapfiles behind
* patch 9.2.0124: auto-format may swallow white space
* patch 9.2.0123: GTK: using deprecated gdk_pixbuf_new_from_xpm_data()
* patch 9.2.0122: Vim still supports compiling on NeXTSTEP
* patch 9.2.0120: tests: test_normal fails
* patch 9.2.0119: incorrect highlight initialization in win_init()
* patch 9.2.0118: memory leak in w_hl when reusing a popup window
* patch 9.2.0117: tests: test_wayland.vim fails
* patch 9.2.0116: terminal: synchronized output sequences are buffered
* patch 9.2.0115: popup: screen flickering possible during async callbacks
* patch 9.2.0114: MS-Windows: terminal output may go to wrong terminal
* patch 9.2.0113: winhighlight pointer may be used uninitialized
* patch 9.2.0112: popup: windows flicker when updating text
* patch 9.2.0111: 'winhighlight' option not always applied
- xen
-
- bsc#1264066 - VUL-0: CVE-2025-54518: xen: AMD-SN-7052: CPU OP
Cache Corruption
6a034fca-x86-mitigate-AMD-SN-7052.patch
- Upstream security patches
69f0ab8b-gnttab-split-gnttab_map_frame.patch (bsc#1262180)
69f0ab8b-xenstored-make-conn_delete_all_transactions-idempotent.patch (bsc#1262178)
- Drop old security patches in favor of upstream versions.
xsa484.patch
xsa486.patch
- Upstream bug fixes (bsc#1027519)
69d4ab43-EFI-avoid-OOB-config-file-reads.patch
69d8ed8e-x86-time-dont-kill-calibration-timer-on-S3.patch
69e0e400-x86-use-native-TSC-scaling-factors-when-.patch
69e0e401-CPU-round-cpu_khz-calculations.patch
69e26ac9-x86-mkelf32-actually-pad-segment-to-2Mb.patch
- bsc#1262428 - VUL-0: CVE-2025-54505: xen: Floating Point Divider
State Sampling on AMD CPUs AMD-SN-7053 (XSA-488)
69e26aca-x86-mitigate-AMD-SN-7053-FP-DSS.patch
- bsc#1262178 - VUL-0: CVE-2026-23557: xen: Xenstored DoS via
XS_RESET_WATCHES command (XSA-484)
xsa484.patch
- bsc#1262180 - VUL-0: CVE-2026-23558: xen: grant table v2 race in
status page mapping (XSA-486)
xsa486.patch
- Update to Xen 4.20.3 bug fix release (bsc#1027519) (jsc#PED-8907)
* No upstream changelog found in sources or webpage
- Drop patches contained in new tarball
691b3550-x86-ucode-add-rows-to-entrysign-table.patch
69247713-x86-ucode-error-handling-parallel.patch
6926be59-x86-vMSI-X-refcount.patch
6926e01d-x86-vHPET-IRQ-route-sanitization.patch
692896dc-x86-AMD-Zenbleed-mitigation-static.patch
692dc059-x86-AMD-DE_CFG-editing.patch
693a85c2-x86-PoD-decrease_reservation-clearing-M2P.patch
693a85d6-x86-update-log-dirty-bitmap-when-.patch
695f816a-x86-HVM-more-strict-XENMAPSPACE_gmfn-source-types.patch
6964e408-x86-retval-of-has_if_pschange_mc.patch
6978b5a5-x86-shadow-dont-overrun-trace_emul_write_val.patch
6978b5bf-x86-spec-ctrl-incomplete-IBPB-at-cswitch.patch
6978c4b0-x86-AMD-fold-another-DE_CFG-edit.patch
xsa480.patch
xsa481.patch