- python-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- gnutls
-
- Fix 1-byte heap buffer overflow when parsing templates with certtool
[bsc#1246267, CVE-2025-32990]
* Add patch gnutls-CVE-2025-32990.patch
- mozilla-nspr
-
- update to version 4.36
* remove support for OS/2
* remove support for Unixware, Bsdi, old AIX, old HPUX9 & scoos
* remove support for Windows 16 bit
* renamed the prwin16.h header to prwin.h
* configure was updated from 2.69 to 2.71
* various build, test and automation script fixes
* major parts of the source code were reformatted
- python
-
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- apparmor
-
- Add dac_read_search capability for unix_chkpwd to allow it to read the shadow
file even if it has 000 permissions. This is needed after the CVE-2024-10041
fix in PAM.
* unix-chkpwd-add-read-capability.path, bsc#1241678
- libxml2
-
- security update
- added patches
CVE-2025-7425 [bsc#1246296], Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr
+ libxml2-CVE-2025-7425.patch
- security update
- added patches
CVE-2025-49794 [bsc#1244554], heap use after free (UAF) can lead to Denial of service (DoS)
CVE-2025-49796 [bsc#1244557], type confusion may lead to Denial of service (DoS)
+ libxml2-CVE-2025-49794,49796.patch
- security update
- added patches
CVE-2025-6170 [bsc#1244700], stack buffer overflow may lead to a crash
CVE-2025-6021 [bsc#1244580], Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
+ libxml2-CVE-2025-6170,6021.patch
- freetype2
-
- Added patch:
* CVE-2025-23022.patch
+ fixes bsc#1235670, CVE-2025-23022: signed integer overflow in
cf2_doFlex in cff/cf2intrp.c
+ also fixes an overflow in cf2_hintmap_insertHint in
src/cff/cf2hints.c
+ it is a backport of upstream commits e66d7300 and 3802ca8b
- icu
-
- Add icu-CVE-2025-5222.patch:
Backport 2c667e3 from upstream, ICU-22973 Fix buffer overflow by
using CharString.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim06_9e4365c.patch
Backport 9e4365c from upstream, ICU-10810 genrb: preflight strings
on final parse tree, not while building the tree. To prepare
dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim05_7496867.patch:
Backport 7496867 from markusicu upstream, which is tree merged to
icu. ICU-9101 build all source/data/coll/ tailorings, except
search, with new CollationBuilder. To prepare dependence code for
CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim04_8067293.patch:
Backport 8067293 from upstream, ICU-10043 ignore the genrb
- -omitCollationRules flag while importing rules. To prepare
dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim03-dd72356.patch:
Backport dd72356 from upstream, ICU-11276 Adding UChar* method in
CharString. To prepare dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim02_80a6684.patch:
Backport 80a6684 from upstream, ICU-11794 change error handling
of CharString::appendInvariantChars(). To prepare dependence code
for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- Add icu-CVE-2025-5222-shim01.patch:
Include stringpiece.h charstr.h for following source porting. To
prepare dependence code for CVE-2025-5222 fix.
(CVE-2025-5222, bsc#1243721)
- pam
-
- pam_unix: Set an arbitrary upper limit for the maximum file descriptor number
[pam_unix-arbitrary-upper-limit-for-MAX_FD_NO.patch, bsc#1246221]
- pam_namespace: convert functions that may operate on a user-controlled path
to operate on file descriptors instead of absolute path. And keep the
bind-mount protection from protect_mount() as a defense in depthmeasure.
[bsc#1244509
pam_inline-introduce-pam_asprintf-pam_snprintf-and-p.patch,
pam_namespace-fix-potential-privilege-escalation.patch,
pam_namespace-add-flags-to-indicate-path-safety.patch,
pam_namespace-secure_opendir-do-not-look-at-the-grou.patch]
- pam_namespace-fix-potential-privilege-escalation.patch adapted and includes
changes from upstream commits: ds6242a, bc856cd.
* pam_namespace fix logic in return value handling
* pam_namespace move functions around
- pam_env: Change the default to not read the user .pam_environment file
[bsc#1243226, CVE-2025-6018,
pam_env-change-the-default-to-not-read-the-user-env.patch]
- openssh
-
- Add openssh-bsc1232533-big-motd-failure.patch (bsc#1232533),
fixing failures with very large MOTDs. Thanks to Ali Abdallah
<ali.abdallah@suse.com>.
- iputils
-
- Security fix [bsc#1243772, CVE-2025-48964]
* Fix integer overflow in ping statistics via zero timestamp
* Add iputils-CVE-2025-48964_01.patch
* Add iputils-CVE-2025-48964_02.patch
- Security fix [bsc#1242300, CVE-2025-47268]
* integer overflow in RTT calculation can lead to undefined behavior
* Add iputils-CVE-2025-47268.patch
- libxslt
-
- Security fixes:
* Fix use-after-free of XPath context node [bsc#1239625, CVE-2025-24855]
* Fix UAF related to excluded namespaces [bsc#1239637, CVE-2024-55549]
* Add patches:
- libxslt-CVE-2024-55549.patch
- libxslt-CVE-2025-24855.patch
- grub2
-
- Fix page fault due to stricter memory permissions in shim 15.8 with later
ovmf built from edk2-stable202502 (bsc#1240771)
* 0001-efi-refactor-grub_efi_allocate_pages.patch
* 0002-Remove-grub_efi_allocate_pages.patch
* 0003-efi-change-heap-allocation-type-to-GRUB_EFI_LOADER_C.patch
* 0004-arm64-efi-move-EFI_PAGE-definitions-to-efi-memory.h.patch
* 0005-mkimage-Align-efi-sections-on-4k-boundary.patch
- polkit
-
- CVE-2025-7519: Fixed that a XML policy file with a large number of
nested elements may lead to out-of-bounds write (bsc#1246472)
added 0001-Nested-.policy-files-cause-xml-parsing-overflow-lead.patch
- ca-certificates-mozilla
-
- Fix awk to compare (missing a =) and give the following output:
[#] NSS_BUILTINS_LIBRARY_VERSION "2.74"
- pass file argument to awk (bsc#1240009)
- update to 2.74 state of Mozilla SSL root CAs:
Removed:
* SwissSign Silver CA - G2
Added:
* D-TRUST BR Root CA 2 2023
* D-TRUST EV Root CA 2 2023
- remove extensive signature printing in comments of the cert
bundle
- Define two macros to break a build cycle with p11-kit.
- Updated to 2.72 state of Mozilla SSL root CAs (bsc#1234798)
Removed:
- SecureSign RootCA11
- Security Communication RootCA3
Added:
- TWCA CYBER Root CA
- TWCA Global Root CA G2
- SecureSign Root CA12
- SecureSign Root CA14
- SecureSign Root CA15
- samba
-
- Windows security hardening locks out schannel'ed netlogon dc
calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876).
- Update shipped /etc/samba/smb.conf to point to smb.conf
man page;(bsc#1233880).
- wget
-
- Drop support for shorthand URLs
* Breaking change to fix CVE-2024-10524.
[+ drop-support-for-shorthand-URLs.patch, bsc#1233773]
- suse-build-key
-
- add and run a import-suse-build-key script, which will be run
after installation using a systemd timer. (jsc#PED-2777)
- kernel-default
-
- Refresh
patches.suse/kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch.
Fix NULL pointer deference leading to a kernel panic/oops (bsc#1245948).
- commit 7935351
- net: pktgen: fix access outside of user given buffer in
pktgen_thread_write() (CVE-2025-38061 bsc#1245440).
- commit fb0f1a2
- scsi: storvsc: Increase the timeouts to storvsc_timeout (bsc#1245455).
- scsi: storvsc: Don't report the host packet status as the hv status (git-fixes).
- commit adbc421
- firmware: arm_scpi: Ensure scpi_info is not assigned if the
probe fails (CVE-2022-50087 bsc#1245119).
- commit ec5ba42
- Update
patches.suse/0001-drm-msm-mdp5-Fix-global-state-lock-backoff.patch
(bsc#1238275 CVE-2022-50173 bsc#1244992).
- Update
patches.suse/0005-video-fbdev-amba-clcd-Fix-refcount-leak-bugs.patch
(bsc#1154048 CVE-2022-50109 bsc#1244884).
- Update
patches.suse/0007-video-fbdev-arkfb-Fix-a-divide-by-zero-bug-in-ark_se.patch
(bsc#1154048 CVE-2022-50102 bsc#1244838).
- Update
patches.suse/0008-dm-thin-fix-use-after-free-crash-in-dm_sm_register_t.patch
(git-fixes CVE-2022-50092 bsc#1244848).
- Update
patches.suse/0008-video-fbdev-vt8623fb-Check-the-size-of-screen-before.patch
(bsc#1154048 CVE-2022-50101 bsc#1244839).
- Update
patches.suse/0009-video-fbdev-arkfb-Check-the-size-of-screen-before-me.patch
(bsc#1154048 CVE-2022-50099 bsc#1244842).
- Update
patches.suse/0010-dm-raid-fix-address-sanitizer-warning-in-raid_status.patch
(git-fixes CVE-2022-50084 bsc#1245117).
- Update
patches.suse/0010-video-fbdev-s3fb-Check-the-size-of-screen-before-mem.patch
(bsc#1154048 CVE-2022-50097 bsc#1244845).
- Update
patches.suse/0011-dm-raid-fix-address-sanitizer-warning-in-raid_resume.patch
(git-fixes CVE-2022-50085 bsc#1245147).
- Update
patches.suse/0011-fbdev-fb_pm2fb-Avoid-potential-divide-by-zero-error.patch
(bsc#1154048 CVE-2022-49978 bsc#1245195).
- Update
patches.suse/0080-drivers-md-fix-a-potential-use-after-free-bug.patch
(git-fixes CVE-2022-50022 bsc#1245131).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch
(CVE-2023-1989 bsc#1210336 CVE-2023-53145 bsc#1243047
CVE-2023-53063 bsc#1242216).
- Update
patches.suse/Input-iforce-wake-up-after-clearing-IFORCE_XMIT_RUNN.patch
(git-fixes CVE-2022-49954 bsc#1244976).
- Update
patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch
(git-fixes CVE-2022-50146 bsc#1244788).
- Update
patches.suse/USB-core-Prevent-nested-device-reset-calls.patch
(bsc#1206664 CVE-2022-4662 CVE-2022-49936 bsc#1244984).
- Update
patches.suse/arm64-fix-oops-in-concurrently-setting-insn_emulation-sysctls.patch
(git-fixes CVE-2022-50206 bsc#1245152).
- Update
patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch
(CVE-2022-1679 bsc#1199487 CVE-2022-50179 bsc#1244886).
- Update
patches.suse/btrfs-unset-reloc-control-if-transaction-commit-fail.patch
(bsc#1212051 CVE-2023-3111 CVE-2022-50067 bsc#1245047).
- Update
patches.suse/cifs-fix-small-mempool-leak-in-SMB2_negotiate-.patch
(bsc#1190317 CVE-2022-49938 bsc#1244820).
- Update
patches.suse/ext4-add-EXT4_INODE_HAS_XATTR_SPACE-macro-in-xattr.h.patch
(bsc#1206878 CVE-2022-50083 bsc#1244968).
- Update
patches.suse/ext4-avoid-resizing-to-a-partial-cluster-size.patch
(bsc#1206880 CVE-2022-50020 bsc#1245129).
- Update
patches.suse/ftrace-Fix-NULL-pointer-dereference-in-is_ftrace_trampoline-when-ftrace-is-dead.patch
(git-fixes CVE-2022-49977 bsc#1244936).
- Update
patches.suse/iommu-vt-d-avoid-invalid-memory-access-via-node_online-NUMA_NO_N
(git-fixes CVE-2022-50093 bsc#1244849).
- Update
patches.suse/jbd2-fix-assertion-jh-b_frozen_data-NULL-failure-whe.patch
(bsc#1202716 CVE-2022-50126 bsc#1244813).
- Update patches.suse/kcm-fix-strp_init-order-and-cleanup.patch
(git-fixes CVE-2022-49957 bsc#1244966).
- Update
patches.suse/kprobes-don-t-call-disarm_kprobe-for-disabled-kprobes.patch
(git-fixes CVE-2022-50008 bsc#1245009).
- Update
patches.suse/locking-csd_lock-Change-csdlock_debug-from-early_par.patch
(git-fixes CVE-2022-50091 bsc#1244885).
- Update patches.suse/md-call-__md_stop_writes-in-md_stop.patch
(git-fixes CVE-2022-49987 bsc#1245024).
- Update patches.suse/md-raid10-fix-KASAN-warning.patch (git-fixes
CVE-2022-50211 bsc#1245140).
- Update
patches.suse/media-mceusb-Use-new-usb_control_msg_-routines.patch
(CVE-2022-3903 bsc#1205220 CVE-2022-49937 bsc#1245057).
- Update
patches.suse/msft-hv-2639-scsi-storvsc-Remove-WQ_MEM_RECLAIM-from-storvsc_erro.patch
(git-fixes CVE-2022-49986 bsc#1244948).
- Update
patches.suse/net-tap-NULL-pointer-derefence-in-dev_parse_header_p.patch
(git-fixes CVE-2022-50073 bsc#1244978).
- Update
patches.suse/netfilter-nf_tables-do-not-allow-SET_ID-to-refer-to-.patch
(bsc#1202095 CVE-2022-2586 CVE-2022-50213 bsc#1244867).
- Update
patches.suse/pinctrl-devicetree-fix-refcount-leak-in-pinctrl_dt_t.patch
(bsc#1242154 CVE-2024-36959 bsc#1225839).
- Update
patches.suse/powerpc-64-Init-jump-labels-before-parse_early_param.patch
(bsc#1065729 CVE-2022-50012 bsc#1245125).
- Update patches.suse/powerpc-pci-Fix-get_phb_number-locking.patch
(bsc#1065729 CVE-2022-50045 bsc#1244967).
- Update
patches.suse/powerpc-xive-Fix-refcount-leak-in-xive_get_max_prio.patch
(fate#322438 git-fixess CVE-2022-50104 bsc#1244836).
- Update
patches.suse/s390-fix-double-free-of-GS-and-RI-CBs-on-fork-failure
(bsc#1203254 LTC#199911 CVE-2022-49990 bsc#1245006).
- Update
patches.suse/scsi-qla2xxx-Fix-crash-due-to-stale-SRB-access-aroun.patch
(bsc#1201958 CVE-2022-50098 bsc#1244841).
- Update
patches.suse/scsi-sg-Allow-waiting-for-commands-to-complete-on-removed-device.patch
(git-fixes CVE-2022-50215 bsc#1245138).
- Update
patches.suse/spmi-trace-fix-stack-out-of-bound-access-in-SPMI-tracing-functions.patch
(git-fixes CVE-2022-50094 bsc#1244851).
- Update
patches.suse/staging-rtl8712-fix-use-after-free-bugs.patch
(CVE-2022-4095 bsc#1205514 CVE-2022-49956 bsc#1244969).
- Update
patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch
(git-fixes CVE-2022-50153 bsc#1244786).
- Update
patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch
(git-fixes CVE-2022-50152 bsc#1244783).
- Update
patches.suse/usbnet-Fix-linkwatch-use-after-free-on-disconnect.patch
(git-fixes CVE-2022-50220 bsc#1245348).
- Update
patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch
(git-fixes CVE-2022-50181 bsc#1244901).
- Update
patches.suse/virtio_net-fix-memory-leak-inside-XPD_TX-with-mergea.patch
(git-fixes CVE-2022-50065 bsc#1244986).
- commit 4b076ee
- selinux: Add boundary check in put_entry() (CVE-2022-50200
bsc#1245149).
- commit 90c9727
- RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (CVE-2022-50134 bsc#1244802)
- commit 544eb52
- tracing: Fix compilation warning on arm32 (bsc#1243551).
- commit f83d64b
- tracing: Fix oob write in trace_seq_to_buffer() (CVE-2025-37923
bsc#1243551).
- commit ab5c2ad
- net_sched: prio: fix a race in prio_tune() (CVE-2025-38083
bsc#1245183).
- commit 4ff0382
- tracing: Fix use-after-free in print_graph_function_flags
during tracer switching (CVE-2025-22035 bsc#1241544).
- commit 93e9f48
- iavf: Fix adminq error handling (CVE-2022-50055 bsc#1245039).
- commit cf4815a
- ftrace: Return the first found result in lookup_rec()
(bsc#1226837).
- commit 548c54e
- ftrace: Fix possible use-after-free issue in ftrace_location()
(CVE-2024-38588 bsc#1226837).
- ftrace: Fix possible warning on checking all pages used in
ftrace_process_locs() (bsc#1226837).
- blacklist.conf: Remove the commit
- ftrace: Separate out functionality from ftrace_location_range()
(bsc#1226837).
- ftrace: Zero out ftrace hashes when a module is removed (bsc#1226837).
- commit ca17def
- Check for losing the race against dp_altmode_probe
(CVE-2024-35790 bsc#1224712).
This is a nonstandard fix because the upstream fix
includes a cleanup that requires infrastructure
that breaks kABI by changing struct device_driver
- commit ffe9de9
- bpf, sockmap: Fix an infinite loop error when len is 0 in tcp_bpf_recvmsg_parser() (CVE-2023-53133 bsc#1242423)
- commit 4d2b740
- iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid
(CVE-2025-37927 bsc#1243620).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (CVE-2025-37927
bsc#1243620).
- commit 3614667
- scsi: target: Fix WRITE_SAME No Data Buffer crash
(CVE-2022-21546, bsc#1242243).
- commit 0b27e73
- kABI fix for net: xfrm: Localize sequence counter per network
namespace (CVE-2024-57982 bsc#1237913).
- commit e37d325
- xfrm: state: fix out-of-bounds read during lookup
(CVE-2024-57982 bsc#1237913).
- net: xfrm: Localize sequence counter per network namespace
(CVE-2024-57982 bsc#1237913).
- commit 03cb718
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CVE-2025-38024 bsc#1245025)
- commit 4f2eb61
- nfs: handle failure of nfs_get_lock_context in unlock path
(bsc#1245004 CVE-2025-38023).
- commit 1be83c3
- libnvdimm/labels: Fix divide error in nd_label_data_init()
(bsc#1244743, CVE-2025-38072).
- commit dacc95b
- scsi: target: tcm_loop: Fix possible name leak in
tcm_loop_setup_hba_bus() (CVE-2022-49780 bsc#1242262).
- commit 6710526
- Set CPUID_8000_0021_EAX to the right value (20)
This is the word in which individual feature flags are defined,
so the cpuid_leaf number must match.
- Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- Refresh
patches.suse/x86-bhi-Add-support-for-clearing-branch-history-at-syscall.patch.
- Refresh
patches.suse/x86-cpufeature-Add-missing-leaf-enumeration.patch.
- commit c63ac04
- ALSA: pcm: Fix race of buffer access at PCM OSS layer
(CVE-2025-38078 bsc#1244737).
- commit 7c6d995
- Move upstreamed sound patch into sorted section
- commit 4436fa8
- packaging: Add support for suse-kabi-tools
The current workflow to check kABI stability during the RPM build of SUSE
kernels consists of the following steps:
* The downstream script rpm/modversions unpacks the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and creates
individual symref files.
* The build performs a regular kernel make. During this operation, genksyms
is invoked for each source file. The tool determines type signatures of
all exports within the file, reports any differences compared to the
associated symref reference, calculates symbol CRCs from the signatures
and writes new type data into a symtypes file.
* The script rpm/modversions is invoked again, this time it packs all new
symtypes files to a consolidated kABI file.
* The downstream script rpm/kabi.pl checks symbol CRCs in the new build and
compares them to a reference from kabi/<arch>/symvers-<flavor>, taking
kabi/severities into account.
suse-kabi-tools is a new set of tools to improve the kABI checking process.
The suite includes two tools, ksymtypes and ksymvers, which replace the
existing scripts rpm/modversions and rpm/kabi.pl, as well as the comparison
functionality previously provided by genksyms. The tools have their own
source repository and package.
The tools provide faster operation and more detailed, unified output. In
addition, they allow the use of the new upstream tool gendwarfksyms, which
lacks any built-in comparison functionality.
The updated workflow is as follows:
* The build performs a regular kernel make. During this operation, genksyms
(gendwarfksyms) is invoked as usual, determinining signatures and CRCs of
all exports and writing the type data to symtypes files. However,
genksyms no longer performs any comparison.
* 'ksymtypes consolidate' packs all new symtypes files to a consolidated
kABI file.
* 'ksymvers compare' checks symbol CRCs in the new build and compares them
to a reference from kabi/<arch>/symvers-<flavor>, taking kabi/severities
into account. The tool writes its result in a human-readable form on
standard output and also writes a list of all changed exports (not
ignored by kabi/severities) to the changed-exports file.
* 'ksymtypes compare' takes the changed-exports file, the consolidated kABI
symtypes reference data from kabi/<arch>/symtypes-<flavor> and the new
consolidated data. Based on this data, it produces a detailed report
explaining why the symbols changed.
The patch enables the use of suse-kabi-tools via rpm/config.sh, providing
explicit control to each branch. To enable the support, set
USE_SUSE_KABI_TOOLS=Yes in the config file.
- commit a2c6f89
- netfilter: allow exp not to be removed in nf_ct_find_expectation
(CVE-2023-52927 bsc#1239644).
- commit c88f971
- kernel-source: Remove log.sh from sources
- commit 96bd779
- media: pvrusb2: fix uaf in pvr2_context_set_notify
(CVE-2024-26875 bsc#1223118).
- commit 9270436
- drm/amdkfd: Fix an illegal memory access (CVE-2023-53090
bsc#1242753).
- commit 8280475
- can: bcm: add locking for bcm_op runtime updates (CVE-2025-38004
bsc#1244274).
- commit 27f3405
- sch_hfsc: Fix qlen accounting bug when using peek in
hfsc_enqueue() (CVE-2025-38000 bsc#1244277).
- commit 8634486
- net_sched: Flush gso_skb list too during ->change()
(CVE-2025-37992 bsc#1243698).
- ipvs: fix uninit-value for saddr in do_output_route4
(CVE-2025-37961 bsc#1243523).
- net: tls: explicitly disallow disconnect (CVE-2025-37756
bsc#1242515).
- net_sched: Prevent creation of classes with TC_H_ROOT
(CVE-2025-21971 bsc#1240799).
- vlan: enforce underlying device type (CVE-2025-21920
bsc#1240686).
- kcm: close race conditions on sk_receive_queue (CVE-2022-49814
bsc#1242498).
- wifi: cfg80211: fix memory leak in query_regdb_file()
(CVE-2022-49881 bsc#1242481).
- ipvs: fix WARNING in ip_vs_app_net_cleanup() (CVE-2022-49917
bsc#1242406).
- commit 225b1ce
- net_sched: sch_fifo: implement lockless __fifo_dump() (bsc#1237312)
- commit 619fd3b
- netfilter: bridge: replace physindev with physinif in
nf_bridge_info (CVE-2024-35839 bsc#1224726).
- Refresh patches.kabi/kabi-add-__nf_bridge_get_physindev-for-kabi.patch.
- commit ec55ccf
- kabi: add __nf_bridge_get_physindev() for kabi
(bsc#1224726,CVE-2024-35839).
- commit 8066fc3
- tipc: fix memory leak in tipc_link_xmit (CVE-2025-37757 bsc#1242521)
- commit ca38369
- net: sched: Fix use after free in red_enqueue() (CVE-2022-49921 bsc#1242359)
- commit 91e83c2
- netfilter: propagate net to nf_bridge_get_physindev
(CVE-2024-35839 bsc#1224726).
- Refresh patches.kabi/kabi-add-__nf_queue_get_refs-for-kabi-compliance.patch.
- commit 3ffae8c
- serial: core: fix transmit-buffer reset and memleak (bsc#1227768
CVE-2021-47527).
- commit 1772922
- bnxt_en: Fix out-of-bound memcpy() during ethtool -w
(CVE-2025-37911 bsc#1243469).
- mlxsw: spectrum_acl_tcam: Fix stack corruption (CVE-2024-26586
bsc#1220243).
- net/mlx5: Update error handler for UCTX and UMEM (CVE-2021-47212
bsc#1222709).
- commit 5027586
- module: ensure that kobject_put() is safe for module type kobjects (CVE-2025-37995 bsc#1243827)
- commit 31568b0
- mkspec: Exclude rt flavor from kernel-syms dependencies (bsc#1244337).
- commit 7c95ae0
- Refresh
patches.suse/kabi-fix-for-prevent-bpf-program-recursion-for-raw-tracepoint-probes.patch.
Fix the kernel Oops (bsc#1244317)
- commit 6a26caf
- mnt: fix __detach_mounts infinite loop (bsc#1242140).
- commit 973877c
- MyBS: Do not build kernel-obs-qa with limit_packages
Fixes: 58e3f8c34b2b ("bs-upload-kernel: Pass limit_packages also on multibuild")
- commit f4c6047
- MyBS: Simplify qa_expr generation
Start with a 0 which makes the expression valid even if there are no QA
repositories (currently does not happen). Then separator is always
needed.
- commit e4c2851
- MyBS: Correctly generate build flags for non-multibuild package limit
(bsc# 1244241)
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
- commit 27588c9
- bs-upload-kernel: Pass limit_packages also on multibuild
Fixes: 0999112774fc ("MyBS: Use buildflags to set which package to build")
Fixes: 747f601d4156 ("bs-upload-kernel, MyBS, Buildresults: Support multibuild (JSC-SLE#5501, boo#1211226, bsc#1218184)")
- commit 8ef486c
- ftrace: Avoid potential division by zero in function_stat_show()
(CVE-2025-21898 bsc#1240610).
- commit f3b653b
- kABI: workaround "bpf: Prevent bpf program recursion for raw
tracepoint probes" changes (bsc#1242301 CVE-2022-49764).
- commit 06373a9
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup
(CVE-2024-26825 bsc#1223065).
- commit e2bddb4
- ptp: Fix possible memory leak in ptp_clock_register()
(CVE-2021-47455 bsc#1225254).
- Refresh patches.kabi/ptp_clock-kABI-workaround.patch.
- commit e9de86b
- RDMA/srpt: Do not register event handler until srpt device is fully setup (CVE-2024-26872 bsc#1223115)
- commit cad3736
- driver core: fix potential NULL pointer dereference in
dev_uevent() (CVE-2025-37800 bsc#1242849).
- driver core: introduce device_set_driver() helper
(CVE-2025-37800 bsc#1242849).
- commit f8f225c
- Drop rejected CVE fix for driver core
Delete
patches.suse/driver-core-Fix-uevent_show-vs-driver-detach-race.patch
as it was reverted in the upstream (and CVE was rejected).
Another form of the fix will follow.
- commit c791e65
- kernel-source: Do not use multiple -r in sed parameters
This usage is enabled in commit b18d64d
(sed: allow multiple (non-conflicting) -E/-r parameters, 2016-07-31)
only available since sed 4.3
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit 91ad98e
- block: fix resource leak in blk_register_queue() error path (CVE-2025-37980 bsc#1243522)
- commit 65b2595
- openvswitch: Fix unsafe attribute parsing in output_userspace() (CVE-2025-37998 bsc#1243836)
- commit 1de5c37
- dm-bufio: don't schedule in atomic context (CVE-2025-37928 bsc#1243621)
- commit 8d6e517
- mtd: inftlcore: Add error check for inftl_read_oob() (CVE-2025-37892 bsc#1243536)
- commit 54793bb
- wifi: wl1251: fix memory leak in wl1251_tx_work (CVE-2025-37982 bsc#1243524)
- commit 9ed11b8
- netfilter: nf_tables: fix crash when nf_trace is enabled
(git-fixes CVE-2022-49622 bsc#1239042).
- commit 1ebebaa
- netfilter: nf_tables: avoid skb access on nf_stolen
(CVE-2022-49622 bsc#1239042).
- commit 3d1f851
- netfilter: nf_tables: consolidate rule verdict trace call (bsc#1239042).
- commit a2784df
- netfilter: nf_tables: remove old nf_log based tracing (bsc#1239042).
- Refresh
patches.suse/netfilter-nf_tables-check-the-result-of-dereferencin.patch.
- Refresh
patches.suse/netfilter-nf_tables-use-WARN_ON_ONCE-instead-of-BUG_.patch.
- commit c5a2d73
- KVM: SVM: fix panic on out-of-bounds guest IRQ (bsc#1238167 CVE-2022-49154).
- commit 930b864
- Update tags in
patches.suse/ocfs2-fix-data-corruption-after-failed-write.patch
(bsc#1208542 CVE-2023-53081 bsc#1242281).
- commit 54cff45
- ext4: update s_journal_inum if it changes after journal replay
(bsc#1242767 CVE-2023-53091).
- commit 36a043e
- ext4: fix BUG_ON() when directory entry has invalid rec_len
(bsc#1242733 CVE-2022-49879).
- commit dfbcdb4
- scsi: pm80xx: Avoid leaking tags when processing
OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883
cve-2023-52500 CVE-2023-52500).
- commit 8a3dd0b
- ata: libata-core: fix NULL pointer deref in
ata_host_alloc_pinfo() (bsc#1239071 CVE-2022-49731).
- commit f8e7ddf
- l2tp: fix lockdep splat (CVE-2023-53020 bsc#1240224).
- l2tp: Avoid possible recursive deadlock in
l2tp_tunnel_register() (CVE-2023-53020 bsc#1240224).
- l2tp: prevent lockdep issue in l2tp_tunnel_register()
(CVE-2023-53020 bsc#1240224).
- l2tp: close all race conditions in l2tp_tunnel_register()
(CVE-2023-53020 bsc#1240224).
- blacklist.conf: remove 0b2c59720e65885a394a017d0cf9cab118914682
it is a bit unclear why it was there but it should not be there any more
- l2tp: define helper for parsing struct sockaddr_pppol2tp*
(CVE-2023-53020 bsc#1240224).
- commit 6df99cf
- Fix bug reference in patches.suse/net_sched-sch_sfq-use-a-temporary-work-area-for-vali.patch (bsc#1242504)
- commit 14f3c70
- x86/bugs: Fix BHI retpoline check (git-fixes).
- commit 67aed4a
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- commit dab1e97
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- commit 01a0a7a
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- commit 198eac5
- btrfs: don't BUG_ON() when 0 reference count at
btrfs_lookup_extent_info() (bsc#1230786 CVE-2024-46751).
- commit ed57497
- HID: pidff: Fix null pointer dereference in pidff_find_fields (CVE-2025-37862 bsc#1242982)
- commit 3dd1249
- PCI: Fix reference leak in pci_register_host_bridge() (CVE-2025-37836 bsc#1242957)
- commit ed65adb
- usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810 bsc#1242906)
- commit b2856a0
- cifs: avoid NULL pointer dereference in dbg call (CVE-2025-37844 bsc#1242946)
- commit 32900ee
- tpm: do not start chip while suspended (CVE-2025-23149 bsc#1242758)
- commit 0620cc8
- Refresh patches.suse/x86-bhi-Add-BHI-mitigation-knob.patch.
Fix a couple of issues with this backport, namely:
1. Wrong upstream commit id used
2. Missing hunk dealing with RETPOLINE being enabled on RRSBA CPUs, thus
obviating the need to have BHI mitigation explicitly enabled.
- commit daaf354
- Update
patches.suse/0084-dm-ioctl-fix-misbehavior-if-list_versions-races-with-module-loading.patch
(git-fixes CVE-2022-49771 bsc#1242686).
- Update
patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_r.patch
(CVE-2022-3564 bsc#1206073 CVE-2022-49910 bsc#1242452).
- Update
patches.suse/Bluetooth-L2CAP-fix-use-after-free-in-l2cap_conn_del.patch
(CVE-2025-21969 bsc#1240784 CVE-2022-49909 bsc#1242453).
- Update
patches.suse/Bluetooth-btsdio-fix-use-after-free-bug-in-btsdio_re.patch
(CVE-2023-1989 bsc#1210336 CVE-2023-53145 bsc#1243047).
- Update patches.suse/SUNRPC-Fix-a-server-shutdown-leak.patch
(git-fixes CVE-2023-53131 bsc#1242377).
- Update
patches.suse/arm64-bpf-Add-BHB-mitigation-to-the-epilogue-for-cBP.patch
(bsc#1242778 CVE-2025-37948 bsc#1243649).
- Update
patches.suse/arm64-bpf-Only-mitigate-cBPF-programs-loaded-by-unpr.patch
(bsc#1242778 CVE-2025-37963 bsc#1243660).
- Update
patches.suse/bpf-sockmap-Fix-the-sk-sk_forward_alloc-warning-of-s.patch
(bsc#1235485 CVE-2024-56633 CVE-2022-49877 bsc#1242483).
- Update
patches.suse/cifs-Fix-connections-leak-when-tlink-setup-failed.patch
(bsc#1190317 CVE-2022-49822 bsc#1242544).
- Update
patches.suse/dm-stats-check-for-and-propagate-alloc_percpu-failur-d3aa.patch
(git-fixes CVE-2023-53044 bsc#1242759).
- Update
patches.suse/ext4-fix-WARNING-in-ext4_update_inline_data.patch
(bsc#1213012 CVE-2023-53100 bsc#1242790).
- Update
patches.suse/ext4-fix-warning-in-ext4_da_release_space.patch
(bsc#1206887 CVE-2022-49880 bsc#1242734).
- Update
patches.suse/ext4-zero-i_disksize-when-initializing-the-bootloade.patch
(bsc#1213013 CVE-2023-53101 bsc#1242791).
- Update
patches.suse/ftrace-Fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
(git-fixes CVE-2023-53075 bsc#1242218).
- Update
patches.suse/ftrace-Fix-use-after-free-for-dynamic-ftrace_ops.patch
(git-fixes CVE-2022-49892 bsc#1242449).
- Update
patches.suse/gfs2-Check-sb_bsize_shift-after-reading-superblock.patch
(git-fixes CVE-2022-49769 bsc#1242440).
- Update patches.suse/ibmvnic-Free-rwi-on-reset-success.patch
(bsc#1184350 ltc#191533 git-fixes CVE-2022-49906 bsc#1242464).
- Update
patches.suse/igb-revert-rtnl_lock-that-causes-deadlock.patch
(git-fixes CVE-2023-53060 bsc#1242241).
- Update
patches.suse/ila-do-not-generate-empty-messages-in-ila_xlat_nl_cm.patch
(git-fixes CVE-2023-53141 bsc#1242362).
- Update
patches.suse/mISDN-fix-misuse-of-put_device-in-mISDN_register_dev.patch
(CVE-2022-49915 bsc#1242409 CVE-2022-49818 bsc#1242527).
- Update patches.suse/net-iucv-Fix-size-of-interrupt-data.patch
(bsc#1211466 CVE-2023-53108 bsc#1242422).
- Update
patches.suse/net-tunnels-annotate-lockless-accesses-to-dev-needed_headroom.patch
(CVE-2024-26804 bsc#1222629 CVE-2023-53109 bsc#1242405).
- Update
patches.suse/net-usb-lan78xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53068 bsc#1242239).
- Update
patches.suse/net-usb-smsc75xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53125 bsc#1242285).
- Update
patches.suse/net-usb-smsc95xx-Limit-packet-length-to-skb-len.patch
(git-fixes CVE-2023-53062 bsc#1242228).
- Update
patches.suse/net_sched-keep-alloc_hash-updated-after-hash-allocat.patch
(git-fixes CVE-2020-36791 bsc#1242835).
- Update
patches.suse/nfc-pn533-initialize-struct-pn533_out_arg-properly.patch
(CVE-2022-48875 bsc#1229516 CVE-2023-53119 bsc#1242370).
- Update
patches.suse/nfc-st-nci-Fix-use-after-free-bug-in-ndlc_remove-due.patch
(git-fixes bsc#1210337 CVE-2023-1990 CVE-2023-53106
bsc#1242215).
- Update
patches.suse/nfs4-Fix-kmemleak-when-allocate-slot-failed.patch
(git-fixes CVE-2022-49927 bsc#1242416).
- Update
patches.suse/nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch
(CVE-2025-22025 bsc#1241361 CVE-2025-37871 bsc#1242949).
- Update
patches.suse/ring-buffer-Check-for-NULL-cpu_buffer-in-ring_buffer_wake_waiters.patch
(git-fixes CVE-2022-49889 bsc#1242455).
- Update patches.suse/sch_htb-make-htb_deactivate-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37953 bsc#1243543).
- Update
patches.suse/sch_htb-make-htb_qlen_notify-idempotent.patch
(CVE-2025-37798 bsc#1242414 CVE-2025-37932 bsc#1243627).
- Update
patches.suse/scsi-core-Remove-the-proc-scsi-proc_name-directory-earlier.patch
(git-fixes CVE-2023-53140 bsc#1242372).
- Update
patches.suse/scsi-mpt3sas-Fix-NULL-pointer-access-in-mpt3sas_transport_port_add.patch
(git-fixes CVE-2023-53124 bsc#1242165).
- Update
patches.suse/scsi-qla2xxx-Perform-lockless-command-completion-in-.patch
(git-fixes CVE-2023-53041 bsc#1242747).
- Update
patches.suse/scsi-qla2xxx-Synchronize-the-IOCB-count-to-be-in-ord.patch
(bsc#1209292 bsc#1209684 bsc#1209556 CVE-2023-53056
bsc#1242219).
- Update
patches.suse/scsi-scsi_dh_alua-Fix-memleak-for-qdata-in-alua_activate.patch
(git-fixes CVE-2023-53078 bsc#1242231).
- Update
patches.suse/scsi-zfcp-Fix-double-free-of-FSF-request-when-qdio-send-fails
(git-fixes CVE-2022-49789 bsc#1242366).
- Update
patches.suse/tcp-tcp_make_synack-can-be-called-from-process-conte.patch
(git-fixes CVE-2023-53121 bsc#1242225).
- Update
patches.suse/udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_e.patch
(bsc#1206649 CVE-2022-49846 bsc#1242716).
- commit 69b5e67
- drm/scheduler: fix fence ref counting (bsc#1242691 CVE-2022-49829)
- commit 14778ea
- net: sched: extract qstats update code into functions
(CVE-2024-26740 bsc#1222563).
- refresh patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
- commit e226feb
- net/sched: act_mirred: use the backlog for mirred ingress
(CVE-2024-26740 bsc#1222563).
- refresh patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
- act_mirred: use the backlog for nested calls to mirred ingress
(CVE-2024-26740 bsc#1222563).
- net/sched: act_mirred: refactor the handle of xmit
(CVE-2024-26740 bsc#1222563).
- cleanup patches.suse/net-smc-Transitional-solution-for-clcsock-race-issue.patch
drop net/sched/act_mirred.c part which was a combination of unrelated
commits which are going to be backported separately now
- refresh patches.suse/net-sched-act_mirred-don-t-override-retval-if-we-alr.patch
- net: sched: don't expose action qstats to skb_tc_reinsert()
(CVE-2024-26740 bsc#1222563).
- net: sched: refactor reinsert action (CVE-2024-26740
bsc#1222563).
- commit 7ca05e8
- can: peak_usb: fix use after free bugs (bsc#1241407
CVE-2021-47670).
- blacklist.conf: blacklisted in error
- commit 3cc9a48
- xenbus: Use kref to track req lifetime (bsc#1243541
CVE-2025-37949).
- commit e59a814
- 9p/net: fix improper handling of bogus negative read/write
replies (bsc#1243077 CVE-2025-37879).
- commit fe1bf4b
- usb: gadget: u_audio: don't let userspace block driver unbind (CVE-2023-53045 bsc#1242756)
- commit 96aa745
- tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header (CVE-2022-49862 bsc#1242755)
- commit d64fec6
- net: macvlan: fix memory leaks of macvlan_common_newlink (CVE-2022-49853 bsc#1242688)
- commit d85ed83
- dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (CVE-2022-49861 bsc#1242580)
- commit f8dabfc
- ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network (CVE-2022-49865 bsc#1242570)
- commit 8923317
- net_sched: sch_sfq: move the limit validation (CVE-2025-37752 bsc#1242504)
- commit 3268e2e
- net_sched: sch_sfq: use a temporary work area for validating configuration (bsc#1232504)
- commit e350897
- net: ena: Fix error handling in ena_init() (CVE-2022-49813 bsc#1242497)
- commit 55f4ea4
- net: mdio: fix undefined behavior in bit shift for __mdiobus_register (CVE-2022-49907 bsc#1242450)
- commit 35b4747
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (CVE-2023-53114 bsc#1242398)
- commit 9232bee
- ALSA: hda: fix potential memleak in 'add_widget_node' (CVE-2022-49835 bsc#1242385)
- commit b245eca
- nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (CVE-2022-49922 bsc#1242378)
- commit ec5842a
- ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (CVE-2022-49772 bsc#1242147)
- commit 05dc09a
- Remove debug flavor (bsc#1243919).
This is only released in Leap, and we don't have Leap 42 anymore.
- commit c8f417b
- rpm/check-for-config-changes: add more to IGNORED_CONFIGS_RE
Useful when someone tries (needs) to build the kernel with clang.
- commit 06918e3
- HID: hyperv: fix possible memory leak in mousevsc_probe()
(CVE-2022-49874 bsc#1242478).
- commit 4edbe8d
- Refresh patches.suse/netfilter-nf_tables-Reject-tables-of-unsupported-fam.patch.
Adjusted the backported patch as it caused a regression. bsc#1218752
- commit 9c294ed
- ipv6: Fix signed integer overflow in __ip6_append_data
(CVE-2022-49728 bsc#1239111).
- commit e5a4bfa
- devm-helpers: Add resource managed version of work init (bsc#1242745)
- commit af41987
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (bsc#1242154)
- commit 28b2ba4
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (CVE-2023-53139 bsc#1242361)
- commit 2977dda
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788 bsc#1242353)
- commit 9e63e91
- mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (CVE-2022-49787 bsc#1242352)
- commit e6bd23b
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (CVE-2023-53066 bsc#1242227)
- commit 3926868
- pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (CVE-2022-49832 bsc#1242154)
- commit 18c2436
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (bsc#1242745)
- commit eb37482
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (CVE-2023-53039 bsc#1242745)
- commit 09f159d
- workqueue: Add resource managed version of delayed work init (bsc#1242745)
- commit 26c1fec
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
(CVE-2024-53168 bsc#1234887).
- commit 14cbc36
- ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
(CVE-2022-49145 bsc#1238162).
- commit 470a12c
- mtd: phram: Add the kernel lock down check (bsc#1232649).
- commit 9010162
- net/sched: initialize noop_qdisc owner (git-fixes).
- commit 2dfc668
- nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (CVE-2022-49923 bsc#1242394)
- commit 90c2109
- NFC: nxp-nci: remove unnecessary labels (bsc#1242394)
- commit 211515d
- isofs: Prevent the use of too small fid (CVE-2025-37780 bsc#1242786)
- commit 66b8f1c
- wifi: mac80211: Purge vif txq in ieee80211_do_stop() (CVE-2025-37794 bsc#1242566)
- commit be7520f
- wifi: at76c50x: fix use after free access in at76_disconnect (CVE-2025-37796 bsc#1242727)
- commit 926c6d8
- ext4: fix off-by-one error in do_split (CVE-2025-23150 bsc#1242513)
- commit 63c211a
- d_invalidate(): unhash immediately (bsc#1242140).
- commit 0bb13d9
- net: phy: leds: fix memory leak (CVE-2025-37989 bsc#1243511).
- commit 80b696b
- Refresh fixes for cBPF issue (bsc#1242778)
- Update metadata and put them into the sorted part of the series
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- Refresh
patches.suse/x86-bpf-add-IBHF-call-at-end-of-classic-BPF.patch.
- Refresh
patches.suse/x86-bpf-call-branch-history-clearing-sequence-on-exit.patch.
- commit 78cd843
- kabi: hide owner from struct Qdisc (CVE-2024-27010,
bsc#1223720).
- net/sched: Fix mirred deadlock on device recursion
(CVE-2024-27010, bsc#1223720).
- commit 2646651
- Refresh patches.suse/net-mlx5-Fix-steering-rules-cleanup.patch.
- commit cad4104
- i2c: cros-ec-tunnel: defer probe if parent EC is not present (CVE-2025-37781 bsc#1242575)
- commit 648898d
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (CVE-2022-49729 bsc#1239060)
- commit e4a37ce
- net_sched: skbprio: Remove overly strict queue assertions (CVE-2025-38637 bsc#1241657).
- commit a3f71a8
- usbnet:fix NPE during rx_complete (CVE-2025-22050 bsc#1241441)
- commit b29f445
- thermal: int340x: Add NULL check for adev (CVE-2025-23136 bsc#1241357)
- commit aca813f
- btrfs: do not clean up repair bio if submit fails
(CVE-2022-49168 bsc#1238109).
- commit eb3f122
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (CVE-2023-52988 bsc#1240293)
- commit 47e6e52
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (CVE-2023-52993 bsc#1240297)
- commit b8c925f
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (CVE-2023-52989 bsc#1240266)
- commit 4f68c93
- w1: fix WARNING after calling w1_process() (CVE-2022-49751 bsc#1240254)
- commit 9507421
- nfc: fdp: Fix potential memory leak in fdp_nci_send() (CVE-2022-49924 bsc#1242426)
- commit 1ff0fc5
- PM / devfreq: rk3399_dmc: Disable edev on remove() (CVE-2022-49460 bsc#1238892)
- commit 556bc32
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (CVE-2022-49652 bsc#1238871)
- commit d4f6d8a
- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (CVE-2022-49503 bsc#1238868)
- commit b38fbf8
- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (CVE-2022-49715 bsc#1238818)
- commit c85152c
- irqchip: gic-v3: Use of_cpu_node_to_id helper (bsc#1238818)
- commit 955125a
- net/mlx5: Fix steering rules cleanup (CVE-2023-53079
bsc#1242765).
- commit 4ab30d6
- ata: libata-transport: fix double ata_host_put() in
ata_tport_add() (CVE-2022-49826 bsc#1242549).
- commit a0074f3
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too
(CVE-2025-37823 bsc#1242924).
- commit 9b2e245
- team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787 bsc#1238774)
- commit c0334f8
- btrfs: fix inode list leak during backref walking at
resolve_indirect_refs() (CVE-2022-49914 bsc#1242427).
- commit f13d5c5
- thermal: core: prevent potential string overflow (CVE-2023-52868 bsc#1225044)
- commit 45a76bf
- bpf: Prevent bpf program recursion for raw tracepoint probes
(CVE-2022-49764 bsc#1242301).
- commit 193b281
- bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
(CVE-2022-49840 bsc#1242447).
- commit 19b730c
- nfsd: decrease sc_count directly if fail to queue dl_recall
(CVE-2025-22025 bsc#1241361).
- commit 5566843
- nfsd: put dl_stid if fail to queue dl_recall (CVE-2025-22025
bsc#1241361).
- commit 36e54e4
- pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702 bsc#1237312)
- commit 2cd0611
- usb: cdc-acm: Check control transfer buffer size before access (CVE-2025-21704 bnc#1237571)
- commit 25db018
- ptp: Ensure info->enable callback is always set (CVE-2025-21814 bsc#1238473)
- commit 04ecd88
- net/niu: Niu requires MSIX ENTRY_DATA fields touch before
entry reads (CVE-2025-37833 bsc#1242868).
- PCI/MSI: Add an option to write MSIX ENTRY_DATA before any reads
(CVE-2025-37833 bsc#1242868).
- commit 07a4c2c
- drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() (CVE-2025-37852 bsc#1243074).
- commit 85e74d7
- net: mvpp2: parser fix QinQ (CVE-2025-22060 bsc#1241526).
- Refresh
patches.suse/net-mvpp2-Prevent-parser-TCAM-memory-corruption.patch.
- commit 39cd74b
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
(bsc#1235632 CVE-2024-56779).
- commit 6133296
- x86/smpboot: Remove unused phys_id variable (git-commit).
This fixes a build warning.
- commit ceba46a
- kernel/resource: fix kfree() of bootmem memory again
(CVE-2022-49190 bsc#1238130).
- commit 48c0013
- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (CVE-2022-49467 bsc#1238815)
- commit 9b240ea
- drm/i915/selftests: fix subtraction overflow bug (CVE-2022-49635 bsc#1238806)
- commit c5c18ff
- net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749 bsc#1242859)
- commit a8fe412
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets (CVE-2025-22063 bsc#1241351)
- commit 69b9c55
- tcp: cdg: allow tcp_cdg_release() to be called multiple times (CVE-2022-49775 bsc#1242245)
- commit 462783c
- rpm: Stop using is_kotd_qa macro
This macro is set by bs-upload-kernel, and a conditional in each spec
file is used to determine when to build the spec file.
This logic should not really be in the spec file. Previously this was
done with package links and package meta for the individula links.
However, the use of package links is rejected for packages in git based
release projects (nothing to do with git actually, new policy). An
alternative to package links is multibuild. However, for multibuild
packages package meta cannot be used to set which spec file gets built.
Use prjcon buildflags instead, and remove this conditional. Depends on
bs-upload-kernel adding the build flag.
- commit 9eb8a6f
- kernel-obs-qa: Use srchash for dependency as well
- commit 485ae1d
- PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type
(CVE-2025-23161 bsc#1242792).
- commit b40664f
- ocfs2: fix the issue with discontiguous allocation in the
global_bitmap (git-fixes).
- commit e15ed3a
- nfsd: fix race between laundromat and free_stateid()
(CVE-2024-50106 bsc#1232882).
- commit a790b42
- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size
data type (bsc#1238394 CVE-2022-49320).
- commit 436663c
- btrfs: fix inode list leak during backref walking at
find_parent_nodes() (bsc#1242470 CVE-2022-49913).
- commit c05de9e
- btrfs: replace BUG_ON() with error handling at
update_ref_for_cow() (bsc#1230794 CVE-2024-46752).
- commit acac3f6
- Btrfs: don't iterate mod seq list when putting a tree mod seq
(bsc#1242472 CVE-2022-49898).
- btrfs: always pin deleted leaves when there are active tree
mod log users (bsc#1242472 CVE-2022-49898).
- btrfs: fix tree mod log mishandling of reallocated nodes
(bsc#1242472 CVE-2022-49898).
- btrfs: use a bit to track the existence of tree mod log users
(bsc#1242472 CVE-2022-49898).
- btrfs: use the new bit BTRFS_FS_TREE_MOD_LOG_USERS at
btrfs_free_tree_block() (bsc#1242472 CVE-2022-49898).
- Refresh
patches.suse/0002-btrfs-Remove-fsid-metadata_fsid-fields-from-btrfs_in.patch.
- commit dacb815
- memcg_write_event_control(): fix a user-triggerable oops
(CVE-2024-45021 bsc#1230434).
- commit 4e6c9d7
- IB/hfi1: Correctly move list in sc_disable() (CVE-2022-49931 bsc#1242382)
- commit 581a698
- RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (CVE-2022-49925 bsc#1242371)
- commit 629991b
- rtl818x: Prevent using not initialized queues (CVE-2022-49326 bsc#1238646)
- commit 2e4f859
- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (CVE-2022-49491 bsc#1238539)
- commit cacfaf7
- driver core: fix deadlock in __device_attach (CVE-2022-49371 bsc#1238546)
- commit e1fc85e
- Refresh patches.suse/tpm-tis-Double-the-timeout-B-to-4s.patch.
- commit db263b9
- Update
patches.suse/USB-usbfs-Don-t-WARN-about-excessively-large-memory-.patch
(bsc#1222004 CVE-2021-47170 CVE-2021-20320).
- commit 2ffa0a7
- Update
patches.suse/sctp-fail-if-no-bound-addresses-can-be-used-for-a-gi.patch
(bsc#1206677 CVE-2023-1074).
- commit 2c70e65
- media: streamzap: fix race between device disconnection and
urb callback (CVE-2025-22027 bsc#1241369).
- commit 45f284f
- ASoC: soc-utils: Remove __exit for snd_soc_util_exit()
(CVE-2022-49842 bsc#1242484).
- commit dfda6bc
- ASoC: core: Fix use-after-free in snd_soc_exit() (CVE-2022-49842
bsc#1242484).
- commit 89ba7b3
- btrfs: always report error in run_one_delayed_ref() (CVE-2022-49761 bsc#1240261)
- commit e432f24
- netfilter: conntrack: clamp maximum hashtable size to INT_MAX (CVE-2025-21648 bsc#1236142)
- commit 9316b29
- media: usb: go7007: s2250-board: fix leak in probe() (CVE-2022-49253 bsc#1238420)
- commit db86595
- sfc: fix kernel panic when creating VF (CVE-2022-49625 bsc#1238411)
- commit bcdf72a
- arm64: insn: Fix two bugs in encoding 32-bit logical immediates
(bsc#1242778).
- commit 538ec8a
- arm64: insn: Add encoder for bitwise operations using literals
(bsc#1242778).
- arm64: insn: Add N immediate encoding (bsc#1242778).
- commit e6408da
- sch_htb: make htb_deactivate() idempotent (CVE-2025-37798
bsc#1242414).
- sch_qfq: make qfq_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_drr: make drr_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- sch_htb: make htb_qlen_notify() idempotent (CVE-2025-37798
bsc#1242414).
- commit 85d67da
- bonding: Fix memory leak when changing bond type to Ethernet
(CVE-2023-53103 bsc#1242408).
- commit 03cee1f
- bonding: restore bond's IFF_SLAVE flag if a non-eth dev enslave
fails (CVE-2023-53103 bsc#1242408).
- bonding: restore IFF_MASTER/SLAVE flags on bond enslave ether
type change (CVE-2023-53103 bsc#1242408).
- commit c76a60e
- Revert "kABI workaround for changeing the variable length type to size_t"
Will evaluate again the CVE and resend the patch if needed
This reverts commit 467381126c46febb6e9adeba40f4439ab1b7f3cd.
- commit 859f819
- Revert "ipv6: Fix signed integer overflow in __ip6_append_data"
Will evaluate again the CVE and resend the patch if needed
This reverts commit 0c4609a89f1351bc34d1fdf73c438d3665a48988.
- commit 9b99659
- Fix cpufeatures kABI
Refresh patches.kabi/cpufeatures-kabi-fix.patch.
- commit aeb0991
- Refresh
patches.suse/0022-arm64-Use-the-clearbhb-instruction-in-mitigations.patch.
Bring in AARCH64_INSN_HINT_CLEARBHB, which was present in the mainline
patch.
- commit 7ece652
- Bring back 'enum bhb_mitigation_bits' and system_bhb_mitigations
(bsc#1242778)
- Refresh
patches.suse/0019-arm64-Mitigate-spectre-style-branch-history-side-cha.patch.
- Refresh
patches.suse/0022-arm64-Use-the-clearbhb-instruction-in-mitigations.patch.
- commit a6c8f92
- ath9k_htc: fix uninit value bugs (CVE-2022-49235 bsc#1238333)
- commit d0592f5
- drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (CVE-2022-49216 bsc#1238338)
Refresh patches.suse/0001-drm-tegra-dsi-Add-missing-check-for-of_find_device_b.patch.
- commit dff7d50
- mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init (CVE-2022-49212 bsc#1238331)
- commit fd64ee9
- phy: qcom-qmp: fix reset-controller leak on probe errors (CVE-2022-49396 bsc#1238289)
- commit 64c16d6
- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs
(bsc#1242778).
- commit d71d27e
- arm64: proton-pack: Add new CPUs 'k' values for branch
mitigation (bsc#1242778).
- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged
users (bsc#1242778).
- arm64: proton-pack: Expose whether the branchy loop k value
(bsc#1242778).
- arm64: proton-pack: Expose whether the platform is mitigated
by firmware (bsc#1242778).
- arm64: insn: Add support for encoding DSB (bsc#1242778).
- commit ebb0869
- Refresh
patches.suse/x86-bhi-do-not-set-BHI_DIS_S-in-32-bit-mode.patch.
- Refresh
patches.suse/x86-bpf-add-IBHF-call-at-end-of-classic-BPF.patch.
- Refresh
patches.suse/x86-bpf-call-branch-history-clearing-sequence-on-exit.patch.
Update the patch-mainline header, these patches are expected to be
found upstream at a later date.
- commit 8ba543d
- net: openvswitch: fix nested key length validation in the set()
action (CVE-2025-37789 bsc#1242762).
- commit a168326
- tty: serial: fsl_lpuart: fix race on RX DMA shutdown
(CVE-2023-53094 bsc#1242288).
- commit 053969f
- Update
patches.suse/bpf-Verifer-adjust_scalar_min_max_vals-to-always-call-update_reg_bounds.patch
(bsc#1194227 CVE-2021-4159).
- commit 33266c3
- Update
patches.suse/s390-bpf-Wrap-JIT-macro-parameter-usages-in-parentheses.patch
(bsc#1190601 CVE-2021-20320).
- Update
patches.suse/s390-bpf-fix-64-bit-subtraction-of-the-0x80000000-constant.patch
(bsc#1190601 CVE-2021-20320).
- Update
patches.suse/s390-bpf-fix-branch-shortening-during-codegen-pass.patch
(bsc#1190601 CVE-2021-20320).
- Update
patches.suse/s390-bpf-fix-optimizing-out-zero-extensions.patch
(bsc#1190601 CVE-2021-20320).
- Update
patches.suse/s390-bpf-implement-jitting-of-BPF_ALU-BPF_ARSH-BPF_.patch
(bsc#1190601 CVE-2021-20320).
- commit 3b96b15
- scsi: iscsi_tcp: Fix UAF during logout when accessing the
shost ipaddress (CVE-2023-52975 bsc#1240322).
- scsi: iscsi: Move pool freeing (CVE-2023-52975 bsc#1240322).
- commit d8d45ff
- check-for-config-changes: Fix flag name typo
- commit 1046b16
- netfilter: socket: Lookup orig tuple for IPv6 SNAT
(CVE-2025-22021 bsc#1241282).
- commit 3b93136
- xsk: Add missing overflow check in xdp_umem_reg (CVE-2023-53080
bsc#1242287).
- commit 8b15409
- net_sched: hfsc: Fix a UAF vulnerability in class handling
(CVE-2025-37797 bsc#1242417).
- commit 66a1309
- codel: remove sch->q.qlen check before
qdisc_tree_reduce_backlog() (CVE-2025-37798 bsc#1242414).
- commit 7a9bb75
- hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key
(bsc#1242770 CVE-2025-37782).
- commit 51b3882
- udp: Fix memory accounting leak (CVE-2025-22058 bsc#1241332).
- commit 229f687
- fbdev: hyperv_fb: Simplify hvfb_putmem (git-fixes).
- commit 67adb16
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
(bsc#1238032 CVE-2022-49139).
- commit b38b106
- net: stmmac: fix dma queue left shift overflow issue
(CVE-2022-49592 bsc#1238311).
- commit 1b0d1c7
- Bluetooth: fix dangling sco_conn and use-after-free in
sco_sock_timeout (bsc#1238071 CVE-2022-49474).
- commit 6360cef
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (bsc#1242778).
- x86/bpf: Add IBHF call at end of classic BPF (bsc#1242778).
- x86/bpf: Call branch history clearing sequence on exit
(bsc#1242778).
- commit 59473c9
- fbdev: hyperv_fb: Allow graceful removal of framebuffer
(git-fixes CVE-2025-21976 bsc#1241145).
- Delete patches.suse/suse-hv-hyperv_fb-rmmod.patch, no longer
needed.
- commit a082a24
- net: gso: fix panic on frag_list with mixed head alloc types
(CVE-2022-49872 bsc#1242594).
- commit 3e759e0
- mISDN: fix possible memory leak in mISDN_dsp_element_register()
(CVE-2022-49821 bsc#1242542).
- commit 22495af
- mISDN: fix misuse of put_device() in mISDN_register_device()
(CVE-2022-49915 bsc#1242409).
- commit 2af5c07
- mISDN: fix possible memory leak in mISDN_register_device()
(CVE-2022-49915 bsc#1242409).
- commit 1096349
- net: tun: call napi_schedule_prep() to ensure we own a napi
(CVE-2022-49871 bsc#1242558).
- net: tun: Fix memory leaks of napi_get_frags (CVE-2022-49871
bsc#1242558).
- macvlan: enforce a consistent minimal mtu (CVE-2022-49776
bsc#1242248).
- commit de7a2f0
- Update
patches.suse/dm-crypt-add-cond_resched-to-dmcrypt_write-fb29.patch
(git-fixes CVE-2023-53051 bsc#1242284).
- commit a2c06ba
- Regression in CVE-2024-56641 fix (CVE-2024-56641, bsc#1235526, bsc#1242319).
- commit a257d42
- soc: rockchip: Fix refcount leak in rockchip_grf_init (CVE-2022-49382 bsc#1238306)
- commit b778a78
- ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (CVE-2022-49248 bsc#1238284)
- commit 340a548
- tty: fix deadlock caused by calling printk() under tty_port->lock (CVE-2022-49441 bsc#1238263)
- commit 1148c0f
- Refresh patches.suse/suse-hv-hyperv_fb-rmmod.patch.
Fix the following warning:
drivers/video/fbdev/hyperv_fb.c:1363:20: warning: 'hvfb_drv_exit' defined but not used
- commit ce05eff
- audit: Send netlink ACK before setting connection in auditd_set
(bsc#1231450).
- commit f8c00d6
- Update
patches.suse/can-dev-can_get_echo_skb-prevent-call-to-kfree_skb-i.patch
(git-fixes CVE-2020-36789 bsc#1241408).
- Update
patches.suse/can-dev-can_restart-fix-use-after-free-bug.patch
(git-fixes CVE-2021-47668 bsc#1241404).
- Update
patches.suse/can-vxcan-vxcan_xmit-fix-use-after-free-bug.patch
(git-fixes CVE-2021-47669 bsc#1241405).
- Update patches.suse/fou-fix-initialization-of-grc.patch
(CVE-2024-46763 bsc#1230764 CVE-2024-46865 bsc#1231103).
- Update
patches.suse/ndisc-use-RCU-protection-in-ndisc_alloc_skb.patch
(bsc#1239994 CVE-2025-21764 bsc#1237885).
- commit fcb2f6d
- cifs: Fix integer overflow while processing actimeo mount option
(git-fixes).
- commit 0c62491
- cifs: Fix integer overflow while processing acdirmax mount
option (CVE-2025-21963 bsc#1240717).
- commit 6c82fff
- net: annotate races around sk->sk_bound_dev_if (CVE-2022-49420
bsc#1238887).
- commit e87db68
- cifs: Fix integer overflow while processing acregmax mount
option (CVE-2025-21964 bsc#1240740).
- commit 759fa98
- hyperv_fb: disable rmmod (bsc#1241145, CVE-2025-21976).
- commit 001b30c
- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (CVE-2022-49489 bsc#1238244)
- commit 70ef453
- drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() (CVE-2022-49232 bsc#1238139)
- commit 233d2c0
- remoteproc: qcom_q6v5_mss: Fix some leaks in q6v5_alloc_memory_region (CVE-2022-49188 bsc#1238138)
- commit 2da2636
- remoteproc: qcom_q6v5_mss: Extract mba/mpss from memory-region (bsc#1238138)
- commit 2730746
- PM: core: keep irq flags in device_pm_check_callbacks() (CVE-2022-49175 bsc#1238099)
- commit ab8e651
- pinctrl: renesas: core: Fix possible null-ptr-deref in sh_pfc_map_resources() (CVE-2022-49445 bsc#1238019)
- commit 27189c5
- ibmvnic: Use kernel helpers for hex dumps (CVE-2025-22104 bsc#1241550)
- commit bc8cac0
- kABI workaround for changeing the variable length type to size_t
(CVE-2022-49728 bsc#1239111).
- commit 4673811
- ipv6: Fix signed integer overflow in __ip6_append_data
(CVE-2022-49728 bsc#1239111).
- commit 0c4609a
- igmp: Fix data-races around sysctl_igmp_llm_reports
(CVE-2022-49590 bsc#1238844).
- commit ffcf577
- ipv6: mcast: add RCU protection to mld_newpack() (CVE-2025-21758
bsc#1238737).
- commit ca8335c
- net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
(CVE-2025-21768 bsc#1238714).
- commit 4d13df3
- atm: Fix NULL pointer dereference (CVE-2025-22018 bsc#1241266)
- commit bc9b2c6
- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (CVE-2022-49305 bsc#1238645)
- commit f20b488
- Bluetooth: Fix use after free in hci_send_acl (bsc#1237984
CVE-2022-49111).
- commit 3cd0c1c
- net: mvpp2: Prevent parser TCAM memory corruption
(CVE-2025-22060 bsc#1241526).
- commit 37e999b
- Require zstd in kernel-default-devel when module compression is zstd
To use ksym-provides tool modules need to be uncompressed.
Without zstd at least kernel-default-base does not have provides.
Link: https://github.com/openSUSE/rpm-config-SUSE/pull/82
- commit a3262dd
- Revert "exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029"
This reverts commit 14a10bfdc080f8fa12291efe393e7af680537978.
This turned out to be not an issue. See https://bugzilla.suse.com/show_bug.cgi?id=1241378#c4
- commit 4a60e73
- net: ibmveth: make veth_pool_store stop hanging (CVE-2025-22053
bsc#1241373).
- commit 4494ff2
- netfilter: IDLETIMER: Fix for possible ABBA deadlock
(CVE-2024-54683 bsc#1235729).
- commit 938d034
- exec: fix the racy usage of fs_struct->in_exec (CVE-2025-22029
bsc#1241378).
- commit 14a10bf
- bfq: Make sure bfqg for which we are queueing requests is online
(bsc#1238307 CVE-2022-49411).
- blacklist.conf: Remove commit from blacklist
- commit 4daae62
- bfq: Track whether bfq_group is still online (bsc#1238307
CVE-2022-49411).
- commit e167d48
- ext4: fix OOB read when checking dotdot dir (bsc#1241640
CVE-2025-37785).
- commit 0093423
- filemap: Fix bounds checking in filemap_read() (bsc#1234209
CVE-2024-50272 bsc#1233461).
- commit e0c4cb2
- fs: relax assertions on failure to encode file handles
(bsc#1236086 CVE-2024-57924).
- commit ee1cce6
- Update references in patches.suse/ext4-fixup-pages-without-buffers.patch
(bsc#1205495 CVE-2022-49171 bsc#1238093).
- commit 3a68ec8
- tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005 bsc#1237873)
- commit 055cc9d
- nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
(bsc#1240714 CVE-2025-21927).
- commit 1b9235e
- bpf, selftests: Add verifier test case for imm=0,umin=0,umax=1
scalar (bsc#1238803 CVE-2022-49658).
- commit 76015e8
- bpf: Fix insufficient bounds propagation from
adjust_scalar_min_max_vals (bsc#1238803 CVE-2022-49658).
- commit a84c655
- dlm: prevent NPD when writing a positive value to event_done
(bsc#1241601 CVE-2025-23131).
- commit d96b67e
- PCI/ASPM: Fix link state exit during switch upstream function
removal (CVE-2024-58093 bsc#1241347).
- commit 323974a
- RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow (CVE-2025-22086 bsc#1241458)
- commit 9222451
- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour (CVE-2022-49335 bsc#1238377)
- commit 093b1d6
- drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj (CVE-2022-49137 bsc#1238155)
- commit c883f61
- printk: Fix signed integer overflow when defining
LOG_BUF_LEN_MAX (bsc#1237950 CVE-2024-58017 bsc#1239112).
- commit 7c45b05
- Test the correct macro to detect RT kernel build
Fixes: 470cd1a41502 ("kernel-binary: Support livepatch_rt with merged RT branch")
- commit 50e863e
- fou: fix initialization of grc (CVE-2024-46763 bsc#1230764).
- commit 34d05f5
- kernel-source: Also update the search to match bin/env
Fixes: dc2037cd8f94 ("kernel-source: Also replace bin/env"
- commit bae6b69
- drop_monitor: fix incorrect initialization order (CVE-2025-21862
bsc#1239474).
- net: openvswitch: fix leak of nested actions (CVE-2022-49086
bsc#1238037).
- commit 907826c
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
Both spellings are actually used
- rpm/check-for-config-changes: Add GCC_ASM_FLAG_OUTPUT_BROKEN
- commit d9e0b30
- fou: Fix null-ptr-deref in GRO (CVE-2024-46763 bsc#1230764).
- commit 87825b6
- net: fix geneve_opt length integer overflow (CVE-2025-22055
bsc#1241371).
- commit 7a515dd
- hwpoison, memory_hotplug: lock folio before unmap hwpoisoned
folio (CVE-2025-21931 bsc#1240709).
- commit 4b52623
- skbuff: introduce skb_pull_data (bsc#1235038 CVE-2024-56590).
- commit 4f3bce2
- rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
(CVE-2025-21635 bsc#1236111).
- commit 30122f9
- Bluetooth: hci_core: Fix not checking skb length on
hci_acldata_packet (bsc#1235038 CVE-2024-56590).
- commit 2b46315
- partitions: mac: fix handling of bogus partition table
(CVE-2025-21772 bsc#1238911).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is
aborted (CVE-2022-49730 bsc#1239070).
- scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp()
(CVE-2022-49521 bsc#1238938).
- scsi: lpfc: Fix call trace observed during I/O with CMF enabled
(CVE-2022-49537 bsc#1238930).
- scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
(CVE-2022-49534 bsc#1238893).
- scsi: lpfc: Fix null pointer dereference after failing to
issue FLOGI and PLOGI (CVE-2022-49535 bsc#1238937).
- commit 9071ce6
- scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock
(CVE-2022-49536 bsc#1238838).
- Refresh
patches.suse/scsi-lpfc-Validate-hdwq-pointers-before-dereferencin.patch.
- commit 1f1a811
- block, bfq: don't move oom_bfqq (CVE-2022-49179 bsc#1238092).
- commit 08606de
- drivers/base/node.c: fix compaction sysfs file leak (CVE-2022-49442 bsc#1238243)
- commit 769486d
- dmaengine: Fix double increment of client_count in dma_chan_get() (CVE-2022-49753 bsc#1240250)
- commit 8be64a3
- tcp: add accessors to read/set tp->snd_cwnd (CVE-2022-49325
bsc#1238398).
- Refresh
patches.suse/tcp-fix-tcp_mtup_probe_success-vs-wrong-snd_cwnd.patch.
- commit 00d8ac0
- rpm/kernel-binary.spec.in: Also order against update-bootloader
(boo#1228659, boo#1240785, boo#1241038).
- commit fe0a8c9
- net: altera: Fix refcount leak in altera_tse_mdio_create
(CVE-2022-49351 bsc#1237939).
- commit 3aeeb63
- rpm/package-descriptions: Add rt and rt_debug descriptions
- commit 09573c0
- mac80211: fix potential double free on mesh join (CVE-2022-49290 bsc#1238156)
- commit 1243bb0
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path (CVE-2024-58063 bsc#1238984)
- commit fac1ba9
- wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750 bsc#1238905)
- commit f37f3e1
- wifi: brcmfmac: use strreplace() in brcmf_of_probe() (bsc#1238905)
- commit af07444
- brcmfmac: of: remove redundant variable len (bsc#1238905)
- commit 990953e
- brcmfmac: of: Use devm_kstrdup for board_type & check for errors (bsc#1238905)
- commit d9e8c8a
- net: nfc: Fix use-after-free in local_cleanup() (CVE-2023-53023 bsc#1240309)
- commit f91c2a0
- i40e: Fix call trace in setup_tx_descriptors (CVE-2022-49725 bsc#1238016)
- commit 4f6a558
- net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926
bsc#1240712).
- commit 112bb59
- wifi: cfg80211: regulatory: improve invalid hints checking
(CVE-2025-21910 bsc#1240583).
- commit 2ad169d
- wifi: nl80211: reject cooked mode if it is set along with
other flags (CVE-2025-21909 bsc#1240590).
- commit b2acee6
- net: atm: fix use after free in lec_send() (CVE-2025-22004
bsc#1240835).
- commit cc63f73
- drm/plane: Move range check for format_count earlier (CVE-2021-47659 bsc#1237839)
- commit cc111ee
- dm integrity: fix memory corruption when tag_size is less than digest size (CVE-2022-49044 bsc#1237840)
- commit be90f4e
- net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() (CVE-2022-49060 bsc#1237845)
- commit 867ee3a
- drm/amdkfd: Check for potential null return of kmalloc_array() (CVE-2022-49055 bsc#1237868)
- commit afbd83d
- driver: base: fix UAF when driver_attach failed (CVE-2022-49385 bsc#1237951)
- commit 3dcc3aa
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (CVE-2022-49693 bsc#1237954)
- commit d40fafb
- PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (CVE-2022-49668 bsc#1237957)
- commit fff3251
- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (CVE-2022-49478 bsc#1238000)
- commit 5c8c17f
- media: cx25821: Fix the warning when removing the module (CVE-2022-49525 bsc#1238022)
- commit 8b2ba54
- scsi: lpfc: Move cfg_log_verbose check before calling
lpfc_dmp_dbg() (CVE-2022-49542 bsc#1238722).
- commit 2fbb1a4
- scsi: pm8001: Fix tag leaks on error (CVE-2022-49121
bsc#1237926).
- Refresh
patches.suse/scsi-pm8001-Fix-memory-leak-in-pm8001_chip_fw_flash_.patch.
- commit 1183fb2
- block: fix integer overflow in BLKSECDISCARD (CVE-2024-49994
bsc#1237757).
- scsi: lpfc: Inhibit aborts if external loopback plug is inserted
(CVE-2022-49504 bsc#1238835).
- scsi: hisi_sas: Free irq vectors in order for v3 HW
(CVE-2022-49118 bsc#1237979).
- bfq: fix use-after-free in bfq_dispatch_request (CVE-2022-49176
bsc#1238097).
- commit 61a23eb
- Refresh
patches.suse/net-usb-usbnet-restore-usb-d-name-exception-for-loca.patch.
Patch has been accepted upstream. Moving to correct section.
- commit 44e2f7a
- drm/amd/display: Assign normalized_pix_clk when color depth = 14 (bsc#1240739 CVE-2025-21956)
- commit 8258112
- regulator: check that dummy regulator has been probed before
using it (CVE-2025-22008 bsc#1240942).
- commit e222593
- drm/amd/display: Fix null check for pipe_ctx->plane_state in (bsc#1240701 CVE-2025-21941)
- commit 4fd9018
- blk-throttle: Set BIO_THROTTLED when bio has been throttled
(CVE-2022-49465 bsc#1238919).
- commit 885f88f
- usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981 bsc#1237912)
- commit a6014fc
- media: uvcvideo: Fix double free in error path (CVE-2024-57980 bsc#1237911)
- commit c75a886
- NFC: nci: Add bounds checking in nci_hci_create_pipe() (CVE-2025-21735 bsc#1238497)
- commit 1703ca8
- drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() (CVE-2024-52559 bsc#1238507)
- commit 151c011
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (CVE-2024-58009 bsc#1238760)
- commit f77505b
- KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel (CVE-2025-21779 bsc#1238768)
- commit c0bacb1
- netfilter: xtables: fix typo causing some targets not to load
on IPv6 (CVE-2024-50038 bsc#1231910).
- netfilter: xtables: avoid NFPROTO_UNSPEC where needed
(CVE-2024-50038 bsc#1231910).
- commit 758059b
- rpm/check-for-config-changes: add LD_CAN_ to IGNORED_CONFIGS_RE
We now have LD_CAN_USE_KEEP_IN_OVERLAY since commit:
e7607f7d6d81 ARM: 9443/1: Require linker to support KEEP within OVERLAY for DCE
- commit 7b55ff2
- RDMA/hns: Fix soft lockup during bt pages loop (CVE-2025-22010 bsc#1240943)
- commit 4f43f30
- rpm/kernel-binary.spec.in: Use OrderWithRequires (boo#1228659 boo#1241038).
OrderWithRequires was introduced in rpm 4.9 (ie. SLE12+) to allow
a package to inform the order of installation of other package without
hard requiring that package. This means our kernel-binary packages no
longer need to hard require perl-Bootloader or dracut, resolving the
long-commented issue there. This is also needed for udev & systemd-boot
to ensure those packages are installed before being called by dracut
(boo#1228659)
- commit 634be2c
- i2c: designware: use casting of u64 in clock multiplication to avoid overflow (CVE-2022-49749 bsc#1240243)
- commit 8e8de37
- HID: appleir: Fix potential NULL dereference at raw event handle (CVE-2025-21948 bsc#1240703)
- commit 00a5124
- scsi: qla1280: Fix kernel oops when debug level > 2 (CVE-2025-21957 bsc#1240742)
- commit bd23d83
- net: let net.core.dev_weight always be non-zero (CVE-2025-21806 bsc#1238746)
- commit f158377
- net: Fix data-races around weight_p and dev_weight_[rt]x_bias (bsc#1238746)
- commit f948447
- python-base
-
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- python-instance-billing-flavor-check
-
- Update to version 1.0.1
+ Fix infinite loop (bsc#1242064)
+ Fix bug in update infrastructure request (bsc#1242064)
- coreutils
-
- coreutils-9.7-sort-CVE-2025-5278.patch: Add upstream patch:
sort with key character offsets of SIZE_MAX, could induce
a read of 1 byte before an allocated heap buffer.
(CVE-2025-5278, bsc#1243767)
- systemd
-
- Apply coredump sysctl settings on systemd package updates/removals.
- Add 6007-coredump-use-d-in-kernel-core-pattern.patch (bsc#1243935 CVE-2025-4598)
- kbd
-
- Don't search for resources in the current directory. It can cause
unwanted side effects or even infinite loop (bsc#1237230,
kbd-ignore-working-directory-1.patch,
kbd-ignore-working-directory-2.patch,
kbd-ignore-working-directory-3.patch).
- screen
-
- also use tty fd passing after a suspend (MSG_CONT)
new patch: sendfdcont.diff
- do not chmod the tty for multiattach, rely on tty fd passing
instead [bsc#1242269] [CVE-2025-46802]
new patch: nottychmod.diff
- perl
-
- do not change the current directory when cloning an open
directory handle [bnc#1244079] [CVE-2025-40909]
new patch: perl-dirdup.diff
- vim
-
- Fix bsc#1228776 / CVE-2024-41965.
- Fix bsc#1239602 / CVE-2025-29768.
- Refresh patch:
vim-7.3-sh_is_bash.patch
- Update to 9.1.1406:
9.1.1406: crash when importing invalid tuple
9.1.1405: tests: no test for mapping with special keys in session file
9.1.1404: wrong link to Chapter 2 in new-tutor
9.1.1403: expansion of 'tabpanelopt' value adds wrong values
9.1.1402: multi-byte mappings not properly stored in session file
9.1.1401: list not materialized in prop_list()
9.1.1400: [security]: use-after-free when evaluating tuple fails
9.1.1399: tests: test_codestyle fails for auto-generated files
9.1.1398: completion: trunc does not follow Pmenu highlighting attributes
9.1.1397: tabpanel not correctly updated on :tabonly
9.1.1396: 'errorformat' is a global option
9.1.1395: search_stat not reset when pattern differs in case
9.1.1394: tabpanel not correctly redrawn on tabonly
9.1.1393: missing test for switching buffers and reusing curbuf
9.1.1392: missing patch number
9.1.1391: Vim does not have a vertical tabpanel
9.1.1390: style: more wrong indentation
9.1.1389: completion: still some issue when 'isexpand' contains a space
9.1.1388: Scrolling one line too far with 'nosmoothscroll' page scrolling
9.1.1387: memory leak when buflist_new() fails to reuse curbuf
9.1.1386: MS-Windows: some minor problems building on AARCH64
9.1.1385: inefficient loop for 'nosmoothscroll' scrolling
9.1.1384: still some problem with the new tutors filetype plugin
9.1.1383: completion: 'isexpand' option does not handle space char correct
9.1.1382: if_ruby: unused compiler warnings from ruby internals
9.1.1381: completion: cannot return to original text
9.1.1380: 'eventignorewin' only checked for current buffer
9.1.1379: MS-Windows: error when running evim when space in path
9.1.1378: sign without text overwrites number option
9.1.1377: patch v9.1.1370 causes some GTK warning messages
9.1.1376: quickfix dummy buffer may remain as dummy buffer
9.1.1375: [security]: possible heap UAF with quickfix dummy buffer
9.1.1374: completion: 'smartcase' not respected when filtering matches
9.1.1373: 'completeopt' checking logic can be simplified
9.1.1372: style: braces issues in various files
9.1.1371: style: indentation and brace issues in insexpand.c
9.1.1370: CI Tests favor GTK2 over GTK3
9.1.1369: configure still using autoconf 2.71
9.1.1368: GTK3 and GTK4 will drop numeric cursor support.
9.1.1367: too many strlen() calls in gui.c
9.1.1366: v9.1.1364 unintentionally changed sign.c and sound.c
9.1.1365: MS-Windows: compile warnings and too many strlen() calls
9.1.1364: style: more indentation issues
9.1.1363: style: inconsistent indentation in various files
9.1.1362: Vim9: type ignored when adding tuple to instance list var
9.1.1361: [security]: possible use-after-free when closing a buffer
9.1.1360: filetype: GNU Radio companion files are not recognized
9.1.1359: filetype: GNU Radio config files are not recognized
9.1.1358: if_lua: compile warnings with gcc15
9.1.1357: Vim incorrectly escapes tags with "[" in a help buffer
9.1.1356: Vim9: crash when unletting variable
9.1.1355: The pum_redraw() function is too complex
9.1.1354: tests: Test_terminalwinscroll_topline() fails on Windows
9.1.1353: missing change from v9.1.1350
9.1.1352: style: inconsistent indent in insexpand.c
9.1.1351: Return value of getcmdline() inconsistent in CmdlineLeavePre
9.1.1350: tests: typo in Test_CmdlineLeavePre_cabbr()
9.1.1349: CmdlineLeavePre may trigger twice
9.1.1348: still E315 with the terminal feature
9.1.1347: small problems with gui_w32.c
9.1.1346: missing out-of-memory check in textformat.c
9.1.1345: tests: Test_xxd_color2() test failure dump diff is misleading
9.1.1344: double free in f_complete_match() (after v9.1.1341)
9.1.1343: filetype: IPython files are not recognized
9.1.1342: Shebang filetype detection can be improved
9.1.1341: cannot define completion triggers
9.1.1340: cannot complete :filetype arguments
9.1.1339: missing out-of-memory checks for enc_to_utf16()/utf16_to_enc()
9.1.1338: Calling expand() interferes with cmdcomplete_info()
9.1.1337: Undo corrupted with 'completeopt' "preinsert" when switching buffer
9.1.1336: comment plugin does not support case-insensitive 'commentstring'
9.1.1335: Coverity complains about Null pointer dereferences
9.1.1334: Coverity complains about unchecked return value
9.1.1333: Coverity: complains about unutilized variable
9.1.1332: Vim9: segfault when using super within a lambda
9.1.1331: Leaking memory with cmdcomplete()
9.1.1330: may receive E315 in terminal
9.1.1329: cannot get information about command line completion
9.1.1328: too many strlen() calls in indent.c
9.1.1327: filetype: nroff detection can be improved
9.1.1326: invalid cursor position after 'tagfunc'
9.1.1325: tests: not checking error numbers properly
9.1.1324: undefined behaviour if X11 connection dies
9.1.1323: b:undo_ftplugin not executed when re-using buffer
9.1.1322: small delete register cannot paste multi-line correctly
9.1.1321: filetype: MS ixx and mpp files are not recognized
9.1.1320: filetype: alsoft config files are not recognized
9.1.1319: Various typos in the code, issue with test_inst_complete.vim
9.1.1318: tests: test_format fails
9.1.1317: noisy error when restoring folds from session fails
9.1.1316: missing memory allocation failure in os_mswin.c
9.1.1315: completion: issue with fuzzy completion and 'completefuzzycollect'
9.1.1314: max allowed string width too small
9.1.1313: compile warning about uninitialized value
9.1.1312: tests: Test_backupskip() fails when HOME is defined
9.1.1311: completion: not possible to limit number of matches
9.1.1310: completion: redundant check for preinsert effect
9.1.1309: tests: no test for 'pummaxwidth' with non-truncated "kind"
9.1.1308: completion: cannot order matches by distance to cursor
9.1.1307: make syntax does not reliably detect different flavors
9.1.1306: completion menu rendering can be improved
9.1.1305: completion menu active after switching windows/tabs
9.1.1304: filetype: some man files are not recognized
9.1.1303: missing out-of-memory check in linematch.c
9.1.1302: Coverity warns about using uninitialized value
9.1.1301: completion: cannot configure completion functions with 'complete'
9.1.1300: wrong detection of -inf
9.1.1299: filetype: mbsyncrc files are not recognized
9.1.1298: define_function() is too long
9.1.1297: Ctrl-D scrolling can get stuck
9.1.1296: completion: incorrect truncation logic
9.1.1295: clientserver: does not handle :stopinsert correctly
9.1.1294: gui tabline menu does not use confirm when closing tabs
9.1.1293: comment plugin does not handle 'exclusive' selection for comment object
9.1.1292: statusline not correctly evaluated
9.1.1291: too many strlen() calls in buffer.c
9.1.1290: tests: missing cleanup in test_filetype.vim
9.1.1289: tests: no test for matchparen plugin with WinScrolled event
9.1.1288: Using wrong window in ll_resize_stack()
9.1.1287: quickfix code can be further improved
9.1.1286: filetype: help files not detected when 'iskeyword' includes ":"
9.1.1285: Vim9: no error message for missing method after "super."
9.1.1284: not possible to configure pum truncation char
9.1.1283: quickfix stack is limited to 10 items
9.1.1282: Build and test failure without job feature
9.1.1281: extra newline output when editing stdin
9.1.1280: trailing additional semicolon in get_matches_in_str()
9.1.1279: Vim9: null_object and null_class are no reserved names
9.1.1278: Vim9: too long functions in vim9type.c
9.1.1277: tests: trailing comment char in test_popupwin
9.1.1276: inline word diff treats multibyte chars as word char
9.1.1275: MS-Windows: Not possible to pass additional flags to Make_mvc
9.1.1274: Vim9: no support for object<type> as variable type
9.1.1273: Coverity warns about using uninitialized value
9.1.1272: completion: in keyword completion Ctrl_P cannot go back after Ctrl_N
9.1.1271: filetype: Power Query files are not recognized
9.1.1270: missing out-of-memory checks in buffer.c
9.1.1269: completion: compl_shown_match is updated when starting keyword completion
9.1.1268: filetype: dax files are not recognized
9.1.1267: Vim9: no support for type list/dict<object<any>>
9.1.1266: MS-Windows: type conversion warnings
9.1.1265: tests: no tests for typing normal char during completion
9.1.1264: Vim9: error when comparing objects
9.1.1263: string length wrong in get_last_inserted_save()
9.1.1262: heap-buffer-overflow with narrow 'pummaxwidth' value
9.1.1261: No test for 'pummaxwidth' non-truncated items
9.1.1260: Hang when filtering buffer with NUL bytes
9.1.1259: some issues with comment package and tailing spaces
9.1.1258: regexp: max \U and \%U value is limited by INT_MAX
9.1.1257: Mixing vim_strsize() with mb_ptr2cells() in pum_redraw()
9.1.1256: if_python: duplicate tuple data entries
9.1.1255: missing test condition for 'pummaxwidth' setting
9.1.1254: need more tests for the comment plugin
9.1.1253: abort when closing window with attached quickfix data
9.1.1252: typos in code and docs related to 'diffopt' "inline:"
9.1.1251: if_python: build error with tuples and dynamic python
9.1.1250: cannot set the maximum popup menu width
9.1.1249: tests: no test that 'listchars' "eol" doesn't affect "gM"
9.1.1248: compile error when building without FEAT_QUICKFIX
9.1.1247: fragile setup to get (preferred) keys from key_name_entry
9.1.1246: coverity complains about some changes in v9.1.1243
9.1.1245: need some more tests for curly braces evaluation
9.1.1244: part of patch v9.1.1242 was wrong
9.1.1243: diff mode is lacking for changes within lines
9.1.1242: Crash when evaluating variable name
9.1.1241: wrong preprocessort indentation in term.c
9.1.1240: Regression with ic/ac text objects and comment plugin
9.1.1239: if_python: no tuple data type support
9.1.1238: wrong cursor column with 'set splitkeep=screen'
9.1.1237: Compile error with C89 compiler in term.c
9.1.1236: tests: test_comments leaves swapfiles around
9.1.1235: cproto files are outdated
9.1.1234: Compile error when SIZE_MAX is not defined
9.1.1233: Coverity warns about NULL pointer when triggering WinResized
9.1.1232: Vim script is missing the tuple data type
9.1.1231: filetype: SPA JSON files are not recognized
9.1.1230: inconsistent CTRL-C behaviour for popup windows
9.1.1229: the comment plugin can be improved
9.1.1228: completion: current position column wrong after got a match
9.1.1227: no tests for the comment package
9.1.1226: "shellcmdline" completion doesn't work with input()
9.1.1225: extra NULL check in VIM_CLEAR()
9.1.1224: cannot :put while keeping indent
9.1.1223: wrong translation used for encoding failures
9.1.1222: using wrong length for last inserted string
9.1.1221: Wrong cursor pos when leaving Insert mode just after 'autoindent'
9.1.1220: filetype: uv.lock file not recognized
9.1.1219: Strange error with wrong type for matchfuzzy() "camelcase"
9.1.1218: missing out-of-memory check in filepath.c
9.1.1217: tests: typos in test_matchfuzzy.vim
9.1.1216: Pasting the '.' register multiple times may not work
9.1.1215: Patch 9.1.1213 has some issues
9.1.1214: matchfuzzy() can be improved for camel case matches
9.1.1213: cannot :put while keeping indent
9.1.1212: too many strlen() calls in edit.c
9.1.1212: filetype: logrotate'd pacmanlogs are not recognized
9.1.1211: TabClosedPre is triggered just before the tab is being freed
9.1.1210: translation(ru): missing Russian translation for the new tutor
9.1.1209: colorcolumn not drawn after virtual text lines
9.1.1208: MS-Windows: not correctly restoring alternate screen on Win 10
9.1.1207: MS-Windows: build warning in filepath.c
9.1.1206: tests: test_filetype fails when a file is a directory
9.1.1205: completion: preinserted text not removed when closing pum
9.1.1204: MS-Windows: crash when passing long string to expand()
9.1.1203: matchparen keeps cursor on case label in sh filetype
9.1.1202: Missing TabClosedPre autocommand
9.1.1201: 'completefuzzycollect' does not handle dictionary correctly
9.1.1200: cmdline pum not cleared for input() completion
9.1.1199: gvim uses hardcoded xpm icon file
9.1.1198: [security]: potential data loss with zip.vim
9.1.1197: process_next_cpt_value() uses wrong condition
9.1.1196: filetype: config files for container tools are not recognized
9.1.1195: inside try-block: fn body executed with default arg undefined
9.1.1194: filetype: false positive help filetype detection
9.1.1193: Unnecessary use of STRCAT() in au_event_disable()
9.1.1192: Vim crashes with term response debug logging enabled
9.1.1191: tests: test for patch 9.1.1186 doesn't fail without the patch
9.1.1190: C indentation does not detect multibyte labels
9.1.1189: if_python: build error due to incompatible pointer types
9.1.1188: runtime(tera): tera support can be improved
9.1.1187: matchparen plugin wrong highlights shell case statement
9.1.1186: filetype: help files in git repos are not detected
9.1.1185: endless loop with completefuzzycollect and no match found
9.1.1184: Unnecessary use of vim_tolower() in vim_strnicmp_asc()
9.1.1083: "above" virtual text breaks cursorlineopt=number
9.1.1182: No cmdline completion for 'completefuzzycollect'
9.1.1181: Unnecessary STRLEN() calls in insexpand.c
9.1.1180: short-description
9.1.1179: too many strlen() calls in misc2.c
9.1.1178: not possible to generate completion candidates using fuzzy matching
9.1.1177: filetype: tera files not detected
- sudo
-
- Fix a possilbe local privilege escalation via the --host option
[bsc#1245274, CVE-2025-32462]
- libssh
-
- Fix CVE-2025-5318: Likely read beyond bounds in sftp server handle management (bsc#1245311)
* Add patch libssh-CVE-2025-5318.patch
- Fix CVE-2025-4877: Write beyond bounds in binary to base64 conversion functions (bsc#1245309)
* Add patch libssh-CVE-2025-4877.patch
- Fix CVE-2025-4878: Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* Add patches:
- libssh-CVE-2025-4878-1.patch
- libssh-CVE-2025-4878-2.patch
- Fix CVE-2025-5372: ssh_kdf() returns a success code on certain failures (bsc#1245314)
* Add patch libssh-CVE-2025-5372.patch
- python3-requests
-
- Add CVE-2024-47081.patch upstream patch, fixes netrc credential leak
(gh#psf/requests#6965, CVE-2024-47081, bsc#1244039)
- pam-config
-
- Stop adding pam_env in AUTH stack, and be sure to put this module at the
really end of the SESSION stack.
[bsc#1243226, CVE-2025-6018, remove-pam_env-from-auth-stack.patch]
- python-azure-agent
-
- Set AutoUpdate.UpdateToLatestVersion=n in /etc/waagent.conf
(bsc#1244933)
- augeas
-
- Add patch, fix for bsc#1239909 / CVE-2025-2588:
* CVE-2025-2588.patch
- glib2
-
- Add glib2-CVE-2025-4373.patch: carefully handle gssize parameters
(bsc#1242844 CVE-2025-4373 glgo#GNOME/glib#3677).
- python36
-
- Add CVE-2025-4435-normalize-lnk-trgts-tarfile.patch
Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138,
CVE-2024-12718, CVE-2025-4435 on tarfile (bsc#1244032,
bsc#1244061, bsc#1244059, bsc#1244060, bsc#1244056).
The backported fixes do not contain changes for ntpath.py and
related tests, because the support for symlinks and junctions
were added later in Python 3.9, and it does not make sense to
backport them to 3.6 here.
The patch is contains the following changes:
- python@42deeab fixes symlink handling for tarfile.data_filter
- python@9d2c2a8 fixes handling of existing files/symlinks in tarfile
- python@00af979 adds a new "strict" argument to realpath()
- python@dd8f187 fixes mulriple CVE fixes in the tarfile module
- downstream only fixes that makes the changes work and
compatible with Python 3.6
- Add CVE-2025-6069-quad-complex-HTMLParser.patch to avoid worst
case quadratic complexity when processing certain crafted
malformed inputs with HTMLParser (CVE-2025-6069, bsc#1244705).
- Add python36-* provides/obsoletes to enable SLE-12 -> SLE-15
migration, bsc#1233012
- Add ipaddress-update-pr60.patch from gh#phihag/ipaddress!60 to
update vendored ipaddress module to 3.8 equivalent
- Add gh-128840_parse-IPv6-with-emb-IPv4.patch to limit buffer
size for IPv6 address parsing (gh#python/cpython#128840,
bsc#1244401).
- Update CVE-2025-4516-DecodeError-handler.patch not to break
_PyBytes_DecodeEscape signature.
- Add CVE-2025-4516-DecodeError-handler.patch fixing
CVE-2025-4516 (bsc#1243273) blocking DecodeError handling
vulnerability, which could lead to DoS.
- python-setuptools
-
- Add patch CVE-2025-47273.patch to fix A path traversal
vulnerability.
(bsc#1243313, CVE-2025-47273, gh#pypa/setuptools@250a6d17978f)
- mozilla-nss
-
- update to NSS 3.112
* bmo#1963792 - Fix alias for mac workers on try
* bmo#1966786 - ensure all options can be configured with SSL_OptionSet and SSL_OptionSetDefault
* bmo#1931930 - ABI/API break in ssl certificate processing
* bmo#1955971 - remove unnecessary assertion in sec_asn1d_init_state_based_on_template
* bmo#1965754 - update taskgraph to v14.2.1
* bmo#1964358 - Workflow for automation of the release on GitHub when pushing a tag
* bmo#1952860 - fix faulty assertions in SEC_ASN1DecoderUpdate
* bmo#1934877 - Renegotiations should use a fresh ECH GREASE buffer
* bmo#1951396 - update taskgraph to v14.1.1
* bmo#1962503 - Partial fix for ACVP build CI job
* bmo#1961827 - Initialize find in sftk_searchDatabase
* bmo#1963121 - Add clang-18 to extra builds
* bmo#1963044 - Fault tolerant git fetch for fuzzing
* bmo#1962556 - Tolerate intermittent failures in ssl_policy_pkix_ocsp
* bmo#1962770 - fix compiler warnings when DEBUG_ASN1D_STATES or CMSDEBUG are set
* bmo#1961835 - fix content type tag check in NSS_CMSMessage_ContainsCertsOrCrls
* bmo#1963102 - Remove Cryptofuzz CI version check
- update to NSS 3.111
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1957685 - Turn off Websites Trust Bit from CAs
* bmo#1937338 - Update nssckbi version following April 2025 Batch of Changes
* bmo#1943135 - Disable SMIME ‘trust bit’ for GoDaddy CAs
* bmo#1874383 - Replaced deprecated sprintf function with snprintf in dbtool.c
* bmo#1954612 - Need up update NSS for PKCS 3.1
* bmo#1773374 - avoid leaking localCert if it is already set in ssl3_FillInCachedSID
* bmo#1953097 - Decrease ASAN quarantine size for Cryptofuzz in CI
* bmo#1943962 - selfserv: Add support for zlib certificate compression
- update to NSS 3.110
* bmo#1930806 - FIPS changes need to be upstreamed: force ems policy
* bmo#1954724 - Prevent excess allocations in sslBuffer_Grow
* bmo#1953429 - Remove Crl templates from ASN1 fuzz target
* bmo#1953429 - Remove CERT_CrlTemplate from ASN1 fuzz target
* bmo#1952855 - Fix memory leak in NSS_CMSMessage_IsSigned
* bmo#1930807 - NSS policy updates
* bmo#1951161 - Improve locking in nssPKIObject_GetInstances
* bmo#1951394 - Fix race in sdb_GetMetaData
* bmo#1951800 - Fix member access within null pointer
* bmo#1950077 - Increase smime fuzzer memory limit
* bmo#1949677 - Enable resumption when using custom extensions
* bmo#1952568 - change CN of server12 test certificate
* bmo#1949118 - Part 2: Add missing check in
NSS_CMSDigestContext_FinishSingle
* bmo#1949118 - Part 1: Fix smime UBSan errors
* bmo#1930806 - FIPS changes need to be upstreamed: updated key checks
* bmo#1951491 - Don't build libpkix in static builds
* bmo#1951395 - handle `-p all` in try syntax
* bmo#1951346 - fix opt-make builds to actually be opt
* bmo#1951346 - fix opt-static builds to actually be opt
* bmo#1916439 - Remove extraneous assert
- Removed upstreamed nss-fips-stricter-dh.patch
- Added bmo1962556.patch to fix test failures
- Rebased nss-fips-approved-crypto-non-ec.patch nss-fips-combined-hash-sign-dsa-ecdsa.patch
- update to NSS 3.109
* bmo#1939512 - Call BL_Init before RNG_RNGInit() so that special
SHA instructions can be used if available
* bmo#1930807 - NSS policy updates - fix inaccurate key policy issues
* bmo#1945883 - SMIME fuzz target
* bmo#1914256 - ASN1 decoder fuzz target
* bmo#1936001 - Part 2: Revert “Extract testcases from ssl gtests
for fuzzing”
* bmo#1915155 - Add fuzz/README.md
* bmo#1936001 - Part 4: Fix tstclnt arguments script
* bmo#1944545 - Extend pkcs7 fuzz target
* bmo#1912320 - Extend certDN fuzz target
* bmo#1944300 - revert changes to HACL* files from bug 1866841
* bmo#1936001 - Part 3: Package frida corpus script
- update to NSS 3.108
* bmo#1923285 - libclang-16 -> libclang-19
* bmo#1939086 - Turn off Secure Email Trust Bit for Security
Communication ECC RootCA1
* bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root
CA1 and BJCA Global Root CA2
* bmo#1915902 - Remove SwissSign Silver CA – G2
* bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS
* bmo#1942301 - fix fips test failure on windows
* bmo#1935925 - change default sensitivity of KEM keys
* bmo#1936001 - Part 1: Introduce frida hooks and script
* bmo#1942350 - add missing arm_neon.h include to gcm.c
* bmo#1831552 - ci: update windows workers to win2022
* bmo#1831552 - strip trailing carriage returns in tools tests
* bmo#1880256 - work around unix/windows path translation issues
in cert test script
* bmo#1831552 - ci: let the windows setup script work without $m
* bmo#1880255 - detect msys
* bmo#1936680 - add a specialized CTR_Update variant for AES-GCM
* bmo#1930807 - NSS policy updates
* bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG
* bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero
* bmo#1930806 - FIPS changes need to be upstreamed - updated POST
* bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing
* bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality
* bmo#1935984 - Ensure zero-initialization of collectArgs.cert
* bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate
* bmo#1915898 - Fix actual underlying ODR violations issue
* bmo#1184059 - mozilla::pkix: allow reference ID labels to begin
and/or end with hyphens
* bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if
NSS_DISABLE_DBM is set
* bmo#1934526 - Fix memory leak in pkcs7 fuzz target
* bmo#1934529 - Set -O2 for ASan builds in CI
* bmo#1934543 - Change branch of tlsfuzzer dependency
* bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1
* bmo#1934241 - Fix coverage failure in CI
* bmo#1934213 - Add fuzzing for delegated credentials, DTLS short
header and Tls13BackendEch
* bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and
SSL_SetDtls13VersionWorkaround
* bmo#1913677 - Part 3: Restructure fuzz/
* bmo#1931925 - Extract testcases from ssl gtests for fuzzing
* bmo#1923037 - Force Cryptofuzz to use NSS in CI
* bmo#1923037 - Fix Cryptofuzz on 32 bit in CI
* bmo#1933154 - Update Cryptofuzz repository link
* bmo#1926256 - fix build error from 9505f79d
* bmo#1926256 - simplify error handling in get_token_objects_for_cache
* bmo#1931973 - nss doc: fix a warning
* bmo#1930797 - pkcs12 fixes from RHEL need to be picked up
- remove obsolete patches
* nss-fips-safe-memset.patch
* nss-bmo1930797.patch
- update to NSS 3.107
* bmo#1923038 - Remove MPI fuzz targets.
* bmo#1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
* bmo#1919015 - Enable PKCS8 fuzz target.
* bmo#1923037 - Integrate Cryptofuzz in CI.
* bmo#1913677 - Part 2: Set tls server target socket options in config class
* bmo#1913677 - Part 1: Set tls client target socket options in config class
* bmo#1913680 - Support building with thread sanitizer.
* bmo#1922392 - set nssckbi version number to 2.72.
* bmo#1919913 - remove Websites Trust Bit from Entrust Root
Certification Authority - G4.
* bmo#1920641 - remove Security Communication RootCA3 root cert.
* bmo#1918559 - remove SecureSign RootCA11 root cert.
* bmo#1922387 - Add distrust-after for TLS to Entrust Roots.
* bmo#1927096 - update expected error code in pk12util pbmac1 tests.
* bmo#1929041 - Use random tstclnt args with handshake collection script
* bmo#1920466 - Remove extraneous assert in ssl3gthr.c.
* bmo#1928402 - Adding missing release notes for NSS_3_105.
* bmo#1874451 - Enable the disabled mlkem tests for dtls.
* bmo#1874451 - NSS gtests filter cleans up the constucted buffer
before the use.
* bmo#1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
* bmo#1925503 - Remove short circuit test from ssl_Init.
- fix build on loongarch64 (setting it as 64bit arch)
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
- update to NSS 3.105
* bmo#1915792 - Allow importing PKCS#8 private EC keys missing public key
* bmo#1909768 - UBSAN fix: applying zero offset to null pointer in sslsnce.c
* bmo#1919577 - set KRML_MUSTINLINE=inline in makefile builds
* bmo#1918965 - Don't set CKA_SIGN for CKK_EC_MONTGOMERY private keys
* bmo#1918767 - override default definition of KRML_MUSTINLINE
* bmo#1916525 - libssl support for mlkem768x25519
* bmo#1916524 - support for ML-KEM-768 in softoken and pk11wrap
* bmo#1866841 - Add Libcrux implementation of ML-KEM 768 to FreeBL
* bmo#1911912 - Avoid misuse of ctype(3) functions
* bmo#1917311 - part 2: run clang-format
* bmo#1917311 - part 1: upgrade to clang-format 13
* bmo#1916953 - clang-format fuzz
* bmo#1910370 - DTLS client message buffer may not empty be on retransmit
* bmo#1916413 - Optionally print config for TLS client and server
fuzz target
* bmo#1916059 - Fix some simple documentation issues in NSS.
* bmo#1915439 - improve performance of NSC_FindObjectsInit when
template has CKA_TOKEN attr
* bmo#1912828 - define CKM_NSS_ECDHE_NO_PAIRWISE_CHECK_KEY_PAIR_GEN
- Fix build error under Leap by rebasing nss-fips-safe-memset.patch.
- update to NSS 3.104
* bmo#1910071 - Copy original corpus to heap-allocated buffer
* bmo#1910079 - Fix min ssl version for DTLS client fuzzer
* bmo#1908990 - Remove OS2 support just like we did on NSPR
* bmo#1910605 - clang-format NSS improvements
* bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
* bmo#1908990 - removing dirent.c from build
* bmo#1902078 - Allow handing in keymaterial to shlibsign to make
the output reproducible
* bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
* bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
openunix, sco, unixware or reliantUnix
* bmo#1908990 - remove mentions of WIN95
* bmo#1908990 - remove mentions of WIN16
* bmo#1913750 - More explicit directory naming
* bmo#1913755 - Add more options to TLS server fuzz target
* bmo#1913675 - Add more options to TLS client fuzz target
* bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
* bmo#1908012 - set nssckbi version number to 2.70.
* bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
* bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
* bmo#1908006 - Add Cybertrust Japan Roots to NSS.
* bmo#1908004 - Add Taiwan CA Roots to NSS.
* bmo#1911354 - remove search by decoded serial in
nssToken_FindCertificateByIssuerAndSerialNumber
* bmo#1913132 - Fix tstclnt CI build failure
* bmo#1913047 - vfyserv: ensure peer cert chain is in db for
CERT_VerifyCertificateNow
* bmo#1912427 - Enable all supported protocol versions for UDP
* bmo#1910361 - Actually use random PSK hash type
* bmo#1911576 - Initialize NSS DB once
* bmo#1910361 - Additional ECH cipher suites and PSK hash types
* bmo#1903604 - Automate corpus file generation for TLS client Fuzzer
* bmo#1910364 - Fix crash with UNSAFE_FUZZER_MODE
* bmo#1910605 - clang-format shlibsign.c
- remove obsolete nss-reproducible-builds.patch
- update to NSS 3.103
* bmo#1908623 - move list size check after lock acquisition in sftk_PutObjectToList.
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_POST_HANDSHAKE_AUTH,
* bmo#1909638 - Follow-up to fix test for presence of file nspr.patch.
* bmo#1903783 - Adjust libFuzzer size limits
* bmo#1899542 - Add fuzzing support for SSL_SetCertificateCompressionAlgorithm,
SSL_SetClientEchConfigs, SSL_VersionRangeSet and SSL_AddExternalPsk
* bmo#1899542 - Add fuzzing support for SSL_ENABLE_GREASE and
SSL_ENABLE_CH_EXTENSION_PERMUTATION
- Add nss-reproducible-builds.patch to make the rpms reproducible,
by using a hardcoded, static key to generate the checksums (*.chk-files)
- Updated nss-fips-approved-crypto-non-ec.patch to enforce
approved curves with the CKK_EC_MONTGOMERY key type (bsc#1224113).
- update to NSS 3.102.1
* bmo#1905691 - ChaChaXor to return after the function
- update to NSS 3.102
* bmo#1880351 - Add Valgrind annotations to freebl Chacha20-Poly1305.
* bmo#1901932 - missing sqlite header.
* bmo#1901080 - GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* bmo#1615298 - improve certutil keyUsage, extKeyUsage, and nsCertType keyword handling.
* bmo#1660676 - correct length of raw SPKI data before printing in pp utility.
- Add nss-reproducible-chksums.patch to make NSS-build reproducible
Use key from openssl (bsc#1081723)
- Updated nss-fips-approved-crypto-non-ec.patch to exclude the
SHA-1 hash from SLI approval.