- curl
-
- Security fixes:
* [bsc#1249191, CVE-2025-9086] Out of bounds read for cookie path
* [bsc#1249348, CVE-2025-10148] Predictable WebSocket mask
* Add patches:
- curl-CVE-2025-9086.patch
- curl-CVE-2025-10148.patch
- jasper
-
- bsc#1247904 CVE-2025-8835:
Fix NULL pointer dereference in function jas_image_chclrspc
Add jasper-CVE-2025-8835.patch
- bsc#1247902 CVE-2025-8836:
Fix assertion failure in the jpc_floorlog2 function
Add jasper-CVE-2025-8836.patch
- bsc#1247901 CVE-2025-8837:
Fix use-after-free in function jpc_dec_dump
Add jasper-CVE-2025-8837.patch
- python-urllib3
-
- Add patch CVE-2025-50181-poolmanager-redirects.patch:
* Pool managers now properly control redirects when retries is passed
(CVE-2025-50181, GHSA-pq67-6m6q-mj2v, bsc#1244925)
- vim
-
- Fix the following CVEs and bugs:
* bsc#1246602 (CVE-2025-53906)
* bsc#1246604 (CVE-2025-53905)
* bsc#1247939 (CVE-2025-55158)
* bsc#1247938 (CVE-2025-55157)
- Update to 9.1.1629:
9.1.1629: Vim9: Not able to use more than 10 type arguments in a generic function
9.1.1628: fuzzy.c has a few issues
9.1.1627: fuzzy matching can be improved
9.1.1626: cindent: does not handle compound literals
9.1.1625: Autocompletion slow with include- and tag-completion
9.1.1624: Cscope not enabled on MacOS
9.1.1623: Buffer menu does not handle unicode names correctly
9.1.1622: Patch v9.1.1432 causes performance regressions
9.1.1621: flicker in popup menu during cmdline autocompletion
9.1.1620: filetype: composer.lock and symfony.lock files not recognized
9.1.1619: Incorrect E535 error message
9.1.1618: completion: incorrect selected index returned from complete_info()
9.1.1617: Vim9: some error messages can be improved
9.1.1616: xxd: possible buffer overflow with bitwise output
9.1.1615: diff format erroneously detected
9.1.1614: Vim9: possible variable type change
9.1.1613: tests: test_search leaves a few swapfiles behind
9.1.1612: Ctrl-G/Ctrl-T do not ignore the end search delimiter
9.1.1611: possible undefined behaviour in mb_decompose()
9.1.1610: completion: hang or E684 when 'tagfunc' calls complete()
9.1.1609: complete: Heap-buffer overflow with complete function
9.1.1608: No command-line completion for :unsilent {command}
9.1.1607: :apple command detected as :append
9.1.1606: filetype: a few more files are not recognized
9.1.1605: cannot specify scope for chdir()
9.1.1604: completion: incsearch highlight might be lost
9.1.1603: completion: cannot use autoloaded funcs in 'complete' F{func}
9.1.1602: filetype: requirements-*.txt files are not recognized
9.1.1601: Patch v8.1.0425 was wrong
9.1.1600: using diff anchors with hidden buffers fails silently
9.1.1599: :bnext doesn't go to unlisted help buffers
9.1.1598: filetype: waybar config file is not recognized
9.1.1597: CI reports leaks in libgtk3 library
9.1.1596: tests: Test_search_wildmenu_iminsert() depends on help file
9.1.1595: Wayland: non-portable use of select()
9.1.1594: completion: search completion throws errors
9.1.1593: Confusing error when compiling incomplete try block
9.1.1592: Vim9: crash with classes and garbage collection
9.1.1591: VMS support can be improved
9.1.1590: cannot perform autocompletion
9.1.1589: Cannot disable cscope interface using configure
9.1.1588: Vim9: cannot split dict inside command block
9.1.1587: Wayland: timeout not updated before select()
9.1.1586: Vim9: can define an enum/interface in a function
9.1.1585: Wayland: gvim still needs GVIM_ENABLE_WAYLAND
9.1.1584: using ints as boolean type
9.1.1583: gvim window lost its icons
9.1.1582: style issue in vim9type.c and vim9generics.c
9.1.1581: possible memory leak in vim9generics.c
9.1.1580: possible memory leak in vim9type.c
9.1.1579: Coverity complains about unchecked return value
9.1.1578: configure: comment still mentions autoconf 2.71
9.1.1577: Vim9: no generic support yet
9.1.1576: cannot easily trigger wildcard expansion
9.1.1575: tabpanel not drawn correctly with wrapped lines
9.1.1574: Dead code in mbyte.c
9.1.1573: Memory leak when pressing Ctrl-D in cmdline mode
9.1.1572: expanding $var does not escape whitespace for 'path'
9.1.1571: CmdlineChanged triggered to often
9.1.1570: Copilot suggested some improvements in cmdexpand.c
9.1.1569: tests: Vim9 tests can be improved
9.1.1568: need a few more default highlight groups
9.1.1567: crash when using inline diff mode
9.1.1566: self-referenced enum may not get freed
9.1.1565: configure: does not consider tiny version for wayland
9.1.1564: crash when opening popup to closing buffer
9.1.1563: completion: ruler may disappear
9.1.1562: close button always visible in the 'tabline'
9.1.1561: configure: wayland test can be improved
9.1.1560: configure: uses $PKG_CONFIG before it is defined
9.1.1559: tests: Test_popup_complete_info_01() fails when run alone
9.1.1558: str2blob() treats NULL string and empty string differently
9.1.1557: not possible to anchor specific lines in difff mode
9.1.1556: string handling in cmdexpand.c can be improved
9.1.1555: completion: repeated insertion of leader
9.1.1554: crash when omni-completion opens command-line window
9.1.1553: Vim9: crash when accessing a variable in if condition
9.1.1552: [security]: path traversal issue in tar.vim
9.1.1551: [security]: path traversal issue in zip.vim
9.1.1550: defaults: 'showcmd' is not enabled in non-compatible mode on Unix
9.1.1549: filetype: pkl files are not recognized
9.1.1548: filetype: OpenFGA files are not recognized
9.1.1547: Wayland: missing ifdef
9.1.1546: Vim9: error with has() and short circuit evaluation
9.1.1545: typo in os_unix.c
9.1.1544: :retab cannot be limited to indentation only
9.1.1543: Wayland: clipboard appears to not be working
9.1.1542: Coverity complains about uninitialized variable
9.1.1541: Vim9: error when last enum value ends with a comma
9.1.1540: completion: menu state wrong on interruption
9.1.1539: completion: messages don't respect 'shm' setting
9.1.1537: helptoc: still some issues when markdown code blocks
9.1.1536: tests: test_plugin_comment uses wrong :Check command
9.1.1535: the maximum search count uses hard-coded value 99
9.1.1534: unnecessary code in tabpanel.c
9.1.1533: helptoc: does not handle code sections in markdown well
9.1.1532: termdebug: not enough ways to configure breakpoints
9.1.1531: confusing error with nested legacy function
9.1.1530: Missing version change in v9.1.1529
9.1.1529: Win32: the toolbar in the GUI is old and dated
9.1.1528: completion: crash with getcompletion()
9.1.1527: Vim9: Crash with string compound assignment
9.1.1526: completion: search completion match may differ in case
9.1.1525: tests: testdir/ is a bit messy
9.1.1524: tests: too many imports in the test suite
9.1.1523: tests: test_clipmethod fails in non X11 environment
9.1.1522: tests: still some ANSI escape sequences in test output
9.1.1521: completion: pum does not reset scroll pos on reopen with 'noselect'
9.1.1520: completion: search completion doesn't handle 'smartcase' well
9.1.1519: tests: Test_termdebug_decimal_breakpoints() may fail
9.1.1518: getcompletiontype() may crash
9.1.1517: filetype: autopkgtest files are not recognized
9.1.1516: tests: no test that 'incsearch' is updated after search completion
9.1.1515: Coverity complains about potential unterminated strings
9.1.1514: Coverity complains about the use of tmpfile()
9.1.1513: resizing Vim window causes unexpected internal window width
9.1.1512: completion: can only complete from keyword characters
9.1.1511: tests: two edit tests change v:testing from 1 to 0
9.1.1510: Search completion may use invalid memory
9.1.1509: patch 9.1.1505 was not good
9.1.1508: string manipulation can be improved in cmdexpand.c
9.1.1507: symlinks are resolved on :cd commands
9.1.1506: tests: missing cleanup in Test_search_cmdline_incsearch_highlight()
9.1.1505: not possible to return completion type for :ex command
9.1.1504: filetype: numbat files are not recognized
9.1.1503: filetype: haxe files are not recognized
9.1.1502: filetype: quickbms files are not recognized
9.1.1501: filetype: flix files are not recognized
9.1.1500: if_python: typo in python error variable
9.1.1499: MS-Windows: no indication of ARM64 architecture
9.1.1498: completion: 'complete' funcs behave different to 'omnifunc'
9.1.1497: Link error with shm_open()
9.1.1496: terminal: still not highlighting empty cells correctly
9.1.1495: Wayland: uses $XDG_SEAT to determine seat
9.1.1494: runtime(tutor): no French translation for Chapter 2
9.1.1493: manually comparing positions on buffer
9.1.1492: tests: failure when Wayland compositor fails to start
9.1.1491: missing out-of-memory checks in cmdexpand.c
9.1.1490: 'wildchar' does not work in search contexts
9.1.1489: terminal: no visual highlight of empty cols with empty 'listchars'
9.1.1488: configure: using obsolete macro AC_PROG_GCC_TRADITIONAL
9.1.1487: :cl doesn't invoke :clist
9.1.1486: documentation issues with Wayland
9.1.1485: missing Wayland clipboard support
9.1.1484: tests: Turkish locale tests fails on Mac
9.1.1483: not possible to translation position in buffer
9.1.1482: scrolling with 'splitkeep' and line()
9.1.1481: gcc complains about uninitialized variable
9.1.1480: Turkish translation outdated
9.1.1479: regression when displaying localized percentage position
9.1.1478: Unused assignment in ex_uniq()
9.1.1476: no easy way to deduplicate text
9.1.1476: missing out-of-memory checks in cmdexpand.c
9.1.1475: completion: regression when "nearest" in 'completeopt'
9.1.1474: missing out-of-memory check in mark.c
9.1.1473: inconsistent range arg for :diffget/diffput
9.1.1472: if_python: PySequence_Fast_{GET_SIZE,GET_ITEM} removed
9.1.1471: completion: inconsistent ordering with CTRL-P
9.1.1470: use-after-free with popup callback on error
9.1.1469: potential buffer-underflow with invalid hl_id
9.1.1468: filetype: bright(er)script files are not recognized
9.1.1467: too many strlen() calls
9.1.1466: filetype: not all lex files are recognized
9.1.1465: tabpanel: not correctly drawn with 'equalalways'
9.1.1464: gv does not work in operator-pending mode
9.1.1463: Integer overflow in getmarklist() after linewise operation
9.1.1462: missing change from patch v9.1.1461
9.1.1461: tabpanel: tabpanel vanishes with popup menu
9.1.1460: MS-Windows: too many strlen() calls in os_win32.c
9.1.1459: xxd: coloring output is inefficient
9.1.1458: tabpanel: tabs not properly updated with 'stpl'
9.1.1457: compile warning with tabpanelopt
9.1.1456: comment plugin fails toggling if 'cms' contains \
9.1.1455: Haiku: dailog objects created with no reference
9.1.1454: tests: no test for pum at line break position
9.1.1453: tests: Test_geometry() may fail
9.1.1452: completion: redundant check for completion flags
9.1.1451: tabpanel rendering artifacts when scrolling
9.1.1450: Session has wrong arglist with :tcd and :arglocal
9.1.1449: typo in pum_display()
9.1.1448: tabpanel is not displayed correctly when msg_scrolled
9.1.1447: completion: crash when backspacing with fuzzy completion
9.1.1446: filetype: cuda-gdb config files are not recognized
9.1.1445: negative matchfuzzy scores although there is a match
9.1.1444: Unused assignment in set_fuzzy_score()
9.1.1443: potential buffer underflow in insertchar()
9.1.1442: tests: Test_diff_fold_redraw() is insufficient
9.1.1441: completion: code can be improved
9.1.1440: too many strlen() calls in os_win32.c
9.1.1439: Last diff folds not merged
9.1.1438: tests: Test_breakindent_list_split() fails
9.1.1437: MS-Windows: internal compile error in uc_list()
9.1.1436: GUI control code is displayed on the console on startup
9.1.1435: completion: various flaws in fuzzy completion
9.1.1434: MS-Windows: missing out-of-memory checks in os_win32.c
9.1.1433: Unnecessary :if when writing session
9.1.1432: GTK GUI: Buffer menu does not handle unicode correctly
9.1.1431: Hit-Enter Prompt when loading session files
9.1.1430: tabpanel may flicker in the GUI
9.1.1429: dragging outside the tabpanel changes tabpagenr
9.1.1428: completion: register completion needs cleanup
9.1.1427: rendering artifacts with the tabpanel
9.1.1426: completion: register contents not completed
9.1.1425: tabpanel: there are still some problems with the tabpanel
9.1.1424: PMenu selection broken with multi-line selection and limits
9.1.1423: :tag command not working correctly using Vim9 Script
9.1.1422: scheduling of complete function can be improved
9.1.1421: tests: need a test for the new-style tutor.tutor
9.1.1420: tests: could need some more tests for shebang lines
9.1.1419: It is difficult to ignore all but some events
9.1.1418: configures GUI auto detection favors GTK2
9.1.1417: missing info about register completion in complete_info()
9.1.1416: completion limits not respected for fuzzy completions
9.1.1415: potential use-after free when there is an error in 'tabpanel'
9.1.1414: MS-Windows: compile warnings in os_win32.c
9.1.1413: spurious CursorHold triggered in GUI on startup
9.1.1412: tests: Test_tabpanel_tabonly() fails on larger screens
9.1.1411: crash when calling non-existing function for tabpanel
9.1.1410: out-of-bounds access with 'completefunc'
9.1.1409: using f-flag in 'complete' conflicts with Neovim
9.1.1408: not easily possible to complete from register content
9.1.1407: Can't use getpos('v') in OptionSet when using setbufvar()
- python3-base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add functools-cached_property.patch adding the port of
functools.cached_property from Python 3.8
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Make the time module statically linked to prevent faliure to
start when building.
- Update CVE-2024-11168-validation-IPv6-addrs.patch
according to the Debian version
(gh#python/cpython#103848#issuecomment-2708135083).
- Remove python-3.3.0b1-test-posix_fadvise.patch (not needed
since kernel 3.6-rc1)
- avahi
-
- Add avahi-CVE-2024-52615.patch:
Backport 4e2e1ea from upstream, Resolve fixed source ports for
wide-area DNS queries cause DNS responses be injected.
(CVE-2024-52615, bsc#1233421)
- openssl-1_0_0
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- python
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- gnutls
-
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- sqlite3
-
- Backpatch the URLs in sqlite3.n from https to http to avoid a
file conflict with the tcl package on SLE-12.
- Sync version 3.50.2 from Factory:
* CVE-2025-6965, bsc#1246597:
Raise an error early if the number of aggregate terms in a
query exceeds the maximum number of columns, to avoid
downstream assertion faults.
* Add subpackage for the lemon parser generator.
+ sqlite-3.49.0-fix-lemon-missing-cflags.patch
+ sqlite-3.6.23-lemon-system-template.patch
- regionServiceClientConfigGCE
-
- Update to version 5.0.0 (bsc#1246995)
+ SLE 16 python-requests requiers SSL v3 certificates. Update 2
region server certs to support SLE 16 when it gets released.
- Update conditional to handle name change of metadata package
in SLE 16 (bsc#1242063)
- grub2
-
- Fix CVE-2024-56738: side-channel attack due to not constant-time
algorithm in grub_crypto_memcmp (bsc#1234959)
* grub2-constant-time-grub_crypto_memcmp.patch
- Fix page fault due to stricter memory permissions in shim 15.8 with later
ovmf built from edk2-stable202502 (bsc#1240771)
* 0001-efi-refactor-grub_efi_allocate_pages.patch
* 0002-Remove-grub_efi_allocate_pages.patch
* 0003-efi-change-heap-allocation-type-to-GRUB_EFI_LOADER_C.patch
* 0004-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
* 0005-mkimage-Align-efi-sections-on-4k-boundary.patch
- gdk-pixbuf
-
- Add gdk-pixbuf-jpeg-icc-data.patch: be more careful with icc data
(bsc#1246114 CVE-2025-7345 glgo@GNOME/gdk-pixbuf!217).
- python-base
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- libxml2
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- openssl-1_1
-
- Security fix: [bsc#1250232 CVE-2025-9230]
* Fix out-of-bounds read & write in RFC 3211 KEK unwrap
* Add patch openssl3-CVE-2025-9230.patch
- libgcrypt
-
- Security fix [bsc#1221107, CVE-2024-2236]
* Add --enable-marvin-workaround to spec to enable workaround
* Fix timing based side-channel in RSA implementation ( Marvin attack )
* Add libgcrypt-CVE-2024-2236_01.patch
* Add libgcrypt-CVE-2024-2236_02.patch
* Add libgcrypt-CVE-2024-2236_03.patch
* Add libgcrypt-CVE-2024-2236_04.patch
* Add libgcrypt-CVE-2024-2236_05.patch
* Add libgcrypt-CVE-2024-2236_06.patch
* Add libgcrypt-CVE-2024-2236_07.patch
* Add libgcrypt-CVE-2024-2236_08.patch
* Add libgcrypt-CVE-2024-2236_09.patch
* Add libgcrypt-CVE-2024-2236_10.patch
* Add libgcrypt-CVE-2024-2236_11.patch
* Add libgcrypt-CVE-2024-2236_decoding_fix.patch
- google-cloud-sap-agent
-
- Update to version 3.8 (bsc#1244324, bsc#1244295)
* Remove parsing of Pacemaker attribute is_ccm
* Update spec file to remove GCBDR packages
* Internal cleanup
* Send agent status to WLM DW with WriteInsight()
* Adds upcoming maintenance events chart and table to the maintenance system events dashboard
* Fix Backint log_to_cloud configuration parameter
* Update list of process metrics and hanamonitoring
* Added Usage metrics to support bundle tool.
* Enhance Support bundle collection
* Updates to the maintenance dashboard with instructions on setup in the README.md
* Update metric override file with new metrics marked for v3.8.
* Dashboard updates
* Add unit tests for gcealpha.go
* Add unit tests for restore.go, remove unreachable code
* Add unit tests for versionhandler
* Outputting the agent status as a JSON string so it can be queried and parsed Log Analytics
* Add usagemetrics for remaining OTEs
* Increase coverage to > 90% in processmetrics/networkstats test
* Increase coverage to > 90% in processmetrics/hanavolume test
* Add unit tests for hanabackup
* Added Test Case for GCE Service Creation Failure in Remote Validation Onetime Execution.
* Internal change
* Update below parameters in google-x4.conf file
* Add Hana Monitoring metrics:
* Add Hana log disk utilisation metric (in Kb)
* Add Linux os metrics as part of process metrics
* Make the bare metal metric resource type non-generic
* Update TODO
* Check the status of the WLM Data Warehouse API before starting metric collection.
* Fix data race in status test
* Make the bare metal metric resource type non-generic
* Add WLM metric collection for SELinux config settings.
* Adding the kernel version to the SAP System discovery data.
* Collect SAP events in support bundle.
* Adding support to collect hana monitoring metrics.
* Auto updated compiled protocol buffers
* Add Pacemaker WLM metrics: ASCS_IP, ERS_IP, ASCS_VIRTUAL_IP, ERS_VIRTUAL_IP
* Add WLM metric collection for kernel version.
* Fix github build failures.
* Update Go version in build to 1.24.2.
* Collect Status in daemon mode
* Status OTE agent changes to use artifact registry list version
* Add support for /var/log/messages collection including rolled over messages
* Added timezone handling logic for querying process metrics
* Add WLM metric: CLUSTER_HEALTHY for pacemaker
* Collection definition test improvements.
* Added support to collect pacemaker log files
* Default Pacemaker PCMK fields to empty string.
* Use correct destination folder in collectProcessMetrics
* Ignore timestamps in test
* Update process metrics query to use timestamp, before and after duration.
* Add functionality to collect process metrics
* Update SAP guest actions to utilize shared library
* Update SAP Agent logusage command help message
* Changes to the github action if commit/push of generated protos fails
* Fix a couple of comments.
* Adding support for collecting SapDiscovery logs from cloud logging.
* Cleanup agentmetrics_test.go
* Proto change
- Adjust upstream source paths in spec file
- Bump Go ABI version to 1.24 in BuildRequires
- Add -buildmode=pie to go build command line (bsc#1239946)
- samba
-
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page;(bsc#1233880).
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- cups
-
- cups-1.7.5-CVE-2025-58364.patch is derived
from the upstream patch to fix CVE-2025-58364
"Remote DoS via null dereference"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4
bsc#1249128
- cups-1.7.5-CVE-2025-58060.patch is derived
from the upstream patch against CUPS 2.4
to fix CVE-2025-58060
"Authentication bypass with AuthType Negotiate"
https://github.com/OpenPrinting/cups/security/advisories/GHSA-4c68-qgrh-rmmq
bsc#1249049
- net-tools
-
- Drop old Fedora patch net-tools-1.60-interface_stack.patch. It
provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes
by the upstream in 2025 in a different way. Revert interferring
net-tools-CVE-2025-46836.patch back to the upstream version.
- Fix stack buffer overflow in parse_hex (bsc#1248687,
GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
GHSA-w7jq-cmw2-cq59,
net-tools-proc_gen_fmt-buffer-overflow.patch).
- Avoid unsafe memcpy in ifconfig (bsc#1248687,
net-tools-ifconfig-avoid-unsafe-memcpy.patch).
- Prevent overflow in ax25 and netrom (bsc#1248687,
net-tools-ax25+netrom-overflow-1.patch,
net-tools-ax25+netrom-overflow-2.patch).
- Keep possibility to enter long interface names, even if they are
not accepted by the kernel, because it was always possible up to
CVE-2025-46836 fix. But issue a warning about an interface name
concatenation (bsc#1248410,
net-tools-ifconfig-long-name-warning.patch).
- Provide more readable error for interface name size checking
introduced by net-tools-CVE-2025-46836.patch
(bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
- Perform bound checks when parsing interface labels in
/proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
- rsync
-
- Fix bsc#1249363 - rsync client sometimes unable to list modules
* Fix order of arguments in rsync-fix-daemon-proto-32.patch
* Change spec fie to use %patch -P n -p1 syntax to conform to rpmlint
- libssh
-
- Security fix: [CVE-2025-8277, bsc#1249375]
* Memory Exhaustion via Repeated Key Exchange
* Add patches:
- libssh-CVE-2025-8277-packet-Adjust-packet-filter-to-work-wh.patch
- libssh-CVE-2025-8277-Fix-memory-leak-of-unused-ephemeral-ke.patch
- libssh-CVE-2025-8277-ecdh-Free-previously-allocated-pubkeys.patch
- Security fix: [CVE-2025-8114, bsc#1246974]
* NULL pointer dereference when calculating session ID during KEX
* Add libssh-CVE-2025-8114.patch
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- kernel-default
-
- usb: xhci: Apply the link chain quirk on NEC isoc endpoints
(CVE-2025-22022 bsc#1241292).
- commit b35c518
- usb: xhci: move link chain bit quirk checks into one helper
function (CVE-2025-22022 bsc#1241292).
- commit e8f6e8b
- drm/framebuffer: Fix object locking in destroy function (bsc#1248130)
Fix the locking in drm_gem_fb_destroy(). This is an bug in the backport
of commit f6bfc9afc751 ("drm/framebuffer: Acquire internal references on
GEM handles") for bsc#1247255.
- commit 8b690c9
- HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556 bsc#1248296)
- commit efa9b29
- Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() (CVE-2025-38473 bsc#1247289)
- commit 3bda5d9
- bus: fsl-mc: fix double-free on mc_dev (CVE-2025-38313 bsc#1246342)
- commit cfe0da6
- bcache: fix NULL pointer in cache_set_flush() (CVE-2025-38263 bsc#1246248)
- commit 0207ad5
- wifi: mac80211: reject TDLS operations when station is not
associated (CVE-2025-38644 bsc#1248748).
- commit 38baafe
- vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511
CVE-2025-38618).
- commit 7301855
- USB: gadget: Fix obscure lockdep violation for udc_mutex
(CVE-2022-49980 bsc#1245110).
- commit e73f583
- usb: gadget: Fix use-after-free bug by not setting
udc->dev.driver (CVE-2022-49980 bsc#1245110).
- commit 7b2e080
- usb: gadget: udc: core: Use pr_fmt() to prefix messages
(CVE-2022-49980 bsc#1245110).
- commit 342cb6b
- usb: gadget: core: do not try to disconnect gadget if it is
not connected (CVE-2022-49980 bsc#1245110).
- commit 6ce9821
- USB: gadget core: Issue ->disconnect() callback from
usb_gadget_disconnect() (CVE-2022-49980 bsc#1245110).
- commit e372dab
- usb: gadget: udc: Use scnprintf() instead of snprintf()
(CVE-2022-49980 bsc#1245110).
- commit 01ff878
- usb: gadget: udc: remove duplicate & operation (CVE-2022-49980
bsc#1245110).
- commit 6258328
- usb: gadget: remove redundant self assignment (CVE-2022-49980
bsc#1245110).
- commit aa82e52
- Update patches.suse/perf-core-Exit-early-on-perf_mmap-fail.patch
(CVE-2025-38563 bsc#1248306 dependency CVE-2025-38565
bsc#1248377).
- commit d0832f2
- thunderbolt: Do not double dequeue a configuration request (CVE-2025-38174 bsc#1245781)
- commit 34371af
- fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (CVE-2025-38214 bsc#1246042)
- commit 4cdcf0a
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (CVE-2025-38184 bsc#1245956)
- commit f59dd51
- gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO (CVE-2025-38122 bsc#1245746)
- commit c710bdd
- net: usb: aqc111: debug info before sanitation (bsc#1245744)
- commit 3ab10bb
- net: usb: aqc111: fix error handling of usbnet read calls (CVE-2025-38153 bsc#1245744)
- commit 0a0b0b6
- VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify (CVE-2025-38102 bsc#1245669)
- commit 104e403
- Fix backport of the patch:
patches.suse/ext4-fix-race-when-reusing-xattr-blocks.patch (bsc#1247929)
- commit 2389678
- USB: gadget: Fix use-after-free Read in usb_udc_uevent()
(CVE-2022-49980 bsc#1245110).
- commit 5e1438b
- perf/core: Prevent VMA split of buffer mappings (CVE-2025-38563
bsc#1248306).
- commit 8cbbc54
- perf/core: Exit early on perf_mmap() fail (CVE-2025-38563
bsc#1248306 dependency).
- commit 45bf71a
- usb: net: sierra: check for no status endpoint (CVE-2025-38474
bsc#1247311).
- commit 9d6b398
- perf/core: Don't leak AUX buffer refcount on allocation failure
(CVE-2025-38563 bsc#1248306 dependency).
- commit 6e78f38
- atm: clip: Fix memory leak of struct clip_vcc (CVE-2025-38546
bsc#1248223).
- commit 9623eb0
- hid: hide cleanup of hid_descriptor (CVE-2025-38103
bsc#1245663).
- commit 13489bf
- HID: usbhid: Eliminate recurrent out-of-bounds bug in
usbhid_parse() (CVE-2025-38103 bsc#1245663).
- commit de56614
- wifi: zd1211rw: Fix potential NULL pointer dereference in
zd_mac_tx_to_dev() (CVE-2025-38513 bsc#1248179).
- commit 5d08711
- drm/sched: Increment job count before swapping tail spsc queue
(CVE-2025-38515 bsc#1248212).
- commit c4cd790
- bluetooth put new member for hci_dev at end (CVE-2025-38117
bsc#1245695).
- commit 0a0a7e2
- bluetooth: hide change to struct mgmt_pending_cmd
(CVE-2025-38117 bsc#1245695).
- commit be95d10
- wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-38512
bsc#1248178).
- commit b3fbfce
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (bsc#1225527)
- commit 696796d
- clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (CVE-2025-38499 bsc#1247976)
- commit 853d04a
- net/packet: fix a race in packet_set_ring() and
packet_notifier() (CVE-2025-38617 bsc#1248621).
- commit b606d75
- atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (CVE-2025-38245 bsc#1246193)
- commit b752c31
- atm: Revert atm_account_tx() if copy_from_iter_full() fails (CVE-2025-38190 bsc#1245973)
- commit 3bb91d5
- atm: atmtcp: Free invalid length skb in atmtcp_c_send() (CVE-2025-38185 bsc#1246012)
- commit eb7640e
- crypto: marvell/cesa - Handle zero-length skcipher requests (CVE-2025-38173 bsc#1245769)
- commit 202473d
- tee: fix compiler warning in tee_shm_register() (CVE-2022-50080 bsc#1244972)
- commit 22a7c7b
- tee: add overflow check in register_shm_helper() (CVE-2022-50080 bsc#1244972)
- commit a02103f
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CVE-2022-50228 bsc#1244854)
- commit ac7e443
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (CVE-2022-50185 bsc#1244887)
- commit 50be8a6
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (CVE-2022-50229 bsc#1244856)
- commit f2b2849
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (CVE-2022-50191 bsc#1244899)
- commit de6ac5a
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (CVE-2022-50141 bsc#1244794)
- commit 6834f5d
- net: atlantic: fix aq_vec index out of range error (CVE-2022-50066 bsc#1244985).
- commit 6c25c9e
- Update config files. Disable N_GSM (jsc#PED-8240, bsc#1244824, CVE-2022-50116)
- commit e07a3f6
- tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464
bsc#1247112).
- commit 9f4aa7a
- xfrm: fix refcount leak in __xfrm_policy_check() (CVE-2022-50007 bsc#1245016)
- commit 8245963
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (CVE-2022-50162 bsc#1244773)
- commit 67efefc
- HID: hidraw: fix a problem of memory leak in hidraw_release() (bsc#1245072)
- commit 990e001
- HID: hidraw: fix memory leak in hidraw_release() (CVE-2022-49981 bsc#1245072)
- commit ffa8f52
- scsi: target: iscsi: Fix timeout on deleted connection (CVE-2025-38075 bsc#1244734)
- commit c2e8d4f
- bpf: Fix a data-race around bpf_jit_limit (CVE-2022-49967 bsc#1244964)
- commit b2d2477
- crypto: pcrypt - Fix hungtask for PADATA_RESET (CVE-2023-52813 bsc#1225527)
- commit b063c0a
- RDMA/rxe: Fix error unwind in rxe_create_qp() (CVE-2022-50127 bsc#1244815)
- commit bd0b886
- RDMA/qedr: Fix potential memory leak in __qedr_alloc_mr() (CVE-2022-50138 bsc#1244797)
- commit 585ba4c
- Refresh patches.suse/x86-alternative-Merge-include-files.patch.
- commit 61adacf
- drm/framebuffer: Acquire internal references on GEM handles (bsc#1247255)
- commit 13075c4
- Move pesign-obs-integration requirement from kernel-syms to kernel devel
subpackage (bsc#1248108).
- commit e707e41
- drm/gem: Acquire references on GEM handles for framebuffers (bsc#1247255 CVE-2025-38449)
- commit 4e06401
- KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
(bsc#1242782, CVE-2025-23141).
- commit 9f573f0
- netlink: avoid infinite retry looping in netlink_unicast()
(CVE-2025-38465 bsc#1247118).
- commit 0acd3ff
- posix-cpu-timers: fix race between handle_posix_cpu_timers()
and posix_cpu_timer_del() (bsc#1246911 CVE-2025-38352).
- blacklist.conf: CVE-2022-50159
- commit 0e930ec
- kABI fix for net: vlan: fix VLAN 0 refcount imbalance of
toggling (CVE-2025-38470 bsc#1247288).
- net: vlan: fix VLAN 0 refcount imbalance of toggling filtering
during runtime (CVE-2025-38470 bsc#1247288).
- net/sched: Abort __tc_modify_qdisc if parent class does not
exist (CVE-2025-38457 bsc#1247098).
- atm: clip: Fix potential null-ptr-deref in to_atmarpd()
(CVE-2025-38460 bsc#1247143).
- net: sched: simplify the qdisc_leaf code (CVE-2025-38457
bsc#1247098).
- commit bc4b1c9
- x86/its: Align RETs in BHB clear sequence to avoid thunking (bsc#1242006 CVE-2024-28956).
- commit 9e72e87
- x86/its: Add "vmexit" option to skip mitigation on some CPUs (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 7095d7d
- x86/its: Enable Indirect Target Selection mitigation (bsc#1242006 CVE-2024-28956).
- commit 06978e9
- x86/its: Add support for ITS-safe return thunk (bsc#1242006 CVE-2024-28956).
- commit ed80f34
- x86/its: Add support for ITS-safe indirect thunk (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 847f2c0
- do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498 bsc#1247374)
- commit fc35a30
- af_packet: Don't send zero-byte data in packet_sendmsg_spkt()
(CVE-2022-49975 bsc#1245196).
- bpf: Move skb->len == 0 checks into __bpf_redirect
(CVE-2022-49975 bsc#1245196).
- bpf: make sure skb->len != 0 when redirecting to a tunneling
device (CVE-2022-49975 bsc#1245196).
- net/ieee802154: don't warn zero-sized raw_sendmsg()
(CVE-2022-49975 bsc#1245196).
- net/af_packet: check len when min_header_len equals to 0
(CVE-2022-49975 bsc#1245196).
- bpf: Don't redirect packets with invalid pkt_len (CVE-2022-49975
bsc#1245196).
- bpf: in __bpf_redirect_no_mac pull mac only if present
(CVE-2022-49975 bsc#1245196).
- commit bde4efa
- ACPICA: Refuse to evaluate a method if arguments are missing
(CVE-2025-38386 bsc#1247138).
- commit 2984cfb
- x86/asm: Provide ALTERNATIVE_3 (git-fixes).
- commit f737462
- nfsd: nfsd4_spo_must_allow() must check this is a v4 compound
request (bsc#1247160 CVE-2025-38430).
- commit 53125b5
- linkage: Introduce new macros for assembler symbols (git-fixes).
- commit e08683f
- x86: Simplify retpoline declaration (git-fixes).
- Refresh patches.suse/x86-Add-magic-AMD-return-thunk.patch.
- Refresh
patches.suse/x86-cpu-Fix-up-srso_safe_ret-and-__x86_return_thunk.patch.
- Refresh
patches.suse/x86-cpu-Rename-srso_-.-_alias-to-srso_alias_-1.patch.
- Refresh patches.suse/x86-retpoline-Use-mfunction-return.patch.
- Refresh
patches.suse/x86-retpoline-kprobes-Fix-position-of-thunk-sections-with-.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit 8b2413e
- netlink: make sure we allow at least one dump skb
(CVE-2025-38465 bsc#1247118).
- netlink: Fix rmem check in netlink_broadcast_deliver()
(CVE-2025-38465 bsc#1247118).
- netlink: Fix wraparounds of sk->sk_rmem_alloc (CVE-2025-38465
bsc#1247118).
- commit 0e7befb
- l2tp: convert l2tp_tunnel_list to idr (CVE-2023-53020 bsc#1240224).
Fix locking imbalance introduced by earlier backport.
(See bsc#1240224 comment 10.)
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
- commit e975b9c
- l2ip: fix possible use-after-free (CVE-2023-53020 bsc#1240224).
A prerequisity for a locking issue fix.
- commit c99f095
- x86/alternatives: Add an ALTERNATIVE_3() macro (git-fixes).
- commit 7cd3769
- x86/alternatives: Print containing function (git-fixes).
- commit 195541d
- x86/alternatives: Add macro comments (git-fixes).
- commit efb228e
- x86/alternative: Merge include files (git-fixes).
- Refresh
patches.suse/x86-lib-atomic64_386_32-rename-things.patch.
- Refresh
patches.suse/x86-srso-add-a-speculative-ras-overflow-mitigation.patch.
- commit d6a4cdb
- fs: prevent out-of-bounds array speculation when closing a
file descriptor (CVE-2023-53117 bsc#1242780).
- commit f9988ba
- update patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch
Fix locking imbalance in the backport, see bsc#1240224 comment 10.
- commit 5e477f0
- net/sched: sch_qfq: Avoid triggering might_sleep in atomic
context in qfq_delete_class (CVE-2025-38477 bsc#1247314).
- net/sched: Return NULL when htb_lookup_leaf encounters an
empty rbtree (CVE-2025-38468 bsc#1247437).
- net/sched: sch_qfq: Fix race condition on qfq_aggregate
(CVE-2025-38477 bsc#1247314).
- commit 7630d26
- x86/its: Enumerate Indirect Target Selection (ITS) bug (bsc#1242006 CVE-2024-28956).
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit 42eb2aa
- HID: intel-ish-hid: Fix use-after-free issue in
ishtp_hid_remove() (git-fixes CVE-2025-21928 bsc#1240722).
- commit 1ea59c1
- sched, cpuset: Fix dl_cpu_busy() panic due to empty
cs->cpus_allowed (CVE-2022-50103 bsc#1244840).
- commit 42c9f5e
- btrfs: harden block_group::bg_list against list_del() races (CVE-2025-37856 bsc#1243068)
- commit b816dc5
- crypto: lzo - Fix compression buffer overrun (CVE-2025-38068 bsc#1245210)
- commit 7609c8c
- KVM: x86: Reset IRTE to host control if *new* route isn't postable
(bsc#1242960 CVE-2025-37885).
- commit eff0d4a
- KVM: x86: Disable posted interrupts for non-standard IRQs delivery modes
(bsc#242960 CVE-2025-37885).
- commit b7ec59d
- kernel-syms.spec: Drop old rpm release number hack (bsc#1247172).
- commit b4fa2d1
- virtio-net: ensure the received length does not exceed allocated
size (CVE-2025-38375 bsc#1247177).
- commit e965903
- vsock/vmci: Clear the vmci transport packet properly when
initializing it (CVE-2025-38403 bsc#1247141).
- commit 42a6e1c
- wifi: carl9170: do not ping device which has failed to load
firmware (CVE-2025-38420 bsc#1247279).
- commit 77ff409
- crypto: qat - resolve race condition during AER recovery
(bsc#1223638 CVE-2024-26974).
- crypto: qat - fix double free during reset (bsc#1223638
CVE-2024-26974).
- commit 839d708
- Update
patches.suse/sch_hfsc-make-hfsc_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-38177 bsc#1245986).
- commit 9499075
- bdi: Fix up kabi for dev_name addition (bsc#1171844).
- bdi: add a ->dev_name field to struct backing_dev_info
(bsc#1171844).
- commit 2563dd2
- Squashfs: check return result of sb_min_blocksize (bsc#1247147
CVE-2025-38415).
- commit 83161f2
- RDMA/core: Always release restrack object (git-fixes)
- commit 1647262
- HID: core: ensure the allocated report buffer can contain the
reserved report ID (CVE-2025-38495 bsc#1247348).
- commit a99e88f
- HID: core: do not bypass hid_hw_raw_request (CVE-2025-38494
bsc#1247349).
- commit a6f63b8
- net/sched: Always pass notifications when child class becomes
empty (CVE-2025-38350 bsc#1246781).
- commit a358033
- usb: host: ohci-ppc-of: Fix refcount leak bug (CVE-2022-50033
bsc#1245139).
- commit 341200f
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent
kernel memory leak (CVE-2022-50226 bsc#1244860).
- commit aa9545e
- l2tp: Don't sleep and disable BH under writer-side
sk_callback_lock (git-fixes).
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- Refresh
patches.suse/l2tp-prevent-lockdep-issue-in-l2tp_tunnel_register.patch.
- commit eb080d7
- l2tp: fix a sock refcnt leak in l2tp_tunnel_register
(git-fixes).
- net: fix a concurrency bug in l2tp_tunnel_register()
(bsc#1205711 CVE-2022-4129).
- Refresh
patches.suse/l2tp-Serialize-access-to-sk_user_data-with-sk_callba.patch.
- Refresh
patches.suse/l2tp-close-all-race-conditions-in-l2tp_tunnel_regist.patch.
- commit 72fa3a1
- loop: Check for overflow while configuring loop (bsc#1245121
CVE-2022-49993).
- blacklist.conf: Remove commit from blacklist
- commit bb8ea17
- jbd2: fix data-race and null-ptr-deref in
jbd2_journal_dirty_metadata() (bsc#1246253 CVE-2025-38337).
- commit 3af075b
- ext4: inline: fix len overflow in ext4_prepare_inline_data
(bsc#1245976 CVE-2025-38222).
- commit 30045aa
- __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under
mount_lock (bsc#1245151 CVE-2025-38058).
- commit cc3f42a
- usb: typec: altmodes/displayport: do not index invalid
pin_assignments (CVE-2025-38391 bsc#1247181).
- commit de59e61
- scsi: core: Fix unremoved procfs host directory regression
(git-fixes).
- scsi: core: Fix a procfs host directory removal regression
(git-fixes CVE-2023-53118 bsc#1242365).
- commit 8e14770
- scsi: core: Fix a source code comment (git-fixes).
This isn't super useful per se, but makes applying other patches easier.
- commit a0df70c
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock
(CVE-2025-38117 bsc#1245695).
- commit 59a2ea0
- Refresh
patches.suse/can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_priv-ec.patch.
Fix the following warning:
drivers/net/can/dev.c: In function 'can_put_echo_skb':
drivers/net/can/dev.c:451:3: warning: 'return' with a value, in function returning void
- commit 3c66160
- kabi fix for perf/aux: Fix AUX buffer serialization
(bsc#1230581, CVE-2024-46713).
- perf/aux: Fix AUX buffer serialization (bsc#1230581,
CVE-2024-46713).
- commit a370cdb
- iommu/arm-smmu: fix possible null-ptr-deref in
arm_smmu_device_probe() (CVE-2022-49323 bsc#1238400).
- commit 1c0f036
- nvme-tcp: sanitize request list handling (CVE-2025-38264
bsc#1246387).
- commit eab9cf4
- iommu/arm-smmu-v3: check return value after calling
platform_get_resource() (CVE-2022-49319 bsc#1238374).
- commit d41ddd7
- RDMA/core: Update CMA destination address on rdma_resolve_addr (bsc#1210629 CVE-2023-2176)
- commit 45a243e
- Squashfs: check the inode number is not the invalid value of
zero (bsc#1223634 CVE-2024-26982).
- commit d6425c9
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211 bsc#1246008)
- commit e7cb52a
- rpm/kernel-subpackage-spec: Skip brp-strip-debug to avoid file truncation (bsc#1246879)
Put the same workaround to avoid file truncation of vmlinux and co in
kernel-default-base package, too.
- commit 2329734
- Bluetooth: Replace BT_DBG with bt_dev_dbg for management support
(CVE-2025-38117 bsc#1245695).
- Refresh
patches.suse/Bluetooth-MGMT-Fix-not-checking-if-BT_HS-is-enabled.patch.
- commit c096742
- Bluetooth: Fix spelling mistakes (CVE-2025-38117 bsc#1245695).
- commit 82a31bb
- rpm/kernel-binary.spec.in: Ignore return code from ksymtypes compare
When using suse-kabi-tools, the RPM build invokes 'ksymvers compare' to
compare the resulting symbol CRCs with the reference data. If the values
differ, it then invokes 'ksymtypes compare' to provide a detailed report
explaining why the symbols differ. The build expects the latter
'ksymtypes compare' command to always return zero, even if the two
compared kABI corpuses are different.
This is currently the case for 'ksymtypes compare'. However, I plan to
update the command to return a non-zero code when the comparison detects
any differences. This should ensure consistent behavior with 'ksymvers
compare'.
Since the build uses 'ksymtypes compare' only for more detailed
diagnostics, ignore its return code.
- commit 5ac1381
- net: atm: fix /proc/net/atm/lec handling (CVE-2025-38180
bsc#1245970).
- net: atm: add lec_mutex (CVE-2025-38323 bsc#1246473).
- net: atm: clean up a range check (CVE-2025-38323 bsc#1246473).
- commit 273d1a3
- Bluetooth: fix appearance typo in mgmt.c (CVE-2025-38117
bsc#1245695).
- commit 7c5fd29
- Bluetooth: mgmt: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit 27a3626
- Bluetooth: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit a97aa39
- Bluetooth: mgmt: Use struct_size() helper (CVE-2025-38117
bsc#1245695).
- commit e452cf2
- Bluetooth: Mark expected switch fall-throughs (CVE-2025-38117
bsc#1245695).
- commit 524b16d
- Refresh
patches.suse/ipv6-mcast-add-RCU-protection-to-mld_newpack.patch.
- commit b9c9349
- fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()
(CVE-2025-38312 bsc#1246386).
- commit aea2659
- kABI workaround for bluetooth hci_dev changes (CVE-2025-38250
bsc#1246182).
- commit 3a445ce
- Bluetooth: hci_core: Fix use-after-free in vhci_flush()
(CVE-2025-38250 bsc#1246182).
- commit 0b02672
- fbcon: Make sure modelist not set on unregistered console (bsc#1245952 CVE-2025-38198)
- commit f64b2f2
- serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
(CVE-2025-38040 bsc#1245078).
- kabi: serial: mctrl_gpio: split disable_ms into sync and
no_sync APIs (CVE-2025-38040 bsc#1245078).
- commit 3c2fda4
- btrfs: fix deadlock when cloning inline extents and using qgroups (CVE-2021-46987 bsc#1220704)
- commit 68d125c
- btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (CVE-2025-38034 bsc#1244792)
- commit c1bc05f
- btrfs: do not BUG_ON() when freeing tree block after error (CVE-2024-44963 1230216)
- commit c7b8e6b
- net_sched: red: fix a race in __red_change() (CVE-2025-38108
bsc#1245675).
- net: stmmac: make sure that ptp_rate is not 0 before configuring
timestamping (CVE-2025-38126 bsc#1245708).
- bpf: fix ktls panic with sockmap (CVE-2025-38166 bsc#1245758).
- commit 1452ad9
- perf: Fix sample vs do_exit() (bsc#1246547 CVE-2025-38424 bsc#1247293)
- commit 887b64f
- Update
patches.suse/net-clear-the-dst-when-changing-skb-protocol.patch
(bsc#1245954 CVE-2025-38192).
Fix incorrect CVE reference.
- commit 8a5f77c
- patches.suse/ext4-fix-warning-in-ext4_iomap_begin-as-race-begin-as-race-between.patch:
Remove the patch as it's not needed and is causing deadlocks
(bsc#1246459, bsc#1245115, CVE-2022-50082)
- commit fab7cb7
- net_sched: sch_sfq: reject invalid perturb period
(CVE-2025-38193 bsc#1245945).
- commit b90f28d
- ipc: fix to protect IPCS lookups using RCU (CVE-2025-38212
bsc#1246029).
- commit 3438ce5
- calipso: unlock rcu before returning -EAFNOSUPPORT
(CVE-2025-38147 bsc#1245768).
- calipso: Don't call calipso functions for AF_INET sk
(CVE-2025-38147 bsc#1245768).
- commit 6d3ad82
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw
(CVE-2025-38200 bsc#1246045).
- net: cadence: macb: Fix a possible deadlock in macb_halt_tx
(CVE-2025-38094 bsc#1245649).
- commit 3fe4112
- drm/amd/pp: Fix potential NULL pointer dereference in
atomctrl_initialize_mc_reg_table (CVE-2025-38319 bsc#1246243).
- commit 28370d4
- ALSA: usb-audio: Fix out-of-bounds read in
snd_usb_get_audioformat_uac3() (CVE-2025-38249 bsc#1246171).
- commit a7d7572
- iopoll: Introduce read_poll_timeout_atomic macro (CVE-2025-38094
bsc#1245649).
- net: cadence: Fix a sleep-in-atomic-context bug in
macb_halt_tx() (CVE-2025-38094 bsc#1245649).
- commit 94f52a4
- net: clear the dst when changing skb protocol (bsc#1245954
CVE-2024-49861).
- commit c3ead22
- wifi: ath9k_htc: Abort software beacon handling if disabled
(CVE-2025-38157 bsc#1245747).
- commit 2580def
- RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction (CVE-2025-38161 bsc#1245777)
- commit 884e454
- calipso: Fix null-ptr-deref in calipso_req_{set,del}attr()
(CVE-2025-38181 bsc#1246000).
- net_sched: sch_sfq: fix a potential crash on gso_skb handling
(CVE-2025-38115 bsc#1245689).
- commit 4ac1c90
- Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt
(bsc#1238160 CVE-2022-49138).
- commit a00d68a
- net: Fix TOCTOU issue in sk_is_readable() (CVE-2025-38112
bsc#1245668).
- commit 5d4114f
- Bluetooth: hci_event: Fix checking for invalid handle on error
status (bsc#1238160 CVE-2022-49138).
- commit c843371
- vgacon: Add check for vc_origin address range in vgacon_scroll()
(CVE-2025-38213 bsc#1246037).
- commit 22c4880
- ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105
bsc#1245682).
- commit 917cf9d
- wifi: mac80211: Fix UAF in ieee80211_scan_rx() (CVE-2022-49934
bsc#1245051).
- commit cf69513
- rpm/mkspec: Fix missing kernel-syms-rt creation (bsc#1244337)
- commit 630f139
- nbd: don't allow reconnect after disconnect (CVE-2025-21731 bsc#1237881).
- commit 8a4b419
- vhost-scsi: protect vq->log_used with vq->mutex (CVE-2025-38074
bsc#1244735).
- commit 18cd652
- Bluetooth: hci_event: Ignore multiple conn complete events
(bsc#1238160 CVE-2022-49138).
- commit a0784d3
- virtgpu: don't reset on shutdown (git-fixes).
- commit b2d9b68
- Refresh
patches.suse/kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch.
Fix NULL pointer deference leading to a kernel panic/oops (bsc#1245948).
- commit 7935351
- crypto: algif_hash - fix double free in hash_accept
(CVE-2025-38079 bsc#1245217).
- commit 288b933
- virtio: break and reset virtio devices on device_shutdown()
(CVE-2025-38064 bsc#1245201).
- commit 1ec66e0
- drm/amd/display: clear optc underflow before turn off odm clock (bsc#1245060 CVE-2022-49969)
- commit 360b84f
- can: dev: can_put_echo_skb(): don't crash kernel if
can_priv::echo_skb is accessed out of bounds (CVE-2023-52878
bsc#1225000).
- commit 71fb63a
- smb: client: Fix use-after-free in cifs_fill_dirent
(CVE-2025-38051 bsc#1244750).
- commit 1258b98
- cxl: Fix a memory leak in an error handling path (CVE-2022-50025
bsc#1245132).
- commit fe62ac8
- driver core: fix potential deadlock in __driver_attach
(CVE-2022-50149 bsc#1244883).
- commit 0cc27e4
- scsi: lpfc: Fix possible memory leak when failing to issue
CMF WQE (bsc#1245073 CVE-2022-50027).
- commit e689b05
- nvmet-tcp: don't restore null sk_state_change (bsc#1244801
CVE-2025-38035).
- commit eece831
- 9p/fd: fix issue of list_del corruption in p9_fd_cancel() (CVE-2022-49768 bsc#1242446).
- commit 29f06d8
- blk-mq: Fixup kABI due to added parameter to bio_merge
(bsc#1220631 CVE-2021-46984).
- commit de58150
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with
malformed user input (bsc#1245265 CVE-2022-50030).
- commit e1b77ba
- kyber: fix out of bounds access when preempted (CVE-2021-46984
bsc#1220631).
- blacklist.conf: Remove from blacklist
- Refresh patches.kabi/bfq_depth_updated-fix-kABI.patch
- commit 8efa3ed
- ext4: fix warning in ext4_iomap_begin as race between bmap
and write (bsc#1245115 CVE-2022-50082).
- commit 06b2a8c
- kABI workaround for xsk: Fix race condition in AF_XDP generic
RX path (CVE-2025-37920 bsc#1243479).
- commit cd1f0aa
- xsk: Fix race condition in AF_XDP generic RX path (bsc#1243479
CVE-2025-37920).
- commit 0e83480
- vt: Clear selection before changing the font (CVE-2022-49948
bsc#1245058).
- commit 3e5249e
- 9p: trans_fd/p9_conn_cancel: drop client lock earlier (CVE-2022-49768 bsc#1242446).
- commit 4d2a2e9
- net: pktgen: fix access outside of user given buffer in
pktgen_thread_write() (CVE-2025-38061 bsc#1245440).
- commit fb0f1a2
- net: vlan: don't propagate flags on open (CVE-2025-23163
bsc#1242837).
- commit d0e8595
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- scsi: storvsc: Don't report the host packet status as the hv status (git-fixes).
- commit adbc421
- kernel-obs-qa: Do not depend on srchash when qemu emulation is used
In this case the dependency is never fulfilled
Fixes: 485ae1da2b88 ("kernel-obs-qa: Use srchash for dependency as well")
- commit a840f87
- firmware: arm_scpi: Ensure scpi_info is not assigned if the
probe fails (CVE-2022-50087 bsc#1245119).
- commit ec5ba42
- Update
patches.suse/0001-drm-msm-mdp5-Fix-global-state-lock-backoff.patch
(bsc#1238275 CVE-2022-50173 bsc#1244992).
- Update
patches.suse/0005-video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch
(bsc#1154048 CVE-2022-50109 bsc#1244884).
- Update
patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch
(bsc#1154048 CVE-2022-50102 bsc#1244838).
- Update
patches.suse/0008-dm-thin-fix-use-after-free-crash-in-dm_sm_register_t.patch
(git-fixes CVE-2022-50092 bsc#1244848).
- Update
patches.suse/0008-video-fbdev-vt8623fb-Check-the-size-of-screen-before.patch
(bsc#1154048 CVE-2022-50101 bsc#1244839).
- Update
patches.suse/0009-video-fbdev-arkfb-Check-the-size-of-screen-before-me.patch
(bsc#1154048 CVE-2022-50099 bsc#1244842).
- Update
patches.suse/0010-dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
(git-fixes CVE-2022-50084 bsc#1245117).
- Update
patches.suse/0010-video-fbdev-s3fb-Check-the-size-of-screen-before-mem.patch
(bsc#1154048 CVE-2022-50097 bsc#1244845).
- Update
patches.suse/0011-dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
(git-fixes CVE-2022-50085 bsc#1245147).
- Update
patches.suse/0011-fbdev-fb_pm2fb-Avoid-potential-divide-by-zero-error.patch
(bsc#1154048 CVE-2022-49978 bsc#1245195).
- Update
patches.suse/0080-drivers-md-fix-a-potential-use-after-free-bug.patch
(git-fixes CVE-2022-50022 bsc#1245131).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch
(CVE-2023-1989 bsc#1210336 CVE-2023-53145 bsc#1243047
CVE-2023-53063 bsc#1242216).
- Update
patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch
(git-fixes CVE-2022-49954 bsc#1244976).
- Update
patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch
(git-fixes CVE-2022-50146 bsc#1244788).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662 CVE-2022-49936 bsc#1244984).
- Update
patches.suse/arm64-fix-oops-in-concurrently-setting-insn_emulation-sysctls.patch
(git-fixes CVE-2022-50206 bsc#1245152).
- Update
patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
(CVE-2022-1679 bsc#1199487 CVE-2022-50179 bsc#1244886).
- Update
patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch
(bsc#1212051 CVE-2023-3111 CVE-2022-50067 bsc#1245047).
- Update
patches.suse/cifs-fix-small-mempool-leak-in-SMB2_negotiate-.patch
(bsc#1190317 CVE-2022-49938 bsc#1244820).
- Update
patches.suse/ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
(bsc#1206878 CVE-2022-50083 bsc#1244968).
- Update
patches.suse/ext4-avoid-resizing-to-a-partial-cluster-size.patch
(bsc#1206880 CVE-2022-50020 bsc#1245129).
- Update
patches.suse/ftrace-Fix-NULL-pointer-dereference-in-is_ftrace_trampoline-when-ftrace-is-dead.patch
(git-fixes CVE-2022-49977 bsc#1244936).
- Update
patches.suse/iommu-vt-d-avoid-invalid-memory-access-via-node_online-NUMA_NO_N
(git-fixes CVE-2022-50093 bsc#1244849).
- Update
patches.suse/jbd2-fix-assertion-jh-b_frozen_data-NULL-failure-whe.patch
(bsc#1202716 CVE-2022-50126 bsc#1244813).
- Update patches.suse/kcm-fix-strp_init-order-and-cleanup.patch
(git-fixes CVE-2022-49957 bsc#1244966).
- Update
patches.suse/kprobes-don-t-call-disarm_kprobe-for-disabled-kprobes.patch
(git-fixes CVE-2022-50008 bsc#1245009).
- Update
patches.suse/locking-csd_lock-Change-csdlock_debug-from-early_par.patch
(git-fixes CVE-2022-50091 bsc#1244885).
- Update patches.suse/md-call-__md_stop_writes-in-md_stop.patch
(git-fixes CVE-2022-49987 bsc#1245024).
- Update patches.suse/md-raid10-fix-KASAN-warning.patch (git-fixes
CVE-2022-50211 bsc#1245140).
- Update
patches.suse/media-mceusb-Use-new-usb_control_msg_-routines.patch
(CVE-2022-3903 bsc#1205220 CVE-2022-49937 bsc#1245057).
- Update
patches.suse/msft-hv-2639-scsi-storvsc-Remove-WQ_MEM_RECLAIM-from-storvsc_erro.patch
(git-fixes CVE-2022-49986 bsc#1244948).
- Update
patches.suse/net-tap-NULL-pointer-derefence-in-dev_parse_header_p.patch
(git-fixes CVE-2022-50073 bsc#1244978).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch
(bsc#1202095 CVE-2022-2586 CVE-2022-50213 bsc#1244867).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(bsc#1242154 CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch
(bsc#1065729 CVE-2022-50012 bsc#1245125).
- Update patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch
(bsc#1065729 CVE-2022-50045 bsc#1244967).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch
(fate#322438 git-fixess CVE-2022-50104 bsc#1244836).
- Update
patches.suse/s390-fix-double-free-of-GS-and-RI-CBs-on-fork-failure
(bsc#1203254 LTC#199911 CVE-2022-49990 bsc#1245006).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-due-to-stale-SRB-access-aroun.patch
(bsc#1201958 CVE-2022-50098 bsc#1244841).
- Update
patches.suse/scsi-sg-Allow-waiting-for-commands-to-complete-on-removed-device.patch
(git-fixes CVE-2022-50215 bsc#1245138).
- Update
patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch
(git-fixes CVE-2022-50094 bsc#1244851).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch
(CVE-2022-4095 bsc#1205514 CVE-2022-49956 bsc#1244969).
- Update
patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch
(git-fixes CVE-2022-50153 bsc#1244786).
- Update
patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch
(git-fixes CVE-2022-50152 bsc#1244783).
- Update
patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch
(git-fixes CVE-2022-50220 bsc#1245348).
- Update
patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch
(git-fixes CVE-2022-50181 bsc#1244901).
- Update
patches.suse/virtio_net-fix-memory-leak-inside-XPD_TX-with-mergea.patch
(git-fixes CVE-2022-50065 bsc#1244986).
- commit 4b076ee
- selinux: Add boundary check in put_entry() (CVE-2022-50200
bsc#1245149).
- commit 90c9727
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (CVE-2022-50134 bsc#1244802)
- commit 544eb52
- tracing: Fix compilation warning on arm32 (bsc#1243551).
- commit f83d64b
- tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923
bsc#1243551).
- commit ab5c2ad
- net_sched: prio: fix a race in prio_tune() (CVE-2025-38083
bsc#1245183).
- commit 4ff0382
- tracing: Fix use-after-free in print_graph_function_flags
during tracer switching (CVE-2025-22035 bsc#1241544).
- commit 93e9f48
- iavf: Fix adminq error handling (CVE-2022-50055 bsc#1245039).
- commit cf4815a
- ftrace: Return the first found result in lookup_rec()
(bsc#1226837).
- commit 548c54e
- ftrace: Fix possible use-after-free issue in ftrace_location()
(CVE-2024-38588 bsc#1226837).
- ftrace: Fix possible warning on checking all pages used in
ftrace_process_locs() (bsc#1226837).
- blacklist.conf: Remove the commit
- ftrace: Separate out functionality from ftrace_location_range()
(bsc#1226837).
- ftrace: Zero out ftrace hashes when a module is removed (bsc#1226837).
- commit ca17def
- Check for losing the race against dp_altmode_probe
(CVE-2024-35790 bsc#1224712).
This is a nonstandard fix because the upstream fix
includes a cleanup that requires infrastructure
that breaks kABI by changing struct device_driver
- commit ffe9de9
- bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133 bsc#1242423)
- commit 4d2b740
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
(CVE-2025-37927 bsc#1243620).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (CVE-2025-37927
bsc#1243620).
- commit 3614667
- Remove host-memcpy-hack.h
This might have been usefult at some point but we have more things that
depend on specific library versions today.
- commit 0396c23
- Remove compress-vmlinux.sh
/usr/lib/rpm/brp-suse.d/brp-99-compress-vmlinux was added in
pesign-obs-integration during SLE12 RC. This workaround can be removed.
- commit 19caac0
- Remove try-disable-staging-driver
The config for linux-next is autogenerated from master config, and
defaults filled for missing options. This is unlikely to enable any
staging driver in the first place.
- commit a6f21ed
- scsi: target: Fix WRITE_SAME No Data Buffer crash
(CVE-2022-21546, bsc#1242243).
- commit 0b27e73
- kABI fix for net: xfrm: Localize sequence counter per network
namespace (CVE-2024-57982 bsc#1237913).
- commit e37d325
- xfrm: state: fix out-of-bounds read during lookup
(CVE-2024-57982 bsc#1237913).
- net: xfrm: Localize sequence counter per network namespace
(CVE-2024-57982 bsc#1237913).
- commit 03cb718
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CVE-2025-38024 bsc#1245025)
- commit 4f2eb61
- nfs: handle failure of nfs_get_lock_context in unlock path
(bsc#1245004 CVE-2025-38023).
- commit 1be83c3
- libnvdimm/labels: Fix divide error in nd_label_data_init()
(bsc#1244743, CVE-2025-38072).
- commit dacc95b
- scsi: target: tcm_loop: Fix possible name leak in
tcm_loop_setup_hba_bus() (CVE-2022-49780 bsc#1242262).
- commit 6710526
- Set CPUID_8000_0021_EAX to the right value (20)
This is the word in which individual feature flags are defined,
so the cpuid_leaf number must match.
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit c63ac04
- ALSA: pcm: Fix race of buffer access at PCM OSS layer
(CVE-2025-38078 bsc#1244737).
- commit 7c6d995
- Move upstreamed sound patch into sorted section
- commit 4436fa8
- packaging: Add support for suse-kabi-tools
The current workflow to check kABI stability during the RPM build of SUSE
kernels consists of the following steps:
* The downstream script rpm/modversions unpacks the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and creates
individual symref files.
* The build performs a regular kernel make. During this operation, genksyms
is invoked for each source file. The tool determines type signatures of
all exports within the file, reports any differences compared to the
associated symref reference, calculates symbol CRCs from the signatures
and writes new type data into a symtypes file.
* The script rpm/modversions is invoked again, this time it packs all new
symtypes files to a consolidated kABI file.
* The downstream script rpm/kabi.pl checks symbol CRCs in the new build and
compares them to a reference from kabi/<arch>/symvers-<flavor>, taking
kabi/severities into account.
suse-kabi-tools is a new set of tools to improve the kABI checking process.
The suite includes two tools, ksymtypes and ksymvers, which replace the
existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison
functionality previously provided by genksyms. The tools have their own
source repository and package.
The tools provide faster operation and more detailed, unified output. In
addition, they allow the use of the new upstream tool gendwarfksyms, which
lacks any built-in comparison functionality.
The updated workflow is as follows:
* The build performs a regular kernel make. During this operation, genksyms
(gendwarfksyms) is invoked as usual, determinining signatures and CRCs of
all exports and writing the type data to symtypes files. However,
genksyms no longer performs any comparison.
* 'ksymtypes consolidate' packs all new symtypes files to a consolidated
kABI file.
* 'ksymvers compare' checks symbol CRCs in the new build and compares them
to a reference from kabi/<arch>/symvers-<flavor>, taking kabi/severities
into account. The tool writes its result in a human-readable form on
standard output and also writes a list of all changed exports (not
ignored by kabi/severities) to the changed-exports file.
* 'ksymtypes compare' takes the changed-exports file, the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and the new
consolidated data. Based on this data, it produces a detailed report
explaining why the symbols changed.
The patch enables the use of suse-kabi-tools via rpm/config.sh, providing
explicit control to each branch. To enable the support, set
USE_SUSE_KABI_TOOLS=Yes in the config file.
- commit a2c6f89
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit c88f971
- kernel-source: Remove log.sh from sources
- commit 96bd779
- media: pvrusb2: fix uaf in pvr2_context_set_notify
(CVE-2024-26875 bsc#1223118).
- commit 9270436
- drm/amdkfd: Fix an illegal memory access (CVE-2023-53090
bsc#1242753).
- commit 8280475
- can: bcm: add locking for bcm_op runtime updates (CVE-2025-38004
bsc#1244274).
- commit 27f3405
- scsi: drivers: base: Propagate errors through the transport component (bsc#1242548)
- commit 19a4dc6
- scsi: drivers: base: Support atomic version of attribute_container_device_trigger (bsc#1242548)
- commit 250283f
- sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (CVE-2025-38000 bsc#1244277).
- commit 8634486
- net_sched: Flush gso_skb list too during ->change()
(CVE-2025-37992 bsc#1243698).
- ipvs: fix uninit-value for saddr in do_output_route4
(CVE-2025-37961 bsc#1243523).
- net: tls: explicitly disallow disconnect (CVE-2025-37756
bsc#1242515).
- net_sched: Prevent creation of classes with TC_H_ROOT
(CVE-2025-21971 bsc#1240799).
- vlan: enforce underlying device type (CVE-2025-21920
bsc#1240686).
- kcm: close race conditions on sk_receive_queue (CVE-2022-49814
bsc#1242498).
- wifi: cfg80211: fix memory leak in query_regdb_file()
(CVE-2022-49881 bsc#1242481).
- ipvs: fix WARNING in ip_vs_app_net_cleanup() (CVE-2022-49917
bsc#1242406).
- commit 225b1ce
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- commit 619fd3b
- netfilter: bridge: replace physindev with physinif in
nf_bridge_info (CVE-2024-35839 bsc#1224726).
- Refresh patches.kabi/kabi-add-__nf_bridge_get_physindev-for-kabi.patch.
- commit ec55ccf
- kabi: add __nf_bridge_get_physindev() for kabi
(bsc#1224726,CVE-2024-35839).
- commit 8066fc3
- tipc: fix memory leak in tipc_link_xmit (CVE-2025-37757 bsc#1242521)
- commit ca38369
- net: sched: Fix use after free in red_enqueue() (CVE-2022-49921 bsc#1242359)
- commit 91e83c2
- netfilter: propagate net to nf_bridge_get_physindev
(CVE-2024-35839 bsc#1224726).
- Refresh patches.kabi/kabi-add-__nf_queue_get_refs-for-kabi-compliance.patch.
- commit 3ffae8c
- serial: core: fix transmit-buffer reset and memleak (bsc#1227768
CVE-2021-47527).
- commit 1772922
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
(CVE-2025-37911 bsc#1243469).
- mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586
bsc#1220243).
- net/mlx5: Update error handler for UCTX and UMEM (CVE-2021-47212
bsc#1222709).
- commit 5027586
- module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995 bsc#1243827)
- commit 31568b0
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- commit 7c95ae0
- Refresh
patches.suse/kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch.
Fix the kernel Oops (bsc#1244317)
- commit 6a26caf
- mnt: fix __detach_mounts infinite loop (bsc#1242140).
- commit 973877c
- MyBS: Do not build kernel-obs-qa with limit_packages
Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- commit f4c6047
- MyBS: Simplify qa_expr generation
Start with a 0 which makes the expression valid even if there are no QA
repositories (currently does not happen). Then separator is always
needed.
- commit e4c2851
- MyBS: Correctly generate build flags for non-multibuild package limit
(bsc# 1244241)
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- commit 27588c9
- bs-upload-kernel: Pass limit_packages also on multibuild
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- commit 8ef486c
- ftrace: Avoid potential division by zero in function_stat_show()
(CVE-2025-21898 bsc#1240610).
- commit f3b653b
- kABI: workaround "bpf: Prevent bpf program recursion for raw
tracepoint probes" changes (bsc#1242301 CVE-2022-49764).
- commit 06373a9
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
(CVE-2024-26825 bsc#1223065).
- commit e2bddb4
- ptp: Fix possible memory leak in ptp_clock_register()
(CVE-2021-47455 bsc#1225254).
- Refresh patches.kabi/ptp_clock-kABI-workaround.patch.
- commit e9de86b
- RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872 bsc#1223115)
- commit cad3736
- driver core: fix potential NULL pointer dereference in
dev_uevent() (CVE-2025-37800 bsc#1242849).
- driver core: introduce device_set_driver() helper
(CVE-2025-37800 bsc#1242849).
- commit f8f225c
- Drop rejected CVE fix for driver core
Delete
patches.suse/driver-core-Fix-uevent_show-vs-driver-detach-race.patch
as it was reverted in the upstream (and CVE was rejected).
Another form of the fix will follow.
- commit c791e65
- kernel-source: Do not use multiple -r in sed parameters
This usage is enabled in commit b18d64d
(sed: allow multiple (non-conflicting) -E/-r parameters, 2016-07-31)
only available since sed 4.3
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit 91ad98e
- block: fix resource leak in blk_register_queue() error path (CVE-2025-37980 bsc#1243522)
- commit 65b2595
- openvswitch: Fix unsafe attribute parsing in output_userspace() (CVE-2025-37998 bsc#1243836)
- commit 1de5c37
- dm-bufio: don't schedule in atomic context (CVE-2025-37928 bsc#1243621)
- commit 8d6e517
- mtd: inftlcore: Add error check for inftl_read_oob() (CVE-2025-37892 bsc#1243536)
- commit 54793bb
- wifi: wl1251: fix memory leak in wl1251_tx_work (CVE-2025-37982 bsc#1243524)
- commit 9ed11b8
- netfilter: nf_tables: fix crash when nf_trace is enabled
(git-fixes CVE-2022-49622 bsc#1239042).
- commit 1ebebaa
- netfilter: nf_tables: avoid skb access on nf_stolen
(CVE-2022-49622 bsc#1239042).
- commit 3d1f851
- netfilter: nf_tables: consolidate rule verdict trace call (bsc#1239042).
- commit a2784df
- netfilter: nf_tables: remove old nf_log based tracing (bsc#1239042).
- Refresh
patches.suse/netfilter-nf_tables-check-the-result-of-dereferencin.patch.
- Refresh
patches.suse/netfilter-nf_tables-use-WARN_ON_ONCE-instead-of-BUG_.patch.
- commit c5a2d73
- KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167 CVE-2022-49154).
- commit 930b864
- Update tags in
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch
(bsc#1208542 CVE-2023-53081 bsc#1242281).
- commit 54cff45
- ext4: update s_journal_inum if it changes after journal replay
(bsc#1242767 CVE-2023-53091).
- commit 36a043e
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1242733 CVE-2022-49879).
- commit dfbcdb4
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500 CVE-2023-52500).
- commit 8a3dd0b
- ata: libata-core: fix NULL pointer deref in
ata_host_alloc_pinfo() (bsc#1239071 CVE-2022-49731).
- commit f8e7ddf
- l2tp: fix lockdep splat (CVE-2023-53020 bsc#1240224).
- l2tp: Avoid possible recursive deadlock in
l2tp_tunnel_register() (CVE-2023-53020 bsc#1240224).
- l2tp: prevent lockdep issue in l2tp_tunnel_register()
(CVE-2023-53020 bsc#1240224).
- l2tp: close all race conditions in l2tp_tunnel_register()
(CVE-2023-53020 bsc#1240224).
- blacklist.conf: remove 0b2c59720e65885a394a017d0cf9cab118914682
it is a bit unclear why it was there but it should not be there any more
- l2tp: define helper for parsing struct sockaddr_pppol2tp*
(CVE-2023-53020 bsc#1240224).
- commit 6df99cf
- Fix bug reference in patches.suse/net_sched-sch_sfq-use-a-temporary-work-area-for-vali.patch (bsc#1242504)
- commit 14f3c70
- python3
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- python36
-
- Add CVE-2025-8194-tarfile-no-neg-offsets.patch which now
validates archives to ensure member offsets are non-negative
(gh#python/cpython#130577, CVE-2025-8194, bsc#1247249).
- Add CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138,
CVE-2024-12718, CVE-2025-4435 on tarfile (bsc#1244032,
bsc#1244061, bsc#1244059, bsc#1244060, bsc#1244056).
The backported fixes do not contain changes for ntpath.py and
related tests, because the support for symlinks and junctions
were added later in Python 3.9, and it does not make sense to
backport them to 3.6 here.
The patch is contains the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
migration, bsc#1233012
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Update CVE-2025-4516-DecodeError-handler.patch not to break
_PyBytes_DecodeEscape signature.
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- cloud-regionsrv-client
-
- Update version to 10.5.2 (bsc#1247539)
+ When an instance fails verification server side the default credentials
were left behind requireing manual intervantion prior to the next
registration attempt.
+ Fix issue triggered when using instance-billing-flavor-check due to
IP address handling as object rather than string introduced 10.5.0
- Update version to 10.5.1
+ Fix issue with picking up configured server names from the
regionsrv config file. Previously only IP addresses were collected
+ Update scriptlet for package uninstall to avoid issues in the
build service
- Update version to 10.5.0
+ Use region server IP addresses to determine Internet access rather
than a generic address. Region server IP addresses may not be blocked
in the network construct. (bsc#1245305)
- cairo
-
- Add cairo-CVE-2025-50422.patch:
Backport from William Bader's request 621, Fix NULL access
in active_edges_to_traps().
https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/621/diffs
https://gitlab.freedesktop.org/williamb/cairo/-/commit/b5752618
(CVE-2025-50422, bsc#1247589)
- Add cairo-CVE-2019-6461.patch:
Avoid assert when drawing arcs with NaN angles.
(bsc#1122338 CVE_2019-6461 glfo@cairo/cairo#352)
- tiff
-
- security update:
* CVE-2025-8961 [bsc#1248117]
Fix segmentation fault via main function of tiffcrop utility
+ tiff-CVE-2025-8961.patch
- security update:
* CVE-2025-8534 [bsc#1247582]
Fix null pointer dereference in function PS_Lvl2page
+ tiff-CVE-2025-8534.patch
* CVE-2025-9165 [bsc#1248330]
Fix local execution manipulation can lead to memory leak
+ tiff-CVE-2025-9165.patch
- security update:
* CVE-2025-8176 [bsc#1247108]
Fix heap use-after-free in tools/tiffmedian.c
+ tiff-CVE-2025-8176.patch
* CVE-2025-8177 [bsc#1247106]
Fix possible buffer overflow in tools/thumbnail.c:setrow()
+ tiff-CVE-2025-8177.patch
- pam
-
- Make sure that the buffer containing encrypted passwords get's erased
bedore free.
- Replace to previous CVE fix which led to CPU performance issues.
[bsc#1246221, CVE-2024-10041,
+ libpam-introduce-secure-memory-erasure-helpers.patch,
+ pam_modutil_get-overwrite-password-at-free.patch,
- passverify-always-run-the-helper-to-obtain-shadow_pwd.patch,
- pam_unix-arbitrary-upper-limit-for-MAX_FD_NO.patch]
- pam_unix: Set an arbitrary upper limit for the maximum file descriptor number
[pam_unix-arbitrary-upper-limit-for-MAX_FD_NO.patch, bsc#1246221]
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
- google-guest-oslogin
-
- Cherry-pick dont-retry-bad-requests.patch to stop retrying bad
requests causing timeouts during container startup (bsc#1243992)
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch