- curl
-
- Security fixes:
* CVE-2026-1965: Bad reuse of HTTP Negotiate connection (bsc#1259362)
* CVE-2026-3783: Token leak with redirect and netrc (bsc#1259363)
* CVE-2026-3784: Wrong proxy connection reuse with credentials (bsc#1259364)
* CVE-2026-3805: Use after free in SMB connection reuse (bsc#1259365)
* Add patches:
- curl-CVE-2026-1965.patch
- curl-CVE-2026-3783.patch
- curl-CVE-2026-3784.patch
- curl-CVE-2026-3805.patch
- Security fix: [bsc#1256105, CVE-2025-14017]
* call ldap_init() before setting the options
* Add patch curl-CVE-2025-14017.patch
- Security fixes:
* [bsc#1255731, CVE-2025-14524] if redirected, require permission to use bearer
* [bsc#1255734, CVE-2025-15224] require private key or user-agent for public key auth
* [bsc#1255732, CVE-2025-14819] toggling CURLSSLOPT_NO_PARTIALCHAIN makes a different CA cache
* [bsc#1255733, CVE-2025-15079] set both knownhosts options to the same file
* Add patches:
- curl-CVE-2025-14524.patch
- curl-CVE-2025-15224.patch
- curl-CVE-2025-14819.patch
- curl-CVE-2025-15079.patch
- docker
-
- Places a hard cap on the amount of mechanisms that can be specified and
encoded in the payload. (bsc#1253904, CVE-2025-58181)
* 0007-CVE-2025-58181-fix-vendor-crypto-ssh.patch
- glib2
-
- Add CVE fixes:
+ glib2-CVE-2026-1484.patch (bsc#1257355 CVE-2026-1484
glgo#GNOME/glib!4979).
+ glib2-CVE-2026-1485.patch (bsc#1257354 CVE-2026-1485
glgo#GNOME/glib!4981).
+ glib2-CVE-2026-1489.patch (bsc#1257353 CVE-2026-1489
glgo#GNOME/glib!4984).
- Add glib2-CVE-2026-0988.patch: fix a potential integer overflow
in g_buffered_input_stream_peek (bsc#1257049 CVE-2026-0988
glgo#GNOME/glib#3851).
- glibc
-
- memalign-overflow-check.patch: memalign: reinstate alignment overflow
check (CVE-2026-0861, bsc#1256766, BZ #33796)
- nss-dns-getnetbyaddr.patch: resolv: Fix NSS DNS backend for getnetbyaddr
(CVE-2026-0915, bsc#1256822, BZ #33802)
- wordexp-wrde-reuse.patch: posix: Reset wordexp_t fields with WRDE_REUSE
(CVE-2025-15281, bsc#1257005, BZ #33814)
- regcomp-double-free.patch: posix: Fix double-free after allocation
failure in regcomp (CVE-2025-8058, bsc#1246965, BZ #33185)
- gpg2
-
- Security fix [bsc#1256389] (gpg.fail/filename)
* Added gnupg-accepts-path-separators-literal-data.patch
* GnuPG Accepts Path Separators and Path Traversals in Literal Data
- grub2
-
- Backport upstream's commit to prevent BIOS assert (bsc#1258022)
* 0001-kern-efi-mm-Change-grub_efi_mm_add_regions-to-keep-t.patch
- kernel-default
-
- apparmor: fix race between freeing data and fs accessing it
(bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy
management (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles()
(bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in
verify_dfa() (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage
(bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
- apparmor: replace recursive profile removal with iterative
approach (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
- commit a3c8154
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836)
Disable sch_atm module, it doesn't seem to be used and security issues
led to its removal from upstream.
- commit 9c7c77d
- Refresh
patches.suse/dst-fix-races-in-rt6_uncached_list_del-and-rt_del_un.patch.
- commit e435fe4
- net/sched: ets: Always remove class from active list before
deleting in ets_qdisc_change (CVE-2025-71066 bsc#1256645).
- commit 37ff710
- net/sched: cls_u32: use skb_header_pointer_careful()
(CVE-2026-23204 bsc#1258340).
- net: add skb_header_pointer_careful() helper (CVE-2026-23204
bsc#1258340).
- commit 448562c
- ata: libata-sff: Ensure that we cannot write outside the
allocated buffer (bsc#1238917 CVE-2025-21738).
- commit cfd3e32
- Update
patches.suse/msft-hv-3440-net-hv_netvsc-reject-RSS-hash-key-programming-withou.patch
(bsc#1257473 CVE-2026-23054 bsc#1257732).
- commit 2638d0a
- dst: fix races in rt6_uncached_list_del() and
rt_del_uncached_list() (CVE-2026-23004 bsc#1257231).
- commit 38c7653
- gfs2: Fix unlikely race in gdlm_put_lock (CVE-2025-40242
bsc#1255075).
- commit e0980d4
- macvlan: observe an RCU grace period in macvlan_common_newlink()
error path (CVE-2026-23209 bsc#1258518).
- macvlan: fix error recovery in macvlan_common_newlink()
(CVE-2026-23209 bsc#1258518).
- commit fd9b2a8
- ALSA: aloop: Fix racy access at PCM trigger (CVE-2026-23191
bsc#1258395).
- commit 6136032
- crypto: authencesn - reject too-short AAD (assoclen<8) to
match ESP/ESN spec (bsc#1257735 CVE-2026-23060).
- commit e80292a
- net/sched: Enforce that teql can only be used as root qdisc
(CVE-2026-23074 bsc#1257749).
- commit faf6ae4
- ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free()
(CVE-2026-23089 bsc#1257790).
- commit f5d553b
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP
allocations (bsc#1254447 bsc#1253087).
- commit e548905
- Update config files: disable CONFIG_DEVPORT for arm64 (bsc#1256792)
- commit c1cfc1c
- README.BRANCH : remove Vasilis from maintainers
- commit 6c4df64
- Update patches.suse/drm-amd-display-Fix-vs-typos.patch
(git-fixes CVE-2024-26661 bsc#1222323).
- Update
patches.suse/drm-stm-ltdc-fix-late-dereference-check.patch
(git-fixes CVE-2023-53714 bsc#1254465).
- Update
patches.suse/x86-tdx-Zero-out-the-missing-RSI-in-TDX_HYPERCALL-macro.patch
(git-fixes CVE-2023-52874 bsc#1225049).
- commit 699197b
- Update
patches.suse/USB-gadget-Fix-obscure-lockdep-violation-for-udc_mut.patch
(CVE-2022-49980 bsc#1245110 CVE-2022-49943 bsc#1244904).
- Update
patches.suse/USB-gadget-bcm63xx_udc-fix-memory-leak-with-using-de.patch
(git-fixes CVE-2023-53412 bsc#1254462).
- Update
patches.suse/USB-gadget-lpc32xx_udc-fix-memory-leak-with-using-de.patch
(git-fixes CVE-2023-53418 bsc#1254464).
- Update
patches.suse/USB-gadget-pxa27x_udc-fix-memory-leak-with-using-deb.patch
(git-fixes CVE-2023-53407 bsc#1253028).
- Update
patches.suse/USB-sl811-fix-memory-leak-with-using-debugfs_lookup.patch
(git-fixes CVE-2023-53417 bsc#1254463).
- Update patches.suse/arm64-set-UXN-on-swapper-page-tables.patch
(git-fixes CVE-2022-50232 bsc#1244758).
- Update
patches.suse/btrfs-avoid-NULL-pointer-dereference-if-no-valid-ext.patch
(bsc#1249158 CVE-2025-21658 bsc#1236208).
- Update
patches.suse/ip-Fix-data-races-around-sysctl_ip_fwd_use_pmtu.patch
(CVE-2025-40139 bsc#1253409 CVE-2022-49604 bsc#1238414).
- Update
patches.suse/ipv4-use-RCU-protection-in-__ip_rt_update_pmtu.patch
(CVE-2025-40139 bsc#1253409 CVE-2025-21766 bsc#1238754).
- Update
patches.suse/ipv6-use-RCU-protection-in-ip6_default_advmss.patch
(CVE-2025-40139 bsc#1253409 CVE-2025-21765 bsc#1237906).
- Update
patches.suse/mm-zswap-fix-missing-folio-cleanup-in-writeback-race-path.patch
(CVE-2023-53178 bsc#1249827 git-fix CVE-2024-26832 bsc#1223007).
- Update
patches.suse/ndisc-extend-RCU-protection-in-ndisc_send_skb.patch
(CVE-2025-40139 bsc#1253409 CVE-2025-21760 bsc#1238763).
- Update
patches.suse/ndisc-use-RCU-protection-in-ndisc_alloc_skb.patch
(CVE-2025-40139 bsc#1253409 CVE-2025-21764 bsc#1237885).
- Update
patches.suse/net-sched-ets-use-old-nbands-while-purging-unused-classes.patch
(git-fixes CVE-2025-38684 bsc#1249156).
- Update
patches.suse/netfilter-nft_set_hash-unaligned-atomic-read-on-struct-nft.patch
(CVE-2023-52923 bsc#1236104 CVE-2024-54031 bsc#1235905).
- Update
patches.suse/netfilter-nft_set_rbtree-skip-end-interval-element-from-gc.patch
(CVE-2023-52923 bsc#1236104 CVE-2024-26581 bsc#1220144).
- Update
patches.suse/netfilter-nft_set_rbtree-skip-sync-GC-for-new-elements-in-.patch
(CVE-2023-52923 bsc#1236104 CVE-2023-52433 bsc#1220137).
- Update patches.suse/perf-core-Exit-early-on-perf_mmap-fail.patch
(CVE-2025-38563 bsc#1248306 dependency CVE-2025-38565
bsc#1248377).
- Update
patches.suse/udf-fix-uninit-value-use-in-udf_get_fileshortad.patch
(bsc#1252785 CVE-2025-40044 CVE-2024-50143 bsc#1233038).
- commit 5e5b6b9
- macvlan: fix possible UAF in macvlan_forward_source()
(CVE-2026-23001 bsc#1257232).
- net: hns3: add VLAN id validation before using (CVE-2025-71112
bsc#1256726).
- commit 270e8e5
- net/sched: sch_qfq: do not free existing class in
qfq_change_class() (CVE-2026-22999 bsc#1257236).
- commit 16a63b9
- scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
- net: hv_netvsc: reject RSS hash key programming without RX
indirection table (bsc#1257473).
- commit 7602440
- ipv6: BUG() in pskb_expand_head() as part of
calipso_skbuff_setattr() (CVE-2025-71085 bsc#1256623).
- commit 3ba0df8
- usbnet: Prevents free active kevent (CVE-2025-68312
bsc#1255171).
- commit ee0ab3e
- tcp: correct handling of extreme memory squeeze (bsc#1254767).
- net: tcp: allow zero-window ACK update the window (bsc#1254767).
- net: tcp: send zero-window ACK when no memory (bsc#1254767).
- commit 56442cc
- page_pool: Fix use-after-free in page_pool_recycle_in_ring
(CVE-2025-38129 bsc#1245723).
- page_pool: fix inconsistency for page_pool_ring_lock()
(CVE-2025-38129 bsc#1245723).
- commit ef250c6
- libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116 bsc#1256744).
- commit b9dec39
- libceph: fix potential use-after-free in have_mon_and_osd_map() (CVE-2025-68285 bsc#1255401).
- commit 9d4582b
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (CVE-2025-68284 bsc#1255377).
- commit f157995
- x86: make page fault handling disable interrupts properly
(git-fixes).
- commit a7abb9b
- virtio-net: ensure the received length does not exceed allocated
size (CVE-2025-38375 bsc#1247177).
- commit 6145535
- iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089
bsc#1256612).
- commit 35b67db
- kABI: Fixup for struct mrp_applicant (CVE-2022-50697
bsc#1255594).
- commit 74302bd
- mrp: introduce active flags to prevent UAF when applicant uninit
(CVE-2022-50697 bsc#1255594).
- commit d693c1a
- mptcp: fix a race in mptcp_pm_del_add_timer() (CVE-2025-40257
bsc#1254842).
- commit a01d7e7
- sched/fair: Don't balance task to its current running CPU (CVE-2023-53215 bsc#1250397)
- commit 7fb66be
- Update config files.
- commit c148a7f
- x86/vmscape: Add old Intel CPUs to affected list (bsc#1247483
CVE-2025-40300).
- commit 91334cf
- x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483
CVE-2025-40300).
- commit 11b7dad
- x86/bugs: Move cpu_bugs_smt_update() down (bsc#1247483
CVE-2025-40300).
- commit 3528146
- x86/vmscape: Enable the mitigation (bsc#1247483 CVE-2025-40300).
- commit ee7811b
- x86/vmscape: Add conditional IBPB mitigation (bsc#1247483
CVE-2025-40300).
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit 1f9199e
- x86/vmscape: Enumerate VMSCAPE bug (bsc#1247483 CVE-2025-40300).
- Refresh patches.kabi/kabi-allow-extra-bugints.patch.
- commit 31c0293
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token
in gss_read_proxy_verf (CVE-2025-71120 bsc#1256779).
- commit 23da597
- Documentation/hw-vuln: Add VMSCAPE documentation (bsc#1247483
CVE-2025-40300).
- commit bfa3e0c
- Revert "ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582"
This reverts commit 0a793b204bae9d28b0237e47341a7f495d54ca68.
Regarding bsc#1256582 comment #7: Since the CVE score is below 7,
we should not backport this fix to the 5.14-LTSS branch.
- commit 64134c9
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (bsc#1256582
CVE-2025-68771).
- commit 0a793b2
- kABI: Fix X86_FEATURE_BHI_CTRL and X86_FEATURE_IPRED_CTRL overlap (bsc#1253702)
Due to an oversight the aforementioned features were overlapping in
their definition, since the latter is defined via :
[#]define X86_FEATURE_IPRED_CTRL KVM_X86_FEATURE(CPUID_7_2_EDX, 1)
but CPUID_7_2_EDX was wronlgy defined due to kvm_only_cpuid_leafs
not being adjusted to account for the extended caps. This resulted in
both feature names to be matched by the X86_FEATURE_BHI_CTRL rule in
__feature_translate resulted in the alias. This in turn has a snowball
effect in downstream logic which expects different features to have
different definitions.
Fix it by adjusting kvm_only_cpuid_leafs to account for our kABI fixes.
- commit 6ef085a
- crypto: lzo - Fix compression buffer overrun (CVE-2025-38068 bsc#1245210)
- commit f5ce243
- wifi: rtw88: fix the 'para' buffer size to avoid reading out
of bounds (CVE-2025-38159 bsc#1245751).
- commit 626f7b2
- ipvs: fix ipv4 null-ptr-deref in route error path
(CVE-2025-68813 bsc#1256641).
- commit c310c4c
- netfilter: ebtables: fix table blob use-after-free
(CVE-2023-54243 bsc#1255908).
- commit 1e66c31
- gtp: Fix use-after-free in __gtp_encap_destroy() (CVE-2023-54142
bsc#1256095).
- commit 7ec7480
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183 bsc#1255251).
- commit 889d597
- fuse: fix livelock in synchronous file put from fuseblk workers (CVE-2025-40220 bsc#1254520).
- commit 9f0195c
- mm: hugetlb: fix UAF in hugetlb_handle_userfault (CVE-2022-50630
bsc#1254785).
- commit d39687e
- Delete
patches.suse/net-mana-Switch-to-page-pool-for-jumbo-frames.patch.
- Delete
patches.suse/net-mana-Use-page-pool-fragments-for-RX-buffers-inst.patch.
Drop mana page-pool patches as page-pool isn't new enough (bsc#1255107)
- commit e4c8100
- Update
patches.suse/0001-net-nsh-Use-correct-mac_offset-to-unwind-gso-skb-in-.patch
(CVE-2024-36933 bsc#1225832 CVE-2023-54114 bsc#1256150).
- Update
patches.suse/0250-dm-verity-loadpin-Only-trust-verity-targets-with-enforcement.patch
(jsc#PED-2765 CVE-2022-50621 bsc#1254786).
- Update
patches.suse/Bluetooth-ISO-fix-iso_conn-related-locking-and-valid.patch
(git-fixes CVE-2023-54164 bsc#1256071).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-for-h-a2bcd2b.patch
(git-fixes CVE-2023-53828 bsc#1254623).
- Update
patches.suse/Bluetooth-hci_sync-Avoid-use-after-free-in-dbg-for-h.patch
(git-fixes CVE-2023-54210 bsc#1255955).
- Update
patches.suse/Bluetooth-use-hdev-workqueue-when-queuing-hdev-cmd-n.patch
(jsc#PED-1407 CVE-2022-50833 bsc#1256218).
- Update
patches.suse/af_unix-Fix-data-races-around-sk-sk_shutdown.patch-e1d09c2c
(bsc#1226846 CVE-2023-54226 bsc#1255841).
- Update patches.suse/arm64-mm-fix-VA-range-sanity-check.patch
(git-fixes CVE-2023-53989 bsc#1256302).
- Update
patches.suse/arm64-set-__exception_irq_entry-with-__irq_entry-as-a-default.patch
(git-fixes CVE-2023-54322 bsc#1255763).
- Update
patches.suse/autofs-fix-memory-leak-of-waitqueues-in-autofs_catat.patch
(git-fixes CVE-2023-54134 bsc#1256106).
- Update
patches.suse/bcache-fixup-btree_cache_wait-list-damage-f085.patch
(git-fixes CVE-2023-54293 bsc#1255801).
- Update
patches.suse/blk-cgroup-dropping-parent-refcount-after-pd_free_fn-is-done.patch
(bsc#1224573 CVE-2023-54107 bsc#1256359).
- Update
patches.suse/bnxt_en-fix-memory-leak-in-bnxt_nvm_test.patch
(jsc#PED-1495 CVE-2022-50723 bsc#1255946).
- Update
patches.suse/bpf-Prevent-decl_tag-from-being-referenced-in-func_p.patch
(git-fixes CVE-2022-50883 bsc#1256128).
- Update
patches.suse/bpf-prevent-decl_tag-from-being-referenced-in-func_p.patch
(git-fixes CVE-2022-50862 bsc#1256166).
- Update
patches.suse/devlink-hold-region-lock-when-flushing-snapshots.patch
(git-fixes CVE-2022-50712 bsc#1255745).
- Update
patches.suse/dm-don-t-attempt-to-queue-IO-under-RCU-protection-a9ce.patch
(git-fixes CVE-2023-53860 bsc#1254626).
- Update
patches.suse/dm-flakey-don-t-corrupt-the-zero-page-f507.patch
(git-fixes CVE-2023-54317 bsc#1255771).
- Update
patches.suse/dm-flakey-fix-a-crash-with-invalid-table-line-98db.patch
(git-fixes CVE-2023-53786 bsc#1254916).
- Update
patches.suse/drm-amd-display-fix-FCLK-pstate-change-underflow.patch
(bsc#1206843 CVE-2023-53780 bsc#1254911).
- Update
patches.suse/drm-amd-display-fix-mapping-to-non-allocated-address.patch
(bsc#1206843 CVE-2023-53753 bsc#1254910).
- Update
patches.suse/drm-amd-display-populate-subvp-cmd-info-only-for-the.patch
(git-fixes CVE-2023-53806 bsc#1254979).
- Update
patches.suse/drm-amdkfd-Fix-kernel-warning-during-topology-setup.patch
(git-fixes CVE-2023-54144 bsc#1256088).
- Update patches.suse/drm-amdkfd-fix-potential-kgd_mem-UAFs.patch
(git-fixes CVE-2023-53816 bsc#1254958).
- Update
patches.suse/drm-bridge-it6505-Initialize-AUX-channel-in-it6505_i.patch
(git-fixes CVE-2022-50847 bsc#1256198).
- Update
patches.suse/drm-fbdev-generic-prohibit-potential-out-of-bounds-a.patch
(git-fixes CVE-2023-54116 bsc#1256352).
- Update
patches.suse/drm-i915-Fix-NULL-ptr-deref-by-checking-new_crtc_sta.patch
(git-fixes CVE-2023-53833 bsc#1254681).
- Update
patches.suse/drm-msm-a6xx-Fix-kvzalloc-vs-state_kcalloc-usage.patch
(git-fixes CVE-2022-50867 bsc#1256164).
- Update
patches.suse/drm-msm-fix-NULL-deref-on-irq-uninstall.patch
(git-fixes CVE-2023-54138 bsc#1256101).
- Update
patches.suse/drm-msm-fix-workqueue-leak-on-bind-errors.patch
(git-fixes CVE-2023-53849 bsc#1254651).
- Update
patches.suse/drm-mxsfb-Disable-overlay-plane-in-mxsfb_plane_overl.patch
(git-fixes CVE-2023-53864 bsc#1254754).
- Update
patches.suse/drm-rockchip-dw_hdmi-cleanup-drm-encoder-during-unbi.patch
(git-fixes CVE-2023-54047 bsc#1256398).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-eviction-error.patch
(git-fixes CVE-2023-54254 bsc#1255890).
- Update
patches.suse/drm-vmwgfx-Fix-memory-leak-in-vmw_mksstat_add_ioctl.patch
(git-fixes CVE-2022-50667 bsc#1254684).
- Update
patches.suse/erofs-stop-parsing-non-compact-HEAD-index-if-clusterofs-is-invalid.patch
(git-fixes CVE-2023-54132 bsc#1256103).
- Update
patches.suse/exfat-use-kvmalloc_array-kvfree-instead-of-kmalloc_array-kfree.patch
(git-fixes CVE-2023-54194 bsc#1255974).
- Update
patches.suse/fs-drop-peer-group-ids-under-namespace-lock.patch
(git-fixes CVE-2023-54128 bsc#1256112).
- Update
patches.suse/i2c-xiic-xiic_xfer-Fix-runtime-PM-leak-on-error-path.patch
(git-fixes CVE-2023-54175 bsc#1255998).
- Update
patches.suse/ice-set-tx_tstamps-when-creating-new-Tx-rings-via-et.patch
(jsc#PED-376 CVE-2022-50710 bsc#1255561).
- Update
patches.suse/igb-clean-up-in-all-error-paths-when-enabling-SR-IOV.patch
(jsc#PED-370 CVE-2023-54070 bsc#1256364).
- Update
patches.suse/io_uring-fix-memory-leak-when-removing-provided-buff.patch
(git-fixes CVE-2023-54041 bsc#1255532).
- Update
patches.suse/io_uring-rw-defer-fsnotify-calls-to-task-context.patch
(git-fixes CVE-2022-50705 bsc#1255596).
- Update
patches.suse/iommu-amd-Add-a-length-limitation-for-the-ivrs_acpih.patch
(git-fixes CVE-2023-54057 bsc#1256381).
- Update
patches.suse/iommu-sprd-Release-dma-buffer-to-avoid-memory-leak.patch
(git-fixes CVE-2023-53801 bsc#1254922).
- Update
patches.suse/md-raid5-cache-fix-a-deadlock-in-r5l_exit_log-a705.patch
(git-fixes CVE-2023-53848 bsc#1254753).
- Update
patches.suse/mlx5-fix-skb-leak-while-fifo-resync-and-push.patch
(jsc#PED-1549 CVE-2023-54238 bsc#1255916).
- Update
patches.suse/net-mlx5-fix-potential-memory-leak-in-mlx5e_init_rep.patch
(git-fixes CVE-2023-54106 bsc#1256358).
- Update
patches.suse/net-mlx5e-Don-t-clone-flow-post-action-attributes-se.patch
(jsc#PED-1549 CVE-2023-54262 bsc#1255881).
- Update
patches.suse/net-mlx5e-Move-representor-neigh-cleanup-to-profile-.patch
(git-fixes CVE-2023-54148 bsc#1256084).
- Update
patches.suse/net-mlx5e-Use-correct-encap-attribute-during-invalid.patch
(jsc#PED-1549 CVE-2023-54074 bsc#1256363).
- Update
patches.suse/net-mlx5e-fix-memory-leak-in-mlx5e_ptp_open.patch
(git-fixes CVE-2023-54169 bsc#1256050).
- Update
patches.suse/net-sched-taprio-Limit-TCA_TAPRIO_ATTR_SCHED_CYCLE_T.patch
(bsc#1226797 CVE-2023-54251 bsc#1255888).
- Update
patches.suse/net-stream-purge-sk_error_queue-in-sk_stream_kill_qu.patch
(git-fixes CVE-2022-50838 bsc#1256214).
- Update
patches.suse/nvme-multipath-fix-lockdep-WARN-due-to-partition-sca.patch
(git-fixes bsc#1233640 CVE-2024-53093 CVE-2025-68218
bsc#1255245).
- Update
patches.suse/platform-x86-amd-pmc-Fix-memory-leak-in-amd_pmc_stb_.patch
(bsc#1210644 CVE-2023-54320 bsc#1255761).
- Update
patches.suse/powerpc-pseries-Rework-lppaca_shared_proc-to-avoid-D.patch
(bsc#1194869 CVE-2023-54267 bsc#1255899).
- Update
patches.suse/powerpc-pseries-fix-possible-memory-leak-in-ibmebus_.patch
(bsc#1194869 CVE-2023-54017 bsc#1255605).
- Update
patches.suse/scsi-mpi3mr-Fix-missing-mrioc-evtack_cmds-initialization.patch
(git-fixes CVE-2023-54234 bsc#1255920).
- Update
patches.suse/scsi-pm8001-Fix-running_req-for-internal-abort-commands.patch
(jsc#PED-1559 CVE-2022-50818 bsc#1256239).
- Update
patches.suse/scsi-smartpqi-Correct-device-removal-for-multi-actua.patch
(bsc#1207315 CVE-2022-50768 bsc#1256309).
- Update
patches.suse/spmi-Add-a-check-for-remove-callback-when-removing-a.patch
(git-fixes CVE-2023-54044 bsc#1256294).
- Update
patches.suse/vdpa-vp_vdpa-fix-kfree-a-wrong-pointer-in-vp_vdpa_re.patch
(git-fixes CVE-2022-50873 bsc#1256144).
- Update patches.suse/vhost-vdpa-fix-an-iotlb-memory-leak.patch
(jsc#PED-1549 CVE-2022-50738 bsc#1256111).
- Update
patches.suse/virt-coco-sev-guest-Double-buffer-messages.patch
(jsc#PED-7167 CVE-2023-53769 bsc#1254601).
- Update
patches.suse/wifi-ath11k-fix-failed-to-find-the-peer-with-peer_id.patch
(bsc#1206451 CVE-2022-50665 bsc#1254685).
- Update
patches.suse/wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
(git-fixes CVE-2023-54229 bsc#1255924).
- Update
patches.suse/wifi-mt76-mt7921e-fix-rmmod-crash-in-driver-reload-t.patch
(bsc#1209980 CVE-2022-50714 bsc#1255747).
- Update
patches.suse/wifi-mt76-mt7921s-fix-slab-out-of-bounds-access-in-s.patch
(bsc#1209980 CVE-2022-50701 bsc#1255635).
- commit 3030cef
- Update
patches.suse/0016-md-raid5-Remove-unnecessary-bio_put-in-raid5_read_on.patch
(git-fixes CVE-2022-50752 bsc#1256204).
- Update patches.suse/0045-dm-clone-Fix-UAF-in-clone_dtr.patch
(git-fixes CVE-2022-50843 bsc#1256203).
- Update
patches.suse/0047-dm-integrity-Fix-UAF-in-dm_integrity_dtr.patch
(git-fixes CVE-2022-50889 bsc#1256056).
- Update
patches.suse/ACPI-EC-Fix-oops-when-removing-custom-query-handlers.patch
(git-fixes CVE-2023-54244 bsc#1255909).
- Update
patches.suse/ACPICA-ACPICA-check-null-return-of-ACPI_ALLOCATE_ZER.patch
(git-fixes CVE-2023-54010 bsc#1256326).
- Update
patches.suse/ALSA-firewire-digi00x-prevent-potential-use-after-fr.patch
(git-fixes CVE-2023-54084 bsc#1256223).
- Update
patches.suse/ALSA-hda-ca0132-fixup-buffer-overrun-at-tuning_ctl_s.patch
(git-fixes CVE-2023-53788 bsc#1254917).
- Update
patches.suse/ALSA-line6-fix-stack-overflow-in-line6_midi_transmit.patch
(git-fixes CVE-2022-50719 bsc#1255939).
- Update
patches.suse/ALSA-mts64-fix-possible-null-ptr-defer-in-snd_mts64_.patch
(git-fixes CVE-2022-50773 bsc#1256245).
- Update
patches.suse/ALSA-pcm-Fix-potential-data-race-at-PCM-memory-alloc.patch
(git-fixes CVE-2023-54072 bsc#1256291).
- Update
patches.suse/ARM-OMAP2-Fix-memory-leak-in-realtime_counter_init.patch
(git-fixes CVE-2022-50872 bsc#1256157).
- Update
patches.suse/ARM-zynq-Fix-refcount-leak-in-zynq_early_slcr_init.patch
(git-fixes CVE-2023-53818 bsc#1254714).
- Update
patches.suse/ASoC-codecs-tx-macro-Fix-for-KASAN-slab-out-of-bound.patch
(git-fixes CVE-2023-54245 bsc#1255912).
- Update
patches.suse/ASoC-codecs-wcd-mbhc-v2-fix-resource-leaks-on-compon.patch
(git-fixes CVE-2023-53842 bsc#1254690).
- Update
patches.suse/ASoC-da7219-Fix-an-error-handling-path-in-da7219_reg.patch
(git-fixes CVE-2022-50698 bsc#1255608).
- Update
patches.suse/ASoC-pxa-fix-null-pointer-dereference-in-filter.patch
(git-fixes CVE-2022-50866 bsc#1256162).
- Update
patches.suse/ASoC-soc-compress-Reposition-and-add-pcm_mutex.patch
(git-fixes CVE-2023-53866 bsc#1255060).
- Update
patches.suse/Bluetooth-Fix-race-condition-in-hidp_session_thread.patch
(git-fixes CVE-2023-54120 bsc#1256133).
- Update
patches.suse/Bluetooth-L2CAP-Fix-potential-user-after-free.patch
(git-fixes CVE-2023-54214 bsc#1255954).
- Update
patches.suse/Bluetooth-L2CAP-Fix-use-after-free-in-l2cap_disconne.patch
(git-fixes CVE-2023-53827 bsc#1255049).
- Update
patches.suse/FS-JFS-Check-for-read-only-mounted-filesystem-in-txBegin.patch
(git-fixes CVE-2023-53766 bsc#1255005).
- Update
patches.suse/HSI-omap_ssi-Fix-refcount-leak-in-ssi_probe.patch
(git-fixes CVE-2022-50641 bsc#1254614).
- Update
patches.suse/KVM-Destroy-target-device-if-coalesced-MMIO-unregistration-fails.patch
(git-fixes CVE-2023-54024 bsc#1255609).
- Update
patches.suse/KVM-s390-pv-fix-index-value-of-replaced-ASCE.patch
(git-fixes bsc#1213867 CVE-2023-54092 bsc#1256370).
- Update
patches.suse/NFSD-Finish-converting-the-NFSv2-GETACL-result-encod.patch
(git-fixes CVE-2022-50861 bsc#1256177).
- Update
patches.suse/NFSv4-Fix-a-credential-leak-in-_nfs4_discover_trunki.patch
(git-fixes CVE-2022-50853 bsc#1256189).
- Update
patches.suse/PCI-Fix-dropping-valid-root-bus-resources-with-.end-.patch
(git-fixes CVE-2023-53814 bsc#1254713).
- Update
patches.suse/PCI-Fix-pci_device_is_present-for-VFs-by-checking-PF.patch
(git-fixes CVE-2022-50636 bsc#1254645).
- Update
patches.suse/PCI-Free-released-resource-after-coalescing.patch
(git-fixes CVE-2023-53743 bsc#1254782).
- Update
patches.suse/RDMA-bnxt_re-Prevent-handling-any-completions-after-.patch
(git-fixes CVE-2023-54048 bsc#1256395).
- Update
patches.suse/RDMA-core-Fix-GID-entry-ref-leak-when-create_ah-fail.patch
(git-fixes CVE-2023-54003 bsc#1255619).
- Update
patches.suse/RDMA-efa-Fix-wrong-resources-deallocation-order.patch
(git-fixes CVE-2023-54201 bsc#1255964).
- Update
patches.suse/RDMA-hns-fix-memory-leak-in-hns_roce_alloc_mr.patch
(git-fixes CVE-2022-50662 bsc#1254625).
- Update
patches.suse/RDMA-irdma-Cap-MSIX-used-to-online-CPUs-1.patch
(git-fixes CVE-2023-53811 bsc#1254716).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-completion-stats.patch
(git-fixes CVE-2023-54302 bsc#1255792).
- Update
patches.suse/RDMA-irdma-Fix-data-race-on-CQP-request-done.patch
(git-fixes CVE-2023-54292 bsc#1255800).
- Update
patches.suse/RDMA-irdma-Fix-memory-leak-of-PBLE-objects.patch
(git-fixes CVE-2023-54055 bsc#1256384).
- Update
patches.suse/RDMA-mlx4-Prevent-shift-wrapping-in-set_user_sq_size.patch
(jsc#SLE-19255 CVE-2023-54168 bsc#1256053).
- Update
patches.suse/RDMA-restrack-Release-MR-restrack-when-delete.patch
(git-fixes CVE-2022-50822 bsc#1256260).
- Update
patches.suse/RDMA-rxe-Fix-NULL-ptr-deref-in-rxe_qp_do_cleanup-whe.patch
(git-fixes CVE-2022-50885 bsc#1256122).
- Update
patches.suse/RDMA-rxe-Fix-kernel-NULL-pointer-dereference-error.patch
(git-fixes CVE-2022-50671 bsc#1254711).
- Update
patches.suse/RDMA-rxe-Fix-the-error-trying-to-register-non-static.patch
(git-fixes CVE-2023-54028 bsc#1255546).
- Update
patches.suse/RDMA-siw-Fix-QP-destroy-to-wait-for-all-references-d.patch
(git-fixes CVE-2022-50666 bsc#1254674).
- Update
patches.suse/RDMA-siw-Fix-immediate-work-request-flush-to-complet.patch
(git-fixes CVE-2022-50736 bsc#1256137).
- Update
patches.suse/RDMA-srpt-Add-a-check-for-valid-mad_agent-pointer.patch
(git-fixes CVE-2023-54274 bsc#1255905).
- Update
patches.suse/Reinstate-some-of-swiotlb-rework-fix-info-leak-with-.patch
(CVE-2022-0854 bsc#1196823 CVE-2022-48853 bsc#1228015).
- Update
patches.suse/Revert-Bluetooth-btsdio-fix-use-after-free-bug-in-bt.patch
(git-fixes CVE-2023-54197 bsc#1255969).
- Update
patches.suse/Revert-IB-isert-Fix-incorrect-release-of-isert-conne.patch
(git-fixes CVE-2023-54219 bsc#1256231).
- Update
patches.suse/SMB3-Add-missing-locks-to-protect-deferred-close-file-list.patch
(git-fixes CVE-2023-53990 bsc#1255560).
- Update
patches.suse/SUNRPC-Don-t-leak-netobj-memory-when-gss_read_proxy_.patch
(git-fixes CVE-2022-50821 bsc#1256242).
- Update
patches.suse/SUNRPC-double-free-xprt_ctxt-while-still-in-use.patch
(git-fixes CVE-2023-54269 bsc#1255876).
- Update
patches.suse/USB-gadget-Fix-use-after-free-during-usb-config-swit.patch
(git-fixes CVE-2022-50704 bsc#1255623).
- Update patches.suse/USB-sisusbvga-Add-endpoint-checks.patch
(git-fixes CVE-2023-54213 bsc#1255953).
- Update
patches.suse/USB-usbtmc-Fix-direction-for-0-length-ioctl-control-.patch
(git-fixes CVE-2023-53761 bsc#1255002).
- Update
patches.suse/acct-fix-potential-integer-overflow-in-encode_comp_t.patch
(git-fixes CVE-2022-50749 bsc#1256191).
- Update patches.suse/amba-bus-fix-refcount-leak.patch (git-fixes
CVE-2023-54230 bsc#1255925).
- Update
patches.suse/amdgpu-pm-prevent-array-underflow-in-vega20_odn_edit.patch
(git-fixes CVE-2022-50781 bsc#1256306).
- Update
patches.suse/amdgpu-validate-offset_in_bo-of-drm_amdgpu_gem_va.patch
(git-fixes CVE-2023-53819 bsc#1254712).
- Update patches.suse/apparmor-Fix-memleak-in-alloc_ns.patch
(git-fixes CVE-2022-50860 bsc#1256174).
- Update
patches.suse/apparmor-fix-a-memleak-in-multi_transaction_new.patch
(git-fixes CVE-2022-50754 bsc#1256065).
- Update
patches.suse/arm64-mte-Avoid-setting-PG_mte_tagged-if-no-tags-cle.patch
(git-fixes CVE-2022-50675 bsc#1254664).
- Update
patches.suse/audit-fix-possible-soft-lockup-in-__audit_inode_chil.patch
(git-fixes CVE-2023-54045 bsc#1256285).
- Update
patches.suse/auxdisplay-hd44780-Fix-potential-memory-leak-in-hd44.patch
(git-fixes CVE-2022-50830 bsc#1256328).
- Update
patches.suse/blk-cgroup-Fix-NULL-deref-caused-by-blkg_policy_data-being-installed-before-init.patch
(bsc#1216062 CVE-2023-54271 bsc#1255902).
- Update
patches.suse/blk-iocost-fix-divide-by-0-error-in-calc_lcoefs.patch
(bsc#1214986 CVE-2023-53783 bsc#1254915).
- Update
patches.suse/block-bfq-Fix-division-by-zero-error-on-zero-wsum.patch
(bsc#1213653 CVE-2023-54242 bsc#1255919).
- Update
patches.suse/bpf-Disable-preemption-in-bpf_event_output.patch
(git-fixes CVE-2023-54173 bsc#1255996).
- Update
patches.suse/can-j1939-j1939_tp_tx_dat_new-fix-out-of-bounds-memo.patch
(git-fixes CVE-2023-54039 bsc#1255555).
- Update
patches.suse/cifs-Fix-lost-destroy-smbd-connection-when-MR-allocate-failed.patch
(git-fixes CVE-2023-54260 bsc#1255878).
- Update
patches.suse/cifs-Fix-the-error-length-of-VALIDATE_NEGOTIATE_INFO-message.patch
(bsc#1193629 CVE-2022-50859 bsc#1256172).
- Update
patches.suse/cifs-Fix-xid-leak-in-cifs_copy_file_range-.patch
(bsc#1193629 CVE-2022-50643 bsc#1254631).
- Update
patches.suse/cifs-Fix-xid-leak-in-cifs_ses_add_channel-.patch
(bsc#1193629 CVE-2022-50856 bsc#1256182).
- Update
patches.suse/cifs-fix-potential-race-when-tree-connecting-ipc.patch
(bsc#1208758 CVE-2023-54280 bsc#1255819).
- Update
patches.suse/cifs-fix-potential-use-after-free-bugs-in-TCP_Server_Info-hostname.patch
(bsc#1208758 CVE-2023-53751 bsc#1254986).
- Update
patches.suse/cifs-fix-session-state-check-in-reconnect-to-avoid-use-after-free-i.patch
(bsc#1193629 CVE-2023-53794 bsc#1255163).
- Update
patches.suse/clk-st-Fix-memory-leak-in-st_of_quadfs_setup.patch
(git-fixes CVE-2022-50776 bsc#1256254).
- Update
patches.suse/clk-tegra-Fix-refcount-leak-in-tegra114_clock_init.patch
(git-fixes CVE-2022-50823 bsc#1256333).
- Update
patches.suse/clk-ti-dra7-atl-Fix-reference-leak-in-of_dra7_atl_cl.patch
(git-fixes CVE-2022-50644 bsc#1254632).
- Update
patches.suse/clk-zynqmp-Fix-stack-out-of-bounds-in-strncpy.patch
(git-fixes CVE-2022-50828 bsc#1256230).
- Update
patches.suse/configfs-fix-possible-memory-leak-in-configfs_create.patch
(git-fixes CVE-2022-50751 bsc#1256184).
- Update
patches.suse/cpufreq-qcom-fix-memory-leak-in-error-path.patch
(git-fixes CVE-2022-50658 bsc#1254756).
- Update
patches.suse/crypto-akcipher-default-implementation-for-setting-a.patch
(git-fixes CVE-2022-50731 bsc#1256049).
- Update patches.suse/crypto-essiv-Handle-EBUSY-correctly.patch
(git-fixes CVE-2023-54046 bsc#1256295).
- Update
patches.suse/crypto-hisilicon-zip-fix-mismatch-in-get-set-sgl_sge.patch
(git-fixes CVE-2022-50814 bsc#1256248).
- Update
patches.suse/crypto-marvell-octeontx-prevent-integer-overflows.patch
(git-fixes CVE-2022-50763 bsc#1256317).
- Update patches.suse/crypto-qat-fix-DMA-transfer-direction.patch
(jsc#PED-1073 CVE-2022-50774 bsc#1256323).
- Update patches.suse/crypto-qat-fix-out-of-bounds-read.patch
(git-fixes CVE-2023-54325 bsc#1255757).
- Update
patches.suse/crypto-safexcel-Cleanup-ring-IRQ-workqueues-on-load-.patch
(git-fixes CVE-2023-54126 bsc#1256118).
- Update
patches.suse/dmaengine-ptdma-check-for-null-desc-before-calling-p.patch
(git-fixes CVE-2023-53755 bsc#1254608).
- Update
patches.suse/dmaengine-sf-pdma-pdma_desc-memory-leak-fix.patch
(git-fixes CVE-2023-54020 bsc#1255574).
- Update
patches.suse/driver-core-fix-potential-null-ptr-deref-in-device_a.patch
(git-fixes CVE-2023-54321 bsc#1255762).
- Update
patches.suse/drivers-dio-fix-possible-memory-leak-in-dio_init.patch
(git-fixes CVE-2022-50848 bsc#1256192).
- Update
patches.suse/drm-Prevent-drm_copy_field-to-attempt-copying-a-NULL.patch
(git-fixes CVE-2022-50884 bsc#1256127).
- Update
patches.suse/drm-amd-Fix-an-out-of-bounds-error-in-BIOS-parser.patch
(git-fixes CVE-2023-54150 bsc#1256086).
- Update
patches.suse/drm-amdgpu-Fix-PCI-device-refcount-leak-in-amdgpu_at.patch
(git-fixes CVE-2022-50760 bsc#1255983).
- Update
patches.suse/drm-amdgpu-Fix-type-of-second-parameter-in-odn_edit_.patch
(git-fixes CVE-2022-50844 bsc#1256205).
- Update
patches.suse/drm-amdgpu-fix-pci-device-refcount-leak.patch
(git-fixes CVE-2022-50718 bsc#1255750).
- Update
patches.suse/drm-amdgpu-powerplay-psm-Fix-memory-leak-in-power-st.patch
(git-fixes CVE-2022-50617 bsc#1254780).
- Update
patches.suse/drm-amdkfd-Fix-memory-leak-in-kfd_mem_dmamap_userptr.patch
(git-fixes CVE-2022-50619 bsc#1254789).
- Update
patches.suse/drm-client-Fix-memory-leak-in-drm_client_target_clon.patch
(git-fixes CVE-2023-54091 bsc#1256274).
- Update
patches.suse/drm-i915-fix-race-condition-UAF-in-i915_perf_add_con.patch
(git-fixes CVE-2023-54202 bsc#1255880).
- Update patches.suse/drm-i915-gvt-fix-gvt-debugfs-destroy.patch
(git-fixes CVE-2023-54098 bsc#1256185).
- Update
patches.suse/drm-msm-adreno-Fix-null-ptr-access-in-adreno_gpu_cle.patch
(git-fixes CVE-2023-54199 bsc#1255971).
- Update patches.suse/drm-msm-dpu-Add-check-for-cstate.patch
(git-fixes CVE-2023-54122 bsc#1256346).
- Update
patches.suse/drm-msm-dpu-Disallow-unallocated-resources-to-be-ret.patch
(git-fixes CVE-2023-53991 bsc#1255627).
- Update
patches.suse/drm-msm-fix-NULL-deref-on-snapshot-tear-down.patch
(git-fixes CVE-2023-53837 bsc#1254694).
- Update
patches.suse/drm-msm-hdmi-Add-missing-check-for-alloc_ordered_wor.patch
(git-fixes CVE-2023-54018 bsc#1255690).
- Update
patches.suse/drm-panel-panel-sitronix-st7701-Remove-panel-on-DSI-.patch
(git-fixes CVE-2022-50750 bsc#1256188).
- Update
patches.suse/drm-ttm-Don-t-leak-a-resource-on-swapout-move-error.patch
(git-fixes CVE-2023-53844 bsc#1254649).
- Update
patches.suse/drm-virtio-Check-whether-transferred-2D-BO-is-shmem.patch
(git-fixes CVE-2022-50842 bsc#1256202).
- Update
patches.suse/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-bo.patch
(bsc#1207620 CVE-2022-50638 bsc#1255469).
- Update
patches.suse/ext4-fix-bug_on-in-__es_tree_search-caused-by-bad-qu.patch
(bsc#1213111 CVE-2022-50782 bsc#1256282).
- Update
patches.suse/ext4-fix-deadlock-due-to-mbcache-entry-corruption.patch
(bsc#1207653 CVE-2022-50668 bsc#1254763).
- Update
patches.suse/ext4-fix-deadlock-when-converting-an-inline-director.patch
(bsc#1213105 CVE-2023-54311 bsc#1255773).
- Update
patches.suse/ext4-fix-inode-leak-in-ext4_xattr_inode_create-on-an.patch
(bsc#1207636 CVE-2022-50845 bsc#1256196).
- Update
patches.suse/ext4-fix-potential-memory-leak-in-ext4_fc_record_mod.patch
(bsc#1207611 CVE-2022-50622 bsc#1255467).
- Update
patches.suse/ext4-fix-use-after-free-in-ext4_orphan_cleanup.patch
(bsc#1207622 CVE-2022-50673 bsc#1255521).
- Update
patches.suse/ext4-refuse-to-create-ea-block-when-umounted.patch
(bsc#1213093 CVE-2023-54305 bsc#1255787).
- Update
patches.suse/ext4-set-goal-start-correctly-in-ext4_mb_normalize_r.patch
(bsc#1214940 CVE-2023-54021 bsc#1255600).
- Update
patches.suse/ext4-silence-the-warning-when-evicting-inode-with-di.patch
(bsc#1206889 CVE-2022-50730 bsc#1256048).
- Update
patches.suse/ext4-turn-quotas-off-if-mount-failed-after-enabling-.patch
(bsc#1213110 CVE-2023-54153 bsc#1256081).
- Update
patches.suse/fbdev-smscufx-Fix-several-use-after-free-bugs.patch
(git-fixes CVE-2022-50767 bsc#1256426).
- Update patches.suse/fbdev-udlfb-Fix-endpoint-check.patch
(git-fixes CVE-2023-54277 bsc#1255910).
- Update
patches.suse/firmware-arm_ffa-Check-if-ffa_driver-remove-is-prese.patch
(git-fixes CVE-2023-54058 bsc#1256382).
- Update
patches.suse/firmware-meson_sm-fix-to-avoid-potential-NULL-pointe.patch
(git-fixes CVE-2023-54304 bsc#1255786).
- Update
patches.suse/fpga-prevent-integer-overflow-in-dfl_feature_ioctl_s.patch
(git-fixes CVE-2022-50623 bsc#1254792).
- Update
patches.suse/fs-jfs-prevent-double-free-in-dbUnmount-after-failed-jfs_remount.patch
(git-fixes CVE-2023-54127 bsc#1256119).
- Update
patches.suse/fs-sysv-Null-check-to-prevent-null-ptr-deref-bug.patch
(git-fixes CVE-2023-54264 bsc#1255872).
- Update
patches.suse/gpu-lontium-lt9611-Fix-NULL-pointer-dereference-in-l.patch
(git-fixes CVE-2022-50878 bsc#1256140).
- Update patches.suse/hfs-Fix-OOB-Write-in-hfs_asc2mac.patch
(git-fixes CVE-2022-50747 bsc#1256432).
- Update
patches.suse/hfs-fix-missing-hfs_bnode_get-in-__hfs_bnode_create.patch
(git-fixes CVE-2023-53862 bsc#1254994).
- Update
patches.suse/hfs-hfsplus-avoid-WARN_ON-for-sanity-check-use-prope.patch
(git-fixes CVE-2023-54130 bsc#1256114).
- Update patches.suse/hwrng-amd-Fix-PCI-device-refcount-leak.patch
(git-fixes CVE-2022-50868 bsc#1256386).
- Update
patches.suse/hwrng-virtio-Fix-race-on-data_avail-and-actual-data.patch
(git-fixes CVE-2023-53998 bsc#1255578).
- Update
patches.suse/i2c-cadence-cdns_i2c_master_xfer-Fix-runtime-PM-leak.patch
(git-fixes CVE-2023-54009 bsc#1255620).
- Update patches.suse/i40e-Fix-DMA-mappings-leak.patch
(jsc#SLE-18378 CVE-2022-50679 bsc#1254656).
- Update
patches.suse/iavf-use-internal-state-to-free-traffic-IRQs.patch
(git-fixes CVE-2023-53850 bsc#1254677).
- Update patches.suse/ice-fix-wrong-fallback-logic-for-FDIR.patch
(git-fixes CVE-2023-54040 bsc#1255554).
- Update
patches.suse/igc-Fix-Kernel-Panic-during-ndo_tx_timeout-callback.patch
(git-fixes CVE-2023-54166 bsc#1256074).
- Update
patches.suse/iio-adc-ina2xx-avoid-NULL-pointer-dereference-on-OF-.patch
(git-fixes CVE-2023-53834 bsc#1254660).
- Update
patches.suse/inotify-Avoid-reporting-event-with-invalid-wd.patch
(bsc#1213025 CVE-2023-54119 bsc#1256349).
- Update
patches.suse/ipmi-fix-use-after-free-in-_ipmi_destroy_user.patch
(git-fixes CVE-2022-50677 bsc#1254692).
- Update
patches.suse/ipmi-ssif-Fix-a-memory-leak-when-scanning-for-an-ada.patch
(git-fixes CVE-2023-54064 bsc#1256375).
- Update
patches.suse/ipu3-imgu-Fix-NULL-pointer-dereference-in-imgu_subde.patch
(git-fixes CVE-2022-50826 bsc#1256265).
- Update
patches.suse/ixgbe-Fix-panic-during-XDP_TX-with-64-CPUs.patch
(jsc#SLE-18384 CVE-2023-54090 bsc#1256269).
- Update
patches.suse/jbd2-add-miss-release-buffer-head-in-fc_do_one_pass.patch
(bsc#1207646 CVE-2022-50835 bsc#1256220).
- Update
patches.suse/jbd2-fix-potential-buffer-head-reference-count-leak.patch
(bsc#1207644 CVE-2022-50839 bsc#1256206).
- Update
patches.suse/keys-Fix-linking-a-duplicate-key-to-a-keyring-s-asso.patch
(bsc#1207088 CVE-2023-54170 bsc#1256045).
- Update
patches.suse/leds-led-core-Fix-refcount-leak-in-of_led_get.patch
(git-fixes CVE-2023-54190 bsc#1255979).
- Update
patches.suse/loop-loop_set_status_from_info-check-before-assignme.patch
(bsc#1214990 CVE-2023-53820 bsc#1254706).
- Update
patches.suse/mailbox-zynq-ipi-fix-error-handling-while-device_reg.patch
(git-fixes CVE-2022-50672 bsc#1254696).
- Update
patches.suse/md-raid1-stop-mdx_raid1-thread-when-raid1-array-run-failed-b611.patch
(git-fixes CVE-2022-50715 bsc#1255749).
- Update
patches.suse/md-raid10-fix-memleak-for-conf-bio_split-c9ac.patch
(git-fixes CVE-2023-54123 bsc#1256142).
- Update
patches.suse/md-raid10-fix-memleak-of-md-thread-f0dd.patch
(git-fixes CVE-2023-54294 bsc#1255802).
- Update
patches.suse/md-raid10-fix-null-ptr-deref-in-raid10_sync_request-a405.patch
(git-fixes CVE-2023-53832 bsc#1254671).
- Update
patches.suse/media-av7110-prevent-underflow-in-write_ts_to_decode.patch
(git-fixes CVE-2023-54284 bsc#1255808).
- Update
patches.suse/media-camss-Clean-up-received-buffers-on-failed-star.patch
(git-fixes CVE-2022-50757 bsc#1256215).
- Update
patches.suse/media-dvb-frontends-fix-leak-of-memory-fw.patch
(git-fixes CVE-2022-50664 bsc#1254974).
- Update
patches.suse/media-dvb-usb-fix-memory-leak-in-dvb_usb_adapter_ini.patch
(git-fixes CVE-2022-50626 bsc#1254562).
- Update
patches.suse/media-dvb-usb-m920x-Fix-a-potential-memory-leak-in-m.patch
(git-fixes CVE-2023-54266 bsc#1255875).
- Update
patches.suse/media-ipu3-imgu-Fix-NULL-pointer-dereference-in-acti.patch
(git-fixes CVE-2022-50722 bsc#1255877).
- Update patches.suse/media-max9286-Free-control-handler.patch
(git-fixes CVE-2023-54078 bsc#1256337).
- Update
patches.suse/media-ov5675-Fix-memleak-in-ov5675_init_controls.patch
(git-fixes CVE-2023-54208 bsc#1255962).
- Update
patches.suse/media-usb-siano-Fix-use-after-free-bugs-caused-by-do.patch
(git-fixes CVE-2023-54270 bsc#1255901).
- Update
patches.suse/media-uvcvideo-Fix-memory-leak-in-uvc_gpio_parse.patch
(git-fixes CVE-2022-50882 bsc#1256126).
- Update
patches.suse/media-v4l2-core-Fix-a-potential-resource-leak-in-v4l.patch
(git-fixes CVE-2023-54183 bsc#1255990).
- Update
patches.suse/misc-ocxl-fix-possible-name-leak-in-ocxl_file_regist.patch
(git-fixes CVE-2022-50669 bsc#1254710).
- Update
patches.suse/misc-ocxl-fix-possible-refcount-leak-in-afu_ioctl.patch
(git-fixes CVE-2022-50742 bsc#1256143).
- Update
patches.suse/misc-pci_endpoint_test-Fix-pci_endpoint_test_-copy-w.patch
(git-fixes CVE-2022-50614 bsc#1254578).
- Update
patches.suse/misc-pci_endpoint_test-Free-IRQs-before-removing-the.patch
(git-fixes CVE-2023-54326 bsc#1255758).
- Update
patches.suse/mmc-alcor-fix-return-value-check-of-mmc_add_host.patch
(git-fixes CVE-2022-50858 bsc#1256391).
- Update
patches.suse/mmc-atmel-mci-fix-return-value-check-of-mmc_add_host.patch
(git-fixes CVE-2022-50653 bsc#1254729).
- Update
patches.suse/mmc-core-Fix-kernel-panic-when-remove-non-standard-S.patch
(git-fixes CVE-2022-50640 bsc#1254686).
- Update
patches.suse/mmc-meson-gx-fix-return-value-check-of-mmc_add_host.patch
(git-fixes CVE-2022-50618 bsc#1254788).
- Update
patches.suse/mmc-mxcmmc-fix-return-value-check-of-mmc_add_host.patch
(git-fixes CVE-2022-50769 bsc#1256383).
- Update
patches.suse/mmc-omap_hsmmc-fix-return-value-check-of-mmc_add_hos.patch
(git-fixes CVE-2022-50670 bsc#1254699).
- Update
patches.suse/mmc-toshsd-fix-return-value-check-of-mmc_add_host.patch
(git-fixes CVE-2022-50886 bsc#1256124).
- Update
patches.suse/mmc-via-sdmmc-fix-return-value-check-of-mmc_add_host.patch
(git-fixes CVE-2022-50846 bsc#1256200).
- Update
patches.suse/mtd-rawnand-fsl_upm-Fix-an-off-by-one-test-in-fun_ex.patch
(git-fixes CVE-2023-54104 bsc#1256145).
- Update
patches.suse/mtd-spi-nor-Fix-shift-out-of-bounds-in-spi_nor_set_e.patch
(git-fixes CVE-2023-54295 bsc#1255797).
- Update
patches.suse/net-do-not-allow-gso_size-to-be-set-to-GSO_BY_FRAGS.patch
(git-fixes CVE-2023-54051 bsc#1256394).
- Update
patches.suse/net-mlx5-Devcom-fix-error-flow-in-mlx5_devcom_regist.patch
(jsc#SLE-19253 CVE-2023-54015 bsc#1255562).
- Update
patches.suse/net-mlx5-Fix-possible-use-after-free-in-async-comman.patch
(jsc#SLE-19253 CVE-2022-50726 bsc#1256040).
- Update
patches.suse/net-net_failover-fix-txq-exceeding-warning.patch
(git-fixes CVE-2023-54236 bsc#1255922).
- Update
patches.suse/net-phy-xgmiitorgmii-Fix-refcount-leak-in-xgmiitorgm.patch
(git-fixes CVE-2022-50777 bsc#1256320).
- Update patches.suse/nfc-Fix-potential-resource-leaks.patch
(git-fixes CVE-2022-50834 bsc#1256219).
- Update
patches.suse/nfc-pn533-Clear-nfc_target-before-being-used.patch
(git-fixes CVE-2022-50656 bsc#1254745).
- Update
patches.suse/nilfs2-fix-WARNING-in-mark_buffer_dirty-due-to-disca.patch
(git-fixes CVE-2023-54140 bsc#1256093).
- Update
patches.suse/nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch
(git-fixes CVE-2023-53845 bsc#1255007).
- Update
patches.suse/nilfs2-fix-shift-out-of-bounds-due-to-too-large-expo.patch
(git-fixes CVE-2022-50864 bsc#1256167).
- Update
patches.suse/nilfs2-fix-use-after-free-bug-of-nilfs_root-in-nilfs.patch
(git-fixes CVE-2023-53804 bsc#1254920).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_ctrl_secret.patch
(git-fixes CVE-2023-53792 bsc#1254743).
- Update
patches.suse/nvme-core-fix-memory-leak-in-dhchap_secret_store.patch
(git-fixes CVE-2023-53852 bsc#1254653).
- Update patches.suse/nvme-pci-fix-mempool-alloc-size.patch
(git-fixes CVE-2022-50756 bsc#1256216).
- Update
patches.suse/nvmet-tcp-add-bounds-check-on-Transfer-Tag.patch
(git-fixes CVE-2022-50717 bsc#1255844).
- Update
patches.suse/ocfs2-fix-memory-leak-in-ocfs2_mount_volume.patch
(bsc#1207652 CVE-2022-50770 bsc#1256221).
- Update
patches.suse/opp-Fix-use-after-free-in-lazy_opp_tables-after-prob.patch
(git-fixes CVE-2023-54026 bsc#1255549).
- Update
patches.suse/orangefs-Fix-kmemleak-in-orangefs_prepare_debugfs_help_string.patch
(git-fixes CVE-2022-50779 bsc#1256423).
- Update
patches.suse/pcmcia-rsrc_nonstatic-Fix-memory-leak-in-nonstatic_r.patch
(git-fixes CVE-2023-54115 bsc#1256121).
- Update
patches.suse/perf-x86-intel-uncore-Fix-reference-count-leak-in-snr_uncore_mmio_map.patch
(git fixes CVE-2022-50615 bsc#1254580).
- Update
patches.suse/phy-tegra-xusb-Clear-the-driver-reference-in-usb-phy.patch
(git-fixes CVE-2023-54083 bsc#1256368).
- Update
patches.suse/pinctrl-at91-pio4-check-return-value-of-devm_kasprin.patch
(git-fixes CVE-2023-54319 bsc#1255760).
- Update
patches.suse/pinctrl-rockchip-Fix-refcount-leak-in-rockchip_pinct.patch
(git-fixes CVE-2023-54111 bsc#1256149).
- Update
patches.suse/pinctrl-stm32-Fix-refcount-leak-in-stm32_pctrl_get_i.patch
(git-fixes CVE-2023-54205 bsc#1255968).
- Update
patches.suse/platform-x86-think-lmi-Fix-memory-leak-when-showing-.patch
(git-fixes CVE-2023-53830 bsc#1254658).
- Update
patches.suse/platform-x86-think-lmi-Fix-memory-leaks-when-parsing.patch
(git-fixes CVE-2023-54252 bsc#1255889).
- Update
patches.suse/power-supply-adp5061-fix-out-of-bounds-read-in-adp50.patch
(git-fixes CVE-2022-50649 bsc#1254775).
- Update
patches.suse/power-supply-bq27xxx-Fix-poll_interval-handling-and-.patch
(git-fixes CVE-2023-54079 bsc#1256338).
- Update patches.suse/powerpc-64s-Fix-VAS-mm-use-after-free.patch
(bsc#1194869 CVE-2023-54042 bsc#1255702).
- Update
patches.suse/powerpc-iommu-Fix-notifiers-being-shared-by-PCI-and-.patch
(bsc#1065729 CVE-2023-54095 bsc#1256271).
- Update
patches.suse/powerpc-kprobes-Fix-null-pointer-reference-in-arch_p.patch
(jsc#SLE-13847 git-fixes CVE-2022-50635 bsc#1254592).
- Update
patches.suse/powerpc-powernv-sriov-perform-null-check-on-iov-befo.patch
(bsc#1194869 CVE-2023-54315 bsc#1255769).
- Update
patches.suse/powerpc-rtas-avoid-device-tree-lookups-in-rtas_os_te.patch
(bsc#1065729 CVE-2022-50870 bsc#1256154).
- Update
patches.suse/pstore-Avoid-kcore-oops-by-vmap-ing-with-VM_IOREMAP.patch
(git-fixes CVE-2022-50849 bsc#1256193).
- Update patches.suse/pstore-ram-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-54189 bsc#1255978).
- Update patches.suse/quota-fix-warning-in-dqgrab.patch
(bsc#1214962 CVE-2023-54177 bsc#1255993).
- Update
patches.suse/regulator-core-fix-resource-leak-in-regulator_regist.patch
(git-fixes CVE-2022-50724 bsc#1255950).
- Update
patches.suse/regulator-core-fix-unbalanced-of-node-refcount-in-re.patch
(git-fixes CVE-2022-50887 bsc#1256125).
- Update patches.suse/regulator-stm32-pwr-fix-of_iomap-leak.patch
(git-fixes CVE-2023-54097 bsc#1256179).
- Update
patches.suse/remoteproc-qcom-q6v5-Fix-potential-null-ptr-deref-in.patch
(git-fixes CVE-2022-50888 bsc#1256057).
- Update
patches.suse/remoteproc-sysmon-fix-memory-leak-in-qcom_add_sysmon.patch
(git-fixes CVE-2022-50836 bsc#1256211).
- Update patches.suse/rpmsg-glink-Add-check-for-kstrdup.patch
(git-fixes CVE-2023-54049 bsc#1256396).
- Update
patches.suse/s390-lcs-Fix-return-type-of-lcs_start_xmit.patch
(git-fixes bsc#1211690 CVE-2022-50728 bsc#1256046).
- Update
patches.suse/s390-vfio-ap-fix-memory-leak-in-vfio_ap-device-drive.patch
(git-fixes CVE-2023-53746 bsc#1254617).
- Update
patches.suse/sched-psi-use-kernfs-polling-functions-for-PSI-trigger-polling.patch
(bsc#1209799 CVE-2023-54019 bsc#1255636).
- Update
patches.suse/scsi-efct-Fix-possible-memleak-in-efct_device_init.patch
(git-fixes CVE-2022-50727 bsc#1256042).
- Update
patches.suse/scsi-hpsa-Fix-possible-memory-leak-in-hpsa_init_one.patch
(git-fixes CVE-2022-50646 bsc#1254634).
- Update patches.suse/scsi-ipr-Fix-WARNING-in-ipr_init.patch
(git-fixes CVE-2022-50850 bsc#1256194).
- Update
patches.suse/scsi-lpfc-Fix-hard-lockup-when-reading-the-rx_monito.patch
(bsc#1204957 CVE-2022-50744 bsc#1256165).
- Update
patches.suse/scsi-lpfc-Fix-ioremap-issues-in-lpfc_sli4_pci_mem_se.patch
(bsc#1210943 CVE-2023-53754 bsc#1254609).
- Update
patches.suse/scsi-lpfc-Fix-memory-leak-in-lpfc_create_port.patch
(bsc#1204957 CVE-2022-50827 bsc#1256344).
- Update
patches.suse/scsi-lpfc-Prevent-lpfc_debugfs_lockstat_write-buffer.patch
(bsc#1210943 CVE-2023-54102 bsc#1256173).
- Update
patches.suse/scsi-qedf-Fix-NULL-dereference-in-error-handling.patch
(git-fixes CVE-2023-54289 bsc#1255806).
- Update
patches.suse/scsi-qedi-Fix-use-after-free-bug-in-qedi_remove.patch
(git-fixes CVE-2023-54100 bsc#1256152).
- Update
patches.suse/scsi-qla2xxx-Array-index-may-go-out-of-bound.patch
(bsc#1213747 CVE-2023-54179 bsc#1255994).
- Update
patches.suse/scsi-qla2xxx-Check-valid-rport-returned-by-fc_bsg_to.patch
(bsc#1213747 CVE-2023-54014 bsc#1256300).
- Update
patches.suse/scsi-qla2xxx-fix-dma-api-call-trace-on-nvme-ls-requests.patch
(bsc#1208570 CVE-2023-54108 bsc#1256355).
- Update
patches.suse/scsi-ses-Fix-slab-out-of-bounds-in-ses_enclosure_data_process.patch
(git-fixes CVE-2023-53803 bsc#1255165).
- Update
patches.suse/scsi-snic-Fix-possible-UAF-in-snic_tgt_create.patch
(git-fixes CVE-2022-50840 bsc#1256208).
- Update
patches.suse/seccomp-Move-copy_seccomp-to-no-failure-path.patch
(bsc#1210817 CVE-2022-50661 bsc#1254759).
- Update
patches.suse/selinux-enable-use-of-both-GFP_KERNEL-and-GFP_ATOMIC.patch
(git-fixes CVE-2022-50699 bsc#1255582).
- Update
patches.suse/serial-8250_bcm7271-fix-leak-in-brcmuart_probe.patch
(git-fixes CVE-2023-54301 bsc#1255791).
- Update
patches.suse/serial-amba-pl011-avoid-SBSA-UART-accessing-DMACR-re.patch
(git-fixes CVE-2022-50625 bsc#1254559).
- Update
patches.suse/serial-sc16is7xx-setup-GPIO-controller-later-in-prob.patch
(git-fixes CVE-2023-54118 bsc#1256131).
- Update patches.suse/serial-sprd-Fix-DMA-buffer-leak-issue.patch
(git-fixes CVE-2023-54136 bsc#1256099).
- Update
patches.suse/sfc-fix-crash-when-reading-stats-while-NIC-is-resett.patch
(git-fixes CVE-2023-54156 bsc#1255704).
- Update patches.suse/smb-client-fix-missed-ses-refcounting.patch
(git-fixes CVE-2023-54076 bsc#1256335).
- Update
patches.suse/soc-qcom-smsm-Fix-refcount-leak-bugs-in-qcom_smsm_pr.patch
(git-fixes CVE-2022-50703 bsc#1255607).
- Update
patches.suse/soc-ti-pm33xx-Fix-refcount-leak-in-am33xx_pm_probe.patch
(git-fixes CVE-2023-53744 bsc#1254781).
- Update patches.suse/soundwire-fix-enumeration-completion.patch
(git-fixes CVE-2023-54096 bsc#1256178).
- Update
patches.suse/staging-media-tegra-video-fix-device_node-use-after-.patch
(git-fixes CVE-2022-50745 bsc#1256158).
- Update
patches.suse/staging-r8712-Fix-memory-leak-in-_r8712_init_xmit_pr.patch
(git-fixes CVE-2023-54001 bsc#1255628).
- Update
patches.suse/staging-rtl8192u-Fix-use-after-free-in-ieee80211_rx.patch
(git-fixes CVE-2022-50732 bsc#1256063).
- Update
patches.suse/staging-vt6655-fix-potential-memory-leak.patch
(git-fixes CVE-2022-50758 bsc#1256207).
- Update
patches.suse/thermal-intel-quark_dts-fix-error-pointer-dereferenc.patch
(git-fixes CVE-2023-54298 bsc#1255796).
- Update
patches.suse/tpm-tpm_tis-Add-the-missed-acpi_put_table-to-fix-mem.patch
(git-fixes CVE-2022-50824 bsc#1256334).
- Update
patches.suse/tpm-tpm_vtpm_proxy-fix-a-race-condition-in-dev-vtpmx.patch
(git-fixes CVE-2023-54309 bsc#1255780).
- Update
patches.suse/tracing-Fix-memory-leak-of-iter-temp-when-reading-trace_pipe.patch
(git-fixes CVE-2023-54171 bsc#1256034).
- Update
patches.suse/tracing-Fix-warning-in-trace_buffered_event_disable.patch
(git-fixes CVE-2023-54211 bsc#1255843).
- Update
patches.suse/tty-fix-out-of-bounds-access-in-tty_driver_lookup_tt.patch
(git-fixes CVE-2023-54198 bsc#1255970).
- Update
patches.suse/tty-serial-imx-disable-Ageing-Timer-interrupt-reques.patch
(git-fixes CVE-2023-54287 bsc#1255804).
- Update
patches.suse/tty-serial-samsung_tty-Fix-a-memory-leak-in-s3c24xx_.patch
(git-fixes CVE-2023-53858 bsc#1254704).
- Update
patches.suse/ubifs-Fix-memleak-when-insert_old_idx-failed.patch
(git-fixes CVE-2023-54050 bsc#1256397).
- Update patches.suse/udf-Avoid-double-brelse-in-udf_rename.patch
(bsc#1213032 CVE-2022-50755 bsc#1256199).
- Update
patches.suse/udmabuf-Set-ubuf-sg-NULL-if-the-creation-of-sg-table.patch
(git-fixes CVE-2022-50819 bsc#1256241).
- Update
patches.suse/uio-uio_dmem_genirq-Fix-missing-unlock-in-irq-config.patch
(git-fixes CVE-2022-50652 bsc#1254728).
- Update
patches.suse/usb-dwc3-qcom-Fix-memory-leak-in-dwc3_qcom_interconn.patch
(git-fixes CVE-2022-50633 bsc#1254644).
- Update
patches.suse/usb-early-xhci-dbc-Fix-a-potential-out-of-bound-memo.patch
(git-fixes CVE-2023-53840 bsc#1254709).
- Update
patches.suse/usb-idmouse-fix-an-uninit-value-in-idmouse_open.patch
(git-fixes CVE-2022-50733 bsc#1256064).
- Update
patches.suse/usb-mtu3-fix-kernel-panic-at-qmu-transfer-done-irq-h.patch
(git-fixes CVE-2023-54159 bsc#1255697).
- Update
patches.suse/usb-musb-Fix-musb_gadget.c-rxstate-overflow-bug.patch
(git-fixes CVE-2022-50876 bsc#1256136).
- Update
patches.suse/usb-rndis_host-Secure-rndis_query-check-against-int-.patch
(CVE-2023-23559 bsc#1207051 CVE-2023-54110 bsc#1256353).
- Update
patches.suse/usb-storage-alauda-Fix-uninit-value-in-alauda_check_.patch
(git-fixes CVE-2023-53847 bsc#1254698).
- Update
patches.suse/usb-typec-altmodes-displayport-fix-pin_assignment_sh.patch
(git-fixes CVE-2023-54186 bsc#1255985).
- Update
patches.suse/usb-typec-bus-verify-partner-exists-in-typec_altmode.patch
(git-fixes CVE-2023-54299 bsc#1255789).
- Update
patches.suse/vc_screen-reload-load-of-struct-vc_data-pointer-in-v.patch
(git-fixes CVE-2023-53747 bsc#1254572).
- Update
patches.suse/vdpa_sim-fix-possible-memory-leak-in-vdpasim_net_ini.patch
(git-fixes CVE-2022-50702 bsc#1255624).
- Update
patches.suse/vhost_vdpa-fix-the-crash-in-unmap-a-large-memory.patch
(git-fixes CVE-2022-50851 bsc#1256186).
- Update
patches.suse/vmci_host-fix-a-race-condition-in-vmci_host_poll-cau.patch
(git-fixes CVE-2023-54007 bsc#1255626).
- Update
patches.suse/wifi-ar5523-Fix-use-after-free-on-ar5523_cmd-timed-o.patch
(git-fixes CVE-2022-50716 bsc#1255839).
- Update
patches.suse/wifi-ath10k-add-peer-map-clean-up-for-peer-delete-in.patch
(git-fixes CVE-2022-50880 bsc#1256132).
- Update
patches.suse/wifi-ath11k-Fix-memory-leak-in-ath11k_peer_rx_frag_s.patch
(git-fixes CVE-2023-54275 bsc#1255906).
- Update
patches.suse/wifi-ath9k-Fix-use-after-free-in-ath9k_hif_usb_disco.patch
(git-fixes CVE-2022-50881 bsc#1256130).
- Update
patches.suse/wifi-ath9k-avoid-referencing-uninit-memory-in-ath9k_.patch
(git-fixes CVE-2023-54300 bsc#1255790).
- Update
patches.suse/wifi-ath9k-avoid-uninit-memory-read-in-ath9k_htc_rx_.patch
(git-fixes CVE-2022-50709 bsc#1255565).
- Update
patches.suse/wifi-ath9k-hif_usb-Fix-use-after-free-in-ath9k_hif_u.patch
(git-fixes CVE-2022-50829 bsc#1256235).
- Update
patches.suse/wifi-ath9k-hif_usb-fix-memory-leak-of-urbs-in-ath9k_.patch
(git-fixes CVE-2022-50740 bsc#1256155).
- Update
patches.suse/wifi-ath9k-htc_hst-free-skb-in-ath9k_htc_rx_msg-if-t.patch
(git-fixes CVE-2023-53802 bsc#1254725).
- Update
patches.suse/wifi-brcmfmac-fix-invalid-address-access-when-enabli.patch
(git-fixes CVE-2022-50678 bsc#1254902).
- Update
patches.suse/wifi-ipw2200-fix-memory-leak-in-ipw_wdev_init.patch
(git-fixes CVE-2022-50660 bsc#1254676).
- Update
patches.suse/wifi-iwlwifi-dvm-Fix-memcpy-detected-field-spanning-.patch
(git-fixes CVE-2023-54286 bsc#1255803).
- Update
patches.suse/wifi-iwlwifi-pcie-fix-possible-NULL-pointer-derefere.patch
(git-fixes CVE-2023-54053 bsc#1256388).
- Update
patches.suse/wifi-mt76-do-not-run-mt76u_status_worker-if-the-devi.patch
(git-fixes CVE-2022-50735 bsc#1256141).
- Update
patches.suse/wifi-mwifiex-fix-memory-leak-in-mwifiex_histogram_re.patch
(git-fixes CVE-2023-53808 bsc#1254723).
- Update
patches.suse/wifi-rsi-Do-not-configure-WoWlan-in-shutdown-hook-if.patch
(git-fixes CVE-2023-54025 bsc#1255558).
- Update
patches.suse/wifi-rsi-Fix-memory-leak-in-rsi_coex_attach.patch
(git-fixes CVE-2022-50629 bsc#1254783).
- Update
patches.suse/wifi-rt2x00-Fix-memory-leak-when-handling-surveys.patch
(git-fixes CVE-2023-54131 bsc#1256115).
- Update
patches.suse/wifi-rtl8xxxu-Fix-memory-leaks-with-RTL8723BU-RTL819.patch
(git-fixes CVE-2023-54036 bsc#1255528).
- Update
patches.suse/wifi-wilc1000-fix-potential-memory-leak-in-wilc_mac_.patch
(git-fixes CVE-2022-50832 bsc#1256228).
- Update
patches.suse/x86-kexec-Fix-double-free-of-elf-header-buffer.patch
(bsc#1205567 CVE-2023-54146 bsc#1256091).
- Update
patches.suse/x86-sev-Make-enc_dec_hypercall-accept-a-size-instead-of-npages
(bsc#1214635 CVE-2023-53996 bsc#1255618).
- Update
patches.suse/x86-xen-Fix-memory-leak-in-xen_init_lock_cpu.patch
(git-fixes CVE-2022-50761 bsc#1256062).
- Update
patches.suse/xfrm-also-call-xfrm_state_delete_tunnel-at-destroy-time-fo.patch
(CVE-2025-40215 bsc#1254959 CVE-2025-40256 bsc#1254851).
- Update
patches.suse/xhci-dbc-Fix-memory-leak-in-xhci_alloc_dbc.patch
(git-fixes CVE-2022-50809 bsc#1256250).
- commit 642af3d
- Bluetooth: hci_core: Fix not checking skb length on
hci_acldata_packet (bsc#1235038 CVE-2024-56590).
- commit e8f2c42
- kabi: hide dst_entry::dev_rcu (CVE-2025-40139 bsc#1253409).
- commit f2547af
- smc: Use __sk_dst_get() and dst_dev_rcu() in in
smc_clc_prfx_set() (CVE-2025-40139 bsc#1253409).
- net: dst: introduce dst->dev_rcu (CVE-2025-40139 bsc#1253409).
- net: Add locking to protect skb->dev access in ip_output
(CVE-2025-40139 bsc#1253409).
- ipv6: ip6_mc_input() and ip6_mr_input() cleanups (CVE-2025-40139
bsc#1253409).
- ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers
(CVE-2025-40139 bsc#1253409).
- ipv6: adopt dst_dev() helper (CVE-2025-40139 bsc#1253409).
- ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu]
(CVE-2025-40139 bsc#1253409).
- net: dst: add four helpers to annotate data-races around
dst->dev (CVE-2025-40139 bsc#1253409).
- net: dst: annotate data-races around dst->output (CVE-2025-40139
bsc#1253409).
- net: dst: annotate data-races around dst->input (CVE-2025-40139
bsc#1253409).
- net: dst: annotate data-races around dst->lastuse
(CVE-2025-40139 bsc#1253409).
- net: dst: annotate data-races around dst->expires
(CVE-2025-40139 bsc#1253409).
- net: dst: annotate data-races around dst->obsolete
(CVE-2025-40139 bsc#1253409).
- net: ipv4: ipmr: ipmr_queue_xmit(): Drop local variable `dev'
(CVE-2025-40139 bsc#1253409).
- net: gro: convert four dev_net() calls (CVE-2025-40139
bsc#1253409).
- tcp: convert to dev_net_rcu() (CVE-2025-40139 bsc#1253409).
- ndisc: ndisc_send_redirect() cleanup (CVE-2025-40139
bsc#1253409).
- ndisc: extend RCU protection in ndisc_send_skb() (CVE-2025-40139
bsc#1253409).
- ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-40139
bsc#1253409).
- ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu()
(CVE-2025-40139 bsc#1253409).
- ipv6: Use RCU in ip6_input() (CVE-2025-40139 bsc#1253409).
- ipv6: icmp: convert to dev_net_rcu() (CVE-2025-40139
bsc#1253409).
- ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-40139
bsc#1253409).
- flow_dissector: use RCU protection to fetch dev_net()
(CVE-2025-40139 bsc#1253409).
- ipv4: icmp: convert to dev_net_rcu() (CVE-2025-40139
bsc#1253409).
- ipv4: use RCU protection in __ip_rt_update_pmtu()
(CVE-2025-40139 bsc#1253409).
- ipv4: use RCU protection in inet_select_addr() (CVE-2025-40139
bsc#1253409).
- ipv4: use RCU protection in rt_is_expired() (CVE-2025-40139
bsc#1253409).
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward()
(CVE-2025-40139 bsc#1253409).
- ipv4: add RCU protection to ip4_dst_hoplimit() (CVE-2025-40139
bsc#1253409).
- net: add dev_net_rcu() helper (CVE-2025-40139 bsc#1253409).
- net: dst_cache: annotate data-races around dst_cache->reset_ts
(CVE-2025-40139 bsc#1253409).
- kabi: hide RCU annotation of possible_net_t::net (CVE-2025-40139
bsc#1253409).
- net: treat possible_net_t net pointer as an RCU one and add
read_pnet_rcu() (CVE-2025-40139 bsc#1253409).
- ip: Fix data-races around sysctl_ip_fwd_use_pmtu (CVE-2025-40139
bsc#1253409).
- ip: Fix data-races around sysctl_ip_default_ttl (CVE-2025-40139
bsc#1253409).
- ipv6: ip6_skb_dst_mtu() cleanups (CVE-2025-40139 bsc#1253409).
- net: ipv4: Consolidate ipv4_mtu and ip_dst_mtu_maybe_forward
(CVE-2025-40139 bsc#1253409).
- commit 367f8ae
- gpu: host1x: Fix race in syncpt alloc/free (CVE-2025-68732
bsc#1255688).
- commit 3f5a58d
- wifi: ath10k: Delay the unmapping of the buffer (CVE-2022-50700
bsc#1255576).
- commit 56293cd
- supported.conf: support tcp_dctcp module (jsc#PED-8111)
- commit 03d25fd
- drm/vmwgfx: Validate command header size against (bsc#1254894 CVE-2025-40277)
- commit c264bd5
- sctp: Prevent TOCTOU out-of-bounds write (CVE-2025-40331
bsc#1254615).
- commit 37e9b8d
- ocfs2: clear extent cache after moving/defragmenting extents
(CVE-2025-40233 bsc#1254813).
- commit d895b6c
- padata: Honor the caller's alignment in case of chunk_size 0
(bsc#1237563).
- commit ebd18f3
- tipc: Fix use-after-free in tipc_mon_reinit_self()
(CVE-2025-40280 bsc#1254847).
- commit a430c68
- xfrm: also call xfrm_state_delete_tunnel at destroy time for
states that were never added (CVE-2025-40215 bsc#1254959).
- commit 0f80be9
- xfrm: delete x->tunnel as we delete x (CVE-2025-40215
bsc#1254959).
- commit b6a5e5b
- kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959
CVE-2025-40215).
- commit 74c6bab
- supported.conf: Drop cpu5_wdt
We no longer build this driver.
- commit 5a22004
- mptcp: fix race condition in mptcp_schedule_work()
(CVE-2025-40258 bsc#1254843).
- commit 6856d1e
- futex: Prevent use-after-free during requeue-PI (CVE-2025-39977
bsc#1252046).
- commit 503d82a
- x86/tdx: Emit warning if IRQs are enabled during HLT #VE handling (git-fixes).
- commit 8ddcb6e
- x86/paravirt: Move halt paravirt calls under CONFIG_PARAVIRT (git-fixes).
- commit f603a11
- smc: Fix use-after-free in tcp_write_timer_handler()
(CVE-2023-53781 bsc#1254751).
- commit 525be06
- platform/x86/intel-uncore-freq: Fail module load when plat_info
is NULL (git-fixes).
- commit 38f497e
- ACPI: property: Do not pass NULL handles to acpi_attach_data()
(git-fixes).
- commit 24f9c68
- ACPI: property: Fix buffer properties extraction for subnodes
(git-fixes).
- commit faa3e74
- ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes).
- commit ef79766
- ACPI: PRM: Remove unnecessary strict handler address checks
(git-fixes).
- commit d86efc6
- drivers: base: cacheinfo: Fix shared_cpu_map changes in event
of CPU hotplug (CVE-2023-53254 bsc#1249871).
- cacheinfo: Fix shared_cpu_map to handle shared caches at
different levels (CVE-2023-53254 bsc#1249871).
- commit c4452ba
- dm: free table mempools if not used in __bind (git-fixes).
- commit fb9a87c
- KVM: SVM: Fix TSC_AUX virtualization setup (git-fixes).
- commit ed61cba
- crypto: essiv - Check ssize for decryption and in-place
encryption (bsc#1252678 CVE-2025-40019).
- commit e680b45
- cpuidle: haltpoll: Do not enable interrupts when entering idle (git-fixes).
- commit ebcfbc4
- x86/tdx: Fix __noreturn build warning around __tdx_hypercall_failed() (git-fixes).
- commit cf9f67d
- x86/bugs: Use SBPB in write_ibpb() if applicable (git-fixes).
- commit c32108a
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- commit bc2ccb6
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- commit 29784d0
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- commit e13b5dd
- x86/virt/tdx: Make TDX_MODULE_CALL handle SEAMCALL #UD and #GP (git-fixes).
- commit 6b94935
- x86/virt/tdx: Wire up basic SEAMCALL functions (git-fixes).
- commit 59fe61c
- x86/tdx: Remove 'struct tdx_hypercall_args' (git-fixes).
- Refresh
patches.suse/virt-tdx-guest-Add-Quote-generation-support-using-TSM_REPORTS.patch.
- Refresh
patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch.
- commit dffc1e6
- x86/tdx: Reimplement __tdx_hypercall() using TDX_MODULE_CALL asm (git-fixes).
- commit 50c4a13
- x86/tdx: Make TDX_HYPERCALL asm similar to TDX_MODULE_CALL (git-fixes).
- Refresh patches.suse/x86-tdx-Fix-data-leak-in-mmio_read.patch.
- commit 82a2e36
- x86/tdx: Retry partially-completed page conversion hypercalls (git-fixes).
- Refresh
patches.suse/virt-tdx-guest-Add-Quote-generation-support-using-TSM_REPORTS.patch.
- commit 5ffe81f
- x86/tdx: Drop flags from __tdx_hypercall() (git-fixes).
- Refresh
patches.suse/msft-hv-2876-x86-hyperv-Support-hypercalls-for-fully-enlightened-.patch.
- Refresh
patches.suse/msft-hv-2882-x86-hyperv-Use-TDX-GHCI-to-access-some-MSRs-in-a-TDX.patch.
- Refresh
patches.suse/msft-hv-2884-x86-hyperv-Move-the-code-in-ivm.c-around-to-avoid-un.patch.
- Refresh patches.suse/x86-tdx-Fix-data-leak-in-mmio_read.patch.
- Refresh
patches.suse/x86-tdx-Make-_tdx_hypercall-and-__tdx_module_call-available-in-boot-stub.patch.
- Refresh
patches.suse/x86-tdx-Pass-TDCALL-SEAMCALL-input-output-registers-via-a-.patch.
- Refresh
patches.suse/x86-tdx-Rename-__tdx_module_call-to-__tdcall.patch.
- Refresh
patches.suse/x86-tdx-Zero-out-the-missing-RSI-in-TDX_HYPERCALL-macro.patch.
- commit 5d4a797
- x86/tdx: Remove TDX_HCALL_ISSUE_STI (git-fixes).
- Refresh
patches.suse/x86-tdx-Do-not-corrupt-frame-pointer-in-__tdx_hyperc.patch.
- Refresh
patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch.
- Refresh
patches.suse/x86-tdx-Refactor-__tdx_hypercall-to-allow-pass-down-.patch.
- commit 6c60bc2
- cpuidle: Move IRQ state validation (git-fixes).
- commit 36be557
- cpuidle/poll: Ensure IRQs stay disabled after cpuidle_state::enter() calls (git-fixes).
- commit 778474e
- arch/idle: Change arch_cpu_idle() behavior: always exit with IRQs disabled (git-fixes).
- Refresh
patches.suse/x86-tdx-Fix-arch_safe_halt-execution-for-TDX-VMs.patch.
- commit e41dc4f
- x86/tdx: Extend TDX_MODULE_CALL to support more TDCALL/SEAMCALL leafs (git-fixes).
- commit c2dd199
- x86/tdx: Pass TDCALL/SEAMCALL input/output registers via a structure (git-fixes).
- commit b5416b4
- x86/tdx: Rename __tdx_module_call() to __tdcall() (git-fixes).
- commit 500bf81
- x86/tdx: Make macros of TDCALLs consistent with the spec (git-fixes).
- commit c288f03
- x86/tdx: Skip saving output regs when SEAMCALL fails with VMFailInvalid (git-fixes).
- commit ecd6cb0
- x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (git-fixes).
- commit 9c63e88
- x86/tdx: Fix arch_safe_halt() execution for TDX VMs (git-fixes).
- commit 017ee41
- x86/bugs: Fix RSB clearing in indirect_branch_prediction_barrier() (git-fixes).
- commit 92791c8
- RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes)
- commit 93dd7d0
- RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes)
- commit e994fef
- RDMA/hns: Fix the modification of max_send_sge (git-fixes)
- commit 659f7e7
- RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes)
- commit 6784a99
- xfs: fix sparse inode limits on runt AG (bsc#1254392).
- commit eddc2d0
- util-linux
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- expat
-
- security update:
* CVE-2026-32776: expat: libexpat: NULL pointer dereference when
processing empty external parameter entities inside an entity
declaration value (bsc#1259726)
- Added patch expat-CVE-2026-32776.patch
* CVE-2026-32777: expat: libexpat: denial of service due to
infinite loop in DTD content parsing (bsc#1259711)
- Added patch expat-CVE-2026-32777.patch
* CVE-2026-32778: expat: libexpat: NULL pointer dereference in
`setContext` on retry after an out-of-memory condition (bsc#1259729)
- Added patch expat-CVE-2026-32778.patch
- security update
- added patches
CVE-2026-24515 [bsc#1257144], NULL dereference (CWE-476) due to function XML_ExternalEntityParserCreate() failing to copy the encoding handler data passed to XML_SetUnknownEncodingHandler() from the parent to the subparser
* expat-CVE-2026-24515.patch
CVE-2026-25210 [bsc#1257496], lack of buffer size check can lead to an integer overflow
* expat-CVE-2026-25210.patch
- gcc15
-
- Add gcc14-bsc1257463.patch to fix bogus expression simplification
[bsc#1257463]
- gnutls
-
- Security fix:
* CVE-2025-14831: DoS via excessive resource consumption during
certificate verification (bsc#1257960)
* Add gnutls-CVE-2025-14831.patch
- openssl-1_1
-
- Security fixes:
* Missing ASN1_TYPE validation in PKCS#12 parsing
* ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function
- openssl-CVE-2026-22795.patch [bsc#1256839, CVE-2026-22795], [bsc#1256840, CVE-2026-22796]
* Missing ASN1_TYPE validation in TS_RESP_verify_response() function
- openssl-CVE-2025-69420.patch [bsc#1256837, CVE-2025-69420]
* NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function
- openssl-CVE-2025-69421.patch [bsc#1256838, CVE-2025-69421]
* Heap out-of-bounds write in BIO_f_linebuffer on short writes
- openssl-CVE-2025-68160.patch [bsc#1256834, CVE-2025-68160]
* Unauthenticated/unencrypted trailing bytes with low-level OCB function calls
- openssl-CVE-2025-69418.patch [bsc#1256835, CVE-2025-69418]
* Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion
- openssl-CVE-2025-69419.patch [bsc#1256836, CVE-2025-69419]
- libpng16
-
- added patches
CVE-2026-25646: Heap buffer overflow vulnerability in png_set_dither/png_set_quantize (bsc#1258020)
* libpng16-CVE-2026-25646.patch
- security update
- added patches
CVE-2025-28162 [bsc#1257364], memory leaks when running `pngimage`
CVE-2025-28164 [bsc#1257365], memory leaks when running `pngimage`
* libpng16-CVE-2025-28162,28164.patch
- security update
- added patches
CVE-2026-22695 [bsc#1256525], Heap buffer over-read in png_image_finish_read
* libpng16-CVE-2026-22695.patch
CVE-2026-22801 [bsc#1256526], Integer truncation causing heap buffer over-read in png_image_write_*
* libpng16-CVE-2026-22801.patch
- python3
-
- CVE-2025-11468: preserving parens when folding comments in
email headers (bsc#1257029, gh#python/cpython#143935).
CVE-2025-11468-email-hdr-fold-comment.patch
- CVE-2026-0672: rejects control characters in http cookies.
(bsc#1257031, gh#python/cpython#143919)
CVE-2026-0672-http-hdr-inject-cookie-Morsel.patch
- CVE-2026-0865: rejecting control characters in
wsgiref.headers.Headers, which could be abused for injecting
false HTTP headers. (bsc#1257042, gh#python/cpython#143916)
CVE-2026-0865-wsgiref-ctrl-chars.patch
- CVE-2025-15366: basically the same as the previous patch for
IMAP protocol. (bsc#1257044, gh#python/cpython#143921)
CVE-2025-15366-imap-ctrl-chars.patch
- CVE-2025-15282: basically the same as the previous patch for
urllib library. (bsc#1257046, gh#python/cpython#143925)
CVE-2025-15282-urllib-ctrl-chars.patch
- CVE-2025-15367: basically the same as the previous patch for
poplib library. (bsc#1257041, gh#python/cpython#143923)
CVE-2025-15367-poplib-ctrl-chars.patch
- Modify CVE-2024-6923-email-hdr-inject.patch to also include
patch for bsc#1257181 (CVE-2026-1299).
- sqlite3
-
- Sync version 3.51.3 from Factory:
* Fix the WAL-reset database corruption bug:
https://sqlite.org/wal.html#walresetbug
- Sync version 3.51.2 from Factory:
* bsc#1259619, CVE-2025-70873: zipfile extension may disclose
uninitialized heap memory during inflation.
* bsc#1254670, CVE-2025-7709: Integer Overflow in FTS5 Extension
* bsc#1248586: Fix icu-enabled build.
- systemd
-
- Import commit 8b6ed60a0c43c2c59be030fa58c6da1d3b9d43ad
6a38d88a42 machined: reject invalid class types when registering machines (bsc#1259650 CVE-2026-4105)
8c9a592e5a udev: fix review mixup
b57007a917 udev-builtin-net-id: print cescaped bad attributes
ee23c7604b udev-builtin-net_id: do not assume the current interface name is ethX
0f63e799e6 udev: ensure tag parsing stays within bounds
046f52ec12 udev: ensure there is space for trailing NUL before calling sprintf
5be21460ce udev: check for invalid chars in various fields received from the kernel (bsc#1259697)
- Import commit 6099da9424208d31f293bed34be0298192e5e41d
9559607b16 core/cgroup: avoid one unnecessary strjoina()
fcae348ca4 core: validate input cgroup path more prudently (CVE-2026-29111 bsc#1259418)
a3ca6b3031 alloc-util: add strdupa_safe() + strndupa_safe() and use it everywhere
08125d6b06 units: add dep on systemd-logind.service by user@.service
- libxml2
-
- CVE-2026-0990: call stack overflow leading to application crash
due to infinite recursion in `xmlCatalogXMLResolveURI` (bsc#1256807, bsc#1256811)
* Add patch libxml2-CVE-2026-0990.patch
- CVE-2026-0992: excessive resource consumption when processing XML
catalogs due to exponential behavior when handling `<nextCatalog>` elements (bsc#1256808, bsc#1256809, bsc#1256812)
* Add patch libxml2-CVE-2026-0992.patch
- CVE-2025-8732: infinite recursion in catalog parsing functions when processing malformed SGML catalog files (bsc#1247858, bsc#1247850)
* Add patch libxml2-CVE-2025-8732.patch
- CVE-2026-1757: memory leak in the `xmllint` interactive shell (bsc#1257593, bsc#1257594, bsc#1257595)
* Add patch libxml2-CVE-2026-1757.patch
- CVE-2025-10911: use-after-free with key data stored cross-RVT (bsc#1250553)
* Add patch libxml2-CVE-2025-10911.patch
- CVE-2026-0989: call stack exhaustion leading to application crash
due to RelaxNG parser not limiting the recursion depth when
resolving `<include>` directives (bsc#1256804, bsc#1256805, bsc#1256810)
* Add patch libxml2-CVE-2026-0989.patch
* https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
- libxslt
-
- CVE-2025-10911 will be fixed on libxml2 side instead [bsc#1250553]
- deleted patches
* libxslt-CVE-2025-10911.patch
- zlib
-
- Fix CVE-2026-27171, infinite loop via the crc32_combine64 and
crc32_combine_gen64 functions due to missing checks for negative
lengths (bsc#1258392)
* CVE-2026-27171.patch
- podman
-
- Add symlink to catatonit in /usr/libexec/podman (bsc#1248988)
- python-pyasn1
-
- CVE-2026-30922: Denial of Service via Unbounded Recursion (bsc#1259803)
Add patch CVE-2026-30922.patch
- fix regression in tests from CVE-2026-23490.patch (bsc#1257129)
- Add CVE-2026-23490.patch to fix CVE-2026-23490 (bsc#1256902)
- fix broken changelog entries
- salt
-
- Make syntax in httputil_test compatible with Python 3.6
- Fix KeyError in postgres module with PostgreSQL 17 (bsc#1254325)
- Use internal deb classes instead of external aptsource lib
- Speed up wheel key.finger call (bsc#1240532)
- Backport security patches for Salt vendored tornado:
* CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
- Simplify and speed up utils.find_json function (bsc#1246130)
- Extend warn_until period to 2027
- Added:
* fix-tornado-s-httputil_test-syntax-for-python-3.6.patch
* backport-add-maintain-m-privilege-to-postgres-module.patch
* use-internal-salt.utils.pkg.deb-classes-instead-of-a.patch
* speedup-wheel-key.finger-call-bsc-1240532-713.patch
* fixes-for-security-issues-cve-2025-13836-cve-2025-67.patch
* simplify-utils.json.find_json-function.patch
* extend-fails-to-warnings-until-2027-742.patch
- python-urllib3
-
- fix regression in CVE-2025-66471.patch when downloading large files
(bsc#1259829)
- Add security patches:
* CVE-2025-66471 (bsc#1254867)
* CVE-2025-66418 (bsc#1254866)
* CVE-2026-21441 (bsc#1256331)
- shim
-
- Add Microsoft-signed 16.1 shim
- shim.spec: Temporarily disable nx-shim
- We still need time to test nx (non-executable) shim and develop
the script for delivery. We will not support nx-shim on all Leap
and SLE distros because the function should also be supported by
grub2 and kernel.
- shim.spec: Remove the reproducibility check for the shim binary
- The binutils on Leap 15.6 and SLE-15-SP3 has been upgraded to 2.45
when we are waiting shim-review and Microsoft signing. It causes
that the shim binary is NOT reproducible on build services.
- We just direct use the Microsoft signed-back shim binaries
because we build this binary before and have the logs to prove it.
Before we find a good approach to save/restore the build service
environment, let’s directly use the Microsoft signed-back shim for
delivery.
- Certificates: Add Microsoft UEFI CA files to the target certificates
array in pretrans script.
- Certificates: Convert the SUSE certificates from PEM to DER format
- timestamp.pl: fix the size of checksum in PE Optional Header
- shim.spec: Workaround the string comparison issue in elif directive
- shim.spec: Specify the certificate format in openssl commands
- shim.spec: Use io.open instead of pcall rpm.open in pretrans lua script
- Add a pretrans script to verify that the UEFI db should have the
necessary certificate to allow the shim binary to boot. The installation
will be aborted if the db is missing the target certificate. To proceed,
the user must enroll the target certificate in the db or disable UEFI
Secure Boot.
- Update to 16.1
- Patches (git log --oneline --reverse 16.0..16.1)
4040ec4 shim_start_image(): fix guid/handle pairing when uninstalling protocols
39c0aa1 str2ip6(): parsing of "uncompressed" ipv6 addresses
3133d19 test-mock-variables: make our filter list entries safer.
d44405e mock-variables: remove unused variable
0e8459f Update CI to use ubuntu-24.04 instead of ubuntu-20.04
d16a5a6 SbatLevel_Variable.txt: minor typo fix.
32804cf Realloc() needs one more byte for sprintf()
431d370 IPv6: Add more check to avoid multiple double colon and illegal char
5e4d93c Loader Proto: make freeing of bprop.buffer conditional.
33deac2 Prepare to move things from shim.c to verify.c
030e7df Move a bunch of stuff from shim.c to verify.c
f3ddda7 handle_image(): make verification conditional
774f226 Cache sections of a loaded image and sub-images from them.
eb0d20b loader-protocol: handle sub-section loading for UKIs
2f64bb9 loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages
1abc7ca loader-protocol: NULL output variable in load_image on failure
fb77b44 Generate Authenticode for the entire PE file
b86b909 README: mention new loader protocol and interaction with UKIs
8522612 ci: add mkosi configuration and CI
9ebab84 mkosi workflow: fix the branch name for main.
72a4c41 shim: change automatically enable MOK_POLICY_REQUIRE_NX
a2f0dfa This is an organizational patch to move some things around in mok.c
54b9946 Update to the shim-16.1 branch of gnu-efi to get AsciiSPrint()
a5a6922 get_max_var_sz(): add more debugging for apple platforms
77a2922 Add a "VariableInfo" variable to mok-variables.
efc71c9 build: Avoid passing *FLAGS to sub-make
7670932 Fixes for 'make TOPDIR=... clean'
13ab598 add SbatLevel entry 2025051000 for PSA-2025-00012-1
617aed5 Update version to 16.1~rc1
d316ba8 format_variable_info(): fix wrong size test.
f5fad0e _do_sha256_sum(): Fix missing error check.
3a9734d doc: add howto for running mkosi locally
ced5f71 mkosi: remove spurious slashes from script
0076155 ci: update mkosi commit
5481105 fix http boot
121cddf loader-protocol: Handle UnloadImage after StartImage properly
6a1d1a9 loader-protocol: Fix memory leaks
27a5d22 gitignore: add more mkosi dirs and vscode dir
346ed15 mkosi: disable repository key check on Fedora
afc4955 Update version to 16.1
- 16.1 release note https://github.com/rhboot/shim/releases
shim_start_image(): fix guid/handle pairing when uninstalling protocols by @vathpela in #738
Fix uncompressed ipv6 netboot by @hrvach in #742
fix test segfaults caused by uninitialized memory by @Fabian-Gruenbichler in #739
Update CI to use ubuntu-24.04 instead of ubuntu-20.04 by @vathpela in #749
SbatLevel_Variable.txt: minor typo fix. by @vathpela in #751
Realloc() needs to allocate one more byte for sprintf() by @dennis-tseng99 in #746
IPv6: Add more check to avoid multiple double colon and illegal char by @dennis-tseng99 in #753
Loader proto v2 by @vathpela in #748
loader-protocol: add workaround for EDK2 2025.02 page fault on FreePages by @bluca in #750
Generate Authenticode for the entire PE file by @esnowberg in #604
README: mention new loader protocol and interaction with UKIs by @bluca in #755
ci: add mkosi configuration and CI by @bluca in #764
shim: change automatically enable MOK_POLICY_REQUIRE_NX by @vathpela in #761
Save var info by @vathpela in #763
build: Avoid passing *FLAGS to sub-make by @rosslagerwall in #758
Fixes for 'make TOPDIR=... clean' by @bluca in #762
add SbatLevel entry 2025051000 for PSA-2025-00012-1 by @Fabian-Gruenbichler in #766
Coverity fixes 20250804 by @vathpela in #767
ci: fixlets and docs for mkosi workflow by @bluca in #768
fix http boot by @jsetje in #770
Fix double free and leak in the loader protocol by @rosslagerwall in #769
gitignore: add more mkosi dirs and vscode dir by @bluca in #771
- Drop upstreamed patch:
The following patches are merged to 16.1
- shim-alloc-one-more-byte-for-sprintf.patch
- 32804cf5d9 Realloc() needs one more byte for sprintf() [16.1]
- shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- 72a4c41877 shim: change automatically enable MOK_POLICY_REQUIRE_NX [16.1]
- Building with the latest version of gcc in the codebase:
- We prefer that building shim with the latest version of gcc in
codebase.
- Set the minimum version is gcc-13.
if gcc_version < 13
define gcc_version 13
endif
(bsc#1247432)
- SLE shim should includes vendor-dbx-sles.esl instead of
vendor-dbx-opensuse.esl. Fixed it in shim.spec.
verify='SUSE Linux Enterprise Secure Boot CA1'
- vendor_dbx='vendor-dbx-opensuse.esl'
+ vendor_dbx='vendor-dbx-sles.esl'
- Using gcc12 for building shim/shim-nx
- The gcc12 can workaround dxe_get_mem_attrs() hsi_status problem
- Add the following changes to shim.spec :
define gcc_version 12
global cc_compiler /usr/bin/gcc-%{gcc_version}
BuildRequires gcc%{gcc_version}
make CC=%{cc_compiler} RELEASE=0
- Remove shim-disable-dxe-get-mem-attrs.patch
- This downstream patch can be removed after moving to gcc12
(bsc#1247432)
- Add shim-disable-dxe-get-mem-attrs.patch
- On old edk2-stable202308 ovmf, running dxe_get_mem_attrs() causes
get_hsi_mem_info() confusion on hsi_status. It looks that hsi_status
has a copy after running dxe_get_mem_attrs(). Those elements in
hsi_nx_is_enforced(), HEAPX|STACKX|ROW can NOT set into hsi_status.
Let's disabling the approach of DXE get memory attributes until
we found the root cause.
(bsc#1247432)
- Building out shim.nx.efi for supporting non-executable
- Building additional shim with POST_PROCESS_PE_FLAGS=-n to set
the PE NX-compatibility DLL. (NxCompatible field in DllCharacteristics)
- Packaging shim.nx.efi to shim-nx RPM.
- Add MS signatures for shim.nx
- signature-opensuse-nx.x86_64.asc
signature-sles-nx.x86_64.asc
signature-opensuse-nx.aarch64.asc
signature-sles-nx.aarch64.asc
- We direc copy signatures of shim for shim.nx before we got
signatures from Microsoft.
- Building MokManager.efi and fallback.efi with POST_PROCESS_PE_FLAGS=-n
(bsc#1205588)
Factory: Fri Jul 25 05:44:51 UTC 2025 - Joey Lee <jlee@suse.com>
- Add shim-change-automatically-enable-MOK_POLICY_REQUIRE_NX.patch
- shim: change automatically enable MOK_POLICY_REQUIRE_NX (PR #761)
(bsc#1205588)
Factory: Wed May 28 03:37:04 UTC 2025 - Tseng <dennis.tseng@suse.com>
- add revoked-openSUSE-UEFI-SIGN-Certificate-2022-06.crt into dbx
- build shim with EKU enable flag (ENABLE_CODESIGN_EKU)
Factory: Tue May 6 06:19:02 UTC 2025 - Dennis <dennis.tseng@suse.com>
- Update to version 16.0
- https://github.com/rhboot/shim/releases/download/16.0/shim-16.0.tar.bz2
- remove shim-bsc1177315-verify-eku-codesign.patch
remove it because shim github upstream has accepted it (PR #664)
- add revoked-SLES-UEFI-SIGN-Certificate-2022-05.crt to revoked certificates for dbx
SLES-UEFI-SIGN-Certificate-20220525.crt can be blacklisted,
and can be added to the vendor dbx.
- add shim-alloc-one-more-byte-for-sprintf.patch (bsc#1240871)
The codes already submitted to git upstream (PR #746)
In generate_sbat_var_defs.c, realloc() should allocate one more byte for
the end of string '\0' when running sprintf() later.
- Patches (git log --oneline --reverse 15.8..16.0)
126a07e Validate that a supplied vendor cert is not in PEM format
63edf92 sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
3e1394e sbat: Also bump latest for grub,4 (and to todays date)
470a8cd undo change that limits certificate files to a single file
0287c6b shim: don't set second_stage to the empty string
3685b13 Fix SBAT.md for today's consensus about numbers
dc07432 Realize the suggestions as part of PR #672
e064e7d Update Code of Conduct contact address
e68f4ca make-certs: Handle missing OpenSSL installation
74a1f29 Update MokVars.txt - Update documented mirrored variable attributes from RT to BS,RT - Add missing MokSBStateRT - Clarify that MokIgnoreDB is a mirror of MokDBState - Add missing attributes for MokPWStore
f6674fe export DEFINES for sub makefile
47bbb5e Drop unused EFI_IMAGE_SECURITY_DATABASE_GUID definition
338fded Null-terminate 'arguments' in fallback
3d1dcd4 Fix "Verifiying" typo in error message
b5d359a CI: use checkout@v4
1d8365f CI: work around ownership issue on github
20094ca Update fedora CI targets
3cf0e09 Force gcc to produce DWARF4 so that gdb can use it
5f54182 includes: work around CLANG_PREREQ() double-definition
ab06527 Makefile: don't warn about clang when building compile_commands.json
0c9249d Suppress some warnings even harder in Cryptlib and OpenSSL.
fd7e16f Add building compile_commands.json to CI
314aecf Discard load-options that start with WINDOWS
ac85ba4 Fix the issue that the gBS->LoadImage pointer was empty.
d8c86b7 shim: Allow data after the end of device path node in load options
d197220 Backport EFI_HTTP_ERROR status code
6410312 netboot: Convert TFTP error codes to EFI status codes
ef8e729 httpboot: Convert HTTP status codes to EFI status codes
2a1cbe6 Update gnu-efi submodule for EFI_HTTP_ERROR
196cbb9 Increase EFI file alignment
ad8692e avoid EFIv2 runtime services on Apple x86 machines
0345331 Improve shortcut performance when comparing two boolean expressions
27562ea Fix bad reference to PathName in image loading
1508ece Move is_removable_media_path() to a shared location.
7864c10 Provide better error message when MokManager is not found
3e60895 tpm: Boot with a warning if the event log is full
b560c52 MokManager: remove redundant logical constraints
9229e7c Make mock_set_variable() correctly account for resource usage.
f7e1d72 tests: make it possible to use different limits for variable space
67efdfc test-mok-mirror: refactor the validation of test_mok_mirror_0
70366a2 test-mok-mirror: add a test case where MokListRT won't fit.
3caa75e test-mok-mirror: minor bug fix
dc45aa6 lib/simple_file.c: Allocate zeroed pool for SimpleFS entries
9415d3c simple_file: Allow to form a volume name from DevicePath
d6076cb simple_file: Use second variable to create filesystem entries
f99749a Ignore a minor clang-tidy nit
98173f0 Fall back to default loader when encountering errors on network boot
e42c319 test.mk: don't use a temporary random.bin
c66c157 pe: Enhance debug report for update_mem_attrs
1125212 Fix leak in error path
2daf1db Load concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi
eeca60a Update SbatLevel_Variable.txt with peimage CVE-2024-2312 revocation
743f3fa Add generate_sbat_var_defs utility program
5ae408a Generate and use generated_sbat_var_defs.h
e886fb3 SbatLevel_Variable.txt: clarify where and how revocation data is tracked
15c1a9a Implement the CodeSign EKU check to fulfill the requirements of NIAP OS_PP.
eb02afc Optionally enabling codesign EKU check in compiling time.
7ae0ee6 Add docs for ENABLE_CODESIGN_EKU
38dfa37 Create utils file
83850cd Add configuration option to boot an alternative 2nd stage
bb114a3 Implement shim image load protocol
e7b3598 Move some stuff around
0322e10 Implement the rest of the loader protocol functions
e43aea8 Add EFI_LOAD_FILE2_PROTOCOL to gnu-efi
2bff460 loader-proto: Add support for loading files from disk to LoadImage()
5d17278 loader-proto: Mark load_image()'s handle_image() call as "in_protocol"
fe2ad36 Don't print full screen error dialog from handle_image() when called in_protocol
c57af36 loader-proto: Respect optional DevicePath parameter to load_image()
2b49dc1 Suppress file open failures for some netboot cases
3c3295d netboot: process revocations.efi as revocations not shim_certificate
c66ce2a Allow indepdent SkuSi and SBAT revocation updates
6b8e40c netboot can try to load shim_certificate_[0..9].efi
301cf52 Document how revocations can be delivered
7cde2cc post-process-pe: add tests to validate NX compliance
1294b47 regression: out of bounds read in CopyMem() in ad8692e
765f294 compiler.h: minor ALIGN_... fixes
5c1e6e4 Move error logging decls out of shim.h
d972515 Save the debug and error logs in mok-variables
e3f0338 Silence minor nit in load-options parsing debug output
3d7c057 get_mem_attrs(): ensure an error code is set on failure
49db3de mok: add MOK_VARIABLE_CONFIG_ONLY
887c0ed mok variables: add a format callback
e4857b4 Make test-mok-error failures *slightly* more clear.
589c3f2 Move memory attribute support to its own file.
848667d shim: add HSIStatus feature
e136e64 mock-variables: fix debugging printf format specifier oopsie
f0958ba test-mock-variables: improve some debug prints
b216543 Move mok state variable data flag definitions to the header.
fc0cfac Mirror some more efi variables to mok-variables
eeda3fa gnu-efi: add some DXE services.
c41b1f0 Add support for DXE memory attribute updates.
9269e9b Add DXE Services information to HSI
c868d54 hexdump: give a different debug log for size==0
1baf1ef HSI: Add decode_hsi_bits() for easier reading of the debug log
3bce118 pe: read_header(): allow skipping SecDir content validation
89e6150 Add shim's current NX_COMPAT status to HSIStatus
c5c5287 peimage.h: minor whitespace fixes
5007d83 peimage: add a bunch of comments to read_header()
489af5e README.tpm: reflect that vendor_db is in fact logged as "vendor_db"
1958b0f reject message with different values in multiple Content-Length header field
9c423e0 Some save_logs() improvements.
81d40e3 Disable log saving for now.
498b149 fallback: don't add new boot order entries backwards
06d8dec makefiles: Make GITTAG swizzle tildes to dashes
f02b2c1 make-archive: some minor housekeeping
794d237 Update version to 16.0~rc1
d45c610 SetSecureVariable(): free Cert on failure
76fab7b generate_sbat_var_defs: run clang-format on readfile()
6dadb70 generate_sbat_var_defs: Fix memory leak on realloc failure and fd leak.
f58c77e generate_sbat_var_defs: Ensure revlistentry->revocations is initialized.
b427a34 mirror_mok_db(): get rid of an unused variable+allocation
92630f2 mirror_one_mok_variable(): fix a memory leak on TPM log error.
38f0a9c mirror_mok_db(): Free our mok variable name correctly
db04321 shim_load_image(): initialize the buffer fully
7b75382 simple_dir_filter(): test our 'next' pointer
db1f1da Make 'make fanalyzer' work again.
28d8871 README.tpm: Update MokList entry to MokListRT
8932527 SBAT Level update for February 2025 GRUB CVEs
18d98bf Update version to 16.0
Factory: Tue Jun 25 04:12:39 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
- Update asc files of shim-15.8 after being signed back from
Microsoft, including:
signature-opensuse.x86_64.asc,
signature-opensuse.aarch64.asc
- asc files of shim-15.8 for sles is already updated on Apr 18, 2024
signature-sles.x86_64.asc,
signature-sles.aarch64.asc.
Factory: Mon Feb 26 13:09:29 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
Factory: Sat Feb 17 07:51:01 UTC 2024 - Joey Lee <jlee@suse.com>
- Modified shim.spec file to add suffix string of project to filename
of included certificates. e.g.
rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/2B697CB1-shim-devel.crt
/etc/uefi/certs/4659838C-shim-opensuse.crt
/etc/uefi/certs/BCA4E38E-shim-sles.crt
The original name of crt files are:
/etc/uefi/certs/2B697CB1-shim.crt
/etc/uefi/certs/4659838C-shim.crt
/etc/uefi/certs/BCA4E38E-shim.crt
It can indicate the souce project of certificates.
- supportutils
-
- scplugin.rc is restored in package 3.2.12.1 for continued compatibility.
There is no furture development for scplugin.rc. Use supportconfig.rc.
Package version 3.2.12.2 does not have scplugin.rc. Supportconfig
itself is the same for both versions. (bsc#1256709)
- Changes to version 3.2.12
+ Optimized lsof usage and honors OPTION_OFILES (bsc#1232351, PR#274)
+ Run in containers without errors (bsc#1245667, PR#272)
+ Removed pmap PID from memory.txt (bsc#1246011, PR#263)
+ Added missing /proc/pagetypeinfo to memory.txt (bsc#1246025, PR#264)
+ Improved database perforce with kGraft patching (bsc#1249657, PR#273)
+ Using last boot for journalctl for optimization (bsc#1250224, PR#287)
+ Fixed extraction failures (bsc#1252318, PR#275)
+ Update supportconfig.conf path in docs (bsc#1254425, PR#281)
+ drm_sub_info: Catch error when dir doesn't exist (PR#265)
+ Replace remaining `egrep` with `grep -E` (PR#261, PR#266)
+ Add process affinity to slert logs (PR#269)
+ Reintroduce cgroup statistics (and v2) (PR#270)
+ Minor changes to basic-health-check: improve information level (PR#271)
+ Collect important machine health counters (PR#276)
+ powerpc: collect hot-pluggable PCI and PHB slots (PR#278)
+ podman: collect podman disk usage (PR#279)
+ Exclude binary files in crondir (PR#282)
+ kexec/kdump: collect everything under /sys/kernel/kexec dir (PR#284)
+ Use short-iso for journalctl (PR#288)
- Changes to version 3.2.11
+ Collect rsyslog frule files (bsc#1244003, pr#257)
+ Remove proxy passwords (bsc#1244011, pr#257)
+ Missing NetworkManager information (bsc#1241284, pr#257)
+ Include agama logs bsc#1244937, pr#256)
+ Additional NFS conf files (pr#253)
+ New fadump sysfs files (pr#252)
+ Fixed change log dates
- suseconnect-ng
-
- Regressions found during QA test runs:
- Ignore product in announce call (bsc#1257490)
- Registration to SMT server with failed (bsc#1257625)
- Update version to 1.20:
- Update error message for Public Cloud instances with registercloudguest
installed. SUSEConnect -d is disabled on PYAG and BYOS when the
registercloudguest command is available. (bsc#1230861)
- Enhanced SAP detected. Take TREX into account and remove empty values when
only /usr/sap but no installation exists (bsc#1241002)
- Fixed modules and extension link to point to version less documentation. (bsc#1239439)
- Fixed SAP instance detection (bsc#1244550)
- Remove link to extensions documentation (bsc#1239439)
- Migrate to the public library
- Version 1.14 public library release
This version is only available on Github as a tag to release the
new golang public library which can be consumed without the need
to interface with SUSEConnect directly.
- tar
-
- Fix bsc#1246399 / CVE-2025-45582.
- Add patch:
* CVE-2025-45582.patch
- util-linux-systemd
-
- Recognize fuse "portal" as a virtual file system (boo#1234736,
util-linux-libmount-fuse-portal.patch).
- fdisk: Fix possible partition overlay and data corruption if EBR
gap is missing (boo#1222465,
util-linux-libfdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-1.patch,
util-linux-tests-fdisk-ebr-missing-gap-2.patch,
util-linux-libfdisk-ebr-missing-gap-2.patch,
util-linux-tests-fdisk-ebr-missing-gap-3.patch).
- Use full hostname for PAM to ensure correct access control for
"login -h" (bsc#1258859, CVE-2026-3184,
util-linux-CVE-2026-3184.patch).
- vim
-
* Update Vim to version 9.2.0110 (from 9.2.0045).
* Specifically, this fixes bsc#1259051 / CVE-2026-28417.
* Update Vim to version 9.2.0045 (from 9.1.1629).
* Fix bsc#1258229 CVE-2026-26269 as 9.2.0045 is not impacted (fixed
upstream).
* Fix bsc#1246602 CVE-2025-53906 as 9.2.0045 is not impacted (fixed
upstream).
* Drop obsolete or upstreamed patches:
- vim-7.3-filetype_spec.patch
- vim-7.4-filetype_apparmor.patch
- vim-8.2.2411-globalvimrc.patch
- vim-9.1.1683-avoid-null-dereference.patch
* Refresh the following patches:
- vim-7.3-filetype_changes.patch
- vim-7.3-filetype_ftl.patch
- vim-7.3-sh_is_bash.patch
- vim-9.1.1134-revert-putty-terminal-colors.patch
* Remove autoconf BuildRequires and drop the autoconf call in %build.
* Add --with-wayland=no to COMMON_OPTIONS to explicitly disable wayland.
* Package new Swedish (sv) man pages and clean up duplicate encodings
(sv.ISO8859-1 and sv.UTF-8) during %install.
- xen
-
- bsc#1259247 - VUL-0: CVE-2026-23554: xen: Use after free of
paging structures in EPT (XSA-480)
xsa480.patch
- bsc#1256745 - VUL-0: CVE-2025-58150: xen: x86: buffer overrun
with shadow paging + tracing (XSA-477)
xsa477.patch
- bsc#1256747 - VUL-0: CVE-2026-23553: xen: x86: incomplete IBPB
for vCPU isolation (XSA-479)
xsa479.patch